npm - @0xsequence/wallet-core - Versions diffs - 3.0.0-beta.9 → 3.0.1 - Mend

@0xsequence/wallet-core 3.0.0-beta.9 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/.turbo/turbo-build.log +2 -2
package/.turbo/turbo-lint.log +4 -0
package/.turbo/turbo-test.log +290 -0
package/.turbo/turbo-typecheck.log +4 -0
package/CHANGELOG.md +158 -0
package/dist/bundler/bundlers/pimlico.d.ts +3 -2
package/dist/bundler/bundlers/pimlico.d.ts.map +1 -1
package/dist/bundler/bundlers/pimlico.js +9 -3
package/dist/env.d.ts +22 -0
package/dist/env.d.ts.map +1 -0
package/dist/env.js +42 -0
package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +1 -0
package/dist/signers/index.d.ts +1 -1
package/dist/signers/passkey.d.ts +11 -3
package/dist/signers/passkey.d.ts.map +1 -1
package/dist/signers/passkey.js +12 -6
package/dist/signers/pk/encrypted.d.ts +13 -2
package/dist/signers/pk/encrypted.d.ts.map +1 -1
package/dist/signers/pk/encrypted.js +94 -15
package/dist/signers/pk/index.d.ts +1 -1
package/dist/signers/session/explicit.d.ts.map +1 -1
package/dist/signers/session/explicit.js +5 -8
package/dist/signers/session/implicit.d.ts.map +1 -1
package/dist/signers/session/implicit.js +1 -1
package/dist/signers/session/session.d.ts +1 -0
package/dist/signers/session/session.d.ts.map +1 -1
package/dist/signers/session/session.js +7 -0
package/dist/signers/session-manager.d.ts +4 -0
package/dist/signers/session-manager.d.ts.map +1 -1
package/dist/signers/session-manager.js +65 -22
package/dist/state/local/index.d.ts.map +1 -1
package/dist/state/local/index.js +3 -2
package/dist/state/local/indexed-db.d.ts +4 -1
package/dist/state/local/indexed-db.d.ts.map +1 -1
package/dist/state/local/indexed-db.js +12 -2
package/dist/state/remote/dev-http.d.ts +2 -1
package/dist/state/remote/dev-http.d.ts.map +1 -1
package/dist/state/remote/dev-http.js +11 -5
package/dist/state/sequence/index.d.ts +2 -1
package/dist/state/sequence/index.d.ts.map +1 -1
package/dist/state/sequence/index.js +14 -5
package/dist/wallet.js +2 -2
package/eslint.config.js +12 -0
package/package.json +12 -10
package/src/bundler/bundlers/pimlico.ts +10 -4
package/src/env.ts +68 -0
package/src/index.ts +1 -0
package/src/signers/index.ts +1 -1
package/src/signers/passkey.ts +21 -5
package/src/signers/pk/encrypted.ts +103 -14
package/src/signers/pk/index.ts +1 -1
package/src/signers/session/explicit.ts +5 -20
package/src/signers/session/implicit.ts +1 -2
package/src/signers/session/session.ts +10 -2
package/src/signers/session-manager.ts +82 -25
package/src/state/local/index.ts +4 -2
package/src/state/local/indexed-db.ts +15 -2
package/src/state/remote/dev-http.ts +11 -5
package/src/state/sequence/index.ts +15 -6
package/src/wallet.ts +2 -2
package/test/constants.ts +4 -0
package/test/envelope.test.ts +0 -1
package/test/session-manager.test.ts +345 -3
package/test/signers-pk.test.ts +1 -1
package/test/signers-session-implicit.test.ts +0 -2
package/test/state/debug.test.ts +2 -3

package/test/session-manager.test.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { Extensions } from '@0xsequence/wallet-primitives'
+import { Constants, Extensions } from '@0xsequence/wallet-primitives'
 import { AbiEvent, AbiFunction, Address, Bytes, Hex, Provider, RpcTransport, Secp256k1 } from 'ox'
 import { describe, expect, it } from 'vitest'
 import { Attestation, GenericTree, Payload, Permission, SessionConfig } from '../../primitives/src/index.js'
@@ -731,7 +731,7 @@ for (const extension of ALL_EXTENSIONS) {
     )
     it(
-      'signs a payload using an explicit session',
+      'signs a payload using an explicit session with allowAll and value limit',
       async () => {
         const provider = Provider.from(RpcTransport.fromHttp(LOCAL_RPC_URL))
         const chainId = Number(await provider.request({ method: 'eth_chainId' }))
@@ -804,7 +804,7 @@ for (const extension of ALL_EXTENSIONS) {
     )
     it(
-      'signs a payload using an explicit session',
+      'signs using explicit session with onlyOnce, consumes usage and rejects second call',
       async () => {
         const provider = Provider.from(RpcTransport.fromHttp(LOCAL_RPC_URL))
         const chainId = Number(await provider.request({ method: 'eth_chainId' }))
@@ -1357,5 +1357,347 @@ for (const extension of ALL_EXTENSIONS) {
       },
       timeout,
     )
+    it(
+      'two explicit sessions with same value limit: exhaust first then second send uses second session (increment from non-increment calls only)',
+      async () => {
+        const provider = Provider.from(RpcTransport.fromHttp(LOCAL_RPC_URL))
+        const chainId = Number(await provider.request({ method: 'eth_chainId' }))
+        const identityPrivateKey = Secp256k1.randomPrivateKey()
+        const identityAddress = Address.fromPublicKey(Secp256k1.getPublicKey({ privateKey: identityPrivateKey }))
+        const stateProvider = new State.Local.Provider()
+        const targetAddress = randomAddress()
+        const valueLimit = 500000000000000000n // 0.5 ETH per session
+        const sessionPermission: ExplicitSessionConfig = {
+          chainId,
+          valueLimit,
+          deadline: BigInt(Math.floor(Date.now() / 1000) + 3600),
+          permissions: [PermissionBuilder.for(targetAddress).allowAll().build()],
+        }
+        const explicitPrivateKey1 = Secp256k1.randomPrivateKey()
+        const explicitSigner1 = new Signers.Session.Explicit(explicitPrivateKey1, {
+          ...sessionPermission,
+        })
+        const explicitPrivateKey2 = Secp256k1.randomPrivateKey()
+        const explicitSigner2 = new Signers.Session.Explicit(explicitPrivateKey2, {
+          ...sessionPermission,
+        })
+        let sessionTopology = SessionConfig.addExplicitSession(SessionConfig.emptySessionsTopology(identityAddress), {
+          ...sessionPermission,
+          signer: explicitSigner1.address,
+        })
+        sessionTopology = SessionConfig.addExplicitSession(sessionTopology, {
+          ...sessionPermission,
+          signer: explicitSigner2.address,
+        })
+        await stateProvider.saveTree(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+        const imageHash = GenericTree.hash(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+        const wallet = await Wallet.fromConfiguration(
+          {
+            threshold: 1n,
+            checkpoint: 0n,
+            topology: [{ type: 'sapient-signer', address: extension.sessions, weight: 1n, imageHash }, Hex.random(32)],
+          },
+          { stateProvider },
+        )
+        // Fund wallet with 2 ETH so we can send 0.5 ETH twice (each tx needs value + gas)
+        await provider.request({
+          method: 'anvil_setBalance',
+          params: [wallet.address, Hex.fromNumber(2n * 1000000000000000000n)],
+        })
+        const sessionManager = new Signers.SessionManager(wallet, {
+          provider,
+          sessionManagerAddress: extension.sessions,
+          explicitSigners: [explicitSigner1, explicitSigner2],
+        })
+        const call: Payload.Call = {
+          to: targetAddress,
+          value: valueLimit, // one full limit
+          data: '0x' as Hex.Hex,
+          gasLimit: 0n,
+          delegateCall: false,
+          onlyFallback: false,
+          behaviorOnError: 'revert',
+        }
+        // First send: uses first session (exhausts it)
+        const increment1 = await sessionManager.prepareIncrement(wallet.address, chainId, [call])
+        expect(increment1).not.toBeNull()
+        const calls1 = includeIncrement([call], increment1!, extension.sessions)
+        const tx1 = await buildAndSignCall(wallet, sessionManager, calls1, provider, chainId)
+        await simulateTransaction(provider, tx1)
+        // Second send: same call. First session is exhausted so findSignersForCalls picks second session.
+        // Payload is [call, increment] (or [increment, call]). signSapient must derive expectedIncrement
+        // from non-increment calls only so it matches the increment we built for the second session.
+        const increment2 = await sessionManager.prepareIncrement(wallet.address, chainId, [call])
+        expect(increment2).not.toBeNull()
+        const calls2 = includeIncrement([call], increment2!, extension.sessions)
+        const tx2 = await buildAndSignCall(wallet, sessionManager, calls2, provider, chainId)
+        await simulateTransaction(provider, tx2)
+      },
+      timeout,
+    )
+    describe('increment built from non-increment calls only', () => {
+      it(
+        'prepareIncrement returns null when calls contain only an increment call (no non-increment calls)',
+        async () => {
+          const provider = Provider.from(RpcTransport.fromHttp(LOCAL_RPC_URL))
+          const chainId = Number(await provider.request({ method: 'eth_chainId' }))
+          const identityPrivateKey = Secp256k1.randomPrivateKey()
+          const identityAddress = Address.fromPublicKey(Secp256k1.getPublicKey({ privateKey: identityPrivateKey }))
+          const stateProvider = new State.Local.Provider()
+          const sessionPermission: ExplicitSessionConfig = {
+            chainId,
+            valueLimit: 0n,
+            deadline: BigInt(Math.floor(Date.now() / 1000) + 3600),
+            permissions: [PermissionBuilder.for(EMITTER_ADDRESS1).allowAll().build()],
+          }
+          const explicitSigner = new Signers.Session.Explicit(Secp256k1.randomPrivateKey(), sessionPermission)
+          const sessionTopology = SessionConfig.addExplicitSession(
+            SessionConfig.emptySessionsTopology(identityAddress),
+            {
+              ...sessionPermission,
+              signer: explicitSigner.address,
+            },
+          )
+          await stateProvider.saveTree(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+          const imageHash = GenericTree.hash(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+          const wallet = await Wallet.fromConfiguration(
+            {
+              threshold: 1n,
+              checkpoint: 0n,
+              topology: [
+                { type: 'sapient-signer', address: extension.sessions, weight: 1n, imageHash },
+                Hex.random(32),
+              ],
+            },
+            { stateProvider },
+          )
+          const sessionManager = new Signers.SessionManager(wallet, {
+            provider,
+            sessionManagerAddress: extension.sessions,
+            explicitSigners: [explicitSigner],
+          })
+          // Only an increment call (no non-increment calls). Contract would reject payload with only self-call; we return null.
+          const incrementOnlyCall: Payload.Call = {
+            to: extension.sessions,
+            data: AbiFunction.encodeData(Constants.INCREMENT_USAGE_LIMIT, [[]]),
+            value: 0n,
+            gasLimit: 0n,
+            delegateCall: false,
+            onlyFallback: false,
+            behaviorOnError: 'revert',
+          }
+          const result = await sessionManager.prepareIncrement(wallet.address, chainId, [incrementOnlyCall])
+          expect(result).toBeNull()
+        },
+        timeout,
+      )
+      it(
+        'prepareIncrement([increment, nonIncrementCall]) produces same increment data as prepareIncrement([nonIncrementCall])',
+        async () => {
+          const provider = Provider.from(RpcTransport.fromHttp(LOCAL_RPC_URL))
+          const chainId = Number(await provider.request({ method: 'eth_chainId' }))
+          const identityPrivateKey = Secp256k1.randomPrivateKey()
+          const identityAddress = Address.fromPublicKey(Secp256k1.getPublicKey({ privateKey: identityPrivateKey }))
+          const stateProvider = new State.Local.Provider()
+          const sessionPermission: ExplicitSessionConfig = {
+            chainId,
+            valueLimit: 0n,
+            deadline: BigInt(Math.floor(Date.now() / 1000) + 3600),
+            permissions: [PermissionBuilder.for(EMITTER_ADDRESS1).forFunction(EMITTER_FUNCTIONS[0]).onlyOnce().build()],
+          }
+          const explicitSigner = new Signers.Session.Explicit(Secp256k1.randomPrivateKey(), sessionPermission)
+          const sessionTopology = SessionConfig.addExplicitSession(
+            SessionConfig.emptySessionsTopology(identityAddress),
+            {
+              ...sessionPermission,
+              signer: explicitSigner.address,
+            },
+          )
+          await stateProvider.saveTree(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+          const imageHash = GenericTree.hash(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+          const wallet = await Wallet.fromConfiguration(
+            {
+              threshold: 1n,
+              checkpoint: 0n,
+              topology: [
+                { type: 'sapient-signer', address: extension.sessions, weight: 1n, imageHash },
+                Hex.random(32),
+              ],
+            },
+            { stateProvider },
+          )
+          const sessionManager = new Signers.SessionManager(wallet, {
+            provider,
+            sessionManagerAddress: extension.sessions,
+            explicitSigners: [explicitSigner],
+          })
+          const nonIncrementCall: Payload.Call = {
+            to: EMITTER_ADDRESS1,
+            value: 0n,
+            data: AbiFunction.encodeData(EMITTER_FUNCTIONS[0]),
+            gasLimit: 0n,
+            delegateCall: false,
+            onlyFallback: false,
+            behaviorOnError: 'revert',
+          }
+          const fromNonIncrementOnly = await sessionManager.prepareIncrement(wallet.address, chainId, [
+            nonIncrementCall,
+          ])
+          expect(fromNonIncrementOnly).not.toBeNull()
+          // Pass [staleIncrement, nonIncrementCall] — increment is ignored when building; result should match
+          const withStaleIncrement = await sessionManager.prepareIncrement(wallet.address, chainId, [
+            fromNonIncrementOnly!,
+            nonIncrementCall,
+          ])
+          expect(withStaleIncrement).not.toBeNull()
+          expect(withStaleIncrement!.data).toEqual(fromNonIncrementOnly!.data)
+        },
+        timeout,
+      )
+      it(
+        'payload with implicit and explicit: increment built only from explicit non-increment call',
+        async () => {
+          const provider = Provider.from(RpcTransport.fromHttp(LOCAL_RPC_URL))
+          const chainId = Number(await provider.request({ method: 'eth_chainId' }))
+          const identityPrivateKey = Secp256k1.randomPrivateKey()
+          const identityAddress = Address.fromPublicKey(Secp256k1.getPublicKey({ privateKey: identityPrivateKey }))
+          const stateProvider = new State.Local.Provider()
+          const redirectUrl = 'https://example.com'
+          const implicitSigner = await createImplicitSigner(redirectUrl, identityPrivateKey)
+          const sessionPermission: ExplicitSessionConfig = {
+            chainId,
+            valueLimit: 0n,
+            deadline: BigInt(Math.floor(Date.now() / 1000) + 3600),
+            permissions: [PermissionBuilder.for(EMITTER_ADDRESS1).forFunction(EMITTER_FUNCTIONS[0]).onlyOnce().build()],
+          }
+          const explicitSigner = new Signers.Session.Explicit(Secp256k1.randomPrivateKey(), sessionPermission)
+          // Topology: identity + blacklist (implicit) + explicit session
+          let sessionTopology = SessionConfig.emptySessionsTopology(identityAddress)
+          sessionTopology = SessionConfig.addExplicitSession(sessionTopology, {
+            ...sessionPermission,
+            signer: explicitSigner.address,
+          })
+          await stateProvider.saveTree(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+          const imageHash = GenericTree.hash(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+          const wallet = await Wallet.fromConfiguration(
+            {
+              threshold: 1n,
+              checkpoint: 0n,
+              topology: [
+                { type: 'sapient-signer', address: extension.sessions, weight: 1n, imageHash },
+                Hex.random(32),
+              ],
+            },
+            { stateProvider },
+          )
+          const sessionManager = new Signers.SessionManager(wallet, {
+            provider,
+            sessionManagerAddress: extension.sessions,
+            implicitSigners: [implicitSigner],
+            explicitSigners: [explicitSigner],
+          })
+          // Explicit call only (onlyOnce produces an increment; implicit does not match this target)
+          const call: Payload.Call = {
+            to: EMITTER_ADDRESS1,
+            value: 0n,
+            data: AbiFunction.encodeData(EMITTER_FUNCTIONS[0]),
+            gasLimit: 0n,
+            delegateCall: false,
+            onlyFallback: false,
+            behaviorOnError: 'revert',
+          }
+          const increment = await sessionManager.prepareIncrement(wallet.address, chainId, [call])
+          expect(increment).not.toBeNull()
+          const calls = includeIncrement([call], increment!, extension.sessions)
+          const transaction = await buildAndSignCall(wallet, sessionManager, calls, provider, chainId)
+          await simulateTransaction(provider, transaction, EMITTER_EVENT_TOPICS[0])
+        },
+        timeout,
+      )
+      it('signSapient handles selector-only self increment call consistently', async () => {
+        const identityPrivateKey = Secp256k1.randomPrivateKey()
+        const identityAddress = Address.fromPublicKey(Secp256k1.getPublicKey({ privateKey: identityPrivateKey }))
+        const stateProvider = new State.Local.Provider()
+        const explicitSigner = new Signers.Session.Explicit(Secp256k1.randomPrivateKey(), {
+          chainId: 0,
+          valueLimit: 0n,
+          deadline: BigInt(Math.floor(Date.now() / 1000) + 3600),
+          permissions: [PermissionBuilder.for(EMITTER_ADDRESS1).allowAll().build()],
+        })
+        const sessionTopology = SessionConfig.addExplicitSession(SessionConfig.emptySessionsTopology(identityAddress), {
+          ...explicitSigner.sessionPermissions,
+          signer: explicitSigner.address,
+        })
+        await stateProvider.saveTree(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+        const imageHash = GenericTree.hash(SessionConfig.sessionsTopologyToConfigurationTree(sessionTopology))
+        const wallet = await Wallet.fromConfiguration(
+          {
+            threshold: 1n,
+            checkpoint: 0n,
+            topology: [{ type: 'sapient-signer', address: extension.sessions, weight: 1n, imageHash }, Hex.random(32)],
+          },
+          { stateProvider },
+        )
+        const sessionManager = new Signers.SessionManager(wallet, {
+          sessionManagerAddress: extension.sessions,
+          explicitSigners: [explicitSigner],
+        })
+        const payload: Payload.Parented = {
+          type: 'call',
+          nonce: 0n,
+          space: 0n,
+          calls: [
+            {
+              to: extension.sessions,
+              data: AbiFunction.getSelector(Constants.INCREMENT_USAGE_LIMIT),
+              value: 0n,
+              gasLimit: 0n,
+              delegateCall: false,
+              onlyFallback: false,
+              behaviorOnError: 'revert',
+            },
+          ],
+          parentWallets: [wallet.address],
+        }
+        const signature = await sessionManager.signSapient(wallet.address, 0, payload, imageHash)
+        expect(signature.type).toBe('sapient')
+      })
+    })
   })
 }

package/test/signers-pk.test.ts CHANGED Viewed

@@ -143,7 +143,7 @@ describe('Private Key Signers', () => {
         await pk.witness(mockStateWriter, testWallet)
         expect(mockStateWriter.saveWitnesses).toHaveBeenCalledTimes(1)
-        const [wallet, chainId, payload, witness] = vi.mocked(mockStateWriter.saveWitnesses).mock.calls[0]
+        const [wallet, chainId, _payload, witness] = vi.mocked(mockStateWriter.saveWitnesses).mock.calls[0]
         expect(wallet).toBe(testWallet)
         expect(chainId).toBe(0)

package/test/signers-session-implicit.test.ts CHANGED Viewed

@@ -236,7 +236,6 @@ describe('Implicit Session', () => {
         },
       }
       const identitySignature = createValidIdentitySignature(attestation)
-      const topology = createValidTopology()
       // This should throw an error during construction due to future issued time
       expect(() => {
@@ -250,7 +249,6 @@ describe('Implicit Session', () => {
         approvedSigner: randomAddress(), // Different approved signer
       }
       const identitySignature = createValidIdentitySignature(attestation)
-      const topology = createValidTopology()
       // This should throw an error during construction due to mismatched approved signer
       expect(() => {

package/test/state/debug.test.ts CHANGED Viewed

@@ -5,7 +5,6 @@ import { multiplex } from '../../src/state/debug.js'
 // Test data
 const TEST_ADDRESS = Address.from('0x1234567890123456789012345678901234567890')
-const TEST_HEX = Hex.from('0xabcdef123456')
 const TEST_UINT8ARRAY = new Uint8Array([171, 205, 239, 18, 52, 86])
 describe('State Debug', () => {
@@ -241,13 +240,13 @@ describe('State Debug', () => {
       }
       const complexRef: ComplexInterface = {
-        async complexMethod(data) {
+        async complexMethod() {
           return 'complex-ref'
         },
       }
       const complexCand: ComplexInterface = {
-        async complexMethod(data) {
+        async complexMethod() {
           return 'complex-cand'
         },
       }