@zodiac-os/sdk 1.10.0 → 1.11.0

package/dist/cli/config.mjs

@@ -1,2 +1,2 @@
-import { a as resolveAbisDir, i as loadConfig, n as defineConfig, r as ensureConfigStub, t as DEFAULT_ABIS_DIR } from "../config-Be2Uj9_x.mjs";
+import { a as resolveAbisDir, i as loadConfig, n as defineConfig, r as ensureConfigStub, t as DEFAULT_ABIS_DIR } from "../config-DVHdL2W6.mjs";
 export { DEFAULT_ABIS_DIR, defineConfig, ensureConfigStub, loadConfig, resolveAbisDir };

package/dist/cli.mjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import { n as resolveZodiacDir, t as ApiClient } from "./api-CygEDU4N.mjs";
 import { a as walkContracts, i as readAbi, n as chainIdFor, o as writeAbi, r as abiFilePath } from "./networks-BTW1qAAa.mjs";
-import { a as resolveAbisDir, i as loadConfig, o as findProjectRoot, r as ensureConfigStub } from "./config-Be2Uj9_x.mjs";
+import { a as resolveAbisDir, i as loadConfig, o as findProjectRoot, r as ensureConfigStub } from "./config-DVHdL2W6.mjs";
 import fs, { existsSync, readFileSync, writeFileSync } from "node:fs";
 import path, { basename, join, resolve } from "node:path";
 import { invariant } from "@epic-web/invariant";

package/dist/{config-Be2Uj9_x.mjs → config-DVHdL2W6.mjs}

@@ -21,7 +21,20 @@ const findProjectRoot = (startDir = process.cwd()) => {
 //#endregion
 //#region src/cli/config.ts
 const defineConfig = (config) => config;
-const DEFAULT_CONFIG_PATH = "zodiac.config.ts";
+const CONFIG_BASENAME = "zodiac.config";
+/**
+* Extensions probed (in priority order) when the user doesn't pass an
+* explicit `--config` path. Mirrors what vite / vitest / tailwind accept.
+*/
+const CONFIG_EXTENSIONS = [
+	".ts",
+	".mts",
+	".cts",
+	".js",
+	".mjs",
+	".cjs"
+];
+const DEFAULT_CONFIG_PATH = `${CONFIG_BASENAME}.ts`;
 const CONFIG_STUB = `import { defineConfig } from "@zodiac-os/sdk/cli/config";
 
 export default defineConfig({
@@ -44,8 +57,24 @@ const ensureConfigStub = (absolutePath) => {
 	writeFileSync(absolutePath, CONFIG_STUB, "utf8");
 	return true;
 };
+/**
+* Turn a (possibly-default) config path into an absolute path under
+* `projectRoot`. When the caller didn't pass an explicit path, probe
+* for `zodiac.config.{ts,mts,cts,js,mjs,cjs}` and use whichever exists;
+* fall back to the canonical `.ts` name so a not-found error is
+* still phrased in terms users recognise.
+*/
+const resolveConfigPath = (projectRoot, configPath) => {
+	const explicit = resolve$1(projectRoot, configPath);
+	if (configPath !== DEFAULT_CONFIG_PATH) return explicit;
+	for (const ext of CONFIG_EXTENSIONS) {
+		const candidate = resolve$1(projectRoot, `${CONFIG_BASENAME}${ext}`);
+		if (existsSync(candidate)) return candidate;
+	}
+	return explicit;
+};
 async function loadConfig(configPath = DEFAULT_CONFIG_PATH, options = {}) {
-	const absolutePath = resolve$1(findProjectRoot(), configPath);
+	const absolutePath = resolveConfigPath(findProjectRoot(), configPath);
 	if (options.createIfMissing && ensureConfigStub(absolutePath)) console.log(`✅ Created ${absolutePath}`);
 	let mod;
 	try {
@@ -87,4 +116,4 @@ function resolveAbisDir(config) {
 //#endregion
 export { resolveAbisDir as a, loadConfig as i, defineConfig as n, findProjectRoot as o, ensureConfigStub as r, DEFAULT_ABIS_DIR as t };
 
-//# sourceMappingURL=config-Be2Uj9_x.mjs.map
+//# sourceMappingURL=config-DVHdL2W6.mjs.map

package/dist/config-DVHdL2W6.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-DVHdL2W6.mjs","names":["resolve","dirname"],"sources":["../src/cli/projectRoot.ts","../src/cli/config.ts"],"sourcesContent":["import { existsSync } from 'node:fs'\nimport { dirname, resolve } from 'node:path'\n\n/**\n * Walk up from `startDir` looking for a `package.json`. Returns the\n * directory that contains it. Falls back to `startDir` if no ancestor\n * has a `package.json` (e.g. when running outside any project).\n */\nexport const findProjectRoot = (startDir: string = process.cwd()): string => {\n  const absoluteStart = resolve(startDir)\n  let dir = absoluteStart\n\n  while (true) {\n    if (existsSync(resolve(dir, 'package.json'))) {\n      return dir\n    }\n    const parent = dirname(dir)\n    if (parent === dir) {\n      return absoluteStart\n    }\n    dir = parent\n  }\n}\n","import { existsSync, writeFileSync } from 'node:fs'\nimport { pathToFileURL } from 'url'\nimport { dirname, resolve } from 'path'\nimport { findProjectRoot } from './projectRoot'\n\nexport type Contracts = {\n  [chain: string]: ContractsNode\n}\nexport type ContractsNode = `0x${string}` | { [name: string]: ContractsNode }\n\nexport interface ZodiacConfig {\n  /**\n   * API key authorizing this directory against a Zodiac org.\n   *\n   * Optional — defaults to `process.env.ZODIAC_API_KEY` (populated by\n   * `zodiac init`). Set this explicitly only when you need to override\n   * the env var from inside the config file.\n   */\n  apiKey?: `zodiac_${string}`\n  /**\n   * Contracts the `allow` kit should know about, keyed by chain prefix.\n   * Nested objects are allowed for grouping related addresses.\n   */\n  contracts?: Contracts\n  /**\n   * Directory where fetched ABIs are stored and read from.\n   * Resolved relative to the project root (config file's directory).\n   * Defaults to `./abis`.\n   */\n  abisDir?: string\n}\n\n/** User-provided config plus the resolved API key + project root. */\nexport interface ResolvedConfig extends Omit<ZodiacConfig, 'apiKey'> {\n  apiKey: `zodiac_${string}`\n  rootDir: string\n}\n\n/**\n * Loose base used as the *inference* constraint for `defineConfig`.\n * `contracts` is `Record<string, unknown>` here so `const T` can preserve the\n * caller's exact address literals rather than collapsing them into the\n * recursive `ContractsNode` union.\n */\ntype DefineConfigInput = {\n  apiKey?: `zodiac_${string}`\n  contracts?: Record<string, unknown>\n  abisDir?: string\n}\n\n/**\n * Recursive leaf-level check: every leaf in `contracts` must be\n * `` `0x${string}` ``; any other value collapses the branch to `never`,\n * which surfaces as a type error at the call site.\n */\ntype ValidateContracts<C> = {\n  [K in keyof C]: C[K] extends `0x${string}`\n    ? C[K]\n    : C[K] extends object\n      ? ValidateContracts<C[K]>\n      : never\n}\n\nexport const defineConfig = <const T extends DefineConfigInput>(\n  config: T & {\n    contracts?: ValidateContracts<NonNullable<T['contracts']>>\n  }\n): T => config\n\nconst CONFIG_BASENAME = 'zodiac.config'\n\n/**\n * Extensions probed (in priority order) when the user doesn't pass an\n * explicit `--config` path. Mirrors what vite / vitest / tailwind accept.\n */\nconst CONFIG_EXTENSIONS = [\n  '.ts',\n  '.mts',\n  '.cts',\n  '.js',\n  '.mjs',\n  '.cjs',\n] as const\n\nconst DEFAULT_CONFIG_PATH = `${CONFIG_BASENAME}.ts`\n\nconst CONFIG_STUB = `import { defineConfig } from \"@zodiac-os/sdk/cli/config\";\n\nexport default defineConfig({\n  contracts: {\n    // Add contracts the \\`allow\\` kit should know about, keyed by chain prefix.\n    // Run \\`zodiac pull-contracts\\` after editing.\n    //\n    // eth: {\n    //   weth: \"0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2\",\n    // },\n  },\n});\n`\n\ntype LoadConfigOptions = {\n  /**\n   * Called when neither `config.apiKey` nor `process.env.ZODIAC_API_KEY` is\n   * set. Receives the resolved project root and must return a freshly minted\n   * API key. Typically wired to the interactive `init()` flow.\n   *\n   * If omitted, `loadConfig` throws when no key is found.\n   */\n  onMissingKey?: (rootDir: string) => Promise<string>\n  /**\n   * When the config file doesn't exist, write a minimal stub before\n   * loading. Used by the CLI's `pull` commands so first-time setup\n   * works without the user having to scaffold the file themselves.\n   */\n  createIfMissing?: boolean\n}\n\n/**\n * Write a starter `zodiac.config.ts` if no file exists at `absolutePath`.\n * Returns `true` if a file was written.\n */\nexport const ensureConfigStub = (absolutePath: string): boolean => {\n  if (existsSync(absolutePath)) return false\n  writeFileSync(absolutePath, CONFIG_STUB, 'utf8')\n  return true\n}\n\n/**\n * Turn a (possibly-default) config path into an absolute path under\n * `projectRoot`. When the caller didn't pass an explicit path, probe\n * for `zodiac.config.{ts,mts,cts,js,mjs,cjs}` and use whichever exists;\n * fall back to the canonical `.ts` name so a not-found error is\n * still phrased in terms users recognise.\n */\nconst resolveConfigPath = (projectRoot: string, configPath: string): string => {\n  const explicit = resolve(projectRoot, configPath)\n  if (configPath !== DEFAULT_CONFIG_PATH) return explicit\n\n  for (const ext of CONFIG_EXTENSIONS) {\n    const candidate = resolve(projectRoot, `${CONFIG_BASENAME}${ext}`)\n    if (existsSync(candidate)) return candidate\n  }\n  return explicit\n}\n\nexport async function loadConfig(\n  configPath: string = DEFAULT_CONFIG_PATH,\n  options: LoadConfigOptions = {}\n): Promise<ResolvedConfig> {\n  // Resolve relative paths (including the default) against the nearest\n  // package.json ancestor — that's where users expect the config to live,\n  // regardless of which subdir they ran the CLI from.\n  const projectRoot = findProjectRoot()\n  const absolutePath = resolveConfigPath(projectRoot, configPath)\n\n  if (options.createIfMissing && ensureConfigStub(absolutePath)) {\n    console.log(`✅ Created ${absolutePath}`)\n  }\n\n  let mod: Record<string, unknown>\n  try {\n    mod = await import(pathToFileURL(absolutePath).href)\n  } catch (error: any) {\n    if (error?.code === 'ERR_MODULE_NOT_FOUND' || error?.code === 'ENOENT') {\n      throw new Error(`Config file not found: ${absolutePath}`)\n    }\n    throw error\n  }\n\n  const config = (mod.default ?? mod.config) as ZodiacConfig | undefined\n  if (!config) {\n    throw new Error(\n      `Config file must export a default value or a named \"config\" export: ${absolutePath}`\n    )\n  }\n\n  const rootDir = dirname(absolutePath)\n  const apiKey = await resolveApiKey(config, rootDir, options)\n\n  return { ...config, apiKey, rootDir }\n}\n\nconst resolveApiKey = async (\n  config: ZodiacConfig,\n  rootDir: string,\n  { onMissingKey }: LoadConfigOptions\n): Promise<`zodiac_${string}`> => {\n  if (config.apiKey != null) {\n    if (!isApiKey(config.apiKey)) {\n      throw new Error(\n        '`apiKey` in zodiac.config.ts is malformed: a valid Zodiac API key starts with \"zodiac_\". Either remove the field to use ZODIAC_API_KEY, or run `zodiac init` to mint a fresh key.'\n      )\n    }\n    return config.apiKey\n  }\n\n  const fromEnv = process.env.ZODIAC_API_KEY\n  if (fromEnv != null && fromEnv !== '') {\n    if (!isApiKey(fromEnv)) {\n      throw new Error(\n        'ZODIAC_API_KEY is set but malformed: a valid Zodiac API key starts with \"zodiac_\". Run `zodiac init` to mint a fresh key.'\n      )\n    }\n    return fromEnv\n  }\n\n  if (onMissingKey == null) {\n    throw new Error(\n      'No Zodiac API key found. Set ZODIAC_API_KEY in your environment, or run `zodiac init` to generate one.'\n    )\n  }\n\n  const minted = await onMissingKey(rootDir)\n  if (!isApiKey(minted)) {\n    throw new Error(\n      `onMissingKey returned an invalid Zodiac API key (expected a value starting with \"zodiac_\").`\n    )\n  }\n  return minted\n}\n\nconst isApiKey = (value: string | undefined): value is `zodiac_${string}` =>\n  value != null && value.startsWith('zodiac_')\n\nexport const DEFAULT_ABIS_DIR = 'abis'\n\nexport function resolveAbisDir(config: ResolvedConfig): string {\n  return resolve(config.rootDir, config.abisDir ?? DEFAULT_ABIS_DIR)\n}\n"],"mappings":";;;;;;;;;;AAQA,MAAa,mBAAmB,WAAmB,QAAQ,KAAK,KAAa;CAC3E,MAAM,gBAAgB,QAAQ,SAAS;CACvC,IAAI,MAAM;AAEV,QAAO,MAAM;AACX,MAAI,WAAW,QAAQ,KAAK,eAAe,CAAC,CAC1C,QAAO;EAET,MAAM,SAAS,QAAQ,IAAI;AAC3B,MAAI,WAAW,IACb,QAAO;AAET,QAAM;;;;;AC2CV,MAAa,gBACX,WAGM;AAER,MAAM,kBAAkB;;;;;AAMxB,MAAM,oBAAoB;CACxB;CACA;CACA;CACA;CACA;CACA;CACD;AAED,MAAM,sBAAsB,GAAG,gBAAgB;AAE/C,MAAM,cAAc;;;;;;;;;;;;;;;;;AAmCpB,MAAa,oBAAoB,iBAAkC;AACjE,KAAI,WAAW,aAAa,CAAE,QAAO;AACrC,eAAc,cAAc,aAAa,OAAO;AAChD,QAAO;;;;;;;;;AAUT,MAAM,qBAAqB,aAAqB,eAA+B;CAC7E,MAAM,WAAWA,UAAQ,aAAa,WAAW;AACjD,KAAI,eAAe,oBAAqB,QAAO;AAE/C,MAAK,MAAM,OAAO,mBAAmB;EACnC,MAAM,YAAYA,UAAQ,aAAa,GAAG,kBAAkB,MAAM;AAClE,MAAI,WAAW,UAAU,CAAE,QAAO;;AAEpC,QAAO;;AAGT,eAAsB,WACpB,aAAqB,qBACrB,UAA6B,EAAE,EACN;CAKzB,MAAM,eAAe,kBADD,iBAAiB,EACe,WAAW;AAE/D,KAAI,QAAQ,mBAAmB,iBAAiB,aAAa,CAC3D,SAAQ,IAAI,aAAa,eAAe;CAG1C,IAAI;AACJ,KAAI;AACF,QAAM,MAAM,OAAO,cAAc,aAAa,CAAC;UACxC,OAAY;AACnB,MAAI,OAAO,SAAS,0BAA0B,OAAO,SAAS,SAC5D,OAAM,IAAI,MAAM,0BAA0B,eAAe;AAE3D,QAAM;;CAGR,MAAM,SAAU,IAAI,WAAW,IAAI;AACnC,KAAI,CAAC,OACH,OAAM,IAAI,MACR,uEAAuE,eACxE;CAGH,MAAM,UAAUC,UAAQ,aAAa;CACrC,MAAM,SAAS,MAAM,cAAc,QAAQ,SAAS,QAAQ;AAE5D,QAAO;EAAE,GAAG;EAAQ;EAAQ;EAAS;;AAGvC,MAAM,gBAAgB,OACpB,QACA,SACA,EAAE,mBAC8B;AAChC,KAAI,OAAO,UAAU,MAAM;AACzB,MAAI,CAAC,SAAS,OAAO,OAAO,CAC1B,OAAM,IAAI,MACR,sLACD;AAEH,SAAO,OAAO;;CAGhB,MAAM,UAAU,QAAQ,IAAI;AAC5B,KAAI,WAAW,QAAQ,YAAY,IAAI;AACrC,MAAI,CAAC,SAAS,QAAQ,CACpB,OAAM,IAAI,MACR,8HACD;AAEH,SAAO;;AAGT,KAAI,gBAAgB,KAClB,OAAM,IAAI,MACR,yGACD;CAGH,MAAM,SAAS,MAAM,aAAa,QAAQ;AAC1C,KAAI,CAAC,SAAS,OAAO,CACnB,OAAM,IAAI,MACR,8FACD;AAEH,QAAO;;AAGT,MAAM,YAAY,UAChB,SAAS,QAAQ,MAAM,WAAW,UAAU;AAE9C,MAAa,mBAAmB;AAEhC,SAAgB,eAAe,QAAgC;AAC7D,QAAOD,UAAQ,OAAO,SAAS,OAAO,WAAA,OAA4B"}

package/dist/index.d.mts

@@ -104,11 +104,14 @@ type RolesNode = NodeBase & Readonly<{
   target?: AddressOrRef; /** The account that is allowed to update the configuration of the Roles mod. */
   owner?: AddressOrRef; /** The account that calls will be executed from. */
   avatar?: AddressOrRef; /** MultiSend contract addresses for batched transactions. */
-  multisend?: readonly Address[]; /** Role definitions configured on this modifier. */
-  roles?: Record<string, RoleDef>;
-  /** Spending allowances configured on this modifier. Either an array or
-   * a Record keyed by name — both forms carry the same allowance specs. */
-  allowances?: readonly AllowanceSpec[] | Record<string, AllowanceSpec>;
+  multisend?: readonly Address[];
+  /** Role definitions configured on this modifier. Pass `null` for a key to
+   * clear that role; unmentioned roles are left untouched. */
+  roles?: Record<string, RoleDef | null>;
+  /** Spending allowances configured on this modifier, keyed by name. Pass
+   * `null` for a key to clear that allowance; unmentioned allowances are
+   * left untouched. */
+  allowances?: Record<string, AllowanceSpec | null>;
 }>;
 /** Any complete node that can be passed to `push()`. */
 type ConstellationNode = SafeNode | RolesNode;
@@ -124,11 +127,14 @@ type NewRolesProps = {
   target?: AddressOrRef; /** The account that calls will be executed from. Defaults to `target` value */
   avatar?: AddressOrRef; /** The account that is allowed to update the configuration of the Roles Mod. Defaults to `target` value */
   owner?: AddressOrRef; /** MultiSend contract addresses for batched transactions. Defaults to `['0x38869bf66a61cf6bdb996a6ae40d5853fd43b526', '0x9641d764fc13c8b624c04430c7356c1c7c8102e2']` */
-  multisend?: readonly Address[]; /** Role definitions to configure on this modifier. */
-  roles?: Record<string, RoleDef>;
-  /** Spending allowances to configure on this modifier. Either an array or
-   * a Record keyed by name — both forms carry the same allowance specs. */
-  allowances?: readonly AllowanceSpec[] | Record<string, AllowanceSpec>;
+  multisend?: readonly Address[];
+  /** Role definitions to configure on this modifier. Pass `null` for a key to
+   * clear that role; unmentioned roles are left untouched. */
+  roles?: Record<string, RoleDef | null>;
+  /** Spending allowances to configure on this modifier, keyed by name. Pass
+   * `null` for a key to clear that allowance; unmentioned allowances are
+   * left untouched. */
+  allowances?: Record<string, AllowanceSpec | null>;
 };
 type ExistingNodeAccessor<Type extends string, K extends string, E, Ch extends ChainId, NP extends Record<string, any>> = Readonly<Prettify<E & {
   type: Type;

package/dist/index.mjs

@@ -157,10 +157,6 @@ async function nodeToSpec(node, refs) {
 			spec.roles = await expandRoles(value, refs);
 			continue;
 		}
-		if (node.type === "ROLES" && key === "allowances" && value != null && !Array.isArray(value)) {
-			spec.allowances = resolveRefs(Object.values(value), refs);
-			continue;
-		}
 		spec[key] = resolveRefs(value, refs);
 	}
 	spec.ref = refs.byIdentity.get(node);
@@ -168,15 +164,17 @@ async function nodeToSpec(node, refs) {
 	return stringifyBigints(spec);
 }
 async function expandRoles(roles, refs) {
-	return Promise.all(Object.entries(roles).map(async ([key, def]) => {
+	const entries = await Promise.all(Object.entries(roles).map(async ([key, def]) => {
+		if (def == null) return [key, null];
 		const { targets, annotations } = processPermissions(await Promise.all(def.permissions.map((p) => Promise.resolve(p))));
-		return {
+		return [key, {
 			key,
 			members: resolveRefs(def.members, refs),
 			targets,
 			annotations: [...def.annotations ?? [], ...annotations]
-		};
+		}];
 	}));
+	return Object.fromEntries(entries);
 }
 function resolveRefs(value, refs) {
 	if (isConstellationNode(value)) {

package/dist/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","names":[],"sources":["../src/constellation.ts","../src/push.ts"],"sourcesContent":["/// <reference path=\"./zodiac-os-codegen.d.ts\" />\nimport type { Address, ChainId } from '@zodiac-os/api-types'\nimport type { AllowanceSpec } from './types'\nimport type { Annotation, Permission, PermissionSet } from 'zodiac-roles-sdk'\nimport { createRequire } from 'module'\nimport { resolveZodiacDir } from './paths'\nimport { UUID } from 'crypto'\n\n/**\n * A role definition keyed by role name. Permissions are expanded into\n * `{ targets, annotations }` via `processPermissions` at `push()` time.\n */\nexport type RoleDef = {\n  members: readonly AddressOrRef[]\n  permissions: readonly (Permission | PermissionSet | Promise<PermissionSet>)[]\n  annotations?: readonly Annotation[]\n}\n\ntype User = {\n  id: UUID\n  fullName: string\n  personalSafes: Record<\n    number,\n    { address: Lowercase<Address>; active: boolean }\n  >\n}\n\ntype Account = {\n  id: UUID\n  label: string\n  address: Lowercase<Address>\n  chain: ChainId\n  /** True for accounts promoted to a workspace vault. */\n  vault: boolean\n}\n\n/**\n * Accounts grouped by node type within a workspace. Per-type maps keep\n * bracket-accessor namespaces separate: a SAFE and a ROLES mod sharing a\n * label don't collide, and `eth.safe[...]` IntelliSense doesn't suggest\n * ROLES mod labels (and vice versa).\n */\ntype WorkspaceAccounts = {\n  workspaceId: UUID\n  workspaceName: string\n  safes: Readonly<Record<string, Account>>\n  rolesMods: Readonly<Record<string, Account>>\n  delays: Readonly<Record<string, Account>>\n}\n\n/** Shape of the codegen data produced by `zodiac pull-org`. */\nexport type CodegenData = {\n  users: Readonly<Record<string, User>>\n  accounts: Readonly<Record<string, WorkspaceAccounts>>\n}\n\n// If `pull-org` has been run, the consumer's `.zodiac/index.d.ts` augments\n// `ZodiacGeneratedCodegen` with literal `users`/`accounts` shapes. Otherwise\n// the interface is empty and we fall back to the wide `CodegenData`.\ntype GeneratedCodegen = ZodiacGeneratedCodegen extends CodegenData\n  ? ZodiacGeneratedCodegen\n  : CodegenData\n\ntype ConstellationOpts<C extends CodegenData> = {\n  /** Workspace to scope accounts and roles to. */\n  workspace: keyof C['accounts'] & string\n  /** Human-readable label for this constellation. */\n  label: string\n  /** Target chain for all nodes in this constellation. */\n  chain: ChainId\n}\n\ntype ConstellationInternalOpts<C extends CodegenData> = {\n  /** Injected codegen data (used for testing). */\n  codegen?: C\n}\n\ntype Prettify<T> = { readonly [K in keyof T]: T[K] } & {}\n\ntype SafeEntries<\n  C extends CodegenData,\n  W extends keyof C['accounts'],\n> = C['accounts'][W]['safes']\n\ntype RolesEntries<\n  C extends CodegenData,\n  W extends keyof C['accounts'],\n> = C['accounts'][W]['rolesMods']\n\ntype NodeType = 'SAFE' | 'ROLES' | 'DELAY'\n\n/** A reference to a node used in `owners`, `modules`, `target`, etc. */\ntype NodeRef = Readonly<{ type: NodeType; label: string; chain: ChainId }>\n\n/** A blockchain address (checksummed or lowercase) or a reference to another\n * node in the constellation. Values are normalized to lowercase before being\n * sent to the API. */\ntype AddressOrRef = Address | NodeRef\n\ntype NodeBase = Readonly<{\n  /** Human-readable identifier, unique within the constellation. */\n  label: string\n  /** Chain the node is deployed on. */\n  chain: ChainId\n  /** Set for existing nodes from codegen, absent for new nodes. */\n  address?: Lowercase<Address>\n  /** Deployment nonce — required for new nodes, optional for existing. */\n  nonce?: bigint\n}>\n\n/** A safe node spec — existing vault ref or new safe with required config. */\nexport type SafeNode = NodeBase &\n  Readonly<{\n    /** Discriminator identifying this node as a Safe. */\n    type: 'SAFE'\n    /** Number of owner signatures required to execute a transaction. */\n    threshold: number\n    /** Safe owner addresses or node references. */\n    owners: readonly (string | NodeRef)[]\n    /** Module addresses or node references enabled on the safe. */\n    modules?: readonly (string | NodeRef)[]\n    /** Whether this safe shall appear as a vault in the workspace. @default false */\n    vault?: boolean\n  }>\n\n/** A roles modifier node spec — existing vault ref or new roles with modifier config. */\nexport type RolesNode = NodeBase &\n  Readonly<{\n    /** Discriminator identifying this node as a Roles modifier. */\n    type: 'ROLES'\n    /** The safe that this roles modifier controls. */\n    target?: AddressOrRef\n    /** The account that is allowed to update the configuration of the Roles mod. */\n    owner?: AddressOrRef\n    /** The account that calls will be executed from. */\n    avatar?: AddressOrRef\n    /** MultiSend contract addresses for batched transactions. */\n    multisend?: readonly Address[]\n    /** Role definitions configured on this modifier. */\n    roles?: Record<string, RoleDef>\n    /** Spending allowances configured on this modifier. Either an array or\n     * a Record keyed by name — both forms carry the same allowance specs. */\n    allowances?: readonly AllowanceSpec[] | Record<string, AllowanceSpec>\n  }>\n\n/** Any complete node that can be passed to `push()`. */\nexport type ConstellationNode = SafeNode | RolesNode\nexport type ConstellationNodeInternal = ConstellationNode & {\n  _constellation: ConstellationMeta\n}\n\ntype NewSafeProps = {\n  /** Deployment nonce for CREATE2 address derivation. */\n  nonce: bigint\n  /** Number of owner signatures required to execute a transaction. */\n  threshold: number\n  /** Safe owner addresses or node references. */\n  owners: readonly AddressOrRef[]\n  /** Module addresses or node references to enable on the safe. */\n  modules?: readonly AddressOrRef[]\n  /** Whether this safe is a workspace vault. @default false */\n  vault?: boolean\n}\n\ntype NewRolesProps = {\n  /** Deployment nonce for CREATE2 address derivation. */\n  nonce: bigint\n  /** The safe that this roles modifier controls. Defaults to the new safe with the same label, when one exists. */\n  target?: AddressOrRef\n  /** The account that calls will be executed from. Defaults to `target` value */\n  avatar?: AddressOrRef\n  /** The account that is allowed to update the configuration of the Roles Mod. Defaults to `target` value */\n  owner?: AddressOrRef\n  /** MultiSend contract addresses for batched transactions. Defaults to `['0x38869bf66a61cf6bdb996a6ae40d5853fd43b526', '0x9641d764fc13c8b624c04430c7356c1c7c8102e2']` */\n  multisend?: readonly Address[]\n  /** Role definitions to configure on this modifier. */\n  roles?: Record<string, RoleDef>\n  /** Spending allowances to configure on this modifier. Either an array or\n   * a Record keyed by name — both forms carry the same allowance specs. */\n  allowances?: readonly AllowanceSpec[] | Record<string, AllowanceSpec>\n}\n\ntype ExistingNodeAccessor<\n  Type extends string,\n  K extends string,\n  E,\n  Ch extends ChainId,\n  NP extends Record<string, any>,\n> = Readonly<Prettify<E & { type: Type; label: K; chain: Ch }>> &\n  (<\n    O extends {\n      [P in Exclude<keyof E & string, 'id' | 'label'>]?: any\n    } & Partial<NP> = {},\n  >(\n    overrides?: {\n      [P in Exclude<keyof E & string, 'id' | 'label'>]?: any\n    } & Partial<NP> &\n      O\n  ) => Readonly<\n    Prettify<\n      Omit<E, keyof O> & O & Partial<NP> & { type: Type; label: K; chain: Ch }\n    >\n  >)\n\ntype NewNodeAccessor<\n  Type extends string,\n  Ch extends ChainId,\n  NP extends Record<string, any>,\n> = Readonly<Prettify<{ type: Type; label: string; chain: Ch }>> &\n  ((\n    props: NP\n  ) => Readonly<Prettify<NP & { type: Type; label: string; chain: Ch }>>)\n\ntype EntityAccessor<\n  Type extends string,\n  Entries extends Record<string, any>,\n  Ch extends ChainId = ChainId,\n  NP extends Record<string, any> = Record<string, any>,\n> = {\n  readonly [K in keyof Entries & string]: ExistingNodeAccessor<\n    Type,\n    K,\n    Entries[K],\n    Ch,\n    NP\n  >\n} & {\n  readonly [key: string]: NewNodeAccessor<Type, Ch, NP>\n}\n\ntype UserAccessor<C extends CodegenData, Ch extends number> = {\n  readonly [K in keyof C['users'] &\n    string]: C['users'][K]['personalSafes'][Ch]['address']\n}\n\ntype ConstellationResult<\n  C extends CodegenData,\n  W extends keyof C['accounts'] = keyof C['accounts'],\n  Ch extends ChainId = ChainId,\n> = {\n  /** Access existing safes by label or create new ones with a new label.\n   * Only SAFE-typed accounts are suggested in IntelliSense. */\n  safe: EntityAccessor<'SAFE', SafeEntries<C, W>, Ch, NewSafeProps>\n  /** Access existing roles modifiers by label or create new ones with a\n   * new label. Only ROLES-typed accounts are suggested in IntelliSense. */\n  roles: EntityAccessor<'ROLES', RolesEntries<C, W>, Ch, NewRolesProps>\n  /** Resolve a user's personal safe address on the constellation's chain. */\n  user: UserAccessor<C, Ch>\n}\n\n/** @internal */\nexport type ConstellationMeta = {\n  label: string\n  chain: ChainId\n  workspaceId: UUID\n}\n\nfunction loadCodegen(): CodegenData {\n  const require = createRequire(import.meta.url)\n  return require(resolveZodiacDir()) as CodegenData\n}\n\n/**\n * Creates a constellation scoped to a workspace and chain.\n *\n * Use bracket access to reference existing accounts (vaults and other\n * applied constellation nodes) or define new ones:\n * ```ts\n * const eth = constellation({ workspace: 'GG', label: 'my constellation', chain: 1 })\n *\n * const dao = eth.safe['GG DAO']              // existing account ref\n * const roles = eth.roles['GG DAO']           // existing roles ref\n * const newSafe = eth.safe['New Safe']({ nonce: 0n, threshold: 2, owners: [...], modules: [...] })\n * ```\n */\nexport function constellation<\n  const C extends CodegenData = GeneratedCodegen,\n  const W extends keyof C['accounts'] & string = keyof C['accounts'] & string,\n  const Ch extends ChainId = ChainId,\n>(\n  opts: ConstellationOpts<C> & { workspace: W; chain: Ch },\n  internal?: ConstellationInternalOpts<C>\n): ConstellationResult<C, W, Ch> {\n  const codegen: CodegenData = internal?.codegen ?? loadCodegen()\n\n  const ws = codegen.accounts[opts.workspace]\n  const safesByLabel: Record<string, Account> = {}\n  const rolesByLabel: Record<string, Account> = {}\n  if (ws) {\n    for (const [label, account] of Object.entries(ws.safes)) {\n      safesByLabel[label] = account\n    }\n    for (const [label, account] of Object.entries(ws.rolesMods)) {\n      rolesByLabel[label] = account\n    }\n  }\n\n  const meta: ConstellationMeta = {\n    label: opts.label,\n    chain: opts.chain,\n    workspaceId: (ws?.workspaceId ?? '') as UUID,\n  }\n\n  function makeNodeRef(\n    data: Record<string, any>\n  ): Readonly<Record<string, any>> {\n    return Object.freeze({\n      ...data,\n      chain: opts.chain,\n      _constellation: meta,\n    })\n  }\n\n  function entityAccessor(\n    registry: Record<string, Record<string, any>>,\n    type: string\n  ) {\n    const cache = new Map<string, Record<string, any>>()\n    return new Proxy({} as Record<string, any>, {\n      get(_target: any, name: string) {\n        if (typeof name !== 'string') return undefined\n        const cached = cache.get(name)\n        if (cached) return cached\n        const existing = registry[name]\n        // Bracket-access keys in the generated codegen carry a\n        // ` (0xChecksummed…)` suffix when multiple workspace accounts share\n        // a label. The label sent in the push spec should be the clean\n        // original, so prefer `existing.label` when it's available.\n        const specLabel: string = existing?.label ?? name\n        const fn = (overrides?: Record<string, any>) =>\n          makeNodeRef({\n            type,\n            ...(existing || {}),\n            ...overrides,\n            label: specLabel,\n          })\n        Object.assign(fn, {\n          type,\n          ...(existing || {}),\n          label: specLabel,\n          chain: opts.chain,\n          _constellation: meta,\n        })\n        cache.set(name, fn)\n        return fn\n      },\n    })\n  }\n\n  function userAccessor() {\n    return new Proxy(\n      {},\n      {\n        get(_target: any, name: string) {\n          const user = codegen.users[name]\n          if (!user) throw new Error(`Unknown user: ${name}`)\n          const personalSafe = user.personalSafes[opts.chain]\n          if (!personalSafe) {\n            throw new Error(\n              `User ${name} has no personal safe on chain ${opts.chain}`\n            )\n          }\n          return personalSafe.address\n        },\n      }\n    )\n  }\n\n  const safe = entityAccessor(safesByLabel, 'SAFE')\n  const roles = entityAccessor(rolesByLabel, 'ROLES')\n\n  return {\n    safe,\n    roles,\n    user: userAccessor(),\n  } as ConstellationResult<C, W, Ch>\n}\n","import type {\n  ApplyConstellationPayload,\n  ApplyConstellationResult,\n} from '@zodiac-os/api-types'\nimport { invariant } from '@epic-web/invariant'\nimport { processPermissions } from 'zodiac-roles-sdk'\nimport type { PermissionSet } from 'zodiac-roles-sdk'\nimport { ApiClient } from './api'\nimport type {\n  ConstellationMeta,\n  ConstellationNode,\n  ConstellationNodeInternal,\n  RoleDef,\n} from './constellation'\nimport type { AllowanceSpec } from './types'\n\ntype PushOpts = {\n  /** API client instance. Defaults to a client configured from environment variables. */\n  api?: ApiClient\n}\n\n/**\n * Resolves node references and pushes the constellation specification to the API.\n *\n *\n * ```ts\n * const eth = constellation({ workspace: 'GG', label: 'my constellation', chain: 1 })\n * const dao = eth.safe['GG DAO']\n * const roles = eth.roles['New Roles']({ nonce: 0n, target: dao, owner: dao, avatar: dao })\n *\n * await push([dao, roles])\n * ```\n */\nexport async function push(\n  nodes: ConstellationNode[] | { [key: string]: ConstellationNode },\n  opts?: PushOpts\n): Promise<ApplyConstellationResult[]> {\n  const api = opts?.api ?? new ApiClient()\n  const refs = deriveRefs(nodes)\n\n  // Group nodes by constellation (multiple constellations can be applied with a single call)\n  const groups = new Map<\n    string,\n    { meta: ConstellationMeta; nodes: ConstellationNodeInternal[] }\n  >()\n\n  for (const node of refs.byIdentity.keys()) {\n    const meta = node._constellation\n    invariant(\n      meta,\n      `Node \"${node.label}\" is not associated with a constellation`\n    )\n    const key = `${meta.workspaceId}:${meta.chain}:${meta.label}`\n    let group = groups.get(key)\n    if (!group) {\n      group = { meta, nodes: [] }\n      groups.set(key, group)\n    }\n    group.nodes.push(node)\n  }\n\n  const results: ApplyConstellationResult[] = []\n  for (const { meta, nodes: groupNodes } of groups.values()) {\n    const specification = await Promise.all(\n      groupNodes.map((n) => nodeToSpec(n, refs))\n    )\n    const result = await api.applyConstellation(meta.workspaceId, {\n      label: meta.label,\n      chain: meta.chain,\n      specification,\n    })\n    results.push(result)\n  }\n\n  return results\n}\n\ntype RefsIndex = {\n  byIdentity: Map<ConstellationNodeInternal, string>\n  byLabel: Map<string, string>\n}\n\nfunction labelKey(node: ConstellationNodeInternal): string {\n  return `${node._constellation.workspaceId}:${node.type}:${node.label}`\n}\n\nfunction deriveRefs(\n  nodes: ConstellationNode[] | { [key: string]: ConstellationNode }\n): RefsIndex {\n  const byIdentity = new Map<ConstellationNodeInternal, string>()\n  const byLabel = new Map<string, string>()\n\n  const register = (node: ConstellationNodeInternal, ref: string) => {\n    byIdentity.set(node, ref)\n    byLabel.set(labelKey(node), ref)\n  }\n\n  if (Array.isArray(nodes)) {\n    for (let i = 0; i < nodes.length; i++) {\n      const node = nodes[i]\n      invariant(\n        isConstellationNode(node),\n        `unexpected node input at index: ${i}`\n      )\n      register(node, `${i}`)\n    }\n  } else {\n    for (const [key, node] of Object.entries(nodes)) {\n      invariant(\n        isConstellationNode(node),\n        `unexpected node input under key: ${key}`\n      )\n      register(node, key)\n    }\n  }\n\n  return { byIdentity, byLabel }\n}\n\nasync function nodeToSpec(\n  node: ConstellationNodeInternal,\n  refs: RefsIndex\n): Promise<ApplyConstellationPayload['specification'][number]> {\n  const { id, _constellation, ...rest } = node as Record<string, any>\n  const spec: Record<string, any> = {}\n\n  for (const [key, value] of Object.entries(rest)) {\n    if (node.type === 'ROLES' && key === 'roles' && value != null) {\n      spec.roles = await expandRoles(value as Record<string, RoleDef>, refs)\n      continue\n    }\n    if (\n      node.type === 'ROLES' &&\n      key === 'allowances' &&\n      value != null &&\n      !Array.isArray(value)\n    ) {\n      spec.allowances = resolveRefs(\n        Object.values(value as Record<string, AllowanceSpec>),\n        refs\n      )\n      continue\n    }\n    spec[key] = resolveRefs(value, refs)\n  }\n\n  spec.ref = refs.byIdentity.get(node)\n  invariant(spec.ref != null, 'ref not found')\n\n  return stringifyBigints(\n    spec\n  ) as ApplyConstellationPayload['specification'][number]\n}\n\nasync function expandRoles(\n  roles: Record<string, RoleDef>,\n  refs: RefsIndex\n): Promise<unknown[]> {\n  return Promise.all(\n    Object.entries(roles).map(async ([key, def]) => {\n      const resolvedPermissions = (await Promise.all(\n        def.permissions.map((p) => Promise.resolve(p))\n      )) as Parameters<typeof processPermissions>[0][number][]\n      const { targets, annotations } = processPermissions(resolvedPermissions)\n      return {\n        key,\n        members: resolveRefs(def.members, refs),\n        targets,\n        annotations: [...(def.annotations ?? []), ...annotations],\n      }\n    })\n  )\n}\n\nfunction resolveRefs(value: unknown, refs: RefsIndex): unknown {\n  if (isConstellationNode(value)) {\n    const ref = refs.byIdentity.get(value) ?? refs.byLabel.get(labelKey(value))\n    invariant(\n      ref != null,\n      `Node \"${value.label}\" is referenced not included in the push() call`\n    )\n    return `$${ref}`\n  }\n\n  if (Array.isArray(value)) {\n    return value.map((v) => resolveRefs(v, refs))\n  }\n\n  if (typeof value === 'object' && value !== null) {\n    const resolved: Record<string, unknown> = {}\n    for (const [k, v] of Object.entries(value)) {\n      resolved[k] = resolveRefs(v, refs)\n    }\n    return resolved\n  }\n\n  // API expects lowercase addresses\n  if (typeof value === 'string' && /^0x[0-9a-fA-F]{40}$/.test(value)) {\n    return value.toLowerCase()\n  }\n\n  return value\n}\n\nfunction stringifyBigints(value: unknown): unknown {\n  if (typeof value === 'bigint') {\n    return value.toString()\n  }\n\n  if (Array.isArray(value)) {\n    return value.map(stringifyBigints)\n  }\n\n  if (typeof value === 'object' && value !== null) {\n    const result: Record<string, unknown> = {}\n    for (const [k, v] of Object.entries(value)) {\n      result[k] = stringifyBigints(v)\n    }\n    return result\n  }\n\n  return value\n}\n\nfunction isConstellationNode(\n  value: unknown\n): value is ConstellationNodeInternal {\n  if (typeof value === 'function' || typeof value === 'object') {\n    const obj = value as any\n    return (\n      obj != null &&\n      typeof obj.type === 'string' &&\n      typeof obj.chain === 'number' &&\n      typeof obj._constellation === 'object'\n    )\n  }\n  return false\n}\n"],"mappings":";;;;;;AAiQA,SAAS,cAA2B;AAElC,QADgB,cAAc,OAAO,KAAK,IAAI,CAC/B,kBAAkB,CAAC;;;;;;;;;;;;;;;AAgBpC,SAAgB,cAKd,MACA,UAC+B;CAC/B,MAAM,UAAuB,UAAU,WAAW,aAAa;CAE/D,MAAM,KAAK,QAAQ,SAAS,KAAK;CACjC,MAAM,eAAwC,EAAE;CAChD,MAAM,eAAwC,EAAE;AAChD,KAAI,IAAI;AACN,OAAK,MAAM,CAAC,OAAO,YAAY,OAAO,QAAQ,GAAG,MAAM,CACrD,cAAa,SAAS;AAExB,OAAK,MAAM,CAAC,OAAO,YAAY,OAAO,QAAQ,GAAG,UAAU,CACzD,cAAa,SAAS;;CAI1B,MAAM,OAA0B;EAC9B,OAAO,KAAK;EACZ,OAAO,KAAK;EACZ,aAAc,IAAI,eAAe;EAClC;CAED,SAAS,YACP,MAC+B;AAC/B,SAAO,OAAO,OAAO;GACnB,GAAG;GACH,OAAO,KAAK;GACZ,gBAAgB;GACjB,CAAC;;CAGJ,SAAS,eACP,UACA,MACA;EACA,MAAM,wBAAQ,IAAI,KAAkC;AACpD,SAAO,IAAI,MAAM,EAAE,EAAyB,EAC1C,IAAI,SAAc,MAAc;AAC9B,OAAI,OAAO,SAAS,SAAU,QAAO,KAAA;GACrC,MAAM,SAAS,MAAM,IAAI,KAAK;AAC9B,OAAI,OAAQ,QAAO;GACnB,MAAM,WAAW,SAAS;GAK1B,MAAM,YAAoB,UAAU,SAAS;GAC7C,MAAM,MAAM,cACV,YAAY;IACV;IACA,GAAI,YAAY,EAAE;IAClB,GAAG;IACH,OAAO;IACR,CAAC;AACJ,UAAO,OAAO,IAAI;IAChB;IACA,GAAI,YAAY,EAAE;IAClB,OAAO;IACP,OAAO,KAAK;IACZ,gBAAgB;IACjB,CAAC;AACF,SAAM,IAAI,MAAM,GAAG;AACnB,UAAO;KAEV,CAAC;;CAGJ,SAAS,eAAe;AACtB,SAAO,IAAI,MACT,EAAE,EACF,EACE,IAAI,SAAc,MAAc;GAC9B,MAAM,OAAO,QAAQ,MAAM;AAC3B,OAAI,CAAC,KAAM,OAAM,IAAI,MAAM,iBAAiB,OAAO;GACnD,MAAM,eAAe,KAAK,cAAc,KAAK;AAC7C,OAAI,CAAC,aACH,OAAM,IAAI,MACR,QAAQ,KAAK,iCAAiC,KAAK,QACpD;AAEH,UAAO,aAAa;KAEvB,CACF;;AAMH,QAAO;EACL,MAJW,eAAe,cAAc,OAAO;EAK/C,OAJY,eAAe,cAAc,QAAQ;EAKjD,MAAM,cAAc;EACrB;;;;;;;;;;;;;;;;ACtVH,eAAsB,KACpB,OACA,MACqC;CACrC,MAAM,MAAM,MAAM,OAAO,IAAI,WAAW;CACxC,MAAM,OAAO,WAAW,MAAM;CAG9B,MAAM,yBAAS,IAAI,KAGhB;AAEH,MAAK,MAAM,QAAQ,KAAK,WAAW,MAAM,EAAE;EACzC,MAAM,OAAO,KAAK;AAClB,YACE,MACA,SAAS,KAAK,MAAM,0CACrB;EACD,MAAM,MAAM,GAAG,KAAK,YAAY,GAAG,KAAK,MAAM,GAAG,KAAK;EACtD,IAAI,QAAQ,OAAO,IAAI,IAAI;AAC3B,MAAI,CAAC,OAAO;AACV,WAAQ;IAAE;IAAM,OAAO,EAAE;IAAE;AAC3B,UAAO,IAAI,KAAK,MAAM;;AAExB,QAAM,MAAM,KAAK,KAAK;;CAGxB,MAAM,UAAsC,EAAE;AAC9C,MAAK,MAAM,EAAE,MAAM,OAAO,gBAAgB,OAAO,QAAQ,EAAE;EACzD,MAAM,gBAAgB,MAAM,QAAQ,IAClC,WAAW,KAAK,MAAM,WAAW,GAAG,KAAK,CAAC,CAC3C;EACD,MAAM,SAAS,MAAM,IAAI,mBAAmB,KAAK,aAAa;GAC5D,OAAO,KAAK;GACZ,OAAO,KAAK;GACZ;GACD,CAAC;AACF,UAAQ,KAAK,OAAO;;AAGtB,QAAO;;AAQT,SAAS,SAAS,MAAyC;AACzD,QAAO,GAAG,KAAK,eAAe,YAAY,GAAG,KAAK,KAAK,GAAG,KAAK;;AAGjE,SAAS,WACP,OACW;CACX,MAAM,6BAAa,IAAI,KAAwC;CAC/D,MAAM,0BAAU,IAAI,KAAqB;CAEzC,MAAM,YAAY,MAAiC,QAAgB;AACjE,aAAW,IAAI,MAAM,IAAI;AACzB,UAAQ,IAAI,SAAS,KAAK,EAAE,IAAI;;AAGlC,KAAI,MAAM,QAAQ,MAAM,CACtB,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;EACrC,MAAM,OAAO,MAAM;AACnB,YACE,oBAAoB,KAAK,EACzB,mCAAmC,IACpC;AACD,WAAS,MAAM,GAAG,IAAI;;KAGxB,MAAK,MAAM,CAAC,KAAK,SAAS,OAAO,QAAQ,MAAM,EAAE;AAC/C,YACE,oBAAoB,KAAK,EACzB,oCAAoC,MACrC;AACD,WAAS,MAAM,IAAI;;AAIvB,QAAO;EAAE;EAAY;EAAS;;AAGhC,eAAe,WACb,MACA,MAC6D;CAC7D,MAAM,EAAE,IAAI,gBAAgB,GAAG,SAAS;CACxC,MAAM,OAA4B,EAAE;AAEpC,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,EAAE;AAC/C,MAAI,KAAK,SAAS,WAAW,QAAQ,WAAW,SAAS,MAAM;AAC7D,QAAK,QAAQ,MAAM,YAAY,OAAkC,KAAK;AACtE;;AAEF,MACE,KAAK,SAAS,WACd,QAAQ,gBACR,SAAS,QACT,CAAC,MAAM,QAAQ,MAAM,EACrB;AACA,QAAK,aAAa,YAChB,OAAO,OAAO,MAAuC,EACrD,KACD;AACD;;AAEF,OAAK,OAAO,YAAY,OAAO,KAAK;;AAGtC,MAAK,MAAM,KAAK,WAAW,IAAI,KAAK;AACpC,WAAU,KAAK,OAAO,MAAM,gBAAgB;AAE5C,QAAO,iBACL,KACD;;AAGH,eAAe,YACb,OACA,MACoB;AACpB,QAAO,QAAQ,IACb,OAAO,QAAQ,MAAM,CAAC,IAAI,OAAO,CAAC,KAAK,SAAS;EAI9C,MAAM,EAAE,SAAS,gBAAgB,mBAHJ,MAAM,QAAQ,IACzC,IAAI,YAAY,KAAK,MAAM,QAAQ,QAAQ,EAAE,CAAC,CAC/C,CACuE;AACxE,SAAO;GACL;GACA,SAAS,YAAY,IAAI,SAAS,KAAK;GACvC;GACA,aAAa,CAAC,GAAI,IAAI,eAAe,EAAE,EAAG,GAAG,YAAY;GAC1D;GACD,CACH;;AAGH,SAAS,YAAY,OAAgB,MAA0B;AAC7D,KAAI,oBAAoB,MAAM,EAAE;EAC9B,MAAM,MAAM,KAAK,WAAW,IAAI,MAAM,IAAI,KAAK,QAAQ,IAAI,SAAS,MAAM,CAAC;AAC3E,YACE,OAAO,MACP,SAAS,MAAM,MAAM,iDACtB;AACD,SAAO,IAAI;;AAGb,KAAI,MAAM,QAAQ,MAAM,CACtB,QAAO,MAAM,KAAK,MAAM,YAAY,GAAG,KAAK,CAAC;AAG/C,KAAI,OAAO,UAAU,YAAY,UAAU,MAAM;EAC/C,MAAM,WAAoC,EAAE;AAC5C,OAAK,MAAM,CAAC,GAAG,MAAM,OAAO,QAAQ,MAAM,CACxC,UAAS,KAAK,YAAY,GAAG,KAAK;AAEpC,SAAO;;AAIT,KAAI,OAAO,UAAU,YAAY,sBAAsB,KAAK,MAAM,CAChE,QAAO,MAAM,aAAa;AAG5B,QAAO;;AAGT,SAAS,iBAAiB,OAAyB;AACjD,KAAI,OAAO,UAAU,SACnB,QAAO,MAAM,UAAU;AAGzB,KAAI,MAAM,QAAQ,MAAM,CACtB,QAAO,MAAM,IAAI,iBAAiB;AAGpC,KAAI,OAAO,UAAU,YAAY,UAAU,MAAM;EAC/C,MAAM,SAAkC,EAAE;AAC1C,OAAK,MAAM,CAAC,GAAG,MAAM,OAAO,QAAQ,MAAM,CACxC,QAAO,KAAK,iBAAiB,EAAE;AAEjC,SAAO;;AAGT,QAAO;;AAGT,SAAS,oBACP,OACoC;AACpC,KAAI,OAAO,UAAU,cAAc,OAAO,UAAU,UAAU;EAC5D,MAAM,MAAM;AACZ,SACE,OAAO,QACP,OAAO,IAAI,SAAS,YACpB,OAAO,IAAI,UAAU,YACrB,OAAO,IAAI,mBAAmB;;AAGlC,QAAO"}
+{"version":3,"file":"index.mjs","names":[],"sources":["../src/constellation.ts","../src/push.ts"],"sourcesContent":["/// <reference path=\"./zodiac-os-codegen.d.ts\" />\nimport type { Address, ChainId } from '@zodiac-os/api-types'\nimport type { AllowanceSpec } from './types'\nimport type { Annotation, Permission, PermissionSet } from 'zodiac-roles-sdk'\nimport { createRequire } from 'module'\nimport { resolveZodiacDir } from './paths'\nimport { UUID } from 'crypto'\n\n/**\n * A role definition keyed by role name. Permissions are expanded into\n * `{ targets, annotations }` via `processPermissions` at `push()` time.\n */\nexport type RoleDef = {\n  members: readonly AddressOrRef[]\n  permissions: readonly (Permission | PermissionSet | Promise<PermissionSet>)[]\n  annotations?: readonly Annotation[]\n}\n\ntype User = {\n  id: UUID\n  fullName: string\n  personalSafes: Record<\n    number,\n    { address: Lowercase<Address>; active: boolean }\n  >\n}\n\ntype Account = {\n  id: UUID\n  label: string\n  address: Lowercase<Address>\n  chain: ChainId\n  /** True for accounts promoted to a workspace vault. */\n  vault: boolean\n}\n\n/**\n * Accounts grouped by node type within a workspace. Per-type maps keep\n * bracket-accessor namespaces separate: a SAFE and a ROLES mod sharing a\n * label don't collide, and `eth.safe[...]` IntelliSense doesn't suggest\n * ROLES mod labels (and vice versa).\n */\ntype WorkspaceAccounts = {\n  workspaceId: UUID\n  workspaceName: string\n  safes: Readonly<Record<string, Account>>\n  rolesMods: Readonly<Record<string, Account>>\n  delays: Readonly<Record<string, Account>>\n}\n\n/** Shape of the codegen data produced by `zodiac pull-org`. */\nexport type CodegenData = {\n  users: Readonly<Record<string, User>>\n  accounts: Readonly<Record<string, WorkspaceAccounts>>\n}\n\n// If `pull-org` has been run, the consumer's `.zodiac/index.d.ts` augments\n// `ZodiacGeneratedCodegen` with literal `users`/`accounts` shapes. Otherwise\n// the interface is empty and we fall back to the wide `CodegenData`.\ntype GeneratedCodegen = ZodiacGeneratedCodegen extends CodegenData\n  ? ZodiacGeneratedCodegen\n  : CodegenData\n\ntype ConstellationOpts<C extends CodegenData> = {\n  /** Workspace to scope accounts and roles to. */\n  workspace: keyof C['accounts'] & string\n  /** Human-readable label for this constellation. */\n  label: string\n  /** Target chain for all nodes in this constellation. */\n  chain: ChainId\n}\n\ntype ConstellationInternalOpts<C extends CodegenData> = {\n  /** Injected codegen data (used for testing). */\n  codegen?: C\n}\n\ntype Prettify<T> = { readonly [K in keyof T]: T[K] } & {}\n\ntype SafeEntries<\n  C extends CodegenData,\n  W extends keyof C['accounts'],\n> = C['accounts'][W]['safes']\n\ntype RolesEntries<\n  C extends CodegenData,\n  W extends keyof C['accounts'],\n> = C['accounts'][W]['rolesMods']\n\ntype NodeType = 'SAFE' | 'ROLES' | 'DELAY'\n\n/** A reference to a node used in `owners`, `modules`, `target`, etc. */\ntype NodeRef = Readonly<{ type: NodeType; label: string; chain: ChainId }>\n\n/** A blockchain address (checksummed or lowercase) or a reference to another\n * node in the constellation. Values are normalized to lowercase before being\n * sent to the API. */\ntype AddressOrRef = Address | NodeRef\n\ntype NodeBase = Readonly<{\n  /** Human-readable identifier, unique within the constellation. */\n  label: string\n  /** Chain the node is deployed on. */\n  chain: ChainId\n  /** Set for existing nodes from codegen, absent for new nodes. */\n  address?: Lowercase<Address>\n  /** Deployment nonce — required for new nodes, optional for existing. */\n  nonce?: bigint\n}>\n\n/** A safe node spec — existing vault ref or new safe with required config. */\nexport type SafeNode = NodeBase &\n  Readonly<{\n    /** Discriminator identifying this node as a Safe. */\n    type: 'SAFE'\n    /** Number of owner signatures required to execute a transaction. */\n    threshold: number\n    /** Safe owner addresses or node references. */\n    owners: readonly (string | NodeRef)[]\n    /** Module addresses or node references enabled on the safe. */\n    modules?: readonly (string | NodeRef)[]\n    /** Whether this safe shall appear as a vault in the workspace. @default false */\n    vault?: boolean\n  }>\n\n/** A roles modifier node spec — existing vault ref or new roles with modifier config. */\nexport type RolesNode = NodeBase &\n  Readonly<{\n    /** Discriminator identifying this node as a Roles modifier. */\n    type: 'ROLES'\n    /** The safe that this roles modifier controls. */\n    target?: AddressOrRef\n    /** The account that is allowed to update the configuration of the Roles mod. */\n    owner?: AddressOrRef\n    /** The account that calls will be executed from. */\n    avatar?: AddressOrRef\n    /** MultiSend contract addresses for batched transactions. */\n    multisend?: readonly Address[]\n    /** Role definitions configured on this modifier. Pass `null` for a key to\n     * clear that role; unmentioned roles are left untouched. */\n    roles?: Record<string, RoleDef | null>\n    /** Spending allowances configured on this modifier, keyed by name. Pass\n     * `null` for a key to clear that allowance; unmentioned allowances are\n     * left untouched. */\n    allowances?: Record<string, AllowanceSpec | null>\n  }>\n\n/** Any complete node that can be passed to `push()`. */\nexport type ConstellationNode = SafeNode | RolesNode\nexport type ConstellationNodeInternal = ConstellationNode & {\n  _constellation: ConstellationMeta\n}\n\ntype NewSafeProps = {\n  /** Deployment nonce for CREATE2 address derivation. */\n  nonce: bigint\n  /** Number of owner signatures required to execute a transaction. */\n  threshold: number\n  /** Safe owner addresses or node references. */\n  owners: readonly AddressOrRef[]\n  /** Module addresses or node references to enable on the safe. */\n  modules?: readonly AddressOrRef[]\n  /** Whether this safe is a workspace vault. @default false */\n  vault?: boolean\n}\n\ntype NewRolesProps = {\n  /** Deployment nonce for CREATE2 address derivation. */\n  nonce: bigint\n  /** The safe that this roles modifier controls. Defaults to the new safe with the same label, when one exists. */\n  target?: AddressOrRef\n  /** The account that calls will be executed from. Defaults to `target` value */\n  avatar?: AddressOrRef\n  /** The account that is allowed to update the configuration of the Roles Mod. Defaults to `target` value */\n  owner?: AddressOrRef\n  /** MultiSend contract addresses for batched transactions. Defaults to `['0x38869bf66a61cf6bdb996a6ae40d5853fd43b526', '0x9641d764fc13c8b624c04430c7356c1c7c8102e2']` */\n  multisend?: readonly Address[]\n  /** Role definitions to configure on this modifier. Pass `null` for a key to\n   * clear that role; unmentioned roles are left untouched. */\n  roles?: Record<string, RoleDef | null>\n  /** Spending allowances to configure on this modifier, keyed by name. Pass\n   * `null` for a key to clear that allowance; unmentioned allowances are\n   * left untouched. */\n  allowances?: Record<string, AllowanceSpec | null>\n}\n\ntype ExistingNodeAccessor<\n  Type extends string,\n  K extends string,\n  E,\n  Ch extends ChainId,\n  NP extends Record<string, any>,\n> = Readonly<Prettify<E & { type: Type; label: K; chain: Ch }>> &\n  (<\n    O extends {\n      [P in Exclude<keyof E & string, 'id' | 'label'>]?: any\n    } & Partial<NP> = {},\n  >(\n    overrides?: {\n      [P in Exclude<keyof E & string, 'id' | 'label'>]?: any\n    } & Partial<NP> &\n      O\n  ) => Readonly<\n    Prettify<\n      Omit<E, keyof O> & O & Partial<NP> & { type: Type; label: K; chain: Ch }\n    >\n  >)\n\ntype NewNodeAccessor<\n  Type extends string,\n  Ch extends ChainId,\n  NP extends Record<string, any>,\n> = Readonly<Prettify<{ type: Type; label: string; chain: Ch }>> &\n  ((\n    props: NP\n  ) => Readonly<Prettify<NP & { type: Type; label: string; chain: Ch }>>)\n\ntype EntityAccessor<\n  Type extends string,\n  Entries extends Record<string, any>,\n  Ch extends ChainId = ChainId,\n  NP extends Record<string, any> = Record<string, any>,\n> = {\n  readonly [K in keyof Entries & string]: ExistingNodeAccessor<\n    Type,\n    K,\n    Entries[K],\n    Ch,\n    NP\n  >\n} & {\n  readonly [key: string]: NewNodeAccessor<Type, Ch, NP>\n}\n\ntype UserAccessor<C extends CodegenData, Ch extends number> = {\n  readonly [K in keyof C['users'] &\n    string]: C['users'][K]['personalSafes'][Ch]['address']\n}\n\ntype ConstellationResult<\n  C extends CodegenData,\n  W extends keyof C['accounts'] = keyof C['accounts'],\n  Ch extends ChainId = ChainId,\n> = {\n  /** Access existing safes by label or create new ones with a new label.\n   * Only SAFE-typed accounts are suggested in IntelliSense. */\n  safe: EntityAccessor<'SAFE', SafeEntries<C, W>, Ch, NewSafeProps>\n  /** Access existing roles modifiers by label or create new ones with a\n   * new label. Only ROLES-typed accounts are suggested in IntelliSense. */\n  roles: EntityAccessor<'ROLES', RolesEntries<C, W>, Ch, NewRolesProps>\n  /** Resolve a user's personal safe address on the constellation's chain. */\n  user: UserAccessor<C, Ch>\n}\n\n/** @internal */\nexport type ConstellationMeta = {\n  label: string\n  chain: ChainId\n  workspaceId: UUID\n}\n\nfunction loadCodegen(): CodegenData {\n  const require = createRequire(import.meta.url)\n  return require(resolveZodiacDir()) as CodegenData\n}\n\n/**\n * Creates a constellation scoped to a workspace and chain.\n *\n * Use bracket access to reference existing accounts (vaults and other\n * applied constellation nodes) or define new ones:\n * ```ts\n * const eth = constellation({ workspace: 'GG', label: 'my constellation', chain: 1 })\n *\n * const dao = eth.safe['GG DAO']              // existing account ref\n * const roles = eth.roles['GG DAO']           // existing roles ref\n * const newSafe = eth.safe['New Safe']({ nonce: 0n, threshold: 2, owners: [...], modules: [...] })\n * ```\n */\nexport function constellation<\n  const C extends CodegenData = GeneratedCodegen,\n  const W extends keyof C['accounts'] & string = keyof C['accounts'] & string,\n  const Ch extends ChainId = ChainId,\n>(\n  opts: ConstellationOpts<C> & { workspace: W; chain: Ch },\n  internal?: ConstellationInternalOpts<C>\n): ConstellationResult<C, W, Ch> {\n  const codegen: CodegenData = internal?.codegen ?? loadCodegen()\n\n  const ws = codegen.accounts[opts.workspace]\n  const safesByLabel: Record<string, Account> = {}\n  const rolesByLabel: Record<string, Account> = {}\n  if (ws) {\n    for (const [label, account] of Object.entries(ws.safes)) {\n      safesByLabel[label] = account\n    }\n    for (const [label, account] of Object.entries(ws.rolesMods)) {\n      rolesByLabel[label] = account\n    }\n  }\n\n  const meta: ConstellationMeta = {\n    label: opts.label,\n    chain: opts.chain,\n    workspaceId: (ws?.workspaceId ?? '') as UUID,\n  }\n\n  function makeNodeRef(\n    data: Record<string, any>\n  ): Readonly<Record<string, any>> {\n    return Object.freeze({\n      ...data,\n      chain: opts.chain,\n      _constellation: meta,\n    })\n  }\n\n  function entityAccessor(\n    registry: Record<string, Record<string, any>>,\n    type: string\n  ) {\n    const cache = new Map<string, Record<string, any>>()\n    return new Proxy({} as Record<string, any>, {\n      get(_target: any, name: string) {\n        if (typeof name !== 'string') return undefined\n        const cached = cache.get(name)\n        if (cached) return cached\n        const existing = registry[name]\n        // Bracket-access keys in the generated codegen carry a\n        // ` (0xChecksummed…)` suffix when multiple workspace accounts share\n        // a label. The label sent in the push spec should be the clean\n        // original, so prefer `existing.label` when it's available.\n        const specLabel: string = existing?.label ?? name\n        const fn = (overrides?: Record<string, any>) =>\n          makeNodeRef({\n            type,\n            ...(existing || {}),\n            ...overrides,\n            label: specLabel,\n          })\n        Object.assign(fn, {\n          type,\n          ...(existing || {}),\n          label: specLabel,\n          chain: opts.chain,\n          _constellation: meta,\n        })\n        cache.set(name, fn)\n        return fn\n      },\n    })\n  }\n\n  function userAccessor() {\n    return new Proxy(\n      {},\n      {\n        get(_target: any, name: string) {\n          const user = codegen.users[name]\n          if (!user) throw new Error(`Unknown user: ${name}`)\n          const personalSafe = user.personalSafes[opts.chain]\n          if (!personalSafe) {\n            throw new Error(\n              `User ${name} has no personal safe on chain ${opts.chain}`\n            )\n          }\n          return personalSafe.address\n        },\n      }\n    )\n  }\n\n  const safe = entityAccessor(safesByLabel, 'SAFE')\n  const roles = entityAccessor(rolesByLabel, 'ROLES')\n\n  return {\n    safe,\n    roles,\n    user: userAccessor(),\n  } as ConstellationResult<C, W, Ch>\n}\n","import type {\n  ApplyConstellationPayload,\n  ApplyConstellationResult,\n} from '@zodiac-os/api-types'\nimport { invariant } from '@epic-web/invariant'\nimport { processPermissions } from 'zodiac-roles-sdk'\nimport type { PermissionSet } from 'zodiac-roles-sdk'\nimport { ApiClient } from './api'\nimport type {\n  ConstellationMeta,\n  ConstellationNode,\n  ConstellationNodeInternal,\n  RoleDef,\n} from './constellation'\n\ntype PushOpts = {\n  /** API client instance. Defaults to a client configured from environment variables. */\n  api?: ApiClient\n}\n\n/**\n * Resolves node references and pushes the constellation specification to the API.\n *\n *\n * ```ts\n * const eth = constellation({ workspace: 'GG', label: 'my constellation', chain: 1 })\n * const dao = eth.safe['GG DAO']\n * const roles = eth.roles['New Roles']({ nonce: 0n, target: dao, owner: dao, avatar: dao })\n *\n * await push([dao, roles])\n * ```\n */\nexport async function push(\n  nodes: ConstellationNode[] | { [key: string]: ConstellationNode },\n  opts?: PushOpts\n): Promise<ApplyConstellationResult[]> {\n  const api = opts?.api ?? new ApiClient()\n  const refs = deriveRefs(nodes)\n\n  // Group nodes by constellation (multiple constellations can be applied with a single call)\n  const groups = new Map<\n    string,\n    { meta: ConstellationMeta; nodes: ConstellationNodeInternal[] }\n  >()\n\n  for (const node of refs.byIdentity.keys()) {\n    const meta = node._constellation\n    invariant(\n      meta,\n      `Node \"${node.label}\" is not associated with a constellation`\n    )\n    const key = `${meta.workspaceId}:${meta.chain}:${meta.label}`\n    let group = groups.get(key)\n    if (!group) {\n      group = { meta, nodes: [] }\n      groups.set(key, group)\n    }\n    group.nodes.push(node)\n  }\n\n  const results: ApplyConstellationResult[] = []\n  for (const { meta, nodes: groupNodes } of groups.values()) {\n    const specification = await Promise.all(\n      groupNodes.map((n) => nodeToSpec(n, refs))\n    )\n    const result = await api.applyConstellation(meta.workspaceId, {\n      label: meta.label,\n      chain: meta.chain,\n      specification,\n    })\n    results.push(result)\n  }\n\n  return results\n}\n\ntype RefsIndex = {\n  byIdentity: Map<ConstellationNodeInternal, string>\n  byLabel: Map<string, string>\n}\n\nfunction labelKey(node: ConstellationNodeInternal): string {\n  return `${node._constellation.workspaceId}:${node.type}:${node.label}`\n}\n\nfunction deriveRefs(\n  nodes: ConstellationNode[] | { [key: string]: ConstellationNode }\n): RefsIndex {\n  const byIdentity = new Map<ConstellationNodeInternal, string>()\n  const byLabel = new Map<string, string>()\n\n  const register = (node: ConstellationNodeInternal, ref: string) => {\n    byIdentity.set(node, ref)\n    byLabel.set(labelKey(node), ref)\n  }\n\n  if (Array.isArray(nodes)) {\n    for (let i = 0; i < nodes.length; i++) {\n      const node = nodes[i]\n      invariant(\n        isConstellationNode(node),\n        `unexpected node input at index: ${i}`\n      )\n      register(node, `${i}`)\n    }\n  } else {\n    for (const [key, node] of Object.entries(nodes)) {\n      invariant(\n        isConstellationNode(node),\n        `unexpected node input under key: ${key}`\n      )\n      register(node, key)\n    }\n  }\n\n  return { byIdentity, byLabel }\n}\n\nasync function nodeToSpec(\n  node: ConstellationNodeInternal,\n  refs: RefsIndex\n): Promise<ApplyConstellationPayload['specification'][number]> {\n  const { id, _constellation, ...rest } = node as Record<string, any>\n  const spec: Record<string, any> = {}\n\n  for (const [key, value] of Object.entries(rest)) {\n    if (node.type === 'ROLES' && key === 'roles' && value != null) {\n      spec.roles = await expandRoles(\n        value as Record<string, RoleDef | null>,\n        refs\n      )\n      continue\n    }\n    spec[key] = resolveRefs(value, refs)\n  }\n\n  spec.ref = refs.byIdentity.get(node)\n  invariant(spec.ref != null, 'ref not found')\n\n  return stringifyBigints(\n    spec\n  ) as ApplyConstellationPayload['specification'][number]\n}\n\nasync function expandRoles(\n  roles: Record<string, RoleDef | null>,\n  refs: RefsIndex\n): Promise<Record<string, unknown>> {\n  const entries = await Promise.all(\n    Object.entries(roles).map(async ([key, def]) => {\n      if (def == null) {\n        return [key, null] as const\n      }\n      const resolvedPermissions = (await Promise.all(\n        def.permissions.map((p) => Promise.resolve(p))\n      )) as Parameters<typeof processPermissions>[0][number][]\n      const { targets, annotations } = processPermissions(resolvedPermissions)\n      return [\n        key,\n        {\n          key,\n          members: resolveRefs(def.members, refs),\n          targets,\n          annotations: [...(def.annotations ?? []), ...annotations],\n        },\n      ] as const\n    })\n  )\n  return Object.fromEntries(entries)\n}\n\nfunction resolveRefs(value: unknown, refs: RefsIndex): unknown {\n  if (isConstellationNode(value)) {\n    const ref = refs.byIdentity.get(value) ?? refs.byLabel.get(labelKey(value))\n    invariant(\n      ref != null,\n      `Node \"${value.label}\" is referenced not included in the push() call`\n    )\n    return `$${ref}`\n  }\n\n  if (Array.isArray(value)) {\n    return value.map((v) => resolveRefs(v, refs))\n  }\n\n  if (typeof value === 'object' && value !== null) {\n    const resolved: Record<string, unknown> = {}\n    for (const [k, v] of Object.entries(value)) {\n      resolved[k] = resolveRefs(v, refs)\n    }\n    return resolved\n  }\n\n  // API expects lowercase addresses\n  if (typeof value === 'string' && /^0x[0-9a-fA-F]{40}$/.test(value)) {\n    return value.toLowerCase()\n  }\n\n  return value\n}\n\nfunction stringifyBigints(value: unknown): unknown {\n  if (typeof value === 'bigint') {\n    return value.toString()\n  }\n\n  if (Array.isArray(value)) {\n    return value.map(stringifyBigints)\n  }\n\n  if (typeof value === 'object' && value !== null) {\n    const result: Record<string, unknown> = {}\n    for (const [k, v] of Object.entries(value)) {\n      result[k] = stringifyBigints(v)\n    }\n    return result\n  }\n\n  return value\n}\n\nfunction isConstellationNode(\n  value: unknown\n): value is ConstellationNodeInternal {\n  if (typeof value === 'function' || typeof value === 'object') {\n    const obj = value as any\n    return (\n      obj != null &&\n      typeof obj.type === 'string' &&\n      typeof obj.chain === 'number' &&\n      typeof obj._constellation === 'object'\n    )\n  }\n  return false\n}\n"],"mappings":";;;;;;AAqQA,SAAS,cAA2B;AAElC,QADgB,cAAc,OAAO,KAAK,IAAI,CAC/B,kBAAkB,CAAC;;;;;;;;;;;;;;;AAgBpC,SAAgB,cAKd,MACA,UAC+B;CAC/B,MAAM,UAAuB,UAAU,WAAW,aAAa;CAE/D,MAAM,KAAK,QAAQ,SAAS,KAAK;CACjC,MAAM,eAAwC,EAAE;CAChD,MAAM,eAAwC,EAAE;AAChD,KAAI,IAAI;AACN,OAAK,MAAM,CAAC,OAAO,YAAY,OAAO,QAAQ,GAAG,MAAM,CACrD,cAAa,SAAS;AAExB,OAAK,MAAM,CAAC,OAAO,YAAY,OAAO,QAAQ,GAAG,UAAU,CACzD,cAAa,SAAS;;CAI1B,MAAM,OAA0B;EAC9B,OAAO,KAAK;EACZ,OAAO,KAAK;EACZ,aAAc,IAAI,eAAe;EAClC;CAED,SAAS,YACP,MAC+B;AAC/B,SAAO,OAAO,OAAO;GACnB,GAAG;GACH,OAAO,KAAK;GACZ,gBAAgB;GACjB,CAAC;;CAGJ,SAAS,eACP,UACA,MACA;EACA,MAAM,wBAAQ,IAAI,KAAkC;AACpD,SAAO,IAAI,MAAM,EAAE,EAAyB,EAC1C,IAAI,SAAc,MAAc;AAC9B,OAAI,OAAO,SAAS,SAAU,QAAO,KAAA;GACrC,MAAM,SAAS,MAAM,IAAI,KAAK;AAC9B,OAAI,OAAQ,QAAO;GACnB,MAAM,WAAW,SAAS;GAK1B,MAAM,YAAoB,UAAU,SAAS;GAC7C,MAAM,MAAM,cACV,YAAY;IACV;IACA,GAAI,YAAY,EAAE;IAClB,GAAG;IACH,OAAO;IACR,CAAC;AACJ,UAAO,OAAO,IAAI;IAChB;IACA,GAAI,YAAY,EAAE;IAClB,OAAO;IACP,OAAO,KAAK;IACZ,gBAAgB;IACjB,CAAC;AACF,SAAM,IAAI,MAAM,GAAG;AACnB,UAAO;KAEV,CAAC;;CAGJ,SAAS,eAAe;AACtB,SAAO,IAAI,MACT,EAAE,EACF,EACE,IAAI,SAAc,MAAc;GAC9B,MAAM,OAAO,QAAQ,MAAM;AAC3B,OAAI,CAAC,KAAM,OAAM,IAAI,MAAM,iBAAiB,OAAO;GACnD,MAAM,eAAe,KAAK,cAAc,KAAK;AAC7C,OAAI,CAAC,aACH,OAAM,IAAI,MACR,QAAQ,KAAK,iCAAiC,KAAK,QACpD;AAEH,UAAO,aAAa;KAEvB,CACF;;AAMH,QAAO;EACL,MAJW,eAAe,cAAc,OAAO;EAK/C,OAJY,eAAe,cAAc,QAAQ;EAKjD,MAAM,cAAc;EACrB;;;;;;;;;;;;;;;;AC3VH,eAAsB,KACpB,OACA,MACqC;CACrC,MAAM,MAAM,MAAM,OAAO,IAAI,WAAW;CACxC,MAAM,OAAO,WAAW,MAAM;CAG9B,MAAM,yBAAS,IAAI,KAGhB;AAEH,MAAK,MAAM,QAAQ,KAAK,WAAW,MAAM,EAAE;EACzC,MAAM,OAAO,KAAK;AAClB,YACE,MACA,SAAS,KAAK,MAAM,0CACrB;EACD,MAAM,MAAM,GAAG,KAAK,YAAY,GAAG,KAAK,MAAM,GAAG,KAAK;EACtD,IAAI,QAAQ,OAAO,IAAI,IAAI;AAC3B,MAAI,CAAC,OAAO;AACV,WAAQ;IAAE;IAAM,OAAO,EAAE;IAAE;AAC3B,UAAO,IAAI,KAAK,MAAM;;AAExB,QAAM,MAAM,KAAK,KAAK;;CAGxB,MAAM,UAAsC,EAAE;AAC9C,MAAK,MAAM,EAAE,MAAM,OAAO,gBAAgB,OAAO,QAAQ,EAAE;EACzD,MAAM,gBAAgB,MAAM,QAAQ,IAClC,WAAW,KAAK,MAAM,WAAW,GAAG,KAAK,CAAC,CAC3C;EACD,MAAM,SAAS,MAAM,IAAI,mBAAmB,KAAK,aAAa;GAC5D,OAAO,KAAK;GACZ,OAAO,KAAK;GACZ;GACD,CAAC;AACF,UAAQ,KAAK,OAAO;;AAGtB,QAAO;;AAQT,SAAS,SAAS,MAAyC;AACzD,QAAO,GAAG,KAAK,eAAe,YAAY,GAAG,KAAK,KAAK,GAAG,KAAK;;AAGjE,SAAS,WACP,OACW;CACX,MAAM,6BAAa,IAAI,KAAwC;CAC/D,MAAM,0BAAU,IAAI,KAAqB;CAEzC,MAAM,YAAY,MAAiC,QAAgB;AACjE,aAAW,IAAI,MAAM,IAAI;AACzB,UAAQ,IAAI,SAAS,KAAK,EAAE,IAAI;;AAGlC,KAAI,MAAM,QAAQ,MAAM,CACtB,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;EACrC,MAAM,OAAO,MAAM;AACnB,YACE,oBAAoB,KAAK,EACzB,mCAAmC,IACpC;AACD,WAAS,MAAM,GAAG,IAAI;;KAGxB,MAAK,MAAM,CAAC,KAAK,SAAS,OAAO,QAAQ,MAAM,EAAE;AAC/C,YACE,oBAAoB,KAAK,EACzB,oCAAoC,MACrC;AACD,WAAS,MAAM,IAAI;;AAIvB,QAAO;EAAE;EAAY;EAAS;;AAGhC,eAAe,WACb,MACA,MAC6D;CAC7D,MAAM,EAAE,IAAI,gBAAgB,GAAG,SAAS;CACxC,MAAM,OAA4B,EAAE;AAEpC,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,EAAE;AAC/C,MAAI,KAAK,SAAS,WAAW,QAAQ,WAAW,SAAS,MAAM;AAC7D,QAAK,QAAQ,MAAM,YACjB,OACA,KACD;AACD;;AAEF,OAAK,OAAO,YAAY,OAAO,KAAK;;AAGtC,MAAK,MAAM,KAAK,WAAW,IAAI,KAAK;AACpC,WAAU,KAAK,OAAO,MAAM,gBAAgB;AAE5C,QAAO,iBACL,KACD;;AAGH,eAAe,YACb,OACA,MACkC;CAClC,MAAM,UAAU,MAAM,QAAQ,IAC5B,OAAO,QAAQ,MAAM,CAAC,IAAI,OAAO,CAAC,KAAK,SAAS;AAC9C,MAAI,OAAO,KACT,QAAO,CAAC,KAAK,KAAK;EAKpB,MAAM,EAAE,SAAS,gBAAgB,mBAHJ,MAAM,QAAQ,IACzC,IAAI,YAAY,KAAK,MAAM,QAAQ,QAAQ,EAAE,CAAC,CAC/C,CACuE;AACxE,SAAO,CACL,KACA;GACE;GACA,SAAS,YAAY,IAAI,SAAS,KAAK;GACvC;GACA,aAAa,CAAC,GAAI,IAAI,eAAe,EAAE,EAAG,GAAG,YAAY;GAC1D,CACF;GACD,CACH;AACD,QAAO,OAAO,YAAY,QAAQ;;AAGpC,SAAS,YAAY,OAAgB,MAA0B;AAC7D,KAAI,oBAAoB,MAAM,EAAE;EAC9B,MAAM,MAAM,KAAK,WAAW,IAAI,MAAM,IAAI,KAAK,QAAQ,IAAI,SAAS,MAAM,CAAC;AAC3E,YACE,OAAO,MACP,SAAS,MAAM,MAAM,iDACtB;AACD,SAAO,IAAI;;AAGb,KAAI,MAAM,QAAQ,MAAM,CACtB,QAAO,MAAM,KAAK,MAAM,YAAY,GAAG,KAAK,CAAC;AAG/C,KAAI,OAAO,UAAU,YAAY,UAAU,MAAM;EAC/C,MAAM,WAAoC,EAAE;AAC5C,OAAK,MAAM,CAAC,GAAG,MAAM,OAAO,QAAQ,MAAM,CACxC,UAAS,KAAK,YAAY,GAAG,KAAK;AAEpC,SAAO;;AAIT,KAAI,OAAO,UAAU,YAAY,sBAAsB,KAAK,MAAM,CAChE,QAAO,MAAM,aAAa;AAG5B,QAAO;;AAGT,SAAS,iBAAiB,OAAyB;AACjD,KAAI,OAAO,UAAU,SACnB,QAAO,MAAM,UAAU;AAGzB,KAAI,MAAM,QAAQ,MAAM,CACtB,QAAO,MAAM,IAAI,iBAAiB;AAGpC,KAAI,OAAO,UAAU,YAAY,UAAU,MAAM;EAC/C,MAAM,SAAkC,EAAE;AAC1C,OAAK,MAAM,CAAC,GAAG,MAAM,OAAO,QAAQ,MAAM,CACxC,QAAO,KAAK,iBAAiB,EAAE;AAEjC,SAAO;;AAGT,QAAO;;AAGT,SAAS,oBACP,OACoC;AACpC,KAAI,OAAO,UAAU,cAAc,OAAO,UAAU,UAAU;EAC5D,MAAM,MAAM;AACZ,SACE,OAAO,QACP,OAAO,IAAI,SAAS,YACpB,OAAO,IAAI,UAAU,YACrB,OAAO,IAAI,mBAAmB;;AAGlC,QAAO"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zodiac-os/sdk",
-  "version": "1.10.0",
+  "version": "1.11.0",
   "author": "Gnosis Guild",
   "license": "LGPL-3.0-only",
   "homepage": "https://github.com/gnosisguild/zodiac-os-sdk",

package/dist/config-Be2Uj9_x.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"config-Be2Uj9_x.mjs","names":["resolve","dirname"],"sources":["../src/cli/projectRoot.ts","../src/cli/config.ts"],"sourcesContent":["import { existsSync } from 'node:fs'\nimport { dirname, resolve } from 'node:path'\n\n/**\n * Walk up from `startDir` looking for a `package.json`. Returns the\n * directory that contains it. Falls back to `startDir` if no ancestor\n * has a `package.json` (e.g. when running outside any project).\n */\nexport const findProjectRoot = (startDir: string = process.cwd()): string => {\n  const absoluteStart = resolve(startDir)\n  let dir = absoluteStart\n\n  while (true) {\n    if (existsSync(resolve(dir, 'package.json'))) {\n      return dir\n    }\n    const parent = dirname(dir)\n    if (parent === dir) {\n      return absoluteStart\n    }\n    dir = parent\n  }\n}\n","import { existsSync, writeFileSync } from 'node:fs'\nimport { pathToFileURL } from 'url'\nimport { dirname, resolve } from 'path'\nimport { findProjectRoot } from './projectRoot'\n\nexport type Contracts = {\n  [chain: string]: ContractsNode\n}\nexport type ContractsNode = `0x${string}` | { [name: string]: ContractsNode }\n\nexport interface ZodiacConfig {\n  /**\n   * API key authorizing this directory against a Zodiac org.\n   *\n   * Optional — defaults to `process.env.ZODIAC_API_KEY` (populated by\n   * `zodiac init`). Set this explicitly only when you need to override\n   * the env var from inside the config file.\n   */\n  apiKey?: `zodiac_${string}`\n  /**\n   * Contracts the `allow` kit should know about, keyed by chain prefix.\n   * Nested objects are allowed for grouping related addresses.\n   */\n  contracts?: Contracts\n  /**\n   * Directory where fetched ABIs are stored and read from.\n   * Resolved relative to the project root (config file's directory).\n   * Defaults to `./abis`.\n   */\n  abisDir?: string\n}\n\n/** User-provided config plus the resolved API key + project root. */\nexport interface ResolvedConfig extends Omit<ZodiacConfig, 'apiKey'> {\n  apiKey: `zodiac_${string}`\n  rootDir: string\n}\n\n/**\n * Loose base used as the *inference* constraint for `defineConfig`.\n * `contracts` is `Record<string, unknown>` here so `const T` can preserve the\n * caller's exact address literals rather than collapsing them into the\n * recursive `ContractsNode` union.\n */\ntype DefineConfigInput = {\n  apiKey?: `zodiac_${string}`\n  contracts?: Record<string, unknown>\n  abisDir?: string\n}\n\n/**\n * Recursive leaf-level check: every leaf in `contracts` must be\n * `` `0x${string}` ``; any other value collapses the branch to `never`,\n * which surfaces as a type error at the call site.\n */\ntype ValidateContracts<C> = {\n  [K in keyof C]: C[K] extends `0x${string}`\n    ? C[K]\n    : C[K] extends object\n      ? ValidateContracts<C[K]>\n      : never\n}\n\nexport const defineConfig = <const T extends DefineConfigInput>(\n  config: T & {\n    contracts?: ValidateContracts<NonNullable<T['contracts']>>\n  }\n): T => config\n\nconst DEFAULT_CONFIG_PATH = 'zodiac.config.ts'\n\nconst CONFIG_STUB = `import { defineConfig } from \"@zodiac-os/sdk/cli/config\";\n\nexport default defineConfig({\n  contracts: {\n    // Add contracts the \\`allow\\` kit should know about, keyed by chain prefix.\n    // Run \\`zodiac pull-contracts\\` after editing.\n    //\n    // eth: {\n    //   weth: \"0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2\",\n    // },\n  },\n});\n`\n\ntype LoadConfigOptions = {\n  /**\n   * Called when neither `config.apiKey` nor `process.env.ZODIAC_API_KEY` is\n   * set. Receives the resolved project root and must return a freshly minted\n   * API key. Typically wired to the interactive `init()` flow.\n   *\n   * If omitted, `loadConfig` throws when no key is found.\n   */\n  onMissingKey?: (rootDir: string) => Promise<string>\n  /**\n   * When the config file doesn't exist, write a minimal stub before\n   * loading. Used by the CLI's `pull` commands so first-time setup\n   * works without the user having to scaffold the file themselves.\n   */\n  createIfMissing?: boolean\n}\n\n/**\n * Write a starter `zodiac.config.ts` if no file exists at `absolutePath`.\n * Returns `true` if a file was written.\n */\nexport const ensureConfigStub = (absolutePath: string): boolean => {\n  if (existsSync(absolutePath)) return false\n  writeFileSync(absolutePath, CONFIG_STUB, 'utf8')\n  return true\n}\n\nexport async function loadConfig(\n  configPath: string = DEFAULT_CONFIG_PATH,\n  options: LoadConfigOptions = {}\n): Promise<ResolvedConfig> {\n  // Resolve relative paths (including the default) against the nearest\n  // package.json ancestor — that's where users expect the config to live,\n  // regardless of which subdir they ran the CLI from.\n  const absolutePath = resolve(findProjectRoot(), configPath)\n\n  if (options.createIfMissing && ensureConfigStub(absolutePath)) {\n    console.log(`✅ Created ${absolutePath}`)\n  }\n\n  let mod: Record<string, unknown>\n  try {\n    mod = await import(pathToFileURL(absolutePath).href)\n  } catch (error: any) {\n    if (error?.code === 'ERR_MODULE_NOT_FOUND' || error?.code === 'ENOENT') {\n      throw new Error(`Config file not found: ${absolutePath}`)\n    }\n    throw error\n  }\n\n  const config = (mod.default ?? mod.config) as ZodiacConfig | undefined\n  if (!config) {\n    throw new Error(\n      `Config file must export a default value or a named \"config\" export: ${absolutePath}`\n    )\n  }\n\n  const rootDir = dirname(absolutePath)\n  const apiKey = await resolveApiKey(config, rootDir, options)\n\n  return { ...config, apiKey, rootDir }\n}\n\nconst resolveApiKey = async (\n  config: ZodiacConfig,\n  rootDir: string,\n  { onMissingKey }: LoadConfigOptions\n): Promise<`zodiac_${string}`> => {\n  if (config.apiKey != null) {\n    if (!isApiKey(config.apiKey)) {\n      throw new Error(\n        '`apiKey` in zodiac.config.ts is malformed: a valid Zodiac API key starts with \"zodiac_\". Either remove the field to use ZODIAC_API_KEY, or run `zodiac init` to mint a fresh key.'\n      )\n    }\n    return config.apiKey\n  }\n\n  const fromEnv = process.env.ZODIAC_API_KEY\n  if (fromEnv != null && fromEnv !== '') {\n    if (!isApiKey(fromEnv)) {\n      throw new Error(\n        'ZODIAC_API_KEY is set but malformed: a valid Zodiac API key starts with \"zodiac_\". Run `zodiac init` to mint a fresh key.'\n      )\n    }\n    return fromEnv\n  }\n\n  if (onMissingKey == null) {\n    throw new Error(\n      'No Zodiac API key found. Set ZODIAC_API_KEY in your environment, or run `zodiac init` to generate one.'\n    )\n  }\n\n  const minted = await onMissingKey(rootDir)\n  if (!isApiKey(minted)) {\n    throw new Error(\n      `onMissingKey returned an invalid Zodiac API key (expected a value starting with \"zodiac_\").`\n    )\n  }\n  return minted\n}\n\nconst isApiKey = (value: string | undefined): value is `zodiac_${string}` =>\n  value != null && value.startsWith('zodiac_')\n\nexport const DEFAULT_ABIS_DIR = 'abis'\n\nexport function resolveAbisDir(config: ResolvedConfig): string {\n  return resolve(config.rootDir, config.abisDir ?? DEFAULT_ABIS_DIR)\n}\n"],"mappings":";;;;;;;;;;AAQA,MAAa,mBAAmB,WAAmB,QAAQ,KAAK,KAAa;CAC3E,MAAM,gBAAgB,QAAQ,SAAS;CACvC,IAAI,MAAM;AAEV,QAAO,MAAM;AACX,MAAI,WAAW,QAAQ,KAAK,eAAe,CAAC,CAC1C,QAAO;EAET,MAAM,SAAS,QAAQ,IAAI;AAC3B,MAAI,WAAW,IACb,QAAO;AAET,QAAM;;;;;AC2CV,MAAa,gBACX,WAGM;AAER,MAAM,sBAAsB;AAE5B,MAAM,cAAc;;;;;;;;;;;;;;;;;AAmCpB,MAAa,oBAAoB,iBAAkC;AACjE,KAAI,WAAW,aAAa,CAAE,QAAO;AACrC,eAAc,cAAc,aAAa,OAAO;AAChD,QAAO;;AAGT,eAAsB,WACpB,aAAqB,qBACrB,UAA6B,EAAE,EACN;CAIzB,MAAM,eAAeA,UAAQ,iBAAiB,EAAE,WAAW;AAE3D,KAAI,QAAQ,mBAAmB,iBAAiB,aAAa,CAC3D,SAAQ,IAAI,aAAa,eAAe;CAG1C,IAAI;AACJ,KAAI;AACF,QAAM,MAAM,OAAO,cAAc,aAAa,CAAC;UACxC,OAAY;AACnB,MAAI,OAAO,SAAS,0BAA0B,OAAO,SAAS,SAC5D,OAAM,IAAI,MAAM,0BAA0B,eAAe;AAE3D,QAAM;;CAGR,MAAM,SAAU,IAAI,WAAW,IAAI;AACnC,KAAI,CAAC,OACH,OAAM,IAAI,MACR,uEAAuE,eACxE;CAGH,MAAM,UAAUC,UAAQ,aAAa;CACrC,MAAM,SAAS,MAAM,cAAc,QAAQ,SAAS,QAAQ;AAE5D,QAAO;EAAE,GAAG;EAAQ;EAAQ;EAAS;;AAGvC,MAAM,gBAAgB,OACpB,QACA,SACA,EAAE,mBAC8B;AAChC,KAAI,OAAO,UAAU,MAAM;AACzB,MAAI,CAAC,SAAS,OAAO,OAAO,CAC1B,OAAM,IAAI,MACR,sLACD;AAEH,SAAO,OAAO;;CAGhB,MAAM,UAAU,QAAQ,IAAI;AAC5B,KAAI,WAAW,QAAQ,YAAY,IAAI;AACrC,MAAI,CAAC,SAAS,QAAQ,CACpB,OAAM,IAAI,MACR,8HACD;AAEH,SAAO;;AAGT,KAAI,gBAAgB,KAClB,OAAM,IAAI,MACR,yGACD;CAGH,MAAM,SAAS,MAAM,aAAa,QAAQ;AAC1C,KAAI,CAAC,SAAS,OAAO,CACnB,OAAM,IAAI,MACR,8FACD;AAEH,QAAO;;AAGT,MAAM,YAAY,UAChB,SAAS,QAAQ,MAAM,WAAW,UAAU;AAE9C,MAAa,mBAAmB;AAEhC,SAAgB,eAAe,QAAgC;AAC7D,QAAOD,UAAQ,OAAO,SAAS,OAAO,WAAA,OAA4B"}