@spectratools/tx-shared 0.4.2 → 0.5.1

package/dist/index.js

@@ -3,8 +3,22 @@ import {
   createAbstractClient
 } from "./chunk-P4ACSL6N.js";
 import {
-  executeTx
-} from "./chunk-4XI6TBKX.js";
+  attachPrivyPolicyContext,
+  createPrivyAccount,
+  createPrivyAuthorizationPayload,
+  createPrivyClient,
+  createPrivySigner,
+  executeTx,
+  fetchPrivyPolicyVisibility,
+  generatePrivyAuthorizationSignature,
+  getPrivyPolicyContext,
+  normalizePrivyApiUrl,
+  normalizePrivyPolicy,
+  parsePrivyAuthorizationKey,
+  preflightPrivyTransactionPolicy,
+  serializePrivyAuthorizationPayload,
+  toPrivyPolicyViolationError
+} from "./chunk-HFRJBEDT.js";
 import {
   TxError,
   toTxError
@@ -57,384 +71,6 @@ function createKeystoreSigner(options) {
   return { account, address: account.address, provider: "keystore" };
 }
 
-// src/signers/privy-signature.ts
-import { createPrivateKey, sign as signWithCrypto } from "crypto";
-var PRIVY_AUTHORIZATION_KEY_PREFIX = "wallet-auth:";
-var PRIVY_AUTHORIZATION_KEY_REGEX = /^wallet-auth:[A-Za-z0-9+/]+={0,2}$/;
-var DEFAULT_PRIVY_API_URL = "https://api.privy.io";
-function normalizePrivyApiUrl(apiUrl) {
-  const value = (apiUrl ?? DEFAULT_PRIVY_API_URL).trim();
-  if (value.length === 0) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_API_URL format: expected a non-empty http(s) URL"
-    );
-  }
-  let parsed;
-  try {
-    parsed = new URL(value);
-  } catch (cause) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_API_URL format: expected a non-empty http(s) URL",
-      cause
-    );
-  }
-  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_API_URL format: expected a non-empty http(s) URL"
-    );
-  }
-  return parsed.toString().replace(/\/+$/, "");
-}
-function parsePrivyAuthorizationKey(authorizationKey) {
-  const normalizedKey = authorizationKey.trim();
-  if (!PRIVY_AUTHORIZATION_KEY_REGEX.test(normalizedKey)) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_AUTHORIZATION_KEY format: expected wallet-auth:<base64-pkcs8-p256-private-key>"
-    );
-  }
-  const rawPrivateKey = normalizedKey.slice(PRIVY_AUTHORIZATION_KEY_PREFIX.length);
-  let derKey;
-  try {
-    derKey = Buffer.from(rawPrivateKey, "base64");
-  } catch (cause) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_AUTHORIZATION_KEY format: expected wallet-auth:<base64-pkcs8-p256-private-key>",
-      cause
-    );
-  }
-  let keyObject;
-  try {
-    keyObject = createPrivateKey({
-      key: derKey,
-      format: "der",
-      type: "pkcs8"
-    });
-  } catch (cause) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_AUTHORIZATION_KEY format: expected wallet-auth:<base64-pkcs8-p256-private-key>",
-      cause
-    );
-  }
-  if (keyObject.asymmetricKeyType !== "ec") {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_AUTHORIZATION_KEY format: expected wallet-auth:<base64-pkcs8-p256-private-key>"
-    );
-  }
-  const details = keyObject.asymmetricKeyDetails;
-  const namedCurve = details !== void 0 && "namedCurve" in details ? details.namedCurve : void 0;
-  if (namedCurve !== void 0 && namedCurve !== "prime256v1") {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_AUTHORIZATION_KEY format: expected wallet-auth:<base64-pkcs8-p256-private-key>"
-    );
-  }
-  return keyObject;
-}
-function createPrivyAuthorizationPayload(options) {
-  const appId = options.appId.trim();
-  if (appId.length === 0) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_APP_ID format: expected non-empty string"
-    );
-  }
-  const url = options.url.trim().replace(/\/+$/, "");
-  if (url.length === 0) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      "Failed to build Privy authorization payload: request URL is empty"
-    );
-  }
-  return {
-    version: 1,
-    method: options.method,
-    url,
-    headers: {
-      "privy-app-id": appId,
-      ...options.idempotencyKey !== void 0 ? { "privy-idempotency-key": options.idempotencyKey } : {}
-    },
-    body: options.body
-  };
-}
-function serializePrivyAuthorizationPayload(payload) {
-  return canonicalizeJson(payload);
-}
-function generatePrivyAuthorizationSignature(payload, authorizationKey) {
-  const privateKey = parsePrivyAuthorizationKey(authorizationKey);
-  const serializedPayload = serializePrivyAuthorizationPayload(payload);
-  const signature = signWithCrypto("sha256", Buffer.from(serializedPayload), privateKey);
-  return signature.toString("base64");
-}
-function canonicalizeJson(value) {
-  if (value === null) {
-    return "null";
-  }
-  if (typeof value === "string" || typeof value === "boolean") {
-    return JSON.stringify(value);
-  }
-  if (typeof value === "number") {
-    if (!Number.isFinite(value)) {
-      throw new TxError(
-        "PRIVY_TRANSPORT_FAILED",
-        "Failed to build Privy authorization payload: JSON payload contains a non-finite number"
-      );
-    }
-    return JSON.stringify(value);
-  }
-  if (Array.isArray(value)) {
-    return `[${value.map((item) => canonicalizeJson(item)).join(",")}]`;
-  }
-  if (typeof value === "object") {
-    const record = value;
-    const keys = Object.keys(record).sort((left, right) => left.localeCompare(right));
-    const entries = [];
-    for (const key of keys) {
-      const entryValue = record[key];
-      if (entryValue === void 0) {
-        continue;
-      }
-      entries.push(`${JSON.stringify(key)}:${canonicalizeJson(entryValue)}`);
-    }
-    return `{${entries.join(",")}}`;
-  }
-  throw new TxError(
-    "PRIVY_TRANSPORT_FAILED",
-    "Failed to build Privy authorization payload: JSON payload contains unsupported value type"
-  );
-}
-
-// src/signers/privy-client.ts
-function createPrivyClient(options) {
-  const appId = options.appId.trim();
-  const walletId = options.walletId.trim();
-  if (appId.length === 0) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_APP_ID format: expected non-empty string"
-    );
-  }
-  if (walletId.length === 0) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_WALLET_ID format: expected non-empty string"
-    );
-  }
-  const apiUrl = normalizePrivyApiUrl(options.apiUrl);
-  const fetchImplementation = options.fetchImplementation ?? fetch;
-  return {
-    appId,
-    walletId,
-    apiUrl,
-    async createRpcIntent(request, requestOptions) {
-      const url = `${apiUrl}/v1/intents/wallets/${walletId}/rpc`;
-      const payload = createPrivyAuthorizationPayload({
-        appId,
-        method: "POST",
-        url,
-        body: request,
-        ...requestOptions?.idempotencyKey !== void 0 ? { idempotencyKey: requestOptions.idempotencyKey } : {}
-      });
-      const signature = generatePrivyAuthorizationSignature(payload, options.authorizationKey);
-      return sendPrivyRequest({
-        fetchImplementation,
-        method: "POST",
-        url,
-        body: request,
-        operation: "create rpc intent",
-        headers: {
-          "privy-app-id": appId,
-          "privy-authorization-signature": signature,
-          ...requestOptions?.idempotencyKey !== void 0 ? { "privy-idempotency-key": requestOptions.idempotencyKey } : {}
-        }
-      });
-    },
-    async getWallet() {
-      const url = `${apiUrl}/v1/wallets/${walletId}`;
-      return sendPrivyRequest({
-        fetchImplementation,
-        method: "GET",
-        url,
-        operation: "get wallet",
-        headers: {
-          "privy-app-id": appId
-        }
-      });
-    },
-    async getPolicy(policyId) {
-      if (policyId.trim().length === 0) {
-        throw new TxError(
-          "PRIVY_TRANSPORT_FAILED",
-          "Failed to build Privy policy lookup request: policy id is empty"
-        );
-      }
-      const url = `${apiUrl}/v1/policies/${policyId}`;
-      return sendPrivyRequest({
-        fetchImplementation,
-        method: "GET",
-        url,
-        operation: "get policy",
-        headers: {
-          "privy-app-id": appId
-        }
-      });
-    }
-  };
-}
-async function sendPrivyRequest(options) {
-  let response;
-  try {
-    response = await options.fetchImplementation(options.url, {
-      method: options.method,
-      headers: {
-        ...options.headers,
-        ...options.body !== void 0 ? { "content-type": "application/json" } : {}
-      },
-      ...options.body !== void 0 ? { body: JSON.stringify(options.body) } : {}
-    });
-  } catch (cause) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      `Privy ${options.operation} request failed: network error`,
-      cause
-    );
-  }
-  const payload = await parseJsonResponse(response, options.operation);
-  if (!response.ok) {
-    const message = extractPrivyErrorMessage(payload) ?? `HTTP ${response.status}`;
-    if (response.status === 401 || response.status === 403) {
-      throw new TxError(
-        "PRIVY_AUTH_FAILED",
-        `Privy authentication failed (${response.status}): ${message}`
-      );
-    }
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      `Privy ${options.operation} request failed (${response.status}): ${message}`
-    );
-  }
-  if (!isRecord(payload)) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      `Privy ${options.operation} request failed: invalid JSON response shape`
-    );
-  }
-  return payload;
-}
-async function parseJsonResponse(response, operation) {
-  const text = await response.text();
-  if (text.trim().length === 0) {
-    return void 0;
-  }
-  try {
-    return JSON.parse(text);
-  } catch (cause) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      `Privy ${operation} request failed: invalid JSON response`,
-      cause
-    );
-  }
-}
-function isRecord(value) {
-  return typeof value === "object" && value !== null;
-}
-function extractPrivyErrorMessage(payload) {
-  if (!isRecord(payload)) {
-    return void 0;
-  }
-  const directMessage = payload.message;
-  if (typeof directMessage === "string" && directMessage.length > 0) {
-    return directMessage;
-  }
-  const errorValue = payload.error;
-  if (typeof errorValue === "string" && errorValue.length > 0) {
-    return errorValue;
-  }
-  if (isRecord(errorValue)) {
-    const nestedMessage = errorValue.message;
-    if (typeof nestedMessage === "string" && nestedMessage.length > 0) {
-      return nestedMessage;
-    }
-  }
-  return void 0;
-}
-
-// src/signers/privy.ts
-import { zeroAddress } from "viem";
-var REQUIRED_FIELDS = [
-  "privyAppId",
-  "privyWalletId",
-  "privyAuthorizationKey"
-];
-var APP_ID_REGEX = /^[A-Za-z0-9_-]{8,128}$/;
-var WALLET_ID_REGEX = /^[A-Za-z0-9_-]{8,128}$/;
-async function createPrivySigner(options) {
-  const missing = REQUIRED_FIELDS.filter((field) => {
-    const value = options[field];
-    return typeof value !== "string" || value.trim().length === 0;
-  });
-  if (missing.length > 0) {
-    const missingLabels = missing.map((field) => {
-      if (field === "privyAppId") {
-        return "PRIVY_APP_ID";
-      }
-      if (field === "privyWalletId") {
-        return "PRIVY_WALLET_ID";
-      }
-      return "PRIVY_AUTHORIZATION_KEY";
-    }).join(", ");
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      `Privy signer requires configuration: missing ${missingLabels}`
-    );
-  }
-  const appId = options.privyAppId?.trim() ?? "";
-  const walletId = options.privyWalletId?.trim() ?? "";
-  const authorizationKey = options.privyAuthorizationKey?.trim() ?? "";
-  if (!APP_ID_REGEX.test(appId)) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_APP_ID format: expected 8-128 chars using letters, numbers, hyphen, or underscore"
-    );
-  }
-  if (!WALLET_ID_REGEX.test(walletId)) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_WALLET_ID format: expected 8-128 chars using letters, numbers, hyphen, or underscore"
-    );
-  }
-  parsePrivyAuthorizationKey(authorizationKey);
-  const apiUrl = normalizePrivyApiUrl(options.privyApiUrl);
-  const client = createPrivyClient({
-    appId,
-    walletId,
-    authorizationKey,
-    apiUrl
-  });
-  const account = {
-    address: zeroAddress,
-    type: "json-rpc"
-  };
-  return {
-    provider: "privy",
-    account,
-    address: account.address,
-    privy: {
-      appId,
-      walletId,
-      apiUrl,
-      client
-    }
-  };
-}
-
 // src/resolve-signer.ts
 function hasPrivyConfig(opts) {
   return opts.privyAppId !== void 0 || opts.privyWalletId !== void 0 || opts.privyAuthorizationKey !== void 0;
@@ -456,12 +92,13 @@ async function resolveSigner(opts) {
     });
   }
   if (opts.privy === true || hasPrivyConfig(opts)) {
-    return createPrivySigner({
+    const privySigner = await createPrivySigner({
       ...opts.privyAppId !== void 0 ? { privyAppId: opts.privyAppId } : {},
       ...opts.privyWalletId !== void 0 ? { privyWalletId: opts.privyWalletId } : {},
       ...opts.privyAuthorizationKey !== void 0 ? { privyAuthorizationKey: opts.privyAuthorizationKey } : {},
       ...opts.privyApiUrl !== void 0 ? { privyApiUrl: opts.privyApiUrl } : {}
     });
+    return privySigner;
   }
   throw new TxError(
     "SIGNER_NOT_CONFIGURED",
@@ -504,20 +141,27 @@ function toSignerOptions(flags, env) {
 export {
   TxError,
   abstractMainnet,
+  attachPrivyPolicyContext,
   createAbstractClient,
   createKeystoreSigner,
   createPrivateKeySigner,
+  createPrivyAccount,
   createPrivyAuthorizationPayload,
   createPrivyClient,
   createPrivySigner,
   executeTx,
+  fetchPrivyPolicyVisibility,
   generatePrivyAuthorizationSignature,
+  getPrivyPolicyContext,
   normalizePrivyApiUrl,
+  normalizePrivyPolicy,
   parsePrivyAuthorizationKey,
+  preflightPrivyTransactionPolicy,
   resolveSigner,
   serializePrivyAuthorizationPayload,
   signerEnvSchema,
   signerFlagSchema,
+  toPrivyPolicyViolationError,
   toSignerOptions,
   toTxError
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@spectratools/tx-shared",
-  "version": "0.4.2",
+  "version": "0.5.1",
   "description": "Shared transaction primitives, signer types, and chain config for spectra tools",
   "type": "module",
   "license": "MIT",

package/dist/chunk-4XI6TBKX.js

@@ -1,130 +0,0 @@
-import {
-  TxError
-} from "./chunk-6T4D5UCR.js";
-
-// src/execute-tx.ts
-async function executeTx(options) {
-  const {
-    publicClient,
-    walletClient,
-    account,
-    address,
-    abi,
-    functionName,
-    chain,
-    args,
-    value,
-    gasLimit,
-    maxFeePerGas,
-    nonce,
-    dryRun = false
-  } = options;
-  let estimatedGas;
-  try {
-    estimatedGas = await publicClient.estimateContractGas({
-      account,
-      address,
-      abi,
-      functionName,
-      args,
-      value
-    });
-  } catch (error) {
-    throw mapError(error, "estimation");
-  }
-  let simulationResult;
-  try {
-    const sim = await publicClient.simulateContract({
-      account,
-      address,
-      abi,
-      functionName,
-      args,
-      value
-    });
-    simulationResult = sim.result;
-  } catch (error) {
-    throw mapError(error, "simulation");
-  }
-  if (dryRun) {
-    return {
-      status: "dry-run",
-      estimatedGas,
-      simulationResult
-    };
-  }
-  let hash;
-  try {
-    hash = await walletClient.writeContract({
-      account,
-      address,
-      abi,
-      functionName,
-      args,
-      value,
-      chain,
-      gas: gasLimit ?? estimatedGas,
-      maxFeePerGas,
-      nonce
-    });
-  } catch (error) {
-    throw mapError(error, "submit");
-  }
-  let receipt;
-  try {
-    receipt = await publicClient.waitForTransactionReceipt({ hash });
-  } catch (error) {
-    throw mapError(error, "receipt");
-  }
-  if (receipt.status === "reverted") {
-    throw new TxError("TX_REVERTED", `Transaction ${hash} reverted on-chain`);
-  }
-  return receiptToTxResult(receipt);
-}
-function receiptToTxResult(receipt) {
-  return {
-    hash: receipt.transactionHash,
-    blockNumber: receipt.blockNumber,
-    gasUsed: receipt.gasUsed,
-    status: receipt.status === "success" ? "success" : "reverted",
-    from: receipt.from,
-    to: receipt.to,
-    effectiveGasPrice: receipt.effectiveGasPrice
-  };
-}
-function mapError(error, phase) {
-  const msg = errorMessage(error);
-  if (matchesInsufficientFunds(msg)) {
-    return new TxError("INSUFFICIENT_FUNDS", `Insufficient funds: ${msg}`, error);
-  }
-  if (matchesNonceConflict(msg)) {
-    return new TxError("NONCE_CONFLICT", `Nonce conflict: ${msg}`, error);
-  }
-  if (phase === "estimation" || phase === "simulation") {
-    return new TxError("GAS_ESTIMATION_FAILED", `Gas estimation/simulation failed: ${msg}`, error);
-  }
-  if (matchesRevert(msg)) {
-    return new TxError("TX_REVERTED", `Transaction reverted: ${msg}`, error);
-  }
-  return new TxError("TX_REVERTED", `Transaction failed (${phase}): ${msg}`, error);
-}
-function errorMessage(error) {
-  if (error instanceof Error) return error.message;
-  return String(error);
-}
-function matchesInsufficientFunds(msg) {
-  const lower = msg.toLowerCase();
-  return lower.includes("insufficient funds") || lower.includes("insufficient balance") || lower.includes("sender doesn't have enough funds");
-}
-function matchesNonceConflict(msg) {
-  const lower = msg.toLowerCase();
-  return lower.includes("nonce too low") || lower.includes("nonce has already been used") || lower.includes("already known") || lower.includes("replacement transaction underpriced");
-}
-function matchesRevert(msg) {
-  const lower = msg.toLowerCase();
-  return lower.includes("revert") || lower.includes("execution reverted") || lower.includes("transaction failed");
-}
-
-export {
-  executeTx
-};