@sip-protocol/sdk 0.2.5 → 0.2.7

package/dist/index.js

@@ -644,6 +644,91 @@ function validateScalar(value, field) {
     );
   }
 }
+function isValidEvmAddress(address) {
+  if (typeof address !== "string") return false;
+  return /^0x[0-9a-fA-F]{40}$/.test(address);
+}
+function isValidSolanaAddressFormat(address) {
+  if (typeof address !== "string") return false;
+  return /^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(address);
+}
+function isValidNearAddressFormat(address) {
+  if (typeof address !== "string") return false;
+  if (/^[0-9a-f]{64}$/.test(address)) return true;
+  if (address.length < 2 || address.length > 64) return false;
+  if (!/^[a-z0-9]([a-z0-9._-]*[a-z0-9])?$/.test(address)) return false;
+  if (address.includes("..")) return false;
+  return true;
+}
+function getChainAddressType(chain) {
+  switch (chain) {
+    case "ethereum":
+    case "polygon":
+    case "arbitrum":
+    case "optimism":
+    case "base":
+      return "evm";
+    case "solana":
+      return "solana";
+    case "near":
+      return "near";
+    case "zcash":
+      return "zcash";
+    default:
+      return "unknown";
+  }
+}
+function validateAddressForChain(address, chain, field = "address") {
+  const addressType = getChainAddressType(chain);
+  switch (addressType) {
+    case "evm":
+      if (!isValidEvmAddress(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected EVM address (0x + 40 hex chars), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: "0x...", receivedFormat: address.startsWith("0x") ? "hex but wrong length" : "not hex" }
+        );
+      }
+      break;
+    case "solana":
+      if (!isValidSolanaAddressFormat(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected Solana address (base58, 32-44 chars), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: "base58", receivedFormat: address.startsWith("0x") ? "looks like EVM" : "unknown" }
+        );
+      }
+      break;
+    case "near":
+      if (!isValidNearAddressFormat(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected NEAR account ID (named or implicit), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: "alice.near or 64 hex chars" }
+        );
+      }
+      break;
+    case "zcash":
+      if (!address || address.length === 0) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected Zcash address.`,
+          field,
+          { chain }
+        );
+      }
+      break;
+    default:
+      break;
+  }
+}
+function isAddressValidForChain(address, chain) {
+  try {
+    validateAddressForChain(address, chain);
+    return true;
+  } catch {
+    return false;
+  }
+}
 
 // src/secure-memory.ts
 var import_utils = require("@noble/hashes/utils");
@@ -2120,7 +2205,21 @@ var OneClickClient = class {
    */
   async quote(request) {
     this.validateQuoteRequest(request);
-    return this.post("/v0/quote", request);
+    const rawResponse = await this.post("/v0/quote", request);
+    return {
+      quoteId: rawResponse.timestamp,
+      // Use timestamp as quoteId since API doesn't provide one
+      depositAddress: rawResponse.quote.depositAddress,
+      amountIn: rawResponse.quote.amountIn,
+      amountInFormatted: rawResponse.quote.amountInFormatted,
+      amountOut: rawResponse.quote.amountOut,
+      amountOutFormatted: rawResponse.quote.amountOutFormatted,
+      amountOutUsd: rawResponse.quote.amountOutUsd,
+      deadline: rawResponse.quote.deadline,
+      timeEstimate: rawResponse.quote.timeEstimate,
+      signature: rawResponse.signature,
+      request: rawResponse.quoteRequest
+    };
   }
   /**
    * Request a dry quote (preview without deposit address)
@@ -2369,8 +2468,10 @@ var DEFAULT_ASSET_MAPPINGS = {
   "arbitrum:ETH": "nep141:arb.omft.near",
   // Base assets
   "base:ETH": "nep141:base.omft.near",
-  // Polygon assets
-  "polygon:MATIC": "nep141:matic.omft.near"
+  // Polygon assets (support both MATIC and POL symbols)
+  "polygon:MATIC": "nep141:matic.omft.near",
+  "polygon:POL": "nep141:matic.omft.near"
+  // POL is the rebranded MATIC
 };
 var CHAIN_BLOCKCHAIN_MAP = {
   near: "near",
@@ -2418,6 +2519,23 @@ var NEARIntentsAdapter = class {
    */
   async prepareSwap(request, recipientMetaAddress, senderAddress) {
     this.validateRequest(request);
+    const inputChain = request.inputAsset.chain;
+    if (senderAddress) {
+      if (!isAddressValidForChain(senderAddress, inputChain)) {
+        const inputChainType = getChainAddressType(inputChain);
+        const senderFormat = senderAddress.startsWith("0x") ? "EVM" : /^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(senderAddress) ? "Solana" : /^[0-9a-f]{64}$/.test(senderAddress) || /^[a-z0-9._-]+$/.test(senderAddress) ? "NEAR" : "unknown";
+        throw new ValidationError(
+          `Wallet address format doesn't match input chain. You're swapping FROM ${inputChain} (${inputChainType} format) but your connected wallet uses ${senderFormat} format. Please connect a wallet that matches the source chain (${inputChain}).`,
+          "senderAddress",
+          {
+            inputChain,
+            expectedFormat: inputChainType,
+            receivedFormat: senderFormat,
+            hint: `For ${inputChain} swaps, connect a ${inputChainType === "evm" ? "MetaMask or EVM" : inputChainType} wallet.`
+          }
+        );
+      }
+    }
     let recipientAddress;
     let refundAddress = senderAddress;
     let stealthData;
@@ -2482,22 +2600,22 @@ var NEARIntentsAdapter = class {
         );
       }
       if (!senderAddress) {
-        const inputChain = request.inputAsset.chain;
-        const inputChainType = CHAIN_BLOCKCHAIN_MAP[inputChain];
-        if (isEd25519Chain(inputChain)) {
+        const inputChain2 = request.inputAsset.chain;
+        const inputChainType = CHAIN_BLOCKCHAIN_MAP[inputChain2];
+        if (isEd25519Chain(inputChain2)) {
           const inputKeyBytes = (metaAddr.spendingKey.length - 2) / 2;
           if (inputKeyBytes === 32) {
             const refundStealth = generateEd25519StealthAddress(metaAddr);
-            if (inputChain === "solana") {
+            if (inputChain2 === "solana") {
               refundAddress = ed25519PublicKeyToSolanaAddress(refundStealth.stealthAddress.address);
-            } else if (inputChain === "near") {
+            } else if (inputChain2 === "near") {
               refundAddress = ed25519PublicKeyToNearAddress(refundStealth.stealthAddress.address);
             }
           } else {
             throw new ValidationError(
-              `Cross-curve refunds not supported: input chain ${inputChain} requires ed25519 but meta-address uses secp256k1. Please provide a senderAddress for refunds, or use matching curves for input/output chains.`,
+              `Cross-curve refunds not supported: input chain ${inputChain2} requires ed25519 but meta-address uses secp256k1. Please provide a senderAddress for refunds, or use matching curves for input/output chains.`,
               "senderAddress",
-              { inputChain, inputChainType, metaAddressCurve: "secp256k1" }
+              { inputChain: inputChain2, inputChainType, metaAddressCurve: "secp256k1" }
             );
           }
         } else if (inputChainType === "evm") {
@@ -2507,16 +2625,16 @@ var NEARIntentsAdapter = class {
             refundAddress = publicKeyToEthAddress(refundStealth.stealthAddress.address);
           } else {
             throw new ValidationError(
-              `Cross-curve refunds not supported: input chain ${inputChain} requires secp256k1 but meta-address uses ed25519. Please provide a senderAddress for refunds, or use matching curves for input/output chains.`,
+              `Cross-curve refunds not supported: input chain ${inputChain2} requires secp256k1 but meta-address uses ed25519. Please provide a senderAddress for refunds, or use matching curves for input/output chains.`,
               "senderAddress",
-              { inputChain, inputChainType, metaAddressCurve: "ed25519" }
+              { inputChain: inputChain2, inputChainType, metaAddressCurve: "ed25519" }
             );
           }
         } else {
           throw new ValidationError(
-            `senderAddress is required for refunds on ${inputChain}. Automatic refund address generation is only supported for EVM, Solana, and NEAR chains.`,
+            `senderAddress is required for refunds on ${inputChain2}. Automatic refund address generation is only supported for EVM, Solana, and NEAR chains.`,
             "senderAddress",
-            { inputChain, inputChainType }
+            { inputChain: inputChain2, inputChainType }
           );
         }
       }

package/dist/index.mjs

@@ -197,7 +197,7 @@ import {
   walletRegistry,
   withSecureBuffer,
   withSecureBufferSync
-} from "./chunk-MR7HRCRS.mjs";
+} from "./chunk-5BAS4D44.mjs";
 import {
   CryptoError,
   EncryptionNotImplementedError,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sip-protocol/sdk",
-  "version": "0.2.5",
+  "version": "0.2.7",
   "description": "Core SDK for Shielded Intents Protocol - Privacy layer for cross-chain transactions",
   "author": "SIP Protocol <hello@sip-protocol.org>",
   "homepage": "https://sip-protocol.org",

package/src/adapters/near-intents.ts

@@ -40,6 +40,7 @@ import {
   type StealthCurve,
 } from '../stealth'
 import { ValidationError } from '../errors'
+import { isAddressValidForChain, getChainAddressType } from '../validation'
 
 /**
  * Swap request parameters (simplified interface for adapter)
@@ -155,8 +156,9 @@ const DEFAULT_ASSET_MAPPINGS: Record<string, DefuseAssetId> = {
   // Base assets
   'base:ETH': 'nep141:base.omft.near',
 
-  // Polygon assets
+  // Polygon assets (support both MATIC and POL symbols)
   'polygon:MATIC': 'nep141:matic.omft.near',
+  'polygon:POL': 'nep141:matic.omft.near', // POL is the rebranded MATIC
 }
 
 /**
@@ -247,6 +249,30 @@ export class NEARIntentsAdapter {
     // Validate request
     this.validateRequest(request)
 
+    // Validate senderAddress matches input chain if provided
+    const inputChain = request.inputAsset.chain
+    if (senderAddress) {
+      if (!isAddressValidForChain(senderAddress, inputChain)) {
+        const inputChainType = getChainAddressType(inputChain)
+        const senderFormat = senderAddress.startsWith('0x') ? 'EVM' :
+          /^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(senderAddress) ? 'Solana' :
+          /^[0-9a-f]{64}$/.test(senderAddress) || /^[a-z0-9._-]+$/.test(senderAddress) ? 'NEAR' : 'unknown'
+
+        throw new ValidationError(
+          `Wallet address format doesn't match input chain. ` +
+          `You're swapping FROM ${inputChain} (${inputChainType} format) but your connected wallet uses ${senderFormat} format. ` +
+          `Please connect a wallet that matches the source chain (${inputChain}).`,
+          'senderAddress',
+          {
+            inputChain,
+            expectedFormat: inputChainType,
+            receivedFormat: senderFormat,
+            hint: `For ${inputChain} swaps, connect a ${inputChainType === 'evm' ? 'MetaMask or EVM' : inputChainType} wallet.`
+          }
+        )
+      }
+    }
+
     // Determine recipient address
     let recipientAddress: string
     let refundAddress: string | undefined = senderAddress

package/src/adapters/oneclick-client.ts

@@ -91,7 +91,39 @@ export class OneClickClient {
    */
   async quote(request: OneClickQuoteRequest): Promise<OneClickQuoteResponse> {
     this.validateQuoteRequest(request)
-    return this.post<OneClickQuoteResponse>('/v0/quote', request)
+    // The 1Click API returns a nested structure: { quote: {...}, signature, timestamp }
+    // We flatten it to match our OneClickQuoteResponse type
+    const rawResponse = await this.post<{
+      quote: {
+        amountIn: string
+        amountInFormatted: string
+        amountInUsd?: string
+        amountOut: string
+        amountOutFormatted: string
+        amountOutUsd?: string
+        depositAddress: string
+        deadline: string
+        timeEstimate: number
+      }
+      quoteRequest: OneClickQuoteRequest
+      signature: string
+      timestamp: string
+    }>('/v0/quote', request)
+
+    // Flatten the response
+    return {
+      quoteId: rawResponse.timestamp, // Use timestamp as quoteId since API doesn't provide one
+      depositAddress: rawResponse.quote.depositAddress,
+      amountIn: rawResponse.quote.amountIn,
+      amountInFormatted: rawResponse.quote.amountInFormatted,
+      amountOut: rawResponse.quote.amountOut,
+      amountOutFormatted: rawResponse.quote.amountOutFormatted,
+      amountOutUsd: rawResponse.quote.amountOutUsd,
+      deadline: rawResponse.quote.deadline,
+      timeEstimate: rawResponse.quote.timeEstimate,
+      signature: rawResponse.signature,
+      request: rawResponse.quoteRequest,
+    }
   }
 
   /**

package/src/validation.ts

@@ -377,6 +377,132 @@ export function validateTimestamp(
   }
 }
 
+// ─── Address Format Validation ──────────────────────────────────────────────────
+
+/**
+ * Check if an address is a valid EVM address (0x + 40 hex chars)
+ */
+export function isValidEvmAddress(address: string): boolean {
+  if (typeof address !== 'string') return false
+  return /^0x[0-9a-fA-F]{40}$/.test(address)
+}
+
+/**
+ * Check if an address is a valid Solana address (base58, 32-44 chars)
+ */
+export function isValidSolanaAddressFormat(address: string): boolean {
+  if (typeof address !== 'string') return false
+  // Solana addresses are base58-encoded 32-byte public keys
+  // Typically 32-44 characters, using base58 alphabet (no 0, O, I, l)
+  return /^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(address)
+}
+
+/**
+ * Check if an address is a valid NEAR account ID (named or implicit)
+ */
+export function isValidNearAddressFormat(address: string): boolean {
+  if (typeof address !== 'string') return false
+
+  // Implicit account: 64 hex characters
+  if (/^[0-9a-f]{64}$/.test(address)) return true
+
+  // Named account: 2-64 chars, lowercase alphanumeric with . _ -
+  if (address.length < 2 || address.length > 64) return false
+  if (!/^[a-z0-9]([a-z0-9._-]*[a-z0-9])?$/.test(address)) return false
+  if (address.includes('..')) return false
+
+  return true
+}
+
+/**
+ * Get the expected address format for a chain
+ */
+export function getChainAddressType(chain: ChainId): 'evm' | 'solana' | 'near' | 'zcash' | 'unknown' {
+  switch (chain) {
+    case 'ethereum':
+    case 'polygon':
+    case 'arbitrum':
+    case 'optimism':
+    case 'base':
+      return 'evm'
+    case 'solana':
+      return 'solana'
+    case 'near':
+      return 'near'
+    case 'zcash':
+      return 'zcash'
+    default:
+      return 'unknown'
+  }
+}
+
+/**
+ * Validate that an address matches the expected chain format
+ *
+ * @param address - The address to validate
+ * @param chain - The chain the address should be valid for
+ * @param field - Field name for error messages
+ * @throws {ValidationError} If address format doesn't match chain
+ */
+export function validateAddressForChain(address: string, chain: ChainId, field: string = 'address'): void {
+  const addressType = getChainAddressType(chain)
+
+  switch (addressType) {
+    case 'evm':
+      if (!isValidEvmAddress(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected EVM address (0x + 40 hex chars), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: '0x...', receivedFormat: address.startsWith('0x') ? 'hex but wrong length' : 'not hex' }
+        )
+      }
+      break
+    case 'solana':
+      if (!isValidSolanaAddressFormat(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected Solana address (base58, 32-44 chars), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: 'base58', receivedFormat: address.startsWith('0x') ? 'looks like EVM' : 'unknown' }
+        )
+      }
+      break
+    case 'near':
+      if (!isValidNearAddressFormat(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected NEAR account ID (named or implicit), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: 'alice.near or 64 hex chars' }
+        )
+      }
+      break
+    case 'zcash':
+      // Zcash has multiple formats (t-addr, z-addr, u-addr) - accept any non-empty string for now
+      if (!address || address.length === 0) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected Zcash address.`,
+          field,
+          { chain }
+        )
+      }
+      break
+    default:
+      // Unknown chain - skip validation
+      break
+  }
+}
+
+/**
+ * Check if an address format matches a chain (non-throwing version)
+ */
+export function isAddressValidForChain(address: string, chain: ChainId): boolean {
+  try {
+    validateAddressForChain(address, chain)
+    return true
+  } catch {
+    return false
+  }
+}
+
 // ─── Composite Validators ──────────────────────────────────────────────────────
 
 /**