@axonfi/sdk 0.5.5 → 0.7.0

package/README.md

@@ -318,6 +318,31 @@ await axon.getVaultInfo(); // owner, operator, version
 await axon.canPayTo('0xRecipient'); // destination allowed?
 ```
 
+### ERC-1271 Bot Signatures (External Protocol Signing)
+
+By default, only the vault owner's signatures are accepted by external protocols that check ERC-1271 (e.g., Permit2, Cowswap, Seaport). Bot signatures are rejected.
+
+If your bot needs to sign messages that external protocols validate against the vault (e.g., signing a Cowswap order, a Permit2 approval, or a Seaport listing), the vault owner must explicitly enable bot signing:
+
+```typescript
+// Check if ERC-1271 bot signing is enabled (direct chain read)
+import { isErc1271BotsEnabled, createAxonPublicClient } from '@axonfi/sdk';
+
+const publicClient = createAxonPublicClient(chainId, rpcUrl);
+const enabled = await isErc1271BotsEnabled(publicClient, vaultAddress);
+
+if (!enabled) {
+  console.log('ERC-1271 bot signatures are disabled on this vault.');
+  console.log('The vault owner must enable it via the dashboard or by calling setErc1271Bots(true).');
+}
+```
+
+**When to enable:** Only if your bots interact with protocols that verify signatures via ERC-1271 — Cowswap (off-chain order signing), Permit2 (gasless token approvals), Seaport (NFT marketplace listings).
+
+**When to keep disabled (default):** If your bots only make payments, execute DeFi calls, or rebalance tokens through Axon's standard `pay()` / `execute()` / `swap()` endpoints.
+
+**Security note:** If a bot key is compromised while ERC-1271 is enabled, the attacker could sign Permit2 approvals or marketplace listings that drain vault funds. The owner can disable it instantly via the dashboard or `setErc1271Bots(false)`.
+
 ### Utilities
 
 Helper functions for amount conversion, token resolution, and reference encoding.
@@ -366,7 +391,7 @@ Supports EIP-3009 (USDC, gasless) and Permit2 (any ERC-20) settlement schemes.
 ## Security Model
 
 - **Owners** control everything: bot whitelist, spending limits, withdrawal. Hardware wallet recommended.
-- **Bots** only sign payment intents. They never hold ETH, never submit transactions, and can be removed instantly.
+- **Bots** only sign payment intents. They never hold ETH, never submit transactions, and can be removed instantly. External protocol signing (ERC-1271) is disabled by default — must be explicitly enabled by the owner.
 - **Relayer** (Axon) can only execute bot-signed intents within configured limits. Cannot withdraw or modify vault config.
 - **If Axon goes offline**, the owner retains full withdrawal access directly through the on-chain vault contract.
 

package/dist/index.cjs

@@ -18,7 +18,7 @@ var PAYMENT_INTENT_TYPEHASH = viem.keccak256(
 );
 var EXECUTE_INTENT_TYPEHASH = viem.keccak256(
   viem.stringToBytes(
-    "ExecuteIntent(address bot,address protocol,bytes32 calldataHash,address token,uint256 amount,uint256 deadline,bytes32 ref)"
+    "ExecuteIntent(address bot,address protocol,bytes32 calldataHash,address token,uint256 amount,uint256 value,uint256 deadline,bytes32 ref)"
   )
 );
 var SWAP_INTENT_TYPEHASH = viem.keccak256(
@@ -155,6 +155,7 @@ var EXECUTE_INTENT_TYPES = {
     { name: "calldataHash", type: "bytes32" },
     { name: "token", type: "address" },
     { name: "amount", type: "uint256" },
+    { name: "value", type: "uint256" },
     { name: "deadline", type: "uint256" },
     { name: "ref", type: "bytes32" }
   ]
@@ -210,6 +211,7 @@ async function signExecuteIntent(walletClient, vaultAddress, chainId, intent) {
       calldataHash: intent.calldataHash,
       token: intent.token,
       amount: intent.amount,
+      value: intent.value,
       deadline: intent.deadline,
       ref: intent.ref
     }
@@ -241,18 +243,7 @@ function encodeRef(memo) {
 var AxonVaultAbi = [
   {
     "type": "constructor",
-    "inputs": [
-      {
-        "name": "_owner",
-        "type": "address",
-        "internalType": "address"
-      },
-      {
-        "name": "_axonRegistry",
-        "type": "address",
-        "internalType": "address"
-      }
-    ],
+    "inputs": [],
     "stateMutability": "nonpayable"
   },
   {
@@ -727,6 +718,11 @@ var AxonVaultAbi = [
             "type": "uint256",
             "internalType": "uint256"
           },
+          {
+            "name": "value",
+            "type": "uint256",
+            "internalType": "uint256"
+          },
           {
             "name": "deadline",
             "type": "uint256",
@@ -981,6 +977,24 @@ var AxonVaultAbi = [
     ],
     "stateMutability": "view"
   },
+  {
+    "type": "function",
+    "name": "initialize",
+    "inputs": [
+      {
+        "name": "_owner",
+        "type": "address",
+        "internalType": "address"
+      },
+      {
+        "name": "_axonRegistry",
+        "type": "address",
+        "internalType": "address"
+      }
+    ],
+    "outputs": [],
+    "stateMutability": "nonpayable"
+  },
   {
     "type": "function",
     "name": "isBotActive",
@@ -1019,6 +1033,56 @@ var AxonVaultAbi = [
     ],
     "stateMutability": "view"
   },
+  {
+    "type": "function",
+    "name": "isValidSignature",
+    "inputs": [
+      {
+        "name": "hash",
+        "type": "bytes32",
+        "internalType": "bytes32"
+      },
+      {
+        "name": "signature",
+        "type": "bytes",
+        "internalType": "bytes"
+      }
+    ],
+    "outputs": [
+      {
+        "name": "",
+        "type": "bytes4",
+        "internalType": "bytes4"
+      }
+    ],
+    "stateMutability": "view"
+  },
+  {
+    "type": "function",
+    "name": "erc1271BotsEnabled",
+    "inputs": [],
+    "outputs": [
+      {
+        "name": "",
+        "type": "bool",
+        "internalType": "bool"
+      }
+    ],
+    "stateMutability": "view"
+  },
+  {
+    "type": "function",
+    "name": "setErc1271Bots",
+    "inputs": [
+      {
+        "name": "enabled",
+        "type": "bool",
+        "internalType": "bool"
+      }
+    ],
+    "outputs": [],
+    "stateMutability": "nonpayable"
+  },
   {
     "type": "function",
     "name": "onERC1155BatchReceived",
@@ -1618,6 +1682,19 @@ var AxonVaultAbi = [
     "outputs": [],
     "stateMutability": "nonpayable"
   },
+  {
+    "type": "event",
+    "name": "ERC1271BotsToggled",
+    "inputs": [
+      {
+        "name": "enabled",
+        "type": "bool",
+        "indexed": false,
+        "internalType": "bool"
+      }
+    ],
+    "anonymous": false
+  },
   {
     "type": "event",
     "name": "BotAdded",
@@ -1858,6 +1935,19 @@ var AxonVaultAbi = [
     ],
     "anonymous": false
   },
+  {
+    "type": "event",
+    "name": "Initialized",
+    "inputs": [
+      {
+        "name": "version",
+        "type": "uint64",
+        "indexed": false,
+        "internalType": "uint64"
+      }
+    ],
+    "anonymous": false
+  },
   {
     "type": "event",
     "name": "OperatorCeilingsUpdated",
@@ -2046,6 +2136,12 @@ var AxonVaultAbi = [
         "indexed": false,
         "internalType": "uint256"
       },
+      {
+        "name": "value",
+        "type": "uint256",
+        "indexed": false,
+        "internalType": "uint256"
+      },
       {
         "name": "ref",
         "type": "bytes32",
@@ -2333,7 +2429,7 @@ var AxonVaultAbi = [
   },
   {
     "type": "error",
-    "name": "InvalidShortString",
+    "name": "InvalidInitialization",
     "inputs": []
   },
   {
@@ -2366,6 +2462,11 @@ var AxonVaultAbi = [
     "name": "NotAuthorizedRelayer",
     "inputs": []
   },
+  {
+    "type": "error",
+    "name": "NotInitializing",
+    "inputs": []
+  },
   {
     "type": "error",
     "name": "OperatorBotLimitReached",
@@ -2464,17 +2565,6 @@ var AxonVaultAbi = [
     "name": "SelfPayment",
     "inputs": []
   },
-  {
-    "type": "error",
-    "name": "StringTooLong",
-    "inputs": [
-      {
-        "name": "str",
-        "type": "string",
-        "internalType": "string"
-      }
-    ]
-  },
   {
     "type": "error",
     "name": "SwapFailed",
@@ -2577,6 +2667,19 @@ var AxonVaultFactoryAbi = [
     ],
     "stateMutability": "nonpayable"
   },
+  {
+    "type": "function",
+    "name": "implementation",
+    "inputs": [],
+    "outputs": [
+      {
+        "name": "",
+        "type": "address",
+        "internalType": "address"
+      }
+    ],
+    "stateMutability": "view"
+  },
   {
     "type": "function",
     "name": "owner",
@@ -2646,6 +2749,30 @@ var AxonVaultFactoryAbi = [
     ],
     "stateMutability": "view"
   },
+  {
+    "type": "function",
+    "name": "predictVaultAddress",
+    "inputs": [
+      {
+        "name": "owner",
+        "type": "address",
+        "internalType": "address"
+      },
+      {
+        "name": "nonce",
+        "type": "uint256",
+        "internalType": "uint256"
+      }
+    ],
+    "outputs": [
+      {
+        "name": "",
+        "type": "address",
+        "internalType": "address"
+      }
+    ],
+    "stateMutability": "view"
+  },
   {
     "type": "function",
     "name": "renounceOwnership",
@@ -2748,6 +2875,27 @@ var AxonVaultFactoryAbi = [
     ],
     "anonymous": false
   },
+  {
+    "type": "error",
+    "name": "FailedDeployment",
+    "inputs": []
+  },
+  {
+    "type": "error",
+    "name": "InsufficientBalance",
+    "inputs": [
+      {
+        "name": "balance",
+        "type": "uint256",
+        "internalType": "uint256"
+      },
+      {
+        "name": "needed",
+        "type": "uint256",
+        "internalType": "uint256"
+      }
+    ]
+  },
   {
     "type": "error",
     "name": "OwnableInvalidOwner",
@@ -3167,6 +3315,13 @@ async function operatorMaxDrainPerDay(publicClient, vaultAddress) {
     functionName: "operatorMaxDrainPerDay"
   });
 }
+async function isErc1271BotsEnabled(publicClient, vaultAddress) {
+  return publicClient.readContract({
+    address: vaultAddress,
+    abi: AxonVaultAbi,
+    functionName: "erc1271BotsEnabled"
+  });
+}
 async function isVaultPaused(publicClient, vaultAddress) {
   return publicClient.readContract({
     address: vaultAddress,
@@ -3291,6 +3446,16 @@ async function deployVault(walletClient, publicClient, relayerUrl) {
   }
   throw new Error("VaultDeployed event not found in transaction receipt");
 }
+async function predictVaultAddress(publicClient, owner, nonce, relayerUrl) {
+  const chainId = await publicClient.getChainId();
+  const factoryAddress = await getFactoryAddress(chainId, relayerUrl);
+  return publicClient.readContract({
+    address: factoryAddress,
+    abi: AxonVaultFactoryAbi,
+    functionName: "predictVaultAddress",
+    args: [owner, BigInt(nonce)]
+  });
+}
 async function addBot(walletClient, publicClient, vaultAddress, botAddress, config) {
   if (!walletClient.account) {
     throw new Error("walletClient has no account attached");
@@ -4046,6 +4211,7 @@ Timestamp: ${timestamp}`;
       calldataHash: viem.keccak256(input.callData),
       token: resolveToken(input.token, this.chainId),
       amount: parseAmount(input.amount, input.token, this.chainId),
+      value: input.value ?? 0n,
       deadline: input.deadline ?? this._defaultDeadline(),
       ref: this._resolveRef(input.memo, input.ref)
     };
@@ -4098,6 +4264,7 @@ Timestamp: ${timestamp}`;
       calldataHash: intent.calldataHash,
       token: intent.token,
       amount: intent.amount.toString(),
+      value: intent.value.toString(),
       deadline: intent.deadline.toString(),
       ref: intent.ref,
       signature,
@@ -4330,6 +4497,38 @@ var AxonRegistryAbi = [
     "outputs": [],
     "stateMutability": "nonpayable"
   },
+  {
+    "type": "function",
+    "name": "approveProtocol",
+    "inputs": [
+      {
+        "name": "protocol",
+        "type": "address",
+        "internalType": "address"
+      }
+    ],
+    "outputs": [],
+    "stateMutability": "nonpayable"
+  },
+  {
+    "type": "function",
+    "name": "isApprovedProtocol",
+    "inputs": [
+      {
+        "name": "protocol",
+        "type": "address",
+        "internalType": "address"
+      }
+    ],
+    "outputs": [
+      {
+        "name": "",
+        "type": "bool",
+        "internalType": "bool"
+      }
+    ],
+    "stateMutability": "view"
+  },
   {
     "type": "function",
     "name": "isApprovedSwapRouter",
@@ -4459,6 +4658,19 @@ var AxonRegistryAbi = [
     "outputs": [],
     "stateMutability": "nonpayable"
   },
+  {
+    "type": "function",
+    "name": "revokeProtocol",
+    "inputs": [
+      {
+        "name": "protocol",
+        "type": "address",
+        "internalType": "address"
+      }
+    ],
+    "outputs": [],
+    "stateMutability": "nonpayable"
+  },
   {
     "type": "function",
     "name": "setOracleConfig",
@@ -4623,6 +4835,32 @@ var AxonRegistryAbi = [
     ],
     "anonymous": false
   },
+  {
+    "type": "event",
+    "name": "ProtocolApproved",
+    "inputs": [
+      {
+        "name": "protocol",
+        "type": "address",
+        "indexed": true,
+        "internalType": "address"
+      }
+    ],
+    "anonymous": false
+  },
+  {
+    "type": "event",
+    "name": "ProtocolRevoked",
+    "inputs": [
+      {
+        "name": "protocol",
+        "type": "address",
+        "indexed": true,
+        "internalType": "address"
+      }
+    ],
+    "anonymous": false
+  },
   {
     "type": "event",
     "name": "RelayerAdded",
@@ -4775,12 +5013,14 @@ exports.getVaultOwner = getVaultOwner;
 exports.getVaultVersion = getVaultVersion;
 exports.isBotActive = isBotActive;
 exports.isDestinationAllowed = isDestinationAllowed;
+exports.isErc1271BotsEnabled = isErc1271BotsEnabled;
 exports.isRebalanceTokenWhitelisted = isRebalanceTokenWhitelisted;
 exports.isVaultPaused = isVaultPaused;
 exports.operatorMaxDrainPerDay = operatorMaxDrainPerDay;
 exports.parseAmount = parseAmount;
 exports.parseChainId = parseChainId;
 exports.parsePaymentRequired = parsePaymentRequired;
+exports.predictVaultAddress = predictVaultAddress;
 exports.randomNonce = randomNonce;
 exports.randomPermit2Nonce = randomPermit2Nonce;
 exports.removeBot = removeBot;