@hsuite/smart-engines-sdk 3.2.1 → 3.3.0

package/dist/index.js

@@ -5479,29 +5479,6 @@ zod.z.object({
   blockTime: zod.z.number().optional(),
   rpcEndpoint: zod.z.string().url().optional()
 });
-var NetworkMembershipTypeSchema = zod.z.enum(["validator", "host", "gateway"]);
-var MembershipStatusSchema = zod.z.enum(["pending", "active", "exiting", "exited", "banned"]);
-zod.z.object({
-  nodeId: zod.z.string().min(1),
-  networkType: NetworkMembershipTypeSchema,
-  chain: zod.z.enum(["hedera", "xrpl", "polkadot", "solana"]),
-  endpoint: zod.z.string().url(),
-  publicKey: zod.z.string().min(1),
-  joinedAt: zod.z.string().datetime(),
-  depositTxId: zod.z.string().min(1),
-  status: MembershipStatusSchema,
-  networkConfig: zod.z.record(zod.z.unknown()).optional()
-});
-var NetworkDepositRequirementsSchema = zod.z.object({
-  depositAmount: zod.z.string().min(1),
-  lockDurationDays: zod.z.number().int().positive(),
-  renewalWindowDays: zod.z.number().int().positive().optional()
-});
-zod.z.object({
-  validator: NetworkDepositRequirementsSchema,
-  host: NetworkDepositRequirementsSchema,
-  gateway: NetworkDepositRequirementsSchema
-});
 var TokenCapabilitiesSchema = zod.z.object({
   /**
    * Pause all token operations globally
@@ -5666,74 +5643,6 @@ var PreparedTransactionSovereigntySchema = zod.z.discriminatedUnion("mode", [
     authorizationSet: PreparedTransactionAuthorizationSetSchema.optional()
   })
 ]);
-var TransactionStatusSchema = zod.z.enum(["pending", "success", "failed", "expired"]);
-var TransactionTypeSchema = zod.z.enum([
-  "transfer",
-  "token_transfer",
-  "account_create",
-  "token_create",
-  "token_mint",
-  "token_burn",
-  "contract_call",
-  "contract_create",
-  "topic_message",
-  "other"
-]);
-zod.z.object({
-  id: zod.z.string(),
-  chain: ChainTypeSchema,
-  type: TransactionTypeSchema,
-  status: TransactionStatusSchema,
-  timestamp: zod.z.date(),
-  from: AccountIdSchema,
-  to: AccountIdSchema.optional(),
-  amount: zod.z.string().optional(),
-  fee: zod.z.string(),
-  memo: zod.z.string().optional(),
-  metadata: zod.z.record(zod.z.any()).optional()
-});
-zod.z.object({
-  transactionId: zod.z.string(),
-  chain: ChainTypeSchema,
-  status: TransactionStatusSchema,
-  blockNumber: zod.z.number().optional(),
-  blockHash: zod.z.string().optional(),
-  timestamp: zod.z.date(),
-  gasUsed: zod.z.string().optional(),
-  effectiveFee: zod.z.string(),
-  logs: zod.z.array(zod.z.any()).optional(),
-  metadata: zod.z.record(zod.z.any()).optional()
-});
-var TokenTypeSchema = zod.z.enum(["fungible", "nft", "semi_fungible"]);
-var TokenSchema = zod.z.object({
-  tokenId: zod.z.string(),
-  chain: ChainTypeSchema,
-  name: zod.z.string(),
-  symbol: zod.z.string(),
-  decimals: zod.z.number().int().min(0),
-  totalSupply: zod.z.string(),
-  type: TokenTypeSchema,
-  creator: AccountIdSchema.optional(),
-  metadata: zod.z.record(zod.z.any()).optional(),
-  createdAt: zod.z.date().optional()
-});
-zod.z.object({
-  name: zod.z.string(),
-  description: zod.z.string().optional(),
-  image: zod.z.string().url().optional(),
-  attributes: zod.z.array(
-    zod.z.object({
-      trait_type: zod.z.string(),
-      value: zod.z.union([zod.z.string(), zod.z.number(), zod.z.boolean()])
-    })
-  ).optional(),
-  external_url: zod.z.string().url().optional()
-});
-TokenSchema.extend({
-  holders: zod.z.number().optional(),
-  transferCount: zod.z.number().optional(),
-  circulatingSupply: zod.z.string().optional()
-});
 var CreateAccountRequestSchema = zod.z.object({
   chain: ChainTypeSchema,
   initialBalance: zod.z.string(),
@@ -7070,6 +6979,35 @@ function isRuleRejected(err) {
   return obj.ruleAtoms.every((a) => typeof a === "string");
 }
 
+// src/network-presets.ts
+var KNOWN_NETWORKS = {
+  testnet: {
+    bootstrap: ["https://gateway.testnet.hsuite.network"]
+  },
+  mainnet: {
+    // Mainnet entrypoint reserved. The SDK still resolves the name so
+    // upgrade-by-flipping-NETWORK works; the bootstrap URL is the
+    // pre-allocated DNS we own. If mainnet isn't deployed yet, the discovery
+    // fetch will fail at runtime with the same "no seed reachable" error
+    // any unreachable URL produces — the caller learns the network is not
+    // live, rather than getting a baffling "unknown network" TypeScript
+    // error at compile time.
+    bootstrap: ["https://gateway.hsuite.network"]
+  }
+};
+function resolveNetwork(name) {
+  const preset = KNOWN_NETWORKS[name];
+  if (!preset) {
+    throw new Error(
+      `Unknown network: "${name}". Known networks: ${Object.keys(KNOWN_NETWORKS).join(", ")}`
+    );
+  }
+  return preset;
+}
+function isKnownNetwork(name) {
+  return Object.prototype.hasOwnProperty.call(KNOWN_NETWORKS, name);
+}
+
 // src/subscription/index.ts
 var subscription_exports = {};
 __export(subscription_exports, {
@@ -8168,7 +8106,18 @@ var SmartEngineClient = class _SmartEngineClient {
    *   2. (Optional) HCS trust-anchor membership cross-check.
    *   3. Random-pick over the verified set.
    *
-   * @example
+   * @example Zero-config (recommended for smart-app callers)
+   * ```ts
+   * const { client, cluster, session } = await SmartEngineClient.connectToCluster({
+   *   network: 'testnet',          // resolves canonical gateway entrypoint
+   *   chain: 'xrpl',
+   *   address: '...',
+   *   publicKey: '...',
+   *   signFn: async (challenge) => sign(challenge),
+   * });
+   * ```
+   *
+   * @example Custom seeds (private deployments / local dev)
    * ```ts
    * const { client, cluster, session } = await SmartEngineClient.connectToCluster({
    *   bootstrap: ['https://sn1.testnet.hsuite.network', 'https://sn2.testnet.hsuite.network'],
@@ -8181,8 +8130,15 @@ var SmartEngineClient = class _SmartEngineClient {
    */
   static async connectToCluster(config) {
     const allowInsecure = config.allowInsecure ?? false;
+    const bootstrap = config.bootstrap ? [...config.bootstrap] : [...resolveNetwork(config.network).bootstrap];
+    if (bootstrap.length === 0) {
+      throw new SmartEngineError2(
+        "connectToCluster requires either a non-empty `bootstrap` list or a known `network` name.",
+        400
+      );
+    }
     const discovery = new ClusterDiscoveryClient({
-      bootstrap: config.bootstrap,
+      bootstrap,
       allowInsecure,
       trustAnchor: config.trustAnchor ? {
         network: config.trustAnchor.network,
@@ -9168,8 +9124,10 @@ __export(baas_exports, {
   BaasError: () => BaasError,
   DatabaseClient: () => DatabaseClient,
   DeploymentClient: () => DeploymentClient,
+  EntitiesClient: () => EntitiesClient,
   FunctionsClient: () => FunctionsClient,
   MessagingClient: () => MessagingClient,
+  RulesClient: () => RulesClient,
   StorageClient: () => StorageClient,
   validateAgentRules: () => validateAgentRules
 });
@@ -9568,8 +9526,90 @@ var CustomerSessionClient = class {
   }
 };
 
+// src/baas/rules/client.ts
+var RulesClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Publish a canonical ValidatorRules document to HCS. */
+  async publish(rule) {
+    return this.http.post("/api/rules/publish", rule);
+  }
+  /** Fetch a published rule by its HCS consensus timestamp. */
+  async get(consensusTimestamp) {
+    return this.http.get(`/api/rules/${encodeURIComponent(consensusTimestamp)}`);
+  }
+  /** List rules owned by the authenticated entity, optionally filtered by type. */
+  async listByOwner(filter) {
+    const path = filter?.type ? `/api/rules?type=${encodeURIComponent(filter.type)}` : "/api/rules";
+    return this.http.get(path);
+  }
+  /**
+   * Simulate cluster-side evaluation of an action against a rule. Either
+   * `ruleRef` (published) or `rule` (inline) must be supplied by the caller.
+   */
+  async simulate(params) {
+    return this.http.post("/api/rules/simulate", params);
+  }
+  /** Walk the version history of a published rule. */
+  async getVersionHistory(consensusTimestamp) {
+    return this.http.get(
+      `/api/rules/${encodeURIComponent(consensusTimestamp)}/versions`
+    );
+  }
+  /** Deprecate a published rule (owner-only). */
+  async deprecate(consensusTimestamp) {
+    return this.http.post(
+      `/api/rules/${encodeURIComponent(consensusTimestamp)}/deprecate`,
+      {}
+    );
+  }
+};
+
+// src/baas/entities/client.ts
+var EntitiesClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Create a canonical token entity bound to a published rule. */
+  async createToken(req) {
+    return this.http.post("/api/entities/createToken", req);
+  }
+  /** Create a canonical account entity bound to a published rule. */
+  async createAccount(req) {
+    return this.http.post("/api/entities/createAccount", req);
+  }
+  /** Create a canonical topic entity bound to a published rule. */
+  async createTopic(req) {
+    return this.http.post("/api/entities/createTopic", req);
+  }
+  /** Create a canonical agent entity bound to a published rule. */
+  async createAgent(req) {
+    return this.http.post("/api/entities/createAgent", req);
+  }
+  /**
+   * Mega-helper: build a token rule with a launchpad ModuleEntry attached,
+   * publish it, create the token, and return the combined result in one HTTP
+   * round-trip.
+   */
+  async launchpad(req) {
+    return this.http.post("/api/entities/launchpad", req);
+  }
+  /** Fetch an entity by its canonical `entityId`. */
+  async get(entityId) {
+    return this.http.get(`/api/entities/${encodeURIComponent(entityId)}`);
+  }
+  /** List entities owned by the authenticated wallet, optionally filtered by type. */
+  async listByOwner(filter) {
+    const path = filter?.type ? `/api/entities?type=${encodeURIComponent(filter.type)}` : "/api/entities";
+    return this.http.get(path);
+  }
+};
+
 // src/baas/client.ts
-var BaasClient = class {
+var BaasClient = class _BaasClient {
   hostUrl;
   pathPrefix;
   appId;
@@ -9594,6 +9634,10 @@ var BaasClient = class {
   agents;
   /** Customer→smart-app session bridge (TokenGate Face B). */
   customerSession;
+  /** Canonical validator-rules authoring surface (publish/get/list/simulate). */
+  rules;
+  /** Canonical entity authoring surface (token/account/topic/agent + launchpad). */
+  entities;
   constructor(config) {
     this.allowInsecure = config.allowInsecure ?? false;
     this.hostUrl = validateUrl2(config.hostUrl, this.allowInsecure);
@@ -9614,6 +9658,84 @@ var BaasClient = class {
     this.deployment = new DeploymentClient(this.http);
     this.agents = new AgentsClient(this.http);
     this.customerSession = new CustomerSessionClient(baseUrlWithPrefix, this.timeout);
+    this.rules = new RulesClient(this.http);
+    this.entities = new EntitiesClient(this.http);
+  }
+  /**
+   * Connect to the Smart Engines BaaS via cluster auto-discovery.
+   *
+   * Zero-config entrypoint flow:
+   *
+   *   1. Resolves the bootstrap seed list:
+   *      - `network: 'testnet' | 'mainnet'` → canonical Cloudflare-fronted
+   *        gateway via {@link KNOWN_NETWORKS}.
+   *      - `bootstrap: string[]` → explicit seed list (private deployments).
+   *   2. Fetches `GET /api/v3/discovery/clusters` from the first reachable
+   *      seed; the response carries every active cluster's gateway URL.
+   *   3. Random-picks one active cluster.
+   *   4. Returns a `BaasClient` pointed at that cluster's gatewayUrl, with
+   *      `pathPrefix: '/host'` so all BaaS sub-clients (db / storage /
+   *      functions / messaging / agents / rules / entities) route through
+   *      the gateway's `/host/*` rewrite.
+   *
+   * @example Zero-config (recommended)
+   * ```ts
+   * const baas = await BaasClient.connectToCluster({
+   *   network: 'testnet',
+   *   appId: 'app_abc',
+   * });
+   *
+   * await baas.db.insert('users', { name: 'Alice' });
+   * ```
+   *
+   * @example Custom seeds (private deployments)
+   * ```ts
+   * const baas = await BaasClient.connectToCluster({
+   *   bootstrap: ['https://gateway.my-private-net.example'],
+   *   appId: 'app_abc',
+   * });
+   * ```
+   *
+   * @throws {BaasError} `503` when no cluster is reachable via any seed.
+   * @throws {BaasError} `400` when bootstrap resolution yields an empty list
+   *   (only possible when the caller passes an empty array explicitly).
+   */
+  static async connectToCluster(config) {
+    const allowInsecure = config.allowInsecure ?? false;
+    const bootstrap = config.bootstrap ? [...config.bootstrap] : [...resolveNetwork(config.network).bootstrap];
+    if (bootstrap.length === 0) {
+      throw new BaasError(
+        "connectToCluster requires either a non-empty `bootstrap` list or a known `network` name.",
+        400
+      );
+    }
+    const discovery = new ClusterDiscoveryClient({
+      bootstrap,
+      allowInsecure,
+      trustAnchor: config.trustAnchor ? {
+        network: config.trustAnchor.network,
+        registryTopicId: config.trustAnchor.registryTopicId,
+        mirrorNodeUrl: config.trustAnchor.mirrorNodeUrl,
+        allowInsecure
+      } : void 0
+    });
+    const cluster = await discovery.getRandomCluster();
+    if (!cluster) {
+      throw new BaasError(
+        "No active clusters available via bootstrap seeds. Check network reachability or bootstrap URLs.",
+        503
+      );
+    }
+    return new _BaasClient({
+      hostUrl: cluster.endpoints.gatewayUrl,
+      appId: config.appId,
+      appName: config.appName,
+      timeout: config.timeout,
+      allowInsecure,
+      // BaaS traffic is gateway-routed at `/host/*` by default. Callers
+      // pointing at a bare host can override with `pathPrefix: ''`.
+      pathPrefix: config.pathPrefix ?? "/host"
+    });
   }
   /** Set the app ID (for newly registered apps) */
   setAppId(appId) {
@@ -9627,6 +9749,16 @@ var BaasClient = class {
   getAppId() {
     return this.appId;
   }
+  /**
+   * Get the configured host URL. After
+   * {@link BaasClient.connectToCluster} this is the gateway URL of the
+   * cluster the SDK landed on after random-pick — useful for logging,
+   * "behind the curtain" UIs, or debugging which cluster is serving a
+   * given request.
+   */
+  getHostUrl() {
+    return this.hostUrl;
+  }
   /**
    * Get HTTP resilience health information
    * @returns Object with circuit breaker state and last error (if any)
@@ -9935,6 +10067,1088 @@ async function verifyPqcAttestation(cert, payload, registrySnapshot) {
     thresholdMet: true
   };
 }
+
+// src/rules/builders/base-builder.ts
+var RuleBuildError = class extends Error {
+  errors;
+  constructor(message, errors) {
+    super(message);
+    this.name = "RuleBuildError";
+    this.errors = errors;
+  }
+};
+var BaseRuleBuilder = class {
+  state;
+  constructor(type, initial) {
+    this.state = initial ?? {};
+    this.state.version = "3.0";
+    this.state.type = type;
+    this.state.created = (/* @__PURE__ */ new Date()).toISOString();
+    if (!this.state.defaultSecurity) this.state.defaultSecurity = "full";
+    if (!this.state.defaultController) this.state.defaultController = "owner";
+  }
+  withSecurity(mode) {
+    this.state.defaultSecurity = mode;
+    return this;
+  }
+  withController(controller) {
+    this.state.defaultController = controller;
+    return this;
+  }
+  withGovernance(governance) {
+    this.state.governance = governance;
+    return this;
+  }
+  withTokenGates(tokenGates) {
+    this.state.tokenGates = tokenGates;
+    return this;
+  }
+  withTimeRange(timeRange) {
+    this.state.timeRange = timeRange;
+    return this;
+  }
+  withMetadata(metadata) {
+    this.state.metadata = metadata;
+    return this;
+  }
+  withModules(modules) {
+    this.state.modules = modules;
+    return this;
+  }
+  /** Add a single module entry on top of any previously set modules. */
+  addModule(module) {
+    this.state.modules = [...this.state.modules ?? [], module];
+    return this;
+  }
+  withInvariants(invariants) {
+    this.state.invariants = invariants;
+    return this;
+  }
+  /** Validate + return the typed, schema-conformant rule. Throws on invalid. */
+  build() {
+    const result = this.schema().safeParse(this.state);
+    if (!result.success) {
+      const errors = result.error.issues.map((issue) => {
+        const path = issue.path.join(".");
+        return path ? `${path}: ${issue.message}` : issue.message;
+      });
+      throw new RuleBuildError(`Invalid ${this.state.type ?? "rule"}: ${errors.join("; ")}`, errors);
+    }
+    return result.data;
+  }
+  /** Return the in-progress partial — handy for templates that finish the rule later. */
+  partial() {
+    return this.state;
+  }
+};
+var SmartNodeSecuritySchema = zod.z.enum(["partial", "full"]);
+var OperationControllerSchema = zod.z.enum(["owner", "dao"]);
+var OperationLimitsSchema = zod.z.object({
+  maxPerTransaction: zod.z.string().optional(),
+  dailyLimit: zod.z.string().optional(),
+  weeklyLimit: zod.z.string().optional(),
+  monthlyLimit: zod.z.string().optional(),
+  totalLimit: zod.z.string().optional(),
+  cooldownSeconds: zod.z.number().int().min(0).optional(),
+  minPerTransaction: zod.z.string().optional()
+}).strict();
+var BaseOperationConfigSchema = zod.z.object({
+  enabled: zod.z.boolean(),
+  controller: OperationControllerSchema.optional(),
+  requiresApproval: zod.z.boolean().optional(),
+  limits: OperationLimitsSchema.optional()
+}).strict();
+var MintOperationConfigSchema = BaseOperationConfigSchema.extend({}).strict();
+var UpdateOperationConfigSchema = BaseOperationConfigSchema.extend({
+  allowedFields: zod.z.array(zod.z.string()).optional()
+}).strict();
+var PayloadSchemaRefSchema = zod.z.discriminatedUnion("kind", [
+  zod.z.object({ kind: zod.z.literal("builtin"), id: zod.z.string().min(1) }).strict(),
+  zod.z.object({ kind: zod.z.literal("jsonschema"), schema: zod.z.record(zod.z.unknown()) }).strict()
+]);
+var SubmitOperationConfigSchema = BaseOperationConfigSchema.extend({
+  maxMessageSize: zod.z.number().int().min(0).optional(),
+  rateLimit: zod.z.object({
+    maxMessages: zod.z.number().int().min(1),
+    periodSeconds: zod.z.number().int().min(1)
+  }).strict().optional(),
+  payloadSchema: PayloadSchemaRefSchema.optional()
+}).strict();
+var BurnOperationConfigSchema = BaseOperationConfigSchema.extend({
+  allowHolderBurn: zod.z.boolean().optional()
+}).strict();
+var TransferOperationConfigSchema = BaseOperationConfigSchema.extend({
+  blacklistEnabled: zod.z.boolean().optional(),
+  requiresKyc: zod.z.boolean().optional(),
+  whitelist: zod.z.array(zod.z.string()).optional(),
+  blacklist: zod.z.array(zod.z.string()).optional()
+}).strict();
+var FreezeOperationConfigSchema = BaseOperationConfigSchema.extend({
+  requiresMultisig: zod.z.boolean().optional()
+}).strict();
+var PauseOperationConfigSchema = BaseOperationConfigSchema.extend({}).strict();
+var TokenOperationsConfigSchema = zod.z.object({
+  mint: MintOperationConfigSchema.optional(),
+  burn: BurnOperationConfigSchema.optional(),
+  transfer: TransferOperationConfigSchema.optional(),
+  freeze: FreezeOperationConfigSchema.optional(),
+  pause: PauseOperationConfigSchema.optional(),
+  wipe: BaseOperationConfigSchema.optional(),
+  update: UpdateOperationConfigSchema.optional(),
+  associate: BaseOperationConfigSchema.optional(),
+  dissociate: BaseOperationConfigSchema.optional(),
+  grantKyc: BaseOperationConfigSchema.optional(),
+  revokeKyc: BaseOperationConfigSchema.optional()
+}).strict();
+var AccountOperationsConfigSchema = zod.z.object({
+  transfer: TransferOperationConfigSchema.optional(),
+  update: UpdateOperationConfigSchema.optional(),
+  delete: BaseOperationConfigSchema.optional(),
+  approveAllowance: BaseOperationConfigSchema.optional(),
+  deleteAllowance: BaseOperationConfigSchema.optional(),
+  stake: BaseOperationConfigSchema.optional(),
+  unstake: BaseOperationConfigSchema.optional()
+}).strict();
+var TopicOperationsConfigSchema = zod.z.object({
+  submit: SubmitOperationConfigSchema.optional(),
+  update: UpdateOperationConfigSchema.optional(),
+  delete: BaseOperationConfigSchema.optional()
+}).strict();
+var KeyConditionSchema = zod.z.object({
+  enabled: zod.z.boolean().optional(),
+  security: SmartNodeSecuritySchema.optional(),
+  controller: OperationControllerSchema.optional(),
+  requiresApproval: zod.z.boolean().optional(),
+  threshold: zod.z.number().int().min(1).optional()
+}).strict();
+var TokenKeyConditionsSchema = zod.z.object({
+  admin: KeyConditionSchema.optional(),
+  supply: KeyConditionSchema.optional(),
+  freeze: KeyConditionSchema.optional(),
+  pause: KeyConditionSchema.optional(),
+  wipe: KeyConditionSchema.optional(),
+  kyc: KeyConditionSchema.optional(),
+  feeSchedule: KeyConditionSchema.optional()
+}).strict();
+var AccountKeyConditionsSchema = zod.z.object({
+  admin: KeyConditionSchema.optional(),
+  signing: KeyConditionSchema.optional()
+}).strict();
+var TopicKeyConditionsSchema = zod.z.object({
+  admin: KeyConditionSchema.optional(),
+  submit: KeyConditionSchema.optional()
+}).strict();
+var FixedFeeConditionSchema = zod.z.object({
+  enabled: zod.z.boolean(),
+  amount: zod.z.string(),
+  feeTokenId: zod.z.string().optional(),
+  feeCollectorAccountId: zod.z.string(),
+  allCollectorsAreExempt: zod.z.boolean().optional()
+}).strict();
+var FractionalFeeConditionSchema = zod.z.object({
+  enabled: zod.z.boolean(),
+  numerator: zod.z.number().int(),
+  denominator: zod.z.number().int().min(1),
+  minimumAmount: zod.z.string().optional(),
+  maximumAmount: zod.z.string().optional(),
+  feeCollectorAccountId: zod.z.string(),
+  netOfTransfers: zod.z.boolean().optional()
+}).strict();
+var RoyaltyFeeConditionSchema = zod.z.object({
+  enabled: zod.z.boolean(),
+  numerator: zod.z.number().int(),
+  denominator: zod.z.number().int().min(1),
+  fallbackFee: FixedFeeConditionSchema.optional(),
+  feeCollectorAccountId: zod.z.string()
+}).strict();
+var FeeConditionsSchema = zod.z.object({
+  fixed: zod.z.array(FixedFeeConditionSchema).optional(),
+  fractional: zod.z.array(FractionalFeeConditionSchema).optional(),
+  royalty: zod.z.array(RoyaltyFeeConditionSchema).optional()
+}).strict();
+var TimeRangeSchema = zod.z.object({
+  start: zod.z.union([zod.z.number(), zod.z.string()]),
+  end: zod.z.union([zod.z.number(), zod.z.string()])
+}).strict();
+var FungibleTokenGateSchema = zod.z.object({
+  tokenId: zod.z.string(),
+  minBalance: zod.z.string(),
+  timeRange: TimeRangeSchema.optional()
+}).strict();
+var NonFungibleTokenGateSchema = zod.z.object({
+  tokenId: zod.z.string(),
+  serialNumbers: zod.z.array(zod.z.string()).optional(),
+  timeRange: TimeRangeSchema.optional()
+}).strict();
+var TokenGateConditionsSchema = zod.z.object({
+  fungibles: zod.z.object({
+    tokens: zod.z.array(FungibleTokenGateSchema)
+  }),
+  nonFungibles: zod.z.object({
+    tokens: zod.z.array(NonFungibleTokenGateSchema)
+  }),
+  timeRange: TimeRangeSchema.nullable()
+}).strict();
+var GovernanceConfigSchema = zod.z.object({
+  daoTokenId: zod.z.string().optional(),
+  proposalThreshold: zod.z.string().optional(),
+  votingThreshold: zod.z.string().optional(),
+  votingPeriodSeconds: zod.z.number().int().min(0).optional(),
+  timelockSeconds: zod.z.number().int().min(0).optional(),
+  quorumPercentage: zod.z.number().min(0).max(100).optional(),
+  /** Pluggable wisdom-weight function (SDK-GOV-1). Registered server-side under `registryKey`. */
+  wisdomWeightFn: zod.z.object({
+    registryKey: zod.z.string().min(1)
+  }).strict().optional(),
+  /** Multi-hop liquid delegation (SDK-GOV-1 / whitepaper §A.7). */
+  delegation: zod.z.object({
+    maxHops: zod.z.number().int().min(1).max(10),
+    decayPerHop: zod.z.number().min(0).max(1),
+    concentrationAlert: zod.z.number().min(0).max(1).optional()
+  }).strict().optional()
+}).strict();
+var ValidatorMetadataSchema = zod.z.object({
+  version: zod.z.string(),
+  previousVersion: zod.z.string().optional(),
+  deprecatedAt: zod.z.string().optional(),
+  expiresAt: zod.z.string().optional(),
+  description: zod.z.string().max(500).optional(),
+  author: zod.z.string().optional(),
+  tags: zod.z.array(zod.z.string()).optional(),
+  documentationUrl: zod.z.string().url().optional()
+}).strict();
+var RuleInvariantsSchema = zod.z.object({
+  maxSupply: zod.z.string().optional(),
+  minBalance: zod.z.string().optional(),
+  minQuorumPercentage: zod.z.number().min(0).max(100).optional(),
+  minTimelockSeconds: zod.z.number().int().min(0).optional(),
+  immutableFields: zod.z.array(zod.z.string())
+}).strict();
+var SoulboundAllowedActionSchema = zod.z.enum(["burn", "wipe", "mint"]);
+var SoulboundNftConfigSchema = zod.z.object({
+  enforced: zod.z.boolean(),
+  allowedActions: zod.z.array(SoulboundAllowedActionSchema).optional()
+}).strict();
+var ModuleEntrySchema = zod.z.object({
+  type: zod.z.string().min(1).max(64).regex(/^[a-z][a-z0-9-]*$/, "Module type must be lowercase alphanumeric with hyphens"),
+  version: zod.z.string().min(1).max(20).regex(/^\d+\.\d+\.\d+$/, "Version must be semver (e.g. 1.0.0)"),
+  config: zod.z.record(zod.z.unknown())
+});
+var TokenValidatorRulesSchema = zod.z.object({
+  version: zod.z.literal("3.0"),
+  type: zod.z.literal("token"),
+  created: zod.z.string(),
+  smartNodeSecurity: SmartNodeSecuritySchema.optional(),
+  defaultSecurity: SmartNodeSecuritySchema.optional(),
+  defaultController: OperationControllerSchema.optional(),
+  operations: TokenOperationsConfigSchema,
+  keys: TokenKeyConditionsSchema.optional(),
+  fees: FeeConditionsSchema.optional(),
+  tokenGates: TokenGateConditionsSchema.optional(),
+  timeRange: TimeRangeSchema.nullable().optional(),
+  governance: GovernanceConfigSchema.optional(),
+  metadata: ValidatorMetadataSchema.optional(),
+  modules: zod.z.array(ModuleEntrySchema).max(10).optional(),
+  soulbound: SoulboundNftConfigSchema.optional(),
+  invariants: RuleInvariantsSchema.optional()
+}).strict().refine((data) => data.smartNodeSecurity || data.defaultSecurity, {
+  message: "Either smartNodeSecurity or defaultSecurity must be provided"
+});
+var AccountValidatorRulesSchema = zod.z.object({
+  version: zod.z.literal("3.0"),
+  type: zod.z.literal("account"),
+  created: zod.z.string(),
+  smartNodeSecurity: SmartNodeSecuritySchema.optional(),
+  defaultSecurity: SmartNodeSecuritySchema.optional(),
+  defaultController: OperationControllerSchema.optional(),
+  operations: AccountOperationsConfigSchema,
+  keys: AccountKeyConditionsSchema.optional(),
+  tokenGates: TokenGateConditionsSchema.optional(),
+  timeRange: TimeRangeSchema.nullable().optional(),
+  governance: GovernanceConfigSchema.optional(),
+  metadata: ValidatorMetadataSchema.optional(),
+  modules: zod.z.array(ModuleEntrySchema).max(10).optional(),
+  invariants: RuleInvariantsSchema.optional()
+}).strict().refine((data) => data.smartNodeSecurity || data.defaultSecurity, {
+  message: "Either smartNodeSecurity or defaultSecurity must be provided"
+});
+var TopicValidatorRulesSchema = zod.z.object({
+  version: zod.z.literal("3.0"),
+  type: zod.z.literal("topic"),
+  created: zod.z.string(),
+  smartNodeSecurity: SmartNodeSecuritySchema.optional(),
+  defaultSecurity: SmartNodeSecuritySchema.optional(),
+  defaultController: OperationControllerSchema.optional(),
+  operations: TopicOperationsConfigSchema,
+  keys: TopicKeyConditionsSchema.optional(),
+  tokenGates: TokenGateConditionsSchema.optional(),
+  timeRange: TimeRangeSchema.nullable().optional(),
+  governance: GovernanceConfigSchema.optional(),
+  metadata: ValidatorMetadataSchema.optional(),
+  modules: zod.z.array(ModuleEntrySchema).max(10).optional(),
+  invariants: RuleInvariantsSchema.optional()
+}).strict().refine((data) => data.smartNodeSecurity || data.defaultSecurity, {
+  message: "Either smartNodeSecurity or defaultSecurity must be provided"
+});
+var AgentTypeSchema = zod.z.enum(["trading", "monitoring", "analytics", "custom"]);
+var AgentPermissionScopeSchema = zod.z.enum(["read", "execute", "modify", "admin"]);
+var AgentControllerTypeSchema = zod.z.enum(["owner", "dao", "multisig", "automated"]);
+var AgentAccessControlModeSchema = zod.z.enum([
+  "whitelist",
+  "blacklist",
+  "public",
+  "token_gated"
+]);
+var AgentPermissionEntrySchema = zod.z.object({
+  accountId: zod.z.string(),
+  scope: AgentPermissionScopeSchema.optional(),
+  expiresAt: zod.z.union([zod.z.string(), zod.z.date()]).optional(),
+  label: zod.z.string().optional(),
+  metadata: zod.z.record(zod.z.unknown()).optional()
+}).strict();
+var AgentPermissionsSchema = zod.z.object({
+  mode: AgentAccessControlModeSchema.optional(),
+  entries: zod.z.array(AgentPermissionEntrySchema),
+  controller: AgentControllerTypeSchema.optional(),
+  allowSelfAdd: zod.z.boolean().optional(),
+  maxEntries: zod.z.number().int().min(0).optional(),
+  requiredScope: AgentPermissionScopeSchema.optional(),
+  allowWildcards: zod.z.boolean().optional()
+}).strict();
+var AgentTradeLimitsSchema = zod.z.object({
+  maxPerTrade: zod.z.string(),
+  dailyLimit: zod.z.string(),
+  periodMs: zod.z.number().int().min(0).optional(),
+  decimals: zod.z.number().int().min(0).optional()
+}).strict();
+var AgentTokenPairSchema = zod.z.object({
+  baseToken: zod.z.string(),
+  quoteToken: zod.z.string(),
+  chain: zod.z.string()
+}).strict();
+var AgentApprovedPairsSchema = zod.z.object({
+  pairs: zod.z.array(AgentTokenPairSchema),
+  strictMode: zod.z.boolean().optional()
+}).strict();
+var AgentCooldownSchema = zod.z.object({
+  cooldownMs: zod.z.number().int().min(0),
+  perAction: zod.z.record(zod.z.string(), zod.z.number().int().min(0)).optional()
+}).strict();
+var AgentApprovalThresholdSchema = zod.z.object({
+  threshold: zod.z.string(),
+  currency: zod.z.string().optional(),
+  decimals: zod.z.number().int().min(0).optional(),
+  controller: OperationControllerSchema.optional()
+}).strict();
+var AgentOperationalWindowSchema = zod.z.object({
+  from: zod.z.union([zod.z.number(), zod.z.string()]),
+  to: zod.z.union([zod.z.number(), zod.z.string()]),
+  timezone: zod.z.string().optional(),
+  inclusive: zod.z.boolean().optional()
+}).strict();
+var AgentAllocationLimitsSchema = zod.z.object({
+  min: zod.z.union([zod.z.number(), zod.z.string()]).optional(),
+  max: zod.z.union([zod.z.number(), zod.z.string()]).optional(),
+  tokenId: zod.z.string().optional(),
+  decimals: zod.z.number().int().min(0).optional(),
+  inclusive: zod.z.boolean().optional()
+}).strict();
+var AgentValidatorRulesSchema = zod.z.object({
+  version: zod.z.literal("3.0"),
+  type: zod.z.literal("agent"),
+  created: zod.z.string(),
+  smartNodeSecurity: SmartNodeSecuritySchema.optional(),
+  defaultSecurity: SmartNodeSecuritySchema.optional(),
+  defaultController: OperationControllerSchema.optional(),
+  name: zod.z.string().optional(),
+  agentType: AgentTypeSchema.optional(),
+  permissions: AgentPermissionsSchema.optional(),
+  tradeLimits: AgentTradeLimitsSchema.optional(),
+  approvedPairs: AgentApprovedPairsSchema.optional(),
+  cooldown: AgentCooldownSchema.optional(),
+  approvalThreshold: AgentApprovalThresholdSchema.optional(),
+  operationalWindow: AgentOperationalWindowSchema.optional(),
+  allocationLimits: AgentAllocationLimitsSchema.optional(),
+  tokenGates: TokenGateConditionsSchema.optional(),
+  timeRange: TimeRangeSchema.nullable().optional(),
+  governance: GovernanceConfigSchema.optional(),
+  metadata: ValidatorMetadataSchema.optional(),
+  modules: zod.z.array(ModuleEntrySchema).max(10).optional(),
+  invariants: RuleInvariantsSchema.optional()
+}).strict().refine((data) => data.smartNodeSecurity || data.defaultSecurity, {
+  message: "Either smartNodeSecurity or defaultSecurity must be provided"
+});
+var ValidatorRulesSchema = zod.z.union([
+  TokenValidatorRulesSchema,
+  AccountValidatorRulesSchema,
+  TopicValidatorRulesSchema,
+  AgentValidatorRulesSchema
+]);
+
+// src/rules/builders/token-rules-builder.ts
+var TokenRulesBuilder = class extends BaseRuleBuilder {
+  constructor() {
+    super("token");
+  }
+  schema() {
+    return TokenValidatorRulesSchema;
+  }
+  /** Set the full operations config (required by the canonical schema). */
+  withOperations(operations) {
+    this.state.operations = operations;
+    return this;
+  }
+  /** Patch-style operations merge: pass only the ops you want to set/change. */
+  patchOperations(partial) {
+    this.state.operations = { ...this.state.operations ?? {}, ...partial };
+    return this;
+  }
+  withKeys(keys) {
+    this.state.keys = keys;
+    return this;
+  }
+  withFees(fees) {
+    this.state.fees = fees;
+    return this;
+  }
+  withSoulbound(soulbound) {
+    this.state.soulbound = soulbound;
+    return this;
+  }
+};
+function forToken() {
+  return new TokenRulesBuilder();
+}
+
+// src/rules/builders/account-rules-builder.ts
+var AccountRulesBuilder = class extends BaseRuleBuilder {
+  constructor() {
+    super("account");
+  }
+  schema() {
+    return AccountValidatorRulesSchema;
+  }
+  withOperations(operations) {
+    this.state.operations = operations;
+    return this;
+  }
+  patchOperations(partial) {
+    this.state.operations = { ...this.state.operations ?? {}, ...partial };
+    return this;
+  }
+  withKeys(keys) {
+    this.state.keys = keys;
+    return this;
+  }
+};
+function forAccount() {
+  return new AccountRulesBuilder();
+}
+
+// src/rules/builders/topic-rules-builder.ts
+var TopicRulesBuilder = class extends BaseRuleBuilder {
+  constructor() {
+    super("topic");
+  }
+  schema() {
+    return TopicValidatorRulesSchema;
+  }
+  withOperations(operations) {
+    this.state.operations = operations;
+    return this;
+  }
+  patchOperations(partial) {
+    this.state.operations = { ...this.state.operations ?? {}, ...partial };
+    return this;
+  }
+  withKeys(keys) {
+    this.state.keys = keys;
+    return this;
+  }
+  /**
+   * Convenience: set the submit operation in one call.
+   * Common usage on topics that gate message shape via JSON-Schema payload.
+   */
+  withSubmit(submit) {
+    this.state.operations = {
+      ...this.state.operations ?? {},
+      submit
+    };
+    return this;
+  }
+  /**
+   * Convenience: attach a JSON-Schema payload validation to the submit op.
+   * Equivalent to `withSubmit({ enabled: true, payloadSchema: ref })`.
+   */
+  withPayloadSchema(payloadSchema) {
+    return this.withSubmit({
+      ...this.state.operations?.submit ?? { enabled: true },
+      payloadSchema
+    });
+  }
+};
+function forTopic() {
+  return new TopicRulesBuilder();
+}
+
+// src/rules/builders/agent-rules-builder.ts
+var AgentRulesBuilder = class extends BaseRuleBuilder {
+  constructor() {
+    super("agent");
+  }
+  schema() {
+    return AgentValidatorRulesSchema;
+  }
+  withName(name) {
+    this.state.name = name;
+    return this;
+  }
+  withAgentType(agentType) {
+    this.state.agentType = agentType;
+    return this;
+  }
+  withPermissions(permissions) {
+    this.state.permissions = permissions;
+    return this;
+  }
+  withTradeLimits(tradeLimits) {
+    this.state.tradeLimits = tradeLimits;
+    return this;
+  }
+  withApprovedPairs(approvedPairs) {
+    this.state.approvedPairs = approvedPairs;
+    return this;
+  }
+  withCooldown(cooldown) {
+    this.state.cooldown = cooldown;
+    return this;
+  }
+  withApprovalThreshold(approvalThreshold) {
+    this.state.approvalThreshold = approvalThreshold;
+    return this;
+  }
+  withOperationalWindow(window) {
+    this.state.operationalWindow = window;
+    return this;
+  }
+  withAllocationLimits(allocationLimits) {
+    this.state.allocationLimits = allocationLimits;
+    return this;
+  }
+};
+function forAgent() {
+  return new AgentRulesBuilder();
+}
+
+// src/rules/validate.ts
+function formatIssue(issue) {
+  const path = issue.path.join(".");
+  return path ? `${path}: ${issue.message}` : issue.message;
+}
+function pickArm(rule) {
+  if (rule && typeof rule === "object" && "type" in rule) {
+    const t = rule.type;
+    if (t === "token") return TokenValidatorRulesSchema;
+    if (t === "account") return AccountValidatorRulesSchema;
+    if (t === "topic") return TopicValidatorRulesSchema;
+    if (t === "agent") return AgentValidatorRulesSchema;
+  }
+  return ValidatorRulesSchema;
+}
+function validate(rule) {
+  const result = pickArm(rule).safeParse(rule);
+  if (result.success) {
+    return { valid: true, errors: [] };
+  }
+  return {
+    valid: false,
+    errors: result.error.issues.map(formatIssue)
+  };
+}
+
+// src/rules/atoms/index.ts
+var atom = {
+  timeRange: (cfg) => ({
+    inclusive: true,
+    timezone: "UTC",
+    ...cfg
+  }),
+  limits: (cfg) => ({
+    decimals: 0,
+    inclusive: true,
+    ...cfg
+  }),
+  permissionList: (cfg) => ({
+    mode: "whitelist",
+    controller: "owner",
+    allowSelfAdd: false,
+    allowWildcards: false,
+    requiredScope: "execute",
+    entries: [],
+    ...cfg
+  }),
+  rateLimiter: (cfg) => ({
+    strategy: "all",
+    includeCurrentOperation: true,
+    ...cfg
+  }),
+  cooldown: (cfg) => ({ ...cfg }),
+  approvalThreshold: (cfg) => ({
+    decimals: 0,
+    ...cfg
+  }),
+  approvedPairs: (cfg) => ({
+    strictMode: true,
+    ...cfg
+  }),
+  tradeLimit: (cfg) => ({
+    periodMs: 864e5,
+    decimals: 0,
+    ...cfg
+  }),
+  snapshot: (cfg) => ({
+    validationMode: "minimum",
+    ...cfg
+  }),
+  cronSchedule: (cfg) => ({
+    allowOutsideSchedule: false,
+    toleranceMs: 0,
+    ...cfg
+  }),
+  countApproval: (cfg) => ({
+    maxCount: 0,
+    allowDuplicates: false,
+    maxApprovalAgeSec: 0,
+    allowSelfApproval: false,
+    ...cfg
+  }),
+  externalEvidence: (cfg) => ({
+    requiredSignatures: 1,
+    maxEvidenceAgeSec: 3600,
+    verifyPayloadHash: true,
+    ...cfg
+  }),
+  fieldValues: (cfg) => ({
+    requireAll: true,
+    ...cfg,
+    constraints: cfg.constraints.map((c) => ({
+      caseInsensitive: false,
+      denyMode: false,
+      ...c
+    }))
+  }),
+  registryReference: (cfg) => ({
+    requireAll: true,
+    ...cfg,
+    references: cfg.references.map((r) => ({ required: true, ...r }))
+  }),
+  schemaValidation: (cfg) => ({
+    strict: false,
+    allErrors: true,
+    validateFormats: false,
+    errorPrefix: "Schema validation failed",
+    removeAdditional: false,
+    useDefaults: false,
+    coerceTypes: false,
+    ...cfg
+  }),
+  stopLoss: (cfg) => ({ ...cfg }),
+  workflowState: (cfg) => ({
+    allowSelfTransition: false,
+    ...cfg
+  })
+};
+
+// src/rules/molecules/index.ts
+var molecule = {
+  tokenGate: (cfg) => ({
+    overallOperator: "AND",
+    allowDelegation: false,
+    ...cfg,
+    fungibles: cfg.fungibles ? { operator: "AND", ...cfg.fungibles } : void 0,
+    nonFungibles: cfg.nonFungibles ? { operator: "OR", ...cfg.nonFungibles } : void 0
+  }),
+  airdrop: (cfg) => ({
+    decimals: 0,
+    claimMethod: "manual",
+    ...cfg
+  }),
+  vesting: (cfg) => ({
+    decimals: 0,
+    cliffDurationMs: 0,
+    initialUnlockPercent: 0,
+    revocable: false,
+    returnToTreasury: true,
+    ...cfg
+  }),
+  governance: (cfg) => ({
+    decimals: 0,
+    votingPowerMethod: "token_balance",
+    quorumPercent: 10,
+    approvalThresholdPercent: 50,
+    timeLockMs: 0,
+    allowDelegation: true,
+    allowVoteChange: false,
+    maxActiveProposalsPerAccount: 3,
+    proposalCooldownMs: 0,
+    ...cfg
+  }),
+  streaming: (cfg) => ({
+    decimals: 0,
+    type: "linear",
+    cancellable: true,
+    pausable: false,
+    cancelController: "sender",
+    cliffDurationMs: 0,
+    autoTopUp: false,
+    ...cfg
+  }),
+  swap: (cfg = {}) => ({
+    type: "atomic",
+    requireAtomicity: true,
+    ...cfg
+  })
+};
+
+// src/rules/modules/index.ts
+function withLaunchpadDefaults(c) {
+  return {
+    launchTokenDecimals: 0,
+    paymentTokenDecimals: 0,
+    refundOnFailure: true,
+    overflowPolicy: "proportional",
+    platformFeePercent: 0,
+    ...c
+  };
+}
+function withStakingPoolDefaults(c) {
+  return {
+    stakingTokenDecimals: 0,
+    distributionMethod: "proportional",
+    lockPeriodMs: 0,
+    earlyUnstakePenalty: 0,
+    autoCompound: false,
+    withdrawalCooldownMs: 0,
+    emergencyWithdrawEnabled: true,
+    ...c
+  };
+}
+function withDaoDefaults(c) {
+  return { smartNodeSecurity: "partial", ...c };
+}
+function withDexDefaults(c) {
+  return {
+    defaultSwapFeePercent: 0.3,
+    multiHopEnabled: true,
+    maxHops: 3,
+    defaultSlippagePercent: 0.5,
+    ...c
+  };
+}
+var module_ = {
+  launchpad: (config) => ({
+    type: "launchpad",
+    version: "1.0.0",
+    config: withLaunchpadDefaults(config)
+  }),
+  stakingPool: (config) => ({
+    type: "staking-pool",
+    version: "1.0.0",
+    config: withStakingPoolDefaults(config)
+  }),
+  dao: (config) => ({
+    type: "dao",
+    version: "1.0.0",
+    config: withDaoDefaults(config)
+  }),
+  dex: (config) => ({
+    type: "dex",
+    version: "1.0.0",
+    config: withDexDefaults(config)
+  }),
+  agent: (config) => ({
+    type: "agent",
+    version: "1.0.0",
+    config
+  })
+};
+
+// src/rules/templates/index.ts
+function toEpoch(d) {
+  return typeof d === "number" ? d : d.getTime();
+}
+function meta(templateName, description) {
+  return {
+    version: "1.0.0",
+    description: description ?? `${templateName} (Rules.template.${templateName})`,
+    tags: [`template:${templateName}`]
+  };
+}
+function fairLaunch(p) {
+  const launchpad = module_.launchpad({
+    name: p.name,
+    launchTokenId: p.launchTokenId,
+    launchTokenDecimals: p.launchTokenDecimals,
+    paymentTokenId: p.paymentTokenId,
+    paymentTokenDecimals: p.paymentTokenDecimals,
+    totalTokensForSale: p.totalTokensForSale,
+    pricePerToken: p.pricePerToken,
+    hardCap: p.hardCap,
+    softCap: p.softCap,
+    publicWindow: atom.timeRange({
+      from: toEpoch(p.publicStart),
+      to: toEpoch(p.publicEnd)
+    }),
+    treasuryAccount: p.treasuryAccount,
+    vestingSchedule: p.vestingSchedule,
+    refundOnFailure: true,
+    overflowPolicy: "proportional",
+    description: `Fair-launch IDO for ${p.symbol}`
+  });
+  return forToken().withOperations({
+    mint: { enabled: true, controller: "owner" },
+    transfer: { enabled: true, controller: "owner" }
+  }).addModule(launchpad).withMetadata(meta("fairLaunch", p.description)).build();
+}
+function tieredIDO(p) {
+  const lowestTierBalance = p.tiers.reduce((acc, t) => {
+    if (acc === "") return t.requiredBalance;
+    const len = Math.max(acc.length, t.requiredBalance.length);
+    const a = acc.padStart(len, "0");
+    const b = t.requiredBalance.padStart(len, "0");
+    return a < b ? acc : t.requiredBalance;
+  }, "");
+  const eligibility = molecule.tokenGate({
+    fungibles: {
+      tokens: [
+        {
+          tokenId: p.governanceTokenId,
+          minBalance: lowestTierBalance || "0",
+          checkBalance: true
+        }
+      ],
+      operator: "AND"
+    },
+    overallOperator: "AND"
+  });
+  const launchpad = module_.launchpad({
+    name: p.name,
+    launchTokenId: p.launchTokenId,
+    paymentTokenId: p.paymentTokenId,
+    totalTokensForSale: p.totalTokensForSale,
+    pricePerToken: p.pricePerToken,
+    hardCap: p.hardCap,
+    softCap: p.softCap,
+    registrationWindow: atom.timeRange({
+      from: toEpoch(p.registrationStart),
+      to: toEpoch(p.registrationEnd)
+    }),
+    guaranteedWindow: atom.timeRange({
+      from: toEpoch(p.guaranteedStart),
+      to: toEpoch(p.guaranteedEnd)
+    }),
+    publicWindow: atom.timeRange({
+      from: toEpoch(p.publicStart),
+      to: toEpoch(p.publicEnd)
+    }),
+    eligibility,
+    tiers: p.tiers,
+    treasuryAccount: p.treasuryAccount,
+    refundOnFailure: true,
+    overflowPolicy: "proportional",
+    description: `Tiered IDO for ${p.symbol}`
+  });
+  return forToken().withOperations({
+    mint: { enabled: true, controller: "owner" },
+    transfer: { enabled: true, controller: "owner" }
+  }).addModule(launchpad).withMetadata(meta("tieredIDO", p.description)).build();
+}
+function simpleStaking(p) {
+  const startEpoch = toEpoch(p.startAt);
+  const endEpoch = p.endAt !== void 0 ? toEpoch(p.endAt) : void 0;
+  const stakingPool = module_.stakingPool({
+    name: p.name,
+    poolType: "single",
+    stakingTokenId: p.stakingTokenId,
+    rewardTokens: [
+      {
+        tokenId: p.rewardTokenId,
+        rewardRate: p.rewardRate,
+        totalRewards: p.totalRewards
+      }
+    ],
+    distributionMethod: "proportional",
+    startAt: new Date(startEpoch).toISOString(),
+    endAt: endEpoch !== void 0 ? new Date(endEpoch).toISOString() : void 0,
+    lockPeriodMs: p.lockPeriodMs ?? 0,
+    autoCompound: false,
+    emergencyWithdrawEnabled: true,
+    description: `Single-asset staking pool: ${p.name}`
+  });
+  return forToken().withOperations({
+    transfer: { enabled: true, controller: "owner" }
+  }).addModule(stakingPool).withMetadata(meta("simpleStaking", p.description)).build();
+}
+function tokenDAO(p) {
+  const quorum = p.quorumPercent ?? 10;
+  const timeLockMs = p.timeLockMs ?? 0;
+  const governance = molecule.governance({
+    governanceTokenId: p.governanceTokenId,
+    quorumPercent: quorum,
+    approvalThresholdPercent: p.approvalThresholdPercent ?? 50,
+    proposalThreshold: p.proposalThreshold,
+    votingPeriodMs: p.votingPeriodMs,
+    timeLockMs
+  });
+  const dao = module_.dao({
+    name: p.name,
+    daoType: "token_governed",
+    smartNodeSecurity: "full",
+    governance,
+    treasury: {
+      accountId: p.treasuryAccountId,
+      controlledTokens: p.controlledTokens
+    },
+    description: `Token-governed DAO: ${p.name}`
+  });
+  return forToken().withController("dao").withOperations({
+    mint: { enabled: true, controller: "dao", requiresApproval: true },
+    burn: { enabled: true, controller: "dao", requiresApproval: true },
+    transfer: { enabled: true, controller: "owner" }
+  }).withGovernance({
+    daoTokenId: p.governanceTokenId,
+    proposalThreshold: p.proposalThreshold,
+    votingPeriodSeconds: Math.floor(p.votingPeriodMs / 1e3),
+    timelockSeconds: Math.floor(timeLockMs / 1e3),
+    quorumPercentage: quorum
+  }).addModule(dao).withInvariants({
+    minQuorumPercentage: quorum,
+    minTimelockSeconds: Math.floor(timeLockMs / 1e3),
+    immutableFields: ["governance", "treasury"]
+  }).withMetadata(meta("tokenDAO", p.description)).build();
+}
+function multisigDAO(p) {
+  if (p.threshold < 1 || p.threshold > p.signers.length) {
+    throw new Error(
+      `multisigDAO: threshold ${p.threshold} must be between 1 and signers.length (${p.signers.length})`
+    );
+  }
+  const proposalExpirationMs = p.proposalExpirationMs ?? 7 * 24 * 60 * 60 * 1e3;
+  const governance = molecule.governance({
+    governanceTokenId: "multisig",
+    proposalThreshold: "0",
+    votingPeriodMs: proposalExpirationMs,
+    quorumPercent: 0,
+    approvalThresholdPercent: Math.floor(p.threshold / p.signers.length * 100)
+  });
+  const dao = module_.dao({
+    name: p.name,
+    daoType: "multisig",
+    smartNodeSecurity: "full",
+    governance,
+    treasury: {
+      accountId: p.treasuryAccountId,
+      controlledTokens: p.controlledTokens
+    },
+    multisig: {
+      signers: p.signers,
+      threshold: p.threshold,
+      proposalExpirationMs
+    },
+    description: `Multisig DAO: ${p.name}`
+  });
+  return forToken().withController("owner").withOperations({
+    transfer: { enabled: true, controller: "owner", requiresApproval: true }
+  }).addModule(dao).withMetadata(meta("multisigDAO", p.description)).build();
+}
+function simpleAMM(p) {
+  const swapFeePercent = p.swapFeePercent ?? 0.3;
+  const poolId = `${p.tokenA.tokenId}-${p.tokenB.tokenId}`;
+  const dex = module_.dex({
+    name: p.name,
+    dexType: "amm",
+    pools: [
+      {
+        poolId,
+        tokenA: p.tokenA,
+        tokenB: p.tokenB,
+        curveType: "constant_product",
+        swapFeePercent
+      }
+    ],
+    defaultSwapFeePercent: swapFeePercent,
+    multiHopEnabled: false,
+    description: `Single-pool AMM: ${poolId}`
+  });
+  return forToken().withOperations({
+    transfer: { enabled: true, controller: "owner" }
+  }).addModule(dex).withMetadata(meta("simpleAMM", p.description)).build();
+}
+function vestingSchedule(p) {
+  const startEpoch = toEpoch(p.startAt);
+  const vestingMolecule = molecule.vesting({
+    tokenId: p.tokenId,
+    totalAmount: p.totalAmount,
+    beneficiary: p.beneficiary,
+    scheduleType: p.scheduleType,
+    startAt: new Date(startEpoch).toISOString(),
+    cliffDurationMs: p.cliffDurationMs ?? 0,
+    vestingDurationMs: p.vestingDurationMs,
+    treasuryAccount: p.treasuryAccount,
+    returnToTreasury: p.treasuryAccount !== void 0
+  });
+  const vestingModule = {
+    type: "vesting",
+    version: "1.0.0",
+    config: vestingMolecule
+  };
+  return forAccount().withOperations({
+    transfer: { enabled: true, controller: "owner" }
+  }).addModule(vestingModule).withMetadata(meta("vestingSchedule", p.description)).build();
+}
+function tradingAgent(p) {
+  return forAgent().withName(p.name).withAgentType("trading").withTradeLimits({
+    maxPerTrade: p.maxPerTrade,
+    dailyLimit: p.dailyLimit
+  }).withApprovedPairs({
+    pairs: p.approvedPairs,
+    strictMode: true
+  }).withCooldown({ cooldownMs: p.cooldownMs ?? 0 }).withApprovalThreshold({
+    threshold: p.approvalThreshold ?? "999999999"
+  }).withMetadata(meta("tradingAgent", p.description)).build();
+}
+var template = {
+  fairLaunch,
+  tieredIDO,
+  simpleStaking,
+  tokenDAO,
+  multisigDAO,
+  simpleAMM,
+  vestingSchedule,
+  tradingAgent
+};
+
+// src/rules/index.ts
+var Rules = {
+  /** Build a canonical `TokenValidatorRules`. */
+  forToken,
+  /** Build a canonical `AccountValidatorRules`. */
+  forAccount,
+  /** Build a canonical `TopicValidatorRules`. */
+  forTopic,
+  /** Build a canonical `AgentValidatorRules`. */
+  forAgent,
+  /** Local preflight — runs the canonical Zod schema, returns `{valid, errors}`. */
+  validate,
+  /** Atom factories — typed config for primitive rule pieces (`timeRange`, `limits`, …). */
+  atom,
+  /** Molecule factories — typed config for compound rules (`tokenGate`, `governance`, …). */
+  molecule,
+  /** Module factories — typed organism configs wrapped as canonical `ModuleEntry`. */
+  module: module_,
+  /** One-call template factories — ready-to-publish canonical ValidatorRules. */
+  template
+};
 /*! Bundled license information:
 
 @scure/base/lib/index.js:
@@ -9952,9 +11166,31 @@ async function verifyPqcAttestation(cert, payload, registrySnapshot) {
   (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
 */
 
+exports.AccountKeyConditionsSchema = AccountKeyConditionsSchema;
+exports.AccountOperationsConfigSchema = AccountOperationsConfigSchema;
+exports.AccountRulesBuilder = AccountRulesBuilder;
+exports.AccountValidatorRulesSchema = AccountValidatorRulesSchema;
+exports.AgentAccessControlModeSchema = AgentAccessControlModeSchema;
+exports.AgentAllocationLimitsSchema = AgentAllocationLimitsSchema;
+exports.AgentApprovalThresholdSchema = AgentApprovalThresholdSchema;
+exports.AgentApprovedPairsSchema = AgentApprovedPairsSchema;
+exports.AgentControllerTypeSchema = AgentControllerTypeSchema;
+exports.AgentCooldownSchema = AgentCooldownSchema;
+exports.AgentOperationalWindowSchema = AgentOperationalWindowSchema;
+exports.AgentPermissionEntrySchema = AgentPermissionEntrySchema;
+exports.AgentPermissionScopeSchema = AgentPermissionScopeSchema;
+exports.AgentPermissionsSchema = AgentPermissionsSchema;
+exports.AgentRulesBuilder = AgentRulesBuilder;
+exports.AgentTokenPairSchema = AgentTokenPairSchema;
+exports.AgentTradeLimitsSchema = AgentTradeLimitsSchema;
+exports.AgentTypeSchema = AgentTypeSchema;
+exports.AgentValidatorRulesSchema = AgentValidatorRulesSchema;
 exports.AgentsClient = AgentsClient;
 exports.BaasClient = BaasClient;
 exports.BaasError = BaasError;
+exports.BaseOperationConfigSchema = BaseOperationConfigSchema;
+exports.BaseRuleBuilder = BaseRuleBuilder;
+exports.BurnOperationConfigSchema = BurnOperationConfigSchema;
 exports.CapabilityNotEnabledError = CapabilityNotEnabledError;
 exports.CapabilityValidationError = CapabilityValidationError;
 exports.CircuitBreaker = CircuitBreaker;
@@ -9967,39 +11203,79 @@ exports.DatabaseClient = DatabaseClient;
 exports.DeploymentClient = DeploymentClient;
 exports.DnsClient = DnsClient;
 exports.DomainsClient = DomainsClient;
+exports.EntitiesClient = EntitiesClient;
 exports.ErrorCode = ErrorCode;
+exports.FeeConditionsSchema = FeeConditionsSchema;
+exports.FixedFeeConditionSchema = FixedFeeConditionSchema;
+exports.FractionalFeeConditionSchema = FractionalFeeConditionSchema;
+exports.FreezeOperationConfigSchema = FreezeOperationConfigSchema;
 exports.FunctionsClient = FunctionsClient;
+exports.FungibleTokenGateSchema = FungibleTokenGateSchema;
 exports.GovernanceClient = GovernanceClient;
+exports.GovernanceConfigSchema = GovernanceConfigSchema;
 exports.HederaTransactionsClient = HederaTransactionsClient;
 exports.HistoricalBalanceClient = HistoricalBalanceClient;
 exports.HistoricalBalanceClientError = HistoricalBalanceClientError;
 exports.IPFSClient = IPFSClient;
+exports.KNOWN_NETWORKS = KNOWN_NETWORKS;
+exports.KeyConditionSchema = KeyConditionSchema;
 exports.MIRROR_NODE_URLS = MIRROR_NODE_URLS;
 exports.MessagingClient = MessagingClient;
+exports.MintOperationConfigSchema = MintOperationConfigSchema;
 exports.MirrorNodeClient = MirrorNodeClient;
 exports.MirrorNodeError = MirrorNodeError;
+exports.ModuleEntrySchema = ModuleEntrySchema;
+exports.NonFungibleTokenGateSchema = NonFungibleTokenGateSchema;
+exports.OperationControllerSchema = OperationControllerSchema;
+exports.OperationLimitsSchema = OperationLimitsSchema;
 exports.PERSONHOOD_VERIFIER_NOT_CONFIGURED = PERSONHOOD_VERIFIER_NOT_CONFIGURED;
+exports.PauseOperationConfigSchema = PauseOperationConfigSchema;
+exports.PayloadSchemaRefSchema = PayloadSchemaRefSchema;
 exports.PersonhoodClient = PersonhoodClient;
 exports.PolkadotTransactionsClient = PolkadotTransactionsClient;
 exports.PqcCertV1Schema = PqcCertV1Schema;
 exports.RateLimiter = RateLimiter;
 exports.RoutingClient = RoutingClient;
+exports.RoyaltyFeeConditionSchema = RoyaltyFeeConditionSchema;
+exports.RuleBuildError = RuleBuildError;
+exports.RuleInvariantsSchema = RuleInvariantsSchema;
+exports.Rules = Rules;
+exports.RulesClient = RulesClient;
 exports.SdkHttpError = SdkHttpError;
 exports.SettlementClient = SettlementClient;
 exports.SmartEngineClient = SmartEngineClient;
 exports.SmartEngineError = SmartEngineError;
 exports.SmartGatewayClient = SmartGatewayClient;
+exports.SmartNodeSecuritySchema = SmartNodeSecuritySchema;
 exports.SnapshotsClient = SnapshotsClient;
 exports.SolanaTransactionsClient = SolanaTransactionsClient;
+exports.SoulboundAllowedActionSchema = SoulboundAllowedActionSchema;
+exports.SoulboundNftConfigSchema = SoulboundNftConfigSchema;
 exports.StorageClient = StorageClient;
+exports.SubmitOperationConfigSchema = SubmitOperationConfigSchema;
 exports.SubscriptionClient = SubscriptionClient;
 exports.TSSClient = TSSClient;
+exports.TimeRangeSchema = TimeRangeSchema;
+exports.TokenGateConditionsSchema = TokenGateConditionsSchema;
+exports.TokenKeyConditionsSchema = TokenKeyConditionsSchema;
+exports.TokenOperationsConfigSchema = TokenOperationsConfigSchema;
+exports.TokenRulesBuilder = TokenRulesBuilder;
+exports.TokenValidatorRulesSchema = TokenValidatorRulesSchema;
+exports.TopicKeyConditionsSchema = TopicKeyConditionsSchema;
+exports.TopicOperationsConfigSchema = TopicOperationsConfigSchema;
+exports.TopicRulesBuilder = TopicRulesBuilder;
+exports.TopicValidatorRulesSchema = TopicValidatorRulesSchema;
 exports.TransactionsClient = TransactionsClient;
+exports.TransferOperationConfigSchema = TransferOperationConfigSchema;
 exports.UnsupportedCapabilityError = UnsupportedCapabilityError;
+exports.UpdateOperationConfigSchema = UpdateOperationConfigSchema;
 exports.ValidatorAuthClient = ValidatorAuthClient;
 exports.ValidatorAuthError = ValidatorAuthError;
 exports.ValidatorDiscoveryClient = ValidatorDiscoveryClient;
+exports.ValidatorMetadataSchema = ValidatorMetadataSchema;
+exports.ValidatorRulesSchema = ValidatorRulesSchema;
 exports.XrplTransactionsClient = XrplTransactionsClient;
+exports.atom = atom;
 exports.auth = auth_exports;
 exports.baas = baas_exports;
 exports.chains = chains_exports;
@@ -10008,17 +11284,35 @@ exports.createResilientFetchWithBreaker = createResilientFetchWithBreaker;
 exports.createXrplWeb3Signer = createXrplWeb3Signer;
 exports.discovery = discovery_exports;
 exports.encodePathParam = encodePathParam;
+exports.fairLaunch = fairLaunch;
 exports.fetchRegistrySnapshot = fetchRegistrySnapshot;
+exports.forAccount = forAccount;
+exports.forAgent = forAgent;
+exports.forToken = forToken;
+exports.forTopic = forTopic;
 exports.governance = governance_exports;
+exports.isKnownNetwork = isKnownNetwork;
 exports.isPersonhoodVerifierNotConfigured = isPersonhoodVerifierNotConfigured;
 exports.isRuleRejected = isRuleRejected;
+exports.module_ = module_;
+exports.molecule = molecule;
+exports.multisigDAO = multisigDAO;
 exports.parsePqcCert = parsePqcCert;
 exports.personhood = personhood_exports;
 exports.pqcVerify = pqc_verify_exports;
 exports.resilientFetch = resilientFetch;
+exports.resolveNetwork = resolveNetwork;
 exports.settlement = settlement_exports;
+exports.simpleAMM = simpleAMM;
+exports.simpleStaking = simpleStaking;
 exports.subscription = subscription_exports;
+exports.template = template;
+exports.tieredIDO = tieredIDO;
+exports.tokenDAO = tokenDAO;
+exports.tradingAgent = tradingAgent;
+exports.validate = validate;
 exports.validateAgentRules = validateAgentRules;
 exports.verifyPqcAttestation = verifyPqcAttestation;
+exports.vestingSchedule = vestingSchedule;
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map