@usesigil/kit 0.16.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -0
- package/dist/advanced-analytics.d.ts +3 -2
- package/dist/advanced-analytics.d.ts.map +1 -1
- package/dist/advanced-analytics.js +9 -42
- package/dist/advanced-analytics.js.map +1 -1
- package/dist/agent-bootstrap.d.ts +1 -2
- package/dist/agent-bootstrap.d.ts.map +1 -1
- package/dist/agent-bootstrap.js.map +1 -1
- package/dist/agent-errors.d.ts +20 -4
- package/dist/agent-errors.d.ts.map +1 -1
- package/dist/agent-errors.js +864 -367
- package/dist/agent-errors.js.map +1 -1
- package/dist/audit-log.d.ts +101 -0
- package/dist/audit-log.d.ts.map +1 -0
- package/dist/audit-log.js +145 -0
- package/dist/audit-log.js.map +1 -0
- package/dist/caip2-network.d.ts +171 -0
- package/dist/caip2-network.d.ts.map +1 -0
- package/dist/caip2-network.js +202 -0
- package/dist/caip2-network.js.map +1 -0
- package/dist/canonical-encode.d.ts +59 -0
- package/dist/canonical-encode.d.ts.map +1 -0
- package/dist/canonical-encode.js +141 -0
- package/dist/canonical-encode.js.map +1 -0
- package/dist/cosign-helper.d.ts +264 -0
- package/dist/cosign-helper.d.ts.map +1 -0
- package/dist/cosign-helper.js +147 -0
- package/dist/cosign-helper.js.map +1 -0
- package/dist/create-vault.d.ts +92 -0
- package/dist/create-vault.d.ts.map +1 -1
- package/dist/create-vault.js +108 -7
- package/dist/create-vault.js.map +1 -1
- package/dist/dashboard/close-vault.d.ts +110 -0
- package/dist/dashboard/close-vault.d.ts.map +1 -0
- package/dist/dashboard/close-vault.js +165 -0
- package/dist/dashboard/close-vault.js.map +1 -0
- package/dist/dashboard/errors.d.ts +2 -2
- package/dist/dashboard/errors.d.ts.map +1 -1
- package/dist/dashboard/errors.js +11 -7
- package/dist/dashboard/errors.js.map +1 -1
- package/dist/dashboard/index.d.ts +190 -34
- package/dist/dashboard/index.d.ts.map +1 -1
- package/dist/dashboard/index.js +282 -52
- package/dist/dashboard/index.js.map +1 -1
- package/dist/dashboard/mutations.d.ts +153 -24
- package/dist/dashboard/mutations.d.ts.map +1 -1
- package/dist/dashboard/mutations.js +680 -114
- package/dist/dashboard/mutations.js.map +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts.map +1 -1
- package/dist/dashboard/post-assertion-validation.js +169 -48
- package/dist/dashboard/post-assertion-validation.js.map +1 -1
- package/dist/dashboard/reads.d.ts +3 -4
- package/dist/dashboard/reads.d.ts.map +1 -1
- package/dist/dashboard/reads.js +11 -22
- package/dist/dashboard/reads.js.map +1 -1
- package/dist/dashboard/types.d.ts +56 -19
- package/dist/dashboard/types.d.ts.map +1 -1
- package/dist/errors/agent-errors.generated.d.ts +21 -0
- package/dist/errors/agent-errors.generated.d.ts.map +1 -0
- package/dist/errors/agent-errors.generated.js +134 -0
- package/dist/errors/agent-errors.generated.js.map +1 -0
- package/dist/errors/codes.d.ts +21 -2
- package/dist/errors/codes.d.ts.map +1 -1
- package/dist/errors/codes.js +19 -0
- package/dist/errors/codes.js.map +1 -1
- package/dist/errors/context.d.ts +9 -1
- package/dist/errors/context.d.ts.map +1 -1
- package/dist/event-analytics.d.ts +1 -3
- package/dist/event-analytics.d.ts.map +1 -1
- package/dist/event-analytics.js +28 -81
- package/dist/event-analytics.js.map +1 -1
- package/dist/events.d.ts.map +1 -1
- package/dist/events.js +23 -14
- package/dist/events.js.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.d.ts +60 -0
- package/dist/generated/accounts/agentSpendOverlay.d.ts.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.js +6 -2
- package/dist/generated/accounts/agentSpendOverlay.js.map +1 -1
- package/dist/generated/accounts/agentVault.d.ts +168 -4
- package/dist/generated/accounts/agentVault.d.ts.map +1 -1
- package/dist/generated/accounts/agentVault.js +11 -3
- package/dist/generated/accounts/agentVault.js.map +1 -1
- package/dist/generated/accounts/auditLogRejected.d.ts +66 -0
- package/dist/generated/accounts/auditLogRejected.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogRejected.js +68 -0
- package/dist/generated/accounts/auditLogRejected.js.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts +78 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.js +68 -0
- package/dist/generated/accounts/auditLogSuccess.js.map +1 -0
- package/dist/generated/accounts/index.d.ts +4 -4
- package/dist/generated/accounts/index.d.ts.map +1 -1
- package/dist/generated/accounts/index.js +4 -4
- package/dist/generated/accounts/index.js.map +1 -1
- package/dist/generated/accounts/pendingAgentGrant.d.ts +199 -0
- package/dist/generated/accounts/pendingAgentGrant.d.ts.map +1 -0
- package/dist/generated/accounts/pendingAgentGrant.js +75 -0
- package/dist/generated/accounts/pendingAgentGrant.js.map +1 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts +64 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js +7 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts +131 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js +76 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js.map +1 -0
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts +200 -4
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js +19 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js.map +1 -1
- package/dist/generated/accounts/policyConfig.d.ts +479 -36
- package/dist/generated/accounts/policyConfig.d.ts.map +1 -1
- package/dist/generated/accounts/policyConfig.js +30 -3
- package/dist/generated/accounts/policyConfig.js.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.d.ts +2 -2
- package/dist/generated/accounts/postExecutionAssertions.d.ts.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.js +3 -3
- package/dist/generated/accounts/sessionAuthority.d.ts +140 -12
- package/dist/generated/accounts/sessionAuthority.d.ts.map +1 -1
- package/dist/generated/accounts/sessionAuthority.js +9 -7
- package/dist/generated/accounts/sessionAuthority.js.map +1 -1
- package/dist/generated/accounts/spendTracker.d.ts +83 -3
- package/dist/generated/accounts/spendTracker.d.ts.map +1 -1
- package/dist/generated/accounts/spendTracker.js +14 -2
- package/dist/generated/accounts/spendTracker.js.map +1 -1
- package/dist/generated/errors/sigil.d.ts +131 -83
- package/dist/generated/errors/sigil.d.ts.map +1 -1
- package/dist/generated/errors/sigil.js +178 -106
- package/dist/generated/errors/sigil.js.map +1 -1
- package/dist/generated/event-discriminators.d.ts.map +1 -1
- package/dist/generated/event-discriminators.js +11 -14
- package/dist/generated/event-discriminators.js.map +1 -1
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts +142 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts +85 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js.map +1 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts +100 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{applyConstraintsUpdate.js → applyAgentGrant.js} +66 -42
- package/dist/generated/instructions/applyAgentGrant.js.map +1 -0
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts +31 -8
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js +38 -2
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.d.ts +18 -7
- package/dist/generated/instructions/applyPendingPolicy.d.ts.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.js +38 -2
- package/dist/generated/instructions/applyPendingPolicy.js.map +1 -1
- package/dist/generated/instructions/cancelAgentGrant.d.ts +106 -0
- package/dist/generated/instructions/cancelAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{allocatePendingConstraintsPda.js → cancelAgentGrant.js} +54 -42
- package/dist/generated/instructions/cancelAgentGrant.js.map +1 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts +121 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/{queueCloseConstraints.js → cancelOwnershipTransfer.js} +58 -44
- package/dist/generated/instructions/cancelOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/closePostAssertions.d.ts +6 -1
- package/dist/generated/instructions/closePostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/closePostAssertions.js +11 -3
- package/dist/generated/instructions/closePostAssertions.js.map +1 -1
- package/dist/generated/instructions/closeVault.d.ts +40 -8
- package/dist/generated/instructions/closeVault.d.ts.map +1 -1
- package/dist/generated/instructions/closeVault.js +40 -2
- package/dist/generated/instructions/closeVault.js.map +1 -1
- package/dist/generated/instructions/createPostAssertions.d.ts +4 -0
- package/dist/generated/instructions/createPostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/createPostAssertions.js +2 -0
- package/dist/generated/instructions/createPostAssertions.js.map +1 -1
- package/dist/generated/instructions/depositFunds.d.ts +21 -10
- package/dist/generated/instructions/depositFunds.d.ts.map +1 -1
- package/dist/generated/instructions/depositFunds.js +37 -2
- package/dist/generated/instructions/depositFunds.js.map +1 -1
- package/dist/generated/instructions/finalizeSession.d.ts +49 -7
- package/dist/generated/instructions/finalizeSession.d.ts.map +1 -1
- package/dist/generated/instructions/finalizeSession.js +59 -2
- package/dist/generated/instructions/finalizeSession.js.map +1 -1
- package/dist/generated/instructions/freezeVault.d.ts +36 -5
- package/dist/generated/instructions/freezeVault.d.ts.map +1 -1
- package/dist/generated/instructions/freezeVault.js +65 -4
- package/dist/generated/instructions/freezeVault.js.map +1 -1
- package/dist/generated/instructions/index.d.ts +10 -15
- package/dist/generated/instructions/index.d.ts.map +1 -1
- package/dist/generated/instructions/index.js +10 -15
- package/dist/generated/instructions/index.js.map +1 -1
- package/dist/generated/instructions/initializeVault.d.ts +79 -9
- package/dist/generated/instructions/initializeVault.d.ts.map +1 -1
- package/dist/generated/instructions/initializeVault.js +57 -3
- package/dist/generated/instructions/initializeVault.js.map +1 -1
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts +106 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js +181 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/pauseAgent.d.ts +49 -5
- package/dist/generated/instructions/pauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/pauseAgent.js +80 -5
- package/dist/generated/instructions/pauseAgent.js.map +1 -1
- package/dist/generated/instructions/promoteGraylistDestination.d.ts +56 -0
- package/dist/generated/instructions/promoteGraylistDestination.d.ts.map +1 -0
- package/dist/generated/instructions/{createInstructionConstraints.js → promoteGraylistDestination.js} +23 -40
- package/dist/generated/instructions/promoteGraylistDestination.js.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts +113 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.js +181 -0
- package/dist/generated/instructions/queueAgentGrant.js.map +1 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts +8 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js +4 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.d.ts +32 -0
- package/dist/generated/instructions/queuePolicyUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.js +17 -1
- package/dist/generated/instructions/queuePolicyUpdate.js.map +1 -1
- package/dist/generated/instructions/reactivateVault.d.ts +71 -5
- package/dist/generated/instructions/reactivateVault.d.ts.map +1 -1
- package/dist/generated/instructions/reactivateVault.js +80 -5
- package/dist/generated/instructions/reactivateVault.js.map +1 -1
- package/dist/generated/instructions/recordAgentViolation.d.ts +89 -0
- package/dist/generated/instructions/recordAgentViolation.d.ts.map +1 -0
- package/dist/generated/instructions/recordAgentViolation.js +152 -0
- package/dist/generated/instructions/recordAgentViolation.js.map +1 -0
- package/dist/generated/instructions/registerAgent.d.ts +84 -6
- package/dist/generated/instructions/registerAgent.d.ts.map +1 -1
- package/dist/generated/instructions/registerAgent.js +81 -4
- package/dist/generated/instructions/registerAgent.js.map +1 -1
- package/dist/generated/instructions/revokeAgent.d.ts +49 -6
- package/dist/generated/instructions/revokeAgent.d.ts.map +1 -1
- package/dist/generated/instructions/revokeAgent.js +81 -4
- package/dist/generated/instructions/revokeAgent.js.map +1 -1
- package/dist/generated/instructions/setObserveOnly.d.ts +56 -0
- package/dist/generated/instructions/setObserveOnly.d.ts.map +1 -0
- package/dist/generated/instructions/setObserveOnly.js +111 -0
- package/dist/generated/instructions/setObserveOnly.js.map +1 -0
- package/dist/generated/instructions/unpauseAgent.d.ts +46 -5
- package/dist/generated/instructions/unpauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/unpauseAgent.js +80 -5
- package/dist/generated/instructions/unpauseAgent.js.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.d.ts +29 -0
- package/dist/generated/instructions/validateAndAuthorize.d.ts.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.js +4 -0
- package/dist/generated/instructions/validateAndAuthorize.js.map +1 -1
- package/dist/generated/instructions/withdrawFunds.d.ts +53 -11
- package/dist/generated/instructions/withdrawFunds.d.ts.map +1 -1
- package/dist/generated/instructions/withdrawFunds.js +51 -2
- package/dist/generated/instructions/withdrawFunds.js.map +1 -1
- package/dist/generated/programs/sigil.d.ts +79 -99
- package/dist/generated/programs/sigil.d.ts.map +1 -1
- package/dist/generated/programs/sigil.js +139 -199
- package/dist/generated/programs/sigil.js.map +1 -1
- package/dist/generated/types/actionAuthorized.d.ts +0 -2
- package/dist/generated/types/actionAuthorized.d.ts.map +1 -1
- package/dist/generated/types/actionAuthorized.js +0 -2
- package/dist/generated/types/actionAuthorized.js.map +1 -1
- package/dist/generated/types/agentAutoRevoked.d.ts +31 -0
- package/dist/generated/types/agentAutoRevoked.d.ts.map +1 -0
- package/dist/generated/types/{orphanConstraintsPdaCleaned.js → agentAutoRevoked.js} +12 -8
- package/dist/generated/types/agentAutoRevoked.js.map +1 -0
- package/dist/generated/types/agentEntry.d.ts +48 -0
- package/dist/generated/types/agentEntry.d.ts.map +1 -1
- package/dist/generated/types/agentEntry.js +4 -2
- package/dist/generated/types/agentEntry.js.map +1 -1
- package/dist/generated/types/agentGrantApplied.d.ts +38 -0
- package/dist/generated/types/agentGrantApplied.d.ts.map +1 -0
- package/dist/generated/types/agentGrantApplied.js +34 -0
- package/dist/generated/types/agentGrantApplied.js.map +1 -0
- package/dist/generated/types/agentGrantCancelled.d.ts +33 -0
- package/dist/generated/types/agentGrantCancelled.d.ts.map +1 -0
- package/dist/generated/types/agentGrantCancelled.js +28 -0
- package/dist/generated/types/agentGrantCancelled.js.map +1 -0
- package/dist/generated/types/agentGrantQueued.d.ts +38 -0
- package/dist/generated/types/agentGrantQueued.d.ts.map +1 -0
- package/dist/generated/types/agentGrantQueued.js +32 -0
- package/dist/generated/types/agentGrantQueued.js.map +1 -0
- package/dist/generated/types/auditEntry.d.ts +120 -0
- package/dist/generated/types/auditEntry.d.ts.map +1 -0
- package/dist/generated/types/auditEntry.js +34 -0
- package/dist/generated/types/auditEntry.js.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts +32 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.js +24 -0
- package/dist/generated/types/destinationGraylistEntry.js.map +1 -0
- package/dist/generated/types/graylistEntered.d.ts +31 -0
- package/dist/generated/types/graylistEntered.d.ts.map +1 -0
- package/dist/generated/types/graylistEntered.js +30 -0
- package/dist/generated/types/graylistEntered.js.map +1 -0
- package/dist/generated/types/graylistPromoted.d.ts +29 -0
- package/dist/generated/types/graylistPromoted.d.ts.map +1 -0
- package/dist/generated/types/graylistPromoted.js +28 -0
- package/dist/generated/types/graylistPromoted.js.map +1 -0
- package/dist/generated/types/index.d.ts +13 -22
- package/dist/generated/types/index.d.ts.map +1 -1
- package/dist/generated/types/index.js +13 -22
- package/dist/generated/types/index.js.map +1 -1
- package/dist/generated/types/observeOnlyChanged.d.ts +33 -0
- package/dist/generated/types/observeOnlyChanged.d.ts.map +1 -0
- package/dist/generated/types/observeOnlyChanged.js +32 -0
- package/dist/generated/types/observeOnlyChanged.js.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts +32 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.js +30 -0
- package/dist/generated/types/ownershipTransferAccepted.js.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts +29 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.js +28 -0
- package/dist/generated/types/ownershipTransferCancelled.js.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts +33 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.js +30 -0
- package/dist/generated/types/ownershipTransferInitiated.js.map +1 -0
- package/dist/generated/types/perRecipientCounter.d.ts +61 -0
- package/dist/generated/types/perRecipientCounter.d.ts.map +1 -0
- package/dist/generated/types/perRecipientCounter.js +26 -0
- package/dist/generated/types/perRecipientCounter.js.map +1 -0
- package/dist/generated/types/postAssertionEntry.d.ts +14 -7
- package/dist/generated/types/postAssertionEntry.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntry.js +5 -7
- package/dist/generated/types/postAssertionEntry.js.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.d.ts +53 -22
- package/dist/generated/types/postAssertionEntryZC.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.js +4 -6
- package/dist/generated/types/postAssertionEntryZC.js.map +1 -1
- package/dist/generated/types/sessionFinalized.d.ts +0 -4
- package/dist/generated/types/sessionFinalized.d.ts.map +1 -1
- package/dist/generated/types/sessionFinalized.js +0 -2
- package/dist/generated/types/sessionFinalized.js.map +1 -1
- package/dist/generated/types/vaultFrozen.d.ts +14 -0
- package/dist/generated/types/vaultFrozen.d.ts.map +1 -1
- package/dist/generated/types/vaultFrozen.js +2 -0
- package/dist/generated/types/vaultFrozen.js.map +1 -1
- package/dist/index.d.ts +31 -9
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +67 -11
- package/dist/index.js.map +1 -1
- package/dist/inspector.d.ts +0 -23
- package/dist/inspector.d.ts.map +1 -1
- package/dist/inspector.js +0 -52
- package/dist/inspector.js.map +1 -1
- package/dist/kit-adapter.d.ts +1 -1
- package/dist/kit-adapter.d.ts.map +1 -1
- package/dist/kit-adapter.js +1 -1
- package/dist/kit-adapter.js.map +1 -1
- package/dist/multisig-detection.d.ts +83 -0
- package/dist/multisig-detection.d.ts.map +1 -0
- package/dist/multisig-detection.js +128 -0
- package/dist/multisig-detection.js.map +1 -0
- package/dist/ownership-transfer.d.ts +79 -0
- package/dist/ownership-transfer.d.ts.map +1 -0
- package/dist/ownership-transfer.js +66 -0
- package/dist/ownership-transfer.js.map +1 -0
- package/dist/policy/compute-agent-perms-cosign-digest.d.ts +51 -0
- package/dist/policy/compute-agent-perms-cosign-digest.d.ts.map +1 -0
- package/dist/policy/compute-agent-perms-cosign-digest.js +55 -0
- package/dist/policy/compute-agent-perms-cosign-digest.js.map +1 -0
- package/dist/policy/compute-cosign-digest.d.ts +193 -0
- package/dist/policy/compute-cosign-digest.d.ts.map +1 -0
- package/dist/policy/compute-cosign-digest.js +318 -0
- package/dist/policy/compute-cosign-digest.js.map +1 -0
- package/dist/policy/compute-policy-preview-digest.d.ts +279 -0
- package/dist/policy/compute-policy-preview-digest.d.ts.map +1 -0
- package/dist/policy/compute-policy-preview-digest.js +373 -0
- package/dist/policy/compute-policy-preview-digest.js.map +1 -0
- package/dist/policy-attestation.d.ts +51 -0
- package/dist/policy-attestation.d.ts.map +1 -0
- package/dist/policy-attestation.js +43 -0
- package/dist/policy-attestation.js.map +1 -0
- package/dist/preview-create-vault.d.ts.map +1 -1
- package/dist/preview-create-vault.js +37 -16
- package/dist/preview-create-vault.js.map +1 -1
- package/dist/resolve-accounts.d.ts +75 -10
- package/dist/resolve-accounts.d.ts.map +1 -1
- package/dist/resolve-accounts.js +68 -32
- package/dist/resolve-accounts.js.map +1 -1
- package/dist/rpc-helpers.d.ts +29 -3
- package/dist/rpc-helpers.d.ts.map +1 -1
- package/dist/rpc-helpers.js +51 -12
- package/dist/rpc-helpers.js.map +1 -1
- package/dist/seal/intent-digest.d.ts +195 -0
- package/dist/seal/intent-digest.d.ts.map +1 -0
- package/dist/seal/intent-digest.js +372 -0
- package/dist/seal/intent-digest.js.map +1 -0
- package/dist/seal.d.ts +166 -3
- package/dist/seal.d.ts.map +1 -1
- package/dist/seal.js +428 -32
- package/dist/seal.js.map +1 -1
- package/dist/security-analytics.d.ts +3 -3
- package/dist/security-analytics.d.ts.map +1 -1
- package/dist/security-analytics.js +13 -128
- package/dist/security-analytics.js.map +1 -1
- package/dist/session-mint.d.ts +72 -0
- package/dist/session-mint.d.ts.map +1 -0
- package/dist/session-mint.js +59 -0
- package/dist/session-mint.js.map +1 -0
- package/dist/simulation.d.ts +19 -0
- package/dist/simulation.d.ts.map +1 -1
- package/dist/simulation.js +187 -95
- package/dist/simulation.js.map +1 -1
- package/dist/squads-detection.d.ts +135 -0
- package/dist/squads-detection.d.ts.map +1 -0
- package/dist/squads-detection.js +124 -0
- package/dist/squads-detection.js.map +1 -0
- package/dist/state-resolver.d.ts +0 -16
- package/dist/state-resolver.d.ts.map +1 -1
- package/dist/state-resolver.js +162 -97
- package/dist/state-resolver.js.map +1 -1
- package/dist/testing/devnet.d.ts +40 -1
- package/dist/testing/devnet.d.ts.map +1 -1
- package/dist/testing/devnet.js +333 -44
- package/dist/testing/devnet.js.map +1 -1
- package/dist/testing/errors/expect.d.ts +1 -1
- package/dist/testing/errors/expect.js +1 -1
- package/dist/testing/errors/names.generated.d.ts +82 -58
- package/dist/testing/errors/names.generated.d.ts.map +1 -1
- package/dist/testing/errors/names.generated.js +83 -59
- package/dist/testing/errors/names.generated.js.map +1 -1
- package/dist/testing/mock-rpc.d.ts +8 -0
- package/dist/testing/mock-rpc.d.ts.map +1 -1
- package/dist/testing/mock-rpc.js +13 -0
- package/dist/testing/mock-rpc.js.map +1 -1
- package/dist/testing/mock-state.d.ts +2 -0
- package/dist/testing/mock-state.d.ts.map +1 -1
- package/dist/testing/mock-state.js +43 -4
- package/dist/testing/mock-state.js.map +1 -1
- package/dist/types.d.ts +5 -15
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +11 -69
- package/dist/types.js.map +1 -1
- package/dist/vault-analytics.d.ts +0 -2
- package/dist/vault-analytics.d.ts.map +1 -1
- package/dist/vault-analytics.js +1 -9
- package/dist/vault-analytics.js.map +1 -1
- package/package.json +7 -12
- package/dist/constraints/index.d.ts +0 -23
- package/dist/constraints/index.d.ts.map +0 -1
- package/dist/constraints/index.js +0 -24
- package/dist/constraints/index.js.map +0 -1
- package/dist/dashboard/constraint-builders.d.ts +0 -82
- package/dist/dashboard/constraint-builders.d.ts.map +0 -1
- package/dist/dashboard/constraint-builders.js +0 -204
- package/dist/dashboard/constraint-builders.js.map +0 -1
- package/dist/dashboard/constraint-reads.d.ts +0 -50
- package/dist/dashboard/constraint-reads.d.ts.map +0 -1
- package/dist/dashboard/constraint-reads.js +0 -119
- package/dist/dashboard/constraint-reads.js.map +0 -1
- package/dist/generated/accounts/escrowDeposit.d.ts +0 -50
- package/dist/generated/accounts/escrowDeposit.d.ts.map +0 -1
- package/dist/generated/accounts/escrowDeposit.js +0 -76
- package/dist/generated/accounts/escrowDeposit.js.map +0 -1
- package/dist/generated/accounts/instructionConstraints.d.ts +0 -46
- package/dist/generated/accounts/instructionConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/instructionConstraints.js +0 -73
- package/dist/generated/accounts/instructionConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.d.ts +0 -49
- package/dist/generated/accounts/pendingCloseConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.js +0 -68
- package/dist/generated/accounts/pendingCloseConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts +0 -76
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.js +0 -77
- package/dist/generated/accounts/pendingConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.d.ts +0 -62
- package/dist/generated/instructions/allocateConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.js +0 -134
- package/dist/generated/instructions/allocateConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts +0 -66
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.d.ts +0 -59
- package/dist/generated/instructions/applyCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.js +0 -143
- package/dist/generated/instructions/applyCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts +0 -62
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.d.ts +0 -51
- package/dist/generated/instructions/cancelCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.js +0 -115
- package/dist/generated/instructions/cancelCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts +0 -51
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.js +0 -115
- package/dist/generated/instructions/cancelConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts +0 -67
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js +0 -120
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.d.ts +0 -72
- package/dist/generated/instructions/closeSettledEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.js +0 -127
- package/dist/generated/instructions/closeSettledEscrow.js.map +0 -1
- package/dist/generated/instructions/createEscrow.d.ts +0 -131
- package/dist/generated/instructions/createEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/createEscrow.js +0 -272
- package/dist/generated/instructions/createEscrow.js.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.d.ts +0 -68
- package/dist/generated/instructions/createInstructionConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.js.map +0 -1
- package/dist/generated/instructions/extendPda.d.ts +0 -52
- package/dist/generated/instructions/extendPda.d.ts.map +0 -1
- package/dist/generated/instructions/extendPda.js +0 -86
- package/dist/generated/instructions/extendPda.js.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.d.ts +0 -66
- package/dist/generated/instructions/queueCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts +0 -75
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.js +0 -154
- package/dist/generated/instructions/queueConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/refundEscrow.d.ts +0 -74
- package/dist/generated/instructions/refundEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/refundEscrow.js +0 -142
- package/dist/generated/instructions/refundEscrow.js.map +0 -1
- package/dist/generated/instructions/settleEscrow.d.ts +0 -80
- package/dist/generated/instructions/settleEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/settleEscrow.js +0 -173
- package/dist/generated/instructions/settleEscrow.js.map +0 -1
- package/dist/generated/types/accountConstraint.d.ts +0 -33
- package/dist/generated/types/accountConstraint.d.ts.map +0 -1
- package/dist/generated/types/accountConstraint.js +0 -26
- package/dist/generated/types/accountConstraint.js.map +0 -1
- package/dist/generated/types/accountConstraintZC.d.ts +0 -25
- package/dist/generated/types/accountConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/accountConstraintZC.js +0 -28
- package/dist/generated/types/accountConstraintZC.js.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.d.ts +0 -20
- package/dist/generated/types/closeConstraintsApplied.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.js +0 -24
- package/dist/generated/types/closeConstraintsApplied.js.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.d.ts +0 -16
- package/dist/generated/types/closeConstraintsCancelled.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.js +0 -18
- package/dist/generated/types/closeConstraintsCancelled.js.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.d.ts +0 -20
- package/dist/generated/types/closeConstraintsQueued.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.js +0 -24
- package/dist/generated/types/closeConstraintsQueued.js.map +0 -1
- package/dist/generated/types/constraintEntry.d.ts +0 -35
- package/dist/generated/types/constraintEntry.d.ts.map +0 -1
- package/dist/generated/types/constraintEntry.js +0 -29
- package/dist/generated/types/constraintEntry.js.map +0 -1
- package/dist/generated/types/constraintEntryZC.d.ts +0 -73
- package/dist/generated/types/constraintEntryZC.d.ts.map +0 -1
- package/dist/generated/types/constraintEntryZC.js +0 -49
- package/dist/generated/types/constraintEntryZC.js.map +0 -1
- package/dist/generated/types/constraintOperator.d.ts +0 -22
- package/dist/generated/types/constraintOperator.d.ts.map +0 -1
- package/dist/generated/types/constraintOperator.js +0 -28
- package/dist/generated/types/constraintOperator.js.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.d.ts +0 -30
- package/dist/generated/types/constraintsChangeApplied.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.js +0 -32
- package/dist/generated/types/constraintsChangeApplied.js.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.d.ts +0 -16
- package/dist/generated/types/constraintsChangeCancelled.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.js +0 -18
- package/dist/generated/types/constraintsChangeCancelled.js.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.d.ts +0 -30
- package/dist/generated/types/constraintsChangeQueued.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.js +0 -32
- package/dist/generated/types/constraintsChangeQueued.js.map +0 -1
- package/dist/generated/types/dataConstraint.d.ts +0 -23
- package/dist/generated/types/dataConstraint.d.ts.map +0 -1
- package/dist/generated/types/dataConstraint.js +0 -27
- package/dist/generated/types/dataConstraint.js.map +0 -1
- package/dist/generated/types/dataConstraintZC.d.ts +0 -20
- package/dist/generated/types/dataConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/dataConstraintZC.js +0 -30
- package/dist/generated/types/dataConstraintZC.js.map +0 -1
- package/dist/generated/types/discriminatorFormat.d.ts +0 -25
- package/dist/generated/types/discriminatorFormat.d.ts.map +0 -1
- package/dist/generated/types/discriminatorFormat.js +0 -31
- package/dist/generated/types/discriminatorFormat.js.map +0 -1
- package/dist/generated/types/escrowCreated.d.ts +0 -30
- package/dist/generated/types/escrowCreated.d.ts.map +0 -1
- package/dist/generated/types/escrowCreated.js +0 -34
- package/dist/generated/types/escrowCreated.js.map +0 -1
- package/dist/generated/types/escrowRefunded.d.ts +0 -26
- package/dist/generated/types/escrowRefunded.d.ts.map +0 -1
- package/dist/generated/types/escrowRefunded.js +0 -30
- package/dist/generated/types/escrowRefunded.js.map +0 -1
- package/dist/generated/types/escrowSettled.d.ts +0 -26
- package/dist/generated/types/escrowSettled.d.ts.map +0 -1
- package/dist/generated/types/escrowSettled.js +0 -30
- package/dist/generated/types/escrowSettled.js.map +0 -1
- package/dist/generated/types/escrowStatus.d.ts +0 -18
- package/dist/generated/types/escrowStatus.d.ts.map +0 -1
- package/dist/generated/types/escrowStatus.js +0 -24
- package/dist/generated/types/escrowStatus.js.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.d.ts +0 -34
- package/dist/generated/types/instructionConstraintsCreated.d.ts.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.js +0 -36
- package/dist/generated/types/instructionConstraintsCreated.js.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts +0 -22
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.js.map +0 -1
- package/dist/generated/types/pdaAllocated.d.ts +0 -24
- package/dist/generated/types/pdaAllocated.d.ts.map +0 -1
- package/dist/generated/types/pdaAllocated.js +0 -28
- package/dist/generated/types/pdaAllocated.js.map +0 -1
- package/dist/generated/types/pdaExtended.d.ts +0 -24
- package/dist/generated/types/pdaExtended.d.ts.map +0 -1
- package/dist/generated/types/pdaExtended.js +0 -28
- package/dist/generated/types/pdaExtended.js.map +0 -1
- package/dist/post-assertions/cross-field-lte.d.ts +0 -134
- package/dist/post-assertions/cross-field-lte.d.ts.map +0 -1
- package/dist/post-assertions/cross-field-lte.js +0 -129
- package/dist/post-assertions/cross-field-lte.js.map +0 -1
- package/dist/post-assertions/index.d.ts +0 -28
- package/dist/post-assertions/index.d.ts.map +0 -1
- package/dist/post-assertions/index.js +0 -28
- package/dist/post-assertions/index.js.map +0 -1
- package/dist/post-assertions/presets/flash-trade.d.ts +0 -139
- package/dist/post-assertions/presets/flash-trade.d.ts.map +0 -1
- package/dist/post-assertions/presets/flash-trade.js +0 -154
- package/dist/post-assertions/presets/flash-trade.js.map +0 -1
- package/dist/protocol-registry/annotations/drift.json +0 -7
- package/dist/protocol-registry/annotations/flash-trade.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-borrow.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-earn.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-lend.json +0 -7
- package/dist/protocol-registry/annotations/jupiter.json +0 -7
- package/dist/protocol-registry/annotations/kamino.json +0 -7
- package/dist/protocol-registry/index.d.ts +0 -45
- package/dist/protocol-registry/index.d.ts.map +0 -1
- package/dist/protocol-registry/index.js +0 -76
- package/dist/protocol-registry/index.js.map +0 -1
- package/dist/protocol-tier.d.ts +0 -157
- package/dist/protocol-tier.d.ts.map +0 -1
- package/dist/protocol-tier.js +0 -104
- package/dist/protocol-tier.js.map +0 -1
|
@@ -0,0 +1,373 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TA-19 — Canonical policy preview digest (SDK side).
|
|
3
|
+
*
|
|
4
|
+
* Mirrors `programs/sigil/src/utils/policy_digest.rs` exactly. The SDK computes
|
|
5
|
+
* this off-chain, the owner signs `queue_policy_update` / `initialize_vault`
|
|
6
|
+
* with the digest as an arg, and the on-chain handler recomputes it from the
|
|
7
|
+
* resulting policy state. If the two digests do not match the handler rejects
|
|
8
|
+
* with `PolicyPreviewMismatch` (6080).
|
|
9
|
+
*
|
|
10
|
+
* Defense rationale:
|
|
11
|
+
* - Sequence: SDK builds policy fields → SDK computes digest → owner signs
|
|
12
|
+
* the transaction (digest is in the instruction data, signed alongside).
|
|
13
|
+
* - On-chain handler reads the policy fields from the args, re-computes the
|
|
14
|
+
* same digest, and asserts equality.
|
|
15
|
+
* - The only ways the two digests can diverge are: (a) an owner blind-signed
|
|
16
|
+
* mutated fields that the SDK never told them about; (b) a rogue program
|
|
17
|
+
* tampered with the pending PDA between queue and apply (a future
|
|
18
|
+
* discriminator-collision attack). Both cases reject — the owner sees a
|
|
19
|
+
* mismatch error rather than silently committing.
|
|
20
|
+
*
|
|
21
|
+
* CANONICAL ENCODING (FIXED — DO NOT REORDER). Positions are the live byte
|
|
22
|
+
* order — see PER_FIELD_FIXED_SIZES below, the single source of truth that a
|
|
23
|
+
* module-load assertion pins against POLICY_PREVIEW_FIELD_COUNT:
|
|
24
|
+
* 1. daily_spending_cap_usd: u64 LE (8 bytes)
|
|
25
|
+
* 2. max_transaction_size_usd: u64 LE (8 bytes)
|
|
26
|
+
* 3. max_slippage_bps: u16 LE (2 bytes)
|
|
27
|
+
* 4. developer_fee_rate: u16 LE (2 bytes) — PEN-CROSS-6 (Phase 2 close-up)
|
|
28
|
+
* 5. protocol_mode: u8 (1 byte)
|
|
29
|
+
* 6. protocols: Vec<Pubkey> = u32 LE length (4 bytes) ++ each Pubkey 32 bytes
|
|
30
|
+
* 7. destination_mode: u8 (1 byte)
|
|
31
|
+
* 8. allowed_destinations: Vec<Pubkey> = u32 LE length (4 bytes) ++ each Pubkey 32 bytes
|
|
32
|
+
* 9. timelock_duration: u64 LE (8 bytes)
|
|
33
|
+
* 10. session_expiry_seconds: u64 LE (8 bytes)
|
|
34
|
+
* 11. observe_only: bool as 1 byte (0 or 1)
|
|
35
|
+
* 12. has_post_assertions: u8 (1 byte) — M1-04 removed the former
|
|
36
|
+
* has_constraints byte (digest-version bump); positions renumbered down.
|
|
37
|
+
* 13. created_at_slot: u64 LE (8 bytes) — PEN-CROSS-2 (Phase 2 close-up)
|
|
38
|
+
* 14. operating_hours: u32 LE (4 bytes) — TA-05 (Phase 3 pre-exec)
|
|
39
|
+
* 15. auto_promote_grays: bool as 1 byte (0/1) — TA-07 (Phase 3 pre-exec)
|
|
40
|
+
* 16. auto_revoke_threshold: u8 (1 byte) — TA-17 (Phase 3 pre-exec)
|
|
41
|
+
* 17. stable_balance_floor: u64 LE (8 bytes) — TA-12 (Phase 5 post-exec)
|
|
42
|
+
* 18. per_recipient_daily_cap_usd: u64 LE (8 bytes) — TA-14 (Phase 5 post-exec)
|
|
43
|
+
* 19. cosign_required: bool (1 byte 0/1) — G6 (audit 2026-05-18 cosign opt-in)
|
|
44
|
+
* 20. agent_set_hash: [u8; 32] — Phase 8 PEN-CROSS-1 (audit 2026-05-19)
|
|
45
|
+
* 21. cosign_session_pubkey: Pubkey (32 bytes) — D-5 (audit 2026-05-19, F-RP3-1)
|
|
46
|
+
* 22. operator_grant_delay_seconds: u64 LE (8 bytes) — F-Q6 (2026-06-02)
|
|
47
|
+
* 23. has_protocol_caps: bool as 1 byte (0/1) — M-1 (audit 2026-06-11)
|
|
48
|
+
* 24. protocol_caps: u32 LE length (4 bytes) ++ each cap u64 LE (8 bytes) — M-1
|
|
49
|
+
*
|
|
50
|
+
* Phase 3 append-only additions (TA-05/07/17): operating_hours,
|
|
51
|
+
* auto_promote_grays, auto_revoke_threshold are appended at positions 15-17
|
|
52
|
+
* to preserve the 14-field prefix (F-14 APPEND-ONLY rule).
|
|
53
|
+
*
|
|
54
|
+
* Phase 5 append-only additions (TA-12/TA-14): stable_balance_floor at
|
|
55
|
+
* position 17, per_recipient_daily_cap_usd at position 18. Both bound by
|
|
56
|
+
* TA-19 so silent SDK / pending-PDA mutations can't bypass the owner's
|
|
57
|
+
* signed digest.
|
|
58
|
+
*
|
|
59
|
+
* G6 append-only addition (audit 2026-05-18 cosign opt-in): cosign_required
|
|
60
|
+
* at position 19 (1 byte, 0/1). Owner's choice to opt into TA-09 cosign
|
|
61
|
+
* enforcement is part of the signed policy — a compromised SDK cannot
|
|
62
|
+
* silently disable cosign between owner approval and on-chain landing.
|
|
63
|
+
* Disabling cosign on a live policy where this is true is itself an
|
|
64
|
+
* elevated mutation per `queue_policy_update` (one-way ratchet).
|
|
65
|
+
*
|
|
66
|
+
* Phase 8 PEN-CROSS-1 append-only addition (Council ISC-66/A8/A9): the
|
|
67
|
+
* `agent_set_hash` at position 20 binds the EXISTING agent set into the
|
|
68
|
+
* signed digest. SHA-256 over Borsh of `Vec<(Pubkey, u8 capability)>`
|
|
69
|
+
* sorted by pubkey ascending. Closes the silent-insertion vector where
|
|
70
|
+
* a phished-owner `register_agent(capability=OPERATOR)` would otherwise
|
|
71
|
+
* grant operator-class without diverging the digest from the last value
|
|
72
|
+
* the owner signed. Empty Vec produces a deterministic 32-byte hash
|
|
73
|
+
* (`EMPTY_AGENT_SET_HASH` — SHA-256 of [0x00,0x00,0x00,0x00]).
|
|
74
|
+
*
|
|
75
|
+
* D-5 append-only addition (audit 2026-05-19, F-RP3-1): the
|
|
76
|
+
* `cosign_session_pubkey` at position 21 binds the owner's chosen
|
|
77
|
+
* reactivate-time cosigner pubkey into the signed digest. The
|
|
78
|
+
* `reactivate_vault` handler reads this pubkey at runtime and requires
|
|
79
|
+
* a matching `is_signer == true` entry in `remaining_accounts` whenever
|
|
80
|
+
* the operation grafts a new agent at `FULL_CAPABILITY`. A tampered SDK
|
|
81
|
+
* cannot silently flip the gate between owner approval and on-chain
|
|
82
|
+
* landing — the digest mismatch closes that gap. Default
|
|
83
|
+
* `Pubkey::default()` (32 zero bytes) means the gate is OFF; owners
|
|
84
|
+
* opt in via `queue_policy_update`.
|
|
85
|
+
*
|
|
86
|
+
* The `destination_graylist: Vec<(Pubkey, i64)>` is intentionally NOT in
|
|
87
|
+
* the digest. Graylist entries are derived/ephemeral — they auto-populate
|
|
88
|
+
* when the owner adds a destination via queue_policy_update, and they
|
|
89
|
+
* only delay an already-signed allowlist entry. Promoting via
|
|
90
|
+
* promote_graylist_destination only accelerates the existing unlock — it
|
|
91
|
+
* cannot widen the allowlist. The owner-signed digest already binds the
|
|
92
|
+
* destination allowlist (position 8).
|
|
93
|
+
*
|
|
94
|
+
* Total bounded by MAX_ALLOWED_PROTOCOLS=10 + MAX_ALLOWED_DESTINATIONS=10 at
|
|
95
|
+
* 32 bytes each + fixed scalars ≈ 700 bytes worst case.
|
|
96
|
+
*/
|
|
97
|
+
import { base58Decode32 as base58Decode, sha256, writeU16Le, writeU32Le, writeU64Le, digestsEqual as canonicalDigestsEqual, } from "../canonical-encode.js";
|
|
98
|
+
// Base58 decode + sha256 + cursor writers now live in `../canonical-encode.ts`
|
|
99
|
+
// so the AL3 SealInput intent digest (`seal/intent-digest.ts`, Phase 9
|
|
100
|
+
// Batch I) can reuse them. The shared module guarantees byte-identical
|
|
101
|
+
// output for both TA-19 and AL3 — silent encoder drift between the two
|
|
102
|
+
// would defeat the cross-impl Rust↔TS hash invariant.
|
|
103
|
+
// ── §RP-2 L-NEW-1 forward-looking ratchet (audit 2026-05-19) ────────────────
|
|
104
|
+
//
|
|
105
|
+
// Mirrors the Rust-side `POLICY_PREVIEW_FIELD_COUNT` const-assert at
|
|
106
|
+
// `programs/sigil/src/utils/policy_digest.rs:143` and the destructuring
|
|
107
|
+
// test in `field_count_invariant`. The Rust defenses are exhaustive
|
|
108
|
+
// (compile-time struct destructuring catches "field added but encoder
|
|
109
|
+
// not updated"), but the TS encoder is a plain procedural write loop —
|
|
110
|
+
// adding a 21st field to `PolicyPreviewFields` here AND bumping
|
|
111
|
+
// `POLICY_PREVIEW_FIELD_COUNT` to 21 still passes the build if the
|
|
112
|
+
// developer forgets to write the encoding line.
|
|
113
|
+
//
|
|
114
|
+
// `PER_FIELD_FIXED_SIZES` is a 1:1 array of the FIXED-WIDTH byte cost
|
|
115
|
+
// of each canonical field (excluding the variable per-element 32-byte
|
|
116
|
+
// pubkey appendages for protocols + allowed_destinations). The
|
|
117
|
+
// `EXPECTED_FIXED_SIZE` derived sum + the runtime assertion against
|
|
118
|
+
// the encoded buffer's length forces the developer to update this
|
|
119
|
+
// table AND the encoder in lockstep. Silent bypass is closed.
|
|
120
|
+
//
|
|
121
|
+
// To add a field: (1) extend `PolicyPreviewFields` (2) extend
|
|
122
|
+
// `PER_FIELD_FIXED_SIZES` with the new field's fixed byte cost (3)
|
|
123
|
+
// bump `POLICY_PREVIEW_FIELD_COUNT` (4) write the encoder line. The
|
|
124
|
+
// `assert_field_count_in_lockstep` IIFE catches step-skips at module
|
|
125
|
+
// load.
|
|
126
|
+
/** Mirrors `policy_digest.rs::POLICY_PREVIEW_FIELD_COUNT`.
|
|
127
|
+
* M1-04: was 22; has_constraints removed (digest-version bump).
|
|
128
|
+
* F-Q6 (2026-06-02): 21 → 22, binds operator_grant_delay_seconds.
|
|
129
|
+
* M-1 (2026-06-11): 22 → 24, binds has_protocol_caps (23) + protocol_caps (24). */
|
|
130
|
+
export const POLICY_PREVIEW_FIELD_COUNT = 24;
|
|
131
|
+
/**
|
|
132
|
+
* Phase 8 PEN-CROSS-1 (Council ISC-141): SHA-256 of the Borsh-encoded
|
|
133
|
+
* empty `Vec<(Pubkey, u8)>` — i.e. SHA-256 of [0x00, 0x00, 0x00, 0x00].
|
|
134
|
+
* Deterministic; pinned across Rust (`policy_digest.rs::EMPTY_AGENT_SET_HASH`)
|
|
135
|
+
* and TypeScript (this constant). Used by `computePolicyPreviewDigest`
|
|
136
|
+
* when the caller omits `agentSetHash` (legacy fixture path).
|
|
137
|
+
*/
|
|
138
|
+
export const EMPTY_AGENT_SET_HASH = (() => {
|
|
139
|
+
const empty = new Uint8Array(4); // u32 LE length prefix = 0
|
|
140
|
+
return sha256(empty);
|
|
141
|
+
})();
|
|
142
|
+
/**
|
|
143
|
+
* Compute the canonical `agent_set_hash` from a list of agents. SHA-256
|
|
144
|
+
* over Borsh of `Vec<(Pubkey, u8 capability)>` sorted by pubkey ascending.
|
|
145
|
+
* Mirrors `policy_digest.rs::compute_agent_set_hash` byte-for-byte.
|
|
146
|
+
*
|
|
147
|
+
* Pass the result into `computePolicyPreviewDigest({ ...fields, agentSetHash })`.
|
|
148
|
+
*
|
|
149
|
+
* @throws if any pubkey doesn't base58-decode to 32 bytes
|
|
150
|
+
*/
|
|
151
|
+
export function computeAgentSetHash(agents) {
|
|
152
|
+
// Decode + project to (rawBytes, capability) tuples.
|
|
153
|
+
const decoded = agents.map((a) => ({
|
|
154
|
+
raw: base58Decode(a.pubkey),
|
|
155
|
+
capability: a.capability & 0xff,
|
|
156
|
+
}));
|
|
157
|
+
// Sort by pubkey ascending — byte-wise lex order matches Solana's
|
|
158
|
+
// `Pubkey::cmp` (just a [u8;32] comparison).
|
|
159
|
+
decoded.sort((a, b) => {
|
|
160
|
+
for (let i = 0; i < 32; i++) {
|
|
161
|
+
if (a.raw[i] < b.raw[i])
|
|
162
|
+
return -1;
|
|
163
|
+
if (a.raw[i] > b.raw[i])
|
|
164
|
+
return 1;
|
|
165
|
+
}
|
|
166
|
+
return 0;
|
|
167
|
+
});
|
|
168
|
+
// Borsh encode: u32 LE length prefix + each (Pubkey: 32 bytes, capability: 1 byte).
|
|
169
|
+
// Per-entry size = 33 bytes; total = 4 + decoded.length * 33.
|
|
170
|
+
const buf = new Uint8Array(4 + decoded.length * 33);
|
|
171
|
+
new DataView(buf.buffer, buf.byteOffset, 4).setUint32(0, decoded.length, true);
|
|
172
|
+
let off = 4;
|
|
173
|
+
for (const e of decoded) {
|
|
174
|
+
buf.set(e.raw, off);
|
|
175
|
+
off += 32;
|
|
176
|
+
buf[off++] = e.capability;
|
|
177
|
+
}
|
|
178
|
+
return sha256(buf);
|
|
179
|
+
}
|
|
180
|
+
/**
|
|
181
|
+
* Fixed-width byte cost per canonical field. Variable parts (the
|
|
182
|
+
* per-element 32-byte pubkey appendages of protocols and
|
|
183
|
+
* allowed_destinations) are NOT included — those are accounted for
|
|
184
|
+
* separately at encode time. Indices map 1:1 to the canonical fields
|
|
185
|
+
* listed in the module header.
|
|
186
|
+
*/
|
|
187
|
+
const PER_FIELD_FIXED_SIZES = [
|
|
188
|
+
8, // 1. daily_spending_cap_usd (u64 LE)
|
|
189
|
+
8, // 2. max_transaction_size_usd (u64 LE)
|
|
190
|
+
2, // 3. max_slippage_bps (u16 LE)
|
|
191
|
+
2, // 4. developer_fee_rate (u16 LE) PEN-CROSS-6
|
|
192
|
+
1, // 5. protocol_mode (u8)
|
|
193
|
+
4, // 6. protocols (u32 LE length prefix; pubkeys variable)
|
|
194
|
+
1, // 7. destination_mode (u8)
|
|
195
|
+
4, // 8. allowed_destinations (u32 LE length prefix; pubkeys variable)
|
|
196
|
+
8, // 9. timelock_duration (u64 LE)
|
|
197
|
+
8, // 10. session_expiry_seconds (u64 LE)
|
|
198
|
+
1, // 11. observe_only (bool as u8)
|
|
199
|
+
// M1-04: field 12 has_constraints REMOVED (digest-version bump); renumbered below.
|
|
200
|
+
1, // 12. has_post_assertions (u8)
|
|
201
|
+
8, // 13. created_at_slot (u64 LE) PEN-CROSS-2
|
|
202
|
+
4, // 14. operating_hours (u32 LE) TA-05
|
|
203
|
+
1, // 15. auto_promote_grays (bool as u8) TA-07
|
|
204
|
+
1, // 16. auto_revoke_threshold (u8) TA-17
|
|
205
|
+
8, // 17. stable_balance_floor (u64 LE) TA-12
|
|
206
|
+
8, // 18. per_recipient_daily_cap_usd (u64 LE) TA-14
|
|
207
|
+
1, // 19. cosign_required (bool as u8) G6
|
|
208
|
+
32, // 20. agent_set_hash ([u8;32]) Phase 8 PEN-CROSS-1
|
|
209
|
+
32, // 21. cosign_session_pubkey (Pubkey) D-5 (audit 2026-05-19, F-RP3-1)
|
|
210
|
+
8, // 22. operator_grant_delay_seconds (u64 LE) F-Q6 (2026-06-02)
|
|
211
|
+
1, // 23. has_protocol_caps (bool as u8) M-1 (2026-06-11)
|
|
212
|
+
4, // 24. protocol_caps (u32 LE length prefix; u64 caps variable) M-1
|
|
213
|
+
];
|
|
214
|
+
/** Derived sum — must match the encoder's `fixedSize` exactly. */
|
|
215
|
+
const EXPECTED_FIXED_SIZE = PER_FIELD_FIXED_SIZES.reduce((a, b) => a + b, 0);
|
|
216
|
+
// Module-load assertion: enforce that PER_FIELD_FIXED_SIZES.length and
|
|
217
|
+
// POLICY_PREVIEW_FIELD_COUNT diverge → throw at import time. Catches a
|
|
218
|
+
// developer who bumps the count without updating the table (or vice
|
|
219
|
+
// versa). Cheap one-time cost, runs once per process.
|
|
220
|
+
(function assert_field_count_in_lockstep() {
|
|
221
|
+
if (PER_FIELD_FIXED_SIZES.length !== POLICY_PREVIEW_FIELD_COUNT) {
|
|
222
|
+
throw new Error(`§RP-2 L-NEW-1 (TA-19 ratchet): PER_FIELD_FIXED_SIZES.length=${PER_FIELD_FIXED_SIZES.length} ` +
|
|
223
|
+
`diverges from POLICY_PREVIEW_FIELD_COUNT=${POLICY_PREVIEW_FIELD_COUNT}. ` +
|
|
224
|
+
"Either add the missing field's byte cost to PER_FIELD_FIXED_SIZES, " +
|
|
225
|
+
"or update POLICY_PREVIEW_FIELD_COUNT, in the SAME commit. " +
|
|
226
|
+
"Silent diverge would bypass TA-19 (PEN-7 class).");
|
|
227
|
+
}
|
|
228
|
+
})();
|
|
229
|
+
// ── Encoders ─────────────────────────────────────────────────────────────────
|
|
230
|
+
//
|
|
231
|
+
// Cursor writers (writeU8 / writeU16Le / writeU32Le / writeU64Le / writeBool)
|
|
232
|
+
// now live in `../canonical-encode.ts` and are imported at the top of this
|
|
233
|
+
// file. The hand-rolled versions previously here were byte-identical.
|
|
234
|
+
/**
|
|
235
|
+
* Compute the canonical SHA-256 of the policy preview fields.
|
|
236
|
+
*
|
|
237
|
+
* Returns a 32-byte Uint8Array. Identical to the on-chain helper
|
|
238
|
+
* `compute_policy_preview_digest` for the same input.
|
|
239
|
+
*
|
|
240
|
+
* @throws if any pubkey doesn't base58-decode to exactly 32 bytes
|
|
241
|
+
* @throws if a u64 is negative or out of range
|
|
242
|
+
*/
|
|
243
|
+
export function computePolicyPreviewDigest(fields) {
|
|
244
|
+
// Pre-size: 8+8+2+1 + 4+32*10 + 1 + 4+32*10 + 8+8+1+1+1 = ~684 bytes worst case
|
|
245
|
+
const protocols = fields.protocols;
|
|
246
|
+
const dests = fields.allowedDestinations;
|
|
247
|
+
// Decode pubkeys first so any error surfaces with a useful message before
|
|
248
|
+
// we start the hash walk.
|
|
249
|
+
const protoBytes = protocols.map((p) => base58Decode(p));
|
|
250
|
+
const destBytes = dests.map((p) => base58Decode(p));
|
|
251
|
+
// §RP-2 L-NEW-1: fixedSize is now derived from the PER_FIELD_FIXED_SIZES
|
|
252
|
+
// table above (must equal POLICY_PREVIEW_FIELD_COUNT entries). The inline
|
|
253
|
+
// "8 + 8 + ..." literal was the original hand-summed form — a 21st-field
|
|
254
|
+
// bug would silently bypass it. The table-driven form forces the
|
|
255
|
+
// developer to update both the table AND the encoder body when adding
|
|
256
|
+
// a field (the offset assertion at the bottom catches the inconsistency).
|
|
257
|
+
const fixedSize = EXPECTED_FIXED_SIZE;
|
|
258
|
+
// M-1 (2026-06-11): + each protocol_cap (u64 = 8 bytes); the u32 length
|
|
259
|
+
// prefix is already counted in PER_FIELD_FIXED_SIZES (field 24 = 4).
|
|
260
|
+
const variableSize = protoBytes.length * 32 +
|
|
261
|
+
destBytes.length * 32 +
|
|
262
|
+
(fields.protocolCaps?.length ?? 0) * 8;
|
|
263
|
+
const buf = new Uint8Array(fixedSize + variableSize);
|
|
264
|
+
const view = new DataView(buf.buffer, buf.byteOffset, buf.byteLength);
|
|
265
|
+
let off = 0;
|
|
266
|
+
off = writeU64Le(view, off, fields.dailySpendingCapUsd);
|
|
267
|
+
off = writeU64Le(view, off, fields.maxTransactionSizeUsd);
|
|
268
|
+
off = writeU16Le(view, off, fields.maxSlippageBps);
|
|
269
|
+
// PEN-CROSS-6: developer_fee_rate at position 4 of canonical encoding.
|
|
270
|
+
off = writeU16Le(view, off, fields.developerFeeRate);
|
|
271
|
+
buf[off++] = fields.protocolMode;
|
|
272
|
+
off = writeU32Le(view, off, protoBytes.length);
|
|
273
|
+
for (const pk of protoBytes) {
|
|
274
|
+
buf.set(pk, off);
|
|
275
|
+
off += 32;
|
|
276
|
+
}
|
|
277
|
+
buf[off++] = fields.destinationMode;
|
|
278
|
+
off = writeU32Le(view, off, destBytes.length);
|
|
279
|
+
for (const pk of destBytes) {
|
|
280
|
+
buf.set(pk, off);
|
|
281
|
+
off += 32;
|
|
282
|
+
}
|
|
283
|
+
off = writeU64Le(view, off, fields.timelockDuration);
|
|
284
|
+
off = writeU64Le(view, off, fields.sessionExpirySeconds);
|
|
285
|
+
buf[off++] = fields.observeOnly ? 1 : 0;
|
|
286
|
+
// M1-04: has_constraints byte removed (digest-version bump).
|
|
287
|
+
buf[off++] = fields.hasPostAssertions;
|
|
288
|
+
// PEN-CROSS-2: created_at_slot at position 13 of canonical encoding.
|
|
289
|
+
off = writeU64Le(view, off, fields.createdAtSlot);
|
|
290
|
+
// TA-05 (Phase 3): operating_hours at position 14 of canonical encoding.
|
|
291
|
+
// Default 0 when omitted by legacy callers; production SDK consumers
|
|
292
|
+
// should pass 0xFFFFFF explicitly via `initializeVault`/`queuePolicyUpdate`.
|
|
293
|
+
off = writeU32Le(view, off, fields.operatingHours ?? 0);
|
|
294
|
+
// TA-07 (Phase 3): auto_promote_grays at position 15.
|
|
295
|
+
buf[off++] = fields.autoPromoteGrays ? 1 : 0;
|
|
296
|
+
// TA-17 (Phase 3): auto_revoke_threshold at position 16.
|
|
297
|
+
buf[off++] = fields.autoRevokeThreshold ?? 0;
|
|
298
|
+
// TA-12 (Phase 5): stable_balance_floor at position 17.
|
|
299
|
+
off = writeU64Le(view, off, fields.stableBalanceFloor ?? 0n);
|
|
300
|
+
// TA-14 (Phase 5): per_recipient_daily_cap_usd at position 18.
|
|
301
|
+
off = writeU64Le(view, off, fields.perRecipientDailyCapUsd ?? 0n);
|
|
302
|
+
// G6 (audit 2026-05-18 cosign opt-in): cosign_required at position 19.
|
|
303
|
+
buf[off++] = fields.cosignRequired ? 1 : 0;
|
|
304
|
+
// Phase 8 PEN-CROSS-1: agent_set_hash at position 20. Default
|
|
305
|
+
// EMPTY_AGENT_SET_HASH so legacy callers (no agents) continue to
|
|
306
|
+
// produce a canonical digest without explicit setup.
|
|
307
|
+
const agentSetHash = fields.agentSetHash ?? EMPTY_AGENT_SET_HASH;
|
|
308
|
+
if (agentSetHash.length !== 32) {
|
|
309
|
+
throw new Error(`agentSetHash must be exactly 32 bytes, got ${agentSetHash.length}`);
|
|
310
|
+
}
|
|
311
|
+
buf.set(agentSetHash, off);
|
|
312
|
+
off += 32;
|
|
313
|
+
// D-5 (audit 2026-05-19, F-RP3-1): cosign_session_pubkey at position
|
|
314
|
+
// 22. Default `Pubkey::default()` (32 zero bytes) so legacy callers
|
|
315
|
+
// that don't opt into the reactivate-cosign gate continue to produce
|
|
316
|
+
// the canonical digest. Owner opt-in passes a base58 string OR a
|
|
317
|
+
// 32-byte Uint8Array; the encoder normalises both into the canonical
|
|
318
|
+
// 32-byte buffer.
|
|
319
|
+
const cosignSessionRaw = fields.cosignSessionPubkey;
|
|
320
|
+
let cosignSessionBytes;
|
|
321
|
+
if (cosignSessionRaw === undefined) {
|
|
322
|
+
cosignSessionBytes = new Uint8Array(32); // Pubkey::default()
|
|
323
|
+
}
|
|
324
|
+
else if (cosignSessionRaw instanceof Uint8Array) {
|
|
325
|
+
cosignSessionBytes = cosignSessionRaw;
|
|
326
|
+
}
|
|
327
|
+
else {
|
|
328
|
+
cosignSessionBytes = base58Decode(cosignSessionRaw);
|
|
329
|
+
}
|
|
330
|
+
if (cosignSessionBytes.length !== 32) {
|
|
331
|
+
throw new Error(`cosignSessionPubkey must decode to exactly 32 bytes, got ${cosignSessionBytes.length}`);
|
|
332
|
+
}
|
|
333
|
+
buf.set(cosignSessionBytes, off);
|
|
334
|
+
off += 32;
|
|
335
|
+
// F-Q6 (2026-06-02): operator_grant_delay_seconds at position 22 (u64 LE).
|
|
336
|
+
// Default 0n so legacy callers that don't configure a delay continue to
|
|
337
|
+
// produce the canonical digest. Owner opts in via queue_policy_update.
|
|
338
|
+
off = writeU64Le(view, off, fields.operatorGrantDelaySeconds ?? 0n);
|
|
339
|
+
// 23. has_protocol_caps: bool as u8 — M-1 (2026-06-11). Parity with the Rust
|
|
340
|
+
// encoder + the cosign digest (position 8).
|
|
341
|
+
buf[off++] = fields.hasProtocolCaps ? 1 : 0;
|
|
342
|
+
// 24. protocol_caps: u32 LE length prefix ++ each cap u64 LE — M-1, parity with
|
|
343
|
+
// the `protocols` Vec pattern above + the cosign digest (position 9).
|
|
344
|
+
const protocolCaps = fields.protocolCaps ?? [];
|
|
345
|
+
off = writeU32Le(view, off, protocolCaps.length);
|
|
346
|
+
for (const cap of protocolCaps) {
|
|
347
|
+
off = writeU64Le(view, off, cap);
|
|
348
|
+
}
|
|
349
|
+
// §RP-2 L-NEW-1 forward-looking ratchet: the encoder MUST write
|
|
350
|
+
// exactly `fixedSize + variableSize` bytes. `fixedSize` is now
|
|
351
|
+
// derived from the PER_FIELD_FIXED_SIZES table (which is asserted
|
|
352
|
+
// at module load to be 1:1 with POLICY_PREVIEW_FIELD_COUNT). A
|
|
353
|
+
// future engineer who adds a 21st field MUST update both the table
|
|
354
|
+
// AND the encoder body — if they update only the table (bumping
|
|
355
|
+
// EXPECTED_FIXED_SIZE) but forget to write the encoder line, this
|
|
356
|
+
// assertion fires with a clear mismatch. If they update only the
|
|
357
|
+
// encoder line, the SAME assertion fires (the buffer was too small
|
|
358
|
+
// and the OOB write at line `buf[off++] = ...` already threw).
|
|
359
|
+
if (off !== buf.length) {
|
|
360
|
+
throw new Error(`computePolicyPreviewDigest: encoded ${off} bytes, expected ${buf.length}. ` +
|
|
361
|
+
`If you added a field to PolicyPreviewFields, update PER_FIELD_FIXED_SIZES + ` +
|
|
362
|
+
`POLICY_PREVIEW_FIELD_COUNT AND write the encoder line in the SAME commit.`);
|
|
363
|
+
}
|
|
364
|
+
return sha256(buf);
|
|
365
|
+
}
|
|
366
|
+
/**
|
|
367
|
+
* Equivalent of `Buffer.equals` for two `Uint8Array` digests. Re-exported
|
|
368
|
+
* from `../canonical-encode.ts` (constant-time XOR-accumulate; no early
|
|
369
|
+
* exit) so callers that previously imported it from this module continue
|
|
370
|
+
* to work after Batch C.
|
|
371
|
+
*/
|
|
372
|
+
export const digestsEqual = canonicalDigestsEqual;
|
|
373
|
+
//# sourceMappingURL=compute-policy-preview-digest.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"compute-policy-preview-digest.js","sourceRoot":"","sources":["../../src/policy/compute-policy-preview-digest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+FG;AAGH,OAAO,EACL,cAAc,IAAI,YAAY,EAC9B,MAAM,EACN,UAAU,EACV,UAAU,EACV,UAAU,EACV,YAAY,IAAI,qBAAqB,GACtC,MAAM,wBAAwB,CAAC;AA6IhC,+EAA+E;AAC/E,uEAAuE;AACvE,uEAAuE;AACvE,uEAAuE;AACvE,sDAAsD;AAEtD,+EAA+E;AAC/E,EAAE;AACF,qEAAqE;AACrE,wEAAwE;AACxE,oEAAoE;AACpE,sEAAsE;AACtE,uEAAuE;AACvE,gEAAgE;AAChE,mEAAmE;AACnE,gDAAgD;AAChD,EAAE;AACF,sEAAsE;AACtE,sEAAsE;AACtE,+DAA+D;AAC/D,oEAAoE;AACpE,kEAAkE;AAClE,8DAA8D;AAC9D,EAAE;AACF,8DAA8D;AAC9D,mEAAmE;AACnE,oEAAoE;AACpE,qEAAqE;AACrE,QAAQ;AAER;;;oFAGoF;AACpF,MAAM,CAAC,MAAM,0BAA0B,GAAG,EAAE,CAAC;AAE7C;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAe,CAAC,GAAG,EAAE;IACpD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAC5D,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACvB,CAAC,CAAC,EAAE,CAAC;AAEL;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAuE;IAEvE,qDAAqD;IACrD,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACjC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAC,MAAgB,CAAC;QACrC,UAAU,EAAE,CAAC,CAAC,UAAU,GAAG,IAAI;KAChC,CAAC,CAAC,CAAC;IACJ,kEAAkE;IAClE,6CAA6C;IAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAE;gBAAE,OAAO,CAAC,CAAC,CAAC;YACrC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAE;gBAAE,OAAO,CAAC,CAAC;QACtC,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;IACH,oFAAoF;IACpF,8DAA8D;IAC9D,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACpD,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,SAAS,CACnD,CAAC,EACD,OAAO,CAAC,MAAM,EACd,IAAI,CACL,CAAC;IACF,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACpB,GAAG,IAAI,EAAE,CAAC;QACV,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC;IAC5B,CAAC;IACD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,qBAAqB,GAAG;IAC5B,CAAC,EAAE,4CAA4C;IAC/C,CAAC,EAAE,4CAA4C;IAC/C,CAAC,EAAE,4CAA4C;IAC/C,CAAC,EAAE,yDAAyD;IAC5D,CAAC,EAAE,wCAAwC;IAC3C,CAAC,EAAE,4EAA4E;IAC/E,CAAC,EAAE,wCAAwC;IAC3C,CAAC,EAAE,4EAA4E;IAC/E,CAAC,EAAE,4CAA4C;IAC/C,CAAC,EAAE,4CAA4C;IAC/C,CAAC,EAAE,gDAAgD;IACnD,mFAAmF;IACnF,CAAC,EAAE,wCAAwC;IAC3C,CAAC,EAAE,wDAAwD;IAC3D,CAAC,EAAE,kDAAkD;IACrD,CAAC,EAAE,sDAAsD;IACzD,CAAC,EAAE,8CAA8C;IACjD,CAAC,EAAE,kDAAkD;IACrD,CAAC,EAAE,kDAAkD;IACrD,CAAC,EAAE,mDAAmD;IACtD,EAAE,EAAE,gEAAgE;IACpE,EAAE,EAAE,4EAA4E;IAChF,CAAC,EAAE,+DAA+D;IAClE,CAAC,EAAE,kEAAkE;IACrE,CAAC,EAAE,kFAAkF;CAC7E,CAAC;AAEX,kEAAkE;AAClE,MAAM,mBAAmB,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AAE7E,uEAAuE;AACvE,uEAAuE;AACvE,oEAAoE;AACpE,sDAAsD;AACtD,CAAC,SAAS,8BAA8B;IACtC,IAAI,qBAAqB,CAAC,MAAM,KAAK,0BAA0B,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CACb,+DAA+D,qBAAqB,CAAC,MAAM,GAAG;YAC5F,4CAA4C,0BAA0B,IAAI;YAC1E,qEAAqE;YACrE,4DAA4D;YAC5D,kDAAkD,CACrD,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,EAAE,CAAC;AAEL,gFAAgF;AAChF,EAAE;AACF,8EAA8E;AAC9E,2EAA2E;AAC3E,sEAAsE;AAEtE;;;;;;;;GAQG;AACH,MAAM,UAAU,0BAA0B,CACxC,MAA2B;IAE3B,gFAAgF;IAChF,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;IACnC,MAAM,KAAK,GAAG,MAAM,CAAC,mBAAmB,CAAC;IACzC,0EAA0E;IAC1E,0BAA0B;IAC1B,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAW,CAAC,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAW,CAAC,CAAC,CAAC;IAE9D,yEAAyE;IACzE,0EAA0E;IAC1E,yEAAyE;IACzE,iEAAiE;IACjE,sEAAsE;IACtE,0EAA0E;IAC1E,MAAM,SAAS,GAAG,mBAAmB,CAAC;IACtC,wEAAwE;IACxE,qEAAqE;IACrE,MAAM,YAAY,GAChB,UAAU,CAAC,MAAM,GAAG,EAAE;QACtB,SAAS,CAAC,MAAM,GAAG,EAAE;QACrB,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,SAAS,GAAG,YAAY,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;IAEtE,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,mBAAmB,CAAC,CAAC;IACxD,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC1D,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IACnD,uEAAuE;IACvE,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACrD,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,YAAY,CAAC;IACjC,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;IAC/C,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;QAC5B,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACjB,GAAG,IAAI,EAAE,CAAC;IACZ,CAAC;IACD,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,eAAe,CAAC;IACpC,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAC9C,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;QAC3B,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACjB,GAAG,IAAI,EAAE,CAAC;IACZ,CAAC;IACD,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACrD,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACzD,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,6DAA6D;IAC7D,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,iBAAiB,CAAC;IACtC,qEAAqE;IACrE,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IAClD,yEAAyE;IACzE,qEAAqE;IACrE,6EAA6E;IAC7E,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,cAAc,IAAI,CAAC,CAAC,CAAC;IACxD,sDAAsD;IACtD,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7C,yDAAyD;IACzD,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,mBAAmB,IAAI,CAAC,CAAC;IAC7C,wDAAwD;IACxD,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC;IAC7D,+DAA+D;IAC/D,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,uBAAuB,IAAI,EAAE,CAAC,CAAC;IAClE,uEAAuE;IACvE,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,8DAA8D;IAC9D,iEAAiE;IACjE,qDAAqD;IACrD,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,oBAAoB,CAAC;IACjE,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CACb,8CAA8C,YAAY,CAAC,MAAM,EAAE,CACpE,CAAC;IACJ,CAAC;IACD,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IAC3B,GAAG,IAAI,EAAE,CAAC;IACV,qEAAqE;IACrE,oEAAoE;IACpE,qEAAqE;IACrE,iEAAiE;IACjE,qEAAqE;IACrE,kBAAkB;IAClB,MAAM,gBAAgB,GAAG,MAAM,CAAC,mBAAmB,CAAC;IACpD,IAAI,kBAA8B,CAAC;IACnC,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,kBAAkB,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,oBAAoB;IAC/D,CAAC;SAAM,IAAI,gBAAgB,YAAY,UAAU,EAAE,CAAC;QAClD,kBAAkB,GAAG,gBAAgB,CAAC;IACxC,CAAC;SAAM,CAAC;QACN,kBAAkB,GAAG,YAAY,CAAC,gBAA0B,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,kBAAkB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,4DAA4D,kBAAkB,CAAC,MAAM,EAAE,CACxF,CAAC;IACJ,CAAC;IACD,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;IACjC,GAAG,IAAI,EAAE,CAAC;IACV,2EAA2E;IAC3E,wEAAwE;IACxE,uEAAuE;IACvE,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;IACpE,6EAA6E;IAC7E,4CAA4C;IAC5C,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,gFAAgF;IAChF,sEAAsE;IACtE,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC;IAC/C,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;IACjD,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACnC,CAAC;IAED,gEAAgE;IAChE,+DAA+D;IAC/D,kEAAkE;IAClE,+DAA+D;IAC/D,mEAAmE;IACnE,gEAAgE;IAChE,kEAAkE;IAClE,iEAAiE;IACjE,mEAAmE;IACnE,+DAA+D;IAC/D,IAAI,GAAG,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,uCAAuC,GAAG,oBAAoB,GAAG,CAAC,MAAM,IAAI;YAC1E,8EAA8E;YAC9E,2EAA2E,CAC9E,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,qBAAqB,CAAC"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Policy attestation reader — Phase 9 Batch E (ISC-19..21).
|
|
3
|
+
*
|
|
4
|
+
* `getLatestPolicyAttestation` resolves the current on-chain PolicyConfig
|
|
5
|
+
* for a vault and returns the decoded view. Sigil's "attestation" model:
|
|
6
|
+
* every policy mutation runs through `queue_policy_update` →
|
|
7
|
+
* `apply_pending_policy` (the timelock-gated apply), and the resulting
|
|
8
|
+
* `PolicyConfig` PDA is the cryptographic attestation that "the owner
|
|
9
|
+
* approved these rules at timestamp T" — anchored by the `policy_version`
|
|
10
|
+
* monotonic counter + the canonical `policy_preview_digest` field (TA-19).
|
|
11
|
+
*
|
|
12
|
+
* Returns the current policy state. Callers that need to inspect a
|
|
13
|
+
* pending-but-not-yet-applied policy should call
|
|
14
|
+
* `fetchPendingPolicyUpdate` separately (different PDA, different
|
|
15
|
+
* decoder; not exported here because pending state isn't an attestation
|
|
16
|
+
* — it's a proposal).
|
|
17
|
+
*/
|
|
18
|
+
import type { Rpc, SolanaRpcApi } from "@solana/kit";
|
|
19
|
+
import type { Address } from "./kit-adapter.js";
|
|
20
|
+
import { type PolicyConfig } from "./generated/accounts/policyConfig.js";
|
|
21
|
+
/**
|
|
22
|
+
* Result shape of {@link getLatestPolicyAttestation}.
|
|
23
|
+
*
|
|
24
|
+
* `attestation` is the decoded policy. `policyConfigPda` is the address
|
|
25
|
+
* we read from (caller can use it to deep-link to a dashboard view).
|
|
26
|
+
* `policyVersion` is hoisted from `attestation.policyVersion` for
|
|
27
|
+
* convenience — it's the field UI surfaces always need.
|
|
28
|
+
*/
|
|
29
|
+
export interface PolicyAttestation {
|
|
30
|
+
attestation: PolicyConfig;
|
|
31
|
+
policyConfigPda: Address;
|
|
32
|
+
policyVersion: number | bigint;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Fetch + decode the live `PolicyConfig` PDA for a vault.
|
|
36
|
+
*
|
|
37
|
+
* @example
|
|
38
|
+
* ```ts
|
|
39
|
+
* const result = await getLatestPolicyAttestation(rpc, policyConfigPda);
|
|
40
|
+
* console.log(
|
|
41
|
+
* `Vault is on policy version ${result.policyVersion} ` +
|
|
42
|
+
* `with daily cap $${result.attestation.dailySpendingCapUsd / 1_000_000n}.`,
|
|
43
|
+
* );
|
|
44
|
+
* ```
|
|
45
|
+
*
|
|
46
|
+
* @throws if the PDA does not exist (vault not initialized) — caller is
|
|
47
|
+
* responsible for surfacing the `policy-not-found` UX. Kit's RPC layer
|
|
48
|
+
* throws via `@solana/kit`'s `fetchEncodedAccount`-style error.
|
|
49
|
+
*/
|
|
50
|
+
export declare function getLatestPolicyAttestation(rpc: Rpc<SolanaRpcApi>, policyConfigPda: Address): Promise<PolicyAttestation>;
|
|
51
|
+
//# sourceMappingURL=policy-attestation.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy-attestation.d.ts","sourceRoot":"","sources":["../src/policy-attestation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAEL,KAAK,YAAY,EAClB,MAAM,sCAAsC,CAAC;AAE9C;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,YAAY,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,aAAa,EAAE,MAAM,GAAG,MAAM,CAAC;CAChC;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,0BAA0B,CAC9C,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,EACtB,eAAe,EAAE,OAAO,GACvB,OAAO,CAAC,iBAAiB,CAAC,CAO5B"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Policy attestation reader — Phase 9 Batch E (ISC-19..21).
|
|
3
|
+
*
|
|
4
|
+
* `getLatestPolicyAttestation` resolves the current on-chain PolicyConfig
|
|
5
|
+
* for a vault and returns the decoded view. Sigil's "attestation" model:
|
|
6
|
+
* every policy mutation runs through `queue_policy_update` →
|
|
7
|
+
* `apply_pending_policy` (the timelock-gated apply), and the resulting
|
|
8
|
+
* `PolicyConfig` PDA is the cryptographic attestation that "the owner
|
|
9
|
+
* approved these rules at timestamp T" — anchored by the `policy_version`
|
|
10
|
+
* monotonic counter + the canonical `policy_preview_digest` field (TA-19).
|
|
11
|
+
*
|
|
12
|
+
* Returns the current policy state. Callers that need to inspect a
|
|
13
|
+
* pending-but-not-yet-applied policy should call
|
|
14
|
+
* `fetchPendingPolicyUpdate` separately (different PDA, different
|
|
15
|
+
* decoder; not exported here because pending state isn't an attestation
|
|
16
|
+
* — it's a proposal).
|
|
17
|
+
*/
|
|
18
|
+
import { fetchPolicyConfig, } from "./generated/accounts/policyConfig.js";
|
|
19
|
+
/**
|
|
20
|
+
* Fetch + decode the live `PolicyConfig` PDA for a vault.
|
|
21
|
+
*
|
|
22
|
+
* @example
|
|
23
|
+
* ```ts
|
|
24
|
+
* const result = await getLatestPolicyAttestation(rpc, policyConfigPda);
|
|
25
|
+
* console.log(
|
|
26
|
+
* `Vault is on policy version ${result.policyVersion} ` +
|
|
27
|
+
* `with daily cap $${result.attestation.dailySpendingCapUsd / 1_000_000n}.`,
|
|
28
|
+
* );
|
|
29
|
+
* ```
|
|
30
|
+
*
|
|
31
|
+
* @throws if the PDA does not exist (vault not initialized) — caller is
|
|
32
|
+
* responsible for surfacing the `policy-not-found` UX. Kit's RPC layer
|
|
33
|
+
* throws via `@solana/kit`'s `fetchEncodedAccount`-style error.
|
|
34
|
+
*/
|
|
35
|
+
export async function getLatestPolicyAttestation(rpc, policyConfigPda) {
|
|
36
|
+
const account = await fetchPolicyConfig(rpc, policyConfigPda);
|
|
37
|
+
return {
|
|
38
|
+
attestation: account.data,
|
|
39
|
+
policyConfigPda,
|
|
40
|
+
policyVersion: account.data.policyVersion,
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
//# sourceMappingURL=policy-attestation.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy-attestation.js","sourceRoot":"","sources":["../src/policy-attestation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EACL,iBAAiB,GAElB,MAAM,sCAAsC,CAAC;AAgB9C;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,GAAsB,EACtB,eAAwB;IAExB,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAC9D,OAAO;QACL,WAAW,EAAE,OAAO,CAAC,IAAI;QACzB,eAAe;QACf,aAAa,EAAE,OAAO,CAAC,IAAI,CAAC,aAAa;KAC1C,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"preview-create-vault.d.ts","sourceRoot":"","sources":["../src/preview-create-vault.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,6BAA6B,EAC7B,kBAAkB,EAClB,GAAG,EACH,YAAY,EACb,MAAM,kBAAkB,CAAC;AAW1B,OAAO,EAQL,KAAK,OAAO,EACZ,KAAK,YAAY,EAClB,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"preview-create-vault.d.ts","sourceRoot":"","sources":["../src/preview-create-vault.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,6BAA6B,EAC7B,kBAAkB,EAClB,GAAG,EACH,YAAY,EACb,MAAM,kBAAkB,CAAC;AAW1B,OAAO,EAQL,KAAK,OAAO,EACZ,KAAK,YAAY,EAClB,MAAM,YAAY,CAAC;AA+FpB;;;;GAIG;AACH,MAAM,MAAM,YAAY,GACpB,YAAY,GACZ,cAAc,GACd,cAAc,GACd,mBAAmB,CAAC;AAExB;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,YAAY,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY;IACjE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IACjB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,MAAM,cAAc,GACtB;IACE,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC;CAC/B,GACD;IACE,QAAQ,CAAC,IAAI,EAAE,0BAA0B,CAAC;IAC1C,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC;IAC9B,iDAAiD;IACjD,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;CACjC,GACD;IACE,QAAQ,CAAC,IAAI,EAAE,uBAAuB,CAAC;IACvC,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;CAC7B,GACD;IACE,QAAQ,CAAC,IAAI,EAAE,0BAA0B,CAAC;IAC1C,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC;IAC/B,wDAAwD;IACxD,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;CACjC,CAAC;AAEN;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,SAAS;QACzB,YAAY,CAAC,YAAY,CAAC;QAC1B,YAAY,CAAC,cAAc,CAAC;QAC5B,YAAY,CAAC,cAAc,CAAC;QAC5B,YAAY,CAAC,mBAAmB,CAAC;KAClC,CAAC;IACF,mFAAmF;IACnF,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,mFAAmF;IACnF,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,wFAAwF;IACxF,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,qFAAqF;IACrF,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,oEAAoE;IACpE,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,eAAe,EAAE,kBAAkB,CAAC;IAC7C,wFAAwF;IACxF,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B;;;;;;OAMG;IACH,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IACtC,6EAA6E;IAC7E,QAAQ,CAAC,QAAQ,CAAC,EAAE,SAAS,cAAc,EAAE,CAAC;CAC/C;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,wBAAwB;IACvC,0DAA0D;IAC1D,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC;IAChC,8DAA8D;IAC9D,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,2EAA2E;IAC3E,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;IAC/B,yDAAyD;IACzD,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAC/B,8DAA8D;IAC9D,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,gFAAgF;IAChF,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,8CAA8C;IAC9C,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,iDAAiD;IACjD,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,8EAA8E;IAC9E,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,2DAA2D;IAC3D,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,4EAA4E;IAC5E,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,yEAAyE;IACzE,QAAQ,CAAC,YAAY,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACjC,oEAAoE;IACpE,QAAQ,CAAC,SAAS,EAAE,SAAS,OAAO,EAAE,CAAC;IACvC,mFAAmF;IACnF,QAAQ,CAAC,YAAY,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC,0DAA0D;IAC1D,QAAQ,CAAC,mBAAmB,EAAE,SAAS,OAAO,EAAE,CAAC;IACjD,qEAAqE;IACrE,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;IACjC,iFAAiF;IACjF,QAAQ,CAAC,cAAc,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;IACvC;;;OAGG;IACH,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,QAAQ,CAAC,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAC3C,oEAAoE;IACpE,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,oBAAoB,EAAE,MAAM,CAAA;KAAE,CAAC;IACzE;;;;;;OAMG;IACH,QAAQ,CAAC,mBAAmB,CAAC,EAAE,6BAA6B,CAAC;CAC9D;AAID;;;;;;;;;;;GAWG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,wBAAwB,GAC/B,OAAO,CAAC,kBAAkB,CAAC,CA2K7B;AAkUD;;;GAGG;AACH,YAAY,EAAE,OAAO,EAAE,CAAC"}
|
|
@@ -57,36 +57,57 @@ import { SigilSdkDomainError } from "./errors/sdk.js";
|
|
|
57
57
|
import { SIGIL_ERROR__SDK__INVALID_PARAMS } from "./errors/codes.js";
|
|
58
58
|
// ─── On-chain account sizes (verified against programs/sigil/src/state/*.rs) ─
|
|
59
59
|
/**
|
|
60
|
-
* `AgentVault::SIZE` from `programs/sigil/src/state/vault.rs`.
|
|
60
|
+
* `AgentVault::SIZE` from `programs/sigil/src/state/vault.rs:135-152`.
|
|
61
61
|
* Layout: 8 disc + 32 owner + 8 vault_id + 4 vec_prefix + (49 * 10) agents
|
|
62
62
|
* + 32 fee_destination + 1 status + 1 bump + 8 created_at
|
|
63
|
-
* + 8 total_transactions + 8 total_volume
|
|
63
|
+
* + 8 total_transactions + 8 total_volume
|
|
64
64
|
* + 8 total_fees_collected + 8 total_deposited_usd + 8 total_withdrawn_usd
|
|
65
|
-
* + 8 total_failed_transactions + 1 active_sessions
|
|
65
|
+
* + 8 total_failed_transactions + 1 active_sessions
|
|
66
|
+
* + 1 observe_only [Phase 2 TA-19] + 8 frozen_at_timestamp + 1 freeze_reason
|
|
67
|
+
* + 1 owner_type [F-Q6] + 32 vault_authority [Phase 8 LBL-01] = 676.
|
|
68
|
+
* (Was 634 — stale: it predated the Phase-8 fields frozen_at_timestamp +
|
|
69
|
+
* freeze_reason + vault_authority (+41) and F-Q6 owner_type (+1); corrected
|
|
70
|
+
* to the rent-exact 676 here.)
|
|
66
71
|
*/
|
|
67
|
-
const AGENT_VAULT_SIZE =
|
|
72
|
+
const AGENT_VAULT_SIZE = 676;
|
|
68
73
|
/**
|
|
69
|
-
* `PolicyConfig::SIZE` from `programs/sigil/src/state/policy.rs`.
|
|
74
|
+
* `PolicyConfig::SIZE` from `programs/sigil/src/state/policy.rs:323-350`.
|
|
70
75
|
* Layout: 8 disc + 32 vault + 8 daily_cap + 8 max_tx + 1 protocol_mode
|
|
71
|
-
* + (4 + 32*10) protocols + 2 dev_fee + 2
|
|
72
|
-
* + (4 + 32*10) allowed_destinations
|
|
73
|
-
* + 1 has_pending_policy + 1 has_protocol_caps
|
|
76
|
+
* + (4 + 32*10) protocols + 2 dev_fee + 2 max_slippage_bps
|
|
77
|
+
* + 8 session_window + (4 + 32*10) allowed_destinations
|
|
78
|
+
* + 1 has_pending_policy + 1 has_protocol_caps [M1-04 removed has_constraints]
|
|
74
79
|
* + (4 + 8*10) protocol_caps + 8 session_expiry + 1 bump
|
|
75
|
-
* + 8 policy_version + 1 has_post_assertions
|
|
80
|
+
* + 8 policy_version + 1 has_post_assertions + 1 destination_mode
|
|
81
|
+
* + 32 policy_preview_digest [TA-19 Phase 2]
|
|
82
|
+
* + 8 created_at_slot [PEN-CROSS-2]
|
|
83
|
+
* + 4 operating_hours [TA-05 Phase 3]
|
|
84
|
+
* + (4 + 40*10) destination_graylist [TA-07 Phase 3]
|
|
85
|
+
* + 1 auto_promote_grays [TA-07] + 1 auto_revoke_threshold [TA-17]
|
|
86
|
+
* + 8 stable_balance_floor [TA-12 Phase 5]
|
|
87
|
+
* + 8 per_recipient_daily_cap_usd [TA-14 Phase 5]
|
|
88
|
+
* + 1 cosign_required [G6 audit 2026-05-18]
|
|
89
|
+
* + 32 cosign_session_pubkey [D-5 audit 2026-05-19, F-RP3-1]
|
|
90
|
+
* + 8 operator_grant_delay_seconds [F-Q6 2026-06-02] = 1,329.
|
|
91
|
+
* (Was 1,322 pre-F-Q6 — that value double-counted the M1-04-removed
|
|
92
|
+
* has_constraints byte; corrected to the rent-exact 1,329 here.)
|
|
76
93
|
*/
|
|
77
|
-
const POLICY_CONFIG_SIZE =
|
|
94
|
+
const POLICY_CONFIG_SIZE = 1_329;
|
|
78
95
|
/**
|
|
79
|
-
* `SpendTracker::SIZE` from `programs/sigil/src/state/tracker.rs`.
|
|
96
|
+
* `SpendTracker::SIZE` from `programs/sigil/src/state/tracker.rs:200-214`.
|
|
80
97
|
* Layout: 8 disc + 32 vault + (16 * 144) buckets + (48 * 10) protocol_counters
|
|
81
|
-
* + 8 last_write_epoch + 1 bump + 7 padding
|
|
98
|
+
* + 8 last_write_epoch + 1 bump + 7 padding
|
|
99
|
+
* + (48 * 10) per_recipient [TA-14 Phase 5]
|
|
100
|
+
* + 1 per_recipient_count + 7 _padding_recipient = 3,328.
|
|
82
101
|
*/
|
|
83
|
-
const SPEND_TRACKER_SIZE =
|
|
102
|
+
const SPEND_TRACKER_SIZE = 3_328;
|
|
84
103
|
/**
|
|
85
|
-
* `AgentSpendOverlay::SIZE` from `programs/sigil/src/state/agent_spend_overlay.rs`.
|
|
104
|
+
* `AgentSpendOverlay::SIZE` from `programs/sigil/src/state/agent_spend_overlay.rs:114-123`.
|
|
86
105
|
* Layout: 8 disc + 32 vault + (232 * 10) entries + 1 bump + 7 padding
|
|
87
|
-
* + (8 * 10) lifetime_spend + (8 * 10) lifetime_tx_count
|
|
106
|
+
* + (8 * 10) lifetime_spend + (8 * 10) lifetime_tx_count
|
|
107
|
+
* + (8 * 10) cooldown_seconds [TA-06 Phase 3]
|
|
108
|
+
* + (8 * 10) last_action_unix [TA-06 Phase 3] = 2,688.
|
|
88
109
|
*/
|
|
89
|
-
const AGENT_SPEND_OVERLAY_SIZE =
|
|
110
|
+
const AGENT_SPEND_OVERLAY_SIZE = 2_688;
|
|
90
111
|
/** Default priority fee when caller doesn't supply one. Conservative. */
|
|
91
112
|
const DEFAULT_PRIORITY_FEE_MICRO_LAMPORTS = 10_000;
|
|
92
113
|
/** `1_000_000_000` lamports per SOL. */
|