tenzro-wallet 0.2.5 → 0.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -9
- package/dist/ports/agent/adapters/agent-bond-adapter.d.ts.map +1 -1
- package/dist/ports/agent/adapters/agent-bond-adapter.js +2 -1
- package/dist/ports/agent/adapters/agent-bond-adapter.js.map +1 -1
- package/dist/ports/agent/adapters/insurance-adapter.d.ts.map +1 -1
- package/dist/ports/agent/adapters/insurance-adapter.js +7 -6
- package/dist/ports/agent/adapters/insurance-adapter.js.map +1 -1
- package/dist/ports/agent/insurance.d.ts +2 -0
- package/dist/ports/agent/insurance.d.ts.map +1 -1
- package/dist/ports/attested-clock/attested-clock.d.ts +4 -3
- package/dist/ports/attested-clock/attested-clock.d.ts.map +1 -1
- package/dist/ports/attested-clock/attested-clock.js +4 -3
- package/dist/ports/attested-clock/attested-clock.js.map +1 -1
- package/dist/ports/bridge-fee/bridge-fee.d.ts +10 -15
- package/dist/ports/bridge-fee/bridge-fee.d.ts.map +1 -1
- package/dist/ports/bridge-fee/bridge-fee.js +7 -10
- package/dist/ports/bridge-fee/bridge-fee.js.map +1 -1
- package/dist/ports/canton/canton-provider.d.ts +75 -0
- package/dist/ports/canton/canton-provider.d.ts.map +1 -0
- package/dist/ports/canton/canton-provider.js +64 -0
- package/dist/ports/canton/canton-provider.js.map +1 -0
- package/dist/ports/canton/http.d.ts +14 -0
- package/dist/ports/canton/http.d.ts.map +1 -1
- package/dist/ports/canton/http.js +16 -6
- package/dist/ports/canton/http.js.map +1 -1
- package/dist/ports/canton/verify-content.d.ts +64 -0
- package/dist/ports/canton/verify-content.d.ts.map +1 -0
- package/dist/ports/canton/verify-content.js +128 -0
- package/dist/ports/canton/verify-content.js.map +1 -0
- package/dist/ports/index.d.ts +4 -0
- package/dist/ports/index.d.ts.map +1 -1
- package/dist/ports/index.js +2 -0
- package/dist/ports/index.js.map +1 -1
- package/dist/ports/ivms101/adapter.d.ts.map +1 -1
- package/dist/ports/ivms101/adapter.js +6 -1
- package/dist/ports/ivms101/adapter.js.map +1 -1
- package/dist/ports/ivms101/ivms101.d.ts +12 -8
- package/dist/ports/ivms101/ivms101.d.ts.map +1 -1
- package/dist/ports/ivms101/ivms101.js +5 -6
- package/dist/ports/ivms101/ivms101.js.map +1 -1
- package/dist/ports/secure-mint/adapter.d.ts +23 -8
- package/dist/ports/secure-mint/adapter.d.ts.map +1 -1
- package/dist/ports/secure-mint/adapter.js +76 -15
- package/dist/ports/secure-mint/adapter.js.map +1 -1
- package/dist/ports/secure-mint/secure-mint.d.ts +44 -21
- package/dist/ports/secure-mint/secure-mint.d.ts.map +1 -1
- package/dist/ports/secure-mint/secure-mint.js +3 -0
- package/dist/ports/secure-mint/secure-mint.js.map +1 -1
- package/dist/ports/signed-agent-card/signed-agent-card.d.ts +4 -3
- package/dist/ports/signed-agent-card/signed-agent-card.d.ts.map +1 -1
- package/dist/ports/signed-agent-card/signed-agent-card.js +4 -3
- package/dist/ports/signed-agent-card/signed-agent-card.js.map +1 -1
- package/dist/ports/urwa/urwa.d.ts +4 -3
- package/dist/ports/urwa/urwa.d.ts.map +1 -1
- package/dist/ports/urwa/urwa.js +4 -3
- package/dist/ports/urwa/urwa.js.map +1 -1
- package/dist/surfaces/canton-external.d.ts +10 -10
- package/dist/surfaces/canton-external.d.ts.map +1 -1
- package/dist/surfaces/canton-external.js +21 -10
- package/dist/surfaces/canton-external.js.map +1 -1
- package/dist/surfaces/canton-internal.d.ts.map +1 -1
- package/dist/surfaces/canton-internal.js +7 -0
- package/dist/surfaces/canton-internal.js.map +1 -1
- package/package.json +4 -2
package/README.md
CHANGED
|
@@ -8,10 +8,12 @@ The official wallet for [Tenzro Network](https://tenzro.com) — a browser-clean
|
|
|
8
8
|
- **TDIP `did:tenzro:`** — one identity controls native TNZO, EVM contracts, Solana programs, and Canton/DAML assets at the same time.
|
|
9
9
|
- **Passkey-quorum custody** — no seed phrases. Device share + node-TEE co-signer, FROST-signed Ed25519 + ML-DSA-65 (FIPS 204) post-quantum leg.
|
|
10
10
|
- **Cross-VM moves on Tenzro are pointer ops, not bridges.** Native ↔ EVM ↔ SVM go through precompile `0x1003` / the `tenzro_cross_vm` SVM program — instant, no bridge risk.
|
|
11
|
-
- **First-class Canton / DAML support.** Three surfaces for regulated-finance flows (`cantonInternalSurface` for single-party flows, `cantonExternalSurface` for multi-party flows across synchronizers, `cantonOnboardingSurface` for external-party onboarding) backed by `CantonValidatorPort` + `CantonIdentityPort` + `LedgerApiAdapter` (Canton JSON Ledger API v2). The kernel signs Canton `prepare` / `execute` submissions through its passkey-quorum custody
|
|
11
|
+
- **First-class Canton / DAML support.** Three surfaces for regulated-finance flows (`cantonInternalSurface` for single-party flows, `cantonExternalSurface` for multi-party flows across synchronizers, `cantonOnboardingSurface` for external-party onboarding) backed by `CantonValidatorPort` + `CantonIdentityPort` + `LedgerApiAdapter` (Canton JSON Ledger API v2). The kernel signs Canton `prepare` / `execute` submissions through its passkey-quorum custody — it **always signs locally**, never delegating signing to a node. Before signing it (1) recomputes the prepared-transaction hash and constant-time-compares it to the node's, then (2) **content-verifies** the decoded `PreparedTransaction` against the caller's intent — `actAs` authorization, transfer amount (Numeric→base-units normalized), and recipient presence — failing closed on any mismatch or undecodable field, so a tampered or mis-described transaction can never be signed. The same self-custody path runs in **two provider modes** via `resolveCantonAdapterConfig`: **BYO Canton node** (your own participant; auth is your Canton JWT as `Authorization: Bearer` or, for a differing token issuer, the `X-Canton-Auth: Bearer` escape hatch) and **Tenzro-network-provided Canton** (a Tenzro node fronts the participant; auth is a `tnz_…` API key in `X-Tenzro-Api-Key` and the node server-mints the tenant's Canton JWT — the wallet never holds it). Every Canton flow surfaces alongside EVM / SVM / native flows in the same router.
|
|
12
12
|
- **Agent payments built-in** — AP2 (Google), x402 (Coinbase), Visa TAP, Mastercard Agent Pay, OpenAI ACP, ERC-8004 trustless agent identity, ERC-7802 cross-chain mint/burn.
|
|
13
13
|
- **Capital markets + multi-party workflows** — Capital Intents (open / quote / assign / execute / verify / compensate / settle), reserve attestations + attested mints, saga workflows with AP2 / x402 / MPP / Stripe SPT / Visa TAP / Mastercard Agent Pay mandate binding.
|
|
14
|
-
- **EVM primitives, first-class** — EIP-7702 (Pectra Type-4) delegation, Permit2 SignatureTransfer with optional ERC-7683-witness binding, Secure-Mint registry (1:1 reserve invariant for tokenized RWAs), ERC-7683 cross-chain intents.
|
|
14
|
+
- **EVM primitives, first-class** — EIP-7702 (Pectra Type-4) delegation, Permit2 SignatureTransfer with optional ERC-7683-witness binding, Secure-Mint registry (1:1 reserve invariant for tokenized RWAs), ERC-7683 cross-chain intents with optional `BridgeFeeHint` so one signed order is fungible across the 6 supported bridges.
|
|
15
|
+
- **Bridge fee in TNZO + Chainlink-backed oracle.** `BridgeFeeAdapter` lets the wallet quote destination-native bridge fees in TNZO, surface per-adapter sponsorship-pool state, sponsor a previously-quoted envelope, and read the caller's own Compute Unit consumption + per-method counters. The operator's node enables a live Chainlink-backed oracle when configured; otherwise quotes fall back to the governance-set rate table. Admin-only paths (rate registration, refill-threshold tuning, cross-tenant analytics) gated by `X-Tenzro-Admin-Token`.
|
|
16
|
+
- **Compliance + identity primitives.** `UrwaAdapter` (ERC-7943 uRWA kill-switch + frozen-tokens reads for the signing UI; admin-token-gated mutations), `Ivms101Adapter` (FATF Travel Rule IVMS101 v1.1.0 envelope canonical-hash binding), `AttestedClockAdapter` (TEE-attested timestamp envelope for saga step deadlines + AP2 mandate validity windows + parametric-insurance trigger windows), `SignedAgentCardAdapter` (A2A v1.0 SignedAgentCard canonical-hash for issuer-signed agent cards), `WormholeNttAdapter` (NTT chain catalog + transceiver registry).
|
|
15
17
|
- **Eight-vendor bridge router** — LI.FI, Chainlink CCIP, LayerZero V2, Wormhole, deBridge, Canton HTLC, Hyperlane V3 (sovereign Tenzro-ISM), Axelar GMP (Cosmos / Move / Stellar / XRPL). The kernel never picks a vendor for you; it surfaces all available quotes.
|
|
16
18
|
- **Chain-agnostic discovery (CAIP)** — CAIP-2 / CAIP-10 / CAIP-19 per the submitted `tenzro` CASA namespace (`ChainAgnostic/namespaces#184`), so every dApp connect + agent handshake returns unambiguous chain + account + asset labels.
|
|
17
19
|
- **Babylon BTC-secured staking, surfaced.** Read-side surface for staking dashboards (list finality providers, sum BTC delegations, list delegations) plus validator-operator write paths so a validator host can use the wallet kernel as the EOTS signing surface.
|
|
@@ -89,12 +91,16 @@ Six independent VM surfaces — Tenzro native, EVM-on-Tenzro, SVM-on-Tenzro, Can
|
|
|
89
91
|
| Custody drivers | `frostEd25519Driver`, `frostSecp256k1Driver`, `hybridEd25519MlDsaDriver`, `mlDsaCoordinator`, passkey-share unwrappers (PRF/largeBlob/escrow). |
|
|
90
92
|
| Agent ports | AP2, ACP, ERC-8004, ERC-7802, HTLC escrow, nanopayment channels, agent-bond, insurance, lifecycle, principal-chain, fee estimator, session-key, payment-rails (Visa/Mastercard/x402), TEE attestation. |
|
|
91
93
|
| Bridge adapters | `LiFiBridgeAdapter`, `CcipBridgeAdapter`, `LayerZeroBridgeAdapter`, `WormholeBridgeAdapter`, `DebridgeAdapter`, `CantonBridgeAdapter`, `HyperlaneAdapter`, `AxelarAdapter`. |
|
|
92
|
-
| Canton / DAML ports | `CantonValidatorPort` (Canton JSON Ledger API v2 — `prepareSubmission` / `executeSubmission` / completion stream / active-contracts queries), `CantonIdentityPort` (`TenzroSurfaceCantonParty`, hashing scheme version, signing scheme), `LedgerApiAdapter` (one adapter wrapping the Canton JSON Ledger API for both prepare + execute flows), plus `preparedTransactionHash` / `topologyBundleHash` / `bytesEqualConstantTime` hash helpers in `ports/canton/hash.ts`. Used by all three Canton surfaces and by the `cantonBridgeAdapter` for Canton-HTLC cross-chain routes. |
|
|
94
|
+
| Canton / DAML ports | `CantonValidatorPort` (Canton JSON Ledger API v2 — `prepareSubmission` / `executeSubmission` / completion stream / active-contracts queries), `CantonIdentityPort` (`TenzroSurfaceCantonParty`, hashing scheme version, signing scheme), `LedgerApiAdapter` (one adapter wrapping the Canton JSON Ledger API for both prepare + execute flows), `resolveCantonAdapterConfig` (dual-mode provider resolution: BYO-node vs Tenzro-network-provided — selects base URLs + per-request auth header builder), `verifyPreparedContent` + `CantonContentMismatchError` (fail-closed content check of the decoded `PreparedTransaction` against a `CantonTransferIntent` before signing), plus `preparedTransactionHash` / `topologyBundleHash` / `bytesEqualConstantTime` hash helpers in `ports/canton/hash.ts`. Used by all three Canton surfaces and by the `cantonBridgeAdapter` for Canton-HTLC cross-chain routes. |
|
|
93
95
|
| Capital + workflow ports | `CapitalIntentAdapter` (`open` / `quote` / `assign` / `execute` / `verify` / `compensate` / `settle` / `getIntent` + `submitReserveAttestation` / `getReserve` / `attestedMint`), `WorkflowAdapter` (`open` / `stepExecute` / `stepVerify` / `stepCompensate` / `finalize` / `getWorkflow` / `getSaga` / `getLifecycle` / `getReceipt` / `getOperationalMetrics` / `mirrorToCanton` / `verifyDidEnvelope` + listers). |
|
|
94
96
|
| EVM-primitive ports | `Eip7702Adapter` (signing hash + designator helpers), `Permit2Adapter` (`domainSeparator` / `digest` / `verifyAndConsume` / `nonceUsed` with optional ERC-7683-witness binding), `SecureMintAdapter` (per-token 1:1 reserve invariant for tokenized RWAs), `Erc7683Adapter` (origin-side reads + destination-side fill commits). |
|
|
95
97
|
| Discovery port | `CaipAdapter` — `caip2()` / `caip10(address)` / `caip19({ kind, token_id?, collection_id?, nft_token_id? })` per the submitted `tenzro` CASA namespace. |
|
|
96
98
|
| Shared-security port | `BabylonAdapter` — read surface for staking dashboards (`listFinalityProviders` / `totalStakeForProvider` / `listDelegations`) + validator-operator write paths (`registerFinalityProvider` / `submitFinalitySignature`) so a validator host can use the wallet kernel as the signing surface. |
|
|
97
99
|
| Distributed-training port | `TrainingAdapter(read[, write])` — read + write surface for the Tenzro Train protocol layer. Read methods inspect active runs, sealed receipts, and Confidential-tier sealed-shard manifests. Write methods (gated on a `TrainingClient`) post tasks, enroll trainers (with `ConfidentialEnrollment` for Phase 4 TEE-attested enrollment), submit outer gradients, finalize rounds, install sealed-shard manifests. |
|
|
100
|
+
| Bridge-fee + Chainlink port | `BridgeFeeAdapter` — cross-chain bridge fees in TNZO. `quote()` for destination-native fees, `listSponsorshipPools()` for per-adapter vault state, `sponsor()` against a previously-quoted envelope, `getAnalytics()` for subject self-read of CU consumption + per-method counters. Admin-only paths (`setRate()`, `setRefillThreshold()`, `listAnalytics()`) gated by `X-Tenzro-Admin-Token`. Read paths consult the operator's configured Chainlink-backed fee oracle when enabled; otherwise fall back to the governance-set rate table. Per-tenant rate-limiting + Compute Unit attribution applies — the read paths require a `chainlink`-scoped API key on the node. |
|
|
101
|
+
| Compliance + identity ports | `UrwaAdapter` (ERC-7943 — `isKillSwitched` / `getFrozenTokens` reads for the signing UI; admin-token-gated `setFrozenTokens` / `triggerKillSwitch` / `clearKillSwitch` mutations), `Ivms101Adapter` (FATF Travel Rule IVMS101 v1.1.0 envelope canonical-hash for cross-border transfer binding), `SignedAgentCardAdapter` (A2A v1.0 SignedAgentCard canonical-hash for issuer-signed agent cards), `AttestedClockAdapter` (TEE-attested timestamp envelope for saga step deadlines + obligation expiries + AP2 mandate validity windows + parametric-insurance trigger windows). |
|
|
102
|
+
| Wormhole NTT port | `WormholeNttAdapter` — Native Token Transfers chain catalog + multi-transceiver registry (Wormhole / Axelar / LayerZero / custom). Surfaces NTT chain reach so the signing UI shows which destination chains an NTT-deployed token can reach. |
|
|
103
|
+
| ERC-7683 `BridgeFeeHint` | Optional addition to `TenzroOrderData` that makes a single user-signed order fungible across the 6 supported bridges. The TNZO ceiling bounds the solver's destination-native fee commitment; the wallet UI surfaces the ceiling to the signer. |
|
|
98
104
|
| Surfaces | `tenzroNativeSurface`, `evmOnTenzroSurface`, `svmOnTenzroSurface`, `cantonInternalSurface`, `cantonExternalSurface`, `cantonOnboardingSurface`. |
|
|
99
105
|
| Router | `routeIntent()` — chooses the right surface (or bridge) for an intent and returns a typed plan. |
|
|
100
106
|
| Balance aggregator | `BalanceAggregator` — single-pass cross-surface balance read. |
|
|
@@ -120,7 +126,7 @@ Testnet-functional today against the live Tenzro testnet at `rpc.tenzro.network`
|
|
|
120
126
|
| M1 | Kernel skeleton, ports + adapters | Done |
|
|
121
127
|
| M2 | Tenzro native surface | Done — live on testnet |
|
|
122
128
|
| M3 | EVM + SVM on-Tenzro surfaces, cross-VM pointer ops | Done — live on testnet |
|
|
123
|
-
| M4a | Canton ports + adapters (`CantonValidatorPort`, `CantonIdentityPort`, `LedgerApiAdapter`, hash helpers, three surfaces) | Done — shipped in dist; surfaces typecheck + unit-tested |
|
|
129
|
+
| M4a | Canton ports + adapters (`CantonValidatorPort`, `CantonIdentityPort`, `LedgerApiAdapter`, hash helpers, three surfaces) + sign-time content verification (`verifyPreparedContent`) + dual-mode provider (`resolveCantonAdapterConfig`: BYO-node / Tenzro-network-provided) | Done — shipped in dist; surfaces typecheck + unit-tested |
|
|
124
130
|
| M4b | Canton MainNet surface | Gated on Splice 0.5.x baseline (post-2026-05-05) |
|
|
125
131
|
| M5 | Passkey-quorum custody (kernel pieces) | Done |
|
|
126
132
|
| M5.5 | 2-of-3 pre-launch upgrade | Designed |
|
|
@@ -128,12 +134,11 @@ Testnet-functional today against the live Tenzro testnet at `rpc.tenzro.network`
|
|
|
128
134
|
| M7 | Settlement (Visa TAP, Mastercard Agent Pay, x402) | Settle-side shipped (`payVisaTap`, `payMastercard`, `payX402`); issuance-side hooks declared, SDK-pending |
|
|
129
135
|
| M8 | Bridge router | Eight per-vendor adapters live (`lifi`, `ccip`, `layerzero`, `wormhole`, `debridge`, `canton`, `hyperlane`, `axelar`); SDK-shipped — all forward to the same `client.bridge` with `vendor:BridgeAdapterId` multiplexing |
|
|
130
136
|
| M9 | TDIP integration (delegate sets, recovery flows) | Kernel orchestrators shipped |
|
|
131
|
-
| M10 | Capital markets + workflows + EVM primitives + extended cross-chain reach + CAIP discovery | Ports + nine adapters shipped against `tenzro-sdk@^0.4.
|
|
132
|
-
| M11 | Babylon Bitcoin staking + Tenzro Train protocol port (Phase 4 Confidential-tier) | Babylon port (read + validator-write surface) + Training port (`TrainingAdapter(read)` for monitoring, `TrainingAdapter(read, write)` for full custodial enrollment + sealed-shard manifest install) against `tenzro-sdk@^0.4.
|
|
133
|
-
| M12 |
|
|
134
|
-
| M13 | Canton multi-tenant isolation (Stage 1) | `CantonClient` extended with `allocateParty`, `grantUserRights`, `listUserRights`, `getMyAnalytics`, `listApiKeyAnalytics` against `tenzro-sdk@^0.4.3`. The Tenzro node binds each API key to a Canton User Management Service user id at issuance; canton-scoped calls auto-forward `actAs` as the bound user's `primaryParty`. Canton's AuthService enforces per-user CanActAs server-side; per-tenant call counters persist in RocksDB (`CF_CANTON_ANALYTICS`). |
|
|
137
|
+
| M10 | Capital markets + workflows + EVM primitives + extended cross-chain reach + CAIP discovery | Ports + nine adapters shipped against `tenzro-sdk@^0.4.1` |
|
|
138
|
+
| M11 | Babylon Bitcoin staking + Tenzro Train protocol port (Phase 4 Confidential-tier) | Babylon port (read + validator-write surface) + Training port (`TrainingAdapter(read)` for monitoring, `TrainingAdapter(read, write)` for full custodial enrollment + sealed-shard manifest install) against `tenzro-sdk@^0.4.1` |
|
|
139
|
+
| M12 | Cross-chain bridge fee in TNZO + Chainlink-backed oracle + ERC-7683 `BridgeFeeHint` + ERC-7943 uRWA compliance + FATF IVMS101 + A2A SignedAgentCard + TEE-attested clock + Wormhole NTT | Six new ports + adapters (`BridgeFeeAdapter`, `UrwaAdapter`, `Ivms101Adapter`, `AttestedClockAdapter`, `SignedAgentCardAdapter`, `WormholeNttAdapter`) plus `BridgeFeeHint` on `Erc7683` against `tenzro-sdk@^0.4.7`. Per-tenant Compute Unit attribution + GCRA rate-limit on `chainlink`-scoped methods at the node layer. |
|
|
135
140
|
|
|
136
|
-
**
|
|
141
|
+
**426 unit tests** pass; 5 env-gated integration smokes exercise the live testnet end-to-end.
|
|
137
142
|
|
|
138
143
|
## Repository
|
|
139
144
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-bond-adapter.d.ts","sourceRoot":"","sources":["../../../../src/ports/agent/adapters/agent-bond-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,KAAK,EACV,aAAa,EACb,eAAe,EAEf,wBAAwB,EACxB,oBAAoB,EACpB,wBAAwB,EACzB,MAAM,kBAAkB,CAAC;AAE1B;;;GAGG;AACH,MAAM,MAAM,cAAc,GAAG,IAAI,CAC/B,UAAU,EACR,eAAe,GACf,mBAAmB,GACnB,mBAAmB,GACnB,cAAc,GACd,4BAA4B,CAC/B,CAAC;AAsBF,qBAAa,mBAAoB,YAAW,aAAa;IAC3C,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,cAAc;IAEnD,IAAI,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,MAAM,CAAC;IAIhD,QAAQ,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC;IAIxD,QAAQ,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC;IAIlD,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAKpD,gBAAgB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"agent-bond-adapter.d.ts","sourceRoot":"","sources":["../../../../src/ports/agent/adapters/agent-bond-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,KAAK,EACV,aAAa,EACb,eAAe,EAEf,wBAAwB,EACxB,oBAAoB,EACpB,wBAAwB,EACzB,MAAM,kBAAkB,CAAC;AAE1B;;;GAGG;AACH,MAAM,MAAM,cAAc,GAAG,IAAI,CAC/B,UAAU,EACR,eAAe,GACf,mBAAmB,GACnB,mBAAmB,GACnB,cAAc,GACd,4BAA4B,CAC/B,CAAC;AAsBF,qBAAa,mBAAoB,YAAW,aAAa;IAC3C,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,cAAc;IAEnD,IAAI,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,MAAM,CAAC;IAIhD,QAAQ,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC;IAIxD,QAAQ,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC;IAIlD,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAKpD,gBAAgB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;CAW1E"}
|
|
@@ -31,7 +31,8 @@ export class AgentBondSdkAdapter {
|
|
|
31
31
|
return raw === null || raw === undefined ? null : decodeBond(raw);
|
|
32
32
|
}
|
|
33
33
|
async listByController(controllerDid) {
|
|
34
|
-
const
|
|
34
|
+
const wrapped = await this.client.listAgentBondsByController(controllerDid);
|
|
35
|
+
const raws = (wrapped?.bonds ?? []);
|
|
35
36
|
if (!Array.isArray(raws))
|
|
36
37
|
return [];
|
|
37
38
|
const out = [];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-bond-adapter.js","sourceRoot":"","sources":["../../../../src/ports/agent/adapters/agent-bond-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AA6CH,MAAM,OAAO,mBAAmB;IACD;IAA7B,YAA6B,MAAsB;QAAtB,WAAM,GAAN,MAAM,CAAgB;IAAG,CAAC;IAEvD,IAAI,CAAC,GAAyB;QAC5B,OAAO,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAChG,CAAC;IAED,QAAQ,CAAC,GAA6B;QACpC,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjF,CAAC;IAED,QAAQ,CAAC,GAA6B;QACpC,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAc;QACtB,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAwB,CAAC;QAC5E,OAAO,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,aAAqB;QAC1C,MAAM,
|
|
1
|
+
{"version":3,"file":"agent-bond-adapter.js","sourceRoot":"","sources":["../../../../src/ports/agent/adapters/agent-bond-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AA6CH,MAAM,OAAO,mBAAmB;IACD;IAA7B,YAA6B,MAAsB;QAAtB,WAAM,GAAN,MAAM,CAAgB;IAAG,CAAC;IAEvD,IAAI,CAAC,GAAyB;QAC5B,OAAO,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAChG,CAAC;IAED,QAAQ,CAAC,GAA6B;QACpC,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjF,CAAC;IAED,QAAQ,CAAC,GAA6B;QACpC,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAc;QACtB,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAwB,CAAC;QAC5E,OAAO,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,aAAqB;QAC1C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;QAC5E,MAAM,IAAI,GAAG,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE,CAAmB,CAAC;QACtD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,GAAsB,EAAE,CAAC;QAClC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;YAC5B,IAAI,GAAG,KAAK,IAAI;gBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AAED,SAAS,UAAU,CAAC,GAAiB;IACnC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC;IACzC,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,QAAQ,CAAC;IAC/C,IAAI,MAAM,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAChE,MAAM,mBAAmB,GAAG,GAAG,CAAC,qBAAqB,IAAI,GAAG,CAAC,mBAAmB,CAAC;IACjF,MAAM,cAAc,GAAG,GAAG,CAAC,gBAAgB,IAAI,GAAG,CAAC,cAAc,CAAC;IAClE,OAAO;QACL,MAAM;QACN,QAAQ;QACR,aAAa,EAAE,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,aAAa,IAAI,EAAE;QAC5D,UAAU,EAAE,GAAG,CAAC,UAAU,IAAI,EAAE;QAChC,MAAM,EAAE,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;QAC1D,aAAa,EACX,CAAC,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,SAAS;YACrD,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,aAAa,IAAI,CAAC,CAAC;YACtD,CAAC,CAAC,EAAE;QACR,MAAM,EAAE,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,QAAQ,IAAI,CAAC;QAC5C,GAAG,CAAC,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrE,GAAG,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5D,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,GAAuB;IAC9C,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAClC,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC;QAClB,KAAK,UAAU;YACb,OAAO,UAAU,CAAC;QACpB,KAAK,WAAW;YACd,OAAO,WAAW,CAAC;QACrB,KAAK,SAAS;YACZ,OAAO,SAAS,CAAC;QACnB;YACE,OAAO,QAAQ,CAAC;IACpB,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"insurance-adapter.d.ts","sourceRoot":"","sources":["../../../../src/ports/agent/adapters/insurance-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"insurance-adapter.d.ts","sourceRoot":"","sources":["../../../../src/ports/agent/adapters/insurance-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAmB,eAAe,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,KAAK,EAEV,yBAAyB,EACzB,oBAAoB,EACpB,aAAa,EACd,MAAM,iBAAiB,CAAC;AAEzB;;;GAGG;AACH,MAAM,MAAM,mBAAmB,GAAG,IAAI,CACpC,eAAe,EACf,oBAAoB,GAAG,mBAAmB,GAAG,qBAAqB,GAAG,yBAAyB,CAC/F,CAAC;AAyBF,qBAAa,mBAAoB,YAAW,aAAa;IAC3C,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,mBAAmB;IAElD,SAAS,CAAC,GAAG,EAAE,yBAAyB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAkBxE,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IAK1D,IAAI,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAYvC,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC;CAKrC"}
|
|
@@ -25,11 +25,10 @@ export class InsuranceSdkAdapter {
|
|
|
25
25
|
claimant_address: req.claimantAddress,
|
|
26
26
|
against_agent_did: req.againstAgentDid,
|
|
27
27
|
amount_requested: req.amountRequested.toString(),
|
|
28
|
+
nonce: req.nonce,
|
|
28
29
|
receipt_refs: [...req.receiptRefs],
|
|
30
|
+
...(req.narrative !== undefined ? { narrative: req.narrative } : {}),
|
|
29
31
|
};
|
|
30
|
-
if (req.narrative !== undefined) {
|
|
31
|
-
params.narrative = req.narrative;
|
|
32
|
-
}
|
|
33
32
|
const raw = (await this.client.fileInsuranceClaim(params));
|
|
34
33
|
const decoded = decodeClaim(raw);
|
|
35
34
|
if (decoded === null) {
|
|
@@ -42,7 +41,8 @@ export class InsuranceSdkAdapter {
|
|
|
42
41
|
return raw === null || raw === undefined ? null : decodeClaim(raw);
|
|
43
42
|
}
|
|
44
43
|
async list() {
|
|
45
|
-
const
|
|
44
|
+
const wrapped = await this.client.listInsuranceClaims();
|
|
45
|
+
const raws = (wrapped?.claims ?? []);
|
|
46
46
|
if (!Array.isArray(raws))
|
|
47
47
|
return [];
|
|
48
48
|
const out = [];
|
|
@@ -54,8 +54,9 @@ export class InsuranceSdkAdapter {
|
|
|
54
54
|
return out;
|
|
55
55
|
}
|
|
56
56
|
async poolBalance() {
|
|
57
|
-
const
|
|
58
|
-
|
|
57
|
+
const pool = await this.client.getInsurancePoolBalance();
|
|
58
|
+
const bal = pool?.balance_wei;
|
|
59
|
+
return bal === undefined || bal === null ? 0n : BigInt(bal);
|
|
59
60
|
}
|
|
60
61
|
}
|
|
61
62
|
function decodeClaim(raw) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"insurance-adapter.js","sourceRoot":"","sources":["../../../../src/ports/agent/adapters/insurance-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AA0CH,MAAM,OAAO,mBAAmB;IACD;IAA7B,YAA6B,MAA2B;QAA3B,WAAM,GAAN,MAAM,CAAqB;IAAG,CAAC;IAE5D,KAAK,CAAC,SAAS,CAAC,GAA8B;QAC5C,MAAM,MAAM,
|
|
1
|
+
{"version":3,"file":"insurance-adapter.js","sourceRoot":"","sources":["../../../../src/ports/agent/adapters/insurance-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AA0CH,MAAM,OAAO,mBAAmB;IACD;IAA7B,YAA6B,MAA2B;QAA3B,WAAM,GAAN,MAAM,CAAqB;IAAG,CAAC;IAE5D,KAAK,CAAC,SAAS,CAAC,GAA8B;QAC5C,MAAM,MAAM,GAAoB;YAC9B,YAAY,EAAE,GAAG,CAAC,WAAW;YAC7B,gBAAgB,EAAE,GAAG,CAAC,eAAe;YACrC,iBAAiB,EAAE,GAAG,CAAC,eAAe;YACtC,gBAAgB,EAAE,GAAG,CAAC,eAAe,CAAC,QAAQ,EAAE;YAChD,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,YAAY,EAAE,CAAC,GAAG,GAAG,CAAC,WAAW,CAAC;YAClC,GAAG,CAAC,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACrE,CAAC;QACF,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAa,CAAC;QACvE,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe;QACvB,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAoB,CAAC;QAC9E,OAAO,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAe,CAAC;QACnD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,GAA2B,EAAE,CAAC;QACvC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,GAAG,KAAK,IAAI;gBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,uBAAuB,EAAE,CAAC;QACzD,MAAM,GAAG,GAAG,IAAI,EAAE,WAAW,CAAC;QAC9B,OAAO,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC9D,CAAC;CACF;AAED,SAAS,WAAW,CAAC,GAAa;IAChC,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC;IAC5C,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;IACvD,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC;IAClD,MAAM,MAAM,GAAG,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,aAAa,CAAC;IACvD,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC;IACrE,MAAM,aAAa,GAAG,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;IAC3D,MAAM,UAAU,GAAG,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3F,OAAO;QACL,OAAO;QACP,WAAW,EAAE,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,WAAW,IAAI,EAAE;QACtD,eAAe,EAAE,GAAG,CAAC,gBAAgB,IAAI,GAAG,CAAC,eAAe,IAAI,EAAE;QAClE,eAAe,EAAE,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,eAAe,IAAI,EAAE;QACnE,eAAe,EACb,GAAG,CAAC,gBAAgB,KAAK,SAAS;YAChC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC;YAC9B,CAAC,CAAC,GAAG,CAAC,eAAe,KAAK,SAAS;gBACjC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC;gBAC7B,CAAC,CAAC,EAAE;QACV,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACrC,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,MAAM,EAAE,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC;QACnC,GAAG,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzD,GAAG,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnD,OAAO,EAAE,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,OAAO,IAAI,CAAC;KAC1C,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,GAAuB;IAC9C,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAClC,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;QAChB,KAAK,UAAU;YACb,OAAO,UAAU,CAAC;QACpB,KAAK,UAAU;YACb,OAAO,UAAU,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;QAChB;YACE,OAAO,MAAM,CAAC;IAClB,CAAC;AACH,CAAC"}
|
|
@@ -46,6 +46,8 @@ export interface FileInsuranceClaimRequest {
|
|
|
46
46
|
readonly claimantAddress: string;
|
|
47
47
|
readonly againstAgentDid: string;
|
|
48
48
|
readonly amountRequested: bigint;
|
|
49
|
+
/** Per-claimant nonce — folded into the deterministic claim id. */
|
|
50
|
+
readonly nonce: number;
|
|
49
51
|
readonly receiptRefs: readonly string[];
|
|
50
52
|
readonly narrative?: string;
|
|
51
53
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"insurance.d.ts","sourceRoot":"","sources":["../../../src/ports/agent/insurance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC;AAEpE,MAAM,WAAW,oBAAoB;IACnC,sDAAsD;IACtD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,gCAAgC;IAChC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,gEAAgE;IAChE,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,mDAAmD;IACnD,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,4CAA4C;IAC5C,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC;;;OAGG;IACH,QAAQ,CAAC,WAAW,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC,qEAAqE;IACrE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,sDAAsD;IACtD,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,kCAAkC;IAClC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,wCAAwC;IACxC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,WAAW,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,sEAAsE;IACtE,SAAS,CAAC,GAAG,EAAE,yBAAyB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEzE,kEAAkE;IAClE,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IAE3D,+CAA+C;IAC/C,IAAI,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAAC;IAExC;;;OAGG;IACH,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CAChC"}
|
|
1
|
+
{"version":3,"file":"insurance.d.ts","sourceRoot":"","sources":["../../../src/ports/agent/insurance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC;AAEpE,MAAM,WAAW,oBAAoB;IACnC,sDAAsD;IACtD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,gCAAgC;IAChC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,gEAAgE;IAChE,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,mDAAmD;IACnD,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,4CAA4C;IAC5C,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC;;;OAGG;IACH,QAAQ,CAAC,WAAW,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC,qEAAqE;IACrE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,sDAAsD;IACtD,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,kCAAkC;IAClC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,wCAAwC;IACxC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,mEAAmE;IACnE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,sEAAsE;IACtE,SAAS,CAAC,GAAG,EAAE,yBAAyB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEzE,kEAAkE;IAClE,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IAE3D,+CAA+C;IAC/C,IAAI,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAAC;IAExC;;;OAGG;IACH,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CAChC"}
|
|
@@ -2,10 +2,11 @@
|
|
|
2
2
|
* AttestedClockPort — TEE-attested timestamp envelope.
|
|
3
3
|
*
|
|
4
4
|
* Wallet usage: long-running operations (saga step deadlines,
|
|
5
|
-
* obligation expiries, AP2 mandate validity windows
|
|
5
|
+
* obligation expiries, AP2 mandate validity windows, parametric
|
|
6
|
+
* insurance trigger windows, margin-call grace periods) need a
|
|
6
7
|
* tamper-resistant timestamp. The wallet asks the node for an
|
|
7
|
-
* attested-clock envelope, surfaces
|
|
8
|
-
*
|
|
8
|
+
* attested-clock envelope, surfaces `wallMs` to the user, and binds
|
|
9
|
+
* the envelope into the operation it's signing.
|
|
9
10
|
*/
|
|
10
11
|
export interface AttestedTimestamp {
|
|
11
12
|
readonly wallMs: number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attested-clock.d.ts","sourceRoot":"","sources":["../../../src/ports/attested-clock/attested-clock.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"attested-clock.d.ts","sourceRoot":"","sources":["../../../src/ports/attested-clock/attested-clock.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,GAAG,IAAI,OAAO,CAAC,iBAAiB,CAAC,CAAC;CACnC"}
|
|
@@ -2,10 +2,11 @@
|
|
|
2
2
|
* AttestedClockPort — TEE-attested timestamp envelope.
|
|
3
3
|
*
|
|
4
4
|
* Wallet usage: long-running operations (saga step deadlines,
|
|
5
|
-
* obligation expiries, AP2 mandate validity windows
|
|
5
|
+
* obligation expiries, AP2 mandate validity windows, parametric
|
|
6
|
+
* insurance trigger windows, margin-call grace periods) need a
|
|
6
7
|
* tamper-resistant timestamp. The wallet asks the node for an
|
|
7
|
-
* attested-clock envelope, surfaces
|
|
8
|
-
*
|
|
8
|
+
* attested-clock envelope, surfaces `wallMs` to the user, and binds
|
|
9
|
+
* the envelope into the operation it's signing.
|
|
9
10
|
*/
|
|
10
11
|
export {};
|
|
11
12
|
//# sourceMappingURL=attested-clock.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attested-clock.js","sourceRoot":"","sources":["../../../src/ports/attested-clock/attested-clock.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"attested-clock.js","sourceRoot":"","sources":["../../../src/ports/attested-clock/attested-clock.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG"}
|
|
@@ -2,17 +2,14 @@
|
|
|
2
2
|
* BridgeFeePort — destination-native bridge fees paid in TNZO.
|
|
3
3
|
*
|
|
4
4
|
* Wallet usage:
|
|
5
|
-
* 1. Quote:
|
|
6
|
-
* destination-native bridge fee,
|
|
7
|
-
* 2. Sponsor:
|
|
8
|
-
*
|
|
9
|
-
*
|
|
10
|
-
* 3. Analytics: the wallet UI shows the user their own per-key
|
|
11
|
-
* Compute Unit consumption + call counters.
|
|
5
|
+
* 1. Quote: ask the node for the TNZO-denominated cost of a
|
|
6
|
+
* destination-native bridge fee, surface it to the signer.
|
|
7
|
+
* 2. Sponsor: debit TNZO from the user, credit the per-adapter
|
|
8
|
+
* sponsorship-pool vault.
|
|
9
|
+
* 3. Analytics: subject self-read of CU consumption + counters.
|
|
12
10
|
*
|
|
13
|
-
* Admin paths (`setRate`, `setRefillThreshold`) are
|
|
14
|
-
* gated by `X-Tenzro-Admin-Token
|
|
15
|
-
* the host is running in operator mode.
|
|
11
|
+
* Admin paths (`setRate`, `setRefillThreshold`, `listAnalytics`) are
|
|
12
|
+
* operator-only and gated by `X-Tenzro-Admin-Token` at the node layer.
|
|
16
13
|
*/
|
|
17
14
|
export interface QuoteBridgeFeeRequest {
|
|
18
15
|
readonly adapter: string;
|
|
@@ -25,10 +22,6 @@ export interface BridgeFeeQuote {
|
|
|
25
22
|
readonly nativeFeeSmallestUnit: string;
|
|
26
23
|
readonly tnzoAmountWei: string;
|
|
27
24
|
readonly oracleBacking: string;
|
|
28
|
-
readonly quoteIdHex?: string;
|
|
29
|
-
readonly issuedAtMs?: number;
|
|
30
|
-
readonly validUntilMs?: number;
|
|
31
|
-
readonly rateQ18Hex?: string;
|
|
32
25
|
}
|
|
33
26
|
export interface BridgeSponsorshipPool {
|
|
34
27
|
readonly adapter: string;
|
|
@@ -73,6 +66,7 @@ export interface BridgeKeyAnalytics {
|
|
|
73
66
|
readonly errorsTotal: number;
|
|
74
67
|
readonly callsByMethod: Readonly<Record<string, number>>;
|
|
75
68
|
readonly errorsByMethod: Readonly<Record<string, number>>;
|
|
69
|
+
/** Compute Units consumed (sum of per-method weights on success). */
|
|
76
70
|
readonly cuConsumedTotal: number;
|
|
77
71
|
readonly firstSeenAt?: number;
|
|
78
72
|
readonly lastCalledAt?: number;
|
|
@@ -84,9 +78,10 @@ export interface BridgeFeePort {
|
|
|
84
78
|
sponsor(req: SponsorBridgeFeeRequest): Promise<BridgeSponsorshipReceipt>;
|
|
85
79
|
/** Subject self-read of the caller's own analytics. */
|
|
86
80
|
getAnalytics(): Promise<BridgeKeyAnalytics>;
|
|
87
|
-
/** Admin-
|
|
81
|
+
/** Admin-token-gated. */
|
|
88
82
|
setRate(req: SetBridgeFeeRateRequest): Promise<unknown>;
|
|
89
83
|
setRefillThreshold(adapter: string, refillThresholdBps: number): Promise<unknown>;
|
|
84
|
+
/** Admin-token-gated cross-tenant read. */
|
|
90
85
|
listAnalytics(keyId?: string): Promise<readonly BridgeKeyAnalytics[]>;
|
|
91
86
|
}
|
|
92
87
|
//# sourceMappingURL=bridge-fee.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bridge-fee.d.ts","sourceRoot":"","sources":["../../../src/ports/bridge-fee/bridge-fee.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"bridge-fee.d.ts","sourceRoot":"","sources":["../../../src/ports/bridge-fee/bridge-fee.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,qBAAqB,EAAE,MAAM,CAAC;CACxC;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,qBAAqB,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,6BAA6B,EAAE,MAAM,CAAC;IAC/C,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;CACtC;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,qBAAqB,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,2BAA2B,EAAE,MAAM,CAAC;IAC7C,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACzD,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC1D,qEAAqE;IACrE,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;CACtC;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAC3D,oBAAoB,IAAI,OAAO,CAAC,SAAS,qBAAqB,EAAE,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,EAAE,uBAAuB,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAAC;IACzE,uDAAuD;IACvD,YAAY,IAAI,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC5C,yBAAyB;IACzB,OAAO,CAAC,GAAG,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACxD,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAClF,2CAA2C;IAC3C,aAAa,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,kBAAkB,EAAE,CAAC,CAAC;CACvE"}
|
|
@@ -2,17 +2,14 @@
|
|
|
2
2
|
* BridgeFeePort — destination-native bridge fees paid in TNZO.
|
|
3
3
|
*
|
|
4
4
|
* Wallet usage:
|
|
5
|
-
* 1. Quote:
|
|
6
|
-
* destination-native bridge fee,
|
|
7
|
-
* 2. Sponsor:
|
|
8
|
-
*
|
|
9
|
-
*
|
|
10
|
-
* 3. Analytics: the wallet UI shows the user their own per-key
|
|
11
|
-
* Compute Unit consumption + call counters.
|
|
5
|
+
* 1. Quote: ask the node for the TNZO-denominated cost of a
|
|
6
|
+
* destination-native bridge fee, surface it to the signer.
|
|
7
|
+
* 2. Sponsor: debit TNZO from the user, credit the per-adapter
|
|
8
|
+
* sponsorship-pool vault.
|
|
9
|
+
* 3. Analytics: subject self-read of CU consumption + counters.
|
|
12
10
|
*
|
|
13
|
-
* Admin paths (`setRate`, `setRefillThreshold`) are
|
|
14
|
-
* gated by `X-Tenzro-Admin-Token
|
|
15
|
-
* the host is running in operator mode.
|
|
11
|
+
* Admin paths (`setRate`, `setRefillThreshold`, `listAnalytics`) are
|
|
12
|
+
* operator-only and gated by `X-Tenzro-Admin-Token` at the node layer.
|
|
16
13
|
*/
|
|
17
14
|
export {};
|
|
18
15
|
//# sourceMappingURL=bridge-fee.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bridge-fee.js","sourceRoot":"","sources":["../../../src/ports/bridge-fee/bridge-fee.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"bridge-fee.js","sourceRoot":"","sources":["../../../src/ports/bridge-fee/bridge-fee.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG"}
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Dual-mode Canton provider resolution.
|
|
3
|
+
*
|
|
4
|
+
* The wallet talks to a Canton participant in one of two ways, and BOTH flow
|
|
5
|
+
* through the same self-custody `CantonValidatorPort` / `LedgerApiAdapter` — the
|
|
6
|
+
* wallet ALWAYS signs locally via the Interactive Submission Service. The mode
|
|
7
|
+
* only changes (a) which base URLs the adapter points at and (b) how each
|
|
8
|
+
* request authenticates. It never moves signing off the wallet.
|
|
9
|
+
*
|
|
10
|
+
* 1. **BYO Canton node** (self-hosted participant). The operator runs their
|
|
11
|
+
* own Canton participant + Splice validator-app. The wallet holds the
|
|
12
|
+
* party key and signs locally; auth is the operator's own Canton JWT sent
|
|
13
|
+
* as `Authorization: Bearer <jwt>`, OR the BYO-issuer escape hatch
|
|
14
|
+
* `X-Canton-Auth: Bearer <jwt>` when the operator's issuer differs from
|
|
15
|
+
* the participant's default identity provider.
|
|
16
|
+
*
|
|
17
|
+
* 2. **Tenzro Network-provided Canton**. The wallet points at a Tenzro node's
|
|
18
|
+
* Canton surface; auth is a `tnz_...` API key in `X-Tenzro-Api-Key`. The
|
|
19
|
+
* Tenzro node resolves the key to a tenant, server-mints the tenant's
|
|
20
|
+
* Canton JWT, and forwards the request to its Canton participant. The
|
|
21
|
+
* wallet never sees the Canton JWT — its only credential is the API key.
|
|
22
|
+
*
|
|
23
|
+
* This module produces a `LedgerApiAdapterConfig` for either mode; the kernel
|
|
24
|
+
* passes that to `new LedgerApiAdapter(cfg)` and threads the port into the
|
|
25
|
+
* canton-internal / canton-external surfaces unchanged.
|
|
26
|
+
*/
|
|
27
|
+
import type { LedgerApiAdapterConfig } from './adapters/ledger-api-adapter.js';
|
|
28
|
+
/** BYO Canton node: self-hosted participant, wallet-held auth. */
|
|
29
|
+
export interface ByoCantonProviderConfig {
|
|
30
|
+
readonly mode: 'byo-node';
|
|
31
|
+
/** JSON Ledger API base URL, e.g. `https://canton.acme.example:7575`. */
|
|
32
|
+
readonly ledgerBaseUrl: string;
|
|
33
|
+
/** Splice validator-app base URL, e.g. `https://canton.acme.example:5003`. */
|
|
34
|
+
readonly validatorBaseUrl: string;
|
|
35
|
+
/** Canton user id for prepare/execute + completion filters. */
|
|
36
|
+
readonly userId: string;
|
|
37
|
+
/** Canton JWT getter. Cache/refresh inside the closure as needed. */
|
|
38
|
+
readonly token: () => Promise<string>;
|
|
39
|
+
/**
|
|
40
|
+
* When true, send the JWT as `X-Canton-Auth: Bearer <jwt>` instead of the
|
|
41
|
+
* standard `Authorization` header — the BYO-issuer escape hatch for an
|
|
42
|
+
* operator whose token issuer differs from the participant's default IDP.
|
|
43
|
+
*/
|
|
44
|
+
readonly useCantonAuthHeader?: boolean;
|
|
45
|
+
readonly fetch?: typeof fetch;
|
|
46
|
+
}
|
|
47
|
+
/** Tenzro Network-provided Canton: node-mediated, API-key auth. */
|
|
48
|
+
export interface TenzroCantonProviderConfig {
|
|
49
|
+
readonly mode: 'tenzro-network';
|
|
50
|
+
/**
|
|
51
|
+
* Base URL of the Tenzro node's Canton surface. The node exposes the same
|
|
52
|
+
* JSON Ledger API shape under this origin and resolves the API key to a
|
|
53
|
+
* tenant before forwarding. Both ledger + validator calls go here — the
|
|
54
|
+
* node fronts both, so one base URL drives both seams.
|
|
55
|
+
*/
|
|
56
|
+
readonly baseUrl: string;
|
|
57
|
+
/** Canton user id for prepare/execute + completion filters. */
|
|
58
|
+
readonly userId: string;
|
|
59
|
+
/**
|
|
60
|
+
* `tnz_...` API key getter. The node server-mints the tenant's Canton JWT
|
|
61
|
+
* from this; the wallet never holds the Canton JWT. Cache/refresh inside the
|
|
62
|
+
* closure as needed.
|
|
63
|
+
*/
|
|
64
|
+
readonly apiKey: () => Promise<string>;
|
|
65
|
+
readonly fetch?: typeof fetch;
|
|
66
|
+
}
|
|
67
|
+
export type CantonProviderConfig = ByoCantonProviderConfig | TenzroCantonProviderConfig;
|
|
68
|
+
/**
|
|
69
|
+
* Resolve a `CantonProviderConfig` to the `LedgerApiAdapterConfig` the kernel
|
|
70
|
+
* feeds to `new LedgerApiAdapter(...)`. The only per-mode differences are the
|
|
71
|
+
* base URLs and the auth-header builder; everything downstream (prepare/sign/
|
|
72
|
+
* execute, content verification, completion tailing) is mode-agnostic.
|
|
73
|
+
*/
|
|
74
|
+
export declare function resolveCantonAdapterConfig(provider: CantonProviderConfig): LedgerApiAdapterConfig;
|
|
75
|
+
//# sourceMappingURL=canton-provider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"canton-provider.d.ts","sourceRoot":"","sources":["../../../src/ports/canton/canton-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,kCAAkC,CAAC;AAE/E,kEAAkE;AAClE,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,yEAAyE;IACzE,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,8EAA8E;IAC9E,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,+DAA+D;IAC/D,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,qEAAqE;IACrE,QAAQ,CAAC,KAAK,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC;;;;OAIG;IACH,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IACvC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CAC/B;AAED,mEAAmE;AACnE,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,+DAA+D;IAC/D,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IACvC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CAC/B;AAED,MAAM,MAAM,oBAAoB,GAAG,uBAAuB,GAAG,0BAA0B,CAAC;AAExF;;;;;GAKG;AACH,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,oBAAoB,GAC7B,sBAAsB,CAoCxB"}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Dual-mode Canton provider resolution.
|
|
3
|
+
*
|
|
4
|
+
* The wallet talks to a Canton participant in one of two ways, and BOTH flow
|
|
5
|
+
* through the same self-custody `CantonValidatorPort` / `LedgerApiAdapter` — the
|
|
6
|
+
* wallet ALWAYS signs locally via the Interactive Submission Service. The mode
|
|
7
|
+
* only changes (a) which base URLs the adapter points at and (b) how each
|
|
8
|
+
* request authenticates. It never moves signing off the wallet.
|
|
9
|
+
*
|
|
10
|
+
* 1. **BYO Canton node** (self-hosted participant). The operator runs their
|
|
11
|
+
* own Canton participant + Splice validator-app. The wallet holds the
|
|
12
|
+
* party key and signs locally; auth is the operator's own Canton JWT sent
|
|
13
|
+
* as `Authorization: Bearer <jwt>`, OR the BYO-issuer escape hatch
|
|
14
|
+
* `X-Canton-Auth: Bearer <jwt>` when the operator's issuer differs from
|
|
15
|
+
* the participant's default identity provider.
|
|
16
|
+
*
|
|
17
|
+
* 2. **Tenzro Network-provided Canton**. The wallet points at a Tenzro node's
|
|
18
|
+
* Canton surface; auth is a `tnz_...` API key in `X-Tenzro-Api-Key`. The
|
|
19
|
+
* Tenzro node resolves the key to a tenant, server-mints the tenant's
|
|
20
|
+
* Canton JWT, and forwards the request to its Canton participant. The
|
|
21
|
+
* wallet never sees the Canton JWT — its only credential is the API key.
|
|
22
|
+
*
|
|
23
|
+
* This module produces a `LedgerApiAdapterConfig` for either mode; the kernel
|
|
24
|
+
* passes that to `new LedgerApiAdapter(cfg)` and threads the port into the
|
|
25
|
+
* canton-internal / canton-external surfaces unchanged.
|
|
26
|
+
*/
|
|
27
|
+
/**
|
|
28
|
+
* Resolve a `CantonProviderConfig` to the `LedgerApiAdapterConfig` the kernel
|
|
29
|
+
* feeds to `new LedgerApiAdapter(...)`. The only per-mode differences are the
|
|
30
|
+
* base URLs and the auth-header builder; everything downstream (prepare/sign/
|
|
31
|
+
* execute, content verification, completion tailing) is mode-agnostic.
|
|
32
|
+
*/
|
|
33
|
+
export function resolveCantonAdapterConfig(provider) {
|
|
34
|
+
if (provider.mode === 'tenzro-network') {
|
|
35
|
+
const base = {
|
|
36
|
+
ledgerBaseUrl: provider.baseUrl,
|
|
37
|
+
validatorBaseUrl: provider.baseUrl,
|
|
38
|
+
userId: provider.userId,
|
|
39
|
+
// `token` is unused when `authHeaders` is set, but the interface requires
|
|
40
|
+
// it. Throw if anything ever falls through to it — that'd be a bug.
|
|
41
|
+
token: () => Promise.reject(new Error('tenzro-network canton: token() must not be called — auth is the API key')),
|
|
42
|
+
authHeaders: async () => ({ 'x-tenzro-api-key': await provider.apiKey() }),
|
|
43
|
+
...(provider.fetch !== undefined ? { fetch: provider.fetch } : {}),
|
|
44
|
+
};
|
|
45
|
+
return base;
|
|
46
|
+
}
|
|
47
|
+
// BYO node.
|
|
48
|
+
const base = {
|
|
49
|
+
ledgerBaseUrl: provider.ledgerBaseUrl,
|
|
50
|
+
validatorBaseUrl: provider.validatorBaseUrl,
|
|
51
|
+
userId: provider.userId,
|
|
52
|
+
token: provider.token,
|
|
53
|
+
...(provider.useCantonAuthHeader
|
|
54
|
+
? {
|
|
55
|
+
authHeaders: async () => ({
|
|
56
|
+
'x-canton-auth': `Bearer ${await provider.token()}`,
|
|
57
|
+
}),
|
|
58
|
+
}
|
|
59
|
+
: {}),
|
|
60
|
+
...(provider.fetch !== undefined ? { fetch: provider.fetch } : {}),
|
|
61
|
+
};
|
|
62
|
+
return base;
|
|
63
|
+
}
|
|
64
|
+
//# sourceMappingURL=canton-provider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"canton-provider.js","sourceRoot":"","sources":["../../../src/ports/canton/canton-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AA+CH;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CACxC,QAA8B;IAE9B,IAAI,QAAQ,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACvC,MAAM,IAAI,GAA2B;YACnC,aAAa,EAAE,QAAQ,CAAC,OAAO;YAC/B,gBAAgB,EAAE,QAAQ,CAAC,OAAO;YAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,0EAA0E;YAC1E,oEAAoE;YACpE,KAAK,EAAE,GAAG,EAAE,CACV,OAAO,CAAC,MAAM,CACZ,IAAI,KAAK,CACP,yEAAyE,CAC1E,CACF;YACH,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,kBAAkB,EAAE,MAAM,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1E,GAAG,CAAC,QAAQ,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY;IACZ,MAAM,IAAI,GAA2B;QACnC,aAAa,EAAE,QAAQ,CAAC,aAAa;QACrC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,GAAG,CAAC,QAAQ,CAAC,mBAAmB;YAC9B,CAAC,CAAC;gBACE,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;oBACxB,eAAe,EAAE,UAAU,MAAM,QAAQ,CAAC,KAAK,EAAE,EAAE;iBACpD,CAAC;aACH;YACH,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,QAAQ,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACnE,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -23,8 +23,22 @@ export interface CantonHttpConfig {
|
|
|
23
23
|
/**
|
|
24
24
|
* Async token getter. Called per-request — the implementation can cache
|
|
25
25
|
* and refresh as it likes. Throwing here surfaces as a request failure.
|
|
26
|
+
*
|
|
27
|
+
* In the default (BYO Canton node) auth model this is the Canton JWT,
|
|
28
|
+
* sent as `Authorization: Bearer <token>`. When `authHeaders` is set it
|
|
29
|
+
* takes precedence and `token` is ignored — that's the Tenzro-provided
|
|
30
|
+
* model, where the auth is a `tnz_...` API key in `X-Tenzro-Api-Key` and
|
|
31
|
+
* the node server-mints the Canton JWT.
|
|
26
32
|
*/
|
|
27
33
|
readonly token: () => Promise<string>;
|
|
34
|
+
/**
|
|
35
|
+
* Optional per-request auth header builder. When present it FULLY replaces
|
|
36
|
+
* the default `Authorization: Bearer` behaviour — the returned record is
|
|
37
|
+
* spread into the request headers verbatim. Use this for the Tenzro-
|
|
38
|
+
* provided model (`X-Tenzro-Api-Key`) or the BYO-issuer escape hatch
|
|
39
|
+
* (`X-Canton-Auth`). Called per-request; may cache/refresh internally.
|
|
40
|
+
*/
|
|
41
|
+
readonly authHeaders?: () => Promise<Record<string, string>>;
|
|
28
42
|
/**
|
|
29
43
|
* Optional `fetch` override. Defaults to `globalThis.fetch`. Tests inject
|
|
30
44
|
* a mock; real builds typically leave it unset.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../../src/ports/canton/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,4EAA4E;IAC5E,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,iFAAiF;IACjF,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC
|
|
1
|
+
{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../../src/ports/canton/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,4EAA4E;IAC5E,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,iFAAiF;IACjF,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC;;;;;;;;;OASG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC;;;;;;OAMG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7D;;;OAGG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CAC/B;AAYD,qBAAa,eAAgB,SAAQ,KAAK;IAEtC,QAAQ,CAAC,MAAM,EAAE,MAAM;IACvB,QAAQ,CAAC,GAAG,EAAE,MAAM;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM;gBAFZ,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM;CAKxB;AAED;;;;;;GAMG;AACH,wBAAsB,QAAQ,CAAC,IAAI,EAAE,IAAI,EACvC,GAAG,EAAE,gBAAgB,EACrB,IAAI,EAAE,QAAQ,GAAG,WAAW,EAC5B,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,IAAI,GACT,OAAO,CAAC,IAAI,CAAC,CAmBf;AAED,kEAAkE;AAClE,wBAAsB,OAAO,CAAC,IAAI,EAChC,GAAG,EAAE,gBAAgB,EACrB,IAAI,EAAE,QAAQ,GAAG,WAAW,EAC5B,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC,CAef;AAED;;;;;;;;GAQG;AACH,wBAAuB,YAAY,CAAC,CAAC,EACnC,GAAG,EAAE,gBAAgB,EACrB,IAAI,EAAE,QAAQ,GAAG,WAAW,EAC5B,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,OAAO,EACb,MAAM,CAAC,EAAE,WAAW,GACnB,aAAa,CAAC,CAAC,CAAC,CA2ClB;AAiCD,qEAAqE;AACrE,wBAAgB,YAAY,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAKtD;AAED,8BAA8B;AAC9B,wBAAgB,YAAY,CAAC,CAAC,EAAE,MAAM,GAAG,UAAU,CAKlD"}
|
|
@@ -15,6 +15,16 @@
|
|
|
15
15
|
* doesn't manage the OAuth dance, that lives in the host app or the node-
|
|
16
16
|
* side `/wallet/*` endpoints.
|
|
17
17
|
*/
|
|
18
|
+
/**
|
|
19
|
+
* Resolve the auth headers for a request. `authHeaders` wins when set
|
|
20
|
+
* (Tenzro-provided / BYO-issuer escape hatch); otherwise fall back to the
|
|
21
|
+
* default `Authorization: Bearer <token>` (BYO Canton node, self-minted JWT).
|
|
22
|
+
*/
|
|
23
|
+
async function resolveAuthHeaders(cfg) {
|
|
24
|
+
if (cfg.authHeaders)
|
|
25
|
+
return cfg.authHeaders();
|
|
26
|
+
return { authorization: `Bearer ${await cfg.token()}` };
|
|
27
|
+
}
|
|
18
28
|
export class CantonHttpError extends Error {
|
|
19
29
|
status;
|
|
20
30
|
url;
|
|
@@ -37,7 +47,7 @@ export class CantonHttpError extends Error {
|
|
|
37
47
|
export async function postJson(cfg, base, path, body) {
|
|
38
48
|
const baseUrl = base === 'ledger' ? cfg.ledgerBaseUrl : cfg.validatorBaseUrl;
|
|
39
49
|
const url = `${stripTrailingSlash(baseUrl)}${path}`;
|
|
40
|
-
const
|
|
50
|
+
const auth = await resolveAuthHeaders(cfg);
|
|
41
51
|
const f = cfg.fetch ?? globalThis.fetch;
|
|
42
52
|
if (!f)
|
|
43
53
|
throw new Error('canton http: no fetch implementation available');
|
|
@@ -45,7 +55,7 @@ export async function postJson(cfg, base, path, body) {
|
|
|
45
55
|
method: 'POST',
|
|
46
56
|
headers: {
|
|
47
57
|
'content-type': 'application/json',
|
|
48
|
-
|
|
58
|
+
...auth,
|
|
49
59
|
},
|
|
50
60
|
body: JSON.stringify(body, replacer),
|
|
51
61
|
});
|
|
@@ -59,13 +69,13 @@ export async function postJson(cfg, base, path, body) {
|
|
|
59
69
|
export async function getJson(cfg, base, path) {
|
|
60
70
|
const baseUrl = base === 'ledger' ? cfg.ledgerBaseUrl : cfg.validatorBaseUrl;
|
|
61
71
|
const url = `${stripTrailingSlash(baseUrl)}${path}`;
|
|
62
|
-
const
|
|
72
|
+
const auth = await resolveAuthHeaders(cfg);
|
|
63
73
|
const f = cfg.fetch ?? globalThis.fetch;
|
|
64
74
|
if (!f)
|
|
65
75
|
throw new Error('canton http: no fetch implementation available');
|
|
66
76
|
const res = await f(url, {
|
|
67
77
|
method: 'GET',
|
|
68
|
-
headers: {
|
|
78
|
+
headers: { ...auth },
|
|
69
79
|
});
|
|
70
80
|
if (!res.ok) {
|
|
71
81
|
const text = await safeText(res);
|
|
@@ -85,7 +95,7 @@ export async function getJson(cfg, base, path) {
|
|
|
85
95
|
export async function* streamNdjson(cfg, base, path, body, signal) {
|
|
86
96
|
const baseUrl = base === 'ledger' ? cfg.ledgerBaseUrl : cfg.validatorBaseUrl;
|
|
87
97
|
const url = `${stripTrailingSlash(baseUrl)}${path}`;
|
|
88
|
-
const
|
|
98
|
+
const auth = await resolveAuthHeaders(cfg);
|
|
89
99
|
const f = cfg.fetch ?? globalThis.fetch;
|
|
90
100
|
if (!f)
|
|
91
101
|
throw new Error('canton http: no fetch implementation available');
|
|
@@ -94,7 +104,7 @@ export async function* streamNdjson(cfg, base, path, body, signal) {
|
|
|
94
104
|
headers: {
|
|
95
105
|
'content-type': 'application/json',
|
|
96
106
|
accept: 'application/x-ndjson, application/json',
|
|
97
|
-
|
|
107
|
+
...auth,
|
|
98
108
|
},
|
|
99
109
|
body: JSON.stringify(body, replacer),
|
|
100
110
|
...(signal !== undefined ? { signal } : {}),
|