@usesigil/kit 0.11.0 → 0.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-errors.d.ts +3 -3
- package/dist/agent-errors.d.ts.map +1 -1
- package/dist/agent-errors.js +44 -8
- package/dist/agent-errors.js.map +1 -1
- package/dist/errors/codes.js +1 -1
- package/dist/generated/accounts/sessionAuthority.d.ts +24 -0
- package/dist/generated/accounts/sessionAuthority.d.ts.map +1 -1
- package/dist/generated/accounts/sessionAuthority.js +12 -2
- package/dist/generated/accounts/sessionAuthority.js.map +1 -1
- package/dist/generated/errors/sigil.d.ts +11 -7
- package/dist/generated/errors/sigil.d.ts.map +1 -1
- package/dist/generated/errors/sigil.js +13 -7
- package/dist/generated/errors/sigil.js.map +1 -1
- package/dist/generated/types/constraintEntry.d.ts +10 -0
- package/dist/generated/types/constraintEntry.d.ts.map +1 -1
- package/dist/generated/types/constraintEntry.js.map +1 -1
- package/dist/generated/types/constraintEntryZC.d.ts +27 -0
- package/dist/generated/types/constraintEntryZC.d.ts.map +1 -1
- package/dist/generated/types/constraintEntryZC.js +4 -2
- package/dist/generated/types/constraintEntryZC.js.map +1 -1
- package/dist/generated/types/constraintsChangeApplied.d.ts +11 -3
- package/dist/generated/types/constraintsChangeApplied.d.ts.map +1 -1
- package/dist/generated/types/constraintsChangeApplied.js +9 -3
- package/dist/generated/types/constraintsChangeApplied.js.map +1 -1
- package/dist/generated/types/constraintsChangeQueued.d.ts +11 -3
- package/dist/generated/types/constraintsChangeQueued.d.ts.map +1 -1
- package/dist/generated/types/constraintsChangeQueued.js +9 -3
- package/dist/generated/types/constraintsChangeQueued.js.map +1 -1
- package/dist/generated/types/discriminatorFormat.d.ts +8 -0
- package/dist/generated/types/discriminatorFormat.d.ts.map +1 -1
- package/dist/generated/types/discriminatorFormat.js +8 -0
- package/dist/generated/types/discriminatorFormat.js.map +1 -1
- package/dist/generated/types/instructionConstraintsCreated.d.ts +11 -3
- package/dist/generated/types/instructionConstraintsCreated.d.ts.map +1 -1
- package/dist/generated/types/instructionConstraintsCreated.js +9 -3
- package/dist/generated/types/instructionConstraintsCreated.js.map +1 -1
- package/dist/generated/types/postAssertionEntry.d.ts +6 -0
- package/dist/generated/types/postAssertionEntry.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntry.js +6 -0
- package/dist/generated/types/postAssertionEntry.js.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.d.ts +22 -6
- package/dist/generated/types/postAssertionEntryZC.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.js +6 -2
- package/dist/generated/types/postAssertionEntryZC.js.map +1 -1
- package/dist/index.d.ts +7 -24
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +14 -35
- package/dist/index.js.map +1 -1
- package/dist/plugin.d.ts +50 -5
- package/dist/plugin.d.ts.map +1 -1
- package/dist/plugin.js +16 -5
- package/dist/plugin.js.map +1 -1
- package/dist/seal.d.ts +34 -0
- package/dist/seal.d.ts.map +1 -1
- package/dist/seal.js +100 -4
- package/dist/seal.js.map +1 -1
- package/dist/sigil.d.ts.map +1 -1
- package/dist/sigil.js +18 -5
- package/dist/sigil.js.map +1 -1
- package/dist/state-resolver.d.ts.map +1 -1
- package/dist/state-resolver.js +3 -3
- package/dist/state-resolver.js.map +1 -1
- package/package.json +1 -1
- package/dist/custody-adapter.d.ts +0 -54
- package/dist/custody-adapter.d.ts.map +0 -1
- package/dist/custody-adapter.js +0 -47
- package/dist/custody-adapter.js.map +0 -1
package/dist/index.d.ts
CHANGED
|
@@ -1,16 +1,11 @@
|
|
|
1
1
|
export * from "./generated/accounts/index.js";
|
|
2
|
-
export { SIGIL_PROGRAM_ADDRESS,
|
|
2
|
+
export { SIGIL_PROGRAM_ADDRESS, USD_DECIMALS, type UsdBaseUnits, type CapabilityTier, type Slot, usd, capability, slot, MAX_AGENTS_PER_VAULT, MAX_ALLOWED_PROTOCOLS, FULL_CAPABILITY, FULL_PERMISSIONS, MAX_ESCROW_DURATION, TOKEN_PROGRAM_ADDRESS, TOKEN_2022_PROGRAM_ADDRESS, ATA_PROGRAM_ADDRESS, COMPUTE_BUDGET_PROGRAM_ADDRESS, SYSTEM_PROGRAM_ADDRESS, SUPPORTED_PROTOCOLS, type ProtocolMeta, MAX_SLIPPAGE_BPS, PROTOCOL_MODE_ALL, PROTOCOL_MODE_ALLOWLIST, PROTOCOL_MODE_DENYLIST, USDC_MINT_DEVNET, USDC_MINT_MAINNET, USDT_MINT_DEVNET, USDT_MINT_MAINNET, JUPITER_PROGRAM_ADDRESS, RECOGNIZED_DEFI_PROGRAMS, isStablecoinMint, parseActionType, isSpendingAction, getPositionEffect, validateNetwork, normalizeNetwork, U64_MAX, } from "./types.js";
|
|
3
3
|
export type { Network, NetworkInput, PositionEffect } from "./types.js";
|
|
4
|
-
export { resolveVaultState, resolveVaultStateForOwner, resolveVaultBudget, getRolling24hUsd, getAgentRolling24hUsd, getProtocolSpend, getSpendingHistory,
|
|
4
|
+
export { resolveVaultState, resolveVaultStateForOwner, resolveVaultBudget, getRolling24hUsd, getAgentRolling24hUsd, getProtocolSpend, getSpendingHistory, findVaultsByOwner, findEscrowsByVault, findSessionsByVault, getPendingPolicyForVault, getPendingConstraintsForVault, } from "./state-resolver.js";
|
|
5
5
|
export type { EffectiveBudget, ProtocolBudget, SpendingEpoch, ResolvedVaultState, ResolvedVaultStateForOwner, ResolvedBudget, VaultLocator,
|
|
6
6
|
/** @deprecated Use VaultLocator. Removed at v1.0. */
|
|
7
7
|
DiscoveredVault, } from "./state-resolver.js";
|
|
8
|
-
export { getVaultPDA, getPolicyPDA, getTrackerPDA, getSessionPDA, getPendingPolicyPDA, getEscrowPDA, getAgentOverlayPDA, getConstraintsPDA, getPendingConstraintsPDA,
|
|
9
|
-
export type { ResolveAccountsInput, ResolvedAccounts, } from "./resolve-accounts.js";
|
|
10
|
-
export { SIGIL_ALT_DEVNET, SIGIL_ALT_MAINNET, getSigilAltAddress, } from "./alt-config.js";
|
|
11
|
-
export { AltCache, mergeAltAddresses } from "./alt-loader.js";
|
|
12
|
-
export { composeSigilTransaction, validateTransactionSize, measureTransactionSize, } from "./composer.js";
|
|
13
|
-
export type { ComposeTransactionParams } from "./composer.js";
|
|
8
|
+
export { getVaultPDA, getPolicyPDA, getTrackerPDA, getSessionPDA, getPendingPolicyPDA, getEscrowPDA, getAgentOverlayPDA, getConstraintsPDA, getPendingConstraintsPDA, } from "./resolve-accounts.js";
|
|
14
9
|
export { parseSigilEvents, filterEvents, getEventNames, decodeSigilEvent, parseAndDecodeSigilEvents, } from "./events.js";
|
|
15
10
|
export type { SigilEvent, SigilEventName, DecodedSigilEvent, } from "./events.js";
|
|
16
11
|
export { estimateComposedCU, PriorityFeeEstimator, CU_AGENT_TRANSFER, CU_JUPITER_SWAP, CU_JUPITER_MULTI_HOP, CU_FLASH_TRADE, CU_JUPITER_LEND, CU_DRIFT, CU_KAMINO_LEND, CU_DEFAULT_COMPOSED, CU_VAULT_CREATION, CU_OWNER_ACTION, } from "./priority-fees.js";
|
|
@@ -37,13 +32,11 @@ export type { SlippageReport, CapVelocityReport, DeviationReport, IdleCapitalRep
|
|
|
37
32
|
export { resolveProtocolName, PROTOCOL_NAMES } from "./protocol-names.js";
|
|
38
33
|
export { getVaultHealth, getVaultSummary } from "./vault-analytics.js";
|
|
39
34
|
export type { VaultHealth, VaultSummary, VaultStats, VaultSecurityCheck, } from "./vault-analytics.js";
|
|
40
|
-
export { resolvePolicies,
|
|
35
|
+
export { resolvePolicies, validateSpendLimitMints, DEFAULT_POLICIES, parseSpendLimit, } from "./policies.js";
|
|
41
36
|
export type { ShieldPolicies, SpendLimit, TransactionAnalysis, TokenTransfer, ResolvedPolicies, RateLimitConfig, PolicyCheckResult, } from "./policies.js";
|
|
42
|
-
export { AttestationStatus,
|
|
43
|
-
export type {
|
|
44
|
-
export {
|
|
45
|
-
export type { CustodyAdapter } from "./custody-adapter.js";
|
|
46
|
-
export { ON_CHAIN_ERROR_MAP, toAgentError, toSigilAgentError, SigilSdkError, protocolEscalationError, parseOnChainErrorCode, isAgentError, getAllOnChainErrorCodes, getAllSdkErrorCodes, categorizeError, } from "./agent-errors.js";
|
|
37
|
+
export { AttestationStatus, VALID_TEE_PROVIDERS, isTeeWallet, TeeAttestationError, AttestationCertChainError, AttestationPcrMismatchError, verifyTeeAttestation, verifyCrossmint, verifyPrivy, verifyTurnkey, } from "./tee/index.js";
|
|
38
|
+
export type { TeeWallet, TeeProvider, AttestationResult, VerifiedTeeWallet, } from "./tee/index.js";
|
|
39
|
+
export { toAgentError, toSigilAgentError, SigilSdkError, protocolEscalationError, parseOnChainErrorCode, isAgentError, getAllOnChainErrorCodes, getAllSdkErrorCodes, categorizeError, } from "./agent-errors.js";
|
|
47
40
|
export type { ErrorCategory, RecoveryAction, AgentError, SigilErrorCategory, } from "./agent-errors.js";
|
|
48
41
|
export { ProtocolTier, isProtocolAllowed, resolveProtocol, } from "./protocol-resolver.js";
|
|
49
42
|
export type { ProtocolResolution, EscalationInfo, } from "./protocol-resolver.js";
|
|
@@ -75,20 +68,10 @@ export { NOOP_LOGGER, createConsoleLogger, resolveLogger, setSigilModuleLogger,
|
|
|
75
68
|
export { SOLANA_DEVNET_GENESIS_HASH, SOLANA_MAINNET_GENESIS_HASH, } from "./seal.js";
|
|
76
69
|
export { buildOwnerTransaction } from "./owner-transaction.js";
|
|
77
70
|
export type { BuildOwnerTransactionParams, OwnerTransactionResult, } from "./owner-transaction.js";
|
|
78
|
-
export { mapPoliciesToVaultParams, findNextVaultId, inscribe, withVault, } from "./inscribe.js";
|
|
79
|
-
export type { InscribeOptions, InscribeResult, WithVaultOptions, WithVaultResult, } from "./inscribe.js";
|
|
80
|
-
export { TransactionExecutor } from "./transaction-executor.js";
|
|
81
|
-
export type { ExecuteTransactionParams, ExecuteTransactionResult, TransactionExecutorOptions, } from "./transaction-executor.js";
|
|
82
|
-
export { BlockhashCache, getBlockhashCache, signAndEncode, sendAndConfirmTransaction, } from "./rpc-helpers.js";
|
|
83
|
-
export type { Blockhash, SendAndConfirmOptions } from "./rpc-helpers.js";
|
|
84
71
|
export { isAccountNotFoundError } from "./dashboard/errors.js";
|
|
85
72
|
export { isTransportError, redactCause, PROVIDER_DENIAL_NAMES, TRANSPORT_CODES, } from "./network-errors.js";
|
|
86
|
-
export { VelocityTracker } from "./velocity-tracker.js";
|
|
87
|
-
export type { VelocityConfig, SpendStatus } from "./velocity-tracker.js";
|
|
88
73
|
export { ShieldConfigError } from "./core/index.js";
|
|
89
|
-
export { evaluatePolicy, enforcePolicy, recordTransaction, } from "./core/index.js";
|
|
90
74
|
export { KNOWN_PROTOCOLS, KNOWN_TOKENS, SYSTEM_PROGRAMS, getTokenInfo, getProtocolName, isKnownProtocol, isSystemProgram, } from "./core/index.js";
|
|
91
|
-
export type { ShieldStorage, SpendEntry, TxEntry } from "./core/index.js";
|
|
92
75
|
export { SigilError as SigilKitError, SigilShieldError, SigilTeeError, SigilX402Error, SigilComposeError, SigilSdkDomainError, SigilRpcError, SIGIL_KIT_VERSION, walk as walkSigilCause, type SigilErrorParameters, type SigilErrorCode, type SigilShieldErrorCode, type SigilTeeErrorCode, type SigilComposeErrorCode, type SigilX402ErrorCode, type SigilSdkErrorCode, type SigilRpcErrorCode, type SigilProgramErrorCode, type SigilErrorContext, } from "./errors/index.js";
|
|
93
76
|
/** Per-module discriminated union of x402 errors (viem ErrorType pattern). */
|
|
94
77
|
export type X402ErrorType = import("./x402/errors.js").X402ParseError | import("./x402/errors.js").X402PaymentError | import("./x402/errors.js").X402UnsupportedError | import("./x402/errors.js").X402DestinationBlockedError | import("./x402/errors.js").X402ReplayError;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAYA,cAAc,+BAA+B,CAAC;AAW9C,OAAO,EAEL,qBAAqB,EAErB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAYA,cAAc,+BAA+B,CAAC;AAW9C,OAAO,EAEL,qBAAqB,EAErB,YAAY,EAEZ,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,IAAI,EACT,GAAG,EACH,UAAU,EACV,IAAI,EAEJ,oBAAoB,EACpB,qBAAqB,EACrB,eAAe,EACf,gBAAgB,EAEhB,mBAAmB,EAEnB,qBAAqB,EACrB,0BAA0B,EAC1B,mBAAmB,EACnB,8BAA8B,EAC9B,sBAAsB,EAEtB,mBAAmB,EACnB,KAAK,YAAY,EAEjB,gBAAgB,EAEhB,iBAAiB,EACjB,uBAAuB,EACvB,sBAAsB,EAEtB,gBAAgB,EAChB,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,uBAAuB,EACvB,wBAAwB,EAExB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAEhB,OAAO,GACR,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAGxE,OAAO,EACL,iBAAiB,EACjB,yBAAyB,EACzB,kBAAkB,EAClB,gBAAgB,EAChB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,wBAAwB,EACxB,6BAA6B,GAC9B,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,eAAe,EACf,cAAc,EACd,aAAa,EACb,kBAAkB,EAClB,0BAA0B,EAC1B,cAAc,EACd,YAAY;AACZ,qDAAqD;AACrD,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EACb,aAAa,EACb,mBAAmB,EACnB,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,gBAAgB,EAChB,yBAAyB,GAC1B,MAAM,aAAa,CAAC;AACrB,YAAY,EACV,UAAU,EACV,cAAc,EACd,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,QAAQ,EACR,cAAc,EACd,mBAAmB,EACnB,iBAAiB,EACjB,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAG3E,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,0BAA0B,EAC1B,QAAQ,EACR,iBAAiB,EACjB,uBAAuB,EACvB,2BAA2B,EAC3B,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,iBAAiB,CAAC;AACzB,YAAY,EACV,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,QAAQ,EACR,mBAAmB,EACnB,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACvE,YAAY,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAGjD,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,mBAAmB,EACnB,cAAc,EACd,kBAAkB,EAClB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,wBAAwB,EAExB,WAAW,EACX,aAAa,GACd,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AACjC,YAAY,EACV,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAG7E,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,aAAa,EACb,oBAAoB,GACrB,MAAM,yBAAyB,CAAC;AACjC,YAAY,EACV,eAAe,EACf,aAAa,EACb,KAAK,EACL,UAAU,EACV,iBAAiB,GAClB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,eAAe,EACf,mBAAmB,EACnB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EACV,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,oBAAoB,EACpB,kBAAkB,EAClB,yBAAyB,EACzB,+BAA+B,EAC/B,sBAAsB,GACvB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EACV,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,oBAAoB,EACpB,4BAA4B,GAC7B,MAAM,yBAAyB,CAAC;AACjC,YAAY,EACV,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,qBAAqB,EACrB,cAAc,EACd,uBAAuB,EACvB,sBAAsB,EACtB,8BAA8B,EAC9B,2BAA2B,EAC3B,4BAA4B,GAC7B,MAAM,yBAAyB,CAAC;AACjC,YAAY,EACV,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,cAAc,EACd,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAG1E,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvE,YAAY,EACV,WAAW,EACX,YAAY,EACZ,UAAU,EACV,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,eAAe,EACf,uBAAuB,EACvB,gBAAgB,EAChB,eAAe,GAChB,MAAM,eAAe,CAAC;AACvB,YAAY,EACV,cAAc,EACd,UAAU,EACV,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,eAAe,EACf,iBAAiB,GAClB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,WAAW,EACX,mBAAmB,EACnB,yBAAyB,EACzB,2BAA2B,EAC3B,oBAAoB,EACpB,eAAe,EACf,WAAW,EACX,aAAa,GACd,MAAM,gBAAgB,CAAC;AACxB,YAAY,EACV,SAAS,EACT,WAAW,EACX,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,aAAa,EACb,uBAAuB,EACvB,qBAAqB,EACrB,YAAY,EACZ,uBAAuB,EACvB,mBAAmB,EACnB,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,aAAa,EACb,cAAc,EACd,UAAU,EACV,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,eAAe,GAChB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,kBAAkB,EAClB,cAAc,GACf,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACzE,YAAY,EACV,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,EACvB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,oBAAoB,EACpB,MAAM,EACN,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,YAAY,EACV,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,aAAa,EACb,eAAe,EACf,qBAAqB,GACtB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,IAAI,EACJ,iBAAiB;AACjB,4DAA4D;AAC5D,WAAW,EACX,gBAAgB,GACjB,MAAM,WAAW,CAAC;AACnB,YAAY,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAChD,YAAY,EACV,UAAU,EACV,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,aAAa,GACd,MAAM,WAAW,CAAC;AAInB,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,YAAY,EACV,sBAAsB,EACtB,qBAAqB,EACrB,aAAa,EACb,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,YAAY,EACV,wBAAwB,EACxB,uBAAuB,EACvB,MAAM,IAAI,gBAAgB,EAC1B,QAAQ,IAAI,kBAAkB,GAC/B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACxE,YAAY,EACV,SAAS,EACT,eAAe,EACf,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC7D,YAAY,EACV,iBAAiB,EACjB,aAAa,EACb,YAAY,EACZ,WAAW,EACX,YAAY,GACb,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACpE,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,aAAa,EACb,SAAS,EACT,WAAW,EACX,yBAAyB,EAEzB,cAAc,EACd,iBAAiB,EACjB,2BAA2B,GAC5B,MAAM,cAAc,CAAC;AACtB,YAAY,EACV,WAAW,EACX,UAAU,EACV,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAItB,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,EACL,mBAAmB,EACnB,KAAK,yBAAyB,GAC/B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,yBAAyB,EACzB,KAAK,+BAA+B,GACrC,MAAM,qCAAqC,CAAC;AAM7C,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,oBAAoB,EACpB,KAAK,WAAW,GACjB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,YAAY,EACV,2BAA2B,EAC3B,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAOhC,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,qBAAqB,EACrB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAS7B,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EACL,eAAe,EACf,YAAY,EACZ,eAAe,EACf,YAAY,EACZ,eAAe,EACf,eAAe,EACf,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAkBzB,OAAO,EACL,UAAU,IAAI,aAAa,EAC3B,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,iBAAiB,EACjB,IAAI,IAAI,cAAc,EACtB,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,EAC1B,KAAK,iBAAiB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,8EAA8E;AAC9E,MAAM,MAAM,aAAa,GACrB,OAAO,kBAAkB,EAAE,cAAc,GACzC,OAAO,kBAAkB,EAAE,gBAAgB,GAC3C,OAAO,kBAAkB,EAAE,oBAAoB,GAC/C,OAAO,kBAAkB,EAAE,2BAA2B,GACtD,OAAO,kBAAkB,EAAE,eAAe,CAAC;AAE/C,oDAAoD;AACpD,MAAM,MAAM,YAAY,GACpB,OAAO,uBAAuB,EAAE,mBAAmB,GACnD,OAAO,uBAAuB,EAAE,yBAAyB,GACzD,OAAO,uBAAuB,EAAE,2BAA2B,CAAC;AAEhE,wDAAwD;AACxD,MAAM,MAAM,gBAAgB,GAC1B,OAAO,kCAAkC,EAAE,YAAY,CAAC;AAE1D,uDAAuD;AACvD,MAAM,MAAM,eAAe,GACvB,OAAO,kBAAkB,EAAE,iBAAiB,GAC5C,OAAO,kBAAkB,EAAE,iBAAiB,CAAC;AAEjD;;;;;;;;GAQG;AACH,MAAM,MAAM,aAAa,GACrB,OAAO,mBAAmB,EAAE,aAAa,GACzC,OAAO,kBAAkB,EAAE,iBAAiB,GAC5C,OAAO,uBAAuB,EAAE,mBAAmB,GACnD,KAAK,CAAC;AAEV,oFAAoF;AACpF,MAAM,MAAM,kBAAkB,GAC1B,OAAO,mBAAmB,EAAE,aAAa,GACzC,OAAO,kBAAkB,EAAE,iBAAiB,GAC5C,KAAK,CAAC;AAMV,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACtE,YAAY,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAG9D,OAAO,EACL,WAAW,EACX,oBAAoB,EACpB,qBAAqB,EACrB,aAAa,EACb,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EACV,YAAY,EACZ,eAAe,EACf,QAAQ,EACR,UAAU,GACX,MAAM,sBAAsB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -22,8 +22,6 @@ export * from "./generated/accounts/index.js";
|
|
|
22
22
|
export {
|
|
23
23
|
// Program
|
|
24
24
|
SIGIL_PROGRAM_ADDRESS,
|
|
25
|
-
// Fee constants
|
|
26
|
-
FEE_RATE_DENOMINATOR, PROTOCOL_FEE_RATE, MAX_DEVELOPER_FEE_RATE, PROTOCOL_TREASURY,
|
|
27
25
|
// USD
|
|
28
26
|
USD_DECIMALS, usd, capability, slot,
|
|
29
27
|
// Multi-agent
|
|
@@ -36,27 +34,18 @@ TOKEN_PROGRAM_ADDRESS, TOKEN_2022_PROGRAM_ADDRESS, ATA_PROGRAM_ADDRESS, COMPUTE_
|
|
|
36
34
|
SUPPORTED_PROTOCOLS,
|
|
37
35
|
// Slippage
|
|
38
36
|
MAX_SLIPPAGE_BPS,
|
|
39
|
-
// SpendTracker
|
|
40
|
-
EPOCH_DURATION, NUM_EPOCHS,
|
|
41
37
|
// Protocol mode
|
|
42
38
|
PROTOCOL_MODE_ALL, PROTOCOL_MODE_ALLOWLIST, PROTOCOL_MODE_DENYLIST,
|
|
43
39
|
// Stablecoin mints
|
|
44
40
|
USDC_MINT_DEVNET, USDC_MINT_MAINNET, USDT_MINT_DEVNET, USDT_MINT_MAINNET, JUPITER_PROGRAM_ADDRESS, RECOGNIZED_DEFI_PROGRAMS,
|
|
45
41
|
// Functions
|
|
46
|
-
isStablecoinMint, parseActionType, isSpendingAction, getPositionEffect, validateNetwork, normalizeNetwork,
|
|
47
|
-
// Overlay constants
|
|
48
|
-
OVERLAY_EPOCH_DURATION, OVERLAY_NUM_EPOCHS, ROLLING_WINDOW_SECONDS,
|
|
42
|
+
isStablecoinMint, parseActionType, isSpendingAction, getPositionEffect, validateNetwork, normalizeNetwork,
|
|
49
43
|
// u64 boundary
|
|
50
44
|
U64_MAX, } from "./types.js";
|
|
51
45
|
// ─── State Resolver ──────────────────────────────────────────────────────────
|
|
52
|
-
export { resolveVaultState, resolveVaultStateForOwner, resolveVaultBudget, getRolling24hUsd, getAgentRolling24hUsd, getProtocolSpend, getSpendingHistory,
|
|
46
|
+
export { resolveVaultState, resolveVaultStateForOwner, resolveVaultBudget, getRolling24hUsd, getAgentRolling24hUsd, getProtocolSpend, getSpendingHistory, findVaultsByOwner, findEscrowsByVault, findSessionsByVault, getPendingPolicyForVault, getPendingConstraintsForVault, } from "./state-resolver.js";
|
|
53
47
|
// ─── PDA Resolution ───────────────────────────────────────────────────────────
|
|
54
|
-
export { getVaultPDA, getPolicyPDA, getTrackerPDA, getSessionPDA, getPendingPolicyPDA, getEscrowPDA, getAgentOverlayPDA, getConstraintsPDA, getPendingConstraintsPDA,
|
|
55
|
-
// ─── ALT (Address Lookup Table) ──────────────────────────────────────────────
|
|
56
|
-
export { SIGIL_ALT_DEVNET, SIGIL_ALT_MAINNET, getSigilAltAddress, } from "./alt-config.js";
|
|
57
|
-
export { AltCache, mergeAltAddresses } from "./alt-loader.js";
|
|
58
|
-
// ─── Transaction Composer ─────────────────────────────────────────────────────
|
|
59
|
-
export { composeSigilTransaction, validateTransactionSize, measureTransactionSize, } from "./composer.js";
|
|
48
|
+
export { getVaultPDA, getPolicyPDA, getTrackerPDA, getSessionPDA, getPendingPolicyPDA, getEscrowPDA, getAgentOverlayPDA, getConstraintsPDA, getPendingConstraintsPDA, } from "./resolve-accounts.js";
|
|
60
49
|
// ─── Event Parser ─────────────────────────────────────────────────────────────
|
|
61
50
|
export { parseSigilEvents, filterEvents, getEventNames, decodeSigilEvent, parseAndDecodeSigilEvents, } from "./events.js";
|
|
62
51
|
// ─── Priority Fees ────────────────────────────────────────────────────────────
|
|
@@ -88,13 +77,11 @@ export { resolveProtocolName, PROTOCOL_NAMES } from "./protocol-names.js";
|
|
|
88
77
|
// ─── Vault Analytics ─────────────────────────────────────────────────────────
|
|
89
78
|
export { getVaultHealth, getVaultSummary } from "./vault-analytics.js";
|
|
90
79
|
// ─── Policy Engine ────────────────────────────────────────────────────────────
|
|
91
|
-
export { resolvePolicies,
|
|
92
|
-
// ─── TEE Attestation
|
|
93
|
-
export { AttestationStatus,
|
|
94
|
-
// ─── Custody Adapter ────────────────────────────────────────────────────────
|
|
95
|
-
export { custodyAdapterToTransactionSigner } from "./custody-adapter.js";
|
|
80
|
+
export { resolvePolicies, validateSpendLimitMints, DEFAULT_POLICIES, parseSpendLimit, } from "./policies.js";
|
|
81
|
+
// ─── TEE Attestation (public verification surface) ──────────────────────────
|
|
82
|
+
export { AttestationStatus, VALID_TEE_PROVIDERS, isTeeWallet, TeeAttestationError, AttestationCertChainError, AttestationPcrMismatchError, verifyTeeAttestation, verifyCrossmint, verifyPrivy, verifyTurnkey, } from "./tee/index.js";
|
|
96
83
|
// ─── Agent Errors ─────────────────────────────────────────────────────────────
|
|
97
|
-
export {
|
|
84
|
+
export { toAgentError, toSigilAgentError, SigilSdkError, protocolEscalationError, parseOnChainErrorCode, isAgentError, getAllOnChainErrorCodes, getAllSdkErrorCodes, categorizeError, } from "./agent-errors.js";
|
|
98
85
|
// ─── Protocol Resolver ───────────────────────────────────────────────────────
|
|
99
86
|
export { ProtocolTier, isProtocolAllowed, resolveProtocol, } from "./protocol-resolver.js";
|
|
100
87
|
// ─── Inspector ───────────────────────────────────────────────────────────────
|
|
@@ -130,12 +117,6 @@ export { NOOP_LOGGER, createConsoleLogger, resolveLogger, setSigilModuleLogger,
|
|
|
130
117
|
export { SOLANA_DEVNET_GENESIS_HASH, SOLANA_MAINNET_GENESIS_HASH, } from "./seal.js";
|
|
131
118
|
// ─── Owner Transaction ───────────────────────────────────────────────────────
|
|
132
119
|
export { buildOwnerTransaction } from "./owner-transaction.js";
|
|
133
|
-
// ─── Inscribe / withVault ─────────────────────────────────────────────────────
|
|
134
|
-
export { mapPoliciesToVaultParams, findNextVaultId, inscribe, withVault, } from "./inscribe.js";
|
|
135
|
-
// ─── Transaction Executor ──────────────────────────────────────────────────
|
|
136
|
-
export { TransactionExecutor } from "./transaction-executor.js";
|
|
137
|
-
// ─── RPC Helpers ───────────────────────────────────────────────────────────
|
|
138
|
-
export { BlockhashCache, getBlockhashCache, signAndEncode, sendAndConfirmTransaction, } from "./rpc-helpers.js";
|
|
139
120
|
// ─── Error Classification (typed predicates + transport classifier) ─────────
|
|
140
121
|
//
|
|
141
122
|
// Shared helpers used across `seal`, `shielded-fetch`, `facilitator-verify`,
|
|
@@ -143,16 +124,14 @@ export { BlockhashCache, getBlockhashCache, signAndEncode, sendAndConfirmTransac
|
|
|
143
124
|
// observability layers should reach for these before rolling their own.
|
|
144
125
|
export { isAccountNotFoundError } from "./dashboard/errors.js";
|
|
145
126
|
export { isTransportError, redactCause, PROVIDER_DENIAL_NAMES, TRANSPORT_CODES, } from "./network-errors.js";
|
|
146
|
-
// ───
|
|
147
|
-
|
|
148
|
-
//
|
|
149
|
-
//
|
|
150
|
-
//
|
|
151
|
-
//
|
|
152
|
-
//
|
|
153
|
-
// RateLimitConfig, PolicyCheckResult already flow through policies.ts.
|
|
127
|
+
// ─── Core Policy Engine (public surface only — internals hidden in v0.13) ───
|
|
128
|
+
// Kit's shield.ts defines its own ShieldState, ShieldDeniedError, PolicyViolation.
|
|
129
|
+
// Kit's policies.ts defines its own ShieldPolicies etc. evaluatePolicy /
|
|
130
|
+
// enforcePolicy / recordTransaction / ShieldStorage / SpendEntry / TxEntry /
|
|
131
|
+
// VelocityTracker / VelocityConfig / SpendStatus were removed from the root
|
|
132
|
+
// barrel in v0.13 — they were internal orchestrators for `shield()` and
|
|
133
|
+
// `vault.budget()` which consumers should call directly.
|
|
154
134
|
export { ShieldConfigError } from "./core/index.js";
|
|
155
|
-
export { evaluatePolicy, enforcePolicy, recordTransaction, } from "./core/index.js";
|
|
156
135
|
export { KNOWN_PROTOCOLS, KNOWN_TOKENS, SYSTEM_PROGRAMS, getTokenInfo, getProtocolName, isKnownProtocol, isSystemProgram, } from "./core/index.js";
|
|
157
136
|
// ─── Unified Error Taxonomy (PR 2.A) ─────────────────────────────────────────
|
|
158
137
|
// SigilError base class + four domain classes + canonical SigilErrorCode
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2CAA2C;AAC3C,oCAAoC;AAEpC,iFAAiF;AACjF,EAAE;AACF,0EAA0E;AAC1E,yEAAyE;AACzE,yEAAyE;AACzE,2EAA2E;AAC3E,sEAAsE;AACtE,uEAAuE;AACvE,sEAAsE;AACtE,cAAc,+BAA+B,CAAC;AAE9C,iFAAiF;AACjF,EAAE;AACF,oEAAoE;AACpE,8DAA8D;AAC9D,oEAAoE;AACpE,uEAAuE;AACvE,2EAA2E;AAC3E,4EAA4E;AAC5E,oEAAoE;AACpE,OAAO;AACL,UAAU;AACV,qBAAqB;AACrB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2CAA2C;AAC3C,oCAAoC;AAEpC,iFAAiF;AACjF,EAAE;AACF,0EAA0E;AAC1E,yEAAyE;AACzE,yEAAyE;AACzE,2EAA2E;AAC3E,sEAAsE;AACtE,uEAAuE;AACvE,sEAAsE;AACtE,cAAc,+BAA+B,CAAC;AAE9C,iFAAiF;AACjF,EAAE;AACF,oEAAoE;AACpE,8DAA8D;AAC9D,oEAAoE;AACpE,uEAAuE;AACvE,2EAA2E;AAC3E,4EAA4E;AAC5E,oEAAoE;AACpE,OAAO;AACL,UAAU;AACV,qBAAqB;AACrB,MAAM;AACN,YAAY,EAKZ,GAAG,EACH,UAAU,EACV,IAAI;AACJ,cAAc;AACd,oBAAoB,EACpB,qBAAqB,EACrB,eAAe,EACf,gBAAgB;AAChB,SAAS;AACT,mBAAmB;AACnB,8DAA8D;AAC9D,qBAAqB,EACrB,0BAA0B,EAC1B,mBAAmB,EACnB,8BAA8B,EAC9B,sBAAsB;AACtB,qDAAqD;AACrD,mBAAmB;AAEnB,WAAW;AACX,gBAAgB;AAChB,gBAAgB;AAChB,iBAAiB,EACjB,uBAAuB,EACvB,sBAAsB;AACtB,mBAAmB;AACnB,gBAAgB,EAChB,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,uBAAuB,EACvB,wBAAwB;AACxB,YAAY;AACZ,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,gBAAgB;AAChB,eAAe;AACf,OAAO,GACR,MAAM,YAAY,CAAC;AAGpB,gFAAgF;AAChF,OAAO,EACL,iBAAiB,EACjB,yBAAyB,EACzB,kBAAkB,EAClB,gBAAgB,EAChB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,wBAAwB,EACxB,6BAA6B,GAC9B,MAAM,qBAAqB,CAAC;AAa7B,iFAAiF;AACjF,OAAO,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EACb,aAAa,EACb,mBAAmB,EACnB,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAE/B,iFAAiF;AACjF,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,gBAAgB,EAChB,yBAAyB,GAC1B,MAAM,aAAa,CAAC;AAOrB,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,QAAQ,EACR,cAAc,EACd,mBAAmB,EACnB,iBAAiB,EACjB,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAG5B,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,0BAA0B,EAC1B,QAAQ,EACR,iBAAiB,EACjB,uBAAuB,EACvB,2BAA2B,EAC3B,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,iBAAiB,CAAC;AAWzB,iFAAiF;AACjF,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAGvE,gFAAgF;AAChF,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,mBAAmB,EACnB,cAAc,EACd,kBAAkB,EAClB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,wBAAwB;AACxB,2EAA2E;AAC3E,WAAW,EACX,aAAa,GACd,MAAM,iBAAiB,CAAC;AAEzB,gFAAgF;AAChF,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAMjC,gFAAgF;AAChF,OAAO,EACL,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,sBAAsB,CAAC;AAG9B,gFAAgF;AAChF,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,aAAa,EACb,oBAAoB,GACrB,MAAM,yBAAyB,CAAC;AASjC,gFAAgF;AAChF,OAAO,EACL,eAAe,EACf,mBAAmB,EACnB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,sBAAsB,CAAC;AAQ9B,gFAAgF;AAChF,OAAO,EACL,oBAAoB,EACpB,kBAAkB,EAClB,yBAAyB,EACzB,+BAA+B,EAC/B,sBAAsB,GACvB,MAAM,0BAA0B,CAAC;AAOlC,gFAAgF;AAChF,OAAO,EACL,oBAAoB,EACpB,4BAA4B,GAC7B,MAAM,yBAAyB,CAAC;AAMjC,gFAAgF;AAChF,OAAO,EACL,qBAAqB,EACrB,cAAc,EACd,uBAAuB,EACvB,sBAAsB,EACtB,8BAA8B,EAC9B,2BAA2B,EAC3B,4BAA4B,GAC7B,MAAM,yBAAyB,CAAC;AAWjC,gFAAgF;AAChF,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAE1E,gFAAgF;AAChF,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAQvE,iFAAiF;AACjF,OAAO,EACL,eAAe,EACf,uBAAuB,EACvB,gBAAgB,EAChB,eAAe,GAChB,MAAM,eAAe,CAAC;AAWvB,+EAA+E;AAC/E,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,WAAW,EACX,mBAAmB,EACnB,yBAAyB,EACzB,2BAA2B,EAC3B,oBAAoB,EACpB,eAAe,EACf,WAAW,EACX,aAAa,GACd,MAAM,gBAAgB,CAAC;AAQxB,iFAAiF;AACjF,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,aAAa,EACb,uBAAuB,EACvB,qBAAqB,EACrB,YAAY,EACZ,uBAAuB,EACvB,mBAAmB,EACnB,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAQ3B,gFAAgF;AAChF,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,eAAe,GAChB,MAAM,wBAAwB,CAAC;AAMhC,gFAAgF;AAChF,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AASzE,+EAA+E;AAC/E,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,oBAAoB,EACpB,MAAM,EACN,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAUrB,8EAA8E;AAC9E,OAAO,EACL,IAAI,EACJ,iBAAiB;AACjB,4DAA4D;AAC5D,WAAW,EACX,gBAAgB,GACjB,MAAM,WAAW,CAAC;AAUnB,8EAA8E;AAC9E,+EAA+E;AAC/E,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAQnC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAQ/C,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAQxE,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAS7D,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAQpE,gFAAgF;AAChF,OAAO,EACL,aAAa,EACb,SAAS,EACT,WAAW,EACX,yBAAyB;AACzB,qEAAqE;AACrE,cAAc,EACd,iBAAiB,EACjB,2BAA2B,GAC5B,MAAM,cAAc,CAAC;AAQtB,+EAA+E;AAC/E,wEAAwE;AACxE,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,EACL,mBAAmB,GAEpB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,yBAAyB,GAE1B,MAAM,qCAAqC,CAAC;AAE7C,+EAA+E;AAC/E,4EAA4E;AAC5E,yEAAyE;AACzE,sEAAsE;AACtE,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,oBAAoB,GAErB,MAAM,aAAa,CAAC;AAErB,+EAA+E;AAC/E,OAAO,EACL,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,WAAW,CAAC;AAEnB,gFAAgF;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAM/D,+EAA+E;AAC/E,EAAE;AACF,6EAA6E;AAC7E,yEAAyE;AACzE,wEAAwE;AACxE,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,qBAAqB,EACrB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAE7B,+EAA+E;AAC/E,mFAAmF;AACnF,yEAAyE;AACzE,6EAA6E;AAC7E,4EAA4E;AAC5E,wEAAwE;AACxE,yDAAyD;AACzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EACL,eAAe,EACf,YAAY,EACZ,eAAe,EACf,YAAY,EACZ,eAAe,EACf,eAAe,EACf,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAEzB,gFAAgF;AAChF,yEAAyE;AACzE,4EAA4E;AAC5E,6EAA6E;AAC7E,sEAAsE;AACtE,6EAA6E;AAC7E,EAAE;AACF,yEAAyE;AACzE,sFAAsF;AACtF,2EAA2E;AAC3E,yEAAyE;AACzE,qEAAqE;AACrE,mEAAmE;AACnE,qEAAqE;AACrE,oFAAoF;AACpF,6EAA6E;AAC7E,OAAO,EACL,UAAU,IAAI,aAAa,EAC3B,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,iBAAiB,EACjB,IAAI,IAAI,cAAc,GAWvB,MAAM,mBAAmB,CAAC;AA8C3B,gFAAgF;AAChF,+EAA+E;AAC/E,wEAAwE;AACxE,0EAA0E;AAC1E,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAGtE,+EAA+E;AAC/E,OAAO,EACL,WAAW,EACX,oBAAoB,EACpB,qBAAqB,EACrB,aAAa,EACb,oBAAoB,GACrB,MAAM,sBAAsB,CAAC"}
|
package/dist/plugin.d.ts
CHANGED
|
@@ -11,12 +11,23 @@
|
|
|
11
11
|
* Run order inside `seal()`:
|
|
12
12
|
* 1. Parameter validation (basic shape checks)
|
|
13
13
|
* 2. `hooks.onBeforeBuild` — may abort cleanly via `{ skipSeal: true }`
|
|
14
|
-
* 3.
|
|
15
|
-
* 4.
|
|
16
|
-
* 5.
|
|
14
|
+
* 3. `resolveVaultState` — fetches AgentVault + PolicyConfig + SpendTracker + Overlay
|
|
15
|
+
* 4. Vault-active + agent-registered + agent-not-paused gates
|
|
16
|
+
* 5. **Plugin checks** — first `{ allow: false }` throws. Plugins see
|
|
17
|
+
* the resolved on-chain state via `PluginContext.state`. NOTE: the
|
|
18
|
+
* zero-capability check runs AFTER plugins (step 7), so a plugin
|
|
19
|
+
* MAY observe `state.capabilityTier === 0`; plugins relying on a
|
|
20
|
+
* non-zero capability must assert it themselves before allowing.
|
|
21
|
+
* 6. Amount/protocol/constraint checks (spending gates, allowlist, max)
|
|
22
|
+
* 7. Agent-capability zero-check + transaction assembly
|
|
23
|
+
* 8. `hooks.onBeforeSign` — final observe-only point before return
|
|
17
24
|
*
|
|
18
|
-
* Plugins
|
|
19
|
-
*
|
|
25
|
+
* Plugins run AFTER state resolution by design — 2 of 3 real plugin
|
|
26
|
+
* categories (rate limiting, compliance) need state input. Consumers who
|
|
27
|
+
* want stateless early-exit use `onBeforeBuild` with
|
|
28
|
+
* `{ skipSeal: true, reason }` — that path runs before any RPC.
|
|
29
|
+
*
|
|
30
|
+
* Plugins MUST NOT perform their own RPC calls — they receive the
|
|
20
31
|
* pre-resolved state as context. Async plugin `check()` is supported
|
|
21
32
|
* for cases where the plugin delegates to an external service
|
|
22
33
|
* (feature-flag servers, compliance APIs) but the plugin runner will
|
|
@@ -41,6 +52,40 @@ export interface PluginContext {
|
|
|
41
52
|
readonly instructions: readonly Instruction[];
|
|
42
53
|
/** Stable ID for this `seal()` invocation — matches `SealHookContext.correlationId`. */
|
|
43
54
|
readonly correlationId: string;
|
|
55
|
+
/**
|
|
56
|
+
* Sanitized vault state snapshot, populated by `seal()` after
|
|
57
|
+
* `resolveVaultState()` completes and prerequisite checks pass
|
|
58
|
+
* (vault active + agent registered + agent not paused). Frozen —
|
|
59
|
+
* mutation attempts throw in strict mode.
|
|
60
|
+
*
|
|
61
|
+
* **Security contract (intentional redactions):**
|
|
62
|
+
* - `owner` pubkey is NOT exposed — plugins must not make policy
|
|
63
|
+
* decisions based on ownership identity.
|
|
64
|
+
* - Full `agents[]` roster is NOT exposed — plugins see their
|
|
65
|
+
* invocation agent's capability/paused state only, preventing
|
|
66
|
+
* inter-agent side channels.
|
|
67
|
+
* - `vault_id` is NOT exposed — internal identifier, no policy use.
|
|
68
|
+
* - Raw `SpendTracker` epoch array is NOT exposed — denormalized
|
|
69
|
+
* into `globalBudget.spent24h` instead.
|
|
70
|
+
*
|
|
71
|
+
* The exposed surface is sufficient for the three real use cases:
|
|
72
|
+
* rate limiting (budget remaining), compliance (vault status + agent
|
|
73
|
+
* paused), and circuit breakers (budget spent24h).
|
|
74
|
+
*/
|
|
75
|
+
readonly state: {
|
|
76
|
+
/** Rolling 24h global budget: cap, spent, remaining (6-decimal USD). */
|
|
77
|
+
readonly globalBudget: import("./state-resolver.js").EffectiveBudget;
|
|
78
|
+
/** Rolling 24h per-agent budget. Null if the agent has no sub-cap. */
|
|
79
|
+
readonly agentBudget: import("./state-resolver.js").EffectiveBudget | null;
|
|
80
|
+
/** On-chain vault lifecycle status. */
|
|
81
|
+
readonly vaultStatus: import("./generated/types/vaultStatus.js").VaultStatus;
|
|
82
|
+
/** Agent capability tier (0=Disabled, 1=Observer, 2=Operator). */
|
|
83
|
+
readonly capabilityTier: number;
|
|
84
|
+
/** Policy max-transaction-size cap (6-decimal USD). 0n means uncapped. */
|
|
85
|
+
readonly maxTransactionUsd: bigint;
|
|
86
|
+
/** Unix timestamp (seconds) when state was resolved. */
|
|
87
|
+
readonly resolvedAtTimestamp: bigint;
|
|
88
|
+
};
|
|
44
89
|
}
|
|
45
90
|
/**
|
|
46
91
|
* Successful plugin check. May carry advisory metadata that downstream
|
package/dist/plugin.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAU3D;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,QAAQ,GAAG,SAAS,CAAC;IACvC,QAAQ,CAAC,YAAY,EAAE,SAAS,WAAW,EAAE,CAAC;IAC9C,wFAAwF;IACxF,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B;;;;;;;;;;;;;;;;;;;OAmBG;IACH,QAAQ,CAAC,KAAK,EAAE;QACd,wEAAwE;QACxE,QAAQ,CAAC,YAAY,EAAE,OAAO,qBAAqB,EAAE,eAAe,CAAC;QACrE,sEAAsE;QACtE,QAAQ,CAAC,WAAW,EAAE,OAAO,qBAAqB,EAAE,eAAe,GAAG,IAAI,CAAC;QAC3E,uCAAuC;QACvC,QAAQ,CAAC,WAAW,EAAE,OAAO,kCAAkC,EAAE,WAAW,CAAC;QAC7E,kEAAkE;QAClE,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;QAChC,0EAA0E;QAC1E,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;QACnC,wDAAwD;QACxD,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;KACtC,CAAC;CACH;AAID;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC;IACrB,gFAAgF;IAChF,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACvD;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,iBAAiB,CAAC;IAClC,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACvD;AAED,MAAM,MAAM,YAAY,GAAG,WAAW,GAAG,YAAY,CAAC;AAItD,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3C;;;;;OAKG;IACH,KAAK,CAAC,GAAG,EAAE,aAAa,GAAG,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CACjE;AAID;;;;;;;;;;;GAWG;AACH,wBAAsB,UAAU,CAC9B,OAAO,EAAE,SAAS,iBAAiB,EAAE,GAAG,SAAS,EACjD,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,IAAI,CAAC,CAiDf;AAID;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,OAAO,IAAI,SAAS,iBAAiB,EAAE,CA+CjD"}
|
package/dist/plugin.js
CHANGED
|
@@ -11,12 +11,23 @@
|
|
|
11
11
|
* Run order inside `seal()`:
|
|
12
12
|
* 1. Parameter validation (basic shape checks)
|
|
13
13
|
* 2. `hooks.onBeforeBuild` — may abort cleanly via `{ skipSeal: true }`
|
|
14
|
-
* 3.
|
|
15
|
-
* 4.
|
|
16
|
-
* 5.
|
|
14
|
+
* 3. `resolveVaultState` — fetches AgentVault + PolicyConfig + SpendTracker + Overlay
|
|
15
|
+
* 4. Vault-active + agent-registered + agent-not-paused gates
|
|
16
|
+
* 5. **Plugin checks** — first `{ allow: false }` throws. Plugins see
|
|
17
|
+
* the resolved on-chain state via `PluginContext.state`. NOTE: the
|
|
18
|
+
* zero-capability check runs AFTER plugins (step 7), so a plugin
|
|
19
|
+
* MAY observe `state.capabilityTier === 0`; plugins relying on a
|
|
20
|
+
* non-zero capability must assert it themselves before allowing.
|
|
21
|
+
* 6. Amount/protocol/constraint checks (spending gates, allowlist, max)
|
|
22
|
+
* 7. Agent-capability zero-check + transaction assembly
|
|
23
|
+
* 8. `hooks.onBeforeSign` — final observe-only point before return
|
|
17
24
|
*
|
|
18
|
-
* Plugins
|
|
19
|
-
*
|
|
25
|
+
* Plugins run AFTER state resolution by design — 2 of 3 real plugin
|
|
26
|
+
* categories (rate limiting, compliance) need state input. Consumers who
|
|
27
|
+
* want stateless early-exit use `onBeforeBuild` with
|
|
28
|
+
* `{ skipSeal: true, reason }` — that path runs before any RPC.
|
|
29
|
+
*
|
|
30
|
+
* Plugins MUST NOT perform their own RPC calls — they receive the
|
|
20
31
|
* pre-resolved state as context. Async plugin `check()` is supported
|
|
21
32
|
* for cases where the plugin delegates to an external service
|
|
22
33
|
* (feature-flag servers, compliance APIs) but the plugin runner will
|
package/dist/plugin.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAIH,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EACL,iCAAiC,EACjC,gCAAgC,GACjC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AA0GnD,+EAA+E;AAE/E;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,OAAiD,EACjD,GAAkB;IAElB,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAE7C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,MAAoB,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC,CAAC;YAChE,MAAM,IAAI,mBAAmB,CAC3B,iCAAiC,EACjC,WAAW,MAAM,CAAC,IAAI,2BAA2B,OAAO,EAAE,EAC1D;gBACE,KAAK,EAAE,GAAG;gBACV,OAAO,EAAE;oBACP,MAAM,EAAE,MAAM,CAAC,IAAI;oBACnB,MAAM,EAAE,OAAO;oBACf,aAAa,EAAE,GAAG,CAAC,aAAa;iBACjC;aACF,CACF,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QACrC,IAAI,SAAS,GAAG,IAAI,EAAE,CAAC;YACrB,oBAAoB,EAAE,CAAC,IAAI,CACzB,wBAAwB,MAAM,CAAC,IAAI,UAAU,SAAS,mCAAmC,EACzF,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,CACnC,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,IAAI,mBAAmB,CAC3B,iCAAiC,EACjC,WAAW,MAAM,CAAC,IAAI,6BAA6B,MAAM,CAAC,MAAM,EAAE,EAClE;gBACE,OAAO,EAAE;oBACP,MAAM,EAAE,MAAM,CAAC,IAAI;oBACnB,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,aAAa,EAAE,GAAG,CAAC,aAAa;iBACjC;aACF,CACF,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAgB;IAEhB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,6EAA6E,OAAO,OAAO,GAAG,EAC9F,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,qBAAqB,EAAE,EAAE,CACnE,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACrB,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,mBAAmB,CAAC,+BAA+B,OAAO,CAAC,GAAG,EAC9D,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,WAAW,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,CAC5D,CAAC;QACJ,CAAC;QACD,MAAM,SAAS,GAAG,CAA+B,CAAC;QAClD,IAAI,OAAO,SAAS,CAAC,IAAI,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtE,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,mBAAmB,CAAC,uCAAuC,EAC3D,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,WAAW,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,CACjE,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;YAC1C,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,WAAW,SAAS,CAAC,IAAI,iCAAiC,EAC1D;gBACE,OAAO,EAAE;oBACP,KAAK,EAAE,WAAW,SAAS,CAAC,IAAI,SAAS;oBACzC,QAAQ,EAAE,UAAU;iBACrB;aACF,CACF,CAAC;QACJ,CAAC;QACD,IAAI,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,0BAA0B,SAAS,CAAC,IAAI,4CAA4C,EACpF,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,CAC7D,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC"}
|
package/dist/seal.d.ts
CHANGED
|
@@ -15,6 +15,7 @@
|
|
|
15
15
|
*/
|
|
16
16
|
import type { Address, AddressesByLookupTableAddress, Instruction, Rpc, SolanaRpcApi, TransactionSigner } from "./kit-adapter.js";
|
|
17
17
|
import { compileTransaction } from "./kit-adapter.js";
|
|
18
|
+
import { type SigilPolicyPlugin } from "./plugin.js";
|
|
18
19
|
import { type ResolvedVaultState, type ResolvedVaultStateForOwner, type ResolvedBudget } from "./state-resolver.js";
|
|
19
20
|
import { type Blockhash, type SendAndConfirmOptions } from "./rpc-helpers.js";
|
|
20
21
|
import { type AgentError } from "./agent-errors.js";
|
|
@@ -91,6 +92,21 @@ export interface SealParams {
|
|
|
91
92
|
* generates one via `newCorrelationId()` at the top of the call.
|
|
92
93
|
*/
|
|
93
94
|
correlationId?: string;
|
|
95
|
+
/**
|
|
96
|
+
* @internal
|
|
97
|
+
*
|
|
98
|
+
* Sprint 2 (B4): policy plugins threaded from `SigilClientConfig.plugins`
|
|
99
|
+
* via `clientSeal`. Bare-seal callers SHOULD NOT pass plugins here —
|
|
100
|
+
* plugins are client-level configuration that already goes through
|
|
101
|
+
* `validatePluginList()` at client construction. Direct use of this
|
|
102
|
+
* field bypasses that validation.
|
|
103
|
+
*
|
|
104
|
+
* Not exposed on `ClientSealOpts` (by design — prevents per-call
|
|
105
|
+
* plugin override). Only `clientSeal` injects this field after the
|
|
106
|
+
* `...opts` spread so per-call callers cannot override the set of
|
|
107
|
+
* client-level plugins for a single seal invocation.
|
|
108
|
+
*/
|
|
109
|
+
plugins?: readonly SigilPolicyPlugin[];
|
|
94
110
|
}
|
|
95
111
|
export interface SealResult {
|
|
96
112
|
ok: true;
|
|
@@ -272,6 +288,24 @@ export interface SigilClientApi {
|
|
|
272
288
|
* ```
|
|
273
289
|
*/
|
|
274
290
|
export declare function createSigilClient(config: SigilClientConfig): SigilClientApi;
|
|
291
|
+
/**
|
|
292
|
+
* Async factory: run the genesis-hash assertion + delegate to
|
|
293
|
+
* {@link createSigilClient}. Returns the factory's `SigilClientApi`
|
|
294
|
+
* (which properly wires plugins, hooks, and caches) — NOT the
|
|
295
|
+
* deprecated `SigilClient` class (which does not wire plugins/hooks).
|
|
296
|
+
*
|
|
297
|
+
* This is what `Sigil.quickstart()` / `Sigil.fromVault()` use under
|
|
298
|
+
* the hood to get both:
|
|
299
|
+
* - genesis-hash cluster safety (previously only on the class path)
|
|
300
|
+
* - working plugin + hook wiring (only on the factory path)
|
|
301
|
+
*
|
|
302
|
+
* @param config - Full client config. All fields (plugins, hooks,
|
|
303
|
+
* logger) are forwarded to the factory after the assertion passes.
|
|
304
|
+
* @throws `SigilRpcError` if `getGenesisHash()` fails after retries.
|
|
305
|
+
* @throws `SigilSdkDomainError(INVALID_CONFIG)` if the cluster hash
|
|
306
|
+
* does not match `config.network`.
|
|
307
|
+
*/
|
|
308
|
+
export declare function createSigilClientAsync(config: SigilClientConfig): Promise<SigilClientApi>;
|
|
275
309
|
/** Canonical devnet genesis hash — Solana cluster identifier. */
|
|
276
310
|
export declare const SOLANA_DEVNET_GENESIS_HASH = "EtWTRABZaYq6iMfeYKouRu166VU2xqa1wcaWoxPkrZBG";
|
|
277
311
|
/** Canonical mainnet-beta genesis hash — Solana cluster identifier. */
|
package/dist/seal.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"seal.d.ts","sourceRoot":"","sources":["../src/seal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,6BAA6B,EAC7B,WAAW,EACX,GAAG,EACH,YAAY,EACZ,iBAAiB,EAClB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,kBAAkB,EAAe,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"seal.d.ts","sourceRoot":"","sources":["../src/seal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,6BAA6B,EAC7B,WAAW,EACX,GAAG,EACH,YAAY,EACZ,iBAAiB,EAClB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,kBAAkB,EAAe,MAAM,kBAAkB,CAAC;AAQnE,OAAO,EAGL,KAAK,iBAAiB,EACvB,MAAM,aAAa,CAAC;AAMrB,OAAO,EAIL,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAE/B,KAAK,cAAc,EACpB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAKL,KAAK,SAAS,EACd,KAAK,qBAAqB,EAC3B,MAAM,kBAAkB,CAAC;AAmB1B,OAAO,EAAqB,KAAK,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEvE,OAAO,EAGL,KAAK,QAAQ,EACb,KAAK,YAAY,EAClB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAEL,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACvB,MAAM,mBAAmB,CAAC;AAwC3B,MAAM,WAAW,UAAU;IACzB,kCAAkC;IAClC,KAAK,EAAE,OAAO,CAAC;IACf,mEAAmE;IACnE,KAAK,EAAE,iBAAiB,CAAC;IACzB,mGAAmG;IACnG,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,8DAA8D;IAC9D,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC;IACvB,yGAAyG;IACzG,OAAO,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC9B;;;;;;;;OAQG;IACH,SAAS,EAAE,OAAO,CAAC;IACnB;;;;;;;;;;;;OAYG;IACH,MAAM,EAAE,MAAM,CAAC;IACf,sFAAsF;IACtF,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,8EAA8E;IAC9E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,0EAA0E;IAC1E,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,sGAAsG;IACtG,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,uEAAuE;IACvE,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB;;;;OAIG;IACH,oBAAoB,CAAC,EAAE,OAAO,EAAE,CAAC;IACjC,+EAA+E;IAC/E,mBAAmB,CAAC,EAAE,6BAA6B,CAAC;IACpD,qFAAqF;IACrF,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC,gFAAgF;IAChF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,iFAAiF;IACjF,yBAAyB,CAAC,EAAE,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD;;;;;OAKG;IACH,KAAK,CAAC,EAAE,OAAO,YAAY,EAAE,SAAS,CAAC;IACvC;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,EAAE,SAAS,iBAAiB,EAAE,CAAC;CACxC;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,IAAI,CAAC;IACT,WAAW,EAAE,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;IACnD,oDAAoD;IACpD,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,iFAAiF;IACjF,oBAAoB,EAAE,MAAM,CAAC;IAC7B,gFAAgF;IAChF,YAAY,CAAC,EAAE;QACb,YAAY,EAAE,OAAO,CAAC;QACtB,aAAa,EAAE,OAAO,CAAC;QACvB,YAAY,EAAE,MAAM,CAAC;QACrB,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;KAC9B,CAAC;CACH;AAID,4EAA4E;AAC5E,wBAAgB,gBAAgB,CAC9B,YAAY,EAAE,WAAW,EAAE,EAC3B,YAAY,EAAE,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAClC,WAAW,EAAE,CAmBf;AAYD;;;;;;;;;;;;GAYG;AACH,wBAAsB,IAAI,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAqmBlE;AAID,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC;IACvB,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,EAAE,iBAAiB,CAAC;IACzB,OAAO,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC9B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iHAAiH;IACjH,OAAO,CAAC,EAAE,CACR,KAAK,EAAE,UAAU,EACjB,OAAO,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,KAC5D,IAAI,CAAC;IACV;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,EAAE,OAAO,aAAa,EAAE,WAAW,CAAC;IAC3C;;;;;;;;;;;;;;;;OAgBG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B;;;;;OAKG;IACH,KAAK,CAAC,EAAE,OAAO,YAAY,EAAE,SAAS,CAAC;IACvC;;;;OAIG;IACH,OAAO,CAAC,EAAE,SAAS,OAAO,aAAa,EAAE,iBAAiB,EAAE,CAAC;CAC9D;AAED;;;;;;GAMG;AACH,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,oBAAoB,CAAC,EAAE,OAAO,EAAE,CAAC;IACjC,mBAAmB,CAAC,EAAE,6BAA6B,CAAC;IACpD,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yBAAyB,CAAC,EAAE,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD;;;OAGG;IACH,KAAK,CAAC,EAAE,OAAO,YAAY,EAAE,SAAS,CAAC;IACvC;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,UAAU,CAAC;CACxB;AAID;;;;;;;;;GASG;AACH,MAAM,WAAW,cAAc;IAC7B,4CAA4C;IAC5C,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC;IAChC,qBAAqB;IACrB,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,oBAAoB;IACpB,QAAQ,CAAC,KAAK,EAAE,iBAAiB,CAAC;IAClC,eAAe;IACf,QAAQ,CAAC,OAAO,EAAE,QAAQ,GAAG,SAAS,CAAC;IAEvC,yEAAyE;IACzE,IAAI,CAAC,YAAY,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAE7E,gDAAgD;IAChD,iBAAiB,CACf,YAAY,EAAE,WAAW,EAAE,EAC3B,IAAI,EAAE,cAAc,GAAG;QAAE,cAAc,CAAC,EAAE,qBAAqB,CAAA;KAAE,GAChE,OAAO,CAAC,aAAa,CAAC,CAAC;IAE1B,yCAAyC;IACzC,gBAAgB,IAAI,IAAI,CAAC;IAEzB,gCAAgC;IAChC,aAAa,IAAI,OAAO,CAAC,0BAA0B,CAAC,CAAC;IAErD,8CAA8C;IAC9C,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC,CAAC;IAE1C,qBAAqB;IACrB,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE5B,gCAAgC;IAChC,gBAAgB,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;CAC7C;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,iBAAiB,GAAG,cAAc,CA0M3E;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,cAAc,CAAC,CAgBzB;AAWD,iEAAiE;AACjE,eAAO,MAAM,0BAA0B,iDACS,CAAC;AAEjD,uEAAuE;AACvE,eAAO,MAAM,2BAA2B,iDACQ,CAAC;AAiBjD,gDAAgD;AAChD,wBAAgB,sBAAsB,IAAI,IAAI,CAE7C;AA8HD,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAiB;IACxD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAA+B;IAChE,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC;IAChC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,iBAAiB,CAAC;IAClC,QAAQ,CAAC,OAAO,EAAE,QAAQ,GAAG,SAAS,CAAC;IAEvC;;;;;;;;;;;;;;;;;OAiBG;IACH,OAAO;IA0DP;;;;;;;;;;;;;;;;;;;;OAoBG;WACU,MAAM,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,WAAW,CAAC;IAyBpE;;;;;;OAMG;IACG,IAAI,CACR,YAAY,EAAE,WAAW,EAAE,EAC3B,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,UAAU,CAAC;IA0DtB;;;;;OAKG;IACG,iBAAiB,CACrB,YAAY,EAAE,WAAW,EAAE,EAC3B,IAAI,EAAE,cAAc,GAAG;QAAE,cAAc,CAAC,EAAE,qBAAqB,CAAA;KAAE,GAChE,OAAO,CAAC,aAAa,CAAC;IAqBzB,gBAAgB,IAAI,IAAI;IAOxB,OAAO,KAAK,WAAW,GAEtB;IAEK,aAAa,IAAI,OAAO,CAAC,0BAA0B,CAAC;IASpD,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC;IAIzC,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC;IAI3B,gBAAgB,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;WAIpC,WAAW,CACtB,IAAI,EAAE,kBAAkB,GACvB,OAAO,CAAC,iBAAiB,CAAC;CAG9B"}
|
package/dist/seal.js
CHANGED
|
@@ -16,10 +16,7 @@
|
|
|
16
16
|
import { AccountRole } from "./kit-adapter.js";
|
|
17
17
|
import { getSigilModuleLogger, setSigilModuleLogger } from "./logger.js";
|
|
18
18
|
import { newCorrelationId, invokeHook, composeHooks, } from "./hooks.js";
|
|
19
|
-
|
|
20
|
-
// `import("./plugin.js").SigilPolicyPlugin` so no top-level import is
|
|
21
|
-
// needed. Plugin runner invocation (runPlugins() call after state resolve)
|
|
22
|
-
// is a follow-up commit; the hooks integration above proves the plumbing.
|
|
19
|
+
import { runPlugins, validatePluginList, } from "./plugin.js";
|
|
23
20
|
import { VaultStatus } from "./generated/types/vaultStatus.js";
|
|
24
21
|
import { getValidateAndAuthorizeInstructionAsync } from "./generated/instructions/validateAndAuthorize.js";
|
|
25
22
|
import { getFinalizeSessionInstructionAsync } from "./generated/instructions/finalizeSession.js";
|
|
@@ -154,6 +151,45 @@ export async function seal(params) {
|
|
|
154
151
|
if (agentEntry.paused) {
|
|
155
152
|
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__AGENT_PAUSED, `Agent ${params.agent.address} is paused in vault ${params.vault}`, { context: { vault: params.vault, agent: params.agent.address } });
|
|
156
153
|
}
|
|
154
|
+
// ─── Sprint 2 (B4): run policy plugins ────────────────────────────────────
|
|
155
|
+
//
|
|
156
|
+
// Plugins receive a frozen, redacted snapshot of the resolved vault state.
|
|
157
|
+
// Design notes:
|
|
158
|
+
// - Ordering: AFTER resolveVaultState + vault-active + agent-registered
|
|
159
|
+
// + agent-not-paused gates. 2 of 3 real plugin categories (rate
|
|
160
|
+
// limiting, compliance) require state; running before state would
|
|
161
|
+
// degrade those to stateless-only.
|
|
162
|
+
// - Redaction: owner pubkey, full agents[] roster, vault_id, and raw
|
|
163
|
+
// SpendTracker epochs are intentionally NOT exposed. Plugins see
|
|
164
|
+
// only what's needed for policy decisions (budget + capability
|
|
165
|
+
// + vault status). Reduces malicious-plugin exfiltration surface.
|
|
166
|
+
// - Freeze: outer state + each nested object is frozen via
|
|
167
|
+
// Object.freeze. Mutation attempts throw in strict mode, silent
|
|
168
|
+
// no-op in sloppy — neither is a working bypass.
|
|
169
|
+
// - Rejection: runPlugins throws SigilSdkDomainError(PLUGIN_REJECTED)
|
|
170
|
+
// on first { allow: false } or plugin throw. The onError hook
|
|
171
|
+
// fires via executeAndConfirm's catch block on the way out.
|
|
172
|
+
if (params.plugins && params.plugins.length > 0) {
|
|
173
|
+
await runPlugins(params.plugins, {
|
|
174
|
+
vault: params.vault,
|
|
175
|
+
agent: params.agent.address,
|
|
176
|
+
tokenMint: params.tokenMint,
|
|
177
|
+
amount: params.amount,
|
|
178
|
+
network: params.network,
|
|
179
|
+
instructions: params.instructions,
|
|
180
|
+
correlationId: _hookCtx.correlationId,
|
|
181
|
+
state: Object.freeze({
|
|
182
|
+
globalBudget: Object.freeze({ ...state.globalBudget }),
|
|
183
|
+
agentBudget: state.agentBudget
|
|
184
|
+
? Object.freeze({ ...state.agentBudget })
|
|
185
|
+
: null,
|
|
186
|
+
vaultStatus: state.vault.status,
|
|
187
|
+
capabilityTier: agentEntry.capability,
|
|
188
|
+
maxTransactionUsd: state.maxTransactionUsd,
|
|
189
|
+
resolvedAtTimestamp: state.resolvedAtTimestamp,
|
|
190
|
+
}),
|
|
191
|
+
});
|
|
192
|
+
}
|
|
157
193
|
// Step 3: Determine spending from amount (ActionType eliminated in v6)
|
|
158
194
|
const spending = params.amount > 0n;
|
|
159
195
|
const U64_MAX = 18446744073709551615n;
|
|
@@ -457,6 +493,19 @@ export async function seal(params) {
|
|
|
457
493
|
if (feeDestinationTokenAccount) {
|
|
458
494
|
knownRecipients.add(feeDestinationTokenAccount);
|
|
459
495
|
}
|
|
496
|
+
// ─── Sprint 2 (B3): onBeforeSign hook ──────────────────────────────────────
|
|
497
|
+
//
|
|
498
|
+
// Fires once the transaction is fully composed and size-verified, before
|
|
499
|
+
// seal() returns it to the caller (executeAndConfirm will then sign +
|
|
500
|
+
// send). Observe-only — mutations to compiledTx have no effect on what
|
|
501
|
+
// seal() returns. A hook throw is swallowed + logged via invokeHook's
|
|
502
|
+
// existing semantics (same as the other observe-only hooks).
|
|
503
|
+
//
|
|
504
|
+
// Single fire-point: composed hooks (from executeAndConfirm) propagate
|
|
505
|
+
// through clientSeal → seal() via the opts spread, so firing here
|
|
506
|
+
// covers all three entry paths (executeAndConfirm, SigilVault.execute,
|
|
507
|
+
// bare seal()) with exactly one invocation per seal.
|
|
508
|
+
await invokeHook(params.hooks, "onBeforeSign", _hookCtx, compiledTx);
|
|
460
509
|
return {
|
|
461
510
|
ok: true,
|
|
462
511
|
transaction: compiledTx,
|
|
@@ -501,6 +550,14 @@ export function createSigilClient(config) {
|
|
|
501
550
|
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_CONFIG, "SigilClientConfig.agent is required", { context: { field: "agent", expected: "TransactionSigner" } });
|
|
502
551
|
if (!config.network)
|
|
503
552
|
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_CONFIG, "SigilClientConfig.network is required", { context: { field: "network", expected: "'devnet' | 'mainnet'" } });
|
|
553
|
+
// Sprint 2 (B4): validate plugin list at client construction.
|
|
554
|
+
// plugin.ts docstring promises this runs in createSigilClient /
|
|
555
|
+
// Sigil.quickstart / Sigil.fromVault. The facade path validates via
|
|
556
|
+
// buildInternalState; the direct createSigilClient path must too, or
|
|
557
|
+
// malformed plugins silently load and only fail at first seal().
|
|
558
|
+
if (config.plugins !== undefined) {
|
|
559
|
+
validatePluginList(config.plugins);
|
|
560
|
+
}
|
|
504
561
|
// C3 fix: install the consumer-supplied logger so leaf utilities (alt-
|
|
505
562
|
// loader, shield, dashboard, tee/verify, etc.) route their warnings
|
|
506
563
|
// through it. Without this call the factory silently drops
|
|
@@ -547,6 +604,11 @@ export function createSigilClient(config) {
|
|
|
547
604
|
verifySigilAlt(addressLookupTables, sigilAlt, expected);
|
|
548
605
|
}
|
|
549
606
|
}
|
|
607
|
+
// Sprint 2 (B4): thread client-level plugins into bare seal(). Injected
|
|
608
|
+
// AFTER the `...opts` spread so per-call callers cannot override the
|
|
609
|
+
// client's plugin set for a single invocation. ClientSealOpts has no
|
|
610
|
+
// `plugins` field (by design) — TypeScript rejects per-call plugin
|
|
611
|
+
// passing at compile time.
|
|
550
612
|
return seal({
|
|
551
613
|
rpc,
|
|
552
614
|
vault,
|
|
@@ -556,6 +618,7 @@ export function createSigilClient(config) {
|
|
|
556
618
|
...opts,
|
|
557
619
|
blockhash: resolvedBlockhash,
|
|
558
620
|
addressLookupTables,
|
|
621
|
+
...(config.plugins ? { plugins: config.plugins } : {}),
|
|
559
622
|
});
|
|
560
623
|
}
|
|
561
624
|
return {
|
|
@@ -627,6 +690,39 @@ export function createSigilClient(config) {
|
|
|
627
690
|
},
|
|
628
691
|
};
|
|
629
692
|
}
|
|
693
|
+
/**
|
|
694
|
+
* Async factory: run the genesis-hash assertion + delegate to
|
|
695
|
+
* {@link createSigilClient}. Returns the factory's `SigilClientApi`
|
|
696
|
+
* (which properly wires plugins, hooks, and caches) — NOT the
|
|
697
|
+
* deprecated `SigilClient` class (which does not wire plugins/hooks).
|
|
698
|
+
*
|
|
699
|
+
* This is what `Sigil.quickstart()` / `Sigil.fromVault()` use under
|
|
700
|
+
* the hood to get both:
|
|
701
|
+
* - genesis-hash cluster safety (previously only on the class path)
|
|
702
|
+
* - working plugin + hook wiring (only on the factory path)
|
|
703
|
+
*
|
|
704
|
+
* @param config - Full client config. All fields (plugins, hooks,
|
|
705
|
+
* logger) are forwarded to the factory after the assertion passes.
|
|
706
|
+
* @throws `SigilRpcError` if `getGenesisHash()` fails after retries.
|
|
707
|
+
* @throws `SigilSdkDomainError(INVALID_CONFIG)` if the cluster hash
|
|
708
|
+
* does not match `config.network`.
|
|
709
|
+
*/
|
|
710
|
+
export async function createSigilClientAsync(config) {
|
|
711
|
+
// Install logger FIRST so `assertGenesisHash` diagnostics route
|
|
712
|
+
// through it. createSigilClient will re-install it (idempotent).
|
|
713
|
+
if (config.logger) {
|
|
714
|
+
setSigilModuleLogger(config.logger);
|
|
715
|
+
}
|
|
716
|
+
if (config.skipGenesisAssertion === true) {
|
|
717
|
+
getSigilModuleLogger().warn("[createSigilClientAsync] skipGenesisAssertion=true — RPC cluster " +
|
|
718
|
+
`is NOT verified against configured network "${config.network}". ` +
|
|
719
|
+
"Only safe for local test harnesses.");
|
|
720
|
+
}
|
|
721
|
+
else {
|
|
722
|
+
await assertGenesisHash(config.rpc, config.network);
|
|
723
|
+
}
|
|
724
|
+
return createSigilClient(config);
|
|
725
|
+
}
|
|
630
726
|
// ─── Genesis-hash assertion (D18 — closes F10 cluster mismatch) ─────────────
|
|
631
727
|
//
|
|
632
728
|
// Every @ usesigil / kit transaction assumes the RPC is on the cluster the
|