@cartridge/controller 0.5.1 → 0.5.2

package/dist/utils.js

@@ -2,12 +2,33 @@
 import {
   addAddressPadding,
   CallData,
+  getChecksumAddress,
   hash,
   typedData,
   TypedDataRevision
 } from "starknet";
+var ALLOWED_PROPERTIES = /* @__PURE__ */ new Set([
+  "contracts",
+  "messages",
+  "target",
+  "method",
+  "name",
+  "description",
+  "types",
+  "domain",
+  "primaryType"
+]);
+function validatePropertyName(prop) {
+  if (!ALLOWED_PROPERTIES.has(prop)) {
+    throw new Error(`Invalid property name: ${prop}`);
+  }
+}
+function safeObjectAccess(obj, prop) {
+  validatePropertyName(prop);
+  return obj[prop];
+}
 function normalizeCalls(calls) {
-  return (Array.isArray(calls) ? calls : [calls]).map((call) => {
+  return toArray(calls).map((call) => {
     return {
       entrypoint: call.entrypoint,
       contractAddress: addAddressPadding(call.contractAddress),
@@ -15,33 +36,78 @@ function normalizeCalls(calls) {
     };
   });
 }
+function toSessionPolicies(policies) {
+  return Array.isArray(policies) ? policies.reduce(
+    (prev, p) => {
+      if (safeObjectAccess(p, "target")) {
+        const target = getChecksumAddress(
+          safeObjectAccess(p, "target")
+        );
+        const entrypoint = safeObjectAccess(p, "method");
+        const contracts = safeObjectAccess(
+          prev,
+          "contracts"
+        );
+        const item = {
+          name: humanizeString(entrypoint),
+          entrypoint,
+          description: safeObjectAccess(p, "description")
+        };
+        if (target in contracts) {
+          const methods = toArray(contracts[target].methods);
+          contracts[target] = {
+            methods: [...methods, item]
+          };
+        } else {
+          contracts[target] = {
+            methods: [item]
+          };
+        }
+      } else {
+        const messages = safeObjectAccess(prev, "messages");
+        messages.push(p);
+      }
+      return prev;
+    },
+    { contracts: {}, messages: [] }
+  ) : policies;
+}
 function toWasmPolicies(policies) {
-  return policies.map((richPolicy) => {
-    if ("target" in richPolicy) {
-      return {
-        target: richPolicy.target,
-        method: richPolicy.method
-      };
-    } else {
+  return [
+    ...Object.entries(policies.contracts ?? {}).flatMap(
+      ([target, { methods }]) => toArray(methods).map((m) => ({
+        target,
+        method: m.entrypoint
+      }))
+    ),
+    ...(policies.messages ?? []).map((p) => {
       const domainHash = typedData.getStructHash(
-        richPolicy.types,
+        p.types,
         "StarknetDomain",
-        richPolicy.domain,
+        p.domain,
         TypedDataRevision.ACTIVE
       );
       const typeHash = typedData.getTypeHash(
-        richPolicy.types,
-        richPolicy.primaryType,
+        p.types,
+        p.primaryType,
         TypedDataRevision.ACTIVE
       );
       return {
         scope_hash: hash.computePoseidonHash(domainHash, typeHash)
       };
-    }
-  });
+    })
+  ];
+}
+function toArray(val) {
+  return Array.isArray(val) ? val : [val];
+}
+function humanizeString(str) {
+  return str.replace(/([a-z])([A-Z])/g, "$1 $2").replace(/_/g, " ").toLowerCase().replace(/^\w/, (c) => c.toUpperCase());
 }
 export {
   normalizeCalls,
+  toArray,
+  toSessionPolicies,
   toWasmPolicies
 };
 //# sourceMappingURL=utils.js.map

package/dist/utils.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/utils.ts"],"sourcesContent":["import {\n  addAddressPadding,\n  Call,\n  CallData,\n  hash,\n  typedData,\n  TypedDataRevision,\n} from \"starknet\";\nimport { Policy } from \"./types\";\nimport wasm from \"@cartridge/account-wasm/controller\";\n\nexport function normalizeCalls(calls: Call | Call[]) {\n  return (Array.isArray(calls) ? calls : [calls]).map((call) => {\n    return {\n      entrypoint: call.entrypoint,\n      contractAddress: addAddressPadding(call.contractAddress),\n      calldata: CallData.toHex(call.calldata),\n    };\n  });\n}\n\nexport function toWasmPolicies(policies: Policy[]): wasm.Policy[] {\n  return policies.map((richPolicy) => {\n    if (\"target\" in richPolicy) {\n      return {\n        target: richPolicy.target,\n        method: richPolicy.method,\n      };\n    } else {\n      const domainHash = typedData.getStructHash(\n        richPolicy.types,\n        \"StarknetDomain\",\n        richPolicy.domain,\n        TypedDataRevision.ACTIVE,\n      );\n      const typeHash = typedData.getTypeHash(\n        richPolicy.types,\n        richPolicy.primaryType,\n        TypedDataRevision.ACTIVE,\n      );\n\n      return {\n        scope_hash: hash.computePoseidonHash(domainHash, typeHash),\n      };\n    }\n  });\n}\n"],"mappings":";AAAA;AAAA,EACE;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAIA,SAAS,eAAe,OAAsB;AACnD,UAAQ,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK,GAAG,IAAI,CAAC,SAAS;AAC5D,WAAO;AAAA,MACL,YAAY,KAAK;AAAA,MACjB,iBAAiB,kBAAkB,KAAK,eAAe;AAAA,MACvD,UAAU,SAAS,MAAM,KAAK,QAAQ;AAAA,IACxC;AAAA,EACF,CAAC;AACH;AAEO,SAAS,eAAe,UAAmC;AAChE,SAAO,SAAS,IAAI,CAAC,eAAe;AAClC,QAAI,YAAY,YAAY;AAC1B,aAAO;AAAA,QACL,QAAQ,WAAW;AAAA,QACnB,QAAQ,WAAW;AAAA,MACrB;AAAA,IACF,OAAO;AACL,YAAM,aAAa,UAAU;AAAA,QAC3B,WAAW;AAAA,QACX;AAAA,QACA,WAAW;AAAA,QACX,kBAAkB;AAAA,MACpB;AACA,YAAM,WAAW,UAAU;AAAA,QACzB,WAAW;AAAA,QACX,WAAW;AAAA,QACX,kBAAkB;AAAA,MACpB;AAEA,aAAO;AAAA,QACL,YAAY,KAAK,oBAAoB,YAAY,QAAQ;AAAA,MAC3D;AAAA,IACF;AAAA,EACF,CAAC;AACH;","names":[]}
+{"version":3,"sources":["../src/utils.ts"],"sourcesContent":["import {\n  addAddressPadding,\n  Call,\n  CallData,\n  getChecksumAddress,\n  hash,\n  typedData,\n  TypedDataRevision,\n} from \"starknet\";\nimport wasm from \"@cartridge/account-wasm/controller\";\nimport { Policies, SessionPolicies } from \"@cartridge/presets\";\n\n// Whitelist of allowed property names to prevent prototype pollution\nconst ALLOWED_PROPERTIES = new Set([\n  \"contracts\",\n  \"messages\",\n  \"target\",\n  \"method\",\n  \"name\",\n  \"description\",\n  \"types\",\n  \"domain\",\n  \"primaryType\",\n]);\n\nfunction validatePropertyName(prop: string): void {\n  if (!ALLOWED_PROPERTIES.has(prop)) {\n    throw new Error(`Invalid property name: ${prop}`);\n  }\n}\n\nfunction safeObjectAccess<T>(obj: any, prop: string): T {\n  validatePropertyName(prop);\n  return obj[prop];\n}\n\nexport function normalizeCalls(calls: Call | Call[]) {\n  return toArray(calls).map((call) => {\n    return {\n      entrypoint: call.entrypoint,\n      contractAddress: addAddressPadding(call.contractAddress),\n      calldata: CallData.toHex(call.calldata),\n    };\n  });\n}\n\nexport function toSessionPolicies(policies: Policies): SessionPolicies {\n  return Array.isArray(policies)\n    ? policies.reduce<SessionPolicies>(\n        (prev, p) => {\n          if (safeObjectAccess<string>(p, \"target\")) {\n            const target = getChecksumAddress(\n              safeObjectAccess<string>(p, \"target\"),\n            );\n            const entrypoint = safeObjectAccess<string>(p, \"method\");\n            const contracts = safeObjectAccess<Record<string, any>>(\n              prev,\n              \"contracts\",\n            );\n            const item = {\n              name: humanizeString(entrypoint),\n              entrypoint: entrypoint,\n              description: safeObjectAccess<string>(p, \"description\"),\n            };\n\n            if (target in contracts) {\n              const methods = toArray(contracts[target].methods);\n              contracts[target] = {\n                methods: [...methods, item],\n              };\n            } else {\n              contracts[target] = {\n                methods: [item],\n              };\n            }\n          } else {\n            const messages = safeObjectAccess<any[]>(prev, \"messages\");\n            messages.push(p);\n          }\n\n          return prev;\n        },\n        { contracts: {}, messages: [] },\n      )\n    : policies;\n}\n\nexport function toWasmPolicies(policies: SessionPolicies): wasm.Policy[] {\n  return [\n    ...Object.entries(policies.contracts ?? {}).flatMap(\n      ([target, { methods }]) =>\n        toArray(methods).map((m) => ({\n          target,\n          method: m.entrypoint,\n        })),\n    ),\n    ...(policies.messages ?? []).map((p) => {\n      const domainHash = typedData.getStructHash(\n        p.types,\n        \"StarknetDomain\",\n        p.domain,\n        TypedDataRevision.ACTIVE,\n      );\n      const typeHash = typedData.getTypeHash(\n        p.types,\n        p.primaryType,\n        TypedDataRevision.ACTIVE,\n      );\n\n      return {\n        scope_hash: hash.computePoseidonHash(domainHash, typeHash),\n      };\n    }),\n  ];\n}\n\nexport function toArray<T>(val: T | T[]): T[] {\n  return Array.isArray(val) ? val : [val];\n}\n\nfunction humanizeString(str: string): string {\n  return (\n    str\n      // Convert from camelCase or snake_case\n      .replace(/([a-z])([A-Z])/g, \"$1 $2\") // camelCase to spaces\n      .replace(/_/g, \" \") // snake_case to spaces\n      .toLowerCase()\n      // Capitalize first letter\n      .replace(/^\\w/, (c) => c.toUpperCase())\n  );\n}\n"],"mappings":";AAAA;AAAA,EACE;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAKP,IAAM,qBAAqB,oBAAI,IAAI;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,SAAS,qBAAqB,MAAoB;AAChD,MAAI,CAAC,mBAAmB,IAAI,IAAI,GAAG;AACjC,UAAM,IAAI,MAAM,0BAA0B,IAAI,EAAE;AAAA,EAClD;AACF;AAEA,SAAS,iBAAoB,KAAU,MAAiB;AACtD,uBAAqB,IAAI;AACzB,SAAO,IAAI,IAAI;AACjB;AAEO,SAAS,eAAe,OAAsB;AACnD,SAAO,QAAQ,KAAK,EAAE,IAAI,CAAC,SAAS;AAClC,WAAO;AAAA,MACL,YAAY,KAAK;AAAA,MACjB,iBAAiB,kBAAkB,KAAK,eAAe;AAAA,MACvD,UAAU,SAAS,MAAM,KAAK,QAAQ;AAAA,IACxC;AAAA,EACF,CAAC;AACH;AAEO,SAAS,kBAAkB,UAAqC;AACrE,SAAO,MAAM,QAAQ,QAAQ,IACzB,SAAS;AAAA,IACP,CAAC,MAAM,MAAM;AACX,UAAI,iBAAyB,GAAG,QAAQ,GAAG;AACzC,cAAM,SAAS;AAAA,UACb,iBAAyB,GAAG,QAAQ;AAAA,QACtC;AACA,cAAM,aAAa,iBAAyB,GAAG,QAAQ;AACvD,cAAM,YAAY;AAAA,UAChB;AAAA,UACA;AAAA,QACF;AACA,cAAM,OAAO;AAAA,UACX,MAAM,eAAe,UAAU;AAAA,UAC/B;AAAA,UACA,aAAa,iBAAyB,GAAG,aAAa;AAAA,QACxD;AAEA,YAAI,UAAU,WAAW;AACvB,gBAAM,UAAU,QAAQ,UAAU,MAAM,EAAE,OAAO;AACjD,oBAAU,MAAM,IAAI;AAAA,YAClB,SAAS,CAAC,GAAG,SAAS,IAAI;AAAA,UAC5B;AAAA,QACF,OAAO;AACL,oBAAU,MAAM,IAAI;AAAA,YAClB,SAAS,CAAC,IAAI;AAAA,UAChB;AAAA,QACF;AAAA,MACF,OAAO;AACL,cAAM,WAAW,iBAAwB,MAAM,UAAU;AACzD,iBAAS,KAAK,CAAC;AAAA,MACjB;AAEA,aAAO;AAAA,IACT;AAAA,IACA,EAAE,WAAW,CAAC,GAAG,UAAU,CAAC,EAAE;AAAA,EAChC,IACA;AACN;AAEO,SAAS,eAAe,UAA0C;AACvE,SAAO;AAAA,IACL,GAAG,OAAO,QAAQ,SAAS,aAAa,CAAC,CAAC,EAAE;AAAA,MAC1C,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,MACnB,QAAQ,OAAO,EAAE,IAAI,CAAC,OAAO;AAAA,QAC3B;AAAA,QACA,QAAQ,EAAE;AAAA,MACZ,EAAE;AAAA,IACN;AAAA,IACA,IAAI,SAAS,YAAY,CAAC,GAAG,IAAI,CAAC,MAAM;AACtC,YAAM,aAAa,UAAU;AAAA,QAC3B,EAAE;AAAA,QACF;AAAA,QACA,EAAE;AAAA,QACF,kBAAkB;AAAA,MACpB;AACA,YAAM,WAAW,UAAU;AAAA,QACzB,EAAE;AAAA,QACF,EAAE;AAAA,QACF,kBAAkB;AAAA,MACpB;AAEA,aAAO;AAAA,QACL,YAAY,KAAK,oBAAoB,YAAY,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEO,SAAS,QAAW,KAAmB;AAC5C,SAAO,MAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,GAAG;AACxC;AAEA,SAAS,eAAe,KAAqB;AAC3C,SACE,IAEG,QAAQ,mBAAmB,OAAO,EAClC,QAAQ,MAAM,GAAG,EACjB,YAAY,EAEZ,QAAQ,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC;AAE5C;","names":[]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cartridge/controller",
-  "version": "0.5.1",
+  "version": "0.5.2",
   "description": "Cartridge Controller",
   "module": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -31,15 +31,17 @@
     "fast-deep-equal": "^3.1.3",
     "query-string": "^7.1.1",
     "starknet": "^6.11.0",
-    "@cartridge/account-wasm": "^0.5.1"
+    "@cartridge/account-wasm": "0.5.2",
+    "@cartridge/presets": "0.5.2"
   },
   "devDependencies": {
     "@types/node": "^20.6.0",
     "typescript": "^5.4.5",
-    "@cartridge/tsconfig": "^0.5.1"
+    "@cartridge/tsconfig": "0.5.2"
   },
   "scripts": {
     "build:deps": "tsup --dts-resolve",
+    "build": "pnpm build:deps",
     "format": "prettier --write \"src/**/*.ts\"",
     "format:check": "prettier --check \"src/**/*.ts\"",
     "version": "pnpm pkg get version"

package/src/account.ts

@@ -17,6 +17,7 @@ import {
 } from "./types";
 import { AsyncMethodReturns } from "@cartridge/penpal";
 import BaseProvider from "./provider";
+import { toArray } from "./utils";
 
 class ControllerAccount extends WalletAccount {
   address: string;
@@ -52,7 +53,7 @@ class ControllerAccount extends WalletAccount {
    * @returns response from addTransaction
    */
   async execute(calls: AllowArray<Call>): Promise<InvokeFunctionResponse> {
-    calls = Array.isArray(calls) ? calls : [calls];
+    calls = toArray(calls);
 
     return new Promise(async (resolve, reject) => {
       const sessionExecute = await this.keychain.execute(

package/src/constants.ts

@@ -1,2 +1,3 @@
 export const KEYCHAIN_URL = "https://x.cartridge.gg";
 export const PROFILE_URL = "https://profile.cartridge.gg";
+export const API_URL = "https://api.cartridge.gg";

package/src/controller.ts

@@ -5,7 +5,6 @@ import { KeychainIFrame, ProfileIFrame } from "./iframe";
 import { NotReadyToConnect } from "./errors";
 import {
   Keychain,
-  Policy,
   ResponseCodes,
   ConnectReply,
   ProbeReply,
@@ -17,6 +16,7 @@ import {
 } from "./types";
 import BaseProvider from "./provider";
 import { WalletAccount } from "starknet";
+import { Policy } from "@cartridge/presets";
 
 export default class ControllerProvider extends BaseProvider {
   private keychain?: AsyncMethodReturns<Keychain>;

package/src/iframe/base.ts

@@ -1,5 +1,4 @@
 import { AsyncMethodReturns, connectToChild } from "@cartridge/penpal";
-import { defaultPresets } from "../presets";
 import { ControllerOptions, Modal } from "../types";
 
 export type IFrameOptions<CallSender> = Omit<
@@ -35,14 +34,9 @@ export class IFrame<CallSender extends {}> implements Modal {
       return;
     }
 
-    url.searchParams.set(
-      "theme",
-      encodeURIComponent(
-        JSON.stringify(
-          defaultPresets[theme ?? "cartridge"] ?? defaultPresets.cartridge,
-        ),
-      ),
-    );
+    if (theme) {
+      url.searchParams.set("theme", encodeURIComponent(theme));
+    }
 
     if (colorMode) {
       url.searchParams.set("colorMode", colorMode);

package/src/iframe/profile.ts

@@ -24,10 +24,12 @@ export class ProfileIFrame extends IFrame<Profile> {
     const _url = new URL(
       slot
         ? namespace
-          ? `${_profileUrl}/account/${username}/slot/${slot}?ns=${encodeURIComponent(
-              namespace,
+          ? `${_profileUrl}/account/${username}/slot/${slot}?ps=${encodeURIComponent(
+              slot,
+            )}&ns=${encodeURIComponent(namespace)}`
+          : `${_profileUrl}/account/${username}/slot/${slot}?ps=${encodeURIComponent(
+              slot,
             )}`
-          : `${_profileUrl}/account/${username}/slot/${slot}`
         : `${_profileUrl}/account/${username}`,
     );
 

package/src/index.ts

@@ -1,5 +1,7 @@
 export { default } from "./controller";
 export * from "./errors";
 export * from "./types";
+export * from "./lookup";
 
-export { defaultPresets } from "./presets";
+export { toWasmPolicies, toSessionPolicies, toArray } from "./utils";
+export * from "@cartridge/presets";

package/src/lookup.ts

@@ -0,0 +1,68 @@
+import { LookupRequest, LookupResponse } from "./types";
+import { num } from "starknet";
+import { API_URL } from "./constants";
+
+const cache = new Map<string, string>();
+
+async function lookup(request: LookupRequest): Promise<LookupResponse> {
+  if (!request.addresses?.length && !request.usernames?.length) {
+    return { results: [] };
+  }
+
+  const response = await fetch(`${API_URL}/lookup`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify(request),
+  });
+
+  if (!response.ok) {
+    throw new Error(`HTTP error! status: ${response.status}`);
+  }
+
+  return response.json();
+}
+
+export async function lookupUsernames(
+  usernames: string[],
+): Promise<Map<string, string>> {
+  const uncachedUsernames = usernames.filter((name) => !cache.has(name));
+
+  if (uncachedUsernames.length > 0) {
+    const response = await lookup({ usernames: uncachedUsernames });
+
+    response.results.forEach((result) => {
+      cache.set(result.username, result.addresses[0]); // TODO: handle multiple controller addresses
+    });
+  }
+
+  return new Map(
+    usernames
+      .map((name) => [name, cache.get(name)] as [string, string])
+      .filter((entry): entry is [string, string] => entry[1] !== undefined),
+  );
+}
+
+export async function lookupAddresses(
+  addresses: string[],
+): Promise<Map<string, string>> {
+  addresses = addresses.map(num.toHex);
+  const uncachedAddresses = addresses.filter((addr) => !cache.has(addr));
+
+  if (uncachedAddresses.length > 0) {
+    const response = await lookup({
+      addresses: uncachedAddresses,
+    });
+
+    response.results.forEach((result) => {
+      cache.set(result.addresses[0], result.username); // TODO: handle multiple controller addresses
+    });
+  }
+
+  return new Map(
+    addresses
+      .map((addr) => [addr, cache.get(addr)] as [string, string])
+      .filter((entry): entry is [string, string] => entry[1] !== undefined),
+  );
+}

package/src/session/account.ts

@@ -7,7 +7,6 @@ import BaseProvider from "../provider";
 
 export * from "../errors";
 export * from "../types";
-export { defaultPresets } from "../presets";
 
 export default class SessionAccount extends WalletAccount {
   public controller: CartridgeSessionAccount;

package/src/session/index.ts

@@ -2,5 +2,3 @@ export { default } from "./provider";
 export * from "./provider";
 export * from "../errors";
 export * from "../types";
-
-export { defaultPresets } from "../presets";

package/src/session/provider.ts

@@ -1,10 +1,10 @@
-import { Policy } from "../types";
 import { ec, stark, WalletAccount } from "starknet";
 
 import SessionAccount from "./account";
 import { KEYCHAIN_URL } from "../constants";
 import BaseProvider from "../provider";
-import { toWasmPolicies } from "src/utils";
+import { toWasmPolicies } from "../utils";
+import { SessionPolicies } from "@cartridge/presets";
 
 interface SessionRegistration {
   username: string;
@@ -17,7 +17,7 @@ interface SessionRegistration {
 export type SessionOptions = {
   rpc: string;
   chainId: string;
-  policies: Policy[];
+  policies: SessionPolicies;
   redirectUrl: string;
 };
 
@@ -29,7 +29,7 @@ export default class SessionProvider extends BaseProvider {
 
   protected _username?: string;
   protected _redirectUrl: string;
-  protected _policies: Policy[];
+  protected _policies: SessionPolicies;
 
   constructor({ rpc, chainId, policies, redirectUrl }: SessionOptions) {
     super({ rpc });

package/src/telegram/provider.ts

@@ -6,11 +6,11 @@ import {
 } from "@telegram-apps/sdk";
 import { ec, stark, WalletAccount } from "starknet";
 
-import { KEYCHAIN_URL } from "src/constants";
-import { Policy } from "src/types";
-import SessionAccount from "src/session/account";
-import BaseProvider from "src/provider";
-import { toWasmPolicies } from "src/utils";
+import { KEYCHAIN_URL } from "../constants";
+import SessionAccount from "../session/account";
+import BaseProvider from "../provider";
+import { toWasmPolicies } from "../utils";
+import { SessionPolicies } from "@cartridge/presets";
 
 interface SessionRegistration {
   username: string;
@@ -24,7 +24,7 @@ export default class TelegramProvider extends BaseProvider {
   private _tmaUrl: string;
   protected _chainId: string;
   protected _username?: string;
-  protected _policies: Policy[];
+  protected _policies: SessionPolicies;
 
   constructor({
     rpc,
@@ -34,7 +34,7 @@ export default class TelegramProvider extends BaseProvider {
   }: {
     rpc: string;
     chainId: string;
-    policies: Policy[];
+    policies: SessionPolicies;
     tmaUrl: string;
   }) {
     super({

package/src/types.ts

@@ -8,11 +8,15 @@ import {
 import {
   AddInvokeTransactionResult,
   Signature,
-  StarknetDomain,
-  StarknetType,
   TypedData,
 } from "@starknet-io/types-js";
 import { KeychainIFrame, ProfileIFrame } from "./iframe";
+import {
+  ColorMode,
+  Policies,
+  Policy,
+  SessionPolicies,
+} from "@cartridge/presets";
 
 export type Session = {
   chainId: constants.StarknetChainId;
@@ -25,20 +29,6 @@ export type Session = {
   };
 };
 
-export type Policy = CallPolicy | TypedDataPolicy;
-
-export type CallPolicy = {
-  target: string;
-  method: string;
-  description?: string;
-};
-
-export type TypedDataPolicy = {
-  types: Record<string, StarknetType[]>;
-  primaryType: string;
-  domain: StarknetDomain;
-};
-
 export enum ResponseCodes {
   SUCCESS = "SUCCESS",
   NOT_CONNECTED = "NOT_CONNECTED",
@@ -62,7 +52,7 @@ export type ControllerError = {
 export type ConnectReply = {
   code: ResponseCodes.SUCCESS;
   address: string;
-  policies: Policy[];
+  policies: SessionPolicies;
 };
 
 export type ExecuteReply =
@@ -88,6 +78,20 @@ export type IFrames = {
   profile?: ProfileIFrame;
 };
 
+export interface LookupRequest {
+  usernames?: string[];
+  addresses?: string[];
+}
+
+export interface LookupResult {
+  username: string;
+  addresses: string[];
+}
+
+export interface LookupResponse {
+  results: LookupResult[];
+}
+
 type ContractAddress = string;
 type CartridgeID = string;
 export type ControllerAccounts = Record<ContractAddress, CartridgeID>;
@@ -95,7 +99,7 @@ export type ControllerAccounts = Record<ContractAddress, CartridgeID>;
 export interface Keychain {
   probe(rpcUrl: string): Promise<ProbeReply | ConnectError>;
   connect(
-    policies: Policy[],
+    policies: Policies,
     rpcUrl: string,
   ): Promise<ConnectReply | ConnectError>;
   disconnect(): void;
@@ -160,7 +164,7 @@ export type ProviderOptions = {
 };
 
 export type KeychainOptions = IFrameOptions & {
-  policies?: Policy[];
+  policies?: Policies;
   /** The URL of keychain */
   url?: string;
   /** The origin of keychain */
@@ -186,31 +190,6 @@ export type ProfileContextTypeVariant =
   | "achievements"
   | "activity";
 
-export type ColorMode = "light" | "dark";
-
-export type ControllerTheme = {
-  id: string;
-  name: string;
-  icon: string;
-  cover: ThemeValue<string>;
-  colorMode: ColorMode;
-};
-
-export type ControllerThemePresets = Record<string, ControllerThemePreset>;
-
-export type ControllerThemePreset = Omit<ControllerTheme, "colorMode"> & {
-  colors?: ControllerColors;
-};
-
-export type ControllerColors = {
-  primary?: ControllerColor;
-  primaryForeground?: ControllerColor;
-};
-
-export type ControllerColor = ThemeValue<string>;
-
-export type ThemeValue<T> = T | { dark: T; light: T };
-
 export type Prefund = { address: string; min: string };
 
 export type Tokens = {

package/src/utils.ts

@@ -2,15 +2,40 @@ import {
   addAddressPadding,
   Call,
   CallData,
+  getChecksumAddress,
   hash,
   typedData,
   TypedDataRevision,
 } from "starknet";
-import { Policy } from "./types";
 import wasm from "@cartridge/account-wasm/controller";
+import { Policies, SessionPolicies } from "@cartridge/presets";
+
+// Whitelist of allowed property names to prevent prototype pollution
+const ALLOWED_PROPERTIES = new Set([
+  "contracts",
+  "messages",
+  "target",
+  "method",
+  "name",
+  "description",
+  "types",
+  "domain",
+  "primaryType",
+]);
+
+function validatePropertyName(prop: string): void {
+  if (!ALLOWED_PROPERTIES.has(prop)) {
+    throw new Error(`Invalid property name: ${prop}`);
+  }
+}
+
+function safeObjectAccess<T>(obj: any, prop: string): T {
+  validatePropertyName(prop);
+  return obj[prop];
+}
 
 export function normalizeCalls(calls: Call | Call[]) {
-  return (Array.isArray(calls) ? calls : [calls]).map((call) => {
+  return toArray(calls).map((call) => {
     return {
       entrypoint: call.entrypoint,
       contractAddress: addAddressPadding(call.contractAddress),
@@ -19,29 +44,88 @@ export function normalizeCalls(calls: Call | Call[]) {
   });
 }
 
-export function toWasmPolicies(policies: Policy[]): wasm.Policy[] {
-  return policies.map((richPolicy) => {
-    if ("target" in richPolicy) {
-      return {
-        target: richPolicy.target,
-        method: richPolicy.method,
-      };
-    } else {
+export function toSessionPolicies(policies: Policies): SessionPolicies {
+  return Array.isArray(policies)
+    ? policies.reduce<SessionPolicies>(
+        (prev, p) => {
+          if (safeObjectAccess<string>(p, "target")) {
+            const target = getChecksumAddress(
+              safeObjectAccess<string>(p, "target"),
+            );
+            const entrypoint = safeObjectAccess<string>(p, "method");
+            const contracts = safeObjectAccess<Record<string, any>>(
+              prev,
+              "contracts",
+            );
+            const item = {
+              name: humanizeString(entrypoint),
+              entrypoint: entrypoint,
+              description: safeObjectAccess<string>(p, "description"),
+            };
+
+            if (target in contracts) {
+              const methods = toArray(contracts[target].methods);
+              contracts[target] = {
+                methods: [...methods, item],
+              };
+            } else {
+              contracts[target] = {
+                methods: [item],
+              };
+            }
+          } else {
+            const messages = safeObjectAccess<any[]>(prev, "messages");
+            messages.push(p);
+          }
+
+          return prev;
+        },
+        { contracts: {}, messages: [] },
+      )
+    : policies;
+}
+
+export function toWasmPolicies(policies: SessionPolicies): wasm.Policy[] {
+  return [
+    ...Object.entries(policies.contracts ?? {}).flatMap(
+      ([target, { methods }]) =>
+        toArray(methods).map((m) => ({
+          target,
+          method: m.entrypoint,
+        })),
+    ),
+    ...(policies.messages ?? []).map((p) => {
       const domainHash = typedData.getStructHash(
-        richPolicy.types,
+        p.types,
         "StarknetDomain",
-        richPolicy.domain,
+        p.domain,
         TypedDataRevision.ACTIVE,
       );
       const typeHash = typedData.getTypeHash(
-        richPolicy.types,
-        richPolicy.primaryType,
+        p.types,
+        p.primaryType,
         TypedDataRevision.ACTIVE,
       );
 
       return {
         scope_hash: hash.computePoseidonHash(domainHash, typeHash),
       };
-    }
-  });
+    }),
+  ];
+}
+
+export function toArray<T>(val: T | T[]): T[] {
+  return Array.isArray(val) ? val : [val];
+}
+
+function humanizeString(str: string): string {
+  return (
+    str
+      // Convert from camelCase or snake_case
+      .replace(/([a-z])([A-Z])/g, "$1 $2") // camelCase to spaces
+      .replace(/_/g, " ") // snake_case to spaces
+      .toLowerCase()
+      // Capitalize first letter
+      .replace(/^\w/, (c) => c.toUpperCase())
+  );
 }