npm - @pafi-dev/issuer - Versions diffs - 0.7.6 → 0.7.7 - Mend

@pafi-dev/issuer 0.7.6 → 0.7.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -2317,12 +2317,13 @@ var PerpDepositHandler = class {
 // src/api/delegateHandler.ts
 var import_core13 = require("@pafi-dev/core");
+var import_viem10 = require("viem");
 var DEFAULT_DELEGATE_GAS = {
   callGasLimit: 100000n,
   verificationGasLimit: 150000n,
   preVerificationGas: 50000n
 };
-async function handleDelegateSubmit(params) {
+async function handleDelegatePrepare(params) {
   const { batchExecutor } = (0, import_core13.getContractAddresses)(params.chainId);
   const partial = (0, import_core13.buildDelegationUserOp)({
     userAddress: params.userAddress,
@@ -2359,39 +2360,76 @@ async function handleDelegateSubmit(params) {
     onWarning: params.onWarning
   });
   const merged = {
-    ...userOp,
-    ...paymasterFields ?? {}
+    sender: userOp.sender,
+    nonce: userOp.nonce,
+    callData: userOp.callData,
+    callGasLimit: paymasterFields?.callGasLimit ?? userOp.callGasLimit,
+    verificationGasLimit: paymasterFields?.verificationGasLimit ?? userOp.verificationGasLimit,
+    preVerificationGas: paymasterFields?.preVerificationGas ?? userOp.preVerificationGas,
+    maxFeePerGas: paymasterFields?.maxFeePerGas ?? userOp.maxFeePerGas,
+    maxPriorityFeePerGas: paymasterFields?.maxPriorityFeePerGas ?? userOp.maxPriorityFeePerGas,
+    paymaster: paymasterFields?.paymaster,
+    paymasterVerificationGasLimit: paymasterFields?.paymasterVerificationGasLimit,
+    paymasterPostOpGasLimit: paymasterFields?.paymasterPostOpGasLimit,
+    paymasterData: paymasterFields?.paymasterData
   };
-  const userOpJson = (0, import_core13.serializeUserOpToJsonRpc)(
+  const userOpHash = (0, import_core13.computeUserOpHash)(merged, params.chainId);
+  const typed = (0, import_core13.buildUserOpTypedData)(merged, params.chainId);
+  await params.store.save(
+    params.lockId,
     {
       sender: merged.sender,
-      nonce: merged.nonce,
+      nonce: merged.nonce.toString(10),
       callData: merged.callData,
-      callGasLimit: merged.callGasLimit,
-      verificationGasLimit: merged.verificationGasLimit,
-      preVerificationGas: merged.preVerificationGas,
-      maxFeePerGas: merged.maxFeePerGas,
-      maxPriorityFeePerGas: merged.maxPriorityFeePerGas,
-      paymaster: paymasterFields?.paymaster,
-      paymasterVerificationGasLimit: paymasterFields?.paymasterVerificationGasLimit,
-      paymasterPostOpGasLimit: paymasterFields?.paymasterPostOpGasLimit,
-      paymasterData: paymasterFields?.paymasterData
+      callGasLimit: merged.callGasLimit.toString(10),
+      verificationGasLimit: merged.verificationGasLimit.toString(10),
+      preVerificationGas: merged.preVerificationGas.toString(10),
+      maxFeePerGas: merged.maxFeePerGas.toString(10),
+      maxPriorityFeePerGas: merged.maxPriorityFeePerGas.toString(10),
+      ...merged.paymaster ? { paymaster: merged.paymaster } : {},
+      ...merged.paymasterVerificationGasLimit ? {
+        paymasterVerificationGasLimit: merged.paymasterVerificationGasLimit.toString(10)
+      } : {},
+      ...merged.paymasterPostOpGasLimit ? {
+        paymasterPostOpGasLimit: merged.paymasterPostOpGasLimit.toString(10)
+      } : {},
+      ...merged.paymasterData ? { paymasterData: merged.paymasterData } : {},
+      chainId: params.chainId,
+      userOpHash,
+      eip7702Auth: authorization
     },
-    // Delegation UserOp is submitted unsigned — the EIP-7702 authorization
-    // is the user's "consent"; no separate AA signature is needed.
-    "0x"
+    params.ttlSeconds
   );
+  return {
+    lockId: params.lockId,
+    userOpHash,
+    typedData: serializeUserOpTypedData(typed),
+    expiresInSeconds: params.ttlSeconds,
+    isSponsored: !!paymasterFields
+  };
+}
+async function handleDelegateSubmit(params) {
+  const entry = await params.store.get(params.lockId);
+  if (!entry) {
+    throw new PendingUserOpNotFoundError(params.lockId);
+  }
+  if ((0, import_viem10.getAddress)(entry.sender) !== (0, import_viem10.getAddress)(params.authenticatedAddress)) {
+    throw new PendingUserOpForbiddenError(params.lockId);
+  }
+  if (!entry.eip7702Auth) {
+    throw new Error(
+      `delegate entry ${params.lockId} missing eip7702Auth \u2014 prepare step did not run correctly`
+    );
+  }
+  const userOpJson = serializeEntryToJsonRpc(entry, params.userOpSig, "sponsored");
   const result = await relayUserOp({
     client: params.pafiBackendClient,
     userOp: userOpJson,
-    entryPoint: import_core13.ENTRY_POINT_V08,
-    eip7702Auth: authorization
+    entryPoint: params.entryPoint ?? import_core13.ENTRY_POINT_V08,
+    eip7702Auth: entry.eip7702Auth
   });
-  return {
-    userOpHash: result.userOpHash,
-    isSponsored: !!paymasterFields,
-    authorization
-  };
+  await params.store.delete(params.lockId);
+  return { userOpHash: result.userOpHash };
 }
 // src/api/errorMapper.ts
@@ -2420,7 +2458,8 @@ function createSdkErrorMapper(factories) {
 }
 // src/api/issuerApiAdapter.ts
-var import_viem10 = require("viem");
+var import_node_crypto3 = require("crypto");
+var import_viem11 = require("viem");
 var import_core14 = require("@pafi-dev/core");
 var AdapterMisconfiguredError = class extends Error {
   code = "ADAPTER_MISCONFIGURED";
@@ -2478,7 +2517,7 @@ var IssuerApiAdapter = class {
   async pools(authenticatedAddress, chainId, pointTokenAddress) {
     const result = await this.cfg.issuerService.api.handlePools(
       authenticatedAddress,
-      { chainId, pointTokenAddress: (0, import_viem10.getAddress)(pointTokenAddress) }
+      { chainId, pointTokenAddress: (0, import_viem11.getAddress)(pointTokenAddress) }
     );
     return { pools: result.pools };
   }
@@ -2487,8 +2526,8 @@ var IssuerApiAdapter = class {
       authenticatedAddress,
       {
         chainId,
-        userAddress: (0, import_viem10.getAddress)(userAddress),
-        pointTokenAddress: (0, import_viem10.getAddress)(pointTokenAddress)
+        userAddress: (0, import_viem11.getAddress)(userAddress),
+        pointTokenAddress: (0, import_viem11.getAddress)(pointTokenAddress)
       }
     );
     return {
@@ -2510,7 +2549,7 @@ var IssuerApiAdapter = class {
       "ptClaimHandler",
       "claim"
     );
-    const pointTokenAddress = (0, import_viem10.getAddress)(input.pointTokenAddress);
+    const pointTokenAddress = (0, import_viem11.getAddress)(input.pointTokenAddress);
     const result = await ptClaimHandler.handle({
       authenticatedAddress: input.authenticatedAddress,
       userAddress: input.authenticatedAddress,
@@ -2605,7 +2644,7 @@ var IssuerApiAdapter = class {
       "ptClaimHandler",
       "claimPrepare"
     );
-    const pointTokenAddress = (0, import_viem10.getAddress)(input.pointTokenAddress);
+    const pointTokenAddress = (0, import_viem11.getAddress)(input.pointTokenAddress);
     const claimResult = await ptClaimHandler.handle({
       authenticatedAddress: input.authenticatedAddress,
       userAddress: input.authenticatedAddress,
@@ -2651,7 +2690,7 @@ var IssuerApiAdapter = class {
   }
   async redeemPrepare(input) {
     this.assertRedeemHandler();
-    const pointTokenAddress = (0, import_viem10.getAddress)(input.pointTokenAddress);
+    const pointTokenAddress = (0, import_viem11.getAddress)(input.pointTokenAddress);
     const redeemResponse = await this.cfg.ptRedeemHandler.handle({
       userAddress: input.authenticatedAddress,
       authenticatedAddress: input.authenticatedAddress,
@@ -2724,37 +2763,59 @@ var IssuerApiAdapter = class {
       batchExecutorAddress: batchExecutor
     };
   }
-  async delegatePrepare(authenticatedAddress, chainId) {
-    const { batchExecutor } = (0, import_core14.getContractAddresses)(chainId);
-    const accountNonce = BigInt(
-      await this.cfg.provider.getTransactionCount({
-        address: authenticatedAddress
-      })
-    );
-    const authorizationHash = (0, import_core14.computeAuthorizationHash)(
-      chainId,
-      batchExecutor,
-      accountNonce
-    );
-    return {
-      authorizationHash,
-      delegationNonce: accountNonce.toString(),
-      batchExecutorAddress: batchExecutor,
-      chainId
-    };
-  }
-  async delegateSubmit(input) {
+  /**
+   * Build the delegation-anchor UserOp + obtain paymaster sponsorship
+   * + persist as a pending entry. Mobile must:
+   *
+   *   1. Sign EIP-7702 authorization LOCALLY (Privy `signAuthorization`
+   *      with `{contractAddress: batchExecutorAddress, chainId,
+   *      nonce: delegationNonce}`) → 65-byte authSig hex.
+   *   2. POST `/delegate/prepare` with `{ chainId, delegationNonce,
+   *      authSig }` → this method.
+   *   3. Sign returned `userOpHash` LOCALLY (`signTypedData(typedData)`).
+   *   4. POST `/delegate/submit` with `{ lockId, userOpSig }`.
+   *
+   * v0.7.7 — replaces single-shot delegateSubmit that tried to relay
+   * a UserOp with empty `signature: "0x"` (Simple7702Account's
+   * validateUserOp reverts `ECDSAInvalidSignatureLength` 0xfce698f7).
+   */
+  async delegatePrepare(authenticatedAddress, input) {
+    const { batchExecutor } = (0, import_core14.getContractAddresses)(input.chainId);
     const fees = await this.cfg.provider.estimateFeesPerGas();
-    const result = await handleDelegateSubmit({
-      userAddress: input.authenticatedAddress,
+    const lockId = (0, import_node_crypto3.randomUUID)();
+    const result = await handleDelegatePrepare({
+      userAddress: authenticatedAddress,
       chainId: input.chainId,
       delegationNonce: input.delegationNonce,
       aaNonce: input.aaNonce,
       authSig: input.authSig,
       fees,
+      lockId,
+      store: this.cfg.pendingUserOpStore,
+      ttlSeconds: 15 * 60,
+      // 15min — match claim/redeem mobile lock duration
       pafiBackendClient: this.cfg.pafiBackendClient,
       onWarning: this.cfg.onWarning
     });
+    return {
+      lockId: result.lockId,
+      userOpHash: result.userOpHash,
+      typedData: result.typedData,
+      expiresInSeconds: result.expiresInSeconds,
+      isSponsored: result.isSponsored,
+      delegationNonce: input.delegationNonce.toString(),
+      batchExecutorAddress: batchExecutor,
+      chainId: input.chainId
+    };
+  }
+  async delegateSubmit(input) {
+    const result = await handleDelegateSubmit({
+      lockId: input.lockId,
+      authenticatedAddress: input.authenticatedAddress,
+      userOpSig: input.userOpSig,
+      store: this.cfg.pendingUserOpStore,
+      pafiBackendClient: this.cfg.pafiBackendClient
+    });
     return { userOpHash: result.userOpHash };
   }
   // ------------------------------ Internal helpers -------------------------
@@ -2813,7 +2874,7 @@ var IssuerApiAdapter = class {
 };
 // src/pools/subgraphPoolsProvider.ts
-var import_viem11 = require("viem");
+var import_viem12 = require("viem");
 var import_core15 = require("@pafi-dev/core");
 var DEFAULT_CACHE_TTL_MS = 3e4;
 var POOL_QUERY = `
@@ -2914,7 +2975,7 @@ async function fetchPoolsFromSubgraph(fetchImpl, subgraphUrl, pointTokenAddress)
     return [];
   }
   const { pool } = token;
-  if (!(0, import_viem11.isAddress)(pool.hooks)) {
+  if (!(0, import_viem12.isAddress)(pool.hooks)) {
     console.error(
       "[PAFI] SubgraphPoolsProvider: invalid hooks address in response:",
       pool.hooks,
@@ -2922,7 +2983,7 @@ async function fetchPoolsFromSubgraph(fetchImpl, subgraphUrl, pointTokenAddress)
     );
     return [];
   }
-  if (!(0, import_viem11.isAddress)(pool.token0.id) || !(0, import_viem11.isAddress)(pool.token1.id)) {
+  if (!(0, import_viem12.isAddress)(pool.token0.id) || !(0, import_viem12.isAddress)(pool.token1.id)) {
     console.error(
       "[PAFI] SubgraphPoolsProvider: invalid token address in response \u2014 skipping pool"
     );
@@ -3072,8 +3133,8 @@ function toUsdtPerNative(priceFloat, usdtDecimals) {
 }
 // src/pools/nativePtQuoter.ts
-var import_viem12 = require("viem");
-var CHAINLINK_ABI = (0, import_viem12.parseAbi)([
+var import_viem13 = require("viem");
+var CHAINLINK_ABI = (0, import_viem13.parseAbi)([
   "function latestRoundData() external view returns (uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound)"
 ]);
 var CHAINLINK_MAX_AGE_S = 3600n;
@@ -3395,7 +3456,7 @@ var PafiBackendClient = class {
 };
 // src/config.ts
-var import_viem13 = require("viem");
+var import_viem14 = require("viem");
 var import_core17 = require("@pafi-dev/core");
 function createIssuerService(config) {
   if (!config.provider) {
@@ -3416,7 +3477,7 @@ function createIssuerService(config) {
       "createIssuerService: at least one of pointTokenAddress / pointTokenAddresses is required"
     );
   }
-  const tokenAddresses = rawAddresses.map((a) => (0, import_viem13.getAddress)(a));
+  const tokenAddresses = rawAddresses.map((a) => (0, import_viem14.getAddress)(a));
   const ledger = config.ledger;
   const sessionStore = config.sessionStore ?? new MemorySessionStore();
   const policy = config.policy ?? new DefaultPolicyEngine({ ledger });
@@ -3505,7 +3566,7 @@ function createIssuerService(config) {
 }
 // src/issuer-state/validator.ts
-var import_viem14 = require("viem");
+var import_viem15 = require("viem");
 var import_core18 = require("@pafi-dev/core");
 var ISSUER_RECORD_TTL_MS = 3e4;
 var IssuerStateValidator = class _IssuerStateValidator {
@@ -3532,7 +3593,7 @@ var IssuerStateValidator = class _IssuerStateValidator {
    */
   invalidate(pointToken) {
     if (pointToken) {
-      const key = (0, import_viem14.getAddress)(pointToken);
+      const key = (0, import_viem15.getAddress)(pointToken);
       this.pointTokenIssuerCache.delete(key);
       this.stateCache.delete(key);
       this.inflight.delete(key);
@@ -3547,7 +3608,7 @@ var IssuerStateValidator = class _IssuerStateValidator {
    * The issuer field is set at `initialize()` and never changes.
    */
   async getIssuerAddressForPointToken(pointToken) {
-    const key = (0, import_viem14.getAddress)(pointToken);
+    const key = (0, import_viem15.getAddress)(pointToken);
     const cached = this.pointTokenIssuerCache.get(key);
     if (cached) return cached;
     const issuer = await this.provider.readContract({
@@ -3555,15 +3616,15 @@ var IssuerStateValidator = class _IssuerStateValidator {
       abi: import_core18.POINT_TOKEN_V2_ABI,
       functionName: "issuer"
     });
-    this.pointTokenIssuerCache.set(key, (0, import_viem14.getAddress)(issuer));
-    return (0, import_viem14.getAddress)(issuer);
+    this.pointTokenIssuerCache.set(key, (0, import_viem15.getAddress)(issuer));
+    return (0, import_viem15.getAddress)(issuer);
   }
   /**
    * Read registry record + totalSupply, with 30s cache and in-flight
    * deduplication. Does NOT throw on inactive/missing — returns raw state.
    */
   async getIssuerState(pointToken) {
-    const tokenAddr = (0, import_viem14.getAddress)(pointToken);
+    const tokenAddr = (0, import_viem15.getAddress)(pointToken);
     const now = Date.now();
     const cached = this.stateCache.get(tokenAddr);
     if (cached && cached.expiresAt > now) return cached.value;
@@ -3661,7 +3722,7 @@ var IssuerStateValidator = class _IssuerStateValidator {
 };
 // src/index.ts
-var PAFI_ISSUER_SDK_VERSION = true ? "0.7.6" : "dev";
+var PAFI_ISSUER_SDK_VERSION = true ? "0.7.7" : "dev";
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   AdapterMisconfiguredError,