@0xsequence/wallet-wdk 0.0.0-20250520201059

package/dist/sequence/messages.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"messages.d.ts","sourceRoot":"","sources":["../../src/sequence/messages.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAsC,MAAM,IAAI,CAAA;AAEhE,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,OAAO,EAAE,cAAc,EAAmC,MAAM,4BAA4B,CAAA;AAErG,qBAAa,QAAQ;IACP,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE9B,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAI1B,GAAG,CAAC,oBAAoB,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;YAIlD,yBAAyB;IASjC,OAAO,CACX,IAAI,EAAE,OAAO,CAAC,OAAO,EACrB,OAAO,EAAE,cAAc,EACvB,OAAO,CAAC,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAA;KAChB,GACA,OAAO,CAAC,MAAM,CAAC;IAyBZ,QAAQ,CAAC,oBAAoB,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAqD7D,gBAAgB,CAAC,EAAE,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE,OAAO,CAAC,EAAE,OAAO;IAYrE,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,EAAE,OAAO,CAAC,EAAE,OAAO;IAY9E,MAAM,CAAC,oBAAoB,EAAE,MAAM;CAS1C"}

package/dist/sequence/messages.js

@@ -0,0 +1,115 @@
+import { Envelope, Wallet } from '@0xsequence/wallet-core';
+import { Payload } from '@0xsequence/wallet-primitives';
+import { Hex, Provider, RpcTransport } from 'ox';
+import { v7 as uuidv7 } from 'uuid';
+export class Messages {
+    shared;
+    constructor(shared) {
+        this.shared = shared;
+    }
+    async list() {
+        return this.shared.databases.messages.list();
+    }
+    async get(messageOrSignatureId) {
+        return this.getByMessageOrSignatureId(messageOrSignatureId);
+    }
+    async getByMessageOrSignatureId(messageOrSignatureId) {
+        const messages = await this.list();
+        const message = messages.find((m) => m.id === messageOrSignatureId || m.signatureId === messageOrSignatureId);
+        if (!message) {
+            throw new Error(`Message ${messageOrSignatureId} not found`);
+        }
+        return message;
+    }
+    async request(from, message, chainId, options) {
+        const wallet = new Wallet(from, { stateProvider: this.shared.sequence.stateProvider });
+        // Prepare message payload
+        const envelope = await wallet.prepareMessageSignature(message, chainId ?? 0n);
+        // Prepare signature request
+        const signatureRequest = await this.shared.modules.signatures.request(envelope, 'sign-message', {
+            origin: options?.source,
+        });
+        const id = uuidv7();
+        await this.shared.databases.messages.set({
+            id,
+            wallet: from,
+            message,
+            envelope,
+            source: options?.source ?? 'unknown',
+            status: 'requested',
+            signatureId: signatureRequest,
+        });
+        return signatureRequest;
+    }
+    async complete(messageOrSignatureId) {
+        const message = await this.getByMessageOrSignatureId(messageOrSignatureId);
+        if (message.status === 'signed') {
+            // Return the message signature
+            return message.messageSignature;
+        }
+        const messageId = message.id;
+        const signature = await this.shared.modules.signatures.get(message.signatureId);
+        if (!signature) {
+            throw new Error(`Signature ${message.signatureId} not found for message ${messageId}`);
+        }
+        if (!Payload.isMessage(message.envelope.payload) || !Payload.isMessage(signature.envelope.payload)) {
+            throw new Error(`Message ${messageId} is not a message payload`);
+        }
+        if (!Envelope.isSigned(signature.envelope)) {
+            throw new Error(`Message ${messageId} is not signed`);
+        }
+        const signatureEnvelope = signature.envelope;
+        const { weight, threshold } = Envelope.weightOf(signatureEnvelope);
+        if (weight < threshold) {
+            throw new Error(`Message ${messageId} has insufficient weight`);
+        }
+        // Get the provider for the message chain
+        let provider;
+        if (message.envelope.chainId !== 0n) {
+            const network = this.shared.sequence.networks.find((network) => network.chainId === message.envelope.chainId);
+            if (!network) {
+                throw new Error(`Network not found for ${message.envelope.chainId}`);
+            }
+            const transport = RpcTransport.fromHttp(network.rpc);
+            provider = Provider.from(transport);
+        }
+        const wallet = new Wallet(message.wallet, { stateProvider: this.shared.sequence.stateProvider });
+        const messageSignature = Hex.from(await wallet.buildMessageSignature(signatureEnvelope, provider));
+        await this.shared.databases.messages.set({
+            ...message,
+            envelope: signature.envelope,
+            status: 'signed',
+            messageSignature,
+        });
+        await this.shared.modules.signatures.complete(signature.id);
+        return messageSignature;
+    }
+    onMessagesUpdate(cb, trigger) {
+        const undo = this.shared.databases.messages.addListener(() => {
+            this.list().then((l) => cb(l));
+        });
+        if (trigger) {
+            this.list().then((l) => cb(l));
+        }
+        return undo;
+    }
+    onMessageUpdate(messageId, cb, trigger) {
+        const undo = this.shared.databases.messages.addListener(() => {
+            this.get(messageId).then((t) => cb(t));
+        });
+        if (trigger) {
+            this.get(messageId).then((t) => cb(t));
+        }
+        return undo;
+    }
+    async delete(messageOrSignatureId) {
+        try {
+            const message = await this.getByMessageOrSignatureId(messageOrSignatureId);
+            await this.shared.databases.signatures.del(message.signatureId);
+            await this.shared.databases.messages.del(message.id);
+        }
+        catch (error) {
+            // Ignore
+        }
+    }
+}

package/dist/sequence/recovery.d.ts

@@ -0,0 +1,30 @@
+import { Config, Payload } from '@0xsequence/wallet-primitives';
+import { Shared } from './manager.js';
+import { Address, Hex } from 'ox';
+import { RecoverySigner } from './types/signer.js';
+import { QueuedRecoveryPayload } from './types/recovery.js';
+export declare class Recovery {
+    private readonly shared;
+    constructor(shared: Shared);
+    initialize(): void;
+    private updateRecoveryModule;
+    initRecoveryModule(modules: Config.SapientSignerLeaf[], address: Address.Address): Promise<void>;
+    hasRecoveryModule(modules: Config.SapientSignerLeaf[]): boolean;
+    addRecoverySignerToModules(modules: Config.SapientSignerLeaf[], address: Address.Address): Promise<void>;
+    removeRecoverySignerFromModules(modules: Config.SapientSignerLeaf[], address: Address.Address): Promise<void>;
+    addRecoveryMnemonic(wallet: Address.Address, mnemonic: string): Promise<string>;
+    addRecoverySigner(wallet: Address.Address, address: Address.Address): Promise<string>;
+    removeRecoverySigner(wallet: Address.Address, address: Address.Address): Promise<string>;
+    completeRecoveryUpdate(requestId: string): Promise<void>;
+    getRecoverySigners(address: Address.Address): Promise<RecoverySigner[] | undefined>;
+    queueRecoveryPayload(wallet: Address.Address, chainId: bigint, payload: Payload.Calls): Promise<string>;
+    completeRecoveryPayload(requestId: string): Promise<{
+        to: Address.Address;
+        data: Hex.Hex;
+    }>;
+    getQueuedRecoveryPayloads(wallet?: Address.Address): Promise<QueuedRecoveryPayload[]>;
+    onQueuedRecoveryPayloadsUpdate(wallet: Address.Address | undefined, cb: (payloads: QueuedRecoveryPayload[]) => void, trigger?: boolean): () => void;
+    updateQueuedRecoveryPayloads(): Promise<void>;
+    encodeRecoverySignature(imageHash: Hex.Hex, signer: Address.Address): Promise<import("ox/Bytes").Bytes>;
+}
+//# sourceMappingURL=recovery.d.ts.map

package/dist/sequence/recovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"recovery.d.ts","sourceRoot":"","sources":["../../src/sequence/recovery.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAA2B,OAAO,EAAE,MAAM,+BAA+B,CAAA;AACxF,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,OAAO,EAAE,GAAG,EAA0B,MAAM,IAAI,CAAA;AACzD,OAAO,EAAS,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAEzD,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAA;AAI3D,qBAAa,QAAQ;IACP,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C,UAAU;YAYI,oBAAoB;IAoCrB,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO;IA2B7F,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,iBAAiB,EAAE,GAAG,OAAO;IAIzD,0BAA0B,CAAC,OAAO,EAAE,MAAM,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO;IAwBxF,+BAA+B,CAAC,OAAO,EAAE,MAAM,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO;IAsB7F,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM;IAc7D,iBAAiB,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO;IAanE,oBAAoB,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO;IAWtE,sBAAsB,CAAC,SAAS,EAAE,MAAM;IASxC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,cAAc,EAAE,GAAG,SAAS,CAAC;IAkCnF,oBAAoB,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,KAAK;IAuCrF,uBAAuB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC;QAAC,IAAI,EAAE,GAAG,CAAC,GAAG,CAAA;KAAE,CAAC;IAsC3F,yBAAyB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC;IAS3F,8BAA8B,CAC5B,MAAM,EAAE,OAAO,CAAC,OAAO,GAAG,SAAS,EACnC,EAAE,EAAE,CAAC,QAAQ,EAAE,qBAAqB,EAAE,KAAK,IAAI,EAC/C,OAAO,CAAC,EAAE,OAAO;IAWb,4BAA4B,IAAI,OAAO,CAAC,IAAI,CAAC;IA8F7C,uBAAuB,CAAC,SAAS,EAAE,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,OAAO;CAgB1E"}

package/dist/sequence/recovery.js

@@ -0,0 +1,314 @@
+import { Config, Extensions, GenericTree, Payload } from '@0xsequence/wallet-primitives';
+import { Address, Provider, RpcTransport } from 'ox';
+import { Kinds } from './types/signer.js';
+import { Envelope } from '@0xsequence/wallet-core';
+import { Actions } from './types/index.js';
+import { MnemonicHandler } from './handlers/mnemonic.js';
+export class Recovery {
+    shared;
+    constructor(shared) {
+        this.shared = shared;
+    }
+    initialize() {
+        this.shared.modules.cron.registerJob('update-queued-recovery-payloads', 5 * 60 * 1000, // 5 minutes
+        async () => {
+            this.shared.modules.logger.log('Running job: update-queued-recovery-payloads');
+            await this.updateQueuedRecoveryPayloads();
+        });
+        this.shared.modules.logger.log('Recovery module initialized and job registered.');
+    }
+    async updateRecoveryModule(modules, transformer) {
+        const ext = this.shared.sequence.extensions.recovery;
+        const idx = modules.findIndex((m) => m.address === ext);
+        if (idx === -1) {
+            return;
+        }
+        const sapientSigner = modules[idx];
+        if (!sapientSigner) {
+            throw new Error('recovery-module-not-found');
+        }
+        const genericTree = await this.shared.sequence.stateProvider.getTree(sapientSigner.imageHash);
+        if (!genericTree) {
+            throw new Error('recovery-module-tree-not-found');
+        }
+        const tree = Extensions.Recovery.fromGenericTree(genericTree);
+        const { leaves, isComplete } = Extensions.Recovery.getRecoveryLeaves(tree);
+        if (!isComplete) {
+            throw new Error('recovery-module-tree-incomplete');
+        }
+        const nextTree = Extensions.Recovery.fromRecoveryLeaves(transformer(leaves));
+        const nextGeneric = Extensions.Recovery.toGenericTree(nextTree);
+        await this.shared.sequence.stateProvider.saveTree(nextGeneric);
+        if (!modules[idx]) {
+            throw new Error('recovery-module-not-found-(unreachable)');
+        }
+        modules[idx].imageHash = GenericTree.hash(nextGeneric);
+    }
+    async initRecoveryModule(modules, address) {
+        if (this.hasRecoveryModule(modules)) {
+            throw new Error('recovery-module-already-initialized');
+        }
+        const recoveryTree = Extensions.Recovery.fromRecoveryLeaves([
+            {
+                type: 'leaf',
+                signer: address,
+                requiredDeltaTime: this.shared.sequence.defaultRecoverySettings.requiredDeltaTime,
+                minTimestamp: this.shared.sequence.defaultRecoverySettings.minTimestamp,
+            },
+        ]);
+        const recoveryGenericTree = Extensions.Recovery.toGenericTree(recoveryTree);
+        await this.shared.sequence.stateProvider.saveTree(recoveryGenericTree);
+        const recoveryImageHash = GenericTree.hash(recoveryGenericTree);
+        modules.push({
+            type: 'sapient-signer',
+            address: this.shared.sequence.extensions.recovery,
+            weight: 255n,
+            imageHash: recoveryImageHash,
+        });
+    }
+    hasRecoveryModule(modules) {
+        return modules.some((m) => Address.isEqual(m.address, this.shared.sequence.extensions.recovery));
+    }
+    async addRecoverySignerToModules(modules, address) {
+        if (!this.hasRecoveryModule(modules)) {
+            throw new Error('recovery-module-not-enabled');
+        }
+        await this.updateRecoveryModule(modules, (leaves) => {
+            if (leaves.some((l) => Address.isEqual(l.signer, address))) {
+                return leaves;
+            }
+            const filtered = leaves.filter((l) => !Address.isEqual(l.signer, '0x0000000000000000000000000000000000000000'));
+            return [
+                ...filtered,
+                {
+                    type: 'leaf',
+                    signer: address,
+                    requiredDeltaTime: this.shared.sequence.defaultRecoverySettings.requiredDeltaTime,
+                    minTimestamp: this.shared.sequence.defaultRecoverySettings.minTimestamp,
+                },
+            ];
+        });
+    }
+    async removeRecoverySignerFromModules(modules, address) {
+        if (!this.hasRecoveryModule(modules)) {
+            throw new Error('recovery-module-not-enabled');
+        }
+        await this.updateRecoveryModule(modules, (leaves) => {
+            const next = leaves.filter((l) => l.signer !== address);
+            if (next.length === 0) {
+                return [
+                    {
+                        type: 'leaf',
+                        signer: '0x0000000000000000000000000000000000000000',
+                        requiredDeltaTime: 0n,
+                        minTimestamp: 0n,
+                    },
+                ];
+            }
+            return next;
+        });
+    }
+    async addRecoveryMnemonic(wallet, mnemonic) {
+        const signer = MnemonicHandler.toSigner(mnemonic);
+        if (!signer) {
+            throw new Error('invalid-mnemonic');
+        }
+        await signer.witness(this.shared.sequence.stateProvider, wallet, {
+            isForRecovery: true,
+            signerKind: Kinds.LoginMnemonic,
+        });
+        return this.addRecoverySigner(wallet, signer.address);
+    }
+    async addRecoverySigner(wallet, address) {
+        const { modules } = await this.shared.modules.wallets.getConfigurationParts(wallet);
+        await this.addRecoverySignerToModules(modules, address);
+        return this.shared.modules.wallets.requestConfigurationUpdate(wallet, {
+            modules,
+        }, Actions.AddRecoverySigner, 'wallet-webapp');
+    }
+    async removeRecoverySigner(wallet, address) {
+        const { modules } = await this.shared.modules.wallets.getConfigurationParts(wallet);
+        await this.removeRecoverySignerFromModules(modules, address);
+        return this.shared.modules.wallets.requestConfigurationUpdate(wallet, { modules }, Actions.RemoveRecoverySigner, 'wallet-webapp');
+    }
+    async completeRecoveryUpdate(requestId) {
+        const request = await this.shared.modules.signatures.get(requestId);
+        if (request.action !== 'add-recovery-signer' && request.action !== 'remove-recovery-signer') {
+            throw new Error('invalid-recovery-update-action');
+        }
+        return this.shared.modules.wallets.completeConfigurationUpdate(requestId);
+    }
+    async getRecoverySigners(address) {
+        const { raw } = await this.shared.modules.wallets.getConfiguration(address);
+        const recoveryLeaf = raw.modules.find((m) => Address.isEqual(m.address, this.shared.sequence.extensions.recovery));
+        if (!recoveryLeaf) {
+            return undefined;
+        }
+        const recoveryGenericTree = await this.shared.sequence.stateProvider.getTree(recoveryLeaf.imageHash);
+        if (!recoveryGenericTree) {
+            throw new Error('recovery-module-tree-not-found');
+        }
+        const recoveryTree = Extensions.Recovery.fromGenericTree(recoveryGenericTree);
+        const { leaves, isComplete } = Extensions.Recovery.getRecoveryLeaves(recoveryTree);
+        if (!isComplete) {
+            throw new Error('recovery-module-tree-incomplete');
+        }
+        const kos = await this.shared.modules.signers.resolveKinds(address, leaves.map((l) => l.signer));
+        return leaves
+            .filter((l) => !Address.isEqual(l.signer, '0x0000000000000000000000000000000000000000'))
+            .map((l) => ({
+            address: l.signer,
+            kind: kos.find((s) => Address.isEqual(s.address, l.signer))?.kind || 'unknown',
+            isRecovery: true,
+            minTimestamp: l.minTimestamp,
+            requiredDeltaTime: l.requiredDeltaTime,
+        }));
+    }
+    async queueRecoveryPayload(wallet, chainId, payload) {
+        const signers = await this.getRecoverySigners(wallet);
+        if (!signers) {
+            throw new Error('recovery-signers-not-found');
+        }
+        const recoveryPayload = Payload.toRecovery(payload);
+        const simulatedTopology = Config.flatLeavesToTopology(signers.map((s) => ({
+            type: 'signer',
+            address: s.address,
+            weight: 1n,
+        })));
+        // Save both versions of the payload in parallel
+        await Promise.all([
+            this.shared.sequence.stateProvider.savePayload(wallet, payload, chainId),
+            this.shared.sequence.stateProvider.savePayload(wallet, recoveryPayload, chainId),
+        ]);
+        const requestId = await this.shared.modules.signatures.request({
+            wallet,
+            chainId,
+            configuration: {
+                threshold: 1n,
+                checkpoint: 0n,
+                topology: simulatedTopology,
+            },
+            payload: recoveryPayload,
+        }, 'recovery');
+        return requestId;
+    }
+    // TODO: Handle this transaction instead of just returning the to and data
+    async completeRecoveryPayload(requestId) {
+        const signature = await this.shared.modules.signatures.get(requestId);
+        if (signature.action !== 'recovery' || !Payload.isRecovery(signature.envelope.payload)) {
+            throw new Error('invalid-recovery-payload');
+        }
+        if (!Envelope.isSigned(signature.envelope)) {
+            throw new Error('recovery-payload-not-signed');
+        }
+        const { weight, threshold } = Envelope.weightOf(signature.envelope);
+        if (weight < threshold) {
+            throw new Error('recovery-payload-insufficient-weight');
+        }
+        // Find any valid signature
+        const validSignature = signature.envelope.signatures[0];
+        if (Envelope.isSapientSignature(validSignature)) {
+            throw new Error('recovery-payload-sapient-signatures-not-supported');
+        }
+        if (!validSignature) {
+            throw new Error('recovery-payload-no-valid-signature');
+        }
+        const calldata = Extensions.Recovery.encodeCalldata(signature.wallet, signature.envelope.payload, validSignature.address, validSignature.signature);
+        return {
+            to: this.shared.sequence.extensions.recovery,
+            data: calldata,
+        };
+    }
+    async getQueuedRecoveryPayloads(wallet) {
+        const all = await this.shared.databases.recovery.list();
+        if (wallet) {
+            return all.filter((p) => Address.isEqual(p.wallet, wallet));
+        }
+        return all;
+    }
+    onQueuedRecoveryPayloadsUpdate(wallet, cb, trigger) {
+        if (trigger) {
+            this.getQueuedRecoveryPayloads(wallet).then(cb);
+        }
+        return this.shared.databases.recovery.addListener(() => {
+            this.getQueuedRecoveryPayloads(wallet).then(cb);
+        });
+    }
+    async updateQueuedRecoveryPayloads() {
+        const wallets = await this.shared.modules.wallets.list();
+        if (wallets.length === 0) {
+            return;
+        }
+        // Create providers for each network
+        const providers = this.shared.sequence.networks.map((network) => ({
+            chainId: network.chainId,
+            provider: Provider.from(RpcTransport.fromHttp(network.rpc)),
+        }));
+        const seenInThisRun = new Set();
+        for (const wallet of wallets) {
+            // See if they have any recover signers
+            const signers = await this.getRecoverySigners(wallet.address);
+            if (!signers || signers.length === 0) {
+                continue;
+            }
+            // Now we need to fetch, for each signer and network, any queued recovery payloads
+            // TODO: This may benefit from multicall, but it is not urgent, as this happens in the background
+            for (const signer of signers) {
+                for (const { chainId, provider } of providers) {
+                    const totalPayloads = await Extensions.Recovery.totalQueuedPayloads(provider, this.shared.sequence.extensions.recovery, wallet.address, signer.address);
+                    for (let i = 0n; i < totalPayloads; i++) {
+                        const payloadHash = await Extensions.Recovery.queuedPayloadHashOf(provider, this.shared.sequence.extensions.recovery, wallet.address, signer.address, i);
+                        const timestamp = await Extensions.Recovery.timestampForQueuedPayload(provider, this.shared.sequence.extensions.recovery, wallet.address, signer.address, payloadHash);
+                        const payload = await this.shared.sequence.stateProvider.getPayload(payloadHash);
+                        // If ready, we need to check if it was executed already
+                        // for this, we check if the wallet 77nonce for the given space
+                        // is greater than the nonce in the payload
+                        if (timestamp < Date.now() / 1000 && payload && Payload.isCalls(payload.payload)) {
+                            const nonce = await this.shared.modules.wallets.getNonce(chainId, wallet.address, payload.payload.space);
+                            if (nonce > i) {
+                                continue;
+                            }
+                        }
+                        // The id is the index + signer address + chainId + wallet address
+                        const id = `${i}-${signer.address}-${chainId}-${wallet.address}`;
+                        // Create a new payload
+                        const payloadEntry = {
+                            id,
+                            index: i,
+                            recoveryModule: this.shared.sequence.extensions.recovery,
+                            wallet: wallet.address,
+                            signer: signer.address,
+                            chainId,
+                            startTimestamp: timestamp,
+                            endTimestamp: timestamp + signer.requiredDeltaTime,
+                            payloadHash,
+                            payload: payload?.payload,
+                        };
+                        await this.shared.databases.recovery.set(payloadEntry);
+                        seenInThisRun.add(payloadEntry.id);
+                    }
+                }
+            }
+            // Delete any unseen queued payloads as they are no longer relevant
+            const allQueuedPayloads = await this.shared.databases.recovery.list();
+            for (const payload of allQueuedPayloads) {
+                if (!seenInThisRun.has(payload.id)) {
+                    await this.shared.databases.recovery.del(payload.id);
+                }
+            }
+        }
+    }
+    async encodeRecoverySignature(imageHash, signer) {
+        const genericTree = await this.shared.sequence.stateProvider.getTree(imageHash);
+        if (!genericTree) {
+            throw new Error('recovery-module-tree-not-found');
+        }
+        const tree = Extensions.Recovery.fromGenericTree(genericTree);
+        const allSigners = Extensions.Recovery.getRecoveryLeaves(tree).leaves.map((l) => l.signer);
+        if (!allSigners.includes(signer)) {
+            throw new Error('signer-not-found-in-recovery-module');
+        }
+        const trimmed = Extensions.Recovery.trimTopology(tree, signer);
+        return Extensions.Recovery.encodeTopology(trimmed);
+    }
+}

package/dist/sequence/sessions.d.ts

@@ -0,0 +1,26 @@
+import { Signers as CoreSigners } from '@0xsequence/wallet-core';
+import { Attestation, Signature as SequenceSignature, SessionConfig } from '@0xsequence/wallet-primitives';
+import { Address, Hex } from 'ox';
+import { Shared } from './manager.js';
+export type AuthorizeImplicitSessionArgs = {
+    target: string;
+    applicationData?: Hex.Hex;
+};
+export declare class Sessions {
+    private readonly shared;
+    private readonly sessionManagerAddresses;
+    constructor(shared: Shared, sessionManagerAddresses?: Address.Address[]);
+    getSessionTopology(walletAddress: Address.Address): Promise<SessionConfig.SessionsTopology>;
+    prepareAuthorizeImplicitSession(walletAddress: Address.Address, sessionAddress: Address.Address, args: AuthorizeImplicitSessionArgs): Promise<string>;
+    completeAuthorizeImplicitSession(requestId: string): Promise<{
+        attestation: Attestation.Attestation;
+        signature: SequenceSignature.RSY;
+    }>;
+    addExplicitSession(walletAddress: Address.Address, sessionAddress: Address.Address, permissions: CoreSigners.Session.ExplicitParams, origin?: string): Promise<string>;
+    removeExplicitSession(walletAddress: Address.Address, sessionAddress: Address.Address, origin?: string): Promise<string>;
+    addBlacklistAddress(walletAddress: Address.Address, address: Address.Address, origin?: string): Promise<string>;
+    removeBlacklistAddress(walletAddress: Address.Address, address: Address.Address, origin?: string): Promise<string>;
+    private prepareSessionUpdate;
+    completeSessionUpdate(requestId: string): Promise<void>;
+}
+//# sourceMappingURL=sessions.d.ts.map

package/dist/sequence/sessions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessions.d.ts","sourceRoot":"","sources":["../../src/sequence/sessions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,IAAI,WAAW,EAAY,MAAM,yBAAyB,CAAA;AAC1E,OAAO,EACL,WAAW,EAKX,SAAS,IAAI,iBAAiB,EAC9B,aAAa,EACd,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,OAAO,EAAe,GAAG,EAAE,MAAM,IAAI,CAAA;AAI9C,OAAO,EAA0B,MAAM,EAAE,MAAM,cAAc,CAAA;AAG7D,MAAM,MAAM,4BAA4B,GAAG;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,eAAe,CAAC,EAAE,GAAG,CAAC,GAAG,CAAA;CAC1B,CAAA;AAID,qBAAa,QAAQ;IAEjB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,uBAAuB;gBADvB,MAAM,EAAE,MAAM,EACd,uBAAuB,GAAE,OAAO,CAAC,OAAO,EAAmC;IAGxF,kBAAkB,CAAC,aAAa,EAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC,gBAAgB,CAAC;IAgB3F,+BAA+B,CACnC,aAAa,EAAE,OAAO,CAAC,OAAO,EAC9B,cAAc,EAAE,OAAO,CAAC,OAAO,EAC/B,IAAI,EAAE,4BAA4B,GACjC,OAAO,CAAC,MAAM,CAAC;IA+DZ,gCAAgC,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;QACjE,WAAW,EAAE,WAAW,CAAC,WAAW,CAAA;QACpC,SAAS,EAAE,iBAAiB,CAAC,GAAG,CAAA;KACjC,CAAC;IA8BI,kBAAkB,CACtB,aAAa,EAAE,OAAO,CAAC,OAAO,EAC9B,cAAc,EAAE,OAAO,CAAC,OAAO,EAC/B,WAAW,EAAE,WAAW,CAAC,OAAO,CAAC,cAAc,EAC/C,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC;IASZ,qBAAqB,CACzB,aAAa,EAAE,OAAO,CAAC,OAAO,EAC9B,cAAc,EAAE,OAAO,CAAC,OAAO,EAC/B,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC;IASZ,mBAAmB,CACvB,aAAa,EAAE,OAAO,CAAC,OAAO,EAC9B,OAAO,EAAE,OAAO,CAAC,OAAO,EACxB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC;IAMZ,sBAAsB,CAC1B,aAAa,EAAE,OAAO,CAAC,OAAO,EAC9B,OAAO,EAAE,OAAO,CAAC,OAAO,EACxB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC;YAMJ,oBAAoB;IAoC5B,qBAAqB,CAAC,SAAS,EAAE,MAAM;CAQ9C"}

package/dist/sequence/sessions.js

@@ -0,0 +1,169 @@
+import { Envelope } from '@0xsequence/wallet-core';
+import { Constants, GenericTree, Payload, SessionConfig, } from '@0xsequence/wallet-primitives';
+import { Address, Bytes, Hash, Hex } from 'ox';
+import { AuthCodePkceHandler } from './handlers/authcode-pkce.js';
+import { IdentityHandler, identityTypeToHex } from './handlers/identity.js';
+import { ManagerOptionsDefaults } from './manager.js';
+import { Actions } from './types/signature-request.js';
+const DefaultSessionManagerAddresses = [Constants.DefaultSessionManager];
+export class Sessions {
+    shared;
+    sessionManagerAddresses;
+    constructor(shared, sessionManagerAddresses = DefaultSessionManagerAddresses) {
+        this.shared = shared;
+        this.sessionManagerAddresses = sessionManagerAddresses;
+    }
+    async getSessionTopology(walletAddress) {
+        const { modules } = await this.shared.modules.wallets.getConfigurationParts(walletAddress);
+        const managerLeaf = modules.find((leaf) => this.sessionManagerAddresses.some((addr) => Address.isEqual(addr, leaf.address)));
+        if (!managerLeaf) {
+            throw new Error('Session manager not found');
+        }
+        const imageHash = managerLeaf.imageHash;
+        const tree = await this.shared.sequence.stateProvider.getTree(imageHash);
+        if (!tree) {
+            throw new Error('Session topology not found');
+        }
+        return SessionConfig.configurationTreeToSessionsTopology(tree);
+    }
+    async prepareAuthorizeImplicitSession(walletAddress, sessionAddress, args) {
+        const topology = await this.getSessionTopology(walletAddress);
+        const identitySignerAddress = SessionConfig.getIdentitySigner(topology);
+        if (!identitySignerAddress) {
+            throw new Error('No identity signer address found');
+        }
+        const identityKind = await this.shared.modules.signers.kindOf(walletAddress, identitySignerAddress);
+        if (!identityKind) {
+            throw new Error('No identity handler kind found');
+        }
+        const handler = this.shared.handlers.get(identityKind);
+        if (!handler) {
+            throw new Error('No identity handler found');
+        }
+        // Create the attestation to sign
+        let identityType;
+        let issuerHash = '0x';
+        let audienceHash = '0x';
+        if (handler instanceof IdentityHandler) {
+            identityType = handler.identityType;
+            if (handler instanceof AuthCodePkceHandler) {
+                issuerHash = Hash.keccak256(Hex.fromString(handler.issuer));
+                audienceHash = Hash.keccak256(Hex.fromString(handler.audience));
+            }
+        }
+        const attestation = {
+            approvedSigner: sessionAddress,
+            identityType: Bytes.fromHex(identityTypeToHex(identityType), { size: 4 }),
+            issuerHash: Bytes.fromHex(issuerHash, { size: 32 }),
+            audienceHash: Bytes.fromHex(audienceHash, { size: 32 }),
+            applicationData: Bytes.fromHex(args.applicationData ?? '0x'),
+            authData: {
+                redirectUrl: args.target,
+            },
+        };
+        // Fake the configuration with the single required signer
+        const configuration = {
+            threshold: 1n,
+            checkpoint: 0n,
+            topology: {
+                type: 'signer',
+                address: identitySignerAddress,
+                weight: 1n,
+            },
+        };
+        const envelope = {
+            payload: {
+                type: 'session-implicit-authorize',
+                sessionAddress,
+                attestation,
+            },
+            wallet: walletAddress,
+            chainId: 0n,
+            configuration,
+        };
+        // Request the signature from the identity handler
+        return this.shared.modules.signatures.request(envelope, 'session-implicit-authorize', {
+            origin: args.target,
+        });
+    }
+    async completeAuthorizeImplicitSession(requestId) {
+        // Get the updated signature request
+        const signatureRequest = await this.shared.modules.signatures.get(requestId);
+        if (signatureRequest.action !== 'session-implicit-authorize' ||
+            !Payload.isSessionImplicitAuthorize(signatureRequest.envelope.payload)) {
+            throw new Error('Invalid action');
+        }
+        if (!Envelope.isSigned(signatureRequest.envelope) || !Envelope.reachedThreshold(signatureRequest.envelope)) {
+            throw new Error('Envelope not signed or threshold not reached');
+        }
+        // Find any valid signature
+        const signature = signatureRequest.envelope.signatures[0];
+        if (!signature || !Envelope.isSignature(signature)) {
+            throw new Error('No valid signature found');
+        }
+        if (signature.signature.type !== 'hash') {
+            // Should never happen
+            throw new Error('Unsupported signature type');
+        }
+        return {
+            attestation: signatureRequest.envelope.payload.attestation,
+            signature: signature.signature,
+        };
+    }
+    async addExplicitSession(walletAddress, sessionAddress, permissions, origin) {
+        const topology = await this.getSessionTopology(walletAddress);
+        const newTopology = SessionConfig.addExplicitSession(topology, {
+            ...permissions,
+            signer: sessionAddress,
+        });
+        return this.prepareSessionUpdate(walletAddress, newTopology, origin);
+    }
+    async removeExplicitSession(walletAddress, sessionAddress, origin) {
+        const topology = await this.getSessionTopology(walletAddress);
+        const newTopology = SessionConfig.removeExplicitSession(topology, sessionAddress);
+        if (!newTopology) {
+            throw new Error('Session not found');
+        }
+        return this.prepareSessionUpdate(walletAddress, newTopology, origin);
+    }
+    async addBlacklistAddress(walletAddress, address, origin) {
+        const topology = await this.getSessionTopology(walletAddress);
+        const newTopology = SessionConfig.addToImplicitBlacklist(topology, address);
+        return this.prepareSessionUpdate(walletAddress, newTopology, origin);
+    }
+    async removeBlacklistAddress(walletAddress, address, origin) {
+        const topology = await this.getSessionTopology(walletAddress);
+        const newTopology = SessionConfig.removeFromImplicitBlacklist(topology, address);
+        return this.prepareSessionUpdate(walletAddress, newTopology, origin);
+    }
+    async prepareSessionUpdate(walletAddress, topology, origin = 'wallet-webapp') {
+        // Store the new configuration
+        const tree = SessionConfig.sessionsTopologyToConfigurationTree(topology);
+        await this.shared.sequence.stateProvider.saveTree(tree);
+        const newImageHash = GenericTree.hash(tree);
+        // Find the session manager in the old configuration
+        const { modules } = await this.shared.modules.wallets.getConfigurationParts(walletAddress);
+        const managerLeaf = modules.find((leaf) => this.sessionManagerAddresses.some((addr) => Address.isEqual(addr, leaf.address)));
+        if (!managerLeaf) {
+            // Missing. Add it
+            modules.push({
+                ...ManagerOptionsDefaults.defaultSessionsTopology,
+                imageHash: newImageHash,
+            });
+        }
+        else {
+            // Update the configuration to use the new session manager image hash
+            managerLeaf.imageHash = newImageHash;
+        }
+        return this.shared.modules.wallets.requestConfigurationUpdate(walletAddress, {
+            modules,
+        }, Actions.SessionUpdate, origin);
+    }
+    async completeSessionUpdate(requestId) {
+        const sigRequest = await this.shared.modules.signatures.get(requestId);
+        if (sigRequest.action !== 'session-update' || !Payload.isConfigUpdate(sigRequest.envelope.payload)) {
+            throw new Error('Invalid action');
+        }
+        return this.shared.modules.wallets.completeConfigurationUpdate(requestId);
+    }
+}