@usesigil/kit 0.8.0 → 0.10.0

package/dist/errors/public.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"public.d.ts","sourceRoot":"","sources":["../../src/errors/public.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EACL,kCAAkC,EAClC,mCAAmC,EACnC,wCAAwC,EACxC,oCAAoC,GACrC,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oCAAoC,EACpC,oCAAoC,EACpC,8BAA8B,GAC/B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mCAAmC,EACnC,oCAAoC,EACpC,wCAAwC,GACzC,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mCAAmC,EACnC,iCAAiC,EACjC,8BAA8B,EAC9B,sCAAsC,EACtC,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,gCAAgC,EAChC,gCAAgC,EAChC,iCAAiC,EACjC,gCAAgC,EAChC,oCAAoC,EACpC,qCAAqC,EACrC,uCAAuC,EACvC,iCAAiC,EACjC,gCAAgC,EAChC,uCAAuC,EACvC,kCAAkC,EAClC,sCAAsC,EACtC,8BAA8B,EAC9B,uCAAuC,EACvC,gCAAgC,EAChC,mCAAmC,EACnC,sCAAsC,EACtC,sCAAsC,EACtC,uCAAuC,EACvC,mCAAmC,EACnC,8BAA8B,EAC9B,mCAAmC,EACnC,+BAA+B,EAC/B,kCAAkC,EAClC,6BAA6B,EAC7B,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,2BAA2B,EAC3B,sCAAsC,EACtC,mCAAmC,EACnC,gCAAgC,EAChC,8BAA8B,EAC9B,8BAA8B,EAC9B,sCAAsC,GACvC,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,6BAA6B,EAAE,MAAM,YAAY,CAAC;AAQ3D,YAAY,EACV,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,qBAAqB,EACrB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,YAAY,CAAC"}

package/dist/errors/public.js

@@ -0,0 +1,30 @@
+/**
+ * @usesigil/kit/errors — public error-code subpath.
+ *
+ * Explicit named re-exports of every `SIGIL_ERROR__*` discriminant defined in
+ * `./codes.ts`. Importing from this subpath (rather than from the package
+ * root) keeps consumer bundles small — the root barrel should not re-export
+ * these once Sprint 1 of the SDK redesign lands.
+ *
+ * Usage:
+ *   import { SIGIL_ERROR__SDK__CAP_EXCEEDED } from "@usesigil/kit/errors";
+ *
+ * This file is the public contract. If a new error domain or discriminant
+ * is added in `./codes.ts`, it must be re-exported here (or the test
+ * `tests/errors/public-subpath.test.ts` will fail).
+ */
+// Shield domain — policy enforcement (4)
+export { SIGIL_ERROR__SHIELD__POLICY_DENIED, SIGIL_ERROR__SHIELD__CONFIG_INVALID, SIGIL_ERROR__SHIELD__RATE_LIMIT_EXCEEDED, SIGIL_ERROR__SHIELD__SESSION_BINDING, } from "./codes.js";
+// TEE domain — attestation + custody (3)
+export { SIGIL_ERROR__TEE__ATTESTATION_FAILED, SIGIL_ERROR__TEE__CERT_CHAIN_INVALID, SIGIL_ERROR__TEE__PCR_MISMATCH, } from "./codes.js";
+// Compose domain — DeFi instruction composition (3)
+export { SIGIL_ERROR__COMPOSE__MISSING_PARAM, SIGIL_ERROR__COMPOSE__INVALID_BIGINT, SIGIL_ERROR__COMPOSE__UNSUPPORTED_ACTION, } from "./codes.js";
+// x402 domain — HTTP 402 payments (5)
+export { SIGIL_ERROR__X402__HEADER_MALFORMED, SIGIL_ERROR__X402__PAYMENT_FAILED, SIGIL_ERROR__X402__UNSUPPORTED, SIGIL_ERROR__X402__DESTINATION_BLOCKED, SIGIL_ERROR__X402__REPLAY, } from "./codes.js";
+// SDK domain — config + runtime + state (26)
+export { SIGIL_ERROR__SDK__INVALID_CONFIG, SIGIL_ERROR__SDK__INVALID_PARAMS, SIGIL_ERROR__SDK__INVALID_NETWORK, SIGIL_ERROR__SDK__INVALID_AMOUNT, SIGIL_ERROR__SDK__INVALID_CAPABILITY, SIGIL_ERROR__SDK__INVALID_ACTION_TYPE, SIGIL_ERROR__SDK__OWNER_AGENT_COLLISION, SIGIL_ERROR__SDK__VAULT_NOT_FOUND, SIGIL_ERROR__SDK__VAULT_INACTIVE, SIGIL_ERROR__SDK__VAULT_SLOTS_EXHAUSTED, SIGIL_ERROR__SDK__POLICY_NOT_FOUND, SIGIL_ERROR__SDK__AGENT_NOT_REGISTERED, SIGIL_ERROR__SDK__AGENT_PAUSED, SIGIL_ERROR__SDK__AGENT_ZERO_CAPABILITY, SIGIL_ERROR__SDK__SIGNER_INVALID, SIGIL_ERROR__SDK__SIGNATURE_INVALID, SIGIL_ERROR__SDK__SPL_TOKEN_OP_BLOCKED, SIGIL_ERROR__SDK__PROTOCOL_NOT_ALLOWED, SIGIL_ERROR__SDK__PROTOCOL_NOT_TARGETED, SIGIL_ERROR__SDK__INSTRUCTION_COUNT, SIGIL_ERROR__SDK__CAP_EXCEEDED, SIGIL_ERROR__SDK__ATA_NON_CANONICAL, SIGIL_ERROR__SDK__ALT_INTEGRITY, SIGIL_ERROR__SDK__ALT_NOT_DEPLOYED, SIGIL_ERROR__SDK__SEAL_FAILED, SIGIL_ERROR__SDK__UNKNOWN, } from "./codes.js";
+// RPC domain — transport + simulation (7)
+export { SIGIL_ERROR__RPC__TX_FAILED, SIGIL_ERROR__RPC__CONFIRMATION_TIMEOUT, SIGIL_ERROR__RPC__SIMULATION_FAILED, SIGIL_ERROR__RPC__DRAIN_DETECTED, SIGIL_ERROR__RPC__TX_TOO_LARGE, SIGIL_ERROR__RPC__RATE_LIMITED, SIGIL_ERROR__RPC__INSTRUCTION_REQUIRED, } from "./codes.js";
+// Program domain — on-chain Anchor errors surfaced to the SDK (1)
+export { SIGIL_ERROR__PROGRAM__GENERIC } from "./codes.js";
+//# sourceMappingURL=public.js.map

package/dist/errors/public.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"public.js","sourceRoot":"","sources":["../../src/errors/public.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,yCAAyC;AACzC,OAAO,EACL,kCAAkC,EAClC,mCAAmC,EACnC,wCAAwC,EACxC,oCAAoC,GACrC,MAAM,YAAY,CAAC;AAEpB,yCAAyC;AACzC,OAAO,EACL,oCAAoC,EACpC,oCAAoC,EACpC,8BAA8B,GAC/B,MAAM,YAAY,CAAC;AAEpB,oDAAoD;AACpD,OAAO,EACL,mCAAmC,EACnC,oCAAoC,EACpC,wCAAwC,GACzC,MAAM,YAAY,CAAC;AAEpB,sCAAsC;AACtC,OAAO,EACL,mCAAmC,EACnC,iCAAiC,EACjC,8BAA8B,EAC9B,sCAAsC,EACtC,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AAEpB,6CAA6C;AAC7C,OAAO,EACL,gCAAgC,EAChC,gCAAgC,EAChC,iCAAiC,EACjC,gCAAgC,EAChC,oCAAoC,EACpC,qCAAqC,EACrC,uCAAuC,EACvC,iCAAiC,EACjC,gCAAgC,EAChC,uCAAuC,EACvC,kCAAkC,EAClC,sCAAsC,EACtC,8BAA8B,EAC9B,uCAAuC,EACvC,gCAAgC,EAChC,mCAAmC,EACnC,sCAAsC,EACtC,sCAAsC,EACtC,uCAAuC,EACvC,mCAAmC,EACnC,8BAA8B,EAC9B,mCAAmC,EACnC,+BAA+B,EAC/B,kCAAkC,EAClC,6BAA6B,EAC7B,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AAEpB,0CAA0C;AAC1C,OAAO,EACL,2BAA2B,EAC3B,sCAAsC,EACtC,mCAAmC,EACnC,gCAAgC,EAChC,8BAA8B,EAC9B,8BAA8B,EAC9B,sCAAsC,GACvC,MAAM,YAAY,CAAC;AAEpB,kEAAkE;AAClE,OAAO,EAAE,6BAA6B,EAAE,MAAM,YAAY,CAAC"}

package/dist/errors/walk.d.ts

@@ -1,3 +1,11 @@
+/**
+ * Reset the depth-fuse warning flag. Call in test `beforeEach` to ensure
+ * each test can independently verify fuse behavior without cross-test
+ * suppression. (H2 audit fix — silent-failure-hunter.)
+ *
+ * @internal Exported for testing only. Not part of the public API.
+ */
+export declare function resetWalkFuse(): void;
 export declare function walk(err: unknown): Error;
 export declare function walk(err: unknown, fn: (e: unknown) => boolean): Error | null;
 //# sourceMappingURL=walk.d.ts.map

package/dist/errors/walk.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"walk.d.ts","sourceRoot":"","sources":["../../src/errors/walk.ts"],"names":[],"mappings":"AA8BA,wBAAgB,IAAI,CAAC,GAAG,EAAE,OAAO,GAAG,KAAK,CAAC;AAC1C,wBAAgB,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,OAAO,GAAG,KAAK,GAAG,IAAI,CAAC"}
+{"version":3,"file":"walk.d.ts","sourceRoot":"","sources":["../../src/errors/walk.ts"],"names":[],"mappings":"AAsBA;;;;;;GAMG;AACH,wBAAgB,aAAa,IAAI,IAAI,CAEpC;AAYD,wBAAgB,IAAI,CAAC,GAAG,EAAE,OAAO,GAAG,KAAK,CAAC;AAC1C,wBAAgB,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,OAAO,GAAG,KAAK,GAAG,IAAI,CAAC"}

package/dist/errors/walk.js

@@ -15,13 +15,24 @@
  *     `cause: { code: "ECONNRESET" }` shape) by passing them to fn before
  *     bailing. Previously these were silently dropped from the search.
  */
+import { getSigilModuleLogger } from "../logger.js";
 const MAX_WALK_DEPTH = 32;
 let depthFuseWarned = false;
+/**
+ * Reset the depth-fuse warning flag. Call in test `beforeEach` to ensure
+ * each test can independently verify fuse behavior without cross-test
+ * suppression. (H2 audit fix — silent-failure-hunter.)
+ *
+ * @internal Exported for testing only. Not part of the public API.
+ */
+export function resetWalkFuse() {
+    depthFuseWarned = false;
+}
 function warnFuseTrip() {
     if (depthFuseWarned)
         return;
     depthFuseWarned = true;
-    console.warn(`[@usesigil/kit/walk] cause-chain depth exceeded ${MAX_WALK_DEPTH} levels — ` +
+    getSigilModuleLogger().warn(`[@usesigil/kit/walk] cause-chain depth exceeded ${MAX_WALK_DEPTH} levels — ` +
         `chain truncated. If this is a real chain (not a cycle), file an issue at ` +
         `https://github.com/Sigil-Trade/sigil/issues with reproduction.`);
 }

package/dist/errors/walk.js.map

@@ -1 +1 @@
-{"version":3,"file":"walk.js","sourceRoot":"","sources":["../../src/errors/walk.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,IAAI,eAAe,GAAG,KAAK,CAAC;AAE5B,SAAS,YAAY;IACnB,IAAI,eAAe;QAAE,OAAO;IAC5B,eAAe,GAAG,IAAI,CAAC;IACvB,OAAO,CAAC,IAAI,CACV,mDAAmD,cAAc,YAAY;QAC3E,2EAA2E;QAC3E,gEAAgE,CACnE,CAAC;AACJ,CAAC;AAID,MAAM,UAAU,IAAI,CAAC,GAAY,EAAE,EAA4B;IAC7D,kFAAkF;IAClF,IAAI,EAAE,EAAE,CAAC;QACP,OAAO,aAAa,CAAC,GAAG,EAAE,EAAE,EAAE,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IAC9C,CAAC;IACD,oCAAoC;IACpC,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,aAAa,CACpB,GAAY,EACZ,EAA2B,EAC3B,OAAqB,EACrB,KAAa;IAEb,IAAI,KAAK,IAAI,cAAc,EAAE,CAAC;QAC5B,YAAY,EAAE,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACjB,uEAAuE;IACvE,oEAAoE;IACpE,0CAA0C;IAC1C,IAAI,EAAE,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IACxE,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACpD,OAAO,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,QAAQ,CAAC,GAAY,EAAE,OAAqB,EAAE,KAAa;IAClE,oEAAoE;IACpE,IAAI,CAAC,CAAC,GAAG,YAAY,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,IAAI,KAAK,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IACjC,IAAI,KAAK,IAAI,cAAc,EAAE,CAAC;QAC5B,YAAY,EAAE,CAAC;QACf,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACjB,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS,IAAI,GAAG,CAAC,KAAK,KAAK,GAAG,EAAE,CAAC;QACjD,OAAO,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"walk.js","sourceRoot":"","sources":["../../src/errors/walk.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEpD,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,IAAI,eAAe,GAAG,KAAK,CAAC;AAE5B;;;;;;GAMG;AACH,MAAM,UAAU,aAAa;IAC3B,eAAe,GAAG,KAAK,CAAC;AAC1B,CAAC;AAED,SAAS,YAAY;IACnB,IAAI,eAAe;QAAE,OAAO;IAC5B,eAAe,GAAG,IAAI,CAAC;IACvB,oBAAoB,EAAE,CAAC,IAAI,CACzB,mDAAmD,cAAc,YAAY;QAC3E,2EAA2E;QAC3E,gEAAgE,CACnE,CAAC;AACJ,CAAC;AAID,MAAM,UAAU,IAAI,CAAC,GAAY,EAAE,EAA4B;IAC7D,kFAAkF;IAClF,IAAI,EAAE,EAAE,CAAC;QACP,OAAO,aAAa,CAAC,GAAG,EAAE,EAAE,EAAE,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IAC9C,CAAC;IACD,oCAAoC;IACpC,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,aAAa,CACpB,GAAY,EACZ,EAA2B,EAC3B,OAAqB,EACrB,KAAa;IAEb,IAAI,KAAK,IAAI,cAAc,EAAE,CAAC;QAC5B,YAAY,EAAE,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACjB,uEAAuE;IACvE,oEAAoE;IACpE,0CAA0C;IAC1C,IAAI,EAAE,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IACxE,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACpD,OAAO,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,QAAQ,CAAC,GAAY,EAAE,OAAqB,EAAE,KAAa;IAClE,oEAAoE;IACpE,IAAI,CAAC,CAAC,GAAG,YAAY,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,IAAI,KAAK,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IACjC,IAAI,KAAK,IAAI,cAAc,EAAE,CAAC;QAC5B,YAAY,EAAE,CAAC;QACf,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACjB,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS,IAAI,GAAG,CAAC,KAAK,KAAK,GAAG,EAAE,CAAC;QACjD,OAAO,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/helpers/ata.d.ts

@@ -0,0 +1,73 @@
+/**
+ * initializeVaultAtas — build ATA `CreateIdempotent` instructions for a
+ * Sigil vault with a caller-asserted allowlist check.
+ *
+ * **This is not a security gate.** The real security surface is the
+ * on-chain program: Sigil's `validate_and_authorize` path checks the
+ * vault-policy allowlist against every mint touched by the DeFi
+ * instructions that actually execute. `initializeVaultAtas` is a
+ * thin authoring helper — it builds correct ATA-program instructions
+ * AND performs a client-side sanity check that each `mint` is in the
+ * `allowedMints` list the caller already decided is valid.
+ *
+ * The allowlist is **caller-supplied** on purpose: this helper has no
+ * RPC dependency, so it can be used inside `createVault` pipelines
+ * where the policy object is in memory but not yet on-chain. Callers
+ * who already have a resolved `PolicyConfig` should pass
+ * `allowedMints: policy.allowedDestinations` (plus any stablecoin mints
+ * the owner is wiring up). Callers who pass `allowedMints: mints`
+ * (tautological) get no safety value from this helper — they're only
+ * using it for the manual instruction-building.
+ *
+ * The historical naming tied this helper to "F8 closure"; that framing
+ * was misleading. F8 is closed by the on-chain protocol, not by this
+ * function. Keep the name for API stability; the docstring is the
+ * contract.
+ *
+ * ATA instructions are built manually (following the pattern in
+ * `src/x402/transfer-builder.ts`) rather than via `@solana-program/token`
+ * to keep `@usesigil/kit` a zero-SPL-dep package.
+ *
+ * Dedup: repeated mints in the input are merged (the resulting instruction
+ * list has one entry per unique mint). Empty input returns an empty list
+ * without throwing — a vault that needs no ATAs is a valid configuration.
+ *
+ * @example
+ *   // Typical usage: allowedMints derived from the vault's policy.
+ *   const ixs = await initializeVaultAtas({
+ *     vault: vaultPda,
+ *     payer: ownerSigner.address,
+ *     mints: [USDC_MINT_DEVNET, USDT_MINT_DEVNET],
+ *     allowedMints: [
+ *       ...policy.allowedDestinations,
+ *       USDC_MINT_DEVNET,
+ *       USDT_MINT_DEVNET,
+ *     ],
+ *   });
+ *   // → [ createIdempotent(USDC ATA), createIdempotent(USDT ATA) ]
+ */
+import type { Address, Instruction } from "../kit-adapter.js";
+export interface InitializeVaultAtasParams {
+    /** The vault PDA that will own the ATAs. */
+    vault: Address;
+    /**
+     * Funding account — pays the rent for each new ATA and signs the tx.
+     * Typically the owner's wallet during `createVault`, or any signer that
+     * holds enough SOL to cover ATA rent.
+     */
+    payer: Address;
+    /**
+     * Mints to initialize ATAs for. Duplicates are deduplicated.
+     * Empty array returns an empty instruction list.
+     */
+    mints: readonly Address[];
+    /**
+     * Client-side allowlist. Every entry in `mints` must be present in
+     * `allowedMints`, or the call throws `SPL_TOKEN_OP_BLOCKED`.
+     * Typically populated from `PolicyConfig.allowedDestinations` plus
+     * recognized stablecoin mints the owner is wiring up.
+     */
+    allowedMints: readonly Address[];
+}
+export declare function initializeVaultAtas(params: InitializeVaultAtasParams): Promise<Instruction[]>;
+//# sourceMappingURL=ata.d.ts.map

package/dist/helpers/ata.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ata.d.ts","sourceRoot":"","sources":["../../src/helpers/ata.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+CG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAoB9D,MAAM,WAAW,yBAAyB;IACxC,4CAA4C;IAC5C,KAAK,EAAE,OAAO,CAAC;IACf;;;;OAIG;IACH,KAAK,EAAE,OAAO,CAAC;IACf;;;OAGG;IACH,KAAK,EAAE,SAAS,OAAO,EAAE,CAAC;IAC1B;;;;;OAKG;IACH,YAAY,EAAE,SAAS,OAAO,EAAE,CAAC;CAClC;AAED,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,yBAAyB,GAChC,OAAO,CAAC,WAAW,EAAE,CAAC,CAqCxB"}

package/dist/helpers/ata.js

@@ -0,0 +1,107 @@
+/**
+ * initializeVaultAtas — build ATA `CreateIdempotent` instructions for a
+ * Sigil vault with a caller-asserted allowlist check.
+ *
+ * **This is not a security gate.** The real security surface is the
+ * on-chain program: Sigil's `validate_and_authorize` path checks the
+ * vault-policy allowlist against every mint touched by the DeFi
+ * instructions that actually execute. `initializeVaultAtas` is a
+ * thin authoring helper — it builds correct ATA-program instructions
+ * AND performs a client-side sanity check that each `mint` is in the
+ * `allowedMints` list the caller already decided is valid.
+ *
+ * The allowlist is **caller-supplied** on purpose: this helper has no
+ * RPC dependency, so it can be used inside `createVault` pipelines
+ * where the policy object is in memory but not yet on-chain. Callers
+ * who already have a resolved `PolicyConfig` should pass
+ * `allowedMints: policy.allowedDestinations` (plus any stablecoin mints
+ * the owner is wiring up). Callers who pass `allowedMints: mints`
+ * (tautological) get no safety value from this helper — they're only
+ * using it for the manual instruction-building.
+ *
+ * The historical naming tied this helper to "F8 closure"; that framing
+ * was misleading. F8 is closed by the on-chain protocol, not by this
+ * function. Keep the name for API stability; the docstring is the
+ * contract.
+ *
+ * ATA instructions are built manually (following the pattern in
+ * `src/x402/transfer-builder.ts`) rather than via `@solana-program/token`
+ * to keep `@usesigil/kit` a zero-SPL-dep package.
+ *
+ * Dedup: repeated mints in the input are merged (the resulting instruction
+ * list has one entry per unique mint). Empty input returns an empty list
+ * without throwing — a vault that needs no ATAs is a valid configuration.
+ *
+ * @example
+ *   // Typical usage: allowedMints derived from the vault's policy.
+ *   const ixs = await initializeVaultAtas({
+ *     vault: vaultPda,
+ *     payer: ownerSigner.address,
+ *     mints: [USDC_MINT_DEVNET, USDT_MINT_DEVNET],
+ *     allowedMints: [
+ *       ...policy.allowedDestinations,
+ *       USDC_MINT_DEVNET,
+ *       USDT_MINT_DEVNET,
+ *     ],
+ *   });
+ *   // → [ createIdempotent(USDC ATA), createIdempotent(USDT ATA) ]
+ */
+import { AccountRole } from "../kit-adapter.js";
+import { TOKEN_PROGRAM_ADDRESS, ATA_PROGRAM_ADDRESS, SYSTEM_PROGRAM_ADDRESS, } from "../types.js";
+import { deriveAta } from "../tokens.js";
+import { SigilSdkDomainError } from "../errors/sdk.js";
+import { SIGIL_ERROR__SDK__SPL_TOKEN_OP_BLOCKED } from "../errors/codes.js";
+/**
+ * Associated Token Program — `CreateIdempotent` instruction discriminator.
+ *
+ * Layout: a single byte. No args, no additional data. Creates the ATA if
+ * it doesn't exist; no-ops if it does. Source: ATA program
+ * `processor.rs` variant `CreateIdempotent = 1`.
+ */
+const CREATE_IDEMPOTENT_DISCRIMINATOR = 1;
+export async function initializeVaultAtas(params) {
+    const { vault, payer, mints, allowedMints } = params;
+    if (mints.length === 0)
+        return [];
+    // Build the allowlist as a Set for O(1) membership test. Addresses are
+    // base58 strings, which compare by value. No normalization needed.
+    const allowed = new Set(allowedMints);
+    // Validate every mint before issuing any PDA derivation — fail-fast.
+    for (const mint of mints) {
+        if (!allowed.has(mint)) {
+            throw new SigilSdkDomainError(SIGIL_ERROR__SDK__SPL_TOKEN_OP_BLOCKED, `Mint ${mint} is not in the policy allowlist. ` +
+                `initializeVaultAtas only creates ATAs for mints the vault's ` +
+                `policy explicitly permits. Add this mint to the policy's ` +
+                `allowedDestinations before calling, or pass a broader ` +
+                `allowedMints list (e.g. [...policy.allowedDestinations, USDC_MINT_DEVNET]).`, { context: { mint, allowedMints: [...allowed] } });
+        }
+    }
+    // Deduplicate by mint — a caller passing the same mint twice should not
+    // produce two identical createIdempotent instructions in the same tx.
+    const uniqueMints = Array.from(new Set(mints));
+    // Derive ATAs in parallel and build one CreateIdempotent ix per mint.
+    const instructions = await Promise.all(uniqueMints.map(async (mint) => {
+        const ata = await deriveAta(vault, mint);
+        return buildCreateIdempotentIx({ payer, ata, owner: vault, mint });
+    }));
+    return instructions;
+}
+/**
+ * Build a raw `CreateIdempotent` instruction for the ATA program.
+ * Pulled into a helper to keep the main function readable.
+ */
+function buildCreateIdempotentIx(args) {
+    return {
+        programAddress: ATA_PROGRAM_ADDRESS,
+        accounts: [
+            { address: args.payer, role: AccountRole.WRITABLE_SIGNER },
+            { address: args.ata, role: AccountRole.WRITABLE },
+            { address: args.owner, role: AccountRole.READONLY },
+            { address: args.mint, role: AccountRole.READONLY },
+            { address: SYSTEM_PROGRAM_ADDRESS, role: AccountRole.READONLY },
+            { address: TOKEN_PROGRAM_ADDRESS, role: AccountRole.READONLY },
+        ],
+        data: new Uint8Array([CREATE_IDEMPOTENT_DISCRIMINATOR]),
+    };
+}
+//# sourceMappingURL=ata.js.map

package/dist/helpers/ata.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ata.js","sourceRoot":"","sources":["../../src/helpers/ata.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+CG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,sCAAsC,EAAE,MAAM,oBAAoB,CAAC;AAE5E;;;;;;GAMG;AACH,MAAM,+BAA+B,GAAG,CAAC,CAAC;AAyB1C,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAiC;IAEjC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAErD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAElC,uEAAuE;IACvE,mEAAmE;IACnE,MAAM,OAAO,GAAG,IAAI,GAAG,CAAS,YAAY,CAAC,CAAC;IAE9C,qEAAqE;IACrE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,mBAAmB,CAC3B,sCAAsC,EACtC,QAAQ,IAAI,mCAAmC;gBAC7C,8DAA8D;gBAC9D,2DAA2D;gBAC3D,wDAAwD;gBACxD,6EAA6E,EAC/E,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,GAAG,OAAO,CAAC,EAAW,EAAE,CAC3D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,sEAAsE;IACtE,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAS,KAAK,CAAC,CAAc,CAAC;IAEpE,sEAAsE;IACtE,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CACpC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC7B,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACzC,OAAO,uBAAuB,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACrE,CAAC,CAAC,CACH,CAAC;IAEF,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAAC,IAKhC;IACC,OAAO;QACL,cAAc,EAAE,mBAAmB;QACnC,QAAQ,EAAE;YACR,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,WAAW,CAAC,eAAe,EAAE;YAC1D,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,WAAW,CAAC,QAAQ,EAAE;YACjD,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,WAAW,CAAC,QAAQ,EAAE;YACnD,EAAE,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,QAAQ,EAAE;YAClD,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,WAAW,CAAC,QAAQ,EAAE;YAC/D,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,WAAW,CAAC,QAAQ,EAAE;SAC/D;QACD,IAAI,EAAE,IAAI,UAAU,CAAC,CAAC,+BAA+B,CAAC,CAAC;KACxD,CAAC;AACJ,CAAC"}

package/dist/helpers/parse-usd.d.ts

@@ -0,0 +1,43 @@
+/**
+ * parseUsd — strict USD-string parser that returns 6-decimal base units.
+ *
+ * Rationale: consumers frequently need to express dollar amounts ("$500",
+ * "$0.01") in UI surfaces, CLIs, and config files. Parsing those strings
+ * with `parseFloat` or `Number(...)` introduces floating-point rounding
+ * errors that compound into cap-enforcement bugs on-chain. This helper
+ * uses a strict regex and BigInt arithmetic only — no floating-point path
+ * exists at any step.
+ *
+ * Grammar (regex `^\$(0|[1-9]\d{0,14})(\.\d{1,6})?$`):
+ *   - Leading literal `$` is required
+ *   - Whole part: `0` alone, OR a 1-15 digit number with no leading zero
+ *     (`$01` / `$007` are rejected as typos; `$0` / `$0.5` are valid)
+ *   - 15 digits max × 10^6 scale = 10^21, well within BigInt range
+ *   - Optional fractional part: `.` + 1–6 digits (matches USD_DECIMALS = 6)
+ *   - No thousands separators, no exponent notation, no sign, no whitespace
+ *
+ * Output: bigint in 6-decimal USD base units (`$1 → 1_000_000n`).
+ *
+ * Errors: throws `SigilSdkDomainError` with code
+ * `SIGIL_ERROR__SDK__INVALID_AMOUNT` for any malformed input. The error
+ * `.context` carries the original input string to aid debugging.
+ *
+ * Examples:
+ *   parseUsd("$0")              // → 0n
+ *   parseUsd("$0.01")           // → 10_000n
+ *   parseUsd("$1")              // → 1_000_000n
+ *   parseUsd("$1.5")            // → 1_500_000n
+ *   parseUsd("$100.000001")     // → 100_000_001n
+ *   parseUsd("$999999999999999")// → 999_999_999_999_999_000_000n
+ *   parseUsd("1.0")             // throws — missing "$"
+ *   parseUsd("$1,000")          // throws — commas not allowed
+ *   parseUsd("$1e3")            // throws — exponent not allowed
+ *   parseUsd("$1.1234567")      // throws — > 6 decimals
+ *   parseUsd("$-1")             // throws — negative not allowed
+ *
+ * @param input USD-denominated string, including literal leading "$"
+ * @returns `bigint` in 6-decimal base units (USD_DECIMALS = 6)
+ * @throws  {SigilSdkDomainError} code SIGIL_ERROR__SDK__INVALID_AMOUNT
+ */
+export declare function parseUsd(input: string): bigint;
+//# sourceMappingURL=parse-usd.d.ts.map

package/dist/helpers/parse-usd.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-usd.d.ts","sourceRoot":"","sources":["../../src/helpers/parse-usd.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAmBH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAoC9C"}

package/dist/helpers/parse-usd.js

@@ -0,0 +1,81 @@
+/**
+ * parseUsd — strict USD-string parser that returns 6-decimal base units.
+ *
+ * Rationale: consumers frequently need to express dollar amounts ("$500",
+ * "$0.01") in UI surfaces, CLIs, and config files. Parsing those strings
+ * with `parseFloat` or `Number(...)` introduces floating-point rounding
+ * errors that compound into cap-enforcement bugs on-chain. This helper
+ * uses a strict regex and BigInt arithmetic only — no floating-point path
+ * exists at any step.
+ *
+ * Grammar (regex `^\$(0|[1-9]\d{0,14})(\.\d{1,6})?$`):
+ *   - Leading literal `$` is required
+ *   - Whole part: `0` alone, OR a 1-15 digit number with no leading zero
+ *     (`$01` / `$007` are rejected as typos; `$0` / `$0.5` are valid)
+ *   - 15 digits max × 10^6 scale = 10^21, well within BigInt range
+ *   - Optional fractional part: `.` + 1–6 digits (matches USD_DECIMALS = 6)
+ *   - No thousands separators, no exponent notation, no sign, no whitespace
+ *
+ * Output: bigint in 6-decimal USD base units (`$1 → 1_000_000n`).
+ *
+ * Errors: throws `SigilSdkDomainError` with code
+ * `SIGIL_ERROR__SDK__INVALID_AMOUNT` for any malformed input. The error
+ * `.context` carries the original input string to aid debugging.
+ *
+ * Examples:
+ *   parseUsd("$0")              // → 0n
+ *   parseUsd("$0.01")           // → 10_000n
+ *   parseUsd("$1")              // → 1_000_000n
+ *   parseUsd("$1.5")            // → 1_500_000n
+ *   parseUsd("$100.000001")     // → 100_000_001n
+ *   parseUsd("$999999999999999")// → 999_999_999_999_999_000_000n
+ *   parseUsd("1.0")             // throws — missing "$"
+ *   parseUsd("$1,000")          // throws — commas not allowed
+ *   parseUsd("$1e3")            // throws — exponent not allowed
+ *   parseUsd("$1.1234567")      // throws — > 6 decimals
+ *   parseUsd("$-1")             // throws — negative not allowed
+ *
+ * @param input USD-denominated string, including literal leading "$"
+ * @returns `bigint` in 6-decimal base units (USD_DECIMALS = 6)
+ * @throws  {SigilSdkDomainError} code SIGIL_ERROR__SDK__INVALID_AMOUNT
+ */
+import { SigilSdkDomainError } from "../errors/sdk.js";
+import { SIGIL_ERROR__SDK__INVALID_AMOUNT } from "../errors/codes.js";
+// USD_DECIMALS = 6 — hardcoded here to keep parse-usd.ts dependency-free
+// from the larger types barrel. Must stay in sync with
+// programs/sigil/src/state/mod.rs:224 and sdk/kit/src/types.ts USD_DECIMALS.
+const USD_DECIMALS = 6;
+const USD_BASE = 1000000n; // 10 ** USD_DECIMALS
+// Strict format:
+//   - Leading literal `$`
+//   - Whole part: either "0" OR a 1-15 digit number that doesn't start with 0.
+//     Prevents `$00`, `$01`, `$007` from silently parsing — those are almost
+//     always typos, never intentional amounts.
+//   - Optional `.` + 1–6 decimal digits (capture group 2 includes the dot)
+const USD_REGEX = /^\$(0|[1-9]\d{0,14})(\.\d{1,6})?$/;
+export function parseUsd(input) {
+    if (typeof input !== "string") {
+        throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_AMOUNT, `parseUsd expected a string, received ${typeof input}`, { context: { input: String(input) } });
+    }
+    const match = input.match(USD_REGEX);
+    if (match === null) {
+        throw new SigilSdkDomainError(SIGIL_ERROR__SDK__INVALID_AMOUNT, `Invalid USD amount: "${input}". ` +
+            `Expected format "$<whole>[.<fraction>]" — ` +
+            `up to 15 whole digits, up to ${USD_DECIMALS} fractional digits, ` +
+            `no commas, no exponent, no sign, no whitespace.`, { context: { input } });
+    }
+    const [, whole, fractionPart] = match;
+    // `whole` is guaranteed non-empty (regex `\d{1,15}`).
+    const wholeBig = BigInt(whole);
+    let result = wholeBig * USD_BASE;
+    if (fractionPart !== undefined) {
+        // fractionPart includes the leading dot: ".5", ".000001"
+        const fractionDigits = fractionPart.slice(1);
+        // Pad fractionDigits to exactly USD_DECIMALS digits (right-pad with 0).
+        // "5" → "500000"; "000001" → "000001"
+        const padded = fractionDigits.padEnd(USD_DECIMALS, "0");
+        result += BigInt(padded);
+    }
+    return result;
+}
+//# sourceMappingURL=parse-usd.js.map

package/dist/helpers/parse-usd.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-usd.js","sourceRoot":"","sources":["../../src/helpers/parse-usd.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,gCAAgC,EAAE,MAAM,oBAAoB,CAAC;AAEtE,yEAAyE;AACzE,uDAAuD;AACvD,6EAA6E;AAC7E,MAAM,YAAY,GAAG,CAAC,CAAC;AACvB,MAAM,QAAQ,GAAG,QAAU,CAAC,CAAC,qBAAqB;AAElD,iBAAiB;AACjB,0BAA0B;AAC1B,+EAA+E;AAC/E,6EAA6E;AAC7E,+CAA+C;AAC/C,2EAA2E;AAC3E,MAAM,SAAS,GAAG,mCAAmC,CAAC;AAEtD,MAAM,UAAU,QAAQ,CAAC,KAAa;IACpC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,wCAAwC,OAAO,KAAK,EAAE,EACtD,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAW,EAAE,CAC/C,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACrC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,MAAM,IAAI,mBAAmB,CAC3B,gCAAgC,EAChC,wBAAwB,KAAK,KAAK;YAChC,4CAA4C;YAC5C,gCAAgC,YAAY,sBAAsB;YAClE,iDAAiD,EACnD,EAAE,OAAO,EAAE,EAAE,KAAK,EAAW,EAAE,CAChC,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,EAAE,KAAK,EAAE,YAAY,CAAC,GAAG,KAAK,CAAC;IACtC,sDAAsD;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAM,CAAC,CAAC;IAChC,IAAI,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAEjC,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,yDAAyD;QACzD,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7C,wEAAwE;QACxE,sCAAsC;QACtC,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;QACxD,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/helpers/validate-cap-aggregate.d.ts

@@ -0,0 +1,41 @@
+/**
+ * validateAgentCapAggregate — enforce sum of agent per-agent caps ≤ vault
+ * daily cap.
+ *
+ * Rationale: D12 closes Pentester finding F3 ("$100/agent × 10 agents =
+ * $1,000 rolling — vault daily cap $500"). The on-chain program enforces
+ * the vault-wide cap and the per-agent cap as separate checks, but both
+ * are satisfied simultaneously when the sum of per-agent caps exceeds
+ * the vault cap — any single agent inside its own limit can still
+ * contribute to a combined burn above the vault ceiling. Blocking this
+ * in the SDK before any of `createVault`, `registerAgent`, or
+ * `queueAgentPermissionsUpdate` sends the instruction keeps the UX
+ * honest: the consumer sees the problem during setup, not at cap time.
+ *
+ * Called at two entry points:
+ *   1. `createVault` (A8) with `existingAgentCaps: []` — validates the
+ *      initial agent's cap against the new vault's daily cap.
+ *   2. `addAgent` / `queueAgentPermissionsUpdate` (Sprint 2) with
+ *      `existingAgentCaps` populated from the current vault state.
+ *
+ * A cap of `0n` means the agent is Observer-class and has no spending
+ * budget of its own — it contributes zero to the aggregate and is
+ * always valid regardless of the existing caps' sum.
+ *
+ * @throws {SigilSdkDomainError} SIGIL_ERROR__SDK__CAP_EXCEEDED when
+ *   `sum(existingAgentCaps) + newAgentCap > vaultDailyCap`.
+ */
+export interface ValidateAgentCapAggregateParams {
+    /** Vault-wide daily spending cap in USD base units (6-decimal). */
+    vaultDailyCap: bigint;
+    /**
+     * Per-agent caps for every agent already registered on the vault.
+     * Empty on first agent (fresh `createVault`); populated from
+     * resolved vault state on subsequent `addAgent` calls.
+     */
+    existingAgentCaps: readonly bigint[];
+    /** Per-agent cap for the agent being added or updated. */
+    newAgentCap: bigint;
+}
+export declare function validateAgentCapAggregate(params: ValidateAgentCapAggregateParams): void;
+//# sourceMappingURL=validate-cap-aggregate.d.ts.map

package/dist/helpers/validate-cap-aggregate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-cap-aggregate.d.ts","sourceRoot":"","sources":["../../src/helpers/validate-cap-aggregate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAKH,MAAM,WAAW,+BAA+B;IAC9C,mEAAmE;IACnE,aAAa,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,iBAAiB,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC,0DAA0D;IAC1D,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,+BAA+B,GACtC,IAAI,CA4CN"}

package/dist/helpers/validate-cap-aggregate.js

@@ -0,0 +1,61 @@
+/**
+ * validateAgentCapAggregate — enforce sum of agent per-agent caps ≤ vault
+ * daily cap.
+ *
+ * Rationale: D12 closes Pentester finding F3 ("$100/agent × 10 agents =
+ * $1,000 rolling — vault daily cap $500"). The on-chain program enforces
+ * the vault-wide cap and the per-agent cap as separate checks, but both
+ * are satisfied simultaneously when the sum of per-agent caps exceeds
+ * the vault cap — any single agent inside its own limit can still
+ * contribute to a combined burn above the vault ceiling. Blocking this
+ * in the SDK before any of `createVault`, `registerAgent`, or
+ * `queueAgentPermissionsUpdate` sends the instruction keeps the UX
+ * honest: the consumer sees the problem during setup, not at cap time.
+ *
+ * Called at two entry points:
+ *   1. `createVault` (A8) with `existingAgentCaps: []` — validates the
+ *      initial agent's cap against the new vault's daily cap.
+ *   2. `addAgent` / `queueAgentPermissionsUpdate` (Sprint 2) with
+ *      `existingAgentCaps` populated from the current vault state.
+ *
+ * A cap of `0n` means the agent is Observer-class and has no spending
+ * budget of its own — it contributes zero to the aggregate and is
+ * always valid regardless of the existing caps' sum.
+ *
+ * @throws {SigilSdkDomainError} SIGIL_ERROR__SDK__CAP_EXCEEDED when
+ *   `sum(existingAgentCaps) + newAgentCap > vaultDailyCap`.
+ */
+import { SigilSdkDomainError } from "../errors/sdk.js";
+import { SIGIL_ERROR__SDK__CAP_EXCEEDED } from "../errors/codes.js";
+export function validateAgentCapAggregate(params) {
+    const { vaultDailyCap, existingAgentCaps, newAgentCap } = params;
+    // Reject negative inputs early — bigint doesn't prevent them, but
+    // every cap on the system is a magnitude value.
+    if (vaultDailyCap < 0n || newAgentCap < 0n) {
+        throw new SigilSdkDomainError(SIGIL_ERROR__SDK__CAP_EXCEEDED, `validateAgentCapAggregate received negative input — ` +
+            `vaultDailyCap=${vaultDailyCap}, newAgentCap=${newAgentCap}. ` +
+            `Caps are unsigned magnitudes.`, { context: { vaultDailyCap, newAgentCap } });
+    }
+    for (const c of existingAgentCaps) {
+        if (c < 0n) {
+            throw new SigilSdkDomainError(SIGIL_ERROR__SDK__CAP_EXCEEDED, `validateAgentCapAggregate received a negative existingAgentCap (${c}).`, { context: { existingAgentCaps: [...existingAgentCaps] } });
+        }
+    }
+    let sum = newAgentCap;
+    for (const cap of existingAgentCaps)
+        sum += cap;
+    if (sum > vaultDailyCap) {
+        throw new SigilSdkDomainError(SIGIL_ERROR__SDK__CAP_EXCEEDED, `Aggregate per-agent cap (${sum} in 6-decimal USD base units) ` +
+            `exceeds vault daily cap (${vaultDailyCap}). Sum of all agents' ` +
+            `spendingLimitUsd must be ≤ dailySpendingCapUsd to prevent ` +
+            `concurrent-burn attacks where each agent stays within its own ` +
+            `limit but the combined outflow breaches the vault's ceiling.`, {
+            context: {
+                vaultCap: vaultDailyCap,
+                sum,
+                agents: [...existingAgentCaps, newAgentCap],
+            },
+        });
+    }
+}
+//# sourceMappingURL=validate-cap-aggregate.js.map

package/dist/helpers/validate-cap-aggregate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-cap-aggregate.js","sourceRoot":"","sources":["../../src/helpers/validate-cap-aggregate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AAepE,MAAM,UAAU,yBAAyB,CACvC,MAAuC;IAEvC,MAAM,EAAE,aAAa,EAAE,iBAAiB,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC;IAEjE,kEAAkE;IAClE,gDAAgD;IAChD,IAAI,aAAa,GAAG,EAAE,IAAI,WAAW,GAAG,EAAE,EAAE,CAAC;QAC3C,MAAM,IAAI,mBAAmB,CAC3B,8BAA8B,EAC9B,sDAAsD;YACpD,iBAAiB,aAAa,iBAAiB,WAAW,IAAI;YAC9D,+BAA+B,EACjC,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,WAAW,EAAW,EAAE,CACrD,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;QAClC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACX,MAAM,IAAI,mBAAmB,CAC3B,8BAA8B,EAC9B,mEAAmE,CAAC,IAAI,EACxE,EAAE,OAAO,EAAE,EAAE,iBAAiB,EAAE,CAAC,GAAG,iBAAiB,CAAC,EAAW,EAAE,CACpE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,GAAG,GAAG,WAAW,CAAC;IACtB,KAAK,MAAM,GAAG,IAAI,iBAAiB;QAAE,GAAG,IAAI,GAAG,CAAC;IAEhD,IAAI,GAAG,GAAG,aAAa,EAAE,CAAC;QACxB,MAAM,IAAI,mBAAmB,CAC3B,8BAA8B,EAC9B,4BAA4B,GAAG,gCAAgC;YAC7D,4BAA4B,aAAa,wBAAwB;YACjE,4DAA4D;YAC5D,gEAAgE;YAChE,8DAA8D,EAChE;YACE,OAAO,EAAE;gBACP,QAAQ,EAAE,aAAa;gBACvB,GAAG;gBACH,MAAM,EAAE,CAAC,GAAG,iBAAiB,EAAE,WAAW,CAAC;aACnC;SACX,CACF,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-export * from "./generated/index.js";
-export { SIGIL_PROGRAM_ADDRESS, FEE_RATE_DENOMINATOR, PROTOCOL_FEE_RATE, MAX_DEVELOPER_FEE_RATE, PROTOCOL_TREASURY, USD_DECIMALS, type UsdBaseUnits, type CapabilityTier, type Slot, usd, capability, slot, MAX_AGENTS_PER_VAULT, MAX_ALLOWED_PROTOCOLS, FULL_CAPABILITY, FULL_PERMISSIONS, MAX_ESCROW_DURATION, TOKEN_PROGRAM_ADDRESS, TOKEN_2022_PROGRAM_ADDRESS, ATA_PROGRAM_ADDRESS, COMPUTE_BUDGET_PROGRAM_ADDRESS, SYSTEM_PROGRAM_ADDRESS, MAX_SLIPPAGE_BPS, EPOCH_DURATION, NUM_EPOCHS, PROTOCOL_MODE_ALL, PROTOCOL_MODE_ALLOWLIST, PROTOCOL_MODE_DENYLIST, USDC_MINT_DEVNET, USDC_MINT_MAINNET, USDT_MINT_DEVNET, USDT_MINT_MAINNET, JUPITER_PROGRAM_ADDRESS, RECOGNIZED_DEFI_PROGRAMS, isStablecoinMint, parseActionType, isSpendingAction, getPositionEffect, validateNetwork, normalizeNetwork, toInstruction, OVERLAY_EPOCH_DURATION, OVERLAY_NUM_EPOCHS, ROLLING_WINDOW_SECONDS, U64_MAX, } from "./types.js";
+export * from "./generated/accounts/index.js";
+export { SIGIL_PROGRAM_ADDRESS, FEE_RATE_DENOMINATOR, PROTOCOL_FEE_RATE, MAX_DEVELOPER_FEE_RATE, PROTOCOL_TREASURY, USD_DECIMALS, type UsdBaseUnits, type CapabilityTier, type Slot, usd, capability, slot, MAX_AGENTS_PER_VAULT, MAX_ALLOWED_PROTOCOLS, FULL_CAPABILITY, FULL_PERMISSIONS, MAX_ESCROW_DURATION, TOKEN_PROGRAM_ADDRESS, TOKEN_2022_PROGRAM_ADDRESS, ATA_PROGRAM_ADDRESS, COMPUTE_BUDGET_PROGRAM_ADDRESS, SYSTEM_PROGRAM_ADDRESS, SUPPORTED_PROTOCOLS, type ProtocolMeta, MAX_SLIPPAGE_BPS, EPOCH_DURATION, NUM_EPOCHS, PROTOCOL_MODE_ALL, PROTOCOL_MODE_ALLOWLIST, PROTOCOL_MODE_DENYLIST, USDC_MINT_DEVNET, USDC_MINT_MAINNET, USDT_MINT_DEVNET, USDT_MINT_MAINNET, JUPITER_PROGRAM_ADDRESS, RECOGNIZED_DEFI_PROGRAMS, isStablecoinMint, parseActionType, isSpendingAction, getPositionEffect, validateNetwork, normalizeNetwork, toInstruction, OVERLAY_EPOCH_DURATION, OVERLAY_NUM_EPOCHS, ROLLING_WINDOW_SECONDS, U64_MAX, } from "./types.js";
 export type { Network, NetworkInput, PositionEffect } from "./types.js";
 export { resolveVaultState, resolveVaultStateForOwner, resolveVaultBudget, getRolling24hUsd, getAgentRolling24hUsd, getProtocolSpend, getSpendingHistory, bytesToAddress, findVaultsByOwner, findEscrowsByVault, findSessionsByVault, getPendingPolicyForVault, getPendingConstraintsForVault, } from "./state-resolver.js";
 export type { EffectiveBudget, ProtocolBudget, SpendingEpoch, ResolvedVaultState, ResolvedVaultStateForOwner, ResolvedBudget, VaultLocator, 
@@ -58,8 +58,13 @@ export type { SigilClientApi } from "./seal.js";
 export type { SealParams, SealResult, SigilClientConfig, ClientSealOpts, ExecuteResult, } from "./seal.js";
 export { createVault, createAndSendVault } from "./create-vault.js";
 export type { CreateVaultOptions, CreateVaultResult, CreateAndSendVaultOptions, CreateAndSendVaultResult, } from "./create-vault.js";
-export { VAULT_PRESETS, getPreset, listPresets, presetToCreateVaultFields, } from "./presets.js";
-export type { VaultPreset, PresetName } from "./presets.js";
+export { VAULT_PRESETS, getPreset, listPresets, presetToCreateVaultFields, SAFETY_PRESETS, applySafetyPreset, requireResolvedSafetyPreset, } from "./presets.js";
+export type { VaultPreset, PresetName, SafetyPresetFields, SafetyPresetName, } from "./presets.js";
+export { parseUsd } from "./helpers/parse-usd.js";
+export { initializeVaultAtas, type InitializeVaultAtasParams, } from "./helpers/ata.js";
+export { validateAgentCapAggregate, type ValidateAgentCapAggregateParams, } from "./helpers/validate-cap-aggregate.js";
+export { NOOP_LOGGER, createConsoleLogger, resolveLogger, setSigilModuleLogger, getSigilModuleLogger, type SigilLogger, } from "./logger.js";
+export { SOLANA_DEVNET_GENESIS_HASH, SOLANA_MAINNET_GENESIS_HASH, } from "./seal.js";
 export { buildOwnerTransaction } from "./owner-transaction.js";
 export type { BuildOwnerTransactionParams, OwnerTransactionResult, } from "./owner-transaction.js";
 export { mapPoliciesToVaultParams, findNextVaultId, inscribe, withVault, } from "./inscribe.js";
@@ -76,7 +81,7 @@ export { ShieldConfigError } from "./core/index.js";
 export { evaluatePolicy, enforcePolicy, recordTransaction, } from "./core/index.js";
 export { KNOWN_PROTOCOLS, KNOWN_TOKENS, SYSTEM_PROGRAMS, getTokenInfo, getProtocolName, isKnownProtocol, isSystemProgram, } from "./core/index.js";
 export type { ShieldStorage, SpendEntry, TxEntry } from "./core/index.js";
-export { SigilError as SigilKitError, SigilShieldError, SigilTeeError, SigilX402Error, SigilComposeError, SigilSdkDomainError, SigilRpcError, SIGIL_KIT_VERSION, walk as walkSigilCause, type SigilErrorParameters, type SigilErrorCode, type SigilShieldErrorCode, type SigilTeeErrorCode, type SigilComposeErrorCode, type SigilX402ErrorCode, type SigilSdkErrorCode, type SigilRpcErrorCode, type SigilProgramErrorCode, type SigilErrorContext, SIGIL_ERROR__SHIELD__POLICY_DENIED, SIGIL_ERROR__SHIELD__CONFIG_INVALID, SIGIL_ERROR__SHIELD__RATE_LIMIT_EXCEEDED, SIGIL_ERROR__SHIELD__SESSION_BINDING, SIGIL_ERROR__TEE__ATTESTATION_FAILED, SIGIL_ERROR__TEE__CERT_CHAIN_INVALID, SIGIL_ERROR__TEE__PCR_MISMATCH, SIGIL_ERROR__COMPOSE__MISSING_PARAM, SIGIL_ERROR__COMPOSE__INVALID_BIGINT, SIGIL_ERROR__COMPOSE__UNSUPPORTED_ACTION, SIGIL_ERROR__X402__HEADER_MALFORMED, SIGIL_ERROR__X402__PAYMENT_FAILED, SIGIL_ERROR__X402__UNSUPPORTED, SIGIL_ERROR__X402__DESTINATION_BLOCKED, SIGIL_ERROR__X402__REPLAY, SIGIL_ERROR__SDK__INVALID_CONFIG, SIGIL_ERROR__SDK__INVALID_PARAMS, SIGIL_ERROR__SDK__INVALID_NETWORK, SIGIL_ERROR__SDK__INVALID_AMOUNT, SIGIL_ERROR__SDK__INVALID_CAPABILITY, SIGIL_ERROR__SDK__INVALID_ACTION_TYPE, SIGIL_ERROR__SDK__OWNER_AGENT_COLLISION, SIGIL_ERROR__SDK__VAULT_NOT_FOUND, SIGIL_ERROR__SDK__VAULT_INACTIVE, SIGIL_ERROR__SDK__VAULT_SLOTS_EXHAUSTED, SIGIL_ERROR__SDK__POLICY_NOT_FOUND, SIGIL_ERROR__SDK__AGENT_NOT_REGISTERED, SIGIL_ERROR__SDK__AGENT_PAUSED, SIGIL_ERROR__SDK__AGENT_ZERO_CAPABILITY, SIGIL_ERROR__SDK__SIGNER_INVALID, SIGIL_ERROR__SDK__SIGNATURE_INVALID, SIGIL_ERROR__SDK__SPL_TOKEN_OP_BLOCKED, SIGIL_ERROR__SDK__PROTOCOL_NOT_ALLOWED, SIGIL_ERROR__SDK__PROTOCOL_NOT_TARGETED, SIGIL_ERROR__SDK__INSTRUCTION_COUNT, SIGIL_ERROR__SDK__CAP_EXCEEDED, SIGIL_ERROR__SDK__ATA_NON_CANONICAL, SIGIL_ERROR__SDK__ALT_INTEGRITY, SIGIL_ERROR__SDK__ALT_NOT_DEPLOYED, SIGIL_ERROR__SDK__SEAL_FAILED, SIGIL_ERROR__SDK__UNKNOWN, SIGIL_ERROR__RPC__TX_FAILED, SIGIL_ERROR__RPC__CONFIRMATION_TIMEOUT, SIGIL_ERROR__RPC__SIMULATION_FAILED, SIGIL_ERROR__RPC__DRAIN_DETECTED, SIGIL_ERROR__RPC__TX_TOO_LARGE, SIGIL_ERROR__RPC__RATE_LIMITED, SIGIL_ERROR__RPC__INSTRUCTION_REQUIRED, SIGIL_ERROR__PROGRAM__GENERIC, } from "./errors/index.js";
+export { SigilError as SigilKitError, SigilShieldError, SigilTeeError, SigilX402Error, SigilComposeError, SigilSdkDomainError, SigilRpcError, SIGIL_KIT_VERSION, walk as walkSigilCause, type SigilErrorParameters, type SigilErrorCode, type SigilShieldErrorCode, type SigilTeeErrorCode, type SigilComposeErrorCode, type SigilX402ErrorCode, type SigilSdkErrorCode, type SigilRpcErrorCode, type SigilProgramErrorCode, type SigilErrorContext, } from "./errors/index.js";
 /** Per-module discriminated union of x402 errors (viem ErrorType pattern). */
 export type X402ErrorType = import("./x402/errors.js").X402ParseError | import("./x402/errors.js").X402PaymentError | import("./x402/errors.js").X402UnsupportedError | import("./x402/errors.js").X402DestinationBlockedError | import("./x402/errors.js").X402ReplayError;
 /** Per-module discriminated union of TEE errors. */
@@ -97,6 +102,8 @@ export type ShieldErrorType = import("./core/errors.js").ShieldDeniedError | imp
 export type SealErrorType = import("./agent-errors.js").SigilSdkError | import("./core/errors.js").ShieldDeniedError | import("./tee/wallet-types.js").TeeAttestationError | Error;
 /** Per-module discriminated union for OwnerClient (dashboard reads + mutations). */
 export type DashboardErrorType = import("./agent-errors.js").SigilSdkError | import("./core/errors.js").ShieldDeniedError | Error;
+export { createOwnerClient, OwnerClient } from "./dashboard/index.js";
+export type { OwnerClientConfig } from "./dashboard/types.js";
 export { getVaultPnL, getVaultPnLFromState, getVaultTokenBalances, getBalancePnL, BalanceSnapshotStore, } from "./balance-tracker.js";
 export type { TokenBalance, BalanceSnapshot, VaultPnL, BalancePnL, } from "./balance-tracker.js";
 //# sourceMappingURL=index.d.ts.map