@agenticprimitives/contracts 0.1.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (84) hide show
  1. package/AUDIT.md +67 -0
  2. package/CLAUDE.md +40 -0
  3. package/LICENSE +21 -0
  4. package/README.md +45 -0
  5. package/deployments-anvil.json +1 -0
  6. package/deployments-base-sepolia.json +1 -0
  7. package/dist/abi/AgentNameAttributeResolver.json +798 -0
  8. package/dist/abi/AgentNamePredicates.json +1 -0
  9. package/dist/abi/AgentNameRegistry.json +826 -0
  10. package/dist/abi/AgentNameUniversalResolver.json +222 -0
  11. package/dist/abi/AgentProfilePredicates.json +1 -0
  12. package/dist/abi/AgentProfileResolver.json +1044 -0
  13. package/dist/abi/AgentRelationship.json +583 -0
  14. package/dist/abi/AgentRelationshipPredicates.json +1 -0
  15. package/dist/abi/AgenticGovernance.json +259 -0
  16. package/dist/abi/AllowedMethodsEnforcer.json +108 -0
  17. package/dist/abi/AllowedTargetsEnforcer.json +103 -0
  18. package/dist/abi/ApprovedHashRegistry.json +114 -0
  19. package/dist/abi/AttributeStorage.json +557 -0
  20. package/dist/abi/CaveatEnforcerBase.json +130 -0
  21. package/dist/abi/GovernanceManaged.json +43 -0
  22. package/dist/abi/IAttributeReader.json +98 -0
  23. package/dist/abi/ICaveatEnforcer.json +98 -0
  24. package/dist/abi/IDelegationManager.json +211 -0
  25. package/dist/abi/IERC7579Module.json +34 -0
  26. package/dist/abi/IERC7579ModuleLifecycle.json +60 -0
  27. package/dist/abi/IGovernanceView.json +34 -0
  28. package/dist/abi/MultiSendCallOnly.json +29 -0
  29. package/dist/abi/MultiSendCallOnlyHarness.json +42 -0
  30. package/dist/abi/OntologyTermRegistry.json +397 -0
  31. package/dist/abi/P256Verifier.json +1 -0
  32. package/dist/abi/PermissionlessSubregistry.json +207 -0
  33. package/dist/abi/RelationshipTypeRegistry.json +455 -0
  34. package/dist/abi/ShapeRegistry.json +627 -0
  35. package/dist/abi/SmartAgentModuleTypes.json +1 -0
  36. package/dist/abi/TimestampEnforcer.json +108 -0
  37. package/dist/abi/ValueEnforcer.json +103 -0
  38. package/dist/abi/WebAuthnLib.json +1 -0
  39. package/dist/abi/index.d.ts +35 -0
  40. package/dist/abi/index.js +35 -0
  41. package/package.json +48 -0
  42. package/spec.md +52 -0
  43. package/src/AgentAccount.sol +1374 -0
  44. package/src/AgentAccountFactory.sol +274 -0
  45. package/src/ApprovedHashRegistry.sol +57 -0
  46. package/src/IAgentAccount.sol +138 -0
  47. package/src/SmartAgentPaymaster.sol +281 -0
  48. package/src/UniversalSignatureValidator.sol +136 -0
  49. package/src/agency/DelegationManager.sol +374 -0
  50. package/src/agency/ICaveatEnforcer.sol +62 -0
  51. package/src/agency/IDelegationManager.sol +69 -0
  52. package/src/custody/CustodyPolicy.sol +892 -0
  53. package/src/custody/IERC7579Module.sol +60 -0
  54. package/src/enforcers/AllowedMethodsEnforcer.AUDIT.md +51 -0
  55. package/src/enforcers/AllowedMethodsEnforcer.sol +48 -0
  56. package/src/enforcers/AllowedTargetsEnforcer.AUDIT.md +49 -0
  57. package/src/enforcers/AllowedTargetsEnforcer.sol +44 -0
  58. package/src/enforcers/CaveatEnforcerBase.sol +19 -0
  59. package/src/enforcers/QuorumEnforcer.AUDIT.md +71 -0
  60. package/src/enforcers/QuorumEnforcer.sol +191 -0
  61. package/src/enforcers/TimestampEnforcer.AUDIT.md +50 -0
  62. package/src/enforcers/TimestampEnforcer.sol +43 -0
  63. package/src/enforcers/ValueEnforcer.AUDIT.md +51 -0
  64. package/src/enforcers/ValueEnforcer.sol +41 -0
  65. package/src/governance/AgenticGovernance.sol +140 -0
  66. package/src/governance/GovernanceManaged.sol +75 -0
  67. package/src/governance/IGovernance.sol +15 -0
  68. package/src/identity/AgentProfilePredicates.sol +40 -0
  69. package/src/identity/AgentProfileResolver.sol +194 -0
  70. package/src/libraries/MultiSendCallOnly.sol +95 -0
  71. package/src/libraries/P256Verifier.sol +47 -0
  72. package/src/libraries/SignatureSlotRecovery.sol +196 -0
  73. package/src/libraries/WebAuthnLib.sol +164 -0
  74. package/src/naming/AgentNameAttributeResolver.sol +95 -0
  75. package/src/naming/AgentNamePredicates.sol +74 -0
  76. package/src/naming/AgentNameRegistry.sol +362 -0
  77. package/src/naming/AgentNameUniversalResolver.sol +210 -0
  78. package/src/naming/PermissionlessSubregistry.sol +98 -0
  79. package/src/ontology/AttributeStorage.sol +289 -0
  80. package/src/ontology/OntologyTermRegistry.sol +146 -0
  81. package/src/ontology/ShapeRegistry.sol +240 -0
  82. package/src/relationships/AgentRelationship.sol +289 -0
  83. package/src/relationships/AgentRelationshipPredicates.sol +44 -0
  84. package/src/relationships/RelationshipTypeRegistry.sol +143 -0
package/AUDIT.md ADDED
@@ -0,0 +1,67 @@
1
+ # `@agenticprimitives/contracts` — Security & Architecture Audit
2
+
3
+ **Status:** alpha (Base Sepolia testnet only)
4
+ **Last refreshed:** 2026-05-30
5
+ **Owners:** contracts package CODEOWNERS
6
+ **System audit cross-reference:** [docs/audits/2026-05-packages-contracts-production-readiness.md](../../docs/audits/2026-05-packages-contracts-production-readiness.md)
7
+
8
+ ## 1. Charter
9
+
10
+ This package ships the **on-chain enforcement layer** for the agenticprimitives stack:
11
+
12
+ - `AgentAccount.sol` + `AgentAccountFactory.sol` — ERC-4337 Smart Agent core (UUPS-upgradeable, ERC-7579 module-host, ERC-1271 verifier, WebAuthn-supporting).
13
+ - `agency/DelegationManager.sol` + `enforcers/*` — scoped ERC-7710 delegation with on-chain caveat enforcement (AllowedTargets, AllowedMethods, Timestamp, Value, Quorum).
14
+ - `custody/CustodyPolicy.sol` — multi-sig custodian / guardian quorum + scheduled-action machinery (spec 213 carve-out).
15
+ - `SmartAgentPaymaster.sol` — ERC-4337 paymaster with three validation modes (dev / allowlist / verifying).
16
+ - `naming/{AgentNameRegistry, PermissionlessSubregistry, AgentNameUniversalResolver}.sol` — `.agent` TLD + ENSv2-style resolver.
17
+ - `identity/AgentProfileResolver.sol` — ERC-1056-style profile / AgentCard facet resolver.
18
+ - `ontology/{OntologyTermRegistry, ShapeRegistry, AttributeStorage}.sol` — SHACL shape + JSON-LD predicate registries.
19
+ - `relationships/AgentRelationship.sol` — public on-chain edge model (⚠ Privacy Fork — see EXT-019; **mark experimental**).
20
+ - `libraries/{WebAuthnLib, P256Verifier, SignatureSlotRecovery, MultiSendCallOnly}.sol` — security-critical primitives.
21
+ - `UniversalSignatureValidator.sol` — single sig entrypoint per spec 214 SB-4.
22
+ - `ApprovedHashRegistry.sol` — v=1 pre-approved hash signature path.
23
+
24
+ Deployments JSON per network: `deployments-base-sepolia.json`, `deployments-anvil.json`.
25
+
26
+ ## 2. Security invariants (DO NOT BREAK)
27
+
28
+ 1. **EIP-712 typehashes byte-match the off-chain TS constants.** Test: `test/cross-stack/typehash.t.sol` + TS-side `test/cross-stack/typehash.test.ts` (H7-D.9 — not yet wired).
29
+ 2. **`AgentAccount` storage uses ERC-7201 namespaced slots + 50-slot gap.** Storage-layout snapshot test gates upgrades (H7-C.6).
30
+ 3. **WebAuthn assertion verification pins RP-ID + UP flag.** Currently MISSING — CON-WEBAUTHN-001 / H7-C.1.
31
+ 4. **P256Verifier dispatcher rejects silent Daimo fallback.** Currently MISSING — CON-P256-001 / H7-C.2.
32
+ 5. **`SignatureSlotRecovery` bounds-checks `v=0` and `v=2` slots.** Currently MISSING — CON-SIG-SLOT-001/-002 / H7-C.3.
33
+ 6. **`AgentNameRegistry.initializeRoot` cannot be frontrun.** Currently MISSING — CON-NAMING-001 / H7-C.4.
34
+ 7. **`DelegationManager.redeemDelegation` is `nonReentrant`.** SC5 §6.2 closed.
35
+ 8. **Factory + Paymaster governance is the timelock + multisig, not a deployer EOA.** Currently MISSING — CON-DEPLOY-001 / H7-C.9 + EXT3-009.
36
+ 9. **Pause surfaces on critical paths.** Currently NOT WIRED — EXT3-010 / H7-C.10.
37
+
38
+ ## 3. Public API surface (audit scope)
39
+
40
+ All `*.sol` files under `src/` + the JSON ABIs published under `dist/abi/`. Consumers MUST import ABIs via the npm-published `@agenticprimitives/contracts/abi` subpath, NOT by reading `out/` directly.
41
+
42
+ ## 4. Known findings (cross-reference to system audit)
43
+
44
+ See [docs/audits/2026-05-packages-contracts-production-readiness.md](../../docs/audits/2026-05-packages-contracts-production-readiness.md) §3 (Per-contract findings) + §4 (Cross-cutting).
45
+
46
+ **High-severity open:**
47
+ - CON-WEBAUTHN-001, CON-P256-001, CON-NAMING-001, CON-SIG-SLOT-001/-002, CON-DEPLOY-001, CON-FACTORY-001, XCON-001 (coverage 59% aggregate, well below external-audit firm bar), XCON-002 (`--via-ir` stack-too-deep blocks faithful coverage), XCON-002-sec (no system-wide pause), EXT3-009 (no standardized governance), EXT3-010 (pause surfaces unwired).
48
+
49
+ ## 5. Test posture
50
+
51
+ - `forge test`: 358/358 pass at the time of the H7 audit.
52
+ - `forge coverage --ir-minimum`: 59% lines / 55% statements / 46% branches aggregate. Below external-audit floor on AgentAccount (55%), DelegationManager (42%), CustodyPolicy (70%/30%), Paymaster (52%), WebAuthnLib (16%), P256Verifier (0% direct).
53
+ - Missing: fuzz suites for enforcer composition + WebAuthn malleability + QuorumEnforcer adversarial sigs.
54
+ - Missing: storage-layout snapshot tests.
55
+ - Missing: cross-stack typehash equality test.
56
+
57
+ ## 6. Pre-publication checklist
58
+
59
+ - [x] License + AUDIT.md + LICENSE + publishConfig.access=public (H7-A.2).
60
+ - [x] Extracted as `@agenticprimitives/contracts` (H7-A.2 / EXT3-001).
61
+ - [ ] WebAuthn / P-256 / SignatureSlot / Naming hardening (H7-C.1..C.4).
62
+ - [ ] Coverage ≥ 85%/75% on every load-bearing contract (H7-D).
63
+ - [ ] Storage-layout snapshots committed (H7-C.6).
64
+ - [ ] Cross-stack typehash test green (H7-D.9).
65
+ - [ ] Governance pattern: Safe + Timelock(24h); deployer EOA renounces (H7-C.9 / EXT3-009).
66
+ - [ ] Pause surfaces wired (H7-C.10 / EXT3-010).
67
+ - [ ] One external Solidity audit firm engagement.
package/CLAUDE.md ADDED
@@ -0,0 +1,40 @@
1
+ # contracts — Claude guide
2
+
3
+ ## What this app is
4
+
5
+ Foundry workspace for the demo contracts. Contracts are the enforcement layer
6
+ for AgentAccount, custody policy, delegation manager/enforcers, naming,
7
+ identity, and relationship experiments.
8
+
9
+ ## What this app owns
10
+
11
+ - Solidity contract source in `src/`.
12
+ - Foundry tests in `test/`.
13
+ - Deployment scripts and deployment JSON.
14
+ - Contract ABIs consumed by packages and demos.
15
+
16
+ ## What this app does not own
17
+
18
+ - TypeScript SDK behavior → `packages/*`.
19
+ - Browser/Worker wiring → `apps/demo-*`.
20
+ - Product-level decisions → `specs/2XX-*.md`.
21
+ - Generated artifacts as review context → `out/`, `cache/`, `broadcast/`.
22
+
23
+ ## Read These First
24
+
25
+ 1. Relevant `../../specs/2XX-*.md` for the capability.
26
+ 2. `src/AgentAccount.sol` for account-core changes.
27
+ 3. `src/custody/CustodyPolicy.sol` for custody/recovery changes.
28
+ 4. `src/agency/DelegationManager.sol` and `src/enforcers/` for delegation changes.
29
+ 5. `script/Deploy.s.sol` for deployment wiring.
30
+
31
+ ## Validate
32
+
33
+ ```bash
34
+ pnpm --filter @agenticprimitives-demo/contracts build
35
+ pnpm --filter @agenticprimitives-demo/contracts test
36
+ ```
37
+
38
+ ## Generated Files
39
+
40
+ `out/`, `cache/`, `broadcast/`, `node_modules/`.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Agentic Trust Labs
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,45 @@
1
+ # packages/contracts — demo contracts
2
+
3
+ Solidity contracts for the agenticprimitives demo. **Vendored minimum** from [`smart-agent/packages/contracts/`](https://github.com/agentictrustlabs/smart-agent/tree/003-intent-marketplace-proposal/packages/contracts). Just the contracts needed to demonstrate the end-to-end flow:
4
+
5
+ - `AgentAccount.sol` — ERC-4337 smart account (UUPS upgradeable, owner-based, ERC-1271)
6
+ - `AgentAccountFactory.sol` — CREATE2 factory for deterministic addressing
7
+ - `DelegationManager.sol` — delegation registry + revocation
8
+ - `ICaveatEnforcer.sol` + `enforcers/*` — the four enforcers our demo uses (Timestamp, AllowedTargets, AllowedMethods, Value)
9
+
10
+ Not vendored (out of scope for demo): passkey validators, paymaster, naming registry, the marketplace/funding contracts, ontology, governance, etc. Those live in smart-agent.
11
+
12
+ > **Status:** contracts not yet vendored in this commit. The `src/` directory is empty; vendoring lands in a follow-up commit. This commit ships the foundry scaffold so the structure is in place.
13
+
14
+ ## Setup
15
+
16
+ First time only:
17
+
18
+ ```bash
19
+ bash setup.sh # clones OpenZeppelin, forge-std, account-abstraction into lib/
20
+ forge build
21
+ ```
22
+
23
+ `setup.sh` is idempotent. It clones into `lib/` (gitignored) rather than using `git submodule add` so this repo doesn't take a submodule dependency.
24
+
25
+ ## Deploy to Anvil
26
+
27
+ ```bash
28
+ # Start Anvil in another terminal
29
+ anvil
30
+
31
+ # Then in this directory:
32
+ pnpm deploy:anvil
33
+ ```
34
+
35
+ Writes deployed addresses to `deployments-anvil.json`. The other demo apps (`apps/demo-web`, `apps/demo-a2a`, `apps/demo-mcp`) read this file on startup.
36
+
37
+ ## Deploy to Base Sepolia
38
+
39
+ ```bash
40
+ export BASE_SEPOLIA_RPC=https://sepolia.base.org
41
+ export PRIVATE_KEY=0x... # funded deployer
42
+ pnpm deploy:base-sepolia
43
+ ```
44
+
45
+ Writes to `deployments-base-sepolia.json`. The CI/Vercel/Fly deploy reads this. Demo idle cost: ~$0.
package/deployments-anvil.json ADDED
@@ -0,0 +1 @@
1
+ {"agentAccountFactory":"0xCf7Ed3AccA5a467e9e704C703E8D87F634fB0Fc9","agentAccountImplementation":"0xd8058efe0198ae9dD7D563e1b4938Dcbc86A1F81","agentNameRegistry":"0x9A676e781A523b5d0C0e43731313A708CB607508","agentNameResolver":"0x0B306BF915C4d645ff596e518fAf3F9669b97016","agentNameUniversalResolver":"0x959922bE3CAee4b8Cd9a407cc3ac1C251C2007B1","agentProfileResolver":"0x9E545E3C0baAB3E08CdfD552C960A1050f373042","agentRelationship":"0x7a2088a1bFc9d81c55368AE168C2C02570cB814F","allowedMethodsEnforcer":"0x0165878A594ca255338adfa4d48449f69242Eb8F","allowedTargetsEnforcer":"0x5FC8d32690cc91D4c39d9d3abcBD16989F875707","approvedHashRegistry":"0x8A791620dd6260079BF849Dc5567aDC3F2FdC318","chainId":31337,"custodyPolicy":"0x9fE46736679d2D9a65F0992F2272dE9f3c7fa6e0","delegationManager":"0xe7f1725E7734CE288F8367e1Bb143E90bb3F0512","deployer":"0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266","entryPoint":"0x5FbDB2315678afecb367f032d93F642f64180aa3","ontologyTermRegistry":"0xA51c1fc2f0D1a1b8494Ed1FE312d7C3a78Ed91C0","permissionlessSubregistry":"0x322813Fd9A801c5507c9de605d63CEA4f2CE6c44","quorumEnforcer":"0x2279B7A0a67DB372996a5FaB50D91eAA73d2eBe6","relationshipTypeRegistry":"0x4A679253410272dd5232B3Ff7cF5dbB88f295319","shapeRegistry":"0x0DCd1Bf9A1b36cE34237eEaFef220932846BCD82","smartAgentPaymaster":"0x610178dA211FEF7D417bC0e6FeD39F05609AD788","timestampEnforcer":"0xDc64a140Aa3E981100a9becA4E685f962f0cF6C9","universalSignatureValidator":"0xB7f8BC63BbcaD18155201308C8f3540b07f84F5e","valueEnforcer":"0xa513E6E4b8f2a923D98304ec87F64353C4D5C853"}
package/deployments-base-sepolia.json ADDED
@@ -0,0 +1 @@
1
+ {"agentAccountFactory":"0x7Aac638824014210349497440D3CE631A95b466c","agentAccountImplementation":"0x235FD455040874B224A671456DA06221868a9CA1","agentNameRegistry":"0xE9Bf4f67701Ba6eD7843b9848c3fe0C6e0212427","agentNameResolver":"0x6EB256475EeC2B6A64a2a2b4dC0D23718c8e6fD8","agentNameUniversalResolver":"0xb66a4829606C4E1C5eB424314b681343c747b4B2","agentProfileResolver":"0xe899C0Cca981e3e5dA44e8E0d8f1f447436cb773","agentRelationship":"0xB85BA211d6528BE2561a41b629537e5054B648DF","allowedMethodsEnforcer":"0x0229763ACb6AAaC5e99DFf20d0c44B6E34D5503D","allowedTargetsEnforcer":"0xe16f0185348283574500a6721A91526ec27da83f","approvedHashRegistry":"0x51cad9dBd1437CaC53604750c09ffD3745f6cA6a","chainId":84532,"custodyPolicy":"0xfdbCB192182712C996a1Ed2FB74D0FE6e7d9db26","delegationManager":"0xaEb6191FFa086a0288A6367eC5D816344A6089f2","deployer":"0x31ed17fb99e82E02085Ab4B3cbdaB05489098b44","entryPoint":"0x094700EB9F743F462b0E59a68084d6be56F3Ed96","ontologyTermRegistry":"0x79964Fb5475F1Acf5865613Ce32de22D5E3964B6","permissionlessSubregistry":"0xC5060624c6C8Ed9E453b6693111eC8f40eDe8110","quorumEnforcer":"0x1DED75C0E7e12C59305130dC43AAE3C08E1f66AF","relationshipTypeRegistry":"0x3954E220166fd3BDE53D283ebE13FfC9Be84fF46","shapeRegistry":"0x5071d2c6Fc351acD44766dd69dBbC2760567FEb8","smartAgentPaymaster":"0x2b825942d733B72DeD8125EBec022b39F16EB6d3","timestampEnforcer":"0xb164Cc23A37b7EB84b2788F8906C506b12EFEc99","universalSignatureValidator":"0x1a8740E1590aA71306F2b611b9cBE3A00D449732","valueEnforcer":"0xeC1365428bbF42Ab8dEE80a3C1aba21Fc3014f60"}