@agent-shield/sdk 0.5.1 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/README.md +16 -14
  2. package/dist/accounts.d.ts +3 -1
  3. package/dist/accounts.d.ts.map +1 -1
  4. package/dist/accounts.js +9 -0
  5. package/dist/accounts.js.map +1 -1
  6. package/dist/client.d.ts +5 -1
  7. package/dist/client.d.ts.map +1 -1
  8. package/dist/client.js +15 -0
  9. package/dist/client.js.map +1 -1
  10. package/dist/idl-json.d.ts +1054 -2004
  11. package/dist/idl-json.d.ts.map +1 -1
  12. package/dist/idl-json.js +407 -455
  13. package/dist/idl-json.js.map +1 -1
  14. package/dist/idl.d.ts +458 -451
  15. package/dist/idl.d.ts.map +1 -1
  16. package/dist/index.d.ts +5 -5
  17. package/dist/index.d.ts.map +1 -1
  18. package/dist/index.js +13 -8
  19. package/dist/index.js.map +1 -1
  20. package/dist/instructions.d.ts +213 -147
  21. package/dist/instructions.d.ts.map +1 -1
  22. package/dist/instructions.js +65 -17
  23. package/dist/instructions.js.map +1 -1
  24. package/dist/types.d.ts +48 -66
  25. package/dist/types.d.ts.map +1 -1
  26. package/dist/types.js +8 -13
  27. package/dist/types.js.map +1 -1
  28. package/dist/wrap.d.ts +2 -10
  29. package/dist/wrap.d.ts.map +1 -1
  30. package/dist/wrap.js +1 -32
  31. package/dist/wrap.js.map +1 -1
  32. package/dist/wrapper/harden.d.ts +5 -7
  33. package/dist/wrapper/harden.d.ts.map +1 -1
  34. package/dist/wrapper/harden.js +11 -35
  35. package/dist/wrapper/harden.js.map +1 -1
  36. package/dist/wrapper/index.d.ts +2 -1
  37. package/dist/wrapper/index.d.ts.map +1 -1
  38. package/dist/wrapper/index.js +4 -2
  39. package/dist/wrapper/index.js.map +1 -1
  40. package/dist/wrapper/shield.d.ts.map +1 -1
  41. package/dist/wrapper/shield.js +27 -17
  42. package/dist/wrapper/shield.js.map +1 -1
  43. package/dist/wrapper/x402.d.ts +2 -0
  44. package/dist/wrapper/x402.d.ts.map +1 -1
  45. package/dist/wrapper/x402.js +16 -0
  46. package/dist/wrapper/x402.js.map +1 -1
  47. package/package.json +6 -6
package/dist/idl.d.ts CHANGED
@@ -17,8 +17,7 @@ export type AgentShield = {
17
17
  name: "agentTransfer";
18
18
  docs: [
19
19
  "Transfer tokens from the vault to an allowed destination.",
20
- "Only the agent can call this. Respects destination allowlist,",
21
- "spending caps, and per-token limits."
20
+ "Only the agent can call this."
22
21
  ];
23
22
  discriminator: [199, 111, 151, 49, 124, 13, 150, 44];
24
23
  accounts: [
@@ -48,7 +47,7 @@ export type AgentShield = {
48
47
  }
49
48
  ];
50
49
  };
51
- relations: ["policy", "tracker"];
50
+ relations: ["policy"];
52
51
  },
53
52
  {
54
53
  name: "policy";
@@ -67,6 +66,7 @@ export type AgentShield = {
67
66
  },
68
67
  {
69
68
  name: "tracker";
69
+ docs: ["Zero-copy SpendTracker"];
70
70
  writable: true;
71
71
  pda: {
72
72
  seeds: [
@@ -81,23 +81,51 @@ export type AgentShield = {
81
81
  ];
82
82
  };
83
83
  },
84
+ {
85
+ name: "oracleRegistry";
86
+ docs: ["Protocol-level oracle registry"];
87
+ pda: {
88
+ seeds: [
89
+ {
90
+ kind: "const";
91
+ value: [
92
+ 111,
93
+ 114,
94
+ 97,
95
+ 99,
96
+ 108,
97
+ 101,
98
+ 95,
99
+ 114,
100
+ 101,
101
+ 103,
102
+ 105,
103
+ 115,
104
+ 116,
105
+ 114,
106
+ 121
107
+ ];
108
+ }
109
+ ];
110
+ };
111
+ },
84
112
  {
85
113
  name: "vaultTokenAccount";
86
114
  docs: ["Vault's PDA-owned token account (source)"];
87
115
  writable: true;
88
116
  },
117
+ {
118
+ name: "tokenMintAccount";
119
+ docs: ["Token mint account for decimals validation"];
120
+ },
89
121
  {
90
122
  name: "destinationTokenAccount";
91
- docs: [
92
- "Destination token account (must be in allowed destinations if configured)"
93
- ];
123
+ docs: ["Destination token account (must be in allowed destinations)"];
94
124
  writable: true;
95
125
  },
96
126
  {
97
127
  name: "feeDestinationTokenAccount";
98
- docs: [
99
- "Developer fee destination token account — must match vault.fee_destination"
100
- ];
128
+ docs: ["Developer fee destination token account"];
101
129
  writable: true;
102
130
  optional: true;
103
131
  },
@@ -121,10 +149,7 @@ export type AgentShield = {
121
149
  },
122
150
  {
123
151
  name: "applyPendingPolicy";
124
- docs: [
125
- "Apply a queued policy update after the timelock period has expired.",
126
- "Closes the PendingPolicyUpdate PDA and returns rent to the owner."
127
- ];
152
+ docs: ["Apply a queued policy update after the timelock expires."];
128
153
  discriminator: [114, 212, 19, 227, 89, 199, 74, 62];
129
154
  accounts: [
130
155
  {
@@ -152,7 +177,7 @@ export type AgentShield = {
152
177
  }
153
178
  ];
154
179
  };
155
- relations: ["policy", "tracker", "pendingPolicy"];
180
+ relations: ["policy", "pendingPolicy"];
156
181
  },
157
182
  {
158
183
  name: "policy";
@@ -170,22 +195,6 @@ export type AgentShield = {
170
195
  ];
171
196
  };
172
197
  },
173
- {
174
- name: "tracker";
175
- writable: true;
176
- pda: {
177
- seeds: [
178
- {
179
- kind: "const";
180
- value: [116, 114, 97, 99, 107, 101, 114];
181
- },
182
- {
183
- kind: "account";
184
- path: "vault";
185
- }
186
- ];
187
- };
188
- },
189
198
  {
190
199
  name: "pendingPolicy";
191
200
  writable: true;
@@ -222,10 +231,7 @@ export type AgentShield = {
222
231
  },
223
232
  {
224
233
  name: "cancelPendingPolicy";
225
- docs: [
226
- "Cancel a queued policy update. Closes the PendingPolicyUpdate PDA",
227
- "and returns rent to the owner."
228
- ];
234
+ docs: ["Cancel a queued policy update."];
229
235
  discriminator: [153, 36, 104, 200, 50, 94, 207, 33];
230
236
  accounts: [
231
237
  {
@@ -291,10 +297,7 @@ export type AgentShield = {
291
297
  },
292
298
  {
293
299
  name: "closeVault";
294
- docs: [
295
- "Close the vault entirely. Withdraws all remaining funds and closes all PDAs.",
296
- "Reclaims rent. Vault must have no open positions. Only the owner can call this."
297
- ];
300
+ docs: ["Close the vault entirely. Reclaims rent from all PDAs."];
298
301
  discriminator: [141, 103, 17, 126, 72, 75, 29, 29];
299
302
  accounts: [
300
303
  {
@@ -323,7 +326,7 @@ export type AgentShield = {
323
326
  }
324
327
  ];
325
328
  };
326
- relations: ["policy", "tracker"];
329
+ relations: ["policy"];
327
330
  },
328
331
  {
329
332
  name: "policy";
@@ -343,6 +346,7 @@ export type AgentShield = {
343
346
  },
344
347
  {
345
348
  name: "tracker";
349
+ docs: ["Zero-copy SpendTracker — close returns rent to owner"];
346
350
  writable: true;
347
351
  pda: {
348
352
  seeds: [
@@ -607,9 +611,7 @@ export type AgentShield = {
607
611
  name: "finalizeSession";
608
612
  docs: [
609
613
  "Finalize a session after the DeFi action completes.",
610
- "Revokes token delegation, collects fees, closes the SessionAuthority PDA,",
611
- "and records the transaction in the audit log.",
612
- "Can be called by the agent or permissionlessly (for cleanup of expired sessions)."
614
+ "Revokes delegation, collects fees, closes the SessionAuthority PDA."
613
615
  ];
614
616
  discriminator: [34, 148, 144, 47, 37, 130, 206, 161];
615
617
  accounts: [
@@ -639,7 +641,7 @@ export type AgentShield = {
639
641
  }
640
642
  ];
641
643
  };
642
- relations: ["policy", "tracker", "session"];
644
+ relations: ["policy", "session"];
643
645
  },
644
646
  {
645
647
  name: "policy";
@@ -656,27 +658,10 @@ export type AgentShield = {
656
658
  ];
657
659
  };
658
660
  },
659
- {
660
- name: "tracker";
661
- writable: true;
662
- pda: {
663
- seeds: [
664
- {
665
- kind: "const";
666
- value: [116, 114, 97, 99, 107, 101, 114];
667
- },
668
- {
669
- kind: "account";
670
- path: "vault";
671
- }
672
- ];
673
- };
674
- },
675
661
  {
676
662
  name: "session";
677
663
  docs: [
678
- "Session rent is returned to the session's agent (who paid for it),",
679
- "not the arbitrary payer, to prevent rent theft.",
664
+ "Session rent is returned to the session's agent (who paid for it).",
680
665
  "Seeds include token_mint for per-token concurrent sessions."
681
666
  ];
682
667
  writable: true;
@@ -705,30 +690,23 @@ export type AgentShield = {
705
690
  },
706
691
  {
707
692
  name: "sessionRentRecipient";
708
- docs: ["Validated in handler to equal session.agent."];
709
693
  writable: true;
710
694
  },
711
695
  {
712
696
  name: "vaultTokenAccount";
713
- docs: [
714
- "Vault's PDA token account for the session's token (fee source + delegation revocation)"
715
- ];
697
+ docs: ["Vault's PDA token account for the session's token"];
716
698
  writable: true;
717
699
  optional: true;
718
700
  },
719
701
  {
720
702
  name: "feeDestinationTokenAccount";
721
- docs: [
722
- "Developer fee destination token account — must match vault.fee_destination"
723
- ];
703
+ docs: ["Developer fee destination token account"];
724
704
  writable: true;
725
705
  optional: true;
726
706
  },
727
707
  {
728
708
  name: "protocolTreasuryTokenAccount";
729
- docs: [
730
- "Protocol treasury token account — must be owned by PROTOCOL_TREASURY"
731
- ];
709
+ docs: ["Protocol treasury token account"];
732
710
  writable: true;
733
711
  optional: true;
734
712
  },
@@ -748,12 +726,71 @@ export type AgentShield = {
748
726
  }
749
727
  ];
750
728
  },
729
+ {
730
+ name: "initializeOracleRegistry";
731
+ docs: [
732
+ "Initialize the protocol-level oracle registry.",
733
+ "Only called once. The authority becomes the registry admin."
734
+ ];
735
+ discriminator: [190, 92, 228, 114, 56, 71, 101, 220];
736
+ accounts: [
737
+ {
738
+ name: "authority";
739
+ writable: true;
740
+ signer: true;
741
+ },
742
+ {
743
+ name: "oracleRegistry";
744
+ writable: true;
745
+ pda: {
746
+ seeds: [
747
+ {
748
+ kind: "const";
749
+ value: [
750
+ 111,
751
+ 114,
752
+ 97,
753
+ 99,
754
+ 108,
755
+ 101,
756
+ 95,
757
+ 114,
758
+ 101,
759
+ 103,
760
+ 105,
761
+ 115,
762
+ 116,
763
+ 114,
764
+ 121
765
+ ];
766
+ }
767
+ ];
768
+ };
769
+ },
770
+ {
771
+ name: "systemProgram";
772
+ address: "11111111111111111111111111111111";
773
+ }
774
+ ];
775
+ args: [
776
+ {
777
+ name: "entries";
778
+ type: {
779
+ vec: {
780
+ defined: {
781
+ name: "oracleEntry";
782
+ };
783
+ };
784
+ };
785
+ }
786
+ ];
787
+ },
751
788
  {
752
789
  name: "initializeVault";
753
790
  docs: [
754
791
  "Initialize a new agent vault with policy configuration.",
755
- "Only the owner can call this. Creates vault PDA, policy PDA, and spend tracker PDA.",
756
- "`tracker_tier`: 0 = Standard (200 entries), 1 = Pro (500), 2 = Max (1000)."
792
+ "Only the owner can call this. Creates vault PDA, policy PDA,",
793
+ "and zero-copy spend tracker PDA."
757
794
  ];
758
795
  discriminator: [48, 191, 163, 44, 71, 129, 63, 164];
759
796
  accounts: [
@@ -800,6 +837,7 @@ export type AgentShield = {
800
837
  },
801
838
  {
802
839
  name: "tracker";
840
+ docs: ["Zero-copy SpendTracker — 2,352 bytes fixed size"];
803
841
  writable: true;
804
842
  pda: {
805
843
  seeds: [
@@ -816,7 +854,6 @@ export type AgentShield = {
816
854
  },
817
855
  {
818
856
  name: "feeDestination";
819
- docs: ["The protocol treasury that receives fees"];
820
857
  },
821
858
  {
822
859
  name: "systemProgram";
@@ -837,17 +874,11 @@ export type AgentShield = {
837
874
  type: "u64";
838
875
  },
839
876
  {
840
- name: "allowedTokens";
841
- type: {
842
- vec: {
843
- defined: {
844
- name: "allowedToken";
845
- };
846
- };
847
- };
877
+ name: "protocolMode";
878
+ type: "u8";
848
879
  },
849
880
  {
850
- name: "allowedProtocols";
881
+ name: "protocols";
851
882
  type: {
852
883
  vec: "pubkey";
853
884
  };
@@ -873,20 +904,12 @@ export type AgentShield = {
873
904
  type: {
874
905
  vec: "pubkey";
875
906
  };
876
- },
877
- {
878
- name: "trackerTier";
879
- type: "u8";
880
907
  }
881
908
  ];
882
909
  },
883
910
  {
884
911
  name: "queuePolicyUpdate";
885
- docs: [
886
- "Queue a policy update when timelock is active.",
887
- "Creates a PendingPolicyUpdate PDA that becomes executable after",
888
- "the timelock period expires."
889
- ];
912
+ docs: ["Queue a policy update when timelock is active."];
890
913
  discriminator: [149, 18, 76, 197, 179, 193, 91, 77];
891
914
  accounts: [
892
915
  {
@@ -981,19 +1004,13 @@ export type AgentShield = {
981
1004
  };
982
1005
  },
983
1006
  {
984
- name: "allowedTokens";
1007
+ name: "protocolMode";
985
1008
  type: {
986
- option: {
987
- vec: {
988
- defined: {
989
- name: "allowedToken";
990
- };
991
- };
992
- };
1009
+ option: "u8";
993
1010
  };
994
1011
  },
995
1012
  {
996
- name: "allowedProtocols";
1013
+ name: "protocols";
997
1014
  type: {
998
1015
  option: {
999
1016
  vec: "pubkey";
@@ -1042,10 +1059,7 @@ export type AgentShield = {
1042
1059
  },
1043
1060
  {
1044
1061
  name: "reactivateVault";
1045
- docs: [
1046
- "Reactivate a frozen vault. Optionally rotate the agent key.",
1047
- "Only the owner can call this."
1048
- ];
1062
+ docs: ["Reactivate a frozen vault. Optionally rotate the agent key."];
1049
1063
  discriminator: [245, 50, 143, 70, 114, 220, 25, 251];
1050
1064
  accounts: [
1051
1065
  {
@@ -1129,8 +1143,8 @@ export type AgentShield = {
1129
1143
  {
1130
1144
  name: "revokeAgent";
1131
1145
  docs: [
1132
- "Kill switch. Immediately freezes the vault, preventing all agent actions.",
1133
- "Only the owner can call this. Funds can still be withdrawn by the owner."
1146
+ "Kill switch. Immediately freezes the vault.",
1147
+ "Only the owner can call this."
1134
1148
  ];
1135
1149
  discriminator: [227, 60, 209, 125, 240, 117, 163, 73];
1136
1150
  accounts: [
@@ -1163,12 +1177,71 @@ export type AgentShield = {
1163
1177
  ];
1164
1178
  args: [];
1165
1179
  },
1180
+ {
1181
+ name: "updateOracleRegistry";
1182
+ docs: [
1183
+ "Add or remove entries from the oracle registry.",
1184
+ "Only the registry authority can call this."
1185
+ ];
1186
+ discriminator: [184, 234, 19, 21, 41, 240, 100, 14];
1187
+ accounts: [
1188
+ {
1189
+ name: "authority";
1190
+ signer: true;
1191
+ },
1192
+ {
1193
+ name: "oracleRegistry";
1194
+ writable: true;
1195
+ pda: {
1196
+ seeds: [
1197
+ {
1198
+ kind: "const";
1199
+ value: [
1200
+ 111,
1201
+ 114,
1202
+ 97,
1203
+ 99,
1204
+ 108,
1205
+ 101,
1206
+ 95,
1207
+ 114,
1208
+ 101,
1209
+ 103,
1210
+ 105,
1211
+ 115,
1212
+ 116,
1213
+ 114,
1214
+ 121
1215
+ ];
1216
+ }
1217
+ ];
1218
+ };
1219
+ }
1220
+ ];
1221
+ args: [
1222
+ {
1223
+ name: "entriesToAdd";
1224
+ type: {
1225
+ vec: {
1226
+ defined: {
1227
+ name: "oracleEntry";
1228
+ };
1229
+ };
1230
+ };
1231
+ },
1232
+ {
1233
+ name: "mintsToRemove";
1234
+ type: {
1235
+ vec: "pubkey";
1236
+ };
1237
+ }
1238
+ ];
1239
+ },
1166
1240
  {
1167
1241
  name: "updatePolicy";
1168
1242
  docs: [
1169
1243
  "Update the policy configuration for a vault.",
1170
- "Only the owner can call this. Cannot be called by the agent.",
1171
- "Blocked when timelock_duration > 0 — use queue_policy_update instead."
1244
+ "Only the owner can call this. Blocked when timelock > 0."
1172
1245
  ];
1173
1246
  discriminator: [212, 245, 246, 7, 163, 151, 18, 57];
1174
1247
  accounts: [
@@ -1196,7 +1269,7 @@ export type AgentShield = {
1196
1269
  }
1197
1270
  ];
1198
1271
  };
1199
- relations: ["policy", "tracker"];
1272
+ relations: ["policy"];
1200
1273
  },
1201
1274
  {
1202
1275
  name: "policy";
@@ -1213,22 +1286,6 @@ export type AgentShield = {
1213
1286
  }
1214
1287
  ];
1215
1288
  };
1216
- },
1217
- {
1218
- name: "tracker";
1219
- writable: true;
1220
- pda: {
1221
- seeds: [
1222
- {
1223
- kind: "const";
1224
- value: [116, 114, 97, 99, 107, 101, 114];
1225
- },
1226
- {
1227
- kind: "account";
1228
- path: "vault";
1229
- }
1230
- ];
1231
- };
1232
1289
  }
1233
1290
  ];
1234
1291
  args: [
@@ -1245,19 +1302,13 @@ export type AgentShield = {
1245
1302
  };
1246
1303
  },
1247
1304
  {
1248
- name: "allowedTokens";
1305
+ name: "protocolMode";
1249
1306
  type: {
1250
- option: {
1251
- vec: {
1252
- defined: {
1253
- name: "allowedToken";
1254
- };
1255
- };
1256
- };
1307
+ option: "u8";
1257
1308
  };
1258
1309
  },
1259
1310
  {
1260
- name: "allowedProtocols";
1311
+ name: "protocols";
1261
1312
  type: {
1262
1313
  option: {
1263
1314
  vec: "pubkey";
@@ -1308,10 +1359,8 @@ export type AgentShield = {
1308
1359
  name: "validateAndAuthorize";
1309
1360
  docs: [
1310
1361
  "Core permission check. Called by the agent before a DeFi action.",
1311
- "Validates the action against all policy constraints (USD caps, per-token caps).",
1312
- "If approved, creates a SessionAuthority PDA, delegates tokens to agent,",
1313
- "and updates spend tracking.",
1314
- "If denied, reverts the entire transaction (including subsequent DeFi instructions)."
1362
+ "Validates against policy constraints + oracle registry.",
1363
+ "Creates a SessionAuthority PDA, delegates tokens to agent."
1315
1364
  ];
1316
1365
  discriminator: [22, 183, 48, 222, 218, 11, 197, 152];
1317
1366
  accounts: [
@@ -1341,7 +1390,7 @@ export type AgentShield = {
1341
1390
  }
1342
1391
  ];
1343
1392
  };
1344
- relations: ["policy", "tracker"];
1393
+ relations: ["policy"];
1345
1394
  },
1346
1395
  {
1347
1396
  name: "policy";
@@ -1360,6 +1409,7 @@ export type AgentShield = {
1360
1409
  },
1361
1410
  {
1362
1411
  name: "tracker";
1412
+ docs: ["Zero-copy SpendTracker"];
1363
1413
  writable: true;
1364
1414
  pda: {
1365
1415
  seeds: [
@@ -1374,6 +1424,34 @@ export type AgentShield = {
1374
1424
  ];
1375
1425
  };
1376
1426
  },
1427
+ {
1428
+ name: "oracleRegistry";
1429
+ docs: ["Protocol-level oracle registry (shared across all vaults)"];
1430
+ pda: {
1431
+ seeds: [
1432
+ {
1433
+ kind: "const";
1434
+ value: [
1435
+ 111,
1436
+ 114,
1437
+ 97,
1438
+ 99,
1439
+ 108,
1440
+ 101,
1441
+ 95,
1442
+ 114,
1443
+ 101,
1444
+ 103,
1445
+ 105,
1446
+ 115,
1447
+ 116,
1448
+ 114,
1449
+ 121
1450
+ ];
1451
+ }
1452
+ ];
1453
+ };
1454
+ },
1377
1455
  {
1378
1456
  name: "session";
1379
1457
  docs: [
@@ -1404,9 +1482,7 @@ export type AgentShield = {
1404
1482
  },
1405
1483
  {
1406
1484
  name: "vaultTokenAccount";
1407
- docs: [
1408
- "Vault's PDA-owned token account for the spend token (delegation source)"
1409
- ];
1485
+ docs: ["Vault's PDA-owned token account for the spend token"];
1410
1486
  writable: true;
1411
1487
  },
1412
1488
  {
@@ -1453,10 +1529,7 @@ export type AgentShield = {
1453
1529
  },
1454
1530
  {
1455
1531
  name: "withdrawFunds";
1456
- docs: [
1457
- "Withdraw tokens from the vault back to the owner.",
1458
- "Works in any vault status (Active or Frozen). Only the owner can call this."
1459
- ];
1532
+ docs: ["Withdraw tokens from the vault back to the owner."];
1460
1533
  discriminator: [241, 36, 29, 111, 208, 31, 104, 217];
1461
1534
  accounts: [
1462
1535
  {
@@ -1688,6 +1761,10 @@ export type AgentShield = {
1688
1761
  name: "agentVault";
1689
1762
  discriminator: [232, 220, 237, 164, 157, 9, 215, 194];
1690
1763
  },
1764
+ {
1765
+ name: "oracleRegistry";
1766
+ discriminator: [94, 153, 19, 250, 94, 0, 12, 172];
1767
+ },
1691
1768
  {
1692
1769
  name: "pendingPolicyUpdate";
1693
1770
  discriminator: [77, 255, 2, 51, 79, 237, 183, 239];
@@ -1710,10 +1787,6 @@ export type AgentShield = {
1710
1787
  name: "actionAuthorized";
1711
1788
  discriminator: [85, 90, 59, 218, 126, 8, 179, 63];
1712
1789
  },
1713
- {
1714
- name: "actionDenied";
1715
- discriminator: [243, 239, 240, 51, 151, 100, 10, 100];
1716
- },
1717
1790
  {
1718
1791
  name: "agentRegistered";
1719
1792
  discriminator: [191, 78, 217, 54, 232, 100, 189, 85];
@@ -1742,6 +1815,14 @@ export type AgentShield = {
1742
1815
  name: "fundsWithdrawn";
1743
1816
  discriminator: [56, 130, 230, 154, 35, 92, 11, 118];
1744
1817
  },
1818
+ {
1819
+ name: "oracleRegistryInitialized";
1820
+ discriminator: [88, 111, 7, 92, 74, 14, 114, 205];
1821
+ },
1822
+ {
1823
+ name: "oracleRegistryUpdated";
1824
+ discriminator: [25, 85, 137, 57, 175, 133, 14, 77];
1825
+ },
1745
1826
  {
1746
1827
  name: "policyChangeApplied";
1747
1828
  discriminator: [104, 89, 5, 100, 180, 202, 52, 73];
@@ -1793,13 +1874,13 @@ export type AgentShield = {
1793
1874
  },
1794
1875
  {
1795
1876
  code: 6003;
1796
- name: "tokenNotAllowed";
1797
- msg: "Token not in allowed list";
1877
+ name: "tokenNotRegistered";
1878
+ msg: "Token not registered in oracle registry";
1798
1879
  },
1799
1880
  {
1800
1881
  code: 6004;
1801
1882
  name: "protocolNotAllowed";
1802
- msg: "Protocol not in allowed list";
1883
+ msg: "Protocol not allowed by policy";
1803
1884
  },
1804
1885
  {
1805
1886
  code: 6005;
@@ -1848,163 +1929,163 @@ export type AgentShield = {
1848
1929
  },
1849
1930
  {
1850
1931
  code: 6014;
1851
- name: "tooManyAllowedTokens";
1852
- msg: "Policy configuration invalid: too many allowed tokens";
1853
- },
1854
- {
1855
- code: 6015;
1856
1932
  name: "tooManyAllowedProtocols";
1857
1933
  msg: "Policy configuration invalid: too many allowed protocols";
1858
1934
  },
1859
1935
  {
1860
- code: 6016;
1936
+ code: 6015;
1861
1937
  name: "agentAlreadyRegistered";
1862
1938
  msg: "Agent already registered for this vault";
1863
1939
  },
1864
1940
  {
1865
- code: 6017;
1941
+ code: 6016;
1866
1942
  name: "noAgentRegistered";
1867
1943
  msg: "No agent registered for this vault";
1868
1944
  },
1869
1945
  {
1870
- code: 6018;
1946
+ code: 6017;
1871
1947
  name: "vaultNotFrozen";
1872
1948
  msg: "Vault is not frozen (expected frozen for reactivation)";
1873
1949
  },
1874
1950
  {
1875
- code: 6019;
1951
+ code: 6018;
1876
1952
  name: "vaultAlreadyClosed";
1877
1953
  msg: "Vault is already closed";
1878
1954
  },
1879
1955
  {
1880
- code: 6020;
1956
+ code: 6019;
1881
1957
  name: "insufficientBalance";
1882
1958
  msg: "Insufficient vault balance for withdrawal";
1883
1959
  },
1884
1960
  {
1885
- code: 6021;
1961
+ code: 6020;
1886
1962
  name: "developerFeeTooHigh";
1887
1963
  msg: "Developer fee rate exceeds maximum (500 / 1,000,000 = 5 BPS)";
1888
1964
  },
1889
1965
  {
1890
- code: 6022;
1966
+ code: 6021;
1891
1967
  name: "invalidFeeDestination";
1892
1968
  msg: "Fee destination account invalid";
1893
1969
  },
1894
1970
  {
1895
- code: 6023;
1971
+ code: 6022;
1896
1972
  name: "invalidProtocolTreasury";
1897
1973
  msg: "Protocol treasury account does not match expected address";
1898
1974
  },
1899
1975
  {
1900
- code: 6024;
1901
- name: "tooManySpendEntries";
1902
- msg: "Spend entry limit reached (too many active entries in rolling window)";
1903
- },
1904
- {
1905
- code: 6025;
1976
+ code: 6023;
1906
1977
  name: "invalidAgentKey";
1907
1978
  msg: "Invalid agent: cannot be the zero address";
1908
1979
  },
1909
1980
  {
1910
- code: 6026;
1981
+ code: 6024;
1911
1982
  name: "agentIsOwner";
1912
1983
  msg: "Invalid agent: agent cannot be the vault owner";
1913
1984
  },
1914
1985
  {
1915
- code: 6027;
1986
+ code: 6025;
1916
1987
  name: "overflow";
1917
1988
  msg: "Arithmetic overflow";
1918
1989
  },
1919
1990
  {
1920
- code: 6028;
1991
+ code: 6026;
1921
1992
  name: "delegationFailed";
1922
1993
  msg: "Token delegation approval failed";
1923
1994
  },
1924
1995
  {
1925
- code: 6029;
1996
+ code: 6027;
1926
1997
  name: "revocationFailed";
1927
1998
  msg: "Token delegation revocation failed";
1928
1999
  },
1929
2000
  {
1930
- code: 6030;
2001
+ code: 6028;
1931
2002
  name: "oracleFeedStale";
1932
2003
  msg: "Oracle feed value is too stale";
1933
2004
  },
1934
2005
  {
1935
- code: 6031;
2006
+ code: 6029;
1936
2007
  name: "oracleFeedInvalid";
1937
2008
  msg: "Cannot parse oracle feed data";
1938
2009
  },
1939
2010
  {
1940
- code: 6032;
2011
+ code: 6030;
1941
2012
  name: "tokenSpendBlocked";
1942
2013
  msg: "Unpriced token cannot be spent (receive-only)";
1943
2014
  },
1944
2015
  {
1945
- code: 6033;
2016
+ code: 6031;
1946
2017
  name: "invalidTokenAccount";
1947
2018
  msg: "Token account does not belong to vault or has wrong mint";
1948
2019
  },
1949
2020
  {
1950
- code: 6034;
2021
+ code: 6032;
1951
2022
  name: "oracleAccountMissing";
1952
2023
  msg: "Oracle-priced token requires feed account in remaining_accounts";
1953
2024
  },
1954
2025
  {
1955
- code: 6035;
1956
- name: "perTokenCapExceeded";
1957
- msg: "Per-token daily spending cap would be exceeded";
1958
- },
1959
- {
1960
- code: 6036;
1961
- name: "perTokenTxLimitExceeded";
1962
- msg: "Per-token single transaction limit exceeded";
1963
- },
1964
- {
1965
- code: 6037;
2026
+ code: 6033;
1966
2027
  name: "oracleConfidenceTooWide";
1967
2028
  msg: "Oracle price confidence interval too wide";
1968
2029
  },
1969
2030
  {
1970
- code: 6038;
2031
+ code: 6034;
1971
2032
  name: "oracleUnsupportedType";
1972
2033
  msg: "Oracle account owner is not a recognized oracle program";
1973
2034
  },
1974
2035
  {
1975
- code: 6039;
2036
+ code: 6035;
1976
2037
  name: "oracleNotVerified";
1977
2038
  msg: "Pyth price update not fully verified by Wormhole";
1978
2039
  },
1979
2040
  {
1980
- code: 6040;
2041
+ code: 6036;
1981
2042
  name: "timelockNotExpired";
1982
2043
  msg: "Timelock period has not expired yet";
1983
2044
  },
1984
2045
  {
1985
- code: 6041;
2046
+ code: 6037;
1986
2047
  name: "timelockActive";
1987
2048
  msg: "Vault has timelock active — use queue_policy_update instead";
1988
2049
  },
1989
2050
  {
1990
- code: 6042;
2051
+ code: 6038;
1991
2052
  name: "noTimelockConfigured";
1992
2053
  msg: "No timelock configured on this vault";
1993
2054
  },
1994
2055
  {
1995
- code: 6043;
2056
+ code: 6039;
1996
2057
  name: "destinationNotAllowed";
1997
2058
  msg: "Destination not in allowed list";
1998
2059
  },
1999
2060
  {
2000
- code: 6044;
2061
+ code: 6040;
2001
2062
  name: "tooManyDestinations";
2002
2063
  msg: "Too many destinations (max 10)";
2003
2064
  },
2065
+ {
2066
+ code: 6041;
2067
+ name: "invalidProtocolMode";
2068
+ msg: "Invalid protocol mode (must be 0, 1, or 2)";
2069
+ },
2070
+ {
2071
+ code: 6042;
2072
+ name: "oracleRegistryFull";
2073
+ msg: "Oracle registry is full (max 105 entries)";
2074
+ },
2075
+ {
2076
+ code: 6043;
2077
+ name: "unauthorizedRegistryAdmin";
2078
+ msg: "Unauthorized: not the oracle registry authority";
2079
+ },
2080
+ {
2081
+ code: 6044;
2082
+ name: "oraclePriceDivergence";
2083
+ msg: "Primary and fallback oracle prices diverge beyond threshold";
2084
+ },
2004
2085
  {
2005
2086
  code: 6045;
2006
- name: "invalidTrackerTier";
2007
- msg: "Invalid tracker tier (must be 0, 1, or 2)";
2087
+ name: "oracleBothFeedsFailed";
2088
+ msg: "Both primary and fallback oracle feeds failed";
2008
2089
  }
2009
2090
  ];
2010
2091
  types: [
@@ -2076,30 +2157,6 @@ export type AgentShield = {
2076
2157
  ];
2077
2158
  };
2078
2159
  },
2079
- {
2080
- name: "actionDenied";
2081
- type: {
2082
- kind: "struct";
2083
- fields: [
2084
- {
2085
- name: "vault";
2086
- type: "pubkey";
2087
- },
2088
- {
2089
- name: "agent";
2090
- type: "pubkey";
2091
- },
2092
- {
2093
- name: "reason";
2094
- type: "string";
2095
- },
2096
- {
2097
- name: "timestamp";
2098
- type: "i64";
2099
- }
2100
- ];
2101
- };
2102
- },
2103
2160
  {
2104
2161
  name: "actionType";
2105
2162
  docs: ["Action types that agents can request"];
@@ -2217,10 +2274,8 @@ export type AgentShield = {
2217
2274
  {
2218
2275
  name: "feeDestination";
2219
2276
  docs: [
2220
- "Developer fee destination — the wallet that receives developer fees",
2221
- "on every finalized transaction. IMMUTABLE after initialization — only",
2222
- "`initialize_vault` writes this field. This prevents a compromised owner",
2223
- "key from redirecting fees. Protocol fees go to PROTOCOL_TREASURY separately."
2277
+ "Developer fee destination — IMMUTABLE after initialization.",
2278
+ "Prevents a compromised owner from redirecting fees."
2224
2279
  ];
2225
2280
  type: "pubkey";
2226
2281
  },
@@ -2270,91 +2325,55 @@ export type AgentShield = {
2270
2325
  {
2271
2326
  name: "totalFeesCollected";
2272
2327
  docs: [
2273
- "Cumulative developer fees collected from this vault (token base units).",
2274
- "Protocol fees are tracked separately via events."
2328
+ "Cumulative developer fees collected from this vault (token base units)"
2275
2329
  ];
2276
2330
  type: "u64";
2277
- },
2278
- {
2279
- name: "trackerTier";
2280
- docs: ["Tracker capacity tier chosen at vault creation"];
2281
- type: {
2282
- defined: {
2283
- name: "trackerTier";
2284
- };
2285
- };
2286
2331
  }
2287
2332
  ];
2288
2333
  };
2289
2334
  },
2290
2335
  {
2291
- name: "allowedToken";
2292
- docs: [
2293
- "Per-token configuration including oracle feed and per-token caps.",
2294
- "Replaces the old `Vec<Pubkey>` allowed_tokens with richer metadata.",
2295
- "",
2296
- "Oracle feed classification:",
2297
- "- `Pubkey::default()` = stablecoin (1:1 USD, no oracle needed)",
2298
- "- `UNPRICED_SENTINEL` ([0xFF; 32]) = unpriced token (receive-only)",
2299
- "- Any other pubkey = Oracle feed account (Pyth PriceUpdateV2 or Switchboard PullFeed)"
2300
- ];
2336
+ name: "delegationRevoked";
2301
2337
  type: {
2302
2338
  kind: "struct";
2303
2339
  fields: [
2304
2340
  {
2305
- name: "mint";
2306
- docs: ["Token mint address"];
2341
+ name: "vault";
2307
2342
  type: "pubkey";
2308
2343
  },
2309
2344
  {
2310
- name: "oracleFeed";
2311
- docs: [
2312
- "Oracle feed account (Pyth PriceUpdateV2 or Switchboard PullFeed) for USD pricing.",
2313
- "`Pubkey::default()` = stablecoin (1:1 USD).",
2314
- "`UNPRICED_SENTINEL` = unpriced (receive-only, cannot be spent)."
2315
- ];
2345
+ name: "tokenAccount";
2316
2346
  type: "pubkey";
2317
2347
  },
2318
2348
  {
2319
- name: "decimals";
2320
- docs: ["Token decimals (e.g., 6 for USDC, 9 for SOL)"];
2321
- type: "u8";
2322
- },
2323
- {
2324
- name: "dailyCapBase";
2325
- docs: [
2326
- "Per-token daily cap in base units (0 = no per-token limit,",
2327
- "only the aggregate USD cap applies)"
2328
- ];
2329
- type: "u64";
2330
- },
2331
- {
2332
- name: "maxTxBase";
2333
- docs: [
2334
- "Per-token max single transaction in base units",
2335
- "(0 = no per-token tx limit, only USD tx limit applies)"
2336
- ];
2337
- type: "u64";
2349
+ name: "timestamp";
2350
+ type: "i64";
2338
2351
  }
2339
2352
  ];
2340
2353
  };
2341
2354
  },
2342
2355
  {
2343
- name: "delegationRevoked";
2356
+ name: "epochBucket";
2357
+ docs: [
2358
+ "A single epoch bucket tracking aggregate USD spend.",
2359
+ "16 bytes per bucket. USD-only — rate limiting stays client-side."
2360
+ ];
2361
+ serialization: "bytemuck";
2362
+ repr: {
2363
+ kind: "c";
2364
+ };
2344
2365
  type: {
2345
2366
  kind: "struct";
2346
2367
  fields: [
2347
2368
  {
2348
- name: "vault";
2349
- type: "pubkey";
2350
- },
2351
- {
2352
- name: "tokenAccount";
2353
- type: "pubkey";
2369
+ name: "epochId";
2370
+ docs: ["Epoch identifier: unix_timestamp / EPOCH_DURATION"];
2371
+ type: "i64";
2354
2372
  },
2355
2373
  {
2356
- name: "timestamp";
2357
- type: "i64";
2374
+ name: "usdAmount";
2375
+ docs: ["Aggregate USD spent in this epoch (6 decimals)"];
2376
+ type: "u64";
2358
2377
  }
2359
2378
  ];
2360
2379
  };
@@ -2463,6 +2482,116 @@ export type AgentShield = {
2463
2482
  ];
2464
2483
  };
2465
2484
  },
2485
+ {
2486
+ name: "oracleEntry";
2487
+ docs: ["Individual entry mapping a token mint to its oracle feed."];
2488
+ type: {
2489
+ kind: "struct";
2490
+ fields: [
2491
+ {
2492
+ name: "mint";
2493
+ docs: ["SPL token mint address"];
2494
+ type: "pubkey";
2495
+ },
2496
+ {
2497
+ name: "oracleFeed";
2498
+ docs: [
2499
+ "Pyth or Switchboard oracle feed account.",
2500
+ "Ignored when is_stablecoin is true."
2501
+ ];
2502
+ type: "pubkey";
2503
+ },
2504
+ {
2505
+ name: "isStablecoin";
2506
+ docs: ["If true, token is 1:1 USD (no oracle read needed)"];
2507
+ type: "bool";
2508
+ },
2509
+ {
2510
+ name: "fallbackFeed";
2511
+ docs: [
2512
+ "Optional fallback oracle feed. Pubkey::default() = no fallback.",
2513
+ "Used when primary is stale/invalid. Cross-checked for divergence",
2514
+ "when both are available."
2515
+ ];
2516
+ type: "pubkey";
2517
+ }
2518
+ ];
2519
+ };
2520
+ },
2521
+ {
2522
+ name: "oracleRegistry";
2523
+ docs: [
2524
+ "Protocol-level oracle registry — maps token mints to oracle feeds.",
2525
+ "Maintained by protocol admin. Shared across ALL vaults.",
2526
+ "Any vault can use any registered token without per-vault configuration.",
2527
+ "",
2528
+ 'Seeds: `[b"oracle_registry"]`'
2529
+ ];
2530
+ type: {
2531
+ kind: "struct";
2532
+ fields: [
2533
+ {
2534
+ name: "authority";
2535
+ docs: [
2536
+ "Authority who can add/remove entries (upgradeable to multisig/DAO)"
2537
+ ];
2538
+ type: "pubkey";
2539
+ },
2540
+ {
2541
+ name: "entries";
2542
+ docs: ["Token mint → oracle feed mappings"];
2543
+ type: {
2544
+ vec: {
2545
+ defined: {
2546
+ name: "oracleEntry";
2547
+ };
2548
+ };
2549
+ };
2550
+ },
2551
+ {
2552
+ name: "bump";
2553
+ docs: ["Bump seed for PDA"];
2554
+ type: "u8";
2555
+ }
2556
+ ];
2557
+ };
2558
+ },
2559
+ {
2560
+ name: "oracleRegistryInitialized";
2561
+ type: {
2562
+ kind: "struct";
2563
+ fields: [
2564
+ {
2565
+ name: "authority";
2566
+ type: "pubkey";
2567
+ },
2568
+ {
2569
+ name: "entryCount";
2570
+ type: "u16";
2571
+ }
2572
+ ];
2573
+ };
2574
+ },
2575
+ {
2576
+ name: "oracleRegistryUpdated";
2577
+ type: {
2578
+ kind: "struct";
2579
+ fields: [
2580
+ {
2581
+ name: "addedCount";
2582
+ type: "u16";
2583
+ },
2584
+ {
2585
+ name: "removedCount";
2586
+ type: "u16";
2587
+ },
2588
+ {
2589
+ name: "totalEntries";
2590
+ type: "u16";
2591
+ }
2592
+ ];
2593
+ };
2594
+ },
2466
2595
  {
2467
2596
  name: "pendingPolicyUpdate";
2468
2597
  docs: [
@@ -2503,19 +2632,13 @@ export type AgentShield = {
2503
2632
  };
2504
2633
  },
2505
2634
  {
2506
- name: "allowedTokens";
2635
+ name: "protocolMode";
2507
2636
  type: {
2508
- option: {
2509
- vec: {
2510
- defined: {
2511
- name: "allowedToken";
2512
- };
2513
- };
2514
- };
2637
+ option: "u8";
2515
2638
  };
2516
2639
  },
2517
2640
  {
2518
- name: "allowedProtocols";
2641
+ name: "protocols";
2519
2642
  type: {
2520
2643
  option: {
2521
2644
  vec: "pubkey";
@@ -2636,24 +2759,20 @@ export type AgentShield = {
2636
2759
  type: "u64";
2637
2760
  },
2638
2761
  {
2639
- name: "allowedTokens";
2762
+ name: "protocolMode";
2640
2763
  docs: [
2641
- "Allowed token mints with oracle feeds and per-token caps.",
2642
- "Bounded to MAX_ALLOWED_TOKENS entries."
2764
+ "Protocol access control mode:",
2765
+ "0 = all allowed (protocols list ignored)",
2766
+ "1 = allowlist (only protocols in list)",
2767
+ "2 = denylist (all except protocols in list)"
2643
2768
  ];
2644
- type: {
2645
- vec: {
2646
- defined: {
2647
- name: "allowedToken";
2648
- };
2649
- };
2650
- };
2769
+ type: "u8";
2651
2770
  },
2652
2771
  {
2653
- name: "allowedProtocols";
2772
+ name: "protocols";
2654
2773
  docs: [
2655
- "Allowed program IDs the agent can call (Jupiter, Flash Trade, etc.)",
2656
- "Bounded to MAX_ALLOWED_PROTOCOLS entries"
2774
+ "Protocol pubkeys for allowlist/denylist.",
2775
+ "Bounded to MAX_ALLOWED_PROTOCOLS entries."
2657
2776
  ];
2658
2777
  type: {
2659
2778
  vec: "pubkey";
@@ -2662,7 +2781,7 @@ export type AgentShield = {
2662
2781
  {
2663
2782
  name: "maxLeverageBps";
2664
2783
  docs: [
2665
- "Maximum leverage multiplier in basis points (e.g., 10000 = 100x, 1000 = 10x)",
2784
+ "Maximum leverage multiplier in basis points (e.g., 10000 = 100x)",
2666
2785
  "Set to 0 to disallow leveraged positions entirely"
2667
2786
  ];
2668
2787
  type: "u16";
@@ -2683,19 +2802,14 @@ export type AgentShield = {
2683
2802
  name: "developerFeeRate";
2684
2803
  docs: [
2685
2804
  "Developer fee rate (rate / 1,000,000). Applied to every finalized",
2686
- "transaction. Fee deducted from vault, transferred to vault's",
2687
- "fee_destination. Max MAX_DEVELOPER_FEE_RATE (500 = 5 BPS).",
2688
- "Set to 0 for no developer fee. Protocol fee is always applied",
2689
- "separately at PROTOCOL_FEE_RATE."
2805
+ "transaction. Max MAX_DEVELOPER_FEE_RATE (500 = 5 BPS)."
2690
2806
  ];
2691
2807
  type: "u16";
2692
2808
  },
2693
2809
  {
2694
2810
  name: "timelockDuration";
2695
2811
  docs: [
2696
- "Timelock duration in seconds for policy changes. 0 = no timelock",
2697
- "(immediate updates allowed). When > 0, policy changes must go",
2698
- "through queue_policy_update → apply_pending_policy."
2812
+ "Timelock duration in seconds for policy changes. 0 = no timelock."
2699
2813
  ];
2700
2814
  type: "u64";
2701
2815
  },
@@ -2735,11 +2849,11 @@ export type AgentShield = {
2735
2849
  type: "u64";
2736
2850
  },
2737
2851
  {
2738
- name: "allowedTokensCount";
2852
+ name: "protocolMode";
2739
2853
  type: "u8";
2740
2854
  },
2741
2855
  {
2742
- name: "allowedProtocolsCount";
2856
+ name: "protocolsCount";
2743
2857
  type: "u8";
2744
2858
  },
2745
2859
  {
@@ -2857,43 +2971,20 @@ export type AgentShield = {
2857
2971
  ];
2858
2972
  };
2859
2973
  },
2860
- {
2861
- name: "spendEntry";
2862
- type: {
2863
- kind: "struct";
2864
- fields: [
2865
- {
2866
- name: "tokenIndex";
2867
- docs: [
2868
- "Index into PolicyConfig.allowed_tokens[] (0-9).",
2869
- "Compact representation — avoids storing full 32-byte Pubkey per entry.",
2870
- "Invalidated when token list changes (rolling_spends is cleared)."
2871
- ];
2872
- type: "u8";
2873
- },
2874
- {
2875
- name: "usdAmount";
2876
- docs: [
2877
- "USD value of this spend (6 decimals, e.g., $500 = 500_000_000)"
2878
- ];
2879
- type: "u64";
2880
- },
2881
- {
2882
- name: "baseAmount";
2883
- docs: [
2884
- "Original amount in token base units (for per-token cap checks)"
2885
- ];
2886
- type: "u64";
2887
- },
2888
- {
2889
- name: "timestamp";
2890
- type: "i64";
2891
- }
2892
- ];
2893
- };
2894
- },
2895
2974
  {
2896
2975
  name: "spendTracker";
2976
+ docs: [
2977
+ "Zero-copy 144-epoch circular buffer for rolling 24h USD spend tracking.",
2978
+ "Each bucket covers a 10-minute epoch. Boundary correction ensures",
2979
+ "functionally exact accuracy (~$0.000001 worst-case rounding).",
2980
+ "Rounding direction: slightly permissive (under-counts by at most $0.000001).",
2981
+ "",
2982
+ 'Seeds: `[b"tracker", vault.key().as_ref()]`'
2983
+ ];
2984
+ serialization: "bytemuck";
2985
+ repr: {
2986
+ kind: "c";
2987
+ };
2897
2988
  type: {
2898
2989
  kind: "struct";
2899
2990
  fields: [
@@ -2903,114 +2994,30 @@ export type AgentShield = {
2903
2994
  type: "pubkey";
2904
2995
  },
2905
2996
  {
2906
- name: "trackerTier";
2907
- docs: ["Tracker capacity tier (Standard/Pro/Max)"];
2908
- type: {
2909
- defined: {
2910
- name: "trackerTier";
2911
- };
2912
- };
2913
- },
2914
- {
2915
- name: "maxSpendEntries";
2916
- docs: [
2917
- "Maximum spend entries for this tracker (derived from tier at init)"
2918
- ];
2919
- type: "u32";
2920
- },
2921
- {
2922
- name: "rollingSpends";
2923
- docs: [
2924
- "Rolling spend entries: (token_mint, usd_amount, base_amount, timestamp)",
2925
- "Entries older than ROLLING_WINDOW_SECONDS are pruned on each access"
2926
- ];
2927
- type: {
2928
- vec: {
2929
- defined: {
2930
- name: "spendEntry";
2931
- };
2932
- };
2933
- };
2934
- },
2935
- {
2936
- name: "recentTransactions";
2937
- docs: [
2938
- "Recent transaction log for on-chain audit trail",
2939
- "Bounded to MAX_RECENT_TRANSACTIONS, oldest entries evicted (ring buffer)"
2940
- ];
2997
+ name: "buckets";
2998
+ docs: ["144 epoch buckets for rolling 24h spend tracking"];
2941
2999
  type: {
2942
- vec: {
2943
- defined: {
2944
- name: "transactionRecord";
2945
- };
2946
- };
3000
+ array: [
3001
+ {
3002
+ defined: {
3003
+ name: "epochBucket";
3004
+ };
3005
+ },
3006
+ 144
3007
+ ];
2947
3008
  };
2948
3009
  },
2949
3010
  {
2950
3011
  name: "bump";
2951
3012
  docs: ["Bump seed for PDA"];
2952
3013
  type: "u8";
2953
- }
2954
- ];
2955
- };
2956
- },
2957
- {
2958
- name: "trackerTier";
2959
- docs: [
2960
- "Tracker capacity tiers — chosen at vault creation, determines",
2961
- "max rolling spend entries and SpendTracker account size."
2962
- ];
2963
- type: {
2964
- kind: "enum";
2965
- variants: [
2966
- {
2967
- name: "standard";
2968
3014
  },
2969
3015
  {
2970
- name: "pro";
2971
- },
2972
- {
2973
- name: "max";
2974
- }
2975
- ];
2976
- };
2977
- },
2978
- {
2979
- name: "transactionRecord";
2980
- type: {
2981
- kind: "struct";
2982
- fields: [
2983
- {
2984
- name: "timestamp";
2985
- type: "i64";
2986
- },
2987
- {
2988
- name: "actionType";
3016
+ name: "padding";
3017
+ docs: ["Padding for 8-byte alignment"];
2989
3018
  type: {
2990
- defined: {
2991
- name: "actionType";
2992
- };
3019
+ array: ["u8", 7];
2993
3020
  };
2994
- },
2995
- {
2996
- name: "tokenMint";
2997
- type: "pubkey";
2998
- },
2999
- {
3000
- name: "amount";
3001
- type: "u64";
3002
- },
3003
- {
3004
- name: "protocol";
3005
- type: "pubkey";
3006
- },
3007
- {
3008
- name: "success";
3009
- type: "bool";
3010
- },
3011
- {
3012
- name: "slot";
3013
- type: "u64";
3014
3021
  }
3015
3022
  ];
3016
3023
  };