@account-kit/smart-contracts 4.88.1 → 4.88.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/esm/src/ma-v2/permissionBuilder.js +48 -23
  2. package/dist/esm/src/ma-v2/permissionBuilder.js.map +1 -1
  3. package/dist/types/src/ma-v2/permissionBuilder.d.ts.map +1 -1
  4. package/package.json +5 -5
  5. package/src/ma-v2/permissionBuilder.ts +55 -28
package/dist/esm/src/ma-v2/permissionBuilder.js CHANGED
@@ -8,7 +8,11 @@ import { SingleSignerValidationModule } from "./modules/single-signer-validation
8
8
  import { AllowlistModule } from "./modules/allowlist-module/module.js";
9
9
  import { TimeRangeModule } from "./modules/time-range-module/module.js";
10
10
  import { AccountAddressAsTargetError, DeadlineOverLimitError, DuplicateTargetAddressError, ExpiredDeadlineError, MultipleGasLimitError, MultipleNativeTokenTransferError, NoFunctionsProvidedError, RootPermissionOnlyError, SelectorNotAllowed, UnsupportedPermissionTypeError, ValidationConfigUnsetError, ZeroAddressError, } from "./permissionBuilderErrors.js";
11
- // We use this to offset the ERC20 spend limit entityId
11
+ import { InvalidEntityIdError } from "@aa-sdk/core";
12
+ // Reserved offset for hooks that would otherwise collide on shared module storage
13
+ // (ERC20 spend limit vs PREVAL_ALLOWLIST on AllowlistModule; GAS_LIMIT vs
14
+ // NATIVE_TOKEN_TRANSFER on NativeTokenLimitModule). Any user-supplied entityId
15
+ // must be strictly less than this so the offset namespace stays disjoint.
12
16
  const HALF_UINT32 = 2147483647;
13
17
  const ERC20_APPROVE_SELECTOR = "0x095ea7b3";
14
18
  const ERC20_TRANSFER_SELECTOR = "0xa9059cbb";
@@ -16,6 +20,39 @@ const ACCOUNT_EXECUTE_SELECTOR = "0xb61d27f6";
16
20
  const ACCOUNT_EXECUTEBATCH_SELECTOR = "0x34fcd5be";
17
21
  const ACCOUNT_PERFORM_CREATE_SELECTOR = "0x5998db5c";
18
22
  const ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR = "0xf2680c0f";
23
+ const ACCOUNT_INSTALL_VALIDATION_SELECTOR = "0x1bbf564c";
24
+ const ACCOUNT_UNINSTALL_VALIDATION_SELECTOR = "0xb6b1ccfe";
25
+ const ACCOUNT_INSTALL_EXECUTION_SELECTOR = "0x1d37e7d6";
26
+ const ACCOUNT_UNINSTALL_EXECUTION_SELECTOR = "0x0b7cad71";
27
+ const ACCOUNT_UPGRADE_TO_AND_CALL_SELECTOR = "0x4f1ef286";
28
+ // Wrapped native functions that must not be added to a session key's selector allowlist.
29
+ const PRIVILEGED_SELECTORS = {
30
+ [ACCOUNT_PERFORM_CREATE_SELECTOR]: "performCreate",
31
+ [ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR]: "executeWithRuntimeValidation",
32
+ [ACCOUNT_INSTALL_VALIDATION_SELECTOR]: "installValidation",
33
+ [ACCOUNT_UNINSTALL_VALIDATION_SELECTOR]: "uninstallValidation",
34
+ [ACCOUNT_INSTALL_EXECUTION_SELECTOR]: "installExecution",
35
+ [ACCOUNT_UNINSTALL_EXECUTION_SELECTOR]: "uninstallExecution",
36
+ [ACCOUNT_UPGRADE_TO_AND_CALL_SELECTOR]: "upgradeToAndCall",
37
+ };
38
+ // Auto-added by translatePermissions when a PREVAL_ALLOWLIST hook exists.
39
+ // Blocked from manual addition to ensure they're only added with proper hook context.
40
+ const SYSTEM_MANAGED_SELECTORS = {
41
+ [ACCOUNT_EXECUTE_SELECTOR]: "execute",
42
+ [ACCOUNT_EXECUTEBATCH_SELECTOR]: "executeBatch",
43
+ };
44
+ function assertNotForbiddenSelector(selector) {
45
+ const normalized = selector.toLowerCase();
46
+ const match = PRIVILEGED_SELECTORS[normalized] ?? SYSTEM_MANAGED_SELECTORS[normalized];
47
+ if (match != null) {
48
+ throw new SelectorNotAllowed(match);
49
+ }
50
+ }
51
+ function assertNoForbiddenSelectors(selectors) {
52
+ for (const selector of selectors) {
53
+ assertNotForbiddenSelector(selector);
54
+ }
55
+ }
19
56
  export var PermissionType;
20
57
  (function (PermissionType) {
21
58
  PermissionType["NATIVE_TOKEN_TRANSFER"] = "native-token-transfer";
@@ -100,6 +137,9 @@ export class PermissionBuilder {
100
137
  writable: true,
101
138
  value: 0
102
139
  });
140
+ if (entityId >= HALF_UINT32) {
141
+ throw new InvalidEntityIdError(entityId, HALF_UINT32 - 1);
142
+ }
103
143
  this.client = client;
104
144
  this.validationConfig = {
105
145
  moduleAddress: getDefaultSingleSignerValidationModuleAddress(this.client.chain),
@@ -113,20 +153,17 @@ export class PermissionBuilder {
113
153
  signer: key.publicKey,
114
154
  });
115
155
  this.nonce = nonce;
116
- if (selectors)
156
+ if (selectors) {
157
+ assertNoForbiddenSelectors(selectors);
117
158
  this.selectors = selectors;
159
+ }
118
160
  if (hooks)
119
161
  this.hooks = hooks;
120
162
  if (deadline)
121
163
  this.deadline = deadline;
122
164
  }
123
165
  addSelector({ selector }) {
124
- if (selector === ACCOUNT_PERFORM_CREATE_SELECTOR) {
125
- throw new SelectorNotAllowed("performCreate");
126
- }
127
- if (selector === ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR) {
128
- throw new SelectorNotAllowed("executeWithRuntimeValidation");
129
- }
166
+ assertNotForbiddenSelector(selector);
130
167
  this.selectors.push(selector);
131
168
  return this;
132
169
  }
@@ -172,19 +209,7 @@ export class PermissionBuilder {
172
209
  if (permission.data.functions.length === 0) {
173
210
  throw new NoFunctionsProvidedError(permission);
174
211
  }
175
- // Explicitly disallow adding execute, executeBatch, performCreate, and executeWithRuntimeValidation
176
- if (permission.data.functions.includes(ACCOUNT_EXECUTE_SELECTOR)) {
177
- throw new SelectorNotAllowed("execute");
178
- }
179
- else if (permission.data.functions.includes(ACCOUNT_EXECUTEBATCH_SELECTOR)) {
180
- throw new SelectorNotAllowed("executeBatch");
181
- }
182
- else if (permission.data.functions.includes(ACCOUNT_PERFORM_CREATE_SELECTOR)) {
183
- throw new SelectorNotAllowed("performCreate");
184
- }
185
- else if (permission.data.functions.includes(ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR)) {
186
- throw new SelectorNotAllowed("executeWithRuntimeValidation");
187
- }
212
+ assertNoForbiddenSelectors(permission.data.functions);
188
213
  this.selectors = [...this.selectors, ...permission.data.functions];
189
214
  }
190
215
  this.permissions.push(permission);
@@ -358,13 +383,13 @@ export class PermissionBuilder {
358
383
  rawHooks[HookIdentifier.GAS_LIMIT] = {
359
384
  hookConfig: {
360
385
  address: getDefaultNativeTokenLimitModuleAddress(this.client.chain),
361
- entityId,
386
+ entityId: entityId + HALF_UINT32,
362
387
  hookType: HookType.VALIDATION,
363
388
  hasPreHooks: true,
364
389
  hasPostHooks: false,
365
390
  },
366
391
  initData: {
367
- entityId,
392
+ entityId: entityId + HALF_UINT32,
368
393
  spendLimit: BigInt(permission.data.limit),
369
394
  },
370
395
  };
package/dist/esm/src/ma-v2/permissionBuilder.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"permissionBuilder.js","sourceRoot":"","sources":["../../../../src/ma-v2/permissionBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAA0B,MAAM,MAAM,CAAC;AAC7E,OAAO,EACL,QAAQ,GAGT,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,wBAAwB,GAEzB,MAAM,mDAAmD,CAAC;AAE3D,OAAO,EACL,eAAe,GAEhB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,sBAAsB,EAAE,MAAM,+CAA+C,CAAC;AACvF,OAAO,EACL,gCAAgC,EAChC,uCAAuC,EACvC,6CAA6C,EAC7C,gCAAgC,GACjC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,4BAA4B,EAAE,MAAM,8CAA8C,CAAC;AAC5F,OAAO,EAAE,eAAe,EAAE,MAAM,sCAAsC,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EACL,2BAA2B,EAC3B,sBAAsB,EACtB,2BAA2B,EAC3B,oBAAoB,EACpB,qBAAqB,EACrB,gCAAgC,EAChC,wBAAwB,EACxB,uBAAuB,EACvB,kBAAkB,EAClB,8BAA8B,EAC9B,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,8BAA8B,CAAC;AAEtC,uDAAuD;AACvD,MAAM,WAAW,GAAG,UAAU,CAAC;AAC/B,MAAM,sBAAsB,GAAG,YAAY,CAAC;AAC5C,MAAM,uBAAuB,GAAG,YAAY,CAAC;AAC7C,MAAM,wBAAwB,GAAG,YAAY,CAAC;AAC9C,MAAM,6BAA6B,GAAG,YAAY,CAAC;AACnD,MAAM,+BAA+B,GAAG,YAAY,CAAC;AACrD,MAAM,gDAAgD,GAAG,YAAY,CAAC;AAEtE,MAAM,CAAN,IAAY,cAaX;AAbD,WAAY,cAAc;IACxB,iEAA+C,CAAA;IAC/C,+DAA6C,CAAA;IAC7C,mEAAmE;IACnE,qEAAqE;IACrE,yCAAuB,CAAA;IACvB,6CAA6C;IAC7C,6CAA6C;IAC7C,qDAAmC,CAAA;IACnC,yDAAuC,CAAA;IACvC,2EAAyD,CAAA;IACzD,iEAA+C,CAAA;IAC/C,+BAAa,CAAA;AACf,CAAC,EAbW,cAAc,KAAd,cAAc,QAazB;AAED,IAAK,cAKJ;AALD,WAAK,cAAc;IACjB,qFAAqB,CAAA;IACrB,mFAAoB,CAAA;IACpB,6DAAS,CAAA;IACT,2EAAgB,CAAA;AAClB,CAAC,EALI,cAAc,KAAd,cAAc,QAKlB;AA0ID,MAAM,OAAO,iBAAiB;IAiB5B,YAAY,EACV,MAAM,EACN,GAAG,EACH,QAAQ,EACR,KAAK,EACL,SAAS,EACT,KAAK,EACL,QAAQ,GAST;QAhCO;;;;;WAA+B;QAC/B;;;;mBAAqC;gBAC3C,aAAa,EAAE,WAAW;gBAC1B,QAAQ,EAAE,CAAC,EAAE,SAAS;gBACtB,QAAQ,EAAE,KAAK;gBACf,qBAAqB,EAAE,KAAK;gBAC5B,kBAAkB,EAAE,KAAK;aAC1B;WAAC;QACM;;;;mBAAmB,EAAE;WAAC;QACtB;;;;mBAAmB,IAAI;WAAC;QACxB;;;;mBAA4B,EAAE;WAAC;QAC/B;;;;mBAAgB,EAAE;WAAC;QACnB;;;;mBAAgB,EAAE;WAAC;QACnB;;;;mBAAkC,KAAK;WAAC;QACxC;;;;mBAAmB,CAAC;WAAC;QAmB3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,gBAAgB,GAAG;YACtB,aAAa,EAAE,6CAA6C,CAC1D,IAAI,CAAC,MAAM,CAAC,KAAK,CAClB;YACD,QAAQ;YACR,kBAAkB,EAAE,IAAI;YACxB,QAAQ,EAAE,KAAK;YACf,qBAAqB,EAAE,KAAK;SAC7B,CAAC;QACF,IAAI,CAAC,WAAW,GAAG,4BAA4B,CAAC,mBAAmB,CAAC;YAClE,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,GAAG,CAAC,SAAS;SACtB,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,SAAS;YAAE,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC1C,IAAI,KAAK;YAAE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QAC9B,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IACzC,CAAC;IAED,WAAW,CAAC,EAAE,QAAQ,EAAqB;QACzC,IAAI,QAAQ,KAAK,+BAA+B,EAAE,CAAC;YACjD,MAAM,IAAI,kBAAkB,CAAC,eAAe,CAAC,CAAC;QAChD,CAAC;QACD,IAAI,QAAQ,KAAK,gDAAgD,EAAE,CAAC;YAClE,MAAM,IAAI,kBAAkB,CAAC,8BAA8B,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,aAAa,CAAC,EAAE,UAAU,EAA8B;QACtD,qEAAqE;QACrE,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,uBAAuB,CAAC,UAAU,CAAC,CAAC;YAChD,CAAC;YACD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAClC,uBAAuB;YACvB,IAAI,CAAC,gBAAgB,CAAC,QAAQ,GAAG,IAAI,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,8FAA8F;QAC9F,iDAAiD;QACjD,sGAAsG;QACtG,6CAA6C;QAC7C,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,MAAM,IAAI,uBAAuB,CAAC,UAAU,CAAC,CAAC;QAChD,CAAC;QAED,iIAAiI;QACjI,IACE,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,eAAe;YAClD,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,qBAAqB,EACxD,CAAC;YACD,8GAA8G;YAC9G,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC5D,MAAM,IAAI,2BAA2B,CAAC,UAAU,CAAC,CAAC;YACpD,CAAC;YAED,oFAAoF;YACpF,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC;YAC9C,MAAM,iCAAiC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAC7D,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,eAAe;gBACxC,SAAS,IAAI,CAAC,CAAC,IAAI;gBACnB,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,aAAa,CAAC;gBACnC,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,qBAAqB;oBAC9C,SAAS,IAAI,CAAC,CAAC,IAAI;oBACnB,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,aAAa,CAAC,CACtC,CAAC;YAEF,IAAI,iCAAiC,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAA2B,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAED,iEAAiE;QACjE,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,iBAAiB,EAAE,CAAC;YACzD,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,wBAAwB,CAAC,UAAU,CAAC,CAAC;YACjD,CAAC;YACD,oGAAoG;YACpG,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,CAAC;YAC1C,CAAC;iBAAM,IACL,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,6BAA6B,CAAC,EACjE,CAAC;gBACD,MAAM,IAAI,kBAAkB,CAAC,cAAc,CAAC,CAAC;YAC/C,CAAC;iBAAM,IACL,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,+BAA+B,CAAC,EACnE,CAAC;gBACD,MAAM,IAAI,kBAAkB,CAAC,eAAe,CAAC,CAAC;YAChD,CAAC;iBAAM,IACL,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAChC,gDAAgD,CACjD,EACD,CAAC;gBACD,MAAM,IAAI,kBAAkB,CAAC,8BAA8B,CAAC,CAAC;YAC/D,CAAC;YACD,IAAI,CAAC,SAAS,GAAG,CAAC,GAAG,IAAI,CAAC,SAAS,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,cAAc,CAAC,EAAE,WAAW,EAAiC;QAC3D,iFAAiF;QACjF,gEAAgE;QAChE,WAAW,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YACjC,IAAI,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sDAAsD;IACtD,KAAK,CAAC,eAAe;QAInB,wCAAwC;QACxC,IAAI,IAAI,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YACxB,IAAI,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBACtC,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YACnE,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,GAAG,SAAS,EAAE,CAAC;gBAC9B,MAAM,IAAI,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,CAAC,KAAK,CAAC,IAAI,CACb,eAAe,CAAC,SAAS,CACvB;gBACE,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,QAAQ;gBACxC,UAAU,EAAE,IAAI,CAAC,QAAQ;gBACzB,UAAU,EAAE,CAAC;aACd,EACD,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CACpD,CACF,CAAC;QACJ,CAAC;QAED,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAEtD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,eAAe,CACzC,IAAI,CAAC,MAAM,CACZ,CAAC,mCAAmC,CAAC;YACpC,QAAQ,EAAE,qBAAqB;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,MAAM,kBAAkB,GAAG,eAAe,CACxC,IAAI,CAAC,MAAM,CACZ,CAAC,qCAAqC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;QAEvD,uEAAuE;QACvE,MAAM,oCAAoC,GAAkB,MAC1D,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GACtC,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE;YACnB,IAAI,EAAE,EAAE;SACT,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5C,OAAO;YACL,SAAS;YACT,oCAAoC;SACrC,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,KAAK,CAAC,UAAU;QACd,iDAAiD;QACjD,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CACxC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAC/B,CAAC;YACF,0CAA0C;YAC1C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC;QACD,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAE7B,OAAO,MAAM,wBAAwB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,uBAAuB,CAAC;YACzE,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,8CAA8C;IAC9C,KAAK,CAAC,kBAAkB;QACtB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAE7B,OAAO;YACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;SAC7B,CAAC;IACJ,CAAC;IAEO,qBAAqB;QAC3B,IACE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,KAAK,KAAK;YACxC,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAC3B,CAAC;YACD,MAAM,IAAI,0BAA0B,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,8CAA8C;IACtC,oBAAoB,CAAC,QAAgB;QAC3C,MAAM,QAAQ,GAAa;YACzB,CAAC,cAAc,CAAC,qBAAqB,CAAC,EAAE,SAAS;YACjD,CAAC,cAAc,CAAC,oBAAoB,CAAC,EAAE,SAAS;YAChD,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,SAAS;YACrC,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,SAAS;SAC7C,CAAC;QAEF,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YACtC,QAAQ,UAAU,CAAC,IAAI,EAAE,CAAC;gBACxB,KAAK,cAAc,CAAC,qBAAqB;oBACvC,gEAAgE;oBAChE,IAAI,QAAQ,CAAC,cAAc,CAAC,qBAAqB,CAAC,KAAK,SAAS,EAAE,CAAC;wBACjE,MAAM,IAAI,gCAAgC,CAAC,UAAU,CAAC,CAAC;oBACzD,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,qBAAqB,CAAC,GAAG;wBAC/C,UAAU,EAAE;4BACV,OAAO,EAAE,uCAAuC,CAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CAClB;4BACD,QAAQ;4BACR,QAAQ,EAAE,QAAQ,CAAC,SAAS;4BAC5B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ;4BACR,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;yBAC9C;qBACF,CAAC;oBACF,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC;oBACnC,MAAM;gBACR,KAAK,cAAc,CAAC,oBAAoB;oBACtC,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;wBAC5C,MAAM,IAAI,gBAAgB,CAAC,UAAU,CAAC,CAAC;oBACzC,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,oBAAoB,CAAC,GAAG;wBAC9C,UAAU,EAAE;4BACV,OAAO,EAAE,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;4BAC5D,QAAQ,EAAE,QAAQ,GAAG,WAAW;4BAChC,QAAQ,EAAE,QAAQ,CAAC,SAAS;4BAC5B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ,EAAE,QAAQ,GAAG,WAAW;4BAChC,MAAM,EAAE;gCACN,oCAAoC;gCACpC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,oBAAoB,CAAC,EAAE,QAAQ;qCACxD,MAAM,IAAI,EAAE,CAAC;gCAChB;oCACE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,OAAO;oCAC/B,oBAAoB,EAAE,KAAK;oCAC3B,kBAAkB,EAAE,IAAI;oCACxB,eAAe,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;oCAClD,SAAS,EAAE,EAAE;iCACd;6BACF;yBACF;qBACF,CAAC;oBACF,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC;oBACnC,oDAAoD;oBACpD,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;wBAC1C,UAAU,EAAE;4BACV,OAAO,EAAE,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;4BAC5D,QAAQ;4BACR,QAAQ,EAAE,QAAQ,CAAC,UAAU;4BAC7B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ;4BACR,MAAM,EAAE;gCACN,oCAAoC;gCACpC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,QAAQ;qCACpD,MAAM,IAAI,EAAE,CAAC;gCAChB;oCACE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,OAAO;oCAC/B,oBAAoB,EAAE,IAAI;oCAC1B,kBAAkB,EAAE,KAAK;oCACzB,eAAe,EAAE,EAAE;oCACnB,SAAS,EAAE,CAAC,sBAAsB,EAAE,uBAAuB,CAAC,EAAE,oBAAoB;iCACnF;6BACF;yBACF;qBACF,CAAC;oBACF,MAAM;gBACR,KAAK,cAAc,CAAC,SAAS;oBAC3B,oEAAoE;oBACpE,IAAI,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC,KAAK,SAAS,EAAE,CAAC;wBACrD,MAAM,IAAI,qBAAqB,CAAC,UAAU,CAAC,CAAC;oBAC9C,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC,GAAG;wBACnC,UAAU,EAAE;4BACV,OAAO,EAAE,uCAAuC,CAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CAClB;4BACD,QAAQ;4BACR,QAAQ,EAAE,QAAQ,CAAC,UAAU;4BAC7B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ;4BACR,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;yBAC1C;qBACF,CAAC;oBACF,MAAM;gBACR,KAAK,cAAc,CAAC,eAAe;oBACjC,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;wBAC5C,MAAM,IAAI,gBAAgB,CAAC,UAAU,CAAC,CAAC;oBACzC,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;wBAC1C,UAAU,EAAE;4BACV,OAAO,EAAE,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;4BAC5D,QAAQ;4BACR,QAAQ,EAAE,QAAQ,CAAC,UAAU;4BAC7B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ;4BACR,MAAM,EAAE;gCACN,oCAAoC;gCACpC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,QAAQ;qCACpD,MAAM,IAAI,EAAE,CAAC;gCAChB;oCACE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,OAAO;oCAC/B,oBAAoB,EAAE,KAAK;oCAC3B,kBAAkB,EAAE,KAAK;oCACzB,eAAe,EAAE,EAAE;oCACnB,SAAS,EAAE,EAAE;iCACd;6BACF;yBACF;qBACF,CAAC;oBACF,MAAM;gBACR,KAAK,cAAc,CAAC,iBAAiB;oBACnC,qCAAqC;oBACrC,MAAM;gBACR,KAAK,cAAc,CAAC,0BAA0B;oBAC5C,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC3C,MAAM,IAAI,wBAAwB,CAAC,UAAU,CAAC,CAAC;oBACjD,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;wBAC1C,UAAU,EAAE;4BACV,OAAO,EAAE,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;4BAC5D,QAAQ;4BACR,QAAQ,EAAE,QAAQ,CAAC,UAAU;4BAC7B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ;4BACR,MAAM,EAAE;gCACN,oCAAoC;gCACpC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,QAAQ;qCACpD,MAAM,IAAI,EAAE,CAAC;gCAChB;oCACE,MAAM,EAAE,WAAW;oCACnB,oBAAoB,EAAE,KAAK;oCAC3B,kBAAkB,EAAE,KAAK;oCACzB,eAAe,EAAE,EAAE;oCACnB,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,SAAS;iCACrC;6BACF;yBACF;qBACF,CAAC;oBACF,MAAM;gBACR,KAAK,cAAc,CAAC,qBAAqB;oBACvC,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC3C,MAAM,IAAI,wBAAwB,CAAC,UAAU,CAAC,CAAC;oBACjD,CAAC;oBACD,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;wBAC5C,MAAM,IAAI,gBAAgB,CAAC,UAAU,CAAC,CAAC;oBACzC,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;wBAC1C,UAAU,EAAE;4BACV,OAAO,EAAE,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;4BAC5D,QAAQ;4BACR,QAAQ,EAAE,QAAQ,CAAC,UAAU;4BAC7B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ;4BACR,MAAM,EAAE;gCACN,oCAAoC;gCACpC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,QAAQ;qCACpD,MAAM,IAAI,EAAE,CAAC;gCAChB;oCACE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,OAAO;oCAC/B,oBAAoB,EAAE,IAAI;oCAC1B,kBAAkB,EAAE,KAAK;oCACzB,eAAe,EAAE,EAAE;oCACnB,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,SAAS;iCACrC;6BACF;yBACF;qBACF,CAAC;oBACF,MAAM;gBACR,KAAK,cAAc,CAAC,IAAI;oBACtB,2CAA2C;oBAC3C,MAAM;gBACR;oBACE,WAAW,CAAC,UAAU,CAAC,CAAC;YAC5B,CAAC;YAED,6EAA6E;YAC7E,uFAAuF;YACvF,IAAI,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC5D,MAAM,cAAc,GAAoB;oBACtC,wBAAwB;oBACxB,6BAA6B;iBAC9B,CAAC,CAAC,wBAAwB;gBAE3B,kEAAkE;gBAClE,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CACxC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACjD,CAAC;gBAEF,IAAI,CAAC,SAAS,GAAG,CAAC,GAAG,IAAI,CAAC,SAAS,EAAE,GAAG,YAAY,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,QAAQ,CAAC,QAAkB;QACjC,IAAI,QAAQ,CAAC,cAAc,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACnD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,QAAQ,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC,UAAU;gBACrE,QAAQ,EAAE,sBAAsB,CAAC,mBAAmB,CAClD,QAAQ,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC,QAAQ,CACxD;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,cAAc,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAClD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,QAAQ,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAC,UAAU;gBACpE,QAAQ,EAAE,eAAe,CAAC,mBAAmB,CAC3C,QAAQ,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAC,QAAQ,CACvD;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,UAAU;gBACzD,QAAQ,EAAE,sBAAsB,CAAC,mBAAmB,CAClD,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,QAAQ,CAC5C;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC,UAAU;gBAChE,QAAQ,EAAE,eAAe,CAAC,mBAAmB,CAC3C,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CACnD;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;CACF;AAED,MAAM,UAAU,WAAW,CAAC,MAAa;IACvC,MAAM,IAAI,8BAA8B,EAAE,CAAC;AAC7C,CAAC","sourcesContent":["import { maxUint48, toHex, zeroAddress, type Address, type Hex } from \"viem\";\nimport {\n HookType,\n type HookConfig,\n type ValidationConfig,\n} from \"./actions/common/types.js\";\nimport {\n installValidationActions,\n type InstallValidationParams,\n} from \"./actions/install-validation/installValidation.js\";\nimport type { ModularAccountV2Client } from \"./client/client.js\";\nimport {\n deferralActions,\n type DeferredActionTypedData,\n} from \"./actions/deferralActions.js\";\nimport { NativeTokenLimitModule } from \"./modules/native-token-limit-module/module.js\";\nimport {\n getDefaultAllowlistModuleAddress,\n getDefaultNativeTokenLimitModuleAddress,\n getDefaultSingleSignerValidationModuleAddress,\n getDefaultTimeRangeModuleAddress,\n} from \"./modules/utils.js\";\nimport { SingleSignerValidationModule } from \"./modules/single-signer-validation/module.js\";\nimport { AllowlistModule } from \"./modules/allowlist-module/module.js\";\nimport { TimeRangeModule } from \"./modules/time-range-module/module.js\";\nimport {\n AccountAddressAsTargetError,\n DeadlineOverLimitError,\n DuplicateTargetAddressError,\n ExpiredDeadlineError,\n MultipleGasLimitError,\n MultipleNativeTokenTransferError,\n NoFunctionsProvidedError,\n RootPermissionOnlyError,\n SelectorNotAllowed,\n UnsupportedPermissionTypeError,\n ValidationConfigUnsetError,\n ZeroAddressError,\n} from \"./permissionBuilderErrors.js\";\n\n// We use this to offset the ERC20 spend limit entityId\nconst HALF_UINT32 = 2147483647;\nconst ERC20_APPROVE_SELECTOR = \"0x095ea7b3\";\nconst ERC20_TRANSFER_SELECTOR = \"0xa9059cbb\";\nconst ACCOUNT_EXECUTE_SELECTOR = \"0xb61d27f6\";\nconst ACCOUNT_EXECUTEBATCH_SELECTOR = \"0x34fcd5be\";\nconst ACCOUNT_PERFORM_CREATE_SELECTOR = \"0x5998db5c\";\nconst ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR = \"0xf2680c0f\";\n\nexport enum PermissionType {\n NATIVE_TOKEN_TRANSFER = \"native-token-transfer\",\n ERC20_TOKEN_TRANSFER = \"erc20-token-transfer\",\n // ERC721_TOKEN_TRANSFER = \"erc721-token-transfer\", //Unimplemented\n // ERC1155_TOKEN_TRANSFER = \"erc1155-token-transfer\", //Unimplemented\n GAS_LIMIT = \"gas-limit\",\n // CALL_LIMIT = \"call-limit\", //Unimplemented\n // RATE_LIMIT = \"rate-limit\", //Unimplemented\n CONTRACT_ACCESS = \"contract-access\",\n ACCOUNT_FUNCTIONS = \"account-functions\",\n FUNCTIONS_ON_ALL_CONTRACTS = \"functions-on-all-contracts\",\n FUNCTIONS_ON_CONTRACT = \"functions-on-contract\",\n ROOT = \"root\",\n}\n\nenum HookIdentifier {\n NATIVE_TOKEN_TRANSFER,\n ERC20_TOKEN_TRANSFER,\n GAS_LIMIT,\n PREVAL_ALLOWLIST, // aggregate of CONTRACT_ACCESS, ACCOUNT_FUNCTIONS, FUNCTIONS_ON_ALL_CONTRACTS, FUNCTIONS_ON_CONTRACT\n}\n\ntype PreExecutionHookConfig = {\n address: Address;\n entityId: number;\n hookType: HookType.EXECUTION;\n hasPreHooks: true;\n hasPostHooks: false;\n};\n\ntype PreValidationHookConfig = {\n address: Address;\n entityId: number;\n hookType: HookType.VALIDATION;\n hasPreHooks: true;\n hasPostHooks: false;\n};\n\ntype RawHooks = {\n [HookIdentifier.NATIVE_TOKEN_TRANSFER]:\n | {\n hookConfig: PreExecutionHookConfig;\n initData: {\n entityId: number;\n spendLimit: bigint;\n };\n }\n | undefined;\n [HookIdentifier.ERC20_TOKEN_TRANSFER]:\n | {\n hookConfig: PreExecutionHookConfig;\n initData: {\n entityId: number;\n inputs: Array<{\n target: Address;\n hasSelectorAllowlist: boolean;\n hasERC20SpendLimit: boolean;\n erc20SpendLimit: bigint;\n selectors: Array<Hex>;\n }>;\n };\n }\n | undefined;\n [HookIdentifier.GAS_LIMIT]:\n | {\n hookConfig: PreValidationHookConfig;\n initData: {\n entityId: number;\n spendLimit: bigint;\n };\n }\n | undefined;\n [HookIdentifier.PREVAL_ALLOWLIST]:\n | {\n hookConfig: PreValidationHookConfig;\n\n initData: {\n entityId: number;\n inputs: Array<{\n target: Address;\n hasSelectorAllowlist: boolean;\n hasERC20SpendLimit: boolean;\n erc20SpendLimit: bigint;\n selectors: Array<Hex>;\n }>;\n };\n }\n | undefined;\n};\n\ntype Key = {\n publicKey: Hex;\n type: \"secp256k1\" | \"contract\";\n};\n\nexport type Permission =\n | {\n // this permission allows transfer of native tokens from the account\n type: PermissionType.NATIVE_TOKEN_TRANSFER;\n data: {\n allowance: Hex;\n };\n }\n | {\n // this permission allows transfer or approval of erc20 tokens from the account\n type: PermissionType.ERC20_TOKEN_TRANSFER;\n data: {\n address: Address; // erc20 token contract address\n allowance: Hex;\n };\n }\n | {\n // this permissions allows the key to spend gas for UOs\n type: PermissionType.GAS_LIMIT;\n data: {\n limit: Hex;\n };\n }\n | {\n // this permission grants access to all functions in a contract\n type: PermissionType.CONTRACT_ACCESS;\n data: {\n address: Address;\n };\n }\n | {\n // this permission grants access to functions in the account\n type: PermissionType.ACCOUNT_FUNCTIONS;\n data: {\n functions: Hex[]; // function signatures\n };\n }\n | {\n // this permission grants access to a function selector in any address or contract\n type: PermissionType.FUNCTIONS_ON_ALL_CONTRACTS;\n data: {\n functions: Hex[]; // function signatures\n };\n }\n | {\n // this permission grants access to specified functions on a specific contract\n type: PermissionType.FUNCTIONS_ON_CONTRACT;\n data: {\n address: Address;\n functions: Hex[];\n };\n }\n | {\n // this permission grants full access to everything\n type: PermissionType.ROOT;\n data?: never;\n };\n\ntype Hook = {\n hookConfig: HookConfig;\n initData: Hex;\n};\n\nexport class PermissionBuilder {\n private client: ModularAccountV2Client;\n private validationConfig: ValidationConfig = {\n moduleAddress: zeroAddress,\n entityId: 0, // uint32\n isGlobal: false,\n isSignatureValidation: false,\n isUserOpValidation: false,\n };\n private selectors: Hex[] = [];\n private installData: Hex = \"0x\";\n private permissions: Permission[] = [];\n private hooks: Hook[] = [];\n private nonce: bigint = 0n;\n private hasAssociatedExecHooks: boolean = false;\n private deadline: number = 0;\n\n constructor({\n client,\n key,\n entityId,\n nonce,\n selectors,\n hooks,\n deadline,\n }: {\n client: ModularAccountV2Client;\n key: Key;\n entityId: number;\n nonce: bigint;\n selectors?: Hex[];\n hooks?: Hook[];\n deadline?: number;\n }) {\n this.client = client;\n this.validationConfig = {\n moduleAddress: getDefaultSingleSignerValidationModuleAddress(\n this.client.chain,\n ),\n entityId,\n isUserOpValidation: true,\n isGlobal: false,\n isSignatureValidation: false,\n };\n this.installData = SingleSignerValidationModule.encodeOnInstallData({\n entityId: entityId,\n signer: key.publicKey,\n });\n this.nonce = nonce;\n if (selectors) this.selectors = selectors;\n if (hooks) this.hooks = hooks;\n if (deadline) this.deadline = deadline;\n }\n\n addSelector({ selector }: { selector: Hex }): this {\n if (selector === ACCOUNT_PERFORM_CREATE_SELECTOR) {\n throw new SelectorNotAllowed(\"performCreate\");\n }\n if (selector === ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR) {\n throw new SelectorNotAllowed(\"executeWithRuntimeValidation\");\n }\n this.selectors.push(selector);\n return this;\n }\n\n addPermission({ permission }: { permission: Permission }): this {\n // Check 1: If we're adding root, we can't have any other permissions\n if (permission.type === PermissionType.ROOT) {\n if (this.permissions.length !== 0) {\n throw new RootPermissionOnlyError(permission);\n }\n this.permissions.push(permission);\n // Set isGlobal to true\n this.validationConfig.isGlobal = true;\n return this;\n }\n\n // Check 2: If the permission is NOT ROOT (guaranteed), ensure there is no ROOT permission set\n // Will resolve to undefined if ROOT is not found\n // NOTE: Technically this could be replaced by checking permissions[0] since it should not be possible\n // to have >1 permission with root among them\n if (this.permissions.find((p) => p.type === PermissionType.ROOT)) {\n throw new RootPermissionOnlyError(permission);\n }\n\n // Check 3: If the permission is either CONTRACT_ACCESS or FUNCTIONS_ON_CONTRACT, ensure it doesn't collide with another like it.\n if (\n permission.type === PermissionType.CONTRACT_ACCESS ||\n permission.type === PermissionType.FUNCTIONS_ON_CONTRACT\n ) {\n // Check 3.1: address must not be the account address, or the user should use the ACCOUNT_FUNCTIONS permission\n if (permission.data.address === this.client.account.address) {\n throw new AccountAddressAsTargetError(permission);\n }\n\n // Check 3.2: there must not be an existing permission with this address as a target\n const targetAddress = permission.data.address;\n const existingPermissionWithSameAddress = this.permissions.find(\n (p) =>\n (p.type === PermissionType.CONTRACT_ACCESS &&\n \"address\" in p.data &&\n p.data.address === targetAddress) ||\n (p.type === PermissionType.FUNCTIONS_ON_CONTRACT &&\n \"address\" in p.data &&\n p.data.address === targetAddress),\n );\n\n if (existingPermissionWithSameAddress) {\n throw new DuplicateTargetAddressError(permission, targetAddress);\n }\n }\n\n // Check 4: If the permission is ACCOUNT_FUNCTIONS, add selectors\n if (permission.type === PermissionType.ACCOUNT_FUNCTIONS) {\n if (permission.data.functions.length === 0) {\n throw new NoFunctionsProvidedError(permission);\n }\n // Explicitly disallow adding execute, executeBatch, performCreate, and executeWithRuntimeValidation\n if (permission.data.functions.includes(ACCOUNT_EXECUTE_SELECTOR)) {\n throw new SelectorNotAllowed(\"execute\");\n } else if (\n permission.data.functions.includes(ACCOUNT_EXECUTEBATCH_SELECTOR)\n ) {\n throw new SelectorNotAllowed(\"executeBatch\");\n } else if (\n permission.data.functions.includes(ACCOUNT_PERFORM_CREATE_SELECTOR)\n ) {\n throw new SelectorNotAllowed(\"performCreate\");\n } else if (\n permission.data.functions.includes(\n ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR,\n )\n ) {\n throw new SelectorNotAllowed(\"executeWithRuntimeValidation\");\n }\n this.selectors = [...this.selectors, ...permission.data.functions];\n }\n\n this.permissions.push(permission);\n return this;\n }\n\n addPermissions({ permissions }: { permissions: Permission[] }): this {\n // We could validate each permission here, but for simplicity we'll just add them\n // A better approach would be to call addPermission for each one\n permissions.forEach((permission) => {\n this.addPermission({ permission });\n });\n return this;\n }\n\n // Use for building deferred action typed data to sign\n async compileDeferred(): Promise<{\n typedData: DeferredActionTypedData;\n fullPreSignatureDeferredActionDigest: Hex;\n }> {\n // Add time range module hook via expiry\n if (this.deadline !== 0) {\n if (this.deadline < Date.now() / 1000) {\n throw new ExpiredDeadlineError(this.deadline, Date.now() / 1000);\n }\n if (this.deadline > maxUint48) {\n throw new DeadlineOverLimitError(this.deadline);\n }\n\n this.hooks.push(\n TimeRangeModule.buildHook(\n {\n entityId: this.validationConfig.entityId,\n validUntil: this.deadline,\n validAfter: 0,\n },\n getDefaultTimeRangeModuleAddress(this.client.chain),\n ),\n );\n }\n\n const installValidationCall = await this.compileRaw();\n\n const { typedData } = await deferralActions(\n this.client,\n ).createDeferredActionTypedDataObject({\n callData: installValidationCall,\n deadline: this.deadline,\n nonce: this.nonce,\n });\n\n const preSignatureDigest = deferralActions(\n this.client,\n ).buildPreSignatureDeferredActionDigest({ typedData });\n\n // Encode additional information to build the full pre-signature digest\n const fullPreSignatureDeferredActionDigest: `0x${string}` = `0x0${\n this.hasAssociatedExecHooks ? \"1\" : \"0\"\n }${toHex(this.nonce, {\n size: 32,\n }).slice(2)}${preSignatureDigest.slice(2)}`;\n\n return {\n typedData,\n fullPreSignatureDeferredActionDigest,\n };\n }\n\n // Use for direct `installValidation()` low-level calls (maybe useless)\n async compileRaw(): Promise<Hex> {\n // Translate all permissions into raw hooks if >0\n if (this.permissions.length > 0) {\n const rawHooks = this.translatePermissions(\n this.validationConfig.entityId,\n );\n // Add the translated permissions as hooks\n this.addHooks(rawHooks);\n }\n this.validateConfiguration();\n\n return await installValidationActions(this.client).encodeInstallValidation({\n validationConfig: this.validationConfig,\n selectors: this.selectors,\n installData: this.installData,\n hooks: this.hooks,\n account: this.client.account,\n });\n }\n\n // Use for compiling args to installValidation\n async compileInstallArgs(): Promise<InstallValidationParams> {\n this.validateConfiguration();\n\n return {\n validationConfig: this.validationConfig,\n selectors: this.selectors,\n installData: this.installData,\n hooks: this.hooks,\n account: this.client.account,\n };\n }\n\n private validateConfiguration(): void {\n if (\n this.validationConfig.isGlobal === false &&\n this.selectors.length === 0\n ) {\n throw new ValidationConfigUnsetError();\n }\n }\n\n // Used to translate consolidated permissions into raw unencoded hooks\n // Note entityId will be a member object later\n private translatePermissions(entityId: number): RawHooks {\n const rawHooks: RawHooks = {\n [HookIdentifier.NATIVE_TOKEN_TRANSFER]: undefined,\n [HookIdentifier.ERC20_TOKEN_TRANSFER]: undefined,\n [HookIdentifier.GAS_LIMIT]: undefined,\n [HookIdentifier.PREVAL_ALLOWLIST]: undefined,\n };\n\n this.permissions.forEach((permission) => {\n switch (permission.type) {\n case PermissionType.NATIVE_TOKEN_TRANSFER:\n // Should never be added twice, check is on addPermission(s) too\n if (rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER] !== undefined) {\n throw new MultipleNativeTokenTransferError(permission);\n }\n rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER] = {\n hookConfig: {\n address: getDefaultNativeTokenLimitModuleAddress(\n this.client.chain,\n ),\n entityId,\n hookType: HookType.EXECUTION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId,\n spendLimit: BigInt(permission.data.allowance),\n },\n };\n this.hasAssociatedExecHooks = true;\n break;\n case PermissionType.ERC20_TOKEN_TRANSFER:\n if (permission.data.address === zeroAddress) {\n throw new ZeroAddressError(permission);\n }\n rawHooks[HookIdentifier.ERC20_TOKEN_TRANSFER] = {\n hookConfig: {\n address: getDefaultAllowlistModuleAddress(this.client.chain),\n entityId: entityId + HALF_UINT32,\n hookType: HookType.EXECUTION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId: entityId + HALF_UINT32,\n inputs: [\n // Add previous inputs if they exist\n ...(rawHooks[HookIdentifier.ERC20_TOKEN_TRANSFER]?.initData\n .inputs || []),\n {\n target: permission.data.address,\n hasSelectorAllowlist: false,\n hasERC20SpendLimit: true,\n erc20SpendLimit: BigInt(permission.data.allowance),\n selectors: [],\n },\n ],\n },\n };\n this.hasAssociatedExecHooks = true;\n // Also allow `approve` and `transfer` for the erc20\n rawHooks[HookIdentifier.PREVAL_ALLOWLIST] = {\n hookConfig: {\n address: getDefaultAllowlistModuleAddress(this.client.chain),\n entityId,\n hookType: HookType.VALIDATION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId,\n inputs: [\n // Add previous inputs if they exist\n ...(rawHooks[HookIdentifier.PREVAL_ALLOWLIST]?.initData\n .inputs || []),\n {\n target: permission.data.address,\n hasSelectorAllowlist: true,\n hasERC20SpendLimit: false,\n erc20SpendLimit: 0n,\n selectors: [ERC20_APPROVE_SELECTOR, ERC20_TRANSFER_SELECTOR], // approve, transfer\n },\n ],\n },\n };\n break;\n case PermissionType.GAS_LIMIT:\n // Should only ever be added once, check is also on addPermission(s)\n if (rawHooks[HookIdentifier.GAS_LIMIT] !== undefined) {\n throw new MultipleGasLimitError(permission);\n }\n rawHooks[HookIdentifier.GAS_LIMIT] = {\n hookConfig: {\n address: getDefaultNativeTokenLimitModuleAddress(\n this.client.chain,\n ),\n entityId,\n hookType: HookType.VALIDATION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId,\n spendLimit: BigInt(permission.data.limit),\n },\n };\n break;\n case PermissionType.CONTRACT_ACCESS:\n if (permission.data.address === zeroAddress) {\n throw new ZeroAddressError(permission);\n }\n rawHooks[HookIdentifier.PREVAL_ALLOWLIST] = {\n hookConfig: {\n address: getDefaultAllowlistModuleAddress(this.client.chain),\n entityId,\n hookType: HookType.VALIDATION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId,\n inputs: [\n // Add previous inputs if they exist\n ...(rawHooks[HookIdentifier.PREVAL_ALLOWLIST]?.initData\n .inputs || []),\n {\n target: permission.data.address,\n hasSelectorAllowlist: false,\n hasERC20SpendLimit: false,\n erc20SpendLimit: 0n,\n selectors: [],\n },\n ],\n },\n };\n break;\n case PermissionType.ACCOUNT_FUNCTIONS:\n // This is handled in add permissions\n break;\n case PermissionType.FUNCTIONS_ON_ALL_CONTRACTS:\n if (permission.data.functions.length === 0) {\n throw new NoFunctionsProvidedError(permission);\n }\n rawHooks[HookIdentifier.PREVAL_ALLOWLIST] = {\n hookConfig: {\n address: getDefaultAllowlistModuleAddress(this.client.chain),\n entityId,\n hookType: HookType.VALIDATION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId,\n inputs: [\n // Add previous inputs if they exist\n ...(rawHooks[HookIdentifier.PREVAL_ALLOWLIST]?.initData\n .inputs || []),\n {\n target: zeroAddress,\n hasSelectorAllowlist: false,\n hasERC20SpendLimit: false,\n erc20SpendLimit: 0n,\n selectors: permission.data.functions,\n },\n ],\n },\n };\n break;\n case PermissionType.FUNCTIONS_ON_CONTRACT:\n if (permission.data.functions.length === 0) {\n throw new NoFunctionsProvidedError(permission);\n }\n if (permission.data.address === zeroAddress) {\n throw new ZeroAddressError(permission);\n }\n rawHooks[HookIdentifier.PREVAL_ALLOWLIST] = {\n hookConfig: {\n address: getDefaultAllowlistModuleAddress(this.client.chain),\n entityId,\n hookType: HookType.VALIDATION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId,\n inputs: [\n // Add previous inputs if they exist\n ...(rawHooks[HookIdentifier.PREVAL_ALLOWLIST]?.initData\n .inputs || []),\n {\n target: permission.data.address,\n hasSelectorAllowlist: true,\n hasERC20SpendLimit: false,\n erc20SpendLimit: 0n,\n selectors: permission.data.functions,\n },\n ],\n },\n };\n break;\n case PermissionType.ROOT:\n // Root permission handled in addPermission\n break;\n default:\n assertNever(permission);\n }\n\n // isGlobal guaranteed to be false since it's only set with root permissions,\n // we must add access to execute & executeBatch if there's a preVal allowlist hook set.\n if (rawHooks[HookIdentifier.PREVAL_ALLOWLIST] !== undefined) {\n const selectorsToAdd: `0x${string}`[] = [\n ACCOUNT_EXECUTE_SELECTOR,\n ACCOUNT_EXECUTEBATCH_SELECTOR,\n ]; // execute, executeBatch\n\n // Only add the selectors if they aren't already in this.selectors\n const newSelectors = selectorsToAdd.filter(\n (selector) => !this.selectors.includes(selector),\n );\n\n this.selectors = [...this.selectors, ...newSelectors];\n }\n });\n\n return rawHooks;\n }\n\n private addHooks(rawHooks: RawHooks) {\n if (rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER]) {\n this.hooks.push({\n hookConfig: rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER].hookConfig,\n initData: NativeTokenLimitModule.encodeOnInstallData(\n rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER].initData,\n ),\n });\n }\n\n if (rawHooks[HookIdentifier.ERC20_TOKEN_TRANSFER]) {\n this.hooks.push({\n hookConfig: rawHooks[HookIdentifier.ERC20_TOKEN_TRANSFER].hookConfig,\n initData: AllowlistModule.encodeOnInstallData(\n rawHooks[HookIdentifier.ERC20_TOKEN_TRANSFER].initData,\n ),\n });\n }\n\n if (rawHooks[HookIdentifier.GAS_LIMIT]) {\n this.hooks.push({\n hookConfig: rawHooks[HookIdentifier.GAS_LIMIT].hookConfig,\n initData: NativeTokenLimitModule.encodeOnInstallData(\n rawHooks[HookIdentifier.GAS_LIMIT].initData,\n ),\n });\n }\n\n if (rawHooks[HookIdentifier.PREVAL_ALLOWLIST]) {\n this.hooks.push({\n hookConfig: rawHooks[HookIdentifier.PREVAL_ALLOWLIST].hookConfig,\n initData: AllowlistModule.encodeOnInstallData(\n rawHooks[HookIdentifier.PREVAL_ALLOWLIST].initData,\n ),\n });\n }\n }\n}\n\nexport function assertNever(_valid: never): never {\n throw new UnsupportedPermissionTypeError();\n}\n"]}
1
+ {"version":3,"file":"permissionBuilder.js","sourceRoot":"","sources":["../../../../src/ma-v2/permissionBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAA0B,MAAM,MAAM,CAAC;AAC7E,OAAO,EACL,QAAQ,GAGT,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,wBAAwB,GAEzB,MAAM,mDAAmD,CAAC;AAE3D,OAAO,EACL,eAAe,GAEhB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,sBAAsB,EAAE,MAAM,+CAA+C,CAAC;AACvF,OAAO,EACL,gCAAgC,EAChC,uCAAuC,EACvC,6CAA6C,EAC7C,gCAAgC,GACjC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,4BAA4B,EAAE,MAAM,8CAA8C,CAAC;AAC5F,OAAO,EAAE,eAAe,EAAE,MAAM,sCAAsC,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EACL,2BAA2B,EAC3B,sBAAsB,EACtB,2BAA2B,EAC3B,oBAAoB,EACpB,qBAAqB,EACrB,gCAAgC,EAChC,wBAAwB,EACxB,uBAAuB,EACvB,kBAAkB,EAClB,8BAA8B,EAC9B,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEpD,kFAAkF;AAClF,0EAA0E;AAC1E,+EAA+E;AAC/E,0EAA0E;AAC1E,MAAM,WAAW,GAAG,UAAU,CAAC;AAC/B,MAAM,sBAAsB,GAAG,YAAY,CAAC;AAC5C,MAAM,uBAAuB,GAAG,YAAY,CAAC;AAC7C,MAAM,wBAAwB,GAAG,YAAY,CAAC;AAC9C,MAAM,6BAA6B,GAAG,YAAY,CAAC;AACnD,MAAM,+BAA+B,GAAG,YAAY,CAAC;AACrD,MAAM,gDAAgD,GAAG,YAAY,CAAC;AACtE,MAAM,mCAAmC,GAAG,YAAY,CAAC;AACzD,MAAM,qCAAqC,GAAG,YAAY,CAAC;AAC3D,MAAM,kCAAkC,GAAG,YAAY,CAAC;AACxD,MAAM,oCAAoC,GAAG,YAAY,CAAC;AAC1D,MAAM,oCAAoC,GAAG,YAAY,CAAC;AAC1D,yFAAyF;AACzF,MAAM,oBAAoB,GAA2B;IACnD,CAAC,+BAA+B,CAAC,EAAE,eAAe;IAClD,CAAC,gDAAgD,CAAC,EAChD,8BAA8B;IAChC,CAAC,mCAAmC,CAAC,EAAE,mBAAmB;IAC1D,CAAC,qCAAqC,CAAC,EAAE,qBAAqB;IAC9D,CAAC,kCAAkC,CAAC,EAAE,kBAAkB;IACxD,CAAC,oCAAoC,CAAC,EAAE,oBAAoB;IAC5D,CAAC,oCAAoC,CAAC,EAAE,kBAAkB;CAC3D,CAAC;AAEF,0EAA0E;AAC1E,sFAAsF;AACtF,MAAM,wBAAwB,GAA2B;IACvD,CAAC,wBAAwB,CAAC,EAAE,SAAS;IACrC,CAAC,6BAA6B,CAAC,EAAE,cAAc;CAChD,CAAC;AAEF,SAAS,0BAA0B,CAAC,QAAa;IAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAC1C,MAAM,KAAK,GACT,oBAAoB,CAAC,UAAU,CAAC,IAAI,wBAAwB,CAAC,UAAU,CAAC,CAAC;IAC3E,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;QAClB,MAAM,IAAI,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED,SAAS,0BAA0B,CAAC,SAAgB;IAClD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,0BAA0B,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,MAAM,CAAN,IAAY,cAaX;AAbD,WAAY,cAAc;IACxB,iEAA+C,CAAA;IAC/C,+DAA6C,CAAA;IAC7C,mEAAmE;IACnE,qEAAqE;IACrE,yCAAuB,CAAA;IACvB,6CAA6C;IAC7C,6CAA6C;IAC7C,qDAAmC,CAAA;IACnC,yDAAuC,CAAA;IACvC,2EAAyD,CAAA;IACzD,iEAA+C,CAAA;IAC/C,+BAAa,CAAA;AACf,CAAC,EAbW,cAAc,KAAd,cAAc,QAazB;AAED,IAAK,cAKJ;AALD,WAAK,cAAc;IACjB,qFAAqB,CAAA;IACrB,mFAAoB,CAAA;IACpB,6DAAS,CAAA;IACT,2EAAgB,CAAA;AAClB,CAAC,EALI,cAAc,KAAd,cAAc,QAKlB;AA0ID,MAAM,OAAO,iBAAiB;IAiB5B,YAAY,EACV,MAAM,EACN,GAAG,EACH,QAAQ,EACR,KAAK,EACL,SAAS,EACT,KAAK,EACL,QAAQ,GAST;QAhCO;;;;;WAA+B;QAC/B;;;;mBAAqC;gBAC3C,aAAa,EAAE,WAAW;gBAC1B,QAAQ,EAAE,CAAC,EAAE,SAAS;gBACtB,QAAQ,EAAE,KAAK;gBACf,qBAAqB,EAAE,KAAK;gBAC5B,kBAAkB,EAAE,KAAK;aAC1B;WAAC;QACM;;;;mBAAmB,EAAE;WAAC;QACtB;;;;mBAAmB,IAAI;WAAC;QACxB;;;;mBAA4B,EAAE;WAAC;QAC/B;;;;mBAAgB,EAAE;WAAC;QACnB;;;;mBAAgB,EAAE;WAAC;QACnB;;;;mBAAkC,KAAK;WAAC;QACxC;;;;mBAAmB,CAAC;WAAC;QAmB3B,IAAI,QAAQ,IAAI,WAAW,EAAE,CAAC;YAC5B,MAAM,IAAI,oBAAoB,CAAC,QAAQ,EAAE,WAAW,GAAG,CAAC,CAAC,CAAC;QAC5D,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,gBAAgB,GAAG;YACtB,aAAa,EAAE,6CAA6C,CAC1D,IAAI,CAAC,MAAM,CAAC,KAAK,CAClB;YACD,QAAQ;YACR,kBAAkB,EAAE,IAAI;YACxB,QAAQ,EAAE,KAAK;YACf,qBAAqB,EAAE,KAAK;SAC7B,CAAC;QACF,IAAI,CAAC,WAAW,GAAG,4BAA4B,CAAC,mBAAmB,CAAC;YAClE,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,GAAG,CAAC,SAAS;SACtB,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,SAAS,EAAE,CAAC;YACd,0BAA0B,CAAC,SAAS,CAAC,CAAC;YACtC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC7B,CAAC;QACD,IAAI,KAAK;YAAE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QAC9B,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IACzC,CAAC;IAED,WAAW,CAAC,EAAE,QAAQ,EAAqB;QACzC,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,aAAa,CAAC,EAAE,UAAU,EAA8B;QACtD,qEAAqE;QACrE,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,uBAAuB,CAAC,UAAU,CAAC,CAAC;YAChD,CAAC;YACD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAClC,uBAAuB;YACvB,IAAI,CAAC,gBAAgB,CAAC,QAAQ,GAAG,IAAI,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,8FAA8F;QAC9F,iDAAiD;QACjD,sGAAsG;QACtG,6CAA6C;QAC7C,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,MAAM,IAAI,uBAAuB,CAAC,UAAU,CAAC,CAAC;QAChD,CAAC;QAED,iIAAiI;QACjI,IACE,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,eAAe;YAClD,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,qBAAqB,EACxD,CAAC;YACD,8GAA8G;YAC9G,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC5D,MAAM,IAAI,2BAA2B,CAAC,UAAU,CAAC,CAAC;YACpD,CAAC;YAED,oFAAoF;YACpF,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC;YAC9C,MAAM,iCAAiC,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAC7D,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,eAAe;gBACxC,SAAS,IAAI,CAAC,CAAC,IAAI;gBACnB,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,aAAa,CAAC;gBACnC,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,qBAAqB;oBAC9C,SAAS,IAAI,CAAC,CAAC,IAAI;oBACnB,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,aAAa,CAAC,CACtC,CAAC;YAEF,IAAI,iCAAiC,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAA2B,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAED,iEAAiE;QACjE,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,iBAAiB,EAAE,CAAC;YACzD,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,wBAAwB,CAAC,UAAU,CAAC,CAAC;YACjD,CAAC;YACD,0BAA0B,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtD,IAAI,CAAC,SAAS,GAAG,CAAC,GAAG,IAAI,CAAC,SAAS,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,cAAc,CAAC,EAAE,WAAW,EAAiC;QAC3D,iFAAiF;QACjF,gEAAgE;QAChE,WAAW,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YACjC,IAAI,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sDAAsD;IACtD,KAAK,CAAC,eAAe;QAInB,wCAAwC;QACxC,IAAI,IAAI,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YACxB,IAAI,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBACtC,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YACnE,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,GAAG,SAAS,EAAE,CAAC;gBAC9B,MAAM,IAAI,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,CAAC,KAAK,CAAC,IAAI,CACb,eAAe,CAAC,SAAS,CACvB;gBACE,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,QAAQ;gBACxC,UAAU,EAAE,IAAI,CAAC,QAAQ;gBACzB,UAAU,EAAE,CAAC;aACd,EACD,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CACpD,CACF,CAAC;QACJ,CAAC;QAED,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAEtD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,eAAe,CACzC,IAAI,CAAC,MAAM,CACZ,CAAC,mCAAmC,CAAC;YACpC,QAAQ,EAAE,qBAAqB;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,MAAM,kBAAkB,GAAG,eAAe,CACxC,IAAI,CAAC,MAAM,CACZ,CAAC,qCAAqC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;QAEvD,uEAAuE;QACvE,MAAM,oCAAoC,GAAkB,MAC1D,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GACtC,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE;YACnB,IAAI,EAAE,EAAE;SACT,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5C,OAAO;YACL,SAAS;YACT,oCAAoC;SACrC,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,KAAK,CAAC,UAAU;QACd,iDAAiD;QACjD,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CACxC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAC/B,CAAC;YACF,0CAA0C;YAC1C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC;QACD,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAE7B,OAAO,MAAM,wBAAwB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,uBAAuB,CAAC;YACzE,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,8CAA8C;IAC9C,KAAK,CAAC,kBAAkB;QACtB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAE7B,OAAO;YACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;SAC7B,CAAC;IACJ,CAAC;IAEO,qBAAqB;QAC3B,IACE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,KAAK,KAAK;YACxC,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAC3B,CAAC;YACD,MAAM,IAAI,0BAA0B,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,8CAA8C;IACtC,oBAAoB,CAAC,QAAgB;QAC3C,MAAM,QAAQ,GAAa;YACzB,CAAC,cAAc,CAAC,qBAAqB,CAAC,EAAE,SAAS;YACjD,CAAC,cAAc,CAAC,oBAAoB,CAAC,EAAE,SAAS;YAChD,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,SAAS;YACrC,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,SAAS;SAC7C,CAAC;QAEF,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YACtC,QAAQ,UAAU,CAAC,IAAI,EAAE,CAAC;gBACxB,KAAK,cAAc,CAAC,qBAAqB;oBACvC,gEAAgE;oBAChE,IAAI,QAAQ,CAAC,cAAc,CAAC,qBAAqB,CAAC,KAAK,SAAS,EAAE,CAAC;wBACjE,MAAM,IAAI,gCAAgC,CAAC,UAAU,CAAC,CAAC;oBACzD,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,qBAAqB,CAAC,GAAG;wBAC/C,UAAU,EAAE;4BACV,OAAO,EAAE,uCAAuC,CAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CAClB;4BACD,QAAQ;4BACR,QAAQ,EAAE,QAAQ,CAAC,SAAS;4BAC5B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ;4BACR,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;yBAC9C;qBACF,CAAC;oBACF,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC;oBACnC,MAAM;gBACR,KAAK,cAAc,CAAC,oBAAoB;oBACtC,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;wBAC5C,MAAM,IAAI,gBAAgB,CAAC,UAAU,CAAC,CAAC;oBACzC,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,oBAAoB,CAAC,GAAG;wBAC9C,UAAU,EAAE;4BACV,OAAO,EAAE,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;4BAC5D,QAAQ,EAAE,QAAQ,GAAG,WAAW;4BAChC,QAAQ,EAAE,QAAQ,CAAC,SAAS;4BAC5B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ,EAAE,QAAQ,GAAG,WAAW;4BAChC,MAAM,EAAE;gCACN,oCAAoC;gCACpC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,oBAAoB,CAAC,EAAE,QAAQ;qCACxD,MAAM,IAAI,EAAE,CAAC;gCAChB;oCACE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,OAAO;oCAC/B,oBAAoB,EAAE,KAAK;oCAC3B,kBAAkB,EAAE,IAAI;oCACxB,eAAe,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;oCAClD,SAAS,EAAE,EAAE;iCACd;6BACF;yBACF;qBACF,CAAC;oBACF,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC;oBACnC,oDAAoD;oBACpD,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;wBAC1C,UAAU,EAAE;4BACV,OAAO,EAAE,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;4BAC5D,QAAQ;4BACR,QAAQ,EAAE,QAAQ,CAAC,UAAU;4BAC7B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ;4BACR,MAAM,EAAE;gCACN,oCAAoC;gCACpC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,QAAQ;qCACpD,MAAM,IAAI,EAAE,CAAC;gCAChB;oCACE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,OAAO;oCAC/B,oBAAoB,EAAE,IAAI;oCAC1B,kBAAkB,EAAE,KAAK;oCACzB,eAAe,EAAE,EAAE;oCACnB,SAAS,EAAE,CAAC,sBAAsB,EAAE,uBAAuB,CAAC,EAAE,oBAAoB;iCACnF;6BACF;yBACF;qBACF,CAAC;oBACF,MAAM;gBACR,KAAK,cAAc,CAAC,SAAS;oBAC3B,oEAAoE;oBACpE,IAAI,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC,KAAK,SAAS,EAAE,CAAC;wBACrD,MAAM,IAAI,qBAAqB,CAAC,UAAU,CAAC,CAAC;oBAC9C,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC,GAAG;wBACnC,UAAU,EAAE;4BACV,OAAO,EAAE,uCAAuC,CAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CAClB;4BACD,QAAQ,EAAE,QAAQ,GAAG,WAAW;4BAChC,QAAQ,EAAE,QAAQ,CAAC,UAAU;4BAC7B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ,EAAE,QAAQ,GAAG,WAAW;4BAChC,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;yBAC1C;qBACF,CAAC;oBACF,MAAM;gBACR,KAAK,cAAc,CAAC,eAAe;oBACjC,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;wBAC5C,MAAM,IAAI,gBAAgB,CAAC,UAAU,CAAC,CAAC;oBACzC,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;wBAC1C,UAAU,EAAE;4BACV,OAAO,EAAE,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;4BAC5D,QAAQ;4BACR,QAAQ,EAAE,QAAQ,CAAC,UAAU;4BAC7B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ;4BACR,MAAM,EAAE;gCACN,oCAAoC;gCACpC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,QAAQ;qCACpD,MAAM,IAAI,EAAE,CAAC;gCAChB;oCACE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,OAAO;oCAC/B,oBAAoB,EAAE,KAAK;oCAC3B,kBAAkB,EAAE,KAAK;oCACzB,eAAe,EAAE,EAAE;oCACnB,SAAS,EAAE,EAAE;iCACd;6BACF;yBACF;qBACF,CAAC;oBACF,MAAM;gBACR,KAAK,cAAc,CAAC,iBAAiB;oBACnC,qCAAqC;oBACrC,MAAM;gBACR,KAAK,cAAc,CAAC,0BAA0B;oBAC5C,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC3C,MAAM,IAAI,wBAAwB,CAAC,UAAU,CAAC,CAAC;oBACjD,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;wBAC1C,UAAU,EAAE;4BACV,OAAO,EAAE,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;4BAC5D,QAAQ;4BACR,QAAQ,EAAE,QAAQ,CAAC,UAAU;4BAC7B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ;4BACR,MAAM,EAAE;gCACN,oCAAoC;gCACpC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,QAAQ;qCACpD,MAAM,IAAI,EAAE,CAAC;gCAChB;oCACE,MAAM,EAAE,WAAW;oCACnB,oBAAoB,EAAE,KAAK;oCAC3B,kBAAkB,EAAE,KAAK;oCACzB,eAAe,EAAE,EAAE;oCACnB,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,SAAS;iCACrC;6BACF;yBACF;qBACF,CAAC;oBACF,MAAM;gBACR,KAAK,cAAc,CAAC,qBAAqB;oBACvC,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC3C,MAAM,IAAI,wBAAwB,CAAC,UAAU,CAAC,CAAC;oBACjD,CAAC;oBACD,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;wBAC5C,MAAM,IAAI,gBAAgB,CAAC,UAAU,CAAC,CAAC;oBACzC,CAAC;oBACD,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;wBAC1C,UAAU,EAAE;4BACV,OAAO,EAAE,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;4BAC5D,QAAQ;4BACR,QAAQ,EAAE,QAAQ,CAAC,UAAU;4BAC7B,WAAW,EAAE,IAAI;4BACjB,YAAY,EAAE,KAAK;yBACpB;wBACD,QAAQ,EAAE;4BACR,QAAQ;4BACR,MAAM,EAAE;gCACN,oCAAoC;gCACpC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,QAAQ;qCACpD,MAAM,IAAI,EAAE,CAAC;gCAChB;oCACE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,OAAO;oCAC/B,oBAAoB,EAAE,IAAI;oCAC1B,kBAAkB,EAAE,KAAK;oCACzB,eAAe,EAAE,EAAE;oCACnB,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,SAAS;iCACrC;6BACF;yBACF;qBACF,CAAC;oBACF,MAAM;gBACR,KAAK,cAAc,CAAC,IAAI;oBACtB,2CAA2C;oBAC3C,MAAM;gBACR;oBACE,WAAW,CAAC,UAAU,CAAC,CAAC;YAC5B,CAAC;YAED,6EAA6E;YAC7E,uFAAuF;YACvF,IAAI,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC5D,MAAM,cAAc,GAAoB;oBACtC,wBAAwB;oBACxB,6BAA6B;iBAC9B,CAAC,CAAC,wBAAwB;gBAE3B,kEAAkE;gBAClE,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CACxC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACjD,CAAC;gBAEF,IAAI,CAAC,SAAS,GAAG,CAAC,GAAG,IAAI,CAAC,SAAS,EAAE,GAAG,YAAY,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,QAAQ,CAAC,QAAkB;QACjC,IAAI,QAAQ,CAAC,cAAc,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACnD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,QAAQ,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC,UAAU;gBACrE,QAAQ,EAAE,sBAAsB,CAAC,mBAAmB,CAClD,QAAQ,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC,QAAQ,CACxD;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,cAAc,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAClD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,QAAQ,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAC,UAAU;gBACpE,QAAQ,EAAE,eAAe,CAAC,mBAAmB,CAC3C,QAAQ,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAC,QAAQ,CACvD;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,UAAU;gBACzD,QAAQ,EAAE,sBAAsB,CAAC,mBAAmB,CAClD,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,QAAQ,CAC5C;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC,UAAU;gBAChE,QAAQ,EAAE,eAAe,CAAC,mBAAmB,CAC3C,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CACnD;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;CACF;AAED,MAAM,UAAU,WAAW,CAAC,MAAa;IACvC,MAAM,IAAI,8BAA8B,EAAE,CAAC;AAC7C,CAAC","sourcesContent":["import { maxUint48, toHex, zeroAddress, type Address, type Hex } from \"viem\";\nimport {\n HookType,\n type HookConfig,\n type ValidationConfig,\n} from \"./actions/common/types.js\";\nimport {\n installValidationActions,\n type InstallValidationParams,\n} from \"./actions/install-validation/installValidation.js\";\nimport type { ModularAccountV2Client } from \"./client/client.js\";\nimport {\n deferralActions,\n type DeferredActionTypedData,\n} from \"./actions/deferralActions.js\";\nimport { NativeTokenLimitModule } from \"./modules/native-token-limit-module/module.js\";\nimport {\n getDefaultAllowlistModuleAddress,\n getDefaultNativeTokenLimitModuleAddress,\n getDefaultSingleSignerValidationModuleAddress,\n getDefaultTimeRangeModuleAddress,\n} from \"./modules/utils.js\";\nimport { SingleSignerValidationModule } from \"./modules/single-signer-validation/module.js\";\nimport { AllowlistModule } from \"./modules/allowlist-module/module.js\";\nimport { TimeRangeModule } from \"./modules/time-range-module/module.js\";\nimport {\n AccountAddressAsTargetError,\n DeadlineOverLimitError,\n DuplicateTargetAddressError,\n ExpiredDeadlineError,\n MultipleGasLimitError,\n MultipleNativeTokenTransferError,\n NoFunctionsProvidedError,\n RootPermissionOnlyError,\n SelectorNotAllowed,\n UnsupportedPermissionTypeError,\n ValidationConfigUnsetError,\n ZeroAddressError,\n} from \"./permissionBuilderErrors.js\";\nimport { InvalidEntityIdError } from \"@aa-sdk/core\";\n\n// Reserved offset for hooks that would otherwise collide on shared module storage\n// (ERC20 spend limit vs PREVAL_ALLOWLIST on AllowlistModule; GAS_LIMIT vs\n// NATIVE_TOKEN_TRANSFER on NativeTokenLimitModule). Any user-supplied entityId\n// must be strictly less than this so the offset namespace stays disjoint.\nconst HALF_UINT32 = 2147483647;\nconst ERC20_APPROVE_SELECTOR = \"0x095ea7b3\";\nconst ERC20_TRANSFER_SELECTOR = \"0xa9059cbb\";\nconst ACCOUNT_EXECUTE_SELECTOR = \"0xb61d27f6\";\nconst ACCOUNT_EXECUTEBATCH_SELECTOR = \"0x34fcd5be\";\nconst ACCOUNT_PERFORM_CREATE_SELECTOR = \"0x5998db5c\";\nconst ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR = \"0xf2680c0f\";\nconst ACCOUNT_INSTALL_VALIDATION_SELECTOR = \"0x1bbf564c\";\nconst ACCOUNT_UNINSTALL_VALIDATION_SELECTOR = \"0xb6b1ccfe\";\nconst ACCOUNT_INSTALL_EXECUTION_SELECTOR = \"0x1d37e7d6\";\nconst ACCOUNT_UNINSTALL_EXECUTION_SELECTOR = \"0x0b7cad71\";\nconst ACCOUNT_UPGRADE_TO_AND_CALL_SELECTOR = \"0x4f1ef286\";\n// Wrapped native functions that must not be added to a session key's selector allowlist.\nconst PRIVILEGED_SELECTORS: Record<string, string> = {\n [ACCOUNT_PERFORM_CREATE_SELECTOR]: \"performCreate\",\n [ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR]:\n \"executeWithRuntimeValidation\",\n [ACCOUNT_INSTALL_VALIDATION_SELECTOR]: \"installValidation\",\n [ACCOUNT_UNINSTALL_VALIDATION_SELECTOR]: \"uninstallValidation\",\n [ACCOUNT_INSTALL_EXECUTION_SELECTOR]: \"installExecution\",\n [ACCOUNT_UNINSTALL_EXECUTION_SELECTOR]: \"uninstallExecution\",\n [ACCOUNT_UPGRADE_TO_AND_CALL_SELECTOR]: \"upgradeToAndCall\",\n};\n\n// Auto-added by translatePermissions when a PREVAL_ALLOWLIST hook exists.\n// Blocked from manual addition to ensure they're only added with proper hook context.\nconst SYSTEM_MANAGED_SELECTORS: Record<string, string> = {\n [ACCOUNT_EXECUTE_SELECTOR]: \"execute\",\n [ACCOUNT_EXECUTEBATCH_SELECTOR]: \"executeBatch\",\n};\n\nfunction assertNotForbiddenSelector(selector: Hex): void {\n const normalized = selector.toLowerCase();\n const match =\n PRIVILEGED_SELECTORS[normalized] ?? SYSTEM_MANAGED_SELECTORS[normalized];\n if (match != null) {\n throw new SelectorNotAllowed(match);\n }\n}\n\nfunction assertNoForbiddenSelectors(selectors: Hex[]): void {\n for (const selector of selectors) {\n assertNotForbiddenSelector(selector);\n }\n}\n\nexport enum PermissionType {\n NATIVE_TOKEN_TRANSFER = \"native-token-transfer\",\n ERC20_TOKEN_TRANSFER = \"erc20-token-transfer\",\n // ERC721_TOKEN_TRANSFER = \"erc721-token-transfer\", //Unimplemented\n // ERC1155_TOKEN_TRANSFER = \"erc1155-token-transfer\", //Unimplemented\n GAS_LIMIT = \"gas-limit\",\n // CALL_LIMIT = \"call-limit\", //Unimplemented\n // RATE_LIMIT = \"rate-limit\", //Unimplemented\n CONTRACT_ACCESS = \"contract-access\",\n ACCOUNT_FUNCTIONS = \"account-functions\",\n FUNCTIONS_ON_ALL_CONTRACTS = \"functions-on-all-contracts\",\n FUNCTIONS_ON_CONTRACT = \"functions-on-contract\",\n ROOT = \"root\",\n}\n\nenum HookIdentifier {\n NATIVE_TOKEN_TRANSFER,\n ERC20_TOKEN_TRANSFER,\n GAS_LIMIT,\n PREVAL_ALLOWLIST, // aggregate of CONTRACT_ACCESS, ACCOUNT_FUNCTIONS, FUNCTIONS_ON_ALL_CONTRACTS, FUNCTIONS_ON_CONTRACT\n}\n\ntype PreExecutionHookConfig = {\n address: Address;\n entityId: number;\n hookType: HookType.EXECUTION;\n hasPreHooks: true;\n hasPostHooks: false;\n};\n\ntype PreValidationHookConfig = {\n address: Address;\n entityId: number;\n hookType: HookType.VALIDATION;\n hasPreHooks: true;\n hasPostHooks: false;\n};\n\ntype RawHooks = {\n [HookIdentifier.NATIVE_TOKEN_TRANSFER]:\n | {\n hookConfig: PreExecutionHookConfig;\n initData: {\n entityId: number;\n spendLimit: bigint;\n };\n }\n | undefined;\n [HookIdentifier.ERC20_TOKEN_TRANSFER]:\n | {\n hookConfig: PreExecutionHookConfig;\n initData: {\n entityId: number;\n inputs: Array<{\n target: Address;\n hasSelectorAllowlist: boolean;\n hasERC20SpendLimit: boolean;\n erc20SpendLimit: bigint;\n selectors: Array<Hex>;\n }>;\n };\n }\n | undefined;\n [HookIdentifier.GAS_LIMIT]:\n | {\n hookConfig: PreValidationHookConfig;\n initData: {\n entityId: number;\n spendLimit: bigint;\n };\n }\n | undefined;\n [HookIdentifier.PREVAL_ALLOWLIST]:\n | {\n hookConfig: PreValidationHookConfig;\n\n initData: {\n entityId: number;\n inputs: Array<{\n target: Address;\n hasSelectorAllowlist: boolean;\n hasERC20SpendLimit: boolean;\n erc20SpendLimit: bigint;\n selectors: Array<Hex>;\n }>;\n };\n }\n | undefined;\n};\n\ntype Key = {\n publicKey: Hex;\n type: \"secp256k1\" | \"contract\";\n};\n\nexport type Permission =\n | {\n // this permission allows transfer of native tokens from the account\n type: PermissionType.NATIVE_TOKEN_TRANSFER;\n data: {\n allowance: Hex;\n };\n }\n | {\n // this permission allows transfer or approval of erc20 tokens from the account\n type: PermissionType.ERC20_TOKEN_TRANSFER;\n data: {\n address: Address; // erc20 token contract address\n allowance: Hex;\n };\n }\n | {\n // this permissions allows the key to spend gas for UOs\n type: PermissionType.GAS_LIMIT;\n data: {\n limit: Hex;\n };\n }\n | {\n // this permission grants access to all functions in a contract\n type: PermissionType.CONTRACT_ACCESS;\n data: {\n address: Address;\n };\n }\n | {\n // this permission grants access to functions in the account\n type: PermissionType.ACCOUNT_FUNCTIONS;\n data: {\n functions: Hex[]; // function signatures\n };\n }\n | {\n // this permission grants access to a function selector in any address or contract\n type: PermissionType.FUNCTIONS_ON_ALL_CONTRACTS;\n data: {\n functions: Hex[]; // function signatures\n };\n }\n | {\n // this permission grants access to specified functions on a specific contract\n type: PermissionType.FUNCTIONS_ON_CONTRACT;\n data: {\n address: Address;\n functions: Hex[];\n };\n }\n | {\n // this permission grants full access to everything\n type: PermissionType.ROOT;\n data?: never;\n };\n\ntype Hook = {\n hookConfig: HookConfig;\n initData: Hex;\n};\n\nexport class PermissionBuilder {\n private client: ModularAccountV2Client;\n private validationConfig: ValidationConfig = {\n moduleAddress: zeroAddress,\n entityId: 0, // uint32\n isGlobal: false,\n isSignatureValidation: false,\n isUserOpValidation: false,\n };\n private selectors: Hex[] = [];\n private installData: Hex = \"0x\";\n private permissions: Permission[] = [];\n private hooks: Hook[] = [];\n private nonce: bigint = 0n;\n private hasAssociatedExecHooks: boolean = false;\n private deadline: number = 0;\n\n constructor({\n client,\n key,\n entityId,\n nonce,\n selectors,\n hooks,\n deadline,\n }: {\n client: ModularAccountV2Client;\n key: Key;\n entityId: number;\n nonce: bigint;\n selectors?: Hex[];\n hooks?: Hook[];\n deadline?: number;\n }) {\n if (entityId >= HALF_UINT32) {\n throw new InvalidEntityIdError(entityId, HALF_UINT32 - 1);\n }\n\n this.client = client;\n this.validationConfig = {\n moduleAddress: getDefaultSingleSignerValidationModuleAddress(\n this.client.chain,\n ),\n entityId,\n isUserOpValidation: true,\n isGlobal: false,\n isSignatureValidation: false,\n };\n this.installData = SingleSignerValidationModule.encodeOnInstallData({\n entityId: entityId,\n signer: key.publicKey,\n });\n this.nonce = nonce;\n if (selectors) {\n assertNoForbiddenSelectors(selectors);\n this.selectors = selectors;\n }\n if (hooks) this.hooks = hooks;\n if (deadline) this.deadline = deadline;\n }\n\n addSelector({ selector }: { selector: Hex }): this {\n assertNotForbiddenSelector(selector);\n this.selectors.push(selector);\n return this;\n }\n\n addPermission({ permission }: { permission: Permission }): this {\n // Check 1: If we're adding root, we can't have any other permissions\n if (permission.type === PermissionType.ROOT) {\n if (this.permissions.length !== 0) {\n throw new RootPermissionOnlyError(permission);\n }\n this.permissions.push(permission);\n // Set isGlobal to true\n this.validationConfig.isGlobal = true;\n return this;\n }\n\n // Check 2: If the permission is NOT ROOT (guaranteed), ensure there is no ROOT permission set\n // Will resolve to undefined if ROOT is not found\n // NOTE: Technically this could be replaced by checking permissions[0] since it should not be possible\n // to have >1 permission with root among them\n if (this.permissions.find((p) => p.type === PermissionType.ROOT)) {\n throw new RootPermissionOnlyError(permission);\n }\n\n // Check 3: If the permission is either CONTRACT_ACCESS or FUNCTIONS_ON_CONTRACT, ensure it doesn't collide with another like it.\n if (\n permission.type === PermissionType.CONTRACT_ACCESS ||\n permission.type === PermissionType.FUNCTIONS_ON_CONTRACT\n ) {\n // Check 3.1: address must not be the account address, or the user should use the ACCOUNT_FUNCTIONS permission\n if (permission.data.address === this.client.account.address) {\n throw new AccountAddressAsTargetError(permission);\n }\n\n // Check 3.2: there must not be an existing permission with this address as a target\n const targetAddress = permission.data.address;\n const existingPermissionWithSameAddress = this.permissions.find(\n (p) =>\n (p.type === PermissionType.CONTRACT_ACCESS &&\n \"address\" in p.data &&\n p.data.address === targetAddress) ||\n (p.type === PermissionType.FUNCTIONS_ON_CONTRACT &&\n \"address\" in p.data &&\n p.data.address === targetAddress),\n );\n\n if (existingPermissionWithSameAddress) {\n throw new DuplicateTargetAddressError(permission, targetAddress);\n }\n }\n\n // Check 4: If the permission is ACCOUNT_FUNCTIONS, add selectors\n if (permission.type === PermissionType.ACCOUNT_FUNCTIONS) {\n if (permission.data.functions.length === 0) {\n throw new NoFunctionsProvidedError(permission);\n }\n assertNoForbiddenSelectors(permission.data.functions);\n this.selectors = [...this.selectors, ...permission.data.functions];\n }\n\n this.permissions.push(permission);\n return this;\n }\n\n addPermissions({ permissions }: { permissions: Permission[] }): this {\n // We could validate each permission here, but for simplicity we'll just add them\n // A better approach would be to call addPermission for each one\n permissions.forEach((permission) => {\n this.addPermission({ permission });\n });\n return this;\n }\n\n // Use for building deferred action typed data to sign\n async compileDeferred(): Promise<{\n typedData: DeferredActionTypedData;\n fullPreSignatureDeferredActionDigest: Hex;\n }> {\n // Add time range module hook via expiry\n if (this.deadline !== 0) {\n if (this.deadline < Date.now() / 1000) {\n throw new ExpiredDeadlineError(this.deadline, Date.now() / 1000);\n }\n if (this.deadline > maxUint48) {\n throw new DeadlineOverLimitError(this.deadline);\n }\n\n this.hooks.push(\n TimeRangeModule.buildHook(\n {\n entityId: this.validationConfig.entityId,\n validUntil: this.deadline,\n validAfter: 0,\n },\n getDefaultTimeRangeModuleAddress(this.client.chain),\n ),\n );\n }\n\n const installValidationCall = await this.compileRaw();\n\n const { typedData } = await deferralActions(\n this.client,\n ).createDeferredActionTypedDataObject({\n callData: installValidationCall,\n deadline: this.deadline,\n nonce: this.nonce,\n });\n\n const preSignatureDigest = deferralActions(\n this.client,\n ).buildPreSignatureDeferredActionDigest({ typedData });\n\n // Encode additional information to build the full pre-signature digest\n const fullPreSignatureDeferredActionDigest: `0x${string}` = `0x0${\n this.hasAssociatedExecHooks ? \"1\" : \"0\"\n }${toHex(this.nonce, {\n size: 32,\n }).slice(2)}${preSignatureDigest.slice(2)}`;\n\n return {\n typedData,\n fullPreSignatureDeferredActionDigest,\n };\n }\n\n // Use for direct `installValidation()` low-level calls (maybe useless)\n async compileRaw(): Promise<Hex> {\n // Translate all permissions into raw hooks if >0\n if (this.permissions.length > 0) {\n const rawHooks = this.translatePermissions(\n this.validationConfig.entityId,\n );\n // Add the translated permissions as hooks\n this.addHooks(rawHooks);\n }\n this.validateConfiguration();\n\n return await installValidationActions(this.client).encodeInstallValidation({\n validationConfig: this.validationConfig,\n selectors: this.selectors,\n installData: this.installData,\n hooks: this.hooks,\n account: this.client.account,\n });\n }\n\n // Use for compiling args to installValidation\n async compileInstallArgs(): Promise<InstallValidationParams> {\n this.validateConfiguration();\n\n return {\n validationConfig: this.validationConfig,\n selectors: this.selectors,\n installData: this.installData,\n hooks: this.hooks,\n account: this.client.account,\n };\n }\n\n private validateConfiguration(): void {\n if (\n this.validationConfig.isGlobal === false &&\n this.selectors.length === 0\n ) {\n throw new ValidationConfigUnsetError();\n }\n }\n\n // Used to translate consolidated permissions into raw unencoded hooks\n // Note entityId will be a member object later\n private translatePermissions(entityId: number): RawHooks {\n const rawHooks: RawHooks = {\n [HookIdentifier.NATIVE_TOKEN_TRANSFER]: undefined,\n [HookIdentifier.ERC20_TOKEN_TRANSFER]: undefined,\n [HookIdentifier.GAS_LIMIT]: undefined,\n [HookIdentifier.PREVAL_ALLOWLIST]: undefined,\n };\n\n this.permissions.forEach((permission) => {\n switch (permission.type) {\n case PermissionType.NATIVE_TOKEN_TRANSFER:\n // Should never be added twice, check is on addPermission(s) too\n if (rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER] !== undefined) {\n throw new MultipleNativeTokenTransferError(permission);\n }\n rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER] = {\n hookConfig: {\n address: getDefaultNativeTokenLimitModuleAddress(\n this.client.chain,\n ),\n entityId,\n hookType: HookType.EXECUTION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId,\n spendLimit: BigInt(permission.data.allowance),\n },\n };\n this.hasAssociatedExecHooks = true;\n break;\n case PermissionType.ERC20_TOKEN_TRANSFER:\n if (permission.data.address === zeroAddress) {\n throw new ZeroAddressError(permission);\n }\n rawHooks[HookIdentifier.ERC20_TOKEN_TRANSFER] = {\n hookConfig: {\n address: getDefaultAllowlistModuleAddress(this.client.chain),\n entityId: entityId + HALF_UINT32,\n hookType: HookType.EXECUTION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId: entityId + HALF_UINT32,\n inputs: [\n // Add previous inputs if they exist\n ...(rawHooks[HookIdentifier.ERC20_TOKEN_TRANSFER]?.initData\n .inputs || []),\n {\n target: permission.data.address,\n hasSelectorAllowlist: false,\n hasERC20SpendLimit: true,\n erc20SpendLimit: BigInt(permission.data.allowance),\n selectors: [],\n },\n ],\n },\n };\n this.hasAssociatedExecHooks = true;\n // Also allow `approve` and `transfer` for the erc20\n rawHooks[HookIdentifier.PREVAL_ALLOWLIST] = {\n hookConfig: {\n address: getDefaultAllowlistModuleAddress(this.client.chain),\n entityId,\n hookType: HookType.VALIDATION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId,\n inputs: [\n // Add previous inputs if they exist\n ...(rawHooks[HookIdentifier.PREVAL_ALLOWLIST]?.initData\n .inputs || []),\n {\n target: permission.data.address,\n hasSelectorAllowlist: true,\n hasERC20SpendLimit: false,\n erc20SpendLimit: 0n,\n selectors: [ERC20_APPROVE_SELECTOR, ERC20_TRANSFER_SELECTOR], // approve, transfer\n },\n ],\n },\n };\n break;\n case PermissionType.GAS_LIMIT:\n // Should only ever be added once, check is also on addPermission(s)\n if (rawHooks[HookIdentifier.GAS_LIMIT] !== undefined) {\n throw new MultipleGasLimitError(permission);\n }\n rawHooks[HookIdentifier.GAS_LIMIT] = {\n hookConfig: {\n address: getDefaultNativeTokenLimitModuleAddress(\n this.client.chain,\n ),\n entityId: entityId + HALF_UINT32,\n hookType: HookType.VALIDATION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId: entityId + HALF_UINT32,\n spendLimit: BigInt(permission.data.limit),\n },\n };\n break;\n case PermissionType.CONTRACT_ACCESS:\n if (permission.data.address === zeroAddress) {\n throw new ZeroAddressError(permission);\n }\n rawHooks[HookIdentifier.PREVAL_ALLOWLIST] = {\n hookConfig: {\n address: getDefaultAllowlistModuleAddress(this.client.chain),\n entityId,\n hookType: HookType.VALIDATION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId,\n inputs: [\n // Add previous inputs if they exist\n ...(rawHooks[HookIdentifier.PREVAL_ALLOWLIST]?.initData\n .inputs || []),\n {\n target: permission.data.address,\n hasSelectorAllowlist: false,\n hasERC20SpendLimit: false,\n erc20SpendLimit: 0n,\n selectors: [],\n },\n ],\n },\n };\n break;\n case PermissionType.ACCOUNT_FUNCTIONS:\n // This is handled in add permissions\n break;\n case PermissionType.FUNCTIONS_ON_ALL_CONTRACTS:\n if (permission.data.functions.length === 0) {\n throw new NoFunctionsProvidedError(permission);\n }\n rawHooks[HookIdentifier.PREVAL_ALLOWLIST] = {\n hookConfig: {\n address: getDefaultAllowlistModuleAddress(this.client.chain),\n entityId,\n hookType: HookType.VALIDATION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId,\n inputs: [\n // Add previous inputs if they exist\n ...(rawHooks[HookIdentifier.PREVAL_ALLOWLIST]?.initData\n .inputs || []),\n {\n target: zeroAddress,\n hasSelectorAllowlist: false,\n hasERC20SpendLimit: false,\n erc20SpendLimit: 0n,\n selectors: permission.data.functions,\n },\n ],\n },\n };\n break;\n case PermissionType.FUNCTIONS_ON_CONTRACT:\n if (permission.data.functions.length === 0) {\n throw new NoFunctionsProvidedError(permission);\n }\n if (permission.data.address === zeroAddress) {\n throw new ZeroAddressError(permission);\n }\n rawHooks[HookIdentifier.PREVAL_ALLOWLIST] = {\n hookConfig: {\n address: getDefaultAllowlistModuleAddress(this.client.chain),\n entityId,\n hookType: HookType.VALIDATION,\n hasPreHooks: true,\n hasPostHooks: false,\n },\n initData: {\n entityId,\n inputs: [\n // Add previous inputs if they exist\n ...(rawHooks[HookIdentifier.PREVAL_ALLOWLIST]?.initData\n .inputs || []),\n {\n target: permission.data.address,\n hasSelectorAllowlist: true,\n hasERC20SpendLimit: false,\n erc20SpendLimit: 0n,\n selectors: permission.data.functions,\n },\n ],\n },\n };\n break;\n case PermissionType.ROOT:\n // Root permission handled in addPermission\n break;\n default:\n assertNever(permission);\n }\n\n // isGlobal guaranteed to be false since it's only set with root permissions,\n // we must add access to execute & executeBatch if there's a preVal allowlist hook set.\n if (rawHooks[HookIdentifier.PREVAL_ALLOWLIST] !== undefined) {\n const selectorsToAdd: `0x${string}`[] = [\n ACCOUNT_EXECUTE_SELECTOR,\n ACCOUNT_EXECUTEBATCH_SELECTOR,\n ]; // execute, executeBatch\n\n // Only add the selectors if they aren't already in this.selectors\n const newSelectors = selectorsToAdd.filter(\n (selector) => !this.selectors.includes(selector),\n );\n\n this.selectors = [...this.selectors, ...newSelectors];\n }\n });\n\n return rawHooks;\n }\n\n private addHooks(rawHooks: RawHooks) {\n if (rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER]) {\n this.hooks.push({\n hookConfig: rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER].hookConfig,\n initData: NativeTokenLimitModule.encodeOnInstallData(\n rawHooks[HookIdentifier.NATIVE_TOKEN_TRANSFER].initData,\n ),\n });\n }\n\n if (rawHooks[HookIdentifier.ERC20_TOKEN_TRANSFER]) {\n this.hooks.push({\n hookConfig: rawHooks[HookIdentifier.ERC20_TOKEN_TRANSFER].hookConfig,\n initData: AllowlistModule.encodeOnInstallData(\n rawHooks[HookIdentifier.ERC20_TOKEN_TRANSFER].initData,\n ),\n });\n }\n\n if (rawHooks[HookIdentifier.GAS_LIMIT]) {\n this.hooks.push({\n hookConfig: rawHooks[HookIdentifier.GAS_LIMIT].hookConfig,\n initData: NativeTokenLimitModule.encodeOnInstallData(\n rawHooks[HookIdentifier.GAS_LIMIT].initData,\n ),\n });\n }\n\n if (rawHooks[HookIdentifier.PREVAL_ALLOWLIST]) {\n this.hooks.push({\n hookConfig: rawHooks[HookIdentifier.PREVAL_ALLOWLIST].hookConfig,\n initData: AllowlistModule.encodeOnInstallData(\n rawHooks[HookIdentifier.PREVAL_ALLOWLIST].initData,\n ),\n });\n }\n }\n}\n\nexport function assertNever(_valid: never): never {\n throw new UnsupportedPermissionTypeError();\n}\n"]}
package/dist/types/src/ma-v2/permissionBuilder.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"permissionBuilder.d.ts","sourceRoot":"","sources":["../../../../src/ma-v2/permissionBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiC,KAAK,OAAO,EAAE,KAAK,GAAG,EAAE,MAAM,MAAM,CAAC;AAC7E,OAAO,EAEL,KAAK,UAAU,EAEhB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,KAAK,uBAAuB,EAC7B,MAAM,mDAAmD,CAAC;AAC3D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAEL,KAAK,uBAAuB,EAC7B,MAAM,8BAA8B,CAAC;AAmCtC,oBAAY,cAAc;IACxB,qBAAqB,0BAA0B;IAC/C,oBAAoB,yBAAyB;IAG7C,SAAS,cAAc;IAGvB,eAAe,oBAAoB;IACnC,iBAAiB,sBAAsB;IACvC,0BAA0B,+BAA+B;IACzD,qBAAqB,0BAA0B;IAC/C,IAAI,SAAS;CACd;AA6ED,KAAK,GAAG,GAAG;IACT,SAAS,EAAE,GAAG,CAAC;IACf,IAAI,EAAE,WAAW,GAAG,UAAU,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,UAAU,GAClB;IAEE,IAAI,EAAE,cAAc,CAAC,qBAAqB,CAAC;IAC3C,IAAI,EAAE;QACJ,SAAS,EAAE,GAAG,CAAC;KAChB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,oBAAoB,CAAC;IAC1C,IAAI,EAAE;QACJ,OAAO,EAAE,OAAO,CAAC;QACjB,SAAS,EAAE,GAAG,CAAC;KAChB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,SAAS,CAAC;IAC/B,IAAI,EAAE;QACJ,KAAK,EAAE,GAAG,CAAC;KACZ,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,eAAe,CAAC;IACrC,IAAI,EAAE;QACJ,OAAO,EAAE,OAAO,CAAC;KAClB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,iBAAiB,CAAC;IACvC,IAAI,EAAE;QACJ,SAAS,EAAE,GAAG,EAAE,CAAC;KAClB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,0BAA0B,CAAC;IAChD,IAAI,EAAE;QACJ,SAAS,EAAE,GAAG,EAAE,CAAC;KAClB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,qBAAqB,CAAC;IAC3C,IAAI,EAAE;QACJ,OAAO,EAAE,OAAO,CAAC;QACjB,SAAS,EAAE,GAAG,EAAE,CAAC;KAClB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC;IAC1B,IAAI,CAAC,EAAE,KAAK,CAAC;CACd,CAAC;AAEN,KAAK,IAAI,GAAG;IACV,UAAU,EAAE,UAAU,CAAC;IACvB,QAAQ,EAAE,GAAG,CAAC;CACf,CAAC;AAEF,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAyB;IACvC,OAAO,CAAC,gBAAgB,CAMtB;IACF,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,WAAW,CAAa;IAChC,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,sBAAsB,CAAkB;IAChD,OAAO,CAAC,QAAQ,CAAa;gBAEjB,EACV,MAAM,EACN,GAAG,EACH,QAAQ,EACR,KAAK,EACL,SAAS,EACT,KAAK,EACL,QAAQ,GACT,EAAE;QACD,MAAM,EAAE,sBAAsB,CAAC;QAC/B,GAAG,EAAE,GAAG,CAAC;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC;QAClB,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAqBD,WAAW,CAAC,EAAE,QAAQ,EAAE,EAAE;QAAE,QAAQ,EAAE,GAAG,CAAA;KAAE,GAAG,IAAI;IAWlD,aAAa,CAAC,EAAE,UAAU,EAAE,EAAE;QAAE,UAAU,EAAE,UAAU,CAAA;KAAE,GAAG,IAAI;IA6E/D,cAAc,CAAC,EAAE,WAAW,EAAE,EAAE;QAAE,WAAW,EAAE,UAAU,EAAE,CAAA;KAAE,GAAG,IAAI;IAU9D,eAAe,IAAI,OAAO,CAAC;QAC/B,SAAS,EAAE,uBAAuB,CAAC;QACnC,oCAAoC,EAAE,GAAG,CAAC;KAC3C,CAAC;IAkDI,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC;IAqB1B,kBAAkB,IAAI,OAAO,CAAC,uBAAuB,CAAC;IAY5D,OAAO,CAAC,qBAAqB;IAW7B,OAAO,CAAC,oBAAoB;IAoO5B,OAAO,CAAC,QAAQ;CAqCjB;AAED,wBAAgB,WAAW,CAAC,MAAM,EAAE,KAAK,GAAG,KAAK,CAEhD"}
1
+ {"version":3,"file":"permissionBuilder.d.ts","sourceRoot":"","sources":["../../../../src/ma-v2/permissionBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiC,KAAK,OAAO,EAAE,KAAK,GAAG,EAAE,MAAM,MAAM,CAAC;AAC7E,OAAO,EAEL,KAAK,UAAU,EAEhB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,KAAK,uBAAuB,EAC7B,MAAM,mDAAmD,CAAC;AAC3D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAEL,KAAK,uBAAuB,EAC7B,MAAM,8BAA8B,CAAC;AA6EtC,oBAAY,cAAc;IACxB,qBAAqB,0BAA0B;IAC/C,oBAAoB,yBAAyB;IAG7C,SAAS,cAAc;IAGvB,eAAe,oBAAoB;IACnC,iBAAiB,sBAAsB;IACvC,0BAA0B,+BAA+B;IACzD,qBAAqB,0BAA0B;IAC/C,IAAI,SAAS;CACd;AA6ED,KAAK,GAAG,GAAG;IACT,SAAS,EAAE,GAAG,CAAC;IACf,IAAI,EAAE,WAAW,GAAG,UAAU,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,UAAU,GAClB;IAEE,IAAI,EAAE,cAAc,CAAC,qBAAqB,CAAC;IAC3C,IAAI,EAAE;QACJ,SAAS,EAAE,GAAG,CAAC;KAChB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,oBAAoB,CAAC;IAC1C,IAAI,EAAE;QACJ,OAAO,EAAE,OAAO,CAAC;QACjB,SAAS,EAAE,GAAG,CAAC;KAChB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,SAAS,CAAC;IAC/B,IAAI,EAAE;QACJ,KAAK,EAAE,GAAG,CAAC;KACZ,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,eAAe,CAAC;IACrC,IAAI,EAAE;QACJ,OAAO,EAAE,OAAO,CAAC;KAClB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,iBAAiB,CAAC;IACvC,IAAI,EAAE;QACJ,SAAS,EAAE,GAAG,EAAE,CAAC;KAClB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,0BAA0B,CAAC;IAChD,IAAI,EAAE;QACJ,SAAS,EAAE,GAAG,EAAE,CAAC;KAClB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,qBAAqB,CAAC;IAC3C,IAAI,EAAE;QACJ,OAAO,EAAE,OAAO,CAAC;QACjB,SAAS,EAAE,GAAG,EAAE,CAAC;KAClB,CAAC;CACH,GACD;IAEE,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC;IAC1B,IAAI,CAAC,EAAE,KAAK,CAAC;CACd,CAAC;AAEN,KAAK,IAAI,GAAG;IACV,UAAU,EAAE,UAAU,CAAC;IACvB,QAAQ,EAAE,GAAG,CAAC;CACf,CAAC;AAEF,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAyB;IACvC,OAAO,CAAC,gBAAgB,CAMtB;IACF,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,WAAW,CAAa;IAChC,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,sBAAsB,CAAkB;IAChD,OAAO,CAAC,QAAQ,CAAa;gBAEjB,EACV,MAAM,EACN,GAAG,EACH,QAAQ,EACR,KAAK,EACL,SAAS,EACT,KAAK,EACL,QAAQ,GACT,EAAE;QACD,MAAM,EAAE,sBAAsB,CAAC;QAC/B,GAAG,EAAE,GAAG,CAAC;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC;QAClB,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IA4BD,WAAW,CAAC,EAAE,QAAQ,EAAE,EAAE;QAAE,QAAQ,EAAE,GAAG,CAAA;KAAE,GAAG,IAAI;IAMlD,aAAa,CAAC,EAAE,UAAU,EAAE,EAAE;QAAE,UAAU,EAAE,UAAU,CAAA;KAAE,GAAG,IAAI;IA4D/D,cAAc,CAAC,EAAE,WAAW,EAAE,EAAE;QAAE,WAAW,EAAE,UAAU,EAAE,CAAA;KAAE,GAAG,IAAI;IAU9D,eAAe,IAAI,OAAO,CAAC;QAC/B,SAAS,EAAE,uBAAuB,CAAC;QACnC,oCAAoC,EAAE,GAAG,CAAC;KAC3C,CAAC;IAkDI,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC;IAqB1B,kBAAkB,IAAI,OAAO,CAAC,uBAAuB,CAAC;IAY5D,OAAO,CAAC,qBAAqB;IAW7B,OAAO,CAAC,oBAAoB;IAoO5B,OAAO,CAAC,QAAQ;CAqCjB;AAED,wBAAgB,WAAW,CAAC,MAAM,EAAE,KAAK,GAAG,KAAK,CAEhD"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@account-kit/smart-contracts",
3
- "version": "4.88.1",
3
+ "version": "4.88.3",
4
4
  "description": "aa-sdk compatible interfaces for Alchemy Smart Accounts",
5
5
  "author": "Alchemy",
6
6
  "license": "MIT",
@@ -51,7 +51,7 @@
51
51
  "test:run": "vitest run"
52
52
  },
53
53
  "devDependencies": {
54
- "@account-kit/plugingen": "^4.88.1",
54
+ "@account-kit/plugingen": "^4.88.3",
55
55
  "change-case": "^5.1.2",
56
56
  "dedent": "^1.5.1",
57
57
  "dotenv": "^16.3.1",
@@ -69,10 +69,10 @@
69
69
  "url": "https://github.com/alchemyplatform/aa-sdk/issues"
70
70
  },
71
71
  "homepage": "https://github.com/alchemyplatform/aa-sdk#readme",
72
- "gitHead": "259f9c16881b3b3963a8dcd10a0e0efc4952e1d8",
72
+ "gitHead": "0af3855cf3dab96ee97ee95b4d4939ce67ac632d",
73
73
  "dependencies": {
74
- "@aa-sdk/core": "^4.88.1",
75
- "@account-kit/infra": "^4.88.1",
74
+ "@aa-sdk/core": "^4.88.3",
75
+ "@account-kit/infra": "^4.88.3",
76
76
  "webauthn-p256": "^0.0.10"
77
77
  },
78
78
  "peerDependencies": {
package/src/ma-v2/permissionBuilder.ts CHANGED
@@ -37,8 +37,12 @@ import {
37
37
  ValidationConfigUnsetError,
38
38
  ZeroAddressError,
39
39
  } from "./permissionBuilderErrors.js";
40
+ import { InvalidEntityIdError } from "@aa-sdk/core";
40
41
 
41
- // We use this to offset the ERC20 spend limit entityId
42
+ // Reserved offset for hooks that would otherwise collide on shared module storage
43
+ // (ERC20 spend limit vs PREVAL_ALLOWLIST on AllowlistModule; GAS_LIMIT vs
44
+ // NATIVE_TOKEN_TRANSFER on NativeTokenLimitModule). Any user-supplied entityId
45
+ // must be strictly less than this so the offset namespace stays disjoint.
42
46
  const HALF_UINT32 = 2147483647;
43
47
  const ERC20_APPROVE_SELECTOR = "0x095ea7b3";
44
48
  const ERC20_TRANSFER_SELECTOR = "0xa9059cbb";
@@ -46,6 +50,44 @@ const ACCOUNT_EXECUTE_SELECTOR = "0xb61d27f6";
46
50
  const ACCOUNT_EXECUTEBATCH_SELECTOR = "0x34fcd5be";
47
51
  const ACCOUNT_PERFORM_CREATE_SELECTOR = "0x5998db5c";
48
52
  const ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR = "0xf2680c0f";
53
+ const ACCOUNT_INSTALL_VALIDATION_SELECTOR = "0x1bbf564c";
54
+ const ACCOUNT_UNINSTALL_VALIDATION_SELECTOR = "0xb6b1ccfe";
55
+ const ACCOUNT_INSTALL_EXECUTION_SELECTOR = "0x1d37e7d6";
56
+ const ACCOUNT_UNINSTALL_EXECUTION_SELECTOR = "0x0b7cad71";
57
+ const ACCOUNT_UPGRADE_TO_AND_CALL_SELECTOR = "0x4f1ef286";
58
+ // Wrapped native functions that must not be added to a session key's selector allowlist.
59
+ const PRIVILEGED_SELECTORS: Record<string, string> = {
60
+ [ACCOUNT_PERFORM_CREATE_SELECTOR]: "performCreate",
61
+ [ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR]:
62
+ "executeWithRuntimeValidation",
63
+ [ACCOUNT_INSTALL_VALIDATION_SELECTOR]: "installValidation",
64
+ [ACCOUNT_UNINSTALL_VALIDATION_SELECTOR]: "uninstallValidation",
65
+ [ACCOUNT_INSTALL_EXECUTION_SELECTOR]: "installExecution",
66
+ [ACCOUNT_UNINSTALL_EXECUTION_SELECTOR]: "uninstallExecution",
67
+ [ACCOUNT_UPGRADE_TO_AND_CALL_SELECTOR]: "upgradeToAndCall",
68
+ };
69
+
70
+ // Auto-added by translatePermissions when a PREVAL_ALLOWLIST hook exists.
71
+ // Blocked from manual addition to ensure they're only added with proper hook context.
72
+ const SYSTEM_MANAGED_SELECTORS: Record<string, string> = {
73
+ [ACCOUNT_EXECUTE_SELECTOR]: "execute",
74
+ [ACCOUNT_EXECUTEBATCH_SELECTOR]: "executeBatch",
75
+ };
76
+
77
+ function assertNotForbiddenSelector(selector: Hex): void {
78
+ const normalized = selector.toLowerCase();
79
+ const match =
80
+ PRIVILEGED_SELECTORS[normalized] ?? SYSTEM_MANAGED_SELECTORS[normalized];
81
+ if (match != null) {
82
+ throw new SelectorNotAllowed(match);
83
+ }
84
+ }
85
+
86
+ function assertNoForbiddenSelectors(selectors: Hex[]): void {
87
+ for (const selector of selectors) {
88
+ assertNotForbiddenSelector(selector);
89
+ }
90
+ }
49
91
 
50
92
  export enum PermissionType {
51
93
  NATIVE_TOKEN_TRANSFER = "native-token-transfer",
@@ -239,6 +281,10 @@ export class PermissionBuilder {
239
281
  hooks?: Hook[];
240
282
  deadline?: number;
241
283
  }) {
284
+ if (entityId >= HALF_UINT32) {
285
+ throw new InvalidEntityIdError(entityId, HALF_UINT32 - 1);
286
+ }
287
+
242
288
  this.client = client;
243
289
  this.validationConfig = {
244
290
  moduleAddress: getDefaultSingleSignerValidationModuleAddress(
@@ -254,18 +300,16 @@ export class PermissionBuilder {
254
300
  signer: key.publicKey,
255
301
  });
256
302
  this.nonce = nonce;
257
- if (selectors) this.selectors = selectors;
303
+ if (selectors) {
304
+ assertNoForbiddenSelectors(selectors);
305
+ this.selectors = selectors;
306
+ }
258
307
  if (hooks) this.hooks = hooks;
259
308
  if (deadline) this.deadline = deadline;
260
309
  }
261
310
 
262
311
  addSelector({ selector }: { selector: Hex }): this {
263
- if (selector === ACCOUNT_PERFORM_CREATE_SELECTOR) {
264
- throw new SelectorNotAllowed("performCreate");
265
- }
266
- if (selector === ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR) {
267
- throw new SelectorNotAllowed("executeWithRuntimeValidation");
268
- }
312
+ assertNotForbiddenSelector(selector);
269
313
  this.selectors.push(selector);
270
314
  return this;
271
315
  }
@@ -322,24 +366,7 @@ export class PermissionBuilder {
322
366
  if (permission.data.functions.length === 0) {
323
367
  throw new NoFunctionsProvidedError(permission);
324
368
  }
325
- // Explicitly disallow adding execute, executeBatch, performCreate, and executeWithRuntimeValidation
326
- if (permission.data.functions.includes(ACCOUNT_EXECUTE_SELECTOR)) {
327
- throw new SelectorNotAllowed("execute");
328
- } else if (
329
- permission.data.functions.includes(ACCOUNT_EXECUTEBATCH_SELECTOR)
330
- ) {
331
- throw new SelectorNotAllowed("executeBatch");
332
- } else if (
333
- permission.data.functions.includes(ACCOUNT_PERFORM_CREATE_SELECTOR)
334
- ) {
335
- throw new SelectorNotAllowed("performCreate");
336
- } else if (
337
- permission.data.functions.includes(
338
- ACCOUNT_EXECUTE_WITH_RUNTIME_VALIDATION_SELECTOR,
339
- )
340
- ) {
341
- throw new SelectorNotAllowed("executeWithRuntimeValidation");
342
- }
369
+ assertNoForbiddenSelectors(permission.data.functions);
343
370
  this.selectors = [...this.selectors, ...permission.data.functions];
344
371
  }
345
372
 
@@ -551,13 +578,13 @@ export class PermissionBuilder {
551
578
  address: getDefaultNativeTokenLimitModuleAddress(
552
579
  this.client.chain,
553
580
  ),
554
- entityId,
581
+ entityId: entityId + HALF_UINT32,
555
582
  hookType: HookType.VALIDATION,
556
583
  hasPreHooks: true,
557
584
  hasPostHooks: false,
558
585
  },
559
586
  initData: {
560
- entityId,
587
+ entityId: entityId + HALF_UINT32,
561
588
  spendLimit: BigInt(permission.data.limit),
562
589
  },
563
590
  };