@aptos-labs/ts-sdk 1.35.0-zeta.0 → 1.35.0-zeta.2

package/package.json

@@ -36,9 +36,9 @@
     "build:clean": "rm -rf dist",
     "build": "pnpm build:clean && tsup",
     "prepublishOnly": "pnpm run build",
-    "_fmt": "prettier 'src/**/*.ts' 'tests/**/*.ts' 'examples/**/*.js' 'examples/**/*.ts' '.eslintrc.js'",
+    "_fmt": "prettier 'src/**/*.ts' 'tests/**/*.ts' 'examples/**/*.js' 'examples/**/*.ts' 'eslint.config.cjs'",
     "fmt": "pnpm _fmt --write",
-    "lint": "eslint 'src/**/*.ts' 'tests/**/*.ts' 'examples/**/*.ts'",
+    "lint": "eslint '**/*.{cts,mts,ts}'",
     "test": "pnpm jest",
     "unit-test": "pnpm jest tests/unit",
     "e2e-test": "pnpm jest tests/e2e",
@@ -64,38 +64,39 @@
     "poseidon-lite": "^0.2.0"
   },
   "devDependencies": {
-    "@babel/traverse": "^7.25.7",
-    "@cucumber/cucumber": "^11.0.1",
-    "@graphql-codegen/cli": "^5.0.2",
+    "@babel/traverse": "^7.26.8",
+    "@cucumber/cucumber": "^11.2.0",
+    "@eslint/eslintrc": "^3.2.0",
+    "@graphql-codegen/cli": "^5.0.4",
     "@graphql-codegen/import-types-preset": "^3.0.0",
-    "@graphql-codegen/typescript": "^4.0.9",
+    "@graphql-codegen/typescript": "^4.1.3",
     "@graphql-codegen/typescript-graphql-request": "^6.2.0",
-    "@graphql-codegen/typescript-operations": "^4.2.3",
+    "@graphql-codegen/typescript-operations": "^4.4.1",
     "@types/base-64": "^1.0.2",
-    "@types/jest": "^29.5.13",
-    "@types/jsonwebtoken": "^9.0.7",
-    "@types/node": "^20.16.10",
-    "@typescript-eslint/eslint-plugin": "^6.21.0",
-    "@typescript-eslint/parser": "^6.21.0",
-    "dotenv": "^16.4.5",
-    "eslint": "^8.57.1",
+    "@types/jest": "^29.5.14",
+    "@types/jsonwebtoken": "^9.0.8",
+    "@types/node": "^20.17.17",
+    "@typescript-eslint/eslint-plugin": "^7.18.0",
+    "@typescript-eslint/parser": "^7.18.0",
+    "dotenv": "^16.4.7",
+    "eslint": "^9.20.1",
     "eslint-config-airbnb-base": "^15.0.0",
-    "eslint-config-airbnb-typescript": "^17.1.0",
-    "eslint-config-prettier": "^9.1.0",
+    "eslint-config-prettier": "^10.0.1",
     "eslint-plugin-import": "^2.31.0",
-    "graphql": "^16.9.0",
+    "graphql": "^16.10.0",
+    "globals": "^15.14.0",
     "graphql-request": "^6.1.0",
     "jest": "^29.7.0",
     "jsonwebtoken": "^9.0.2",
-    "prettier": "^3.3.3",
+    "prettier": "^3.5.0",
     "tree-kill": "^1.2.2",
     "ts-jest": "^29.2.5",
-    "ts-loader": "^9.5.1",
+    "ts-loader": "^9.5.2",
     "ts-node": "^10.9.2",
-    "tsup": "^8.3.0",
-    "typedoc": "^0.26.8",
-    "typedoc-plugin-missing-exports": "^3.0.0",
-    "typescript": "^5.6.2"
+    "tsup": "^8.3.6",
+    "typedoc": "^0.27.7",
+    "typedoc-plugin-missing-exports": "^3.1.0",
+    "typescript": "^5.7.3"
   },
-  "version": "1.35.0-zeta.0"
+  "version": "1.35.0-zeta.2"
 }

package/src/account/MultiKeyAccount.ts

@@ -148,13 +148,14 @@ export class MultiKeyAccount implements Account, KeylessSigner {
    * @category Account (On-Chain Model)
    */
   static fromPublicKeysAndSigners(args: {
+    address?: AccountAddressInput;
     publicKeys: PublicKey[];
     signaturesRequired: number;
     signers: SingleKeySignerOrLegacyEd25519Account[];
   }): MultiKeyAccount {
-    const { publicKeys, signaturesRequired, signers } = args;
+    const { address, publicKeys, signaturesRequired, signers } = args;
     const multiKey = new MultiKey({ publicKeys, signaturesRequired });
-    return new MultiKeyAccount({ multiKey, signers });
+    return new MultiKeyAccount({ multiKey, signers, address });
   }
 
   /**

package/src/api/general.ts

@@ -279,11 +279,11 @@ export class General {
    * async function runExample() {
    *   // Querying the Aptos Indexer for ledger information
    *   const topUserTransactions = await aptos.queryIndexer({
-   *     query: `query MyQuery {
+   *     query: { query: `query MyQuery {
    *       ledger_infos {
    *         chain_id
    *       }
-   *     }`
+   *     }`}
    *   });
    *
    *   console.log(topUserTransactions);

package/src/api/transaction.ts

@@ -24,9 +24,6 @@ import {
   FeePayerOrFeePayerAuthenticatorOrNeither,
   getSigningMessage,
   publicPackageTransaction,
-  rotateAuthKey,
-  rotateAuthKeyToMultiEd25519,
-  rotateAuthKeyWithVerificationTransaction,
   signAndSubmitAsFeePayer,
   signAndSubmitTransaction,
   signAsFeePayer,
@@ -38,14 +35,14 @@ import {
   InputGenerateTransactionOptions,
   InputGenerateTransactionPayloadData,
 } from "../transactions";
-import { AccountAddressInput, Ed25519PrivateKey } from "../core";
+import { AccountAddressInput, AuthenticationKey, Ed25519PrivateKey } from "../core";
 import { Account } from "../account";
 import { Build } from "./transactionSubmission/build";
 import { Simulate } from "./transactionSubmission/simulate";
 import { Submit } from "./transactionSubmission/submit";
 import { TransactionManagement } from "./transactionSubmission/management";
 import { SimpleTransaction } from "../transactions/instances/simpleTransaction";
-import { MultiEd25519Account } from "../account/MultiEd25519Account";
+import { rotateAuthKey } from "../internal/account";
 
 /**
  * Represents a transaction in the Aptos blockchain,
@@ -477,13 +474,26 @@ export class Transaction {
   }
 
   /**
-   * Rotate an account's authentication key. After rotation, only the new private key can be used to sign transactions for the account.
-   * Note: Only legacy Ed25519 scheme is supported for now.
-   * More info: {@link https://aptos.dev/guides/account-management/key-rotation/}
+   * Rotates the authentication key for a given account.  Once an account is rotated, only the new private key
+   * or keyless signing scheme can be used to sign transactions for the account.
    *
-   * @param args The arguments for rotating the auth key.
-   * @param args.fromAccount The account to rotate the auth key for.
-   * @param args.toNewPrivateKey The new private key to rotate to.
+   * @param args - The arguments for rotating the authentication key.
+   * @param args.fromAccount - The account from which the authentication key will be rotated.
+   * @param args.toAccount - (Optional) The target account to rotate to. Required if not using toNewPrivateKey or toAuthKey.
+   * @param args.toNewPrivateKey - (Optional) The new private key to rotate to. Required if not using toAccount or toAuthKey.
+   * @param args.toAuthKey - (Optional) The new authentication key to rotate to. Can only be used with dangerouslySkipVerification=true.
+   * @param args.dangerouslySkipVerification - (Optional) If true, skips verification steps after rotation. Required when using toAuthKey.
+   *
+   * @remarks
+   * This function supports three modes of rotation:
+   * 1. Using a target Account object (toAccount)
+   * 2. Using a new private key (toNewPrivateKey)
+   * 3. Using a raw authentication key (toAuthKey) - requires dangerouslySkipVerification=true
+   *
+   * When not using dangerouslySkipVerification, the function performs additional safety checks and account setup.
+   *
+   * If the new key is a multi key, skipping verification is dangerous because verification will publish the public key onchain and
+   * prevent users from being locked out of the account from loss of knowledge of one of the public keys.
    *
    * @returns PendingTransactionResponse
    *
@@ -509,27 +519,18 @@ export class Transaction {
    * ```
    * @group Transaction
    */
-  async rotateAuthKey(args: {
-    fromAccount: Account;
-    toNewPrivateKey: Ed25519PrivateKey;
-  }): Promise<PendingTransactionResponse> {
+  async rotateAuthKey(
+    args: {
+      fromAccount: Account;
+    } & (
+      | { toAccount: Account; dangerouslySkipVerification?: never }
+      | { toNewPrivateKey: Ed25519PrivateKey; dangerouslySkipVerification?: never }
+      | { toAuthKey: AuthenticationKey; dangerouslySkipVerification: true }
+    ),
+  ): Promise<PendingTransactionResponse> {
     return rotateAuthKey({ aptosConfig: this.config, ...args });
   }
 
-  async rotateAuthKeyToMultiEd25519(args: {
-    fromAccount: Account;
-    multiEd25519Account: MultiEd25519Account;
-  }): Promise<PendingTransactionResponse> {
-    return rotateAuthKeyToMultiEd25519({ aptosConfig: this.config, ...args });
-  }
-
-  async rotateAuthKeyWithVerificationTransaction(args: {
-    fromAccount: Account;
-    toAccount: Account;
-  }): Promise<CommittedTransactionResponse> {
-    return rotateAuthKeyWithVerificationTransaction({ aptosConfig: this.config, ...args });
-  }
-
   /**
    * Sign a transaction that can later be submitted to the chain.
    * This function is essential for ensuring the authenticity of the transaction by using the provided account's signing capabilities.

package/src/client/post.ts

@@ -230,7 +230,6 @@ export async function postAptosIndexer<Req extends {}, Res extends {}>(
   options: PostAptosRequestOptions,
 ): Promise<AptosResponse<Req, Res>> {
   const { aptosConfig } = options;
-  console.log("request", JSON.stringify(options.body, null, 2));
 
   return post<Req, Res>({
     ...options,

package/src/internal/account.ts

@@ -21,7 +21,8 @@ import {
   GetObjectDataQueryResponse,
   isEd25519Signature,
   isMultiEd25519Signature,
-  isSingleSenderSignature,
+  isSingleSenderMultiKeySignature,
+  isSingleSenderSingleKeySignature,
   isUserTransactionResponse,
   LedgerVersionArg,
   MoveModuleBytecode,
@@ -29,12 +30,13 @@ import {
   MoveStructId,
   OrderByArg,
   PaginationArgs,
+  PendingTransactionResponse,
   TokenStandardArg,
   TransactionResponse,
   WhereArg,
 } from "../types";
 import { AccountAddress, AccountAddressInput } from "../core/accountAddress";
-import { Account } from "../account";
+import { Account, Ed25519Account, MultiEd25519Account } from "../account";
 import {
   AbstractMultiKey,
   AccountPublicKey,
@@ -49,6 +51,7 @@ import {
   Secp256k1PublicKey,
 } from "../core/crypto";
 import { queryIndexer } from "./general";
+import { getModules as getModulesUtil, getModule as getModuleUtil, getInfo as getInfoUtil } from "./utils";
 import {
   GetAccountCoinsCountQuery,
   GetAccountCoinsDataQuery,
@@ -77,7 +80,6 @@ import {
   GetAccountAddressesForAuthKey,
   GetSignatures,
 } from "../types/generated/queries";
-import { memoizeAsync } from "../utils/memoize";
 import { Secp256k1PrivateKey, AuthenticationKey, Ed25519PrivateKey, createObjectAddress, Hex } from "../core";
 import { CurrentFungibleAssetBalancesBoolExp } from "../types/generated/types";
 import { getTableItem } from "./table";
@@ -85,6 +87,10 @@ import { APTOS_COIN } from "../utils";
 import { AptosApiError } from "../errors";
 import { Deserializer } from "../bcs";
 import { getTransactionByVersion } from "./transaction";
+import { signAndSubmitTransaction, generateTransaction } from "./transactionSubmission";
+import { EntryFunctionABI, RotationProofChallenge, TypeTagU8, TypeTagVector } from "../transactions";
+import { U8, MoveVector } from "../bcs";
+import { waitForTransaction } from "./transaction";
 import { deriveKeylessAccount, DeriveKeylessAccountParams } from "./keyless";
 
 /**
@@ -99,13 +105,7 @@ export async function getInfo(args: {
   aptosConfig: AptosConfig;
   accountAddress: AccountAddressInput;
 }): Promise<AccountData> {
-  const { aptosConfig, accountAddress } = args;
-  const { data } = await getAptosFullNode<{}, AccountData>({
-    aptosConfig,
-    originMethod: "getInfo",
-    path: `accounts/${AccountAddress.from(accountAddress).toString()}`,
-  });
-  return data;
+  return getInfoUtil(args);
 }
 
 /**
@@ -125,17 +125,7 @@ export async function getModules(args: {
   accountAddress: AccountAddressInput;
   options?: PaginationArgs & LedgerVersionArg;
 }): Promise<MoveModuleBytecode[]> {
-  const { aptosConfig, accountAddress, options } = args;
-  return paginateWithObfuscatedCursor<{}, MoveModuleBytecode[]>({
-    aptosConfig,
-    originMethod: "getModules",
-    path: `accounts/${AccountAddress.from(accountAddress).toString()}/modules`,
-    params: {
-      ledger_version: options?.ledgerVersion,
-      offset: options?.offset,
-      limit: options?.limit ?? 1000,
-    },
-  });
+  return getModulesUtil(args);
 }
 
 /**
@@ -157,45 +147,7 @@ export async function getModule(args: {
   moduleName: string;
   options?: LedgerVersionArg;
 }): Promise<MoveModuleBytecode> {
-  // We don't memoize the account module by ledger version, as it's not a common use case, this would be handled
-  // by the developer directly
-  if (args.options?.ledgerVersion !== undefined) {
-    return getModuleInner(args);
-  }
-
-  return memoizeAsync(
-    async () => getModuleInner(args),
-    `module-${args.accountAddress}-${args.moduleName}`,
-    1000 * 60 * 5, // 5 minutes
-  )();
-}
-
-/**
- * Retrieves the bytecode of a specified module from a given account address.
- *
- * @param args - The parameters for retrieving the module bytecode.
- * @param args.aptosConfig - The configuration for connecting to the Aptos network.
- * @param args.accountAddress - The address of the account from which to retrieve the module.
- * @param args.moduleName - The name of the module to retrieve.
- * @param args.options - Optional parameters for specifying the ledger version.
- * @param args.options.ledgerVersion - The specific ledger version to query.
- * @group Implementation
- */
-async function getModuleInner(args: {
-  aptosConfig: AptosConfig;
-  accountAddress: AccountAddressInput;
-  moduleName: string;
-  options?: LedgerVersionArg;
-}): Promise<MoveModuleBytecode> {
-  const { aptosConfig, accountAddress, moduleName, options } = args;
-
-  const { data } = await getAptosFullNode<{}, MoveModuleBytecode>({
-    aptosConfig,
-    originMethod: "getModule",
-    path: `accounts/${AccountAddress.from(accountAddress).toString()}/module/${moduleName}`,
-    params: { ledger_version: options?.ledgerVersion },
-  });
-  return data;
+  return getModuleUtil(args);
 }
 
 /**
@@ -845,6 +797,197 @@ export async function isAccountExist(args: { aptosConfig: AptosConfig; authKey:
   }
 }
 
+const rotateAuthKeyAbi: EntryFunctionABI = {
+  typeParameters: [],
+  parameters: [
+    new TypeTagU8(),
+    TypeTagVector.u8(),
+    new TypeTagU8(),
+    TypeTagVector.u8(),
+    TypeTagVector.u8(),
+    TypeTagVector.u8(),
+  ],
+};
+
+/**
+ * Rotates the authentication key for a given account.
+ *
+ * @param args - The arguments for rotating the authentication key.
+ * @param args.aptosConfig - The configuration settings for the Aptos network.
+ * @param args.fromAccount - The account from which the authentication key will be rotated.
+ * @param args.toAccount - (Optional) The target account to rotate to. Required if not using toNewPrivateKey or toAuthKey.
+ * @param args.toNewPrivateKey - (Optional) The new private key to rotate to. Required if not using toAccount or toAuthKey.
+ * @param args.toAuthKey - (Optional) The new authentication key to rotate to. Can only be used with dangerouslySkipVerification=true.
+ * @param args.dangerouslySkipVerification - (Optional) If true, skips verification steps after rotation. Required when using toAuthKey.
+ *
+ * @remarks
+ * This function supports three modes of rotation:
+ * 1. Using a target Account object (toAccount)
+ * 2. Using a new private key (toNewPrivateKey)
+ * 3. Using a raw authentication key (toAuthKey) - requires dangerouslySkipVerification=true
+ *
+ * When not using dangerouslySkipVerification, the function performs additional safety checks and account setup.
+ *
+ * If the new key is a multi key, skipping verification is dangerous because verification will publish the public key onchain and
+ * prevent users from being locked out of the account from loss of knowledge of one of the public keys.
+ *
+ * @returns A promise that resolves to the pending transaction response.
+ * @throws Error if the rotation fails or verification fails.
+ *
+ * @group Implementation
+ */
+export async function rotateAuthKey(
+  args: {
+    aptosConfig: AptosConfig;
+    fromAccount: Account;
+  } & (
+    | { toAccount: Account; dangerouslySkipVerification?: never }
+    | { toNewPrivateKey: Ed25519PrivateKey; dangerouslySkipVerification?: never }
+    | { toAuthKey: AuthenticationKey; dangerouslySkipVerification: true }
+  ),
+): Promise<PendingTransactionResponse> {
+  const { aptosConfig, fromAccount, dangerouslySkipVerification } = args;
+  if ("toNewPrivateKey" in args) {
+    return rotateAuthKeyWithChallenge({
+      aptosConfig,
+      fromAccount,
+      toNewPrivateKey: args.toNewPrivateKey,
+    });
+  }
+  let authKey: AuthenticationKey;
+  if ("toAccount" in args) {
+    if (args.toAccount instanceof Ed25519Account) {
+      return rotateAuthKeyWithChallenge({ aptosConfig, fromAccount, toNewPrivateKey: args.toAccount.privateKey });
+    }
+    if (args.toAccount instanceof MultiEd25519Account) {
+      return rotateAuthKeyWithChallenge({ aptosConfig, fromAccount, toAccount: args.toAccount });
+    }
+    authKey = args.toAccount.publicKey.authKey();
+  } else if ("toAuthKey" in args) {
+    authKey = args.toAuthKey;
+  } else {
+    throw new Error("Invalid arguments");
+  }
+
+  const pendingTxn = await rotateAuthKeyUnverified({
+    aptosConfig,
+    fromAccount,
+    toAuthKey: authKey,
+  });
+
+  if (dangerouslySkipVerification === true) {
+    return pendingTxn;
+  }
+
+  const rotateAuthKeyTxnResponse = await waitForTransaction({
+    aptosConfig,
+    transactionHash: pendingTxn.hash,
+  });
+  if (!rotateAuthKeyTxnResponse.success) {
+    throw new Error(`Failed to rotate authentication key - ${rotateAuthKeyTxnResponse}`);
+  }
+
+  // Verify the rotation by setting the originating address to the new account.
+  // This verifies the rotation even if the transaction payload fails to execute successfully.
+  const verificationTxn = await generateTransaction({
+    aptosConfig,
+    sender: fromAccount.accountAddress,
+    data: {
+      function: "0x1::account::set_originating_address",
+      functionArguments: [],
+    },
+  });
+
+  return signAndSubmitTransaction({
+    aptosConfig,
+    signer: args.toAccount, // Use the new account to sign
+    transaction: verificationTxn,
+  });
+}
+
+async function rotateAuthKeyWithChallenge(
+  args: {
+    aptosConfig: AptosConfig;
+    fromAccount: Account;
+  } & ({ toNewPrivateKey: Ed25519PrivateKey } | { toAccount: MultiEd25519Account }),
+): Promise<PendingTransactionResponse> {
+  const { aptosConfig, fromAccount } = args;
+  const accountInfo = await getInfo({
+    aptosConfig,
+    accountAddress: fromAccount.accountAddress,
+  });
+
+  let newAccount: Account;
+  if ("toNewPrivateKey" in args) {
+    newAccount = Account.fromPrivateKey({ privateKey: args.toNewPrivateKey, legacy: true });
+  } else {
+    newAccount = args.toAccount;
+  }
+
+  const challenge = new RotationProofChallenge({
+    sequenceNumber: BigInt(accountInfo.sequence_number),
+    originator: fromAccount.accountAddress,
+    currentAuthKey: AccountAddress.from(accountInfo.authentication_key),
+    newPublicKey: newAccount.publicKey,
+  });
+
+  // Sign the challenge
+  const challengeHex = challenge.bcsToBytes();
+  const proofSignedByCurrentKey = fromAccount.sign(challengeHex);
+  const proofSignedByNewKey = newAccount.sign(challengeHex);
+
+  // Generate transaction
+  const rawTxn = await generateTransaction({
+    aptosConfig,
+    sender: fromAccount.accountAddress,
+    data: {
+      function: "0x1::account::rotate_authentication_key",
+      functionArguments: [
+        new U8(fromAccount.signingScheme), // from scheme
+        MoveVector.U8(fromAccount.publicKey.toUint8Array()),
+        new U8(newAccount.signingScheme), // to scheme
+        MoveVector.U8(newAccount.publicKey.toUint8Array()),
+        MoveVector.U8(proofSignedByCurrentKey.toUint8Array()),
+        MoveVector.U8(proofSignedByNewKey.toUint8Array()),
+      ],
+      abi: rotateAuthKeyAbi,
+    },
+  });
+  return signAndSubmitTransaction({
+    aptosConfig,
+    signer: fromAccount,
+    transaction: rawTxn,
+  });
+}
+
+const rotateAuthKeyUnverifiedAbi: EntryFunctionABI = {
+  typeParameters: [],
+  parameters: [TypeTagVector.u8()],
+};
+
+async function rotateAuthKeyUnverified(args: {
+  aptosConfig: AptosConfig;
+  fromAccount: Account;
+  toAuthKey: AuthenticationKey;
+}): Promise<PendingTransactionResponse> {
+  const { aptosConfig, fromAccount, toAuthKey } = args;
+  const authKey = toAuthKey;
+  const rawTxn = await generateTransaction({
+    aptosConfig,
+    sender: fromAccount.accountAddress,
+    data: {
+      function: "0x1::account::rotate_authentication_key_call",
+      functionArguments: [MoveVector.U8(authKey.toUint8Array())],
+      abi: rotateAuthKeyUnverifiedAbi,
+    },
+  });
+  return signAndSubmitTransaction({
+    aptosConfig,
+    signer: fromAccount,
+    transaction: rawTxn,
+  });
+}
+
 async function getMultiKeysForAuthenticationKeys(args: {
   aptosConfig: AptosConfig;
   authKeys: AuthenticationKey[];
@@ -980,6 +1123,7 @@ async function getLastestTransactionVersionForAddress(args: {
     variables: {
       where_condition: whereCondition,
       limit: 1,
+      order_by: { transaction_version: "desc" },
     },
   };
 
@@ -990,7 +1134,7 @@ async function getLastestTransactionVersionForAddress(args: {
   });
 
   if (data.length !== 1) {
-    throw new Error(`Expected 1 account address for address ${address}, got ${data.length}`);
+    throw new Error(`No signatures found for address ${address}`);
   }
   return Number(data[0].transaction_version);
 }
@@ -1102,6 +1246,7 @@ export async function getPublicKeyFromAccountAddress(args: {
     aptosConfig,
     accountAddress,
   });
+  console.log("lastTransactionVersion", lastTransactionVersion);
 
   const transaction = await getTransactionByVersion({ aptosConfig, ledgerVersion: lastTransactionVersion });
   if (!isUserTransactionResponse(transaction)) {
@@ -1121,17 +1266,17 @@ export async function getPublicKeyFromAccountAddress(args: {
       publicKeys: signature.public_keys.map((pk) => new Ed25519PublicKey(pk)),
       threshold: signature.threshold,
     });
-  } else if (isSingleSenderSignature(signature)) {
-    if (signature.public_key.type === "keyless") {
-      const deserializer = Deserializer.fromHex(signature.public_key.value);
-      publicKey = new AnyPublicKey(KeylessPublicKey.deserialize(deserializer));
-    } else if (signature.public_key.type === "ed25519") {
-      publicKey = new AnyPublicKey(new Ed25519PublicKey(signature.public_key.value));
-    } else if (signature.public_key.type === "secp256k1_ecdsa") {
-      publicKey = new AnyPublicKey(new Secp256k1PublicKey(signature.public_key.value));
-    } else {
-      throw new Error("Unknown public key type");
+  } else if (isSingleSenderSingleKeySignature(signature)) {
+    publicKey = parsePublicKey(signature.public_key);
+  } else if (isSingleSenderMultiKeySignature(signature)) {
+    const publicKeys: Array<PublicKey> = [];
+    for (const pk of signature.public_keys) {
+      publicKeys.push(parsePublicKey(pk));
     }
+    publicKey = new MultiKey({
+      publicKeys,
+      signaturesRequired: signature.signatures_required,
+    });
   } else {
     throw new Error("Unknown signature type");
   }
@@ -1191,3 +1336,17 @@ export async function getMultiKeyFromAuthenticationKey(args: {
 // } 
 
 type AccountDerivationParams = { privateKey: PrivateKey } | DeriveKeylessAccountParams;
+
+function parsePublicKey(data: { value: string; type: string }): AnyPublicKey {
+  if (data.type === "keyless") {
+    const deserializer = Deserializer.fromHex(data.value);
+    return new AnyPublicKey(KeylessPublicKey.deserialize(deserializer));
+  }
+  if (data.type === "ed25519") {
+    return new AnyPublicKey(new Ed25519PublicKey(data.value));
+  }
+  if (data.type === "secp256k1_ecdsa") {
+    return new AnyPublicKey(new Secp256k1PublicKey(data.value));
+  }
+  throw new Error("Unknown public key type");
+}