@dev.sail.money/sailor 0.0.2-23 → 0.0.2-27

package/packages/cli/dist/index.cjs

@@ -35206,7 +35206,7 @@ var {
   Help
 } = import_index.default;
 
-// ../chains/dist/index.js
+// ../sdk/src/chains.ts
 var chains = {
   // Ethereum mainnet
   1: {
@@ -35282,15 +35282,17 @@ var chains = {
 function getChain(chainId) {
   const config = chains[chainId];
   if (!config) {
-    throw new Error(`Chain ${chainId} is not yet supported. Add it to @sail/chains once SailKernel is deployed.`);
+    throw new Error(
+      `Chain ${chainId} is not supported. Supported chains: 1 (Ethereum), 8453 (Base), 42161 (Arbitrum), 130 (Unichain), 84532 (Base Sepolia), 11155111 (Eth Sepolia).`
+    );
   }
   return config;
 }
 
-// ../sdk/dist/client.js
+// ../sdk/src/client.ts
 init_esm2();
 
-// ../sdk/dist/abis/SailKernel.js
+// ../sdk/src/abis/SailKernel.ts
 var SailKernelAbi = [
   // ── Account instantiation ────────────────────────────────────────────────
   {
@@ -35595,7 +35597,7 @@ var SailKernelAbi = [
   }
 ];
 
-// ../sdk/dist/capabilities.js
+// ../sdk/src/capabilities.ts
 init_esm2();
 var DISPATCH_TYPE_STRINGS = {
   conjunctive: "Dispatch(address account,address target,uint256 value,bytes32 dataHash,uint256 nonce,uint256 deadline)",
@@ -35640,7 +35642,9 @@ function fromDispatchTypehash(kernel, dispatchTypehash, registerPermissionTypeha
   } else if (dispatchTypehash === DISPATCH_TYPEHASHES.selective) {
     dispatchModel = "selective";
   } else {
-    throw new Error(`Unrecognized kernel DISPATCH_TYPEHASH ${dispatchTypehash} for ${kernel}. The SDK cannot safely sign dispatches for this kernel version. Known: conjunctive=${DISPATCH_TYPEHASHES.conjunctive}, selective=${DISPATCH_TYPEHASHES.selective}.`);
+    throw new Error(
+      `Unrecognized kernel DISPATCH_TYPEHASH ${dispatchTypehash} for ${kernel}. The SDK cannot safely sign dispatches for this kernel version. Known: conjunctive=${DISPATCH_TYPEHASHES.conjunctive}, selective=${DISPATCH_TYPEHASHES.selective}.`
+    );
   }
   let registerPermissionHasDeadline = dispatchModel === "selective";
   if (registerPermissionTypehash === REGISTER_PERMISSION_TYPEHASHES.withDeadline) {
@@ -35665,8 +35669,7 @@ async function detectKernelCapabilities(publicClient, kernel, opts) {
   const key = cacheKey2(chainId, kernel);
   if (!opts?.force) {
     const hit = cache.get(key);
-    if (hit)
-      return hit;
+    if (hit) return hit;
   }
   let dispatchTypehash;
   let registerPermissionTypehash;
@@ -35688,17 +35691,29 @@ async function detectKernelCapabilities(publicClient, kernel, opts) {
   }
   let caps;
   if (dispatchTypehash) {
-    caps = fromDispatchTypehash(kernel, dispatchTypehash, registerPermissionTypehash, "onchain-typehash");
+    caps = fromDispatchTypehash(
+      kernel,
+      dispatchTypehash,
+      registerPermissionTypehash,
+      "onchain-typehash"
+    );
   } else if (opts?.staticModel) {
-    caps = fromDispatchTypehash(kernel, DISPATCH_TYPEHASHES[opts.staticModel], void 0, "static-hint");
+    caps = fromDispatchTypehash(
+      kernel,
+      DISPATCH_TYPEHASHES[opts.staticModel],
+      void 0,
+      "static-hint"
+    );
   } else {
-    throw new Error(`Could not read DISPATCH_TYPEHASH from kernel ${kernel}, and no staticModel hint was given. Pass opts.staticModel ('conjunctive' | 'selective') to proceed without on-chain detection.`);
+    throw new Error(
+      `Could not read DISPATCH_TYPEHASH from kernel ${kernel}, and no staticModel hint was given. Pass opts.staticModel ('conjunctive' | 'selective') to proceed without on-chain detection.`
+    );
   }
   cache.set(key, caps);
   return caps;
 }
 
-// ../sdk/dist/deployments.js
+// ../sdk/src/deployments.ts
 var CREATE2_KERNEL = "0x02ABC18B65A328de2e749F56ba79ACF2718a6659";
 var CREATE2_GOVERNANCE = "0x7A478118715791728BDE3bc7A4D7ECfdEB89C6EC";
 var CREATE2_TIMELOCK = "0xE48Ba8DB6d748adafD13155c3590f62e58a77f56";
@@ -35851,7 +35866,7 @@ function getSailDeployment(chainId) {
   return deployment;
 }
 
-// ../sdk/dist/errors.js
+// ../sdk/src/errors.ts
 init_esm2();
 var KERNEL_ERROR_SIGNATURES = [
   "error AccountAlreadyRegistered(address account)",
@@ -35930,14 +35945,12 @@ async function decode2(data) {
   }
 }
 function decodeKernelError(data) {
-  if (!data || data === "0x")
-    return Promise.resolve(null);
+  if (!data || data === "0x") return Promise.resolve(null);
   return decode2(data);
 }
 async function explainKernelRevert(err) {
   const data = extractRevertData(err);
-  if (!data)
-    return null;
+  if (!data) return null;
   return decodeKernelError(data);
 }
 function extractRevertData(err) {
@@ -35967,7 +35980,7 @@ function extractRevertData(err) {
   return null;
 }
 
-// ../sdk/dist/eip712.js
+// ../sdk/src/eip712.ts
 init_esm2();
 function sailKernelDomain(args) {
   return {
@@ -36021,12 +36034,16 @@ async function buildDispatchSignature(params) {
   const dataHash = keccak256(call2.data);
   const selective = caps.dispatchModel === "selective";
   const message = selective ? { account: account2, permission, target: call2.target, value: call2.value, dataHash, nonce, deadline } : { account: account2, target: call2.target, value: call2.value, dataHash, nonce, deadline };
-  const signature = await manager.signTyped(sailKernelDomain({ chainId, kernel }), {
-    primaryType: "Dispatch",
-    types: {
-      Dispatch: DISPATCH_EIP712_FIELDS[caps.dispatchModel]
-    }
-  }, message);
+  const signature = await manager.signTyped(
+    sailKernelDomain({ chainId, kernel }),
+    {
+      primaryType: "Dispatch",
+      types: {
+        Dispatch: DISPATCH_EIP712_FIELDS[caps.dispatchModel]
+      }
+    },
+    message
+  );
   return { signature, nonce, deadline, dispatchModel: caps.dispatchModel };
 }
 var REGISTER_PERMISSION_TYPES = {
@@ -36105,7 +36122,7 @@ function buildRegisterPermissionsBatchTypedData(args) {
   };
 }
 
-// ../sdk/dist/lifi.js
+// ../sdk/src/lifi.ts
 init_esm2();
 var LIFI_QUOTE_URL = "https://li.quest/v1/quote";
 var LIFI_ROUTERS = {
@@ -36144,7 +36161,9 @@ async function fetchLifiQuote(params) {
   const quote = await res.json();
   const tx = quote.transactionRequest;
   if (!tx?.to || !tx?.data) {
-    throw new Error("LiFi quote returned no usable transactionRequest: " + JSON.stringify(quote).slice(0, 400));
+    throw new Error(
+      "LiFi quote returned no usable transactionRequest: " + JSON.stringify(quote).slice(0, 400)
+    );
   }
   return {
     target: tx.to,
@@ -36155,7 +36174,7 @@ async function fetchLifiQuote(params) {
   };
 }
 
-// ../sdk/dist/client.js
+// ../sdk/src/client.ts
 function notImplemented() {
   throw new Error("not implemented");
 }
@@ -36199,17 +36218,13 @@ var CONJUNCTIVE_DISPATCH_ABI = [
 async function enrichKernelRevert(err) {
   const decoded = await explainKernelRevert(err);
   const base2 = err instanceof Error ? err : new Error(String(err));
-  if (!decoded)
-    return base2;
+  if (!decoded) return base2;
   const wrapped = new Error(`Kernel reverted: ${decoded.message}`);
   wrapped.cause = base2;
   wrapped.kernelError = decoded;
   return wrapped;
 }
 var KernelNamespace = class {
-  publicClient;
-  config;
-  walletClient;
   constructor(publicClient, config, walletClient) {
     this.publicClient = publicClient;
     this.config = config;
@@ -36218,13 +36233,17 @@ var KernelNamespace = class {
   requireKernel() {
     const kernel = this.config.kernel;
     if (!kernel) {
-      throw new Error("SailKernel address not configured \u2014 set `kernel` in SailorClientConfig.");
+      throw new Error(
+        "SailKernel address not configured \u2014 set `kernel` in SailorClientConfig."
+      );
     }
     return kernel;
   }
   requireSigner() {
     if (!this.walletClient) {
-      throw new Error("No signer attached \u2014 call client.withSigner(walletClient) before write operations.");
+      throw new Error(
+        "No signer attached \u2014 call client.withSigner(walletClient) before write operations."
+      );
     }
     return this.walletClient;
   }
@@ -36247,7 +36266,9 @@ var AccountNamespace = class extends KernelNamespace {
     const kernel = this.requireKernel();
     const signer = this.requireSigner();
     if (!params.safeFactory || !params.safeSingleton || !params.safeInitializer) {
-      throw new Error("createAccount requires safeFactory, safeSingleton, and safeInitializer.");
+      throw new Error(
+        "createAccount requires safeFactory, safeSingleton, and safeInitializer."
+      );
     }
     const txHash = await signer.writeContract({
       address: kernel,
@@ -36308,17 +36329,21 @@ var MandateNamespace = class extends KernelNamespace {
       functionName: "signerNonces",
       args: [safe]
     });
-    const sig = await signer.signTyped(sailKernelDomain({ chainId: this.config.chainId, kernel }), {
-      primaryType: "RegisterPermissions",
-      types: {
-        RegisterPermissions: [
-          { name: "account", type: "address" },
-          { name: "permissions", type: "address[]" },
-          { name: "nonce", type: "uint256" },
-          { name: "deadline", type: "uint256" }
-        ]
-      }
-    }, { account: safe, permissions, nonce, deadline });
+    const sig = await signer.signTyped(
+      sailKernelDomain({ chainId: this.config.chainId, kernel }),
+      {
+        primaryType: "RegisterPermissions",
+        types: {
+          RegisterPermissions: [
+            { name: "account", type: "address" },
+            { name: "permissions", type: "address[]" },
+            { name: "nonce", type: "uint256" },
+            { name: "deadline", type: "uint256" }
+          ]
+        }
+      },
+      { account: safe, permissions, nonce, deadline }
+    );
     await wallet.writeContract({
       address: kernel,
       abi: SailKernelAbi,
@@ -36337,7 +36362,9 @@ var MandateNamespace = class extends KernelNamespace {
     return notImplemented();
   }
   deployAndAttachClone(_safe, _impl, _initData, _salt, _signer) {
-    throw new Error("deployAndAttachClone is not yet implemented in the SDK.\nUse `sailor mandate attach --address <impl>` to attach a clone template via the factory.");
+    throw new Error(
+      "deployAndAttachClone is not yet implemented in the SDK.\nUse `sailor mandate attach --address <impl>` to attach a clone template via the factory."
+    );
   }
   async list(safe) {
     const kernel = this.requireKernel();
@@ -36407,11 +36434,12 @@ var DispatchNamespace = class extends KernelNamespace {
     let latest = 0n;
     for (let i = 0; i < tries; i++) {
       latest = await this.readManagerNonce(kernel, safe);
-      if (latest >= expected)
-        return latest;
+      if (latest >= expected) return latest;
       await delay(1e3);
     }
-    throw new Error(`Manager nonce for ${safe} did not reach ${expected} after ${tries}s (last seen ${latest}). The prior dispatch may not have mined, or the RPC endpoint is lagging. Retry, or pass an explicit nonce via options.nonce.`);
+    throw new Error(
+      `Manager nonce for ${safe} did not reach ${expected} after ${tries}s (last seen ${latest}). The prior dispatch may not have mined, or the RPC endpoint is lagging. Retry, or pass an explicit nonce via options.nonce.`
+    );
   }
   /**
    * Determine the nonce to sign with. Honors an explicit `options.nonce`
@@ -36420,8 +36448,7 @@ var DispatchNamespace = class extends KernelNamespace {
    * dispatch on this account) before reading the live value.
    */
   async resolveNonce(kernel, safe, options) {
-    if (options?.nonce !== void 0)
-      return options.nonce;
+    if (options?.nonce !== void 0) return options.nonce;
     const expected = options?.awaitNonce ?? this.nextNonce.get(this.nonceKey(kernel, safe));
     if (expected !== void 0) {
       return this.waitForManagerNonce(kernel, safe, expected);
@@ -36513,7 +36540,9 @@ var DispatchNamespace = class extends KernelNamespace {
     const deadline = defaultDeadline();
     const caps = await this.capabilities();
     if (caps.dispatchModel === "conjunctive") {
-      throw new Error(`Batch dispatch is not supported by the conjunctive kernel at ${kernel} (it has no dispatchBatch). Submit calls individually via dispatch.single, ensuring the manager nonce advances between them.`);
+      throw new Error(
+        `Batch dispatch is not supported by the conjunctive kernel at ${kernel} (it has no dispatchBatch). Submit calls individually via dispatch.single, ensuring the manager nonce advances between them.`
+      );
     }
     const nonce = await this.publicClient.readContract({
       address: kernel,
@@ -36521,19 +36550,25 @@ var DispatchNamespace = class extends KernelNamespace {
       functionName: "batchNonces",
       args: [safe]
     });
-    const callsHash = keccak256(encodeAbiParameters([{ type: "tuple[]", components: CALL_COMPONENTS }], [calls]));
-    const managerSig = await manager.signTyped(sailKernelDomain({ chainId: this.config.chainId, kernel }), {
-      primaryType: "DispatchBatch",
-      types: {
-        DispatchBatch: [
-          { name: "account", type: "address" },
-          { name: "permission", type: "address" },
-          { name: "callsHash", type: "bytes32" },
-          { name: "nonce", type: "uint256" },
-          { name: "deadline", type: "uint256" }
-        ]
-      }
-    }, { account: safe, permission, callsHash, nonce, deadline });
+    const callsHash = keccak256(
+      encodeAbiParameters([{ type: "tuple[]", components: CALL_COMPONENTS }], [calls])
+    );
+    const managerSig = await manager.signTyped(
+      sailKernelDomain({ chainId: this.config.chainId, kernel }),
+      {
+        primaryType: "DispatchBatch",
+        types: {
+          DispatchBatch: [
+            { name: "account", type: "address" },
+            { name: "permission", type: "address" },
+            { name: "callsHash", type: "bytes32" },
+            { name: "nonce", type: "uint256" },
+            { name: "deadline", type: "uint256" }
+          ]
+        }
+      },
+      { account: safe, permission, callsHash, nonce, deadline }
+    );
     let txHash;
     try {
       txHash = await wallet.writeContract({
@@ -36558,7 +36593,9 @@ var DispatchNamespace = class extends KernelNamespace {
     const kernel = this.requireKernel();
     const caps = await this.capabilities();
     if (caps.dispatchModel === "conjunctive") {
-      throw new Error(`Dry-run preview is not supported by the conjunctive kernel at ${kernel} (it has no previewBatch view). Validate calls off-chain against each registered permission's evaluate() logic, or simulate the dispatch.single tx instead.`);
+      throw new Error(
+        `Dry-run preview is not supported by the conjunctive kernel at ${kernel} (it has no previewBatch view). Validate calls off-chain against each registered permission's evaluate() logic, or simulate the dispatch.single tx instead.`
+      );
     }
     const [approved, reason] = await this.publicClient.readContract({
       address: kernel,
@@ -36570,7 +36607,6 @@ var DispatchNamespace = class extends KernelNamespace {
   }
 };
 var StrategyNamespace = class extends KernelNamespace {
-  dispatch;
   constructor(publicClient, config, dispatch, walletClient) {
     super(publicClient, config, walletClient);
     this.dispatch = dispatch;
@@ -36588,13 +36624,17 @@ var StrategyNamespace = class extends KernelNamespace {
     const slippage = params.slippage ?? DEFAULT_SLIPPAGE;
     const router = params.router ?? LIFI_ROUTERS[this.config.chainId];
     if (!router) {
-      throw new Error(`No LiFi router known for chain ${this.config.chainId}. Pass params.router explicitly.`);
+      throw new Error(
+        `No LiFi router known for chain ${this.config.chainId}. Pass params.router explicitly.`
+      );
     }
     const caps = await this.capabilities();
     const swapPermission = params.swapPermission ?? router;
     const approvePermission = params.approvePermission ?? params.swapPermission ?? router;
     if (caps.dispatchModel === "selective" && !params.swapPermission) {
-      throw new Error("This kernel uses the selective dispatch model \u2014 params.swapPermission is required (the permission that authorizes the swap).");
+      throw new Error(
+        "This kernel uses the selective dispatch model \u2014 params.swapPermission is required (the permission that authorizes the swap)."
+      );
     }
     const quote = await fetchLifiQuote({
       chainId: this.config.chainId,
@@ -36614,9 +36654,19 @@ var StrategyNamespace = class extends KernelNamespace {
     let approve;
     if (allowance < params.amount) {
       const approveAmount = params.approveAmount ?? params.amount;
-      approve = await this.dispatch.single(safe, approvePermission, { target: params.from, value: 0n, data: encodeApprove(router, approveAmount) }, manager);
+      approve = await this.dispatch.single(
+        safe,
+        approvePermission,
+        { target: params.from, value: 0n, data: encodeApprove(router, approveAmount) },
+        manager
+      );
     }
-    const swap = await this.dispatch.single(safe, swapPermission, { target: quote.target, value: quote.value, data: quote.data }, manager);
+    const swap = await this.dispatch.single(
+      safe,
+      swapPermission,
+      { target: quote.target, value: quote.value, data: quote.data },
+      manager
+    );
     return {
       swap,
       approve,
@@ -36736,7 +36786,7 @@ var SailorClient = class _SailorClient {
   }
 };
 
-// ../sdk/dist/keyring.js
+// ../sdk/src/keyring.ts
 var import_node_crypto = require("node:crypto");
 var import_node_fs = require("node:fs");
 init_esm2();
@@ -37418,7 +37468,7 @@ function mnemonicToAccount(mnemonic, { passphrase, ...hdKeyOpts } = {}) {
   return hdKeyToAccount(HDKey.fromMasterSeed(seed), hdKeyOpts);
 }
 
-// ../sdk/dist/keyring.js
+// ../sdk/src/keyring.ts
 var SCRYPT_N = 1 << 18;
 var SCRYPT_R = 8;
 var SCRYPT_P = 1;
@@ -37436,11 +37486,16 @@ var LocalKeyring = class _LocalKeyring {
       this.address = account2.address;
       this.privateKey = options.privateKey;
     } else if (options.type === "mnemonic") {
-      const account2 = mnemonicToAccount(options.mnemonic, options.derivationPath ? { path: options.derivationPath } : void 0);
+      const account2 = mnemonicToAccount(
+        options.mnemonic,
+        options.derivationPath ? { path: options.derivationPath } : void 0
+      );
       this.account = account2;
       this.address = account2.address;
     } else {
-      throw new Error("keystore decryption not implemented \u2014 use type: 'privateKey' or type: 'mnemonic' instead");
+      throw new Error(
+        "keystore decryption not implemented \u2014 use type: 'privateKey' or type: 'mnemonic' instead"
+      );
     }
   }
   /** Returns a lightweight signer stub for read-only contexts where the key is not available. */
@@ -37470,7 +37525,9 @@ var LocalKeyring = class _LocalKeyring {
     }
     const { n, r, p, dklen, salt } = crypto3.kdfparams;
     if (n < 1 << 14) {
-      throw new Error(`Keystore scrypt N=${n} is below the minimum accepted value (16384). Refusing to decrypt.`);
+      throw new Error(
+        `Keystore scrypt N=${n} is below the minimum accepted value (16384). Refusing to decrypt.`
+      );
     }
     if (r < 8) {
       throw new Error(`Keystore scrypt r=${r} is below the minimum accepted value (8).`);
@@ -37488,7 +37545,11 @@ var LocalKeyring = class _LocalKeyring {
     if (computedMac.length !== storedMac.length || !(0, import_node_crypto.timingSafeEqual)(computedMac, storedMac)) {
       throw new Error("Invalid password or corrupt keystore");
     }
-    const decipher = (0, import_node_crypto.createDecipheriv)("aes-128-ctr", derived.subarray(0, 16), Buffer.from(crypto3.cipherparams.iv, "hex"));
+    const decipher = (0, import_node_crypto.createDecipheriv)(
+      "aes-128-ctr",
+      derived.subarray(0, 16),
+      Buffer.from(crypto3.cipherparams.iv, "hex")
+    );
     const pkBytes = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
     return _LocalKeyring.fromPrivateKey(`0x${pkBytes.toString("hex")}`);
   }
@@ -37526,7 +37587,9 @@ var LocalKeyring = class _LocalKeyring {
   /** Exports the private key as an encrypted keystore JSON (scrypt + aes-128-ctr, geth v3). */
   async exportKeystore(password) {
     if (!this.privateKey) {
-      throw new Error("Private key unavailable \u2014 only privateKey/generated keyrings can be exported");
+      throw new Error(
+        "Private key unavailable \u2014 only privateKey/generated keyrings can be exported"
+      );
     }
     const salt = (0, import_node_crypto.randomBytes)(32);
     const derived = (0, import_node_crypto.scryptSync)(password, salt, SCRYPT_DKLEN, {
@@ -37563,7 +37626,7 @@ var LocalKeyring = class _LocalKeyring {
   }
 };
 
-// ../sdk/dist/abis/SailGovernance.js
+// ../sdk/src/abis/SailGovernance.ts
 var SailGovernanceAbi = [
   {
     type: "function",
@@ -37609,7 +37672,7 @@ var SailGovernanceAbi = [
   }
 ];
 
-// ../sdk/dist/safe.js
+// ../sdk/src/safe.ts
 init_esm2();
 var setManagerAbi = [
   {
@@ -37699,7 +37762,10 @@ function buildSafeSetupInitializer(params) {
   });
 }
 function buildApprovedHashSignature(owner2) {
-  return encodePacked(["bytes32", "bytes32", "uint8"], [pad(owner2, { size: 32 }), pad("0x", { size: 32 }), 1]);
+  return encodePacked(
+    ["bytes32", "bytes32", "uint8"],
+    [pad(owner2, { size: 32 }), pad("0x", { size: 32 }), 1]
+  );
 }
 var safeProxyFactoryAbi = [
   {
@@ -37712,11 +37778,15 @@ var safeProxyFactoryAbi = [
 ];
 function computeSafeProxyAddress(params) {
   const { initializer, saltNonce, proxyCreationCode } = params;
-  const initCodeHash = keccak256(concat([
-    proxyCreationCode,
-    encodeAbiParameters([{ type: "address" }], [SAFE_V141.singletonL2])
-  ]));
-  const salt = keccak256(encodePacked(["bytes32", "uint256"], [keccak256(initializer), saltNonce]));
+  const initCodeHash = keccak256(
+    concat([
+      proxyCreationCode,
+      encodeAbiParameters([{ type: "address" }], [SAFE_V141.singletonL2])
+    ])
+  );
+  const salt = keccak256(
+    encodePacked(["bytes32", "uint256"], [keccak256(initializer), saltNonce])
+  );
   return getCreate2Address({
     from: SAFE_V141.proxyFactory,
     salt,
@@ -37725,13 +37795,20 @@ function computeSafeProxyAddress(params) {
 }
 function computeKernelBoundSalt(params) {
   const { saltNonce, deployer, permissionSigner, manager, feePolicy } = params;
-  return BigInt(keccak256(encodeAbiParameters([
-    { type: "uint256" },
-    { type: "address" },
-    { type: "address" },
-    { type: "address" },
-    { type: "address" }
-  ], [saltNonce, deployer, permissionSigner, manager, feePolicy])));
+  return BigInt(
+    keccak256(
+      encodeAbiParameters(
+        [
+          { type: "uint256" },
+          { type: "address" },
+          { type: "address" },
+          { type: "address" },
+          { type: "address" }
+        ],
+        [saltNonce, deployer, permissionSigner, manager, feePolicy]
+      )
+    )
+  );
 }
 function computeSailSmaAddress(params) {
   const boundSalt = computeKernelBoundSalt(params);
@@ -37778,7 +37855,7 @@ function buildSetManagerExecTransaction(params) {
   return { to: params.safe, data };
 }
 
-// ../sdk/dist/discovery.js
+// ../sdk/src/discovery.ts
 var SAFE_TX_SERVICE_SLUGS = {
   1: "eth",
   100: "gno",
@@ -37806,7 +37883,7 @@ async function discoverSafesForOwner(owner2, chainId) {
   return data.safes ?? [];
 }
 
-// ../sdk/dist/fees.js
+// ../sdk/src/fees.ts
 function min(a, b) {
   return a < b ? a : b;
 }
@@ -37842,7 +37919,7 @@ async function estimatePermissionFee(publicClient, governance, permission) {
   }
 }
 
-// ../sdk/dist/intelligence.js
+// ../sdk/src/intelligence.ts
 var SAIL_INTELLIGENCE_BASE_URL = "https://api.sail.money";
 var SAIL_INTELLIGENCE_DOCS_URL = "https://api.sail.money/docs";
 
@@ -39907,11 +39984,29 @@ init_esm2();
 async function checkContractExists(pc, address) {
   try {
     const code = await pc.getCode({ address });
-    return { address, hasCode: !!code && code !== "0x" };
+    const hasCode = !!code && code !== "0x";
+    return { address, hasCode, bytecode: hasCode ? code : void 0 };
   } catch (err) {
     return { address, hasCode: false, error: err.message.split("\n")[0] };
   }
 }
+function checkSelectorRoutes(calldata, bytecode) {
+  if (calldata.length < 10) {
+    return { selector: "", routes: null, reason: "calldata shorter than 4 bytes \u2014 no selector" };
+  }
+  const selector = calldata.slice(2, 10).toLowerCase();
+  const body = bytecode.slice(2).toLowerCase();
+  if (body.length < 100) {
+    return { selector, routes: null, reason: "proxy or minimal contract \u2014 routing not determinable from bytecode" };
+  }
+  if (body.includes("360894a13ba1a321")) {
+    return { selector, routes: null, reason: "EIP-1967 proxy detected \u2014 routing is in the implementation contract" };
+  }
+  if (body.includes("a3f0ad74e5423aeb")) {
+    return { selector, routes: null, reason: "EIP-1967 beacon proxy detected \u2014 routing is in the beacon implementation" };
+  }
+  return { selector, routes: body.includes(selector) };
+}
 
 // src/lib/permission-resolver.ts
 var IPERMISSION_ABI = [
@@ -40783,14 +40878,48 @@ var MandateStore = class {
       (m) => m.address.toLowerCase() === needle || m.name === addressOrName
     );
   }
-  /** Append a newly deployed mandate (replacing any prior record at the same address). */
+  /**
+   * Append a newly deployed mandate (replacing any prior record at the same address).
+   * When another mandate with the same name already exists on the same chain, the
+   * incoming mandate's name is suffixed with `[2]`, `[3]`, … to keep names unique.
+   */
   add(mandate2) {
     const data = this.read();
     data.mandates = data.mandates.filter(
       (m) => m.address.toLowerCase() !== mandate2.address.toLowerCase()
     );
+    const baseName = mandate2.name;
+    const sameName = (m) => m.name === mandate2.name && m.chainId === mandate2.chainId;
+    if (data.mandates.some(sameName)) {
+      let n = 2;
+      while (data.mandates.some((m) => m.name === `${baseName}[${n}]` && m.chainId === mandate2.chainId)) {
+        n++;
+      }
+      mandate2 = { ...mandate2, name: `${baseName}[${n}]` };
+    }
     data.mandates.push(mandate2);
     this.write(data);
+    return mandate2;
+  }
+  /** Update mutable metadata fields on a tracked mandate (name, sourcePath, artifactPath). */
+  update(addressOrName, patch) {
+    const data = this.read();
+    const needle = addressOrName.toLowerCase();
+    const mandate2 = data.mandates.find(
+      (m) => m.address.toLowerCase() === needle || m.name === addressOrName
+    );
+    if (!mandate2) throw new Error(`No tracked mandate found for: ${addressOrName}`);
+    if (patch.name !== void 0 && patch.name !== mandate2.name) {
+      const conflict = data.mandates.find(
+        (m) => m.name === patch.name && m.chainId === mandate2.chainId && m.address.toLowerCase() !== mandate2.address.toLowerCase()
+      );
+      if (conflict) throw new Error(`Name "${patch.name}" is already used by ${conflict.address} on chain ${mandate2.chainId}`);
+      mandate2.name = patch.name;
+    }
+    if (patch.sourcePath !== void 0) mandate2.sourcePath = patch.sourcePath;
+    if (patch.artifactPath !== void 0) mandate2.artifactPath = patch.artifactPath;
+    this.write(data);
+    return mandate2;
   }
   /** Record that a tracked mandate was attached to an SMA. */
   recordAttachment(address, attachment) {
@@ -41405,7 +41534,18 @@ async function runDeploy(project, channel, options) {
     );
   }
   const { abi: abi2, bytecode, contractName, artifactPath } = resolveArtifact(options);
-  const args = coerceConstructorArgs(abi2, options.args);
+  let argsJson;
+  if (options.argsFile) {
+    const argsFilePath = (0, import_node_path9.resolve)(options.argsFile);
+    try {
+      argsJson = (0, import_node_fs10.readFileSync)(argsFilePath, "utf8").trim();
+    } catch {
+      throw new Error(`Cannot read --args-file: ${argsFilePath}`);
+    }
+  } else {
+    argsJson = options.args;
+  }
+  const args = coerceConstructorArgs(abi2, argsJson);
   const deployData = encodeDeployData({ abi: abi2, bytecode, args });
   const chainId = project.chainId;
   const publicClient = publicClientFor(project);
@@ -41428,7 +41568,10 @@ async function runDeploy(project, channel, options) {
     data: deployData,
     details: [
       { label: "Contract", value: contractName },
-      { label: "Constructor args", value: options.args ? options.args : "(none)" }
+      {
+        label: options.argsFile ? "Constructor args (from file)" : "Constructor args",
+        value: argsJson ? argsJson : "(none)"
+      }
     ]
   });
   if (response.status === "rejected") {
@@ -41454,13 +41597,13 @@ async function runDeploy(project, channel, options) {
     deployedAt: (/* @__PURE__ */ new Date()).toISOString()
   };
   const store = new MandateStore();
-  store.add(record);
-  say(() => console.log("Tracked in .sail/state/mandates.json"));
+  const stored = store.add(record);
+  say(() => console.log("Tracked in .sail/state/mandates.json" + (stored.name !== record.name ? ` as "${stored.name}"` : "")));
   appendActivity({
     ts: nowIso(),
     actor: "owner",
     type: "mandate_deployed",
-    name: record.name,
+    name: stored.name,
     address: deployed,
     txHash: response.txHash,
     chainId
@@ -41474,7 +41617,7 @@ async function runDeploy(project, channel, options) {
       publicClient,
       sma,
       deployed,
-      record.name,
+      stored.name,
       json
     );
     store.recordAttachment(deployed, { sma, txHash: attachTxHash });
@@ -41489,7 +41632,7 @@ Register it later with: sailor mandate attach --address ${deployed} --sma <SMA>`
   emit(json, () => {
   }, {
     status: "ok",
-    mandate: { name: record.name, address: deployed, txHash: response.txHash, chainId },
+    mandate: { name: stored.name, address: deployed, txHash: response.txHash, chainId },
     attached: options.attach ? { sma: getAddress(options.sma), txHash: attachTxHash } : null
   });
 }
@@ -41751,7 +41894,7 @@ Connect the owner wallet (mandate signer) in the browser \u2014 the agent wallet
   }
   say(() => console.log("\u2713", `Deployed + registered ${spec.label} at ${clone}`));
   const store = new MandateStore();
-  store.add({
+  const storedClone = store.add({
     name: label,
     address: clone,
     txHash,
@@ -41764,7 +41907,7 @@ Connect the owner wallet (mandate signer) in the browser \u2014 the agent wallet
     actor: "agent",
     type: "permission_registered",
     permission: clone,
-    name: label,
+    name: storedClone.name,
     sma,
     txHash,
     chainId: project.chainId
@@ -42085,6 +42228,21 @@ function mandateContractsList() {
     }
   }
 }
+function mandateUpdate(options) {
+  const { address, name, sourcePath, artifactPath, json } = options;
+  if (!name && !sourcePath && !artifactPath) {
+    throw new Error("Provide at least one of --name, --source-path, or --artifact-path");
+  }
+  const store = new MandateStore();
+  const updated = store.update(address, { name, sourcePath, artifactPath });
+  emit(!!json, () => {
+    const changes = [];
+    if (name) changes.push(`name \u2192 ${updated.name}`);
+    if (sourcePath) changes.push(`sourcePath \u2192 ${updated.sourcePath}`);
+    if (artifactPath) changes.push(`artifactPath \u2192 ${updated.artifactPath}`);
+    console.log(`Updated ${updated.address}: ${changes.join(", ")}`);
+  }, { status: "ok", mandate: updated });
+}
 function resolveArtifact(options) {
   let artifactPath = options.artifact;
   let contractName = options.contract ?? options.name ?? "";
@@ -42094,7 +42252,7 @@ function resolveArtifact(options) {
   }
   const resolved = (0, import_node_path9.resolve)(artifactPath);
   const projectRoot = (0, import_node_path9.resolve)(process.cwd());
-  if (!resolved.startsWith(projectRoot + "/") && resolved !== projectRoot) {
+  if (!resolved.startsWith(projectRoot + import_node_path9.sep) && resolved !== projectRoot) {
     throw new Error(
       `Artifact path must be inside the project directory.
 Resolved: ${resolved}`
@@ -42539,6 +42697,7 @@ async function mandateSimulate(options) {
         checkContractExists(pc, c.target)
       ]);
       const result = probe.accepted ? "pass" : "fail";
+      const selectorCheck = codeCheck.hasCode && codeCheck.bytecode ? checkSelectorRoutes(c.data, codeCheck.bytecode) : { selector: "", routes: null, reason: codeCheck.hasCode ? "bytecode unavailable" : void 0 };
       return {
         index: i,
         label: c.label,
@@ -42550,7 +42709,10 @@ async function mandateSimulate(options) {
         expect: c.expect ?? null,
         match: c.expect ? c.expect === result : null,
         targetHasCode: codeCheck.hasCode,
-        targetCheckError: codeCheck.error
+        targetCheckError: codeCheck.error,
+        selectorRoutes: selectorCheck.routes,
+        selector: selectorCheck.selector,
+        selectorRoutesReason: selectorCheck.reason
       };
     })
   );
@@ -42581,7 +42743,10 @@ async function mandateSimulate(options) {
         expect: r.expect,
         match: r.match,
         targetHasCode: r.targetHasCode,
-        targetCheckError: r.targetCheckError
+        targetCheckError: r.targetCheckError,
+        selector: r.selector,
+        selectorRoutes: r.selectorRoutes,
+        selectorRoutesReason: r.selectorRoutesReason
       })),
       mismatches: mismatches.length,
       noCodeTargets: noCodeTargets.map((r) => r.target),
@@ -42607,7 +42772,9 @@ async function mandateSimulate(options) {
     const expectStr = r.expect === null ? "" : r.match ? `  expected ${r.expect}  \u2713 MATCH` : `  expected ${r.expect}  \u2717 MISMATCH`;
     console.log(`[${r.index + 1}] ${verdict}  ${r.label}${expectStr}`);
     const codeNote = r.targetCheckError ? `\u26A0 could not verify contract code (${r.targetCheckError})` : r.targetHasCode ? "\u2713 contract present" : `\u26A0 NO contract code on chain ${chainId} \u2014 this call would fail on-chain regardless of the permission`;
+    const selectorNote = r.selectorRoutes === true ? `\u2713 selector 0x${r.selector} routes` : r.selectorRoutes === false ? `\u26A0 selector 0x${r.selector} NOT found in bytecode \u2014 call would likely revert with unknown selector` : r.selectorRoutesReason ? `~ selector check skipped (${r.selectorRoutesReason})` : null;
     console.log(`     target ${r.target}   ${codeNote}`);
+    if (selectorNote) console.log(`     ${selectorNote}`);
     if (r.reverted && r.revertReason) {
       console.log(`     evaluate() reverted: ${r.revertReason}`);
     }
@@ -43225,13 +43392,30 @@ function isProcessAlive(pid) {
 // src/commands/run.ts
 var DEFAULT_INTERVAL_SEC = 60;
 var sleep2 = (ms) => new Promise((resolve3) => setTimeout(resolve3, ms));
-var ERC20_BALANCE_ABI = [
+var ERC20_READ_ABI = [
   {
     type: "function",
     name: "balanceOf",
     stateMutability: "view",
     inputs: [{ name: "account", type: "address" }],
     outputs: [{ name: "", type: "uint256" }]
+  },
+  {
+    type: "function",
+    name: "allowance",
+    stateMutability: "view",
+    inputs: [
+      { name: "owner", type: "address" },
+      { name: "spender", type: "address" }
+    ],
+    outputs: [{ name: "", type: "uint256" }]
+  },
+  {
+    type: "function",
+    name: "decimals",
+    stateMutability: "view",
+    inputs: [],
+    outputs: [{ name: "", type: "uint8" }]
   }
 ];
 function loadAgentData(filePath) {
@@ -43251,7 +43435,8 @@ async function loadAgent() {
     let mod2;
     if (abs.endsWith(".ts")) {
       const { tsImport } = await import("tsx/esm/api");
-      mod2 = await tsImport(abs, (0, import_node_url.pathToFileURL)(abs).href);
+      const absUrl = (0, import_node_url.pathToFileURL)(abs).href;
+      mod2 = await tsImport(absUrl, absUrl);
     } else {
       mod2 = await import((0, import_node_url.pathToFileURL)(abs).href);
     }
@@ -43378,11 +43563,30 @@ Configure the chain in @sail/chains or set KERNEL_ADDRESS in .sail/.env.local.`
     }
     return publicClient.readContract({
       address: token,
-      abi: ERC20_BALANCE_ABI,
+      abi: ERC20_READ_ABI,
       functionName: "balanceOf",
       args: [accountAddr]
     });
   };
+  const readAllowance = (token, owner2, spender) => publicClient.readContract({
+    address: token,
+    abi: ERC20_READ_ABI,
+    functionName: "allowance",
+    args: [owner2, spender]
+  });
+  const decimalsCache = /* @__PURE__ */ new Map();
+  const readDecimals = async (token) => {
+    const key = getAddress(token);
+    const cached = decimalsCache.get(key);
+    if (cached !== void 0) return cached;
+    const d = await publicClient.readContract({
+      address: token,
+      abi: ERC20_READ_ABI,
+      functionName: "decimals"
+    });
+    decimalsCache.set(key, d);
+    return d;
+  };
   async function runTick() {
     appendActivity({ ts: nowIso(), actor: "agent", type: "tick_start" });
     let blockInfo = { number: 0n, timestamp: 0n };
@@ -43412,10 +43616,15 @@ Configure the chain in @sail/chains or set KERNEL_ADDRESS in .sail/.env.local.`
         dispatch: execClient.dispatch,
         strategy: execClient.strategy
       }),
+      publicClient,
       manager: agentManager,
       log,
       data: agentData,
-      read: { balance: readBalance }
+      read: {
+        balance: readBalance,
+        allowance: readAllowance,
+        decimals: readDecimals
+      }
     };
     let dispatches;
     try {
@@ -44040,7 +44249,7 @@ account.command("rotate-signer").description("Rotate the SMA's delegated signer
 var mandate = program2.command("mandate").description("Manage mandates");
 mandate.command("prepare").description("Prepare a mandate draft for review and signing in the UI (MetaMask)").action(action(mandatePrepare));
 mandate.command("sign").description("Review and confirm the permissions authorized for your SMA").option("--yes", "Skip the confirmation prompt (for non-interactive / CI use)").action(actionWith(mandateSign));
-mandate.command("deploy").description("Deploy a Foundry-compiled permission contract via the browser signing UI").option("--artifact <path>", "Path to the Foundry artifact JSON (out/<Name>.sol/<Name>.json)").option("--contract <name>", "Contract name; resolves to <out>/<name>.sol/<name>.json").option("--out <dir>", "Foundry output directory", "out").option("--name <label>", "Label to track this permission under (defaults to contract name)").option("--args <json>", `Constructor args as a JSON array, e.g. '[["0x.."],"1000"]'`).option("--build", "Run `forge build` before deploying").option("--attach", "After deploy, register the permission on --sma").option("--sma <address>", "SMA to register on (required with --attach)").option("--json", "Emit machine-readable JSON").action(actionWith(mandateDeploy));
+mandate.command("deploy").description("Deploy a Foundry-compiled permission contract via the browser signing UI").option("--artifact <path>", "Path to the Foundry artifact JSON (out/<Name>.sol/<Name>.json)").option("--contract <name>", "Contract name; resolves to <out>/<name>.sol/<name>.json").option("--out <dir>", "Foundry output directory", "out").option("--name <label>", "Label to track this permission under (defaults to contract name)").option("--args <json>", `Constructor args as JSON array. Bash: '["0x..","1"]'. PowerShell: '[\\"0x..\\",\\"1\\"]'. Use --args-file to avoid quoting.`).option("--args-file <path>", "Path to a JSON file containing constructor args array (recommended on PowerShell)").option("--build", "Run `forge build` before deploying").option("--attach", "After deploy, register the permission on --sma").option("--sma <address>", "SMA to register on (required with --attach)").option("--json", "Emit machine-readable JSON").action(actionWith(mandateDeploy));
 mandate.command("attach").description("Register an already-deployed permission on an SMA (EIP-712 RegisterPermission)").requiredOption("--address <mandateOrName>", "Permission address, or a name tracked locally").requiredOption("--sma <address>", "SMA to register the permission on").option("--label <label>", "Human-readable label shown in the signing UI").option("--json", "Emit machine-readable JSON").action(actionWith(mandateAttach));
 mandate.command("deploy-clone").description("Deploy + register a standalone clone permission (e.g. boundedApprove) via the signing UI").requiredOption("--template <key>", "Standalone clone template key (e.g. boundedApprove)").requiredOption("--sma <address>", "SMA to deploy the clone for and register it on").option("--tokens <csv>", "Comma-separated allowed token addresses").option("--spenders <csv>", "Comma-separated allowed spender addresses").option("--max <amount>", "Max amount per tx in base units (default: uint256 max)").option("--label <label>", "Human-readable label to track this permission under").option("--json", "Emit machine-readable JSON").action(actionWith(mandateDeployClone));
 mandate.command("revoke").description("Revoke permission(s) from an SMA (EIP-712 RevokePermissions, owner-authorized)").option("--address <permissionOrName>", "Permission address, or a name tracked locally").requiredOption("--sma <address>", "Safe (SMA) to revoke the permission(s) from").option("--all", "Revoke every permission currently registered on the SMA").option("--json", "Output JSON").action(actionWith(mandateRevoke));
@@ -44048,6 +44257,7 @@ mandate.command("templates").description("Show how to author your own permission
 mandate.command("simulate").description(
   "Probe a permission against sample calls off-chain (eth_call, NO gas) \u2014 prove it accepts the calls you want and rejects the ones you don't, before authorizing on-chain"
 ).requiredOption("--address <permissionOrName>", "Permission to probe (address or tracked name)").option("--sma <address>", "SMA to probe as (ctx.account; defaults to .sail/account.json)").option("--target <address>", "Inline single call: target contract address").option("--calldata <hex>", "Inline single call: 0x-prefixed calldata").option("--value <wei>", "Inline single call: ETH value in wei (default 0)").option("--expect <pass|fail>", "Inline single call: expected outcome (sets non-zero exit on mismatch)").option("--label <text>", "Inline single call: human-readable label").option("--calls <file>", "Batch: JSON array of { target, calldata, value?, expect?, label? }").option("--json", "Emit machine-readable JSON").action(actionWith(mandateSimulate));
+mandate.command("update").description("Update metadata for a tracked permission contract (rename, source path, artifact path)").requiredOption("--address <mandateOrName>", "Permission address or tracked name to update").option("--name <label>", "New tracking label (must be unique within the same chain)").option("--source-path <path>", "Update the relative path to the Solidity source file").option("--artifact-path <path>", "Update the relative path to the Foundry artifact JSON").option("--json", "Emit machine-readable JSON").action(actionWith(mandateUpdate));
 mandate.command("list").description("List permission contracts deployed from this project").action(action(async () => mandateContractsList()));
 program2.command("onboard").description("Set up an SMA, register a permission, confirm the agent is operational").option("--sma <address>", "Use a specific SMA address instead of prompting").option("--new-sma", "Create a new SMA via SailKernel").option("--salt <n>", "CREATE2 salt for deterministic Safe address (default: 0; use 0 for first SMA, increment for subsequent)").option("--template <kindOrAddress>", "Register this permission contract (kind, label, or address)").option("--skip-mandate", "Skip the permission registration step").option("--json", "Emit machine-readable JSON (implies non-interactive)").action(actionWith(onboard));
 var station = program2.command("station").description("Manage the persistent signing station (browser signing daemon)");