@newton-xyz/policy-pack-vaultsfyi 0.2.0

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1.  Definitions.
+
+    "License" shall mean the terms and conditions for use, reproduction,
+    and distribution as defined by Sections 1 through 9 of this document.
+
+    "Licensor" shall mean the copyright owner or entity authorized by
+    the copyright owner that is granting the License.
+
+    "Legal Entity" shall mean the union of the acting entity and all
+    other entities that control, are controlled by, or are under common
+    control with that entity. For the purposes of this definition,
+    "control" means (i) the power, direct or indirect, to cause the
+    direction or management of such entity, whether by contract or
+    otherwise, or (ii) ownership of fifty percent (50%) or more of the
+    outstanding shares, or (iii) beneficial ownership of such entity.
+
+    "You" (or "Your") shall mean an individual or Legal Entity
+    exercising permissions granted by this License.
+
+    "Source" form shall mean the preferred form for making modifications,
+    including but not limited to software source code, documentation
+    source, and configuration files.
+
+    "Object" form shall mean any form resulting from mechanical
+    transformation or translation of a Source form, including but
+    not limited to compiled object code, generated documentation,
+    and conversions to other media types.
+
+    "Work" shall mean the work of authorship, whether in Source or
+    Object form, made available under the License, as indicated by a
+    copyright notice that is included in or attached to the work
+    (an example is provided in the Appendix below).
+
+    "Derivative Works" shall mean any work, whether in Source or Object
+    form, that is based on (or derived from) the Work and for which the
+    editorial revisions, annotations, elaborations, or other modifications
+    represent, as a whole, an original work of authorship. For the purposes
+    of this License, Derivative Works shall not include works that remain
+    separable from, or merely link (or bind by name) to the interfaces of,
+    the Work and Derivative Works thereof.
+
+    "Contribution" shall mean any work of authorship, including
+    the original version of the Work and any modifications or additions
+    to that Work or Derivative Works thereof, that is intentionally
+    submitted to Licensor for inclusion in the Work by the copyright owner
+    or by an individual or Legal Entity authorized to submit on behalf of
+    the copyright owner. For the purposes of this definition, "submitted"
+    means any form of electronic, verbal, or written communication sent
+    to the Licensor or its representatives, including but not limited to
+    communication on electronic mailing lists, source code control systems,
+    and issue tracking systems that are managed by, or on behalf of, the
+    Licensor for the purpose of discussing and improving the Work, but
+    excluding communication that is conspicuously marked or otherwise
+    designated in writing by the copyright owner as "Not a Contribution."
+
+    "Contributor" shall mean Licensor and any individual or Legal Entity
+    on behalf of whom a Contribution has been received by Licensor and
+    subsequently incorporated within the Work.
+
+2.  Grant of Copyright License. Subject to the terms and conditions of
+    this License, each Contributor hereby grants to You a perpetual,
+    worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+    copyright license to reproduce, prepare Derivative Works of,
+    publicly display, publicly perform, sublicense, and distribute the
+    Work and such Derivative Works in Source or Object form.
+
+3.  Grant of Patent License. Subject to the terms and conditions of
+    this License, each Contributor hereby grants to You a perpetual,
+    worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+    (except as stated in this section) patent license to make, have made,
+    use, offer to sell, sell, import, and otherwise transfer the Work,
+    where such license applies only to those patent claims licensable
+    by such Contributor that are necessarily infringed by their
+    Contribution(s) alone or by combination of their Contribution(s)
+    with the Work to which such Contribution(s) was submitted. If You
+    institute patent litigation against any entity (including a
+    cross-claim or counterclaim in a lawsuit) alleging that the Work
+    or a Contribution incorporated within the Work constitutes direct
+    or contributory patent infringement, then any patent licenses
+    granted to You under this License for that Work shall terminate
+    as of the date such litigation is filed.
+
+4.  Redistribution. You may reproduce and distribute copies of the
+    Work or Derivative Works thereof in any medium, with or without
+    modifications, and in Source or Object form, provided that You
+    meet the following conditions:
+
+    (a) You must give any other recipients of the Work or
+    Derivative Works a copy of this License; and
+
+    (b) You must cause any modified files to carry prominent notices
+    stating that You changed the files; and
+
+    (c) You must retain, in the Source form of any Derivative Works
+    that You distribute, all copyright, patent, trademark, and
+    attribution notices from the Source form of the Work,
+    excluding those notices that do not pertain to any part of
+    the Derivative Works; and
+
+    (d) If the Work includes a "NOTICE" text file as part of its
+    distribution, then any Derivative Works that You distribute must
+    include a readable copy of the attribution notices contained
+    within such NOTICE file, excluding those notices that do not
+    pertain to any part of the Derivative Works, in at least one
+    of the following places: within a NOTICE text file distributed
+    as part of the Derivative Works; within the Source form or
+    documentation, if provided along with the Derivative Works; or,
+    within a display generated by the Derivative Works, if and
+    wherever such third-party notices normally appear. The contents
+    of the NOTICE file are for informational purposes only and
+    do not modify the License. You may add Your own attribution
+    notices within Derivative Works that You distribute, alongside
+    or as an addendum to the NOTICE text from the Work, provided
+    that such additional attribution notices cannot be construed
+    as modifying the License.
+
+    You may add Your own copyright statement to Your modifications and
+    may provide additional or different license terms and conditions
+    for use, reproduction, or distribution of Your modifications, or
+    for any such Derivative Works as a whole, provided Your use,
+    reproduction, and distribution of the Work otherwise complies with
+    the conditions stated in this License.
+
+5.  Submission of Contributions. Unless You explicitly state otherwise,
+    any Contribution intentionally submitted for inclusion in the Work
+    by You to the Licensor shall be under the terms and conditions of
+    this License, without any additional terms or conditions.
+    Notwithstanding the above, nothing herein shall supersede or modify
+    the terms of any separate license agreement you may have executed
+    with Licensor regarding such Contributions.
+
+6.  Trademarks. This License does not grant permission to use the trade
+    names, trademarks, service marks, or product names of the Licensor,
+    except as required for reasonable and customary use in describing the
+    origin of the Work and reproducing the content of the NOTICE file.
+
+7.  Disclaimer of Warranty. Unless required by applicable law or
+    agreed to in writing, Licensor provides the Work (and each
+    Contributor provides its Contributions) on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+    implied, including, without limitation, any warranties or conditions
+    of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+    PARTICULAR PURPOSE. You are solely responsible for determining the
+    appropriateness of using or redistributing the Work and assume any
+    risks associated with Your exercise of permissions under this License.
+
+8.  Limitation of Liability. In no event and under no legal theory,
+    whether in tort (including negligence), contract, or otherwise,
+    unless required by applicable law (such as deliberate and grossly
+    negligent acts) or agreed to in writing, shall any Contributor be
+    liable to You for damages, including any direct, indirect, special,
+    incidental, or consequential damages of any character arising as a
+    result of this License or out of the use or inability to use the
+    Work (including but not limited to damages for loss of goodwill,
+    work stoppage, computer failure or malfunction, or any and all
+    other commercial damages or losses), even if such Contributor
+    has been advised of the possibility of such damages.
+
+9.  Accepting Warranty or Additional Liability. While redistributing
+    the Work or Derivative Works thereof, You may choose to offer,
+    and charge a fee for, acceptance of support, warranty, indemnity,
+    or other liability obligations and/or rights consistent with this
+    License. However, in accepting such obligations, You may act only
+    on Your own behalf and on Your sole responsibility, not on behalf
+    of any other Contributor, and only if You agree to indemnify,
+    defend, and hold each Contributor harmless for any liability
+    incurred by, or claims asserted against, such Contributor by reason
+    of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

package/README.md

@@ -0,0 +1,27 @@
+# `@newton-xyz/policy-pack-vaultsfyi`
+
+Gates vault deposits based on real-time risk signals: APY anomalies, TVL drawdowns, risk score floors, and allocation changes
+
+Typed TypeScript bindings for the Newton **vaultsfyi** policy pack. Generated from the AVS-side artifacts at [`/vaultsfyi/`](../../vaultsfyi/) in this repo.
+
+## Install
+
+```bash
+pnpm add @newton-xyz/policy-pack-vaultsfyi
+```
+
+## What's exported
+
+| Export | Source | Purpose |
+|---|---|---|
+| `WasmArgsSchema` (zod) + `WasmArgs` (type) | `wasm_args_schema.json` | Inputs the pack's WASM receives at evaluation time. |
+| `SecretsSchema` (zod) + `Secrets` (type) | `secrets_schema.json` | API credentials uploaded before run/sim. |
+| `ParamsSchema` (zod) + `Params` (type) | `params_schema.json` | Configuration thresholds, set at policy upload time. |
+| `deployments` | top-level `deployments.json` | `chainId → { policy, policyData, wasmCid, ... }` |
+| `PACK_NAME`, `PACK_VERSION`, `PACK_DESCRIPTION`, `PACK_LINK`, `PACK_AUTHOR` | `policy_metadata.json` | Static pack identity. |
+
+## Regeneration
+
+The `src/*` files are generated. Edit the upstream JSON schemas under [`/vaultsfyi/`](../../vaultsfyi/) and run `pnpm gen:bindings` from the repo root to regenerate.
+
+The `package.json`, `tsconfig.json`, `tsup.config.ts`, and this README are scaffolded once and not overwritten on regen — you can hand-tune them.

package/dist/index.cjs

@@ -0,0 +1,227 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  PACK_AUTHOR: () => PACK_AUTHOR,
+  PACK_DESCRIPTION: () => PACK_DESCRIPTION,
+  PACK_LINK: () => PACK_LINK,
+  PACK_NAME: () => PACK_NAME,
+  PACK_VERSION: () => PACK_VERSION,
+  ParamsSchema: () => ParamsSchema,
+  RefinedParamsSchema: () => RefinedParamsSchema,
+  SecretsSchema: () => SecretsSchema,
+  WasmArgsSchema: () => WasmArgsSchema,
+  deployments: () => deployments,
+  vaultsfyi: () => vaultsfyi
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/deployments.ts
+var deployments = {
+  "11155111": {
+    policy: "0x14685C1769Eb6f449FeC42A48d086746F470CE4a",
+    policyData: "0x5F8B0FC2c22c039f97D2c806B48307B9A9C288C8",
+    wasmCid: "bafybeig6oielnnf4zorcmqkets6v26ov7t2o6ikipx6vupuzsjrxvbpkpe",
+    policyCodeHash: "0x09be97b5636da7b6e231914f47e2bfbc32fddfd3647e771d7624cea8fa2bdc54",
+    deployedAt: "2026-06-09",
+    notes: "host-secrets fix; current"
+  }
+};
+
+// src/metadata.ts
+var PACK_NAME = "vaultsfyi";
+var PACK_VERSION = "0.0.1";
+var PACK_DESCRIPTION = "Gates vault deposits based on real-time risk signals: APY anomalies, TVL drawdowns, risk score floors, and allocation changes";
+var PACK_LINK = "https://vaults.fyi";
+var PACK_AUTHOR = "";
+
+// src/pack.ts
+var import_viem = require("viem");
+var import_zod4 = require("zod");
+
+// src/params.ts
+var import_zod = require("zod");
+var ParamsSchema = import_zod.z.object({
+  apy_z_max: import_zod.z.number().describe(
+    "Max APY z-score (current vs 30d median). Exceeding this indicates an APY anomaly."
+  ),
+  tvl_drawdown_24h_max_pct: import_zod.z.number().describe("Max allowed 24h TVL drawdown percentage"),
+  tvl_drawdown_7d_max_pct: import_zod.z.number().describe("Max allowed 7d TVL drawdown percentage"),
+  risk_score_floor: import_zod.z.number().int().gte(0).lte(100).describe(
+    "Minimum acceptable risk score (0-100 integer scale; matches the AVS-side `vault.scores.netScore`). Set to 0 to effectively disable the floor."
+  ),
+  deny_on_allocation_change: import_zod.z.boolean().describe(
+    "Whether to deny if vault allocation/strategy metadata has changed since last evaluation"
+  ),
+  deny_on_critical_flag: import_zod.z.boolean().describe("Whether to deny if the vault has a flag with severity 'critical' or 'high'"),
+  deny_on_corrupted: import_zod.z.boolean().describe("Whether to deny if the vault is reported as corrupted by the data source")
+}).describe("Risk envelope thresholds for vault deposit gating");
+
+// src/prepare-query.ts
+var NETWORK_BY_CHAIN_ID = {
+  1: "mainnet",
+  8453: "base",
+  42161: "arbitrum",
+  10: "optimism",
+  11155111: "sepolia",
+  84532: "base-sepolia"
+};
+function networkForChain(chainId) {
+  const name = NETWORK_BY_CHAIN_ID[chainId];
+  if (!name) {
+    throw new Error(
+      `policy-pack-vaultsfyi: chain id ${chainId} is not in the vaults.fyi network map. Add it to NETWORK_BY_CHAIN_ID before using this pack on this chain.`
+    );
+  }
+  return name;
+}
+async function prepareQuery({ publicClient, vault }, options = {}) {
+  const chainId = publicClient.chain?.id;
+  if (chainId === void 0) {
+    throw new Error(
+      "policy-pack-vaultsfyi: publicClient.chain is undefined. Pass a chain to viem's createPublicClient."
+    );
+  }
+  return {
+    wasmArgs: {
+      network: networkForChain(chainId),
+      vaultAddress: vault,
+      lastKnownAllocationHash: options.previousAllocationHash ?? null
+    }
+  };
+}
+
+// src/secrets.ts
+var import_zod2 = require("zod");
+var SecretsSchema = import_zod2.z.object({ VAULTS_FYI_API_KEY: import_zod2.z.string().min(1) }).strict();
+
+// src/wasm-args.ts
+var import_zod3 = require("zod");
+var WasmArgsSchema = import_zod3.z.object({
+  network: import_zod3.z.string().describe(
+    "Blockchain network name as accepted by the vaults.fyi API (e.g. 'mainnet', 'base', 'arbitrum')."
+  ),
+  vaultAddress: import_zod3.z.string().describe("Vault contract address (0x-prefixed) to inspect."),
+  lastKnownAllocationHash: import_zod3.z.union([
+    import_zod3.z.string().describe(
+      "Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation."
+    ),
+    import_zod3.z.null().describe(
+      "Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation."
+    )
+  ]).describe(
+    "Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation."
+  ).optional()
+}).describe("Inputs passed to the vaults.fyi allocation-change policy WASM at evaluation time");
+
+// src/pack.ts
+var BASIS_POINTS = 1e4;
+function toBp(n) {
+  return BigInt(Math.round(n * BASIS_POINTS));
+}
+function fromBp(n) {
+  return Number(n) / BASIS_POINTS;
+}
+var isAtBasisPointPrecision = (n) => Math.abs(n * BASIS_POINTS - Math.round(n * BASIS_POINTS)) < Number.EPSILON;
+var RefinedParamsSchema = ParamsSchema.superRefine(
+  (params, ctx) => {
+    const numericFields = [
+      "apy_z_max",
+      "tvl_drawdown_24h_max_pct",
+      "tvl_drawdown_7d_max_pct"
+    ];
+    for (const field of numericFields) {
+      const value = params[field];
+      if (!isAtBasisPointPrecision(value)) {
+        ctx.addIssue({
+          code: import_zod4.z.ZodIssueCode.custom,
+          path: [field],
+          message: `Sub-basis-point precision is not supported. \`${field}: ${value}\` would silently encode as ${Math.round(value * BASIS_POINTS) / BASIS_POINTS}. Round to 4 decimal places (1bp) before passing.`
+        });
+      }
+    }
+  }
+);
+var POLICY_PARAMS_ABI = [
+  {
+    type: "tuple",
+    components: [
+      { name: "apyZMax", type: "uint256" },
+      { name: "tvlDrawdown24hMaxPct", type: "uint256" },
+      { name: "tvlDrawdown7dMaxPct", type: "uint256" },
+      { name: "riskScoreFloor", type: "uint16" },
+      { name: "denyOnAllocationChange", type: "bool" },
+      { name: "denyOnCriticalFlag", type: "bool" },
+      { name: "denyOnCorrupted", type: "bool" }
+    ]
+  }
+];
+function encodeRiskScore(n) {
+  if (!Number.isInteger(n) || n < 0 || n > 100) {
+    throw new RangeError(
+      `risk_score_floor must be an integer in [0, 100]; received ${n}. The AVS-side floor compares against \`vault.scores.netScore\` which is an integer 0-100.`
+    );
+  }
+  return n;
+}
+function encodeParams(params) {
+  return (0, import_viem.encodeAbiParameters)(POLICY_PARAMS_ABI, [
+    {
+      apyZMax: toBp(params.apy_z_max),
+      tvlDrawdown24hMaxPct: toBp(params.tvl_drawdown_24h_max_pct),
+      tvlDrawdown7dMaxPct: toBp(params.tvl_drawdown_7d_max_pct),
+      riskScoreFloor: encodeRiskScore(params.risk_score_floor),
+      denyOnAllocationChange: params.deny_on_allocation_change,
+      denyOnCriticalFlag: params.deny_on_critical_flag,
+      denyOnCorrupted: params.deny_on_corrupted
+    }
+  ]);
+}
+function decodeParams(encoded) {
+  const [decoded] = (0, import_viem.decodeAbiParameters)(POLICY_PARAMS_ABI, encoded);
+  return ParamsSchema.parse({
+    apy_z_max: fromBp(decoded.apyZMax),
+    tvl_drawdown_24h_max_pct: fromBp(decoded.tvlDrawdown24hMaxPct),
+    tvl_drawdown_7d_max_pct: fromBp(decoded.tvlDrawdown7dMaxPct),
+    risk_score_floor: decoded.riskScoreFloor,
+    deny_on_allocation_change: decoded.denyOnAllocationChange,
+    deny_on_critical_flag: decoded.denyOnCriticalFlag,
+    deny_on_corrupted: decoded.denyOnCorrupted
+  });
+}
+var vaultsfyi = {
+  id: `${PACK_NAME}/risk-envelope/v1`,
+  paramsSchema: RefinedParamsSchema,
+  wasmArgsSchema: WasmArgsSchema,
+  secretsSchema: SecretsSchema,
+  encodeParams,
+  decodeParams,
+  prepareQuery,
+  deployments,
+  metadata: {
+    name: PACK_NAME,
+    version: PACK_VERSION,
+    description: PACK_DESCRIPTION,
+    author: PACK_AUTHOR || void 0,
+    link: PACK_LINK || void 0
+  }
+};
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/deployments.ts","../src/metadata.ts","../src/pack.ts","../src/params.ts","../src/prepare-query.ts","../src/secrets.ts","../src/wasm-args.ts"],"sourcesContent":["// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n\nexport * from \"./deployments\";\nexport * from \"./metadata\";\nexport * from \"./pack\";\nexport * from \"./params\";\nexport * from \"./secrets\";\nexport * from \"./wasm-args\";\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nimport type { ChainId, Deployment } from \"@newton-xyz/policy-pack-shared\";\n\nexport const deployments = {\n\t\"11155111\": {\n\t\tpolicy: \"0x14685C1769Eb6f449FeC42A48d086746F470CE4a\",\n\t\tpolicyData: \"0x5F8B0FC2c22c039f97D2c806B48307B9A9C288C8\",\n\t\twasmCid: \"bafybeig6oielnnf4zorcmqkets6v26ov7t2o6ikipx6vupuzsjrxvbpkpe\",\n\t\tpolicyCodeHash: \"0x09be97b5636da7b6e231914f47e2bfbc32fddfd3647e771d7624cea8fa2bdc54\",\n\t\tdeployedAt: \"2026-06-09\",\n\t\tnotes: \"host-secrets fix; current\",\n\t},\n} as const satisfies Readonly<Partial<Record<ChainId, Deployment>>>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nexport const PACK_NAME = \"vaultsfyi\" as const;\nexport const PACK_VERSION = \"0.0.1\" as const;\nexport const PACK_DESCRIPTION =\n\t\"Gates vault deposits based on real-time risk signals: APY anomalies, TVL drawdowns, risk score floors, and allocation changes\" as const;\nexport const PACK_LINK = \"https://vaults.fyi\" as const;\nexport const PACK_AUTHOR = \"\" as const;\n","// Hand-written canonical export — survives `pnpm gen:bindings` regen.\n// The generated `index.ts` re-exports `pack.ts` when present.\nimport type { PolicyPack } from \"@newton-xyz/policy-pack-shared\";\nimport { decodeAbiParameters, encodeAbiParameters, type Hex } from \"viem\";\nimport { z } from \"zod\";\nimport { deployments } from \"./deployments\";\nimport { PACK_AUTHOR, PACK_DESCRIPTION, PACK_LINK, PACK_NAME, PACK_VERSION } from \"./metadata\";\nimport { type Params, ParamsSchema } from \"./params\";\nimport { prepareQuery } from \"./prepare-query\";\nimport { type Secrets, SecretsSchema } from \"./secrets\";\nimport { type WasmArgs, WasmArgsSchema } from \"./wasm-args\";\n\n/**\n * The fractional thresholds (`apy_z_max`, `tvl_drawdown_*_max_pct`) are stored\n * in basis points so the on-chain bytes carry only `uint256`. `apy_z_max: 1.5`\n * becomes `15000` (1.5e4 bp); `tvl_drawdown_24h_max_pct: 0.05` becomes `500`.\n * `risk_score_floor` is *not* basis-point-encoded — it's a 0-100 integer scale\n * that matches the AVS-side `vault.scores.netScore` field directly, so it\n * round-trips through `uint16` as-is.\n */\nconst BASIS_POINTS = 10_000;\n\nfunction toBp(n: number): bigint {\n\treturn BigInt(Math.round(n * BASIS_POINTS));\n}\n\nfunction fromBp(n: bigint): number {\n\treturn Number(n) / BASIS_POINTS;\n}\n\n/**\n * Refined params schema with sub-basis-point precision rejection on every\n * fractional threshold so a curator typing `tvl_drawdown_24h_max_pct: 0.00005`\n * can't silently encode as `0n` and disable the cap. The generated\n * `ParamsSchema` from `./params` is the canonical zod derived from\n * `params_schema.json`; this version sits on top of it for stricter SDK-side\n * input validation. `risk_score_floor` is excluded — it's an integer 0-100\n * scale, not a basis-point fraction. Exported with a distinct name to avoid\n * clashing with the generated star re-export in `index.ts`.\n */\nconst isAtBasisPointPrecision = (n: number) =>\n\tMath.abs(n * BASIS_POINTS - Math.round(n * BASIS_POINTS)) < Number.EPSILON;\n\nexport const RefinedParamsSchema = (ParamsSchema as unknown as z.ZodType<Params>).superRefine(\n\t(params, ctx) => {\n\t\tconst numericFields: ReadonlyArray<keyof Params> = [\n\t\t\t\"apy_z_max\",\n\t\t\t\"tvl_drawdown_24h_max_pct\",\n\t\t\t\"tvl_drawdown_7d_max_pct\",\n\t\t];\n\t\tfor (const field of numericFields) {\n\t\t\tconst value = params[field] as number;\n\t\t\tif (!isAtBasisPointPrecision(value)) {\n\t\t\t\tctx.addIssue({\n\t\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\t\tpath: [field],\n\t\t\t\t\tmessage: `Sub-basis-point precision is not supported. \\`${field}: ${value}\\` would silently encode as ${\n\t\t\t\t\t\tMath.round(value * BASIS_POINTS) / BASIS_POINTS\n\t\t\t\t\t}. Round to 4 decimal places (1bp) before passing.`,\n\t\t\t\t});\n\t\t\t}\n\t\t}\n\t},\n);\n\n/**\n * On-chain layout of `policyParams` for the vaults.fyi risk-envelope policy.\n *\n * This is the ABI tuple that round-trips through `NewtonPolicyData.policyParams`.\n * Keys are sorted to match `ParamsSchema`'s key order so generated zod and\n * encoded bytes stay in sync. If the schema adds a field, add it here in the\n * same position and bump the policy contract.\n */\nconst POLICY_PARAMS_ABI = [\n\t{\n\t\ttype: \"tuple\",\n\t\tcomponents: [\n\t\t\t{ name: \"apyZMax\", type: \"uint256\" },\n\t\t\t{ name: \"tvlDrawdown24hMaxPct\", type: \"uint256\" },\n\t\t\t{ name: \"tvlDrawdown7dMaxPct\", type: \"uint256\" },\n\t\t\t{ name: \"riskScoreFloor\", type: \"uint16\" },\n\t\t\t{ name: \"denyOnAllocationChange\", type: \"bool\" },\n\t\t\t{ name: \"denyOnCriticalFlag\", type: \"bool\" },\n\t\t\t{ name: \"denyOnCorrupted\", type: \"bool\" },\n\t\t],\n\t},\n] as const;\n\nfunction encodeRiskScore(n: number): number {\n\tif (!Number.isInteger(n) || n < 0 || n > 100) {\n\t\tthrow new RangeError(\n\t\t\t`risk_score_floor must be an integer in [0, 100]; received ${n}. The AVS-side floor compares against \\`vault.scores.netScore\\` which is an integer 0-100.`,\n\t\t);\n\t}\n\treturn n;\n}\n\nfunction encodeParams(params: Params): Hex {\n\treturn encodeAbiParameters(POLICY_PARAMS_ABI, [\n\t\t{\n\t\t\tapyZMax: toBp(params.apy_z_max),\n\t\t\ttvlDrawdown24hMaxPct: toBp(params.tvl_drawdown_24h_max_pct),\n\t\t\ttvlDrawdown7dMaxPct: toBp(params.tvl_drawdown_7d_max_pct),\n\t\t\triskScoreFloor: encodeRiskScore(params.risk_score_floor),\n\t\t\tdenyOnAllocationChange: params.deny_on_allocation_change,\n\t\t\tdenyOnCriticalFlag: params.deny_on_critical_flag,\n\t\t\tdenyOnCorrupted: params.deny_on_corrupted,\n\t\t},\n\t]);\n}\n\nfunction decodeParams(encoded: Hex): Params {\n\tconst [decoded] = decodeAbiParameters(POLICY_PARAMS_ABI, encoded);\n\treturn ParamsSchema.parse({\n\t\tapy_z_max: fromBp(decoded.apyZMax),\n\t\ttvl_drawdown_24h_max_pct: fromBp(decoded.tvlDrawdown24hMaxPct),\n\t\ttvl_drawdown_7d_max_pct: fromBp(decoded.tvlDrawdown7dMaxPct),\n\t\trisk_score_floor: decoded.riskScoreFloor,\n\t\tdeny_on_allocation_change: decoded.denyOnAllocationChange,\n\t\tdeny_on_critical_flag: decoded.denyOnCriticalFlag,\n\t\tdeny_on_corrupted: decoded.denyOnCorrupted,\n\t});\n}\n\n/**\n * The vaults.fyi risk-envelope `PolicyPack`.\n *\n * Pass to `createShield(...)` from `@newton-xyz/newton-shield-sdk`:\n *\n * ```ts\n * import { vaultsfyi } from \"@newton-xyz/policy-pack-vaultsfyi\";\n *\n * const shield = await createShield({\n *   walletClient,\n *   vault,\n *   pack: vaultsfyi,\n *   params: {\n *     apy_z_max: 3,\n *     tvl_drawdown_24h_max_pct: 0.05,\n *     tvl_drawdown_7d_max_pct: 0.20,\n *     risk_score_floor: 85, // 0-100 integer; matches AVS `vault.scores.netScore`\n *     deny_on_allocation_change: true,\n *     deny_on_critical_flag: true,\n *     deny_on_corrupted: true,\n *   },\n * });\n * ```\n */\nexport const vaultsfyi: PolicyPack<Params, WasmArgs, Secrets> = {\n\tid: `${PACK_NAME}/risk-envelope/v1`,\n\tparamsSchema: RefinedParamsSchema,\n\twasmArgsSchema: WasmArgsSchema,\n\tsecretsSchema: SecretsSchema,\n\tencodeParams,\n\tdecodeParams,\n\tprepareQuery,\n\tdeployments,\n\tmetadata: {\n\t\tname: PACK_NAME,\n\t\tversion: PACK_VERSION,\n\t\tdescription: PACK_DESCRIPTION,\n\t\tauthor: PACK_AUTHOR || undefined,\n\t\tlink: PACK_LINK || undefined,\n\t},\n};\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: vaultsfyi/params_schema.json\nimport { z } from \"zod\";\n\nexport const ParamsSchema = z\n\t.object({\n\t\tapy_z_max: z\n\t\t\t.number()\n\t\t\t.describe(\n\t\t\t\t\"Max APY z-score (current vs 30d median). Exceeding this indicates an APY anomaly.\",\n\t\t\t),\n\t\ttvl_drawdown_24h_max_pct: z.number().describe(\"Max allowed 24h TVL drawdown percentage\"),\n\t\ttvl_drawdown_7d_max_pct: z.number().describe(\"Max allowed 7d TVL drawdown percentage\"),\n\t\trisk_score_floor: z\n\t\t\t.number()\n\t\t\t.int()\n\t\t\t.gte(0)\n\t\t\t.lte(100)\n\t\t\t.describe(\n\t\t\t\t\"Minimum acceptable risk score (0-100 integer scale; matches the AVS-side `vault.scores.netScore`). Set to 0 to effectively disable the floor.\",\n\t\t\t),\n\t\tdeny_on_allocation_change: z\n\t\t\t.boolean()\n\t\t\t.describe(\n\t\t\t\t\"Whether to deny if vault allocation/strategy metadata has changed since last evaluation\",\n\t\t\t),\n\t\tdeny_on_critical_flag: z\n\t\t\t.boolean()\n\t\t\t.describe(\"Whether to deny if the vault has a flag with severity 'critical' or 'high'\"),\n\t\tdeny_on_corrupted: z\n\t\t\t.boolean()\n\t\t\t.describe(\"Whether to deny if the vault is reported as corrupted by the data source\"),\n\t})\n\t.describe(\"Risk envelope thresholds for vault deposit gating\");\n\nexport type Params = z.infer<typeof ParamsSchema>;\n","import type { PrepareQueryArgs, PrepareQueryResult } from \"@newton-xyz/policy-pack-shared\";\nimport type { WasmArgs } from \"./wasm-args\";\n\n/**\n * vaults.fyi network slugs. Keyed by viem chain id. The AVS-side `policy.js`\n * fetches `https://api.vaults.fyi/v2/historical/<network>/<vaultAddress>`\n * with this slug, so the SDK has to use the same map.\n */\nconst NETWORK_BY_CHAIN_ID: Readonly<Record<number, string>> = {\n\t1: \"mainnet\",\n\t8453: \"base\",\n\t42161: \"arbitrum\",\n\t10: \"optimism\",\n\t11155111: \"sepolia\",\n\t84532: \"base-sepolia\",\n};\n\nfunction networkForChain(chainId: number): string {\n\tconst name = NETWORK_BY_CHAIN_ID[chainId];\n\tif (!name) {\n\t\tthrow new Error(\n\t\t\t`policy-pack-vaultsfyi: chain id ${chainId} is not in the vaults.fyi network map. Add it to NETWORK_BY_CHAIN_ID before using this pack on this chain.`,\n\t\t);\n\t}\n\treturn name;\n}\n\n/**\n * Build the WASM args the vaults.fyi policy expects.\n *\n * The AVS-side `policy.js` computes the canonical allocation hash itself\n * (FNV-1a over `JSON.stringify({ protocol?.name, tags, fees, childrenVaults })`\n * fetched from the vaults.fyi API). The SDK has nothing to add — the AVS is\n * the source of truth for both the data and the hash. The SDK's only job is\n * to thread the *previous* hash through so the AVS can compare:\n *\n *   - First call: pass `previousAllocationHash: undefined` (defaults to\n *     `null` in wasmArgs). The AVS-side `allocation_changed_since_last`\n *     branch returns `false`, so `deny_on_allocation_change` doesn't fire\n *     on a clean first observation.\n *   - Subsequent calls: pass the hash the AVS returned on the prior call\n *     (typically read from `policyData` storage or a curator-side cache).\n *     The AVS compares against its freshly-computed hash and flips\n *     `allocation_changed_since_last` if they diverge.\n *\n * Earlier revisions of this function read MetaMorpho's `supplyQueue` and\n * computed `keccak256(abi.encode(bytes32[]))` — that hash never matched the\n * AVS's FNV-1a-over-API-metadata, so `deny_on_allocation_change: true` was\n * effectively a coin flip. Removed.\n */\nexport async function prepareQuery(\n\t{ publicClient, vault }: PrepareQueryArgs,\n\toptions: { previousAllocationHash?: string } = {},\n): Promise<PrepareQueryResult<WasmArgs>> {\n\tconst chainId = publicClient.chain?.id;\n\tif (chainId === undefined) {\n\t\tthrow new Error(\n\t\t\t\"policy-pack-vaultsfyi: publicClient.chain is undefined. Pass a chain to viem's createPublicClient.\",\n\t\t);\n\t}\n\n\treturn {\n\t\twasmArgs: {\n\t\t\tnetwork: networkForChain(chainId),\n\t\t\tvaultAddress: vault,\n\t\t\tlastKnownAllocationHash: options.previousAllocationHash ?? null,\n\t\t},\n\t};\n}\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: vaultsfyi/secrets_schema.json\nimport { z } from \"zod\";\n\nexport const SecretsSchema = z.object({ VAULTS_FYI_API_KEY: z.string().min(1) }).strict();\n\nexport type Secrets = z.infer<typeof SecretsSchema>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: vaultsfyi/wasm_args_schema.json\nimport { z } from \"zod\";\n\nexport const WasmArgsSchema = z\n\t.object({\n\t\tnetwork: z\n\t\t\t.string()\n\t\t\t.describe(\n\t\t\t\t\"Blockchain network name as accepted by the vaults.fyi API (e.g. 'mainnet', 'base', 'arbitrum').\",\n\t\t\t),\n\t\tvaultAddress: z.string().describe(\"Vault contract address (0x-prefixed) to inspect.\"),\n\t\tlastKnownAllocationHash: z\n\t\t\t.union([\n\t\t\t\tz\n\t\t\t\t\t.string()\n\t\t\t\t\t.describe(\n\t\t\t\t\t\t\"Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation.\",\n\t\t\t\t\t),\n\t\t\t\tz\n\t\t\t\t\t.null()\n\t\t\t\t\t.describe(\n\t\t\t\t\t\t\"Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation.\",\n\t\t\t\t\t),\n\t\t\t])\n\t\t\t.describe(\n\t\t\t\t\"Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation.\",\n\t\t\t)\n\t\t\t.optional(),\n\t})\n\t.describe(\"Inputs passed to the vaults.fyi allocation-change policy WASM at evaluation time\");\n\nexport type WasmArgs = z.infer<typeof WasmArgsSchema>;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIO,IAAM,cAAc;AAAA,EAC1B,YAAY;AAAA,IACX,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,gBAAgB;AAAA,IAChB,YAAY;AAAA,IACZ,OAAO;AAAA,EACR;AACD;;;ACXO,IAAM,YAAY;AAClB,IAAM,eAAe;AACrB,IAAM,mBACZ;AACM,IAAM,YAAY;AAClB,IAAM,cAAc;;;ACJ3B,kBAAmE;AACnE,IAAAA,cAAkB;;;ACDlB,iBAAkB;AAEX,IAAM,eAAe,aAC1B,OAAO;AAAA,EACP,WAAW,aACT,OAAO,EACP;AAAA,IACA;AAAA,EACD;AAAA,EACD,0BAA0B,aAAE,OAAO,EAAE,SAAS,yCAAyC;AAAA,EACvF,yBAAyB,aAAE,OAAO,EAAE,SAAS,wCAAwC;AAAA,EACrF,kBAAkB,aAChB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,EACL,IAAI,GAAG,EACP;AAAA,IACA;AAAA,EACD;AAAA,EACD,2BAA2B,aACzB,QAAQ,EACR;AAAA,IACA;AAAA,EACD;AAAA,EACD,uBAAuB,aACrB,QAAQ,EACR,SAAS,4EAA4E;AAAA,EACvF,mBAAmB,aACjB,QAAQ,EACR,SAAS,0EAA0E;AACtF,CAAC,EACA,SAAS,mDAAmD;;;AC1B9D,IAAM,sBAAwD;AAAA,EAC7D,GAAG;AAAA,EACH,MAAM;AAAA,EACN,OAAO;AAAA,EACP,IAAI;AAAA,EACJ,UAAU;AAAA,EACV,OAAO;AACR;AAEA,SAAS,gBAAgB,SAAyB;AACjD,QAAM,OAAO,oBAAoB,OAAO;AACxC,MAAI,CAAC,MAAM;AACV,UAAM,IAAI;AAAA,MACT,mCAAmC,OAAO;AAAA,IAC3C;AAAA,EACD;AACA,SAAO;AACR;AAyBA,eAAsB,aACrB,EAAE,cAAc,MAAM,GACtB,UAA+C,CAAC,GACR;AACxC,QAAM,UAAU,aAAa,OAAO;AACpC,MAAI,YAAY,QAAW;AAC1B,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AAEA,SAAO;AAAA,IACN,UAAU;AAAA,MACT,SAAS,gBAAgB,OAAO;AAAA,MAChC,cAAc;AAAA,MACd,yBAAyB,QAAQ,0BAA0B;AAAA,IAC5D;AAAA,EACD;AACD;;;ACjEA,IAAAC,cAAkB;AAEX,IAAM,gBAAgB,cAAE,OAAO,EAAE,oBAAoB,cAAE,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC,EAAE,OAAO;;;ACFxF,IAAAC,cAAkB;AAEX,IAAM,iBAAiB,cAC5B,OAAO;AAAA,EACP,SAAS,cACP,OAAO,EACP;AAAA,IACA;AAAA,EACD;AAAA,EACD,cAAc,cAAE,OAAO,EAAE,SAAS,kDAAkD;AAAA,EACpF,yBAAyB,cACvB,MAAM;AAAA,IACN,cACE,OAAO,EACP;AAAA,MACA;AAAA,IACD;AAAA,IACD,cACE,KAAK,EACL;AAAA,MACA;AAAA,IACD;AAAA,EACF,CAAC,EACA;AAAA,IACA;AAAA,EACD,EACC,SAAS;AACZ,CAAC,EACA,SAAS,kFAAkF;;;AJX7F,IAAM,eAAe;AAErB,SAAS,KAAK,GAAmB;AAChC,SAAO,OAAO,KAAK,MAAM,IAAI,YAAY,CAAC;AAC3C;AAEA,SAAS,OAAO,GAAmB;AAClC,SAAO,OAAO,CAAC,IAAI;AACpB;AAYA,IAAM,0BAA0B,CAAC,MAChC,KAAK,IAAI,IAAI,eAAe,KAAK,MAAM,IAAI,YAAY,CAAC,IAAI,OAAO;AAE7D,IAAM,sBAAuB,aAA8C;AAAA,EACjF,CAAC,QAAQ,QAAQ;AAChB,UAAM,gBAA6C;AAAA,MAClD;AAAA,MACA;AAAA,MACA;AAAA,IACD;AACA,eAAW,SAAS,eAAe;AAClC,YAAM,QAAQ,OAAO,KAAK;AAC1B,UAAI,CAAC,wBAAwB,KAAK,GAAG;AACpC,YAAI,SAAS;AAAA,UACZ,MAAM,cAAE,aAAa;AAAA,UACrB,MAAM,CAAC,KAAK;AAAA,UACZ,SAAS,iDAAiD,KAAK,KAAK,KAAK,+BACxE,KAAK,MAAM,QAAQ,YAAY,IAAI,YACpC;AAAA,QACD,CAAC;AAAA,MACF;AAAA,IACD;AAAA,EACD;AACD;AAUA,IAAM,oBAAoB;AAAA,EACzB;AAAA,IACC,MAAM;AAAA,IACN,YAAY;AAAA,MACX,EAAE,MAAM,WAAW,MAAM,UAAU;AAAA,MACnC,EAAE,MAAM,wBAAwB,MAAM,UAAU;AAAA,MAChD,EAAE,MAAM,uBAAuB,MAAM,UAAU;AAAA,MAC/C,EAAE,MAAM,kBAAkB,MAAM,SAAS;AAAA,MACzC,EAAE,MAAM,0BAA0B,MAAM,OAAO;AAAA,MAC/C,EAAE,MAAM,sBAAsB,MAAM,OAAO;AAAA,MAC3C,EAAE,MAAM,mBAAmB,MAAM,OAAO;AAAA,IACzC;AAAA,EACD;AACD;AAEA,SAAS,gBAAgB,GAAmB;AAC3C,MAAI,CAAC,OAAO,UAAU,CAAC,KAAK,IAAI,KAAK,IAAI,KAAK;AAC7C,UAAM,IAAI;AAAA,MACT,6DAA6D,CAAC;AAAA,IAC/D;AAAA,EACD;AACA,SAAO;AACR;AAEA,SAAS,aAAa,QAAqB;AAC1C,aAAO,iCAAoB,mBAAmB;AAAA,IAC7C;AAAA,MACC,SAAS,KAAK,OAAO,SAAS;AAAA,MAC9B,sBAAsB,KAAK,OAAO,wBAAwB;AAAA,MAC1D,qBAAqB,KAAK,OAAO,uBAAuB;AAAA,MACxD,gBAAgB,gBAAgB,OAAO,gBAAgB;AAAA,MACvD,wBAAwB,OAAO;AAAA,MAC/B,oBAAoB,OAAO;AAAA,MAC3B,iBAAiB,OAAO;AAAA,IACzB;AAAA,EACD,CAAC;AACF;AAEA,SAAS,aAAa,SAAsB;AAC3C,QAAM,CAAC,OAAO,QAAI,iCAAoB,mBAAmB,OAAO;AAChE,SAAO,aAAa,MAAM;AAAA,IACzB,WAAW,OAAO,QAAQ,OAAO;AAAA,IACjC,0BAA0B,OAAO,QAAQ,oBAAoB;AAAA,IAC7D,yBAAyB,OAAO,QAAQ,mBAAmB;AAAA,IAC3D,kBAAkB,QAAQ;AAAA,IAC1B,2BAA2B,QAAQ;AAAA,IACnC,uBAAuB,QAAQ;AAAA,IAC/B,mBAAmB,QAAQ;AAAA,EAC5B,CAAC;AACF;AA0BO,IAAM,YAAmD;AAAA,EAC/D,IAAI,GAAG,SAAS;AAAA,EAChB,cAAc;AAAA,EACd,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAU;AAAA,IACT,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa;AAAA,IACb,QAAQ,eAAe;AAAA,IACvB,MAAM,aAAa;AAAA,EACpB;AACD;","names":["import_zod","import_zod","import_zod"]}

package/dist/index.d.cts

@@ -0,0 +1,131 @@
+import { PolicyPack } from '@newton-xyz/policy-pack-shared';
+import { z } from 'zod';
+
+declare const deployments: {
+    readonly "11155111": {
+        readonly policy: "0x14685C1769Eb6f449FeC42A48d086746F470CE4a";
+        readonly policyData: "0x5F8B0FC2c22c039f97D2c806B48307B9A9C288C8";
+        readonly wasmCid: "bafybeig6oielnnf4zorcmqkets6v26ov7t2o6ikipx6vupuzsjrxvbpkpe";
+        readonly policyCodeHash: "0x09be97b5636da7b6e231914f47e2bfbc32fddfd3647e771d7624cea8fa2bdc54";
+        readonly deployedAt: "2026-06-09";
+        readonly notes: "host-secrets fix; current";
+    };
+};
+
+declare const PACK_NAME: "vaultsfyi";
+declare const PACK_VERSION: "0.0.1";
+declare const PACK_DESCRIPTION: "Gates vault deposits based on real-time risk signals: APY anomalies, TVL drawdowns, risk score floors, and allocation changes";
+declare const PACK_LINK: "https://vaults.fyi";
+declare const PACK_AUTHOR: "";
+
+declare const ParamsSchema: z.ZodObject<{
+    apy_z_max: z.ZodNumber;
+    tvl_drawdown_24h_max_pct: z.ZodNumber;
+    tvl_drawdown_7d_max_pct: z.ZodNumber;
+    risk_score_floor: z.ZodNumber;
+    deny_on_allocation_change: z.ZodBoolean;
+    deny_on_critical_flag: z.ZodBoolean;
+    deny_on_corrupted: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}, {
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}>;
+type Params = z.infer<typeof ParamsSchema>;
+
+declare const SecretsSchema: z.ZodObject<{
+    VAULTS_FYI_API_KEY: z.ZodString;
+}, "strict", z.ZodTypeAny, {
+    VAULTS_FYI_API_KEY: string;
+}, {
+    VAULTS_FYI_API_KEY: string;
+}>;
+type Secrets = z.infer<typeof SecretsSchema>;
+
+declare const WasmArgsSchema: z.ZodObject<{
+    network: z.ZodString;
+    vaultAddress: z.ZodString;
+    lastKnownAllocationHash: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNull]>>;
+}, "strip", z.ZodTypeAny, {
+    network: string;
+    vaultAddress: string;
+    lastKnownAllocationHash?: string | null | undefined;
+}, {
+    network: string;
+    vaultAddress: string;
+    lastKnownAllocationHash?: string | null | undefined;
+}>;
+type WasmArgs = z.infer<typeof WasmArgsSchema>;
+
+declare const RefinedParamsSchema: z.ZodEffects<z.ZodType<{
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}, z.ZodTypeDef, {
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}>, {
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}, {
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}>;
+/**
+ * The vaults.fyi risk-envelope `PolicyPack`.
+ *
+ * Pass to `createShield(...)` from `@newton-xyz/newton-shield-sdk`:
+ *
+ * ```ts
+ * import { vaultsfyi } from "@newton-xyz/policy-pack-vaultsfyi";
+ *
+ * const shield = await createShield({
+ *   walletClient,
+ *   vault,
+ *   pack: vaultsfyi,
+ *   params: {
+ *     apy_z_max: 3,
+ *     tvl_drawdown_24h_max_pct: 0.05,
+ *     tvl_drawdown_7d_max_pct: 0.20,
+ *     risk_score_floor: 85, // 0-100 integer; matches AVS `vault.scores.netScore`
+ *     deny_on_allocation_change: true,
+ *     deny_on_critical_flag: true,
+ *     deny_on_corrupted: true,
+ *   },
+ * });
+ * ```
+ */
+declare const vaultsfyi: PolicyPack<Params, WasmArgs, Secrets>;
+
+export { PACK_AUTHOR, PACK_DESCRIPTION, PACK_LINK, PACK_NAME, PACK_VERSION, type Params, ParamsSchema, RefinedParamsSchema, type Secrets, SecretsSchema, type WasmArgs, WasmArgsSchema, deployments, vaultsfyi };

package/dist/index.d.ts

@@ -0,0 +1,131 @@
+import { PolicyPack } from '@newton-xyz/policy-pack-shared';
+import { z } from 'zod';
+
+declare const deployments: {
+    readonly "11155111": {
+        readonly policy: "0x14685C1769Eb6f449FeC42A48d086746F470CE4a";
+        readonly policyData: "0x5F8B0FC2c22c039f97D2c806B48307B9A9C288C8";
+        readonly wasmCid: "bafybeig6oielnnf4zorcmqkets6v26ov7t2o6ikipx6vupuzsjrxvbpkpe";
+        readonly policyCodeHash: "0x09be97b5636da7b6e231914f47e2bfbc32fddfd3647e771d7624cea8fa2bdc54";
+        readonly deployedAt: "2026-06-09";
+        readonly notes: "host-secrets fix; current";
+    };
+};
+
+declare const PACK_NAME: "vaultsfyi";
+declare const PACK_VERSION: "0.0.1";
+declare const PACK_DESCRIPTION: "Gates vault deposits based on real-time risk signals: APY anomalies, TVL drawdowns, risk score floors, and allocation changes";
+declare const PACK_LINK: "https://vaults.fyi";
+declare const PACK_AUTHOR: "";
+
+declare const ParamsSchema: z.ZodObject<{
+    apy_z_max: z.ZodNumber;
+    tvl_drawdown_24h_max_pct: z.ZodNumber;
+    tvl_drawdown_7d_max_pct: z.ZodNumber;
+    risk_score_floor: z.ZodNumber;
+    deny_on_allocation_change: z.ZodBoolean;
+    deny_on_critical_flag: z.ZodBoolean;
+    deny_on_corrupted: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}, {
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}>;
+type Params = z.infer<typeof ParamsSchema>;
+
+declare const SecretsSchema: z.ZodObject<{
+    VAULTS_FYI_API_KEY: z.ZodString;
+}, "strict", z.ZodTypeAny, {
+    VAULTS_FYI_API_KEY: string;
+}, {
+    VAULTS_FYI_API_KEY: string;
+}>;
+type Secrets = z.infer<typeof SecretsSchema>;
+
+declare const WasmArgsSchema: z.ZodObject<{
+    network: z.ZodString;
+    vaultAddress: z.ZodString;
+    lastKnownAllocationHash: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNull]>>;
+}, "strip", z.ZodTypeAny, {
+    network: string;
+    vaultAddress: string;
+    lastKnownAllocationHash?: string | null | undefined;
+}, {
+    network: string;
+    vaultAddress: string;
+    lastKnownAllocationHash?: string | null | undefined;
+}>;
+type WasmArgs = z.infer<typeof WasmArgsSchema>;
+
+declare const RefinedParamsSchema: z.ZodEffects<z.ZodType<{
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}, z.ZodTypeDef, {
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}>, {
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}, {
+    apy_z_max: number;
+    tvl_drawdown_24h_max_pct: number;
+    tvl_drawdown_7d_max_pct: number;
+    risk_score_floor: number;
+    deny_on_allocation_change: boolean;
+    deny_on_critical_flag: boolean;
+    deny_on_corrupted: boolean;
+}>;
+/**
+ * The vaults.fyi risk-envelope `PolicyPack`.
+ *
+ * Pass to `createShield(...)` from `@newton-xyz/newton-shield-sdk`:
+ *
+ * ```ts
+ * import { vaultsfyi } from "@newton-xyz/policy-pack-vaultsfyi";
+ *
+ * const shield = await createShield({
+ *   walletClient,
+ *   vault,
+ *   pack: vaultsfyi,
+ *   params: {
+ *     apy_z_max: 3,
+ *     tvl_drawdown_24h_max_pct: 0.05,
+ *     tvl_drawdown_7d_max_pct: 0.20,
+ *     risk_score_floor: 85, // 0-100 integer; matches AVS `vault.scores.netScore`
+ *     deny_on_allocation_change: true,
+ *     deny_on_critical_flag: true,
+ *     deny_on_corrupted: true,
+ *   },
+ * });
+ * ```
+ */
+declare const vaultsfyi: PolicyPack<Params, WasmArgs, Secrets>;
+
+export { PACK_AUTHOR, PACK_DESCRIPTION, PACK_LINK, PACK_NAME, PACK_VERSION, type Params, ParamsSchema, RefinedParamsSchema, type Secrets, SecretsSchema, type WasmArgs, WasmArgsSchema, deployments, vaultsfyi };

package/dist/index.js

@@ -0,0 +1,204 @@
+// src/deployments.ts
+var deployments = {
+  "11155111": {
+    policy: "0x14685C1769Eb6f449FeC42A48d086746F470CE4a",
+    policyData: "0x5F8B0FC2c22c039f97D2c806B48307B9A9C288C8",
+    wasmCid: "bafybeig6oielnnf4zorcmqkets6v26ov7t2o6ikipx6vupuzsjrxvbpkpe",
+    policyCodeHash: "0x09be97b5636da7b6e231914f47e2bfbc32fddfd3647e771d7624cea8fa2bdc54",
+    deployedAt: "2026-06-09",
+    notes: "host-secrets fix; current"
+  }
+};
+
+// src/metadata.ts
+var PACK_NAME = "vaultsfyi";
+var PACK_VERSION = "0.0.1";
+var PACK_DESCRIPTION = "Gates vault deposits based on real-time risk signals: APY anomalies, TVL drawdowns, risk score floors, and allocation changes";
+var PACK_LINK = "https://vaults.fyi";
+var PACK_AUTHOR = "";
+
+// src/pack.ts
+import { decodeAbiParameters, encodeAbiParameters } from "viem";
+import { z as z4 } from "zod";
+
+// src/params.ts
+import { z } from "zod";
+var ParamsSchema = z.object({
+  apy_z_max: z.number().describe(
+    "Max APY z-score (current vs 30d median). Exceeding this indicates an APY anomaly."
+  ),
+  tvl_drawdown_24h_max_pct: z.number().describe("Max allowed 24h TVL drawdown percentage"),
+  tvl_drawdown_7d_max_pct: z.number().describe("Max allowed 7d TVL drawdown percentage"),
+  risk_score_floor: z.number().int().gte(0).lte(100).describe(
+    "Minimum acceptable risk score (0-100 integer scale; matches the AVS-side `vault.scores.netScore`). Set to 0 to effectively disable the floor."
+  ),
+  deny_on_allocation_change: z.boolean().describe(
+    "Whether to deny if vault allocation/strategy metadata has changed since last evaluation"
+  ),
+  deny_on_critical_flag: z.boolean().describe("Whether to deny if the vault has a flag with severity 'critical' or 'high'"),
+  deny_on_corrupted: z.boolean().describe("Whether to deny if the vault is reported as corrupted by the data source")
+}).describe("Risk envelope thresholds for vault deposit gating");
+
+// src/prepare-query.ts
+var NETWORK_BY_CHAIN_ID = {
+  1: "mainnet",
+  8453: "base",
+  42161: "arbitrum",
+  10: "optimism",
+  11155111: "sepolia",
+  84532: "base-sepolia"
+};
+function networkForChain(chainId) {
+  const name = NETWORK_BY_CHAIN_ID[chainId];
+  if (!name) {
+    throw new Error(
+      `policy-pack-vaultsfyi: chain id ${chainId} is not in the vaults.fyi network map. Add it to NETWORK_BY_CHAIN_ID before using this pack on this chain.`
+    );
+  }
+  return name;
+}
+async function prepareQuery({ publicClient, vault }, options = {}) {
+  const chainId = publicClient.chain?.id;
+  if (chainId === void 0) {
+    throw new Error(
+      "policy-pack-vaultsfyi: publicClient.chain is undefined. Pass a chain to viem's createPublicClient."
+    );
+  }
+  return {
+    wasmArgs: {
+      network: networkForChain(chainId),
+      vaultAddress: vault,
+      lastKnownAllocationHash: options.previousAllocationHash ?? null
+    }
+  };
+}
+
+// src/secrets.ts
+import { z as z2 } from "zod";
+var SecretsSchema = z2.object({ VAULTS_FYI_API_KEY: z2.string().min(1) }).strict();
+
+// src/wasm-args.ts
+import { z as z3 } from "zod";
+var WasmArgsSchema = z3.object({
+  network: z3.string().describe(
+    "Blockchain network name as accepted by the vaults.fyi API (e.g. 'mainnet', 'base', 'arbitrum')."
+  ),
+  vaultAddress: z3.string().describe("Vault contract address (0x-prefixed) to inspect."),
+  lastKnownAllocationHash: z3.union([
+    z3.string().describe(
+      "Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation."
+    ),
+    z3.null().describe(
+      "Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation."
+    )
+  ]).describe(
+    "Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation."
+  ).optional()
+}).describe("Inputs passed to the vaults.fyi allocation-change policy WASM at evaluation time");
+
+// src/pack.ts
+var BASIS_POINTS = 1e4;
+function toBp(n) {
+  return BigInt(Math.round(n * BASIS_POINTS));
+}
+function fromBp(n) {
+  return Number(n) / BASIS_POINTS;
+}
+var isAtBasisPointPrecision = (n) => Math.abs(n * BASIS_POINTS - Math.round(n * BASIS_POINTS)) < Number.EPSILON;
+var RefinedParamsSchema = ParamsSchema.superRefine(
+  (params, ctx) => {
+    const numericFields = [
+      "apy_z_max",
+      "tvl_drawdown_24h_max_pct",
+      "tvl_drawdown_7d_max_pct"
+    ];
+    for (const field of numericFields) {
+      const value = params[field];
+      if (!isAtBasisPointPrecision(value)) {
+        ctx.addIssue({
+          code: z4.ZodIssueCode.custom,
+          path: [field],
+          message: `Sub-basis-point precision is not supported. \`${field}: ${value}\` would silently encode as ${Math.round(value * BASIS_POINTS) / BASIS_POINTS}. Round to 4 decimal places (1bp) before passing.`
+        });
+      }
+    }
+  }
+);
+var POLICY_PARAMS_ABI = [
+  {
+    type: "tuple",
+    components: [
+      { name: "apyZMax", type: "uint256" },
+      { name: "tvlDrawdown24hMaxPct", type: "uint256" },
+      { name: "tvlDrawdown7dMaxPct", type: "uint256" },
+      { name: "riskScoreFloor", type: "uint16" },
+      { name: "denyOnAllocationChange", type: "bool" },
+      { name: "denyOnCriticalFlag", type: "bool" },
+      { name: "denyOnCorrupted", type: "bool" }
+    ]
+  }
+];
+function encodeRiskScore(n) {
+  if (!Number.isInteger(n) || n < 0 || n > 100) {
+    throw new RangeError(
+      `risk_score_floor must be an integer in [0, 100]; received ${n}. The AVS-side floor compares against \`vault.scores.netScore\` which is an integer 0-100.`
+    );
+  }
+  return n;
+}
+function encodeParams(params) {
+  return encodeAbiParameters(POLICY_PARAMS_ABI, [
+    {
+      apyZMax: toBp(params.apy_z_max),
+      tvlDrawdown24hMaxPct: toBp(params.tvl_drawdown_24h_max_pct),
+      tvlDrawdown7dMaxPct: toBp(params.tvl_drawdown_7d_max_pct),
+      riskScoreFloor: encodeRiskScore(params.risk_score_floor),
+      denyOnAllocationChange: params.deny_on_allocation_change,
+      denyOnCriticalFlag: params.deny_on_critical_flag,
+      denyOnCorrupted: params.deny_on_corrupted
+    }
+  ]);
+}
+function decodeParams(encoded) {
+  const [decoded] = decodeAbiParameters(POLICY_PARAMS_ABI, encoded);
+  return ParamsSchema.parse({
+    apy_z_max: fromBp(decoded.apyZMax),
+    tvl_drawdown_24h_max_pct: fromBp(decoded.tvlDrawdown24hMaxPct),
+    tvl_drawdown_7d_max_pct: fromBp(decoded.tvlDrawdown7dMaxPct),
+    risk_score_floor: decoded.riskScoreFloor,
+    deny_on_allocation_change: decoded.denyOnAllocationChange,
+    deny_on_critical_flag: decoded.denyOnCriticalFlag,
+    deny_on_corrupted: decoded.denyOnCorrupted
+  });
+}
+var vaultsfyi = {
+  id: `${PACK_NAME}/risk-envelope/v1`,
+  paramsSchema: RefinedParamsSchema,
+  wasmArgsSchema: WasmArgsSchema,
+  secretsSchema: SecretsSchema,
+  encodeParams,
+  decodeParams,
+  prepareQuery,
+  deployments,
+  metadata: {
+    name: PACK_NAME,
+    version: PACK_VERSION,
+    description: PACK_DESCRIPTION,
+    author: PACK_AUTHOR || void 0,
+    link: PACK_LINK || void 0
+  }
+};
+export {
+  PACK_AUTHOR,
+  PACK_DESCRIPTION,
+  PACK_LINK,
+  PACK_NAME,
+  PACK_VERSION,
+  ParamsSchema,
+  RefinedParamsSchema,
+  SecretsSchema,
+  WasmArgsSchema,
+  deployments,
+  vaultsfyi
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/deployments.ts","../src/metadata.ts","../src/pack.ts","../src/params.ts","../src/prepare-query.ts","../src/secrets.ts","../src/wasm-args.ts"],"sourcesContent":["// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nimport type { ChainId, Deployment } from \"@newton-xyz/policy-pack-shared\";\n\nexport const deployments = {\n\t\"11155111\": {\n\t\tpolicy: \"0x14685C1769Eb6f449FeC42A48d086746F470CE4a\",\n\t\tpolicyData: \"0x5F8B0FC2c22c039f97D2c806B48307B9A9C288C8\",\n\t\twasmCid: \"bafybeig6oielnnf4zorcmqkets6v26ov7t2o6ikipx6vupuzsjrxvbpkpe\",\n\t\tpolicyCodeHash: \"0x09be97b5636da7b6e231914f47e2bfbc32fddfd3647e771d7624cea8fa2bdc54\",\n\t\tdeployedAt: \"2026-06-09\",\n\t\tnotes: \"host-secrets fix; current\",\n\t},\n} as const satisfies Readonly<Partial<Record<ChainId, Deployment>>>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\nexport const PACK_NAME = \"vaultsfyi\" as const;\nexport const PACK_VERSION = \"0.0.1\" as const;\nexport const PACK_DESCRIPTION =\n\t\"Gates vault deposits based on real-time risk signals: APY anomalies, TVL drawdowns, risk score floors, and allocation changes\" as const;\nexport const PACK_LINK = \"https://vaults.fyi\" as const;\nexport const PACK_AUTHOR = \"\" as const;\n","// Hand-written canonical export — survives `pnpm gen:bindings` regen.\n// The generated `index.ts` re-exports `pack.ts` when present.\nimport type { PolicyPack } from \"@newton-xyz/policy-pack-shared\";\nimport { decodeAbiParameters, encodeAbiParameters, type Hex } from \"viem\";\nimport { z } from \"zod\";\nimport { deployments } from \"./deployments\";\nimport { PACK_AUTHOR, PACK_DESCRIPTION, PACK_LINK, PACK_NAME, PACK_VERSION } from \"./metadata\";\nimport { type Params, ParamsSchema } from \"./params\";\nimport { prepareQuery } from \"./prepare-query\";\nimport { type Secrets, SecretsSchema } from \"./secrets\";\nimport { type WasmArgs, WasmArgsSchema } from \"./wasm-args\";\n\n/**\n * The fractional thresholds (`apy_z_max`, `tvl_drawdown_*_max_pct`) are stored\n * in basis points so the on-chain bytes carry only `uint256`. `apy_z_max: 1.5`\n * becomes `15000` (1.5e4 bp); `tvl_drawdown_24h_max_pct: 0.05` becomes `500`.\n * `risk_score_floor` is *not* basis-point-encoded — it's a 0-100 integer scale\n * that matches the AVS-side `vault.scores.netScore` field directly, so it\n * round-trips through `uint16` as-is.\n */\nconst BASIS_POINTS = 10_000;\n\nfunction toBp(n: number): bigint {\n\treturn BigInt(Math.round(n * BASIS_POINTS));\n}\n\nfunction fromBp(n: bigint): number {\n\treturn Number(n) / BASIS_POINTS;\n}\n\n/**\n * Refined params schema with sub-basis-point precision rejection on every\n * fractional threshold so a curator typing `tvl_drawdown_24h_max_pct: 0.00005`\n * can't silently encode as `0n` and disable the cap. The generated\n * `ParamsSchema` from `./params` is the canonical zod derived from\n * `params_schema.json`; this version sits on top of it for stricter SDK-side\n * input validation. `risk_score_floor` is excluded — it's an integer 0-100\n * scale, not a basis-point fraction. Exported with a distinct name to avoid\n * clashing with the generated star re-export in `index.ts`.\n */\nconst isAtBasisPointPrecision = (n: number) =>\n\tMath.abs(n * BASIS_POINTS - Math.round(n * BASIS_POINTS)) < Number.EPSILON;\n\nexport const RefinedParamsSchema = (ParamsSchema as unknown as z.ZodType<Params>).superRefine(\n\t(params, ctx) => {\n\t\tconst numericFields: ReadonlyArray<keyof Params> = [\n\t\t\t\"apy_z_max\",\n\t\t\t\"tvl_drawdown_24h_max_pct\",\n\t\t\t\"tvl_drawdown_7d_max_pct\",\n\t\t];\n\t\tfor (const field of numericFields) {\n\t\t\tconst value = params[field] as number;\n\t\t\tif (!isAtBasisPointPrecision(value)) {\n\t\t\t\tctx.addIssue({\n\t\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\t\tpath: [field],\n\t\t\t\t\tmessage: `Sub-basis-point precision is not supported. \\`${field}: ${value}\\` would silently encode as ${\n\t\t\t\t\t\tMath.round(value * BASIS_POINTS) / BASIS_POINTS\n\t\t\t\t\t}. Round to 4 decimal places (1bp) before passing.`,\n\t\t\t\t});\n\t\t\t}\n\t\t}\n\t},\n);\n\n/**\n * On-chain layout of `policyParams` for the vaults.fyi risk-envelope policy.\n *\n * This is the ABI tuple that round-trips through `NewtonPolicyData.policyParams`.\n * Keys are sorted to match `ParamsSchema`'s key order so generated zod and\n * encoded bytes stay in sync. If the schema adds a field, add it here in the\n * same position and bump the policy contract.\n */\nconst POLICY_PARAMS_ABI = [\n\t{\n\t\ttype: \"tuple\",\n\t\tcomponents: [\n\t\t\t{ name: \"apyZMax\", type: \"uint256\" },\n\t\t\t{ name: \"tvlDrawdown24hMaxPct\", type: \"uint256\" },\n\t\t\t{ name: \"tvlDrawdown7dMaxPct\", type: \"uint256\" },\n\t\t\t{ name: \"riskScoreFloor\", type: \"uint16\" },\n\t\t\t{ name: \"denyOnAllocationChange\", type: \"bool\" },\n\t\t\t{ name: \"denyOnCriticalFlag\", type: \"bool\" },\n\t\t\t{ name: \"denyOnCorrupted\", type: \"bool\" },\n\t\t],\n\t},\n] as const;\n\nfunction encodeRiskScore(n: number): number {\n\tif (!Number.isInteger(n) || n < 0 || n > 100) {\n\t\tthrow new RangeError(\n\t\t\t`risk_score_floor must be an integer in [0, 100]; received ${n}. The AVS-side floor compares against \\`vault.scores.netScore\\` which is an integer 0-100.`,\n\t\t);\n\t}\n\treturn n;\n}\n\nfunction encodeParams(params: Params): Hex {\n\treturn encodeAbiParameters(POLICY_PARAMS_ABI, [\n\t\t{\n\t\t\tapyZMax: toBp(params.apy_z_max),\n\t\t\ttvlDrawdown24hMaxPct: toBp(params.tvl_drawdown_24h_max_pct),\n\t\t\ttvlDrawdown7dMaxPct: toBp(params.tvl_drawdown_7d_max_pct),\n\t\t\triskScoreFloor: encodeRiskScore(params.risk_score_floor),\n\t\t\tdenyOnAllocationChange: params.deny_on_allocation_change,\n\t\t\tdenyOnCriticalFlag: params.deny_on_critical_flag,\n\t\t\tdenyOnCorrupted: params.deny_on_corrupted,\n\t\t},\n\t]);\n}\n\nfunction decodeParams(encoded: Hex): Params {\n\tconst [decoded] = decodeAbiParameters(POLICY_PARAMS_ABI, encoded);\n\treturn ParamsSchema.parse({\n\t\tapy_z_max: fromBp(decoded.apyZMax),\n\t\ttvl_drawdown_24h_max_pct: fromBp(decoded.tvlDrawdown24hMaxPct),\n\t\ttvl_drawdown_7d_max_pct: fromBp(decoded.tvlDrawdown7dMaxPct),\n\t\trisk_score_floor: decoded.riskScoreFloor,\n\t\tdeny_on_allocation_change: decoded.denyOnAllocationChange,\n\t\tdeny_on_critical_flag: decoded.denyOnCriticalFlag,\n\t\tdeny_on_corrupted: decoded.denyOnCorrupted,\n\t});\n}\n\n/**\n * The vaults.fyi risk-envelope `PolicyPack`.\n *\n * Pass to `createShield(...)` from `@newton-xyz/newton-shield-sdk`:\n *\n * ```ts\n * import { vaultsfyi } from \"@newton-xyz/policy-pack-vaultsfyi\";\n *\n * const shield = await createShield({\n *   walletClient,\n *   vault,\n *   pack: vaultsfyi,\n *   params: {\n *     apy_z_max: 3,\n *     tvl_drawdown_24h_max_pct: 0.05,\n *     tvl_drawdown_7d_max_pct: 0.20,\n *     risk_score_floor: 85, // 0-100 integer; matches AVS `vault.scores.netScore`\n *     deny_on_allocation_change: true,\n *     deny_on_critical_flag: true,\n *     deny_on_corrupted: true,\n *   },\n * });\n * ```\n */\nexport const vaultsfyi: PolicyPack<Params, WasmArgs, Secrets> = {\n\tid: `${PACK_NAME}/risk-envelope/v1`,\n\tparamsSchema: RefinedParamsSchema,\n\twasmArgsSchema: WasmArgsSchema,\n\tsecretsSchema: SecretsSchema,\n\tencodeParams,\n\tdecodeParams,\n\tprepareQuery,\n\tdeployments,\n\tmetadata: {\n\t\tname: PACK_NAME,\n\t\tversion: PACK_VERSION,\n\t\tdescription: PACK_DESCRIPTION,\n\t\tauthor: PACK_AUTHOR || undefined,\n\t\tlink: PACK_LINK || undefined,\n\t},\n};\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: vaultsfyi/params_schema.json\nimport { z } from \"zod\";\n\nexport const ParamsSchema = z\n\t.object({\n\t\tapy_z_max: z\n\t\t\t.number()\n\t\t\t.describe(\n\t\t\t\t\"Max APY z-score (current vs 30d median). Exceeding this indicates an APY anomaly.\",\n\t\t\t),\n\t\ttvl_drawdown_24h_max_pct: z.number().describe(\"Max allowed 24h TVL drawdown percentage\"),\n\t\ttvl_drawdown_7d_max_pct: z.number().describe(\"Max allowed 7d TVL drawdown percentage\"),\n\t\trisk_score_floor: z\n\t\t\t.number()\n\t\t\t.int()\n\t\t\t.gte(0)\n\t\t\t.lte(100)\n\t\t\t.describe(\n\t\t\t\t\"Minimum acceptable risk score (0-100 integer scale; matches the AVS-side `vault.scores.netScore`). Set to 0 to effectively disable the floor.\",\n\t\t\t),\n\t\tdeny_on_allocation_change: z\n\t\t\t.boolean()\n\t\t\t.describe(\n\t\t\t\t\"Whether to deny if vault allocation/strategy metadata has changed since last evaluation\",\n\t\t\t),\n\t\tdeny_on_critical_flag: z\n\t\t\t.boolean()\n\t\t\t.describe(\"Whether to deny if the vault has a flag with severity 'critical' or 'high'\"),\n\t\tdeny_on_corrupted: z\n\t\t\t.boolean()\n\t\t\t.describe(\"Whether to deny if the vault is reported as corrupted by the data source\"),\n\t})\n\t.describe(\"Risk envelope thresholds for vault deposit gating\");\n\nexport type Params = z.infer<typeof ParamsSchema>;\n","import type { PrepareQueryArgs, PrepareQueryResult } from \"@newton-xyz/policy-pack-shared\";\nimport type { WasmArgs } from \"./wasm-args\";\n\n/**\n * vaults.fyi network slugs. Keyed by viem chain id. The AVS-side `policy.js`\n * fetches `https://api.vaults.fyi/v2/historical/<network>/<vaultAddress>`\n * with this slug, so the SDK has to use the same map.\n */\nconst NETWORK_BY_CHAIN_ID: Readonly<Record<number, string>> = {\n\t1: \"mainnet\",\n\t8453: \"base\",\n\t42161: \"arbitrum\",\n\t10: \"optimism\",\n\t11155111: \"sepolia\",\n\t84532: \"base-sepolia\",\n};\n\nfunction networkForChain(chainId: number): string {\n\tconst name = NETWORK_BY_CHAIN_ID[chainId];\n\tif (!name) {\n\t\tthrow new Error(\n\t\t\t`policy-pack-vaultsfyi: chain id ${chainId} is not in the vaults.fyi network map. Add it to NETWORK_BY_CHAIN_ID before using this pack on this chain.`,\n\t\t);\n\t}\n\treturn name;\n}\n\n/**\n * Build the WASM args the vaults.fyi policy expects.\n *\n * The AVS-side `policy.js` computes the canonical allocation hash itself\n * (FNV-1a over `JSON.stringify({ protocol?.name, tags, fees, childrenVaults })`\n * fetched from the vaults.fyi API). The SDK has nothing to add — the AVS is\n * the source of truth for both the data and the hash. The SDK's only job is\n * to thread the *previous* hash through so the AVS can compare:\n *\n *   - First call: pass `previousAllocationHash: undefined` (defaults to\n *     `null` in wasmArgs). The AVS-side `allocation_changed_since_last`\n *     branch returns `false`, so `deny_on_allocation_change` doesn't fire\n *     on a clean first observation.\n *   - Subsequent calls: pass the hash the AVS returned on the prior call\n *     (typically read from `policyData` storage or a curator-side cache).\n *     The AVS compares against its freshly-computed hash and flips\n *     `allocation_changed_since_last` if they diverge.\n *\n * Earlier revisions of this function read MetaMorpho's `supplyQueue` and\n * computed `keccak256(abi.encode(bytes32[]))` — that hash never matched the\n * AVS's FNV-1a-over-API-metadata, so `deny_on_allocation_change: true` was\n * effectively a coin flip. Removed.\n */\nexport async function prepareQuery(\n\t{ publicClient, vault }: PrepareQueryArgs,\n\toptions: { previousAllocationHash?: string } = {},\n): Promise<PrepareQueryResult<WasmArgs>> {\n\tconst chainId = publicClient.chain?.id;\n\tif (chainId === undefined) {\n\t\tthrow new Error(\n\t\t\t\"policy-pack-vaultsfyi: publicClient.chain is undefined. Pass a chain to viem's createPublicClient.\",\n\t\t);\n\t}\n\n\treturn {\n\t\twasmArgs: {\n\t\t\tnetwork: networkForChain(chainId),\n\t\t\tvaultAddress: vault,\n\t\t\tlastKnownAllocationHash: options.previousAllocationHash ?? null,\n\t\t},\n\t};\n}\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: vaultsfyi/secrets_schema.json\nimport { z } from \"zod\";\n\nexport const SecretsSchema = z.object({ VAULTS_FYI_API_KEY: z.string().min(1) }).strict();\n\nexport type Secrets = z.infer<typeof SecretsSchema>;\n","// AUTO-GENERATED by scripts/generate-bindings.ts — DO NOT EDIT.\n// Source: AVS-side artifacts in this repo (run `pnpm gen:bindings` to regenerate).\n// Source schema: vaultsfyi/wasm_args_schema.json\nimport { z } from \"zod\";\n\nexport const WasmArgsSchema = z\n\t.object({\n\t\tnetwork: z\n\t\t\t.string()\n\t\t\t.describe(\n\t\t\t\t\"Blockchain network name as accepted by the vaults.fyi API (e.g. 'mainnet', 'base', 'arbitrum').\",\n\t\t\t),\n\t\tvaultAddress: z.string().describe(\"Vault contract address (0x-prefixed) to inspect.\"),\n\t\tlastKnownAllocationHash: z\n\t\t\t.union([\n\t\t\t\tz\n\t\t\t\t\t.string()\n\t\t\t\t\t.describe(\n\t\t\t\t\t\t\"Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation.\",\n\t\t\t\t\t),\n\t\t\t\tz\n\t\t\t\t\t.null()\n\t\t\t\t\t.describe(\n\t\t\t\t\t\t\"Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation.\",\n\t\t\t\t\t),\n\t\t\t])\n\t\t\t.describe(\n\t\t\t\t\"Hash of the previously observed allocation. Used to detect changes between evaluations. Null on the first evaluation.\",\n\t\t\t)\n\t\t\t.optional(),\n\t})\n\t.describe(\"Inputs passed to the vaults.fyi allocation-change policy WASM at evaluation time\");\n\nexport type WasmArgs = z.infer<typeof WasmArgsSchema>;\n"],"mappings":";AAIO,IAAM,cAAc;AAAA,EAC1B,YAAY;AAAA,IACX,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,gBAAgB;AAAA,IAChB,YAAY;AAAA,IACZ,OAAO;AAAA,EACR;AACD;;;ACXO,IAAM,YAAY;AAClB,IAAM,eAAe;AACrB,IAAM,mBACZ;AACM,IAAM,YAAY;AAClB,IAAM,cAAc;;;ACJ3B,SAAS,qBAAqB,2BAAqC;AACnE,SAAS,KAAAA,UAAS;;;ACDlB,SAAS,SAAS;AAEX,IAAM,eAAe,EAC1B,OAAO;AAAA,EACP,WAAW,EACT,OAAO,EACP;AAAA,IACA;AAAA,EACD;AAAA,EACD,0BAA0B,EAAE,OAAO,EAAE,SAAS,yCAAyC;AAAA,EACvF,yBAAyB,EAAE,OAAO,EAAE,SAAS,wCAAwC;AAAA,EACrF,kBAAkB,EAChB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,EACL,IAAI,GAAG,EACP;AAAA,IACA;AAAA,EACD;AAAA,EACD,2BAA2B,EACzB,QAAQ,EACR;AAAA,IACA;AAAA,EACD;AAAA,EACD,uBAAuB,EACrB,QAAQ,EACR,SAAS,4EAA4E;AAAA,EACvF,mBAAmB,EACjB,QAAQ,EACR,SAAS,0EAA0E;AACtF,CAAC,EACA,SAAS,mDAAmD;;;AC1B9D,IAAM,sBAAwD;AAAA,EAC7D,GAAG;AAAA,EACH,MAAM;AAAA,EACN,OAAO;AAAA,EACP,IAAI;AAAA,EACJ,UAAU;AAAA,EACV,OAAO;AACR;AAEA,SAAS,gBAAgB,SAAyB;AACjD,QAAM,OAAO,oBAAoB,OAAO;AACxC,MAAI,CAAC,MAAM;AACV,UAAM,IAAI;AAAA,MACT,mCAAmC,OAAO;AAAA,IAC3C;AAAA,EACD;AACA,SAAO;AACR;AAyBA,eAAsB,aACrB,EAAE,cAAc,MAAM,GACtB,UAA+C,CAAC,GACR;AACxC,QAAM,UAAU,aAAa,OAAO;AACpC,MAAI,YAAY,QAAW;AAC1B,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AAEA,SAAO;AAAA,IACN,UAAU;AAAA,MACT,SAAS,gBAAgB,OAAO;AAAA,MAChC,cAAc;AAAA,MACd,yBAAyB,QAAQ,0BAA0B;AAAA,IAC5D;AAAA,EACD;AACD;;;ACjEA,SAAS,KAAAC,UAAS;AAEX,IAAM,gBAAgBA,GAAE,OAAO,EAAE,oBAAoBA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC,EAAE,OAAO;;;ACFxF,SAAS,KAAAC,UAAS;AAEX,IAAM,iBAAiBA,GAC5B,OAAO;AAAA,EACP,SAASA,GACP,OAAO,EACP;AAAA,IACA;AAAA,EACD;AAAA,EACD,cAAcA,GAAE,OAAO,EAAE,SAAS,kDAAkD;AAAA,EACpF,yBAAyBA,GACvB,MAAM;AAAA,IACNA,GACE,OAAO,EACP;AAAA,MACA;AAAA,IACD;AAAA,IACDA,GACE,KAAK,EACL;AAAA,MACA;AAAA,IACD;AAAA,EACF,CAAC,EACA;AAAA,IACA;AAAA,EACD,EACC,SAAS;AACZ,CAAC,EACA,SAAS,kFAAkF;;;AJX7F,IAAM,eAAe;AAErB,SAAS,KAAK,GAAmB;AAChC,SAAO,OAAO,KAAK,MAAM,IAAI,YAAY,CAAC;AAC3C;AAEA,SAAS,OAAO,GAAmB;AAClC,SAAO,OAAO,CAAC,IAAI;AACpB;AAYA,IAAM,0BAA0B,CAAC,MAChC,KAAK,IAAI,IAAI,eAAe,KAAK,MAAM,IAAI,YAAY,CAAC,IAAI,OAAO;AAE7D,IAAM,sBAAuB,aAA8C;AAAA,EACjF,CAAC,QAAQ,QAAQ;AAChB,UAAM,gBAA6C;AAAA,MAClD;AAAA,MACA;AAAA,MACA;AAAA,IACD;AACA,eAAW,SAAS,eAAe;AAClC,YAAM,QAAQ,OAAO,KAAK;AAC1B,UAAI,CAAC,wBAAwB,KAAK,GAAG;AACpC,YAAI,SAAS;AAAA,UACZ,MAAMC,GAAE,aAAa;AAAA,UACrB,MAAM,CAAC,KAAK;AAAA,UACZ,SAAS,iDAAiD,KAAK,KAAK,KAAK,+BACxE,KAAK,MAAM,QAAQ,YAAY,IAAI,YACpC;AAAA,QACD,CAAC;AAAA,MACF;AAAA,IACD;AAAA,EACD;AACD;AAUA,IAAM,oBAAoB;AAAA,EACzB;AAAA,IACC,MAAM;AAAA,IACN,YAAY;AAAA,MACX,EAAE,MAAM,WAAW,MAAM,UAAU;AAAA,MACnC,EAAE,MAAM,wBAAwB,MAAM,UAAU;AAAA,MAChD,EAAE,MAAM,uBAAuB,MAAM,UAAU;AAAA,MAC/C,EAAE,MAAM,kBAAkB,MAAM,SAAS;AAAA,MACzC,EAAE,MAAM,0BAA0B,MAAM,OAAO;AAAA,MAC/C,EAAE,MAAM,sBAAsB,MAAM,OAAO;AAAA,MAC3C,EAAE,MAAM,mBAAmB,MAAM,OAAO;AAAA,IACzC;AAAA,EACD;AACD;AAEA,SAAS,gBAAgB,GAAmB;AAC3C,MAAI,CAAC,OAAO,UAAU,CAAC,KAAK,IAAI,KAAK,IAAI,KAAK;AAC7C,UAAM,IAAI;AAAA,MACT,6DAA6D,CAAC;AAAA,IAC/D;AAAA,EACD;AACA,SAAO;AACR;AAEA,SAAS,aAAa,QAAqB;AAC1C,SAAO,oBAAoB,mBAAmB;AAAA,IAC7C;AAAA,MACC,SAAS,KAAK,OAAO,SAAS;AAAA,MAC9B,sBAAsB,KAAK,OAAO,wBAAwB;AAAA,MAC1D,qBAAqB,KAAK,OAAO,uBAAuB;AAAA,MACxD,gBAAgB,gBAAgB,OAAO,gBAAgB;AAAA,MACvD,wBAAwB,OAAO;AAAA,MAC/B,oBAAoB,OAAO;AAAA,MAC3B,iBAAiB,OAAO;AAAA,IACzB;AAAA,EACD,CAAC;AACF;AAEA,SAAS,aAAa,SAAsB;AAC3C,QAAM,CAAC,OAAO,IAAI,oBAAoB,mBAAmB,OAAO;AAChE,SAAO,aAAa,MAAM;AAAA,IACzB,WAAW,OAAO,QAAQ,OAAO;AAAA,IACjC,0BAA0B,OAAO,QAAQ,oBAAoB;AAAA,IAC7D,yBAAyB,OAAO,QAAQ,mBAAmB;AAAA,IAC3D,kBAAkB,QAAQ;AAAA,IAC1B,2BAA2B,QAAQ;AAAA,IACnC,uBAAuB,QAAQ;AAAA,IAC/B,mBAAmB,QAAQ;AAAA,EAC5B,CAAC;AACF;AA0BO,IAAM,YAAmD;AAAA,EAC/D,IAAI,GAAG,SAAS;AAAA,EAChB,cAAc;AAAA,EACd,gBAAgB;AAAA,EAChB,eAAe;AAAA,EACf;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAU;AAAA,IACT,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa;AAAA,IACb,QAAQ,eAAe;AAAA,IACvB,MAAM,aAAa;AAAA,EACpB;AACD;","names":["z","z","z","z"]}

package/package.json

@@ -0,0 +1,61 @@
+{
+  "name": "@newton-xyz/policy-pack-vaultsfyi",
+  "version": "0.2.0",
+  "description": "Typed TypeScript bindings for the Newton vaultsfyi policy pack.",
+  "license": "Apache-2.0",
+  "author": "Newton Protocol <https://x.com/newton_xyz> (https://newton.xyz)",
+  "homepage": "https://github.com/newt-foundation/newton-policy-packs/tree/main/packages/policy-pack-vaultsfyi",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/newt-foundation/newton-policy-packs.git",
+    "directory": "packages/policy-pack-vaultsfyi"
+  },
+  "bugs": {
+    "url": "https://github.com/newt-foundation/newton-policy-packs/issues"
+  },
+  "keywords": [
+    "newton",
+    "newton-protocol",
+    "policy-pack",
+    "shield",
+    "vaultsfyi"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "sideEffects": false,
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "peerDependencies": {
+    "@newton-xyz/policy-pack-shared": "^0.1.0",
+    "viem": "^2.0.0",
+    "zod": "^3.0.0"
+  },
+  "devDependencies": {
+    "tsup": "^8.5.1",
+    "typescript": "^5.5.0",
+    "viem": "^2.0.0",
+    "zod": "^3.23.0",
+    "@newton-xyz/policy-pack-shared": "0.1.0"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "typecheck": "tsc --noEmit",
+    "test": "echo 'no tests yet'"
+  }
+}