@account-kit/signer 4.43.0 → 4.44.0

package/src/client/base.ts

@@ -2,7 +2,14 @@ import { ConnectionConfigSchema, type ConnectionConfig } from "@aa-sdk/core";
 import { TurnkeyClient, type TSignedRequest } from "@turnkey/http";
 import EventEmitter from "eventemitter3";
 import { jwtDecode } from "jwt-decode";
-import { sha256, type Hex } from "viem";
+import {
+  hexToBytes,
+  recoverPublicKey,
+  serializeSignature,
+  sha256,
+  type Address,
+  type Hex,
+} from "viem";
 import { NotAuthenticatedError, OAuthProvidersError } from "../errors.js";
 import { getDefaultProviderCustomization } from "../oauth.js";
 import type { OauthMode } from "../signer.js";
@@ -42,6 +49,8 @@ import type {
   AuthMethods,
 } from "./types.js";
 import { VERSION } from "../version.js";
+import { secp256k1 } from "@noble/curves/secp256k1";
+import { Point } from "@noble/secp256k1";
 
 export interface BaseSignerClientParams {
   stamper: TurnkeyClient["stamper"];
@@ -51,8 +60,8 @@ export interface BaseSignerClientParams {
 }
 
 export type ExportWalletStamper = TurnkeyClient["stamper"] & {
-  injectWalletExportBundle(bundle: string): Promise<boolean>;
-  injectKeyExportBundle(bundle: string): Promise<boolean>;
+  injectWalletExportBundle(bundle: string, orgId: string): Promise<boolean>;
+  injectKeyExportBundle(bundle: string, orgId: string): Promise<boolean>;
   publicKey(): string | null;
 };
 
@@ -64,6 +73,8 @@ const MFA_PAYLOAD = {
   LIST: "list_mfas",
 } as const;
 
+const withHexPrefix = (hex: string) => `0x${hex}` as const;
+
 /**
  * Base class for all Alchemy Signer clients
  */
@@ -679,6 +690,160 @@ export abstract class BaseSignerClient<TExportWalletParams = unknown> {
     return signature;
   };
 
+  private experimental_createMultiOwnerStamper = () => ({
+    stamp: async (
+      request: string,
+    ): Promise<{
+      stampHeaderName: string;
+      stampHeaderValue: string;
+    }> => {
+      if (!this.user) {
+        throw new NotAuthenticatedError();
+      }
+
+      // we need this later to recover the public key from the signature, so we don't let turnkey hash
+      // this for us and pass HASH_FUNCTION_NO_OP instead
+      const hashed = sha256(new TextEncoder().encode(request));
+
+      // sign through the user's suborg
+      const signature = await this.signRawMessage(hashed, "ETHEREUM");
+
+      // recover the public key, we can't just use the address
+      const recoveredPublicKey = await recoverPublicKey({
+        hash: hashed,
+        signature,
+      });
+
+      // compute the stamp over the original payload using this signature
+      // the format here is important
+      const stamp = {
+        publicKey: Point.fromHex(hexToBytes(recoveredPublicKey)).toHex(true),
+        scheme: "SIGNATURE_SCHEME_TK_API_SECP256K1",
+        signature: secp256k1.Signature.fromCompact(
+          hexToBytes(signature).slice(0, 64),
+        ).toDERHex(),
+      };
+
+      return {
+        stampHeaderName: "X-Stamp",
+        stampHeaderValue: base64UrlEncode(Buffer.from(JSON.stringify(stamp))),
+      };
+    },
+  });
+
+  private experimental_createMultiOwnerTurnkeyClient = () =>
+    new TurnkeyClient(
+      { baseUrl: "https://api.turnkey.com" },
+      this.experimental_createMultiOwnerStamper(),
+    );
+
+  /**
+   * This will sign on behalf of the multi-owner org, without doing any transformations on the message.
+   * For SignMessage or SignTypedData, the caller should hash the message before calling this method and pass
+   * that result here.
+   *
+   * @param {Hex} msg the hex representation of the bytes to sign
+   * @param {string} orgId orgId of the multi-owner org to sign on behalf of
+   * @param {string} orgAddress address of the multi-owner org to sign on behalf of
+   * @returns {Promise<Hex>} the signature over the raw hex
+   */
+  public experimental_multiOwnerSignRawMessage = async (
+    msg: Hex,
+    orgId: string,
+    orgAddress: string,
+  ) => {
+    if (!this.user) {
+      throw new NotAuthenticatedError();
+    }
+    const multiOwnerClient = this.experimental_createMultiOwnerTurnkeyClient();
+
+    const signatureResult = await multiOwnerClient.signRawPayload({
+      organizationId: orgId,
+      type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
+      timestampMs: Date.now().toString(),
+      parameters: {
+        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
+        hashFunction: "HASH_FUNCTION_NO_OP",
+        payload: msg,
+        signWith: orgAddress,
+      },
+    });
+
+    const signRawPayloadResult =
+      signatureResult.activity.result.signRawPayloadResult;
+    if (!signRawPayloadResult) {
+      throw new Error("No sign raw payload result");
+    }
+
+    return serializeSignature({
+      r: withHexPrefix(signRawPayloadResult.r),
+      s: withHexPrefix(signRawPayloadResult.s),
+      yParity: Number(signRawPayloadResult.v), // this is not actually a legacy v value, it's the y parity bit
+    });
+  };
+
+  /**
+   * This will create a multi-sig with the current user and additional specified signers
+   *
+   * @param {number} quorum multi sig quorum, currently only 1 is supported
+   * @param {Address[]} additionalMembers members to add, aside from the currently authenticated user
+   * @returns {Promise<SignerResponse<"/v1/multi-sig-create">>} created multi-sig
+   */
+  public experimental_createMultiSig = (
+    quorum: number,
+    additionalMembers: Address[],
+  ) => {
+    if (!this.user) {
+      throw new NotAuthenticatedError();
+    }
+
+    return this.request("/v1/multi-sig-create", {
+      members: [this.user.address, ...additionalMembers].map(
+        (evmSignerAddress) => ({ evmSignerAddress }),
+      ),
+      quorum,
+    });
+  };
+
+  /**
+   * This will add additional members to an existing multi-sig account
+   *
+   * @param {string} orgId orgId of the multi-sig to add members to
+   * @param {Address[]} members the addresses of the members to add
+   */
+  public experimental_addToMultiOwner = async (
+    orgId: string,
+    members: Address[],
+  ) => {
+    if (!this.user) {
+      throw new NotAuthenticatedError();
+    }
+
+    const multiOwnerClient = this.experimental_createMultiOwnerTurnkeyClient();
+
+    const prepared = await this.request("/v1/multi-sig-prepare-add", {
+      members: members.map((evmSignerAddress) => ({ evmSignerAddress })),
+    });
+
+    const stampedRequest = await multiOwnerClient.stampCreateUsers({
+      organizationId: orgId,
+      type: "ACTIVITY_TYPE_CREATE_USERS_V3",
+      timestampMs: Date.now().toString(),
+      parameters: prepared,
+    });
+
+    const { updateRootQuorumIntent } = await this.request("/v1/multi-sig-add", {
+      stampedRequest,
+    });
+
+    await multiOwnerClient.updateRootQuorum({
+      organizationId: orgId,
+      type: "ACTIVITY_TYPE_UPDATE_ROOT_QUORUM",
+      timestampMs: Date.now().toString(),
+      parameters: updateRootQuorumIntent,
+    });
+  };
+
   /**
    * Returns the current user or null if no user is set.
    *
@@ -936,7 +1101,10 @@ export abstract class BaseSignerClient<TExportWalletParams = unknown> {
       "exportWalletResult",
     );
 
-    const result = await stamper.injectWalletExportBundle(exportBundle);
+    const result = await stamper.injectWalletExportBundle(
+      exportBundle,
+      this.user.orgId,
+    );
 
     if (!result) {
       throw new Error("Failed to inject wallet export bundle");
@@ -966,7 +1134,10 @@ export abstract class BaseSignerClient<TExportWalletParams = unknown> {
       "exportWalletAccountResult",
     );
 
-    const result = await stamper.injectKeyExportBundle(exportBundle);
+    const result = await stamper.injectKeyExportBundle(
+      exportBundle,
+      this.user.orgId,
+    );
 
     if (!result) {
       throw new Error("Failed to inject wallet export bundle");

package/src/client/index.ts

@@ -55,7 +55,10 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
   private iframeStamper: IframeStamper;
   private webauthnStamper: WebauthnStamper;
   oauthCallbackUrl: string;
-  iframeContainerId: string;
+  iframeConfig: {
+    iframeElementId: string;
+    iframeContainerId: string;
+  };
 
   /**
    * Initializes a new instance with the given parameters, setting up the connection, iframe configuration, and WebAuthn stamper.
@@ -97,7 +100,7 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
     });
 
     this.iframeStamper = iframeStamper;
-    this.iframeContainerId = iframeConfig.iframeContainerId;
+    this.iframeConfig = iframeConfig;
 
     this.webauthnStamper = new WebauthnStamper({
       rpId: rpId ?? window.location.hostname,
@@ -350,7 +353,19 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
   public override disconnect = async () => {
     this.user = undefined;
     this.iframeStamper.clear();
-    await this.iframeStamper.init();
+
+    // In the latest version of the TK iframe stamper, the
+    // IframeStamper instance seems to not be usable after
+    // clearing it, so we need to create a new instance.
+    const stamper = new IframeStamper({
+      iframeContainer: document.getElementById(
+        this.iframeConfig.iframeContainerId,
+      ),
+      iframeElementId: this.iframeConfig.iframeElementId,
+      iframeUrl: "https://auth.turnkey.com",
+    });
+    this.iframeStamper = stamper;
+    await this.initSessionStamper();
   };
 
   /**
@@ -610,14 +625,29 @@ export class AlchemySignerWebClient extends BaseSignerClient<ExportWalletParams>
     return this.request("/v1/prepare-oauth", { nonce });
   };
 
+  private initSessionStamperPromise: Promise<string> | null = null;
+
   protected override async initSessionStamper(): Promise<string> {
-    if (!this.iframeStamper.publicKey()) {
-      await this.iframeStamper.init();
+    if (this.initSessionStamperPromise) {
+      return this.initSessionStamperPromise;
     }
 
-    this.setStamper(this.iframeStamper);
+    this.initSessionStamperPromise = (async () => {
+      if (!this.iframeStamper.publicKey()) {
+        await this.iframeStamper.init();
+      }
+
+      this.setStamper(this.iframeStamper);
+
+      return this.iframeStamper.publicKey()!;
+    })();
 
-    return this.iframeStamper.publicKey()!;
+    try {
+      const result = await this.initSessionStamperPromise;
+      return result;
+    } finally {
+      this.initSessionStamperPromise = null;
+    }
   }
 
   protected override async initWebauthnStamper(

package/src/client/types.ts

@@ -1,5 +1,9 @@
 import type { Address } from "@aa-sdk/core";
-import type { TSignedRequest, getWebAuthnAttestation } from "@turnkey/http";
+import type {
+  TSignedRequest,
+  TurnkeyApiTypes,
+  getWebAuthnAttestation,
+} from "@turnkey/http";
 import type { Hex } from "viem";
 import type { AuthParams } from "../signer";
 
@@ -264,6 +268,44 @@ export type SignerEndpoints = [
       multiFactors: MfaFactor[];
     };
   },
+  {
+    Route: "/v1/multi-sig-create";
+    Body: {
+      quorum: number;
+      members: {
+        evmSignerAddress: Address;
+      }[];
+    };
+    Response: {
+      orgId: string;
+      quorum: number;
+      evmSignerAddress: Address;
+      members: {
+        evmSignerAddress: Address;
+      }[];
+    };
+  },
+  {
+    Route: "/v1/multi-sig-prepare-add";
+    Body: {
+      members: {
+        evmSignerAddress: Address;
+      }[];
+    };
+    Response: TurnkeyApiTypes["v1CreateUsersIntentV3"];
+  },
+  {
+    Route: "/v1/multi-sig-add";
+    Body: {
+      stampedRequest: TSignedRequest;
+    };
+    Response: {
+      members: {
+        evmSignerAddress: Address;
+      }[];
+      updateRootQuorumIntent: TurnkeyApiTypes["v1UpdateRootQuorumIntent"];
+    };
+  },
 ];
 
 export type AuthenticatingEventMetadata = {

package/src/version.ts

@@ -1,3 +1,3 @@
 // This file is autogenerated by inject-version.ts. Any changes will be
 // overwritten on commit!
-export const VERSION = "4.43.0";
+export const VERSION = "4.44.0";