@rhinestone/sdk 2.0.0-beta.3 → 2.0.0-beta.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (107) hide show
  1. package/dist/src/accounts/error.d.ts +2 -9
  2. package/dist/src/accounts/error.d.ts.map +1 -1
  3. package/dist/src/accounts/error.js +5 -11
  4. package/dist/src/accounts/hca.d.ts +25 -0
  5. package/dist/src/accounts/hca.d.ts.map +1 -0
  6. package/dist/src/accounts/hca.js +145 -0
  7. package/dist/src/accounts/index.d.ts +9 -9
  8. package/dist/src/accounts/index.d.ts.map +1 -1
  9. package/dist/src/accounts/index.js +112 -41
  10. package/dist/src/accounts/kernel.d.ts +1 -2
  11. package/dist/src/accounts/kernel.d.ts.map +1 -1
  12. package/dist/src/accounts/kernel.js +1 -8
  13. package/dist/src/accounts/nexus.d.ts +3 -2
  14. package/dist/src/accounts/nexus.d.ts.map +1 -1
  15. package/dist/src/accounts/nexus.js +33 -8
  16. package/dist/src/accounts/safe.d.ts +1 -2
  17. package/dist/src/accounts/safe.d.ts.map +1 -1
  18. package/dist/src/accounts/safe.js +3 -9
  19. package/dist/src/accounts/signing/common.d.ts +1 -4
  20. package/dist/src/accounts/signing/common.d.ts.map +1 -1
  21. package/dist/src/accounts/signing/common.js +7 -11
  22. package/dist/src/accounts/signing/message.d.ts.map +1 -1
  23. package/dist/src/accounts/signing/message.js +1 -4
  24. package/dist/src/accounts/signing/typedData.d.ts.map +1 -1
  25. package/dist/src/accounts/signing/typedData.js +1 -4
  26. package/dist/src/accounts/startale.d.ts +1 -2
  27. package/dist/src/accounts/startale.d.ts.map +1 -1
  28. package/dist/src/accounts/startale.js +2 -5
  29. package/dist/src/actions/ecdsa.js +5 -5
  30. package/dist/src/actions/index.js +2 -2
  31. package/dist/src/actions/mfa.js +2 -2
  32. package/dist/src/actions/passkeys.js +2 -2
  33. package/dist/src/actions/smart-sessions.d.ts +29 -5
  34. package/dist/src/actions/smart-sessions.d.ts.map +1 -1
  35. package/dist/src/actions/smart-sessions.js +38 -10
  36. package/dist/src/errors/index.d.ts +4 -4
  37. package/dist/src/errors/index.d.ts.map +1 -1
  38. package/dist/src/errors/index.js +6 -6
  39. package/dist/src/execution/error.d.ts +8 -21
  40. package/dist/src/execution/error.d.ts.map +1 -1
  41. package/dist/src/execution/error.js +7 -21
  42. package/dist/src/execution/index.d.ts +17 -17
  43. package/dist/src/execution/index.d.ts.map +1 -1
  44. package/dist/src/execution/index.js +22 -41
  45. package/dist/src/execution/utils.d.ts +15 -11
  46. package/dist/src/execution/utils.d.ts.map +1 -1
  47. package/dist/src/execution/utils.js +279 -75
  48. package/dist/src/index.d.ts +236 -37
  49. package/dist/src/index.d.ts.map +1 -1
  50. package/dist/src/index.js +60 -115
  51. package/dist/src/jwt-server/jcs.d.ts +1 -1
  52. package/dist/src/jwt-server/jcs.js +4 -2
  53. package/dist/src/modules/index.d.ts.map +1 -1
  54. package/dist/src/modules/index.js +0 -5
  55. package/dist/src/modules/read.d.ts +3 -2
  56. package/dist/src/modules/read.d.ts.map +1 -1
  57. package/dist/src/modules/read.js +33 -4
  58. package/dist/src/modules/validators/core.d.ts +5 -5
  59. package/dist/src/modules/validators/core.d.ts.map +1 -1
  60. package/dist/src/modules/validators/core.js +45 -34
  61. package/dist/src/modules/validators/cross-chain-permits.d.ts +11 -0
  62. package/dist/src/modules/validators/cross-chain-permits.d.ts.map +1 -0
  63. package/dist/src/modules/validators/cross-chain-permits.js +76 -0
  64. package/dist/src/modules/validators/permissions.d.ts +1 -0
  65. package/dist/src/modules/validators/permissions.d.ts.map +1 -1
  66. package/dist/src/modules/validators/permissions.js +162 -17
  67. package/dist/src/modules/validators/policies/claim/arbiters.d.ts +22 -0
  68. package/dist/src/modules/validators/policies/claim/arbiters.d.ts.map +1 -0
  69. package/dist/src/modules/validators/policies/claim/arbiters.js +57 -0
  70. package/dist/src/modules/validators/smart-sessions.d.ts +38 -9
  71. package/dist/src/modules/validators/smart-sessions.d.ts.map +1 -1
  72. package/dist/src/modules/validators/smart-sessions.js +509 -92
  73. package/dist/src/orchestrator/caip2.d.ts +9 -3
  74. package/dist/src/orchestrator/caip2.d.ts.map +1 -1
  75. package/dist/src/orchestrator/caip2.js +40 -5
  76. package/dist/src/orchestrator/client.d.ts.map +1 -1
  77. package/dist/src/orchestrator/client.js +44 -21
  78. package/dist/src/orchestrator/consts.d.ts +1 -1
  79. package/dist/src/orchestrator/consts.d.ts.map +1 -1
  80. package/dist/src/orchestrator/consts.js +1 -1
  81. package/dist/src/orchestrator/destinations.d.ts +24 -0
  82. package/dist/src/orchestrator/destinations.d.ts.map +1 -0
  83. package/dist/src/orchestrator/destinations.js +55 -0
  84. package/dist/src/orchestrator/error.d.ts +87 -4
  85. package/dist/src/orchestrator/error.d.ts.map +1 -1
  86. package/dist/src/orchestrator/error.js +237 -3
  87. package/dist/src/orchestrator/index.d.ts +6 -5
  88. package/dist/src/orchestrator/index.d.ts.map +1 -1
  89. package/dist/src/orchestrator/index.js +4 -3
  90. package/dist/src/orchestrator/registry.d.ts +2 -1
  91. package/dist/src/orchestrator/registry.d.ts.map +1 -1
  92. package/dist/src/orchestrator/registry.js +13 -0
  93. package/dist/src/orchestrator/types.d.ts +114 -28
  94. package/dist/src/orchestrator/types.d.ts.map +1 -1
  95. package/dist/src/orchestrator/types.js +1 -5
  96. package/dist/src/smart-sessions/index.d.ts +5 -0
  97. package/dist/src/smart-sessions/index.d.ts.map +1 -0
  98. package/dist/src/smart-sessions/index.js +6 -0
  99. package/dist/src/types.d.ts +298 -29
  100. package/dist/src/types.d.ts.map +1 -1
  101. package/dist/src/utils/index.d.ts +59 -0
  102. package/dist/src/utils/index.d.ts.map +1 -1
  103. package/dist/src/utils/index.js +59 -0
  104. package/package.json +4 -8
  105. package/dist/src/actions/recovery.d.ts +0 -33
  106. package/dist/src/actions/recovery.d.ts.map +0 -1
  107. package/dist/src/actions/recovery.js +0 -189
@@ -1,20 +1,22 @@
1
1
  import { concat, createPublicClient, createWalletClient, encodeAbiParameters, encodePacked, hashDomain, hashMessage, hashStruct, hashTypedData, isAddress, keccak256, publicActions, toHex, } from 'viem';
2
2
  import { entryPoint07Address, getUserOperationHash, } from 'viem/account-abstraction';
3
3
  import { wrapTypedDataSignature } from 'viem/experimental/erc7739';
4
- import { EoaAccountMustHaveAccountError, EoaSigningMethodNotConfiguredError, FactoryArgsNotAvailableError, getAccountProvider, getAddress, getEip712Domain, getEip1271Signature, getEip7702InitCall, getEmissarySignature, getGuardianSmartAccount, getInitCode, getSmartAccount, getTypedDataPackedSignature, is7702, toErc6492Signature, } from '../accounts/index.js';
4
+ import { EoaAccountMustHaveAccountError, EoaSigningMethodNotConfiguredError, FactoryArgsNotAvailableError, getAccountProvider, getAddress, getEip712Domain, getEip1271Signature, getEip7702InitCall, getEmissarySignature, getInitCode, getSmartAccount, getTypedDataPackedSignature, is7702, toErc6492Signature, } from '../accounts/index.js';
5
5
  import { convertOwnerSetToSignerSet } from '../accounts/signing/common.js';
6
6
  import { K1_DEFAULT_VALIDATOR_ADDRESS } from '../accounts/startale.js';
7
7
  import { createTransport, getBundlerClient, } from '../accounts/utils.js';
8
8
  import { createAuthProvider } from '../auth/provider.js';
9
9
  import { buildMockSignature, DUMMY_PRECLAIMOP_SELECTOR, DUMMY_PRECLAIMOP_TARGET, getOwnerValidator, getPermissionId, getSmartSessionValidator, isSessionEnabled, } from '../modules/validators/index.js';
10
- import { getMultiFactorValidator, getSocialRecoveryValidator, getWebAuthnValidator, supportsEip712, } from '../modules/validators/core.js';
10
+ import { getMultiFactorValidator, getWebAuthnValidator, supportsEip712, } from '../modules/validators/core.js';
11
11
  import { buildPermit2ClaimPolicyCalldata, } from '../modules/validators/policies/claim/permit2.js';
12
- import { resolvePermit2ClaimPolicy, } from '../modules/validators/smart-sessions.js';
12
+ import { resolvePermit2ClaimPolicy, selectPermit2ClaimPolicyForMessage, } from '../modules/validators/smart-sessions.js';
13
13
  import { getOrchestrator, } from '../orchestrator/index.js';
14
+ import { isNonEvmChainId, toCaip2 } from '../orchestrator/caip2.js';
15
+ import { getChainId, isNonEvmChain, } from '../orchestrator/destinations.js';
14
16
  import { getChainById, getTokenAddress, resolveTokenAddress, } from '../orchestrator/registry.js';
15
- import { SIG_MODE_EMISSARY_EXECUTION_ERC1271, SIG_MODE_ERC1271_EMISSARY, } from '../orchestrator/types.js';
17
+ import { SIG_MODE_EMISSARY_EXECUTION_ERC1271, SIG_MODE_ERC1271, } from '../orchestrator/types.js';
16
18
  import { convertBigIntFields } from '../orchestrator/utils.js';
17
- import { Eip7702InitSignatureRequiredError, QuoteNotInPreparedTransactionError, SignerNotSupportedError, } from './error.js';
19
+ import { Eip7702InitSignatureRequiredError, InvalidSourceCallsError, QuoteNotInPreparedTransactionError, } from './error.js';
18
20
  function isResolvedSessionSignerSet(signers) {
19
21
  return (signers?.type === 'experimental_session' && 'verifyExecutions' in signers);
20
22
  }
@@ -25,16 +27,61 @@ async function resolveSignersForChain(config, signers, chainId) {
25
27
  const resolved = resolveSessionForChain(signers, chainId);
26
28
  const enabled = await isSessionEnabled(getAddress(config), config.provider, resolved.session, config.useDevContracts);
27
29
  const enableData = enabled ? undefined : resolved.enableData;
28
- const verifyExecutions = resolved.verifyExecutions ??
29
- signers.verifyExecutions ??
30
- resolved.session.hasExplicitPermissions;
31
30
  return {
32
31
  type: 'experimental_session',
33
32
  session: resolved.session,
34
33
  enableData,
35
- verifyExecutions,
34
+ // First use of any session must go through the emissary's verifyExecution
35
+ // path: that's the only mechanism that consumes enableData + calls setConfig
36
+ // to install the session on-chain. Once installed, steady-state signing can
37
+ // drop to mode 1 unless the session has explicit permissions to enforce.
38
+ verifyExecutions: !enabled || resolved.session.hasExplicitPermissions,
36
39
  };
37
40
  }
41
+ // Picks the single signature mode that matches the bytes shape the SDK will
42
+ // actually sign, so the on-chain dispatcher hits the right validator on the
43
+ // first try instead of falling through a hybrid.
44
+ async function resolveSignatureMode(config, signers, sourceChains, targetChainId,
45
+ // Optional pre-resolved per-chain signer sets. When supplied, reuse them
46
+ // instead of resolving again — each resolveSignersForChain does an
47
+ // isSessionEnabled RPC, so sharing one map across mockSignatures, sigMode, and
48
+ // preClaim avoids duplicate calls per intent. The map also defines *which*
49
+ // chains carry a session: the caller omits a non-EVM target (it has no session
50
+ // validator), so deriving the chain set from the map's keys keeps us from
51
+ // resolving — and throwing on — a target with no configured session.
52
+ preResolved) {
53
+ if (config.account?.type === 'eoa') {
54
+ return SIG_MODE_ERC1271;
55
+ }
56
+ if (signers?.type !== 'experimental_session') {
57
+ return SIG_MODE_ERC1271;
58
+ }
59
+ const chainIds = preResolved
60
+ ? [...preResolved.keys()]
61
+ : [...new Set([...(sourceChains ?? []).map((c) => c.id), targetChainId])];
62
+ const resolvedSet = await Promise.all(chainIds.map((chainId) =>
63
+ // Use has() not `?? resolve` so a cached `undefined` entry is still reused
64
+ // (get() can't distinguish "missing key" from "present but undefined").
65
+ preResolved?.has(chainId)
66
+ ? preResolved.get(chainId)
67
+ : resolveSignersForChain(config, signers, chainId)));
68
+ let anyVerifyExecutions = false;
69
+ for (const resolved of resolvedSet) {
70
+ if (!isResolvedSessionSignerSet(resolved)) {
71
+ return SIG_MODE_ERC1271;
72
+ }
73
+ // Conservative: one chain with verifyExecutions=true forces mode 5 across
74
+ // all origin signatures — a single mode field can't describe divergence.
75
+ if (resolved.verifyExecutions)
76
+ anyVerifyExecutions = true;
77
+ }
78
+ // Mode 4 (pure emissary-execution) is unused: signIntentTypedData always
79
+ // emits a dual sig for the intent's origin/destination signatures when
80
+ // verifyExecutions=true, so mode 5 is the right hybrid.
81
+ return anyVerifyExecutions
82
+ ? SIG_MODE_EMISSARY_EXECUTION_ERC1271
83
+ : SIG_MODE_ERC1271;
84
+ }
38
85
  function resolveSessionForChain(signers, chainId) {
39
86
  if ('sessions' in signers) {
40
87
  const config = signers.sessions[chainId];
@@ -46,13 +93,23 @@ function resolveSessionForChain(signers, chainId) {
46
93
  return { session: signers.session, enableData: signers.enableData };
47
94
  }
48
95
  async function prepareTransaction(config, transaction) {
49
- const { sourceChains, targetChain, tokenRequests, signers, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, auxiliaryFunds, account, recipient, } = getTransactionParams(transaction);
96
+ const { sourceChains, targetChain, tokenRequests, signers, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, auxiliaryFunds, appFees, account, recipient, sourceCalls, } = getTransactionParams(transaction);
50
97
  const accountAddress = getAddress(config);
51
- const isUserOpSigner = signers?.type === 'guardians';
52
- if (isUserOpSigner) {
53
- throw new SignerNotSupportedError();
98
+ // Destination calls (transaction.calls on a cross-chain transaction) are
99
+ // executed on the destination chain by the solver/account. For non-EVM
100
+ // destinations we can't resolve arbitrary EVM calls; assert there are
101
+ // none and route an empty list through.
102
+ let resolvedCalls;
103
+ if (isNonEvmChain(targetChain)) {
104
+ if (transaction.calls && transaction.calls.length > 0) {
105
+ throw new Error(`Destination calls are not supported for non-EVM target chain ${targetChain.name} (${targetChain.caip2})`);
106
+ }
107
+ resolvedCalls = [];
54
108
  }
55
- const prepared = await prepareTransactionAsIntent(config, sourceChains, targetChain, await resolveCallInputs(transaction.calls, config, targetChain, accountAddress), transaction.gasLimit, tokenRequests, recipient, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, auxiliaryFunds, account, signers);
109
+ else {
110
+ resolvedCalls = await resolveCallInputs(transaction.calls, config, targetChain, accountAddress);
111
+ }
112
+ const prepared = await prepareTransactionAsIntent(config, sourceChains, targetChain, resolvedCalls, transaction.gasLimit, tokenRequests, recipient, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, auxiliaryFunds, account, signers, sourceCalls, appFees);
56
113
  return {
57
114
  quotes: prepared.quotes,
58
115
  intentInput: prepared.intentInput,
@@ -131,6 +188,11 @@ async function getTargetExecutionSignature(config, signData, targetChain, signer
131
188
  if (!signData.targetExecution) {
132
189
  return undefined;
133
190
  }
191
+ // Target executions are EVM-only (smart-session validator on destination).
192
+ // Non-EVM destinations don't have a validator there to verify the sig.
193
+ if (isNonEvmChain(targetChain)) {
194
+ return undefined;
195
+ }
134
196
  const resolvedSigners = await resolveSignersForChain(config, signers, targetChain.id);
135
197
  if (!isResolvedSessionSignerSet(resolvedSigners) ||
136
198
  !resolvedSigners.verifyExecutions) {
@@ -266,10 +328,16 @@ async function signAuthorizationsInternal(config, context) {
266
328
  }
267
329
  const accountAddress = getAddress(config);
268
330
  const { contract: eip7702Contract } = getEip7702InitCall(config, eip7702InitSignature);
331
+ // EIP-7702 authorization is EVM-only — there's no contract to delegate
332
+ // to on Solana / Tron. Skip the destination chain entirely when it's
333
+ // non-EVM; source chains are always EVM by construction.
269
334
  const chains = new Map();
270
- for (const chain of [...(context.sourceChains ?? []), context.targetChain]) {
335
+ for (const chain of context.sourceChains ?? []) {
271
336
  chains.set(chain.id, chain);
272
337
  }
338
+ if (!isNonEvmChain(context.targetChain)) {
339
+ chains.set(context.targetChain.id, context.targetChain);
340
+ }
273
341
  const authorizations = [];
274
342
  for (const chain of chains.values()) {
275
343
  const walletClient = createWalletClient({
@@ -316,8 +384,10 @@ function getTransactionParams(transaction) {
316
384
  const sourceAssets = transaction.sourceAssets;
317
385
  const feeAsset = transaction.feeAsset;
318
386
  const auxiliaryFunds = transaction.auxiliaryFunds;
387
+ const appFees = transaction.appFees;
319
388
  const account = transaction.experimental_accountOverride;
320
389
  const recipient = transaction.recipient;
390
+ const sourceCalls = transaction.sourceCalls;
321
391
  const tokenRequests = getTokenRequests(targetChain, initialTokenRequests);
322
392
  return {
323
393
  sourceChains,
@@ -331,13 +401,22 @@ function getTransactionParams(transaction) {
331
401
  sourceAssets,
332
402
  feeAsset,
333
403
  auxiliaryFunds,
404
+ appFees,
334
405
  account,
335
406
  recipient,
407
+ sourceCalls,
336
408
  };
337
409
  }
338
410
  function getTokenRequests(targetChain, initialTokenRequests) {
339
- if (initialTokenRequests) {
340
- validateTokenSymbols(targetChain, initialTokenRequests.map((tokenRequest) => tokenRequest.address));
411
+ // Non-EVM destinations carry SPL mint / Tron T-prefixed addresses that
412
+ // aren't valid 0x-hex; skip symbol/EVM-address validation here and let
413
+ // the orchestrator validate per its own schema. EVM destinations keep
414
+ // the existing strict check so a typo on Optimism still fails fast.
415
+ if (initialTokenRequests && !isNonEvmChain(targetChain)) {
416
+ // Inside this branch targetChain is a viem `Chain`, which excludes the
417
+ // non-EVM transaction variant — token requests are EVM-typed here.
418
+ const evmRequests = initialTokenRequests;
419
+ validateTokenSymbols(targetChain, evmRequests.map((tokenRequest) => tokenRequest.address));
341
420
  }
342
421
  return initialTokenRequests ?? [];
343
422
  }
@@ -386,12 +465,46 @@ function getIntentAccount(config, eip7702InitSignature, account) {
386
465
  delegations,
387
466
  };
388
467
  }
389
- async function prepareTransactionAsIntent(config, sourceChains, targetChain, callInputs, gasLimit, tokenRequests, recipientInput, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, auxiliaryFunds, account, signers) {
390
- const calls = parseCalls(callInputs, targetChain.id);
468
+ function cloneAuxiliaryFunds(auxiliaryFunds) {
469
+ if (!auxiliaryFunds)
470
+ return undefined;
471
+ return Object.fromEntries(Object.entries(auxiliaryFunds).map(([chainId, funds]) => [
472
+ Number(chainId),
473
+ { ...funds },
474
+ ]));
475
+ }
476
+ function toCallInput(sourceCall) {
477
+ const { provides: _provides, ...call } = sourceCall;
478
+ return call;
479
+ }
480
+ function addProvidedFunds(auxiliaryFunds, chainId, calls) {
481
+ let next = auxiliaryFunds;
482
+ for (const call of calls) {
483
+ for (const provided of call.provides ?? []) {
484
+ next ??= {};
485
+ next[chainId] ??= {};
486
+ const token = provided.token;
487
+ next[chainId][token] = (next[chainId][token] ?? 0n) + provided.amount;
488
+ }
489
+ }
490
+ return next;
491
+ }
492
+ async function prepareTransactionAsIntent(config, sourceChains, targetChain, callInputs, gasLimit, tokenRequests, recipientInput, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, auxiliaryFunds, account, signers, sourceCalls, appFees) {
493
+ const targetChainId = getChainId(targetChain);
494
+ const calls = parseCalls(callInputs, targetChainId);
391
495
  const accountAccessList = createAccountAccessList(sourceChains, sourceAssets);
392
496
  function getRecipient(recipient) {
393
497
  if (typeof recipient === 'string') {
394
- // Passed as an address, assume it's an EOA
498
+ // Non-EVM-addressed recipients (Solana base58 / Tron T-prefix) carry no
499
+ // EVM smart-account semantics; the orchestrator schema requires
500
+ // accountType / setupOps to be unset. Emit just the address. HyperCore
501
+ // is EVM-addressed (eip155:1337) so it falls through to the EOA
502
+ // passthrough below — the orchestrator's HyperCore gate requires
503
+ // accountType: 'EOA'.
504
+ if (isNonEvmChainId(targetChainId)) {
505
+ return { address: recipient };
506
+ }
507
+ // EVM (and HyperCore) passthrough — assume EOA.
395
508
  return {
396
509
  address: recipient,
397
510
  accountType: 'EOA',
@@ -404,25 +517,65 @@ async function prepareTransactionAsIntent(config, sourceChains, targetChain, cal
404
517
  }
405
518
  return getIntentAccount(recipient, eip7702InitSignature, account);
406
519
  }
520
+ // Resolve per-chain signer state once (each resolveSignersForChain does an
521
+ // isSessionEnabled RPC) and reuse it for mock signatures, the signature mode,
522
+ // and preClaim ops. Exclude a non-EVM destination — it has no session
523
+ // validator, so resolving it would waste an RPC (or throw for per-chain
524
+ // session signers). resolveSignatureMode derives its chain set from this map's
525
+ // keys, so the excluded non-EVM target is never resolved there either.
526
+ const sessionChainIds = [
527
+ ...new Set([
528
+ ...(sourceChains ?? []).map((c) => c.id),
529
+ ...(isNonEvmChain(targetChain) ? [] : [targetChainId]),
530
+ ]),
531
+ ];
532
+ const resolvedByChain = signers?.type === 'experimental_session'
533
+ ? new Map(await Promise.all(sessionChainIds.map(async (chainId) => [
534
+ chainId,
535
+ await resolveSignersForChain(config, signers, chainId),
536
+ ])))
537
+ : undefined;
538
+ // Per-chain mock signatures: enables accurate per-chain session validation gas
539
+ // simulation. Non-EVM destinations are excluded — they have no destination-side
540
+ // session validator. Each chain's mock sig carries that chain's own resolved
541
+ // shape (ENABLE / USE / ERC-1271). Note these are per-chain and may differ in
542
+ // shape, whereas `signatureMode` (below) is a single global value resolved
543
+ // conservatively (anyVerifyExecutions across chains → mode 5) — so in mixed
544
+ // states a chain's mock shape need not match the global signatureMode.
545
+ let mockSignatures;
546
+ if (resolvedByChain) {
547
+ const entries = [...resolvedByChain.entries()].flatMap(([chainId, resolved]) => {
548
+ // resolvedByChain is keyed by sessionChainIds, which already excludes a
549
+ // non-EVM target — so no per-entry target guard is needed here.
550
+ if (!isResolvedSessionSignerSet(resolved))
551
+ return [];
552
+ // Match the mock shape to what the real sig will be: ERC-1271 when not
553
+ // verifying executions; otherwise ENABLE if the session still needs
554
+ // installing (enableData present), else USE (already enabled, e.g.
555
+ // explicit permissions — its real sig is MODE_USE with no enableData).
556
+ const shape = !resolved.verifyExecutions
557
+ ? 'erc1271'
558
+ : resolved.enableData !== undefined
559
+ ? 'enable'
560
+ : 'use';
561
+ return [
562
+ [
563
+ String(chainId),
564
+ buildMockSignature(resolved.session, config.useDevContracts, sourceChains?.length ?? 1, chainId, shape),
565
+ ],
566
+ ];
567
+ });
568
+ // Leave mockSignatures undefined (not {}) when there are no eligible chains,
569
+ // so downstream consumers can treat presence as "per-chain sigs provided".
570
+ if (entries.length > 0)
571
+ mockSignatures = Object.fromEntries(entries);
572
+ }
407
573
  const intentAccount = {
408
574
  ...getIntentAccount(config, eip7702InitSignature, account),
409
- ...(signers?.type === 'experimental_session' && {
410
- // Per-chain map: enables accurate per-chain session validation gas simulation
411
- mockSignatures: Object.fromEntries([
412
- ...new Set([
413
- ...(sourceChains ?? []).map((c) => c.id),
414
- targetChain.id,
415
- ]),
416
- ].map((chainId) => [
417
- String(chainId),
418
- buildMockSignature(resolveSessionForChain(signers, chainId).session, config.useDevContracts, sourceChains?.length ?? 1, chainId),
419
- ])),
420
- }),
575
+ ...(mockSignatures && { mockSignatures }),
421
576
  };
422
577
  const recipient = getRecipient(recipientInput);
423
- const signatureMode = signers?.type === 'experimental_session'
424
- ? SIG_MODE_EMISSARY_EXECUTION_ERC1271
425
- : SIG_MODE_ERC1271_EMISSARY;
578
+ const signatureMode = await resolveSignatureMode(config, signers, sourceChains, targetChainId, resolvedByChain);
426
579
  // For session signers that need enabling, pass a dummy preclaimop per source chain
427
580
  // so the orchestrator bakes it into the bundle before computing its HMAC. The filler
428
581
  // executes the op via verifyExecution in ENABLE mode, enabling the session on-chain
@@ -430,11 +583,11 @@ async function prepareTransactionAsIntent(config, sourceChains, targetChain, cal
430
583
  // post-facto — because the orchestrator HMAC covers preClaimOps.
431
584
  const preClaimExecutions = {};
432
585
  if (signers?.type === 'experimental_session' && sourceChains) {
433
- const resolvedPerChain = await Promise.all(sourceChains.map(async (chain) => ({
434
- chainId: chain.id,
435
- resolved: await resolveSignersForChain(config, signers, chain.id),
436
- })));
437
- for (const { chainId, resolved } of resolvedPerChain) {
586
+ // Reuse the shared per-chain resolution (source chains are a subset of
587
+ // sessionChainIds) instead of resolving — and re-doing isSessionEnabled — again.
588
+ for (const chain of sourceChains) {
589
+ const chainId = chain.id;
590
+ const resolved = resolvedByChain?.get(chainId);
438
591
  if (!isResolvedSessionSignerSet(resolved))
439
592
  continue;
440
593
  const { enableData, verifyExecutions } = resolved;
@@ -449,10 +602,40 @@ async function prepareTransactionAsIntent(config, sourceChains, targetChain, cal
449
602
  ];
450
603
  }
451
604
  }
605
+ let combinedAuxiliaryFunds = cloneAuxiliaryFunds(auxiliaryFunds);
606
+ if (sourceCalls) {
607
+ const accountAddress = getAddress(config);
608
+ const allowedChainIds = new Set([
609
+ ...(sourceChains ?? []).map((c) => c.id),
610
+ ...(!isNonEvmChain(targetChain) ? [targetChainId] : []),
611
+ ]);
612
+ for (const [chainIdStr, calls] of Object.entries(sourceCalls)) {
613
+ const chainId = Number(chainIdStr);
614
+ if (!allowedChainIds.has(chainId)) {
615
+ throw new InvalidSourceCallsError({ chainId });
616
+ }
617
+ const chain = sourceChains?.find((c) => c.id === chainId) ??
618
+ (!isNonEvmChain(targetChain) && targetChainId === chainId
619
+ ? targetChain
620
+ : undefined);
621
+ if (!chain) {
622
+ throw new InvalidSourceCallsError({ chainId });
623
+ }
624
+ combinedAuxiliaryFunds = addProvidedFunds(combinedAuxiliaryFunds, chainId, calls);
625
+ const resolved = await resolveCallInputs(calls.map(toCallInput), config, chain, accountAddress);
626
+ const userExecutions = parseCalls(resolved, chainId);
627
+ if (userExecutions.length === 0)
628
+ continue;
629
+ preClaimExecutions[chainId] = [
630
+ ...(preClaimExecutions[chainId] ?? []),
631
+ ...userExecutions,
632
+ ];
633
+ }
634
+ }
452
635
  const metaIntent = {
453
- destinationChainId: targetChain.id,
636
+ destinationChainId: targetChainId,
454
637
  tokenRequests: tokenRequests.map((tokenRequest) => ({
455
- tokenAddress: resolveTokenAddress(tokenRequest.address, targetChain.id),
638
+ tokenAddress: resolveTokenAddress(tokenRequest.address, targetChainId),
456
639
  amount: tokenRequest.amount,
457
640
  })),
458
641
  recipient,
@@ -477,19 +660,20 @@ async function prepareTransactionAsIntent(config, sourceChains, targetChain, cal
477
660
  : undefined,
478
661
  settlementLayers,
479
662
  signatureMode,
480
- auxiliaryFunds,
663
+ auxiliaryFunds: combinedAuxiliaryFunds,
664
+ appFees,
481
665
  },
482
666
  ...(Object.keys(preClaimExecutions).length > 0 && { preClaimExecutions }),
483
667
  };
484
668
  const serializedIntent = convertBigIntFields(metaIntent);
485
669
  const orchestrator = getOrchestrator(config._authProvider ?? createAuthProvider(config), config.endpointUrl, config.headers);
486
- const { routes } = await orchestrator.createQuote(metaIntent);
670
+ const { routes, traceId } = await orchestrator.createQuote(metaIntent);
487
671
  const best = routes[0];
488
672
  if (!best) {
489
673
  throw new Error('Orchestrator returned no quote');
490
674
  }
491
675
  return {
492
- quotes: { best, all: routes },
676
+ quotes: { traceId, best, all: routes },
493
677
  intentInput: serializedIntent,
494
678
  };
495
679
  }
@@ -529,7 +713,14 @@ async function signIntent(config, signData, targetChain, signers, targetExecutio
529
713
  const signature = await signIntentTypedData(config, originSigners, validator, isRoot, typedData, chain, targetExecution ?? false);
530
714
  originSignatures.push(signature);
531
715
  }
532
- const destinationSigners = await resolveSignersForChain(config, signers, targetChain.id);
716
+ // Non-EVM destinations have no destination-side validator, so there's no
717
+ // session to resolve and no signer to derive. Skipping here matters for
718
+ // per-chain experimental sessions: `resolveSessionForChain` would throw
719
+ // `No session configured for chain {synthetic-id}` since users never
720
+ // configure a session keyed by the synthetic Solana/Tron chain id.
721
+ const destinationSigners = isNonEvmChain(targetChain)
722
+ ? undefined
723
+ : await resolveSignersForChain(config, signers, targetChain.id);
533
724
  const destinationSignature = await getDestinationSignature(config, destinationSigners, validator, isRoot, targetChain, destination, originSignatures, targetExecution ?? false);
534
725
  return {
535
726
  originSignatures,
@@ -537,18 +728,25 @@ async function signIntent(config, signData, targetChain, signers, targetExecutio
537
728
  };
538
729
  }
539
730
  async function getDestinationSignature(config, signers, validator, isRoot, targetChain, destination, originSignatures, targetExecution) {
540
- // Smart sessions require a separate destination signature because the
541
- // session enable data differs per chain
542
- if (signers?.type === 'experimental_session') {
543
- return await signDestinationSeparately(config, signers, validator, isRoot, targetChain, destination, targetExecution);
544
- }
545
- // ERC-7739 with K1 validator requires a separate destination signature because
546
- // the account's eip712Domain() returns the target chain's chainId, which differs
547
- // from the origin chain used for the last origin signature
548
- const isK1Validator = validator.address.toLowerCase() ===
549
- K1_DEFAULT_VALIDATOR_ADDRESS.toLowerCase();
550
- if (isK1Validator && supportsEip712(validator)) {
551
- return await signDestinationSeparately(config, signers, validator, isRoot, targetChain, destination, targetExecution);
731
+ // Non-EVM destinations have no destination-side validator, no
732
+ // eip712Domain(), no smart session enable data. Settlement is solver-
733
+ // mediated on the orchestrator side and the origin signatures alone
734
+ // authorize the bundle. Fall through to the "reuse last origin sig"
735
+ // branch instead of trying to sign on Solana / Tron.
736
+ if (!isNonEvmChain(targetChain)) {
737
+ // Smart sessions require a separate destination signature because the
738
+ // session enable data differs per chain
739
+ if (signers?.type === 'experimental_session') {
740
+ return await signDestinationSeparately(config, signers, validator, isRoot, targetChain, destination, targetExecution);
741
+ }
742
+ // ERC-7739 with K1 validator requires a separate destination signature because
743
+ // the account's eip712Domain() returns the target chain's chainId, which differs
744
+ // from the origin chain used for the last origin signature
745
+ const isK1Validator = validator.address.toLowerCase() ===
746
+ K1_DEFAULT_VALIDATOR_ADDRESS.toLowerCase();
747
+ if (isK1Validator && supportsEip712(validator)) {
748
+ return await signDestinationSeparately(config, signers, validator, isRoot, targetChain, destination, targetExecution);
749
+ }
552
750
  }
553
751
  const lastOriginSignature = originSignatures.at(-1);
554
752
  return typeof lastOriginSignature === 'object'
@@ -628,7 +826,17 @@ function resolveClaimPolicyData(signers, parameters) {
628
826
  typeof msg.deadline !== 'bigint') {
629
827
  return undefined;
630
828
  }
631
- return buildPermit2ClaimPolicyCalldata(resolvePermit2ClaimPolicy(signers.session.claimPolicies[0]), parameters.message);
829
+ const message = parameters.message;
830
+ // A session may carry several claim policies (a user policy plus one or
831
+ // more synthesized cross-chain permits). The on-chain emissary validates
832
+ // against the policy that matches this Permit2 message, and the calldata
833
+ // layout is policy-specific — so we must build it from the matching policy,
834
+ // not blindly `claimPolicies[0]`.
835
+ const claimPolicy = selectPermit2ClaimPolicyForMessage(signers.session.claimPolicies, message);
836
+ if (!claimPolicy) {
837
+ return undefined;
838
+ }
839
+ return buildPermit2ClaimPolicyCalldata(resolvePermit2ClaimPolicy(claimPolicy), message);
632
840
  }
633
841
  async function signIntentTypedData(config, signers, validator, isRoot, parameters, chain, targetExecution) {
634
842
  if (supportsEip712(validator)) {
@@ -757,7 +965,7 @@ async function submitIntentInternal(config, sourceChains, targetChain, quote, or
757
965
  ...(authorizations.length > 0 && {
758
966
  authorizations: {
759
967
  sponsor: authorizations.map((authorization) => ({
760
- chainId: authorization.chainId,
968
+ chainId: toCaip2(authorization.chainId),
761
969
  address: authorization.address,
762
970
  nonce: authorization.nonce,
763
971
  yParity: authorization.yParity ?? 0,
@@ -774,8 +982,9 @@ async function submitIntentInternal(config, sourceChains, targetChain, quote, or
774
982
  return {
775
983
  type: 'intent',
776
984
  id: response.intentId,
985
+ traceId: response.traceId,
777
986
  sourceChains: sourceChains?.map((chain) => chain.id),
778
- targetChain: targetChain.id,
987
+ targetChain: getChainId(targetChain),
779
988
  };
780
989
  }
781
990
  async function getValidatorAccount(config, signers, publicClient, chain) {
@@ -787,13 +996,7 @@ async function getValidatorAccount(config, signers, publicClient, chain) {
787
996
  if (withOwner) {
788
997
  return getSmartAccount(config, publicClient, chain);
789
998
  }
790
- const withGuardians = signers.type === 'guardians' ? signers : null;
791
- return withGuardians
792
- ? await getGuardianSmartAccount(config, publicClient, chain, {
793
- type: 'ecdsa',
794
- accounts: withGuardians.guardians,
795
- })
796
- : null;
999
+ return null;
797
1000
  }
798
1001
  function getValidator(config, signers) {
799
1002
  if (!signers) {
@@ -824,15 +1027,12 @@ function getValidator(config, signers) {
824
1027
  if (withSession) {
825
1028
  return getSmartSessionValidator(config);
826
1029
  }
827
- // Guardians (social recovery)
828
- const withGuardians = signers.type === 'guardians' ? signers : null;
829
- if (withGuardians) {
830
- return getSocialRecoveryValidator(withGuardians.guardians);
831
- }
832
1030
  // Fallback
833
1031
  return undefined;
834
1032
  }
835
1033
  function parseCalls(calls, chainId) {
1034
+ // Destination calls only run on EVM chains (non-EVM destinations reject
1035
+ // calls upstream), so the resolved `to` is always a viem `Address` here.
836
1036
  return calls.map((call) => ({
837
1037
  data: call.data ?? '0x',
838
1038
  value: call.value ?? 0n,
@@ -852,6 +1052,8 @@ function createAccountAccessList(sourceChains, sourceAssets) {
852
1052
  const chainTokenAmounts = {};
853
1053
  for (const config of sourceAssets) {
854
1054
  const chainId = config.chain.id;
1055
+ // Source assets live on viem `Chain`s, which are always EVM, so the
1056
+ // resolved value is a viem `Address`.
855
1057
  const tokenAddress = resolveTokenAddress(config.address, config.chain.id);
856
1058
  if (config.amount !== undefined) {
857
1059
  if (!chainTokenAmounts[chainId])
@@ -999,7 +1201,9 @@ function hashErc7739TypedDataForSolady({ domain, types, primaryType, message, ve
999
1201
  deps.delete(primary);
1000
1202
  const sorted = [primary, ...Array.from(deps).sort()];
1001
1203
  return sorted
1002
- .map((t) => `${t}(${allTypes[t].map((f) => `${f.type} ${f.name}`).join(',')})`)
1204
+ .map((t) => `${t}(${allTypes[t]
1205
+ .map((f) => `${f.type} ${f.name}`)
1206
+ .join(',')})`)
1003
1207
  .join('');
1004
1208
  }
1005
1209
  const contentsType = encodeTypeString(primaryType, types);
@@ -1051,4 +1255,4 @@ function hashErc7739TypedDataForSolady({ domain, types, primaryType, message, ve
1051
1255
  // Final hash: keccak256("\x19\x01" || appDomainSep || structHash)
1052
1256
  return keccak256(concat(['0x1901', appDomainSeparator, structHash]));
1053
1257
  }
1054
- export { prepareTransaction, getTransactionMessages, signTransaction, signAuthorizations, signAuthorizationsInternal, signMessage, signTypedData, submitTransaction, prepareUserOperation, signUserOperation, submitUserOperation, signIntent, prepareTransactionAsIntent, submitIntentInternal, getValidatorAccount, parseCalls, getTokenRequests, resolveCallInputs, getIntentAccount, getTargetExecutionSignature, hashErc7739TypedDataForSolady, resolveSessionForChain, };
1258
+ export { prepareTransaction, getTransactionMessages, signTransaction, signAuthorizations, signAuthorizationsInternal, signMessage, signTypedData, submitTransaction, prepareUserOperation, signUserOperation, submitUserOperation, signIntent, prepareTransactionAsIntent, submitIntentInternal, getValidatorAccount, parseCalls, getTokenRequests, resolveCallInputs, getIntentAccount, getTargetExecutionSignature, hashErc7739TypedDataForSolady, resolveSessionForChain, resolveSignatureMode, };