@agenticprimitives/account-custody 0.1.0-alpha.2

package/dist/actions.js

@@ -0,0 +1,209 @@
+// CustodyAction — mirrors enum in packages/contracts/src/custody/CustodyPolicy.sol
+// (spec 213 § 2.2). The on-the-wire encoding is uint8; this enum maps the
+// values into the same custody-vocabulary names the Solidity surface uses.
+//
+// Wave H2 hardening: every builder validates arguments at the package
+// boundary so wire-format bugs surface at call time instead of as
+// opaque on-chain reverts.
+import { encodeAbiParameters } from 'viem';
+export var CustodyAction;
+(function (CustodyAction) {
+    CustodyAction[CustodyAction["AddCustodian"] = 0] = "AddCustodian";
+    CustodyAction[CustodyAction["RemoveCustodian"] = 1] = "RemoveCustodian";
+    CustodyAction[CustodyAction["AddPasskeyCredential"] = 2] = "AddPasskeyCredential";
+    CustodyAction[CustodyAction["RemovePasskeyCredential"] = 3] = "RemovePasskeyCredential";
+    CustodyAction[CustodyAction["AddTrustee"] = 4] = "AddTrustee";
+    CustodyAction[CustodyAction["RemoveTrustee"] = 5] = "RemoveTrustee";
+    CustodyAction[CustodyAction["ChangeCustodyMode"] = 6] = "ChangeCustodyMode";
+    CustodyAction[CustodyAction["ApplySystemUpdate"] = 7] = "ApplySystemUpdate";
+    CustodyAction[CustodyAction["RotateDelegationManager"] = 8] = "RotateDelegationManager";
+    CustodyAction[CustodyAction["RotatePaymaster"] = 9] = "RotatePaymaster";
+    CustodyAction[CustodyAction["RotateSessionIssuer"] = 10] = "RotateSessionIssuer";
+    CustodyAction[CustodyAction["RotateAllCustodians"] = 11] = "RotateAllCustodians";
+    CustodyAction[CustodyAction["ChangeValueCeiling"] = 12] = "ChangeValueCeiling";
+    CustodyAction[CustodyAction["SetRecoveryApprovals"] = 13] = "SetRecoveryApprovals";
+    CustodyAction[CustodyAction["RecoverAccount"] = 14] = "RecoverAccount";
+    CustodyAction[CustodyAction["ChangeApprovalsRequired"] = 15] = "ChangeApprovalsRequired";
+})(CustodyAction || (CustodyAction = {}));
+// ─── Range / shape validators ────────────────────────────────────────────
+const ADDRESS_RE = /^0x[0-9a-fA-F]{40}$/;
+const BYTES32_RE = /^0x[0-9a-fA-F]{64}$/;
+const U256_MAX = (1n << 256n) - 1n;
+const U8_MAX = 255;
+function assertAddress(label, v) {
+    if (typeof v !== 'string' || !ADDRESS_RE.test(v)) {
+        throw new RangeError(`[custody] ${label}: not a 20-byte hex address (${v})`);
+    }
+}
+function assertBytes32(label, v) {
+    if (typeof v !== 'string' || !BYTES32_RE.test(v)) {
+        throw new RangeError(`[custody] ${label}: not a 32-byte hex (${v})`);
+    }
+}
+function assertUint8(label, v, min = 0, max = U8_MAX) {
+    if (!Number.isInteger(v) || v < min || v > max) {
+        throw new RangeError(`[custody] ${label}: not a uint8 in [${min}, ${max}] (got ${v})`);
+    }
+}
+function assertUint256(label, v, min = 0n, max = U256_MAX) {
+    if (typeof v !== 'bigint' || v < min || v > max) {
+        throw new RangeError(`[custody] ${label}: not a uint256 in [${min}, ${max}] (got ${v})`);
+    }
+}
+// ─── Per-action arg builders ─────────────────────────────────────────────
+//
+// Each builder produces the `args` bytes the on-chain scheduler expects.
+// Keeping these here means the UI never reaches for `encodeAbiParameters`
+// directly with magic type strings.
+export function buildAddCustodianArgs(custodian) {
+    assertAddress('AddCustodian.custodian', custodian);
+    return encodeAbiParameters([{ type: 'address' }], [custodian]);
+}
+export function buildRemoveCustodianArgs(custodian) {
+    assertAddress('RemoveCustodian.custodian', custodian);
+    return encodeAbiParameters([{ type: 'address' }], [custodian]);
+}
+export function buildAddTrusteeArgs(trustee) {
+    assertAddress('AddTrustee.trustee', trustee);
+    return encodeAbiParameters([{ type: 'address' }], [trustee]);
+}
+export function buildRemoveTrusteeArgs(trustee) {
+    assertAddress('RemoveTrustee.trustee', trustee);
+    return encodeAbiParameters([{ type: 'address' }], [trustee]);
+}
+export function buildChangeCustodyModeArgs(newMode) {
+    assertUint8('ChangeCustodyMode.newMode', newMode, 0, 3);
+    return encodeAbiParameters([{ type: 'uint8' }], [newMode]);
+}
+export function buildChangeValueCeilingArgs(newCeilingWei) {
+    assertUint256('ChangeValueCeiling.newCeilingWei', newCeilingWei);
+    return encodeAbiParameters([{ type: 'uint256' }], [newCeilingWei]);
+}
+/**
+ * Encode args for `SetRecoveryApprovals(newThreshold)`.
+ *
+ * The on-chain CustodyPolicy rejects `newThreshold == 0` (Wave 2C C-9)
+ * to prevent T4-quorum-induced silent recovery disable. The builder
+ * does NOT enforce that ceiling because the upper bound is the
+ * runtime trustee count; on-chain validation catches an over-threshold.
+ */
+export function buildSetRecoveryApprovalsArgs(approvals) {
+    assertUint8('SetRecoveryApprovals.approvals', approvals);
+    return encodeAbiParameters([{ type: 'uint8' }], [approvals]);
+}
+export function buildApplySystemUpdateArgs(newImpl) {
+    assertAddress('ApplySystemUpdate.newImpl', newImpl);
+    return encodeAbiParameters([{ type: 'address' }], [newImpl]);
+}
+/**
+ * Encode args for `ChangeApprovalsRequired(tier, newCount)`.
+ *
+ * `tier` is a RiskTier in [1, 5] — T6 (recovery) lives in a separate
+ * slot and is set via `buildSetRecoveryApprovalsArgs`. `newCount` must
+ * satisfy `1 <= newCount <= account.custodianCount()` at apply time.
+ */
+export function buildChangeApprovalsRequiredArgs(tier, newCount) {
+    assertUint8('ChangeApprovalsRequired.tier', tier, 1, 5);
+    assertUint8('ChangeApprovalsRequired.newCount', newCount, 1);
+    return encodeAbiParameters([{ type: 'uint8' }, { type: 'uint8' }], [tier, newCount]);
+}
+/**
+ * Encode args for `AddPasskeyCredential(credentialIdDigest, x, y)`.
+ * Side effect on AgentAccount: also registers the PIA derived from
+ * `(x, y)` as a first-class custodian.
+ *
+ * Wave 2C C-6 hardening: on-chain initializer rejects credentialIdDigest
+ * == 0; this builder echoes that check at the wire-format boundary so
+ * the demo never spends gas on a guaranteed-revert tx.
+ */
+export function buildAddPasskeyCredentialArgs(credentialIdDigest, x, y) {
+    assertBytes32('AddPasskeyCredential.credentialIdDigest', credentialIdDigest);
+    if (credentialIdDigest === ('0x' + '00'.repeat(32))) {
+        throw new RangeError('[custody] AddPasskeyCredential.credentialIdDigest: must be non-zero (audit C-6)');
+    }
+    assertUint256('AddPasskeyCredential.x', x, 1n);
+    assertUint256('AddPasskeyCredential.y', y, 1n);
+    return encodeAbiParameters([{ type: 'bytes32' }, { type: 'uint256' }, { type: 'uint256' }], [credentialIdDigest, x, y]);
+}
+/** Encode args for `RemovePasskeyCredential(credentialIdDigest)`. */
+export function buildRemovePasskeyCredentialArgs(credentialIdDigest) {
+    assertBytes32('RemovePasskeyCredential.credentialIdDigest', credentialIdDigest);
+    return encodeAbiParameters([{ type: 'bytes32' }], [credentialIdDigest]);
+}
+/**
+ * Encode args for `RotateAllCustodians(addCustodians, removeCustodians)`
+ * (Wave 2C C-10). Adds the new set + removes the old in one atomic action;
+ * factory enforces that at-least-one custodian remains.
+ */
+export function buildRotateAllCustodiansArgs(addCustodians, removeCustodians) {
+    for (const c of addCustodians)
+        assertAddress('RotateAllCustodians.add', c);
+    for (const c of removeCustodians)
+        assertAddress('RotateAllCustodians.remove', c);
+    return encodeAbiParameters([{ type: 'address[]' }, { type: 'address[]' }], [addCustodians, removeCustodians]);
+}
+/**
+ * Encode args for `RecoverAccount(args)` — atomic add/remove of owners
+ * and passkeys in one T6 action so the signer set doesn't pass through
+ * a half-rotated intermediate state.
+ *
+ * Solidity struct (from packages/contracts/src/IAgentAccount.sol):
+ *   struct AgentAccountRecoveryArgs {
+ *     address[] addOwners;
+ *     address[] removeOwners;
+ *     AgentAccountRecoveryPasskeyAdd[] addPasskeys;
+ *     bytes32[] removePasskeyCredentialIdDigests;
+ *   }
+ */
+export function buildRecoverAccountArgs(args) {
+    const addOwners = args.addOwners ?? [];
+    const removeOwners = args.removeOwners ?? [];
+    const addPasskeys = args.addPasskeys ?? [];
+    const removePasskeyCredentialIdDigests = args.removePasskeyCredentialIdDigests ?? [];
+    for (const a of addOwners)
+        assertAddress('RecoverAccount.addOwners', a);
+    for (const a of removeOwners)
+        assertAddress('RecoverAccount.removeOwners', a);
+    for (const p of addPasskeys) {
+        assertBytes32('RecoverAccount.addPasskeys.credentialIdDigest', p.credentialIdDigest);
+        if (p.credentialIdDigest === ('0x' + '00'.repeat(32))) {
+            throw new RangeError('[custody] RecoverAccount.addPasskeys: credentialIdDigest must be non-zero (audit C-6)');
+        }
+        assertUint256('RecoverAccount.addPasskeys.x', p.x, 1n);
+        assertUint256('RecoverAccount.addPasskeys.y', p.y, 1n);
+    }
+    for (const d of removePasskeyCredentialIdDigests) {
+        assertBytes32('RecoverAccount.removePasskeyCredentialIdDigests', d);
+    }
+    if (addOwners.length === 0 &&
+        removeOwners.length === 0 &&
+        addPasskeys.length === 0 &&
+        removePasskeyCredentialIdDigests.length === 0) {
+        throw new RangeError('[custody] RecoverAccount: at least one add/remove field must be non-empty');
+    }
+    return encodeAbiParameters([
+        {
+            type: 'tuple',
+            components: [
+                { name: 'addOwners', type: 'address[]' },
+                { name: 'removeOwners', type: 'address[]' },
+                {
+                    name: 'addPasskeys',
+                    type: 'tuple[]',
+                    components: [
+                        { name: 'credentialIdDigest', type: 'bytes32' },
+                        { name: 'x', type: 'uint256' },
+                        { name: 'y', type: 'uint256' },
+                    ],
+                },
+                { name: 'removePasskeyCredentialIdDigests', type: 'bytes32[]' },
+            ],
+        },
+    ], [{
+            addOwners: addOwners,
+            removeOwners: removeOwners,
+            addPasskeys: addPasskeys,
+            removePasskeyCredentialIdDigests: removePasskeyCredentialIdDigests,
+        }]);
+}
+//# sourceMappingURL=actions.js.map

package/dist/actions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"actions.js","sourceRoot":"","sources":["../src/actions.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,0EAA0E;AAC1E,2EAA2E;AAC3E,EAAE;AACF,sEAAsE;AACtE,kEAAkE;AAClE,2BAA2B;AAE3B,OAAO,EAAE,mBAAmB,EAA0B,MAAM,MAAM,CAAC;AAEnE,MAAM,CAAN,IAAY,aAiBX;AAjBD,WAAY,aAAa;IACvB,iEAAgB,CAAA;IAChB,uEAAmB,CAAA;IACnB,iFAAwB,CAAA;IACxB,uFAA2B,CAAA;IAC3B,6DAAc,CAAA;IACd,mEAAiB,CAAA;IACjB,2EAAqB,CAAA;IACrB,2EAAqB,CAAA;IACrB,uFAA2B,CAAA;IAC3B,uEAAmB,CAAA;IACnB,gFAAwB,CAAA;IACxB,gFAAwB,CAAA;IACxB,8EAAuB,CAAA;IACvB,kFAAyB,CAAA;IACzB,sEAAmB,CAAA;IACnB,wFAA4B,CAAA;AAC9B,CAAC,EAjBW,aAAa,KAAb,aAAa,QAiBxB;AAED,4EAA4E;AAE5E,MAAM,UAAU,GAAG,qBAAqB,CAAC;AACzC,MAAM,UAAU,GAAG,qBAAqB,CAAC;AACzC,MAAM,QAAQ,GAAG,CAAC,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;AACnC,MAAM,MAAM,GAAG,GAAG,CAAC;AAEnB,SAAS,aAAa,CAAC,KAAa,EAAE,CAAU;IAC9C,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,UAAU,CAAC,aAAa,KAAK,gCAAgC,CAAC,GAAG,CAAC,CAAC;IAC/E,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAAa,EAAE,CAAM;IAC1C,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,UAAU,CAAC,aAAa,KAAK,wBAAwB,CAAC,GAAG,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAa,EAAE,CAAS,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,GAAG,MAAM;IAClE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;QAC/C,MAAM,IAAI,UAAU,CAAC,aAAa,KAAK,qBAAqB,GAAG,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IACzF,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAAa,EAAE,CAAS,EAAE,GAAG,GAAG,EAAE,EAAE,GAAG,GAAG,QAAQ;IACvE,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;QAChD,MAAM,IAAI,UAAU,CAAC,aAAa,KAAK,uBAAuB,GAAG,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC3F,CAAC;AACH,CAAC;AAED,4EAA4E;AAC5E,EAAE;AACF,yEAAyE;AACzE,0EAA0E;AAC1E,oCAAoC;AAEpC,MAAM,UAAU,qBAAqB,CAAC,SAAkB;IACtD,aAAa,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAC;IACnD,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,SAAkB;IACzD,aAAa,CAAC,2BAA2B,EAAE,SAAS,CAAC,CAAC;IACtD,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,aAAa,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;IAC7C,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,OAAgB;IACrD,aAAa,CAAC,uBAAuB,EAAE,OAAO,CAAC,CAAC;IAChD,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,OAAsB;IAC/D,WAAW,CAAC,2BAA2B,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IACxD,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,aAAqB;IAC/D,aAAa,CAAC,kCAAkC,EAAE,aAAa,CAAC,CAAC;IACjE,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,6BAA6B,CAAC,SAAiB;IAC7D,WAAW,CAAC,gCAAgC,EAAE,SAAS,CAAC,CAAC;IACzD,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,OAAgB;IACzD,aAAa,CAAC,2BAA2B,EAAE,OAAO,CAAC,CAAC;IACpD,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gCAAgC,CAAC,IAAY,EAAE,QAAgB;IAC7E,WAAW,CAAC,8BAA8B,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IACxD,WAAW,CAAC,kCAAkC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC7D,OAAO,mBAAmB,CACxB,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EACtC,CAAC,IAAI,EAAE,QAAQ,CAAC,CACjB,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,6BAA6B,CAC3C,kBAAuB,EACvB,CAAS,EACT,CAAS;IAET,aAAa,CAAC,yCAAyC,EAAE,kBAAkB,CAAC,CAAC;IAC7E,IAAI,kBAAkB,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,UAAU,CAAC,iFAAiF,CAAC,CAAC;IAC1G,CAAC;IACD,aAAa,CAAC,wBAAwB,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/C,aAAa,CAAC,wBAAwB,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/C,OAAO,mBAAmB,CACxB,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAC/D,CAAC,kBAAkB,EAAE,CAAC,EAAE,CAAC,CAAC,CAC3B,CAAC;AACJ,CAAC;AAED,qEAAqE;AACrE,MAAM,UAAU,gCAAgC,CAAC,kBAAuB;IACtE,aAAa,CAAC,4CAA4C,EAAE,kBAAkB,CAAC,CAAC;IAChF,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC;AAC1E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,4BAA4B,CAC1C,aAAiC,EACjC,gBAAoC;IAEpC,KAAK,MAAM,CAAC,IAAI,aAAa;QAAE,aAAa,CAAC,yBAAyB,EAAE,CAAC,CAAC,CAAC;IAC3E,KAAK,MAAM,CAAC,IAAI,gBAAgB;QAAE,aAAa,CAAC,4BAA4B,EAAE,CAAC,CAAC,CAAC;IACjF,OAAO,mBAAmB,CACxB,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,EAC9C,CAAC,aAA0B,EAAE,gBAA6B,CAAC,CAC5D,CAAC;AACJ,CAAC;AAYD;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAKvC;IACC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC;IACvC,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;IAC3C,MAAM,gCAAgC,GAAG,IAAI,CAAC,gCAAgC,IAAI,EAAE,CAAC;IAErF,KAAK,MAAM,CAAC,IAAI,SAAS;QAAE,aAAa,CAAC,0BAA0B,EAAE,CAAC,CAAC,CAAC;IACxE,KAAK,MAAM,CAAC,IAAI,YAAY;QAAE,aAAa,CAAC,6BAA6B,EAAE,CAAC,CAAC,CAAC;IAC9E,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,aAAa,CAAC,+CAA+C,EAAE,CAAC,CAAC,kBAAkB,CAAC,CAAC;QACrF,IAAI,CAAC,CAAC,kBAAkB,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,UAAU,CAAC,uFAAuF,CAAC,CAAC;QAChH,CAAC;QACD,aAAa,CAAC,8BAA8B,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvD,aAAa,CAAC,8BAA8B,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,gCAAgC,EAAE,CAAC;QACjD,aAAa,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAC;IACtE,CAAC;IAED,IACE,SAAS,CAAC,MAAM,KAAK,CAAC;QACtB,YAAY,CAAC,MAAM,KAAK,CAAC;QACzB,WAAW,CAAC,MAAM,KAAK,CAAC;QACxB,gCAAgC,CAAC,MAAM,KAAK,CAAC,EAC7C,CAAC;QACD,MAAM,IAAI,UAAU,CAAC,2EAA2E,CAAC,CAAC;IACpG,CAAC;IAED,OAAO,mBAAmB,CACxB;QACE;YACE,IAAI,EAAE,OAAO;YACb,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE;gBACxC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE;gBAC3C;oBACE,IAAI,EAAE,aAAa;oBACnB,IAAI,EAAE,SAAS;oBACf,UAAU,EAAE;wBACV,EAAE,IAAI,EAAE,oBAAoB,EAAE,IAAI,EAAE,SAAS,EAAE;wBAC/C,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE;wBAC9B,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE;qBAC/B;iBACF;gBACD,EAAE,IAAI,EAAE,kCAAkC,EAAE,IAAI,EAAE,WAAW,EAAE;aAChE;SACF;KACF,EACD,CAAC;YACC,SAAS,EAAE,SAAsB;YACjC,YAAY,EAAE,YAAyB;YACvC,WAAW,EAAE,WAAmC;YAChD,gCAAgC,EAAE,gCAAyC;SAC5E,CAAC,CACH,CAAC;AACJ,CAAC"}

package/dist/eip712.d.ts

@@ -0,0 +1,74 @@
+import type { Address, Hex } from 'viem';
+export declare const CUSTODY_DOMAIN_NAME = "agenticprimitives.CustodyPolicy";
+export declare const CUSTODY_DOMAIN_VERSION = "1";
+export declare function custodyDomain(args: {
+    chainId: number;
+    verifyingContract: Address;
+}): {
+    readonly name: "agenticprimitives.CustodyPolicy";
+    readonly version: "1";
+    readonly chainId: number;
+    readonly verifyingContract: `0x${string}`;
+};
+export declare const ScheduleCustodyChangeRequest: {
+    readonly ScheduleCustodyChangeRequest: readonly [{
+        readonly name: "account";
+        readonly type: "address";
+    }, {
+        readonly name: "action";
+        readonly type: "uint8";
+    }, {
+        readonly name: "argsHash";
+        readonly type: "bytes32";
+    }, {
+        readonly name: "changeId";
+        readonly type: "uint256";
+    }];
+};
+export declare const ApplyCustodyChangeRequest: {
+    readonly ApplyCustodyChangeRequest: readonly [{
+        readonly name: "account";
+        readonly type: "address";
+    }, {
+        readonly name: "action";
+        readonly type: "uint8";
+    }, {
+        readonly name: "argsHash";
+        readonly type: "bytes32";
+    }, {
+        readonly name: "changeId";
+        readonly type: "uint256";
+    }, {
+        readonly name: "eta";
+        readonly type: "uint64";
+    }];
+};
+export declare const CancelScheduledChangeRequest: {
+    readonly CancelScheduledChangeRequest: readonly [{
+        readonly name: "account";
+        readonly type: "address";
+    }, {
+        readonly name: "action";
+        readonly type: "uint8";
+    }, {
+        readonly name: "argsHash";
+        readonly type: "bytes32";
+    }, {
+        readonly name: "changeId";
+        readonly type: "uint256";
+    }, {
+        readonly name: "eta";
+        readonly type: "uint64";
+    }];
+};
+export interface ScheduleCustodyChangeMessage {
+    account: Address;
+    action: number;
+    argsHash: Hex;
+    changeId: bigint;
+}
+export interface ApplyCustodyChangeMessage extends ScheduleCustodyChangeMessage {
+    eta: bigint;
+}
+export type CancelScheduledChangeMessage = ApplyCustodyChangeMessage;
+//# sourceMappingURL=eip712.d.ts.map

package/dist/eip712.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"eip712.d.ts","sourceRoot":"","sources":["../src/eip712.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAEzC,eAAO,MAAM,mBAAmB,oCAAoC,CAAC;AACrE,eAAO,MAAM,sBAAsB,MAAM,CAAC;AAE1C,wBAAgB,aAAa,CAAC,IAAI,EAAE;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,OAAO,CAAA;CAAE;;;;;EAOlF;AAED,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;CAO/B,CAAC;AAEX,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;CAQ5B,CAAC;AAEX,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;CAQ/B,CAAC;AAEX,MAAM,WAAW,4BAA4B;IAC3C,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,GAAG,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,yBAA0B,SAAQ,4BAA4B;IAC7E,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,MAAM,4BAA4B,GAAG,yBAAyB,CAAC"}

package/dist/eip712.js

@@ -0,0 +1,43 @@
+// EIP-712 typed-data shapes for the CustodyPolicy schedule/apply/cancel
+// surface. Mirrors packages/contracts/src/custody/CustodyPolicy.sol § "EIP-712"
+// (spec 207 § 15, renamed per spec 213 § 2.2).
+//
+// Domain `name` is "agenticprimitives.CustodyPolicy", version "1". Caller
+// supplies chainId + the deployed CustodyPolicy address as `verifyingContract`.
+export const CUSTODY_DOMAIN_NAME = 'agenticprimitives.CustodyPolicy';
+export const CUSTODY_DOMAIN_VERSION = '1';
+export function custodyDomain(args) {
+    return {
+        name: CUSTODY_DOMAIN_NAME,
+        version: CUSTODY_DOMAIN_VERSION,
+        chainId: args.chainId,
+        verifyingContract: args.verifyingContract,
+    };
+}
+export const ScheduleCustodyChangeRequest = {
+    ScheduleCustodyChangeRequest: [
+        { name: 'account', type: 'address' },
+        { name: 'action', type: 'uint8' },
+        { name: 'argsHash', type: 'bytes32' },
+        { name: 'changeId', type: 'uint256' },
+    ],
+};
+export const ApplyCustodyChangeRequest = {
+    ApplyCustodyChangeRequest: [
+        { name: 'account', type: 'address' },
+        { name: 'action', type: 'uint8' },
+        { name: 'argsHash', type: 'bytes32' },
+        { name: 'changeId', type: 'uint256' },
+        { name: 'eta', type: 'uint64' },
+    ],
+};
+export const CancelScheduledChangeRequest = {
+    CancelScheduledChangeRequest: [
+        { name: 'account', type: 'address' },
+        { name: 'action', type: 'uint8' },
+        { name: 'argsHash', type: 'bytes32' },
+        { name: 'changeId', type: 'uint256' },
+        { name: 'eta', type: 'uint64' },
+    ],
+};
+//# sourceMappingURL=eip712.js.map

package/dist/eip712.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"eip712.js","sourceRoot":"","sources":["../src/eip712.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,gFAAgF;AAChF,+CAA+C;AAC/C,EAAE;AACF,0EAA0E;AAC1E,gFAAgF;AAIhF,MAAM,CAAC,MAAM,mBAAmB,GAAG,iCAAiC,CAAC;AACrE,MAAM,CAAC,MAAM,sBAAsB,GAAG,GAAG,CAAC;AAE1C,MAAM,UAAU,aAAa,CAAC,IAAqD;IACjF,OAAO;QACL,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,sBAAsB;QAC/B,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;KACjC,CAAC;AACb,CAAC;AAED,MAAM,CAAC,MAAM,4BAA4B,GAAG;IAC1C,4BAA4B,EAAE;QAC5B,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;QACpC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE;QACjC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;QACrC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;KACtC;CACO,CAAC;AAEX,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,yBAAyB,EAAE;QACzB,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;QACpC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE;QACjC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;QACrC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;QACrC,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE;KAChC;CACO,CAAC;AAEX,MAAM,CAAC,MAAM,4BAA4B,GAAG;IAC1C,4BAA4B,EAAE;QAC5B,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;QACpC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE;QACjC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;QACrC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;QACrC,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE;KAChC;CACO,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { custodyPolicyAbi } from './abi.js';
+export { CustodyAction, buildAddCustodianArgs, buildRemoveCustodianArgs, buildAddTrusteeArgs, buildRemoveTrusteeArgs, buildChangeCustodyModeArgs, buildChangeValueCeilingArgs, buildSetRecoveryApprovalsArgs, buildApplySystemUpdateArgs, buildChangeApprovalsRequiredArgs, buildAddPasskeyCredentialArgs, buildRemovePasskeyCredentialArgs, buildRotateAllCustodiansArgs, buildRecoverAccountArgs, type RecoveryPasskeyAdd, } from './actions.js';
+export { CUSTODY_DOMAIN_NAME, CUSTODY_DOMAIN_VERSION, custodyDomain, ScheduleCustodyChangeRequest, ApplyCustodyChangeRequest, CancelScheduledChangeRequest, type ScheduleCustodyChangeMessage, type ApplyCustodyChangeMessage, type CancelScheduledChangeMessage, } from './eip712.js';
+export { type Custodian, type Trustee, type CustodyCouncil, type ScheduledChange, type CustodyMode, type RiskTier, CUSTODY_MODE_BY_INDEX, } from './types.js';
+export { type EcdsaSlot, type ContractSigSlot, type ApprovedHashSlot, type PasskeySlot, type QuorumSlot, type WebAuthnAssertion, packQuorumSigs, encodePasskeyTailBody, passkeyIdentity, } from './quorum-slots.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAE5C,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,0BAA0B,EAC1B,2BAA2B,EAC3B,6BAA6B,EAC7B,0BAA0B,EAC1B,gCAAgC,EAChC,6BAA6B,EAC7B,gCAAgC,EAChC,4BAA4B,EAC5B,uBAAuB,EACvB,KAAK,kBAAkB,GACxB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,aAAa,EACb,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,KAAK,4BAA4B,EACjC,KAAK,yBAAyB,EAC9B,KAAK,4BAA4B,GAClC,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,KAAK,SAAS,EACd,KAAK,OAAO,EACZ,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,QAAQ,EACb,qBAAqB,GACtB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,WAAW,EAChB,KAAK,UAAU,EACf,KAAK,iBAAiB,EACtB,cAAc,EACd,qBAAqB,EACrB,eAAe,GAChB,MAAM,mBAAmB,CAAC"}

package/dist/index.js

@@ -0,0 +1,15 @@
+// @agenticprimitives/account-custody — custody-layer SDK
+//
+// Public surface for the CustodyPolicy ERC-7579 module. Hosts the ABI,
+// CustodyAction enum + arg builders, EIP-712 typed-data shapes, and
+// custody-domain types (Custodian, Trustee, CustodyCouncil, ScheduledChange).
+//
+// Scope discipline: this package speaks custody-domain vocabulary only.
+// Delegation / Steward / Caveat concepts belong in @agenticprimitives/delegation.
+// See spec 212 § 2.2 + spec 213 for the vocabulary firewall.
+export { custodyPolicyAbi } from './abi.js';
+export { CustodyAction, buildAddCustodianArgs, buildRemoveCustodianArgs, buildAddTrusteeArgs, buildRemoveTrusteeArgs, buildChangeCustodyModeArgs, buildChangeValueCeilingArgs, buildSetRecoveryApprovalsArgs, buildApplySystemUpdateArgs, buildChangeApprovalsRequiredArgs, buildAddPasskeyCredentialArgs, buildRemovePasskeyCredentialArgs, buildRotateAllCustodiansArgs, buildRecoverAccountArgs, } from './actions.js';
+export { CUSTODY_DOMAIN_NAME, CUSTODY_DOMAIN_VERSION, custodyDomain, ScheduleCustodyChangeRequest, ApplyCustodyChangeRequest, CancelScheduledChangeRequest, } from './eip712.js';
+export { CUSTODY_MODE_BY_INDEX, } from './types.js';
+export { packQuorumSigs, encodePasskeyTailBody, passkeyIdentity, } from './quorum-slots.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,yDAAyD;AACzD,EAAE;AACF,uEAAuE;AACvE,oEAAoE;AACpE,8EAA8E;AAC9E,EAAE;AACF,wEAAwE;AACxE,kFAAkF;AAClF,6DAA6D;AAE7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAE5C,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,0BAA0B,EAC1B,2BAA2B,EAC3B,6BAA6B,EAC7B,0BAA0B,EAC1B,gCAAgC,EAChC,6BAA6B,EAC7B,gCAAgC,EAChC,4BAA4B,EAC5B,uBAAuB,GAExB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,aAAa,EACb,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,GAI7B,MAAM,aAAa,CAAC;AAErB,OAAO,EAOL,qBAAqB,GACtB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAOL,cAAc,EACd,qBAAqB,EACrB,eAAe,GAChB,MAAM,mBAAmB,CAAC"}

package/dist/quorum-slots.d.ts

@@ -0,0 +1,61 @@
+import { type Address, type Hex } from 'viem';
+export interface WebAuthnAssertion {
+    authenticatorData: Hex;
+    clientDataJSON: string;
+    challengeIndex: bigint;
+    typeIndex: bigint;
+    r: bigint;
+    s: bigint;
+    credentialIdDigest: Hex;
+}
+export type EcdsaSlot = {
+    type: 'ecdsa';
+    signer: Address;
+    /** Raw 65-byte ECDSA sig: r (32) || s (32) || v (1). */
+    signature: Hex;
+};
+export type ContractSigSlot = {
+    type: 'contract-sig';
+    /** The address whose `isValidSignature(hash, blob)` will be called. */
+    signer: Address;
+    /** Blob handed to the signer's `isValidSignature`. */
+    signatureBlob: Hex;
+};
+export type ApprovedHashSlot = {
+    type: 'approved-hash';
+    /** Address that called `ApprovedHashRegistry.approveHash`. */
+    signer: Address;
+};
+export type PasskeySlot = {
+    type: 'passkey';
+    /** Passkey-Identity-Address: keccak256(abi.encode(x, y)) cast to address. */
+    pia: Address;
+    /** P-256 public key. Re-derived and asserted equal to `pia` inside SignatureSlotRecovery. */
+    x: bigint;
+    y: bigint;
+    /** Decoded WebAuthn assertion produced by the browser ceremony. */
+    assertion: WebAuthnAssertion;
+};
+export type QuorumSlot = EcdsaSlot | ContractSigSlot | ApprovedHashSlot | PasskeySlot;
+/**
+ * Encode a v=2 passkey slot's tail body as `abi.encode(uint256 x,
+ * uint256 y, WebAuthnLib.Assertion assertion)` — the shape
+ * `SignatureSlotRecovery.recoverFromSlot` decodes for v=2 slots.
+ */
+export declare function encodePasskeyTailBody(x: bigint, y: bigint, assertion: WebAuthnAssertion): Hex;
+/**
+ * Pack a sorted set of slots into the bytes blob CustodyPolicy expects.
+ * Slot encoding follows Safe's convention; dynamic tails (v=0 + v=2)
+ * are appended after the slot table.
+ *
+ * Layout:
+ *   [slot 0 (65)] … [slot N (65)] [len0 (32)] [blob0] … [lenK (32)] [blobK]
+ */
+export declare function packQuorumSigs(slots: readonly QuorumSlot[]): Hex;
+/**
+ * Derive a Passkey-Identity-Address from a P-256 public key. Mirrors
+ * `AgentAccount.passkeyIdentity` exactly so off-chain code can compute
+ * the same address without a chain call.
+ */
+export declare function passkeyIdentity(x: bigint, y: bigint): Address;
+//# sourceMappingURL=quorum-slots.d.ts.map

package/dist/quorum-slots.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"quorum-slots.d.ts","sourceRoot":"","sources":["../src/quorum-slots.ts"],"names":[],"mappings":"AAmBA,OAAO,EAML,KAAK,OAAO,EACZ,KAAK,GAAG,EACT,MAAM,MAAM,CAAC;AAEd,MAAM,WAAW,iBAAiB;IAChC,iBAAiB,EAAE,GAAG,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,kBAAkB,EAAE,GAAG,CAAC;CACzB;AAED,MAAM,MAAM,SAAS,GAAG;IACtB,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,OAAO,CAAC;IAChB,wDAAwD;IACxD,SAAS,EAAE,GAAG,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,cAAc,CAAC;IACrB,uEAAuE;IACvE,MAAM,EAAE,OAAO,CAAC;IAChB,sDAAsD;IACtD,aAAa,EAAE,GAAG,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,IAAI,EAAE,eAAe,CAAC;IACtB,8DAA8D;IAC9D,MAAM,EAAE,OAAO,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,IAAI,EAAE,SAAS,CAAC;IAChB,6EAA6E;IAC7E,GAAG,EAAE,OAAO,CAAC;IACb,6FAA6F;IAC7F,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,mEAAmE;IACnE,SAAS,EAAE,iBAAiB,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,eAAe,GAAG,gBAAgB,GAAG,WAAW,CAAC;AAiBtF;;;;GAIG;AACH,wBAAgB,qBAAqB,CACnC,CAAC,EAAE,MAAM,EACT,CAAC,EAAE,MAAM,EACT,SAAS,EAAE,iBAAiB,GAC3B,GAAG,CASL;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,SAAS,UAAU,EAAE,GAAG,GAAG,CAiDhE;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAO7D"}

package/dist/quorum-slots.js

@@ -0,0 +1,110 @@
+// Quorum-signature packing for the CustodyPolicy admin surface.
+//
+// The CustodyPolicy contract consumes Safe-compatible packed slot blobs:
+// each slot is `{ r (32) || s (32) || v (1) }`, optionally followed by a
+// dynamic tail for slot types that need extra bytes. Slot recovery lives
+// in `libraries/SignatureSlotRecovery.sol`. Slots MUST be sorted
+// ascending by signer address — the on-chain `_verifyQuorum` rejects
+// out-of-order or duplicate signers.
+//
+// Slot types (phase 6f.4):
+//   v == 27 || v == 28  → EcdsaSlot         (EOA ECDSA, no tail)
+//   v == 31..34         → EcdsaSlot         (eth_sign-wrapped ECDSA, no tail)
+//   v == 1              → ApprovedHashSlot  (pre-approved hash; r = signer)
+//   v == 0              → ContractSigSlot   (ERC-1271; r = signer, s = tail offset)
+//   v == 2              → PasskeySlot       (WebAuthn; r = PIA, s = tail offset)
+//
+// All callers should compose slots via the typed constructors below and
+// then pass the array to `packQuorumSigs`.
+import { concat, encodeAbiParameters, keccak256, padHex, toHex, } from 'viem';
+function slotSigner(slot) {
+    if (slot.type === 'passkey')
+        return slot.pia;
+    return slot.signer;
+}
+const ASSERTION_COMPONENTS = [
+    { name: 'authenticatorData', type: 'bytes' },
+    { name: 'clientDataJSON', type: 'string' },
+    { name: 'challengeIndex', type: 'uint256' },
+    { name: 'typeIndex', type: 'uint256' },
+    { name: 'r', type: 'uint256' },
+    { name: 's', type: 'uint256' },
+    { name: 'credentialIdDigest', type: 'bytes32' },
+];
+/**
+ * Encode a v=2 passkey slot's tail body as `abi.encode(uint256 x,
+ * uint256 y, WebAuthnLib.Assertion assertion)` — the shape
+ * `SignatureSlotRecovery.recoverFromSlot` decodes for v=2 slots.
+ */
+export function encodePasskeyTailBody(x, y, assertion) {
+    return encodeAbiParameters([
+        { type: 'uint256' },
+        { type: 'uint256' },
+        { type: 'tuple', components: ASSERTION_COMPONENTS },
+    ], [x, y, assertion]);
+}
+/**
+ * Pack a sorted set of slots into the bytes blob CustodyPolicy expects.
+ * Slot encoding follows Safe's convention; dynamic tails (v=0 + v=2)
+ * are appended after the slot table.
+ *
+ * Layout:
+ *   [slot 0 (65)] … [slot N (65)] [len0 (32)] [blob0] … [lenK (32)] [blobK]
+ */
+export function packQuorumSigs(slots) {
+    if (slots.length === 0) {
+        throw new Error('packQuorumSigs: at least one slot required');
+    }
+    const sorted = [...slots].sort((a, b) => slotSigner(a).toLowerCase() < slotSigner(b).toLowerCase() ? -1 : 1);
+    for (let i = 1; i < sorted.length; i++) {
+        if (slotSigner(sorted[i]).toLowerCase() === slotSigner(sorted[i - 1]).toLowerCase()) {
+            throw new Error(`packQuorumSigs: duplicate signer ${slotSigner(sorted[i])}`);
+        }
+    }
+    const slotBytesTotal = 65 * sorted.length;
+    const slotFragments = [];
+    const tailFragments = [];
+    let runningOffset = slotBytesTotal;
+    for (const slot of sorted) {
+        if (slot.type === 'ecdsa') {
+            if (slot.signature.length !== 2 + 65 * 2) {
+                throw new Error(`packQuorumSigs: ECDSA signature must be 65 bytes`);
+            }
+            slotFragments.push(slot.signature);
+        }
+        else if (slot.type === 'approved-hash') {
+            const r = padHex(slot.signer, { size: 32 });
+            const s = padHex('0x00', { size: 32 });
+            slotFragments.push(concat([r, s, '0x01']));
+        }
+        else if (slot.type === 'contract-sig') {
+            const r = padHex(slot.signer, { size: 32 });
+            const s = padHex(toHex(BigInt(runningOffset)), { size: 32 });
+            slotFragments.push(concat([r, s, '0x00']));
+            const blobBytes = (slot.signatureBlob.length - 2) / 2;
+            tailFragments.push(concat([padHex(toHex(BigInt(blobBytes)), { size: 32 }), slot.signatureBlob]));
+            runningOffset += 32 + blobBytes;
+        }
+        else {
+            const r = padHex(slot.pia, { size: 32 });
+            const s = padHex(toHex(BigInt(runningOffset)), { size: 32 });
+            slotFragments.push(concat([r, s, '0x02']));
+            const blob = encodePasskeyTailBody(slot.x, slot.y, slot.assertion);
+            const blobBytes = (blob.length - 2) / 2;
+            tailFragments.push(concat([padHex(toHex(BigInt(blobBytes)), { size: 32 }), blob]));
+            runningOffset += 32 + blobBytes;
+        }
+    }
+    return concat([...slotFragments, ...tailFragments]);
+}
+/**
+ * Derive a Passkey-Identity-Address from a P-256 public key. Mirrors
+ * `AgentAccount.passkeyIdentity` exactly so off-chain code can compute
+ * the same address without a chain call.
+ */
+export function passkeyIdentity(x, y) {
+    const packed = encodeAbiParameters([{ type: 'uint256' }, { type: 'uint256' }], [x, y]);
+    const hash = keccak256(packed);
+    return (`0x${hash.slice(-40)}`);
+}
+//# sourceMappingURL=quorum-slots.js.map

package/dist/quorum-slots.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"quorum-slots.js","sourceRoot":"","sources":["../src/quorum-slots.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,EAAE;AACF,yEAAyE;AACzE,yEAAyE;AACzE,yEAAyE;AACzE,iEAAiE;AACjE,qEAAqE;AACrE,qCAAqC;AACrC,EAAE;AACF,2BAA2B;AAC3B,iEAAiE;AACjE,8EAA8E;AAC9E,4EAA4E;AAC5E,oFAAoF;AACpF,iFAAiF;AACjF,EAAE;AACF,wEAAwE;AACxE,2CAA2C;AAE3C,OAAO,EACL,MAAM,EACN,mBAAmB,EACnB,SAAS,EACT,MAAM,EACN,KAAK,GAGN,MAAM,MAAM,CAAC;AA8Cd,SAAS,UAAU,CAAC,IAAgB;IAClC,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC,GAAG,CAAC;IAC7C,OAAO,IAAI,CAAC,MAAM,CAAC;AACrB,CAAC;AAED,MAAM,oBAAoB,GAAG;IAC3B,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,OAAO,EAAE;IAC5C,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,QAAQ,EAAE;IAC1C,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,SAAS,EAAE;IAC3C,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE;IACtC,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE;IAC9B,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE;IAC9B,EAAE,IAAI,EAAE,oBAAoB,EAAE,IAAI,EAAE,SAAS,EAAE;CACvC,CAAC;AAEX;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CACnC,CAAS,EACT,CAAS,EACT,SAA4B;IAE5B,OAAO,mBAAmB,CACxB;QACE,EAAE,IAAI,EAAE,SAAS,EAAE;QACnB,EAAE,IAAI,EAAE,SAAS,EAAE;QACnB,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE;KACpD,EACD,CAAC,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,CAClB,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAAC,KAA4B;IACzD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACtC,UAAU,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACnE,CAAC;IACF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,CAAC,WAAW,EAAE,KAAK,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YACtF,MAAM,IAAI,KAAK,CAAC,oCAAoC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC;IAC1C,MAAM,aAAa,GAAU,EAAE,CAAC;IAChC,MAAM,aAAa,GAAU,EAAE,CAAC;IAEhC,IAAI,aAAa,GAAG,cAAc,CAAC;IACnC,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC1B,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;YACtE,CAAC;YACD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACrC,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YACzC,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YACvC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,MAAa,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YACxC,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YAC7D,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,MAAa,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACtD,aAAa,CAAC,IAAI,CAChB,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAC7E,CAAC;YACF,aAAa,IAAI,EAAE,GAAG,SAAS,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YACzC,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YAC7D,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,MAAa,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACxC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YACnF,aAAa,IAAI,EAAE,GAAG,SAAS,CAAC;QAClC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,CAAC,GAAG,aAAa,EAAE,GAAG,aAAa,CAAC,CAAC,CAAC;AACtD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,CAAS,EAAE,CAAS;IAClD,MAAM,MAAM,GAAG,mBAAmB,CAChC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAC1C,CAAC,CAAC,EAAE,CAAC,CAAC,CACP,CAAC;IACF,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC/B,OAAO,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAY,CAAC;AAC7C,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,63 @@
+import type { Address } from 'viem';
+/**
+ * A Custodian is a Smart Agent (typically a Person Smart Agent) that
+ * holds custody authority over another Smart Agent. Member of a
+ * CustodyCouncil. Authorizes scheduled custody changes via m-of-n
+ * approvals.
+ */
+export interface Custodian {
+    address: Address;
+    /** Optional label for UI ("Alice", "Bob's iPhone passkey"). */
+    label?: string;
+}
+/**
+ * A Trustee is a Smart Agent that holds recovery authority. Distinct
+ * from Custodian — trustees only act when the routine custody set is
+ * unavailable (lost passkeys, compromised custodians). T6 recovery
+ * quorum.
+ */
+export interface Trustee {
+    address: Address;
+    label?: string;
+}
+/**
+ * The set of Custodians for a given Smart Agent + the per-tier
+ * approvals-required count + per-tier safety-delay seconds.
+ */
+export interface CustodyCouncil {
+    custodians: Custodian[];
+    approvalsRequiredByTier: Record<1 | 2 | 3 | 4 | 5 | 6, number>;
+    safetyDelayByTierSeconds: Record<1 | 2 | 3 | 4 | 5 | 6, number>;
+}
+/**
+ * A queued custody change awaiting its safety delay + approvals. The
+ * on-chain record is keyed by (account, changeId). The off-chain mirror
+ * is what the UI shows on the "pending changes" tab.
+ */
+export interface ScheduledChange {
+    account: Address;
+    changeId: bigint;
+    action: number;
+    args: `0x${string}`;
+    proposedAtUnix: number;
+    etaUnix: number;
+    proposer: Address;
+    executed: boolean;
+    cancelled: boolean;
+}
+/** Custody policy posture for an account. */
+export type CustodyMode = 'single' | 'hybrid' | 'threshold' | 'org';
+export declare const CUSTODY_MODE_BY_INDEX: Record<0 | 1 | 2 | 3, CustodyMode>;
+/**
+ * Tier ids used across the custody surface. Mirrors spec 207 § 5.
+ *
+ *   T1 Read    — view methods, never gated
+ *   T2 Write   — low-value mutating calls (data updates)
+ *   T3 Value   — value transfers below the high-value ceiling
+ *   T4 Admin   — most custody changes (Add/Remove Custodian, Add/Remove
+ *                Trustee, ChangeCustodyMode)
+ *   T5 Critical — system updates (ApplySystemUpdate, Rotate*Manager)
+ *   T6 Recovery — RecoverAccount, gated by trustees, longer safety delay
+ */
+export type RiskTier = 1 | 2 | 3 | 4 | 5 | 6;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAEpC;;;;;GAKG;AACH,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,+DAA+D;IAC/D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,MAAM,WAAW,OAAO;IACtB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,uBAAuB,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;IAC/D,wBAAwB,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;CACjE;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,6CAA6C;AAC7C,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,QAAQ,GAAG,WAAW,GAAG,KAAK,CAAC;AAEpE,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,WAAW,CAKpE,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC"}

package/dist/types.js

@@ -0,0 +1,10 @@
+// Custody-layer domain types. Mirrors the ontology in
+// docs/ontology/ap-custody.ttl (spec 213 § 2.5). These are pure data
+// shapes — no chain access.
+export const CUSTODY_MODE_BY_INDEX = {
+    0: 'single',
+    1: 'hybrid',
+    2: 'threshold',
+    3: 'org',
+};
+//# sourceMappingURL=types.js.map