@agenticprimitives/delegation 0.1.0-alpha.2

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Agentic Trust Labs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,46 @@
+# @agenticprimitives/delegation
+
+EIP-712 smart-account delegations spanning web app → agent → MCP. **Now also owns session lifecycle** — `SessionManager` binds a delegation to its session-signing key, persisted via `@agenticprimitives/key-custody` envelope encryption.
+
+See [`spec.md`](./spec.md) → [`specs/202-delegation.md`](../../specs/202-delegation.md) for the full contract: 8 on-chain enforcers, 3 off-chain sentinels, token envelope, cross-delegation, two session variants.
+
+## Quick start
+
+Browser (issuance):
+```ts
+import { DelegationClient, buildMcpToolScopeCaveat, encodeTimestampTerms, buildCaveat } from '@agenticprimitives/delegation';
+
+const client = new DelegationClient({ signer, smartAccount, chainId, delegationManager });
+const delegation = await client.issueDelegation({
+  delegate: sessionKeyAddress,
+  caveats: [
+    buildCaveat(enforcers.timestamp, encodeTimestampTerms(now, now + 86400)),
+    buildMcpToolScopeCaveat(['get_profile', 'update_profile']),
+  ],
+});
+```
+
+Node (session lifecycle):
+```ts
+import { SessionManager } from '@agenticprimitives/delegation';
+
+const sessions = new SessionManager({ keyCustody, store, accountClient });
+const { sessionId, sessionKeyAddress } = await sessions.init(userAccount, chainId);
+// ... user signs delegation, posts back ...
+await sessions.package(sessionId, signedDelegation);
+```
+
+Node (token mint + verify):
+```ts
+import { mintDelegationToken, verifyDelegationToken } from '@agenticprimitives/delegation';
+
+const { token } = await mintDelegationToken(claims, sessionAccount.signMessage);
+// At the MCP:
+const result = await verifyDelegationToken(token, { chainId, delegationManager, rpcUrl, audience, enforcerMap, jtiStore });
+if ('error' in result) throw new Error(result.error);
+const { principal, grants } = result;
+```
+
+## Status
+
+Pre-alpha. Spec stable.

package/dist/caveats.d.ts

@@ -0,0 +1,50 @@
+import { type Hex, type Address } from 'viem';
+import type { Caveat, DataScopeGrant } from './types';
+export declare const MCP_TOOL_SCOPE_ENFORCER: Address;
+export declare const DATA_SCOPE_ENFORCER: Address;
+export declare const DELEGATE_BINDING_ENFORCER: Address;
+export declare function buildCaveat(enforcer: Address, terms: Hex, args?: Hex): Caveat;
+export declare function encodeTimestampTerms(validAfter: number, validUntil: number): Hex;
+export declare function encodeValueTerms(maxValue: bigint): Hex;
+export declare function encodeAllowedTargetsTerms(targets: Address[]): Hex;
+export declare function encodeAllowedMethodsTerms(selectors: Hex[]): Hex;
+export declare function buildMcpToolScopeCaveat(allowedTools: string[]): Caveat;
+export declare function buildDataScopeCaveat(grants: DataScopeGrant[]): Caveat;
+export declare function buildDelegateBindingCaveat(delegateSmartAccount: Address, delegatePersonAgent: Address): Caveat;
+export interface QuorumCaveatOpts {
+    /**
+     * Address of the deployed `QuorumEnforcer` contract for this chain.
+     * Read from `deployments-<network>.json` at the consumer-app layer
+     * — `@agenticprimitives/delegation` is chain-agnostic and never
+     * resolves addresses itself.
+     */
+    enforcer: Address;
+    /** Addresses authorized to participate in the quorum. Sorted by the
+     *  redeemer before signing (sorted-ascending is the anti-duplicate
+     *  scheme); order at issuance time is irrelevant. */
+    signers: Address[];
+    /** Minimum number of signatures required at redemption. Spec 207
+     *  § 5.1 default thresholds map naturally onto this value when the
+     *  caveat is attached to a T3+ delegation. */
+    threshold: number;
+    /** Optional `ApprovedHashRegistry` for the v=1 pre-approved-hash
+     *  signature path. Pass `0x0000…0` to forbid v=1 entirely. */
+    approvedHashRegistry: Address;
+}
+/**
+ * Build a `QuorumEnforcer` caveat. Pair with delegations whose
+ * `tool-policy.evaluateThresholdPolicy` decision has
+ * `requiresQuorum: true` (T3 Value and above). Without this caveat,
+ * `verifyDelegationToken({ requireQuorumForTier })` fails closed.
+ *
+ * Wire format of the terms blob exactly matches what
+ * `QuorumEnforcer.beforeHook` decodes:
+ *   abi.encode(address[] signerSet, uint8 threshold, address approvedHashRegistry)
+ *
+ * The redeem-time `args` are caller-supplied at execution time, not
+ * at issuance — `mcp-runtime.withDelegation` (6c.4) constructs them
+ * from the user's signed payload + signature blob and forwards them
+ * into the on-chain caveat evaluation.
+ */
+export declare function buildQuorumCaveat(opts: QuorumCaveatOpts): Caveat;
+//# sourceMappingURL=caveats.d.ts.map

package/dist/caveats.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"caveats.d.ts","sourceRoot":"","sources":["../src/caveats.ts"],"names":[],"mappings":"AAQA,OAAO,EAAuB,KAAK,GAAG,EAAE,KAAK,OAAO,EAAE,MAAM,MAAM,CAAC;AAEnE,OAAO,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAWtD,eAAO,MAAM,uBAAuB,EAAE,OAA2D,CAAC;AAClG,eAAO,MAAM,mBAAmB,EAAE,OAAuD,CAAC;AAC1F,eAAO,MAAM,yBAAyB,EAAE,OAA6D,CAAC;AAItG,wBAAgB,WAAW,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,GAAG,GAAG,MAAM,CAE7E;AAID,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,GAAG,CAWhF;AAED,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,GAAG,CAGtD;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,GAAG,CAGjE;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,GAAG,CAQ/D;AAID,wBAAgB,uBAAuB,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM,CAItE;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,CAgBrE;AAED,wBAAgB,0BAA0B,CACxC,oBAAoB,EAAE,OAAO,EAC7B,mBAAmB,EAAE,OAAO,GAC3B,MAAM,CAMR;AAWD,MAAM,WAAW,gBAAgB;IAC/B;;;;;OAKG;IACH,QAAQ,EAAE,OAAO,CAAC;IAClB;;yDAEqD;IACrD,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB;;kDAE8C;IAC9C,SAAS,EAAE,MAAM,CAAC;IAClB;kEAC8D;IAC9D,oBAAoB,EAAE,OAAO,CAAC;CAC/B;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,GAAG,MAAM,CAwBhE"}

package/dist/caveats.js

@@ -0,0 +1,116 @@
+// Caveat builders + ABI-encoded terms.
+//
+// Eight on-chain enforcers (TimestampEnforcer, ValueEnforcer, etc.) + three
+// off-chain sentinels (MCP_TOOL_SCOPE, DATA_SCOPE, DELEGATE_BINDING) whose
+// addresses are derived via keccak256('urn:smart-agent:<name>')[0:20]. The
+// sentinels never live on-chain; their semantics live in this package's
+// evaluator (off-chain only).
+import { encodeAbiParameters } from 'viem';
+import { keccak_256 } from '@noble/hashes/sha3';
+// ─── Off-chain sentinel addresses ────────────────────────────────────────
+function sentinelAddress(urn) {
+    const hash = keccak_256(new TextEncoder().encode(urn));
+    let hex = '0x';
+    for (const b of hash.slice(0, 20))
+        hex += b.toString(16).padStart(2, '0');
+    return hex;
+}
+export const MCP_TOOL_SCOPE_ENFORCER = sentinelAddress('urn:smart-agent:mcp-tool-scope');
+export const DATA_SCOPE_ENFORCER = sentinelAddress('urn:smart-agent:data-scope');
+export const DELEGATE_BINDING_ENFORCER = sentinelAddress('urn:smart-agent:delegate-binding');
+// ─── Generic caveat builder ──────────────────────────────────────────────
+export function buildCaveat(enforcer, terms, args) {
+    return { enforcer, terms, args: args ?? '0x' };
+}
+// ─── On-chain enforcer term encoders ─────────────────────────────────────
+export function encodeTimestampTerms(validAfter, validUntil) {
+    if (!Number.isInteger(validAfter) || validAfter < 0) {
+        throw new Error('encodeTimestampTerms: validAfter must be a non-negative integer');
+    }
+    if (!Number.isInteger(validUntil) || validUntil <= validAfter) {
+        throw new Error('encodeTimestampTerms: validUntil must be > validAfter');
+    }
+    return encodeAbiParameters([{ type: 'uint256' }, { type: 'uint256' }], [BigInt(validAfter), BigInt(validUntil)]);
+}
+export function encodeValueTerms(maxValue) {
+    if (maxValue < 0n)
+        throw new Error('encodeValueTerms: maxValue must be non-negative');
+    return encodeAbiParameters([{ type: 'uint256' }], [maxValue]);
+}
+export function encodeAllowedTargetsTerms(targets) {
+    if (targets.length === 0)
+        throw new Error('encodeAllowedTargetsTerms: at least one target required');
+    return encodeAbiParameters([{ type: 'address[]' }], [targets]);
+}
+export function encodeAllowedMethodsTerms(selectors) {
+    if (selectors.length === 0)
+        throw new Error('encodeAllowedMethodsTerms: at least one selector required');
+    for (const s of selectors) {
+        if (!/^0x[0-9a-fA-F]{8}$/.test(s)) {
+            throw new Error(`encodeAllowedMethodsTerms: selector "${s}" must be 4 bytes (0x + 8 hex chars)`);
+        }
+    }
+    return encodeAbiParameters([{ type: 'bytes4[]' }], [selectors]);
+}
+// ─── Off-chain sentinel caveat builders ──────────────────────────────────
+export function buildMcpToolScopeCaveat(allowedTools) {
+    if (allowedTools.length === 0)
+        throw new Error('buildMcpToolScopeCaveat: at least one tool required');
+    const terms = encodeAbiParameters([{ type: 'string[]' }], [allowedTools]);
+    return { enforcer: MCP_TOOL_SCOPE_ENFORCER, terms, args: '0x' };
+}
+export function buildDataScopeCaveat(grants) {
+    if (grants.length === 0)
+        throw new Error('buildDataScopeCaveat: at least one grant required');
+    const terms = encodeAbiParameters([
+        {
+            type: 'tuple[]',
+            components: [
+                { name: 'server', type: 'string' },
+                { name: 'resources', type: 'string[]' },
+                { name: 'fields', type: 'string[]' },
+            ],
+        },
+    ], [grants]);
+    return { enforcer: DATA_SCOPE_ENFORCER, terms, args: '0x' };
+}
+export function buildDelegateBindingCaveat(delegateSmartAccount, delegatePersonAgent) {
+    const terms = encodeAbiParameters([{ type: 'address' }, { type: 'address' }], [delegateSmartAccount, delegatePersonAgent]);
+    return { enforcer: DELEGATE_BINDING_ENFORCER, terms, args: '0x' };
+}
+/**
+ * Build a `QuorumEnforcer` caveat. Pair with delegations whose
+ * `tool-policy.evaluateThresholdPolicy` decision has
+ * `requiresQuorum: true` (T3 Value and above). Without this caveat,
+ * `verifyDelegationToken({ requireQuorumForTier })` fails closed.
+ *
+ * Wire format of the terms blob exactly matches what
+ * `QuorumEnforcer.beforeHook` decodes:
+ *   abi.encode(address[] signerSet, uint8 threshold, address approvedHashRegistry)
+ *
+ * The redeem-time `args` are caller-supplied at execution time, not
+ * at issuance — `mcp-runtime.withDelegation` (6c.4) constructs them
+ * from the user's signed payload + signature blob and forwards them
+ * into the on-chain caveat evaluation.
+ */
+export function buildQuorumCaveat(opts) {
+    if (!Array.isArray(opts.signers) || opts.signers.length === 0) {
+        throw new Error('buildQuorumCaveat: signers must be a non-empty array');
+    }
+    if (!Number.isInteger(opts.threshold) || opts.threshold < 1) {
+        throw new Error('buildQuorumCaveat: threshold must be an integer ≥ 1');
+    }
+    if (opts.threshold > opts.signers.length) {
+        throw new Error(`buildQuorumCaveat: threshold (${opts.threshold}) exceeds signer set size (${opts.signers.length})`);
+    }
+    if (opts.threshold > 255) {
+        throw new Error('buildQuorumCaveat: threshold exceeds uint8 bound (255)');
+    }
+    const terms = encodeAbiParameters([
+        { type: 'address[]' },
+        { type: 'uint8' },
+        { type: 'address' },
+    ], [opts.signers, opts.threshold, opts.approvedHashRegistry]);
+    return { enforcer: opts.enforcer, terms, args: '0x' };
+}
+//# sourceMappingURL=caveats.js.map

package/dist/caveats.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"caveats.js","sourceRoot":"","sources":["../src/caveats.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,EAAE;AACF,4EAA4E;AAC5E,2EAA2E;AAC3E,2EAA2E;AAC3E,wEAAwE;AACxE,8BAA8B;AAE9B,OAAO,EAAE,mBAAmB,EAA0B,MAAM,MAAM,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGhD,4EAA4E;AAE5E,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IACvD,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAAE,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC1E,OAAO,GAAc,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,MAAM,uBAAuB,GAAY,eAAe,CAAC,gCAAgC,CAAC,CAAC;AAClG,MAAM,CAAC,MAAM,mBAAmB,GAAY,eAAe,CAAC,4BAA4B,CAAC,CAAC;AAC1F,MAAM,CAAC,MAAM,yBAAyB,GAAY,eAAe,CAAC,kCAAkC,CAAC,CAAC;AAEtG,4EAA4E;AAE5E,MAAM,UAAU,WAAW,CAAC,QAAiB,EAAE,KAAU,EAAE,IAAU;IACnE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC;AACjD,CAAC;AAED,4EAA4E;AAE5E,MAAM,UAAU,oBAAoB,CAAC,UAAkB,EAAE,UAAkB;IACzE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,UAAU,IAAI,UAAU,EAAE,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,mBAAmB,CACxB,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAC1C,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CACzC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,IAAI,QAAQ,GAAG,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACtF,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,OAAkB;IAC1D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IACrG,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,SAAgB;IACxD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IACzG,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,sCAAsC,CAAC,CAAC;QACnG,CAAC;IACH,CAAC;IACD,OAAO,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;AAClE,CAAC;AAED,4EAA4E;AAE5E,MAAM,UAAU,uBAAuB,CAAC,YAAsB;IAC5D,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACtG,MAAM,KAAK,GAAG,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC;IAC1E,OAAO,EAAE,QAAQ,EAAE,uBAAuB,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AAClE,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,MAAwB;IAC3D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IAC9F,MAAM,KAAK,GAAG,mBAAmB,CAC/B;QACE;YACE,IAAI,EAAE,SAAS;YACf,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAClC,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,UAAU,EAAE;gBACvC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE;aACrC;SACF;KACF,EACD,CAAC,MAAM,CAAC,CACT,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,mBAAmB,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,0BAA0B,CACxC,oBAA6B,EAC7B,mBAA4B;IAE5B,MAAM,KAAK,GAAG,mBAAmB,CAC/B,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAC1C,CAAC,oBAAoB,EAAE,mBAAmB,CAAC,CAC5C,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,yBAAyB,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACpE,CAAC;AAgCD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAsB;IACtD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CACb,iCAAiC,IAAI,CAAC,SAAS,8BAA8B,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CACpG,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,KAAK,GAAG,mBAAmB,CAC/B;QACE,EAAE,IAAI,EAAE,WAAW,EAAE;QACrB,EAAE,IAAI,EAAE,OAAO,EAAE;QACjB,EAAE,IAAI,EAAE,SAAS,EAAE;KACpB,EACD,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,oBAAoB,CAAC,CAC1D,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACxD,CAAC"}

package/dist/client.d.ts

@@ -0,0 +1,18 @@
+import type { Address, Hex } from '@agenticprimitives/types';
+import type { Caveat, Delegation, DelegationClientOpts } from './types';
+export declare class DelegationClient {
+    private readonly opts;
+    constructor(opts: DelegationClientOpts);
+    /**
+     * Build a Delegation, sign it via the user's signer, return the fully
+     * populated struct. `delegator` = the smart account address; the signer
+     * is the smart account's owner EOA.
+     */
+    issueDelegation(params: {
+        delegate: Address;
+        caveats: Caveat[];
+        salt?: bigint;
+        authority?: Hex;
+    }): Promise<Delegation>;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAaxE,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAuB;gBAChC,IAAI,EAAE,oBAAoB;IAItC;;;;OAIG;IACG,eAAe,CAAC,MAAM,EAAE;QAC5B,QAAQ,EAAE,OAAO,CAAC;QAClB,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,SAAS,CAAC,EAAE,GAAG,CAAC;KACjB,GAAG,OAAO,CAAC,UAAU,CAAC;CA6BxB"}

package/dist/client.js

@@ -0,0 +1,57 @@
+// DelegationClient — browser-side issuance.
+//
+// Given a Signer (whose backing key is the smart account's owner EOA),
+// the user signs an EIP-712 Delegation message via signTypedData. The
+// resulting signature, paired with the Delegation struct, becomes a
+// fully-formed Delegation that the DelegationManager + ERC-1271 path on
+// the smart account can validate.
+import { ROOT_AUTHORITY } from './types';
+import { DELEGATION_EIP712_TYPES, delegationDomain } from './hash';
+function randomSalt() {
+    const buf = new Uint8Array(32);
+    // 32-byte random; high bit cleared to keep BigInt sign-safe (uint256 still has full range).
+    globalThis.crypto.getRandomValues(buf);
+    let n = 0n;
+    for (const b of buf)
+        n = (n << 8n) | BigInt(b);
+    return n;
+}
+export class DelegationClient {
+    opts;
+    constructor(opts) {
+        this.opts = opts;
+    }
+    /**
+     * Build a Delegation, sign it via the user's signer, return the fully
+     * populated struct. `delegator` = the smart account address; the signer
+     * is the smart account's owner EOA.
+     */
+    async issueDelegation(params) {
+        const salt = params.salt ?? randomSalt();
+        const authority = params.authority ?? ROOT_AUTHORITY;
+        const delegation = {
+            delegator: this.opts.smartAccount,
+            delegate: params.delegate,
+            authority,
+            caveats: params.caveats,
+            salt,
+        };
+        const signature = await this.opts.signer.signTypedData({
+            domain: delegationDomain(this.opts.chainId, this.opts.delegationManager),
+            types: DELEGATION_EIP712_TYPES,
+            primaryType: 'Delegation',
+            message: {
+                delegator: delegation.delegator,
+                delegate: delegation.delegate,
+                authority: delegation.authority,
+                caveats: delegation.caveats.map((c) => ({
+                    enforcer: c.enforcer,
+                    terms: c.terms,
+                })),
+                salt: delegation.salt,
+            },
+        });
+        return { ...delegation, signature };
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,EAAE;AACF,uEAAuE;AACvE,sEAAsE;AACtE,oEAAoE;AACpE,wEAAwE;AACxE,kCAAkC;AAIlC,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAEnE,SAAS,UAAU;IACjB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC/B,4FAA4F;IAC5F,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,MAAM,CAAC,IAAI,GAAG;QAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,OAAO,gBAAgB;IACV,IAAI,CAAuB;IAC5C,YAAY,IAA0B;QACpC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CAAC,MAKrB;QACC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,UAAU,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,cAAc,CAAC;QACrD,MAAM,UAAU,GAAkC;YAChD,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY;YACjC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS;YACT,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,IAAI;SACL,CAAC;QAEF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;YACrD,MAAM,EAAE,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC;YACxE,KAAK,EAAE,uBAAuB;YAC9B,WAAW,EAAE,YAAY;YACzB,OAAO,EAAE;gBACP,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,QAAQ,EAAE,UAAU,CAAC,QAAQ;gBAC7B,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACtC,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,KAAK,EAAE,CAAC,CAAC,KAAK;iBACf,CAAC,CAAC;gBACH,IAAI,EAAE,UAAU,CAAC,IAAI;aACtB;SACF,CAAC,CAAC;QAEH,OAAO,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,CAAC;IACtC,CAAC;CACF"}

package/dist/evaluator.d.ts

@@ -0,0 +1,15 @@
+import type { Caveat, CaveatContext, CaveatVerdict, EnforcerAddressMap, EvaluateOpts } from './types';
+/**
+ * Evaluate every caveat in the array. Returns one verdict per caveat,
+ * in input order. Caller decides what to do on the first deny.
+ *
+ * Unknown enforcer addresses produce a deny verdict. No exceptions.
+ *
+ * **H7-B.2:** in strict mode (the default) caveats that need a context field
+ * the caller didn't supply return `{ allowed: false, reason: 'context-required ...' }`.
+ * Callers who will redeem the delegation on-chain (where the enforcer DOES
+ * fire) can opt into permissive evaluation via `opts.enforceOnChain = true`.
+ * Off-chain gates (MCP / A2A / session-token verify) MUST stay in strict mode.
+ */
+export declare function evaluateCaveats(caveats: Caveat[], ctx: CaveatContext, enforcerMap: EnforcerAddressMap, opts?: EvaluateOpts): CaveatVerdict[];
+//# sourceMappingURL=evaluator.d.ts.map

package/dist/evaluator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluator.d.ts","sourceRoot":"","sources":["../src/evaluator.ts"],"names":[],"mappings":"AA0BA,OAAO,KAAK,EACV,MAAM,EACN,aAAa,EACb,aAAa,EACb,kBAAkB,EAClB,YAAY,EACb,MAAM,SAAS,CAAC;AAgJjB;;;;;;;;;;;GAWG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,EAAE,EACjB,GAAG,EAAE,aAAa,EAClB,WAAW,EAAE,kBAAkB,EAC/B,IAAI,GAAE,YAAiB,GACtB,aAAa,EAAE,CA2BjB"}

package/dist/evaluator.js

@@ -0,0 +1,209 @@
+// Caveat evaluator — fail-closed dispatcher.
+//
+// Each Caveat has an `enforcer` address that selects an evaluator function.
+// Unknown enforcer addresses → reject (no permissive default). This is a
+// CORE security invariant per spec 202 §11. Verbatim from smart-agent.
+//
+// **H7-B.2 strict-mode (PKG-DELEGATION-001 closure).** Three caveat types
+// previously returned `allowed:true` when the context field they needed was
+// missing ("enforced on-chain"). That is a BOUNDARY TRAP: a consumer using
+// the evaluator off-chain (MCP gate, A2A pre-check, any non-redeem path)
+// would silently permit the call. The fix:
+//
+//   - **Strict mode is the default** (caller does NOT pass `enforceOnChain`):
+//     missing context for Value / AllowedTargets / AllowedMethods / inert
+//     on-chain-only enforcers → `{ allowed: false, reason: 'context-required' }`.
+//
+//   - **Permissive mode** is opt-in by callers who can prove the call WILL be
+//     redeemed on-chain (so the on-chain enforcer fires): pass
+//     `{ enforceOnChain: true }` in `EvaluateOpts`. Missing context for the
+//     same caveats then returns `allowed: true` with reason 'enforced-on-chain'.
+//
+// `verifyDelegationToken` requires the opt-in (off-chain JTI / session-token
+// gating is not an on-chain redeem). Off-chain pre-checks pass strict mode;
+// on-chain redeem flows pass `{ enforceOnChain: true }`.
+import { decodeAbiParameters } from 'viem';
+import { MCP_TOOL_SCOPE_ENFORCER, DATA_SCOPE_ENFORCER, DELEGATE_BINDING_ENFORCER, } from './caveats';
+function lower(a) {
+    return a?.toLowerCase();
+}
+/** Permissive when caller has opted into on-chain redeem; strict otherwise. */
+function inertWhenAllowed(c, opts) {
+    if (opts.enforceOnChain) {
+        return { enforcer: c.enforcer, allowed: true, reason: 'enforced-on-chain' };
+    }
+    return {
+        enforcer: c.enforcer,
+        allowed: false,
+        reason: 'context-required (caveat type is on-chain-only; set EvaluateOpts.enforceOnChain to opt in)',
+    };
+}
+function evalTimestamp(c, ctx) {
+    try {
+        const [validAfter, validUntil] = decodeAbiParameters([{ type: 'uint256' }, { type: 'uint256' }], c.terms);
+        const ts = BigInt(ctx.timestamp);
+        if (ts < validAfter)
+            return { enforcer: c.enforcer, allowed: false, reason: 'before validAfter' };
+        // H7-D.10 / XPKG-001-sec: align with on-chain TimestampEnforcer.sol:28
+        // (`if (block.timestamp > validUntil) revert TimestampExpired()`). The
+        // boundary is INCLUSIVE — at ts == validUntil the on-chain enforcer
+        // accepts, so the off-chain pre-check MUST also accept (else a redeem
+        // that would land on-chain gets denied at the off-chain gate).
+        if (ts > validUntil)
+            return { enforcer: c.enforcer, allowed: false, reason: 'after validUntil' };
+        return { enforcer: c.enforcer, allowed: true };
+    }
+    catch (e) {
+        return { enforcer: c.enforcer, allowed: false, reason: `timestamp decode error: ${e instanceof Error ? e.message : e}` };
+    }
+}
+function evalValue(c, ctx, opts) {
+    if (ctx.value === undefined)
+        return inertWhenAllowed(c, opts);
+    try {
+        const [maxValue] = decodeAbiParameters([{ type: 'uint256' }], c.terms);
+        if (ctx.value > maxValue)
+            return { enforcer: c.enforcer, allowed: false, reason: 'value over cap' };
+        return { enforcer: c.enforcer, allowed: true };
+    }
+    catch (e) {
+        return { enforcer: c.enforcer, allowed: false, reason: `value decode error: ${e instanceof Error ? e.message : e}` };
+    }
+}
+function evalAllowedTargets(c, ctx, opts) {
+    if (!ctx.target)
+        return inertWhenAllowed(c, opts);
+    try {
+        const [targets] = decodeAbiParameters([{ type: 'address[]' }], c.terms);
+        const target = ctx.target.toLowerCase();
+        if (targets.some((t) => t.toLowerCase() === target))
+            return { enforcer: c.enforcer, allowed: true };
+        return { enforcer: c.enforcer, allowed: false, reason: 'target not in allowlist' };
+    }
+    catch (e) {
+        return { enforcer: c.enforcer, allowed: false, reason: `targets decode error: ${e instanceof Error ? e.message : e}` };
+    }
+}
+function evalAllowedMethods(c, ctx, opts) {
+    if (!ctx.selector)
+        return inertWhenAllowed(c, opts);
+    try {
+        const [selectors] = decodeAbiParameters([{ type: 'bytes4[]' }], c.terms);
+        const sel = ctx.selector.toLowerCase();
+        if (selectors.some((s) => s.toLowerCase() === sel))
+            return { enforcer: c.enforcer, allowed: true };
+        return { enforcer: c.enforcer, allowed: false, reason: 'selector not in allowlist' };
+    }
+    catch (e) {
+        return { enforcer: c.enforcer, allowed: false, reason: `methods decode error: ${e instanceof Error ? e.message : e}` };
+    }
+}
+function evalMcpToolScope(c, ctx) {
+    if (!ctx.mcpTool)
+        return { enforcer: c.enforcer, allowed: false, reason: 'no tool name in context' };
+    try {
+        const [tools] = decodeAbiParameters([{ type: 'string[]' }], c.terms);
+        if (tools.includes(ctx.mcpTool))
+            return { enforcer: c.enforcer, allowed: true };
+        return { enforcer: c.enforcer, allowed: false, reason: 'tool not in scope' };
+    }
+    catch (e) {
+        return { enforcer: c.enforcer, allowed: false, reason: `mcp-tool-scope decode error: ${e instanceof Error ? e.message : e}` };
+    }
+}
+function evalInert(c, _ctx, opts) {
+    // DATA_SCOPE + DELEGATE_BINDING + on-chain-only enforcers (taskBinding,
+    // callDataHash, recovery, rateLimit) are evaluated outside this dispatcher
+    // (by verifyCrossDelegation or on-chain). In strict mode (H7-B.2) we refuse
+    // to give an "allowed" verdict unless the caller has opted into
+    // `enforceOnChain` — otherwise the verdict misleads any callsite that won't
+    // reach the on-chain enforcer (e.g. an MCP-only gate).
+    //
+    // Shape checks still run unconditionally — malformed terms must reject at
+    // the closest layer to discovery to keep downstream verifiers from having
+    // to defend against garbage. Per spec 202 § 11: fail-closed on shape.
+    const enforcerLower = c.enforcer.toLowerCase();
+    if (enforcerLower === DELEGATE_BINDING_ENFORCER.toLowerCase()) {
+        try {
+            // DelegateBinding terms = abi.encode(address, address) — EXACTLY
+            // 64 bytes (0x + 128 hex chars). We assert length explicitly:
+            // viem's decoder happily ignores trailing bytes, so a 16 KiB blob
+            // whose first 64 bytes encode two addresses would otherwise pass
+            // this shape check. The CLAUDE.md regression class.
+            const expectedHexLen = 2 + 64 * 2; // "0x" + 64 bytes
+            if (c.terms.length !== expectedHexLen) {
+                return {
+                    enforcer: c.enforcer,
+                    allowed: false,
+                    reason: `delegate-binding: terms length ${c.terms.length} ≠ expected ${expectedHexLen} (abi.encode(address,address) is exactly 64 bytes)`,
+                };
+            }
+            const [smartAccount, personAgent] = decodeAbiParameters([{ type: 'address' }, { type: 'address' }], c.terms);
+            if (smartAccount === '0x0000000000000000000000000000000000000000' ||
+                personAgent === '0x0000000000000000000000000000000000000000') {
+                return {
+                    enforcer: c.enforcer,
+                    allowed: false,
+                    reason: 'delegate-binding: zero address in terms',
+                };
+            }
+        }
+        catch (e) {
+            return {
+                enforcer: c.enforcer,
+                allowed: false,
+                reason: `delegate-binding: malformed terms — ${e instanceof Error ? e.message : e}`,
+            };
+        }
+    }
+    // Shape valid; allow only if caller opted into on-chain redeem.
+    return inertWhenAllowed(c, opts);
+}
+/**
+ * Evaluate every caveat in the array. Returns one verdict per caveat,
+ * in input order. Caller decides what to do on the first deny.
+ *
+ * Unknown enforcer addresses produce a deny verdict. No exceptions.
+ *
+ * **H7-B.2:** in strict mode (the default) caveats that need a context field
+ * the caller didn't supply return `{ allowed: false, reason: 'context-required ...' }`.
+ * Callers who will redeem the delegation on-chain (where the enforcer DOES
+ * fire) can opt into permissive evaluation via `opts.enforceOnChain = true`.
+ * Off-chain gates (MCP / A2A / session-token verify) MUST stay in strict mode.
+ */
+export function evaluateCaveats(caveats, ctx, enforcerMap, opts = {}) {
+    // Build dispatch table keyed by lowercased enforcer address.
+    const dispatch = new Map();
+    if (enforcerMap.timestamp)
+        dispatch.set(lower(enforcerMap.timestamp), evalTimestamp);
+    if (enforcerMap.value)
+        dispatch.set(lower(enforcerMap.value), evalValue);
+    if (enforcerMap.allowedTargets)
+        dispatch.set(lower(enforcerMap.allowedTargets), evalAllowedTargets);
+    if (enforcerMap.allowedMethods)
+        dispatch.set(lower(enforcerMap.allowedMethods), evalAllowedMethods);
+    // Sentinels are constant addresses regardless of chain.
+    dispatch.set(MCP_TOOL_SCOPE_ENFORCER.toLowerCase(), evalMcpToolScope);
+    dispatch.set(DATA_SCOPE_ENFORCER.toLowerCase(), evalInert);
+    dispatch.set(DELEGATE_BINDING_ENFORCER.toLowerCase(), evalInert);
+    // On-chain-only enforcers are inert here (taskBinding, callDataHash, recovery, rateLimit).
+    if (enforcerMap.taskBinding)
+        dispatch.set(lower(enforcerMap.taskBinding), evalInert);
+    if (enforcerMap.callDataHash)
+        dispatch.set(lower(enforcerMap.callDataHash), evalInert);
+    if (enforcerMap.recovery)
+        dispatch.set(lower(enforcerMap.recovery), evalInert);
+    if (enforcerMap.rateLimit)
+        dispatch.set(lower(enforcerMap.rateLimit), evalInert);
+    const verdicts = [];
+    for (const c of caveats) {
+        const fn = dispatch.get(c.enforcer.toLowerCase());
+        if (!fn) {
+            verdicts.push({ enforcer: c.enforcer, allowed: false, reason: 'unknown enforcer' });
+            continue;
+        }
+        verdicts.push(fn(c, ctx, opts));
+    }
+    return verdicts;
+}
+//# sourceMappingURL=evaluator.js.map

package/dist/evaluator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluator.js","sourceRoot":"","sources":["../src/evaluator.ts"],"names":[],"mappings":"AAAA,6CAA6C;AAC7C,EAAE;AACF,4EAA4E;AAC5E,yEAAyE;AACzE,uEAAuE;AACvE,EAAE;AACF,0EAA0E;AAC1E,4EAA4E;AAC5E,2EAA2E;AAC3E,yEAAyE;AACzE,2CAA2C;AAC3C,EAAE;AACF,8EAA8E;AAC9E,0EAA0E;AAC1E,kFAAkF;AAClF,EAAE;AACF,8EAA8E;AAC9E,+DAA+D;AAC/D,4EAA4E;AAC5E,iFAAiF;AACjF,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,yDAAyD;AAEzD,OAAO,EAAE,mBAAmB,EAAgB,MAAM,MAAM,CAAC;AAQzD,OAAO,EACL,uBAAuB,EACvB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,WAAW,CAAC;AAInB,SAAS,KAAK,CAAC,CAAW;IACxB,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC;AAC1B,CAAC;AAED,+EAA+E;AAC/E,SAAS,gBAAgB,CAAC,CAAS,EAAE,IAAkB;IACrD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;QACxB,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAC9E,CAAC;IACD,OAAO;QACL,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,4FAA4F;KACrG,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,CAAS,EAAE,GAAkB;IAClD,IAAI,CAAC;QACH,MAAM,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,mBAAmB,CAClD,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAC1C,CAAC,CAAC,KAAK,CACqB,CAAC;QAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACjC,IAAI,EAAE,GAAG,UAAU;YAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QAClG,uEAAuE;QACvE,uEAAuE;QACvE,oEAAoE;QACpE,sEAAsE;QACtE,+DAA+D;QAC/D,IAAI,EAAE,GAAG,UAAU;YAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;QACjG,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAC3H,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,CAAS,EAAE,GAAkB,EAAE,IAAkB;IAClE,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS;QAAE,OAAO,gBAAgB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAC9D,IAAI,CAAC;QACH,MAAM,CAAC,QAAQ,CAAC,GAAG,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC,KAAK,CAAsB,CAAC;QAC5F,IAAI,GAAG,CAAC,KAAK,GAAG,QAAQ;YAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QACpG,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IACvH,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAS,EAAE,GAAkB,EAAE,IAAkB;IAC3E,IAAI,CAAC,GAAG,CAAC,MAAM;QAAE,OAAO,gBAAgB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC;QACH,MAAM,CAAC,OAAO,CAAC,GAAG,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC,KAAK,CAAyB,CAAC;QAChG,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACpG,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IACrF,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IACzH,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAS,EAAE,GAAkB,EAAE,IAAkB;IAC3E,IAAI,CAAC,GAAG,CAAC,QAAQ;QAAE,OAAO,gBAAgB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,CAAC,SAAS,CAAC,GAAG,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC,CAAC,KAAK,CAA+B,CAAC;QACvG,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QACvC,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,GAAG,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACnG,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC;IACvF,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IACzH,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAS,EAAE,GAAkB;IACrD,IAAI,CAAC,GAAG,CAAC,OAAO;QAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IACrG,IAAI,CAAC;QACH,MAAM,CAAC,KAAK,CAAC,GAAG,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC,CAAC,KAAK,CAAwB,CAAC;QAC5F,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAChF,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAC/E,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAChI,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,CAAS,EAAE,IAAmB,EAAE,IAAkB;IACnE,wEAAwE;IACxE,2EAA2E;IAC3E,4EAA4E;IAC5E,gEAAgE;IAChE,4EAA4E;IAC5E,uDAAuD;IACvD,EAAE;IACF,0EAA0E;IAC1E,0EAA0E;IAC1E,sEAAsE;IACtE,MAAM,aAAa,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAC/C,IAAI,aAAa,KAAK,yBAAyB,CAAC,WAAW,EAAE,EAAE,CAAC;QAC9D,IAAI,CAAC;YACH,iEAAiE;YACjE,8DAA8D;YAC9D,kEAAkE;YAClE,iEAAiE;YACjE,oDAAoD;YACpD,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,kBAAkB;YACrD,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;gBACtC,OAAO;oBACL,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,kCAAkC,CAAC,CAAC,KAAK,CAAC,MAAM,eAAe,cAAc,oDAAoD;iBAC1I,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,GAAG,mBAAmB,CACrD,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAC1C,CAAC,CAAC,KAAK,CACR,CAAC;YACF,IACE,YAAY,KAAK,4CAA4C;gBAC7D,WAAW,KAAK,4CAA4C,EAC5D,CAAC;gBACD,OAAO;oBACL,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,yCAAyC;iBAClD,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO;gBACL,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,uCAAuC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;aACpF,CAAC;QACJ,CAAC;IACH,CAAC;IACD,gEAAgE;IAChE,OAAO,gBAAgB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;AACnC,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAiB,EACjB,GAAkB,EAClB,WAA+B,EAC/B,OAAqB,EAAE;IAEvB,6DAA6D;IAC7D,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC3C,IAAI,WAAW,CAAC,SAAS;QAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAE,EAAE,aAAa,CAAC,CAAC;IACtF,IAAI,WAAW,CAAC,KAAK;QAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAE,EAAE,SAAS,CAAC,CAAC;IAC1E,IAAI,WAAW,CAAC,cAAc;QAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,cAAc,CAAE,EAAE,kBAAkB,CAAC,CAAC;IACrG,IAAI,WAAW,CAAC,cAAc;QAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,cAAc,CAAE,EAAE,kBAAkB,CAAC,CAAC;IACrG,wDAAwD;IACxD,QAAQ,CAAC,GAAG,CAAC,uBAAuB,CAAC,WAAW,EAAE,EAAE,gBAAgB,CAAC,CAAC;IACtE,QAAQ,CAAC,GAAG,CAAC,mBAAmB,CAAC,WAAW,EAAE,EAAE,SAAS,CAAC,CAAC;IAC3D,QAAQ,CAAC,GAAG,CAAC,yBAAyB,CAAC,WAAW,EAAE,EAAE,SAAS,CAAC,CAAC;IACjE,2FAA2F;IAC3F,IAAI,WAAW,CAAC,WAAW;QAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAE,EAAE,SAAS,CAAC,CAAC;IACtF,IAAI,WAAW,CAAC,YAAY;QAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,YAAY,CAAE,EAAE,SAAS,CAAC,CAAC;IACxF,IAAI,WAAW,CAAC,QAAQ;QAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,QAAQ,CAAE,EAAE,SAAS,CAAC,CAAC;IAChF,IAAI,WAAW,CAAC,SAAS;QAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAE,EAAE,SAAS,CAAC,CAAC;IAElF,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC;YACpF,SAAS;QACX,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/hash.d.ts

@@ -0,0 +1,45 @@
+import { type Hex, type Address } from 'viem';
+import type { Caveat, Delegation } from './types';
+export declare const DELEGATION_EIP712_TYPES: {
+    readonly Delegation: readonly [{
+        readonly name: "delegator";
+        readonly type: "address";
+    }, {
+        readonly name: "delegate";
+        readonly type: "address";
+    }, {
+        readonly name: "authority";
+        readonly type: "bytes32";
+    }, {
+        readonly name: "caveats";
+        readonly type: "Caveat[]";
+    }, {
+        readonly name: "salt";
+        readonly type: "uint256";
+    }];
+    readonly Caveat: readonly [{
+        readonly name: "enforcer";
+        readonly type: "address";
+    }, {
+        readonly name: "terms";
+        readonly type: "bytes";
+    }];
+};
+export declare function delegationDomain(chainId: number, delegationManager: Address): {
+    name: string;
+    version: string;
+    chainId: number;
+    verifyingContract: `0x${string}`;
+};
+/**
+ * EIP-712 hash of a Delegation. This is the value the smart-account owner
+ * signs (via signTypedData / personal_sign of the digest) and the value
+ * AgentDelegationManager validates via ERC-1271.
+ */
+export declare function hashDelegation(d: Delegation, chainId: number, delegationManager: Address): Hex;
+/**
+ * keccak256 of the ABI-encoded caveat array. Mirrors what
+ * AgentDelegationManager computes for caveat enforcement bookkeeping.
+ */
+export declare function hashCaveats(caveats: Caveat[]): Hex;
+//# sourceMappingURL=hash.d.ts.map

package/dist/hash.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../src/hash.ts"],"names":[],"mappings":"AAOA,OAAO,EAAiD,KAAK,GAAG,EAAE,KAAK,OAAO,EAAE,MAAM,MAAM,CAAC;AAC7F,OAAO,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAKlD,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;CAkB1B,CAAC;AAEX,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,OAAO;;;;;EAO3E;AAWD;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,OAAO,GAAG,GAAG,CAa9F;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,GAAG,CAclD"}