@rhinestone/sdk 2.0.0-beta.3 → 2.0.0-beta.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/accounts/error.d.ts +2 -9
- package/dist/src/accounts/error.d.ts.map +1 -1
- package/dist/src/accounts/error.js +5 -11
- package/dist/src/accounts/hca.d.ts +25 -0
- package/dist/src/accounts/hca.d.ts.map +1 -0
- package/dist/src/accounts/hca.js +145 -0
- package/dist/src/accounts/index.d.ts +9 -9
- package/dist/src/accounts/index.d.ts.map +1 -1
- package/dist/src/accounts/index.js +112 -41
- package/dist/src/accounts/kernel.d.ts +1 -2
- package/dist/src/accounts/kernel.d.ts.map +1 -1
- package/dist/src/accounts/kernel.js +1 -8
- package/dist/src/accounts/nexus.d.ts +3 -2
- package/dist/src/accounts/nexus.d.ts.map +1 -1
- package/dist/src/accounts/nexus.js +33 -8
- package/dist/src/accounts/safe.d.ts +1 -2
- package/dist/src/accounts/safe.d.ts.map +1 -1
- package/dist/src/accounts/safe.js +3 -9
- package/dist/src/accounts/signing/common.d.ts +1 -4
- package/dist/src/accounts/signing/common.d.ts.map +1 -1
- package/dist/src/accounts/signing/common.js +7 -11
- package/dist/src/accounts/signing/message.d.ts.map +1 -1
- package/dist/src/accounts/signing/message.js +1 -4
- package/dist/src/accounts/signing/typedData.d.ts.map +1 -1
- package/dist/src/accounts/signing/typedData.js +1 -4
- package/dist/src/accounts/startale.d.ts +1 -2
- package/dist/src/accounts/startale.d.ts.map +1 -1
- package/dist/src/accounts/startale.js +2 -5
- package/dist/src/actions/ecdsa.js +5 -5
- package/dist/src/actions/index.js +2 -2
- package/dist/src/actions/mfa.js +2 -2
- package/dist/src/actions/passkeys.js +2 -2
- package/dist/src/actions/smart-sessions.d.ts +29 -5
- package/dist/src/actions/smart-sessions.d.ts.map +1 -1
- package/dist/src/actions/smart-sessions.js +38 -10
- package/dist/src/errors/index.d.ts +4 -4
- package/dist/src/errors/index.d.ts.map +1 -1
- package/dist/src/errors/index.js +6 -6
- package/dist/src/execution/error.d.ts +8 -21
- package/dist/src/execution/error.d.ts.map +1 -1
- package/dist/src/execution/error.js +7 -21
- package/dist/src/execution/index.d.ts +17 -17
- package/dist/src/execution/index.d.ts.map +1 -1
- package/dist/src/execution/index.js +22 -41
- package/dist/src/execution/utils.d.ts +15 -11
- package/dist/src/execution/utils.d.ts.map +1 -1
- package/dist/src/execution/utils.js +279 -75
- package/dist/src/index.d.ts +236 -37
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +60 -115
- package/dist/src/jwt-server/jcs.d.ts +1 -1
- package/dist/src/jwt-server/jcs.js +4 -2
- package/dist/src/modules/index.d.ts.map +1 -1
- package/dist/src/modules/index.js +0 -5
- package/dist/src/modules/read.d.ts +3 -2
- package/dist/src/modules/read.d.ts.map +1 -1
- package/dist/src/modules/read.js +33 -4
- package/dist/src/modules/validators/core.d.ts +5 -5
- package/dist/src/modules/validators/core.d.ts.map +1 -1
- package/dist/src/modules/validators/core.js +45 -34
- package/dist/src/modules/validators/cross-chain-permits.d.ts +11 -0
- package/dist/src/modules/validators/cross-chain-permits.d.ts.map +1 -0
- package/dist/src/modules/validators/cross-chain-permits.js +76 -0
- package/dist/src/modules/validators/permissions.d.ts +1 -0
- package/dist/src/modules/validators/permissions.d.ts.map +1 -1
- package/dist/src/modules/validators/permissions.js +162 -17
- package/dist/src/modules/validators/policies/claim/arbiters.d.ts +22 -0
- package/dist/src/modules/validators/policies/claim/arbiters.d.ts.map +1 -0
- package/dist/src/modules/validators/policies/claim/arbiters.js +57 -0
- package/dist/src/modules/validators/smart-sessions.d.ts +38 -9
- package/dist/src/modules/validators/smart-sessions.d.ts.map +1 -1
- package/dist/src/modules/validators/smart-sessions.js +509 -92
- package/dist/src/orchestrator/caip2.d.ts +9 -3
- package/dist/src/orchestrator/caip2.d.ts.map +1 -1
- package/dist/src/orchestrator/caip2.js +40 -5
- package/dist/src/orchestrator/client.d.ts.map +1 -1
- package/dist/src/orchestrator/client.js +44 -21
- package/dist/src/orchestrator/consts.d.ts +1 -1
- package/dist/src/orchestrator/consts.d.ts.map +1 -1
- package/dist/src/orchestrator/consts.js +1 -1
- package/dist/src/orchestrator/destinations.d.ts +24 -0
- package/dist/src/orchestrator/destinations.d.ts.map +1 -0
- package/dist/src/orchestrator/destinations.js +55 -0
- package/dist/src/orchestrator/error.d.ts +87 -4
- package/dist/src/orchestrator/error.d.ts.map +1 -1
- package/dist/src/orchestrator/error.js +237 -3
- package/dist/src/orchestrator/index.d.ts +6 -5
- package/dist/src/orchestrator/index.d.ts.map +1 -1
- package/dist/src/orchestrator/index.js +4 -3
- package/dist/src/orchestrator/registry.d.ts +2 -1
- package/dist/src/orchestrator/registry.d.ts.map +1 -1
- package/dist/src/orchestrator/registry.js +13 -0
- package/dist/src/orchestrator/types.d.ts +114 -28
- package/dist/src/orchestrator/types.d.ts.map +1 -1
- package/dist/src/orchestrator/types.js +1 -5
- package/dist/src/smart-sessions/index.d.ts +5 -0
- package/dist/src/smart-sessions/index.d.ts.map +1 -0
- package/dist/src/smart-sessions/index.js +6 -0
- package/dist/src/types.d.ts +298 -29
- package/dist/src/types.d.ts.map +1 -1
- package/dist/src/utils/index.d.ts +59 -0
- package/dist/src/utils/index.d.ts.map +1 -1
- package/dist/src/utils/index.js +59 -0
- package/package.json +4 -8
- package/dist/src/actions/recovery.d.ts +0 -33
- package/dist/src/actions/recovery.d.ts.map +0 -1
- package/dist/src/actions/recovery.js +0 -189
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { isAddress, isHex, size, toFunctionSelector, } from 'viem';
|
|
1
|
+
import { isAddress, isHex, padHex, size, toFunctionSelector, } from 'viem';
|
|
2
2
|
function isStaticAbiType(type) {
|
|
3
3
|
if (type === 'address' || type === 'bool')
|
|
4
4
|
return true;
|
|
@@ -33,12 +33,53 @@ function toReferenceValue(value, abiType) {
|
|
|
33
33
|
if (typeof value === 'string' &&
|
|
34
34
|
isHex(value) &&
|
|
35
35
|
size(value) === expectedSize) {
|
|
36
|
-
|
|
36
|
+
// Solidity calldata encodes bytesN (N<32) left-aligned + right-padded
|
|
37
|
+
// inside its 32-byte word, whereas address/uint*/bool are right-aligned
|
|
38
|
+
// + left-padded. Downstream `encodeActionParamRule` unconditionally
|
|
39
|
+
// left-pads with `padHex`, which is correct for the right-aligned types
|
|
40
|
+
// but wrong for bytesN. Pre-encode here to the full 32-byte hex with
|
|
41
|
+
// the correct alignment so the policy's bytes32 == bytes32 comparison
|
|
42
|
+
// matches what's actually in calldata.
|
|
43
|
+
return padHex(value, { size: 32, dir: 'right' });
|
|
37
44
|
}
|
|
38
45
|
throw new Error(`Expected ${expectedSize}-byte hex string for ${abiType}`);
|
|
39
46
|
}
|
|
40
47
|
throw new Error(`Unsupported ABI type: ${abiType}`);
|
|
41
48
|
}
|
|
49
|
+
// Right-fold an array of leaves into a right-leaning OR chain:
|
|
50
|
+
// [a, b, c] → OR(a, OR(b, c))
|
|
51
|
+
// Right-leaning is fine because ArgPolicy evaluates with short-circuit; any
|
|
52
|
+
// shape that uses every leaf and respects post-order produces the same result.
|
|
53
|
+
function orChain(leaves) {
|
|
54
|
+
let acc = leaves[leaves.length - 1];
|
|
55
|
+
for (let i = leaves.length - 2; i >= 0; i--) {
|
|
56
|
+
acc = { type: 'or', left: leaves[i], right: acc };
|
|
57
|
+
}
|
|
58
|
+
return acc;
|
|
59
|
+
}
|
|
60
|
+
function andChain(leaves) {
|
|
61
|
+
let acc = leaves[leaves.length - 1];
|
|
62
|
+
for (let i = leaves.length - 2; i >= 0; i--) {
|
|
63
|
+
acc = { type: 'and', left: leaves[i], right: acc };
|
|
64
|
+
}
|
|
65
|
+
return acc;
|
|
66
|
+
}
|
|
67
|
+
// On-chain ERC20SpendingLimitPolicy._isTokenTransferOrApprove matches by
|
|
68
|
+
// 4-byte selector, accepting only these four. Selector-gating here keeps the
|
|
69
|
+
// SDK's accepted set congruent with the contract's — a same-shaped function
|
|
70
|
+
// like `mint(address,uint256)` would otherwise pass argument-type checks and
|
|
71
|
+
// fail every call on-chain.
|
|
72
|
+
const ERC20_SPENDING_LIMIT_SELECTORS = new Set([
|
|
73
|
+
'0x095ea7b3', // approve(address,uint256)
|
|
74
|
+
'0x39509351', // increaseAllowance(address,uint256)
|
|
75
|
+
'0xa9059cbb', // transfer(address,uint256)
|
|
76
|
+
'0x23b872dd', // transferFrom(address,address,uint256)
|
|
77
|
+
]);
|
|
78
|
+
// Year 2100 in ms — well within uint128 after the encoder's ms→s conversion.
|
|
79
|
+
// Used as the one-sided default for `validUntil` when only `validAfter` is set.
|
|
80
|
+
// Exported so the cross-chain permit expansion (smart-sessions.ts) applies the
|
|
81
|
+
// same always-passing upper bound instead of defaulting to 0 (already expired).
|
|
82
|
+
export const FAR_FUTURE_MS = 4_102_444_800_000;
|
|
42
83
|
function resolvePermission(permission) {
|
|
43
84
|
const { abi, address, functions } = permission;
|
|
44
85
|
const actions = [];
|
|
@@ -58,11 +99,57 @@ function resolvePermission(permission) {
|
|
|
58
99
|
}
|
|
59
100
|
const abiEntry = abiEntries[0];
|
|
60
101
|
const selector = toFunctionSelector(abiEntry);
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
102
|
+
if (Object.hasOwn(config, 'policies')) {
|
|
103
|
+
throw new Error(`Function "${fnName}": \`policies\` was removed from permission configs. ` +
|
|
104
|
+
'Use params, maxUses, validUntil/validAfter, valueLimit, or spendingLimit instead.');
|
|
105
|
+
}
|
|
106
|
+
const policies = [];
|
|
107
|
+
// --- Sugar field expansion -----------------------------------------------
|
|
108
|
+
if (config.maxUses !== undefined) {
|
|
109
|
+
policies.push({ type: 'usage-limit', limit: config.maxUses });
|
|
110
|
+
}
|
|
111
|
+
if (config.validUntil !== undefined || config.validAfter !== undefined) {
|
|
112
|
+
const validUntil = config.validUntil !== undefined
|
|
113
|
+
? config.validUntil.getTime()
|
|
114
|
+
: FAR_FUTURE_MS;
|
|
115
|
+
const validAfter = config.validAfter !== undefined ? config.validAfter.getTime() : 0;
|
|
116
|
+
if (validUntil < validAfter) {
|
|
117
|
+
throw new Error(`Function "${fnName}": validUntil (${validUntil}) is before validAfter (${validAfter}).`);
|
|
118
|
+
}
|
|
119
|
+
policies.push({ type: 'time-frame', validUntil, validAfter });
|
|
120
|
+
}
|
|
121
|
+
if (config.valueLimit !== undefined) {
|
|
122
|
+
// Runtime backstop: payable-gating is enforced at the type level, but
|
|
123
|
+
// users can bypass with `as` casts. valueLimit on a non-payable function
|
|
124
|
+
// is harmless on-chain (msg.value is always 0, the cap always passes)
|
|
125
|
+
// but it leaks intent — throw rather than encode dead weight.
|
|
126
|
+
if (abiEntry.stateMutability !== 'payable') {
|
|
127
|
+
throw new Error(`Function "${fnName}" is not payable — \`valueLimit\` only constrains native ETH ` +
|
|
128
|
+
'attached to the call, which is always zero for non-payable functions. ' +
|
|
129
|
+
'Remove `valueLimit`.');
|
|
130
|
+
}
|
|
131
|
+
policies.push({ type: 'value-limit', limit: config.valueLimit });
|
|
132
|
+
}
|
|
133
|
+
if (config.spendingLimit !== undefined) {
|
|
134
|
+
// Runtime backstop: type-level gate restricts shape, but ERC20SpendingLimitPolicy
|
|
135
|
+
// dispatches by selector on-chain — a same-shaped function like
|
|
136
|
+
// mint(address,uint256) would encode successfully and fail every call.
|
|
137
|
+
if (!ERC20_SPENDING_LIMIT_SELECTORS.has(selector)) {
|
|
138
|
+
throw new Error(`Function "${fnName}" (selector ${selector}) is not an ERC-20 transfer/approve ` +
|
|
139
|
+
'selector; `spendingLimit` only works on approve, increaseAllowance, ' +
|
|
140
|
+
'transfer, or transferFrom. The on-chain policy dispatches by selector ' +
|
|
141
|
+
'and would fail every call for other functions.');
|
|
142
|
+
}
|
|
143
|
+
policies.push({
|
|
144
|
+
type: 'spending-limits',
|
|
145
|
+
limits: [config.spendingLimit],
|
|
146
|
+
});
|
|
147
|
+
}
|
|
148
|
+
// --- End sugar field expansion -------------------------------------------
|
|
149
|
+
const rawParams = config.params ?? {};
|
|
150
|
+
const paramEntries = Object.entries(rawParams).filter(([, v]) => v !== undefined);
|
|
64
151
|
if (paramEntries.length > 0) {
|
|
65
|
-
const
|
|
152
|
+
const normalized = paramEntries.map(([paramName, rule]) => {
|
|
66
153
|
const paramIndex = abiEntry.inputs.findIndex((p) => p.name === paramName);
|
|
67
154
|
if (paramIndex === -1) {
|
|
68
155
|
throw new Error(`Parameter "${paramName}" not found in function "${fnName}". ` +
|
|
@@ -75,21 +162,79 @@ function resolvePermission(permission) {
|
|
|
75
162
|
'(address, bool, uint*, int*, bytes1–bytes32).');
|
|
76
163
|
}
|
|
77
164
|
const calldataOffset = BigInt(paramIndex) * 32n;
|
|
78
|
-
|
|
165
|
+
if (rule.anyOf !== undefined) {
|
|
166
|
+
if (rule.anyOf.length === 0) {
|
|
167
|
+
throw new Error(`Parameter "${paramName}" has empty anyOf — provide at least one value.`);
|
|
168
|
+
}
|
|
169
|
+
return {
|
|
170
|
+
paramName,
|
|
171
|
+
calldataOffset,
|
|
172
|
+
abiType: param.type,
|
|
173
|
+
anyOf: rule.anyOf,
|
|
174
|
+
};
|
|
175
|
+
}
|
|
79
176
|
return {
|
|
80
|
-
|
|
177
|
+
paramName,
|
|
81
178
|
calldataOffset,
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
179
|
+
abiType: param.type,
|
|
180
|
+
condition: rule.condition,
|
|
181
|
+
value: rule.value,
|
|
182
|
+
usageLimit: rule.usageLimit,
|
|
86
183
|
};
|
|
87
184
|
});
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
185
|
+
const usesArgPolicy = normalized.some((n) => n.anyOf !== undefined);
|
|
186
|
+
// UniActionPolicy/ArgPolicy reject `msg.value > valueLimitPerUse`, so a
|
|
187
|
+
// default of 0 would block any non-zero msg.value before the standalone
|
|
188
|
+
// value-limit policy (sugar) could allow it. Inherit the sugar's cap so
|
|
189
|
+
// the per-use gate matches user intent; value-limit still enforces the
|
|
190
|
+
// cumulative cap on top.
|
|
191
|
+
const embeddedValueLimit = config.valueLimitPerUse ?? config.valueLimit ?? 0n;
|
|
192
|
+
if (usesArgPolicy) {
|
|
193
|
+
// One sub-expression per param, then AND across params.
|
|
194
|
+
const perParam = normalized.map((n) => {
|
|
195
|
+
if (n.anyOf !== undefined) {
|
|
196
|
+
const leaves = n.anyOf.map((v) => ({
|
|
197
|
+
type: 'rule',
|
|
198
|
+
rule: {
|
|
199
|
+
condition: 'equal',
|
|
200
|
+
calldataOffset: n.calldataOffset,
|
|
201
|
+
referenceValue: toReferenceValue(v, n.abiType),
|
|
202
|
+
},
|
|
203
|
+
}));
|
|
204
|
+
return leaves.length === 1 ? leaves[0] : orChain(leaves);
|
|
205
|
+
}
|
|
206
|
+
return {
|
|
207
|
+
type: 'rule',
|
|
208
|
+
rule: {
|
|
209
|
+
condition: n.condition,
|
|
210
|
+
calldataOffset: n.calldataOffset,
|
|
211
|
+
referenceValue: toReferenceValue(n.value, n.abiType),
|
|
212
|
+
...(n.usageLimit !== undefined
|
|
213
|
+
? { usageLimit: n.usageLimit }
|
|
214
|
+
: {}),
|
|
215
|
+
},
|
|
216
|
+
};
|
|
217
|
+
});
|
|
218
|
+
policies.push({
|
|
219
|
+
type: 'arg-policy',
|
|
220
|
+
valueLimitPerUse: embeddedValueLimit,
|
|
221
|
+
expression: perParam.length === 1 ? perParam[0] : andChain(perParam),
|
|
222
|
+
});
|
|
223
|
+
}
|
|
224
|
+
else {
|
|
225
|
+
// Flat AND-of-rules — cheaper to init via UniActionPolicy.
|
|
226
|
+
const rules = normalized.map((n) => ({
|
|
227
|
+
condition: n.condition,
|
|
228
|
+
calldataOffset: n.calldataOffset,
|
|
229
|
+
referenceValue: toReferenceValue(n.value, n.abiType),
|
|
230
|
+
...(n.usageLimit !== undefined ? { usageLimit: n.usageLimit } : {}),
|
|
231
|
+
}));
|
|
232
|
+
policies.push({
|
|
233
|
+
type: 'universal-action',
|
|
234
|
+
valueLimitPerUse: embeddedValueLimit,
|
|
235
|
+
rules: rules,
|
|
236
|
+
});
|
|
237
|
+
}
|
|
93
238
|
}
|
|
94
239
|
else if (config.valueLimitPerUse !== undefined) {
|
|
95
240
|
policies.push({
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import type { Address } from 'viem';
|
|
2
|
+
import type { CrossChainSettlementLayer } from '../../../../types.js';
|
|
3
|
+
/**
|
|
4
|
+
* Collects every distinct arbiter address that any chain in the registry
|
|
5
|
+
* has deployed for the given settlement layers. The resulting whitelist
|
|
6
|
+
* is what the Permit2 claim policy enforces on-chain — a session signed
|
|
7
|
+
* once with this whitelist is valid against any of those arbiters.
|
|
8
|
+
*
|
|
9
|
+
* **"Any" means any of the *supported* settlement layers**, not any
|
|
10
|
+
* address on earth. When `layers` is empty or undefined, this resolver
|
|
11
|
+
* expands to the union of every layer in
|
|
12
|
+
* {@link SETTLEMENT_LAYER_CONTRACT_KEYS}, so the on-chain arbiter check
|
|
13
|
+
* stays meaningful (the worst case is still a Rhinestone-blessed
|
|
14
|
+
* arbiter). To get a truly unrestricted whitelist a caller would have
|
|
15
|
+
* to bypass this helper entirely.
|
|
16
|
+
*
|
|
17
|
+
* @param layers Settlement layers the session is permitted to use.
|
|
18
|
+
* Empty/undefined ⇒ all supported layers.
|
|
19
|
+
* @param useDevContracts Pull from the dev address book instead of mainnet.
|
|
20
|
+
*/
|
|
21
|
+
export declare function getArbitersForSettlementLayers(layers: readonly CrossChainSettlementLayer[] | undefined, useDevContracts?: boolean): Address[] | undefined;
|
|
22
|
+
//# sourceMappingURL=arbiters.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"arbiters.d.ts","sourceRoot":"","sources":["../../../../../../modules/validators/policies/claim/arbiters.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,mBAAmB,CAAA;AAiBlE;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,SAAS,yBAAyB,EAAE,GAAG,SAAS,EACxD,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,EAAE,GAAG,SAAS,CA8BvB"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
import { contractAddresses, contractAddressesDev, } from '@rhinestone/shared-configs';
|
|
2
|
+
/**
|
|
3
|
+
* The contract registry keys (per `shared-configs/contracts.{,dev}.js`)
|
|
4
|
+
* that each settlement layer expands to. `ACROSS` whitelists both arbiter
|
|
5
|
+
* impls so a session is permissioned for the 7579 and multicall paths
|
|
6
|
+
* regardless of which one the orchestrator picks at intent time.
|
|
7
|
+
*/
|
|
8
|
+
const SETTLEMENT_LAYER_CONTRACT_KEYS = {
|
|
9
|
+
SAME_CHAIN: ['samechainArbiter'],
|
|
10
|
+
ECO: ['ecoArbiter'],
|
|
11
|
+
ACROSS: ['across7579Arbiter', 'acrossMulticallArbiter'],
|
|
12
|
+
};
|
|
13
|
+
/**
|
|
14
|
+
* Collects every distinct arbiter address that any chain in the registry
|
|
15
|
+
* has deployed for the given settlement layers. The resulting whitelist
|
|
16
|
+
* is what the Permit2 claim policy enforces on-chain — a session signed
|
|
17
|
+
* once with this whitelist is valid against any of those arbiters.
|
|
18
|
+
*
|
|
19
|
+
* **"Any" means any of the *supported* settlement layers**, not any
|
|
20
|
+
* address on earth. When `layers` is empty or undefined, this resolver
|
|
21
|
+
* expands to the union of every layer in
|
|
22
|
+
* {@link SETTLEMENT_LAYER_CONTRACT_KEYS}, so the on-chain arbiter check
|
|
23
|
+
* stays meaningful (the worst case is still a Rhinestone-blessed
|
|
24
|
+
* arbiter). To get a truly unrestricted whitelist a caller would have
|
|
25
|
+
* to bypass this helper entirely.
|
|
26
|
+
*
|
|
27
|
+
* @param layers Settlement layers the session is permitted to use.
|
|
28
|
+
* Empty/undefined ⇒ all supported layers.
|
|
29
|
+
* @param useDevContracts Pull from the dev address book instead of mainnet.
|
|
30
|
+
*/
|
|
31
|
+
export function getArbitersForSettlementLayers(layers, useDevContracts) {
|
|
32
|
+
const effectiveLayers = !layers || layers.length === 0
|
|
33
|
+
? Object.keys(SETTLEMENT_LAYER_CONTRACT_KEYS)
|
|
34
|
+
: layers;
|
|
35
|
+
const registry = useDevContracts ? contractAddressesDev : contractAddresses;
|
|
36
|
+
const keys = effectiveLayers.flatMap((l) => SETTLEMENT_LAYER_CONTRACT_KEYS[l]);
|
|
37
|
+
const seen = new Set();
|
|
38
|
+
const addresses = [];
|
|
39
|
+
// shared-configs is shaped Record<chainId, Record<contractKey, Address>>.
|
|
40
|
+
// The same logical arbiter often shares an address across chains, but a
|
|
41
|
+
// given key may also have multiple addresses live in the wild (e.g.
|
|
42
|
+
// post-redeploy). We collect every unique address we see for the keys
|
|
43
|
+
// the caller asked for, deduplicated case-insensitively.
|
|
44
|
+
for (const chainContracts of Object.values(registry)) {
|
|
45
|
+
for (const key of keys) {
|
|
46
|
+
const addr = chainContracts[key];
|
|
47
|
+
if (!addr)
|
|
48
|
+
continue;
|
|
49
|
+
const norm = addr.toLowerCase();
|
|
50
|
+
if (seen.has(norm))
|
|
51
|
+
continue;
|
|
52
|
+
seen.add(norm);
|
|
53
|
+
addresses.push(addr);
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
return addresses.length ? addresses : undefined;
|
|
57
|
+
}
|
|
@@ -2,7 +2,7 @@ import { type Abi, type Address, type Hex, type TypedDataDefinition } from 'viem
|
|
|
2
2
|
import type { Permit2ClaimPolicy, Policy, ProviderConfig, ResolvedAction, ResolvedERC7739Policies, ResolvedPolicy, RhinestoneAccountConfig, RhinestoneConfig, Session, SessionDefinition, SessionEnableData } from '../../types.js';
|
|
3
3
|
import { type Module } from '../common.js';
|
|
4
4
|
import { SMART_SESSION_EMISSARY_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS_DEV } from './core.js';
|
|
5
|
-
import { type InternalPermit2ClaimPolicy } from './policies/claim/permit2.js';
|
|
5
|
+
import { type InternalPermit2ClaimPolicy, type Permit2ClaimMessage } from './policies/claim/permit2.js';
|
|
6
6
|
interface SessionData {
|
|
7
7
|
sessionValidator: Address;
|
|
8
8
|
sessionValidatorInitData: Hex;
|
|
@@ -153,9 +153,19 @@ declare const SPENDING_LIMITS_POLICY_ADDRESS: Address;
|
|
|
153
153
|
declare const TIME_FRAME_POLICY_ADDRESS: Address;
|
|
154
154
|
declare const SUDO_POLICY_ADDRESS: Address;
|
|
155
155
|
declare const UNIVERSAL_ACTION_POLICY_ADDRESS: Address;
|
|
156
|
+
declare const ARG_POLICY_ADDRESS: Address;
|
|
156
157
|
declare const USAGE_LIMIT_POLICY_ADDRESS: Address;
|
|
157
158
|
declare const VALUE_LIMIT_POLICY_ADDRESS: Address;
|
|
158
159
|
declare const INTENT_EXECUTION_POLICY_ADDRESS: Address;
|
|
160
|
+
interface ResolvedPolicyAddresses {
|
|
161
|
+
sudo: Address;
|
|
162
|
+
universalAction: Address;
|
|
163
|
+
argPolicy: Address;
|
|
164
|
+
spendingLimits: Address;
|
|
165
|
+
timeFrame: Address;
|
|
166
|
+
usageLimit: Address;
|
|
167
|
+
valueLimit: Address;
|
|
168
|
+
}
|
|
159
169
|
interface ResolvedSessionSignerSet {
|
|
160
170
|
type: 'experimental_session';
|
|
161
171
|
session: Session;
|
|
@@ -174,23 +184,42 @@ declare function getEnableSessionCall(account: Address, session: Session, enable
|
|
|
174
184
|
to: `0x${string}`;
|
|
175
185
|
data: `0x${string}`;
|
|
176
186
|
}>;
|
|
187
|
+
declare function getDisableSessionCall(account: Address, session: Session, expires: bigint, provider: ProviderConfig | undefined, useDevContracts?: boolean): Promise<{
|
|
188
|
+
to: `0x${string}`;
|
|
189
|
+
data: `0x${string}`;
|
|
190
|
+
}>;
|
|
177
191
|
declare function toSession<const TAbis extends readonly Abi[]>(definition: SessionDefinition<TAbis>, options?: {
|
|
178
192
|
useDevContracts?: boolean;
|
|
179
193
|
}): Session;
|
|
194
|
+
/**
|
|
195
|
+
* Selects the claim policy whose constraints the given Permit2 message
|
|
196
|
+
* satisfies. With 0–1 policies the choice is trivial; with several, returns
|
|
197
|
+
* the first match in list order (aligns with the contract iterating its
|
|
198
|
+
* stored claim policies). Falls back to the first policy when nothing matches
|
|
199
|
+
* so behaviour is never worse than the previous always-`[0]` logic — the
|
|
200
|
+
* resulting on-chain failure is then identical to before.
|
|
201
|
+
*/
|
|
202
|
+
declare function selectPermit2ClaimPolicyForMessage(claimPolicies: readonly Permit2ClaimPolicy[], message: Permit2ClaimMessage): Permit2ClaimPolicy | undefined;
|
|
180
203
|
declare function resolvePermit2ClaimPolicy(policy: Permit2ClaimPolicy): InternalPermit2ClaimPolicy;
|
|
181
204
|
declare function getSessionData(session: Session): SessionData;
|
|
182
205
|
declare function getPermissionId(session: Session): `0x${string}`;
|
|
183
|
-
declare function getPolicyData(policy: Policy, useDevContracts?: boolean): PolicyData;
|
|
206
|
+
declare function getPolicyData(policy: Policy, useDevContracts?: boolean, addresses?: ResolvedPolicyAddresses): PolicyData;
|
|
184
207
|
declare function getSmartSessionValidator(config: RhinestoneConfig): Module | null;
|
|
185
208
|
/**
|
|
186
209
|
* Builds a mockSignature for SSX validation gas estimation.
|
|
187
|
-
* Format: emissaryAddress (20 bytes) +
|
|
188
|
-
*
|
|
189
|
-
*
|
|
190
|
-
*
|
|
191
|
-
*
|
|
210
|
+
* Format: emissaryAddress (20 bytes) + packed sigData. Uses real session data
|
|
211
|
+
* (policies/actions from the user's session config) with dummy sigs and hashes —
|
|
212
|
+
* the mock emissary skips sig verification and only reads/writes storage. The
|
|
213
|
+
* orchestrator slices off the first 20 bytes to identify the validator, then
|
|
214
|
+
* picks the gas-simulation path from the bundle's declared `signatureMode`:
|
|
215
|
+
* `verifyExecution` for execution-emissary modes (ENABLE/USE), or
|
|
216
|
+
* `isValidSignatureWithSender` via `simulate_verify1271` for plain ERC-1271.
|
|
217
|
+
* The mode byte alone can't disambiguate USE from ERC-1271 (both are `0x00`),
|
|
218
|
+
* but `shape` is derived from the same resolved `verifyExecutions` that drives
|
|
219
|
+
* `signatureMode`, so the mock payload always matches the path that mode selects.
|
|
192
220
|
*/
|
|
193
|
-
|
|
194
|
-
|
|
221
|
+
type SmartSessionMockShape = 'enable' | 'use' | 'erc1271';
|
|
222
|
+
declare function buildMockSignature(session: Session, useDevContracts?: boolean, chainCount?: number, targetChainId?: number, shape?: SmartSessionMockShape): Hex;
|
|
223
|
+
export { SMART_SESSION_EMISSARY_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS_DEV, SMART_SESSIONS_FALLBACK_TARGET_FLAG, SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG, SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG_PERMITTED_TO_CALL_SMARTSESSION, DUMMY_PRECLAIMOP_TARGET, DUMMY_PRECLAIMOP_SELECTOR, SPENDING_LIMITS_POLICY_ADDRESS, TIME_FRAME_POLICY_ADDRESS, SUDO_POLICY_ADDRESS, UNIVERSAL_ACTION_POLICY_ADDRESS, ARG_POLICY_ADDRESS, USAGE_LIMIT_POLICY_ADDRESS, VALUE_LIMIT_POLICY_ADDRESS, INTENT_EXECUTION_POLICY_ADDRESS, packSignature, toSession, resolvePermit2ClaimPolicy, selectPermit2ClaimPolicyForMessage, getSessionData, getPolicyData, getEnableSessionCall, getDisableSessionCall, getPermissionId, getSmartSessionValidator, getSessionDetails, isSessionEnabled, signEnableSession, buildMockSignature, };
|
|
195
224
|
export type { ChainSession, ChainDigest, ResolvedSessionSignerSet, SessionData, SmartSessionModeType, SessionDetails, };
|
|
196
225
|
//# sourceMappingURL=smart-sessions.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"smart-sessions.d.ts","sourceRoot":"","sources":["../../../../modules/validators/smart-sessions.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,GAAG,EACR,KAAK,OAAO,EAMZ,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"smart-sessions.d.ts","sourceRoot":"","sources":["../../../../modules/validators/smart-sessions.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,GAAG,EACR,KAAK,OAAO,EAMZ,KAAK,GAAG,EAQR,KAAK,mBAAmB,EAKzB,MAAM,MAAM,CAAA;AAcb,OAAO,KAAK,EAIV,kBAAkB,EAClB,MAAM,EACN,cAAc,EACd,cAAc,EACd,uBAAuB,EACvB,cAAc,EACd,uBAAuB,EACvB,gBAAgB,EAChB,OAAO,EACP,iBAAiB,EACjB,iBAAiB,EAGlB,MAAM,aAAa,CAAA;AAEpB,OAAO,EAA4B,KAAK,MAAM,EAAE,MAAM,WAAW,CAAA;AACjE,OAAO,EAIL,8BAA8B,EAC9B,kCAAkC,EACnC,MAAM,QAAQ,CAAA;AAIf,OAAO,EAEL,KAAK,0BAA0B,EAE/B,KAAK,mBAAmB,EACzB,MAAM,0BAA0B,CAAA;AAQjC,UAAU,WAAW;IACnB,gBAAgB,EAAE,OAAO,CAAA;IACzB,wBAAwB,EAAE,GAAG,CAAA;IAC7B,IAAI,EAAE,GAAG,CAAA;IACT,eAAe,EAAE,uBAAuB,CAAA;IACxC,OAAO,EAAE,SAAS,cAAc,EAAE,CAAA;IAClC,aAAa,EAAE,SAAS,cAAc,EAAE,CAAA;CACzC;AAED,KAAK,UAAU,GAAG,cAAc,CAAA;AAChC,KAAK,UAAU,GAAG,cAAc,CAAA;AAahC,KAAK,oBAAoB,GACrB,OAAO,sBAAsB,GAC7B,OAAO,yBAAyB,CAAA;AAEpC,UAAU,WAAW;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,EAAE,GAAG,CAAA;CACnB;AAED,UAAU,iBAAiB;IACzB,mBAAmB,EAAE,OAAO,CAAA;IAC5B,iBAAiB,EAAE,OAAO,CAAA;IAC1B,0BAA0B,EAAE,OAAO,CAAA;IACnC,sBAAsB,EAAE,OAAO,CAAA;IAC/B,cAAc,EAAE,SAAS,UAAU,EAAE,CAAA;IACrC,eAAe,EAAE,WAAW,CAAA;IAC5B,OAAO,EAAE,SAAS,UAAU,EAAE,CAAA;CAC/B;AAED,UAAU,aAAa;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,WAAW,EAAE,iBAAiB,CAAA;IAC9B,gBAAgB,EAAE,OAAO,CAAA;IACzB,wBAAwB,EAAE,GAAG,CAAA;IAC7B,IAAI,EAAE,GAAG,CAAA;IACT,YAAY,EAAE,OAAO,CAAA;IACrB,KAAK,EAAE,MAAM,CAAA;CACd;AAED,UAAU,YAAY;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,aAAa,CAAA;CACvB;AAED,UAAU,WAAW;IACnB,qBAAqB,EAAE,SAAS,cAAc,EAAE,CAAA;IAChD,eAAe,EAAE,SAAS,UAAU,EAAE,CAAA;CACvC;AAED,UAAU,cAAc;IACtB,kBAAkB,EAAE,GAAG,CAAA;IACvB,WAAW,EAAE,SAAS,MAAM,EAAE,CAAA;CAC/B;AAED,UAAU,cAAc;IACtB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,iBAAiB,EAAE,WAAW,EAAE,CAAA;IAChC,IAAI,EAAE,mBAAmB,CAAC,OAAO,KAAK,EAAE,mBAAmB,CAAC,CAAA;CAC7D;AAED,QAAA,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2CD,CAAA;AAEV,QAAA,MAAM,sBAAsB,SAAS,CAAA;AACrC,QAAA,MAAM,yBAAyB,SAAS,CAAA;AAExC,QAAA,MAAM,mCAAmC,EAAE,OACG,CAAA;AAC9C,QAAA,MAAM,4CAA4C,EAAE,GAAkB,CAAA;AACtE,QAAA,MAAM,2EAA2E,EAAE,GACrE,CAAA;AAOd,QAAA,MAAM,uBAAuB,EAAE,OACe,CAAA;AAC9C,QAAA,MAAM,yBAAyB,EAAE,GAAkB,CAAA;AAEnD,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAC9C,QAAA,MAAM,yBAAyB,EAAE,OACa,CAAA;AAC9C,QAAA,MAAM,mBAAmB,EAAE,OACmB,CAAA;AAC9C,QAAA,MAAM,+BAA+B,EAAE,OACO,CAAA;AAC9C,QAAA,MAAM,kBAAkB,EAAE,OAAsD,CAAA;AAChF,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAC9C,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAC9C,QAAA,MAAM,+BAA+B,EAAE,OACO,CAAA;AA+B9C,UAAU,uBAAuB;IAC/B,IAAI,EAAE,OAAO,CAAA;IACb,eAAe,EAAE,OAAO,CAAA;IACxB,SAAS,EAAE,OAAO,CAAA;IAClB,cAAc,EAAE,OAAO,CAAA;IACvB,SAAS,EAAE,OAAO,CAAA;IAClB,UAAU,EAAE,OAAO,CAAA;IACnB,UAAU,EAAE,OAAO,CAAA;CACpB;AA6BD,UAAU,wBAAwB;IAChC,IAAI,EAAE,sBAAsB,CAAA;IAC5B,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,CAAC,EAAE,iBAAiB,CAAA;IAC9B,gBAAgB,EAAE,OAAO,CAAA;IACzB,eAAe,CAAC,EAAE,GAAG,CAAA;CACtB;AAED,iBAAS,aAAa,CACpB,OAAO,EAAE,wBAAwB,EACjC,kBAAkB,EAAE,GAAG,GACtB,GAAG,CA4JL;AAED,iBAAe,iBAAiB,CAC9B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,OAAO,EAAE,EACnB,QAAQ,EAAE,cAAc,GAAG,SAAS,EACpC,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,cAAc,CAAC,CA+CzB;AAED,iBAAe,gBAAgB,CAC7B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,cAAc,GAAG,SAAS,EACpC,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,OAAO,CAAC,CAuBlB;AAED,iBAAe,iBAAiB,CAC9B,MAAM,EAAE,uBAAuB,EAC/B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,GAAG,CAAC,CAyBd;AAwED,iBAAe,oBAAoB,CACjC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,OAAO,EAChB,sBAAsB,EAAE,GAAG,EAC3B,iBAAiB,EAAE;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,EAAE,GAAG,CAAA;CACnB,EAAE,EACH,oBAAoB,EAAE,MAAM,EAC5B,eAAe,CAAC,EAAE,OAAO;;;GA8B1B;AAgBD,iBAAe,qBAAqB,CAClC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,cAAc,GAAG,SAAS,EACpC,eAAe,CAAC,EAAE,OAAO;;;GA6D1B;AAED,iBAAS,SAAS,CAAC,KAAK,CAAC,KAAK,SAAS,SAAS,GAAG,EAAE,EACnD,UAAU,EAAE,iBAAiB,CAAC,KAAK,CAAC,EACpC,OAAO,GAAE;IAAE,eAAe,CAAC,EAAE,OAAO,CAAA;CAAO,GAC1C,OAAO,CA8BT;AA+LD;;;;;;;GAOG;AACH,iBAAS,kCAAkC,CACzC,aAAa,EAAE,SAAS,kBAAkB,EAAE,EAC5C,OAAO,EAAE,mBAAmB,GAC3B,kBAAkB,GAAG,SAAS,CAMhC;AAED,iBAAS,yBAAyB,CAChC,MAAM,EAAE,kBAAkB,GACzB,0BAA0B,CAwB5B;AA4ID,iBAAS,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,WAAW,CAcrD;AAED,iBAAS,eAAe,CAAC,OAAO,EAAE,OAAO,iBAExC;AAoID,iBAAS,aAAa,CACpB,MAAM,EAAE,MAAM,EACd,eAAe,CAAC,EAAE,OAAO,EACzB,SAAS,GAAE,uBAAkD,GAC5D,UAAU,CAmMZ;AAED,iBAAS,wBAAwB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,GAAG,IAAI,CAezE;AAQD;;;;;;;;;;;;GAYG;AAUH,KAAK,qBAAqB,GAAG,QAAQ,GAAG,KAAK,GAAG,SAAS,CAAA;AAEzD,iBAAS,kBAAkB,CACzB,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,EACzB,UAAU,GAAE,MAAU,EACtB,aAAa,CAAC,EAAE,MAAM,EAEtB,KAAK,GAAE,qBAAgC,GACtC,GAAG,CAiDL;AASD,OAAO,EACL,8BAA8B,EAC9B,kCAAkC,EAClC,mCAAmC,EACnC,4CAA4C,EAC5C,2EAA2E,EAC3E,uBAAuB,EACvB,yBAAyB,EACzB,8BAA8B,EAC9B,yBAAyB,EACzB,mBAAmB,EACnB,+BAA+B,EAC/B,kBAAkB,EAClB,0BAA0B,EAC1B,0BAA0B,EAC1B,+BAA+B,EAC/B,aAAa,EACb,SAAS,EACT,yBAAyB,EACzB,kCAAkC,EAClC,cAAc,EACd,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,eAAe,EACf,wBAAwB,EACxB,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,CAAA;AACD,YAAY,EACV,YAAY,EACZ,WAAW,EACX,wBAAwB,EACxB,WAAW,EACX,oBAAoB,EACpB,cAAc,GACf,CAAA"}
|