@usesigil/kit 0.16.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -0
- package/dist/advanced-analytics.d.ts +3 -2
- package/dist/advanced-analytics.d.ts.map +1 -1
- package/dist/advanced-analytics.js +9 -42
- package/dist/advanced-analytics.js.map +1 -1
- package/dist/agent-bootstrap.d.ts +1 -2
- package/dist/agent-bootstrap.d.ts.map +1 -1
- package/dist/agent-bootstrap.js.map +1 -1
- package/dist/agent-errors.d.ts +20 -4
- package/dist/agent-errors.d.ts.map +1 -1
- package/dist/agent-errors.js +864 -367
- package/dist/agent-errors.js.map +1 -1
- package/dist/audit-log.d.ts +101 -0
- package/dist/audit-log.d.ts.map +1 -0
- package/dist/audit-log.js +145 -0
- package/dist/audit-log.js.map +1 -0
- package/dist/caip2-network.d.ts +171 -0
- package/dist/caip2-network.d.ts.map +1 -0
- package/dist/caip2-network.js +202 -0
- package/dist/caip2-network.js.map +1 -0
- package/dist/canonical-encode.d.ts +59 -0
- package/dist/canonical-encode.d.ts.map +1 -0
- package/dist/canonical-encode.js +141 -0
- package/dist/canonical-encode.js.map +1 -0
- package/dist/cosign-helper.d.ts +264 -0
- package/dist/cosign-helper.d.ts.map +1 -0
- package/dist/cosign-helper.js +147 -0
- package/dist/cosign-helper.js.map +1 -0
- package/dist/create-vault.d.ts +92 -0
- package/dist/create-vault.d.ts.map +1 -1
- package/dist/create-vault.js +108 -7
- package/dist/create-vault.js.map +1 -1
- package/dist/dashboard/close-vault.d.ts +110 -0
- package/dist/dashboard/close-vault.d.ts.map +1 -0
- package/dist/dashboard/close-vault.js +165 -0
- package/dist/dashboard/close-vault.js.map +1 -0
- package/dist/dashboard/errors.d.ts +2 -2
- package/dist/dashboard/errors.d.ts.map +1 -1
- package/dist/dashboard/errors.js +11 -7
- package/dist/dashboard/errors.js.map +1 -1
- package/dist/dashboard/index.d.ts +190 -34
- package/dist/dashboard/index.d.ts.map +1 -1
- package/dist/dashboard/index.js +282 -52
- package/dist/dashboard/index.js.map +1 -1
- package/dist/dashboard/mutations.d.ts +153 -24
- package/dist/dashboard/mutations.d.ts.map +1 -1
- package/dist/dashboard/mutations.js +680 -114
- package/dist/dashboard/mutations.js.map +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts +1 -1
- package/dist/dashboard/post-assertion-validation.d.ts.map +1 -1
- package/dist/dashboard/post-assertion-validation.js +169 -48
- package/dist/dashboard/post-assertion-validation.js.map +1 -1
- package/dist/dashboard/reads.d.ts +3 -4
- package/dist/dashboard/reads.d.ts.map +1 -1
- package/dist/dashboard/reads.js +11 -22
- package/dist/dashboard/reads.js.map +1 -1
- package/dist/dashboard/types.d.ts +56 -19
- package/dist/dashboard/types.d.ts.map +1 -1
- package/dist/errors/agent-errors.generated.d.ts +21 -0
- package/dist/errors/agent-errors.generated.d.ts.map +1 -0
- package/dist/errors/agent-errors.generated.js +134 -0
- package/dist/errors/agent-errors.generated.js.map +1 -0
- package/dist/errors/codes.d.ts +21 -2
- package/dist/errors/codes.d.ts.map +1 -1
- package/dist/errors/codes.js +19 -0
- package/dist/errors/codes.js.map +1 -1
- package/dist/errors/context.d.ts +9 -1
- package/dist/errors/context.d.ts.map +1 -1
- package/dist/event-analytics.d.ts +1 -3
- package/dist/event-analytics.d.ts.map +1 -1
- package/dist/event-analytics.js +28 -81
- package/dist/event-analytics.js.map +1 -1
- package/dist/events.d.ts.map +1 -1
- package/dist/events.js +23 -14
- package/dist/events.js.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.d.ts +60 -0
- package/dist/generated/accounts/agentSpendOverlay.d.ts.map +1 -1
- package/dist/generated/accounts/agentSpendOverlay.js +6 -2
- package/dist/generated/accounts/agentSpendOverlay.js.map +1 -1
- package/dist/generated/accounts/agentVault.d.ts +168 -4
- package/dist/generated/accounts/agentVault.d.ts.map +1 -1
- package/dist/generated/accounts/agentVault.js +11 -3
- package/dist/generated/accounts/agentVault.js.map +1 -1
- package/dist/generated/accounts/auditLogRejected.d.ts +66 -0
- package/dist/generated/accounts/auditLogRejected.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogRejected.js +68 -0
- package/dist/generated/accounts/auditLogRejected.js.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts +78 -0
- package/dist/generated/accounts/auditLogSuccess.d.ts.map +1 -0
- package/dist/generated/accounts/auditLogSuccess.js +68 -0
- package/dist/generated/accounts/auditLogSuccess.js.map +1 -0
- package/dist/generated/accounts/index.d.ts +4 -4
- package/dist/generated/accounts/index.d.ts.map +1 -1
- package/dist/generated/accounts/index.js +4 -4
- package/dist/generated/accounts/index.js.map +1 -1
- package/dist/generated/accounts/pendingAgentGrant.d.ts +199 -0
- package/dist/generated/accounts/pendingAgentGrant.d.ts.map +1 -0
- package/dist/generated/accounts/pendingAgentGrant.js +75 -0
- package/dist/generated/accounts/pendingAgentGrant.js.map +1 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts +64 -0
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js +7 -1
- package/dist/generated/accounts/pendingAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts +131 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js +76 -0
- package/dist/generated/accounts/pendingOwnershipTransfer.js.map +1 -0
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts +200 -4
- package/dist/generated/accounts/pendingPolicyUpdate.d.ts.map +1 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js +19 -1
- package/dist/generated/accounts/pendingPolicyUpdate.js.map +1 -1
- package/dist/generated/accounts/policyConfig.d.ts +479 -36
- package/dist/generated/accounts/policyConfig.d.ts.map +1 -1
- package/dist/generated/accounts/policyConfig.js +30 -3
- package/dist/generated/accounts/policyConfig.js.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.d.ts +2 -2
- package/dist/generated/accounts/postExecutionAssertions.d.ts.map +1 -1
- package/dist/generated/accounts/postExecutionAssertions.js +3 -3
- package/dist/generated/accounts/sessionAuthority.d.ts +140 -12
- package/dist/generated/accounts/sessionAuthority.d.ts.map +1 -1
- package/dist/generated/accounts/sessionAuthority.js +9 -7
- package/dist/generated/accounts/sessionAuthority.js.map +1 -1
- package/dist/generated/accounts/spendTracker.d.ts +83 -3
- package/dist/generated/accounts/spendTracker.d.ts.map +1 -1
- package/dist/generated/accounts/spendTracker.js +14 -2
- package/dist/generated/accounts/spendTracker.js.map +1 -1
- package/dist/generated/errors/sigil.d.ts +131 -83
- package/dist/generated/errors/sigil.d.ts.map +1 -1
- package/dist/generated/errors/sigil.js +178 -106
- package/dist/generated/errors/sigil.js.map +1 -1
- package/dist/generated/event-discriminators.d.ts.map +1 -1
- package/dist/generated/event-discriminators.js +11 -14
- package/dist/generated/event-discriminators.js.map +1 -1
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts +142 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts +85 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.d.ts.map +1 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js +171 -0
- package/dist/generated/instructions/acceptOwnershipTransferMultisig.js.map +1 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts +100 -0
- package/dist/generated/instructions/applyAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{applyConstraintsUpdate.js → applyAgentGrant.js} +66 -42
- package/dist/generated/instructions/applyAgentGrant.js.map +1 -0
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts +31 -8
- package/dist/generated/instructions/applyAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js +38 -2
- package/dist/generated/instructions/applyAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.d.ts +18 -7
- package/dist/generated/instructions/applyPendingPolicy.d.ts.map +1 -1
- package/dist/generated/instructions/applyPendingPolicy.js +38 -2
- package/dist/generated/instructions/applyPendingPolicy.js.map +1 -1
- package/dist/generated/instructions/cancelAgentGrant.d.ts +106 -0
- package/dist/generated/instructions/cancelAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/{allocatePendingConstraintsPda.js → cancelAgentGrant.js} +54 -42
- package/dist/generated/instructions/cancelAgentGrant.js.map +1 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts +121 -0
- package/dist/generated/instructions/cancelOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/{queueCloseConstraints.js → cancelOwnershipTransfer.js} +58 -44
- package/dist/generated/instructions/cancelOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/closePostAssertions.d.ts +6 -1
- package/dist/generated/instructions/closePostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/closePostAssertions.js +11 -3
- package/dist/generated/instructions/closePostAssertions.js.map +1 -1
- package/dist/generated/instructions/closeVault.d.ts +40 -8
- package/dist/generated/instructions/closeVault.d.ts.map +1 -1
- package/dist/generated/instructions/closeVault.js +40 -2
- package/dist/generated/instructions/closeVault.js.map +1 -1
- package/dist/generated/instructions/createPostAssertions.d.ts +4 -0
- package/dist/generated/instructions/createPostAssertions.d.ts.map +1 -1
- package/dist/generated/instructions/createPostAssertions.js +2 -0
- package/dist/generated/instructions/createPostAssertions.js.map +1 -1
- package/dist/generated/instructions/depositFunds.d.ts +21 -10
- package/dist/generated/instructions/depositFunds.d.ts.map +1 -1
- package/dist/generated/instructions/depositFunds.js +37 -2
- package/dist/generated/instructions/depositFunds.js.map +1 -1
- package/dist/generated/instructions/finalizeSession.d.ts +49 -7
- package/dist/generated/instructions/finalizeSession.d.ts.map +1 -1
- package/dist/generated/instructions/finalizeSession.js +59 -2
- package/dist/generated/instructions/finalizeSession.js.map +1 -1
- package/dist/generated/instructions/freezeVault.d.ts +36 -5
- package/dist/generated/instructions/freezeVault.d.ts.map +1 -1
- package/dist/generated/instructions/freezeVault.js +65 -4
- package/dist/generated/instructions/freezeVault.js.map +1 -1
- package/dist/generated/instructions/index.d.ts +10 -15
- package/dist/generated/instructions/index.d.ts.map +1 -1
- package/dist/generated/instructions/index.js +10 -15
- package/dist/generated/instructions/index.js.map +1 -1
- package/dist/generated/instructions/initializeVault.d.ts +79 -9
- package/dist/generated/instructions/initializeVault.d.ts.map +1 -1
- package/dist/generated/instructions/initializeVault.js +57 -3
- package/dist/generated/instructions/initializeVault.js.map +1 -1
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts +106 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.d.ts.map +1 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js +181 -0
- package/dist/generated/instructions/initiateOwnershipTransfer.js.map +1 -0
- package/dist/generated/instructions/pauseAgent.d.ts +49 -5
- package/dist/generated/instructions/pauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/pauseAgent.js +80 -5
- package/dist/generated/instructions/pauseAgent.js.map +1 -1
- package/dist/generated/instructions/promoteGraylistDestination.d.ts +56 -0
- package/dist/generated/instructions/promoteGraylistDestination.d.ts.map +1 -0
- package/dist/generated/instructions/{createInstructionConstraints.js → promoteGraylistDestination.js} +23 -40
- package/dist/generated/instructions/promoteGraylistDestination.js.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts +113 -0
- package/dist/generated/instructions/queueAgentGrant.d.ts.map +1 -0
- package/dist/generated/instructions/queueAgentGrant.js +181 -0
- package/dist/generated/instructions/queueAgentGrant.js.map +1 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts +8 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js +4 -0
- package/dist/generated/instructions/queueAgentPermissionsUpdate.js.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.d.ts +32 -0
- package/dist/generated/instructions/queuePolicyUpdate.d.ts.map +1 -1
- package/dist/generated/instructions/queuePolicyUpdate.js +17 -1
- package/dist/generated/instructions/queuePolicyUpdate.js.map +1 -1
- package/dist/generated/instructions/reactivateVault.d.ts +71 -5
- package/dist/generated/instructions/reactivateVault.d.ts.map +1 -1
- package/dist/generated/instructions/reactivateVault.js +80 -5
- package/dist/generated/instructions/reactivateVault.js.map +1 -1
- package/dist/generated/instructions/recordAgentViolation.d.ts +89 -0
- package/dist/generated/instructions/recordAgentViolation.d.ts.map +1 -0
- package/dist/generated/instructions/recordAgentViolation.js +152 -0
- package/dist/generated/instructions/recordAgentViolation.js.map +1 -0
- package/dist/generated/instructions/registerAgent.d.ts +84 -6
- package/dist/generated/instructions/registerAgent.d.ts.map +1 -1
- package/dist/generated/instructions/registerAgent.js +81 -4
- package/dist/generated/instructions/registerAgent.js.map +1 -1
- package/dist/generated/instructions/revokeAgent.d.ts +49 -6
- package/dist/generated/instructions/revokeAgent.d.ts.map +1 -1
- package/dist/generated/instructions/revokeAgent.js +81 -4
- package/dist/generated/instructions/revokeAgent.js.map +1 -1
- package/dist/generated/instructions/setObserveOnly.d.ts +56 -0
- package/dist/generated/instructions/setObserveOnly.d.ts.map +1 -0
- package/dist/generated/instructions/setObserveOnly.js +111 -0
- package/dist/generated/instructions/setObserveOnly.js.map +1 -0
- package/dist/generated/instructions/unpauseAgent.d.ts +46 -5
- package/dist/generated/instructions/unpauseAgent.d.ts.map +1 -1
- package/dist/generated/instructions/unpauseAgent.js +80 -5
- package/dist/generated/instructions/unpauseAgent.js.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.d.ts +29 -0
- package/dist/generated/instructions/validateAndAuthorize.d.ts.map +1 -1
- package/dist/generated/instructions/validateAndAuthorize.js +4 -0
- package/dist/generated/instructions/validateAndAuthorize.js.map +1 -1
- package/dist/generated/instructions/withdrawFunds.d.ts +53 -11
- package/dist/generated/instructions/withdrawFunds.d.ts.map +1 -1
- package/dist/generated/instructions/withdrawFunds.js +51 -2
- package/dist/generated/instructions/withdrawFunds.js.map +1 -1
- package/dist/generated/programs/sigil.d.ts +79 -99
- package/dist/generated/programs/sigil.d.ts.map +1 -1
- package/dist/generated/programs/sigil.js +139 -199
- package/dist/generated/programs/sigil.js.map +1 -1
- package/dist/generated/types/actionAuthorized.d.ts +0 -2
- package/dist/generated/types/actionAuthorized.d.ts.map +1 -1
- package/dist/generated/types/actionAuthorized.js +0 -2
- package/dist/generated/types/actionAuthorized.js.map +1 -1
- package/dist/generated/types/agentAutoRevoked.d.ts +31 -0
- package/dist/generated/types/agentAutoRevoked.d.ts.map +1 -0
- package/dist/generated/types/{orphanConstraintsPdaCleaned.js → agentAutoRevoked.js} +12 -8
- package/dist/generated/types/agentAutoRevoked.js.map +1 -0
- package/dist/generated/types/agentEntry.d.ts +48 -0
- package/dist/generated/types/agentEntry.d.ts.map +1 -1
- package/dist/generated/types/agentEntry.js +4 -2
- package/dist/generated/types/agentEntry.js.map +1 -1
- package/dist/generated/types/agentGrantApplied.d.ts +38 -0
- package/dist/generated/types/agentGrantApplied.d.ts.map +1 -0
- package/dist/generated/types/agentGrantApplied.js +34 -0
- package/dist/generated/types/agentGrantApplied.js.map +1 -0
- package/dist/generated/types/agentGrantCancelled.d.ts +33 -0
- package/dist/generated/types/agentGrantCancelled.d.ts.map +1 -0
- package/dist/generated/types/agentGrantCancelled.js +28 -0
- package/dist/generated/types/agentGrantCancelled.js.map +1 -0
- package/dist/generated/types/agentGrantQueued.d.ts +38 -0
- package/dist/generated/types/agentGrantQueued.d.ts.map +1 -0
- package/dist/generated/types/agentGrantQueued.js +32 -0
- package/dist/generated/types/agentGrantQueued.js.map +1 -0
- package/dist/generated/types/auditEntry.d.ts +120 -0
- package/dist/generated/types/auditEntry.d.ts.map +1 -0
- package/dist/generated/types/auditEntry.js +34 -0
- package/dist/generated/types/auditEntry.js.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts +32 -0
- package/dist/generated/types/destinationGraylistEntry.d.ts.map +1 -0
- package/dist/generated/types/destinationGraylistEntry.js +24 -0
- package/dist/generated/types/destinationGraylistEntry.js.map +1 -0
- package/dist/generated/types/graylistEntered.d.ts +31 -0
- package/dist/generated/types/graylistEntered.d.ts.map +1 -0
- package/dist/generated/types/graylistEntered.js +30 -0
- package/dist/generated/types/graylistEntered.js.map +1 -0
- package/dist/generated/types/graylistPromoted.d.ts +29 -0
- package/dist/generated/types/graylistPromoted.d.ts.map +1 -0
- package/dist/generated/types/graylistPromoted.js +28 -0
- package/dist/generated/types/graylistPromoted.js.map +1 -0
- package/dist/generated/types/index.d.ts +13 -22
- package/dist/generated/types/index.d.ts.map +1 -1
- package/dist/generated/types/index.js +13 -22
- package/dist/generated/types/index.js.map +1 -1
- package/dist/generated/types/observeOnlyChanged.d.ts +33 -0
- package/dist/generated/types/observeOnlyChanged.d.ts.map +1 -0
- package/dist/generated/types/observeOnlyChanged.js +32 -0
- package/dist/generated/types/observeOnlyChanged.js.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts +32 -0
- package/dist/generated/types/ownershipTransferAccepted.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferAccepted.js +30 -0
- package/dist/generated/types/ownershipTransferAccepted.js.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts +29 -0
- package/dist/generated/types/ownershipTransferCancelled.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferCancelled.js +28 -0
- package/dist/generated/types/ownershipTransferCancelled.js.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts +33 -0
- package/dist/generated/types/ownershipTransferInitiated.d.ts.map +1 -0
- package/dist/generated/types/ownershipTransferInitiated.js +30 -0
- package/dist/generated/types/ownershipTransferInitiated.js.map +1 -0
- package/dist/generated/types/perRecipientCounter.d.ts +61 -0
- package/dist/generated/types/perRecipientCounter.d.ts.map +1 -0
- package/dist/generated/types/perRecipientCounter.js +26 -0
- package/dist/generated/types/perRecipientCounter.js.map +1 -0
- package/dist/generated/types/postAssertionEntry.d.ts +14 -7
- package/dist/generated/types/postAssertionEntry.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntry.js +5 -7
- package/dist/generated/types/postAssertionEntry.js.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.d.ts +53 -22
- package/dist/generated/types/postAssertionEntryZC.d.ts.map +1 -1
- package/dist/generated/types/postAssertionEntryZC.js +4 -6
- package/dist/generated/types/postAssertionEntryZC.js.map +1 -1
- package/dist/generated/types/sessionFinalized.d.ts +0 -4
- package/dist/generated/types/sessionFinalized.d.ts.map +1 -1
- package/dist/generated/types/sessionFinalized.js +0 -2
- package/dist/generated/types/sessionFinalized.js.map +1 -1
- package/dist/generated/types/vaultFrozen.d.ts +14 -0
- package/dist/generated/types/vaultFrozen.d.ts.map +1 -1
- package/dist/generated/types/vaultFrozen.js +2 -0
- package/dist/generated/types/vaultFrozen.js.map +1 -1
- package/dist/index.d.ts +31 -9
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +67 -11
- package/dist/index.js.map +1 -1
- package/dist/inspector.d.ts +0 -23
- package/dist/inspector.d.ts.map +1 -1
- package/dist/inspector.js +0 -52
- package/dist/inspector.js.map +1 -1
- package/dist/kit-adapter.d.ts +1 -1
- package/dist/kit-adapter.d.ts.map +1 -1
- package/dist/kit-adapter.js +1 -1
- package/dist/kit-adapter.js.map +1 -1
- package/dist/multisig-detection.d.ts +83 -0
- package/dist/multisig-detection.d.ts.map +1 -0
- package/dist/multisig-detection.js +128 -0
- package/dist/multisig-detection.js.map +1 -0
- package/dist/ownership-transfer.d.ts +79 -0
- package/dist/ownership-transfer.d.ts.map +1 -0
- package/dist/ownership-transfer.js +66 -0
- package/dist/ownership-transfer.js.map +1 -0
- package/dist/policy/compute-agent-perms-cosign-digest.d.ts +51 -0
- package/dist/policy/compute-agent-perms-cosign-digest.d.ts.map +1 -0
- package/dist/policy/compute-agent-perms-cosign-digest.js +55 -0
- package/dist/policy/compute-agent-perms-cosign-digest.js.map +1 -0
- package/dist/policy/compute-cosign-digest.d.ts +193 -0
- package/dist/policy/compute-cosign-digest.d.ts.map +1 -0
- package/dist/policy/compute-cosign-digest.js +318 -0
- package/dist/policy/compute-cosign-digest.js.map +1 -0
- package/dist/policy/compute-policy-preview-digest.d.ts +279 -0
- package/dist/policy/compute-policy-preview-digest.d.ts.map +1 -0
- package/dist/policy/compute-policy-preview-digest.js +373 -0
- package/dist/policy/compute-policy-preview-digest.js.map +1 -0
- package/dist/policy-attestation.d.ts +51 -0
- package/dist/policy-attestation.d.ts.map +1 -0
- package/dist/policy-attestation.js +43 -0
- package/dist/policy-attestation.js.map +1 -0
- package/dist/preview-create-vault.d.ts.map +1 -1
- package/dist/preview-create-vault.js +37 -16
- package/dist/preview-create-vault.js.map +1 -1
- package/dist/resolve-accounts.d.ts +75 -10
- package/dist/resolve-accounts.d.ts.map +1 -1
- package/dist/resolve-accounts.js +68 -32
- package/dist/resolve-accounts.js.map +1 -1
- package/dist/rpc-helpers.d.ts +29 -3
- package/dist/rpc-helpers.d.ts.map +1 -1
- package/dist/rpc-helpers.js +51 -12
- package/dist/rpc-helpers.js.map +1 -1
- package/dist/seal/intent-digest.d.ts +195 -0
- package/dist/seal/intent-digest.d.ts.map +1 -0
- package/dist/seal/intent-digest.js +372 -0
- package/dist/seal/intent-digest.js.map +1 -0
- package/dist/seal.d.ts +166 -3
- package/dist/seal.d.ts.map +1 -1
- package/dist/seal.js +428 -32
- package/dist/seal.js.map +1 -1
- package/dist/security-analytics.d.ts +3 -3
- package/dist/security-analytics.d.ts.map +1 -1
- package/dist/security-analytics.js +13 -128
- package/dist/security-analytics.js.map +1 -1
- package/dist/session-mint.d.ts +72 -0
- package/dist/session-mint.d.ts.map +1 -0
- package/dist/session-mint.js +59 -0
- package/dist/session-mint.js.map +1 -0
- package/dist/simulation.d.ts +19 -0
- package/dist/simulation.d.ts.map +1 -1
- package/dist/simulation.js +187 -95
- package/dist/simulation.js.map +1 -1
- package/dist/squads-detection.d.ts +135 -0
- package/dist/squads-detection.d.ts.map +1 -0
- package/dist/squads-detection.js +124 -0
- package/dist/squads-detection.js.map +1 -0
- package/dist/state-resolver.d.ts +0 -16
- package/dist/state-resolver.d.ts.map +1 -1
- package/dist/state-resolver.js +162 -97
- package/dist/state-resolver.js.map +1 -1
- package/dist/testing/devnet.d.ts +40 -1
- package/dist/testing/devnet.d.ts.map +1 -1
- package/dist/testing/devnet.js +333 -44
- package/dist/testing/devnet.js.map +1 -1
- package/dist/testing/errors/expect.d.ts +1 -1
- package/dist/testing/errors/expect.js +1 -1
- package/dist/testing/errors/names.generated.d.ts +82 -58
- package/dist/testing/errors/names.generated.d.ts.map +1 -1
- package/dist/testing/errors/names.generated.js +83 -59
- package/dist/testing/errors/names.generated.js.map +1 -1
- package/dist/testing/mock-rpc.d.ts +8 -0
- package/dist/testing/mock-rpc.d.ts.map +1 -1
- package/dist/testing/mock-rpc.js +13 -0
- package/dist/testing/mock-rpc.js.map +1 -1
- package/dist/testing/mock-state.d.ts +2 -0
- package/dist/testing/mock-state.d.ts.map +1 -1
- package/dist/testing/mock-state.js +43 -4
- package/dist/testing/mock-state.js.map +1 -1
- package/dist/types.d.ts +5 -15
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +11 -69
- package/dist/types.js.map +1 -1
- package/dist/vault-analytics.d.ts +0 -2
- package/dist/vault-analytics.d.ts.map +1 -1
- package/dist/vault-analytics.js +1 -9
- package/dist/vault-analytics.js.map +1 -1
- package/package.json +7 -12
- package/dist/constraints/index.d.ts +0 -23
- package/dist/constraints/index.d.ts.map +0 -1
- package/dist/constraints/index.js +0 -24
- package/dist/constraints/index.js.map +0 -1
- package/dist/dashboard/constraint-builders.d.ts +0 -82
- package/dist/dashboard/constraint-builders.d.ts.map +0 -1
- package/dist/dashboard/constraint-builders.js +0 -204
- package/dist/dashboard/constraint-builders.js.map +0 -1
- package/dist/dashboard/constraint-reads.d.ts +0 -50
- package/dist/dashboard/constraint-reads.d.ts.map +0 -1
- package/dist/dashboard/constraint-reads.js +0 -119
- package/dist/dashboard/constraint-reads.js.map +0 -1
- package/dist/generated/accounts/escrowDeposit.d.ts +0 -50
- package/dist/generated/accounts/escrowDeposit.d.ts.map +0 -1
- package/dist/generated/accounts/escrowDeposit.js +0 -76
- package/dist/generated/accounts/escrowDeposit.js.map +0 -1
- package/dist/generated/accounts/instructionConstraints.d.ts +0 -46
- package/dist/generated/accounts/instructionConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/instructionConstraints.js +0 -73
- package/dist/generated/accounts/instructionConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.d.ts +0 -49
- package/dist/generated/accounts/pendingCloseConstraints.d.ts.map +0 -1
- package/dist/generated/accounts/pendingCloseConstraints.js +0 -68
- package/dist/generated/accounts/pendingCloseConstraints.js.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts +0 -76
- package/dist/generated/accounts/pendingConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/accounts/pendingConstraintsUpdate.js +0 -77
- package/dist/generated/accounts/pendingConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.d.ts +0 -62
- package/dist/generated/instructions/allocateConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocateConstraintsPda.js +0 -134
- package/dist/generated/instructions/allocateConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts +0 -66
- package/dist/generated/instructions/allocatePendingConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/allocatePendingConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.d.ts +0 -59
- package/dist/generated/instructions/applyCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/applyCloseConstraints.js +0 -143
- package/dist/generated/instructions/applyCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts +0 -62
- package/dist/generated/instructions/applyConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/applyConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.d.ts +0 -51
- package/dist/generated/instructions/cancelCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/cancelCloseConstraints.js +0 -115
- package/dist/generated/instructions/cancelCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts +0 -51
- package/dist/generated/instructions/cancelConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/cancelConstraintsUpdate.js +0 -115
- package/dist/generated/instructions/cancelConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts +0 -67
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.d.ts.map +0 -1
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js +0 -120
- package/dist/generated/instructions/cleanupOrphanConstraintsPda.js.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.d.ts +0 -72
- package/dist/generated/instructions/closeSettledEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/closeSettledEscrow.js +0 -127
- package/dist/generated/instructions/closeSettledEscrow.js.map +0 -1
- package/dist/generated/instructions/createEscrow.d.ts +0 -131
- package/dist/generated/instructions/createEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/createEscrow.js +0 -272
- package/dist/generated/instructions/createEscrow.js.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.d.ts +0 -68
- package/dist/generated/instructions/createInstructionConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/createInstructionConstraints.js.map +0 -1
- package/dist/generated/instructions/extendPda.d.ts +0 -52
- package/dist/generated/instructions/extendPda.d.ts.map +0 -1
- package/dist/generated/instructions/extendPda.js +0 -86
- package/dist/generated/instructions/extendPda.js.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.d.ts +0 -66
- package/dist/generated/instructions/queueCloseConstraints.d.ts.map +0 -1
- package/dist/generated/instructions/queueCloseConstraints.js.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts +0 -75
- package/dist/generated/instructions/queueConstraintsUpdate.d.ts.map +0 -1
- package/dist/generated/instructions/queueConstraintsUpdate.js +0 -154
- package/dist/generated/instructions/queueConstraintsUpdate.js.map +0 -1
- package/dist/generated/instructions/refundEscrow.d.ts +0 -74
- package/dist/generated/instructions/refundEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/refundEscrow.js +0 -142
- package/dist/generated/instructions/refundEscrow.js.map +0 -1
- package/dist/generated/instructions/settleEscrow.d.ts +0 -80
- package/dist/generated/instructions/settleEscrow.d.ts.map +0 -1
- package/dist/generated/instructions/settleEscrow.js +0 -173
- package/dist/generated/instructions/settleEscrow.js.map +0 -1
- package/dist/generated/types/accountConstraint.d.ts +0 -33
- package/dist/generated/types/accountConstraint.d.ts.map +0 -1
- package/dist/generated/types/accountConstraint.js +0 -26
- package/dist/generated/types/accountConstraint.js.map +0 -1
- package/dist/generated/types/accountConstraintZC.d.ts +0 -25
- package/dist/generated/types/accountConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/accountConstraintZC.js +0 -28
- package/dist/generated/types/accountConstraintZC.js.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.d.ts +0 -20
- package/dist/generated/types/closeConstraintsApplied.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsApplied.js +0 -24
- package/dist/generated/types/closeConstraintsApplied.js.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.d.ts +0 -16
- package/dist/generated/types/closeConstraintsCancelled.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsCancelled.js +0 -18
- package/dist/generated/types/closeConstraintsCancelled.js.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.d.ts +0 -20
- package/dist/generated/types/closeConstraintsQueued.d.ts.map +0 -1
- package/dist/generated/types/closeConstraintsQueued.js +0 -24
- package/dist/generated/types/closeConstraintsQueued.js.map +0 -1
- package/dist/generated/types/constraintEntry.d.ts +0 -35
- package/dist/generated/types/constraintEntry.d.ts.map +0 -1
- package/dist/generated/types/constraintEntry.js +0 -29
- package/dist/generated/types/constraintEntry.js.map +0 -1
- package/dist/generated/types/constraintEntryZC.d.ts +0 -73
- package/dist/generated/types/constraintEntryZC.d.ts.map +0 -1
- package/dist/generated/types/constraintEntryZC.js +0 -49
- package/dist/generated/types/constraintEntryZC.js.map +0 -1
- package/dist/generated/types/constraintOperator.d.ts +0 -22
- package/dist/generated/types/constraintOperator.d.ts.map +0 -1
- package/dist/generated/types/constraintOperator.js +0 -28
- package/dist/generated/types/constraintOperator.js.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.d.ts +0 -30
- package/dist/generated/types/constraintsChangeApplied.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeApplied.js +0 -32
- package/dist/generated/types/constraintsChangeApplied.js.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.d.ts +0 -16
- package/dist/generated/types/constraintsChangeCancelled.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeCancelled.js +0 -18
- package/dist/generated/types/constraintsChangeCancelled.js.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.d.ts +0 -30
- package/dist/generated/types/constraintsChangeQueued.d.ts.map +0 -1
- package/dist/generated/types/constraintsChangeQueued.js +0 -32
- package/dist/generated/types/constraintsChangeQueued.js.map +0 -1
- package/dist/generated/types/dataConstraint.d.ts +0 -23
- package/dist/generated/types/dataConstraint.d.ts.map +0 -1
- package/dist/generated/types/dataConstraint.js +0 -27
- package/dist/generated/types/dataConstraint.js.map +0 -1
- package/dist/generated/types/dataConstraintZC.d.ts +0 -20
- package/dist/generated/types/dataConstraintZC.d.ts.map +0 -1
- package/dist/generated/types/dataConstraintZC.js +0 -30
- package/dist/generated/types/dataConstraintZC.js.map +0 -1
- package/dist/generated/types/discriminatorFormat.d.ts +0 -25
- package/dist/generated/types/discriminatorFormat.d.ts.map +0 -1
- package/dist/generated/types/discriminatorFormat.js +0 -31
- package/dist/generated/types/discriminatorFormat.js.map +0 -1
- package/dist/generated/types/escrowCreated.d.ts +0 -30
- package/dist/generated/types/escrowCreated.d.ts.map +0 -1
- package/dist/generated/types/escrowCreated.js +0 -34
- package/dist/generated/types/escrowCreated.js.map +0 -1
- package/dist/generated/types/escrowRefunded.d.ts +0 -26
- package/dist/generated/types/escrowRefunded.d.ts.map +0 -1
- package/dist/generated/types/escrowRefunded.js +0 -30
- package/dist/generated/types/escrowRefunded.js.map +0 -1
- package/dist/generated/types/escrowSettled.d.ts +0 -26
- package/dist/generated/types/escrowSettled.d.ts.map +0 -1
- package/dist/generated/types/escrowSettled.js +0 -30
- package/dist/generated/types/escrowSettled.js.map +0 -1
- package/dist/generated/types/escrowStatus.d.ts +0 -18
- package/dist/generated/types/escrowStatus.d.ts.map +0 -1
- package/dist/generated/types/escrowStatus.js +0 -24
- package/dist/generated/types/escrowStatus.js.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.d.ts +0 -34
- package/dist/generated/types/instructionConstraintsCreated.d.ts.map +0 -1
- package/dist/generated/types/instructionConstraintsCreated.js +0 -36
- package/dist/generated/types/instructionConstraintsCreated.js.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts +0 -22
- package/dist/generated/types/orphanConstraintsPdaCleaned.d.ts.map +0 -1
- package/dist/generated/types/orphanConstraintsPdaCleaned.js.map +0 -1
- package/dist/generated/types/pdaAllocated.d.ts +0 -24
- package/dist/generated/types/pdaAllocated.d.ts.map +0 -1
- package/dist/generated/types/pdaAllocated.js +0 -28
- package/dist/generated/types/pdaAllocated.js.map +0 -1
- package/dist/generated/types/pdaExtended.d.ts +0 -24
- package/dist/generated/types/pdaExtended.d.ts.map +0 -1
- package/dist/generated/types/pdaExtended.js +0 -28
- package/dist/generated/types/pdaExtended.js.map +0 -1
- package/dist/post-assertions/cross-field-lte.d.ts +0 -134
- package/dist/post-assertions/cross-field-lte.d.ts.map +0 -1
- package/dist/post-assertions/cross-field-lte.js +0 -129
- package/dist/post-assertions/cross-field-lte.js.map +0 -1
- package/dist/post-assertions/index.d.ts +0 -28
- package/dist/post-assertions/index.d.ts.map +0 -1
- package/dist/post-assertions/index.js +0 -28
- package/dist/post-assertions/index.js.map +0 -1
- package/dist/post-assertions/presets/flash-trade.d.ts +0 -139
- package/dist/post-assertions/presets/flash-trade.d.ts.map +0 -1
- package/dist/post-assertions/presets/flash-trade.js +0 -154
- package/dist/post-assertions/presets/flash-trade.js.map +0 -1
- package/dist/protocol-registry/annotations/drift.json +0 -7
- package/dist/protocol-registry/annotations/flash-trade.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-borrow.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-earn.json +0 -7
- package/dist/protocol-registry/annotations/jupiter-lend.json +0 -7
- package/dist/protocol-registry/annotations/jupiter.json +0 -7
- package/dist/protocol-registry/annotations/kamino.json +0 -7
- package/dist/protocol-registry/index.d.ts +0 -45
- package/dist/protocol-registry/index.d.ts.map +0 -1
- package/dist/protocol-registry/index.js +0 -76
- package/dist/protocol-registry/index.js.map +0 -1
- package/dist/protocol-tier.d.ts +0 -157
- package/dist/protocol-tier.d.ts.map +0 -1
- package/dist/protocol-tier.js +0 -104
- package/dist/protocol-tier.js.map +0 -1
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* G6 (audit 2026-05-18 cosign opt-in) — Squads V4 multisig detection helper.
|
|
3
|
+
*
|
|
4
|
+
* Read-only off-chain SDK helper that inspects whether a given vault owner
|
|
5
|
+
* pubkey is owned by the Squads V4 multisig program. Used by the dashboard
|
|
6
|
+
* to decide whether to surface the "single-signer protection" warning
|
|
7
|
+
* banner when the owner has not opted into TA-09 cosign enforcement.
|
|
8
|
+
*
|
|
9
|
+
* Categorization per AC-2 (Owner Key Leak) post-mitigation modes:
|
|
10
|
+
*
|
|
11
|
+
* 1. Solo key + cosign_required=false (default, low-friction):
|
|
12
|
+
* owner signature alone authorizes elevated mutations. UI surfaces
|
|
13
|
+
* a warning recommending Squads multisig OR enabling cosign.
|
|
14
|
+
* Use case: dev/test, low-stakes vaults, AI agent automation.
|
|
15
|
+
*
|
|
16
|
+
* 2. Solo key + cosign_required=true (explicit opt-in):
|
|
17
|
+
* TA-09 enforces cosign on elevated mutations. Use case: solo
|
|
18
|
+
* founder wants Sigil-native per-mutation co-signature.
|
|
19
|
+
*
|
|
20
|
+
* 3. Squads V4 multisig owner + cosign_required=false (recommended
|
|
21
|
+
* for production): multisig at the Solana layer enforces N-of-M
|
|
22
|
+
* on every owner action; Sigil cosign is unnecessary on top.
|
|
23
|
+
* Detection via this helper allows the dashboard to recognize
|
|
24
|
+
* this mode and skip the warning banner.
|
|
25
|
+
*
|
|
26
|
+
* IMPORTANT: Sigil DOES NOT enforce multisig on-chain. The vault owner
|
|
27
|
+
* field is just a Pubkey. Squads is a separate Solana-level concern
|
|
28
|
+
* that users set up on their own at https://app.squads.so. This helper
|
|
29
|
+
* only DETECTS the configuration to give the dashboard ergonomic
|
|
30
|
+
* affordances — it is NOT a security boundary.
|
|
31
|
+
*
|
|
32
|
+
* Off-chain helper category per [INTERFACES_V2 §4.4]:
|
|
33
|
+
* (https://github.com/usesigil/agent-middleware/blob/main/docs/revamp/INTERFACES_V2.md)
|
|
34
|
+
* `TA-18` is the existing Squads detection primitive locked LOCKED-OFF-
|
|
35
|
+
* CHAIN-ONLY. This file is the V2 implementation surface for that
|
|
36
|
+
* primitive, scoped to the read-only program-owner check.
|
|
37
|
+
*
|
|
38
|
+
* @see https://docs.squads.so for Squads protocol documentation
|
|
39
|
+
* @see programs/sigil/src/instructions/queue_policy_update.rs — on-chain
|
|
40
|
+
* cosign elevation gating gated on `policy.cosign_required`
|
|
41
|
+
*/
|
|
42
|
+
/**
|
|
43
|
+
* Squads V4 multisig program ID (mainnet + devnet — same address per
|
|
44
|
+
* https://docs.squads.so/main/v/development/squads-v4/program-addresses).
|
|
45
|
+
*
|
|
46
|
+
* Verified against the Squads V4 GitHub repo + the canonical Squads SDK
|
|
47
|
+
* docs (`@sqds/multisig`) as of 2026-05-18.
|
|
48
|
+
*/
|
|
49
|
+
export const SQUADS_V4_PROGRAM_ID = "SQDS4ep65T869zMMBKyuUq6aD6EgTu8psMjkvj52pCf";
|
|
50
|
+
/**
|
|
51
|
+
* Read-only check: is the given pubkey an account owned by the Squads
|
|
52
|
+
* V4 multisig program?
|
|
53
|
+
*
|
|
54
|
+
* Reads `getAccountInfo(pubkey)` from the RPC and inspects the `owner`
|
|
55
|
+
* field. If the account doesn't exist, returns `isSquadsMultisig=false`
|
|
56
|
+
* and method `"account-missing"`. If the RPC call fails (network
|
|
57
|
+
* issue), returns `isSquadsMultisig=false` and method `"rpc-failure"` —
|
|
58
|
+
* fail-safe: assume not multisig and let the warning UI surface.
|
|
59
|
+
*
|
|
60
|
+
* Does NOT decode Squads-specific account data. Pure program-owner check.
|
|
61
|
+
* This is intentional — Sigil makes NO assumption about the multisig's
|
|
62
|
+
* threshold, member count, time-lock, or any other internal Squads
|
|
63
|
+
* configuration. The dashboard surfaces "this is a Squads vault" as a
|
|
64
|
+
* binary signal; users follow the link to squads.so to inspect the
|
|
65
|
+
* actual configuration.
|
|
66
|
+
*
|
|
67
|
+
* Performance: a single `getAccountInfo` RPC call. Suitable for
|
|
68
|
+
* dashboard read flows; not recommended for hot-path transaction
|
|
69
|
+
* building (cache the result for the session).
|
|
70
|
+
*
|
|
71
|
+
* @example
|
|
72
|
+
* ```ts
|
|
73
|
+
* import { detectSquadsV4Owner } from "@usesigil/kit";
|
|
74
|
+
*
|
|
75
|
+
* const result = await detectSquadsV4Owner(rpc, vaultOwnerPubkey);
|
|
76
|
+
* if (result.isSquadsMultisig) {
|
|
77
|
+
* // AC-2 mode 3: multisig protection at the Solana layer.
|
|
78
|
+
* // Suppress the "single-signer protection" warning banner.
|
|
79
|
+
* } else if (!policy.cosignRequired) {
|
|
80
|
+
* // AC-2 mode 1: solo key + cosign opted out.
|
|
81
|
+
* // Show the warning banner recommending Squads OR cosign.
|
|
82
|
+
* } else {
|
|
83
|
+
* // AC-2 mode 2: solo key + cosign opted in.
|
|
84
|
+
* // Sigil-native per-mutation co-signature. Show calmer banner.
|
|
85
|
+
* }
|
|
86
|
+
* ```
|
|
87
|
+
*
|
|
88
|
+
* @param rpc Kit RPC client (any cluster).
|
|
89
|
+
* @param ownerPubkey The vault owner pubkey to inspect.
|
|
90
|
+
* @returns Detection result; always resolved (never rejects).
|
|
91
|
+
*/
|
|
92
|
+
export async function detectSquadsV4Owner(rpc, ownerPubkey) {
|
|
93
|
+
try {
|
|
94
|
+
const response = await rpc
|
|
95
|
+
.getAccountInfo(ownerPubkey, { encoding: "base64" })
|
|
96
|
+
.send();
|
|
97
|
+
// Kit's getAccountInfo wraps the response in `{ value: ... | null }`.
|
|
98
|
+
// null = account does not exist OR was closed.
|
|
99
|
+
if (!response.value) {
|
|
100
|
+
return {
|
|
101
|
+
isSquadsMultisig: false,
|
|
102
|
+
programOwner: null,
|
|
103
|
+
detectionMethod: "account-missing",
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
const programOwner = response.value.owner;
|
|
107
|
+
return {
|
|
108
|
+
isSquadsMultisig: programOwner === SQUADS_V4_PROGRAM_ID,
|
|
109
|
+
programOwner,
|
|
110
|
+
detectionMethod: "program-owner",
|
|
111
|
+
};
|
|
112
|
+
}
|
|
113
|
+
catch {
|
|
114
|
+
// Fail-safe: any RPC error (network, malformed response, timeout)
|
|
115
|
+
// resolves to "not multisig". The UI warning banner surfaces;
|
|
116
|
+
// we never silently claim multisig protection on uncertain data.
|
|
117
|
+
return {
|
|
118
|
+
isSquadsMultisig: false,
|
|
119
|
+
programOwner: null,
|
|
120
|
+
detectionMethod: "rpc-failure",
|
|
121
|
+
};
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
//# sourceMappingURL=squads-detection.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"squads-detection.js","sourceRoot":"","sources":["../src/squads-detection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAKH;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAC/B,6CAAwD,CAAC;AA6C3D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,GAAsB,EACtB,WAAoB;IAEpB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,GAAG;aACvB,cAAc,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;aACnD,IAAI,EAAE,CAAC;QAEV,sEAAsE;QACtE,+CAA+C;QAC/C,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACpB,OAAO;gBACL,gBAAgB,EAAE,KAAK;gBACvB,YAAY,EAAE,IAAI;gBAClB,eAAe,EAAE,iBAAiB;aACnC,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,KAA2B,CAAC;QAChE,OAAO;YACL,gBAAgB,EAAE,YAAY,KAAK,oBAAoB;YACvD,YAAY;YACZ,eAAe,EAAE,eAAe;SACjC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,8DAA8D;QAC9D,iEAAiE;QACjE,OAAO;YACL,gBAAgB,EAAE,KAAK;YACvB,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,aAAa;SAC/B,CAAC;IACJ,CAAC;AACH,CAAC"}
|
package/dist/state-resolver.d.ts
CHANGED
|
@@ -11,13 +11,10 @@
|
|
|
11
11
|
import { type Address, type ReadonlyUint8Array, type Rpc, type SolanaRpcApi } from "./kit-adapter.js";
|
|
12
12
|
import { type AgentSpendOverlay } from "./generated/accounts/agentSpendOverlay.js";
|
|
13
13
|
import { type AgentVault } from "./generated/accounts/agentVault.js";
|
|
14
|
-
import { type InstructionConstraints } from "./generated/accounts/instructionConstraints.js";
|
|
15
14
|
import { type PolicyConfig } from "./generated/accounts/policyConfig.js";
|
|
16
15
|
import { type SpendTracker } from "./generated/accounts/spendTracker.js";
|
|
17
|
-
import { type EscrowDeposit } from "./generated/accounts/escrowDeposit.js";
|
|
18
16
|
import { type SessionAuthority } from "./generated/accounts/sessionAuthority.js";
|
|
19
17
|
import { type PendingPolicyUpdate } from "./generated/accounts/pendingPolicyUpdate.js";
|
|
20
|
-
import { type PendingConstraintsUpdate } from "./generated/accounts/pendingConstraintsUpdate.js";
|
|
21
18
|
import type { AgentContributionEntry } from "./generated/types/agentContributionEntry.js";
|
|
22
19
|
import { type Network } from "./types.js";
|
|
23
20
|
/** Budget state for a single spending dimension. All values in USD (6 decimals). */
|
|
@@ -46,7 +43,6 @@ export interface ResolvedVaultState {
|
|
|
46
43
|
policy: PolicyConfig;
|
|
47
44
|
tracker: SpendTracker | null;
|
|
48
45
|
overlay: AgentSpendOverlay | null;
|
|
49
|
-
constraints: InstructionConstraints | null;
|
|
50
46
|
globalBudget: EffectiveBudget;
|
|
51
47
|
agentBudget: EffectiveBudget | null;
|
|
52
48
|
/** Per-agent budgets for all agents in the vault (indexed by agent address). */
|
|
@@ -164,13 +160,6 @@ export interface VaultLocator {
|
|
|
164
160
|
*/
|
|
165
161
|
export type DiscoveredVault = VaultLocator;
|
|
166
162
|
export declare function findVaultsByOwner(rpc: Rpc<SolanaRpcApi>, owner: Address, maxProbe?: number): Promise<VaultLocator[]>;
|
|
167
|
-
/**
|
|
168
|
-
* Find all escrow deposits where this vault is the source.
|
|
169
|
-
* Uses getProgramAccounts with memcmp on source_vault field (offset 8).
|
|
170
|
-
*/
|
|
171
|
-
export declare function findEscrowsByVault(rpc: Rpc<SolanaRpcApi>, sourceVault: Address): Promise<(EscrowDeposit & {
|
|
172
|
-
address: Address;
|
|
173
|
-
})[]>;
|
|
174
163
|
/**
|
|
175
164
|
* Find all active sessions for a vault.
|
|
176
165
|
* Uses getProgramAccounts with memcmp on vault field (offset 8).
|
|
@@ -183,9 +172,4 @@ export declare function findSessionsByVault(rpc: Rpc<SolanaRpcApi>, vault: Addre
|
|
|
183
172
|
* Returns null if no pending update exists.
|
|
184
173
|
*/
|
|
185
174
|
export declare function getPendingPolicyForVault(rpc: Rpc<SolanaRpcApi>, vault: Address): Promise<PendingPolicyUpdate | null>;
|
|
186
|
-
/**
|
|
187
|
-
* Fetch the pending constraints update for a vault, if any.
|
|
188
|
-
* Returns null if no pending update exists.
|
|
189
|
-
*/
|
|
190
|
-
export declare function getPendingConstraintsForVault(rpc: Rpc<SolanaRpcApi>, vault: Address): Promise<PendingConstraintsUpdate | null>;
|
|
191
175
|
//# sourceMappingURL=state-resolver.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"state-resolver.d.ts","sourceRoot":"","sources":["../src/state-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAKL,KAAK,OAAO,EAEZ,KAAK,kBAAkB,EACvB,KAAK,GAAG,EACR,KAAK,YAAY,EAClB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAEL,KAAK,iBAAiB,EACvB,MAAM,2CAA2C,CAAC;AACnD,OAAO,EAEL,KAAK,UAAU,EAChB,MAAM,oCAAoC,CAAC;
|
|
1
|
+
{"version":3,"file":"state-resolver.d.ts","sourceRoot":"","sources":["../src/state-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAKL,KAAK,OAAO,EAEZ,KAAK,kBAAkB,EACvB,KAAK,GAAG,EACR,KAAK,YAAY,EAClB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAEL,KAAK,iBAAiB,EACvB,MAAM,2CAA2C,CAAC;AACnD,OAAO,EAEL,KAAK,UAAU,EAChB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAEL,KAAK,YAAY,EAClB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EAEL,KAAK,YAAY,EAClB,MAAM,sCAAsC,CAAC;AAE9C,OAAO,EAGL,KAAK,gBAAgB,EACtB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EAEL,KAAK,mBAAmB,EACzB,MAAM,6CAA6C,CAAC;AAErD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,6CAA6C,CAAC;AAe1F,OAAO,EAaL,KAAK,OAAO,EACb,MAAM,YAAY,CAAC;AAMpB,oFAAoF;AACpF,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,iEAAiE;AACjE,MAAM,WAAW,aAAa;IAC5B,+CAA+C;IAC/C,OAAO,EAAE,MAAM,CAAC;IAChB,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,oEAAoE;IACpE,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,oEAAoE;AACpE,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,UAAU,CAAC;IAClB,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,YAAY,GAAG,IAAI,CAAC;IAC7B,OAAO,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAGlC,YAAY,EAAE,eAAe,CAAC;IAC9B,WAAW,EAAE,eAAe,GAAG,IAAI,CAAC;IACpC,gFAAgF;IAChF,eAAe,EAAE,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAC/C,eAAe,EAAE,cAAc,EAAE,CAAC;IAClC,iBAAiB,EAAE,MAAM,CAAC;IAE1B,4EAA4E;IAC5E,kBAAkB,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAEnD,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAkBD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAEjE;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,iBAAiB,GAAG,IAAI,GAAG,SAAS,EAC7C,YAAY,EAAE,OAAO,GACpB;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAmB5E;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,YAAY,EACrB,OAAO,EAAE,MAAM,GACd,MAAM,CAsCR;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,sBAAsB,EAC7B,OAAO,EAAE,MAAM,GACd,MAAM,CA+CR;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,YAAY,EACrB,eAAe,EAAE,OAAO,EACxB,OAAO,EAAE,MAAM,GACd,MAAM,CAkBR;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,YAAY,GAAG,IAAI,EAC5B,OAAO,EAAE,MAAM,GACd,aAAa,EAAE,CA8BjB;AAID;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,EACtB,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,kBAAkB,CAAC,CAyL7B;AAID,6EAA6E;AAC7E,MAAM,MAAM,0BAA0B,GAAG,IAAI,CAC3C,kBAAkB,EAClB,aAAa,CACd,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,wBAAsB,yBAAyB,CAC7C,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,EACtB,KAAK,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,0BAA0B,CAAC,CAYrC;AAID,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,eAAe,CAAC;IAC9B,WAAW,EAAE,eAAe,GAAG,IAAI,CAAC;CACrC;AAED;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,EACtB,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,CAAC,CAgFzB;AAID,kDAAkD;AAClD,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,OAAO,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,YAAY,CAAC;AA2J3C,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,EACtB,KAAK,EAAE,OAAO,EACd,QAAQ,GAAE,MAAW,GACpB,OAAO,CAAC,YAAY,EAAE,CAAC,CA6HzB;AAUD;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,EACtB,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,CAAC,gBAAgB,GAAG;IAAE,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC,EAAE,CAAC,CAiCtD;AAID;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,EACtB,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAIrC"}
|
package/dist/state-resolver.js
CHANGED
|
@@ -11,16 +11,15 @@
|
|
|
11
11
|
import { fetchEncodedAccounts, getAddressDecoder, getAddressEncoder, getU64Decoder, } from "./kit-adapter.js";
|
|
12
12
|
import { decodeAgentSpendOverlay, } from "./generated/accounts/agentSpendOverlay.js";
|
|
13
13
|
import { decodeAgentVault, } from "./generated/accounts/agentVault.js";
|
|
14
|
-
import
|
|
14
|
+
// M1-04: InstructionConstraints account import removed (constraints engine deleted).
|
|
15
15
|
import { decodePolicyConfig, } from "./generated/accounts/policyConfig.js";
|
|
16
16
|
import { decodeSpendTracker, } from "./generated/accounts/spendTracker.js";
|
|
17
|
-
import
|
|
17
|
+
// EscrowDeposit import REMOVED in v2 revamp Stage 1.
|
|
18
18
|
import { getSessionAuthorityDecoder, getSessionAuthoritySize, } from "./generated/accounts/sessionAuthority.js";
|
|
19
19
|
import { fetchMaybePendingPolicyUpdate, } from "./generated/accounts/pendingPolicyUpdate.js";
|
|
20
|
-
import { fetchMaybePendingConstraintsUpdate, } from "./generated/accounts/pendingConstraintsUpdate.js";
|
|
21
20
|
import { SigilSdkDomainError } from "./errors/sdk.js";
|
|
22
21
|
import { SIGIL_ERROR__SDK__VAULT_NOT_FOUND, SIGIL_ERROR__SDK__POLICY_NOT_FOUND, } from "./errors/codes.js";
|
|
23
|
-
import { getVaultPDA, getPolicyPDA, getTrackerPDA, getAgentOverlayPDA,
|
|
22
|
+
import { getVaultPDA, getVaultPdaFromState, getPolicyPDA, getTrackerPDA, getAgentOverlayPDA, getPendingPolicyPDA, } from "./resolve-accounts.js";
|
|
24
23
|
import { EPOCH_DURATION, NUM_EPOCHS, OVERLAY_EPOCH_DURATION, OVERLAY_NUM_EPOCHS, SIGIL_PROGRAM_ADDRESS, ROLLING_WINDOW_SECONDS, U64_MAX, USDC_MINT_DEVNET, USDC_MINT_MAINNET, USDT_MINT_DEVNET, USDT_MINT_MAINNET, } from "./types.js";
|
|
25
24
|
import { deriveAta } from "./tokens.js";
|
|
26
25
|
import { formatUsd } from "./formatting.js";
|
|
@@ -247,21 +246,20 @@ export async function resolveVaultState(rpc, vault, agent, nowUnix, network) {
|
|
|
247
246
|
const usdcMint = net === "devnet" ? USDC_MINT_DEVNET : USDC_MINT_MAINNET;
|
|
248
247
|
const usdtMint = net === "devnet" ? USDT_MINT_DEVNET : USDT_MINT_MAINNET;
|
|
249
248
|
// 1. Derive PDAs + stablecoin ATAs in parallel
|
|
250
|
-
|
|
249
|
+
// M1-04: constraints PDA removed from the resolve flow (constraints engine gone).
|
|
250
|
+
const [[policyPda], [trackerPda], [overlayPda], vaultUsdcAta, vaultUsdtAta] = await Promise.all([
|
|
251
251
|
getPolicyPDA(vault),
|
|
252
252
|
getTrackerPDA(vault),
|
|
253
253
|
getAgentOverlayPDA(vault, 0),
|
|
254
|
-
getConstraintsPDA(vault),
|
|
255
254
|
deriveAta(vault, usdcMint),
|
|
256
255
|
deriveAta(vault, usdtMint),
|
|
257
256
|
]);
|
|
258
|
-
// 2. Single batch fetch (one RPC round-trip —
|
|
257
|
+
// 2. Single batch fetch (one RPC round-trip — 6 accounts)
|
|
259
258
|
const encoded = await fetchEncodedAccounts(rpc, [
|
|
260
259
|
vault,
|
|
261
260
|
policyPda,
|
|
262
261
|
trackerPda,
|
|
263
262
|
overlayPda,
|
|
264
|
-
constraintsPda,
|
|
265
263
|
vaultUsdcAta,
|
|
266
264
|
vaultUsdtAta,
|
|
267
265
|
]);
|
|
@@ -282,10 +280,7 @@ export async function resolveVaultState(rpc, vault, agent, nowUnix, network) {
|
|
|
282
280
|
const overlay = decodedOverlay.exists
|
|
283
281
|
? decodedOverlay.data
|
|
284
282
|
: null;
|
|
285
|
-
|
|
286
|
-
const constraints = decodedConstraints.exists
|
|
287
|
-
? decodedConstraints.data
|
|
288
|
-
: null;
|
|
283
|
+
// M1-04: constraints decode removed. ATAs are now encoded[4]/encoded[5].
|
|
289
284
|
// 4. Timestamp
|
|
290
285
|
const timestamp = nowUnix ?? BigInt(Math.floor(Date.now() / 1000));
|
|
291
286
|
// 5. Global budget
|
|
@@ -368,7 +363,7 @@ export async function resolveVaultState(rpc, vault, agent, nowUnix, network) {
|
|
|
368
363
|
// substituting zero.
|
|
369
364
|
let usdcBalance = 0n;
|
|
370
365
|
let usdtBalance = 0n;
|
|
371
|
-
const usdcEncoded = encoded[
|
|
366
|
+
const usdcEncoded = encoded[4];
|
|
372
367
|
if (usdcEncoded?.exists) {
|
|
373
368
|
const usdcData = usdcEncoded.data;
|
|
374
369
|
if (usdcData && usdcData.length >= 72) {
|
|
@@ -382,7 +377,7 @@ export async function resolveVaultState(rpc, vault, agent, nowUnix, network) {
|
|
|
382
377
|
}
|
|
383
378
|
}
|
|
384
379
|
}
|
|
385
|
-
const usdtEncoded = encoded[
|
|
380
|
+
const usdtEncoded = encoded[5];
|
|
386
381
|
if (usdtEncoded?.exists) {
|
|
387
382
|
const usdtData = usdtEncoded.data;
|
|
388
383
|
if (usdtData && usdtData.length >= 72) {
|
|
@@ -396,7 +391,6 @@ export async function resolveVaultState(rpc, vault, agent, nowUnix, network) {
|
|
|
396
391
|
policy: decodedPolicy.data,
|
|
397
392
|
tracker,
|
|
398
393
|
overlay,
|
|
399
|
-
constraints,
|
|
400
394
|
globalBudget,
|
|
401
395
|
agentBudget,
|
|
402
396
|
allAgentBudgets,
|
|
@@ -497,10 +491,35 @@ export async function resolveVaultBudget(rpc, vault, agent, nowUnix) {
|
|
|
497
491
|
}
|
|
498
492
|
return { globalBudget, agentBudget };
|
|
499
493
|
}
|
|
500
|
-
/**
|
|
501
|
-
|
|
494
|
+
/**
|
|
495
|
+
* AgentVault account size (bytes) — used for the GPA `dataSize` filter.
|
|
496
|
+
*
|
|
497
|
+
* Pinned to 676 to match the on-chain layout
|
|
498
|
+
* (`programs/sigil/src/state/vault.rs` — `AgentVault::SIZE == 676`
|
|
499
|
+
* with compile-time assertion; F-Q6 2026-06-02 added owner_type +1). The layout adds 32 bytes
|
|
500
|
+
* for `vault_authority` at the tail; pre-LBL-01 vaults at 634 bytes no
|
|
501
|
+
* longer exist on-chain (Phase 10 will redeploy under a new program ID
|
|
502
|
+
* with fresh state).
|
|
503
|
+
*
|
|
504
|
+
* Cross-cutting regression hunt fix (audit 2026-05-21): previously held
|
|
505
|
+
* the stale 634 value, which caused `findVaultsByOwner` to silently return
|
|
506
|
+
* `[]` on every call against a real RPC (the mock RPC used by the test
|
|
507
|
+
* suite ignores filters, masking the regression). Closed by promoting the
|
|
508
|
+
* documented invariant to live code.
|
|
509
|
+
*/
|
|
510
|
+
const AGENT_VAULT_SIZE = 676;
|
|
502
511
|
/** Byte offset of the `vault_id` field in AgentVault (after 8 disc + 32 owner). */
|
|
503
512
|
const VAULT_ID_OFFSET = 40;
|
|
513
|
+
/**
|
|
514
|
+
* Byte offset of the `vault_authority` field in AgentVault — the Phase 8
|
|
515
|
+
* LBL-01 `Pubkey` (32 bytes) remains the FINAL 32 bytes of the layout
|
|
516
|
+
* (F-Q6 2026-06-02 inserted owner_type BEFORE it precisely to preserve this),
|
|
517
|
+
* so the field sits at `AgentVault::SIZE - 32 = 644`. Used by H-5 to re-derive
|
|
518
|
+
* vault PDAs from the IMMUTABLE seed key (which survives
|
|
519
|
+
* `accept_ownership_transfer`) rather than the mutable `vault.owner`
|
|
520
|
+
* byte at offset 8.
|
|
521
|
+
*/
|
|
522
|
+
const VAULT_AUTHORITY_OFFSET = 644;
|
|
504
523
|
const u64Decoder = getU64Decoder();
|
|
505
524
|
/**
|
|
506
525
|
* Find all vaults owned by a wallet address.
|
|
@@ -556,15 +575,93 @@ function base64ToUint8(base64) {
|
|
|
556
575
|
}
|
|
557
576
|
return bytes;
|
|
558
577
|
}
|
|
578
|
+
/**
|
|
579
|
+
* Strategy B: PDA probing fallback — derive `cappedProbe` candidate vault
|
|
580
|
+
* PDAs (ids `0..cappedProbe-1`) seeded with `owner` and batch-fetch them.
|
|
581
|
+
*
|
|
582
|
+
* H-5 note: probing seeds with the CALLER's `owner` only finds vaults
|
|
583
|
+
* for which `vault.vault_authority == owner` — i.e. vaults the caller
|
|
584
|
+
* originally initialized. Vaults the caller received via
|
|
585
|
+
* `accept_ownership_transfer` are invisible to probing because the
|
|
586
|
+
* immutable seed-key still belongs to the original initializer; there
|
|
587
|
+
* is no way to probe with an unknown seed-key. RPCs that support
|
|
588
|
+
* `getProgramAccounts` (Strategy A) handle the transferred case
|
|
589
|
+
* correctly via the H-5 `vault_authority` re-derivation.
|
|
590
|
+
*
|
|
591
|
+
* ADDRESS-authoritative, not DATA-verified: every returned address is
|
|
592
|
+
* re-derived client-side from `(owner, vaultId)`, so the RPC cannot point
|
|
593
|
+
* the caller at an arbitrary fabricated address — a returned `vaultAddress`
|
|
594
|
+
* is always the genuine vault PDA for `(owner, vaultId)`. Unlike Strategy A,
|
|
595
|
+
* this path does NOT decode the account body (no discriminator / owner /
|
|
596
|
+
* `vault_authority` re-check). A malicious or buggy RPC can therefore still
|
|
597
|
+
* lie about EXISTENCE — report a real PDA absent, or report a non-existent
|
|
598
|
+
* PDA present with garbage bytes. The address can't be spoofed; the presence
|
|
599
|
+
* bit can. Callers that need the body validated must re-fetch and decode:
|
|
600
|
+
* `discoverVaults` does exactly this via `fetchMaybeAgentVault`, dropping any
|
|
601
|
+
* locator whose on-chain account fails the discriminator/layout decode — so a
|
|
602
|
+
* presence-lie cannot survive into a `DiscoveredVault`.
|
|
603
|
+
*/
|
|
604
|
+
async function probeVaultsByOwner(rpc, owner, cappedProbe) {
|
|
605
|
+
if (cappedProbe === 0)
|
|
606
|
+
return [];
|
|
607
|
+
const pdas = await Promise.all(Array.from({ length: cappedProbe }, async (_, i) => {
|
|
608
|
+
const [pda] = await getVaultPDA(owner, BigInt(i));
|
|
609
|
+
return { address: pda, vaultId: BigInt(i) };
|
|
610
|
+
}));
|
|
611
|
+
// Batch fetch via getMultipleAccounts (cappedProbe <= 100-account limit)
|
|
612
|
+
const addresses = pdas.map((p) => p.address);
|
|
613
|
+
const result = await rpc
|
|
614
|
+
.getMultipleAccounts(addresses, { encoding: "base64" })
|
|
615
|
+
.send();
|
|
616
|
+
const discovered = [];
|
|
617
|
+
for (let i = 0; i < result.value.length; i++) {
|
|
618
|
+
if (result.value[i] !== null) {
|
|
619
|
+
discovered.push({
|
|
620
|
+
vaultAddress: pdas[i].address,
|
|
621
|
+
vaultId: pdas[i].vaultId,
|
|
622
|
+
});
|
|
623
|
+
}
|
|
624
|
+
}
|
|
625
|
+
// Already sorted by vaultId (probed sequentially 0..cappedProbe)
|
|
626
|
+
return discovered;
|
|
627
|
+
}
|
|
559
628
|
export async function findVaultsByOwner(rpc, owner, maxProbe = 20) {
|
|
560
629
|
// Cap maxProbe to prevent excessive PDA derivation (V-3: DoS mitigation)
|
|
561
630
|
const cappedProbe = Math.min(Math.max(0, maxProbe), 100);
|
|
562
631
|
const ownerBase64 = uint8ToBase64(addressEncoder.encode(owner));
|
|
563
|
-
// Strategy A: getProgramAccounts with memcmp filter
|
|
632
|
+
// Strategy A: getProgramAccounts with memcmp filter.
|
|
633
|
+
//
|
|
634
|
+
// H-5 (pre-redeploy audit 2026-05-21): the `memcmp` at offset 8 filters
|
|
635
|
+
// by the MUTABLE `vault.owner` byte field, so vaults the caller
|
|
636
|
+
// currently owns appear here (including those received via
|
|
637
|
+
// `accept_ownership_transfer`). The V-1 re-derivation below MUST use
|
|
638
|
+
// the IMMUTABLE Phase 8 LBL-01 seed-key `vault.vault_authority`
|
|
639
|
+
// (offset 644), NOT the current `owner` — passing `owner` for a
|
|
640
|
+
// transferred vault produces a PDA address that doesn't match the
|
|
641
|
+
// entry's `pubkey` and the entry would be silently dropped.
|
|
642
|
+
//
|
|
643
|
+
// To get both `vault_id` AND `vault_authority` in one RPC round we
|
|
644
|
+
// drop the `dataSlice` and parse both fields from the full account
|
|
645
|
+
// body. Bandwidth cost is bounded — vaults per owner are O(1) in
|
|
646
|
+
// practice and the full body is ~675 bytes.
|
|
647
|
+
//
|
|
648
|
+
// A devnet / public RPC that restricts `getProgramAccounts` for a
|
|
649
|
+
// high-account-count program does NOT always error — it can silently
|
|
650
|
+
// return `[]` (the program is excluded from the secondary index, or the
|
|
651
|
+
// index is transiently inconsistent). That empty result is
|
|
652
|
+
// indistinguishable, from Strategy A alone, from a genuinely vault-less
|
|
653
|
+
// owner. So when Strategy A yields zero verified vaults we DON'T return
|
|
654
|
+
// `[]` outright — we fall through to the PDA-probing fallback (Strategy B
|
|
655
|
+
// below). Probing is authoritative for low ids (`0..cappedProbe`) and
|
|
656
|
+
// cannot fabricate an address, so it can only ADD real vaults the
|
|
657
|
+
// restricted gPA hid; it never masks a genuinely-empty owner (probing
|
|
658
|
+
// returns `[]` for one). This closes the silent under-reporting bug where
|
|
659
|
+
// a restricted RPC made `discoverVaults` report "no vaults" for an owner
|
|
660
|
+
// that has them (devnet CI flake 2026-06-11). Only a NON-empty Strategy A
|
|
661
|
+
// result short-circuits (returns early) before probing.
|
|
564
662
|
try {
|
|
565
663
|
const accounts = await rpc
|
|
566
664
|
.getProgramAccounts(SIGIL_PROGRAM_ADDRESS, {
|
|
567
|
-
dataSlice: { offset: VAULT_ID_OFFSET, length: 8 },
|
|
568
665
|
filters: [
|
|
569
666
|
{ dataSize: BigInt(AGENT_VAULT_SIZE) },
|
|
570
667
|
{
|
|
@@ -578,22 +675,44 @@ export async function findVaultsByOwner(rpc, owner, maxProbe = 20) {
|
|
|
578
675
|
encoding: "base64",
|
|
579
676
|
})
|
|
580
677
|
.send();
|
|
581
|
-
|
|
678
|
+
// H-5 verification: parse `vault_id` at offset 40 AND
|
|
679
|
+
// `vault_authority` at offset 644 from each returned account, then
|
|
680
|
+
// re-derive the PDA from `vault_authority` (NOT `owner`). Drop any
|
|
681
|
+
// entry whose body is too short to contain `vault_authority` (a
|
|
682
|
+
// malformed / truncated response or a malicious RPC).
|
|
683
|
+
const parsed = accounts.flatMap((entry) => {
|
|
582
684
|
const raw = base64ToUint8(entry.account.data[0]);
|
|
583
|
-
|
|
584
|
-
|
|
685
|
+
if (raw.length < VAULT_AUTHORITY_OFFSET + 32)
|
|
686
|
+
return [];
|
|
687
|
+
const vaultId = u64Decoder.decode(raw.subarray(VAULT_ID_OFFSET));
|
|
688
|
+
const vaultAuthority = addressDecoder.decode(raw.subarray(VAULT_AUTHORITY_OFFSET, VAULT_AUTHORITY_OFFSET + 32));
|
|
689
|
+
return [{ vaultAddress: entry.pubkey, vaultId, vaultAuthority }];
|
|
585
690
|
});
|
|
586
|
-
// V-1
|
|
587
|
-
//
|
|
691
|
+
// V-1 + H-5: re-derive PDAs from `vault_authority` (the immutable
|
|
692
|
+
// PDA seed) to verify RPC-returned pubkeys are legitimate vault
|
|
693
|
+
// addresses. A malicious RPC could otherwise return fabricated
|
|
694
|
+
// pubkeys that don't correspond to real vault PDAs.
|
|
588
695
|
const verified = [];
|
|
589
696
|
for (const entry of parsed) {
|
|
590
|
-
const [expectedPda] = await
|
|
697
|
+
const [expectedPda] = await getVaultPdaFromState({
|
|
698
|
+
vaultAuthority: entry.vaultAuthority,
|
|
699
|
+
vaultId: entry.vaultId,
|
|
700
|
+
});
|
|
591
701
|
if (expectedPda === entry.vaultAddress) {
|
|
592
|
-
verified.push(
|
|
702
|
+
verified.push({
|
|
703
|
+
vaultAddress: entry.vaultAddress,
|
|
704
|
+
vaultId: entry.vaultId,
|
|
705
|
+
});
|
|
593
706
|
}
|
|
594
707
|
}
|
|
595
|
-
//
|
|
596
|
-
|
|
708
|
+
// Strategy A succeeded with results — return them sorted. Only when
|
|
709
|
+
// it yielded ZERO do we fall through to the probing safety net below
|
|
710
|
+
// (a restricted RPC can silently return [] for an owner with vaults).
|
|
711
|
+
if (verified.length > 0) {
|
|
712
|
+
return verified.sort((a, b) => a.vaultId < b.vaultId ? -1 : a.vaultId > b.vaultId ? 1 : 0);
|
|
713
|
+
}
|
|
714
|
+
// verified.length === 0 — fall through to the Strategy B probing safety
|
|
715
|
+
// net (a restricted RPC can silently return [] for an owner with vaults).
|
|
597
716
|
}
|
|
598
717
|
catch (err) {
|
|
599
718
|
// Rate limits must propagate — never fall back to slow probing under rate limit
|
|
@@ -608,67 +727,21 @@ export async function findVaultsByOwner(rpc, owner, maxProbe = 20) {
|
|
|
608
727
|
throw err;
|
|
609
728
|
}
|
|
610
729
|
}
|
|
611
|
-
// Strategy B: PDA probing fallback
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
//
|
|
617
|
-
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
if (result.value[i] !== null) {
|
|
624
|
-
discovered.push({
|
|
625
|
-
vaultAddress: pdas[i].address,
|
|
626
|
-
vaultId: pdas[i].vaultId,
|
|
627
|
-
});
|
|
628
|
-
}
|
|
629
|
-
}
|
|
630
|
-
// Already sorted by vaultId (probed sequentially 0..maxProbe)
|
|
631
|
-
return discovered;
|
|
632
|
-
}
|
|
633
|
-
// ─── Escrow Discovery ──────────────────────────────────────────────────────
|
|
634
|
-
/** Escrow account size (bytes) — used for dataSize filter. */
|
|
635
|
-
const ESCROW_DEPOSIT_SIZE = 170;
|
|
636
|
-
/**
|
|
637
|
-
* Find all escrow deposits where this vault is the source.
|
|
638
|
-
* Uses getProgramAccounts with memcmp on source_vault field (offset 8).
|
|
639
|
-
*/
|
|
640
|
-
export async function findEscrowsByVault(rpc, sourceVault) {
|
|
641
|
-
const vaultBase64 = uint8ToBase64(addressEncoder.encode(sourceVault));
|
|
642
|
-
try {
|
|
643
|
-
const accounts = await rpc
|
|
644
|
-
.getProgramAccounts(SIGIL_PROGRAM_ADDRESS, {
|
|
645
|
-
filters: [
|
|
646
|
-
{ dataSize: BigInt(ESCROW_DEPOSIT_SIZE) },
|
|
647
|
-
{
|
|
648
|
-
memcmp: {
|
|
649
|
-
offset: BigInt(8),
|
|
650
|
-
bytes: vaultBase64,
|
|
651
|
-
encoding: "base64",
|
|
652
|
-
},
|
|
653
|
-
},
|
|
654
|
-
],
|
|
655
|
-
encoding: "base64",
|
|
656
|
-
})
|
|
657
|
-
.send();
|
|
658
|
-
// Decode directly from GPA response (avoids double RPC)
|
|
659
|
-
const decoder = getEscrowDepositDecoder();
|
|
660
|
-
return accounts.map((entry) => {
|
|
661
|
-
const raw = base64ToUint8(entry.account.data[0]);
|
|
662
|
-
const data = decoder.decode(raw);
|
|
663
|
-
return { ...data, address: entry.pubkey };
|
|
664
|
-
});
|
|
665
|
-
}
|
|
666
|
-
catch (err) {
|
|
667
|
-
if (!isGpaUnsupportedError(err))
|
|
668
|
-
throw err;
|
|
669
|
-
return []; // GPA not supported — return empty
|
|
670
|
-
}
|
|
730
|
+
// Strategy B: PDA probing fallback. Reached only when Strategy A produced
|
|
731
|
+
// ZERO usable vaults — either (a) it threw a gpa-unsupported error (handled
|
|
732
|
+
// in the catch above), or (b) it ran but returned an empty verified set
|
|
733
|
+
// (possibly a restricted RPC silently returning [] for an owner that
|
|
734
|
+
// actually has vaults). In BOTH cases Strategy A contributed nothing, so
|
|
735
|
+
// probing's result is the whole answer — there is nothing to merge.
|
|
736
|
+
//
|
|
737
|
+
// Probing only covers low ids (`0..cappedProbe`): a high-id vault hidden by
|
|
738
|
+
// a restricted gPA stays hidden. That is an honest limitation (probing
|
|
739
|
+
// cannot enumerate an unbounded id space), not a silent corruption — a
|
|
740
|
+
// genuinely vault-less owner still gets [].
|
|
741
|
+
return probeVaultsByOwner(rpc, owner, cappedProbe);
|
|
671
742
|
}
|
|
743
|
+
// Escrow discovery (findEscrowsByVault, ESCROW_DEPOSIT_SIZE) REMOVED in v2
|
|
744
|
+
// revamp Stage 1 — escrow feature deleted.
|
|
672
745
|
// ─── Session Discovery ─────────────────────────────────────────────────────
|
|
673
746
|
/** SessionAuthority account size (bytes) — sourced from generated code to avoid drift. */
|
|
674
747
|
const SESSION_AUTHORITY_SIZE = getSessionAuthoritySize();
|
|
@@ -718,13 +791,5 @@ export async function getPendingPolicyForVault(rpc, vault) {
|
|
|
718
791
|
const result = await fetchMaybePendingPolicyUpdate(rpc, pda);
|
|
719
792
|
return result.exists ? result.data : null;
|
|
720
793
|
}
|
|
721
|
-
|
|
722
|
-
* Fetch the pending constraints update for a vault, if any.
|
|
723
|
-
* Returns null if no pending update exists.
|
|
724
|
-
*/
|
|
725
|
-
export async function getPendingConstraintsForVault(rpc, vault) {
|
|
726
|
-
const [pda] = await getPendingConstraintsPDA(vault);
|
|
727
|
-
const result = await fetchMaybePendingConstraintsUpdate(rpc, pda);
|
|
728
|
-
return result.exists ? result.data : null;
|
|
729
|
-
}
|
|
794
|
+
// M1-04: getPendingConstraintsForVault removed with the constraints engine.
|
|
730
795
|
//# sourceMappingURL=state-resolver.js.map
|