@account-kit/wallet-client 0.1.0-alpha.1 → 0.1.0-alpha.11

package/src/isomorphic/actions/prepareCalls.ts

@@ -1,5 +1,6 @@
 import {
   deepHexlify,
+  default7702GasEstimator,
   type SmartAccountClient,
   type SmartContractAccount,
 } from "@aa-sdk/core";
@@ -8,15 +9,21 @@ import {
   ChainNotFoundError,
   custom,
   fromHex,
+  hashMessage,
   toHex,
-  zeroAddress,
   type Chain,
   type Transport,
 } from "viem";
-import type { wallet_prepareCalls } from "../../rpc/request.js";
-import type { WalletServerViemRpcSchema } from "../../rpc/schema.js";
+import type {
+  wallet_prepareCalls,
+  WalletServerViemRpcSchema,
+} from "@alchemy/wallet-api-types/rpc";
 import { createAccount } from "../utils/createAccount.js";
 import { createDummySigner } from "../utils/createDummySigner.js";
+import { createAuthorizationRequest, isDelegated } from "../utils/7702.js";
+import { InvalidRequestError } from "ox/RpcResponse";
+import { assertNever } from "../../utils.js";
+import { assertValid7702AccountAddress } from "../utils/7702.js";
 
 export type PrepareCallsParams = Omit<
   Static<
@@ -29,7 +36,6 @@ export type PrepareCallsResult = Static<
   (typeof wallet_prepareCalls)["properties"]["ReturnType"]
 >;
 
-// TODO: handle capabilities like permissions and paymaster here
 export async function prepareCalls(
   client: SmartAccountClient<
     Transport,
@@ -44,29 +50,70 @@ export async function prepareCalls(
     throw new ChainNotFoundError();
   }
 
+  assertValid7702AccountAddress(params.from, params.capabilities?.eip7702Auth);
+
   // in local mode, we probably want some kind of caching for this
-  const { counterfactualInfo } = await client.request({
+  const { counterfactualInfo, delegation } = await client.request({
     method: "wallet_requestAccount",
     params: [
-      {
-        accountAddress: params.from,
-        includeCounterfactualInfo: true,
-      },
+      params.capabilities?.eip7702Auth
+        ? {
+            signerAddress: params.from,
+            creationHint: {
+              accountType: "7702",
+            },
+            includeCounterfactualInfo: true,
+          }
+        : {
+            accountAddress: params.from,
+            includeCounterfactualInfo: true,
+          },
     ],
   });
-  if (!counterfactualInfo) {
-    throw new Error("No counterfactual info found.");
+
+  if (!counterfactualInfo && !delegation) {
+    throw new InvalidRequestError({
+      message:
+        "No counterfactual info or delegated implementation address found.",
+    });
   }
 
   const account = await createAccount({
     chain: client.chain,
     transport: custom(client.transport),
-    signer: createDummySigner(zeroAddress),
+    signer: createDummySigner(params.from),
     accountAddress: params.from,
     counterfactualInfo,
-    capabilities: params.capabilities,
+    permissions: params.capabilities?.permissions,
+    delegation,
   });
 
+  const authorizationRequest =
+    delegation &&
+    !(await isDelegated(client, {
+      address: account.address,
+      delegation,
+    }))
+      ? await createAuthorizationRequest(client, {
+          address: account.address,
+          delegation,
+        })
+      : undefined;
+
+  if (params.capabilities?.permissions && authorizationRequest) {
+    // The user shouldn't see this in most cases since we require
+    // the account to be delegated before creating the session.
+    throw new InvalidRequestError({
+      message:
+        "When using a 7702 account with a session key, the account must be delegated before preparing calls.",
+    });
+  }
+
+  if (authorizationRequest) {
+    // @ts-expect-error - this is available but not typed as public
+    client.middleware.gasEstimator = default7702GasEstimator();
+  }
+
   // TODO: oops we don't actually support setting the policyId as an override here
   // if we assume that the the isomorphic client is never used directly, then we can assume that this is handled upstream correctly
   const builtUo = await client.buildUserOperation({
@@ -76,25 +123,50 @@ export async function prepareCalls(
       value: x.value ? fromHex(x.value, "bigint") : undefined,
     })),
     account,
-    overrides: params.capabilities?.gasParamsOverride,
+    overrides: {
+      ...params.capabilities?.gasParamsOverride,
+      nonceKey: params.capabilities?.nonceOverride?.nonceKey
+        ? fromHex(params.capabilities.nonceOverride.nonceKey, "bigint")
+        : undefined,
+    },
   });
 
-  const uoRequest = deepHexlify(builtUo);
+  // The eip7702Auth field should never be included in the UO sig
+  // request. It's handled by a separate authorization request.
+  if ("eip7702Auth" in builtUo) {
+    builtUo.eip7702Auth = undefined;
+  }
+
+  const hexlifiedUo = deepHexlify(builtUo);
+
+  const ep = account.getEntryPoint();
 
-  const hash = account.getEntryPoint().getUserOperationHash(uoRequest);
+  const uoHash = ep.getUserOperationHash(hexlifiedUo);
 
-  return {
+  const uoRequest = {
     type:
-      account.getEntryPoint().version === "0.7.0"
-        ? "user-operation-v070"
-        : "user-operation-v060",
-    data: uoRequest,
+      ep.version === "0.7.0"
+        ? ("user-operation-v070" as const)
+        : ep.version === "0.6.0"
+          ? ("user-operation-v060" as const)
+          : assertNever(ep.version, "Unexpected entry point version"),
+    data: hexlifiedUo,
     chainId: toHex(client.chain.id),
     signatureRequest: {
-      type: "personal_sign",
+      type: "personal_sign" as const,
       data: {
-        raw: hash,
+        raw: uoHash,
       },
+      rawPayload: hashMessage({
+        raw: uoHash,
+      }),
     },
   };
+
+  return authorizationRequest
+    ? {
+        type: "array" as const,
+        data: [authorizationRequest, uoRequest],
+      }
+    : uoRequest;
 }

package/src/isomorphic/actions/prepareSign.ts

@@ -0,0 +1,88 @@
+import type { Static } from "@sinclair/typebox";
+import type {
+  SignatureRequest,
+  SmartAccountClient,
+  SmartContractAccount,
+} from "@aa-sdk/core";
+import {
+  ChainNotFoundError,
+  custom,
+  toHex,
+  type Chain,
+  type Transport,
+} from "viem";
+import type {
+  wallet_prepareSign,
+  WalletServerViemRpcSchema,
+} from "@alchemy/wallet-api-types/rpc";
+import { SignableMessage, jsonSafeTypedData } from "@alchemy/wallet-api-types";
+import { createAccount } from "../utils/createAccount.js";
+import { createDummySigner } from "../utils/createDummySigner.js";
+import { Value } from "@sinclair/typebox/value";
+
+export type PrepareSignParams = Static<
+  (typeof wallet_prepareSign)["properties"]["Request"]["properties"]["params"]
+>[0];
+
+export type PrepareSignResult = Static<
+  (typeof wallet_prepareSign)["properties"]["ReturnType"]
+>;
+
+export async function prepareSign(
+  client: SmartAccountClient<
+    Transport,
+    Chain,
+    SmartContractAccount | undefined,
+    Record<string, unknown>,
+    WalletServerViemRpcSchema
+  >,
+  params: PrepareSignParams,
+): Promise<PrepareSignResult> {
+  if (!client.chain) {
+    throw new ChainNotFoundError();
+  }
+
+  const { counterfactualInfo, delegation } = await client.request({
+    method: "wallet_requestAccount",
+    params: [
+      {
+        accountAddress: params.from,
+        includeCounterfactualInfo: true,
+      },
+    ],
+  });
+
+  const account = await createAccount({
+    chain: client.chain,
+    transport: custom(client.transport),
+    signer: createDummySigner(params.from),
+    accountAddress: params.from,
+    counterfactualInfo,
+    permissions: params.capabilities?.permissions,
+    delegation,
+  });
+
+  const signatureRequest = await account.prepareSign(
+    params.signatureRequest as SignatureRequest,
+  );
+
+  if (signatureRequest.type === "personal_sign") {
+    return {
+      chainId: toHex(client.chain.id),
+      signatureRequest: {
+        type: signatureRequest.type,
+        data: Value.Encode(SignableMessage, signatureRequest.data),
+      },
+    };
+  } else {
+    const typedData = signatureRequest.data;
+
+    return {
+      chainId: toHex(client.chain.id),
+      signatureRequest: {
+        type: signatureRequest.type,
+        data: jsonSafeTypedData(typedData),
+      },
+    };
+  }
+}

package/src/isomorphic/actions/sendPreparedCalls.ts

@@ -3,28 +3,36 @@ import {
   type SmartAccountClient,
   type SmartContractAccount,
 } from "@aa-sdk/core";
-import type { Static, StaticDecode } from "@sinclair/typebox";
 import { Value } from "@sinclair/typebox/value";
 import {
+  BaseError,
   ChainNotFoundError,
   concat,
   concatHex,
+  getContract,
+  numberToHex,
+  parseSignature,
   toHex,
+  type Address,
   type Chain,
   type Hex,
   type Transport,
 } from "viem";
-import { decodePermissionsContext } from "../../capabilities/permissions/mav2.js";
-import type { wallet_sendPreparedCalls } from "../../rpc/request.js";
-import type { WalletServerViemRpcSchema } from "../../rpc/schema.js";
-import { TypeCallId } from "../../schemas.js";
-
-export type SendPreparedCallsParams = Omit<
-  StaticDecode<
-    (typeof wallet_sendPreparedCalls)["properties"]["Request"]["properties"]["params"]
-  >[0],
-  "chainId"
->;
+import type {
+  wallet_sendPreparedCalls,
+  WalletServerViemRpcSchema,
+} from "@alchemy/wallet-api-types/rpc";
+import { decodePermissionsContext } from "@alchemy/wallet-api-types/capabilities";
+import { CallId } from "@alchemy/wallet-api-types";
+import { isSupportedDelegationAddress7702 } from "../utils/7702.js";
+import { InvalidRequestError } from "ox/RpcResponse";
+import { assertNever } from "../../utils.js";
+import type { Static } from "@sinclair/typebox";
+import { decodeSignature } from "../utils/decodeSignature.js";
+
+export type SendPreparedCallsParams = Static<
+  (typeof wallet_sendPreparedCalls)["properties"]["Request"]["properties"]["params"]
+>[0];
 
 export type SendPreparedCallsResult = Static<
   (typeof wallet_sendPreparedCalls)["properties"]["ReturnType"]
@@ -46,50 +54,218 @@ export async function sendPreparedCalls(
   }
 
   const deferredAction: Hex | undefined = (() => {
-    if (!params.capabilities?.permissions?.context) {
+    if (!params.capabilities?.permissions) {
       return;
     }
 
     const decodedContext = decodePermissionsContext(
-      params.capabilities.permissions.context,
+      params.capabilities.permissions,
     );
 
     if (decodedContext.contextVersion === "REMOTE_MODE_DEFERRED_ACTION") {
-      throw new Error(
-        "Remote mode deferred action not supported in isomorphic client",
-      );
+      throw new InvalidRequestError({
+        message:
+          "Remote mode deferred action not supported in isomorphic client",
+      });
     }
 
     return decodedContext.deferredAction;
   })();
 
-  const entryPoint =
-    params.type === "user-operation-v060"
-      ? getEntryPoint(client.chain, { version: "0.6.0" })
-      : getEntryPoint(client.chain, { version: "0.7.0" });
-
-  const hash = await client.sendRawUserOperation(
-    {
-      ...params.data,
-      signature:
-        deferredAction != null
-          ? concatHex([
-              `0x${deferredAction.slice(68)}`, // Cuts off stuff preprended to the digest (nonce, etc. that we had previously).
-              "0xff",
-              "0x00",
-              params.signature.signature,
-            ])
-          : concat(["0xFF", "0x00", params.signature.signature]),
-    },
-    entryPoint.address,
-  );
+  const userOps =
+    params.type === "array"
+      ? params.data.filter((it) => {
+          const isUserOp =
+            it.type === "user-operation-v060" ||
+            it.type === "user-operation-v070";
+          if (isUserOp && it.chainId !== toHex(client.chain.id)) {
+            throw new InvalidRequestError({
+              message:
+                "Multiple chain IDs in a single request are not currently supported.",
+            });
+          }
+          return isUserOp;
+        })
+      : [params];
+
+  if (!userOps.length) {
+    throw new InvalidRequestError({
+      message: "Calls must include at least one user operation",
+    });
+  }
+
+  const authorizations =
+    params.type === "array"
+      ? params.data.filter((it) => it.type === "authorization")
+      : [];
+
+  if (authorizations.length > 1) {
+    throw new InvalidRequestError({
+      message:
+        "Multiple authorizations in a single request are not currently supported",
+    });
+  }
+  const [authorization] = authorizations;
+
+  // One last safety check to be sure the UO wasn't modified to include an unsupported 7702 delegation address.
+  if (
+    authorization &&
+    !isSupportedDelegationAddress7702(authorization.data.address)
+  ) {
+    throw new InvalidRequestError({
+      message: `Unsupported 7702 delegation address: ${authorization.data.address}`,
+    });
+  }
+
+  const hashes = await Promise.all(
+    userOps.map(async (userOp, idx) => {
+      const ep: { address: Address } =
+        userOp.type === "user-operation-v060"
+          ? getEntryPoint(client.chain, { version: "0.6.0" })
+          : userOp.type === "user-operation-v070"
+            ? getEntryPoint(client.chain, { version: "0.7.0" })
+            : assertNever(userOp, "Unexpected user op type");
+      const authSig = authorization
+        ? parseSignature(decodeSignature(authorization.signature).data)
+        : undefined;
+      const uoSigHex = decodeSignature(userOp.signature).data;
+
+      const { counterfactualInfo, delegation } = await client.request({
+        method: "wallet_requestAccount",
+        params: [
+          {
+            accountAddress: userOp.data.sender,
+            includeCounterfactualInfo: true,
+          },
+        ],
+      });
 
-  const callId = Value.Encode(TypeCallId, {
-    chainId: toHex(client.chain.id),
-    hash,
-  });
+      if (!counterfactualInfo && !delegation) {
+        throw new InvalidRequestError({
+          message:
+            "No counterfactual info or delegated implementation address found.",
+        });
+      }
+
+      const deferredActionData: Hex | undefined = deferredAction
+        ? await (async () => {
+            // determine whether the data should be appended to the signature.
+            // logic ported from @account-kit/smart-contracts `modularAccountV2Base.ts`
+
+            const deferredActionNonce = BigInt(
+              `0x${deferredAction.slice(4, 68)}`,
+            );
+
+            const entryPoint = getEntryPoint(client.chain, {
+              version: "0.7.0",
+            });
+
+            const entryPointContract = getContract({
+              address: entryPoint.address,
+              abi: entryPoint.abi,
+              client,
+            });
+
+            // Set these values if the deferred action has not been consumed. We check this with the EP
+            const nextNonceForDeferredAction: bigint =
+              (await entryPointContract.read.getNonce([
+                userOp.data.sender,
+                deferredActionNonce >> 64n,
+              ])) as bigint;
+
+            if (deferredActionNonce === nextNonceForDeferredAction) {
+              return `0x${deferredAction.slice(68)}`;
+            } else if (deferredActionNonce > nextNonceForDeferredAction) {
+              // if nonce is greater than the next nonce, its invalid, so we throw
+              throw new InvalidRequestError({
+                message: "Invalid session nonce",
+              });
+            }
+
+            // In this case, the deferred action has already been consumed, so no data should be appended to the signature.
+            // The signer entity should already be accounted for in `userOp.nonce`.
+            return undefined;
+          })()
+        : undefined;
+
+      const factoryType = counterfactualInfo?.factoryType;
+
+      // build signature based on account type
+      const signature = (() => {
+        switch (factoryType) {
+          // light accounts
+          case "LightAccountV1.0.1":
+          case "LightAccountV1.0.2":
+          case "LightAccountV1.1.0":
+          case "MAv1.0.0-MultiOwner":
+            // For LAv1 and MAv1-MultiOwner, we always just pass the signature.
+            return uoSigHex;
+          case "LightAccountV2.0.0":
+            // for LAv2, we need to prepend the "SignatureType.EOA" byte.
+            // TODO: Once we support nested smart accounts, switch this byte depending on the signature type.
+            return concat(["0x00", uoSigHex]);
+          case undefined: // undefined defaults to sma-b
+          case "MAv2.0.0-sma-b":
+            // For sma-b, we need to handle deferred actions if needed and prepend the "Reserved
+            // Signature Segment" and "SignatureType.EOA" bytes
+            return deferredActionData != null
+              ? concatHex([deferredActionData, "0xFF", "0x00", uoSigHex])
+              : concat(["0xFF", "0x00", uoSigHex]);
+          case "LightAccountV2.0.0-MultiOwner":
+            // for LAv2-MultiOwner, we need to prepend the "SignatureType.EOA" byte
+            // TODO: Once we support nested smart accounts, switch this byte depending on the signature type, and add the smart account signer's address.
+            return concat(["0x00", uoSigHex]);
+          case "MAv2.0.0-ma-ssv":
+          case "MAv2.0.0-ma-webauthn":
+          case "MAv1.0.0-MultiSig":
+          case "unknown":
+            throw new InvalidRequestError({
+              message: `Unsupported factory type: ${factoryType}`,
+            });
+          default:
+            return assertNever(factoryType, "Unsupported factory type");
+        }
+      })();
+
+      return client
+        .sendRawUserOperation(
+          {
+            ...userOp.data,
+            signature,
+            eip7702Auth:
+              idx === 0 && authorization && authSig
+                ? {
+                    ...authorization.data,
+                    chainId: authorization.chainId,
+                    ...{
+                      ...authSig,
+                      yParity: numberToHex(authSig.yParity),
+                    },
+                  }
+                : undefined,
+          },
+          ep.address,
+        )
+        .catch((err) => {
+          if (
+            err instanceof BaseError &&
+            err.details.endsWith("is not a contract and initCode is empty")
+          ) {
+            throw new BaseError(
+              `${err.details} (If using 7702, be sure you include the signed authorization in the request parameters)`,
+            );
+          }
+          throw err;
+        });
+    }),
+  );
 
   return {
-    preparedCallIds: [callId],
+    preparedCallIds: hashes.map((hash) =>
+      Value.Encode(CallId, {
+        chainId: toHex(client.chain.id),
+        hash,
+      }),
+    ),
   };
 }

package/src/isomorphic/client.ts

@@ -1,5 +1,6 @@
 import {
   createSmartAccountClient,
+  type ClientMiddlewareFn,
   type SmartAccountClient,
   type SmartAccountClientRpcSchema,
   type SmartContractAccount,
@@ -11,7 +12,7 @@ import {
   type AlchemyTransport,
 } from "@account-kit/infra";
 import { type Chain, type Transport } from "viem";
-import type { WalletServerViemRpcSchema } from "../rpc/schema.js";
+import type { WalletServerViemRpcSchema } from "@alchemy/wallet-api-types/rpc";
 import {
   createSession,
   type CreateSessionParams,
@@ -28,6 +29,8 @@ import {
   sendPreparedCalls,
   type SendPreparedCallsParams,
 } from "./actions/sendPreparedCalls.js";
+import { prepareSign, type PrepareSignParams } from "./actions/prepareSign.js";
+import { formatSign, type FormatSignParams } from "./actions/formatSign.js";
 
 // let's start with something that takes in as many params as possible, then we can eliminate them as we don't need them
 type ClientParams = {
@@ -35,6 +38,7 @@ type ClientParams = {
   transport: Transport;
   policyId?: string;
   useErc7677middleware?: boolean;
+  feeEstimator?: ClientMiddlewareFn;
 };
 
 export function isomorphicClientActions(
@@ -54,6 +58,8 @@ export function isomorphicClientActions(
       getCallsStatus(client, params),
     createSession: (params: CreateSessionParams) =>
       createSession(client, params),
+    prepareSign: (params: PrepareSignParams) => prepareSign(client, params),
+    formatSign: (params: FormatSignParams) => formatSign(client, params),
   };
 }
 
@@ -64,6 +70,7 @@ export function createIsomorphicClient({
   transport,
   policyId,
   useErc7677middleware = true,
+  feeEstimator,
 }: ClientParams): SmartAccountClient<
   Transport,
   Chain,
@@ -76,7 +83,8 @@ export function createIsomorphicClient({
     transport,
     chain,
     // TODO: we will want to enforce alchemy transport here probably
-    feeEstimator: alchemyFeeEstimator(transport as AlchemyTransport),
+    feeEstimator:
+      feeEstimator ?? alchemyFeeEstimator(transport as AlchemyTransport),
     ...(policyId
       ? useErc7677middleware
         ? alchemyGasManagerMiddleware(policyId)