@mysten/sui 1.22.0 → 1.24.0

package/package.json

@@ -3,7 +3,7 @@
   "author": "Mysten Labs <build@mystenlabs.com>",
   "description": "Sui TypeScript API(Work in Progress)",
   "homepage": "https://sdk.mystenlabs.com",
-  "version": "1.22.0",
+  "version": "1.24.0",
   "license": "Apache-2.0",
   "sideEffects": false,
   "files": [
@@ -138,7 +138,6 @@
     "@scure/bip39": "^1.3.0",
     "gql.tada": "^1.8.2",
     "graphql": "^16.9.0",
-    "jose": "^5.6.3",
     "poseidon-lite": "^0.2.0",
     "valibot": "^0.36.0",
     "@mysten/bcs": "1.5.0"

package/src/client/types/generated.ts

@@ -99,11 +99,18 @@ export type CompressedSignature =
 	  }
 	| {
 			ZkLogin: string;
+	  }
+	| {
+			Passkey: string;
 	  };
 /** Uses an enum to allow for future expansion of the ConsensusDeterminedVersionAssignments. */
-export type ConsensusDeterminedVersionAssignments = {
-	CancelledTransactions: [string, [string, string][]][];
-};
+export type ConsensusDeterminedVersionAssignments =
+	| {
+			CancelledTransactions: [string, [string, string][]][];
+	  }
+	| {
+			CancelledTransactionsV2: [string, [[string, string], string][]][];
+	  };
 export type SuiParsedData =
 	| {
 			dataType: 'moveObject';
@@ -166,6 +173,7 @@ export interface DryRunTransactionBlockResponse {
 	balanceChanges: BalanceChange[];
 	effects: TransactionEffects;
 	events: SuiEvent[];
+	executionErrorSource?: string | null;
 	input: TransactionBlockData;
 	objectChanges: SuiObjectChange[];
 }
@@ -437,8 +445,8 @@ export interface MultiSig {
 	sigs: CompressedSignature[];
 }
 /**
- * Deprecated, use [struct MultiSig] instead. The struct that contains signatures and public keys necessary
- * for authenticating a MultiSigLegacy.
+ * Deprecated, use [struct MultiSig] instead. The struct that contains signatures and public keys
+ * necessary for authenticating a MultiSigLegacy.
  */
 export interface MultiSigLegacy {
 	/** A bitmap that indicates the position of which public key the signature should be authenticated with. */
@@ -956,6 +964,7 @@ export type SuiEndOfEpochTransactionKind =
 	| 'AuthenticatorStateCreate'
 	| 'RandomnessStateCreate'
 	| 'CoinDenyListStateCreate'
+	| 'StoreExecutionTimeObservations'
 	| {
 			ChangeEpoch: SuiChangeEpoch;
 	  }
@@ -1466,6 +1475,16 @@ export type SuiTransactionBlockKind =
 			kind: 'ConsensusCommitPrologueV3';
 			round: string;
 			sub_dag_index?: string | null;
+	  }
+	| {
+			additional_state_digest: string;
+			commit_timestamp_ms: string;
+			consensus_commit_digest: string;
+			consensus_determined_version_assignments: ConsensusDeterminedVersionAssignments;
+			epoch: string;
+			kind: 'ConsensusCommitPrologueV4';
+			round: string;
+			sub_dag_index?: string | null;
 	  };
 export interface SuiTransactionBlockResponse {
 	balanceChanges?: BalanceChange[] | null;
@@ -1594,9 +1613,16 @@ export interface ZkLoginInputs {
 	issBase64Details: Claim;
 	proofPoints: ZkLoginProof;
 }
+export type ZkLoginIntentScope = 'TransactionData' | 'PersonalMessage';
 /** The struct for zk login proof. */
 export interface ZkLoginProof {
 	a: string[];
 	b: string[][];
 	c: string[];
 }
+export interface ZkLoginVerifyResult {
+	/** The errors field captures any verification error */
+	errors: string[];
+	/** The boolean result of the verification. If true, errors should be empty. */
+	success: boolean;
+}

package/src/client/types/params.ts

@@ -180,6 +180,20 @@ export interface TryMultiGetPastObjectsParams {
 	/** options for specifying the content to be returned */
 	options?: RpcTypes.SuiObjectDataOptions | null | undefined;
 }
+/** Verify a zklogin signature for the given bytes, intent scope and author. */
+export interface VerifyZkLoginSignatureParams {
+	/**
+	 * The Base64 string of bcs bytes for raw transaction data or personal message indicated by
+	 * intent_scope.
+	 */
+	bytes: string;
+	/** The Base64 string of the zklogin signature to verify. */
+	signature: string;
+	/** The intent scope, either transaction data or personal message. Used to parse bytes. */
+	intentScope: RpcTypes.ZkLoginIntentScope;
+	/** The author of the signature. */
+	author: string;
+}
 /** Return the total coin balance for all coin type, owned by the address owner. */
 export interface GetAllBalancesParams {
 	/** the owner's Sui address */

package/src/graphql/generated/latest/schema.graphql

@@ -1046,7 +1046,7 @@ type EndOfEpochTransaction {
 	transactions(first: Int, before: String, last: Int, after: String): EndOfEpochTransactionKindConnection!
 }
 
-union EndOfEpochTransactionKind = ChangeEpochTransaction | AuthenticatorStateCreateTransaction | AuthenticatorStateExpireTransaction | RandomnessStateCreateTransaction | CoinDenyListStateCreateTransaction | BridgeStateCreateTransaction | BridgeCommitteeInitTransaction
+union EndOfEpochTransactionKind = ChangeEpochTransaction | AuthenticatorStateCreateTransaction | AuthenticatorStateExpireTransaction | RandomnessStateCreateTransaction | CoinDenyListStateCreateTransaction | BridgeStateCreateTransaction | BridgeCommitteeInitTransaction | StoreExecutionTimeObservationsTransaction
 
 type EndOfEpochTransactionKindConnection {
 	"""
@@ -2879,7 +2879,7 @@ objects are ones whose
 
 - Type matches the `type` filter,
 - AND, whose owner matches the `owner` filter,
-- AND, whose ID is in `objectIds` OR whose ID and version is in `objectKeys`.
+- AND, whose ID is in `objectIds`.
 """
 input ObjectFilter {
 	"""
@@ -2898,10 +2898,6 @@ input ObjectFilter {
 	Filter for live objects by their IDs.
 	"""
 	objectIds: [SuiAddress!]
-	"""
-	Filter for live or potentially historical objects by their ID and version.
-	"""
-	objectKeys: [ObjectKey!]
 }
 
 input ObjectKey {
@@ -3325,6 +3321,10 @@ type Query {
 	"""
 	transactionBlock(digest: String!): TransactionBlock
 	"""
+	Fetch a list of objects by their IDs and versions.
+	"""
+	multiGetObjects(keys: [ObjectKey!]!): [Object]!
+	"""
 	The coin objects that exist in the network.
 	
 	The type field is a string of the inner type of the coin by which to filter (e.g.
@@ -3599,6 +3599,10 @@ type ServiceConfig {
 	"""
 	maxTransactionIds: Int!
 	"""
+	Maximum number of keys that can be passed to a `multiGetObjects` query.
+	"""
+	maxMultiGetObjectsKeys: Int!
+	"""
 	Maximum number of candidates to scan when gathering a page of results.
 	"""
 	maxScanLimit: Int!
@@ -3970,6 +3974,13 @@ type StorageFund {
 	nonRefundableBalance: BigInt
 }
 
+type StoreExecutionTimeObservationsTransaction {
+	"""
+	A workaround to define an empty variant of a GraphQL union.
+	"""
+	_: Boolean
+}
+
 
 """
 String containing 32B hex-encoded address, with a leading "0x". Leading zeroes can be omitted on input but will always appear in outputs (SuiAddress in output is guaranteed to be 66 characters long).

package/src/graphql/generated/latest/tada-env.ts

@@ -3319,6 +3319,10 @@ const introspection = {
           {
             "kind": "OBJECT",
             "name": "RandomnessStateCreateTransaction"
+          },
+          {
+            "kind": "OBJECT",
+            "name": "StoreExecutionTimeObservationsTransaction"
           }
         ]
       },
@@ -8788,19 +8792,6 @@ const introspection = {
                 }
               }
             }
-          },
-          {
-            "name": "objectKeys",
-            "type": {
-              "kind": "LIST",
-              "ofType": {
-                "kind": "NON_NULL",
-                "ofType": {
-                  "kind": "INPUT_OBJECT",
-                  "name": "ObjectKey"
-                }
-              }
-            }
           }
         ],
         "isOneOf": false
@@ -10199,6 +10190,38 @@ const introspection = {
             ],
             "isDeprecated": false
           },
+          {
+            "name": "multiGetObjects",
+            "type": {
+              "kind": "NON_NULL",
+              "ofType": {
+                "kind": "LIST",
+                "ofType": {
+                  "kind": "OBJECT",
+                  "name": "Object"
+                }
+              }
+            },
+            "args": [
+              {
+                "name": "keys",
+                "type": {
+                  "kind": "NON_NULL",
+                  "ofType": {
+                    "kind": "LIST",
+                    "ofType": {
+                      "kind": "NON_NULL",
+                      "ofType": {
+                        "kind": "INPUT_OBJECT",
+                        "name": "ObjectKey"
+                      }
+                    }
+                  }
+                }
+              }
+            ],
+            "isDeprecated": false
+          },
           {
             "name": "object",
             "type": {
@@ -10937,6 +10960,18 @@ const introspection = {
             "args": [],
             "isDeprecated": false
           },
+          {
+            "name": "maxMultiGetObjectsKeys",
+            "type": {
+              "kind": "NON_NULL",
+              "ofType": {
+                "kind": "SCALAR",
+                "name": "Int"
+              }
+            },
+            "args": [],
+            "isDeprecated": false
+          },
           {
             "name": "maxOutputNodes",
             "type": {
@@ -12085,6 +12120,22 @@ const introspection = {
         ],
         "interfaces": []
       },
+      {
+        "kind": "OBJECT",
+        "name": "StoreExecutionTimeObservationsTransaction",
+        "fields": [
+          {
+            "name": "_",
+            "type": {
+              "kind": "SCALAR",
+              "name": "Boolean"
+            },
+            "args": [],
+            "isDeprecated": false
+          }
+        ],
+        "interfaces": []
+      },
       {
         "kind": "SCALAR",
         "name": "String"

package/src/version.ts

@@ -3,5 +3,5 @@
 
 // This file is generated by genversion.mjs. Do not edit it directly.
 
-export const PACKAGE_VERSION = '1.22.0';
+export const PACKAGE_VERSION = '1.24.0';
 export const TARGETED_RPC_VERSION = '1.45.0';

package/src/zklogin/address.ts

@@ -3,11 +3,16 @@
 
 import { blake2b } from '@noble/hashes/blake2b';
 import { bytesToHex } from '@noble/hashes/utils';
-import { decodeJwt } from 'jose';
 
 import { SIGNATURE_SCHEME_TO_FLAG } from '../cryptography/signature-scheme.js';
 import { normalizeSuiAddress, SUI_ADDRESS_LENGTH } from '../utils/index.js';
-import { genAddressSeed, toBigEndianBytes, toPaddedBigEndianBytes } from './utils.js';
+import { decodeJwt } from './jwt-utils.js';
+import {
+	genAddressSeed,
+	normalizeZkLoginIssuer,
+	toBigEndianBytes,
+	toPaddedBigEndianBytes,
+} from './utils.js';
 
 export function computeZkLoginAddressFromSeed(
 	addressSeed: bigint,
@@ -18,10 +23,8 @@ export function computeZkLoginAddressFromSeed(
 	const addressSeedBytesBigEndian = legacyAddress
 		? toBigEndianBytes(addressSeed, 32)
 		: toPaddedBigEndianBytes(addressSeed, 32);
-	if (iss === 'accounts.google.com') {
-		iss = 'https://accounts.google.com';
-	}
-	const addressParamBytes = new TextEncoder().encode(iss);
+
+	const addressParamBytes = new TextEncoder().encode(normalizeZkLoginIssuer(iss));
 	const tmp = new Uint8Array(2 + addressSeedBytesBigEndian.length + addressParamBytes.length);
 
 	tmp.set([SIGNATURE_SCHEME_TO_FLAG.ZkLogin]);
@@ -62,13 +65,6 @@ export function jwtToAddress(jwt: string, userSalt: string | bigint, legacyAddre
 	lengthChecks(jwt);
 
 	const decodedJWT = decodeJwt(jwt);
-	if (!decodedJWT.sub || !decodedJWT.iss || !decodedJWT.aud) {
-		throw new Error('Missing jwt data');
-	}
-
-	if (Array.isArray(decodedJWT.aud)) {
-		throw new Error('Not supported aud. Aud is an array, string was expected.');
-	}
 
 	return computeZkLoginAddress({
 		userSalt,

package/src/zklogin/index.ts

@@ -15,3 +15,4 @@ export { toZkLoginPublicIdentifier, ZkLoginPublicIdentifier } from './publickey.
 export type { ZkLoginSignatureInputs } from './bcs.js';
 export { poseidonHash } from './poseidon.js';
 export { generateNonce, generateRandomness } from './nonce.js';
+export { decodeJwt } from './jwt-utils.js';

package/src/zklogin/jwt-decode.ts

@@ -0,0 +1,126 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+/** Copied from https://github.com/auth0/jwt-decode/blob/3d372e9875ff673228a9f2d9df74e84690842a9c/lib/index.ts */
+
+/**
+The MIT License (MIT)
+
+Copyright (c) 2015 Auth0, Inc. <support@auth0.com> (http://auth0.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ */
+
+export interface JwtDecodeOptions {
+	header?: boolean;
+}
+
+export interface JwtHeader {
+	typ?: string;
+	alg?: string;
+	kid?: string;
+}
+
+export interface JwtPayload {
+	iss?: string;
+	sub?: string;
+	aud?: string[] | string;
+	exp?: number;
+	nbf?: number;
+	iat?: number;
+	jti?: string;
+}
+
+export class InvalidTokenError extends Error {}
+
+InvalidTokenError.prototype.name = 'InvalidTokenError';
+
+function b64DecodeUnicode(str: string) {
+	return decodeURIComponent(
+		atob(str).replace(/(.)/g, (_m, p) => {
+			let code = (p as string).charCodeAt(0).toString(16).toUpperCase();
+			if (code.length < 2) {
+				code = '0' + code;
+			}
+			return '%' + code;
+		}),
+	);
+}
+
+function base64UrlDecode(str: string) {
+	let output = str.replace(/-/g, '+').replace(/_/g, '/');
+	switch (output.length % 4) {
+		case 0:
+			break;
+		case 2:
+			output += '==';
+			break;
+		case 3:
+			output += '=';
+			break;
+		default:
+			throw new Error('base64 string is not of the correct length');
+	}
+
+	try {
+		return b64DecodeUnicode(output);
+	} catch (err) {
+		return atob(output);
+	}
+}
+
+export function jwtDecode<T = JwtHeader>(
+	token: string,
+	options: JwtDecodeOptions & { header: true },
+): T;
+export function jwtDecode<T = JwtPayload>(token: string, options?: JwtDecodeOptions): T;
+export function jwtDecode<T = JwtHeader | JwtPayload>(
+	token: string,
+	options?: JwtDecodeOptions,
+): T {
+	if (typeof token !== 'string') {
+		throw new InvalidTokenError('Invalid token specified: must be a string');
+	}
+
+	options ||= {};
+
+	const pos = options.header === true ? 0 : 1;
+	const part = token.split('.')[pos];
+
+	if (typeof part !== 'string') {
+		throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);
+	}
+
+	let decoded: string;
+	try {
+		decoded = base64UrlDecode(part);
+	} catch (e) {
+		throw new InvalidTokenError(
+			`Invalid token specified: invalid base64 for part #${pos + 1} (${(e as Error).message})`,
+		);
+	}
+
+	try {
+		return JSON.parse(decoded) as T;
+	} catch (e) {
+		throw new InvalidTokenError(
+			`Invalid token specified: invalid json for part #${pos + 1} (${(e as Error).message})`,
+		);
+	}
+}

package/src/zklogin/jwt-utils.ts

@@ -1,6 +1,10 @@
 // Copyright (c) Mysten Labs, Inc.
 // SPDX-License-Identifier: Apache-2.0
 
+import type { JwtPayload } from './jwt-decode.js';
+import { jwtDecode } from './jwt-decode.js';
+import { normalizeZkLoginIssuer } from './utils.js';
+
 function base64UrlCharTo6Bits(base64UrlChar: string): number[] {
 	if (base64UrlChar.length !== 1) {
 		throw new Error('Invalid base64Url character: ' + base64UrlChar);
@@ -111,3 +115,28 @@ export function extractClaimValue<R>(claim: Claim, claimName: string): R {
 	}
 	return value;
 }
+
+export function decodeJwt(jwt: string): Omit<JwtPayload, 'iss' | 'aud' | 'sub'> & {
+	iss: string;
+	aud: string;
+	sub: string;
+	rawIss: string;
+} {
+	const { iss, aud, sub, ...decodedJWT } = jwtDecode(jwt);
+
+	if (!sub || !iss || !aud) {
+		throw new Error('Missing jwt data');
+	}
+
+	if (Array.isArray(aud)) {
+		throw new Error('Not supported aud. Aud is an array, string was expected.');
+	}
+
+	return {
+		...decodedJWT,
+		iss: normalizeZkLoginIssuer(iss),
+		rawIss: iss,
+		aud,
+		sub,
+	};
+}

package/src/zklogin/nonce.ts

@@ -3,7 +3,7 @@
 
 import { toHex } from '@mysten/bcs';
 import { randomBytes } from '@noble/hashes/utils';
-import { base64url } from 'jose';
+import { base64urlnopad } from '@scure/base';
 
 import type { PublicKey } from '../cryptography/publickey.js';
 import { poseidonHash } from './poseidon.js';
@@ -30,7 +30,8 @@ export function generateNonce(publicKey: PublicKey, maxEpoch: number, randomness
 	const eph_public_key_1 = publicKeyBytes % 2n ** 128n;
 	const bigNum = poseidonHash([eph_public_key_0, eph_public_key_1, maxEpoch, BigInt(randomness)]);
 	const Z = toPaddedBigEndianBytes(bigNum, 20);
-	const nonce = base64url.encode(Z);
+	const nonce = base64urlnopad.encode(Z);
+
 	if (nonce.length !== NONCE_LENGTH) {
 		throw new Error(`Length of nonce ${nonce} (${nonce.length}) is not equal to ${NONCE_LENGTH}`);
 	}

package/src/zklogin/publickey.ts

@@ -11,9 +11,10 @@ import { SIGNATURE_SCHEME_TO_FLAG } from '../cryptography/signature-scheme.js';
 import { SuiGraphQLClient } from '../graphql/client.js';
 import { graphql } from '../graphql/schemas/latest/index.js';
 import { normalizeSuiAddress, SUI_ADDRESS_LENGTH } from '../utils/sui-types.js';
+import type { ZkLoginSignatureInputs } from './bcs.js';
 import { extractClaimValue } from './jwt-utils.js';
 import { parseZkLoginSignature } from './signature.js';
-import { toBigEndianBytes, toPaddedBigEndianBytes } from './utils.js';
+import { normalizeZkLoginIssuer, toBigEndianBytes, toPaddedBigEndianBytes } from './utils.js';
 
 /**
  * A zkLogin public identifier
@@ -46,6 +47,29 @@ export class ZkLoginPublicIdentifier extends PublicKey {
 		}
 	}
 
+	static fromProof(address: string, proof: ZkLoginSignatureInputs) {
+		const { issBase64Details, addressSeed } = proof;
+		const iss = extractClaimValue<string>(issBase64Details, 'iss');
+
+		const legacyPublicKey = toZkLoginPublicIdentifier(BigInt(addressSeed), iss, {
+			legacyAddress: true,
+		});
+
+		if (legacyPublicKey.toSuiAddress() === address) {
+			return legacyPublicKey;
+		}
+
+		const publicKey = toZkLoginPublicIdentifier(BigInt(addressSeed), iss, {
+			legacyAddress: false,
+		});
+
+		if (publicKey.toSuiAddress() !== address) {
+			throw new Error('Proof does not match address');
+		}
+
+		return publicKey;
+	}
+
 	/**
 	 * Checks if two zkLogin public identifiers are equal
 	 */
@@ -142,7 +166,7 @@ export function toZkLoginPublicIdentifier(
 		? toBigEndianBytes(addressSeed, 32)
 		: toPaddedBigEndianBytes(addressSeed, 32);
 
-	const issBytes = new TextEncoder().encode(iss);
+	const issBytes = new TextEncoder().encode(normalizeZkLoginIssuer(iss));
 	const tmp = new Uint8Array(1 + issBytes.length + addressSeedBytesBigEndian.length);
 	tmp.set([issBytes.length], 0);
 	tmp.set(issBytes, 1);

package/src/zklogin/utils.ts

@@ -103,3 +103,10 @@ export function genAddressSeed(
 		poseidonHash([BigInt(salt)]),
 	]);
 }
+
+export function normalizeZkLoginIssuer(iss: string) {
+	if (iss === 'accounts.google.com') {
+		return 'https://accounts.google.com';
+	}
+	return iss;
+}