@portal-hq/provider 4.1.3 → 4.1.5

package/src/signers/enclave.ts

@@ -0,0 +1,421 @@
+import { PortalCurve } from '@portal-hq/core'
+import { FeatureFlags } from '@portal-hq/core/types'
+import {
+  HttpRequester,
+  IPortalProvider,
+  KeychainAdapter,
+  type SigningRequestArguments,
+  getClientPlatformVersion,
+} from '@portal-hq/utils'
+import UUID from 'react-native-uuid'
+
+import {
+  type MpcSignerOptions,
+  PortalMobileMpcMetadata,
+  type EnclaveSignRequest,
+  type EnclaveSignResponse,
+  type EnclaveSignResult,
+} from '../../types'
+import Signer from './abstract'
+
+enum Operation {
+  SIGN = 'sign',
+  RAW_SIGN = 'raw_sign',
+}
+
+class EnclaveSigner implements Signer {
+  private featureFlags: FeatureFlags
+  private keychain: KeychainAdapter
+  private enclaveMPCHost: string
+  private version = 'v6'
+  private portalApi?: HttpRequester
+  private requests: HttpRequester
+
+  constructor({
+    keychain,
+    enclaveMPCHost = 'mpc-client.portalhq.io',
+    version = 'v6',
+    portalApi,
+    featureFlags = {},
+  }: MpcSignerOptions & { enclaveMPCHost?: string }) {
+    this.featureFlags = featureFlags
+    this.keychain = keychain
+    this.enclaveMPCHost = enclaveMPCHost
+    this.version = version
+    this.portalApi = portalApi
+    this.requests = new HttpRequester({
+      baseUrl: `https://${this.enclaveMPCHost}`,
+    })
+  }
+
+  public async sign(
+    message: SigningRequestArguments,
+    provider: IPortalProvider,
+  ): Promise<any> {
+    // Always track metrics, but only send if feature flag is enabled
+    const shouldSendMetrics =
+      this.featureFlags.enableSdkPerformanceMetrics === true
+    const signStartTime = performance.now()
+    const preOperationStartTime = performance.now()
+
+    // Generate a traceId for this operation
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+    const traceId = (UUID as any).v4() as string
+    const metrics: Record<string, number | string | boolean> = {
+      hasError: false,
+      operation: Operation.SIGN,
+      signingMethod: message.method,
+      traceId,
+    }
+
+    try {
+      const eip155Address = await this.keychain.getEip155Address()
+      const apiKey = provider.apiKey
+      const { method, chainId, curve, isRaw } = message
+
+      // Add chainId to metrics
+      if (chainId) {
+        metrics.chainId = chainId
+      }
+
+      switch (method) {
+        case 'eth_requestAccounts':
+          return [eip155Address]
+        case 'eth_accounts':
+          return [eip155Address]
+        default:
+          break
+      }
+
+      const shares = await this.keychain.getShares()
+      let signingShare = shares.secp256k1.share
+
+      if (curve === PortalCurve.ED25519) {
+        if (!shares.ed25519) {
+          throw new Error(
+            '[Portal.Provider.EnclaveSigner] The ED25519 share is missing from the keychain.',
+          )
+        }
+        signingShare = shares.ed25519.share
+      }
+
+      const metadata: PortalMobileMpcMetadata = {
+        clientPlatform: 'REACT_NATIVE',
+        clientPlatformVersion: getClientPlatformVersion(),
+        isMultiBackupEnabled: this.featureFlags.isMultiBackupEnabled,
+        mpcServerVersion: this.version,
+        optimized: true,
+        curve,
+        chainId,
+        isRaw,
+        reqId: traceId,
+        connectionTracingEnabled: shouldSendMetrics,
+      }
+
+      // Build params
+      // Avoid double JSON encoding: if params is already a string (e.g. a hex message), pass it directly; otherwise stringify objects/arrays.
+      const params = this.buildParams(method, message.params)
+      let formattedParams: string
+
+      if (isRaw) {
+        if (typeof params !== 'string') {
+          throw new Error(
+            '[Portal.Provider.EnclaveSigner] For raw signing, params must be a string (e.g., a hex-encoded message).',
+          )
+        }
+        formattedParams = params
+      } else {
+        formattedParams =
+          typeof params === 'string' ? params : JSON.stringify(params)
+      }
+
+      // Get RPC URL
+      const rpcUrl = isRaw ? '' : provider.getGatewayUrl(chainId)
+
+      // Set metrics operation
+      metrics.operation = isRaw ? Operation.RAW_SIGN : Operation.SIGN
+
+      if (typeof formattedParams !== 'string') {
+        throw new Error(
+          `[Portal.Provider.EnclaveSigner] The formatted params for the signing request could not be converted to a string. The params were: ${formattedParams}`,
+        )
+      }
+
+      // Record pre-operation time
+      metrics.sdkPreOperationMs = performance.now() - preOperationStartTime
+
+      // Measure enclave signing operation time
+      const enclaveSignStartTime = performance.now()
+
+      const result = isRaw
+        ? await this.enclaveRawSign(
+            apiKey,
+            JSON.stringify(signingShare),
+            formattedParams,
+            curve || 'SECP256K1',
+          )
+        : await this.enclaveSign(
+            apiKey,
+            JSON.stringify(signingShare),
+            message.method,
+            formattedParams,
+            rpcUrl,
+            chainId || '',
+            JSON.stringify(metadata),
+          )
+
+      // Post-operation processing time starts
+      const postOperationStartTime = performance.now()
+
+      // Record HTTP call time
+      metrics.enclaveHttpCallMs = performance.now() - enclaveSignStartTime
+
+      // Record post-operation time
+      metrics.sdkPostOperationMs = performance.now() - postOperationStartTime
+
+      // Calculate total SDK signing time
+      metrics.sdkOperationMs = performance.now() - signStartTime
+
+      // Log performance timing to console
+      const timingMetrics: Record<string, number> = {}
+      if (typeof metrics.sdkPreOperationMs === 'number') {
+        timingMetrics['Pre-operation'] = metrics.sdkPreOperationMs
+      }
+      if (typeof metrics.enclaveHttpCallMs === 'number') {
+        timingMetrics['Enclave HTTP Call'] = metrics.enclaveHttpCallMs
+      }
+      if (typeof metrics.sdkPostOperationMs === 'number') {
+        timingMetrics['Post-operation'] = metrics.sdkPostOperationMs
+      }
+
+      // Only send metrics if the feature flag is enabled
+      if (shouldSendMetrics && this.portalApi) {
+        try {
+          await this.sendMetrics(metrics, apiKey)
+        } catch (err) {
+          // No-op
+        }
+      }
+
+      return result
+    } catch (error) {
+      // Calculate total time even in error case
+      metrics.sdkOperationMs = performance.now() - signStartTime
+
+      // Log performance timing to console even in error case
+      const errorTimingMetrics: Record<string, number> = {}
+      if (typeof metrics.sdkPreOperationMs === 'number') {
+        errorTimingMetrics['Pre-operation'] = metrics.sdkPreOperationMs
+      }
+
+      // Only send metrics if the feature flag is enabled
+      if (shouldSendMetrics) {
+        const apiKey = provider.apiKey
+        metrics.hasError = true
+        try {
+          await this.sendMetrics(metrics, apiKey)
+        } catch {
+          // No-op
+        }
+      }
+
+      throw error
+    }
+  }
+
+  private async enclaveRawSign(
+    apiKey: string,
+    signingShare: string,
+    params: string,
+    curve: string,
+  ): Promise<string> {
+    if (!apiKey || !signingShare || !params || !curve) {
+      return this.encodeErrorResult(
+        'INVALID_PARAMETERS',
+        'Invalid parameters provided for raw signing',
+      )
+    }
+
+    const requestBody = {
+      params: params,
+      share: signingShare,
+    }
+
+    const endpoint = `/v1/raw/sign/${curve}`
+
+    try {
+      const response = await this.requests.post<EnclaveSignResponse>(endpoint, {
+        headers: {
+          Authorization: `Bearer ${apiKey}`,
+          'Content-Type': 'application/json',
+        },
+        body: requestBody,
+      })
+
+      return this.encodeSuccessResult(response.data)
+    } catch (error: any) {
+      if (error?.response?.data) {
+        const portalError = this.decodePortalError(
+          JSON.stringify(error.response.data),
+        )
+        return this.encodeErrorResult(portalError?.id, portalError?.message)
+      }
+      return this.encodeErrorResult(
+        'SIGNING_NETWORK_ERROR',
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-argument
+        error.message || 'Network error occurred',
+      )
+    }
+  }
+
+  private async enclaveSign(
+    apiKey: string,
+    signingShare: string,
+    method: string,
+    params: string,
+    rpcURL: string,
+    chainId: string,
+    metadata: string,
+  ): Promise<string> {
+    if (
+      !apiKey ||
+      !signingShare ||
+      !method ||
+      !params ||
+      !chainId ||
+      !metadata
+    ) {
+      return this.encodeErrorResult(
+        'INVALID_PARAMETERS',
+        'Invalid parameters provided',
+      )
+    }
+
+    const requestBody: EnclaveSignRequest = {
+      method: method,
+      params: params,
+      share: signingShare,
+      chainId: chainId,
+      rpcUrl: rpcURL,
+      metadataStr: metadata,
+      clientPlatform: 'REACT_NATIVE',
+      clientPlatformVersion: getClientPlatformVersion(),
+    }
+
+    try {
+      const response = await this.requests.post<EnclaveSignResponse>(
+        '/v1/sign',
+        {
+          headers: {
+            Authorization: `Bearer ${apiKey}`,
+            'Content-Type': 'application/json',
+          },
+          body: requestBody,
+        },
+      )
+
+      return this.encodeSuccessResult(response.data)
+    } catch (error: any) {
+      if (error?.response?.data) {
+        const portalError = this.decodePortalError(
+          JSON.stringify(error.response.data),
+        )
+        return this.encodeErrorResult(portalError?.id, portalError?.message)
+      }
+      return this.encodeErrorResult(
+        'SIGNING_NETWORK_ERROR',
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-argument
+        error.message || 'Network error occurred',
+      )
+    }
+  }
+
+  // Helper function to encode success results
+  private encodeSuccessResult(data: string): string {
+    const successResult: EnclaveSignResult = { data: data, error: undefined }
+    return this.encodeJSON(successResult)
+  }
+
+  // Helper function to decode Portal errors
+  private decodePortalError(
+    errorStr?: string,
+  ): { id?: string; message?: string } | null {
+    if (!errorStr) return null
+    try {
+      return JSON.parse(errorStr)
+    } catch {
+      return null
+    }
+  }
+
+  // Helper function to encode error results
+  private encodeErrorResult(id?: string, message?: string): string {
+    const errorResult: EnclaveSignResult = {
+      data: undefined,
+      error: { id, message },
+    }
+    return this.encodeJSON(errorResult)
+  }
+
+  // Helper function to encode any object to JSON string
+  private encodeJSON<T>(value: T): string {
+    try {
+      const jsonString = JSON.stringify(value)
+      return jsonString
+    } catch (error: any) {
+      return JSON.stringify({
+        error: {
+          id: 'ENCODING_ERROR',
+          message: `Failed to encode JSON: ${error.message}`,
+        },
+      })
+    }
+  }
+
+  private async sendMetrics(
+    metrics: Record<string, number | string | boolean>,
+    apiKey: string,
+  ): Promise<void> {
+    try {
+      if (this.portalApi) {
+        await this.portalApi.post('/api/v3/clients/me/sdk/metrics', {
+          headers: {
+            Authorization: `Bearer ${apiKey}`,
+            'Content-Type': 'application/json',
+          },
+          body: metrics,
+        })
+      }
+    } catch {
+      // No-op
+    }
+  }
+
+  private buildParams = (method: string, txParams: any) => {
+    let params = txParams
+
+    switch (method) {
+      case 'eth_sign':
+      case 'personal_sign':
+      case 'eth_signTypedData_v3':
+      case 'eth_signTypedData_v4':
+      case 'sol_signMessage':
+      case 'sol_signTransaction':
+      case 'sol_signAndSendTransaction':
+      case 'sol_signAndConfirmTransaction':
+        if (!Array.isArray(txParams)) {
+          params = [txParams]
+        }
+        break
+      default:
+        if (Array.isArray(txParams)) {
+          if (txParams.length === 1) {
+            params = txParams[0]
+          }
+        }
+    }
+    return params
+  }
+}
+
+export default EnclaveSigner

package/src/signers/index.ts

@@ -1,2 +1,3 @@
 export { default as Signer } from './abstract'
 export { default as MpcSigner } from './mpc'
+export { default as EnclaveSigner } from './enclave'

package/src/signers/mpc.ts

@@ -189,7 +189,7 @@ class MpcSigner implements Signer {
         }
       }
 
-      if (error?.code > 0) {
+      if (error?.id) {
         throw new PortalMpcError(error)
       }
 

package/types.d.ts

@@ -25,6 +25,7 @@ export interface MpcSignerOptions extends SignerOptions {
   isSimulator?: boolean
   mpcHost?: string
   portalApi?: HttpRequester
+  enclaveMPCHost?: string
   version?: string
   featureFlags?: FeatureFlags
 }
@@ -86,6 +87,7 @@ export interface ProviderOptions {
   autoApprove?: boolean
   apiHost?: string
   mpcHost?: string
+  enclaveMPCHost?: string
   version?: string
   featureFlags?: FeatureFlags
 }
@@ -106,6 +108,30 @@ export interface SignResult {
   S: string
 }
 
+export interface EnclaveSignResult {
+  data?: string
+  error?: {
+    id?: string
+    message?: string
+  }
+}
+
+export interface ProviderOptions {
+  // Required
+  apiKey: string
+  keychain: KeychainAdapter
+  gatewayConfig: GatewayLike
+
+  // Optional
+  autoApprove?: boolean
+  apiHost?: string
+  mpcHost?: string
+  enclaveMPCHost?: string
+  version?: string
+  chainId?: string
+  featureFlags?: FeatureFlags
+}
+
 export interface SignerOptions {}
 
 export interface Eip1559 {
@@ -141,3 +167,22 @@ export interface SigningResponse {
 export interface SwitchEthereumChainParameter {
   chainId: number
 }
+
+export interface EnclaveSignRequest {
+  method: string
+  params: string
+  share: string
+  chainId: string
+  rpcUrl: string
+  metadataStr: string
+  clientPlatform: string
+  clientPlatformVersion: string
+}
+
+export interface EnclaveSignResponse {
+  data: string
+  error?: {
+    id: string
+    message: string
+  }
+}