@pafi-dev/core 0.7.0 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/dist/abi/index.cjs +1 -0
  2. package/dist/abi/index.cjs.map +1 -1
  3. package/dist/abi/index.js +1 -0
  4. package/dist/auth/index.cjs +5 -2
  5. package/dist/auth/index.cjs.map +1 -1
  6. package/dist/auth/index.d.cts +10 -1
  7. package/dist/auth/index.d.ts +10 -1
  8. package/dist/auth/index.js +4 -1
  9. package/dist/{chunk-RZDG6SRR.cjs → chunk-5254AG3Z.cjs} +36 -5
  10. package/dist/chunk-5254AG3Z.cjs.map +1 -0
  11. package/dist/{chunk-QGXJLLKF.js → chunk-6UX2IFA2.js} +34 -3
  12. package/dist/chunk-6UX2IFA2.js.map +1 -0
  13. package/dist/chunk-DGUM43GV.js +11 -0
  14. package/dist/chunk-DGUM43GV.js.map +1 -0
  15. package/dist/chunk-JEQ2X3Z6.cjs +11 -0
  16. package/dist/chunk-JEQ2X3Z6.cjs.map +1 -0
  17. package/dist/{chunk-3QDZFDEL.cjs → chunk-M5ULOZ3A.cjs} +3 -3
  18. package/dist/chunk-M5ULOZ3A.cjs.map +1 -0
  19. package/dist/{chunk-UOKI5GG6.js → chunk-WJSIB5GF.js} +2 -2
  20. package/dist/chunk-WJSIB5GF.js.map +1 -0
  21. package/dist/contract/index.cjs +1 -0
  22. package/dist/contract/index.cjs.map +1 -1
  23. package/dist/contract/index.d.cts +1 -1
  24. package/dist/contract/index.d.ts +1 -1
  25. package/dist/contract/index.js +1 -0
  26. package/dist/eip712/index.cjs +3 -2
  27. package/dist/eip712/index.cjs.map +1 -1
  28. package/dist/eip712/index.d.cts +10 -5
  29. package/dist/eip712/index.d.ts +10 -5
  30. package/dist/eip712/index.js +2 -1
  31. package/dist/index.cjs +112 -37
  32. package/dist/index.cjs.map +1 -1
  33. package/dist/index.d.cts +126 -19
  34. package/dist/index.d.ts +126 -19
  35. package/dist/index.js +93 -18
  36. package/dist/index.js.map +1 -1
  37. package/dist/{types-JyuXUM8C.d.cts → types-BAkmxgVo.d.cts} +10 -0
  38. package/dist/{types-JyuXUM8C.d.ts → types-BAkmxgVo.d.ts} +10 -0
  39. package/package.json +1 -1
  40. package/dist/chunk-3QDZFDEL.cjs.map +0 -1
  41. package/dist/chunk-QGXJLLKF.js.map +0 -1
  42. package/dist/chunk-RZDG6SRR.cjs.map +0 -1
  43. package/dist/chunk-UOKI5GG6.js.map +0 -1
package/dist/index.d.cts CHANGED
@@ -1,11 +1,11 @@
1
1
  import { Address, Hex, TypedDataDomain, PublicClient, HttpTransport, WalletClient } from 'viem';
2
- import { P as PoolKey, C as ChainConfig, a as PafiSDKConfig, b as PointTokenDomainConfig, M as MintRequest, R as ReceiverConsent, E as EIP712Signature, S as SignatureVerification } from './types-JyuXUM8C.cjs';
3
- export { B as BestQuote, c as BurnRequest, I as Issuer, d as PathKey, Q as QuoteResult } from './types-JyuXUM8C.cjs';
2
+ import { P as PoolKey, C as ChainConfig, a as PafiSDKConfig, b as PointTokenDomainConfig, M as MintRequest, R as ReceiverConsent, E as EIP712Signature, S as SignatureVerification } from './types-BAkmxgVo.cjs';
3
+ export { B as BestQuote, c as BurnRequest, I as Issuer, d as PathKey, Q as QuoteResult } from './types-BAkmxgVo.cjs';
4
4
  export { pointTokenAbi as POINT_TOKEN_V2_ABI, erc20Abi, issuerRegistryAbi, mintingOracleAbi, permit2Abi, pointTokenAbi, pointTokenFactoryAbi, universalRouterAbi, v4QuoterAbi } from './abi/index.cjs';
5
5
  export { buildBurnRequestTypedData, buildDomain, buildMintRequestTypedData, buildReceiverConsentTypedData, signBurnRequest, signMintRequest, signReceiverConsent, verifyBurnRequest, verifyMintRequest, verifyReceiverConsent } from './eip712/index.cjs';
6
6
  export { getBurnRequestNonce, getIssuer, getMintRequestNonce, getPointTokenBalance, getPointTokenIssuer, getPointTokenIssuerAddress, getReceiverConsentNonce, getTokenName, isActiveIssuer, isMinter, issuerRegistryGetIssuerFlatAbi, verifyMintCap } from './contract/index.cjs';
7
7
  import { LoginMessageParams } from './auth/index.cjs';
8
- export { BuildSponsorAuthParams, BuiltSponsorAuth, SPONSOR_AUTH_DOMAIN_NAME, SPONSOR_AUTH_TYPES, SponsorAuthPayload, SponsorAuthVerifyResult, VerifyLoginResult, buildAndSignSponsorAuth, buildSponsorAuthDomain, buildSponsorAuthTypedData, computeCallDataHash, createLoginMessage, parseLoginMessage, signSponsorAuth, verifyLoginMessage, verifySponsorAuth } from './auth/index.cjs';
8
+ export { BuildSponsorAuthParams, BuiltSponsorAuth, SPONSOR_AUTH_DOMAIN_NAME, SPONSOR_AUTH_TYPES, SponsorAuthPayload, SponsorAuthVerifyResult, VerifyLoginResult, buildAndSignSponsorAuth, buildSponsorAuthDomain, buildSponsorAuthTypedData, computeCallDataHash, createLoginMessage, generateSponsorAuthNonce, parseLoginMessage, signSponsorAuth, verifyLoginMessage, verifySponsorAuth } from './auth/index.cjs';
9
9
 
10
10
  declare const mintRequestTypes: {
11
11
  readonly MintRequest: readonly [{
@@ -82,6 +82,36 @@ declare const ENTRY_POINT_V08: Address;
82
82
  /** Permit2 — Uniswap's universal approval contract, same address on all EVM chains. */
83
83
  declare const PERMIT2_ADDRESS: Address;
84
84
 
85
+ /**
86
+ * v0.7.1 — unified error base for the entire SDK (core + issuer +
87
+ * trading). Subclasses declare `code` (machine-readable) and
88
+ * `httpStatus` (recommended HTTP status for issuer's controller).
89
+ *
90
+ * Issuer's `createSdkErrorMapper` routes any `PafiSdkError` instance
91
+ * through framework-specific exception factories; non-PafiSdkError
92
+ * still becomes 500.
93
+ *
94
+ * See SDK_CORE_TRADING_AUDIT.md H3.
95
+ */
96
+ type SdkErrorHttpStatus = "not_found" | "forbidden" | "unprocessable" | "service_unavailable";
97
+ declare abstract class PafiSdkError extends Error {
98
+ abstract readonly code: string;
99
+ /**
100
+ * `true` when the FE should consider a retry safe — typically because
101
+ * the failure is transient.
102
+ */
103
+ readonly safeToRetry: boolean;
104
+ readonly details?: unknown;
105
+ abstract readonly httpStatus: SdkErrorHttpStatus;
106
+ constructor(message: string);
107
+ }
108
+ /**
109
+ * @deprecated v0.7.1 — use `PafiSdkError` (capital S, lowercase dk).
110
+ * The two classes existed in parallel ("PafiSDKError" in core,
111
+ * "PafiSdkError" in issuer) due to historical drift; consolidating
112
+ * here. Kept as alias for back-compat through v0.7.x; will be removed
113
+ * in v0.8. See SDK_CORE_TRADING_AUDIT.md H3.
114
+ */
85
115
  declare class PafiSDKError extends Error {
86
116
  constructor(message: string);
87
117
  }
@@ -100,6 +130,41 @@ declare class ApiError extends PafiSDKError {
100
130
  status?: number | undefined;
101
131
  constructor(message: string, status?: number | undefined);
102
132
  }
133
+ /**
134
+ * Thrown by `quoteOperatorFee*` when an upstream price source
135
+ * (Chainlink ETH/USD, PAFI subgraph) is unavailable or stale and the
136
+ * caller did not opt in to the hardcoded fallback prices.
137
+ *
138
+ * v0.7.1 — previously `quoteOperatorFeePt` silently fell back to
139
+ * ETH=$3000 / PT=$0.10 with `console.warn`. Now opt-in via
140
+ * `allowStaleFallback: true`. See SDK_CORE_TRADING_AUDIT.md C2.
141
+ *
142
+ * Extends the unified `PafiSdkError` so issuer's `createSdkErrorMapper`
143
+ * routes it to 503 instead of leaking as a 500.
144
+ */
145
+ declare class OracleStaleError extends PafiSdkError {
146
+ readonly httpStatus: "service_unavailable";
147
+ readonly code: "ORACLE_STALE";
148
+ readonly source: "chainlink" | "subgraph";
149
+ readonly reason: string;
150
+ constructor(source: "chainlink" | "subgraph", reason: string);
151
+ }
152
+ /**
153
+ * Generic 4xx-class validation failure for input checks at any SDK
154
+ * boundary (core helpers, trading handlers, etc.). Issuer's
155
+ * `createSdkErrorMapper` routes to 422.
156
+ *
157
+ * Uses an instance `details` field so subclasses can override the
158
+ * declaration; matches the issuer-side shape that pre-existed here.
159
+ *
160
+ * v0.7.4 — added per SDK_CORE_TRADING_AUDIT.md H2/H13.
161
+ */
162
+ declare class ValidationError extends PafiSdkError {
163
+ readonly httpStatus: "unprocessable";
164
+ readonly code: string;
165
+ readonly details?: Record<string, unknown>;
166
+ constructor(code: string, message: string, details?: Record<string, unknown>);
167
+ }
103
168
 
104
169
  /**
105
170
  * Orderly Network Vault — entrypoint for **perp deposit** flow on
@@ -859,16 +924,15 @@ interface PaymasterConfig {
859
924
  type SponsorshipScenario = "mint" | "burn" | "swap" | "perp-deposit";
860
925
 
861
926
  /**
927
+ * @deprecated v0.7.1 — see file comment.
928
+ *
862
929
  * Set the application-wide paymaster config. Safe to call multiple
863
930
  * times (later calls override earlier). Throws if required fields
864
931
  * are missing.
865
932
  */
866
933
  declare function setPaymasterConfig(config: PaymasterConfig): void;
867
934
  /**
868
- * Get the current paymaster config. Throws if `setPaymasterConfig()`
869
- * has not been called yet — this surfaces boot-order bugs early
870
- * instead of failing with "paymaster.feeRecipient is undefined" at
871
- * the point of use.
935
+ * @deprecated v0.7.1 see file comment.
872
936
  */
873
937
  declare function getPaymasterConfig(): PaymasterConfig;
874
938
  /** Test helper — clear the singleton. */
@@ -1169,13 +1233,18 @@ interface SmartAccountSender {
1169
1233
  * Returns true when `err` originates from the **paymaster layer** rather
1170
1234
  * than the contract or bundler layer. Covers:
1171
1235
  *
1172
- * - ERC-4337 AA3x validation errors (AA31–AA34)
1173
- * - Pimlico sponsorship rejections (`pm_*` methods, "sponsorship" messages)
1174
- * - PAFI proxy HTTP errors (401, 403, 429, 503)
1236
+ * - ERC-4337 AA3x validation errors (AA31–AA34, word-boundary match)
1237
+ * - Pimlico sponsorship rejections (`pm_*` methods, "sponsorship" / "paymaster")
1238
+ * - PAFI proxy HTTP errors checked via typed `status` / `statusCode`
1239
+ * field when present, NOT substring match
1175
1240
  * - Generic "rate limit" / "unauthorized" strings
1176
1241
  *
1177
1242
  * Use this to decide whether retrying without a paymaster makes sense.
1178
1243
  * Contract reverts (AA23, AA24, AA25) and bundler errors are NOT matched.
1244
+ *
1245
+ * v0.7.1 — replaced naive substring matching that false-positived on
1246
+ * arbitrary text containing "503"/"403"/"429" (e.g. address/transit ID).
1247
+ * See SDK_CORE_TRADING_AUDIT.md C3.
1179
1248
  */
1180
1249
  declare function isPaymasterError(err: unknown): boolean;
1181
1250
  interface SendWithPaymasterFallbackParams {
@@ -1228,15 +1297,35 @@ interface SendWithPaymasterFallbackParams {
1228
1297
  */
1229
1298
  declare function sendWithPaymasterFallback(params: SendWithPaymasterFallbackParams): Promise<Hex>;
1230
1299
 
1300
+ /**
1301
+ * Per-scenario gas budgets (callGasLimit + verificationGas + preVerify)
1302
+ * used by `quoteOperatorFee*`. Defaults are calibrated against the
1303
+ * actual UserOps the issuer + trading SDKs build:
1304
+ *
1305
+ * mint — `RelayService.prepareMint` callGasLimit 300k → 500k margin
1306
+ * burn — `RelayService.prepareBurn` 300k → 500k margin
1307
+ * swap — `buildSwapUserOp` callGasLimit 700k (UR.execute heavy)
1308
+ * perp-deposit — `buildPerpDepositViaRelay` 800k (LayerZero msg)
1309
+ * delegate — minimal no-op self-call, 200k margin
1310
+ *
1311
+ * Pass an explicit `gasUnits` to override. v0.7.4 — added per
1312
+ * SDK_CORE_TRADING_AUDIT.md H12.
1313
+ */
1314
+ type FeeScenario = "mint" | "burn" | "swap" | "perp-deposit" | "delegate";
1231
1315
  interface QuoteOperatorFeePtConfig {
1232
1316
  provider: PublicClient;
1233
1317
  chainId: number;
1234
1318
  pointTokenAddress: Address;
1235
1319
  /**
1236
- * ERC-4337 gas units the UserOp will consume on chain. Default
1237
- * 500_000n covers the common scenarios (mint, swap, perp deposit
1238
- * via Relay) with margin. Pass a tighter number when you have a
1239
- * Pimlico estimate to feed in.
1320
+ * Scenario tag picks default `gasUnits` from `SCENARIO_GAS_UNITS`.
1321
+ * Ignored when `gasUnits` is explicit. Default `"mint"` for back-
1322
+ * compat (matches the legacy 500_000 constant).
1323
+ */
1324
+ scenario?: FeeScenario;
1325
+ /**
1326
+ * ERC-4337 gas units the UserOp will consume on chain. Defaults to
1327
+ * `SCENARIO_GAS_UNITS[scenario]`, falling back to 500_000n. Pass a
1328
+ * tighter number when you have a Pimlico estimate to feed in.
1240
1329
  */
1241
1330
  gasUnits?: bigint;
1242
1331
  /**
@@ -1251,9 +1340,20 @@ interface QuoteOperatorFeePtConfig {
1251
1340
  subgraphUrl?: string;
1252
1341
  /** USDT token decimals. Default 6 (USDC/USDT on Base/Ethereum). */
1253
1342
  usdtDecimals?: number;
1254
- /** Fallback ETH price (USD) when Chainlink is unreachable. Default 3000. */
1343
+ /**
1344
+ * Opt-in fallback prices used when Chainlink / subgraph is
1345
+ * unavailable. Default `false` — throw `OracleStaleError`. Set
1346
+ * `true` AND configure `fallbackEthPriceUsd` / `fallbackPtPriceUsdt`
1347
+ * to absorb oracle outages instead of surfacing them.
1348
+ *
1349
+ * v0.7.1 — previously fallback was always-on with hardcoded
1350
+ * defaults (ETH=$3000, PT=$0.10), causing under-priced fees during
1351
+ * incidents. See SDK_CORE_TRADING_AUDIT.md C2.
1352
+ */
1353
+ allowStaleFallback?: boolean;
1354
+ /** Fallback ETH price (USD) when Chainlink is unreachable. Only used when `allowStaleFallback: true`. Default 3000. */
1255
1355
  fallbackEthPriceUsd?: number;
1256
- /** Fallback PT price (USDT per 1 PT) when subgraph is unreachable. Default 0.1. */
1356
+ /** Fallback PT price (USDT per 1 PT) when subgraph is unreachable. Only used when `allowStaleFallback: true`. Default 0.1. */
1257
1357
  fallbackPtPriceUsdt?: number;
1258
1358
  fetchImpl?: typeof fetch;
1259
1359
  }
@@ -1266,10 +1366,17 @@ interface QuoteOperatorFeePtConfig {
1266
1366
  interface QuoteOperatorFeeUsdtConfig {
1267
1367
  provider: PublicClient;
1268
1368
  chainId: number;
1369
+ /** See `QuoteOperatorFeePtConfig.scenario`. v0.7.4. */
1370
+ scenario?: FeeScenario;
1269
1371
  gasUnits?: bigint;
1270
1372
  premiumBps?: number;
1271
1373
  chainlinkFeedAddress?: Address;
1272
1374
  usdtDecimals?: number;
1375
+ /**
1376
+ * Opt-in fallback price when Chainlink is unavailable. Default
1377
+ * `false` — throw `OracleStaleError`. v0.7.1 — see C2.
1378
+ */
1379
+ allowStaleFallback?: boolean;
1273
1380
  fallbackEthPriceUsd?: number;
1274
1381
  }
1275
1382
  /**
@@ -1649,7 +1756,7 @@ declare class PafiSDK {
1649
1756
  buildMintRequestTypedData(message: MintRequest): Promise<{
1650
1757
  domain: {
1651
1758
  name: string;
1652
- version: "1";
1759
+ version: string;
1653
1760
  chainId: number;
1654
1761
  verifyingContract: `0x${string}`;
1655
1762
  };
@@ -1674,7 +1781,7 @@ declare class PafiSDK {
1674
1781
  buildReceiverConsentTypedData(message: ReceiverConsent): Promise<{
1675
1782
  domain: {
1676
1783
  name: string;
1677
- version: "1";
1784
+ version: string;
1678
1785
  chainId: number;
1679
1786
  verifyingContract: `0x${string}`;
1680
1787
  };
@@ -1713,4 +1820,4 @@ declare class PafiSDK {
1713
1820
  signLoginMessage(message: string): Promise<Hex>;
1714
1821
  }
1715
1822
 
1716
- export { ApiError, BATCH_EXECUTOR_7702_IMPL, BATCH_EXECUTOR_ABI, BATCH_EXECUTOR_ADDRESS_BASE_MAINNET, BATCH_EXECUTOR_ADDRESS_BASE_SEPOLIA, BROKER_HASHES, type BuildDelegationUserOpParams, type BuildPartialUserOpParams, type BuildPerpDepositViaRelayParams, type BuildPerpDepositWithGasDeductionParams, COMMON_POOLS, COMMON_TOKENS, CONTRACT_ADDRESSES, ChainConfig, type CheckEthAndBranchParams, ConfigurationError, type ContractAddresses, DUMMY_SIGNATURE_V07, type DelegateImpl, EIP712Signature, ENTRY_POINT_V07, ENTRY_POINT_V08, type Eip7702AuthorizationJsonRpc, LoginMessageParams, MintRequest, type ModalOpenOptions, ORDERLY_RELAY_ABI, ORDERLY_VAULT_ABI, ORDERLY_VAULT_ADDRESSES, ORDERLY_VAULT_BASE_MAINNET, type Operation, type OrderlyRelayDepositRequest, PAFI_SUBGRAPH_URL, PERMIT2_ADDRESS, POINT_TOKEN_FACTORY_ADDRESSES, POINT_TOKEN_IMPL_ADDRESSES, POINT_TOKEN_POOLS, type PackedUserOperationMessage, type PafiProxyTransportParams, PafiSDK, PafiSDKConfig, PafiSDKError, type PafiWebModalAdapter, type PafiWebModalHandle, type PartialUserOperation, type PaymasterConfig, type PaymasterFields, PointTokenDomainConfig, PoolKey, type QuoteOperatorFeePtConfig, type QuoteOperatorFeeUsdtConfig, ReceiverConsent, SIMPLE_7702_IMPL_BASE_MAINNET, SUPPORTED_CHAINS, type SendWithPaymasterFallbackParams, type SignatureStruct, SignatureVerification, SigningError, SimulationError, type SmartAccountSender, type SponsorshipScenario, type SubmissionPath, TOKEN_HASHES, UNIVERSAL_ROUTER_ADDRESSES, type UserOpReceipt, type UserOpTypedData, type UserOperation, V4_QUOTER_ADDRESSES, type VaultDepositFE, ZERO_VALUE, _resetPaymasterConfigForTests, assembleUserOperation, buildDelegationUserOp, buildEip7702Authorization, buildPartialUserOperation, buildPerpDepositViaRelay, buildPerpDepositWithGasDeduction, buildUserOpTypedData, burnRequestTypes, checkDelegation, checkEthAndBranch, computeAccountId, computeAuthorizationHash, computeUserOpHash, createPafiProxyTransport, decodeBatchExecuteCalls, detectDelegateImpl, encodeBatchExecute, erc20ApproveOp, erc20BurnOp, erc20TransferOp, fetchPafiPools, getAaNonce, getContractAddresses, getDummySignatureFor7702, getPafiWebModalAdapter, getPaymasterConfig, isDelegatedTo, isDelegatedToTarget, isPaymasterConfigured, isPaymasterError, mintRequestTypes, openPafiWebModal, openWebPopup, parseEip7702DelegatedAddress, quoteOperatorFeePt, quoteOperatorFeeUsdt, rawCallOp, receiverConsentTypes, sendWithPaymasterFallback, serializeUserOpToJsonRpc, setPafiWebModalAdapter, setPaymasterConfig, splitAuthorizationSig, webPopupAdapter };
1823
+ export { ApiError, BATCH_EXECUTOR_7702_IMPL, BATCH_EXECUTOR_ABI, BATCH_EXECUTOR_ADDRESS_BASE_MAINNET, BATCH_EXECUTOR_ADDRESS_BASE_SEPOLIA, BROKER_HASHES, type BuildDelegationUserOpParams, type BuildPartialUserOpParams, type BuildPerpDepositViaRelayParams, type BuildPerpDepositWithGasDeductionParams, COMMON_POOLS, COMMON_TOKENS, CONTRACT_ADDRESSES, ChainConfig, type CheckEthAndBranchParams, ConfigurationError, type ContractAddresses, DUMMY_SIGNATURE_V07, type DelegateImpl, EIP712Signature, ENTRY_POINT_V07, ENTRY_POINT_V08, type Eip7702AuthorizationJsonRpc, LoginMessageParams, MintRequest, type ModalOpenOptions, ORDERLY_RELAY_ABI, ORDERLY_VAULT_ABI, ORDERLY_VAULT_ADDRESSES, ORDERLY_VAULT_BASE_MAINNET, type Operation, OracleStaleError, type OrderlyRelayDepositRequest, PAFI_SUBGRAPH_URL, PERMIT2_ADDRESS, POINT_TOKEN_FACTORY_ADDRESSES, POINT_TOKEN_IMPL_ADDRESSES, POINT_TOKEN_POOLS, type PackedUserOperationMessage, type PafiProxyTransportParams, PafiSDK, PafiSDKConfig, PafiSDKError, PafiSdkError, type PafiWebModalAdapter, type PafiWebModalHandle, type PartialUserOperation, type PaymasterConfig, type PaymasterFields, PointTokenDomainConfig, PoolKey, type QuoteOperatorFeePtConfig, type QuoteOperatorFeeUsdtConfig, ReceiverConsent, SIMPLE_7702_IMPL_BASE_MAINNET, SUPPORTED_CHAINS, type SdkErrorHttpStatus, type SendWithPaymasterFallbackParams, type SignatureStruct, SignatureVerification, SigningError, SimulationError, type SmartAccountSender, type SponsorshipScenario, type SubmissionPath, TOKEN_HASHES, UNIVERSAL_ROUTER_ADDRESSES, type UserOpReceipt, type UserOpTypedData, type UserOperation, V4_QUOTER_ADDRESSES, ValidationError, type VaultDepositFE, ZERO_VALUE, _resetPaymasterConfigForTests, assembleUserOperation, buildDelegationUserOp, buildEip7702Authorization, buildPartialUserOperation, buildPerpDepositViaRelay, buildPerpDepositWithGasDeduction, buildUserOpTypedData, burnRequestTypes, checkDelegation, checkEthAndBranch, computeAccountId, computeAuthorizationHash, computeUserOpHash, createPafiProxyTransport, decodeBatchExecuteCalls, detectDelegateImpl, encodeBatchExecute, erc20ApproveOp, erc20BurnOp, erc20TransferOp, fetchPafiPools, getAaNonce, getContractAddresses, getDummySignatureFor7702, getPafiWebModalAdapter, getPaymasterConfig, isDelegatedTo, isDelegatedToTarget, isPaymasterConfigured, isPaymasterError, mintRequestTypes, openPafiWebModal, openWebPopup, parseEip7702DelegatedAddress, quoteOperatorFeePt, quoteOperatorFeeUsdt, rawCallOp, receiverConsentTypes, sendWithPaymasterFallback, serializeUserOpToJsonRpc, setPafiWebModalAdapter, setPaymasterConfig, splitAuthorizationSig, webPopupAdapter };
package/dist/index.d.ts CHANGED
@@ -1,11 +1,11 @@
1
1
  import { Address, Hex, TypedDataDomain, PublicClient, HttpTransport, WalletClient } from 'viem';
2
- import { P as PoolKey, C as ChainConfig, a as PafiSDKConfig, b as PointTokenDomainConfig, M as MintRequest, R as ReceiverConsent, E as EIP712Signature, S as SignatureVerification } from './types-JyuXUM8C.js';
3
- export { B as BestQuote, c as BurnRequest, I as Issuer, d as PathKey, Q as QuoteResult } from './types-JyuXUM8C.js';
2
+ import { P as PoolKey, C as ChainConfig, a as PafiSDKConfig, b as PointTokenDomainConfig, M as MintRequest, R as ReceiverConsent, E as EIP712Signature, S as SignatureVerification } from './types-BAkmxgVo.js';
3
+ export { B as BestQuote, c as BurnRequest, I as Issuer, d as PathKey, Q as QuoteResult } from './types-BAkmxgVo.js';
4
4
  export { pointTokenAbi as POINT_TOKEN_V2_ABI, erc20Abi, issuerRegistryAbi, mintingOracleAbi, permit2Abi, pointTokenAbi, pointTokenFactoryAbi, universalRouterAbi, v4QuoterAbi } from './abi/index.js';
5
5
  export { buildBurnRequestTypedData, buildDomain, buildMintRequestTypedData, buildReceiverConsentTypedData, signBurnRequest, signMintRequest, signReceiverConsent, verifyBurnRequest, verifyMintRequest, verifyReceiverConsent } from './eip712/index.js';
6
6
  export { getBurnRequestNonce, getIssuer, getMintRequestNonce, getPointTokenBalance, getPointTokenIssuer, getPointTokenIssuerAddress, getReceiverConsentNonce, getTokenName, isActiveIssuer, isMinter, issuerRegistryGetIssuerFlatAbi, verifyMintCap } from './contract/index.js';
7
7
  import { LoginMessageParams } from './auth/index.js';
8
- export { BuildSponsorAuthParams, BuiltSponsorAuth, SPONSOR_AUTH_DOMAIN_NAME, SPONSOR_AUTH_TYPES, SponsorAuthPayload, SponsorAuthVerifyResult, VerifyLoginResult, buildAndSignSponsorAuth, buildSponsorAuthDomain, buildSponsorAuthTypedData, computeCallDataHash, createLoginMessage, parseLoginMessage, signSponsorAuth, verifyLoginMessage, verifySponsorAuth } from './auth/index.js';
8
+ export { BuildSponsorAuthParams, BuiltSponsorAuth, SPONSOR_AUTH_DOMAIN_NAME, SPONSOR_AUTH_TYPES, SponsorAuthPayload, SponsorAuthVerifyResult, VerifyLoginResult, buildAndSignSponsorAuth, buildSponsorAuthDomain, buildSponsorAuthTypedData, computeCallDataHash, createLoginMessage, generateSponsorAuthNonce, parseLoginMessage, signSponsorAuth, verifyLoginMessage, verifySponsorAuth } from './auth/index.js';
9
9
 
10
10
  declare const mintRequestTypes: {
11
11
  readonly MintRequest: readonly [{
@@ -82,6 +82,36 @@ declare const ENTRY_POINT_V08: Address;
82
82
  /** Permit2 — Uniswap's universal approval contract, same address on all EVM chains. */
83
83
  declare const PERMIT2_ADDRESS: Address;
84
84
 
85
+ /**
86
+ * v0.7.1 — unified error base for the entire SDK (core + issuer +
87
+ * trading). Subclasses declare `code` (machine-readable) and
88
+ * `httpStatus` (recommended HTTP status for issuer's controller).
89
+ *
90
+ * Issuer's `createSdkErrorMapper` routes any `PafiSdkError` instance
91
+ * through framework-specific exception factories; non-PafiSdkError
92
+ * still becomes 500.
93
+ *
94
+ * See SDK_CORE_TRADING_AUDIT.md H3.
95
+ */
96
+ type SdkErrorHttpStatus = "not_found" | "forbidden" | "unprocessable" | "service_unavailable";
97
+ declare abstract class PafiSdkError extends Error {
98
+ abstract readonly code: string;
99
+ /**
100
+ * `true` when the FE should consider a retry safe — typically because
101
+ * the failure is transient.
102
+ */
103
+ readonly safeToRetry: boolean;
104
+ readonly details?: unknown;
105
+ abstract readonly httpStatus: SdkErrorHttpStatus;
106
+ constructor(message: string);
107
+ }
108
+ /**
109
+ * @deprecated v0.7.1 — use `PafiSdkError` (capital S, lowercase dk).
110
+ * The two classes existed in parallel ("PafiSDKError" in core,
111
+ * "PafiSdkError" in issuer) due to historical drift; consolidating
112
+ * here. Kept as alias for back-compat through v0.7.x; will be removed
113
+ * in v0.8. See SDK_CORE_TRADING_AUDIT.md H3.
114
+ */
85
115
  declare class PafiSDKError extends Error {
86
116
  constructor(message: string);
87
117
  }
@@ -100,6 +130,41 @@ declare class ApiError extends PafiSDKError {
100
130
  status?: number | undefined;
101
131
  constructor(message: string, status?: number | undefined);
102
132
  }
133
+ /**
134
+ * Thrown by `quoteOperatorFee*` when an upstream price source
135
+ * (Chainlink ETH/USD, PAFI subgraph) is unavailable or stale and the
136
+ * caller did not opt in to the hardcoded fallback prices.
137
+ *
138
+ * v0.7.1 — previously `quoteOperatorFeePt` silently fell back to
139
+ * ETH=$3000 / PT=$0.10 with `console.warn`. Now opt-in via
140
+ * `allowStaleFallback: true`. See SDK_CORE_TRADING_AUDIT.md C2.
141
+ *
142
+ * Extends the unified `PafiSdkError` so issuer's `createSdkErrorMapper`
143
+ * routes it to 503 instead of leaking as a 500.
144
+ */
145
+ declare class OracleStaleError extends PafiSdkError {
146
+ readonly httpStatus: "service_unavailable";
147
+ readonly code: "ORACLE_STALE";
148
+ readonly source: "chainlink" | "subgraph";
149
+ readonly reason: string;
150
+ constructor(source: "chainlink" | "subgraph", reason: string);
151
+ }
152
+ /**
153
+ * Generic 4xx-class validation failure for input checks at any SDK
154
+ * boundary (core helpers, trading handlers, etc.). Issuer's
155
+ * `createSdkErrorMapper` routes to 422.
156
+ *
157
+ * Uses an instance `details` field so subclasses can override the
158
+ * declaration; matches the issuer-side shape that pre-existed here.
159
+ *
160
+ * v0.7.4 — added per SDK_CORE_TRADING_AUDIT.md H2/H13.
161
+ */
162
+ declare class ValidationError extends PafiSdkError {
163
+ readonly httpStatus: "unprocessable";
164
+ readonly code: string;
165
+ readonly details?: Record<string, unknown>;
166
+ constructor(code: string, message: string, details?: Record<string, unknown>);
167
+ }
103
168
 
104
169
  /**
105
170
  * Orderly Network Vault — entrypoint for **perp deposit** flow on
@@ -859,16 +924,15 @@ interface PaymasterConfig {
859
924
  type SponsorshipScenario = "mint" | "burn" | "swap" | "perp-deposit";
860
925
 
861
926
  /**
927
+ * @deprecated v0.7.1 — see file comment.
928
+ *
862
929
  * Set the application-wide paymaster config. Safe to call multiple
863
930
  * times (later calls override earlier). Throws if required fields
864
931
  * are missing.
865
932
  */
866
933
  declare function setPaymasterConfig(config: PaymasterConfig): void;
867
934
  /**
868
- * Get the current paymaster config. Throws if `setPaymasterConfig()`
869
- * has not been called yet — this surfaces boot-order bugs early
870
- * instead of failing with "paymaster.feeRecipient is undefined" at
871
- * the point of use.
935
+ * @deprecated v0.7.1 see file comment.
872
936
  */
873
937
  declare function getPaymasterConfig(): PaymasterConfig;
874
938
  /** Test helper — clear the singleton. */
@@ -1169,13 +1233,18 @@ interface SmartAccountSender {
1169
1233
  * Returns true when `err` originates from the **paymaster layer** rather
1170
1234
  * than the contract or bundler layer. Covers:
1171
1235
  *
1172
- * - ERC-4337 AA3x validation errors (AA31–AA34)
1173
- * - Pimlico sponsorship rejections (`pm_*` methods, "sponsorship" messages)
1174
- * - PAFI proxy HTTP errors (401, 403, 429, 503)
1236
+ * - ERC-4337 AA3x validation errors (AA31–AA34, word-boundary match)
1237
+ * - Pimlico sponsorship rejections (`pm_*` methods, "sponsorship" / "paymaster")
1238
+ * - PAFI proxy HTTP errors checked via typed `status` / `statusCode`
1239
+ * field when present, NOT substring match
1175
1240
  * - Generic "rate limit" / "unauthorized" strings
1176
1241
  *
1177
1242
  * Use this to decide whether retrying without a paymaster makes sense.
1178
1243
  * Contract reverts (AA23, AA24, AA25) and bundler errors are NOT matched.
1244
+ *
1245
+ * v0.7.1 — replaced naive substring matching that false-positived on
1246
+ * arbitrary text containing "503"/"403"/"429" (e.g. address/transit ID).
1247
+ * See SDK_CORE_TRADING_AUDIT.md C3.
1179
1248
  */
1180
1249
  declare function isPaymasterError(err: unknown): boolean;
1181
1250
  interface SendWithPaymasterFallbackParams {
@@ -1228,15 +1297,35 @@ interface SendWithPaymasterFallbackParams {
1228
1297
  */
1229
1298
  declare function sendWithPaymasterFallback(params: SendWithPaymasterFallbackParams): Promise<Hex>;
1230
1299
 
1300
+ /**
1301
+ * Per-scenario gas budgets (callGasLimit + verificationGas + preVerify)
1302
+ * used by `quoteOperatorFee*`. Defaults are calibrated against the
1303
+ * actual UserOps the issuer + trading SDKs build:
1304
+ *
1305
+ * mint — `RelayService.prepareMint` callGasLimit 300k → 500k margin
1306
+ * burn — `RelayService.prepareBurn` 300k → 500k margin
1307
+ * swap — `buildSwapUserOp` callGasLimit 700k (UR.execute heavy)
1308
+ * perp-deposit — `buildPerpDepositViaRelay` 800k (LayerZero msg)
1309
+ * delegate — minimal no-op self-call, 200k margin
1310
+ *
1311
+ * Pass an explicit `gasUnits` to override. v0.7.4 — added per
1312
+ * SDK_CORE_TRADING_AUDIT.md H12.
1313
+ */
1314
+ type FeeScenario = "mint" | "burn" | "swap" | "perp-deposit" | "delegate";
1231
1315
  interface QuoteOperatorFeePtConfig {
1232
1316
  provider: PublicClient;
1233
1317
  chainId: number;
1234
1318
  pointTokenAddress: Address;
1235
1319
  /**
1236
- * ERC-4337 gas units the UserOp will consume on chain. Default
1237
- * 500_000n covers the common scenarios (mint, swap, perp deposit
1238
- * via Relay) with margin. Pass a tighter number when you have a
1239
- * Pimlico estimate to feed in.
1320
+ * Scenario tag picks default `gasUnits` from `SCENARIO_GAS_UNITS`.
1321
+ * Ignored when `gasUnits` is explicit. Default `"mint"` for back-
1322
+ * compat (matches the legacy 500_000 constant).
1323
+ */
1324
+ scenario?: FeeScenario;
1325
+ /**
1326
+ * ERC-4337 gas units the UserOp will consume on chain. Defaults to
1327
+ * `SCENARIO_GAS_UNITS[scenario]`, falling back to 500_000n. Pass a
1328
+ * tighter number when you have a Pimlico estimate to feed in.
1240
1329
  */
1241
1330
  gasUnits?: bigint;
1242
1331
  /**
@@ -1251,9 +1340,20 @@ interface QuoteOperatorFeePtConfig {
1251
1340
  subgraphUrl?: string;
1252
1341
  /** USDT token decimals. Default 6 (USDC/USDT on Base/Ethereum). */
1253
1342
  usdtDecimals?: number;
1254
- /** Fallback ETH price (USD) when Chainlink is unreachable. Default 3000. */
1343
+ /**
1344
+ * Opt-in fallback prices used when Chainlink / subgraph is
1345
+ * unavailable. Default `false` — throw `OracleStaleError`. Set
1346
+ * `true` AND configure `fallbackEthPriceUsd` / `fallbackPtPriceUsdt`
1347
+ * to absorb oracle outages instead of surfacing them.
1348
+ *
1349
+ * v0.7.1 — previously fallback was always-on with hardcoded
1350
+ * defaults (ETH=$3000, PT=$0.10), causing under-priced fees during
1351
+ * incidents. See SDK_CORE_TRADING_AUDIT.md C2.
1352
+ */
1353
+ allowStaleFallback?: boolean;
1354
+ /** Fallback ETH price (USD) when Chainlink is unreachable. Only used when `allowStaleFallback: true`. Default 3000. */
1255
1355
  fallbackEthPriceUsd?: number;
1256
- /** Fallback PT price (USDT per 1 PT) when subgraph is unreachable. Default 0.1. */
1356
+ /** Fallback PT price (USDT per 1 PT) when subgraph is unreachable. Only used when `allowStaleFallback: true`. Default 0.1. */
1257
1357
  fallbackPtPriceUsdt?: number;
1258
1358
  fetchImpl?: typeof fetch;
1259
1359
  }
@@ -1266,10 +1366,17 @@ interface QuoteOperatorFeePtConfig {
1266
1366
  interface QuoteOperatorFeeUsdtConfig {
1267
1367
  provider: PublicClient;
1268
1368
  chainId: number;
1369
+ /** See `QuoteOperatorFeePtConfig.scenario`. v0.7.4. */
1370
+ scenario?: FeeScenario;
1269
1371
  gasUnits?: bigint;
1270
1372
  premiumBps?: number;
1271
1373
  chainlinkFeedAddress?: Address;
1272
1374
  usdtDecimals?: number;
1375
+ /**
1376
+ * Opt-in fallback price when Chainlink is unavailable. Default
1377
+ * `false` — throw `OracleStaleError`. v0.7.1 — see C2.
1378
+ */
1379
+ allowStaleFallback?: boolean;
1273
1380
  fallbackEthPriceUsd?: number;
1274
1381
  }
1275
1382
  /**
@@ -1649,7 +1756,7 @@ declare class PafiSDK {
1649
1756
  buildMintRequestTypedData(message: MintRequest): Promise<{
1650
1757
  domain: {
1651
1758
  name: string;
1652
- version: "1";
1759
+ version: string;
1653
1760
  chainId: number;
1654
1761
  verifyingContract: `0x${string}`;
1655
1762
  };
@@ -1674,7 +1781,7 @@ declare class PafiSDK {
1674
1781
  buildReceiverConsentTypedData(message: ReceiverConsent): Promise<{
1675
1782
  domain: {
1676
1783
  name: string;
1677
- version: "1";
1784
+ version: string;
1678
1785
  chainId: number;
1679
1786
  verifyingContract: `0x${string}`;
1680
1787
  };
@@ -1713,4 +1820,4 @@ declare class PafiSDK {
1713
1820
  signLoginMessage(message: string): Promise<Hex>;
1714
1821
  }
1715
1822
 
1716
- export { ApiError, BATCH_EXECUTOR_7702_IMPL, BATCH_EXECUTOR_ABI, BATCH_EXECUTOR_ADDRESS_BASE_MAINNET, BATCH_EXECUTOR_ADDRESS_BASE_SEPOLIA, BROKER_HASHES, type BuildDelegationUserOpParams, type BuildPartialUserOpParams, type BuildPerpDepositViaRelayParams, type BuildPerpDepositWithGasDeductionParams, COMMON_POOLS, COMMON_TOKENS, CONTRACT_ADDRESSES, ChainConfig, type CheckEthAndBranchParams, ConfigurationError, type ContractAddresses, DUMMY_SIGNATURE_V07, type DelegateImpl, EIP712Signature, ENTRY_POINT_V07, ENTRY_POINT_V08, type Eip7702AuthorizationJsonRpc, LoginMessageParams, MintRequest, type ModalOpenOptions, ORDERLY_RELAY_ABI, ORDERLY_VAULT_ABI, ORDERLY_VAULT_ADDRESSES, ORDERLY_VAULT_BASE_MAINNET, type Operation, type OrderlyRelayDepositRequest, PAFI_SUBGRAPH_URL, PERMIT2_ADDRESS, POINT_TOKEN_FACTORY_ADDRESSES, POINT_TOKEN_IMPL_ADDRESSES, POINT_TOKEN_POOLS, type PackedUserOperationMessage, type PafiProxyTransportParams, PafiSDK, PafiSDKConfig, PafiSDKError, type PafiWebModalAdapter, type PafiWebModalHandle, type PartialUserOperation, type PaymasterConfig, type PaymasterFields, PointTokenDomainConfig, PoolKey, type QuoteOperatorFeePtConfig, type QuoteOperatorFeeUsdtConfig, ReceiverConsent, SIMPLE_7702_IMPL_BASE_MAINNET, SUPPORTED_CHAINS, type SendWithPaymasterFallbackParams, type SignatureStruct, SignatureVerification, SigningError, SimulationError, type SmartAccountSender, type SponsorshipScenario, type SubmissionPath, TOKEN_HASHES, UNIVERSAL_ROUTER_ADDRESSES, type UserOpReceipt, type UserOpTypedData, type UserOperation, V4_QUOTER_ADDRESSES, type VaultDepositFE, ZERO_VALUE, _resetPaymasterConfigForTests, assembleUserOperation, buildDelegationUserOp, buildEip7702Authorization, buildPartialUserOperation, buildPerpDepositViaRelay, buildPerpDepositWithGasDeduction, buildUserOpTypedData, burnRequestTypes, checkDelegation, checkEthAndBranch, computeAccountId, computeAuthorizationHash, computeUserOpHash, createPafiProxyTransport, decodeBatchExecuteCalls, detectDelegateImpl, encodeBatchExecute, erc20ApproveOp, erc20BurnOp, erc20TransferOp, fetchPafiPools, getAaNonce, getContractAddresses, getDummySignatureFor7702, getPafiWebModalAdapter, getPaymasterConfig, isDelegatedTo, isDelegatedToTarget, isPaymasterConfigured, isPaymasterError, mintRequestTypes, openPafiWebModal, openWebPopup, parseEip7702DelegatedAddress, quoteOperatorFeePt, quoteOperatorFeeUsdt, rawCallOp, receiverConsentTypes, sendWithPaymasterFallback, serializeUserOpToJsonRpc, setPafiWebModalAdapter, setPaymasterConfig, splitAuthorizationSig, webPopupAdapter };
1823
+ export { ApiError, BATCH_EXECUTOR_7702_IMPL, BATCH_EXECUTOR_ABI, BATCH_EXECUTOR_ADDRESS_BASE_MAINNET, BATCH_EXECUTOR_ADDRESS_BASE_SEPOLIA, BROKER_HASHES, type BuildDelegationUserOpParams, type BuildPartialUserOpParams, type BuildPerpDepositViaRelayParams, type BuildPerpDepositWithGasDeductionParams, COMMON_POOLS, COMMON_TOKENS, CONTRACT_ADDRESSES, ChainConfig, type CheckEthAndBranchParams, ConfigurationError, type ContractAddresses, DUMMY_SIGNATURE_V07, type DelegateImpl, EIP712Signature, ENTRY_POINT_V07, ENTRY_POINT_V08, type Eip7702AuthorizationJsonRpc, LoginMessageParams, MintRequest, type ModalOpenOptions, ORDERLY_RELAY_ABI, ORDERLY_VAULT_ABI, ORDERLY_VAULT_ADDRESSES, ORDERLY_VAULT_BASE_MAINNET, type Operation, OracleStaleError, type OrderlyRelayDepositRequest, PAFI_SUBGRAPH_URL, PERMIT2_ADDRESS, POINT_TOKEN_FACTORY_ADDRESSES, POINT_TOKEN_IMPL_ADDRESSES, POINT_TOKEN_POOLS, type PackedUserOperationMessage, type PafiProxyTransportParams, PafiSDK, PafiSDKConfig, PafiSDKError, PafiSdkError, type PafiWebModalAdapter, type PafiWebModalHandle, type PartialUserOperation, type PaymasterConfig, type PaymasterFields, PointTokenDomainConfig, PoolKey, type QuoteOperatorFeePtConfig, type QuoteOperatorFeeUsdtConfig, ReceiverConsent, SIMPLE_7702_IMPL_BASE_MAINNET, SUPPORTED_CHAINS, type SdkErrorHttpStatus, type SendWithPaymasterFallbackParams, type SignatureStruct, SignatureVerification, SigningError, SimulationError, type SmartAccountSender, type SponsorshipScenario, type SubmissionPath, TOKEN_HASHES, UNIVERSAL_ROUTER_ADDRESSES, type UserOpReceipt, type UserOpTypedData, type UserOperation, V4_QUOTER_ADDRESSES, ValidationError, type VaultDepositFE, ZERO_VALUE, _resetPaymasterConfigForTests, assembleUserOperation, buildDelegationUserOp, buildEip7702Authorization, buildPartialUserOperation, buildPerpDepositViaRelay, buildPerpDepositWithGasDeduction, buildUserOpTypedData, burnRequestTypes, checkDelegation, checkEthAndBranch, computeAccountId, computeAuthorizationHash, computeUserOpHash, createPafiProxyTransport, decodeBatchExecuteCalls, detectDelegateImpl, encodeBatchExecute, erc20ApproveOp, erc20BurnOp, erc20TransferOp, fetchPafiPools, getAaNonce, getContractAddresses, getDummySignatureFor7702, getPafiWebModalAdapter, getPaymasterConfig, isDelegatedTo, isDelegatedToTarget, isPaymasterConfigured, isPaymasterError, mintRequestTypes, openPafiWebModal, openWebPopup, parseEip7702DelegatedAddress, quoteOperatorFeePt, quoteOperatorFeeUsdt, rawCallOp, receiverConsentTypes, sendWithPaymasterFallback, serializeUserOpToJsonRpc, setPafiWebModalAdapter, setPaymasterConfig, splitAuthorizationSig, webPopupAdapter };