@newton-xyz/policy-pack-blockaid 1.0.0 → 2.0.1

package/dist/index.cjs

@@ -37,12 +37,14 @@ module.exports = __toCommonJS(index_exports);
 // src/deployments.ts
 var deployments = {
   "11155111": {
-    policy: "0x389ADa033D00dA6b59d9aF6aBe2b2DBcDD0DDBb3",
-    policyData: "0xFEA8a5bC90c01ca26C9b49B9288774eBbd4b06a6",
-    wasmCid: "bafybeief35ucfgdhqek62hsrvc2ndms3qrbguuntbxs2hg4ialgu5ly7va",
-    policyCodeHash: "0xc40c81729d42f6c642532f354aeddcb7ca950905c3a213d0449f7cf5063bc273",
-    deployedAt: "2026-06-12",
-    notes: "round 2: tightened blockaid/guardrail/webacy allow rules; source-of-truth dist sync"
+    stagef: {
+      policy: "0xcBC09be770c0b220ABC5D95A49f81964B8E2da43",
+      policyData: "0x2305EC115a0E34D3772D68912bBD85eB6C3c550d",
+      wasmCid: "bafybeia2ci3xamxzjontcqv22zlv3cv7lk5nrwnlgcf5oriwhsw5pc6vni",
+      policyCodeHash: "0xb95ee22e1aeda1008947322959dcd2b42dddeea426a63e3a28c4530f5f02eea6",
+      deployedAt: "2026-06-14",
+      notes: "Phase 0 Stream D \u2014 composite namespacing redeploy"
+    }
   }
 };
 

package/dist/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts","../src/deployments.ts","../src/metadata.ts","../src/params.ts","../src/prepare-query.ts","../src/secrets.ts","../src/wasm-args.ts","../src/pack.ts"],"sourcesContent":["// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n\nexport * from \"./deployments\";\nexport * from \"./metadata\";\nexport * from \"./pack\";\nexport * from \"./params\";\nexport * from \"./secrets\";\nexport * from \"./wasm-args\";\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nimport type { ChainId, Deployment } from \"@newton-xyz/policy-pack-shared\";\n\nexport const deployments = {\n\t\"11155111\": {\n\t\tpolicy: \"0x389ADa033D00dA6b59d9aF6aBe2b2DBcDD0DDBb3\",\n\t\tpolicyData: \"0xFEA8a5bC90c01ca26C9b49B9288774eBbd4b06a6\",\n\t\twasmCid: \"bafybeief35ucfgdhqek62hsrvc2ndms3qrbguuntbxs2hg4ialgu5ly7va\",\n\t\tpolicyCodeHash: \"0xc40c81729d42f6c642532f354aeddcb7ca950905c3a213d0449f7cf5063bc273\",\n\t\tdeployedAt: \"2026-06-12\",\n\t\tnotes: \"round 2: tightened blockaid/guardrail/webacy allow rules; source-of-truth dist sync\",\n\t},\n} as const satisfies Readonly<Partial<Record<ChainId, Deployment>>>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nexport const PACK_NAME = \"blockaid\" as const;\nexport const PACK_VERSION = \"0.0.1\" as const;\nexport const PACK_DESCRIPTION =\n\t\"Gates vault deposits at transaction-submission time using Blockaid's EVM transaction scan (validation + simulation) to catch malicious calldata, frontend-redirect attacks, and value-skim simulations\" as const;\nexport const PACK_LINK = \"https://www.blockaid.io\" as const;\nexport const PACK_AUTHOR = \"\" as const;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/params_schema.json\nimport { z } from \"zod\";\n\nexport const ParamsSchema = z\n\t.object({\n\t\tdeny_features: z\n\t\t\t.array(z.string())\n\t\t\t.describe(\n\t\t\t\t\"Blockaid feature ids that, if present on a Warning-classified transaction, deny the deposit (e.g. ['unbounded_approval','honeypot','phishing'])\",\n\t\t\t),\n\t\tmax_outbound_inbound_ratio: z\n\t\t\t.number()\n\t\t\t.describe(\n\t\t\t\t\"Maximum allowed simulated outbound-to-inbound USD value ratio. Above this, the transaction is treated as a value-skim and denied.\",\n\t\t\t),\n\t\trequire_received_shares: z\n\t\t\t.boolean()\n\t\t\t.describe(\n\t\t\t\t\"Deny if the simulated state-diff shows the depositor receives no inbound asset (vault shares). Catches contracts that take funds without minting receipts.\",\n\t\t\t),\n\t})\n\t.describe(\"Thresholds for the Blockaid transaction-time exploit gate\")\n\t.strict();\n\nexport type Params = z.infer<typeof ParamsSchema>;\n","import type { PrepareQueryArgs, PrepareQueryResult } from \"@newton-xyz/policy-pack-shared\";\nimport type { WasmArgs } from \"./wasm-args\";\n\n/**\n * Blockaid maps EVM chain id → its own chain identifier slug. Keep this\n * aligned with whatever the AVS-side `policy.js` posts to Blockaid; if you\n * extend it, extend both sides together.\n */\nconst CHAIN_BY_ID: Readonly<Record<number, string>> = {\n\t1: \"ethereum\",\n\t8453: \"base\",\n\t42161: \"arbitrum\",\n\t10: \"optimism\",\n\t137: \"polygon\",\n\t56: \"bsc\",\n\t11155111: \"sepolia\",\n\t84532: \"base-sepolia\",\n};\n\n/**\n * Per-call inputs for Blockaid: every wasmArg (`from`, `to`, `value`, `data`)\n * mirrors the on-chain transaction the depositor is about to submit, so it\n * has to come from the SDK's intent context — `PrepareQueryArgs` (which only\n * carries `publicClient` + `vault`) doesn't have any of it. The SDK forwards\n * these via `prepareQuery`'s second `options` arg (introduced in NEWT-1499).\n *\n * `chain` is derived from `publicClient.chain.id` so curators don't have to\n * keep the Blockaid slug list in sync separately.\n */\nexport interface PrepareQueryOptions {\n\treadonly from: string;\n\treadonly to: string;\n\treadonly value?: string;\n\treadonly data?: string;\n}\n\nexport async function prepareQuery(\n\t{ publicClient }: PrepareQueryArgs,\n\toptions?: PrepareQueryOptions,\n): Promise<PrepareQueryResult<WasmArgs>> {\n\tconst chainId = publicClient.chain?.id;\n\tif (chainId === undefined) {\n\t\tthrow new Error(\n\t\t\t\"policy-pack-blockaid: publicClient.chain is undefined. Pass a chain to viem's createPublicClient.\",\n\t\t);\n\t}\n\tconst chain = CHAIN_BY_ID[chainId];\n\tif (!chain) {\n\t\tthrow new Error(\n\t\t\t`policy-pack-blockaid: chain id ${chainId} is not in the Blockaid chain map. Add it to CHAIN_BY_ID before using this pack on this chain.`,\n\t\t);\n\t}\n\tif (!options?.from || !options?.to) {\n\t\tthrow new Error(\n\t\t\t\"policy-pack-blockaid: prepareQuery requires `from` and `to` in the options bag — these mirror the on-chain transaction the depositor is about to submit.\",\n\t\t);\n\t}\n\n\treturn {\n\t\twasmArgs: {\n\t\t\tchain,\n\t\t\tfrom: options.from,\n\t\t\tto: options.to,\n\t\t\tvalue: options.value,\n\t\t\tdata: options.data,\n\t\t},\n\t};\n}\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/secrets_schema.json\nimport { z } from \"zod\";\n\nexport const SecretsSchema = z.object({ BLOCKAID_API_KEY: z.string().min(1) }).strict();\n\nexport type Secrets = z.infer<typeof SecretsSchema>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/wasm_args_schema.json\nimport { z } from \"zod\";\n\nexport const WasmArgsSchema = z\n\t.object({\n\t\tchain: z.string().describe(\"Blockaid chain identifier (e.g. 'ethereum', 'base', 'arbitrum').\"),\n\t\tfrom: z.string().describe(\"Sender / account address (0x-prefixed 20-byte address).\"),\n\t\tto: z.string().describe(\"Recipient or contract address being called (0x-prefixed).\"),\n\t\tvalue: z\n\t\t\t.string()\n\t\t\t.describe(\n\t\t\t\t\"Transaction value in wei as a 0x-prefixed hex string. Defaults to '0x0' when omitted.\",\n\t\t\t)\n\t\t\t.optional(),\n\t\tdata: z\n\t\t\t.string()\n\t\t\t.describe(\"Transaction calldata as a 0x-prefixed hex string. Defaults to '0x' when omitted.\")\n\t\t\t.optional(),\n\t})\n\t.describe(\"Inputs passed to the Blockaid policy WASM at evaluation time\");\n\nexport type WasmArgs = z.infer<typeof WasmArgsSchema>;\n","// Hand-written canonical export — survives `pnpm gen:bindings` regen.\n// The generated `index.ts` re-exports `pack.ts` when present.\nimport type { PolicyPack } from \"@newton-xyz/policy-pack-shared\";\nimport { deployments } from \"./deployments\";\nimport { PACK_AUTHOR, PACK_DESCRIPTION, PACK_LINK, PACK_NAME, PACK_VERSION } from \"./metadata\";\nimport { type Params, ParamsSchema } from \"./params\";\nimport { prepareQuery } from \"./prepare-query\";\nimport { type Secrets, SecretsSchema } from \"./secrets\";\nimport { type WasmArgs, WasmArgsSchema } from \"./wasm-args\";\n\nexport { type PrepareQueryOptions, prepareQuery } from \"./prepare-query\";\n\n/**\n * The Blockaid transaction-scan `PolicyPack`.\n *\n * Pass to `createShield(...)` from `@newton-xyz/newton-shield-sdk`. Encoding\n * for the on-chain `policyParams` blob is handled by `encodePolicyParams` /\n * `decodePolicyParams` in `@newton-xyz/policy-pack-shared` (UTF-8 JSON,\n * sorted keys) — not per-pack.\n *\n * `prepareQuery` derives the Blockaid `chain` slug from `publicClient.chain.id`\n * and reads `from`/`to`/`value`/`data` from the SDK's per-call options bag —\n * these mirror the on-chain transaction the depositor is about to submit, so\n * they can't be inferred from `PrepareQueryArgs` alone.\n */\nexport const blockaid: PolicyPack<Params, WasmArgs, Secrets> = {\n\tid: `${PACK_NAME}/transaction-scan/v1`,\n\tparamsSchema: ParamsSchema,\n\twasmArgsSchema: WasmArgsSchema,\n\tsecretsSchema: SecretsSchema,\n\tprepareQuery,\n\tdeployments,\n\tmetadata: {\n\t\tname: PACK_NAME,\n\t\tversion: PACK_VERSION,\n\t\tdescription: PACK_DESCRIPTION,\n\t\tauthor: PACK_AUTHOR || undefined,\n\t\tlink: PACK_LINK || undefined,\n\t},\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIO,IAAM,cAAc;AAAA,EAC1B,YAAY;AAAA,IACX,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,gBAAgB;AAAA,IAChB,YAAY;AAAA,IACZ,OAAO;AAAA,EACR;AACD;;;ACXO,IAAM,YAAY;AAClB,IAAM,eAAe;AACrB,IAAM,mBACZ;AACM,IAAM,YAAY;AAClB,IAAM,cAAc;;;ACJ3B,iBAAkB;AAEX,IAAM,eAAe,aAC1B,OAAO;AAAA,EACP,eAAe,aACb,MAAM,aAAE,OAAO,CAAC,EAChB;AAAA,IACA;AAAA,EACD;AAAA,EACD,4BAA4B,aAC1B,OAAO,EACP;AAAA,IACA;AAAA,EACD;AAAA,EACD,yBAAyB,aACvB,QAAQ,EACR;AAAA,IACA;AAAA,EACD;AACF,CAAC,EACA,SAAS,2DAA2D,EACpE,OAAO;;;AChBT,IAAM,cAAgD;AAAA,EACrD,GAAG;AAAA,EACH,MAAM;AAAA,EACN,OAAO;AAAA,EACP,IAAI;AAAA,EACJ,KAAK;AAAA,EACL,IAAI;AAAA,EACJ,UAAU;AAAA,EACV,OAAO;AACR;AAmBA,eAAsB,aACrB,EAAE,aAAa,GACf,SACwC;AACxC,QAAM,UAAU,aAAa,OAAO;AACpC,MAAI,YAAY,QAAW;AAC1B,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AACA,QAAM,QAAQ,YAAY,OAAO;AACjC,MAAI,CAAC,OAAO;AACX,UAAM,IAAI;AAAA,MACT,kCAAkC,OAAO;AAAA,IAC1C;AAAA,EACD;AACA,MAAI,CAAC,SAAS,QAAQ,CAAC,SAAS,IAAI;AACnC,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AAEA,SAAO;AAAA,IACN,UAAU;AAAA,MACT;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,IAAI,QAAQ;AAAA,MACZ,OAAO,QAAQ;AAAA,MACf,MAAM,QAAQ;AAAA,IACf;AAAA,EACD;AACD;;;AChEA,IAAAA,cAAkB;AAEX,IAAM,gBAAgB,cAAE,OAAO,EAAE,kBAAkB,cAAE,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC,EAAE,OAAO;;;ACFtF,IAAAC,cAAkB;AAEX,IAAM,iBAAiB,cAC5B,OAAO;AAAA,EACP,OAAO,cAAE,OAAO,EAAE,SAAS,kEAAkE;AAAA,EAC7F,MAAM,cAAE,OAAO,EAAE,SAAS,yDAAyD;AAAA,EACnF,IAAI,cAAE,OAAO,EAAE,SAAS,2DAA2D;AAAA,EACnF,OAAO,cACL,OAAO,EACP;AAAA,IACA;AAAA,EACD,EACC,SAAS;AAAA,EACX,MAAM,cACJ,OAAO,EACP,SAAS,kFAAkF,EAC3F,SAAS;AACZ,CAAC,EACA,SAAS,8DAA8D;;;ACIlE,IAAM,WAAkD;AAAA,EAC9D,IAAI,GAAG,SAAS;AAAA,EAChB,cAAc;AAAA,EACd,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf;AAAA,EACA;AAAA,EACA,UAAU;AAAA,IACT,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa;AAAA,IACb,QAAQ,eAAe;AAAA,IACvB,MAAM,aAAa;AAAA,EACpB;AACD;","names":["import_zod","import_zod"]}
+{"version":3,"sources":["../src/index.ts","../src/deployments.ts","../src/metadata.ts","../src/params.ts","../src/prepare-query.ts","../src/secrets.ts","../src/wasm-args.ts","../src/pack.ts"],"sourcesContent":["// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n\nexport * from \"./deployments\";\nexport * from \"./metadata\";\nexport * from \"./pack\";\nexport * from \"./params\";\nexport * from \"./secrets\";\nexport * from \"./wasm-args\";\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nimport type { ChainId, Deployment, GatewayEnv } from \"@newton-xyz/policy-pack-shared\";\n\nexport const deployments = {\n\t\"11155111\": {\n\t\tstagef: {\n\t\t\tpolicy: \"0xcBC09be770c0b220ABC5D95A49f81964B8E2da43\",\n\t\t\tpolicyData: \"0x2305EC115a0E34D3772D68912bBD85eB6C3c550d\",\n\t\t\twasmCid: \"bafybeia2ci3xamxzjontcqv22zlv3cv7lk5nrwnlgcf5oriwhsw5pc6vni\",\n\t\t\tpolicyCodeHash: \"0xb95ee22e1aeda1008947322959dcd2b42dddeea426a63e3a28c4530f5f02eea6\",\n\t\t\tdeployedAt: \"2026-06-14\",\n\t\t\tnotes: \"Phase 0 Stream D — composite namespacing redeploy\",\n\t\t},\n\t},\n} as const satisfies Readonly<\n\tPartial<Record<ChainId, Readonly<Partial<Record<GatewayEnv, Deployment>>>>>\n>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nexport const PACK_NAME = \"blockaid\" as const;\nexport const PACK_VERSION = \"0.0.1\" as const;\nexport const PACK_DESCRIPTION =\n\t\"Gates vault deposits at transaction-submission time using Blockaid's EVM transaction scan (validation + simulation) to catch malicious calldata, frontend-redirect attacks, and value-skim simulations\" as const;\nexport const PACK_LINK = \"https://www.blockaid.io\" as const;\nexport const PACK_AUTHOR = \"\" as const;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/params_schema.json\nimport { z } from \"zod\";\n\nexport const ParamsSchema = z\n\t.object({\n\t\tdeny_features: z\n\t\t\t.array(z.string())\n\t\t\t.describe(\n\t\t\t\t\"Blockaid feature ids that, if present on a Warning-classified transaction, deny the deposit (e.g. ['unbounded_approval','honeypot','phishing'])\",\n\t\t\t),\n\t\tmax_outbound_inbound_ratio: z\n\t\t\t.number()\n\t\t\t.describe(\n\t\t\t\t\"Maximum allowed simulated outbound-to-inbound USD value ratio. Above this, the transaction is treated as a value-skim and denied.\",\n\t\t\t),\n\t\trequire_received_shares: z\n\t\t\t.boolean()\n\t\t\t.describe(\n\t\t\t\t\"Deny if the simulated state-diff shows the depositor receives no inbound asset (vault shares). Catches contracts that take funds without minting receipts.\",\n\t\t\t),\n\t})\n\t.describe(\"Thresholds for the Blockaid transaction-time exploit gate\")\n\t.strict();\n\nexport type Params = z.infer<typeof ParamsSchema>;\n","import type { PrepareQueryArgs, PrepareQueryResult } from \"@newton-xyz/policy-pack-shared\";\nimport type { WasmArgs } from \"./wasm-args\";\n\n/**\n * Blockaid maps EVM chain id → its own chain identifier slug. Keep this\n * aligned with whatever the AVS-side `policy.js` posts to Blockaid; if you\n * extend it, extend both sides together.\n */\nconst CHAIN_BY_ID: Readonly<Record<number, string>> = {\n\t1: \"ethereum\",\n\t8453: \"base\",\n\t42161: \"arbitrum\",\n\t10: \"optimism\",\n\t137: \"polygon\",\n\t56: \"bsc\",\n\t11155111: \"sepolia\",\n\t84532: \"base-sepolia\",\n};\n\n/**\n * Per-call inputs for Blockaid: every wasmArg (`from`, `to`, `value`, `data`)\n * mirrors the on-chain transaction the depositor is about to submit, so it\n * has to come from the SDK's intent context — `PrepareQueryArgs` (which only\n * carries `publicClient` + `vault`) doesn't have any of it. The SDK forwards\n * these via `prepareQuery`'s second `options` arg (introduced in NEWT-1499).\n *\n * `chain` is derived from `publicClient.chain.id` so curators don't have to\n * keep the Blockaid slug list in sync separately.\n */\nexport interface PrepareQueryOptions {\n\treadonly from: string;\n\treadonly to: string;\n\treadonly value?: string;\n\treadonly data?: string;\n}\n\nexport async function prepareQuery(\n\t{ publicClient }: PrepareQueryArgs,\n\toptions?: PrepareQueryOptions,\n): Promise<PrepareQueryResult<WasmArgs>> {\n\tconst chainId = publicClient.chain?.id;\n\tif (chainId === undefined) {\n\t\tthrow new Error(\n\t\t\t\"policy-pack-blockaid: publicClient.chain is undefined. Pass a chain to viem's createPublicClient.\",\n\t\t);\n\t}\n\tconst chain = CHAIN_BY_ID[chainId];\n\tif (!chain) {\n\t\tthrow new Error(\n\t\t\t`policy-pack-blockaid: chain id ${chainId} is not in the Blockaid chain map. Add it to CHAIN_BY_ID before using this pack on this chain.`,\n\t\t);\n\t}\n\tif (!options?.from || !options?.to) {\n\t\tthrow new Error(\n\t\t\t\"policy-pack-blockaid: prepareQuery requires `from` and `to` in the options bag — these mirror the on-chain transaction the depositor is about to submit.\",\n\t\t);\n\t}\n\n\treturn {\n\t\twasmArgs: {\n\t\t\tchain,\n\t\t\tfrom: options.from,\n\t\t\tto: options.to,\n\t\t\tvalue: options.value,\n\t\t\tdata: options.data,\n\t\t},\n\t};\n}\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/secrets_schema.json\nimport { z } from \"zod\";\n\nexport const SecretsSchema = z.object({ BLOCKAID_API_KEY: z.string().min(1) }).strict();\n\nexport type Secrets = z.infer<typeof SecretsSchema>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/wasm_args_schema.json\nimport { z } from \"zod\";\n\nexport const WasmArgsSchema = z\n\t.object({\n\t\tchain: z.string().describe(\"Blockaid chain identifier (e.g. 'ethereum', 'base', 'arbitrum').\"),\n\t\tfrom: z.string().describe(\"Sender / account address (0x-prefixed 20-byte address).\"),\n\t\tto: z.string().describe(\"Recipient or contract address being called (0x-prefixed).\"),\n\t\tvalue: z\n\t\t\t.string()\n\t\t\t.describe(\n\t\t\t\t\"Transaction value in wei as a 0x-prefixed hex string. Defaults to '0x0' when omitted.\",\n\t\t\t)\n\t\t\t.optional(),\n\t\tdata: z\n\t\t\t.string()\n\t\t\t.describe(\"Transaction calldata as a 0x-prefixed hex string. Defaults to '0x' when omitted.\")\n\t\t\t.optional(),\n\t})\n\t.describe(\"Inputs passed to the Blockaid policy WASM at evaluation time\");\n\nexport type WasmArgs = z.infer<typeof WasmArgsSchema>;\n","// Hand-written canonical export — survives `pnpm gen:bindings` regen.\n// The generated `index.ts` re-exports `pack.ts` when present.\nimport type { PolicyPack } from \"@newton-xyz/policy-pack-shared\";\nimport { deployments } from \"./deployments\";\nimport { PACK_AUTHOR, PACK_DESCRIPTION, PACK_LINK, PACK_NAME, PACK_VERSION } from \"./metadata\";\nimport { type Params, ParamsSchema } from \"./params\";\nimport { prepareQuery } from \"./prepare-query\";\nimport { type Secrets, SecretsSchema } from \"./secrets\";\nimport { type WasmArgs, WasmArgsSchema } from \"./wasm-args\";\n\nexport { type PrepareQueryOptions, prepareQuery } from \"./prepare-query\";\n\n/**\n * The Blockaid transaction-scan `PolicyPack`.\n *\n * Pass to `createShield(...)` from `@newton-xyz/newton-shield-sdk`. Encoding\n * for the on-chain `policyParams` blob is handled by `encodePolicyParams` /\n * `decodePolicyParams` in `@newton-xyz/policy-pack-shared` (UTF-8 JSON,\n * sorted keys) — not per-pack.\n *\n * `prepareQuery` derives the Blockaid `chain` slug from `publicClient.chain.id`\n * and reads `from`/`to`/`value`/`data` from the SDK's per-call options bag —\n * these mirror the on-chain transaction the depositor is about to submit, so\n * they can't be inferred from `PrepareQueryArgs` alone.\n */\nexport const blockaid: PolicyPack<Params, WasmArgs, Secrets> = {\n\tid: `${PACK_NAME}/transaction-scan/v1`,\n\tparamsSchema: ParamsSchema,\n\twasmArgsSchema: WasmArgsSchema,\n\tsecretsSchema: SecretsSchema,\n\tprepareQuery,\n\tdeployments,\n\tmetadata: {\n\t\tname: PACK_NAME,\n\t\tversion: PACK_VERSION,\n\t\tdescription: PACK_DESCRIPTION,\n\t\tauthor: PACK_AUTHOR || undefined,\n\t\tlink: PACK_LINK || undefined,\n\t},\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIO,IAAM,cAAc;AAAA,EAC1B,YAAY;AAAA,IACX,QAAQ;AAAA,MACP,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,SAAS;AAAA,MACT,gBAAgB;AAAA,MAChB,YAAY;AAAA,MACZ,OAAO;AAAA,IACR;AAAA,EACD;AACD;;;ACbO,IAAM,YAAY;AAClB,IAAM,eAAe;AACrB,IAAM,mBACZ;AACM,IAAM,YAAY;AAClB,IAAM,cAAc;;;ACJ3B,iBAAkB;AAEX,IAAM,eAAe,aAC1B,OAAO;AAAA,EACP,eAAe,aACb,MAAM,aAAE,OAAO,CAAC,EAChB;AAAA,IACA;AAAA,EACD;AAAA,EACD,4BAA4B,aAC1B,OAAO,EACP;AAAA,IACA;AAAA,EACD;AAAA,EACD,yBAAyB,aACvB,QAAQ,EACR;AAAA,IACA;AAAA,EACD;AACF,CAAC,EACA,SAAS,2DAA2D,EACpE,OAAO;;;AChBT,IAAM,cAAgD;AAAA,EACrD,GAAG;AAAA,EACH,MAAM;AAAA,EACN,OAAO;AAAA,EACP,IAAI;AAAA,EACJ,KAAK;AAAA,EACL,IAAI;AAAA,EACJ,UAAU;AAAA,EACV,OAAO;AACR;AAmBA,eAAsB,aACrB,EAAE,aAAa,GACf,SACwC;AACxC,QAAM,UAAU,aAAa,OAAO;AACpC,MAAI,YAAY,QAAW;AAC1B,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AACA,QAAM,QAAQ,YAAY,OAAO;AACjC,MAAI,CAAC,OAAO;AACX,UAAM,IAAI;AAAA,MACT,kCAAkC,OAAO;AAAA,IAC1C;AAAA,EACD;AACA,MAAI,CAAC,SAAS,QAAQ,CAAC,SAAS,IAAI;AACnC,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AAEA,SAAO;AAAA,IACN,UAAU;AAAA,MACT;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,IAAI,QAAQ;AAAA,MACZ,OAAO,QAAQ;AAAA,MACf,MAAM,QAAQ;AAAA,IACf;AAAA,EACD;AACD;;;AChEA,IAAAA,cAAkB;AAEX,IAAM,gBAAgB,cAAE,OAAO,EAAE,kBAAkB,cAAE,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC,EAAE,OAAO;;;ACFtF,IAAAC,cAAkB;AAEX,IAAM,iBAAiB,cAC5B,OAAO;AAAA,EACP,OAAO,cAAE,OAAO,EAAE,SAAS,kEAAkE;AAAA,EAC7F,MAAM,cAAE,OAAO,EAAE,SAAS,yDAAyD;AAAA,EACnF,IAAI,cAAE,OAAO,EAAE,SAAS,2DAA2D;AAAA,EACnF,OAAO,cACL,OAAO,EACP;AAAA,IACA;AAAA,EACD,EACC,SAAS;AAAA,EACX,MAAM,cACJ,OAAO,EACP,SAAS,kFAAkF,EAC3F,SAAS;AACZ,CAAC,EACA,SAAS,8DAA8D;;;ACIlE,IAAM,WAAkD;AAAA,EAC9D,IAAI,GAAG,SAAS;AAAA,EAChB,cAAc;AAAA,EACd,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf;AAAA,EACA;AAAA,EACA,UAAU;AAAA,IACT,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa;AAAA,IACb,QAAQ,eAAe;AAAA,IACvB,MAAM,aAAa;AAAA,EACpB;AACD;","names":["import_zod","import_zod"]}

package/dist/index.d.cts

@@ -3,12 +3,14 @@ import { z } from 'zod';
 
 declare const deployments: {
     readonly "11155111": {
-        readonly policy: "0x389ADa033D00dA6b59d9aF6aBe2b2DBcDD0DDBb3";
-        readonly policyData: "0xFEA8a5bC90c01ca26C9b49B9288774eBbd4b06a6";
-        readonly wasmCid: "bafybeief35ucfgdhqek62hsrvc2ndms3qrbguuntbxs2hg4ialgu5ly7va";
-        readonly policyCodeHash: "0xc40c81729d42f6c642532f354aeddcb7ca950905c3a213d0449f7cf5063bc273";
-        readonly deployedAt: "2026-06-12";
-        readonly notes: "round 2: tightened blockaid/guardrail/webacy allow rules; source-of-truth dist sync";
+        readonly stagef: {
+            readonly policy: "0xcBC09be770c0b220ABC5D95A49f81964B8E2da43";
+            readonly policyData: "0x2305EC115a0E34D3772D68912bBD85eB6C3c550d";
+            readonly wasmCid: "bafybeia2ci3xamxzjontcqv22zlv3cv7lk5nrwnlgcf5oriwhsw5pc6vni";
+            readonly policyCodeHash: "0xb95ee22e1aeda1008947322959dcd2b42dddeea426a63e3a28c4530f5f02eea6";
+            readonly deployedAt: "2026-06-14";
+            readonly notes: "Phase 0 Stream D — composite namespacing redeploy";
+        };
     };
 };
 

package/dist/index.d.ts

@@ -3,12 +3,14 @@ import { z } from 'zod';
 
 declare const deployments: {
     readonly "11155111": {
-        readonly policy: "0x389ADa033D00dA6b59d9aF6aBe2b2DBcDD0DDBb3";
-        readonly policyData: "0xFEA8a5bC90c01ca26C9b49B9288774eBbd4b06a6";
-        readonly wasmCid: "bafybeief35ucfgdhqek62hsrvc2ndms3qrbguuntbxs2hg4ialgu5ly7va";
-        readonly policyCodeHash: "0xc40c81729d42f6c642532f354aeddcb7ca950905c3a213d0449f7cf5063bc273";
-        readonly deployedAt: "2026-06-12";
-        readonly notes: "round 2: tightened blockaid/guardrail/webacy allow rules; source-of-truth dist sync";
+        readonly stagef: {
+            readonly policy: "0xcBC09be770c0b220ABC5D95A49f81964B8E2da43";
+            readonly policyData: "0x2305EC115a0E34D3772D68912bBD85eB6C3c550d";
+            readonly wasmCid: "bafybeia2ci3xamxzjontcqv22zlv3cv7lk5nrwnlgcf5oriwhsw5pc6vni";
+            readonly policyCodeHash: "0xb95ee22e1aeda1008947322959dcd2b42dddeea426a63e3a28c4530f5f02eea6";
+            readonly deployedAt: "2026-06-14";
+            readonly notes: "Phase 0 Stream D — composite namespacing redeploy";
+        };
     };
 };
 

package/dist/index.js

@@ -1,12 +1,14 @@
 // src/deployments.ts
 var deployments = {
   "11155111": {
-    policy: "0x389ADa033D00dA6b59d9aF6aBe2b2DBcDD0DDBb3",
-    policyData: "0xFEA8a5bC90c01ca26C9b49B9288774eBbd4b06a6",
-    wasmCid: "bafybeief35ucfgdhqek62hsrvc2ndms3qrbguuntbxs2hg4ialgu5ly7va",
-    policyCodeHash: "0xc40c81729d42f6c642532f354aeddcb7ca950905c3a213d0449f7cf5063bc273",
-    deployedAt: "2026-06-12",
-    notes: "round 2: tightened blockaid/guardrail/webacy allow rules; source-of-truth dist sync"
+    stagef: {
+      policy: "0xcBC09be770c0b220ABC5D95A49f81964B8E2da43",
+      policyData: "0x2305EC115a0E34D3772D68912bBD85eB6C3c550d",
+      wasmCid: "bafybeia2ci3xamxzjontcqv22zlv3cv7lk5nrwnlgcf5oriwhsw5pc6vni",
+      policyCodeHash: "0xb95ee22e1aeda1008947322959dcd2b42dddeea426a63e3a28c4530f5f02eea6",
+      deployedAt: "2026-06-14",
+      notes: "Phase 0 Stream D \u2014 composite namespacing redeploy"
+    }
   }
 };
 

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/deployments.ts","../src/metadata.ts","../src/params.ts","../src/prepare-query.ts","../src/secrets.ts","../src/wasm-args.ts","../src/pack.ts"],"sourcesContent":["// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nimport type { ChainId, Deployment } from \"@newton-xyz/policy-pack-shared\";\n\nexport const deployments = {\n\t\"11155111\": {\n\t\tpolicy: \"0x389ADa033D00dA6b59d9aF6aBe2b2DBcDD0DDBb3\",\n\t\tpolicyData: \"0xFEA8a5bC90c01ca26C9b49B9288774eBbd4b06a6\",\n\t\twasmCid: \"bafybeief35ucfgdhqek62hsrvc2ndms3qrbguuntbxs2hg4ialgu5ly7va\",\n\t\tpolicyCodeHash: \"0xc40c81729d42f6c642532f354aeddcb7ca950905c3a213d0449f7cf5063bc273\",\n\t\tdeployedAt: \"2026-06-12\",\n\t\tnotes: \"round 2: tightened blockaid/guardrail/webacy allow rules; source-of-truth dist sync\",\n\t},\n} as const satisfies Readonly<Partial<Record<ChainId, Deployment>>>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nexport const PACK_NAME = \"blockaid\" as const;\nexport const PACK_VERSION = \"0.0.1\" as const;\nexport const PACK_DESCRIPTION =\n\t\"Gates vault deposits at transaction-submission time using Blockaid's EVM transaction scan (validation + simulation) to catch malicious calldata, frontend-redirect attacks, and value-skim simulations\" as const;\nexport const PACK_LINK = \"https://www.blockaid.io\" as const;\nexport const PACK_AUTHOR = \"\" as const;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/params_schema.json\nimport { z } from \"zod\";\n\nexport const ParamsSchema = z\n\t.object({\n\t\tdeny_features: z\n\t\t\t.array(z.string())\n\t\t\t.describe(\n\t\t\t\t\"Blockaid feature ids that, if present on a Warning-classified transaction, deny the deposit (e.g. ['unbounded_approval','honeypot','phishing'])\",\n\t\t\t),\n\t\tmax_outbound_inbound_ratio: z\n\t\t\t.number()\n\t\t\t.describe(\n\t\t\t\t\"Maximum allowed simulated outbound-to-inbound USD value ratio. Above this, the transaction is treated as a value-skim and denied.\",\n\t\t\t),\n\t\trequire_received_shares: z\n\t\t\t.boolean()\n\t\t\t.describe(\n\t\t\t\t\"Deny if the simulated state-diff shows the depositor receives no inbound asset (vault shares). Catches contracts that take funds without minting receipts.\",\n\t\t\t),\n\t})\n\t.describe(\"Thresholds for the Blockaid transaction-time exploit gate\")\n\t.strict();\n\nexport type Params = z.infer<typeof ParamsSchema>;\n","import type { PrepareQueryArgs, PrepareQueryResult } from \"@newton-xyz/policy-pack-shared\";\nimport type { WasmArgs } from \"./wasm-args\";\n\n/**\n * Blockaid maps EVM chain id → its own chain identifier slug. Keep this\n * aligned with whatever the AVS-side `policy.js` posts to Blockaid; if you\n * extend it, extend both sides together.\n */\nconst CHAIN_BY_ID: Readonly<Record<number, string>> = {\n\t1: \"ethereum\",\n\t8453: \"base\",\n\t42161: \"arbitrum\",\n\t10: \"optimism\",\n\t137: \"polygon\",\n\t56: \"bsc\",\n\t11155111: \"sepolia\",\n\t84532: \"base-sepolia\",\n};\n\n/**\n * Per-call inputs for Blockaid: every wasmArg (`from`, `to`, `value`, `data`)\n * mirrors the on-chain transaction the depositor is about to submit, so it\n * has to come from the SDK's intent context — `PrepareQueryArgs` (which only\n * carries `publicClient` + `vault`) doesn't have any of it. The SDK forwards\n * these via `prepareQuery`'s second `options` arg (introduced in NEWT-1499).\n *\n * `chain` is derived from `publicClient.chain.id` so curators don't have to\n * keep the Blockaid slug list in sync separately.\n */\nexport interface PrepareQueryOptions {\n\treadonly from: string;\n\treadonly to: string;\n\treadonly value?: string;\n\treadonly data?: string;\n}\n\nexport async function prepareQuery(\n\t{ publicClient }: PrepareQueryArgs,\n\toptions?: PrepareQueryOptions,\n): Promise<PrepareQueryResult<WasmArgs>> {\n\tconst chainId = publicClient.chain?.id;\n\tif (chainId === undefined) {\n\t\tthrow new Error(\n\t\t\t\"policy-pack-blockaid: publicClient.chain is undefined. Pass a chain to viem's createPublicClient.\",\n\t\t);\n\t}\n\tconst chain = CHAIN_BY_ID[chainId];\n\tif (!chain) {\n\t\tthrow new Error(\n\t\t\t`policy-pack-blockaid: chain id ${chainId} is not in the Blockaid chain map. Add it to CHAIN_BY_ID before using this pack on this chain.`,\n\t\t);\n\t}\n\tif (!options?.from || !options?.to) {\n\t\tthrow new Error(\n\t\t\t\"policy-pack-blockaid: prepareQuery requires `from` and `to` in the options bag — these mirror the on-chain transaction the depositor is about to submit.\",\n\t\t);\n\t}\n\n\treturn {\n\t\twasmArgs: {\n\t\t\tchain,\n\t\t\tfrom: options.from,\n\t\t\tto: options.to,\n\t\t\tvalue: options.value,\n\t\t\tdata: options.data,\n\t\t},\n\t};\n}\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/secrets_schema.json\nimport { z } from \"zod\";\n\nexport const SecretsSchema = z.object({ BLOCKAID_API_KEY: z.string().min(1) }).strict();\n\nexport type Secrets = z.infer<typeof SecretsSchema>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/wasm_args_schema.json\nimport { z } from \"zod\";\n\nexport const WasmArgsSchema = z\n\t.object({\n\t\tchain: z.string().describe(\"Blockaid chain identifier (e.g. 'ethereum', 'base', 'arbitrum').\"),\n\t\tfrom: z.string().describe(\"Sender / account address (0x-prefixed 20-byte address).\"),\n\t\tto: z.string().describe(\"Recipient or contract address being called (0x-prefixed).\"),\n\t\tvalue: z\n\t\t\t.string()\n\t\t\t.describe(\n\t\t\t\t\"Transaction value in wei as a 0x-prefixed hex string. Defaults to '0x0' when omitted.\",\n\t\t\t)\n\t\t\t.optional(),\n\t\tdata: z\n\t\t\t.string()\n\t\t\t.describe(\"Transaction calldata as a 0x-prefixed hex string. Defaults to '0x' when omitted.\")\n\t\t\t.optional(),\n\t})\n\t.describe(\"Inputs passed to the Blockaid policy WASM at evaluation time\");\n\nexport type WasmArgs = z.infer<typeof WasmArgsSchema>;\n","// Hand-written canonical export — survives `pnpm gen:bindings` regen.\n// The generated `index.ts` re-exports `pack.ts` when present.\nimport type { PolicyPack } from \"@newton-xyz/policy-pack-shared\";\nimport { deployments } from \"./deployments\";\nimport { PACK_AUTHOR, PACK_DESCRIPTION, PACK_LINK, PACK_NAME, PACK_VERSION } from \"./metadata\";\nimport { type Params, ParamsSchema } from \"./params\";\nimport { prepareQuery } from \"./prepare-query\";\nimport { type Secrets, SecretsSchema } from \"./secrets\";\nimport { type WasmArgs, WasmArgsSchema } from \"./wasm-args\";\n\nexport { type PrepareQueryOptions, prepareQuery } from \"./prepare-query\";\n\n/**\n * The Blockaid transaction-scan `PolicyPack`.\n *\n * Pass to `createShield(...)` from `@newton-xyz/newton-shield-sdk`. Encoding\n * for the on-chain `policyParams` blob is handled by `encodePolicyParams` /\n * `decodePolicyParams` in `@newton-xyz/policy-pack-shared` (UTF-8 JSON,\n * sorted keys) — not per-pack.\n *\n * `prepareQuery` derives the Blockaid `chain` slug from `publicClient.chain.id`\n * and reads `from`/`to`/`value`/`data` from the SDK's per-call options bag —\n * these mirror the on-chain transaction the depositor is about to submit, so\n * they can't be inferred from `PrepareQueryArgs` alone.\n */\nexport const blockaid: PolicyPack<Params, WasmArgs, Secrets> = {\n\tid: `${PACK_NAME}/transaction-scan/v1`,\n\tparamsSchema: ParamsSchema,\n\twasmArgsSchema: WasmArgsSchema,\n\tsecretsSchema: SecretsSchema,\n\tprepareQuery,\n\tdeployments,\n\tmetadata: {\n\t\tname: PACK_NAME,\n\t\tversion: PACK_VERSION,\n\t\tdescription: PACK_DESCRIPTION,\n\t\tauthor: PACK_AUTHOR || undefined,\n\t\tlink: PACK_LINK || undefined,\n\t},\n};\n"],"mappings":";AAIO,IAAM,cAAc;AAAA,EAC1B,YAAY;AAAA,IACX,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,gBAAgB;AAAA,IAChB,YAAY;AAAA,IACZ,OAAO;AAAA,EACR;AACD;;;ACXO,IAAM,YAAY;AAClB,IAAM,eAAe;AACrB,IAAM,mBACZ;AACM,IAAM,YAAY;AAClB,IAAM,cAAc;;;ACJ3B,SAAS,SAAS;AAEX,IAAM,eAAe,EAC1B,OAAO;AAAA,EACP,eAAe,EACb,MAAM,EAAE,OAAO,CAAC,EAChB;AAAA,IACA;AAAA,EACD;AAAA,EACD,4BAA4B,EAC1B,OAAO,EACP;AAAA,IACA;AAAA,EACD;AAAA,EACD,yBAAyB,EACvB,QAAQ,EACR;AAAA,IACA;AAAA,EACD;AACF,CAAC,EACA,SAAS,2DAA2D,EACpE,OAAO;;;AChBT,IAAM,cAAgD;AAAA,EACrD,GAAG;AAAA,EACH,MAAM;AAAA,EACN,OAAO;AAAA,EACP,IAAI;AAAA,EACJ,KAAK;AAAA,EACL,IAAI;AAAA,EACJ,UAAU;AAAA,EACV,OAAO;AACR;AAmBA,eAAsB,aACrB,EAAE,aAAa,GACf,SACwC;AACxC,QAAM,UAAU,aAAa,OAAO;AACpC,MAAI,YAAY,QAAW;AAC1B,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AACA,QAAM,QAAQ,YAAY,OAAO;AACjC,MAAI,CAAC,OAAO;AACX,UAAM,IAAI;AAAA,MACT,kCAAkC,OAAO;AAAA,IAC1C;AAAA,EACD;AACA,MAAI,CAAC,SAAS,QAAQ,CAAC,SAAS,IAAI;AACnC,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AAEA,SAAO;AAAA,IACN,UAAU;AAAA,MACT;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,IAAI,QAAQ;AAAA,MACZ,OAAO,QAAQ;AAAA,MACf,MAAM,QAAQ;AAAA,IACf;AAAA,EACD;AACD;;;AChEA,SAAS,KAAAA,UAAS;AAEX,IAAM,gBAAgBA,GAAE,OAAO,EAAE,kBAAkBA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC,EAAE,OAAO;;;ACFtF,SAAS,KAAAC,UAAS;AAEX,IAAM,iBAAiBA,GAC5B,OAAO;AAAA,EACP,OAAOA,GAAE,OAAO,EAAE,SAAS,kEAAkE;AAAA,EAC7F,MAAMA,GAAE,OAAO,EAAE,SAAS,yDAAyD;AAAA,EACnF,IAAIA,GAAE,OAAO,EAAE,SAAS,2DAA2D;AAAA,EACnF,OAAOA,GACL,OAAO,EACP;AAAA,IACA;AAAA,EACD,EACC,SAAS;AAAA,EACX,MAAMA,GACJ,OAAO,EACP,SAAS,kFAAkF,EAC3F,SAAS;AACZ,CAAC,EACA,SAAS,8DAA8D;;;ACIlE,IAAM,WAAkD;AAAA,EAC9D,IAAI,GAAG,SAAS;AAAA,EAChB,cAAc;AAAA,EACd,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf;AAAA,EACA;AAAA,EACA,UAAU;AAAA,IACT,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa;AAAA,IACb,QAAQ,eAAe;AAAA,IACvB,MAAM,aAAa;AAAA,EACpB;AACD;","names":["z","z"]}
+{"version":3,"sources":["../src/deployments.ts","../src/metadata.ts","../src/params.ts","../src/prepare-query.ts","../src/secrets.ts","../src/wasm-args.ts","../src/pack.ts"],"sourcesContent":["// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nimport type { ChainId, Deployment, GatewayEnv } from \"@newton-xyz/policy-pack-shared\";\n\nexport const deployments = {\n\t\"11155111\": {\n\t\tstagef: {\n\t\t\tpolicy: \"0xcBC09be770c0b220ABC5D95A49f81964B8E2da43\",\n\t\t\tpolicyData: \"0x2305EC115a0E34D3772D68912bBD85eB6C3c550d\",\n\t\t\twasmCid: \"bafybeia2ci3xamxzjontcqv22zlv3cv7lk5nrwnlgcf5oriwhsw5pc6vni\",\n\t\t\tpolicyCodeHash: \"0xb95ee22e1aeda1008947322959dcd2b42dddeea426a63e3a28c4530f5f02eea6\",\n\t\t\tdeployedAt: \"2026-06-14\",\n\t\t\tnotes: \"Phase 0 Stream D — composite namespacing redeploy\",\n\t\t},\n\t},\n} as const satisfies Readonly<\n\tPartial<Record<ChainId, Readonly<Partial<Record<GatewayEnv, Deployment>>>>>\n>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nexport const PACK_NAME = \"blockaid\" as const;\nexport const PACK_VERSION = \"0.0.1\" as const;\nexport const PACK_DESCRIPTION =\n\t\"Gates vault deposits at transaction-submission time using Blockaid's EVM transaction scan (validation + simulation) to catch malicious calldata, frontend-redirect attacks, and value-skim simulations\" as const;\nexport const PACK_LINK = \"https://www.blockaid.io\" as const;\nexport const PACK_AUTHOR = \"\" as const;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/params_schema.json\nimport { z } from \"zod\";\n\nexport const ParamsSchema = z\n\t.object({\n\t\tdeny_features: z\n\t\t\t.array(z.string())\n\t\t\t.describe(\n\t\t\t\t\"Blockaid feature ids that, if present on a Warning-classified transaction, deny the deposit (e.g. ['unbounded_approval','honeypot','phishing'])\",\n\t\t\t),\n\t\tmax_outbound_inbound_ratio: z\n\t\t\t.number()\n\t\t\t.describe(\n\t\t\t\t\"Maximum allowed simulated outbound-to-inbound USD value ratio. Above this, the transaction is treated as a value-skim and denied.\",\n\t\t\t),\n\t\trequire_received_shares: z\n\t\t\t.boolean()\n\t\t\t.describe(\n\t\t\t\t\"Deny if the simulated state-diff shows the depositor receives no inbound asset (vault shares). Catches contracts that take funds without minting receipts.\",\n\t\t\t),\n\t})\n\t.describe(\"Thresholds for the Blockaid transaction-time exploit gate\")\n\t.strict();\n\nexport type Params = z.infer<typeof ParamsSchema>;\n","import type { PrepareQueryArgs, PrepareQueryResult } from \"@newton-xyz/policy-pack-shared\";\nimport type { WasmArgs } from \"./wasm-args\";\n\n/**\n * Blockaid maps EVM chain id → its own chain identifier slug. Keep this\n * aligned with whatever the AVS-side `policy.js` posts to Blockaid; if you\n * extend it, extend both sides together.\n */\nconst CHAIN_BY_ID: Readonly<Record<number, string>> = {\n\t1: \"ethereum\",\n\t8453: \"base\",\n\t42161: \"arbitrum\",\n\t10: \"optimism\",\n\t137: \"polygon\",\n\t56: \"bsc\",\n\t11155111: \"sepolia\",\n\t84532: \"base-sepolia\",\n};\n\n/**\n * Per-call inputs for Blockaid: every wasmArg (`from`, `to`, `value`, `data`)\n * mirrors the on-chain transaction the depositor is about to submit, so it\n * has to come from the SDK's intent context — `PrepareQueryArgs` (which only\n * carries `publicClient` + `vault`) doesn't have any of it. The SDK forwards\n * these via `prepareQuery`'s second `options` arg (introduced in NEWT-1499).\n *\n * `chain` is derived from `publicClient.chain.id` so curators don't have to\n * keep the Blockaid slug list in sync separately.\n */\nexport interface PrepareQueryOptions {\n\treadonly from: string;\n\treadonly to: string;\n\treadonly value?: string;\n\treadonly data?: string;\n}\n\nexport async function prepareQuery(\n\t{ publicClient }: PrepareQueryArgs,\n\toptions?: PrepareQueryOptions,\n): Promise<PrepareQueryResult<WasmArgs>> {\n\tconst chainId = publicClient.chain?.id;\n\tif (chainId === undefined) {\n\t\tthrow new Error(\n\t\t\t\"policy-pack-blockaid: publicClient.chain is undefined. Pass a chain to viem's createPublicClient.\",\n\t\t);\n\t}\n\tconst chain = CHAIN_BY_ID[chainId];\n\tif (!chain) {\n\t\tthrow new Error(\n\t\t\t`policy-pack-blockaid: chain id ${chainId} is not in the Blockaid chain map. Add it to CHAIN_BY_ID before using this pack on this chain.`,\n\t\t);\n\t}\n\tif (!options?.from || !options?.to) {\n\t\tthrow new Error(\n\t\t\t\"policy-pack-blockaid: prepareQuery requires `from` and `to` in the options bag — these mirror the on-chain transaction the depositor is about to submit.\",\n\t\t);\n\t}\n\n\treturn {\n\t\twasmArgs: {\n\t\t\tchain,\n\t\t\tfrom: options.from,\n\t\t\tto: options.to,\n\t\t\tvalue: options.value,\n\t\t\tdata: options.data,\n\t\t},\n\t};\n}\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/secrets_schema.json\nimport { z } from \"zod\";\n\nexport const SecretsSchema = z.object({ BLOCKAID_API_KEY: z.string().min(1) }).strict();\n\nexport type Secrets = z.infer<typeof SecretsSchema>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: blockaid/wasm_args_schema.json\nimport { z } from \"zod\";\n\nexport const WasmArgsSchema = z\n\t.object({\n\t\tchain: z.string().describe(\"Blockaid chain identifier (e.g. 'ethereum', 'base', 'arbitrum').\"),\n\t\tfrom: z.string().describe(\"Sender / account address (0x-prefixed 20-byte address).\"),\n\t\tto: z.string().describe(\"Recipient or contract address being called (0x-prefixed).\"),\n\t\tvalue: z\n\t\t\t.string()\n\t\t\t.describe(\n\t\t\t\t\"Transaction value in wei as a 0x-prefixed hex string. Defaults to '0x0' when omitted.\",\n\t\t\t)\n\t\t\t.optional(),\n\t\tdata: z\n\t\t\t.string()\n\t\t\t.describe(\"Transaction calldata as a 0x-prefixed hex string. Defaults to '0x' when omitted.\")\n\t\t\t.optional(),\n\t})\n\t.describe(\"Inputs passed to the Blockaid policy WASM at evaluation time\");\n\nexport type WasmArgs = z.infer<typeof WasmArgsSchema>;\n","// Hand-written canonical export — survives `pnpm gen:bindings` regen.\n// The generated `index.ts` re-exports `pack.ts` when present.\nimport type { PolicyPack } from \"@newton-xyz/policy-pack-shared\";\nimport { deployments } from \"./deployments\";\nimport { PACK_AUTHOR, PACK_DESCRIPTION, PACK_LINK, PACK_NAME, PACK_VERSION } from \"./metadata\";\nimport { type Params, ParamsSchema } from \"./params\";\nimport { prepareQuery } from \"./prepare-query\";\nimport { type Secrets, SecretsSchema } from \"./secrets\";\nimport { type WasmArgs, WasmArgsSchema } from \"./wasm-args\";\n\nexport { type PrepareQueryOptions, prepareQuery } from \"./prepare-query\";\n\n/**\n * The Blockaid transaction-scan `PolicyPack`.\n *\n * Pass to `createShield(...)` from `@newton-xyz/newton-shield-sdk`. Encoding\n * for the on-chain `policyParams` blob is handled by `encodePolicyParams` /\n * `decodePolicyParams` in `@newton-xyz/policy-pack-shared` (UTF-8 JSON,\n * sorted keys) — not per-pack.\n *\n * `prepareQuery` derives the Blockaid `chain` slug from `publicClient.chain.id`\n * and reads `from`/`to`/`value`/`data` from the SDK's per-call options bag —\n * these mirror the on-chain transaction the depositor is about to submit, so\n * they can't be inferred from `PrepareQueryArgs` alone.\n */\nexport const blockaid: PolicyPack<Params, WasmArgs, Secrets> = {\n\tid: `${PACK_NAME}/transaction-scan/v1`,\n\tparamsSchema: ParamsSchema,\n\twasmArgsSchema: WasmArgsSchema,\n\tsecretsSchema: SecretsSchema,\n\tprepareQuery,\n\tdeployments,\n\tmetadata: {\n\t\tname: PACK_NAME,\n\t\tversion: PACK_VERSION,\n\t\tdescription: PACK_DESCRIPTION,\n\t\tauthor: PACK_AUTHOR || undefined,\n\t\tlink: PACK_LINK || undefined,\n\t},\n};\n"],"mappings":";AAIO,IAAM,cAAc;AAAA,EAC1B,YAAY;AAAA,IACX,QAAQ;AAAA,MACP,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,SAAS;AAAA,MACT,gBAAgB;AAAA,MAChB,YAAY;AAAA,MACZ,OAAO;AAAA,IACR;AAAA,EACD;AACD;;;ACbO,IAAM,YAAY;AAClB,IAAM,eAAe;AACrB,IAAM,mBACZ;AACM,IAAM,YAAY;AAClB,IAAM,cAAc;;;ACJ3B,SAAS,SAAS;AAEX,IAAM,eAAe,EAC1B,OAAO;AAAA,EACP,eAAe,EACb,MAAM,EAAE,OAAO,CAAC,EAChB;AAAA,IACA;AAAA,EACD;AAAA,EACD,4BAA4B,EAC1B,OAAO,EACP;AAAA,IACA;AAAA,EACD;AAAA,EACD,yBAAyB,EACvB,QAAQ,EACR;AAAA,IACA;AAAA,EACD;AACF,CAAC,EACA,SAAS,2DAA2D,EACpE,OAAO;;;AChBT,IAAM,cAAgD;AAAA,EACrD,GAAG;AAAA,EACH,MAAM;AAAA,EACN,OAAO;AAAA,EACP,IAAI;AAAA,EACJ,KAAK;AAAA,EACL,IAAI;AAAA,EACJ,UAAU;AAAA,EACV,OAAO;AACR;AAmBA,eAAsB,aACrB,EAAE,aAAa,GACf,SACwC;AACxC,QAAM,UAAU,aAAa,OAAO;AACpC,MAAI,YAAY,QAAW;AAC1B,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AACA,QAAM,QAAQ,YAAY,OAAO;AACjC,MAAI,CAAC,OAAO;AACX,UAAM,IAAI;AAAA,MACT,kCAAkC,OAAO;AAAA,IAC1C;AAAA,EACD;AACA,MAAI,CAAC,SAAS,QAAQ,CAAC,SAAS,IAAI;AACnC,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AAEA,SAAO;AAAA,IACN,UAAU;AAAA,MACT;AAAA,MACA,MAAM,QAAQ;AAAA,MACd,IAAI,QAAQ;AAAA,MACZ,OAAO,QAAQ;AAAA,MACf,MAAM,QAAQ;AAAA,IACf;AAAA,EACD;AACD;;;AChEA,SAAS,KAAAA,UAAS;AAEX,IAAM,gBAAgBA,GAAE,OAAO,EAAE,kBAAkBA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC,EAAE,OAAO;;;ACFtF,SAAS,KAAAC,UAAS;AAEX,IAAM,iBAAiBA,GAC5B,OAAO;AAAA,EACP,OAAOA,GAAE,OAAO,EAAE,SAAS,kEAAkE;AAAA,EAC7F,MAAMA,GAAE,OAAO,EAAE,SAAS,yDAAyD;AAAA,EACnF,IAAIA,GAAE,OAAO,EAAE,SAAS,2DAA2D;AAAA,EACnF,OAAOA,GACL,OAAO,EACP;AAAA,IACA;AAAA,EACD,EACC,SAAS;AAAA,EACX,MAAMA,GACJ,OAAO,EACP,SAAS,kFAAkF,EAC3F,SAAS;AACZ,CAAC,EACA,SAAS,8DAA8D;;;ACIlE,IAAM,WAAkD;AAAA,EAC9D,IAAI,GAAG,SAAS;AAAA,EAChB,cAAc;AAAA,EACd,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf;AAAA,EACA;AAAA,EACA,UAAU;AAAA,IACT,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa;AAAA,IACb,QAAQ,eAAe;AAAA,IACvB,MAAM,aAAa;AAAA,EACpB;AACD;","names":["z","z"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@newton-xyz/policy-pack-blockaid",
-  "version": "1.0.0",
+  "version": "2.0.1",
   "description": "Bindings-only Newton blockaid policy pack (zod schemas + deployments). No PolicyPack export yet — use with NewtonShield.guardedCall until pack.ts lands.",
   "license": "Apache-2.0",
   "author": "Newton Protocol <https://x.com/newton_xyz> (https://newton.xyz)",
@@ -41,21 +41,22 @@
     "LICENSE"
   ],
   "peerDependencies": {
-    "@newton-xyz/policy-pack-shared": "^0.2.0",
+    "@newton-xyz/policy-pack-shared": "^0.4.0",
     "viem": "^2.0.0",
     "zod": "^3.0.0"
   },
   "devDependencies": {
     "tsup": "^8.5.1",
+    "tsx": "^4.19.0",
     "typescript": "^5.5.0",
     "viem": "^2.0.0",
     "zod": "^3.23.0",
-    "@newton-xyz/policy-pack-shared": "0.2.0"
+    "@newton-xyz/policy-pack-shared": "0.4.0"
   },
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch",
     "typecheck": "tsc --noEmit",
-    "test": "echo 'no tests yet'"
+    "test": "node --import tsx --test src/*.test.ts"
   }
 }