npm - @dev.sail.money/sailor - Versions diffs - 1.2.1-86 → 1.2.1-87 - Mend

@dev.sail.money/sailor 1.2.1-86 → 1.2.1-87

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md +1 -1
package/examples/custom-mandate/README.md +8 -1
package/examples/permissions/README.md +3 -0
package/package.json +1 -1
package/packages/cli/dist/index.cjs +140 -1
package/packages/sdk/dist/intelligence.d.ts +1 -1
package/packages/sdk/dist/intelligence.js +1 -1
package/templates/default/.agents/skills/sail-mandates/SKILL.md +7 -2
package/templates/default/.agents/skills/sail-transactions/SKILL.md +1 -1

package/README.md CHANGED Viewed

@@ -143,7 +143,7 @@ sailor onboard --new-sma   # deploy SMA and optionally attach a mandate
 sailor mandate simulate    # probe a permission off-chain (no gas) before registering
 sailor mandate sign        # sign the mandate — reconciles against live on-chain state
 sailor mandate deploy      # deploy a Foundry-compiled permission contract
-sailor mandate attach      # register an already-deployed permission on an SMA
+sailor mandate attach      # register a deployed permission on an SMA (or a comma-separated list, in one signature)
 # Agent operation
 sailor run --once          # single tick — confirm it works before automating

package/examples/custom-mandate/README.md CHANGED Viewed

@@ -64,7 +64,14 @@ sailor mandate deploy --contract <Name>            # prints the deployed address
 sailor mandate attach --address <deployedAddress> --sma <SMA>
 ```
-Both attach paths open the browser signing station so the owner authorizes the registration
+To attach several permissions, deploy each one first, then register them all in a single
+signature by passing a comma-separated list:
+```bash
+sailor mandate attach --address <addr1>,<addr2>,<addr3> --sma <SMA>
+```
+These attach commands open the browser signing station so the owner authorizes the registration
 (EIP-712 `RegisterPermission`); the agent submits the on-chain transaction.
 ## Prerequisites

package/examples/permissions/README.md CHANGED Viewed

@@ -74,6 +74,9 @@ To deploy within a Sailor project (copy the .sol file to `mandates/` first):
 sailor mandate deploy --contract <Name> --args '[...]' --attach --sma <SMA>
 ```
+For several permissions, deploy each one (without `--attach`), then register them together in
+one signature: `sailor mandate attach --address <addr1>,<addr2> --sma <SMA>`.
 ## Verify before you authorize
 Prove a permission accepts the calls you want and rejects the ones you don't — before paying

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dev.sail.money/sailor",
-  "version": "1.2.1-86",
+  "version": "1.2.1-87",
   "description": "Operator toolkit for Sail Protocol",
   "bin": {
     "sailor": "packages/cli/dist/index.cjs"

package/packages/cli/dist/index.cjs CHANGED Viewed

@@ -42343,6 +42343,10 @@ async function runAttach(project, channel, options) {
   if (!isAddress(options.sma, { strict: false })) throw new Error(`Invalid --sma address: ${options.sma}`);
   const sma = getAddress(options.sma);
   const store = new MandateStore();
+  if (options.address.includes(",")) {
+    await runAttachBatch(project, channel, options, sma, store);
+    return;
+  }
   const tracked = store.find(options.address);
   const rawAddress = tracked?.address ?? options.address;
   if (!isAddress(rawAddress, { strict: false })) {
@@ -42370,6 +42374,21 @@ async function runAttach(project, channel, options) {
     attached: { sma, mandate: mandateAddress, txHash }
   });
 }
+async function runAttachBatch(project, channel, options, sma, store) {
+  const json = !!options.json;
+  const permissions = [...new Set(parseAddressList(options.address, "--address"))];
+  const publicClient = publicClientFor(project);
+  announceSigningUrl(json);
+  const txHash = await attachBatchToSma(project, channel, publicClient, sma, permissions, json);
+  for (const permission of permissions) {
+    if (store.find(permission)) store.recordAttachment(permission, { sma, txHash });
+  }
+  emit(json, () => {
+  }, {
+    status: "ok",
+    attached: permissions.map((mandate2) => ({ sma, mandate: mandate2, txHash }))
+  });
+}
 async function mandateRevoke(options) {
   const project = requireProject();
   const channel = await createSigningChannel(process.cwd());
@@ -42559,6 +42578,123 @@ async function attachToSma(project, channel, publicClient, sma, mandate2, label,
   });
   return txHash;
 }
+async function attachBatchToSma(project, channel, publicClient, sma, permissions, json = false) {
+  const say = (fn) => {
+    if (!json) fn();
+  };
+  const agentSigner = await loadManagerSigner2();
+  const registered = await publicClient.readContract({
+    address: project.contracts.kernel,
+    abi: SailKernelAbi,
+    functionName: "registered",
+    args: [sma]
+  });
+  if (!registered) {
+    throw new Error(`SMA ${sma} is not registered with SailKernel; cannot register permissions.`);
+  }
+  const kernelConfig = await publicClient.readContract({
+    address: project.contracts.kernel,
+    abi: SailKernelAbi,
+    functionName: "configs",
+    args: [sma]
+  });
+  const permissionSigner = kernelConfig[0];
+  const caps = await detectKernelCapabilities(publicClient, project.contracts.kernel, {
+    chainId: project.chainId
+  });
+  if (caps.dispatchModel !== "selective") {
+    throw new Error(
+      `Batch attach requires a selective kernel, but ${project.contracts.kernel} reports dispatchModel="${caps.dispatchModel}". Attach permissions one at a time instead (sailor mandate attach --address <one> --sma ${sma}).`
+    );
+  }
+  const nonce = await publicClient.readContract({
+    address: project.contracts.kernel,
+    abi: SailKernelAbi,
+    functionName: "signerNonces",
+    args: [sma]
+  });
+  const deadline = BigInt(Math.floor(Date.now() / 1e3) + 600);
+  const typedData = buildRegisterPermissionsBatchTypedData({
+    chainId: project.chainId,
+    kernel: project.contracts.kernel,
+    account: sma,
+    permissions,
+    nonce,
+    deadline
+  });
+  say(
+    () => console.log(
+      `
+Attaching ${permissions.length} permissions in one signature \u2014 the mandate signer (${permissionSigner}) signs in the browser\u2026`
+    )
+  );
+  const response = await channel.requestSignature({
+    type: "typed-data",
+    kind: "register-permission",
+    title: `Authorize ${permissions.length} permissions`,
+    description: `Sign once to authorize ${permissions.length} permissions on your SMA. The agent submits the registration transaction and pays gas plus the registration fee.`,
+    chainId: project.chainId,
+    details: [
+      { label: "SMA", value: sma },
+      { label: "Permissions", value: String(permissions.length) },
+      { label: "Mandate signer", value: permissionSigner }
+    ],
+    typedData
+  });
+  if (response.status === "rejected") {
+    throw new Error(`User rejected mandate authorization: ${response.reason ?? "no reason given"}`);
+  }
+  if (response.status !== "signature") {
+    throw new Error(`Expected an EIP-712 signature response, got: ${response.status}`);
+  }
+  let fee = 0n;
+  for (const permission of permissions) {
+    fee += await estimatePermissionFee(publicClient, project.contracts.governance, permission);
+  }
+  const chain2 = getChainById(project.chainId);
+  const walletClient = createWalletClient({
+    account: agentSigner.viemAccount,
+    chain: chain2,
+    transport: http(getRpcUrl(project.chainId))
+  });
+  const registerData = encodeFunctionData({
+    abi: SailKernelAbi,
+    functionName: "registerPermissions",
+    args: [sma, permissions, deadline, response.signature]
+  });
+  say(() => console.log(`Submitting batch registration (agent pays gas; fee ${fee} wei)\u2026`));
+  const txHash = await walletClient.sendTransaction({
+    to: project.contracts.kernel,
+    data: registerData,
+    value: fee,
+    account: agentSigner.viemAccount,
+    chain: chain2
+  });
+  const receipt = await publicClient.waitForTransactionReceipt({ hash: txHash });
+  if (receipt.status !== "success") {
+    throw new Error(`registerPermissions reverted (tx ${txHash})`);
+  }
+  for (const permission of permissions) {
+    const present = await pollForPermission(publicClient, project.contracts.kernel, sma, permission);
+    appendActivity({
+      ts: nowIso(),
+      actor: "agent",
+      type: "permission_registered",
+      permission,
+      sma,
+      txHash,
+      chainId: project.chainId
+    });
+    say(() => {
+      if (!present) {
+        console.log(`\u26A0  ${permission} not yet visible in the permission set \u2014 verify on-chain.`);
+      } else {
+        console.log("\u2713", `${permission} present in getPermissions(${sma})`);
+      }
+    });
+  }
+  return txHash;
+}
 async function pollForPermission(publicClient, kernel, account2, permission, attempts = 6) {
   const needle = permission.toLowerCase();
   for (let i = 0; i < attempts; i++) {
@@ -45238,7 +45374,10 @@ var mandate = program2.command("mandate").description("Manage mandates");
 mandate.command("prepare").description("Prepare a mandate draft for review and signing in the UI (MetaMask)").action(action(mandatePrepare));
 mandate.command("sign").description("Review and confirm the permissions authorized for your SMA").option("--yes", "Skip the confirmation prompt (for non-interactive / CI use)").action(actionWith(mandateSign));
 mandate.command("deploy").description("Deploy a Foundry-compiled permission contract via the browser signing UI").option("--artifact <path>", "Path to the Foundry artifact JSON (out/<Name>.sol/<Name>.json)").option("--contract <name>", "Contract name; resolves to <out>/<name>.sol/<name>.json").option("--out <dir>", "Foundry output directory", "out").option("--name <label>", "Label to track this permission under (defaults to contract name)").option("--args <json>", `Constructor args as JSON array. Bash: '["0x..","1"]'. PowerShell: '[\\"0x..\\",\\"1\\"]'. Use --args-file to avoid quoting.`).option("--args-file <path>", "Path to a JSON file containing constructor args array (recommended on PowerShell)").option("--build", "Run `forge build` before deploying").option("--attach", "After deploy, register the permission on --sma").option("--sma <address>", "SMA to register on (required with --attach)").option("--json", "Emit machine-readable JSON").action(actionWith(mandateDeploy));
-mandate.command("attach").description("Register an already-deployed permission on an SMA (EIP-712 RegisterPermission)").requiredOption("--address <mandateOrName>", "Permission address, or a name tracked locally").requiredOption("--sma <address>", "SMA to register the permission on").option("--label <label>", "Human-readable label shown in the signing UI").option("--json", "Emit machine-readable JSON").action(actionWith(mandateAttach));
+mandate.command("attach").description("Register one or more already-deployed permissions on an SMA (EIP-712 RegisterPermission; a comma-separated list registers all in one signature)").requiredOption(
+  "--address <mandateOrName>",
+  "Permission address or locally-tracked name; or a comma-separated list of addresses to register together in one signature"
+).requiredOption("--sma <address>", "SMA to register the permission on").option("--label <label>", "Human-readable label shown in the signing UI").option("--json", "Emit machine-readable JSON").action(actionWith(mandateAttach));
 mandate.command("deploy-clone").description("[currently unavailable \u2014 no clone templates deployed on any chain; use `mandate deploy`] Deploy + register a standalone clone permission via the signing UI").requiredOption("--template <key>", "Standalone clone template key (e.g. boundedApprove)").requiredOption("--sma <address>", "SMA to deploy the clone for and register it on").option("--tokens <csv>", "Comma-separated allowed token addresses").option("--spenders <csv>", "Comma-separated allowed spender addresses").option("--max <amount>", "Max amount per tx in base units (default: uint256 max)").option("--label <label>", "Human-readable label to track this permission under").option("--json", "Emit machine-readable JSON").action(actionWith(mandateDeployClone));
 mandate.command("revoke").description("Revoke permission(s) from an SMA (EIP-712 RevokePermissions, owner-authorized)").option("--address <permissionOrName>", "Permission address, or a name tracked locally").requiredOption("--sma <address>", "Safe (SMA) to revoke the permission(s) from").option("--all", "Revoke every permission currently registered on the SMA").option("--json", "Output JSON").action(actionWith(mandateRevoke));
 mandate.command("templates").description("Show how to author your own permission contract (and any community-deployed addresses)").option("--json", "Emit machine-readable JSON").action(actionWith(mandateTemplates));

package/packages/sdk/dist/intelligence.d.ts CHANGED Viewed

@@ -5,7 +5,7 @@
  * Do not edit manually — run `pnpm build` to regenerate.
  *
  * Spec version : 1.2.0
- * Generated at : 2026-06-19T14:03:47.666Z
+ * Generated at : 2026-06-19T15:08:30.058Z
  */
 export declare const SAIL_INTELLIGENCE_BASE_URL = "https://api.sail.money";
 export declare const SAIL_INTELLIGENCE_DOCS_URL = "https://api.sail.money/docs";

package/packages/sdk/dist/intelligence.js CHANGED Viewed

@@ -5,7 +5,7 @@
  * Do not edit manually — run `pnpm build` to regenerate.
  *
  * Spec version : 1.2.0
- * Generated at : 2026-06-19T14:03:47.666Z
+ * Generated at : 2026-06-19T15:08:30.058Z
  */
 export const SAIL_INTELLIGENCE_BASE_URL = "https://api.sail.money";
 export const SAIL_INTELLIGENCE_DOCS_URL = "https://api.sail.money/docs";

package/templates/default/.agents/skills/sail-mandates/SKILL.md CHANGED Viewed

@@ -65,6 +65,8 @@ sailor mandate deploy --contract <Name> --sma <SMA> --json   # BLOCKS — owner
 The owner pays gas; the deployed address is read from the receipt and tracked in `.sail/state/mandates.json`. Add `--build` to run `forge build` first.
+When a strategy needs several permissions, **deploy all of them first** (don't `--attach` yet). Each deploy is its own owner-signed contract-creation transaction — those cannot be combined — but attaching them is a single signature (Gate 7), so deploy the full set, then attach it in one step.
 Constructor args: `--args '["0xToken","1000000"]'` (JSON array, inline, bash) or `--args-file args.json` (any shell — required on PowerShell). Full per-shell quoting rules: [references/constructor-args.md](references/constructor-args.md). Values are coerced to the constructor's ABI types (uint→bigint, etc.) and the array length is validated.
 ## Gate 6 — Simulate against must-pass AND must-fail samples
@@ -84,10 +86,13 @@ This is an off-chain `eth_call` — no gas, no signing. It reports what `evaluat
 ## Gate 7 — Attach (authorize)
 ```bash
-sailor mandate attach --address <PermissionOrName> --sma <SMA> --json   # BLOCKS — owner signs RegisterPermission EIP-712 in the browser
+sailor mandate attach --address <PermissionOrName> --sma <SMA> --json              # one permission, one signature
+sailor mandate attach --address <addr1>,<addr2>,<addr3> --sma <SMA> --json          # many permissions, ONE signature
 ```
-Only now is the permission live. The owner (mandate signer) signs in the browser; the agent submits the registration and pays gas plus any registration fee. **Fund the agent wallet before attaching**, or this step fails with `gas required exceeds allowance`. The CLI verifies the signature came from the on-chain mandate signer — a wrong connected wallet is rejected. After confirmation it polls `getPermissions()` until the permission appears. Per-call model: attach every permission the strategy needs (bounded-approve alongside the protocol permission) in one signing session.
+Only now is the permission live. The owner (mandate signer) signs in the browser; the agent submits the registration and pays gas plus any registration fee. **Fund the agent wallet before attaching**, or this step fails with `gas required exceeds allowance`. The CLI verifies the signature came from the on-chain mandate signer — a wrong connected wallet is rejected. After confirmation it polls `getPermissions()` until the permissions appear.
+When a strategy needs several permissions (e.g. a bounded-approve alongside the protocol permission), attach them all at once by passing a comma-separated list of addresses — the registration approvals collapse to a **single** browser signature via the kernel's `registerPermissions`. The earlier per-contract deploy approvals (Gate 5) are separate and unavoidable. A single permission attaches exactly as before with `--address <one>`.
 ## Maintenance

package/templates/default/.agents/skills/sail-transactions/SKILL.md CHANGED Viewed

@@ -51,7 +51,7 @@ These open a signing channel, push a request, and wait (default timeout 10 minut
 | `sailor account deploy-chain --chain <id>` | `create-sma` transaction on the target chain |
 | `sailor account rotate-signer` | Delegate rotation + mandate re-approvals |
 | `sailor mandate deploy` | `deploy-mandate` contract-creation transaction (owner pays gas) |
-| `sailor mandate attach` | `RegisterPermission` EIP-712 (off-chain signature; agent submits and pays gas) |
+| `sailor mandate attach` | `RegisterPermission` EIP-712 — one permission; a comma-separated `--address` list signs `RegisterPermissions` once for all (off-chain signature; agent submits and pays gas) |
 | `sailor mandate deploy-clone` | `RegisterPermission` EIP-712 for the predicted clone address |
 | `sailor mandate revoke` | `RevokePermissions` EIP-712 (agent submits and pays gas) |
 | `sailor owner connect` | Nothing — blocks up to 300s waiting for a wallet to connect |