@dev.sail.money/sailor 0.0.2-22 → 0.0.2-24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (115) hide show
  1. package/examples/permissions/BoundedSupply_AaveV3_Arbitrum.sol +6 -8
  2. package/examples/permissions/SailCalldata.sol +118 -0
  3. package/package.json +1 -1
  4. package/packages/cli/dist/index.cjs +248 -28
  5. package/packages/cli/dist/server.cjs +56 -16
  6. package/packages/sdk/dist/index.d.ts +1 -1
  7. package/packages/sdk/dist/index.d.ts.map +1 -1
  8. package/packages/sdk/dist/index.js +1 -1
  9. package/packages/sdk/dist/index.js.map +1 -1
  10. package/packages/sdk/dist/intelligence.d.ts +1 -1
  11. package/packages/sdk/dist/intelligence.js +1 -1
  12. package/packages/sdk/dist/lifi.d.ts +17 -0
  13. package/packages/sdk/dist/lifi.d.ts.map +1 -1
  14. package/packages/sdk/dist/lifi.js +24 -0
  15. package/packages/sdk/dist/lifi.js.map +1 -1
  16. package/packages/sdk/dist/types.d.ts +17 -1
  17. package/packages/sdk/dist/types.d.ts.map +1 -1
  18. package/packages/ui/dist/assets/{add-C--RBwJe.js → add--OaWHMEX.js} +1 -1
  19. package/packages/ui/dist/assets/{all-wallets-_xwd_eso.js → all-wallets-BH_4qsJ0.js} +1 -1
  20. package/packages/ui/dist/assets/{app-store-CIQsK1zU.js → app-store-j8XNWdo_.js} +1 -1
  21. package/packages/ui/dist/assets/{apple-BdlAnnmO.js → apple-DoNsugim.js} +1 -1
  22. package/packages/ui/dist/assets/{arrow-bottom-B5p_6Dat.js → arrow-bottom-D_enDpNq.js} +1 -1
  23. package/packages/ui/dist/assets/{arrow-bottom-circle-D7c6JPTF.js → arrow-bottom-circle-WWFGXKiz.js} +1 -1
  24. package/packages/ui/dist/assets/{arrow-left-SA4NpEnP.js → arrow-left-BUJGpX55.js} +1 -1
  25. package/packages/ui/dist/assets/{arrow-right-mOJNWujS.js → arrow-right-D5mkI_SK.js} +1 -1
  26. package/packages/ui/dist/assets/{arrow-top-CvPVVpHl.js → arrow-top-BXhKZNjN.js} +1 -1
  27. package/packages/ui/dist/assets/{bank-B2j2rPm9.js → bank-Dkkf0tum.js} +1 -1
  28. package/packages/ui/dist/assets/{basic-Bw6cXOlk.js → basic-DOdQ4iGr.js} +1 -1
  29. package/packages/ui/dist/assets/{browser-CUSNF__N.js → browser-NOeeokaH.js} +1 -1
  30. package/packages/ui/dist/assets/{card-CpKLox49.js → card-cdDhvSTA.js} +1 -1
  31. package/packages/ui/dist/assets/{ccip-XB9iQjXB.js → ccip-Dsn_0RCo.js} +1 -1
  32. package/packages/ui/dist/assets/{checkmark-BRpXeSCK.js → checkmark-9fzIA8S7.js} +1 -1
  33. package/packages/ui/dist/assets/{checkmark-bold-BkPvoqxo.js → checkmark-bold-DDvnKkth.js} +1 -1
  34. package/packages/ui/dist/assets/{chevron-bottom-CtK0W2av.js → chevron-bottom-CZ0cAj9w.js} +1 -1
  35. package/packages/ui/dist/assets/{chevron-left-NayfPMDy.js → chevron-left-cbciRp76.js} +1 -1
  36. package/packages/ui/dist/assets/{chevron-right-BPU2hCfA.js → chevron-right-aaIM8CMM.js} +1 -1
  37. package/packages/ui/dist/assets/{chevron-top-CTXwC4nM.js → chevron-top-Cv9x0gjk.js} +1 -1
  38. package/packages/ui/dist/assets/{chrome-store-eWIk0-YZ.js → chrome-store-DlOKVEJe.js} +1 -1
  39. package/packages/ui/dist/assets/{clock-VmYiq5jB.js → clock-5QviMwVt.js} +1 -1
  40. package/packages/ui/dist/assets/{close-NfBukMzW.js → close-myWpcxkH.js} +1 -1
  41. package/packages/ui/dist/assets/{coinPlaceholder-BWOeJc6j.js → coinPlaceholder-D3UzHxQZ.js} +1 -1
  42. package/packages/ui/dist/assets/{compass-oRk8W3iM.js → compass-DN7a9rAJ.js} +1 -1
  43. package/packages/ui/dist/assets/{copy-GcYQZOsF.js → copy-5dhhqdUd.js} +1 -1
  44. package/packages/ui/dist/assets/{core-B_rvnvkC.js → core-BlknpGLl.js} +3 -3
  45. package/packages/ui/dist/assets/cursor-Ckhq1uuc.js +3 -0
  46. package/packages/ui/dist/assets/{cursor-transparent-CGox3wZ-.js → cursor-transparent-hWLSc0KZ.js} +1 -1
  47. package/packages/ui/dist/assets/{desktop-DU4yyiV4.js → desktop-CZ-Yyu9E.js} +1 -1
  48. package/packages/ui/dist/assets/{disconnect-CJm9NnxK.js → disconnect-BkFpHyPA.js} +1 -1
  49. package/packages/ui/dist/assets/{discord-MxDL8Eq6.js → discord-BQr8vCO7.js} +1 -1
  50. package/packages/ui/dist/assets/{etherscan-CkCvlZiA.js → etherscan-BRQnPWan.js} +1 -1
  51. package/packages/ui/dist/assets/{events-CkyJn32_.js → events-BPX61gpp.js} +1 -1
  52. package/packages/ui/dist/assets/{exclamation-triangle-hH1JdYAZ.js → exclamation-triangle-DgiBPDRx.js} +1 -1
  53. package/packages/ui/dist/assets/{extension-DTMrXG5m.js → extension-DqOhrhYM.js} +1 -1
  54. package/packages/ui/dist/assets/{external-link-GSwn5MzD.js → external-link-CN3oX5O9.js} +1 -1
  55. package/packages/ui/dist/assets/{facebook-Vw_uyzaE.js → facebook-Y4EwFoke.js} +1 -1
  56. package/packages/ui/dist/assets/{fallback-BL3U4ZRT.js → fallback-DTghxJb4.js} +1 -1
  57. package/packages/ui/dist/assets/{farcaster-F-_di36M.js → farcaster-Bk5F07SC.js} +1 -1
  58. package/packages/ui/dist/assets/{filters-DQzcstDl.js → filters-Cz-QDvgT.js} +1 -1
  59. package/packages/ui/dist/assets/{github-BSq3_rEd.js → github-Cxkp89Tq.js} +1 -1
  60. package/packages/ui/dist/assets/{google-BU4QXiDS.js → google-DYqw-KYU.js} +1 -1
  61. package/packages/ui/dist/assets/{help-circle-CuF4iPyF.js → help-circle-BXMNYoIA.js} +1 -1
  62. package/packages/ui/dist/assets/{id-BQWlv0a_.js → id-BaD71KYD.js} +1 -1
  63. package/packages/ui/dist/assets/{image-BPNySDPo.js → image-B23hGUdW.js} +1 -1
  64. package/packages/ui/dist/assets/{index-D2wgBslE.js → index-BN6XqPDp.js} +1 -1
  65. package/packages/ui/dist/assets/{index-CMyY4FOR.js → index-BQ4JZ1HB.js} +3 -3
  66. package/packages/ui/dist/assets/{index-BMPQOOgv.js → index-C3IX4alt.js} +1 -1
  67. package/packages/ui/dist/assets/{index-Dc9_WV0G.js → index-CL1Pp-W8.js} +77 -77
  68. package/packages/ui/dist/assets/index-DCnJ64lX.css +1 -0
  69. package/packages/ui/dist/assets/{index-CsbiKM3b.js → index-DXwK5tlD.js} +1 -1
  70. package/packages/ui/dist/assets/{index-D0SPxlSM.js → index-Diq2KQvQ.js} +1 -1
  71. package/packages/ui/dist/assets/{index.es-CvyDIsY4.js → index.es-5g6Py2iz.js} +4 -4
  72. package/packages/ui/dist/assets/{info-D20yslek.js → info-DXuKXV9d.js} +1 -1
  73. package/packages/ui/dist/assets/{info-circle-BEjvYTHa.js → info-circle-CYkuEbJC.js} +1 -1
  74. package/packages/ui/dist/assets/{lightbulb-DfvLi5mQ.js → lightbulb-CuI54_aI.js} +1 -1
  75. package/packages/ui/dist/assets/{mail-CkgaIJAd.js → mail--8E_kt-f.js} +1 -1
  76. package/packages/ui/dist/assets/{metamask-sdk-O-IBvvGq.js → metamask-sdk-yzZWWcs3.js} +1 -1
  77. package/packages/ui/dist/assets/{mobile-CGc88WfG.js → mobile-CZymO9zO.js} +1 -1
  78. package/packages/ui/dist/assets/{more-DnX8wlTn.js → more-BYAwsmOZ.js} +1 -1
  79. package/packages/ui/dist/assets/{network-placeholder-DDrgA4a3.js → network-placeholder-08UzyBww.js} +1 -1
  80. package/packages/ui/dist/assets/{nftPlaceholder-DhHWPuD3.js → nftPlaceholder-BYQcom9C.js} +1 -1
  81. package/packages/ui/dist/assets/{off-D1CsYvPQ.js → off-CYMrTsdm.js} +1 -1
  82. package/packages/ui/dist/assets/{parseSignature-BlZUbtEc.js → parseSignature-WNjhiGa-.js} +1 -1
  83. package/packages/ui/dist/assets/{play-store-Dbkk8PTZ.js → play-store-C8qwnge4.js} +1 -1
  84. package/packages/ui/dist/assets/{plus-B8jXpls3.js → plus-D44RqQir.js} +1 -1
  85. package/packages/ui/dist/assets/{qr-code-CDuJ3ftj.js → qr-code-B2Zo3ucm.js} +1 -1
  86. package/packages/ui/dist/assets/{recycle-horizontal-ZFGjaHsZ.js → recycle-horizontal-GWYpxQB9.js} +1 -1
  87. package/packages/ui/dist/assets/{refresh-D0rMEDtF.js → refresh-MgpEHHa3.js} +1 -1
  88. package/packages/ui/dist/assets/{reown-logo-NlCNVmgd.js → reown-logo-CteGf0y0.js} +1 -1
  89. package/packages/ui/dist/assets/{search-CrJAA2qW.js → search-tUzIsCFS.js} +1 -1
  90. package/packages/ui/dist/assets/{secp256k1-mJj6W2AI.js → secp256k1-DmFqeUJ_.js} +1 -1
  91. package/packages/ui/dist/assets/{send-C7CoRziM.js → send-C9UNMMEg.js} +1 -1
  92. package/packages/ui/dist/assets/{swapHorizontal-fD3wbCGJ.js → swapHorizontal-Bhb2KCgj.js} +1 -1
  93. package/packages/ui/dist/assets/{swapHorizontalBold-Cc-jQ6as.js → swapHorizontalBold-Dx8XHsp8.js} +1 -1
  94. package/packages/ui/dist/assets/{swapHorizontalMedium-DlJW6uX1.js → swapHorizontalMedium-BU5Bg66C.js} +1 -1
  95. package/packages/ui/dist/assets/{swapHorizontalRoundedBold-1VHOerLO.js → swapHorizontalRoundedBold-DZtiRbnr.js} +1 -1
  96. package/packages/ui/dist/assets/{swapVertical-CKaRlkZK.js → swapVertical-Da4jr_Iy.js} +1 -1
  97. package/packages/ui/dist/assets/{telegram-DnCYed4D.js → telegram-2JwKMtW5.js} +1 -1
  98. package/packages/ui/dist/assets/{three-dots-BFluoxma.js → three-dots-BvVnpuAg.js} +1 -1
  99. package/packages/ui/dist/assets/{twitch-BXGv98S9.js → twitch-C6DOrjYX.js} +1 -1
  100. package/packages/ui/dist/assets/{twitterIcon-C6IdXEe5.js → twitterIcon-BQu41-nP.js} +1 -1
  101. package/packages/ui/dist/assets/{verify-D_QGyiLQ.js → verify-CFZQJntQ.js} +1 -1
  102. package/packages/ui/dist/assets/{verify-filled-DIW8QKL9.js → verify-filled-Cy6vpeJk.js} +1 -1
  103. package/packages/ui/dist/assets/{w3m-modal-Do9U160p.js → w3m-modal-De9EZPA2.js} +1 -1
  104. package/packages/ui/dist/assets/{wallet-CcARZnOx.js → wallet-BfWc3N5d.js} +1 -1
  105. package/packages/ui/dist/assets/{wallet-placeholder-X1coFzQa.js → wallet-placeholder-BuxnWFqL.js} +1 -1
  106. package/packages/ui/dist/assets/{walletconnect-Glte9ia7.js → walletconnect-CjirfANF.js} +1 -1
  107. package/packages/ui/dist/assets/{warning-circle-j-3V4KTo.js → warning-circle-CqS0eXEs.js} +1 -1
  108. package/packages/ui/dist/assets/{x-Bcc52c_T.js → x-DQeWAjll.js} +1 -1
  109. package/packages/ui/dist/index.html +2 -2
  110. package/templates/custom-mandate/README.md +31 -0
  111. package/templates/custom-mandate/mandates/BoundedCallPermission.sol +8 -2
  112. package/templates/custom-mandate/mandates/SailCalldata.sol +118 -0
  113. package/templates/default/AGENTS.md +51 -2
  114. package/packages/ui/dist/assets/cursor-BAViuJWh.js +0 -3
  115. package/packages/ui/dist/assets/index-DDKDa0s2.css +0 -1
package/examples/permissions/BoundedSupply_AaveV3_Arbitrum.sol CHANGED
@@ -33,6 +33,7 @@ pragma solidity 0.8.26;
33
33
  // ─────────────────────────────────────────────────────────────────────────────
34
34
 
35
35
  import {IPermission, Context} from "@sail/interfaces/IPermission.sol";
36
+ import {SailCalldata} from "./SailCalldata.sol";
36
37
 
37
38
  contract BoundedSupply_AaveV3_Arbitrum is IPermission {
38
39
  bytes32 private constant DISCRIMINATOR = keccak256("BoundedSupply_AaveV3_Arbitrum");
@@ -63,15 +64,12 @@ contract BoundedSupply_AaveV3_Arbitrum is IPermission {
63
64
  if (ctx.target != AAVE_POOL) return false;
64
65
  if (ctx.selector != SEL_SUPPLY) return false;
65
66
  // supply(address asset, uint256 amount, address onBehalfOf, uint16 referralCode)
66
- // = 4 ABI-encoded 32-byte slots after the 4-byte selector
67
- if (txData.length < 4 + 4 * 32) return false;
67
+ if (!SailCalldata.hasParams(txData, 4)) return false;
68
68
 
69
- (
70
- address asset,
71
- uint256 amount,
72
- address onBehalfOf,
73
- /* uint16 referralCode — not bounded */
74
- ) = abi.decode(txData[4:], (address, uint256, address, uint16));
69
+ address asset = SailCalldata.asAddress(txData, 0);
70
+ uint256 amount = SailCalldata.asUint256(txData, 1);
71
+ address onBehalfOf = SailCalldata.asAddress(txData, 2);
72
+ // slot 3 = referralCode (uint16) — informational, not bounded
75
73
 
76
74
  if (!isAllowedAsset[asset]) return false;
77
75
  if (amount > MAX_SUPPLY_AMOUNT) return false;
package/examples/permissions/SailCalldata.sol ADDED
@@ -0,0 +1,118 @@
1
+ // SPDX-License-Identifier: MIT
2
+ pragma solidity 0.8.26;
3
+
4
+ // ─────────────────────────────────────────────────────────────────────────────
5
+ // SailCalldata — safe static-parameter extraction for IPermission.evaluate()
6
+ //
7
+ // PROBLEM
8
+ // evaluate(bytes calldata txData, Context calldata ctx) receives raw ABI-
9
+ // encoded calldata. Extracting parameters by hand is the most dangerous part
10
+ // of permission writing:
11
+ // • Forgetting the length check before decoding → silent wrong value or
12
+ // revert instead of clean `return false`.
13
+ // • Wrong slot index → decoding the wrong parameter (type-checks, still wrong).
14
+ // • Truncation bugs when casting uint256 slots to address (padding bits).
15
+ //
16
+ // SOLUTION
17
+ // This library centralises the three operations into named helpers:
18
+ // 1. hasParams() — explicit length guard (call once, at the top of evaluate)
19
+ // 2. asAddress() — extract + mask to 20 bytes
20
+ // 3. asUint256(), asInt256(), asBytes32(), asBool(), asUint128() — typed slots
21
+ //
22
+ // All helpers are view/pure and add zero gas overhead beyond the slice itself.
23
+ //
24
+ // USAGE (replace abi.decode pattern)
25
+ //
26
+ // // Before:
27
+ // if (txData.length < 4 + 3 * 32) return false;
28
+ // (address asset, uint256 amount, address onBehalfOf) =
29
+ // abi.decode(txData[4:], (address, uint256, address));
30
+ //
31
+ // // After:
32
+ // if (!SailCalldata.hasParams(txData, 3)) return false;
33
+ // address asset = SailCalldata.asAddress(txData, 0);
34
+ // uint256 amount = SailCalldata.asUint256(txData, 1);
35
+ // address onBehalfOf = SailCalldata.asAddress(txData, 2);
36
+ //
37
+ // LIMITATIONS
38
+ // Only covers static (fixed-size) ABI types. Dynamic types (bytes, string,
39
+ // arrays) use pointer indirection — decode them with abi.decode(txData[4:], ...)
40
+ // after the hasParams() guard, or write a dedicated extractor.
41
+ //
42
+ // SLOT INDEXING
43
+ // Slots are 0-indexed from the first constructor parameter (after the 4-byte
44
+ // selector). Slot 0 = bytes [4..35], slot 1 = bytes [36..67], etc.
45
+ // ─────────────────────────────────────────────────────────────────────────────
46
+
47
+ library SailCalldata {
48
+ // ── Guards ────────────────────────────────────────────────────────────────
49
+
50
+ /// @notice Returns true when txData is long enough to hold `params` static
51
+ /// 32-byte ABI slots after the 4-byte selector.
52
+ /// @dev Call this once at the top of evaluate() before any slot access.
53
+ /// Returns false (not revert) so evaluate() can return false cleanly.
54
+ function hasParams(bytes calldata txData, uint256 params) internal pure returns (bool) {
55
+ return txData.length >= 4 + params * 32;
56
+ }
57
+
58
+ // ── Static-type extractors ────────────────────────────────────────────────
59
+ // All assume hasParams() has already been checked for the relevant slot.
60
+ // Accessing an out-of-bounds slot will cause the calldata slice to revert —
61
+ // always guard with hasParams() first.
62
+
63
+ /// @notice Extract an address from ABI slot `i` (0-indexed after selector).
64
+ /// Masks to 20 bytes, discarding the ABI zero-padding in the upper 12.
65
+ function asAddress(bytes calldata txData, uint256 i) internal pure returns (address) {
66
+ return address(uint160(uint256(bytes32(txData[4 + i * 32 : 4 + (i + 1) * 32]))));
67
+ }
68
+
69
+ /// @notice Extract a uint256 from ABI slot `i`.
70
+ function asUint256(bytes calldata txData, uint256 i) internal pure returns (uint256) {
71
+ return uint256(bytes32(txData[4 + i * 32 : 4 + (i + 1) * 32]));
72
+ }
73
+
74
+ /// @notice Extract an int256 from ABI slot `i`.
75
+ function asInt256(bytes calldata txData, uint256 i) internal pure returns (int256) {
76
+ return int256(uint256(bytes32(txData[4 + i * 32 : 4 + (i + 1) * 32])));
77
+ }
78
+
79
+ /// @notice Extract a bytes32 from ABI slot `i`.
80
+ function asBytes32(bytes calldata txData, uint256 i) internal pure returns (bytes32) {
81
+ return bytes32(txData[4 + i * 32 : 4 + (i + 1) * 32]);
82
+ }
83
+
84
+ /// @notice Extract a bool from ABI slot `i` (true when slot value is non-zero).
85
+ function asBool(bytes calldata txData, uint256 i) internal pure returns (bool) {
86
+ return asUint256(txData, i) != 0;
87
+ }
88
+
89
+ /// @notice Extract a uint128 from ABI slot `i` (lower 128 bits of the slot).
90
+ function asUint128(bytes calldata txData, uint256 i) internal pure returns (uint128) {
91
+ return uint128(asUint256(txData, i));
92
+ }
93
+
94
+ /// @notice Extract a uint64 from ABI slot `i`.
95
+ function asUint64(bytes calldata txData, uint256 i) internal pure returns (uint64) {
96
+ return uint64(asUint256(txData, i));
97
+ }
98
+
99
+ /// @notice Extract a uint32 from ABI slot `i`.
100
+ function asUint32(bytes calldata txData, uint256 i) internal pure returns (uint32) {
101
+ return uint32(asUint256(txData, i));
102
+ }
103
+
104
+ /// @notice Extract a uint24 from ABI slot `i` (e.g. Uniswap fee tier).
105
+ function asUint24(bytes calldata txData, uint256 i) internal pure returns (uint24) {
106
+ return uint24(asUint256(txData, i));
107
+ }
108
+
109
+ /// @notice Extract a uint16 from ABI slot `i` (e.g. Aave referral code).
110
+ function asUint16(bytes calldata txData, uint256 i) internal pure returns (uint16) {
111
+ return uint16(asUint256(txData, i));
112
+ }
113
+
114
+ /// @notice Extract bytes4 (a function selector) from ABI slot `i`.
115
+ function asBytes4(bytes calldata txData, uint256 i) internal pure returns (bytes4) {
116
+ return bytes4(asBytes32(txData, i));
117
+ }
118
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dev.sail.money/sailor",
3
- "version": "0.0.2-22",
3
+ "version": "0.0.2-24",
4
4
  "description": "Operator toolkit for Sail Protocol",
5
5
  "bin": {
6
6
  "sailor": "packages/cli/dist/index.cjs"