accounts 0.8.2 → 0.8.4

package/src/core/Provider.test-d.ts

@@ -47,6 +47,12 @@ describe('request', () => {
     expectTypeOf<Result<'wallet_disconnect'>>().toEqualTypeOf<undefined>()
   })
 
+  test('wallet_swap', () => {
+    expectTypeOf<Result<'wallet_swap'>>().toMatchTypeOf<{
+      receipt: { transactionHash: `0x${string}` }
+    }>()
+  })
+
   test('wallet_switchEthereumChain', () => {
     expectTypeOf<Result<'wallet_switchEthereumChain'>>().toEqualTypeOf<undefined>()
   })

package/src/core/Provider.test.ts

@@ -664,6 +664,22 @@ describe.each(adapters)('$name', ({ adapter }: (typeof adapters)[number]) => {
     })
   })
 
+  describe('wallet_swap', () => {
+    test('error: throws UnsupportedMethodError when adapter has no swap action', async () => {
+      const provider = Provider.create({ adapter: adapter(), chains: [chain] })
+      await connect(provider)
+
+      await expect(
+        provider.request({
+          method: 'wallet_swap',
+          params: [{ amount: '1', token: Addresses.pathUsd, type: 'sell' }],
+        }),
+      ).rejects.toThrowErrorMatchingInlineSnapshot(
+        `[Provider.UnsupportedMethodError: \`swap\` not supported by adapter.]`,
+      )
+    })
+  })
+
   describe('wallet_getCapabilities', () => {
     test('default: returns atomic supported for all chains', async () => {
       const provider = Provider.create({ adapter: adapter() })

package/src/core/Provider.ts

@@ -638,6 +638,18 @@ export function create(options: create.Options = {}): create.ReturnType {
                     )) satisfies Rpc.wallet_send.Encoded['returns']
                   }
 
+                  case 'wallet_swap': {
+                    assertConnected()
+                    if (!actions.swap)
+                      throw new ox_Provider.UnsupportedMethodError({
+                        message: '`swap` not supported by adapter.',
+                      })
+                    return (await actions.swap(
+                      (request._decoded.params?.[0] ?? {}) as Adapter.swap.Parameters,
+                      request,
+                    )) satisfies Rpc.wallet_swap.Encoded['returns']
+                  }
+
                   case 'wallet_switchEthereumChain': {
                     const { chainId } = request._decoded.params[0]
                     if (!chains.some((c) => c.id === chainId))

package/src/core/Schema.test-d.ts

@@ -137,6 +137,24 @@ describe('Encoded', () => {
     }>()
   })
 
+  test('wallet_swap', () => {
+    expectTypeOf<Rpc.wallet_swap.Encoded>().toMatchTypeOf<{
+      method: 'wallet_swap'
+      params:
+        | readonly [
+            {
+              amount?: string | undefined
+              pairToken?: Hex | undefined
+              slippage?: number | undefined
+              token?: Hex | undefined
+              type?: 'buy' | 'sell' | undefined
+            },
+          ]
+        | undefined
+      returns: { receipt: { transactionHash: Hex } }
+    }>()
+  })
+
   test('wallet_switchEthereumChain', () => {
     expectTypeOf<Rpc.wallet_switchEthereumChain.Encoded>().toEqualTypeOf<{
       method: 'wallet_switchEthereumChain'
@@ -175,7 +193,7 @@ describe('Ox', () => {
 describe('Viem', () => {
   test('is a tuple of all provider methods', () => {
     expectTypeOf<Schema.Viem[0]['Method']>().toEqualTypeOf<'eth_accounts'>()
-    expectTypeOf<Schema.Viem[19]['Method']>().toEqualTypeOf<'wallet_switchEthereumChain'>()
+    expectTypeOf<Schema.Viem[20]['Method']>().toEqualTypeOf<'wallet_switchEthereumChain'>()
   })
 })
 
@@ -203,6 +221,7 @@ describe('Request', () => {
       | 'wallet_getBalances'
       | 'wallet_revokeAccessKey'
       | 'wallet_send'
+      | 'wallet_swap'
     >()
   })
 

package/src/core/Schema.ts

@@ -95,6 +95,7 @@ export const schema = from([
   Rpc.wallet_revokeAccessKey.schema,
   Rpc.wallet_send.schema,
   Rpc.wallet_sendCalls.schema,
+  Rpc.wallet_swap.schema,
   Rpc.wallet_switchEthereumChain.schema,
 ])
 

package/src/core/TrustedHosts.ts

@@ -10,15 +10,31 @@ import _hosts from '../trusted-hosts.json' with { type: 'json' }
 export const hosts: Record<string, readonly string[]> = _hosts
 
 /**
- * Returns `true` if `hostname` matches any pattern in `trustedHosts`.
+ * Returns `true` if `hostname` matches any pattern in `trustedHosts`,
+ * or (when `source` is provided) if `hostname` shares the same
+ * registrable domain ("eTLD+1") as `source`.
+ *
  * Patterns starting with `*.` match any subdomain suffix
  * (e.g. `*.workers.dev` matches `foo.workers.dev`).
  */
-export function match(trustedHosts: readonly string[], hostname: string) {
-  if (hostname.endsWith('.local')) return true
+export function match(trustedHosts: readonly string[], hostname: string, source?: string) {
+  if (source && sameRegistrableDomain(hostname, source)) return true
   return trustedHosts.some((pattern) => {
     if (pattern.startsWith('*.'))
       return hostname.endsWith(pattern.slice(1)) && hostname.length > pattern.length - 1
     return pattern === hostname
   })
 }
+
+/** Returns `true` if `a` and `b` share the same registrable domain ("eTLD+1"). */
+export function sameRegistrableDomain(a: string, b: string) {
+  return registrableDomain(a) === registrableDomain(b)
+}
+
+/** Returns the registrable domain ("eTLD+1") for a hostname. */
+function registrableDomain(host: string) {
+  const hostname = host.split(':')[0]!.toLowerCase()
+  const labels = hostname.split('.')
+  if (labels.length <= 2) return hostname
+  return labels.slice(-2).join('.')
+}

package/src/core/adapters/dialog.ts

@@ -403,6 +403,10 @@ export function dialog(options: dialog.Options = {}): Adapter.Adapter {
           })
         },
 
+        async swap(_params, request) {
+          return await provider.request(request)
+        },
+
         async disconnect() {
           store.setState({ accessKeys: [], accounts: [], activeAccount: 0 })
         },

package/src/core/zod/request.test.ts

@@ -84,6 +84,35 @@ describe('validate', () => {
     `)
   })
 
+  test('default: validates wallet_swap with sell amount', () => {
+    const result = RpcRequest.validate(Schema.Request, {
+      method: 'wallet_swap',
+      params: [
+        {
+          amount: '1.5',
+          pairToken: '0x0000000000000000000000000000000000000002',
+          slippage: 0.01,
+          token: '0x0000000000000000000000000000000000000001',
+          type: 'sell',
+        },
+      ],
+    })
+    expect(result._decoded).toMatchInlineSnapshot(`
+      {
+        "method": "wallet_swap",
+        "params": [
+          {
+            "amount": "1.5",
+            "pairToken": "0x0000000000000000000000000000000000000002",
+            "slippage": 0.01,
+            "token": "0x0000000000000000000000000000000000000001",
+            "type": "sell",
+          },
+        ],
+      }
+    `)
+  })
+
   test('behavior: preserves original request properties', () => {
     const result = RpcRequest.validate(Schema.Request, {
       method: 'eth_accounts',
@@ -118,4 +147,47 @@ describe('validate', () => {
       `[ProviderRpcError: Invalid params: params.0.chainId: Expected hex value, params.0.chainId: Invalid input]`,
     )
   })
+
+  test('error: rejects wallet_swap with invalid type', () => {
+    expect(() =>
+      RpcRequest.validate(Schema.Request, {
+        method: 'wallet_swap',
+        params: [
+          {
+            type: 'hold',
+          },
+        ],
+      }),
+    ).toThrowErrorMatchingInlineSnapshot(
+      `[ProviderRpcError: Invalid params: params.0.type: Invalid input, params.0.type: Invalid input]`,
+    )
+  })
+
+  test('error: rejects wallet_swap with out-of-range slippage', () => {
+    expect(() =>
+      RpcRequest.validate(Schema.Request, {
+        method: 'wallet_swap',
+        params: [
+          {
+            slippage: 1.1,
+          },
+        ],
+      }),
+    ).toThrowErrorMatchingInlineSnapshot(
+      `[ProviderRpcError: Invalid params: params.0.slippage: Invalid input]`,
+    )
+
+    expect(() =>
+      RpcRequest.validate(Schema.Request, {
+        method: 'wallet_swap',
+        params: [
+          {
+            slippage: -0.1,
+          },
+        ],
+      }),
+    ).toThrowErrorMatchingInlineSnapshot(
+      `[ProviderRpcError: Invalid params: params.0.slippage: Invalid input]`,
+    )
+  })
 })

package/src/core/zod/rpc.ts

@@ -559,6 +559,33 @@ export namespace wallet_send {
   export type Decoded = Schema.Decoded<typeof schema>
 }
 
+const swapParameters = z.object({
+  /** Human-readable amount to pre-fill (e.g. "1.5"). */
+  amount: z.optional(z.string()),
+  /** Other side of the swap pair. For buys, this is the token to sell. For sells, this is the token to buy. */
+  pairToken: z.optional(u.address()),
+  /** Maximum allowed slippage as a decimal fraction (for example `0.05` for 5%). */
+  slippage: z.optional(z.number().check(z.minimum(0), z.maximum(1))),
+  /** Token to buy or sell. Omit to let the user choose. */
+  token: z.optional(u.address()),
+  /** Whether the amount is an exact buy amount (`swapExactAmountOut`) or sell amount (`swapExactAmountIn`). */
+  type: z.optional(z.union([z.literal('buy'), z.literal('sell')])),
+})
+
+/** Opens the wallet swap flow with optional pre-filled swap intent fields. */
+export namespace wallet_swap {
+  export const schema = Schema.defineItem({
+    method: z.literal('wallet_swap'),
+    params: z.optional(z.readonly(z.tuple([swapParameters]))),
+    returns: z.object({
+      /** Receipt of the submitted swap. */
+      receipt,
+    }),
+  })
+  export type Encoded = Schema.Encoded<typeof schema>
+  export type Decoded = Schema.Decoded<typeof schema>
+}
+
 export namespace wallet_switchEthereumChain {
   export const schema = Schema.defineItem({
     method: z.literal('wallet_switchEthereumChain'),

package/src/react/Remote.ts

@@ -18,7 +18,7 @@ export function useEnsureVisibility(
     if (!origin) return false
     try {
       const hostname = new URL(origin).hostname.replace(/^www\./, '')
-      return TrustedHosts.match(remote.trustedHosts, hostname)
+      return TrustedHosts.match(remote.trustedHosts, hostname, window.location.hostname)
     } catch {
       return false
     }

package/src/server/CliAuth.test.ts

@@ -343,6 +343,7 @@ describe('createDeviceCode', () => {
     const store = CliAuth.Store.memory()
     const now = () => 1_000
     const defaultExpiry = 4_600
+    let validatedChainId: bigint | undefined
     const { request } = await createRequest('device-code-verifier', {
       accessKey: secpAccessKey,
       expiry: undefined,
@@ -354,7 +355,8 @@ describe('createDeviceCode', () => {
       chainId: chain.id,
       now,
       policy: {
-        validate({ expiry, limits }) {
+        validate({ chainId, expiry, limits }) {
+          validatedChainId = chainId
           return {
             expiry: expiry ?? defaultExpiry,
             ...(limits ? { limits } : {}),
@@ -368,17 +370,20 @@ describe('createDeviceCode', () => {
     })
     const entry = await store.get(result.code)
 
-    expect(entry).toMatchInlineSnapshot(`
+    expect({ entry, validatedChainId }).toMatchInlineSnapshot(`
       {
-        "chainId": 1337n,
-        "code": "ABCDEFGH",
-        "codeChallenge": "NUwjc1h8PuXcsvSOG44Rp4bMayBXnOkriHEJ19CaSQM",
-        "createdAt": 1000,
-        "expiresAt": 31000,
-        "expiry": 4600,
-        "keyType": "secp256k1",
-        "pubKey": "${secpAccessKey.publicKey}",
-        "status": "pending",
+        "entry": {
+          "chainId": 1337n,
+          "code": "ABCDEFGH",
+          "codeChallenge": "NUwjc1h8PuXcsvSOG44Rp4bMayBXnOkriHEJ19CaSQM",
+          "createdAt": 1000,
+          "expiresAt": 31000,
+          "expiry": 4600,
+          "keyType": "secp256k1",
+          "pubKey": "${secpAccessKey.publicKey}",
+          "status": "pending",
+        },
+        "validatedChainId": 1337n,
       }
     `)
   })
@@ -734,6 +739,94 @@ describe('authorize', () => {
     expect(polled.status).toMatchInlineSnapshot(`"authorized"`)
   })
 
+  test('behavior: accepts user-approved expiry and limit changes', async () => {
+    const store = CliAuth.Store.memory()
+    const { codeVerifier, request } = await createRequest()
+    const { code } = await CliAuth.createDeviceCode({
+      chainId: chain.id,
+      request,
+      store,
+    })
+    const approvedLimits = [
+      {
+        limit: 2_000n,
+        token: limits[0]!.token,
+      },
+    ] as const
+
+    const authorized = await CliAuth.authorize({
+      chainId: chain.id,
+      request: await authorize(code, { expiry: expiry + 60 * 60 * 24 * 6, limits: approvedLimits }),
+      store,
+    })
+    const polled = await CliAuth.poll({
+      code,
+      request: {
+        codeVerifier: codeVerifier,
+      },
+      store,
+    })
+
+    if (polled.status !== 'authorized') throw new Error('Expected device code to be authorized.')
+
+    expect(authorized).toMatchInlineSnapshot(`
+      {
+        "status": "authorized",
+      }
+    `)
+    expect({ expiry: polled.keyAuthorization.expiry, limits: polled.keyAuthorization.limits })
+      .toMatchInlineSnapshot(`
+        {
+          "expiry": ${expiry + 60 * 60 * 24 * 6},
+          "limits": [
+            {
+              "limit": 2000n,
+              "token": "0x20c0000000000000000000000000000000000001",
+            },
+          ],
+        }
+      `)
+  })
+
+  test('behavior: rejects unsigned expiry and limit changes', async () => {
+    const store = CliAuth.Store.memory()
+    const { request } = await createRequest()
+    const { code } = await CliAuth.createDeviceCode({
+      chainId: chain.id,
+      request,
+      store,
+    })
+    const authorized = await authorize(code)
+
+    await expect(
+      CliAuth.authorize({
+        chainId: chain.id,
+        request: {
+          ...authorized,
+          keyAuthorization: {
+            ...authorized.keyAuthorization,
+            expiry: expiry + 1,
+          },
+        },
+        store,
+      }),
+    ).rejects.toThrowErrorMatchingInlineSnapshot(`[Error: Key authorization signature is invalid.]`)
+
+    await expect(
+      CliAuth.authorize({
+        chainId: chain.id,
+        request: {
+          ...authorized,
+          keyAuthorization: {
+            ...authorized.keyAuthorization,
+            limits: [{ limit: limits[0]!.limit + 1n, token: limits[0]!.token }],
+          },
+        },
+        store,
+      }),
+    ).rejects.toThrowErrorMatchingInlineSnapshot(`[Error: Key authorization signature is invalid.]`)
+  })
+
   test('behavior: rejects a mismatched key authorization', async () => {
     const store = CliAuth.Store.memory()
     const { request } = await createRequest()
@@ -746,11 +839,11 @@ describe('authorize', () => {
     await expect(
       CliAuth.authorize({
         chainId: chain.id,
-        request: await authorize(code, { expiry: expiry + 1 }),
+        request: await authorize(code, { accessKeyAddress: secpAccessKey.address }),
         store,
       }),
     ).rejects.toThrowErrorMatchingInlineSnapshot(
-      `[Error: Key authorization expiry does not match the device-code request.]`,
+      `[Error: Key authorization key does not match the device-code request.]`,
     )
   })
 

package/src/server/CliAuth.ts

@@ -170,7 +170,7 @@ export type Store = {
 
 /** Host validation and sanitization for requested CLI auth defaults. */
 export type Policy = {
-  /** Validates and optionally rewrites requested policy before the entry is stored. */
+  /** Validates and optionally rewrites requested defaults before the entry is stored. */
   validate: (options: Policy.validate.Options) => MaybePromise<Policy.validate.ReturnType>
 }
 
@@ -208,6 +208,8 @@ export declare namespace Policy {
     export type Options = {
       /** Requested root account restriction. */
       account?: Address.Address | undefined
+      /** Requested chain ID. */
+      chainId: bigint
       /** Requested access-key expiry timestamp. Omit to let the server choose one. */
       expiry?: number | undefined
       /** Requested key type. */
@@ -219,9 +221,9 @@ export declare namespace Policy {
     }
 
     export type ReturnType = {
-      /** Approved access-key expiry timestamp. */
+      /** Suggested access-key expiry timestamp. */
       expiry: number
-      /** Approved spending limits. */
+      /** Suggested spending limits. */
       limits?: readonly { token: Address.Address; limit: bigint }[] | undefined
     }
   }
@@ -417,24 +419,38 @@ export function from(options: from.Options = {}): CliAuth {
         throw new Error('Key authorization key type does not match the device-code request.')
       if (actual.chainId !== expected.chainId)
         throw new Error('Key authorization chain does not match the device-code request.')
-      if ((actual.expiry ?? undefined) !== (expected.expiry ?? undefined))
-        throw new Error('Key authorization expiry does not match the device-code request.')
-      if (!sameLimits(actual.limits, expected.limits))
-        throw new Error('Key authorization limits do not match the device-code request.')
+
+      const signed = TempoKeyAuthorization.from({
+        address: actual.address,
+        chainId: actual.chainId,
+        expiry: actual.expiry,
+        ...(actual.limits ? { limits: actual.limits } : {}),
+        type: actual.keyType,
+      })
 
       const valid = await verifyHash((options.client ?? cache.get(current.chainId)) as never, {
         address: options.request.accountAddress,
-        hash: TempoKeyAuthorization.getSignPayload(expected),
+        hash: TempoKeyAuthorization.getSignPayload(signed),
         signature: SignatureEnvelope.serialize(SignatureEnvelope.fromRpc(actual.signature), {
           magic: actual.signature.type === 'webAuthn',
         }),
       })
       if (!valid) throw new Error('Key authorization signature is invalid.')
 
+      const signedKeyAuthorization = {
+        address: options.request.keyAuthorization.address,
+        chainId: options.request.keyAuthorization.chainId,
+        expiry: actual.expiry,
+        keyId: options.request.keyAuthorization.keyId,
+        keyType: options.request.keyAuthorization.keyType,
+        ...(actual.limits ? { limits: actual.limits } : {}),
+        signature: options.request.keyAuthorization.signature,
+      } satisfies z.output<typeof keyAuthorization>
+
       const authorized = await store.authorize({
         accountAddress: options.request.accountAddress,
         code,
-        keyAuthorization: options.request.keyAuthorization,
+        keyAuthorization: signedKeyAuthorization,
       })
       if (!authorized) throw new Error('Unable to authorize device code.')
 
@@ -446,6 +462,7 @@ export function from(options: from.Options = {}): CliAuth {
       const keyType = options.request.keyType ?? 'secp256k1'
       const approved = await policy.validate({
         ...(account ? { account } : {}),
+        chainId: typeof nextChainId === 'bigint' ? nextChainId : BigInt(nextChainId),
         expiry: options.request.expiry,
         keyType,
         ...(options.request.limits ? { limits: options.request.limits } : {}),
@@ -808,20 +825,6 @@ function normalizeKeyAuthorization(value: z.output<typeof keyAuthorization>) {
   }
 }
 
-/** @internal */
-function sameLimits(
-  a: Policy.validate.ReturnType['limits'],
-  b: Policy.validate.ReturnType['limits'],
-) {
-  if (!a && !b) return true
-  if (!a || !b || a.length !== b.length) return false
-  return a.every((limit, i) => {
-    const other = b[i]
-    if (!other) return false
-    return limit.token.toLowerCase() === other.token.toLowerCase() && limit.limit === other.limit
-  })
-}
-
 /** @internal */
 async function verifyCodeChallenge(codeVerifier: string, codeChallenge: string) {
   const hash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(codeVerifier))