@0xsequence/wallet-core 0.0.0-20250520201059

package/dist/signers/session/explicit.js

@@ -0,0 +1,126 @@
+import { Permission, SessionSignature, Utils } from '@0xsequence/wallet-primitives';
+import { AbiParameters, Address, Bytes, Hash, Hex } from 'ox';
+import { MemoryPkStore } from '../pk/index.js';
+export class Explicit {
+    _privateKey;
+    address;
+    sessionPermissions;
+    constructor(privateKey, sessionPermissions) {
+        this._privateKey = typeof privateKey === 'string' ? new MemoryPkStore(privateKey) : privateKey;
+        this.address = this._privateKey.address();
+        this.sessionPermissions = {
+            ...sessionPermissions,
+            signer: this.address,
+        };
+    }
+    async findSupportedPermission(wallet, _chainId, call, provider) {
+        // Wallet and signer are encoded as a prefix for the usage hash
+        const limitHashPrefix = Hash.keccak256(AbiParameters.encode([
+            { type: 'address', name: 'wallet' },
+            { type: 'address', name: 'signer' },
+        ], [wallet, this.address]));
+        for (const [permissionIndex, permission] of this.sessionPermissions.permissions.entries()) {
+            // Encode the permission and permission index as a parameter for the usage hash
+            const encodeParams = [
+                { type: 'bytes32', name: 'limitHashPrefix' },
+                Permission.permissionStructAbi,
+                { type: 'uint256', name: 'permissionIndex' },
+            ];
+            const usageHash = Hash.keccak256(AbiParameters.encode(encodeParams, [
+                limitHashPrefix,
+                {
+                    target: permission.target,
+                    rules: permission.rules.map((rule) => ({
+                        cumulative: rule.cumulative,
+                        operation: rule.operation,
+                        value: Bytes.toHex(Bytes.padRight(rule.value, 32)),
+                        offset: rule.offset,
+                        mask: Bytes.toHex(Bytes.padRight(rule.mask, 32)),
+                    })),
+                },
+                BigInt(permissionIndex),
+            ]));
+            // Validate the permission
+            if (await validatePermission(permission, call, provider, usageHash)) {
+                return permission;
+            }
+        }
+        return undefined;
+    }
+    async supportedCall(wallet, chainId, call, provider) {
+        //FIXME Should this be stateful to support cumulative rules within a payload?
+        const permission = await this.findSupportedPermission(wallet, chainId, call, provider);
+        if (!permission) {
+            return false;
+        }
+        return true;
+    }
+    async signCall(wallet, chainId, call, nonce, provider) {
+        // Find the valid permission for this call
+        const permission = await this.findSupportedPermission(wallet, chainId, call, provider);
+        if (!permission) {
+            // This covers the support check
+            throw new Error('Invalid permission');
+        }
+        const permissionIndex = this.sessionPermissions.permissions.indexOf(permission);
+        if (permissionIndex === -1) {
+            // Unreachable
+            throw new Error('Invalid permission');
+        }
+        // Sign it
+        const callHash = SessionSignature.hashCallWithReplayProtection(call, chainId, nonce.space, nonce.nonce);
+        const sessionSignature = await this._privateKey.signDigest(Bytes.fromHex(callHash));
+        return {
+            permissionIndex: BigInt(permissionIndex),
+            sessionSignature,
+        };
+    }
+}
+async function validatePermission(permission, call, provider, usageHash) {
+    if (!Address.isEqual(permission.target, call.to)) {
+        return false;
+    }
+    for (const rule of permission.rules) {
+        // Extract value from calldata at offset
+        const callDataValue = Bytes.padRight(Bytes.fromHex(call.data).slice(Number(rule.offset), Number(rule.offset) + 32), 32);
+        // Apply mask
+        let value = callDataValue.map((b, i) => b & rule.mask[i]);
+        if (rule.cumulative) {
+            if (provider && usageHash) {
+                // Get the cumulative value from the contract storage
+                const storageSlot = Utils.getStorageSlotForMappingWithKey(Hex.toBigInt(usageHash), Hex.fromBytes(rule.value));
+                const storageValue = await provider.request({
+                    method: 'eth_getStorageAt',
+                    params: [permission.target, storageSlot, 'latest'],
+                });
+                // Increment the value
+                value = Bytes.padLeft(Bytes.fromNumber(Hex.toBigInt(storageValue) + Bytes.toBigInt(value)), 32);
+            }
+            else {
+                throw new Error('Cumulative rules require a provider and usage hash');
+            }
+        }
+        // Compare based on operation
+        if (rule.operation === Permission.ParameterOperation.EQUAL) {
+            if (!Bytes.isEqual(value, rule.value)) {
+                return false;
+            }
+        }
+        if (rule.operation === Permission.ParameterOperation.LESS_THAN_OR_EQUAL) {
+            if (Bytes.toBigInt(value) > Bytes.toBigInt(rule.value)) {
+                return false;
+            }
+        }
+        if (rule.operation === Permission.ParameterOperation.NOT_EQUAL) {
+            if (Bytes.isEqual(value, rule.value)) {
+                return false;
+            }
+        }
+        if (rule.operation === Permission.ParameterOperation.GREATER_THAN_OR_EQUAL) {
+            if (Bytes.toBigInt(value) < Bytes.toBigInt(rule.value)) {
+                return false;
+            }
+        }
+    }
+    return true;
+}

package/dist/signers/session/implicit.d.ts

@@ -0,0 +1,20 @@
+import { Attestation, Payload, Signature as SequenceSignature, SessionSignature } from '@0xsequence/wallet-primitives';
+import { Address, Hex, Provider } from 'ox';
+import { PkStore } from '../pk/index.js';
+import { SessionSigner } from './session.js';
+export type AttestationParams = Omit<Attestation.Attestation, 'approvedSigner'>;
+export declare class Implicit implements SessionSigner {
+    private readonly _attestation;
+    private readonly _sessionManager;
+    private readonly _privateKey;
+    private readonly _identitySignature;
+    readonly address: Address.Address;
+    constructor(privateKey: Hex.Hex | PkStore, _attestation: Attestation.Attestation, identitySignature: SequenceSignature.RSY | Hex.Hex, _sessionManager: Address.Address);
+    get identitySigner(): Address.Address;
+    supportedCall(wallet: Address.Address, _chainId: bigint, call: Payload.Call, provider?: Provider.Provider): Promise<boolean>;
+    signCall(wallet: Address.Address, chainId: bigint, call: Payload.Call, nonce: {
+        space: bigint;
+        nonce: bigint;
+    }, provider?: Provider.Provider): Promise<SessionSignature.SessionCallSignature>;
+}
+//# sourceMappingURL=implicit.d.ts.map

package/dist/signers/session/implicit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"implicit.d.ts","sourceRoot":"","sources":["../../../src/signers/session/implicit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,SAAS,IAAI,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAA;AACtH,OAAO,EAAe,OAAO,EAAS,GAAG,EAAE,QAAQ,EAAwB,MAAM,IAAI,CAAA;AACrF,OAAO,EAAiB,OAAO,EAAE,MAAM,gBAAgB,CAAA;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AAE5C,MAAM,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAA;AAE/E,qBAAa,QAAS,YAAW,aAAa;IAO1C,OAAO,CAAC,QAAQ,CAAC,YAAY;IAE7B,OAAO,CAAC,QAAQ,CAAC,eAAe;IARlC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAuB;IAC1D,SAAgB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAA;gBAGtC,UAAU,EAAE,GAAG,CAAC,GAAG,GAAG,OAAO,EACZ,YAAY,EAAE,WAAW,CAAC,WAAW,EACtD,iBAAiB,EAAE,iBAAiB,CAAC,GAAG,GAAG,GAAG,CAAC,GAAG,EACjC,eAAe,EAAE,OAAO,CAAC,OAAO;IAWnD,IAAI,cAAc,IAAI,OAAO,CAAC,OAAO,CAKpC;IAEK,aAAa,CACjB,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,OAAO,CAAC,IAAI,EAClB,QAAQ,CAAC,EAAE,QAAQ,CAAC,QAAQ,GAC3B,OAAO,CAAC,OAAO,CAAC;IAyCb,QAAQ,CACZ,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,OAAO,CAAC,IAAI,EAClB,KAAK,EAAE;QACL,KAAK,EAAE,MAAM,CAAA;QACb,KAAK,EAAE,MAAM,CAAA;KACd,EACD,QAAQ,CAAC,EAAE,QAAQ,CAAC,QAAQ,GAC3B,OAAO,CAAC,gBAAgB,CAAC,oBAAoB,CAAC;CAalD"}

package/dist/signers/session/implicit.js

@@ -0,0 +1,120 @@
+import { Attestation, Payload, SessionSignature } from '@0xsequence/wallet-primitives';
+import { AbiFunction, Address, Bytes, Hex, Secp256k1, Signature } from 'ox';
+import { MemoryPkStore } from '../pk/index.js';
+export class Implicit {
+    _attestation;
+    _sessionManager;
+    _privateKey;
+    _identitySignature;
+    address;
+    constructor(privateKey, _attestation, identitySignature, _sessionManager) {
+        this._attestation = _attestation;
+        this._sessionManager = _sessionManager;
+        this._privateKey = typeof privateKey === 'string' ? new MemoryPkStore(privateKey) : privateKey;
+        this.address = this._privateKey.address();
+        if (this._attestation.approvedSigner !== this.address) {
+            throw new Error('Invalid attestation');
+        }
+        this._identitySignature =
+            typeof identitySignature === 'string' ? Signature.fromHex(identitySignature) : identitySignature;
+    }
+    get identitySigner() {
+        // Recover identity signer from attestions and identity signature
+        const attestationHash = Attestation.hash(this._attestation);
+        const identityPubKey = Secp256k1.recoverPublicKey({ payload: attestationHash, signature: this._identitySignature });
+        return Address.fromPublicKey(identityPubKey);
+    }
+    async supportedCall(wallet, _chainId, call, provider) {
+        if (!provider) {
+            throw new Error('Provider is required');
+        }
+        try {
+            // Call the acceptImplicitRequest function on the called contract
+            const encodedCallData = AbiFunction.encodeData(acceptImplicitRequestFunctionAbi, [
+                wallet,
+                {
+                    approvedSigner: this._attestation.approvedSigner,
+                    identityType: Bytes.toHex(this._attestation.identityType),
+                    issuerHash: Bytes.toHex(this._attestation.issuerHash),
+                    audienceHash: Bytes.toHex(this._attestation.audienceHash),
+                    applicationData: Bytes.toHex(this._attestation.applicationData),
+                    authData: this._attestation.authData,
+                },
+                {
+                    to: call.to,
+                    value: call.value,
+                    data: call.data,
+                    gasLimit: call.gasLimit,
+                    delegateCall: call.delegateCall,
+                    onlyFallback: call.onlyFallback,
+                    behaviorOnError: BigInt(Payload.encodeBehaviorOnError(call.behaviorOnError)),
+                },
+            ]);
+            const acceptImplicitRequestResult = await provider.request({
+                method: 'eth_call',
+                params: [{ from: this._sessionManager, to: call.to, data: encodedCallData }],
+            });
+            const acceptImplicitRequest = Hex.from(AbiFunction.decodeResult(acceptImplicitRequestFunctionAbi, acceptImplicitRequestResult));
+            const expectedResult = Bytes.toHex(Attestation.generateImplicitRequestMagic(this._attestation, wallet));
+            return acceptImplicitRequest === expectedResult;
+        }
+        catch (error) {
+            console.log('implicit signer unsupported call', call, error);
+            return false;
+        }
+    }
+    async signCall(wallet, chainId, call, nonce, provider) {
+        const isSupported = await this.supportedCall(wallet, chainId, call, provider);
+        if (!isSupported) {
+            throw new Error('Unsupported call');
+        }
+        const callHash = SessionSignature.hashCallWithReplayProtection(call, chainId, nonce.space, nonce.nonce);
+        const sessionSignature = await this._privateKey.signDigest(Bytes.fromHex(callHash));
+        return {
+            attestation: this._attestation,
+            identitySignature: this._identitySignature,
+            sessionSignature,
+        };
+    }
+}
+const acceptImplicitRequestFunctionAbi = {
+    type: 'function',
+    name: 'acceptImplicitRequest',
+    inputs: [
+        { name: 'wallet', type: 'address', internalType: 'address' },
+        {
+            name: 'attestation',
+            type: 'tuple',
+            internalType: 'struct Attestation',
+            components: [
+                { name: 'approvedSigner', type: 'address', internalType: 'address' },
+                { name: 'identityType', type: 'bytes4', internalType: 'bytes4' },
+                { name: 'issuerHash', type: 'bytes32', internalType: 'bytes32' },
+                { name: 'audienceHash', type: 'bytes32', internalType: 'bytes32' },
+                { name: 'applicationData', type: 'bytes', internalType: 'bytes' },
+                {
+                    internalType: 'struct AuthData',
+                    name: 'authData',
+                    type: 'tuple',
+                    components: [{ internalType: 'string', name: 'redirectUrl', type: 'string' }],
+                },
+            ],
+        },
+        {
+            name: 'call',
+            type: 'tuple',
+            internalType: 'struct Payload.Call',
+            components: [
+                { name: 'to', type: 'address', internalType: 'address' },
+                { name: 'value', type: 'uint256', internalType: 'uint256' },
+                { name: 'data', type: 'bytes', internalType: 'bytes' },
+                { name: 'gasLimit', type: 'uint256', internalType: 'uint256' },
+                { name: 'delegateCall', type: 'bool', internalType: 'bool' },
+                { name: 'onlyFallback', type: 'bool', internalType: 'bool' },
+                { name: 'behaviorOnError', type: 'uint256', internalType: 'uint256' },
+            ],
+        },
+    ],
+    outputs: [{ name: '', type: 'bytes32', internalType: 'bytes32' }],
+    stateMutability: 'view',
+};

package/dist/signers/session/index.d.ts

@@ -0,0 +1,4 @@
+export * from './explicit.js';
+export * from './implicit.js';
+export * from './session.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/signers/session/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/signers/session/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAA;AAC7B,cAAc,eAAe,CAAA;AAC7B,cAAc,cAAc,CAAA"}

package/dist/signers/session/index.js

@@ -0,0 +1,3 @@
+export * from './explicit.js';
+export * from './implicit.js';
+export * from './session.js';

package/dist/signers/session/session.d.ts

@@ -0,0 +1,11 @@
+import { Address, Provider } from 'ox';
+import { Payload, SessionSignature } from '@0xsequence/wallet-primitives';
+export interface SessionSigner {
+    address: Address.Address | Promise<Address.Address>;
+    supportedCall: (wallet: Address.Address, chainId: bigint, call: Payload.Call, provider?: Provider.Provider) => Promise<boolean>;
+    signCall: (wallet: Address.Address, chainId: bigint, call: Payload.Call, nonce: {
+        space: bigint;
+        nonce: bigint;
+    }, provider?: Provider.Provider) => Promise<SessionSignature.SessionCallSignature>;
+}
+//# sourceMappingURL=session.d.ts.map

package/dist/signers/session/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../src/signers/session/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAA;AACtC,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAA;AAEzE,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;IAGnD,aAAa,EAAE,CACb,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,OAAO,CAAC,IAAI,EAClB,QAAQ,CAAC,EAAE,QAAQ,CAAC,QAAQ,KACzB,OAAO,CAAC,OAAO,CAAC,CAAA;IAGrB,QAAQ,EAAE,CACR,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,OAAO,CAAC,IAAI,EAClB,KAAK,EAAE;QACL,KAAK,EAAE,MAAM,CAAA;QACb,KAAK,EAAE,MAAM,CAAA;KACd,EACD,QAAQ,CAAC,EAAE,QAAQ,CAAC,QAAQ,KACzB,OAAO,CAAC,gBAAgB,CAAC,oBAAoB,CAAC,CAAA;CACpD"}

package/dist/signers/session/session.js

@@ -0,0 +1 @@
+export {};

package/dist/signers/session-manager.d.ts

@@ -0,0 +1,33 @@
+import { Payload, SessionConfig, Signature as SignatureTypes } from '@0xsequence/wallet-primitives';
+import { Address, Hex, Provider } from 'ox';
+import * as State from '../state/index.js';
+import { Wallet } from '../wallet.js';
+import { SapientSigner } from './index.js';
+import { Explicit, Implicit } from './session/index.js';
+export type SessionManagerOptions = {
+    sessionManagerAddress: Address.Address;
+    stateProvider?: State.Provider;
+    implicitSigners: Implicit[];
+    explicitSigners: Explicit[];
+    provider?: Provider.Provider;
+};
+export declare const DefaultSessionManagerOptions: SessionManagerOptions;
+export declare class SessionManager implements SapientSigner {
+    readonly wallet: Wallet;
+    readonly stateProvider: State.Provider;
+    readonly address: Address.Address;
+    private readonly _implicitSigners;
+    private readonly _explicitSigners;
+    private readonly _provider?;
+    constructor(wallet: Wallet, options?: Partial<SessionManagerOptions>);
+    get imageHash(): Promise<Hex.Hex | undefined>;
+    getImageHash(): Promise<Hex.Hex | undefined>;
+    get topology(): Promise<SessionConfig.SessionsTopology>;
+    getTopology(): Promise<SessionConfig.SessionsTopology>;
+    withProvider(provider: Provider.Provider): SessionManager;
+    withImplicitSigner(signer: Implicit): SessionManager;
+    withExplicitSigner(signer: Explicit): SessionManager;
+    signSapient(wallet: Address.Address, chainId: bigint, payload: Payload.Parented, imageHash: Hex.Hex): Promise<SignatureTypes.SignatureOfSapientSignerLeaf>;
+    isValidSapientSignature(wallet: Address.Address, chainId: bigint, payload: Payload.Parented, signature: SignatureTypes.SignatureOfSapientSignerLeaf): Promise<boolean>;
+}
+//# sourceMappingURL=session-manager.d.ts.map

package/dist/signers/session-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-manager.d.ts","sourceRoot":"","sources":["../../src/signers/session-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,OAAO,EACP,aAAa,EAEb,SAAS,IAAI,cAAc,EAC5B,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAe,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAA;AACxD,OAAO,KAAK,KAAK,MAAM,mBAAmB,CAAA;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAA;AAC1C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAEvD,MAAM,MAAM,qBAAqB,GAAG;IAClC,qBAAqB,EAAE,OAAO,CAAC,OAAO,CAAA;IACtC,aAAa,CAAC,EAAE,KAAK,CAAC,QAAQ,CAAA;IAC9B,eAAe,EAAE,QAAQ,EAAE,CAAA;IAC3B,eAAe,EAAE,QAAQ,EAAE,CAAA;IAC3B,QAAQ,CAAC,EAAE,QAAQ,CAAC,QAAQ,CAAA;CAC7B,CAAA;AAED,eAAO,MAAM,4BAA4B,EAAE,qBAI1C,CAAA;AAED,qBAAa,cAAe,YAAW,aAAa;IAShD,QAAQ,CAAC,MAAM,EAAE,MAAM;IARzB,SAAgB,aAAa,EAAE,KAAK,CAAC,QAAQ,CAAA;IAC7C,SAAgB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAA;IAExC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAY;IAC7C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAY;IAC7C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAmB;gBAGnC,MAAM,EAAE,MAAM,EACvB,OAAO,CAAC,EAAE,OAAO,CAAC,qBAAqB,CAAC;IAU1C,IAAI,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,SAAS,CAAC,CAE5C;IAEK,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,SAAS,CAAC;IASlD,IAAI,QAAQ,IAAI,OAAO,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAEtD;IAEK,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC,gBAAgB,CAAC;IAY5D,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,GAAG,cAAc;IAUzD,kBAAkB,CAAC,MAAM,EAAE,QAAQ,GAAG,cAAc;IAWpD,kBAAkB,CAAC,MAAM,EAAE,QAAQ,GAAG,cAAc;IAY9C,WAAW,CACf,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,OAAO,CAAC,QAAQ,EACzB,SAAS,EAAE,GAAG,CAAC,GAAG,GACjB,OAAO,CAAC,cAAc,CAAC,4BAA4B,CAAC;IAkFjD,uBAAuB,CAC3B,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,OAAO,CAAC,QAAQ,EACzB,SAAS,EAAE,cAAc,CAAC,4BAA4B,GACrD,OAAO,CAAC,OAAO,CAAC;CAsCpB"}

package/dist/signers/session-manager.js

@@ -0,0 +1,181 @@
+import { Config, Constants, Payload, SessionConfig, SessionSignature, } from '@0xsequence/wallet-primitives';
+import { AbiFunction, Address, Hex } from 'ox';
+export const DefaultSessionManagerOptions = {
+    sessionManagerAddress: Constants.DefaultSessionManager,
+    implicitSigners: [],
+    explicitSigners: [],
+};
+export class SessionManager {
+    wallet;
+    stateProvider;
+    address;
+    _implicitSigners;
+    _explicitSigners;
+    _provider;
+    constructor(wallet, options) {
+        this.wallet = wallet;
+        const combinedOptions = { ...DefaultSessionManagerOptions, ...options };
+        this.stateProvider = combinedOptions.stateProvider ?? wallet.stateProvider;
+        this.address = combinedOptions.sessionManagerAddress;
+        this._implicitSigners = combinedOptions.implicitSigners;
+        this._explicitSigners = combinedOptions.explicitSigners;
+        this._provider = combinedOptions.provider;
+    }
+    get imageHash() {
+        return this.getImageHash();
+    }
+    async getImageHash() {
+        const { configuration } = await this.wallet.getStatus();
+        const sessionConfigLeaf = Config.findSignerLeaf(configuration, this.address);
+        if (!sessionConfigLeaf || !Config.isSapientSignerLeaf(sessionConfigLeaf)) {
+            return undefined;
+        }
+        return sessionConfigLeaf.imageHash;
+    }
+    get topology() {
+        return this.getTopology();
+    }
+    async getTopology() {
+        const imageHash = await this.imageHash;
+        if (!imageHash) {
+            throw new Error(`Session configuration not found for image hash ${imageHash}`);
+        }
+        const tree = await this.stateProvider.getTree(imageHash);
+        if (!tree) {
+            throw new Error(`Session configuration not found for image hash ${imageHash}`);
+        }
+        return SessionConfig.configurationTreeToSessionsTopology(tree);
+    }
+    withProvider(provider) {
+        return new SessionManager(this.wallet, {
+            sessionManagerAddress: this.address,
+            stateProvider: this.stateProvider,
+            implicitSigners: this._implicitSigners,
+            explicitSigners: this._explicitSigners,
+            provider,
+        });
+    }
+    withImplicitSigner(signer) {
+        const implicitSigners = [...this._implicitSigners, signer];
+        return new SessionManager(this.wallet, {
+            sessionManagerAddress: this.address,
+            stateProvider: this.stateProvider,
+            implicitSigners,
+            explicitSigners: this._explicitSigners,
+            provider: this._provider,
+        });
+    }
+    withExplicitSigner(signer) {
+        const explicitSigners = [...this._explicitSigners, signer];
+        return new SessionManager(this.wallet, {
+            sessionManagerAddress: this.address,
+            stateProvider: this.stateProvider,
+            implicitSigners: this._implicitSigners,
+            explicitSigners,
+            provider: this._provider,
+        });
+    }
+    async signSapient(wallet, chainId, payload, imageHash) {
+        if (wallet !== this.wallet.address) {
+            throw new Error('Wallet address mismatch');
+        }
+        if ((await this.imageHash) !== imageHash) {
+            throw new Error('Unexpected image hash');
+        }
+        //FIXME Test chain id
+        // if (this._provider) {
+        //   const providerChainId = await this._provider.request({
+        //     method: 'eth_chainId',
+        //   })
+        //   if (providerChainId !== Hex.fromNumber(chainId)) {
+        //     throw new Error(`Provider chain id mismatch, expected ${Hex.fromNumber(chainId)} but got ${providerChainId}`)
+        //   }
+        // }
+        if (!Payload.isCalls(payload)) {
+            throw new Error('Only calls are supported');
+        }
+        // Only use signers that match the topology
+        const topology = await this.topology;
+        const identitySigner = SessionConfig.getIdentitySigner(topology);
+        if (!identitySigner) {
+            throw new Error('Identity signer not found');
+        }
+        const blacklist = SessionConfig.getImplicitBlacklist(topology);
+        const validImplicitSigners = this._implicitSigners.filter((signer) => Address.isEqual(signer.identitySigner, identitySigner) &&
+            // Blacklist must exist for implicit signers to be used
+            blacklist &&
+            !blacklist.some((b) => Address.isEqual(b, signer.address)));
+        const topologyExplicitSigners = SessionConfig.getExplicitSigners(topology);
+        const validExplicitSigners = this._explicitSigners.filter((signer) => topologyExplicitSigners.some((s) => Address.isEqual(s, signer.address)));
+        // Try to sign with each signer, prioritizing implicit signers
+        const signers = [...validImplicitSigners, ...validExplicitSigners];
+        if (signers.length === 0) {
+            throw new Error('No signers match the topology');
+        }
+        const signatures = await Promise.all(
+        //FIXME Run sync to support cumulative rules within a payload
+        payload.calls.map(async (call) => {
+            for (const signer of signers) {
+                try {
+                    if (await signer.supportedCall(wallet, chainId, call, this._provider)) {
+                        const signature = await signer.signCall(wallet, chainId, call, payload, this._provider);
+                        return {
+                            ...signature,
+                            signer: signer.address,
+                        };
+                    }
+                }
+                catch (error) {
+                    console.error('signSapient error', error);
+                }
+            }
+            throw new Error('No signer supported');
+        }));
+        const explicitSigners = signatures
+            .filter((sig) => SessionSignature.isExplicitSessionCallSignature(sig))
+            .map((sig) => sig.signer);
+        const implicitSigners = signatures
+            .filter((sig) => SessionSignature.isImplicitSessionCallSignature(sig))
+            .map((sig) => sig.signer);
+        return {
+            type: 'sapient',
+            address: this.address,
+            data: Hex.from(SessionSignature.encodeSessionCallSignatures(signatures, topology, explicitSigners, implicitSigners)),
+        };
+    }
+    async isValidSapientSignature(wallet, chainId, payload, signature) {
+        if (!Payload.isCalls(payload)) {
+            // Only calls are supported
+            return false;
+        }
+        if (!this._provider) {
+            throw new Error('Provider not set');
+        }
+        //FIXME Test chain id
+        // const providerChainId = await this._provider.request({
+        //   method: 'eth_chainId',
+        // })
+        // if (providerChainId !== Hex.fromNumber(chainId)) {
+        //   throw new Error(
+        //     `Provider chain id mismatch, expected ${Hex.fromNumber(chainId)} but got ${providerChainId}`,
+        //   )
+        // }
+        const encodedPayload = Payload.encodeSapient(chainId, payload);
+        const encodedCallData = AbiFunction.encodeData(Constants.RECOVER_SAPIENT_SIGNATURE, [
+            encodedPayload,
+            signature.data,
+        ]);
+        try {
+            const recoverSapientSignatureResult = await this._provider.request({
+                method: 'eth_call',
+                params: [{ from: wallet, to: this.address, data: encodedCallData }],
+            });
+            const resultImageHash = Hex.from(AbiFunction.decodeResult(Constants.RECOVER_SAPIENT_SIGNATURE, recoverSapientSignatureResult));
+            return resultImageHash === (await this.imageHash);
+        }
+        catch (error) {
+            console.error('recoverSapientSignature error', error);
+            return false;
+        }
+    }
+}

package/dist/state/cached.d.ts

@@ -0,0 +1,59 @@
+import { Address, Hex } from 'ox';
+import { MaybePromise, Provider } from './index.js';
+import { Config, Context, GenericTree, Payload, Signature } from '@0xsequence/wallet-primitives';
+export declare class Cached implements Provider {
+    private readonly args;
+    constructor(args: {
+        readonly source: Provider;
+        readonly cache: Provider;
+    });
+    getConfiguration(imageHash: Hex.Hex): Promise<Config.Config | undefined>;
+    getDeploy(wallet: Address.Address): Promise<{
+        imageHash: Hex.Hex;
+        context: Context.Context;
+    } | undefined>;
+    getWallets(signer: Address.Address): Promise<{
+        [wallet: Address.Address]: {
+            chainId: bigint;
+            payload: Payload.Parented;
+            signature: Signature.SignatureOfSignerLeaf;
+        };
+    }>;
+    getWalletsForSapient(signer: Address.Address, imageHash: Hex.Hex): Promise<{
+        [wallet: Address.Address]: {
+            chainId: bigint;
+            payload: Payload.Parented;
+            signature: Signature.SignatureOfSapientSignerLeaf;
+        };
+    }>;
+    getWitnessFor(wallet: Address.Address, signer: Address.Address): Promise<{
+        chainId: bigint;
+        payload: Payload.Parented;
+        signature: Signature.SignatureOfSignerLeaf;
+    } | undefined>;
+    getWitnessForSapient(wallet: Address.Address, signer: Address.Address, imageHash: Hex.Hex): Promise<{
+        chainId: bigint;
+        payload: Payload.Parented;
+        signature: Signature.SignatureOfSapientSignerLeaf;
+    } | undefined>;
+    getConfigurationUpdates(wallet: Address.Address, fromImageHash: Hex.Hex, options?: {
+        allUpdates?: boolean;
+    }): Promise<Array<{
+        imageHash: Hex.Hex;
+        signature: Signature.RawSignature;
+    }>>;
+    getTree(rootHash: Hex.Hex): Promise<GenericTree.Tree | undefined>;
+    saveWallet(deployConfiguration: Config.Config, context: Context.Context): MaybePromise<void>;
+    saveWitnesses(wallet: Address.Address, chainId: bigint, payload: Payload.Parented, signatures: Signature.RawTopology): MaybePromise<void>;
+    saveUpdate(wallet: Address.Address, configuration: Config.Config, signature: Signature.RawSignature): MaybePromise<void>;
+    saveTree(tree: GenericTree.Tree): MaybePromise<void>;
+    saveConfiguration(config: Config.Config): MaybePromise<void>;
+    saveDeploy(imageHash: Hex.Hex, context: Context.Context): MaybePromise<void>;
+    getPayload(opHash: Hex.Hex): Promise<{
+        chainId: bigint;
+        payload: Payload.Parented;
+        wallet: Address.Address;
+    } | undefined>;
+    savePayload(wallet: Address.Address, payload: Payload.Parented, chainId: bigint): MaybePromise<void>;
+}
+//# sourceMappingURL=cached.d.ts.map

package/dist/state/cached.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cached.d.ts","sourceRoot":"","sources":["../../src/state/cached.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,IAAI,CAAA;AACjC,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AACnD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,+BAA+B,CAAA;AAEhG,qBAAa,MAAO,YAAW,QAAQ;IAEnC,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE;QACrB,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAA;QACzB,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAA;KACzB;IAGG,gBAAgB,CAAC,SAAS,EAAE,GAAG,CAAC,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC;IAcxE,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;QAAE,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAA;KAAE,GAAG,SAAS,CAAC;IAYzG,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;QACjD,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,GAAG;YACzB,OAAO,EAAE,MAAM,CAAA;YACf,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAA;YACzB,SAAS,EAAE,SAAS,CAAC,qBAAqB,CAAA;SAC3C,CAAA;KACF,CAAC;IA8BI,oBAAoB,CACxB,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,SAAS,EAAE,GAAG,CAAC,GAAG,GACjB,OAAO,CAAC;QACT,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,GAAG;YACzB,OAAO,EAAE,MAAM,CAAA;YACf,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAA;YACzB,SAAS,EAAE,SAAS,CAAC,4BAA4B,CAAA;SAClD,CAAA;KACF,CAAC;IA4BI,aAAa,CACjB,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,MAAM,EAAE,OAAO,CAAC,OAAO,GACtB,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC;QAAC,SAAS,EAAE,SAAS,CAAC,qBAAqB,CAAA;KAAE,GAAG,SAAS,CAAC;IAkB5G,oBAAoB,CACxB,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,SAAS,EAAE,GAAG,CAAC,GAAG,GACjB,OAAO,CACR;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC;QAAC,SAAS,EAAE,SAAS,CAAC,4BAA4B,CAAA;KAAE,GAAG,SAAS,CAC9G;IAgBK,uBAAuB,CAC3B,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,aAAa,EAAE,GAAG,CAAC,GAAG,EACtB,OAAO,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,OAAO,CAAA;KAAE,GACjC,OAAO,CAAC,KAAK,CAAC;QAAE,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC;QAAC,SAAS,EAAE,SAAS,CAAC,YAAY,CAAA;KAAE,CAAC,CAAC;IAKtE,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,GAAG,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,GAAG,SAAS,CAAC;IAavE,UAAU,CAAC,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC;IAI5F,aAAa,CACX,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,OAAO,CAAC,QAAQ,EACzB,UAAU,EAAE,SAAS,CAAC,WAAW,GAChC,YAAY,CAAC,IAAI,CAAC;IAIrB,UAAU,CACR,MAAM,EAAE,OAAO,CAAC,OAAO,EACvB,aAAa,EAAE,MAAM,CAAC,MAAM,EAC5B,SAAS,EAAE,SAAS,CAAC,YAAY,GAChC,YAAY,CAAC,IAAI,CAAC;IAIrB,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC;IAIpD,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC;IAI5D,UAAU,CAAC,SAAS,EAAE,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC;IAItE,UAAU,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,OAAO,CACtC;QACE,OAAO,EAAE,MAAM,CAAA;QACf,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAA;QACzB,MAAM,EAAE,OAAO,CAAC,OAAO,CAAA;KACxB,GACD,SAAS,CACZ;IAaD,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC;CAGrG"}