@zerox1/sdk 0.2.18 → 0.2.20

package/dist/index.js

@@ -36,7 +36,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.HostedAgent = exports.Zerox1Agent = void 0;
+exports.HostedAgent = exports.Zerox1Agent = exports.DEFAULT_SWAP_WHITELIST = void 0;
+exports.encodeProposePayload = encodeProposePayload;
+exports.encodeCounterPayload = encodeCounterPayload;
+exports.decodeProposePayload = decodeProposePayload;
+exports.encodeAcceptPayload = encodeAcceptPayload;
+exports.decodeAcceptPayload = decodeAcceptPayload;
+exports.decodeCounterPayload = decodeCounterPayload;
 const fs = __importStar(require("fs"));
 const net = __importStar(require("net"));
 const os = __importStar(require("os"));
@@ -45,6 +51,144 @@ const child_process_1 = require("child_process");
 const ws_1 = __importDefault(require("ws"));
 const ed = __importStar(require("@noble/ed25519"));
 // ============================================================================
+// Token swap whitelist
+// ============================================================================
+/**
+ * Default token mint addresses allowed in agent-to-agent swaps.
+ * Prevents agents from being tricked into swapping into fraudulent tokens.
+ *
+ * Both devnet and mainnet mints are included; the node validates against
+ * whichever network it is connected to.
+ *
+ * Override per-agent with `Zerox1Agent.setSwapWhitelist()`.
+ */
+exports.DEFAULT_SWAP_WHITELIST = new Set([
+    // SOL (wrapped)
+    'So11111111111111111111111111111111111111112',
+    // USDC — mainnet
+    'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v',
+    // USDC — devnet
+    '4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU',
+    // USDT — mainnet
+    'Es9vMFrzaCERmJfrF4H2FYD4KCoNkY11McCe8BenwNYB',
+    // JUP
+    'JUPyiwrYJFskUPiHa7hkeR8VUtAeFoSYbKedZNsDvCN',
+    // BONK
+    'DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263',
+    // RAY
+    '4k3Dyjzvzp8eMZWUXbBCjEvwSkkk59S5iCNLY3QrkX6R',
+    // WIF
+    'EKpQGSJtjMFqKZ9KQanSqYXRcF8fBopzLHYxdM65zcjm',
+    // BAGS — mainnet
+    'Bags4uLBdNscWBnHmqBozrjSScnEqPx5qZBzLiqnRVN7',
+]);
+// ============================================================================
+// PROPOSE / COUNTER payload encode + decode helpers
+// ============================================================================
+function writeBidPrefix(amount) {
+    const buf = Buffer.alloc(16);
+    buf.writeBigUInt64LE(amount & 0xffffffffffffffffn, 0);
+    buf.writeBigUInt64LE(amount >> 64n, 8);
+    return buf;
+}
+function readBidPrefix(raw) {
+    const lo = raw.readBigUInt64LE(0);
+    const hi = raw.readBigUInt64LE(8);
+    return (hi << 64n) | lo;
+}
+/**
+ * Encode a PROPOSE payload into the structured wire format:
+ * `[16-byte LE i128 amount][JSON {"max_rounds": N, "message": "..."}]`
+ */
+function encodeProposePayload(message, amount = 0n, maxRounds = 2) {
+    const prefix = writeBidPrefix(amount);
+    const json = Buffer.from(JSON.stringify({ max_rounds: maxRounds, message }));
+    return Buffer.concat([prefix, json]);
+}
+/**
+ * Encode a COUNTER payload into the structured wire format:
+ * `[16-byte LE i128 amount][JSON {"round": N, "max_rounds": M, "message": "..."}]`
+ */
+function encodeCounterPayload(amount, round, maxRounds, message = '') {
+    const prefix = writeBidPrefix(amount);
+    const json = Buffer.from(JSON.stringify({ round, max_rounds: maxRounds, message }));
+    return Buffer.concat([prefix, json]);
+}
+/**
+ * Decode a PROPOSE envelope payload.
+ * Returns `null` if the payload is not in the structured format
+ * (e.g. a raw-string PROPOSE from an older agent).
+ */
+function decodeProposePayload(payloadB64) {
+    const raw = Buffer.from(payloadB64, 'base64');
+    if (raw.length < 17 || raw[16] !== 0x7b /* '{' */)
+        return null;
+    try {
+        const body = JSON.parse(raw.slice(16).toString('utf8'));
+        return {
+            amount: readBidPrefix(raw),
+            maxRounds: Number(body['max_rounds'] ?? 2),
+            message: String(body['message'] ?? ''),
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Encode an ACCEPT payload.
+ * `[16-byte LE i128 amount][JSON {"message": "..."}]`
+ *
+ * Both parties must use the same `amount` — it is the agreed price that
+ * will be passed to `lockPayment` on-chain.
+ */
+function encodeAcceptPayload(amount, message = '') {
+    const prefix = writeBidPrefix(amount);
+    const json = Buffer.from(JSON.stringify({ message }));
+    return Buffer.concat([prefix, json]);
+}
+/**
+ * Decode an ACCEPT envelope payload.
+ * Returns `null` if the payload is not in the structured format
+ * (older agents may send a plain-text ACCEPT).
+ */
+function decodeAcceptPayload(payloadB64) {
+    const raw = Buffer.from(payloadB64, 'base64');
+    if (raw.length < 17 || raw[16] !== 0x7b /* '{' */)
+        return null;
+    try {
+        const body = JSON.parse(raw.slice(16).toString('utf8'));
+        return {
+            amount: readBidPrefix(raw),
+            message: String(body['message'] ?? ''),
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Decode a COUNTER envelope payload.
+ * Returns `null` if the payload is not in the structured format.
+ */
+function decodeCounterPayload(payloadB64) {
+    const raw = Buffer.from(payloadB64, 'base64');
+    if (raw.length < 17 || raw[16] !== 0x7b /* '{' */)
+        return null;
+    try {
+        const body = JSON.parse(raw.slice(16).toString('utf8'));
+        return {
+            amount: readBidPrefix(raw),
+            round: Number(body['round'] ?? 1),
+            maxRounds: Number(body['max_rounds'] ?? 2),
+            message: String(body['message'] ?? ''),
+        };
+    }
+    catch {
+        return null;
+    }
+}
+// ============================================================================
 // CBOR encoding for FEEDBACK payload
 //
 // FEEDBACK payloads must be CBOR-encoded. Receiving nodes run
@@ -153,6 +297,7 @@ class Zerox1Agent {
         this.port = 0;
         this.nodeUrl = '';
         this._reconnectDelay = 1000;
+        this._swapWhitelist = exports.DEFAULT_SWAP_WHITELIST;
     }
     // ── Factory ───────────────────────────────────────────────────────────────
     /**
@@ -401,6 +546,192 @@ class Zerox1Agent {
             payload,
         });
     }
+    /**
+     * Send a PROPOSE envelope.
+     *
+     * Calls POST /negotiate/propose — the node handles binary payload encoding.
+     * Returns the conversation ID used (auto-generated if not supplied)
+     * along with the send confirmation.
+     */
+    async sendPropose(params) {
+        const res = await fetch(`${this.nodeUrl}/negotiate/propose`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                recipient: params.recipient,
+                conversation_id: params.conversationId,
+                amount_usdc_micro: params.amount !== undefined ? Number(params.amount) : undefined,
+                max_rounds: params.maxRounds,
+                message: params.message,
+            }),
+        });
+        if (!res.ok) {
+            const err = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
+            throw new Error(err['error'] ?? `HTTP ${res.status}`);
+        }
+        const json = await res.json();
+        return {
+            conversationId: json['conversation_id'],
+            confirmation: { nonce: json['nonce'], payloadHash: json['payload_hash'] },
+        };
+    }
+    /**
+     * Send a COUNTER envelope.
+     *
+     * Calls POST /negotiate/counter — the node handles binary payload encoding.
+     * Protocol rules: `round` must be 1-indexed and <= `maxRounds`.
+     */
+    async sendCounter(params) {
+        if (params.round < 1 || params.round > params.maxRounds) {
+            throw new RangeError(`round ${params.round} is out of range [1, ${params.maxRounds}]`);
+        }
+        const res = await fetch(`${this.nodeUrl}/negotiate/counter`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                recipient: params.recipient,
+                conversation_id: params.conversationId,
+                amount_usdc_micro: Number(params.amount),
+                round: params.round,
+                max_rounds: params.maxRounds,
+                message: params.message,
+            }),
+        });
+        if (!res.ok) {
+            const err = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
+            throw new Error(err['error'] ?? `HTTP ${res.status}`);
+        }
+        const json = await res.json();
+        return { nonce: json['nonce'], payloadHash: json['payload_hash'] };
+    }
+    /**
+     * Send an ACCEPT envelope with the agreed amount.
+     *
+     * Calls POST /negotiate/accept — the node handles binary payload encoding.
+     * The `amount` must match the most-recent COUNTER (or original PROPOSE if
+     * there was no counter). Both parties use this value to call `lockPayment`.
+     */
+    async sendAccept(params) {
+        const res = await fetch(`${this.nodeUrl}/negotiate/accept`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                recipient: params.recipient,
+                conversation_id: params.conversationId,
+                amount_usdc_micro: Number(params.amount),
+                message: params.message,
+            }),
+        });
+        if (!res.ok) {
+            const err = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
+            throw new Error(err['error'] ?? `HTTP ${res.status}`);
+        }
+        const json = await res.json();
+        return { nonce: json['nonce'], payloadHash: json['payload_hash'] };
+    }
+    /**
+     * Lock USDC in the escrow program on-chain.
+     *
+     * Call this after `sendAccept()` to fund the escrow account before the
+     * provider begins work. The node signs the Solana transaction using its
+     * own keypair (this agent is the requester / payer).
+     *
+     * The automatic lock triggered by `sendAccept()` (via the node loop) uses
+     * default parameters. Use this method for explicit control — e.g. a custom
+     * notary or timeout.
+     *
+     * @param params.amount — must match the amount in the ACCEPT payload exactly.
+     */
+    async lockPayment(params) {
+        const res = await fetch(`${this.nodeUrl}/escrow/lock`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                provider: params.provider,
+                conversation_id: params.conversationId,
+                amount_usdc_micro: Number(params.amount),
+                notary_fee: params.notaryFee !== undefined ? Number(params.notaryFee) : undefined,
+                timeout_slots: params.timeoutSlots,
+                notary: params.notary,
+            }),
+        });
+        if (!res.ok) {
+            const err = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
+            throw new Error(`lockPayment failed: ${err['error'] ?? res.status}`);
+        }
+    }
+    /**
+     * Approve and release a locked escrow payment to the provider.
+     *
+     * Call this after verifying the provider's DELIVER output is satisfactory.
+     * The node signs as the approver (notary or requester).
+     *
+     * @param params.notary — defaults to this agent (self-approval when no separate notary).
+     */
+    async approvePayment(params) {
+        const res = await fetch(`${this.nodeUrl}/escrow/approve`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                requester: params.requester,
+                provider: params.provider,
+                conversation_id: params.conversationId,
+                notary: params.notary,
+            }),
+        });
+        if (!res.ok) {
+            const err = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
+            throw new Error(`approvePayment failed: ${err['error'] ?? res.status}`);
+        }
+    }
+    // ── Token swap ────────────────────────────────────────────────────────────
+    /**
+     * Override the token whitelist for this agent instance.
+     * Pass an empty Set to disable whitelist enforcement (not recommended).
+     */
+    setSwapWhitelist(whitelist) {
+        this._swapWhitelist = whitelist;
+    }
+    /**
+     * Execute a Jupiter token swap via the node's `/trade/swap` endpoint.
+     *
+     * Both `inputMint` and `outputMint` must be in the active whitelist
+     * (DEFAULT_SWAP_WHITELIST unless overridden via `setSwapWhitelist()`).
+     * This prevents agents from being deceived into swapping fraudulent tokens.
+     *
+     * @throws If either mint is not whitelisted, or the node rejects the swap.
+     */
+    async swap(params) {
+        const whitelist = params.whitelist ?? this._swapWhitelist;
+        if (whitelist.size > 0) {
+            if (!whitelist.has(params.inputMint)) {
+                throw new Error(`swap: inputMint ${params.inputMint} is not in the token whitelist`);
+            }
+            if (!whitelist.has(params.outputMint)) {
+                throw new Error(`swap: outputMint ${params.outputMint} is not in the token whitelist`);
+            }
+        }
+        const res = await fetch(`${this.nodeUrl}/trade/swap`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                input_mint: params.inputMint,
+                output_mint: params.outputMint,
+                amount: params.amount.toString(),
+                slippage_bps: params.slippageBps ?? 50,
+            }),
+        });
+        if (!res.ok) {
+            const err = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
+            throw new Error(`swap failed: ${err['error'] ?? res.status}`);
+        }
+        const data = await res.json();
+        return {
+            inAmount: BigInt(data.in_amount),
+            outAmount: BigInt(data.out_amount),
+            signature: data.signature,
+        };
+    }
     // ── Utilities ─────────────────────────────────────────────────────────────
     /** Generate a random 16-byte conversation ID as hex. */
     newConversationId() {
@@ -411,6 +742,7 @@ class Zerox1Agent {
     /**
      * Encode a bid value (i128 LE) into the first 16 bytes of a payload,
      * followed by optional extra bytes (your terms).
+     * @deprecated Use `encodeProposePayload()` or `encodeCounterPayload()` instead.
      */
     encodeBidValue(value, rest = Buffer.alloc(0)) {
         const buf = Buffer.alloc(16);
@@ -607,6 +939,74 @@ class HostedAgent {
         const payload = encodeFeedbackCbor(params.conversationId, params.targetAgent, params.score, outcomeMap[params.outcome], false, roleMap[params.role]);
         return this.send({ msgType: 'FEEDBACK', conversationId: params.conversationId, payload });
     }
+    /** Send a PROPOSE envelope via POST /hosted/negotiate/propose. */
+    async sendPropose(params) {
+        const res = await fetch(`${this.baseUrl}/hosted/negotiate/propose`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${this.token}`,
+            },
+            body: JSON.stringify({
+                recipient: params.recipient,
+                conversation_id: params.conversationId,
+                amount_usdc_micro: params.amount !== undefined ? Number(params.amount) : undefined,
+                max_rounds: params.maxRounds,
+                message: params.message,
+            }),
+        });
+        if (!res.ok) {
+            const body = await res.text();
+            throw new Error(`hosted propose failed (${res.status}): ${body}`);
+        }
+        const json = await res.json();
+        return { conversationId: json['conversation_id'] };
+    }
+    /** Send a COUNTER envelope via POST /hosted/negotiate/counter. */
+    async sendCounter(params) {
+        if (params.round < 1 || params.round > params.maxRounds) {
+            throw new RangeError(`round ${params.round} is out of range [1, ${params.maxRounds}]`);
+        }
+        const res = await fetch(`${this.baseUrl}/hosted/negotiate/counter`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${this.token}`,
+            },
+            body: JSON.stringify({
+                recipient: params.recipient,
+                conversation_id: params.conversationId,
+                amount_usdc_micro: Number(params.amount),
+                round: params.round,
+                max_rounds: params.maxRounds,
+                message: params.message,
+            }),
+        });
+        if (!res.ok && res.status !== 204) {
+            const body = await res.text();
+            throw new Error(`hosted counter failed (${res.status}): ${body}`);
+        }
+    }
+    /** Send an ACCEPT envelope via POST /hosted/negotiate/accept. */
+    async sendAccept(params) {
+        const res = await fetch(`${this.baseUrl}/hosted/negotiate/accept`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${this.token}`,
+            },
+            body: JSON.stringify({
+                recipient: params.recipient,
+                conversation_id: params.conversationId,
+                amount_usdc_micro: Number(params.amount),
+                message: params.message,
+            }),
+        });
+        if (!res.ok && res.status !== 204) {
+            const body = await res.text();
+            throw new Error(`hosted accept failed (${res.status}): ${body}`);
+        }
+    }
     /** Generate a random 16-byte conversation ID as hex. */
     newConversationId() {
         const bytes = new Uint8Array(16);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zerox1/sdk",
-  "version": "0.2.18",
+  "version": "0.2.20",
   "description": "0x01 mesh agent SDK — zero-config, binary bundled, works on every platform",
   "license": "MIT",
   "main": "dist/index.js",
@@ -14,10 +14,10 @@
     "ws": "^8.18.0"
   },
   "optionalDependencies": {
-    "@zerox1/sdk-darwin-arm64": "0.2.18",
-    "@zerox1/sdk-darwin-x64": "0.2.18",
-    "@zerox1/sdk-linux-x64": "0.2.18",
-    "@zerox1/sdk-win32-x64": "0.2.18"
+    "@zerox1/sdk-darwin-arm64": "0.2.20",
+    "@zerox1/sdk-darwin-x64": "0.2.20",
+    "@zerox1/sdk-linux-x64": "0.2.20",
+    "@zerox1/sdk-win32-x64": "0.2.20"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",

package/packages/darwin-arm64/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zerox1/sdk-darwin-arm64",
-  "version": "0.2.18",
+  "version": "0.2.20",
   "description": "zerox1-node binary for macOS ARM64 (Apple Silicon)",
   "os": [
     "darwin"

package/packages/darwin-x64/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zerox1/sdk-darwin-x64",
-  "version": "0.2.18",
+  "version": "0.2.20",
   "description": "zerox1-node binary for macOS x64 (Intel)",
   "os": [
     "darwin"

package/packages/linux-x64/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zerox1/sdk-linux-x64",
-  "version": "0.2.18",
+  "version": "0.2.20",
   "description": "zerox1-node binary for Linux x64",
   "os": [
     "linux"

package/packages/win32-x64/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zerox1/sdk-win32-x64",
-  "version": "0.2.18",
+  "version": "0.2.20",
   "description": "zerox1-node binary for Windows x64",
   "os": [
     "win32"