@usesigil/kit 0.16.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -0
- package/dist/advanced-analytics.d.ts +3 -2
- package/dist/advanced-analytics.d.ts.map +1 -1
- package/dist/advanced-analytics.js +9 -42
- package/dist/advanced-analytics.js.map +1 -1
- package/dist/agent-bootstrap.d.ts +1 -2
- package/dist/agent-bootstrap.d.ts.map +1 -1
- package/dist/agent-bootstrap.js.map +1 -1
- package/dist/agent-errors.d.ts +20 -4
- package/dist/agent-errors.d.ts.map +1 -1
- package/dist/agent-errors.js +864 -367
- package/dist/agent-errors.js.map +1 -1
- package/dist/audit-log.d.ts +101 -0
- package/dist/audit-log.d.ts.map +1 -0
- package/dist/audit-log.js +145 -0
- package/dist/audit-log.js.map +1 -0
- package/dist/caip2-network.d.ts +171 -0
- package/dist/caip2-network.d.ts.map +1 -0
- package/dist/caip2-network.js +202 -0
- package/dist/caip2-network.js.map +1 -0
- package/dist/canonical-encode.d.ts +59 -0
- package/dist/canonical-encode.d.ts.map +1 -0
- package/dist/canonical-encode.js +141 -0
- package/dist/canonical-encode.js.map +1 -0
- package/dist/cosign-helper.d.ts +264 -0
- package/dist/cosign-helper.d.ts.map +1 -0
- package/dist/cosign-helper.js +147 -0
- package/dist/cosign-helper.js.map +1 -0
- package/dist/create-vault.d.ts +92 -0
- package/dist/create-vault.d.ts.map +1 -1
- package/dist/create-vault.js +108 -7
- package/dist/create-vault.js.map +1 -1
- package/dist/dashboard/close-vault.d.ts +110 -0
- package/dist/dashboard/close-vault.d.ts.map +1 -0
- package/dist/dashboard/close-vault.js +165 -0
- package/dist/dashboard/close-vault.js.map +1 -0
- package/dist/dashboard/errors.d.ts +2 -2
- package/dist/dashboard/errors.d.ts.map +1 -1
- package/dist/dashboard/errors.js +11 -7
- package/dist/dashboard/errors.js.map +1 -1
- package/dist/dashboard/index.d.ts +190 -34
- package/dist/dashboard/index.d.ts.map +1 -1
- package/dist/dashboard/index.js +282 -52
- package/dist/dashboard/index.js.map +1 -1
- package/dist/dashboard/mutations.d.ts +153 -24
- package/dist/dashboard/mutations.d.ts.map +1 -1
- package/dist/dashboard/mutations.js +680 -114
- package/dist/dashboard/mutations.js.map +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts.map +1 -1
- package/dist/dashboard/post-assertion-validation.js +169 -48
- package/dist/dashboard/post-assertion-validation.js.map +1 -1
- package/dist/dashboard/reads.d.ts +3 -4
- package/dist/dashboard/reads.d.ts.map +1 -1
- package/dist/dashboard/reads.js +11 -22
- package/dist/dashboard/reads.js.map +1 -1
- package/dist/dashboard/types.d.ts +56 -19
- package/dist/dashboard/types.d.ts.map +1 -1
- package/dist/errors/agent-errors.generated.d.ts +21 -0
- package/dist/errors/agent-errors.generated.d.ts.map +1 -0
- package/dist/errors/agent-errors.generated.js +134 -0
- package/dist/errors/agent-errors.generated.js.map +1 -0
- package/dist/errors/codes.d.ts +21 -2
- package/dist/errors/codes.d.ts.map +1 -1
- package/dist/errors/codes.js +19 -0
- package/dist/errors/codes.js.map +1 -1
- package/dist/errors/context.d.ts +9 -1
- package/dist/errors/context.d.ts.map +1 -1
- package/dist/event-analytics.d.ts +1 -3
- package/dist/event-analytics.d.ts.map +1 -1
- package/dist/event-analytics.js +28 -81
- package/dist/event-analytics.js.map +1 -1
- package/dist/events.d.ts.map +1 -1
- package/dist/events.js +23 -14
- package/dist/events.js.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.d.ts +60 -0
- package/dist/generated/accounts/agentSpendOverlay.d.ts.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.js +6 -2
- package/dist/generated/accounts/agentSpendOverlay.js.map +1 -1
- package/dist/generated/accounts/agentVault.d.ts +168 -4
- package/dist/generated/accounts/agentVault.d.ts.map +1 -1
- package/dist/generated/accounts/agentVault.js +11 -3
- package/dist/generated/accounts/agentVault.js.map +1 -1
- package/dist/generated/accounts/auditLogRejected.d.ts +66 -0
- package/dist/generated/accounts/auditLogRejected.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogRejected.js +68 -0
- package/dist/generated/accounts/auditLogRejected.js.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts +78 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.js +68 -0
- package/dist/generated/accounts/auditLogSuccess.js.map +1 -0
- package/dist/generated/accounts/index.d.ts +4 -4
- package/dist/generated/accounts/index.d.ts.map +1 -1
- package/dist/generated/accounts/index.js +4 -4
- package/dist/generated/accounts/index.js.map +1 -1
- package/dist/generated/accounts/pendingAgentGrant.d.ts +199 -0
- package/dist/generated/accounts/pendingAgentGrant.d.ts.map +1 -0
- package/dist/generated/accounts/pendingAgentGrant.js +75 -0
- package/dist/generated/accounts/pendingAgentGrant.js.map +1 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts +64 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js +7 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts +131 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js +76 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js.map +1 -0
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts +200 -4
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js +19 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js.map +1 -1
- package/dist/generated/accounts/policyConfig.d.ts +479 -36
- package/dist/generated/accounts/policyConfig.d.ts.map +1 -1
- package/dist/generated/accounts/policyConfig.js +30 -3
- package/dist/generated/accounts/policyConfig.js.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.d.ts +2 -2
- package/dist/generated/accounts/postExecutionAssertions.d.ts.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.js +3 -3
- package/dist/generated/accounts/sessionAuthority.d.ts +140 -12
- package/dist/generated/accounts/sessionAuthority.d.ts.map +1 -1
- package/dist/generated/accounts/sessionAuthority.js +9 -7
- package/dist/generated/accounts/sessionAuthority.js.map +1 -1
- package/dist/generated/accounts/spendTracker.d.ts +83 -3
- package/dist/generated/accounts/spendTracker.d.ts.map +1 -1
- package/dist/generated/accounts/spendTracker.js +14 -2
- package/dist/generated/accounts/spendTracker.js.map +1 -1
- package/dist/generated/errors/sigil.d.ts +131 -83
- package/dist/generated/errors/sigil.d.ts.map +1 -1
- package/dist/generated/errors/sigil.js +178 -106
- package/dist/generated/errors/sigil.js.map +1 -1
- package/dist/generated/event-discriminators.d.ts.map +1 -1
- package/dist/generated/event-discriminators.js +11 -14
- package/dist/generated/event-discriminators.js.map +1 -1
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts +142 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts +85 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js.map +1 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts +100 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{applyConstraintsUpdate.js → applyAgentGrant.js} +66 -42
- package/dist/generated/instructions/applyAgentGrant.js.map +1 -0
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts +31 -8
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js +38 -2
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.d.ts +18 -7
- package/dist/generated/instructions/applyPendingPolicy.d.ts.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.js +38 -2
- package/dist/generated/instructions/applyPendingPolicy.js.map +1 -1
- package/dist/generated/instructions/cancelAgentGrant.d.ts +106 -0
- package/dist/generated/instructions/cancelAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{allocatePendingConstraintsPda.js → cancelAgentGrant.js} +54 -42
- package/dist/generated/instructions/cancelAgentGrant.js.map +1 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts +121 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/{queueCloseConstraints.js → cancelOwnershipTransfer.js} +58 -44
- package/dist/generated/instructions/cancelOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/closePostAssertions.d.ts +6 -1
- package/dist/generated/instructions/closePostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/closePostAssertions.js +11 -3
- package/dist/generated/instructions/closePostAssertions.js.map +1 -1
- package/dist/generated/instructions/closeVault.d.ts +40 -8
- package/dist/generated/instructions/closeVault.d.ts.map +1 -1
- package/dist/generated/instructions/closeVault.js +40 -2
- package/dist/generated/instructions/closeVault.js.map +1 -1
- package/dist/generated/instructions/createPostAssertions.d.ts +4 -0
- package/dist/generated/instructions/createPostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/createPostAssertions.js +2 -0
- package/dist/generated/instructions/createPostAssertions.js.map +1 -1
- package/dist/generated/instructions/depositFunds.d.ts +21 -10
- package/dist/generated/instructions/depositFunds.d.ts.map +1 -1
- package/dist/generated/instructions/depositFunds.js +37 -2
- package/dist/generated/instructions/depositFunds.js.map +1 -1
- package/dist/generated/instructions/finalizeSession.d.ts +49 -7
- package/dist/generated/instructions/finalizeSession.d.ts.map +1 -1
- package/dist/generated/instructions/finalizeSession.js +59 -2
- package/dist/generated/instructions/finalizeSession.js.map +1 -1
- package/dist/generated/instructions/freezeVault.d.ts +36 -5
- package/dist/generated/instructions/freezeVault.d.ts.map +1 -1
- package/dist/generated/instructions/freezeVault.js +65 -4
- package/dist/generated/instructions/freezeVault.js.map +1 -1
- package/dist/generated/instructions/index.d.ts +10 -15
- package/dist/generated/instructions/index.d.ts.map +1 -1
- package/dist/generated/instructions/index.js +10 -15
- package/dist/generated/instructions/index.js.map +1 -1
- package/dist/generated/instructions/initializeVault.d.ts +79 -9
- package/dist/generated/instructions/initializeVault.d.ts.map +1 -1
- package/dist/generated/instructions/initializeVault.js +57 -3
- package/dist/generated/instructions/initializeVault.js.map +1 -1
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts +106 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js +181 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/pauseAgent.d.ts +49 -5
- package/dist/generated/instructions/pauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/pauseAgent.js +80 -5
- package/dist/generated/instructions/pauseAgent.js.map +1 -1
- package/dist/generated/instructions/promoteGraylistDestination.d.ts +56 -0
- package/dist/generated/instructions/promoteGraylistDestination.d.ts.map +1 -0
- package/dist/generated/instructions/{createInstructionConstraints.js → promoteGraylistDestination.js} +23 -40
- package/dist/generated/instructions/promoteGraylistDestination.js.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts +113 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.js +181 -0
- package/dist/generated/instructions/queueAgentGrant.js.map +1 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts +8 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js +4 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.d.ts +32 -0
- package/dist/generated/instructions/queuePolicyUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.js +17 -1
- package/dist/generated/instructions/queuePolicyUpdate.js.map +1 -1
- package/dist/generated/instructions/reactivateVault.d.ts +71 -5
- package/dist/generated/instructions/reactivateVault.d.ts.map +1 -1
- package/dist/generated/instructions/reactivateVault.js +80 -5
- package/dist/generated/instructions/reactivateVault.js.map +1 -1
- package/dist/generated/instructions/recordAgentViolation.d.ts +89 -0
- package/dist/generated/instructions/recordAgentViolation.d.ts.map +1 -0
- package/dist/generated/instructions/recordAgentViolation.js +152 -0
- package/dist/generated/instructions/recordAgentViolation.js.map +1 -0
- package/dist/generated/instructions/registerAgent.d.ts +84 -6
- package/dist/generated/instructions/registerAgent.d.ts.map +1 -1
- package/dist/generated/instructions/registerAgent.js +81 -4
- package/dist/generated/instructions/registerAgent.js.map +1 -1
- package/dist/generated/instructions/revokeAgent.d.ts +49 -6
- package/dist/generated/instructions/revokeAgent.d.ts.map +1 -1
- package/dist/generated/instructions/revokeAgent.js +81 -4
- package/dist/generated/instructions/revokeAgent.js.map +1 -1
- package/dist/generated/instructions/setObserveOnly.d.ts +56 -0
- package/dist/generated/instructions/setObserveOnly.d.ts.map +1 -0
- package/dist/generated/instructions/setObserveOnly.js +111 -0
- package/dist/generated/instructions/setObserveOnly.js.map +1 -0
- package/dist/generated/instructions/unpauseAgent.d.ts +46 -5
- package/dist/generated/instructions/unpauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/unpauseAgent.js +80 -5
- package/dist/generated/instructions/unpauseAgent.js.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.d.ts +29 -0
- package/dist/generated/instructions/validateAndAuthorize.d.ts.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.js +4 -0
- package/dist/generated/instructions/validateAndAuthorize.js.map +1 -1
- package/dist/generated/instructions/withdrawFunds.d.ts +53 -11
- package/dist/generated/instructions/withdrawFunds.d.ts.map +1 -1
- package/dist/generated/instructions/withdrawFunds.js +51 -2
- package/dist/generated/instructions/withdrawFunds.js.map +1 -1
- package/dist/generated/programs/sigil.d.ts +79 -99
- package/dist/generated/programs/sigil.d.ts.map +1 -1
- package/dist/generated/programs/sigil.js +139 -199
- package/dist/generated/programs/sigil.js.map +1 -1
- package/dist/generated/types/actionAuthorized.d.ts +0 -2
- package/dist/generated/types/actionAuthorized.d.ts.map +1 -1
- package/dist/generated/types/actionAuthorized.js +0 -2
- package/dist/generated/types/actionAuthorized.js.map +1 -1
- package/dist/generated/types/agentAutoRevoked.d.ts +31 -0
- package/dist/generated/types/agentAutoRevoked.d.ts.map +1 -0
- package/dist/generated/types/{orphanConstraintsPdaCleaned.js → agentAutoRevoked.js} +12 -8
- package/dist/generated/types/agentAutoRevoked.js.map +1 -0
- package/dist/generated/types/agentEntry.d.ts +48 -0
- package/dist/generated/types/agentEntry.d.ts.map +1 -1
- package/dist/generated/types/agentEntry.js +4 -2
- package/dist/generated/types/agentEntry.js.map +1 -1
- package/dist/generated/types/agentGrantApplied.d.ts +38 -0
- package/dist/generated/types/agentGrantApplied.d.ts.map +1 -0
- package/dist/generated/types/agentGrantApplied.js +34 -0
- package/dist/generated/types/agentGrantApplied.js.map +1 -0
- package/dist/generated/types/agentGrantCancelled.d.ts +33 -0
- package/dist/generated/types/agentGrantCancelled.d.ts.map +1 -0
- package/dist/generated/types/agentGrantCancelled.js +28 -0
- package/dist/generated/types/agentGrantCancelled.js.map +1 -0
- package/dist/generated/types/agentGrantQueued.d.ts +38 -0
- package/dist/generated/types/agentGrantQueued.d.ts.map +1 -0
- package/dist/generated/types/agentGrantQueued.js +32 -0
- package/dist/generated/types/agentGrantQueued.js.map +1 -0
- package/dist/generated/types/auditEntry.d.ts +120 -0
- package/dist/generated/types/auditEntry.d.ts.map +1 -0
- package/dist/generated/types/auditEntry.js +34 -0
- package/dist/generated/types/auditEntry.js.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts +32 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.js +24 -0
- package/dist/generated/types/destinationGraylistEntry.js.map +1 -0
- package/dist/generated/types/graylistEntered.d.ts +31 -0
- package/dist/generated/types/graylistEntered.d.ts.map +1 -0
- package/dist/generated/types/graylistEntered.js +30 -0
- package/dist/generated/types/graylistEntered.js.map +1 -0
- package/dist/generated/types/graylistPromoted.d.ts +29 -0
- package/dist/generated/types/graylistPromoted.d.ts.map +1 -0
- package/dist/generated/types/graylistPromoted.js +28 -0
- package/dist/generated/types/graylistPromoted.js.map +1 -0
- package/dist/generated/types/index.d.ts +13 -22
- package/dist/generated/types/index.d.ts.map +1 -1
- package/dist/generated/types/index.js +13 -22
- package/dist/generated/types/index.js.map +1 -1
- package/dist/generated/types/observeOnlyChanged.d.ts +33 -0
- package/dist/generated/types/observeOnlyChanged.d.ts.map +1 -0
- package/dist/generated/types/observeOnlyChanged.js +32 -0
- package/dist/generated/types/observeOnlyChanged.js.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts +32 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.js +30 -0
- package/dist/generated/types/ownershipTransferAccepted.js.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts +29 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.js +28 -0
- package/dist/generated/types/ownershipTransferCancelled.js.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts +33 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.js +30 -0
- package/dist/generated/types/ownershipTransferInitiated.js.map +1 -0
- package/dist/generated/types/perRecipientCounter.d.ts +61 -0
- package/dist/generated/types/perRecipientCounter.d.ts.map +1 -0
- package/dist/generated/types/perRecipientCounter.js +26 -0
- package/dist/generated/types/perRecipientCounter.js.map +1 -0
- package/dist/generated/types/postAssertionEntry.d.ts +14 -7
- package/dist/generated/types/postAssertionEntry.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntry.js +5 -7
- package/dist/generated/types/postAssertionEntry.js.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.d.ts +53 -22
- package/dist/generated/types/postAssertionEntryZC.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.js +4 -6
- package/dist/generated/types/postAssertionEntryZC.js.map +1 -1
- package/dist/generated/types/sessionFinalized.d.ts +0 -4
- package/dist/generated/types/sessionFinalized.d.ts.map +1 -1
- package/dist/generated/types/sessionFinalized.js +0 -2
- package/dist/generated/types/sessionFinalized.js.map +1 -1
- package/dist/generated/types/vaultFrozen.d.ts +14 -0
- package/dist/generated/types/vaultFrozen.d.ts.map +1 -1
- package/dist/generated/types/vaultFrozen.js +2 -0
- package/dist/generated/types/vaultFrozen.js.map +1 -1
- package/dist/index.d.ts +31 -9
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +67 -11
- package/dist/index.js.map +1 -1
- package/dist/inspector.d.ts +0 -23
- package/dist/inspector.d.ts.map +1 -1
- package/dist/inspector.js +0 -52
- package/dist/inspector.js.map +1 -1
- package/dist/kit-adapter.d.ts +1 -1
- package/dist/kit-adapter.d.ts.map +1 -1
- package/dist/kit-adapter.js +1 -1
- package/dist/kit-adapter.js.map +1 -1
- package/dist/multisig-detection.d.ts +83 -0
- package/dist/multisig-detection.d.ts.map +1 -0
- package/dist/multisig-detection.js +128 -0
- package/dist/multisig-detection.js.map +1 -0
- package/dist/ownership-transfer.d.ts +79 -0
- package/dist/ownership-transfer.d.ts.map +1 -0
- package/dist/ownership-transfer.js +66 -0
- package/dist/ownership-transfer.js.map +1 -0
- package/dist/policy/compute-agent-perms-cosign-digest.d.ts +51 -0
- package/dist/policy/compute-agent-perms-cosign-digest.d.ts.map +1 -0
- package/dist/policy/compute-agent-perms-cosign-digest.js +55 -0
- package/dist/policy/compute-agent-perms-cosign-digest.js.map +1 -0
- package/dist/policy/compute-cosign-digest.d.ts +193 -0
- package/dist/policy/compute-cosign-digest.d.ts.map +1 -0
- package/dist/policy/compute-cosign-digest.js +318 -0
- package/dist/policy/compute-cosign-digest.js.map +1 -0
- package/dist/policy/compute-policy-preview-digest.d.ts +279 -0
- package/dist/policy/compute-policy-preview-digest.d.ts.map +1 -0
- package/dist/policy/compute-policy-preview-digest.js +373 -0
- package/dist/policy/compute-policy-preview-digest.js.map +1 -0
- package/dist/policy-attestation.d.ts +51 -0
- package/dist/policy-attestation.d.ts.map +1 -0
- package/dist/policy-attestation.js +43 -0
- package/dist/policy-attestation.js.map +1 -0
- package/dist/preview-create-vault.d.ts.map +1 -1
- package/dist/preview-create-vault.js +37 -16
- package/dist/preview-create-vault.js.map +1 -1
- package/dist/resolve-accounts.d.ts +75 -10
- package/dist/resolve-accounts.d.ts.map +1 -1
- package/dist/resolve-accounts.js +68 -32
- package/dist/resolve-accounts.js.map +1 -1
- package/dist/rpc-helpers.d.ts +29 -3
- package/dist/rpc-helpers.d.ts.map +1 -1
- package/dist/rpc-helpers.js +51 -12
- package/dist/rpc-helpers.js.map +1 -1
- package/dist/seal/intent-digest.d.ts +195 -0
- package/dist/seal/intent-digest.d.ts.map +1 -0
- package/dist/seal/intent-digest.js +372 -0
- package/dist/seal/intent-digest.js.map +1 -0
- package/dist/seal.d.ts +166 -3
- package/dist/seal.d.ts.map +1 -1
- package/dist/seal.js +428 -32
- package/dist/seal.js.map +1 -1
- package/dist/security-analytics.d.ts +3 -3
- package/dist/security-analytics.d.ts.map +1 -1
- package/dist/security-analytics.js +13 -128
- package/dist/security-analytics.js.map +1 -1
- package/dist/session-mint.d.ts +72 -0
- package/dist/session-mint.d.ts.map +1 -0
- package/dist/session-mint.js +59 -0
- package/dist/session-mint.js.map +1 -0
- package/dist/simulation.d.ts +19 -0
- package/dist/simulation.d.ts.map +1 -1
- package/dist/simulation.js +187 -95
- package/dist/simulation.js.map +1 -1
- package/dist/squads-detection.d.ts +135 -0
- package/dist/squads-detection.d.ts.map +1 -0
- package/dist/squads-detection.js +124 -0
- package/dist/squads-detection.js.map +1 -0
- package/dist/state-resolver.d.ts +0 -16
- package/dist/state-resolver.d.ts.map +1 -1
- package/dist/state-resolver.js +162 -97
- package/dist/state-resolver.js.map +1 -1
- package/dist/testing/devnet.d.ts +40 -1
- package/dist/testing/devnet.d.ts.map +1 -1
- package/dist/testing/devnet.js +333 -44
- package/dist/testing/devnet.js.map +1 -1
- package/dist/testing/errors/expect.d.ts +1 -1
- package/dist/testing/errors/expect.js +1 -1
- package/dist/testing/errors/names.generated.d.ts +82 -58
- package/dist/testing/errors/names.generated.d.ts.map +1 -1
- package/dist/testing/errors/names.generated.js +83 -59
- package/dist/testing/errors/names.generated.js.map +1 -1
- package/dist/testing/mock-rpc.d.ts +8 -0
- package/dist/testing/mock-rpc.d.ts.map +1 -1
- package/dist/testing/mock-rpc.js +13 -0
- package/dist/testing/mock-rpc.js.map +1 -1
- package/dist/testing/mock-state.d.ts +2 -0
- package/dist/testing/mock-state.d.ts.map +1 -1
- package/dist/testing/mock-state.js +43 -4
- package/dist/testing/mock-state.js.map +1 -1
- package/dist/types.d.ts +5 -15
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +11 -69
- package/dist/types.js.map +1 -1
- package/dist/vault-analytics.d.ts +0 -2
- package/dist/vault-analytics.d.ts.map +1 -1
- package/dist/vault-analytics.js +1 -9
- package/dist/vault-analytics.js.map +1 -1
- package/package.json +7 -12
- package/dist/constraints/index.d.ts +0 -23
- package/dist/constraints/index.d.ts.map +0 -1
- package/dist/constraints/index.js +0 -24
- package/dist/constraints/index.js.map +0 -1
- package/dist/dashboard/constraint-builders.d.ts +0 -82
- package/dist/dashboard/constraint-builders.d.ts.map +0 -1
- package/dist/dashboard/constraint-builders.js +0 -204
- package/dist/dashboard/constraint-builders.js.map +0 -1
- package/dist/dashboard/constraint-reads.d.ts +0 -50
- package/dist/dashboard/constraint-reads.d.ts.map +0 -1
- package/dist/dashboard/constraint-reads.js +0 -119
- package/dist/dashboard/constraint-reads.js.map +0 -1
- package/dist/generated/accounts/escrowDeposit.d.ts +0 -50
- package/dist/generated/accounts/escrowDeposit.d.ts.map +0 -1
- package/dist/generated/accounts/escrowDeposit.js +0 -76
- package/dist/generated/accounts/escrowDeposit.js.map +0 -1
- package/dist/generated/accounts/instructionConstraints.d.ts +0 -46
- package/dist/generated/accounts/instructionConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/instructionConstraints.js +0 -73
- package/dist/generated/accounts/instructionConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.d.ts +0 -49
- package/dist/generated/accounts/pendingCloseConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.js +0 -68
- package/dist/generated/accounts/pendingCloseConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts +0 -76
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.js +0 -77
- package/dist/generated/accounts/pendingConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.d.ts +0 -62
- package/dist/generated/instructions/allocateConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.js +0 -134
- package/dist/generated/instructions/allocateConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts +0 -66
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.d.ts +0 -59
- package/dist/generated/instructions/applyCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.js +0 -143
- package/dist/generated/instructions/applyCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts +0 -62
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.d.ts +0 -51
- package/dist/generated/instructions/cancelCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.js +0 -115
- package/dist/generated/instructions/cancelCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts +0 -51
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.js +0 -115
- package/dist/generated/instructions/cancelConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts +0 -67
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js +0 -120
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.d.ts +0 -72
- package/dist/generated/instructions/closeSettledEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.js +0 -127
- package/dist/generated/instructions/closeSettledEscrow.js.map +0 -1
- package/dist/generated/instructions/createEscrow.d.ts +0 -131
- package/dist/generated/instructions/createEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/createEscrow.js +0 -272
- package/dist/generated/instructions/createEscrow.js.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.d.ts +0 -68
- package/dist/generated/instructions/createInstructionConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.js.map +0 -1
- package/dist/generated/instructions/extendPda.d.ts +0 -52
- package/dist/generated/instructions/extendPda.d.ts.map +0 -1
- package/dist/generated/instructions/extendPda.js +0 -86
- package/dist/generated/instructions/extendPda.js.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.d.ts +0 -66
- package/dist/generated/instructions/queueCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts +0 -75
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.js +0 -154
- package/dist/generated/instructions/queueConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/refundEscrow.d.ts +0 -74
- package/dist/generated/instructions/refundEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/refundEscrow.js +0 -142
- package/dist/generated/instructions/refundEscrow.js.map +0 -1
- package/dist/generated/instructions/settleEscrow.d.ts +0 -80
- package/dist/generated/instructions/settleEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/settleEscrow.js +0 -173
- package/dist/generated/instructions/settleEscrow.js.map +0 -1
- package/dist/generated/types/accountConstraint.d.ts +0 -33
- package/dist/generated/types/accountConstraint.d.ts.map +0 -1
- package/dist/generated/types/accountConstraint.js +0 -26
- package/dist/generated/types/accountConstraint.js.map +0 -1
- package/dist/generated/types/accountConstraintZC.d.ts +0 -25
- package/dist/generated/types/accountConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/accountConstraintZC.js +0 -28
- package/dist/generated/types/accountConstraintZC.js.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.d.ts +0 -20
- package/dist/generated/types/closeConstraintsApplied.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.js +0 -24
- package/dist/generated/types/closeConstraintsApplied.js.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.d.ts +0 -16
- package/dist/generated/types/closeConstraintsCancelled.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.js +0 -18
- package/dist/generated/types/closeConstraintsCancelled.js.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.d.ts +0 -20
- package/dist/generated/types/closeConstraintsQueued.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.js +0 -24
- package/dist/generated/types/closeConstraintsQueued.js.map +0 -1
- package/dist/generated/types/constraintEntry.d.ts +0 -35
- package/dist/generated/types/constraintEntry.d.ts.map +0 -1
- package/dist/generated/types/constraintEntry.js +0 -29
- package/dist/generated/types/constraintEntry.js.map +0 -1
- package/dist/generated/types/constraintEntryZC.d.ts +0 -73
- package/dist/generated/types/constraintEntryZC.d.ts.map +0 -1
- package/dist/generated/types/constraintEntryZC.js +0 -49
- package/dist/generated/types/constraintEntryZC.js.map +0 -1
- package/dist/generated/types/constraintOperator.d.ts +0 -22
- package/dist/generated/types/constraintOperator.d.ts.map +0 -1
- package/dist/generated/types/constraintOperator.js +0 -28
- package/dist/generated/types/constraintOperator.js.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.d.ts +0 -30
- package/dist/generated/types/constraintsChangeApplied.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.js +0 -32
- package/dist/generated/types/constraintsChangeApplied.js.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.d.ts +0 -16
- package/dist/generated/types/constraintsChangeCancelled.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.js +0 -18
- package/dist/generated/types/constraintsChangeCancelled.js.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.d.ts +0 -30
- package/dist/generated/types/constraintsChangeQueued.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.js +0 -32
- package/dist/generated/types/constraintsChangeQueued.js.map +0 -1
- package/dist/generated/types/dataConstraint.d.ts +0 -23
- package/dist/generated/types/dataConstraint.d.ts.map +0 -1
- package/dist/generated/types/dataConstraint.js +0 -27
- package/dist/generated/types/dataConstraint.js.map +0 -1
- package/dist/generated/types/dataConstraintZC.d.ts +0 -20
- package/dist/generated/types/dataConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/dataConstraintZC.js +0 -30
- package/dist/generated/types/dataConstraintZC.js.map +0 -1
- package/dist/generated/types/discriminatorFormat.d.ts +0 -25
- package/dist/generated/types/discriminatorFormat.d.ts.map +0 -1
- package/dist/generated/types/discriminatorFormat.js +0 -31
- package/dist/generated/types/discriminatorFormat.js.map +0 -1
- package/dist/generated/types/escrowCreated.d.ts +0 -30
- package/dist/generated/types/escrowCreated.d.ts.map +0 -1
- package/dist/generated/types/escrowCreated.js +0 -34
- package/dist/generated/types/escrowCreated.js.map +0 -1
- package/dist/generated/types/escrowRefunded.d.ts +0 -26
- package/dist/generated/types/escrowRefunded.d.ts.map +0 -1
- package/dist/generated/types/escrowRefunded.js +0 -30
- package/dist/generated/types/escrowRefunded.js.map +0 -1
- package/dist/generated/types/escrowSettled.d.ts +0 -26
- package/dist/generated/types/escrowSettled.d.ts.map +0 -1
- package/dist/generated/types/escrowSettled.js +0 -30
- package/dist/generated/types/escrowSettled.js.map +0 -1
- package/dist/generated/types/escrowStatus.d.ts +0 -18
- package/dist/generated/types/escrowStatus.d.ts.map +0 -1
- package/dist/generated/types/escrowStatus.js +0 -24
- package/dist/generated/types/escrowStatus.js.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.d.ts +0 -34
- package/dist/generated/types/instructionConstraintsCreated.d.ts.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.js +0 -36
- package/dist/generated/types/instructionConstraintsCreated.js.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts +0 -22
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.js.map +0 -1
- package/dist/generated/types/pdaAllocated.d.ts +0 -24
- package/dist/generated/types/pdaAllocated.d.ts.map +0 -1
- package/dist/generated/types/pdaAllocated.js +0 -28
- package/dist/generated/types/pdaAllocated.js.map +0 -1
- package/dist/generated/types/pdaExtended.d.ts +0 -24
- package/dist/generated/types/pdaExtended.d.ts.map +0 -1
- package/dist/generated/types/pdaExtended.js +0 -28
- package/dist/generated/types/pdaExtended.js.map +0 -1
- package/dist/post-assertions/cross-field-lte.d.ts +0 -134
- package/dist/post-assertions/cross-field-lte.d.ts.map +0 -1
- package/dist/post-assertions/cross-field-lte.js +0 -129
- package/dist/post-assertions/cross-field-lte.js.map +0 -1
- package/dist/post-assertions/index.d.ts +0 -28
- package/dist/post-assertions/index.d.ts.map +0 -1
- package/dist/post-assertions/index.js +0 -28
- package/dist/post-assertions/index.js.map +0 -1
- package/dist/post-assertions/presets/flash-trade.d.ts +0 -139
- package/dist/post-assertions/presets/flash-trade.d.ts.map +0 -1
- package/dist/post-assertions/presets/flash-trade.js +0 -154
- package/dist/post-assertions/presets/flash-trade.js.map +0 -1
- package/dist/protocol-registry/annotations/drift.json +0 -7
- package/dist/protocol-registry/annotations/flash-trade.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-borrow.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-earn.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-lend.json +0 -7
- package/dist/protocol-registry/annotations/jupiter.json +0 -7
- package/dist/protocol-registry/annotations/kamino.json +0 -7
- package/dist/protocol-registry/index.d.ts +0 -45
- package/dist/protocol-registry/index.d.ts.map +0 -1
- package/dist/protocol-registry/index.js +0 -76
- package/dist/protocol-registry/index.js.map +0 -1
- package/dist/protocol-tier.d.ts +0 -157
- package/dist/protocol-tier.d.ts.map +0 -1
- package/dist/protocol-tier.js +0 -104
- package/dist/protocol-tier.js.map +0 -1
|
@@ -0,0 +1,318 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TA-09 — Canonical cosign digest (SDK side).
|
|
3
|
+
*
|
|
4
|
+
* Mirrors `programs/sigil/src/utils/cosign_digest.rs` exactly. The SDK
|
|
5
|
+
* computes this off-chain, the owner+cosigner sign `queue_policy_update` with
|
|
6
|
+
* the cosign session pubkey as an arg. The on-chain handler:
|
|
7
|
+
* 1. At queue time, recomputes the digest from the resulting pending args +
|
|
8
|
+
* the cosign session pubkey and stores it on `PendingPolicyUpdate`.
|
|
9
|
+
* 2. At apply time, recomputes it AGAIN from the persisted pending args and
|
|
10
|
+
* asserts byte-equality. Any tamper of pending args between queue and
|
|
11
|
+
* apply (e.g. a future discriminator-collision attack on the pending PDA)
|
|
12
|
+
* produces a digest mismatch and a hard reject (`ErrCosignRequired`,
|
|
13
|
+
* 6089).
|
|
14
|
+
*
|
|
15
|
+
* The cosign digest is INTENTIONALLY narrower than TA-19 `policy_preview_digest`:
|
|
16
|
+
* only the FIELDS that participate in "elevated mutation" detection are in
|
|
17
|
+
* scope. Non-elevated fields (developer_fee_rate, max_slippage_bps,
|
|
18
|
+
* session_expiry_seconds, timelock_duration narrowing, protocol_mode,
|
|
19
|
+
* destination_mode, operating_hours, etc.) do NOT require cosign and are NOT
|
|
20
|
+
* bound by THIS digest — they are still bound by TA-19
|
|
21
|
+
* `policy_preview_digest` at queue time.
|
|
22
|
+
*
|
|
23
|
+
* Round 2 B4 F-1 fix (audit 2026-05-19): the cosign-digest binding now
|
|
24
|
+
* extends to all G3 + G6 elevation triggers that were previously NOT bound:
|
|
25
|
+
* - `stable_balance_floor` (G3) — LOWERING weakens custody
|
|
26
|
+
* - `per_recipient_daily_cap_usd` (G3) — RAISING widens spend
|
|
27
|
+
* - `has_protocol_caps` (G3) — disabling protocol caps
|
|
28
|
+
* - `protocol_caps` (G3) — shrinking individual caps
|
|
29
|
+
* - `cosign_required` (G6) — disabling cosign one-way
|
|
30
|
+
* Without this binding, a tampered SDK or discriminator-collision attack
|
|
31
|
+
* could mutate the pending PDA between queue and apply on those triggers
|
|
32
|
+
* without producing a cosign-digest mismatch (TA-19's policy_preview_digest
|
|
33
|
+
* binds them at the *policy* level but the cosign-binding promise is "the
|
|
34
|
+
* session signature covers the SAME pending args the owner signed").
|
|
35
|
+
*
|
|
36
|
+
* CANONICAL ENCODING (FIXED — DO NOT REORDER, APPEND-ONLY):
|
|
37
|
+
* 1. cosign_session: Pubkey (32 bytes raw)
|
|
38
|
+
* 2. daily_spending_cap_usd: Option<u64>
|
|
39
|
+
* - tag: 1 byte (0=None, 1=Some)
|
|
40
|
+
* - payload (if Some): u64 LE (8 bytes)
|
|
41
|
+
* 3. max_transaction_amount_usd: Option<u64>
|
|
42
|
+
* - same shape as #2
|
|
43
|
+
* 4. allowed_destinations: Option<Vec<Pubkey>>
|
|
44
|
+
* - tag: 1 byte (0=None, 1=Some)
|
|
45
|
+
* - payload (if Some): u32 LE length (4 bytes) ++ each Pubkey 32 bytes
|
|
46
|
+
* 5. protocols: Option<Vec<Pubkey>>
|
|
47
|
+
* - same shape as #4
|
|
48
|
+
* 6. stable_balance_floor: Option<u64> (B4 F-1)
|
|
49
|
+
* - same shape as #2
|
|
50
|
+
* 7. per_recipient_daily_cap_usd: Option<u64> (B4 F-1)
|
|
51
|
+
* - same shape as #2
|
|
52
|
+
* 8. has_protocol_caps: Option<bool> (B4 F-1)
|
|
53
|
+
* - tag: 1 byte (0=None, 1=Some)
|
|
54
|
+
* - payload (if Some): 1 byte (0/1)
|
|
55
|
+
* 9. protocol_caps: Option<Vec<u64>> (B4 F-1)
|
|
56
|
+
* - tag: 1 byte (0=None, 1=Some)
|
|
57
|
+
* - payload (if Some): u32 LE length (4 bytes) ++ each u64 8 bytes LE
|
|
58
|
+
* 10. cosign_required: Option<bool> (B4 F-1)
|
|
59
|
+
* - same shape as #8
|
|
60
|
+
*
|
|
61
|
+
* Total bounded by MAX_ALLOWED_PROTOCOLS=10 + MAX_ALLOWED_DESTINATIONS=10 at
|
|
62
|
+
* 32 bytes each + MAX_PROTOCOL_CAPS=10 * 8 + fixed scalars ≈ 805 bytes worst
|
|
63
|
+
* case.
|
|
64
|
+
*
|
|
65
|
+
* Forward-compat note: per the on-chain comment, the canonical encoding here
|
|
66
|
+
* is APPEND-ONLY — new fields land at the END to preserve replayable digests
|
|
67
|
+
* for in-flight pending PDAs across upgrades.
|
|
68
|
+
*/
|
|
69
|
+
import { createHash } from "node:crypto";
|
|
70
|
+
// ── Base58 decode (inlined to avoid circular SDK imports) ────────────────────
|
|
71
|
+
//
|
|
72
|
+
// Solana pubkeys are base58 strings; we need the raw 32 bytes. The SDK has
|
|
73
|
+
// other base58 helpers downstream, but to avoid circular imports we inline a
|
|
74
|
+
// small decoder. Same alphabet/logic as `compute-policy-preview-digest.ts`.
|
|
75
|
+
const BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
|
|
76
|
+
const BASE58_INDEX = (() => {
|
|
77
|
+
const r = Object.create(null);
|
|
78
|
+
for (let i = 0; i < BASE58_ALPHABET.length; i++) {
|
|
79
|
+
r[BASE58_ALPHABET[i]] = i;
|
|
80
|
+
}
|
|
81
|
+
return r;
|
|
82
|
+
})();
|
|
83
|
+
function base58Decode(s) {
|
|
84
|
+
if (s.length === 0) {
|
|
85
|
+
throw new Error("base58Decode: empty input");
|
|
86
|
+
}
|
|
87
|
+
let leadingZeros = 0;
|
|
88
|
+
while (leadingZeros < s.length && s[leadingZeros] === "1") {
|
|
89
|
+
leadingZeros++;
|
|
90
|
+
}
|
|
91
|
+
const bytes = [];
|
|
92
|
+
for (let i = 0; i < s.length; i++) {
|
|
93
|
+
const c = s[i];
|
|
94
|
+
const v = BASE58_INDEX[c];
|
|
95
|
+
if (v === undefined) {
|
|
96
|
+
throw new Error(`base58Decode: invalid char '${c}'`);
|
|
97
|
+
}
|
|
98
|
+
let carry = v;
|
|
99
|
+
for (let j = 0; j < bytes.length; j++) {
|
|
100
|
+
carry += bytes[j] * 58;
|
|
101
|
+
bytes[j] = carry & 0xff;
|
|
102
|
+
carry >>>= 8;
|
|
103
|
+
}
|
|
104
|
+
while (carry > 0) {
|
|
105
|
+
bytes.push(carry & 0xff);
|
|
106
|
+
carry >>>= 8;
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
const out = new Uint8Array(leadingZeros + bytes.length);
|
|
110
|
+
for (let i = 0; i < bytes.length; i++) {
|
|
111
|
+
out[leadingZeros + (bytes.length - 1 - i)] = bytes[i];
|
|
112
|
+
}
|
|
113
|
+
if (out.length !== 32) {
|
|
114
|
+
throw new Error(`base58Decode: expected 32-byte pubkey, got ${out.length} bytes`);
|
|
115
|
+
}
|
|
116
|
+
return out;
|
|
117
|
+
}
|
|
118
|
+
// ── Encoders ─────────────────────────────────────────────────────────────────
|
|
119
|
+
function writeU64Le(view, offset, v) {
|
|
120
|
+
view.setBigUint64(offset, v, true);
|
|
121
|
+
return offset + 8;
|
|
122
|
+
}
|
|
123
|
+
function writeU32Le(view, offset, v) {
|
|
124
|
+
view.setUint32(offset, v, true);
|
|
125
|
+
return offset + 4;
|
|
126
|
+
}
|
|
127
|
+
/**
|
|
128
|
+
* Compute the canonical SHA-256 of the cosign digest fields.
|
|
129
|
+
*
|
|
130
|
+
* Returns a 32-byte `Uint8Array`. Identical to the on-chain helper
|
|
131
|
+
* `compute_cosign_digest` for the same input.
|
|
132
|
+
*
|
|
133
|
+
* Used by `cosign-helper.buildCosignBundle()` to produce the digest the
|
|
134
|
+
* on-chain handler will re-validate at queue + apply time.
|
|
135
|
+
*
|
|
136
|
+
* @throws if any pubkey doesn't base58-decode to exactly 32 bytes
|
|
137
|
+
* @throws if a u64 is negative or out of range
|
|
138
|
+
*/
|
|
139
|
+
export function computeCosignDigest(fields) {
|
|
140
|
+
const sessionBytes = base58Decode(fields.cosignSession);
|
|
141
|
+
// Normalise Option semantics: undefined → null (Option::None).
|
|
142
|
+
const dailyCap = fields.dailySpendingCapUsd === undefined
|
|
143
|
+
? null
|
|
144
|
+
: fields.dailySpendingCapUsd;
|
|
145
|
+
const maxTx = fields.maxTransactionAmountUsd === undefined
|
|
146
|
+
? null
|
|
147
|
+
: fields.maxTransactionAmountUsd;
|
|
148
|
+
const dests = fields.allowedDestinations === undefined
|
|
149
|
+
? null
|
|
150
|
+
: fields.allowedDestinations;
|
|
151
|
+
const protos = fields.protocols === undefined ? null : fields.protocols;
|
|
152
|
+
// Round 2 B4 F-1: same undefined-vs-null normalisation for the 5 new
|
|
153
|
+
// fields. The discriminator byte is load-bearing — `undefined` /
|
|
154
|
+
// `null` BOTH map to Option::None (tag 0). `false`, `true`, or `0n`
|
|
155
|
+
// map to Option::Some.
|
|
156
|
+
const stableFloor = fields.stableBalanceFloor === undefined ? null : fields.stableBalanceFloor;
|
|
157
|
+
const perRecipCap = fields.perRecipientDailyCapUsd === undefined
|
|
158
|
+
? null
|
|
159
|
+
: fields.perRecipientDailyCapUsd;
|
|
160
|
+
const hasProtoCaps = fields.hasProtocolCaps === undefined ? null : fields.hasProtocolCaps;
|
|
161
|
+
const protoCaps = fields.protocolCaps === undefined ? null : fields.protocolCaps;
|
|
162
|
+
const cosignReq = fields.cosignRequired === undefined ? null : fields.cosignRequired;
|
|
163
|
+
// Pre-decode pubkeys so any error surfaces with a useful message BEFORE we
|
|
164
|
+
// start the hash walk.
|
|
165
|
+
const destBytes = dests === null ? null : dests.map((p) => base58Decode(p));
|
|
166
|
+
const protoBytes = protos === null ? null : protos.map((p) => base58Decode(p));
|
|
167
|
+
// Pre-size: 32 (session) + (1+8) for each Option<u64> (positions 2, 3, 6, 7)
|
|
168
|
+
// + (1 + 4 + 32*N) for each Option<Vec<Pubkey>> (positions 4, 5)
|
|
169
|
+
// + (1 + 1) for each Option<bool> (positions 8, 10)
|
|
170
|
+
// + (1 + 4 + 8*N) for Option<Vec<u64>> (position 9)
|
|
171
|
+
// Worst case ~805 bytes.
|
|
172
|
+
const fixedSize = 32 + // cosign_session
|
|
173
|
+
1 + // daily tag
|
|
174
|
+
(dailyCap !== null ? 8 : 0) +
|
|
175
|
+
1 + // max_tx tag
|
|
176
|
+
(maxTx !== null ? 8 : 0) +
|
|
177
|
+
1 + // destinations tag
|
|
178
|
+
(destBytes !== null ? 4 + destBytes.length * 32 : 0) +
|
|
179
|
+
1 + // protocols tag
|
|
180
|
+
(protoBytes !== null ? 4 + protoBytes.length * 32 : 0) +
|
|
181
|
+
1 + // stable_balance_floor tag (B4 F-1)
|
|
182
|
+
(stableFloor !== null ? 8 : 0) +
|
|
183
|
+
1 + // per_recipient_daily_cap_usd tag (B4 F-1)
|
|
184
|
+
(perRecipCap !== null ? 8 : 0) +
|
|
185
|
+
1 + // has_protocol_caps tag (B4 F-1)
|
|
186
|
+
(hasProtoCaps !== null ? 1 : 0) +
|
|
187
|
+
1 + // protocol_caps tag (B4 F-1)
|
|
188
|
+
(protoCaps !== null ? 4 + protoCaps.length * 8 : 0) +
|
|
189
|
+
1 + // cosign_required tag (B4 F-1)
|
|
190
|
+
(cosignReq !== null ? 1 : 0);
|
|
191
|
+
const buf = new Uint8Array(fixedSize);
|
|
192
|
+
const view = new DataView(buf.buffer, buf.byteOffset, buf.byteLength);
|
|
193
|
+
let off = 0;
|
|
194
|
+
// 1. cosign_session pubkey (32 bytes raw)
|
|
195
|
+
buf.set(sessionBytes, off);
|
|
196
|
+
off += 32;
|
|
197
|
+
// 2. daily_spending_cap_usd Option<u64>
|
|
198
|
+
if (dailyCap === null) {
|
|
199
|
+
buf[off++] = 0;
|
|
200
|
+
}
|
|
201
|
+
else {
|
|
202
|
+
buf[off++] = 1;
|
|
203
|
+
off = writeU64Le(view, off, dailyCap);
|
|
204
|
+
}
|
|
205
|
+
// 3. max_transaction_amount_usd Option<u64>
|
|
206
|
+
if (maxTx === null) {
|
|
207
|
+
buf[off++] = 0;
|
|
208
|
+
}
|
|
209
|
+
else {
|
|
210
|
+
buf[off++] = 1;
|
|
211
|
+
off = writeU64Le(view, off, maxTx);
|
|
212
|
+
}
|
|
213
|
+
// 4. allowed_destinations Option<Vec<Pubkey>>
|
|
214
|
+
if (destBytes === null) {
|
|
215
|
+
buf[off++] = 0;
|
|
216
|
+
}
|
|
217
|
+
else {
|
|
218
|
+
buf[off++] = 1;
|
|
219
|
+
off = writeU32Le(view, off, destBytes.length);
|
|
220
|
+
for (const pk of destBytes) {
|
|
221
|
+
buf.set(pk, off);
|
|
222
|
+
off += 32;
|
|
223
|
+
}
|
|
224
|
+
}
|
|
225
|
+
// 5. protocols Option<Vec<Pubkey>>
|
|
226
|
+
if (protoBytes === null) {
|
|
227
|
+
buf[off++] = 0;
|
|
228
|
+
}
|
|
229
|
+
else {
|
|
230
|
+
buf[off++] = 1;
|
|
231
|
+
off = writeU32Le(view, off, protoBytes.length);
|
|
232
|
+
for (const pk of protoBytes) {
|
|
233
|
+
buf.set(pk, off);
|
|
234
|
+
off += 32;
|
|
235
|
+
}
|
|
236
|
+
}
|
|
237
|
+
// Round 2 B4 F-1 (2026-05-19): APPEND-ONLY extension binding 5 new
|
|
238
|
+
// elevation triggers. Mirrors `compute_cosign_digest` in
|
|
239
|
+
// `programs/sigil/src/utils/cosign_digest.rs` lines 195-241. All
|
|
240
|
+
// encoded as Option<…> with the load-bearing tag byte (None vs
|
|
241
|
+
// Some(0) MUST produce distinct digests).
|
|
242
|
+
// 6. stable_balance_floor Option<u64>
|
|
243
|
+
if (stableFloor === null) {
|
|
244
|
+
buf[off++] = 0;
|
|
245
|
+
}
|
|
246
|
+
else {
|
|
247
|
+
buf[off++] = 1;
|
|
248
|
+
off = writeU64Le(view, off, stableFloor);
|
|
249
|
+
}
|
|
250
|
+
// 7. per_recipient_daily_cap_usd Option<u64>
|
|
251
|
+
if (perRecipCap === null) {
|
|
252
|
+
buf[off++] = 0;
|
|
253
|
+
}
|
|
254
|
+
else {
|
|
255
|
+
buf[off++] = 1;
|
|
256
|
+
off = writeU64Le(view, off, perRecipCap);
|
|
257
|
+
}
|
|
258
|
+
// 8. has_protocol_caps Option<bool>. Bool encoded as 1 byte (0/1).
|
|
259
|
+
if (hasProtoCaps === null) {
|
|
260
|
+
buf[off++] = 0;
|
|
261
|
+
}
|
|
262
|
+
else {
|
|
263
|
+
buf[off++] = 1;
|
|
264
|
+
buf[off++] = hasProtoCaps ? 1 : 0;
|
|
265
|
+
}
|
|
266
|
+
// 9. protocol_caps Option<Vec<u64>>. Each cap is 8 bytes LE.
|
|
267
|
+
if (protoCaps === null) {
|
|
268
|
+
buf[off++] = 0;
|
|
269
|
+
}
|
|
270
|
+
else {
|
|
271
|
+
buf[off++] = 1;
|
|
272
|
+
off = writeU32Le(view, off, protoCaps.length);
|
|
273
|
+
for (const c of protoCaps) {
|
|
274
|
+
off = writeU64Le(view, off, c);
|
|
275
|
+
}
|
|
276
|
+
}
|
|
277
|
+
// 10. cosign_required Option<bool>. Bool encoded as 1 byte (0/1).
|
|
278
|
+
if (cosignReq === null) {
|
|
279
|
+
buf[off++] = 0;
|
|
280
|
+
}
|
|
281
|
+
else {
|
|
282
|
+
buf[off++] = 1;
|
|
283
|
+
buf[off++] = cosignReq ? 1 : 0;
|
|
284
|
+
}
|
|
285
|
+
// Defensive: assert we wrote exactly what we sized.
|
|
286
|
+
if (off !== buf.length) {
|
|
287
|
+
throw new Error(`computeCosignDigest: encoded ${off} bytes, expected ${buf.length}`);
|
|
288
|
+
}
|
|
289
|
+
return new Uint8Array(createHash("sha256").update(buf).digest());
|
|
290
|
+
}
|
|
291
|
+
/** Equivalent of `Buffer.equals` for two `Uint8Array` digests.
|
|
292
|
+
*
|
|
293
|
+
* M-8 audit fix (2026-05-19): constant-time comparison. Previously this
|
|
294
|
+
* helper early-returned on the first mismatched byte, which leaks
|
|
295
|
+
* length-prefix information about the matching prefix via timing
|
|
296
|
+
* channels. Cosign digests are not classically time-attack-sensitive
|
|
297
|
+
* (they're produced and consumed locally), but constant-time is the
|
|
298
|
+
* defensive default. Both equal-length and unequal-length paths now run
|
|
299
|
+
* to completion before returning.
|
|
300
|
+
*/
|
|
301
|
+
export function cosignDigestsEqual(a, b) {
|
|
302
|
+
// Length comparison is deliberately the FIRST check and the only
|
|
303
|
+
// early-return: comparing a length mismatch in constant time is
|
|
304
|
+
// mathematically impossible (the longer array's tail bytes never
|
|
305
|
+
// exist), and leaking the length prefix is harmless — the caller
|
|
306
|
+
// controls both digest sources.
|
|
307
|
+
if (a.length !== b.length)
|
|
308
|
+
return false;
|
|
309
|
+
let diff = 0;
|
|
310
|
+
for (let i = 0; i < a.length; i++) {
|
|
311
|
+
// XOR-accumulate. `diff` ends at 0 iff every byte pair matched;
|
|
312
|
+
// any single mismatch sets some bit in `diff` permanently. No
|
|
313
|
+
// early exit on mismatch → constant time per length.
|
|
314
|
+
diff |= a[i] ^ b[i];
|
|
315
|
+
}
|
|
316
|
+
return diff === 0;
|
|
317
|
+
}
|
|
318
|
+
//# sourceMappingURL=compute-cosign-digest.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"compute-cosign-digest.js","sourceRoot":"","sources":["../../src/policy/compute-cosign-digest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAuGzC,gFAAgF;AAChF,EAAE;AACF,2EAA2E;AAC3E,6EAA6E;AAC7E,4EAA4E;AAE5E,MAAM,eAAe,GACnB,4DAA4D,CAAC;AAC/D,MAAM,YAAY,GAA2B,CAAC,GAAG,EAAE;IACjD,MAAM,CAAC,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChD,CAAC,CAAC,eAAe,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC,CAAC,EAAE,CAAC;AAEL,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,OAAO,YAAY,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,YAAY,CAAC,KAAK,GAAG,EAAE,CAAC;QAC1D,YAAY,EAAE,CAAC;IACjB,CAAC;IACD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;QAChB,MAAM,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAC1B,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,GAAG,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,KAAK,IAAI,KAAK,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC;YACxB,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC;YACxB,KAAK,MAAM,CAAC,CAAC;QACf,CAAC;QACD,OAAO,KAAK,GAAG,CAAC,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;YACzB,KAAK,MAAM,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IACxD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,GAAG,CAAC,YAAY,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IACzD,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,8CAA8C,GAAG,CAAC,MAAM,QAAQ,CACjE,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,gFAAgF;AAEhF,SAAS,UAAU,CAAC,IAAc,EAAE,MAAc,EAAE,CAAS;IAC3D,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IACnC,OAAO,MAAM,GAAG,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,UAAU,CAAC,IAAc,EAAE,MAAc,EAAE,CAAS;IAC3D,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAChC,OAAO,MAAM,GAAG,CAAC,CAAC;AACpB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAA0B;IAC5D,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,aAAuB,CAAC,CAAC;IAElE,+DAA+D;IAC/D,MAAM,QAAQ,GACZ,MAAM,CAAC,mBAAmB,KAAK,SAAS;QACtC,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC;IACjC,MAAM,KAAK,GACT,MAAM,CAAC,uBAAuB,KAAK,SAAS;QAC1C,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,uBAAuB,CAAC;IACrC,MAAM,KAAK,GACT,MAAM,CAAC,mBAAmB,KAAK,SAAS;QACtC,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC;IACjC,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC;IACxE,qEAAqE;IACrE,iEAAiE;IACjE,oEAAoE;IACpE,uBAAuB;IACvB,MAAM,WAAW,GACf,MAAM,CAAC,kBAAkB,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAAC;IAC7E,MAAM,WAAW,GACf,MAAM,CAAC,uBAAuB,KAAK,SAAS;QAC1C,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,uBAAuB,CAAC;IACrC,MAAM,YAAY,GAChB,MAAM,CAAC,eAAe,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC;IACvE,MAAM,SAAS,GACb,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC;IACjE,MAAM,SAAS,GACb,MAAM,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC;IAErE,2EAA2E;IAC3E,uBAAuB;IACvB,MAAM,SAAS,GACb,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAW,CAAC,CAAC,CAAC;IACtE,MAAM,UAAU,GACd,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAW,CAAC,CAAC,CAAC;IAExE,6EAA6E;IAC7E,iEAAiE;IACjE,oDAAoD;IACpD,oDAAoD;IACpD,yBAAyB;IACzB,MAAM,SAAS,GACb,EAAE,GAAG,iBAAiB;QACtB,CAAC,GAAG,YAAY;QAChB,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC,GAAG,aAAa;QACjB,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACxB,CAAC,GAAG,mBAAmB;QACvB,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC,GAAG,gBAAgB;QACpB,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACtD,CAAC,GAAG,oCAAoC;QACxC,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC,GAAG,2CAA2C;QAC/C,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC,GAAG,iCAAiC;QACrC,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC,GAAG,6BAA6B;QACjC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,GAAG,+BAA+B;QACnC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;IAEtE,IAAI,GAAG,GAAG,CAAC,CAAC;IAEZ,0CAA0C;IAC1C,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IAC3B,GAAG,IAAI,EAAE,CAAC;IAEV,wCAAwC;IACxC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,4CAA4C;IAC5C,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,8CAA8C;IAC9C,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9C,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;YAC3B,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;YACjB,GAAG,IAAI,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;QAC/C,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;YACjB,GAAG,IAAI,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,yDAAyD;IACzD,iEAAiE;IACjE,+DAA+D;IAC/D,0CAA0C;IAE1C,sCAAsC;IACtC,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;IAC3C,CAAC;IAED,6CAA6C;IAC7C,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;IAC3C,CAAC;IAED,mEAAmE;IACnE,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QAC1B,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;IAED,6DAA6D;IAC7D,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9C,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YAC1B,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACf,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,oDAAoD;IACpD,IAAI,GAAG,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,gCAAgC,GAAG,oBAAoB,GAAG,CAAC,MAAM,EAAE,CACpE,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACnE,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,kBAAkB,CAAC,CAAa,EAAE,CAAa;IAC7D,iEAAiE;IACjE,gEAAgE;IAChE,iEAAiE;IACjE,iEAAiE;IACjE,gCAAgC;IAChC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,gEAAgE;QAChE,8DAA8D;QAC9D,qDAAqD;QACrD,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC"}
|
|
@@ -0,0 +1,279 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TA-19 — Canonical policy preview digest (SDK side).
|
|
3
|
+
*
|
|
4
|
+
* Mirrors `programs/sigil/src/utils/policy_digest.rs` exactly. The SDK computes
|
|
5
|
+
* this off-chain, the owner signs `queue_policy_update` / `initialize_vault`
|
|
6
|
+
* with the digest as an arg, and the on-chain handler recomputes it from the
|
|
7
|
+
* resulting policy state. If the two digests do not match the handler rejects
|
|
8
|
+
* with `PolicyPreviewMismatch` (6080).
|
|
9
|
+
*
|
|
10
|
+
* Defense rationale:
|
|
11
|
+
* - Sequence: SDK builds policy fields → SDK computes digest → owner signs
|
|
12
|
+
* the transaction (digest is in the instruction data, signed alongside).
|
|
13
|
+
* - On-chain handler reads the policy fields from the args, re-computes the
|
|
14
|
+
* same digest, and asserts equality.
|
|
15
|
+
* - The only ways the two digests can diverge are: (a) an owner blind-signed
|
|
16
|
+
* mutated fields that the SDK never told them about; (b) a rogue program
|
|
17
|
+
* tampered with the pending PDA between queue and apply (a future
|
|
18
|
+
* discriminator-collision attack). Both cases reject — the owner sees a
|
|
19
|
+
* mismatch error rather than silently committing.
|
|
20
|
+
*
|
|
21
|
+
* CANONICAL ENCODING (FIXED — DO NOT REORDER). Positions are the live byte
|
|
22
|
+
* order — see PER_FIELD_FIXED_SIZES below, the single source of truth that a
|
|
23
|
+
* module-load assertion pins against POLICY_PREVIEW_FIELD_COUNT:
|
|
24
|
+
* 1. daily_spending_cap_usd: u64 LE (8 bytes)
|
|
25
|
+
* 2. max_transaction_size_usd: u64 LE (8 bytes)
|
|
26
|
+
* 3. max_slippage_bps: u16 LE (2 bytes)
|
|
27
|
+
* 4. developer_fee_rate: u16 LE (2 bytes) — PEN-CROSS-6 (Phase 2 close-up)
|
|
28
|
+
* 5. protocol_mode: u8 (1 byte)
|
|
29
|
+
* 6. protocols: Vec<Pubkey> = u32 LE length (4 bytes) ++ each Pubkey 32 bytes
|
|
30
|
+
* 7. destination_mode: u8 (1 byte)
|
|
31
|
+
* 8. allowed_destinations: Vec<Pubkey> = u32 LE length (4 bytes) ++ each Pubkey 32 bytes
|
|
32
|
+
* 9. timelock_duration: u64 LE (8 bytes)
|
|
33
|
+
* 10. session_expiry_seconds: u64 LE (8 bytes)
|
|
34
|
+
* 11. observe_only: bool as 1 byte (0 or 1)
|
|
35
|
+
* 12. has_post_assertions: u8 (1 byte) — M1-04 removed the former
|
|
36
|
+
* has_constraints byte (digest-version bump); positions renumbered down.
|
|
37
|
+
* 13. created_at_slot: u64 LE (8 bytes) — PEN-CROSS-2 (Phase 2 close-up)
|
|
38
|
+
* 14. operating_hours: u32 LE (4 bytes) — TA-05 (Phase 3 pre-exec)
|
|
39
|
+
* 15. auto_promote_grays: bool as 1 byte (0/1) — TA-07 (Phase 3 pre-exec)
|
|
40
|
+
* 16. auto_revoke_threshold: u8 (1 byte) — TA-17 (Phase 3 pre-exec)
|
|
41
|
+
* 17. stable_balance_floor: u64 LE (8 bytes) — TA-12 (Phase 5 post-exec)
|
|
42
|
+
* 18. per_recipient_daily_cap_usd: u64 LE (8 bytes) — TA-14 (Phase 5 post-exec)
|
|
43
|
+
* 19. cosign_required: bool (1 byte 0/1) — G6 (audit 2026-05-18 cosign opt-in)
|
|
44
|
+
* 20. agent_set_hash: [u8; 32] — Phase 8 PEN-CROSS-1 (audit 2026-05-19)
|
|
45
|
+
* 21. cosign_session_pubkey: Pubkey (32 bytes) — D-5 (audit 2026-05-19, F-RP3-1)
|
|
46
|
+
* 22. operator_grant_delay_seconds: u64 LE (8 bytes) — F-Q6 (2026-06-02)
|
|
47
|
+
* 23. has_protocol_caps: bool as 1 byte (0/1) — M-1 (audit 2026-06-11)
|
|
48
|
+
* 24. protocol_caps: u32 LE length (4 bytes) ++ each cap u64 LE (8 bytes) — M-1
|
|
49
|
+
*
|
|
50
|
+
* Phase 3 append-only additions (TA-05/07/17): operating_hours,
|
|
51
|
+
* auto_promote_grays, auto_revoke_threshold are appended at positions 15-17
|
|
52
|
+
* to preserve the 14-field prefix (F-14 APPEND-ONLY rule).
|
|
53
|
+
*
|
|
54
|
+
* Phase 5 append-only additions (TA-12/TA-14): stable_balance_floor at
|
|
55
|
+
* position 17, per_recipient_daily_cap_usd at position 18. Both bound by
|
|
56
|
+
* TA-19 so silent SDK / pending-PDA mutations can't bypass the owner's
|
|
57
|
+
* signed digest.
|
|
58
|
+
*
|
|
59
|
+
* G6 append-only addition (audit 2026-05-18 cosign opt-in): cosign_required
|
|
60
|
+
* at position 19 (1 byte, 0/1). Owner's choice to opt into TA-09 cosign
|
|
61
|
+
* enforcement is part of the signed policy — a compromised SDK cannot
|
|
62
|
+
* silently disable cosign between owner approval and on-chain landing.
|
|
63
|
+
* Disabling cosign on a live policy where this is true is itself an
|
|
64
|
+
* elevated mutation per `queue_policy_update` (one-way ratchet).
|
|
65
|
+
*
|
|
66
|
+
* Phase 8 PEN-CROSS-1 append-only addition (Council ISC-66/A8/A9): the
|
|
67
|
+
* `agent_set_hash` at position 20 binds the EXISTING agent set into the
|
|
68
|
+
* signed digest. SHA-256 over Borsh of `Vec<(Pubkey, u8 capability)>`
|
|
69
|
+
* sorted by pubkey ascending. Closes the silent-insertion vector where
|
|
70
|
+
* a phished-owner `register_agent(capability=OPERATOR)` would otherwise
|
|
71
|
+
* grant operator-class without diverging the digest from the last value
|
|
72
|
+
* the owner signed. Empty Vec produces a deterministic 32-byte hash
|
|
73
|
+
* (`EMPTY_AGENT_SET_HASH` — SHA-256 of [0x00,0x00,0x00,0x00]).
|
|
74
|
+
*
|
|
75
|
+
* D-5 append-only addition (audit 2026-05-19, F-RP3-1): the
|
|
76
|
+
* `cosign_session_pubkey` at position 21 binds the owner's chosen
|
|
77
|
+
* reactivate-time cosigner pubkey into the signed digest. The
|
|
78
|
+
* `reactivate_vault` handler reads this pubkey at runtime and requires
|
|
79
|
+
* a matching `is_signer == true` entry in `remaining_accounts` whenever
|
|
80
|
+
* the operation grafts a new agent at `FULL_CAPABILITY`. A tampered SDK
|
|
81
|
+
* cannot silently flip the gate between owner approval and on-chain
|
|
82
|
+
* landing — the digest mismatch closes that gap. Default
|
|
83
|
+
* `Pubkey::default()` (32 zero bytes) means the gate is OFF; owners
|
|
84
|
+
* opt in via `queue_policy_update`.
|
|
85
|
+
*
|
|
86
|
+
* The `destination_graylist: Vec<(Pubkey, i64)>` is intentionally NOT in
|
|
87
|
+
* the digest. Graylist entries are derived/ephemeral — they auto-populate
|
|
88
|
+
* when the owner adds a destination via queue_policy_update, and they
|
|
89
|
+
* only delay an already-signed allowlist entry. Promoting via
|
|
90
|
+
* promote_graylist_destination only accelerates the existing unlock — it
|
|
91
|
+
* cannot widen the allowlist. The owner-signed digest already binds the
|
|
92
|
+
* destination allowlist (position 8).
|
|
93
|
+
*
|
|
94
|
+
* Total bounded by MAX_ALLOWED_PROTOCOLS=10 + MAX_ALLOWED_DESTINATIONS=10 at
|
|
95
|
+
* 32 bytes each + fixed scalars ≈ 700 bytes worst case.
|
|
96
|
+
*/
|
|
97
|
+
import type { Address } from "../kit-adapter.js";
|
|
98
|
+
import { digestsEqual as canonicalDigestsEqual } from "../canonical-encode.js";
|
|
99
|
+
/**
|
|
100
|
+
* Canonical preview-fields shape. Matches the on-chain `PolicyPreviewFields`
|
|
101
|
+
* struct in `programs/sigil/src/utils/policy_digest.rs` exactly.
|
|
102
|
+
*/
|
|
103
|
+
export interface PolicyPreviewFields {
|
|
104
|
+
/** $ × 1e6 (USDC/USDT decimals). e.g. $500 = 500_000_000n. */
|
|
105
|
+
dailySpendingCapUsd: bigint;
|
|
106
|
+
/** $ × 1e6. */
|
|
107
|
+
maxTransactionSizeUsd: bigint;
|
|
108
|
+
/** Basis points (0-5000). */
|
|
109
|
+
maxSlippageBps: number;
|
|
110
|
+
/**
|
|
111
|
+
* Developer fee rate (rate / 1,000,000). Bound by the owner-signed digest
|
|
112
|
+
* since PEN-CROSS-6 (Phase 2 close-up). 0..=MAX_DEVELOPER_FEE_RATE (500).
|
|
113
|
+
*/
|
|
114
|
+
developerFeeRate: number;
|
|
115
|
+
/** 1 = ALLOWLIST (Phase 2 Option A). Other values rejected on-chain. */
|
|
116
|
+
protocolMode: number;
|
|
117
|
+
/** Up to MAX_ALLOWED_PROTOCOLS (10) base58-encoded program IDs. */
|
|
118
|
+
protocols: readonly (Address | string)[];
|
|
119
|
+
/** 0 = RESTRICTED (Phase 2 Option A). Other values rejected on-chain. */
|
|
120
|
+
destinationMode: number;
|
|
121
|
+
/** Up to MAX_ALLOWED_DESTINATIONS (10) base58-encoded wallet pubkeys. */
|
|
122
|
+
allowedDestinations: readonly (Address | string)[];
|
|
123
|
+
/** Timelock duration in seconds (>= MIN_TIMELOCK_DURATION=1800). */
|
|
124
|
+
timelockDuration: bigint;
|
|
125
|
+
/** Owner-configurable session expiry (0 = use default 30s). */
|
|
126
|
+
sessionExpirySeconds: bigint;
|
|
127
|
+
/** TA-19: observe-only kill switch (rejects all validate_and_authorize). */
|
|
128
|
+
observeOnly: boolean;
|
|
129
|
+
/** Whether post-execution assertions are configured (0 = no, non-zero = yes). */
|
|
130
|
+
hasPostAssertions: number;
|
|
131
|
+
/**
|
|
132
|
+
* PEN-CROSS-2 (Phase 2 close-up): the slot at which `initialize_vault`
|
|
133
|
+
* minted the live policy. Bound by TA-19 at position 13. Closes the
|
|
134
|
+
* close+reinit replay window.
|
|
135
|
+
*/
|
|
136
|
+
createdAtSlot: bigint;
|
|
137
|
+
/**
|
|
138
|
+
* TA-05 (Phase 3): 24-bit UTC operating-hours bitmask. Bit `n` (0..=23)
|
|
139
|
+
* set → the vault permits spending at UTC hour `n`. Default 0 when
|
|
140
|
+
* omitted by legacy callers (preserves existing test fixtures). Production
|
|
141
|
+
* SDK consumers should pass 0xFFFFFF (all 24h enabled) explicitly.
|
|
142
|
+
* Upper 8 bits MUST be zero — on-chain handler rejects with
|
|
143
|
+
* `ErrOutsideOperatingHours` (6084) if violated. Bound at position 14
|
|
144
|
+
* of the canonical encoding.
|
|
145
|
+
*/
|
|
146
|
+
operatingHours?: number;
|
|
147
|
+
/**
|
|
148
|
+
* TA-07 (Phase 3): owner-side toggle to bypass the 24h graylist friction
|
|
149
|
+
* for newly-added destinations. Default false (friction enforced).
|
|
150
|
+
* Bound by TA-19 at canonical position 15 so silent flips can't change
|
|
151
|
+
* the friction model.
|
|
152
|
+
*/
|
|
153
|
+
autoPromoteGrays?: boolean;
|
|
154
|
+
/**
|
|
155
|
+
* TA-17 (Phase 3): consecutive-failure threshold for agent auto-revoke.
|
|
156
|
+
* Range 3..=20. Default 0 (legacy callers — but on-chain handler now
|
|
157
|
+
* requires this to be in [3, 20] at policy-write time). Bound at
|
|
158
|
+
* canonical position 16.
|
|
159
|
+
*/
|
|
160
|
+
autoRevokeThreshold?: number;
|
|
161
|
+
/**
|
|
162
|
+
* TA-12 (Phase 5 post-exec): owner-chosen hard reserve on combined
|
|
163
|
+
* USDC+USDT vault balance, asserted at every `finalize_session`
|
|
164
|
+
* spending path completion. 6-decimal USDC face value (e.g.
|
|
165
|
+
* `$100 = 100_000_000n`). Default 0 (no reserve — preserves existing
|
|
166
|
+
* vault behavior). Bound at canonical position 17.
|
|
167
|
+
*/
|
|
168
|
+
stableBalanceFloor?: bigint;
|
|
169
|
+
/**
|
|
170
|
+
* TA-14 (Phase 5 post-exec): owner-chosen rolling 24h per-recipient
|
|
171
|
+
* outflow cap. 6-decimal USDC face value. Default 0 (no per-recipient
|
|
172
|
+
* cap — preserves existing vault behavior). Bound at canonical
|
|
173
|
+
* position 18.
|
|
174
|
+
*/
|
|
175
|
+
perRecipientDailyCapUsd?: bigint;
|
|
176
|
+
/**
|
|
177
|
+
* G6 (audit 2026-05-18 cosign opt-in): owner-chosen opt-in to TA-09
|
|
178
|
+
* cosign enforcement on elevated mutations. Default false (low-friction
|
|
179
|
+
* — preserves existing vault behavior; owner-signature-only flow on
|
|
180
|
+
* elevated mutations). When true, the `queue_policy_update` handler's
|
|
181
|
+
* 7-trigger elevation gate (raises caps, expands allowlists, weakens
|
|
182
|
+
* floor / per-recipient / protocol caps) requires a cosign session.
|
|
183
|
+
* Disabling cosign on a live policy where this is true is itself an
|
|
184
|
+
* elevated mutation (one-way ratchet). Bound at canonical position 19.
|
|
185
|
+
*/
|
|
186
|
+
cosignRequired?: boolean;
|
|
187
|
+
/**
|
|
188
|
+
* Phase 8 PEN-CROSS-1 (Council ISC-66/A8/A9): SHA-256 over Borsh of
|
|
189
|
+
* `Vec<(pubkey, u8 capability)>` sorted by pubkey ascending. Pass the
|
|
190
|
+
* result of `computeAgentSetHash(...)` over the live vault's agent set
|
|
191
|
+
* (use empty array for a freshly-initialized vault). Empty vault produces
|
|
192
|
+
* the deterministic `EMPTY_AGENT_SET_HASH` value. Bound at canonical
|
|
193
|
+
* position 20. Optional with default `EMPTY_AGENT_SET_HASH` so legacy
|
|
194
|
+
* fixtures (no agents) continue to compute the canonical digest.
|
|
195
|
+
*/
|
|
196
|
+
agentSetHash?: Uint8Array;
|
|
197
|
+
/**
|
|
198
|
+
* D-5 (audit 2026-05-19, F-RP3-1): the owner-chosen reactivate-time
|
|
199
|
+
* cosigner pubkey. Default `Pubkey::default()` (zero pubkey, encoded
|
|
200
|
+
* as 32 zero bytes) when omitted, matching the on-chain init state
|
|
201
|
+
* where the gate is disabled. Owners opt in by passing a non-default
|
|
202
|
+
* pubkey via `queue_policy_update` (the SDK helper here mirrors that
|
|
203
|
+
* value into the digest). Bound at canonical position 21.
|
|
204
|
+
*
|
|
205
|
+
* Type: base58 string (e.g. an Address) OR a 32-byte raw Uint8Array.
|
|
206
|
+
* The encoder accepts both shapes for parity with the protocols /
|
|
207
|
+
* allowedDestinations fields.
|
|
208
|
+
*/
|
|
209
|
+
cosignSessionPubkey?: Address | string | Uint8Array;
|
|
210
|
+
/**
|
|
211
|
+
* F-Q6 (2026-06-02): owner-configured delay (in seconds) before an OPERATOR
|
|
212
|
+
* capability grant takes effect. Default 0n when omitted (matching the
|
|
213
|
+
* on-chain init default). An owner-set security control gating OPERATOR
|
|
214
|
+
* seating — bound by TA-19 at canonical position 22 so a tampered SDK or
|
|
215
|
+
* pending-PDA mutation cannot silently lower it between owner approval and
|
|
216
|
+
* on-chain landing. Owners change it only via the timelocked
|
|
217
|
+
* `queue_policy_update` path.
|
|
218
|
+
*/
|
|
219
|
+
operatorGrantDelaySeconds?: bigint;
|
|
220
|
+
/**
|
|
221
|
+
* M-1 (audit 2026-06-11): owner's per-protocol-caps master switch. Bound at
|
|
222
|
+
* canonical position 23 (default false when omitted, matching the on-chain
|
|
223
|
+
* init/legacy state). Mirrors the cosign digest's order (hasProtocolCaps
|
|
224
|
+
* before protocolCaps). Closes the gap where a tampered SDK could flip the
|
|
225
|
+
* caps switch without the owner's signed preview detecting it.
|
|
226
|
+
*/
|
|
227
|
+
hasProtocolCaps?: boolean;
|
|
228
|
+
/**
|
|
229
|
+
* M-1 (audit 2026-06-11): owner's per-protocol rolling-24h spend caps,
|
|
230
|
+
* aligned 1:1 with `protocols` (≤ 10). Bound at canonical position 24 as a
|
|
231
|
+
* u32 LE length prefix ++ each cap as u64 LE (mirrors the `protocols` Vec
|
|
232
|
+
* pattern). Default [] when omitted.
|
|
233
|
+
*/
|
|
234
|
+
protocolCaps?: readonly bigint[];
|
|
235
|
+
}
|
|
236
|
+
/** Mirrors `policy_digest.rs::POLICY_PREVIEW_FIELD_COUNT`.
|
|
237
|
+
* M1-04: was 22; has_constraints removed (digest-version bump).
|
|
238
|
+
* F-Q6 (2026-06-02): 21 → 22, binds operator_grant_delay_seconds.
|
|
239
|
+
* M-1 (2026-06-11): 22 → 24, binds has_protocol_caps (23) + protocol_caps (24). */
|
|
240
|
+
export declare const POLICY_PREVIEW_FIELD_COUNT = 24;
|
|
241
|
+
/**
|
|
242
|
+
* Phase 8 PEN-CROSS-1 (Council ISC-141): SHA-256 of the Borsh-encoded
|
|
243
|
+
* empty `Vec<(Pubkey, u8)>` — i.e. SHA-256 of [0x00, 0x00, 0x00, 0x00].
|
|
244
|
+
* Deterministic; pinned across Rust (`policy_digest.rs::EMPTY_AGENT_SET_HASH`)
|
|
245
|
+
* and TypeScript (this constant). Used by `computePolicyPreviewDigest`
|
|
246
|
+
* when the caller omits `agentSetHash` (legacy fixture path).
|
|
247
|
+
*/
|
|
248
|
+
export declare const EMPTY_AGENT_SET_HASH: Uint8Array;
|
|
249
|
+
/**
|
|
250
|
+
* Compute the canonical `agent_set_hash` from a list of agents. SHA-256
|
|
251
|
+
* over Borsh of `Vec<(Pubkey, u8 capability)>` sorted by pubkey ascending.
|
|
252
|
+
* Mirrors `policy_digest.rs::compute_agent_set_hash` byte-for-byte.
|
|
253
|
+
*
|
|
254
|
+
* Pass the result into `computePolicyPreviewDigest({ ...fields, agentSetHash })`.
|
|
255
|
+
*
|
|
256
|
+
* @throws if any pubkey doesn't base58-decode to 32 bytes
|
|
257
|
+
*/
|
|
258
|
+
export declare function computeAgentSetHash(agents: ReadonlyArray<{
|
|
259
|
+
pubkey: Address | string;
|
|
260
|
+
capability: number;
|
|
261
|
+
}>): Uint8Array;
|
|
262
|
+
/**
|
|
263
|
+
* Compute the canonical SHA-256 of the policy preview fields.
|
|
264
|
+
*
|
|
265
|
+
* Returns a 32-byte Uint8Array. Identical to the on-chain helper
|
|
266
|
+
* `compute_policy_preview_digest` for the same input.
|
|
267
|
+
*
|
|
268
|
+
* @throws if any pubkey doesn't base58-decode to exactly 32 bytes
|
|
269
|
+
* @throws if a u64 is negative or out of range
|
|
270
|
+
*/
|
|
271
|
+
export declare function computePolicyPreviewDigest(fields: PolicyPreviewFields): Uint8Array;
|
|
272
|
+
/**
|
|
273
|
+
* Equivalent of `Buffer.equals` for two `Uint8Array` digests. Re-exported
|
|
274
|
+
* from `../canonical-encode.ts` (constant-time XOR-accumulate; no early
|
|
275
|
+
* exit) so callers that previously imported it from this module continue
|
|
276
|
+
* to work after Batch C.
|
|
277
|
+
*/
|
|
278
|
+
export declare const digestsEqual: typeof canonicalDigestsEqual;
|
|
279
|
+
//# sourceMappingURL=compute-policy-preview-digest.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"compute-policy-preview-digest.d.ts","sourceRoot":"","sources":["../../src/policy/compute-policy-preview-digest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+FG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAML,YAAY,IAAI,qBAAqB,EACtC,MAAM,wBAAwB,CAAC;AAEhC;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,8DAA8D;IAC9D,mBAAmB,EAAE,MAAM,CAAC;IAC5B,eAAe;IACf,qBAAqB,EAAE,MAAM,CAAC;IAC9B,6BAA6B;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,gBAAgB,EAAE,MAAM,CAAC;IACzB,wEAAwE;IACxE,YAAY,EAAE,MAAM,CAAC;IACrB,mEAAmE;IACnE,SAAS,EAAE,SAAS,CAAC,OAAO,GAAG,MAAM,CAAC,EAAE,CAAC;IACzC,yEAAyE;IACzE,eAAe,EAAE,MAAM,CAAC;IACxB,yEAAyE;IACzE,mBAAmB,EAAE,SAAS,CAAC,OAAO,GAAG,MAAM,CAAC,EAAE,CAAC;IACnD,oEAAoE;IACpE,gBAAgB,EAAE,MAAM,CAAC;IACzB,+DAA+D;IAC/D,oBAAoB,EAAE,MAAM,CAAC;IAC7B,4EAA4E;IAC5E,WAAW,EAAE,OAAO,CAAC;IAErB,iFAAiF;IACjF,iBAAiB,EAAE,MAAM,CAAC;IAC1B;;;;OAIG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;;;;;;;OAQG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B;;;;;OAKG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;;;;OAMG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC;;;;;;;;;OASG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB;;;;;;;;OAQG;IACH,YAAY,CAAC,EAAE,UAAU,CAAC;IAC1B;;;;;;;;;;;OAWG;IACH,mBAAmB,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC;IACpD;;;;;;;;OAQG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC;;;;;;OAMG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAClC;AAgCD;;;oFAGoF;AACpF,eAAO,MAAM,0BAA0B,KAAK,CAAC;AAE7C;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,EAAE,UAG/B,CAAC;AAEL;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,aAAa,CAAC;IAAE,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC,GACtE,UAAU,CA8BZ;AA8DD;;;;;;;;GAQG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,mBAAmB,GAC1B,UAAU,CAmIZ;AAED;;;;;GAKG;AACH,eAAO,MAAM,YAAY,8BAAwB,CAAC"}
|