@usesigil/kit 0.16.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -0
- package/dist/advanced-analytics.d.ts +3 -2
- package/dist/advanced-analytics.d.ts.map +1 -1
- package/dist/advanced-analytics.js +9 -42
- package/dist/advanced-analytics.js.map +1 -1
- package/dist/agent-bootstrap.d.ts +1 -2
- package/dist/agent-bootstrap.d.ts.map +1 -1
- package/dist/agent-bootstrap.js.map +1 -1
- package/dist/agent-errors.d.ts +20 -4
- package/dist/agent-errors.d.ts.map +1 -1
- package/dist/agent-errors.js +864 -367
- package/dist/agent-errors.js.map +1 -1
- package/dist/audit-log.d.ts +101 -0
- package/dist/audit-log.d.ts.map +1 -0
- package/dist/audit-log.js +145 -0
- package/dist/audit-log.js.map +1 -0
- package/dist/caip2-network.d.ts +171 -0
- package/dist/caip2-network.d.ts.map +1 -0
- package/dist/caip2-network.js +202 -0
- package/dist/caip2-network.js.map +1 -0
- package/dist/canonical-encode.d.ts +59 -0
- package/dist/canonical-encode.d.ts.map +1 -0
- package/dist/canonical-encode.js +141 -0
- package/dist/canonical-encode.js.map +1 -0
- package/dist/cosign-helper.d.ts +264 -0
- package/dist/cosign-helper.d.ts.map +1 -0
- package/dist/cosign-helper.js +147 -0
- package/dist/cosign-helper.js.map +1 -0
- package/dist/create-vault.d.ts +92 -0
- package/dist/create-vault.d.ts.map +1 -1
- package/dist/create-vault.js +108 -7
- package/dist/create-vault.js.map +1 -1
- package/dist/dashboard/close-vault.d.ts +110 -0
- package/dist/dashboard/close-vault.d.ts.map +1 -0
- package/dist/dashboard/close-vault.js +165 -0
- package/dist/dashboard/close-vault.js.map +1 -0
- package/dist/dashboard/errors.d.ts +2 -2
- package/dist/dashboard/errors.d.ts.map +1 -1
- package/dist/dashboard/errors.js +11 -7
- package/dist/dashboard/errors.js.map +1 -1
- package/dist/dashboard/index.d.ts +190 -34
- package/dist/dashboard/index.d.ts.map +1 -1
- package/dist/dashboard/index.js +282 -52
- package/dist/dashboard/index.js.map +1 -1
- package/dist/dashboard/mutations.d.ts +153 -24
- package/dist/dashboard/mutations.d.ts.map +1 -1
- package/dist/dashboard/mutations.js +680 -114
- package/dist/dashboard/mutations.js.map +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts.map +1 -1
- package/dist/dashboard/post-assertion-validation.js +169 -48
- package/dist/dashboard/post-assertion-validation.js.map +1 -1
- package/dist/dashboard/reads.d.ts +3 -4
- package/dist/dashboard/reads.d.ts.map +1 -1
- package/dist/dashboard/reads.js +11 -22
- package/dist/dashboard/reads.js.map +1 -1
- package/dist/dashboard/types.d.ts +56 -19
- package/dist/dashboard/types.d.ts.map +1 -1
- package/dist/errors/agent-errors.generated.d.ts +21 -0
- package/dist/errors/agent-errors.generated.d.ts.map +1 -0
- package/dist/errors/agent-errors.generated.js +134 -0
- package/dist/errors/agent-errors.generated.js.map +1 -0
- package/dist/errors/codes.d.ts +21 -2
- package/dist/errors/codes.d.ts.map +1 -1
- package/dist/errors/codes.js +19 -0
- package/dist/errors/codes.js.map +1 -1
- package/dist/errors/context.d.ts +9 -1
- package/dist/errors/context.d.ts.map +1 -1
- package/dist/event-analytics.d.ts +1 -3
- package/dist/event-analytics.d.ts.map +1 -1
- package/dist/event-analytics.js +28 -81
- package/dist/event-analytics.js.map +1 -1
- package/dist/events.d.ts.map +1 -1
- package/dist/events.js +23 -14
- package/dist/events.js.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.d.ts +60 -0
- package/dist/generated/accounts/agentSpendOverlay.d.ts.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.js +6 -2
- package/dist/generated/accounts/agentSpendOverlay.js.map +1 -1
- package/dist/generated/accounts/agentVault.d.ts +168 -4
- package/dist/generated/accounts/agentVault.d.ts.map +1 -1
- package/dist/generated/accounts/agentVault.js +11 -3
- package/dist/generated/accounts/agentVault.js.map +1 -1
- package/dist/generated/accounts/auditLogRejected.d.ts +66 -0
- package/dist/generated/accounts/auditLogRejected.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogRejected.js +68 -0
- package/dist/generated/accounts/auditLogRejected.js.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts +78 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.js +68 -0
- package/dist/generated/accounts/auditLogSuccess.js.map +1 -0
- package/dist/generated/accounts/index.d.ts +4 -4
- package/dist/generated/accounts/index.d.ts.map +1 -1
- package/dist/generated/accounts/index.js +4 -4
- package/dist/generated/accounts/index.js.map +1 -1
- package/dist/generated/accounts/pendingAgentGrant.d.ts +199 -0
- package/dist/generated/accounts/pendingAgentGrant.d.ts.map +1 -0
- package/dist/generated/accounts/pendingAgentGrant.js +75 -0
- package/dist/generated/accounts/pendingAgentGrant.js.map +1 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts +64 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js +7 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts +131 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js +76 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js.map +1 -0
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts +200 -4
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js +19 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js.map +1 -1
- package/dist/generated/accounts/policyConfig.d.ts +479 -36
- package/dist/generated/accounts/policyConfig.d.ts.map +1 -1
- package/dist/generated/accounts/policyConfig.js +30 -3
- package/dist/generated/accounts/policyConfig.js.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.d.ts +2 -2
- package/dist/generated/accounts/postExecutionAssertions.d.ts.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.js +3 -3
- package/dist/generated/accounts/sessionAuthority.d.ts +140 -12
- package/dist/generated/accounts/sessionAuthority.d.ts.map +1 -1
- package/dist/generated/accounts/sessionAuthority.js +9 -7
- package/dist/generated/accounts/sessionAuthority.js.map +1 -1
- package/dist/generated/accounts/spendTracker.d.ts +83 -3
- package/dist/generated/accounts/spendTracker.d.ts.map +1 -1
- package/dist/generated/accounts/spendTracker.js +14 -2
- package/dist/generated/accounts/spendTracker.js.map +1 -1
- package/dist/generated/errors/sigil.d.ts +131 -83
- package/dist/generated/errors/sigil.d.ts.map +1 -1
- package/dist/generated/errors/sigil.js +178 -106
- package/dist/generated/errors/sigil.js.map +1 -1
- package/dist/generated/event-discriminators.d.ts.map +1 -1
- package/dist/generated/event-discriminators.js +11 -14
- package/dist/generated/event-discriminators.js.map +1 -1
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts +142 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts +85 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js.map +1 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts +100 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{applyConstraintsUpdate.js → applyAgentGrant.js} +66 -42
- package/dist/generated/instructions/applyAgentGrant.js.map +1 -0
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts +31 -8
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js +38 -2
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.d.ts +18 -7
- package/dist/generated/instructions/applyPendingPolicy.d.ts.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.js +38 -2
- package/dist/generated/instructions/applyPendingPolicy.js.map +1 -1
- package/dist/generated/instructions/cancelAgentGrant.d.ts +106 -0
- package/dist/generated/instructions/cancelAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{allocatePendingConstraintsPda.js → cancelAgentGrant.js} +54 -42
- package/dist/generated/instructions/cancelAgentGrant.js.map +1 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts +121 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/{queueCloseConstraints.js → cancelOwnershipTransfer.js} +58 -44
- package/dist/generated/instructions/cancelOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/closePostAssertions.d.ts +6 -1
- package/dist/generated/instructions/closePostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/closePostAssertions.js +11 -3
- package/dist/generated/instructions/closePostAssertions.js.map +1 -1
- package/dist/generated/instructions/closeVault.d.ts +40 -8
- package/dist/generated/instructions/closeVault.d.ts.map +1 -1
- package/dist/generated/instructions/closeVault.js +40 -2
- package/dist/generated/instructions/closeVault.js.map +1 -1
- package/dist/generated/instructions/createPostAssertions.d.ts +4 -0
- package/dist/generated/instructions/createPostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/createPostAssertions.js +2 -0
- package/dist/generated/instructions/createPostAssertions.js.map +1 -1
- package/dist/generated/instructions/depositFunds.d.ts +21 -10
- package/dist/generated/instructions/depositFunds.d.ts.map +1 -1
- package/dist/generated/instructions/depositFunds.js +37 -2
- package/dist/generated/instructions/depositFunds.js.map +1 -1
- package/dist/generated/instructions/finalizeSession.d.ts +49 -7
- package/dist/generated/instructions/finalizeSession.d.ts.map +1 -1
- package/dist/generated/instructions/finalizeSession.js +59 -2
- package/dist/generated/instructions/finalizeSession.js.map +1 -1
- package/dist/generated/instructions/freezeVault.d.ts +36 -5
- package/dist/generated/instructions/freezeVault.d.ts.map +1 -1
- package/dist/generated/instructions/freezeVault.js +65 -4
- package/dist/generated/instructions/freezeVault.js.map +1 -1
- package/dist/generated/instructions/index.d.ts +10 -15
- package/dist/generated/instructions/index.d.ts.map +1 -1
- package/dist/generated/instructions/index.js +10 -15
- package/dist/generated/instructions/index.js.map +1 -1
- package/dist/generated/instructions/initializeVault.d.ts +79 -9
- package/dist/generated/instructions/initializeVault.d.ts.map +1 -1
- package/dist/generated/instructions/initializeVault.js +57 -3
- package/dist/generated/instructions/initializeVault.js.map +1 -1
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts +106 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js +181 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/pauseAgent.d.ts +49 -5
- package/dist/generated/instructions/pauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/pauseAgent.js +80 -5
- package/dist/generated/instructions/pauseAgent.js.map +1 -1
- package/dist/generated/instructions/promoteGraylistDestination.d.ts +56 -0
- package/dist/generated/instructions/promoteGraylistDestination.d.ts.map +1 -0
- package/dist/generated/instructions/{createInstructionConstraints.js → promoteGraylistDestination.js} +23 -40
- package/dist/generated/instructions/promoteGraylistDestination.js.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts +113 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.js +181 -0
- package/dist/generated/instructions/queueAgentGrant.js.map +1 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts +8 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js +4 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.d.ts +32 -0
- package/dist/generated/instructions/queuePolicyUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.js +17 -1
- package/dist/generated/instructions/queuePolicyUpdate.js.map +1 -1
- package/dist/generated/instructions/reactivateVault.d.ts +71 -5
- package/dist/generated/instructions/reactivateVault.d.ts.map +1 -1
- package/dist/generated/instructions/reactivateVault.js +80 -5
- package/dist/generated/instructions/reactivateVault.js.map +1 -1
- package/dist/generated/instructions/recordAgentViolation.d.ts +89 -0
- package/dist/generated/instructions/recordAgentViolation.d.ts.map +1 -0
- package/dist/generated/instructions/recordAgentViolation.js +152 -0
- package/dist/generated/instructions/recordAgentViolation.js.map +1 -0
- package/dist/generated/instructions/registerAgent.d.ts +84 -6
- package/dist/generated/instructions/registerAgent.d.ts.map +1 -1
- package/dist/generated/instructions/registerAgent.js +81 -4
- package/dist/generated/instructions/registerAgent.js.map +1 -1
- package/dist/generated/instructions/revokeAgent.d.ts +49 -6
- package/dist/generated/instructions/revokeAgent.d.ts.map +1 -1
- package/dist/generated/instructions/revokeAgent.js +81 -4
- package/dist/generated/instructions/revokeAgent.js.map +1 -1
- package/dist/generated/instructions/setObserveOnly.d.ts +56 -0
- package/dist/generated/instructions/setObserveOnly.d.ts.map +1 -0
- package/dist/generated/instructions/setObserveOnly.js +111 -0
- package/dist/generated/instructions/setObserveOnly.js.map +1 -0
- package/dist/generated/instructions/unpauseAgent.d.ts +46 -5
- package/dist/generated/instructions/unpauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/unpauseAgent.js +80 -5
- package/dist/generated/instructions/unpauseAgent.js.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.d.ts +29 -0
- package/dist/generated/instructions/validateAndAuthorize.d.ts.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.js +4 -0
- package/dist/generated/instructions/validateAndAuthorize.js.map +1 -1
- package/dist/generated/instructions/withdrawFunds.d.ts +53 -11
- package/dist/generated/instructions/withdrawFunds.d.ts.map +1 -1
- package/dist/generated/instructions/withdrawFunds.js +51 -2
- package/dist/generated/instructions/withdrawFunds.js.map +1 -1
- package/dist/generated/programs/sigil.d.ts +79 -99
- package/dist/generated/programs/sigil.d.ts.map +1 -1
- package/dist/generated/programs/sigil.js +139 -199
- package/dist/generated/programs/sigil.js.map +1 -1
- package/dist/generated/types/actionAuthorized.d.ts +0 -2
- package/dist/generated/types/actionAuthorized.d.ts.map +1 -1
- package/dist/generated/types/actionAuthorized.js +0 -2
- package/dist/generated/types/actionAuthorized.js.map +1 -1
- package/dist/generated/types/agentAutoRevoked.d.ts +31 -0
- package/dist/generated/types/agentAutoRevoked.d.ts.map +1 -0
- package/dist/generated/types/{orphanConstraintsPdaCleaned.js → agentAutoRevoked.js} +12 -8
- package/dist/generated/types/agentAutoRevoked.js.map +1 -0
- package/dist/generated/types/agentEntry.d.ts +48 -0
- package/dist/generated/types/agentEntry.d.ts.map +1 -1
- package/dist/generated/types/agentEntry.js +4 -2
- package/dist/generated/types/agentEntry.js.map +1 -1
- package/dist/generated/types/agentGrantApplied.d.ts +38 -0
- package/dist/generated/types/agentGrantApplied.d.ts.map +1 -0
- package/dist/generated/types/agentGrantApplied.js +34 -0
- package/dist/generated/types/agentGrantApplied.js.map +1 -0
- package/dist/generated/types/agentGrantCancelled.d.ts +33 -0
- package/dist/generated/types/agentGrantCancelled.d.ts.map +1 -0
- package/dist/generated/types/agentGrantCancelled.js +28 -0
- package/dist/generated/types/agentGrantCancelled.js.map +1 -0
- package/dist/generated/types/agentGrantQueued.d.ts +38 -0
- package/dist/generated/types/agentGrantQueued.d.ts.map +1 -0
- package/dist/generated/types/agentGrantQueued.js +32 -0
- package/dist/generated/types/agentGrantQueued.js.map +1 -0
- package/dist/generated/types/auditEntry.d.ts +120 -0
- package/dist/generated/types/auditEntry.d.ts.map +1 -0
- package/dist/generated/types/auditEntry.js +34 -0
- package/dist/generated/types/auditEntry.js.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts +32 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.js +24 -0
- package/dist/generated/types/destinationGraylistEntry.js.map +1 -0
- package/dist/generated/types/graylistEntered.d.ts +31 -0
- package/dist/generated/types/graylistEntered.d.ts.map +1 -0
- package/dist/generated/types/graylistEntered.js +30 -0
- package/dist/generated/types/graylistEntered.js.map +1 -0
- package/dist/generated/types/graylistPromoted.d.ts +29 -0
- package/dist/generated/types/graylistPromoted.d.ts.map +1 -0
- package/dist/generated/types/graylistPromoted.js +28 -0
- package/dist/generated/types/graylistPromoted.js.map +1 -0
- package/dist/generated/types/index.d.ts +13 -22
- package/dist/generated/types/index.d.ts.map +1 -1
- package/dist/generated/types/index.js +13 -22
- package/dist/generated/types/index.js.map +1 -1
- package/dist/generated/types/observeOnlyChanged.d.ts +33 -0
- package/dist/generated/types/observeOnlyChanged.d.ts.map +1 -0
- package/dist/generated/types/observeOnlyChanged.js +32 -0
- package/dist/generated/types/observeOnlyChanged.js.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts +32 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.js +30 -0
- package/dist/generated/types/ownershipTransferAccepted.js.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts +29 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.js +28 -0
- package/dist/generated/types/ownershipTransferCancelled.js.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts +33 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.js +30 -0
- package/dist/generated/types/ownershipTransferInitiated.js.map +1 -0
- package/dist/generated/types/perRecipientCounter.d.ts +61 -0
- package/dist/generated/types/perRecipientCounter.d.ts.map +1 -0
- package/dist/generated/types/perRecipientCounter.js +26 -0
- package/dist/generated/types/perRecipientCounter.js.map +1 -0
- package/dist/generated/types/postAssertionEntry.d.ts +14 -7
- package/dist/generated/types/postAssertionEntry.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntry.js +5 -7
- package/dist/generated/types/postAssertionEntry.js.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.d.ts +53 -22
- package/dist/generated/types/postAssertionEntryZC.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.js +4 -6
- package/dist/generated/types/postAssertionEntryZC.js.map +1 -1
- package/dist/generated/types/sessionFinalized.d.ts +0 -4
- package/dist/generated/types/sessionFinalized.d.ts.map +1 -1
- package/dist/generated/types/sessionFinalized.js +0 -2
- package/dist/generated/types/sessionFinalized.js.map +1 -1
- package/dist/generated/types/vaultFrozen.d.ts +14 -0
- package/dist/generated/types/vaultFrozen.d.ts.map +1 -1
- package/dist/generated/types/vaultFrozen.js +2 -0
- package/dist/generated/types/vaultFrozen.js.map +1 -1
- package/dist/index.d.ts +31 -9
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +67 -11
- package/dist/index.js.map +1 -1
- package/dist/inspector.d.ts +0 -23
- package/dist/inspector.d.ts.map +1 -1
- package/dist/inspector.js +0 -52
- package/dist/inspector.js.map +1 -1
- package/dist/kit-adapter.d.ts +1 -1
- package/dist/kit-adapter.d.ts.map +1 -1
- package/dist/kit-adapter.js +1 -1
- package/dist/kit-adapter.js.map +1 -1
- package/dist/multisig-detection.d.ts +83 -0
- package/dist/multisig-detection.d.ts.map +1 -0
- package/dist/multisig-detection.js +128 -0
- package/dist/multisig-detection.js.map +1 -0
- package/dist/ownership-transfer.d.ts +79 -0
- package/dist/ownership-transfer.d.ts.map +1 -0
- package/dist/ownership-transfer.js +66 -0
- package/dist/ownership-transfer.js.map +1 -0
- package/dist/policy/compute-agent-perms-cosign-digest.d.ts +51 -0
- package/dist/policy/compute-agent-perms-cosign-digest.d.ts.map +1 -0
- package/dist/policy/compute-agent-perms-cosign-digest.js +55 -0
- package/dist/policy/compute-agent-perms-cosign-digest.js.map +1 -0
- package/dist/policy/compute-cosign-digest.d.ts +193 -0
- package/dist/policy/compute-cosign-digest.d.ts.map +1 -0
- package/dist/policy/compute-cosign-digest.js +318 -0
- package/dist/policy/compute-cosign-digest.js.map +1 -0
- package/dist/policy/compute-policy-preview-digest.d.ts +279 -0
- package/dist/policy/compute-policy-preview-digest.d.ts.map +1 -0
- package/dist/policy/compute-policy-preview-digest.js +373 -0
- package/dist/policy/compute-policy-preview-digest.js.map +1 -0
- package/dist/policy-attestation.d.ts +51 -0
- package/dist/policy-attestation.d.ts.map +1 -0
- package/dist/policy-attestation.js +43 -0
- package/dist/policy-attestation.js.map +1 -0
- package/dist/preview-create-vault.d.ts.map +1 -1
- package/dist/preview-create-vault.js +37 -16
- package/dist/preview-create-vault.js.map +1 -1
- package/dist/resolve-accounts.d.ts +75 -10
- package/dist/resolve-accounts.d.ts.map +1 -1
- package/dist/resolve-accounts.js +68 -32
- package/dist/resolve-accounts.js.map +1 -1
- package/dist/rpc-helpers.d.ts +29 -3
- package/dist/rpc-helpers.d.ts.map +1 -1
- package/dist/rpc-helpers.js +51 -12
- package/dist/rpc-helpers.js.map +1 -1
- package/dist/seal/intent-digest.d.ts +195 -0
- package/dist/seal/intent-digest.d.ts.map +1 -0
- package/dist/seal/intent-digest.js +372 -0
- package/dist/seal/intent-digest.js.map +1 -0
- package/dist/seal.d.ts +166 -3
- package/dist/seal.d.ts.map +1 -1
- package/dist/seal.js +428 -32
- package/dist/seal.js.map +1 -1
- package/dist/security-analytics.d.ts +3 -3
- package/dist/security-analytics.d.ts.map +1 -1
- package/dist/security-analytics.js +13 -128
- package/dist/security-analytics.js.map +1 -1
- package/dist/session-mint.d.ts +72 -0
- package/dist/session-mint.d.ts.map +1 -0
- package/dist/session-mint.js +59 -0
- package/dist/session-mint.js.map +1 -0
- package/dist/simulation.d.ts +19 -0
- package/dist/simulation.d.ts.map +1 -1
- package/dist/simulation.js +187 -95
- package/dist/simulation.js.map +1 -1
- package/dist/squads-detection.d.ts +135 -0
- package/dist/squads-detection.d.ts.map +1 -0
- package/dist/squads-detection.js +124 -0
- package/dist/squads-detection.js.map +1 -0
- package/dist/state-resolver.d.ts +0 -16
- package/dist/state-resolver.d.ts.map +1 -1
- package/dist/state-resolver.js +162 -97
- package/dist/state-resolver.js.map +1 -1
- package/dist/testing/devnet.d.ts +40 -1
- package/dist/testing/devnet.d.ts.map +1 -1
- package/dist/testing/devnet.js +333 -44
- package/dist/testing/devnet.js.map +1 -1
- package/dist/testing/errors/expect.d.ts +1 -1
- package/dist/testing/errors/expect.js +1 -1
- package/dist/testing/errors/names.generated.d.ts +82 -58
- package/dist/testing/errors/names.generated.d.ts.map +1 -1
- package/dist/testing/errors/names.generated.js +83 -59
- package/dist/testing/errors/names.generated.js.map +1 -1
- package/dist/testing/mock-rpc.d.ts +8 -0
- package/dist/testing/mock-rpc.d.ts.map +1 -1
- package/dist/testing/mock-rpc.js +13 -0
- package/dist/testing/mock-rpc.js.map +1 -1
- package/dist/testing/mock-state.d.ts +2 -0
- package/dist/testing/mock-state.d.ts.map +1 -1
- package/dist/testing/mock-state.js +43 -4
- package/dist/testing/mock-state.js.map +1 -1
- package/dist/types.d.ts +5 -15
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +11 -69
- package/dist/types.js.map +1 -1
- package/dist/vault-analytics.d.ts +0 -2
- package/dist/vault-analytics.d.ts.map +1 -1
- package/dist/vault-analytics.js +1 -9
- package/dist/vault-analytics.js.map +1 -1
- package/package.json +7 -12
- package/dist/constraints/index.d.ts +0 -23
- package/dist/constraints/index.d.ts.map +0 -1
- package/dist/constraints/index.js +0 -24
- package/dist/constraints/index.js.map +0 -1
- package/dist/dashboard/constraint-builders.d.ts +0 -82
- package/dist/dashboard/constraint-builders.d.ts.map +0 -1
- package/dist/dashboard/constraint-builders.js +0 -204
- package/dist/dashboard/constraint-builders.js.map +0 -1
- package/dist/dashboard/constraint-reads.d.ts +0 -50
- package/dist/dashboard/constraint-reads.d.ts.map +0 -1
- package/dist/dashboard/constraint-reads.js +0 -119
- package/dist/dashboard/constraint-reads.js.map +0 -1
- package/dist/generated/accounts/escrowDeposit.d.ts +0 -50
- package/dist/generated/accounts/escrowDeposit.d.ts.map +0 -1
- package/dist/generated/accounts/escrowDeposit.js +0 -76
- package/dist/generated/accounts/escrowDeposit.js.map +0 -1
- package/dist/generated/accounts/instructionConstraints.d.ts +0 -46
- package/dist/generated/accounts/instructionConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/instructionConstraints.js +0 -73
- package/dist/generated/accounts/instructionConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.d.ts +0 -49
- package/dist/generated/accounts/pendingCloseConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.js +0 -68
- package/dist/generated/accounts/pendingCloseConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts +0 -76
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.js +0 -77
- package/dist/generated/accounts/pendingConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.d.ts +0 -62
- package/dist/generated/instructions/allocateConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.js +0 -134
- package/dist/generated/instructions/allocateConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts +0 -66
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.d.ts +0 -59
- package/dist/generated/instructions/applyCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.js +0 -143
- package/dist/generated/instructions/applyCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts +0 -62
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.d.ts +0 -51
- package/dist/generated/instructions/cancelCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.js +0 -115
- package/dist/generated/instructions/cancelCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts +0 -51
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.js +0 -115
- package/dist/generated/instructions/cancelConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts +0 -67
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js +0 -120
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.d.ts +0 -72
- package/dist/generated/instructions/closeSettledEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.js +0 -127
- package/dist/generated/instructions/closeSettledEscrow.js.map +0 -1
- package/dist/generated/instructions/createEscrow.d.ts +0 -131
- package/dist/generated/instructions/createEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/createEscrow.js +0 -272
- package/dist/generated/instructions/createEscrow.js.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.d.ts +0 -68
- package/dist/generated/instructions/createInstructionConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.js.map +0 -1
- package/dist/generated/instructions/extendPda.d.ts +0 -52
- package/dist/generated/instructions/extendPda.d.ts.map +0 -1
- package/dist/generated/instructions/extendPda.js +0 -86
- package/dist/generated/instructions/extendPda.js.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.d.ts +0 -66
- package/dist/generated/instructions/queueCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts +0 -75
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.js +0 -154
- package/dist/generated/instructions/queueConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/refundEscrow.d.ts +0 -74
- package/dist/generated/instructions/refundEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/refundEscrow.js +0 -142
- package/dist/generated/instructions/refundEscrow.js.map +0 -1
- package/dist/generated/instructions/settleEscrow.d.ts +0 -80
- package/dist/generated/instructions/settleEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/settleEscrow.js +0 -173
- package/dist/generated/instructions/settleEscrow.js.map +0 -1
- package/dist/generated/types/accountConstraint.d.ts +0 -33
- package/dist/generated/types/accountConstraint.d.ts.map +0 -1
- package/dist/generated/types/accountConstraint.js +0 -26
- package/dist/generated/types/accountConstraint.js.map +0 -1
- package/dist/generated/types/accountConstraintZC.d.ts +0 -25
- package/dist/generated/types/accountConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/accountConstraintZC.js +0 -28
- package/dist/generated/types/accountConstraintZC.js.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.d.ts +0 -20
- package/dist/generated/types/closeConstraintsApplied.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.js +0 -24
- package/dist/generated/types/closeConstraintsApplied.js.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.d.ts +0 -16
- package/dist/generated/types/closeConstraintsCancelled.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.js +0 -18
- package/dist/generated/types/closeConstraintsCancelled.js.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.d.ts +0 -20
- package/dist/generated/types/closeConstraintsQueued.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.js +0 -24
- package/dist/generated/types/closeConstraintsQueued.js.map +0 -1
- package/dist/generated/types/constraintEntry.d.ts +0 -35
- package/dist/generated/types/constraintEntry.d.ts.map +0 -1
- package/dist/generated/types/constraintEntry.js +0 -29
- package/dist/generated/types/constraintEntry.js.map +0 -1
- package/dist/generated/types/constraintEntryZC.d.ts +0 -73
- package/dist/generated/types/constraintEntryZC.d.ts.map +0 -1
- package/dist/generated/types/constraintEntryZC.js +0 -49
- package/dist/generated/types/constraintEntryZC.js.map +0 -1
- package/dist/generated/types/constraintOperator.d.ts +0 -22
- package/dist/generated/types/constraintOperator.d.ts.map +0 -1
- package/dist/generated/types/constraintOperator.js +0 -28
- package/dist/generated/types/constraintOperator.js.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.d.ts +0 -30
- package/dist/generated/types/constraintsChangeApplied.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.js +0 -32
- package/dist/generated/types/constraintsChangeApplied.js.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.d.ts +0 -16
- package/dist/generated/types/constraintsChangeCancelled.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.js +0 -18
- package/dist/generated/types/constraintsChangeCancelled.js.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.d.ts +0 -30
- package/dist/generated/types/constraintsChangeQueued.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.js +0 -32
- package/dist/generated/types/constraintsChangeQueued.js.map +0 -1
- package/dist/generated/types/dataConstraint.d.ts +0 -23
- package/dist/generated/types/dataConstraint.d.ts.map +0 -1
- package/dist/generated/types/dataConstraint.js +0 -27
- package/dist/generated/types/dataConstraint.js.map +0 -1
- package/dist/generated/types/dataConstraintZC.d.ts +0 -20
- package/dist/generated/types/dataConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/dataConstraintZC.js +0 -30
- package/dist/generated/types/dataConstraintZC.js.map +0 -1
- package/dist/generated/types/discriminatorFormat.d.ts +0 -25
- package/dist/generated/types/discriminatorFormat.d.ts.map +0 -1
- package/dist/generated/types/discriminatorFormat.js +0 -31
- package/dist/generated/types/discriminatorFormat.js.map +0 -1
- package/dist/generated/types/escrowCreated.d.ts +0 -30
- package/dist/generated/types/escrowCreated.d.ts.map +0 -1
- package/dist/generated/types/escrowCreated.js +0 -34
- package/dist/generated/types/escrowCreated.js.map +0 -1
- package/dist/generated/types/escrowRefunded.d.ts +0 -26
- package/dist/generated/types/escrowRefunded.d.ts.map +0 -1
- package/dist/generated/types/escrowRefunded.js +0 -30
- package/dist/generated/types/escrowRefunded.js.map +0 -1
- package/dist/generated/types/escrowSettled.d.ts +0 -26
- package/dist/generated/types/escrowSettled.d.ts.map +0 -1
- package/dist/generated/types/escrowSettled.js +0 -30
- package/dist/generated/types/escrowSettled.js.map +0 -1
- package/dist/generated/types/escrowStatus.d.ts +0 -18
- package/dist/generated/types/escrowStatus.d.ts.map +0 -1
- package/dist/generated/types/escrowStatus.js +0 -24
- package/dist/generated/types/escrowStatus.js.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.d.ts +0 -34
- package/dist/generated/types/instructionConstraintsCreated.d.ts.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.js +0 -36
- package/dist/generated/types/instructionConstraintsCreated.js.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts +0 -22
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.js.map +0 -1
- package/dist/generated/types/pdaAllocated.d.ts +0 -24
- package/dist/generated/types/pdaAllocated.d.ts.map +0 -1
- package/dist/generated/types/pdaAllocated.js +0 -28
- package/dist/generated/types/pdaAllocated.js.map +0 -1
- package/dist/generated/types/pdaExtended.d.ts +0 -24
- package/dist/generated/types/pdaExtended.d.ts.map +0 -1
- package/dist/generated/types/pdaExtended.js +0 -28
- package/dist/generated/types/pdaExtended.js.map +0 -1
- package/dist/post-assertions/cross-field-lte.d.ts +0 -134
- package/dist/post-assertions/cross-field-lte.d.ts.map +0 -1
- package/dist/post-assertions/cross-field-lte.js +0 -129
- package/dist/post-assertions/cross-field-lte.js.map +0 -1
- package/dist/post-assertions/index.d.ts +0 -28
- package/dist/post-assertions/index.d.ts.map +0 -1
- package/dist/post-assertions/index.js +0 -28
- package/dist/post-assertions/index.js.map +0 -1
- package/dist/post-assertions/presets/flash-trade.d.ts +0 -139
- package/dist/post-assertions/presets/flash-trade.d.ts.map +0 -1
- package/dist/post-assertions/presets/flash-trade.js +0 -154
- package/dist/post-assertions/presets/flash-trade.js.map +0 -1
- package/dist/protocol-registry/annotations/drift.json +0 -7
- package/dist/protocol-registry/annotations/flash-trade.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-borrow.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-earn.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-lend.json +0 -7
- package/dist/protocol-registry/annotations/jupiter.json +0 -7
- package/dist/protocol-registry/annotations/kamino.json +0 -7
- package/dist/protocol-registry/index.d.ts +0 -45
- package/dist/protocol-registry/index.d.ts.map +0 -1
- package/dist/protocol-registry/index.js +0 -76
- package/dist/protocol-registry/index.js.map +0 -1
- package/dist/protocol-tier.d.ts +0 -157
- package/dist/protocol-tier.d.ts.map +0 -1
- package/dist/protocol-tier.js +0 -104
- package/dist/protocol-tier.js.map +0 -1
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
* @see https://github.com/codama-idl/codama
|
|
7
7
|
*/
|
|
8
8
|
import { fetchEncodedAccount, fetchEncodedAccounts, type Account, type Address, type Codec, type Decoder, type EncodedAccount, type Encoder, type FetchAccountConfig, type FetchAccountsConfig, type MaybeAccount, type MaybeEncodedAccount, type ReadonlyUint8Array } from "@solana/kit";
|
|
9
|
+
import { type DestinationGraylistEntry, type DestinationGraylistEntryArgs } from "../types/index.js";
|
|
9
10
|
export declare const POLICY_CONFIG_DISCRIMINATOR: Uint8Array<ArrayBuffer>;
|
|
10
11
|
export declare function getPolicyConfigDiscriminatorBytes(): ReadonlyUint8Array<ArrayBuffer>;
|
|
11
12
|
export type PolicyConfig = {
|
|
@@ -20,10 +21,9 @@ export type PolicyConfig = {
|
|
|
20
21
|
/** Maximum single transaction size in USD (6 decimals). */
|
|
21
22
|
maxTransactionSizeUsd: bigint;
|
|
22
23
|
/**
|
|
23
|
-
* Protocol
|
|
24
|
-
* 0
|
|
25
|
-
*
|
|
26
|
-
* 2 = denylist (all except protocols in list)
|
|
24
|
+
* Protocol allowlist mode. Phase 2 Option A: ONLY value 1 (ALLOWLIST)
|
|
25
|
+
* permitted. Modes 0 (ALL) and 2 (DENYLIST) deleted under L-1. Handler
|
|
26
|
+
* rejects any other value with `ErrInvalidProtocolMode`.
|
|
27
27
|
*/
|
|
28
28
|
protocolMode: number;
|
|
29
29
|
/**
|
|
@@ -37,9 +37,13 @@ export type PolicyConfig = {
|
|
|
37
37
|
*/
|
|
38
38
|
developerFeeRate: number;
|
|
39
39
|
/**
|
|
40
|
-
* Maximum slippage tolerance
|
|
41
|
-
*
|
|
42
|
-
*
|
|
40
|
+
* Maximum slippage tolerance (basis points) — generic config primitive
|
|
41
|
+
* preserved per D-5 across Phase 1 Option A demolition. Per L-1 there is
|
|
42
|
+
* no on-chain Jupiter slippage verifier in V1; this field is consumed by
|
|
43
|
+
* off-chain SDK simulators and (Phase 6) generic post-execution assertions
|
|
44
|
+
* (R-1 mint-delta cap). Validated at config time via
|
|
45
|
+
* `max_slippage_bps <= MAX_SLIPPAGE_BPS` (= 5000 BPS = 50% ceiling).
|
|
46
|
+
* 0 = no slippage protection configured.
|
|
43
47
|
*/
|
|
44
48
|
maxSlippageBps: number;
|
|
45
49
|
/** Timelock duration in seconds for policy changes. 0 = no timelock. */
|
|
@@ -49,11 +53,6 @@ export type PolicyConfig = {
|
|
|
49
53
|
* Empty = any destination allowed. Bounded to MAX_ALLOWED_DESTINATIONS.
|
|
50
54
|
*/
|
|
51
55
|
allowedDestinations: Array<Address>;
|
|
52
|
-
/**
|
|
53
|
-
* Whether instruction constraints PDA exists for this vault.
|
|
54
|
-
* Set true by create_instruction_constraints, false by apply_close_constraints.
|
|
55
|
-
*/
|
|
56
|
-
hasConstraints: boolean;
|
|
57
56
|
/**
|
|
58
57
|
* Whether a pending policy update PDA exists for this vault.
|
|
59
58
|
* Set true by queue_policy_update, false by apply/cancel_pending_policy.
|
|
@@ -93,14 +92,237 @@ export type PolicyConfig = {
|
|
|
93
92
|
*/
|
|
94
93
|
hasPostAssertions: number;
|
|
95
94
|
/**
|
|
96
|
-
* Destination access control mode for `agent_transfer
|
|
97
|
-
*
|
|
98
|
-
*
|
|
99
|
-
* Closes F-4 (third-pass audit)
|
|
100
|
-
*
|
|
101
|
-
* queue_policy_update / apply_pending_policy.
|
|
95
|
+
* Destination access control mode for `agent_transfer` and spending paths.
|
|
96
|
+
*
|
|
97
|
+
* Phase 2 Option A: only value 0 (RESTRICTED) is accepted. Permissive
|
|
98
|
+
* OPEN_WITH_CAP (1) was deleted. Closes F-4 (third-pass audit) and the
|
|
99
|
+
* subsequent owner-opt-in window definitively.
|
|
102
100
|
*/
|
|
103
101
|
destinationMode: number;
|
|
102
|
+
/**
|
|
103
|
+
* TA-19 (Phase 2): SHA-256 digest of the canonical Borsh encoding of the
|
|
104
|
+
* policy fields the owner approved at queue/init time. Bound at the same
|
|
105
|
+
* instruction where the owner signs the change, re-asserted at apply, so
|
|
106
|
+
* a compromised owner-signer or pending-PDA tampering cannot mutate the
|
|
107
|
+
* applied policy without producing a digest mismatch.
|
|
108
|
+
*
|
|
109
|
+
* CANONICAL ENCODING (FIXED — DO NOT REORDER):
|
|
110
|
+
* 1. `daily_spending_cap_usd: u64`
|
|
111
|
+
* 2. `max_transaction_size_usd: u64`
|
|
112
|
+
* 3. `max_slippage_bps: u16`
|
|
113
|
+
* 4. `developer_fee_rate: u16` — PEN-CROSS-6 (Phase 2 close-up)
|
|
114
|
+
* 5. `protocol_mode: u8`
|
|
115
|
+
* 6. `protocols: Vec<Pubkey>`
|
|
116
|
+
* 7. `destination_mode: u8`
|
|
117
|
+
* 8. `allowed_destinations: Vec<Pubkey>`
|
|
118
|
+
* 9. `timelock_duration: u64`
|
|
119
|
+
* 10. `session_expiry_seconds: u64`
|
|
120
|
+
* 11. `observe_only: bool`
|
|
121
|
+
* 12. `has_constraints: bool`
|
|
122
|
+
* 13. `has_post_assertions: u8`
|
|
123
|
+
* 14. `created_at_slot: u64` — PEN-CROSS-2 (Phase 2 close-up)
|
|
124
|
+
*
|
|
125
|
+
* All fields encoded as Borsh: u8/u16/u64 little-endian, `bool` as `[u8; 1]`
|
|
126
|
+
* (0 or 1), `Vec<Pubkey>` as `u32_le_len ++ pubkey_bytes_concatenated`.
|
|
127
|
+
* The SDK helper `computePolicyPreviewDigest` mirrors this encoding exactly.
|
|
128
|
+
*
|
|
129
|
+
* APPENDED at end of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
130
|
+
*/
|
|
131
|
+
policyPreviewDigest: ReadonlyUint8Array;
|
|
132
|
+
/**
|
|
133
|
+
* PEN-CROSS-2 (Phase 2 close-up): the slot at which `initialize_vault`
|
|
134
|
+
* minted this PolicyConfig. Bound by TA-19 at position 14 of the
|
|
135
|
+
* canonical digest encoding.
|
|
136
|
+
*
|
|
137
|
+
* Closes the close+reinit replay window: an owner who closes a vault
|
|
138
|
+
* (via `close_vault`) and later re-inits a fresh PDA at the same
|
|
139
|
+
* (owner, vault_id) gets a new `created_at_slot`. The signed
|
|
140
|
+
* `initialize_vault` ix from the old vault encodes the OLD slot in its
|
|
141
|
+
* preview digest, so replaying that signed tx against the fresh PDA
|
|
142
|
+
* produces a digest mismatch and `PolicyPreviewMismatch` rejects it.
|
|
143
|
+
*
|
|
144
|
+
* APPENDED at end of struct per F-14 APPEND-ONLY rule.
|
|
145
|
+
*/
|
|
146
|
+
createdAtSlot: bigint;
|
|
147
|
+
/**
|
|
148
|
+
* TA-05 (Phase 3 pre-execution guard #2): 24-bit UTC operating-hours
|
|
149
|
+
* bitmask. Bit `n` (0 ≤ n ≤ 23) set → spending allowed when
|
|
150
|
+
* `clock.unix_timestamp / 3600 % 24 == n`. Upper 8 bits (24..=31)
|
|
151
|
+
* MUST be zero; rejected at write-time.
|
|
152
|
+
*
|
|
153
|
+
* Default for owners who don't narrow: 0xFFFFFF (all 24 hours enabled
|
|
154
|
+
* — equivalent to "no operating-hours constraint"). New vaults set
|
|
155
|
+
* this explicitly via the digest the owner signs; back-compat
|
|
156
|
+
* consideration removed per L-3 (Phase 2 TA-19 bound the field anyway).
|
|
157
|
+
*
|
|
158
|
+
* Bound by TA-19 at position 15 of the canonical digest encoding.
|
|
159
|
+
* APPENDED at end of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
160
|
+
*/
|
|
161
|
+
operatingHours: number;
|
|
162
|
+
/**
|
|
163
|
+
* TA-07 (Phase 3 pre-execution guard #4): first-time-destination
|
|
164
|
+
* 24-hour graylist friction. When a NEW destination is added to
|
|
165
|
+
* `allowed_destinations` (via queue_policy_update), it enters this
|
|
166
|
+
* graylist with `unlock_unix = now + 86400` (24h). Until either
|
|
167
|
+
* (a) the unlock time elapses OR (b) the owner calls
|
|
168
|
+
* `promote_graylist_destination` to fast-track, spending paths
|
|
169
|
+
* reject any tx routing value to that destination with
|
|
170
|
+
* `ErrGraylistFriction` (6077).
|
|
171
|
+
*
|
|
172
|
+
* Tuple is `(destination_pubkey, unlock_unix)`. Bounded ≤10 entries
|
|
173
|
+
* (max_destinations). When full, additional allowlist adds reject
|
|
174
|
+
* with `ErrGraylistFull` (6087) until an existing entry unlocks or
|
|
175
|
+
* is promoted.
|
|
176
|
+
*
|
|
177
|
+
* DESIGN: graylist entries are derived/ephemeral state — the owner's
|
|
178
|
+
* signed digest already binds the allowlist (canonical position 8),
|
|
179
|
+
* and graylist friction only delays an already-authorised destination.
|
|
180
|
+
* Therefore the graylist itself is NOT in the canonical digest
|
|
181
|
+
* encoding. Promoting accelerates the unlock but cannot widen the
|
|
182
|
+
* allowlist beyond what the owner signed.
|
|
183
|
+
*
|
|
184
|
+
* APPENDED at end of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
185
|
+
*/
|
|
186
|
+
destinationGraylist: Array<DestinationGraylistEntry>;
|
|
187
|
+
/**
|
|
188
|
+
* TA-07 (Phase 3): if true, new destinations added to the allowlist
|
|
189
|
+
* skip the 24h graylist entirely (audit trail still recorded via
|
|
190
|
+
* emitted events). Bound by TA-19 at canonical digest position 16
|
|
191
|
+
* so the owner's choice to bypass friction is part of the signed
|
|
192
|
+
* configuration — not silently flipped.
|
|
193
|
+
*
|
|
194
|
+
* Default false. APPENDED at end per F-14 APPEND-ONLY rule.
|
|
195
|
+
*/
|
|
196
|
+
autoPromoteGrays: boolean;
|
|
197
|
+
/**
|
|
198
|
+
* TA-17 (Phase 3 pre-execution guard #7): consecutive-failure
|
|
199
|
+
* threshold after which an agent's capability is auto-revoked.
|
|
200
|
+
* Owner-configurable in range 3..=20; out-of-range values rejected
|
|
201
|
+
* at policy-write time with `InvalidPermissions`. Default 5.
|
|
202
|
+
*
|
|
203
|
+
* Only on-chain policy-violation codes (6074-6091) count — see
|
|
204
|
+
* `POLICY_VIOLATION_RANGE` in finalize_session. External codes
|
|
205
|
+
* (CU exhaustion, nonce desync, auth) do NOT increment.
|
|
206
|
+
*
|
|
207
|
+
* Bound by TA-19 at canonical digest position 17. APPENDED per
|
|
208
|
+
* F-14 APPEND-ONLY rule.
|
|
209
|
+
*/
|
|
210
|
+
autoRevokeThreshold: number;
|
|
211
|
+
/**
|
|
212
|
+
* TA-12 (Phase 5 post-execution invariant #1): hard floor on the
|
|
213
|
+
* combined USDC + USDT balance held by the vault. After every
|
|
214
|
+
* `finalize_session` spending path completes (CPI balance audit +
|
|
215
|
+
* rolling-cap + per-agent + per-protocol bookkeeping), the handler
|
|
216
|
+
* re-reads the vault's USDC + USDT token-account balances and
|
|
217
|
+
* asserts their sum is ≥ this value. If not, it rejects with
|
|
218
|
+
* `ErrStableFloorViolation` (6085).
|
|
219
|
+
*
|
|
220
|
+
* This is the LAST defensive line — no combination of attacks (CPI
|
|
221
|
+
* drain, per-protocol cap bypass via async fulfillment, fee
|
|
222
|
+
* inflation, slippage manipulation) may drain the vault below this
|
|
223
|
+
* line. Default 0 (no reserve — preserves all existing vault
|
|
224
|
+
* behavior). Owner-configurable via `initialize_vault` and
|
|
225
|
+
* `queue_policy_update`.
|
|
226
|
+
*
|
|
227
|
+
* Bound by TA-19 at canonical digest position 18. APPENDED per
|
|
228
|
+
* F-14 APPEND-ONLY rule for Borsh stability.
|
|
229
|
+
*/
|
|
230
|
+
stableBalanceFloor: bigint;
|
|
231
|
+
/**
|
|
232
|
+
* TA-14 (Phase 5 post-execution invariant #2): rolling 24h
|
|
233
|
+
* per-recipient outflow cap, in 6-decimal USDC face value. When
|
|
234
|
+
* non-zero, every `finalize_session` spending path validates that
|
|
235
|
+
* the recipient's rolling 24h spend (tracked on
|
|
236
|
+
* `SpendTracker.per_recipient`) PLUS this transaction's outflow
|
|
237
|
+
* to that recipient stays ≤ this value. Otherwise rejects with
|
|
238
|
+
* `ErrRecipientCapExceeded` (6096).
|
|
239
|
+
*
|
|
240
|
+
* Default 0 (no per-recipient cap) preserves existing vault
|
|
241
|
+
* behavior. Owner-configurable via `initialize_vault` and
|
|
242
|
+
* `queue_policy_update`.
|
|
243
|
+
*
|
|
244
|
+
* Bound by TA-19 at canonical digest position 19. APPENDED per
|
|
245
|
+
* F-14 APPEND-ONLY rule for Borsh stability.
|
|
246
|
+
*/
|
|
247
|
+
perRecipientDailyCapUsd: bigint;
|
|
248
|
+
/**
|
|
249
|
+
* G6 (audit 2026-05-18): owner-controlled opt-in flag for TA-09
|
|
250
|
+
* cosign enforcement on elevated policy mutations.
|
|
251
|
+
*
|
|
252
|
+
* When `false` (default): elevated mutations (raising caps,
|
|
253
|
+
* expanding allowlists, weakening floors / per-recipient caps /
|
|
254
|
+
* protocol caps) require only the owner's signature — no cosign
|
|
255
|
+
* session is required. Low-friction default, suitable for solo
|
|
256
|
+
* founders, AI-agent automation, dev/test vaults, and any vault
|
|
257
|
+
* whose owner is a Squads V4 multisig PDA (multisig at the Solana
|
|
258
|
+
* layer already enforces multi-signer authorization).
|
|
259
|
+
*
|
|
260
|
+
* When `true`: TA-09 elevation checks fire. The seven elevation
|
|
261
|
+
* triggers in `queue_policy_update` (raises_daily_cap,
|
|
262
|
+
* raises_max_tx, expands_destinations, expands_protocols,
|
|
263
|
+
* lowers_floor, weakens_per_recipient_cap, weakens_protocol_caps)
|
|
264
|
+
* require a non-default `cosign_session` pubkey + a corresponding
|
|
265
|
+
* signer in `remaining_accounts` with `is_signer == true`.
|
|
266
|
+
*
|
|
267
|
+
* Toggle semantics:
|
|
268
|
+
* - **Enabling (false → true)** is NON-ELEVATED. It is a safety
|
|
269
|
+
* improvement — owner is voluntarily tightening the policy.
|
|
270
|
+
* Cosign is not required to enable cosign.
|
|
271
|
+
* - **Disabling (true → false)** IS ELEVATED. One-way-ratchet
|
|
272
|
+
* semantics: if cosign is currently ON, the owner cannot turn
|
|
273
|
+
* it OFF without producing a valid cosign signature — exactly
|
|
274
|
+
* the protection cosign was meant to provide. A phishing-
|
|
275
|
+
* compromised owner key cannot silently disable cosign and
|
|
276
|
+
* then drain via subsequent non-elevated mutations.
|
|
277
|
+
*
|
|
278
|
+
* Bound by TA-19 at canonical digest position 20. APPENDED at end
|
|
279
|
+
* of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
280
|
+
*/
|
|
281
|
+
cosignRequired: boolean;
|
|
282
|
+
/**
|
|
283
|
+
* D-5 close (audit 2026-05-19, F-RP3-1): the cosign-session pubkey
|
|
284
|
+
* gating elevated capability grants on the `reactivate_vault` path.
|
|
285
|
+
*
|
|
286
|
+
* THREAT: a phished/leaked owner key can chain
|
|
287
|
+
* `freeze_vault → reactivate_vault(new_agent=ATTACKER, FULL_CAPABILITY)`
|
|
288
|
+
* in a single transaction. The vault's `cosign_required` flag gates
|
|
289
|
+
* elevated MUTATIONS via `queue_policy_update`, but the reactivate
|
|
290
|
+
* path grafts a new agent at FULL_CAPABILITY directly — no timelock,
|
|
291
|
+
* no cosign — yielding an instant operator-class grant.
|
|
292
|
+
*
|
|
293
|
+
* DEFENSE: when `cosign_session_pubkey != Pubkey::default()` AND the
|
|
294
|
+
* reactivate ix passes `capability == FULL_CAPABILITY` for the new
|
|
295
|
+
* agent, the handler REQUIRES a matching signer in
|
|
296
|
+
* `ctx.remaining_accounts` whose key equals this pubkey AND
|
|
297
|
+
* `is_signer == true`. Otherwise rejects with
|
|
298
|
+
* `ErrReactivateCosignRequiredForFullCapability` (6114).
|
|
299
|
+
*
|
|
300
|
+
* Default `Pubkey::default()` at `initialize_vault` time means
|
|
301
|
+
* existing vaults retain today's behavior (no cosign gate on
|
|
302
|
+
* reactivate). Owners opt in by setting a non-default value via
|
|
303
|
+
* `queue_policy_update`. Setting a non-default value here is
|
|
304
|
+
* orthogonal to `cosign_required` — the two gate different ix paths
|
|
305
|
+
* (queue/apply vs reactivate) and use different pubkey sources
|
|
306
|
+
* (`pending.cosign_session` vs this field).
|
|
307
|
+
*
|
|
308
|
+
* Bound by TA-19 at canonical digest position 22. APPENDED at end
|
|
309
|
+
* of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
310
|
+
*/
|
|
311
|
+
cosignSessionPubkey: Address;
|
|
312
|
+
/**
|
|
313
|
+
* F-Q6 (2026-06-02): owner-configured delay (in seconds) before an
|
|
314
|
+
* OPERATOR capability grant takes effect. Default 0. An owner-set
|
|
315
|
+
* security control gating OPERATOR seating — bound by TA-19 at canonical
|
|
316
|
+
* digest position 22 so a tampered SDK or pending-PDA mutation cannot
|
|
317
|
+
* silently lower it between owner approval and on-chain landing.
|
|
318
|
+
* Changeable only via the timelocked `queue_policy_update` path (so
|
|
319
|
+
* lowering it is itself delayed). The single-key forced floor
|
|
320
|
+
* (`max(field, 600)`) and per-tier grant logic live in `register_agent`
|
|
321
|
+
* / `queue_agent_grant`.
|
|
322
|
+
*
|
|
323
|
+
* APPENDED at end of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
324
|
+
*/
|
|
325
|
+
operatorGrantDelaySeconds: bigint;
|
|
104
326
|
};
|
|
105
327
|
export type PolicyConfigArgs = {
|
|
106
328
|
/** Associated vault pubkey */
|
|
@@ -113,10 +335,9 @@ export type PolicyConfigArgs = {
|
|
|
113
335
|
/** Maximum single transaction size in USD (6 decimals). */
|
|
114
336
|
maxTransactionSizeUsd: number | bigint;
|
|
115
337
|
/**
|
|
116
|
-
* Protocol
|
|
117
|
-
* 0
|
|
118
|
-
*
|
|
119
|
-
* 2 = denylist (all except protocols in list)
|
|
338
|
+
* Protocol allowlist mode. Phase 2 Option A: ONLY value 1 (ALLOWLIST)
|
|
339
|
+
* permitted. Modes 0 (ALL) and 2 (DENYLIST) deleted under L-1. Handler
|
|
340
|
+
* rejects any other value with `ErrInvalidProtocolMode`.
|
|
120
341
|
*/
|
|
121
342
|
protocolMode: number;
|
|
122
343
|
/**
|
|
@@ -130,9 +351,13 @@ export type PolicyConfigArgs = {
|
|
|
130
351
|
*/
|
|
131
352
|
developerFeeRate: number;
|
|
132
353
|
/**
|
|
133
|
-
* Maximum slippage tolerance
|
|
134
|
-
*
|
|
135
|
-
*
|
|
354
|
+
* Maximum slippage tolerance (basis points) — generic config primitive
|
|
355
|
+
* preserved per D-5 across Phase 1 Option A demolition. Per L-1 there is
|
|
356
|
+
* no on-chain Jupiter slippage verifier in V1; this field is consumed by
|
|
357
|
+
* off-chain SDK simulators and (Phase 6) generic post-execution assertions
|
|
358
|
+
* (R-1 mint-delta cap). Validated at config time via
|
|
359
|
+
* `max_slippage_bps <= MAX_SLIPPAGE_BPS` (= 5000 BPS = 50% ceiling).
|
|
360
|
+
* 0 = no slippage protection configured.
|
|
136
361
|
*/
|
|
137
362
|
maxSlippageBps: number;
|
|
138
363
|
/** Timelock duration in seconds for policy changes. 0 = no timelock. */
|
|
@@ -142,11 +367,6 @@ export type PolicyConfigArgs = {
|
|
|
142
367
|
* Empty = any destination allowed. Bounded to MAX_ALLOWED_DESTINATIONS.
|
|
143
368
|
*/
|
|
144
369
|
allowedDestinations: Array<Address>;
|
|
145
|
-
/**
|
|
146
|
-
* Whether instruction constraints PDA exists for this vault.
|
|
147
|
-
* Set true by create_instruction_constraints, false by apply_close_constraints.
|
|
148
|
-
*/
|
|
149
|
-
hasConstraints: boolean;
|
|
150
370
|
/**
|
|
151
371
|
* Whether a pending policy update PDA exists for this vault.
|
|
152
372
|
* Set true by queue_policy_update, false by apply/cancel_pending_policy.
|
|
@@ -186,14 +406,237 @@ export type PolicyConfigArgs = {
|
|
|
186
406
|
*/
|
|
187
407
|
hasPostAssertions: number;
|
|
188
408
|
/**
|
|
189
|
-
* Destination access control mode for `agent_transfer
|
|
190
|
-
*
|
|
191
|
-
*
|
|
192
|
-
* Closes F-4 (third-pass audit)
|
|
193
|
-
*
|
|
194
|
-
* queue_policy_update / apply_pending_policy.
|
|
409
|
+
* Destination access control mode for `agent_transfer` and spending paths.
|
|
410
|
+
*
|
|
411
|
+
* Phase 2 Option A: only value 0 (RESTRICTED) is accepted. Permissive
|
|
412
|
+
* OPEN_WITH_CAP (1) was deleted. Closes F-4 (third-pass audit) and the
|
|
413
|
+
* subsequent owner-opt-in window definitively.
|
|
195
414
|
*/
|
|
196
415
|
destinationMode: number;
|
|
416
|
+
/**
|
|
417
|
+
* TA-19 (Phase 2): SHA-256 digest of the canonical Borsh encoding of the
|
|
418
|
+
* policy fields the owner approved at queue/init time. Bound at the same
|
|
419
|
+
* instruction where the owner signs the change, re-asserted at apply, so
|
|
420
|
+
* a compromised owner-signer or pending-PDA tampering cannot mutate the
|
|
421
|
+
* applied policy without producing a digest mismatch.
|
|
422
|
+
*
|
|
423
|
+
* CANONICAL ENCODING (FIXED — DO NOT REORDER):
|
|
424
|
+
* 1. `daily_spending_cap_usd: u64`
|
|
425
|
+
* 2. `max_transaction_size_usd: u64`
|
|
426
|
+
* 3. `max_slippage_bps: u16`
|
|
427
|
+
* 4. `developer_fee_rate: u16` — PEN-CROSS-6 (Phase 2 close-up)
|
|
428
|
+
* 5. `protocol_mode: u8`
|
|
429
|
+
* 6. `protocols: Vec<Pubkey>`
|
|
430
|
+
* 7. `destination_mode: u8`
|
|
431
|
+
* 8. `allowed_destinations: Vec<Pubkey>`
|
|
432
|
+
* 9. `timelock_duration: u64`
|
|
433
|
+
* 10. `session_expiry_seconds: u64`
|
|
434
|
+
* 11. `observe_only: bool`
|
|
435
|
+
* 12. `has_constraints: bool`
|
|
436
|
+
* 13. `has_post_assertions: u8`
|
|
437
|
+
* 14. `created_at_slot: u64` — PEN-CROSS-2 (Phase 2 close-up)
|
|
438
|
+
*
|
|
439
|
+
* All fields encoded as Borsh: u8/u16/u64 little-endian, `bool` as `[u8; 1]`
|
|
440
|
+
* (0 or 1), `Vec<Pubkey>` as `u32_le_len ++ pubkey_bytes_concatenated`.
|
|
441
|
+
* The SDK helper `computePolicyPreviewDigest` mirrors this encoding exactly.
|
|
442
|
+
*
|
|
443
|
+
* APPENDED at end of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
444
|
+
*/
|
|
445
|
+
policyPreviewDigest: ReadonlyUint8Array;
|
|
446
|
+
/**
|
|
447
|
+
* PEN-CROSS-2 (Phase 2 close-up): the slot at which `initialize_vault`
|
|
448
|
+
* minted this PolicyConfig. Bound by TA-19 at position 14 of the
|
|
449
|
+
* canonical digest encoding.
|
|
450
|
+
*
|
|
451
|
+
* Closes the close+reinit replay window: an owner who closes a vault
|
|
452
|
+
* (via `close_vault`) and later re-inits a fresh PDA at the same
|
|
453
|
+
* (owner, vault_id) gets a new `created_at_slot`. The signed
|
|
454
|
+
* `initialize_vault` ix from the old vault encodes the OLD slot in its
|
|
455
|
+
* preview digest, so replaying that signed tx against the fresh PDA
|
|
456
|
+
* produces a digest mismatch and `PolicyPreviewMismatch` rejects it.
|
|
457
|
+
*
|
|
458
|
+
* APPENDED at end of struct per F-14 APPEND-ONLY rule.
|
|
459
|
+
*/
|
|
460
|
+
createdAtSlot: number | bigint;
|
|
461
|
+
/**
|
|
462
|
+
* TA-05 (Phase 3 pre-execution guard #2): 24-bit UTC operating-hours
|
|
463
|
+
* bitmask. Bit `n` (0 ≤ n ≤ 23) set → spending allowed when
|
|
464
|
+
* `clock.unix_timestamp / 3600 % 24 == n`. Upper 8 bits (24..=31)
|
|
465
|
+
* MUST be zero; rejected at write-time.
|
|
466
|
+
*
|
|
467
|
+
* Default for owners who don't narrow: 0xFFFFFF (all 24 hours enabled
|
|
468
|
+
* — equivalent to "no operating-hours constraint"). New vaults set
|
|
469
|
+
* this explicitly via the digest the owner signs; back-compat
|
|
470
|
+
* consideration removed per L-3 (Phase 2 TA-19 bound the field anyway).
|
|
471
|
+
*
|
|
472
|
+
* Bound by TA-19 at position 15 of the canonical digest encoding.
|
|
473
|
+
* APPENDED at end of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
474
|
+
*/
|
|
475
|
+
operatingHours: number;
|
|
476
|
+
/**
|
|
477
|
+
* TA-07 (Phase 3 pre-execution guard #4): first-time-destination
|
|
478
|
+
* 24-hour graylist friction. When a NEW destination is added to
|
|
479
|
+
* `allowed_destinations` (via queue_policy_update), it enters this
|
|
480
|
+
* graylist with `unlock_unix = now + 86400` (24h). Until either
|
|
481
|
+
* (a) the unlock time elapses OR (b) the owner calls
|
|
482
|
+
* `promote_graylist_destination` to fast-track, spending paths
|
|
483
|
+
* reject any tx routing value to that destination with
|
|
484
|
+
* `ErrGraylistFriction` (6077).
|
|
485
|
+
*
|
|
486
|
+
* Tuple is `(destination_pubkey, unlock_unix)`. Bounded ≤10 entries
|
|
487
|
+
* (max_destinations). When full, additional allowlist adds reject
|
|
488
|
+
* with `ErrGraylistFull` (6087) until an existing entry unlocks or
|
|
489
|
+
* is promoted.
|
|
490
|
+
*
|
|
491
|
+
* DESIGN: graylist entries are derived/ephemeral state — the owner's
|
|
492
|
+
* signed digest already binds the allowlist (canonical position 8),
|
|
493
|
+
* and graylist friction only delays an already-authorised destination.
|
|
494
|
+
* Therefore the graylist itself is NOT in the canonical digest
|
|
495
|
+
* encoding. Promoting accelerates the unlock but cannot widen the
|
|
496
|
+
* allowlist beyond what the owner signed.
|
|
497
|
+
*
|
|
498
|
+
* APPENDED at end of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
499
|
+
*/
|
|
500
|
+
destinationGraylist: Array<DestinationGraylistEntryArgs>;
|
|
501
|
+
/**
|
|
502
|
+
* TA-07 (Phase 3): if true, new destinations added to the allowlist
|
|
503
|
+
* skip the 24h graylist entirely (audit trail still recorded via
|
|
504
|
+
* emitted events). Bound by TA-19 at canonical digest position 16
|
|
505
|
+
* so the owner's choice to bypass friction is part of the signed
|
|
506
|
+
* configuration — not silently flipped.
|
|
507
|
+
*
|
|
508
|
+
* Default false. APPENDED at end per F-14 APPEND-ONLY rule.
|
|
509
|
+
*/
|
|
510
|
+
autoPromoteGrays: boolean;
|
|
511
|
+
/**
|
|
512
|
+
* TA-17 (Phase 3 pre-execution guard #7): consecutive-failure
|
|
513
|
+
* threshold after which an agent's capability is auto-revoked.
|
|
514
|
+
* Owner-configurable in range 3..=20; out-of-range values rejected
|
|
515
|
+
* at policy-write time with `InvalidPermissions`. Default 5.
|
|
516
|
+
*
|
|
517
|
+
* Only on-chain policy-violation codes (6074-6091) count — see
|
|
518
|
+
* `POLICY_VIOLATION_RANGE` in finalize_session. External codes
|
|
519
|
+
* (CU exhaustion, nonce desync, auth) do NOT increment.
|
|
520
|
+
*
|
|
521
|
+
* Bound by TA-19 at canonical digest position 17. APPENDED per
|
|
522
|
+
* F-14 APPEND-ONLY rule.
|
|
523
|
+
*/
|
|
524
|
+
autoRevokeThreshold: number;
|
|
525
|
+
/**
|
|
526
|
+
* TA-12 (Phase 5 post-execution invariant #1): hard floor on the
|
|
527
|
+
* combined USDC + USDT balance held by the vault. After every
|
|
528
|
+
* `finalize_session` spending path completes (CPI balance audit +
|
|
529
|
+
* rolling-cap + per-agent + per-protocol bookkeeping), the handler
|
|
530
|
+
* re-reads the vault's USDC + USDT token-account balances and
|
|
531
|
+
* asserts their sum is ≥ this value. If not, it rejects with
|
|
532
|
+
* `ErrStableFloorViolation` (6085).
|
|
533
|
+
*
|
|
534
|
+
* This is the LAST defensive line — no combination of attacks (CPI
|
|
535
|
+
* drain, per-protocol cap bypass via async fulfillment, fee
|
|
536
|
+
* inflation, slippage manipulation) may drain the vault below this
|
|
537
|
+
* line. Default 0 (no reserve — preserves all existing vault
|
|
538
|
+
* behavior). Owner-configurable via `initialize_vault` and
|
|
539
|
+
* `queue_policy_update`.
|
|
540
|
+
*
|
|
541
|
+
* Bound by TA-19 at canonical digest position 18. APPENDED per
|
|
542
|
+
* F-14 APPEND-ONLY rule for Borsh stability.
|
|
543
|
+
*/
|
|
544
|
+
stableBalanceFloor: number | bigint;
|
|
545
|
+
/**
|
|
546
|
+
* TA-14 (Phase 5 post-execution invariant #2): rolling 24h
|
|
547
|
+
* per-recipient outflow cap, in 6-decimal USDC face value. When
|
|
548
|
+
* non-zero, every `finalize_session` spending path validates that
|
|
549
|
+
* the recipient's rolling 24h spend (tracked on
|
|
550
|
+
* `SpendTracker.per_recipient`) PLUS this transaction's outflow
|
|
551
|
+
* to that recipient stays ≤ this value. Otherwise rejects with
|
|
552
|
+
* `ErrRecipientCapExceeded` (6096).
|
|
553
|
+
*
|
|
554
|
+
* Default 0 (no per-recipient cap) preserves existing vault
|
|
555
|
+
* behavior. Owner-configurable via `initialize_vault` and
|
|
556
|
+
* `queue_policy_update`.
|
|
557
|
+
*
|
|
558
|
+
* Bound by TA-19 at canonical digest position 19. APPENDED per
|
|
559
|
+
* F-14 APPEND-ONLY rule for Borsh stability.
|
|
560
|
+
*/
|
|
561
|
+
perRecipientDailyCapUsd: number | bigint;
|
|
562
|
+
/**
|
|
563
|
+
* G6 (audit 2026-05-18): owner-controlled opt-in flag for TA-09
|
|
564
|
+
* cosign enforcement on elevated policy mutations.
|
|
565
|
+
*
|
|
566
|
+
* When `false` (default): elevated mutations (raising caps,
|
|
567
|
+
* expanding allowlists, weakening floors / per-recipient caps /
|
|
568
|
+
* protocol caps) require only the owner's signature — no cosign
|
|
569
|
+
* session is required. Low-friction default, suitable for solo
|
|
570
|
+
* founders, AI-agent automation, dev/test vaults, and any vault
|
|
571
|
+
* whose owner is a Squads V4 multisig PDA (multisig at the Solana
|
|
572
|
+
* layer already enforces multi-signer authorization).
|
|
573
|
+
*
|
|
574
|
+
* When `true`: TA-09 elevation checks fire. The seven elevation
|
|
575
|
+
* triggers in `queue_policy_update` (raises_daily_cap,
|
|
576
|
+
* raises_max_tx, expands_destinations, expands_protocols,
|
|
577
|
+
* lowers_floor, weakens_per_recipient_cap, weakens_protocol_caps)
|
|
578
|
+
* require a non-default `cosign_session` pubkey + a corresponding
|
|
579
|
+
* signer in `remaining_accounts` with `is_signer == true`.
|
|
580
|
+
*
|
|
581
|
+
* Toggle semantics:
|
|
582
|
+
* - **Enabling (false → true)** is NON-ELEVATED. It is a safety
|
|
583
|
+
* improvement — owner is voluntarily tightening the policy.
|
|
584
|
+
* Cosign is not required to enable cosign.
|
|
585
|
+
* - **Disabling (true → false)** IS ELEVATED. One-way-ratchet
|
|
586
|
+
* semantics: if cosign is currently ON, the owner cannot turn
|
|
587
|
+
* it OFF without producing a valid cosign signature — exactly
|
|
588
|
+
* the protection cosign was meant to provide. A phishing-
|
|
589
|
+
* compromised owner key cannot silently disable cosign and
|
|
590
|
+
* then drain via subsequent non-elevated mutations.
|
|
591
|
+
*
|
|
592
|
+
* Bound by TA-19 at canonical digest position 20. APPENDED at end
|
|
593
|
+
* of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
594
|
+
*/
|
|
595
|
+
cosignRequired: boolean;
|
|
596
|
+
/**
|
|
597
|
+
* D-5 close (audit 2026-05-19, F-RP3-1): the cosign-session pubkey
|
|
598
|
+
* gating elevated capability grants on the `reactivate_vault` path.
|
|
599
|
+
*
|
|
600
|
+
* THREAT: a phished/leaked owner key can chain
|
|
601
|
+
* `freeze_vault → reactivate_vault(new_agent=ATTACKER, FULL_CAPABILITY)`
|
|
602
|
+
* in a single transaction. The vault's `cosign_required` flag gates
|
|
603
|
+
* elevated MUTATIONS via `queue_policy_update`, but the reactivate
|
|
604
|
+
* path grafts a new agent at FULL_CAPABILITY directly — no timelock,
|
|
605
|
+
* no cosign — yielding an instant operator-class grant.
|
|
606
|
+
*
|
|
607
|
+
* DEFENSE: when `cosign_session_pubkey != Pubkey::default()` AND the
|
|
608
|
+
* reactivate ix passes `capability == FULL_CAPABILITY` for the new
|
|
609
|
+
* agent, the handler REQUIRES a matching signer in
|
|
610
|
+
* `ctx.remaining_accounts` whose key equals this pubkey AND
|
|
611
|
+
* `is_signer == true`. Otherwise rejects with
|
|
612
|
+
* `ErrReactivateCosignRequiredForFullCapability` (6114).
|
|
613
|
+
*
|
|
614
|
+
* Default `Pubkey::default()` at `initialize_vault` time means
|
|
615
|
+
* existing vaults retain today's behavior (no cosign gate on
|
|
616
|
+
* reactivate). Owners opt in by setting a non-default value via
|
|
617
|
+
* `queue_policy_update`. Setting a non-default value here is
|
|
618
|
+
* orthogonal to `cosign_required` — the two gate different ix paths
|
|
619
|
+
* (queue/apply vs reactivate) and use different pubkey sources
|
|
620
|
+
* (`pending.cosign_session` vs this field).
|
|
621
|
+
*
|
|
622
|
+
* Bound by TA-19 at canonical digest position 22. APPENDED at end
|
|
623
|
+
* of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
624
|
+
*/
|
|
625
|
+
cosignSessionPubkey: Address;
|
|
626
|
+
/**
|
|
627
|
+
* F-Q6 (2026-06-02): owner-configured delay (in seconds) before an
|
|
628
|
+
* OPERATOR capability grant takes effect. Default 0. An owner-set
|
|
629
|
+
* security control gating OPERATOR seating — bound by TA-19 at canonical
|
|
630
|
+
* digest position 22 so a tampered SDK or pending-PDA mutation cannot
|
|
631
|
+
* silently lower it between owner approval and on-chain landing.
|
|
632
|
+
* Changeable only via the timelocked `queue_policy_update` path (so
|
|
633
|
+
* lowering it is itself delayed). The single-key forced floor
|
|
634
|
+
* (`max(field, 600)`) and per-tier grant logic live in `register_agent`
|
|
635
|
+
* / `queue_agent_grant`.
|
|
636
|
+
*
|
|
637
|
+
* APPENDED at end of struct per F-14 APPEND-ONLY rule for Borsh stability.
|
|
638
|
+
*/
|
|
639
|
+
operatorGrantDelaySeconds: number | bigint;
|
|
197
640
|
};
|
|
198
641
|
/** Gets the encoder for {@link PolicyConfigArgs} account data. */
|
|
199
642
|
export declare function getPolicyConfigEncoder(): Encoder<PolicyConfigArgs>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policyConfig.d.ts","sourceRoot":"","sources":["../../../src/generated/accounts/policyConfig.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAKL,mBAAmB,EACnB,oBAAoB,
|
|
1
|
+
{"version":3,"file":"policyConfig.d.ts","sourceRoot":"","sources":["../../../src/generated/accounts/policyConfig.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAKL,mBAAmB,EACnB,oBAAoB,EAsBpB,KAAK,OAAO,EACZ,KAAK,OAAO,EACZ,KAAK,KAAK,EACV,KAAK,OAAO,EACZ,KAAK,cAAc,EACnB,KAAK,OAAO,EACZ,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,EACxB,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACxB,MAAM,aAAa,CAAC;AACrB,OAAO,EAGL,KAAK,wBAAwB,EAC7B,KAAK,4BAA4B,EAClC,MAAM,mBAAmB,CAAC;AAE3B,eAAO,MAAM,2BAA2B,yBAEtC,CAAC;AAEH,wBAAgB,iCAAiC,oCAIhD;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,aAAa,EAAE,kBAAkB,CAAC;IAClC,8BAA8B;IAC9B,KAAK,EAAE,OAAO,CAAC;IACf;;;OAGG;IACH,mBAAmB,EAAE,MAAM,CAAC;IAC5B,2DAA2D;IAC3D,qBAAqB,EAAE,MAAM,CAAC;IAC9B;;;;OAIG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IAC1B;;;OAGG;IACH,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;;;;;;OAQG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB,wEAAwE;IACxE,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;OAGG;IACH,mBAAmB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IACpC;;;OAGG;IACH,gBAAgB,EAAE,OAAO,CAAC;IAC1B;;;OAGG;IACH,eAAe,EAAE,OAAO,CAAC;IACzB;;;;OAIG;IACH,YAAY,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B;;;;;OAKG;IACH,oBAAoB,EAAE,MAAM,CAAC;IAC7B,wBAAwB;IACxB,IAAI,EAAE,MAAM,CAAC;IACb;;;;;OAKG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAC1B;;;;;;OAMG;IACH,eAAe,EAAE,MAAM,CAAC;IACxB;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACH,mBAAmB,EAAE,kBAAkB,CAAC;IACxC;;;;;;;;;;;;;OAaG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;;;;;;;;;;;;OAaG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,mBAAmB,EAAE,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACrD;;;;;;;;OAQG;IACH,gBAAgB,EAAE,OAAO,CAAC;IAC1B;;;;;;;;;;;;OAYG;IACH,mBAAmB,EAAE,MAAM,CAAC;IAC5B;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAC3B;;;;;;;;;;;;;;;OAeG;IACH,uBAAuB,EAAE,MAAM,CAAC;IAChC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACH,cAAc,EAAE,OAAO,CAAC;IACxB;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACH,mBAAmB,EAAE,OAAO,CAAC;IAC7B;;;;;;;;;;;;OAYG;IACH,yBAAyB,EAAE,MAAM,CAAC;CACnC,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,8BAA8B;IAC9B,KAAK,EAAE,OAAO,CAAC;IACf;;;OAGG;IACH,mBAAmB,EAAE,MAAM,GAAG,MAAM,CAAC;IACrC,2DAA2D;IAC3D,qBAAqB,EAAE,MAAM,GAAG,MAAM,CAAC;IACvC;;;;OAIG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IAC1B;;;OAGG;IACH,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;;;;;;OAQG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB,wEAAwE;IACxE,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAAC;IAClC;;;OAGG;IACH,mBAAmB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IACpC;;;OAGG;IACH,gBAAgB,EAAE,OAAO,CAAC;IAC1B;;;OAGG;IACH,eAAe,EAAE,OAAO,CAAC;IACzB;;;;OAIG;IACH,YAAY,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IACrC;;;;;OAKG;IACH,oBAAoB,EAAE,MAAM,GAAG,MAAM,CAAC;IACtC,wBAAwB;IACxB,IAAI,EAAE,MAAM,CAAC;IACb;;;;;OAKG;IACH,aAAa,EAAE,MAAM,GAAG,MAAM,CAAC;IAC/B;;;;OAIG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAC1B;;;;;;OAMG;IACH,eAAe,EAAE,MAAM,CAAC;IACxB;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACH,mBAAmB,EAAE,kBAAkB,CAAC;IACxC;;;;;;;;;;;;;OAaG;IACH,aAAa,EAAE,MAAM,GAAG,MAAM,CAAC;IAC/B;;;;;;;;;;;;;OAaG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,mBAAmB,EAAE,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACzD;;;;;;;;OAQG;IACH,gBAAgB,EAAE,OAAO,CAAC;IAC1B;;;;;;;;;;;;OAYG;IACH,mBAAmB,EAAE,MAAM,CAAC;IAC5B;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,EAAE,MAAM,GAAG,MAAM,CAAC;IACpC;;;;;;;;;;;;;;;OAeG;IACH,uBAAuB,EAAE,MAAM,GAAG,MAAM,CAAC;IACzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACH,cAAc,EAAE,OAAO,CAAC;IACxB;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACH,mBAAmB,EAAE,OAAO,CAAC;IAC7B;;;;;;;;;;;;OAYG;IACH,yBAAyB,EAAE,MAAM,GAAG,MAAM,CAAC;CAC5C,CAAC;AAEF,kEAAkE;AAClE,wBAAgB,sBAAsB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAsClE;AAED,8DAA8D;AAC9D,wBAAgB,sBAAsB,IAAI,OAAO,CAAC,YAAY,CAAC,CAmC9D;AAED,4DAA4D;AAC5D,wBAAgB,oBAAoB,IAAI,KAAK,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAE5E;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,SAAS,MAAM,GAAG,MAAM,EACjE,cAAc,EAAE,cAAc,CAAC,QAAQ,CAAC,GACvC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;AACnC,wBAAgB,kBAAkB,CAAC,QAAQ,SAAS,MAAM,GAAG,MAAM,EACjE,cAAc,EAAE,mBAAmB,CAAC,QAAQ,CAAC,GAC5C,YAAY,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;AAUxC,wBAAsB,iBAAiB,CAAC,QAAQ,SAAS,MAAM,GAAG,MAAM,EACtE,GAAG,EAAE,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAC9C,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,EAC1B,MAAM,CAAC,EAAE,kBAAkB,GAC1B,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAI1C;AAED,wBAAsB,sBAAsB,CAAC,QAAQ,SAAS,MAAM,GAAG,MAAM,EAC3E,GAAG,EAAE,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAC9C,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,EAC1B,MAAM,CAAC,EAAE,kBAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAG/C;AAED,wBAAsB,oBAAoB,CACxC,GAAG,EAAE,UAAU,CAAC,OAAO,oBAAoB,CAAC,CAAC,CAAC,CAAC,EAC/C,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,EACzB,MAAM,CAAC,EAAE,mBAAmB,GAC3B,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAIlC;AAED,wBAAsB,yBAAyB,CAC7C,GAAG,EAAE,UAAU,CAAC,OAAO,oBAAoB,CAAC,CAAC,CAAC,CAAC,EAC/C,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,EACzB,MAAM,CAAC,EAAE,mBAAmB,GAC3B,OAAO,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,CAAC,CAGvC"}
|
|
@@ -5,7 +5,8 @@
|
|
|
5
5
|
*
|
|
6
6
|
* @see https://github.com/codama-idl/codama
|
|
7
7
|
*/
|
|
8
|
-
import { assertAccountExists, assertAccountsExist, combineCodec, decodeAccount, fetchEncodedAccount, fetchEncodedAccounts, fixDecoderSize, fixEncoderSize, getAddressDecoder, getAddressEncoder, getArrayDecoder, getArrayEncoder, getBooleanDecoder, getBooleanEncoder, getBytesDecoder, getBytesEncoder, getStructDecoder, getStructEncoder, getU16Decoder, getU16Encoder, getU64Decoder, getU64Encoder, getU8Decoder, getU8Encoder, transformEncoder, } from "@solana/kit";
|
|
8
|
+
import { assertAccountExists, assertAccountsExist, combineCodec, decodeAccount, fetchEncodedAccount, fetchEncodedAccounts, fixDecoderSize, fixEncoderSize, getAddressDecoder, getAddressEncoder, getArrayDecoder, getArrayEncoder, getBooleanDecoder, getBooleanEncoder, getBytesDecoder, getBytesEncoder, getStructDecoder, getStructEncoder, getU16Decoder, getU16Encoder, getU32Decoder, getU32Encoder, getU64Decoder, getU64Encoder, getU8Decoder, getU8Encoder, transformEncoder, } from "@solana/kit";
|
|
9
|
+
import { getDestinationGraylistEntryDecoder, getDestinationGraylistEntryEncoder, } from "../types/index.js";
|
|
9
10
|
export const POLICY_CONFIG_DISCRIMINATOR = new Uint8Array([
|
|
10
11
|
219, 7, 79, 84, 175, 51, 148, 146,
|
|
11
12
|
]);
|
|
@@ -25,7 +26,6 @@ export function getPolicyConfigEncoder() {
|
|
|
25
26
|
["maxSlippageBps", getU16Encoder()],
|
|
26
27
|
["timelockDuration", getU64Encoder()],
|
|
27
28
|
["allowedDestinations", getArrayEncoder(getAddressEncoder())],
|
|
28
|
-
["hasConstraints", getBooleanEncoder()],
|
|
29
29
|
["hasPendingPolicy", getBooleanEncoder()],
|
|
30
30
|
["hasProtocolCaps", getBooleanEncoder()],
|
|
31
31
|
["protocolCaps", getArrayEncoder(getU64Encoder())],
|
|
@@ -34,6 +34,20 @@ export function getPolicyConfigEncoder() {
|
|
|
34
34
|
["policyVersion", getU64Encoder()],
|
|
35
35
|
["hasPostAssertions", getU8Encoder()],
|
|
36
36
|
["destinationMode", getU8Encoder()],
|
|
37
|
+
["policyPreviewDigest", fixEncoderSize(getBytesEncoder(), 32)],
|
|
38
|
+
["createdAtSlot", getU64Encoder()],
|
|
39
|
+
["operatingHours", getU32Encoder()],
|
|
40
|
+
[
|
|
41
|
+
"destinationGraylist",
|
|
42
|
+
getArrayEncoder(getDestinationGraylistEntryEncoder()),
|
|
43
|
+
],
|
|
44
|
+
["autoPromoteGrays", getBooleanEncoder()],
|
|
45
|
+
["autoRevokeThreshold", getU8Encoder()],
|
|
46
|
+
["stableBalanceFloor", getU64Encoder()],
|
|
47
|
+
["perRecipientDailyCapUsd", getU64Encoder()],
|
|
48
|
+
["cosignRequired", getBooleanEncoder()],
|
|
49
|
+
["cosignSessionPubkey", getAddressEncoder()],
|
|
50
|
+
["operatorGrantDelaySeconds", getU64Encoder()],
|
|
37
51
|
]), (value) => ({ ...value, discriminator: POLICY_CONFIG_DISCRIMINATOR }));
|
|
38
52
|
}
|
|
39
53
|
/** Gets the decoder for {@link PolicyConfig} account data. */
|
|
@@ -49,7 +63,6 @@ export function getPolicyConfigDecoder() {
|
|
|
49
63
|
["maxSlippageBps", getU16Decoder()],
|
|
50
64
|
["timelockDuration", getU64Decoder()],
|
|
51
65
|
["allowedDestinations", getArrayDecoder(getAddressDecoder())],
|
|
52
|
-
["hasConstraints", getBooleanDecoder()],
|
|
53
66
|
["hasPendingPolicy", getBooleanDecoder()],
|
|
54
67
|
["hasProtocolCaps", getBooleanDecoder()],
|
|
55
68
|
["protocolCaps", getArrayDecoder(getU64Decoder())],
|
|
@@ -58,6 +71,20 @@ export function getPolicyConfigDecoder() {
|
|
|
58
71
|
["policyVersion", getU64Decoder()],
|
|
59
72
|
["hasPostAssertions", getU8Decoder()],
|
|
60
73
|
["destinationMode", getU8Decoder()],
|
|
74
|
+
["policyPreviewDigest", fixDecoderSize(getBytesDecoder(), 32)],
|
|
75
|
+
["createdAtSlot", getU64Decoder()],
|
|
76
|
+
["operatingHours", getU32Decoder()],
|
|
77
|
+
[
|
|
78
|
+
"destinationGraylist",
|
|
79
|
+
getArrayDecoder(getDestinationGraylistEntryDecoder()),
|
|
80
|
+
],
|
|
81
|
+
["autoPromoteGrays", getBooleanDecoder()],
|
|
82
|
+
["autoRevokeThreshold", getU8Decoder()],
|
|
83
|
+
["stableBalanceFloor", getU64Decoder()],
|
|
84
|
+
["perRecipientDailyCapUsd", getU64Decoder()],
|
|
85
|
+
["cosignRequired", getBooleanDecoder()],
|
|
86
|
+
["cosignSessionPubkey", getAddressDecoder()],
|
|
87
|
+
["operatorGrantDelaySeconds", getU64Decoder()],
|
|
61
88
|
]);
|
|
62
89
|
}
|
|
63
90
|
/** Gets the codec for {@link PolicyConfig} account data. */
|