@dev.sail.money/sailor 1.3.0-95 → 1.4.0-242
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +10 -7
- package/LICENSE +1 -1
- package/README.md +64 -472
- package/package.json +12 -8
- package/packages/cli/README.md +1 -1
- package/packages/cli/dist/index.cjs +1633 -535
- package/packages/cli/dist/server.cjs +19791 -21738
- package/packages/sdk/README.md +1 -1
- package/packages/sdk/dist/abis/ConfigurablePermission.d.ts +130 -0
- package/packages/sdk/dist/abis/ConfigurablePermission.d.ts.map +1 -0
- package/packages/sdk/dist/abis/ConfigurablePermission.js +79 -0
- package/packages/sdk/dist/abis/ConfigurablePermission.js.map +1 -0
- package/packages/sdk/dist/abis/SailGovernance.d.ts +6 -5
- package/packages/sdk/dist/abis/SailGovernance.d.ts.map +1 -1
- package/packages/sdk/dist/abis/SailGovernance.js +6 -5
- package/packages/sdk/dist/abis/SailGovernance.js.map +1 -1
- package/packages/sdk/dist/abis/SailKernel.d.ts +42 -0
- package/packages/sdk/dist/abis/SailKernel.d.ts.map +1 -1
- package/packages/sdk/dist/abis/SailKernel.js +34 -0
- package/packages/sdk/dist/abis/SailKernel.js.map +1 -1
- package/packages/sdk/dist/abis/index.d.ts +1 -0
- package/packages/sdk/dist/abis/index.d.ts.map +1 -1
- package/packages/sdk/dist/abis/index.js +1 -0
- package/packages/sdk/dist/abis/index.js.map +1 -1
- package/packages/sdk/dist/chains.d.ts +0 -7
- package/packages/sdk/dist/chains.d.ts.map +1 -1
- package/packages/sdk/dist/chains.js +81 -32
- package/packages/sdk/dist/chains.js.map +1 -1
- package/packages/sdk/dist/client.d.ts +1 -1
- package/packages/sdk/dist/client.d.ts.map +1 -1
- package/packages/sdk/dist/client.js +137 -16
- package/packages/sdk/dist/client.js.map +1 -1
- package/packages/sdk/dist/deployments.d.ts +6 -4
- package/packages/sdk/dist/deployments.d.ts.map +1 -1
- package/packages/sdk/dist/deployments.js +120 -118
- package/packages/sdk/dist/deployments.js.map +1 -1
- package/packages/sdk/dist/eip712.d.ts +84 -0
- package/packages/sdk/dist/eip712.d.ts.map +1 -1
- package/packages/sdk/dist/eip712.js +148 -0
- package/packages/sdk/dist/eip712.js.map +1 -1
- package/packages/sdk/dist/fees.d.ts +59 -10
- package/packages/sdk/dist/fees.d.ts.map +1 -1
- package/packages/sdk/dist/fees.js +74 -41
- package/packages/sdk/dist/fees.js.map +1 -1
- package/packages/sdk/dist/index.d.ts +5 -3
- package/packages/sdk/dist/index.d.ts.map +1 -1
- package/packages/sdk/dist/index.js +4 -3
- package/packages/sdk/dist/index.js.map +1 -1
- package/packages/sdk/dist/intelligence.d.ts +7 -2
- package/packages/sdk/dist/intelligence.d.ts.map +1 -1
- package/packages/sdk/dist/intelligence.js +2 -2
- package/packages/sdk/dist/intelligence.js.map +1 -1
- package/packages/sdk/dist/safe.d.ts +49 -0
- package/packages/sdk/dist/safe.d.ts.map +1 -1
- package/packages/sdk/dist/safe.js +74 -0
- package/packages/sdk/dist/safe.js.map +1 -1
- package/packages/sdk/dist/signing.d.ts +14 -0
- package/packages/sdk/dist/signing.d.ts.map +1 -1
- package/packages/sdk/package.json +6 -2
- package/packages/ui/dist/assets/{add-CLs0-B0p.js → add-CBbu2pe_.js} +2 -2
- package/packages/ui/dist/assets/{all-wallets-CDOk28sj.js → all-wallets-C1oy4NUu.js} +2 -2
- package/packages/ui/dist/assets/{app-store-DVzpi1qN.js → app-store-DKqyf0Zv.js} +1 -1
- package/packages/ui/dist/assets/{apple-C9U9iH1l.js → apple-DyoIbCFy.js} +2 -2
- package/packages/ui/dist/assets/{arrow-bottom-circle-jxial9Si.js → arrow-bottom-circle-CMS-OqZQ.js} +2 -2
- package/packages/ui/dist/assets/arrow-bottom-pUWeEqYu.js +8 -0
- package/packages/ui/dist/assets/arrow-left-B81HMJNL.js +8 -0
- package/packages/ui/dist/assets/arrow-right-Z5czoKlC.js +8 -0
- package/packages/ui/dist/assets/arrow-top-C6ym1oll.js +8 -0
- package/packages/ui/dist/assets/{bank-B98it1qN.js → bank-B41nlslf.js} +2 -2
- package/packages/ui/dist/assets/{basic-DsgeyPNu.js → basic-CWqOb7CV.js} +177 -177
- package/packages/ui/dist/assets/{browser-j4vCeHwE.js → browser-DDKdqoZ9.js} +2 -2
- package/packages/ui/dist/assets/{card-CzxbMvEd.js → card-BgOmTajq.js} +2 -2
- package/packages/ui/dist/assets/ccip-CtJUKWRd.js +1 -0
- package/packages/ui/dist/assets/{checkmark-D5sWBbk3.js → checkmark-CGqQipH4.js} +2 -2
- package/packages/ui/dist/assets/{checkmark-bold-BW6w3KCC.js → checkmark-bold-Ci5xf90j.js} +2 -2
- package/packages/ui/dist/assets/chevron-bottom-D7Xert17.js +8 -0
- package/packages/ui/dist/assets/chevron-left-BGbUebR2.js +8 -0
- package/packages/ui/dist/assets/chevron-right-xVsESnHU.js +8 -0
- package/packages/ui/dist/assets/chevron-top-DEA9cR6v.js +8 -0
- package/packages/ui/dist/assets/{chrome-store-B1OMtzC-.js → chrome-store-BsyI-4PI.js} +2 -2
- package/packages/ui/dist/assets/{clock-e0HueehS.js → clock-Dct9oQ3M.js} +2 -2
- package/packages/ui/dist/assets/{close-Cy1ytr26.js → close-BvSCnI2y.js} +2 -2
- package/packages/ui/dist/assets/{coinPlaceholder-DqJu3ZPV.js → coinPlaceholder-p7RiWkon.js} +2 -2
- package/packages/ui/dist/assets/{compass-XDz_N2Hg.js → compass-BUeeZqX4.js} +2 -2
- package/packages/ui/dist/assets/{copy-DmDo3Nob.js → copy-C5jXbxLq.js} +2 -2
- package/packages/ui/dist/assets/core-CiAm42Mq.js +907 -0
- package/packages/ui/dist/assets/cursor-C0T7JWFO.js +3 -0
- package/packages/ui/dist/assets/{cursor-transparent-DF2aA10D.js → cursor-transparent-BZp3-JmA.js} +2 -2
- package/packages/ui/dist/assets/{desktop-CVydOWLn.js → desktop-BIui_Lzb.js} +2 -2
- package/packages/ui/dist/assets/{disconnect-BuN2Whnz.js → disconnect-B3Bxdchp.js} +2 -2
- package/packages/ui/dist/assets/{discord-DMNPvTB2.js → discord-VWI0yDyx.js} +2 -2
- package/packages/ui/dist/assets/{etherscan-CacW-93f.js → etherscan-BpBvUT9i.js} +2 -2
- package/packages/ui/dist/assets/events-DQ172AOg.js +1 -0
- package/packages/ui/dist/assets/{exclamation-triangle-B26hIvqO.js → exclamation-triangle-o1TJHIUw.js} +2 -2
- package/packages/ui/dist/assets/{extension-B7rI0gv7.js → extension-4RaLvbh5.js} +2 -2
- package/packages/ui/dist/assets/external-link-BHIwjDgj.js +8 -0
- package/packages/ui/dist/assets/{facebook-BDqbE6kl.js → facebook-Bes5g-wN.js} +2 -2
- package/packages/ui/dist/assets/{farcaster-zQ3oQzZ8.js → farcaster-CiJ-352m.js} +2 -2
- package/packages/ui/dist/assets/{filters-DCglZYsM.js → filters-DMOteumb.js} +2 -2
- package/packages/ui/dist/assets/{github-BH-BYjss.js → github-D2nDec9X.js} +2 -2
- package/packages/ui/dist/assets/{google-DYFWxZbC.js → google-lZZlQZPQ.js} +2 -2
- package/packages/ui/dist/assets/{help-circle-BXH_DtZ_.js → help-circle-D4cSSziR.js} +1 -1
- package/packages/ui/dist/assets/{id-Dr2yTeX1.js → id-BmhXZq5P.js} +2 -2
- package/packages/ui/dist/assets/{image-DeJey1Eg.js → image-Dz4FPeET.js} +2 -2
- package/packages/ui/dist/assets/index-B07bCKJ8.css +1 -0
- package/packages/ui/dist/assets/index-BV8s6ez1.js +1 -0
- package/packages/ui/dist/assets/index-BeUp3nOq.js +1 -0
- package/packages/ui/dist/assets/index-CvRylmZJ.js +16 -0
- package/packages/ui/dist/assets/{index-DVjAiPHI.js → index-DeoQO45V.js} +3 -3
- package/packages/ui/dist/assets/index-Et5S3ZaW.js +47 -0
- package/packages/ui/dist/assets/index-LiKeH8Cd.js +1780 -0
- package/packages/ui/dist/assets/index.es-dfpEui-9.js +26 -0
- package/packages/ui/dist/assets/{info-B91pD5Rw.js → info-77RSvIMg.js} +2 -2
- package/packages/ui/dist/assets/{info-circle-CySl3_on.js → info-circle-CWsII-NN.js} +2 -2
- package/packages/ui/dist/assets/{lightbulb-wwG8LQLo.js → lightbulb-BZXzm7XE.js} +2 -2
- package/packages/ui/dist/assets/{mail-D617YZ8y.js → mail-DMG1YqB0.js} +2 -2
- package/packages/ui/dist/assets/metamask-sdk-K1x_iqcc.js +542 -0
- package/packages/ui/dist/assets/{mobile-CD9KlA0m.js → mobile-DuJfOBSk.js} +2 -2
- package/packages/ui/dist/assets/{more-BQ_rpPXo.js → more-Cs9ySK2F.js} +2 -2
- package/packages/ui/dist/assets/{network-placeholder-BA7nl9e6.js → network-placeholder-CMDPmB1E.js} +2 -2
- package/packages/ui/dist/assets/{nftPlaceholder-D1EaaeDn.js → nftPlaceholder-Cj0f9y2u.js} +2 -2
- package/packages/ui/dist/assets/{off-DnGG35_w.js → off-9zSSsm-e.js} +2 -2
- package/packages/ui/dist/assets/{play-store-C5u2FvYB.js → play-store-CPwIb8Gj.js} +2 -2
- package/packages/ui/dist/assets/{plus-CM4xJkvI.js → plus-BOHQri8o.js} +2 -2
- package/packages/ui/dist/assets/{qr-code-kM3FUIdR.js → qr-code-DqhbK276.js} +1 -1
- package/packages/ui/dist/assets/{recycle-horizontal-DWrRWIBM.js → recycle-horizontal-BpGM56Qz.js} +2 -2
- package/packages/ui/dist/assets/{refresh-CztbjK2d.js → refresh-BPzZlhTP.js} +2 -2
- package/packages/ui/dist/assets/{reown-logo-DUHEIodF.js → reown-logo-OCkI0xzo.js} +2 -2
- package/packages/ui/dist/assets/{search-BJtb4mn1.js → search-B1JEJvwq.js} +2 -2
- package/packages/ui/dist/assets/{secp256k1-BjrTZpQx.js → secp256k1-BqUeV9Cb.js} +1 -1
- package/packages/ui/dist/assets/{send-B3_kavG1.js → send-JNsDlNoq.js} +2 -2
- package/packages/ui/dist/assets/{swapHorizontal-BrF9POiv.js → swapHorizontal-C3Z1FImK.js} +2 -2
- package/packages/ui/dist/assets/{swapHorizontalBold-Dgf8OjXj.js → swapHorizontalBold-Cmdy2iAn.js} +2 -2
- package/packages/ui/dist/assets/{swapHorizontalMedium-C6wX0JZj.js → swapHorizontalMedium-DFX57Nn9.js} +2 -2
- package/packages/ui/dist/assets/{swapHorizontalRoundedBold-DTAVw6oF.js → swapHorizontalRoundedBold-baB389c8.js} +2 -2
- package/packages/ui/dist/assets/{swapVertical-KGlTFNoi.js → swapVertical-DmAYGfK1.js} +2 -2
- package/packages/ui/dist/assets/{telegram-DnLrK-4y.js → telegram-BHbYE-nI.js} +2 -2
- package/packages/ui/dist/assets/{three-dots-C6_oMJfw.js → three-dots-BwRWl6qJ.js} +2 -2
- package/packages/ui/dist/assets/{twitch-DvPqPD4f.js → twitch-Drx0q6B6.js} +2 -2
- package/packages/ui/dist/assets/{twitterIcon-BZdk82Am.js → twitterIcon-AuJ2KQ6p.js} +2 -2
- package/packages/ui/dist/assets/{verify-CbESD5G0.js → verify-Dkrd3q7o.js} +2 -2
- package/packages/ui/dist/assets/{verify-filled-BRjTrLxw.js → verify-filled-B9e3-nz-.js} +2 -2
- package/packages/ui/dist/assets/{w3m-modal-D9b2TGHc.js → w3m-modal-DtkEjQA7.js} +1 -1
- package/packages/ui/dist/assets/{wallet-B87E5UId.js → wallet-CqYzSiBd.js} +2 -2
- package/packages/ui/dist/assets/{wallet-placeholder-DmssSbYf.js → wallet-placeholder-B05kTN_K.js} +2 -2
- package/packages/ui/dist/assets/{walletconnect-CZkLKWMZ.js → walletconnect-BwoPXLaS.js} +3 -3
- package/packages/ui/dist/assets/{warning-circle-BPTpHB1P.js → warning-circle-DK9Ai8rT.js} +2 -2
- package/packages/ui/dist/assets/{x-D_dEtEDU.js → x-BNdh5DVW.js} +2 -2
- package/packages/ui/dist/index.html +2 -2
- package/templates/default/.agents/skills/sail-mandates/SKILL.md +13 -1
- package/templates/default/.agents/skills/sail-mandates/references/approvals.md +3 -3
- package/templates/default/.agents/skills/sail-mandates/references/examples-index.md +3 -3
- package/templates/default/.agents/skills/sail-onboarding/SKILL.md +2 -2
- package/templates/default/.agents/skills/sail-project-info/SKILL.md +2 -0
- package/templates/default/.agents/skills/sail-servers/SKILL.md +1 -0
- package/templates/default/.agents/skills/sail-swap-quote/SKILL.md +76 -0
- package/templates/default/.agents/skills/sail-template-approve-batch/SKILL.md +98 -0
- package/templates/default/.agents/skills/sail-template-borrow/SKILL.md +68 -0
- package/templates/default/.agents/skills/sail-template-deposit/SKILL.md +61 -0
- package/templates/default/.agents/skills/sail-template-swap/SKILL.md +207 -0
- package/templates/default/.agents/skills/sail-template-swap-no-oracle/SKILL.md +100 -0
- package/templates/default/.agents/skills/sail-template-transfer/SKILL.md +52 -0
- package/templates/default/.agents/skills/sail-template-withdraw/SKILL.md +50 -0
- package/templates/default/.agents/skills/sail-templates/SKILL.md +142 -0
- package/templates/default/.agents/skills/sail-templates/catalog.mjs +200 -0
- package/templates/default/.agents/skills/sail-templates/deployed.json +133 -0
- package/templates/default/.agents/skills/sail-templates/oracles/IOracle.sol +13 -0
- package/templates/default/.agents/skills/sail-templates/oracles/UniV3TwapOracle.sol +114 -0
- package/templates/default/.agents/skills/sail-templates/oracles/libs/FullMath.sol +62 -0
- package/templates/default/.agents/skills/sail-templates/oracles/libs/TickMath.sol +44 -0
- package/templates/default/.agents/skills/sail-templates/references/config-schemas.md +139 -0
- package/templates/default/.agents/skills/sail-templates/references/reuse-flow.md +139 -0
- package/templates/default/.agents/skills/sail-token-resolve/SKILL.md +174 -0
- package/templates/default/.env.example +9 -0
- package/templates/default/AGENTS.md +21 -2
- package/templates/default/docs/PERMISSION_MODEL.md +2 -2
- package/{examples → templates/default/examples}/custom-mandate/.sail/contracts/interfaces/IPermission.sol +4 -0
- package/{examples → templates/default/examples}/custom-mandate/README.md +4 -1
- package/{examples → templates/default/examples}/permissions/interfaces/IBatchPermission.sol +2 -0
- package/{examples → templates/default/examples}/permissions/interfaces/IPermission.sol +4 -0
- package/templates/default/scripts/quote-swap.mjs +211 -0
- package/templates/default/scripts/resolve-token.mjs +992 -0
- package/templates/default/scripts/shared-template-addr.mjs +110 -0
- package/templates/default/test/BoundedCallPermission.t.sol +2 -1
- package/docs/PERMISSION_MODEL.md +0 -93
- package/examples/README.md +0 -24
- package/examples/lifi-permissions/LifiBoundedApprovePermissionCloneable.sol +0 -84
- package/examples/lifi-permissions/LifiDiamondSwapPermissionCloneable.sol +0 -97
- package/examples/lifi-permissions/README.md +0 -53
- package/packages/cli/dist/mcp.cjs +0 -15534
- package/packages/ui/dist/assets/arrow-bottom-DjQ4jGMe.js +0 -8
- package/packages/ui/dist/assets/arrow-left-BjAyI8D1.js +0 -8
- package/packages/ui/dist/assets/arrow-right-BlFO4Tcx.js +0 -8
- package/packages/ui/dist/assets/arrow-top-DJ3oh3DH.js +0 -8
- package/packages/ui/dist/assets/ccip-U9yiu_EK.js +0 -1
- package/packages/ui/dist/assets/chevron-bottom-BbHhmTQq.js +0 -8
- package/packages/ui/dist/assets/chevron-left-D8BDH4Wo.js +0 -8
- package/packages/ui/dist/assets/chevron-right-BQuQk5zc.js +0 -8
- package/packages/ui/dist/assets/chevron-top-1oeSXkx4.js +0 -8
- package/packages/ui/dist/assets/core-DbkMGSYW.js +0 -907
- package/packages/ui/dist/assets/cursor-DRFqL8nZ.js +0 -3
- package/packages/ui/dist/assets/events-CZkVDFih.js +0 -1
- package/packages/ui/dist/assets/external-link-CX8skCbH.js +0 -8
- package/packages/ui/dist/assets/fallback-DWQYKf3l.js +0 -1
- package/packages/ui/dist/assets/index-BP-UuQ8g.js +0 -1
- package/packages/ui/dist/assets/index-BksbyFjf.js +0 -1
- package/packages/ui/dist/assets/index-C55-Ne92.js +0 -16
- package/packages/ui/dist/assets/index-D6_Zei-R.js +0 -1790
- package/packages/ui/dist/assets/index-DZ2C2rHq.css +0 -1
- package/packages/ui/dist/assets/index-uSdXE5b_.js +0 -1
- package/packages/ui/dist/assets/index.es-dZlNPpfR.js +0 -26
- package/packages/ui/dist/assets/metamask-sdk-RbLbxUgF.js +0 -542
- package/packages/ui/dist/assets/native-CJ5et6AR.js +0 -1
- package/packages/ui/dist/assets/parseSignature-E29x8poM.js +0 -1
- package/scripts/check-docs.mjs +0 -309
- package/scripts/check-init.mjs +0 -123
- package/scripts/check-update.mjs +0 -177
- package/scripts/clean.mjs +0 -17
- package/scripts/pack.mjs +0 -21
- /package/{examples → templates/default/examples}/custom-mandate/foundry.toml +0 -0
- /package/{examples → templates/default/examples}/custom-mandate/mandates/BoundedCallPermission.sol +0 -0
- /package/{examples → templates/default/examples}/custom-mandate/mandates/README.md +0 -0
- /package/{examples → templates/default/examples}/custom-mandate/mandates/SailCalldata.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/BoundedApproveAndCallBatch.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/BoundedBorrow_AaveV3_Arbitrum.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/BoundedLimitless_Base.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/BoundedPerp_GMXv2_Arbitrum.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/BoundedStake_Venice_Base.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/BoundedSupply_AaveV3_Arbitrum.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/BoundedSwapNative_UniswapV3_Base.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/BoundedSwap_UniswapV3_Base.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/BoundedSwap_UniswapV4_Unichain.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/BoundedTransfer_ERC20_Ethereum.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/BoundedVault_ERC4626_Base.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/README.md +0 -0
- /package/{examples → templates/default/examples}/permissions/SailCalldata.sol +0 -0
- /package/{examples → templates/default/examples}/permissions/foundry.toml +0 -0
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// shared-template-addr.mjs — resolve a deployed shared-template singleton
|
|
3
|
+
// address for the active chain. Reads the vendored registry next to the skill
|
|
4
|
+
// (deployed.json) and the chain from .sail/.env.local or .sail/config.json.
|
|
5
|
+
//
|
|
6
|
+
// node scripts/shared-template-addr.mjs SwapPermission
|
|
7
|
+
// node scripts/shared-template-addr.mjs TransferPermission --chain base
|
|
8
|
+
// node scripts/shared-template-addr.mjs --list
|
|
9
|
+
//
|
|
10
|
+
// Prints the checksummed address (or "not deployed" with a non-zero exit).
|
|
11
|
+
// Pure JS, no dependencies.
|
|
12
|
+
|
|
13
|
+
import { existsSync, readFileSync } from "node:fs";
|
|
14
|
+
import { resolve as resolvePath } from "node:path";
|
|
15
|
+
|
|
16
|
+
// Mirrors the chain map in quote-swap.mjs / resolve-token.mjs so --chain accepts
|
|
17
|
+
// the same names those scripts do, not just a numeric id.
|
|
18
|
+
const CHAIN_NAME_TO_ID = {
|
|
19
|
+
ethereum: 1,
|
|
20
|
+
unichain: 130,
|
|
21
|
+
base: 8453,
|
|
22
|
+
arbitrum: 42161,
|
|
23
|
+
};
|
|
24
|
+
|
|
25
|
+
function resolveChainArg(raw) {
|
|
26
|
+
if (raw === undefined) return null;
|
|
27
|
+
if (/^\d+$/.test(raw)) return Number(raw);
|
|
28
|
+
const id = CHAIN_NAME_TO_ID[raw.toLowerCase()];
|
|
29
|
+
if (id === undefined) {
|
|
30
|
+
process.stderr.write(
|
|
31
|
+
`Unknown --chain "${raw}". Known names: ${Object.keys(CHAIN_NAME_TO_ID).join(", ")} (or pass a numeric chain id).\n`,
|
|
32
|
+
);
|
|
33
|
+
process.exit(1);
|
|
34
|
+
}
|
|
35
|
+
return id;
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
function readJson(p) {
|
|
39
|
+
return existsSync(p) ? JSON.parse(readFileSync(p, "utf8")) : null;
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
function readChain() {
|
|
43
|
+
// .sail/.env.local CHAIN_ID, then .sail/config.json chainId
|
|
44
|
+
const envPath = resolvePath(process.cwd(), ".sail", ".env.local");
|
|
45
|
+
if (existsSync(envPath)) {
|
|
46
|
+
for (const line of readFileSync(envPath, "utf8").split("\n")) {
|
|
47
|
+
const m = line.match(/^\s*CHAIN_ID\s*=\s*(\d+)/);
|
|
48
|
+
if (m) return Number(m[1]);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
const cfg = readJson(resolvePath(process.cwd(), ".sail", "config.json"));
|
|
52
|
+
return cfg?.chainId ?? null;
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
const REGISTRY = JSON.parse(
|
|
56
|
+
readFileSync(
|
|
57
|
+
resolvePath(
|
|
58
|
+
resolvePath(new URL(".", import.meta.url).pathname),
|
|
59
|
+
"..",
|
|
60
|
+
".agents",
|
|
61
|
+
"skills",
|
|
62
|
+
"sail-templates",
|
|
63
|
+
"deployed.json",
|
|
64
|
+
),
|
|
65
|
+
"utf8",
|
|
66
|
+
),
|
|
67
|
+
);
|
|
68
|
+
|
|
69
|
+
const args = process.argv.slice(2);
|
|
70
|
+
const list = args.includes("--list");
|
|
71
|
+
const name = args.find((a) => !a.startsWith("--"));
|
|
72
|
+
const chainFlagIdx = args.indexOf("--chain");
|
|
73
|
+
const chainOverride = chainFlagIdx !== -1 ? resolveChainArg(args[chainFlagIdx + 1]) : null;
|
|
74
|
+
const chainId = chainOverride ?? readChain();
|
|
75
|
+
|
|
76
|
+
if (list) {
|
|
77
|
+
process.stdout.write(
|
|
78
|
+
"Deployed shared templates by chain (from .agents/skills/sail-templates/deployed.json):\n",
|
|
79
|
+
);
|
|
80
|
+
for (const [cid, templates] of Object.entries(REGISTRY.chains)) {
|
|
81
|
+
const names = Object.keys(templates);
|
|
82
|
+
process.stdout.write(` chain ${cid}: ${names.length ? names.join(", ") : "(none)"}\n`);
|
|
83
|
+
}
|
|
84
|
+
process.exit(0);
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
if (!name) {
|
|
88
|
+
process.stderr.write(
|
|
89
|
+
`Usage: shared-template-addr.mjs <TemplateName> [--chain <id|${Object.keys(CHAIN_NAME_TO_ID).join("|")}>] [--list]\n`,
|
|
90
|
+
);
|
|
91
|
+
process.exit(1);
|
|
92
|
+
}
|
|
93
|
+
if (!chainId) {
|
|
94
|
+
process.stderr.write(
|
|
95
|
+
"Could not resolve chain. Pass --chain <id> or set CHAIN_ID in .sail/.env.local.\n",
|
|
96
|
+
);
|
|
97
|
+
process.exit(1);
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
const chainTemplates = REGISTRY.chains[String(chainId)] ?? {};
|
|
101
|
+
const addr = chainTemplates[name];
|
|
102
|
+
if (!addr) {
|
|
103
|
+
process.stderr.write(
|
|
104
|
+
`"${name}" is not deployed on chain ${chainId}.\n` +
|
|
105
|
+
`Deployed here: ${Object.keys(chainTemplates).join(", ") || "(none)"}.\n` +
|
|
106
|
+
`SwapPermissionNoOracle is source-only (not deployed on any chain) — use SwapPermission or author a bespoke permission.\n`,
|
|
107
|
+
);
|
|
108
|
+
process.exit(1);
|
|
109
|
+
}
|
|
110
|
+
process.stdout.write(addr + "\n");
|
|
@@ -39,7 +39,8 @@ contract BoundedCallPermissionTest {
|
|
|
39
39
|
selector: selector,
|
|
40
40
|
value: value,
|
|
41
41
|
blockTimestamp: block.timestamp,
|
|
42
|
-
blockNumber: block.number
|
|
42
|
+
blockNumber: block.number,
|
|
43
|
+
configEpoch: 0 // BoundedCallPermission takes no post-deploy config; value unused
|
|
43
44
|
});
|
|
44
45
|
}
|
|
45
46
|
|
package/docs/PERMISSION_MODEL.md
DELETED
|
@@ -1,93 +0,0 @@
|
|
|
1
|
-
# Sail permission model: conjunctive vs selective
|
|
2
|
-
|
|
3
|
-
The deployed SailKernel ships in **two incompatible dispatch models**. Which one a
|
|
4
|
-
chain runs changes how dispatches are signed *and* how permissions must be written.
|
|
5
|
-
Get this wrong and every dispatch reverts with an opaque selector. This is the single
|
|
6
|
-
most important thing to understand before operating an SMA.
|
|
7
|
-
|
|
8
|
-
## TL;DR
|
|
9
|
-
|
|
10
|
-
| | **Conjunctive** (older) | **Selective** (newer) |
|
|
11
|
-
|---|---|---|
|
|
12
|
-
| Chains today (bundled kernels) | None — all bundled kernels moved to selective | Base (8453), Base Sepolia (84532), Arbitrum (42161), Unichain (130) |
|
|
13
|
-
| `dispatch(...)` | `(account, target, value, data, sig, deadline)` — **no `permission`** | `(account, permission, target, value, data, sig, deadline)` |
|
|
14
|
-
| Which permissions are checked | **ALL** registered permissions; **all must return true** | only the **one** permission named in the call |
|
|
15
|
-
| EIP-712 `Dispatch` struct | no `permission` field | includes `permission` |
|
|
16
|
-
| Batch (`dispatchBatch`/`previewBatch`) | **not available** | available |
|
|
17
|
-
| **Permission design rule** | **MUST pass through calls outside its domain** | may return false freely |
|
|
18
|
-
|
|
19
|
-
Don't guess from a version string — **detect it on-chain** (see below).
|
|
20
|
-
|
|
21
|
-
## The conjunctive pass-through rule (the big footgun)
|
|
22
|
-
|
|
23
|
-
On a conjunctive kernel the kernel calls `evaluate(txData, ctx)` on **every**
|
|
24
|
-
registered permission and ANDs the results. A single `false` blocks the whole
|
|
25
|
-
dispatch (`PermissionDenied`).
|
|
26
|
-
|
|
27
|
-
So a permission that only cares about, say, approvals **must still return `true` for
|
|
28
|
-
every call it doesn't govern**:
|
|
29
|
-
|
|
30
|
-
```solidity
|
|
31
|
-
function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
|
|
32
|
-
// Pass through calls outside this permission's domain (conjunctive model).
|
|
33
|
-
if (ctx.selector != APPROVE) return true; // <-- without this line, this
|
|
34
|
-
// permission bricks swaps,
|
|
35
|
-
// transfers, everything.
|
|
36
|
-
// ...domain-specific checks for approve...
|
|
37
|
-
}
|
|
38
|
-
```
|
|
39
|
-
|
|
40
|
-
A permission that returns `false` (or reverts, or runs out of gas — both treated as
|
|
41
|
-
`false`) on unrelated calls **bricks the entire account**: no dispatch of any kind
|
|
42
|
-
can pass. We hit exactly this during bring-up with permissions that "blocked each
|
|
43
|
-
other." The fix was to redeploy every permission with pass-through semantics.
|
|
44
|
-
|
|
45
|
-
Corollary: on a conjunctive kernel you **cannot** have two permissions that each
|
|
46
|
-
enforce a different token's approve — each would reject the other's token. To support
|
|
47
|
-
approving both DAI and USDC you need **one** approve permission that allows both (see
|
|
48
|
-
`examples/lifi-permissions/`), not two narrow ones.
|
|
49
|
-
|
|
50
|
-
Selective kernels don't have this problem: each dispatch names one permission and
|
|
51
|
-
only that one is consulted.
|
|
52
|
-
|
|
53
|
-
## Detect the model on-chain
|
|
54
|
-
|
|
55
|
-
The SDK reads each kernel's public `DISPATCH_TYPEHASH` constant and matches it
|
|
56
|
-
against the canonical hashes for each model. Never assume.
|
|
57
|
-
|
|
58
|
-
```ts
|
|
59
|
-
const caps = await client.capabilities();
|
|
60
|
-
// caps.dispatchModel: "conjunctive" | "selective"
|
|
61
|
-
// caps.dispatchTypehash, caps.source ("onchain-typehash" | "static-hint")
|
|
62
|
-
```
|
|
63
|
-
|
|
64
|
-
Verified typehashes:
|
|
65
|
-
|
|
66
|
-
- conjunctive `DISPATCH_TYPEHASH` = `0x7510c80e…`
|
|
67
|
-
`Dispatch(address account,address target,uint256 value,bytes32 dataHash,uint256 nonce,uint256 deadline)`
|
|
68
|
-
- selective `DISPATCH_TYPEHASH` =
|
|
69
|
-
`Dispatch(address account,address permission,address target,uint256 value,bytes32 dataHash,uint256 nonce,uint256 deadline)`
|
|
70
|
-
|
|
71
|
-
`client.dispatch.single(...)` already signs the correct struct and uses the correct
|
|
72
|
-
ABI for the detected model — you don't sign by hand. `client.dispatch.batch` /
|
|
73
|
-
`preview` throw a clear error on conjunctive kernels (no `dispatchBatch`).
|
|
74
|
-
|
|
75
|
-
## Roles (unchanged across models)
|
|
76
|
-
|
|
77
|
-
| Role | Authority |
|
|
78
|
-
|------|-----------|
|
|
79
|
-
| **Owner** | Holds the Safe; custody anchor. |
|
|
80
|
-
| **Permission Signer** | Authorizes which `IPermission` contracts apply (EIP-712 `RegisterPermissions` / `RevokePermissions`). Signed in the browser signing station — the agent never holds this key. |
|
|
81
|
-
| **Manager** | Executes dispatches within the registered permissions (ECDSA / ERC-1271). The agent's hot key. |
|
|
82
|
-
|
|
83
|
-
## Preflight before spending gas
|
|
84
|
-
|
|
85
|
-
Run `sailor doctor` (read-only, no gas, no keys):
|
|
86
|
-
|
|
87
|
-
- detects the dispatch model,
|
|
88
|
-
- lists registered permissions,
|
|
89
|
-
- on a conjunctive kernel, **probes each permission for pass-through** and flags any
|
|
90
|
-
that would brick dispatch.
|
|
91
|
-
|
|
92
|
-
See [AGENTS.md](../AGENTS.md) for the operational decision tree and the
|
|
93
|
-
revert failure-mode catalog.
|
package/examples/README.md
DELETED
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
# examples/
|
|
2
|
-
|
|
3
|
-
Reference material for building Sail permission contracts. Nothing here is part of
|
|
4
|
-
Sail Protocol and nothing here is audited.
|
|
5
|
-
|
|
6
|
-
## What's in here
|
|
7
|
-
|
|
8
|
-
### `permissions/`
|
|
9
|
-
|
|
10
|
-
Protocol-specific permission examples (Uniswap, Aave, GMX, Vault, Pendle, and others).
|
|
11
|
-
These are copied into your project by `sailor init` so you have local starting points to
|
|
12
|
-
adapt. They are not a supported or exhaustive library — review them before using.
|
|
13
|
-
|
|
14
|
-
### `custom-mandate/`
|
|
15
|
-
|
|
16
|
-
A standalone Foundry workspace scaffold for authoring your own `IPermission` contract as a
|
|
17
|
-
separate project. Fork it, rename it, and build from `BoundedCallPermission.sol`.
|
|
18
|
-
|
|
19
|
-
### `lifi-permissions/`
|
|
20
|
-
|
|
21
|
-
Reference-only source for the deployed LiFi EIP-1167 clone implementations
|
|
22
|
-
(`LifiBoundedApprovePermissionCloneable`, `LifiDiamondSwapPermissionCloneable`).
|
|
23
|
-
These document live deployed contracts — do not adapt them directly for new projects.
|
|
24
|
-
See the `README.md` inside for deployment addresses and the conjunctive-kernel caveat.
|
|
@@ -1,84 +0,0 @@
|
|
|
1
|
-
// SPDX-License-Identifier: MIT
|
|
2
|
-
pragma solidity 0.8.26;
|
|
3
|
-
|
|
4
|
-
import {IPermission, Context} from "../../.sail/contracts/interfaces/IPermission.sol";
|
|
5
|
-
import {CloneInitializable} from "../../.sail/contracts/templates/base/CloneInitializable.sol";
|
|
6
|
-
|
|
7
|
-
/// @title LifiBoundedApprovePermissionCloneable
|
|
8
|
-
/// @notice EIP-1167 clone-template approval permission with PER-TOKEN caps. The
|
|
9
|
-
/// logic contract is deployed once and registered in the SDK's
|
|
10
|
-
/// standaloneTemplates; each account clones it via
|
|
11
|
-
/// PermissionFactory.deployAndAttach and configures via initialize().
|
|
12
|
-
///
|
|
13
|
-
/// The manager may ONLY approve the LiFi Diamond, and only on tokens that
|
|
14
|
-
/// have a configured cap, up to that token's cap. Passes through any
|
|
15
|
-
/// non-approve call (conjunctive model).
|
|
16
|
-
///
|
|
17
|
-
/// Caps are PER TOKEN (not one global cap) because token value and decimals
|
|
18
|
-
/// differ — e.g. 1 DAI = 1e18 base units vs 1 USDC = 1e6. A single cap can't
|
|
19
|
-
/// bound both sensibly.
|
|
20
|
-
contract LifiBoundedApprovePermissionCloneable is IPermission, CloneInitializable {
|
|
21
|
-
bytes4 private constant APPROVE = 0x095ea7b3;
|
|
22
|
-
address public constant LIFI_DIAMOND = 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE;
|
|
23
|
-
|
|
24
|
-
// Per-token approve cap, in the token's base units. 0 = token not allowed.
|
|
25
|
-
// A mapping occupies its own slot pointer and does not pack with the
|
|
26
|
-
// CloneInitializable `_initialized` bool at slot 0.
|
|
27
|
-
mapping(address token => uint256 cap) public maxApprovePerToken;
|
|
28
|
-
address public permissionSigner;
|
|
29
|
-
|
|
30
|
-
error NotPermissionSigner();
|
|
31
|
-
error ZeroAddress();
|
|
32
|
-
error LengthMismatch();
|
|
33
|
-
|
|
34
|
-
modifier onlyPermissionSigner() {
|
|
35
|
-
if (msg.sender != permissionSigner) revert NotPermissionSigner();
|
|
36
|
-
_;
|
|
37
|
-
}
|
|
38
|
-
|
|
39
|
-
/// @dev Lock the logic contract; only clones (fresh storage) can be initialized.
|
|
40
|
-
constructor() {
|
|
41
|
-
_disableInitializers();
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
/// @notice One-time per-clone configuration.
|
|
45
|
-
/// @param tokens Tokens the manager may approve to the LiFi Diamond.
|
|
46
|
-
/// @param caps Per-token cap (token base units); index-aligned with `tokens`.
|
|
47
|
-
/// @param _permissionSigner Owner wallet; sole authority for post-init updates.
|
|
48
|
-
function initialize(
|
|
49
|
-
address[] memory tokens,
|
|
50
|
-
uint256[] memory caps,
|
|
51
|
-
address _permissionSigner
|
|
52
|
-
) external initializer {
|
|
53
|
-
if (_permissionSigner == address(0)) revert ZeroAddress();
|
|
54
|
-
if (tokens.length != caps.length) revert LengthMismatch();
|
|
55
|
-
permissionSigner = _permissionSigner;
|
|
56
|
-
for (uint256 i; i < tokens.length; i++) {
|
|
57
|
-
maxApprovePerToken[tokens[i]] = caps[i];
|
|
58
|
-
}
|
|
59
|
-
}
|
|
60
|
-
|
|
61
|
-
/// @notice Set (cap > 0) or clear (cap == 0) a token's per-tx approve cap.
|
|
62
|
-
function setTokenCap(address token, uint256 cap) external onlyPermissionSigner {
|
|
63
|
-
maxApprovePerToken[token] = cap;
|
|
64
|
-
}
|
|
65
|
-
|
|
66
|
-
function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
|
|
67
|
-
// Pass through calls outside this permission's domain (conjunctive model).
|
|
68
|
-
if (ctx.selector != APPROVE) return true;
|
|
69
|
-
if (ctx.target == address(0)) return false; // token is ctx.target
|
|
70
|
-
if (txData.length < 68) return false;
|
|
71
|
-
|
|
72
|
-
(address spender, uint256 amount) = abi.decode(txData[4:], (address, uint256));
|
|
73
|
-
if (spender != LIFI_DIAMOND) return false;
|
|
74
|
-
|
|
75
|
-
uint256 cap = maxApprovePerToken[ctx.target];
|
|
76
|
-
if (cap == 0) return false; // token not allowed
|
|
77
|
-
if (amount > cap) return false; // over the per-token cap
|
|
78
|
-
return true;
|
|
79
|
-
}
|
|
80
|
-
|
|
81
|
-
function discriminator() external pure returns (bytes32) {
|
|
82
|
-
return keccak256("LifiBoundedApprovePermissionCloneable.v1");
|
|
83
|
-
}
|
|
84
|
-
}
|
|
@@ -1,97 +0,0 @@
|
|
|
1
|
-
// SPDX-License-Identifier: MIT
|
|
2
|
-
pragma solidity 0.8.26;
|
|
3
|
-
|
|
4
|
-
import {IPermission, Context} from "../../.sail/contracts/interfaces/IPermission.sol";
|
|
5
|
-
import {CloneInitializable} from "../../.sail/contracts/templates/base/CloneInitializable.sol";
|
|
6
|
-
|
|
7
|
-
/// @title LifiDiamondSwapPermissionCloneable
|
|
8
|
-
/// @notice EIP-1167 clone-template version of LifiDiamondSwapPermission. The logic
|
|
9
|
-
/// contract is deployed once and registered in the SDK's standaloneTemplates;
|
|
10
|
-
/// each account gets its own clone via PermissionFactory.deployAndAttach,
|
|
11
|
-
/// configured through initialize() (NOT the constructor).
|
|
12
|
-
///
|
|
13
|
-
/// Restricts manager-initiated swaps to the official LiFi Diamond on Base:
|
|
14
|
-
/// - target must be the LiFi Diamond,
|
|
15
|
-
/// - selector must be allowlisted,
|
|
16
|
-
/// - receiver embedded in the calldata must equal ctx.account (the SMA),
|
|
17
|
-
/// - the minAmount field must not exceed the configured cap.
|
|
18
|
-
/// Passes through any call whose target is not the diamond (conjunctive model).
|
|
19
|
-
///
|
|
20
|
-
/// Calldata layout (validated against live Base quotes):
|
|
21
|
-
/// selector(4) + word0(32) + word1(32) + word2(32) + receiver(32) + minAmount(32)
|
|
22
|
-
/// → receiver at offset 100, minAmount at offset 132.
|
|
23
|
-
contract LifiDiamondSwapPermissionCloneable is IPermission, CloneInitializable {
|
|
24
|
-
// Official LiFi Diamond on Base Mainnet.
|
|
25
|
-
address public constant LIFI_DIAMOND = 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE;
|
|
26
|
-
|
|
27
|
-
// Storage starts after CloneInitializable's `_initialized` bool (slot 0). A
|
|
28
|
-
// mapping occupies its own slot pointer and does not pack with the bool.
|
|
29
|
-
mapping(bytes4 selector => bool) public isAllowedSelector;
|
|
30
|
-
uint256 public maxMinAmountPerTx;
|
|
31
|
-
address public permissionSigner;
|
|
32
|
-
|
|
33
|
-
error NotPermissionSigner();
|
|
34
|
-
error ZeroAddress();
|
|
35
|
-
|
|
36
|
-
modifier onlyPermissionSigner() {
|
|
37
|
-
if (msg.sender != permissionSigner) revert NotPermissionSigner();
|
|
38
|
-
_;
|
|
39
|
-
}
|
|
40
|
-
|
|
41
|
-
/// @dev Lock the logic contract; only clones (fresh storage) can be initialized.
|
|
42
|
-
constructor() {
|
|
43
|
-
_disableInitializers();
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
/// @notice One-time per-clone configuration.
|
|
47
|
-
/// @param allowedSelectors LiFi Diamond selectors to allowlist on init.
|
|
48
|
-
/// @param _maxMinAmountPerTx Cap on the minAmount field (type(uint256).max = uncapped).
|
|
49
|
-
/// @param _permissionSigner Owner wallet; sole authority for post-init updates.
|
|
50
|
-
function initialize(
|
|
51
|
-
bytes4[] memory allowedSelectors,
|
|
52
|
-
uint256 _maxMinAmountPerTx,
|
|
53
|
-
address _permissionSigner
|
|
54
|
-
) external initializer {
|
|
55
|
-
if (_permissionSigner == address(0)) revert ZeroAddress();
|
|
56
|
-
maxMinAmountPerTx = _maxMinAmountPerTx;
|
|
57
|
-
permissionSigner = _permissionSigner;
|
|
58
|
-
for (uint256 i; i < allowedSelectors.length; i++) {
|
|
59
|
-
isAllowedSelector[allowedSelectors[i]] = true;
|
|
60
|
-
}
|
|
61
|
-
}
|
|
62
|
-
|
|
63
|
-
function setMaxMinAmountPerTx(uint256 newMax) external onlyPermissionSigner {
|
|
64
|
-
maxMinAmountPerTx = newMax;
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
/// @notice Add a LiFi selector. Only after verifying its calldata places
|
|
68
|
-
/// `receiver` at offset 100 and `minAmount` at offset 132.
|
|
69
|
-
function addSelector(bytes4 selector) external onlyPermissionSigner {
|
|
70
|
-
isAllowedSelector[selector] = true;
|
|
71
|
-
}
|
|
72
|
-
|
|
73
|
-
function removeSelector(bytes4 selector) external onlyPermissionSigner {
|
|
74
|
-
isAllowedSelector[selector] = false;
|
|
75
|
-
}
|
|
76
|
-
|
|
77
|
-
uint256 private constant RECEIVER_OFFSET = 100;
|
|
78
|
-
uint256 private constant MIN_DATA_LEN = 164;
|
|
79
|
-
|
|
80
|
-
function evaluate(bytes calldata txData, Context calldata ctx) external view returns (bool) {
|
|
81
|
-
// Pass through calls outside this permission's domain (conjunctive model).
|
|
82
|
-
if (ctx.target != LIFI_DIAMOND) return true;
|
|
83
|
-
if (!isAllowedSelector[ctx.selector]) return false;
|
|
84
|
-
if (txData.length < MIN_DATA_LEN) return false;
|
|
85
|
-
|
|
86
|
-
address receiver = abi.decode(txData[RECEIVER_OFFSET:RECEIVER_OFFSET + 32], (address));
|
|
87
|
-
uint256 minAmount = abi.decode(txData[RECEIVER_OFFSET + 32:RECEIVER_OFFSET + 64], (uint256));
|
|
88
|
-
|
|
89
|
-
if (receiver != ctx.account) return false;
|
|
90
|
-
if (minAmount > maxMinAmountPerTx) return false;
|
|
91
|
-
return true;
|
|
92
|
-
}
|
|
93
|
-
|
|
94
|
-
function discriminator() external pure returns (bytes32) {
|
|
95
|
-
return keccak256("LifiDiamondSwapPermissionCloneable.v1");
|
|
96
|
-
}
|
|
97
|
-
}
|
|
@@ -1,53 +0,0 @@
|
|
|
1
|
-
# LiFi clone-permission templates
|
|
2
|
-
|
|
3
|
-
Canonical source (for reference) of the EIP-1167 **clone** permission templates
|
|
4
|
-
used for LiFi-based swaps/DCA. The logic contracts are deployed once per chain and
|
|
5
|
-
registered in the SDK deployment registry
|
|
6
|
-
(`packages/sdk/src/deployments.ts` → `standaloneTemplates` / `cloneTemplates`).
|
|
7
|
-
Each account gets its own clone via `PermissionFactory.deployAndAttach`, configured
|
|
8
|
-
through `initialize()` (never the constructor).
|
|
9
|
-
|
|
10
|
-
These follow the `CloneInitializable` pattern: the constructor calls
|
|
11
|
-
`_disableInitializers()` to permanently lock the logic contract, and a one-time
|
|
12
|
-
`initialize()` (guarded by the `initializer` modifier) configures each clone.
|
|
13
|
-
|
|
14
|
-
> The `import` paths reference `../../.sail/contracts/{interfaces,templates/base}`
|
|
15
|
-
> from the Foundry project they were built in
|
|
16
|
-
> (`tests/base-mainnet-agent-01/`). This folder is **reference source** — sailor has
|
|
17
|
-
> no Foundry build. Build/deploy happens in that project via
|
|
18
|
-
> `scripts/deploy-clone-templates.ts`.
|
|
19
|
-
|
|
20
|
-
> **Note:** The kernels bundled in `@sail.money/sailor/sdk` (Base, Base Sepolia, Arbitrum, Unichain) now all run the **selective** dispatch model — verified on-chain against each kernel's `DISPATCH_TYPEHASH`. These templates were written for the older conjunctive model and include pass-through logic (`return true` for calls outside their domain) that is not required on selective kernels. Review before deploying against a selective kernel; the pass-through logic is harmless but unnecessary.
|
|
21
|
-
|
|
22
|
-
## Contracts
|
|
23
|
-
|
|
24
|
-
### LifiDiamondSwapPermissionCloneable → `boundedLiFi`
|
|
25
|
-
Restricts manager swaps to the official LiFi Diamond:
|
|
26
|
-
target == diamond, selector allowlisted, embedded receiver == `ctx.account`,
|
|
27
|
-
`minAmount <= maxMinAmountPerTx`. Passes through any call whose target is not the
|
|
28
|
-
diamond (conjunctive-kernel rule).
|
|
29
|
-
|
|
30
|
-
`initialize(bytes4[] allowedSelectors, uint256 maxMinAmountPerTx, address permissionSigner)`
|
|
31
|
-
|
|
32
|
-
### LifiBoundedApprovePermissionCloneable → `boundedApprove`
|
|
33
|
-
Approve only the LiFi Diamond, only on tokens with a configured cap, up to that
|
|
34
|
-
cap. **Per-token caps** (`mapping(token => cap)`) because token value/decimals
|
|
35
|
-
differ (1 DAI = 1e18 vs 1 USDC = 1e6). Passes through non-approve calls.
|
|
36
|
-
|
|
37
|
-
`initialize(address[] tokens, uint256[] caps, address permissionSigner)`
|
|
38
|
-
|
|
39
|
-
## Deployed logic addresses
|
|
40
|
-
|
|
41
|
-
| Template | Chain | Address |
|
|
42
|
-
|---|---|---|
|
|
43
|
-
| boundedLiFi | Base mainnet (8453) | `0xF1abcF774250fD1A8147B56DA07Bf9021064650A` |
|
|
44
|
-
| boundedApprove | Base mainnet (8453) | `0x9c0b86daf9e75d759a5D165aD7366e52b3353fD8` |
|
|
45
|
-
|
|
46
|
-
Both verified `initialized() == true` (logic locked) post-deploy.
|
|
47
|
-
|
|
48
|
-
## Conjunctive-kernel note
|
|
49
|
-
|
|
50
|
-
Both Base kernels use the **conjunctive** dispatch model: every registered
|
|
51
|
-
permission is evaluated and ALL must return true. So a permission MUST pass through
|
|
52
|
-
calls outside its own domain (return `true`), or it bricks unrelated dispatches.
|
|
53
|
-
Both templates above do this.
|