@alchemy/wallet-apis 0.0.0-alpha.14 → 0.0.0-alpha.16

package/src/actions/signSignatureRequest.ts

@@ -6,11 +6,21 @@ import type {
   Eip7702UnsignedAuth,
 } from "@alchemy/wallet-api-types";
 import { vToYParity } from "ox/Signature";
-import type { InnerWalletApiClient, WithoutRawPayload } from "../types";
-import { assertNever } from "@alchemy/common";
+import type {
+  InnerWalletApiClient,
+  SignerClient,
+  WithoutRawPayload,
+} from "../types";
+import { assertNever, BaseError } from "@alchemy/common";
+import { LOGGER } from "../logger.js";
+import { isLocalAccount, isWebAuthnAccount } from "../utils/assertions.js";
 import { getAction } from "viem/utils";
 import { signAuthorization, signMessage, signTypedData } from "viem/actions";
-import { LOGGER } from "../logger.js";
+import type {
+  WebAuthnSignReturnType,
+  WebAuthnAccount,
+} from "viem/account-abstraction";
+import type { LocalAccount } from "viem";
 
 export type SignSignatureRequestParams = Prettify<
   WithoutRawPayload<
@@ -22,16 +32,27 @@ export type SignSignatureRequestParams = Prettify<
   >
 >;
 
-export type SignSignatureRequestResult = Prettify<{
-  type: "secp256k1";
-  data: Hex;
-}>;
+export type SignSignatureRequestResult =
+  | {
+      type: "secp256k1";
+      data: Hex;
+    }
+  | {
+      type: "webauthn-p256";
+      data: {
+        signature: Hex;
+        metadata: Pick<
+          WebAuthnSignReturnType["webauthn"],
+          "clientDataJSON" | "authenticatorData"
+        >;
+      };
+    };
 
 /**
  * Signs a signature request using the provided signer.
  * This method handles different types of signature requests including personal_sign, eth_signTypedData_v4, and authorization.
  *
- * @param {SmartAccountSigner} signer - The signer to use for signing the request
+ * @param {InnerWalletApiClient} client - The wallet client to use for signing
  * @param {SignSignatureRequestParams} params - The signature request parameters
  * @param {string} params.type - The type of signature request ('personal_sign', 'eth_signTypedData_v4', or 'signature_with_authorization')
  * @param {SignSignatureRequestParams["data"]} params.data - The data to sign, format depends on the signature type
@@ -63,73 +84,163 @@ export async function signSignatureRequest(
   params: SignSignatureRequestParams,
 ): Promise<SignSignatureRequestResult> {
   LOGGER.debug("signSignatureRequest:start", { type: params.type });
-  const actions = {
-    signMessage: getAction(client.owner, signMessage, "signMessage"),
-    signTypedData: getAction(client.owner, signTypedData, "signTypedData"),
-    signAuthorization: getAction(
-      client.owner,
-      signAuthorization,
-      "signAuthorization",
-    ),
-  };
 
+  if (isWebAuthnAccount(client.owner)) {
+    return signWithWebAuthn(client.owner, params);
+  }
+
+  if (isLocalAccount(client.owner)) {
+    return signWithLocalAccount(client.owner, params);
+  }
+
+  return signWithSignerClient(client.owner, params);
+}
+
+// ─────────────────────────────────────────────────────────────────────────────
+// WebAuthn signer
+// ─────────────────────────────────────────────────────────────────────────────
+
+type WebAuthnResult = Extract<
+  SignSignatureRequestResult,
+  { type: "webauthn-p256" }
+>;
+
+async function signWithWebAuthn(
+  signer: WebAuthnAccount,
+  params: SignSignatureRequestParams,
+): Promise<WebAuthnResult> {
   switch (params.type) {
     case "personal_sign": {
-      const res = {
-        type: "secp256k1",
-        data: await actions.signMessage({
-          message: params.data,
-          account: client.owner.account,
-        }),
-      } as const;
-      LOGGER.debug("signSignatureRequest:personal_sign:ok");
-      return res;
+      const { signature, webauthn: metadata } = await signer.signMessage({
+        message: params.data,
+      });
+      LOGGER.debug("signSignatureRequest:webauthn:personal_sign:ok");
+      return { type: "webauthn-p256", data: { signature, metadata } };
     }
     case "eth_signTypedData_v4": {
-      const res = {
-        type: "secp256k1",
-        data: await actions.signTypedData({
-          ...params.data,
-          account: client.owner.account,
-        }),
-      } as const;
-      LOGGER.debug("signSignatureRequest:typedData:ok");
-      return res;
+      const { signature, webauthn: metadata } = await signer.signTypedData(
+        params.data,
+      );
+      LOGGER.debug("signSignatureRequest:webauthn:eth_signTypedData_v4:ok");
+      return { type: "webauthn-p256", data: { signature, metadata } };
+    }
+    case "eip7702Auth":
+      throw new BaseError(
+        "WebAuthn account cannot sign EIP-7702 authorization requests",
+      );
+    default:
+      LOGGER.warn("signSignatureRequest:unknown-type", {
+        type: (params as { type?: unknown }).type,
+      });
+      return assertNever(params, "Unexpected signature request type.");
+  }
+}
+
+// ─────────────────────────────────────────────────────────────────────────────
+// LocalAccount signer
+// ─────────────────────────────────────────────────────────────────────────────
+
+type Secp256k1Result = Extract<
+  SignSignatureRequestResult,
+  { type: "secp256k1" }
+>;
+
+async function signWithLocalAccount(
+  signer: LocalAccount,
+  params: SignSignatureRequestParams,
+): Promise<Secp256k1Result> {
+  switch (params.type) {
+    case "personal_sign": {
+      const data = await signer.signMessage({ message: params.data });
+      LOGGER.debug("signSignatureRequest:localAccount:personal_sign:ok");
+      return { type: "secp256k1", data };
+    }
+    case "eth_signTypedData_v4": {
+      const data = await signer.signTypedData(params.data);
+      LOGGER.debug("signSignatureRequest:localAccount:eth_signTypedData_v4:ok");
+      return { type: "secp256k1", data };
     }
     case "eip7702Auth": {
+      if (!signer.signAuthorization) {
+        throw new BaseError(
+          "Current signer does not support signing authorization requests",
+        );
+      }
       const {
         r,
         s,
         v,
         yParity: _yParity,
-      } = await actions.signAuthorization({
-        ...{
-          ...params.data,
-          chainId: hexToNumber(params.data.chainId),
-          nonce: hexToNumber(params.data.nonce),
-        },
-        account: client.owner.account,
+      } = await signer.signAuthorization({
+        address: params.data.address,
+        chainId: hexToNumber(params.data.chainId),
+        nonce: hexToNumber(params.data.nonce),
       });
-      // yParity *should* already be a number, but some 3rd
-      // party signers may mistakenly return it as a bigint.
       const yParity =
         _yParity != null ? Number(_yParity) : vToYParity(Number(v));
+      LOGGER.debug("signSignatureRequest:localAccount:eip7702Auth:ok");
+      return {
+        type: "secp256k1",
+        data: serializeSignature({ r, s, yParity }),
+      };
+    }
+    default:
+      LOGGER.warn("signSignatureRequest:unknown-type", {
+        type: (params as { type?: unknown }).type,
+      });
+      return assertNever(params, "Unexpected signature request type.");
+  }
+}
 
-      const res = {
+// ─────────────────────────────────────────────────────────────────────────────
+// SignerClient (WalletClient)
+// ─────────────────────────────────────────────────────────────────────────────
+
+async function signWithSignerClient(
+  signer: SignerClient,
+  params: SignSignatureRequestParams,
+): Promise<Secp256k1Result> {
+  switch (params.type) {
+    case "personal_sign": {
+      const action = getAction(signer, signMessage, "signMessage");
+      const data = await action({
+        message: params.data,
+        account: signer.account,
+      });
+      LOGGER.debug("signSignatureRequest:signerClient:personal_sign:ok");
+      return { type: "secp256k1", data };
+    }
+    case "eth_signTypedData_v4": {
+      const action = getAction(signer, signTypedData, "signTypedData");
+      const data = await action({ ...params.data, account: signer.account });
+      LOGGER.debug("signSignatureRequest:signerClient:eth_signTypedData_v4:ok");
+      return { type: "secp256k1", data };
+    }
+    case "eip7702Auth": {
+      const action = getAction(signer, signAuthorization, "signAuthorization");
+      const {
+        r,
+        s,
+        v,
+        yParity: _yParity,
+      } = await action({
+        address: params.data.address,
+        chainId: hexToNumber(params.data.chainId),
+        nonce: hexToNumber(params.data.nonce),
+        account: signer.account,
+      });
+      const yParity =
+        _yParity != null ? Number(_yParity) : vToYParity(Number(v));
+      LOGGER.debug("signSignatureRequest:signerClient:eip7702Auth:ok");
+      return {
         type: "secp256k1",
-        data: serializeSignature({
-          r,
-          s,
-          yParity,
-        }),
-      } as const;
-      LOGGER.debug("signSignatureRequest:eip7702Auth:ok");
-      return res;
+        data: serializeSignature({ r, s, yParity }),
+      };
     }
     default:
       LOGGER.warn("signSignatureRequest:unknown-type", {
         type: (params as { type?: unknown }).type,
       });
-      return assertNever(params, `Unexpected signature request type.`);
+      return assertNever(params, "Unexpected signature request type.");
   }
 }

package/src/actions/signTypedData.ts

@@ -1,4 +1,5 @@
 import {
+  BaseError,
   type Address,
   type Hex,
   type Prettify,
@@ -78,6 +79,13 @@ export async function signTypedData(
 
   const signed = await signSignatureRequest(client, prepared.signatureRequest);
 
+  // TODO: Wallet server needs to be updated to support webauthn here.
+  if (signed.type === "webauthn-p256") {
+    throw new BaseError(
+      "WebAuthn account is currently unsupported by wallet_formatSign",
+    );
+  }
+
   const formatted = await formatSign(client, {
     from: account.address,
     signature: {

package/src/client.ts

@@ -1,20 +1,14 @@
-import {
-  createClient,
-  type Address,
-  type Chain,
-  type LocalAccount,
-  createWalletClient,
-} from "viem";
+import { createClient, type Address, type Chain } from "viem";
 import { smartWalletActions } from "./decorators/smartWalletActions.js";
 import { type AlchemyTransport } from "@alchemy/common";
-import type { SignerClient, SmartWalletClient } from "./types.js";
+import type { SmartWalletClient, SmartWalletSigner } from "./types.js";
 import { createInternalState } from "./internal.js";
 import type { CreationOptionsBySignerAddress } from "@alchemy/wallet-api-types";
 
 export type CreateSmartWalletClientParams<
   TAccount extends Address | undefined = Address | undefined,
 > = {
-  signer: LocalAccount | SignerClient;
+  signer: SmartWalletSigner;
   transport: AlchemyTransport;
   chain: Chain;
   account?: TAccount;
@@ -30,7 +24,7 @@ export type CreateSmartWalletClientParams<
  * Creates a smart wallet client with wallet API actions.
  *
  * @param {CreateSmartWalletClientParams} params - Parameters for creating the smart wallet client.
- * @param {LocalAccount | JsonRpcAccount} params.account - The account to use for signing.
+ * @param {SmartWalletSigner} params.account - The account to use for signing.
  * @param {AlchemyTransport} params.transport - The transport to use for RPC calls.
  * @param {Chain} params.chain - The blockchain network to connect to.
  * @param {string[]} params.policyIds - Optional policy IDs for paymaster service.
@@ -48,18 +42,6 @@ export const createSmartWalletClient = <
 }: CreateSmartWalletClientParams<TAccount>): SmartWalletClient<TAccount> => {
   const _policyIds = [...(policyId ? [policyId] : []), ...(policyIds ?? [])];
 
-  // If the signer is a `LocalAccount` wrap it inside of a client now so
-  // downstream actions can just use `getAction` to get signing actions
-  // and `signerClient.account.address` to access the address.
-  const signerClient =
-    "request" in signer
-      ? signer
-      : createWalletClient({
-          account: signer,
-          transport,
-          chain,
-        });
-
   return createClient({
     account,
     transport,
@@ -69,7 +51,7 @@ export const createSmartWalletClient = <
     .extend(() => ({
       policyIds: _policyIds,
       internal: createInternalState(),
-      owner: signerClient,
+      owner: signer,
     }))
     .extend(smartWalletActions<TAccount>);
 };

package/src/types.ts

@@ -11,10 +11,12 @@ import type {
   Prettify,
   Transport,
   WalletClient,
+  LocalAccount,
 } from "viem";
 import type { InternalState } from "./internal";
 import type { SmartWalletClient1193Methods } from "./provider";
 import type { SmartWalletActions } from "./decorators/smartWalletActions";
+import type { WebAuthnAccount } from "viem/account-abstraction";
 
 export type BaseWalletClient<
   TExtend extends { [key: string]: unknown } | undefined =
@@ -30,12 +32,14 @@ export type BaseWalletClient<
 
 export type InnerWalletApiClient = BaseWalletClient<{
   internal: InternalState | undefined; // undefined if you want to skip using an internal cache
-  owner: SignerClient;
+  owner: SmartWalletSigner;
   policyIds?: string[];
 }>;
 
 export type SignerClient = WalletClient<Transport, Chain | undefined, Account>;
 
+export type SmartWalletSigner = LocalAccount | WebAuthnAccount | SignerClient;
+
 export type SmartWalletClientEip1193Provider = Prettify<
   EIP1193Events & {
     request: EIP1193RequestFn<SmartWalletClient1193Methods>;
@@ -50,10 +54,6 @@ export type OptionalChainId<T> = T extends { chainId: Hex }
   ? Omit<T, "chainId"> & { chainId?: Hex | undefined }
   : T;
 
-export type OptionalSignerAddress<T> = T extends { signerAddress: Address }
-  ? Omit<T, "signerAddress"> & { signerAddress?: Address | undefined }
-  : T;
-
 export type WithoutRawPayload<T> = T extends { rawPayload: Hex }
   ? Omit<T, "rawPayload">
   : T;

package/src/utils/assertions.ts

@@ -1,6 +1,7 @@
-import type { Client } from "viem";
-import type { InnerWalletApiClient } from "../types.js";
+import type { Client, LocalAccount } from "viem";
+import type { InnerWalletApiClient, SignerClient } from "../types.js";
 import { BaseError } from "@alchemy/common";
+import type { WebAuthnAccount } from "viem/account-abstraction";
 
 /**
  * Type guard function to check if a client is an Alchemy Smart Wallet Client.
@@ -30,3 +31,21 @@ export function assertSmartWalletClient(
     throw new BaseError(message);
   }
 }
+
+export function isLocalAccount(
+  signer: LocalAccount | WebAuthnAccount | SignerClient,
+): signer is LocalAccount {
+  return signer.type === "local";
+}
+
+export function isWebAuthnAccount(
+  signer: LocalAccount | WebAuthnAccount | SignerClient,
+): signer is WebAuthnAccount {
+  return signer.type === "webAuthn";
+}
+
+export function isSignerClient(
+  signer: LocalAccount | WebAuthnAccount | SignerClient,
+): signer is SignerClient {
+  return "request" in signer;
+}

package/src/utils/capabilities.ts

@@ -1,24 +1,65 @@
-import type { Capabilities } from "@alchemy/wallet-api-types/capabilities";
+import type {
+  PrepareCallsCapabilities,
+  SendPreparedCallsCapabilities,
+} from "@alchemy/wallet-api-types/capabilities";
 import type { InnerWalletApiClient } from "../types.js";
 
 /**
  * Merges client capabilities with capabilities from the request.
+ * Uses policyId (singular) when there's one policy, policyIds (array) when multiple.
  *
  * @param {InnerWalletApiClient} client - The inner wallet API client (potentially including global capabilities like policy IDs)
- * @param {Capabilities | undefined} capabilities - Request capabilities to merge with, if any
- * @returns {Capabilities | undefined} The merged capabilities object, or original capabilities if no capability configuration exists on the client
+ * @param {T | undefined} capabilities - Request capabilities to merge with, if any
+ * @returns {T | undefined} The merged capabilities object, or original capabilities if no capability configuration exists on the client
  */
-export const mergeClientCapabilities = (
+export const mergeClientCapabilities = <
+  T extends PrepareCallsCapabilities | SendPreparedCallsCapabilities,
+>(
   client: InnerWalletApiClient,
-  capabilities: Capabilities | undefined,
-): Capabilities | undefined => {
-  return client.policyIds?.length && !capabilities?.paymasterService
-    ? {
-        ...capabilities,
-        paymasterService: {
-          ...capabilities?.paymasterService,
-          policyIds: client.policyIds,
-        },
-      }
-    : capabilities;
+  capabilities: T | undefined,
+): T | undefined => {
+  if (!client.policyIds?.length || capabilities?.paymasterService) {
+    return capabilities;
+  }
+
+  return {
+    ...capabilities,
+    paymasterService:
+      client.policyIds.length === 1
+        ? { policyId: client.policyIds[0] }
+        : { policyIds: client.policyIds },
+  } as T;
+};
+
+/**
+ * Extracts capabilities from prepareCalls that are usable for sendPreparedCalls.
+ * Only permissions and paymasterService (policyId/policyIds & webhookData) are supported.
+ *
+ * @param {PrepareCallsCapabilities | undefined} capabilities - The prepareCalls capabilities
+ * @returns {SendPreparedCallsCapabilities | undefined} The sendPreparedCalls capabilities, or undefined if no relevant capabilities exist
+ */
+export const extractCapabilitiesForSending = (
+  capabilities: PrepareCallsCapabilities | undefined,
+): SendPreparedCallsCapabilities | undefined => {
+  if (
+    capabilities?.permissions == null &&
+    capabilities?.paymasterService == null
+  ) {
+    return undefined;
+  }
+
+  const paymasterService = capabilities.paymasterService;
+
+  return {
+    permissions: capabilities.permissions,
+    paymasterService:
+      paymasterService != null
+        ? {
+            ...("policyId" in paymasterService
+              ? { policyId: paymasterService.policyId }
+              : { policyIds: paymasterService.policyIds }),
+            webhookData: paymasterService.webhookData,
+          }
+        : undefined,
+  };
 };

package/src/utils/format.ts

@@ -6,8 +6,13 @@ import {
   bytesToHex,
   type TypedDataDefinition,
   getTypesForEIP712Domain,
+  sliceHex,
 } from "viem";
-import type { TypedDataDefinition as WalletServerTypedDataDefinition } from "@alchemy/wallet-api-types";
+import type {
+  TypedDataDefinition as WalletServerTypedDataDefinition,
+  WebAuthnPublicKey,
+} from "@alchemy/wallet-api-types";
+import type { ToWebAuthnAccountParameters } from "viem/account-abstraction";
 
 export const castToHex = (val: string | number | bigint | Hex): Hex => {
   if (isHex(val)) {
@@ -59,3 +64,17 @@ export const typedDataToJsonSafe = ({
     ),
   };
 };
+
+export function credentialToWebAuthnPublicKey(
+  credential: ToWebAuthnAccountParameters["credential"],
+): WebAuthnPublicKey {
+  const { x, y } = {
+    x: sliceHex(credential.publicKey, 0, 32, { strict: true }),
+    y: sliceHex(credential.publicKey, 32, 64, { strict: true }),
+  };
+
+  return {
+    x,
+    y,
+  };
+}

package/src/utils/signer.ts

@@ -0,0 +1,36 @@
+import { toHex, type Address } from "viem";
+import type { SmartWalletSigner } from "../types";
+import type { WebAuthnPublicKey } from "@alchemy/wallet-api-types";
+import { parsePublicKey } from "webauthn-p256";
+
+export function getSignerAddressOrPublicKey(
+  signer: SmartWalletSigner,
+):
+  | { type: "secp256k1"; address: Address }
+  | { type: "webauthn-p256"; publicKey: WebAuthnPublicKey } {
+  // SignerClient.
+  if ("request" in signer) {
+    return {
+      type: "secp256k1",
+      address: signer.account.address,
+    };
+  }
+
+  // LocalAccount.
+  if (signer.type === "local") {
+    return {
+      type: "secp256k1",
+      address: signer.address,
+    };
+  }
+
+  // WebAuthnAccount.
+  const key = parsePublicKey(signer.publicKey);
+  return {
+    type: "webauthn-p256",
+    publicKey: {
+      x: toHex(key.x),
+      y: toHex(key.y),
+    },
+  };
+}

package/src/utils/viemDecode.ts

@@ -15,7 +15,7 @@ import type {
   PreparedCall_UserOpV060,
   PreparedCall_UserOpV070,
 } from "@alchemy/wallet-api-types";
-import type { Capabilities as WalletApiCapabilities } from "@alchemy/wallet-api-types/capabilities";
+import type { PrepareCallsCapabilities as WalletApiCapabilities } from "@alchemy/wallet-api-types/capabilities";
 import type {
   ViemEncodedAuthorizationCall,
   ViemEncodedPaymasterPermitCall,

package/src/utils/viemEncode.ts

@@ -19,7 +19,7 @@ import type {
   PreparedCall_UserOpV060,
   PreparedCall_UserOpV070,
 } from "@alchemy/wallet-api-types";
-import type { Capabilities as WalletApiCapabilities } from "@alchemy/wallet-api-types/capabilities";
+import type { PrepareCallsCapabilities as WalletApiCapabilities } from "@alchemy/wallet-api-types/capabilities";
 
 export type ViemEncodedPreparedCalls =
   | (ViemEncodedUserOperationCall | ViemEncodedPaymasterPermitCall)

package/src/version.ts

@@ -1,3 +1,3 @@
 // This file is autogenerated by inject-version.ts. Any changes will be
 // overwritten on commit!
-export const VERSION = "0.0.0-alpha.14";
+export const VERSION = "0.0.0-alpha.16";