@kairoguard/sdk 0.0.9 → 0.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +13 -0
- package/dist/client.d.ts +0 -1
- package/dist/client.js +59 -42
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -198,6 +198,16 @@ async function cmdVaultProvision(args) {
|
|
|
198
198
|
const res = await kairo.provision(walletId, policyId, stableId);
|
|
199
199
|
console.log(JSON.stringify(res, null, 2));
|
|
200
200
|
}
|
|
201
|
+
async function cmdReaffirm(args) {
|
|
202
|
+
const walletId = requireFlag(args, "--wallet-id", "dwalletId");
|
|
203
|
+
const cfg = requireConfig();
|
|
204
|
+
const kairo = new KairoClient({
|
|
205
|
+
apiKey: cfg.apiKey,
|
|
206
|
+
backendUrl: cfg.backendUrl,
|
|
207
|
+
});
|
|
208
|
+
const res = await kairo.reaffirmBinding(walletId);
|
|
209
|
+
console.log(JSON.stringify(res, null, 2));
|
|
210
|
+
}
|
|
201
211
|
async function cmdReceiptMint(args) {
|
|
202
212
|
const policyId = requireFlag(args, "--policy-id", "objectId");
|
|
203
213
|
const bindingId = requireFlag(args, "--binding-id", "objectId");
|
|
@@ -264,6 +274,7 @@ Wallet & Policy:
|
|
|
264
274
|
policy-details --policy-id <id> Get policy details
|
|
265
275
|
vault-status --wallet-id <id> Check vault registration
|
|
266
276
|
vault-provision --wallet-id <id> --policy-id <id> [--stable-id <id>]
|
|
277
|
+
reaffirm --wallet-id <id> Reaffirm a wallet's current policy binding
|
|
267
278
|
receipt-mint --policy-id <id> --binding-id <id> --destination <hex> --intent-hash <hex>
|
|
268
279
|
|
|
269
280
|
Utility:
|
|
@@ -294,6 +305,8 @@ async function main() {
|
|
|
294
305
|
return cmdVaultStatus(rest);
|
|
295
306
|
case "vault-provision":
|
|
296
307
|
return cmdVaultProvision(rest);
|
|
308
|
+
case "reaffirm":
|
|
309
|
+
return cmdReaffirm(rest);
|
|
297
310
|
case "receipt-mint":
|
|
298
311
|
return cmdReceiptMint(rest);
|
|
299
312
|
case "audit":
|
package/dist/client.d.ts
CHANGED
|
@@ -196,7 +196,6 @@ export declare class KairoClient {
|
|
|
196
196
|
private mintPolicyReceipt;
|
|
197
197
|
private resolvePolicyVersion;
|
|
198
198
|
private isReaffirmRequiredError;
|
|
199
|
-
private requestSignWithReaffirmRetry;
|
|
200
199
|
private computeUserSignMessageWithExtensionFallback;
|
|
201
200
|
private rebuildSigningMaterialFromChain;
|
|
202
201
|
private resolveEvmRpcUrl;
|
package/dist/client.js
CHANGED
|
@@ -237,13 +237,25 @@ export class KairoClient {
|
|
|
237
237
|
if (!wallet.bindingObjectId?.startsWith("0x")) {
|
|
238
238
|
throw new Error("Wallet is missing bindingObjectId. Provision the wallet before reaffirming.");
|
|
239
239
|
}
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
240
|
+
try {
|
|
241
|
+
const result = await this.backend.reaffirmPolicyBinding({
|
|
242
|
+
bindingObjectId: wallet.bindingObjectId,
|
|
243
|
+
});
|
|
244
|
+
return {
|
|
245
|
+
digest: result.digest,
|
|
246
|
+
activeVersionObjectId: result.activeVersionObjectId,
|
|
247
|
+
};
|
|
248
|
+
}
|
|
249
|
+
catch (error) {
|
|
250
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
251
|
+
const governedGuardTriggered = /binding is governed/i.test(message) ||
|
|
252
|
+
/requires governance receipt flow/i.test(message) ||
|
|
253
|
+
/execute-and-reaffirm/i.test(message);
|
|
254
|
+
if (governedGuardTriggered) {
|
|
255
|
+
throw new Error("Binding is governed and cannot be directly reaffirmed. Complete governance execute-and-reaffirm first, then retry signing.");
|
|
256
|
+
}
|
|
257
|
+
throw error;
|
|
258
|
+
}
|
|
247
259
|
}
|
|
248
260
|
/**
|
|
249
261
|
* Governance-first policy update: creates a new policy + version, then proposes
|
|
@@ -431,36 +443,52 @@ export class KairoClient {
|
|
|
431
443
|
destinationHex: "0x0000000000000000000000000000000000000000",
|
|
432
444
|
nativeValue: 0n,
|
|
433
445
|
};
|
|
434
|
-
const
|
|
446
|
+
const initialPolicyReceiptId = await this.mintPolicyReceipt(wallet, policyContext);
|
|
435
447
|
const dWalletCapId = wallet.dWalletCapId;
|
|
436
448
|
if (!dWalletCapId) {
|
|
437
449
|
throw new Error("Wallet record is missing dWalletCapId. Recreate/provision this wallet before signing.");
|
|
438
450
|
}
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
dWalletId: wallet.walletId,
|
|
442
|
-
dWalletCapId,
|
|
443
|
-
encryptedUserSecretKeyShareId: wallet.encryptedUserSecretKeyShareId ?? "",
|
|
444
|
-
userOutputSignature: [],
|
|
445
|
-
presignId,
|
|
446
|
-
messageHex: messageHexNoPrefix,
|
|
447
|
-
userSignMessage: Array.from(userSignMessage),
|
|
448
|
-
policyReceiptId,
|
|
449
|
-
policyBindingObjectId: wallet.bindingObjectId,
|
|
450
|
-
policyObjectId: wallet.policyObjectId,
|
|
451
|
-
policyVersion: resolvedPolicyVersion,
|
|
452
|
-
ethTx: opts?.ethTx,
|
|
453
|
-
});
|
|
454
|
-
if (!req.success) {
|
|
455
|
-
throw new Error(`Failed to request sign for wallet ${walletId}`);
|
|
451
|
+
if (!presignId) {
|
|
452
|
+
throw new Error("Missing presignId after presign creation.");
|
|
456
453
|
}
|
|
457
|
-
const
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
454
|
+
const resolvedPolicyVersion = await this.resolvePolicyVersion(wallet, opts?.policyVersion);
|
|
455
|
+
const submitAndPoll = async (policyReceiptId) => {
|
|
456
|
+
const req = await this.backend.requestSign({
|
|
457
|
+
dWalletId: wallet.walletId,
|
|
458
|
+
dWalletCapId,
|
|
459
|
+
encryptedUserSecretKeyShareId: wallet.encryptedUserSecretKeyShareId ?? "",
|
|
460
|
+
userOutputSignature: [],
|
|
461
|
+
presignId,
|
|
462
|
+
messageHex: messageHexNoPrefix,
|
|
463
|
+
userSignMessage: Array.from(userSignMessage),
|
|
464
|
+
policyReceiptId,
|
|
465
|
+
policyBindingObjectId: wallet.bindingObjectId,
|
|
466
|
+
policyObjectId: wallet.policyObjectId,
|
|
467
|
+
policyVersion: resolvedPolicyVersion,
|
|
468
|
+
ethTx: opts?.ethTx,
|
|
469
|
+
});
|
|
470
|
+
if (!req.success) {
|
|
471
|
+
throw new Error(`Failed to request sign for wallet ${walletId}`);
|
|
472
|
+
}
|
|
473
|
+
const signStatus = await this.pollSignStatus(req.requestId);
|
|
474
|
+
return {
|
|
475
|
+
requestId: req.requestId,
|
|
476
|
+
signId: signStatus.signId,
|
|
477
|
+
presignId,
|
|
478
|
+
signatureHex: ensureHexPrefix(signStatus.signatureHex),
|
|
479
|
+
};
|
|
463
480
|
};
|
|
481
|
+
try {
|
|
482
|
+
return await submitAndPoll(initialPolicyReceiptId);
|
|
483
|
+
}
|
|
484
|
+
catch (error) {
|
|
485
|
+
if (!this.isReaffirmRequiredError(error))
|
|
486
|
+
throw error;
|
|
487
|
+
await this.reaffirmBinding(wallet.walletId);
|
|
488
|
+
// Reaffirm changes active binding version; mint a fresh receipt bound to the new version.
|
|
489
|
+
const retriedPolicyReceiptId = await this.mintPolicyReceipt(wallet, policyContext);
|
|
490
|
+
return submitAndPoll(retriedPolicyReceiptId);
|
|
491
|
+
}
|
|
464
492
|
}
|
|
465
493
|
async signEvm(params) {
|
|
466
494
|
const wallet = this.requireWalletRecord(params.walletId);
|
|
@@ -711,17 +739,6 @@ export class KairoClient {
|
|
|
711
739
|
const message = err instanceof Error ? err.message : String(err);
|
|
712
740
|
return /requires confirmation/i.test(message) || /reaffirm/i.test(message);
|
|
713
741
|
}
|
|
714
|
-
async requestSignWithReaffirmRetry(wallet, payload) {
|
|
715
|
-
try {
|
|
716
|
-
return await this.backend.requestSign(payload);
|
|
717
|
-
}
|
|
718
|
-
catch (error) {
|
|
719
|
-
if (!this.isReaffirmRequiredError(error))
|
|
720
|
-
throw error;
|
|
721
|
-
await this.reaffirmBinding(wallet.walletId);
|
|
722
|
-
return this.backend.requestSign(payload);
|
|
723
|
-
}
|
|
724
|
-
}
|
|
725
742
|
async computeUserSignMessageWithExtensionFallback(wallet, protocolParams, presignBytes, messageBytes) {
|
|
726
743
|
try {
|
|
727
744
|
return await createUserSignMessageWithPublicOutput(protocolParams, new Uint8Array(wallet.userPublicOutput), new Uint8Array(wallet.userSecretKeyShare), presignBytes, messageBytes, Hash.KECCAK256, SignatureAlgorithm.ECDSASecp256k1, Curve.SECP256K1);
|