@agenticvault/agentic-vault 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +19 -0
- package/.env.example +16 -0
- package/.mcp.json.example +18 -0
- package/LICENSE +21 -0
- package/README.ja.md +163 -0
- package/README.ko.md +163 -0
- package/README.md +161 -0
- package/README.zh-CN.md +163 -0
- package/README.zh-TW.md +163 -0
- package/dist/agentic/audit/logger.d.ts +7 -0
- package/dist/agentic/audit/logger.js +19 -0
- package/dist/agentic/audit/logger.js.map +1 -0
- package/dist/agentic/audit/types.d.ts +11 -0
- package/dist/agentic/audit/types.js +2 -0
- package/dist/agentic/audit/types.js.map +1 -0
- package/dist/agentic/cli.d.ts +8 -0
- package/dist/agentic/cli.js +87 -0
- package/dist/agentic/cli.js.map +1 -0
- package/dist/agentic/index.d.ts +5 -0
- package/dist/agentic/index.js +7 -0
- package/dist/agentic/index.js.map +1 -0
- package/dist/agentic/mcp/server.d.ts +8 -0
- package/dist/agentic/mcp/server.js +25 -0
- package/dist/agentic/mcp/server.js.map +1 -0
- package/dist/agentic/mcp/tools/decoded-call-pipeline.d.ts +14 -0
- package/dist/agentic/mcp/tools/decoded-call-pipeline.js +18 -0
- package/dist/agentic/mcp/tools/decoded-call-pipeline.js.map +1 -0
- package/dist/agentic/mcp/tools/get-address.d.ts +3 -0
- package/dist/agentic/mcp/tools/get-address.js +25 -0
- package/dist/agentic/mcp/tools/get-address.js.map +1 -0
- package/dist/agentic/mcp/tools/health-check.d.ts +3 -0
- package/dist/agentic/mcp/tools/health-check.js +25 -0
- package/dist/agentic/mcp/tools/health-check.js.map +1 -0
- package/dist/agentic/mcp/tools/index.d.ts +7 -0
- package/dist/agentic/mcp/tools/index.js +21 -0
- package/dist/agentic/mcp/tools/index.js.map +1 -0
- package/dist/agentic/mcp/tools/result-adapter.d.ts +10 -0
- package/dist/agentic/mcp/tools/result-adapter.js +15 -0
- package/dist/agentic/mcp/tools/result-adapter.js.map +1 -0
- package/dist/agentic/mcp/tools/shared.d.ts +71 -0
- package/dist/agentic/mcp/tools/shared.js +12 -0
- package/dist/agentic/mcp/tools/shared.js.map +1 -0
- package/dist/agentic/mcp/tools/sign-defi-call.d.ts +3 -0
- package/dist/agentic/mcp/tools/sign-defi-call.js +23 -0
- package/dist/agentic/mcp/tools/sign-defi-call.js.map +1 -0
- package/dist/agentic/mcp/tools/sign-permit.d.ts +3 -0
- package/dist/agentic/mcp/tools/sign-permit.js +39 -0
- package/dist/agentic/mcp/tools/sign-permit.js.map +1 -0
- package/dist/agentic/mcp/tools/sign-swap.d.ts +3 -0
- package/dist/agentic/mcp/tools/sign-swap.js +23 -0
- package/dist/agentic/mcp/tools/sign-swap.js.map +1 -0
- package/dist/agentic/mcp/tools/sign-transaction.d.ts +3 -0
- package/dist/agentic/mcp/tools/sign-transaction.js +68 -0
- package/dist/agentic/mcp/tools/sign-transaction.js.map +1 -0
- package/dist/agentic/mcp/tools/sign-typed-data.d.ts +3 -0
- package/dist/agentic/mcp/tools/sign-typed-data.js +50 -0
- package/dist/agentic/mcp/tools/sign-typed-data.js.map +1 -0
- package/dist/agentic/policy/engine.d.ts +2 -0
- package/dist/agentic/policy/engine.js +3 -0
- package/dist/agentic/policy/engine.js.map +1 -0
- package/dist/agentic/policy/types.d.ts +2 -0
- package/dist/agentic/policy/types.js +2 -0
- package/dist/agentic/policy/types.js.map +1 -0
- package/dist/cli/commands/decode.d.ts +1 -0
- package/dist/cli/commands/decode.js +51 -0
- package/dist/cli/commands/decode.js.map +1 -0
- package/dist/cli/commands/dry-run.d.ts +2 -0
- package/dist/cli/commands/dry-run.js +56 -0
- package/dist/cli/commands/dry-run.js.map +1 -0
- package/dist/cli/commands/encode.d.ts +1 -0
- package/dist/cli/commands/encode.js +77 -0
- package/dist/cli/commands/encode.js.map +1 -0
- package/dist/cli/commands/get-address.d.ts +3 -0
- package/dist/cli/commands/get-address.js +26 -0
- package/dist/cli/commands/get-address.js.map +1 -0
- package/dist/cli/commands/health.d.ts +3 -0
- package/dist/cli/commands/health.js +26 -0
- package/dist/cli/commands/health.js.map +1 -0
- package/dist/cli/commands/mcp.d.ts +6 -0
- package/dist/cli/commands/mcp.js +40 -0
- package/dist/cli/commands/mcp.js.map +1 -0
- package/dist/cli/commands/sign-permit.d.ts +2 -0
- package/dist/cli/commands/sign-permit.js +110 -0
- package/dist/cli/commands/sign-permit.js.map +1 -0
- package/dist/cli/commands/sign.d.ts +2 -0
- package/dist/cli/commands/sign.js +82 -0
- package/dist/cli/commands/sign.js.map +1 -0
- package/dist/cli/context.d.ts +10 -0
- package/dist/cli/context.js +84 -0
- package/dist/cli/context.js.map +1 -0
- package/dist/cli/formatters.d.ts +18 -0
- package/dist/cli/formatters.js +74 -0
- package/dist/cli/formatters.js.map +1 -0
- package/dist/cli/index.d.ts +2 -0
- package/dist/cli/index.js +108 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/core/evm-signer-adapter.d.ts +42 -0
- package/dist/core/evm-signer-adapter.js +92 -0
- package/dist/core/evm-signer-adapter.js.map +1 -0
- package/dist/core/signing-provider.d.ts +14 -0
- package/dist/core/signing-provider.js +2 -0
- package/dist/core/signing-provider.js.map +1 -0
- package/dist/crypto/evm-signer.util.d.ts +43 -0
- package/dist/crypto/evm-signer.util.js +151 -0
- package/dist/crypto/evm-signer.util.js.map +1 -0
- package/dist/evm-signer.util.d.ts +1 -0
- package/dist/evm-signer.util.js +4 -0
- package/dist/evm-signer.util.js.map +1 -0
- package/dist/index.d.ts +11 -0
- package/dist/index.js +9 -0
- package/dist/index.js.map +1 -0
- package/dist/kms-client.d.ts +1 -0
- package/dist/kms-client.js +4 -0
- package/dist/kms-client.js.map +1 -0
- package/dist/kms-signer.d.ts +1 -0
- package/dist/kms-signer.js +4 -0
- package/dist/kms-signer.js.map +1 -0
- package/dist/protocols/catalog.d.ts +310 -0
- package/dist/protocols/catalog.js +162 -0
- package/dist/protocols/catalog.js.map +1 -0
- package/dist/protocols/decoders/aave-v3.d.ts +2 -0
- package/dist/protocols/decoders/aave-v3.js +105 -0
- package/dist/protocols/decoders/aave-v3.js.map +1 -0
- package/dist/protocols/decoders/erc20.d.ts +2 -0
- package/dist/protocols/decoders/erc20.js +51 -0
- package/dist/protocols/decoders/erc20.js.map +1 -0
- package/dist/protocols/decoders/uniswap-v3.d.ts +2 -0
- package/dist/protocols/decoders/uniswap-v3.js +57 -0
- package/dist/protocols/decoders/uniswap-v3.js.map +1 -0
- package/dist/protocols/dispatcher.d.ts +8 -0
- package/dist/protocols/dispatcher.js +32 -0
- package/dist/protocols/dispatcher.js.map +1 -0
- package/dist/protocols/index.d.ts +16 -0
- package/dist/protocols/index.js +19 -0
- package/dist/protocols/index.js.map +1 -0
- package/dist/protocols/policy/engine.d.ts +11 -0
- package/dist/protocols/policy/engine.js +67 -0
- package/dist/protocols/policy/engine.js.map +1 -0
- package/dist/protocols/policy/evaluators/aave-v3.d.ts +2 -0
- package/dist/protocols/policy/evaluators/aave-v3.js +118 -0
- package/dist/protocols/policy/evaluators/aave-v3.js.map +1 -0
- package/dist/protocols/policy/evaluators/erc20.d.ts +2 -0
- package/dist/protocols/policy/evaluators/erc20.js +55 -0
- package/dist/protocols/policy/evaluators/erc20.js.map +1 -0
- package/dist/protocols/policy/evaluators/uniswap-v3.d.ts +2 -0
- package/dist/protocols/policy/evaluators/uniswap-v3.js +46 -0
- package/dist/protocols/policy/evaluators/uniswap-v3.js.map +1 -0
- package/dist/protocols/policy/loader.d.ts +11 -0
- package/dist/protocols/policy/loader.js +70 -0
- package/dist/protocols/policy/loader.js.map +1 -0
- package/dist/protocols/policy/types.d.ts +38 -0
- package/dist/protocols/policy/types.js +2 -0
- package/dist/protocols/policy/types.js.map +1 -0
- package/dist/protocols/registry.d.ts +21 -0
- package/dist/protocols/registry.js +52 -0
- package/dist/protocols/registry.js.map +1 -0
- package/dist/protocols/types.d.ts +90 -0
- package/dist/protocols/types.js +2 -0
- package/dist/protocols/types.js.map +1 -0
- package/dist/protocols/workflows/get-address.d.ts +2 -0
- package/dist/protocols/workflows/get-address.js +41 -0
- package/dist/protocols/workflows/get-address.js.map +1 -0
- package/dist/protocols/workflows/health-check.d.ts +2 -0
- package/dist/protocols/workflows/health-check.js +41 -0
- package/dist/protocols/workflows/health-check.js.map +1 -0
- package/dist/protocols/workflows/index.d.ts +5 -0
- package/dist/protocols/workflows/index.js +5 -0
- package/dist/protocols/workflows/index.js.map +1 -0
- package/dist/protocols/workflows/sign-defi-call.d.ts +14 -0
- package/dist/protocols/workflows/sign-defi-call.js +157 -0
- package/dist/protocols/workflows/sign-defi-call.js.map +1 -0
- package/dist/protocols/workflows/sign-permit.d.ts +21 -0
- package/dist/protocols/workflows/sign-permit.js +320 -0
- package/dist/protocols/workflows/sign-permit.js.map +1 -0
- package/dist/protocols/workflows/types.d.ts +79 -0
- package/dist/protocols/workflows/types.js +2 -0
- package/dist/protocols/workflows/types.js.map +1 -0
- package/dist/provider/factory.d.ts +12 -0
- package/dist/provider/factory.js +19 -0
- package/dist/provider/factory.js.map +1 -0
- package/dist/providers/aws-kms/aws-kms-client.d.ts +19 -0
- package/dist/providers/aws-kms/aws-kms-client.js +47 -0
- package/dist/providers/aws-kms/aws-kms-client.js.map +1 -0
- package/dist/providers/aws-kms/aws-kms-provider.d.ts +17 -0
- package/dist/providers/aws-kms/aws-kms-provider.js +40 -0
- package/dist/providers/aws-kms/aws-kms-provider.js.map +1 -0
- package/dist/providers/aws-kms/index.d.ts +3 -0
- package/dist/providers/aws-kms/index.js +4 -0
- package/dist/providers/aws-kms/index.js.map +1 -0
- package/dist/providers/aws-kms/kms-signer-adapter.d.ts +41 -0
- package/dist/providers/aws-kms/kms-signer-adapter.js +101 -0
- package/dist/providers/aws-kms/kms-signer-adapter.js.map +1 -0
- package/dist/types.d.ts +13 -0
- package/dist/types.js +2 -0
- package/dist/types.js.map +1 -0
- package/package.json +109 -0
- package/policy.example.json +43 -0
- package/skills/audit-log/SKILL.md +32 -0
- package/skills/check-wallet/SKILL.md +23 -0
- package/skills/sign-permit/SKILL.md +29 -0
- package/skills/sign-swap/SKILL.md +29 -0
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
import { decodeFunctionData } from 'viem';
|
|
2
|
+
import { uniswapV3SwapRouterAbi } from '../catalog.js';
|
|
3
|
+
// exactInputSingle((address,address,uint24,address,uint256,uint256,uint160))
|
|
4
|
+
const EXACT_INPUT_SINGLE_SELECTOR = '0x04e45aaf';
|
|
5
|
+
export const uniswapV3Decoder = {
|
|
6
|
+
protocol: 'uniswap_v3',
|
|
7
|
+
supportedSelectors: [EXACT_INPUT_SINGLE_SELECTOR],
|
|
8
|
+
decode(chainId, to, data) {
|
|
9
|
+
try {
|
|
10
|
+
const { functionName, args } = decodeFunctionData({
|
|
11
|
+
abi: uniswapV3SwapRouterAbi,
|
|
12
|
+
data,
|
|
13
|
+
});
|
|
14
|
+
const selector = data.slice(0, 10).toLowerCase();
|
|
15
|
+
switch (functionName) {
|
|
16
|
+
case 'exactInputSingle': {
|
|
17
|
+
const params = args[0];
|
|
18
|
+
return {
|
|
19
|
+
protocol: 'uniswap_v3',
|
|
20
|
+
action: 'exactInputSingle',
|
|
21
|
+
chainId,
|
|
22
|
+
to,
|
|
23
|
+
selector,
|
|
24
|
+
args: {
|
|
25
|
+
tokenIn: params.tokenIn,
|
|
26
|
+
tokenOut: params.tokenOut,
|
|
27
|
+
fee: Number(params.fee),
|
|
28
|
+
recipient: params.recipient,
|
|
29
|
+
amountIn: params.amountIn,
|
|
30
|
+
amountOutMinimum: params.amountOutMinimum,
|
|
31
|
+
sqrtPriceLimitX96: params.sqrtPriceLimitX96,
|
|
32
|
+
},
|
|
33
|
+
};
|
|
34
|
+
}
|
|
35
|
+
default:
|
|
36
|
+
return {
|
|
37
|
+
protocol: 'unknown',
|
|
38
|
+
chainId,
|
|
39
|
+
to,
|
|
40
|
+
selector,
|
|
41
|
+
rawData: data,
|
|
42
|
+
reason: `Unsupported Uniswap V3 function: ${functionName}`,
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
catch {
|
|
47
|
+
return {
|
|
48
|
+
protocol: 'unknown',
|
|
49
|
+
chainId,
|
|
50
|
+
to,
|
|
51
|
+
rawData: data,
|
|
52
|
+
reason: 'Failed to decode Uniswap V3 calldata',
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
},
|
|
56
|
+
};
|
|
57
|
+
//# sourceMappingURL=uniswap-v3.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"uniswap-v3.js","sourceRoot":"","sources":["../../../src/protocols/decoders/uniswap-v3.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAA0B,MAAM,MAAM,CAAC;AAElE,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AAEvD,6EAA6E;AAC7E,MAAM,2BAA2B,GAAG,YAAY,CAAC;AAEjD,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,QAAQ,EAAE,YAAY;IACtB,kBAAkB,EAAE,CAAC,2BAAkC,CAAC;IAExD,MAAM,CAAC,OAAe,EAAE,EAAW,EAAE,IAAS;QAC5C,IAAI,CAAC;YACH,MAAM,EAAE,YAAY,EAAE,IAAI,EAAE,GAAG,kBAAkB,CAAC;gBAChD,GAAG,EAAE,sBAAsB;gBAC3B,IAAI;aACL,CAAC,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,EAAS,CAAC;YAExD,QAAQ,YAAY,EAAE,CAAC;gBACrB,KAAK,kBAAkB,CAAC,CAAC,CAAC;oBACxB,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;oBACvB,OAAO;wBACL,QAAQ,EAAE,YAAY;wBACtB,MAAM,EAAE,kBAAkB;wBAC1B,OAAO;wBACP,EAAE;wBACF,QAAQ;wBACR,IAAI,EAAE;4BACJ,OAAO,EAAE,MAAM,CAAC,OAAkB;4BAClC,QAAQ,EAAE,MAAM,CAAC,QAAmB;4BACpC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;4BACvB,SAAS,EAAE,MAAM,CAAC,SAAoB;4BACtC,QAAQ,EAAE,MAAM,CAAC,QAAQ;4BACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;4BACzC,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;yBAC5C;qBACF,CAAC;gBACJ,CAAC;gBACD;oBACE,OAAO;wBACL,QAAQ,EAAE,SAAS;wBACnB,OAAO;wBACP,EAAE;wBACF,QAAQ;wBACR,OAAO,EAAE,IAAI;wBACb,MAAM,EAAE,oCAAoC,YAAY,EAAE;qBAC3D,CAAC;YACN,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,QAAQ,EAAE,SAAS;gBACnB,OAAO;gBACP,EAAE;gBACF,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,sCAAsC;aAC/C,CAAC;QACJ,CAAC;IACH,CAAC;CACF,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { Address, Hex } from 'viem';
|
|
2
|
+
import type { DecodedIntent } from './types.js';
|
|
3
|
+
import { type RegistryConfig } from './registry.js';
|
|
4
|
+
export declare class ProtocolDispatcher {
|
|
5
|
+
private readonly registry;
|
|
6
|
+
constructor(config: RegistryConfig);
|
|
7
|
+
dispatch(chainId: number, to: Address, data: Hex): DecodedIntent;
|
|
8
|
+
}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import { ProtocolRegistry } from './registry.js';
|
|
2
|
+
export class ProtocolDispatcher {
|
|
3
|
+
registry;
|
|
4
|
+
constructor(config) {
|
|
5
|
+
this.registry = new ProtocolRegistry(config);
|
|
6
|
+
}
|
|
7
|
+
dispatch(chainId, to, data) {
|
|
8
|
+
if (data.length < 10) {
|
|
9
|
+
return {
|
|
10
|
+
protocol: 'unknown',
|
|
11
|
+
chainId,
|
|
12
|
+
to,
|
|
13
|
+
rawData: data,
|
|
14
|
+
reason: 'Calldata too short (no 4-byte selector)',
|
|
15
|
+
};
|
|
16
|
+
}
|
|
17
|
+
const selector = data.slice(0, 10).toLowerCase();
|
|
18
|
+
const decoder = this.registry.resolve(chainId, to, selector);
|
|
19
|
+
if (!decoder) {
|
|
20
|
+
return {
|
|
21
|
+
protocol: 'unknown',
|
|
22
|
+
chainId,
|
|
23
|
+
to,
|
|
24
|
+
selector,
|
|
25
|
+
rawData: data,
|
|
26
|
+
reason: `No registered decoder for contract ${to} on chain ${chainId}`,
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
return decoder.decode(chainId, to, data);
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
//# sourceMappingURL=dispatcher.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dispatcher.js","sourceRoot":"","sources":["../../src/protocols/dispatcher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAuB,MAAM,eAAe,CAAC;AAEtE,MAAM,OAAO,kBAAkB;IACZ,QAAQ,CAAmB;IAE5C,YAAY,MAAsB;QAChC,IAAI,CAAC,QAAQ,GAAG,IAAI,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAC/C,CAAC;IAED,QAAQ,CAAC,OAAe,EAAE,EAAW,EAAE,IAAS;QAC9C,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACrB,OAAO;gBACL,QAAQ,EAAE,SAAS;gBACnB,OAAO;gBACP,EAAE;gBACF,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,yCAAyC;aAClD,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,EAAS,CAAC;QACxD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;QAE7D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,QAAQ,EAAE,SAAS;gBACnB,OAAO;gBACP,EAAE;gBACF,QAAQ;gBACR,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,sCAAsC,EAAE,aAAa,OAAO,EAAE;aACvE,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC;IAC3C,CAAC;CACF"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
export type { DecodedIntent, ProtocolDecoder, Erc20ApproveIntent, Erc20TransferIntent, UniswapV3ExactInputSingleIntent, AaveV3SupplyIntent, AaveV3BorrowIntent, AaveV3RepayIntent, AaveV3WithdrawIntent, UnknownIntent, } from './types.js';
|
|
2
|
+
export type { ContractEntry, RegistryConfig } from './registry.js';
|
|
3
|
+
export { ProtocolRegistry, createDefaultRegistry } from './registry.js';
|
|
4
|
+
export { ProtocolDispatcher } from './dispatcher.js';
|
|
5
|
+
export { erc20Decoder } from './decoders/erc20.js';
|
|
6
|
+
export { uniswapV3Decoder } from './decoders/uniswap-v3.js';
|
|
7
|
+
export { aaveV3Decoder } from './decoders/aave-v3.js';
|
|
8
|
+
export { PolicyEngine } from './policy/engine.js';
|
|
9
|
+
export { parsePolicyConfig, loadPolicyConfigFromFile } from './policy/loader.js';
|
|
10
|
+
export type { PolicyConfig, PolicyRequest, PolicyEvaluation, PolicyConfigV2, PolicyRequestV2, ProtocolPolicyConfig, ProtocolPolicyEvaluator, } from './policy/types.js';
|
|
11
|
+
export { ACTION_CATALOG, listActions } from './catalog.js';
|
|
12
|
+
export type { ProtocolAction } from './catalog.js';
|
|
13
|
+
export { erc20Evaluator } from './policy/evaluators/erc20.js';
|
|
14
|
+
export { uniswapV3Evaluator } from './policy/evaluators/uniswap-v3.js';
|
|
15
|
+
export { aaveV3Evaluator } from './policy/evaluators/aave-v3.js';
|
|
16
|
+
export { signDefiCall, signPermit, getAddress as getAddressWorkflow, healthCheck as healthCheckWorkflow, type WorkflowCaller, type AuditSink, type WorkflowSigner, type WorkflowPolicyEngine, type WorkflowDispatcher, type WorkflowDecodedIntent, type WorkflowContext, type WorkflowResult, type SignDefiCallInput, type SignPermitInput, } from './workflows/index.js';
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
// Classes
|
|
2
|
+
export { ProtocolRegistry, createDefaultRegistry } from './registry.js';
|
|
3
|
+
export { ProtocolDispatcher } from './dispatcher.js';
|
|
4
|
+
// Decoders
|
|
5
|
+
export { erc20Decoder } from './decoders/erc20.js';
|
|
6
|
+
export { uniswapV3Decoder } from './decoders/uniswap-v3.js';
|
|
7
|
+
export { aaveV3Decoder } from './decoders/aave-v3.js';
|
|
8
|
+
// Policy V2
|
|
9
|
+
export { PolicyEngine } from './policy/engine.js';
|
|
10
|
+
export { parsePolicyConfig, loadPolicyConfigFromFile } from './policy/loader.js';
|
|
11
|
+
// Action Catalog
|
|
12
|
+
export { ACTION_CATALOG, listActions } from './catalog.js';
|
|
13
|
+
// Evaluators
|
|
14
|
+
export { erc20Evaluator } from './policy/evaluators/erc20.js';
|
|
15
|
+
export { uniswapV3Evaluator } from './policy/evaluators/uniswap-v3.js';
|
|
16
|
+
export { aaveV3Evaluator } from './policy/evaluators/aave-v3.js';
|
|
17
|
+
// Workflows
|
|
18
|
+
export { signDefiCall, signPermit, getAddress as getAddressWorkflow, healthCheck as healthCheckWorkflow, } from './workflows/index.js';
|
|
19
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/protocols/index.ts"],"names":[],"mappings":"AAeA,UAAU;AACV,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAErD,WAAW;AACX,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,YAAY;AACZ,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAWjF,iBAAiB;AACjB,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3D,aAAa;AACb,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AAEjE,YAAY;AACZ,OAAO,EACL,YAAY,EACZ,UAAU,EACV,UAAU,IAAI,kBAAkB,EAChC,WAAW,IAAI,mBAAmB,GAWnC,MAAM,sBAAsB,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { type PolicyConfigV2, type PolicyRequestV2, type PolicyEvaluation, type ProtocolPolicyEvaluator } from './types.js';
|
|
2
|
+
export declare class PolicyEngine {
|
|
3
|
+
private readonly config;
|
|
4
|
+
private readonly evaluators;
|
|
5
|
+
private readonly allowedChainIds;
|
|
6
|
+
private readonly allowedContracts;
|
|
7
|
+
private readonly allowedSelectors;
|
|
8
|
+
constructor(config: PolicyConfigV2, evaluators?: ProtocolPolicyEvaluator[]);
|
|
9
|
+
evaluate(request: PolicyRequestV2): PolicyEvaluation;
|
|
10
|
+
private evaluateBase;
|
|
11
|
+
}
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
export class PolicyEngine {
|
|
2
|
+
config;
|
|
3
|
+
evaluators;
|
|
4
|
+
allowedChainIds;
|
|
5
|
+
allowedContracts;
|
|
6
|
+
allowedSelectors;
|
|
7
|
+
constructor(config, evaluators) {
|
|
8
|
+
this.config = config;
|
|
9
|
+
this.evaluators = new Map((evaluators ?? []).map((e) => [e.protocol, e]));
|
|
10
|
+
this.allowedChainIds = new Set(config.allowedChainIds);
|
|
11
|
+
this.allowedContracts = new Set(config.allowedContracts.map((c) => c.toLowerCase()));
|
|
12
|
+
this.allowedSelectors = new Set(config.allowedSelectors.map((s) => s.toLowerCase()));
|
|
13
|
+
}
|
|
14
|
+
evaluate(request) {
|
|
15
|
+
const violations = [];
|
|
16
|
+
// -- V1 base checks (unchanged) --
|
|
17
|
+
violations.push(...this.evaluateBase(request));
|
|
18
|
+
// -- V2 intent-aware checks (fail-closed) --
|
|
19
|
+
if (request.intent && request.intent.protocol !== 'unknown') {
|
|
20
|
+
const evaluator = this.evaluators.get(request.intent.protocol);
|
|
21
|
+
const protocolConfig = this.config.protocolPolicies?.[request.intent.protocol];
|
|
22
|
+
if (!evaluator || !protocolConfig) {
|
|
23
|
+
violations.push(`No policy evaluator/config registered for protocol '${request.intent.protocol}'`);
|
|
24
|
+
}
|
|
25
|
+
else {
|
|
26
|
+
violations.push(...evaluator.evaluate(request.intent, protocolConfig));
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
return { allowed: violations.length === 0, violations };
|
|
30
|
+
}
|
|
31
|
+
evaluateBase(request) {
|
|
32
|
+
const violations = [];
|
|
33
|
+
// Check chainId whitelist
|
|
34
|
+
if (!this.allowedChainIds.has(request.chainId)) {
|
|
35
|
+
violations.push(`chainId ${request.chainId} not in allowed list [${this.config.allowedChainIds.join(', ')}]`);
|
|
36
|
+
}
|
|
37
|
+
// Check contract whitelist (case-insensitive, pre-normalized)
|
|
38
|
+
if (!this.allowedContracts.has(request.to.toLowerCase())) {
|
|
39
|
+
violations.push(`contract ${request.to} not in allowed list`);
|
|
40
|
+
}
|
|
41
|
+
// Check selector whitelist (if selector provided, pre-normalized)
|
|
42
|
+
if (request.selector !== undefined) {
|
|
43
|
+
if (!this.allowedSelectors.has(request.selector.toLowerCase())) {
|
|
44
|
+
violations.push(`selector ${request.selector} not in allowed list`);
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
// Check amount limit
|
|
48
|
+
if (request.amountWei !== undefined) {
|
|
49
|
+
if (request.amountWei > this.config.maxAmountWei) {
|
|
50
|
+
violations.push(`amount ${request.amountWei} exceeds max ${this.config.maxAmountWei}`);
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
// Check deadline range
|
|
54
|
+
if (request.deadline !== undefined) {
|
|
55
|
+
const nowSeconds = Math.floor(Date.now() / 1000);
|
|
56
|
+
const maxDeadline = nowSeconds + this.config.maxDeadlineSeconds;
|
|
57
|
+
if (request.deadline < nowSeconds) {
|
|
58
|
+
violations.push(`deadline ${request.deadline} is in the past (now: ${nowSeconds})`);
|
|
59
|
+
}
|
|
60
|
+
else if (request.deadline > maxDeadline) {
|
|
61
|
+
violations.push(`deadline ${request.deadline} exceeds max allowed (${maxDeadline})`);
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
return violations;
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
//# sourceMappingURL=engine.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../../src/protocols/policy/engine.ts"],"names":[],"mappings":"AAQA,MAAM,OAAO,YAAY;IACN,MAAM,CAAiB;IACvB,UAAU,CAAuC;IACjD,eAAe,CAAc;IAC7B,gBAAgB,CAAc;IAC9B,gBAAgB,CAAc;IAE/C,YAAY,MAAsB,EAAE,UAAsC;QACxE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,IAAI,GAAG,CACvB,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAC/C,CAAC;QACF,IAAI,CAAC,eAAe,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACvD,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACrF,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IACvF,CAAC;IAED,QAAQ,CAAC,OAAwB;QAC/B,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,mCAAmC;QACnC,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;QAE/C,6CAA6C;QAC7C,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC5D,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC/D,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAE/E,IAAI,CAAC,SAAS,IAAI,CAAC,cAAc,EAAE,CAAC;gBAClC,UAAU,CAAC,IAAI,CACb,uDAAuD,OAAO,CAAC,MAAM,CAAC,QAAQ,GAAG,CAClF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,UAAU,EAAE,CAAC;IAC1D,CAAC;IAEO,YAAY,CAAC,OAAsB;QACzC,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,0BAA0B;QAC1B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/C,UAAU,CAAC,IAAI,CACb,WAAW,OAAO,CAAC,OAAO,yBAAyB,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC7F,CAAC;QACJ,CAAC;QAED,8DAA8D;QAC9D,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACzD,UAAU,CAAC,IAAI,CACb,YAAY,OAAO,CAAC,EAAE,sBAAsB,CAC7C,CAAC;QACJ,CAAC;QAED,kEAAkE;QAClE,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC/D,UAAU,CAAC,IAAI,CACb,YAAY,OAAO,CAAC,QAAQ,sBAAsB,CACnD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACpC,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;gBACjD,UAAU,CAAC,IAAI,CACb,UAAU,OAAO,CAAC,SAAS,gBAAgB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CACtE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YACjD,MAAM,WAAW,GAAG,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC;YAEhE,IAAI,OAAO,CAAC,QAAQ,GAAG,UAAU,EAAE,CAAC;gBAClC,UAAU,CAAC,IAAI,CACb,YAAY,OAAO,CAAC,QAAQ,yBAAyB,UAAU,GAAG,CACnE,CAAC;YACJ,CAAC;iBAAM,IAAI,OAAO,CAAC,QAAQ,GAAG,WAAW,EAAE,CAAC;gBAC1C,UAAU,CAAC,IAAI,CACb,YAAY,OAAO,CAAC,QAAQ,yBAAyB,WAAW,GAAG,CACpE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF"}
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
export const aaveV3Evaluator = {
|
|
2
|
+
protocol: 'aave_v3',
|
|
3
|
+
evaluate(intent, config) {
|
|
4
|
+
if (intent.protocol !== 'aave_v3') {
|
|
5
|
+
return [`aave_v3 evaluator received non-aave_v3 intent: ${intent.protocol}`];
|
|
6
|
+
}
|
|
7
|
+
const violations = [];
|
|
8
|
+
const { action } = intent;
|
|
9
|
+
switch (action) {
|
|
10
|
+
case 'supply': {
|
|
11
|
+
// Token allowlist: check asset (the reserve token, not intent.to which is the Pool)
|
|
12
|
+
if (config.tokenAllowlist && config.tokenAllowlist.length > 0) {
|
|
13
|
+
const normalizedAsset = intent.args.asset.toLowerCase();
|
|
14
|
+
const allowed = config.tokenAllowlist.some((t) => t.toLowerCase() === normalizedAsset);
|
|
15
|
+
if (!allowed) {
|
|
16
|
+
violations.push(`asset ${intent.args.asset} not in tokenAllowlist`);
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
// Recipient allowlist: check onBehalfOf
|
|
20
|
+
if (config.recipientAllowlist && config.recipientAllowlist.length > 0) {
|
|
21
|
+
const normalizedRecipient = intent.args.onBehalfOf.toLowerCase();
|
|
22
|
+
const allowed = config.recipientAllowlist.some((r) => r.toLowerCase() === normalizedRecipient);
|
|
23
|
+
if (!allowed) {
|
|
24
|
+
violations.push(`onBehalfOf ${intent.args.onBehalfOf} not in recipientAllowlist`);
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
// maxAmountWei
|
|
28
|
+
if (config.maxAmountWei !== undefined && intent.args.amount > config.maxAmountWei) {
|
|
29
|
+
violations.push(`amount ${intent.args.amount} exceeds maxAmountWei ${config.maxAmountWei}`);
|
|
30
|
+
}
|
|
31
|
+
break;
|
|
32
|
+
}
|
|
33
|
+
case 'borrow': {
|
|
34
|
+
// Token allowlist
|
|
35
|
+
if (config.tokenAllowlist && config.tokenAllowlist.length > 0) {
|
|
36
|
+
const normalizedAsset = intent.args.asset.toLowerCase();
|
|
37
|
+
const allowed = config.tokenAllowlist.some((t) => t.toLowerCase() === normalizedAsset);
|
|
38
|
+
if (!allowed) {
|
|
39
|
+
violations.push(`asset ${intent.args.asset} not in tokenAllowlist`);
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
// Recipient allowlist: check onBehalfOf
|
|
43
|
+
if (config.recipientAllowlist && config.recipientAllowlist.length > 0) {
|
|
44
|
+
const normalizedRecipient = intent.args.onBehalfOf.toLowerCase();
|
|
45
|
+
const allowed = config.recipientAllowlist.some((r) => r.toLowerCase() === normalizedRecipient);
|
|
46
|
+
if (!allowed) {
|
|
47
|
+
violations.push(`onBehalfOf ${intent.args.onBehalfOf} not in recipientAllowlist`);
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
// maxInterestRateMode
|
|
51
|
+
if (config.maxInterestRateMode !== undefined &&
|
|
52
|
+
Number(intent.args.interestRateMode) > config.maxInterestRateMode) {
|
|
53
|
+
violations.push(`interestRateMode ${intent.args.interestRateMode} exceeds maxInterestRateMode ${config.maxInterestRateMode}`);
|
|
54
|
+
}
|
|
55
|
+
// maxAmountWei
|
|
56
|
+
if (config.maxAmountWei !== undefined && intent.args.amount > config.maxAmountWei) {
|
|
57
|
+
violations.push(`amount ${intent.args.amount} exceeds maxAmountWei ${config.maxAmountWei}`);
|
|
58
|
+
}
|
|
59
|
+
break;
|
|
60
|
+
}
|
|
61
|
+
case 'repay': {
|
|
62
|
+
// Token allowlist
|
|
63
|
+
if (config.tokenAllowlist && config.tokenAllowlist.length > 0) {
|
|
64
|
+
const normalizedAsset = intent.args.asset.toLowerCase();
|
|
65
|
+
const allowed = config.tokenAllowlist.some((t) => t.toLowerCase() === normalizedAsset);
|
|
66
|
+
if (!allowed) {
|
|
67
|
+
violations.push(`asset ${intent.args.asset} not in tokenAllowlist`);
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
// Recipient allowlist: check onBehalfOf
|
|
71
|
+
if (config.recipientAllowlist && config.recipientAllowlist.length > 0) {
|
|
72
|
+
const normalizedRecipient = intent.args.onBehalfOf.toLowerCase();
|
|
73
|
+
const allowed = config.recipientAllowlist.some((r) => r.toLowerCase() === normalizedRecipient);
|
|
74
|
+
if (!allowed) {
|
|
75
|
+
violations.push(`onBehalfOf ${intent.args.onBehalfOf} not in recipientAllowlist`);
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
// maxInterestRateMode
|
|
79
|
+
if (config.maxInterestRateMode !== undefined &&
|
|
80
|
+
Number(intent.args.interestRateMode) > config.maxInterestRateMode) {
|
|
81
|
+
violations.push(`interestRateMode ${intent.args.interestRateMode} exceeds maxInterestRateMode ${config.maxInterestRateMode}`);
|
|
82
|
+
}
|
|
83
|
+
// maxAmountWei
|
|
84
|
+
if (config.maxAmountWei !== undefined && intent.args.amount > config.maxAmountWei) {
|
|
85
|
+
violations.push(`amount ${intent.args.amount} exceeds maxAmountWei ${config.maxAmountWei}`);
|
|
86
|
+
}
|
|
87
|
+
break;
|
|
88
|
+
}
|
|
89
|
+
case 'withdraw': {
|
|
90
|
+
// Token allowlist
|
|
91
|
+
if (config.tokenAllowlist && config.tokenAllowlist.length > 0) {
|
|
92
|
+
const normalizedAsset = intent.args.asset.toLowerCase();
|
|
93
|
+
const allowed = config.tokenAllowlist.some((t) => t.toLowerCase() === normalizedAsset);
|
|
94
|
+
if (!allowed) {
|
|
95
|
+
violations.push(`asset ${intent.args.asset} not in tokenAllowlist`);
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
// Recipient allowlist: check to
|
|
99
|
+
if (config.recipientAllowlist && config.recipientAllowlist.length > 0) {
|
|
100
|
+
const normalizedTo = intent.args.to.toLowerCase();
|
|
101
|
+
const allowed = config.recipientAllowlist.some((r) => r.toLowerCase() === normalizedTo);
|
|
102
|
+
if (!allowed) {
|
|
103
|
+
violations.push(`to ${intent.args.to} not in recipientAllowlist`);
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
// maxAmountWei
|
|
107
|
+
if (config.maxAmountWei !== undefined && intent.args.amount > config.maxAmountWei) {
|
|
108
|
+
violations.push(`amount ${intent.args.amount} exceeds maxAmountWei ${config.maxAmountWei}`);
|
|
109
|
+
}
|
|
110
|
+
break;
|
|
111
|
+
}
|
|
112
|
+
default:
|
|
113
|
+
violations.push(`Unknown aave_v3 action '${action}'; policy cannot evaluate`);
|
|
114
|
+
}
|
|
115
|
+
return violations;
|
|
116
|
+
},
|
|
117
|
+
};
|
|
118
|
+
//# sourceMappingURL=aave-v3.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aave-v3.js","sourceRoot":"","sources":["../../../../src/protocols/policy/evaluators/aave-v3.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,MAAM,eAAe,GAA4B;IACtD,QAAQ,EAAE,SAAS;IAEnB,QAAQ,CAAC,MAAqB,EAAE,MAA4B;QAC1D,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAClC,OAAO,CAAC,kDAAkD,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;QAE1B,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,QAAQ,CAAC,CAAC,CAAC;gBACd,oFAAoF;gBACpF,IAAI,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC9D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;oBACxD,MAAM,OAAO,GAAG,MAAM,CAAC,cAAc,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,eAAe,CAC3C,CAAC;oBACF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,UAAU,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,IAAI,CAAC,KAAK,wBAAwB,CAAC,CAAC;oBACtE,CAAC;gBACH,CAAC;gBAED,wCAAwC;gBACxC,IAAI,MAAM,CAAC,kBAAkB,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtE,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;oBACjE,MAAM,OAAO,GAAG,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,mBAAmB,CAC/C,CAAC;oBACF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,UAAU,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,IAAI,CAAC,UAAU,4BAA4B,CAAC,CAAC;oBACpF,CAAC;gBACH,CAAC;gBAED,eAAe;gBACf,IAAI,MAAM,CAAC,YAAY,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC;oBAClF,UAAU,CAAC,IAAI,CACb,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,yBAAyB,MAAM,CAAC,YAAY,EAAE,CAC3E,CAAC;gBACJ,CAAC;gBAED,MAAM;YACR,CAAC;YAED,KAAK,QAAQ,CAAC,CAAC,CAAC;gBACd,kBAAkB;gBAClB,IAAI,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC9D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;oBACxD,MAAM,OAAO,GAAG,MAAM,CAAC,cAAc,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,eAAe,CAC3C,CAAC;oBACF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,UAAU,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,IAAI,CAAC,KAAK,wBAAwB,CAAC,CAAC;oBACtE,CAAC;gBACH,CAAC;gBAED,wCAAwC;gBACxC,IAAI,MAAM,CAAC,kBAAkB,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtE,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;oBACjE,MAAM,OAAO,GAAG,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,mBAAmB,CAC/C,CAAC;oBACF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,UAAU,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,IAAI,CAAC,UAAU,4BAA4B,CAAC,CAAC;oBACpF,CAAC;gBACH,CAAC;gBAED,sBAAsB;gBACtB,IACE,MAAM,CAAC,mBAAmB,KAAK,SAAS;oBACxC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAC,mBAAmB,EACjE,CAAC;oBACD,UAAU,CAAC,IAAI,CACb,oBAAoB,MAAM,CAAC,IAAI,CAAC,gBAAgB,gCAAgC,MAAM,CAAC,mBAAmB,EAAE,CAC7G,CAAC;gBACJ,CAAC;gBAED,eAAe;gBACf,IAAI,MAAM,CAAC,YAAY,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC;oBAClF,UAAU,CAAC,IAAI,CACb,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,yBAAyB,MAAM,CAAC,YAAY,EAAE,CAC3E,CAAC;gBACJ,CAAC;gBAED,MAAM;YACR,CAAC;YAED,KAAK,OAAO,CAAC,CAAC,CAAC;gBACb,kBAAkB;gBAClB,IAAI,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC9D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;oBACxD,MAAM,OAAO,GAAG,MAAM,CAAC,cAAc,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,eAAe,CAC3C,CAAC;oBACF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,UAAU,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,IAAI,CAAC,KAAK,wBAAwB,CAAC,CAAC;oBACtE,CAAC;gBACH,CAAC;gBAED,wCAAwC;gBACxC,IAAI,MAAM,CAAC,kBAAkB,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtE,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;oBACjE,MAAM,OAAO,GAAG,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,mBAAmB,CAC/C,CAAC;oBACF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,UAAU,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,IAAI,CAAC,UAAU,4BAA4B,CAAC,CAAC;oBACpF,CAAC;gBACH,CAAC;gBAED,sBAAsB;gBACtB,IACE,MAAM,CAAC,mBAAmB,KAAK,SAAS;oBACxC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAC,mBAAmB,EACjE,CAAC;oBACD,UAAU,CAAC,IAAI,CACb,oBAAoB,MAAM,CAAC,IAAI,CAAC,gBAAgB,gCAAgC,MAAM,CAAC,mBAAmB,EAAE,CAC7G,CAAC;gBACJ,CAAC;gBAED,eAAe;gBACf,IAAI,MAAM,CAAC,YAAY,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC;oBAClF,UAAU,CAAC,IAAI,CACb,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,yBAAyB,MAAM,CAAC,YAAY,EAAE,CAC3E,CAAC;gBACJ,CAAC;gBAED,MAAM;YACR,CAAC;YAED,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,kBAAkB;gBAClB,IAAI,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC9D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;oBACxD,MAAM,OAAO,GAAG,MAAM,CAAC,cAAc,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,eAAe,CAC3C,CAAC;oBACF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,UAAU,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,IAAI,CAAC,KAAK,wBAAwB,CAAC,CAAC;oBACtE,CAAC;gBACH,CAAC;gBAED,gCAAgC;gBAChC,IAAI,MAAM,CAAC,kBAAkB,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtE,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;oBAClD,MAAM,OAAO,GAAG,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,YAAY,CACxC,CAAC;oBACF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,UAAU,CAAC,IAAI,CAAC,MAAM,MAAM,CAAC,IAAI,CAAC,EAAE,4BAA4B,CAAC,CAAC;oBACpE,CAAC;gBACH,CAAC;gBAED,eAAe;gBACf,IAAI,MAAM,CAAC,YAAY,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC;oBAClF,UAAU,CAAC,IAAI,CACb,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,yBAAyB,MAAM,CAAC,YAAY,EAAE,CAC3E,CAAC;gBACJ,CAAC;gBAED,MAAM;YACR,CAAC;YAED;gBACE,UAAU,CAAC,IAAI,CACb,2BAA2B,MAAgB,2BAA2B,CACvE,CAAC;QACN,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC"}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
export const erc20Evaluator = {
|
|
2
|
+
protocol: 'erc20',
|
|
3
|
+
evaluate(intent, config) {
|
|
4
|
+
if (intent.protocol !== 'erc20') {
|
|
5
|
+
return [`erc20 evaluator received non-erc20 intent: ${intent.protocol}`];
|
|
6
|
+
}
|
|
7
|
+
const violations = [];
|
|
8
|
+
// Check token (contract address) allowlist
|
|
9
|
+
if (config.tokenAllowlist && config.tokenAllowlist.length > 0) {
|
|
10
|
+
const normalizedToken = intent.to.toLowerCase();
|
|
11
|
+
const allowed = config.tokenAllowlist.some((t) => t.toLowerCase() === normalizedToken);
|
|
12
|
+
if (!allowed) {
|
|
13
|
+
violations.push(`token ${intent.to} not in tokenAllowlist`);
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
switch (intent.action) {
|
|
17
|
+
case 'approve': {
|
|
18
|
+
// Check spender allowlist
|
|
19
|
+
if (config.recipientAllowlist && config.recipientAllowlist.length > 0) {
|
|
20
|
+
const normalizedSpender = intent.args.spender.toLowerCase();
|
|
21
|
+
const allowed = config.recipientAllowlist.some((r) => r.toLowerCase() === normalizedSpender);
|
|
22
|
+
if (!allowed) {
|
|
23
|
+
violations.push(`spender ${intent.args.spender} not in recipientAllowlist`);
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
// Check allowance cap
|
|
27
|
+
if (config.maxAllowanceWei !== undefined) {
|
|
28
|
+
if (intent.args.amount > config.maxAllowanceWei) {
|
|
29
|
+
violations.push(`approve amount ${intent.args.amount} exceeds maxAllowanceWei ${config.maxAllowanceWei}`);
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
break;
|
|
33
|
+
}
|
|
34
|
+
case 'transfer': {
|
|
35
|
+
// Check recipient allowlist
|
|
36
|
+
if (config.recipientAllowlist && config.recipientAllowlist.length > 0) {
|
|
37
|
+
const normalizedRecipient = intent.args.to.toLowerCase();
|
|
38
|
+
const allowed = config.recipientAllowlist.some((r) => r.toLowerCase() === normalizedRecipient);
|
|
39
|
+
if (!allowed) {
|
|
40
|
+
violations.push(`recipient ${intent.args.to} not in recipientAllowlist`);
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
// Check transfer amount cap
|
|
44
|
+
if (config.maxAllowanceWei !== undefined) {
|
|
45
|
+
if (intent.args.amount > config.maxAllowanceWei) {
|
|
46
|
+
violations.push(`transfer amount ${intent.args.amount} exceeds maxAllowanceWei ${config.maxAllowanceWei}`);
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
break;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
return violations;
|
|
53
|
+
},
|
|
54
|
+
};
|
|
55
|
+
//# sourceMappingURL=erc20.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"erc20.js","sourceRoot":"","sources":["../../../../src/protocols/policy/evaluators/erc20.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,MAAM,cAAc,GAA4B;IACrD,QAAQ,EAAE,OAAO;IAEjB,QAAQ,CAAC,MAAqB,EAAE,MAA4B;QAC1D,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChC,OAAO,CAAC,8CAA8C,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3E,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,2CAA2C;QAC3C,IAAI,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9D,MAAM,eAAe,GAAG,MAAM,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;YAChD,MAAM,OAAO,GAAG,MAAM,CAAC,cAAc,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,eAAe,CAC3C,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,UAAU,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,EAAE,wBAAwB,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;YACtB,KAAK,SAAS,CAAC,CAAC,CAAC;gBACf,0BAA0B;gBAC1B,IAAI,MAAM,CAAC,kBAAkB,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtE,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;oBAC5D,MAAM,OAAO,GAAG,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,iBAAiB,CAC7C,CAAC;oBACF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,UAAU,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,OAAO,4BAA4B,CAAC,CAAC;oBAC9E,CAAC;gBACH,CAAC;gBAED,sBAAsB;gBACtB,IAAI,MAAM,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;oBACzC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;wBAChD,UAAU,CAAC,IAAI,CACb,kBAAkB,MAAM,CAAC,IAAI,CAAC,MAAM,4BAA4B,MAAM,CAAC,eAAe,EAAE,CACzF,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,MAAM;YACR,CAAC;YAED,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,4BAA4B;gBAC5B,IAAI,MAAM,CAAC,kBAAkB,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtE,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;oBACzD,MAAM,OAAO,GAAG,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,mBAAmB,CAC/C,CAAC;oBACF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,UAAU,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,IAAI,CAAC,EAAE,4BAA4B,CAAC,CAAC;oBAC3E,CAAC;gBACH,CAAC;gBAED,4BAA4B;gBAC5B,IAAI,MAAM,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;oBACzC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;wBAChD,UAAU,CAAC,IAAI,CACb,mBAAmB,MAAM,CAAC,IAAI,CAAC,MAAM,4BAA4B,MAAM,CAAC,eAAe,EAAE,CAC1F,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC"}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
export const uniswapV3Evaluator = {
|
|
2
|
+
protocol: 'uniswap_v3',
|
|
3
|
+
evaluate(intent, config) {
|
|
4
|
+
if (intent.protocol !== 'uniswap_v3') {
|
|
5
|
+
return [`uniswap_v3 evaluator received non-uniswap_v3 intent: ${intent.protocol}`];
|
|
6
|
+
}
|
|
7
|
+
const violations = [];
|
|
8
|
+
const { action } = intent;
|
|
9
|
+
switch (action) {
|
|
10
|
+
case 'exactInputSingle': {
|
|
11
|
+
// Check token allowlist (both tokenIn and tokenOut)
|
|
12
|
+
if (config.tokenAllowlist && config.tokenAllowlist.length > 0) {
|
|
13
|
+
const normalizedIn = intent.args.tokenIn.toLowerCase();
|
|
14
|
+
const normalizedOut = intent.args.tokenOut.toLowerCase();
|
|
15
|
+
const allowedSet = new Set(config.tokenAllowlist.map((t) => t.toLowerCase()));
|
|
16
|
+
if (!allowedSet.has(normalizedIn)) {
|
|
17
|
+
violations.push(`tokenIn ${intent.args.tokenIn} not in tokenAllowlist`);
|
|
18
|
+
}
|
|
19
|
+
if (!allowedSet.has(normalizedOut)) {
|
|
20
|
+
violations.push(`tokenOut ${intent.args.tokenOut} not in tokenAllowlist`);
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
// Check recipient allowlist
|
|
24
|
+
if (config.recipientAllowlist && config.recipientAllowlist.length > 0) {
|
|
25
|
+
const normalizedRecipient = intent.args.recipient.toLowerCase();
|
|
26
|
+
const allowed = config.recipientAllowlist.some((r) => r.toLowerCase() === normalizedRecipient);
|
|
27
|
+
if (!allowed) {
|
|
28
|
+
violations.push(`recipient ${intent.args.recipient} not in recipientAllowlist`);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
// Check slippage protection: reject amountOutMinimum === 0 (infinite slippage)
|
|
32
|
+
// True slippage % validation requires a price oracle (deferred).
|
|
33
|
+
if (config.maxSlippageBps !== undefined) {
|
|
34
|
+
if (intent.args.amountOutMinimum === 0n) {
|
|
35
|
+
violations.push('amountOutMinimum is 0 (no slippage protection); maxSlippageBps policy requires non-zero minimum output');
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
break;
|
|
39
|
+
}
|
|
40
|
+
default:
|
|
41
|
+
violations.push(`Unknown uniswap_v3 action '${action}'; policy cannot evaluate`);
|
|
42
|
+
}
|
|
43
|
+
return violations;
|
|
44
|
+
},
|
|
45
|
+
};
|
|
46
|
+
//# sourceMappingURL=uniswap-v3.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"uniswap-v3.js","sourceRoot":"","sources":["../../../../src/protocols/policy/evaluators/uniswap-v3.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,MAAM,kBAAkB,GAA4B;IACzD,QAAQ,EAAE,YAAY;IAEtB,QAAQ,CAAC,MAAqB,EAAE,MAA4B;QAC1D,IAAI,MAAM,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;YACrC,OAAO,CAAC,wDAAwD,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;QAE1B,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,kBAAkB,CAAC,CAAC,CAAC;gBACxB,oDAAoD;gBACpD,IAAI,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;oBACvD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;oBACzD,MAAM,UAAU,GAAG,IAAI,GAAG,CACxB,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAClD,CAAC;oBAEF,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;wBAClC,UAAU,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,OAAO,wBAAwB,CAAC,CAAC;oBAC1E,CAAC;oBACD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;wBACnC,UAAU,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,IAAI,CAAC,QAAQ,wBAAwB,CAAC,CAAC;oBAC5E,CAAC;gBACH,CAAC;gBAED,4BAA4B;gBAC5B,IAAI,MAAM,CAAC,kBAAkB,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtE,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;oBAChE,MAAM,OAAO,GAAG,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,mBAAmB,CAC/C,CAAC;oBACF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,UAAU,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,IAAI,CAAC,SAAS,4BAA4B,CAAC,CAAC;oBAClF,CAAC;gBACH,CAAC;gBAED,+EAA+E;gBAC/E,iEAAiE;gBACjE,IAAI,MAAM,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;oBACxC,IAAI,MAAM,CAAC,IAAI,CAAC,gBAAgB,KAAK,EAAE,EAAE,CAAC;wBACxC,UAAU,CAAC,IAAI,CACb,wGAAwG,CACzG,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAED,MAAM;YACR,CAAC;YACD;gBACE,UAAU,CAAC,IAAI,CACb,8BAA8B,MAAgB,2BAA2B,CAC1E,CAAC;QACN,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { PolicyConfigV2 } from './types.js';
|
|
2
|
+
/**
|
|
3
|
+
* Parse a raw JSON object into a PolicyConfigV2.
|
|
4
|
+
* Pure function — no I/O. Validates with Zod, normalizes addresses and selectors to lowercase.
|
|
5
|
+
*/
|
|
6
|
+
export declare function parsePolicyConfig(raw: Record<string, unknown>): PolicyConfigV2;
|
|
7
|
+
/**
|
|
8
|
+
* Load and parse a policy configuration from a JSON file.
|
|
9
|
+
* Convenience wrapper around parsePolicyConfig for Node.js file I/O.
|
|
10
|
+
*/
|
|
11
|
+
export declare function loadPolicyConfigFromFile(path: string): PolicyConfigV2;
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import { readFileSync } from 'node:fs';
|
|
2
|
+
import { z } from 'zod';
|
|
3
|
+
// ─── Zod schema for runtime validation ───
|
|
4
|
+
const zodHexString = z.string().refine((v) => /^0x[0-9a-fA-F]*$/.test(v), { message: 'Must be a 0x-prefixed hex string' });
|
|
5
|
+
const zodBigIntString = z.union([z.string(), z.number().safe()]).transform((v, ctx) => {
|
|
6
|
+
try {
|
|
7
|
+
return BigInt(v);
|
|
8
|
+
}
|
|
9
|
+
catch {
|
|
10
|
+
ctx.addIssue({
|
|
11
|
+
code: 'custom',
|
|
12
|
+
message: 'Must be a BigInt-compatible value',
|
|
13
|
+
});
|
|
14
|
+
return z.NEVER;
|
|
15
|
+
}
|
|
16
|
+
});
|
|
17
|
+
const protocolPolicyConfigSchema = z.object({
|
|
18
|
+
tokenAllowlist: z.array(zodHexString).optional(),
|
|
19
|
+
recipientAllowlist: z.array(zodHexString).optional(),
|
|
20
|
+
maxSlippageBps: z.number().int().nonnegative().optional(),
|
|
21
|
+
maxInterestRateMode: z.number().int().nonnegative().optional(),
|
|
22
|
+
maxAllowanceWei: zodBigIntString.optional(),
|
|
23
|
+
maxAmountWei: zodBigIntString.optional(),
|
|
24
|
+
}).passthrough();
|
|
25
|
+
const policyConfigV2Schema = z.object({
|
|
26
|
+
allowedChainIds: z.array(z.number().int()).default([]),
|
|
27
|
+
allowedContracts: z.array(zodHexString).default([]),
|
|
28
|
+
allowedSelectors: z.array(zodHexString).default([]),
|
|
29
|
+
maxAmountWei: zodBigIntString.default(0n),
|
|
30
|
+
maxDeadlineSeconds: z.number().int().nonnegative().default(0),
|
|
31
|
+
protocolPolicies: z.record(z.string(), protocolPolicyConfigSchema).optional(),
|
|
32
|
+
}).passthrough();
|
|
33
|
+
/**
|
|
34
|
+
* Parse a raw JSON object into a PolicyConfigV2.
|
|
35
|
+
* Pure function — no I/O. Validates with Zod, normalizes addresses and selectors to lowercase.
|
|
36
|
+
*/
|
|
37
|
+
export function parsePolicyConfig(raw) {
|
|
38
|
+
const result = policyConfigV2Schema.safeParse(raw);
|
|
39
|
+
if (!result.success) {
|
|
40
|
+
const messages = result.error.issues
|
|
41
|
+
.map((i) => `${i.path.join('.')}: ${i.message}`)
|
|
42
|
+
.join('; ');
|
|
43
|
+
throw new Error(`Invalid policy configuration: ${messages}`);
|
|
44
|
+
}
|
|
45
|
+
const parsed = result.data;
|
|
46
|
+
return {
|
|
47
|
+
...parsed,
|
|
48
|
+
allowedContracts: parsed.allowedContracts.map((c) => c.toLowerCase()),
|
|
49
|
+
allowedSelectors: parsed.allowedSelectors.map((s) => s.toLowerCase()),
|
|
50
|
+
protocolPolicies: parsed.protocolPolicies
|
|
51
|
+
? Object.fromEntries(Object.entries(parsed.protocolPolicies).map(([protocol, config]) => [
|
|
52
|
+
protocol,
|
|
53
|
+
{
|
|
54
|
+
...config,
|
|
55
|
+
tokenAllowlist: config.tokenAllowlist?.map((t) => t.toLowerCase()),
|
|
56
|
+
recipientAllowlist: config.recipientAllowlist?.map((r) => r.toLowerCase()),
|
|
57
|
+
},
|
|
58
|
+
]))
|
|
59
|
+
: undefined,
|
|
60
|
+
};
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Load and parse a policy configuration from a JSON file.
|
|
64
|
+
* Convenience wrapper around parsePolicyConfig for Node.js file I/O.
|
|
65
|
+
*/
|
|
66
|
+
export function loadPolicyConfigFromFile(path) {
|
|
67
|
+
const raw = JSON.parse(readFileSync(path, 'utf-8'));
|
|
68
|
+
return parsePolicyConfig(raw);
|
|
69
|
+
}
|
|
70
|
+
//# sourceMappingURL=loader.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../../src/protocols/policy/loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,4CAA4C;AAE5C,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EACjC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAChD,CAAC;AAEF,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CACxE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE;IACT,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;QACH,OAAO,CAAC,CAAC,KAAK,CAAC;IACjB,CAAC;AACH,CAAC,CACF,CAAC;AAEF,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,cAAc,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;IAChD,kBAAkB,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;IACpD,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACzD,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAC9D,eAAe,EAAE,eAAe,CAAC,QAAQ,EAAE;IAC3C,YAAY,EAAE,eAAe,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC,WAAW,EAAE,CAAC;AAEjB,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACtD,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACnD,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACnD,YAAY,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;IACzC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7D,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,0BAA0B,CAAC,CAAC,QAAQ,EAAE;CAC9E,CAAC,CAAC,WAAW,EAAE,CAAC;AAEjB;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAA4B;IAC5D,MAAM,MAAM,GAAG,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACnD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM;aACjC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aAC/C,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC;IAE3B,OAAO;QACL,GAAG,MAAM;QACT,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAC3C,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CACZ;QACpB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAC3C,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CACZ;QACpB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACvC,CAAC,CAAC,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;gBAClE,QAAQ;gBACR;oBACE,GAAG,MAAM;oBACT,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,GAAG,CACxC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CACA;oBAChC,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,EAAE,GAAG,CAChD,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CACA;iBACjC;aACF,CAAC,CACH;YACH,CAAC,CAAC,SAAS;KACI,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CAAC,IAAY;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;IACpD,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC;AAChC,CAAC"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import type { Address } from 'viem';
|
|
2
|
+
import type { DecodedIntent } from '../types.js';
|
|
3
|
+
export interface PolicyConfig {
|
|
4
|
+
allowedChainIds: number[];
|
|
5
|
+
allowedContracts: `0x${string}`[];
|
|
6
|
+
allowedSelectors: `0x${string}`[];
|
|
7
|
+
maxAmountWei: bigint;
|
|
8
|
+
maxDeadlineSeconds: number;
|
|
9
|
+
}
|
|
10
|
+
export interface PolicyRequest {
|
|
11
|
+
chainId: number;
|
|
12
|
+
to: `0x${string}`;
|
|
13
|
+
selector?: `0x${string}`;
|
|
14
|
+
amountWei?: bigint;
|
|
15
|
+
deadline?: number;
|
|
16
|
+
}
|
|
17
|
+
export interface PolicyEvaluation {
|
|
18
|
+
allowed: boolean;
|
|
19
|
+
violations: string[];
|
|
20
|
+
}
|
|
21
|
+
export interface PolicyRequestV2 extends PolicyRequest {
|
|
22
|
+
intent?: DecodedIntent;
|
|
23
|
+
}
|
|
24
|
+
export interface ProtocolPolicyConfig {
|
|
25
|
+
tokenAllowlist?: Address[];
|
|
26
|
+
recipientAllowlist?: Address[];
|
|
27
|
+
maxSlippageBps?: number;
|
|
28
|
+
maxInterestRateMode?: number;
|
|
29
|
+
maxAllowanceWei?: bigint;
|
|
30
|
+
maxAmountWei?: bigint;
|
|
31
|
+
}
|
|
32
|
+
export interface PolicyConfigV2 extends PolicyConfig {
|
|
33
|
+
protocolPolicies?: Record<string, ProtocolPolicyConfig>;
|
|
34
|
+
}
|
|
35
|
+
export interface ProtocolPolicyEvaluator {
|
|
36
|
+
readonly protocol: string;
|
|
37
|
+
evaluate(intent: DecodedIntent, config: ProtocolPolicyConfig): string[];
|
|
38
|
+
}
|