@dev.sail.money/sailor 1.3.0-222 → 1.3.0-223

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (119) hide show
  1. package/package.json +1 -1
  2. package/packages/cli/dist/index.cjs +348 -126
  3. package/packages/cli/dist/server.cjs +36 -2
  4. package/packages/sdk/dist/abis/SailKernel.d.ts +42 -0
  5. package/packages/sdk/dist/abis/SailKernel.d.ts.map +1 -1
  6. package/packages/sdk/dist/abis/SailKernel.js +34 -0
  7. package/packages/sdk/dist/abis/SailKernel.js.map +1 -1
  8. package/packages/sdk/dist/client.d.ts +1 -1
  9. package/packages/sdk/dist/client.d.ts.map +1 -1
  10. package/packages/sdk/dist/client.js +137 -16
  11. package/packages/sdk/dist/client.js.map +1 -1
  12. package/packages/sdk/dist/eip712.d.ts +84 -0
  13. package/packages/sdk/dist/eip712.d.ts.map +1 -1
  14. package/packages/sdk/dist/eip712.js +148 -0
  15. package/packages/sdk/dist/eip712.js.map +1 -1
  16. package/packages/sdk/dist/index.d.ts +2 -2
  17. package/packages/sdk/dist/index.d.ts.map +1 -1
  18. package/packages/sdk/dist/index.js +2 -2
  19. package/packages/sdk/dist/index.js.map +1 -1
  20. package/packages/sdk/dist/intelligence.d.ts +1 -1
  21. package/packages/sdk/dist/intelligence.js +1 -1
  22. package/packages/sdk/dist/safe.d.ts +49 -0
  23. package/packages/sdk/dist/safe.d.ts.map +1 -1
  24. package/packages/sdk/dist/safe.js +74 -0
  25. package/packages/sdk/dist/safe.js.map +1 -1
  26. package/packages/sdk/package.json +4 -0
  27. package/packages/ui/dist/assets/{add-MwbW2Kgu.js → add-DLYFRKuI.js} +1 -1
  28. package/packages/ui/dist/assets/{all-wallets-C0dje6QH.js → all-wallets-Dz5SZj5e.js} +1 -1
  29. package/packages/ui/dist/assets/{app-store-CpZNN-zo.js → app-store-DCYRFDwY.js} +1 -1
  30. package/packages/ui/dist/assets/{apple-WQYgX_-V.js → apple-BcAi8XTW.js} +1 -1
  31. package/packages/ui/dist/assets/{arrow-bottom-CIQnjfqM.js → arrow-bottom-Bik1zp_1.js} +1 -1
  32. package/packages/ui/dist/assets/{arrow-bottom-circle-fkTpLd9U.js → arrow-bottom-circle-BSA6CcrO.js} +1 -1
  33. package/packages/ui/dist/assets/{arrow-left-J7SX7VDv.js → arrow-left-07r0E796.js} +1 -1
  34. package/packages/ui/dist/assets/{arrow-right-JW-XKTGc.js → arrow-right-CW1Ka1mT.js} +1 -1
  35. package/packages/ui/dist/assets/{arrow-top-BcrR4jX1.js → arrow-top-BoAo8_T9.js} +1 -1
  36. package/packages/ui/dist/assets/{bank-CkKJSigB.js → bank-Bpa5anN0.js} +1 -1
  37. package/packages/ui/dist/assets/{basic-BWpmmYYX.js → basic-CbzdfUfs.js} +1 -1
  38. package/packages/ui/dist/assets/{browser-DbNu1Xml.js → browser-B4YQX2Tn.js} +1 -1
  39. package/packages/ui/dist/assets/{card-DMMLZ0lc.js → card-CF8oS4fb.js} +1 -1
  40. package/packages/ui/dist/assets/{ccip-BUInzeNU.js → ccip-DssR-Uhz.js} +1 -1
  41. package/packages/ui/dist/assets/{checkmark-D4WNfBgu.js → checkmark-BihQ9h3G.js} +1 -1
  42. package/packages/ui/dist/assets/{checkmark-bold-CJDKnHGV.js → checkmark-bold-c5EPMyPR.js} +1 -1
  43. package/packages/ui/dist/assets/{chevron-bottom-CGse12DE.js → chevron-bottom-Lijs68sl.js} +1 -1
  44. package/packages/ui/dist/assets/{chevron-left-BwnBm0wX.js → chevron-left-Cj7sg_Iw.js} +1 -1
  45. package/packages/ui/dist/assets/{chevron-right-BTH6uE8i.js → chevron-right-CqD-gBdk.js} +1 -1
  46. package/packages/ui/dist/assets/{chevron-top-Vnt5ZS8c.js → chevron-top-DDShxMva.js} +1 -1
  47. package/packages/ui/dist/assets/{chrome-store-Cy2iRdDd.js → chrome-store-DSBNmkPw.js} +1 -1
  48. package/packages/ui/dist/assets/{clock-015EU2MN.js → clock-CjlvcnX9.js} +1 -1
  49. package/packages/ui/dist/assets/{close-CAr2h3jf.js → close-QhgNd0Xc.js} +1 -1
  50. package/packages/ui/dist/assets/{coinPlaceholder-nngreaop.js → coinPlaceholder-C7TUN8V-.js} +1 -1
  51. package/packages/ui/dist/assets/{compass-CpuhbqE-.js → compass-DrE1sLwt.js} +1 -1
  52. package/packages/ui/dist/assets/{copy-DnrSObqY.js → copy-CFx1aksp.js} +1 -1
  53. package/packages/ui/dist/assets/{core-DQ2EWQUT.js → core-CcaMuBIR.js} +3 -3
  54. package/packages/ui/dist/assets/cursor-DXDOwzFz.js +3 -0
  55. package/packages/ui/dist/assets/{cursor-transparent-CepvIwjX.js → cursor-transparent-DxBdWZi8.js} +1 -1
  56. package/packages/ui/dist/assets/{desktop-D3NhJjmx.js → desktop-B-ATHCGS.js} +1 -1
  57. package/packages/ui/dist/assets/{disconnect-BkUQsu7N.js → disconnect-Bvu0LqoD.js} +1 -1
  58. package/packages/ui/dist/assets/{discord-BAZ5nxPy.js → discord-DrRGYSx6.js} +1 -1
  59. package/packages/ui/dist/assets/{etherscan-C-3zfPwi.js → etherscan-BaQiGNrH.js} +1 -1
  60. package/packages/ui/dist/assets/{events-DrZd6G39.js → events-BYNiBrPy.js} +1 -1
  61. package/packages/ui/dist/assets/{exclamation-triangle-BugdQ0rh.js → exclamation-triangle-B3yAGM1Q.js} +1 -1
  62. package/packages/ui/dist/assets/{extension-DQR-bRtN.js → extension-CYA4bLg-.js} +1 -1
  63. package/packages/ui/dist/assets/{external-link-ByEErFbe.js → external-link-D5PwFm0_.js} +1 -1
  64. package/packages/ui/dist/assets/{facebook-DyNz32Os.js → facebook-CEwgL1NC.js} +1 -1
  65. package/packages/ui/dist/assets/{fallback-Bv09AdvF.js → fallback-B9sp077f.js} +1 -1
  66. package/packages/ui/dist/assets/{farcaster-CYJVrKjJ.js → farcaster-Ak6D7Lp_.js} +1 -1
  67. package/packages/ui/dist/assets/{filters-CRtCsj4i.js → filters-CJduAQRB.js} +1 -1
  68. package/packages/ui/dist/assets/{github-Bfm71VKl.js → github-PLN2sD5Q.js} +1 -1
  69. package/packages/ui/dist/assets/{google-CnXkb0cL.js → google-BRRn9hKY.js} +1 -1
  70. package/packages/ui/dist/assets/{help-circle-B6fG6lBg.js → help-circle-BnvqUg2y.js} +1 -1
  71. package/packages/ui/dist/assets/{id-Bm9-2y_C.js → id-CJlrhYxX.js} +1 -1
  72. package/packages/ui/dist/assets/{image-C_haYma2.js → image-CPduqsY3.js} +1 -1
  73. package/packages/ui/dist/assets/index-BGmLv6wn.js +1789 -0
  74. package/packages/ui/dist/assets/{index-DQJ_LwfH.js → index-Bp21-hUb.js} +1 -1
  75. package/packages/ui/dist/assets/{index-kySmuWy-.js → index-C0GUKQXc.js} +1 -1
  76. package/packages/ui/dist/assets/{index-l5gIjz0_.js → index-D-OgqpEg.js} +1 -1
  77. package/packages/ui/dist/assets/{index-KGnaXD7Q.js → index-Dyr25y7I.js} +3 -3
  78. package/packages/ui/dist/assets/{index-DfMJ1Tlb.js → index-vEKHRoHD.js} +1 -1
  79. package/packages/ui/dist/assets/{index.es-BGi4To15.js → index.es-Dks2goS7.js} +4 -4
  80. package/packages/ui/dist/assets/{info-BLCSMDje.js → info-CGNHPKFR.js} +1 -1
  81. package/packages/ui/dist/assets/{info-circle-Cmt7ldBL.js → info-circle-D8mpP6LN.js} +1 -1
  82. package/packages/ui/dist/assets/{lightbulb-Db4oBynX.js → lightbulb-BWGaqAI3.js} +1 -1
  83. package/packages/ui/dist/assets/{mail-DMFMfXIo.js → mail-BcfubTQ2.js} +1 -1
  84. package/packages/ui/dist/assets/{metamask-sdk-BcHurOhQ.js → metamask-sdk-B1i24ALe.js} +1 -1
  85. package/packages/ui/dist/assets/{mobile-esY80_81.js → mobile-CglLmMeZ.js} +1 -1
  86. package/packages/ui/dist/assets/{more-DUtPCsh2.js → more-OgWHs8eZ.js} +1 -1
  87. package/packages/ui/dist/assets/{network-placeholder-7hUGq-_M.js → network-placeholder-BUhDcMI_.js} +1 -1
  88. package/packages/ui/dist/assets/{nftPlaceholder-DcVMdVDe.js → nftPlaceholder-wxKy5Q-x.js} +1 -1
  89. package/packages/ui/dist/assets/{off-Mq93E_0u.js → off-DxJM1N51.js} +1 -1
  90. package/packages/ui/dist/assets/{parseSignature-hLrGog8P.js → parseSignature-D838ybCF.js} +1 -1
  91. package/packages/ui/dist/assets/{play-store-C-c1jq8D.js → play-store-jm12tVwP.js} +1 -1
  92. package/packages/ui/dist/assets/{plus-BMCZVapD.js → plus--zRIsRuA.js} +1 -1
  93. package/packages/ui/dist/assets/{qr-code-DIDOHWkK.js → qr-code-DhBJbVz8.js} +1 -1
  94. package/packages/ui/dist/assets/{recycle-horizontal-3UPGi0a3.js → recycle-horizontal-1zQ5U9as.js} +1 -1
  95. package/packages/ui/dist/assets/{refresh-CjS7f_k7.js → refresh-mqmMmKBD.js} +1 -1
  96. package/packages/ui/dist/assets/{reown-logo-CUMmmHe9.js → reown-logo-RZHJRVcN.js} +1 -1
  97. package/packages/ui/dist/assets/{search-0k422Ia0.js → search-Bd45qI2U.js} +1 -1
  98. package/packages/ui/dist/assets/{secp256k1-uSMyuNQS.js → secp256k1-Uhtu7xK-.js} +1 -1
  99. package/packages/ui/dist/assets/{send-DriZ1IoF.js → send-4lxASBOR.js} +1 -1
  100. package/packages/ui/dist/assets/{swapHorizontal-29O8jfdY.js → swapHorizontal-Cj2JRLJS.js} +1 -1
  101. package/packages/ui/dist/assets/{swapHorizontalBold-DKWq7xRG.js → swapHorizontalBold-Byv9z2H0.js} +1 -1
  102. package/packages/ui/dist/assets/{swapHorizontalMedium-BecMIjRA.js → swapHorizontalMedium-BadlZnn_.js} +1 -1
  103. package/packages/ui/dist/assets/{swapHorizontalRoundedBold-DvmeSLT1.js → swapHorizontalRoundedBold-Dl20h9DP.js} +1 -1
  104. package/packages/ui/dist/assets/{swapVertical-BVW5L78V.js → swapVertical-DoFYn8T-.js} +1 -1
  105. package/packages/ui/dist/assets/{telegram-B1zd29RD.js → telegram-DKM_HViT.js} +1 -1
  106. package/packages/ui/dist/assets/{three-dots-C2drEJP_.js → three-dots-CBLRiosA.js} +1 -1
  107. package/packages/ui/dist/assets/{twitch-CbJnGBnZ.js → twitch-Dj3xBpb1.js} +1 -1
  108. package/packages/ui/dist/assets/{twitterIcon-CSNIP1vg.js → twitterIcon-D-wqABHa.js} +1 -1
  109. package/packages/ui/dist/assets/{verify-WovsRsrU.js → verify-BYs2pfC2.js} +1 -1
  110. package/packages/ui/dist/assets/{verify-filled-v7PJlF5U.js → verify-filled-zJG9VG5w.js} +1 -1
  111. package/packages/ui/dist/assets/{w3m-modal-uY2WEwRA.js → w3m-modal-sbOUP95Y.js} +1 -1
  112. package/packages/ui/dist/assets/{wallet-CwfDIuKr.js → wallet-CMl9HrCE.js} +1 -1
  113. package/packages/ui/dist/assets/{wallet-placeholder-Cer-gqcG.js → wallet-placeholder-BneM1wji.js} +1 -1
  114. package/packages/ui/dist/assets/{walletconnect-COO3S5eH.js → walletconnect-DVz3u0az.js} +1 -1
  115. package/packages/ui/dist/assets/{warning-circle-DW9gfynD.js → warning-circle-B_P5OBud.js} +1 -1
  116. package/packages/ui/dist/assets/{x-C-1GlS-K.js → x-CU4y53M6.js} +1 -1
  117. package/packages/ui/dist/index.html +1 -1
  118. package/packages/ui/dist/assets/cursor-CRsSOUdw.js +0 -3
  119. package/packages/ui/dist/assets/index-D52ziSQm.js +0 -1789
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dev.sail.money/sailor",
3
- "version": "1.3.0-222",
3
+ "version": "1.3.0-223",
4
4
  "description": "Operator toolkit for Sail Protocol",
5
5
  "bin": {
6
6
  "sailor": "packages/cli/dist/index.cjs"
@@ -35367,6 +35367,10 @@ var SailKernelAbi = [
35367
35367
  ],
35368
35368
  outputs: [{ name: "account", type: "address" }]
35369
35369
  },
35370
+ // Post-#53: two-step registration. Requires msg.sender == the Safe (trusted-proxy
35371
+ // codehash + trusted-singleton pin) and a Safe owner signature over the
35372
+ // RegisterAccount EIP-712 digest (verified via checkSignatures). Must be submitted
35373
+ // through the Safe's execTransaction, not the owner EOA. See buildRegisterAccountTypedData.
35370
35374
  {
35371
35375
  type: "function",
35372
35376
  name: "registerAccount",
@@ -35374,7 +35378,10 @@ var SailKernelAbi = [
35374
35378
  inputs: [
35375
35379
  { name: "permissionSigner", type: "address" },
35376
35380
  { name: "manager", type: "address" },
35377
- { name: "feePolicy", type: "address" }
35381
+ { name: "feePolicy", type: "address" },
35382
+ { name: "feeAsset", type: "address" },
35383
+ { name: "deadline", type: "uint256" },
35384
+ { name: "ownerSig", type: "bytes" }
35378
35385
  ],
35379
35386
  outputs: []
35380
35387
  },
@@ -35425,6 +35432,32 @@ var SailKernelAbi = [
35425
35432
  ],
35426
35433
  outputs: []
35427
35434
  },
35435
+ // ── Session kill switch ───────────────────────────────────────────────────
35436
+ // Suspend/resume manager dispatch rights. Both are permissionSigner-signed
35437
+ // (RevokeSession/ActivateSession EIP-712, nonce = signerNonces[account]) and
35438
+ // rotate the manager/batch nonce epochs so any pre-signed dispatch is invalidated.
35439
+ {
35440
+ type: "function",
35441
+ name: "revokeSession",
35442
+ stateMutability: "nonpayable",
35443
+ inputs: [
35444
+ { name: "account", type: "address" },
35445
+ { name: "deadline", type: "uint256" },
35446
+ { name: "sig", type: "bytes" }
35447
+ ],
35448
+ outputs: []
35449
+ },
35450
+ {
35451
+ type: "function",
35452
+ name: "activateSession",
35453
+ stateMutability: "nonpayable",
35454
+ inputs: [
35455
+ { name: "account", type: "address" },
35456
+ { name: "deadline", type: "uint256" },
35457
+ { name: "sig", type: "bytes" }
35458
+ ],
35459
+ outputs: []
35460
+ },
35428
35461
  // ── Manager dispatch ──────────────────────────────────────────────────────
35429
35462
  {
35430
35463
  type: "function",
@@ -35564,6 +35597,7 @@ var SailKernelAbi = [
35564
35597
  { name: "permissionSigner", type: "address" },
35565
35598
  { name: "manager", type: "address" },
35566
35599
  { name: "feePolicy", type: "address" },
35600
+ { name: "feeAsset", type: "address" },
35567
35601
  { name: "sessionActive", type: "bool" }
35568
35602
  ]
35569
35603
  },
@@ -35903,122 +35937,6 @@ function getSailDeployment(chainId) {
35903
35937
  return deployment;
35904
35938
  }
35905
35939
 
35906
- // ../sdk/dist/errors.js
35907
- init_esm2();
35908
- var KERNEL_ERROR_SIGNATURES = [
35909
- "error AccountAlreadyRegistered(address account)",
35910
- "error AccountNotRegistered(address account)",
35911
- "error AccountSelfTarget()",
35912
- "error ArrayLengthMismatch()",
35913
- "error BatchPermissionDenied()",
35914
- "error BatchSubcallFailed(uint256 index, address target)",
35915
- "error BatchTooLong(uint256 length)",
35916
- "error BatchZeroTarget(uint256 index)",
35917
- "error DeadlineExpired(uint256 deadline, uint256 current)",
35918
- "error DistributorBpsTooLarge(uint256 bps)",
35919
- "error EmptyBatch()",
35920
- "error FeePolicyNotSet()",
35921
- "error FeeTokenMismatch(address provided, address expected)",
35922
- "error FeeTooLarge(uint256 requested, uint256 maxAllowed)",
35923
- "error FeeTransferFailed()",
35924
- "error InsufficientFee(uint256 required, uint256 provided)",
35925
- "error InvalidInitializer()",
35926
- "error InvalidManagerSignature()",
35927
- "error InvalidSignerSignature()",
35928
- "error KernelSelfTarget(uint256 index)",
35929
- // SAIL-405: setManager rejects a no-op rotation (newManager == current).
35930
- "error ManagerUnchanged()",
35931
- "error ModuleNotEnabled()",
35932
- // Present in the deployed conjunctive kernel; dropped in the latest source.
35933
- "error NoPermissionsRegistered(address account)",
35934
- "error NotAContract(address addr)",
35935
- "error NotGovernance()",
35936
- "error NotManager(address caller, address expected)",
35937
- "error NotPermissionSigner()",
35938
- "error NotTimelock()",
35939
- "error PermissionAlreadyRegistered(address permission)",
35940
- "error PermissionDenied(address permission)",
35941
- "error PermissionNotBatchAware(address permission)",
35942
- "error PermissionNotRegistered(address permission)",
35943
- "error ProtocolPaused()",
35944
- "error SafeExecutionFailed()",
35945
- "error SessionInactive(address account)",
35946
- "error TooManyPermissions(address account, uint256 limit)",
35947
- "error UntrustedFactory(address factory)",
35948
- "error UntrustedFeePolicy(address policy)",
35949
- "error UntrustedModuleSetup(address setup)",
35950
- "error UntrustedProxyCodehash(bytes32 codehash)",
35951
- "error UntrustedSingleton(address singleton)",
35952
- "error ZeroAddress()",
35953
- "error ZeroFee()"
35954
- ];
35955
- var KERNEL_ERROR_ABI = parseAbi(KERNEL_ERROR_SIGNATURES);
35956
- var ERROR_HINTS = {
35957
- InvalidManagerSignature: "The manager's EIP-712 Dispatch signature did not recover to the registered manager. Most common cause: a stale manager nonce (the kernel's managerNonces advanced between signing and submission \u2014 e.g. a load-balanced RPC returned a lagging value, or two dispatches were signed against the same nonce). Re-read managerNonces and re-sign, or track the nonce locally and increment it across sequential dispatches. Can also mean the wrong EIP-712 Dispatch type was used for this kernel version \u2014 see detectKernelCapabilities.",
35958
- PermissionDenied: "A registered permission's evaluate() returned false (or reverted / ran out of gas) for this call. In a conjunctive kernel EVERY registered permission must approve EVERY call, so a permission that does not pass through calls outside its own domain will block unrelated dispatches. Check that each permission either matches this call or returns true for calls it doesn't govern.",
35959
- NoPermissionsRegistered: "The account has zero registered permissions, so the kernel denies by default. Register at least one permission (kernel.registerPermission / registerPermissions) before dispatching.",
35960
- PermissionNotRegistered: "The named permission is not registered for this account. Register it first, or (on a conjunctive kernel) drop the permission argument \u2014 that kernel checks all registered permissions automatically.",
35961
- SessionInactive: "The manager's session is revoked. Re-activate it (session.activate) before dispatching.",
35962
- DeadlineExpired: "The signature deadline is in the past. Use a deadline comfortably ahead of block.timestamp.",
35963
- SafeExecutionFailed: "The underlying Safe module call reverted. The permission passed, but the target call itself failed (e.g. slippage too tight, insufficient allowance/balance, or a failing swap route).",
35964
- ModuleNotEnabled: "The Sail module is not enabled on the Safe. Complete account onboarding (enable the module) first.",
35965
- ProtocolPaused: "The protocol is paused by governance. Dispatches are blocked until it is unpaused.",
35966
- NotManager: "The submitting address is not the registered manager for this account.",
35967
- TooManyPermissions: "Registering this permission would exceed the kernel's per-account permission cap. Revoke an unused permission first."
35968
- };
35969
- async function decode2(data) {
35970
- const { decodeErrorResult: decodeErrorResult2 } = await Promise.resolve().then(() => (init_esm2(), esm_exports2));
35971
- try {
35972
- const decoded = decodeErrorResult2({ abi: KERNEL_ERROR_ABI, data });
35973
- const name = decoded.errorName;
35974
- const args = decoded.args ?? [];
35975
- const selector = data.slice(0, 10);
35976
- const hint = ERROR_HINTS[name];
35977
- const argStr = args.length ? `(${args.map(String).join(", ")})` : "()";
35978
- const message = hint ? `${name}${argStr} \u2014 ${hint}` : `${name}${argStr}`;
35979
- return { name, args, selector, hint, message };
35980
- } catch {
35981
- return null;
35982
- }
35983
- }
35984
- function decodeKernelError(data) {
35985
- if (!data || data === "0x")
35986
- return Promise.resolve(null);
35987
- return decode2(data);
35988
- }
35989
- async function explainKernelRevert(err) {
35990
- const data = extractRevertData(err);
35991
- if (!data)
35992
- return null;
35993
- return decodeKernelError(data);
35994
- }
35995
- function extractRevertData(err) {
35996
- const seen = /* @__PURE__ */ new Set();
35997
- let cursor = err;
35998
- let depth = 0;
35999
- while (cursor && typeof cursor === "object" && !seen.has(cursor) && depth < 12) {
36000
- seen.add(cursor);
36001
- depth++;
36002
- const obj = cursor;
36003
- const data = obj["data"];
36004
- if (typeof data === "string" && data.startsWith("0x") && data.length >= 10) {
36005
- return data;
36006
- }
36007
- if (data && typeof data === "object") {
36008
- const inner = data["data"];
36009
- if (typeof inner === "string" && inner.startsWith("0x") && inner.length >= 10) {
36010
- return inner;
36011
- }
36012
- }
36013
- const raw = obj["raw"];
36014
- if (typeof raw === "string" && raw.startsWith("0x") && raw.length >= 10) {
36015
- return raw;
36016
- }
36017
- cursor = obj["cause"];
36018
- }
36019
- return null;
36020
- }
36021
-
36022
35940
  // ../sdk/dist/eip712.js
36023
35941
  init_esm2();
36024
35942
  function sailKernelDomain(args) {
@@ -36156,6 +36074,197 @@ function buildRegisterPermissionsBatchTypedData(args) {
36156
36074
  }
36157
36075
  };
36158
36076
  }
36077
+ var TEMPLATE_EIP712_DOMAIN_ABI = [
36078
+ {
36079
+ type: "function",
36080
+ name: "eip712Domain",
36081
+ stateMutability: "view",
36082
+ inputs: [],
36083
+ outputs: [
36084
+ { name: "fields", type: "bytes1" },
36085
+ { name: "name", type: "string" },
36086
+ { name: "version", type: "string" },
36087
+ { name: "chainId", type: "uint256" },
36088
+ { name: "verifyingContract", type: "address" },
36089
+ { name: "salt", type: "bytes32" },
36090
+ { name: "extensions", type: "uint256[]" }
36091
+ ]
36092
+ }
36093
+ ];
36094
+ var REGISTRATION_EPOCH_ABI = [
36095
+ {
36096
+ type: "function",
36097
+ name: "registrationEpoch",
36098
+ stateMutability: "view",
36099
+ inputs: [
36100
+ { name: "account", type: "address" },
36101
+ { name: "permission", type: "address" }
36102
+ ],
36103
+ outputs: [{ type: "uint256" }]
36104
+ }
36105
+ ];
36106
+ var CONFIGURE_FIELDS_V1 = [
36107
+ { name: "account", type: "address" },
36108
+ { name: "paramsHash", type: "bytes32" },
36109
+ { name: "nonce", type: "uint256" },
36110
+ { name: "deadline", type: "uint256" }
36111
+ ];
36112
+ var CONFIGURE_FIELDS_V2 = [...CONFIGURE_FIELDS_V1, { name: "epoch", type: "uint256" }];
36113
+ async function buildConfigureTypedData(args) {
36114
+ const [, name, version4, chainId] = await args.publicClient.readContract({
36115
+ address: args.template,
36116
+ abi: TEMPLATE_EIP712_DOMAIN_ABI,
36117
+ functionName: "eip712Domain"
36118
+ });
36119
+ if (version4 !== "1" && version4 !== "2") {
36120
+ throw new Error(`Unsupported template EIP-712 domain version "${version4}" for ${args.template}. This SDK signs Configure schema v1 or v2; upgrade the SDK for newer templates.`);
36121
+ }
36122
+ const isV2 = version4 === "2";
36123
+ const message = {
36124
+ account: args.account,
36125
+ paramsHash: keccak256(args.params),
36126
+ nonce: args.nonce.toString(),
36127
+ deadline: args.deadline.toString()
36128
+ };
36129
+ if (isV2) {
36130
+ const epoch = await args.publicClient.readContract({
36131
+ address: args.kernel,
36132
+ abi: REGISTRATION_EPOCH_ABI,
36133
+ functionName: "registrationEpoch",
36134
+ args: [args.account, args.template]
36135
+ });
36136
+ message.epoch = epoch.toString();
36137
+ }
36138
+ return {
36139
+ domain: {
36140
+ name,
36141
+ version: version4,
36142
+ chainId: Number(chainId),
36143
+ verifyingContract: args.template
36144
+ },
36145
+ types: {
36146
+ Configure: isV2 ? CONFIGURE_FIELDS_V2 : CONFIGURE_FIELDS_V1
36147
+ },
36148
+ primaryType: "Configure",
36149
+ message
36150
+ };
36151
+ }
36152
+
36153
+ // ../sdk/dist/errors.js
36154
+ init_esm2();
36155
+ var KERNEL_ERROR_SIGNATURES = [
36156
+ "error AccountAlreadyRegistered(address account)",
36157
+ "error AccountNotRegistered(address account)",
36158
+ "error AccountSelfTarget()",
36159
+ "error ArrayLengthMismatch()",
36160
+ "error BatchPermissionDenied()",
36161
+ "error BatchSubcallFailed(uint256 index, address target)",
36162
+ "error BatchTooLong(uint256 length)",
36163
+ "error BatchZeroTarget(uint256 index)",
36164
+ "error DeadlineExpired(uint256 deadline, uint256 current)",
36165
+ "error DistributorBpsTooLarge(uint256 bps)",
36166
+ "error EmptyBatch()",
36167
+ "error FeePolicyNotSet()",
36168
+ "error FeeTokenMismatch(address provided, address expected)",
36169
+ "error FeeTooLarge(uint256 requested, uint256 maxAllowed)",
36170
+ "error FeeTransferFailed()",
36171
+ "error InsufficientFee(uint256 required, uint256 provided)",
36172
+ "error InvalidInitializer()",
36173
+ "error InvalidManagerSignature()",
36174
+ "error InvalidSignerSignature()",
36175
+ "error KernelSelfTarget(uint256 index)",
36176
+ // SAIL-405: setManager rejects a no-op rotation (newManager == current).
36177
+ "error ManagerUnchanged()",
36178
+ "error ModuleNotEnabled()",
36179
+ // Present in the deployed conjunctive kernel; dropped in the latest source.
36180
+ "error NoPermissionsRegistered(address account)",
36181
+ "error NotAContract(address addr)",
36182
+ "error NotGovernance()",
36183
+ "error NotManager(address caller, address expected)",
36184
+ "error NotPermissionSigner()",
36185
+ "error NotTimelock()",
36186
+ "error PermissionAlreadyRegistered(address permission)",
36187
+ "error PermissionDenied(address permission)",
36188
+ "error PermissionNotBatchAware(address permission)",
36189
+ "error PermissionNotRegistered(address permission)",
36190
+ "error ProtocolPaused()",
36191
+ "error SafeExecutionFailed()",
36192
+ "error SessionInactive(address account)",
36193
+ "error TooManyPermissions(address account, uint256 limit)",
36194
+ "error UntrustedFactory(address factory)",
36195
+ "error UntrustedFeePolicy(address policy)",
36196
+ "error UntrustedModuleSetup(address setup)",
36197
+ "error UntrustedProxyCodehash(bytes32 codehash)",
36198
+ "error UntrustedSingleton(address singleton)",
36199
+ "error ZeroAddress()",
36200
+ "error ZeroFee()"
36201
+ ];
36202
+ var KERNEL_ERROR_ABI = parseAbi(KERNEL_ERROR_SIGNATURES);
36203
+ var ERROR_HINTS = {
36204
+ InvalidManagerSignature: "The manager's EIP-712 Dispatch signature did not recover to the registered manager. Most common cause: a stale manager nonce (the kernel's managerNonces advanced between signing and submission \u2014 e.g. a load-balanced RPC returned a lagging value, or two dispatches were signed against the same nonce). Re-read managerNonces and re-sign, or track the nonce locally and increment it across sequential dispatches. Can also mean the wrong EIP-712 Dispatch type was used for this kernel version \u2014 see detectKernelCapabilities.",
36205
+ PermissionDenied: "A registered permission's evaluate() returned false (or reverted / ran out of gas) for this call. In a conjunctive kernel EVERY registered permission must approve EVERY call, so a permission that does not pass through calls outside its own domain will block unrelated dispatches. Check that each permission either matches this call or returns true for calls it doesn't govern.",
36206
+ NoPermissionsRegistered: "The account has zero registered permissions, so the kernel denies by default. Register at least one permission (kernel.registerPermission / registerPermissions) before dispatching.",
36207
+ PermissionNotRegistered: "The named permission is not registered for this account. Register it first, or (on a conjunctive kernel) drop the permission argument \u2014 that kernel checks all registered permissions automatically.",
36208
+ SessionInactive: "The manager's session is revoked. Re-activate it (session.activate) before dispatching.",
36209
+ DeadlineExpired: "The signature deadline is in the past. Use a deadline comfortably ahead of block.timestamp.",
36210
+ SafeExecutionFailed: "The underlying Safe module call reverted. The permission passed, but the target call itself failed (e.g. slippage too tight, insufficient allowance/balance, or a failing swap route).",
36211
+ ModuleNotEnabled: "The Sail module is not enabled on the Safe. Complete account onboarding (enable the module) first.",
36212
+ ProtocolPaused: "The protocol is paused by governance. Dispatches are blocked until it is unpaused.",
36213
+ NotManager: "The submitting address is not the registered manager for this account.",
36214
+ TooManyPermissions: "Registering this permission would exceed the kernel's per-account permission cap. Revoke an unused permission first."
36215
+ };
36216
+ async function decode2(data) {
36217
+ const { decodeErrorResult: decodeErrorResult2 } = await Promise.resolve().then(() => (init_esm2(), esm_exports2));
36218
+ try {
36219
+ const decoded = decodeErrorResult2({ abi: KERNEL_ERROR_ABI, data });
36220
+ const name = decoded.errorName;
36221
+ const args = decoded.args ?? [];
36222
+ const selector = data.slice(0, 10);
36223
+ const hint = ERROR_HINTS[name];
36224
+ const argStr = args.length ? `(${args.map(String).join(", ")})` : "()";
36225
+ const message = hint ? `${name}${argStr} \u2014 ${hint}` : `${name}${argStr}`;
36226
+ return { name, args, selector, hint, message };
36227
+ } catch {
36228
+ return null;
36229
+ }
36230
+ }
36231
+ function decodeKernelError(data) {
36232
+ if (!data || data === "0x")
36233
+ return Promise.resolve(null);
36234
+ return decode2(data);
36235
+ }
36236
+ async function explainKernelRevert(err) {
36237
+ const data = extractRevertData(err);
36238
+ if (!data)
36239
+ return null;
36240
+ return decodeKernelError(data);
36241
+ }
36242
+ function extractRevertData(err) {
36243
+ const seen = /* @__PURE__ */ new Set();
36244
+ let cursor = err;
36245
+ let depth = 0;
36246
+ while (cursor && typeof cursor === "object" && !seen.has(cursor) && depth < 12) {
36247
+ seen.add(cursor);
36248
+ depth++;
36249
+ const obj = cursor;
36250
+ const data = obj["data"];
36251
+ if (typeof data === "string" && data.startsWith("0x") && data.length >= 10) {
36252
+ return data;
36253
+ }
36254
+ if (data && typeof data === "object") {
36255
+ const inner = data["data"];
36256
+ if (typeof inner === "string" && inner.startsWith("0x") && inner.length >= 10) {
36257
+ return inner;
36258
+ }
36259
+ }
36260
+ const raw = obj["raw"];
36261
+ if (typeof raw === "string" && raw.startsWith("0x") && raw.length >= 10) {
36262
+ return raw;
36263
+ }
36264
+ cursor = obj["cause"];
36265
+ }
36266
+ return null;
36267
+ }
36159
36268
 
36160
36269
  // ../sdk/dist/lifi.js
36161
36270
  init_esm2();
@@ -36223,6 +36332,27 @@ function buildPublicClient(config) {
36223
36332
  function defaultDeadline() {
36224
36333
  return BigInt(Math.floor(Date.now() / 1e3) + 300);
36225
36334
  }
36335
+ var CONFIGURABLE_PERMISSION_ABI = [
36336
+ {
36337
+ type: "function",
36338
+ name: "configNonces",
36339
+ stateMutability: "view",
36340
+ inputs: [{ name: "account", type: "address" }],
36341
+ outputs: [{ type: "uint256" }]
36342
+ },
36343
+ {
36344
+ type: "function",
36345
+ name: "configure",
36346
+ stateMutability: "nonpayable",
36347
+ inputs: [
36348
+ { name: "account", type: "address" },
36349
+ { name: "params", type: "bytes" },
36350
+ { name: "deadline", type: "uint256" },
36351
+ { name: "sig", type: "bytes" }
36352
+ ],
36353
+ outputs: []
36354
+ }
36355
+ ];
36226
36356
  var DEFAULT_DISPATCH_GAS = 2000000n;
36227
36357
  function delay(ms) {
36228
36358
  return new Promise((resolve3) => setTimeout(resolve3, ms));
@@ -36379,8 +36509,47 @@ var MandateNamespace = class extends KernelNamespace {
36379
36509
  value: 0n
36380
36510
  });
36381
36511
  }
36382
- reconfigure(_safe, _template, _params, _signer) {
36383
- return notImplemented();
36512
+ /**
36513
+ * Re-configure the per-account bounds of an already-registered shared template.
36514
+ * The permission signer signs the template's `Configure` EIP-712 struct — built by
36515
+ * `buildConfigureTypedData`, which reads the template's live ERC-5267 domain and emits
36516
+ * the v1 or v2 (epoch-bound) schema to match whatever is deployed — and the attached
36517
+ * wallet submits `configure(account, params, deadline, sig)`.
36518
+ *
36519
+ * The config nonce is read fresh on-chain immediately before signing (the template
36520
+ * increments it only after a successful verify), so a re-config never reuses a stale nonce.
36521
+ */
36522
+ async reconfigure(safe, template, params, signer) {
36523
+ const kernel = this.requireKernel();
36524
+ const wallet = this.requireSigner();
36525
+ const encoded = template.encoder.encode(params);
36526
+ const deadline = defaultDeadline();
36527
+ const nonce = await this.publicClient.readContract({
36528
+ address: template.address,
36529
+ abi: CONFIGURABLE_PERMISSION_ABI,
36530
+ functionName: "configNonces",
36531
+ args: [safe]
36532
+ });
36533
+ const td = await buildConfigureTypedData({
36534
+ publicClient: this.publicClient,
36535
+ kernel,
36536
+ template: template.address,
36537
+ account: safe,
36538
+ params: encoded,
36539
+ nonce,
36540
+ deadline
36541
+ });
36542
+ const sig = await signer.signTyped(td.domain, { primaryType: td.primaryType, types: td.types }, td.message);
36543
+ const txHash = await wallet.writeContract({
36544
+ address: template.address,
36545
+ abi: CONFIGURABLE_PERMISSION_ABI,
36546
+ functionName: "configure",
36547
+ args: [safe, encoded, deadline, sig]
36548
+ });
36549
+ const receipt = await this.publicClient.waitForTransactionReceipt({ hash: txHash });
36550
+ if (receipt.status !== "success") {
36551
+ throw new Error(`configure reverted (tx ${txHash})`);
36552
+ }
36384
36553
  }
36385
36554
  replace(_safe, _oldTemplate, _newTemplate, _params, _signer) {
36386
36555
  return notImplemented();
@@ -36679,14 +36848,67 @@ var StrategyNamespace = class extends KernelNamespace {
36679
36848
  }
36680
36849
  };
36681
36850
  var SessionNamespace = class extends KernelNamespace {
36682
- revoke(_safe, _signer) {
36683
- return notImplemented();
36851
+ /**
36852
+ * Suspend (`revokeSession`) or resume (`activateSession`) the manager's dispatch rights.
36853
+ * Both are permissionSigner-signed over the RevokeSession/ActivateSession EIP-712 struct,
36854
+ * with `nonce` read fresh from `signerNonces[account]` immediately before signing — the
36855
+ * kernel bumps that nonce by a full epoch on revoke (#70), so it must never be cached. The
36856
+ * kernel also rotates the manager/batch nonce epochs, invalidating any pre-signed dispatch.
36857
+ */
36858
+ async revoke(safe, signer) {
36859
+ await this.#submitSessionOp(safe, signer, "RevokeSession", "revokeSession");
36684
36860
  }
36685
- activate(_safe, _signer) {
36686
- return notImplemented();
36861
+ async activate(safe, signer) {
36862
+ await this.#submitSessionOp(safe, signer, "ActivateSession", "activateSession");
36687
36863
  }
36688
- status(_safe) {
36689
- return notImplemented();
36864
+ async #submitSessionOp(safe, signer, primaryType, fn) {
36865
+ const kernel = this.requireKernel();
36866
+ const wallet = this.requireSigner();
36867
+ const deadline = defaultDeadline();
36868
+ const nonce = await this.publicClient.readContract({
36869
+ address: kernel,
36870
+ abi: SailKernelAbi,
36871
+ functionName: "signerNonces",
36872
+ args: [safe]
36873
+ });
36874
+ const sig = await signer.signTyped(sailKernelDomain({ chainId: this.config.chainId, kernel }), {
36875
+ primaryType,
36876
+ types: {
36877
+ [primaryType]: [
36878
+ { name: "account", type: "address" },
36879
+ { name: "nonce", type: "uint256" },
36880
+ { name: "deadline", type: "uint256" }
36881
+ ]
36882
+ }
36883
+ }, { account: safe, nonce, deadline });
36884
+ const txHash = await wallet.writeContract({
36885
+ address: kernel,
36886
+ abi: SailKernelAbi,
36887
+ functionName: fn,
36888
+ args: [safe, deadline, sig]
36889
+ });
36890
+ const receipt = await this.publicClient.waitForTransactionReceipt({ hash: txHash });
36891
+ if (receipt.status !== "success") {
36892
+ throw new Error(`${fn} reverted (tx ${txHash})`);
36893
+ }
36894
+ }
36895
+ async status(safe) {
36896
+ const kernel = this.requireKernel();
36897
+ const cfg = await this.publicClient.readContract({
36898
+ address: kernel,
36899
+ abi: SailKernelAbi,
36900
+ functionName: "configs",
36901
+ args: [safe]
36902
+ });
36903
+ return {
36904
+ safe,
36905
+ active: cfg[4],
36906
+ manager: cfg[1],
36907
+ // Block-level markers require an event scan; expose live active/manager state and
36908
+ // leave the historical timestamps null.
36909
+ activatedAtBlock: null,
36910
+ revokedAtBlock: null
36911
+ };
36690
36912
  }
36691
36913
  };
36692
36914
  var FeesNamespace = class extends KernelNamespace {
@@ -44715,7 +44937,7 @@ async function scan(options) {
44715
44937
  args: [address]
44716
44938
  })
44717
44939
  ]);
44718
- const [permissionSigner, manager, , sessionActive] = config;
44940
+ const [permissionSigner, manager, , , sessionActive] = config;
44719
44941
  smas.push({ address, registered: true, manager, permissionSigner, sessionActive, mandates });
44720
44942
  } catch (err) {
44721
44943
  smas.push({
@@ -39440,6 +39440,10 @@ var SailKernelAbi = [
39440
39440
  ],
39441
39441
  outputs: [{ name: "account", type: "address" }]
39442
39442
  },
39443
+ // Post-#53: two-step registration. Requires msg.sender == the Safe (trusted-proxy
39444
+ // codehash + trusted-singleton pin) and a Safe owner signature over the
39445
+ // RegisterAccount EIP-712 digest (verified via checkSignatures). Must be submitted
39446
+ // through the Safe's execTransaction, not the owner EOA. See buildRegisterAccountTypedData.
39443
39447
  {
39444
39448
  type: "function",
39445
39449
  name: "registerAccount",
@@ -39447,7 +39451,10 @@ var SailKernelAbi = [
39447
39451
  inputs: [
39448
39452
  { name: "permissionSigner", type: "address" },
39449
39453
  { name: "manager", type: "address" },
39450
- { name: "feePolicy", type: "address" }
39454
+ { name: "feePolicy", type: "address" },
39455
+ { name: "feeAsset", type: "address" },
39456
+ { name: "deadline", type: "uint256" },
39457
+ { name: "ownerSig", type: "bytes" }
39451
39458
  ],
39452
39459
  outputs: []
39453
39460
  },
@@ -39498,6 +39505,32 @@ var SailKernelAbi = [
39498
39505
  ],
39499
39506
  outputs: []
39500
39507
  },
39508
+ // ── Session kill switch ───────────────────────────────────────────────────
39509
+ // Suspend/resume manager dispatch rights. Both are permissionSigner-signed
39510
+ // (RevokeSession/ActivateSession EIP-712, nonce = signerNonces[account]) and
39511
+ // rotate the manager/batch nonce epochs so any pre-signed dispatch is invalidated.
39512
+ {
39513
+ type: "function",
39514
+ name: "revokeSession",
39515
+ stateMutability: "nonpayable",
39516
+ inputs: [
39517
+ { name: "account", type: "address" },
39518
+ { name: "deadline", type: "uint256" },
39519
+ { name: "sig", type: "bytes" }
39520
+ ],
39521
+ outputs: []
39522
+ },
39523
+ {
39524
+ type: "function",
39525
+ name: "activateSession",
39526
+ stateMutability: "nonpayable",
39527
+ inputs: [
39528
+ { name: "account", type: "address" },
39529
+ { name: "deadline", type: "uint256" },
39530
+ { name: "sig", type: "bytes" }
39531
+ ],
39532
+ outputs: []
39533
+ },
39501
39534
  // ── Manager dispatch ──────────────────────────────────────────────────────
39502
39535
  {
39503
39536
  type: "function",
@@ -39637,6 +39670,7 @@ var SailKernelAbi = [
39637
39670
  { name: "permissionSigner", type: "address" },
39638
39671
  { name: "manager", type: "address" },
39639
39672
  { name: "feePolicy", type: "address" },
39673
+ { name: "feeAsset", type: "address" },
39640
39674
  { name: "sessionActive", type: "bool" }
39641
39675
  ]
39642
39676
  },
@@ -51266,7 +51300,7 @@ function startServer(sailDir, { port = PORT } = {}) {
51266
51300
  client.readContract({ address: kernel, abi: SailKernelAbi, functionName: "getPermissions", args: [safe] }),
51267
51301
  client.getBalance({ address: safe })
51268
51302
  ]);
51269
- const [permissionSigner, manager, , sessionActive] = configs;
51303
+ const [permissionSigner, manager, , , sessionActive] = configs;
51270
51304
  const managerSet = Boolean(manager) && getAddress(manager) !== zeroAddress2;
51271
51305
  const managerAddr = managerSet ? getAddress(manager) : localSigner;
51272
51306
  const knownManagerAddrs = (account.managers ?? []).map((a) => getAddress(a));
@@ -51,6 +51,15 @@ export declare const SailKernelAbi: readonly [{
51
51
  }, {
52
52
  readonly name: "feePolicy";
53
53
  readonly type: "address";
54
+ }, {
55
+ readonly name: "feeAsset";
56
+ readonly type: "address";
57
+ }, {
58
+ readonly name: "deadline";
59
+ readonly type: "uint256";
60
+ }, {
61
+ readonly name: "ownerSig";
62
+ readonly type: "bytes";
54
63
  }];
55
64
  readonly outputs: readonly [];
56
65
  }, {
@@ -107,6 +116,36 @@ export declare const SailKernelAbi: readonly [{
107
116
  readonly type: "bytes";
108
117
  }];
109
118
  readonly outputs: readonly [];
119
+ }, {
120
+ readonly type: "function";
121
+ readonly name: "revokeSession";
122
+ readonly stateMutability: "nonpayable";
123
+ readonly inputs: readonly [{
124
+ readonly name: "account";
125
+ readonly type: "address";
126
+ }, {
127
+ readonly name: "deadline";
128
+ readonly type: "uint256";
129
+ }, {
130
+ readonly name: "sig";
131
+ readonly type: "bytes";
132
+ }];
133
+ readonly outputs: readonly [];
134
+ }, {
135
+ readonly type: "function";
136
+ readonly name: "activateSession";
137
+ readonly stateMutability: "nonpayable";
138
+ readonly inputs: readonly [{
139
+ readonly name: "account";
140
+ readonly type: "address";
141
+ }, {
142
+ readonly name: "deadline";
143
+ readonly type: "uint256";
144
+ }, {
145
+ readonly name: "sig";
146
+ readonly type: "bytes";
147
+ }];
148
+ readonly outputs: readonly [];
110
149
  }, {
111
150
  readonly type: "function";
112
151
  readonly name: "dispatch";
@@ -310,6 +349,9 @@ export declare const SailKernelAbi: readonly [{
310
349
  }, {
311
350
  readonly name: "feePolicy";
312
351
  readonly type: "address";
352
+ }, {
353
+ readonly name: "feeAsset";
354
+ readonly type: "address";
313
355
  }, {
314
356
  readonly name: "sessionActive";
315
357
  readonly type: "bool";