@charterlabs/rhinestone-sdk 0.3.9 → 0.4.2

package/dist/src/modules/validators/policies/claim/permit2.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permit2.d.ts","sourceRoot":"","sources":["../../../../../../modules/validators/policies/claim/permit2.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,OAAO,EAIZ,KAAK,GAAG,EAKT,MAAM,MAAM,CAAA;AACb,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA;AAiD3D,oFAAoF;AACpF,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,SAAS;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,EAAE,CAAA;IACxD,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE;QACP,MAAM,EAAE;YACN,SAAS,EAAE,OAAO,CAAA;YAClB,QAAQ,EAAE,SAAS;gBAAE,KAAK,EAAE,OAAO,CAAC;gBAAC,MAAM,EAAE,MAAM,CAAA;aAAE,EAAE,CAAA;YACvD,WAAW,EAAE,MAAM,CAAA;YACnB,UAAU,EAAE,MAAM,CAAA;SACnB,CAAA;QACD,MAAM,EAAE,MAAM,CAAA;QACd,SAAS,EAAE;YACT,EAAE,EAAE,GAAG,CAAA;YACP,GAAG,EAAE,SAAS;gBAAE,EAAE,EAAE,OAAO,CAAC;gBAAC,KAAK,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,GAAG,CAAA;aAAE,EAAE,CAAA;SAC1D,CAAA;QACD,OAAO,EAAE;YACP,EAAE,EAAE,GAAG,CAAA;YACP,GAAG,EAAE,SAAS;gBAAE,EAAE,EAAE,OAAO,CAAC;gBAAC,KAAK,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,GAAG,CAAA;aAAE,EAAE,CAAA;SAC1D,CAAA;QACD,CAAC,EAAE,GAAG,CAAA;KACP,CAAA;CACF;AA+ED;;;;;;;;;GASG;AACH,wBAAgB,+BAA+B,CAC7C,MAAM,EAAE,kBAAkB,EAC1B,OAAO,EAAE,mBAAmB,GAC3B,GAAG,CA2EL;AAED,eAAO,MAAM,4BAA4B,EAAE,OACG,CAAA;AAE9C,wBAAgB,gCAAgC,CAC9C,MAAM,EAAE,kBAAkB,GACzB,GAAG,CA2FL"}

package/dist/src/modules/validators/policies/claim/permit2.js

@@ -0,0 +1,239 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PERMIT2_CLAIM_POLICY_ADDRESS = void 0;
+exports.buildPermit2ClaimPolicyCalldata = buildPermit2ClaimPolicyCalldata;
+exports.encodePermit2ClaimPolicyInitData = encodePermit2ClaimPolicyInitData;
+const viem_1 = require("viem");
+const types_1 = require("./types");
+// EIP-712 type definitions for Permit2/Mandate struct encoding.
+// Note: the token-out struct is named 'Token' in the Solidity contract (matching the
+// signed Permit2 message types in execution/permit2.ts).
+const PERMIT2_TYPES = {
+    TokenPermissions: [
+        { name: 'token', type: 'address' },
+        { name: 'amount', type: 'uint256' },
+    ],
+    Token: [
+        { name: 'token', type: 'address' },
+        { name: 'amount', type: 'uint256' },
+    ],
+    Ops: [
+        { name: 'to', type: 'address' },
+        { name: 'value', type: 'uint256' },
+        { name: 'data', type: 'bytes' },
+    ],
+    Op: [
+        { name: 'vt', type: 'bytes32' },
+        { name: 'ops', type: 'Ops[]' },
+    ],
+    Target: [
+        { name: 'recipient', type: 'address' },
+        { name: 'tokenOut', type: 'Token[]' },
+        { name: 'targetChain', type: 'uint256' },
+        { name: 'fillExpiry', type: 'uint256' },
+    ],
+    Mandate: [
+        { name: 'target', type: 'Target' },
+        { name: 'minGas', type: 'uint128' },
+        { name: 'originOps', type: 'Op' },
+        { name: 'destOps', type: 'Op' },
+        { name: 'q', type: 'bytes32' },
+    ],
+};
+// --- EIP-712 hash helpers ---
+function hashArray(hashes) {
+    return (0, viem_1.keccak256)(hashes.length > 0 ? (0, viem_1.concat)(hashes) : '0x');
+}
+function hashTokenPermissionsArray(permitted) {
+    return hashArray(permitted.map(({ token, amount }) => (0, viem_1.hashStruct)({
+        primaryType: 'TokenPermissions',
+        types: PERMIT2_TYPES,
+        data: { token, amount },
+    })));
+}
+function hashTokenOutArray(tokenOut) {
+    return hashArray(tokenOut.map(({ token, amount }) => (0, viem_1.hashStruct)({
+        primaryType: 'Token',
+        types: PERMIT2_TYPES,
+        data: { token, amount },
+    })));
+}
+function hashOpStruct(op) {
+    return (0, viem_1.hashStruct)({
+        primaryType: 'Op',
+        types: PERMIT2_TYPES,
+        data: { vt: op.vt, ops: Array.from(op.ops) },
+    });
+}
+function hashMandateStruct(mandate) {
+    return (0, viem_1.hashStruct)({
+        primaryType: 'Mandate',
+        types: PERMIT2_TYPES,
+        data: {
+            target: {
+                recipient: mandate.target.recipient,
+                tokenOut: Array.from(mandate.target.tokenOut),
+                targetChain: mandate.target.targetChain,
+                fillExpiry: mandate.target.fillExpiry,
+            },
+            minGas: mandate.minGas,
+            originOps: {
+                vt: mandate.originOps.vt,
+                ops: Array.from(mandate.originOps.ops),
+            },
+            destOps: { vt: mandate.destOps.vt, ops: Array.from(mandate.destOps.ops) },
+            q: mandate.q,
+        },
+    });
+}
+// --- Token array encoding helpers ---
+/** Encodes a token+amount pair as [token_as_uint256:32][amount:32] (64 bytes) */
+function encodeTokenEntry(token, amount) {
+    return (0, viem_1.encodeAbiParameters)([{ type: 'address' }, { type: 'uint256' }], [token, amount]);
+}
+/**
+ * Builds the policySpecificData calldata for a Permit2ClaimPolicy EIP-1271 check.
+ *
+ * Format (derived from Permit2ClaimPolicy.sol calldata layout):
+ *   Header:  [spender:20][nonce:32][deadline:32]
+ *   TokenIn: expanded [count:1][token:32][amount:32]... OR pre-computed hash [32]
+ *   Mandate: if any target check enabled — expanded target + minGas:16 + ops hashes + q
+ *            else — pre-computed mandateHash [32]
+ *
+ */
+function buildPermit2ClaimPolicyCalldata(policy, message) {
+    const tokenInEnabled = !!policy.tokensIn?.length;
+    const recipientEnabled = !!policy.recipients?.length;
+    const fillExpiryEnabled = !!policy.fillExpiryBounds?.length;
+    const tokenOutEnabled = !!policy.tokensOut?.length;
+    const recipientIsSponsorEnabled = !!policy.recipientIsSponsor;
+    // hasAnyTargetCheck mirrors the Solidity MASK_TARGET_CHECKS logic for our supported fields
+    const hasAnyTargetCheck = recipientEnabled ||
+        fillExpiryEnabled ||
+        tokenOutEnabled ||
+        recipientIsSponsorEnabled;
+    const parts = [];
+    // Header: [spender:20][nonce:32][deadline:32]  (spender == arbiter in Permit2 context)
+    parts.push((0, viem_1.encodePacked)(['address', 'uint256', 'uint256'], [message.spender, message.nonce, message.deadline]));
+    // TokenIn section
+    if (tokenInEnabled) {
+        // Expanded: [count:1][token_as_uint256:32][amount:32]...
+        if (message.permitted.length > 255)
+            throw new Error('permitted array exceeds max length of 255');
+        parts.push((0, viem_1.toHex)(message.permitted.length, { size: 1 }));
+        for (const { token, amount } of message.permitted) {
+            parts.push(encodeTokenEntry(token, amount));
+        }
+    }
+    else {
+        parts.push(hashTokenPermissionsArray(message.permitted));
+    }
+    // Mandate section
+    if (!hasAnyTargetCheck) {
+        // No mandate-level checks enabled — provide pre-computed mandateHash
+        parts.push(hashMandateStruct(message.mandate));
+    }
+    else {
+        // Expanded mandate: target fields + minGas + ops hashes + q
+        const target = message.mandate.target;
+        // Target: [recipient:20][targetChain:32][fillExpiry:32]
+        parts.push((0, viem_1.encodePacked)(['address', 'uint256', 'uint256'], [target.recipient, target.targetChain, target.fillExpiry]));
+        // TokenOut (inside target)
+        if (tokenOutEnabled) {
+            if (target.tokenOut.length > 255)
+                throw new Error('tokenOut array exceeds max length of 255');
+            parts.push((0, viem_1.toHex)(target.tokenOut.length, { size: 1 }));
+            for (const { token, amount } of target.tokenOut) {
+                parts.push(encodeTokenEntry(token, amount));
+            }
+        }
+        else {
+            parts.push(hashTokenOutArray(target.tokenOut));
+        }
+        // minGas: uint128 = 16 bytes
+        parts.push((0, viem_1.toHex)(message.mandate.minGas, { size: 16 }));
+        // originOpsHash and destOpsHash: always 32-byte hashes (we don't support ops checks)
+        parts.push(hashOpStruct(message.mandate.originOps));
+        parts.push(hashOpStruct(message.mandate.destOps));
+        // qualificationHash: q is already keccak256(qualifier.encodedVal)
+        parts.push(message.mandate.q);
+    }
+    return (0, viem_1.concat)(parts);
+}
+exports.PERMIT2_CLAIM_POLICY_ADDRESS = '0x62E3588C6d861C9f986E82EC3757434EDF16ce91';
+function encodePermit2ClaimPolicyInitData(policy) {
+    let modeConfig = 0;
+    const setMode = (fieldId) => {
+        modeConfig |= types_1.MODE_CHECK_STORAGE << (fieldId * 2);
+    };
+    if (policy.arbiters?.length)
+        setMode(types_1.FIELD_ARBITER);
+    if (policy.expiryBounds)
+        setMode(types_1.FIELD_EXPIRY);
+    if (policy.tokensIn?.length)
+        setMode(types_1.FIELD_TOKEN_IN);
+    if (policy.recipients?.length)
+        setMode(types_1.FIELD_RECIPIENT);
+    if (policy.fillExpiryBounds?.length)
+        setMode(types_1.FIELD_FILL_EXPIRY);
+    if (policy.tokensOut?.length)
+        setMode(types_1.FIELD_TOKEN_OUT);
+    if (policy.recipientIsSponsor)
+        setMode(types_1.FIELD_RECIPIENT_IS_SPONSOR);
+    const parts = [(0, viem_1.toHex)(modeConfig, { size: 4 })];
+    // Arbiter: [count: 1][address: 20] each
+    if (policy.arbiters?.length) {
+        if (policy.arbiters.length > 255)
+            throw new Error('arbiters array exceeds max length of 255');
+        parts.push((0, viem_1.encodePacked)(['uint8', ...policy.arbiters.map(() => 'address')], [policy.arbiters.length, ...policy.arbiters]));
+    }
+    // Expiry: [maxExpiry: 16][minExpiry: 16] packed into uint256
+    if (policy.expiryBounds) {
+        const mask128 = (1n << 128n) - 1n;
+        const min = (policy.expiryBounds.min ?? 0n) & mask128;
+        const max = (policy.expiryBounds.max ?? viem_1.maxUint256) & mask128;
+        parts.push((0, viem_1.toHex)((min & mask128) | (max << 128n), { size: 32 }));
+    }
+    // TokenIn: [count: 1][chainId: 32][token: 20] each
+    if (policy.tokensIn?.length) {
+        if (policy.tokensIn.length > 255)
+            throw new Error('tokensIn array exceeds max length of 255');
+        parts.push((0, viem_1.toHex)(policy.tokensIn.length, { size: 1 }));
+        for (const { chainId, token } of policy.tokensIn) {
+            parts.push((0, viem_1.encodePacked)(['uint256', 'address'], [BigInt(chainId), token]));
+        }
+    }
+    // Recipient: [count: 1][chainId: 32][recipient: 20] each
+    if (policy.recipients?.length) {
+        if (policy.recipients.length > 255)
+            throw new Error('recipients array exceeds max length of 255');
+        parts.push((0, viem_1.toHex)(policy.recipients.length, { size: 1 }));
+        for (const { chainId, recipient } of policy.recipients) {
+            parts.push((0, viem_1.encodePacked)(['uint256', 'address'], [BigInt(chainId), recipient === 'any' ? types_1.ANY_ADDRESS : recipient]));
+        }
+    }
+    // FillExpiry: [count: 1][chainId: 32][max<<128|min packed into uint256] each
+    if (policy.fillExpiryBounds?.length) {
+        if (policy.fillExpiryBounds.length > 255)
+            throw new Error('fillExpiryBounds array exceeds max length of 255');
+        const mask128 = (1n << 128n) - 1n;
+        parts.push((0, viem_1.toHex)(policy.fillExpiryBounds.length, { size: 1 }));
+        for (const { chainId, min: fMin, max: fMax } of policy.fillExpiryBounds) {
+            const minVal = (fMin ?? 0n) & mask128;
+            const maxVal = (fMax ?? viem_1.maxUint256) & mask128;
+            const packed = minVal | (maxVal << 128n);
+            parts.push((0, viem_1.encodePacked)(['uint256', 'uint256'], [BigInt(chainId), packed]));
+        }
+    }
+    // TokenOut: [count: 1][chainId: 32][token: 20] each
+    if (policy.tokensOut?.length) {
+        if (policy.tokensOut.length > 255)
+            throw new Error('tokensOut array exceeds max length of 255');
+        parts.push((0, viem_1.toHex)(policy.tokensOut.length, { size: 1 }));
+        for (const { chainId, token } of policy.tokensOut) {
+            parts.push((0, viem_1.encodePacked)(['uint256', 'address'], [BigInt(chainId), token]));
+        }
+    }
+    // RecipientIsSponsor has no data payload — mode bit alone enables it
+    return (0, viem_1.concat)(parts);
+}

package/dist/src/modules/validators/policies/claim/types.d.ts

@@ -0,0 +1,12 @@
+export declare const FIELD_ARBITER = 0;
+export declare const FIELD_EXPIRY = 1;
+export declare const FIELD_TOKEN_IN = 2;
+export declare const FIELD_RECIPIENT = 3;
+export declare const FIELD_FILL_EXPIRY = 4;
+export declare const FIELD_TOKEN_OUT = 5;
+export declare const FIELD_ORIGIN_OPS = 6;
+export declare const FIELD_DEST_OPS = 7;
+export declare const FIELD_RECIPIENT_IS_SPONSOR = 9;
+export declare const MODE_CHECK_STORAGE = 1;
+export declare const ANY_ADDRESS: "0xFFfFfFffFFfffFFfFFfFFFFFffFFFffffFfFFFfF";
+//# sourceMappingURL=types.d.ts.map

package/dist/src/modules/validators/policies/claim/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../../modules/validators/policies/claim/types.ts"],"names":[],"mappings":"AACA,eAAO,MAAM,aAAa,IAAI,CAAA;AAC9B,eAAO,MAAM,YAAY,IAAI,CAAA;AAC7B,eAAO,MAAM,cAAc,IAAI,CAAA;AAC/B,eAAO,MAAM,eAAe,IAAI,CAAA;AAChC,eAAO,MAAM,iBAAiB,IAAI,CAAA;AAClC,eAAO,MAAM,eAAe,IAAI,CAAA;AAChC,eAAO,MAAM,gBAAgB,IAAI,CAAA;AACjC,eAAO,MAAM,cAAc,IAAI,CAAA;AAE/B,eAAO,MAAM,0BAA0B,IAAI,CAAA;AAG3C,eAAO,MAAM,kBAAkB,IAAI,CAAA;AAGnC,eAAO,MAAM,WAAW,EAAG,4CAAqD,CAAA"}

package/dist/src/modules/validators/policies/claim/types.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ANY_ADDRESS = exports.MODE_CHECK_STORAGE = exports.FIELD_RECIPIENT_IS_SPONSOR = exports.FIELD_DEST_OPS = exports.FIELD_ORIGIN_OPS = exports.FIELD_TOKEN_OUT = exports.FIELD_FILL_EXPIRY = exports.FIELD_RECIPIENT = exports.FIELD_TOKEN_IN = exports.FIELD_EXPIRY = exports.FIELD_ARBITER = void 0;
+// Field IDs matching BaseDataTypes.sol
+exports.FIELD_ARBITER = 0;
+exports.FIELD_EXPIRY = 1;
+exports.FIELD_TOKEN_IN = 2;
+exports.FIELD_RECIPIENT = 3;
+exports.FIELD_FILL_EXPIRY = 4;
+exports.FIELD_TOKEN_OUT = 5;
+exports.FIELD_ORIGIN_OPS = 6;
+exports.FIELD_DEST_OPS = 7;
+// Field 8 is reserved in BaseDataTypes.sol
+exports.FIELD_RECIPIENT_IS_SPONSOR = 9;
+// Mode values
+exports.MODE_CHECK_STORAGE = 1;
+// Sentinel: allows any recipient address
+exports.ANY_ADDRESS = '0xFFfFfFffFFfffFFfFFfFFFFFffFFFffffFfFFFfF';

package/dist/src/modules/validators/smart-sessions.d.ts

@@ -1,5 +1,5 @@
 import { type Address, type Hex, type TypedDataDefinition } from 'viem';
-import type { ProviderConfig, RhinestoneAccountConfig, RhinestoneConfig, Session, SignerSet } from '../../types';
+import type { Policy, ProviderConfig, RhinestoneAccountConfig, RhinestoneConfig, Session, SessionEnableData } from '../../types';
 import { type Module } from '../common';
 import { SMART_SESSION_EMISSARY_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS_DEV } from './core';
 interface SessionData {
@@ -164,9 +164,23 @@ declare const SMART_SESSION_MODE_ENABLE = "0x01";
 declare const SMART_SESSIONS_FALLBACK_TARGET_FLAG: Address;
 declare const SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG: Hex;
 declare const SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG_PERMITTED_TO_CALL_SMARTSESSION: Hex;
-declare function packSignature(signers: SignerSet & {
+declare const DUMMY_PRECLAIMOP_TARGET: Address;
+declare const DUMMY_PRECLAIMOP_SELECTOR: Hex;
+declare const SPENDING_LIMITS_POLICY_ADDRESS: Address;
+declare const TIME_FRAME_POLICY_ADDRESS: Address;
+declare const SUDO_POLICY_ADDRESS: Address;
+declare const UNIVERSAL_ACTION_POLICY_ADDRESS: Address;
+declare const USAGE_LIMIT_POLICY_ADDRESS: Address;
+declare const VALUE_LIMIT_POLICY_ADDRESS: Address;
+declare const INTENT_EXECUTION_POLICY_ADDRESS: Address;
+interface ResolvedSessionSignerSet {
     type: 'experimental_session';
-}, validatorSignature: Hex): Hex;
+    session: Session;
+    enableData?: SessionEnableData;
+    verifyExecutions: boolean;
+    claimPolicyData?: Hex;
+}
+declare function packSignature(signers: ResolvedSessionSignerSet, validatorSignature: Hex): Hex;
 declare function getSessionDetails(account: Address, sessions: Session[], provider: ProviderConfig | undefined, useDevContracts?: boolean): Promise<SessionDetails>;
 declare function isSessionEnabled(account: Address, provider: ProviderConfig | undefined, session: Session, useDevContracts?: boolean): Promise<boolean>;
 declare function signEnableSession(config: RhinestoneAccountConfig, details: SessionDetails): Promise<Hex>;
@@ -177,8 +191,9 @@ declare function getEnableSessionCall(account: Address, session: Session, enable
     to: `0x${string}`;
     data: `0x${string}`;
 }>;
-declare function getSessionData(session: Session): SessionData;
+declare function getSessionData(session: Session, useDevContracts?: boolean): SessionData;
 declare function getPermissionId(session: Session): `0x${string}`;
+declare function getPolicyData(policy: Policy, useDevContracts?: boolean): PolicyData;
 declare function getSmartSessionValidator(config: RhinestoneConfig): Module | null;
 /**
  * Builds a mockSignature for SSX validation gas estimation.
@@ -188,7 +203,7 @@ declare function getSmartSessionValidator(config: RhinestoneConfig): Module | nu
  * The orchestrator slices off the first 20 bytes to identify the validator, then
  * simulates verifyExecution with the mock emissary to estimate gas before the user signs.
  */
-declare function buildMockSignature(session: Session, useDevContracts?: boolean, chainCount?: number): Hex;
-export { SMART_SESSION_EMISSARY_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS_DEV, SMART_SESSIONS_FALLBACK_TARGET_FLAG, SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG, SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG_PERMITTED_TO_CALL_SMARTSESSION, packSignature, getSessionData, getEnableSessionCall, getPermissionId, getSmartSessionValidator, getSessionDetails, isSessionEnabled, signEnableSession, buildMockSignature, };
-export type { ChainSession, ChainDigest, SessionData, SmartSessionModeType, SessionDetails, };
+declare function buildMockSignature(session: Session, useDevContracts?: boolean, chainCount?: number, targetChainId?: number): Hex;
+export { SMART_SESSION_EMISSARY_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS_DEV, SMART_SESSIONS_FALLBACK_TARGET_FLAG, SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG, SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG_PERMITTED_TO_CALL_SMARTSESSION, DUMMY_PRECLAIMOP_TARGET, DUMMY_PRECLAIMOP_SELECTOR, SPENDING_LIMITS_POLICY_ADDRESS, TIME_FRAME_POLICY_ADDRESS, SUDO_POLICY_ADDRESS, UNIVERSAL_ACTION_POLICY_ADDRESS, USAGE_LIMIT_POLICY_ADDRESS, VALUE_LIMIT_POLICY_ADDRESS, INTENT_EXECUTION_POLICY_ADDRESS, packSignature, getSessionData, getPolicyData, getEnableSessionCall, getPermissionId, getSmartSessionValidator, getSessionDetails, isSessionEnabled, signEnableSession, buildMockSignature, };
+export type { ChainSession, ChainDigest, ResolvedSessionSignerSet, SessionData, SmartSessionModeType, SessionDetails, };
 //# sourceMappingURL=smart-sessions.d.ts.map

package/dist/src/modules/validators/smart-sessions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"smart-sessions.d.ts","sourceRoot":"","sources":["../../../../modules/validators/smart-sessions.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,OAAO,EAMZ,KAAK,GAAG,EAOR,KAAK,mBAAmB,EAKzB,MAAM,MAAM,CAAA;AASb,OAAO,KAAK,EAGV,cAAc,EACd,uBAAuB,EACvB,gBAAgB,EAChB,OAAO,EACP,SAAS,EAEV,MAAM,aAAa,CAAA;AAEpB,OAAO,EAA4B,KAAK,MAAM,EAAE,MAAM,WAAW,CAAA;AACjE,OAAO,EAEL,8BAA8B,EAC9B,kCAAkC,EACnC,MAAM,QAAQ,CAAA;AAQf,UAAU,WAAW;IACnB,gBAAgB,EAAE,OAAO,CAAA;IACzB,wBAAwB,EAAE,GAAG,CAAA;IAC7B,IAAI,EAAE,GAAG,CAAA;IACT,eAAe,EAAE;QACf,qBAAqB,EAAE,SAAS,qBAAqB,EAAE,CAAA;QACvD,eAAe,EAAE,SAAS,aAAa,EAAE,CAAA;KAC1C,CAAA;IACD,OAAO,EAAE,SAAS,UAAU,EAAE,CAAA;IAC9B,aAAa,EAAE,SAAS,UAAU,EAAE,CAAA;CACrC;AAED,UAAU,aAAa;IACrB,MAAM,EAAE,OAAO,CAAA;IACf,QAAQ,EAAE,GAAG,CAAA;CACd;AAED,UAAU,qBAAqB;IAC7B,kBAAkB,EAAE,GAAG,CAAA;IACvB,YAAY,EAAE,SAAS,MAAM,EAAE,CAAA;CAChC;AAED,UAAU,UAAU;IAClB,oBAAoB,EAAE,GAAG,CAAA;IACzB,YAAY,EAAE,OAAO,CAAA;IACrB,cAAc,EAAE,SAAS,UAAU,EAAE,CAAA;CACtC;AAED,UAAU,UAAU;IAClB,MAAM,EAAE,OAAO,CAAA;IACf,QAAQ,EAAE,GAAG,CAAA;CACd;AAaD,KAAK,oBAAoB,GACrB,OAAO,sBAAsB,GAC7B,OAAO,yBAAyB,CAAA;AAEpC,UAAU,WAAW;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,EAAE,GAAG,CAAA;CACnB;AAED,UAAU,iBAAiB;IACzB,mBAAmB,EAAE,OAAO,CAAA;IAC5B,iBAAiB,EAAE,OAAO,CAAA;IAC1B,0BAA0B,EAAE,OAAO,CAAA;IACnC,sBAAsB,EAAE,OAAO,CAAA;IAC/B,cAAc,EAAE,SAAS,UAAU,EAAE,CAAA;IACrC,eAAe,EAAE,WAAW,CAAA;IAC5B,OAAO,EAAE,SAAS,UAAU,EAAE,CAAA;CAC/B;AAED,UAAU,aAAa;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,WAAW,EAAE,iBAAiB,CAAA;IAC9B,gBAAgB,EAAE,OAAO,CAAA;IACzB,wBAAwB,EAAE,GAAG,CAAA;IAC7B,IAAI,EAAE,GAAG,CAAA;IACT,YAAY,EAAE,OAAO,CAAA;IACrB,KAAK,EAAE,MAAM,CAAA;CACd;AAED,UAAU,YAAY;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,aAAa,CAAA;CACvB;AAED,UAAU,WAAW;IACnB,qBAAqB,EAAE,SAAS,cAAc,EAAE,CAAA;IAChD,eAAe,EAAE,SAAS,UAAU,EAAE,CAAA;CACvC;AAED,UAAU,cAAc;IACtB,kBAAkB,EAAE,GAAG,CAAA;IACvB,WAAW,EAAE,SAAS,MAAM,EAAE,CAAA;CAC/B;AAED,UAAU,cAAc;IACtB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,iBAAiB,EAAE,WAAW,EAAE,CAAA;IAChC,IAAI,EAAE,mBAAmB,CAAC,OAAO,KAAK,EAAE,mBAAmB,CAAC,CAAA;CAC7D;AAED,QAAA,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2CD,CAAA;AAEV,QAAA,MAAM,sBAAsB,SAAS,CAAA;AACrC,QAAA,MAAM,yBAAyB,SAAS,CAAA;AAExC,QAAA,MAAM,mCAAmC,EAAE,OACG,CAAA;AAC9C,QAAA,MAAM,4CAA4C,EAAE,GAAkB,CAAA;AACtE,QAAA,MAAM,2EAA2E,EAAE,GACrE,CAAA;AAyBd,iBAAS,aAAa,CACpB,OAAO,EAAE,SAAS,GAAG;IAAE,IAAI,EAAE,sBAAsB,CAAA;CAAE,EACrD,kBAAkB,EAAE,GAAG,GACtB,GAAG,CA4JL;AAED,iBAAe,iBAAiB,CAC9B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,OAAO,EAAE,EACnB,QAAQ,EAAE,cAAc,GAAG,SAAS,EACpC,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,cAAc,CAAC,CA+CzB;AAED,iBAAe,gBAAgB,CAC7B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,cAAc,GAAG,SAAS,EACpC,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,OAAO,CAAC,CAuBlB;AAED,iBAAe,iBAAiB,CAC9B,MAAM,EAAE,uBAAuB,EAC/B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,GAAG,CAAC,CAId;AAwED,iBAAe,oBAAoB,CACjC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,OAAO,EAChB,sBAAsB,EAAE,GAAG,EAC3B,iBAAiB,EAAE;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,EAAE,GAAG,CAAA;CACnB,EAAE,EACH,oBAAoB,EAAE,MAAM,EAC5B,eAAe,CAAC,EAAE,OAAO;;;GA8B1B;AAED,iBAAS,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,WAAW,CA6ErD;AAED,iBAAS,eAAe,CAAC,OAAO,EAAE,OAAO,iBAyBxC;AA4KD,iBAAS,wBAAwB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,GAAG,IAAI,CAezE;AAQD;;;;;;;GAOG;AACH,iBAAS,kBAAkB,CACzB,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,EACzB,UAAU,GAAE,MAAU,GACrB,GAAG,CAyBL;AASD,OAAO,EACL,8BAA8B,EAC9B,kCAAkC,EAClC,mCAAmC,EACnC,4CAA4C,EAC5C,2EAA2E,EAC3E,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,wBAAwB,EACxB,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,CAAA;AACD,YAAY,EACV,YAAY,EACZ,WAAW,EACX,WAAW,EACX,oBAAoB,EACpB,cAAc,GACf,CAAA"}
+{"version":3,"file":"smart-sessions.d.ts","sourceRoot":"","sources":["../../../../modules/validators/smart-sessions.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,OAAO,EAMZ,KAAK,GAAG,EAOR,KAAK,mBAAmB,EAKzB,MAAM,MAAM,CAAA;AAcb,OAAO,KAAK,EAEV,MAAM,EACN,cAAc,EACd,uBAAuB,EACvB,gBAAgB,EAChB,OAAO,EACP,iBAAiB,EAElB,MAAM,aAAa,CAAA;AAEpB,OAAO,EAA4B,KAAK,MAAM,EAAE,MAAM,WAAW,CAAA;AACjE,OAAO,EAGL,8BAA8B,EAC9B,kCAAkC,EACnC,MAAM,QAAQ,CAAA;AAYf,UAAU,WAAW;IACnB,gBAAgB,EAAE,OAAO,CAAA;IACzB,wBAAwB,EAAE,GAAG,CAAA;IAC7B,IAAI,EAAE,GAAG,CAAA;IACT,eAAe,EAAE;QACf,qBAAqB,EAAE,SAAS,qBAAqB,EAAE,CAAA;QACvD,eAAe,EAAE,SAAS,aAAa,EAAE,CAAA;KAC1C,CAAA;IACD,OAAO,EAAE,SAAS,UAAU,EAAE,CAAA;IAC9B,aAAa,EAAE,SAAS,UAAU,EAAE,CAAA;CACrC;AAED,UAAU,aAAa;IACrB,MAAM,EAAE,OAAO,CAAA;IACf,QAAQ,EAAE,GAAG,CAAA;CACd;AAED,UAAU,qBAAqB;IAC7B,kBAAkB,EAAE,GAAG,CAAA;IACvB,YAAY,EAAE,SAAS,MAAM,EAAE,CAAA;CAChC;AAED,UAAU,UAAU;IAClB,oBAAoB,EAAE,GAAG,CAAA;IACzB,YAAY,EAAE,OAAO,CAAA;IACrB,cAAc,EAAE,SAAS,UAAU,EAAE,CAAA;CACtC;AAED,UAAU,UAAU;IAClB,MAAM,EAAE,OAAO,CAAA;IACf,QAAQ,EAAE,GAAG,CAAA;CACd;AAaD,KAAK,oBAAoB,GACrB,OAAO,sBAAsB,GAC7B,OAAO,yBAAyB,CAAA;AAEpC,UAAU,WAAW;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,EAAE,GAAG,CAAA;CACnB;AAED,UAAU,iBAAiB;IACzB,mBAAmB,EAAE,OAAO,CAAA;IAC5B,iBAAiB,EAAE,OAAO,CAAA;IAC1B,0BAA0B,EAAE,OAAO,CAAA;IACnC,sBAAsB,EAAE,OAAO,CAAA;IAC/B,cAAc,EAAE,SAAS,UAAU,EAAE,CAAA;IACrC,eAAe,EAAE,WAAW,CAAA;IAC5B,OAAO,EAAE,SAAS,UAAU,EAAE,CAAA;CAC/B;AAED,UAAU,aAAa;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,WAAW,EAAE,iBAAiB,CAAA;IAC9B,gBAAgB,EAAE,OAAO,CAAA;IACzB,wBAAwB,EAAE,GAAG,CAAA;IAC7B,IAAI,EAAE,GAAG,CAAA;IACT,YAAY,EAAE,OAAO,CAAA;IACrB,KAAK,EAAE,MAAM,CAAA;CACd;AAED,UAAU,YAAY;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,aAAa,CAAA;CACvB;AAED,UAAU,WAAW;IACnB,qBAAqB,EAAE,SAAS,cAAc,EAAE,CAAA;IAChD,eAAe,EAAE,SAAS,UAAU,EAAE,CAAA;CACvC;AAED,UAAU,cAAc;IACtB,kBAAkB,EAAE,GAAG,CAAA;IACvB,WAAW,EAAE,SAAS,MAAM,EAAE,CAAA;CAC/B;AAED,UAAU,cAAc;IACtB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,iBAAiB,EAAE,WAAW,EAAE,CAAA;IAChC,IAAI,EAAE,mBAAmB,CAAC,OAAO,KAAK,EAAE,mBAAmB,CAAC,CAAA;CAC7D;AAED,QAAA,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2CD,CAAA;AAEV,QAAA,MAAM,sBAAsB,SAAS,CAAA;AACrC,QAAA,MAAM,yBAAyB,SAAS,CAAA;AAExC,QAAA,MAAM,mCAAmC,EAAE,OACG,CAAA;AAC9C,QAAA,MAAM,4CAA4C,EAAE,GAAkB,CAAA;AACtE,QAAA,MAAM,2EAA2E,EAAE,GACrE,CAAA;AAOd,QAAA,MAAM,uBAAuB,EAAE,OACe,CAAA;AAC9C,QAAA,MAAM,yBAAyB,EAAE,GAAkB,CAAA;AAEnD,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAC9C,QAAA,MAAM,yBAAyB,EAAE,OACa,CAAA;AAC9C,QAAA,MAAM,mBAAmB,EAAE,OACmB,CAAA;AAC9C,QAAA,MAAM,+BAA+B,EAAE,OACO,CAAA;AAC9C,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAC9C,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAC9C,QAAA,MAAM,+BAA+B,EAAE,OACO,CAAA;AAY9C,UAAU,wBAAwB;IAChC,IAAI,EAAE,sBAAsB,CAAA;IAC5B,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,CAAC,EAAE,iBAAiB,CAAA;IAC9B,gBAAgB,EAAE,OAAO,CAAA;IACzB,eAAe,CAAC,EAAE,GAAG,CAAA;CACtB;AAED,iBAAS,aAAa,CACpB,OAAO,EAAE,wBAAwB,EACjC,kBAAkB,EAAE,GAAG,GACtB,GAAG,CA4JL;AAED,iBAAe,iBAAiB,CAC9B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,OAAO,EAAE,EACnB,QAAQ,EAAE,cAAc,GAAG,SAAS,EACpC,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,cAAc,CAAC,CAiDzB;AAED,iBAAe,gBAAgB,CAC7B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,cAAc,GAAG,SAAS,EACpC,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,OAAO,CAAC,CAuBlB;AAED,iBAAe,iBAAiB,CAC9B,MAAM,EAAE,uBAAuB,EAC/B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,GAAG,CAAC,CAyBd;AAwED,iBAAe,oBAAoB,CACjC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,OAAO,EAChB,sBAAsB,EAAE,GAAG,EAC3B,iBAAiB,EAAE;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,EAAE,GAAG,CAAA;CACnB,EAAE,EACH,oBAAoB,EAAE,MAAM,EAC5B,eAAe,CAAC,EAAE,OAAO;;;GA8B1B;AAED,iBAAS,cAAc,CACrB,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,GACxB,WAAW,CA6Fb;AAED,iBAAS,eAAe,CAAC,OAAO,EAAE,OAAO,iBAyBxC;AAED,iBAAS,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,OAAO,GAAG,UAAU,CA0K5E;AAED,iBAAS,wBAAwB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,GAAG,IAAI,CAezE;AAQD;;;;;;;GAOG;AACH,iBAAS,kBAAkB,CACzB,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,EACzB,UAAU,GAAE,MAAU,EACtB,aAAa,CAAC,EAAE,MAAM,GACrB,GAAG,CAgCL;AASD,OAAO,EACL,8BAA8B,EAC9B,kCAAkC,EAClC,mCAAmC,EACnC,4CAA4C,EAC5C,2EAA2E,EAC3E,uBAAuB,EACvB,yBAAyB,EACzB,8BAA8B,EAC9B,yBAAyB,EACzB,mBAAmB,EACnB,+BAA+B,EAC/B,0BAA0B,EAC1B,0BAA0B,EAC1B,+BAA+B,EAC/B,aAAa,EACb,cAAc,EACd,aAAa,EACb,oBAAoB,EACpB,eAAe,EACf,wBAAwB,EACxB,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,CAAA;AACD,YAAY,EACV,YAAY,EACZ,WAAW,EACX,wBAAwB,EACxB,WAAW,EACX,oBAAoB,EACpB,cAAc,GACf,CAAA"}

package/dist/src/modules/validators/smart-sessions.js

@@ -3,9 +3,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG_PERMITTED_TO_CALL_SMARTSESSION = exports.SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG = exports.SMART_SESSIONS_FALLBACK_TARGET_FLAG = exports.SMART_SESSION_EMISSARY_ADDRESS_DEV = exports.SMART_SESSION_EMISSARY_ADDRESS = void 0;
+exports.INTENT_EXECUTION_POLICY_ADDRESS = exports.VALUE_LIMIT_POLICY_ADDRESS = exports.USAGE_LIMIT_POLICY_ADDRESS = exports.UNIVERSAL_ACTION_POLICY_ADDRESS = exports.SUDO_POLICY_ADDRESS = exports.TIME_FRAME_POLICY_ADDRESS = exports.SPENDING_LIMITS_POLICY_ADDRESS = exports.DUMMY_PRECLAIMOP_SELECTOR = exports.DUMMY_PRECLAIMOP_TARGET = exports.SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG_PERMITTED_TO_CALL_SMARTSESSION = exports.SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG = exports.SMART_SESSIONS_FALLBACK_TARGET_FLAG = exports.SMART_SESSION_EMISSARY_ADDRESS_DEV = exports.SMART_SESSION_EMISSARY_ADDRESS = void 0;
 exports.packSignature = packSignature;
 exports.getSessionData = getSessionData;
+exports.getPolicyData = getPolicyData;
 exports.getEnableSessionCall = getEnableSessionCall;
 exports.getPermissionId = getPermissionId;
 exports.getSmartSessionValidator = getSmartSessionValidator;
@@ -16,15 +17,18 @@ exports.buildMockSignature = buildMockSignature;
 const solady_1 = require("solady");
 const viem_1 = require("viem");
 const chains_1 = require("viem/chains");
+const accounts_1 = require("../../accounts");
+const startale_1 = require("../../accounts/startale");
 const utils_1 = require("../../accounts/utils");
 const compact_1 = require("../../execution/compact");
 const utils_2 = require("../../execution/utils");
-const orchestrator_1 = require("../../orchestrator");
+const registry_1 = require("../../orchestrator/registry");
 const smart_session_emissary_1 = __importDefault(require("../abi/smart-session-emissary"));
 const common_1 = require("../common");
 const core_1 = require("./core");
 Object.defineProperty(exports, "SMART_SESSION_EMISSARY_ADDRESS", { enumerable: true, get: function () { return core_1.SMART_SESSION_EMISSARY_ADDRESS; } });
 Object.defineProperty(exports, "SMART_SESSION_EMISSARY_ADDRESS_DEV", { enumerable: true, get: function () { return core_1.SMART_SESSION_EMISSARY_ADDRESS_DEV; } });
+const permit2_1 = require("./policies/claim/permit2");
 const types = {
     PolicyData: [
         { name: 'policy', type: 'address' },
@@ -77,13 +81,30 @@ const SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG = '0x00000001';
 exports.SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG = SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG;
 const SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG_PERMITTED_TO_CALL_SMARTSESSION = '0x00000002';
 exports.SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG_PERMITTED_TO_CALL_SMARTSESSION = SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG_PERMITTED_TO_CALL_SMARTSESSION;
+// Dummy preclaimop action injected into every session so that the filler can trigger
+// verifyExecution (ENABLE mode) using an injected dummy preclaimop when there are no
+// real preclaimops. Target 0x...0420 is the ecRecover precompile; calls to it fail
+// silently because preclaimops are failure-tolerant. Selector 0x69123456 is
+// intentionally uncommon.
+const DUMMY_PRECLAIMOP_TARGET = '0x0000000000000000000000000000000000000420';
+exports.DUMMY_PRECLAIMOP_TARGET = DUMMY_PRECLAIMOP_TARGET;
+const DUMMY_PRECLAIMOP_SELECTOR = '0x69123456';
+exports.DUMMY_PRECLAIMOP_SELECTOR = DUMMY_PRECLAIMOP_SELECTOR;
 const SPENDING_LIMITS_POLICY_ADDRESS = '0x00000088d48cf102a8cdb0137a9b173f957c6343';
+exports.SPENDING_LIMITS_POLICY_ADDRESS = SPENDING_LIMITS_POLICY_ADDRESS;
 const TIME_FRAME_POLICY_ADDRESS = '0x8177451511de0577b911c254e9551d981c26dc72';
+exports.TIME_FRAME_POLICY_ADDRESS = TIME_FRAME_POLICY_ADDRESS;
 const SUDO_POLICY_ADDRESS = '0x0000003111cd8e92337c100f22b7a9dbf8dee301';
+exports.SUDO_POLICY_ADDRESS = SUDO_POLICY_ADDRESS;
 const UNIVERSAL_ACTION_POLICY_ADDRESS = '0x0000006dda6c463511c4e9b05cfc34c1247fcf1f';
+exports.UNIVERSAL_ACTION_POLICY_ADDRESS = UNIVERSAL_ACTION_POLICY_ADDRESS;
 const USAGE_LIMIT_POLICY_ADDRESS = '0x1f34ef8311345a3a4a4566af321b313052f51493';
+exports.USAGE_LIMIT_POLICY_ADDRESS = USAGE_LIMIT_POLICY_ADDRESS;
 const VALUE_LIMIT_POLICY_ADDRESS = '0x730da93267e7e513e932301b47f2ac7d062abc83';
-const INTENT_EXECUTION_POLICY_ADDRESS = '0xa09b47de6e510cbdc18b97e9239bedcb44fb4901';
+exports.VALUE_LIMIT_POLICY_ADDRESS = VALUE_LIMIT_POLICY_ADDRESS;
+const INTENT_EXECUTION_POLICY_ADDRESS = '0xe9eA54d063975cDee9e06b7636d5563d95a7A23C';
+exports.INTENT_EXECUTION_POLICY_ADDRESS = INTENT_EXECUTION_POLICY_ADDRESS;
+const INTENT_EXECUTION_POLICY_ADDRESS_DEV = '0xa09b47de6e510cbdc18b97e9239bedcb44fb4901';
 const ACTION_CONDITION_EQUAL = 0;
 const ACTION_CONDITION_GREATER_THAN = 1;
 const ACTION_CONDITION_LESS_THAN = 2;
@@ -225,7 +246,7 @@ function packSignature(signers, validatorSignature) {
         const SIGNATURE_IS_VALID_SIG_1271 = '0x00';
         const policyDataOffset = BigInt(64 + (0, viem_1.size)(validatorSignature));
         const mode = SIGNATURE_IS_VALID_SIG_1271;
-        const policySpecificData = '0x';
+        const policySpecificData = signers.claimPolicyData ?? '0x';
         const signature = (0, viem_1.encodePacked)(['bytes1', 'bytes32', 'uint256', 'bytes', 'bytes'], [
             mode,
             permissionId,
@@ -239,7 +260,7 @@ function packSignature(signers, validatorSignature) {
 async function getSessionDetails(account, sessions, provider, useDevContracts) {
     const lockTag = '0x000000000000000000000000';
     const sessionNonces = await Promise.all(sessions.map((session) => getSessionNonce(account, session, lockTag, provider, useDevContracts)));
-    const sessionDatas = sessions.map((session) => getSessionData(session));
+    const sessionDatas = sessions.map((session) => getSessionData(session, useDevContracts));
     const signedSessions = sessionDatas.map((session, index) => getSignedSession(account, lockTag, session, sessionNonces[index], useDevContracts));
     const chains = sessions.map((session) => session.chain);
     const hashesAndChainIds = signedSessions.map((session, index) => ({
@@ -295,6 +316,22 @@ async function isSessionEnabled(account, provider, session, useDevContracts) {
     return isEnabled;
 }
 async function signEnableSession(config, details) {
+    const account = (0, accounts_1.getAccountProvider)(config);
+    const validator = (0, core_1.getOwnerValidator)(config);
+    const isStartaleK1 = account.type === 'startale' &&
+        validator.address.toLowerCase() ===
+            startale_1.K1_DEFAULT_VALIDATOR_ADDRESS.toLowerCase();
+    if (isStartaleK1) {
+        const chainIds = details.hashesAndChainIds.map((h) => h.chainId);
+        const uniqueChainIds = [...new Set(chainIds.map((c) => c.toString()))];
+        if (uniqueChainIds.length > 1) {
+            throw new Error('Startale accounts with K1 validator do not support multi-chain session enable');
+        }
+        const chain = (0, registry_1.getChainById)(Number(chainIds[0]));
+        return (0, utils_2.signTypedData)(config, details.data, chain, undefined, {
+            skipErc6492: true,
+        });
+    }
     return (0, utils_2.signTypedData)(config, details.data, chains_1.mainnet, undefined, {
         skipErc6492: true,
     });
@@ -352,7 +389,7 @@ function getSignedSession(account, lockTag, session, nonce, useDevContracts) {
     };
 }
 async function getEnableSessionCall(account, session, enableSessionSignature, hashesAndChainIds, sessionToEnableIndex, useDevContracts) {
-    const sessionData = getSessionData(session);
+    const sessionData = getSessionData(session, useDevContracts);
     const permissionId = getPermissionId(session);
     return {
         to: getSmartSessionEmissaryAddress(useDevContracts),
@@ -381,7 +418,7 @@ async function getEnableSessionCall(account, session, enableSessionSignature, ha
         }),
     };
 }
-function getSessionData(session) {
+function getSessionData(session, useDevContracts) {
     const validator = (0, core_1.getValidator)(session.owners);
     const allowedContent = [
         {
@@ -408,10 +445,11 @@ function getSessionData(session) {
             },
         ],
     };
+    const userHasFallbackAction = session.actions?.some((action) => !('target' in action) && !('selector' in action));
     const injectedActions = [
-        // ETH wrapping
+        // Native token wrapping
         {
-            target: (0, orchestrator_1.getTokenAddress)('WETH', session.chain.id),
+            target: (0, registry_1.getWrappedTokenAddress)(session.chain),
             selector: (0, viem_1.toFunctionSelector)({
                 type: 'function',
                 name: 'deposit',
@@ -420,15 +458,22 @@ function getSessionData(session) {
                 stateMutability: 'payable',
             }),
         },
+        // Only inject the intent-execution fallback if the user hasn't defined their own
+        // fallback action — otherwise both map to the same actionId and their policies merge,
+        // causing IntentExecutionPolicy to be required for all fallback calls
+        ...(!userHasFallbackAction
+            ? [{ policies: [{ type: 'intent-execution' }] }]
+            : []),
+        // Dummy action: allows the filler to call verifyExecution in ENABLE mode using
+        // an injected dummy preclaimop so any session can be enabled on-chain without
+        // a separate UserOp, regardless of whether it has claim or action policies.
         {
-            policies: [
-                {
-                    type: 'intent-execution',
-                },
-            ],
+            target: DUMMY_PRECLAIMOP_TARGET,
+            selector: DUMMY_PRECLAIMOP_SELECTOR,
+            policies: [{ type: 'sudo' }],
         },
     ];
-    const actions = session.actions
+    const actions = session.actions?.length
         ? [...session.actions, ...injectedActions].map((action) => ({
             actionTargetSelector: 'selector' in action
                 ? action.selector
@@ -436,7 +481,7 @@ function getSessionData(session) {
             actionTarget: 'target' in action
                 ? action.target
                 : SMART_SESSIONS_FALLBACK_TARGET_FLAG,
-            actionPolicies: action.policies?.map((policy) => getPolicyData(policy)) ?? [
+            actionPolicies: action.policies?.map((policy) => getPolicyData(policy, useDevContracts)) ?? [
                 {
                     policy: SUDO_POLICY_ADDRESS,
                     initData: '0x',
@@ -450,7 +495,11 @@ function getSessionData(session) {
         sessionValidatorInitData: validator.initData,
         erc7739Policies: erc7739Data,
         actions,
-        claimPolicies: [],
+        // Note: Permit2ClaimPolicy has no dev deployment — same address in all environments
+        claimPolicies: session.claimPolicies?.map((p) => ({
+            policy: permit2_1.PERMIT2_CLAIM_POLICY_ADDRESS,
+            initData: (0, permit2_1.encodePermit2ClaimPolicyInitData)(p),
+        })) ?? [],
     };
 }
 function getPermissionId(session) {
@@ -474,7 +523,7 @@ function getPermissionId(session) {
         sessionData.salt,
     ]));
 }
-function getPolicyData(policy) {
+function getPolicyData(policy, useDevContracts) {
     switch (policy.type) {
         case 'sudo':
             return {
@@ -483,7 +532,9 @@ function getPolicyData(policy) {
             };
         case 'intent-execution':
             return {
-                policy: INTENT_EXECUTION_POLICY_ADDRESS,
+                policy: useDevContracts
+                    ? INTENT_EXECUTION_POLICY_ADDRESS_DEV
+                    : INTENT_EXECUTION_POLICY_ADDRESS,
                 initData: '0x',
             };
         case 'universal-action': {
@@ -659,13 +710,22 @@ function getSmartSessionEmissaryAddress(useDevContracts) {
  * The orchestrator slices off the first 20 bytes to identify the validator, then
  * simulates verifyExecution with the mock emissary to estimate gas before the user signs.
  */
-function buildMockSignature(session, useDevContracts, chainCount = 1) {
+function buildMockSignature(session, useDevContracts, chainCount = 1, targetChainId) {
     const emissaryAddress = getSmartSessionEmissaryAddress(useDevContracts);
+    // Use targetChainId when provided (per-chain mockSignatures path) so the
+    // mock emissary's chainId check passes on the correct chain. Falls back to
+    // session.chain.id for the global mockSignature (single-chain path).
+    const primaryChainId = targetChainId ?? session.chain.id;
+    // Normalize chainCount to a finite positive integer. Guards against
+    // accidental NaN/undefined from caller (e.g. `sourceChains?.length` when
+    // sourceChains is undefined) which would otherwise make Array.from produce
+    // an empty array and silently drop the ChainId check.
+    const safeChainCount = Number.isFinite(chainCount) && chainCount > 0 ? Math.floor(chainCount) : 1;
     // Build one entry per chain — first entry is the real chain ID (for the ChainId check),
     // remaining entries use chainId 0 as placeholders. Hash mismatch is skipped by the
     // mock emissary, so sessionDigest can be zeroHash throughout.
-    const hashesAndChainIds = Array.from({ length: Math.max(1, chainCount) }, (_, i) => ({
-        chainId: i === 0 ? BigInt(session.chain.id) : 0n,
+    const hashesAndChainIds = Array.from({ length: safeChainCount }, (_, i) => ({
+        chainId: i === 0 ? BigInt(primaryChainId) : 0n,
         sessionDigest: viem_1.zeroHash,
     }));
     const dummySigners = {

package/dist/src/orchestrator/client.d.ts

@@ -1,10 +1,11 @@
 import type { Address } from 'viem';
+import type { AuthProvider } from '../auth/provider';
 import type { IntentInput, IntentOpStatus, IntentResult, IntentRoute, Portfolio, SignedIntentOp, SplitIntentsInput, SplitIntentsResult } from './types';
 export declare class Orchestrator {
     private serverUrl;
-    private apiKey?;
-    private headers?;
-    constructor(serverUrl: string, apiKey?: string, headers?: Record<string, string>);
+    private authProvider;
+    private extraHeaders?;
+    constructor(serverUrl: string, authProvider: AuthProvider, headers?: Record<string, string>);
     getPortfolio(userAddress: Address, filter?: {
         chainIds?: number[];
         tokens?: {
@@ -13,9 +14,13 @@ export declare class Orchestrator {
     }): Promise<Portfolio>;
     getIntentRoute(input: IntentInput): Promise<IntentRoute>;
     splitIntents(input: SplitIntentsInput): Promise<SplitIntentsResult>;
-    submitIntent(signedIntentOpUnformatted: SignedIntentOp, dryRun: boolean): Promise<IntentResult>;
+    submitIntent(signedIntentOpUnformatted: SignedIntentOp, dryRun: boolean, policyContext?: {
+        intentInput: unknown;
+        isSponsored: boolean;
+    }): Promise<IntentResult>;
     getIntentOpStatus(intentId: bigint): Promise<IntentOpStatus>;
     private getHeaders;
+    private getSubmitHeaders;
     private fetch;
     private parseError;
     private parseErrorMessage;

package/dist/src/orchestrator/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../orchestrator/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AA2BnC,OAAO,KAAK,EACV,WAAW,EACX,cAAc,EACd,YAAY,EACZ,WAAW,EACX,SAAS,EAET,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EACnB,MAAM,SAAS,CAAA;AAchB,qBAAa,YAAY;IACvB,OAAO,CAAC,SAAS,CAAQ;IACzB,OAAO,CAAC,MAAM,CAAC,CAAQ;IACvB,OAAO,CAAC,OAAO,CAAC,CAAwB;gBAGtC,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAO5B,YAAY,CAChB,WAAW,EAAE,OAAO,EACpB,MAAM,CAAC,EAAE;QACP,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;QACnB,MAAM,CAAC,EAAE;YACP,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,EAAE,CAAA;SAC7B,CAAA;KACF,GACA,OAAO,CAAC,SAAS,CAAC;IA+Cf,cAAc,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IASxD,YAAY,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwDnE,YAAY,CAChB,yBAAyB,EAAE,cAAc,EACzC,MAAM,EAAE,OAAO,GACd,OAAO,CAAC,YAAY,CAAC;IAelB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IASlE,OAAO,CAAC,UAAU;YAWJ,KAAK;IA6BnB,OAAO,CAAC,UAAU;IA6GlB,OAAO,CAAC,iBAAiB;CAmG1B"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../orchestrator/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AA2BpD,OAAO,KAAK,EACV,WAAW,EACX,cAAc,EACd,YAAY,EACZ,WAAW,EACX,SAAS,EAET,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EACnB,MAAM,SAAS,CAAA;AAchB,qBAAa,YAAY;IACvB,OAAO,CAAC,SAAS,CAAQ;IACzB,OAAO,CAAC,YAAY,CAAc;IAClC,OAAO,CAAC,YAAY,CAAC,CAAwB;gBAG3C,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,YAAY,EAC1B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAO5B,YAAY,CAChB,WAAW,EAAE,OAAO,EACpB,MAAM,CAAC,EAAE;QACP,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;QACnB,MAAM,CAAC,EAAE;YACP,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,EAAE,CAAA;SAC7B,CAAA;KACF,GACA,OAAO,CAAC,SAAS,CAAC;IA+Cf,cAAc,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IASxD,YAAY,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwDnE,YAAY,CAChB,yBAAyB,EAAE,cAAc,EACzC,MAAM,EAAE,OAAO,EACf,aAAa,CAAC,EAAE;QAAE,WAAW,EAAE,OAAO,CAAC;QAAC,WAAW,EAAE,OAAO,CAAA;KAAE,GAC7D,OAAO,CAAC,YAAY,CAAC;IAqBlB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;YASpD,UAAU;YAWV,gBAAgB;YAgBhB,KAAK;IA6BnB,OAAO,CAAC,UAAU;IA6GlB,OAAO,CAAC,iBAAiB;CAmG1B"}