@usesigil/kit 0.16.0 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -0
- package/dist/advanced-analytics.d.ts +3 -2
- package/dist/advanced-analytics.d.ts.map +1 -1
- package/dist/advanced-analytics.js +9 -42
- package/dist/advanced-analytics.js.map +1 -1
- package/dist/agent-bootstrap.d.ts +1 -2
- package/dist/agent-bootstrap.d.ts.map +1 -1
- package/dist/agent-bootstrap.js.map +1 -1
- package/dist/agent-errors.d.ts +20 -4
- package/dist/agent-errors.d.ts.map +1 -1
- package/dist/agent-errors.js +854 -369
- package/dist/agent-errors.js.map +1 -1
- package/dist/audit-log.d.ts +101 -0
- package/dist/audit-log.d.ts.map +1 -0
- package/dist/audit-log.js +145 -0
- package/dist/audit-log.js.map +1 -0
- package/dist/caip2-network.d.ts +171 -0
- package/dist/caip2-network.d.ts.map +1 -0
- package/dist/caip2-network.js +202 -0
- package/dist/caip2-network.js.map +1 -0
- package/dist/canonical-encode.d.ts +59 -0
- package/dist/canonical-encode.d.ts.map +1 -0
- package/dist/canonical-encode.js +141 -0
- package/dist/canonical-encode.js.map +1 -0
- package/dist/cosign-helper.d.ts +264 -0
- package/dist/cosign-helper.d.ts.map +1 -0
- package/dist/cosign-helper.js +147 -0
- package/dist/cosign-helper.js.map +1 -0
- package/dist/create-vault.d.ts +92 -0
- package/dist/create-vault.d.ts.map +1 -1
- package/dist/create-vault.js +98 -7
- package/dist/create-vault.js.map +1 -1
- package/dist/dashboard/close-vault.d.ts +110 -0
- package/dist/dashboard/close-vault.d.ts.map +1 -0
- package/dist/dashboard/close-vault.js +165 -0
- package/dist/dashboard/close-vault.js.map +1 -0
- package/dist/dashboard/errors.d.ts +2 -2
- package/dist/dashboard/errors.d.ts.map +1 -1
- package/dist/dashboard/errors.js +11 -7
- package/dist/dashboard/errors.js.map +1 -1
- package/dist/dashboard/index.d.ts +181 -34
- package/dist/dashboard/index.d.ts.map +1 -1
- package/dist/dashboard/index.js +258 -52
- package/dist/dashboard/index.js.map +1 -1
- package/dist/dashboard/mutations.d.ts +117 -26
- package/dist/dashboard/mutations.d.ts.map +1 -1
- package/dist/dashboard/mutations.js +521 -110
- package/dist/dashboard/mutations.js.map +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts.map +1 -1
- package/dist/dashboard/post-assertion-validation.js +169 -48
- package/dist/dashboard/post-assertion-validation.js.map +1 -1
- package/dist/dashboard/reads.d.ts +3 -4
- package/dist/dashboard/reads.d.ts.map +1 -1
- package/dist/dashboard/reads.js +11 -22
- package/dist/dashboard/reads.js.map +1 -1
- package/dist/dashboard/types.d.ts +32 -17
- package/dist/dashboard/types.d.ts.map +1 -1
- package/dist/errors/agent-errors.generated.d.ts +21 -0
- package/dist/errors/agent-errors.generated.d.ts.map +1 -0
- package/dist/errors/agent-errors.generated.js +133 -0
- package/dist/errors/agent-errors.generated.js.map +1 -0
- package/dist/errors/codes.d.ts +21 -2
- package/dist/errors/codes.d.ts.map +1 -1
- package/dist/errors/codes.js +19 -0
- package/dist/errors/codes.js.map +1 -1
- package/dist/errors/context.d.ts +9 -1
- package/dist/errors/context.d.ts.map +1 -1
- package/dist/event-analytics.d.ts +1 -3
- package/dist/event-analytics.d.ts.map +1 -1
- package/dist/event-analytics.js +28 -81
- package/dist/event-analytics.js.map +1 -1
- package/dist/events.d.ts.map +1 -1
- package/dist/events.js +23 -14
- package/dist/events.js.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.d.ts +60 -0
- package/dist/generated/accounts/agentSpendOverlay.d.ts.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.js +6 -2
- package/dist/generated/accounts/agentSpendOverlay.js.map +1 -1
- package/dist/generated/accounts/agentVault.d.ts +168 -4
- package/dist/generated/accounts/agentVault.d.ts.map +1 -1
- package/dist/generated/accounts/agentVault.js +11 -3
- package/dist/generated/accounts/agentVault.js.map +1 -1
- package/dist/generated/accounts/auditLogRejected.d.ts +66 -0
- package/dist/generated/accounts/auditLogRejected.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogRejected.js +68 -0
- package/dist/generated/accounts/auditLogRejected.js.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts +78 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.js +68 -0
- package/dist/generated/accounts/auditLogSuccess.js.map +1 -0
- package/dist/generated/accounts/index.d.ts +4 -4
- package/dist/generated/accounts/index.d.ts.map +1 -1
- package/dist/generated/accounts/index.js +4 -4
- package/dist/generated/accounts/index.js.map +1 -1
- package/dist/generated/accounts/pendingAgentGrant.d.ts +199 -0
- package/dist/generated/accounts/pendingAgentGrant.d.ts.map +1 -0
- package/dist/generated/accounts/pendingAgentGrant.js +75 -0
- package/dist/generated/accounts/pendingAgentGrant.js.map +1 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts +64 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js +7 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts +131 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js +76 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js.map +1 -0
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts +200 -4
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js +19 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js.map +1 -1
- package/dist/generated/accounts/policyConfig.d.ts +479 -36
- package/dist/generated/accounts/policyConfig.d.ts.map +1 -1
- package/dist/generated/accounts/policyConfig.js +30 -3
- package/dist/generated/accounts/policyConfig.js.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.d.ts +2 -2
- package/dist/generated/accounts/postExecutionAssertions.d.ts.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.js +3 -3
- package/dist/generated/accounts/sessionAuthority.d.ts +140 -12
- package/dist/generated/accounts/sessionAuthority.d.ts.map +1 -1
- package/dist/generated/accounts/sessionAuthority.js +9 -7
- package/dist/generated/accounts/sessionAuthority.js.map +1 -1
- package/dist/generated/accounts/spendTracker.d.ts +83 -3
- package/dist/generated/accounts/spendTracker.d.ts.map +1 -1
- package/dist/generated/accounts/spendTracker.js +14 -2
- package/dist/generated/accounts/spendTracker.js.map +1 -1
- package/dist/generated/errors/sigil.d.ts +129 -83
- package/dist/generated/errors/sigil.d.ts.map +1 -1
- package/dist/generated/errors/sigil.js +175 -106
- package/dist/generated/errors/sigil.js.map +1 -1
- package/dist/generated/event-discriminators.d.ts.map +1 -1
- package/dist/generated/event-discriminators.js +11 -14
- package/dist/generated/event-discriminators.js.map +1 -1
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts +142 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts +142 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js.map +1 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts +100 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{applyConstraintsUpdate.js → applyAgentGrant.js} +66 -42
- package/dist/generated/instructions/applyAgentGrant.js.map +1 -0
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts +31 -8
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js +38 -2
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.d.ts +18 -7
- package/dist/generated/instructions/applyPendingPolicy.d.ts.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.js +38 -2
- package/dist/generated/instructions/applyPendingPolicy.js.map +1 -1
- package/dist/generated/instructions/cancelAgentGrant.d.ts +106 -0
- package/dist/generated/instructions/cancelAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{allocatePendingConstraintsPda.js → cancelAgentGrant.js} +54 -42
- package/dist/generated/instructions/cancelAgentGrant.js.map +1 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts +121 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/{queueCloseConstraints.js → cancelOwnershipTransfer.js} +58 -44
- package/dist/generated/instructions/cancelOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/closePostAssertions.d.ts +6 -1
- package/dist/generated/instructions/closePostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/closePostAssertions.js +11 -3
- package/dist/generated/instructions/closePostAssertions.js.map +1 -1
- package/dist/generated/instructions/closeVault.d.ts +40 -8
- package/dist/generated/instructions/closeVault.d.ts.map +1 -1
- package/dist/generated/instructions/closeVault.js +40 -2
- package/dist/generated/instructions/closeVault.js.map +1 -1
- package/dist/generated/instructions/createPostAssertions.d.ts +4 -0
- package/dist/generated/instructions/createPostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/createPostAssertions.js +2 -0
- package/dist/generated/instructions/createPostAssertions.js.map +1 -1
- package/dist/generated/instructions/depositFunds.d.ts +21 -10
- package/dist/generated/instructions/depositFunds.d.ts.map +1 -1
- package/dist/generated/instructions/depositFunds.js +37 -2
- package/dist/generated/instructions/depositFunds.js.map +1 -1
- package/dist/generated/instructions/finalizeSession.d.ts +49 -7
- package/dist/generated/instructions/finalizeSession.d.ts.map +1 -1
- package/dist/generated/instructions/finalizeSession.js +59 -2
- package/dist/generated/instructions/finalizeSession.js.map +1 -1
- package/dist/generated/instructions/freezeVault.d.ts +36 -5
- package/dist/generated/instructions/freezeVault.d.ts.map +1 -1
- package/dist/generated/instructions/freezeVault.js +65 -4
- package/dist/generated/instructions/freezeVault.js.map +1 -1
- package/dist/generated/instructions/index.d.ts +10 -15
- package/dist/generated/instructions/index.d.ts.map +1 -1
- package/dist/generated/instructions/index.js +10 -15
- package/dist/generated/instructions/index.js.map +1 -1
- package/dist/generated/instructions/initializeVault.d.ts +79 -9
- package/dist/generated/instructions/initializeVault.d.ts.map +1 -1
- package/dist/generated/instructions/initializeVault.js +57 -3
- package/dist/generated/instructions/initializeVault.js.map +1 -1
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts +106 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js +181 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/pauseAgent.d.ts +49 -5
- package/dist/generated/instructions/pauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/pauseAgent.js +80 -5
- package/dist/generated/instructions/pauseAgent.js.map +1 -1
- package/dist/generated/instructions/promoteGraylistDestination.d.ts +56 -0
- package/dist/generated/instructions/promoteGraylistDestination.d.ts.map +1 -0
- package/dist/generated/instructions/{createInstructionConstraints.js → promoteGraylistDestination.js} +23 -40
- package/dist/generated/instructions/promoteGraylistDestination.js.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts +113 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.js +181 -0
- package/dist/generated/instructions/queueAgentGrant.js.map +1 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts +8 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js +4 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.d.ts +32 -0
- package/dist/generated/instructions/queuePolicyUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.js +17 -1
- package/dist/generated/instructions/queuePolicyUpdate.js.map +1 -1
- package/dist/generated/instructions/reactivateVault.d.ts +71 -5
- package/dist/generated/instructions/reactivateVault.d.ts.map +1 -1
- package/dist/generated/instructions/reactivateVault.js +80 -5
- package/dist/generated/instructions/reactivateVault.js.map +1 -1
- package/dist/generated/instructions/recordAgentViolation.d.ts +89 -0
- package/dist/generated/instructions/recordAgentViolation.d.ts.map +1 -0
- package/dist/generated/instructions/recordAgentViolation.js +152 -0
- package/dist/generated/instructions/recordAgentViolation.js.map +1 -0
- package/dist/generated/instructions/registerAgent.d.ts +84 -6
- package/dist/generated/instructions/registerAgent.d.ts.map +1 -1
- package/dist/generated/instructions/registerAgent.js +81 -4
- package/dist/generated/instructions/registerAgent.js.map +1 -1
- package/dist/generated/instructions/revokeAgent.d.ts +49 -6
- package/dist/generated/instructions/revokeAgent.d.ts.map +1 -1
- package/dist/generated/instructions/revokeAgent.js +81 -4
- package/dist/generated/instructions/revokeAgent.js.map +1 -1
- package/dist/generated/instructions/setObserveOnly.d.ts +56 -0
- package/dist/generated/instructions/setObserveOnly.d.ts.map +1 -0
- package/dist/generated/instructions/setObserveOnly.js +111 -0
- package/dist/generated/instructions/setObserveOnly.js.map +1 -0
- package/dist/generated/instructions/unpauseAgent.d.ts +46 -5
- package/dist/generated/instructions/unpauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/unpauseAgent.js +80 -5
- package/dist/generated/instructions/unpauseAgent.js.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.d.ts +29 -0
- package/dist/generated/instructions/validateAndAuthorize.d.ts.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.js +4 -0
- package/dist/generated/instructions/validateAndAuthorize.js.map +1 -1
- package/dist/generated/instructions/withdrawFunds.d.ts +53 -11
- package/dist/generated/instructions/withdrawFunds.d.ts.map +1 -1
- package/dist/generated/instructions/withdrawFunds.js +51 -2
- package/dist/generated/instructions/withdrawFunds.js.map +1 -1
- package/dist/generated/programs/sigil.d.ts +79 -99
- package/dist/generated/programs/sigil.d.ts.map +1 -1
- package/dist/generated/programs/sigil.js +139 -199
- package/dist/generated/programs/sigil.js.map +1 -1
- package/dist/generated/types/actionAuthorized.d.ts +0 -2
- package/dist/generated/types/actionAuthorized.d.ts.map +1 -1
- package/dist/generated/types/actionAuthorized.js +0 -2
- package/dist/generated/types/actionAuthorized.js.map +1 -1
- package/dist/generated/types/agentAutoRevoked.d.ts +31 -0
- package/dist/generated/types/agentAutoRevoked.d.ts.map +1 -0
- package/dist/generated/types/{orphanConstraintsPdaCleaned.js → agentAutoRevoked.js} +12 -8
- package/dist/generated/types/agentAutoRevoked.js.map +1 -0
- package/dist/generated/types/agentEntry.d.ts +48 -0
- package/dist/generated/types/agentEntry.d.ts.map +1 -1
- package/dist/generated/types/agentEntry.js +4 -2
- package/dist/generated/types/agentEntry.js.map +1 -1
- package/dist/generated/types/agentGrantApplied.d.ts +38 -0
- package/dist/generated/types/agentGrantApplied.d.ts.map +1 -0
- package/dist/generated/types/agentGrantApplied.js +34 -0
- package/dist/generated/types/agentGrantApplied.js.map +1 -0
- package/dist/generated/types/agentGrantCancelled.d.ts +33 -0
- package/dist/generated/types/agentGrantCancelled.d.ts.map +1 -0
- package/dist/generated/types/agentGrantCancelled.js +28 -0
- package/dist/generated/types/agentGrantCancelled.js.map +1 -0
- package/dist/generated/types/agentGrantQueued.d.ts +38 -0
- package/dist/generated/types/agentGrantQueued.d.ts.map +1 -0
- package/dist/generated/types/agentGrantQueued.js +32 -0
- package/dist/generated/types/agentGrantQueued.js.map +1 -0
- package/dist/generated/types/auditEntry.d.ts +120 -0
- package/dist/generated/types/auditEntry.d.ts.map +1 -0
- package/dist/generated/types/auditEntry.js +34 -0
- package/dist/generated/types/auditEntry.js.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts +32 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.js +24 -0
- package/dist/generated/types/destinationGraylistEntry.js.map +1 -0
- package/dist/generated/types/graylistEntered.d.ts +31 -0
- package/dist/generated/types/graylistEntered.d.ts.map +1 -0
- package/dist/generated/types/graylistEntered.js +30 -0
- package/dist/generated/types/graylistEntered.js.map +1 -0
- package/dist/generated/types/graylistPromoted.d.ts +29 -0
- package/dist/generated/types/graylistPromoted.d.ts.map +1 -0
- package/dist/generated/types/graylistPromoted.js +28 -0
- package/dist/generated/types/graylistPromoted.js.map +1 -0
- package/dist/generated/types/index.d.ts +13 -22
- package/dist/generated/types/index.d.ts.map +1 -1
- package/dist/generated/types/index.js +13 -22
- package/dist/generated/types/index.js.map +1 -1
- package/dist/generated/types/observeOnlyChanged.d.ts +33 -0
- package/dist/generated/types/observeOnlyChanged.d.ts.map +1 -0
- package/dist/generated/types/observeOnlyChanged.js +32 -0
- package/dist/generated/types/observeOnlyChanged.js.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts +32 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.js +30 -0
- package/dist/generated/types/ownershipTransferAccepted.js.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts +29 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.js +28 -0
- package/dist/generated/types/ownershipTransferCancelled.js.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts +33 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.js +30 -0
- package/dist/generated/types/ownershipTransferInitiated.js.map +1 -0
- package/dist/generated/types/perRecipientCounter.d.ts +61 -0
- package/dist/generated/types/perRecipientCounter.d.ts.map +1 -0
- package/dist/generated/types/perRecipientCounter.js +26 -0
- package/dist/generated/types/perRecipientCounter.js.map +1 -0
- package/dist/generated/types/postAssertionEntry.d.ts +14 -7
- package/dist/generated/types/postAssertionEntry.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntry.js +5 -7
- package/dist/generated/types/postAssertionEntry.js.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.d.ts +53 -22
- package/dist/generated/types/postAssertionEntryZC.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.js +4 -6
- package/dist/generated/types/postAssertionEntryZC.js.map +1 -1
- package/dist/generated/types/sessionFinalized.d.ts +0 -4
- package/dist/generated/types/sessionFinalized.d.ts.map +1 -1
- package/dist/generated/types/sessionFinalized.js +0 -2
- package/dist/generated/types/sessionFinalized.js.map +1 -1
- package/dist/generated/types/vaultFrozen.d.ts +14 -0
- package/dist/generated/types/vaultFrozen.d.ts.map +1 -1
- package/dist/generated/types/vaultFrozen.js +2 -0
- package/dist/generated/types/vaultFrozen.js.map +1 -1
- package/dist/index.d.ts +28 -9
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +64 -11
- package/dist/index.js.map +1 -1
- package/dist/inspector.d.ts +0 -23
- package/dist/inspector.d.ts.map +1 -1
- package/dist/inspector.js +0 -52
- package/dist/inspector.js.map +1 -1
- package/dist/kit-adapter.d.ts +1 -1
- package/dist/kit-adapter.d.ts.map +1 -1
- package/dist/kit-adapter.js +1 -1
- package/dist/kit-adapter.js.map +1 -1
- package/dist/multisig-detection.d.ts +83 -0
- package/dist/multisig-detection.d.ts.map +1 -0
- package/dist/multisig-detection.js +128 -0
- package/dist/multisig-detection.js.map +1 -0
- package/dist/ownership-transfer.d.ts +79 -0
- package/dist/ownership-transfer.d.ts.map +1 -0
- package/dist/ownership-transfer.js +66 -0
- package/dist/ownership-transfer.js.map +1 -0
- package/dist/policy/compute-cosign-digest.d.ts +193 -0
- package/dist/policy/compute-cosign-digest.d.ts.map +1 -0
- package/dist/policy/compute-cosign-digest.js +318 -0
- package/dist/policy/compute-cosign-digest.js.map +1 -0
- package/dist/policy/compute-policy-preview-digest.d.ts +258 -0
- package/dist/policy/compute-policy-preview-digest.d.ts.map +1 -0
- package/dist/policy/compute-policy-preview-digest.js +351 -0
- package/dist/policy/compute-policy-preview-digest.js.map +1 -0
- package/dist/policy-attestation.d.ts +51 -0
- package/dist/policy-attestation.d.ts.map +1 -0
- package/dist/policy-attestation.js +43 -0
- package/dist/policy-attestation.js.map +1 -0
- package/dist/preview-create-vault.d.ts.map +1 -1
- package/dist/preview-create-vault.js +37 -16
- package/dist/preview-create-vault.js.map +1 -1
- package/dist/resolve-accounts.d.ts +75 -10
- package/dist/resolve-accounts.d.ts.map +1 -1
- package/dist/resolve-accounts.js +68 -32
- package/dist/resolve-accounts.js.map +1 -1
- package/dist/rpc-helpers.d.ts +29 -3
- package/dist/rpc-helpers.d.ts.map +1 -1
- package/dist/rpc-helpers.js +51 -12
- package/dist/rpc-helpers.js.map +1 -1
- package/dist/seal/intent-digest.d.ts +195 -0
- package/dist/seal/intent-digest.d.ts.map +1 -0
- package/dist/seal/intent-digest.js +372 -0
- package/dist/seal/intent-digest.js.map +1 -0
- package/dist/seal.d.ts +166 -3
- package/dist/seal.d.ts.map +1 -1
- package/dist/seal.js +428 -32
- package/dist/seal.js.map +1 -1
- package/dist/security-analytics.d.ts +3 -3
- package/dist/security-analytics.d.ts.map +1 -1
- package/dist/security-analytics.js +13 -128
- package/dist/security-analytics.js.map +1 -1
- package/dist/session-mint.d.ts +72 -0
- package/dist/session-mint.d.ts.map +1 -0
- package/dist/session-mint.js +59 -0
- package/dist/session-mint.js.map +1 -0
- package/dist/simulation.d.ts +19 -0
- package/dist/simulation.d.ts.map +1 -1
- package/dist/simulation.js +187 -95
- package/dist/simulation.js.map +1 -1
- package/dist/squads-detection.d.ts +135 -0
- package/dist/squads-detection.d.ts.map +1 -0
- package/dist/squads-detection.js +124 -0
- package/dist/squads-detection.js.map +1 -0
- package/dist/state-resolver.d.ts +0 -16
- package/dist/state-resolver.d.ts.map +1 -1
- package/dist/state-resolver.js +162 -97
- package/dist/state-resolver.js.map +1 -1
- package/dist/testing/devnet.d.ts +40 -1
- package/dist/testing/devnet.d.ts.map +1 -1
- package/dist/testing/devnet.js +333 -44
- package/dist/testing/devnet.js.map +1 -1
- package/dist/testing/errors/expect.d.ts +1 -1
- package/dist/testing/errors/expect.js +1 -1
- package/dist/testing/errors/names.generated.d.ts +81 -58
- package/dist/testing/errors/names.generated.d.ts.map +1 -1
- package/dist/testing/errors/names.generated.js +82 -59
- package/dist/testing/errors/names.generated.js.map +1 -1
- package/dist/testing/mock-rpc.d.ts +8 -0
- package/dist/testing/mock-rpc.d.ts.map +1 -1
- package/dist/testing/mock-rpc.js +13 -0
- package/dist/testing/mock-rpc.js.map +1 -1
- package/dist/testing/mock-state.d.ts +2 -0
- package/dist/testing/mock-state.d.ts.map +1 -1
- package/dist/testing/mock-state.js +43 -4
- package/dist/testing/mock-state.js.map +1 -1
- package/dist/types.d.ts +5 -15
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +11 -69
- package/dist/types.js.map +1 -1
- package/dist/vault-analytics.d.ts +0 -2
- package/dist/vault-analytics.d.ts.map +1 -1
- package/dist/vault-analytics.js +1 -9
- package/dist/vault-analytics.js.map +1 -1
- package/package.json +7 -12
- package/dist/constraints/index.d.ts +0 -23
- package/dist/constraints/index.d.ts.map +0 -1
- package/dist/constraints/index.js +0 -24
- package/dist/constraints/index.js.map +0 -1
- package/dist/dashboard/constraint-builders.d.ts +0 -82
- package/dist/dashboard/constraint-builders.d.ts.map +0 -1
- package/dist/dashboard/constraint-builders.js +0 -204
- package/dist/dashboard/constraint-builders.js.map +0 -1
- package/dist/dashboard/constraint-reads.d.ts +0 -50
- package/dist/dashboard/constraint-reads.d.ts.map +0 -1
- package/dist/dashboard/constraint-reads.js +0 -119
- package/dist/dashboard/constraint-reads.js.map +0 -1
- package/dist/generated/accounts/escrowDeposit.d.ts +0 -50
- package/dist/generated/accounts/escrowDeposit.d.ts.map +0 -1
- package/dist/generated/accounts/escrowDeposit.js +0 -76
- package/dist/generated/accounts/escrowDeposit.js.map +0 -1
- package/dist/generated/accounts/instructionConstraints.d.ts +0 -46
- package/dist/generated/accounts/instructionConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/instructionConstraints.js +0 -73
- package/dist/generated/accounts/instructionConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.d.ts +0 -49
- package/dist/generated/accounts/pendingCloseConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.js +0 -68
- package/dist/generated/accounts/pendingCloseConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts +0 -76
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.js +0 -77
- package/dist/generated/accounts/pendingConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.d.ts +0 -62
- package/dist/generated/instructions/allocateConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.js +0 -134
- package/dist/generated/instructions/allocateConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts +0 -66
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.d.ts +0 -59
- package/dist/generated/instructions/applyCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.js +0 -143
- package/dist/generated/instructions/applyCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts +0 -62
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.d.ts +0 -51
- package/dist/generated/instructions/cancelCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.js +0 -115
- package/dist/generated/instructions/cancelCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts +0 -51
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.js +0 -115
- package/dist/generated/instructions/cancelConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts +0 -67
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js +0 -120
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.d.ts +0 -72
- package/dist/generated/instructions/closeSettledEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.js +0 -127
- package/dist/generated/instructions/closeSettledEscrow.js.map +0 -1
- package/dist/generated/instructions/createEscrow.d.ts +0 -131
- package/dist/generated/instructions/createEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/createEscrow.js +0 -272
- package/dist/generated/instructions/createEscrow.js.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.d.ts +0 -68
- package/dist/generated/instructions/createInstructionConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.js.map +0 -1
- package/dist/generated/instructions/extendPda.d.ts +0 -52
- package/dist/generated/instructions/extendPda.d.ts.map +0 -1
- package/dist/generated/instructions/extendPda.js +0 -86
- package/dist/generated/instructions/extendPda.js.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.d.ts +0 -66
- package/dist/generated/instructions/queueCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts +0 -75
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.js +0 -154
- package/dist/generated/instructions/queueConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/refundEscrow.d.ts +0 -74
- package/dist/generated/instructions/refundEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/refundEscrow.js +0 -142
- package/dist/generated/instructions/refundEscrow.js.map +0 -1
- package/dist/generated/instructions/settleEscrow.d.ts +0 -80
- package/dist/generated/instructions/settleEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/settleEscrow.js +0 -173
- package/dist/generated/instructions/settleEscrow.js.map +0 -1
- package/dist/generated/types/accountConstraint.d.ts +0 -33
- package/dist/generated/types/accountConstraint.d.ts.map +0 -1
- package/dist/generated/types/accountConstraint.js +0 -26
- package/dist/generated/types/accountConstraint.js.map +0 -1
- package/dist/generated/types/accountConstraintZC.d.ts +0 -25
- package/dist/generated/types/accountConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/accountConstraintZC.js +0 -28
- package/dist/generated/types/accountConstraintZC.js.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.d.ts +0 -20
- package/dist/generated/types/closeConstraintsApplied.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.js +0 -24
- package/dist/generated/types/closeConstraintsApplied.js.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.d.ts +0 -16
- package/dist/generated/types/closeConstraintsCancelled.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.js +0 -18
- package/dist/generated/types/closeConstraintsCancelled.js.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.d.ts +0 -20
- package/dist/generated/types/closeConstraintsQueued.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.js +0 -24
- package/dist/generated/types/closeConstraintsQueued.js.map +0 -1
- package/dist/generated/types/constraintEntry.d.ts +0 -35
- package/dist/generated/types/constraintEntry.d.ts.map +0 -1
- package/dist/generated/types/constraintEntry.js +0 -29
- package/dist/generated/types/constraintEntry.js.map +0 -1
- package/dist/generated/types/constraintEntryZC.d.ts +0 -73
- package/dist/generated/types/constraintEntryZC.d.ts.map +0 -1
- package/dist/generated/types/constraintEntryZC.js +0 -49
- package/dist/generated/types/constraintEntryZC.js.map +0 -1
- package/dist/generated/types/constraintOperator.d.ts +0 -22
- package/dist/generated/types/constraintOperator.d.ts.map +0 -1
- package/dist/generated/types/constraintOperator.js +0 -28
- package/dist/generated/types/constraintOperator.js.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.d.ts +0 -30
- package/dist/generated/types/constraintsChangeApplied.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.js +0 -32
- package/dist/generated/types/constraintsChangeApplied.js.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.d.ts +0 -16
- package/dist/generated/types/constraintsChangeCancelled.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.js +0 -18
- package/dist/generated/types/constraintsChangeCancelled.js.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.d.ts +0 -30
- package/dist/generated/types/constraintsChangeQueued.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.js +0 -32
- package/dist/generated/types/constraintsChangeQueued.js.map +0 -1
- package/dist/generated/types/dataConstraint.d.ts +0 -23
- package/dist/generated/types/dataConstraint.d.ts.map +0 -1
- package/dist/generated/types/dataConstraint.js +0 -27
- package/dist/generated/types/dataConstraint.js.map +0 -1
- package/dist/generated/types/dataConstraintZC.d.ts +0 -20
- package/dist/generated/types/dataConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/dataConstraintZC.js +0 -30
- package/dist/generated/types/dataConstraintZC.js.map +0 -1
- package/dist/generated/types/discriminatorFormat.d.ts +0 -25
- package/dist/generated/types/discriminatorFormat.d.ts.map +0 -1
- package/dist/generated/types/discriminatorFormat.js +0 -31
- package/dist/generated/types/discriminatorFormat.js.map +0 -1
- package/dist/generated/types/escrowCreated.d.ts +0 -30
- package/dist/generated/types/escrowCreated.d.ts.map +0 -1
- package/dist/generated/types/escrowCreated.js +0 -34
- package/dist/generated/types/escrowCreated.js.map +0 -1
- package/dist/generated/types/escrowRefunded.d.ts +0 -26
- package/dist/generated/types/escrowRefunded.d.ts.map +0 -1
- package/dist/generated/types/escrowRefunded.js +0 -30
- package/dist/generated/types/escrowRefunded.js.map +0 -1
- package/dist/generated/types/escrowSettled.d.ts +0 -26
- package/dist/generated/types/escrowSettled.d.ts.map +0 -1
- package/dist/generated/types/escrowSettled.js +0 -30
- package/dist/generated/types/escrowSettled.js.map +0 -1
- package/dist/generated/types/escrowStatus.d.ts +0 -18
- package/dist/generated/types/escrowStatus.d.ts.map +0 -1
- package/dist/generated/types/escrowStatus.js +0 -24
- package/dist/generated/types/escrowStatus.js.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.d.ts +0 -34
- package/dist/generated/types/instructionConstraintsCreated.d.ts.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.js +0 -36
- package/dist/generated/types/instructionConstraintsCreated.js.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts +0 -22
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.js.map +0 -1
- package/dist/generated/types/pdaAllocated.d.ts +0 -24
- package/dist/generated/types/pdaAllocated.d.ts.map +0 -1
- package/dist/generated/types/pdaAllocated.js +0 -28
- package/dist/generated/types/pdaAllocated.js.map +0 -1
- package/dist/generated/types/pdaExtended.d.ts +0 -24
- package/dist/generated/types/pdaExtended.d.ts.map +0 -1
- package/dist/generated/types/pdaExtended.js +0 -28
- package/dist/generated/types/pdaExtended.js.map +0 -1
- package/dist/post-assertions/cross-field-lte.d.ts +0 -134
- package/dist/post-assertions/cross-field-lte.d.ts.map +0 -1
- package/dist/post-assertions/cross-field-lte.js +0 -129
- package/dist/post-assertions/cross-field-lte.js.map +0 -1
- package/dist/post-assertions/index.d.ts +0 -28
- package/dist/post-assertions/index.d.ts.map +0 -1
- package/dist/post-assertions/index.js +0 -28
- package/dist/post-assertions/index.js.map +0 -1
- package/dist/post-assertions/presets/flash-trade.d.ts +0 -139
- package/dist/post-assertions/presets/flash-trade.d.ts.map +0 -1
- package/dist/post-assertions/presets/flash-trade.js +0 -154
- package/dist/post-assertions/presets/flash-trade.js.map +0 -1
- package/dist/protocol-registry/annotations/drift.json +0 -7
- package/dist/protocol-registry/annotations/flash-trade.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-borrow.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-earn.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-lend.json +0 -7
- package/dist/protocol-registry/annotations/jupiter.json +0 -7
- package/dist/protocol-registry/annotations/kamino.json +0 -7
- package/dist/protocol-registry/index.d.ts +0 -45
- package/dist/protocol-registry/index.d.ts.map +0 -1
- package/dist/protocol-registry/index.js +0 -76
- package/dist/protocol-registry/index.js.map +0 -1
- package/dist/protocol-tier.d.ts +0 -157
- package/dist/protocol-tier.d.ts.map +0 -1
- package/dist/protocol-tier.js +0 -104
- package/dist/protocol-tier.js.map +0 -1
|
@@ -0,0 +1,264 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* G4 (audit close) — TA-09 client-side cosign helper.
|
|
3
|
+
*
|
|
4
|
+
* Closes the G4 gate of Phase 6: the on-chain TA-09 cosign workflow is
|
|
5
|
+
* implemented at `queue_policy_update.rs` (handler lines 286-328) and
|
|
6
|
+
* re-validated at `apply_pending_policy.rs` (handler lines 70-84), but the
|
|
7
|
+
* SDK previously had NO client-side path to PRODUCE a valid cosign session +
|
|
8
|
+
* digest. This file ships that path.
|
|
9
|
+
*
|
|
10
|
+
* Usage (illustrative — non-Kit caller):
|
|
11
|
+
*
|
|
12
|
+
* import { buildCosignBundle } from "@usesigil/kit";
|
|
13
|
+
*
|
|
14
|
+
* const bundle = buildCosignBundle({
|
|
15
|
+
* cosignSessionPubkey: cosigner.address,
|
|
16
|
+
* ownerSigner: owner, // unused at digest time — see note below
|
|
17
|
+
* dailySpendingCapUsd: 800_000_000n, // raise from 500_000_000 → elevated
|
|
18
|
+
* });
|
|
19
|
+
*
|
|
20
|
+
* await queuePolicyUpdate({
|
|
21
|
+
* ...args,
|
|
22
|
+
* cosignSession: bundle.cosignSession,
|
|
23
|
+
* newPolicyPreviewDigest: previewDigest, // separate TA-19 digest
|
|
24
|
+
* // cosign digest IS NOT a queue arg — the on-chain handler RECOMPUTES
|
|
25
|
+
* // it from the queue args + cosign_session pubkey and stores the
|
|
26
|
+
* // result on PendingPolicyUpdate. Apply re-validates by recomputing.
|
|
27
|
+
* });
|
|
28
|
+
*
|
|
29
|
+
* Why the helper exists if the cosign digest isn't a queue arg:
|
|
30
|
+
* - The on-chain handler classifies an "elevated mutation" via comparing
|
|
31
|
+
* `Option::Some(new) > live` (raises) / `new.contains(p) where !live.contains(p)`
|
|
32
|
+
* (expansions). If you're queueing what you BELIEVE is elevated, this
|
|
33
|
+
* helper produces the digest you EXPECT the on-chain handler to store,
|
|
34
|
+
* so your client can:
|
|
35
|
+
* (a) sanity-check elevation up-front before submitting a tx (and ask
|
|
36
|
+
* the user for the cosigner signature explicitly), and
|
|
37
|
+
* (b) compare against `PendingPolicyUpdate.cosignDigest` after queue,
|
|
38
|
+
* catching any silent SDK encoder drift.
|
|
39
|
+
* - The cosign session pubkey IS a queue arg (`cosign_session: Pubkey`).
|
|
40
|
+
* For elevated mutations the handler rejects `Pubkey::default()` with
|
|
41
|
+
* `ErrCosignRequired`, and ALSO requires the corresponding signer in
|
|
42
|
+
* `remaining_accounts` with `is_signer == true`.
|
|
43
|
+
*
|
|
44
|
+
* G3 + G6 elevation triggers — what counts as "elevated" (all bound by this
|
|
45
|
+
* digest as of Round 2 B4 F-1, 2026-05-19):
|
|
46
|
+
* - raises_daily_cap = daily_spending_cap_usd: Some(new) > live
|
|
47
|
+
* - raises_max_tx = max_transaction_amount_usd: Some(new) > live
|
|
48
|
+
* - expands_destinations = allowed_destinations: any new pubkey not in live
|
|
49
|
+
* OR new.len() > live.len()
|
|
50
|
+
* - expands_protocols = protocols: any new pubkey not in live OR
|
|
51
|
+
* new.len() > live.len()
|
|
52
|
+
* - lowers_floor = stable_balance_floor: Some(new) < live (G3)
|
|
53
|
+
* - raises_per_recipient_cap = per_recipient_daily_cap_usd:
|
|
54
|
+
* Some(new) > live (G3)
|
|
55
|
+
* - disables_protocol_caps = has_protocol_caps: Some(false) while live=true (G3)
|
|
56
|
+
* - shrinks_or_raises_caps = protocol_caps: any entry mutated (G3)
|
|
57
|
+
* - disables_cosign = cosign_required: Some(false) while live=true (G6)
|
|
58
|
+
*
|
|
59
|
+
* Round 2 B4 F-1 fix (2026-05-19): the cosign digest binding now extends to
|
|
60
|
+
* ALL G3 + G6 triggers. Previously the digest only bound positions 1-5
|
|
61
|
+
* (cosign_session, daily/max-tx caps, destinations, protocols) — the G3/G6
|
|
62
|
+
* elevation triggers ELEVATED the queue but were NOT bound by this digest
|
|
63
|
+
* (they were bound only by TA-19 policy_preview_digest). That left a gap:
|
|
64
|
+
* a tampered SDK or discriminator-collision attack on the pending PDA
|
|
65
|
+
* could mutate those triggers between queue and apply without producing a
|
|
66
|
+
* cosign-digest mismatch. With the extension, every elevation trigger is
|
|
67
|
+
* now bound by BOTH the cosign digest (intent) and TA-19 (byte safety).
|
|
68
|
+
*
|
|
69
|
+
* Phase 4 PEN-CROSS-3 pattern reference:
|
|
70
|
+
* PEN-CROSS-3 introduced sibling-handler digest binding (constraints/post-
|
|
71
|
+
* assertion flips). The same defense-in-depth pattern applies here: the
|
|
72
|
+
* on-chain TA-09 handler recomputes the cosign digest at BOTH queue (queue
|
|
73
|
+
* binding) AND apply (re-validation). A rogue program with the same
|
|
74
|
+
* discriminator on the pending PDA cannot rewrite args between queue and
|
|
75
|
+
* apply without producing a digest mismatch.
|
|
76
|
+
*
|
|
77
|
+
* @see `programs/sigil/src/utils/cosign_digest.rs` — canonical Rust impl
|
|
78
|
+
* @see `programs/sigil/src/instructions/queue_policy_update.rs:286-328` —
|
|
79
|
+
* queue-time gate + digest binding
|
|
80
|
+
* @see `programs/sigil/src/instructions/apply_pending_policy.rs:70-84` —
|
|
81
|
+
* apply-time re-validation
|
|
82
|
+
* @see `sdk/kit/src/policy/compute-cosign-digest.ts` — SDK-side digest helper
|
|
83
|
+
*/
|
|
84
|
+
import type { Address, TransactionSigner } from "./kit-adapter.js";
|
|
85
|
+
/**
|
|
86
|
+
* CANONICAL `cosign_session` ARG CONTRACT — Round 2 §RP-2 B4 F-3 (2026-05-19).
|
|
87
|
+
*
|
|
88
|
+
* Every Sigil instruction that supports the cosign opt-in path accepts a
|
|
89
|
+
* `cosign_session: Pubkey` argument. This contract documents what a non-Codama
|
|
90
|
+
* SDK consumer MUST pass to avoid the silent rejection path the on-chain
|
|
91
|
+
* handler took as of Round 2 B4 F-3 Option A:
|
|
92
|
+
*
|
|
93
|
+
* • NON-ELEVATED queue (the default for every mutation that does NOT
|
|
94
|
+
* raise daily_cap / max_tx, expand destinations / protocols, lower
|
|
95
|
+
* stable_balance_floor, raise per_recipient_daily_cap_usd, disable
|
|
96
|
+
* protocol_caps, mutate protocol_caps entries, or disable cosign):
|
|
97
|
+
* Pass `Pubkey::default()` — the SystemProgram pubkey
|
|
98
|
+
* `11111111111111111111111111111111` (32 zero bytes).
|
|
99
|
+
* Do NOT include any cosigner in `remaining_accounts`.
|
|
100
|
+
*
|
|
101
|
+
* • ELEVATED queue (raising daily_cap, expanding destinations, etc. — see
|
|
102
|
+
* the full trigger list in the `CosignArgs` JSDoc below):
|
|
103
|
+
* Pass a REAL session pubkey (non-default AND distinct from owner),
|
|
104
|
+
* AND include that session pubkey in `remaining_accounts` with
|
|
105
|
+
* `is_signer == true`.
|
|
106
|
+
* Use {@link buildCosignBundle} to mirror the on-chain digest the
|
|
107
|
+
* handler will recompute + store on `PendingPolicyUpdate`.
|
|
108
|
+
*
|
|
109
|
+
* • REJECT path: passing a non-default `cosign_session` on a non-elevated
|
|
110
|
+
* queue surfaces `InvalidPermissions` (6088). This is INTENTIONAL —
|
|
111
|
+
* the on-chain handler refuses to silently downgrade a caller's
|
|
112
|
+
* declared intent. See Round 2 §RP-2 B4 F-3 Option A rationale in
|
|
113
|
+
* `queue_policy_update.rs` (and the corresponding test fixtures in
|
|
114
|
+
* `tests/policy-digest-invariant.ts`).
|
|
115
|
+
*
|
|
116
|
+
* This contract applies to: `queue_policy_update`, `queue_agent_permissions`,
|
|
117
|
+
* and any future queue handler that takes a `cosign_session` arg. The Codama
|
|
118
|
+
* generated client surfaces this as a typed `Address` field; hand-rolled
|
|
119
|
+
* builders MUST follow the contract above to avoid `InvalidPermissions`.
|
|
120
|
+
*/
|
|
121
|
+
/**
|
|
122
|
+
* Arguments for {@link buildCosignBundle}. Mirrors the elevated-mutation
|
|
123
|
+
* subset of `queue_policy_update` args.
|
|
124
|
+
*/
|
|
125
|
+
export interface CosignArgs {
|
|
126
|
+
/**
|
|
127
|
+
* The cosigning session pubkey to bind into the digest. MUST be:
|
|
128
|
+
* 1. Distinct from the owner's pubkey (handler rejects same-key cosign
|
|
129
|
+
* under `ErrCosignRequired` — same-key collapses the two-signer gate),
|
|
130
|
+
* 2. Non-default (i.e. NOT `11111111111111111111111111111111`), and
|
|
131
|
+
* 3. Present in the queue transaction's `remaining_accounts` with
|
|
132
|
+
* `is_signer == true`.
|
|
133
|
+
*
|
|
134
|
+
* The caller is responsible for (3) — this helper produces the digest, the
|
|
135
|
+
* tx builder includes the signer.
|
|
136
|
+
*
|
|
137
|
+
* See the "CANONICAL `cosign_session` ARG CONTRACT" block above for the
|
|
138
|
+
* non-elevated vs elevated vs reject paths. Round 2 §RP-2 B4 F-3 (2026-05-19).
|
|
139
|
+
*/
|
|
140
|
+
cosignSessionPubkey: Address;
|
|
141
|
+
/**
|
|
142
|
+
* The owner who will sign the queue tx. Currently UNUSED by digest
|
|
143
|
+
* derivation (the cosign digest binds the cosign_session pubkey, not the
|
|
144
|
+
* owner — owner authority is established by Solana's `is_signer` check on
|
|
145
|
+
* the owner account). Accepted as a constructor arg for symmetry with the
|
|
146
|
+
* full queue signing surface and to surface the "two distinct signers"
|
|
147
|
+
* requirement at the type level.
|
|
148
|
+
*/
|
|
149
|
+
ownerSigner: TransactionSigner;
|
|
150
|
+
/**
|
|
151
|
+
* Pending `daily_spending_cap_usd` (6-decimal USDC face value).
|
|
152
|
+
* Raising this beyond the live policy value ELEVATES the queue.
|
|
153
|
+
* Bound by THIS cosign digest.
|
|
154
|
+
*/
|
|
155
|
+
dailySpendingCapUsd?: bigint | null;
|
|
156
|
+
/**
|
|
157
|
+
* Pending `max_transaction_amount_usd` (6-decimal USDC face value).
|
|
158
|
+
* Raising this beyond the live policy value ELEVATES the queue.
|
|
159
|
+
* Bound by THIS cosign digest.
|
|
160
|
+
*/
|
|
161
|
+
maxTransactionAmountUsd?: bigint | null;
|
|
162
|
+
/**
|
|
163
|
+
* Pending `allowed_destinations`. Adding any pubkey not in live (or
|
|
164
|
+
* growing the list) ELEVATES the queue. Bound by THIS cosign digest.
|
|
165
|
+
*
|
|
166
|
+
* NOTE: order matters — the on-chain handler treats `[A, B]` and `[B, A]`
|
|
167
|
+
* as DIFFERENT digests (ordered encoding). Always pass destinations in the
|
|
168
|
+
* same order the owner signed.
|
|
169
|
+
*/
|
|
170
|
+
allowedDestinations?: readonly Address[] | null;
|
|
171
|
+
/**
|
|
172
|
+
* Pending `protocols`. Adding any pubkey not in live (or growing the list)
|
|
173
|
+
* ELEVATES the queue. Bound by THIS cosign digest. Same ordering caveat as
|
|
174
|
+
* `allowedDestinations`.
|
|
175
|
+
*/
|
|
176
|
+
protocols?: readonly Address[] | null;
|
|
177
|
+
/**
|
|
178
|
+
* Pending `stable_balance_floor` (6-decimal USDC face value). LOWERING
|
|
179
|
+
* this below the live policy value ELEVATES the queue (G3 audit fix
|
|
180
|
+
* 2026-05-18). Round 2 B4 F-1: now BOUND by this cosign digest at
|
|
181
|
+
* canonical position 6.
|
|
182
|
+
*/
|
|
183
|
+
stableBalanceFloor?: bigint | null;
|
|
184
|
+
/**
|
|
185
|
+
* Pending `per_recipient_daily_cap_usd` (6-decimal USDC face value).
|
|
186
|
+
* RAISING this above the live policy value ELEVATES the queue (G3 audit
|
|
187
|
+
* fix 2026-05-18). Round 2 B4 F-1: now BOUND by this cosign digest at
|
|
188
|
+
* canonical position 7.
|
|
189
|
+
*/
|
|
190
|
+
perRecipientDailyCapUsd?: bigint | null;
|
|
191
|
+
/**
|
|
192
|
+
* Pending `has_protocol_caps` flag. Setting this to `false` while the
|
|
193
|
+
* live policy is `true` ELEVATES the queue (disabling protocol caps
|
|
194
|
+
* entirely). Round 2 B4 F-1: BOUND by this cosign digest at canonical
|
|
195
|
+
* position 8.
|
|
196
|
+
*/
|
|
197
|
+
hasProtocolCaps?: boolean | null;
|
|
198
|
+
/**
|
|
199
|
+
* Pending `protocol_caps` Vec<u64> arg (6-decimal USDC face values,
|
|
200
|
+
* parallel to `protocols`). Mutating individual caps (shrink-to-zero or
|
|
201
|
+
* raise) ELEVATES the queue. Round 2 B4 F-1: BOUND by this cosign digest
|
|
202
|
+
* at canonical position 9. Same ordering caveat as `protocols` (parallel
|
|
203
|
+
* arrays — order is load-bearing).
|
|
204
|
+
*/
|
|
205
|
+
protocolCaps?: readonly bigint[] | null;
|
|
206
|
+
/**
|
|
207
|
+
* Pending `cosign_required` flag. Setting this to `false` while the live
|
|
208
|
+
* policy is `true` ELEVATES the queue (G6 one-way ratchet — disabling
|
|
209
|
+
* cosign requires cosign). Round 2 B4 F-1: BOUND by this cosign digest
|
|
210
|
+
* at canonical position 10.
|
|
211
|
+
*/
|
|
212
|
+
cosignRequired?: boolean | null;
|
|
213
|
+
}
|
|
214
|
+
/**
|
|
215
|
+
* Bundle produced by {@link buildCosignBundle}. Pass `cosignSession` as the
|
|
216
|
+
* `cosign_session` queue arg; the on-chain handler will recompute and store
|
|
217
|
+
* `cosignDigest` on `PendingPolicyUpdate.cosignDigest` (the SDK consumer can
|
|
218
|
+
* fetch + compare for a defense-in-depth sanity check after the queue tx
|
|
219
|
+
* lands).
|
|
220
|
+
*/
|
|
221
|
+
export interface CosignBundle {
|
|
222
|
+
/**
|
|
223
|
+
* The cosigning session pubkey, same as {@link CosignArgs.cosignSessionPubkey}.
|
|
224
|
+
* Pass this directly as the `cosign_session` arg to `queue_policy_update`.
|
|
225
|
+
*/
|
|
226
|
+
cosignSession: Address;
|
|
227
|
+
/**
|
|
228
|
+
* The 32-byte SHA-256 digest the on-chain handler will recompute + store.
|
|
229
|
+
* Equal to the on-chain `compute_cosign_digest` over the same inputs.
|
|
230
|
+
*
|
|
231
|
+
* The caller does NOT pass this directly to `queue_policy_update` — the
|
|
232
|
+
* on-chain handler recomputes it from the queue args + cosign_session.
|
|
233
|
+
* Use this to:
|
|
234
|
+
* (a) sanity-check what the on-chain handler WILL store, and
|
|
235
|
+
* (b) compare to `PendingPolicyUpdate.cosignDigest` after queue to catch
|
|
236
|
+
* SDK encoder drift.
|
|
237
|
+
*/
|
|
238
|
+
cosignDigest: Uint8Array;
|
|
239
|
+
}
|
|
240
|
+
/**
|
|
241
|
+
* Produce a cosign session + digest bundle for an elevated `queue_policy_update`.
|
|
242
|
+
*
|
|
243
|
+
* Pass the same elevated-mutation fields you intend to send to
|
|
244
|
+
* `queue_policy_update`. The helper:
|
|
245
|
+
* 1. Validates that the cosign session is non-default and distinct from
|
|
246
|
+
* the owner.
|
|
247
|
+
* 2. Computes the canonical cosign digest mirroring the on-chain
|
|
248
|
+
* `compute_cosign_digest` byte-for-byte.
|
|
249
|
+
* 3. Returns the bundle.
|
|
250
|
+
*
|
|
251
|
+
* IMPORTANT: this helper does NOT enforce that the mutation IS elevated. The
|
|
252
|
+
* on-chain handler does that detection. If you call this for a non-elevated
|
|
253
|
+
* mutation, the bundle is technically valid but the handler will set
|
|
254
|
+
* `pending.cosign_digest = [0u8; 32]` and `pending.cosign_session =
|
|
255
|
+
* Pubkey::default()` instead of binding to the cosigner. Use the bundle when
|
|
256
|
+
* you have already determined elevation is required, e.g. via an SDK-side
|
|
257
|
+
* elevation check before constructing the tx.
|
|
258
|
+
*
|
|
259
|
+
* @throws if `cosignSessionPubkey` is `11111111111111111111111111111111` (default)
|
|
260
|
+
* @throws if `cosignSessionPubkey` equals `ownerSigner.address`
|
|
261
|
+
* @throws if any address fails base58 decoding to 32 bytes
|
|
262
|
+
*/
|
|
263
|
+
export declare function buildCosignBundle(args: CosignArgs): CosignBundle;
|
|
264
|
+
//# sourceMappingURL=cosign-helper.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cosign-helper.d.ts","sourceRoot":"","sources":["../src/cosign-helper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkFG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGnE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB;;;;;;;;;;;;;OAaG;IACH,mBAAmB,EAAE,OAAO,CAAC;IAE7B;;;;;;;OAOG;IACH,WAAW,EAAE,iBAAiB,CAAC;IAY/B;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEpC;;;;OAIG;IACH,uBAAuB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAExC;;;;;;;OAOG;IACH,mBAAmB,CAAC,EAAE,SAAS,OAAO,EAAE,GAAG,IAAI,CAAC;IAEhD;;;;OAIG;IACH,SAAS,CAAC,EAAE,SAAS,OAAO,EAAE,GAAG,IAAI,CAAC;IAStC;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEnC;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAExC;;;;;OAKG;IACH,eAAe,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IAEjC;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IAExC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;CACjC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,YAAY;IAC3B;;;OAGG;IACH,aAAa,EAAE,OAAO,CAAC;IACvB;;;;;;;;;;OAUG;IACH,YAAY,EAAE,UAAU,CAAC;CAC1B;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,UAAU,GAAG,YAAY,CA+ChE"}
|
|
@@ -0,0 +1,147 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* G4 (audit close) — TA-09 client-side cosign helper.
|
|
3
|
+
*
|
|
4
|
+
* Closes the G4 gate of Phase 6: the on-chain TA-09 cosign workflow is
|
|
5
|
+
* implemented at `queue_policy_update.rs` (handler lines 286-328) and
|
|
6
|
+
* re-validated at `apply_pending_policy.rs` (handler lines 70-84), but the
|
|
7
|
+
* SDK previously had NO client-side path to PRODUCE a valid cosign session +
|
|
8
|
+
* digest. This file ships that path.
|
|
9
|
+
*
|
|
10
|
+
* Usage (illustrative — non-Kit caller):
|
|
11
|
+
*
|
|
12
|
+
* import { buildCosignBundle } from "@usesigil/kit";
|
|
13
|
+
*
|
|
14
|
+
* const bundle = buildCosignBundle({
|
|
15
|
+
* cosignSessionPubkey: cosigner.address,
|
|
16
|
+
* ownerSigner: owner, // unused at digest time — see note below
|
|
17
|
+
* dailySpendingCapUsd: 800_000_000n, // raise from 500_000_000 → elevated
|
|
18
|
+
* });
|
|
19
|
+
*
|
|
20
|
+
* await queuePolicyUpdate({
|
|
21
|
+
* ...args,
|
|
22
|
+
* cosignSession: bundle.cosignSession,
|
|
23
|
+
* newPolicyPreviewDigest: previewDigest, // separate TA-19 digest
|
|
24
|
+
* // cosign digest IS NOT a queue arg — the on-chain handler RECOMPUTES
|
|
25
|
+
* // it from the queue args + cosign_session pubkey and stores the
|
|
26
|
+
* // result on PendingPolicyUpdate. Apply re-validates by recomputing.
|
|
27
|
+
* });
|
|
28
|
+
*
|
|
29
|
+
* Why the helper exists if the cosign digest isn't a queue arg:
|
|
30
|
+
* - The on-chain handler classifies an "elevated mutation" via comparing
|
|
31
|
+
* `Option::Some(new) > live` (raises) / `new.contains(p) where !live.contains(p)`
|
|
32
|
+
* (expansions). If you're queueing what you BELIEVE is elevated, this
|
|
33
|
+
* helper produces the digest you EXPECT the on-chain handler to store,
|
|
34
|
+
* so your client can:
|
|
35
|
+
* (a) sanity-check elevation up-front before submitting a tx (and ask
|
|
36
|
+
* the user for the cosigner signature explicitly), and
|
|
37
|
+
* (b) compare against `PendingPolicyUpdate.cosignDigest` after queue,
|
|
38
|
+
* catching any silent SDK encoder drift.
|
|
39
|
+
* - The cosign session pubkey IS a queue arg (`cosign_session: Pubkey`).
|
|
40
|
+
* For elevated mutations the handler rejects `Pubkey::default()` with
|
|
41
|
+
* `ErrCosignRequired`, and ALSO requires the corresponding signer in
|
|
42
|
+
* `remaining_accounts` with `is_signer == true`.
|
|
43
|
+
*
|
|
44
|
+
* G3 + G6 elevation triggers — what counts as "elevated" (all bound by this
|
|
45
|
+
* digest as of Round 2 B4 F-1, 2026-05-19):
|
|
46
|
+
* - raises_daily_cap = daily_spending_cap_usd: Some(new) > live
|
|
47
|
+
* - raises_max_tx = max_transaction_amount_usd: Some(new) > live
|
|
48
|
+
* - expands_destinations = allowed_destinations: any new pubkey not in live
|
|
49
|
+
* OR new.len() > live.len()
|
|
50
|
+
* - expands_protocols = protocols: any new pubkey not in live OR
|
|
51
|
+
* new.len() > live.len()
|
|
52
|
+
* - lowers_floor = stable_balance_floor: Some(new) < live (G3)
|
|
53
|
+
* - raises_per_recipient_cap = per_recipient_daily_cap_usd:
|
|
54
|
+
* Some(new) > live (G3)
|
|
55
|
+
* - disables_protocol_caps = has_protocol_caps: Some(false) while live=true (G3)
|
|
56
|
+
* - shrinks_or_raises_caps = protocol_caps: any entry mutated (G3)
|
|
57
|
+
* - disables_cosign = cosign_required: Some(false) while live=true (G6)
|
|
58
|
+
*
|
|
59
|
+
* Round 2 B4 F-1 fix (2026-05-19): the cosign digest binding now extends to
|
|
60
|
+
* ALL G3 + G6 triggers. Previously the digest only bound positions 1-5
|
|
61
|
+
* (cosign_session, daily/max-tx caps, destinations, protocols) — the G3/G6
|
|
62
|
+
* elevation triggers ELEVATED the queue but were NOT bound by this digest
|
|
63
|
+
* (they were bound only by TA-19 policy_preview_digest). That left a gap:
|
|
64
|
+
* a tampered SDK or discriminator-collision attack on the pending PDA
|
|
65
|
+
* could mutate those triggers between queue and apply without producing a
|
|
66
|
+
* cosign-digest mismatch. With the extension, every elevation trigger is
|
|
67
|
+
* now bound by BOTH the cosign digest (intent) and TA-19 (byte safety).
|
|
68
|
+
*
|
|
69
|
+
* Phase 4 PEN-CROSS-3 pattern reference:
|
|
70
|
+
* PEN-CROSS-3 introduced sibling-handler digest binding (constraints/post-
|
|
71
|
+
* assertion flips). The same defense-in-depth pattern applies here: the
|
|
72
|
+
* on-chain TA-09 handler recomputes the cosign digest at BOTH queue (queue
|
|
73
|
+
* binding) AND apply (re-validation). A rogue program with the same
|
|
74
|
+
* discriminator on the pending PDA cannot rewrite args between queue and
|
|
75
|
+
* apply without producing a digest mismatch.
|
|
76
|
+
*
|
|
77
|
+
* @see `programs/sigil/src/utils/cosign_digest.rs` — canonical Rust impl
|
|
78
|
+
* @see `programs/sigil/src/instructions/queue_policy_update.rs:286-328` —
|
|
79
|
+
* queue-time gate + digest binding
|
|
80
|
+
* @see `programs/sigil/src/instructions/apply_pending_policy.rs:70-84` —
|
|
81
|
+
* apply-time re-validation
|
|
82
|
+
* @see `sdk/kit/src/policy/compute-cosign-digest.ts` — SDK-side digest helper
|
|
83
|
+
*/
|
|
84
|
+
import { computeCosignDigest } from "./policy/compute-cosign-digest.js";
|
|
85
|
+
/**
|
|
86
|
+
* Produce a cosign session + digest bundle for an elevated `queue_policy_update`.
|
|
87
|
+
*
|
|
88
|
+
* Pass the same elevated-mutation fields you intend to send to
|
|
89
|
+
* `queue_policy_update`. The helper:
|
|
90
|
+
* 1. Validates that the cosign session is non-default and distinct from
|
|
91
|
+
* the owner.
|
|
92
|
+
* 2. Computes the canonical cosign digest mirroring the on-chain
|
|
93
|
+
* `compute_cosign_digest` byte-for-byte.
|
|
94
|
+
* 3. Returns the bundle.
|
|
95
|
+
*
|
|
96
|
+
* IMPORTANT: this helper does NOT enforce that the mutation IS elevated. The
|
|
97
|
+
* on-chain handler does that detection. If you call this for a non-elevated
|
|
98
|
+
* mutation, the bundle is technically valid but the handler will set
|
|
99
|
+
* `pending.cosign_digest = [0u8; 32]` and `pending.cosign_session =
|
|
100
|
+
* Pubkey::default()` instead of binding to the cosigner. Use the bundle when
|
|
101
|
+
* you have already determined elevation is required, e.g. via an SDK-side
|
|
102
|
+
* elevation check before constructing the tx.
|
|
103
|
+
*
|
|
104
|
+
* @throws if `cosignSessionPubkey` is `11111111111111111111111111111111` (default)
|
|
105
|
+
* @throws if `cosignSessionPubkey` equals `ownerSigner.address`
|
|
106
|
+
* @throws if any address fails base58 decoding to 32 bytes
|
|
107
|
+
*/
|
|
108
|
+
export function buildCosignBundle(args) {
|
|
109
|
+
// Pre-flight: the on-chain handler rejects default/owner-same cosign with
|
|
110
|
+
// ErrCosignRequired (6089). Surface the same failures at the SDK level
|
|
111
|
+
// with a clearer error message — better DX than digging through Anchor
|
|
112
|
+
// error codes after a failed simulation.
|
|
113
|
+
const defaultPubkey = "11111111111111111111111111111111";
|
|
114
|
+
if (args.cosignSessionPubkey === defaultPubkey) {
|
|
115
|
+
throw new Error("buildCosignBundle: cosignSessionPubkey is the default pubkey " +
|
|
116
|
+
"(11111111111111111111111111111111). The on-chain handler will reject " +
|
|
117
|
+
"this with ErrCosignRequired (6089). Pass a real session pubkey.");
|
|
118
|
+
}
|
|
119
|
+
if (args.cosignSessionPubkey ===
|
|
120
|
+
args.ownerSigner.address) {
|
|
121
|
+
throw new Error("buildCosignBundle: cosignSessionPubkey equals ownerSigner.address. " +
|
|
122
|
+
"The on-chain handler rejects same-key cosign with ErrCosignRequired " +
|
|
123
|
+
"(6089) because it collapses the two-signer gate. Use a distinct " +
|
|
124
|
+
"cosigning session pubkey.");
|
|
125
|
+
}
|
|
126
|
+
const digest = computeCosignDigest({
|
|
127
|
+
cosignSession: args.cosignSessionPubkey,
|
|
128
|
+
dailySpendingCapUsd: args.dailySpendingCapUsd ?? null,
|
|
129
|
+
maxTransactionAmountUsd: args.maxTransactionAmountUsd ?? null,
|
|
130
|
+
allowedDestinations: args.allowedDestinations ?? null,
|
|
131
|
+
protocols: args.protocols ?? null,
|
|
132
|
+
// Round 2 B4 F-1 (2026-05-19): the 5 new G3 + G6 elevation triggers are
|
|
133
|
+
// now BOUND by this cosign digest. Flow them through to mirror the
|
|
134
|
+
// on-chain handler's CosignDigestFields construction in
|
|
135
|
+
// `queue_policy_update.rs` (handler passes all 10 fields).
|
|
136
|
+
stableBalanceFloor: args.stableBalanceFloor ?? null,
|
|
137
|
+
perRecipientDailyCapUsd: args.perRecipientDailyCapUsd ?? null,
|
|
138
|
+
hasProtocolCaps: args.hasProtocolCaps ?? null,
|
|
139
|
+
protocolCaps: args.protocolCaps ?? null,
|
|
140
|
+
cosignRequired: args.cosignRequired ?? null,
|
|
141
|
+
});
|
|
142
|
+
return {
|
|
143
|
+
cosignSession: args.cosignSessionPubkey,
|
|
144
|
+
cosignDigest: digest,
|
|
145
|
+
};
|
|
146
|
+
}
|
|
147
|
+
//# sourceMappingURL=cosign-helper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cosign-helper.js","sourceRoot":"","sources":["../src/cosign-helper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkFG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AA2LxE;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAgB;IAChD,0EAA0E;IAC1E,uEAAuE;IACvE,uEAAuE;IACvE,yCAAyC;IACzC,MAAM,aAAa,GACjB,kCAAwD,CAAC;IAC3D,IAAI,IAAI,CAAC,mBAAmB,KAAK,aAAa,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,+DAA+D;YAC7D,uEAAuE;YACvE,iEAAiE,CACpE,CAAC;IACJ,CAAC;IACD,IACG,IAAI,CAAC,mBAAyC;QAC9C,IAAI,CAAC,WAAW,CAAC,OAA6B,EAC/C,CAAC;QACD,MAAM,IAAI,KAAK,CACb,qEAAqE;YACnE,sEAAsE;YACtE,kEAAkE;YAClE,2BAA2B,CAC9B,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,mBAAmB,CAAC;QACjC,aAAa,EAAE,IAAI,CAAC,mBAAmB;QACvC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAI,IAAI;QACrD,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,IAAI,IAAI;QAC7D,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAI,IAAI;QACrD,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;QACjC,wEAAwE;QACxE,mEAAmE;QACnE,wDAAwD;QACxD,2DAA2D;QAC3D,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,IAAI,IAAI;QACnD,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,IAAI,IAAI;QAC7D,eAAe,EAAE,IAAI,CAAC,eAAe,IAAI,IAAI;QAC7C,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;QACvC,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,IAAI;KAC5C,CAAC,CAAC;IAEH,OAAO;QACL,aAAa,EAAE,IAAI,CAAC,mBAAmB;QACvC,YAAY,EAAE,MAAM;KACrB,CAAC;AACJ,CAAC"}
|
package/dist/create-vault.d.ts
CHANGED
|
@@ -53,6 +53,14 @@ export interface CreateVaultOptions {
|
|
|
53
53
|
*/
|
|
54
54
|
protocolCaps?: bigint[];
|
|
55
55
|
maxSlippageBps?: number;
|
|
56
|
+
/**
|
|
57
|
+
* Phase 2 TA-19: observe-only mode at vault creation. When `true`, all
|
|
58
|
+
* `validate_and_authorize` calls reject with `ObserveOnlyModeBlocksExecute`.
|
|
59
|
+
* Used to stand up a vault that baselines agent behaviour before the owner
|
|
60
|
+
* opens the execute path. Default: `false` (full execute permitted, gated
|
|
61
|
+
* by policy).
|
|
62
|
+
*/
|
|
63
|
+
observeOnly?: boolean;
|
|
56
64
|
/**
|
|
57
65
|
* Timelock duration in seconds for owner-initiated policy changes.
|
|
58
66
|
* Required since v0.9.0 — previously defaulted silently to 0 (no
|
|
@@ -72,6 +80,90 @@ export interface CreateVaultOptions {
|
|
|
72
80
|
timelockDuration: number;
|
|
73
81
|
allowedDestinations?: Address[];
|
|
74
82
|
vaultId?: bigint;
|
|
83
|
+
/**
|
|
84
|
+
* PEN-CROSS-2 (Phase 2 close-up): the slot to bind into the TA-19 digest.
|
|
85
|
+
* If omitted, `createVault` reads `rpc.getSlot()` — that's what production
|
|
86
|
+
* callers should do so the digest matches the slot the on-chain handler
|
|
87
|
+
* captures at execution.
|
|
88
|
+
*
|
|
89
|
+
* Tests / fixtures that don't care about replay protection (PDA derivation
|
|
90
|
+
* smoke tests) can pass a fixed bigint here to avoid mocking `getSlot`.
|
|
91
|
+
*/
|
|
92
|
+
createdAtSlot?: bigint;
|
|
93
|
+
/**
|
|
94
|
+
* TA-05 (Phase 3): 24-bit UTC operating-hours bitmask. Bit `n` (0..=23)
|
|
95
|
+
* set → spending allowed during UTC hour `n`. Default `0x00FFFFFF` (all
|
|
96
|
+
* 24h enabled — equivalent to "no operating-hours constraint").
|
|
97
|
+
*
|
|
98
|
+
* Upper 8 bits MUST be zero; on-chain handler rejects otherwise with
|
|
99
|
+
* `ErrOutsideOperatingHours` (6084). Bound by TA-19 at canonical
|
|
100
|
+
* digest position 15.
|
|
101
|
+
*
|
|
102
|
+
* Production callers narrowing for market-hours / business-hours
|
|
103
|
+
* vaults should pass an explicit mask (e.g. `0x0001E000` for 13-17 UTC).
|
|
104
|
+
*/
|
|
105
|
+
operatingHours?: number;
|
|
106
|
+
/**
|
|
107
|
+
* TA-07 (Phase 3): if true, NEW destinations added via
|
|
108
|
+
* queue_policy_update skip the 24h graylist friction. Default false —
|
|
109
|
+
* the owner pays the friction cost by default. Bound by TA-19 at
|
|
110
|
+
* canonical digest position 16.
|
|
111
|
+
*/
|
|
112
|
+
autoPromoteGrays?: boolean;
|
|
113
|
+
/**
|
|
114
|
+
* TA-17 (Phase 3): consecutive-failure threshold after which an
|
|
115
|
+
* agent's capability is auto-revoked. Range 3..=20 (on-chain reject
|
|
116
|
+
* out-of-range with `InvalidPermissions`). Default 5.
|
|
117
|
+
*
|
|
118
|
+
* Only on-chain policy-violation codes 6083-6100 count — external
|
|
119
|
+
* causes (CU exhaustion, nonce desync, auth) do NOT increment.
|
|
120
|
+
* Bound by TA-19 at canonical digest position 17.
|
|
121
|
+
*/
|
|
122
|
+
autoRevokeThreshold?: number;
|
|
123
|
+
/**
|
|
124
|
+
* TA-12 (Phase 5 post-execution invariant): hard stable balance floor in
|
|
125
|
+
* USD base units (6 decimals). The combined USDC + USDT vault balance is
|
|
126
|
+
* asserted >= this value at finalize_session AND at agent_transfer's
|
|
127
|
+
* post-CPI re-read. Default 0 = no floor enforcement.
|
|
128
|
+
*
|
|
129
|
+
* Lowering this on a live vault is an elevated mutation per TA-09 and
|
|
130
|
+
* requires cosign (closed by G3 audit fix).
|
|
131
|
+
*
|
|
132
|
+
* Bound by TA-19 at canonical digest position 18.
|
|
133
|
+
*/
|
|
134
|
+
stableBalanceFloor?: bigint;
|
|
135
|
+
/**
|
|
136
|
+
* TA-14 (Phase 5 post-execution invariant): per-recipient daily cap in
|
|
137
|
+
* USD base units (6 decimals). Each unique recipient's rolling 24h
|
|
138
|
+
* outflow is asserted <= this value at finalize. Per-recipient slots
|
|
139
|
+
* are bounded at 10 with age-based eviction (no LRU churn).
|
|
140
|
+
*
|
|
141
|
+
* Default 0 = no per-recipient cap (global daily cap still applies).
|
|
142
|
+
* Raising this on a live vault is elevated per TA-09 (closed by G3).
|
|
143
|
+
*
|
|
144
|
+
* Bound by TA-19 at canonical digest position 19.
|
|
145
|
+
*/
|
|
146
|
+
perRecipientDailyCapUsd?: bigint;
|
|
147
|
+
/**
|
|
148
|
+
* G6 (audit 2026-05-18 cosign opt-in): owner's opt-in to TA-09 cosign
|
|
149
|
+
* enforcement on elevated mutations. Default `false` (low-friction —
|
|
150
|
+
* owner signature alone authorizes elevated mutations).
|
|
151
|
+
*
|
|
152
|
+
* When `true`, future calls to `queue_policy_update` with elevated
|
|
153
|
+
* mutations require a non-default `cosignSession` pubkey + a
|
|
154
|
+
* corresponding signer in `remaining_accounts`. Use this for solo-key
|
|
155
|
+
* owners who want Sigil-native per-mutation co-signature. Vaults whose
|
|
156
|
+
* owner is a Squads V4 multisig PDA (`detectSquadsV4Owner` returns
|
|
157
|
+
* `isSquadsMultisig: true`) typically leave this `false` because
|
|
158
|
+
* multisig at the Solana layer already enforces multi-signer auth.
|
|
159
|
+
*
|
|
160
|
+
* Disabling cosign on a live vault where this is `true` is itself an
|
|
161
|
+
* elevated mutation (one-way ratchet — `queue_policy_update` requires
|
|
162
|
+
* cosign to flip true → false).
|
|
163
|
+
*
|
|
164
|
+
* Bound by TA-19 at canonical digest position 20.
|
|
165
|
+
*/
|
|
166
|
+
cosignRequired?: boolean;
|
|
75
167
|
}
|
|
76
168
|
export interface CreateVaultResult {
|
|
77
169
|
vaultAddress: Address;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-vault.d.ts","sourceRoot":"","sources":["../src/create-vault.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,GAAG,EACH,YAAY,EACZ,iBAAiB,EAClB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAUpD,OAAO,EAGL,KAAK,cAAc,EACnB,KAAK,YAAY,EAClB,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"create-vault.d.ts","sourceRoot":"","sources":["../src/create-vault.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,GAAG,EACH,YAAY,EACZ,iBAAiB,EAClB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAUpD,OAAO,EAGL,KAAK,cAAc,EACnB,KAAK,YAAY,EAClB,MAAM,YAAY,CAAC;AAIpB,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAW9D,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC;IACvB,OAAO,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC9B,KAAK,EAAE,iBAAiB,CAAC;IACzB,KAAK,EAAE,iBAAiB,CAAC;IACzB,WAAW,CAAC,EAAE,cAAc,CAAC;IAC7B;;;;;;;;;;;OAWG;IACH,gBAAgB,EAAE,YAAY,CAAC;IAC/B;;;;;;;;OAQG;IACH,mBAAmB,EAAE,YAAY,CAAC;IAClC,qBAAqB,CAAC,EAAE,YAAY,CAAC;IACrC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;;;;;OAQG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;;;;;;;;;OAeG;IACH,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,OAAO,EAAE,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;;;;OAQG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;;;;;;;OAWG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B;;;;;;;;OAQG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;;;;;;;;;OAUG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B;;;;;;;;;;OAUG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;IAEjC;;;;;;;;;;;;;;;;;;OAkBG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,iBAAiB,EAAE,WAAW,CAAC;IAC/B,eAAe,EAAE,WAAW,CAAC;CAC9B;AAID,wBAAsB,WAAW,CAC/B,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,iBAAiB,CAAC,CAkQ5B;AAID,MAAM,WAAW,yBAA0B,SAAQ,kBAAkB;IACnE,wDAAwD;IACxD,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,kEAAkE;IAClE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iEAAiE;IACjE,cAAc,CAAC,EAAE,qBAAqB,CAAC;CACxC;AAED,MAAM,WAAW,wBAAyB,SAAQ,iBAAiB;IACjE,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,yBAAyB,GACjC,OAAO,CAAC,wBAAwB,CAAC,CAoBnC"}
|