@metamask/smart-accounts-kit 1.5.0 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +47 -25
- package/dist/actions/index.cjs +5 -6
- package/dist/actions/index.cjs.map +1 -1
- package/dist/actions/index.d.cts +3 -3
- package/dist/actions/index.d.ts +3 -3
- package/dist/actions/index.mjs +4 -5
- package/dist/{caveats-DQ6HoAHe.d.ts → caveats-B2OssjV4.d.ts} +1 -2
- package/dist/{caveats-CaSt_VHs.d.cts → caveats-gqMBZKkI.d.cts} +1 -2
- package/dist/{chunk-SOFB2MXG.cjs → chunk-2OS36DVV.cjs} +8 -1
- package/dist/chunk-2OS36DVV.cjs.map +1 -0
- package/dist/{chunk-XEOE25DE.cjs → chunk-2ZOWIAP3.cjs} +98 -68
- package/dist/chunk-2ZOWIAP3.cjs.map +1 -0
- package/dist/{chunk-BGOSYTKV.mjs → chunk-AZYTTGON.mjs} +38 -8
- package/dist/chunk-AZYTTGON.mjs.map +1 -0
- package/dist/{chunk-SCS3CFRE.cjs → chunk-DCI2AN4N.cjs} +15 -17
- package/dist/chunk-DCI2AN4N.cjs.map +1 -0
- package/dist/{chunk-DN4O5VOP.cjs → chunk-EPU4O7FY.cjs} +158 -151
- package/dist/chunk-EPU4O7FY.cjs.map +1 -0
- package/dist/{chunk-QCULIK3O.mjs → chunk-GMGJRC3D.mjs} +8 -1
- package/dist/chunk-GMGJRC3D.mjs.map +1 -0
- package/dist/chunk-IMO6XNDJ.mjs +14 -0
- package/dist/chunk-IMO6XNDJ.mjs.map +1 -0
- package/dist/chunk-IQT6XFDT.cjs +14 -0
- package/dist/chunk-IQT6XFDT.cjs.map +1 -0
- package/dist/{chunk-FH6HZCHI.cjs → chunk-JKVSTPEC.cjs} +200 -18
- package/dist/chunk-JKVSTPEC.cjs.map +1 -0
- package/dist/{chunk-N66VAWMO.mjs → chunk-K7GTZGKJ.mjs} +2 -2
- package/dist/{chunk-TBHT26BV.mjs → chunk-L3EZCIY6.mjs} +67 -60
- package/dist/chunk-L3EZCIY6.mjs.map +1 -0
- package/dist/{chunk-7FYDQNJ3.cjs → chunk-PQPAEHJZ.cjs} +12 -12
- package/dist/{chunk-7FYDQNJ3.cjs.map → chunk-PQPAEHJZ.cjs.map} +1 -1
- package/dist/{chunk-MV2KHN75.mjs → chunk-TNGQTVSY.mjs} +163 -35
- package/dist/chunk-TNGQTVSY.mjs.map +1 -0
- package/dist/{chunk-YXHUT56Z.mjs → chunk-UJQ3JN3U.mjs} +4 -6
- package/dist/{chunk-YXHUT56Z.mjs.map → chunk-UJQ3JN3U.mjs.map} +1 -1
- package/dist/{chunk-IBZSNB7D.cjs → chunk-W6HPAK4M.cjs} +202 -74
- package/dist/chunk-W6HPAK4M.cjs.map +1 -0
- package/dist/{chunk-W7O2UQL5.mjs → chunk-YVU66KSH.mjs} +188 -6
- package/dist/chunk-YVU66KSH.mjs.map +1 -0
- package/dist/contracts/index.cjs +5 -6
- package/dist/contracts/index.cjs.map +1 -1
- package/dist/contracts/index.d.cts +4 -4
- package/dist/contracts/index.d.ts +4 -4
- package/dist/contracts/index.mjs +4 -5
- package/dist/{delegation-DbPGWKfP.d.ts → decodeRevertReason-CmmCpmZ_.d.cts} +11 -3
- package/dist/{delegation-BKkEyxZY.d.cts → decodeRevertReason-dOTpJx2h.d.ts} +11 -3
- package/dist/experimental/index.cjs +364 -9
- package/dist/experimental/index.cjs.map +1 -1
- package/dist/experimental/index.d.cts +39 -3
- package/dist/experimental/index.d.ts +39 -3
- package/dist/experimental/index.mjs +357 -2
- package/dist/experimental/index.mjs.map +1 -1
- package/dist/index-B1Cmezvh.d.cts +61 -0
- package/dist/{index-DXdlz7t4.d.ts → index-BkgdU4LI.d.ts} +99 -93
- package/dist/{index-G78z6nwi.d.ts → index-DUJmm8Wz.d.ts} +13 -5
- package/dist/{index-yU3olCJV.d.cts → index-Dv4jPzhe.d.cts} +99 -93
- package/dist/index-LqiEgBjV.d.ts +61 -0
- package/dist/{index-DfDAuvr5.d.cts → index-X7Qn3JTg.d.cts} +13 -5
- package/dist/index.cjs +22 -24
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +8 -8
- package/dist/index.d.ts +8 -8
- package/dist/index.mjs +9 -11
- package/dist/index.mjs.map +1 -1
- package/dist/{resolveCaveats-DiqGB-T5.d.cts → resolveCaveats-A9xC29l8.d.cts} +160 -62
- package/dist/{resolveCaveats-s2snaFEo.d.ts → resolveCaveats-A9xC29l8.d.ts} +160 -62
- package/dist/utils/index.cjs +13 -6
- package/dist/utils/index.cjs.map +1 -1
- package/dist/utils/index.d.cts +8 -5
- package/dist/utils/index.d.ts +8 -5
- package/dist/utils/index.mjs +16 -9
- package/package.json +7 -6
- package/dist/chunk-4QXIOE7F.mjs +0 -79
- package/dist/chunk-4QXIOE7F.mjs.map +0 -1
- package/dist/chunk-BGOSYTKV.mjs.map +0 -1
- package/dist/chunk-DN4O5VOP.cjs.map +0 -1
- package/dist/chunk-FH6HZCHI.cjs.map +0 -1
- package/dist/chunk-IBZSNB7D.cjs.map +0 -1
- package/dist/chunk-MOHCTPYQ.cjs +0 -79
- package/dist/chunk-MOHCTPYQ.cjs.map +0 -1
- package/dist/chunk-MV2KHN75.mjs.map +0 -1
- package/dist/chunk-QCULIK3O.mjs.map +0 -1
- package/dist/chunk-SCS3CFRE.cjs.map +0 -1
- package/dist/chunk-SOFB2MXG.cjs.map +0 -1
- package/dist/chunk-TBHT26BV.mjs.map +0 -1
- package/dist/chunk-W7O2UQL5.mjs.map +0 -1
- package/dist/chunk-XEOE25DE.cjs.map +0 -1
- package/dist/types-BWaH4KH1.d.cts +0 -155
- package/dist/types-BWaH4KH1.d.ts +0 -155
- /package/dist/{chunk-N66VAWMO.mjs.map → chunk-K7GTZGKJ.mjs.map} +0 -0
|
@@ -1,7 +1,20 @@
|
|
|
1
|
-
"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }
|
|
1
|
+
"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } async function _asyncNullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return await rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }
|
|
2
2
|
|
|
3
|
+
var _chunkIQT6XFDTcjs = require('../chunk-IQT6XFDT.cjs');
|
|
4
|
+
require('../chunk-DCI2AN4N.cjs');
|
|
3
5
|
|
|
4
|
-
|
|
6
|
+
|
|
7
|
+
var _chunk2OS36DVVcjs = require('../chunk-2OS36DVV.cjs');
|
|
8
|
+
require('../chunk-JKVSTPEC.cjs');
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
|
|
17
|
+
var _chunkW6HPAK4Mcjs = require('../chunk-W6HPAK4M.cjs');
|
|
5
18
|
|
|
6
19
|
// src/experimental/delegationStorage.ts
|
|
7
20
|
var _viem = require('viem');
|
|
@@ -22,7 +35,7 @@ var DelegationStorageClient = class {
|
|
|
22
35
|
#apiUrl;
|
|
23
36
|
constructor(config) {
|
|
24
37
|
const { apiUrl } = config.environment;
|
|
25
|
-
|
|
38
|
+
_chunkW6HPAK4Mcjs.trackSmartAccountsKitFunctionCall.call(void 0,
|
|
26
39
|
"experimental.DelegationStorageClient.constructor",
|
|
27
40
|
{
|
|
28
41
|
environment: getDelegationStorageEnvironment(apiUrl)
|
|
@@ -68,13 +81,13 @@ var DelegationStorageClient = class {
|
|
|
68
81
|
* is not found.
|
|
69
82
|
*/
|
|
70
83
|
async getDelegationChain(leafDelegationOrDelegationHash) {
|
|
71
|
-
|
|
84
|
+
_chunkW6HPAK4Mcjs.trackSmartAccountsKitFunctionCall.call(void 0,
|
|
72
85
|
"experimental.DelegationStorageClient.getDelegationChain",
|
|
73
86
|
{
|
|
74
87
|
inputKind: typeof leafDelegationOrDelegationHash === "string" ? "hash" : "delegation"
|
|
75
88
|
}
|
|
76
89
|
);
|
|
77
|
-
const leafDelegationHash = typeof leafDelegationOrDelegationHash === "string" ? leafDelegationOrDelegationHash :
|
|
90
|
+
const leafDelegationHash = typeof leafDelegationOrDelegationHash === "string" ? leafDelegationOrDelegationHash : _chunkW6HPAK4Mcjs.hashDelegation.call(void 0, leafDelegationOrDelegationHash);
|
|
78
91
|
const response = await this.#fetcher(
|
|
79
92
|
`${this.#apiUrl}/delegation/chain/${leafDelegationHash}`,
|
|
80
93
|
{
|
|
@@ -104,7 +117,7 @@ var DelegationStorageClient = class {
|
|
|
104
117
|
* empty array if the delegations are not found.
|
|
105
118
|
*/
|
|
106
119
|
async fetchDelegations(deleGatorAddress, filterMode = "RECEIVED" /* Received */) {
|
|
107
|
-
|
|
120
|
+
_chunkW6HPAK4Mcjs.trackSmartAccountsKitFunctionCall.call(void 0,
|
|
108
121
|
"experimental.DelegationStorageClient.fetchDelegations",
|
|
109
122
|
{ filterMode }
|
|
110
123
|
);
|
|
@@ -131,14 +144,14 @@ var DelegationStorageClient = class {
|
|
|
131
144
|
* @returns A promise that resolves to the delegation hash indicating successful storage.
|
|
132
145
|
*/
|
|
133
146
|
async storeDelegation(delegation) {
|
|
134
|
-
|
|
147
|
+
_chunkW6HPAK4Mcjs.trackSmartAccountsKitFunctionCall.call(void 0,
|
|
135
148
|
"experimental.DelegationStorageClient.storeDelegation",
|
|
136
149
|
{ caveatCount: delegation.caveats.length }
|
|
137
150
|
);
|
|
138
151
|
if (!delegation.signature || delegation.signature === "0x") {
|
|
139
152
|
throw new Error("Delegation must be signed to be stored");
|
|
140
153
|
}
|
|
141
|
-
const delegationHash =
|
|
154
|
+
const delegationHash = _chunkW6HPAK4Mcjs.hashDelegation.call(void 0, delegation);
|
|
142
155
|
const body = JSON.stringify(
|
|
143
156
|
{
|
|
144
157
|
...delegation,
|
|
@@ -169,7 +182,349 @@ var DelegationStorageClient = class {
|
|
|
169
182
|
}
|
|
170
183
|
};
|
|
171
184
|
|
|
185
|
+
// src/experimental/x402DelegationProviderUtils.ts
|
|
186
|
+
|
|
187
|
+
|
|
188
|
+
|
|
189
|
+
|
|
190
|
+
|
|
191
|
+
|
|
192
|
+
var _delegationcore = require('@metamask/delegation-core');
|
|
193
|
+
var _utils = require('@metamask/utils');
|
|
194
|
+
|
|
195
|
+
async function resolveMaybeDeferred(maybeDeferred, requirements) {
|
|
196
|
+
if (typeof maybeDeferred === "function") {
|
|
197
|
+
const deferred = maybeDeferred;
|
|
198
|
+
return await deferred(requirements);
|
|
199
|
+
}
|
|
200
|
+
return maybeDeferred;
|
|
201
|
+
}
|
|
202
|
+
function parseEip155ChainId(network) {
|
|
203
|
+
const { namespace, reference } = _utils.parseCaipChainId.call(void 0,
|
|
204
|
+
network
|
|
205
|
+
);
|
|
206
|
+
if (namespace !== "eip155") {
|
|
207
|
+
throw new Error("Unsupported chain namespace");
|
|
208
|
+
}
|
|
209
|
+
const parsedChainId = Number(reference);
|
|
210
|
+
if (isNaN(parsedChainId)) {
|
|
211
|
+
throw new Error("Invalid chain id");
|
|
212
|
+
}
|
|
213
|
+
return parsedChainId;
|
|
214
|
+
}
|
|
215
|
+
var TRANSFER_PAYEE_INDEX = 4;
|
|
216
|
+
var normalizeAddress = (address) => address.toLowerCase();
|
|
217
|
+
var hasMatchingCaveats = (caveats, delegations, match) => {
|
|
218
|
+
for (const caveat of caveats) {
|
|
219
|
+
if (match(caveat)) {
|
|
220
|
+
return true;
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
for (const delegation of delegations) {
|
|
224
|
+
for (const caveat of delegation.caveats) {
|
|
225
|
+
if (match(caveat)) {
|
|
226
|
+
return true;
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
return false;
|
|
231
|
+
};
|
|
232
|
+
var ensureExpirySufficientlyConstrained = ({
|
|
233
|
+
timestampEnforcer,
|
|
234
|
+
caveats,
|
|
235
|
+
existingDelegations,
|
|
236
|
+
expirySeconds
|
|
237
|
+
}) => {
|
|
238
|
+
if (expirySeconds < 0) {
|
|
239
|
+
throw new Error("Expiry seconds must be a positive number");
|
|
240
|
+
}
|
|
241
|
+
const beforeThreshold = Math.floor(Date.now() / 1e3) + expirySeconds;
|
|
242
|
+
const timestampEnforcerNormalized = normalizeAddress(timestampEnforcer);
|
|
243
|
+
const hasSupersedingTimestampConstraint = hasMatchingCaveats(
|
|
244
|
+
caveats,
|
|
245
|
+
existingDelegations,
|
|
246
|
+
(caveat) => {
|
|
247
|
+
if (normalizeAddress(caveat.enforcer) !== timestampEnforcerNormalized) {
|
|
248
|
+
return false;
|
|
249
|
+
}
|
|
250
|
+
const { beforeThreshold: existingBeforeThreshold } = _delegationcore.decodeTimestampTerms.call(void 0,
|
|
251
|
+
caveat.terms
|
|
252
|
+
);
|
|
253
|
+
return existingBeforeThreshold !== 0 && existingBeforeThreshold <= beforeThreshold;
|
|
254
|
+
}
|
|
255
|
+
);
|
|
256
|
+
if (hasSupersedingTimestampConstraint) {
|
|
257
|
+
return caveats;
|
|
258
|
+
}
|
|
259
|
+
const timestampCaveat = {
|
|
260
|
+
enforcer: timestampEnforcer,
|
|
261
|
+
terms: _delegationcore.createTimestampTerms.call(void 0, {
|
|
262
|
+
afterThreshold: 0,
|
|
263
|
+
beforeThreshold
|
|
264
|
+
}),
|
|
265
|
+
args: "0x"
|
|
266
|
+
};
|
|
267
|
+
return [...caveats, timestampCaveat];
|
|
268
|
+
};
|
|
269
|
+
var ensureRedeemerSufficientlyConstrained = ({
|
|
270
|
+
redeemerEnforcer,
|
|
271
|
+
caveats,
|
|
272
|
+
existingDelegations,
|
|
273
|
+
redeemerAddresses,
|
|
274
|
+
requireRedeemers
|
|
275
|
+
}) => {
|
|
276
|
+
const redeemerAddressNormalized = normalizeAddress(redeemerEnforcer);
|
|
277
|
+
if (redeemerAddresses.length === 0) {
|
|
278
|
+
if (!requireRedeemers) {
|
|
279
|
+
return caveats;
|
|
280
|
+
}
|
|
281
|
+
const hasExistingRedeemerCaveat = hasMatchingCaveats(
|
|
282
|
+
caveats,
|
|
283
|
+
existingDelegations,
|
|
284
|
+
({ enforcer }) => normalizeAddress(enforcer) === redeemerAddressNormalized
|
|
285
|
+
);
|
|
286
|
+
if (!hasExistingRedeemerCaveat) {
|
|
287
|
+
throw new Error(
|
|
288
|
+
"Redeemer must be constrained, either in the specified `caveats`, `parentPermissionContext`, or the `PaymentRequirements` as `extra.facilitatorAddresses`."
|
|
289
|
+
);
|
|
290
|
+
}
|
|
291
|
+
return caveats;
|
|
292
|
+
}
|
|
293
|
+
const redeemerAddressesNormalized = redeemerAddresses.map(normalizeAddress);
|
|
294
|
+
const redeemerAddressesSet = new Set(redeemerAddressesNormalized);
|
|
295
|
+
const hasSupersedingRedeemerCaveat = hasMatchingCaveats(
|
|
296
|
+
caveats,
|
|
297
|
+
existingDelegations,
|
|
298
|
+
(caveat) => {
|
|
299
|
+
if (normalizeAddress(caveat.enforcer) !== redeemerAddressNormalized) {
|
|
300
|
+
return false;
|
|
301
|
+
}
|
|
302
|
+
const allowedRedeemerAddresses = _delegationcore.decodeRedeemerTerms.call(void 0,
|
|
303
|
+
caveat.terms
|
|
304
|
+
).redeemers.map(normalizeAddress);
|
|
305
|
+
return allowedRedeemerAddresses.every(
|
|
306
|
+
(item) => redeemerAddressesSet.has(item)
|
|
307
|
+
);
|
|
308
|
+
}
|
|
309
|
+
);
|
|
310
|
+
if (hasSupersedingRedeemerCaveat) {
|
|
311
|
+
return caveats;
|
|
312
|
+
}
|
|
313
|
+
const redeemerCaveat = {
|
|
314
|
+
enforcer: redeemerEnforcer,
|
|
315
|
+
terms: _delegationcore.createRedeemerTerms.call(void 0, { redeemers: redeemerAddresses }),
|
|
316
|
+
args: "0x"
|
|
317
|
+
};
|
|
318
|
+
return [...caveats, redeemerCaveat];
|
|
319
|
+
};
|
|
320
|
+
var ensurePayeeSufficientlyConstrained = ({
|
|
321
|
+
allowedCalldataEnforcer,
|
|
322
|
+
caveats,
|
|
323
|
+
existingDelegations,
|
|
324
|
+
payee
|
|
325
|
+
}) => {
|
|
326
|
+
const allowedCalldataTerms = _delegationcore.createAllowedCalldataTerms.call(void 0, {
|
|
327
|
+
startIndex: TRANSFER_PAYEE_INDEX,
|
|
328
|
+
value: _viem.pad.call(void 0, payee, { size: 32 })
|
|
329
|
+
});
|
|
330
|
+
const allowedCalldataEnforcerNormalized = normalizeAddress(
|
|
331
|
+
allowedCalldataEnforcer
|
|
332
|
+
);
|
|
333
|
+
const lowercaseCalldataTerms = allowedCalldataTerms.toLowerCase();
|
|
334
|
+
const hasSupersedingAllowedCalldataConstraint = hasMatchingCaveats(
|
|
335
|
+
caveats,
|
|
336
|
+
existingDelegations,
|
|
337
|
+
({ enforcer, terms }) => normalizeAddress(enforcer) === allowedCalldataEnforcerNormalized && terms.toLowerCase() === lowercaseCalldataTerms
|
|
338
|
+
);
|
|
339
|
+
if (hasSupersedingAllowedCalldataConstraint) {
|
|
340
|
+
return caveats;
|
|
341
|
+
}
|
|
342
|
+
const payeeCaveat = {
|
|
343
|
+
enforcer: allowedCalldataEnforcer,
|
|
344
|
+
terms: allowedCalldataTerms,
|
|
345
|
+
args: "0x"
|
|
346
|
+
};
|
|
347
|
+
return [...caveats, payeeCaveat];
|
|
348
|
+
};
|
|
349
|
+
var resolvex402DelegationCaveats = ({
|
|
350
|
+
environment,
|
|
351
|
+
caveatsConfig,
|
|
352
|
+
existingDelegations,
|
|
353
|
+
facilitatorAddresses,
|
|
354
|
+
payee,
|
|
355
|
+
expirySeconds,
|
|
356
|
+
requireRedeemers,
|
|
357
|
+
redeemerAddresses
|
|
358
|
+
}) => {
|
|
359
|
+
const {
|
|
360
|
+
caveatEnforcers: {
|
|
361
|
+
RedeemerEnforcer: redeemerEnforcer,
|
|
362
|
+
AllowedCalldataEnforcer: allowedCalldataEnforcer,
|
|
363
|
+
TimestampEnforcer: timestampEnforcer
|
|
364
|
+
}
|
|
365
|
+
} = environment;
|
|
366
|
+
if (!redeemerEnforcer) {
|
|
367
|
+
throw new Error("RedeemerEnforcer not found in environment");
|
|
368
|
+
}
|
|
369
|
+
if (!allowedCalldataEnforcer) {
|
|
370
|
+
throw new Error("AllowedCalldataEnforcer not found in environment");
|
|
371
|
+
}
|
|
372
|
+
if (!timestampEnforcer) {
|
|
373
|
+
throw new Error("TimestampEnforcer not found in environment");
|
|
374
|
+
}
|
|
375
|
+
const initialCaveats = _chunkW6HPAK4Mcjs.resolveCaveats.call(void 0, {
|
|
376
|
+
environment,
|
|
377
|
+
caveats: caveatsConfig,
|
|
378
|
+
// Resolve caveats first so downstream constraint checks can append as needed.
|
|
379
|
+
// Scope is still attached later during delegation creation.
|
|
380
|
+
isScopeOptional: true
|
|
381
|
+
});
|
|
382
|
+
const allRedeemerAddresses = new Set(
|
|
383
|
+
[..._nullishCoalesce(facilitatorAddresses, () => ( [])), ..._nullishCoalesce(redeemerAddresses, () => ( []))].map(
|
|
384
|
+
normalizeAddress
|
|
385
|
+
)
|
|
386
|
+
);
|
|
387
|
+
const caveatsWithRedeemer = ensureRedeemerSufficientlyConstrained({
|
|
388
|
+
redeemerEnforcer,
|
|
389
|
+
caveats: initialCaveats,
|
|
390
|
+
existingDelegations,
|
|
391
|
+
redeemerAddresses: Array.from(allRedeemerAddresses),
|
|
392
|
+
requireRedeemers
|
|
393
|
+
});
|
|
394
|
+
const caveatsWithPayee = ensurePayeeSufficientlyConstrained({
|
|
395
|
+
allowedCalldataEnforcer,
|
|
396
|
+
caveats: caveatsWithRedeemer,
|
|
397
|
+
existingDelegations,
|
|
398
|
+
payee
|
|
399
|
+
});
|
|
400
|
+
if (expirySeconds === void 0) {
|
|
401
|
+
return caveatsWithPayee;
|
|
402
|
+
}
|
|
403
|
+
return ensureExpirySufficientlyConstrained({
|
|
404
|
+
timestampEnforcer,
|
|
405
|
+
caveats: caveatsWithPayee,
|
|
406
|
+
existingDelegations,
|
|
407
|
+
expirySeconds
|
|
408
|
+
});
|
|
409
|
+
};
|
|
410
|
+
var resolveDelegationCreationContext = async (config, requirements) => {
|
|
411
|
+
const account = await resolveMaybeDeferred(config.account, requirements);
|
|
412
|
+
const redeemersConfig = await resolveMaybeDeferred(
|
|
413
|
+
config.redeemers,
|
|
414
|
+
requirements
|
|
415
|
+
);
|
|
416
|
+
const requireRedeemers = _nullishCoalesce(_optionalChain([redeemersConfig, 'optionalAccess', _3 => _3.requireRedeemers]), () => ( false));
|
|
417
|
+
const redeemerAddresses = await resolveMaybeDeferred(
|
|
418
|
+
_optionalChain([redeemersConfig, 'optionalAccess', _4 => _4.addresses]),
|
|
419
|
+
requirements
|
|
420
|
+
);
|
|
421
|
+
const specifiedEnvironment = await resolveMaybeDeferred(
|
|
422
|
+
config.environment,
|
|
423
|
+
requirements
|
|
424
|
+
);
|
|
425
|
+
const environment = _nullishCoalesce(specifiedEnvironment, () => ( _chunk2OS36DVVcjs.getSmartAccountsEnvironment.call(void 0, parseEip155ChainId(requirements.network))));
|
|
426
|
+
const caveatsConfig = await resolveMaybeDeferred(
|
|
427
|
+
config.caveats,
|
|
428
|
+
requirements
|
|
429
|
+
);
|
|
430
|
+
const parentPermissionContext = await resolveMaybeDeferred(config.parentPermissionContext, requirements);
|
|
431
|
+
const expirySeconds = await resolveMaybeDeferred(
|
|
432
|
+
config.expirySeconds,
|
|
433
|
+
requirements
|
|
434
|
+
);
|
|
435
|
+
const from = await _asyncNullishCoalesce(await resolveMaybeDeferred(config.from, requirements), async () => ( account.address));
|
|
436
|
+
const salt = await _asyncNullishCoalesce(await resolveMaybeDeferred(config.salt, requirements), async () => ( _chunkIQT6XFDTcjs.generateSalt.call(void 0, )));
|
|
437
|
+
const scope = {
|
|
438
|
+
type: "erc20TransferAmount" /* Erc20TransferAmount */,
|
|
439
|
+
tokenAddress: requirements.asset,
|
|
440
|
+
maxAmount: BigInt(requirements.amount)
|
|
441
|
+
};
|
|
442
|
+
const facilitatorAddresses = _optionalChain([requirements, 'access', _5 => _5.extra, 'optionalAccess', _6 => _6.facilitatorAddresses]);
|
|
443
|
+
const existingDelegations = parentPermissionContext ? _chunkW6HPAK4Mcjs.decodeDelegations.call(void 0, parentPermissionContext) : [];
|
|
444
|
+
const { DelegationManager: delegationManager } = environment;
|
|
445
|
+
const caveats = resolvex402DelegationCaveats({
|
|
446
|
+
environment,
|
|
447
|
+
caveatsConfig,
|
|
448
|
+
existingDelegations,
|
|
449
|
+
facilitatorAddresses,
|
|
450
|
+
payee: requirements.payTo,
|
|
451
|
+
expirySeconds,
|
|
452
|
+
requireRedeemers,
|
|
453
|
+
redeemerAddresses
|
|
454
|
+
});
|
|
455
|
+
let createDelegationConfig;
|
|
456
|
+
if (parentPermissionContext) {
|
|
457
|
+
const parentDelegation = existingDelegations[0];
|
|
458
|
+
if (!parentDelegation) {
|
|
459
|
+
throw new Error("Parent permission context is not a valid delegation");
|
|
460
|
+
}
|
|
461
|
+
createDelegationConfig = {
|
|
462
|
+
environment,
|
|
463
|
+
from,
|
|
464
|
+
caveats,
|
|
465
|
+
salt,
|
|
466
|
+
scope,
|
|
467
|
+
parentDelegation
|
|
468
|
+
};
|
|
469
|
+
} else {
|
|
470
|
+
createDelegationConfig = {
|
|
471
|
+
environment,
|
|
472
|
+
from,
|
|
473
|
+
caveats,
|
|
474
|
+
salt,
|
|
475
|
+
scope
|
|
476
|
+
};
|
|
477
|
+
}
|
|
478
|
+
const rootDelegator = _nullishCoalesce(_optionalChain([existingDelegations, 'access', _7 => _7[existingDelegations.length - 1], 'optionalAccess', _8 => _8.delegator]), () => ( from));
|
|
479
|
+
return {
|
|
480
|
+
account,
|
|
481
|
+
createDelegationConfig,
|
|
482
|
+
delegationManager,
|
|
483
|
+
existingDelegations,
|
|
484
|
+
rootDelegator
|
|
485
|
+
};
|
|
486
|
+
};
|
|
487
|
+
|
|
488
|
+
// src/experimental/x402DelegationProvider.ts
|
|
489
|
+
function createx402DelegationProvider(config) {
|
|
490
|
+
return async (requirements) => {
|
|
491
|
+
const {
|
|
492
|
+
account,
|
|
493
|
+
createDelegationConfig,
|
|
494
|
+
delegationManager,
|
|
495
|
+
existingDelegations,
|
|
496
|
+
rootDelegator
|
|
497
|
+
} = await resolveDelegationCreationContext(config, requirements);
|
|
498
|
+
const delegation = _chunkW6HPAK4Mcjs.createOpenDelegation.call(void 0, createDelegationConfig);
|
|
499
|
+
const chainId = parseEip155ChainId(requirements.network);
|
|
500
|
+
const typedData = _chunkW6HPAK4Mcjs.prepareSignDelegationTypedData.call(void 0, {
|
|
501
|
+
delegationManager,
|
|
502
|
+
chainId,
|
|
503
|
+
delegation
|
|
504
|
+
});
|
|
505
|
+
if (!account.signTypedData) {
|
|
506
|
+
throw new Error("Account does not support signTypedData");
|
|
507
|
+
}
|
|
508
|
+
const signature = await account.signTypedData(typedData);
|
|
509
|
+
const signedDelegation = {
|
|
510
|
+
...delegation,
|
|
511
|
+
signature
|
|
512
|
+
};
|
|
513
|
+
const permissionContext = _chunkW6HPAK4Mcjs.encodeDelegations.call(void 0, [
|
|
514
|
+
signedDelegation,
|
|
515
|
+
...existingDelegations
|
|
516
|
+
]);
|
|
517
|
+
return {
|
|
518
|
+
delegationManager,
|
|
519
|
+
permissionContext,
|
|
520
|
+
delegator: rootDelegator
|
|
521
|
+
};
|
|
522
|
+
};
|
|
523
|
+
}
|
|
524
|
+
|
|
525
|
+
|
|
526
|
+
|
|
172
527
|
|
|
173
528
|
|
|
174
|
-
exports.DelegationStorageClient = DelegationStorageClient; exports.DelegationStorageEnvironment = DelegationStorageEnvironment;
|
|
529
|
+
exports.DelegationStorageClient = DelegationStorageClient; exports.DelegationStorageEnvironment = DelegationStorageEnvironment; exports.createx402DelegationProvider = createx402DelegationProvider; exports.parseEip155ChainId = parseEip155ChainId;
|
|
175
530
|
//# sourceMappingURL=index.cjs.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["/home/runner/work/smart-accounts-kit/smart-accounts-kit/packages/smart-accounts-kit/dist/experimental/index.cjs","../../src/experimental/delegationStorage.ts"],"names":[],"mappings":"AAAA;AACE;AACA;AACF,yDAA8B;AAC9B;AACA;ACLA,4BAAgC;AA4BzB,IAAM,6BAAA,EAET;AAAA,EACF,GAAA,EAAK,EAAE,MAAA,EAAQ,0CAA0C,CAAA;AAAA,EACzD,IAAA,EAAM,EAAE,MAAA,EAAQ,sCAAsC;AACxD,CAAA;AASA,SAAS,+BAAA,CACP,MAAA,EAC2B;AAC3B,EAAA,MAAM,oBAAA,EAAsB,MAAA,CAAO,OAAA,CAAQ,4BAA4B,CAAA,CAAE,IAAA;AAAA,IACvE,CAAC,CAAC,CAAA,EAAG,GAAG,CAAA,EAAA,GAAM,GAAA,CAAI,OAAA,IAAW;AAAA,EAC/B,CAAA;AAEA,EAAA,OAAO,oBAAA,EAAsB,mBAAA,CAAoB,CAAC,EAAA,EAAI,QAAA;AACxD;AAaO,IAAM,wBAAA,EAAN,MAA8B;AAAA,EAC1B,CAAA,iBAAA,EAAoB,QAAA;AAAA,EAEpB,CAAA,MAAA;AAAA,EAEA,CAAA,OAAA;AAAA,EAEA,CAAA,MAAA;AAAA,EAET,WAAA,CAAY,MAAA,EAAiC;AAC3C,IAAA,MAAM,EAAE,OAAO,EAAA,EAAI,MAAA,CAAO,WAAA;AAE1B,IAAA,iEAAA;AAAA,MACE,kDAAA;AAAA,MACA;AAAA,QACE,WAAA,EAAa,+BAAA,CAAgC,MAAM;AAAA,MACrD;AAAA,IACF,CAAA;AAEA,IAAA,GAAA,CAAI,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,CAAA,gBAAiB,CAAA,EAAG;AAC3C,MAAA,IAAA,CAAK,CAAA,OAAA,EAAU,MAAA;AAAA,IACjB,EAAA,KAAO;AACL,MAAA,MAAM,UAAA,EAAY,MAAA,CAAO,QAAA,CAAS,GAAG,EAAA,EAAI,GAAA,EAAK,GAAA;AAC9C,MAAA,IAAA,CAAK,CAAA,OAAA,EAAU,CAAA,EAAA;AACjB,IAAA;AACgB,IAAA;AACD,IAAA;AACjB,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAamB,EAAA;AACN,IAAA;AACK,MAAA;AACE,IAAA;AACT,MAAA;AACT,IAAA;AACU,IAAA;AACR,MAAA;AACF,IAAA;AACF,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWM,EAAA;AAGJ,IAAA;AACE,MAAA;AACA,MAAA;AAEI,QAAA;AAGJ,MAAA;AACF,IAAA;AACM,IAAA;AAKW,IAAA;AACA,MAAA;AACf,MAAA;AACU,QAAA;AACC,QAAA;AACP,UAAA;AACA,UAAA;AACF,QAAA;AACF,MAAA;AACF,IAAA;AAEM,IAAA;AAES,IAAA;AACH,MAAA;AACR,QAAA;AACF,MAAA;AACF,IAAA;AAEO,IAAA;AACT,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYM,EAAA;AAIJ,IAAA;AACE,MAAA;AACa,MAAA;AACf,IAAA;AACiB,IAAA;AACA,MAAA;AACf,MAAA;AACU,QAAA;AACC,QAAA;AACP,UAAA;AACA,UAAA;AACF,QAAA;AACF,MAAA;AACF,IAAA;AAEM,IAAA;AAES,IAAA;AACG,MAAA;AAClB,IAAA;AAEO,IAAA;AACT,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAQM,EAAA;AACJ,IAAA;AACE,MAAA;AACe,MAAA;AACjB,IAAA;AACgB,IAAA;AACE,MAAA;AAClB,IAAA;AAEM,IAAA;AAEY,IAAA;AAChB,MAAA;AACK,QAAA;AACQ,QAAA;AACb,MAAA;AAEE,MAAA;AAGF,MAAA;AACF,IAAA;AAEiB,IAAA;AACP,MAAA;AACC,MAAA;AACP,QAAA;AACA,QAAA;AACA,QAAA;AACF,MAAA;AACA,MAAA;AACD,IAAA;AAEK,IAAA;AAGS,IAAA;AACG,MAAA;AAClB,IAAA;AAEiB,IAAA;AACL,MAAA;AACR,QAAA;AACF,MAAA;AACF,IAAA;AAEO,IAAA;AACT,EAAA;AACF;ADpFsB;AACA;AACA;AACA","file":"/home/runner/work/smart-accounts-kit/smart-accounts-kit/packages/smart-accounts-kit/dist/experimental/index.cjs","sourcesContent":[null,"import { type Hex, toHex } from 'viem';\n\nimport { trackSmartAccountsKitFunctionCall } from '../analytics';\nimport { hashDelegation } from '../delegation';\nimport type { Delegation } from '../types';\n\ntype ErrorResponse = {\n error: string;\n data?: any;\n};\n\nexport type APIStoreDelegationResponse = {\n delegationHash: Hex;\n};\n\n/**\n * Represents the allowed filters when querying the data store for delegations.\n */\nexport enum DelegationStoreFilter {\n Given = 'GIVEN',\n Received = 'RECEIVED',\n All = 'ALL',\n}\n\n/**\n * Public Delegation Storage Service environments. To be used in the\n * DeleGationStorageService config.\n */\nexport const DelegationStorageEnvironment: {\n [K in 'dev' | 'prod']: Environment;\n} = {\n dev: { apiUrl: 'https://passkeys.dev-api.cx.metamask.io' },\n prod: { apiUrl: 'https://passkeys.api.cx.metamask.io' },\n};\n\n/**\n * Returns the DelegationStorageEnvironment ('dev' or 'prod') for a given apiUrl,\n * or 'custom' if the apiUrl does not match a known environment.\n *\n * @param apiUrl - The API URL to check.\n * @returns The environment key ('dev' or 'prod'), or 'custom'.\n */\nfunction getDelegationStorageEnvironment(\n apiUrl: string,\n): 'dev' | 'prod' | 'custom' {\n const matchingEnvironment = Object.entries(DelegationStorageEnvironment).find(\n ([_, env]) => env.apiUrl === apiUrl,\n ) as [keyof typeof DelegationStorageEnvironment, Environment] | undefined;\n\n return matchingEnvironment ? matchingEnvironment[0] : 'custom';\n}\n\nexport type Environment = {\n apiUrl: string;\n};\n\nexport type DelegationStorageConfig = {\n apiKey: string;\n apiKeyId: string;\n environment: Environment;\n fetcher?: typeof fetch;\n};\n\nexport class DelegationStorageClient {\n readonly #apiVersionPrefix = 'api/v0';\n\n readonly #config: DelegationStorageConfig;\n\n readonly #fetcher: typeof fetch;\n\n readonly #apiUrl: string;\n\n constructor(config: DelegationStorageConfig) {\n const { apiUrl } = config.environment;\n\n trackSmartAccountsKitFunctionCall(\n 'experimental.DelegationStorageClient.constructor',\n {\n environment: getDelegationStorageEnvironment(apiUrl),\n },\n );\n\n if (apiUrl.endsWith(this.#apiVersionPrefix)) {\n this.#apiUrl = apiUrl;\n } else {\n const separator = apiUrl.endsWith('/') ? '' : '/';\n this.#apiUrl = `${apiUrl}${separator}${this.#apiVersionPrefix}`;\n }\n this.#fetcher = this.#initializeFetcher(config);\n this.#config = config;\n }\n\n /**\n * Initializes the fetch function for HTTP requests.\n *\n * - Uses `config.fetcher` if provided.\n * - Falls back to global `fetch` if available.\n * - Throws an error if no fetch function is available.\n *\n * @param config - Configuration object that may include a custom fetch function.\n * @returns The fetch function to be used for HTTP requests.\n * @throws Error if no fetch function is available in the environment.\n */\n #initializeFetcher(config: DelegationStorageConfig): typeof fetch {\n if (config.fetcher) {\n return config.fetcher;\n } else if (typeof globalThis?.fetch === 'function') {\n return globalThis.fetch.bind(globalThis);\n }\n throw new Error(\n 'Fetch API is not available in this environment. Please provide a fetch function in the config.',\n );\n }\n\n /**\n * Fetches the delegation chain from the Delegation Storage Service, ending with\n * the specified leaf delegation.\n *\n * @param leafDelegationOrDelegationHash - The leaf delegation, or the hash\n * of the leaf delegation.\n * @returns A promise that resolves to the delegation chain - empty array if the delegation\n * is not found.\n */\n async getDelegationChain(\n leafDelegationOrDelegationHash: Hex | Delegation,\n ): Promise<Delegation[]> {\n trackSmartAccountsKitFunctionCall(\n 'experimental.DelegationStorageClient.getDelegationChain',\n {\n inputKind:\n typeof leafDelegationOrDelegationHash === 'string'\n ? 'hash'\n : 'delegation',\n },\n );\n const leafDelegationHash =\n typeof leafDelegationOrDelegationHash === 'string'\n ? leafDelegationOrDelegationHash\n : hashDelegation(leafDelegationOrDelegationHash);\n\n const response = await this.#fetcher(\n `${this.#apiUrl}/delegation/chain/${leafDelegationHash}`,\n {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this.#config.apiKey}`,\n 'x-api-key-id': this.#config.apiKeyId,\n },\n },\n );\n\n const responseData: Delegation[] | ErrorResponse = await response.json();\n\n if ('error' in responseData) {\n throw new Error(\n `Failed to fetch delegation chain: ${responseData.error}`,\n );\n }\n\n return responseData;\n }\n\n /**\n * Fetches the delegations from the Delegation Storage Service, either `Received`\n * by, or `Given` by, (or both: `All`) the specified deleGatorAddress. Defaults\n * to `Received`.\n *\n * @param deleGatorAddress - The deleGatorAddress to retrieve the delegations for.\n * @param filterMode - The DelegationStoreFilter mode - defaults to Received.\n * @returns A promise that resolves to the list of delegations received by the deleGatorAddress,\n * empty array if the delegations are not found.\n */\n async fetchDelegations(\n deleGatorAddress: Hex,\n filterMode = DelegationStoreFilter.Received,\n ): Promise<Delegation[]> {\n trackSmartAccountsKitFunctionCall(\n 'experimental.DelegationStorageClient.fetchDelegations',\n { filterMode },\n );\n const response = await this.#fetcher(\n `${this.#apiUrl}/delegation/accounts/${deleGatorAddress}?filter=${filterMode}`,\n {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this.#config.apiKey}`,\n 'x-api-key-id': this.#config.apiKeyId,\n },\n },\n );\n\n const responseData: Delegation[] | ErrorResponse = await response.json();\n\n if ('error' in responseData) {\n throw new Error(`Failed to fetch delegations: ${responseData.error}`);\n }\n\n return responseData;\n }\n\n /**\n * Stores the specified delegation in the Delegation Storage Service.\n *\n * @param delegation - The delegation to store.\n * @returns A promise that resolves to the delegation hash indicating successful storage.\n */\n async storeDelegation(delegation: Delegation): Promise<Hex> {\n trackSmartAccountsKitFunctionCall(\n 'experimental.DelegationStorageClient.storeDelegation',\n { caveatCount: delegation.caveats.length },\n );\n if (!delegation.signature || delegation.signature === '0x') {\n throw new Error('Delegation must be signed to be stored');\n }\n\n const delegationHash = hashDelegation(delegation);\n\n const body = JSON.stringify(\n {\n ...delegation,\n metadata: [],\n },\n (_, value: any) =>\n typeof value === 'bigint' || typeof value === 'number'\n ? toHex(value)\n : value,\n 2,\n );\n\n const response = await this.#fetcher(`${this.#apiUrl}/delegation/store`, {\n method: 'POST',\n headers: {\n Authorization: `Bearer ${this.#config.apiKey}`,\n 'x-api-key-id': this.#config.apiKeyId,\n 'Content-Type': 'application/json',\n },\n body,\n });\n\n const responseData: APIStoreDelegationResponse | ErrorResponse =\n await response.json();\n\n if ('error' in responseData) {\n throw new Error(responseData.error);\n }\n\n if (responseData.delegationHash !== delegationHash) {\n throw new Error(\n 'Failed to store the Delegation, the hash returned from the MM delegation storage API does not match the hash of the delegation',\n );\n }\n\n return responseData.delegationHash;\n }\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["/home/runner/work/smart-accounts-kit/smart-accounts-kit/packages/smart-accounts-kit/dist/experimental/index.cjs","../../src/experimental/delegationStorage.ts","../../src/experimental/x402DelegationProviderUtils.ts","../../src/experimental/x402DelegationProvider.ts"],"names":[],"mappings":"AAAA;AACE;AACF,yDAA8B;AAC9B,iCAA8B;AAC9B;AACE;AACF,yDAA8B;AAC9B,iCAA8B;AAC9B;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACF,yDAA8B;AAC9B;AACA;AClBA,4BAAgC;AA4BzB,IAAM,6BAAA,EAET;AAAA,EACF,GAAA,EAAK,EAAE,MAAA,EAAQ,0CAA0C,CAAA;AAAA,EACzD,IAAA,EAAM,EAAE,MAAA,EAAQ,sCAAsC;AACxD,CAAA;AASA,SAAS,+BAAA,CACP,MAAA,EAC2B;AAC3B,EAAA,MAAM,oBAAA,EAAsB,MAAA,CAAO,OAAA,CAAQ,4BAA4B,CAAA,CAAE,IAAA;AAAA,IACvE,CAAC,CAAC,CAAA,EAAG,GAAG,CAAA,EAAA,GAAM,GAAA,CAAI,OAAA,IAAW;AAAA,EAC/B,CAAA;AAEA,EAAA,OAAO,oBAAA,EAAsB,mBAAA,CAAoB,CAAC,EAAA,EAAI,QAAA;AACxD;AAaO,IAAM,wBAAA,EAAN,MAA8B;AAAA,EAC1B,CAAA,iBAAA,EAAoB,QAAA;AAAA,EAEpB,CAAA,MAAA;AAAA,EAEA,CAAA,OAAA;AAAA,EAEA,CAAA,MAAA;AAAA,EAET,WAAA,CAAY,MAAA,EAAiC;AAC3C,IAAA,MAAM,EAAE,OAAO,EAAA,EAAI,MAAA,CAAO,WAAA;AAE1B,IAAA,iEAAA;AAAA,MACE,kDAAA;AAAA,MACA;AAAA,QACE,WAAA,EAAa,+BAAA,CAAgC,MAAM;AAAA,MACrD;AAAA,IACF,CAAA;AAEA,IAAA,GAAA,CAAI,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,CAAA,gBAAiB,CAAA,EAAG;AAC3C,MAAA,IAAA,CAAK,CAAA,OAAA,EAAU,MAAA;AAAA,IACjB,EAAA,KAAO;AACL,MAAA,MAAM,UAAA,EAAY,MAAA,CAAO,QAAA,CAAS,GAAG,EAAA,EAAI,GAAA,EAAK,GAAA;AAC9C,MAAA,IAAA,CAAK,CAAA,OAAA,EAAU,CAAA,EAAA;AACjB,IAAA;AACgB,IAAA;AACD,IAAA;AACjB,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAamB,EAAA;AACN,IAAA;AACK,MAAA;AACE,IAAA;AACT,MAAA;AACT,IAAA;AACU,IAAA;AACR,MAAA;AACF,IAAA;AACF,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWM,EAAA;AAGJ,IAAA;AACE,MAAA;AACA,MAAA;AAEI,QAAA;AAGJ,MAAA;AACF,IAAA;AACM,IAAA;AAKW,IAAA;AACA,MAAA;AACf,MAAA;AACU,QAAA;AACC,QAAA;AACP,UAAA;AACA,UAAA;AACF,QAAA;AACF,MAAA;AACF,IAAA;AAEM,IAAA;AAES,IAAA;AACH,MAAA;AACR,QAAA;AACF,MAAA;AACF,IAAA;AAEO,IAAA;AACT,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYM,EAAA;AAIJ,IAAA;AACE,MAAA;AACa,MAAA;AACf,IAAA;AACiB,IAAA;AACA,MAAA;AACf,MAAA;AACU,QAAA;AACC,QAAA;AACP,UAAA;AACA,UAAA;AACF,QAAA;AACF,MAAA;AACF,IAAA;AAEM,IAAA;AAES,IAAA;AACG,MAAA;AAClB,IAAA;AAEO,IAAA;AACT,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAQM,EAAA;AACJ,IAAA;AACE,MAAA;AACe,MAAA;AACjB,IAAA;AACgB,IAAA;AACE,MAAA;AAClB,IAAA;AAEM,IAAA;AAEY,IAAA;AAChB,MAAA;AACK,QAAA;AACQ,QAAA;AACb,MAAA;AAEE,MAAA;AAGF,MAAA;AACF,IAAA;AAEiB,IAAA;AACP,MAAA;AACC,MAAA;AACP,QAAA;AACA,QAAA;AACA,QAAA;AACF,MAAA;AACA,MAAA;AACD,IAAA;AAEK,IAAA;AAGS,IAAA;AACG,MAAA;AAClB,IAAA;AAEiB,IAAA;AACL,MAAA;AACR,QAAA;AACF,MAAA;AACF,IAAA;AAEO,IAAA;AACT,EAAA;AACF;ADvEsB;AACA;AExLtB;AACE;AACA;AACA;AACA;AACA;AACK;AACE;AACiD;AAoF3C;AAIF,EAAA;AACQ,IAAA;AAIJ,IAAA;AACf,EAAA;AAEO,EAAA;AACT;AASgB;AAGK,EAAA;AACjB,IAAA;AACF,EAAA;AAEkB,EAAA;AACA,IAAA;AAClB,EAAA;AAEM,EAAA;AAEI,EAAA;AACQ,IAAA;AAClB,EAAA;AAEO,EAAA;AACT;AAKM;AAQA;AAWA;AAKO,EAAA;AACO,IAAA;AACP,MAAA;AACT,IAAA;AACF,EAAA;AAEW,EAAA;AACE,IAAA;AACO,MAAA;AACP,QAAA;AACT,MAAA;AACF,IAAA;AACF,EAAA;AAEO,EAAA;AACT;AAgBa;AACX,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACyD;AACrC,EAAA;AACF,IAAA;AAClB,EAAA;AACM,EAAA;AACA,EAAA;AAEA,EAAA;AACJ,IAAA;AACA,IAAA;AACY,IAAA;AACN,MAAA;AACK,QAAA;AACT,MAAA;AAEQ,MAAA;AACC,QAAA;AACT,MAAA;AAEE,MAAA;AAGJ,IAAA;AACF,EAAA;AAEI,EAAA;AACK,IAAA;AACT,EAAA;AAEM,EAAA;AACM,IAAA;AACH,IAAA;AACW,MAAA;AAChB,MAAA;AACD,IAAA;AACK,IAAA;AACR,EAAA;AAEoB,EAAA;AACtB;AAiBa;AACX,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AAC2D;AACrD,EAAA;AAEF,EAAA;AACG,IAAA;AACI,MAAA;AACT,IAAA;AAEM,IAAA;AACJ,MAAA;AACA,MAAA;AACY,MAAA;AAEd,IAAA;AAEK,IAAA;AACO,MAAA;AACR,QAAA;AACF,MAAA;AACF,IAAA;AAEO,IAAA;AACT,EAAA;AAEM,EAAA;AACA,EAAA;AAEA,EAAA;AACJ,IAAA;AACA,IAAA;AACY,IAAA;AACN,MAAA;AACK,QAAA;AACT,MAAA;AAEM,MAAA;AACG,QAAA;AACO,MAAA;AAGT,MAAA;AACL,QAAA;AACF,MAAA;AACF,IAAA;AACF,EAAA;AAEI,EAAA;AACK,IAAA;AACT,EAAA;AAEM,EAAA;AACM,IAAA;AACH,IAAA;AACD,IAAA;AACR,EAAA;AAEoB,EAAA;AACtB;AAgBa;AACX,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACwD;AAClD,EAAA;AACQ,IAAA;AACM,IAAA;AACnB,EAAA;AAEK,EAAA;AACJ,IAAA;AACF,EAAA;AAEM,EAAA;AAEA,EAAA;AACJ,IAAA;AACA,IAAA;AACa,IAAA;AAGf,EAAA;AAEI,EAAA;AACK,IAAA;AACT,EAAA;AAE4B,EAAA;AAChB,IAAA;AACH,IAAA;AACD,IAAA;AACR,EAAA;AAEoB,EAAA;AACtB;AAgBa;AACX,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACkD;AAC5C,EAAA;AACa,IAAA;AACf,MAAA;AACA,MAAA;AACA,MAAA;AACF,IAAA;AACE,EAAA;AAEC,EAAA;AACa,IAAA;AAClB,EAAA;AAEK,EAAA;AACa,IAAA;AAClB,EAAA;AAEK,EAAA;AACa,IAAA;AAClB,EAAA;AAEM,EAAA;AACJ,IAAA;AACS,IAAA;AAAA;AAAA;AAGQ,IAAA;AAClB,EAAA;AAEK,EAAA;AACC,IAAA;AACH,MAAA;AACF,IAAA;AACF,EAAA;AAEM,EAAA;AACJ,IAAA;AACS,IAAA;AACT,IAAA;AACA,IAAA;AACA,IAAA;AACD,EAAA;AAEK,EAAA;AACJ,IAAA;AACS,IAAA;AACT,IAAA;AACA,IAAA;AACD,EAAA;AAEG,EAAA;AACK,IAAA;AACT,EAAA;AAEO,EAAA;AACL,IAAA;AACS,IAAA;AACT,IAAA;AACA,IAAA;AACD,EAAA;AACH;AASa;AAIK,EAAA;AACV,EAAA;AACG,IAAA;AACP,IAAA;AACF,EAAA;AAEM,EAAA;AACA,EAAA;AACa,oBAAA;AACjB,IAAA;AACF,EAAA;AAEM,EAAA;AACG,IAAA;AACP,IAAA;AACF,EAAA;AAEE,EAAA;AAGI,EAAA;AACG,IAAA;AACP,IAAA;AACF,EAAA;AACM,EAAA;AAEA,EAAA;AACG,IAAA;AACP,IAAA;AACF,EAAA;AAGS,EAAA;AAEA,EAAA;AAEK,EAAA;AACZ,IAAA;AACc,IAAA;AACI,IAAA;AACpB,EAAA;AAEM,EAAA;AAIA,EAAA;AAIE,EAAA;AACQ,EAAA;AACd,IAAA;AACA,IAAA;AACA,IAAA;AACA,IAAA;AACO,IAAA;AACP,IAAA;AACA,IAAA;AACA,IAAA;AACD,EAAA;AAEG,EAAA;AAEA,EAAA;AACI,IAAA;AAED,IAAA;AACa,MAAA;AAClB,IAAA;AAEA,IAAA;AACE,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACF,IAAA;AACK,EAAA;AACL,IAAA;AACE,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACF,IAAA;AACF,EAAA;AAEM,EAAA;AAGC,EAAA;AACL,IAAA;AACA,IAAA;AACA,IAAA;AACA,IAAA;AACA,IAAA;AACF,EAAA;AACF;AF/EsB;AACA;AGncN;AAIZ,EAAA;AAEM,IAAA;AACJ,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACA,MAAA;AACQ,IAAA;AAEJ,IAAA;AAEU,IAAA;AAEE,IAAA;AAChB,MAAA;AACA,MAAA;AACA,MAAA;AACD,IAAA;AAEY,IAAA;AACK,MAAA;AAClB,IAAA;AAEkB,IAAA;AAEZ,IAAA;AACD,MAAA;AACH,MAAA;AACF,IAAA;AAEM,IAAA;AACJ,MAAA;AACG,MAAA;AACJ,IAAA;AAEM,IAAA;AACL,MAAA;AACA,MAAA;AACW,MAAA;AACb,IAAA;AACF,EAAA;AACF;AHybsB;AACA;AACA;AACA;AACA;AACA","file":"/home/runner/work/smart-accounts-kit/smart-accounts-kit/packages/smart-accounts-kit/dist/experimental/index.cjs","sourcesContent":[null,"import { type Hex, toHex } from 'viem';\n\nimport { trackSmartAccountsKitFunctionCall } from '../analytics';\nimport { hashDelegation } from '../delegation';\nimport type { Delegation } from '../types';\n\ntype ErrorResponse = {\n error: string;\n data?: any;\n};\n\nexport type APIStoreDelegationResponse = {\n delegationHash: Hex;\n};\n\n/**\n * Represents the allowed filters when querying the data store for delegations.\n */\nexport enum DelegationStoreFilter {\n Given = 'GIVEN',\n Received = 'RECEIVED',\n All = 'ALL',\n}\n\n/**\n * Public Delegation Storage Service environments. To be used in the\n * DeleGationStorageService config.\n */\nexport const DelegationStorageEnvironment: {\n [K in 'dev' | 'prod']: Environment;\n} = {\n dev: { apiUrl: 'https://passkeys.dev-api.cx.metamask.io' },\n prod: { apiUrl: 'https://passkeys.api.cx.metamask.io' },\n};\n\n/**\n * Returns the DelegationStorageEnvironment ('dev' or 'prod') for a given apiUrl,\n * or 'custom' if the apiUrl does not match a known environment.\n *\n * @param apiUrl - The API URL to check.\n * @returns The environment key ('dev' or 'prod'), or 'custom'.\n */\nfunction getDelegationStorageEnvironment(\n apiUrl: string,\n): 'dev' | 'prod' | 'custom' {\n const matchingEnvironment = Object.entries(DelegationStorageEnvironment).find(\n ([_, env]) => env.apiUrl === apiUrl,\n ) as [keyof typeof DelegationStorageEnvironment, Environment] | undefined;\n\n return matchingEnvironment ? matchingEnvironment[0] : 'custom';\n}\n\nexport type Environment = {\n apiUrl: string;\n};\n\nexport type DelegationStorageConfig = {\n apiKey: string;\n apiKeyId: string;\n environment: Environment;\n fetcher?: typeof fetch;\n};\n\nexport class DelegationStorageClient {\n readonly #apiVersionPrefix = 'api/v0';\n\n readonly #config: DelegationStorageConfig;\n\n readonly #fetcher: typeof fetch;\n\n readonly #apiUrl: string;\n\n constructor(config: DelegationStorageConfig) {\n const { apiUrl } = config.environment;\n\n trackSmartAccountsKitFunctionCall(\n 'experimental.DelegationStorageClient.constructor',\n {\n environment: getDelegationStorageEnvironment(apiUrl),\n },\n );\n\n if (apiUrl.endsWith(this.#apiVersionPrefix)) {\n this.#apiUrl = apiUrl;\n } else {\n const separator = apiUrl.endsWith('/') ? '' : '/';\n this.#apiUrl = `${apiUrl}${separator}${this.#apiVersionPrefix}`;\n }\n this.#fetcher = this.#initializeFetcher(config);\n this.#config = config;\n }\n\n /**\n * Initializes the fetch function for HTTP requests.\n *\n * - Uses `config.fetcher` if provided.\n * - Falls back to global `fetch` if available.\n * - Throws an error if no fetch function is available.\n *\n * @param config - Configuration object that may include a custom fetch function.\n * @returns The fetch function to be used for HTTP requests.\n * @throws Error if no fetch function is available in the environment.\n */\n #initializeFetcher(config: DelegationStorageConfig): typeof fetch {\n if (config.fetcher) {\n return config.fetcher;\n } else if (typeof globalThis?.fetch === 'function') {\n return globalThis.fetch.bind(globalThis);\n }\n throw new Error(\n 'Fetch API is not available in this environment. Please provide a fetch function in the config.',\n );\n }\n\n /**\n * Fetches the delegation chain from the Delegation Storage Service, ending with\n * the specified leaf delegation.\n *\n * @param leafDelegationOrDelegationHash - The leaf delegation, or the hash\n * of the leaf delegation.\n * @returns A promise that resolves to the delegation chain - empty array if the delegation\n * is not found.\n */\n async getDelegationChain(\n leafDelegationOrDelegationHash: Hex | Delegation,\n ): Promise<Delegation[]> {\n trackSmartAccountsKitFunctionCall(\n 'experimental.DelegationStorageClient.getDelegationChain',\n {\n inputKind:\n typeof leafDelegationOrDelegationHash === 'string'\n ? 'hash'\n : 'delegation',\n },\n );\n const leafDelegationHash =\n typeof leafDelegationOrDelegationHash === 'string'\n ? leafDelegationOrDelegationHash\n : hashDelegation(leafDelegationOrDelegationHash);\n\n const response = await this.#fetcher(\n `${this.#apiUrl}/delegation/chain/${leafDelegationHash}`,\n {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this.#config.apiKey}`,\n 'x-api-key-id': this.#config.apiKeyId,\n },\n },\n );\n\n const responseData: Delegation[] | ErrorResponse = await response.json();\n\n if ('error' in responseData) {\n throw new Error(\n `Failed to fetch delegation chain: ${responseData.error}`,\n );\n }\n\n return responseData;\n }\n\n /**\n * Fetches the delegations from the Delegation Storage Service, either `Received`\n * by, or `Given` by, (or both: `All`) the specified deleGatorAddress. Defaults\n * to `Received`.\n *\n * @param deleGatorAddress - The deleGatorAddress to retrieve the delegations for.\n * @param filterMode - The DelegationStoreFilter mode - defaults to Received.\n * @returns A promise that resolves to the list of delegations received by the deleGatorAddress,\n * empty array if the delegations are not found.\n */\n async fetchDelegations(\n deleGatorAddress: Hex,\n filterMode = DelegationStoreFilter.Received,\n ): Promise<Delegation[]> {\n trackSmartAccountsKitFunctionCall(\n 'experimental.DelegationStorageClient.fetchDelegations',\n { filterMode },\n );\n const response = await this.#fetcher(\n `${this.#apiUrl}/delegation/accounts/${deleGatorAddress}?filter=${filterMode}`,\n {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this.#config.apiKey}`,\n 'x-api-key-id': this.#config.apiKeyId,\n },\n },\n );\n\n const responseData: Delegation[] | ErrorResponse = await response.json();\n\n if ('error' in responseData) {\n throw new Error(`Failed to fetch delegations: ${responseData.error}`);\n }\n\n return responseData;\n }\n\n /**\n * Stores the specified delegation in the Delegation Storage Service.\n *\n * @param delegation - The delegation to store.\n * @returns A promise that resolves to the delegation hash indicating successful storage.\n */\n async storeDelegation(delegation: Delegation): Promise<Hex> {\n trackSmartAccountsKitFunctionCall(\n 'experimental.DelegationStorageClient.storeDelegation',\n { caveatCount: delegation.caveats.length },\n );\n if (!delegation.signature || delegation.signature === '0x') {\n throw new Error('Delegation must be signed to be stored');\n }\n\n const delegationHash = hashDelegation(delegation);\n\n const body = JSON.stringify(\n {\n ...delegation,\n metadata: [],\n },\n (_, value: any) =>\n typeof value === 'bigint' || typeof value === 'number'\n ? toHex(value)\n : value,\n 2,\n );\n\n const response = await this.#fetcher(`${this.#apiUrl}/delegation/store`, {\n method: 'POST',\n headers: {\n Authorization: `Bearer ${this.#config.apiKey}`,\n 'x-api-key-id': this.#config.apiKeyId,\n 'Content-Type': 'application/json',\n },\n body,\n });\n\n const responseData: APIStoreDelegationResponse | ErrorResponse =\n await response.json();\n\n if ('error' in responseData) {\n throw new Error(responseData.error);\n }\n\n if (responseData.delegationHash !== delegationHash) {\n throw new Error(\n 'Failed to store the Delegation, the hash returned from the MM delegation storage API does not match the hash of the delegation',\n );\n }\n\n return responseData.delegationHash;\n }\n}\n","import {\n createAllowedCalldataTerms,\n createRedeemerTerms,\n createTimestampTerms,\n decodeRedeemerTerms,\n decodeTimestampTerms,\n} from '@metamask/delegation-core';\nimport { parseCaipChainId } from '@metamask/utils';\nimport { pad, type Account, type Address, type Hex } from 'viem';\n\nimport type { Caveats } from '../caveatBuilder';\nimport { resolveCaveats } from '../caveatBuilder';\nimport { ScopeType } from '../constants';\nimport type { createOpenDelegation } from '../delegation';\nimport { decodeDelegations } from '../delegation';\nimport { getSmartAccountsEnvironment } from '../smartAccountsEnvironment';\nimport type {\n Caveat,\n Delegation,\n PermissionContext,\n SmartAccountsEnvironment,\n} from '../types';\nimport type {\n MaybeDeferred,\n PaymentRequirements,\n x402DelegationProviderConfig,\n} from './x402DelegationProviderTypes';\nimport { generateSalt } from '../utils/';\n\n/**\n * Inputs for redeemer constraint enforcement.\n */\ntype EnsureRedeemerSufficientlyConstrainedParams = {\n redeemerEnforcer: Hex;\n caveats: Caveat[];\n existingDelegations: Delegation[];\n redeemerAddresses: Hex[];\n requireRedeemers: boolean;\n};\n\n/**\n * Inputs for payee constraint enforcement.\n */\ntype EnsurePayeeSufficientlyConstrainedParams = {\n allowedCalldataEnforcer: Hex;\n caveats: Caveat[];\n existingDelegations: Delegation[];\n payee: Hex;\n};\n\n/**\n * Inputs for expiry constraint enforcement.\n */\ntype EnsureExpirySufficientlyConstrainedParams = {\n timestampEnforcer: Hex;\n caveats: Caveat[];\n existingDelegations: Delegation[];\n expirySeconds: number;\n};\n\n/**\n * Resolved context required to build and sign an x402 delegation.\n */\nexport type DelegationCreationContext = {\n account: Account;\n createDelegationConfig: Parameters<typeof createOpenDelegation>[0];\n delegationManager: Address;\n existingDelegations: Delegation[];\n rootDelegator: Address;\n};\n\n/**\n * Inputs for resolving delegation caveats with x402-specific constraints.\n */\nexport type Resolvex402DelegationCaveatsParams = {\n environment: SmartAccountsEnvironment;\n caveatsConfig: Caveats | undefined;\n existingDelegations: Delegation[];\n facilitatorAddresses: Hex[] | undefined;\n payee: Hex;\n expirySeconds?: number;\n requireRedeemers: boolean;\n redeemerAddresses: Address[] | undefined;\n};\n\n/**\n * Resolves eager or deferred values against payment requirements.\n *\n * @param maybeDeferred - Value or async resolver function.\n * @param requirements - Payment requirements passed to deferred resolvers.\n * @returns The resolved value, or undefined when no value is provided.\n */\nasync function resolveMaybeDeferred<TResult>(\n maybeDeferred: MaybeDeferred<TResult>,\n requirements: PaymentRequirements,\n): Promise<TResult> {\n if (typeof maybeDeferred === 'function') {\n const deferred = maybeDeferred as (\n deferredRequirements: PaymentRequirements,\n ) => Promise<TResult> | TResult;\n\n return await deferred(requirements);\n }\n\n return maybeDeferred;\n}\n\n/**\n * Parses an EIP-155 CAIP network identifier into a numeric chain ID.\n *\n * @param network - CAIP network identifier (for example, `eip155:1`).\n * @returns Parsed numeric chain ID.\n * @throws If the CAIP namespace is not `eip155`.\n */\nexport function parseEip155ChainId(\n network: PaymentRequirements['network'],\n): number {\n const { namespace, reference } = parseCaipChainId(\n network as `${string}:${string}`,\n );\n\n if (namespace !== 'eip155') {\n throw new Error('Unsupported chain namespace');\n }\n\n const parsedChainId = Number(reference);\n\n if (isNaN(parsedChainId)) {\n throw new Error('Invalid chain id');\n }\n\n return parsedChainId;\n}\n\n/**\n * ERC-20 `transfer(address to, uint256 value)` calldata index for `to`.\n */\nconst TRANSFER_PAYEE_INDEX = 4;\n\n/**\n * Normalizes an address-like hex string for case-insensitive comparisons.\n *\n * @param address - Address value to normalize.\n * @returns Lowercased hex string.\n */\nconst normalizeAddress = (address: Address): Address =>\n address.toLowerCase() as Address;\n\n/**\n * Returns whether any caveat in local or inherited delegations matches a predicate.\n *\n * @param caveats - Current caveat list.\n * @param delegations - Existing delegations whose caveats should also be searched.\n * @param match - Predicate used to match caveats.\n * @returns True when at least one caveat satisfies `match`.\n */\nconst hasMatchingCaveats = (\n caveats: Caveat[],\n delegations: Delegation[],\n match: (caveat: Caveat) => boolean,\n): boolean => {\n for (const caveat of caveats) {\n if (match(caveat)) {\n return true;\n }\n }\n\n for (const delegation of delegations) {\n for (const caveat of delegation.caveats) {\n if (match(caveat)) {\n return true;\n }\n }\n }\n\n return false;\n};\n\n/**\n * Ensures caveats include an expiry timestamp constraint when requested.\n *\n * If an existing timestamp caveat already enforces a tighter (earlier) or equal\n * `validBefore` threshold than requested, caveats are returned unchanged.\n * Otherwise a new timestamp caveat is appended with `afterThreshold = 0`.\n *\n * @param options0 - Expiry constraint evaluation inputs.\n * @param options0.timestampEnforcer - Address of the TimestampEnforcer caveat contract.\n * @param options0.caveats - Currently resolved caveats for the delegation being created.\n * @param options0.existingDelegations - Existing parent-chain delegations to inspect for inherited constraints.\n * @param options0.expirySeconds - Relative expiry from \"now\" in seconds.\n * @returns The original caveats when sufficiently constrained, otherwise caveats with a timestamp caveat appended.\n */\nexport const ensureExpirySufficientlyConstrained = ({\n timestampEnforcer,\n caveats,\n existingDelegations,\n expirySeconds,\n}: EnsureExpirySufficientlyConstrainedParams): Caveat[] => {\n if (expirySeconds < 0) {\n throw new Error('Expiry seconds must be a positive number');\n }\n const beforeThreshold = Math.floor(Date.now() / 1000) + expirySeconds;\n const timestampEnforcerNormalized = normalizeAddress(timestampEnforcer);\n\n const hasSupersedingTimestampConstraint = hasMatchingCaveats(\n caveats,\n existingDelegations,\n (caveat) => {\n if (normalizeAddress(caveat.enforcer) !== timestampEnforcerNormalized) {\n return false;\n }\n\n const { beforeThreshold: existingBeforeThreshold } = decodeTimestampTerms(\n caveat.terms,\n );\n return (\n existingBeforeThreshold !== 0 &&\n existingBeforeThreshold <= beforeThreshold\n );\n },\n );\n\n if (hasSupersedingTimestampConstraint) {\n return caveats;\n }\n\n const timestampCaveat: Caveat = {\n enforcer: timestampEnforcer,\n terms: createTimestampTerms({\n afterThreshold: 0,\n beforeThreshold,\n }),\n args: '0x',\n };\n\n return [...caveats, timestampCaveat];\n};\n\n/**\n * Ensures caveats include a sufficiently strict redeemer constraint.\n *\n * Returns the caveat list unchanged when an existing redeemer caveat is already\n * strict enough, or appends a new redeemer caveat scoped to facilitator addresses.\n *\n * @param options0 - Redeemer constraint evaluation inputs.\n * @param options0.redeemerEnforcer - Address of the redeemer enforcer caveat contract.\n * @param options0.caveats - Currently resolved caveats for the delegation being created.\n * @param options0.existingDelegations - Existing parent-chain delegations to inspect for inherited constraints.\n * @param options0.redeemerAddresses - Optional addresses to which redemption should be constrained.\n * @param options0.requireRedeemers - Whether at least one redeemer constraint must exist when no redeemer addresses are supplied.\n * @returns The original caveats when sufficiently constrained, otherwise caveats with a redeemer caveat appended.\n * @throws If no facilitator addresses are provided and no redeemer constraint exists.\n */\nexport const ensureRedeemerSufficientlyConstrained = ({\n redeemerEnforcer,\n caveats,\n existingDelegations,\n redeemerAddresses,\n requireRedeemers,\n}: EnsureRedeemerSufficientlyConstrainedParams): Caveat[] => {\n const redeemerAddressNormalized = normalizeAddress(redeemerEnforcer);\n\n if (redeemerAddresses.length === 0) {\n if (!requireRedeemers) {\n return caveats;\n }\n\n const hasExistingRedeemerCaveat = hasMatchingCaveats(\n caveats,\n existingDelegations,\n ({ enforcer }) =>\n normalizeAddress(enforcer) === redeemerAddressNormalized,\n );\n\n if (!hasExistingRedeemerCaveat) {\n throw new Error(\n 'Redeemer must be constrained, either in the specified `caveats`, `parentPermissionContext`, or the `PaymentRequirements` as `extra.facilitatorAddresses`.',\n );\n }\n\n return caveats;\n }\n\n const redeemerAddressesNormalized = redeemerAddresses.map(normalizeAddress);\n const redeemerAddressesSet = new Set(redeemerAddressesNormalized);\n\n const hasSupersedingRedeemerCaveat = hasMatchingCaveats(\n caveats,\n existingDelegations,\n (caveat) => {\n if (normalizeAddress(caveat.enforcer) !== redeemerAddressNormalized) {\n return false;\n }\n\n const allowedRedeemerAddresses = decodeRedeemerTerms(\n caveat.terms,\n ).redeemers.map(normalizeAddress);\n\n // If this redeemer caveat only allows facilitator addresses, it is sufficiently constrained.\n return allowedRedeemerAddresses.every((item) =>\n redeemerAddressesSet.has(item),\n );\n },\n );\n\n if (hasSupersedingRedeemerCaveat) {\n return caveats;\n }\n\n const redeemerCaveat: Caveat = {\n enforcer: redeemerEnforcer,\n terms: createRedeemerTerms({ redeemers: redeemerAddresses }),\n args: '0x',\n };\n\n return [...caveats, redeemerCaveat];\n};\n\n/**\n * Ensures caveats include an allowed-calldata constraint for the payment payee.\n *\n * Scans both the in-progress caveat list and parent delegation caveats for an\n * `AllowedCalldataEnforcer` caveat whose terms match the encoded payee calldata\n * constraint. If found, returns caveats unchanged; otherwise appends a payee caveat.\n *\n * @param options0 - Payee constraint evaluation inputs.\n * @param options0.allowedCalldataEnforcer - Address of the AllowedCalldataEnforcer caveat contract.\n * @param options0.caveats - Currently resolved caveats for the delegation being created.\n * @param options0.existingDelegations - Existing parent-chain delegations to inspect for inherited constraints.\n * @param options0.payee - Expected ERC-20 transfer recipient to enforce in calldata.\n * @returns The original caveats when an equivalent payee constraint exists, otherwise caveats with a payee caveat appended.\n */\nexport const ensurePayeeSufficientlyConstrained = ({\n allowedCalldataEnforcer,\n caveats,\n existingDelegations,\n payee,\n}: EnsurePayeeSufficientlyConstrainedParams): Caveat[] => {\n const allowedCalldataTerms = createAllowedCalldataTerms({\n startIndex: TRANSFER_PAYEE_INDEX,\n value: pad(payee, { size: 32 }),\n });\n\n const allowedCalldataEnforcerNormalized = normalizeAddress(\n allowedCalldataEnforcer,\n );\n\n const lowercaseCalldataTerms = allowedCalldataTerms.toLowerCase();\n\n const hasSupersedingAllowedCalldataConstraint = hasMatchingCaveats(\n caveats,\n existingDelegations,\n ({ enforcer, terms }) =>\n normalizeAddress(enforcer) === allowedCalldataEnforcerNormalized &&\n terms.toLowerCase() === lowercaseCalldataTerms,\n );\n\n if (hasSupersedingAllowedCalldataConstraint) {\n return caveats;\n }\n\n const payeeCaveat: Caveat = {\n enforcer: allowedCalldataEnforcer,\n terms: allowedCalldataTerms,\n args: '0x',\n };\n\n return [...caveats, payeeCaveat];\n};\n\n/**\n * Resolves caveats and applies x402-specific redeemer and payee constraints.\n *\n * @param options0 - Caveat resolution inputs.\n * @param options0.environment - Environment containing caveat enforcer addresses.\n * @param options0.caveatsConfig - Optional caveat builder config.\n * @param options0.existingDelegations - Existing parent-chain delegations.\n * @param options0.facilitatorAddresses - Optional facilitator addresses used for redeemer constraints.\n * @param options0.payee - Payee address used for allowed calldata constraints.\n * @param options0.expirySeconds - Optional relative expiry in seconds for adding timestamp constraints.\n * @param options0.requireRedeemers - Whether redeemer constraints are mandatory when no facilitator or configured redeemer addresses are present.\n * @param options0.redeemerAddresses - Optional redeemer addresses from provider config to merge with facilitator addresses.\n * @returns Caveats after redeemer and payee constraints are enforced.\n */\nexport const resolvex402DelegationCaveats = ({\n environment,\n caveatsConfig,\n existingDelegations,\n facilitatorAddresses,\n payee,\n expirySeconds,\n requireRedeemers,\n redeemerAddresses,\n}: Resolvex402DelegationCaveatsParams): Caveat[] => {\n const {\n caveatEnforcers: {\n RedeemerEnforcer: redeemerEnforcer,\n AllowedCalldataEnforcer: allowedCalldataEnforcer,\n TimestampEnforcer: timestampEnforcer,\n },\n } = environment;\n\n if (!redeemerEnforcer) {\n throw new Error('RedeemerEnforcer not found in environment');\n }\n\n if (!allowedCalldataEnforcer) {\n throw new Error('AllowedCalldataEnforcer not found in environment');\n }\n\n if (!timestampEnforcer) {\n throw new Error('TimestampEnforcer not found in environment');\n }\n\n const initialCaveats = resolveCaveats({\n environment,\n caveats: caveatsConfig,\n // Resolve caveats first so downstream constraint checks can append as needed.\n // Scope is still attached later during delegation creation.\n isScopeOptional: true,\n });\n\n const allRedeemerAddresses = new Set(\n [...(facilitatorAddresses ?? []), ...(redeemerAddresses ?? [])].map(\n normalizeAddress,\n ),\n );\n\n const caveatsWithRedeemer = ensureRedeemerSufficientlyConstrained({\n redeemerEnforcer,\n caveats: initialCaveats,\n existingDelegations,\n redeemerAddresses: Array.from(allRedeemerAddresses),\n requireRedeemers,\n });\n\n const caveatsWithPayee = ensurePayeeSufficientlyConstrained({\n allowedCalldataEnforcer,\n caveats: caveatsWithRedeemer,\n existingDelegations,\n payee,\n });\n\n if (expirySeconds === undefined) {\n return caveatsWithPayee;\n }\n\n return ensureExpirySufficientlyConstrained({\n timestampEnforcer,\n caveats: caveatsWithPayee,\n existingDelegations,\n expirySeconds,\n });\n};\n\n/**\n * Builds the delegation creation context from provider config and requirements.\n *\n * @param config - Delegation provider config for context construction.\n * @param requirements - Payment requirements used to scope caveats.\n * @returns The resolved context used to create and sign a delegation.\n */\nexport const resolveDelegationCreationContext = async (\n config: x402DelegationProviderConfig,\n requirements: PaymentRequirements,\n): Promise<DelegationCreationContext> => {\n const account = await resolveMaybeDeferred(config.account, requirements);\n const redeemersConfig = await resolveMaybeDeferred(\n config.redeemers,\n requirements,\n );\n\n const requireRedeemers = redeemersConfig?.requireRedeemers ?? false;\n const redeemerAddresses = await resolveMaybeDeferred(\n redeemersConfig?.addresses,\n requirements,\n );\n\n const specifiedEnvironment = await resolveMaybeDeferred(\n config.environment,\n requirements,\n );\n const environment =\n specifiedEnvironment ??\n getSmartAccountsEnvironment(parseEip155ChainId(requirements.network));\n\n const caveatsConfig: Caveats | undefined = await resolveMaybeDeferred(\n config.caveats,\n requirements,\n );\n const parentPermissionContext: PermissionContext | undefined =\n await resolveMaybeDeferred(config.parentPermissionContext, requirements);\n const expirySeconds = await resolveMaybeDeferred(\n config.expirySeconds,\n requirements,\n );\n\n const from =\n (await resolveMaybeDeferred(config.from, requirements)) ?? account.address;\n const salt =\n (await resolveMaybeDeferred(config.salt, requirements)) ?? generateSalt();\n\n const scope = {\n type: ScopeType.Erc20TransferAmount,\n tokenAddress: requirements.asset as Hex,\n maxAmount: BigInt(requirements.amount),\n } as const;\n\n const facilitatorAddresses = requirements.extra?.facilitatorAddresses as\n | Hex[]\n | undefined;\n\n const existingDelegations = parentPermissionContext\n ? decodeDelegations(parentPermissionContext)\n : [];\n\n const { DelegationManager: delegationManager } = environment;\n const caveats = resolvex402DelegationCaveats({\n environment,\n caveatsConfig,\n existingDelegations,\n facilitatorAddresses,\n payee: requirements.payTo as Hex,\n expirySeconds,\n requireRedeemers,\n redeemerAddresses,\n });\n\n let createDelegationConfig: Parameters<typeof createOpenDelegation>[0];\n\n if (parentPermissionContext) {\n const parentDelegation = existingDelegations[0];\n\n if (!parentDelegation) {\n throw new Error('Parent permission context is not a valid delegation');\n }\n\n createDelegationConfig = {\n environment,\n from,\n caveats,\n salt,\n scope,\n parentDelegation,\n };\n } else {\n createDelegationConfig = {\n environment,\n from,\n caveats,\n salt,\n scope,\n };\n }\n\n const rootDelegator =\n existingDelegations[existingDelegations.length - 1]?.delegator ?? from;\n\n return {\n account,\n createDelegationConfig,\n delegationManager,\n existingDelegations,\n rootDelegator,\n };\n};\n","import {\n createOpenDelegation,\n encodeDelegations,\n prepareSignDelegationTypedData,\n} from '../delegation';\nimport type {\n PaymentRequirements,\n x402DelegationProvider,\n x402DelegationProviderConfig,\n x402DelegationProviderPaymentPayload,\n} from './x402DelegationProviderTypes';\nimport {\n parseEip155ChainId,\n resolveDelegationCreationContext,\n} from './x402DelegationProviderUtils';\n\nexport type {\n MaybeDeferred,\n PaymentRequirements,\n x402DelegationProvider,\n x402DelegationProviderConfig,\n x402DelegationProviderPaymentPayload,\n} from './x402DelegationProviderTypes';\n\nexport { parseEip155ChainId } from './x402DelegationProviderUtils';\n\n/**\n * Creates a delegation provider function for x402 payment requirements.\n *\n * The returned provider resolves deferred config values using incoming payment\n * requirements, creates an open delegation, signs it, and returns an encoded\n * permission context payload.\n *\n * @param config - Delegation creation and signing configuration.\n * @returns A provider that maps payment requirements to a signed delegation payload.\n */\nexport function createx402DelegationProvider(\n config: x402DelegationProviderConfig,\n): x402DelegationProvider {\n return async (\n requirements: PaymentRequirements,\n ): Promise<x402DelegationProviderPaymentPayload> => {\n const {\n account,\n createDelegationConfig,\n delegationManager,\n existingDelegations,\n rootDelegator,\n } = await resolveDelegationCreationContext(config, requirements);\n\n const delegation = createOpenDelegation(createDelegationConfig);\n\n const chainId = parseEip155ChainId(requirements.network);\n\n const typedData = prepareSignDelegationTypedData({\n delegationManager,\n chainId,\n delegation,\n });\n\n if (!account.signTypedData) {\n throw new Error('Account does not support signTypedData');\n }\n\n const signature = await account.signTypedData(typedData);\n\n const signedDelegation = {\n ...delegation,\n signature,\n };\n\n const permissionContext = encodeDelegations([\n signedDelegation,\n ...existingDelegations,\n ]);\n\n return {\n delegationManager,\n permissionContext,\n delegator: rootDelegator,\n };\n };\n}\n"]}
|
|
@@ -1,8 +1,9 @@
|
|
|
1
|
-
import { Hex } from 'viem';
|
|
2
|
-
import { D as Delegation } from '../
|
|
1
|
+
import { Hex, Account, Address } from 'viem';
|
|
2
|
+
import { D as Delegation, S as SmartAccountsEnvironment, c as Caveats, P as PermissionContext } from '../resolveCaveats-A9xC29l8.cjs';
|
|
3
3
|
import '@metamask/delegation-abis';
|
|
4
4
|
import 'viem/account-abstraction';
|
|
5
5
|
import 'viem/chains';
|
|
6
|
+
import '@metamask/delegation-core';
|
|
6
7
|
|
|
7
8
|
declare enum DelegationStoreFilter {
|
|
8
9
|
Given = "GIVEN",
|
|
@@ -29,4 +30,39 @@ declare class DelegationStorageClient {
|
|
|
29
30
|
storeDelegation(delegation: Delegation): Promise<Hex>;
|
|
30
31
|
}
|
|
31
32
|
|
|
32
|
-
|
|
33
|
+
type PaymentRequirements = {
|
|
34
|
+
scheme: string;
|
|
35
|
+
network: string;
|
|
36
|
+
asset: string;
|
|
37
|
+
amount: string;
|
|
38
|
+
payTo: string;
|
|
39
|
+
maxTimeoutSeconds: number;
|
|
40
|
+
extra?: Record<string, unknown>;
|
|
41
|
+
};
|
|
42
|
+
type x402DelegationProviderPaymentPayload = {
|
|
43
|
+
delegationManager: Hex;
|
|
44
|
+
permissionContext: Hex;
|
|
45
|
+
delegator: Hex;
|
|
46
|
+
};
|
|
47
|
+
type MaybeDeferred<TResult> = TResult | ((requirements: PaymentRequirements) => Promise<TResult> | TResult);
|
|
48
|
+
type x402DelegationProvider = (paymentRequirements: PaymentRequirements) => Promise<x402DelegationProviderPaymentPayload>;
|
|
49
|
+
type RedeemersConfig = {
|
|
50
|
+
requireRedeemers: boolean;
|
|
51
|
+
addresses?: MaybeDeferred<Address[]>;
|
|
52
|
+
};
|
|
53
|
+
type x402DelegationProviderConfig = {
|
|
54
|
+
account: MaybeDeferred<Account>;
|
|
55
|
+
environment?: MaybeDeferred<SmartAccountsEnvironment>;
|
|
56
|
+
from?: MaybeDeferred<Hex>;
|
|
57
|
+
salt?: MaybeDeferred<Hex>;
|
|
58
|
+
caveats?: MaybeDeferred<Caveats>;
|
|
59
|
+
parentPermissionContext?: MaybeDeferred<PermissionContext>;
|
|
60
|
+
expirySeconds?: MaybeDeferred<number>;
|
|
61
|
+
redeemers?: MaybeDeferred<RedeemersConfig>;
|
|
62
|
+
};
|
|
63
|
+
|
|
64
|
+
declare function parseEip155ChainId(network: PaymentRequirements['network']): number;
|
|
65
|
+
|
|
66
|
+
declare function createx402DelegationProvider(config: x402DelegationProviderConfig): x402DelegationProvider;
|
|
67
|
+
|
|
68
|
+
export { DelegationStorageClient, type DelegationStorageConfig, DelegationStorageEnvironment, DelegationStoreFilter, type Environment, type MaybeDeferred, type PaymentRequirements, createx402DelegationProvider, parseEip155ChainId, type x402DelegationProvider, type x402DelegationProviderConfig, type x402DelegationProviderPaymentPayload };
|
|
@@ -1,8 +1,9 @@
|
|
|
1
|
-
import { Hex } from 'viem';
|
|
2
|
-
import { D as Delegation } from '../
|
|
1
|
+
import { Hex, Account, Address } from 'viem';
|
|
2
|
+
import { D as Delegation, S as SmartAccountsEnvironment, c as Caveats, P as PermissionContext } from '../resolveCaveats-A9xC29l8.js';
|
|
3
3
|
import '@metamask/delegation-abis';
|
|
4
4
|
import 'viem/account-abstraction';
|
|
5
5
|
import 'viem/chains';
|
|
6
|
+
import '@metamask/delegation-core';
|
|
6
7
|
|
|
7
8
|
declare enum DelegationStoreFilter {
|
|
8
9
|
Given = "GIVEN",
|
|
@@ -29,4 +30,39 @@ declare class DelegationStorageClient {
|
|
|
29
30
|
storeDelegation(delegation: Delegation): Promise<Hex>;
|
|
30
31
|
}
|
|
31
32
|
|
|
32
|
-
|
|
33
|
+
type PaymentRequirements = {
|
|
34
|
+
scheme: string;
|
|
35
|
+
network: string;
|
|
36
|
+
asset: string;
|
|
37
|
+
amount: string;
|
|
38
|
+
payTo: string;
|
|
39
|
+
maxTimeoutSeconds: number;
|
|
40
|
+
extra?: Record<string, unknown>;
|
|
41
|
+
};
|
|
42
|
+
type x402DelegationProviderPaymentPayload = {
|
|
43
|
+
delegationManager: Hex;
|
|
44
|
+
permissionContext: Hex;
|
|
45
|
+
delegator: Hex;
|
|
46
|
+
};
|
|
47
|
+
type MaybeDeferred<TResult> = TResult | ((requirements: PaymentRequirements) => Promise<TResult> | TResult);
|
|
48
|
+
type x402DelegationProvider = (paymentRequirements: PaymentRequirements) => Promise<x402DelegationProviderPaymentPayload>;
|
|
49
|
+
type RedeemersConfig = {
|
|
50
|
+
requireRedeemers: boolean;
|
|
51
|
+
addresses?: MaybeDeferred<Address[]>;
|
|
52
|
+
};
|
|
53
|
+
type x402DelegationProviderConfig = {
|
|
54
|
+
account: MaybeDeferred<Account>;
|
|
55
|
+
environment?: MaybeDeferred<SmartAccountsEnvironment>;
|
|
56
|
+
from?: MaybeDeferred<Hex>;
|
|
57
|
+
salt?: MaybeDeferred<Hex>;
|
|
58
|
+
caveats?: MaybeDeferred<Caveats>;
|
|
59
|
+
parentPermissionContext?: MaybeDeferred<PermissionContext>;
|
|
60
|
+
expirySeconds?: MaybeDeferred<number>;
|
|
61
|
+
redeemers?: MaybeDeferred<RedeemersConfig>;
|
|
62
|
+
};
|
|
63
|
+
|
|
64
|
+
declare function parseEip155ChainId(network: PaymentRequirements['network']): number;
|
|
65
|
+
|
|
66
|
+
declare function createx402DelegationProvider(config: x402DelegationProviderConfig): x402DelegationProvider;
|
|
67
|
+
|
|
68
|
+
export { DelegationStorageClient, type DelegationStorageConfig, DelegationStorageEnvironment, DelegationStoreFilter, type Environment, type MaybeDeferred, type PaymentRequirements, createx402DelegationProvider, parseEip155ChainId, type x402DelegationProvider, type x402DelegationProviderConfig, type x402DelegationProviderPaymentPayload };
|