npm - @dev.sail.money/sailor - Versions diffs - 0.0.2 → 0.1.0-local - Mend

@dev.sail.money/sailor 0.0.2 → 0.1.0-local

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (211) hide show

package/examples/permissions/BoundedSupply_AaveV3_Arbitrum.sol ADDED Viewed

@@ -0,0 +1,82 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.26;
+// ─────────────────────────────────────────────────────────────────────────────
+// Protocol : Aave V3
+// Version  : Pool (proxy) — fully on-chain, oracle-based accounting
+// Chain    : Arbitrum mainnet (42161)
+// Target   : Aave V3 Pool  0x794a61358D6845594F94dc1DB02A252b5b4814aD  (verified on Arbiscan;
+//            same Pool as BoundedBorrow_AaveV3_Arbitrum — supply 0x617ba037 confirmed present
+//            in the live implementation 0xf05fd3cc...)
+//
+// ENFORCES ON-CHAIN (kernel calls evaluate() on every dispatch; false ⇒ dispatch blocked):
+//   supply(address asset,uint256 amount,address onBehalfOf,uint16 referralCode)  selector 0x617ba037
+//     • target must be AAVE_POOL
+//     • asset must be in ALLOWED_ASSETS
+//     • amount ≤ MAX_SUPPLY_AMOUNT
+//     • onBehalfOf must equal ctx.account (the SMA — collateral is credited to the SMA, not
+//       to another account)
+//
+// AGENT-ENFORCED / NOT BOUNDED HERE (off-chain — can change without redeploying this contract):
+//   • referralCode (informational only, does not affect fund safety)
+//   • Supply timing / cadence and choice of asset within ALLOWED_ASSETS
+//   • Withdrawal: not gated here (add a withdraw(asset,amount,to) permission with to==SMA if needed)
+//   • A supply also needs a prior ERC-20 approve of the Pool — gate that separately
+//     (see BoundedApproveAndCallBatch.sol for the atomic approve→call→reset pattern).
+//
+// VERIFY BEFORE USE:
+//   • Selector 0x617ba037 = supply(address,uint256,address,uint16) — verified via `cast sig`
+//     and confirmed present in the deployed Pool implementation on Arbitrum.
+//   • This is the canonical Aave V3 Pool.supply. (V3.x also exposes supplyWithPermit — not
+//     gated here; add it if your agent supplies via EIP-2612 permits.)
+//   • MAX_SUPPLY_AMOUNT is in the asset's base units (e.g. USDC = 6 decimals).
+// ─────────────────────────────────────────────────────────────────────────────
+import {IPermission, Context} from "@sail/interfaces/IPermission.sol";
+import {SailCalldata} from "./SailCalldata.sol";
+contract BoundedSupply_AaveV3_Arbitrum is IPermission {
+    bytes32 private constant DISCRIMINATOR = keccak256("BoundedSupply_AaveV3_Arbitrum");
+    address public immutable AAVE_POOL;
+    mapping(address => bool) public isAllowedAsset;
+    uint256 public immutable MAX_SUPPLY_AMOUNT;
+    // supply(address,uint256,address,uint16) — verified 0x617ba037
+    bytes4 private constant SEL_SUPPLY = 0x617ba037;
+    /// @param aavePool         Aave V3 Pool proxy address
+    /// @param allowedAssets    Assets the agent may supply (must be non-empty)
+    /// @param maxSupplyAmount  Per-call supply cap in asset base units (must be > 0)
+    constructor(address aavePool, address[] memory allowedAssets, uint256 maxSupplyAmount) {
+        require(aavePool != address(0),      "zero pool address");
+        require(allowedAssets.length > 0,    "empty asset allowlist");
+        require(maxSupplyAmount > 0,         "zero supply cap");
+        AAVE_POOL        = aavePool;
+        MAX_SUPPLY_AMOUNT = maxSupplyAmount;
+        for (uint256 i = 0; i < allowedAssets.length; i++) {
+            require(allowedAssets[i] != address(0), "zero asset address");
+            isAllowedAsset[allowedAssets[i]] = true;
+        }
+    }
+    function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
+        if (ctx.target != AAVE_POOL)    return false;
+        if (ctx.selector != SEL_SUPPLY) return false;
+        // supply(address asset, uint256 amount, address onBehalfOf, uint16 referralCode)
+        if (!SailCalldata.hasParams(txData, 4)) return false;
+        address asset      = SailCalldata.asAddress(txData, 0);
+        uint256 amount     = SailCalldata.asUint256(txData, 1);
+        address onBehalfOf = SailCalldata.asAddress(txData, 2);
+        // slot 3 = referralCode (uint16) — informational, not bounded
+        if (!isAllowedAsset[asset])       return false;
+        if (amount > MAX_SUPPLY_AMOUNT)   return false;
+        if (onBehalfOf != ctx.account)    return false; // collateral credited only to the SMA
+        return true;
+    }
+    function discriminator() external pure returns (bytes32) { return DISCRIMINATOR; }
+}

package/examples/permissions/BoundedSwap_UniswapV3_Base.sol CHANGED Viewed

@@ -1,113 +1,116 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
-// ─────────────────────────────────────────────────────────────────────────────
-// Protocol : Uniswap V3
-// Version  : SwapRouter02 (NOT the older SwapRouter — different selectors)
-// Chain    : Base mainnet
-// Target   : SwapRouter02  0x2626664c2603336E57B271c5C0b26F421741e481
-//
-// ENFORCED ON-CHAIN (via kernel evaluate() on every dispatch):
-//   exactInputSingle path (selector 0x04e45aaf):
-//     • target must be SWAP_ROUTER
-//     • tokenIn  must equal FIXED_TOKEN_IN
-//     • tokenOut must be in ALLOWED_TOKENS_OUT
-//     • amountIn ≤ MAX_AMOUNT_IN
-//     • amountOutMinimum ≥ amountIn × MIN_BPS / 10 000  (slippage floor)
-//   approve path (selector 0x095ea7b3):
-//     • target must be FIXED_TOKEN_IN (the ERC-20 being approved)
-//     • spender must be SWAP_ROUTER
-//     • amount  ≤ MAX_AMOUNT_IN
-//
-// NOT ENFORCED (agent code — can change without a new contract):
-//   • fee tier, sqrtPriceLimitX96, recipient address
-//   • swap frequency / cadence
-//
-// VERIFY BEFORE USE:
-//   • Confirm SwapRouter02 address on your chain (Base default shown above).
-//   • Selector 0x04e45aaf = exactInputSingle((address,address,uint24,address,uint256,uint256,uint160))
-//     on SwapRouter02. The older SwapRouter uses a different selector (0x414577b7).
-//   • Confirm that amountOutMinimum slippage floor fits your price-impact expectations for the
-//     chosen pool. Large amountIn values may trigger price impact beyond MIN_BPS.
-// ─────────────────────────────────────────────────────────────────────────────
-import {IPermission, Context} from "@sail/interfaces/IPermission.sol";
-contract BoundedSwap_UniswapV3_Base is IPermission {
-    bytes32 private constant DISCRIMINATOR = keccak256("BoundedSwap_UniswapV3_Base");
-    address public immutable SWAP_ROUTER;
-    address public immutable FIXED_TOKEN_IN;
-    mapping(address => bool) public isAllowedTokenOut;
-    uint256 public immutable MAX_AMOUNT_IN;
-    /// @dev Slippage floor in basis points. 9 900 = allow at most 1% slippage.
-    uint256 public immutable MIN_BPS;
-    bytes4 private constant SEL_EXACT_INPUT_SINGLE = 0x04e45aaf;
-    bytes4 private constant SEL_APPROVE            = 0x095ea7b3;
-    struct ExactInputSingleParams {
-        address tokenIn;
-        address tokenOut;
-        uint24  fee;
-        address recipient;
-        uint256 amountIn;
-        uint256 amountOutMinimum;
-        uint160 sqrtPriceLimitX96;
-    }
-    /// @param swapRouter      SwapRouter02 address (0x2626... on Base)
-    /// @param fixedTokenIn    The one token the agent is allowed to sell
-    /// @param allowedTokensOut  Tokens the agent may receive
-    /// @param maxAmountIn     Per-call spend cap in fixedTokenIn base units
-    /// @param minBps          Minimum amountOutMinimum as fraction of amountIn ×10 000
-    ///                        e.g. 9900 → require amountOutMinimum ≥ 99% of amountIn
-    ///                        (denominated in fixedTokenIn units, not USD — set per your pair)
-    constructor(
-        address swapRouter,
-        address fixedTokenIn,
-        address[] memory allowedTokensOut,
-        uint256 maxAmountIn,
-        uint256 minBps
-    ) {
-        require(minBps <= 10_000, "minBps > 10000");
-        SWAP_ROUTER    = swapRouter;
-        FIXED_TOKEN_IN = fixedTokenIn;
-        MAX_AMOUNT_IN  = maxAmountIn;
-        MIN_BPS        = minBps;
-        for (uint256 i = 0; i < allowedTokensOut.length; i++) {
-            isAllowedTokenOut[allowedTokensOut[i]] = true;
-        }
-    }
-    function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
-        if (txData.length < 4) return false;
-        // exactInputSingle: agent swaps FIXED_TOKEN_IN for an allowed output token
-        if (ctx.target == SWAP_ROUTER && ctx.selector == SEL_EXACT_INPUT_SINGLE) {
-            if (txData.length < 4 + 7 * 32) return false;
-            ExactInputSingleParams memory p = abi.decode(txData[4:], (ExactInputSingleParams));
-            if (p.tokenIn != FIXED_TOKEN_IN)         return false;
-            if (!isAllowedTokenOut[p.tokenOut])      return false;
-            if (p.amountIn > MAX_AMOUNT_IN)          return false;
-            // Slippage floor: require amountOutMinimum ≥ amountIn * MIN_BPS / 10 000.
-            // This is not a USD check — it's a ratio check in tokenIn units.
-            // For a USDC→WETH swap, set MIN_BPS conservatively (e.g. 9 900 for 1% slippage).
-            if (p.amountOutMinimum < (p.amountIn * MIN_BPS) / 10_000) return false;
-            return true;
-        }
-        // approve: agent approves the router to spend FIXED_TOKEN_IN
-        if (ctx.target == FIXED_TOKEN_IN && ctx.selector == SEL_APPROVE) {
-            if (txData.length < 4 + 2 * 32) return false;
-            (address spender, uint256 amount) = abi.decode(txData[4:], (address, uint256));
-            if (spender != SWAP_ROUTER)  return false;
-            if (amount > MAX_AMOUNT_IN)  return false;
-            return true;
-        }
-        return false;
-    }
-    function discriminator() external pure returns (bytes32) { return DISCRIMINATOR; }
-}
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.26;
+// ─────────────────────────────────────────────────────────────────────────────
+// Protocol : Uniswap V3
+// Version  : SwapRouter02 (NOT the older SwapRouter — different selectors)
+// Chain    : Base mainnet (8453)
+// Target   : SwapRouter02  0x2626664c2603336E57B271c5C0b26F421741e481  (verified on Basescan)
+//
+// ENFORCES ON-CHAIN (kernel calls evaluate() on every dispatch; false ⇒ dispatch blocked):
+//   exactInputSingle((address,address,uint24,address,uint256,uint256,uint160))  selector 0x04e45aaf
+//     • target must be SWAP_ROUTER
+//     • tokenIn  must equal FIXED_TOKEN_IN
+//     • tokenOut must be in ALLOWED_TOKENS_OUT
+//     • amountIn ≤ MAX_AMOUNT_IN
+//     • amountOutMinimum ≥ amountIn × MIN_BPS / 10 000  (slippage floor — see caveat below)
+//   approve(address,uint256)  selector 0x095ea7b3
+//     • target must be FIXED_TOKEN_IN (the ERC-20 being approved)
+//     • spender must be SWAP_ROUTER
+//     • amount  ≤ MAX_AMOUNT_IN
+//
+// AGENT-ENFORCED / NOT BOUNDED HERE (off-chain — can change without redeploying this contract):
+//   • fee tier, sqrtPriceLimitX96, recipient address
+//   • swap frequency / cadence
+//   • real (cross-denomination) slippage — see MIN_BPS caveat in evaluate()
+//
+// VERIFY BEFORE USE:
+//   • Confirm SwapRouter02 address on your chain (Base default shown above; verified on Basescan).
+//   • Selector 0x04e45aaf = exactInputSingle((address,address,uint24,address,uint256,uint256,uint160))
+//     on SwapRouter02 (verified via `cast sig`). The OLDER SwapRouter's exactInputSingle (the
+//     deadline variant) is 0x414bf389 — a different selector; do not confuse the two.
+//   • Confirm that amountOutMinimum slippage floor fits your price-impact expectations for the
+//     chosen pool. Large amountIn values may trigger price impact beyond MIN_BPS.
+// ─────────────────────────────────────────────────────────────────────────────
+import {IPermission, Context} from "@sail/interfaces/IPermission.sol";
+contract BoundedSwap_UniswapV3_Base is IPermission {
+    bytes32 private constant DISCRIMINATOR = keccak256("BoundedSwap_UniswapV3_Base");
+    address public immutable SWAP_ROUTER;
+    address public immutable FIXED_TOKEN_IN;
+    mapping(address => bool) public isAllowedTokenOut;
+    uint256 public immutable MAX_AMOUNT_IN;
+    /// @dev Slippage floor in basis points. 9 900 = allow at most 1% slippage.
+    uint256 public immutable MIN_BPS;
+    bytes4 private constant SEL_EXACT_INPUT_SINGLE = 0x04e45aaf;
+    bytes4 private constant SEL_APPROVE            = 0x095ea7b3;
+    struct ExactInputSingleParams {
+        address tokenIn;
+        address tokenOut;
+        uint24  fee;
+        address recipient;
+        uint256 amountIn;
+        uint256 amountOutMinimum;
+        uint160 sqrtPriceLimitX96;
+    }
+    /// @param swapRouter      SwapRouter02 address (0x2626... on Base)
+    /// @param fixedTokenIn    The one token the agent is allowed to sell
+    /// @param allowedTokensOut  Tokens the agent may receive
+    /// @param maxAmountIn     Per-call spend cap in fixedTokenIn base units
+    /// @param minBps          Minimum amountOutMinimum as fraction of amountIn ×10 000
+    ///                        e.g. 9900 → require amountOutMinimum ≥ 99% of amountIn
+    ///                        (denominated in fixedTokenIn units, not USD — set per your pair)
+    constructor(
+        address swapRouter,
+        address fixedTokenIn,
+        address[] memory allowedTokensOut,
+        uint256 maxAmountIn,
+        uint256 minBps
+    ) {
+        require(minBps <= 10_000, "minBps > 10000");
+        SWAP_ROUTER    = swapRouter;
+        FIXED_TOKEN_IN = fixedTokenIn;
+        MAX_AMOUNT_IN  = maxAmountIn;
+        MIN_BPS        = minBps;
+        for (uint256 i = 0; i < allowedTokensOut.length; i++) {
+            isAllowedTokenOut[allowedTokensOut[i]] = true;
+        }
+    }
+    function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
+        if (txData.length < 4) return false;
+        // exactInputSingle: agent swaps FIXED_TOKEN_IN for an allowed output token
+        if (ctx.target == SWAP_ROUTER && ctx.selector == SEL_EXACT_INPUT_SINGLE) {
+            if (txData.length < 4 + 7 * 32) return false;
+            ExactInputSingleParams memory p = abi.decode(txData[4:], (ExactInputSingleParams));
+            if (p.tokenIn != FIXED_TOKEN_IN)         return false;
+            if (!isAllowedTokenOut[p.tokenOut])      return false;
+            if (p.amountIn > MAX_AMOUNT_IN)          return false;
+            // Slippage floor: amountOutMinimum ≥ amountIn × MIN_BPS / 10 000.
+            // WARNING: compares tokenOut against tokenIn base units. For same-price/same-decimal
+            // pairs this maps to a slippage %. For cross-price pairs (e.g. USDC→WETH) it is
+            // trivially satisfied — real slippage is enforced by the agent off-chain, not here.
+            if (p.amountOutMinimum < (p.amountIn * MIN_BPS) / 10_000) return false;
+            return true;
+        }
+        // approve: agent approves the router to spend FIXED_TOKEN_IN
+        if (ctx.target == FIXED_TOKEN_IN && ctx.selector == SEL_APPROVE) {
+            if (txData.length < 4 + 2 * 32) return false;
+            (address spender, uint256 amount) = abi.decode(txData[4:], (address, uint256));
+            if (spender != SWAP_ROUTER)  return false;
+            if (amount > MAX_AMOUNT_IN)  return false;
+            return true;
+        }
+        return false;
+    }
+    function discriminator() external pure returns (bytes32) { return DISCRIMINATOR; }
+}

package/examples/permissions/BoundedSwap_UniswapV4_Unichain.sol CHANGED Viewed

@@ -1,144 +1,150 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
-// ─────────────────────────────────────────────────────────────────────────────
-// Protocol : Uniswap V4
-// Version  : Universal Router + PoolManager (V4 singleton)
-//            NOTE: V4 is NOT the same as V3. Calldata encoding is completely
-//            different — do NOT adapt a V3 permission for V4.
-// Chain    : Unichain mainnet
-// Target   : Universal Router  0xef740bf23acae26f6492b10de645d6b98dc8eaf3
-//            (verify on Uniscan before use)
-//
-// ENFORCED ON-CHAIN (via kernel evaluate() on every dispatch):
-//   execute(bytes,bytes[]) or execute(bytes,bytes[],uint256):
-//     • target must be UNIVERSAL_ROUTER
-//     • first command byte (masking the allow-failure MSB) must be V4_SWAP (0x10)
-//     • exactly one command (single-swap path — disallow multi-hop command strings)
-//     • V4 action inside must be SWAP_EXACT_IN_SINGLE (0x00)
-//     • tokenIn (from poolKey, derived by zeroForOne) must be FIXED_CURRENCY_IN
-//     • tokenOut must be in ALLOWED_CURRENCIES_OUT
-//     • amountIn ≤ MAX_AMOUNT_IN
-//     • amountOutMinimum ≥ amountIn × MIN_BPS / 10 000
-//
-// NOT ENFORCED — documented limitations:
-//   • hookData is not inspected (hooks can alter swap behavior on-chain; if the
-//     pool uses a hook that significantly changes execution, this permission cannot
-//     constrain it. Deploy against pools with address(0) hooks or audited hooks only.)
-//   • fee tier and tickSpacing within the PoolKey are not constrained here
-//     (add pool-key checks if you want to restrict to a specific pool)
-//   • The ALL_CURRENCY_PAIR constant (FIXED_CURRENCY_IN, allowedCurrenciesOut) does
-//     not constrain which pool is used when multiple pools share the same currency pair
-//
-// VERIFY BEFORE USE:
-//   • Confirm Universal Router address on Unichain (shown above; verify on Uniscan).
-//   • V4_SWAP command byte = 0x10, SWAP_EXACT_IN_SINGLE action = 0x00 — verify
-//     against deployed UniversalRouter and V4Router on Unichain if contract is updated.
-//   • PoolKey struct layout (currency0, currency1, fee, tickSpacing, hooks) must
-//     match the deployed PoolManager on Unichain. If layout changes, update struct.
-//   • hookData is not bounded. Only use with unhookyed pools or audited, bounded hooks.
-//   • Calldata revert = false (kernel treats revert as denial) — malformed inputs
-//     are safely rejected, but verify with actual calldata samples before deployment.
-// ─────────────────────────────────────────────────────────────────────────────
-import {IPermission, Context} from "@sail/interfaces/IPermission.sol";
-contract BoundedSwap_UniswapV4_Unichain is IPermission {
-    bytes32 private constant DISCRIMINATOR = keccak256("BoundedSwap_UniswapV4_Unichain");
-    address public immutable UNIVERSAL_ROUTER;
-    address public immutable FIXED_CURRENCY_IN;
-    mapping(address => bool) public isAllowedCurrencyOut;
-    uint256 public immutable MAX_AMOUNT_IN;
-    uint256 public immutable MIN_BPS;
-    // execute(bytes,bytes[],uint256) — with deadline
-    bytes4 private constant SEL_EXECUTE_DEADLINE = 0x3593564c;
-    // execute(bytes,bytes[])          — without deadline
-    bytes4 private constant SEL_EXECUTE           = 0x24856bc3;
-    // Universal Router command byte for V4_SWAP
-    uint8 private constant CMD_V4_SWAP = 0x10;
-    // Bit mask to strip the "allow failure" MSB from a command byte
-    uint8 private constant CMD_MASK = 0x3f;
-    // V4Router action: SWAP_EXACT_IN_SINGLE
-    uint8 private constant ACT_SWAP_EXACT_IN_SINGLE = 0x00;
-    // PoolKey layout must match the deployed V4 PoolManager on Unichain
-    struct PoolKey {
-        address currency0;  // Currency — address type in V4
-        address currency1;
-        uint24  fee;
-        int24   tickSpacing;
-        address hooks;      // IHooks — address(0) for unhookyed pools
-    }
-    struct ExactInputSingleParams {
-        PoolKey poolKey;
-        bool    zeroForOne;
-        uint128 amountIn;
-        uint128 amountOutMinimum;
-        bytes   hookData;   // not inspected — see limitations header
-    }
-    constructor(
-        address universalRouter,
-        address fixedCurrencyIn,
-        address[] memory allowedCurrenciesOut,
-        uint256 maxAmountIn,
-        uint256 minBps
-    ) {
-        require(minBps <= 10_000, "minBps > 10000");
-        UNIVERSAL_ROUTER  = universalRouter;
-        FIXED_CURRENCY_IN = fixedCurrencyIn;
-        MAX_AMOUNT_IN     = maxAmountIn;
-        MIN_BPS           = minBps;
-        for (uint256 i = 0; i < allowedCurrenciesOut.length; i++) {
-            isAllowedCurrenciesOut[allowedCurrenciesOut[i]] = true;
-        }
-    }
-    mapping(address => bool) private isAllowedCurrenciesOut;
-    function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
-        if (ctx.target != UNIVERSAL_ROUTER) return false;
-        if (ctx.selector != SEL_EXECUTE_DEADLINE && ctx.selector != SEL_EXECUTE) return false;
-        if (txData.length < 4) return false;
-        // Decode the execute call. Both overloads start with (bytes commands, bytes[] inputs).
-        // abi.decode ignores trailing fields, so decoding as (bytes, bytes[]) works for both.
-        (bytes memory commands, bytes[] memory inputs) = abi.decode(txData[4:], (bytes, bytes[]));
-        // Enforce: exactly one command, and it must be V4_SWAP
-        if (commands.length != 1)                              return false;
-        if ((uint8(commands[0]) & CMD_MASK) != CMD_V4_SWAP)   return false;
-        if (inputs.length != 1)                                return false;
-        // Decode the V4 router call (actions + per-action params)
-        (bytes memory v4Actions, bytes[] memory v4Params) =
-            abi.decode(inputs[0], (bytes, bytes[]));
-        // Enforce: exactly one V4 action, and it must be SWAP_EXACT_IN_SINGLE
-        if (v4Actions.length != 1)                                                    return false;
-        if (uint8(v4Actions[0]) != ACT_SWAP_EXACT_IN_SINGLE)                         return false;
-        if (v4Params.length != 1)                                                     return false;
-        // Decode ExactInputSingleParams from the action param.
-        // hookData is a dynamic bytes field — revert here means false (fail closed).
-        ExactInputSingleParams memory p = abi.decode(v4Params[0], (ExactInputSingleParams));
-        // Derive tokenIn and tokenOut from the PoolKey and zeroForOne flag.
-        // In V4, currency0 < currency1 (sorted by address). zeroForOne = true means
-        // trading currency0 for currency1.
-        address tokenIn  = p.zeroForOne ? p.poolKey.currency0 : p.poolKey.currency1;
-        address tokenOut = p.zeroForOne ? p.poolKey.currency1 : p.poolKey.currency0;
-        if (tokenIn != FIXED_CURRENCY_IN)            return false;
-        if (!isAllowedCurrenciesOut[tokenOut])       return false;
-        if (p.amountIn > MAX_AMOUNT_IN)              return false;
-        if (p.amountOutMinimum < (uint256(p.amountIn) * MIN_BPS) / 10_000) return false;
-        return true;
-    }
-    function discriminator() external pure returns (bytes32) { return DISCRIMINATOR; }
-}
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.26;
+// ─────────────────────────────────────────────────────────────────────────────
+// Protocol : Uniswap V4
+// Version  : Universal Router + PoolManager (V4 singleton)
+//            NOTE: V4 is NOT the same as V3. Calldata encoding is completely
+//            different — do NOT adapt a V3 permission for V4.
+// Chain    : Unichain mainnet
+// Target   : Universal Router  0xef740bf23acae26f6492b10de645d6b98dc8eaf3
+//            (verify on Uniscan before use)
+//
+// ENFORCES ON-CHAIN (kernel calls evaluate() on every dispatch; false ⇒ dispatch blocked):
+//   execute(bytes,bytes[],uint256) selector 0x3593564c  /  execute(bytes,bytes[]) selector 0x24856bc3
+//     • target must be UNIVERSAL_ROUTER
+//     • first command byte (masking the allow-failure MSB) must be V4_SWAP (0x10)
+//     • exactly one command (single-swap path — disallow multi-hop command strings)
+//     • V4 action inside must be SWAP_EXACT_IN_SINGLE (0x00)
+//     • tokenIn (from poolKey, derived by zeroForOne) must be FIXED_CURRENCY_IN
+//     • tokenOut must be in ALLOWED_CURRENCIES_OUT
+//     • amountIn ≤ MAX_AMOUNT_IN
+//     • amountOutMinimum ≥ amountIn × MIN_BPS / 10 000  (slippage floor — see caveat below)
+//
+// AGENT-ENFORCED / NOT BOUNDED HERE (off-chain — can change without redeploying this contract):
+//   • real (cross-denomination) slippage — see MIN_BPS caveat in evaluate()
+//   • swap frequency / cadence
+//
+// DOCUMENTED LIMITATIONS (on-chain, but intentionally not constrained):
+//   • hookData is not inspected (hooks can alter swap behavior on-chain; if the
+//     pool uses a hook that significantly changes execution, this permission cannot
+//     constrain it. Deploy against pools with address(0) hooks or audited hooks only.)
+//   • fee tier and tickSpacing within the PoolKey are not constrained here
+//     (add pool-key checks if you want to restrict to a specific pool)
+//   • The ALL_CURRENCY_PAIR constant (FIXED_CURRENCY_IN, allowedCurrenciesOut) does
+//     not constrain which pool is used when multiple pools share the same currency pair
+//
+// VERIFY BEFORE USE:
+//   • Confirm Universal Router address on Unichain (shown above; verify on Uniscan).
+//   • V4_SWAP command byte = 0x10, SWAP_EXACT_IN_SINGLE action = 0x00 — verify
+//     against deployed UniversalRouter and V4Router on Unichain if contract is updated.
+//   • PoolKey struct layout (currency0, currency1, fee, tickSpacing, hooks) must
+//     match the deployed PoolManager on Unichain. If layout changes, update struct.
+//   • hookData is not bounded. Only use with unhookyed pools or audited, bounded hooks.
+//   • Calldata revert = false (kernel treats revert as denial) — malformed inputs
+//     are safely rejected, but verify with actual calldata samples before deployment.
+// ─────────────────────────────────────────────────────────────────────────────
+import {IPermission, Context} from "@sail/interfaces/IPermission.sol";
+contract BoundedSwap_UniswapV4_Unichain is IPermission {
+    bytes32 private constant DISCRIMINATOR = keccak256("BoundedSwap_UniswapV4_Unichain");
+    address public immutable UNIVERSAL_ROUTER;
+    address public immutable FIXED_CURRENCY_IN;
+    mapping(address => bool) public isAllowedCurrencyOut;
+    uint256 public immutable MAX_AMOUNT_IN;
+    uint256 public immutable MIN_BPS;
+    // execute(bytes,bytes[],uint256) — with deadline
+    bytes4 private constant SEL_EXECUTE_DEADLINE = 0x3593564c;
+    // execute(bytes,bytes[])          — without deadline
+    bytes4 private constant SEL_EXECUTE           = 0x24856bc3;
+    // Universal Router command byte for V4_SWAP
+    uint8 private constant CMD_V4_SWAP = 0x10;
+    // Bit mask to strip the "allow failure" MSB from a command byte
+    uint8 private constant CMD_MASK = 0x3f;
+    // V4Router action: SWAP_EXACT_IN_SINGLE
+    uint8 private constant ACT_SWAP_EXACT_IN_SINGLE = 0x00;
+    // PoolKey layout must match the deployed V4 PoolManager on Unichain
+    struct PoolKey {
+        address currency0;  // Currency — address type in V4
+        address currency1;
+        uint24  fee;
+        int24   tickSpacing;
+        address hooks;      // IHooks — address(0) for unhookyed pools
+    }
+    struct ExactInputSingleParams {
+        PoolKey poolKey;
+        bool    zeroForOne;
+        uint128 amountIn;
+        uint128 amountOutMinimum;
+        bytes   hookData;   // not inspected — see limitations header
+    }
+    constructor(
+        address universalRouter,
+        address fixedCurrencyIn,
+        address[] memory allowedCurrenciesOut,
+        uint256 maxAmountIn,
+        uint256 minBps
+    ) {
+        require(minBps <= 10_000, "minBps > 10000");
+        UNIVERSAL_ROUTER  = universalRouter;
+        FIXED_CURRENCY_IN = fixedCurrencyIn;
+        MAX_AMOUNT_IN     = maxAmountIn;
+        MIN_BPS           = minBps;
+        for (uint256 i = 0; i < allowedCurrenciesOut.length; i++) {
+            isAllowedCurrencyOut[allowedCurrenciesOut[i]] = true;
+        }
+    }
+    function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
+        if (ctx.target != UNIVERSAL_ROUTER) return false;
+        if (ctx.selector != SEL_EXECUTE_DEADLINE && ctx.selector != SEL_EXECUTE) return false;
+        if (txData.length < 4) return false;
+        // Decode the execute call. Both overloads start with (bytes commands, bytes[] inputs).
+        // abi.decode ignores trailing fields, so decoding as (bytes, bytes[]) works for both.
+        (bytes memory commands, bytes[] memory inputs) = abi.decode(txData[4:], (bytes, bytes[]));
+        // Enforce: exactly one command, and it must be V4_SWAP
+        if (commands.length != 1)                              return false;
+        if ((uint8(commands[0]) & CMD_MASK) != CMD_V4_SWAP)   return false;
+        if (inputs.length != 1)                                return false;
+        // Decode the V4 router call (actions + per-action params)
+        (bytes memory v4Actions, bytes[] memory v4Params) =
+            abi.decode(inputs[0], (bytes, bytes[]));
+        // Enforce: exactly one V4 action, and it must be SWAP_EXACT_IN_SINGLE
+        if (v4Actions.length != 1)                                                    return false;
+        if (uint8(v4Actions[0]) != ACT_SWAP_EXACT_IN_SINGLE)                         return false;
+        if (v4Params.length != 1)                                                     return false;
+        // Decode ExactInputSingleParams from the action param.
+        // hookData is a dynamic bytes field — revert here means false (fail closed).
+        ExactInputSingleParams memory p = abi.decode(v4Params[0], (ExactInputSingleParams));
+        // Derive tokenIn and tokenOut from the PoolKey and zeroForOne flag.
+        // In V4, currency0 < currency1 (sorted by address). zeroForOne = true means
+        // trading currency0 for currency1.
+        address tokenIn  = p.zeroForOne ? p.poolKey.currency0 : p.poolKey.currency1;
+        address tokenOut = p.zeroForOne ? p.poolKey.currency1 : p.poolKey.currency0;
+        if (tokenIn != FIXED_CURRENCY_IN)            return false;
+        if (!isAllowedCurrencyOut[tokenOut])         return false;
+        if (p.amountIn > MAX_AMOUNT_IN)              return false;
+        // Slippage floor: amountOutMinimum ≥ amountIn × MIN_BPS / 10 000.
+        // WARNING: compares tokenOut against tokenIn base units. For same-price/same-decimal
+        // pairs this maps to a slippage %. For cross-price pairs it is trivially satisfied —
+        // real slippage is enforced by the agent off-chain, not by this contract.
+        if (p.amountOutMinimum < (uint256(p.amountIn) * MIN_BPS) / 10_000) return false;
+        return true;
+    }
+    function discriminator() external pure returns (bytes32) { return DISCRIMINATOR; }
+}