@dfm-fi/agent 0.2.0

package/README.md

@@ -0,0 +1,326 @@
+# @dfm-fi/agent — DFM v2 Agent Test Harness (MCP)
+
+An MCP (Model Context Protocol) server that lets an external AI agent drive the
+full DFM v2 **launch → deposit → redeem** DTF flow against the **live API**
+(`https://n2-api.dfm.finance/api/v2`) programmatically — no web-UI clicking.
+
+This is a **test harness for the founder + partner**: point your own AI agent
+(Claude Desktop / Claude Code / any MCP client) at the live closed-mainnet API,
+authenticate with your **own test-wallet keypair loaded locally**, and run the
+whole vault lifecycle — create a DTF, deposit USDC, redeem back to USDC — from
+the agent.
+
+> ⚠️ This is a **real-money Solana mainnet** system. Read the Security section.
+
+## Prerequisites
+
+- **Node 20+** (the repo targets Node; ESM build).
+- A clone of the `dfm-v2` monorepo with its workspace deps installed at the
+  repo root (this package uses the hoisted `node_modules` — do **not** run
+  `npm install` inside `agent/`).
+- A **dedicated throwaway Solana test wallet** (NOT the protocol wallet), funded
+  with a few dollars of **USDC** (mainnet mint `EPjFW…`) + a little **SOL** for
+  fees, and **allowlisted** for the closed alpha (send its pubkey to an admin).
+- For the write path only: a **Helius mainnet RPC URL** (`HELIUS_RPC_URL`).
+
+## Security model (read first)
+
+- The agent authenticates as **its own test wallet**, whose keypair is loaded
+  **locally by you** from a file path (`DFM_AGENT_KEYPAIR_PATH`) or an inline env
+  (`DFM_AGENT_KEYPAIR_JSON`). The keypair **never crosses the MCP boundary** — it
+  is never a tool argument, never in a tool result, never logged. Only the
+  **public key** is ever surfaced.
+- **Never** use the protocol wallet (`9GjE…`) here. Use a **dedicated throwaway
+  test wallet** funded with a few dollars of USDC. The harness hard-refuses to
+  load the known protocol pubkey as a tripwire.
+- The test wallet must be on the **closed-alpha access allowlist** — otherwise
+  SIWS sign-in is rejected **server-side** (403), so it can't reach any protected
+  endpoint. An admin adds it via the `/ops` Access panel (`POST /access/allowlist`).
+- All **real-money WRITE tools** (deposit / redeem) are **gated behind
+  `DFM_AGENT_WRITE_ENABLED=true` and default OFF**. With write off, those tools
+  refuse and never touch the chain or load the keypair.
+
+## Auth + signing flow (how it works)
+
+SIWS (Sign In With Solana), signed locally, exchanged for a Bearer session:
+
+1. `POST /auth/nonce { wallet }` → `{ nonce, message }` — the **server builds the
+   exact message** (domain-bound to `n2.dfm.finance`, nonce embedded).
+2. Sign **that exact message** locally with the test keypair (Ed25519 → base58).
+3. `POST /auth/siws { wallet, signature, message, client: 'native' }` →
+   `{ accessToken, … }`. The server also enforces the access gate here.
+4. Authed calls send `Authorization: Bearer <accessToken>`; a 401 triggers one
+   transparent re-auth + retry.
+
+The WRITE flows then follow **prepare → sign locally → submit → (confirm/poll)**:
+- **launch**: `/vaults/create/prepare` → one unsigned v0 tx → sign → submit →
+  `/vaults/create/confirm`.
+- **deposit / redeem**: `/zap-…-v2/open/prepare` → sign → submit → poll
+  `/zap-v2/status` until the backend orchestrator has cranked all swap legs →
+  `/zap-…-v2/close/prepare` → sign → submit. The agent signs **only** the two
+  user-side boundary transactions; the backend cranks the permissionless legs.
+
+## Tools
+
+| Tool | Surface | Endpoint | Notes |
+|------|---------|----------|-------|
+| `whoami` | read | `/access/status` | Test-wallet pubkey, cluster, write flag, gate status. **Call first.** |
+| `list_dtfs` | read | `GET /vaults` | Lists vaults (address, symbol, TVL, fees, basket). Public. |
+| `get_vault` | read | `GET /vaults/:address` | Full vault detail + weights + fee structure. Public. |
+| `zap_status` | read (auth) | `GET /vaults/:address/zap-v2/status/:user` | Decoded escrow + per-leg crank progress, or null. |
+| `get_portfolio` | read (auth) | `GET /portfolio` | Session wallet's positions (API reads wallet from JWT). |
+| `launch_vault` | **write (gated)** | `create prepare/confirm` | Create a DTF. Basket sums to 10000 bps, ≤15 assets. |
+| `deposit` | **write (gated)** | `zap-in-v2 open/close` | Full zap-in lifecycle. RAW 6dp USDC. Resumes an open escrow. |
+| `redeem` | **write (gated)** | `zap-out-v2 open/close` | Full zap-out lifecycle. RAW 6dp shares. Resumes an open escrow. |
+| `zap_v2_cancel` | **write (gated)** | `zap-v2/cancel/prepare` | Return a stalled escrow's holdings to the wallet, as-is. |
+| `zap_v2_update_envelope` | **write (gated)** | `zap-v2/update-envelope/prepare` | Loosen the pinned floors (auto-derived from the live escrow) to unstick a crank. |
+| `update_vault_assets` | **write (gated)** | `assets/prepare + confirm` | MANAGER: full-replace a vault's basket (sums to 10000, ≤15, no dupes; manual-mode + 24h timelock). Your own vault only. |
+| `update_management_fee` | **write (gated)** | `PATCH :address/fees` | MANAGER: set the management fee (≤2000 bps). Reverts on immutable-fee vaults (which is what this agent creates). |
+| `transfer_admin` | **write (gated)** | `:address/transfer-admin` | ⚠️ MANAGER, HIGH-SENSITIVITY: initiate handing vault control to another key (the new admin must ACCEPT). Your own vault only. |
+
+### Prompt-injection / safety model
+
+The harness is **boxed in by design**, so a prompt-injected agent (tricked by malicious text it reads while browsing vaults) is bounded:
+- **No "send funds to an address" tool exists.** `redeem` always pays *your own* wallet; `deposit` pulls from it. There is no way to route money to an attacker.
+- **Every write only touches a vault/wallet the signed-in test wallet OWNS or ADMINS** (the API enforces `vault.admin == caller`), and amounts/slippage are capped by the on-chain guards (≤10% slippage, per-leg `min_outs`, the drain-guard, $10 floor, ≤15 assets, immutable fees).
+- **The keypair never enters the agent's context** (only the pubkey), so injection can't exfiltrate it; the write-gate (`DFM_AGENT_WRITE_ENABLED`) is a hard local kill-switch.
+- So the worst a hijacked agent can do is make *you* mis-spend *your own* money within the contract limits — **never the protocol, never other users, never key theft.** The one action to watch is `transfer_admin` (it gives away control of your own vault) — only invoke it when you explicitly intend it, never inferred from a vault's name/description.
+
+## Install
+
+### One line — once `@dfm-fi/agent` is published to npm
+
+The package is **self-contained** (no monorepo deps) and ships its built `dist/`, so `npx` fetches + runs it — no clone, no build:
+
+**Claude Code:**
+```bash
+claude mcp add dfm \
+  --env DFM_AGENT_KEYPAIR_PATH=/abs/path/test-wallet.json \
+  --env HELIUS_RPC_URL=https://mainnet.helius-rpc.com/?api-key=YOUR_KEY \
+  --env DFM_AGENT_WRITE_ENABLED=true \
+  -- npx -y @dfm-fi/agent
+```
+
+**Claude Desktop** (`claude_desktop_config.json`):
+```json
+{
+  "mcpServers": {
+    "dfm": {
+      "command": "npx",
+      "args": ["-y", "@dfm-fi/agent"],
+      "env": {
+        "DFM_AGENT_KEYPAIR_PATH": "/abs/path/test-wallet.json",
+        "HELIUS_RPC_URL": "https://mainnet.helius-rpc.com/?api-key=YOUR_KEY",
+        "DFM_AGENT_WRITE_ENABLED": "true"
+      }
+    }
+  }
+}
+```
+(For read-only, drop `HELIUS_RPC_URL` + `DFM_AGENT_WRITE_ENABLED` — the read tools need neither.)
+
+> **Publish it (one-time, owner only):** `cd agent && npm login && npm publish --access public`. After that, everyone installs with the one-liner above. (Needs the `@dfm` npm scope — create it free on npmjs.com, or rename the package.)
+
+### From source — works today, no publish needed
+
+```bash
+cd dfm-v2/agent && npm run build      # tsc -b → dist/
+# then point your MCP client at the built binary (one line):
+claude mcp add dfm -- node /abs/path/dfm-v2/agent/dist/mcp-server.js
+```
+
+## Quick start (read-only — safe)
+
+```bash
+# Run the MCP server against the live API
+DFM_API_URL=https://n2-api.dfm.finance \
+DFM_AGENT_KEYPAIR_PATH=/abs/path/test-wallet.json \
+npm start                                   # = node dist/mcp-server.js
+```
+
+Or exercise the read path without MCP:
+
+```bash
+DFM_API_URL=https://n2-api.dfm.finance \
+DFM_AGENT_KEYPAIR_PATH=/abs/path/test-wallet.json \
+npx tsx src/examples/list-and-status.ts
+```
+
+## Loading the test keypair
+
+Generate a dedicated throwaway wallet and fund it with a little USDC + SOL:
+
+```bash
+solana-keygen new --no-bip39-passphrase -o ~/dfm-test-wallet.json
+solana-keygen pubkey ~/dfm-test-wallet.json   # send this pubkey to an admin to allowlist
+```
+
+Then either point the agent at the file (preferred):
+
+```bash
+export DFM_AGENT_KEYPAIR_PATH=$HOME/dfm-test-wallet.json
+```
+
+…or inline the JSON array (e.g. in a secret manager):
+
+```bash
+export DFM_AGENT_KEYPAIR_JSON="$(cat ~/dfm-test-wallet.json)"
+```
+
+## Enabling the real-money launch → deposit → redeem loop
+
+Only after the parent has reviewed the write path (`create-flow.ts`,
+`zap-v2-flow.ts`, `recovery-flow.ts`, `signing.ts`, `submit.ts`):
+
+```bash
+export DFM_API_URL=https://n2-api.dfm.finance
+export HELIUS_RPC_URL=https://mainnet.helius-rpc.com/?api-key=YOUR_KEY   # required for submit
+export DFM_AGENT_KEYPAIR_PATH=$HOME/dfm-test-wallet.json                 # allowlisted + funded
+export DFM_AGENT_WRITE_ENABLED=true                                     # the kill-switch
+
+# End-to-end example: launch a demo DTF, deposit $12, redeem the full position.
+# (Runs as a SAFE DRY-RUN — printing the calls it would make — when write is OFF.)
+npx tsx src/examples/launch-deposit-redeem.ts
+```
+
+### Copy-paste walkthrough (in an MCP client / agent)
+
+```
+1. whoami
+   → confirm the test-wallet pubkey + that accessGate.allowed is true.
+
+2. launch_vault
+   {
+     "name": "My First DTF",
+     "symbol": "MYDTF",
+     "assets": [
+       { "mint": "7vfCXTUXx5WJV5JADk17DUJ4ksgau7utNKj4b963voxs", "symbol": "ETH", "allocationBps": 5000 },
+       { "mint": "JUPyiwrYJFskUPiHa7hkeR8VUtAeFoSYbKedZNsDvCN", "symbol": "JUP", "allocationBps": 5000 }
+     ],
+     "managementFeeBps": 100,
+     "exitFeeBps": 100
+   }
+   → returns { vault: "<address>", signature, ... }. Note the vault address.
+   (These two mints are already registered + Pyth-mapped on mainnet. To use
+   others, list candidates with GET /assets and make sure each is registered.)
+
+3. deposit
+   { "vault": "<address from step 2>", "usdcAmount": "12000000" }   // $12 raw (6dp)
+   → drives open → orchestrator cranks → close; returns when shares are minted.
+
+4. get_portfolio
+   → read the resulting raw share balance for that vault.
+
+5. redeem
+   { "vault": "<address>", "shares": "<raw shares from step 4>" }
+   → drives open → cranks → close; returns net USDC paid (minus the 1% exit fee).
+
+If a deposit/redeem STALLS:
+   zap_status { vault, user }      → inspect per-leg crank progress + failures
+   zap_v2_update_envelope { vault } → loosen the floors 5% and let the crank retry
+   zap_v2_cancel { vault }          → give up and get the held funds back, as-is
+```
+
+Notes:
+- **Amounts are RAW 6-decimal**: $12 = `"12000000"`, 1 share = `"1000000"`.
+- The **first deposit** into a vault must clear ~**$12** so it stays above the
+  $10 floor after slippage.
+- `allocationBps` MUST sum to exactly **10000** across the basket; **≤15 assets**
+  on mainnet.
+- `deposit`/`redeem` are **resumable**: if a prior open landed but its close
+  never did, calling the same tool again resumes (poll → close) instead of
+  re-opening.
+
+## Configure Claude Desktop
+
+`~/Library/Application Support/Claude/claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "dfm": {
+      "command": "node",
+      "args": ["/abs/path/dfm-v2/agent/dist/mcp-server.js"],
+      "env": {
+        "DFM_API_URL": "https://n2-api.dfm.finance",
+        "DFM_AGENT_KEYPAIR_PATH": "/abs/path/dfm-test-wallet.json",
+        "SOLANA_CLUSTER": "mainnet-beta"
+      }
+    }
+  }
+}
+```
+
+(Leave `DFM_AGENT_WRITE_ENABLED` unset for a read-only agent. Add
+`HELIUS_RPC_URL` + `DFM_AGENT_WRITE_ENABLED=true` only when enabling writes.)
+
+## Environment variables
+
+| Variable | Required | Default | Description |
+|----------|----------|---------|-------------|
+| `DFM_API_URL` | No | `https://n2-api.dfm.finance` | API base (the `/api/v2` prefix is auto-appended). |
+| `DFM_AGENT_KEYPAIR_PATH` | For auth | — | Path to a Solana secret-key JSON file (preferred). The wallet must be **allowlisted** + **funded** (USDC + a little SOL). |
+| `DFM_AGENT_KEYPAIR_JSON` | For auth | — | The secret-key JSON array inline (alternative; e.g. injected from a secret manager). |
+| `DFM_AGENT_WRITE_ENABLED` | No | `false` | Master kill-switch for **all** write tools (launch/deposit/redeem/cancel/update-envelope). |
+| `HELIUS_RPC_URL` / `DFM_RPC_URL` | For write | — | RPC to submit signed txs (mainnet refuses the public RPC fallback). |
+| `SOLANA_CLUSTER` | No | `mainnet-beta` | `mainnet-beta` or `devnet`. |
+
+## Architecture
+
+```
+Agent / MCP client
+   │  stdio (MCP)
+   ▼
+MCP server (this package)
+   ├─ read tools ─────────► DFM v2 API (public + authed GET)
+   └─ write tools (gated) ─► DFM v2 API /prepare ──► unsigned v0 tx(s)
+                                  │
+                       sign LOCALLY with test keypair (signing.ts)
+                                  │
+                       submit via RPC (submit.ts) — rebroadcast in-window,
+                                  │                  re-prepare on blockhash expiry
+            ┌─────────────────────┴─────────────────────┐
+   launch:  confirm via /create/confirm     deposit/redeem:  poll /zap-v2/status
+                                                              until legs cranked,
+                                                              then /close → sign → submit
+```
+
+The backend orchestrator (server-side) cranks the permissionless Jupiter swap
+legs — the agent only signs the two user-side boundary transactions. The agent
+does **not** crank legs and does **not** hold the protocol key.
+
+## Source map
+
+| File | Role |
+|------|------|
+| `src/mcp-server.ts` | MCP stdio server; registers the 10 tools + the write gate. |
+| `src/config.ts` | Env → `AgentConfig` (API URL, cluster, RPC, write flag, keypair source). |
+| `src/session.ts` | SIWS sign-in → Bearer session; in-flight dedup; transparent re-auth on 401. |
+| `src/signing.ts` | The signing boundary — loads the local keypair, signs SIWS + v0 txs. Refuses the protocol wallet; never logs key material. |
+| `src/submit.ts` | RPC submit + confirm; rebroadcast in-window; `BlockhashExpiredError` / `OnChainRevertError`. |
+| `src/api-client.ts` | Typed DFM v2 API client (public + authed; create + zap-v2 prepare/confirm). |
+| `src/create-flow.ts` | `launch_vault` driver: prepare → sign → submit → confirm (+ ghost-vault recovery). |
+| `src/zap-v2-flow.ts` | `deposit` / `redeem` lifecycle drivers (resume-aware, close-retry). |
+| `src/recovery-flow.ts` | `zap_v2_cancel` + `zap_v2_update_envelope` (floors auto-derived from the live escrow). |
+| `src/types.ts` | Response shapes mirrored against the live API. |
+
+## What remains for the parent to review/enable
+
+All write tools are **fully implemented** but gated OFF (`DFM_AGENT_WRITE_ENABLED`
+unset). Before flipping the gate, review the real-money path (search for the
+`// REVIEW: real-money` markers):
+
+- **`launch_vault`** (`create-flow.ts`) — pulls the on-chain creation fee from
+  the test wallet; the test wallet becomes the vault admin. Confirm the basket /
+  fee defaults are what you want.
+- **`deposit` / `redeem`** (`zap-v2-flow.ts`) — move USDC ↔ shares. They are
+  resume-aware (won't double-open) and retry the close on blockhash expiry.
+- **`zap_v2_cancel` / `zap_v2_update_envelope`** (`recovery-flow.ts`) — stall
+  recovery. `update_envelope` only ever LOOSENS, with the new floors derived from
+  the live escrow's pinned `minOuts` (never hand-supplied).
+- **`signing.ts` / `submit.ts`** — the signing boundary + submit robustness.
+  Confirm the protocol-wallet tripwire + the "secret never leaves this module"
+  invariant.
+
+To roll back at any time: unset `DFM_AGENT_WRITE_ENABLED` (the write tools then
+refuse and never touch the chain or load the keypair).

package/dist/api-client.d.ts

@@ -0,0 +1,137 @@
+/**
+ * DFM v2 API client.
+ *
+ * Two request surfaces:
+ *   - `publicRequest` — no auth (for `GET /vaults`, `/vaults/:address`,
+ *     `/access/status`). These are `@Public()` on the API.
+ *   - `authRequest`   — attaches `Authorization: Bearer <token>` from the SIWS
+ *     session; on a 401 it re-authenticates once and retries. Used for
+ *     `/portfolio`, `/vaults/:address/zap-v2/status/:user`, and every
+ *     `/prepare` endpoint.
+ *
+ * All addresses are validated as base58 before hitting the network. The client
+ * NEVER sees the secret key — signing is delegated to `signing.ts` via the
+ * write methods, and auth is delegated to `SiwsSession`.
+ */
+import type { AgentConfig } from './config.js';
+import { SiwsSession } from './session.js';
+import type { VaultListResponse, VaultDetailResponse, ZapV2Status, ZapV2PrepareResponse, ZapV2SingleTxResponse, AccessStatus, CreateAssetInput, CreatePrepareResponse, CreateConfirmResponse } from './types.js';
+export declare class DfmApiClient {
+    private readonly session;
+    private readonly baseUrl;
+    constructor(config: AgentConfig, session: SiwsSession);
+    private publicRequest;
+    private authRequest;
+    /** `GET /vaults` (public). Supports the API's documented query params. */
+    listVaults(params?: {
+        category?: string;
+        dtfType?: string;
+        status?: string;
+        sortBy?: string;
+        page?: number;
+        limit?: number;
+    }): Promise<VaultListResponse>;
+    /** `GET /vaults/:address` (public) — wraps the doc under `{ vault, ... }`. */
+    getVault(address: string): Promise<VaultDetailResponse>;
+    /** `GET /access/status?wallet=` (public) — closed-alpha gate decision. */
+    getAccessStatus(wallet: string): Promise<AccessStatus>;
+    /**
+     * `GET /vaults/:address/zap-v2/status/:user` (auth) — decoded ZapEscrowV2 or
+     * null. The session wallet must equal `user` (or be the vault admin), else 403.
+     * Returns `null` when the user has no open escrow.
+     */
+    getZapV2Status(vaultAddress: string, user: string): Promise<ZapV2Status | null>;
+    /**
+     * `GET /portfolio` (auth) — the API reads the wallet from the JWT; there is NO
+     * portfolio-by-arbitrary-address endpoint. So this returns the SESSION
+     * wallet's positions. (To inspect another wallet you'd need that wallet's
+     * keypair / session.)
+     */
+    getPortfolioPositions(): Promise<unknown>;
+    /** `GET /portfolio/summary` (auth) — total value + PnL for the session wallet. */
+    getPortfolioSummary(): Promise<unknown>;
+    /** `POST /vaults/:address/zap-in-v2/open/prepare` — pull USDC, pin plan. */
+    prepareZapInOpenV2(vaultAddress: string, usdcAmountRaw: string, opts?: {
+        slippageBps?: number;
+        expirySecs?: number;
+    }): Promise<ZapV2PrepareResponse>;
+    /** `POST /vaults/:address/zap-in-v2/close/prepare` — CPI mint_in_kind_v2. */
+    prepareZapInCloseV2(vaultAddress: string): Promise<ZapV2PrepareResponse>;
+    /** `POST /vaults/:address/zap-out-v2/open/prepare` — burn shares → escrow. */
+    prepareZapOutOpenV2(vaultAddress: string, sharesRaw: string, opts?: {
+        slippageBps?: number;
+        expirySecs?: number;
+    }): Promise<ZapV2PrepareResponse>;
+    /** `POST /vaults/:address/zap-out-v2/close/prepare` — exit fee, pay net USDC. */
+    prepareZapOutCloseV2(vaultAddress: string): Promise<ZapV2PrepareResponse>;
+    /**
+     * `POST /vaults/:address/zap-v2/cancel/prepare` — return the escrow's current
+     * USDC + per-asset balances to the test wallet as-is (no swaps, no oracle),
+     * then close it. 404 server-side when no escrow is open. Single v0 tx.
+     */
+    prepareZapCancelV2(vaultAddress: string): Promise<ZapV2SingleTxResponse>;
+    /**
+     * `POST /vaults/:address/zap-v2/update-envelope/prepare` — LOOSEN the pinned
+     * per-leg floors + slippage (and optionally extend expiry) so a stalled escrow
+     * can complete. Monotonic loosening is enforced on-chain; the API rejects any
+     * non-positive `newMinOuts`. Single v0 tx.
+     */
+    prepareUpdateEnvelopeV2(vaultAddress: string, body: {
+        newMinOuts: string[];
+        newSlippageBps: number;
+        newMinUsdcOut?: string;
+        extendSecs?: number;
+    }): Promise<ZapV2SingleTxResponse>;
+    /**
+     * `POST /vaults/create/prepare` — build the on-chain `create_vault` tx. The
+     * creator is the SESSION wallet (from the JWT), not a body field. Returns a
+     * single unsigned v0 tx + the `vaultAddress` PDA + a server-built ALT.
+     */
+    prepareCreateVault(params: {
+        name: string;
+        symbol: string;
+        dtfType: string;
+        category: number;
+        assets: CreateAssetInput[];
+        entryFeeBps: number;
+        exitFeeBps: number;
+        managementFeeBps: number;
+        description?: string;
+        metadataUri?: string;
+        rebalanceType?: number;
+        rebalanceThresholdBps?: number;
+        tags?: number[];
+        immutable?: boolean;
+    }): Promise<CreatePrepareResponse>;
+    /**
+     * `POST /vaults/create/confirm` — record the vault doc after the create tx
+     * confirms. Only `signature` + `vaultAddress` are authoritative; the API reads
+     * the economic params back from its prepare-cache (so they can't be tampered
+     * post-prepare). MUST be called inside the cache TTL (~15 min).
+     */
+    confirmCreateVault(signature: string, vaultAddress: string): Promise<CreateConfirmResponse>;
+    /**
+     * `POST /vaults/:address/assets/prepare` (vault admin) — build an
+     * `update_vault_assets` FULL-REPLACE basket tx. The API enforces the same
+     * guards as the chain (manual mode, 24h timelock, Σ bps == 10000, no dupes,
+     * ≤15 on mainnet) → clean 4xx instead of a chain revert.
+     */
+    prepareUpdateAssets(vaultAddress: string, assets: CreateAssetInput[]): Promise<ZapV2SingleTxResponse>;
+    /** `POST /vaults/:address/assets/confirm` — record the basket change post-broadcast. */
+    confirmUpdateAssets(vaultAddress: string, signature: string): Promise<{
+        status: string;
+        signature: string;
+    }>;
+    /**
+     * `PATCH /vaults/:address/fees` (vault admin) — build an `update_management_fee`
+     * tx (bps ≤2000). Reverts on a fees-immutable vault.
+     */
+    prepareUpdateManagementFee(vaultAddress: string, managementFeeBps: number): Promise<ZapV2SingleTxResponse>;
+    /**
+     * `POST /vaults/:address/transfer-admin` (vault admin) — initiate transferring
+     * vault admin to `newAdmin` (the new admin must ACCEPT separately). HIGH
+     * sensitivity — gates the agent's `transfer_admin` tool.
+     */
+    prepareTransferAdmin(vaultAddress: string, newAdmin: string): Promise<ZapV2SingleTxResponse>;
+}
+//# sourceMappingURL=api-client.d.ts.map

package/dist/api-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-client.d.ts","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,KAAK,EACV,iBAAiB,EACjB,mBAAmB,EACnB,WAAW,EACX,oBAAoB,EACpB,qBAAqB,EACrB,YAAY,EACZ,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACtB,MAAM,YAAY,CAAC;AAUpB,qBAAa,YAAY;IAKrB,OAAO,CAAC,QAAQ,CAAC,OAAO;IAJ1B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAG/B,MAAM,EAAE,WAAW,EACF,OAAO,EAAE,WAAW;YAOzB,aAAa;YAYb,WAAW;IA6BzB,0EAA0E;IACpE,UAAU,CAAC,MAAM,CAAC,EAAE;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAY9B,8EAA8E;IACxE,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAK7D,0EAA0E;IACpE,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAK5D;;;;OAIG;IACG,cAAc,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAQrF;;;;;OAKG;IACG,qBAAqB,IAAI,OAAO,CAAC,OAAO,CAAC;IAI/C,kFAAkF;IAC5E,mBAAmB,IAAI,OAAO,CAAC,OAAO,CAAC;IAW7C,4EAA4E;IACtE,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,MAAM,EACrB,IAAI,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,GACnD,OAAO,CAAC,oBAAoB,CAAC;IAQhC,6EAA6E;IACvE,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAQ9E,8EAA8E;IACxE,mBAAmB,CACvB,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,MAAM,EACjB,IAAI,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,GACnD,OAAO,CAAC,oBAAoB,CAAC;IAQhC,iFAAiF;IAC3E,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAQ/E;;;;OAIG;IACG,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAQ9E;;;;;OAKG;IACG,uBAAuB,CAC3B,YAAY,EAAE,MAAM,EACpB,IAAI,EAAE;QACJ,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,cAAc,EAAE,MAAM,CAAC;QACvB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GACA,OAAO,CAAC,qBAAqB,CAAC;IAejC;;;;OAIG;IACG,kBAAkB,CAAC,MAAM,EAAE;QAC/B,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,gBAAgB,EAAE,CAAC;QAC3B,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,gBAAgB,EAAE,MAAM,CAAC;QACzB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,qBAAqB,CAAC,EAAE,MAAM,CAAC;QAC/B,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAChB,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAOlC;;;;;OAKG;IACG,kBAAkB,CACtB,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,qBAAqB,CAAC;IAYjC;;;;;OAKG;IACG,mBAAmB,CACvB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,gBAAgB,EAAE,GACzB,OAAO,CAAC,qBAAqB,CAAC;IAQjC,wFAAwF;IAClF,mBAAmB,CACvB,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAQjD;;;OAGG;IACG,0BAA0B,CAC9B,YAAY,EAAE,MAAM,EACpB,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,qBAAqB,CAAC;IAQjC;;;;OAIG;IACG,oBAAoB,CACxB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,qBAAqB,CAAC;CAQlC"}