@cofhe/sdk 0.2.0 → 0.3.0

package/permits/localstorage.test.ts

@@ -39,7 +39,6 @@ describe('Permits localStorage Tests', () => {
 
   it('should persist permits to localStorage', async () => {
     const permit = await createMockPermit();
-    const hash = PermitUtils.getHash(permit);
 
     setPermit(chainId, account, permit);
 
@@ -48,40 +47,38 @@ describe('Permits localStorage Tests', () => {
     expect(storedData).toBeDefined();
 
     const parsedData = JSON.parse(storedData!);
-    expect(parsedData.state.permits[chainId][account][hash]).toBeDefined();
+    expect(parsedData.state.permits[chainId][account][permit.hash]).toBeDefined();
   });
 
   it('should persist active permit hash to localStorage', async () => {
     const permit = await createMockPermit();
-    const hash = PermitUtils.getHash(permit);
 
     setPermit(chainId, account, permit);
-    setActivePermitHash(chainId, account, hash);
+    setActivePermitHash(chainId, account, permit.hash);
 
     // Verify active permit hash is stored
     const storedData = localStorage.getItem('cofhesdk-permits');
     expect(storedData).toBeDefined();
 
     const parsedData = JSON.parse(storedData!);
-    expect(parsedData.state.activePermitHash[chainId][account]).toBe(hash);
+    expect(parsedData.state.activePermitHash[chainId][account]).toBe(permit.hash);
   });
 
   it('should restore permits from localStorage', async () => {
     const permit = await createMockPermit();
-    const hash = PermitUtils.getHash(permit);
 
     // Add permit to localStorage
     setPermit(chainId, account, permit);
-    setActivePermitHash(chainId, account, hash);
+    setActivePermitHash(chainId, account, permit.hash);
     const serializedPermit = PermitUtils.serialize(permit);
 
     // Verify data is restored
-    const retrievedPermit = getPermit(chainId, account, hash);
+    const retrievedPermit = getPermit(chainId, account, permit.hash);
     expect(retrievedPermit).toBeDefined();
     expect(PermitUtils.serialize(retrievedPermit!)).toEqual(serializedPermit);
 
     const activeHash = getActivePermitHash(chainId, account);
-    expect(activeHash).toBe(hash);
+    expect(activeHash).toBe(permit.hash);
   });
 
   it('should handle corrupted localStorage data gracefully', () => {
@@ -96,22 +93,21 @@ describe('Permits localStorage Tests', () => {
 
   it('should clean up localStorage when permits are removed', async () => {
     const permit = await createMockPermit();
-    const hash = PermitUtils.getHash(permit);
 
     setPermit(chainId, account, permit);
-    setActivePermitHash(chainId, account, hash);
+    setActivePermitHash(chainId, account, permit.hash);
 
     // Verify data exists
     let storedData = localStorage.getItem('cofhesdk-permits');
     expect(storedData).toBeDefined();
 
     // Remove permit
-    removePermit(chainId, account, hash, true);
+    removePermit(chainId, account, permit.hash);
 
     // Verify data is cleaned up
     storedData = localStorage.getItem('cofhesdk-permits');
     const parsedData = JSON.parse(storedData!);
-    expect(parsedData.state.permits[chainId][account][hash]).toBeUndefined();
+    expect(parsedData.state.permits[chainId][account][permit.hash]).toBeUndefined();
     expect(parsedData.state.activePermitHash[chainId][account]).toBeUndefined();
   });
 });

package/permits/onchain-utils.ts

@@ -0,0 +1,221 @@
+import {
+  BaseError,
+  ContractFunctionRevertedError,
+  type Hex,
+  type PublicClient,
+  decodeErrorResult,
+  parseAbi,
+} from 'viem';
+import type { EIP712Domain, Permission } from './types';
+import { TASK_MANAGER_ADDRESS } from '../core/consts.js';
+
+export const getAclAddress = async (publicClient: PublicClient): Promise<Hex> => {
+  const ACL_IFACE = 'function acl() view returns (address)';
+
+  // Parse the ABI for the ACL function
+  const aclAbi = parseAbi([ACL_IFACE]);
+
+  // Get the ACL address
+  return (await publicClient.readContract({
+    address: TASK_MANAGER_ADDRESS as `0x${string}`,
+    abi: aclAbi,
+    functionName: 'acl',
+  })) as `0x${string}`;
+};
+
+export const getAclEIP712Domain = async (publicClient: PublicClient): Promise<EIP712Domain> => {
+  const aclAddress = await getAclAddress(publicClient);
+  const EIP712_DOMAIN_IFACE =
+    'function eip712Domain() public view returns (bytes1 fields, string name, string version, uint256 chainId, address verifyingContract, bytes32 salt, uint256[] extensions)';
+
+  // Parse the ABI for the EIP712 domain function
+  const domainAbi = parseAbi([EIP712_DOMAIN_IFACE]);
+
+  // Get the EIP712 domain
+  const domain = await publicClient.readContract({
+    address: aclAddress,
+    abi: domainAbi,
+    functionName: 'eip712Domain',
+  });
+
+  // eslint-disable-next-line no-unused-vars
+  const [_fields, name, version, chainId, verifyingContract, _salt, _extensions] = domain;
+
+  return {
+    name,
+    version,
+    chainId: Number(chainId),
+    verifyingContract,
+  };
+};
+
+export const checkPermitValidityOnChain = async (
+  permission: Permission,
+  publicClient: PublicClient
+): Promise<boolean> => {
+  const aclAddress = await getAclAddress(publicClient);
+
+  // Check if the permit is valid
+  try {
+    await publicClient.simulateContract({
+      address: aclAddress,
+      abi: checkPermitValidityAbi,
+      functionName: 'checkPermitValidity',
+      args: [
+        {
+          issuer: permission.issuer,
+          expiration: BigInt(permission.expiration),
+          recipient: permission.recipient,
+          validatorId: BigInt(permission.validatorId),
+          validatorContract: permission.validatorContract,
+          sealingKey: permission.sealingKey,
+          issuerSignature: permission.issuerSignature,
+          recipientSignature: permission.recipientSignature,
+        },
+      ],
+    });
+    return true;
+  } catch (err: any) {
+    // Viem default handling
+    if (err instanceof BaseError) {
+      const revertError = err.walk((err: any) => err instanceof ContractFunctionRevertedError);
+      if (revertError instanceof ContractFunctionRevertedError) {
+        const errorName = revertError.data?.errorName ?? '';
+        throw new Error(errorName);
+      }
+    }
+
+    // Check details field for custom error names (e.g., from Hardhat test nodes)
+    const customErrorName = extractCustomErrorFromDetails(err, checkPermitValidityAbi);
+    if (customErrorName) {
+      throw new Error(customErrorName);
+    }
+
+    // Hardhat wrapped error will need to be unwrapped to get the return data
+    const hhDetailsData = extractReturnData(err);
+    if (hhDetailsData != null) {
+      const decoded = decodeErrorResult({
+        abi: checkPermitValidityAbi,
+        data: hhDetailsData,
+      });
+
+      throw new Error(decoded.errorName);
+    }
+
+    // Fallback throw the original error
+    throw err;
+  }
+};
+
+function extractCustomErrorFromDetails(err: unknown, abi: readonly any[]): string | undefined {
+  // Check details field for custom error names (e.g., from Hardhat test nodes)
+  const anyErr = err as any;
+  const details = anyErr?.details ?? anyErr?.cause?.details;
+
+  if (typeof details === 'string') {
+    // Match pattern: "reverted with custom error 'ErrorName()'"
+    const customErrorMatch = details.match(/reverted with custom error '(\w+)\(\)'/);
+    if (customErrorMatch) {
+      const errorName = customErrorMatch[1];
+      // Check if this error exists in our ABI
+      const errorExists = abi.some((item) => item.type === 'error' && item.name === errorName);
+      if (errorExists) {
+        return errorName;
+      }
+    }
+  }
+
+  return undefined;
+}
+
+function extractReturnData(err: unknown): `0x${string}` | undefined {
+  // viem BaseError has `details`, but fall back to any message-like string we can find
+  const anyErr = err as any;
+  const s = anyErr?.details ?? anyErr?.cause?.details ?? anyErr?.shortMessage ?? anyErr?.message ?? String(err);
+
+  return s.match(/return data:\s*(0x[a-fA-F0-9]+)/)?.[1] as `0x${string}` | undefined;
+}
+
+const checkPermitValidityAbi = [
+  {
+    type: 'function',
+    name: 'checkPermitValidity',
+    inputs: [
+      {
+        name: 'permission',
+        type: 'tuple',
+        internalType: 'struct Permission',
+        components: [
+          {
+            name: 'issuer',
+            type: 'address',
+            internalType: 'address',
+          },
+          {
+            name: 'expiration',
+            type: 'uint64',
+            internalType: 'uint64',
+          },
+          {
+            name: 'recipient',
+            type: 'address',
+            internalType: 'address',
+          },
+          {
+            name: 'validatorId',
+            type: 'uint256',
+            internalType: 'uint256',
+          },
+          {
+            name: 'validatorContract',
+            type: 'address',
+            internalType: 'address',
+          },
+          {
+            name: 'sealingKey',
+            type: 'bytes32',
+            internalType: 'bytes32',
+          },
+          {
+            name: 'issuerSignature',
+            type: 'bytes',
+            internalType: 'bytes',
+          },
+          {
+            name: 'recipientSignature',
+            type: 'bytes',
+            internalType: 'bytes',
+          },
+        ],
+      },
+    ],
+    outputs: [
+      {
+        name: '',
+        type: 'bool',
+        internalType: 'bool',
+      },
+    ],
+    stateMutability: 'view',
+  },
+  {
+    type: 'error',
+    name: 'PermissionInvalid_Disabled',
+    inputs: [],
+  },
+  {
+    type: 'error',
+    name: 'PermissionInvalid_Expired',
+    inputs: [],
+  },
+  {
+    type: 'error',
+    name: 'PermissionInvalid_IssuerSignature',
+    inputs: [],
+  },
+  {
+    type: 'error',
+    name: 'PermissionInvalid_RecipientSignature',
+    inputs: [],
+  },
+] as const;

package/permits/permit.test.ts

@@ -46,6 +46,7 @@ describe('PermitUtils Tests', () => {
 
       const permit = PermitUtils.createSelf(options);
 
+      expect(permit.hash).toBe(PermitUtils.getHash(permit));
       expect(permit.type).toBe('self');
       expect(permit.name).toBe('Test Permit');
       expect(permit.type).toBe('self');
@@ -81,6 +82,7 @@ describe('PermitUtils Tests', () => {
 
       const permit = PermitUtils.createSharing(options);
 
+      expect(permit.hash).toBe(PermitUtils.getHash(permit));
       expect(permit.type).toBe('sharing');
       expect(permit.name).toBe('Test Sharing Permit');
       expect(permit.type).toBe('sharing');
@@ -111,6 +113,7 @@ describe('PermitUtils Tests', () => {
     it('should import a shared permit with valid options', async () => {
       const options: ImportSharedPermitOptions = {
         issuer: bobAddress,
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
         recipient: aliceAddress,
         issuerSignature: '0x1234567890abcdef',
         name: 'Test Import Permit',
@@ -118,6 +121,7 @@ describe('PermitUtils Tests', () => {
 
       const permit = PermitUtils.importShared(options);
 
+      expect(permit.hash).toBe(PermitUtils.getHash(permit));
       expect(permit.type).toBe('recipient');
       expect(permit.name).toBe('Test Import Permit');
       expect(permit.issuer).toBe(bobAddress);
@@ -134,6 +138,7 @@ describe('PermitUtils Tests', () => {
     it('should import a shared permit with valid options as string', async () => {
       const options: ImportSharedPermitOptions = {
         issuer: bobAddress,
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
         recipient: aliceAddress,
         issuerSignature: '0x1234567890abcdef',
       };
@@ -168,6 +173,7 @@ describe('PermitUtils Tests', () => {
     it('should throw error for missing issuerSignature', async () => {
       const options: ImportSharedPermitOptions = {
         issuer: bobAddress,
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
         recipient: aliceAddress,
         issuerSignature: '0x', // Invalid empty signature
         name: 'Test Import Permit',
@@ -175,6 +181,15 @@ describe('PermitUtils Tests', () => {
 
       expect(() => PermitUtils.importShared(options)).toThrow();
     });
+
+    it('should throw error for missing expiration', async () => {
+      const options = {
+        issuer: bobAddress,
+        recipient: aliceAddress,
+        issuerSignature: '0x1234567890abcdef',
+      } as unknown as ImportSharedPermitOptions;
+      expect(() => PermitUtils.importShared(options)).toThrow();
+    });
   });
 
   describe('createSelfAndSign', () => {
@@ -217,6 +232,7 @@ describe('PermitUtils Tests', () => {
       const options: ImportSharedPermitOptions = {
         issuer: bobAddress,
         recipient: aliceAddress,
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
         issuerSignature: '0x1234567890abcdef',
         name: 'Test Import Permit',
       };
@@ -233,6 +249,7 @@ describe('PermitUtils Tests', () => {
       const options: ImportSharedPermitOptions = {
         issuer: bobAddress,
         recipient: aliceAddress,
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
         issuerSignature: '0x1234567890abcdef',
       };
 
@@ -250,6 +267,7 @@ describe('PermitUtils Tests', () => {
       const options: ImportSharedPermitOptions = {
         issuer: bobAddress,
         recipient: aliceAddress,
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
         issuerSignature: '0x1234567890abcdef',
       };
 
@@ -283,7 +301,8 @@ describe('PermitUtils Tests', () => {
       const permit = PermitUtils.importShared({
         issuer: bobAddress,
         recipient: aliceAddress,
-        issuerSignature: '0xexisting-signature',
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
+        issuerSignature: '0x1111111111111111111111111111111111111111111111111111111111111111',
         name: 'Test Permit',
       });
 
@@ -361,10 +380,7 @@ describe('PermitUtils Tests', () => {
         name: 'Test Permit',
       });
 
-      const hash1 = PermitUtils.getHash(permit1);
-      const hash2 = PermitUtils.getHash(permit2);
-
-      expect(hash1).toBe(hash2);
+      expect(permit1.hash).toBe(permit2.hash);
     });
   });
 
@@ -473,5 +489,35 @@ describe('PermitUtils Tests', () => {
 
       expect(typeof isValid).toBe('boolean');
     }, 10000); // 10 second timeout for network call
+
+    // TODO: Uncomment when updated ACL with checkPermitValidity function is deployed
+
+    // it('should check permit validity on chain with real contract data', async () => {
+    //   const permit = PermitUtils.createSelf({
+    //     type: 'self',
+    //     issuer: bobAddress,
+    //     name: 'Test Permit',
+    //   });
+
+    //   const signedPermit = await PermitUtils.sign(permit, publicClient, bobWalletClient);
+
+    //   const isValid = await PermitUtils.checkValidityOnChain(signedPermit, publicClient);
+
+    //   expect(typeof isValid).toBe('boolean');
+    //   expect(isValid).toBe(true);
+
+    //   const permitInvalid = PermitUtils.createSelf({
+    //     type: 'self',
+    //     issuer: bobAddress,
+    //     name: 'Test Permit',
+    //     expiration: Math.floor(Date.now() / 1000) - 3600, // 1 hour ago
+    //   });
+
+    //   const signedPermitInvalid = await PermitUtils.sign(permitInvalid, publicClient, bobWalletClient);
+    //   const isValidInvalid = await PermitUtils.checkValidityOnChain(signedPermitInvalid, publicClient);
+
+    //   expect(typeof isValidInvalid).toBe('boolean');
+    //   expect(isValidInvalid).toBe(false);
+    // });
   });
 });

package/permits/permit.ts

@@ -11,6 +11,7 @@ import {
   type EIP712Domain,
   type Permission,
   type EthEncryptedData,
+  type PermitHashFields,
 } from './types.js';
 import {
   validateSelfPermitOptions,
@@ -21,8 +22,10 @@ import {
   validateImportPermit,
   ValidationUtils,
 } from './validation.js';
+import * as z from 'zod';
 import { SignatureUtils } from './signature.js';
 import { GenerateSealingKey, SealingKey } from './sealing.js';
+import { checkPermitValidityOnChain, getAclEIP712Domain } from './onchain-utils.js';
 
 /**
  * Main Permit utilities - functional approach for React compatibility
@@ -34,17 +37,12 @@ export const PermitUtils = {
   createSelf: (options: CreateSelfPermitOptions): SelfPermit => {
     const validation = validateSelfPermitOptions(options);
 
-    if (!validation.success) {
-      throw new Error(
-        'PermitUtils :: createSelf :: Parsing SelfPermitOptions failed ' + JSON.stringify(validation.error, null, 2)
-      );
-    }
-
     // Always generate a new sealing key - users cannot provide their own
     const sealingPair = GenerateSealingKey();
 
     const permit = {
-      ...validation.data,
+      hash: PermitUtils.getHash(validation),
+      ...validation,
       sealingPair,
       _signedDomain: undefined,
     } satisfies SelfPermit;
@@ -58,18 +56,12 @@ export const PermitUtils = {
   createSharing: (options: CreateSharingPermitOptions): SharingPermit => {
     const validation = validateSharingPermitOptions(options);
 
-    if (!validation.success) {
-      throw new Error(
-        'PermitUtils :: createSharing :: Parsing SharingPermitOptions failed ' +
-          JSON.stringify(validation.error, null, 2)
-      );
-    }
-
     // Always generate a new sealing key - users cannot provide their own
     const sealingPair = GenerateSealingKey();
 
     const permit = {
-      ...validation.data,
+      hash: PermitUtils.getHash(validation),
+      ...validation,
       sealingPair,
       _signedDomain: undefined,
     } satisfies SharingPermit;
@@ -89,35 +81,28 @@ export const PermitUtils = {
       try {
         parsedOptions = JSON.parse(options);
       } catch (error) {
-        throw new Error(`PermitUtils :: importShared :: Failed to parse JSON string: ${error}`);
+        throw new Error(`Failed to parse JSON string: ${error}`);
       }
     } else if (typeof options === 'object' && options !== null) {
       // Handle both ImportSharedPermitOptions and any object
       parsedOptions = options;
     } else {
-      throw new Error(
-        'PermitUtils :: importShared :: Invalid input type, expected ImportSharedPermitOptions, object, or string'
-      );
+      throw new Error('Invalid input type, expected ImportSharedPermitOptions, object, or string');
     }
 
     // Validate type if provided
     if (parsedOptions.type != null && parsedOptions.type !== 'sharing') {
-      throw new Error(`PermitUtils :: importShared :: Invalid permit type <${parsedOptions.type}>, must be "sharing"`);
+      throw new Error(`Invalid permit type <${parsedOptions.type}>, must be "sharing"`);
     }
 
     const validation = validateImportPermitOptions({ ...parsedOptions, type: 'recipient' });
 
-    if (!validation.success) {
-      throw new Error(
-        'PermitUtils :: importShared :: Parsing ImportPermitOptions failed ' + JSON.stringify(validation.error, null, 2)
-      );
-    }
-
     // Always generate a new sealing key - users cannot provide their own
     const sealingPair = GenerateSealingKey();
 
     const permit = {
-      ...validation.data,
+      hash: PermitUtils.getHash(validation),
+      ...validation,
       sealingPair,
       _signedDomain: undefined,
     } satisfies RecipientPermit;
@@ -131,12 +116,12 @@ export const PermitUtils = {
   sign: async <T extends Permit>(permit: T, publicClient: PublicClient, walletClient: WalletClient): Promise<T> => {
     if (walletClient == null || walletClient.account == null) {
       throw new Error(
-        'PermitUtils :: sign - walletClient undefined, you must pass in a `walletClient` for the connected user to create a permit signature'
+        'Missing walletClient, you must pass in a `walletClient` for the connected user to create a permit signature'
       );
     }
 
     const primaryType = SignatureUtils.getPrimaryType(permit.type);
-    const domain = await PermitUtils.fetchEIP712Domain(publicClient);
+    const domain = await getAclEIP712Domain(publicClient);
     const { types, message } = SignatureUtils.getSignatureParams(PermitUtils.getPermission(permit, true), primaryType);
 
     const signature = await walletClient.signTypedData({
@@ -216,6 +201,7 @@ export const PermitUtils = {
    */
   serialize: (permit: Permit): SerializedPermit => {
     return {
+      hash: permit.hash,
       name: permit.name,
       type: permit.type,
       issuer: permit.issuer,
@@ -241,7 +227,7 @@ export const PermitUtils = {
     } else if (permit.type === 'recipient') {
       return validateImportPermit(permit);
     } else {
-      throw new Error('PermitUtils :: validate :: Invalid permit type');
+      throw new Error('Invalid permit type');
     }
   },
 
@@ -250,13 +236,7 @@ export const PermitUtils = {
    */
   getPermission: (permit: Permit, skipValidation = false): Permission => {
     if (!skipValidation) {
-      const validationResult = PermitUtils.validate(permit);
-
-      if (!validationResult.success) {
-        throw new Error(
-          `PermitUtils :: getPermission :: permit validation failed - ${JSON.stringify(validationResult.error, null, 2)} ${JSON.stringify(permit, null, 2)}`
-        );
-      }
+      PermitUtils.validate(permit);
     }
 
     return {
@@ -274,7 +254,7 @@ export const PermitUtils = {
   /**
    * Get a stable hash for the permit (used as key in storage)
    */
-  getHash: (permit: Permit): string => {
+  getHash: (permit: PermitHashFields): string => {
     const data = JSON.stringify({
       type: permit.type,
       issuer: permit.issuer,
@@ -345,41 +325,7 @@ export const PermitUtils = {
    * Fetch EIP712 domain from the blockchain
    */
   fetchEIP712Domain: async (publicClient: PublicClient): Promise<EIP712Domain> => {
-    // Hardcoded constants from the original implementation
-    const TASK_MANAGER_ADDRESS = '0xeA30c4B8b44078Bbf8a6ef5b9f1eC1626C7848D9';
-    const ACL_IFACE = 'function acl() view returns (address)';
-    const EIP712_DOMAIN_IFACE =
-      'function eip712Domain() public view returns (bytes1 fields, string name, string version, uint256 chainId, address verifyingContract, bytes32 salt, uint256[] extensions)';
-
-    // Parse the ABI for the ACL function
-    const aclAbi = parseAbi([ACL_IFACE]);
-
-    // Get the ACL address
-    const aclAddress = (await publicClient.readContract({
-      address: TASK_MANAGER_ADDRESS as `0x${string}`,
-      abi: aclAbi,
-      functionName: 'acl',
-    })) as `0x${string}`;
-
-    // Parse the ABI for the EIP712 domain function
-    const domainAbi = parseAbi([EIP712_DOMAIN_IFACE]);
-
-    // Get the EIP712 domain
-    const domain = await publicClient.readContract({
-      address: aclAddress,
-      abi: domainAbi,
-      functionName: 'eip712Domain',
-    });
-
-    // eslint-disable-next-line no-unused-vars
-    const [_fields, name, version, chainId, verifyingContract, _salt, _extensions] = domain;
-
-    return {
-      name,
-      version,
-      chainId: Number(chainId),
-      verifyingContract,
-    };
+    return getAclEIP712Domain(publicClient);
   },
 
   /**
@@ -399,7 +345,15 @@ export const PermitUtils = {
    */
   checkSignedDomainValid: async (permit: Permit, publicClient: PublicClient): Promise<boolean> => {
     if (permit._signedDomain == null) return false;
-    const domain = await PermitUtils.fetchEIP712Domain(publicClient);
+    const domain = await getAclEIP712Domain(publicClient);
     return PermitUtils.matchesDomain(permit, domain);
   },
+
+  /**
+   * Check if permit passes the on-chain validation
+   */
+  checkValidityOnChain: async (permit: Permit, publicClient: PublicClient): Promise<boolean> => {
+    const permission = PermitUtils.getPermission(permit);
+    return checkPermitValidityOnChain(permission, publicClient);
+  },
 };