@enshell/sdk 0.1.0-beta.1 → 0.1.0-beta.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client.d.ts +38 -2
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +106 -18
- package/dist/client.js.map +1 -1
- package/dist/contract.d.ts +1 -1
- package/dist/contract.d.ts.map +1 -1
- package/dist/contract.js +15 -5
- package/dist/contract.js.map +1 -1
- package/dist/crypto.d.ts +24 -0
- package/dist/crypto.d.ts.map +1 -0
- package/dist/crypto.js +37 -0
- package/dist/crypto.js.map +1 -0
- package/dist/ens.d.ts +20 -0
- package/dist/ens.d.ts.map +1 -0
- package/dist/ens.js +70 -0
- package/dist/ens.js.map +1 -0
- package/dist/index.d.ts +5 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -1
- package/dist/index.js.map +1 -1
- package/dist/networks.d.ts +5 -0
- package/dist/networks.d.ts.map +1 -1
- package/dist/networks.js +11 -1
- package/dist/networks.js.map +1 -1
- package/dist/relay.d.ts +28 -0
- package/dist/relay.d.ts.map +1 -0
- package/dist/relay.js +57 -0
- package/dist/relay.js.map +1 -0
- package/dist/types.d.ts +21 -12
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +7 -6
- package/dist/types.js.map +1 -1
- package/package.json +2 -1
package/dist/client.d.ts
CHANGED
|
@@ -1,18 +1,54 @@
|
|
|
1
|
-
import
|
|
1
|
+
import { ActionDecision } from "./types.js";
|
|
2
|
+
import type { ENShellConfig, Agent, RegisterAgentOptions, ActionResult, QueuedAction, ProtectOptions, ProtectResult } from "./types.js";
|
|
2
3
|
export declare class ENShell {
|
|
3
4
|
private contract;
|
|
4
5
|
private config;
|
|
5
6
|
constructor(config: ENShellConfig);
|
|
7
|
+
/**
|
|
8
|
+
* Full registration: creates ENS subdomain + registers on firewall + sets targets.
|
|
9
|
+
* Use this for a simple one-call flow.
|
|
10
|
+
*/
|
|
6
11
|
registerAgent(agentId: string, options: RegisterAgentOptions): Promise<void>;
|
|
12
|
+
/**
|
|
13
|
+
* Create the ENS subdomain for an agent (e.g. trader.enshell.eth).
|
|
14
|
+
* Sets the default avatar text record on the subdomain.
|
|
15
|
+
*/
|
|
16
|
+
createAgentSubdomain(agentId: string): Promise<void>;
|
|
17
|
+
/**
|
|
18
|
+
* Register an agent on the firewall contract and set allowed targets.
|
|
19
|
+
* Call this after createAgentSubdomain() if you want separate steps,
|
|
20
|
+
* or use registerAgent() for both in one call.
|
|
21
|
+
*/
|
|
22
|
+
registerAgentOnChain(agentId: string, options: RegisterAgentOptions): Promise<void>;
|
|
7
23
|
getAgent(agentId: string): Promise<Agent>;
|
|
8
24
|
getAgentCount(): Promise<bigint>;
|
|
9
25
|
deactivateAgent(agentId: string): Promise<void>;
|
|
10
26
|
reactivateAgent(agentId: string): Promise<void>;
|
|
11
27
|
setAllowedTarget(agentId: string, target: string, allowed: boolean): Promise<void>;
|
|
12
28
|
isTargetAllowed(agentId: string, target: string): Promise<boolean>;
|
|
13
|
-
submitAction(agentId: string, target: string, value: string, data: string,
|
|
29
|
+
submitAction(agentId: string, target: string, value: string, data: string, instructionHash: string): Promise<ActionResult>;
|
|
14
30
|
approveAction(actionId: bigint): Promise<void>;
|
|
15
31
|
rejectAction(actionId: bigint): Promise<void>;
|
|
16
32
|
getQueuedAction(actionId: bigint): Promise<QueuedAction>;
|
|
33
|
+
isTrusted(agentId: string): Promise<boolean>;
|
|
34
|
+
/**
|
|
35
|
+
* Submit an action through the ENShell firewall.
|
|
36
|
+
*
|
|
37
|
+
* 1. Hashes the instruction
|
|
38
|
+
* 2. Encrypts the instruction with the CRE oracle's public key
|
|
39
|
+
* 3. Ships the encrypted payload to the relay
|
|
40
|
+
* 4. Submits the action to the contract (queued for CRE analysis)
|
|
41
|
+
* 5. Returns a ProtectResult with a waitForResolution() helper
|
|
42
|
+
*/
|
|
43
|
+
protect(agentId: string, options: ProtectOptions): Promise<ProtectResult>;
|
|
44
|
+
/**
|
|
45
|
+
* Poll the contract until a queued action is resolved.
|
|
46
|
+
* Returns the final decision (APPROVED, ESCALATED, or BLOCKED).
|
|
47
|
+
*
|
|
48
|
+
* @param actionId - The queued action ID
|
|
49
|
+
* @param pollIntervalMs - Polling interval in milliseconds (default 5000)
|
|
50
|
+
* @param timeoutMs - Maximum wait time in milliseconds (default 5 minutes)
|
|
51
|
+
*/
|
|
52
|
+
waitForResolution(actionId: bigint, pollIntervalMs?: number, timeoutMs?: number): Promise<ActionDecision>;
|
|
17
53
|
}
|
|
18
54
|
//# sourceMappingURL=client.d.ts.map
|
package/dist/client.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,KAAK,EACV,aAAa,EACb,KAAK,EACL,oBAAoB,EACpB,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,aAAa,EACd,MAAM,YAAY,CAAC;AAEpB,qBAAa,OAAO;IAClB,OAAO,CAAC,QAAQ,CAAW;IAC3B,OAAO,CAAC,MAAM,CAAgB;gBAElB,MAAM,EAAE,aAAa;IAkBjC;;;OAGG;IACG,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,IAAI,CAAC;IAKhB;;;OAGG;IACG,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI1D;;;;OAIG;IACG,oBAAoB,CACxB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,IAAI,CAAC;IA4BV,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAczC,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAIhC,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK/C,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/C,gBAAgB,CACpB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,IAAI,CAAC;IAKV,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAMlE,YAAY,CAChB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,YAAY,CAAC;IA4BlB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK9C,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK7C,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAgBxD,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAMlD;;;;;;;;OAQG;IACG,OAAO,CACX,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,aAAa,CAAC;IA6BzB;;;;;;;OAOG;IACG,iBAAiB,CACrB,QAAQ,EAAE,MAAM,EAChB,cAAc,SAAO,EACrB,SAAS,SAAU,GAClB,OAAO,CAAC,cAAc,CAAC;CAoB3B"}
|
package/dist/client.js
CHANGED
|
@@ -1,7 +1,10 @@
|
|
|
1
|
-
import { parseEther } from "ethers";
|
|
1
|
+
import { parseEther, keccak256, toUtf8Bytes } from "ethers";
|
|
2
2
|
import { getFirewallContract } from "./contract.js";
|
|
3
3
|
import { NETWORK_CONFIG } from "./networks.js";
|
|
4
|
-
import {
|
|
4
|
+
import { computeEnsNode, createSubdomain } from "./ens.js";
|
|
5
|
+
import { encryptForOracle } from "./crypto.js";
|
|
6
|
+
import { RelayClient } from "./relay.js";
|
|
7
|
+
import { ActionDecision } from "./types.js";
|
|
5
8
|
export class ENShell {
|
|
6
9
|
contract;
|
|
7
10
|
config;
|
|
@@ -15,9 +18,38 @@ export class ENShell {
|
|
|
15
18
|
this.contract = getFirewallContract(address, config.signer);
|
|
16
19
|
}
|
|
17
20
|
// -- Agent Management --
|
|
21
|
+
/**
|
|
22
|
+
* Full registration: creates ENS subdomain + registers on firewall + sets targets.
|
|
23
|
+
* Use this for a simple one-call flow.
|
|
24
|
+
*/
|
|
18
25
|
async registerAgent(agentId, options) {
|
|
19
|
-
|
|
20
|
-
await
|
|
26
|
+
await this.createAgentSubdomain(agentId);
|
|
27
|
+
await this.registerAgentOnChain(agentId, options);
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Create the ENS subdomain for an agent (e.g. trader.enshell.eth).
|
|
31
|
+
* Sets the default avatar text record on the subdomain.
|
|
32
|
+
*/
|
|
33
|
+
async createAgentSubdomain(agentId) {
|
|
34
|
+
await createSubdomain(agentId, this.config.network, this.config.signer);
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Register an agent on the firewall contract and set allowed targets.
|
|
38
|
+
* Call this after createAgentSubdomain() if you want separate steps,
|
|
39
|
+
* or use registerAgent() for both in one call.
|
|
40
|
+
*/
|
|
41
|
+
async registerAgentOnChain(agentId, options) {
|
|
42
|
+
const ensNode = computeEnsNode(agentId, this.config.network);
|
|
43
|
+
try {
|
|
44
|
+
const tx = await this.contract.registerAgentSimple(agentId, ensNode, options.agentAddress, parseEther(options.spendLimit));
|
|
45
|
+
await tx.wait();
|
|
46
|
+
}
|
|
47
|
+
catch (err) {
|
|
48
|
+
if (err.message?.includes("Agent already registered")) {
|
|
49
|
+
throw new Error(`Agent "${agentId}" is already registered`);
|
|
50
|
+
}
|
|
51
|
+
throw err;
|
|
52
|
+
}
|
|
21
53
|
if (options.allowedTargets && options.allowedTargets.length > 0) {
|
|
22
54
|
const targetTx = await this.contract.setAllowedTargets(agentId, options.allowedTargets, true);
|
|
23
55
|
await targetTx.wait();
|
|
@@ -56,30 +88,24 @@ export class ENShell {
|
|
|
56
88
|
return this.contract.isTargetAllowed(agentId, target);
|
|
57
89
|
}
|
|
58
90
|
// -- Action Submission --
|
|
59
|
-
async submitAction(agentId, target, value, data,
|
|
60
|
-
const tx = await this.contract.submitAction(agentId, target, parseEther(value), data,
|
|
91
|
+
async submitAction(agentId, target, value, data, instructionHash) {
|
|
92
|
+
const tx = await this.contract.submitAction(agentId, target, parseEther(value), data, instructionHash);
|
|
61
93
|
const receipt = await tx.wait();
|
|
62
94
|
const iface = this.contract.interface;
|
|
63
95
|
for (const log of receipt.logs) {
|
|
64
96
|
try {
|
|
65
97
|
const parsed = iface.parseLog(log);
|
|
66
|
-
if (parsed?.name === "
|
|
67
|
-
return { actionId: parsed.args[0]
|
|
68
|
-
}
|
|
69
|
-
if (parsed?.name === "ActionEscalated") {
|
|
70
|
-
return { actionId: parsed.args[0], status: ActionStatus.ESCALATED };
|
|
71
|
-
}
|
|
72
|
-
if (parsed?.name === "ActionBlocked") {
|
|
73
|
-
return { actionId: parsed.args[0], status: ActionStatus.BLOCKED };
|
|
98
|
+
if (parsed?.name === "ActionSubmitted") {
|
|
99
|
+
return { actionId: parsed.args[0] };
|
|
74
100
|
}
|
|
75
101
|
}
|
|
76
102
|
catch {
|
|
77
103
|
// Skip logs from other contracts
|
|
78
104
|
}
|
|
79
105
|
}
|
|
80
|
-
throw new Error("Could not determine action
|
|
106
|
+
throw new Error("Could not determine action ID from transaction logs");
|
|
81
107
|
}
|
|
82
|
-
// -- Ledger Approval --
|
|
108
|
+
// -- Ledger Approval (for escalated actions) --
|
|
83
109
|
async approveAction(actionId) {
|
|
84
110
|
const tx = await this.contract.approveAction(actionId);
|
|
85
111
|
await tx.wait();
|
|
@@ -95,11 +121,73 @@ export class ENShell {
|
|
|
95
121
|
target: raw.target,
|
|
96
122
|
value: raw.value,
|
|
97
123
|
data: raw.data,
|
|
98
|
-
|
|
99
|
-
threatScore: raw.threatScore,
|
|
124
|
+
instructionHash: raw.instructionHash,
|
|
100
125
|
queuedAt: raw.queuedAt,
|
|
101
126
|
resolved: raw.resolved,
|
|
127
|
+
decision: Number(raw.decision),
|
|
102
128
|
};
|
|
103
129
|
}
|
|
130
|
+
// -- Trust Mesh --
|
|
131
|
+
async isTrusted(agentId) {
|
|
132
|
+
return this.contract.isTrusted(agentId);
|
|
133
|
+
}
|
|
134
|
+
// -- Protect (core firewall method) --
|
|
135
|
+
/**
|
|
136
|
+
* Submit an action through the ENShell firewall.
|
|
137
|
+
*
|
|
138
|
+
* 1. Hashes the instruction
|
|
139
|
+
* 2. Encrypts the instruction with the CRE oracle's public key
|
|
140
|
+
* 3. Ships the encrypted payload to the relay
|
|
141
|
+
* 4. Submits the action to the contract (queued for CRE analysis)
|
|
142
|
+
* 5. Returns a ProtectResult with a waitForResolution() helper
|
|
143
|
+
*/
|
|
144
|
+
async protect(agentId, options) {
|
|
145
|
+
const { instruction, tx } = options;
|
|
146
|
+
const target = tx.to;
|
|
147
|
+
const value = tx.value ?? "0";
|
|
148
|
+
const data = tx.data ?? "0x";
|
|
149
|
+
// 1. Hash the instruction
|
|
150
|
+
const instructionHash = keccak256(toUtf8Bytes(instruction));
|
|
151
|
+
// 2. Encrypt and relay (if oracle public key is configured)
|
|
152
|
+
if (this.config.oraclePublicKey) {
|
|
153
|
+
const encrypted = encryptForOracle(instruction, this.config.oraclePublicKey);
|
|
154
|
+
const networkConfig = NETWORK_CONFIG[this.config.network];
|
|
155
|
+
const relay = new RelayClient(networkConfig.relayUrl);
|
|
156
|
+
await relay.put(instructionHash, encrypted);
|
|
157
|
+
}
|
|
158
|
+
// 3. Submit to contract
|
|
159
|
+
const result = await this.submitAction(agentId, target, value, data, instructionHash);
|
|
160
|
+
// 4. Return result with resolution helper
|
|
161
|
+
return {
|
|
162
|
+
actionId: result.actionId,
|
|
163
|
+
instructionHash,
|
|
164
|
+
tx: { to: target, value, data },
|
|
165
|
+
waitForResolution: () => this.waitForResolution(result.actionId),
|
|
166
|
+
};
|
|
167
|
+
}
|
|
168
|
+
/**
|
|
169
|
+
* Poll the contract until a queued action is resolved.
|
|
170
|
+
* Returns the final decision (APPROVED, ESCALATED, or BLOCKED).
|
|
171
|
+
*
|
|
172
|
+
* @param actionId - The queued action ID
|
|
173
|
+
* @param pollIntervalMs - Polling interval in milliseconds (default 5000)
|
|
174
|
+
* @param timeoutMs - Maximum wait time in milliseconds (default 5 minutes)
|
|
175
|
+
*/
|
|
176
|
+
async waitForResolution(actionId, pollIntervalMs = 5000, timeoutMs = 300_000) {
|
|
177
|
+
const start = Date.now();
|
|
178
|
+
while (Date.now() - start < timeoutMs) {
|
|
179
|
+
const action = await this.getQueuedAction(actionId);
|
|
180
|
+
if (action.decision !== ActionDecision.PENDING) {
|
|
181
|
+
// If escalated but not yet resolved by Ledger, keep polling
|
|
182
|
+
if (action.decision === ActionDecision.ESCALATED && !action.resolved) {
|
|
183
|
+
await new Promise((r) => setTimeout(r, pollIntervalMs));
|
|
184
|
+
continue;
|
|
185
|
+
}
|
|
186
|
+
return action.decision;
|
|
187
|
+
}
|
|
188
|
+
await new Promise((r) => setTimeout(r, pollIntervalMs));
|
|
189
|
+
}
|
|
190
|
+
throw new Error(`Action #${actionId} resolution timed out after ${timeoutMs / 1000}s`);
|
|
191
|
+
}
|
|
104
192
|
}
|
|
105
193
|
//# sourceMappingURL=client.js.map
|
package/dist/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAY,UAAU,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAY,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAW5C,MAAM,OAAO,OAAO;IACV,QAAQ,CAAW;IACnB,MAAM,CAAgB;IAE9B,YAAY,MAAqB;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,MAAM,OAAO,GACX,MAAM,CAAC,eAAe;YACtB,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,eAAe,CAAC;QAEjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,CAAC,OAAO,EAAE,CAC/D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,yBAAyB;IAEzB;;;OAGG;IACH,KAAK,CAAC,aAAa,CACjB,OAAe,EACf,OAA6B;QAE7B,MAAM,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACzC,MAAM,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,oBAAoB,CAAC,OAAe;QACxC,MAAM,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1E,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,oBAAoB,CACxB,OAAe,EACf,OAA6B;QAE7B,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAE7D,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAChD,OAAO,EACP,OAAO,EACP,OAAO,CAAC,YAAY,EACpB,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAC/B,CAAC;YACF,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;QAClB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CAAC,UAAU,OAAO,yBAAyB,CAAC,CAAC;YAC9D,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,IAAI,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CACpD,OAAO,EACP,OAAO,CAAC,cAAc,EACtB,IAAI,CACL,CAAC;YACF,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAe;QAC5B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,eAAe,EAAE,GAAG,CAAC,eAAe;YACpC,YAAY,EAAE,GAAG,CAAC,YAAY;SAC/B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,OAAO,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAe;QACnC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAe;QACnC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,2BAA2B;IAE3B,KAAK,CAAC,gBAAgB,CACpB,OAAe,EACf,MAAc,EACd,OAAgB;QAEhB,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC1E,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAe,EAAE,MAAc;QACnD,OAAO,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAED,0BAA0B;IAE1B,KAAK,CAAC,YAAY,CAChB,OAAe,EACf,MAAc,EACd,KAAa,EACb,IAAY,EACZ,eAAuB;QAEvB,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CACzC,OAAO,EACP,MAAM,EACN,UAAU,CAAC,KAAK,CAAC,EACjB,IAAI,EACJ,eAAe,CAChB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;QAEhC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAEtC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBACnC,IAAI,MAAM,EAAE,IAAI,KAAK,iBAAiB,EAAE,CAAC;oBACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,iCAAiC;YACnC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,gDAAgD;IAEhD,KAAK,CAAC,aAAa,CAAC,QAAgB;QAClC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACvD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACtD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,QAAgB;QACpC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,eAAe,EAAE,GAAG,CAAC,eAAe;YACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;SAC/B,CAAC;IACJ,CAAC;IAED,mBAAmB;IAEnB,KAAK,CAAC,SAAS,CAAC,OAAe;QAC7B,OAAO,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,uCAAuC;IAEvC;;;;;;;;OAQG;IACH,KAAK,CAAC,OAAO,CACX,OAAe,EACf,OAAuB;QAEvB,MAAM,EAAE,WAAW,EAAE,EAAE,EAAE,GAAG,OAAO,CAAC;QACpC,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,IAAI,GAAG,CAAC;QAC9B,MAAM,IAAI,GAAG,EAAE,CAAC,IAAI,IAAI,IAAI,CAAC;QAE7B,0BAA0B;QAC1B,MAAM,eAAe,GAAG,SAAS,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC;QAE5D,4DAA4D;QAC5D,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YAChC,MAAM,SAAS,GAAG,gBAAgB,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YAC7E,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC1D,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;YACtD,MAAM,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAC9C,CAAC;QAED,wBAAwB;QACxB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,eAAe,CAAC,CAAC;QAEtF,0CAA0C;QAC1C,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,eAAe;YACf,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE;YAC/B,iBAAiB,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC;SACjE,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,iBAAiB,CACrB,QAAgB,EAChB,cAAc,GAAG,IAAI,EACrB,SAAS,GAAG,OAAO;QAEnB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEzB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,SAAS,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YAEpD,IAAI,MAAM,CAAC,QAAQ,KAAK,cAAc,CAAC,OAAO,EAAE,CAAC;gBAC/C,4DAA4D;gBAC5D,IAAI,MAAM,CAAC,QAAQ,KAAK,cAAc,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;oBACrE,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC;oBACxD,SAAS;gBACX,CAAC;gBACD,OAAO,MAAM,CAAC,QAA0B,CAAC;YAC3C,CAAC;YAED,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,WAAW,QAAQ,+BAA+B,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC;IACzF,CAAC;CACF"}
|
package/dist/contract.d.ts
CHANGED
|
@@ -4,6 +4,6 @@ import { Contract, type Signer, type Provider } from "ethers";
|
|
|
4
4
|
* Only includes functions currently deployed on-chain.
|
|
5
5
|
* Updated as new features are added to the contract.
|
|
6
6
|
*/
|
|
7
|
-
export declare const AGENT_FIREWALL_ABI: readonly ["function registerAgentSimple(string agentId, bytes32 ensNode, address agentAddress, uint256 spendLimit) external", "function getAgent(string agentId) external view returns (tuple(bytes32 ensNode, address agentAddress, uint256 spendLimit, uint256 threatScore, uint256 strikes, bool active, bool worldIdVerified, uint256 registeredAt))", "function getAgentCount() external view returns (uint256)", "function deactivateAgent(string agentId) external", "function reactivateAgent(string agentId) external", "function setAllowedTarget(string agentId, address target, bool allowed) external", "function setAllowedTargets(string agentId, address[] targets, bool allowed) external", "function isTargetAllowed(string agentId, address target) external view returns (bool)", "function submitAction(string agentId, address target, uint256 value, bytes data,
|
|
7
|
+
export declare const AGENT_FIREWALL_ABI: readonly ["function registerAgentSimple(string agentId, bytes32 ensNode, address agentAddress, uint256 spendLimit) external", "function getAgent(string agentId) external view returns (tuple(bytes32 ensNode, address agentAddress, uint256 spendLimit, uint256 threatScore, uint256 strikes, bool active, bool worldIdVerified, uint256 registeredAt))", "function getAgentCount() external view returns (uint256)", "function deactivateAgent(string agentId) external", "function reactivateAgent(string agentId) external", "function setAllowedTarget(string agentId, address target, bool allowed) external", "function setAllowedTargets(string agentId, address[] targets, bool allowed) external", "function isTargetAllowed(string agentId, address target) external view returns (bool)", "function submitAction(string agentId, address target, uint256 value, bytes data, bytes32 instructionHash) external returns (uint256 actionId)", "function getQueuedAction(uint256 actionId) external view returns (tuple(string agentId, address target, uint256 value, bytes data, bytes32 instructionHash, uint256 queuedAt, bool resolved, uint8 decision))", "function resolveAction(uint256 actionId, uint8 decision) external", "function approveAction(uint256 actionId) external", "function rejectAction(uint256 actionId) external", "function updateThreatScore(string agentId, uint256 rawScore) external", "function checkTrust(string checkerAgentId, string targetAgentId) external returns (bool)", "function isTrusted(string agentId) external view returns (bool)", "function setMaxStrikes(uint256 _max) external", "function setBlockThreshold(uint256 _threshold) external", "function setEscalateThreshold(uint256 _threshold) external", "function setCreOracle(address _creOracle) external", "function setENSResolver(address _ensResolver) external", "event AgentRegistered(string indexed agentId, bytes32 ensNode, address agentAddress, uint256 spendLimit, bool worldIdVerified)", "event AgentDeactivated(string indexed agentId, string reason)", "event AllowedTargetUpdated(string indexed agentId, address target, bool allowed)", "event ActionSubmitted(uint256 indexed actionId, string indexed agentId, address target, uint256 value, bytes32 instructionHash)", "event ActionApproved(uint256 indexed actionId, string indexed agentId)", "event ActionBlocked(uint256 indexed actionId, string indexed agentId, string reason)", "event ActionEscalated(uint256 indexed actionId, string indexed agentId, uint256 threatScore)", "event ThreatScoreUpdated(string indexed agentId, uint256 previousScore, uint256 newScore, uint256 rawDetectionScore, uint256 strikes)", "event TrustChecked(string indexed checkerAgentId, string indexed targetAgentId, uint256 threatScore, uint256 strikes, bool trusted)"];
|
|
8
8
|
export declare function getFirewallContract(address: string, signerOrProvider: Signer | Provider): Contract;
|
|
9
9
|
//# sourceMappingURL=contract.d.ts.map
|
package/dist/contract.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contract.d.ts","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,KAAK,MAAM,EAAE,KAAK,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAE9D;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,
|
|
1
|
+
{"version":3,"file":"contract.d.ts","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,KAAK,MAAM,EAAE,KAAK,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAE9D;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,qsFAkDrB,CAAC;AAEX,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,QAAQ,GAClC,QAAQ,CAEV"}
|
package/dist/contract.js
CHANGED
|
@@ -16,25 +16,35 @@ export const AGENT_FIREWALL_ABI = [
|
|
|
16
16
|
"function setAllowedTarget(string agentId, address target, bool allowed) external",
|
|
17
17
|
"function setAllowedTargets(string agentId, address[] targets, bool allowed) external",
|
|
18
18
|
"function isTargetAllowed(string agentId, address target) external view returns (bool)",
|
|
19
|
-
// Action submission
|
|
20
|
-
"function submitAction(string agentId, address target, uint256 value, bytes data,
|
|
21
|
-
"function getQueuedAction(uint256 actionId) external view returns (tuple(string agentId, address target, uint256 value, bytes data,
|
|
22
|
-
//
|
|
19
|
+
// Action submission (always queues, CRE resolves)
|
|
20
|
+
"function submitAction(string agentId, address target, uint256 value, bytes data, bytes32 instructionHash) external returns (uint256 actionId)",
|
|
21
|
+
"function getQueuedAction(uint256 actionId) external view returns (tuple(string agentId, address target, uint256 value, bytes data, bytes32 instructionHash, uint256 queuedAt, bool resolved, uint8 decision))",
|
|
22
|
+
// CRE oracle resolution
|
|
23
|
+
"function resolveAction(uint256 actionId, uint8 decision) external",
|
|
24
|
+
// Ledger approval (for escalated actions only)
|
|
23
25
|
"function approveAction(uint256 actionId) external",
|
|
24
26
|
"function rejectAction(uint256 actionId) external",
|
|
25
27
|
// Threat scores
|
|
26
28
|
"function updateThreatScore(string agentId, uint256 rawScore) external",
|
|
29
|
+
// Trust mesh
|
|
30
|
+
"function checkTrust(string checkerAgentId, string targetAgentId) external returns (bool)",
|
|
31
|
+
"function isTrusted(string agentId) external view returns (bool)",
|
|
27
32
|
// Admin
|
|
28
33
|
"function setMaxStrikes(uint256 _max) external",
|
|
34
|
+
"function setBlockThreshold(uint256 _threshold) external",
|
|
35
|
+
"function setEscalateThreshold(uint256 _threshold) external",
|
|
36
|
+
"function setCreOracle(address _creOracle) external",
|
|
37
|
+
"function setENSResolver(address _ensResolver) external",
|
|
29
38
|
// Events
|
|
30
39
|
"event AgentRegistered(string indexed agentId, bytes32 ensNode, address agentAddress, uint256 spendLimit, bool worldIdVerified)",
|
|
31
40
|
"event AgentDeactivated(string indexed agentId, string reason)",
|
|
32
41
|
"event AllowedTargetUpdated(string indexed agentId, address target, bool allowed)",
|
|
33
|
-
"event ActionSubmitted(uint256 indexed actionId, string indexed agentId, address target, uint256 value,
|
|
42
|
+
"event ActionSubmitted(uint256 indexed actionId, string indexed agentId, address target, uint256 value, bytes32 instructionHash)",
|
|
34
43
|
"event ActionApproved(uint256 indexed actionId, string indexed agentId)",
|
|
35
44
|
"event ActionBlocked(uint256 indexed actionId, string indexed agentId, string reason)",
|
|
36
45
|
"event ActionEscalated(uint256 indexed actionId, string indexed agentId, uint256 threatScore)",
|
|
37
46
|
"event ThreatScoreUpdated(string indexed agentId, uint256 previousScore, uint256 newScore, uint256 rawDetectionScore, uint256 strikes)",
|
|
47
|
+
"event TrustChecked(string indexed checkerAgentId, string indexed targetAgentId, uint256 threatScore, uint256 strikes, bool trusted)",
|
|
38
48
|
];
|
|
39
49
|
export function getFirewallContract(address, signerOrProvider) {
|
|
40
50
|
return new Contract(address, AGENT_FIREWALL_ABI, signerOrProvider);
|
package/dist/contract.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contract.js","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAA8B,MAAM,QAAQ,CAAC;AAE9D;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,qBAAqB;IACrB,kHAAkH;IAClH,2NAA2N;IAC3N,0DAA0D;IAE1D,kBAAkB;IAClB,mDAAmD;IACnD,mDAAmD;IAEnD,kBAAkB;IAClB,kFAAkF;IAClF,sFAAsF;IACtF,uFAAuF;IAEvF,
|
|
1
|
+
{"version":3,"file":"contract.js","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAA8B,MAAM,QAAQ,CAAC;AAE9D;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,qBAAqB;IACrB,kHAAkH;IAClH,2NAA2N;IAC3N,0DAA0D;IAE1D,kBAAkB;IAClB,mDAAmD;IACnD,mDAAmD;IAEnD,kBAAkB;IAClB,kFAAkF;IAClF,sFAAsF;IACtF,uFAAuF;IAEvF,kDAAkD;IAClD,+IAA+I;IAC/I,+MAA+M;IAE/M,wBAAwB;IACxB,mEAAmE;IAEnE,+CAA+C;IAC/C,mDAAmD;IACnD,kDAAkD;IAElD,gBAAgB;IAChB,uEAAuE;IAEvE,aAAa;IACb,0FAA0F;IAC1F,iEAAiE;IAEjE,QAAQ;IACR,+CAA+C;IAC/C,yDAAyD;IACzD,4DAA4D;IAC5D,oDAAoD;IACpD,wDAAwD;IAExD,SAAS;IACT,gIAAgI;IAChI,+DAA+D;IAC/D,kFAAkF;IAClF,iIAAiI;IACjI,wEAAwE;IACxE,sFAAsF;IACtF,8FAA8F;IAC9F,uIAAuI;IACvI,qIAAqI;CAC7H,CAAC;AAEX,MAAM,UAAU,mBAAmB,CACjC,OAAe,EACf,gBAAmC;IAEnC,OAAO,IAAI,QAAQ,CAAC,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;AACrE,CAAC"}
|
package/dist/crypto.d.ts
ADDED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Encrypt a plaintext string with a secp256k1 public key using ECIES.
|
|
3
|
+
* Used to encrypt instruction payloads for the CRE oracle.
|
|
4
|
+
*
|
|
5
|
+
* @param plaintext - The instruction text to encrypt
|
|
6
|
+
* @param publicKeyHex - The recipient's secp256k1 public key (hex, compressed or uncompressed)
|
|
7
|
+
* @returns Hex-encoded encrypted payload
|
|
8
|
+
*/
|
|
9
|
+
export declare function encryptForOracle(plaintext: string, publicKeyHex: string): string;
|
|
10
|
+
/**
|
|
11
|
+
* Decrypt an ECIES-encrypted payload with a secp256k1 private key.
|
|
12
|
+
* Used by the CRE oracle to decrypt instruction payloads inside the TEE.
|
|
13
|
+
*
|
|
14
|
+
* @param encryptedHex - Hex-encoded encrypted payload (with 0x prefix)
|
|
15
|
+
* @param privateKeyHex - The recipient's secp256k1 private key (hex)
|
|
16
|
+
* @returns Decrypted plaintext string
|
|
17
|
+
*/
|
|
18
|
+
export declare function decryptAsOracle(encryptedHex: string, privateKeyHex: string): string;
|
|
19
|
+
/**
|
|
20
|
+
* Derive the compressed public key from a private key.
|
|
21
|
+
* Useful for getting the oracle's public key from its private key.
|
|
22
|
+
*/
|
|
23
|
+
export declare function getPublicKeyFromPrivate(privateKeyHex: string): string;
|
|
24
|
+
//# sourceMappingURL=crypto.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAEA;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CAIhF;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,MAAM,CAKnF;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,aAAa,EAAE,MAAM,GAAG,MAAM,CAGrE"}
|
package/dist/crypto.js
ADDED
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import { encrypt, decrypt, PrivateKey } from "eciesjs";
|
|
2
|
+
/**
|
|
3
|
+
* Encrypt a plaintext string with a secp256k1 public key using ECIES.
|
|
4
|
+
* Used to encrypt instruction payloads for the CRE oracle.
|
|
5
|
+
*
|
|
6
|
+
* @param plaintext - The instruction text to encrypt
|
|
7
|
+
* @param publicKeyHex - The recipient's secp256k1 public key (hex, compressed or uncompressed)
|
|
8
|
+
* @returns Hex-encoded encrypted payload
|
|
9
|
+
*/
|
|
10
|
+
export function encryptForOracle(plaintext, publicKeyHex) {
|
|
11
|
+
const data = Buffer.from(plaintext, "utf-8");
|
|
12
|
+
const encrypted = encrypt(publicKeyHex, data);
|
|
13
|
+
return "0x" + Buffer.from(encrypted).toString("hex");
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* Decrypt an ECIES-encrypted payload with a secp256k1 private key.
|
|
17
|
+
* Used by the CRE oracle to decrypt instruction payloads inside the TEE.
|
|
18
|
+
*
|
|
19
|
+
* @param encryptedHex - Hex-encoded encrypted payload (with 0x prefix)
|
|
20
|
+
* @param privateKeyHex - The recipient's secp256k1 private key (hex)
|
|
21
|
+
* @returns Decrypted plaintext string
|
|
22
|
+
*/
|
|
23
|
+
export function decryptAsOracle(encryptedHex, privateKeyHex) {
|
|
24
|
+
const data = Buffer.from(encryptedHex.replace("0x", ""), "hex");
|
|
25
|
+
const sk = new PrivateKey(Buffer.from(privateKeyHex.replace("0x", ""), "hex"));
|
|
26
|
+
const decrypted = decrypt(sk.secret, data);
|
|
27
|
+
return Buffer.from(decrypted).toString("utf-8");
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Derive the compressed public key from a private key.
|
|
31
|
+
* Useful for getting the oracle's public key from its private key.
|
|
32
|
+
*/
|
|
33
|
+
export function getPublicKeyFromPrivate(privateKeyHex) {
|
|
34
|
+
const sk = new PrivateKey(Buffer.from(privateKeyHex.replace("0x", ""), "hex"));
|
|
35
|
+
return sk.publicKey.toHex();
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=crypto.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAEvD;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB,EAAE,YAAoB;IACtE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;IAC9C,OAAO,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAAC,YAAoB,EAAE,aAAqB;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IAChE,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;IAC/E,MAAM,SAAS,GAAG,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC3C,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AAClD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,aAAqB;IAC3D,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;IAC/E,OAAO,EAAE,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;AAC9B,CAAC"}
|
package/dist/ens.d.ts
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { type Signer } from "ethers";
|
|
2
|
+
import { type Network } from "./networks.js";
|
|
3
|
+
/**
|
|
4
|
+
* Compute the ENS node (namehash) for an agent ID.
|
|
5
|
+
* Produces the namehash of `{agentId}.{parentDomain}`.
|
|
6
|
+
*
|
|
7
|
+
* Example: computeEnsNode("trader", Network.SEPOLIA) => namehash("trader.enshell.eth")
|
|
8
|
+
*/
|
|
9
|
+
export declare function computeEnsNode(agentId: string, network: Network): string;
|
|
10
|
+
/**
|
|
11
|
+
* Create an ENS subdomain for an agent under the parent domain.
|
|
12
|
+
* Creates `{agentId}.{parentDomain}` via the ENS NameWrapper,
|
|
13
|
+
* then sets the default avatar text record on the subdomain.
|
|
14
|
+
*
|
|
15
|
+
* Requires the parent name to be wrapped in the NameWrapper.
|
|
16
|
+
* The subdomain is owned by the signer and uses the network's ENS resolver.
|
|
17
|
+
* Throws a clear error if the subdomain already exists.
|
|
18
|
+
*/
|
|
19
|
+
export declare function createSubdomain(agentId: string, network: Network, signer: Signer): Promise<void>;
|
|
20
|
+
//# sourceMappingURL=ens.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ens.d.ts","sourceRoot":"","sources":["../src/ens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,KAAK,MAAM,EAAE,MAAM,QAAQ,CAAC;AACzD,OAAO,EAAkB,KAAK,OAAO,EAAE,MAAM,eAAe,CAAC;AAW7D;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,MAAM,CAGxE;AAED;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CA0Df"}
|
package/dist/ens.js
ADDED
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import { Contract, namehash } from "ethers";
|
|
2
|
+
import { NETWORK_CONFIG } from "./networks.js";
|
|
3
|
+
const NAME_WRAPPER_ABI = [
|
|
4
|
+
"function setSubnodeRecord(bytes32 parentNode, string label, address owner, address resolver, uint64 ttl, uint32 fuses, uint64 expiry) returns (bytes32)",
|
|
5
|
+
"function ownerOf(uint256 id) view returns (address)",
|
|
6
|
+
];
|
|
7
|
+
const RESOLVER_ABI = [
|
|
8
|
+
"function setText(bytes32 node, string key, string value)",
|
|
9
|
+
];
|
|
10
|
+
/**
|
|
11
|
+
* Compute the ENS node (namehash) for an agent ID.
|
|
12
|
+
* Produces the namehash of `{agentId}.{parentDomain}`.
|
|
13
|
+
*
|
|
14
|
+
* Example: computeEnsNode("trader", Network.SEPOLIA) => namehash("trader.enshell.eth")
|
|
15
|
+
*/
|
|
16
|
+
export function computeEnsNode(agentId, network) {
|
|
17
|
+
const parentDomain = NETWORK_CONFIG[network].ensParentDomain;
|
|
18
|
+
return namehash(`${agentId}.${parentDomain}`);
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Create an ENS subdomain for an agent under the parent domain.
|
|
22
|
+
* Creates `{agentId}.{parentDomain}` via the ENS NameWrapper,
|
|
23
|
+
* then sets the default avatar text record on the subdomain.
|
|
24
|
+
*
|
|
25
|
+
* Requires the parent name to be wrapped in the NameWrapper.
|
|
26
|
+
* The subdomain is owned by the signer and uses the network's ENS resolver.
|
|
27
|
+
* Throws a clear error if the subdomain already exists.
|
|
28
|
+
*/
|
|
29
|
+
export async function createSubdomain(agentId, network, signer) {
|
|
30
|
+
const config = NETWORK_CONFIG[network];
|
|
31
|
+
const parentNode = namehash(config.ensParentDomain);
|
|
32
|
+
const signerAddress = await signer.getAddress();
|
|
33
|
+
const nameWrapper = new Contract(config.nameWrapperAddress, NAME_WRAPPER_ABI, signer);
|
|
34
|
+
// Check if subdomain already exists in NameWrapper
|
|
35
|
+
const subdomainNode = computeEnsNode(agentId, network);
|
|
36
|
+
try {
|
|
37
|
+
const existingOwner = await nameWrapper.ownerOf(subdomainNode);
|
|
38
|
+
if (existingOwner !== "0x0000000000000000000000000000000000000000") {
|
|
39
|
+
// If the signer already owns it, skip creation (idempotent)
|
|
40
|
+
if (existingOwner.toLowerCase() === signerAddress.toLowerCase()) {
|
|
41
|
+
return;
|
|
42
|
+
}
|
|
43
|
+
const domain = `${agentId}.${config.ensParentDomain}`;
|
|
44
|
+
throw new Error(`ENS subdomain '${domain}' is owned by another address (${existingOwner})`);
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
catch (err) {
|
|
48
|
+
// ownerOf reverts for non-existent tokens, which means the subdomain doesn't exist - that's fine
|
|
49
|
+
if (err.message?.includes("owned by another") || err.message?.includes("already exists"))
|
|
50
|
+
throw err;
|
|
51
|
+
}
|
|
52
|
+
const maxExpiry = BigInt("18446744073709551615"); // max uint64
|
|
53
|
+
try {
|
|
54
|
+
const tx = await nameWrapper.setSubnodeRecord(parentNode, agentId, signerAddress, config.ensResolverAddress, 0, // ttl
|
|
55
|
+
0, // fuses (no restrictions)
|
|
56
|
+
maxExpiry);
|
|
57
|
+
await tx.wait();
|
|
58
|
+
}
|
|
59
|
+
catch (err) {
|
|
60
|
+
const domain = `${agentId}.${config.ensParentDomain}`;
|
|
61
|
+
throw new Error(`Failed to create ENS subdomain '${domain}': ${err.reason || err.message}`);
|
|
62
|
+
}
|
|
63
|
+
// Set default avatar on the subdomain
|
|
64
|
+
if (config.ensDefaultAvatar) {
|
|
65
|
+
const resolver = new Contract(config.ensResolverAddress, RESOLVER_ABI, signer);
|
|
66
|
+
const avatarTx = await resolver.setText(subdomainNode, "avatar", config.ensDefaultAvatar);
|
|
67
|
+
await avatarTx.wait();
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
//# sourceMappingURL=ens.js.map
|
package/dist/ens.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ens.js","sourceRoot":"","sources":["../src/ens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAe,MAAM,QAAQ,CAAC;AACzD,OAAO,EAAE,cAAc,EAAgB,MAAM,eAAe,CAAC;AAE7D,MAAM,gBAAgB,GAAG;IACvB,yJAAyJ;IACzJ,qDAAqD;CAC7C,CAAC;AAEX,MAAM,YAAY,GAAG;IACnB,0DAA0D;CAClD,CAAC;AAEX;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe,EAAE,OAAgB;IAC9D,MAAM,YAAY,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC,eAAe,CAAC;IAC7D,OAAO,QAAQ,CAAC,GAAG,OAAO,IAAI,YAAY,EAAE,CAAC,CAAC;AAChD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,OAAgB,EAChB,MAAc;IAEd,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACvC,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhD,MAAM,WAAW,GAAG,IAAI,QAAQ,CAC9B,MAAM,CAAC,kBAAkB,EACzB,gBAAgB,EAChB,MAAM,CACP,CAAC;IAEF,mDAAmD;IACnD,MAAM,aAAa,GAAG,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACvD,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAC/D,IAAI,aAAa,KAAK,4CAA4C,EAAE,CAAC;YACnE,4DAA4D;YAC5D,IAAI,aAAa,CAAC,WAAW,EAAE,KAAK,aAAa,CAAC,WAAW,EAAE,EAAE,CAAC;gBAChE,OAAO;YACT,CAAC;YACD,MAAM,MAAM,GAAG,GAAG,OAAO,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,kBAAkB,MAAM,kCAAkC,aAAa,GAAG,CAAC,CAAC;QAC9F,CAAC;IACH,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,iGAAiG;QACjG,IAAI,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,gBAAgB,CAAC;YAAE,MAAM,GAAG,CAAC;IACtG,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC,aAAa;IAE/D,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,gBAAgB,CAC3C,UAAU,EACV,OAAO,EACP,aAAa,EACb,MAAM,CAAC,kBAAkB,EACzB,CAAC,EAAO,MAAM;QACd,CAAC,EAAO,0BAA0B;QAClC,SAAS,CACV,CAAC;QACF,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;IAClB,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,GAAG,OAAO,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,mCAAmC,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,OAAO,EAAE,CAC3E,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAC3B,MAAM,CAAC,kBAAkB,EACzB,YAAY,EACZ,MAAM,CACP,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,aAAa,EAAE,QAAQ,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC1F,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxB,CAAC;AACH,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
export { Network, NETWORK_CONFIG } from "./networks.js";
|
|
2
2
|
export type { NetworkConfig } from "./networks.js";
|
|
3
3
|
export { AGENT_FIREWALL_ABI, getFirewallContract } from "./contract.js";
|
|
4
|
+
export { computeEnsNode, createSubdomain } from "./ens.js";
|
|
4
5
|
export { ENShell } from "./client.js";
|
|
5
|
-
export {
|
|
6
|
-
export
|
|
6
|
+
export { encryptForOracle, decryptAsOracle, getPublicKeyFromPrivate } from "./crypto.js";
|
|
7
|
+
export { RelayClient } from "./relay.js";
|
|
8
|
+
export { ActionDecision } from "./types.js";
|
|
9
|
+
export type { Agent, RegisterAgentOptions, ActionResult, QueuedAction, ProtectOptions, ProtectResult, ENShellConfig, } from "./types.js";
|
|
7
10
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACxD,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAExE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACxD,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAExE,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE3D,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAEzF,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,YAAY,EACV,KAAK,EACL,oBAAoB,EACpB,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
export { Network, NETWORK_CONFIG } from "./networks.js";
|
|
2
2
|
export { AGENT_FIREWALL_ABI, getFirewallContract } from "./contract.js";
|
|
3
|
+
export { computeEnsNode, createSubdomain } from "./ens.js";
|
|
3
4
|
export { ENShell } from "./client.js";
|
|
4
|
-
export {
|
|
5
|
+
export { encryptForOracle, decryptAsOracle, getPublicKeyFromPrivate } from "./crypto.js";
|
|
6
|
+
export { RelayClient } from "./relay.js";
|
|
7
|
+
export { ActionDecision } from "./types.js";
|
|
5
8
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGxD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAExE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGxD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAExE,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE3D,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAEzF,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC"}
|
package/dist/networks.d.ts
CHANGED
|
@@ -6,6 +6,11 @@ export interface NetworkConfig {
|
|
|
6
6
|
chainId: number;
|
|
7
7
|
rpcUrl: string;
|
|
8
8
|
firewallAddress: string;
|
|
9
|
+
relayUrl: string;
|
|
10
|
+
ensParentDomain: string;
|
|
11
|
+
nameWrapperAddress: string;
|
|
12
|
+
ensResolverAddress: string;
|
|
13
|
+
ensDefaultAvatar: string;
|
|
9
14
|
}
|
|
10
15
|
export declare const NETWORK_CONFIG: Record<Network, NetworkConfig>;
|
|
11
16
|
//# sourceMappingURL=networks.d.ts.map
|
package/dist/networks.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"networks.d.ts","sourceRoot":"","sources":["../src/networks.ts"],"names":[],"mappings":"AAAA,oBAAY,OAAO;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"networks.d.ts","sourceRoot":"","sources":["../src/networks.ts"],"names":[],"mappings":"AAAA,oBAAY,OAAO;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,OAAO,EAAE,aAAa,CAqBzD,CAAC"}
|
package/dist/networks.js
CHANGED
|
@@ -8,11 +8,21 @@ export const NETWORK_CONFIG = {
|
|
|
8
8
|
chainId: 1,
|
|
9
9
|
rpcUrl: "https://eth.llamarpc.com",
|
|
10
10
|
firewallAddress: "",
|
|
11
|
+
relayUrl: "",
|
|
12
|
+
ensParentDomain: "enshell.eth",
|
|
13
|
+
nameWrapperAddress: "0xD4416b13d2b3a9aBae7AcD5D6C2BbDBE25686401",
|
|
14
|
+
ensResolverAddress: "0xF29100983E058B709F3D539b0c765937B804AC15",
|
|
15
|
+
ensDefaultAvatar: "https://euc.li/enshell.eth",
|
|
11
16
|
},
|
|
12
17
|
[Network.SEPOLIA]: {
|
|
13
18
|
chainId: 11155111,
|
|
14
19
|
rpcUrl: "https://rpc.sepolia.org",
|
|
15
|
-
firewallAddress: "",
|
|
20
|
+
firewallAddress: "0xF0685c0346DD504D6cB6E1D9958206a51127a663",
|
|
21
|
+
relayUrl: "https://relay.enshell.xyz",
|
|
22
|
+
ensParentDomain: "enshell.eth",
|
|
23
|
+
nameWrapperAddress: "0x0635513f179D50A207757E05759CbD106d7dFcE8",
|
|
24
|
+
ensResolverAddress: "0xE99638b40E4Fff0129D56f03b55b6bbC4BBE49b5",
|
|
25
|
+
ensDefaultAvatar: "https://euc.li/sepolia/enshell.eth",
|
|
16
26
|
},
|
|
17
27
|
};
|
|
18
28
|
//# sourceMappingURL=networks.js.map
|
package/dist/networks.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"networks.js","sourceRoot":"","sources":["../src/networks.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,OAGX;AAHD,WAAY,OAAO;IACjB,8BAAmB,CAAA;IACnB,8BAAmB,CAAA;AACrB,CAAC,EAHW,OAAO,KAAP,OAAO,QAGlB;
|
|
1
|
+
{"version":3,"file":"networks.js","sourceRoot":"","sources":["../src/networks.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,OAGX;AAHD,WAAY,OAAO;IACjB,8BAAmB,CAAA;IACnB,8BAAmB,CAAA;AACrB,CAAC,EAHW,OAAO,KAAP,OAAO,QAGlB;AAaD,MAAM,CAAC,MAAM,cAAc,GAAmC;IAC5D,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACjB,OAAO,EAAE,CAAC;QACV,MAAM,EAAE,0BAA0B;QAClC,eAAe,EAAE,EAAE;QACnB,QAAQ,EAAE,EAAE;QACZ,eAAe,EAAE,aAAa;QAC9B,kBAAkB,EAAE,4CAA4C;QAChE,kBAAkB,EAAE,4CAA4C;QAChE,gBAAgB,EAAE,4BAA4B;KAC/C;IACD,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACjB,OAAO,EAAE,QAAQ;QACjB,MAAM,EAAE,yBAAyB;QACjC,eAAe,EAAE,4CAA4C;QAC7D,QAAQ,EAAE,2BAA2B;QACrC,eAAe,EAAE,aAAa;QAC9B,kBAAkB,EAAE,4CAA4C;QAChE,kBAAkB,EAAE,4CAA4C;QAChE,gBAAgB,EAAE,oCAAoC;KACvD;CACF,CAAC"}
|
package/dist/relay.d.ts
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Client for the ENShell Relay service.
|
|
3
|
+
* Stores and retrieves encrypted instruction payloads.
|
|
4
|
+
*/
|
|
5
|
+
export declare class RelayClient {
|
|
6
|
+
private baseUrl;
|
|
7
|
+
constructor(relayUrl: string);
|
|
8
|
+
/**
|
|
9
|
+
* Store an encrypted payload on the relay.
|
|
10
|
+
* @param instructionHash - bytes32 hex string (0x + 64 chars)
|
|
11
|
+
* @param encryptedPayload - hex-encoded encrypted data
|
|
12
|
+
*/
|
|
13
|
+
put(instructionHash: string, encryptedPayload: string): Promise<void>;
|
|
14
|
+
/**
|
|
15
|
+
* Retrieve an encrypted payload from the relay.
|
|
16
|
+
* @param instructionHash - bytes32 hex string
|
|
17
|
+
* @returns The encrypted payload, or null if not found/expired
|
|
18
|
+
*/
|
|
19
|
+
get(instructionHash: string): Promise<string | null>;
|
|
20
|
+
/**
|
|
21
|
+
* Health check on the relay service.
|
|
22
|
+
*/
|
|
23
|
+
health(): Promise<{
|
|
24
|
+
status: string;
|
|
25
|
+
entries: number;
|
|
26
|
+
}>;
|
|
27
|
+
}
|
|
28
|
+
//# sourceMappingURL=relay.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"relay.d.ts","sourceRoot":"","sources":["../src/relay.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,qBAAa,WAAW;IACtB,OAAO,CAAC,OAAO,CAAS;gBAEZ,QAAQ,EAAE,MAAM;IAI5B;;;;OAIG;IACG,GAAG,CAAC,eAAe,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB3E;;;;OAIG;IACG,GAAG,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAe1D;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAO7D"}
|
package/dist/relay.js
ADDED
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Client for the ENShell Relay service.
|
|
3
|
+
* Stores and retrieves encrypted instruction payloads.
|
|
4
|
+
*/
|
|
5
|
+
export class RelayClient {
|
|
6
|
+
baseUrl;
|
|
7
|
+
constructor(relayUrl) {
|
|
8
|
+
this.baseUrl = relayUrl.replace(/\/$/, "");
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Store an encrypted payload on the relay.
|
|
12
|
+
* @param instructionHash - bytes32 hex string (0x + 64 chars)
|
|
13
|
+
* @param encryptedPayload - hex-encoded encrypted data
|
|
14
|
+
*/
|
|
15
|
+
async put(instructionHash, encryptedPayload) {
|
|
16
|
+
const res = await fetch(`${this.baseUrl}/relay/${instructionHash}`, {
|
|
17
|
+
method: "PUT",
|
|
18
|
+
headers: { "Content-Type": "application/json" },
|
|
19
|
+
body: JSON.stringify({ encryptedPayload }),
|
|
20
|
+
});
|
|
21
|
+
if (res.status === 409) {
|
|
22
|
+
// Already exists - idempotent, not an error
|
|
23
|
+
return;
|
|
24
|
+
}
|
|
25
|
+
if (!res.ok) {
|
|
26
|
+
const body = await res.json().catch(() => ({}));
|
|
27
|
+
throw new Error(`Relay PUT failed (${res.status}): ${body.error || "Unknown error"}`);
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Retrieve an encrypted payload from the relay.
|
|
32
|
+
* @param instructionHash - bytes32 hex string
|
|
33
|
+
* @returns The encrypted payload, or null if not found/expired
|
|
34
|
+
*/
|
|
35
|
+
async get(instructionHash) {
|
|
36
|
+
const res = await fetch(`${this.baseUrl}/relay/${instructionHash}`);
|
|
37
|
+
if (res.status === 404) {
|
|
38
|
+
return null;
|
|
39
|
+
}
|
|
40
|
+
if (!res.ok) {
|
|
41
|
+
throw new Error(`Relay GET failed (${res.status})`);
|
|
42
|
+
}
|
|
43
|
+
const body = await res.json();
|
|
44
|
+
return body.encryptedPayload;
|
|
45
|
+
}
|
|
46
|
+
/**
|
|
47
|
+
* Health check on the relay service.
|
|
48
|
+
*/
|
|
49
|
+
async health() {
|
|
50
|
+
const res = await fetch(`${this.baseUrl}/health`);
|
|
51
|
+
if (!res.ok) {
|
|
52
|
+
throw new Error(`Relay health check failed (${res.status})`);
|
|
53
|
+
}
|
|
54
|
+
return res.json();
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
//# sourceMappingURL=relay.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"relay.js","sourceRoot":"","sources":["../src/relay.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,OAAO,WAAW;IACd,OAAO,CAAS;IAExB,YAAY,QAAgB;QAC1B,IAAI,CAAC,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,GAAG,CAAC,eAAuB,EAAE,gBAAwB;QACzD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,UAAU,eAAe,EAAE,EAAE;YAClE,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,gBAAgB,EAAE,CAAC;SAC3C,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,4CAA4C;YAC5C,OAAO;QACT,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,CAAC,MAAM,MAAO,IAAY,CAAC,KAAK,IAAI,eAAe,EAAE,CAAC,CAAC;QACjG,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,GAAG,CAAC,eAAuB;QAC/B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,UAAU,eAAe,EAAE,CAAC,CAAC;QAEpE,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAkC,CAAC;QAC9D,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM;QACV,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,GAAG,CAAC,IAAI,EAAkD,CAAC;IACpE,CAAC;CACF"}
|
package/dist/types.d.ts
CHANGED
|
@@ -13,42 +13,51 @@ export interface Agent {
|
|
|
13
13
|
export interface RegisterAgentOptions {
|
|
14
14
|
agentAddress: string;
|
|
15
15
|
spendLimit: string;
|
|
16
|
-
ensNode: string;
|
|
17
16
|
allowedTargets?: string[];
|
|
18
17
|
}
|
|
19
|
-
export declare enum
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
18
|
+
export declare enum ActionDecision {
|
|
19
|
+
PENDING = 0,
|
|
20
|
+
APPROVED = 1,
|
|
21
|
+
ESCALATED = 2,
|
|
22
|
+
BLOCKED = 3
|
|
23
23
|
}
|
|
24
24
|
export interface ActionResult {
|
|
25
25
|
actionId: bigint;
|
|
26
|
-
status: ActionStatus;
|
|
27
26
|
}
|
|
28
27
|
export interface QueuedAction {
|
|
29
28
|
agentId: string;
|
|
30
29
|
target: string;
|
|
31
30
|
value: bigint;
|
|
32
31
|
data: string;
|
|
33
|
-
|
|
34
|
-
threatScore: bigint;
|
|
32
|
+
instructionHash: string;
|
|
35
33
|
queuedAt: bigint;
|
|
36
34
|
resolved: boolean;
|
|
35
|
+
decision: number;
|
|
37
36
|
}
|
|
38
37
|
export interface ProtectOptions {
|
|
38
|
+
instruction: string;
|
|
39
39
|
tx: {
|
|
40
40
|
to: string;
|
|
41
41
|
value?: string;
|
|
42
42
|
data?: string;
|
|
43
43
|
};
|
|
44
|
-
|
|
44
|
+
}
|
|
45
|
+
export interface ProtectResult {
|
|
46
|
+
actionId: bigint;
|
|
47
|
+
instructionHash: string;
|
|
48
|
+
tx: {
|
|
49
|
+
to: string;
|
|
50
|
+
value: string;
|
|
51
|
+
data: string;
|
|
52
|
+
};
|
|
53
|
+
/** Wait for the CRE oracle to resolve the action. Polls the contract. */
|
|
54
|
+
waitForResolution: () => Promise<ActionDecision>;
|
|
45
55
|
}
|
|
46
56
|
export interface ENShellConfig {
|
|
47
57
|
network: Network;
|
|
48
58
|
signer: Signer;
|
|
49
59
|
contractAddress?: string;
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
onBlocked?: (action: ActionResult) => Promise<void>;
|
|
60
|
+
/** Compressed secp256k1 public key of the CRE oracle (hex). Used to encrypt instructions. */
|
|
61
|
+
oraclePublicKey?: string;
|
|
53
62
|
}
|
|
54
63
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAI7C,MAAM,WAAW,KAAK;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,eAAe,EAAE,OAAO,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAI7C,MAAM,WAAW,KAAK;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,eAAe,EAAE,OAAO,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAID,oBAAY,cAAc;IACxB,OAAO,IAAI;IACX,QAAQ,IAAI;IACZ,SAAS,IAAI;IACb,OAAO,IAAI;CACZ;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAID,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE;QACF,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,EAAE,EAAE;QACF,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,yEAAyE;IACzE,iBAAiB,EAAE,MAAM,OAAO,CAAC,cAAc,CAAC,CAAC;CAClD;AAID,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,6FAA6F;IAC7F,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B"}
|
package/dist/types.js
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
// -- Actions --
|
|
2
|
-
export var
|
|
3
|
-
(function (
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
2
|
+
export var ActionDecision;
|
|
3
|
+
(function (ActionDecision) {
|
|
4
|
+
ActionDecision[ActionDecision["PENDING"] = 0] = "PENDING";
|
|
5
|
+
ActionDecision[ActionDecision["APPROVED"] = 1] = "APPROVED";
|
|
6
|
+
ActionDecision[ActionDecision["ESCALATED"] = 2] = "ESCALATED";
|
|
7
|
+
ActionDecision[ActionDecision["BLOCKED"] = 3] = "BLOCKED";
|
|
8
|
+
})(ActionDecision || (ActionDecision = {}));
|
|
8
9
|
//# sourceMappingURL=types.js.map
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAsBA,gBAAgB;AAEhB,MAAM,CAAN,IAAY,cAKX;AALD,WAAY,cAAc;IACxB,yDAAW,CAAA;IACX,2DAAY,CAAA;IACZ,6DAAa,CAAA;IACb,yDAAW,CAAA;AACb,CAAC,EALW,cAAc,KAAd,cAAc,QAKzB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@enshell/sdk",
|
|
3
|
-
"version": "0.1.0-beta.
|
|
3
|
+
"version": "0.1.0-beta.2",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -15,6 +15,7 @@
|
|
|
15
15
|
"prepublishOnly": "npm run build"
|
|
16
16
|
},
|
|
17
17
|
"dependencies": {
|
|
18
|
+
"eciesjs": "^0.5.0",
|
|
18
19
|
"ethers": "^6.15.0"
|
|
19
20
|
},
|
|
20
21
|
"publishConfig": {
|