@cartridge/controller 0.5.9 → 0.7.0

package/src/session/provider.ts

@@ -6,6 +6,7 @@ import BaseProvider from "../provider";
 import { toWasmPolicies } from "../utils";
 import { SessionPolicies } from "@cartridge/presets";
 import { AddStarknetChainParameters } from "@starknet-io/types-js";
+import { ParsedSessionPolicies } from "../policies";
 
 interface SessionRegistration {
   username: string;
@@ -20,6 +21,7 @@ export type SessionOptions = {
   chainId: string;
   policies: SessionPolicies;
   redirectUrl: string;
+  keychainUrl?: string;
 };
 
 export default class SessionProvider extends BaseProvider {
@@ -30,39 +32,110 @@ export default class SessionProvider extends BaseProvider {
   protected _rpcUrl: string;
   protected _username?: string;
   protected _redirectUrl: string;
-  protected _policies: SessionPolicies;
+  protected _policies: ParsedSessionPolicies;
+  protected _keychainUrl: string;
 
-  constructor({ rpc, chainId, policies, redirectUrl }: SessionOptions) {
+  constructor({
+    rpc,
+    chainId,
+    policies,
+    redirectUrl,
+    keychainUrl,
+  }: SessionOptions) {
     super();
 
+    this._policies = {
+      verified: false,
+      contracts: policies.contracts
+        ? Object.fromEntries(
+            Object.entries(policies.contracts).map(([address, contract]) => [
+              address,
+              {
+                ...contract,
+                methods: contract.methods.map((method) => ({
+                  ...method,
+                  authorized: true,
+                })),
+              },
+            ]),
+          )
+        : undefined,
+      messages: policies.messages?.map((message) => ({
+        ...message,
+        authorized: true,
+      })),
+    };
+
     this._rpcUrl = rpc;
     this._chainId = chainId;
     this._redirectUrl = redirectUrl;
-    this._policies = policies;
+    this._keychainUrl = keychainUrl || KEYCHAIN_URL;
 
     if (typeof window !== "undefined") {
       (window as any).starknet_controller_session = this;
     }
   }
 
+  private validatePoliciesSubset(
+    newPolicies: ParsedSessionPolicies,
+    existingPolicies: ParsedSessionPolicies,
+  ): boolean {
+    if (newPolicies.contracts) {
+      if (!existingPolicies.contracts) return false;
+
+      for (const [address, contract] of Object.entries(newPolicies.contracts)) {
+        const existingContract = existingPolicies.contracts[address];
+        if (!existingContract) return false;
+
+        for (const method of contract.methods) {
+          const existingMethod = existingContract.methods.find(
+            (m) => m.entrypoint === method.entrypoint,
+          );
+          if (!existingMethod || !existingMethod.authorized) return false;
+        }
+      }
+    }
+
+    if (newPolicies.messages) {
+      if (!existingPolicies.messages) return false;
+
+      for (const message of newPolicies.messages) {
+        const existingMessage = existingPolicies.messages.find(
+          (m) =>
+            JSON.stringify(m.domain) === JSON.stringify(message.domain) &&
+            JSON.stringify(m.types) === JSON.stringify(message.types),
+        );
+        if (!existingMessage || !existingMessage.authorized) return false;
+      }
+    }
+
+    return true;
+  }
+
   async username() {
     await this.tryRetrieveFromQueryOrStorage();
     return this._username;
   }
 
   async probe(): Promise<WalletAccount | undefined> {
-    await this.tryRetrieveFromQueryOrStorage();
-    return;
+    if (this.account) {
+      return this.account;
+    }
+
+    this.account = await this.tryRetrieveFromQueryOrStorage();
+    return this.account;
   }
 
   async connect(): Promise<WalletAccount | undefined> {
-    await this.tryRetrieveFromQueryOrStorage();
+    if (this.account) {
+      return this.account;
+    }
 
+    this.account = await this.tryRetrieveFromQueryOrStorage();
     if (this.account) {
-      return;
+      return this.account;
     }
 
-    // Generate a random local key pair
     const pk = stark.randomAddress();
     const publicKey = ec.starkCurve.getStarkKey(pk);
 
@@ -74,7 +147,11 @@ export default class SessionProvider extends BaseProvider {
       }),
     );
 
-    const url = `${KEYCHAIN_URL}/session?public_key=${publicKey}&redirect_uri=${
+    localStorage.setItem("sessionPolicies", JSON.stringify(this._policies));
+
+    const url = `${
+      this._keychainUrl
+    }/session?public_key=${publicKey}&redirect_uri=${
       this._redirectUrl
     }&redirect_query_name=startapp&policies=${JSON.stringify(
       this._policies,
@@ -83,7 +160,7 @@ export default class SessionProvider extends BaseProvider {
     localStorage.setItem("lastUsedConnector", this.id);
     window.open(url, "_blank");
 
-    return;
+    return this.account;
   }
 
   switchStarknetChain(_chainId: string): Promise<boolean> {
@@ -97,12 +174,17 @@ export default class SessionProvider extends BaseProvider {
   disconnect(): Promise<void> {
     localStorage.removeItem("sessionSigner");
     localStorage.removeItem("session");
+    localStorage.removeItem("sessionPolicies");
     this.account = undefined;
     this._username = undefined;
     return Promise.resolve();
   }
 
   async tryRetrieveFromQueryOrStorage() {
+    if (this.account) {
+      return this.account;
+    }
+
     const signerString = localStorage.getItem("sessionSigner");
     const signer = signerString ? JSON.parse(signerString) : null;
     let sessionRegistration: SessionRegistration | null = null;
@@ -135,6 +217,31 @@ export default class SessionProvider extends BaseProvider {
       return;
     }
 
+    // Check expiration
+    const expirationTime = parseInt(sessionRegistration.expiresAt) * 1000;
+    if (Date.now() >= expirationTime) {
+      this.clearStoredSession();
+      return;
+    }
+
+    // Check stored policies
+    const storedPoliciesStr = localStorage.getItem("sessionPolicies");
+    if (storedPoliciesStr) {
+      const storedPolicies = JSON.parse(
+        storedPoliciesStr,
+      ) as ParsedSessionPolicies;
+
+      const isValid = this.validatePoliciesSubset(
+        this._policies,
+        storedPolicies,
+      );
+
+      if (!isValid) {
+        this.clearStoredSession();
+        return;
+      }
+    }
+
     this._username = sessionRegistration.username;
     this.account = new SessionAccount(this, {
       rpcUrl: this._rpcUrl,
@@ -148,4 +255,10 @@ export default class SessionProvider extends BaseProvider {
 
     return this.account;
   }
+
+  private clearStoredSession(): void {
+    localStorage.removeItem("sessionSigner");
+    localStorage.removeItem("session");
+    localStorage.removeItem("sessionPolicies");
+  }
 }

package/src/telegram/provider.ts

@@ -12,6 +12,7 @@ import BaseProvider from "../provider";
 import { toWasmPolicies } from "../utils";
 import { SessionPolicies } from "@cartridge/presets";
 import { AddStarknetChainParameters } from "@starknet-io/types-js";
+import { ParsedSessionPolicies, parsePolicies } from "../policies";
 
 interface SessionRegistration {
   username: string;
@@ -25,7 +26,7 @@ export default class TelegramProvider extends BaseProvider {
   private _tmaUrl: string;
   protected _chainId: string;
   protected _username?: string;
-  protected _policies: SessionPolicies;
+  protected _policies: ParsedSessionPolicies;
   private _rpcUrl: string;
 
   constructor({
@@ -44,7 +45,7 @@ export default class TelegramProvider extends BaseProvider {
     this._rpcUrl = rpc;
     this._tmaUrl = tmaUrl;
     this._chainId = chainId;
-    this._policies = policies;
+    this._policies = parsePolicies(policies);
 
     if (typeof window !== "undefined") {
       (window as any).starknet_controller = this;

package/src/types.ts

@@ -12,7 +12,7 @@ import {
   TypedData,
 } from "@starknet-io/types-js";
 import { KeychainIFrame, ProfileIFrame } from "./iframe";
-import { ColorMode, Policy, SessionPolicies } from "@cartridge/presets";
+import { Policy, SessionPolicies } from "@cartridge/presets";
 
 export type Session = {
   chainId: constants.StarknetChainId;
@@ -62,6 +62,7 @@ export type ExecuteReply =
 export type ProbeReply = {
   code: ResponseCodes.SUCCESS;
   address: string;
+  rpcUrl?: string;
 };
 
 export type DeployReply = {
@@ -126,9 +127,9 @@ export interface Keychain {
   }>;
   delegateAccount(): string;
   username(): string;
-  fetchControllers(contractAddresses: string[]): Promise<ControllerAccounts>;
   openPurchaseCredits(): void;
   openExecute(calls: Call[]): Promise<void>;
+  switchChain(rpcUrl: string): Promise<void>;
 }
 
 export interface Profile {
@@ -150,12 +151,8 @@ export type ControllerOptions = ProviderOptions &
 export type IFrameOptions = {
   /** The ID of the starter pack to use */
   starterPackId?: string;
-  /** The theme to use */
-  theme?: string;
   /** The preset to use */
   preset?: string;
-  /** The color mode to use */
-  colorMode?: ColorMode;
 };
 
 export type Chain = {

package/src/utils.ts

@@ -12,6 +12,7 @@ import {
 import wasm from "@cartridge/account-wasm/controller";
 import { Policies, SessionPolicies } from "@cartridge/presets";
 import { ChainId } from "@starknet-io/types-js";
+import { ParsedSessionPolicies } from "./policies";
 
 // Whitelist of allowed property names to prevent prototype pollution
 const ALLOWED_PROPERTIES = new Set([
@@ -88,13 +89,14 @@ export function toSessionPolicies(policies: Policies): SessionPolicies {
     : policies;
 }
 
-export function toWasmPolicies(policies: SessionPolicies): wasm.Policy[] {
+export function toWasmPolicies(policies: ParsedSessionPolicies): wasm.Policy[] {
   return [
     ...Object.entries(policies.contracts ?? {}).flatMap(
       ([target, { methods }]) =>
         toArray(methods).map((m) => ({
           target,
           method: m.entrypoint,
+          authorized: m.authorized,
         })),
     ),
     ...(policies.messages ?? []).map((p) => {
@@ -112,6 +114,7 @@ export function toWasmPolicies(policies: SessionPolicies): wasm.Policy[] {
 
       return {
         scope_hash: hash.computePoseidonHash(domainHash, typeHash),
+        authorized: p.authorized,
       };
     }),
   ];

package/tsconfig.json

@@ -5,8 +5,8 @@
     "rootDir": ".",
     "outDir": "./dist",
     "composite": false,
-    "incremental": false,
-    "moduleResolution": "node"
+    "incremental": false
   },
-  "include": ["src/**/*", "package.json"]
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "**/*.test.ts"]
 }

package/dist/__tests__/parseChainId.test.d.ts

@@ -1,2 +0,0 @@
-
-export {  }

package/dist/__tests__/parseChainId.test.js

@@ -1,89 +0,0 @@
-// src/__tests__/parseChainId.test.ts
-import { constants as constants2, shortString as shortString2 } from "starknet";
-
-// src/utils.ts
-import {
-  addAddressPadding,
-  CallData,
-  constants,
-  getChecksumAddress,
-  hash,
-  shortString,
-  typedData,
-  TypedDataRevision
-} from "starknet";
-function parseChainId(url) {
-  const parts = url.pathname.split("/");
-  if (parts.includes("starknet")) {
-    if (parts.includes("mainnet")) {
-      return constants.StarknetChainId.SN_MAIN;
-    } else if (parts.includes("sepolia")) {
-      return constants.StarknetChainId.SN_SEPOLIA;
-    }
-  } else if (parts.length >= 3) {
-    const projectName = parts[2];
-    if (parts.includes("katana")) {
-      return shortString.encodeShortString(
-        `WP_${projectName.toUpperCase().replace(/-/g, "_")}`
-      );
-    } else if (parts.includes("mainnet")) {
-      return shortString.encodeShortString(
-        `GG_${projectName.toUpperCase().replace(/-/g, "_")}`
-      );
-    }
-  }
-  throw new Error(`Chain ${url.toString()} not supported`);
-}
-
-// src/__tests__/parseChainId.test.ts
-describe("parseChainId", () => {
-  describe("Starknet chains", () => {
-    test("identifies mainnet", () => {
-      expect(
-        parseChainId(new URL("https://api.cartridge.gg/x/starknet/mainnet"))
-      ).toBe(constants2.StarknetChainId.SN_MAIN);
-    });
-    test("identifies sepolia", () => {
-      expect(
-        parseChainId(new URL("https://api.cartridge.gg/x/starknet/sepolia"))
-      ).toBe(constants2.StarknetChainId.SN_SEPOLIA);
-    });
-  });
-  describe("Project-specific chains", () => {
-    test("identifies slot chain", () => {
-      expect(
-        parseChainId(new URL("https://api.cartridge.gg/x/slot/katana"))
-      ).toBe(shortString2.encodeShortString("WP_SLOT"));
-    });
-    test("identifies slot chain on localhost", () => {
-      expect(parseChainId(new URL("http://localhost:8001/x/slot/katana"))).toBe(
-        shortString2.encodeShortString("WP_SLOT")
-      );
-    });
-    test("identifies slot chain with hyphenated name", () => {
-      expect(
-        parseChainId(
-          new URL("https://api.cartridge.gg/x/my-slot-chain/katana")
-        )
-      ).toBe(shortString2.encodeShortString("WP_MY_SLOT_CHAIN"));
-    });
-    test("identifies slot mainnet chain", () => {
-      expect(
-        parseChainId(new URL("https://api.cartridge.gg/x/slot/mainnet"))
-      ).toBe(shortString2.encodeShortString("GG_SLOT"));
-    });
-  });
-  describe("Error cases", () => {
-    test("throws error for unsupported URL format", () => {
-      expect(
-        () => parseChainId(new URL("https://api.example.com/unsupported"))
-      ).toThrow("Chain https://api.example.com/unsupported not supported");
-    });
-    test("throws error for URLs without proper chain identifiers", () => {
-      expect(
-        () => parseChainId(new URL("https://api.example.com/v1/starknet"))
-      ).toThrow("Chain https://api.example.com/v1/starknet not supported");
-    });
-  });
-});
-//# sourceMappingURL=parseChainId.test.js.map

package/dist/__tests__/parseChainId.test.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/__tests__/parseChainId.test.ts","../../src/utils.ts"],"sourcesContent":["import { constants, shortString } from \"starknet\";\nimport { parseChainId } from \"../utils\";\n\ndescribe(\"parseChainId\", () => {\n  describe(\"Starknet chains\", () => {\n    test(\"identifies mainnet\", () => {\n      expect(\n        parseChainId(new URL(\"https://api.cartridge.gg/x/starknet/mainnet\")),\n      ).toBe(constants.StarknetChainId.SN_MAIN);\n    });\n\n    test(\"identifies sepolia\", () => {\n      expect(\n        parseChainId(new URL(\"https://api.cartridge.gg/x/starknet/sepolia\")),\n      ).toBe(constants.StarknetChainId.SN_SEPOLIA);\n    });\n  });\n\n  describe(\"Project-specific chains\", () => {\n    test(\"identifies slot chain\", () => {\n      expect(\n        parseChainId(new URL(\"https://api.cartridge.gg/x/slot/katana\")),\n      ).toBe(shortString.encodeShortString(\"WP_SLOT\"));\n    });\n\n    test(\"identifies slot chain on localhost\", () => {\n      expect(parseChainId(new URL(\"http://localhost:8001/x/slot/katana\"))).toBe(\n        shortString.encodeShortString(\"WP_SLOT\"),\n      );\n    });\n\n    test(\"identifies slot chain with hyphenated name\", () => {\n      expect(\n        parseChainId(\n          new URL(\"https://api.cartridge.gg/x/my-slot-chain/katana\"),\n        ),\n      ).toBe(shortString.encodeShortString(\"WP_MY_SLOT_CHAIN\"));\n    });\n\n    test(\"identifies slot mainnet chain\", () => {\n      expect(\n        parseChainId(new URL(\"https://api.cartridge.gg/x/slot/mainnet\")),\n      ).toBe(shortString.encodeShortString(\"GG_SLOT\"));\n    });\n  });\n\n  describe(\"Error cases\", () => {\n    test(\"throws error for unsupported URL format\", () => {\n      expect(() =>\n        parseChainId(new URL(\"https://api.example.com/unsupported\")),\n      ).toThrow(\"Chain https://api.example.com/unsupported not supported\");\n    });\n\n    test(\"throws error for URLs without proper chain identifiers\", () => {\n      expect(() =>\n        parseChainId(new URL(\"https://api.example.com/v1/starknet\")),\n      ).toThrow(\"Chain https://api.example.com/v1/starknet not supported\");\n    });\n  });\n});\n","import {\n  addAddressPadding,\n  Call,\n  CallData,\n  constants,\n  getChecksumAddress,\n  hash,\n  shortString,\n  typedData,\n  TypedDataRevision,\n} from \"starknet\";\nimport wasm from \"@cartridge/account-wasm/controller\";\nimport { Policies, SessionPolicies } from \"@cartridge/presets\";\nimport { ChainId } from \"@starknet-io/types-js\";\n\n// Whitelist of allowed property names to prevent prototype pollution\nconst ALLOWED_PROPERTIES = new Set([\n  \"contracts\",\n  \"messages\",\n  \"target\",\n  \"method\",\n  \"name\",\n  \"description\",\n  \"types\",\n  \"domain\",\n  \"primaryType\",\n]);\n\nfunction validatePropertyName(prop: string): void {\n  if (!ALLOWED_PROPERTIES.has(prop)) {\n    throw new Error(`Invalid property name: ${prop}`);\n  }\n}\n\nfunction safeObjectAccess<T>(obj: any, prop: string): T {\n  validatePropertyName(prop);\n  return obj[prop];\n}\n\nexport function normalizeCalls(calls: Call | Call[]) {\n  return toArray(calls).map((call) => {\n    return {\n      entrypoint: call.entrypoint,\n      contractAddress: addAddressPadding(call.contractAddress),\n      calldata: CallData.toHex(call.calldata),\n    };\n  });\n}\n\nexport function toSessionPolicies(policies: Policies): SessionPolicies {\n  return Array.isArray(policies)\n    ? policies.reduce<SessionPolicies>(\n        (prev, p) => {\n          if (safeObjectAccess<string>(p, \"target\")) {\n            const target = getChecksumAddress(\n              safeObjectAccess<string>(p, \"target\"),\n            );\n            const entrypoint = safeObjectAccess<string>(p, \"method\");\n            const contracts = safeObjectAccess<Record<string, any>>(\n              prev,\n              \"contracts\",\n            );\n            const item = {\n              name: humanizeString(entrypoint),\n              entrypoint: entrypoint,\n              description: safeObjectAccess<string>(p, \"description\"),\n            };\n\n            if (target in contracts) {\n              const methods = toArray(contracts[target].methods);\n              contracts[target] = {\n                methods: [...methods, item],\n              };\n            } else {\n              contracts[target] = {\n                methods: [item],\n              };\n            }\n          } else {\n            const messages = safeObjectAccess<any[]>(prev, \"messages\");\n            messages.push(p);\n          }\n\n          return prev;\n        },\n        { contracts: {}, messages: [] },\n      )\n    : policies;\n}\n\nexport function toWasmPolicies(policies: SessionPolicies): wasm.Policy[] {\n  return [\n    ...Object.entries(policies.contracts ?? {}).flatMap(\n      ([target, { methods }]) =>\n        toArray(methods).map((m) => ({\n          target,\n          method: m.entrypoint,\n        })),\n    ),\n    ...(policies.messages ?? []).map((p) => {\n      const domainHash = typedData.getStructHash(\n        p.types,\n        \"StarknetDomain\",\n        p.domain,\n        TypedDataRevision.ACTIVE,\n      );\n      const typeHash = typedData.getTypeHash(\n        p.types,\n        p.primaryType,\n        TypedDataRevision.ACTIVE,\n      );\n\n      return {\n        scope_hash: hash.computePoseidonHash(domainHash, typeHash),\n      };\n    }),\n  ];\n}\n\nexport function toArray<T>(val: T | T[]): T[] {\n  return Array.isArray(val) ? val : [val];\n}\n\nexport function humanizeString(str: string): string {\n  return (\n    str\n      // Convert from camelCase or snake_case\n      .replace(/([a-z])([A-Z])/g, \"$1 $2\") // camelCase to spaces\n      .replace(/_/g, \" \") // snake_case to spaces\n      .toLowerCase()\n      // Capitalize first letter\n      .replace(/^\\w/, (c) => c.toUpperCase())\n  );\n}\n\nexport function parseChainId(url: URL): ChainId {\n  const parts = url.pathname.split(\"/\");\n\n  if (parts.includes(\"starknet\")) {\n    if (parts.includes(\"mainnet\")) {\n      return constants.StarknetChainId.SN_MAIN;\n    } else if (parts.includes(\"sepolia\")) {\n      return constants.StarknetChainId.SN_SEPOLIA;\n    }\n  } else if (parts.length >= 3) {\n    const projectName = parts[2];\n    if (parts.includes(\"katana\")) {\n      return shortString.encodeShortString(\n        `WP_${projectName.toUpperCase().replace(/-/g, \"_\")}`,\n      ) as ChainId;\n    } else if (parts.includes(\"mainnet\")) {\n      return shortString.encodeShortString(\n        `GG_${projectName.toUpperCase().replace(/-/g, \"_\")}`,\n      ) as ChainId;\n    }\n  }\n\n  throw new Error(`Chain ${url.toString()} not supported`);\n}\n"],"mappings":";AAAA,SAAS,aAAAA,YAAW,eAAAC,oBAAmB;;;ACAvC;AAAA,EACE;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AA6HA,SAAS,aAAa,KAAmB;AAC9C,QAAM,QAAQ,IAAI,SAAS,MAAM,GAAG;AAEpC,MAAI,MAAM,SAAS,UAAU,GAAG;AAC9B,QAAI,MAAM,SAAS,SAAS,GAAG;AAC7B,aAAO,UAAU,gBAAgB;AAAA,IACnC,WAAW,MAAM,SAAS,SAAS,GAAG;AACpC,aAAO,UAAU,gBAAgB;AAAA,IACnC;AAAA,EACF,WAAW,MAAM,UAAU,GAAG;AAC5B,UAAM,cAAc,MAAM,CAAC;AAC3B,QAAI,MAAM,SAAS,QAAQ,GAAG;AAC5B,aAAO,YAAY;AAAA,QACjB,MAAM,YAAY,YAAY,EAAE,QAAQ,MAAM,GAAG,CAAC;AAAA,MACpD;AAAA,IACF,WAAW,MAAM,SAAS,SAAS,GAAG;AACpC,aAAO,YAAY;AAAA,QACjB,MAAM,YAAY,YAAY,EAAE,QAAQ,MAAM,GAAG,CAAC;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA,QAAM,IAAI,MAAM,SAAS,IAAI,SAAS,CAAC,gBAAgB;AACzD;;;AD3JA,SAAS,gBAAgB,MAAM;AAC7B,WAAS,mBAAmB,MAAM;AAChC,SAAK,sBAAsB,MAAM;AAC/B;AAAA,QACE,aAAa,IAAI,IAAI,6CAA6C,CAAC;AAAA,MACrE,EAAE,KAAKC,WAAU,gBAAgB,OAAO;AAAA,IAC1C,CAAC;AAED,SAAK,sBAAsB,MAAM;AAC/B;AAAA,QACE,aAAa,IAAI,IAAI,6CAA6C,CAAC;AAAA,MACrE,EAAE,KAAKA,WAAU,gBAAgB,UAAU;AAAA,IAC7C,CAAC;AAAA,EACH,CAAC;AAED,WAAS,2BAA2B,MAAM;AACxC,SAAK,yBAAyB,MAAM;AAClC;AAAA,QACE,aAAa,IAAI,IAAI,wCAAwC,CAAC;AAAA,MAChE,EAAE,KAAKC,aAAY,kBAAkB,SAAS,CAAC;AAAA,IACjD,CAAC;AAED,SAAK,sCAAsC,MAAM;AAC/C,aAAO,aAAa,IAAI,IAAI,qCAAqC,CAAC,CAAC,EAAE;AAAA,QACnEA,aAAY,kBAAkB,SAAS;AAAA,MACzC;AAAA,IACF,CAAC;AAED,SAAK,8CAA8C,MAAM;AACvD;AAAA,QACE;AAAA,UACE,IAAI,IAAI,iDAAiD;AAAA,QAC3D;AAAA,MACF,EAAE,KAAKA,aAAY,kBAAkB,kBAAkB,CAAC;AAAA,IAC1D,CAAC;AAED,SAAK,iCAAiC,MAAM;AAC1C;AAAA,QACE,aAAa,IAAI,IAAI,yCAAyC,CAAC;AAAA,MACjE,EAAE,KAAKA,aAAY,kBAAkB,SAAS,CAAC;AAAA,IACjD,CAAC;AAAA,EACH,CAAC;AAED,WAAS,eAAe,MAAM;AAC5B,SAAK,2CAA2C,MAAM;AACpD;AAAA,QAAO,MACL,aAAa,IAAI,IAAI,qCAAqC,CAAC;AAAA,MAC7D,EAAE,QAAQ,yDAAyD;AAAA,IACrE,CAAC;AAED,SAAK,0DAA0D,MAAM;AACnE;AAAA,QAAO,MACL,aAAa,IAAI,IAAI,qCAAqC,CAAC;AAAA,MAC7D,EAAE,QAAQ,yDAAyD;AAAA,IACrE,CAAC;AAAA,EACH,CAAC;AACH,CAAC;","names":["constants","shortString","constants","shortString"]}

package/dist/account.d.ts

@@ -1,38 +0,0 @@
-import { WalletAccount, AllowArray, Call, InvokeFunctionResponse, TypedData } from 'starknet';
-import { SPEC } from '@starknet-io/types-js';
-import { K as Keychain, k as KeychainOptions, M as Modal } from './types-CVnDQVqD.js';
-import { AsyncMethodReturns } from '@cartridge/penpal';
-import BaseProvider from './provider.js';
-import './index.d-BbTUPBeO.js';
-
-declare class ControllerAccount extends WalletAccount {
-    address: string;
-    private keychain;
-    private modal;
-    private options?;
-    constructor(provider: BaseProvider, rpcUrl: string, address: string, keychain: AsyncMethodReturns<Keychain>, options: KeychainOptions, modal: Modal);
-    /**
-     * Invoke execute function in account contract
-     *
-     * @param calls the invocation object or an array of them, containing:
-     * - contractAddress - the address of the contract
-     * - entrypoint - the entrypoint of the contract
-     * - calldata - (defaults to []) the calldata
-     * - signature - (defaults to []) the signature
-     * @param abis (optional) the abi of the contract for better displaying
-     *
-     * @returns response from addTransaction
-     */
-    execute(calls: AllowArray<Call>): Promise<InvokeFunctionResponse>;
-    /**
-     * Sign an JSON object for off-chain usage with the starknet private key and return the signature
-     * This adds a message prefix so it cant be interchanged with transactions
-     *
-     * @param json - JSON object to be signed
-     * @returns the signature of the JSON object
-     * @throws {Error} if the JSON object is not a valid JSON
-     */
-    signMessage(typedData: TypedData): Promise<SPEC.SIGNATURE>;
-}
-
-export { ControllerAccount as default };

package/dist/account.js

@@ -1,106 +0,0 @@
-// src/account.ts
-import {
-  WalletAccount
-} from "starknet";
-
-// src/utils.ts
-import {
-  addAddressPadding,
-  CallData,
-  constants,
-  getChecksumAddress,
-  hash,
-  shortString,
-  typedData,
-  TypedDataRevision
-} from "starknet";
-function toArray(val) {
-  return Array.isArray(val) ? val : [val];
-}
-
-// src/account.ts
-var ControllerAccount = class extends WalletAccount {
-  constructor(provider, rpcUrl, address, keychain, options, modal) {
-    super({ nodeUrl: rpcUrl }, provider);
-    this.address = address;
-    this.keychain = keychain;
-    this.options = options;
-    this.modal = modal;
-  }
-  /**
-   * Invoke execute function in account contract
-   *
-   * @param calls the invocation object or an array of them, containing:
-   * - contractAddress - the address of the contract
-   * - entrypoint - the entrypoint of the contract
-   * - calldata - (defaults to []) the calldata
-   * - signature - (defaults to []) the signature
-   * @param abis (optional) the abi of the contract for better displaying
-   *
-   * @returns response from addTransaction
-   */
-  async execute(calls) {
-    calls = toArray(calls);
-    return new Promise(async (resolve, reject) => {
-      const sessionExecute = await this.keychain.execute(
-        calls,
-        void 0,
-        void 0,
-        false
-      );
-      if (sessionExecute.code === "SUCCESS" /* SUCCESS */) {
-        resolve(sessionExecute);
-        return;
-      }
-      if (this.options?.propagateSessionErrors) {
-        reject(sessionExecute.error);
-        return;
-      }
-      this.modal.open();
-      const manualExecute = await this.keychain.execute(
-        calls,
-        void 0,
-        void 0,
-        true,
-        sessionExecute.error
-      );
-      if (manualExecute.code === "SUCCESS" /* SUCCESS */) {
-        resolve(manualExecute);
-        this.modal.close();
-        return;
-      }
-      reject(manualExecute.error);
-      return;
-    });
-  }
-  /**
-   * Sign an JSON object for off-chain usage with the starknet private key and return the signature
-   * This adds a message prefix so it cant be interchanged with transactions
-   *
-   * @param json - JSON object to be signed
-   * @returns the signature of the JSON object
-   * @throws {Error} if the JSON object is not a valid JSON
-   */
-  async signMessage(typedData2) {
-    return new Promise(async (resolve, reject) => {
-      const sessionSign = await this.keychain.signMessage(typedData2, "", true);
-      if (!("code" in sessionSign)) {
-        resolve(sessionSign);
-        return;
-      }
-      this.modal.open();
-      const manualSign = await this.keychain.signMessage(typedData2, "", false);
-      if (!("code" in manualSign)) {
-        resolve(manualSign);
-      } else {
-        reject(manualSign.error);
-      }
-      this.modal.close();
-    });
-  }
-};
-var account_default = ControllerAccount;
-export {
-  account_default as default
-};
-//# sourceMappingURL=account.js.map

package/dist/account.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/account.ts","../src/utils.ts"],"sourcesContent":["import {\n  InvokeFunctionResponse,\n  TypedData,\n  WalletAccount,\n  Call,\n  AllowArray,\n} from \"starknet\";\n\nimport { SPEC } from \"@starknet-io/types-js\";\n\nimport {\n  ConnectError,\n  Keychain,\n  KeychainOptions,\n  Modal,\n  ResponseCodes,\n} from \"./types\";\nimport { AsyncMethodReturns } from \"@cartridge/penpal\";\nimport BaseProvider from \"./provider\";\nimport { toArray } from \"./utils\";\n\nclass ControllerAccount extends WalletAccount {\n  address: string;\n  private keychain: AsyncMethodReturns<Keychain>;\n  private modal: Modal;\n  private options?: KeychainOptions;\n\n  constructor(\n    provider: BaseProvider,\n    rpcUrl: string,\n    address: string,\n    keychain: AsyncMethodReturns<Keychain>,\n    options: KeychainOptions,\n    modal: Modal,\n  ) {\n    super({ nodeUrl: rpcUrl }, provider);\n\n    this.address = address;\n    this.keychain = keychain;\n    this.options = options;\n    this.modal = modal;\n  }\n\n  /**\n   * Invoke execute function in account contract\n   *\n   * @param calls the invocation object or an array of them, containing:\n   * - contractAddress - the address of the contract\n   * - entrypoint - the entrypoint of the contract\n   * - calldata - (defaults to []) the calldata\n   * - signature - (defaults to []) the signature\n   * @param abis (optional) the abi of the contract for better displaying\n   *\n   * @returns response from addTransaction\n   */\n  async execute(calls: AllowArray<Call>): Promise<InvokeFunctionResponse> {\n    calls = toArray(calls);\n\n    return new Promise(async (resolve, reject) => {\n      const sessionExecute = await this.keychain.execute(\n        calls,\n        undefined,\n        undefined,\n        false,\n      );\n\n      // Session call succeeded\n      if (sessionExecute.code === ResponseCodes.SUCCESS) {\n        resolve(sessionExecute as InvokeFunctionResponse);\n        return;\n      }\n\n      // Propagates session txn error back to caller\n      if (this.options?.propagateSessionErrors) {\n        reject((sessionExecute as ConnectError).error);\n        return;\n      }\n\n      // Session call or Paymaster flow failed.\n      // Session not avaialble, manual flow fallback\n      this.modal.open();\n      const manualExecute = await this.keychain.execute(\n        calls,\n        undefined,\n        undefined,\n        true,\n        (sessionExecute as ConnectError).error,\n      );\n\n      // Manual call succeeded\n      if (manualExecute.code === ResponseCodes.SUCCESS) {\n        resolve(manualExecute as InvokeFunctionResponse);\n        this.modal.close();\n        return;\n      }\n\n      reject((manualExecute as ConnectError).error);\n      return;\n    });\n  }\n\n  /**\n   * Sign an JSON object for off-chain usage with the starknet private key and return the signature\n   * This adds a message prefix so it cant be interchanged with transactions\n   *\n   * @param json - JSON object to be signed\n   * @returns the signature of the JSON object\n   * @throws {Error} if the JSON object is not a valid JSON\n   */\n  async signMessage(typedData: TypedData): Promise<SPEC.SIGNATURE> {\n    return new Promise(async (resolve, reject) => {\n      const sessionSign = await this.keychain.signMessage(typedData, \"\", true);\n\n      // Session sign succeeded\n      if (!(\"code\" in sessionSign)) {\n        resolve(sessionSign as SPEC.SIGNATURE);\n        return;\n      }\n\n      // Session not avaialble, manual flow fallback\n      this.modal.open();\n      const manualSign = await this.keychain.signMessage(typedData, \"\", false);\n\n      if (!(\"code\" in manualSign)) {\n        resolve(manualSign as SPEC.SIGNATURE);\n      } else {\n        reject((manualSign as ConnectError).error);\n      }\n      this.modal.close();\n    });\n  }\n}\n\nexport default ControllerAccount;\n","import {\n  addAddressPadding,\n  Call,\n  CallData,\n  constants,\n  getChecksumAddress,\n  hash,\n  shortString,\n  typedData,\n  TypedDataRevision,\n} from \"starknet\";\nimport wasm from \"@cartridge/account-wasm/controller\";\nimport { Policies, SessionPolicies } from \"@cartridge/presets\";\nimport { ChainId } from \"@starknet-io/types-js\";\n\n// Whitelist of allowed property names to prevent prototype pollution\nconst ALLOWED_PROPERTIES = new Set([\n  \"contracts\",\n  \"messages\",\n  \"target\",\n  \"method\",\n  \"name\",\n  \"description\",\n  \"types\",\n  \"domain\",\n  \"primaryType\",\n]);\n\nfunction validatePropertyName(prop: string): void {\n  if (!ALLOWED_PROPERTIES.has(prop)) {\n    throw new Error(`Invalid property name: ${prop}`);\n  }\n}\n\nfunction safeObjectAccess<T>(obj: any, prop: string): T {\n  validatePropertyName(prop);\n  return obj[prop];\n}\n\nexport function normalizeCalls(calls: Call | Call[]) {\n  return toArray(calls).map((call) => {\n    return {\n      entrypoint: call.entrypoint,\n      contractAddress: addAddressPadding(call.contractAddress),\n      calldata: CallData.toHex(call.calldata),\n    };\n  });\n}\n\nexport function toSessionPolicies(policies: Policies): SessionPolicies {\n  return Array.isArray(policies)\n    ? policies.reduce<SessionPolicies>(\n        (prev, p) => {\n          if (safeObjectAccess<string>(p, \"target\")) {\n            const target = getChecksumAddress(\n              safeObjectAccess<string>(p, \"target\"),\n            );\n            const entrypoint = safeObjectAccess<string>(p, \"method\");\n            const contracts = safeObjectAccess<Record<string, any>>(\n              prev,\n              \"contracts\",\n            );\n            const item = {\n              name: humanizeString(entrypoint),\n              entrypoint: entrypoint,\n              description: safeObjectAccess<string>(p, \"description\"),\n            };\n\n            if (target in contracts) {\n              const methods = toArray(contracts[target].methods);\n              contracts[target] = {\n                methods: [...methods, item],\n              };\n            } else {\n              contracts[target] = {\n                methods: [item],\n              };\n            }\n          } else {\n            const messages = safeObjectAccess<any[]>(prev, \"messages\");\n            messages.push(p);\n          }\n\n          return prev;\n        },\n        { contracts: {}, messages: [] },\n      )\n    : policies;\n}\n\nexport function toWasmPolicies(policies: SessionPolicies): wasm.Policy[] {\n  return [\n    ...Object.entries(policies.contracts ?? {}).flatMap(\n      ([target, { methods }]) =>\n        toArray(methods).map((m) => ({\n          target,\n          method: m.entrypoint,\n        })),\n    ),\n    ...(policies.messages ?? []).map((p) => {\n      const domainHash = typedData.getStructHash(\n        p.types,\n        \"StarknetDomain\",\n        p.domain,\n        TypedDataRevision.ACTIVE,\n      );\n      const typeHash = typedData.getTypeHash(\n        p.types,\n        p.primaryType,\n        TypedDataRevision.ACTIVE,\n      );\n\n      return {\n        scope_hash: hash.computePoseidonHash(domainHash, typeHash),\n      };\n    }),\n  ];\n}\n\nexport function toArray<T>(val: T | T[]): T[] {\n  return Array.isArray(val) ? val : [val];\n}\n\nexport function humanizeString(str: string): string {\n  return (\n    str\n      // Convert from camelCase or snake_case\n      .replace(/([a-z])([A-Z])/g, \"$1 $2\") // camelCase to spaces\n      .replace(/_/g, \" \") // snake_case to spaces\n      .toLowerCase()\n      // Capitalize first letter\n      .replace(/^\\w/, (c) => c.toUpperCase())\n  );\n}\n\nexport function parseChainId(url: URL): ChainId {\n  const parts = url.pathname.split(\"/\");\n\n  if (parts.includes(\"starknet\")) {\n    if (parts.includes(\"mainnet\")) {\n      return constants.StarknetChainId.SN_MAIN;\n    } else if (parts.includes(\"sepolia\")) {\n      return constants.StarknetChainId.SN_SEPOLIA;\n    }\n  } else if (parts.length >= 3) {\n    const projectName = parts[2];\n    if (parts.includes(\"katana\")) {\n      return shortString.encodeShortString(\n        `WP_${projectName.toUpperCase().replace(/-/g, \"_\")}`,\n      ) as ChainId;\n    } else if (parts.includes(\"mainnet\")) {\n      return shortString.encodeShortString(\n        `GG_${projectName.toUpperCase().replace(/-/g, \"_\")}`,\n      ) as ChainId;\n    }\n  }\n\n  throw new Error(`Chain ${url.toString()} not supported`);\n}\n"],"mappings":";AAAA;AAAA,EAGE;AAAA,OAGK;;;ACNP;AAAA,EACE;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AA6GA,SAAS,QAAW,KAAmB;AAC5C,SAAO,MAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,GAAG;AACxC;;;ADpGA,IAAM,oBAAN,cAAgC,cAAc;AAAA,EAM5C,YACE,UACA,QACA,SACA,UACA,SACA,OACA;AACA,UAAM,EAAE,SAAS,OAAO,GAAG,QAAQ;AAEnC,SAAK,UAAU;AACf,SAAK,WAAW;AAChB,SAAK,UAAU;AACf,SAAK,QAAQ;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,QAAQ,OAA0D;AACtE,YAAQ,QAAQ,KAAK;AAErB,WAAO,IAAI,QAAQ,OAAO,SAAS,WAAW;AAC5C,YAAM,iBAAiB,MAAM,KAAK,SAAS;AAAA,QACzC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAGA,UAAI,eAAe,kCAAgC;AACjD,gBAAQ,cAAwC;AAChD;AAAA,MACF;AAGA,UAAI,KAAK,SAAS,wBAAwB;AACxC,eAAQ,eAAgC,KAAK;AAC7C;AAAA,MACF;AAIA,WAAK,MAAM,KAAK;AAChB,YAAM,gBAAgB,MAAM,KAAK,SAAS;AAAA,QACxC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACC,eAAgC;AAAA,MACnC;AAGA,UAAI,cAAc,kCAAgC;AAChD,gBAAQ,aAAuC;AAC/C,aAAK,MAAM,MAAM;AACjB;AAAA,MACF;AAEA,aAAQ,cAA+B,KAAK;AAC5C;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAYA,YAA+C;AAC/D,WAAO,IAAI,QAAQ,OAAO,SAAS,WAAW;AAC5C,YAAM,cAAc,MAAM,KAAK,SAAS,YAAYA,YAAW,IAAI,IAAI;AAGvE,UAAI,EAAE,UAAU,cAAc;AAC5B,gBAAQ,WAA6B;AACrC;AAAA,MACF;AAGA,WAAK,MAAM,KAAK;AAChB,YAAM,aAAa,MAAM,KAAK,SAAS,YAAYA,YAAW,IAAI,KAAK;AAEvE,UAAI,EAAE,UAAU,aAAa;AAC3B,gBAAQ,UAA4B;AAAA,MACtC,OAAO;AACL,eAAQ,WAA4B,KAAK;AAAA,MAC3C;AACA,WAAK,MAAM,MAAM;AAAA,IACnB,CAAC;AAAA,EACH;AACF;AAEA,IAAO,kBAAQ;","names":["typedData"]}

package/dist/constants.d.ts

@@ -1,5 +0,0 @@
-declare const KEYCHAIN_URL = "https://x.cartridge.gg";
-declare const PROFILE_URL = "https://profile.cartridge.gg";
-declare const API_URL = "https://api.cartridge.gg";
-
-export { API_URL, KEYCHAIN_URL, PROFILE_URL };

package/dist/constants.js

@@ -1,10 +0,0 @@
-// src/constants.ts
-var KEYCHAIN_URL = "https://x.cartridge.gg";
-var PROFILE_URL = "https://profile.cartridge.gg";
-var API_URL = "https://api.cartridge.gg";
-export {
-  API_URL,
-  KEYCHAIN_URL,
-  PROFILE_URL
-};
-//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/constants.ts"],"sourcesContent":["export const KEYCHAIN_URL = \"https://x.cartridge.gg\";\nexport const PROFILE_URL = \"https://profile.cartridge.gg\";\nexport const API_URL = \"https://api.cartridge.gg\";\n"],"mappings":";AAAO,IAAM,eAAe;AACrB,IAAM,cAAc;AACpB,IAAM,UAAU;","names":[]}

package/dist/errors.d.ts

@@ -1,5 +0,0 @@
-declare class NotReadyToConnect extends Error {
-    constructor();
-}
-
-export { NotReadyToConnect };

package/dist/errors.js

@@ -1,11 +0,0 @@
-// src/errors.ts
-var NotReadyToConnect = class _NotReadyToConnect extends Error {
-  constructor() {
-    super("Not ready to connect");
-    Object.setPrototypeOf(this, _NotReadyToConnect.prototype);
-  }
-};
-export {
-  NotReadyToConnect
-};
-//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/errors.ts"],"sourcesContent":["export class NotReadyToConnect extends Error {\n  constructor() {\n    super(\"Not ready to connect\");\n\n    Object.setPrototypeOf(this, NotReadyToConnect.prototype);\n  }\n}\n"],"mappings":";AAAO,IAAM,oBAAN,MAAM,2BAA0B,MAAM;AAAA,EAC3C,cAAc;AACZ,UAAM,sBAAsB;AAE5B,WAAO,eAAe,MAAM,mBAAkB,SAAS;AAAA,EACzD;AACF;","names":[]}