@waiaas/daemon 2.11.0-rc.8 → 2.11.0

package/dist/pipeline/evaluators/approved-spenders.d.ts

@@ -0,0 +1,26 @@
+/**
+ * evaluators/approved-spenders.ts - APPROVED_SPENDERS, APPROVE_AMOUNT_LIMIT,
+ * APPROVE_TIER_OVERRIDE evaluation.
+ *
+ * Extracted from DatabasePolicyEngine private methods.
+ */
+import type { PolicyEvaluation, PolicyRow, TransactionParam, ParseRulesContext, SettingsContext } from './types.js';
+/**
+ * Evaluate APPROVED_SPENDERS policy.
+ *
+ * Returns PolicyEvaluation if denied, null if allowed (or not applicable).
+ */
+export declare function evaluateApprovedSpenders(ctx: ParseRulesContext & SettingsContext, resolved: PolicyRow[], transaction: TransactionParam): PolicyEvaluation | null;
+/**
+ * Evaluate APPROVE_AMOUNT_LIMIT policy.
+ *
+ * Returns PolicyEvaluation if denied, null if allowed (or not applicable).
+ */
+export declare function evaluateApproveAmountLimit(ctx: ParseRulesContext, resolved: PolicyRow[], transaction: TransactionParam): PolicyEvaluation | null;
+/**
+ * Evaluate APPROVE_TIER_OVERRIDE policy.
+ *
+ * Returns PolicyEvaluation if override policy exists, null otherwise.
+ */
+export declare function evaluateApproveTierOverride(ctx: ParseRulesContext, resolved: PolicyRow[], transaction: TransactionParam): PolicyEvaluation | null;
+//# sourceMappingURL=approved-spenders.d.ts.map

package/dist/pipeline/evaluators/approved-spenders.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approved-spenders.d.ts","sourceRoot":"","sources":["../../../src/pipeline/evaluators/approved-spenders.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,OAAO,KAAK,EAAE,gBAAgB,EAAc,SAAS,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAKhI;;;;GAIG;AACH,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,iBAAiB,GAAG,eAAe,EACxC,QAAQ,EAAE,SAAS,EAAE,EACrB,WAAW,EAAE,gBAAgB,GAC5B,gBAAgB,GAAG,IAAI,CA4CzB;AAED;;;;GAIG;AACH,wBAAgB,0BAA0B,CACxC,GAAG,EAAE,iBAAiB,EACtB,QAAQ,EAAE,SAAS,EAAE,EACrB,WAAW,EAAE,gBAAgB,GAC5B,gBAAgB,GAAG,IAAI,CA6CzB;AAED;;;;GAIG;AACH,wBAAgB,2BAA2B,CACzC,GAAG,EAAE,iBAAiB,EACtB,QAAQ,EAAE,SAAS,EAAE,EACrB,WAAW,EAAE,gBAAgB,GAC5B,gBAAgB,GAAG,IAAI,CAczB"}

package/dist/pipeline/evaluators/approved-spenders.js

@@ -0,0 +1,115 @@
+/**
+ * evaluators/approved-spenders.ts - APPROVED_SPENDERS, APPROVE_AMOUNT_LIMIT,
+ * APPROVE_TIER_OVERRIDE evaluation.
+ *
+ * Extracted from DatabasePolicyEngine private methods.
+ */
+import { ApprovedSpendersRulesSchema, ApproveAmountLimitRulesSchema, ApproveTierOverrideRulesSchema, } from '@waiaas/core';
+/** Threshold for detecting "unlimited" approve amounts. */
+const UNLIMITED_THRESHOLD = (2n ** 256n - 1n) / 2n;
+/**
+ * Evaluate APPROVED_SPENDERS policy.
+ *
+ * Returns PolicyEvaluation if denied, null if allowed (or not applicable).
+ */
+export function evaluateApprovedSpenders(ctx, resolved, transaction) {
+    // Only evaluate for APPROVE transactions
+    if (transaction.type !== 'APPROVE')
+        return null;
+    const approvedSpendersPolicy = resolved.find((p) => p.type === 'APPROVED_SPENDERS');
+    // No APPROVED_SPENDERS policy -> check toggle, then deny (default deny)
+    if (!approvedSpendersPolicy) {
+        if (ctx.settingsService?.get('policy.default_deny_spenders') === 'false') {
+            return null; // default-allow mode: skip approved spenders check
+        }
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: 'Token approvals disabled: no APPROVED_SPENDERS policy configured',
+        };
+    }
+    // Parse rules.spenders array
+    const rules = ctx.parseRules(approvedSpendersPolicy.rules, ApprovedSpendersRulesSchema, 'APPROVED_SPENDERS');
+    const spenderAddress = transaction.spenderAddress;
+    if (!spenderAddress) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: 'Approve missing spender address',
+        };
+    }
+    // Check if spender is in approved list (case-insensitive for EVM addresses)
+    const isApproved = rules.spenders.some((s) => s.address.toLowerCase() === spenderAddress.toLowerCase());
+    if (!isApproved) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: `Spender not in approved list: ${spenderAddress}`,
+        };
+    }
+    return null; // Spender is approved, continue evaluation
+}
+/**
+ * Evaluate APPROVE_AMOUNT_LIMIT policy.
+ *
+ * Returns PolicyEvaluation if denied, null if allowed (or not applicable).
+ */
+export function evaluateApproveAmountLimit(ctx, resolved, transaction) {
+    // Only evaluate for APPROVE transactions
+    if (transaction.type !== 'APPROVE')
+        return null;
+    const approveAmount = transaction.approveAmount;
+    if (!approveAmount)
+        return null; // No amount to check
+    const amount = BigInt(approveAmount);
+    const approveAmountPolicy = resolved.find((p) => p.type === 'APPROVE_AMOUNT_LIMIT');
+    if (!approveAmountPolicy) {
+        // No policy: default block unlimited
+        if (amount >= UNLIMITED_THRESHOLD) {
+            return {
+                allowed: false,
+                tier: 'INSTANT',
+                reason: 'Unlimited token approval is blocked',
+            };
+        }
+        return null;
+    }
+    // Parse rules
+    const rules = ctx.parseRules(approveAmountPolicy.rules, ApproveAmountLimitRulesSchema, 'APPROVE_AMOUNT_LIMIT');
+    // Check unlimited block
+    if (rules.blockUnlimited && amount >= UNLIMITED_THRESHOLD) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: 'Unlimited token approval is blocked',
+        };
+    }
+    // Check maxAmount cap
+    if (rules.maxAmount && amount > BigInt(rules.maxAmount)) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: 'Approve amount exceeds limit',
+        };
+    }
+    return null; // Amount within limits, continue evaluation
+}
+/**
+ * Evaluate APPROVE_TIER_OVERRIDE policy.
+ *
+ * Returns PolicyEvaluation if override policy exists, null otherwise.
+ */
+export function evaluateApproveTierOverride(ctx, resolved, transaction) {
+    // Only evaluate for APPROVE transactions
+    if (transaction.type !== 'APPROVE')
+        return null;
+    const approveTierPolicy = resolved.find((p) => p.type === 'APPROVE_TIER_OVERRIDE');
+    if (!approveTierPolicy) {
+        // Phase 236: No override -> fall through to SPENDING_LIMIT for token_limits evaluation
+        return null;
+    }
+    // Parse rules
+    const rules = ctx.parseRules(approveTierPolicy.rules, ApproveTierOverrideRulesSchema, 'APPROVE_TIER_OVERRIDE');
+    return { allowed: true, tier: rules.tier };
+}
+//# sourceMappingURL=approved-spenders.js.map

package/dist/pipeline/evaluators/approved-spenders.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"approved-spenders.js","sourceRoot":"","sources":["../../../src/pipeline/evaluators/approved-spenders.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,2BAA2B,EAC3B,6BAA6B,EAC7B,8BAA8B,GAC/B,MAAM,cAAc,CAAC;AAGtB,2DAA2D;AAC3D,MAAM,mBAAmB,GAAG,CAAC,EAAE,IAAI,IAAI,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;AAEnD;;;;GAIG;AACH,MAAM,UAAU,wBAAwB,CACtC,GAAwC,EACxC,QAAqB,EACrB,WAA6B;IAE7B,yCAAyC;IACzC,IAAI,WAAW,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAEhD,MAAM,sBAAsB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,CAAC;IAEpF,wEAAwE;IACxE,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC5B,IAAI,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,8BAA8B,CAAC,KAAK,OAAO,EAAE,CAAC;YACzE,OAAO,IAAI,CAAC,CAAC,mDAAmD;QAClE,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,kEAAkE;SAC3E,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,KAAK,EAAE,2BAA2B,EAAE,mBAAmB,CAAC,CAAC;IAC7G,MAAM,cAAc,GAAG,WAAW,CAAC,cAAc,CAAC;IAElD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,iCAAiC;SAC1C,CAAC;IACJ,CAAC;IAED,4EAA4E;IAC5E,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,cAAc,CAAC,WAAW,EAAE,CAChE,CAAC;IAEF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,iCAAiC,cAAc,EAAE;SAC1D,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,2CAA2C;AAC1D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,0BAA0B,CACxC,GAAsB,EACtB,QAAqB,EACrB,WAA6B;IAE7B,yCAAyC;IACzC,IAAI,WAAW,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAEhD,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC;IAChD,IAAI,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC,CAAC,qBAAqB;IAEtD,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC;IAErC,MAAM,mBAAmB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,sBAAsB,CAAC,CAAC;IAEpF,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,qCAAqC;QACrC,IAAI,MAAM,IAAI,mBAAmB,EAAE,CAAC;YAClC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,SAAS;gBACf,MAAM,EAAE,qCAAqC;aAC9C,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,cAAc;IACd,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAAC,KAAK,EAAE,6BAA6B,EAAE,sBAAsB,CAAC,CAAC;IAE/G,wBAAwB;IACxB,IAAI,KAAK,CAAC,cAAc,IAAI,MAAM,IAAI,mBAAmB,EAAE,CAAC;QAC1D,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,qCAAqC;SAC9C,CAAC;IACJ,CAAC;IAED,sBAAsB;IACtB,IAAI,KAAK,CAAC,SAAS,IAAI,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;QACxD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,8BAA8B;SACvC,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,4CAA4C;AAC3D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,2BAA2B,CACzC,GAAsB,EACtB,QAAqB,EACrB,WAA6B;IAE7B,yCAAyC;IACzC,IAAI,WAAW,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAEhD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,uBAAuB,CAAC,CAAC;IAEnF,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,uFAAuF;QACvF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,cAAc;IACd,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,iBAAiB,CAAC,KAAK,EAAE,8BAA8B,EAAE,uBAAuB,CAAC,CAAC;IAC/G,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAkB,EAAE,CAAC;AAC3D,CAAC"}

package/dist/pipeline/evaluators/contract-whitelist.d.ts

@@ -0,0 +1,28 @@
+/**
+ * evaluators/contract-whitelist.ts - CONTRACT_WHITELIST, METHOD_WHITELIST,
+ * VENUE_WHITELIST, PERP_ALLOWED_MARKETS evaluation.
+ *
+ * Extracted from DatabasePolicyEngine private methods.
+ */
+import type { PolicyEvaluation, PolicyRow, TransactionParam, ParseRulesContext, SettingsContext } from './types.js';
+/**
+ * Evaluate CONTRACT_WHITELIST policy.
+ *
+ * Returns PolicyEvaluation if denied, null if allowed (or not applicable).
+ */
+export declare function evaluateContractWhitelist(ctx: ParseRulesContext & SettingsContext, resolved: PolicyRow[], transaction: TransactionParam): PolicyEvaluation | null;
+/**
+ * Evaluate METHOD_WHITELIST policy.
+ *
+ * Returns PolicyEvaluation if denied, null if allowed (or not applicable).
+ */
+export declare function evaluateMethodWhitelist(ctx: ParseRulesContext, resolved: PolicyRow[], transaction: TransactionParam): PolicyEvaluation | null;
+/**
+ * Evaluate VENUE_WHITELIST policy (default-deny when enabled).
+ */
+export declare function evaluateVenueWhitelist(ctx: ParseRulesContext & SettingsContext, resolved: PolicyRow[], transaction: TransactionParam): PolicyEvaluation | null;
+/**
+ * Evaluate PERP_ALLOWED_MARKETS policy.
+ */
+export declare function evaluatePerpAllowedMarkets(ctx: ParseRulesContext, resolved: PolicyRow[], transaction: TransactionParam): PolicyEvaluation | null;
+//# sourceMappingURL=contract-whitelist.d.ts.map

package/dist/pipeline/evaluators/contract-whitelist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contract-whitelist.d.ts","sourceRoot":"","sources":["../../../src/pipeline/evaluators/contract-whitelist.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,gBAAgB,EAAE,SAAS,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEpH;;;;GAIG;AACH,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,iBAAiB,GAAG,eAAe,EACxC,QAAQ,EAAE,SAAS,EAAE,EACrB,WAAW,EAAE,gBAAgB,GAC5B,gBAAgB,GAAG,IAAI,CAiDzB;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,iBAAiB,EACtB,QAAQ,EAAE,SAAS,EAAE,EACrB,WAAW,EAAE,gBAAgB,GAC5B,gBAAgB,GAAG,IAAI,CA4CzB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,iBAAiB,GAAG,eAAe,EACxC,QAAQ,EAAE,SAAS,EAAE,EACrB,WAAW,EAAE,gBAAgB,GAC5B,gBAAgB,GAAG,IAAI,CAqCzB;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,GAAG,EAAE,iBAAiB,EACtB,QAAQ,EAAE,SAAS,EAAE,EACrB,WAAW,EAAE,gBAAgB,GAC5B,gBAAgB,GAAG,IAAI,CAkCzB"}

package/dist/pipeline/evaluators/contract-whitelist.js

@@ -0,0 +1,168 @@
+/**
+ * evaluators/contract-whitelist.ts - CONTRACT_WHITELIST, METHOD_WHITELIST,
+ * VENUE_WHITELIST, PERP_ALLOWED_MARKETS evaluation.
+ *
+ * Extracted from DatabasePolicyEngine private methods.
+ */
+import { ContractWhitelistRulesSchema, MethodWhitelistRulesSchema, VenueWhitelistRulesSchema, PerpAllowedMarketsRulesSchema, } from '@waiaas/core';
+/**
+ * Evaluate CONTRACT_WHITELIST policy.
+ *
+ * Returns PolicyEvaluation if denied, null if allowed (or not applicable).
+ */
+export function evaluateContractWhitelist(ctx, resolved, transaction) {
+    // Evaluate for CONTRACT_CALL and NFT_TRANSFER transactions (v31.0)
+    if (transaction.type !== 'CONTRACT_CALL' && transaction.type !== 'NFT_TRANSFER')
+        return null;
+    // Provider-trust: skip CONTRACT_WHITELIST for trusted action providers
+    if (transaction.actionProvider && ctx.settingsService) {
+        const enabledKey = `actions.${transaction.actionProvider}_enabled`;
+        try {
+            const enabled = ctx.settingsService.get(enabledKey);
+            if (enabled === 'true') {
+                return null; // Skip CONTRACT_WHITELIST -- provider is trusted
+            }
+        }
+        catch {
+            // Unknown setting key means provider is not registered -- fall through to normal check
+        }
+    }
+    const contractWhitelistPolicy = resolved.find((p) => p.type === 'CONTRACT_WHITELIST');
+    // No CONTRACT_WHITELIST policy -> check toggle, then deny (default deny)
+    if (!contractWhitelistPolicy) {
+        if (ctx.settingsService?.get('policy.default_deny_contracts') === 'false') {
+            return null; // default-allow mode: skip contract whitelist check
+        }
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: 'Contract calls disabled: no CONTRACT_WHITELIST policy configured',
+        };
+    }
+    // Parse rules.contracts array
+    const rules = ctx.parseRules(contractWhitelistPolicy.rules, ContractWhitelistRulesSchema, 'CONTRACT_WHITELIST');
+    const contractAddress = transaction.contractAddress ?? transaction.toAddress;
+    // Check if contract is in whitelist (case-insensitive comparison for EVM addresses)
+    const isWhitelisted = rules.contracts.some((c) => c.address.toLowerCase() === contractAddress.toLowerCase());
+    if (!isWhitelisted) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: `Contract not whitelisted: ${contractAddress}`,
+        };
+    }
+    return null; // Contract is whitelisted, continue evaluation
+}
+/**
+ * Evaluate METHOD_WHITELIST policy.
+ *
+ * Returns PolicyEvaluation if denied, null if allowed (or not applicable).
+ */
+export function evaluateMethodWhitelist(ctx, resolved, transaction) {
+    // Only evaluate for CONTRACT_CALL transactions
+    if (transaction.type !== 'CONTRACT_CALL')
+        return null;
+    const methodWhitelistPolicy = resolved.find((p) => p.type === 'METHOD_WHITELIST');
+    // No METHOD_WHITELIST policy -> no method restriction (optional policy)
+    if (!methodWhitelistPolicy)
+        return null;
+    // Parse rules.methods array
+    const rules = ctx.parseRules(methodWhitelistPolicy.rules, MethodWhitelistRulesSchema, 'METHOD_WHITELIST');
+    const contractAddress = transaction.contractAddress ?? transaction.toAddress;
+    const selector = transaction.selector;
+    // Find matching entry for this contract (case-insensitive)
+    const entry = rules.methods.find((m) => m.contractAddress.toLowerCase() === contractAddress.toLowerCase());
+    // No entry for this contract -> no method restriction for this specific contract
+    if (!entry)
+        return null;
+    // Check if selector is in the allowed list (case-insensitive)
+    if (!selector) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: `Method not whitelisted: missing selector on contract ${contractAddress}`,
+        };
+    }
+    const isAllowed = entry.selectors.some((s) => s.toLowerCase() === selector.toLowerCase());
+    if (!isAllowed) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: `Method not whitelisted: ${selector} on contract ${contractAddress}`,
+        };
+    }
+    return null; // Method is whitelisted, continue evaluation
+}
+/**
+ * Evaluate VENUE_WHITELIST policy (default-deny when enabled).
+ */
+export function evaluateVenueWhitelist(ctx, resolved, transaction) {
+    // No venue (contractCall) -> skip
+    if (!transaction.venue)
+        return null;
+    // Check if venue whitelist is enabled via Admin Settings
+    let enabled = false;
+    try {
+        enabled = ctx.settingsService?.get('venue_whitelist_enabled') === 'true';
+    }
+    catch {
+        // Setting key not registered -- disabled by default
+    }
+    if (!enabled)
+        return null;
+    const policy = resolved.find((p) => p.type === 'VENUE_WHITELIST');
+    const venueNorm = transaction.venue.toLowerCase();
+    if (!policy) {
+        // Default-deny: venue present but no whitelist policy
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: `VENUE_NOT_ALLOWED: venue '${transaction.venue}' is not whitelisted (no VENUE_WHITELIST policy)`,
+        };
+    }
+    const rules = ctx.parseRules(policy.rules, VenueWhitelistRulesSchema, 'VENUE_WHITELIST');
+    const isAllowed = rules.venues.some((v) => v.id.toLowerCase() === venueNorm);
+    if (!isAllowed) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: `VENUE_NOT_ALLOWED: venue '${transaction.venue}' is not in the whitelist`,
+        };
+    }
+    return null; // Venue allowed
+}
+/**
+ * Evaluate PERP_ALLOWED_MARKETS policy.
+ */
+export function evaluatePerpAllowedMarkets(ctx, resolved, transaction) {
+    const PERP_ACTIONS = new Set([
+        'open_position', 'close_position', 'modify_position',
+        'add_margin', 'withdraw_margin',
+    ]);
+    // Suffix matching for prefixed actions (drift_open_position -> open_position)
+    const actionSuffix = transaction.actionName
+        ? [...PERP_ACTIONS].find((a) => transaction.actionName.endsWith(a))
+        : undefined;
+    if (!actionSuffix)
+        return null; // Not a perp action
+    const marketPolicy = resolved.find((p) => p.type === 'PERP_ALLOWED_MARKETS');
+    if (!marketPolicy) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: 'No PERP_ALLOWED_MARKETS policy configured. Perp markets require explicit whitelist.',
+        };
+    }
+    const rules = ctx.parseRules(marketPolicy.rules, PerpAllowedMarketsRulesSchema, 'PERP_ALLOWED_MARKETS');
+    const targetMarket = transaction.contractAddress ?? transaction.toAddress;
+    const isAllowed = rules.markets.some((m) => m.market.toLowerCase() === targetMarket.toLowerCase());
+    if (!isAllowed) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: `Market ${targetMarket} not in perp allowed markets whitelist`,
+        };
+    }
+    return null;
+}
+//# sourceMappingURL=contract-whitelist.js.map

package/dist/pipeline/evaluators/contract-whitelist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contract-whitelist.js","sourceRoot":"","sources":["../../../src/pipeline/evaluators/contract-whitelist.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,yBAAyB,EACzB,6BAA6B,GAC9B,MAAM,cAAc,CAAC;AAGtB;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CACvC,GAAwC,EACxC,QAAqB,EACrB,WAA6B;IAE7B,mEAAmE;IACnE,IAAI,WAAW,CAAC,IAAI,KAAK,eAAe,IAAI,WAAW,CAAC,IAAI,KAAK,cAAc;QAAE,OAAO,IAAI,CAAC;IAE7F,uEAAuE;IACvE,IAAI,WAAW,CAAC,cAAc,IAAI,GAAG,CAAC,eAAe,EAAE,CAAC;QACtD,MAAM,UAAU,GAAG,WAAW,WAAW,CAAC,cAAc,UAAU,CAAC;QACnE,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACpD,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC,CAAC,iDAAiD;YAChE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uFAAuF;QACzF,CAAC;IACH,CAAC;IAED,MAAM,uBAAuB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,oBAAoB,CAAC,CAAC;IAEtF,yEAAyE;IACzE,IAAI,CAAC,uBAAuB,EAAE,CAAC;QAC7B,IAAI,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,+BAA+B,CAAC,KAAK,OAAO,EAAE,CAAC;YAC1E,OAAO,IAAI,CAAC,CAAC,oDAAoD;QACnE,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,kEAAkE;SAC3E,CAAC;IACJ,CAAC;IAED,8BAA8B;IAC9B,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,uBAAuB,CAAC,KAAK,EAAE,4BAA4B,EAAE,oBAAoB,CAAC,CAAC;IAChH,MAAM,eAAe,GAAG,WAAW,CAAC,eAAe,IAAI,WAAW,CAAC,SAAS,CAAC;IAE7E,oFAAoF;IACpF,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,eAAe,CAAC,WAAW,EAAE,CACjE,CAAC;IAEF,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,6BAA6B,eAAe,EAAE;SACvD,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,+CAA+C;AAC9D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CACrC,GAAsB,EACtB,QAAqB,EACrB,WAA6B;IAE7B,+CAA+C;IAC/C,IAAI,WAAW,CAAC,IAAI,KAAK,eAAe;QAAE,OAAO,IAAI,CAAC;IAEtD,MAAM,qBAAqB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;IAElF,wEAAwE;IACxE,IAAI,CAAC,qBAAqB;QAAE,OAAO,IAAI,CAAC;IAExC,4BAA4B;IAC5B,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,qBAAqB,CAAC,KAAK,EAAE,0BAA0B,EAAE,kBAAkB,CAAC,CAAC;IAC1G,MAAM,eAAe,GAAG,WAAW,CAAC,eAAe,IAAI,WAAW,CAAC,SAAS,CAAC;IAC7E,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;IAEtC,2DAA2D;IAC3D,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAC9B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,WAAW,EAAE,KAAK,eAAe,CAAC,WAAW,EAAE,CACzE,CAAC;IAEF,iFAAiF;IACjF,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,8DAA8D;IAC9D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,wDAAwD,eAAe,EAAE;SAClF,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,WAAW,EAAE,CAClD,CAAC;IAEF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,2BAA2B,QAAQ,gBAAgB,eAAe,EAAE;SAC7E,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,6CAA6C;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,GAAwC,EACxC,QAAqB,EACrB,WAA6B;IAE7B,kCAAkC;IAClC,IAAI,CAAC,WAAW,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAEpC,yDAAyD;IACzD,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,yBAAyB,CAAC,KAAK,MAAM,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,oDAAoD;IACtD,CAAC;IACD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAAC,CAAC;IAClE,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;IAElD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,sDAAsD;QACtD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,6BAA6B,WAAW,CAAC,KAAK,kDAAkD;SACzG,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,yBAAyB,EAAE,iBAAiB,CAAC,CAAC;IACzF,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,CAAC;IAE7E,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,6BAA6B,WAAW,CAAC,KAAK,2BAA2B;SAClF,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,gBAAgB;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,GAAsB,EACtB,QAAqB,EACrB,WAA6B;IAE7B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;QAC3B,eAAe,EAAE,gBAAgB,EAAE,iBAAiB;QACpD,YAAY,EAAE,iBAAiB;KAChC,CAAC,CAAC;IACH,8EAA8E;IAC9E,MAAM,YAAY,GAAG,WAAW,CAAC,UAAU;QACzC,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,UAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,SAAS,CAAC;IACd,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC,CAAC,oBAAoB;IAEpD,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,sBAAsB,CAAC,CAAC;IAC7E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,qFAAqF;SAC9F,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,KAAK,EAAE,6BAA6B,EAAE,sBAAsB,CAAC,CAAC;IACxG,MAAM,YAAY,GAAG,WAAW,CAAC,eAAe,IAAI,WAAW,CAAC,SAAS,CAAC;IAC1E,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,YAAY,CAAC,WAAW,EAAE,CAC7D,CAAC;IAEF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,UAAU,YAAY,wCAAwC;SACvE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/pipeline/evaluators/helpers.d.ts

@@ -0,0 +1,9 @@
+/**
+ * evaluators/helpers.ts - Shared helper functions for policy evaluators.
+ */
+import type { PolicyTier } from '@waiaas/core';
+/**
+ * Return the more conservative (higher) tier of two.
+ */
+export declare function maxTier(a: PolicyTier, b: PolicyTier): PolicyTier;
+//# sourceMappingURL=helpers.d.ts.map

package/dist/pipeline/evaluators/helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../../src/pipeline/evaluators/helpers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAI/C;;GAEG;AACH,wBAAgB,OAAO,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,UAAU,CAIhE"}

package/dist/pipeline/evaluators/helpers.js

@@ -0,0 +1,13 @@
+/**
+ * evaluators/helpers.ts - Shared helper functions for policy evaluators.
+ */
+const TIER_ORDER = ['INSTANT', 'NOTIFY', 'DELAY', 'APPROVAL'];
+/**
+ * Return the more conservative (higher) tier of two.
+ */
+export function maxTier(a, b) {
+    const aIdx = TIER_ORDER.indexOf(a);
+    const bIdx = TIER_ORDER.indexOf(b);
+    return TIER_ORDER[Math.max(aIdx, bIdx)];
+}
+//# sourceMappingURL=helpers.js.map

package/dist/pipeline/evaluators/helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../../src/pipeline/evaluators/helpers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,UAAU,GAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;AAE5E;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,CAAa,EAAE,CAAa;IAClD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACnC,OAAO,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAE,CAAC;AAC3C,CAAC"}

package/dist/pipeline/evaluators/lending-asset-whitelist.d.ts

@@ -0,0 +1,18 @@
+/**
+ * evaluators/lending-asset-whitelist.ts - LENDING_ASSET_WHITELIST evaluation.
+ *
+ * Extracted from DatabasePolicyEngine private methods.
+ */
+import type { PolicyEvaluation, PolicyRow, TransactionParam, ParseRulesContext } from './types.js';
+/**
+ * Evaluate LENDING_ASSET_WHITELIST policy.
+ *
+ * Logic:
+ * - Only applies to lending actions (supply/borrow/repay/withdraw)
+ * - If no LENDING_ASSET_WHITELIST policy exists: deny (default-deny per CLAUDE.md)
+ * - If policy exists: check if target contract address is in rules.assets[].address
+ *
+ * Returns PolicyEvaluation if denied, null if allowed (or not applicable).
+ */
+export declare function evaluateLendingAssetWhitelist(ctx: ParseRulesContext, resolved: PolicyRow[], transaction: TransactionParam): PolicyEvaluation | null;
+//# sourceMappingURL=lending-asset-whitelist.d.ts.map

package/dist/pipeline/evaluators/lending-asset-whitelist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lending-asset-whitelist.d.ts","sourceRoot":"","sources":["../../../src/pipeline/evaluators/lending-asset-whitelist.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,gBAAgB,EAAE,SAAS,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEnG;;;;;;;;;GASG;AACH,wBAAgB,6BAA6B,CAC3C,GAAG,EAAE,iBAAiB,EACtB,QAAQ,EAAE,SAAS,EAAE,EACrB,WAAW,EAAE,gBAAgB,GAC5B,gBAAgB,GAAG,IAAI,CA+BzB"}

package/dist/pipeline/evaluators/lending-asset-whitelist.js

@@ -0,0 +1,44 @@
+/**
+ * evaluators/lending-asset-whitelist.ts - LENDING_ASSET_WHITELIST evaluation.
+ *
+ * Extracted from DatabasePolicyEngine private methods.
+ */
+import { LendingAssetWhitelistRulesSchema } from '@waiaas/core';
+/**
+ * Evaluate LENDING_ASSET_WHITELIST policy.
+ *
+ * Logic:
+ * - Only applies to lending actions (supply/borrow/repay/withdraw)
+ * - If no LENDING_ASSET_WHITELIST policy exists: deny (default-deny per CLAUDE.md)
+ * - If policy exists: check if target contract address is in rules.assets[].address
+ *
+ * Returns PolicyEvaluation if denied, null if allowed (or not applicable).
+ */
+export function evaluateLendingAssetWhitelist(ctx, resolved, transaction) {
+    // Only applies to lending actions
+    const LENDING_ACTIONS = new Set(['supply', 'borrow', 'repay', 'withdraw']);
+    if (!transaction.actionName || !LENDING_ACTIONS.has(transaction.actionName)) {
+        return null;
+    }
+    const assetPolicy = resolved.find((p) => p.type === 'LENDING_ASSET_WHITELIST');
+    if (!assetPolicy) {
+        // Default-deny (CLAUDE.md compliance): no whitelist -> deny lending
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: 'No LENDING_ASSET_WHITELIST policy configured. Lending assets require explicit whitelist.',
+        };
+    }
+    const rules = ctx.parseRules(assetPolicy.rules, LendingAssetWhitelistRulesSchema, 'LENDING_ASSET_WHITELIST');
+    const targetAddress = transaction.contractAddress ?? transaction.toAddress;
+    const isWhitelisted = rules.assets.some((a) => a.address.toLowerCase() === targetAddress.toLowerCase());
+    if (!isWhitelisted) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: `Asset ${targetAddress} not in lending asset whitelist`,
+        };
+    }
+    return null; // pass through
+}
+//# sourceMappingURL=lending-asset-whitelist.js.map

package/dist/pipeline/evaluators/lending-asset-whitelist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lending-asset-whitelist.js","sourceRoot":"","sources":["../../../src/pipeline/evaluators/lending-asset-whitelist.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gCAAgC,EAAE,MAAM,cAAc,CAAC;AAGhE;;;;;;;;;GASG;AACH,MAAM,UAAU,6BAA6B,CAC3C,GAAsB,EACtB,QAAqB,EACrB,WAA6B;IAE7B,kCAAkC;IAClC,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;IAC3E,IAAI,CAAC,WAAW,CAAC,UAAU,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,yBAAyB,CAAC,CAAC;IAC/E,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,oEAAoE;QACpE,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,0FAA0F;SACnG,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,EAAE,gCAAgC,EAAE,yBAAyB,CAAC,CAAC;IAC7G,MAAM,aAAa,GAAG,WAAW,CAAC,eAAe,IAAI,WAAW,CAAC,SAAS,CAAC;IAC3E,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CACrC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,aAAa,CAAC,WAAW,EAAE,CAC/D,CAAC;IAEF,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,SAAS,aAAa,iCAAiC;SAChE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC,CAAC,eAAe;AAC9B,CAAC"}

package/dist/pipeline/evaluators/lending-ltv-limit.d.ts

@@ -0,0 +1,24 @@
+/**
+ * evaluators/lending-ltv-limit.ts - LENDING_LTV_LIMIT, PERP_MAX_LEVERAGE,
+ * PERP_MAX_POSITION_USD evaluation.
+ *
+ * Extracted from DatabasePolicyEngine private methods.
+ */
+import type { PolicyEvaluation, PolicyRow, TransactionParam, ParseRulesContext } from './types.js';
+import type { Database as SQLiteDatabase } from 'better-sqlite3';
+/**
+ * Evaluate LENDING_LTV_LIMIT policy for borrow actions.
+ *
+ * @param usdAmount - USD value of the new borrow (from pipeline IPriceOracle, LEND-09)
+ * Returns PolicyEvaluation if denied/escalated, null if allowed (or not applicable).
+ */
+export declare function evaluateLendingLtvLimit(ctx: ParseRulesContext, resolved: PolicyRow[], transaction: TransactionParam, walletId: string, sqlite: SQLiteDatabase | null, usdAmount?: number): PolicyEvaluation | null;
+/**
+ * Evaluate PERP_MAX_LEVERAGE policy.
+ */
+export declare function evaluatePerpMaxLeverage(ctx: ParseRulesContext, resolved: PolicyRow[], transaction: TransactionParam): PolicyEvaluation | null;
+/**
+ * Evaluate PERP_MAX_POSITION_USD policy.
+ */
+export declare function evaluatePerpMaxPositionUsd(ctx: ParseRulesContext, resolved: PolicyRow[], transaction: TransactionParam): PolicyEvaluation | null;
+//# sourceMappingURL=lending-ltv-limit.d.ts.map

package/dist/pipeline/evaluators/lending-ltv-limit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lending-ltv-limit.d.ts","sourceRoot":"","sources":["../../../src/pipeline/evaluators/lending-ltv-limit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,OAAO,KAAK,EAAc,gBAAgB,EAAE,SAAS,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/G,OAAO,KAAK,EAAE,QAAQ,IAAI,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEjE;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,iBAAiB,EACtB,QAAQ,EAAE,SAAS,EAAE,EACrB,WAAW,EAAE,gBAAgB,EAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,cAAc,GAAG,IAAI,EAC7B,SAAS,CAAC,EAAE,MAAM,GACjB,gBAAgB,GAAG,IAAI,CAoDzB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,iBAAiB,EACtB,QAAQ,EAAE,SAAS,EAAE,EACrB,WAAW,EAAE,gBAAgB,GAC5B,gBAAgB,GAAG,IAAI,CA+BzB;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,GAAG,EAAE,iBAAiB,EACtB,QAAQ,EAAE,SAAS,EAAE,EACrB,WAAW,EAAE,gBAAgB,GAC5B,gBAAgB,GAAG,IAAI,CA+BzB"}

package/dist/pipeline/evaluators/lending-ltv-limit.js

@@ -0,0 +1,130 @@
+/**
+ * evaluators/lending-ltv-limit.ts - LENDING_LTV_LIMIT, PERP_MAX_LEVERAGE,
+ * PERP_MAX_POSITION_USD evaluation.
+ *
+ * Extracted from DatabasePolicyEngine private methods.
+ */
+import { LendingLtvLimitRulesSchema, PerpMaxLeverageRulesSchema, PerpMaxPositionUsdRulesSchema, } from '@waiaas/core';
+/**
+ * Evaluate LENDING_LTV_LIMIT policy for borrow actions.
+ *
+ * @param usdAmount - USD value of the new borrow (from pipeline IPriceOracle, LEND-09)
+ * Returns PolicyEvaluation if denied/escalated, null if allowed (or not applicable).
+ */
+export function evaluateLendingLtvLimit(ctx, resolved, transaction, walletId, sqlite, usdAmount) {
+    // Only applies to borrow actions (matches 'borrow', 'aave_borrow', 'kamino_borrow', etc.)
+    if (!transaction.actionName?.endsWith('borrow'))
+        return null;
+    const ltvPolicy = resolved.find((p) => p.type === 'LENDING_LTV_LIMIT');
+    if (!ltvPolicy)
+        return null; // No LTV policy -> pass through
+    const rules = ctx.parseRules(ltvPolicy.rules, LendingLtvLimitRulesSchema, 'LENDING_LTV_LIMIT');
+    // Read cached position data from defi_positions
+    if (!sqlite)
+        return null;
+    const positions = sqlite.prepare("SELECT amount_usd, metadata, status FROM defi_positions WHERE wallet_id = ? AND category = 'LENDING' AND status = 'ACTIVE'").all(walletId);
+    // Aggregate collateral and debt from positions
+    let totalCollateralUsd = 0;
+    let totalDebtUsd = 0;
+    for (const pos of positions) {
+        if (!pos.metadata)
+            continue;
+        try {
+            const meta = JSON.parse(pos.metadata);
+            const posType = meta.positionType;
+            const usd = pos.amount_usd ?? 0;
+            if (posType === 'SUPPLY')
+                totalCollateralUsd += usd;
+            else if (posType === 'BORROW')
+                totalDebtUsd += usd;
+        }
+        catch { /* ignore parse errors */ }
+    }
+    // Calculate projected LTV including new borrow amount (LEND-09)
+    const newBorrowUsd = usdAmount ?? 0;
+    const projectedLtv = totalCollateralUsd > 0
+        ? (totalDebtUsd + newBorrowUsd) / totalCollateralUsd
+        : (totalDebtUsd > 0 || newBorrowUsd > 0 ? Infinity : 0);
+    if (projectedLtv > rules.maxLtv) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: `Borrow would exceed max LTV (projected: ${(projectedLtv * 100).toFixed(1)}%, limit: ${(rules.maxLtv * 100).toFixed(1)}%)`,
+        };
+    }
+    if (projectedLtv > rules.warningLtv) {
+        return {
+            allowed: true,
+            tier: 'DELAY',
+            reason: `LTV approaching limit (projected: ${(projectedLtv * 100).toFixed(1)}%)`,
+        };
+    }
+    return null; // pass through
+}
+/**
+ * Evaluate PERP_MAX_LEVERAGE policy.
+ */
+export function evaluatePerpMaxLeverage(ctx, resolved, transaction) {
+    if (!transaction.actionName)
+        return null;
+    const isLeverageAction = transaction.actionName.endsWith('open_position') ||
+        transaction.actionName.endsWith('modify_position');
+    if (!isLeverageAction)
+        return null;
+    const leveragePolicy = resolved.find((p) => p.type === 'PERP_MAX_LEVERAGE');
+    if (!leveragePolicy)
+        return null; // No leverage policy -> pass through
+    const rules = ctx.parseRules(leveragePolicy.rules, PerpMaxLeverageRulesSchema, 'PERP_MAX_LEVERAGE');
+    const leverage = transaction.perpLeverage;
+    if (typeof leverage !== 'number')
+        return null; // No leverage info -> pass through
+    if (leverage > rules.maxLeverage) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: `Leverage ${leverage}x exceeds max allowed (${rules.maxLeverage}x)`,
+        };
+    }
+    if (rules.warningLeverage && leverage > rules.warningLeverage) {
+        return {
+            allowed: true,
+            tier: 'DELAY',
+            reason: `Leverage ${leverage}x approaching limit (warning: ${rules.warningLeverage}x, max: ${rules.maxLeverage}x)`,
+        };
+    }
+    return null;
+}
+/**
+ * Evaluate PERP_MAX_POSITION_USD policy.
+ */
+export function evaluatePerpMaxPositionUsd(ctx, resolved, transaction) {
+    if (!transaction.actionName)
+        return null;
+    const isSizeAction = transaction.actionName.endsWith('open_position') ||
+        transaction.actionName.endsWith('modify_position');
+    if (!isSizeAction)
+        return null;
+    const sizePolicy = resolved.find((p) => p.type === 'PERP_MAX_POSITION_USD');
+    if (!sizePolicy)
+        return null; // No size policy -> pass through
+    const rules = ctx.parseRules(sizePolicy.rules, PerpMaxPositionUsdRulesSchema, 'PERP_MAX_POSITION_USD');
+    const sizeUsd = transaction.perpSizeUsd;
+    if (typeof sizeUsd !== 'number')
+        return null; // No size info -> pass through
+    if (sizeUsd > rules.maxPositionUsd) {
+        return {
+            allowed: false,
+            tier: 'INSTANT',
+            reason: `Position size $${sizeUsd.toLocaleString()} exceeds max allowed ($${rules.maxPositionUsd.toLocaleString()})`,
+        };
+    }
+    if (rules.warningPositionUsd && sizeUsd > rules.warningPositionUsd) {
+        return {
+            allowed: true,
+            tier: 'DELAY',
+            reason: `Position size $${sizeUsd.toLocaleString()} approaching limit (warning: $${rules.warningPositionUsd.toLocaleString()}, max: $${rules.maxPositionUsd.toLocaleString()})`,
+        };
+    }
+    return null;
+}
+//# sourceMappingURL=lending-ltv-limit.js.map

package/dist/pipeline/evaluators/lending-ltv-limit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lending-ltv-limit.js","sourceRoot":"","sources":["../../../src/pipeline/evaluators/lending-ltv-limit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,0BAA0B,EAC1B,0BAA0B,EAC1B,6BAA6B,GAC9B,MAAM,cAAc,CAAC;AAItB;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,GAAsB,EACtB,QAAqB,EACrB,WAA6B,EAC7B,QAAgB,EAChB,MAA6B,EAC7B,SAAkB;IAElB,0FAA0F;IAC1F,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAE7D,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,CAAC;IACvE,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC,CAAC,gCAAgC;IAE7D,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,0BAA0B,EAAE,mBAAmB,CAAC,CAAC;IAE/F,gDAAgD;IAChD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAC9B,4HAA4H,CAC7H,CAAC,GAAG,CAAC,QAAQ,CAAkF,CAAC;IAEjG,+CAA+C;IAC/C,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;QAC5B,IAAI,CAAC,GAAG,CAAC,QAAQ;YAAE,SAAS;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAA4B,CAAC;YACjE,MAAM,OAAO,GAAG,IAAI,CAAC,YAAkC,CAAC;YACxD,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,IAAI,CAAC,CAAC;YAChC,IAAI,OAAO,KAAK,QAAQ;gBAAE,kBAAkB,IAAI,GAAG,CAAC;iBAC/C,IAAI,OAAO,KAAK,QAAQ;gBAAE,YAAY,IAAI,GAAG,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC,CAAC,yBAAyB,CAAC,CAAC;IACvC,CAAC;IAED,gEAAgE;IAChE,MAAM,YAAY,GAAG,SAAS,IAAI,CAAC,CAAC;IAEpC,MAAM,YAAY,GAAG,kBAAkB,GAAG,CAAC;QACzC,CAAC,CAAC,CAAC,YAAY,GAAG,YAAY,CAAC,GAAG,kBAAkB;QACpD,CAAC,CAAC,CAAC,YAAY,GAAG,CAAC,IAAI,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE1D,IAAI,YAAY,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QAChC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,2CAA2C,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI;SACnI,CAAC;IACJ,CAAC;IACD,IAAI,YAAY,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC;QACpC,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,OAAqB;YAC3B,MAAM,EAAE,qCAAqC,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI;SACjF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC,CAAC,eAAe;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CACrC,GAAsB,EACtB,QAAqB,EACrB,WAA6B;IAE7B,IAAI,CAAC,WAAW,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACzC,MAAM,gBAAgB,GACpB,WAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,CAAC;QAChD,WAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACrD,IAAI,CAAC,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAEnC,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,CAAC;IAC5E,IAAI,CAAC,cAAc;QAAE,OAAO,IAAI,CAAC,CAAC,qCAAqC;IAEvE,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC,KAAK,EAAE,0BAA0B,EAAE,mBAAmB,CAAC,CAAC;IACpG,MAAM,QAAQ,GAAG,WAAW,CAAC,YAAY,CAAC;IAC1C,IAAI,OAAO,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,CAAC,mCAAmC;IAElF,IAAI,QAAQ,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QACjC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,YAAY,QAAQ,0BAA0B,KAAK,CAAC,WAAW,IAAI;SAC5E,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,CAAC,eAAe,IAAI,QAAQ,GAAG,KAAK,CAAC,eAAe,EAAE,CAAC;QAC9D,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,OAAqB;YAC3B,MAAM,EAAE,YAAY,QAAQ,iCAAiC,KAAK,CAAC,eAAe,WAAW,KAAK,CAAC,WAAW,IAAI;SACnH,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,GAAsB,EACtB,QAAqB,EACrB,WAA6B;IAE7B,IAAI,CAAC,WAAW,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACzC,MAAM,YAAY,GAChB,WAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,CAAC;QAChD,WAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACrD,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAE/B,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,uBAAuB,CAAC,CAAC;IAC5E,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC,CAAC,iCAAiC;IAE/D,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,KAAK,EAAE,6BAA6B,EAAE,uBAAuB,CAAC,CAAC;IACvG,MAAM,OAAO,GAAG,WAAW,CAAC,WAAW,CAAC;IACxC,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,CAAC,+BAA+B;IAE7E,IAAI,OAAO,GAAG,KAAK,CAAC,cAAc,EAAE,CAAC;QACnC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,kBAAkB,OAAO,CAAC,cAAc,EAAE,0BAA0B,KAAK,CAAC,cAAc,CAAC,cAAc,EAAE,GAAG;SACrH,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,CAAC,kBAAkB,IAAI,OAAO,GAAG,KAAK,CAAC,kBAAkB,EAAE,CAAC;QACnE,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,OAAqB;YAC3B,MAAM,EAAE,kBAAkB,OAAO,CAAC,cAAc,EAAE,iCAAiC,KAAK,CAAC,kBAAkB,CAAC,cAAc,EAAE,WAAW,KAAK,CAAC,cAAc,CAAC,cAAc,EAAE,GAAG;SAChL,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}