@usesigil/kit 0.16.0 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -0
- package/dist/advanced-analytics.d.ts +3 -2
- package/dist/advanced-analytics.d.ts.map +1 -1
- package/dist/advanced-analytics.js +9 -42
- package/dist/advanced-analytics.js.map +1 -1
- package/dist/agent-bootstrap.d.ts +1 -2
- package/dist/agent-bootstrap.d.ts.map +1 -1
- package/dist/agent-bootstrap.js.map +1 -1
- package/dist/agent-errors.d.ts +20 -4
- package/dist/agent-errors.d.ts.map +1 -1
- package/dist/agent-errors.js +854 -369
- package/dist/agent-errors.js.map +1 -1
- package/dist/audit-log.d.ts +101 -0
- package/dist/audit-log.d.ts.map +1 -0
- package/dist/audit-log.js +145 -0
- package/dist/audit-log.js.map +1 -0
- package/dist/caip2-network.d.ts +171 -0
- package/dist/caip2-network.d.ts.map +1 -0
- package/dist/caip2-network.js +202 -0
- package/dist/caip2-network.js.map +1 -0
- package/dist/canonical-encode.d.ts +59 -0
- package/dist/canonical-encode.d.ts.map +1 -0
- package/dist/canonical-encode.js +141 -0
- package/dist/canonical-encode.js.map +1 -0
- package/dist/cosign-helper.d.ts +264 -0
- package/dist/cosign-helper.d.ts.map +1 -0
- package/dist/cosign-helper.js +147 -0
- package/dist/cosign-helper.js.map +1 -0
- package/dist/create-vault.d.ts +92 -0
- package/dist/create-vault.d.ts.map +1 -1
- package/dist/create-vault.js +98 -7
- package/dist/create-vault.js.map +1 -1
- package/dist/dashboard/close-vault.d.ts +110 -0
- package/dist/dashboard/close-vault.d.ts.map +1 -0
- package/dist/dashboard/close-vault.js +165 -0
- package/dist/dashboard/close-vault.js.map +1 -0
- package/dist/dashboard/errors.d.ts +2 -2
- package/dist/dashboard/errors.d.ts.map +1 -1
- package/dist/dashboard/errors.js +11 -7
- package/dist/dashboard/errors.js.map +1 -1
- package/dist/dashboard/index.d.ts +181 -34
- package/dist/dashboard/index.d.ts.map +1 -1
- package/dist/dashboard/index.js +258 -52
- package/dist/dashboard/index.js.map +1 -1
- package/dist/dashboard/mutations.d.ts +117 -26
- package/dist/dashboard/mutations.d.ts.map +1 -1
- package/dist/dashboard/mutations.js +521 -110
- package/dist/dashboard/mutations.js.map +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts.map +1 -1
- package/dist/dashboard/post-assertion-validation.js +169 -48
- package/dist/dashboard/post-assertion-validation.js.map +1 -1
- package/dist/dashboard/reads.d.ts +3 -4
- package/dist/dashboard/reads.d.ts.map +1 -1
- package/dist/dashboard/reads.js +11 -22
- package/dist/dashboard/reads.js.map +1 -1
- package/dist/dashboard/types.d.ts +32 -17
- package/dist/dashboard/types.d.ts.map +1 -1
- package/dist/errors/agent-errors.generated.d.ts +21 -0
- package/dist/errors/agent-errors.generated.d.ts.map +1 -0
- package/dist/errors/agent-errors.generated.js +133 -0
- package/dist/errors/agent-errors.generated.js.map +1 -0
- package/dist/errors/codes.d.ts +21 -2
- package/dist/errors/codes.d.ts.map +1 -1
- package/dist/errors/codes.js +19 -0
- package/dist/errors/codes.js.map +1 -1
- package/dist/errors/context.d.ts +9 -1
- package/dist/errors/context.d.ts.map +1 -1
- package/dist/event-analytics.d.ts +1 -3
- package/dist/event-analytics.d.ts.map +1 -1
- package/dist/event-analytics.js +28 -81
- package/dist/event-analytics.js.map +1 -1
- package/dist/events.d.ts.map +1 -1
- package/dist/events.js +23 -14
- package/dist/events.js.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.d.ts +60 -0
- package/dist/generated/accounts/agentSpendOverlay.d.ts.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.js +6 -2
- package/dist/generated/accounts/agentSpendOverlay.js.map +1 -1
- package/dist/generated/accounts/agentVault.d.ts +168 -4
- package/dist/generated/accounts/agentVault.d.ts.map +1 -1
- package/dist/generated/accounts/agentVault.js +11 -3
- package/dist/generated/accounts/agentVault.js.map +1 -1
- package/dist/generated/accounts/auditLogRejected.d.ts +66 -0
- package/dist/generated/accounts/auditLogRejected.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogRejected.js +68 -0
- package/dist/generated/accounts/auditLogRejected.js.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts +78 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.js +68 -0
- package/dist/generated/accounts/auditLogSuccess.js.map +1 -0
- package/dist/generated/accounts/index.d.ts +4 -4
- package/dist/generated/accounts/index.d.ts.map +1 -1
- package/dist/generated/accounts/index.js +4 -4
- package/dist/generated/accounts/index.js.map +1 -1
- package/dist/generated/accounts/pendingAgentGrant.d.ts +199 -0
- package/dist/generated/accounts/pendingAgentGrant.d.ts.map +1 -0
- package/dist/generated/accounts/pendingAgentGrant.js +75 -0
- package/dist/generated/accounts/pendingAgentGrant.js.map +1 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts +64 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js +7 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts +131 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js +76 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js.map +1 -0
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts +200 -4
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js +19 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js.map +1 -1
- package/dist/generated/accounts/policyConfig.d.ts +479 -36
- package/dist/generated/accounts/policyConfig.d.ts.map +1 -1
- package/dist/generated/accounts/policyConfig.js +30 -3
- package/dist/generated/accounts/policyConfig.js.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.d.ts +2 -2
- package/dist/generated/accounts/postExecutionAssertions.d.ts.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.js +3 -3
- package/dist/generated/accounts/sessionAuthority.d.ts +140 -12
- package/dist/generated/accounts/sessionAuthority.d.ts.map +1 -1
- package/dist/generated/accounts/sessionAuthority.js +9 -7
- package/dist/generated/accounts/sessionAuthority.js.map +1 -1
- package/dist/generated/accounts/spendTracker.d.ts +83 -3
- package/dist/generated/accounts/spendTracker.d.ts.map +1 -1
- package/dist/generated/accounts/spendTracker.js +14 -2
- package/dist/generated/accounts/spendTracker.js.map +1 -1
- package/dist/generated/errors/sigil.d.ts +129 -83
- package/dist/generated/errors/sigil.d.ts.map +1 -1
- package/dist/generated/errors/sigil.js +175 -106
- package/dist/generated/errors/sigil.js.map +1 -1
- package/dist/generated/event-discriminators.d.ts.map +1 -1
- package/dist/generated/event-discriminators.js +11 -14
- package/dist/generated/event-discriminators.js.map +1 -1
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts +142 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts +142 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js.map +1 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts +100 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{applyConstraintsUpdate.js → applyAgentGrant.js} +66 -42
- package/dist/generated/instructions/applyAgentGrant.js.map +1 -0
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts +31 -8
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js +38 -2
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.d.ts +18 -7
- package/dist/generated/instructions/applyPendingPolicy.d.ts.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.js +38 -2
- package/dist/generated/instructions/applyPendingPolicy.js.map +1 -1
- package/dist/generated/instructions/cancelAgentGrant.d.ts +106 -0
- package/dist/generated/instructions/cancelAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{allocatePendingConstraintsPda.js → cancelAgentGrant.js} +54 -42
- package/dist/generated/instructions/cancelAgentGrant.js.map +1 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts +121 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/{queueCloseConstraints.js → cancelOwnershipTransfer.js} +58 -44
- package/dist/generated/instructions/cancelOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/closePostAssertions.d.ts +6 -1
- package/dist/generated/instructions/closePostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/closePostAssertions.js +11 -3
- package/dist/generated/instructions/closePostAssertions.js.map +1 -1
- package/dist/generated/instructions/closeVault.d.ts +40 -8
- package/dist/generated/instructions/closeVault.d.ts.map +1 -1
- package/dist/generated/instructions/closeVault.js +40 -2
- package/dist/generated/instructions/closeVault.js.map +1 -1
- package/dist/generated/instructions/createPostAssertions.d.ts +4 -0
- package/dist/generated/instructions/createPostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/createPostAssertions.js +2 -0
- package/dist/generated/instructions/createPostAssertions.js.map +1 -1
- package/dist/generated/instructions/depositFunds.d.ts +21 -10
- package/dist/generated/instructions/depositFunds.d.ts.map +1 -1
- package/dist/generated/instructions/depositFunds.js +37 -2
- package/dist/generated/instructions/depositFunds.js.map +1 -1
- package/dist/generated/instructions/finalizeSession.d.ts +49 -7
- package/dist/generated/instructions/finalizeSession.d.ts.map +1 -1
- package/dist/generated/instructions/finalizeSession.js +59 -2
- package/dist/generated/instructions/finalizeSession.js.map +1 -1
- package/dist/generated/instructions/freezeVault.d.ts +36 -5
- package/dist/generated/instructions/freezeVault.d.ts.map +1 -1
- package/dist/generated/instructions/freezeVault.js +65 -4
- package/dist/generated/instructions/freezeVault.js.map +1 -1
- package/dist/generated/instructions/index.d.ts +10 -15
- package/dist/generated/instructions/index.d.ts.map +1 -1
- package/dist/generated/instructions/index.js +10 -15
- package/dist/generated/instructions/index.js.map +1 -1
- package/dist/generated/instructions/initializeVault.d.ts +79 -9
- package/dist/generated/instructions/initializeVault.d.ts.map +1 -1
- package/dist/generated/instructions/initializeVault.js +57 -3
- package/dist/generated/instructions/initializeVault.js.map +1 -1
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts +106 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js +181 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/pauseAgent.d.ts +49 -5
- package/dist/generated/instructions/pauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/pauseAgent.js +80 -5
- package/dist/generated/instructions/pauseAgent.js.map +1 -1
- package/dist/generated/instructions/promoteGraylistDestination.d.ts +56 -0
- package/dist/generated/instructions/promoteGraylistDestination.d.ts.map +1 -0
- package/dist/generated/instructions/{createInstructionConstraints.js → promoteGraylistDestination.js} +23 -40
- package/dist/generated/instructions/promoteGraylistDestination.js.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts +113 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.js +181 -0
- package/dist/generated/instructions/queueAgentGrant.js.map +1 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts +8 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js +4 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.d.ts +32 -0
- package/dist/generated/instructions/queuePolicyUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.js +17 -1
- package/dist/generated/instructions/queuePolicyUpdate.js.map +1 -1
- package/dist/generated/instructions/reactivateVault.d.ts +71 -5
- package/dist/generated/instructions/reactivateVault.d.ts.map +1 -1
- package/dist/generated/instructions/reactivateVault.js +80 -5
- package/dist/generated/instructions/reactivateVault.js.map +1 -1
- package/dist/generated/instructions/recordAgentViolation.d.ts +89 -0
- package/dist/generated/instructions/recordAgentViolation.d.ts.map +1 -0
- package/dist/generated/instructions/recordAgentViolation.js +152 -0
- package/dist/generated/instructions/recordAgentViolation.js.map +1 -0
- package/dist/generated/instructions/registerAgent.d.ts +84 -6
- package/dist/generated/instructions/registerAgent.d.ts.map +1 -1
- package/dist/generated/instructions/registerAgent.js +81 -4
- package/dist/generated/instructions/registerAgent.js.map +1 -1
- package/dist/generated/instructions/revokeAgent.d.ts +49 -6
- package/dist/generated/instructions/revokeAgent.d.ts.map +1 -1
- package/dist/generated/instructions/revokeAgent.js +81 -4
- package/dist/generated/instructions/revokeAgent.js.map +1 -1
- package/dist/generated/instructions/setObserveOnly.d.ts +56 -0
- package/dist/generated/instructions/setObserveOnly.d.ts.map +1 -0
- package/dist/generated/instructions/setObserveOnly.js +111 -0
- package/dist/generated/instructions/setObserveOnly.js.map +1 -0
- package/dist/generated/instructions/unpauseAgent.d.ts +46 -5
- package/dist/generated/instructions/unpauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/unpauseAgent.js +80 -5
- package/dist/generated/instructions/unpauseAgent.js.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.d.ts +29 -0
- package/dist/generated/instructions/validateAndAuthorize.d.ts.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.js +4 -0
- package/dist/generated/instructions/validateAndAuthorize.js.map +1 -1
- package/dist/generated/instructions/withdrawFunds.d.ts +53 -11
- package/dist/generated/instructions/withdrawFunds.d.ts.map +1 -1
- package/dist/generated/instructions/withdrawFunds.js +51 -2
- package/dist/generated/instructions/withdrawFunds.js.map +1 -1
- package/dist/generated/programs/sigil.d.ts +79 -99
- package/dist/generated/programs/sigil.d.ts.map +1 -1
- package/dist/generated/programs/sigil.js +139 -199
- package/dist/generated/programs/sigil.js.map +1 -1
- package/dist/generated/types/actionAuthorized.d.ts +0 -2
- package/dist/generated/types/actionAuthorized.d.ts.map +1 -1
- package/dist/generated/types/actionAuthorized.js +0 -2
- package/dist/generated/types/actionAuthorized.js.map +1 -1
- package/dist/generated/types/agentAutoRevoked.d.ts +31 -0
- package/dist/generated/types/agentAutoRevoked.d.ts.map +1 -0
- package/dist/generated/types/{orphanConstraintsPdaCleaned.js → agentAutoRevoked.js} +12 -8
- package/dist/generated/types/agentAutoRevoked.js.map +1 -0
- package/dist/generated/types/agentEntry.d.ts +48 -0
- package/dist/generated/types/agentEntry.d.ts.map +1 -1
- package/dist/generated/types/agentEntry.js +4 -2
- package/dist/generated/types/agentEntry.js.map +1 -1
- package/dist/generated/types/agentGrantApplied.d.ts +38 -0
- package/dist/generated/types/agentGrantApplied.d.ts.map +1 -0
- package/dist/generated/types/agentGrantApplied.js +34 -0
- package/dist/generated/types/agentGrantApplied.js.map +1 -0
- package/dist/generated/types/agentGrantCancelled.d.ts +33 -0
- package/dist/generated/types/agentGrantCancelled.d.ts.map +1 -0
- package/dist/generated/types/agentGrantCancelled.js +28 -0
- package/dist/generated/types/agentGrantCancelled.js.map +1 -0
- package/dist/generated/types/agentGrantQueued.d.ts +38 -0
- package/dist/generated/types/agentGrantQueued.d.ts.map +1 -0
- package/dist/generated/types/agentGrantQueued.js +32 -0
- package/dist/generated/types/agentGrantQueued.js.map +1 -0
- package/dist/generated/types/auditEntry.d.ts +120 -0
- package/dist/generated/types/auditEntry.d.ts.map +1 -0
- package/dist/generated/types/auditEntry.js +34 -0
- package/dist/generated/types/auditEntry.js.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts +32 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.js +24 -0
- package/dist/generated/types/destinationGraylistEntry.js.map +1 -0
- package/dist/generated/types/graylistEntered.d.ts +31 -0
- package/dist/generated/types/graylistEntered.d.ts.map +1 -0
- package/dist/generated/types/graylistEntered.js +30 -0
- package/dist/generated/types/graylistEntered.js.map +1 -0
- package/dist/generated/types/graylistPromoted.d.ts +29 -0
- package/dist/generated/types/graylistPromoted.d.ts.map +1 -0
- package/dist/generated/types/graylistPromoted.js +28 -0
- package/dist/generated/types/graylistPromoted.js.map +1 -0
- package/dist/generated/types/index.d.ts +13 -22
- package/dist/generated/types/index.d.ts.map +1 -1
- package/dist/generated/types/index.js +13 -22
- package/dist/generated/types/index.js.map +1 -1
- package/dist/generated/types/observeOnlyChanged.d.ts +33 -0
- package/dist/generated/types/observeOnlyChanged.d.ts.map +1 -0
- package/dist/generated/types/observeOnlyChanged.js +32 -0
- package/dist/generated/types/observeOnlyChanged.js.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts +32 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.js +30 -0
- package/dist/generated/types/ownershipTransferAccepted.js.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts +29 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.js +28 -0
- package/dist/generated/types/ownershipTransferCancelled.js.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts +33 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.js +30 -0
- package/dist/generated/types/ownershipTransferInitiated.js.map +1 -0
- package/dist/generated/types/perRecipientCounter.d.ts +61 -0
- package/dist/generated/types/perRecipientCounter.d.ts.map +1 -0
- package/dist/generated/types/perRecipientCounter.js +26 -0
- package/dist/generated/types/perRecipientCounter.js.map +1 -0
- package/dist/generated/types/postAssertionEntry.d.ts +14 -7
- package/dist/generated/types/postAssertionEntry.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntry.js +5 -7
- package/dist/generated/types/postAssertionEntry.js.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.d.ts +53 -22
- package/dist/generated/types/postAssertionEntryZC.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.js +4 -6
- package/dist/generated/types/postAssertionEntryZC.js.map +1 -1
- package/dist/generated/types/sessionFinalized.d.ts +0 -4
- package/dist/generated/types/sessionFinalized.d.ts.map +1 -1
- package/dist/generated/types/sessionFinalized.js +0 -2
- package/dist/generated/types/sessionFinalized.js.map +1 -1
- package/dist/generated/types/vaultFrozen.d.ts +14 -0
- package/dist/generated/types/vaultFrozen.d.ts.map +1 -1
- package/dist/generated/types/vaultFrozen.js +2 -0
- package/dist/generated/types/vaultFrozen.js.map +1 -1
- package/dist/index.d.ts +28 -9
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +64 -11
- package/dist/index.js.map +1 -1
- package/dist/inspector.d.ts +0 -23
- package/dist/inspector.d.ts.map +1 -1
- package/dist/inspector.js +0 -52
- package/dist/inspector.js.map +1 -1
- package/dist/kit-adapter.d.ts +1 -1
- package/dist/kit-adapter.d.ts.map +1 -1
- package/dist/kit-adapter.js +1 -1
- package/dist/kit-adapter.js.map +1 -1
- package/dist/multisig-detection.d.ts +83 -0
- package/dist/multisig-detection.d.ts.map +1 -0
- package/dist/multisig-detection.js +128 -0
- package/dist/multisig-detection.js.map +1 -0
- package/dist/ownership-transfer.d.ts +79 -0
- package/dist/ownership-transfer.d.ts.map +1 -0
- package/dist/ownership-transfer.js +66 -0
- package/dist/ownership-transfer.js.map +1 -0
- package/dist/policy/compute-cosign-digest.d.ts +193 -0
- package/dist/policy/compute-cosign-digest.d.ts.map +1 -0
- package/dist/policy/compute-cosign-digest.js +318 -0
- package/dist/policy/compute-cosign-digest.js.map +1 -0
- package/dist/policy/compute-policy-preview-digest.d.ts +258 -0
- package/dist/policy/compute-policy-preview-digest.d.ts.map +1 -0
- package/dist/policy/compute-policy-preview-digest.js +351 -0
- package/dist/policy/compute-policy-preview-digest.js.map +1 -0
- package/dist/policy-attestation.d.ts +51 -0
- package/dist/policy-attestation.d.ts.map +1 -0
- package/dist/policy-attestation.js +43 -0
- package/dist/policy-attestation.js.map +1 -0
- package/dist/preview-create-vault.d.ts.map +1 -1
- package/dist/preview-create-vault.js +37 -16
- package/dist/preview-create-vault.js.map +1 -1
- package/dist/resolve-accounts.d.ts +75 -10
- package/dist/resolve-accounts.d.ts.map +1 -1
- package/dist/resolve-accounts.js +68 -32
- package/dist/resolve-accounts.js.map +1 -1
- package/dist/rpc-helpers.d.ts +29 -3
- package/dist/rpc-helpers.d.ts.map +1 -1
- package/dist/rpc-helpers.js +51 -12
- package/dist/rpc-helpers.js.map +1 -1
- package/dist/seal/intent-digest.d.ts +195 -0
- package/dist/seal/intent-digest.d.ts.map +1 -0
- package/dist/seal/intent-digest.js +372 -0
- package/dist/seal/intent-digest.js.map +1 -0
- package/dist/seal.d.ts +166 -3
- package/dist/seal.d.ts.map +1 -1
- package/dist/seal.js +428 -32
- package/dist/seal.js.map +1 -1
- package/dist/security-analytics.d.ts +3 -3
- package/dist/security-analytics.d.ts.map +1 -1
- package/dist/security-analytics.js +13 -128
- package/dist/security-analytics.js.map +1 -1
- package/dist/session-mint.d.ts +72 -0
- package/dist/session-mint.d.ts.map +1 -0
- package/dist/session-mint.js +59 -0
- package/dist/session-mint.js.map +1 -0
- package/dist/simulation.d.ts +19 -0
- package/dist/simulation.d.ts.map +1 -1
- package/dist/simulation.js +187 -95
- package/dist/simulation.js.map +1 -1
- package/dist/squads-detection.d.ts +135 -0
- package/dist/squads-detection.d.ts.map +1 -0
- package/dist/squads-detection.js +124 -0
- package/dist/squads-detection.js.map +1 -0
- package/dist/state-resolver.d.ts +0 -16
- package/dist/state-resolver.d.ts.map +1 -1
- package/dist/state-resolver.js +162 -97
- package/dist/state-resolver.js.map +1 -1
- package/dist/testing/devnet.d.ts +40 -1
- package/dist/testing/devnet.d.ts.map +1 -1
- package/dist/testing/devnet.js +333 -44
- package/dist/testing/devnet.js.map +1 -1
- package/dist/testing/errors/expect.d.ts +1 -1
- package/dist/testing/errors/expect.js +1 -1
- package/dist/testing/errors/names.generated.d.ts +81 -58
- package/dist/testing/errors/names.generated.d.ts.map +1 -1
- package/dist/testing/errors/names.generated.js +82 -59
- package/dist/testing/errors/names.generated.js.map +1 -1
- package/dist/testing/mock-rpc.d.ts +8 -0
- package/dist/testing/mock-rpc.d.ts.map +1 -1
- package/dist/testing/mock-rpc.js +13 -0
- package/dist/testing/mock-rpc.js.map +1 -1
- package/dist/testing/mock-state.d.ts +2 -0
- package/dist/testing/mock-state.d.ts.map +1 -1
- package/dist/testing/mock-state.js +43 -4
- package/dist/testing/mock-state.js.map +1 -1
- package/dist/types.d.ts +5 -15
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +11 -69
- package/dist/types.js.map +1 -1
- package/dist/vault-analytics.d.ts +0 -2
- package/dist/vault-analytics.d.ts.map +1 -1
- package/dist/vault-analytics.js +1 -9
- package/dist/vault-analytics.js.map +1 -1
- package/package.json +7 -12
- package/dist/constraints/index.d.ts +0 -23
- package/dist/constraints/index.d.ts.map +0 -1
- package/dist/constraints/index.js +0 -24
- package/dist/constraints/index.js.map +0 -1
- package/dist/dashboard/constraint-builders.d.ts +0 -82
- package/dist/dashboard/constraint-builders.d.ts.map +0 -1
- package/dist/dashboard/constraint-builders.js +0 -204
- package/dist/dashboard/constraint-builders.js.map +0 -1
- package/dist/dashboard/constraint-reads.d.ts +0 -50
- package/dist/dashboard/constraint-reads.d.ts.map +0 -1
- package/dist/dashboard/constraint-reads.js +0 -119
- package/dist/dashboard/constraint-reads.js.map +0 -1
- package/dist/generated/accounts/escrowDeposit.d.ts +0 -50
- package/dist/generated/accounts/escrowDeposit.d.ts.map +0 -1
- package/dist/generated/accounts/escrowDeposit.js +0 -76
- package/dist/generated/accounts/escrowDeposit.js.map +0 -1
- package/dist/generated/accounts/instructionConstraints.d.ts +0 -46
- package/dist/generated/accounts/instructionConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/instructionConstraints.js +0 -73
- package/dist/generated/accounts/instructionConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.d.ts +0 -49
- package/dist/generated/accounts/pendingCloseConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.js +0 -68
- package/dist/generated/accounts/pendingCloseConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts +0 -76
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.js +0 -77
- package/dist/generated/accounts/pendingConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.d.ts +0 -62
- package/dist/generated/instructions/allocateConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.js +0 -134
- package/dist/generated/instructions/allocateConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts +0 -66
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.d.ts +0 -59
- package/dist/generated/instructions/applyCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.js +0 -143
- package/dist/generated/instructions/applyCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts +0 -62
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.d.ts +0 -51
- package/dist/generated/instructions/cancelCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.js +0 -115
- package/dist/generated/instructions/cancelCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts +0 -51
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.js +0 -115
- package/dist/generated/instructions/cancelConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts +0 -67
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js +0 -120
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.d.ts +0 -72
- package/dist/generated/instructions/closeSettledEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.js +0 -127
- package/dist/generated/instructions/closeSettledEscrow.js.map +0 -1
- package/dist/generated/instructions/createEscrow.d.ts +0 -131
- package/dist/generated/instructions/createEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/createEscrow.js +0 -272
- package/dist/generated/instructions/createEscrow.js.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.d.ts +0 -68
- package/dist/generated/instructions/createInstructionConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.js.map +0 -1
- package/dist/generated/instructions/extendPda.d.ts +0 -52
- package/dist/generated/instructions/extendPda.d.ts.map +0 -1
- package/dist/generated/instructions/extendPda.js +0 -86
- package/dist/generated/instructions/extendPda.js.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.d.ts +0 -66
- package/dist/generated/instructions/queueCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts +0 -75
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.js +0 -154
- package/dist/generated/instructions/queueConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/refundEscrow.d.ts +0 -74
- package/dist/generated/instructions/refundEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/refundEscrow.js +0 -142
- package/dist/generated/instructions/refundEscrow.js.map +0 -1
- package/dist/generated/instructions/settleEscrow.d.ts +0 -80
- package/dist/generated/instructions/settleEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/settleEscrow.js +0 -173
- package/dist/generated/instructions/settleEscrow.js.map +0 -1
- package/dist/generated/types/accountConstraint.d.ts +0 -33
- package/dist/generated/types/accountConstraint.d.ts.map +0 -1
- package/dist/generated/types/accountConstraint.js +0 -26
- package/dist/generated/types/accountConstraint.js.map +0 -1
- package/dist/generated/types/accountConstraintZC.d.ts +0 -25
- package/dist/generated/types/accountConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/accountConstraintZC.js +0 -28
- package/dist/generated/types/accountConstraintZC.js.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.d.ts +0 -20
- package/dist/generated/types/closeConstraintsApplied.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.js +0 -24
- package/dist/generated/types/closeConstraintsApplied.js.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.d.ts +0 -16
- package/dist/generated/types/closeConstraintsCancelled.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.js +0 -18
- package/dist/generated/types/closeConstraintsCancelled.js.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.d.ts +0 -20
- package/dist/generated/types/closeConstraintsQueued.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.js +0 -24
- package/dist/generated/types/closeConstraintsQueued.js.map +0 -1
- package/dist/generated/types/constraintEntry.d.ts +0 -35
- package/dist/generated/types/constraintEntry.d.ts.map +0 -1
- package/dist/generated/types/constraintEntry.js +0 -29
- package/dist/generated/types/constraintEntry.js.map +0 -1
- package/dist/generated/types/constraintEntryZC.d.ts +0 -73
- package/dist/generated/types/constraintEntryZC.d.ts.map +0 -1
- package/dist/generated/types/constraintEntryZC.js +0 -49
- package/dist/generated/types/constraintEntryZC.js.map +0 -1
- package/dist/generated/types/constraintOperator.d.ts +0 -22
- package/dist/generated/types/constraintOperator.d.ts.map +0 -1
- package/dist/generated/types/constraintOperator.js +0 -28
- package/dist/generated/types/constraintOperator.js.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.d.ts +0 -30
- package/dist/generated/types/constraintsChangeApplied.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.js +0 -32
- package/dist/generated/types/constraintsChangeApplied.js.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.d.ts +0 -16
- package/dist/generated/types/constraintsChangeCancelled.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.js +0 -18
- package/dist/generated/types/constraintsChangeCancelled.js.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.d.ts +0 -30
- package/dist/generated/types/constraintsChangeQueued.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.js +0 -32
- package/dist/generated/types/constraintsChangeQueued.js.map +0 -1
- package/dist/generated/types/dataConstraint.d.ts +0 -23
- package/dist/generated/types/dataConstraint.d.ts.map +0 -1
- package/dist/generated/types/dataConstraint.js +0 -27
- package/dist/generated/types/dataConstraint.js.map +0 -1
- package/dist/generated/types/dataConstraintZC.d.ts +0 -20
- package/dist/generated/types/dataConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/dataConstraintZC.js +0 -30
- package/dist/generated/types/dataConstraintZC.js.map +0 -1
- package/dist/generated/types/discriminatorFormat.d.ts +0 -25
- package/dist/generated/types/discriminatorFormat.d.ts.map +0 -1
- package/dist/generated/types/discriminatorFormat.js +0 -31
- package/dist/generated/types/discriminatorFormat.js.map +0 -1
- package/dist/generated/types/escrowCreated.d.ts +0 -30
- package/dist/generated/types/escrowCreated.d.ts.map +0 -1
- package/dist/generated/types/escrowCreated.js +0 -34
- package/dist/generated/types/escrowCreated.js.map +0 -1
- package/dist/generated/types/escrowRefunded.d.ts +0 -26
- package/dist/generated/types/escrowRefunded.d.ts.map +0 -1
- package/dist/generated/types/escrowRefunded.js +0 -30
- package/dist/generated/types/escrowRefunded.js.map +0 -1
- package/dist/generated/types/escrowSettled.d.ts +0 -26
- package/dist/generated/types/escrowSettled.d.ts.map +0 -1
- package/dist/generated/types/escrowSettled.js +0 -30
- package/dist/generated/types/escrowSettled.js.map +0 -1
- package/dist/generated/types/escrowStatus.d.ts +0 -18
- package/dist/generated/types/escrowStatus.d.ts.map +0 -1
- package/dist/generated/types/escrowStatus.js +0 -24
- package/dist/generated/types/escrowStatus.js.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.d.ts +0 -34
- package/dist/generated/types/instructionConstraintsCreated.d.ts.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.js +0 -36
- package/dist/generated/types/instructionConstraintsCreated.js.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts +0 -22
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.js.map +0 -1
- package/dist/generated/types/pdaAllocated.d.ts +0 -24
- package/dist/generated/types/pdaAllocated.d.ts.map +0 -1
- package/dist/generated/types/pdaAllocated.js +0 -28
- package/dist/generated/types/pdaAllocated.js.map +0 -1
- package/dist/generated/types/pdaExtended.d.ts +0 -24
- package/dist/generated/types/pdaExtended.d.ts.map +0 -1
- package/dist/generated/types/pdaExtended.js +0 -28
- package/dist/generated/types/pdaExtended.js.map +0 -1
- package/dist/post-assertions/cross-field-lte.d.ts +0 -134
- package/dist/post-assertions/cross-field-lte.d.ts.map +0 -1
- package/dist/post-assertions/cross-field-lte.js +0 -129
- package/dist/post-assertions/cross-field-lte.js.map +0 -1
- package/dist/post-assertions/index.d.ts +0 -28
- package/dist/post-assertions/index.d.ts.map +0 -1
- package/dist/post-assertions/index.js +0 -28
- package/dist/post-assertions/index.js.map +0 -1
- package/dist/post-assertions/presets/flash-trade.d.ts +0 -139
- package/dist/post-assertions/presets/flash-trade.d.ts.map +0 -1
- package/dist/post-assertions/presets/flash-trade.js +0 -154
- package/dist/post-assertions/presets/flash-trade.js.map +0 -1
- package/dist/protocol-registry/annotations/drift.json +0 -7
- package/dist/protocol-registry/annotations/flash-trade.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-borrow.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-earn.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-lend.json +0 -7
- package/dist/protocol-registry/annotations/jupiter.json +0 -7
- package/dist/protocol-registry/annotations/kamino.json +0 -7
- package/dist/protocol-registry/index.d.ts +0 -45
- package/dist/protocol-registry/index.d.ts.map +0 -1
- package/dist/protocol-registry/index.js +0 -76
- package/dist/protocol-registry/index.js.map +0 -1
- package/dist/protocol-tier.d.ts +0 -157
- package/dist/protocol-tier.d.ts.map +0 -1
- package/dist/protocol-tier.js +0 -104
- package/dist/protocol-tier.js.map +0 -1
|
@@ -0,0 +1,195 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AL3 — `computeSealInputDigest()` per-call intent digest.
|
|
3
|
+
* Phase 9 Batch I (ISC-69..76, 143, 148, 150, 153, 155).
|
|
4
|
+
*
|
|
5
|
+
* SHA-256 over a canonical Borsh-style encoding of the SealInput envelope
|
|
6
|
+
* (vault, agent identity, mint, amount, target protocol, network, sealed
|
|
7
|
+
* instructions). Mirrors the discipline of TA-19's `policy_preview_digest`
|
|
8
|
+
* (`sdk/kit/src/policy/compute-policy-preview-digest.ts`) — same primitive
|
|
9
|
+
* (SHA-256 via the shared `canonical-encode.ts` helper), same APPEND-ONLY
|
|
10
|
+
* field ordering, same byte-equal cross-runtime test fixture pattern.
|
|
11
|
+
*
|
|
12
|
+
* **What this defends against**
|
|
13
|
+
* TA-19 binds the POLICY STATE the owner approved (allowlists, caps,
|
|
14
|
+
* cosign flag, agent set hash). It does NOT bind the specific call the
|
|
15
|
+
* agent is making — a compromised agent can still propose a transfer to
|
|
16
|
+
* an attacker-controlled but still-allowlisted recipient, or reorder
|
|
17
|
+
* instruction account metas to swap a destination, and the policy
|
|
18
|
+
* checks all pass. AL3 closes that gap: the owner approves a SPECIFIC
|
|
19
|
+
* intent (recipient, amount, mint, ix shape) in the preview UI, the SDK
|
|
20
|
+
* hashes that intent into a 32-byte digest, and `executeSeal` rejects
|
|
21
|
+
* if the bundle assembled at submit time produces a different digest.
|
|
22
|
+
*
|
|
23
|
+
* **Canonical encoding (FIXED — DO NOT REORDER)**
|
|
24
|
+
*
|
|
25
|
+
* 1. intent_version: u8 = 1 (1 byte, reserved
|
|
26
|
+
* for future format
|
|
27
|
+
* evolution per
|
|
28
|
+
* Council ISC-155)
|
|
29
|
+
* 2. network_id: u8 (1 byte; 0=devnet,
|
|
30
|
+
* 1=mainnet — binds
|
|
31
|
+
* AL4 isMainnet so
|
|
32
|
+
* a mainnet bundle
|
|
33
|
+
* can't be replayed
|
|
34
|
+
* through a devnet
|
|
35
|
+
* preview)
|
|
36
|
+
* 3. vault: Pubkey (32 bytes)
|
|
37
|
+
* 4. agent: Pubkey (32 bytes —
|
|
38
|
+
* agent IDENTITY,
|
|
39
|
+
* not signer)
|
|
40
|
+
* 5. token_mint: Pubkey (32 bytes)
|
|
41
|
+
* 6. amount: u64 LE (8 bytes)
|
|
42
|
+
* 7. target_protocol: Pubkey (32 bytes; system
|
|
43
|
+
* program if the
|
|
44
|
+
* caller omitted
|
|
45
|
+
* targetProtocol)
|
|
46
|
+
* 8. instructions: Vec<Ix> (u32 LE length ++
|
|
47
|
+
* each ix below)
|
|
48
|
+
*
|
|
49
|
+
* Each ix:
|
|
50
|
+
* a. program_address: Pubkey (32 bytes)
|
|
51
|
+
* b. accounts: Vec<(address: Pubkey, role: u8)> (u32 LE length ++
|
|
52
|
+
* each 33-byte
|
|
53
|
+
* entry)
|
|
54
|
+
* c. data: Vec<u8> (u32 LE length ++
|
|
55
|
+
* data bytes)
|
|
56
|
+
*
|
|
57
|
+
* **Discipline guardrails**
|
|
58
|
+
*
|
|
59
|
+
* - NEVER `JSON.stringify` the input. Object property iteration order is
|
|
60
|
+
* not stable across engines and silent reorderings would invalidate
|
|
61
|
+
* the digest invariant. The canonical encoder walks fields explicitly.
|
|
62
|
+
* - 32-byte pubkey comparisons use `Buffer.compare` on raw bytes (NOT
|
|
63
|
+
* base58 lexicographic) so the byte ordering matches Solana's
|
|
64
|
+
* `Pubkey::cmp` exactly. Council ISC-150 flagged this as a critical
|
|
65
|
+
* bug class — base58 lex doesn't preserve the canonical byte ordering
|
|
66
|
+
* when leading-zero counts differ.
|
|
67
|
+
* - Account meta order is preserved as supplied. Reordering metas — even
|
|
68
|
+
* identical pubkeys — produces a different digest. This is the load-
|
|
69
|
+
* bearing protection against "swap recipient slots" attacks.
|
|
70
|
+
* - `intent_version: u8 = 1` at position 1 reserves the discriminant
|
|
71
|
+
* for future format upgrades. A v2 SealInput format would write
|
|
72
|
+
* `intent_version: 2` and the on-chain verifier could route to the
|
|
73
|
+
* correct decoder by reading the first byte.
|
|
74
|
+
*
|
|
75
|
+
* **Canonical input contract (load-bearing)**
|
|
76
|
+
*
|
|
77
|
+
* `seal()` hashes the **pre-rewrite, post-filter** DeFi instructions:
|
|
78
|
+
*
|
|
79
|
+
* 1. ComputeBudget program ixs are NOT in the input (wallet adapters
|
|
80
|
+
* may prepend their own; the user-approved intent shouldn't pin
|
|
81
|
+
* a specific budget). `seal()` filters these out via
|
|
82
|
+
* `params.instructions.filter(ix => ix.programAddress !== COMPUTE_BUDGET_PROGRAM)`
|
|
83
|
+
* before computing the digest.
|
|
84
|
+
* 2. Top-level System program ixs are NOT in the input (`isProtocolAllowed`
|
|
85
|
+
* would reject them anyway; `seal()` strips them in the same filter).
|
|
86
|
+
* 3. Agent-ATA → vault-ATA rewrites happen AFTER the digest is
|
|
87
|
+
* computed. The digest reflects what the USER APPROVED (agent
|
|
88
|
+
* ATAs), not what the SDK SUBMITTED (vault ATAs). Any future
|
|
89
|
+
* on-chain verifier MUST receive the pre-rewrite projection as
|
|
90
|
+
* an explicit argument; re-deriving from the submitted tx bytes
|
|
91
|
+
* is impossible.
|
|
92
|
+
* 4. `outputStablecoinAccount` and `additionalAtaReplacements` from
|
|
93
|
+
* `SealParams` are NOT bound by the digest in 0.16.x — they are
|
|
94
|
+
* caller-supplied overrides that materially change downstream
|
|
95
|
+
* ATA flow. Phase 9 Batch M §RP flagged this as a HIGH gap. A
|
|
96
|
+
* preview UI that wants tight intent binding MUST refuse any
|
|
97
|
+
* `SealParams` carrying these overrides until 0.16.1 hashes them
|
|
98
|
+
* into the canonical encoding.
|
|
99
|
+
*
|
|
100
|
+
* Any re-implementation that wants to verify a digest produced by
|
|
101
|
+
* `seal()` MUST apply the same filter + use the pre-rewrite ix list.
|
|
102
|
+
*/
|
|
103
|
+
import type { Address, Instruction } from "../kit-adapter.js";
|
|
104
|
+
/**
|
|
105
|
+
* Network discriminant used at canonical position 2. Devnet and mainnet
|
|
106
|
+
* are the two values bound by the digest; testnet and localnet are
|
|
107
|
+
* coerced to devnet for digest purposes (the cap/allowlist contract is
|
|
108
|
+
* the same on all non-mainnet networks).
|
|
109
|
+
*
|
|
110
|
+
* @internal The numeric discriminants are an encoding detail of the
|
|
111
|
+
* canonical digest layout. Callers should pass `network: "devnet" |
|
|
112
|
+
* "mainnet"` to {@link computeSealInputDigest} and let the encoder map
|
|
113
|
+
* to the wire value. Consumers wanting a CAIP-2 string for cross-system
|
|
114
|
+
* binding should use `CAIP2_SOLANA_*` from `../caip2-network.js`.
|
|
115
|
+
*/
|
|
116
|
+
export declare const NETWORK_ID_DEVNET: 0;
|
|
117
|
+
/** @internal See {@link NETWORK_ID_DEVNET}. */
|
|
118
|
+
export declare const NETWORK_ID_MAINNET: 1;
|
|
119
|
+
/**
|
|
120
|
+
* Inputs to {@link computeSealInputDigest}. A narrower projection of
|
|
121
|
+
* `SealParams` containing only the binding fields.
|
|
122
|
+
*
|
|
123
|
+
* `targetProtocol` is optional; when omitted, the system program ID
|
|
124
|
+
* (`11111111111111111111111111111111`) is encoded at canonical position
|
|
125
|
+
* 7. The on-chain verifier MUST mirror this default to keep the digest
|
|
126
|
+
* stable.
|
|
127
|
+
*/
|
|
128
|
+
export interface SealIntentInput {
|
|
129
|
+
vault: Address | string;
|
|
130
|
+
/**
|
|
131
|
+
* Agent identity pubkey. In V2 (Phase 9) the agent identity IS the
|
|
132
|
+
* signer address — `params.agent.address` from `seal()`. If a future
|
|
133
|
+
* V3 multi-sig flow ever separates signer from identity, this field
|
|
134
|
+
* MUST carry the IDENTITY (the address that was registered in the
|
|
135
|
+
* vault's agent list), not the signer.
|
|
136
|
+
*/
|
|
137
|
+
agent: Address | string;
|
|
138
|
+
tokenMint: Address | string;
|
|
139
|
+
amount: bigint;
|
|
140
|
+
targetProtocol?: Address | string;
|
|
141
|
+
network: "devnet" | "mainnet";
|
|
142
|
+
instructions: readonly Pick<Instruction, "programAddress" | "accounts" | "data">[];
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* Compute the canonical AL3 intent digest over a `SealIntentInput`.
|
|
146
|
+
*
|
|
147
|
+
* @returns 32-byte SHA-256 digest. Stable across Node, Bun, and the
|
|
148
|
+
* browser (Phase 9 Batch L hex fixtures lock this down).
|
|
149
|
+
*
|
|
150
|
+
* @throws if any pubkey doesn't base58-decode to exactly 32 bytes, if
|
|
151
|
+
* `amount` is negative, or if `network` isn't `"devnet"` or `"mainnet"`.
|
|
152
|
+
*/
|
|
153
|
+
export declare function computeSealInputDigest(input: SealIntentInput): Uint8Array;
|
|
154
|
+
/**
|
|
155
|
+
* Inputs to {@link computeScalarIntentDigest} — the on-chain-verifiable
|
|
156
|
+
* SCALAR subset of {@link SealIntentInput}.
|
|
157
|
+
*
|
|
158
|
+
* Drops the `instructions` array because the on-chain verifier does not
|
|
159
|
+
* (yet) recompute the full ix-bound digest — that requires the ATA-rewrite
|
|
160
|
+
* mapping table to cross the seal()/validate_and_authorize boundary, which
|
|
161
|
+
* is v0.17+ work. The scalar subset binds the recipient/amount/mint/protocol
|
|
162
|
+
* fields the user approves in the preview UI; ix-data tamper is still
|
|
163
|
+
* gated by R-1..R-4 + TA-12 + TA-14 post-execution invariants.
|
|
164
|
+
*/
|
|
165
|
+
export interface ScalarIntentInput {
|
|
166
|
+
vault: Address | string;
|
|
167
|
+
agent: Address | string;
|
|
168
|
+
tokenMint: Address | string;
|
|
169
|
+
amount: bigint;
|
|
170
|
+
targetProtocol?: Address | string;
|
|
171
|
+
network: "devnet" | "mainnet";
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Compute the canonical scalar AL3 intent digest (D-1 + D-6 close, Bucket
|
|
175
|
+
* 2 2026-05-21).
|
|
176
|
+
*
|
|
177
|
+
* SHA-256 over: `b"SIG1" || u8(2) || u8(network_id) || vault || agent ||
|
|
178
|
+
* token_mint || u64_le(amount) || target_protocol`. Total 142 bytes.
|
|
179
|
+
*
|
|
180
|
+
* The on-chain verifier at `programs/sigil/src/utils/intent_digest.rs`
|
|
181
|
+
* recomputes this same digest from `validate_and_authorize`'s typed
|
|
182
|
+
* arguments and rejects bundle execution on byte-equal mismatch
|
|
183
|
+
* (`ErrIntentDigestMismatch` code 6102). Network discriminant is derived
|
|
184
|
+
* on-chain from the program's build feature; the caller does NOT pin it
|
|
185
|
+
* — the encoder here just writes the byte the caller's wallet computed,
|
|
186
|
+
* and Rust verifies the byte matches its own network. Wrong-network
|
|
187
|
+
* digests fail by construction.
|
|
188
|
+
*
|
|
189
|
+
* @returns 32-byte SHA-256 digest, byte-equal to the Rust verifier output.
|
|
190
|
+
*
|
|
191
|
+
* @throws if any pubkey doesn't base58-decode to 32 bytes, if `amount`
|
|
192
|
+
* is negative, or if `network` isn't `"devnet"` or `"mainnet"`.
|
|
193
|
+
*/
|
|
194
|
+
export declare function computeScalarIntentDigest(input: ScalarIntentInput): Uint8Array;
|
|
195
|
+
//# sourceMappingURL=intent-digest.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"intent-digest.d.ts","sourceRoot":"","sources":["../../src/seal/intent-digest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqGG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAe9D;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,iBAAiB,EAAG,CAAU,CAAC;AAC5C,+CAA+C;AAC/C,eAAO,MAAM,kBAAkB,EAAG,CAAU,CAAC;AAE7C;;;;;;;;GAQG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,OAAO,GAAG,MAAM,CAAC;IACxB;;;;;;OAMG;IACH,KAAK,EAAE,OAAO,GAAG,MAAM,CAAC;IACxB,SAAS,EAAE,OAAO,GAAG,MAAM,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IAClC,OAAO,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC9B,YAAY,EAAE,SAAS,IAAI,CACzB,WAAW,EACX,gBAAgB,GAAG,UAAU,GAAG,MAAM,CACvC,EAAE,CAAC;CACL;AAqBD;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,eAAe,GAAG,UAAU,CA8LzE;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,GAAG,MAAM,CAAC;IACxB,KAAK,EAAE,OAAO,GAAG,MAAM,CAAC;IACxB,SAAS,EAAE,OAAO,GAAG,MAAM,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IAClC,OAAO,EAAE,QAAQ,GAAG,SAAS,CAAC;CAC/B;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,iBAAiB,GACvB,UAAU,CA4EZ"}
|
|
@@ -0,0 +1,372 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AL3 — `computeSealInputDigest()` per-call intent digest.
|
|
3
|
+
* Phase 9 Batch I (ISC-69..76, 143, 148, 150, 153, 155).
|
|
4
|
+
*
|
|
5
|
+
* SHA-256 over a canonical Borsh-style encoding of the SealInput envelope
|
|
6
|
+
* (vault, agent identity, mint, amount, target protocol, network, sealed
|
|
7
|
+
* instructions). Mirrors the discipline of TA-19's `policy_preview_digest`
|
|
8
|
+
* (`sdk/kit/src/policy/compute-policy-preview-digest.ts`) — same primitive
|
|
9
|
+
* (SHA-256 via the shared `canonical-encode.ts` helper), same APPEND-ONLY
|
|
10
|
+
* field ordering, same byte-equal cross-runtime test fixture pattern.
|
|
11
|
+
*
|
|
12
|
+
* **What this defends against**
|
|
13
|
+
* TA-19 binds the POLICY STATE the owner approved (allowlists, caps,
|
|
14
|
+
* cosign flag, agent set hash). It does NOT bind the specific call the
|
|
15
|
+
* agent is making — a compromised agent can still propose a transfer to
|
|
16
|
+
* an attacker-controlled but still-allowlisted recipient, or reorder
|
|
17
|
+
* instruction account metas to swap a destination, and the policy
|
|
18
|
+
* checks all pass. AL3 closes that gap: the owner approves a SPECIFIC
|
|
19
|
+
* intent (recipient, amount, mint, ix shape) in the preview UI, the SDK
|
|
20
|
+
* hashes that intent into a 32-byte digest, and `executeSeal` rejects
|
|
21
|
+
* if the bundle assembled at submit time produces a different digest.
|
|
22
|
+
*
|
|
23
|
+
* **Canonical encoding (FIXED — DO NOT REORDER)**
|
|
24
|
+
*
|
|
25
|
+
* 1. intent_version: u8 = 1 (1 byte, reserved
|
|
26
|
+
* for future format
|
|
27
|
+
* evolution per
|
|
28
|
+
* Council ISC-155)
|
|
29
|
+
* 2. network_id: u8 (1 byte; 0=devnet,
|
|
30
|
+
* 1=mainnet — binds
|
|
31
|
+
* AL4 isMainnet so
|
|
32
|
+
* a mainnet bundle
|
|
33
|
+
* can't be replayed
|
|
34
|
+
* through a devnet
|
|
35
|
+
* preview)
|
|
36
|
+
* 3. vault: Pubkey (32 bytes)
|
|
37
|
+
* 4. agent: Pubkey (32 bytes —
|
|
38
|
+
* agent IDENTITY,
|
|
39
|
+
* not signer)
|
|
40
|
+
* 5. token_mint: Pubkey (32 bytes)
|
|
41
|
+
* 6. amount: u64 LE (8 bytes)
|
|
42
|
+
* 7. target_protocol: Pubkey (32 bytes; system
|
|
43
|
+
* program if the
|
|
44
|
+
* caller omitted
|
|
45
|
+
* targetProtocol)
|
|
46
|
+
* 8. instructions: Vec<Ix> (u32 LE length ++
|
|
47
|
+
* each ix below)
|
|
48
|
+
*
|
|
49
|
+
* Each ix:
|
|
50
|
+
* a. program_address: Pubkey (32 bytes)
|
|
51
|
+
* b. accounts: Vec<(address: Pubkey, role: u8)> (u32 LE length ++
|
|
52
|
+
* each 33-byte
|
|
53
|
+
* entry)
|
|
54
|
+
* c. data: Vec<u8> (u32 LE length ++
|
|
55
|
+
* data bytes)
|
|
56
|
+
*
|
|
57
|
+
* **Discipline guardrails**
|
|
58
|
+
*
|
|
59
|
+
* - NEVER `JSON.stringify` the input. Object property iteration order is
|
|
60
|
+
* not stable across engines and silent reorderings would invalidate
|
|
61
|
+
* the digest invariant. The canonical encoder walks fields explicitly.
|
|
62
|
+
* - 32-byte pubkey comparisons use `Buffer.compare` on raw bytes (NOT
|
|
63
|
+
* base58 lexicographic) so the byte ordering matches Solana's
|
|
64
|
+
* `Pubkey::cmp` exactly. Council ISC-150 flagged this as a critical
|
|
65
|
+
* bug class — base58 lex doesn't preserve the canonical byte ordering
|
|
66
|
+
* when leading-zero counts differ.
|
|
67
|
+
* - Account meta order is preserved as supplied. Reordering metas — even
|
|
68
|
+
* identical pubkeys — produces a different digest. This is the load-
|
|
69
|
+
* bearing protection against "swap recipient slots" attacks.
|
|
70
|
+
* - `intent_version: u8 = 1` at position 1 reserves the discriminant
|
|
71
|
+
* for future format upgrades. A v2 SealInput format would write
|
|
72
|
+
* `intent_version: 2` and the on-chain verifier could route to the
|
|
73
|
+
* correct decoder by reading the first byte.
|
|
74
|
+
*
|
|
75
|
+
* **Canonical input contract (load-bearing)**
|
|
76
|
+
*
|
|
77
|
+
* `seal()` hashes the **pre-rewrite, post-filter** DeFi instructions:
|
|
78
|
+
*
|
|
79
|
+
* 1. ComputeBudget program ixs are NOT in the input (wallet adapters
|
|
80
|
+
* may prepend their own; the user-approved intent shouldn't pin
|
|
81
|
+
* a specific budget). `seal()` filters these out via
|
|
82
|
+
* `params.instructions.filter(ix => ix.programAddress !== COMPUTE_BUDGET_PROGRAM)`
|
|
83
|
+
* before computing the digest.
|
|
84
|
+
* 2. Top-level System program ixs are NOT in the input (`isProtocolAllowed`
|
|
85
|
+
* would reject them anyway; `seal()` strips them in the same filter).
|
|
86
|
+
* 3. Agent-ATA → vault-ATA rewrites happen AFTER the digest is
|
|
87
|
+
* computed. The digest reflects what the USER APPROVED (agent
|
|
88
|
+
* ATAs), not what the SDK SUBMITTED (vault ATAs). Any future
|
|
89
|
+
* on-chain verifier MUST receive the pre-rewrite projection as
|
|
90
|
+
* an explicit argument; re-deriving from the submitted tx bytes
|
|
91
|
+
* is impossible.
|
|
92
|
+
* 4. `outputStablecoinAccount` and `additionalAtaReplacements` from
|
|
93
|
+
* `SealParams` are NOT bound by the digest in 0.16.x — they are
|
|
94
|
+
* caller-supplied overrides that materially change downstream
|
|
95
|
+
* ATA flow. Phase 9 Batch M §RP flagged this as a HIGH gap. A
|
|
96
|
+
* preview UI that wants tight intent binding MUST refuse any
|
|
97
|
+
* `SealParams` carrying these overrides until 0.16.1 hashes them
|
|
98
|
+
* into the canonical encoding.
|
|
99
|
+
*
|
|
100
|
+
* Any re-implementation that wants to verify a digest produced by
|
|
101
|
+
* `seal()` MUST apply the same filter + use the pre-rewrite ix list.
|
|
102
|
+
*/
|
|
103
|
+
import { base58Decode32, sha256, writeU32Le, writeU64Le, writeU8, } from "../canonical-encode.js";
|
|
104
|
+
import { SigilSdkDomainError } from "../errors/sdk.js";
|
|
105
|
+
import { SIGIL_ERROR__SDK__INVALID_AMOUNT, SIGIL_ERROR__SDK__INVALID_NETWORK, SIGIL_ERROR__SDK__INVALID_PARAMS, } from "../errors/codes.js";
|
|
106
|
+
/**
|
|
107
|
+
* Network discriminant used at canonical position 2. Devnet and mainnet
|
|
108
|
+
* are the two values bound by the digest; testnet and localnet are
|
|
109
|
+
* coerced to devnet for digest purposes (the cap/allowlist contract is
|
|
110
|
+
* the same on all non-mainnet networks).
|
|
111
|
+
*
|
|
112
|
+
* @internal The numeric discriminants are an encoding detail of the
|
|
113
|
+
* canonical digest layout. Callers should pass `network: "devnet" |
|
|
114
|
+
* "mainnet"` to {@link computeSealInputDigest} and let the encoder map
|
|
115
|
+
* to the wire value. Consumers wanting a CAIP-2 string for cross-system
|
|
116
|
+
* binding should use `CAIP2_SOLANA_*` from `../caip2-network.js`.
|
|
117
|
+
*/
|
|
118
|
+
export const NETWORK_ID_DEVNET = 0;
|
|
119
|
+
/** @internal See {@link NETWORK_ID_DEVNET}. */
|
|
120
|
+
export const NETWORK_ID_MAINNET = 1;
|
|
121
|
+
/** Canonical default for an omitted `targetProtocol` — the system program ID. */
|
|
122
|
+
const SYSTEM_PROGRAM_ZEROS = new Uint8Array(32);
|
|
123
|
+
/**
|
|
124
|
+
* Magic prefix prepended to the canonical encoding (D-6 close, Bucket 2
|
|
125
|
+
* 2026-05-21). Protects against cross-format digest collisions if Sigil ever
|
|
126
|
+
* introduces a different SHA-256-based digest with the same field shape.
|
|
127
|
+
* Mirror of `INTENT_DIGEST_MAGIC` in `programs/sigil/src/utils/intent_digest.rs:33`.
|
|
128
|
+
*/
|
|
129
|
+
const INTENT_DIGEST_MAGIC = new Uint8Array([0x53, 0x49, 0x47, 0x31]); // "SIG1"
|
|
130
|
+
/**
|
|
131
|
+
* Intent format version. Bucket 2 bumped from v1 → v2 to discriminate the
|
|
132
|
+
* magic-prefix addition and the on-chain scalar verifier ABI. v1 was the
|
|
133
|
+
* prior client-only digest without prefix; any old v1 fixture is now
|
|
134
|
+
* unverifiable on-chain by construction.
|
|
135
|
+
*/
|
|
136
|
+
const INTENT_VERSION_V2 = 2;
|
|
137
|
+
/**
|
|
138
|
+
* Compute the canonical AL3 intent digest over a `SealIntentInput`.
|
|
139
|
+
*
|
|
140
|
+
* @returns 32-byte SHA-256 digest. Stable across Node, Bun, and the
|
|
141
|
+
* browser (Phase 9 Batch L hex fixtures lock this down).
|
|
142
|
+
*
|
|
143
|
+
* @throws if any pubkey doesn't base58-decode to exactly 32 bytes, if
|
|
144
|
+
* `amount` is negative, or if `network` isn't `"devnet"` or `"mainnet"`.
|
|
145
|
+
*/
|
|
146
|
+
export function computeSealInputDigest(input) {
|
|
147
|
+
if (input.amount < 0n) {
|
|
148
|
+
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_AMOUNT, `computeSealInputDigest: amount must be non-negative, got ${input.amount}`, {
|
|
149
|
+
context: {
|
|
150
|
+
operation: "computeSealInputDigest",
|
|
151
|
+
field: "amount",
|
|
152
|
+
received: input.amount.toString(),
|
|
153
|
+
},
|
|
154
|
+
});
|
|
155
|
+
}
|
|
156
|
+
const networkId = input.network === "mainnet"
|
|
157
|
+
? NETWORK_ID_MAINNET
|
|
158
|
+
: input.network === "devnet"
|
|
159
|
+
? NETWORK_ID_DEVNET
|
|
160
|
+
: -1;
|
|
161
|
+
if (networkId < 0) {
|
|
162
|
+
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_NETWORK, `computeSealInputDigest: network must be 'devnet' or 'mainnet', got ${String(input.network)}`, {
|
|
163
|
+
context: {
|
|
164
|
+
operation: "computeSealInputDigest",
|
|
165
|
+
received: String(input.network),
|
|
166
|
+
},
|
|
167
|
+
});
|
|
168
|
+
}
|
|
169
|
+
// Decode all pubkeys up front so any malformed input fails before we
|
|
170
|
+
// start the hash walk (clear error messages > corrupt digests).
|
|
171
|
+
const vaultBytes = base58Decode32(input.vault);
|
|
172
|
+
const agentBytes = base58Decode32(input.agent);
|
|
173
|
+
const tokenMintBytes = base58Decode32(input.tokenMint);
|
|
174
|
+
const targetProtocolBytes = input.targetProtocol === undefined
|
|
175
|
+
? SYSTEM_PROGRAM_ZEROS
|
|
176
|
+
: base58Decode32(input.targetProtocol);
|
|
177
|
+
const decodedIxs = input.instructions.map((ix, idx) => {
|
|
178
|
+
if (!ix.programAddress) {
|
|
179
|
+
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_PARAMS, `computeSealInputDigest: ix[${idx}].programAddress is required`, {
|
|
180
|
+
context: {
|
|
181
|
+
operation: "computeSealInputDigest",
|
|
182
|
+
field: `ix[${idx}].programAddress`,
|
|
183
|
+
ixIndex: idx,
|
|
184
|
+
},
|
|
185
|
+
});
|
|
186
|
+
}
|
|
187
|
+
const programAddress = base58Decode32(ix.programAddress);
|
|
188
|
+
const accounts = (ix.accounts ?? []).map((acc, accIdx) => {
|
|
189
|
+
if (!acc.address) {
|
|
190
|
+
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_PARAMS, `computeSealInputDigest: ix[${idx}].accounts[${accIdx}].address is required`, {
|
|
191
|
+
context: {
|
|
192
|
+
operation: "computeSealInputDigest",
|
|
193
|
+
field: `ix[${idx}].accounts[${accIdx}].address`,
|
|
194
|
+
ixIndex: idx,
|
|
195
|
+
accountIndex: accIdx,
|
|
196
|
+
},
|
|
197
|
+
});
|
|
198
|
+
}
|
|
199
|
+
const role = acc.role;
|
|
200
|
+
if (role === undefined || role === null) {
|
|
201
|
+
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_PARAMS, `computeSealInputDigest: ix[${idx}].accounts[${accIdx}].role is required`, {
|
|
202
|
+
context: {
|
|
203
|
+
operation: "computeSealInputDigest",
|
|
204
|
+
field: `ix[${idx}].accounts[${accIdx}].role`,
|
|
205
|
+
ixIndex: idx,
|
|
206
|
+
accountIndex: accIdx,
|
|
207
|
+
},
|
|
208
|
+
});
|
|
209
|
+
}
|
|
210
|
+
// §RP Batch I L-1: AccountRole enum values are 0..3 (READONLY,
|
|
211
|
+
// WRITABLE, READONLY_SIGNER, WRITABLE_SIGNER). Reject anything
|
|
212
|
+
// outside that range — a caller bypassing the enum to pass
|
|
213
|
+
// role=257 would silently truncate to 1 in the digest while the
|
|
214
|
+
// submitted tx encodes role=1 too (no exec divergence), but the
|
|
215
|
+
// digest then masks bit-pattern information that a future
|
|
216
|
+
// verifier might rely on.
|
|
217
|
+
if (typeof role !== "number" || role < 0 || role > 3) {
|
|
218
|
+
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_PARAMS, `computeSealInputDigest: ix[${idx}].accounts[${accIdx}].role must be an AccountRole (0..3), got ${String(role)}`, {
|
|
219
|
+
context: {
|
|
220
|
+
operation: "computeSealInputDigest",
|
|
221
|
+
field: `ix[${idx}].accounts[${accIdx}].role`,
|
|
222
|
+
ixIndex: idx,
|
|
223
|
+
accountIndex: accIdx,
|
|
224
|
+
received: String(role),
|
|
225
|
+
},
|
|
226
|
+
});
|
|
227
|
+
}
|
|
228
|
+
return {
|
|
229
|
+
address: base58Decode32(acc.address),
|
|
230
|
+
role,
|
|
231
|
+
};
|
|
232
|
+
});
|
|
233
|
+
const data = ix.data ? new Uint8Array(ix.data) : new Uint8Array(0);
|
|
234
|
+
return { programAddress, accounts, data };
|
|
235
|
+
});
|
|
236
|
+
// Compute exact buffer size:
|
|
237
|
+
// 4 (magic "SIG1") + 1 (intent_version) + 1 (network_id) + 32 (vault) +
|
|
238
|
+
// 32 (agent) + 32 (token_mint) + 8 (amount) + 32 (target_protocol) +
|
|
239
|
+
// 4 (ix count) + sum over ixs of [32 (programAddress) + 4 (accounts
|
|
240
|
+
// count) + sum (33 per account) + 4 (data length) + data.length]
|
|
241
|
+
//
|
|
242
|
+
// D-6 close (Bucket 2 2026-05-21): the leading `INTENT_DIGEST_MAGIC`
|
|
243
|
+
// bytes ("SIG1") bring fixed header to 146 (was 142). v2 encoder.
|
|
244
|
+
const FIXED = 4 + 1 + 1 + 32 + 32 + 32 + 8 + 32 + 4;
|
|
245
|
+
let ixsBytes = 0;
|
|
246
|
+
for (const ix of decodedIxs) {
|
|
247
|
+
ixsBytes += 32 + 4 + ix.accounts.length * 33 + 4 + ix.data.length;
|
|
248
|
+
}
|
|
249
|
+
const buf = new Uint8Array(FIXED + ixsBytes);
|
|
250
|
+
const view = new DataView(buf.buffer, buf.byteOffset, buf.byteLength);
|
|
251
|
+
let off = 0;
|
|
252
|
+
buf.set(INTENT_DIGEST_MAGIC, off);
|
|
253
|
+
off += 4;
|
|
254
|
+
off = writeU8(view, off, INTENT_VERSION_V2);
|
|
255
|
+
off = writeU8(view, off, networkId);
|
|
256
|
+
buf.set(vaultBytes, off);
|
|
257
|
+
off += 32;
|
|
258
|
+
buf.set(agentBytes, off);
|
|
259
|
+
off += 32;
|
|
260
|
+
buf.set(tokenMintBytes, off);
|
|
261
|
+
off += 32;
|
|
262
|
+
off = writeU64Le(view, off, input.amount);
|
|
263
|
+
buf.set(targetProtocolBytes, off);
|
|
264
|
+
off += 32;
|
|
265
|
+
off = writeU32Le(view, off, decodedIxs.length);
|
|
266
|
+
for (const ix of decodedIxs) {
|
|
267
|
+
buf.set(ix.programAddress, off);
|
|
268
|
+
off += 32;
|
|
269
|
+
off = writeU32Le(view, off, ix.accounts.length);
|
|
270
|
+
for (const acc of ix.accounts) {
|
|
271
|
+
buf.set(acc.address, off);
|
|
272
|
+
off += 32;
|
|
273
|
+
off = writeU8(view, off, acc.role);
|
|
274
|
+
}
|
|
275
|
+
off = writeU32Le(view, off, ix.data.length);
|
|
276
|
+
buf.set(ix.data, off);
|
|
277
|
+
off += ix.data.length;
|
|
278
|
+
}
|
|
279
|
+
if (off !== buf.length) {
|
|
280
|
+
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_PARAMS, `computeSealInputDigest: encoded ${off} bytes, expected ${buf.length}. ` +
|
|
281
|
+
`If you added a field to SealIntentInput, update the FIXED/ixsBytes ` +
|
|
282
|
+
`sizing AND the encoder body in the SAME commit.`, {
|
|
283
|
+
context: {
|
|
284
|
+
operation: "computeSealInputDigest",
|
|
285
|
+
field: "encoder_size_invariant",
|
|
286
|
+
encoded: off,
|
|
287
|
+
expected: buf.length,
|
|
288
|
+
},
|
|
289
|
+
});
|
|
290
|
+
}
|
|
291
|
+
return sha256(buf);
|
|
292
|
+
}
|
|
293
|
+
/**
|
|
294
|
+
* Compute the canonical scalar AL3 intent digest (D-1 + D-6 close, Bucket
|
|
295
|
+
* 2 2026-05-21).
|
|
296
|
+
*
|
|
297
|
+
* SHA-256 over: `b"SIG1" || u8(2) || u8(network_id) || vault || agent ||
|
|
298
|
+
* token_mint || u64_le(amount) || target_protocol`. Total 142 bytes.
|
|
299
|
+
*
|
|
300
|
+
* The on-chain verifier at `programs/sigil/src/utils/intent_digest.rs`
|
|
301
|
+
* recomputes this same digest from `validate_and_authorize`'s typed
|
|
302
|
+
* arguments and rejects bundle execution on byte-equal mismatch
|
|
303
|
+
* (`ErrIntentDigestMismatch` code 6102). Network discriminant is derived
|
|
304
|
+
* on-chain from the program's build feature; the caller does NOT pin it
|
|
305
|
+
* — the encoder here just writes the byte the caller's wallet computed,
|
|
306
|
+
* and Rust verifies the byte matches its own network. Wrong-network
|
|
307
|
+
* digests fail by construction.
|
|
308
|
+
*
|
|
309
|
+
* @returns 32-byte SHA-256 digest, byte-equal to the Rust verifier output.
|
|
310
|
+
*
|
|
311
|
+
* @throws if any pubkey doesn't base58-decode to 32 bytes, if `amount`
|
|
312
|
+
* is negative, or if `network` isn't `"devnet"` or `"mainnet"`.
|
|
313
|
+
*/
|
|
314
|
+
export function computeScalarIntentDigest(input) {
|
|
315
|
+
if (input.amount < 0n) {
|
|
316
|
+
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_AMOUNT, `computeScalarIntentDigest: amount must be non-negative, got ${input.amount}`, {
|
|
317
|
+
context: {
|
|
318
|
+
operation: "computeScalarIntentDigest",
|
|
319
|
+
field: "amount",
|
|
320
|
+
received: input.amount.toString(),
|
|
321
|
+
},
|
|
322
|
+
});
|
|
323
|
+
}
|
|
324
|
+
const networkId = input.network === "mainnet"
|
|
325
|
+
? NETWORK_ID_MAINNET
|
|
326
|
+
: input.network === "devnet"
|
|
327
|
+
? NETWORK_ID_DEVNET
|
|
328
|
+
: -1;
|
|
329
|
+
if (networkId < 0) {
|
|
330
|
+
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_NETWORK, `computeScalarIntentDigest: network must be 'devnet' or 'mainnet', got ${String(input.network)}`, {
|
|
331
|
+
context: {
|
|
332
|
+
operation: "computeScalarIntentDigest",
|
|
333
|
+
received: String(input.network),
|
|
334
|
+
},
|
|
335
|
+
});
|
|
336
|
+
}
|
|
337
|
+
const vaultBytes = base58Decode32(input.vault);
|
|
338
|
+
const agentBytes = base58Decode32(input.agent);
|
|
339
|
+
const tokenMintBytes = base58Decode32(input.tokenMint);
|
|
340
|
+
const targetProtocolBytes = input.targetProtocol === undefined
|
|
341
|
+
? SYSTEM_PROGRAM_ZEROS
|
|
342
|
+
: base58Decode32(input.targetProtocol);
|
|
343
|
+
// 4 magic + 1 version + 1 network_id + 32 + 32 + 32 + 8 + 32 = 142 bytes.
|
|
344
|
+
const buf = new Uint8Array(142);
|
|
345
|
+
const view = new DataView(buf.buffer, buf.byteOffset, buf.byteLength);
|
|
346
|
+
let off = 0;
|
|
347
|
+
buf.set(INTENT_DIGEST_MAGIC, off);
|
|
348
|
+
off += 4;
|
|
349
|
+
off = writeU8(view, off, INTENT_VERSION_V2);
|
|
350
|
+
off = writeU8(view, off, networkId);
|
|
351
|
+
buf.set(vaultBytes, off);
|
|
352
|
+
off += 32;
|
|
353
|
+
buf.set(agentBytes, off);
|
|
354
|
+
off += 32;
|
|
355
|
+
buf.set(tokenMintBytes, off);
|
|
356
|
+
off += 32;
|
|
357
|
+
off = writeU64Le(view, off, input.amount);
|
|
358
|
+
buf.set(targetProtocolBytes, off);
|
|
359
|
+
off += 32;
|
|
360
|
+
if (off !== 142) {
|
|
361
|
+
throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_PARAMS, `computeScalarIntentDigest: encoded ${off} bytes, expected 142.`, {
|
|
362
|
+
context: {
|
|
363
|
+
operation: "computeScalarIntentDigest",
|
|
364
|
+
field: "encoder_size_invariant",
|
|
365
|
+
encoded: off,
|
|
366
|
+
expected: 142,
|
|
367
|
+
},
|
|
368
|
+
});
|
|
369
|
+
}
|
|
370
|
+
return sha256(buf);
|
|
371
|
+
}
|
|
372
|
+
//# sourceMappingURL=intent-digest.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"intent-digest.js","sourceRoot":"","sources":["../../src/seal/intent-digest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqGG;AAGH,OAAO,EACL,cAAc,EACd,MAAM,EACN,UAAU,EACV,UAAU,EACV,OAAO,GACR,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EACL,gCAAgC,EAChC,iCAAiC,EACjC,gCAAgC,GACjC,MAAM,oBAAoB,CAAC;AAE5B;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAU,CAAC;AAC5C,+CAA+C;AAC/C,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAU,CAAC;AA+B7C,iFAAiF;AACjF,MAAM,oBAAoB,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;AAEhD;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;AAE/E;;;;;GAKG;AACH,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAE5B;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAsB;IAC3D,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,4DAA4D,KAAK,CAAC,MAAM,EAAE,EAC1E;YACE,OAAO,EAAE;gBACP,SAAS,EAAE,wBAAwB;gBACnC,KAAK,EAAE,QAAQ;gBACf,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE;aACzB;SACX,CACF,CAAC;IACJ,CAAC;IACD,MAAM,SAAS,GACb,KAAK,CAAC,OAAO,KAAK,SAAS;QACzB,CAAC,CAAC,kBAAkB;QACpB,CAAC,CAAC,KAAK,CAAC,OAAO,KAAK,QAAQ;YAC1B,CAAC,CAAC,iBAAiB;YACnB,CAAC,CAAC,CAAC,CAAC,CAAC;IACX,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,mBAAmB,CAC3B,iCAAiC,EACjC,sEAAsE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,EAC7F;YACE,OAAO,EAAE;gBACP,SAAS,EAAE,wBAAwB;gBACnC,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;aACvB;SACX,CACF,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,gEAAgE;IAChE,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,KAAe,CAAC,CAAC;IACzD,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,KAAe,CAAC,CAAC;IACzD,MAAM,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,SAAmB,CAAC,CAAC;IACjE,MAAM,mBAAmB,GACvB,KAAK,CAAC,cAAc,KAAK,SAAS;QAChC,CAAC,CAAC,oBAAoB;QACtB,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,cAAwB,CAAC,CAAC;IAUrD,MAAM,UAAU,GAAgB,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE;QACjE,IAAI,CAAC,EAAE,CAAC,cAAc,EAAE,CAAC;YACvB,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,8BAA8B,GAAG,8BAA8B,EAC/D;gBACE,OAAO,EAAE;oBACP,SAAS,EAAE,wBAAwB;oBACnC,KAAK,EAAE,MAAM,GAAG,kBAAkB;oBAClC,OAAO,EAAE,GAAG;iBACJ;aACX,CACF,CAAC;QACJ,CAAC;QACD,MAAM,cAAc,GAAG,cAAc,CAAC,EAAE,CAAC,cAAwB,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,CAAC,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE;YACvD,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,8BAA8B,GAAG,cAAc,MAAM,uBAAuB,EAC5E;oBACE,OAAO,EAAE;wBACP,SAAS,EAAE,wBAAwB;wBACnC,KAAK,EAAE,MAAM,GAAG,cAAc,MAAM,WAAW;wBAC/C,OAAO,EAAE,GAAG;wBACZ,YAAY,EAAE,MAAM;qBACZ;iBACX,CACF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;YACtB,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBACxC,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,8BAA8B,GAAG,cAAc,MAAM,oBAAoB,EACzE;oBACE,OAAO,EAAE;wBACP,SAAS,EAAE,wBAAwB;wBACnC,KAAK,EAAE,MAAM,GAAG,cAAc,MAAM,QAAQ;wBAC5C,OAAO,EAAE,GAAG;wBACZ,YAAY,EAAE,MAAM;qBACZ;iBACX,CACF,CAAC;YACJ,CAAC;YACD,+DAA+D;YAC/D,+DAA+D;YAC/D,2DAA2D;YAC3D,gEAAgE;YAChE,gEAAgE;YAChE,0DAA0D;YAC1D,0BAA0B;YAC1B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;gBACrD,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,8BAA8B,GAAG,cAAc,MAAM,6CAA6C,MAAM,CAAC,IAAI,CAAC,EAAE,EAChH;oBACE,OAAO,EAAE;wBACP,SAAS,EAAE,wBAAwB;wBACnC,KAAK,EAAE,MAAM,GAAG,cAAc,MAAM,QAAQ;wBAC5C,OAAO,EAAE,GAAG;wBACZ,YAAY,EAAE,MAAM;wBACpB,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC;qBACd;iBACX,CACF,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,cAAc,CAAC,GAAG,CAAC,OAAiB,CAAC;gBAC9C,IAAI;aACL,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QACnE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,6BAA6B;IAC7B,0EAA0E;IAC1E,uEAAuE;IACvE,sEAAsE;IACtE,mEAAmE;IACnE,EAAE;IACF,qEAAqE;IACrE,kEAAkE;IAClE,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpD,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;QAC5B,QAAQ,IAAI,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;IACpE,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,GAAG,QAAQ,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;IAEtE,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IAClC,GAAG,IAAI,CAAC,CAAC;IACT,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,iBAAiB,CAAC,CAAC;IAC5C,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;IACpC,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACzB,GAAG,IAAI,EAAE,CAAC;IACV,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACzB,GAAG,IAAI,EAAE,CAAC;IACV,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IAC7B,GAAG,IAAI,EAAE,CAAC;IACV,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1C,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IAClC,GAAG,IAAI,EAAE,CAAC;IACV,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;IAC/C,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;QAC5B,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;QAChC,GAAG,IAAI,EAAE,CAAC;QACV,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAChD,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC;YAC9B,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAC1B,GAAG,IAAI,EAAE,CAAC;YACV,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC;QACD,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5C,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACtB,GAAG,IAAI,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;IACxB,CAAC;IAED,IAAI,GAAG,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,mCAAmC,GAAG,oBAAoB,GAAG,CAAC,MAAM,IAAI;YACtE,qEAAqE;YACrE,iDAAiD,EACnD;YACE,OAAO,EAAE;gBACP,SAAS,EAAE,wBAAwB;gBACnC,KAAK,EAAE,wBAAwB;gBAC/B,OAAO,EAAE,GAAG;gBACZ,QAAQ,EAAE,GAAG,CAAC,MAAM;aACZ;SACX,CACF,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAsBD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,yBAAyB,CACvC,KAAwB;IAExB,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,+DAA+D,KAAK,CAAC,MAAM,EAAE,EAC7E;YACE,OAAO,EAAE;gBACP,SAAS,EAAE,2BAA2B;gBACtC,KAAK,EAAE,QAAQ;gBACf,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE;aACzB;SACX,CACF,CAAC;IACJ,CAAC;IACD,MAAM,SAAS,GACb,KAAK,CAAC,OAAO,KAAK,SAAS;QACzB,CAAC,CAAC,kBAAkB;QACpB,CAAC,CAAC,KAAK,CAAC,OAAO,KAAK,QAAQ;YAC1B,CAAC,CAAC,iBAAiB;YACnB,CAAC,CAAC,CAAC,CAAC,CAAC;IACX,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,mBAAmB,CAC3B,iCAAiC,EACjC,yEAAyE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,EAChG;YACE,OAAO,EAAE;gBACP,SAAS,EAAE,2BAA2B;gBACtC,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;aACvB;SACX,CACF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,KAAe,CAAC,CAAC;IACzD,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,KAAe,CAAC,CAAC;IACzD,MAAM,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,SAAmB,CAAC,CAAC;IACjE,MAAM,mBAAmB,GACvB,KAAK,CAAC,cAAc,KAAK,SAAS;QAChC,CAAC,CAAC,oBAAoB;QACtB,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,cAAwB,CAAC,CAAC;IAErD,0EAA0E;IAC1E,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;IAEtE,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IAClC,GAAG,IAAI,CAAC,CAAC;IACT,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,iBAAiB,CAAC,CAAC;IAC5C,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;IACpC,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACzB,GAAG,IAAI,EAAE,CAAC;IACV,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACzB,GAAG,IAAI,EAAE,CAAC;IACV,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IAC7B,GAAG,IAAI,EAAE,CAAC;IACV,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1C,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IAClC,GAAG,IAAI,EAAE,CAAC;IAEV,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;QAChB,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,sCAAsC,GAAG,uBAAuB,EAChE;YACE,OAAO,EAAE;gBACP,SAAS,EAAE,2BAA2B;gBACtC,KAAK,EAAE,wBAAwB;gBAC/B,OAAO,EAAE,GAAG;gBACZ,QAAQ,EAAE,GAAG;aACL;SACX,CACF,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC"}
|