npm - @usesigil/kit - Versions diffs - 0.2.2 → 0.2.3 - Mend

@usesigil/kit 0.2.2 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (265) hide show

package/dist/dashboard/reads.js CHANGED Viewed

@@ -4,6 +4,8 @@
  * Each function is stateless (fetches fresh from RPC), composes existing
  * SDK functions, and returns raw values with toJSON() for MCP serialization.
  */
+import { isSome } from "@solana/kit";
+import { toDxError } from "./errors.js";
 import { resolveVaultStateForOwner, getSpendingHistory, getPendingPolicyForVault, } from "../state-resolver.js";
 import { getVaultPnL } from "../balance-tracker.js";
 import { getSecurityPosture } from "../security-analytics.js";
@@ -42,209 +44,273 @@ function serializeBigints(obj) {
 }
 // ─── getVaultState ───────────────────────────────────────────────────────────
 export async function getVaultState(rpc, vault, network) {
-    const [state, pnl] = await Promise.all([
-        resolveVaultStateForOwner(rpc, vault, undefined, toNet(network)),
-        getVaultPnL(rpc, vault, toNet(network)),
-    ]);
-    const posture = getSecurityPosture(asVaultState(state));
-    const v = state.vault;
-    const bal = state.stablecoinBalances;
-    const total = bal.usdc + bal.usdt;
-    const tokens = [
-        ...(bal.usdc > 0n ? [{ mint: "USDC", amount: bal.usdc, decimals: 6 }] : []),
-        ...(bal.usdt > 0n ? [{ mint: "USDT", amount: bal.usdt, decimals: 6 }] : []),
-    ];
-    const checks = posture.checks.map((c) => ({
-        name: c.id,
-        passed: c.passed,
-    }));
-    const level = posture.criticalFailures.length > 0
-        ? "critical"
-        : posture.failCount > 0
-            ? "elevated"
-            : "healthy";
-    return {
-        vault: {
-            address: vault,
-            status: v.status === 0 ? "active" : v.status === 1 ? "frozen" : "closed",
-            owner: v.owner,
-            agentCount: v.agents?.length ?? 0,
-            openPositions: v.openPositions,
-            totalVolume: v.totalVolume,
-            totalFees: v.totalFeesCollected,
-        },
-        balance: { total, tokens },
-        pnl: {
-            percent: Number.isFinite(pnl.pnlPercent) ? pnl.pnlPercent : 0,
-            absolute: pnl.pnl,
-        },
-        health: { level, alertCount: posture.failCount, checks },
-        toJSON: () => ({
+    try {
+        const [state, pnl] = await Promise.all([
+            resolveVaultStateForOwner(rpc, vault, undefined, toNet(network)),
+            getVaultPnL(rpc, vault, toNet(network)),
+        ]);
+        const posture = getSecurityPosture(asVaultState(state));
+        const v = state.vault;
+        const bal = state.stablecoinBalances;
+        const total = bal.usdc + bal.usdt;
+        const tokens = [
+            ...(bal.usdc > 0n
+                ? [{ mint: "USDC", amount: bal.usdc, decimals: 6 }]
+                : []),
+            ...(bal.usdt > 0n
+                ? [{ mint: "USDT", amount: bal.usdt, decimals: 6 }]
+                : []),
+        ];
+        const checks = posture.checks.map((c) => ({
+            name: c.id,
+            passed: c.passed,
+        }));
+        const level = posture.criticalFailures.length > 0
+            ? "critical"
+            : posture.failCount > 0
+                ? "elevated"
+                : "healthy";
+        return {
             vault: {
                 address: vault,
-                status: (v.status === 0
-                    ? "active"
-                    : v.status === 1
-                        ? "frozen"
-                        : "closed"),
+                status: v.status === 0 ? "active" : v.status === 1 ? "frozen" : "closed",
                 owner: v.owner,
                 agentCount: v.agents?.length ?? 0,
                 openPositions: v.openPositions,
-                totalVolume: bs(v.totalVolume),
-                totalFees: bs(v.totalFeesCollected),
-            },
-            balance: {
-                total: bs(total),
-                tokens: tokens.map((t) => ({ ...t, amount: bs(t.amount) })),
+                totalVolume: v.totalVolume,
+                totalFees: v.totalFeesCollected,
             },
+            balance: { total, tokens },
             pnl: {
                 percent: Number.isFinite(pnl.pnlPercent) ? pnl.pnlPercent : 0,
-                absolute: bs(pnl.pnl),
+                absolute: pnl.pnl,
             },
             health: { level, alertCount: posture.failCount, checks },
-        }),
-    };
+            toJSON: () => ({
+                vault: {
+                    address: vault,
+                    status: (v.status === 0
+                        ? "active"
+                        : v.status === 1
+                            ? "frozen"
+                            : "closed"),
+                    owner: v.owner,
+                    agentCount: v.agents?.length ?? 0,
+                    openPositions: v.openPositions,
+                    totalVolume: bs(v.totalVolume),
+                    totalFees: bs(v.totalFeesCollected),
+                },
+                balance: {
+                    total: bs(total),
+                    tokens: tokens.map((t) => ({ ...t, amount: bs(t.amount) })),
+                },
+                pnl: {
+                    percent: Number.isFinite(pnl.pnlPercent) ? pnl.pnlPercent : 0,
+                    absolute: bs(pnl.pnl),
+                },
+                health: { level, alertCount: posture.failCount, checks },
+            }),
+        };
+    }
+    catch (err) {
+        throw toDxError(err, "OwnerClient.getVaultState");
+    }
 }
 // ─── getAgents ───────────────────────────────────────────────────────────────
 export async function getAgents(rpc, vault, network) {
-    const state = await resolveVaultStateForOwner(rpc, vault, undefined, toNet(network));
-    const vaultAgents = state.vault.agents;
-    if (!vaultAgents || vaultAgents.length === 0)
-        return [];
-    return vaultAgents.map((entry) => {
-        const addr = entry.pubkey;
-        const profile = getAgentProfile(asVaultState(state), addr);
-        const budget = state.allAgentBudgets.get(addr);
-        const spentAmt = budget?.spent24h ?? 0n;
-        const capAmt = budget?.cap ?? 0n;
-        const pct = capAmt > 0n ? Number((spentAmt * 10000n) / capAmt) / 100 : 0;
-        return {
-            address: addr,
-            status: (profile?.paused ? "paused" : "active"),
-            permissions: profile?.permissionStrings ?? [],
-            permissionBitmask: profile?.permissions ?? 0n,
-            spending: { amount: spentAmt, limit: capAmt, percent: pct },
-            lastActionType: "",
-            lastActionProtocol: "",
-            lastActionTimestamp: 0,
-            blockedCount24h: 0,
-            toJSON: () => ({
-                address: addr,
-                status: profile?.paused ? "paused" : "active",
-                permissions: profile?.permissionStrings ?? [],
-                permissionBitmask: bs(profile?.permissions ?? 0n),
-                spending: { amount: bs(spentAmt), limit: bs(capAmt), percent: pct },
-                lastActionType: "",
-                lastActionProtocol: "",
-                lastActionTimestamp: 0,
-                blockedCount24h: 0,
+    try {
+        // Fetch vault state and activity feed in parallel. Single getVaultActivity
+        // call is shared across all agents (N+1 prevention). Activity is enrichment,
+        // so a fetch failure degrades gracefully to empty last-action fields.
+        // Window: 100 most recent signatures — large enough to surface last action
+        // for low-volume agents without inflating RPC cost.
+        const [state, activity] = await Promise.all([
+            resolveVaultStateForOwner(rpc, vault, undefined, toNet(network)),
+            // Fix for docs/SECURITY-FINDINGS-2026-04-07.md Finding 5: the
+            // previous `.catch(() => [])` swallowed activity-fetch failures
+            // silently. If Helius started rate-limiting getSignaturesForAddress,
+            // every dashboard call would show "last action: never" for every
+            // agent forever and nobody would notice. Graceful degradation is
+            // still the right behavior (activity is enrichment, not core), but
+            // it must be observable — console.warn is the minimum bar.
+            getVaultActivity(rpc, vault, 100, toNet(network)).catch((err) => {
+                // eslint-disable-next-line no-console
+                console.warn("[OwnerClient.getAgents] activity enrichment failed — falling back to empty last-action fields:", err instanceof Error ? err.message : String(err));
+                return [];
             }),
-        };
-    });
+        ]);
+        const vaultAgents = state.vault.agents;
+        if (!vaultAgents || vaultAgents.length === 0)
+            return [];
+        const blockedCutoffMs = Date.now() - 24 * 3600 * 1000;
+        return vaultAgents.map((entry) => {
+            const addr = entry.pubkey;
+            const profile = getAgentProfile(asVaultState(state), addr);
+            const budget = state.allAgentBudgets.get(addr);
+            const spentAmt = budget?.spent24h ?? 0n;
+            const capAmt = budget?.cap ?? 0n;
+            const pct = capAmt > 0n ? Number((spentAmt * 10000n) / capAmt) / 100 : 0;
+            // Derive last-action and blocked-count fields from the shared activity
+            // feed. Items are newest-first (getSignaturesForAddress ordering).
+            const agentActivity = activity.filter((item) => item.agent !== null && item.agent === addr);
+            const last = agentActivity[0];
+            const lastActionType = last
+                ? mapCategory(last.category ?? "unknown", last.eventType ?? "", last.actionType ?? undefined)
+                : "";
+            const lastActionProtocol = last?.protocolName ?? "";
+            const lastActionTimestamp = last ? last.timestamp * 1000 : 0;
+            const blockedCount24h = agentActivity.filter((item) => !item.success && item.timestamp * 1000 >= blockedCutoffMs).length;
+            return {
+                address: addr,
+                status: (profile?.paused ? "paused" : "active"),
+                capabilityLabel: profile?.capabilityLabel ?? "Disabled",
+                capability: profile?.capability ?? 0,
+                spending: { amount: spentAmt, limit: capAmt, percent: pct },
+                lastActionType,
+                lastActionProtocol,
+                lastActionTimestamp,
+                blockedCount24h,
+                toJSON: () => ({
+                    address: addr,
+                    status: profile?.paused ? "paused" : "active",
+                    capabilityLabel: profile?.capabilityLabel ?? "Disabled",
+                    capability: profile?.capability ?? 0,
+                    spending: { amount: bs(spentAmt), limit: bs(capAmt), percent: pct },
+                    lastActionType,
+                    lastActionProtocol,
+                    lastActionTimestamp,
+                    blockedCount24h,
+                }),
+            };
+        });
+    }
+    catch (err) {
+        throw toDxError(err, "OwnerClient.getAgents");
+    }
 }
 // ─── getSpending ─────────────────────────────────────────────────────────────
 export async function getSpending(rpc, vault, network) {
-    const state = await resolveVaultStateForOwner(rpc, vault, undefined, toNet(network));
-    const breakdown = getSpendingBreakdown(asVaultState(state));
-    const nowUnix = BigInt(Math.floor(Date.now() / 1000));
-    const epochs = getSpendingHistory(state.tracker, nowUnix);
-    const chart = epochs.map((e) => ({
-        time: new Date(e.timestamp * 1000).toISOString(),
-        amount: Number(e.usdAmount),
-    }));
-    const { spent24h: spent, cap, remaining } = state.globalBudget;
-    const percent = cap > 0n ? Number((spent * 10000n) / cap) / 100 : 0;
-    const velocityPerMs = spent > 0n ? Number(spent) / (24 * 3600 * 1000) : 0;
-    const rundown = velocityPerMs > 0 && remaining > 0n
-        ? Math.floor(Number(remaining) / velocityPerMs)
-        : 0;
-    const protoBreak = breakdown.byProtocol.map((p) => ({
-        name: resolveProtocolName(p.protocol),
-        programId: p.protocol,
-        amount: p.spent24h,
-        percent: p.utilization,
-    }));
-    return {
-        global: { today: spent, cap, remaining, percent, rundownMs: rundown },
-        chart,
-        protocolBreakdown: protoBreak,
-        toJSON: () => ({
-            global: {
-                today: bs(spent),
-                cap: bs(cap),
-                remaining: bs(remaining),
-                percent,
-                rundownMs: rundown,
-            },
+    try {
+        const state = await resolveVaultStateForOwner(rpc, vault, undefined, toNet(network));
+        const breakdown = getSpendingBreakdown(asVaultState(state));
+        const nowUnix = BigInt(Math.floor(Date.now() / 1000));
+        const epochs = getSpendingHistory(state.tracker, nowUnix);
+        const chart = epochs.map((e) => ({
+            time: new Date(e.timestamp * 1000).toISOString(),
+            amount: Number(e.usdAmount) / 1_000_000,
+        }));
+        const { spent24h: spent, cap, remaining } = state.globalBudget;
+        const percent = cap > 0n ? Number((spent * 10000n) / cap) / 100 : 0;
+        const velocityPerMs = spent > 0n ? Number(spent) / (24 * 3600 * 1000) : 0;
+        const rundown = velocityPerMs > 0 && remaining > 0n
+            ? Math.floor(Number(remaining) / velocityPerMs)
+            : 0;
+        const protoBreak = breakdown.byProtocol.map((p) => ({
+            name: resolveProtocolName(p.protocol),
+            programId: p.protocol,
+            amount: p.spent24h,
+            percent: p.utilization,
+        }));
+        return {
+            global: { today: spent, cap, remaining, percent, rundownMs: rundown },
             chart,
-            protocolBreakdown: protoBreak.map((p) => ({
-                ...p,
-                amount: bs(p.amount),
-            })),
-        }),
-    };
+            protocolBreakdown: protoBreak,
+            toJSON: () => ({
+                global: {
+                    today: bs(spent),
+                    cap: bs(cap),
+                    remaining: bs(remaining),
+                    percent,
+                    rundownMs: rundown,
+                },
+                chart,
+                protocolBreakdown: protoBreak.map((p) => ({
+                    ...p,
+                    amount: bs(p.amount),
+                })),
+            }),
+        };
+    }
+    catch (err) {
+        throw toDxError(err, "OwnerClient.getSpending");
+    }
 }
 // ─── getActivity ─────────────────────────────────────────────────────────────
 export async function getActivity(rpc, vault, network, filters) {
-    const limit = filters?.limit ?? 50;
-    const items = await getVaultActivity(rpc, vault, limit, toNet(network));
-    let rows = items.map((item, i) => {
-        const cat = item.category ?? "unknown";
-        const evt = item.eventType ?? "";
-        const act = item.actionType ?? undefined;
-        const type = mapCategory(cat, evt, act);
-        const amt = item.amount ?? 0n;
-        const sig = item.txSignature || `evt-${item.timestamp}-${item.eventType}`;
-        return {
-            id: sig,
-            timestamp: item.timestamp * 1000,
-            type,
-            protocol: item.protocolName || "",
-            protocolId: item.protocol || "",
-            agent: item.agent || "",
-            amount: amt,
-            status: item.success ? "approved" : "blocked",
-            reason: item.success ? undefined : item.description,
-            txSignature: item.txSignature,
-            toJSON: () => ({
+    try {
+        const limit = filters?.limit ?? 50;
+        const items = await getVaultActivity(rpc, vault, limit, toNet(network));
+        let rows = items.map((item, i) => {
+            const cat = item.category ?? "unknown";
+            const evt = item.eventType ?? "";
+            const act = item.actionType ?? undefined;
+            const posEffect = item.positionEffect ?? undefined;
+            const type = mapCategory(cat, evt, act, posEffect);
+            const amt = item.amount ?? 0n;
+            const sig = item.txSignature || `evt-${item.timestamp}-${item.eventType}`;
+            return {
                 id: sig,
                 timestamp: item.timestamp * 1000,
                 type,
                 protocol: item.protocolName || "",
                 protocolId: item.protocol || "",
                 agent: item.agent || "",
-                amount: bs(amt),
+                amount: amt,
                 status: item.success ? "approved" : "blocked",
                 reason: item.success ? undefined : item.description,
                 txSignature: item.txSignature,
+                toJSON: () => ({
+                    id: sig,
+                    timestamp: item.timestamp * 1000,
+                    type,
+                    protocol: item.protocolName || "",
+                    protocolId: item.protocol || "",
+                    agent: item.agent || "",
+                    amount: bs(amt),
+                    status: item.success ? "approved" : "blocked",
+                    reason: item.success ? undefined : item.description,
+                    txSignature: item.txSignature,
+                }),
+            };
+        });
+        if (filters?.agent)
+            rows = rows.filter((r) => r.agent === filters.agent);
+        if (filters?.protocol)
+            rows = rows.filter((r) => r.protocolId === filters.protocol || r.protocol === filters.protocol);
+        if (filters?.status)
+            rows = rows.filter((r) => r.status === filters.status);
+        if (filters?.type)
+            rows = rows.filter((r) => r.type === filters.type);
+        if (filters?.timeRange) {
+            const cutoff = Date.now() - rangeToMs(filters.timeRange);
+            rows = rows.filter((r) => r.timestamp >= cutoff);
+        }
+        const approved = rows.filter((r) => r.status === "approved").length;
+        const blocked = rows.length - approved;
+        const volume = rows.reduce((s, r) => s + r.amount, 0n);
+        return {
+            rows,
+            summary: { total: rows.length, approved, blocked, volume },
+            toJSON: () => ({
+                rows: rows.map((r) => r.toJSON()),
+                summary: { total: rows.length, approved, blocked, volume: bs(volume) },
             }),
         };
-    });
-    if (filters?.agent)
-        rows = rows.filter((r) => r.agent === filters.agent);
-    if (filters?.protocol)
-        rows = rows.filter((r) => r.protocolId === filters.protocol || r.protocol === filters.protocol);
-    if (filters?.status)
-        rows = rows.filter((r) => r.status === filters.status);
-    if (filters?.timeRange) {
-        const cutoff = Date.now() - rangeToMs(filters.timeRange);
-        rows = rows.filter((r) => r.timestamp >= cutoff);
     }
-    const approved = rows.filter((r) => r.status === "approved").length;
-    const blocked = rows.length - approved;
-    const volume = rows.reduce((s, r) => s + r.amount, 0n);
-    return {
-        rows,
-        summary: { total: rows.length, approved, blocked, volume },
-        toJSON: () => ({
-            rows: rows.map((r) => r.toJSON()),
-            summary: { total: rows.length, approved, blocked, volume: bs(volume) },
-        }),
-    };
+    catch (err) {
+        throw toDxError(err, "OwnerClient.getActivity");
+    }
 }
-function mapCategory(cat, evt, actionType) {
+function mapCategory(cat, evt, actionType, positionEffect) {
     if (cat === "trade") {
-        // ActionAuthorized carries actionType to distinguish swap vs lend vs perps
+        // v6 events carry positionEffect ("increment"/"decrement"/"none") instead
+        // of actionType. Prefer it when present — actionType is null for post-
+        // ActionType-elimination events.
+        if (positionEffect === "increment")
+            return "open_position";
+        if (positionEffect === "decrement")
+            return "close_position";
+        // Legacy v5 event path: actionType carries swap vs lend vs perps detail.
         if (actionType) {
             const at = actionType.toLowerCase();
             if (at.includes("lend") ||
@@ -284,128 +350,173 @@ function rangeToMs(r) {
 }
 // ─── getHealth ───────────────────────────────────────────────────────────────
 export async function getHealth(rpc, vault, network) {
-    const state = await resolveVaultStateForOwner(rpc, vault, undefined, toNet(network));
-    const posture = getSecurityPosture(asVaultState(state));
-    const alerts = evaluateAlertConditions(state, vault);
-    const level = posture.criticalFailures.length > 0
-        ? "critical"
-        : posture.failCount > 0
-            ? "elevated"
-            : "healthy";
-    const critAlerts = alerts.filter((a) => a.severity === "critical");
-    const lastBlock = critAlerts.length > 0
-        ? {
-            agent: critAlerts[0].agentAddress || "",
-            reason: critAlerts[0].title,
-            amount: 0n,
-            timestamp: Date.now(),
-        }
-        : undefined;
-    const checks = posture.checks.map((c) => ({
-        name: c.id,
-        passed: c.passed,
-    }));
-    return {
-        level,
-        blockedCount24h: critAlerts.length,
-        checks,
-        lastBlock,
-        toJSON: () => ({
+    try {
+        const state = await resolveVaultStateForOwner(rpc, vault, undefined, toNet(network));
+        const posture = getSecurityPosture(asVaultState(state));
+        const alerts = evaluateAlertConditions(state, vault);
+        const level = posture.criticalFailures.length > 0
+            ? "critical"
+            : posture.failCount > 0
+                ? "elevated"
+                : "healthy";
+        const critAlerts = alerts.filter((a) => a.severity === "critical");
+        const lastBlock = critAlerts.length > 0
+            ? {
+                agent: critAlerts[0].agentAddress || "",
+                reason: critAlerts[0].title,
+                amount: 0n,
+                timestamp: Date.now(),
+            }
+            : undefined;
+        const checks = posture.checks.map((c) => ({
+            name: c.id,
+            passed: c.passed,
+        }));
+        return {
             level,
             blockedCount24h: critAlerts.length,
             checks,
-            lastBlock: lastBlock
-                ? { ...lastBlock, amount: bs(lastBlock.amount) }
-                : undefined,
-        }),
-    };
+            lastBlock,
+            toJSON: () => ({
+                level,
+                blockedCount24h: critAlerts.length,
+                checks,
+                lastBlock: lastBlock
+                    ? { ...lastBlock, amount: bs(lastBlock.amount) }
+                    : undefined,
+            }),
+        };
+    }
+    catch (err) {
+        throw toDxError(err, "OwnerClient.getHealth");
+    }
 }
 // ─── getPolicy ───────────────────────────────────────────────────────────────
 export async function getPolicy(rpc, vault, network) {
-    const [state, pendingPolicy] = await Promise.all([
-        resolveVaultStateForOwner(rpc, vault, undefined, toNet(network)),
-        getPendingPolicyForVault(rpc, vault).catch((err) => {
-            // Account-not-found is expected (no pending update) — return null.
-            // Re-throw RPC errors so they're not silently swallowed.
-            if (err?.message?.includes("could not find") ||
-                err?.message?.includes("Account does not exist")) {
-                return null;
-            }
-            throw err;
-        }),
-    ]);
-    const p = state.policy;
-    const protocols = (p.protocols || []);
-    const approvedApps = protocols.map((addr) => ({
-        name: resolveProtocolName(addr),
-        programId: addr,
-    }));
-    const modeMap = {
-        0: "unrestricted",
-        1: "whitelist",
-        2: "blacklist",
-    };
-    const dailyCap = p.dailySpendingCapUsd;
-    const maxPerTrade = p.maxTransactionSizeUsd ?? 0n;
-    const protocolCaps = (p.protocolCaps || []);
-    const sessionExpiry = p.sessionExpirySlots;
-    const policyVer = (p.policyVersion ?? 0n);
-    const timelockSec = Number(p.timelockDuration);
-    let pendingUpdate;
-    if (pendingPolicy) {
-        const pp = pendingPolicy;
-        const executesAtSec = Number(pp.executesAt ?? 0);
-        const appliesAt = Number.isFinite(executesAtSec) ? executesAtSec * 1000 : 0;
-        const nowSec = Math.floor(Date.now() / 1000);
-        pendingUpdate = {
-            changes: {},
-            appliesAt,
-            canApply: executesAtSec > 0 && executesAtSec <= nowSec,
-            canCancel: true,
+    try {
+        const [state, pendingPolicy] = await Promise.all([
+            resolveVaultStateForOwner(rpc, vault, undefined, toNet(network)),
+            getPendingPolicyForVault(rpc, vault).catch((err) => {
+                // Account-not-found is expected (no pending update) — return null.
+                // Re-throw RPC errors so they're not silently swallowed.
+                const message = err instanceof Error ? err.message : String(err);
+                if (message.includes("could not find") ||
+                    message.includes("Account does not exist")) {
+                    return null;
+                }
+                throw err;
+            }),
+        ]);
+        const p = state.policy;
+        const protocols = (p.protocols || []);
+        const approvedApps = protocols.map((addr) => ({
+            name: resolveProtocolName(addr),
+            programId: addr,
+        }));
+        const modeMap = {
+            0: "unrestricted",
+            1: "whitelist",
+            2: "blacklist",
         };
-    }
-    return {
-        dailyCap,
-        maxPerTrade,
-        approvedApps,
-        protocolMode: modeMap[p.protocolMode] || "unrestricted",
-        hasProtocolCaps: p.hasProtocolCaps,
-        protocolCaps,
-        canOpenPositions: p.canOpenPositions,
-        maxConcurrentPositions: p.maxConcurrentPositions,
-        maxSlippageBps: p.maxSlippageBps,
-        leverageLimitBps: p.maxLeverageBps,
-        allowedDestinations: (p.allowedDestinations || []),
-        developerFeeRate: p.developerFeeRate,
-        sessionExpirySlots: sessionExpiry,
-        timelockSeconds: timelockSec,
-        policyVersion: policyVer,
-        pendingUpdate,
-        toJSON: () => ({
-            dailyCap: bs(dailyCap),
-            maxPerTrade: bs(maxPerTrade),
+        const dailyCap = p.dailySpendingCapUsd;
+        const maxPerTrade = p.maxTransactionSizeUsd ?? 0n;
+        const protocolCaps = (p.protocolCaps || []);
+        const sessionExpiry = p.sessionExpirySlots;
+        const policyVer = (p.policyVersion ?? 0n);
+        const timelockSec = Number(p.timelockDuration);
+        let pendingUpdate;
+        if (pendingPolicy) {
+            const pp = pendingPolicy;
+            const executesAtSec = Number(pp.executesAt ?? 0);
+            const appliesAt = Number.isFinite(executesAtSec)
+                ? executesAtSec * 1000
+                : 0;
+            const nowSec = Math.floor(Date.now() / 1000);
+            // Decode each Option<T> field from PendingPolicyUpdate. Only Some fields
+            // land in `changes`. 14 fields total — every timelockable PolicyConfig field.
+            // Source: programs/sigil/src/state/pending_policy.rs
+            const changes = {};
+            if (isSome(pp.dailySpendingCapUsd))
+                changes.dailyCap = pp.dailySpendingCapUsd.value;
+            if (isSome(pp.maxTransactionAmountUsd))
+                changes.maxPerTrade = pp.maxTransactionAmountUsd.value;
+            if (isSome(pp.protocols))
+                changes.approvedApps = pp.protocols.value;
+            if (isSome(pp.protocolMode))
+                changes.protocolMode = modeMap[pp.protocolMode.value] || "unrestricted";
+            if (isSome(pp.hasProtocolCaps))
+                changes.hasProtocolCaps = pp.hasProtocolCaps.value;
+            if (isSome(pp.protocolCaps))
+                changes.protocolCaps = pp.protocolCaps.value;
+            if (isSome(pp.canOpenPositions))
+                changes.canOpenPositions = pp.canOpenPositions.value;
+            if (isSome(pp.maxConcurrentPositions))
+                changes.maxConcurrentPositions = pp.maxConcurrentPositions.value;
+            if (isSome(pp.maxSlippageBps))
+                changes.maxSlippageBps = pp.maxSlippageBps.value;
+            if (isSome(pp.maxLeverageBps))
+                changes.leverageLimit = pp.maxLeverageBps.value;
+            if (isSome(pp.allowedDestinations))
+                changes.allowedDestinations = pp.allowedDestinations.value;
+            if (isSome(pp.developerFeeRate))
+                changes.developerFeeRate = pp.developerFeeRate.value;
+            if (isSome(pp.sessionExpirySlots))
+                changes.sessionExpirySlots = pp.sessionExpirySlots.value;
+            if (isSome(pp.timelockDuration))
+                changes.timelock = Number(pp.timelockDuration.value);
+            pendingUpdate = {
+                changes,
+                appliesAt,
+                canApply: executesAtSec > 0 && executesAtSec <= nowSec,
+                canCancel: true,
+            };
+        }
+        return {
+            dailyCap,
+            maxPerTrade,
             approvedApps,
             protocolMode: modeMap[p.protocolMode] || "unrestricted",
             hasProtocolCaps: p.hasProtocolCaps,
-            protocolCaps: protocolCaps.map(bs),
+            protocolCaps,
             canOpenPositions: p.canOpenPositions,
             maxConcurrentPositions: p.maxConcurrentPositions,
             maxSlippageBps: p.maxSlippageBps,
             leverageLimitBps: p.maxLeverageBps,
             allowedDestinations: (p.allowedDestinations || []),
             developerFeeRate: p.developerFeeRate,
-            sessionExpirySlots: bs(sessionExpiry),
+            sessionExpirySlots: sessionExpiry,
             timelockSeconds: timelockSec,
-            policyVersion: bs(policyVer),
-            pendingUpdate: pendingUpdate
-                ? {
-                    changes: serializeBigints(pendingUpdate.changes),
-                    appliesAt: pendingUpdate.appliesAt,
-                    canApply: pendingUpdate.canApply,
-                    canCancel: pendingUpdate.canCancel,
-                }
-                : undefined,
-        }),
-    };
+            policyVersion: policyVer,
+            pendingUpdate,
+            toJSON: () => ({
+                dailyCap: bs(dailyCap),
+                maxPerTrade: bs(maxPerTrade),
+                approvedApps,
+                protocolMode: modeMap[p.protocolMode] || "unrestricted",
+                hasProtocolCaps: p.hasProtocolCaps,
+                protocolCaps: protocolCaps.map(bs),
+                canOpenPositions: p.canOpenPositions,
+                maxConcurrentPositions: p.maxConcurrentPositions,
+                maxSlippageBps: p.maxSlippageBps,
+                leverageLimitBps: p.maxLeverageBps,
+                allowedDestinations: (p.allowedDestinations || []),
+                developerFeeRate: p.developerFeeRate,
+                sessionExpirySlots: bs(sessionExpiry),
+                timelockSeconds: timelockSec,
+                policyVersion: bs(policyVer),
+                pendingUpdate: pendingUpdate
+                    ? {
+                        changes: serializeBigints(pendingUpdate.changes),
+                        appliesAt: pendingUpdate.appliesAt,
+                        canApply: pendingUpdate.canApply,
+                        canCancel: pendingUpdate.canCancel,
+                    }
+                    : undefined,
+            }),
+        };
+    }
+    catch (err) {
+        throw toDxError(err, "OwnerClient.getPolicy");
+    }
 }
 //# sourceMappingURL=reads.js.map