npm - @steerprotocol/curator-tools - Versions diffs - 1.2.0 → 1.4.0 - Mend

@steerprotocol/curator-tools 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -5,7 +5,7 @@ This project implements a centralized "Top-Level Authority" for the EAS (Ethereu
 ## Components
 ### Smart Contracts
-- **SteerAuthorityResolver.sol**: An EAS Schema Resolver that enforces curator permissions. It validates that the attester is authorized for the specified vault and that the attestation is made on the correct network.
+- **SteerAuthorityResolver.sol**: An EAS Schema Resolver that enforces curator permissions. It validates that the attester is authorized for the specified vault; the attestation payload includes a `targetChainId` for cross-chain overrides stored canonically on Arbitrum One.
 - **Access Control**: Uses OpenZeppelin's `Ownable2Step` for secure management of the top-level authority role.
 ### Management Tooling
@@ -40,25 +40,132 @@ This project implements a centralized "Top-Level Authority" for the EAS (Ethereu
   npm test
   ```
+## Features
+- **Curator gating (per vault)**: Only admins can authorize/revoke curators per vault via `setCurator(vault, curator, status)`.
+- **Cross-chain overrides (canonical on Arbitrum One)**: The payload includes a `targetChainId` (encoded in the `chainId` field) so overrides for many chains can be stored on Arbitrum One.
+- **Two-step admin transfers**: Uses OpenZeppelin `Ownable2Step` (`transferOwnership` + `acceptOwnership`) to reduce lockout risk.
+- **Operational scripting**: Foundry scripts for deployment, curator management, and admin migration.
+- **TypeScript client** (`StrategyStore`):
+  - Reads admin + curator status (`isAdmin`, `isCurator`).
+  - Encodes admin transactions (`registerCuratorTx`) for dashboards.
+  - Optional strict vault validation via `VaultRegistry.getVaultDetails(...)`.
+  - Address resolution via `@steerprotocol/sdk` with a temporary Arbitrum resolver override.
+## EAS Schema (Option B: Cross-Chain Overrides)
+Canonical overrides are stored on **Arbitrum One**, and the payload’s `chainId` field is treated as a `targetChainId`.
+- **Schema string**: `address vault,uint256 chainId,uint256 strategyTokenId,string manifestCid`
+- **Semantics**: `chainId` is `targetChainId` (it may differ from `block.chainid`)
+- **SchemaRegistry (Arbitrum One)**: `0xA310da9c5B885E7fb3fbA9D66E9Ba6Df512b78eB`
+- **Resolver (Arbitrum One)**: `0xD36E3f33c6f1814F6923835Ae7dC508FEDA14b62`
+- **Schema revocable**: `true`
+- **Schema UID**: `0x2a8ed2dea14b650384d87e1a9fdcd56ab7489fac437134f594f518d9538cbab9`
+- **Deprecated schema (no resolver)**: `0x62b656756a16bd3d2ef501cd9493c603fd90b050d6e9cfffc8e450639ce30a27` (registered with resolver `address(0)`, so it enforces no on-chain curator checks)
+## User Flows
+### Admin
+1. Deploy `SteerAuthorityResolver`.
+2. Authorize/revoke curators per vault.
+3. Migrate admin control to a new owner (EOA or multisig) using the 2-step ownership flow.
+### Curator
+1. Create an EAS attestation for a vault override.
+2. Resolver validates curator authorization for the target vault.
+3. If valid, the attestation is recorded by EAS. The payload includes a `targetChainId` so indexers/integrators can interpret which chain the override applies to.
+### Integrator (frontend / indexer / backend)
+1. Read curator authorization per vault.
+2. (Optional) Validate vault addresses via `VaultRegistry` before trusting overrides.
+3. Build admin UI flows by generating `to`/`data` transactions via `StrategyStore`.
 ## Usage
+### Deploying the Resolver (Foundry)
+Deploys on Arbitrum One using the official Arbitrum One EAS address hardcoded in `script/DeploySteerAuthorityResolver.s.sol`.
+```bash
+export PRIVATE_KEY=<DEPLOYER_PRIVATE_KEY>
+export RPC_URL=<ARBITRUM_ONE_RPC_URL>
+forge script script/DeploySteerAuthorityResolver.s.sol:DeploySteerAuthorityResolver --rpc-url "$RPC_URL" --broadcast
+```
+Broadcast results (including deployed address) are written under `broadcast/`.
+### Registering the Cross-Chain Schema (Foundry)
+Registers a new schema on Arbitrum One’s SchemaRegistry with `SteerAuthorityResolver` as the resolver.
+```bash
+export PRIVATE_KEY=<REGISTERER_PRIVATE_KEY>
+export RPC_URL=<ARBITRUM_ONE_RPC_URL>
+export RESOLVER_ADDRESS=<DEPLOYED_RESOLVER>
+forge script script/RegisterSteerCrosschainSchema.s.sol:RegisterSteerCrosschainSchema --rpc-url "$RPC_URL" --broadcast
+```
+**Encoding (Solidity)**
+```solidity
+bytes memory data = abi.encode(vault, targetChainId, strategyTokenId, manifestCid);
+```
+**Encoding (TypeScript)**
+```ts
+const data = StrategyStore.encodeOverrideAttestationData(vault, targetChainId, 1n, manifestCid);
+```
 ### Managing Curators via CLI
-To authorize a curator for a vault, use the `ManageCurators` script:
+Authorize/revoke a curator for a specific vault.
 ```bash
-export RESOLVER_ADDRESS=<DEPLYOED_RESOLVER>
+export RESOLVER_ADDRESS=<DEPLOYED_RESOLVER>
 export VAULT=<VAULT_ADDRESS>
 export CURATOR=<CURATOR_ADDRESS>
 export STATUS=true # true to authorize, false to revoke
 export PRIVATE_KEY=<ADMIN_PRIVATE_KEY>
+export RPC_URL=<ARBITRUM_ONE_RPC_URL>
+forge script script/ManageCurators.s.sol:ManageCurators --rpc-url "$RPC_URL" --broadcast
+```
-forge script script/ManageCurators.s.sol --rpc-url <RPC_URL> --broadcast
+### Migrating Admin Control (Ownership)
+Admin migration is a 2-step flow because the resolver uses `Ownable2Step`.
+**Step 1: Initiate transfer (current admin)**
+```bash
+export RESOLVER_ADDRESS=<DEPLOYED_RESOLVER>
+export NEW_OWNER=<NEW_ADMIN_ADDRESS>
+export PRIVATE_KEY=<CURRENT_ADMIN_PRIVATE_KEY>
+export RPC_URL=<ARBITRUM_ONE_RPC_URL>
+forge script script/MigrateAdminControl.s.sol:MigrateAdminControl --rpc-url "$RPC_URL" --broadcast
+```
+**Step 2: Accept ownership (new admin)**
+```bash
+export RESOLVER_ADDRESS=<DEPLOYED_RESOLVER>
+export ONLY_ACCEPT=true
+export NEW_OWNER_PRIVATE_KEY=<NEW_ADMIN_PRIVATE_KEY>
+export RPC_URL=<ARBITRUM_ONE_RPC_URL>
+forge script script/MigrateAdminControl.s.sol:MigrateAdminControl --rpc-url "$RPC_URL" --broadcast
+```
+### Verifying Admin Migration
+Use `cast` to confirm `owner()` and `pendingOwner()` on-chain.
+```bash
+export RESOLVER_ADDRESS=<DEPLOYED_RESOLVER>
+export RPC_URL=<ARBITRUM_ONE_RPC_URL>
+cast call "$RESOLVER_ADDRESS" "owner()(address)" --rpc-url "$RPC_URL"
+cast call "$RESOLVER_ADDRESS" "pendingOwner()(address)" --rpc-url "$RPC_URL"
 ```
 ### Using the TypeScript Client
-The `@steerprotocol/curator-tools` client (provided by the `StrategyStore` class) provides helpers to interact with the authority layer. It supports automatic address resolution via the `@steerprotocol/sdk`.
+The `@steerprotocol/curator-tools` client (provided by the `StrategyStore` class) provides helpers to interact with the authority layer.
-#### Basic Initialization
 ```typescript
 import { StrategyStore } from '@steerprotocol/curator-tools';
 import { ethers } from 'ethers';
@@ -68,20 +175,35 @@ const provider = new ethers.JsonRpcProvider(RPC_URL);
 // Automatic resolution for supported networks (e.g., Arbitrum: 42161)
 const store = new StrategyStore({ chainId: 42161 }, provider);
-// OR explicit address
-const store = new StrategyStore({
+// OR explicit addresses
+const store2 = new StrategyStore(
+  {
     resolverAddress: '0x...',
-    registryAddress: '0x...' // Optional: Enables strict vault validation
-}, provider);
-```
+    registryAddress: '0x...', // Optional: Enables strict vault validation
+  },
+  provider
+);
-#### Verification & Transactions
-```typescript
 // Check if a curator is authorized (includes strict vault validation if registry is set)
-const authorized = await store.isCurator(vaultAddress, curatorAddress);
+const authorized = await store2.isCurator(vaultAddress, curatorAddress);
-// Generate transaction data for the admin dashboard (async due to registry validation)
-const tx = await store.registerCuratorTx(vaultAddress, curatorAddress, true);
+// Generate tx data for an admin dashboard
+const tx = await store2.registerCuratorTx(vaultAddress, curatorAddress, true);
+```
+### Contract Verification on Arbiscan (optional)
+If you want to verify the deployed resolver source, you can use `forge verify-contract`.
+```bash
+export ARBISCAN_API_KEY=<API_KEY>
+forge verify-contract \
+  --chain-id 42161 \
+  --watch \
+  --etherscan-api-key "$ARBISCAN_API_KEY" \
+  <DEPLOYED_RESOLVER> \
+  src/SteerAuthorityResolver.sol:SteerAuthorityResolver \
+  --constructor-args $(cast abi-encode "constructor(address)" 0xbD75f629A22Dc1ceD33dDA0b68c546A1c035c458)
 ```
 ## CI/CD Pipeline
@@ -100,5 +222,6 @@ Automated versioning and NPM publishing are handled via **Semantic Release**.
 ## Security
 - All administrative actions are restricted to the `owner`.
-- Attestations are strictly validated against `block.chainid` to prevent replay attacks.
-- Input validation is enforced on both smart contract and client-side levels.
+- Resolver validation enforces curator authorization per vault on both attestation and revocation (removing a curator prevents them from attesting *and* revoking prior attestations).
+- The payload includes a `targetChainId` for cross-chain overrides stored on Arbitrum One.
+- Input validation is enforced on both smart contract and client-side levels.

package/dist/index.d.mts CHANGED Viewed

@@ -6,6 +6,9 @@ interface StrategyStoreConfig {
     registryAddress?: string;
 }
 declare class StrategyStore {
+    static readonly ARBITRUM_ONE_RESOLVER_ADDRESS = "0xD36E3f33c6f1814F6923835Ae7dC508FEDA14b62";
+    static readonly ARBITRUM_ONE_CROSSCHAIN_SCHEMA_UID = "0x2a8ed2dea14b650384d87e1a9fdcd56ab7489fac437134f594f518d9538cbab9";
+    static encodeOverrideAttestationData(vault: string, targetChainId: number | bigint, strategyTokenId: bigint, manifestCid: string): string;
     private resolver;
     private registry?;
     private resolverAddress;

package/dist/index.mjs CHANGED Viewed

@@ -14,7 +14,16 @@ var REGISTRY_ABI = [
   "function totalVaultCount() view returns (uint256)",
   "function getVaultDetails(address _address) view returns (tuple(uint8 state, uint256 tokenId, uint256 vaultID, string payloadIpfs, address vaultAddress, string beaconName))"
 ];
-var StrategyStore = class {
+var StrategyStore = class _StrategyStore {
+  static ARBITRUM_ONE_RESOLVER_ADDRESS = "0xD36E3f33c6f1814F6923835Ae7dC508FEDA14b62";
+  static ARBITRUM_ONE_CROSSCHAIN_SCHEMA_UID = "0x2a8ed2dea14b650384d87e1a9fdcd56ab7489fac437134f594f518d9538cbab9";
+  static encodeOverrideAttestationData(vault, targetChainId, strategyTokenId, manifestCid) {
+    const validatedVault = AddressSchema.parse(vault);
+    return ethers.AbiCoder.defaultAbiCoder().encode(
+      ["address", "uint256", "uint256", "string"],
+      [validatedVault, targetChainId, strategyTokenId, manifestCid]
+    );
+  }
   resolver;
   registry;
   resolverAddress;
@@ -29,7 +38,7 @@ var StrategyStore = class {
       regAddr = config.registryAddress;
       if (!resAddr && config.chainId) {
         if (config.chainId === 42161) {
-          resAddr = "0x24847D7EF3D3AEC8cA28F6CAb723eF83E708966A";
+          resAddr = _StrategyStore.ARBITRUM_ONE_RESOLVER_ADDRESS;
         } else {
           resAddr = getContractAddressByChainIdAndContractName(config.chainId, "SteerAuthorityResolver");
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@steerprotocol/curator-tools",
-  "version": "1.2.0",
+  "version": "1.4.0",
   "description": "Steer Protocol Curator Override Tools",
   "publishConfig": {
     "access": "public"