@zerodev/wallet-core 0.0.1-alpha.14 → 0.0.1-alpha.16

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zerodev/wallet-core",
-  "version": "0.0.1-alpha.14",
+  "version": "0.0.1-alpha.16",
   "description": "ZeroDev Wallet SDK built on Turnkey",
   "main": "./dist/_cjs/index.js",
   "module": "./dist/_esm/index.js",

package/src/actions/auth/getAuthenticators.ts

@@ -0,0 +1,89 @@
+import type { Client } from '../../client/types.js'
+
+export type GetAuthenticatorsParameters = {
+  /** The sub-organization ID to query authenticators for */
+  subOrganizationId: string
+  /** The project ID for the request */
+  projectId: string
+  /** The session token for authorization */
+  token: string
+}
+
+/** An OAuth authenticator linked to the user (PascalCase from Go default marshaling) */
+export type OAuthAuthenticator = {
+  Provider?: string
+  ClientId?: string
+  Subject?: string
+  [key: string]: unknown
+}
+
+/** A passkey (WebAuthn) authenticator (PascalCase from Go default marshaling) */
+export type PasskeyAuthenticator = {
+  RpId?: string
+  PublicKey?: string
+  CredentialId?: string
+  [key: string]: unknown
+}
+
+/** An email contact linked to the user (PascalCase from Go default marshaling) */
+export type EmailContact = {
+  Email?: string
+  [key: string]: unknown
+}
+
+/** An API key authenticator (PascalCase from Go default marshaling) */
+export type ApiKeyAuthenticator = {
+  ApiKey?: string
+  [key: string]: unknown
+}
+
+export type GetAuthenticatorsReturnType = {
+  /** OAuth providers linked to the user (null if none) */
+  oauths: OAuthAuthenticator[] | null
+  /** Passkey authenticators registered for the user (null if none) */
+  passkeys: PasskeyAuthenticator[] | null
+  /** Email contacts associated with the user (null if none) */
+  emailContacts: EmailContact[] | null
+  /** API keys associated with the user (null if none) */
+  apiKeys: ApiKeyAuthenticator[] | null
+}
+
+/**
+ * Fetches all authenticators (oauths, passkeys, emailContacts, apiKeys) for
+ * the authenticated user within the given project/sub-organization.
+ *
+ * Corresponds to `POST /api/v1/{projectId}/authenticators`.
+ *
+ * @param client - The ZeroDev Wallet client
+ * @param params - The parameters for the authenticators request
+ * @returns The user's authenticators grouped by type
+ *
+ * @example
+ * ```ts
+ * const authenticators = await getAuthenticators(client, {
+ *   subOrganizationId: 'suborg_123',
+ *   projectId: 'proj_456',
+ *   token: 'session_token_abc',
+ * });
+ * console.log(authenticators.oauths, authenticators.passkeys);
+ * ```
+ */
+export async function getAuthenticators(
+  client: Client,
+  params: GetAuthenticatorsParameters,
+): Promise<GetAuthenticatorsReturnType> {
+  const { subOrganizationId, projectId, token } = params
+
+  return await client.request({
+    path: `${projectId}/authenticators`,
+    method: 'POST',
+    body: {
+      subOrganizationId,
+    },
+    headers: {
+      Authorization: `Bearer ${token}`,
+    },
+    stamp: true,
+    stampPostion: 'headers',
+  })
+}

package/src/actions/auth/index.ts

@@ -10,15 +10,19 @@ export {
   type AuthenticateWithOAuthReturnType,
   authenticateWithOAuth,
 } from './authenticateWithOAuth.js'
+export {
+  type ApiKeyAuthenticator,
+  type EmailContact,
+  type GetAuthenticatorsParameters,
+  type GetAuthenticatorsReturnType,
+  getAuthenticators,
+  type OAuthAuthenticator,
+  type PasskeyAuthenticator,
+} from './getAuthenticators.js'
 export {
   type GetAuthProxyConfigIdReturnType,
   getAuthProxyConfigId,
 } from './getAuthProxyConfigId.js'
-export {
-  type GetUserEmailParameters,
-  type GetUserEmailReturnType,
-  getUserEmail,
-} from './getUserEmail.js'
 export {
   type GetWhoamiParameters,
   type GetWhoamiReturnType,

package/src/actions/index.ts

@@ -1,24 +1,28 @@
 // Auth actions
 export {
+  type ApiKeyAuthenticator,
   type AuthenticateWithEmailParameters,
   type AuthenticateWithEmailReturnType,
   type AuthenticateWithOAuthParameters,
   type AuthenticateWithOAuthReturnType,
   authenticateWithEmail,
   authenticateWithOAuth,
+  type EmailContact,
   type EmailCustomization,
+  type GetAuthenticatorsParameters,
+  type GetAuthenticatorsReturnType,
   type GetAuthProxyConfigIdReturnType,
-  type GetUserEmailParameters,
-  type GetUserEmailReturnType,
   type GetWhoamiParameters,
   type GetWhoamiReturnType,
+  getAuthenticators,
   getAuthProxyConfigId,
-  getUserEmail,
   getWhoami,
   type LoginWithOTPParameters,
   type LoginWithOTPReturnType,
   loginWithOTP,
+  type OAuthAuthenticator,
   type OtpContact,
+  type PasskeyAuthenticator,
   type RegisterWithOTPParameters,
   type RegisterWithOTPReturnType,
   type RegisterWithPasskeyParameters,
@@ -32,10 +36,19 @@ export {
   type GetUserWalletParameters,
   type GetUserWalletReturnType,
   getUserWallet,
-  type SignRawPayloadParameters,
-  type SignRawPayloadReturnType,
+  type Sign7702AuthorizationParameters,
+  type Sign7702AuthorizationReturnType,
+  type SignMessageParameters,
+  type SignMessageReturnType,
   type SignTransactionParameters,
   type SignTransactionReturnType,
-  signRawPayload,
+  type SignTypedDataV4Parameters,
+  type SignTypedDataV4ReturnType,
+  type SignUserOperationParameters,
+  type SignUserOperationReturnType,
+  sign7702Authorization,
+  signMessage,
   signTransaction,
+  signTypedDataV4,
+  signUserOperation,
 } from './wallet/index.js'

package/src/actions/wallet/index.ts

@@ -5,13 +5,31 @@ export {
 } from './getUserWallet.js'
 
 export {
-  type SignRawPayloadParameters,
-  type SignRawPayloadReturnType,
-  signRawPayload,
-} from './signRawPayload.js'
+  type Sign7702AuthorizationParameters,
+  type Sign7702AuthorizationReturnType,
+  sign7702Authorization,
+} from './sign7702Authorization.js'
+
+export {
+  type SignMessageParameters,
+  type SignMessageReturnType,
+  signMessage,
+} from './signMessage.js'
 
 export {
   type SignTransactionParameters,
   type SignTransactionReturnType,
   signTransaction,
 } from './signTransaction.js'
+
+export {
+  type SignTypedDataV4Parameters,
+  type SignTypedDataV4ReturnType,
+  signTypedDataV4,
+} from './signTypedDataV4.js'
+
+export {
+  type SignUserOperationParameters,
+  type SignUserOperationReturnType,
+  signUserOperation,
+} from './signUserOperation.js'

package/src/actions/wallet/sign7702Authorization.ts

@@ -0,0 +1,48 @@
+import type { Hex } from 'viem'
+import type { Client } from '../../client/types.js'
+import { buildTurnkeyPayload, sendSigningRequest } from './signingUtils.js'
+
+export type Sign7702AuthorizationParameters = {
+  /** The organization ID */
+  organizationId: string
+  /** The project ID for the request */
+  projectId: string
+  /** The session token for authorization */
+  token: string
+  /** The address to sign with */
+  address: Hex
+  /** The hex-encoded EIP-7702 authorization to be signed (without 0x prefix) */
+  unsignedTransaction: string
+  /** The hashed authorization (hex without 0x prefix) */
+  hashedAuthorization: string
+}
+
+export type Sign7702AuthorizationReturnType = Hex
+
+export async function sign7702Authorization(
+  client: Client,
+  params: Sign7702AuthorizationParameters,
+): Promise<Sign7702AuthorizationReturnType> {
+  const {
+    organizationId,
+    projectId,
+    token,
+    address,
+    unsignedTransaction,
+    hashedAuthorization,
+  } = params
+
+  const turnkeyPayload = buildTurnkeyPayload(
+    organizationId,
+    address,
+    hashedAuthorization,
+  )
+
+  return sendSigningRequest(client, {
+    projectId,
+    token,
+    path: 'sign/7702-authorization',
+    turnkeyPayload,
+    bodyFields: { unsignedTransaction },
+  })
+}

package/src/actions/wallet/signMessage.ts

@@ -0,0 +1,47 @@
+import type { Hex } from 'viem'
+import type { Client } from '../../client/types.js'
+import {
+  buildTurnkeyPayload,
+  computeMessagePayloadHash,
+  sendSigningRequest,
+} from './signingUtils.js'
+
+export type SignMessageParameters = {
+  /** The organization ID */
+  organizationId: string
+  /** The project ID for the request */
+  projectId: string
+  /** The session token for authorization */
+  token: string
+  /** The address to sign with */
+  address: Hex
+  /** The message to sign */
+  message: string
+  /** The encoding of the message ('utf8' or 'hex') */
+  encoding: 'utf8' | 'hex'
+}
+
+export type SignMessageReturnType = Hex
+
+export async function signMessage(
+  client: Client,
+  params: SignMessageParameters,
+): Promise<SignMessageReturnType> {
+  const { organizationId, projectId, token, address, message, encoding } =
+    params
+
+  const payloadHash = computeMessagePayloadHash(message, encoding)
+  const turnkeyPayload = buildTurnkeyPayload(
+    organizationId,
+    address,
+    payloadHash,
+  )
+
+  return sendSigningRequest(client, {
+    projectId,
+    token,
+    path: 'sign/message',
+    turnkeyPayload,
+    bodyFields: { message, encoding },
+  })
+}

package/src/actions/wallet/signTransaction.ts

@@ -1,5 +1,10 @@
 import type { Hex } from 'viem'
 import type { Client } from '../../client/types.js'
+import {
+  buildTurnkeyPayload,
+  computeDataPayloadHash,
+  sendSigningRequest,
+} from './signingUtils.js'
 
 export type SignTransactionParameters = {
   /** The organization ID */
@@ -10,30 +15,12 @@ export type SignTransactionParameters = {
   token: string
   /** The address to sign with */
   address: Hex
-  /** The unsigned transaction to sign */
+  /** The unsigned transaction to sign (hex without 0x prefix) */
   unsignedTransaction: string
 }
 
 export type SignTransactionReturnType = Hex
 
-/**
- * Signs a raw transaction with the user's wallet
- *
- * @param client - The ZeroDev Wallet client
- * @param params - The parameters for signing
- * @returns The signature
- *
- * @example
- * ```ts
- * const result = await signTransaction(client, {
- *   organizationId: 'org_123',
- *   projectId: 'proj_456',
- *   address: '0x123...',
- *   unsignedTransaction: 'abc123...',
- * });
- * console.log(result.signature); // '0x...'
- * ```
- */
 export async function signTransaction(
   client: Client,
   params: SignTransactionParameters,
@@ -41,24 +28,18 @@ export async function signTransaction(
   const { organizationId, projectId, token, address, unsignedTransaction } =
     params
 
-  const { signature } = await client.request({
-    path: `${projectId}/sign/transaction`,
-    body: {
-      type: 'ACTIVITY_TYPE_SIGN_TRANSACTION_V2',
-      timestampMs: Date.now().toString(),
-      organizationId,
-      parameters: {
-        signWith: address,
-        type: 'TRANSACTION_TYPE_ETHEREUM',
-        unsignedTransaction,
-      },
-    },
-    headers: {
-      Authorization: `Bearer ${token}`,
-    },
-    stamp: true,
-    stampPostion: 'headers',
-  })
+  const payloadHash = computeDataPayloadHash(unsignedTransaction, 'hex')
+  const turnkeyPayload = buildTurnkeyPayload(
+    organizationId,
+    address,
+    payloadHash,
+  )
 
-  return `0x${signature}` as Hex
+  return sendSigningRequest(client, {
+    projectId,
+    token,
+    path: 'sign/transaction',
+    turnkeyPayload,
+    bodyFields: { unsignedTransaction },
+  })
 }

package/src/actions/wallet/signTypedDataV4.ts

@@ -0,0 +1,52 @@
+import type { Hex } from 'viem'
+import type { Client } from '../../client/types.js'
+import { buildTurnkeyPayload, sendSigningRequest } from './signingUtils.js'
+
+export type SignTypedDataV4Parameters = {
+  /** The organization ID */
+  organizationId: string
+  /** The project ID for the request */
+  projectId: string
+  /** The session token for authorization */
+  token: string
+  /** The address to sign with */
+  address: Hex
+  /** The serialized EIP-712 typed data to sign */
+  unsignedTypedDataV4: string
+  /** The encoding of the typed data ('utf8' or 'hex') */
+  encoding: 'utf8' | 'hex'
+  /** Pre-computed EIP-712 hash (hex without 0x prefix), used as the Turnkey payload. */
+  typedDataHash: string
+}
+
+export type SignTypedDataV4ReturnType = Hex
+
+export async function signTypedDataV4(
+  client: Client,
+  params: SignTypedDataV4Parameters,
+): Promise<SignTypedDataV4ReturnType> {
+  const {
+    organizationId,
+    projectId,
+    token,
+    address,
+    unsignedTypedDataV4,
+    encoding,
+    typedDataHash,
+  } = params
+
+  const payloadHash = typedDataHash
+  const turnkeyPayload = buildTurnkeyPayload(
+    organizationId,
+    address,
+    payloadHash,
+  )
+
+  return sendSigningRequest(client, {
+    projectId,
+    token,
+    path: 'sign/typed-data-v4',
+    turnkeyPayload,
+    bodyFields: { unsignedTypedDataV4, encoding },
+  })
+}

package/src/actions/wallet/signUserOperation.ts

@@ -0,0 +1,56 @@
+import type { Hex } from 'viem'
+import type { Client } from '../../client/types.js'
+import {
+  buildTurnkeyPayload,
+  computeDataPayloadHash,
+  sendSigningRequest,
+} from './signingUtils.js'
+
+export type SignUserOperationParameters = {
+  /** The organization ID */
+  organizationId: string
+  /** The project ID for the request */
+  projectId: string
+  /** The session token for authorization */
+  token: string
+  /** The address to sign with */
+  address: Hex
+  /** The unsigned user operation to sign */
+  unsignedUserOperation: string
+  /** The chain ID for the user operation */
+  chainId: number
+  /** The encoding of the user operation ('utf8' or 'hex') */
+  encoding: 'utf8' | 'hex'
+}
+
+export type SignUserOperationReturnType = Hex
+
+export async function signUserOperation(
+  client: Client,
+  params: SignUserOperationParameters,
+): Promise<SignUserOperationReturnType> {
+  const {
+    organizationId,
+    projectId,
+    token,
+    address,
+    unsignedUserOperation,
+    chainId,
+    encoding,
+  } = params
+
+  const payloadHash = computeDataPayloadHash(unsignedUserOperation, encoding)
+  const turnkeyPayload = buildTurnkeyPayload(
+    organizationId,
+    address,
+    payloadHash,
+  )
+
+  return sendSigningRequest(client, {
+    projectId,
+    token,
+    path: 'sign/user-operation',
+    turnkeyPayload,
+    bodyFields: { unsignedUserOperation, chainId, encoding },
+  })
+}

package/src/actions/wallet/signingUtils.ts

@@ -0,0 +1,110 @@
+import { canonicalizeEx } from 'json-canonicalize'
+import type { Hex } from 'viem'
+import { hashMessage, keccak256, toHex } from 'viem'
+import type { Client } from '../../client/types.js'
+
+export type TurnkeyPayload = {
+  type: string
+  timestampMs: string
+  organizationId: string
+  parameters: {
+    signWith: string
+    payload: string
+    encoding: string
+    hashFunction: string
+  }
+}
+
+export function buildTurnkeyPayload(
+  organizationId: string,
+  address: Hex,
+  payloadHash: string,
+): TurnkeyPayload {
+  return {
+    type: 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2',
+    timestampMs: Date.now().toString(),
+    organizationId,
+    parameters: {
+      signWith: address,
+      payload: payloadHash,
+      encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',
+      hashFunction: 'HASH_FUNCTION_NO_OP',
+    },
+  }
+}
+
+export async function sendSigningRequest(
+  client: Client,
+  params: {
+    projectId: string
+    token: string
+    path: string
+    turnkeyPayload: TurnkeyPayload
+    bodyFields: Record<string, unknown>
+  },
+): Promise<Hex> {
+  const { projectId, token, path, turnkeyPayload, bodyFields } = params
+
+  // Inner stamp over the Turnkey payload (for Turnkey verification)
+  const innerBodyString = canonicalizeEx(turnkeyPayload)
+  const innerStamp = await client.indexedDbStamper.stamp(innerBodyString)
+
+  // Build full body with inner stamp embedded
+  const fullBody = {
+    ...bodyFields,
+    turnkeyPayload,
+    stampHeader: {
+      stampHeaderName: innerStamp.stampHeaderName,
+      stampHeaderValue: innerStamp.stampHeaderValue,
+    },
+  }
+
+  // Outer stamp over full body (for KMS middleware)
+  const fullBodyString = canonicalizeEx(fullBody)
+  const outerStamp = await client.indexedDbStamper.stamp(fullBodyString)
+
+  const { signature } = await client.request({
+    path: `${projectId}/${path}`,
+    method: 'POST',
+    body: fullBody,
+    headers: {
+      [outerStamp.stampHeaderName]: outerStamp.stampHeaderValue,
+      Authorization: `Bearer ${token}`,
+    },
+  })
+
+  return (signature.startsWith('0x') ? signature : `0x${signature}`) as Hex
+}
+
+/**
+ * Compute payload hash for message signing (EIP-191).
+ * Uses viem's hashMessage directly to guarantee correct EIP-191 hashing.
+ */
+export function computeMessagePayloadHash(
+  message: string,
+  encoding: 'utf8' | 'hex',
+): string {
+  if (encoding === 'utf8') {
+    return hashMessage(message).slice(2)
+  }
+  const hex = message.replace(/^0x/, '')
+  return hashMessage({ raw: `0x${hex}` as Hex }).slice(2)
+}
+
+/**
+ * Compute payload hash for data signing (transaction, user operation).
+ * Hashes the raw decoded bytes: keccak256(hexDecode(hexData))
+ */
+export function computeDataPayloadHash(
+  data: string,
+  encoding: 'utf8' | 'hex',
+): string {
+  let hexData: string
+  if (encoding === 'utf8') {
+    hexData = toHex(data).slice(2)
+  } else {
+    hexData = data.replace(/^0x/, '')
+  }
+
+  return keccak256(`0x${hexData}` as Hex).slice(2)
+}