@dev.sail.money/sailor 1.2.0-76 → 1.2.0-78

package/examples/permissions/BoundedLimitless_Base.sol

@@ -0,0 +1,105 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.26;
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Protocol : Limitless Exchange
+// Version  : Polymarket-fork prediction market — OFF-CHAIN CLOB on Base
+// Chain    : Base mainnet
+//
+// ⚠ READ FIRST — you CANNOT bound the bet itself on-chain.
+//   Limitless is a Polymarket fork. Orders are EIP-712 structs signed OFF-CHAIN
+//   and POSTed to the Limitless API; the on-chain CTF Exchange only settles
+//   orders the API has already matched. There is no on-chain `buy(...)` call for
+//   a permission to gate — the kernel never sees the bet. A permission that
+//   pretends to bound bet placement bounds nothing.
+//
+//   Worse, the SMA cannot even be the bettor. The Limitless API validates every
+//   order by ECDSA-recovering the signature and requiring
+//   `maker == signer == profile.account` — unconditionally, ignoring
+//   `signatureType` (so EIP-1271 / Gnosis-Safe signing never applies off-chain).
+//   A smart contract cannot produce an ECDSA signature, and `addOperator` is
+//   admin-only. Therefore the maker MUST be an EOA.
+//
+// THE WORKING MODEL — SMA as treasury, manager (agent EOA) as trader:
+//   • SMA holds the bulk USDC. This permission bounds ONLY the treasury → trader
+//     funding flow (a capped transfer to the manager + approvals to the venue).
+//   • The manager wallet is the on-chain maker: it holds a small USDC float,
+//     signs CLOB orders off-chain, holds the ConditionalTokens positions, and
+//     redeems winnings. The bet sizing/selection is off-chain agent logic.
+//   • Risk surface = the float on the manager, not the SMA balance.
+//
+// ENFORCES ON-CHAIN (kernel calls evaluate() on every dispatch; false ⇒ blocked):
+//   USDC.transfer(address to, uint256 amount)   selector 0xa9059cbb
+//     • target must be USDC
+//     • to must be the MANAGER wallet (treasury can only fund the trader)
+//     • amount ≤ MAX_TRANSFER (per-dispatch float cap)
+//   USDC.approve(address spender, uint256 amount) selector 0x095ea7b3
+//     • target must be USDC
+//     • spender must be an ALLOWED_SPENDER (CTF Exchange / NegRisk Exchange / Adapter)
+//
+// AGENT-ENFORCED / NOT BOUNDED HERE (off-chain — the kernel cannot see these):
+//   • Bet placement, market/outcome selection, price, stake sizing (off-chain CLOB)
+//   • Redeeming winnings (a manager-EOA tx; the manager, not the SMA, holds the tokens)
+//   • Timing / frequency
+//
+// VERIFY BEFORE USE:
+//   • MANAGER is your agent wallet (the only address the treasury may fund).
+//   • USDC is native Base USDC (0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913).
+//   • ALLOWED_SPENDERS are the live Limitless CTF Exchange, NegRisk Exchange, and
+//     NegRisk Adapter addresses on Base (confirm on Basescan).
+// ─────────────────────────────────────────────────────────────────────────────
+
+import {IPermission, Context} from "@sail/interfaces/IPermission.sol";
+
+contract BoundedLimitless_Base is IPermission {
+    bytes32 private constant DISCRIMINATOR = keccak256("BoundedLimitless_Base");
+
+    bytes4 private constant SEL_TRANSFER = bytes4(keccak256("transfer(address,uint256)")); // 0xa9059cbb
+    bytes4 private constant SEL_APPROVE  = bytes4(keccak256("approve(address,uint256)"));   // 0x095ea7b3
+
+    address public immutable USDC;
+    address public immutable MANAGER;
+    uint256 public immutable MAX_TRANSFER;
+    mapping(address => bool) public isAllowedSpender;
+
+    /// @param usdc            USDC token address on Base (the only target this permission bounds)
+    /// @param manager         The agent EOA — the only address the treasury may fund
+    /// @param maxTransfer     Per-dispatch cap on the treasury → manager transfer (base units)
+    /// @param allowedSpenders Venue addresses USDC may be approved to (CTF Exchange / NegRisk / Adapter)
+    constructor(
+        address usdc,
+        address manager,
+        uint256 maxTransfer,
+        address[] memory allowedSpenders
+    ) {
+        USDC         = usdc;
+        MANAGER      = manager;
+        MAX_TRANSFER = maxTransfer;
+        for (uint256 i = 0; i < allowedSpenders.length; i++) {
+            isAllowedSpender[allowedSpenders[i]] = true;
+        }
+    }
+
+    function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
+        // Only USDC is in scope, and no native value may ride along.
+        if (ctx.target != USDC) return false;
+        if (ctx.value != 0)     return false;
+        if (txData.length < 4 + 2 * 32) return false;
+
+        if (ctx.selector == SEL_TRANSFER) {
+            (address to, uint256 amount) = abi.decode(txData[4:], (address, uint256));
+            if (to != MANAGER)        return false; // treasury funds the trader only
+            if (amount > MAX_TRANSFER) return false; // bounded float, not the whole SMA
+            return true;
+        }
+
+        if (ctx.selector == SEL_APPROVE) {
+            (address spender, ) = abi.decode(txData[4:], (address, uint256));
+            return isAllowedSpender[spender]; // approve only the venue contracts
+        }
+
+        return false;
+    }
+
+    function discriminator() external pure returns (bytes32) { return DISCRIMINATOR; }
+}

package/examples/permissions/README.md

@@ -10,10 +10,12 @@ write your own.
 ## Permissions are only as strong as the protocol is on-chain
 
 A permission is evaluated by the kernel on every dispatch — but it can only see what happens
-on-chain. For venues with off-chain order matching (e.g. Polymarket, Hyperliquid), a permission
-can constrain deposits, withdrawals, and sub-accounts, but NOT the orders your agent signs
-off-chain. Prefer fully on-chain venues — Uniswap, Aave, GMX, Synthetix, Limitless — where every
-action passes through the kernel and your bounds actually hold.
+on-chain. For venues with off-chain order matching (e.g. Polymarket, Limitless, Hyperliquid), a
+permission can constrain deposits, withdrawals, approvals, and treasury flows, but NOT the orders
+your agent signs off-chain. Prefer fully on-chain venues — Uniswap, Aave, GMX, Synthetix — where
+every action passes through the kernel and your bounds actually hold. For an off-chain-CLOB venue,
+bound the funding flow instead and accept that the trade itself is agent-enforced — see
+`BoundedLimitless_Base.sol`.
 
 ## Permissions are protocol- and version-specific
 
@@ -51,7 +53,7 @@ off-chain agent code — these do *not* hold on-chain). Read both before deployi
 | `BoundedStake_Venice_Base.sol` | Venice (VVV) staking | sVVV staking | Base | Full decode |
 | `BoundedTransfer_ERC20_Ethereum.sol` | ERC-20 Transfer | — | Ethereum (any EVM) | Full decode |
 | `BoundedPerp_GMXv2_Arbitrum.sol` | GMX Perpetuals | V2 ExchangeRouter | Arbitrum | Reference pattern — verify selector/struct/router against live GMX ABI (see header) |
-| `BoundedBet_Limitless_Base.sol` | Limitless Prediction | CTF Exchange | Base | UNVERIFIED ABI — see header |
+| `BoundedLimitless_Base.sol` | Limitless Prediction (off-chain CLOB) | Polymarket fork | Base | Bounds treasury→trader funding; bet is off-chain (see header) |
 | `BoundedApproveAndCallBatch.sol` | Atomic approve→call→reset | Sail `IBatchPermission` | Any selective kernel | Full decode — batch-only (see note below) |
 
 The `interfaces/` directory holds `IPermission.sol` (single-call permissions) and

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dev.sail.money/sailor",
-  "version": "1.2.0-76",
+  "version": "1.2.0-78",
   "description": "Operator toolkit for Sail Protocol",
   "bin": {
     "sailor": "packages/cli/dist/index.cjs"
@@ -31,6 +31,7 @@
     "typecheck": "pnpm --filter @sail/sdk build && pnpm -r typecheck",
     "docs:check": "node scripts/check-docs.mjs",
     "init:check": "node scripts/check-init.mjs",
+    "update:check": "node scripts/check-update.mjs",
     "eval": "node evals/run.mjs",
     "lint": "biome check ."
   },

package/packages/sdk/dist/intelligence.d.ts

@@ -5,7 +5,7 @@
  * Do not edit manually — run `pnpm build` to regenerate.
  *
  * Spec version : 1.2.0
- * Generated at : 2026-06-18T11:23:35.421Z
+ * Generated at : 2026-06-18T13:17:07.561Z
  */
 export declare const SAIL_INTELLIGENCE_BASE_URL = "https://api.sail.money";
 export declare const SAIL_INTELLIGENCE_DOCS_URL = "https://api.sail.money/docs";

package/packages/sdk/dist/intelligence.js

@@ -5,7 +5,7 @@
  * Do not edit manually — run `pnpm build` to regenerate.
  *
  * Spec version : 1.2.0
- * Generated at : 2026-06-18T11:23:35.421Z
+ * Generated at : 2026-06-18T13:17:07.561Z
  */
 export const SAIL_INTELLIGENCE_BASE_URL = "https://api.sail.money";
 export const SAIL_INTELLIGENCE_DOCS_URL = "https://api.sail.money/docs";

package/examples/permissions/BoundedBet_Limitless_Base.sol

@@ -1,97 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.26;
-
-// ─────────────────────────────────────────────────────────────────────────────
-// Protocol : Limitless
-// Version  : CTF-based prediction market (on-chain settlement on Base)
-//            NOT Polymarket (Polymarket's CLOB matches orders off-chain on Polygon —
-//            a permission cannot bound the orders your agent signs off-chain.
-//            Limitless settles bets on-chain on Base, so the kernel sees every action.)
-// Chain    : Base mainnet
-//
-// ⚠ WARNING — ABI UNVERIFIED ⚠
-//   The Limitless exchange contract address and bet-placement function signature
-//   below are based on published CTF exchange patterns and public documentation.
-//   They have NOT been independently verified against the deployed contracts.
-//   YOU MUST verify these before deploying with real funds:
-//     1. Find the Limitless exchange contract address on Basescan.
-//     2. Read its verified ABI and confirm the buy/place function signature.
-//     3. Recompute the selector and update SEL_BUY.
-//     4. Confirm the parameter layout matches BetParams below.
-//   Deploying this contract with an unverified ABI may silently PASS or FAIL
-//   all dispatches depending on whether the selector matches.
-//
-// ENFORCES ON-CHAIN (kernel calls evaluate() on every dispatch; false ⇒ dispatch blocked)
-//                    — ASSUMING the unverified ABI above is correct:
-//   buy(bytes32 conditionId,uint256 amount,uint256 outcomeIndex)  selector = keccak256(sig)[0:4]
-//     • target must be LIMITLESS_EXCHANGE
-//     • conditionId must be in ALLOWED_CONDITIONS
-//     • amount ≤ MAX_STAKE
-//     • outcomeIndex must be in ALLOWED_OUTCOMES
-//
-// AGENT-ENFORCED / NOT BOUNDED HERE (off-chain — can change without redeploying this contract):
-//   • Market price / odds (on-chain prediction market prices fluctuate)
-//   • Timing / frequency of bets
-//
-// VERIFY BEFORE USE:
-//   • Confirm Limitless exchange address on Base (Basescan).
-//   • Confirm buy function signature and compute selector:
-//     keccak256("buy(bytes32,uint256,uint256)")[0:4] == 0x??? — verify on-chain.
-//   • Confirm conditionId encoding matches the deployed market IDs.
-//   • Update this contract if the ABI or parameter order differs.
-// ─────────────────────────────────────────────────────────────────────────────
-
-import {IPermission, Context} from "@sail/interfaces/IPermission.sol";
-
-contract BoundedBet_Limitless_Base is IPermission {
-    bytes32 private constant DISCRIMINATOR = keccak256("BoundedBet_Limitless_Base");
-
-    /// @dev ⚠ UNVERIFIED — replace with verified Limitless exchange address on Base.
-    address public immutable LIMITLESS_EXCHANGE;
-    mapping(bytes32 => bool) public isAllowedCondition;
-    uint256 public immutable MAX_STAKE;
-    mapping(uint256 => bool) public isAllowedOutcome;
-
-    /// @dev ⚠ UNVERIFIED selector. Compute keccak256("buy(bytes32,uint256,uint256)")[0:4]
-    ///      and confirm it matches the deployed Limitless exchange contract before use.
-    bytes4 private constant SEL_BUY = bytes4(keccak256("buy(bytes32,uint256,uint256)"));
-
-    /// @param limitlessExchange  ⚠ VERIFY — Limitless CTF exchange address on Base
-    /// @param allowedConditions  conditionIds (bytes32) of markets the agent may bet on
-    /// @param maxStake           Per-bet stake cap in collateral base units
-    /// @param allowedOutcomes    Outcome indices the agent may select (e.g. [0] for YES only)
-    constructor(
-        address limitlessExchange,
-        bytes32[] memory allowedConditions,
-        uint256 maxStake,
-        uint256[] memory allowedOutcomes
-    ) {
-        LIMITLESS_EXCHANGE = limitlessExchange;
-        MAX_STAKE          = maxStake;
-        for (uint256 i = 0; i < allowedConditions.length; i++) {
-            isAllowedCondition[allowedConditions[i]] = true;
-        }
-        for (uint256 i = 0; i < allowedOutcomes.length; i++) {
-            isAllowedOutcome[allowedOutcomes[i]] = true;
-        }
-    }
-
-    function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
-        if (ctx.target != LIMITLESS_EXCHANGE) return false;
-        if (ctx.selector != SEL_BUY)          return false;
-        if (txData.length < 4 + 3 * 32)       return false;
-
-        // ⚠ Assumes: buy(bytes32 conditionId, uint256 amount, uint256 outcomeIndex)
-        // Verify parameter order against deployed contract ABI before use.
-        (bytes32 conditionId, uint256 amount, uint256 outcomeIndex) =
-            abi.decode(txData[4:], (bytes32, uint256, uint256));
-
-        if (!isAllowedCondition[conditionId])  return false;
-        if (amount > MAX_STAKE)                return false;
-        if (!isAllowedOutcome[outcomeIndex])   return false;
-
-        return true;
-    }
-
-    function discriminator() external pure returns (bytes32) { return DISCRIMINATOR; }
-}