npm - @usesigil/kit - Versions diffs - 0.15.0 → 0.17.0 - Mend

@usesigil/kit 0.15.0 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (627) hide show

package/README.md +56 -0
package/dist/advanced-analytics.d.ts +3 -2
package/dist/advanced-analytics.d.ts.map +1 -1
package/dist/advanced-analytics.js +9 -42
package/dist/advanced-analytics.js.map +1 -1
package/dist/agent-bootstrap.d.ts +117 -0
package/dist/agent-bootstrap.d.ts.map +1 -0
package/dist/agent-bootstrap.js +211 -0
package/dist/agent-bootstrap.js.map +1 -0
package/dist/agent-errors.d.ts +20 -4
package/dist/agent-errors.d.ts.map +1 -1
package/dist/agent-errors.js +947 -377
package/dist/agent-errors.js.map +1 -1
package/dist/audit-log.d.ts +101 -0
package/dist/audit-log.d.ts.map +1 -0
package/dist/audit-log.js +145 -0
package/dist/audit-log.js.map +1 -0
package/dist/build-unsigned.d.ts +152 -0
package/dist/build-unsigned.d.ts.map +1 -0
package/dist/build-unsigned.js +152 -0
package/dist/build-unsigned.js.map +1 -0
package/dist/caip2-network.d.ts +171 -0
package/dist/caip2-network.d.ts.map +1 -0
package/dist/caip2-network.js +202 -0
package/dist/caip2-network.js.map +1 -0
package/dist/canonical-encode.d.ts +59 -0
package/dist/canonical-encode.d.ts.map +1 -0
package/dist/canonical-encode.js +141 -0
package/dist/canonical-encode.js.map +1 -0
package/dist/cosign-helper.d.ts +264 -0
package/dist/cosign-helper.d.ts.map +1 -0
package/dist/cosign-helper.js +147 -0
package/dist/cosign-helper.js.map +1 -0
package/dist/create-vault.d.ts +102 -1
package/dist/create-vault.d.ts.map +1 -1
package/dist/create-vault.js +108 -9
package/dist/create-vault.js.map +1 -1
package/dist/dashboard/close-vault.d.ts +110 -0
package/dist/dashboard/close-vault.d.ts.map +1 -0
package/dist/dashboard/close-vault.js +165 -0
package/dist/dashboard/close-vault.js.map +1 -0
package/dist/dashboard/errors.d.ts +37 -0
package/dist/dashboard/errors.d.ts.map +1 -1
package/dist/dashboard/errors.js +81 -1
package/dist/dashboard/errors.js.map +1 -1
package/dist/dashboard/from-json.d.ts.map +1 -1
package/dist/dashboard/from-json.js +1 -2
package/dist/dashboard/from-json.js.map +1 -1
package/dist/dashboard/index.d.ts +204 -31
package/dist/dashboard/index.d.ts.map +1 -1
package/dist/dashboard/index.js +290 -49
package/dist/dashboard/index.js.map +1 -1
package/dist/dashboard/mutations.d.ts +160 -10
package/dist/dashboard/mutations.d.ts.map +1 -1
package/dist/dashboard/mutations.js +584 -66
package/dist/dashboard/mutations.js.map +1 -1
package/dist/dashboard/post-assertion-validation.d.ts +88 -0
package/dist/dashboard/post-assertion-validation.d.ts.map +1 -0
package/dist/dashboard/post-assertion-validation.js +312 -0
package/dist/dashboard/post-assertion-validation.js.map +1 -0
package/dist/dashboard/reads.d.ts +92 -1
package/dist/dashboard/reads.d.ts.map +1 -1
package/dist/dashboard/reads.js +244 -26
package/dist/dashboard/reads.js.map +1 -1
package/dist/dashboard/types.d.ts +172 -21
package/dist/dashboard/types.d.ts.map +1 -1
package/dist/errors/agent-errors.generated.d.ts +21 -0
package/dist/errors/agent-errors.generated.d.ts.map +1 -0
package/dist/errors/agent-errors.generated.js +133 -0
package/dist/errors/agent-errors.generated.js.map +1 -0
package/dist/errors/codes.d.ts +21 -2
package/dist/errors/codes.d.ts.map +1 -1
package/dist/errors/codes.js +20 -1
package/dist/errors/codes.js.map +1 -1
package/dist/errors/context.d.ts +9 -1
package/dist/errors/context.d.ts.map +1 -1
package/dist/event-analytics.d.ts +1 -3
package/dist/event-analytics.d.ts.map +1 -1
package/dist/event-analytics.js +28 -81
package/dist/event-analytics.js.map +1 -1
package/dist/events.d.ts.map +1 -1
package/dist/events.js +23 -13
package/dist/events.js.map +1 -1
package/dist/generated/accounts/agentSpendOverlay.d.ts +60 -0
package/dist/generated/accounts/agentSpendOverlay.d.ts.map +1 -1
package/dist/generated/accounts/agentSpendOverlay.js +6 -2
package/dist/generated/accounts/agentSpendOverlay.js.map +1 -1
package/dist/generated/accounts/agentVault.d.ts +168 -4
package/dist/generated/accounts/agentVault.d.ts.map +1 -1
package/dist/generated/accounts/agentVault.js +11 -3
package/dist/generated/accounts/agentVault.js.map +1 -1
package/dist/generated/accounts/auditLogRejected.d.ts +66 -0
package/dist/generated/accounts/auditLogRejected.d.ts.map +1 -0
package/dist/generated/accounts/auditLogRejected.js +68 -0
package/dist/generated/accounts/auditLogRejected.js.map +1 -0
package/dist/generated/accounts/auditLogSuccess.d.ts +78 -0
package/dist/generated/accounts/auditLogSuccess.d.ts.map +1 -0
package/dist/generated/accounts/auditLogSuccess.js +68 -0
package/dist/generated/accounts/auditLogSuccess.js.map +1 -0
package/dist/generated/accounts/index.d.ts +4 -4
package/dist/generated/accounts/index.d.ts.map +1 -1
package/dist/generated/accounts/index.js +4 -4
package/dist/generated/accounts/index.js.map +1 -1
package/dist/generated/accounts/pendingAgentGrant.d.ts +199 -0
package/dist/generated/accounts/pendingAgentGrant.d.ts.map +1 -0
package/dist/generated/accounts/pendingAgentGrant.js +75 -0
package/dist/generated/accounts/pendingAgentGrant.js.map +1 -0
package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts +76 -0
package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts.map +1 -1
package/dist/generated/accounts/pendingAgentPermissionsUpdate.js +9 -1
package/dist/generated/accounts/pendingAgentPermissionsUpdate.js.map +1 -1
package/dist/generated/accounts/pendingOwnershipTransfer.d.ts +131 -0
package/dist/generated/accounts/pendingOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/accounts/pendingOwnershipTransfer.js +76 -0
package/dist/generated/accounts/pendingOwnershipTransfer.js.map +1 -0
package/dist/generated/accounts/pendingPolicyUpdate.d.ts +220 -4
package/dist/generated/accounts/pendingPolicyUpdate.d.ts.map +1 -1
package/dist/generated/accounts/pendingPolicyUpdate.js +25 -5
package/dist/generated/accounts/pendingPolicyUpdate.js.map +1 -1
package/dist/generated/accounts/policyConfig.d.ts +495 -34
package/dist/generated/accounts/policyConfig.d.ts.map +1 -1
package/dist/generated/accounts/policyConfig.js +34 -7
package/dist/generated/accounts/policyConfig.js.map +1 -1
package/dist/generated/accounts/postExecutionAssertions.d.ts +2 -2
package/dist/generated/accounts/postExecutionAssertions.d.ts.map +1 -1
package/dist/generated/accounts/postExecutionAssertions.js +3 -3
package/dist/generated/accounts/sessionAuthority.d.ts +154 -12
package/dist/generated/accounts/sessionAuthority.d.ts.map +1 -1
package/dist/generated/accounts/sessionAuthority.js +12 -10
package/dist/generated/accounts/sessionAuthority.js.map +1 -1
package/dist/generated/accounts/spendTracker.d.ts +83 -3
package/dist/generated/accounts/spendTracker.d.ts.map +1 -1
package/dist/generated/accounts/spendTracker.js +14 -2
package/dist/generated/accounts/spendTracker.js.map +1 -1
package/dist/generated/errors/sigil.d.ts +160 -100
package/dist/generated/errors/sigil.d.ts.map +1 -1
package/dist/generated/errors/sigil.js +214 -124
package/dist/generated/errors/sigil.js.map +1 -1
package/dist/generated/event-discriminators.d.ts.map +1 -1
package/dist/generated/event-discriminators.js +11 -13
package/dist/generated/event-discriminators.js.map +1 -1
package/dist/generated/instructions/acceptOwnershipTransfer.d.ts +142 -0
package/dist/generated/instructions/acceptOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/instructions/acceptOwnershipTransfer.js +171 -0
package/dist/generated/instructions/acceptOwnershipTransfer.js.map +1 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts +142 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts.map +1 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.js +171 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.js.map +1 -0
package/dist/generated/instructions/applyAgentGrant.d.ts +100 -0
package/dist/generated/instructions/applyAgentGrant.d.ts.map +1 -0
package/dist/generated/instructions/{applyConstraintsUpdate.js → applyAgentGrant.js} +66 -42
package/dist/generated/instructions/applyAgentGrant.js.map +1 -0
package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts +31 -8
package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts.map +1 -1
package/dist/generated/instructions/applyAgentPermissionsUpdate.js +38 -2
package/dist/generated/instructions/applyAgentPermissionsUpdate.js.map +1 -1
package/dist/generated/instructions/applyPendingPolicy.d.ts +18 -7
package/dist/generated/instructions/applyPendingPolicy.d.ts.map +1 -1
package/dist/generated/instructions/applyPendingPolicy.js +38 -2
package/dist/generated/instructions/applyPendingPolicy.js.map +1 -1
package/dist/generated/instructions/cancelAgentGrant.d.ts +106 -0
package/dist/generated/instructions/cancelAgentGrant.d.ts.map +1 -0
package/dist/generated/instructions/{allocatePendingConstraintsPda.js → cancelAgentGrant.js} +54 -42
package/dist/generated/instructions/cancelAgentGrant.js.map +1 -0
package/dist/generated/instructions/cancelOwnershipTransfer.d.ts +121 -0
package/dist/generated/instructions/cancelOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/instructions/{queueCloseConstraints.js → cancelOwnershipTransfer.js} +58 -44
package/dist/generated/instructions/cancelOwnershipTransfer.js.map +1 -0
package/dist/generated/instructions/closePostAssertions.d.ts +6 -1
package/dist/generated/instructions/closePostAssertions.d.ts.map +1 -1
package/dist/generated/instructions/closePostAssertions.js +11 -3
package/dist/generated/instructions/closePostAssertions.js.map +1 -1
package/dist/generated/instructions/closeVault.d.ts +40 -8
package/dist/generated/instructions/closeVault.d.ts.map +1 -1
package/dist/generated/instructions/closeVault.js +40 -2
package/dist/generated/instructions/closeVault.js.map +1 -1
package/dist/generated/instructions/createPostAssertions.d.ts +4 -0
package/dist/generated/instructions/createPostAssertions.d.ts.map +1 -1
package/dist/generated/instructions/createPostAssertions.js +2 -0
package/dist/generated/instructions/createPostAssertions.js.map +1 -1
package/dist/generated/instructions/depositFunds.d.ts +21 -10
package/dist/generated/instructions/depositFunds.d.ts.map +1 -1
package/dist/generated/instructions/depositFunds.js +37 -2
package/dist/generated/instructions/depositFunds.js.map +1 -1
package/dist/generated/instructions/finalizeSession.d.ts +49 -7
package/dist/generated/instructions/finalizeSession.d.ts.map +1 -1
package/dist/generated/instructions/finalizeSession.js +59 -2
package/dist/generated/instructions/finalizeSession.js.map +1 -1
package/dist/generated/instructions/freezeVault.d.ts +39 -5
package/dist/generated/instructions/freezeVault.d.ts.map +1 -1
package/dist/generated/instructions/freezeVault.js +77 -5
package/dist/generated/instructions/freezeVault.js.map +1 -1
package/dist/generated/instructions/index.d.ts +10 -14
package/dist/generated/instructions/index.d.ts.map +1 -1
package/dist/generated/instructions/index.js +10 -14
package/dist/generated/instructions/index.js.map +1 -1
package/dist/generated/instructions/initializeVault.d.ts +79 -13
package/dist/generated/instructions/initializeVault.d.ts.map +1 -1
package/dist/generated/instructions/initializeVault.js +57 -5
package/dist/generated/instructions/initializeVault.js.map +1 -1
package/dist/generated/instructions/initiateOwnershipTransfer.d.ts +106 -0
package/dist/generated/instructions/initiateOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/instructions/initiateOwnershipTransfer.js +181 -0
package/dist/generated/instructions/initiateOwnershipTransfer.js.map +1 -0
package/dist/generated/instructions/pauseAgent.d.ts +49 -5
package/dist/generated/instructions/pauseAgent.d.ts.map +1 -1
package/dist/generated/instructions/pauseAgent.js +80 -5
package/dist/generated/instructions/pauseAgent.js.map +1 -1
package/dist/generated/instructions/promoteGraylistDestination.d.ts +56 -0
package/dist/generated/instructions/promoteGraylistDestination.d.ts.map +1 -0
package/dist/generated/instructions/{createInstructionConstraints.js → promoteGraylistDestination.js} +23 -40
package/dist/generated/instructions/promoteGraylistDestination.js.map +1 -0
package/dist/generated/instructions/queueAgentGrant.d.ts +113 -0
package/dist/generated/instructions/queueAgentGrant.d.ts.map +1 -0
package/dist/generated/instructions/queueAgentGrant.js +181 -0
package/dist/generated/instructions/queueAgentGrant.js.map +1 -0
package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts +8 -0
package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts.map +1 -1
package/dist/generated/instructions/queueAgentPermissionsUpdate.js +4 -0
package/dist/generated/instructions/queueAgentPermissionsUpdate.js.map +1 -1
package/dist/generated/instructions/queuePolicyUpdate.d.ts +40 -8
package/dist/generated/instructions/queuePolicyUpdate.d.ts.map +1 -1
package/dist/generated/instructions/queuePolicyUpdate.js +21 -5
package/dist/generated/instructions/queuePolicyUpdate.js.map +1 -1
package/dist/generated/instructions/reactivateVault.d.ts +71 -5
package/dist/generated/instructions/reactivateVault.d.ts.map +1 -1
package/dist/generated/instructions/reactivateVault.js +80 -5
package/dist/generated/instructions/reactivateVault.js.map +1 -1
package/dist/generated/instructions/recordAgentViolation.d.ts +89 -0
package/dist/generated/instructions/recordAgentViolation.d.ts.map +1 -0
package/dist/generated/instructions/recordAgentViolation.js +152 -0
package/dist/generated/instructions/recordAgentViolation.js.map +1 -0
package/dist/generated/instructions/registerAgent.d.ts +84 -6
package/dist/generated/instructions/registerAgent.d.ts.map +1 -1
package/dist/generated/instructions/registerAgent.js +81 -4
package/dist/generated/instructions/registerAgent.js.map +1 -1
package/dist/generated/instructions/revokeAgent.d.ts +49 -6
package/dist/generated/instructions/revokeAgent.d.ts.map +1 -1
package/dist/generated/instructions/revokeAgent.js +81 -4
package/dist/generated/instructions/revokeAgent.js.map +1 -1
package/dist/generated/instructions/setObserveOnly.d.ts +56 -0
package/dist/generated/instructions/setObserveOnly.d.ts.map +1 -0
package/dist/generated/instructions/setObserveOnly.js +111 -0
package/dist/generated/instructions/setObserveOnly.js.map +1 -0
package/dist/generated/instructions/unpauseAgent.d.ts +46 -5
package/dist/generated/instructions/unpauseAgent.d.ts.map +1 -1
package/dist/generated/instructions/unpauseAgent.js +80 -5
package/dist/generated/instructions/unpauseAgent.js.map +1 -1
package/dist/generated/instructions/validateAndAuthorize.d.ts +29 -0
package/dist/generated/instructions/validateAndAuthorize.d.ts.map +1 -1
package/dist/generated/instructions/validateAndAuthorize.js +4 -0
package/dist/generated/instructions/validateAndAuthorize.js.map +1 -1
package/dist/generated/instructions/withdrawFunds.d.ts +53 -11
package/dist/generated/instructions/withdrawFunds.d.ts.map +1 -1
package/dist/generated/instructions/withdrawFunds.js +51 -2
package/dist/generated/instructions/withdrawFunds.js.map +1 -1
package/dist/generated/programs/sigil.d.ts +79 -95
package/dist/generated/programs/sigil.d.ts.map +1 -1
package/dist/generated/programs/sigil.js +139 -187
package/dist/generated/programs/sigil.js.map +1 -1
package/dist/generated/types/actionAuthorized.d.ts +0 -2
package/dist/generated/types/actionAuthorized.d.ts.map +1 -1
package/dist/generated/types/actionAuthorized.js +0 -2
package/dist/generated/types/actionAuthorized.js.map +1 -1
package/dist/generated/types/agentAutoRevoked.d.ts +31 -0
package/dist/generated/types/agentAutoRevoked.d.ts.map +1 -0
package/dist/generated/types/{pdaAllocated.js → agentAutoRevoked.js} +12 -10
package/dist/generated/types/agentAutoRevoked.js.map +1 -0
package/dist/generated/types/agentEntry.d.ts +48 -0
package/dist/generated/types/agentEntry.d.ts.map +1 -1
package/dist/generated/types/agentEntry.js +4 -2
package/dist/generated/types/agentEntry.js.map +1 -1
package/dist/generated/types/agentGrantApplied.d.ts +38 -0
package/dist/generated/types/agentGrantApplied.d.ts.map +1 -0
package/dist/generated/types/agentGrantApplied.js +34 -0
package/dist/generated/types/agentGrantApplied.js.map +1 -0
package/dist/generated/types/agentGrantCancelled.d.ts +33 -0
package/dist/generated/types/agentGrantCancelled.d.ts.map +1 -0
package/dist/generated/types/agentGrantCancelled.js +28 -0
package/dist/generated/types/agentGrantCancelled.js.map +1 -0
package/dist/generated/types/agentGrantQueued.d.ts +38 -0
package/dist/generated/types/agentGrantQueued.d.ts.map +1 -0
package/dist/generated/types/agentGrantQueued.js +32 -0
package/dist/generated/types/agentGrantQueued.js.map +1 -0
package/dist/generated/types/auditEntry.d.ts +120 -0
package/dist/generated/types/auditEntry.d.ts.map +1 -0
package/dist/generated/types/auditEntry.js +34 -0
package/dist/generated/types/auditEntry.js.map +1 -0
package/dist/generated/types/destinationGraylistEntry.d.ts +32 -0
package/dist/generated/types/destinationGraylistEntry.d.ts.map +1 -0
package/dist/generated/types/destinationGraylistEntry.js +24 -0
package/dist/generated/types/destinationGraylistEntry.js.map +1 -0
package/dist/generated/types/graylistEntered.d.ts +31 -0
package/dist/generated/types/graylistEntered.d.ts.map +1 -0
package/dist/generated/types/graylistEntered.js +30 -0
package/dist/generated/types/graylistEntered.js.map +1 -0
package/dist/generated/types/graylistPromoted.d.ts +29 -0
package/dist/generated/types/graylistPromoted.d.ts.map +1 -0
package/dist/generated/types/graylistPromoted.js +28 -0
package/dist/generated/types/graylistPromoted.js.map +1 -0
package/dist/generated/types/index.d.ts +13 -21
package/dist/generated/types/index.d.ts.map +1 -1
package/dist/generated/types/index.js +13 -21
package/dist/generated/types/index.js.map +1 -1
package/dist/generated/types/observeOnlyChanged.d.ts +33 -0
package/dist/generated/types/observeOnlyChanged.d.ts.map +1 -0
package/dist/generated/types/observeOnlyChanged.js +32 -0
package/dist/generated/types/observeOnlyChanged.js.map +1 -0
package/dist/generated/types/ownershipTransferAccepted.d.ts +32 -0
package/dist/generated/types/ownershipTransferAccepted.d.ts.map +1 -0
package/dist/generated/types/ownershipTransferAccepted.js +30 -0
package/dist/generated/types/ownershipTransferAccepted.js.map +1 -0
package/dist/generated/types/ownershipTransferCancelled.d.ts +29 -0
package/dist/generated/types/ownershipTransferCancelled.d.ts.map +1 -0
package/dist/generated/types/ownershipTransferCancelled.js +28 -0
package/dist/generated/types/ownershipTransferCancelled.js.map +1 -0
package/dist/generated/types/ownershipTransferInitiated.d.ts +33 -0
package/dist/generated/types/ownershipTransferInitiated.d.ts.map +1 -0
package/dist/generated/types/ownershipTransferInitiated.js +30 -0
package/dist/generated/types/ownershipTransferInitiated.js.map +1 -0
package/dist/generated/types/perRecipientCounter.d.ts +61 -0
package/dist/generated/types/perRecipientCounter.d.ts.map +1 -0
package/dist/generated/types/perRecipientCounter.js +26 -0
package/dist/generated/types/perRecipientCounter.js.map +1 -0
package/dist/generated/types/postAssertionEntry.d.ts +14 -7
package/dist/generated/types/postAssertionEntry.d.ts.map +1 -1
package/dist/generated/types/postAssertionEntry.js +5 -7
package/dist/generated/types/postAssertionEntry.js.map +1 -1
package/dist/generated/types/postAssertionEntryZC.d.ts +53 -22
package/dist/generated/types/postAssertionEntryZC.d.ts.map +1 -1
package/dist/generated/types/postAssertionEntryZC.js +4 -6
package/dist/generated/types/postAssertionEntryZC.js.map +1 -1
package/dist/generated/types/sessionFinalized.d.ts +0 -4
package/dist/generated/types/sessionFinalized.d.ts.map +1 -1
package/dist/generated/types/sessionFinalized.js +0 -2
package/dist/generated/types/sessionFinalized.js.map +1 -1
package/dist/generated/types/vaultFrozen.d.ts +26 -0
package/dist/generated/types/vaultFrozen.d.ts.map +1 -1
package/dist/generated/types/vaultFrozen.js +5 -1
package/dist/generated/types/vaultFrozen.js.map +1 -1
package/dist/index.d.ts +35 -6
package/dist/index.d.ts.map +1 -1
package/dist/index.js +81 -7
package/dist/index.js.map +1 -1
package/dist/inscribe.d.ts +0 -4
package/dist/inscribe.d.ts.map +1 -1
package/dist/inscribe.js +0 -1
package/dist/inscribe.js.map +1 -1
package/dist/inspector.d.ts +0 -23
package/dist/inspector.d.ts.map +1 -1
package/dist/inspector.js +0 -52
package/dist/inspector.js.map +1 -1
package/dist/kit-adapter.d.ts +1 -1
package/dist/kit-adapter.d.ts.map +1 -1
package/dist/kit-adapter.js +1 -1
package/dist/kit-adapter.js.map +1 -1
package/dist/logger.d.ts +48 -0
package/dist/logger.d.ts.map +1 -1
package/dist/logger.js +36 -0
package/dist/logger.js.map +1 -1
package/dist/multisig-detection.d.ts +83 -0
package/dist/multisig-detection.d.ts.map +1 -0
package/dist/multisig-detection.js +128 -0
package/dist/multisig-detection.js.map +1 -0
package/dist/owner-transaction.d.ts +8 -0
package/dist/owner-transaction.d.ts.map +1 -1
package/dist/owner-transaction.js +1 -0
package/dist/owner-transaction.js.map +1 -1
package/dist/ownership-transfer.d.ts +79 -0
package/dist/ownership-transfer.d.ts.map +1 -0
package/dist/ownership-transfer.js +66 -0
package/dist/ownership-transfer.js.map +1 -0
package/dist/policy/compute-cosign-digest.d.ts +193 -0
package/dist/policy/compute-cosign-digest.d.ts.map +1 -0
package/dist/policy/compute-cosign-digest.js +318 -0
package/dist/policy/compute-cosign-digest.js.map +1 -0
package/dist/policy/compute-policy-preview-digest.d.ts +258 -0
package/dist/policy/compute-policy-preview-digest.d.ts.map +1 -0
package/dist/policy/compute-policy-preview-digest.js +351 -0
package/dist/policy/compute-policy-preview-digest.js.map +1 -0
package/dist/policy-attestation.d.ts +51 -0
package/dist/policy-attestation.d.ts.map +1 -0
package/dist/policy-attestation.js +43 -0
package/dist/policy-attestation.js.map +1 -0
package/dist/presets.d.ts +1 -7
package/dist/presets.d.ts.map +1 -1
package/dist/presets.js +0 -5
package/dist/presets.js.map +1 -1
package/dist/preview-create-vault.d.ts +280 -0
package/dist/preview-create-vault.d.ts.map +1 -0
package/dist/preview-create-vault.js +498 -0
package/dist/preview-create-vault.js.map +1 -0
package/dist/resolve-accounts.d.ts +75 -10
package/dist/resolve-accounts.d.ts.map +1 -1
package/dist/resolve-accounts.js +68 -32
package/dist/resolve-accounts.js.map +1 -1
package/dist/rpc-helpers.d.ts +29 -3
package/dist/rpc-helpers.d.ts.map +1 -1
package/dist/rpc-helpers.js +51 -12
package/dist/rpc-helpers.js.map +1 -1
package/dist/seal/intent-digest.d.ts +195 -0
package/dist/seal/intent-digest.d.ts.map +1 -0
package/dist/seal/intent-digest.js +372 -0
package/dist/seal/intent-digest.js.map +1 -0
package/dist/seal.d.ts +166 -3
package/dist/seal.d.ts.map +1 -1
package/dist/seal.js +428 -8
package/dist/seal.js.map +1 -1
package/dist/security-analytics.d.ts +3 -3
package/dist/security-analytics.d.ts.map +1 -1
package/dist/security-analytics.js +13 -128
package/dist/security-analytics.js.map +1 -1
package/dist/session-mint.d.ts +72 -0
package/dist/session-mint.d.ts.map +1 -0
package/dist/session-mint.js +59 -0
package/dist/session-mint.js.map +1 -0
package/dist/sigil.d.ts +0 -4
package/dist/sigil.d.ts.map +1 -1
package/dist/simulation.d.ts +19 -0
package/dist/simulation.d.ts.map +1 -1
package/dist/simulation.js +211 -138
package/dist/simulation.js.map +1 -1
package/dist/squads-detection.d.ts +135 -0
package/dist/squads-detection.d.ts.map +1 -0
package/dist/squads-detection.js +124 -0
package/dist/squads-detection.js.map +1 -0
package/dist/state-resolver.d.ts +0 -16
package/dist/state-resolver.d.ts.map +1 -1
package/dist/state-resolver.js +162 -97
package/dist/state-resolver.js.map +1 -1
package/dist/testing/devnet.d.ts +40 -1
package/dist/testing/devnet.d.ts.map +1 -1
package/dist/testing/devnet.js +333 -45
package/dist/testing/devnet.js.map +1 -1
package/dist/testing/errors/expect.d.ts +137 -0
package/dist/testing/errors/expect.d.ts.map +1 -0
package/dist/testing/errors/expect.js +372 -0
package/dist/testing/errors/expect.js.map +1 -0
package/dist/testing/errors/index.d.ts +3 -0
package/dist/testing/errors/index.d.ts.map +1 -0
package/dist/testing/errors/index.js +8 -0
package/dist/testing/errors/index.js.map +1 -0
package/dist/testing/errors/names.generated.d.ts +211 -0
package/dist/testing/errors/names.generated.d.ts.map +1 -0
package/dist/testing/errors/names.generated.js +206 -0
package/dist/testing/errors/names.generated.js.map +1 -0
package/dist/testing/index.d.ts +1 -0
package/dist/testing/index.d.ts.map +1 -1
package/dist/testing/index.js +8 -0
package/dist/testing/index.js.map +1 -1
package/dist/testing/mock-rpc.d.ts +16 -0
package/dist/testing/mock-rpc.d.ts.map +1 -1
package/dist/testing/mock-rpc.js +27 -0
package/dist/testing/mock-rpc.js.map +1 -1
package/dist/testing/mock-state.d.ts +2 -0
package/dist/testing/mock-state.d.ts.map +1 -1
package/dist/testing/mock-state.js +45 -6
package/dist/testing/mock-state.js.map +1 -1
package/dist/types.d.ts +5 -15
package/dist/types.d.ts.map +1 -1
package/dist/types.js +11 -69
package/dist/types.js.map +1 -1
package/dist/vault-analytics.d.ts +0 -2
package/dist/vault-analytics.d.ts.map +1 -1
package/dist/vault-analytics.js +1 -9
package/dist/vault-analytics.js.map +1 -1
package/package.json +12 -5
package/dist/dashboard/constraint-reads.d.ts +0 -50
package/dist/dashboard/constraint-reads.d.ts.map +0 -1
package/dist/dashboard/constraint-reads.js +0 -119
package/dist/dashboard/constraint-reads.js.map +0 -1
package/dist/generated/accounts/escrowDeposit.d.ts +0 -50
package/dist/generated/accounts/escrowDeposit.d.ts.map +0 -1
package/dist/generated/accounts/escrowDeposit.js +0 -76
package/dist/generated/accounts/escrowDeposit.js.map +0 -1
package/dist/generated/accounts/instructionConstraints.d.ts +0 -46
package/dist/generated/accounts/instructionConstraints.d.ts.map +0 -1
package/dist/generated/accounts/instructionConstraints.js +0 -73
package/dist/generated/accounts/instructionConstraints.js.map +0 -1
package/dist/generated/accounts/pendingCloseConstraints.d.ts +0 -37
package/dist/generated/accounts/pendingCloseConstraints.d.ts.map +0 -1
package/dist/generated/accounts/pendingCloseConstraints.js +0 -66
package/dist/generated/accounts/pendingCloseConstraints.js.map +0 -1
package/dist/generated/accounts/pendingConstraintsUpdate.d.ts +0 -62
package/dist/generated/accounts/pendingConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/accounts/pendingConstraintsUpdate.js +0 -75
package/dist/generated/accounts/pendingConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/allocateConstraintsPda.d.ts +0 -62
package/dist/generated/instructions/allocateConstraintsPda.d.ts.map +0 -1
package/dist/generated/instructions/allocateConstraintsPda.js +0 -134
package/dist/generated/instructions/allocateConstraintsPda.js.map +0 -1
package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts +0 -66
package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts.map +0 -1
package/dist/generated/instructions/allocatePendingConstraintsPda.js.map +0 -1
package/dist/generated/instructions/applyCloseConstraints.d.ts +0 -59
package/dist/generated/instructions/applyCloseConstraints.d.ts.map +0 -1
package/dist/generated/instructions/applyCloseConstraints.js +0 -143
package/dist/generated/instructions/applyCloseConstraints.js.map +0 -1
package/dist/generated/instructions/applyConstraintsUpdate.d.ts +0 -62
package/dist/generated/instructions/applyConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/instructions/applyConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/cancelCloseConstraints.d.ts +0 -51
package/dist/generated/instructions/cancelCloseConstraints.d.ts.map +0 -1
package/dist/generated/instructions/cancelCloseConstraints.js +0 -115
package/dist/generated/instructions/cancelCloseConstraints.js.map +0 -1
package/dist/generated/instructions/cancelConstraintsUpdate.d.ts +0 -51
package/dist/generated/instructions/cancelConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/instructions/cancelConstraintsUpdate.js +0 -115
package/dist/generated/instructions/cancelConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/closeSettledEscrow.d.ts +0 -72
package/dist/generated/instructions/closeSettledEscrow.d.ts.map +0 -1
package/dist/generated/instructions/closeSettledEscrow.js +0 -127
package/dist/generated/instructions/closeSettledEscrow.js.map +0 -1
package/dist/generated/instructions/createEscrow.d.ts +0 -131
package/dist/generated/instructions/createEscrow.d.ts.map +0 -1
package/dist/generated/instructions/createEscrow.js +0 -272
package/dist/generated/instructions/createEscrow.js.map +0 -1
package/dist/generated/instructions/createInstructionConstraints.d.ts +0 -68
package/dist/generated/instructions/createInstructionConstraints.d.ts.map +0 -1
package/dist/generated/instructions/createInstructionConstraints.js.map +0 -1
package/dist/generated/instructions/extendPda.d.ts +0 -52
package/dist/generated/instructions/extendPda.d.ts.map +0 -1
package/dist/generated/instructions/extendPda.js +0 -86
package/dist/generated/instructions/extendPda.js.map +0 -1
package/dist/generated/instructions/queueCloseConstraints.d.ts +0 -66
package/dist/generated/instructions/queueCloseConstraints.d.ts.map +0 -1
package/dist/generated/instructions/queueCloseConstraints.js.map +0 -1
package/dist/generated/instructions/queueConstraintsUpdate.d.ts +0 -75
package/dist/generated/instructions/queueConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/instructions/queueConstraintsUpdate.js +0 -154
package/dist/generated/instructions/queueConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/refundEscrow.d.ts +0 -74
package/dist/generated/instructions/refundEscrow.d.ts.map +0 -1
package/dist/generated/instructions/refundEscrow.js +0 -142
package/dist/generated/instructions/refundEscrow.js.map +0 -1
package/dist/generated/instructions/settleEscrow.d.ts +0 -80
package/dist/generated/instructions/settleEscrow.d.ts.map +0 -1
package/dist/generated/instructions/settleEscrow.js +0 -173
package/dist/generated/instructions/settleEscrow.js.map +0 -1
package/dist/generated/types/accountConstraint.d.ts +0 -18
package/dist/generated/types/accountConstraint.d.ts.map +0 -1
package/dist/generated/types/accountConstraint.js +0 -24
package/dist/generated/types/accountConstraint.js.map +0 -1
package/dist/generated/types/accountConstraintZC.d.ts +0 -18
package/dist/generated/types/accountConstraintZC.d.ts.map +0 -1
package/dist/generated/types/accountConstraintZC.js +0 -26
package/dist/generated/types/accountConstraintZC.js.map +0 -1
package/dist/generated/types/closeConstraintsApplied.d.ts +0 -20
package/dist/generated/types/closeConstraintsApplied.d.ts.map +0 -1
package/dist/generated/types/closeConstraintsApplied.js +0 -24
package/dist/generated/types/closeConstraintsApplied.js.map +0 -1
package/dist/generated/types/closeConstraintsCancelled.d.ts +0 -16
package/dist/generated/types/closeConstraintsCancelled.d.ts.map +0 -1
package/dist/generated/types/closeConstraintsCancelled.js +0 -18
package/dist/generated/types/closeConstraintsCancelled.js.map +0 -1
package/dist/generated/types/closeConstraintsQueued.d.ts +0 -20
package/dist/generated/types/closeConstraintsQueued.d.ts.map +0 -1
package/dist/generated/types/closeConstraintsQueued.js +0 -24
package/dist/generated/types/closeConstraintsQueued.js.map +0 -1
package/dist/generated/types/constraintEntry.d.ts +0 -39
package/dist/generated/types/constraintEntry.d.ts.map +0 -1
package/dist/generated/types/constraintEntry.js +0 -31
package/dist/generated/types/constraintEntry.js.map +0 -1
package/dist/generated/types/constraintEntryZC.d.ts +0 -68
package/dist/generated/types/constraintEntryZC.d.ts.map +0 -1
package/dist/generated/types/constraintEntryZC.js +0 -49
package/dist/generated/types/constraintEntryZC.js.map +0 -1
package/dist/generated/types/constraintOperator.d.ts +0 -22
package/dist/generated/types/constraintOperator.d.ts.map +0 -1
package/dist/generated/types/constraintOperator.js +0 -28
package/dist/generated/types/constraintOperator.js.map +0 -1
package/dist/generated/types/constraintsChangeApplied.d.ts +0 -30
package/dist/generated/types/constraintsChangeApplied.d.ts.map +0 -1
package/dist/generated/types/constraintsChangeApplied.js +0 -32
package/dist/generated/types/constraintsChangeApplied.js.map +0 -1
package/dist/generated/types/constraintsChangeCancelled.d.ts +0 -16
package/dist/generated/types/constraintsChangeCancelled.d.ts.map +0 -1
package/dist/generated/types/constraintsChangeCancelled.js +0 -18
package/dist/generated/types/constraintsChangeCancelled.js.map +0 -1
package/dist/generated/types/constraintsChangeQueued.d.ts +0 -30
package/dist/generated/types/constraintsChangeQueued.d.ts.map +0 -1
package/dist/generated/types/constraintsChangeQueued.js +0 -32
package/dist/generated/types/constraintsChangeQueued.js.map +0 -1
package/dist/generated/types/dataConstraint.d.ts +0 -23
package/dist/generated/types/dataConstraint.d.ts.map +0 -1
package/dist/generated/types/dataConstraint.js +0 -27
package/dist/generated/types/dataConstraint.js.map +0 -1
package/dist/generated/types/dataConstraintZC.d.ts +0 -20
package/dist/generated/types/dataConstraintZC.d.ts.map +0 -1
package/dist/generated/types/dataConstraintZC.js +0 -30
package/dist/generated/types/dataConstraintZC.js.map +0 -1
package/dist/generated/types/discriminatorFormat.d.ts +0 -25
package/dist/generated/types/discriminatorFormat.d.ts.map +0 -1
package/dist/generated/types/discriminatorFormat.js +0 -31
package/dist/generated/types/discriminatorFormat.js.map +0 -1
package/dist/generated/types/escrowCreated.d.ts +0 -30
package/dist/generated/types/escrowCreated.d.ts.map +0 -1
package/dist/generated/types/escrowCreated.js +0 -34
package/dist/generated/types/escrowCreated.js.map +0 -1
package/dist/generated/types/escrowRefunded.d.ts +0 -26
package/dist/generated/types/escrowRefunded.d.ts.map +0 -1
package/dist/generated/types/escrowRefunded.js +0 -30
package/dist/generated/types/escrowRefunded.js.map +0 -1
package/dist/generated/types/escrowSettled.d.ts +0 -26
package/dist/generated/types/escrowSettled.d.ts.map +0 -1
package/dist/generated/types/escrowSettled.js +0 -30
package/dist/generated/types/escrowSettled.js.map +0 -1
package/dist/generated/types/escrowStatus.d.ts +0 -18
package/dist/generated/types/escrowStatus.d.ts.map +0 -1
package/dist/generated/types/escrowStatus.js +0 -24
package/dist/generated/types/escrowStatus.js.map +0 -1
package/dist/generated/types/instructionConstraintsCreated.d.ts +0 -34
package/dist/generated/types/instructionConstraintsCreated.d.ts.map +0 -1
package/dist/generated/types/instructionConstraintsCreated.js +0 -36
package/dist/generated/types/instructionConstraintsCreated.js.map +0 -1
package/dist/generated/types/pdaAllocated.d.ts +0 -24
package/dist/generated/types/pdaAllocated.d.ts.map +0 -1
package/dist/generated/types/pdaAllocated.js.map +0 -1
package/dist/generated/types/pdaExtended.d.ts +0 -24
package/dist/generated/types/pdaExtended.d.ts.map +0 -1
package/dist/generated/types/pdaExtended.js +0 -28
package/dist/generated/types/pdaExtended.js.map +0 -1
package/dist/integrations/protocol-handler.d.ts +0 -59
package/dist/integrations/protocol-handler.d.ts.map +0 -1
package/dist/integrations/protocol-handler.js +0 -9
package/dist/integrations/protocol-handler.js.map +0 -1

package/dist/seal.js CHANGED Viewed

@@ -13,14 +13,16 @@
  * - PROTOCOL_TREASURY token accounts initialized for USDC/USDT on devnet
  * - Vault funded with tokens and ATAs created
  */
-import { AccountRole } from "./kit-adapter.js";
+import { AccountRole, fetchEncodedAccounts, } from "./kit-adapter.js";
 import { getSigilModuleLogger, setSigilModuleLogger } from "./logger.js";
 import { newCorrelationId, invokeHook, composeHooks, } from "./hooks.js";
 import { runPlugins, validatePluginList, } from "./plugin.js";
 import { VaultStatus } from "./generated/types/vaultStatus.js";
 import { getValidateAndAuthorizeInstructionAsync } from "./generated/instructions/validateAndAuthorize.js";
 import { getFinalizeSessionInstructionAsync } from "./generated/instructions/finalizeSession.js";
-import { resolveVaultState, resolveVaultStateForOwner, resolveVaultBudget, } from "./state-resolver.js";
+import { computeScalarIntentDigest, computeSealInputDigest, } from "./seal/intent-digest.js";
+import { deriveNetworkIdentity, } from "./caip2-network.js";
+import { resolveVaultState, resolveVaultStateForOwner, resolveVaultBudget, bytesToAddress, } from "./state-resolver.js";
 import { getSessionPDA, getAgentOverlayPDA } from "./resolve-accounts.js";
 import { composeSigilTransaction, measureTransactionSize } from "./composer.js";
 import { BlockhashCache, getBlockhashCache, signAndEncode, sendAndConfirmTransaction, } from "./rpc-helpers.js";
@@ -36,14 +38,13 @@ import { parseTokenBalance } from "./simulation.js";
 import { createVault, } from "./create-vault.js";
 import { SigilSdkDomainError } from "./errors/sdk.js";
 import { SigilRpcError } from "./errors/rpc.js";
-import { SIGIL_ERROR__SDK__VAULT_INACTIVE, SIGIL_ERROR__SDK__AGENT_NOT_REGISTERED, SIGIL_ERROR__SDK__AGENT_PAUSED, SIGIL_ERROR__SDK__AGENT_ZERO_CAPABILITY, SIGIL_ERROR__SDK__INVALID_AMOUNT, SIGIL_ERROR__SDK__INVALID_CONFIG, SIGIL_ERROR__SDK__INVALID_NETWORK, SIGIL_ERROR__SDK__INVALID_PARAMS, SIGIL_ERROR__SDK__SPL_TOKEN_OP_BLOCKED, SIGIL_ERROR__SDK__PROTOCOL_NOT_ALLOWED, SIGIL_ERROR__SDK__PROTOCOL_NOT_TARGETED, SIGIL_ERROR__SDK__INSTRUCTION_COUNT, SIGIL_ERROR__SDK__CAP_EXCEEDED, SIGIL_ERROR__SDK__ATA_NON_CANONICAL, SIGIL_ERROR__SDK__HOOK_ABORTED, SIGIL_ERROR__RPC__TX_FAILED, SIGIL_ERROR__RPC__TX_TOO_LARGE, } from "./errors/codes.js";
+import { SIGIL_ERROR__SDK__VAULT_INACTIVE, SIGIL_ERROR__SDK__AGENT_NOT_REGISTERED, SIGIL_ERROR__SDK__AGENT_PAUSED, SIGIL_ERROR__SDK__AGENT_ZERO_CAPABILITY, SIGIL_ERROR__SDK__INVALID_AMOUNT, SIGIL_ERROR__SDK__INVALID_CONFIG, SIGIL_ERROR__SDK__INVALID_NETWORK, SIGIL_ERROR__SDK__INVALID_PARAMS, SIGIL_ERROR__SDK__SPL_TOKEN_OP_BLOCKED, SIGIL_ERROR__SDK__PROTOCOL_NOT_ALLOWED, SIGIL_ERROR__SDK__PROTOCOL_NOT_TARGETED, SIGIL_ERROR__SDK__INSTRUCTION_COUNT, SIGIL_ERROR__SDK__CAP_EXCEEDED, SIGIL_ERROR__SDK__ATA_NON_CANONICAL, SIGIL_ERROR__SDK__SEAL_FAILED, SIGIL_ERROR__SDK__HOOK_ABORTED, SIGIL_ERROR__SDK__MAINNET_CONFIRMATION_REQUIRED, SIGIL_ERROR__RPC__TX_FAILED, SIGIL_ERROR__RPC__TX_TOO_LARGE, } from "./errors/codes.js";
 // ─── Well-known program addresses to strip ──────────────────────────────────
 // PR 3.B F036: use canonical constants from types.ts instead of local dupes.
 import { TOKEN_PROGRAM_ADDRESS as TOKEN_PROGRAM, TOKEN_2022_PROGRAM_ADDRESS as TOKEN_2022_PROGRAM, COMPUTE_BUDGET_PROGRAM_ADDRESS as COMPUTE_BUDGET_PROGRAM, SYSTEM_PROGRAM_ADDRESS as SYSTEM_PROGRAM, } from "./types.js";
 /** Sentinel balance for drain detection when RPC fails to fetch actual balance.
  *  1n makes any outflow trigger percentage-based flags (conservative). */
 const DRAIN_DETECTION_MIN_BALANCE = 1n;
-// ─── Internal helpers ───────────────────────────────────────────────────────
 /** Replace agent ATAs with vault ATAs in DeFi instruction account lists. */
 export function replaceAgentAtas(instructions, replacements) {
     if (replacements.size === 0)
@@ -64,6 +65,106 @@ export function replaceAgentAtas(instructions, replacements) {
         }),
     }));
 }
+/**
+ * F-Q4 satisfier helper — resolve the mints of VAULT-OWNED Token-2022 token
+ * accounts among the sandwiched DeFi instruction's writable accounts.
+ *
+ * The on-chain F-Q4 gate (`validate_and_authorize` → `destination_check`) vets
+ * the mint EXTENSIONS of any vault-owned Token-2022 token account a swap
+ * delivers into the vault — a PermanentDelegate / TransferHook /
+ * ConfidentialTransfer mint could let a third party drain or hide the holding
+ * out-of-band. To do so it reads the token account's mint (bytes[0..32]) and
+ * REQUIRES that mint resolvable in validate's `remaining_accounts`, else it
+ * reverts `ErrToken2022OutputMintUnresolvable` (6106). The F-Q1a writable set
+ * does NOT carry the mint (a mint is read-only in a swap), so this resolves it.
+ *
+ * Mirrors the on-chain demand EXACTLY (destination_check.rs:166-219): an account
+ * triggers the gate iff it is owned by the Token-2022 program, has >= 72 bytes,
+ * and its token-account authority (bytes[32..64]) is the vault. For each such
+ * account this returns its mint (bytes[0..32]) as a READONLY meta.
+ *
+ * It is PLUMBING, not enforcement: it only adds read-only classification
+ * accounts; the on-chain gate stays the sole enforcer. A mint missed here can
+ * only cause a fail-closed 6106 revert (never a drain); a mint added that the
+ * gate does not demand is harmless (the gate looks it up by pubkey on demand).
+ *
+ * @param fetched     results of `fetchEncodedAccounts` over the candidate
+ *                    writable accounts (each carries its own on-chain bytes).
+ * @param vault       the vault PDA — only token accounts it authorizes are vetted.
+ * @param alreadySeen pubkeys already appended to remaining_accounts (the F-Q1a
+ *                    writable set) — skip re-adding them.
+ * @returns deduped READONLY metas, one per distinct vault-owned T22 output mint.
+ */
+export function resolveT22OutputMintMetas(fetched, vault, alreadySeen) {
+    const metas = [];
+    const mintSeen = new Set();
+    for (const acc of fetched) {
+        // Non-existent on-chain (e.g. a lagging RPC view): the gate can only demand
+        // a mint for an account it reads as a vault-owned T22 token account.
+        if (!acc.exists)
+            continue;
+        // Only Token-2022-owned accounts can be vault-owned T22 token accounts.
+        if (acc.programAddress !== TOKEN_2022_PROGRAM)
+            continue;
+        // Mirror the on-chain length guard (destination_check.rs:180) BEFORE any
+        // slice — a token account's base layout is 165+ bytes; <72 cannot be one.
+        if (acc.data.length < 72)
+            continue;
+        // Token-account authority ("owner" field, bytes[32..64]); only accounts the
+        // VAULT authorizes are the swap's deliver-into-vault target.
+        const authority = bytesToAddress(acc.data.slice(32, 64));
+        if (authority !== vault)
+            continue;
+        // The acquired token's mint (bytes[0..32]) — what the gate vets + demands.
+        const mint = bytesToAddress(acc.data.slice(0, 32));
+        if (alreadySeen.has(mint) || mintSeen.has(mint))
+            continue;
+        mintSeen.add(mint);
+        metas.push({ address: mint, role: AccountRole.READONLY });
+    }
+    return metas;
+}
+/**
+ * M3-01 satisfier helper (derivation half) — the vault's canonical USDC + USDT
+ * associated token accounts that finalize's `stable_balance_floor` must see.
+ *
+ * The on-chain floor (finalize_session) sums the vault's combined USDC+USDT
+ * balance and counts ONLY each stablecoin's CANONICAL ATA (M3-01 pin). Sources
+ * 1+2 (the named vaultTokenAccount + outputStablecoinAccount) cover the session
+ * token and — sometimes — USDC, so a vault that holds reserve in the OTHER
+ * stablecoin would under-count and falsely revert. This derives both canonical
+ * stablecoin ATAs and drops any already present on finalize (a named account or
+ * the F-Q1a writable set); the remainder are fed to finalize's
+ * remaining_accounts (on-chain "Source 3").
+ *
+ * Pure derivation (no RPC) — existence is checked separately — so it is
+ * trivially testable. `deriveAta` is legacy-SPL (correct for the current
+ * USDC/USDT mints; a Token-2022 stablecoin would need a T22-aware derivation,
+ * matching the on-chain SCOPE note in finalize_session.rs).
+ */
+export async function deriveStablecoinFloorCandidates(vault, usdcMint, usdtMint, alreadyPresent) {
+    const [usdcAta, usdtAta] = await Promise.all([
+        deriveAta(vault, usdcMint),
+        deriveAta(vault, usdtMint),
+    ]);
+    return [usdcAta, usdtAta].filter((ata) => !alreadyPresent.has(ata));
+}
+/**
+ * M3-01 satisfier helper (existence half) — given the fetched candidate
+ * accounts (parallel to `candidates`), return the EXISTING ones as READONLY
+ * metas for finalize's remaining_accounts. A non-existent ATA is harmless
+ * on-chain (the floor skips any non-token-program account), but we omit it to
+ * save wire bytes. Mirrors the F-Q4 `resolveT22OutputMintMetas` existence gate.
+ */
+export function resolveStablecoinFloorMetas(fetched, candidates) {
+    const metas = [];
+    for (let i = 0; i < candidates.length; i++) {
+        if (fetched[i]?.exists) {
+            metas.push({ address: candidates[i], role: AccountRole.READONLY });
+        }
+    }
+    return metas;
+}
 // ACTION_TYPE_KEYS removed — ActionType enum eliminated in v6.
 // Spending is now determined by amount > 0n.
 // ─── Shared caches ──────────────────────────────────────────────────────────
@@ -375,8 +476,126 @@ export async function seal(params) {
         }
     }
     const rewrittenDefiInstructions = replaceAgentAtas(defiInstructions, ataReplacements);
-    // Step 8: Build validate_and_authorize instruction
-    const validateIx = await getValidateAndAuthorizeInstructionAsync({
+    // F-Q1a SATISFIER (not enforcer). The on-chain destination COMPLETENESS
+    // invariant requires every writable, non-vault account of the sandwiched
+    // DeFi instruction to be resolvable in validate's AND finalize's
+    // remaining_accounts, so the guard can read each owner byte and classify it
+    // (an absent writable meta is now rejected fail-closed:
+    // DestinationAccountUnresolvable). Reviving the per-recipient cap + floor sum
+    // depends on the same accounts reaching finalize. We extract every writable
+    // account of the *rewritten* DeFi ixs (post agent-ATA->vault-ATA rewrite, so
+    // the addresses are exactly what executes — iterating the pre-rewrite list
+    // would capture stale agent ATAs) and attach them as READONLY remaining
+    // accounts on both wrapper ixs. READONLY grants no write/sign; the compiled
+    // message de-dups by pubkey (mergeRoles keeps the DeFi ix's WRITABLE), and
+    // accounts already referenced by the DeFi ix cost ~1 index byte each. This
+    // only gives the guard visibility — it never changes the route or intent
+    // (atomic-guard principle: feed accounts to inspect, never reshape the tx).
+    const feePayer = params.agent.address;
+    const defiWritableSeen = new Set();
+    const defiWritableReadonlyMetas = [];
+    for (const ix of rewrittenDefiInstructions) {
+        for (const acc of ix.accounts ?? []) {
+            const declaredWritable = acc.role === AccountRole.WRITABLE ||
+                acc.role === AccountRole.WRITABLE_SIGNER;
+            // The fee-payer agent is WRITABLE in the compiled v0 message regardless of
+            // the role the DeFi ix declares for it. The on-chain completeness check
+            // reads writability from the compiled message (via
+            // load_instruction_at_checked), so a DeFi ix that lists the agent as a
+            // readonly signer still surfaces it as a writable meta on-chain — include
+            // it so completeness is satisfiable. (Vault ATAs that validate marks
+            // writable already appear writable in the swap ix, so the fee payer is the
+            // only writability divergence between the ix role and the compiled view.)
+            const onChainWritable = declaredWritable || acc.address === feePayer;
+            if (onChainWritable && !defiWritableSeen.has(acc.address)) {
+                defiWritableSeen.add(acc.address);
+                defiWritableReadonlyMetas.push({
+                    address: acc.address,
+                    role: AccountRole.READONLY,
+                });
+            }
+        }
+    }
+    // F-Q4 SATISFIER — vault-owned Token-2022 output-mint resolution.
+    //
+    // When a swap delivers a Token-2022 token INTO a vault-owned ATA, the on-chain
+    // F-Q4 gate (validate_and_authorize → destination_check) vets that mint's
+    // extensions and REQUIRES the mint resolvable in validate's remaining_accounts
+    // (else `ErrToken2022OutputMintUnresolvable` 6106). The F-Q1a writable set
+    // above does NOT carry it (a mint is read-only in a swap), so resolve + append
+    // it here. Validate is the SOLE consumer — finalize_session does not run
+    // destination_check — so these go on validate ONLY.
+    //
+    // PERF GATE (sound + fail-closed): only fetch when the Token-2022 program
+    // appears in the bundle. Writing a vault Token-2022 account REQUIRES invoking
+    // Token-2022, and any invoked program must appear in the invoking ix's account
+    // list — so a vault-owned T22 account can never be written without T22 showing
+    // up here. If this gate were ever wrong it can only SKIP the fetch → an honest
+    // T22 swap reverts 6106 (fail-closed DX), never a bypass. Classic-SPL swaps
+    // (the common case) skip the fetch entirely, and existing classic/mock seal
+    // tests never trigger the extra RPC round-trip.
+    //
+    // Rule B: this gate is NON-WEIGHTING on security — under-fire is impossible
+    // (the program that touches a vault T22 account is always present in the
+    // invoking ix's account metas, so the scan cannot miss it), so the round-trip
+    // saving never trades against the (fail-closed) security feed. No pre-flight
+    // warning is emitted: a gate skip cannot coincide with a vault T22 write, and
+    // detecting one would require the very fetch the gate is optimizing away.
+    let t22OutputMintReadonlyMetas = [];
+    const bundleTouchesToken2022 = rewrittenDefiInstructions.some((ix) => ix.programAddress === TOKEN_2022_PROGRAM ||
+        (ix.accounts ?? []).some((acc) => acc.address === TOKEN_2022_PROGRAM));
+    if (bundleTouchesToken2022 && defiWritableReadonlyMetas.length > 0) {
+        // One batched getMultipleAccounts over the (<=24) writable DeFi accounts.
+        const candidateAddresses = defiWritableReadonlyMetas.map((m) => m.address);
+        let fetchedCandidates;
+        try {
+            fetchedCandidates = await fetchEncodedAccounts(params.rpc, candidateAddresses);
+        }
+        catch (err) {
+            // Fail CLOSED with CONTEXT (not swallow-and-continue): if the bundle
+            // delivers a Token-2022 token into the vault, feeding no mint would make
+            // the on-chain gate revert 6106 — a far more opaque failure. Surface a
+            // domain-typed, step-named error so the caller knows it was the F-Q4
+            // output-mint resolution that failed (mirrors how the sibling stablecoin-
+            // ATA and balance fetches contextualize their RPC errors).
+            throw new SigilSdkDomainError(SIGIL_ERROR__SDK__SEAL_FAILED, "F-Q4 output-mint resolution failed: could not fetch the swap's " +
+                "writable accounts to detect vault-owned Token-2022 outputs. If the " +
+                "bundle delivers a Token-2022 token into the vault, on-chain " +
+                "validation would revert 6106 (ErrToken2022OutputMintUnresolvable). " +
+                "Retry once the RPC is reachable.", { context: { candidateAddresses, cause: redactCause(err) } });
+        }
+        t22OutputMintReadonlyMetas = resolveT22OutputMintMetas(fetchedCandidates, params.vault, defiWritableSeen);
+    }
+    // Step 8: Build validate_and_authorize instruction.
+    //
+    // AC-10 (Phase 4): pass `expectedNonce = 0n`. The session PDA is created
+    // via `init` (not `init_if_needed`) on every validate, so a fresh session
+    // account starts at nonce=0. The on-chain handler requires
+    // `session.nonce == expected_nonce`, so callers MUST pass 0 in the
+    // steady-state flow. Phase 8 ownership-transfer flow (M-5) reuses the
+    // same field with non-close semantics; that path will resolve the stored
+    // value off-chain before calling `seal`.
+    //
+    // D-1 + D-6 (Bucket 2 audit 2026-05-21): AL3 scalar intent digest. We
+    // compute SHA-256 over the canonical SealInput SCALARS (magic prefix +
+    // intent_version + network + vault + agent + token_mint + amount +
+    // target_protocol) — the on-chain verifier in `validate_and_authorize`
+    // recomputes the same digest from its handler args and rejects on byte-
+    // equal mismatch with `ErrIntentDigestMismatch` (6102). This closes the
+    // preview→execute scalar-tamper class (recipient/amount/mint/protocol
+    // swap between the user's signed preview and the submitted bundle).
+    // The full ix-bound digest (`computeSealInputDigest` above) remains
+    // client-side only — ATA-rewrite mapping for on-chain ix binding is
+    // v0.17 work.
+    const scalarIntentDigest = computeScalarIntentDigest({
+        vault: params.vault,
+        agent: params.agent.address,
+        tokenMint: params.tokenMint,
+        amount: params.amount,
+        targetProtocol,
+        network: params.network,
+    });
+    const validateIxBase = await getValidateAndAuthorizeInstructionAsync({
         agent: params.agent,
         vault: params.vault,
         agentSpendOverlay: agentOverlayPda,
@@ -389,8 +608,24 @@ export async function seal(params) {
         amount: params.amount,
         targetProtocol,
         expectedPolicyVersion: state.policy.policyVersion ?? 0n,
+        expectedNonce: 0n,
+        expectedIntentDigest: scalarIntentDigest,
     });
-    const finalizeIx = await getFinalizeSessionInstructionAsync({
+    // F-Q1a satisfier: append the DeFi ix's writable accounts (as READONLY) to
+    // validate's remaining_accounts so the on-chain completeness invariant is
+    // satisfiable. Spread into a NEW array — Instruction.accounts is readonly.
+    const validateIx = {
+        ...validateIxBase,
+        accounts: [
+            ...(validateIxBase.accounts ?? []),
+            ...defiWritableReadonlyMetas,
+            // F-Q4: vault-owned Token-2022 output mints (validate-only consumer; the
+            // on-chain gate searches remaining_accounts positionally, so append even
+            // when a mint is also a named account such as the input tokenMintAccount).
+            ...t22OutputMintReadonlyMetas,
+        ],
+    };
+    const finalizeIxBase = await getFinalizeSessionInstructionAsync({
         payer: params.agent,
         vault: params.vault,
         session: sessionPda,
@@ -399,6 +634,68 @@ export async function seal(params) {
         vaultTokenAccount,
         outputStablecoinAccount,
     });
+    // M3-01: feed the vault's other canonical stablecoin ATA(s) into finalize so
+    // the combined USDC+USDT stable_balance_floor sees the vault's FULL stablecoin
+    // holdings. On-chain Sources 1+2 only cover the session token + the output
+    // stablecoin, so a vault holding reserve in the OTHER stablecoin would
+    // under-count and falsely revert ErrStableFloorViolation. Only canonical ATAs
+    // count on-chain (M3-01 pin), so feeding exactly those is sufficient + minimal.
+    // Gated on stable_balance_floor > 0 — the default (no floor) adds no accounts
+    // and no RPC. Existence-checked + de-duped against named/fed metas.
+    let stablecoinFloorMetas = [];
+    // Coerce defensively: the resolver always decodes this as a bigint, but a
+    // hand-built cachedState could pass a number/null (the pending-mutation form
+    // of this field uses null). BigInt(x ?? 0n) gates correctly for all of them
+    // so the satisfier never SILENTLY skips when a floor is actually set.
+    if (BigInt(state.policy.stableBalanceFloor ?? 0n) > 0n) {
+        const usdcMintForFloor = net === "devnet" ? USDC_MINT_DEVNET : USDC_MINT_MAINNET;
+        const usdtMintForFloor = net === "devnet" ? USDT_MINT_DEVNET : USDT_MINT_MAINNET;
+        const alreadyPresent = new Set([
+            vaultTokenAccount,
+            ...(outputStablecoinAccount ? [outputStablecoinAccount] : []),
+            ...defiWritableReadonlyMetas.map((m) => m.address),
+        ]);
+        const floorCandidates = await deriveStablecoinFloorCandidates(params.vault, usdcMintForFloor, usdtMintForFloor, alreadyPresent);
+        if (floorCandidates.length > 0) {
+            try {
+                const fetchedFloor = await fetchEncodedAccounts(params.rpc, floorCandidates);
+                // fetchEncodedAccounts is contractually length-preserving; if a
+                // malformed RPC response ever returned fewer entries, the index-parallel
+                // existence filter would drop an ATA silently. Surface it (the drop is
+                // still fail-safe: a missing ATA only makes the floor stricter).
+                if (fetchedFloor.length !== floorCandidates.length) {
+                    warnings.push(`M3-01 stable-floor: RPC returned ${fetchedFloor.length} of ` +
+                        `${floorCandidates.length} requested stablecoin ATA(s); any ` +
+                        `omitted ATA is dropped from the floor (over-strict, never a bypass).`);
+                }
+                stablecoinFloorMetas = resolveStablecoinFloorMetas(fetchedFloor, floorCandidates);
+            }
+            catch (err) {
+                // Resilient, NOT silent: the on-chain floor still enforces — feeding no
+                // extra ATA only makes it stricter (fail-safe), never a bypass. Surface
+                // a warning so a vault holding reserve in the OTHER stablecoin can
+                // explain a possible on-chain ErrStableFloorViolation. Mirrors the
+                // output-stablecoin ATA existence check above.
+                const cause = redactCause(err);
+                warnings.push(`M3-01 stable-floor ATA resolution failed due to RPC error (${cause.message ?? cause.name ?? cause.code ?? "unknown"}). ` +
+                    `Proceeding without the extra stablecoin ATA(s); if this vault holds ` +
+                    `reserve in the non-session stablecoin, finalize may revert ` +
+                    `ErrStableFloorViolation. Retry once the RPC is reachable.`);
+            }
+        }
+    }
+    // F-Q1a satisfier: finalize's per-recipient cap + floor sum walk the SAME
+    // DeFi metas and resolve them in finalize's own remaining_accounts, so the
+    // writable accounts must reach finalize too (validate and finalize each carry
+    // their own remaining_accounts).
+    const finalizeIx = {
+        ...finalizeIxBase,
+        accounts: [
+            ...(finalizeIxBase.accounts ?? []),
+            ...defiWritableReadonlyMetas,
+            ...stablecoinFloorMetas,
+        ],
+    };
     // Step 10: Compose + compile + measure
     const blockhash = params.blockhash ?? (await getBlockhashCache(params.rpc).get(params.rpc));
     // Resolve ALTs — Sigil ALT + protocol ALTs (e.g. Jupiter route-specific)
@@ -500,10 +797,29 @@ export async function seal(params) {
     // covers all three entry paths (executeAndConfirm, SigilVault.execute,
     // bare seal()) with exactly one invocation per seal.
     await invokeHook(params.hooks, "onBeforeSign", _hookCtx, compiledTx);
+    // AL3 — Phase 9 Batch I per-call intent digest. Computed over the
+    // user-approved (vault, agent, mint, amount, target_protocol, network,
+    // instructions[]) projection. Excludes wallet-side mutations (Compute
+    // Budget ixs prepended later by signers) so the digest reflects exactly
+    // what the user approved, not what the wallet wrapped around it.
+    const intentDigest = computeSealInputDigest({
+        vault: params.vault,
+        agent: params.agent.address,
+        tokenMint: params.tokenMint,
+        amount: params.amount,
+        targetProtocol: params.targetProtocol,
+        network: params.network,
+        instructions: defiInstructions,
+    });
+    // AL4 — Phase 9 Batch J network identity. CAIP-2 chain id + derived
+    // isMainnet boolean. The chain id is also bound into the AL3 digest
+    // above via the network_id byte, so a mainnet bundle cannot be
+    // replayed on devnet (and vice versa) without producing a different
+    // intentDigest.
+    const networkIdentity = deriveNetworkIdentity(params.network);
     return {
         ok: true,
         transaction: compiledTx,
-        isSpending: spending,
         warnings,
         txSizeBytes: byteLength,
         lastValidBlockHeight: blockhash.lastValidBlockHeight,
@@ -513,6 +829,9 @@ export async function seal(params) {
             tokenBalance,
             knownRecipients,
         },
+        intentDigest,
+        network: networkIdentity.network,
+        isMainnet: networkIdentity.isMainnet,
     };
 }
 /**
@@ -564,6 +883,16 @@ export function createSigilClient(config) {
     const vault = config.vault;
     const agent = config.agent;
     const network = config.network;
+    // §RP Batch K HIGH-2: snapshot AL2 flag at factory entry. Subsequent
+    // config.requireMainnetConfirmation mutations cannot disable the
+    // gate without recreating the client.
+    const requireMainnetConfirmation = config.requireMainnetConfirmation;
+    if (network !== "devnet" && network !== "mainnet") {
+        // §RP Batch K MEDIUM-1: runtime guard for JS / any-cast consumers
+        // that pass `cluster: "mainnet-beta"` etc. Type system catches it in
+        // pure TS but `.d.ts` doesn't help JS callers.
+        throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_CONFIG, `SigilClientConfig.network must be 'devnet' or 'mainnet'; got ${String(network)}.`, { context: { field: "network", expected: "'devnet' | 'mainnet'" } });
+    }
     const blockhashCache = new BlockhashCache(config.blockhashTtlMs);
     const localAltCache = new AltCache();
     const onErrorCallback = config.onError;
@@ -622,6 +951,52 @@ export function createSigilClient(config) {
         network,
         seal: clientSeal,
         async executeAndConfirm(instructions, opts) {
+            // AL2 mainnet confirmation gate (Phase 9 Batch K). Three states:
+            //   1. Devnet client: ignore the gate entirely — no throw, no warn.
+            //   2. Mainnet client + requireMainnetConfirmation: true:
+            //      - opts.mainnetConfirmed === true → proceed
+            //      - else → throw 7020 with full context
+            //   3. Mainnet client + requireMainnetConfirmation undefined (0.16.x
+            //      default per D-3):
+            //      - opts.mainnetConfirmed === undefined → console.warn (telegraphs
+            //        the v1.0 flip) and proceed
+            //      - opts.mainnetConfirmed set either way → proceed silently
+            //   4. Mainnet client + requireMainnetConfirmation: false → proceed
+            //      silently (explicit opt-out; no warn).
+            if (network === "mainnet") {
+                const gateEnabled = requireMainnetConfirmation === true;
+                const explicitOptOut = requireMainnetConfirmation === false;
+                const confirmed = opts.mainnetConfirmed === true;
+                if (gateEnabled && !confirmed) {
+                    throw new SigilSdkDomainError(SIGIL_ERROR__SDK__MAINNET_CONFIRMATION_REQUIRED, "Mainnet confirmation required — pass `mainnetConfirmed: true` " +
+                        "in the executeAndConfirm options or set " +
+                        "`requireMainnetConfirmation: false` on the SigilClientConfig. " +
+                        "Opt-in: executeAndConfirm(ixs, { ..., mainnetConfirmed: true }). " +
+                        "Opt-out: createSigilClient({ ..., requireMainnetConfirmation: false }). " +
+                        "Docs: https://github.com/Sigil-Trade/sigil/blob/main/sdk/kit/MIGRATION.md", {
+                        context: {
+                            vault: vault.toString(),
+                            network: "mainnet",
+                        },
+                    });
+                }
+                if (!gateEnabled &&
+                    !explicitOptOut &&
+                    opts.mainnetConfirmed === undefined) {
+                    // §RP Batch K LOW-2 fix: use the structured logger (respects
+                    // config.logger) instead of raw console.warn so consumers who
+                    // installed a custom logger (pino, OpenTelemetry, etc.) capture
+                    // the warning in their pipeline.
+                    getSigilModuleLogger().warn("[Sigil] @usesigil/kit 0.16.x defaults `requireMainnetConfirmation` to false. " +
+                        "v1.0 will flip the default to true; mainnet `executeAndConfirm` calls without " +
+                        "`mainnetConfirmed: true` will throw SIGIL_ERROR__SDK__MAINNET_CONFIRMATION_REQUIRED. " +
+                        "Adopt the v1.0 default early by setting " +
+                        "`requireMainnetConfirmation: true` on SigilClientConfig and passing " +
+                        "`mainnetConfirmed: true` per call, OR silence this warning by explicitly setting " +
+                        "`requireMainnetConfirmation: false`. " +
+                        "See: https://github.com/Sigil-Trade/sigil/blob/main/sdk/kit/MIGRATION.md");
+                }
+            }
             // Sprint 2 B3: compose client-level and per-call hooks. Client hooks
             // run first at every stage (onBeforeBuild → ... → onFinalize), then
             // per-call hooks. composeHooks handles the conditional-merge when
@@ -852,6 +1227,13 @@ export class SigilClient {
     blockhashCacheInstance;
     altCacheInstance;
     onErrorCallback;
+    /**
+     * AL2 mainnet confirmation flag, snapshotted at construction (Phase 9
+     * Batch K §RP HIGH-2 fix). Captured by value so subsequent
+     * `config.requireMainnetConfirmation = ...` mutations cannot silently
+     * disable the gate post-construction.
+     */
+    requireMainnetConfirmation;
     rpc;
     vault;
     agent;
@@ -892,10 +1274,17 @@ export class SigilClient {
             throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_CONFIG, "SigilClientConfig.agent is required", { context: { field: "agent", expected: "TransactionSigner" } });
         if (!config.network)
             throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_CONFIG, "SigilClientConfig.network is required", { context: { field: "network", expected: "'devnet' | 'mainnet'" } });
+        if (config.network !== "devnet" && config.network !== "mainnet") {
+            throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_CONFIG, `SigilClientConfig.network must be 'devnet' or 'mainnet'; got ${String(config.network)}. Phase 9 Batch K §RP MEDIUM-1 hardens this against JS / any-cast bypass.`, { context: { field: "network", expected: "'devnet' | 'mainnet'" } });
+        }
         this.rpc = config.rpc;
         this.vault = config.vault;
         this.agent = config.agent;
         this.network = config.network;
+        // §RP HIGH-2: snapshot AL2 flag at construction. Post-construction
+        // mutation of config.requireMainnetConfirmation cannot disable the
+        // gate without recreating the client.
+        this.requireMainnetConfirmation = config.requireMainnetConfirmation;
         this.blockhashCacheInstance = new BlockhashCache(config.blockhashTtlMs);
         this.altCacheInstance = new AltCache();
         this.onErrorCallback = config.onError;
@@ -1006,6 +1395,37 @@ export class SigilClient {
      * (transaction-executor.ts:236-265).
      */
     async executeAndConfirm(instructions, opts) {
+        // §RP CRITICAL fix (Batch K): the legacy class path MUST mirror
+        // the AL2 gate from `createSigilClient.executeAndConfirm` — otherwise
+        // any consumer still on `SigilClient.create()` bypasses the gate on
+        // mainnet. Reuses the snapshotted requireMainnetConfirmation field
+        // captured at construction (§RP HIGH-2 fix).
+        if (this.network === "mainnet") {
+            const gateEnabled = this.requireMainnetConfirmation === true;
+            const explicitOptOut = this.requireMainnetConfirmation === false;
+            const confirmed = opts.mainnetConfirmed === true;
+            if (gateEnabled && !confirmed) {
+                throw new SigilSdkDomainError(SIGIL_ERROR__SDK__MAINNET_CONFIRMATION_REQUIRED, "Mainnet confirmation required — pass `mainnetConfirmed: true` " +
+                    "in the executeAndConfirm options or set " +
+                    "`requireMainnetConfirmation: false` on the SigilClientConfig. " +
+                    "Opt-in: executeAndConfirm(ixs, { ..., mainnetConfirmed: true }). " +
+                    "Opt-out: SigilClient.create({ ..., requireMainnetConfirmation: false }). " +
+                    "Docs: https://github.com/Sigil-Trade/sigil/blob/main/sdk/kit/MIGRATION.md", {
+                    context: {
+                        vault: this.vault.toString(),
+                        network: "mainnet",
+                    },
+                });
+            }
+            if (!gateEnabled &&
+                !explicitOptOut &&
+                opts.mainnetConfirmed === undefined) {
+                getSigilModuleLogger().warn("[Sigil] @usesigil/kit 0.16.x defaults `requireMainnetConfirmation` to false. " +
+                    "v1.0 will flip the default to true; mainnet `executeAndConfirm` calls without " +
+                    "`mainnetConfirmed: true` will throw SIGIL_ERROR__SDK__MAINNET_CONFIRMATION_REQUIRED. " +
+                    "See: https://github.com/Sigil-Trade/sigil/blob/main/sdk/kit/MIGRATION.md");
+            }
+        }
         try {
             const result = await this.seal(instructions, opts);
             const encoded = await signAndEncode(this.agent, result.transaction);