@kairoguard/sdk 0.0.14 → 0.0.16

package/dist/backend.d.ts

@@ -56,6 +56,16 @@ export interface ProvisionResponse {
     dwalletObjectId: string;
     walletState: string;
 }
+export interface MintReceiptResponse {
+    success: boolean;
+    receiptId?: string;
+    receiptObjectId?: string;
+    allowed?: boolean;
+    denialReason?: number;
+    denialReasonName?: string;
+    digest?: string;
+    error?: string;
+}
 export interface RegisterKeyRequest {
     label: string;
     email?: string;
@@ -307,7 +317,7 @@ export declare class BackendClient {
     submitDKG(data: DKGSubmitRequest): Promise<DKGSubmitResponse>;
     getDKGStatus(requestId: string): Promise<DKGStatusResponse>;
     provision(params: ProvisionRequest): Promise<ProvisionResponse>;
-    mintReceipt(params: Record<string, unknown>): Promise<Record<string, unknown>>;
+    mintReceipt(params: Record<string, unknown>): Promise<MintReceiptResponse>;
     requestPresign(params: PresignRequestParams): Promise<PresignRequestResponse>;
     getPresignStatus(requestId: string): Promise<PresignStatusResponse>;
     requestSign(params: SignRequestParams): Promise<SignRequestResponse>;

package/dist/client.d.ts

@@ -50,6 +50,11 @@ export interface SignResult {
     presignId: string;
     signatureHex: Hex;
 }
+export declare class PolicyDeniedError extends Error {
+    readonly denialReason: number;
+    readonly denialReasonName: string;
+    constructor(denialReason: number, denialReasonName?: string);
+}
 export interface SignEvmParams {
     walletId: string;
     to: Hex;

package/dist/client.js

@@ -9,12 +9,23 @@
  *   // { walletId: "0xabc...", address: "0x742d...", curve: "secp256k1" }
  */
 import { BackendClient, } from "./backend.js";
+import { getDenialReasonName } from "./denialReasons.js";
 import { KeyStore } from "./keystore.js";
 import { Curve, fetchProtocolParams, deriveEncryptionKeys, generateSeed, generateSessionIdentifier, runDKG, computeUserOutputSignature, fetchDWallet, waitForDWalletState, } from "./ika-protocol.js";
 import { Hash, SignatureAlgorithm, createUserSignMessageWithPublicOutput } from "@ika.xyz/sdk";
 import { computeEvmIntentFromUnsignedTxBytes } from "./evmIntent.js";
 import { keccak256, recoverTransactionAddress, serializeTransaction, } from "viem";
-import { convertWeiToUsdMicros, fetchEthUsdMicros } from "./price.js";
+export class PolicyDeniedError extends Error {
+    denialReason;
+    denialReasonName;
+    constructor(denialReason, denialReasonName) {
+        const resolvedName = denialReasonName?.trim() || getDenialReasonName(denialReason);
+        super(`Policy denied: ${resolvedName}`);
+        this.name = "PolicyDeniedError";
+        this.denialReason = denialReason;
+        this.denialReasonName = resolvedName;
+    }
+}
 const FALLBACK_SUI_RPC = "https://fullnode.testnet.sui.io:443";
 async function testRpcEndpoint(url) {
     try {
@@ -753,30 +764,17 @@ export class KairoClient {
         if (!wallet.policyObjectId || !wallet.bindingObjectId) {
             throw new Error("Wallet is missing policy binding metadata. Provision the wallet via dashboard or SDK before signing.");
         }
-        const mintOnce = async () => {
-            let normalizedNativeValue = ctx.nativeValue;
-            // MaxNativeValue rules are encoded in USD-micros; normalize EVM wei inputs.
-            if (ctx.namespace === 1) {
-                try {
-                    const ethUsdMicros = await fetchEthUsdMicros();
-                    normalizedNativeValue = convertWeiToUsdMicros(ctx.nativeValue, ethUsdMicros);
-                }
-                catch {
-                    // Keep raw value as fallback if price feed is unavailable.
-                }
-            }
-            return this.backend.mintReceipt({
-                policyObjectId: wallet.policyObjectId ?? undefined,
-                bindingObjectId: wallet.bindingObjectId,
-                namespace: ctx.namespace,
-                // chainId is encoded as u64 bytes (16 hex chars)
-                chainId: ctx.chainId.toString(16).padStart(16, "0"),
-                intentHashHex: stripHexPrefix(ctx.intentHashHex),
-                destinationHex: stripHexPrefix(ctx.destinationHex),
-                nativeValueHex: normalizedNativeValue.toString(16).padStart(64, "0"),
-                contextDataHex: ctx.contextDataHex ? stripHexPrefix(ctx.contextDataHex) : undefined,
-            });
-        };
+        const mintOnce = async () => this.backend.mintReceipt({
+            policyObjectId: wallet.policyObjectId ?? undefined,
+            bindingObjectId: wallet.bindingObjectId,
+            namespace: ctx.namespace,
+            // chainId is encoded as u64 bytes (16 hex chars)
+            chainId: ctx.chainId.toString(16).padStart(16, "0"),
+            intentHashHex: stripHexPrefix(ctx.intentHashHex),
+            destinationHex: stripHexPrefix(ctx.destinationHex),
+            nativeValueHex: ctx.nativeValue.toString(16).padStart(64, "0"),
+            contextDataHex: ctx.contextDataHex ? stripHexPrefix(ctx.contextDataHex) : undefined,
+        });
         let response = await mintOnce();
         const initialError = String(response?.error ?? "");
         if (response.success === false && this.isReaffirmRequiredError(initialError)) {
@@ -787,7 +785,8 @@ export class KairoClient {
             throw new Error(String(response.error ?? "Failed to mint policy receipt"));
         }
         if (response.allowed === false) {
-            throw new Error("Policy denied this signing intent");
+            const denialReason = Number(response.denialReason ?? 0);
+            throw new PolicyDeniedError(denialReason, response.denialReasonName);
         }
         const receiptId = String(response.receiptId ?? response.receiptObjectId ?? "");
         if (!receiptId.startsWith("0x")) {

package/dist/denialReasons.d.ts

@@ -0,0 +1,5 @@
+export declare const DENIAL_REASONS: Record<number, {
+    code: string;
+    message: string;
+}>;
+export declare function getDenialReasonName(code: number | undefined): string;

package/dist/denialReasons.js

@@ -0,0 +1,28 @@
+export const DENIAL_REASONS = {
+    0: { code: "NONE", message: "No denial (allowed)" },
+    1: { code: "EXPIRED", message: "Policy has expired" },
+    2: { code: "DENYLIST", message: "Destination address is on the denylist" },
+    3: { code: "NOT_IN_ALLOWLIST", message: "Destination address is not in the allowlist" },
+    4: { code: "BAD_FORMAT", message: "Invalid intent format" },
+    10: { code: "CHAIN_NOT_ALLOWED", message: "This chain/network is not allowed by policy" },
+    11: { code: "BAD_SELECTOR_FORMAT", message: "Invalid EVM function selector format" },
+    12: { code: "SELECTOR_DENYLIST", message: "This contract function is on the denylist" },
+    13: { code: "SELECTOR_NOT_ALLOWED", message: "This contract function is not in the allowlist" },
+    14: { code: "BAD_AMOUNT_FORMAT", message: "Invalid ERC20 amount format" },
+    15: { code: "ERC20_AMOUNT_EXCEEDS_MAX", message: "ERC20 transfer amount exceeds policy limit" },
+    16: { code: "NO_POLICY_VERSION", message: "No active policy version found" },
+    20: { code: "NAMESPACE_NOT_ALLOWED", message: "This blockchain type (EVM/Bitcoin/Solana) is not allowed" },
+    21: { code: "BTC_SCRIPT_TYPE_NOT_ALLOWED", message: "Bitcoin address type not allowed by policy" },
+    22: { code: "BTC_FEE_RATE_EXCEEDED", message: "Bitcoin fee rate exceeds policy limit" },
+    23: { code: "SOL_PROGRAM_DENYLISTED", message: "Solana program is on the denylist" },
+    24: { code: "SOL_PROGRAM_NOT_ALLOWED", message: "Solana program is not in the allowlist" },
+    30: { code: "NATIVE_VALUE_EXCEEDED", message: "Native value exceeds policy limit" },
+    31: { code: "TIME_WINDOW_BLOCKED", message: "Transaction blocked by time window rule" },
+    32: { code: "PERIOD_LIMIT_EXCEEDED", message: "Period spending limit exceeded" },
+    33: { code: "RATE_LIMIT_EXCEEDED", message: "Rate limit exceeded" },
+};
+export function getDenialReasonName(code) {
+    if (code === undefined || code === null)
+        return "Unknown denial reason";
+    return DENIAL_REASONS[code]?.message ?? `Unknown denial reason (${code})`;
+}

package/dist/index.d.ts

@@ -8,6 +8,7 @@ export * from "./suiResult.js";
 export * from "./suiTxBuilders.js";
 export * from "./auditBundle.js";
 export * from "./suiCustody.js";
-export { KairoClient, type KairoClientOpts, type CreateWalletOpts, type WalletInfo, type ProposePolicyUpdateParams, type PolicyUpdateProposalResult, type ApprovePolicyUpdateParams, type ExecutePolicyUpdateParams, type PolicyUpdateStatus, } from "./client.js";
+export * from "./denialReasons.js";
+export { KairoClient, PolicyDeniedError, type KairoClientOpts, type CreateWalletOpts, type WalletInfo, type ProposePolicyUpdateParams, type PolicyUpdateProposalResult, type ApprovePolicyUpdateParams, type ExecutePolicyUpdateParams, type PolicyUpdateStatus, } from "./client.js";
 export { KeyStore, type WalletRecord } from "./keystore.js";
 export { BackendClient, DEFAULT_BACKEND_URL, type BackendClientOpts } from "./backend.js";

package/dist/index.js

@@ -8,6 +8,7 @@ export * from "./suiResult.js";
 export * from "./suiTxBuilders.js";
 export * from "./auditBundle.js";
 export * from "./suiCustody.js";
-export { KairoClient, } from "./client.js";
+export * from "./denialReasons.js";
+export { KairoClient, PolicyDeniedError, } from "./client.js";
 export { KeyStore } from "./keystore.js";
 export { BackendClient, DEFAULT_BACKEND_URL } from "./backend.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kairoguard/sdk",
-  "version": "0.0.14",
+  "version": "0.0.16",
   "description": "Kairo SDK for multi-chain policy-based transaction signing with dWallet support (EVM, Bitcoin, Solana, Sui)",
   "license": "MIT",
   "author": "Kairo <mehraab@thewidercollective.com>",

package/dist/price.d.ts

@@ -1,2 +0,0 @@
-export declare function fetchEthUsdMicros(): Promise<bigint>;
-export declare function convertWeiToUsdMicros(weiValue: bigint, ethUsdMicros: bigint): bigint;

package/dist/price.js

@@ -1,65 +0,0 @@
-const WEI_PER_ETH = 1000000000000000000n;
-const USD_MICROS_SCALE = 1000000n;
-const CACHE_MS = 60_000;
-let cachedEthUsdMicros = null;
-function parseUsdToMicros(input) {
-    const s = input.trim();
-    if (!s)
-        throw new Error("ETH/USD response is empty");
-    if (!/^\d+(\.\d+)?$/.test(s)) {
-        throw new Error(`Invalid ETH/USD amount: ${s}`);
-    }
-    const [wholeRaw, fracRaw = ""] = s.split(".");
-    const whole = BigInt(wholeRaw);
-    const frac = BigInt((fracRaw + "000000").slice(0, 6));
-    return whole * USD_MICROS_SCALE + frac;
-}
-async function fetchJsonWithTimeout(url, timeoutMs) {
-    const ctrl = new AbortController();
-    const timer = setTimeout(() => ctrl.abort(), timeoutMs);
-    try {
-        const resp = await fetch(url, { signal: ctrl.signal });
-        if (!resp.ok) {
-            throw new Error(`HTTP ${resp.status} from ${url}`);
-        }
-        return await resp.json();
-    }
-    finally {
-        clearTimeout(timer);
-    }
-}
-export async function fetchEthUsdMicros() {
-    const now = Date.now();
-    if (cachedEthUsdMicros && now - cachedEthUsdMicros.atMs < CACHE_MS) {
-        return cachedEthUsdMicros.value;
-    }
-    const providers = [
-        async () => {
-            const j = await fetchJsonWithTimeout("https://api.coinbase.com/v2/prices/ETH-USD/spot", 7000);
-            const amount = String(j?.data?.amount ?? "").trim();
-            return parseUsdToMicros(amount);
-        },
-        async () => {
-            const j = await fetchJsonWithTimeout("https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd", 7000);
-            const amount = String(j?.ethereum?.usd ?? "").trim();
-            return parseUsdToMicros(amount);
-        },
-    ];
-    let lastErr = null;
-    for (const getPrice of providers) {
-        try {
-            const value = await getPrice();
-            if (value > 0n) {
-                cachedEthUsdMicros = { value, atMs: now };
-                return value;
-            }
-        }
-        catch (error) {
-            lastErr = error;
-        }
-    }
-    throw new Error(`Could not fetch ETH/USD price${lastErr ? `: ${lastErr instanceof Error ? lastErr.message : String(lastErr)}` : ""}`);
-}
-export function convertWeiToUsdMicros(weiValue, ethUsdMicros) {
-    return (weiValue * ethUsdMicros) / WEI_PER_ETH;
-}