@smartagentkit/sdk 0.1.2 → 0.1.3

package/dist/index.js

@@ -86,6 +86,7 @@ var ENTRYPOINT_V07 = "0x0000000071727De22E5E9d8BAf0edAc6f37da032";
 var SAFE_7579_MODULE = "0x7579EE8307284F293B1927136486880611F20002";
 var SAFE_7579_LAUNCHPAD = "0x7579011aB74c46090561ea277Ba79D510c6C00ff";
 var RHINESTONE_ATTESTER = "0x000000333034E9f539ce08819E12c1b8Cb29084d";
+var SMART_SESSIONS_VALIDATOR = "0x00000000002B0eCfbD0496EE71e01257dA0E37DE";
 var ATTESTERS_THRESHOLD = 1;
 var WINDOW_1_HOUR = 3600;
 var WINDOW_1_DAY = 86400;
@@ -223,15 +224,6 @@ var MODULE_ONINSTALL_ABI = [
     stateMutability: "nonpayable"
   }
 ];
-var SET_TRUSTED_FORWARDER_ABI = [
-  {
-    name: "setTrustedForwarder",
-    type: "function",
-    inputs: [{ name: "forwarder", type: "address" }],
-    outputs: [],
-    stateMutability: "nonpayable"
-  }
-];
 var HOOK_MULTIPLEXER_ABI = [
   {
     name: "addHook",
@@ -258,119 +250,6 @@ var MODULE_ADDRESSES = {
   // Will be populated after deployment
 };
 
-// src/presets.ts
-var PRESETS = {
-  /**
-   * DeFi Trader preset:
-   *   - Daily spending limit on ETH and stablecoins
-   *   - Allowlist of approved DEX contracts
-   *   - Emergency pause with owner as guardian
-   */
-  "defi-trader": (owner, params = {}) => [
-    {
-      type: "spending-limit",
-      limits: [
-        {
-          token: NATIVE_TOKEN,
-          limit: params.dailyEthLimit ?? (0, import_viem.parseEther)("1"),
-          window: WINDOW_1_DAY
-        },
-        ...params.stablecoinLimits ?? []
-      ]
-    },
-    // Only include allowlist if specific DEXes are provided;
-    // an empty allowlist in "allow" mode would block all transactions.
-    ...params.allowedDexes?.length ? [
-      {
-        type: "allowlist",
-        mode: "allow",
-        targets: params.allowedDexes.map((addr) => ({
-          address: addr,
-          selector: "0x00000000"
-        }))
-      }
-    ] : [],
-    {
-      type: "emergency-pause",
-      guardian: params.guardian ?? owner,
-      autoUnpauseAfter: WINDOW_1_DAY
-    }
-  ],
-  /**
-   * Treasury Agent preset:
-   *   - Lower spending limits with longer windows
-   *   - Emergency pause (manual only)
-   */
-  "treasury-agent": (owner, params = {}) => [
-    {
-      type: "spending-limit",
-      limits: [
-        {
-          token: NATIVE_TOKEN,
-          limit: params.weeklyEthLimit ?? (0, import_viem.parseEther)("5"),
-          window: WINDOW_1_WEEK
-        }
-      ]
-    },
-    {
-      type: "emergency-pause",
-      guardian: params.guardian ?? owner,
-      autoUnpauseAfter: 0
-    }
-  ],
-  /**
-   * Payment Agent preset:
-   *   - Strict spending limits
-   *   - Allowlist of approved recipients only
-   *   - Emergency pause
-   */
-  "payment-agent": (owner, params = {}) => [
-    {
-      type: "spending-limit",
-      limits: [
-        {
-          token: NATIVE_TOKEN,
-          limit: params.dailyLimit ?? (0, import_viem.parseEther)("0.1"),
-          window: WINDOW_1_DAY
-        }
-      ]
-    },
-    // Only include allowlist if specific recipients are provided;
-    // an empty allowlist in "allow" mode would block all transactions.
-    ...params.approvedRecipients?.length ? [
-      {
-        type: "allowlist",
-        mode: "allow",
-        targets: params.approvedRecipients.map(
-          (addr) => ({
-            address: addr
-          })
-        )
-      }
-    ] : [],
-    {
-      type: "emergency-pause",
-      guardian: params.guardian ?? owner,
-      autoUnpauseAfter: 3600
-    }
-  ],
-  /**
-   * Minimal preset:
-   *   - Just emergency pause
-   *   - For agents that need maximum flexibility with a kill switch
-   */
-  minimal: (owner, params = {}) => [
-    {
-      type: "emergency-pause",
-      guardian: params.guardian ?? owner,
-      autoUnpauseAfter: 0
-    }
-  ]
-};
-
-// src/policies.ts
-var import_viem2 = require("viem");
-
 // src/errors.ts
 var SmartAgentKitError = class extends Error {
   constructor(message, options) {
@@ -421,7 +300,174 @@ var SessionError = class extends SmartAgentKitError {
   }
 };
 
+// src/presets.ts
+function validatePresetParams(presetName, params, spec) {
+  for (const [key, expectedType] of Object.entries(spec)) {
+    if (params[key] === void 0) continue;
+    const value = params[key];
+    switch (expectedType) {
+      case "bigint":
+        if (typeof value !== "bigint") {
+          throw new PolicyConfigError(
+            `Preset "${presetName}": parameter "${key}" must be a bigint, got ${typeof value}`
+          );
+        }
+        break;
+      case "Address":
+        if (typeof value !== "string" || !(0, import_viem.isAddress)(value)) {
+          throw new PolicyConfigError(
+            `Preset "${presetName}": parameter "${key}" must be a valid Ethereum address`
+          );
+        }
+        break;
+      case "Address[]":
+        if (!Array.isArray(value) || !value.every((v) => typeof v === "string" && (0, import_viem.isAddress)(v))) {
+          throw new PolicyConfigError(
+            `Preset "${presetName}": parameter "${key}" must be an array of valid Ethereum addresses`
+          );
+        }
+        break;
+    }
+  }
+}
+var PRESETS = {
+  /**
+   * DeFi Trader preset:
+   *   - Daily spending limit on ETH and stablecoins
+   *   - Allowlist of approved DEX contracts
+   *   - Emergency pause with owner as guardian
+   */
+  "defi-trader": (owner, params = {}) => {
+    validatePresetParams("defi-trader", params, {
+      dailyEthLimit: "bigint",
+      guardian: "Address",
+      allowedDexes: "Address[]"
+    });
+    return [
+      {
+        type: "spending-limit",
+        limits: [
+          {
+            token: NATIVE_TOKEN,
+            limit: params.dailyEthLimit ?? (0, import_viem.parseEther)("1"),
+            window: WINDOW_1_DAY
+          },
+          ...params.stablecoinLimits ?? []
+        ]
+      },
+      // Only include allowlist if specific DEXes are provided;
+      // an empty allowlist in "allow" mode would block all transactions.
+      ...params.allowedDexes?.length ? [
+        {
+          type: "allowlist",
+          mode: "allow",
+          targets: params.allowedDexes.map((addr) => ({
+            address: addr
+            // Omit selector to use the wildcard (0x431e2cf5) — allows all
+            // function calls, not just ETH transfers. 0x00000000 is NOT a
+            // wildcard; it only matches empty calldata.
+          }))
+        }
+      ] : [],
+      {
+        type: "emergency-pause",
+        guardian: params.guardian ?? owner,
+        autoUnpauseAfter: WINDOW_1_DAY
+      }
+    ];
+  },
+  /**
+   * Treasury Agent preset:
+   *   - Lower spending limits with longer windows
+   *   - Emergency pause (manual only)
+   */
+  "treasury-agent": (owner, params = {}) => {
+    validatePresetParams("treasury-agent", params, {
+      weeklyEthLimit: "bigint",
+      guardian: "Address"
+    });
+    return [
+      {
+        type: "spending-limit",
+        limits: [
+          {
+            token: NATIVE_TOKEN,
+            limit: params.weeklyEthLimit ?? (0, import_viem.parseEther)("5"),
+            window: WINDOW_1_WEEK
+          }
+        ]
+      },
+      {
+        type: "emergency-pause",
+        guardian: params.guardian ?? owner,
+        autoUnpauseAfter: 0
+      }
+    ];
+  },
+  /**
+   * Payment Agent preset:
+   *   - Strict spending limits
+   *   - Allowlist of approved recipients only
+   *   - Emergency pause
+   */
+  "payment-agent": (owner, params = {}) => {
+    validatePresetParams("payment-agent", params, {
+      dailyLimit: "bigint",
+      guardian: "Address",
+      approvedRecipients: "Address[]"
+    });
+    return [
+      {
+        type: "spending-limit",
+        limits: [
+          {
+            token: NATIVE_TOKEN,
+            limit: params.dailyLimit ?? (0, import_viem.parseEther)("0.1"),
+            window: WINDOW_1_DAY
+          }
+        ]
+      },
+      // Only include allowlist if specific recipients are provided;
+      // an empty allowlist in "allow" mode would block all transactions.
+      ...params.approvedRecipients?.length ? [
+        {
+          type: "allowlist",
+          mode: "allow",
+          targets: params.approvedRecipients.map(
+            (addr) => ({
+              address: addr
+            })
+          )
+        }
+      ] : [],
+      {
+        type: "emergency-pause",
+        guardian: params.guardian ?? owner,
+        autoUnpauseAfter: 3600
+      }
+    ];
+  },
+  /**
+   * Minimal preset:
+   *   - Just emergency pause
+   *   - For agents that need maximum flexibility with a kill switch
+   */
+  minimal: (owner, params = {}) => {
+    validatePresetParams("minimal", params, {
+      guardian: "Address"
+    });
+    return [
+      {
+        type: "emergency-pause",
+        guardian: params.guardian ?? owner,
+        autoUnpauseAfter: 0
+      }
+    ];
+  }
+};
+
 // src/policies.ts
+var import_viem2 = require("viem");
 function encodePolicyInitData(policy, moduleAddresses, trustedForwarder = "0x0000000000000000000000000000000000000000") {
   const zeroAddress = "0x0000000000000000000000000000000000000000";
   switch (policy.type) {
@@ -536,11 +582,11 @@ var base_sepolia_default = {
   safe7579Launchpad: "0x7579011aB74c46090561ea277Ba79D510c6C00ff",
   rhinestoneAttester: "0x000000333034E9f539ce08819E12c1b8Cb29084d",
   hookMultiPlexer: "0xF6782ed057F95f334D04F0Af1Af4D14fb84DE549",
-  spendingLimitHook: "0x0ea97ef2fc52700d1628110a8f411fefb0c0aa8b",
-  allowlistHook: "0x61a2100072d03f66de6f7dd0dfc2f7aa5c91e777",
-  emergencyPauseHook: "0xb8fdc9ee56cfb4077e132eff631b546fe6e79fec",
-  automationExecutor: "0x729c29b35c396b907ed118f00fbe4d4bcc3a7f46",
-  moduleSetupHelper: "0x4f1555baf4b3221c373094d47419596118828e41"
+  spendingLimitHook: "0xd67a5E6784A66Ddf4C09EA7bbf81Ab89532624E4",
+  allowlistHook: "0x7899b03386A3874393A3769D637977d947A9Fc66",
+  emergencyPauseHook: "0xAc0cE5672aED1Bfe5549b885f883a770Acd8cAE3",
+  automationExecutor: "0x795DB663b70bAe110C10694DF3f5D801b76E2b20",
+  moduleSetupHelper: "0xcBb12Eb2CF324B1C34160F72E037589CEEC35Fa0"
 };
 
 // src/deployments/sepolia.json
@@ -701,6 +747,11 @@ function getRemoveAction(permissionId) {
 // src/client.ts
 function resolveAccount(key) {
   if (typeof key === "string") {
+    if (!/^0x[0-9a-fA-F]{64}$/.test(key)) {
+      throw new WalletCreationError(
+        "Invalid private key format. Expected a 0x-prefixed 32-byte hex string."
+      );
+    }
     return (0, import_accounts.privateKeyToAccount)(key);
   }
   return (0, import_accounts.mnemonicToAccount)(key.mnemonic, {
@@ -751,7 +802,7 @@ var SmartAgentKitClient = class {
       const ownerAccount = resolveAccount(ownerKey);
       if (ownerAccount.address.toLowerCase() !== params.owner.toLowerCase()) {
         throw new WalletCreationError(
-          `Owner address mismatch: key derives ${ownerAccount.address} but params.owner is ${params.owner}`
+          "Owner address does not match the provided signing key. Verify that the private key or mnemonic corresponds to the specified owner address."
         );
       }
       const hookModule = (0, import_module_sdk3.getHookMultiPlexer)({
@@ -808,7 +859,7 @@ var SmartAgentKitClient = class {
     } catch (error) {
       if (error instanceof WalletCreationError) throw error;
       throw new WalletCreationError(
-        error instanceof Error ? error.message : String(error),
+        "Wallet deployment failed. Check your RPC/bundler configuration and that the owner key is correct.",
         error
       );
     }
@@ -862,7 +913,13 @@ var SmartAgentKitClient = class {
    * the smart account via Smart Sessions. The session is scoped to
    * specific target contracts, function selectors, and time window.
    *
-   * @returns The session key address, private key, and permission ID.
+   * @returns The session key address and permission ID.
+   *
+   * SECURITY: The session private key is intentionally NOT returned or stored
+   * by the SDK. The caller should use the `sessionKey` address to identify
+   * the session on-chain, and manage key material externally via a secure
+   * key management system. To use a pre-generated key pair, provide the
+   * session key address in `params.sessionKey`.
    */
   async createSession(wallet, params, ownerKey) {
     const client = this.getWalletClient(wallet.address);
@@ -915,7 +972,6 @@ var SmartAgentKitClient = class {
       walletSessions.push({
         permissionId,
         sessionKeyAddress: sessionAccount.address,
-        sessionKeyPrivateKey: sessionPrivateKey,
         expiresAt: params.expiresAt,
         actions: params.actions.map((a) => ({
           target: a.target,
@@ -925,13 +981,12 @@ var SmartAgentKitClient = class {
       this.sessions.set(wallet.address, walletSessions);
       return {
         sessionKey: sessionAccount.address,
-        privateKey: sessionPrivateKey,
         permissionId
       };
     } catch (error) {
       if (error instanceof SessionError) throw error;
       throw new SessionError(
-        error instanceof Error ? error.message : String(error)
+        "Session creation failed. Check that the wallet is deployed and the owner key is correct."
       );
     }
   }
@@ -952,7 +1007,7 @@ var SmartAgentKitClient = class {
       );
     } catch (error) {
       throw new SessionError(
-        error instanceof Error ? error.message : String(error)
+        "Session revocation failed. Check the permission ID and wallet connection."
       );
     }
   }
@@ -976,6 +1031,7 @@ var SmartAgentKitClient = class {
    * Hooks (spending limits, allowlist, pause) are enforced on-chain.
    */
   async execute(wallet, params) {
+    this.validateTransaction(params, wallet.address);
     const client = this.getWalletClient(wallet.address);
     try {
       const hash = await client.sendTransaction({
@@ -989,8 +1045,9 @@ var SmartAgentKitClient = class {
       });
       return hash;
     } catch (error) {
+      if (error instanceof ExecutionError) throw error;
       throw new ExecutionError(
-        error instanceof Error ? error.message : String(error),
+        "Transaction failed. Check that the target, value, and calldata are correct.",
         error
       );
     }
@@ -1000,6 +1057,9 @@ var SmartAgentKitClient = class {
    * All calls are encoded into a single UserOperation with batch mode.
    */
   async executeBatch(wallet, params) {
+    for (const call of params.calls) {
+      this.validateTransaction(call, wallet.address);
+    }
     const client = this.getWalletClient(wallet.address);
     try {
       const calls = params.calls.map((call) => ({
@@ -1012,8 +1072,9 @@ var SmartAgentKitClient = class {
       });
       return hash;
     } catch (error) {
+      if (error instanceof ExecutionError) throw error;
       throw new ExecutionError(
-        error instanceof Error ? error.message : String(error),
+        "Batch transaction failed. Check that all targets, values, and calldata are correct.",
         error
       );
     }
@@ -1116,10 +1177,58 @@ var SmartAgentKitClient = class {
   }
   // ─── Private Helpers ──────────────────────────────────────────
   resolvePolicies(params) {
+    let policies;
     if (params.preset) {
-      return PRESETS[params.preset](params.owner, params.presetParams);
+      policies = PRESETS[params.preset](params.owner, params.presetParams);
+    } else {
+      policies = params.policies ?? [];
     }
-    return params.policies ?? [];
+    if (policies.length > 0 && this.config.moduleAddresses) {
+      const moduleAddresses = this.config.moduleAddresses;
+      const infrastructureAddresses = [];
+      if (moduleAddresses.spendingLimitHook) {
+        infrastructureAddresses.push(moduleAddresses.spendingLimitHook);
+      }
+      if (moduleAddresses.allowlistHook) {
+        infrastructureAddresses.push(moduleAddresses.allowlistHook);
+      }
+      if (moduleAddresses.emergencyPauseHook) {
+        infrastructureAddresses.push(moduleAddresses.emergencyPauseHook);
+      }
+      if (moduleAddresses.automationExecutor) {
+        infrastructureAddresses.push(moduleAddresses.automationExecutor);
+      }
+      infrastructureAddresses.push(HOOK_MULTIPLEXER_ADDRESS);
+      infrastructureAddresses.push(SMART_SESSIONS_VALIDATOR);
+      let hasAllowlist = false;
+      for (const policy of policies) {
+        if (policy.type === "allowlist") {
+          hasAllowlist = true;
+          const existing = new Set(
+            (policy.protectedAddresses ?? []).map((a) => a.toLowerCase())
+          );
+          const merged = [...policy.protectedAddresses ?? []];
+          for (const addr of infrastructureAddresses) {
+            if (!existing.has(addr.toLowerCase())) {
+              merged.push(addr);
+            }
+          }
+          policy.protectedAddresses = merged;
+        }
+      }
+      const hasHooks = policies.some(
+        (p) => p.type === "spending-limit" || p.type === "emergency-pause"
+      );
+      if (hasHooks && !hasAllowlist) {
+        policies.push({
+          type: "allowlist",
+          mode: "block",
+          targets: [],
+          protectedAddresses: infrastructureAddresses
+        });
+      }
+    }
+    return policies;
   }
   requireModuleAddresses(policies) {
     if (policies.length === 0) return void 0;
@@ -1177,7 +1286,7 @@ var SmartAgentKitClient = class {
       switch (policy.type) {
         case "spending-limit": {
           const hookAddress = moduleAddresses.spendingLimitHook;
-          const initData = encodeSpendingLimitInitData(policy);
+          const initData = encodeSpendingLimitInitData(policy, hookMultiPlexerAddress);
           this.pushSubHookInitCalls(
             calls,
             hookAddress,
@@ -1188,7 +1297,7 @@ var SmartAgentKitClient = class {
         }
         case "allowlist": {
           const hookAddress = moduleAddresses.allowlistHook;
-          const initData = encodeAllowlistInitData(policy);
+          const initData = encodeAllowlistInitData(policy, hookMultiPlexerAddress);
           this.pushSubHookInitCalls(
             calls,
             hookAddress,
@@ -1199,7 +1308,7 @@ var SmartAgentKitClient = class {
         }
         case "emergency-pause": {
           const hookAddress = moduleAddresses.emergencyPauseHook;
-          const initData = encodeEmergencyPauseInitData(policy);
+          const initData = encodeEmergencyPauseInitData(policy, hookMultiPlexerAddress);
           this.pushSubHookInitCalls(
             calls,
             hookAddress,
@@ -1218,10 +1327,13 @@ var SmartAgentKitClient = class {
     });
   }
   /**
-   * Push the 3 calls needed to initialize a sub-hook:
-   * 1. onInstall(initData) on the sub-hook
-   * 2. setTrustedForwarder(multiplexer) on the sub-hook
-   * 3. addHook(hookAddr, GLOBAL) on the HookMultiPlexer
+   * Push the 2 calls needed to initialize a sub-hook:
+   * 1. onInstall(initData) on the sub-hook — sets trusted forwarder from init data
+   * 2. addHook(hookAddr, GLOBAL) on the HookMultiPlexer
+   *
+   * Note: The trusted forwarder is now set during onInstall via the encoded init data
+   * (passed as the first parameter). A separate setTrustedForwarder call is no longer
+   * needed, reducing gas cost and batch size.
    */
   pushSubHookInitCalls(calls, hookAddress, initData, hookMultiPlexerAddress) {
     calls.push({
@@ -1233,15 +1345,6 @@ var SmartAgentKitClient = class {
         args: [initData]
       })
     });
-    calls.push({
-      to: hookAddress,
-      value: 0n,
-      data: (0, import_viem4.encodeFunctionData)({
-        abi: SET_TRUSTED_FORWARDER_ABI,
-        functionName: "setTrustedForwarder",
-        args: [hookMultiPlexerAddress]
-      })
-    });
     calls.push({
       to: hookMultiPlexerAddress,
       value: 0n,
@@ -1296,6 +1399,69 @@ var SmartAgentKitClient = class {
       }
     });
   }
+  /**
+   * Collect all known infrastructure addresses that must never be
+   * targeted by agent-initiated transactions. This prevents an AI agent
+   * from calling hook admin functions (setGuardian, clearTrustedForwarder,
+   * removeSpendingLimit, removeHook, etc.) to weaken its own policy constraints.
+   */
+  getProtectedAddresses() {
+    const addresses = /* @__PURE__ */ new Set();
+    addresses.add(ENTRYPOINT_V07.toLowerCase());
+    addresses.add(HOOK_MULTIPLEXER_ADDRESS.toLowerCase());
+    addresses.add(SAFE_7579_MODULE.toLowerCase());
+    addresses.add(SAFE_7579_LAUNCHPAD.toLowerCase());
+    addresses.add(SMART_SESSIONS_VALIDATOR.toLowerCase());
+    const moduleAddresses = this.config.moduleAddresses;
+    if (moduleAddresses) {
+      if (moduleAddresses.spendingLimitHook) {
+        addresses.add(moduleAddresses.spendingLimitHook.toLowerCase());
+      }
+      if (moduleAddresses.allowlistHook) {
+        addresses.add(moduleAddresses.allowlistHook.toLowerCase());
+      }
+      if (moduleAddresses.emergencyPauseHook) {
+        addresses.add(moduleAddresses.emergencyPauseHook.toLowerCase());
+      }
+      if (moduleAddresses.automationExecutor) {
+        addresses.add(moduleAddresses.automationExecutor.toLowerCase());
+      }
+    }
+    return addresses;
+  }
+  /**
+   * Validate a transaction before submission. Blocks calls to infrastructure
+   * addresses and validates input parameters.
+   *
+   * @throws ExecutionError if the transaction targets a protected address
+   *         or has invalid parameters.
+   */
+  validateTransaction(params, walletAddress) {
+    if (!(0, import_viem4.isAddress)(params.target)) {
+      throw new ExecutionError(
+        `Invalid target address: "${params.target}". Expected a 0x-prefixed 20-byte hex address.`
+      );
+    }
+    const protectedAddresses = this.getProtectedAddresses();
+    if (protectedAddresses.has(params.target.toLowerCase())) {
+      throw new ExecutionError(
+        `Transaction blocked: target ${params.target} is a protected infrastructure contract. Agent wallets cannot call hook, multiplexer, or EntryPoint contracts directly.`
+      );
+    }
+    if (walletAddress && params.target.toLowerCase() === walletAddress.toLowerCase()) {
+      throw new ExecutionError(
+        `Transaction blocked: target ${params.target} is the wallet's own address. Self-calls could be used to uninstall security modules.`
+      );
+    }
+    if (params.value !== void 0 && params.value < 0n) {
+      throw new ExecutionError("Transaction value cannot be negative.");
+    }
+    if (params.data && params.data !== "0x" && !(0, import_viem4.isHex)(params.data)) {
+      throw new ExecutionError(
+        `Invalid calldata: "${params.data}". Expected a 0x-prefixed hex string.`
+      );
+    }
+  }
   getWalletClient(walletAddress) {
     const client = this.walletClients.get(walletAddress);
     if (!client) {
@@ -1351,4 +1517,3 @@ var SmartAgentKitClient = class {
   getRemoveSessionAction,
   getSmartSessionsModule
 });
-//# sourceMappingURL=index.js.map