@usesigil/kit 0.15.0 → 0.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-bootstrap.d.ts +118 -0
- package/dist/agent-bootstrap.d.ts.map +1 -0
- package/dist/agent-bootstrap.js +211 -0
- package/dist/agent-bootstrap.js.map +1 -0
- package/dist/agent-errors.d.ts +3 -3
- package/dist/agent-errors.d.ts.map +1 -1
- package/dist/agent-errors.js +227 -142
- package/dist/agent-errors.js.map +1 -1
- package/dist/build-unsigned.d.ts +152 -0
- package/dist/build-unsigned.d.ts.map +1 -0
- package/dist/build-unsigned.js +152 -0
- package/dist/build-unsigned.js.map +1 -0
- package/dist/constraints/index.d.ts +23 -0
- package/dist/constraints/index.d.ts.map +1 -0
- package/dist/constraints/index.js +24 -0
- package/dist/constraints/index.js.map +1 -0
- package/dist/create-vault.d.ts +10 -1
- package/dist/create-vault.d.ts.map +1 -1
- package/dist/create-vault.js +10 -2
- package/dist/create-vault.js.map +1 -1
- package/dist/dashboard/constraint-builders.d.ts +82 -0
- package/dist/dashboard/constraint-builders.d.ts.map +1 -0
- package/dist/dashboard/constraint-builders.js +204 -0
- package/dist/dashboard/constraint-builders.js.map +1 -0
- package/dist/dashboard/errors.d.ts +37 -0
- package/dist/dashboard/errors.d.ts.map +1 -1
- package/dist/dashboard/errors.js +76 -0
- package/dist/dashboard/errors.js.map +1 -1
- package/dist/dashboard/from-json.d.ts.map +1 -1
- package/dist/dashboard/from-json.js +1 -2
- package/dist/dashboard/from-json.js.map +1 -1
- package/dist/dashboard/index.d.ts +29 -3
- package/dist/dashboard/index.d.ts.map +1 -1
- package/dist/dashboard/index.js +36 -1
- package/dist/dashboard/index.js.map +1 -1
- package/dist/dashboard/mutations.d.ts +60 -1
- package/dist/dashboard/mutations.d.ts.map +1 -1
- package/dist/dashboard/mutations.js +127 -20
- package/dist/dashboard/mutations.js.map +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts +88 -0
- package/dist/dashboard/post-assertion-validation.d.ts.map +1 -0
- package/dist/dashboard/post-assertion-validation.js +191 -0
- package/dist/dashboard/post-assertion-validation.js.map +1 -0
- package/dist/dashboard/reads.d.ts +93 -1
- package/dist/dashboard/reads.d.ts.map +1 -1
- package/dist/dashboard/reads.js +238 -9
- package/dist/dashboard/reads.js.map +1 -1
- package/dist/dashboard/types.d.ts +147 -11
- package/dist/dashboard/types.d.ts.map +1 -1
- package/dist/errors/codes.js +1 -1
- package/dist/events.d.ts.map +1 -1
- package/dist/events.js +2 -1
- package/dist/events.js.map +1 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts +12 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js +3 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/accounts/pendingCloseConstraints.d.ts +12 -0
- package/dist/generated/accounts/pendingCloseConstraints.d.ts.map +1 -1
- package/dist/generated/accounts/pendingCloseConstraints.js +4 -2
- package/dist/generated/accounts/pendingCloseConstraints.js.map +1 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts +14 -0
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.js +4 -2
- package/dist/generated/accounts/pendingConstraintsUpdate.js.map +1 -1
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts +24 -4
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js +6 -4
- package/dist/generated/accounts/pendingPolicyUpdate.js.map +1 -1
- package/dist/generated/accounts/policyConfig.d.ts +28 -10
- package/dist/generated/accounts/policyConfig.d.ts.map +1 -1
- package/dist/generated/accounts/policyConfig.js +4 -4
- package/dist/generated/accounts/policyConfig.js.map +1 -1
- package/dist/generated/accounts/sessionAuthority.d.ts +18 -4
- package/dist/generated/accounts/sessionAuthority.d.ts.map +1 -1
- package/dist/generated/accounts/sessionAuthority.js +3 -3
- package/dist/generated/accounts/sessionAuthority.js.map +1 -1
- package/dist/generated/errors/sigil.d.ts +95 -81
- package/dist/generated/errors/sigil.d.ts.map +1 -1
- package/dist/generated/errors/sigil.js +107 -86
- package/dist/generated/errors/sigil.js.map +1 -1
- package/dist/generated/event-discriminators.d.ts.map +1 -1
- package/dist/generated/event-discriminators.js +2 -1
- package/dist/generated/event-discriminators.js.map +1 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts +67 -0
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts.map +1 -0
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js +120 -0
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js.map +1 -0
- package/dist/generated/instructions/freezeVault.d.ts +8 -5
- package/dist/generated/instructions/freezeVault.d.ts.map +1 -1
- package/dist/generated/instructions/freezeVault.js +14 -3
- package/dist/generated/instructions/freezeVault.js.map +1 -1
- package/dist/generated/instructions/index.d.ts +1 -0
- package/dist/generated/instructions/index.d.ts.map +1 -1
- package/dist/generated/instructions/index.js +1 -0
- package/dist/generated/instructions/index.js.map +1 -1
- package/dist/generated/instructions/initializeVault.d.ts +0 -4
- package/dist/generated/instructions/initializeVault.d.ts.map +1 -1
- package/dist/generated/instructions/initializeVault.js +0 -2
- package/dist/generated/instructions/initializeVault.js.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.d.ts +8 -8
- package/dist/generated/instructions/queuePolicyUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.js +4 -4
- package/dist/generated/instructions/queuePolicyUpdate.js.map +1 -1
- package/dist/generated/programs/sigil.d.ts +29 -25
- package/dist/generated/programs/sigil.d.ts.map +1 -1
- package/dist/generated/programs/sigil.js +37 -25
- package/dist/generated/programs/sigil.js.map +1 -1
- package/dist/generated/types/accountConstraint.d.ts +16 -1
- package/dist/generated/types/accountConstraint.d.ts.map +1 -1
- package/dist/generated/types/accountConstraint.js +2 -0
- package/dist/generated/types/accountConstraint.js.map +1 -1
- package/dist/generated/types/accountConstraintZC.d.ts +7 -0
- package/dist/generated/types/accountConstraintZC.d.ts.map +1 -1
- package/dist/generated/types/accountConstraintZC.js +4 -2
- package/dist/generated/types/accountConstraintZC.js.map +1 -1
- package/dist/generated/types/constraintEntry.d.ts +0 -4
- package/dist/generated/types/constraintEntry.d.ts.map +1 -1
- package/dist/generated/types/constraintEntry.js +1 -3
- package/dist/generated/types/constraintEntry.js.map +1 -1
- package/dist/generated/types/constraintEntryZC.d.ts +17 -12
- package/dist/generated/types/constraintEntryZC.d.ts.map +1 -1
- package/dist/generated/types/constraintEntryZC.js +2 -2
- package/dist/generated/types/constraintEntryZC.js.map +1 -1
- package/dist/generated/types/index.d.ts +1 -0
- package/dist/generated/types/index.d.ts.map +1 -1
- package/dist/generated/types/index.js +1 -0
- package/dist/generated/types/index.js.map +1 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts +22 -0
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts.map +1 -0
- package/dist/generated/types/orphanConstraintsPdaCleaned.js +26 -0
- package/dist/generated/types/orphanConstraintsPdaCleaned.js.map +1 -0
- package/dist/generated/types/vaultFrozen.d.ts +12 -0
- package/dist/generated/types/vaultFrozen.d.ts.map +1 -1
- package/dist/generated/types/vaultFrozen.js +3 -1
- package/dist/generated/types/vaultFrozen.js.map +1 -1
- package/dist/index.d.ts +11 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +22 -1
- package/dist/index.js.map +1 -1
- package/dist/inscribe.d.ts +0 -4
- package/dist/inscribe.d.ts.map +1 -1
- package/dist/inscribe.js +0 -1
- package/dist/inscribe.js.map +1 -1
- package/dist/kit-adapter.d.ts +1 -1
- package/dist/kit-adapter.d.ts.map +1 -1
- package/dist/kit-adapter.js +1 -1
- package/dist/kit-adapter.js.map +1 -1
- package/dist/logger.d.ts +48 -0
- package/dist/logger.d.ts.map +1 -1
- package/dist/logger.js +36 -0
- package/dist/logger.js.map +1 -1
- package/dist/owner-transaction.d.ts +8 -0
- package/dist/owner-transaction.d.ts.map +1 -1
- package/dist/owner-transaction.js +1 -0
- package/dist/owner-transaction.js.map +1 -1
- package/dist/post-assertions/cross-field-lte.d.ts +134 -0
- package/dist/post-assertions/cross-field-lte.d.ts.map +1 -0
- package/dist/post-assertions/cross-field-lte.js +129 -0
- package/dist/post-assertions/cross-field-lte.js.map +1 -0
- package/dist/post-assertions/index.d.ts +28 -0
- package/dist/post-assertions/index.d.ts.map +1 -0
- package/dist/post-assertions/index.js +28 -0
- package/dist/post-assertions/index.js.map +1 -0
- package/dist/post-assertions/presets/flash-trade.d.ts +139 -0
- package/dist/post-assertions/presets/flash-trade.d.ts.map +1 -0
- package/dist/post-assertions/presets/flash-trade.js +154 -0
- package/dist/post-assertions/presets/flash-trade.js.map +1 -0
- package/dist/presets.d.ts +1 -7
- package/dist/presets.d.ts.map +1 -1
- package/dist/presets.js +0 -5
- package/dist/presets.js.map +1 -1
- package/dist/preview-create-vault.d.ts +280 -0
- package/dist/preview-create-vault.d.ts.map +1 -0
- package/dist/preview-create-vault.js +477 -0
- package/dist/preview-create-vault.js.map +1 -0
- package/dist/protocol-registry/annotations/drift.json +7 -0
- package/dist/protocol-registry/annotations/flash-trade.json +7 -0
- package/dist/protocol-registry/annotations/jupiter-borrow.json +7 -0
- package/dist/protocol-registry/annotations/jupiter-earn.json +7 -0
- package/dist/protocol-registry/annotations/jupiter-lend.json +7 -0
- package/dist/protocol-registry/annotations/jupiter.json +7 -0
- package/dist/protocol-registry/annotations/kamino.json +7 -0
- package/dist/protocol-registry/index.d.ts +45 -0
- package/dist/protocol-registry/index.d.ts.map +1 -0
- package/dist/protocol-registry/index.js +76 -0
- package/dist/protocol-registry/index.js.map +1 -0
- package/dist/protocol-tier.d.ts +157 -0
- package/dist/protocol-tier.d.ts.map +1 -0
- package/dist/protocol-tier.js +104 -0
- package/dist/protocol-tier.js.map +1 -0
- package/dist/seal.d.ts.map +1 -1
- package/dist/seal.js +26 -2
- package/dist/seal.js.map +1 -1
- package/dist/sigil.d.ts +0 -4
- package/dist/sigil.d.ts.map +1 -1
- package/dist/simulation.d.ts.map +1 -1
- package/dist/simulation.js +72 -91
- package/dist/simulation.js.map +1 -1
- package/dist/testing/devnet.d.ts.map +1 -1
- package/dist/testing/devnet.js +0 -1
- package/dist/testing/devnet.js.map +1 -1
- package/dist/testing/errors/expect.d.ts +137 -0
- package/dist/testing/errors/expect.d.ts.map +1 -0
- package/dist/testing/errors/expect.js +372 -0
- package/dist/testing/errors/expect.js.map +1 -0
- package/dist/testing/errors/index.d.ts +3 -0
- package/dist/testing/errors/index.d.ts.map +1 -0
- package/dist/testing/errors/index.js +8 -0
- package/dist/testing/errors/index.js.map +1 -0
- package/dist/testing/errors/names.generated.d.ts +188 -0
- package/dist/testing/errors/names.generated.d.ts.map +1 -0
- package/dist/testing/errors/names.generated.js +183 -0
- package/dist/testing/errors/names.generated.js.map +1 -0
- package/dist/testing/index.d.ts +1 -0
- package/dist/testing/index.d.ts.map +1 -1
- package/dist/testing/index.js +8 -0
- package/dist/testing/index.js.map +1 -1
- package/dist/testing/mock-rpc.d.ts +8 -0
- package/dist/testing/mock-rpc.d.ts.map +1 -1
- package/dist/testing/mock-rpc.js +14 -0
- package/dist/testing/mock-rpc.js.map +1 -1
- package/dist/testing/mock-state.js +2 -2
- package/dist/testing/mock-state.js.map +1 -1
- package/package.json +15 -3
- package/dist/integrations/protocol-handler.d.ts +0 -59
- package/dist/integrations/protocol-handler.d.ts.map +0 -1
- package/dist/integrations/protocol-handler.js +0 -9
- package/dist/integrations/protocol-handler.js.map +0 -1
package/dist/agent-errors.js
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* Every error includes a category, retryability flag, and
|
|
6
6
|
* recovery actions that tell the agent exactly what to do next.
|
|
7
7
|
*
|
|
8
|
-
* Maps all
|
|
8
|
+
* Maps all 88 on-chain error codes (6000-6087) plus 34 SDK
|
|
9
9
|
* error codes (7000-7033) to AgentError with machine-readable metadata.
|
|
10
10
|
*
|
|
11
11
|
* Zero dependency on @solana/web3.js or @coral-xyz/anchor.
|
|
@@ -130,23 +130,6 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
130
130
|
],
|
|
131
131
|
},
|
|
132
132
|
6007: {
|
|
133
|
-
name: "LeverageTooHigh",
|
|
134
|
-
message: "Leverage exceeds maximum allowed by policy",
|
|
135
|
-
category: "POLICY_VIOLATION",
|
|
136
|
-
retryable: false,
|
|
137
|
-
recovery_actions: [
|
|
138
|
-
{
|
|
139
|
-
action: "reduce_leverage",
|
|
140
|
-
description: "Reduce leverage to within maxLeverageBps",
|
|
141
|
-
},
|
|
142
|
-
{
|
|
143
|
-
action: "check_limits",
|
|
144
|
-
description: "Check the vault's maxLeverageBps policy",
|
|
145
|
-
tool: "sigil_check_vault",
|
|
146
|
-
},
|
|
147
|
-
],
|
|
148
|
-
},
|
|
149
|
-
6008: {
|
|
150
133
|
name: "SessionNotAuthorized",
|
|
151
134
|
message: "Session authority not authorized for this action",
|
|
152
135
|
category: "PERMISSION",
|
|
@@ -158,7 +141,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
158
141
|
},
|
|
159
142
|
],
|
|
160
143
|
},
|
|
161
|
-
|
|
144
|
+
6008: {
|
|
162
145
|
name: "InvalidSession",
|
|
163
146
|
message: "Session does not belong to this vault or is invalid",
|
|
164
147
|
category: "PERMISSION",
|
|
@@ -170,7 +153,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
170
153
|
},
|
|
171
154
|
],
|
|
172
155
|
},
|
|
173
|
-
|
|
156
|
+
6009: {
|
|
174
157
|
name: "TooManyAllowedProtocols",
|
|
175
158
|
message: "Policy configuration has too many allowed protocols (max 10)",
|
|
176
159
|
category: "INPUT_VALIDATION",
|
|
@@ -182,7 +165,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
182
165
|
},
|
|
183
166
|
],
|
|
184
167
|
},
|
|
185
|
-
|
|
168
|
+
6010: {
|
|
186
169
|
name: "AgentAlreadyRegistered",
|
|
187
170
|
message: "Agent is already registered on this vault",
|
|
188
171
|
category: "INPUT_VALIDATION",
|
|
@@ -195,7 +178,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
195
178
|
},
|
|
196
179
|
],
|
|
197
180
|
},
|
|
198
|
-
|
|
181
|
+
6011: {
|
|
199
182
|
name: "NoAgentRegistered",
|
|
200
183
|
message: "No agent registered on this vault",
|
|
201
184
|
category: "RESOURCE_NOT_FOUND",
|
|
@@ -208,7 +191,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
208
191
|
},
|
|
209
192
|
],
|
|
210
193
|
},
|
|
211
|
-
|
|
194
|
+
6012: {
|
|
212
195
|
name: "VaultNotFrozen",
|
|
213
196
|
message: "Vault is not frozen (expected frozen for reactivation)",
|
|
214
197
|
category: "INPUT_VALIDATION",
|
|
@@ -221,7 +204,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
221
204
|
},
|
|
222
205
|
],
|
|
223
206
|
},
|
|
224
|
-
|
|
207
|
+
6013: {
|
|
225
208
|
name: "VaultAlreadyClosed",
|
|
226
209
|
message: "Vault is permanently closed",
|
|
227
210
|
category: "INPUT_VALIDATION",
|
|
@@ -234,7 +217,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
234
217
|
},
|
|
235
218
|
],
|
|
236
219
|
},
|
|
237
|
-
|
|
220
|
+
6014: {
|
|
238
221
|
name: "InsufficientBalance",
|
|
239
222
|
message: "Insufficient vault balance for this operation",
|
|
240
223
|
category: "SPENDING_CAP",
|
|
@@ -255,7 +238,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
255
238
|
},
|
|
256
239
|
],
|
|
257
240
|
},
|
|
258
|
-
|
|
241
|
+
6015: {
|
|
259
242
|
name: "DeveloperFeeTooHigh",
|
|
260
243
|
message: "Developer fee rate exceeds maximum (500 / 1,000,000 = 5 BPS)",
|
|
261
244
|
category: "INPUT_VALIDATION",
|
|
@@ -267,7 +250,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
267
250
|
},
|
|
268
251
|
],
|
|
269
252
|
},
|
|
270
|
-
|
|
253
|
+
6016: {
|
|
271
254
|
name: "InvalidFeeDestination",
|
|
272
255
|
message: "Fee destination account is invalid",
|
|
273
256
|
category: "INPUT_VALIDATION",
|
|
@@ -279,7 +262,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
279
262
|
},
|
|
280
263
|
],
|
|
281
264
|
},
|
|
282
|
-
|
|
265
|
+
6017: {
|
|
283
266
|
name: "InvalidProtocolTreasury",
|
|
284
267
|
message: "Protocol treasury account does not match expected address",
|
|
285
268
|
category: "INPUT_VALIDATION",
|
|
@@ -291,7 +274,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
291
274
|
},
|
|
292
275
|
],
|
|
293
276
|
},
|
|
294
|
-
|
|
277
|
+
6018: {
|
|
295
278
|
name: "InvalidAgentKey",
|
|
296
279
|
message: "Agent cannot be the zero address",
|
|
297
280
|
category: "INPUT_VALIDATION",
|
|
@@ -303,7 +286,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
303
286
|
},
|
|
304
287
|
],
|
|
305
288
|
},
|
|
306
|
-
|
|
289
|
+
6019: {
|
|
307
290
|
name: "AgentIsOwner",
|
|
308
291
|
message: "Agent cannot be the vault owner",
|
|
309
292
|
category: "INPUT_VALIDATION",
|
|
@@ -315,7 +298,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
315
298
|
},
|
|
316
299
|
],
|
|
317
300
|
},
|
|
318
|
-
|
|
301
|
+
6020: {
|
|
319
302
|
name: "Overflow",
|
|
320
303
|
message: "Arithmetic overflow in on-chain computation",
|
|
321
304
|
category: "FATAL",
|
|
@@ -327,7 +310,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
327
310
|
},
|
|
328
311
|
],
|
|
329
312
|
},
|
|
330
|
-
|
|
313
|
+
6021: {
|
|
331
314
|
name: "InvalidTokenAccount",
|
|
332
315
|
message: "Token account does not belong to vault or has wrong mint",
|
|
333
316
|
category: "INPUT_VALIDATION",
|
|
@@ -340,7 +323,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
340
323
|
],
|
|
341
324
|
},
|
|
342
325
|
// --- Timelock + Destination errors ---
|
|
343
|
-
|
|
326
|
+
6022: {
|
|
344
327
|
name: "TimelockNotExpired",
|
|
345
328
|
message: "Timelock period has not expired yet",
|
|
346
329
|
category: "POLICY_VIOLATION",
|
|
@@ -353,7 +336,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
353
336
|
},
|
|
354
337
|
],
|
|
355
338
|
},
|
|
356
|
-
|
|
339
|
+
6023: {
|
|
357
340
|
name: "NoTimelockConfigured",
|
|
358
341
|
message: "No timelock configured on this vault",
|
|
359
342
|
category: "INPUT_VALIDATION",
|
|
@@ -365,7 +348,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
365
348
|
},
|
|
366
349
|
],
|
|
367
350
|
},
|
|
368
|
-
|
|
351
|
+
6024: {
|
|
369
352
|
name: "DestinationNotAllowed",
|
|
370
353
|
message: "Destination address not in vault's allowed destinations list",
|
|
371
354
|
category: "POLICY_VIOLATION",
|
|
@@ -382,7 +365,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
382
365
|
},
|
|
383
366
|
],
|
|
384
367
|
},
|
|
385
|
-
|
|
368
|
+
6025: {
|
|
386
369
|
name: "TooManyDestinations",
|
|
387
370
|
message: "Too many destinations in allowlist (max 10)",
|
|
388
371
|
category: "INPUT_VALIDATION",
|
|
@@ -394,7 +377,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
394
377
|
},
|
|
395
378
|
],
|
|
396
379
|
},
|
|
397
|
-
|
|
380
|
+
6026: {
|
|
398
381
|
name: "InvalidProtocolMode",
|
|
399
382
|
message: "Invalid protocol mode (must be 0=all, 1=allowlist, or 2=denylist)",
|
|
400
383
|
category: "INPUT_VALIDATION",
|
|
@@ -407,19 +390,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
407
390
|
],
|
|
408
391
|
},
|
|
409
392
|
// --- Flash Trade expansion errors ---
|
|
410
|
-
|
|
411
|
-
name: "InvalidNonSpendingAmount",
|
|
412
|
-
message: "Non-spending action must have amount = 0",
|
|
413
|
-
category: "INPUT_VALIDATION",
|
|
414
|
-
retryable: false,
|
|
415
|
-
recovery_actions: [
|
|
416
|
-
{
|
|
417
|
-
action: "set_zero_amount",
|
|
418
|
-
description: "Set amount to 0 for non-spending actions (close, cancel, etc.)",
|
|
419
|
-
},
|
|
420
|
-
],
|
|
421
|
-
},
|
|
422
|
-
6029: {
|
|
393
|
+
6027: {
|
|
423
394
|
name: "CpiCallNotAllowed",
|
|
424
395
|
message: "Instruction must be top-level (CPI calls not allowed for validate/finalize)",
|
|
425
396
|
category: "FATAL",
|
|
@@ -431,7 +402,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
431
402
|
},
|
|
432
403
|
],
|
|
433
404
|
},
|
|
434
|
-
|
|
405
|
+
6028: {
|
|
435
406
|
name: "MissingFinalizeInstruction",
|
|
436
407
|
message: "Transaction must include finalize_session after validate_and_authorize",
|
|
437
408
|
category: "INPUT_VALIDATION",
|
|
@@ -444,7 +415,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
444
415
|
],
|
|
445
416
|
},
|
|
446
417
|
// --- Stablecoin-only enforcement errors ---
|
|
447
|
-
|
|
418
|
+
6029: {
|
|
448
419
|
name: "NonTrackedSwapMustReturnStablecoin",
|
|
449
420
|
message: "Non-stablecoin swap must return stablecoin (vault stablecoin balance did not increase)",
|
|
450
421
|
category: "INPUT_VALIDATION",
|
|
@@ -456,7 +427,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
456
427
|
},
|
|
457
428
|
],
|
|
458
429
|
},
|
|
459
|
-
|
|
430
|
+
6030: {
|
|
460
431
|
name: "SwapSlippageExceeded",
|
|
461
432
|
message: "Swap slippage exceeds policy max_slippage_bps or quoted output is zero",
|
|
462
433
|
category: "POLICY_VIOLATION",
|
|
@@ -473,7 +444,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
473
444
|
},
|
|
474
445
|
],
|
|
475
446
|
},
|
|
476
|
-
|
|
447
|
+
6031: {
|
|
477
448
|
name: "InvalidJupiterInstruction",
|
|
478
449
|
message: "Cannot parse Jupiter swap instruction data",
|
|
479
450
|
category: "INPUT_VALIDATION",
|
|
@@ -485,7 +456,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
485
456
|
},
|
|
486
457
|
],
|
|
487
458
|
},
|
|
488
|
-
|
|
459
|
+
6032: {
|
|
489
460
|
name: "UnauthorizedTokenTransfer",
|
|
490
461
|
message: "Top-level SPL Token transfer not allowed between validate and finalize",
|
|
491
462
|
category: "POLICY_VIOLATION",
|
|
@@ -497,7 +468,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
497
468
|
},
|
|
498
469
|
],
|
|
499
470
|
},
|
|
500
|
-
|
|
471
|
+
6033: {
|
|
501
472
|
name: "SlippageBpsTooHigh",
|
|
502
473
|
message: "Slippage BPS exceeds maximum allowed (5000 = 50%)",
|
|
503
474
|
category: "INPUT_VALIDATION",
|
|
@@ -509,7 +480,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
509
480
|
},
|
|
510
481
|
],
|
|
511
482
|
},
|
|
512
|
-
|
|
483
|
+
6034: {
|
|
513
484
|
name: "ProtocolMismatch",
|
|
514
485
|
message: "DeFi instruction program does not match the declared target_protocol",
|
|
515
486
|
category: "INPUT_VALIDATION",
|
|
@@ -521,7 +492,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
521
492
|
},
|
|
522
493
|
],
|
|
523
494
|
},
|
|
524
|
-
|
|
495
|
+
6035: {
|
|
525
496
|
name: "TooManyDeFiInstructions",
|
|
526
497
|
message: "Non-stablecoin swap allows exactly one DeFi instruction",
|
|
527
498
|
category: "INPUT_VALIDATION",
|
|
@@ -534,7 +505,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
534
505
|
],
|
|
535
506
|
},
|
|
536
507
|
// --- Multi-Agent errors ---
|
|
537
|
-
|
|
508
|
+
6036: {
|
|
538
509
|
name: "MaxAgentsReached",
|
|
539
510
|
message: "Maximum agents per vault reached (limit: 10)",
|
|
540
511
|
category: "INPUT_VALIDATION",
|
|
@@ -547,7 +518,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
547
518
|
},
|
|
548
519
|
],
|
|
549
520
|
},
|
|
550
|
-
|
|
521
|
+
6037: {
|
|
551
522
|
name: "InsufficientPermissions",
|
|
552
523
|
message: "Agent lacks permission for this action type",
|
|
553
524
|
category: "PERMISSION",
|
|
@@ -564,7 +535,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
564
535
|
},
|
|
565
536
|
],
|
|
566
537
|
},
|
|
567
|
-
|
|
538
|
+
6038: {
|
|
568
539
|
name: "InvalidPermissions",
|
|
569
540
|
message: "Capability exceeds the on-chain maximum (valid values: 0 = Disabled, 1 = Observer, 2 = Operator)",
|
|
570
541
|
category: "INPUT_VALIDATION",
|
|
@@ -577,7 +548,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
577
548
|
],
|
|
578
549
|
},
|
|
579
550
|
// --- Escrow errors ---
|
|
580
|
-
|
|
551
|
+
6039: {
|
|
581
552
|
name: "EscrowNotActive",
|
|
582
553
|
message: "Escrow is not in Active status",
|
|
583
554
|
category: "RESOURCE_NOT_FOUND",
|
|
@@ -589,7 +560,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
589
560
|
},
|
|
590
561
|
],
|
|
591
562
|
},
|
|
592
|
-
|
|
563
|
+
6040: {
|
|
593
564
|
name: "EscrowExpired",
|
|
594
565
|
message: "Escrow has expired — can only be refunded now",
|
|
595
566
|
category: "RESOURCE_NOT_FOUND",
|
|
@@ -602,7 +573,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
602
573
|
},
|
|
603
574
|
],
|
|
604
575
|
},
|
|
605
|
-
|
|
576
|
+
6041: {
|
|
606
577
|
name: "EscrowNotExpired",
|
|
607
578
|
message: "Escrow has not expired yet — cannot refund before expiry",
|
|
608
579
|
category: "INPUT_VALIDATION",
|
|
@@ -619,7 +590,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
619
590
|
},
|
|
620
591
|
],
|
|
621
592
|
},
|
|
622
|
-
|
|
593
|
+
6042: {
|
|
623
594
|
name: "InvalidEscrowVault",
|
|
624
595
|
message: "Invalid escrow vault — source or destination vault mismatch",
|
|
625
596
|
category: "INPUT_VALIDATION",
|
|
@@ -631,7 +602,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
631
602
|
},
|
|
632
603
|
],
|
|
633
604
|
},
|
|
634
|
-
|
|
605
|
+
6043: {
|
|
635
606
|
name: "EscrowConditionsNotMet",
|
|
636
607
|
message: "Escrow settlement conditions not met (SHA-256 proof invalid)",
|
|
637
608
|
category: "INPUT_VALIDATION",
|
|
@@ -643,7 +614,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
643
614
|
},
|
|
644
615
|
],
|
|
645
616
|
},
|
|
646
|
-
|
|
617
|
+
6044: {
|
|
647
618
|
name: "EscrowDurationExceeded",
|
|
648
619
|
message: "Escrow duration exceeds maximum (30 days)",
|
|
649
620
|
category: "INPUT_VALIDATION",
|
|
@@ -656,7 +627,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
656
627
|
],
|
|
657
628
|
},
|
|
658
629
|
// --- Instruction constraints errors ---
|
|
659
|
-
|
|
630
|
+
6045: {
|
|
660
631
|
name: "InvalidConstraintConfig",
|
|
661
632
|
message: "Invalid constraint configuration: bounds exceeded",
|
|
662
633
|
category: "INPUT_VALIDATION",
|
|
@@ -668,7 +639,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
668
639
|
},
|
|
669
640
|
],
|
|
670
641
|
},
|
|
671
|
-
|
|
642
|
+
6046: {
|
|
672
643
|
name: "ConstraintViolated",
|
|
673
644
|
message: "Instruction violated a configured constraint",
|
|
674
645
|
category: "POLICY_VIOLATION",
|
|
@@ -685,7 +656,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
685
656
|
},
|
|
686
657
|
],
|
|
687
658
|
},
|
|
688
|
-
|
|
659
|
+
6047: {
|
|
689
660
|
name: "InvalidConstraintsPda",
|
|
690
661
|
message: "Invalid constraints PDA: wrong owner or vault",
|
|
691
662
|
category: "INPUT_VALIDATION",
|
|
@@ -697,7 +668,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
697
668
|
},
|
|
698
669
|
],
|
|
699
670
|
},
|
|
700
|
-
|
|
671
|
+
6048: {
|
|
701
672
|
name: "InvalidPendingConstraintsPda",
|
|
702
673
|
message: "Invalid pending constraints PDA: wrong owner or vault",
|
|
703
674
|
category: "INPUT_VALIDATION",
|
|
@@ -710,7 +681,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
710
681
|
],
|
|
711
682
|
},
|
|
712
683
|
// --- Per-agent spend limit errors ---
|
|
713
|
-
|
|
684
|
+
6049: {
|
|
714
685
|
name: "AgentSpendLimitExceeded",
|
|
715
686
|
message: "Agent's rolling 24h spend exceeds their individual spending limit",
|
|
716
687
|
category: "SPENDING_CAP",
|
|
@@ -732,7 +703,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
732
703
|
},
|
|
733
704
|
],
|
|
734
705
|
},
|
|
735
|
-
|
|
706
|
+
6050: {
|
|
736
707
|
name: "OverlaySlotExhausted",
|
|
737
708
|
message: "Per-agent overlay is full — cannot register agent with spending limit",
|
|
738
709
|
category: "INPUT_VALIDATION",
|
|
@@ -745,7 +716,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
745
716
|
},
|
|
746
717
|
],
|
|
747
718
|
},
|
|
748
|
-
|
|
719
|
+
6051: {
|
|
749
720
|
name: "AgentSlotNotFound",
|
|
750
721
|
message: "Agent has per-agent spending limit but no overlay tracking slot",
|
|
751
722
|
category: "RESOURCE_NOT_FOUND",
|
|
@@ -757,7 +728,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
757
728
|
},
|
|
758
729
|
],
|
|
759
730
|
},
|
|
760
|
-
|
|
731
|
+
6052: {
|
|
761
732
|
name: "UnauthorizedTokenApproval",
|
|
762
733
|
message: "Unauthorized SPL Token Approve detected between validate and finalize",
|
|
763
734
|
category: "POLICY_VIOLATION",
|
|
@@ -769,7 +740,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
769
740
|
},
|
|
770
741
|
],
|
|
771
742
|
},
|
|
772
|
-
|
|
743
|
+
6053: {
|
|
773
744
|
name: "InvalidSessionExpiry",
|
|
774
745
|
message: "Session expiry slots out of range (10-450)",
|
|
775
746
|
category: "INPUT_VALIDATION",
|
|
@@ -781,7 +752,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
781
752
|
},
|
|
782
753
|
],
|
|
783
754
|
},
|
|
784
|
-
|
|
755
|
+
6054: {
|
|
785
756
|
name: "UnconstrainedProgramBlocked",
|
|
786
757
|
message: "Program has no constraint entry and strict mode is enabled",
|
|
787
758
|
category: "POLICY_VIOLATION",
|
|
@@ -799,7 +770,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
799
770
|
],
|
|
800
771
|
},
|
|
801
772
|
// --- Per-protocol spend cap errors ---
|
|
802
|
-
|
|
773
|
+
6055: {
|
|
803
774
|
name: "ProtocolCapExceeded",
|
|
804
775
|
message: "Per-protocol rolling 24h spending cap would be exceeded",
|
|
805
776
|
category: "SPENDING_CAP",
|
|
@@ -820,7 +791,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
820
791
|
},
|
|
821
792
|
],
|
|
822
793
|
},
|
|
823
|
-
|
|
794
|
+
6056: {
|
|
824
795
|
name: "ProtocolCapsMismatch",
|
|
825
796
|
message: "protocol_caps length must match protocols length when has_protocol_caps is true",
|
|
826
797
|
category: "INPUT_VALIDATION",
|
|
@@ -833,7 +804,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
833
804
|
],
|
|
834
805
|
},
|
|
835
806
|
// --- Vault closure guard errors ---
|
|
836
|
-
|
|
807
|
+
6057: {
|
|
837
808
|
name: "ActiveEscrowsExist",
|
|
838
809
|
message: "Active escrow deposits exist — close them before closing vault",
|
|
839
810
|
category: "RESOURCE_NOT_FOUND",
|
|
@@ -845,7 +816,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
845
816
|
},
|
|
846
817
|
],
|
|
847
818
|
},
|
|
848
|
-
|
|
819
|
+
6058: {
|
|
849
820
|
name: "ConstraintsNotClosed",
|
|
850
821
|
message: "Instruction constraints PDA still exists — close it before closing vault",
|
|
851
822
|
category: "RESOURCE_NOT_FOUND",
|
|
@@ -857,7 +828,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
857
828
|
},
|
|
858
829
|
],
|
|
859
830
|
},
|
|
860
|
-
|
|
831
|
+
6059: {
|
|
861
832
|
name: "PendingPolicyExists",
|
|
862
833
|
message: "A pending policy update exists — apply or cancel it before closing vault",
|
|
863
834
|
category: "RESOURCE_NOT_FOUND",
|
|
@@ -870,7 +841,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
870
841
|
],
|
|
871
842
|
},
|
|
872
843
|
// --- Agent pause errors ---
|
|
873
|
-
|
|
844
|
+
6060: {
|
|
874
845
|
name: "AgentPaused",
|
|
875
846
|
message: "Agent is paused — unpause before executing actions",
|
|
876
847
|
category: "PERMISSION",
|
|
@@ -882,7 +853,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
882
853
|
},
|
|
883
854
|
],
|
|
884
855
|
},
|
|
885
|
-
|
|
856
|
+
6061: {
|
|
886
857
|
name: "AgentAlreadyPaused",
|
|
887
858
|
message: "Agent is already paused",
|
|
888
859
|
category: "INPUT_VALIDATION",
|
|
@@ -894,7 +865,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
894
865
|
},
|
|
895
866
|
],
|
|
896
867
|
},
|
|
897
|
-
|
|
868
|
+
6062: {
|
|
898
869
|
name: "AgentNotPaused",
|
|
899
870
|
message: "Agent is not paused — cannot unpause",
|
|
900
871
|
category: "INPUT_VALIDATION",
|
|
@@ -906,7 +877,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
906
877
|
},
|
|
907
878
|
],
|
|
908
879
|
},
|
|
909
|
-
|
|
880
|
+
6063: {
|
|
910
881
|
name: "UnauthorizedPostFinalizeInstruction",
|
|
911
882
|
message: "Instructions after finalize_session must be ComputeBudget or SystemProgram only",
|
|
912
883
|
category: "POLICY_VIOLATION",
|
|
@@ -918,7 +889,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
918
889
|
},
|
|
919
890
|
],
|
|
920
891
|
},
|
|
921
|
-
|
|
892
|
+
6064: {
|
|
922
893
|
name: "UnexpectedBalanceDecrease",
|
|
923
894
|
message: "Vault stablecoin balance decreased more than the session authorized amount. " +
|
|
924
895
|
"This indicates a compromised DeFi program attempted to drain vault tokens via CPI.",
|
|
@@ -938,7 +909,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
938
909
|
],
|
|
939
910
|
},
|
|
940
911
|
// --- TOCTOU + timelock hardening errors ---
|
|
941
|
-
|
|
912
|
+
6065: {
|
|
942
913
|
name: "TimelockTooShort",
|
|
943
914
|
message: "Timelock duration is below the minimum (1800 seconds / 30 minutes).",
|
|
944
915
|
category: "INPUT_VALIDATION",
|
|
@@ -950,7 +921,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
950
921
|
},
|
|
951
922
|
],
|
|
952
923
|
},
|
|
953
|
-
|
|
924
|
+
6066: {
|
|
954
925
|
name: "PolicyVersionMismatch",
|
|
955
926
|
message: "Policy version changed since agent's last RPC read. Re-resolve vault state and retry.",
|
|
956
927
|
category: "TRANSIENT",
|
|
@@ -963,31 +934,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
963
934
|
},
|
|
964
935
|
],
|
|
965
936
|
},
|
|
966
|
-
|
|
967
|
-
name: "PendingAgentPermsExists",
|
|
968
|
-
message: "A pending agent permissions update already exists for this agent.",
|
|
969
|
-
category: "RESOURCE_NOT_FOUND",
|
|
970
|
-
retryable: false,
|
|
971
|
-
recovery_actions: [
|
|
972
|
-
{
|
|
973
|
-
action: "apply_or_cancel_pending",
|
|
974
|
-
description: "Apply or cancel the existing pending update before queuing a new one.",
|
|
975
|
-
},
|
|
976
|
-
],
|
|
977
|
-
},
|
|
978
|
-
6070: {
|
|
979
|
-
name: "PendingCloseConstraintsExists",
|
|
980
|
-
message: "A pending close constraints operation already exists for this vault.",
|
|
981
|
-
category: "RESOURCE_NOT_FOUND",
|
|
982
|
-
retryable: false,
|
|
983
|
-
recovery_actions: [
|
|
984
|
-
{
|
|
985
|
-
action: "apply_or_cancel_pending",
|
|
986
|
-
description: "Apply or cancel the existing pending close constraints before queuing a new one.",
|
|
987
|
-
},
|
|
988
|
-
],
|
|
989
|
-
},
|
|
990
|
-
6071: {
|
|
937
|
+
6067: {
|
|
991
938
|
name: "ActiveSessionsExist",
|
|
992
939
|
message: "Cannot close vault with active sessions. Finalize all pending sessions first.",
|
|
993
940
|
category: "POLICY_VIOLATION",
|
|
@@ -1001,7 +948,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
1001
948
|
],
|
|
1002
949
|
},
|
|
1003
950
|
// --- Post-execution assertions (Phase B scaffolding) ---
|
|
1004
|
-
|
|
951
|
+
6068: {
|
|
1005
952
|
name: "PostAssertionFailed",
|
|
1006
953
|
message: "Post-execution assertion failed: account state did not satisfy constraint.",
|
|
1007
954
|
category: "POLICY_VIOLATION",
|
|
@@ -1013,7 +960,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
1013
960
|
},
|
|
1014
961
|
],
|
|
1015
962
|
},
|
|
1016
|
-
|
|
963
|
+
6069: {
|
|
1017
964
|
name: "InvalidPostAssertionIndex",
|
|
1018
965
|
message: "Post-assertion references an invalid instruction index.",
|
|
1019
966
|
category: "INPUT_VALIDATION",
|
|
@@ -1025,7 +972,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
1025
972
|
},
|
|
1026
973
|
],
|
|
1027
974
|
},
|
|
1028
|
-
|
|
975
|
+
6070: {
|
|
1029
976
|
name: "UnauthorizedPreValidateInstruction",
|
|
1030
977
|
message: "Non-infrastructure instruction detected before validate_and_authorize.",
|
|
1031
978
|
category: "PERMISSION",
|
|
@@ -1037,7 +984,7 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
1037
984
|
},
|
|
1038
985
|
],
|
|
1039
986
|
},
|
|
1040
|
-
|
|
987
|
+
6071: {
|
|
1041
988
|
name: "SnapshotNotCaptured",
|
|
1042
989
|
message: "Delta assertion snapshot was not captured in validate_and_authorize.",
|
|
1043
990
|
category: "INPUT_VALIDATION",
|
|
@@ -1049,63 +996,201 @@ export const ON_CHAIN_ERROR_MAP = {
|
|
|
1049
996
|
},
|
|
1050
997
|
],
|
|
1051
998
|
},
|
|
999
|
+
6072: {
|
|
1000
|
+
name: "InvalidConstraintOperator",
|
|
1001
|
+
message: "Constraint operator value is not a valid ConstraintOperator discriminant.",
|
|
1002
|
+
category: "INPUT_VALIDATION",
|
|
1003
|
+
retryable: false,
|
|
1004
|
+
recovery_actions: [
|
|
1005
|
+
{
|
|
1006
|
+
action: "fix_constraints",
|
|
1007
|
+
description: "Ensure constraint operators are valid (0-6).",
|
|
1008
|
+
},
|
|
1009
|
+
],
|
|
1010
|
+
},
|
|
1011
|
+
6073: {
|
|
1012
|
+
name: "ConstraintsVaultMismatch",
|
|
1013
|
+
message: "Zero-copy constraints account has wrong vault.",
|
|
1014
|
+
category: "INPUT_VALIDATION",
|
|
1015
|
+
retryable: false,
|
|
1016
|
+
recovery_actions: [
|
|
1017
|
+
{
|
|
1018
|
+
action: "verify_pda",
|
|
1019
|
+
description: "The constraints PDA does not belong to this vault.",
|
|
1020
|
+
},
|
|
1021
|
+
],
|
|
1022
|
+
},
|
|
1023
|
+
6074: {
|
|
1024
|
+
name: "BlockedSplOpcode",
|
|
1025
|
+
message: "SPL opcode is blocked at runtime and cannot be used in constraints.",
|
|
1026
|
+
category: "INPUT_VALIDATION",
|
|
1027
|
+
retryable: false,
|
|
1028
|
+
recovery_actions: [
|
|
1029
|
+
{
|
|
1030
|
+
action: "fix_constraints",
|
|
1031
|
+
description: "Remove blocked SPL opcode from the constraint entry — use allowlisted opcodes only.",
|
|
1032
|
+
},
|
|
1033
|
+
],
|
|
1034
|
+
},
|
|
1035
|
+
// F-10 audit fix: durable-nonce pre-signing defense
|
|
1036
|
+
6075: {
|
|
1037
|
+
name: "QueuedUpdateExpired",
|
|
1038
|
+
message: "Queued update is too old (>MAX_APPLY_AGE_SLOTS) — re-queue to apply. Defends against durable-nonce pre-signing.",
|
|
1039
|
+
category: "POLICY_VIOLATION",
|
|
1040
|
+
retryable: false,
|
|
1041
|
+
recovery_actions: [
|
|
1042
|
+
{
|
|
1043
|
+
action: "requeue",
|
|
1044
|
+
description: "Re-queue the update via queue_policy_update / queue_constraints_update / queue_close_constraints / queue_agent_permissions_update — the original queued update is past the freshness window.",
|
|
1045
|
+
},
|
|
1046
|
+
],
|
|
1047
|
+
},
|
|
1052
1048
|
6076: {
|
|
1053
|
-
name: "
|
|
1054
|
-
message: "
|
|
1049
|
+
name: "AccountWritabilityMismatch",
|
|
1050
|
+
message: "Account writability flag does not match the constraint requirement (read-only vs writable).",
|
|
1055
1051
|
category: "INPUT_VALIDATION",
|
|
1056
1052
|
retryable: false,
|
|
1057
1053
|
recovery_actions: [
|
|
1058
1054
|
{
|
|
1059
1055
|
action: "fix_constraints",
|
|
1060
|
-
description: "
|
|
1056
|
+
description: "Match the writability flag (read-only or writable) of the account passed to the instruction with the constraint's is_writable_required value.",
|
|
1061
1057
|
},
|
|
1062
1058
|
],
|
|
1063
1059
|
},
|
|
1060
|
+
// M11 SIMD-0296 pad-attack DoS guard
|
|
1064
1061
|
6077: {
|
|
1065
|
-
name: "
|
|
1066
|
-
message: "
|
|
1062
|
+
name: "SysvarScanBoundExceeded",
|
|
1063
|
+
message: "Sysvar instruction scan exceeded the per-tx safety bound (MAX_SYSVAR_SCAN_ITERATIONS=64).",
|
|
1067
1064
|
category: "INPUT_VALIDATION",
|
|
1068
1065
|
retryable: false,
|
|
1069
1066
|
recovery_actions: [
|
|
1070
1067
|
{
|
|
1071
|
-
action: "
|
|
1072
|
-
description: "
|
|
1068
|
+
action: "fix_transaction_shape",
|
|
1069
|
+
description: "Reduce the number of instructions in the transaction. The on-chain sysvar walk is bounded at 64 ix to defend against pad-attack DoS (M11 / SIMD-0296). Legitimate flows fit well under this cap.",
|
|
1073
1070
|
},
|
|
1074
1071
|
],
|
|
1075
1072
|
},
|
|
1073
|
+
// C4 audit fix: async-fulfillment program deny
|
|
1076
1074
|
6078: {
|
|
1077
|
-
name: "
|
|
1078
|
-
message: "
|
|
1079
|
-
category: "
|
|
1075
|
+
name: "AsyncFulfillmentNotPermitted",
|
|
1076
|
+
message: "Async-fulfillment programs (Jupiter Perps, Drift v2, Drift JIT) are not permitted in V1 — keeper-driven settlement happens after finalize_session returns and cannot be measured against the spending cap.",
|
|
1077
|
+
category: "POLICY_VIOLATION",
|
|
1080
1078
|
retryable: false,
|
|
1081
1079
|
recovery_actions: [
|
|
1082
1080
|
{
|
|
1083
|
-
action: "
|
|
1084
|
-
description: "
|
|
1081
|
+
action: "use_supported_protocol",
|
|
1082
|
+
description: "Use a synchronous protocol (Jupiter swap, Jupiter Lend, etc.). V1.1 will add a sanctioned async-friendly path with settlement-tracked counters or post-execution attestation.",
|
|
1085
1083
|
},
|
|
1086
1084
|
],
|
|
1087
1085
|
},
|
|
1086
|
+
// Orphan constraints PDA cleanup (F3-H1 audit fix)
|
|
1088
1087
|
6079: {
|
|
1089
|
-
name: "
|
|
1090
|
-
message: "Cannot
|
|
1088
|
+
name: "ConstraintsAlreadyPopulated",
|
|
1089
|
+
message: "Cannot clean an active constraints PDA via cleanup_orphan_constraints_pda — use queue_close_constraints + apply_close_constraints instead.",
|
|
1091
1090
|
category: "INPUT_VALIDATION",
|
|
1092
1091
|
retryable: false,
|
|
1093
1092
|
recovery_actions: [
|
|
1094
1093
|
{
|
|
1095
|
-
action: "
|
|
1096
|
-
description: "
|
|
1094
|
+
action: "use_close_path",
|
|
1095
|
+
description: "Route through the timelocked close-constraints path; the orphan-cleanup instruction only operates on never-populated PDAs (partial allocate+extend chain).",
|
|
1097
1096
|
},
|
|
1098
1097
|
],
|
|
1099
1098
|
},
|
|
1100
1099
|
6080: {
|
|
1101
|
-
name: "
|
|
1102
|
-
message: "
|
|
1100
|
+
name: "OrphanPdaWrongOwner",
|
|
1101
|
+
message: "PDA at the constraints seeds is not owned by the Sigil program.",
|
|
1103
1102
|
category: "INPUT_VALIDATION",
|
|
1104
1103
|
retryable: false,
|
|
1105
1104
|
recovery_actions: [
|
|
1106
1105
|
{
|
|
1107
|
-
action: "
|
|
1108
|
-
description: "
|
|
1106
|
+
action: "verify_pda",
|
|
1107
|
+
description: "Verify the PDA derivation: it must be owned by the Sigil program and match seeds (vault, constraints).",
|
|
1108
|
+
},
|
|
1109
|
+
],
|
|
1110
|
+
},
|
|
1111
|
+
6081: {
|
|
1112
|
+
name: "OrphanPdaPopulated",
|
|
1113
|
+
message: "PDA is fully populated (carries the Anchor discriminator) — not an orphan; cannot be cleaned.",
|
|
1114
|
+
category: "INPUT_VALIDATION",
|
|
1115
|
+
retryable: false,
|
|
1116
|
+
recovery_actions: [
|
|
1117
|
+
{
|
|
1118
|
+
action: "use_close_path",
|
|
1119
|
+
description: "Route fully-populated constraints PDAs through queue_close_constraints + apply_close_constraints.",
|
|
1120
|
+
},
|
|
1121
|
+
],
|
|
1122
|
+
},
|
|
1123
|
+
// PR 7: Token-2022 opcode blocks (M3 + Pentester HIGH/MED + third-pass audit)
|
|
1124
|
+
6082: {
|
|
1125
|
+
name: "ConfidentialTransferBlocked",
|
|
1126
|
+
message: "Token-2022 ConfidentialTransfer is not permitted between validate_and_authorize and finalize_session.",
|
|
1127
|
+
category: "POLICY_VIOLATION",
|
|
1128
|
+
retryable: false,
|
|
1129
|
+
recovery_actions: [
|
|
1130
|
+
{
|
|
1131
|
+
action: "use_supported_protocol",
|
|
1132
|
+
description: "Token-2022 ConfidentialTransfer (opcode 27/42) hides spending amounts from sysvar accounting and cannot be tracked. Use the standard SPL Token transfer or Jupiter swap path instead.",
|
|
1133
|
+
},
|
|
1134
|
+
],
|
|
1135
|
+
},
|
|
1136
|
+
6083: {
|
|
1137
|
+
name: "PermanentDelegateBlocked",
|
|
1138
|
+
message: "Token-2022 PermanentDelegate is not permitted between validate_and_authorize and finalize_session.",
|
|
1139
|
+
category: "POLICY_VIOLATION",
|
|
1140
|
+
retryable: false,
|
|
1141
|
+
recovery_actions: [
|
|
1142
|
+
{
|
|
1143
|
+
action: "use_supported_protocol",
|
|
1144
|
+
description: "Token-2022 PermanentDelegate (opcode 35) installs a session-bound delegate that survives finalize. Reject up-front; use a per-tx Approve instead.",
|
|
1145
|
+
},
|
|
1146
|
+
],
|
|
1147
|
+
},
|
|
1148
|
+
6084: {
|
|
1149
|
+
name: "TransferHookBlocked",
|
|
1150
|
+
message: "Token-2022 TransferHook is not permitted between validate_and_authorize and finalize_session.",
|
|
1151
|
+
category: "POLICY_VIOLATION",
|
|
1152
|
+
retryable: false,
|
|
1153
|
+
recovery_actions: [
|
|
1154
|
+
{
|
|
1155
|
+
action: "use_supported_protocol",
|
|
1156
|
+
description: "Token-2022 TransferHook (opcode 36) routes mid-tx control to attacker-chosen code. Use a non-hook mint or whitelist the hook program in V1.1.",
|
|
1157
|
+
},
|
|
1158
|
+
],
|
|
1159
|
+
},
|
|
1160
|
+
6085: {
|
|
1161
|
+
name: "LamportDrainBlocked",
|
|
1162
|
+
message: "Token-2022 destructive-balance instruction (opcode 38/45/46) is not permitted between validate_and_authorize and finalize_session.",
|
|
1163
|
+
category: "POLICY_VIOLATION",
|
|
1164
|
+
retryable: false,
|
|
1165
|
+
recovery_actions: [
|
|
1166
|
+
{
|
|
1167
|
+
action: "use_supported_protocol",
|
|
1168
|
+
description: "WithdrawExcessLamports/UnwrapLamports/PermissionedBurnExtension drain SOL or balances outside the spending-cap path. Block at the gate; V1.1 may add an owner-allowlist for legitimate uses.",
|
|
1169
|
+
},
|
|
1170
|
+
],
|
|
1171
|
+
},
|
|
1172
|
+
6086: {
|
|
1173
|
+
name: "BatchInstructionBlocked",
|
|
1174
|
+
message: "Token-2022 Batch instruction (opcode 255) is blocked outright — wraps inner instructions and bypasses the byte-0 blocklist.",
|
|
1175
|
+
category: "POLICY_VIOLATION",
|
|
1176
|
+
retryable: false,
|
|
1177
|
+
recovery_actions: [
|
|
1178
|
+
{
|
|
1179
|
+
action: "use_supported_protocol",
|
|
1180
|
+
description: "Token-2022 Batch (opcode 255) wraps inner TokenInstructions; the byte-0 blocklist cannot see them. Submit each inner ix as its own top-level instruction so guards can inspect each.",
|
|
1181
|
+
},
|
|
1182
|
+
],
|
|
1183
|
+
},
|
|
1184
|
+
// F-4 audit fix: explicit destination_mode (default Restricted closes default-allow drain)
|
|
1185
|
+
6087: {
|
|
1186
|
+
name: "InvalidDestinationMode",
|
|
1187
|
+
message: "Invalid destination mode (must be 0 = Restricted or 1 = OpenWithCap).",
|
|
1188
|
+
category: "INPUT_VALIDATION",
|
|
1189
|
+
retryable: false,
|
|
1190
|
+
recovery_actions: [
|
|
1191
|
+
{
|
|
1192
|
+
action: "fix_policy",
|
|
1193
|
+
description: "Pass destination_mode = 0 (Restricted, default) or 1 (OpenWithCap, explicit opt-in to drain blast radius).",
|
|
1109
1194
|
},
|
|
1110
1195
|
],
|
|
1111
1196
|
},
|
|
@@ -1609,7 +1694,7 @@ const SDK_ERRORS = {
|
|
|
1609
1694
|
* Convert any error into a structured AgentError.
|
|
1610
1695
|
*
|
|
1611
1696
|
* Handles:
|
|
1612
|
-
* - On-chain Anchor errors (code 6000-
|
|
1697
|
+
* - On-chain Anchor errors (code 6000-6087)
|
|
1613
1698
|
* - SDK errors (code 7000-7033)
|
|
1614
1699
|
* - Network/RPC errors (from message patterns)
|
|
1615
1700
|
* - Unknown errors (wrapped as FATAL)
|
|
@@ -1911,7 +1996,7 @@ function extractErrorCode(error) {
|
|
|
1911
1996
|
return null;
|
|
1912
1997
|
const e = error;
|
|
1913
1998
|
// Direct code property
|
|
1914
|
-
if (typeof e.code === "number" && e.code >= 6000 && e.code <=
|
|
1999
|
+
if (typeof e.code === "number" && e.code >= 6000 && e.code <= 6087)
|
|
1915
2000
|
return e.code;
|
|
1916
2001
|
// Anchor error structure
|
|
1917
2002
|
if (e.error && typeof e.error === "object") {
|
|
@@ -1927,7 +2012,7 @@ function extractErrorCode(error) {
|
|
|
1927
2012
|
const match = e.message.match(/custom program error: 0x([0-9a-fA-F]+)/);
|
|
1928
2013
|
if (match) {
|
|
1929
2014
|
const code = parseInt(match[1], 16);
|
|
1930
|
-
if (code >= 6000 && code <=
|
|
2015
|
+
if (code >= 6000 && code <= 6087)
|
|
1931
2016
|
return code;
|
|
1932
2017
|
}
|
|
1933
2018
|
}
|
|
@@ -2144,7 +2229,7 @@ export class SigilSdkError extends Error {
|
|
|
2144
2229
|
* Returns a SigilSdkError (extends Error) so instanceof Error checks still work.
|
|
2145
2230
|
*
|
|
2146
2231
|
* Processing order:
|
|
2147
|
-
* 1. Try on-chain error extraction via toAgentError() (numeric codes 6000-
|
|
2232
|
+
* 1. Try on-chain error extraction via toAgentError() (numeric codes 6000-6087)
|
|
2148
2233
|
* 2. Pattern-match SDK error messages (11 patterns from seal.ts throw sites)
|
|
2149
2234
|
* 3. Fallback to UNKNOWN/FATAL
|
|
2150
2235
|
*/
|