@dexterai/vault 0.4.1 → 0.5.0

package/dist/tab/index.cjs

@@ -0,0 +1,640 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/tab/index.ts
+var tab_exports = {};
+__export(tab_exports, {
+  defaultAssembleSignV2: () => defaultAssembleSignV2,
+  drawCredit: () => drawCredit,
+  openTab: () => openTab,
+  readTabMeter: () => readTabMeter,
+  repayCredit: () => repayCredit,
+  seizeCollateral: () => seizeCollateral,
+  settleTab: () => settleTab
+});
+module.exports = __toCommonJS(tab_exports);
+
+// src/instructions/initialize.ts
+var import_web32 = require("@solana/web3.js");
+
+// src/constants/index.ts
+var import_web3 = require("@solana/web3.js");
+var DEXTER_VAULT_PROGRAM_ID = new import_web3.PublicKey(
+  "Hg3wRaydFtJhYrdvYrKECacpJYDsC9Px7yKmpncj2fhc"
+);
+var SWIG_PROGRAM_ID = new import_web3.PublicKey(
+  "swigypWHEksbC64pWKwah1WTeh9JXwx8H1rJHLdbQMB"
+);
+var SECP256R1_PROGRAM_ID = new import_web3.PublicKey(
+  "Secp256r1SigVerify1111111111111111111111111"
+);
+var ED25519_PROGRAM_ID = new import_web3.PublicKey(
+  "Ed25519SigVerify111111111111111111111111111"
+);
+var INSTRUCTIONS_SYSVAR_ID = new import_web3.PublicKey(
+  "Sysvar1nstructions1111111111111111111111111"
+);
+var USDC_MAINNET = "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";
+var VAULT_SEED_PREFIX = Buffer.from("vault");
+var LOCKED_CLAIM_SEED = Buffer.from("locked-claim");
+var DISCRIMINATORS = Object.freeze({
+  initialize_vault: Uint8Array.from([48, 191, 163, 44, 71, 129, 63, 164]),
+  set_swig: Uint8Array.from([253, 229, 89, 206, 192, 118, 137, 165]),
+  settle_voucher: Uint8Array.from([144, 176, 128, 220, 156, 79, 41, 54]),
+  request_withdrawal: Uint8Array.from([251, 85, 121, 205, 56, 201, 12, 177]),
+  finalize_withdrawal: Uint8Array.from([178, 87, 206, 68, 201, 186, 164, 232]),
+  force_release: Uint8Array.from([122, 190, 243, 252, 54, 202, 208, 234]),
+  rotate_passkey: Uint8Array.from([28, 134, 49, 89, 196, 34, 58, 174]),
+  rotate_dexter_authority: Uint8Array.from([145, 60, 4, 119, 180, 205, 236, 134]),
+  prove_passkey: Uint8Array.from([35, 175, 41, 143, 201, 118, 49, 184]),
+  settle_tab_voucher: Uint8Array.from([173, 22, 98, 31, 110, 129, 59, 161]),
+  register_session_key: Uint8Array.from([69, 94, 60, 44, 49, 199, 183, 233]),
+  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151]),
+  lock_voucher: Uint8Array.from([91, 138, 5, 227, 119, 239, 48, 254]),
+  settle_locked_voucher: Uint8Array.from([44, 80, 216, 43, 247, 253, 101, 45]),
+  transfer_lock_ownership: Uint8Array.from([193, 13, 131, 134, 95, 25, 229, 157]),
+  recover_abandoned_lock: Uint8Array.from([169, 213, 107, 64, 229, 49, 43, 234]),
+  open_standby: Uint8Array.from([234, 184, 232, 135, 246, 191, 90, 250]),
+  draw_credit: Uint8Array.from([20, 84, 47, 211, 78, 117, 195, 210]),
+  repay_credit: Uint8Array.from([38, 113, 240, 182, 109, 179, 154, 245]),
+  seize_collateral: Uint8Array.from([40, 250, 7, 243, 168, 184, 116, 154]),
+  migrate_v4_to_v5: Uint8Array.from([226, 105, 140, 184, 101, 39, 235, 116])
+});
+var OTS_SESSION_REGISTER_V1_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REGISTER_V1"), 0);
+  return buf;
+})();
+var OTS_SESSION_REGISTER_V2_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REGISTER_V2"), 0);
+  return buf;
+})();
+var OTS_SESSION_REVOKE_V1_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REVOKE_V1"), 0);
+  return buf;
+})();
+
+// src/instructions/setSwig.ts
+var import_web33 = require("@solana/web3.js");
+
+// src/instructions/setSwigAtomic.ts
+var import_web35 = require("@solana/web3.js");
+
+// src/instructions/swigBundle.ts
+var import_node_crypto = require("crypto");
+var import_kit = require("@swig-wallet/kit");
+var import_lib = require("@swig-wallet/lib");
+var import_kit2 = require("@solana/kit");
+var bs58Module = __toESM(require("bs58"), 1);
+var import_web34 = require("@solana/web3.js");
+var DEFAULT_SESSION_TTL_SECONDS = BigInt(30 * 24 * 60 * 60);
+var DEFAULT_SPEND_LIMIT_ATOMIC = BigInt(1e9);
+var SWIG_PROGRAM_EXEC_PREFIX = new Uint8Array([
+  178,
+  87,
+  206,
+  68,
+  201,
+  186,
+  164,
+  232
+]);
+var SWIG_PROGRAM_EXEC_PREFIX_SETTLE_TAB = new Uint8Array([
+  173,
+  22,
+  98,
+  31,
+  110,
+  129,
+  59,
+  161
+]);
+
+// src/instructions/setSwigAtomic.ts
+var SET_SWIG_ATOMIC_DISCRIMINATOR = new Uint8Array([
+  119,
+  111,
+  247,
+  215,
+  190,
+  3,
+  170,
+  23
+]);
+
+// src/instructions/registerSession.ts
+var import_web37 = require("@solana/web3.js");
+
+// src/instructions/withdraw.ts
+var import_web36 = require("@solana/web3.js");
+function deriveSwigWalletAddress(swigAddress) {
+  const [pda] = import_web36.PublicKey.findProgramAddressSync(
+    [Buffer.from("swig-wallet-address"), swigAddress.toBuffer()],
+    SWIG_PROGRAM_ID
+  );
+  return pda;
+}
+
+// src/instructions/revokeSession.ts
+var import_web38 = require("@solana/web3.js");
+
+// src/instructions/settleVoucher.ts
+var import_web39 = require("@solana/web3.js");
+function encodeU64(value) {
+  const out = Buffer.alloc(8);
+  out.writeBigUInt64LE(value, 0);
+  return out;
+}
+function encodeBool(value) {
+  return Buffer.from([value ? 1 : 0]);
+}
+function buildSettleVoucherInstruction(p) {
+  const argsBuf = Buffer.concat([encodeU64(p.amount), encodeBool(p.increment)]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.settle_voucher), argsBuf]);
+  return new import_web39.TransactionInstruction({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: p.dexterAuthority, isSigner: true, isWritable: false }
+    ],
+    data
+  });
+}
+
+// src/instructions/settleTabVoucher.ts
+var import_web310 = require("@solana/web3.js");
+function encodeFixedBytes(buf, len) {
+  if (buf.length !== len) {
+    throw new Error(`expected ${len} bytes, got ${buf.length}`);
+  }
+  return Buffer.from(buf);
+}
+function encodeU642(value) {
+  const out = Buffer.alloc(8);
+  out.writeBigUInt64LE(value, 0);
+  return out;
+}
+function encodeU32(value) {
+  const out = Buffer.alloc(4);
+  out.writeUInt32LE(value >>> 0, 0);
+  return out;
+}
+function buildSettleTabVoucherInstruction(p) {
+  if (p.channelId.length !== 32) {
+    throw new Error(`channelId must be 32 bytes, got ${p.channelId.length}`);
+  }
+  const argsBuf = Buffer.concat([
+    encodeFixedBytes(p.channelId, 32),
+    encodeU642(p.cumulativeAmount),
+    encodeU32(p.sequenceNumber)
+  ]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.settle_tab_voucher), argsBuf]);
+  const swigWalletAddress = deriveSwigWalletAddress(p.swigAddress);
+  return new import_web310.TransactionInstruction({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.swigAddress, isSigner: false, isWritable: false },
+      { pubkey: swigWalletAddress, isSigner: false, isWritable: false },
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: p.dexterAuthority, isSigner: true, isWritable: false },
+      { pubkey: import_web310.SYSVAR_INSTRUCTIONS_PUBKEY, isSigner: false, isWritable: false }
+    ],
+    data
+  });
+}
+
+// src/instructions/rotate.ts
+var import_web311 = require("@solana/web3.js");
+
+// src/instructions/provePasskey.ts
+var import_web312 = require("@solana/web3.js");
+
+// src/instructions/lockedClaim.ts
+var import_web313 = require("@solana/web3.js");
+
+// src/instructions/credit.ts
+var import_web314 = require("@solana/web3.js");
+function encodeU643(value) {
+  const out = Buffer.alloc(8);
+  out.writeBigUInt64LE(value, 0);
+  return out;
+}
+function encodeI64(value) {
+  const out = Buffer.alloc(8);
+  out.writeBigInt64LE(value, 0);
+  return out;
+}
+function buildDrawCreditInstruction(p) {
+  const data = Buffer.concat([
+    Buffer.from(DISCRIMINATORS.draw_credit),
+    encodeU643(p.amount),
+    encodeI64(p.recoveryWindowSeconds)
+  ]);
+  const financierSwigWalletAddress = deriveSwigWalletAddress(p.financierSwig);
+  return new import_web314.TransactionInstruction({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.financierSwig, isSigner: false, isWritable: false },
+      { pubkey: financierSwigWalletAddress, isSigner: false, isWritable: false },
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: p.dexterAuthority, isSigner: true, isWritable: false },
+      { pubkey: INSTRUCTIONS_SYSVAR_ID, isSigner: false, isWritable: false }
+    ],
+    data
+  });
+}
+function buildRepayCreditInstruction(p) {
+  const data = Buffer.concat([
+    Buffer.from(DISCRIMINATORS.repay_credit),
+    encodeU643(p.amount)
+  ]);
+  const swigWalletAddress = deriveSwigWalletAddress(p.swigAddress);
+  return new import_web314.TransactionInstruction({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.swigAddress, isSigner: false, isWritable: false },
+      { pubkey: swigWalletAddress, isSigner: false, isWritable: false },
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: p.dexterAuthority, isSigner: true, isWritable: false },
+      { pubkey: INSTRUCTIONS_SYSVAR_ID, isSigner: false, isWritable: false }
+    ],
+    data
+  });
+}
+function buildSeizeCollateralInstruction(p) {
+  const data = Buffer.from(DISCRIMINATORS.seize_collateral);
+  const swigWalletAddress = deriveSwigWalletAddress(p.swigAddress);
+  return new import_web314.TransactionInstruction({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.swigAddress, isSigner: false, isWritable: false },
+      { pubkey: swigWalletAddress, isSigner: false, isWritable: false },
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: p.dexterAuthority, isSigner: true, isWritable: false },
+      { pubkey: INSTRUCTIONS_SYSVAR_ID, isSigner: false, isWritable: false }
+    ],
+    data
+  });
+}
+
+// src/tab/openTab.ts
+async function openTab(p) {
+  const ix = buildSettleVoucherInstruction({
+    vaultPda: p.vaultPda,
+    amount: p.amount,
+    increment: true,
+    dexterAuthority: p.dexterAuthority
+  });
+  return [ix];
+}
+
+// src/messages/voucher.ts
+function voucherPayloadMessage(p) {
+  if (p.channelId.length !== 32) {
+    throw new Error(`channelId must be 32 bytes, got ${p.channelId.length}`);
+  }
+  const buf = new Uint8Array(44);
+  const view = new DataView(buf.buffer);
+  buf.set(p.channelId, 0);
+  view.setBigUint64(32, p.cumulativeAmount, true);
+  view.setUint32(40, p.sequenceNumber >>> 0, true);
+  return buf;
+}
+
+// src/messages/operations.ts
+var import_web315 = require("@solana/web3.js");
+
+// src/precompile/secp256r1.ts
+var import_web316 = require("@solana/web3.js");
+
+// src/precompile/ed25519.ts
+var import_web317 = require("@solana/web3.js");
+function buildEd25519VerifyInstruction(pubkey, signature, message) {
+  if (pubkey.length !== 32) throw new Error("pubkey must be 32 bytes");
+  if (signature.length !== 64) throw new Error("signature must be 64 bytes");
+  const NUM_SIG = 1;
+  const PADDING = 0;
+  const HEADER_LEN = 2;
+  const OFFSETS_LEN = 14;
+  const DATA_START = HEADER_LEN + OFFSETS_LEN;
+  const data = Buffer.alloc(DATA_START + pubkey.length + signature.length + message.length);
+  let off = 0;
+  data.writeUInt8(NUM_SIG, off);
+  off += 1;
+  data.writeUInt8(PADDING, off);
+  off += 1;
+  const pubkeyOffset = DATA_START;
+  const signatureOffset = pubkeyOffset + pubkey.length;
+  const messageOffset = signatureOffset + signature.length;
+  data.writeUInt16LE(signatureOffset, off);
+  off += 2;
+  data.writeUInt16LE(65535, off);
+  off += 2;
+  data.writeUInt16LE(pubkeyOffset, off);
+  off += 2;
+  data.writeUInt16LE(65535, off);
+  off += 2;
+  data.writeUInt16LE(messageOffset, off);
+  off += 2;
+  data.writeUInt16LE(message.length, off);
+  off += 2;
+  data.writeUInt16LE(65535, off);
+  off += 2;
+  Buffer.from(pubkey).copy(data, pubkeyOffset);
+  Buffer.from(signature).copy(data, signatureOffset);
+  Buffer.from(message).copy(data, messageOffset);
+  return new import_web317.TransactionInstruction({
+    programId: ED25519_PROGRAM_ID,
+    keys: [],
+    data
+  });
+}
+
+// src/reader/accountReader.ts
+var import_web318 = require("@solana/web3.js");
+var VERSION_OFFSET = 8;
+var SWIG_ADDRESS_OFFSET = 43;
+var PENDING_VOUCHER_COUNT_OFFSET = 79;
+var PENDING_WITHDRAWAL_TAG_OFFSET = 83;
+var PENDING_WITHDRAWAL_BODY_LEN = 48;
+var PENDING_WITHDRAWAL_BODY_START = PENDING_WITHDRAWAL_TAG_OFFSET + 1;
+var IDENTITY_CLAIM_LEN = 32;
+var PUBKEY_LEN = 32;
+var ACTIVE_SESSION_BODY_LEN = 92;
+var EMPTY_FULL = {
+  exists: false,
+  version: 0,
+  swigAddress: null,
+  dexterAuthority: null,
+  pendingVoucherCount: 0,
+  activeSession: null
+};
+async function readVaultFull(conn, vaultPda) {
+  const account = await conn.getAccountInfo(vaultPda, "confirmed");
+  if (!account) return EMPTY_FULL;
+  const data = account.data;
+  if (data.length < SWIG_ADDRESS_OFFSET + PUBKEY_LEN) return EMPTY_FULL;
+  const version = data.readUInt8(VERSION_OFFSET);
+  const swigAddress = new import_web318.PublicKey(
+    data.subarray(SWIG_ADDRESS_OFFSET, SWIG_ADDRESS_OFFSET + PUBKEY_LEN)
+  ).toBase58();
+  const pendingVoucherCount = data.readUInt32LE(PENDING_VOUCHER_COUNT_OFFSET);
+  const withdrawalTag = data[PENDING_WITHDRAWAL_TAG_OFFSET];
+  const afterWithdrawal = PENDING_WITHDRAWAL_BODY_START + (withdrawalTag === 1 ? PENDING_WITHDRAWAL_BODY_LEN : 0);
+  const dexterAuthorityOffset = afterWithdrawal + IDENTITY_CLAIM_LEN;
+  if (data.length < dexterAuthorityOffset + PUBKEY_LEN) {
+    return { ...EMPTY_FULL, exists: true, version, swigAddress, pendingVoucherCount };
+  }
+  const dexterAuthority = new import_web318.PublicKey(
+    data.subarray(dexterAuthorityOffset, dexterAuthorityOffset + PUBKEY_LEN)
+  ).toBase58();
+  const activeSessionTagOffset = dexterAuthorityOffset + PUBKEY_LEN;
+  let activeSession = null;
+  if (data.length > activeSessionTagOffset && data[activeSessionTagOffset] === 1) {
+    const bodyStart = activeSessionTagOffset + 1;
+    if (data.length >= bodyStart + ACTIVE_SESSION_BODY_LEN) {
+      activeSession = {
+        sessionPubkey: new Uint8Array(data.subarray(bodyStart, bodyStart + 32)),
+        maxAmount: data.readBigUInt64LE(bodyStart + 32),
+        expiresAt: Number(data.readBigInt64LE(bodyStart + 40)),
+        allowedCounterparty: new import_web318.PublicKey(
+          data.subarray(bodyStart + 48, bodyStart + 80)
+        ).toBase58(),
+        nonce: data.readUInt32LE(bodyStart + 80),
+        spent: data.readBigUInt64LE(bodyStart + 84)
+      };
+    }
+  }
+  return {
+    exists: true,
+    version,
+    swigAddress,
+    dexterAuthority,
+    pendingVoucherCount,
+    activeSession
+  };
+}
+
+// src/tab/assembleSignV2.ts
+var import_web320 = require("@solana/web3.js");
+var import_kit4 = require("@swig-wallet/kit");
+var import_kit5 = require("@solana/kit");
+var import_token = require("@solana-program/token");
+var import_spl_token = require("@solana/spl-token");
+
+// src/kit/index.ts
+var import_web319 = require("@solana/web3.js");
+var import_kit3 = require("@solana/kit");
+function kitInstructionsToWeb3(kitInstructions) {
+  return kitInstructions.map((ix) => {
+    const accounts = (ix.accounts ?? []).map((acc) => {
+      const role = acc.role;
+      const hasBooleanShape = typeof acc.signer === "boolean" || typeof acc.writable === "boolean";
+      let isSigner = false;
+      let isWritable = false;
+      if (hasBooleanShape) {
+        isSigner = Boolean(acc.signer);
+        isWritable = Boolean(acc.writable);
+      } else if (typeof role === "number") {
+        isSigner = role >= 2;
+        isWritable = role % 2 === 1;
+      } else if (typeof role === "string") {
+        const r = role.toLowerCase();
+        isSigner = r.endsWith("signer");
+        isWritable = r.startsWith("writable");
+      }
+      const addressSource = acc.address ?? acc.publicKey;
+      const pubkey = addressSource instanceof import_web319.PublicKey ? addressSource : typeof addressSource === "string" ? new import_web319.PublicKey(addressSource) : new import_web319.PublicKey(String(addressSource));
+      return { pubkey, isSigner, isWritable };
+    });
+    return new import_web319.TransactionInstruction({
+      programId: new import_web319.PublicKey(ix.programAddress ?? ix.programId),
+      keys: accounts,
+      data: Buffer.from(ix.data ?? [])
+    });
+  });
+}
+function getRpc(connection) {
+  const endpoint = connection._rpcEndpoint ?? connection.rpcEndpoint;
+  if (!endpoint) throw new Error("kit: cannot extract RPC endpoint from connection");
+  return (0, import_kit3.createSolanaRpc)(endpoint);
+}
+
+// src/tab/assembleSignV2.ts
+var VAULT_PROGRAM_EXEC_ROLE_ID = 1;
+var USDC_DECIMALS = 6;
+var defaultAssembleSignV2 = async (a) => {
+  const rpc = getRpc(a.connection);
+  const swig = await (0, import_kit4.fetchSwig)(rpc, (0, import_kit5.address)(a.swigAddress.toBase58()));
+  if (!swig) throw new Error(`tab: swig not found on-chain: ${a.swigAddress.toBase58()}`);
+  const swigWalletKitAddr = await (0, import_kit4.getSwigWalletAddress)(swig);
+  const swigWalletPda = new import_web320.PublicKey(String(swigWalletKitAddr));
+  const usdcMint = new import_web320.PublicKey(USDC_MAINNET);
+  const sourceAta = (0, import_spl_token.getAssociatedTokenAddressSync)(usdcMint, swigWalletPda, true);
+  const transferIxs = a.transfers.map(
+    (t) => (0, import_token.getTransferCheckedInstruction)({
+      source: (0, import_kit5.address)(sourceAta.toBase58()),
+      mint: (0, import_kit5.address)(usdcMint.toBase58()),
+      destination: (0, import_kit5.address)(t.destinationAta.toBase58()),
+      authority: swigWalletKitAddr,
+      amount: t.amount,
+      decimals: USDC_DECIMALS
+    })
+  );
+  const signIx = await (0, import_kit4.getSignInstructions)(
+    swig,
+    VAULT_PROGRAM_EXEC_ROLE_ID,
+    transferIxs,
+    false,
+    { payer: (0, import_kit5.address)(a.feePayer.toBase58()), preInstructions: [a.vaultIx] }
+  );
+  return kitInstructionsToWeb3(signIx);
+};
+
+// src/tab/settleTab.ts
+var defaultReadPriorSpent = async (connection, vaultPda) => {
+  const vault = await readVaultFull(connection, vaultPda);
+  const session = vault.activeSession;
+  if (!session) throw new Error("settleTab: no active session on vault");
+  return session.spent;
+};
+async function settleTab(p) {
+  const readPrior = p.readPriorSpent ?? defaultReadPriorSpent;
+  const priorSpent = await readPrior(p.connection, p.vaultPda);
+  if (p.cumulativeAmount <= priorSpent) {
+    throw new Error(
+      `settleTab: non-monotonic cumulative \u2014 ${p.cumulativeAmount} <= prior spent ${priorSpent}`
+    );
+  }
+  const delta = p.cumulativeAmount - priorSpent;
+  const message = voucherPayloadMessage({
+    channelId: p.channelId,
+    cumulativeAmount: p.cumulativeAmount,
+    sequenceNumber: p.sequenceNumber
+  });
+  const signature = await p.sessionSigner.sign(message);
+  const precompileIx = buildEd25519VerifyInstruction(
+    p.sessionSigner.publicKey,
+    signature,
+    message
+  );
+  const vaultIx = buildSettleTabVoucherInstruction({
+    vaultPda: p.vaultPda,
+    swigAddress: p.swigAddress,
+    dexterAuthority: p.dexterAuthority,
+    channelId: p.channelId,
+    cumulativeAmount: p.cumulativeAmount,
+    sequenceNumber: p.sequenceNumber
+  });
+  const assemble = p.assembleSignV2 ?? defaultAssembleSignV2;
+  const signV2Ixs = await assemble({
+    connection: p.connection,
+    swigAddress: p.swigAddress,
+    feePayer: p.feePayer,
+    vaultIx,
+    transfers: [{ destinationAta: p.sellerAta, amount: delta }]
+  });
+  return [precompileIx, vaultIx, ...signV2Ixs];
+}
+
+// src/tab/readTabMeter.ts
+async function readTabMeter(connection, vaultPda, read = readVaultFull) {
+  const vault = await read(connection, vaultPda);
+  const session = vault.activeSession;
+  if (!session) throw new Error("readTabMeter: no active session on vault");
+  const { spent, maxAmount } = session;
+  const raw = maxAmount - spent;
+  const remaining = raw > 0n ? raw : 0n;
+  return { spent, maxAmount, remaining };
+}
+
+// src/tab/credit.ts
+async function drawCredit(p) {
+  const vaultIx = buildDrawCreditInstruction({
+    financierSwig: p.financierSwig,
+    vaultPda: p.userVaultPda,
+    dexterAuthority: p.dexterAuthority,
+    amount: p.amount,
+    recoveryWindowSeconds: p.recoveryWindowSeconds
+  });
+  const assemble = p.assembleSignV2 ?? defaultAssembleSignV2;
+  const signV2Ixs = await assemble({
+    connection: p.connection,
+    swigAddress: p.financierSwig,
+    feePayer: p.feePayer,
+    vaultIx,
+    transfers: [{ destinationAta: p.sellerAta, amount: p.amount }]
+  });
+  return [vaultIx, ...signV2Ixs];
+}
+async function repayCredit(p) {
+  const vaultIx = buildRepayCreditInstruction({
+    swigAddress: p.userSwig,
+    vaultPda: p.userVaultPda,
+    dexterAuthority: p.dexterAuthority,
+    amount: p.amount
+  });
+  const assemble = p.assembleSignV2 ?? defaultAssembleSignV2;
+  const signV2Ixs = await assemble({
+    connection: p.connection,
+    swigAddress: p.userSwig,
+    feePayer: p.feePayer,
+    vaultIx,
+    transfers: [{ destinationAta: p.financierAta, amount: p.amount }]
+  });
+  return [vaultIx, ...signV2Ixs];
+}
+async function seizeCollateral(p) {
+  const vaultIx = buildSeizeCollateralInstruction({
+    swigAddress: p.userSwig,
+    vaultPda: p.userVaultPda,
+    dexterAuthority: p.dexterAuthority
+  });
+  const assemble = p.assembleSignV2 ?? defaultAssembleSignV2;
+  const signV2Ixs = await assemble({
+    connection: p.connection,
+    swigAddress: p.userSwig,
+    feePayer: p.feePayer,
+    vaultIx,
+    transfers: [{ destinationAta: p.financierAta, amount: p.seizeAmount }]
+  });
+  return [vaultIx, ...signV2Ixs];
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  defaultAssembleSignV2,
+  drawCredit,
+  openTab,
+  readTabMeter,
+  repayCredit,
+  seizeCollateral,
+  settleTab
+});