npm - @usesigil/kit - Versions diffs - 0.15.0 → 0.17.0 - Mend

@usesigil/kit 0.15.0 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (627) hide show

package/README.md +56 -0
package/dist/advanced-analytics.d.ts +3 -2
package/dist/advanced-analytics.d.ts.map +1 -1
package/dist/advanced-analytics.js +9 -42
package/dist/advanced-analytics.js.map +1 -1
package/dist/agent-bootstrap.d.ts +117 -0
package/dist/agent-bootstrap.d.ts.map +1 -0
package/dist/agent-bootstrap.js +211 -0
package/dist/agent-bootstrap.js.map +1 -0
package/dist/agent-errors.d.ts +20 -4
package/dist/agent-errors.d.ts.map +1 -1
package/dist/agent-errors.js +947 -377
package/dist/agent-errors.js.map +1 -1
package/dist/audit-log.d.ts +101 -0
package/dist/audit-log.d.ts.map +1 -0
package/dist/audit-log.js +145 -0
package/dist/audit-log.js.map +1 -0
package/dist/build-unsigned.d.ts +152 -0
package/dist/build-unsigned.d.ts.map +1 -0
package/dist/build-unsigned.js +152 -0
package/dist/build-unsigned.js.map +1 -0
package/dist/caip2-network.d.ts +171 -0
package/dist/caip2-network.d.ts.map +1 -0
package/dist/caip2-network.js +202 -0
package/dist/caip2-network.js.map +1 -0
package/dist/canonical-encode.d.ts +59 -0
package/dist/canonical-encode.d.ts.map +1 -0
package/dist/canonical-encode.js +141 -0
package/dist/canonical-encode.js.map +1 -0
package/dist/cosign-helper.d.ts +264 -0
package/dist/cosign-helper.d.ts.map +1 -0
package/dist/cosign-helper.js +147 -0
package/dist/cosign-helper.js.map +1 -0
package/dist/create-vault.d.ts +102 -1
package/dist/create-vault.d.ts.map +1 -1
package/dist/create-vault.js +108 -9
package/dist/create-vault.js.map +1 -1
package/dist/dashboard/close-vault.d.ts +110 -0
package/dist/dashboard/close-vault.d.ts.map +1 -0
package/dist/dashboard/close-vault.js +165 -0
package/dist/dashboard/close-vault.js.map +1 -0
package/dist/dashboard/errors.d.ts +37 -0
package/dist/dashboard/errors.d.ts.map +1 -1
package/dist/dashboard/errors.js +81 -1
package/dist/dashboard/errors.js.map +1 -1
package/dist/dashboard/from-json.d.ts.map +1 -1
package/dist/dashboard/from-json.js +1 -2
package/dist/dashboard/from-json.js.map +1 -1
package/dist/dashboard/index.d.ts +204 -31
package/dist/dashboard/index.d.ts.map +1 -1
package/dist/dashboard/index.js +290 -49
package/dist/dashboard/index.js.map +1 -1
package/dist/dashboard/mutations.d.ts +160 -10
package/dist/dashboard/mutations.d.ts.map +1 -1
package/dist/dashboard/mutations.js +584 -66
package/dist/dashboard/mutations.js.map +1 -1
package/dist/dashboard/post-assertion-validation.d.ts +88 -0
package/dist/dashboard/post-assertion-validation.d.ts.map +1 -0
package/dist/dashboard/post-assertion-validation.js +312 -0
package/dist/dashboard/post-assertion-validation.js.map +1 -0
package/dist/dashboard/reads.d.ts +92 -1
package/dist/dashboard/reads.d.ts.map +1 -1
package/dist/dashboard/reads.js +244 -26
package/dist/dashboard/reads.js.map +1 -1
package/dist/dashboard/types.d.ts +172 -21
package/dist/dashboard/types.d.ts.map +1 -1
package/dist/errors/agent-errors.generated.d.ts +21 -0
package/dist/errors/agent-errors.generated.d.ts.map +1 -0
package/dist/errors/agent-errors.generated.js +133 -0
package/dist/errors/agent-errors.generated.js.map +1 -0
package/dist/errors/codes.d.ts +21 -2
package/dist/errors/codes.d.ts.map +1 -1
package/dist/errors/codes.js +20 -1
package/dist/errors/codes.js.map +1 -1
package/dist/errors/context.d.ts +9 -1
package/dist/errors/context.d.ts.map +1 -1
package/dist/event-analytics.d.ts +1 -3
package/dist/event-analytics.d.ts.map +1 -1
package/dist/event-analytics.js +28 -81
package/dist/event-analytics.js.map +1 -1
package/dist/events.d.ts.map +1 -1
package/dist/events.js +23 -13
package/dist/events.js.map +1 -1
package/dist/generated/accounts/agentSpendOverlay.d.ts +60 -0
package/dist/generated/accounts/agentSpendOverlay.d.ts.map +1 -1
package/dist/generated/accounts/agentSpendOverlay.js +6 -2
package/dist/generated/accounts/agentSpendOverlay.js.map +1 -1
package/dist/generated/accounts/agentVault.d.ts +168 -4
package/dist/generated/accounts/agentVault.d.ts.map +1 -1
package/dist/generated/accounts/agentVault.js +11 -3
package/dist/generated/accounts/agentVault.js.map +1 -1
package/dist/generated/accounts/auditLogRejected.d.ts +66 -0
package/dist/generated/accounts/auditLogRejected.d.ts.map +1 -0
package/dist/generated/accounts/auditLogRejected.js +68 -0
package/dist/generated/accounts/auditLogRejected.js.map +1 -0
package/dist/generated/accounts/auditLogSuccess.d.ts +78 -0
package/dist/generated/accounts/auditLogSuccess.d.ts.map +1 -0
package/dist/generated/accounts/auditLogSuccess.js +68 -0
package/dist/generated/accounts/auditLogSuccess.js.map +1 -0
package/dist/generated/accounts/index.d.ts +4 -4
package/dist/generated/accounts/index.d.ts.map +1 -1
package/dist/generated/accounts/index.js +4 -4
package/dist/generated/accounts/index.js.map +1 -1
package/dist/generated/accounts/pendingAgentGrant.d.ts +199 -0
package/dist/generated/accounts/pendingAgentGrant.d.ts.map +1 -0
package/dist/generated/accounts/pendingAgentGrant.js +75 -0
package/dist/generated/accounts/pendingAgentGrant.js.map +1 -0
package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts +76 -0
package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts.map +1 -1
package/dist/generated/accounts/pendingAgentPermissionsUpdate.js +9 -1
package/dist/generated/accounts/pendingAgentPermissionsUpdate.js.map +1 -1
package/dist/generated/accounts/pendingOwnershipTransfer.d.ts +131 -0
package/dist/generated/accounts/pendingOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/accounts/pendingOwnershipTransfer.js +76 -0
package/dist/generated/accounts/pendingOwnershipTransfer.js.map +1 -0
package/dist/generated/accounts/pendingPolicyUpdate.d.ts +220 -4
package/dist/generated/accounts/pendingPolicyUpdate.d.ts.map +1 -1
package/dist/generated/accounts/pendingPolicyUpdate.js +25 -5
package/dist/generated/accounts/pendingPolicyUpdate.js.map +1 -1
package/dist/generated/accounts/policyConfig.d.ts +495 -34
package/dist/generated/accounts/policyConfig.d.ts.map +1 -1
package/dist/generated/accounts/policyConfig.js +34 -7
package/dist/generated/accounts/policyConfig.js.map +1 -1
package/dist/generated/accounts/postExecutionAssertions.d.ts +2 -2
package/dist/generated/accounts/postExecutionAssertions.d.ts.map +1 -1
package/dist/generated/accounts/postExecutionAssertions.js +3 -3
package/dist/generated/accounts/sessionAuthority.d.ts +154 -12
package/dist/generated/accounts/sessionAuthority.d.ts.map +1 -1
package/dist/generated/accounts/sessionAuthority.js +12 -10
package/dist/generated/accounts/sessionAuthority.js.map +1 -1
package/dist/generated/accounts/spendTracker.d.ts +83 -3
package/dist/generated/accounts/spendTracker.d.ts.map +1 -1
package/dist/generated/accounts/spendTracker.js +14 -2
package/dist/generated/accounts/spendTracker.js.map +1 -1
package/dist/generated/errors/sigil.d.ts +160 -100
package/dist/generated/errors/sigil.d.ts.map +1 -1
package/dist/generated/errors/sigil.js +214 -124
package/dist/generated/errors/sigil.js.map +1 -1
package/dist/generated/event-discriminators.d.ts.map +1 -1
package/dist/generated/event-discriminators.js +11 -13
package/dist/generated/event-discriminators.js.map +1 -1
package/dist/generated/instructions/acceptOwnershipTransfer.d.ts +142 -0
package/dist/generated/instructions/acceptOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/instructions/acceptOwnershipTransfer.js +171 -0
package/dist/generated/instructions/acceptOwnershipTransfer.js.map +1 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts +142 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts.map +1 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.js +171 -0
package/dist/generated/instructions/acceptOwnershipTransferMultisig.js.map +1 -0
package/dist/generated/instructions/applyAgentGrant.d.ts +100 -0
package/dist/generated/instructions/applyAgentGrant.d.ts.map +1 -0
package/dist/generated/instructions/{applyConstraintsUpdate.js → applyAgentGrant.js} +66 -42
package/dist/generated/instructions/applyAgentGrant.js.map +1 -0
package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts +31 -8
package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts.map +1 -1
package/dist/generated/instructions/applyAgentPermissionsUpdate.js +38 -2
package/dist/generated/instructions/applyAgentPermissionsUpdate.js.map +1 -1
package/dist/generated/instructions/applyPendingPolicy.d.ts +18 -7
package/dist/generated/instructions/applyPendingPolicy.d.ts.map +1 -1
package/dist/generated/instructions/applyPendingPolicy.js +38 -2
package/dist/generated/instructions/applyPendingPolicy.js.map +1 -1
package/dist/generated/instructions/cancelAgentGrant.d.ts +106 -0
package/dist/generated/instructions/cancelAgentGrant.d.ts.map +1 -0
package/dist/generated/instructions/{allocatePendingConstraintsPda.js → cancelAgentGrant.js} +54 -42
package/dist/generated/instructions/cancelAgentGrant.js.map +1 -0
package/dist/generated/instructions/cancelOwnershipTransfer.d.ts +121 -0
package/dist/generated/instructions/cancelOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/instructions/{queueCloseConstraints.js → cancelOwnershipTransfer.js} +58 -44
package/dist/generated/instructions/cancelOwnershipTransfer.js.map +1 -0
package/dist/generated/instructions/closePostAssertions.d.ts +6 -1
package/dist/generated/instructions/closePostAssertions.d.ts.map +1 -1
package/dist/generated/instructions/closePostAssertions.js +11 -3
package/dist/generated/instructions/closePostAssertions.js.map +1 -1
package/dist/generated/instructions/closeVault.d.ts +40 -8
package/dist/generated/instructions/closeVault.d.ts.map +1 -1
package/dist/generated/instructions/closeVault.js +40 -2
package/dist/generated/instructions/closeVault.js.map +1 -1
package/dist/generated/instructions/createPostAssertions.d.ts +4 -0
package/dist/generated/instructions/createPostAssertions.d.ts.map +1 -1
package/dist/generated/instructions/createPostAssertions.js +2 -0
package/dist/generated/instructions/createPostAssertions.js.map +1 -1
package/dist/generated/instructions/depositFunds.d.ts +21 -10
package/dist/generated/instructions/depositFunds.d.ts.map +1 -1
package/dist/generated/instructions/depositFunds.js +37 -2
package/dist/generated/instructions/depositFunds.js.map +1 -1
package/dist/generated/instructions/finalizeSession.d.ts +49 -7
package/dist/generated/instructions/finalizeSession.d.ts.map +1 -1
package/dist/generated/instructions/finalizeSession.js +59 -2
package/dist/generated/instructions/finalizeSession.js.map +1 -1
package/dist/generated/instructions/freezeVault.d.ts +39 -5
package/dist/generated/instructions/freezeVault.d.ts.map +1 -1
package/dist/generated/instructions/freezeVault.js +77 -5
package/dist/generated/instructions/freezeVault.js.map +1 -1
package/dist/generated/instructions/index.d.ts +10 -14
package/dist/generated/instructions/index.d.ts.map +1 -1
package/dist/generated/instructions/index.js +10 -14
package/dist/generated/instructions/index.js.map +1 -1
package/dist/generated/instructions/initializeVault.d.ts +79 -13
package/dist/generated/instructions/initializeVault.d.ts.map +1 -1
package/dist/generated/instructions/initializeVault.js +57 -5
package/dist/generated/instructions/initializeVault.js.map +1 -1
package/dist/generated/instructions/initiateOwnershipTransfer.d.ts +106 -0
package/dist/generated/instructions/initiateOwnershipTransfer.d.ts.map +1 -0
package/dist/generated/instructions/initiateOwnershipTransfer.js +181 -0
package/dist/generated/instructions/initiateOwnershipTransfer.js.map +1 -0
package/dist/generated/instructions/pauseAgent.d.ts +49 -5
package/dist/generated/instructions/pauseAgent.d.ts.map +1 -1
package/dist/generated/instructions/pauseAgent.js +80 -5
package/dist/generated/instructions/pauseAgent.js.map +1 -1
package/dist/generated/instructions/promoteGraylistDestination.d.ts +56 -0
package/dist/generated/instructions/promoteGraylistDestination.d.ts.map +1 -0
package/dist/generated/instructions/{createInstructionConstraints.js → promoteGraylistDestination.js} +23 -40
package/dist/generated/instructions/promoteGraylistDestination.js.map +1 -0
package/dist/generated/instructions/queueAgentGrant.d.ts +113 -0
package/dist/generated/instructions/queueAgentGrant.d.ts.map +1 -0
package/dist/generated/instructions/queueAgentGrant.js +181 -0
package/dist/generated/instructions/queueAgentGrant.js.map +1 -0
package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts +8 -0
package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts.map +1 -1
package/dist/generated/instructions/queueAgentPermissionsUpdate.js +4 -0
package/dist/generated/instructions/queueAgentPermissionsUpdate.js.map +1 -1
package/dist/generated/instructions/queuePolicyUpdate.d.ts +40 -8
package/dist/generated/instructions/queuePolicyUpdate.d.ts.map +1 -1
package/dist/generated/instructions/queuePolicyUpdate.js +21 -5
package/dist/generated/instructions/queuePolicyUpdate.js.map +1 -1
package/dist/generated/instructions/reactivateVault.d.ts +71 -5
package/dist/generated/instructions/reactivateVault.d.ts.map +1 -1
package/dist/generated/instructions/reactivateVault.js +80 -5
package/dist/generated/instructions/reactivateVault.js.map +1 -1
package/dist/generated/instructions/recordAgentViolation.d.ts +89 -0
package/dist/generated/instructions/recordAgentViolation.d.ts.map +1 -0
package/dist/generated/instructions/recordAgentViolation.js +152 -0
package/dist/generated/instructions/recordAgentViolation.js.map +1 -0
package/dist/generated/instructions/registerAgent.d.ts +84 -6
package/dist/generated/instructions/registerAgent.d.ts.map +1 -1
package/dist/generated/instructions/registerAgent.js +81 -4
package/dist/generated/instructions/registerAgent.js.map +1 -1
package/dist/generated/instructions/revokeAgent.d.ts +49 -6
package/dist/generated/instructions/revokeAgent.d.ts.map +1 -1
package/dist/generated/instructions/revokeAgent.js +81 -4
package/dist/generated/instructions/revokeAgent.js.map +1 -1
package/dist/generated/instructions/setObserveOnly.d.ts +56 -0
package/dist/generated/instructions/setObserveOnly.d.ts.map +1 -0
package/dist/generated/instructions/setObserveOnly.js +111 -0
package/dist/generated/instructions/setObserveOnly.js.map +1 -0
package/dist/generated/instructions/unpauseAgent.d.ts +46 -5
package/dist/generated/instructions/unpauseAgent.d.ts.map +1 -1
package/dist/generated/instructions/unpauseAgent.js +80 -5
package/dist/generated/instructions/unpauseAgent.js.map +1 -1
package/dist/generated/instructions/validateAndAuthorize.d.ts +29 -0
package/dist/generated/instructions/validateAndAuthorize.d.ts.map +1 -1
package/dist/generated/instructions/validateAndAuthorize.js +4 -0
package/dist/generated/instructions/validateAndAuthorize.js.map +1 -1
package/dist/generated/instructions/withdrawFunds.d.ts +53 -11
package/dist/generated/instructions/withdrawFunds.d.ts.map +1 -1
package/dist/generated/instructions/withdrawFunds.js +51 -2
package/dist/generated/instructions/withdrawFunds.js.map +1 -1
package/dist/generated/programs/sigil.d.ts +79 -95
package/dist/generated/programs/sigil.d.ts.map +1 -1
package/dist/generated/programs/sigil.js +139 -187
package/dist/generated/programs/sigil.js.map +1 -1
package/dist/generated/types/actionAuthorized.d.ts +0 -2
package/dist/generated/types/actionAuthorized.d.ts.map +1 -1
package/dist/generated/types/actionAuthorized.js +0 -2
package/dist/generated/types/actionAuthorized.js.map +1 -1
package/dist/generated/types/agentAutoRevoked.d.ts +31 -0
package/dist/generated/types/agentAutoRevoked.d.ts.map +1 -0
package/dist/generated/types/{pdaAllocated.js → agentAutoRevoked.js} +12 -10
package/dist/generated/types/agentAutoRevoked.js.map +1 -0
package/dist/generated/types/agentEntry.d.ts +48 -0
package/dist/generated/types/agentEntry.d.ts.map +1 -1
package/dist/generated/types/agentEntry.js +4 -2
package/dist/generated/types/agentEntry.js.map +1 -1
package/dist/generated/types/agentGrantApplied.d.ts +38 -0
package/dist/generated/types/agentGrantApplied.d.ts.map +1 -0
package/dist/generated/types/agentGrantApplied.js +34 -0
package/dist/generated/types/agentGrantApplied.js.map +1 -0
package/dist/generated/types/agentGrantCancelled.d.ts +33 -0
package/dist/generated/types/agentGrantCancelled.d.ts.map +1 -0
package/dist/generated/types/agentGrantCancelled.js +28 -0
package/dist/generated/types/agentGrantCancelled.js.map +1 -0
package/dist/generated/types/agentGrantQueued.d.ts +38 -0
package/dist/generated/types/agentGrantQueued.d.ts.map +1 -0
package/dist/generated/types/agentGrantQueued.js +32 -0
package/dist/generated/types/agentGrantQueued.js.map +1 -0
package/dist/generated/types/auditEntry.d.ts +120 -0
package/dist/generated/types/auditEntry.d.ts.map +1 -0
package/dist/generated/types/auditEntry.js +34 -0
package/dist/generated/types/auditEntry.js.map +1 -0
package/dist/generated/types/destinationGraylistEntry.d.ts +32 -0
package/dist/generated/types/destinationGraylistEntry.d.ts.map +1 -0
package/dist/generated/types/destinationGraylistEntry.js +24 -0
package/dist/generated/types/destinationGraylistEntry.js.map +1 -0
package/dist/generated/types/graylistEntered.d.ts +31 -0
package/dist/generated/types/graylistEntered.d.ts.map +1 -0
package/dist/generated/types/graylistEntered.js +30 -0
package/dist/generated/types/graylistEntered.js.map +1 -0
package/dist/generated/types/graylistPromoted.d.ts +29 -0
package/dist/generated/types/graylistPromoted.d.ts.map +1 -0
package/dist/generated/types/graylistPromoted.js +28 -0
package/dist/generated/types/graylistPromoted.js.map +1 -0
package/dist/generated/types/index.d.ts +13 -21
package/dist/generated/types/index.d.ts.map +1 -1
package/dist/generated/types/index.js +13 -21
package/dist/generated/types/index.js.map +1 -1
package/dist/generated/types/observeOnlyChanged.d.ts +33 -0
package/dist/generated/types/observeOnlyChanged.d.ts.map +1 -0
package/dist/generated/types/observeOnlyChanged.js +32 -0
package/dist/generated/types/observeOnlyChanged.js.map +1 -0
package/dist/generated/types/ownershipTransferAccepted.d.ts +32 -0
package/dist/generated/types/ownershipTransferAccepted.d.ts.map +1 -0
package/dist/generated/types/ownershipTransferAccepted.js +30 -0
package/dist/generated/types/ownershipTransferAccepted.js.map +1 -0
package/dist/generated/types/ownershipTransferCancelled.d.ts +29 -0
package/dist/generated/types/ownershipTransferCancelled.d.ts.map +1 -0
package/dist/generated/types/ownershipTransferCancelled.js +28 -0
package/dist/generated/types/ownershipTransferCancelled.js.map +1 -0
package/dist/generated/types/ownershipTransferInitiated.d.ts +33 -0
package/dist/generated/types/ownershipTransferInitiated.d.ts.map +1 -0
package/dist/generated/types/ownershipTransferInitiated.js +30 -0
package/dist/generated/types/ownershipTransferInitiated.js.map +1 -0
package/dist/generated/types/perRecipientCounter.d.ts +61 -0
package/dist/generated/types/perRecipientCounter.d.ts.map +1 -0
package/dist/generated/types/perRecipientCounter.js +26 -0
package/dist/generated/types/perRecipientCounter.js.map +1 -0
package/dist/generated/types/postAssertionEntry.d.ts +14 -7
package/dist/generated/types/postAssertionEntry.d.ts.map +1 -1
package/dist/generated/types/postAssertionEntry.js +5 -7
package/dist/generated/types/postAssertionEntry.js.map +1 -1
package/dist/generated/types/postAssertionEntryZC.d.ts +53 -22
package/dist/generated/types/postAssertionEntryZC.d.ts.map +1 -1
package/dist/generated/types/postAssertionEntryZC.js +4 -6
package/dist/generated/types/postAssertionEntryZC.js.map +1 -1
package/dist/generated/types/sessionFinalized.d.ts +0 -4
package/dist/generated/types/sessionFinalized.d.ts.map +1 -1
package/dist/generated/types/sessionFinalized.js +0 -2
package/dist/generated/types/sessionFinalized.js.map +1 -1
package/dist/generated/types/vaultFrozen.d.ts +26 -0
package/dist/generated/types/vaultFrozen.d.ts.map +1 -1
package/dist/generated/types/vaultFrozen.js +5 -1
package/dist/generated/types/vaultFrozen.js.map +1 -1
package/dist/index.d.ts +35 -6
package/dist/index.d.ts.map +1 -1
package/dist/index.js +81 -7
package/dist/index.js.map +1 -1
package/dist/inscribe.d.ts +0 -4
package/dist/inscribe.d.ts.map +1 -1
package/dist/inscribe.js +0 -1
package/dist/inscribe.js.map +1 -1
package/dist/inspector.d.ts +0 -23
package/dist/inspector.d.ts.map +1 -1
package/dist/inspector.js +0 -52
package/dist/inspector.js.map +1 -1
package/dist/kit-adapter.d.ts +1 -1
package/dist/kit-adapter.d.ts.map +1 -1
package/dist/kit-adapter.js +1 -1
package/dist/kit-adapter.js.map +1 -1
package/dist/logger.d.ts +48 -0
package/dist/logger.d.ts.map +1 -1
package/dist/logger.js +36 -0
package/dist/logger.js.map +1 -1
package/dist/multisig-detection.d.ts +83 -0
package/dist/multisig-detection.d.ts.map +1 -0
package/dist/multisig-detection.js +128 -0
package/dist/multisig-detection.js.map +1 -0
package/dist/owner-transaction.d.ts +8 -0
package/dist/owner-transaction.d.ts.map +1 -1
package/dist/owner-transaction.js +1 -0
package/dist/owner-transaction.js.map +1 -1
package/dist/ownership-transfer.d.ts +79 -0
package/dist/ownership-transfer.d.ts.map +1 -0
package/dist/ownership-transfer.js +66 -0
package/dist/ownership-transfer.js.map +1 -0
package/dist/policy/compute-cosign-digest.d.ts +193 -0
package/dist/policy/compute-cosign-digest.d.ts.map +1 -0
package/dist/policy/compute-cosign-digest.js +318 -0
package/dist/policy/compute-cosign-digest.js.map +1 -0
package/dist/policy/compute-policy-preview-digest.d.ts +258 -0
package/dist/policy/compute-policy-preview-digest.d.ts.map +1 -0
package/dist/policy/compute-policy-preview-digest.js +351 -0
package/dist/policy/compute-policy-preview-digest.js.map +1 -0
package/dist/policy-attestation.d.ts +51 -0
package/dist/policy-attestation.d.ts.map +1 -0
package/dist/policy-attestation.js +43 -0
package/dist/policy-attestation.js.map +1 -0
package/dist/presets.d.ts +1 -7
package/dist/presets.d.ts.map +1 -1
package/dist/presets.js +0 -5
package/dist/presets.js.map +1 -1
package/dist/preview-create-vault.d.ts +280 -0
package/dist/preview-create-vault.d.ts.map +1 -0
package/dist/preview-create-vault.js +498 -0
package/dist/preview-create-vault.js.map +1 -0
package/dist/resolve-accounts.d.ts +75 -10
package/dist/resolve-accounts.d.ts.map +1 -1
package/dist/resolve-accounts.js +68 -32
package/dist/resolve-accounts.js.map +1 -1
package/dist/rpc-helpers.d.ts +29 -3
package/dist/rpc-helpers.d.ts.map +1 -1
package/dist/rpc-helpers.js +51 -12
package/dist/rpc-helpers.js.map +1 -1
package/dist/seal/intent-digest.d.ts +195 -0
package/dist/seal/intent-digest.d.ts.map +1 -0
package/dist/seal/intent-digest.js +372 -0
package/dist/seal/intent-digest.js.map +1 -0
package/dist/seal.d.ts +166 -3
package/dist/seal.d.ts.map +1 -1
package/dist/seal.js +428 -8
package/dist/seal.js.map +1 -1
package/dist/security-analytics.d.ts +3 -3
package/dist/security-analytics.d.ts.map +1 -1
package/dist/security-analytics.js +13 -128
package/dist/security-analytics.js.map +1 -1
package/dist/session-mint.d.ts +72 -0
package/dist/session-mint.d.ts.map +1 -0
package/dist/session-mint.js +59 -0
package/dist/session-mint.js.map +1 -0
package/dist/sigil.d.ts +0 -4
package/dist/sigil.d.ts.map +1 -1
package/dist/simulation.d.ts +19 -0
package/dist/simulation.d.ts.map +1 -1
package/dist/simulation.js +211 -138
package/dist/simulation.js.map +1 -1
package/dist/squads-detection.d.ts +135 -0
package/dist/squads-detection.d.ts.map +1 -0
package/dist/squads-detection.js +124 -0
package/dist/squads-detection.js.map +1 -0
package/dist/state-resolver.d.ts +0 -16
package/dist/state-resolver.d.ts.map +1 -1
package/dist/state-resolver.js +162 -97
package/dist/state-resolver.js.map +1 -1
package/dist/testing/devnet.d.ts +40 -1
package/dist/testing/devnet.d.ts.map +1 -1
package/dist/testing/devnet.js +333 -45
package/dist/testing/devnet.js.map +1 -1
package/dist/testing/errors/expect.d.ts +137 -0
package/dist/testing/errors/expect.d.ts.map +1 -0
package/dist/testing/errors/expect.js +372 -0
package/dist/testing/errors/expect.js.map +1 -0
package/dist/testing/errors/index.d.ts +3 -0
package/dist/testing/errors/index.d.ts.map +1 -0
package/dist/testing/errors/index.js +8 -0
package/dist/testing/errors/index.js.map +1 -0
package/dist/testing/errors/names.generated.d.ts +211 -0
package/dist/testing/errors/names.generated.d.ts.map +1 -0
package/dist/testing/errors/names.generated.js +206 -0
package/dist/testing/errors/names.generated.js.map +1 -0
package/dist/testing/index.d.ts +1 -0
package/dist/testing/index.d.ts.map +1 -1
package/dist/testing/index.js +8 -0
package/dist/testing/index.js.map +1 -1
package/dist/testing/mock-rpc.d.ts +16 -0
package/dist/testing/mock-rpc.d.ts.map +1 -1
package/dist/testing/mock-rpc.js +27 -0
package/dist/testing/mock-rpc.js.map +1 -1
package/dist/testing/mock-state.d.ts +2 -0
package/dist/testing/mock-state.d.ts.map +1 -1
package/dist/testing/mock-state.js +45 -6
package/dist/testing/mock-state.js.map +1 -1
package/dist/types.d.ts +5 -15
package/dist/types.d.ts.map +1 -1
package/dist/types.js +11 -69
package/dist/types.js.map +1 -1
package/dist/vault-analytics.d.ts +0 -2
package/dist/vault-analytics.d.ts.map +1 -1
package/dist/vault-analytics.js +1 -9
package/dist/vault-analytics.js.map +1 -1
package/package.json +12 -5
package/dist/dashboard/constraint-reads.d.ts +0 -50
package/dist/dashboard/constraint-reads.d.ts.map +0 -1
package/dist/dashboard/constraint-reads.js +0 -119
package/dist/dashboard/constraint-reads.js.map +0 -1
package/dist/generated/accounts/escrowDeposit.d.ts +0 -50
package/dist/generated/accounts/escrowDeposit.d.ts.map +0 -1
package/dist/generated/accounts/escrowDeposit.js +0 -76
package/dist/generated/accounts/escrowDeposit.js.map +0 -1
package/dist/generated/accounts/instructionConstraints.d.ts +0 -46
package/dist/generated/accounts/instructionConstraints.d.ts.map +0 -1
package/dist/generated/accounts/instructionConstraints.js +0 -73
package/dist/generated/accounts/instructionConstraints.js.map +0 -1
package/dist/generated/accounts/pendingCloseConstraints.d.ts +0 -37
package/dist/generated/accounts/pendingCloseConstraints.d.ts.map +0 -1
package/dist/generated/accounts/pendingCloseConstraints.js +0 -66
package/dist/generated/accounts/pendingCloseConstraints.js.map +0 -1
package/dist/generated/accounts/pendingConstraintsUpdate.d.ts +0 -62
package/dist/generated/accounts/pendingConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/accounts/pendingConstraintsUpdate.js +0 -75
package/dist/generated/accounts/pendingConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/allocateConstraintsPda.d.ts +0 -62
package/dist/generated/instructions/allocateConstraintsPda.d.ts.map +0 -1
package/dist/generated/instructions/allocateConstraintsPda.js +0 -134
package/dist/generated/instructions/allocateConstraintsPda.js.map +0 -1
package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts +0 -66
package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts.map +0 -1
package/dist/generated/instructions/allocatePendingConstraintsPda.js.map +0 -1
package/dist/generated/instructions/applyCloseConstraints.d.ts +0 -59
package/dist/generated/instructions/applyCloseConstraints.d.ts.map +0 -1
package/dist/generated/instructions/applyCloseConstraints.js +0 -143
package/dist/generated/instructions/applyCloseConstraints.js.map +0 -1
package/dist/generated/instructions/applyConstraintsUpdate.d.ts +0 -62
package/dist/generated/instructions/applyConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/instructions/applyConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/cancelCloseConstraints.d.ts +0 -51
package/dist/generated/instructions/cancelCloseConstraints.d.ts.map +0 -1
package/dist/generated/instructions/cancelCloseConstraints.js +0 -115
package/dist/generated/instructions/cancelCloseConstraints.js.map +0 -1
package/dist/generated/instructions/cancelConstraintsUpdate.d.ts +0 -51
package/dist/generated/instructions/cancelConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/instructions/cancelConstraintsUpdate.js +0 -115
package/dist/generated/instructions/cancelConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/closeSettledEscrow.d.ts +0 -72
package/dist/generated/instructions/closeSettledEscrow.d.ts.map +0 -1
package/dist/generated/instructions/closeSettledEscrow.js +0 -127
package/dist/generated/instructions/closeSettledEscrow.js.map +0 -1
package/dist/generated/instructions/createEscrow.d.ts +0 -131
package/dist/generated/instructions/createEscrow.d.ts.map +0 -1
package/dist/generated/instructions/createEscrow.js +0 -272
package/dist/generated/instructions/createEscrow.js.map +0 -1
package/dist/generated/instructions/createInstructionConstraints.d.ts +0 -68
package/dist/generated/instructions/createInstructionConstraints.d.ts.map +0 -1
package/dist/generated/instructions/createInstructionConstraints.js.map +0 -1
package/dist/generated/instructions/extendPda.d.ts +0 -52
package/dist/generated/instructions/extendPda.d.ts.map +0 -1
package/dist/generated/instructions/extendPda.js +0 -86
package/dist/generated/instructions/extendPda.js.map +0 -1
package/dist/generated/instructions/queueCloseConstraints.d.ts +0 -66
package/dist/generated/instructions/queueCloseConstraints.d.ts.map +0 -1
package/dist/generated/instructions/queueCloseConstraints.js.map +0 -1
package/dist/generated/instructions/queueConstraintsUpdate.d.ts +0 -75
package/dist/generated/instructions/queueConstraintsUpdate.d.ts.map +0 -1
package/dist/generated/instructions/queueConstraintsUpdate.js +0 -154
package/dist/generated/instructions/queueConstraintsUpdate.js.map +0 -1
package/dist/generated/instructions/refundEscrow.d.ts +0 -74
package/dist/generated/instructions/refundEscrow.d.ts.map +0 -1
package/dist/generated/instructions/refundEscrow.js +0 -142
package/dist/generated/instructions/refundEscrow.js.map +0 -1
package/dist/generated/instructions/settleEscrow.d.ts +0 -80
package/dist/generated/instructions/settleEscrow.d.ts.map +0 -1
package/dist/generated/instructions/settleEscrow.js +0 -173
package/dist/generated/instructions/settleEscrow.js.map +0 -1
package/dist/generated/types/accountConstraint.d.ts +0 -18
package/dist/generated/types/accountConstraint.d.ts.map +0 -1
package/dist/generated/types/accountConstraint.js +0 -24
package/dist/generated/types/accountConstraint.js.map +0 -1
package/dist/generated/types/accountConstraintZC.d.ts +0 -18
package/dist/generated/types/accountConstraintZC.d.ts.map +0 -1
package/dist/generated/types/accountConstraintZC.js +0 -26
package/dist/generated/types/accountConstraintZC.js.map +0 -1
package/dist/generated/types/closeConstraintsApplied.d.ts +0 -20
package/dist/generated/types/closeConstraintsApplied.d.ts.map +0 -1
package/dist/generated/types/closeConstraintsApplied.js +0 -24
package/dist/generated/types/closeConstraintsApplied.js.map +0 -1
package/dist/generated/types/closeConstraintsCancelled.d.ts +0 -16
package/dist/generated/types/closeConstraintsCancelled.d.ts.map +0 -1
package/dist/generated/types/closeConstraintsCancelled.js +0 -18
package/dist/generated/types/closeConstraintsCancelled.js.map +0 -1
package/dist/generated/types/closeConstraintsQueued.d.ts +0 -20
package/dist/generated/types/closeConstraintsQueued.d.ts.map +0 -1
package/dist/generated/types/closeConstraintsQueued.js +0 -24
package/dist/generated/types/closeConstraintsQueued.js.map +0 -1
package/dist/generated/types/constraintEntry.d.ts +0 -39
package/dist/generated/types/constraintEntry.d.ts.map +0 -1
package/dist/generated/types/constraintEntry.js +0 -31
package/dist/generated/types/constraintEntry.js.map +0 -1
package/dist/generated/types/constraintEntryZC.d.ts +0 -68
package/dist/generated/types/constraintEntryZC.d.ts.map +0 -1
package/dist/generated/types/constraintEntryZC.js +0 -49
package/dist/generated/types/constraintEntryZC.js.map +0 -1
package/dist/generated/types/constraintOperator.d.ts +0 -22
package/dist/generated/types/constraintOperator.d.ts.map +0 -1
package/dist/generated/types/constraintOperator.js +0 -28
package/dist/generated/types/constraintOperator.js.map +0 -1
package/dist/generated/types/constraintsChangeApplied.d.ts +0 -30
package/dist/generated/types/constraintsChangeApplied.d.ts.map +0 -1
package/dist/generated/types/constraintsChangeApplied.js +0 -32
package/dist/generated/types/constraintsChangeApplied.js.map +0 -1
package/dist/generated/types/constraintsChangeCancelled.d.ts +0 -16
package/dist/generated/types/constraintsChangeCancelled.d.ts.map +0 -1
package/dist/generated/types/constraintsChangeCancelled.js +0 -18
package/dist/generated/types/constraintsChangeCancelled.js.map +0 -1
package/dist/generated/types/constraintsChangeQueued.d.ts +0 -30
package/dist/generated/types/constraintsChangeQueued.d.ts.map +0 -1
package/dist/generated/types/constraintsChangeQueued.js +0 -32
package/dist/generated/types/constraintsChangeQueued.js.map +0 -1
package/dist/generated/types/dataConstraint.d.ts +0 -23
package/dist/generated/types/dataConstraint.d.ts.map +0 -1
package/dist/generated/types/dataConstraint.js +0 -27
package/dist/generated/types/dataConstraint.js.map +0 -1
package/dist/generated/types/dataConstraintZC.d.ts +0 -20
package/dist/generated/types/dataConstraintZC.d.ts.map +0 -1
package/dist/generated/types/dataConstraintZC.js +0 -30
package/dist/generated/types/dataConstraintZC.js.map +0 -1
package/dist/generated/types/discriminatorFormat.d.ts +0 -25
package/dist/generated/types/discriminatorFormat.d.ts.map +0 -1
package/dist/generated/types/discriminatorFormat.js +0 -31
package/dist/generated/types/discriminatorFormat.js.map +0 -1
package/dist/generated/types/escrowCreated.d.ts +0 -30
package/dist/generated/types/escrowCreated.d.ts.map +0 -1
package/dist/generated/types/escrowCreated.js +0 -34
package/dist/generated/types/escrowCreated.js.map +0 -1
package/dist/generated/types/escrowRefunded.d.ts +0 -26
package/dist/generated/types/escrowRefunded.d.ts.map +0 -1
package/dist/generated/types/escrowRefunded.js +0 -30
package/dist/generated/types/escrowRefunded.js.map +0 -1
package/dist/generated/types/escrowSettled.d.ts +0 -26
package/dist/generated/types/escrowSettled.d.ts.map +0 -1
package/dist/generated/types/escrowSettled.js +0 -30
package/dist/generated/types/escrowSettled.js.map +0 -1
package/dist/generated/types/escrowStatus.d.ts +0 -18
package/dist/generated/types/escrowStatus.d.ts.map +0 -1
package/dist/generated/types/escrowStatus.js +0 -24
package/dist/generated/types/escrowStatus.js.map +0 -1
package/dist/generated/types/instructionConstraintsCreated.d.ts +0 -34
package/dist/generated/types/instructionConstraintsCreated.d.ts.map +0 -1
package/dist/generated/types/instructionConstraintsCreated.js +0 -36
package/dist/generated/types/instructionConstraintsCreated.js.map +0 -1
package/dist/generated/types/pdaAllocated.d.ts +0 -24
package/dist/generated/types/pdaAllocated.d.ts.map +0 -1
package/dist/generated/types/pdaAllocated.js.map +0 -1
package/dist/generated/types/pdaExtended.d.ts +0 -24
package/dist/generated/types/pdaExtended.d.ts.map +0 -1
package/dist/generated/types/pdaExtended.js +0 -28
package/dist/generated/types/pdaExtended.js.map +0 -1
package/dist/integrations/protocol-handler.d.ts +0 -59
package/dist/integrations/protocol-handler.d.ts.map +0 -1
package/dist/integrations/protocol-handler.js +0 -9
package/dist/integrations/protocol-handler.js.map +0 -1

package/dist/canonical-encode.js ADDED Viewed

@@ -0,0 +1,141 @@
+/**
+ * Canonical Borsh-style encoder primitives — shared utilities.
+ *
+ * APPEND-ONLY DISCIPLINE. The TA-19 policy preview digest
+ * (`policy/compute-policy-preview-digest.ts`) and the AL3 SealInput intent
+ * digest (`seal/intent-digest.ts`, Phase 9 Batch I) both depend on these
+ * primitives being byte-stable across SDK versions. Adding a new primitive
+ * is fine; CHANGING the byte layout of an existing one would break every
+ * downstream cross-impl Rust↔TS hash and silently invalidate every
+ * previously-signed policy preview digest.
+ *
+ * Mirrors the Rust-side conventions used by `solana_program::hash::hash`
+ * over Borsh-encoded structs:
+ *   - Little-endian for all multi-byte integers (u16/u32/u64).
+ *   - Vec<T> = u32 LE length prefix ++ flat element bytes (no per-element
+ *     framing).
+ *   - bool encoded as u8 (0 or 1; the canonical Borsh wire format).
+ *   - Pubkey = raw 32 bytes (base58 decoded).
+ *   - SHA-256 over the canonical-encoded byte string.
+ *
+ * Primitives are deliberately small, stateless, and side-effect-free so
+ * they can be unit-tested in isolation and reused without surprises.
+ */
+import { sha256 as nobleSha256 } from "@noble/hashes/sha2";
+// ── Base58 decode (no external dep) ─────────────────────────────────────────
+//
+// Solana pubkeys are base58 strings; we need the raw 32 bytes. The SDK has
+// many base58 helpers downstream but importing from `kit-adapter` here would
+// create a cycle (kit-adapter imports from `core/` which is consumed by
+// digest helpers). Inline a small standard-Bitcoin-alphabet decoder.
+const BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+const BASE58_INDEX = (() => {
+    const r = Object.create(null);
+    for (let i = 0; i < BASE58_ALPHABET.length; i++) {
+        r[BASE58_ALPHABET[i]] = i;
+    }
+    return r;
+})();
+/**
+ * Decode a Solana base58 pubkey to its 32-byte raw form. Throws on any
+ * input that doesn't decode to exactly 32 bytes (catches malformed
+ * pubkeys before they corrupt the canonical encoding).
+ *
+ * @throws Error if `s` is empty, contains an invalid base58 character,
+ *   or decodes to a byte length other than 32.
+ */
+export function base58Decode32(s) {
+    if (s.length === 0) {
+        throw new Error("base58Decode32: empty input");
+    }
+    let leadingZeros = 0;
+    while (leadingZeros < s.length && s[leadingZeros] === "1") {
+        leadingZeros++;
+    }
+    // Big integer mode: walk digits, base-256 carry.
+    const bytes = [];
+    for (let i = 0; i < s.length; i++) {
+        const c = s[i];
+        const v = BASE58_INDEX[c];
+        if (v === undefined) {
+            throw new Error(`base58Decode32: invalid char '${c}'`);
+        }
+        let carry = v;
+        for (let j = 0; j < bytes.length; j++) {
+            carry += bytes[j] * 58;
+            bytes[j] = carry & 0xff;
+            carry >>>= 8;
+        }
+        while (carry > 0) {
+            bytes.push(carry & 0xff);
+            carry >>>= 8;
+        }
+    }
+    // bytes is little-endian; reverse and prepend leading zeros.
+    const out = new Uint8Array(leadingZeros + bytes.length);
+    for (let i = 0; i < bytes.length; i++) {
+        out[leadingZeros + (bytes.length - 1 - i)] = bytes[i];
+    }
+    if (out.length !== 32) {
+        throw new Error(`base58Decode32: expected 32-byte pubkey, got ${out.length} bytes`);
+    }
+    return out;
+}
+// ── Cursor writers ──────────────────────────────────────────────────────────
+//
+// Each writer takes a DataView + offset and returns the new offset. The
+// `DataView` interface is browser- and Node-portable. All multi-byte integers
+// are little-endian (matching `solana_program` + Borsh canonical encoding).
+/** Write u8 (single byte). Returns new offset. */
+export function writeU8(view, offset, v) {
+    view.setUint8(offset, v & 0xff);
+    return offset + 1;
+}
+/** Write u16 little-endian. Returns new offset. */
+export function writeU16Le(view, offset, v) {
+    view.setUint16(offset, v, true);
+    return offset + 2;
+}
+/** Write u32 little-endian. Returns new offset. */
+export function writeU32Le(view, offset, v) {
+    view.setUint32(offset, v, true);
+    return offset + 4;
+}
+/** Write u64 little-endian. Returns new offset. */
+export function writeU64Le(view, offset, v) {
+    view.setBigUint64(offset, v, true);
+    return offset + 8;
+}
+/** Write a bool as a single 0/1 byte. Returns new offset. */
+export function writeBool(view, offset, v) {
+    view.setUint8(offset, v ? 1 : 0);
+    return offset + 1;
+}
+// ── SHA-256 hasher ──────────────────────────────────────────────────────────
+/**
+ * SHA-256 over the input bytes. Backed by `@noble/hashes/sha256` — pure
+ * JS, browser- and Bun-compatible, byte-identical to Node's `node:crypto`
+ * for the same input (TA-19 cross-impl fixture suite verifies this).
+ *
+ * Phase 9 Batch I switched the backend from `node:crypto` to noble so AL3
+ * intent-digest can ship the same primitive across Node, Bun, and the
+ * browser without runtime-conditional imports.
+ */
+export function sha256(input) {
+    return nobleSha256(input);
+}
+/**
+ * Constant-time digest comparison (true if `a` and `b` are byte-equal).
+ * Uses XOR-accumulate with no early exit so timing leaks don't reveal
+ * which prefix matched. Used by cosign + policy-digest verification.
+ */
+export function digestsEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let acc = 0;
+    for (let i = 0; i < a.length; i++) {
+        acc |= (a[i] ^ b[i]) & 0xff;
+    }
+    return acc === 0;
+}
+//# sourceMappingURL=canonical-encode.js.map

package/dist/canonical-encode.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canonical-encode.js","sourceRoot":"","sources":["../src/canonical-encode.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,MAAM,IAAI,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAE3D,+EAA+E;AAC/E,EAAE;AACF,2EAA2E;AAC3E,6EAA6E;AAC7E,wEAAwE;AACxE,qEAAqE;AAErE,MAAM,eAAe,GACnB,4DAA4D,CAAC;AAC/D,MAAM,YAAY,GAA2B,CAAC,GAAG,EAAE;IACjD,MAAM,CAAC,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChD,CAAC,CAAC,eAAe,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC,CAAC,EAAE,CAAC;AAEL;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAAC,CAAS;IACtC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,OAAO,YAAY,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,YAAY,CAAC,KAAK,GAAG,EAAE,CAAC;QAC1D,YAAY,EAAE,CAAC;IACjB,CAAC;IACD,iDAAiD;IACjD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;QAChB,MAAM,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAC1B,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,GAAG,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,KAAK,IAAI,KAAK,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC;YACxB,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC;YACxB,KAAK,MAAM,CAAC,CAAC;QACf,CAAC;QACD,OAAO,KAAK,GAAG,CAAC,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;YACzB,KAAK,MAAM,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IACD,6DAA6D;IAC7D,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IACxD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,GAAG,CAAC,YAAY,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IACzD,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,gDAAgD,GAAG,CAAC,MAAM,QAAQ,CACnE,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,+EAA+E;AAC/E,EAAE;AACF,wEAAwE;AACxE,8EAA8E;AAC9E,4EAA4E;AAE5E,kDAAkD;AAClD,MAAM,UAAU,OAAO,CAAC,IAAc,EAAE,MAAc,EAAE,CAAS;IAC/D,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IAChC,OAAO,MAAM,GAAG,CAAC,CAAC;AACpB,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,UAAU,CAAC,IAAc,EAAE,MAAc,EAAE,CAAS;IAClE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAChC,OAAO,MAAM,GAAG,CAAC,CAAC;AACpB,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,UAAU,CAAC,IAAc,EAAE,MAAc,EAAE,CAAS;IAClE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAChC,OAAO,MAAM,GAAG,CAAC,CAAC;AACpB,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,UAAU,CAAC,IAAc,EAAE,MAAc,EAAE,CAAS;IAClE,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IACnC,OAAO,MAAM,GAAG,CAAC,CAAC;AACpB,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,SAAS,CAAC,IAAc,EAAE,MAAc,EAAE,CAAU;IAClE,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACjC,OAAO,MAAM,GAAG,CAAC,CAAC;AACpB,CAAC;AAED,+EAA+E;AAE/E;;;;;;;;GAQG;AACH,MAAM,UAAU,MAAM,CAAC,KAAiB;IACtC,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,CAAa,EAAE,CAAa;IACvD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAE,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,GAAG,IAAI,CAAC;IAChC,CAAC;IACD,OAAO,GAAG,KAAK,CAAC,CAAC;AACnB,CAAC"}

package/dist/cosign-helper.d.ts ADDED Viewed

@@ -0,0 +1,264 @@
+/**
+ * G4 (audit close) — TA-09 client-side cosign helper.
+ *
+ * Closes the G4 gate of Phase 6: the on-chain TA-09 cosign workflow is
+ * implemented at `queue_policy_update.rs` (handler lines 286-328) and
+ * re-validated at `apply_pending_policy.rs` (handler lines 70-84), but the
+ * SDK previously had NO client-side path to PRODUCE a valid cosign session +
+ * digest. This file ships that path.
+ *
+ * Usage (illustrative — non-Kit caller):
+ *
+ *   import { buildCosignBundle } from "@usesigil/kit";
+ *
+ *   const bundle = buildCosignBundle({
+ *     cosignSessionPubkey: cosigner.address,
+ *     ownerSigner: owner,            // unused at digest time — see note below
+ *     dailySpendingCapUsd: 800_000_000n,  // raise from 500_000_000 → elevated
+ *   });
+ *
+ *   await queuePolicyUpdate({
+ *     ...args,
+ *     cosignSession: bundle.cosignSession,
+ *     newPolicyPreviewDigest: previewDigest, // separate TA-19 digest
+ *     // cosign digest IS NOT a queue arg — the on-chain handler RECOMPUTES
+ *     // it from the queue args + cosign_session pubkey and stores the
+ *     // result on PendingPolicyUpdate. Apply re-validates by recomputing.
+ *   });
+ *
+ * Why the helper exists if the cosign digest isn't a queue arg:
+ *   - The on-chain handler classifies an "elevated mutation" via comparing
+ *     `Option::Some(new) > live` (raises) / `new.contains(p) where !live.contains(p)`
+ *     (expansions). If you're queueing what you BELIEVE is elevated, this
+ *     helper produces the digest you EXPECT the on-chain handler to store,
+ *     so your client can:
+ *       (a) sanity-check elevation up-front before submitting a tx (and ask
+ *           the user for the cosigner signature explicitly), and
+ *       (b) compare against `PendingPolicyUpdate.cosignDigest` after queue,
+ *           catching any silent SDK encoder drift.
+ *   - The cosign session pubkey IS a queue arg (`cosign_session: Pubkey`).
+ *     For elevated mutations the handler rejects `Pubkey::default()` with
+ *     `ErrCosignRequired`, and ALSO requires the corresponding signer in
+ *     `remaining_accounts` with `is_signer == true`.
+ *
+ * G3 + G6 elevation triggers — what counts as "elevated" (all bound by this
+ * digest as of Round 2 B4 F-1, 2026-05-19):
+ *   - raises_daily_cap = daily_spending_cap_usd: Some(new) > live
+ *   - raises_max_tx = max_transaction_amount_usd: Some(new) > live
+ *   - expands_destinations = allowed_destinations: any new pubkey not in live
+ *     OR new.len() > live.len()
+ *   - expands_protocols = protocols: any new pubkey not in live OR
+ *     new.len() > live.len()
+ *   - lowers_floor = stable_balance_floor: Some(new) < live           (G3)
+ *   - raises_per_recipient_cap = per_recipient_daily_cap_usd:
+ *     Some(new) > live                                                (G3)
+ *   - disables_protocol_caps = has_protocol_caps: Some(false) while live=true (G3)
+ *   - shrinks_or_raises_caps = protocol_caps: any entry mutated       (G3)
+ *   - disables_cosign = cosign_required: Some(false) while live=true  (G6)
+ *
+ * Round 2 B4 F-1 fix (2026-05-19): the cosign digest binding now extends to
+ * ALL G3 + G6 triggers. Previously the digest only bound positions 1-5
+ * (cosign_session, daily/max-tx caps, destinations, protocols) — the G3/G6
+ * elevation triggers ELEVATED the queue but were NOT bound by this digest
+ * (they were bound only by TA-19 policy_preview_digest). That left a gap:
+ * a tampered SDK or discriminator-collision attack on the pending PDA
+ * could mutate those triggers between queue and apply without producing a
+ * cosign-digest mismatch. With the extension, every elevation trigger is
+ * now bound by BOTH the cosign digest (intent) and TA-19 (byte safety).
+ *
+ * Phase 4 PEN-CROSS-3 pattern reference:
+ *   PEN-CROSS-3 introduced sibling-handler digest binding (constraints/post-
+ *   assertion flips). The same defense-in-depth pattern applies here: the
+ *   on-chain TA-09 handler recomputes the cosign digest at BOTH queue (queue
+ *   binding) AND apply (re-validation). A rogue program with the same
+ *   discriminator on the pending PDA cannot rewrite args between queue and
+ *   apply without producing a digest mismatch.
+ *
+ * @see `programs/sigil/src/utils/cosign_digest.rs` — canonical Rust impl
+ * @see `programs/sigil/src/instructions/queue_policy_update.rs:286-328` —
+ *      queue-time gate + digest binding
+ * @see `programs/sigil/src/instructions/apply_pending_policy.rs:70-84` —
+ *      apply-time re-validation
+ * @see `sdk/kit/src/policy/compute-cosign-digest.ts` — SDK-side digest helper
+ */
+import type { Address, TransactionSigner } from "./kit-adapter.js";
+/**
+ * CANONICAL `cosign_session` ARG CONTRACT — Round 2 §RP-2 B4 F-3 (2026-05-19).
+ *
+ * Every Sigil instruction that supports the cosign opt-in path accepts a
+ * `cosign_session: Pubkey` argument. This contract documents what a non-Codama
+ * SDK consumer MUST pass to avoid the silent rejection path the on-chain
+ * handler took as of Round 2 B4 F-3 Option A:
+ *
+ *   • NON-ELEVATED queue (the default for every mutation that does NOT
+ *     raise daily_cap / max_tx, expand destinations / protocols, lower
+ *     stable_balance_floor, raise per_recipient_daily_cap_usd, disable
+ *     protocol_caps, mutate protocol_caps entries, or disable cosign):
+ *       Pass `Pubkey::default()` — the SystemProgram pubkey
+ *       `11111111111111111111111111111111` (32 zero bytes).
+ *       Do NOT include any cosigner in `remaining_accounts`.
+ *
+ *   • ELEVATED queue (raising daily_cap, expanding destinations, etc. — see
+ *     the full trigger list in the `CosignArgs` JSDoc below):
+ *       Pass a REAL session pubkey (non-default AND distinct from owner),
+ *       AND include that session pubkey in `remaining_accounts` with
+ *       `is_signer == true`.
+ *       Use {@link buildCosignBundle} to mirror the on-chain digest the
+ *       handler will recompute + store on `PendingPolicyUpdate`.
+ *
+ *   • REJECT path: passing a non-default `cosign_session` on a non-elevated
+ *     queue surfaces `InvalidPermissions` (6088). This is INTENTIONAL —
+ *     the on-chain handler refuses to silently downgrade a caller's
+ *     declared intent. See Round 2 §RP-2 B4 F-3 Option A rationale in
+ *     `queue_policy_update.rs` (and the corresponding test fixtures in
+ *     `tests/policy-digest-invariant.ts`).
+ *
+ * This contract applies to: `queue_policy_update`, `queue_agent_permissions`,
+ * and any future queue handler that takes a `cosign_session` arg. The Codama
+ * generated client surfaces this as a typed `Address` field; hand-rolled
+ * builders MUST follow the contract above to avoid `InvalidPermissions`.
+ */
+/**
+ * Arguments for {@link buildCosignBundle}. Mirrors the elevated-mutation
+ * subset of `queue_policy_update` args.
+ */
+export interface CosignArgs {
+    /**
+     * The cosigning session pubkey to bind into the digest. MUST be:
+     *   1. Distinct from the owner's pubkey (handler rejects same-key cosign
+     *      under `ErrCosignRequired` — same-key collapses the two-signer gate),
+     *   2. Non-default (i.e. NOT `11111111111111111111111111111111`), and
+     *   3. Present in the queue transaction's `remaining_accounts` with
+     *      `is_signer == true`.
+     *
+     * The caller is responsible for (3) — this helper produces the digest, the
+     * tx builder includes the signer.
+     *
+     * See the "CANONICAL `cosign_session` ARG CONTRACT" block above for the
+     * non-elevated vs elevated vs reject paths. Round 2 §RP-2 B4 F-3 (2026-05-19).
+     */
+    cosignSessionPubkey: Address;
+    /**
+     * The owner who will sign the queue tx. Currently UNUSED by digest
+     * derivation (the cosign digest binds the cosign_session pubkey, not the
+     * owner — owner authority is established by Solana's `is_signer` check on
+     * the owner account). Accepted as a constructor arg for symmetry with the
+     * full queue signing surface and to surface the "two distinct signers"
+     * requirement at the type level.
+     */
+    ownerSigner: TransactionSigner;
+    /**
+     * Pending `daily_spending_cap_usd` (6-decimal USDC face value).
+     * Raising this beyond the live policy value ELEVATES the queue.
+     * Bound by THIS cosign digest.
+     */
+    dailySpendingCapUsd?: bigint | null;
+    /**
+     * Pending `max_transaction_amount_usd` (6-decimal USDC face value).
+     * Raising this beyond the live policy value ELEVATES the queue.
+     * Bound by THIS cosign digest.
+     */
+    maxTransactionAmountUsd?: bigint | null;
+    /**
+     * Pending `allowed_destinations`. Adding any pubkey not in live (or
+     * growing the list) ELEVATES the queue. Bound by THIS cosign digest.
+     *
+     * NOTE: order matters — the on-chain handler treats `[A, B]` and `[B, A]`
+     * as DIFFERENT digests (ordered encoding). Always pass destinations in the
+     * same order the owner signed.
+     */
+    allowedDestinations?: readonly Address[] | null;
+    /**
+     * Pending `protocols`. Adding any pubkey not in live (or growing the list)
+     * ELEVATES the queue. Bound by THIS cosign digest. Same ordering caveat as
+     * `allowedDestinations`.
+     */
+    protocols?: readonly Address[] | null;
+    /**
+     * Pending `stable_balance_floor` (6-decimal USDC face value). LOWERING
+     * this below the live policy value ELEVATES the queue (G3 audit fix
+     * 2026-05-18). Round 2 B4 F-1: now BOUND by this cosign digest at
+     * canonical position 6.
+     */
+    stableBalanceFloor?: bigint | null;
+    /**
+     * Pending `per_recipient_daily_cap_usd` (6-decimal USDC face value).
+     * RAISING this above the live policy value ELEVATES the queue (G3 audit
+     * fix 2026-05-18). Round 2 B4 F-1: now BOUND by this cosign digest at
+     * canonical position 7.
+     */
+    perRecipientDailyCapUsd?: bigint | null;
+    /**
+     * Pending `has_protocol_caps` flag. Setting this to `false` while the
+     * live policy is `true` ELEVATES the queue (disabling protocol caps
+     * entirely). Round 2 B4 F-1: BOUND by this cosign digest at canonical
+     * position 8.
+     */
+    hasProtocolCaps?: boolean | null;
+    /**
+     * Pending `protocol_caps` Vec<u64> arg (6-decimal USDC face values,
+     * parallel to `protocols`). Mutating individual caps (shrink-to-zero or
+     * raise) ELEVATES the queue. Round 2 B4 F-1: BOUND by this cosign digest
+     * at canonical position 9. Same ordering caveat as `protocols` (parallel
+     * arrays — order is load-bearing).
+     */
+    protocolCaps?: readonly bigint[] | null;
+    /**
+     * Pending `cosign_required` flag. Setting this to `false` while the live
+     * policy is `true` ELEVATES the queue (G6 one-way ratchet — disabling
+     * cosign requires cosign). Round 2 B4 F-1: BOUND by this cosign digest
+     * at canonical position 10.
+     */
+    cosignRequired?: boolean | null;
+}
+/**
+ * Bundle produced by {@link buildCosignBundle}. Pass `cosignSession` as the
+ * `cosign_session` queue arg; the on-chain handler will recompute and store
+ * `cosignDigest` on `PendingPolicyUpdate.cosignDigest` (the SDK consumer can
+ * fetch + compare for a defense-in-depth sanity check after the queue tx
+ * lands).
+ */
+export interface CosignBundle {
+    /**
+     * The cosigning session pubkey, same as {@link CosignArgs.cosignSessionPubkey}.
+     * Pass this directly as the `cosign_session` arg to `queue_policy_update`.
+     */
+    cosignSession: Address;
+    /**
+     * The 32-byte SHA-256 digest the on-chain handler will recompute + store.
+     * Equal to the on-chain `compute_cosign_digest` over the same inputs.
+     *
+     * The caller does NOT pass this directly to `queue_policy_update` — the
+     * on-chain handler recomputes it from the queue args + cosign_session.
+     * Use this to:
+     *   (a) sanity-check what the on-chain handler WILL store, and
+     *   (b) compare to `PendingPolicyUpdate.cosignDigest` after queue to catch
+     *       SDK encoder drift.
+     */
+    cosignDigest: Uint8Array;
+}
+/**
+ * Produce a cosign session + digest bundle for an elevated `queue_policy_update`.
+ *
+ * Pass the same elevated-mutation fields you intend to send to
+ * `queue_policy_update`. The helper:
+ *   1. Validates that the cosign session is non-default and distinct from
+ *      the owner.
+ *   2. Computes the canonical cosign digest mirroring the on-chain
+ *      `compute_cosign_digest` byte-for-byte.
+ *   3. Returns the bundle.
+ *
+ * IMPORTANT: this helper does NOT enforce that the mutation IS elevated. The
+ * on-chain handler does that detection. If you call this for a non-elevated
+ * mutation, the bundle is technically valid but the handler will set
+ * `pending.cosign_digest = [0u8; 32]` and `pending.cosign_session =
+ * Pubkey::default()` instead of binding to the cosigner. Use the bundle when
+ * you have already determined elevation is required, e.g. via an SDK-side
+ * elevation check before constructing the tx.
+ *
+ * @throws if `cosignSessionPubkey` is `11111111111111111111111111111111` (default)
+ * @throws if `cosignSessionPubkey` equals `ownerSigner.address`
+ * @throws if any address fails base58 decoding to 32 bytes
+ */
+export declare function buildCosignBundle(args: CosignArgs): CosignBundle;
+//# sourceMappingURL=cosign-helper.d.ts.map

package/dist/cosign-helper.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cosign-helper.d.ts","sourceRoot":"","sources":["../src/cosign-helper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkFG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGnE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB;;;;;;;;;;;;;OAaG;IACH,mBAAmB,EAAE,OAAO,CAAC;IAE7B;;;;;;;OAOG;IACH,WAAW,EAAE,iBAAiB,CAAC;IAY/B;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEpC;;;;OAIG;IACH,uBAAuB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAExC;;;;;;;OAOG;IACH,mBAAmB,CAAC,EAAE,SAAS,OAAO,EAAE,GAAG,IAAI,CAAC;IAEhD;;;;OAIG;IACH,SAAS,CAAC,EAAE,SAAS,OAAO,EAAE,GAAG,IAAI,CAAC;IAStC;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEnC;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAExC;;;;;OAKG;IACH,eAAe,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IAEjC;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IAExC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;CACjC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,YAAY;IAC3B;;;OAGG;IACH,aAAa,EAAE,OAAO,CAAC;IACvB;;;;;;;;;;OAUG;IACH,YAAY,EAAE,UAAU,CAAC;CAC1B;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,UAAU,GAAG,YAAY,CA+ChE"}

package/dist/cosign-helper.js ADDED Viewed

@@ -0,0 +1,147 @@
+/**
+ * G4 (audit close) — TA-09 client-side cosign helper.
+ *
+ * Closes the G4 gate of Phase 6: the on-chain TA-09 cosign workflow is
+ * implemented at `queue_policy_update.rs` (handler lines 286-328) and
+ * re-validated at `apply_pending_policy.rs` (handler lines 70-84), but the
+ * SDK previously had NO client-side path to PRODUCE a valid cosign session +
+ * digest. This file ships that path.
+ *
+ * Usage (illustrative — non-Kit caller):
+ *
+ *   import { buildCosignBundle } from "@usesigil/kit";
+ *
+ *   const bundle = buildCosignBundle({
+ *     cosignSessionPubkey: cosigner.address,
+ *     ownerSigner: owner,            // unused at digest time — see note below
+ *     dailySpendingCapUsd: 800_000_000n,  // raise from 500_000_000 → elevated
+ *   });
+ *
+ *   await queuePolicyUpdate({
+ *     ...args,
+ *     cosignSession: bundle.cosignSession,
+ *     newPolicyPreviewDigest: previewDigest, // separate TA-19 digest
+ *     // cosign digest IS NOT a queue arg — the on-chain handler RECOMPUTES
+ *     // it from the queue args + cosign_session pubkey and stores the
+ *     // result on PendingPolicyUpdate. Apply re-validates by recomputing.
+ *   });
+ *
+ * Why the helper exists if the cosign digest isn't a queue arg:
+ *   - The on-chain handler classifies an "elevated mutation" via comparing
+ *     `Option::Some(new) > live` (raises) / `new.contains(p) where !live.contains(p)`
+ *     (expansions). If you're queueing what you BELIEVE is elevated, this
+ *     helper produces the digest you EXPECT the on-chain handler to store,
+ *     so your client can:
+ *       (a) sanity-check elevation up-front before submitting a tx (and ask
+ *           the user for the cosigner signature explicitly), and
+ *       (b) compare against `PendingPolicyUpdate.cosignDigest` after queue,
+ *           catching any silent SDK encoder drift.
+ *   - The cosign session pubkey IS a queue arg (`cosign_session: Pubkey`).
+ *     For elevated mutations the handler rejects `Pubkey::default()` with
+ *     `ErrCosignRequired`, and ALSO requires the corresponding signer in
+ *     `remaining_accounts` with `is_signer == true`.
+ *
+ * G3 + G6 elevation triggers — what counts as "elevated" (all bound by this
+ * digest as of Round 2 B4 F-1, 2026-05-19):
+ *   - raises_daily_cap = daily_spending_cap_usd: Some(new) > live
+ *   - raises_max_tx = max_transaction_amount_usd: Some(new) > live
+ *   - expands_destinations = allowed_destinations: any new pubkey not in live
+ *     OR new.len() > live.len()
+ *   - expands_protocols = protocols: any new pubkey not in live OR
+ *     new.len() > live.len()
+ *   - lowers_floor = stable_balance_floor: Some(new) < live           (G3)
+ *   - raises_per_recipient_cap = per_recipient_daily_cap_usd:
+ *     Some(new) > live                                                (G3)
+ *   - disables_protocol_caps = has_protocol_caps: Some(false) while live=true (G3)
+ *   - shrinks_or_raises_caps = protocol_caps: any entry mutated       (G3)
+ *   - disables_cosign = cosign_required: Some(false) while live=true  (G6)
+ *
+ * Round 2 B4 F-1 fix (2026-05-19): the cosign digest binding now extends to
+ * ALL G3 + G6 triggers. Previously the digest only bound positions 1-5
+ * (cosign_session, daily/max-tx caps, destinations, protocols) — the G3/G6
+ * elevation triggers ELEVATED the queue but were NOT bound by this digest
+ * (they were bound only by TA-19 policy_preview_digest). That left a gap:
+ * a tampered SDK or discriminator-collision attack on the pending PDA
+ * could mutate those triggers between queue and apply without producing a
+ * cosign-digest mismatch. With the extension, every elevation trigger is
+ * now bound by BOTH the cosign digest (intent) and TA-19 (byte safety).
+ *
+ * Phase 4 PEN-CROSS-3 pattern reference:
+ *   PEN-CROSS-3 introduced sibling-handler digest binding (constraints/post-
+ *   assertion flips). The same defense-in-depth pattern applies here: the
+ *   on-chain TA-09 handler recomputes the cosign digest at BOTH queue (queue
+ *   binding) AND apply (re-validation). A rogue program with the same
+ *   discriminator on the pending PDA cannot rewrite args between queue and
+ *   apply without producing a digest mismatch.
+ *
+ * @see `programs/sigil/src/utils/cosign_digest.rs` — canonical Rust impl
+ * @see `programs/sigil/src/instructions/queue_policy_update.rs:286-328` —
+ *      queue-time gate + digest binding
+ * @see `programs/sigil/src/instructions/apply_pending_policy.rs:70-84` —
+ *      apply-time re-validation
+ * @see `sdk/kit/src/policy/compute-cosign-digest.ts` — SDK-side digest helper
+ */
+import { computeCosignDigest } from "./policy/compute-cosign-digest.js";
+/**
+ * Produce a cosign session + digest bundle for an elevated `queue_policy_update`.
+ *
+ * Pass the same elevated-mutation fields you intend to send to
+ * `queue_policy_update`. The helper:
+ *   1. Validates that the cosign session is non-default and distinct from
+ *      the owner.
+ *   2. Computes the canonical cosign digest mirroring the on-chain
+ *      `compute_cosign_digest` byte-for-byte.
+ *   3. Returns the bundle.
+ *
+ * IMPORTANT: this helper does NOT enforce that the mutation IS elevated. The
+ * on-chain handler does that detection. If you call this for a non-elevated
+ * mutation, the bundle is technically valid but the handler will set
+ * `pending.cosign_digest = [0u8; 32]` and `pending.cosign_session =
+ * Pubkey::default()` instead of binding to the cosigner. Use the bundle when
+ * you have already determined elevation is required, e.g. via an SDK-side
+ * elevation check before constructing the tx.
+ *
+ * @throws if `cosignSessionPubkey` is `11111111111111111111111111111111` (default)
+ * @throws if `cosignSessionPubkey` equals `ownerSigner.address`
+ * @throws if any address fails base58 decoding to 32 bytes
+ */
+export function buildCosignBundle(args) {
+    // Pre-flight: the on-chain handler rejects default/owner-same cosign with
+    // ErrCosignRequired (6089). Surface the same failures at the SDK level
+    // with a clearer error message — better DX than digging through Anchor
+    // error codes after a failed simulation.
+    const defaultPubkey = "11111111111111111111111111111111";
+    if (args.cosignSessionPubkey === defaultPubkey) {
+        throw new Error("buildCosignBundle: cosignSessionPubkey is the default pubkey " +
+            "(11111111111111111111111111111111). The on-chain handler will reject " +
+            "this with ErrCosignRequired (6089). Pass a real session pubkey.");
+    }
+    if (args.cosignSessionPubkey ===
+        args.ownerSigner.address) {
+        throw new Error("buildCosignBundle: cosignSessionPubkey equals ownerSigner.address. " +
+            "The on-chain handler rejects same-key cosign with ErrCosignRequired " +
+            "(6089) because it collapses the two-signer gate. Use a distinct " +
+            "cosigning session pubkey.");
+    }
+    const digest = computeCosignDigest({
+        cosignSession: args.cosignSessionPubkey,
+        dailySpendingCapUsd: args.dailySpendingCapUsd ?? null,
+        maxTransactionAmountUsd: args.maxTransactionAmountUsd ?? null,
+        allowedDestinations: args.allowedDestinations ?? null,
+        protocols: args.protocols ?? null,
+        // Round 2 B4 F-1 (2026-05-19): the 5 new G3 + G6 elevation triggers are
+        // now BOUND by this cosign digest. Flow them through to mirror the
+        // on-chain handler's CosignDigestFields construction in
+        // `queue_policy_update.rs` (handler passes all 10 fields).
+        stableBalanceFloor: args.stableBalanceFloor ?? null,
+        perRecipientDailyCapUsd: args.perRecipientDailyCapUsd ?? null,
+        hasProtocolCaps: args.hasProtocolCaps ?? null,
+        protocolCaps: args.protocolCaps ?? null,
+        cosignRequired: args.cosignRequired ?? null,
+    });
+    return {
+        cosignSession: args.cosignSessionPubkey,
+        cosignDigest: digest,
+    };
+}
+//# sourceMappingURL=cosign-helper.js.map

package/dist/cosign-helper.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cosign-helper.js","sourceRoot":"","sources":["../src/cosign-helper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkFG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AA2LxE;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAgB;IAChD,0EAA0E;IAC1E,uEAAuE;IACvE,uEAAuE;IACvE,yCAAyC;IACzC,MAAM,aAAa,GACjB,kCAAwD,CAAC;IAC3D,IAAI,IAAI,CAAC,mBAAmB,KAAK,aAAa,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,+DAA+D;YAC7D,uEAAuE;YACvE,iEAAiE,CACpE,CAAC;IACJ,CAAC;IACD,IACG,IAAI,CAAC,mBAAyC;QAC9C,IAAI,CAAC,WAAW,CAAC,OAA6B,EAC/C,CAAC;QACD,MAAM,IAAI,KAAK,CACb,qEAAqE;YACnE,sEAAsE;YACtE,kEAAkE;YAClE,2BAA2B,CAC9B,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,mBAAmB,CAAC;QACjC,aAAa,EAAE,IAAI,CAAC,mBAAmB;QACvC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAI,IAAI;QACrD,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,IAAI,IAAI;QAC7D,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAI,IAAI;QACrD,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;QACjC,wEAAwE;QACxE,mEAAmE;QACnE,wDAAwD;QACxD,2DAA2D;QAC3D,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,IAAI,IAAI;QACnD,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,IAAI,IAAI;QAC7D,eAAe,EAAE,IAAI,CAAC,eAAe,IAAI,IAAI;QAC7C,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;QACvC,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,IAAI;KAC5C,CAAC,CAAC;IAEH,OAAO;QACL,aAAa,EAAE,IAAI,CAAC,mBAAmB;QACvC,YAAY,EAAE,MAAM;KACrB,CAAC;AACJ,CAAC"}