@dev.sail.money/sailor 0.0.2-31 → 0.1.0-local

package/templates/default/tsconfig.json

@@ -1,17 +1,17 @@
-{
-  "compilerOptions": {
-    "strict": true,
-    "target": "ES2022",
-    "module": "NodeNext",
-    "moduleResolution": "NodeNext",
-    "esModuleInterop": true,
-    "skipLibCheck": true,
-    "resolveJsonModule": true,
-    "noEmit": true,
-    "baseUrl": ".",
-    "paths": {
-      "@sail.money/sailor/sdk": ["../../packages/sdk/src/index.ts"]
-    }
-  },
-  "include": ["src"]
-}
+{
+  "compilerOptions": {
+    "strict": true,
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "resolveJsonModule": true,
+    "noEmit": true,
+    "baseUrl": ".",
+    "paths": {
+      "@sail.money/sailor/sdk": ["../../packages/sdk/src/index.ts"]
+    }
+  },
+  "include": ["src"]
+}

package/templates/default/ui/README.md

@@ -1,3 +1,3 @@
-# UI
-
-Vite + React UI lands in the next prompt.
+# UI
+
+Vite + React UI lands in the next prompt.

package/templates/lifi-permissions/LifiBoundedApprovePermissionCloneable.sol

@@ -1,84 +1,84 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
-
-import {IPermission, Context} from "../../.sail/contracts/interfaces/IPermission.sol";
-import {CloneInitializable} from "../../.sail/contracts/templates/base/CloneInitializable.sol";
-
-/// @title  LifiBoundedApprovePermissionCloneable
-/// @notice EIP-1167 clone-template approval permission with PER-TOKEN caps. The
-///         logic contract is deployed once and registered in the SDK's
-///         standaloneTemplates; each account clones it via
-///         PermissionFactory.deployAndAttach and configures via initialize().
-///
-///         The manager may ONLY approve the LiFi Diamond, and only on tokens that
-///         have a configured cap, up to that token's cap. Passes through any
-///         non-approve call (conjunctive model).
-///
-///         Caps are PER TOKEN (not one global cap) because token value and decimals
-///         differ — e.g. 1 DAI = 1e18 base units vs 1 USDC = 1e6. A single cap can't
-///         bound both sensibly.
-contract LifiBoundedApprovePermissionCloneable is IPermission, CloneInitializable {
-    bytes4 private constant APPROVE = 0x095ea7b3;
-    address public constant LIFI_DIAMOND = 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE;
-
-    // Per-token approve cap, in the token's base units. 0 = token not allowed.
-    // A mapping occupies its own slot pointer and does not pack with the
-    // CloneInitializable `_initialized` bool at slot 0.
-    mapping(address token => uint256 cap) public maxApprovePerToken;
-    address public permissionSigner;
-
-    error NotPermissionSigner();
-    error ZeroAddress();
-    error LengthMismatch();
-
-    modifier onlyPermissionSigner() {
-        if (msg.sender != permissionSigner) revert NotPermissionSigner();
-        _;
-    }
-
-    /// @dev Lock the logic contract; only clones (fresh storage) can be initialized.
-    constructor() {
-        _disableInitializers();
-    }
-
-    /// @notice One-time per-clone configuration.
-    /// @param tokens            Tokens the manager may approve to the LiFi Diamond.
-    /// @param caps              Per-token cap (token base units); index-aligned with `tokens`.
-    /// @param _permissionSigner Owner wallet; sole authority for post-init updates.
-    function initialize(
-        address[] memory tokens,
-        uint256[] memory caps,
-        address _permissionSigner
-    ) external initializer {
-        if (_permissionSigner == address(0)) revert ZeroAddress();
-        if (tokens.length != caps.length) revert LengthMismatch();
-        permissionSigner = _permissionSigner;
-        for (uint256 i; i < tokens.length; i++) {
-            maxApprovePerToken[tokens[i]] = caps[i];
-        }
-    }
-
-    /// @notice Set (cap > 0) or clear (cap == 0) a token's per-tx approve cap.
-    function setTokenCap(address token, uint256 cap) external onlyPermissionSigner {
-        maxApprovePerToken[token] = cap;
-    }
-
-    function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
-        // Pass through calls outside this permission's domain (conjunctive model).
-        if (ctx.selector != APPROVE) return true;
-        if (ctx.target == address(0)) return false; // token is ctx.target
-        if (txData.length < 68) return false;
-
-        (address spender, uint256 amount) = abi.decode(txData[4:], (address, uint256));
-        if (spender != LIFI_DIAMOND) return false;
-
-        uint256 cap = maxApprovePerToken[ctx.target];
-        if (cap == 0) return false; // token not allowed
-        if (amount > cap) return false; // over the per-token cap
-        return true;
-    }
-
-    function discriminator() external pure returns (bytes32) {
-        return keccak256("LifiBoundedApprovePermissionCloneable.v1");
-    }
-}
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.26;
+
+import {IPermission, Context} from "../../.sail/contracts/interfaces/IPermission.sol";
+import {CloneInitializable} from "../../.sail/contracts/templates/base/CloneInitializable.sol";
+
+/// @title  LifiBoundedApprovePermissionCloneable
+/// @notice EIP-1167 clone-template approval permission with PER-TOKEN caps. The
+///         logic contract is deployed once and registered in the SDK's
+///         standaloneTemplates; each account clones it via
+///         PermissionFactory.deployAndAttach and configures via initialize().
+///
+///         The manager may ONLY approve the LiFi Diamond, and only on tokens that
+///         have a configured cap, up to that token's cap. Passes through any
+///         non-approve call (conjunctive model).
+///
+///         Caps are PER TOKEN (not one global cap) because token value and decimals
+///         differ — e.g. 1 DAI = 1e18 base units vs 1 USDC = 1e6. A single cap can't
+///         bound both sensibly.
+contract LifiBoundedApprovePermissionCloneable is IPermission, CloneInitializable {
+    bytes4 private constant APPROVE = 0x095ea7b3;
+    address public constant LIFI_DIAMOND = 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE;
+
+    // Per-token approve cap, in the token's base units. 0 = token not allowed.
+    // A mapping occupies its own slot pointer and does not pack with the
+    // CloneInitializable `_initialized` bool at slot 0.
+    mapping(address token => uint256 cap) public maxApprovePerToken;
+    address public permissionSigner;
+
+    error NotPermissionSigner();
+    error ZeroAddress();
+    error LengthMismatch();
+
+    modifier onlyPermissionSigner() {
+        if (msg.sender != permissionSigner) revert NotPermissionSigner();
+        _;
+    }
+
+    /// @dev Lock the logic contract; only clones (fresh storage) can be initialized.
+    constructor() {
+        _disableInitializers();
+    }
+
+    /// @notice One-time per-clone configuration.
+    /// @param tokens            Tokens the manager may approve to the LiFi Diamond.
+    /// @param caps              Per-token cap (token base units); index-aligned with `tokens`.
+    /// @param _permissionSigner Owner wallet; sole authority for post-init updates.
+    function initialize(
+        address[] memory tokens,
+        uint256[] memory caps,
+        address _permissionSigner
+    ) external initializer {
+        if (_permissionSigner == address(0)) revert ZeroAddress();
+        if (tokens.length != caps.length) revert LengthMismatch();
+        permissionSigner = _permissionSigner;
+        for (uint256 i; i < tokens.length; i++) {
+            maxApprovePerToken[tokens[i]] = caps[i];
+        }
+    }
+
+    /// @notice Set (cap > 0) or clear (cap == 0) a token's per-tx approve cap.
+    function setTokenCap(address token, uint256 cap) external onlyPermissionSigner {
+        maxApprovePerToken[token] = cap;
+    }
+
+    function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
+        // Pass through calls outside this permission's domain (conjunctive model).
+        if (ctx.selector != APPROVE) return true;
+        if (ctx.target == address(0)) return false; // token is ctx.target
+        if (txData.length < 68) return false;
+
+        (address spender, uint256 amount) = abi.decode(txData[4:], (address, uint256));
+        if (spender != LIFI_DIAMOND) return false;
+
+        uint256 cap = maxApprovePerToken[ctx.target];
+        if (cap == 0) return false; // token not allowed
+        if (amount > cap) return false; // over the per-token cap
+        return true;
+    }
+
+    function discriminator() external pure returns (bytes32) {
+        return keccak256("LifiBoundedApprovePermissionCloneable.v1");
+    }
+}

package/templates/lifi-permissions/LifiDiamondSwapPermissionCloneable.sol

@@ -1,97 +1,97 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
-
-import {IPermission, Context} from "../../.sail/contracts/interfaces/IPermission.sol";
-import {CloneInitializable} from "../../.sail/contracts/templates/base/CloneInitializable.sol";
-
-/// @title  LifiDiamondSwapPermissionCloneable
-/// @notice EIP-1167 clone-template version of LifiDiamondSwapPermission. The logic
-///         contract is deployed once and registered in the SDK's standaloneTemplates;
-///         each account gets its own clone via PermissionFactory.deployAndAttach,
-///         configured through initialize() (NOT the constructor).
-///
-///         Restricts manager-initiated swaps to the official LiFi Diamond on Base:
-///          - target must be the LiFi Diamond,
-///          - selector must be allowlisted,
-///          - receiver embedded in the calldata must equal ctx.account (the SMA),
-///          - the minAmount field must not exceed the configured cap.
-///         Passes through any call whose target is not the diamond (conjunctive model).
-///
-///         Calldata layout (validated against live Base quotes):
-///          selector(4) + word0(32) + word1(32) + word2(32) + receiver(32) + minAmount(32)
-///          → receiver at offset 100, minAmount at offset 132.
-contract LifiDiamondSwapPermissionCloneable is IPermission, CloneInitializable {
-    // Official LiFi Diamond on Base Mainnet.
-    address public constant LIFI_DIAMOND = 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE;
-
-    // Storage starts after CloneInitializable's `_initialized` bool (slot 0). A
-    // mapping occupies its own slot pointer and does not pack with the bool.
-    mapping(bytes4 selector => bool) public isAllowedSelector;
-    uint256 public maxMinAmountPerTx;
-    address public permissionSigner;
-
-    error NotPermissionSigner();
-    error ZeroAddress();
-
-    modifier onlyPermissionSigner() {
-        if (msg.sender != permissionSigner) revert NotPermissionSigner();
-        _;
-    }
-
-    /// @dev Lock the logic contract; only clones (fresh storage) can be initialized.
-    constructor() {
-        _disableInitializers();
-    }
-
-    /// @notice One-time per-clone configuration.
-    /// @param allowedSelectors   LiFi Diamond selectors to allowlist on init.
-    /// @param _maxMinAmountPerTx Cap on the minAmount field (type(uint256).max = uncapped).
-    /// @param _permissionSigner  Owner wallet; sole authority for post-init updates.
-    function initialize(
-        bytes4[] memory allowedSelectors,
-        uint256 _maxMinAmountPerTx,
-        address _permissionSigner
-    ) external initializer {
-        if (_permissionSigner == address(0)) revert ZeroAddress();
-        maxMinAmountPerTx = _maxMinAmountPerTx;
-        permissionSigner = _permissionSigner;
-        for (uint256 i; i < allowedSelectors.length; i++) {
-            isAllowedSelector[allowedSelectors[i]] = true;
-        }
-    }
-
-    function setMaxMinAmountPerTx(uint256 newMax) external onlyPermissionSigner {
-        maxMinAmountPerTx = newMax;
-    }
-
-    /// @notice Add a LiFi selector. Only after verifying its calldata places
-    ///         `receiver` at offset 100 and `minAmount` at offset 132.
-    function addSelector(bytes4 selector) external onlyPermissionSigner {
-        isAllowedSelector[selector] = true;
-    }
-
-    function removeSelector(bytes4 selector) external onlyPermissionSigner {
-        isAllowedSelector[selector] = false;
-    }
-
-    uint256 private constant RECEIVER_OFFSET = 100;
-    uint256 private constant MIN_DATA_LEN = 164;
-
-    function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
-        // Pass through calls outside this permission's domain (conjunctive model).
-        if (ctx.target != LIFI_DIAMOND) return true;
-        if (!isAllowedSelector[ctx.selector]) return false;
-        if (txData.length < MIN_DATA_LEN) return false;
-
-        address receiver = abi.decode(txData[RECEIVER_OFFSET:RECEIVER_OFFSET + 32], (address));
-        uint256 minAmount = abi.decode(txData[RECEIVER_OFFSET + 32:RECEIVER_OFFSET + 64], (uint256));
-
-        if (receiver != ctx.account) return false;
-        if (minAmount > maxMinAmountPerTx) return false;
-        return true;
-    }
-
-    function discriminator() external pure returns (bytes32) {
-        return keccak256("LifiDiamondSwapPermissionCloneable.v1");
-    }
-}
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.26;
+
+import {IPermission, Context} from "../../.sail/contracts/interfaces/IPermission.sol";
+import {CloneInitializable} from "../../.sail/contracts/templates/base/CloneInitializable.sol";
+
+/// @title  LifiDiamondSwapPermissionCloneable
+/// @notice EIP-1167 clone-template version of LifiDiamondSwapPermission. The logic
+///         contract is deployed once and registered in the SDK's standaloneTemplates;
+///         each account gets its own clone via PermissionFactory.deployAndAttach,
+///         configured through initialize() (NOT the constructor).
+///
+///         Restricts manager-initiated swaps to the official LiFi Diamond on Base:
+///          - target must be the LiFi Diamond,
+///          - selector must be allowlisted,
+///          - receiver embedded in the calldata must equal ctx.account (the SMA),
+///          - the minAmount field must not exceed the configured cap.
+///         Passes through any call whose target is not the diamond (conjunctive model).
+///
+///         Calldata layout (validated against live Base quotes):
+///          selector(4) + word0(32) + word1(32) + word2(32) + receiver(32) + minAmount(32)
+///          → receiver at offset 100, minAmount at offset 132.
+contract LifiDiamondSwapPermissionCloneable is IPermission, CloneInitializable {
+    // Official LiFi Diamond on Base Mainnet.
+    address public constant LIFI_DIAMOND = 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE;
+
+    // Storage starts after CloneInitializable's `_initialized` bool (slot 0). A
+    // mapping occupies its own slot pointer and does not pack with the bool.
+    mapping(bytes4 selector => bool) public isAllowedSelector;
+    uint256 public maxMinAmountPerTx;
+    address public permissionSigner;
+
+    error NotPermissionSigner();
+    error ZeroAddress();
+
+    modifier onlyPermissionSigner() {
+        if (msg.sender != permissionSigner) revert NotPermissionSigner();
+        _;
+    }
+
+    /// @dev Lock the logic contract; only clones (fresh storage) can be initialized.
+    constructor() {
+        _disableInitializers();
+    }
+
+    /// @notice One-time per-clone configuration.
+    /// @param allowedSelectors   LiFi Diamond selectors to allowlist on init.
+    /// @param _maxMinAmountPerTx Cap on the minAmount field (type(uint256).max = uncapped).
+    /// @param _permissionSigner  Owner wallet; sole authority for post-init updates.
+    function initialize(
+        bytes4[] memory allowedSelectors,
+        uint256 _maxMinAmountPerTx,
+        address _permissionSigner
+    ) external initializer {
+        if (_permissionSigner == address(0)) revert ZeroAddress();
+        maxMinAmountPerTx = _maxMinAmountPerTx;
+        permissionSigner = _permissionSigner;
+        for (uint256 i; i < allowedSelectors.length; i++) {
+            isAllowedSelector[allowedSelectors[i]] = true;
+        }
+    }
+
+    function setMaxMinAmountPerTx(uint256 newMax) external onlyPermissionSigner {
+        maxMinAmountPerTx = newMax;
+    }
+
+    /// @notice Add a LiFi selector. Only after verifying its calldata places
+    ///         `receiver` at offset 100 and `minAmount` at offset 132.
+    function addSelector(bytes4 selector) external onlyPermissionSigner {
+        isAllowedSelector[selector] = true;
+    }
+
+    function removeSelector(bytes4 selector) external onlyPermissionSigner {
+        isAllowedSelector[selector] = false;
+    }
+
+    uint256 private constant RECEIVER_OFFSET = 100;
+    uint256 private constant MIN_DATA_LEN = 164;
+
+    function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
+        // Pass through calls outside this permission's domain (conjunctive model).
+        if (ctx.target != LIFI_DIAMOND) return true;
+        if (!isAllowedSelector[ctx.selector]) return false;
+        if (txData.length < MIN_DATA_LEN) return false;
+
+        address receiver = abi.decode(txData[RECEIVER_OFFSET:RECEIVER_OFFSET + 32], (address));
+        uint256 minAmount = abi.decode(txData[RECEIVER_OFFSET + 32:RECEIVER_OFFSET + 64], (uint256));
+
+        if (receiver != ctx.account) return false;
+        if (minAmount > maxMinAmountPerTx) return false;
+        return true;
+    }
+
+    function discriminator() external pure returns (bytes32) {
+        return keccak256("LifiDiamondSwapPermissionCloneable.v1");
+    }
+}

package/templates/lifi-permissions/README.md

@@ -1,53 +1,53 @@
-# LiFi clone-permission templates
-
-Canonical source (for reference) of the EIP-1167 **clone** permission templates
-used for LiFi-based swaps/DCA. The logic contracts are deployed once per chain and
-registered in the SDK deployment registry
-(`packages/sdk/src/deployments.ts` → `standaloneTemplates` / `cloneTemplates`).
-Each account gets its own clone via `PermissionFactory.deployAndAttach`, configured
-through `initialize()` (never the constructor).
-
-These follow the `CloneInitializable` pattern: the constructor calls
-`_disableInitializers()` to permanently lock the logic contract, and a one-time
-`initialize()` (guarded by the `initializer` modifier) configures each clone.
-
-> The `import` paths reference `../../.sail/contracts/{interfaces,templates/base}`
-> from the Foundry project they were built in
-> (`tests/base-mainnet-agent-01/`). This folder is **reference source** — sailor has
-> no Foundry build. Build/deploy happens in that project via
-> `scripts/deploy-clone-templates.ts`.
-
-> **Note:** The kernels bundled in `@sail.money/sailor/sdk` (Base, Base Sepolia, Arbitrum, Unichain) now all run the **selective** dispatch model — verified on-chain against each kernel's `DISPATCH_TYPEHASH`. These templates were written for the older conjunctive model and include pass-through logic (`return true` for calls outside their domain) that is not required on selective kernels. Review before deploying against a selective kernel; the pass-through logic is harmless but unnecessary.
-
-## Contracts
-
-### LifiDiamondSwapPermissionCloneable → `boundedLiFi`
-Restricts manager swaps to the official LiFi Diamond:
-target == diamond, selector allowlisted, embedded receiver == `ctx.account`,
-`minAmount <= maxMinAmountPerTx`. Passes through any call whose target is not the
-diamond (conjunctive-kernel rule).
-
-`initialize(bytes4[] allowedSelectors, uint256 maxMinAmountPerTx, address permissionSigner)`
-
-### LifiBoundedApprovePermissionCloneable → `boundedApprove`
-Approve only the LiFi Diamond, only on tokens with a configured cap, up to that
-cap. **Per-token caps** (`mapping(token => cap)`) because token value/decimals
-differ (1 DAI = 1e18 vs 1 USDC = 1e6). Passes through non-approve calls.
-
-`initialize(address[] tokens, uint256[] caps, address permissionSigner)`
-
-## Deployed logic addresses
-
-| Template | Chain | Address |
-|---|---|---|
-| boundedLiFi | Base mainnet (8453) | `0xF1abcF774250fD1A8147B56DA07Bf9021064650A` |
-| boundedApprove | Base mainnet (8453) | `0x9c0b86daf9e75d759a5D165aD7366e52b3353fD8` |
-
-Both verified `initialized() == true` (logic locked) post-deploy.
-
-## Conjunctive-kernel note
-
-Both Base kernels use the **conjunctive** dispatch model: every registered
-permission is evaluated and ALL must return true. So a permission MUST pass through
-calls outside its own domain (return `true`), or it bricks unrelated dispatches.
-Both templates above do this.
+# LiFi clone-permission templates
+
+Canonical source (for reference) of the EIP-1167 **clone** permission templates
+used for LiFi-based swaps/DCA. The logic contracts are deployed once per chain and
+registered in the SDK deployment registry
+(`packages/sdk/src/deployments.ts` → `standaloneTemplates` / `cloneTemplates`).
+Each account gets its own clone via `PermissionFactory.deployAndAttach`, configured
+through `initialize()` (never the constructor).
+
+These follow the `CloneInitializable` pattern: the constructor calls
+`_disableInitializers()` to permanently lock the logic contract, and a one-time
+`initialize()` (guarded by the `initializer` modifier) configures each clone.
+
+> The `import` paths reference `../../.sail/contracts/{interfaces,templates/base}`
+> from the Foundry project they were built in
+> (`tests/base-mainnet-agent-01/`). This folder is **reference source** — sailor has
+> no Foundry build. Build/deploy happens in that project via
+> `scripts/deploy-clone-templates.ts`.
+
+> **Note:** The kernels bundled in `@sail.money/sailor/sdk` (Base, Base Sepolia, Arbitrum, Unichain) now all run the **selective** dispatch model — verified on-chain against each kernel's `DISPATCH_TYPEHASH`. These templates were written for the older conjunctive model and include pass-through logic (`return true` for calls outside their domain) that is not required on selective kernels. Review before deploying against a selective kernel; the pass-through logic is harmless but unnecessary.
+
+## Contracts
+
+### LifiDiamondSwapPermissionCloneable → `boundedLiFi`
+Restricts manager swaps to the official LiFi Diamond:
+target == diamond, selector allowlisted, embedded receiver == `ctx.account`,
+`minAmount <= maxMinAmountPerTx`. Passes through any call whose target is not the
+diamond (conjunctive-kernel rule).
+
+`initialize(bytes4[] allowedSelectors, uint256 maxMinAmountPerTx, address permissionSigner)`
+
+### LifiBoundedApprovePermissionCloneable → `boundedApprove`
+Approve only the LiFi Diamond, only on tokens with a configured cap, up to that
+cap. **Per-token caps** (`mapping(token => cap)`) because token value/decimals
+differ (1 DAI = 1e18 vs 1 USDC = 1e6). Passes through non-approve calls.
+
+`initialize(address[] tokens, uint256[] caps, address permissionSigner)`
+
+## Deployed logic addresses
+
+| Template | Chain | Address |
+|---|---|---|
+| boundedLiFi | Base mainnet (8453) | `0xF1abcF774250fD1A8147B56DA07Bf9021064650A` |
+| boundedApprove | Base mainnet (8453) | `0x9c0b86daf9e75d759a5D165aD7366e52b3353fD8` |
+
+Both verified `initialized() == true` (logic locked) post-deploy.
+
+## Conjunctive-kernel note
+
+Both Base kernels use the **conjunctive** dispatch model: every registered
+permission is evaluated and ALL must return true. So a permission MUST pass through
+calls outside its own domain (return `true`), or it bricks unrelated dispatches.
+Both templates above do this.

package/packages/ui/dist/assets/cursor-0ZcCqvYy.js

@@ -1,3 +0,0 @@
-import{F as o}from"./core-CuWvvvu4.js";import"./index-BzT0MJhc.js";import"./events-DKTfpIHs.js";import"./index.es-wlYgJouQ.js";import"./fallback-DHv3hSPW.js";const l=o` <svg fill="none" viewBox="0 0 13 4">
-  <path fill="currentColor" d="M.5 0h12L8.9 3.13a3.76 3.76 0 0 1-4.8 0L.5 0Z" />
-</svg>`;export{l as cursorSvg};