@spectratools/tx-shared 0.4.3 → 0.5.2

package/dist/index.js

@@ -3,8 +3,22 @@ import {
   createAbstractClient
 } from "./chunk-P4ACSL6N.js";
 import {
-  executeTx
-} from "./chunk-4XI6TBKX.js";
+  attachPrivyPolicyContext,
+  createPrivyAccount,
+  createPrivyAuthorizationPayload,
+  createPrivyClient,
+  createPrivySigner,
+  executeTx,
+  fetchPrivyPolicyVisibility,
+  generatePrivyAuthorizationSignature,
+  getPrivyPolicyContext,
+  normalizePrivyApiUrl,
+  normalizePrivyPolicy,
+  parsePrivyAuthorizationKey,
+  preflightPrivyTransactionPolicy,
+  serializePrivyAuthorizationPayload,
+  toPrivyPolicyViolationError
+} from "./chunk-HFRJBEDT.js";
 import {
   TxError,
   toTxError
@@ -57,599 +71,6 @@ function createKeystoreSigner(options) {
   return { account, address: account.address, provider: "keystore" };
 }
 
-// src/signers/privy-account.ts
-import { isAddress } from "viem";
-var DEFAULT_CHAIN_ID = 2741;
-var HASH_REGEX = /^0x[a-fA-F0-9]{64}$/;
-async function createPrivyAccount(options) {
-  const wallet = await options.client.getWallet();
-  if (typeof wallet.address !== "string" || !isAddress(wallet.address)) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      "Privy get wallet request failed: wallet address is missing or invalid"
-    );
-  }
-  const address = wallet.address;
-  const defaultChainId = options.chainId ?? DEFAULT_CHAIN_ID;
-  return {
-    address,
-    type: "json-rpc",
-    async sendTransaction(request) {
-      const chainId = normalizeChainId(request.chainId ?? defaultChainId);
-      const rpcRequest = createSendTransactionRpcRequest(address, chainId, request);
-      const response = await options.client.createRpcIntent(rpcRequest);
-      return parsePrivyTransactionHash(response);
-    }
-  };
-}
-function createSendTransactionRpcRequest(from, chainId, request) {
-  const transaction = {
-    from
-  };
-  if (request.to !== void 0) {
-    transaction.to = request.to;
-  }
-  if (request.data !== void 0) {
-    transaction.data = request.data;
-  }
-  if (request.value !== void 0) {
-    transaction.value = normalizeNumberish(request.value, "value");
-  }
-  if (request.nonce !== void 0) {
-    transaction.nonce = normalizeNumberish(request.nonce, "nonce");
-  }
-  if (request.gas !== void 0) {
-    transaction.gas_limit = normalizeNumberish(request.gas, "gas");
-  }
-  if (request.gasPrice !== void 0) {
-    transaction.gas_price = normalizeNumberish(request.gasPrice, "gasPrice");
-  }
-  if (request.maxFeePerGas !== void 0) {
-    transaction.max_fee_per_gas = normalizeNumberish(request.maxFeePerGas, "maxFeePerGas");
-  }
-  if (request.maxPriorityFeePerGas !== void 0) {
-    transaction.max_priority_fee_per_gas = normalizeNumberish(
-      request.maxPriorityFeePerGas,
-      "maxPriorityFeePerGas"
-    );
-  }
-  if (request.type !== void 0) {
-    transaction.type = request.type;
-  }
-  transaction.chain_id = chainId;
-  return {
-    method: "eth_sendTransaction",
-    caip2: `eip155:${chainId}`,
-    params: {
-      transaction
-    }
-  };
-}
-function parsePrivyTransactionHash(response) {
-  const intentId = response.intent_id;
-  if (response.status !== "executed") {
-    const reason = extractIntentReason(response) ?? "no reason provided";
-    if (response.status === "failed") {
-      throw new TxError("TX_REVERTED", `Privy rpc intent ${intentId} failed: ${reason}`);
-    }
-    if (response.status === "rejected" || response.status === "dismissed" || response.status === "expired") {
-      throw new TxError(
-        "PRIVY_AUTH_FAILED",
-        `Privy rpc intent ${intentId} ${response.status}: ${reason}`
-      );
-    }
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      `Privy rpc intent ${intentId} did not execute (status: ${response.status})`
-    );
-  }
-  const hash = extractIntentHash(response);
-  if (hash === void 0 || !HASH_REGEX.test(hash)) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      `Privy rpc intent ${intentId} executed without a valid transaction hash`
-    );
-  }
-  return hash;
-}
-function extractIntentHash(response) {
-  if (!isRecord(response.action_result)) {
-    return void 0;
-  }
-  const responseBody = response.action_result.response_body;
-  if (!isRecord(responseBody)) {
-    return void 0;
-  }
-  const data = responseBody.data;
-  if (!isRecord(data)) {
-    return void 0;
-  }
-  return typeof data.hash === "string" ? data.hash : void 0;
-}
-function extractIntentReason(response) {
-  if (typeof response.dismissal_reason === "string" && response.dismissal_reason.length > 0) {
-    return response.dismissal_reason;
-  }
-  if (isRecord(response.action_result)) {
-    const responseBody = response.action_result.response_body;
-    if (isRecord(responseBody)) {
-      const error = responseBody.error;
-      if (typeof error === "string" && error.length > 0) {
-        return error;
-      }
-      if (isRecord(error)) {
-        const errorMessage = error.message;
-        if (typeof errorMessage === "string" && errorMessage.length > 0) {
-          return errorMessage;
-        }
-      }
-      const message = responseBody.message;
-      if (typeof message === "string" && message.length > 0) {
-        return message;
-      }
-    }
-  }
-  return void 0;
-}
-function normalizeChainId(chainId) {
-  if (typeof chainId === "number") {
-    if (!Number.isInteger(chainId) || chainId <= 0) {
-      throw new TxError(
-        "PRIVY_TRANSPORT_FAILED",
-        "Failed to build Privy eth_sendTransaction payload: chainId must be a positive integer"
-      );
-    }
-    return chainId;
-  }
-  if (typeof chainId === "bigint") {
-    if (chainId <= 0n || chainId > BigInt(Number.MAX_SAFE_INTEGER)) {
-      throw new TxError(
-        "PRIVY_TRANSPORT_FAILED",
-        "Failed to build Privy eth_sendTransaction payload: chainId must be a positive safe integer"
-      );
-    }
-    return Number(chainId);
-  }
-  const trimmed = chainId.trim();
-  if (trimmed.length === 0) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      "Failed to build Privy eth_sendTransaction payload: chainId is empty"
-    );
-  }
-  if (/^0x[0-9a-fA-F]+$/.test(trimmed)) {
-    const parsed2 = Number.parseInt(trimmed.slice(2), 16);
-    if (!Number.isSafeInteger(parsed2) || parsed2 <= 0) {
-      throw new TxError(
-        "PRIVY_TRANSPORT_FAILED",
-        "Failed to build Privy eth_sendTransaction payload: chainId must be a positive safe integer"
-      );
-    }
-    return parsed2;
-  }
-  if (!/^[0-9]+$/.test(trimmed)) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      "Failed to build Privy eth_sendTransaction payload: chainId must be a positive safe integer"
-    );
-  }
-  const parsed = Number(trimmed);
-  if (!Number.isSafeInteger(parsed) || parsed <= 0) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      "Failed to build Privy eth_sendTransaction payload: chainId must be a positive safe integer"
-    );
-  }
-  return parsed;
-}
-function normalizeNumberish(value, fieldName) {
-  if (typeof value === "bigint") {
-    if (value < 0n) {
-      throw new TxError(
-        "PRIVY_TRANSPORT_FAILED",
-        `Failed to build Privy eth_sendTransaction payload: ${fieldName} cannot be negative`
-      );
-    }
-    return value.toString(10);
-  }
-  if (typeof value === "number") {
-    if (!Number.isFinite(value) || value < 0) {
-      throw new TxError(
-        "PRIVY_TRANSPORT_FAILED",
-        `Failed to build Privy eth_sendTransaction payload: ${fieldName} must be a non-negative number`
-      );
-    }
-    return Number.isInteger(value) ? value : value.toString();
-  }
-  const trimmed = value.trim();
-  if (trimmed.length === 0) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      `Failed to build Privy eth_sendTransaction payload: ${fieldName} is empty`
-    );
-  }
-  return trimmed;
-}
-function isRecord(value) {
-  return typeof value === "object" && value !== null;
-}
-
-// src/signers/privy-signature.ts
-import { createPrivateKey, sign as signWithCrypto } from "crypto";
-var PRIVY_AUTHORIZATION_KEY_PREFIX = "wallet-auth:";
-var PRIVY_AUTHORIZATION_KEY_REGEX = /^wallet-auth:[A-Za-z0-9+/]+={0,2}$/;
-var DEFAULT_PRIVY_API_URL = "https://api.privy.io";
-function normalizePrivyApiUrl(apiUrl) {
-  const value = (apiUrl ?? DEFAULT_PRIVY_API_URL).trim();
-  if (value.length === 0) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_API_URL format: expected a non-empty http(s) URL"
-    );
-  }
-  let parsed;
-  try {
-    parsed = new URL(value);
-  } catch (cause) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_API_URL format: expected a non-empty http(s) URL",
-      cause
-    );
-  }
-  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_API_URL format: expected a non-empty http(s) URL"
-    );
-  }
-  return parsed.toString().replace(/\/+$/, "");
-}
-function parsePrivyAuthorizationKey(authorizationKey) {
-  const normalizedKey = authorizationKey.trim();
-  if (!PRIVY_AUTHORIZATION_KEY_REGEX.test(normalizedKey)) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_AUTHORIZATION_KEY format: expected wallet-auth:<base64-pkcs8-p256-private-key>"
-    );
-  }
-  const rawPrivateKey = normalizedKey.slice(PRIVY_AUTHORIZATION_KEY_PREFIX.length);
-  let derKey;
-  try {
-    derKey = Buffer.from(rawPrivateKey, "base64");
-  } catch (cause) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_AUTHORIZATION_KEY format: expected wallet-auth:<base64-pkcs8-p256-private-key>",
-      cause
-    );
-  }
-  let keyObject;
-  try {
-    keyObject = createPrivateKey({
-      key: derKey,
-      format: "der",
-      type: "pkcs8"
-    });
-  } catch (cause) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_AUTHORIZATION_KEY format: expected wallet-auth:<base64-pkcs8-p256-private-key>",
-      cause
-    );
-  }
-  if (keyObject.asymmetricKeyType !== "ec") {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_AUTHORIZATION_KEY format: expected wallet-auth:<base64-pkcs8-p256-private-key>"
-    );
-  }
-  const details = keyObject.asymmetricKeyDetails;
-  const namedCurve = details !== void 0 && "namedCurve" in details ? details.namedCurve : void 0;
-  if (namedCurve !== void 0 && namedCurve !== "prime256v1") {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_AUTHORIZATION_KEY format: expected wallet-auth:<base64-pkcs8-p256-private-key>"
-    );
-  }
-  return keyObject;
-}
-function createPrivyAuthorizationPayload(options) {
-  const appId = options.appId.trim();
-  if (appId.length === 0) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_APP_ID format: expected non-empty string"
-    );
-  }
-  const url = options.url.trim().replace(/\/+$/, "");
-  if (url.length === 0) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      "Failed to build Privy authorization payload: request URL is empty"
-    );
-  }
-  return {
-    version: 1,
-    method: options.method,
-    url,
-    headers: {
-      "privy-app-id": appId,
-      ...options.idempotencyKey !== void 0 ? { "privy-idempotency-key": options.idempotencyKey } : {}
-    },
-    body: options.body
-  };
-}
-function serializePrivyAuthorizationPayload(payload) {
-  return canonicalizeJson(payload);
-}
-function generatePrivyAuthorizationSignature(payload, authorizationKey) {
-  const privateKey = parsePrivyAuthorizationKey(authorizationKey);
-  const serializedPayload = serializePrivyAuthorizationPayload(payload);
-  const signature = signWithCrypto("sha256", Buffer.from(serializedPayload), privateKey);
-  return signature.toString("base64");
-}
-function canonicalizeJson(value) {
-  if (value === null) {
-    return "null";
-  }
-  if (typeof value === "string" || typeof value === "boolean") {
-    return JSON.stringify(value);
-  }
-  if (typeof value === "number") {
-    if (!Number.isFinite(value)) {
-      throw new TxError(
-        "PRIVY_TRANSPORT_FAILED",
-        "Failed to build Privy authorization payload: JSON payload contains a non-finite number"
-      );
-    }
-    return JSON.stringify(value);
-  }
-  if (Array.isArray(value)) {
-    return `[${value.map((item) => canonicalizeJson(item)).join(",")}]`;
-  }
-  if (typeof value === "object") {
-    const record = value;
-    const keys = Object.keys(record).sort((left, right) => left.localeCompare(right));
-    const entries = [];
-    for (const key of keys) {
-      const entryValue = record[key];
-      if (entryValue === void 0) {
-        continue;
-      }
-      entries.push(`${JSON.stringify(key)}:${canonicalizeJson(entryValue)}`);
-    }
-    return `{${entries.join(",")}}`;
-  }
-  throw new TxError(
-    "PRIVY_TRANSPORT_FAILED",
-    "Failed to build Privy authorization payload: JSON payload contains unsupported value type"
-  );
-}
-
-// src/signers/privy-client.ts
-function createPrivyClient(options) {
-  const appId = options.appId.trim();
-  const walletId = options.walletId.trim();
-  if (appId.length === 0) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_APP_ID format: expected non-empty string"
-    );
-  }
-  if (walletId.length === 0) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_WALLET_ID format: expected non-empty string"
-    );
-  }
-  const apiUrl = normalizePrivyApiUrl(options.apiUrl);
-  const fetchImplementation = options.fetchImplementation ?? fetch;
-  return {
-    appId,
-    walletId,
-    apiUrl,
-    async createRpcIntent(request, requestOptions) {
-      const url = `${apiUrl}/v1/intents/wallets/${walletId}/rpc`;
-      const payload = createPrivyAuthorizationPayload({
-        appId,
-        method: "POST",
-        url,
-        body: request,
-        ...requestOptions?.idempotencyKey !== void 0 ? { idempotencyKey: requestOptions.idempotencyKey } : {}
-      });
-      const signature = generatePrivyAuthorizationSignature(payload, options.authorizationKey);
-      return sendPrivyRequest({
-        fetchImplementation,
-        method: "POST",
-        url,
-        body: request,
-        operation: "create rpc intent",
-        headers: {
-          "privy-app-id": appId,
-          "privy-authorization-signature": signature,
-          ...requestOptions?.idempotencyKey !== void 0 ? { "privy-idempotency-key": requestOptions.idempotencyKey } : {}
-        }
-      });
-    },
-    async getWallet() {
-      const url = `${apiUrl}/v1/wallets/${walletId}`;
-      return sendPrivyRequest({
-        fetchImplementation,
-        method: "GET",
-        url,
-        operation: "get wallet",
-        headers: {
-          "privy-app-id": appId
-        }
-      });
-    },
-    async getPolicy(policyId) {
-      if (policyId.trim().length === 0) {
-        throw new TxError(
-          "PRIVY_TRANSPORT_FAILED",
-          "Failed to build Privy policy lookup request: policy id is empty"
-        );
-      }
-      const url = `${apiUrl}/v1/policies/${policyId}`;
-      return sendPrivyRequest({
-        fetchImplementation,
-        method: "GET",
-        url,
-        operation: "get policy",
-        headers: {
-          "privy-app-id": appId
-        }
-      });
-    }
-  };
-}
-async function sendPrivyRequest(options) {
-  let response;
-  try {
-    response = await options.fetchImplementation(options.url, {
-      method: options.method,
-      headers: {
-        ...options.headers,
-        ...options.body !== void 0 ? { "content-type": "application/json" } : {}
-      },
-      ...options.body !== void 0 ? { body: JSON.stringify(options.body) } : {}
-    });
-  } catch (cause) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      `Privy ${options.operation} request failed: network error`,
-      cause
-    );
-  }
-  const payload = await parseJsonResponse(response, options.operation);
-  if (!response.ok) {
-    const message = extractPrivyErrorMessage(payload) ?? `HTTP ${response.status}`;
-    if (response.status === 401 || response.status === 403) {
-      throw new TxError(
-        "PRIVY_AUTH_FAILED",
-        `Privy authentication failed (${response.status}): ${message}`
-      );
-    }
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      `Privy ${options.operation} request failed (${response.status}): ${message}`
-    );
-  }
-  if (!isRecord2(payload)) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      `Privy ${options.operation} request failed: invalid JSON response shape`
-    );
-  }
-  return payload;
-}
-async function parseJsonResponse(response, operation) {
-  const text = await response.text();
-  if (text.trim().length === 0) {
-    return void 0;
-  }
-  try {
-    return JSON.parse(text);
-  } catch (cause) {
-    throw new TxError(
-      "PRIVY_TRANSPORT_FAILED",
-      `Privy ${operation} request failed: invalid JSON response`,
-      cause
-    );
-  }
-}
-function isRecord2(value) {
-  return typeof value === "object" && value !== null;
-}
-function extractPrivyErrorMessage(payload) {
-  if (!isRecord2(payload)) {
-    return void 0;
-  }
-  const directMessage = payload.message;
-  if (typeof directMessage === "string" && directMessage.length > 0) {
-    return directMessage;
-  }
-  const errorValue = payload.error;
-  if (typeof errorValue === "string" && errorValue.length > 0) {
-    return errorValue;
-  }
-  if (isRecord2(errorValue)) {
-    const nestedMessage = errorValue.message;
-    if (typeof nestedMessage === "string" && nestedMessage.length > 0) {
-      return nestedMessage;
-    }
-  }
-  return void 0;
-}
-
-// src/signers/privy.ts
-var REQUIRED_FIELDS = [
-  "privyAppId",
-  "privyWalletId",
-  "privyAuthorizationKey"
-];
-var APP_ID_REGEX = /^[A-Za-z0-9_-]{8,128}$/;
-var WALLET_ID_REGEX = /^[A-Za-z0-9_-]{8,128}$/;
-async function createPrivySigner(options) {
-  const missing = REQUIRED_FIELDS.filter((field) => {
-    const value = options[field];
-    return typeof value !== "string" || value.trim().length === 0;
-  });
-  if (missing.length > 0) {
-    const missingLabels = missing.map((field) => {
-      if (field === "privyAppId") {
-        return "PRIVY_APP_ID";
-      }
-      if (field === "privyWalletId") {
-        return "PRIVY_WALLET_ID";
-      }
-      return "PRIVY_AUTHORIZATION_KEY";
-    }).join(", ");
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      `Privy signer requires configuration: missing ${missingLabels}`
-    );
-  }
-  const appId = options.privyAppId?.trim() ?? "";
-  const walletId = options.privyWalletId?.trim() ?? "";
-  const authorizationKey = options.privyAuthorizationKey?.trim() ?? "";
-  if (!APP_ID_REGEX.test(appId)) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_APP_ID format: expected 8-128 chars using letters, numbers, hyphen, or underscore"
-    );
-  }
-  if (!WALLET_ID_REGEX.test(walletId)) {
-    throw new TxError(
-      "PRIVY_AUTH_FAILED",
-      "Invalid PRIVY_WALLET_ID format: expected 8-128 chars using letters, numbers, hyphen, or underscore"
-    );
-  }
-  parsePrivyAuthorizationKey(authorizationKey);
-  const apiUrl = normalizePrivyApiUrl(options.privyApiUrl);
-  const client = createPrivyClient({
-    appId,
-    walletId,
-    authorizationKey,
-    apiUrl
-  });
-  const account = await createPrivyAccount({
-    client
-  });
-  return {
-    provider: "privy",
-    account,
-    address: account.address,
-    privy: {
-      appId,
-      walletId,
-      apiUrl,
-      client
-    }
-  };
-}
-
 // src/resolve-signer.ts
 function hasPrivyConfig(opts) {
   return opts.privyAppId !== void 0 || opts.privyWalletId !== void 0 || opts.privyAuthorizationKey !== void 0;
@@ -671,12 +92,13 @@ async function resolveSigner(opts) {
     });
   }
   if (opts.privy === true || hasPrivyConfig(opts)) {
-    return createPrivySigner({
+    const privySigner = await createPrivySigner({
       ...opts.privyAppId !== void 0 ? { privyAppId: opts.privyAppId } : {},
       ...opts.privyWalletId !== void 0 ? { privyWalletId: opts.privyWalletId } : {},
       ...opts.privyAuthorizationKey !== void 0 ? { privyAuthorizationKey: opts.privyAuthorizationKey } : {},
       ...opts.privyApiUrl !== void 0 ? { privyApiUrl: opts.privyApiUrl } : {}
     });
+    return privySigner;
   }
   throw new TxError(
     "SIGNER_NOT_CONFIGURED",
@@ -719,6 +141,7 @@ function toSignerOptions(flags, env) {
 export {
   TxError,
   abstractMainnet,
+  attachPrivyPolicyContext,
   createAbstractClient,
   createKeystoreSigner,
   createPrivateKeySigner,
@@ -727,13 +150,18 @@ export {
   createPrivyClient,
   createPrivySigner,
   executeTx,
+  fetchPrivyPolicyVisibility,
   generatePrivyAuthorizationSignature,
+  getPrivyPolicyContext,
   normalizePrivyApiUrl,
+  normalizePrivyPolicy,
   parsePrivyAuthorizationKey,
+  preflightPrivyTransactionPolicy,
   resolveSigner,
   serializePrivyAuthorizationPayload,
   signerEnvSchema,
   signerFlagSchema,
+  toPrivyPolicyViolationError,
   toSignerOptions,
   toTxError
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@spectratools/tx-shared",
-  "version": "0.4.3",
+  "version": "0.5.2",
   "description": "Shared transaction primitives, signer types, and chain config for spectra tools",
   "type": "module",
   "license": "MIT",