@rhinestone/sdk 2.0.0-beta.3 → 2.0.0-beta.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (107) hide show
  1. package/dist/src/accounts/error.d.ts +2 -9
  2. package/dist/src/accounts/error.d.ts.map +1 -1
  3. package/dist/src/accounts/error.js +5 -11
  4. package/dist/src/accounts/hca.d.ts +25 -0
  5. package/dist/src/accounts/hca.d.ts.map +1 -0
  6. package/dist/src/accounts/hca.js +145 -0
  7. package/dist/src/accounts/index.d.ts +9 -9
  8. package/dist/src/accounts/index.d.ts.map +1 -1
  9. package/dist/src/accounts/index.js +112 -41
  10. package/dist/src/accounts/kernel.d.ts +1 -2
  11. package/dist/src/accounts/kernel.d.ts.map +1 -1
  12. package/dist/src/accounts/kernel.js +1 -8
  13. package/dist/src/accounts/nexus.d.ts +3 -2
  14. package/dist/src/accounts/nexus.d.ts.map +1 -1
  15. package/dist/src/accounts/nexus.js +33 -8
  16. package/dist/src/accounts/safe.d.ts +1 -2
  17. package/dist/src/accounts/safe.d.ts.map +1 -1
  18. package/dist/src/accounts/safe.js +3 -9
  19. package/dist/src/accounts/signing/common.d.ts +1 -4
  20. package/dist/src/accounts/signing/common.d.ts.map +1 -1
  21. package/dist/src/accounts/signing/common.js +7 -11
  22. package/dist/src/accounts/signing/message.d.ts.map +1 -1
  23. package/dist/src/accounts/signing/message.js +1 -4
  24. package/dist/src/accounts/signing/typedData.d.ts.map +1 -1
  25. package/dist/src/accounts/signing/typedData.js +1 -4
  26. package/dist/src/accounts/startale.d.ts +1 -2
  27. package/dist/src/accounts/startale.d.ts.map +1 -1
  28. package/dist/src/accounts/startale.js +2 -5
  29. package/dist/src/actions/ecdsa.js +5 -5
  30. package/dist/src/actions/index.js +2 -2
  31. package/dist/src/actions/mfa.js +2 -2
  32. package/dist/src/actions/passkeys.js +2 -2
  33. package/dist/src/actions/smart-sessions.d.ts +29 -5
  34. package/dist/src/actions/smart-sessions.d.ts.map +1 -1
  35. package/dist/src/actions/smart-sessions.js +38 -10
  36. package/dist/src/errors/index.d.ts +4 -4
  37. package/dist/src/errors/index.d.ts.map +1 -1
  38. package/dist/src/errors/index.js +6 -6
  39. package/dist/src/execution/error.d.ts +8 -21
  40. package/dist/src/execution/error.d.ts.map +1 -1
  41. package/dist/src/execution/error.js +7 -21
  42. package/dist/src/execution/index.d.ts +17 -17
  43. package/dist/src/execution/index.d.ts.map +1 -1
  44. package/dist/src/execution/index.js +22 -41
  45. package/dist/src/execution/utils.d.ts +15 -11
  46. package/dist/src/execution/utils.d.ts.map +1 -1
  47. package/dist/src/execution/utils.js +279 -75
  48. package/dist/src/index.d.ts +236 -37
  49. package/dist/src/index.d.ts.map +1 -1
  50. package/dist/src/index.js +60 -115
  51. package/dist/src/jwt-server/jcs.d.ts +1 -1
  52. package/dist/src/jwt-server/jcs.js +4 -2
  53. package/dist/src/modules/index.d.ts.map +1 -1
  54. package/dist/src/modules/index.js +0 -5
  55. package/dist/src/modules/read.d.ts +3 -2
  56. package/dist/src/modules/read.d.ts.map +1 -1
  57. package/dist/src/modules/read.js +33 -4
  58. package/dist/src/modules/validators/core.d.ts +5 -5
  59. package/dist/src/modules/validators/core.d.ts.map +1 -1
  60. package/dist/src/modules/validators/core.js +45 -34
  61. package/dist/src/modules/validators/cross-chain-permits.d.ts +11 -0
  62. package/dist/src/modules/validators/cross-chain-permits.d.ts.map +1 -0
  63. package/dist/src/modules/validators/cross-chain-permits.js +76 -0
  64. package/dist/src/modules/validators/permissions.d.ts +1 -0
  65. package/dist/src/modules/validators/permissions.d.ts.map +1 -1
  66. package/dist/src/modules/validators/permissions.js +162 -17
  67. package/dist/src/modules/validators/policies/claim/arbiters.d.ts +22 -0
  68. package/dist/src/modules/validators/policies/claim/arbiters.d.ts.map +1 -0
  69. package/dist/src/modules/validators/policies/claim/arbiters.js +57 -0
  70. package/dist/src/modules/validators/smart-sessions.d.ts +38 -9
  71. package/dist/src/modules/validators/smart-sessions.d.ts.map +1 -1
  72. package/dist/src/modules/validators/smart-sessions.js +509 -92
  73. package/dist/src/orchestrator/caip2.d.ts +9 -3
  74. package/dist/src/orchestrator/caip2.d.ts.map +1 -1
  75. package/dist/src/orchestrator/caip2.js +40 -5
  76. package/dist/src/orchestrator/client.d.ts.map +1 -1
  77. package/dist/src/orchestrator/client.js +44 -21
  78. package/dist/src/orchestrator/consts.d.ts +1 -1
  79. package/dist/src/orchestrator/consts.d.ts.map +1 -1
  80. package/dist/src/orchestrator/consts.js +1 -1
  81. package/dist/src/orchestrator/destinations.d.ts +24 -0
  82. package/dist/src/orchestrator/destinations.d.ts.map +1 -0
  83. package/dist/src/orchestrator/destinations.js +55 -0
  84. package/dist/src/orchestrator/error.d.ts +87 -4
  85. package/dist/src/orchestrator/error.d.ts.map +1 -1
  86. package/dist/src/orchestrator/error.js +237 -3
  87. package/dist/src/orchestrator/index.d.ts +6 -5
  88. package/dist/src/orchestrator/index.d.ts.map +1 -1
  89. package/dist/src/orchestrator/index.js +4 -3
  90. package/dist/src/orchestrator/registry.d.ts +2 -1
  91. package/dist/src/orchestrator/registry.d.ts.map +1 -1
  92. package/dist/src/orchestrator/registry.js +13 -0
  93. package/dist/src/orchestrator/types.d.ts +114 -28
  94. package/dist/src/orchestrator/types.d.ts.map +1 -1
  95. package/dist/src/orchestrator/types.js +1 -5
  96. package/dist/src/smart-sessions/index.d.ts +5 -0
  97. package/dist/src/smart-sessions/index.d.ts.map +1 -0
  98. package/dist/src/smart-sessions/index.js +6 -0
  99. package/dist/src/types.d.ts +298 -29
  100. package/dist/src/types.d.ts.map +1 -1
  101. package/dist/src/utils/index.d.ts +59 -0
  102. package/dist/src/utils/index.d.ts.map +1 -1
  103. package/dist/src/utils/index.js +59 -0
  104. package/package.json +4 -8
  105. package/dist/src/actions/recovery.d.ts +0 -33
  106. package/dist/src/actions/recovery.d.ts.map +0 -1
  107. package/dist/src/actions/recovery.js +0 -189
@@ -2,7 +2,7 @@
2
2
  * RFC 8785 JSON Canonicalization Scheme (JCS).
3
3
  *
4
4
  * Produces a deterministic JSON serialization by:
5
- * 1. Sorting object keys lexicographically (Unicode code-point order)
5
+ * 1. Sorting object keys lexicographically (UTF-16 code-unit order, per RFC 8785 §3.2.3)
6
6
  * 2. Using ES2015+ `JSON.stringify` number serialization (IEEE 754 → shortest round-trip)
7
7
  * 3. No whitespace
8
8
  *
@@ -43,7 +43,9 @@ function serialize(value) {
43
43
  const items = value.map((item) => serialize(item));
44
44
  return `[${items.join(',')}]`;
45
45
  }
46
- // Object — sort keys by Unicode code-point order
46
+ // Object — sort keys by UTF-16 code-unit order (RFC 8785 §3.2.3).
47
+ // Native String comparison already orders by UTF-16 code unit, which is
48
+ // exactly what JCS mandates — do not replace with a code-point comparator.
47
49
  const obj = value;
48
50
  const keys = Object.keys(obj).sort();
49
51
  const members = [];
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../modules/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,KAAK,KAAK,EAAuB,MAAM,MAAM,CAAA;AAcpE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAA;AAKhD,OAAO,EAQL,KAAK,WAAW,EAChB,KAAK,MAAM,EACZ,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAA;AAC/D,OAAO,EACL,iBAAiB,EAEjB,8BAA8B,EAC9B,yBAAyB,EACzB,8BAA8B,EAC9B,0BAA0B,EAC3B,MAAM,cAAc,CAAA;AAErB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACV,MAAM,6BAA6B,CAAA;AAKpC,iBAAS,QAAQ,CAAC,MAAM,EAAE,gBAAgB,GAAG,WAAW,CA0EvD;AAED,iBAAS,iBAAiB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAY3D;AAED,iBAAS,yBAAyB,CAAC,KAAK,EAAE,KAAK,WAc9C;AAED,OAAO,EACL,yBAAyB,EACzB,0BAA0B,EAC1B,8BAA8B,EAC9B,8BAA8B,EAC9B,QAAQ,EACR,iBAAiB,EACjB,SAAS,EACT,YAAY,EACZ,iBAAiB,EACjB,aAAa,EACb,yBAAyB,EACzB,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,GACV,CAAA"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../modules/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,KAAK,KAAK,EAAuB,MAAM,MAAM,CAAA;AAcpE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAA;AAKhD,OAAO,EAQL,KAAK,WAAW,EAChB,KAAK,MAAM,EACZ,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAA;AAC/D,OAAO,EACL,iBAAiB,EAEjB,8BAA8B,EAC9B,yBAAyB,EACzB,8BAA8B,EAC9B,0BAA0B,EAC3B,MAAM,cAAc,CAAA;AACrB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACV,MAAM,6BAA6B,CAAA;AAKpC,iBAAS,QAAQ,CAAC,MAAM,EAAE,gBAAgB,GAAG,WAAW,CAmEvD;AAED,iBAAS,iBAAiB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAY3D;AAED,iBAAS,yBAAyB,CAAC,KAAK,EAAE,KAAK,WAc9C;AAED,OAAO,EACL,yBAAyB,EACzB,0BAA0B,EAC1B,8BAA8B,EAC9B,8BAA8B,EAC9B,QAAQ,EACR,iBAAiB,EACjB,SAAS,EACT,YAAY,EACZ,iBAAiB,EACjB,aAAa,EACb,yBAAyB,EACzB,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,GACV,CAAA"}
@@ -4,7 +4,6 @@ import { INTENT_EXECUTOR_ADDRESS, INTENT_EXECUTOR_ADDRESS_DEV, } from './chain-a
4
4
  import { getModule, MODULE_TYPE_EXECUTOR, MODULE_TYPE_FALLBACK, MODULE_TYPE_HOOK, MODULE_TYPE_ID_EXECUTOR, MODULE_TYPE_ID_FALLBACK, MODULE_TYPE_VALIDATOR, } from './common.js';
5
5
  import { getExecutors, getOwners, getValidators } from './read.js';
6
6
  import { getOwnerValidator, getSmartSessionValidator, MULTI_FACTOR_VALIDATOR_ADDRESS, OWNABLE_VALIDATOR_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS, WEBAUTHN_VALIDATOR_ADDRESS, } from './validators/index.js';
7
- import { getSocialRecoveryValidator } from './validators/core.js';
8
7
  import { getSessionDetails, signEnableSession, toSession, } from './validators/smart-sessions.js';
9
8
  const SMART_SESSION_COMPATIBILITY_FALLBACK_ADDRESS = '0x000000000052e9685932845660777DF43C2dC496';
10
9
  function getSetup(config) {
@@ -14,10 +13,6 @@ function getSetup(config) {
14
13
  if (smartSessionValidator) {
15
14
  validators.push(smartSessionValidator);
16
15
  }
17
- if (config.recovery) {
18
- const socialRecoveryValidator = getSocialRecoveryValidator(config.recovery.guardians, config.recovery.threshold);
19
- validators.push(socialRecoveryValidator);
20
- }
21
16
  const intentExecutor = getIntentExecutor(config);
22
17
  const executors = [intentExecutor];
23
18
  const fallbacks = [];
@@ -1,10 +1,11 @@
1
1
  import { type Address, type Chain } from 'viem';
2
2
  import type { AccountType, ProviderConfig } from '../types.js';
3
3
  declare function getValidators(accountType: AccountType, account: Address, chain: Chain, provider?: ProviderConfig): Promise<Address[]>;
4
- declare function getOwners(account: Address, chain: Chain, provider?: ProviderConfig): Promise<{
4
+ declare function getOwners(accountType: AccountType, account: Address, chain: Chain, provider?: ProviderConfig): Promise<{
5
5
  accounts: Address[];
6
6
  threshold: number;
7
7
  } | null>;
8
8
  declare function getExecutors(accountType: AccountType, account: Address, chain: Chain, provider?: ProviderConfig): Promise<Address[]>;
9
- export { getValidators, getExecutors, getOwners };
9
+ declare function isValidatorInitialized(account: Address, chain: Chain, validatorAddress: Address, provider?: ProviderConfig): Promise<boolean>;
10
+ export { getValidators, getExecutors, getOwners, isValidatorInitialized };
10
11
  //# sourceMappingURL=read.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"read.d.ts","sourceRoot":"","sources":["../../../modules/read.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,OAAO,EAAE,KAAK,KAAK,EAAsB,MAAM,MAAM,CAAA;AAEnE,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAG3D,iBAAe,aAAa,CAC1B,WAAW,EAAE,WAAW,EACxB,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,OAAO,EAAE,CAAC,CAiDpB;AAED,iBAAe,SAAS,CACtB,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC;IACT,QAAQ,EAAE,OAAO,EAAE,CAAA;IACnB,SAAS,EAAE,MAAM,CAAA;CAClB,GAAG,IAAI,CAAC,CAkER;AAED,iBAAe,YAAY,CACzB,WAAW,EAAE,WAAW,EACxB,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,OAAO,EAAE,CAAC,CAiDpB;AAED,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,SAAS,EAAE,CAAA"}
1
+ {"version":3,"file":"read.d.ts","sourceRoot":"","sources":["../../../modules/read.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,OAAO,EAAE,KAAK,KAAK,EAAsB,MAAM,MAAM,CAAA;AAEnE,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAG3D,iBAAe,aAAa,CAC1B,WAAW,EAAE,WAAW,EACxB,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,OAAO,EAAE,CAAC,CAkDpB;AAED,iBAAe,SAAS,CACtB,WAAW,EAAE,WAAW,EACxB,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC;IACT,QAAQ,EAAE,OAAO,EAAE,CAAA;IACnB,SAAS,EAAE,MAAM,CAAA;CAClB,GAAG,IAAI,CAAC,CAqER;AAED,iBAAe,YAAY,CACzB,WAAW,EAAE,WAAW,EACxB,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,OAAO,EAAE,CAAC,CAkDpB;AAED,iBAAe,sBAAsB,CACnC,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,KAAK,EACZ,gBAAgB,EAAE,OAAO,EACzB,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,OAAO,CAAC,CAwBlB;AAED,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,SAAS,EAAE,sBAAsB,EAAE,CAAA"}
@@ -1,6 +1,6 @@
1
1
  import { createPublicClient } from 'viem';
2
2
  import { createTransport } from '../accounts/utils.js';
3
- import { OWNABLE_VALIDATOR_ADDRESS } from './validators/core.js';
3
+ import { ENS_HCA_MODULE, OWNABLE_VALIDATOR_ADDRESS } from './validators/core.js';
4
4
  async function getValidators(accountType, account, chain, provider) {
5
5
  const publicClient = createPublicClient({
6
6
  chain,
@@ -9,6 +9,7 @@ async function getValidators(accountType, account, chain, provider) {
9
9
  switch (accountType) {
10
10
  case 'safe':
11
11
  case 'startale':
12
+ case 'hca':
12
13
  case 'nexus': {
13
14
  const validators = await publicClient.readContract({
14
15
  abi: [
@@ -51,12 +52,14 @@ async function getValidators(accountType, account, chain, provider) {
51
52
  }
52
53
  }
53
54
  }
54
- async function getOwners(account, chain, provider) {
55
+ async function getOwners(accountType, account, chain, provider) {
55
56
  const publicClient = createPublicClient({
56
57
  chain,
57
58
  transport: createTransport(chain, provider),
58
59
  });
59
- const moduleAddress = OWNABLE_VALIDATOR_ADDRESS;
60
+ // HCA accounts hold owner state under the ENS HCA module, which is also
61
+ // OwnableValidator-based, so the getOwners/threshold reads are identical.
62
+ const moduleAddress = accountType === 'hca' ? ENS_HCA_MODULE : OWNABLE_VALIDATOR_ADDRESS;
60
63
  const [ownerResult, thresholdResult] = await publicClient.multicall({
61
64
  contracts: [
62
65
  {
@@ -126,6 +129,7 @@ async function getExecutors(accountType, account, chain, provider) {
126
129
  switch (accountType) {
127
130
  case 'safe':
128
131
  case 'startale':
132
+ case 'hca':
129
133
  case 'nexus': {
130
134
  const executors = await publicClient.readContract({
131
135
  abi: [
@@ -168,4 +172,29 @@ async function getExecutors(accountType, account, chain, provider) {
168
172
  }
169
173
  }
170
174
  }
171
- export { getValidators, getExecutors, getOwners };
175
+ async function isValidatorInitialized(account, chain, validatorAddress, provider) {
176
+ const publicClient = createPublicClient({
177
+ chain,
178
+ transport: createTransport(chain, provider),
179
+ });
180
+ // `isInitialized` is a plain storage read on the validator singleton and
181
+ // returns `false` for an uninitialized (or undeployed) account without
182
+ // reverting. We deliberately let real read failures (provider/ABI errors)
183
+ // propagate rather than coercing them to `false`, which could otherwise
184
+ // produce an `onInstall` call for an already-initialized account.
185
+ return publicClient.readContract({
186
+ abi: [
187
+ {
188
+ name: 'isInitialized',
189
+ type: 'function',
190
+ stateMutability: 'view',
191
+ inputs: [{ name: 'smartAccount', type: 'address' }],
192
+ outputs: [{ name: '', type: 'bool' }],
193
+ },
194
+ ],
195
+ functionName: 'isInitialized',
196
+ address: validatorAddress,
197
+ args: [account],
198
+ });
199
+ }
200
+ export { getValidators, getExecutors, getOwners, isValidatorInitialized };
@@ -1,4 +1,4 @@
1
- import { type Account, type Address, type Hex } from 'viem';
1
+ import { type Address, type Hex } from 'viem';
2
2
  import type { ENSValidatorConfig, OwnableValidatorConfig, OwnerSet, RhinestoneAccountConfig, WebauthnValidatorConfig } from '../../types.js';
3
3
  import { type Module } from '../common.js';
4
4
  declare const SMART_SESSION_EMISSARY_ADDRESS_DEV: Address;
@@ -13,19 +13,19 @@ interface WebauthnCredential {
13
13
  authenticatorId: string;
14
14
  }
15
15
  declare const OWNABLE_VALIDATOR_ADDRESS: Address;
16
- declare const ENS_VALIDATOR_ADDRESS: Address;
16
+ declare const ENS_HCA_MODULE: Address;
17
17
  declare const WEBAUTHN_VALIDATOR_ADDRESS: Address;
18
18
  declare const MULTI_FACTOR_VALIDATOR_ADDRESS: Address;
19
19
  declare const WEBAUTHN_V0_VALIDATOR_ADDRESS: Address;
20
+ declare function ownerSetUsesEns(owners: OwnerSet): boolean;
20
21
  declare function getOwnerValidator(config: RhinestoneAccountConfig): Module;
21
22
  declare function getMockSignature(ownerSet: OwnerSet): Hex;
22
23
  declare function getValidator(owners: OwnerSet): Module;
23
24
  declare function getOwnableValidator(threshold: number, owners: Address[], address?: Address): Module;
24
- declare function getENSValidator(threshold: number, owners: Address[], ownerExpirations: number[], address?: Address): Module;
25
+ declare function getENSValidator(threshold: number, owners: Address[], expirations: (Date | undefined)[], address?: Address): Module;
25
26
  declare function getWebAuthnValidator(threshold: number, webAuthnCredentials: WebauthnCredential[], address?: Address): Module;
26
27
  declare function getMultiFactorValidator(threshold: number, validators: (OwnableValidatorConfig | ENSValidatorConfig | WebauthnValidatorConfig | null)[]): Module;
27
- declare function getSocialRecoveryValidator(guardians: Account[], threshold?: number): Module;
28
28
  declare function supportsEip712(validator: Module): boolean;
29
- export { OWNABLE_VALIDATOR_ADDRESS, ENS_VALIDATOR_ADDRESS, WEBAUTHN_VALIDATOR_ADDRESS, MULTI_FACTOR_VALIDATOR_ADDRESS, WEBAUTHN_V0_VALIDATOR_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS_DEV, getOwnerValidator, getOwnableValidator, getENSValidator, getWebAuthnValidator, getMultiFactorValidator, getSocialRecoveryValidator, getValidator, getMockSignature, supportsEip712, };
29
+ export { OWNABLE_VALIDATOR_ADDRESS, ENS_HCA_MODULE, WEBAUTHN_VALIDATOR_ADDRESS, MULTI_FACTOR_VALIDATOR_ADDRESS, WEBAUTHN_V0_VALIDATOR_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS_DEV, getOwnerValidator, getOwnableValidator, getENSValidator, getWebAuthnValidator, getMultiFactorValidator, getValidator, getMockSignature, supportsEip712, ownerSetUsesEns, };
30
30
  export type { WebauthnCredential };
31
31
  //# sourceMappingURL=core.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../../../../modules/validators/core.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,OAAO,EAKZ,KAAK,GAAG,EAKT,MAAM,MAAM,CAAA;AAGb,OAAO,KAAK,EACV,kBAAkB,EAClB,sBAAsB,EACtB,QAAQ,EACR,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,aAAa,CAAA;AAEpB,OAAO,EAA4B,KAAK,MAAM,EAAE,MAAM,WAAW,CAAA;AAEjE,QAAA,MAAM,kCAAkC,EAAE,OACI,CAAA;AAC9C,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAE9C,UAAU,SAAS;IACjB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV;AAED,UAAU,kBAAkB;IAC1B,MAAM,EAAE,SAAS,GAAG,GAAG,GAAG,UAAU,CAAA;IACpC,eAAe,EAAE,MAAM,CAAA;CACxB;AAED,QAAA,MAAM,yBAAyB,EAAE,OACa,CAAA;AAC9C,QAAA,MAAM,qBAAqB,EAAE,OACiB,CAAA;AAC9C,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAG9C,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAO9C,QAAA,MAAM,6BAA6B,EAAE,OACS,CAAA;AAO9C,iBAAS,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,UAKzD;AAED,iBAAS,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG,GAAG,CAmDjD;AAED,iBAAS,YAAY,CAAC,MAAM,EAAE,QAAQ,UA2BrC;AAED,iBAAS,mBAAmB,CAC1B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,OAAO,EAAE,EACjB,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CAiBR;AAED,iBAAS,eAAe,CACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,OAAO,EAAE,EACjB,gBAAgB,EAAE,MAAM,EAAE,EAC1B,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CAsCR;AAED,iBAAS,oBAAoB,CAC3B,SAAS,EAAE,MAAM,EACjB,mBAAmB,EAAE,kBAAkB,EAAE,EACzC,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CA4DR;AAED,iBAAS,uBAAuB,CAC9B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,CACR,sBAAsB,GACtB,kBAAkB,GAClB,uBAAuB,GACvB,IAAI,CACP,EAAE,GACF,MAAM,CAgDR;AAED,iBAAS,0BAA0B,CACjC,SAAS,EAAE,OAAO,EAAE,EACpB,SAAS,SAAI,GACZ,MAAM,CAsBR;AAeD,iBAAS,cAAc,CAAC,SAAS,EAAE,MAAM,WAUxC;AAED,OAAO,EACL,yBAAyB,EACzB,qBAAqB,EACrB,0BAA0B,EAC1B,8BAA8B,EAC9B,6BAA6B,EAC7B,8BAA8B,EAC9B,kCAAkC,EAClC,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,uBAAuB,EACvB,0BAA0B,EAC1B,YAAY,EACZ,gBAAgB,EAChB,cAAc,GACf,CAAA;AACD,YAAY,EAAE,kBAAkB,EAAE,CAAA"}
1
+ {"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../../../../modules/validators/core.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,OAAO,EAKZ,KAAK,GAAG,EAKT,MAAM,MAAM,CAAA;AAMb,OAAO,KAAK,EACV,kBAAkB,EAClB,sBAAsB,EACtB,QAAQ,EACR,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,aAAa,CAAA;AAEpB,OAAO,EAA4B,KAAK,MAAM,EAAE,MAAM,WAAW,CAAA;AAEjE,QAAA,MAAM,kCAAkC,EAAE,OACI,CAAA;AAC9C,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAE9C,UAAU,SAAS;IACjB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV;AAED,UAAU,kBAAkB;IAC1B,MAAM,EAAE,SAAS,GAAG,GAAG,GAAG,UAAU,CAAA;IACpC,eAAe,EAAE,MAAM,CAAA;CACxB;AAED,QAAA,MAAM,yBAAyB,EAAE,OACa,CAAA;AAC9C,QAAA,MAAM,cAAc,EAAE,OAAsD,CAAA;AAC5E,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAC9C,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAO9C,QAAA,MAAM,6BAA6B,EAAE,OACS,CAAA;AAU9C,iBAAS,eAAe,CAAC,MAAM,EAAE,QAAQ,GAAG,OAAO,CAMlD;AAED,iBAAS,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,UA2BzD;AAED,iBAAS,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG,GAAG,CAsDjD;AAED,iBAAS,YAAY,CAAC,MAAM,EAAE,QAAQ,UA2BrC;AAED,iBAAS,mBAAmB,CAC1B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,OAAO,EAAE,EACjB,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CAiBR;AAED,iBAAS,eAAe,CACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,OAAO,EAAE,EACjB,WAAW,EAAE,CAAC,IAAI,GAAG,SAAS,CAAC,EAAE,EACjC,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CA8CR;AAED,iBAAS,oBAAoB,CAC3B,SAAS,EAAE,MAAM,EACjB,mBAAmB,EAAE,kBAAkB,EAAE,EACzC,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CA4DR;AAED,iBAAS,uBAAuB,CAC9B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,CACR,sBAAsB,GACtB,kBAAkB,GAClB,uBAAuB,GACvB,IAAI,CACP,EAAE,GACF,MAAM,CAgDR;AAeD,iBAAS,cAAc,CAAC,SAAS,EAAE,MAAM,WAUxC;AAED,OAAO,EACL,yBAAyB,EACzB,cAAc,EACd,0BAA0B,EAC1B,8BAA8B,EAC9B,6BAA6B,EAC7B,8BAA8B,EAC9B,kCAAkC,EAClC,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,gBAAgB,EAChB,cAAc,EACd,eAAe,GAChB,CAAA;AACD,YAAY,EAAE,kBAAkB,EAAE,CAAA"}
@@ -1,12 +1,11 @@
1
1
  import { bytesToHex, concat, encodeAbiParameters, encodePacked, hexToBytes, maxUint48, pad, toHex, } from 'viem';
2
- import { OwnersFieldRequiredError } from '../../accounts/error.js';
2
+ import { AccountConfigurationNotSupportedError, OwnersFieldRequiredError, } from '../../accounts/error.js';
3
3
  import { MODULE_TYPE_ID_VALIDATOR } from '../common.js';
4
4
  const SMART_SESSION_EMISSARY_ADDRESS_DEV = '0x60731de80d78548875f8a67c4fec2a8660194e0c';
5
5
  const SMART_SESSION_EMISSARY_ADDRESS = '0xad568b3f825a8d5ffc06dd3253526b64d810ae89';
6
6
  const OWNABLE_VALIDATOR_ADDRESS = '0x000000000013fdb5234e4e3162a810f54d9f7e98';
7
- const ENS_VALIDATOR_ADDRESS = '0xdc38f07b060374b6480c4bf06231e7d10955bca4';
7
+ const ENS_HCA_MODULE = '0x5049ecBd4d961aE6DFEED9b7ccCe7f026454970E';
8
8
  const WEBAUTHN_VALIDATOR_ADDRESS = '0x0000000000578c4cb0e472a5462da43c495c3f33';
9
- const SOCIAL_RECOVERY_VALIDATOR_ADDRESS = '0xa04d053b3c8021e8d5bf641816c42daa75d8b597';
10
9
  const MULTI_FACTOR_VALIDATOR_ADDRESS = '0xf6bdf42c9be18ceca5c06c42a43daf7fbbe7896b';
11
10
  // Legacy
12
11
  const OWNABLE_V0_VALIDATOR_ADDRESS = '0x2483da3a338895199e5e538530213157e931bf06';
@@ -14,21 +13,46 @@ const OWNABLE_BETA_VALIDATOR_ADDRESS = '0x0000000000e9e6e96bcaa3c113187cdb7e38ae
14
13
  const WEBAUTHN_V0_VALIDATOR_ADDRESS = '0x0000000000578c4cb0e472a5462da43c495c3f33';
15
14
  const ECDSA_MOCK_SIGNATURE = '0x81d4b4981670cb18f99f0b4a66446df1bf5b204d24cfcb659bf38ba27a4359b5711649ec2423c5e1247245eba2964679b6a1dbb85c992ae40b9b00c6935b02ff1b';
16
15
  const WEBAUTHN_MOCK_SIGNATURE = '0x0000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000001b9b86eb98fda3ed4d797d9e690588dfadf17b329a76a47cec935bebf92d7ddc80000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000c00000000000000000000000000000000000000000000000000000000000000120000000000000000000000000000000000000000000000000000000000000001700000000000000000000000000000000000000000000000000000000000000019b2e9410bb6850f9f660a03d609d5a844fb96bcdc87a15139b03ee22c70f469100d2b865a215c3bf786387064effa8fcedcb1d625b5148f8a1236d5e3ff11acf000000000000000000000000000000000000000000000000000000000000002549960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000867b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a22396a4546696a75684557724d34534f572d7443684a625545484550343456636a634a2d42716f3166544d38222c226f726967696e223a22687474703a2f2f6c6f63616c686f73743a38303830222c2263726f73734f726967696e223a66616c73657d0000000000000000000000000000000000000000000000000000';
16
+ // ENS validation is only available on HCA accounts (its validator default is
17
+ // the HCA module). True for a direct ENS owner set or an ENS sub-validator
18
+ // nested in a multi-factor config.
19
+ function ownerSetUsesEns(owners) {
20
+ return (owners.type === 'ens' ||
21
+ (owners.type === 'multi-factor' &&
22
+ owners.validators.some((validator) => validator.type === 'ens')));
23
+ }
17
24
  function getOwnerValidator(config) {
18
25
  if (!config.owners) {
19
26
  throw new OwnersFieldRequiredError();
20
27
  }
28
+ // ENS owners resolve to the HCA module, which is only valid for HCA accounts.
29
+ // Other account types would silently install/sign against the wrong validator.
30
+ if (ownerSetUsesEns(config.owners) && config.account?.type !== 'hca') {
31
+ throw new AccountConfigurationNotSupportedError('ENS owners are only supported on HCA accounts', config.account?.type ?? 'nexus');
32
+ }
33
+ // HCA accounts use the ENS validator baked into the implementation; a custom
34
+ // owners.module would never be installed yet would drive signing/nonce
35
+ // selection, producing signatures for a validator the account does not have.
36
+ if (config.account?.type === 'hca' &&
37
+ config.owners.type === 'ens' &&
38
+ config.owners.module &&
39
+ config.owners.module.toLowerCase() !== ENS_HCA_MODULE.toLowerCase()) {
40
+ throw new AccountConfigurationNotSupportedError('HCA accounts do not support a custom ENS owners.module', 'hca');
41
+ }
21
42
  return getValidator(config.owners);
22
43
  }
23
44
  function getMockSignature(ownerSet) {
24
45
  switch (ownerSet.type) {
25
- case 'ecdsa':
26
- case 'ens': {
27
- // ENS validator uses same mock signature format as ECDSA for UserOps
46
+ case 'ecdsa': {
28
47
  const owners = ownerSet.accounts.map((account) => account.address);
29
48
  const signatures = owners.map(() => ECDSA_MOCK_SIGNATURE);
30
49
  return concat(signatures);
31
50
  }
51
+ case 'ens': {
52
+ // ENS validator uses same mock signature format as ECDSA for UserOps
53
+ const signatures = ownerSet.owners.map(() => ECDSA_MOCK_SIGNATURE);
54
+ return concat(signatures);
55
+ }
32
56
  case 'passkey':
33
57
  return WEBAUTHN_MOCK_SIGNATURE;
34
58
  case 'multi-factor': {
@@ -67,7 +91,7 @@ function getValidator(owners) {
67
91
  case 'ecdsa':
68
92
  return getOwnableValidator(owners.threshold ?? 1, owners.accounts.map((account) => account.address), owners.module);
69
93
  case 'ens':
70
- return getENSValidator(owners.threshold ?? 1, owners.accounts.map((account) => account.address), owners.ownerExpirations, owners.module);
94
+ return getENSValidator(owners.threshold ?? 1, owners.owners.map((o) => o.account.address), owners.owners.map((o) => o.expiration), owners.module);
71
95
  case 'passkey':
72
96
  return getWebAuthnValidator(owners.threshold ?? 1, owners.accounts.map((account) => ({
73
97
  pubKey: account.publicKey,
@@ -93,13 +117,20 @@ function getOwnableValidator(threshold, owners, address) {
93
117
  type: MODULE_TYPE_ID_VALIDATOR,
94
118
  };
95
119
  }
96
- function getENSValidator(threshold, owners, ownerExpirations, address) {
120
+ function getENSValidator(threshold, owners, expirations, address) {
97
121
  // format: (uint256 threshold, Owner[] owners)
98
122
  // where Owner is a tuple of (address addr, uint48 expiration)
99
- const ownerPairs = owners.map((owner, index) => ({
100
- addr: owner.toLowerCase(),
101
- expiration: ownerExpirations[index] ?? maxUint48,
102
- }));
123
+ const ownerPairs = owners.map((owner, index) => {
124
+ const expiration = expirations[index];
125
+ return {
126
+ addr: owner.toLowerCase(),
127
+ // maxUint48 is the on-chain "never expires" sentinel; it's outside the
128
+ // representable Date range, so an omitted expiry maps to it directly.
129
+ expiration: expiration !== undefined
130
+ ? Math.floor(expiration.getTime() / 1000)
131
+ : Number(maxUint48),
132
+ };
133
+ });
103
134
  // Sort by address to match ENS validator's expectations
104
135
  const sortedPairs = ownerPairs.sort((a, b) => a.addr.localeCompare(b.addr));
105
136
  const ownersWithExpiration = sortedPairs;
@@ -114,7 +145,7 @@ function getENSValidator(threshold, owners, ownerExpirations, address) {
114
145
  ],
115
146
  },
116
147
  ], [BigInt(threshold), ownersWithExpiration]);
117
- const moduleAddress = address ?? ENS_VALIDATOR_ADDRESS;
148
+ const moduleAddress = address ?? ENS_HCA_MODULE;
118
149
  return {
119
150
  address: moduleAddress,
120
151
  initData,
@@ -221,26 +252,6 @@ function getMultiFactorValidator(threshold, validators) {
221
252
  type: MODULE_TYPE_ID_VALIDATOR,
222
253
  };
223
254
  }
224
- function getSocialRecoveryValidator(guardians, threshold = 1) {
225
- const guardianAddresses = guardians.map((guardian) => guardian.address);
226
- guardianAddresses.sort();
227
- return {
228
- type: MODULE_TYPE_ID_VALIDATOR,
229
- address: SOCIAL_RECOVERY_VALIDATOR_ADDRESS,
230
- initData: encodeAbiParameters([
231
- {
232
- type: 'uint256',
233
- name: 'threshold',
234
- },
235
- {
236
- type: 'address[]',
237
- name: 'guardians',
238
- },
239
- ], [BigInt(threshold), guardianAddresses]),
240
- deInitData: '0x',
241
- additionalContext: '0x',
242
- };
243
- }
244
255
  function parsePublicKey(publicKey) {
245
256
  const bytes = typeof publicKey === 'string' ? hexToBytes(publicKey) : publicKey;
246
257
  const offset = bytes.length === 65 ? 1 : 0;
@@ -263,4 +274,4 @@ function supportsEip712(validator) {
263
274
  return true;
264
275
  }
265
276
  }
266
- export { OWNABLE_VALIDATOR_ADDRESS, ENS_VALIDATOR_ADDRESS, WEBAUTHN_VALIDATOR_ADDRESS, MULTI_FACTOR_VALIDATOR_ADDRESS, WEBAUTHN_V0_VALIDATOR_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS_DEV, getOwnerValidator, getOwnableValidator, getENSValidator, getWebAuthnValidator, getMultiFactorValidator, getSocialRecoveryValidator, getValidator, getMockSignature, supportsEip712, };
277
+ export { OWNABLE_VALIDATOR_ADDRESS, ENS_HCA_MODULE, WEBAUTHN_VALIDATOR_ADDRESS, MULTI_FACTOR_VALIDATOR_ADDRESS, WEBAUTHN_V0_VALIDATOR_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS_DEV, getOwnerValidator, getOwnableValidator, getENSValidator, getWebAuthnValidator, getMultiFactorValidator, getValidator, getMockSignature, supportsEip712, ownerSetUsesEns, };
@@ -0,0 +1,11 @@
1
+ import type { CrossChainPermissionInput, CrossChainPermit } from '../../types.js';
2
+ /**
3
+ * Resolve a {@link CrossChainPermissionInput} into a {@link CrossChainPermit}:
4
+ * normalise single/array legs, resolve `TokenSymbol`s to per-chain ERC-20
5
+ * addresses, and convert `Date` validity bounds to unix-seconds.
6
+ *
7
+ * @internal Used by `expandCrossChainPermit`; not part of the public API.
8
+ */
9
+ declare function resolveCrossChainPermission(input: CrossChainPermissionInput): CrossChainPermit;
10
+ export { resolveCrossChainPermission };
11
+ //# sourceMappingURL=cross-chain-permits.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"cross-chain-permits.d.ts","sourceRoot":"","sources":["../../../../modules/validators/cross-chain-permits.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,yBAAyB,EACzB,gBAAgB,EAEjB,MAAM,aAAa,CAAA;AAyBpB;;;;;;GAMG;AACH,iBAAS,2BAA2B,CAClC,KAAK,EAAE,yBAAyB,GAC/B,gBAAgB,CA0DlB;AAED,OAAO,EAAE,2BAA2B,EAAE,CAAA"}
@@ -0,0 +1,76 @@
1
+ import { isAddress } from 'viem';
2
+ import { getTokenAddress } from '../../orchestrator/registry.js';
3
+ function dateToUnixSeconds(input) {
4
+ // Date.getTime() returns milliseconds since epoch; the on-chain policy
5
+ // expects unix-seconds. Integer division matches the Permit2 deadline
6
+ // convention.
7
+ return BigInt(Math.floor(input.getTime() / 1000));
8
+ }
9
+ function resolveTokenForChain(token, chainId) {
10
+ return isAddress(token) ? token : getTokenAddress(token, chainId);
11
+ }
12
+ // Normalise the single-object / array / omitted shapes into arrays. An
13
+ // omitted side stays `undefined` (no restriction), mirroring how the
14
+ // underlying Permit2 policy treats an absent token list.
15
+ function normalizeLegs(legs) {
16
+ if (legs === undefined)
17
+ return undefined;
18
+ const arr = Array.isArray(legs) ? legs : [legs];
19
+ return arr.length ? arr : undefined;
20
+ }
21
+ /**
22
+ * Resolve a {@link CrossChainPermissionInput} into a {@link CrossChainPermit}:
23
+ * normalise single/array legs, resolve `TokenSymbol`s to per-chain ERC-20
24
+ * addresses, and convert `Date` validity bounds to unix-seconds.
25
+ *
26
+ * @internal Used by `expandCrossChainPermit`; not part of the public API.
27
+ */
28
+ function resolveCrossChainPermission(input) {
29
+ const fromLegs = normalizeLegs(input.from);
30
+ const toLegs = normalizeLegs(input.to);
31
+ const from = fromLegs?.map((leg) => ({
32
+ chain: leg.chain,
33
+ token: resolveTokenForChain(leg.token, leg.chain.id),
34
+ maxAmount: leg.maxAmount,
35
+ }));
36
+ const to = toLegs?.map((leg) => ({
37
+ chain: leg.chain,
38
+ token: resolveTokenForChain(leg.token, leg.chain.id),
39
+ recipient: leg.recipient,
40
+ }));
41
+ const validUntil = input.validUntil !== undefined
42
+ ? dateToUnixSeconds(input.validUntil)
43
+ : undefined;
44
+ const validAfter = input.validAfter !== undefined
45
+ ? dateToUnixSeconds(input.validAfter)
46
+ : undefined;
47
+ // Detect an obviously-broken time window early. The on-chain policy
48
+ // would reject any intent in this state anyway; surfacing it at build
49
+ // time saves a round-trip to chain.
50
+ if (validUntil !== undefined &&
51
+ validAfter !== undefined &&
52
+ validAfter > validUntil) {
53
+ throw new Error(`crossChainPermits: validAfter (${validAfter}) is greater than validUntil (${validUntil})`);
54
+ }
55
+ const fillDeadline = input.fillDeadline?.map(({ chain, min, max }) => ({
56
+ chain,
57
+ min: min !== undefined ? dateToUnixSeconds(min) : undefined,
58
+ max: max !== undefined ? dateToUnixSeconds(max) : undefined,
59
+ }));
60
+ return {
61
+ from,
62
+ to,
63
+ validUntil,
64
+ validAfter,
65
+ fillDeadline,
66
+ // Inverted default: callers must opt out of bridge-to-self
67
+ // explicitly. This stops a session key from quietly bridging to an
68
+ // attacker-controlled recipient.
69
+ recipientIsAccount: !input.allowRecipientNotAccount,
70
+ // Passed through verbatim. `getArbitersForSettlementLayers` expands
71
+ // undefined/empty to "all supported layers" at session-data build
72
+ // time.
73
+ settlementLayers: input.settlementLayers,
74
+ };
75
+ }
76
+ export { resolveCrossChainPermission };
@@ -1,4 +1,5 @@
1
1
  import type { Permission, ScopedAction } from '../../types.js';
2
+ export declare const FAR_FUTURE_MS = 4102444800000;
2
3
  declare function resolvePermission(permission: Permission): ScopedAction[];
3
4
  declare function resolvePermissions(permissions: readonly Permission[]): ScopedAction[];
4
5
  export { resolvePermissions, resolvePermission };
@@ -1 +1 @@
1
- {"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../../../modules/validators/permissions.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EACV,UAAU,EAEV,YAAY,EAEb,MAAM,aAAa,CAAA;AA0CpB,iBAAS,iBAAiB,CAAC,UAAU,EAAE,UAAU,GAAG,YAAY,EAAE,CA+FjE;AAED,iBAAS,kBAAkB,CACzB,WAAW,EAAE,SAAS,UAAU,EAAE,GACjC,YAAY,EAAE,CAEhB;AAED,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,CAAA"}
1
+ {"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../../../modules/validators/permissions.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAEV,UAAU,EAEV,YAAY,EAEb,MAAM,aAAa,CAAA;AAiHpB,eAAO,MAAM,aAAa,gBAAoB,CAAA;AAE9C,iBAAS,iBAAiB,CAAC,UAAU,EAAE,UAAU,GAAG,YAAY,EAAE,CA0NjE;AAED,iBAAS,kBAAkB,CACzB,WAAW,EAAE,SAAS,UAAU,EAAE,GACjC,YAAY,EAAE,CAEhB;AAED,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,CAAA"}