@dexterai/vault 0.2.1 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/idl/dexter_vault.json +1417 -0
  2. package/dist/instructions/index.cjs +93 -26
  3. package/dist/instructions/index.d.cts +49 -1
  4. package/dist/instructions/index.d.ts +49 -1
  5. package/dist/instructions/index.js +100 -31
  6. package/package.json +3 -2
package/dist/idl/dexter_vault.json ADDED
@@ -0,0 +1,1417 @@
1
+ {
2
+ "address": "Hg3wRaydFtJhYrdvYrKECacpJYDsC9Px7yKmpncj2fhc",
3
+ "metadata": {
4
+ "name": "dexter_vault",
5
+ "version": "0.1.0",
6
+ "spec": "0.1.0",
7
+ "description": "Created with Anchor"
8
+ },
9
+ "instructions": [
10
+ {
11
+ "name": "finalize_withdrawal",
12
+ "discriminator": [
13
+ 178,
14
+ 87,
15
+ 206,
16
+ 68,
17
+ 201,
18
+ 186,
19
+ 164,
20
+ 232
21
+ ],
22
+ "accounts": [
23
+ {
24
+ "name": "swig",
25
+ "docs": [
26
+ "Position 0 — REQUIRED at this index by Swig's ProgramExec authority",
27
+ "validator. When a Swig::SignV2 follows this instruction in the same",
28
+ "transaction, Swig's on-chain validator inspects accounts[0..1] of the",
29
+ "preceding instruction and rejects unless they're [swig, swig_wallet].",
30
+ "",
31
+ "We additionally enforce `swig.key() == vault.swig_address` via the",
32
+ "`address` constraint so a caller cannot pass an arbitrary Swig account",
33
+ "in here — defense in depth: even if Swig's own validation changes in a",
34
+ "future program upgrade, this vault keeps its own invariant.",
35
+ "",
36
+ "deserialize or dereference it."
37
+ ]
38
+ },
39
+ {
40
+ "name": "swig_wallet_address",
41
+ "docs": [
42
+ "Position 1 — required by Swig's ProgramExec validator (see `swig`).",
43
+ "The Swig wallet address is the PDA owning the SPL token ATA being",
44
+ "debited; it is derived under the Swig program at",
45
+ "`[\"swig-wallet-address\", swig_pubkey]`.",
46
+ "",
47
+ "We independently verify the canonical derivation via Anchor's `seeds`",
48
+ "+ `seeds::program` constraint. If a caller supplied a fake account, our",
49
+ "program rejects before any Swig CPI runs — we do not rely on Swig",
50
+ "catching it downstream.",
51
+ ""
52
+ ],
53
+ "pda": {
54
+ "seeds": [
55
+ {
56
+ "kind": "const",
57
+ "value": [
58
+ 115,
59
+ 119,
60
+ 105,
61
+ 103,
62
+ 45,
63
+ 119,
64
+ 97,
65
+ 108,
66
+ 108,
67
+ 101,
68
+ 116,
69
+ 45,
70
+ 97,
71
+ 100,
72
+ 100,
73
+ 114,
74
+ 101,
75
+ 115,
76
+ 115
77
+ ]
78
+ },
79
+ {
80
+ "kind": "account",
81
+ "path": "swig"
82
+ }
83
+ ],
84
+ "program": {
85
+ "kind": "const",
86
+ "value": [
87
+ 13,
88
+ 12,
89
+ 233,
90
+ 66,
91
+ 225,
92
+ 231,
93
+ 197,
94
+ 6,
95
+ 226,
96
+ 24,
97
+ 223,
98
+ 13,
99
+ 125,
100
+ 241,
101
+ 197,
102
+ 47,
103
+ 175,
104
+ 220,
105
+ 53,
106
+ 41,
107
+ 228,
108
+ 141,
109
+ 103,
110
+ 77,
111
+ 29,
112
+ 178,
113
+ 76,
114
+ 117,
115
+ 181,
116
+ 76,
117
+ 204,
118
+ 190
119
+ ]
120
+ }
121
+ }
122
+ },
123
+ {
124
+ "name": "vault",
125
+ "writable": true
126
+ },
127
+ {
128
+ "name": "instructions_sysvar",
129
+ "address": "Sysvar1nstructions1111111111111111111111111"
130
+ }
131
+ ],
132
+ "args": [
133
+ {
134
+ "name": "args",
135
+ "type": {
136
+ "defined": {
137
+ "name": "FinalizeWithdrawalArgs"
138
+ }
139
+ }
140
+ }
141
+ ]
142
+ },
143
+ {
144
+ "name": "force_release",
145
+ "discriminator": [
146
+ 122,
147
+ 190,
148
+ 243,
149
+ 252,
150
+ 54,
151
+ 202,
152
+ 208,
153
+ 234
154
+ ],
155
+ "accounts": [
156
+ {
157
+ "name": "vault",
158
+ "writable": true
159
+ },
160
+ {
161
+ "name": "instructions_sysvar",
162
+ "docs": [
163
+ "buyer's passkey signature via the SIMD-0075 precompile sibling."
164
+ ],
165
+ "address": "Sysvar1nstructions1111111111111111111111111"
166
+ }
167
+ ],
168
+ "args": [
169
+ {
170
+ "name": "args",
171
+ "type": {
172
+ "defined": {
173
+ "name": "ForceReleaseArgs"
174
+ }
175
+ }
176
+ }
177
+ ]
178
+ },
179
+ {
180
+ "name": "initialize_vault",
181
+ "discriminator": [
182
+ 48,
183
+ 191,
184
+ 163,
185
+ 44,
186
+ 71,
187
+ 129,
188
+ 63,
189
+ 164
190
+ ],
191
+ "accounts": [
192
+ {
193
+ "name": "vault",
194
+ "writable": true
195
+ },
196
+ {
197
+ "name": "payer",
198
+ "writable": true,
199
+ "signer": true
200
+ },
201
+ {
202
+ "name": "dexter_authority",
203
+ "docs": [
204
+ "The Dexter session authority to bind to this vault. Must sign init, so",
205
+ "a vault can only be created bound to an authority that consented. This",
206
+ "key may later mutate `pending_voucher_count` (settle_voucher /",
207
+ "force_release) — and only this key. It can never move funds."
208
+ ],
209
+ "signer": true
210
+ },
211
+ {
212
+ "name": "system_program",
213
+ "address": "11111111111111111111111111111111"
214
+ }
215
+ ],
216
+ "args": [
217
+ {
218
+ "name": "args",
219
+ "type": {
220
+ "defined": {
221
+ "name": "InitializeVaultArgs"
222
+ }
223
+ }
224
+ }
225
+ ]
226
+ },
227
+ {
228
+ "name": "prove_passkey",
229
+ "discriminator": [
230
+ 35,
231
+ 175,
232
+ 41,
233
+ 143,
234
+ 201,
235
+ 118,
236
+ 49,
237
+ 184
238
+ ],
239
+ "accounts": [
240
+ {
241
+ "name": "vault",
242
+ "docs": [
243
+ "Read-only: this instruction proves passkey control and mutates NOTHING."
244
+ ]
245
+ },
246
+ {
247
+ "name": "instructions_sysvar",
248
+ "docs": [
249
+ "passkey signature via the SIMD-0075 precompile sibling instruction."
250
+ ],
251
+ "address": "Sysvar1nstructions1111111111111111111111111"
252
+ }
253
+ ],
254
+ "args": [
255
+ {
256
+ "name": "args",
257
+ "type": {
258
+ "defined": {
259
+ "name": "ProvePasskeyArgs"
260
+ }
261
+ }
262
+ }
263
+ ]
264
+ },
265
+ {
266
+ "name": "register_session_key",
267
+ "discriminator": [
268
+ 69,
269
+ 94,
270
+ 60,
271
+ 44,
272
+ 49,
273
+ 199,
274
+ 183,
275
+ 233
276
+ ],
277
+ "accounts": [
278
+ {
279
+ "name": "vault",
280
+ "docs": [
281
+ "Receives the new `active_session`. Mutated, no signer required: the",
282
+ "passkey signature embedded in the args (verified via the SIMD-0075",
283
+ "precompile sibling) is what authorizes the mutation."
284
+ ],
285
+ "writable": true
286
+ },
287
+ {
288
+ "name": "instructions_sysvar",
289
+ "docs": [
290
+ "instruction in the transaction MUST be a secp256r1_verify call whose",
291
+ "signed message is `authenticatorData || sha256(clientDataJSON)` and",
292
+ "whose `clientDataJSON.challenge` decodes to sha256(registration_message)."
293
+ ],
294
+ "address": "Sysvar1nstructions1111111111111111111111111"
295
+ }
296
+ ],
297
+ "args": [
298
+ {
299
+ "name": "args",
300
+ "type": {
301
+ "defined": {
302
+ "name": "RegisterSessionKeyArgs"
303
+ }
304
+ }
305
+ }
306
+ ]
307
+ },
308
+ {
309
+ "name": "request_withdrawal",
310
+ "discriminator": [
311
+ 251,
312
+ 85,
313
+ 121,
314
+ 205,
315
+ 56,
316
+ 201,
317
+ 12,
318
+ 177
319
+ ],
320
+ "accounts": [
321
+ {
322
+ "name": "vault",
323
+ "writable": true
324
+ },
325
+ {
326
+ "name": "instructions_sysvar",
327
+ "address": "Sysvar1nstructions1111111111111111111111111"
328
+ }
329
+ ],
330
+ "args": [
331
+ {
332
+ "name": "args",
333
+ "type": {
334
+ "defined": {
335
+ "name": "RequestWithdrawalArgs"
336
+ }
337
+ }
338
+ }
339
+ ]
340
+ },
341
+ {
342
+ "name": "revoke_session_key",
343
+ "discriminator": [
344
+ 81,
345
+ 192,
346
+ 32,
347
+ 110,
348
+ 104,
349
+ 116,
350
+ 144,
351
+ 151
352
+ ],
353
+ "accounts": [
354
+ {
355
+ "name": "vault",
356
+ "docs": [
357
+ "Mutated to clear `active_session`. No signer required; the passkey",
358
+ "signature in the args is the authorization."
359
+ ],
360
+ "writable": true
361
+ },
362
+ {
363
+ "name": "instructions_sysvar",
364
+ "docs": [
365
+ "instruction in the transaction MUST be a secp256r1_verify call."
366
+ ],
367
+ "address": "Sysvar1nstructions1111111111111111111111111"
368
+ }
369
+ ],
370
+ "args": [
371
+ {
372
+ "name": "args",
373
+ "type": {
374
+ "defined": {
375
+ "name": "RevokeSessionKeyArgs"
376
+ }
377
+ }
378
+ }
379
+ ]
380
+ },
381
+ {
382
+ "name": "rotate_dexter_authority",
383
+ "discriminator": [
384
+ 145,
385
+ 60,
386
+ 4,
387
+ 119,
388
+ 180,
389
+ 205,
390
+ 236,
391
+ 134
392
+ ],
393
+ "accounts": [
394
+ {
395
+ "name": "vault",
396
+ "writable": true
397
+ },
398
+ {
399
+ "name": "dexter_authority",
400
+ "docs": [
401
+ "Must equal the vault's CURRENT `dexter_authority`. Only the current",
402
+ "authority can hand off to a new one — so the session-master key can be",
403
+ "rotated without bricking existing vaults."
404
+ ],
405
+ "signer": true,
406
+ "relations": [
407
+ "vault"
408
+ ]
409
+ }
410
+ ],
411
+ "args": [
412
+ {
413
+ "name": "args",
414
+ "type": {
415
+ "defined": {
416
+ "name": "RotateDexterAuthorityArgs"
417
+ }
418
+ }
419
+ }
420
+ ]
421
+ },
422
+ {
423
+ "name": "rotate_passkey",
424
+ "discriminator": [
425
+ 28,
426
+ 134,
427
+ 49,
428
+ 89,
429
+ 196,
430
+ 34,
431
+ 58,
432
+ 174
433
+ ],
434
+ "accounts": [
435
+ {
436
+ "name": "vault",
437
+ "writable": true
438
+ },
439
+ {
440
+ "name": "instructions_sysvar",
441
+ "docs": [
442
+ "CURRENT passkey signature via the SIMD-0075 precompile sibling."
443
+ ],
444
+ "address": "Sysvar1nstructions1111111111111111111111111"
445
+ }
446
+ ],
447
+ "args": [
448
+ {
449
+ "name": "args",
450
+ "type": {
451
+ "defined": {
452
+ "name": "RotatePasskeyArgs"
453
+ }
454
+ }
455
+ }
456
+ ]
457
+ },
458
+ {
459
+ "name": "set_swig",
460
+ "discriminator": [
461
+ 253,
462
+ 229,
463
+ 89,
464
+ 206,
465
+ 192,
466
+ 118,
467
+ 137,
468
+ 165
469
+ ],
470
+ "accounts": [
471
+ {
472
+ "name": "vault",
473
+ "writable": true
474
+ },
475
+ {
476
+ "name": "instructions_sysvar",
477
+ "address": "Sysvar1nstructions1111111111111111111111111"
478
+ }
479
+ ],
480
+ "args": [
481
+ {
482
+ "name": "args",
483
+ "type": {
484
+ "defined": {
485
+ "name": "SetSwigArgs"
486
+ }
487
+ }
488
+ }
489
+ ]
490
+ },
491
+ {
492
+ "name": "set_swig_atomic",
493
+ "discriminator": [
494
+ 119,
495
+ 111,
496
+ 247,
497
+ 215,
498
+ 190,
499
+ 3,
500
+ 170,
501
+ 23
502
+ ],
503
+ "accounts": [
504
+ {
505
+ "name": "vault",
506
+ "docs": [
507
+ "The dexter-vault PDA — initialized by initialize_vault, mutated here",
508
+ "(we set swig_address)."
509
+ ],
510
+ "writable": true
511
+ },
512
+ {
513
+ "name": "fee_payer",
514
+ "docs": [
515
+ "The fee payer + role-0 bootstrap authority. MUST be a tx-level signer."
516
+ ],
517
+ "writable": true,
518
+ "signer": true
519
+ },
520
+ {
521
+ "name": "swig_account",
522
+ "docs": [
523
+ "The Swig state account, derived as `findProgramAddress([swig_id], swig_program)`.",
524
+ "Swig will initialize it during the CreateV1 CPI."
525
+ ],
526
+ "writable": true
527
+ },
528
+ {
529
+ "name": "swig_wallet_address",
530
+ "docs": [
531
+ "The Swig wallet PDA (different from swig_account — it's the spending",
532
+ "authority address). CPI'd into by CreateV1."
533
+ ],
534
+ "writable": true
535
+ },
536
+ {
537
+ "name": "swig_program",
538
+ "docs": [
539
+ "The Swig program itself."
540
+ ],
541
+ "address": "swigypWHEksbC64pWKwah1WTeh9JXwx8H1rJHLdbQMB"
542
+ },
543
+ {
544
+ "name": "system_program",
545
+ "docs": [
546
+ "System program — Swig CreateV1 needs it to create the state account."
547
+ ],
548
+ "address": "11111111111111111111111111111111"
549
+ },
550
+ {
551
+ "name": "instructions_sysvar",
552
+ "docs": [
553
+ "Instructions sysvar — read by verify_passkey_signed."
554
+ ],
555
+ "address": "Sysvar1nstructions1111111111111111111111111"
556
+ }
557
+ ],
558
+ "args": [
559
+ {
560
+ "name": "args",
561
+ "type": {
562
+ "defined": {
563
+ "name": "SetSwigAtomicArgs"
564
+ }
565
+ }
566
+ }
567
+ ]
568
+ },
569
+ {
570
+ "name": "settle_tab_voucher",
571
+ "discriminator": [
572
+ 173,
573
+ 22,
574
+ 98,
575
+ 31,
576
+ 110,
577
+ 129,
578
+ 59,
579
+ 161
580
+ ],
581
+ "accounts": [
582
+ {
583
+ "name": "swig",
584
+ "docs": [
585
+ "Position 0 — REQUIRED at this index by Swig's ProgramExec authority",
586
+ "validator. When a Swig::SignV2 follows this instruction in the same",
587
+ "transaction, Swig's on-chain validator inspects accounts[0..1] of",
588
+ "the preceding instruction and rejects unless they're",
589
+ "[swig, swig_wallet], AND that the preceding instruction's data",
590
+ "starts with a registered marker discriminator.",
591
+ "",
592
+ "Also bound to `vault.swig_address` via the Anchor `address`",
593
+ "constraint, so a caller cannot pass an arbitrary Swig account here.",
594
+ "",
595
+ "deserialize or dereference it."
596
+ ]
597
+ },
598
+ {
599
+ "name": "swig_wallet_address",
600
+ "docs": [
601
+ "Position 1 — required by Swig's ProgramExec validator (see `swig`).",
602
+ "The Swig wallet address is the PDA owning the SPL token ATA being",
603
+ "debited; derived under the Swig program at",
604
+ "`[\"swig-wallet-address\", swig_pubkey]`.",
605
+ ""
606
+ ],
607
+ "pda": {
608
+ "seeds": [
609
+ {
610
+ "kind": "const",
611
+ "value": [
612
+ 115,
613
+ 119,
614
+ 105,
615
+ 103,
616
+ 45,
617
+ 119,
618
+ 97,
619
+ 108,
620
+ 108,
621
+ 101,
622
+ 116,
623
+ 45,
624
+ 97,
625
+ 100,
626
+ 100,
627
+ 114,
628
+ 101,
629
+ 115,
630
+ 115
631
+ ]
632
+ },
633
+ {
634
+ "kind": "account",
635
+ "path": "swig"
636
+ }
637
+ ],
638
+ "program": {
639
+ "kind": "const",
640
+ "value": [
641
+ 13,
642
+ 12,
643
+ 233,
644
+ 66,
645
+ 225,
646
+ 231,
647
+ 197,
648
+ 6,
649
+ 226,
650
+ 24,
651
+ 223,
652
+ 13,
653
+ 125,
654
+ 241,
655
+ 197,
656
+ 47,
657
+ 175,
658
+ 220,
659
+ 53,
660
+ 41,
661
+ 228,
662
+ 141,
663
+ 103,
664
+ 77,
665
+ 29,
666
+ 178,
667
+ 76,
668
+ 117,
669
+ 181,
670
+ 76,
671
+ 204,
672
+ 190
673
+ ]
674
+ }
675
+ }
676
+ },
677
+ {
678
+ "name": "vault",
679
+ "writable": true
680
+ },
681
+ {
682
+ "name": "dexter_authority",
683
+ "docs": [
684
+ "Must equal `vault.dexter_authority` — only the recorded authority",
685
+ "can drive the gate-counter decrement. The buyer's session-key",
686
+ "signature is what authorizes the SPEND amount; this signer is what",
687
+ "authorizes the counter mutation. Same model as the existing",
688
+ "`settle_voucher`. NOTE: this signer does NOT sign the Swig transfer",
689
+ "in [N+1] — that's signed by the swig wallet PDA via Swig's",
690
+ "ProgramExec authority, gated by the vault program being the",
691
+ "ProgramExec authority on the Swig."
692
+ ],
693
+ "signer": true,
694
+ "relations": [
695
+ "vault"
696
+ ]
697
+ },
698
+ {
699
+ "name": "instructions_sysvar",
700
+ "address": "Sysvar1nstructions1111111111111111111111111"
701
+ }
702
+ ],
703
+ "args": [
704
+ {
705
+ "name": "args",
706
+ "type": {
707
+ "defined": {
708
+ "name": "SettleTabVoucherArgs"
709
+ }
710
+ }
711
+ }
712
+ ]
713
+ },
714
+ {
715
+ "name": "settle_voucher",
716
+ "discriminator": [
717
+ 144,
718
+ 176,
719
+ 128,
720
+ 220,
721
+ 156,
722
+ 79,
723
+ 41,
724
+ 54
725
+ ],
726
+ "accounts": [
727
+ {
728
+ "name": "vault",
729
+ "writable": true
730
+ },
731
+ {
732
+ "name": "dexter_authority",
733
+ "docs": [
734
+ "Must equal the `dexter_authority` recorded on the vault at init.",
735
+ "`has_one` enforces this — closing Finding B (previously any signer",
736
+ "could mutate the counter)."
737
+ ],
738
+ "signer": true,
739
+ "relations": [
740
+ "vault"
741
+ ]
742
+ }
743
+ ],
744
+ "args": [
745
+ {
746
+ "name": "args",
747
+ "type": {
748
+ "defined": {
749
+ "name": "SettleVoucherArgs"
750
+ }
751
+ }
752
+ }
753
+ ]
754
+ }
755
+ ],
756
+ "accounts": [
757
+ {
758
+ "name": "Vault",
759
+ "discriminator": [
760
+ 211,
761
+ 8,
762
+ 232,
763
+ 43,
764
+ 2,
765
+ 152,
766
+ 117,
767
+ 119
768
+ ]
769
+ }
770
+ ],
771
+ "errors": [
772
+ {
773
+ "code": 6000,
774
+ "name": "CoolingOffNotElapsed",
775
+ "msg": "Cooling-off period has not elapsed"
776
+ },
777
+ {
778
+ "code": 6001,
779
+ "name": "PendingVouchersExist",
780
+ "msg": "Pending vouchers must settle before withdrawal can finalize"
781
+ },
782
+ {
783
+ "code": 6002,
784
+ "name": "NoPendingWithdrawal",
785
+ "msg": "No pending withdrawal request"
786
+ },
787
+ {
788
+ "code": 6003,
789
+ "name": "PasskeyVerificationFailed",
790
+ "msg": "Passkey signature verification failed"
791
+ },
792
+ {
793
+ "code": 6004,
794
+ "name": "InvalidVoucherSignature",
795
+ "msg": "Voucher signature does not match Dexter session key"
796
+ },
797
+ {
798
+ "code": 6005,
799
+ "name": "ForceReleaseTooEarly",
800
+ "msg": "force_release grace period has not elapsed"
801
+ },
802
+ {
803
+ "code": 6006,
804
+ "name": "NothingToRelease",
805
+ "msg": "No stuck voucher to force-release"
806
+ },
807
+ {
808
+ "code": 6007,
809
+ "name": "UnsupportedVaultVersion",
810
+ "msg": "Vault account version is not supported by this program"
811
+ },
812
+ {
813
+ "code": 6008,
814
+ "name": "SessionAlreadyActive",
815
+ "msg": "A session is already active on this vault and has not expired"
816
+ },
817
+ {
818
+ "code": 6009,
819
+ "name": "SessionExpiryInPast",
820
+ "msg": "Session expiry must be in the future"
821
+ },
822
+ {
823
+ "code": 6010,
824
+ "name": "SessionCapZero",
825
+ "msg": "Session max_amount must be greater than zero"
826
+ },
827
+ {
828
+ "code": 6011,
829
+ "name": "NoActiveSession",
830
+ "msg": "No active session to revoke"
831
+ },
832
+ {
833
+ "code": 6012,
834
+ "name": "SessionPubkeyMismatch",
835
+ "msg": "Revocation message session pubkey does not match the active session"
836
+ }
837
+ ],
838
+ "types": [
839
+ {
840
+ "name": "FinalizeWithdrawalArgs",
841
+ "type": {
842
+ "kind": "struct",
843
+ "fields": [
844
+ {
845
+ "name": "client_data_json",
846
+ "docs": [
847
+ "WebAuthn clientDataJSON; challenge must be sha256(operation_message)."
848
+ ],
849
+ "type": "bytes"
850
+ },
851
+ {
852
+ "name": "authenticator_data",
853
+ "type": "bytes"
854
+ }
855
+ ]
856
+ }
857
+ },
858
+ {
859
+ "name": "ForceReleaseArgs",
860
+ "type": {
861
+ "kind": "struct",
862
+ "fields": [
863
+ {
864
+ "name": "client_data_json",
865
+ "docs": [
866
+ "WebAuthn clientDataJSON; challenge must be sha256(operation_message)."
867
+ ],
868
+ "type": "bytes"
869
+ },
870
+ {
871
+ "name": "authenticator_data",
872
+ "type": "bytes"
873
+ }
874
+ ]
875
+ }
876
+ },
877
+ {
878
+ "name": "InitializeVaultArgs",
879
+ "type": {
880
+ "kind": "struct",
881
+ "fields": [
882
+ {
883
+ "name": "passkey_pubkey",
884
+ "type": {
885
+ "array": [
886
+ "u8",
887
+ 33
888
+ ]
889
+ }
890
+ },
891
+ {
892
+ "name": "cooling_off_seconds",
893
+ "docs": [
894
+ "Withdrawal cooling-off in seconds. Zero = instant. See §7.1 of the v2",
895
+ "design doc for why this tightened from i64 to u32."
896
+ ],
897
+ "type": "u32"
898
+ },
899
+ {
900
+ "name": "identity_claim",
901
+ "docs": [
902
+ "Operator-defined opaque identity bytes. The protocol doesn't interpret",
903
+ "these. Dexter writes a Supabase UUID into the first 16 bytes and zeros",
904
+ "the rest; future operators may use whichever scheme they want."
905
+ ],
906
+ "type": {
907
+ "array": [
908
+ "u8",
909
+ 32
910
+ ]
911
+ }
912
+ }
913
+ ]
914
+ }
915
+ },
916
+ {
917
+ "name": "PendingWithdrawal",
918
+ "type": {
919
+ "kind": "struct",
920
+ "fields": [
921
+ {
922
+ "name": "amount",
923
+ "type": "u64"
924
+ },
925
+ {
926
+ "name": "destination",
927
+ "type": "pubkey"
928
+ },
929
+ {
930
+ "name": "requested_at",
931
+ "type": "i64"
932
+ }
933
+ ]
934
+ }
935
+ },
936
+ {
937
+ "name": "ProvePasskeyArgs",
938
+ "type": {
939
+ "kind": "struct",
940
+ "fields": [
941
+ {
942
+ "name": "challenge",
943
+ "docs": [
944
+ "The 32-byte challenge to prove control over (e.g. a SIWX login nonce /",
945
+ "digest). The passkey must have signed `\"siwx_login\" || challenge`."
946
+ ],
947
+ "type": {
948
+ "array": [
949
+ "u8",
950
+ 32
951
+ ]
952
+ }
953
+ },
954
+ {
955
+ "name": "client_data_json",
956
+ "docs": [
957
+ "WebAuthn clientDataJSON; its `challenge` field must base64url-decode to",
958
+ "`sha256(\"siwx_login\" || challenge)`."
959
+ ],
960
+ "type": "bytes"
961
+ },
962
+ {
963
+ "name": "authenticator_data",
964
+ "type": "bytes"
965
+ }
966
+ ]
967
+ }
968
+ },
969
+ {
970
+ "name": "RegisterSessionKeyArgs",
971
+ "type": {
972
+ "kind": "struct",
973
+ "fields": [
974
+ {
975
+ "name": "session_pubkey",
976
+ "docs": [
977
+ "Ed25519 pubkey the buyer's SDK generated in memory. The passkey is",
978
+ "endorsing this exact key — only this key can sign vouchers for the",
979
+ "duration of the session."
980
+ ],
981
+ "type": {
982
+ "array": [
983
+ "u8",
984
+ 32
985
+ ]
986
+ }
987
+ },
988
+ {
989
+ "name": "max_amount",
990
+ "docs": [
991
+ "Cumulative cap in atomic units. The seller's middleware AND any future",
992
+ "on-chain consumer of `active_session.spent` enforces this."
993
+ ],
994
+ "type": "u64"
995
+ },
996
+ {
997
+ "name": "expires_at",
998
+ "docs": [
999
+ "Wall-clock expiry, unix seconds. Must be strictly in the future."
1000
+ ],
1001
+ "type": "i64"
1002
+ },
1003
+ {
1004
+ "name": "allowed_counterparty",
1005
+ "docs": [
1006
+ "The seller this session is bound to. Any voucher claiming a different",
1007
+ "counterparty MUST be rejected by the seller's verification path."
1008
+ ],
1009
+ "type": "pubkey"
1010
+ },
1011
+ {
1012
+ "name": "nonce",
1013
+ "docs": [
1014
+ "Per-session nonce. Combined with `expires_at`, gives each session a",
1015
+ "unique fingerprint for off-chain replay protection. Caller picks; the",
1016
+ "program does not enforce monotonicity (a non-monotonic nonce is the",
1017
+ "buyer's own footgun, not a protocol attack)."
1018
+ ],
1019
+ "type": "u32"
1020
+ },
1021
+ {
1022
+ "name": "client_data_json",
1023
+ "docs": [
1024
+ "WebAuthn `clientDataJSON`. Its `challenge` field must base64url-decode",
1025
+ "to sha256(registration_message)."
1026
+ ],
1027
+ "type": "bytes"
1028
+ },
1029
+ {
1030
+ "name": "authenticator_data",
1031
+ "docs": [
1032
+ "WebAuthn `authenticatorData` (37+ bytes)."
1033
+ ],
1034
+ "type": "bytes"
1035
+ }
1036
+ ]
1037
+ }
1038
+ },
1039
+ {
1040
+ "name": "RequestWithdrawalArgs",
1041
+ "type": {
1042
+ "kind": "struct",
1043
+ "fields": [
1044
+ {
1045
+ "name": "amount",
1046
+ "type": "u64"
1047
+ },
1048
+ {
1049
+ "name": "destination",
1050
+ "type": "pubkey"
1051
+ },
1052
+ {
1053
+ "name": "signed_at",
1054
+ "type": "i64"
1055
+ },
1056
+ {
1057
+ "name": "client_data_json",
1058
+ "docs": [
1059
+ "WebAuthn `clientDataJSON` from the browser. Its `challenge` field",
1060
+ "must base64url-decode to `sha256(operation_message)`."
1061
+ ],
1062
+ "type": "bytes"
1063
+ },
1064
+ {
1065
+ "name": "authenticator_data",
1066
+ "docs": [
1067
+ "WebAuthn `authenticatorData` (37+ bytes)."
1068
+ ],
1069
+ "type": "bytes"
1070
+ }
1071
+ ]
1072
+ }
1073
+ },
1074
+ {
1075
+ "name": "RevokeSessionKeyArgs",
1076
+ "type": {
1077
+ "kind": "struct",
1078
+ "fields": [
1079
+ {
1080
+ "name": "client_data_json",
1081
+ "type": "bytes"
1082
+ },
1083
+ {
1084
+ "name": "authenticator_data",
1085
+ "type": "bytes"
1086
+ }
1087
+ ]
1088
+ }
1089
+ },
1090
+ {
1091
+ "name": "RotateDexterAuthorityArgs",
1092
+ "type": {
1093
+ "kind": "struct",
1094
+ "fields": [
1095
+ {
1096
+ "name": "new_dexter_authority",
1097
+ "type": "pubkey"
1098
+ }
1099
+ ]
1100
+ }
1101
+ },
1102
+ {
1103
+ "name": "RotatePasskeyArgs",
1104
+ "type": {
1105
+ "kind": "struct",
1106
+ "fields": [
1107
+ {
1108
+ "name": "new_passkey_pubkey",
1109
+ "type": {
1110
+ "array": [
1111
+ "u8",
1112
+ 33
1113
+ ]
1114
+ }
1115
+ },
1116
+ {
1117
+ "name": "client_data_json",
1118
+ "docs": [
1119
+ "WebAuthn clientDataJSON; challenge must be sha256(operation_message)."
1120
+ ],
1121
+ "type": "bytes"
1122
+ },
1123
+ {
1124
+ "name": "authenticator_data",
1125
+ "type": "bytes"
1126
+ }
1127
+ ]
1128
+ }
1129
+ },
1130
+ {
1131
+ "name": "SessionRegistration",
1132
+ "docs": [
1133
+ "On-chain record of an authorized session key.",
1134
+ "",
1135
+ "The session pubkey is an ordinary ed25519 keypair the buyer's SDK generated",
1136
+ "in memory at tab-open time. The passkey signed a 180-byte registration",
1137
+ "message (see docs/DESIGN-vault-v2-session-keys.md §2.2) endorsing these",
1138
+ "scope limits. From this point on, the seller's middleware accepts vouchers",
1139
+ "signed by `session_pubkey` for this vault, up to `max_amount` and before",
1140
+ "`expires_at`, only for `allowed_counterparty`.",
1141
+ "",
1142
+ "`spent` is the running cumulative — incremented by settle paths that close",
1143
+ "vouchers — so we can enforce the cap across the lifetime of the session",
1144
+ "without an additional read."
1145
+ ],
1146
+ "type": {
1147
+ "kind": "struct",
1148
+ "fields": [
1149
+ {
1150
+ "name": "session_pubkey",
1151
+ "type": {
1152
+ "array": [
1153
+ "u8",
1154
+ 32
1155
+ ]
1156
+ }
1157
+ },
1158
+ {
1159
+ "name": "max_amount",
1160
+ "type": "u64"
1161
+ },
1162
+ {
1163
+ "name": "expires_at",
1164
+ "type": "i64"
1165
+ },
1166
+ {
1167
+ "name": "allowed_counterparty",
1168
+ "type": "pubkey"
1169
+ },
1170
+ {
1171
+ "name": "nonce",
1172
+ "type": "u32"
1173
+ },
1174
+ {
1175
+ "name": "spent",
1176
+ "type": "u64"
1177
+ }
1178
+ ]
1179
+ }
1180
+ },
1181
+ {
1182
+ "name": "SetSwigArgs",
1183
+ "type": {
1184
+ "kind": "struct",
1185
+ "fields": [
1186
+ {
1187
+ "name": "swig_address",
1188
+ "type": "pubkey"
1189
+ },
1190
+ {
1191
+ "name": "client_data_json",
1192
+ "docs": [
1193
+ "WebAuthn `clientDataJSON` produced by the browser. Must contain a",
1194
+ "`challenge` field equal to base64url(sha256(operation_message))."
1195
+ ],
1196
+ "type": "bytes"
1197
+ },
1198
+ {
1199
+ "name": "authenticator_data",
1200
+ "docs": [
1201
+ "WebAuthn `authenticatorData` produced by the authenticator (37+ bytes)."
1202
+ ],
1203
+ "type": "bytes"
1204
+ }
1205
+ ]
1206
+ }
1207
+ },
1208
+ {
1209
+ "name": "SetSwigAtomicArgs",
1210
+ "type": {
1211
+ "kind": "struct",
1212
+ "fields": [
1213
+ {
1214
+ "name": "swig_id",
1215
+ "docs": [
1216
+ "32-byte Swig ID (HMAC-derived client-side from identity_seed + hmac_key)."
1217
+ ],
1218
+ "type": {
1219
+ "array": [
1220
+ "u8",
1221
+ 32
1222
+ ]
1223
+ }
1224
+ },
1225
+ {
1226
+ "name": "swig_account_bump",
1227
+ "docs": [
1228
+ "Bump for swig_account."
1229
+ ],
1230
+ "type": "u8"
1231
+ },
1232
+ {
1233
+ "name": "swig_wallet_address_bump",
1234
+ "docs": [
1235
+ "Bump for swig_wallet_address PDA."
1236
+ ],
1237
+ "type": "u8"
1238
+ },
1239
+ {
1240
+ "name": "dexter_master_pubkey",
1241
+ "docs": [
1242
+ "Becomes role-2 (Ed25519Session) authority."
1243
+ ],
1244
+ "type": "pubkey"
1245
+ },
1246
+ {
1247
+ "name": "client_data_json",
1248
+ "docs": [
1249
+ "WebAuthn clientDataJSON (challenge = sha256(\"set_swig\" || swig_address_bytes))."
1250
+ ],
1251
+ "type": "bytes"
1252
+ },
1253
+ {
1254
+ "name": "authenticator_data",
1255
+ "docs": [
1256
+ "WebAuthn authenticatorData (37+ bytes)."
1257
+ ],
1258
+ "type": "bytes"
1259
+ }
1260
+ ]
1261
+ }
1262
+ },
1263
+ {
1264
+ "name": "SettleTabVoucherArgs",
1265
+ "type": {
1266
+ "kind": "struct",
1267
+ "fields": [
1268
+ {
1269
+ "name": "channel_id",
1270
+ "docs": [
1271
+ "Channel id from the voucher's payload — first 32 bytes of the",
1272
+ "44-byte message the session key signed."
1273
+ ],
1274
+ "type": {
1275
+ "array": [
1276
+ "u8",
1277
+ 32
1278
+ ]
1279
+ }
1280
+ },
1281
+ {
1282
+ "name": "cumulative_amount",
1283
+ "docs": [
1284
+ "Total cumulative amount this voucher authorizes. Must be > the",
1285
+ "vault's recorded `active_session.spent` (monotonic) and <= the",
1286
+ "session's `max_amount` cap."
1287
+ ],
1288
+ "type": "u64"
1289
+ },
1290
+ {
1291
+ "name": "sequence_number",
1292
+ "docs": [
1293
+ "Monotonic sequence number from the voucher payload. Stored as-is in",
1294
+ "the signed message; not currently used for replay defense (the",
1295
+ "`spent` monotonicity check covers replay) but reserved for future",
1296
+ "out-of-order voucher detection."
1297
+ ],
1298
+ "type": "u32"
1299
+ }
1300
+ ]
1301
+ }
1302
+ },
1303
+ {
1304
+ "name": "SettleVoucherArgs",
1305
+ "type": {
1306
+ "kind": "struct",
1307
+ "fields": [
1308
+ {
1309
+ "name": "amount",
1310
+ "type": "u64"
1311
+ },
1312
+ {
1313
+ "name": "increment",
1314
+ "type": "bool"
1315
+ }
1316
+ ]
1317
+ }
1318
+ },
1319
+ {
1320
+ "name": "Vault",
1321
+ "type": {
1322
+ "kind": "struct",
1323
+ "fields": [
1324
+ {
1325
+ "name": "version",
1326
+ "docs": [
1327
+ "Layout version. MUST be the first field so byte 0 of the deserialized",
1328
+ "account directly indicates which Vault generation this is. A program",
1329
+ "bound to v2 rejects (`VaultError::UnsupportedVaultVersion`) anything",
1330
+ "that isn't `VAULT_VERSION_V2`."
1331
+ ],
1332
+ "type": "u8"
1333
+ },
1334
+ {
1335
+ "name": "bump",
1336
+ "type": "u8"
1337
+ },
1338
+ {
1339
+ "name": "passkey_pubkey",
1340
+ "type": {
1341
+ "array": [
1342
+ "u8",
1343
+ 33
1344
+ ]
1345
+ }
1346
+ },
1347
+ {
1348
+ "name": "swig_address",
1349
+ "type": "pubkey"
1350
+ },
1351
+ {
1352
+ "name": "cooling_off_seconds",
1353
+ "docs": [
1354
+ "Minimum delay between `request_withdrawal` and `finalize_withdrawal`.",
1355
+ "`u32` because negative is meaningless and 136 years of seconds is plenty."
1356
+ ],
1357
+ "type": "u32"
1358
+ },
1359
+ {
1360
+ "name": "pending_voucher_count",
1361
+ "type": "u32"
1362
+ },
1363
+ {
1364
+ "name": "pending_withdrawal",
1365
+ "type": {
1366
+ "option": {
1367
+ "defined": {
1368
+ "name": "PendingWithdrawal"
1369
+ }
1370
+ }
1371
+ }
1372
+ },
1373
+ {
1374
+ "name": "identity_claim",
1375
+ "docs": [
1376
+ "Operator-defined opaque identity claim (formerly `supabase_user_id`).",
1377
+ "The protocol does not interpret these bytes; Dexter writes a Supabase",
1378
+ "UUID prefix, future operators may write whatever they want. Documented",
1379
+ "in the OTS spec as \"operator-defined\"."
1380
+ ],
1381
+ "type": {
1382
+ "array": [
1383
+ "u8",
1384
+ 32
1385
+ ]
1386
+ }
1387
+ },
1388
+ {
1389
+ "name": "dexter_authority",
1390
+ "docs": [
1391
+ "The session authority recorded at init — the ONLY key permitted to",
1392
+ "mutate `pending_voucher_count` (settle_voucher / force_release)."
1393
+ ],
1394
+ "type": "pubkey"
1395
+ },
1396
+ {
1397
+ "name": "active_session",
1398
+ "docs": [
1399
+ "Currently-authorized session key, if any. Written by `register_session_key`",
1400
+ "(passkey-signed), cleared by `revoke_session_key` (passkey-signed) or by",
1401
+ "the program when expiry is observed during a future read. v2 enforces",
1402
+ "at most one active session per vault; multi-seller / multi-session is",
1403
+ "future work (issue #5)."
1404
+ ],
1405
+ "type": {
1406
+ "option": {
1407
+ "defined": {
1408
+ "name": "SessionRegistration"
1409
+ }
1410
+ }
1411
+ }
1412
+ }
1413
+ ]
1414
+ }
1415
+ }
1416
+ ]
1417
+ }