npm - @usesigil/kit - Versions diffs - 0.15.0 → 0.17.0 - Mend

@usesigil/kit 0.15.0 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (627) hide show

package/README.md +56 -0
package/dist/advanced-analytics.d.ts +3 -2
package/dist/advanced-analytics.d.ts.map +1 -1
package/dist/advanced-analytics.js +9 -42
package/dist/advanced-analytics.js.map +1 -1
package/dist/agent-bootstrap.d.ts +117 -0
package/dist/agent-bootstrap.d.ts.map +1 -0
package/dist/agent-bootstrap.js +211 -0
package/dist/agent-bootstrap.js.map +1 -0
package/dist/agent-errors.d.ts +20 -4
package/dist/agent-errors.d.ts.map +1 -1
package/dist/agent-errors.js +947 -377
package/dist/agent-errors.js.map +1 -1
package/dist/audit-log.d.ts +101 -0
package/dist/audit-log.d.ts.map +1 -0
package/dist/audit-log.js +145 -0
package/dist/audit-log.js.map +1 -0
package/dist/build-unsigned.d.ts +152 -0
package/dist/build-unsigned.d.ts.map +1 -0
package/dist/build-unsigned.js +152 -0
package/dist/build-unsigned.js.map +1 -0
package/dist/caip2-network.d.ts +171 -0
package/dist/caip2-network.d.ts.map +1 -0
package/dist/caip2-network.js +202 -0
package/dist/caip2-network.js.map +1 -0
package/dist/canonical-encode.d.ts +59 -0
package/dist/canonical-encode.d.ts.map +1 -0
package/dist/canonical-encode.js +141 -0
package/dist/canonical-encode.js.map +1 -0
package/dist/cosign-helper.d.ts +264 -0
package/dist/cosign-helper.d.ts.map +1 -0
package/dist/cosign-helper.js +147 -0
package/dist/cosign-helper.js.map +1 -0
package/dist/create-vault.d.ts +102 -1
package/dist/create-vault.d.ts.map +1 -1
package/dist/create-vault.js +108 -9
package/dist/create-vault.js.map +1 -1
package/dist/dashboard/close-vault.d.ts +110 -0
package/dist/dashboard/close-vault.d.ts.map +1 -0
package/dist/dashboard/close-vault.js +165 -0
package/dist/dashboard/close-vault.js.map +1 -0
package/dist/dashboard/errors.d.ts +37 -0
package/dist/dashboard/errors.d.ts.map +1 -1
package/dist/dashboard/errors.js +81 -1
package/dist/dashboard/errors.js.map +1 -1
package/dist/dashboard/from-json.d.ts.map +1 -1
package/dist/dashboard/from-json.js +1 -2
package/dist/dashboard/from-json.js.map +1 -1
package/dist/dashboard/index.d.ts +204 -31
package/dist/dashboard/index.d.ts.map +1 -1
package/dist/dashboard/index.js +290 -49
package/dist/dashboard/index.js.map +1 -1
package/dist/dashboard/mutations.d.ts +160 -10
package/dist/dashboard/mutations.d.ts.map +1 -1
package/dist/dashboard/mutations.js +584 -66
package/dist/dashboard/mutations.js.map +1 -1
package/dist/dashboard/post-assertion-validation.d.ts +88 -0
package/dist/dashboard/post-assertion-validation.d.ts.map +1 -0
package/dist/dashboard/post-assertion-validation.js +312 -0
package/dist/dashboard/post-assertion-validation.js.map +1 -0
package/dist/dashboard/reads.d.ts +92 -1
package/dist/dashboard/reads.d.ts.map +1 -1
package/dist/dashboard/reads.js +244 -26
package/dist/dashboard/reads.js.map +1 -1
package/dist/dashboard/types.d.ts +172 -21
package/dist/dashboard/types.d.ts.map +1 -1
package/dist/errors/agent-errors.generated.d.ts +21 -0
package/dist/errors/agent-errors.generated.d.ts.map +1 -0
package/dist/errors/agent-errors.generated.js +133 -0
package/dist/errors/agent-errors.generated.js.map +1 -0
package/dist/errors/codes.d.ts +21 -2
package/dist/errors/codes.d.ts.map +1 -1
package/dist/errors/codes.js +20 -1
package/dist/errors/codes.js.map +1 -1
package/dist/errors/context.d.ts +9 -1
package/dist/errors/context.d.ts.map +1 -1
package/dist/event-analytics.d.ts +1 -3
package/dist/event-analytics.d.ts.map +1 -1
package/dist/event-analytics.js +28 -81
package/dist/event-analytics.js.map +1 -1
package/dist/events.d.ts.map +1 -1
package/dist/events.js +23 -13
package/dist/events.js.map +1 -1
package/dist/generated/accounts/agentSpendOverlay.d.ts +60 -0
package/dist/generated/accounts/agentSpendOverlay.d.ts.map +1 -1
package/dist/generated/accounts/agentSpendOverlay.js +6 -2
package/dist/generated/accounts/agentSpendOverlay.js.map +1 -1
package/dist/generated/accounts/agentVault.d.ts +168 -4
package/dist/generated/accounts/agentVault.d.ts.map +1 -1
package/dist/generated/accounts/agentVault.js +11 -3
package/dist/generated/accounts/agentVault.js.map +1 -1
package/dist/generated/accounts/auditLogRejected.d.ts +66 -0
package/dist/generated/accounts/auditLogRejected.d.ts.map +1 -0
package/dist/generated/accounts/auditLogRejected.js +68 -0
package/dist/generated/accounts/auditLogRejected.js.map +1 -0
package/dist/generated/accounts/auditLogSuccess.d.ts +78 -0
package/dist/generated/accounts/auditLogSuccess.d.ts.map +1 -0
package/dist/generated/accounts/auditLogSuccess.js +68 -0
package/dist/generated/accounts/auditLogSuccess.js.map +1 -0
package/dist/generated/accounts/index.d.ts +4 -4
package/dist/generated/accounts/index.d.ts.map +1 -1
package/dist/generated/accounts/index.js +4 -4
package/dist/generated/accounts/index.js.map +1 -1
package/dist/generated/accounts/pendingAgentGrant.d.ts +199 -0
package/dist/generated/accounts/pendingAgentGrant.d.ts.map +1 -0
package/dist/generated/accounts/pendingAgentGrant.js +75 -0
package/dist/generated/accounts/pendingAgentGrant.js.map +1 -0
package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts +76 -0
package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts.map +1 -1
package/dist/generated/accounts/pendingAgentPermissionsUpdate.js +9 -1
package/dist/generated/accounts/pendingAgentPermissionsUpdate.js.map +1 -1
package/dist/generated/accounts/pendingOwnershipTransfer.d.ts +131 -0
package/dist/generated/accounts/pendingOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/accounts/pendingOwnershipTransfer.js +76 -0
package/dist/generated/accounts/pendingOwnershipTransfer.js.map +1 -0
package/dist/generated/accounts/pendingPolicyUpdate.d.ts +220 -4
package/dist/generated/accounts/pendingPolicyUpdate.d.ts.map +1 -1
package/dist/generated/accounts/pendingPolicyUpdate.js +25 -5
package/dist/generated/accounts/pendingPolicyUpdate.js.map +1 -1
package/dist/generated/accounts/policyConfig.d.ts +495 -34
package/dist/generated/accounts/policyConfig.d.ts.map +1 -1
package/dist/generated/accounts/policyConfig.js +34 -7
package/dist/generated/accounts/policyConfig.js.map +1 -1
package/dist/generated/accounts/postExecutionAssertions.d.ts +2 -2
package/dist/generated/accounts/postExecutionAssertions.d.ts.map +1 -1
package/dist/generated/accounts/postExecutionAssertions.js +3 -3
package/dist/generated/accounts/sessionAuthority.d.ts +154 -12
package/dist/generated/accounts/sessionAuthority.d.ts.map +1 -1
package/dist/generated/accounts/sessionAuthority.js +12 -10
package/dist/generated/accounts/sessionAuthority.js.map +1 -1
package/dist/generated/accounts/spendTracker.d.ts +83 -3
package/dist/generated/accounts/spendTracker.d.ts.map +1 -1
package/dist/generated/accounts/spendTracker.js +14 -2
package/dist/generated/accounts/spendTracker.js.map +1 -1
package/dist/generated/errors/sigil.d.ts +160 -100
package/dist/generated/errors/sigil.d.ts.map +1 -1
package/dist/generated/errors/sigil.js +214 -124
package/dist/generated/errors/sigil.js.map +1 -1
package/dist/generated/event-discriminators.d.ts.map +1 -1
package/dist/generated/event-discriminators.js +11 -13
package/dist/generated/event-discriminators.js.map +1 -1
package/dist/generated/instructions/acceptOwnershipTransfer.d.ts +142 -0
package/dist/generated/instructions/acceptOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/instructions/acceptOwnershipTransfer.js +171 -0
package/dist/generated/instructions/acceptOwnershipTransfer.js.map +1 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts +142 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts.map +1 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.js +171 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.js.map +1 -0
package/dist/generated/instructions/applyAgentGrant.d.ts +100 -0
package/dist/generated/instructions/applyAgentGrant.d.ts.map +1 -0
package/dist/generated/instructions/{applyConstraintsUpdate.js → applyAgentGrant.js} +66 -42
package/dist/generated/instructions/applyAgentGrant.js.map +1 -0
package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts +31 -8
package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts.map +1 -1
package/dist/generated/instructions/applyAgentPermissionsUpdate.js +38 -2
package/dist/generated/instructions/applyAgentPermissionsUpdate.js.map +1 -1
package/dist/generated/instructions/applyPendingPolicy.d.ts +18 -7
package/dist/generated/instructions/applyPendingPolicy.d.ts.map +1 -1
package/dist/generated/instructions/applyPendingPolicy.js +38 -2
package/dist/generated/instructions/applyPendingPolicy.js.map +1 -1
package/dist/generated/instructions/cancelAgentGrant.d.ts +106 -0
package/dist/generated/instructions/cancelAgentGrant.d.ts.map +1 -0
package/dist/generated/instructions/{allocatePendingConstraintsPda.js → cancelAgentGrant.js} +54 -42
package/dist/generated/instructions/cancelAgentGrant.js.map +1 -0
package/dist/generated/instructions/cancelOwnershipTransfer.d.ts +121 -0
package/dist/generated/instructions/cancelOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/instructions/{queueCloseConstraints.js → cancelOwnershipTransfer.js} +58 -44
package/dist/generated/instructions/cancelOwnershipTransfer.js.map +1 -0
package/dist/generated/instructions/closePostAssertions.d.ts +6 -1
package/dist/generated/instructions/closePostAssertions.d.ts.map +1 -1
package/dist/generated/instructions/closePostAssertions.js +11 -3
package/dist/generated/instructions/closePostAssertions.js.map +1 -1
package/dist/generated/instructions/closeVault.d.ts +40 -8
package/dist/generated/instructions/closeVault.d.ts.map +1 -1
package/dist/generated/instructions/closeVault.js +40 -2
package/dist/generated/instructions/closeVault.js.map +1 -1
package/dist/generated/instructions/createPostAssertions.d.ts +4 -0
package/dist/generated/instructions/createPostAssertions.d.ts.map +1 -1
package/dist/generated/instructions/createPostAssertions.js +2 -0
package/dist/generated/instructions/createPostAssertions.js.map +1 -1
package/dist/generated/instructions/depositFunds.d.ts +21 -10
package/dist/generated/instructions/depositFunds.d.ts.map +1 -1
package/dist/generated/instructions/depositFunds.js +37 -2
package/dist/generated/instructions/depositFunds.js.map +1 -1
package/dist/generated/instructions/finalizeSession.d.ts +49 -7
package/dist/generated/instructions/finalizeSession.d.ts.map +1 -1
package/dist/generated/instructions/finalizeSession.js +59 -2
package/dist/generated/instructions/finalizeSession.js.map +1 -1
package/dist/generated/instructions/freezeVault.d.ts +39 -5
package/dist/generated/instructions/freezeVault.d.ts.map +1 -1
package/dist/generated/instructions/freezeVault.js +77 -5
package/dist/generated/instructions/freezeVault.js.map +1 -1
package/dist/generated/instructions/index.d.ts +10 -14
package/dist/generated/instructions/index.d.ts.map +1 -1
package/dist/generated/instructions/index.js +10 -14
package/dist/generated/instructions/index.js.map +1 -1
package/dist/generated/instructions/initializeVault.d.ts +79 -13
package/dist/generated/instructions/initializeVault.d.ts.map +1 -1
package/dist/generated/instructions/initializeVault.js +57 -5
package/dist/generated/instructions/initializeVault.js.map +1 -1
package/dist/generated/instructions/initiateOwnershipTransfer.d.ts +106 -0
package/dist/generated/instructions/initiateOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/instructions/initiateOwnershipTransfer.js +181 -0
package/dist/generated/instructions/initiateOwnershipTransfer.js.map +1 -0
package/dist/generated/instructions/pauseAgent.d.ts +49 -5
package/dist/generated/instructions/pauseAgent.d.ts.map +1 -1
package/dist/generated/instructions/pauseAgent.js +80 -5
package/dist/generated/instructions/pauseAgent.js.map +1 -1
package/dist/generated/instructions/promoteGraylistDestination.d.ts +56 -0
package/dist/generated/instructions/promoteGraylistDestination.d.ts.map +1 -0
package/dist/generated/instructions/{createInstructionConstraints.js → promoteGraylistDestination.js} +23 -40
package/dist/generated/instructions/promoteGraylistDestination.js.map +1 -0
package/dist/generated/instructions/queueAgentGrant.d.ts +113 -0
package/dist/generated/instructions/queueAgentGrant.d.ts.map +1 -0
package/dist/generated/instructions/queueAgentGrant.js +181 -0
package/dist/generated/instructions/queueAgentGrant.js.map +1 -0
package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts +8 -0
package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts.map +1 -1
package/dist/generated/instructions/queueAgentPermissionsUpdate.js +4 -0
package/dist/generated/instructions/queueAgentPermissionsUpdate.js.map +1 -1
package/dist/generated/instructions/queuePolicyUpdate.d.ts +40 -8
package/dist/generated/instructions/queuePolicyUpdate.d.ts.map +1 -1
package/dist/generated/instructions/queuePolicyUpdate.js +21 -5
package/dist/generated/instructions/queuePolicyUpdate.js.map +1 -1
package/dist/generated/instructions/reactivateVault.d.ts +71 -5
package/dist/generated/instructions/reactivateVault.d.ts.map +1 -1
package/dist/generated/instructions/reactivateVault.js +80 -5
package/dist/generated/instructions/reactivateVault.js.map +1 -1
package/dist/generated/instructions/recordAgentViolation.d.ts +89 -0
package/dist/generated/instructions/recordAgentViolation.d.ts.map +1 -0
package/dist/generated/instructions/recordAgentViolation.js +152 -0
package/dist/generated/instructions/recordAgentViolation.js.map +1 -0
package/dist/generated/instructions/registerAgent.d.ts +84 -6
package/dist/generated/instructions/registerAgent.d.ts.map +1 -1
package/dist/generated/instructions/registerAgent.js +81 -4
package/dist/generated/instructions/registerAgent.js.map +1 -1
package/dist/generated/instructions/revokeAgent.d.ts +49 -6
package/dist/generated/instructions/revokeAgent.d.ts.map +1 -1
package/dist/generated/instructions/revokeAgent.js +81 -4
package/dist/generated/instructions/revokeAgent.js.map +1 -1
package/dist/generated/instructions/setObserveOnly.d.ts +56 -0
package/dist/generated/instructions/setObserveOnly.d.ts.map +1 -0
package/dist/generated/instructions/setObserveOnly.js +111 -0
package/dist/generated/instructions/setObserveOnly.js.map +1 -0
package/dist/generated/instructions/unpauseAgent.d.ts +46 -5
package/dist/generated/instructions/unpauseAgent.d.ts.map +1 -1
package/dist/generated/instructions/unpauseAgent.js +80 -5
package/dist/generated/instructions/unpauseAgent.js.map +1 -1
package/dist/generated/instructions/validateAndAuthorize.d.ts +29 -0
package/dist/generated/instructions/validateAndAuthorize.d.ts.map +1 -1
package/dist/generated/instructions/validateAndAuthorize.js +4 -0
package/dist/generated/instructions/validateAndAuthorize.js.map +1 -1
package/dist/generated/instructions/withdrawFunds.d.ts +53 -11
package/dist/generated/instructions/withdrawFunds.d.ts.map +1 -1
package/dist/generated/instructions/withdrawFunds.js +51 -2
package/dist/generated/instructions/withdrawFunds.js.map +1 -1
package/dist/generated/programs/sigil.d.ts +79 -95
package/dist/generated/programs/sigil.d.ts.map +1 -1
package/dist/generated/programs/sigil.js +139 -187
package/dist/generated/programs/sigil.js.map +1 -1
package/dist/generated/types/actionAuthorized.d.ts +0 -2
package/dist/generated/types/actionAuthorized.d.ts.map +1 -1
package/dist/generated/types/actionAuthorized.js +0 -2
package/dist/generated/types/actionAuthorized.js.map +1 -1
package/dist/generated/types/agentAutoRevoked.d.ts +31 -0
package/dist/generated/types/agentAutoRevoked.d.ts.map +1 -0
package/dist/generated/types/{pdaAllocated.js → agentAutoRevoked.js} +12 -10
package/dist/generated/types/agentAutoRevoked.js.map +1 -0
package/dist/generated/types/agentEntry.d.ts +48 -0
package/dist/generated/types/agentEntry.d.ts.map +1 -1
package/dist/generated/types/agentEntry.js +4 -2
package/dist/generated/types/agentEntry.js.map +1 -1
package/dist/generated/types/agentGrantApplied.d.ts +38 -0
package/dist/generated/types/agentGrantApplied.d.ts.map +1 -0
package/dist/generated/types/agentGrantApplied.js +34 -0
package/dist/generated/types/agentGrantApplied.js.map +1 -0
package/dist/generated/types/agentGrantCancelled.d.ts +33 -0
package/dist/generated/types/agentGrantCancelled.d.ts.map +1 -0
package/dist/generated/types/agentGrantCancelled.js +28 -0
package/dist/generated/types/agentGrantCancelled.js.map +1 -0
package/dist/generated/types/agentGrantQueued.d.ts +38 -0
package/dist/generated/types/agentGrantQueued.d.ts.map +1 -0
package/dist/generated/types/agentGrantQueued.js +32 -0
package/dist/generated/types/agentGrantQueued.js.map +1 -0
package/dist/generated/types/auditEntry.d.ts +120 -0
package/dist/generated/types/auditEntry.d.ts.map +1 -0
package/dist/generated/types/auditEntry.js +34 -0
package/dist/generated/types/auditEntry.js.map +1 -0
package/dist/generated/types/destinationGraylistEntry.d.ts +32 -0
package/dist/generated/types/destinationGraylistEntry.d.ts.map +1 -0
package/dist/generated/types/destinationGraylistEntry.js +24 -0
package/dist/generated/types/destinationGraylistEntry.js.map +1 -0
package/dist/generated/types/graylistEntered.d.ts +31 -0
package/dist/generated/types/graylistEntered.d.ts.map +1 -0
package/dist/generated/types/graylistEntered.js +30 -0
package/dist/generated/types/graylistEntered.js.map +1 -0
package/dist/generated/types/graylistPromoted.d.ts +29 -0
package/dist/generated/types/graylistPromoted.d.ts.map +1 -0
package/dist/generated/types/graylistPromoted.js +28 -0
package/dist/generated/types/graylistPromoted.js.map +1 -0
package/dist/generated/types/index.d.ts +13 -21
package/dist/generated/types/index.d.ts.map +1 -1
package/dist/generated/types/index.js +13 -21
package/dist/generated/types/index.js.map +1 -1
package/dist/generated/types/observeOnlyChanged.d.ts +33 -0
package/dist/generated/types/observeOnlyChanged.d.ts.map +1 -0
package/dist/generated/types/observeOnlyChanged.js +32 -0
package/dist/generated/types/observeOnlyChanged.js.map +1 -0
package/dist/generated/types/ownershipTransferAccepted.d.ts +32 -0
package/dist/generated/types/ownershipTransferAccepted.d.ts.map +1 -0
package/dist/generated/types/ownershipTransferAccepted.js +30 -0
package/dist/generated/types/ownershipTransferAccepted.js.map +1 -0
package/dist/generated/types/ownershipTransferCancelled.d.ts +29 -0
package/dist/generated/types/ownershipTransferCancelled.d.ts.map +1 -0
package/dist/generated/types/ownershipTransferCancelled.js +28 -0
package/dist/generated/types/ownershipTransferCancelled.js.map +1 -0
package/dist/generated/types/ownershipTransferInitiated.d.ts +33 -0
package/dist/generated/types/ownershipTransferInitiated.d.ts.map +1 -0
package/dist/generated/types/ownershipTransferInitiated.js +30 -0
package/dist/generated/types/ownershipTransferInitiated.js.map +1 -0
package/dist/generated/types/perRecipientCounter.d.ts +61 -0
package/dist/generated/types/perRecipientCounter.d.ts.map +1 -0
package/dist/generated/types/perRecipientCounter.js +26 -0
package/dist/generated/types/perRecipientCounter.js.map +1 -0
package/dist/generated/types/postAssertionEntry.d.ts +14 -7
package/dist/generated/types/postAssertionEntry.d.ts.map +1 -1
package/dist/generated/types/postAssertionEntry.js +5 -7
package/dist/generated/types/postAssertionEntry.js.map +1 -1
package/dist/generated/types/postAssertionEntryZC.d.ts +53 -22
package/dist/generated/types/postAssertionEntryZC.d.ts.map +1 -1
package/dist/generated/types/postAssertionEntryZC.js +4 -6
package/dist/generated/types/postAssertionEntryZC.js.map +1 -1
package/dist/generated/types/sessionFinalized.d.ts +0 -4
package/dist/generated/types/sessionFinalized.d.ts.map +1 -1
package/dist/generated/types/sessionFinalized.js +0 -2
package/dist/generated/types/sessionFinalized.js.map +1 -1
package/dist/generated/types/vaultFrozen.d.ts +26 -0
package/dist/generated/types/vaultFrozen.d.ts.map +1 -1
package/dist/generated/types/vaultFrozen.js +5 -1
package/dist/generated/types/vaultFrozen.js.map +1 -1
package/dist/index.d.ts +35 -6
package/dist/index.d.ts.map +1 -1
package/dist/index.js +81 -7
package/dist/index.js.map +1 -1
package/dist/inscribe.d.ts +0 -4
package/dist/inscribe.d.ts.map +1 -1
package/dist/inscribe.js +0 -1
package/dist/inscribe.js.map +1 -1
package/dist/inspector.d.ts +0 -23
package/dist/inspector.d.ts.map +1 -1
package/dist/inspector.js +0 -52
package/dist/inspector.js.map +1 -1
package/dist/kit-adapter.d.ts +1 -1
package/dist/kit-adapter.d.ts.map +1 -1
package/dist/kit-adapter.js +1 -1
package/dist/kit-adapter.js.map +1 -1
package/dist/logger.d.ts +48 -0
package/dist/logger.d.ts.map +1 -1
package/dist/logger.js +36 -0
package/dist/logger.js.map +1 -1
package/dist/multisig-detection.d.ts +83 -0
package/dist/multisig-detection.d.ts.map +1 -0
package/dist/multisig-detection.js +128 -0
package/dist/multisig-detection.js.map +1 -0
package/dist/owner-transaction.d.ts +8 -0
package/dist/owner-transaction.d.ts.map +1 -1
package/dist/owner-transaction.js +1 -0
package/dist/owner-transaction.js.map +1 -1
package/dist/ownership-transfer.d.ts +79 -0
package/dist/ownership-transfer.d.ts.map +1 -0
package/dist/ownership-transfer.js +66 -0
package/dist/ownership-transfer.js.map +1 -0
package/dist/policy/compute-cosign-digest.d.ts +193 -0
package/dist/policy/compute-cosign-digest.d.ts.map +1 -0
package/dist/policy/compute-cosign-digest.js +318 -0
package/dist/policy/compute-cosign-digest.js.map +1 -0
package/dist/policy/compute-policy-preview-digest.d.ts +258 -0
package/dist/policy/compute-policy-preview-digest.d.ts.map +1 -0
package/dist/policy/compute-policy-preview-digest.js +351 -0
package/dist/policy/compute-policy-preview-digest.js.map +1 -0
package/dist/policy-attestation.d.ts +51 -0
package/dist/policy-attestation.d.ts.map +1 -0
package/dist/policy-attestation.js +43 -0
package/dist/policy-attestation.js.map +1 -0
package/dist/presets.d.ts +1 -7
package/dist/presets.d.ts.map +1 -1
package/dist/presets.js +0 -5
package/dist/presets.js.map +1 -1
package/dist/preview-create-vault.d.ts +280 -0
package/dist/preview-create-vault.d.ts.map +1 -0
package/dist/preview-create-vault.js +498 -0
package/dist/preview-create-vault.js.map +1 -0
package/dist/resolve-accounts.d.ts +75 -10
package/dist/resolve-accounts.d.ts.map +1 -1
package/dist/resolve-accounts.js +68 -32
package/dist/resolve-accounts.js.map +1 -1
package/dist/rpc-helpers.d.ts +29 -3
package/dist/rpc-helpers.d.ts.map +1 -1
package/dist/rpc-helpers.js +51 -12
package/dist/rpc-helpers.js.map +1 -1
package/dist/seal/intent-digest.d.ts +195 -0
package/dist/seal/intent-digest.d.ts.map +1 -0
package/dist/seal/intent-digest.js +372 -0
package/dist/seal/intent-digest.js.map +1 -0
package/dist/seal.d.ts +166 -3
package/dist/seal.d.ts.map +1 -1
package/dist/seal.js +428 -8
package/dist/seal.js.map +1 -1
package/dist/security-analytics.d.ts +3 -3
package/dist/security-analytics.d.ts.map +1 -1
package/dist/security-analytics.js +13 -128
package/dist/security-analytics.js.map +1 -1
package/dist/session-mint.d.ts +72 -0
package/dist/session-mint.d.ts.map +1 -0
package/dist/session-mint.js +59 -0
package/dist/session-mint.js.map +1 -0
package/dist/sigil.d.ts +0 -4
package/dist/sigil.d.ts.map +1 -1
package/dist/simulation.d.ts +19 -0
package/dist/simulation.d.ts.map +1 -1
package/dist/simulation.js +211 -138
package/dist/simulation.js.map +1 -1
package/dist/squads-detection.d.ts +135 -0
package/dist/squads-detection.d.ts.map +1 -0
package/dist/squads-detection.js +124 -0
package/dist/squads-detection.js.map +1 -0
package/dist/state-resolver.d.ts +0 -16
package/dist/state-resolver.d.ts.map +1 -1
package/dist/state-resolver.js +162 -97
package/dist/state-resolver.js.map +1 -1
package/dist/testing/devnet.d.ts +40 -1
package/dist/testing/devnet.d.ts.map +1 -1
package/dist/testing/devnet.js +333 -45
package/dist/testing/devnet.js.map +1 -1
package/dist/testing/errors/expect.d.ts +137 -0
package/dist/testing/errors/expect.d.ts.map +1 -0
package/dist/testing/errors/expect.js +372 -0
package/dist/testing/errors/expect.js.map +1 -0
package/dist/testing/errors/index.d.ts +3 -0
package/dist/testing/errors/index.d.ts.map +1 -0
package/dist/testing/errors/index.js +8 -0
package/dist/testing/errors/index.js.map +1 -0
package/dist/testing/errors/names.generated.d.ts +211 -0
package/dist/testing/errors/names.generated.d.ts.map +1 -0
package/dist/testing/errors/names.generated.js +206 -0
package/dist/testing/errors/names.generated.js.map +1 -0
package/dist/testing/index.d.ts +1 -0
package/dist/testing/index.d.ts.map +1 -1
package/dist/testing/index.js +8 -0
package/dist/testing/index.js.map +1 -1
package/dist/testing/mock-rpc.d.ts +16 -0
package/dist/testing/mock-rpc.d.ts.map +1 -1
package/dist/testing/mock-rpc.js +27 -0
package/dist/testing/mock-rpc.js.map +1 -1
package/dist/testing/mock-state.d.ts +2 -0
package/dist/testing/mock-state.d.ts.map +1 -1
package/dist/testing/mock-state.js +45 -6
package/dist/testing/mock-state.js.map +1 -1
package/dist/types.d.ts +5 -15
package/dist/types.d.ts.map +1 -1
package/dist/types.js +11 -69
package/dist/types.js.map +1 -1
package/dist/vault-analytics.d.ts +0 -2
package/dist/vault-analytics.d.ts.map +1 -1
package/dist/vault-analytics.js +1 -9
package/dist/vault-analytics.js.map +1 -1
package/package.json +12 -5
package/dist/dashboard/constraint-reads.d.ts +0 -50
package/dist/dashboard/constraint-reads.d.ts.map +0 -1
package/dist/dashboard/constraint-reads.js +0 -119
package/dist/dashboard/constraint-reads.js.map +0 -1
package/dist/generated/accounts/escrowDeposit.d.ts +0 -50
package/dist/generated/accounts/escrowDeposit.d.ts.map +0 -1
package/dist/generated/accounts/escrowDeposit.js +0 -76
package/dist/generated/accounts/escrowDeposit.js.map +0 -1
package/dist/generated/accounts/instructionConstraints.d.ts +0 -46
package/dist/generated/accounts/instructionConstraints.d.ts.map +0 -1
package/dist/generated/accounts/instructionConstraints.js +0 -73
package/dist/generated/accounts/instructionConstraints.js.map +0 -1
package/dist/generated/accounts/pendingCloseConstraints.d.ts +0 -37
package/dist/generated/accounts/pendingCloseConstraints.d.ts.map +0 -1
package/dist/generated/accounts/pendingCloseConstraints.js +0 -66
package/dist/generated/accounts/pendingCloseConstraints.js.map +0 -1
package/dist/generated/accounts/pendingConstraintsUpdate.d.ts +0 -62
package/dist/generated/accounts/pendingConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/accounts/pendingConstraintsUpdate.js +0 -75
package/dist/generated/accounts/pendingConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/allocateConstraintsPda.d.ts +0 -62
package/dist/generated/instructions/allocateConstraintsPda.d.ts.map +0 -1
package/dist/generated/instructions/allocateConstraintsPda.js +0 -134
package/dist/generated/instructions/allocateConstraintsPda.js.map +0 -1
package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts +0 -66
package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts.map +0 -1
package/dist/generated/instructions/allocatePendingConstraintsPda.js.map +0 -1
package/dist/generated/instructions/applyCloseConstraints.d.ts +0 -59
package/dist/generated/instructions/applyCloseConstraints.d.ts.map +0 -1
package/dist/generated/instructions/applyCloseConstraints.js +0 -143
package/dist/generated/instructions/applyCloseConstraints.js.map +0 -1
package/dist/generated/instructions/applyConstraintsUpdate.d.ts +0 -62
package/dist/generated/instructions/applyConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/instructions/applyConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/cancelCloseConstraints.d.ts +0 -51
package/dist/generated/instructions/cancelCloseConstraints.d.ts.map +0 -1
package/dist/generated/instructions/cancelCloseConstraints.js +0 -115
package/dist/generated/instructions/cancelCloseConstraints.js.map +0 -1
package/dist/generated/instructions/cancelConstraintsUpdate.d.ts +0 -51
package/dist/generated/instructions/cancelConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/instructions/cancelConstraintsUpdate.js +0 -115
package/dist/generated/instructions/cancelConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/closeSettledEscrow.d.ts +0 -72
package/dist/generated/instructions/closeSettledEscrow.d.ts.map +0 -1
package/dist/generated/instructions/closeSettledEscrow.js +0 -127
package/dist/generated/instructions/closeSettledEscrow.js.map +0 -1
package/dist/generated/instructions/createEscrow.d.ts +0 -131
package/dist/generated/instructions/createEscrow.d.ts.map +0 -1
package/dist/generated/instructions/createEscrow.js +0 -272
package/dist/generated/instructions/createEscrow.js.map +0 -1
package/dist/generated/instructions/createInstructionConstraints.d.ts +0 -68
package/dist/generated/instructions/createInstructionConstraints.d.ts.map +0 -1
package/dist/generated/instructions/createInstructionConstraints.js.map +0 -1
package/dist/generated/instructions/extendPda.d.ts +0 -52
package/dist/generated/instructions/extendPda.d.ts.map +0 -1
package/dist/generated/instructions/extendPda.js +0 -86
package/dist/generated/instructions/extendPda.js.map +0 -1
package/dist/generated/instructions/queueCloseConstraints.d.ts +0 -66
package/dist/generated/instructions/queueCloseConstraints.d.ts.map +0 -1
package/dist/generated/instructions/queueCloseConstraints.js.map +0 -1
package/dist/generated/instructions/queueConstraintsUpdate.d.ts +0 -75
package/dist/generated/instructions/queueConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/instructions/queueConstraintsUpdate.js +0 -154
package/dist/generated/instructions/queueConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/refundEscrow.d.ts +0 -74
package/dist/generated/instructions/refundEscrow.d.ts.map +0 -1
package/dist/generated/instructions/refundEscrow.js +0 -142
package/dist/generated/instructions/refundEscrow.js.map +0 -1
package/dist/generated/instructions/settleEscrow.d.ts +0 -80
package/dist/generated/instructions/settleEscrow.d.ts.map +0 -1
package/dist/generated/instructions/settleEscrow.js +0 -173
package/dist/generated/instructions/settleEscrow.js.map +0 -1
package/dist/generated/types/accountConstraint.d.ts +0 -18
package/dist/generated/types/accountConstraint.d.ts.map +0 -1
package/dist/generated/types/accountConstraint.js +0 -24
package/dist/generated/types/accountConstraint.js.map +0 -1
package/dist/generated/types/accountConstraintZC.d.ts +0 -18
package/dist/generated/types/accountConstraintZC.d.ts.map +0 -1
package/dist/generated/types/accountConstraintZC.js +0 -26
package/dist/generated/types/accountConstraintZC.js.map +0 -1
package/dist/generated/types/closeConstraintsApplied.d.ts +0 -20
package/dist/generated/types/closeConstraintsApplied.d.ts.map +0 -1
package/dist/generated/types/closeConstraintsApplied.js +0 -24
package/dist/generated/types/closeConstraintsApplied.js.map +0 -1
package/dist/generated/types/closeConstraintsCancelled.d.ts +0 -16
package/dist/generated/types/closeConstraintsCancelled.d.ts.map +0 -1
package/dist/generated/types/closeConstraintsCancelled.js +0 -18
package/dist/generated/types/closeConstraintsCancelled.js.map +0 -1
package/dist/generated/types/closeConstraintsQueued.d.ts +0 -20
package/dist/generated/types/closeConstraintsQueued.d.ts.map +0 -1
package/dist/generated/types/closeConstraintsQueued.js +0 -24
package/dist/generated/types/closeConstraintsQueued.js.map +0 -1
package/dist/generated/types/constraintEntry.d.ts +0 -39
package/dist/generated/types/constraintEntry.d.ts.map +0 -1
package/dist/generated/types/constraintEntry.js +0 -31
package/dist/generated/types/constraintEntry.js.map +0 -1
package/dist/generated/types/constraintEntryZC.d.ts +0 -68
package/dist/generated/types/constraintEntryZC.d.ts.map +0 -1
package/dist/generated/types/constraintEntryZC.js +0 -49
package/dist/generated/types/constraintEntryZC.js.map +0 -1
package/dist/generated/types/constraintOperator.d.ts +0 -22
package/dist/generated/types/constraintOperator.d.ts.map +0 -1
package/dist/generated/types/constraintOperator.js +0 -28
package/dist/generated/types/constraintOperator.js.map +0 -1
package/dist/generated/types/constraintsChangeApplied.d.ts +0 -30
package/dist/generated/types/constraintsChangeApplied.d.ts.map +0 -1
package/dist/generated/types/constraintsChangeApplied.js +0 -32
package/dist/generated/types/constraintsChangeApplied.js.map +0 -1
package/dist/generated/types/constraintsChangeCancelled.d.ts +0 -16
package/dist/generated/types/constraintsChangeCancelled.d.ts.map +0 -1
package/dist/generated/types/constraintsChangeCancelled.js +0 -18
package/dist/generated/types/constraintsChangeCancelled.js.map +0 -1
package/dist/generated/types/constraintsChangeQueued.d.ts +0 -30
package/dist/generated/types/constraintsChangeQueued.d.ts.map +0 -1
package/dist/generated/types/constraintsChangeQueued.js +0 -32
package/dist/generated/types/constraintsChangeQueued.js.map +0 -1
package/dist/generated/types/dataConstraint.d.ts +0 -23
package/dist/generated/types/dataConstraint.d.ts.map +0 -1
package/dist/generated/types/dataConstraint.js +0 -27
package/dist/generated/types/dataConstraint.js.map +0 -1
package/dist/generated/types/dataConstraintZC.d.ts +0 -20
package/dist/generated/types/dataConstraintZC.d.ts.map +0 -1
package/dist/generated/types/dataConstraintZC.js +0 -30
package/dist/generated/types/dataConstraintZC.js.map +0 -1
package/dist/generated/types/discriminatorFormat.d.ts +0 -25
package/dist/generated/types/discriminatorFormat.d.ts.map +0 -1
package/dist/generated/types/discriminatorFormat.js +0 -31
package/dist/generated/types/discriminatorFormat.js.map +0 -1
package/dist/generated/types/escrowCreated.d.ts +0 -30
package/dist/generated/types/escrowCreated.d.ts.map +0 -1
package/dist/generated/types/escrowCreated.js +0 -34
package/dist/generated/types/escrowCreated.js.map +0 -1
package/dist/generated/types/escrowRefunded.d.ts +0 -26
package/dist/generated/types/escrowRefunded.d.ts.map +0 -1
package/dist/generated/types/escrowRefunded.js +0 -30
package/dist/generated/types/escrowRefunded.js.map +0 -1
package/dist/generated/types/escrowSettled.d.ts +0 -26
package/dist/generated/types/escrowSettled.d.ts.map +0 -1
package/dist/generated/types/escrowSettled.js +0 -30
package/dist/generated/types/escrowSettled.js.map +0 -1
package/dist/generated/types/escrowStatus.d.ts +0 -18
package/dist/generated/types/escrowStatus.d.ts.map +0 -1
package/dist/generated/types/escrowStatus.js +0 -24
package/dist/generated/types/escrowStatus.js.map +0 -1
package/dist/generated/types/instructionConstraintsCreated.d.ts +0 -34
package/dist/generated/types/instructionConstraintsCreated.d.ts.map +0 -1
package/dist/generated/types/instructionConstraintsCreated.js +0 -36
package/dist/generated/types/instructionConstraintsCreated.js.map +0 -1
package/dist/generated/types/pdaAllocated.d.ts +0 -24
package/dist/generated/types/pdaAllocated.d.ts.map +0 -1
package/dist/generated/types/pdaAllocated.js.map +0 -1
package/dist/generated/types/pdaExtended.d.ts +0 -24
package/dist/generated/types/pdaExtended.d.ts.map +0 -1
package/dist/generated/types/pdaExtended.js +0 -28
package/dist/generated/types/pdaExtended.js.map +0 -1
package/dist/integrations/protocol-handler.d.ts +0 -59
package/dist/integrations/protocol-handler.d.ts.map +0 -1
package/dist/integrations/protocol-handler.js +0 -9
package/dist/integrations/protocol-handler.js.map +0 -1

package/dist/policy/compute-cosign-digest.d.ts ADDED Viewed

@@ -0,0 +1,193 @@
+/**
+ * TA-09 — Canonical cosign digest (SDK side).
+ *
+ * Mirrors `programs/sigil/src/utils/cosign_digest.rs` exactly. The SDK
+ * computes this off-chain, the owner+cosigner sign `queue_policy_update` with
+ * the cosign session pubkey as an arg. The on-chain handler:
+ *   1. At queue time, recomputes the digest from the resulting pending args +
+ *      the cosign session pubkey and stores it on `PendingPolicyUpdate`.
+ *   2. At apply time, recomputes it AGAIN from the persisted pending args and
+ *      asserts byte-equality. Any tamper of pending args between queue and
+ *      apply (e.g. a future discriminator-collision attack on the pending PDA)
+ *      produces a digest mismatch and a hard reject (`ErrCosignRequired`,
+ *      6089).
+ *
+ * The cosign digest is INTENTIONALLY narrower than TA-19 `policy_preview_digest`:
+ * only the FIELDS that participate in "elevated mutation" detection are in
+ * scope. Non-elevated fields (developer_fee_rate, max_slippage_bps,
+ * session_expiry_seconds, timelock_duration narrowing, protocol_mode,
+ * destination_mode, operating_hours, etc.) do NOT require cosign and are NOT
+ * bound by THIS digest — they are still bound by TA-19
+ * `policy_preview_digest` at queue time.
+ *
+ * Round 2 B4 F-1 fix (audit 2026-05-19): the cosign-digest binding now
+ * extends to all G3 + G6 elevation triggers that were previously NOT bound:
+ *   - `stable_balance_floor` (G3)            — LOWERING weakens custody
+ *   - `per_recipient_daily_cap_usd` (G3)     — RAISING widens spend
+ *   - `has_protocol_caps` (G3)               — disabling protocol caps
+ *   - `protocol_caps` (G3)                   — shrinking individual caps
+ *   - `cosign_required` (G6)                 — disabling cosign one-way
+ * Without this binding, a tampered SDK or discriminator-collision attack
+ * could mutate the pending PDA between queue and apply on those triggers
+ * without producing a cosign-digest mismatch (TA-19's policy_preview_digest
+ * binds them at the *policy* level but the cosign-binding promise is "the
+ * session signature covers the SAME pending args the owner signed").
+ *
+ * CANONICAL ENCODING (FIXED — DO NOT REORDER, APPEND-ONLY):
+ *   1. cosign_session: Pubkey (32 bytes raw)
+ *   2. daily_spending_cap_usd: Option<u64>
+ *        - tag: 1 byte (0=None, 1=Some)
+ *        - payload (if Some): u64 LE (8 bytes)
+ *   3. max_transaction_amount_usd: Option<u64>
+ *        - same shape as #2
+ *   4. allowed_destinations: Option<Vec<Pubkey>>
+ *        - tag: 1 byte (0=None, 1=Some)
+ *        - payload (if Some): u32 LE length (4 bytes) ++ each Pubkey 32 bytes
+ *   5. protocols: Option<Vec<Pubkey>>
+ *        - same shape as #4
+ *   6. stable_balance_floor: Option<u64>        (B4 F-1)
+ *        - same shape as #2
+ *   7. per_recipient_daily_cap_usd: Option<u64> (B4 F-1)
+ *        - same shape as #2
+ *   8. has_protocol_caps: Option<bool>          (B4 F-1)
+ *        - tag: 1 byte (0=None, 1=Some)
+ *        - payload (if Some): 1 byte (0/1)
+ *   9. protocol_caps: Option<Vec<u64>>          (B4 F-1)
+ *        - tag: 1 byte (0=None, 1=Some)
+ *        - payload (if Some): u32 LE length (4 bytes) ++ each u64 8 bytes LE
+ *  10. cosign_required: Option<bool>            (B4 F-1)
+ *        - same shape as #8
+ *
+ * Total bounded by MAX_ALLOWED_PROTOCOLS=10 + MAX_ALLOWED_DESTINATIONS=10 at
+ * 32 bytes each + MAX_PROTOCOL_CAPS=10 * 8 + fixed scalars ≈ 805 bytes worst
+ * case.
+ *
+ * Forward-compat note: per the on-chain comment, the canonical encoding here
+ * is APPEND-ONLY — new fields land at the END to preserve replayable digests
+ * for in-flight pending PDAs across upgrades.
+ */
+import type { Address } from "../kit-adapter.js";
+/**
+ * Canonical cosign-digest input shape. Matches the on-chain
+ * `CosignDigestFields` struct in `programs/sigil/src/utils/cosign_digest.rs`
+ * exactly.
+ *
+ * Optional fields:
+ *   - `null` or `undefined` → Option::None on-chain (tag byte = 0, no payload).
+ *   - non-null value         → Option::Some on-chain (tag byte = 1 + payload).
+ *
+ * Note that the discriminator is load-bearing: `None` vs `Some(0)` produce
+ * DIFFERENT digests. The on-chain handler's "is_elevated" detection relies on
+ * `Option::is_some_and(|new| new > live)` — a None pass-through never
+ * elevates, but a Some(0) lower DOES elevate (and the digest reflects that
+ * choice).
+ */
+export interface CosignDigestFields {
+    /**
+     * The cosigning session pubkey. 32 bytes raw at position 1.
+     *
+     * NON-Codama-generated SDK consumers passing the digest-encoded
+     * `cosign_session` arg to a queue handler MUST observe the canonical
+     * arg contract (Round 2 §RP-2 B4 F-3, 2026-05-19):
+     *   - Non-elevated queue: pass `Pubkey::default()`
+     *     (`11111111111111111111111111111111`) — and OMIT the cosigner from
+     *     `remaining_accounts`.
+     *   - Elevated queue (raising daily_cap, expanding destinations,
+     *     lowering stable_balance_floor, raising per_recipient_daily_cap,
+     *     disabling protocol_caps, mutating protocol_caps, or disabling
+     *     cosign): pass a REAL session pubkey AND include it in
+     *     `remaining_accounts` with `is_signer == true`. Use
+     *     `buildCosignBundle()` in `sdk/kit/src/cosign-helper.ts` to mirror
+     *     the on-chain digest the handler will store on
+     *     `PendingPolicyUpdate`.
+     *   - Reject path: passing a non-default `cosign_session` on a
+     *     non-elevated queue surfaces `InvalidPermissions` (6088).
+     *     INTENTIONAL — the on-chain handler refuses to silently downgrade
+     *     a caller's declared intent.
+     *
+     * @see sdk/kit/src/cosign-helper.ts — full contract in the "CANONICAL
+     * `cosign_session` ARG CONTRACT" block.
+     */
+    cosignSession: Address | string;
+    /**
+     * Pending `daily_spending_cap_usd` arg. `null`/`undefined` = pass-through
+     * (Option::None). Bound at position 2.
+     */
+    dailySpendingCapUsd?: bigint | null;
+    /**
+     * Pending `max_transaction_amount_usd` arg. Bound at position 3.
+     */
+    maxTransactionAmountUsd?: bigint | null;
+    /**
+     * Pending `allowed_destinations` arg. `null`/`undefined` = pass-through
+     * (Option::None); empty array = Some([]) (NOT the same as None — load-bearing
+     * discriminator). Bound at position 4.
+     */
+    allowedDestinations?: readonly (Address | string)[] | null;
+    /**
+     * Pending `protocols` arg. Same shape as #4. Bound at position 5.
+     */
+    protocols?: readonly (Address | string)[] | null;
+    /**
+     * Round 2 B4 F-1 (2026-05-19): pending `stable_balance_floor` arg
+     * (6-decimal USDC face value). G3 elevation trigger — LOWERING the
+     * floor weakens custody safety. Bound at position 6. Same Option<u64>
+     * shape as #2.
+     */
+    stableBalanceFloor?: bigint | null;
+    /**
+     * Round 2 B4 F-1: pending `per_recipient_daily_cap_usd` arg (6-decimal
+     * USDC face value). G3 elevation trigger — RAISING / DISABLING widens
+     * spend per recipient. Bound at position 7. Same Option<u64> shape as
+     * #2.
+     */
+    perRecipientDailyCapUsd?: bigint | null;
+    /**
+     * Round 2 B4 F-1: pending `has_protocol_caps` flag. G3 elevation
+     * trigger — disabling protocol caps entirely. Bound at position 8.
+     * Option<bool>: `null`/`undefined` = Option::None (tag 0), boolean =
+     * Option::Some (tag 1 + 1 byte payload, 0/1).
+     */
+    hasProtocolCaps?: boolean | null;
+    /**
+     * Round 2 B4 F-1: pending `protocol_caps` Vec<u64> arg (6-decimal USDC
+     * face values, parallel to `protocols`). G3 elevation trigger —
+     * shrinking individual caps to zero or raising them. Bound at position
+     * 9. Option<Vec<u64>>: `null`/`undefined` = Option::None (tag 0); empty
+     * array = Some([]) (NOT the same as None — load-bearing discriminator).
+     * Order matters (parallel-array semantics).
+     */
+    protocolCaps?: readonly bigint[] | null;
+    /**
+     * Round 2 B4 F-1: pending `cosign_required` flag. G6 elevation trigger
+     * — disabling cosign on a cosign-opted-in vault is a one-way ratchet
+     * (disabling cosign requires cosign). Bound at position 10. Same
+     * Option<bool> shape as #8.
+     */
+    cosignRequired?: boolean | null;
+}
+/**
+ * Compute the canonical SHA-256 of the cosign digest fields.
+ *
+ * Returns a 32-byte `Uint8Array`. Identical to the on-chain helper
+ * `compute_cosign_digest` for the same input.
+ *
+ * Used by `cosign-helper.buildCosignBundle()` to produce the digest the
+ * on-chain handler will re-validate at queue + apply time.
+ *
+ * @throws if any pubkey doesn't base58-decode to exactly 32 bytes
+ * @throws if a u64 is negative or out of range
+ */
+export declare function computeCosignDigest(fields: CosignDigestFields): Uint8Array;
+/** Equivalent of `Buffer.equals` for two `Uint8Array` digests.
+ *
+ * M-8 audit fix (2026-05-19): constant-time comparison. Previously this
+ * helper early-returned on the first mismatched byte, which leaks
+ * length-prefix information about the matching prefix via timing
+ * channels. Cosign digests are not classically time-attack-sensitive
+ * (they're produced and consumed locally), but constant-time is the
+ * defensive default. Both equal-length and unequal-length paths now run
+ * to completion before returning.
+ */
+export declare function cosignDigestsEqual(a: Uint8Array, b: Uint8Array): boolean;
+//# sourceMappingURL=compute-cosign-digest.d.ts.map

package/dist/policy/compute-cosign-digest.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"compute-cosign-digest.d.ts","sourceRoot":"","sources":["../../src/policy/compute-cosign-digest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmEG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAEjD;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;IAChC;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC;;OAEG;IACH,uBAAuB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxC;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,SAAS,CAAC,OAAO,GAAG,MAAM,CAAC,EAAE,GAAG,IAAI,CAAC;IAC3D;;OAEG;IACH,SAAS,CAAC,EAAE,SAAS,CAAC,OAAO,GAAG,MAAM,CAAC,EAAE,GAAG,IAAI,CAAC;IACjD;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxC;;;;;OAKG;IACH,eAAe,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IACjC;;;;;;;OAOG;IACH,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IACxC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;CACjC;AAoED;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,kBAAkB,GAAG,UAAU,CA4K1E;AAED;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CAexE"}

package/dist/policy/compute-cosign-digest.js ADDED Viewed

@@ -0,0 +1,318 @@
+/**
+ * TA-09 — Canonical cosign digest (SDK side).
+ *
+ * Mirrors `programs/sigil/src/utils/cosign_digest.rs` exactly. The SDK
+ * computes this off-chain, the owner+cosigner sign `queue_policy_update` with
+ * the cosign session pubkey as an arg. The on-chain handler:
+ *   1. At queue time, recomputes the digest from the resulting pending args +
+ *      the cosign session pubkey and stores it on `PendingPolicyUpdate`.
+ *   2. At apply time, recomputes it AGAIN from the persisted pending args and
+ *      asserts byte-equality. Any tamper of pending args between queue and
+ *      apply (e.g. a future discriminator-collision attack on the pending PDA)
+ *      produces a digest mismatch and a hard reject (`ErrCosignRequired`,
+ *      6089).
+ *
+ * The cosign digest is INTENTIONALLY narrower than TA-19 `policy_preview_digest`:
+ * only the FIELDS that participate in "elevated mutation" detection are in
+ * scope. Non-elevated fields (developer_fee_rate, max_slippage_bps,
+ * session_expiry_seconds, timelock_duration narrowing, protocol_mode,
+ * destination_mode, operating_hours, etc.) do NOT require cosign and are NOT
+ * bound by THIS digest — they are still bound by TA-19
+ * `policy_preview_digest` at queue time.
+ *
+ * Round 2 B4 F-1 fix (audit 2026-05-19): the cosign-digest binding now
+ * extends to all G3 + G6 elevation triggers that were previously NOT bound:
+ *   - `stable_balance_floor` (G3)            — LOWERING weakens custody
+ *   - `per_recipient_daily_cap_usd` (G3)     — RAISING widens spend
+ *   - `has_protocol_caps` (G3)               — disabling protocol caps
+ *   - `protocol_caps` (G3)                   — shrinking individual caps
+ *   - `cosign_required` (G6)                 — disabling cosign one-way
+ * Without this binding, a tampered SDK or discriminator-collision attack
+ * could mutate the pending PDA between queue and apply on those triggers
+ * without producing a cosign-digest mismatch (TA-19's policy_preview_digest
+ * binds them at the *policy* level but the cosign-binding promise is "the
+ * session signature covers the SAME pending args the owner signed").
+ *
+ * CANONICAL ENCODING (FIXED — DO NOT REORDER, APPEND-ONLY):
+ *   1. cosign_session: Pubkey (32 bytes raw)
+ *   2. daily_spending_cap_usd: Option<u64>
+ *        - tag: 1 byte (0=None, 1=Some)
+ *        - payload (if Some): u64 LE (8 bytes)
+ *   3. max_transaction_amount_usd: Option<u64>
+ *        - same shape as #2
+ *   4. allowed_destinations: Option<Vec<Pubkey>>
+ *        - tag: 1 byte (0=None, 1=Some)
+ *        - payload (if Some): u32 LE length (4 bytes) ++ each Pubkey 32 bytes
+ *   5. protocols: Option<Vec<Pubkey>>
+ *        - same shape as #4
+ *   6. stable_balance_floor: Option<u64>        (B4 F-1)
+ *        - same shape as #2
+ *   7. per_recipient_daily_cap_usd: Option<u64> (B4 F-1)
+ *        - same shape as #2
+ *   8. has_protocol_caps: Option<bool>          (B4 F-1)
+ *        - tag: 1 byte (0=None, 1=Some)
+ *        - payload (if Some): 1 byte (0/1)
+ *   9. protocol_caps: Option<Vec<u64>>          (B4 F-1)
+ *        - tag: 1 byte (0=None, 1=Some)
+ *        - payload (if Some): u32 LE length (4 bytes) ++ each u64 8 bytes LE
+ *  10. cosign_required: Option<bool>            (B4 F-1)
+ *        - same shape as #8
+ *
+ * Total bounded by MAX_ALLOWED_PROTOCOLS=10 + MAX_ALLOWED_DESTINATIONS=10 at
+ * 32 bytes each + MAX_PROTOCOL_CAPS=10 * 8 + fixed scalars ≈ 805 bytes worst
+ * case.
+ *
+ * Forward-compat note: per the on-chain comment, the canonical encoding here
+ * is APPEND-ONLY — new fields land at the END to preserve replayable digests
+ * for in-flight pending PDAs across upgrades.
+ */
+import { createHash } from "node:crypto";
+// ── Base58 decode (inlined to avoid circular SDK imports) ────────────────────
+//
+// Solana pubkeys are base58 strings; we need the raw 32 bytes. The SDK has
+// other base58 helpers downstream, but to avoid circular imports we inline a
+// small decoder. Same alphabet/logic as `compute-policy-preview-digest.ts`.
+const BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+const BASE58_INDEX = (() => {
+    const r = Object.create(null);
+    for (let i = 0; i < BASE58_ALPHABET.length; i++) {
+        r[BASE58_ALPHABET[i]] = i;
+    }
+    return r;
+})();
+function base58Decode(s) {
+    if (s.length === 0) {
+        throw new Error("base58Decode: empty input");
+    }
+    let leadingZeros = 0;
+    while (leadingZeros < s.length && s[leadingZeros] === "1") {
+        leadingZeros++;
+    }
+    const bytes = [];
+    for (let i = 0; i < s.length; i++) {
+        const c = s[i];
+        const v = BASE58_INDEX[c];
+        if (v === undefined) {
+            throw new Error(`base58Decode: invalid char '${c}'`);
+        }
+        let carry = v;
+        for (let j = 0; j < bytes.length; j++) {
+            carry += bytes[j] * 58;
+            bytes[j] = carry & 0xff;
+            carry >>>= 8;
+        }
+        while (carry > 0) {
+            bytes.push(carry & 0xff);
+            carry >>>= 8;
+        }
+    }
+    const out = new Uint8Array(leadingZeros + bytes.length);
+    for (let i = 0; i < bytes.length; i++) {
+        out[leadingZeros + (bytes.length - 1 - i)] = bytes[i];
+    }
+    if (out.length !== 32) {
+        throw new Error(`base58Decode: expected 32-byte pubkey, got ${out.length} bytes`);
+    }
+    return out;
+}
+// ── Encoders ─────────────────────────────────────────────────────────────────
+function writeU64Le(view, offset, v) {
+    view.setBigUint64(offset, v, true);
+    return offset + 8;
+}
+function writeU32Le(view, offset, v) {
+    view.setUint32(offset, v, true);
+    return offset + 4;
+}
+/**
+ * Compute the canonical SHA-256 of the cosign digest fields.
+ *
+ * Returns a 32-byte `Uint8Array`. Identical to the on-chain helper
+ * `compute_cosign_digest` for the same input.
+ *
+ * Used by `cosign-helper.buildCosignBundle()` to produce the digest the
+ * on-chain handler will re-validate at queue + apply time.
+ *
+ * @throws if any pubkey doesn't base58-decode to exactly 32 bytes
+ * @throws if a u64 is negative or out of range
+ */
+export function computeCosignDigest(fields) {
+    const sessionBytes = base58Decode(fields.cosignSession);
+    // Normalise Option semantics: undefined → null (Option::None).
+    const dailyCap = fields.dailySpendingCapUsd === undefined
+        ? null
+        : fields.dailySpendingCapUsd;
+    const maxTx = fields.maxTransactionAmountUsd === undefined
+        ? null
+        : fields.maxTransactionAmountUsd;
+    const dests = fields.allowedDestinations === undefined
+        ? null
+        : fields.allowedDestinations;
+    const protos = fields.protocols === undefined ? null : fields.protocols;
+    // Round 2 B4 F-1: same undefined-vs-null normalisation for the 5 new
+    // fields. The discriminator byte is load-bearing — `undefined` /
+    // `null` BOTH map to Option::None (tag 0). `false`, `true`, or `0n`
+    // map to Option::Some.
+    const stableFloor = fields.stableBalanceFloor === undefined ? null : fields.stableBalanceFloor;
+    const perRecipCap = fields.perRecipientDailyCapUsd === undefined
+        ? null
+        : fields.perRecipientDailyCapUsd;
+    const hasProtoCaps = fields.hasProtocolCaps === undefined ? null : fields.hasProtocolCaps;
+    const protoCaps = fields.protocolCaps === undefined ? null : fields.protocolCaps;
+    const cosignReq = fields.cosignRequired === undefined ? null : fields.cosignRequired;
+    // Pre-decode pubkeys so any error surfaces with a useful message BEFORE we
+    // start the hash walk.
+    const destBytes = dests === null ? null : dests.map((p) => base58Decode(p));
+    const protoBytes = protos === null ? null : protos.map((p) => base58Decode(p));
+    // Pre-size: 32 (session) + (1+8) for each Option<u64> (positions 2, 3, 6, 7)
+    // + (1 + 4 + 32*N) for each Option<Vec<Pubkey>> (positions 4, 5)
+    // + (1 + 1) for each Option<bool> (positions 8, 10)
+    // + (1 + 4 + 8*N) for Option<Vec<u64>> (position 9)
+    // Worst case ~805 bytes.
+    const fixedSize = 32 + // cosign_session
+        1 + // daily tag
+        (dailyCap !== null ? 8 : 0) +
+        1 + // max_tx tag
+        (maxTx !== null ? 8 : 0) +
+        1 + // destinations tag
+        (destBytes !== null ? 4 + destBytes.length * 32 : 0) +
+        1 + // protocols tag
+        (protoBytes !== null ? 4 + protoBytes.length * 32 : 0) +
+        1 + // stable_balance_floor tag (B4 F-1)
+        (stableFloor !== null ? 8 : 0) +
+        1 + // per_recipient_daily_cap_usd tag (B4 F-1)
+        (perRecipCap !== null ? 8 : 0) +
+        1 + // has_protocol_caps tag (B4 F-1)
+        (hasProtoCaps !== null ? 1 : 0) +
+        1 + // protocol_caps tag (B4 F-1)
+        (protoCaps !== null ? 4 + protoCaps.length * 8 : 0) +
+        1 + // cosign_required tag (B4 F-1)
+        (cosignReq !== null ? 1 : 0);
+    const buf = new Uint8Array(fixedSize);
+    const view = new DataView(buf.buffer, buf.byteOffset, buf.byteLength);
+    let off = 0;
+    // 1. cosign_session pubkey (32 bytes raw)
+    buf.set(sessionBytes, off);
+    off += 32;
+    // 2. daily_spending_cap_usd Option<u64>
+    if (dailyCap === null) {
+        buf[off++] = 0;
+    }
+    else {
+        buf[off++] = 1;
+        off = writeU64Le(view, off, dailyCap);
+    }
+    // 3. max_transaction_amount_usd Option<u64>
+    if (maxTx === null) {
+        buf[off++] = 0;
+    }
+    else {
+        buf[off++] = 1;
+        off = writeU64Le(view, off, maxTx);
+    }
+    // 4. allowed_destinations Option<Vec<Pubkey>>
+    if (destBytes === null) {
+        buf[off++] = 0;
+    }
+    else {
+        buf[off++] = 1;
+        off = writeU32Le(view, off, destBytes.length);
+        for (const pk of destBytes) {
+            buf.set(pk, off);
+            off += 32;
+        }
+    }
+    // 5. protocols Option<Vec<Pubkey>>
+    if (protoBytes === null) {
+        buf[off++] = 0;
+    }
+    else {
+        buf[off++] = 1;
+        off = writeU32Le(view, off, protoBytes.length);
+        for (const pk of protoBytes) {
+            buf.set(pk, off);
+            off += 32;
+        }
+    }
+    // Round 2 B4 F-1 (2026-05-19): APPEND-ONLY extension binding 5 new
+    // elevation triggers. Mirrors `compute_cosign_digest` in
+    // `programs/sigil/src/utils/cosign_digest.rs` lines 195-241. All
+    // encoded as Option<…> with the load-bearing tag byte (None vs
+    // Some(0) MUST produce distinct digests).
+    // 6. stable_balance_floor Option<u64>
+    if (stableFloor === null) {
+        buf[off++] = 0;
+    }
+    else {
+        buf[off++] = 1;
+        off = writeU64Le(view, off, stableFloor);
+    }
+    // 7. per_recipient_daily_cap_usd Option<u64>
+    if (perRecipCap === null) {
+        buf[off++] = 0;
+    }
+    else {
+        buf[off++] = 1;
+        off = writeU64Le(view, off, perRecipCap);
+    }
+    // 8. has_protocol_caps Option<bool>. Bool encoded as 1 byte (0/1).
+    if (hasProtoCaps === null) {
+        buf[off++] = 0;
+    }
+    else {
+        buf[off++] = 1;
+        buf[off++] = hasProtoCaps ? 1 : 0;
+    }
+    // 9. protocol_caps Option<Vec<u64>>. Each cap is 8 bytes LE.
+    if (protoCaps === null) {
+        buf[off++] = 0;
+    }
+    else {
+        buf[off++] = 1;
+        off = writeU32Le(view, off, protoCaps.length);
+        for (const c of protoCaps) {
+            off = writeU64Le(view, off, c);
+        }
+    }
+    // 10. cosign_required Option<bool>. Bool encoded as 1 byte (0/1).
+    if (cosignReq === null) {
+        buf[off++] = 0;
+    }
+    else {
+        buf[off++] = 1;
+        buf[off++] = cosignReq ? 1 : 0;
+    }
+    // Defensive: assert we wrote exactly what we sized.
+    if (off !== buf.length) {
+        throw new Error(`computeCosignDigest: encoded ${off} bytes, expected ${buf.length}`);
+    }
+    return new Uint8Array(createHash("sha256").update(buf).digest());
+}
+/** Equivalent of `Buffer.equals` for two `Uint8Array` digests.
+ *
+ * M-8 audit fix (2026-05-19): constant-time comparison. Previously this
+ * helper early-returned on the first mismatched byte, which leaks
+ * length-prefix information about the matching prefix via timing
+ * channels. Cosign digests are not classically time-attack-sensitive
+ * (they're produced and consumed locally), but constant-time is the
+ * defensive default. Both equal-length and unequal-length paths now run
+ * to completion before returning.
+ */
+export function cosignDigestsEqual(a, b) {
+    // Length comparison is deliberately the FIRST check and the only
+    // early-return: comparing a length mismatch in constant time is
+    // mathematically impossible (the longer array's tail bytes never
+    // exist), and leaking the length prefix is harmless — the caller
+    // controls both digest sources.
+    if (a.length !== b.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.length; i++) {
+        // XOR-accumulate. `diff` ends at 0 iff every byte pair matched;
+        // any single mismatch sets some bit in `diff` permanently. No
+        // early exit on mismatch → constant time per length.
+        diff |= a[i] ^ b[i];
+    }
+    return diff === 0;
+}
+//# sourceMappingURL=compute-cosign-digest.js.map

package/dist/policy/compute-cosign-digest.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"compute-cosign-digest.js","sourceRoot":"","sources":["../../src/policy/compute-cosign-digest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAuGzC,gFAAgF;AAChF,EAAE;AACF,2EAA2E;AAC3E,6EAA6E;AAC7E,4EAA4E;AAE5E,MAAM,eAAe,GACnB,4DAA4D,CAAC;AAC/D,MAAM,YAAY,GAA2B,CAAC,GAAG,EAAE;IACjD,MAAM,CAAC,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChD,CAAC,CAAC,eAAe,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC,CAAC,EAAE,CAAC;AAEL,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,OAAO,YAAY,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,YAAY,CAAC,KAAK,GAAG,EAAE,CAAC;QAC1D,YAAY,EAAE,CAAC;IACjB,CAAC;IACD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;QAChB,MAAM,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAC1B,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,GAAG,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,KAAK,IAAI,KAAK,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC;YACxB,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC;YACxB,KAAK,MAAM,CAAC,CAAC;QACf,CAAC;QACD,OAAO,KAAK,GAAG,CAAC,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;YACzB,KAAK,MAAM,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IACxD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,GAAG,CAAC,YAAY,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IACzD,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,8CAA8C,GAAG,CAAC,MAAM,QAAQ,CACjE,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,gFAAgF;AAEhF,SAAS,UAAU,CAAC,IAAc,EAAE,MAAc,EAAE,CAAS;IAC3D,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IACnC,OAAO,MAAM,GAAG,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,UAAU,CAAC,IAAc,EAAE,MAAc,EAAE,CAAS;IAC3D,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAChC,OAAO,MAAM,GAAG,CAAC,CAAC;AACpB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAA0B;IAC5D,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,aAAuB,CAAC,CAAC;IAElE,+DAA+D;IAC/D,MAAM,QAAQ,GACZ,MAAM,CAAC,mBAAmB,KAAK,SAAS;QACtC,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC;IACjC,MAAM,KAAK,GACT,MAAM,CAAC,uBAAuB,KAAK,SAAS;QAC1C,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,uBAAuB,CAAC;IACrC,MAAM,KAAK,GACT,MAAM,CAAC,mBAAmB,KAAK,SAAS;QACtC,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC;IACjC,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC;IACxE,qEAAqE;IACrE,iEAAiE;IACjE,oEAAoE;IACpE,uBAAuB;IACvB,MAAM,WAAW,GACf,MAAM,CAAC,kBAAkB,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAAC;IAC7E,MAAM,WAAW,GACf,MAAM,CAAC,uBAAuB,KAAK,SAAS;QAC1C,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,uBAAuB,CAAC;IACrC,MAAM,YAAY,GAChB,MAAM,CAAC,eAAe,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC;IACvE,MAAM,SAAS,GACb,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC;IACjE,MAAM,SAAS,GACb,MAAM,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC;IAErE,2EAA2E;IAC3E,uBAAuB;IACvB,MAAM,SAAS,GACb,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAW,CAAC,CAAC,CAAC;IACtE,MAAM,UAAU,GACd,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAW,CAAC,CAAC,CAAC;IAExE,6EAA6E;IAC7E,iEAAiE;IACjE,oDAAoD;IACpD,oDAAoD;IACpD,yBAAyB;IACzB,MAAM,SAAS,GACb,EAAE,GAAG,iBAAiB;QACtB,CAAC,GAAG,YAAY;QAChB,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC,GAAG,aAAa;QACjB,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACxB,CAAC,GAAG,mBAAmB;QACvB,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC,GAAG,gBAAgB;QACpB,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACtD,CAAC,GAAG,oCAAoC;QACxC,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC,GAAG,2CAA2C;QAC/C,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC,GAAG,iCAAiC;QACrC,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC,GAAG,6BAA6B;QACjC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,GAAG,+BAA+B;QACnC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;IAEtE,IAAI,GAAG,GAAG,CAAC,CAAC;IAEZ,0CAA0C;IAC1C,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IAC3B,GAAG,IAAI,EAAE,CAAC;IAEV,wCAAwC;IACxC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,4CAA4C;IAC5C,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,8CAA8C;IAC9C,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9C,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;YAC3B,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;YACjB,GAAG,IAAI,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;QAC/C,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;YACjB,GAAG,IAAI,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,yDAAyD;IACzD,iEAAiE;IACjE,+DAA+D;IAC/D,0CAA0C;IAE1C,sCAAsC;IACtC,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;IAC3C,CAAC;IAED,6CAA6C;IAC7C,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;IAC3C,CAAC;IAED,mEAAmE;IACnE,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QAC1B,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;IAED,6DAA6D;IAC7D,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9C,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YAC1B,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,oDAAoD;IACpD,IAAI,GAAG,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,gCAAgC,GAAG,oBAAoB,GAAG,CAAC,MAAM,EAAE,CACpE,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACnE,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,kBAAkB,CAAC,CAAa,EAAE,CAAa;IAC7D,iEAAiE;IACjE,gEAAgE;IAChE,iEAAiE;IACjE,iEAAiE;IACjE,gCAAgC;IAChC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,gEAAgE;QAChE,8DAA8D;QAC9D,qDAAqD;QACrD,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC"}