@prktsol/prkt 1.0.0 → 1.0.1

package/dist/policy/sandbox/SandboxExecutor.js

@@ -1,20 +1,50 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SandboxExecutor = void 0;
+const AuditLogManager_1 = require("../../compression/AuditLogManager");
+const PolicyCircuit_1 = require("../../zk/PolicyCircuit");
+const ProofAnchor_1 = require("../../zk/ProofAnchor");
+const PRKTConfig_1 = require("../../config/PRKTConfig");
+const env_1 = require("../../config/env");
+const web3_js_1 = require("@solana/web3.js");
+const anchor_1 = require("@coral-xyz/anchor");
+const ethers_1 = require("ethers");
+const NeonWalletBridge_1 = require("../../evm/NeonWalletBridge");
+const WalletManager_1 = require("../../core/wallet/WalletManager");
 class SandboxExecutor {
     policyEngine;
     transactionService;
     approvalMode;
     approvalCallback;
+    auditLogManager;
+    proofAnchor;
+    useCompression;
+    useZkProofs;
     constructor(policyEngine, transactionService, approvalMode, approvalCallback) {
         this.policyEngine = policyEngine;
         this.transactionService = transactionService;
         this.approvalMode = approvalMode;
         this.approvalCallback = approvalCallback;
+        this.useCompression = PRKTConfig_1.defaultPRKTConfig.zkCompression.enabled;
+        this.useZkProofs = PRKTConfig_1.defaultPRKTConfig.zkPolicyProofs.enabled;
+        this.auditLogManager = new AuditLogManager_1.AuditLogManager(PRKTConfig_1.defaultPRKTConfig.zkCompression.rpcEndpoint);
+        this.proofAnchor = new ProofAnchor_1.ProofAnchor(PRKTConfig_1.defaultPRKTConfig.zkCompression.rpcEndpoint);
     }
     async executePreparedTransaction(input) {
         const inspection = this.policyEngine.inspect(input.transaction, input.inspectionContext);
+        const agentId = this.policyEngine.getAuditTrail().at(-1)?.agentId ?? "unknown-agent";
+        const auditSigner = this.resolveProofSigner(input.solanaKeypair);
         if (!inspection.allowed) {
+            if (this.useCompression) {
+                await this.auditLogManager.appendAuditEntry({
+                    agentId,
+                    timestamp: Date.now(),
+                    intentType: "UNKNOWN",
+                    approved: false,
+                    rejectionReason: inspection.reasons.join("; "),
+                    simulationResult: "skipped"
+                }, auditSigner).catch(() => { }); // catch to not block execution
+            }
             return {
                 inspection,
                 signature: null,
@@ -23,6 +53,16 @@ class SandboxExecutor {
         }
         const simulation = await this.transactionService.simulate(input.transaction);
         if (simulation.err) {
+            if (this.useCompression) {
+                await this.auditLogManager.appendAuditEntry({
+                    agentId,
+                    timestamp: Date.now(),
+                    intentType: "UNKNOWN",
+                    approved: false,
+                    rejectionReason: "simulation failed",
+                    simulationResult: "failed"
+                }, auditSigner).catch(() => { });
+            }
             return {
                 inspection: {
                     ...inspection,
@@ -46,7 +86,7 @@ class SandboxExecutor {
                 };
             }
             const approved = await this.approvalCallback({
-                agentId: this.policyEngine.getAuditTrail().at(-1)?.agentId ?? "unknown-agent",
+                agentId,
                 inspection,
                 transaction: input.transaction
             });
@@ -62,15 +102,217 @@ class SandboxExecutor {
                 };
             }
         }
+        let proofSigner;
+        let zkProof;
+        if (this.useZkProofs) {
+            proofSigner = this.resolveProofSigner(input.solanaKeypair);
+            const state = this.buildProofState(false);
+            try {
+                const proofResult = await PolicyCircuit_1.PolicyCircuit.prove(input.transaction, state, "EXECUTE", BigInt(inspection.details.totalSolSpendLamports), proofSigner);
+                zkProof = proofResult.proof;
+            }
+            catch (error) {
+                if (!(error instanceof PolicyCircuit_1.PolicyViolation)) {
+                    throw error;
+                }
+                return {
+                    inspection: {
+                        ...inspection,
+                        allowed: false,
+                        reasons: [...inspection.reasons, `Policy attestation rejected: ${error.message}`]
+                    },
+                    signature: null,
+                    simulationLogs: simulation.logs
+                };
+            }
+        }
         const send = await this.transactionService.sendAndConfirm({
             confirmationStrategy: input.confirmationStrategy,
             transaction: input.transaction
         });
-        this.policyEngine.recordBroadcast(send.signature);
+        this.policyEngine.recordBroadcast(send.signature, Number(inspection.details.totalSolSpendLamports) / 1_000_000_000);
+        if (zkProof && send.signature) {
+            await this.proofAnchor.anchorProof(zkProof, send.signature, proofSigner);
+        }
+        if (this.useCompression && send.signature) {
+            await this.auditLogManager.appendAuditEntry({
+                agentId,
+                timestamp: Date.now(),
+                intentType: "EXECUTE",
+                approved: true,
+                simulationResult: "success",
+                txSignature: send.signature
+            }, auditSigner).catch(() => { });
+        }
         return {
             inspection,
             signature: send.signature,
-            simulationLogs: simulation.logs
+            simulationLogs: simulation.logs,
+            zkProof
+        };
+    }
+    async executePreparedEvmTransaction(input) {
+        const inspection = this.policyEngine.inspectEvm(input.transaction);
+        const agentId = this.policyEngine.getAuditTrail().at(-1)?.agentId ?? "unknown-agent";
+        const auditSigner = this.resolveProofSigner(input.solanaKeypair);
+        if (!inspection.allowed) {
+            if (this.useCompression) {
+                await this.auditLogManager.appendAuditEntry({
+                    agentId,
+                    timestamp: Date.now(),
+                    intentType: "EXECUTE_EVM",
+                    approved: false,
+                    rejectionReason: inspection.reason ?? inspection.reasons.join("; "),
+                    simulationResult: "skipped"
+                }, auditSigner).catch(() => { });
+            }
+            return {
+                allowed: false,
+                reason: inspection.reason ?? inspection.reasons.join("; "),
+                signature: null
+            };
+        }
+        const provider = new ethers_1.ethers.JsonRpcProvider(PRKTConfig_1.defaultPRKTConfig.evmAdapters.neonRpcEndpoint);
+        try {
+            await provider.call({
+                ...input.transaction,
+                from: input.transaction.from ?? input.address
+            });
+            await provider.estimateGas({
+                ...input.transaction,
+                from: input.transaction.from ?? input.address
+            });
+        }
+        catch (error) {
+            const reason = error instanceof Error ? error.message : "eth_call reverted";
+            if (this.useCompression) {
+                await this.auditLogManager.appendAuditEntry({
+                    agentId,
+                    timestamp: Date.now(),
+                    intentType: "EXECUTE_EVM",
+                    approved: false,
+                    rejectionReason: reason,
+                    simulationResult: "failed"
+                }, auditSigner).catch(() => { });
+            }
+            return { signature: null, allowed: false, reason };
+        }
+        if (this.approvalMode === "live") {
+            if (!this.approvalCallback) {
+                return { signature: null, allowed: false, reason: "live approval callback missing" };
+            }
+            const approved = await this.approvalCallback({
+                agentId,
+                inspection,
+                transaction: input.transaction
+            });
+            if (!approved) {
+                return { signature: null, allowed: false, reason: "manual approval rejected" };
+            }
+        }
+        if (!(0, env_1.isNeonBroadcastEnabled)()) {
+            const reason = "NEON_BROADCAST_DISABLED";
+            if (this.useCompression) {
+                await this.auditLogManager.appendAuditEntry({
+                    agentId,
+                    timestamp: Date.now(),
+                    intentType: "EXECUTE_EVM",
+                    approved: false,
+                    rejectionReason: reason,
+                    simulationResult: "skipped"
+                }, auditSigner).catch(() => { });
+            }
+            return { signature: null, allowed: false, reason };
+        }
+        let proofSigner;
+        let zkProof;
+        if (this.useZkProofs) {
+            proofSigner = this.resolveProofSigner(input.solanaKeypair);
+            const state = this.buildProofState(true);
+            try {
+                const proofResult = await PolicyCircuit_1.PolicyCircuit.prove({
+                    address: input.address,
+                    transaction: this.serializeEvmTransaction(input.transaction)
+                }, state, "EXECUTE_EVM", BigInt(inspection.details.totalSolSpendLamports), proofSigner);
+                zkProof = proofResult.proof;
+            }
+            catch (error) {
+                if (!(error instanceof PolicyCircuit_1.PolicyViolation)) {
+                    throw error;
+                }
+                return { signature: null, allowed: false, reason: error.message };
+            }
+        }
+        // Wrap and sign
+        const bridge = new NeonWalletBridge_1.NeonWalletBridge(PRKTConfig_1.defaultPRKTConfig.evmAdapters.neonRpcEndpoint);
+        const signedTransaction = await bridge.signEvmTransaction({
+            ...input.transaction,
+            from: input.transaction.from ?? input.address
+        }, input.solanaKeypair ?? web3_js_1.Keypair.generate());
+        const broadcast = await provider.broadcastTransaction(signedTransaction);
+        await broadcast.wait();
+        const signature = broadcast.hash;
+        this.policyEngine.recordBroadcast(signature, Number(inspection.details.totalSolSpendLamports) / 1_000_000_000);
+        if (zkProof && signature) {
+            await this.proofAnchor.anchorProof(zkProof, signature, proofSigner);
+        }
+        if (this.useCompression && signature) {
+            await this.auditLogManager.appendAuditEntry({
+                agentId,
+                timestamp: Date.now(),
+                intentType: "EXECUTE_EVM",
+                approved: true,
+                simulationResult: "success",
+                txSignature: signature
+            }, auditSigner);
+        }
+        return { signature, allowed: true, zkProof };
+    }
+    resolveProofSigner(preferred) {
+        if (preferred) {
+            return preferred;
+        }
+        try {
+            return WalletManager_1.WalletManager.loadOrGenerate().payer;
+        }
+        catch {
+            return web3_js_1.Keypair.generate();
+        }
+    }
+    serializeEvmTransaction(transaction) {
+        return Object.fromEntries(Object.entries(transaction).map(([key, value]) => {
+            if (typeof value === "bigint") {
+                return [key, value.toString()];
+            }
+            return [key, value ?? null];
+        }));
+    }
+    buildProofState(includeEvmAllowlist) {
+        const policyConfig = this.policyEngine.getPolicyConfig();
+        const now = Date.now();
+        const sessionExpiry = Date.parse(policyConfig.sessionExpiresAtIso8601);
+        const sessionTtlMinutes = Number.isNaN(sessionExpiry)
+            ? 0
+            : Math.max(0, Math.ceil((sessionExpiry - now) / 60_000));
+        return {
+            agentId: policyConfig.agentId,
+            dailySpendLimit: new anchor_1.BN(policyConfig.limits.maxSolPerTxLamports.toString()),
+            killSwitchActive: false,
+            lastResetTimestamp: now,
+            programAllowlist: includeEvmAllowlist
+                ? []
+                : policyConfig.rules.allowedProgramIds
+                    .map((programId) => {
+                    try {
+                        return new web3_js_1.PublicKey(programId);
+                    }
+                    catch {
+                        return null;
+                    }
+                })
+                    .filter((programId) => programId !== null),
+            sessionTTL: sessionTtlMinutes,
+            spentToday: new anchor_1.BN(Math.round(this.policyEngine.getSpentToday() * 1_000_000_000))
         };
     }
 }

package/dist/policy/types/policy.d.ts

@@ -0,0 +1,55 @@
+import type { PublicKey, VersionedTransaction } from "@solana/web3.js";
+export type ApprovalMode = "sandbox" | "live";
+export type PolicyLimits = {
+    maxSolPerTxLamports: number;
+    maxSplPerTxRawAmount: bigint;
+    maxTransactionsPerSession: number;
+    maxTransactionsPerDay: number;
+};
+export type PolicyRules = {
+    allowOpaqueProgramIds?: string[];
+    allowedCloseAccountDestinations?: string[];
+    allowedProgramIds: string[];
+    allowedMintAddresses: string[];
+    denyUnknownInstructionsByDefault: boolean;
+    requireSimulationSuccess: boolean;
+    rejectSuspiciousBalanceDeltas: boolean;
+    allowedTransferDestinations?: string[];
+};
+export type PolicyConfig = {
+    agentId: string;
+    approvalMode: ApprovalMode;
+    limits: PolicyLimits;
+    rules: PolicyRules;
+    sessionExpiresAtIso8601: string;
+};
+export type TxInspectionContext = {
+    expectedBalanceDeltas?: Array<{
+        account: PublicKey;
+        mint?: PublicKey;
+        maxNegativeDeltaRaw: bigint;
+    }>;
+};
+export type TxInspectionResult = {
+    allowed: boolean;
+    reason?: string;
+    reasons: string[];
+    details: {
+        totalSolSpendLamports: bigint;
+        totalSplSpendRaw: bigint;
+        programsSeen: string[];
+        mintsSeen: string[];
+    };
+};
+export type SecurityAuditEntry = {
+    agentId: string;
+    timestampIso8601: string;
+    decision: "allow" | "deny";
+    reason: string;
+    txSignature?: string;
+};
+export type ApprovalCallback = (input: {
+    agentId: string;
+    inspection: TxInspectionResult;
+    transaction: VersionedTransaction;
+}) => Promise<boolean>;

package/dist/scripts/devnetFunding.d.ts

@@ -0,0 +1,9 @@
+import { BalanceService } from "../core/balances/BalanceService";
+import { DevnetFundingService } from "../core/funding/DevnetFundingService";
+import { WalletManager } from "../wallet/WalletManager";
+export declare function ensureWalletHasMinimumSol(input: {
+    balanceService: BalanceService;
+    fundingService: DevnetFundingService;
+    minimumSol: number;
+    publicKey: WalletManager["publicKey"];
+}): Promise<void>;

package/dist/scripts/devnetFunding.js

@@ -4,7 +4,6 @@ exports.ensureWalletHasMinimumSol = ensureWalletHasMinimumSol;
 const SOL_BALANCE_TOLERANCE = 0.000001;
 async function ensureWalletHasMinimumSol(input) {
     const funding = await input.fundingService.ensureMinimumSol({
-        airdropAmountSol: 1,
         balanceService: input.balanceService,
         minimumSol: input.minimumSol,
         recipient: input.publicKey

package/dist/scripts/devnetWalletPreflight.d.ts

@@ -0,0 +1,8 @@
+export declare const REQUIRED_STARTING_SOL = 0.12;
+export declare const MAX_STARTING_WSOL_FOR_WRAP_DEMO = 0.0099;
+export declare function assertDeterministicWrapPreflight(input: {
+    maxStartingWsol?: number;
+    requiredStartingSol?: number;
+    startingSolBalance: number;
+    startingWsolBalance: number;
+}): void;

package/dist/scripts/localnetCheck.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/scripts/managedAgentWallet.d.ts

@@ -0,0 +1,34 @@
+import type { PublicKey } from "@solana/web3.js";
+import { AgentRegistryStore } from "../cli/services/agentRegistry";
+import { WalletRegistry } from "../cli/services/walletRegistry";
+import type { StoredAgentRecord, StoredWalletRecord } from "../cli/types";
+import { BalanceService } from "../core/balances/BalanceService";
+import { DevnetFundingService } from "../core/funding/DevnetFundingService";
+import { WalletManager } from "../wallet/WalletManager";
+export type ManagedAgentWallet = {
+    agent: StoredAgentRecord;
+    agentName: string;
+    createdAgent: boolean;
+    createdWallet: boolean;
+    recoveryKey: string | null;
+    wallet: StoredWalletRecord;
+    walletManager: WalletManager;
+};
+export declare function getManagedAgentName(input: {
+    defaultAgentName: string;
+    env?: NodeJS.ProcessEnv;
+}): string;
+export declare function getManagedOwnerId(env?: NodeJS.ProcessEnv): string | undefined;
+export declare function resolveManagedAgentWallet(input: {
+    agentName: string;
+    ownerId?: string;
+    agentRegistry?: AgentRegistryStore;
+    walletRegistry?: WalletRegistry;
+}): ManagedAgentWallet;
+export declare function ensureManagedAgentWalletFunding(input: {
+    balanceService: BalanceService;
+    fundingService: DevnetFundingService;
+    minimumSol: number;
+    publicKey: PublicKey;
+}): Promise<void>;
+export declare function logManagedAgentWallet(input: ManagedAgentWallet): void;

package/dist/scripts/mode.d.ts

@@ -0,0 +1,2 @@
+export type DemoMode = "LIVE" | "SIMULATED";
+export declare function printDemoMode(mode: DemoMode, detail: string): void;

package/dist/scripts/releaseReadiness.d.ts

@@ -0,0 +1,9 @@
+export type CheckResult = {
+    detail: string;
+    ok: boolean;
+    title: string;
+};
+export declare function runCommandCheck(command: string, args: string[]): CheckResult;
+export declare function evaluateProductionTodo(todoPath?: string): CheckResult;
+export declare function findOpenBlockingTodoItems(markdown: string): string[];
+export declare function runReadinessChecks(): CheckResult[];

package/dist/scripts/runAgentUniversalDeFi.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/scripts/runAutonomousAgentWalletDevnet.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/scripts/runAutonomousAgentWalletDevnet.js

@@ -16,7 +16,7 @@ const managedAgentWallet_1 = require("./managedAgentWallet");
 const mode_1 = require("./mode");
 const shared_1 = require("./shared");
 const DEFAULT_AGENT_NAME = "agent-autonomous-wallet";
-const REQUIRED_FUNDING_SOL = 0.5;
+const REQUIRED_FUNDING_SOL = 0.3;
 const DEFAULT_STAKE_SOL = 0.15;
 async function main() {
     (0, mode_1.printDemoMode)("LIVE", "Autonomous agent wallet: provision or load the assigned agent wallet, fund on devnet, execute live Marinade stake, and verify owner stop control");

package/dist/scripts/runAutonomousPortfolioDevnet.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/scripts/runAutonomousPortfolioDevnet.js

@@ -28,7 +28,7 @@ const shared_1 = require("./shared");
 const managedAgentWallet_1 = require("./managedAgentWallet");
 const mode_1 = require("./mode");
 const DEFAULT_AGENT_NAME = "autonomous-portfolio-devnet";
-const REQUIRED_FUNDING_SOL = 1.0;
+const REQUIRED_FUNDING_SOL = 0.4;
 const DEFAULT_SWAP_SOL = 0.01;
 const DEFAULT_ORCA_LP_SOL = 0.05;
 const ORCA_DEVNET_PROGRAM_ID = new web3_js_1.PublicKey("whirLbMiicVdio4qvUfM5KAg6Ct8VwpYzGff3uctyCc");

package/dist/scripts/runBorrowStrategy.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/scripts/runDeFiSuite.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/scripts/runDemoRehearsal.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/scripts/runDemoRehearsal.js

@@ -7,7 +7,6 @@ const fs_1 = require("fs");
 const path_1 = __importDefault(require("path"));
 const child_process_1 = require("child_process");
 const env_1 = require("../config/env");
-const env_2 = require("../config/env");
 function runCommand(command, args) {
     const result = (0, child_process_1.spawnSync)([command, ...args].join(" "), {
         shell: true,
@@ -24,8 +23,7 @@ function runPreflightChecks() {
     const rpcUrl = (0, env_1.getRpcUrl)();
     const cluster = (0, env_1.detectClusterFromRpcUrl)(rpcUrl);
     const usdcMint = (0, env_1.getUsdcMintAddress)();
-    const secretKey = (0, env_2.getOptionalSecretKey)();
-    const remoteSigner = (0, env_1.getRemoteSignerConfig)();
+    const signerCheck = resolveSignerCheck();
     checks.push({
         detail: rpcUrl,
         ok: cluster === "devnet",
@@ -51,12 +49,8 @@ function runPreflightChecks() {
         });
     }
     checks.push({
-        detail: remoteSigner
-            ? `remote signer ${remoteSigner.publicKey.toBase58()}`
-            : secretKey
-                ? "local demo key present"
-                : "missing signer config",
-        ok: Boolean(remoteSigner) || Boolean(secretKey),
+        detail: signerCheck.detail,
+        ok: signerCheck.ok,
         title: "signer configuration is present"
     });
     checks.push({
@@ -67,6 +61,39 @@ function runPreflightChecks() {
     checks.push(runCommand("npm", ["run", "release:check"]));
     return checks;
 }
+function resolveSignerCheck() {
+    try {
+        const remoteSigner = (0, env_1.getRemoteSignerConfig)();
+        if (remoteSigner) {
+            return {
+                detail: `remote signer ${remoteSigner.publicKey.toBase58()}`,
+                ok: true
+            };
+        }
+        if ((0, env_1.getOptionalDevnetTreasurySecretKey)()) {
+            return {
+                detail: "devnet treasury key present",
+                ok: true
+            };
+        }
+        if ((0, env_1.getOptionalSecretKey)()) {
+            return {
+                detail: "local demo key present",
+                ok: true
+            };
+        }
+        return {
+            detail: "missing signer config",
+            ok: false
+        };
+    }
+    catch (error) {
+        return {
+            detail: error instanceof Error ? error.message : "invalid signer config",
+            ok: false
+        };
+    }
+}
 function writeSessionArtifact(checks) {
     const artifactDir = path_1.default.join(process.cwd(), "artifacts");
     if (!(0, fs_1.existsSync)(artifactDir)) {
@@ -77,6 +104,7 @@ function writeSessionArtifact(checks) {
         cluster: (0, env_1.detectClusterFromRpcUrl)((0, env_1.getRpcUrl)()),
         generatedAtIso8601: new Date().toISOString(),
         recommendedLiveRunOrder: [
+            "npm run demo:feature-matrix:devnet",
             "npm run wallet:devnet",
             "npm run defi:lp:devnet",
             "npm run simulate-attack",
@@ -106,6 +134,7 @@ function main() {
         return;
     }
     console.log("Demo rehearsal preflight passed.");
-    console.log("Next: run the recommended live order and record signatures in artifacts/bounty-evidence.md.");
+    console.log("Next: run the recommended live order, starting with the devnet feature matrix.");
+    console.log("Record resulting signatures and artifact paths in artifacts/bounty-evidence.md.");
 }
 main();

package/dist/scripts/runDevnetFeatureMatrix.d.ts

@@ -0,0 +1,43 @@
+type MatrixStep = {
+    category: string;
+    detail: string;
+    name: string;
+    status: "ok" | "warn" | "fail" | "skip";
+};
+type MatrixSummary = {
+    advanced?: {
+        agentId: string;
+        commitment: string;
+        policyAccountSignature: string;
+        proofSignature: string;
+        sessionId: string;
+        sessionSignature: string;
+    };
+    cluster: string;
+    generatedAtIso8601: string;
+    names: {
+        agent: string;
+        gaslessAgent: string;
+        owner: string;
+        wallet: string;
+    };
+    steps: MatrixStep[];
+};
+type MatrixArtifacts = {
+    jsonPath: string;
+    markdownPath: string;
+};
+type StepCounts = {
+    fail: number;
+    ok: number;
+    skip: number;
+    total: number;
+    warn: number;
+};
+export declare function extractJsonPayload(stdout: string): unknown;
+export declare function createIntentFile(agentPublicKey: string): string;
+export declare function summarizeSteps(steps: MatrixStep[]): StepCounts;
+export declare function renderMarkdownReport(summary: MatrixSummary): string;
+export declare function writeArtifacts(summary: MatrixSummary): MatrixArtifacts;
+export declare function runDevnetFeatureMatrix(): Promise<MatrixArtifacts>;
+export {};