ethagent 1.1.2 → 2.0.0

package/src/identity/hub/effects/restoreAdmin.ts

@@ -0,0 +1,93 @@
+import { getAddress, type Address } from 'viem'
+import type { EthagentConfig, EthagentIdentity } from '../../../storage/config.js'
+import { saveConfig } from '../../../storage/config.js'
+import {
+  normalizeErc8004RegistryConfig,
+  type Erc8004RegistryConfig,
+} from '../../registry/erc8004.js'
+import { registryConfigFromConfig } from '../../registry/registryConfig.js'
+import { readOwnerAddressField } from '../../identityCompat.js'
+import {
+  sendBrowserWalletTransaction,
+} from '../../wallet/browserWallet.js'
+import {
+  encodeResolverApprovalChanges,
+  verifyResolverApprovalsLanded,
+  type RecordsFixPlan,
+} from '../reconciliation/index.js'
+import type { Step } from '../identityHubReducer.js'
+import type { EffectCallbacks } from './types.js'
+import { awaitOptionalReceipt } from './receipts.js'
+import { createMainnetEnsPublicClient } from './ens/transactions.js'
+
+export async function runRestoreRegistrySubmit(
+  value: string,
+  step: Extract<Step, { kind: 'restore-registry' }>,
+  config: EthagentConfig | undefined,
+  onConfigChange: ((config: EthagentConfig) => void) | undefined,
+  callbacks: EffectCallbacks,
+): Promise<void> {
+  const resolution = registryConfigFromConfig(config)
+  const registry = normalizeErc8004RegistryConfig({
+    chainId: resolution.chainId,
+    rpcUrl: resolution.config?.rpcUrl ?? resolution.defaultRpcUrl,
+    identityRegistryAddress: value.trim(),
+  })
+  if (config && onConfigChange) {
+    const next: EthagentConfig = {
+      ...config,
+      erc8004: {
+        chainId: registry.chainId,
+        rpcUrl: registry.rpcUrl,
+        identityRegistryAddress: registry.identityRegistryAddress,
+      },
+    }
+    await saveConfig(next)
+    onConfigChange(next)
+  }
+  callbacks.onStep({ kind: 'restore-discovering', ownerHandle: step.ownerHandle, registry, purpose: step.purpose })
+}
+
+export async function runFixRecordsSubmit(args: {
+  identity: EthagentIdentity
+  registry: Erc8004RegistryConfig
+  plan: RecordsFixPlan
+  callbacks: EffectCallbacks
+}): Promise<void> {
+  const baseState = (args.identity.state ?? {}) as Record<string, unknown>
+  const ensName = args.plan.ensName ?? (typeof baseState.ensName === 'string' ? baseState.ensName.trim() : '')
+  if (!ensName) throw new Error('Cannot fix records: identity has no ENS subdomain')
+  const missing: Address[] = []
+  const stale: Address[] = []
+  for (const item of args.plan.items) {
+    if (item.kind === 'missing-approval') missing.push(item.address)
+    else if (item.kind === 'stale-approval') stale.push(item.address)
+  }
+  if (missing.length === 0 && stale.length === 0) return
+  const encoded = await encodeResolverApprovalChanges({
+    ensName,
+    diff: { added: missing, removed: stale },
+  })
+  if (!encoded) return
+  const ownerAddressRaw = readOwnerAddressField(baseState) ?? args.identity.ownerAddress ?? args.identity.address
+  const ownerAddress = getAddress(ownerAddressRaw)
+  const tx = await sendBrowserWalletTransaction({
+    chainId: 1,
+    expectedAccount: ownerAddress,
+    to: encoded.resolverAddress,
+    data: encoded.data,
+    onReady: args.callbacks.onWalletReady,
+    purpose: 'reconcile-resolver-approvals',
+  })
+  args.callbacks.onWalletReady(null)
+  const client = createMainnetEnsPublicClient()
+  await awaitOptionalReceipt(client, tx.txHash, 'Resolver approval reconciliation')
+  await verifyResolverApprovalsLanded({
+    ensName,
+    ownerAddress: ownerAddress,
+    resolverAddress: encoded.resolverAddress,
+    added: encoded.added,
+    removed: encoded.removed,
+    client,
+  })
+}

package/src/identity/hub/effects/shared/profilePrep.ts

@@ -0,0 +1,139 @@
+import fs from 'node:fs/promises'
+import os from 'node:os'
+import path from 'node:path'
+import { getAddress, type Address } from 'viem'
+import type { EthagentIdentity } from '../../../../storage/config.js'
+import type { ProfileUpdates } from '../../identityHubReducer.js'
+import type { Erc8004RegistryConfig } from '../../../registry/erc8004.js'
+import { addFileToIpfs, DEFAULT_IPFS_API_URL, type IpfsAddResult } from '../../../storage/ipfs.js'
+import { agentIconContentType, isAgentIconUrl, validateAgentIconReference } from '../../../profile/agentIcon.js'
+import {
+  applyEnsValidationState,
+  applyOperatorProfileState,
+  validateEnsForProfileUpdate,
+} from '../profile/profileState.js'
+
+type PreparedProfileState = {
+  state: Record<string, unknown>
+  nextName: string | undefined
+  nextDescription: string
+  nextEnsName: string | undefined
+  uploadedImageUri: string | undefined
+}
+
+export function deriveAgentName(identity: EthagentIdentity): string {
+  const state = (identity.state ?? {}) as Record<string, unknown>
+  const name = typeof state.name === 'string' ? state.name.trim() : ''
+  if (name) return name
+  return identity.agentId ? `agent #${identity.agentId}` : 'unnamed agent'
+}
+
+export async function resolveAgentIconReference(iconPath: string, pinataJwt: string | undefined): Promise<string> {
+  const validationError = validateAgentIconReference(iconPath)
+  if (validationError) throw new Error(validationError)
+  const trimmed = iconPath.trim()
+  if (isAgentIconUrl(trimmed)) return trimmed
+  const file = resolveAgentIconPath(trimmed)
+  const data = await fs.readFile(file)
+  const contentType = agentIconContentType(file)
+  const pin = await addFileToIpfs(DEFAULT_IPFS_API_URL, data, path.basename(file), contentType, fetch, { pinataJwt })
+  assertVerifiedPin(pin)
+  return `ipfs://${pin.cid}`
+}
+
+export function resolveAgentIconPath(input: string): string {
+  const trimmed = input.trim()
+  if (!trimmed) throw new Error('Agent Icon path is empty')
+  return path.resolve(trimmed.replace(/^~(?=$|[\\/])/, os.homedir()))
+}
+
+export async function prepareProfileStateForSave(args: {
+  identity: EthagentIdentity
+  registry: Erc8004RegistryConfig
+  profileUpdates: ProfileUpdates | undefined
+  pinataJwt: string | undefined
+  ownerAddress: Address
+  walletAccount: Address
+  includeLastBackedUpAt: boolean
+}): Promise<PreparedProfileState> {
+  const baseState = (args.identity.state ?? {}) as Record<string, unknown>
+  const profile = args.profileUpdates ?? {}
+  const nextName = typeof profile.name === 'string' && profile.name.trim()
+    ? profile.name.trim()
+    : typeof baseState.name === 'string'
+      ? baseState.name
+      : undefined
+  const nextDescription = profile.description !== undefined
+    ? profile.description.trim()
+    : typeof baseState.description === 'string'
+      ? baseState.description
+      : ''
+  const nextEnsName = typeof profile.ensName === 'string'
+    ? profile.ensName.trim() || undefined
+    : typeof baseState.ensName === 'string' && baseState.ensName.trim()
+      ? baseState.ensName.trim()
+      : undefined
+  const uploadedImageUri = profile.imagePath === 'delete'
+    ? ''
+    : profile.imagePath
+      ? await resolveAgentIconReference(profile.imagePath, args.pinataJwt)
+      : typeof baseState.imageUrl === 'string' && baseState.imageUrl.trim()
+        ? baseState.imageUrl.trim()
+        : undefined
+
+  const state: Record<string, unknown> = {
+    ...baseState,
+    ownerAddress: getAddress(args.ownerAddress),
+    ...(nextName !== undefined ? { name: nextName } : {}),
+    description: nextDescription,
+    ...(args.includeLastBackedUpAt ? { lastBackedUpAt: new Date().toISOString() } : {}),
+  }
+  if (uploadedImageUri === '') {
+    delete state.imageUrl
+  } else if (uploadedImageUri) {
+    state.imageUrl = uploadedImageUri
+  }
+
+  applyOperatorProfileState(state, profile, baseState)
+  if (typeof profile.ensName === 'string') {
+    if (nextEnsName) {
+      state.ensName = nextEnsName
+      const validation = await validateEnsForProfileUpdate(
+        nextEnsName,
+        args.walletAccount,
+        profile,
+        baseState,
+        args.identity,
+        args.registry,
+      )
+      applyEnsValidationState(state, validation, profile, baseState)
+    } else {
+      clearEnsProfileState(state)
+    }
+  }
+
+  return {
+    state,
+    nextName,
+    nextDescription,
+    nextEnsName,
+    uploadedImageUri,
+  }
+}
+
+export function clearEnsProfileState(state: Record<string, unknown>): void {
+  delete state.ensName
+  delete state.ensValidation
+}
+
+export function assertVerifiedPin(pin: IpfsAddResult, expectedCid?: string): void {
+  if (expectedCid && pin.cid !== expectedCid) throw new Error('IPFS pin verification did not match the published CID')
+  if (!pin.pinVerified) throw new Error(`IPFS pin was not verified for ${pin.cid}`)
+}
+
+export function readEnsOkFromState(state: Record<string, unknown> | undefined): boolean | undefined {
+  const raw = state?.ensValidation
+  if (!raw || typeof raw !== 'object' || Array.isArray(raw)) return undefined
+  const ok = (raw as Record<string, unknown>).ok
+  return typeof ok === 'boolean' ? ok : undefined
+}

package/src/identity/hub/effects/shared/snapshot.ts

@@ -0,0 +1,336 @@
+import { getAddress, isAddress, type Address } from 'viem'
+import type { EthagentIdentity } from '../../../../storage/config.js'
+import type { ProfileUpdates } from '../../identityHubReducer.js'
+import {
+  createWalletContinuitySnapshotEnvelope,
+  createWalletRestoreAccessKey,
+  type ContinuitySnapshotEnvelope,
+  type WalletChallengePurpose,
+  type WalletContinuityRestoreAccessKey,
+} from '../../../continuity/envelope.js'
+import {
+  continuityAgentSnapshot,
+  defaultContinuityFiles,
+} from '../../../continuity/storage.js'
+import type { Erc8004RegistryConfig, EthagentOperatorsPointer } from '../../../registry/erc8004.js'
+import { readOwnerAddressField } from '../../../identityCompat.js'
+import { readCustodyMode } from '../../model/custody.js'
+import {
+  assertActiveOperatorIsApproved,
+  normalizeApprovedOperatorWallets,
+} from '../../operatorWallets.js'
+
+export type WalletRestoreAccessContext = {
+  token: { chainId: number; identityRegistryAddress: Address; agentId: string }
+  accessEpoch: number
+}
+
+export function expectedAccountForSnapshotSave(
+  identity: EthagentIdentity,
+  profileUpdates: ProfileUpdates | undefined,
+  walletAccess: WalletRestoreAccessContext | null,
+): Address | undefined {
+  const ownerAddress = ownerAddressForSnapshotSave(identity, profileUpdates)
+  if (snapshotSaveRequiresOwnerSigner(identity, profileUpdates)) return ownerAddress
+  if (!walletAccess) return ownerAddress
+  if (!hasOwnerRestoreAccessKey(identity)) return ownerAddress
+  if (!hasOperatorRestoreAccessKey(identity, profileUpdates)) return ownerAddress
+  return undefined
+}
+
+export function operatorSignerFor(identity: EthagentIdentity): Address | undefined {
+  const state = (identity.state ?? {}) as Record<string, unknown>
+  const activeOp = typeof state.activeOperatorAddress === 'string' && /^0x[a-fA-F0-9]{40}$/.test(state.activeOperatorAddress)
+    ? getAddress(state.activeOperatorAddress)
+    : undefined
+  const approvedRaw = state.approvedOperatorWallets
+  const approved: Address[] = Array.isArray(approvedRaw)
+    ? (approvedRaw as Array<{ address?: unknown }>)
+        .map(r => typeof r?.address === 'string' && /^0x[a-fA-F0-9]{40}$/.test(r.address) ? getAddress(r.address) : undefined)
+        .filter((a): a is Address => Boolean(a))
+    : []
+  const connected = identity.connectedWallet && /^0x[a-fA-F0-9]{40}$/.test(identity.connectedWallet)
+    ? getAddress(identity.connectedWallet)
+    : undefined
+  if (connected) {
+    const lower = connected.toLowerCase()
+    if (activeOp && activeOp.toLowerCase() === lower) return connected
+    if (approved.some(a => a.toLowerCase() === lower)) return connected
+  }
+  if (activeOp) return activeOp
+  if (approved.length > 0) return approved[0]
+  return undefined
+}
+
+export function operatorWalletCanSignSnapshotSave(
+  identity: EthagentIdentity,
+  profileUpdates: ProfileUpdates | undefined,
+): boolean {
+  if (snapshotSaveRequiresOwnerSigner(identity, profileUpdates)) return false
+  if (!identity.agentId) return false
+  if (!hasOwnerRestoreAccessKey(identity)) return false
+  if (!hasOperatorRestoreAccessKey(identity, profileUpdates)) return false
+  return true
+}
+
+export function snapshotSaveWalletRole(
+  identity: EthagentIdentity,
+  profileUpdates: ProfileUpdates | undefined,
+): 'owner' | 'operator' | 'connected' {
+  if (operatorWalletCanSignSnapshotSave(identity, profileUpdates)) return 'operator'
+  const baseState = (identity.state ?? {}) as Record<string, unknown>
+  const approved = profileUpdates?.approvedOperatorWallets !== undefined
+    ? normalizeApprovedOperatorWallets(profileUpdates.approvedOperatorWallets)
+    : normalizeApprovedOperatorWallets(baseState.approvedOperatorWallets)
+  if (approved.length > 0) return 'owner'
+  if (readCustodyMode(baseState) === 'advanced') return 'owner'
+  return 'connected'
+}
+
+export function assertSnapshotSaveSignerAuthorized(
+  identity: EthagentIdentity,
+  profileUpdates: ProfileUpdates | undefined,
+  signerAddress: Address,
+  ownerAddress: Address,
+  walletAccess: WalletRestoreAccessContext | null,
+): void {
+  if (signerAddress.toLowerCase() === ownerAddress.toLowerCase()) return
+  if (snapshotSaveRequiresOwnerSigner(identity, profileUpdates) || !walletAccess || !hasOwnerRestoreAccessKey(identity)) {
+    throw new Error(`Owner Wallet Required: connected wallet ${signerAddress} does not match owner wallet ${ownerAddress}`)
+  }
+  const authorized = restoreAccessKeysForSave(identity, profileUpdates)
+    .some(key => key.address.toLowerCase() === signerAddress.toLowerCase())
+  if (!authorized) {
+    throw new Error(`Operator Wallet Required: connected wallet ${signerAddress} is not authorized for this agent`)
+  }
+}
+
+export function hasOwnerRestoreAccessKey(identity: EthagentIdentity): boolean {
+  const baseState = (identity.state ?? {}) as Record<string, unknown>
+  return Boolean(readRestoreAccessKey(baseState.ownerRestoreAccessKey))
+}
+
+export function snapshotSaveRequiresOwnerSigner(
+  identity: EthagentIdentity,
+  profileUpdates: ProfileUpdates | undefined,
+): boolean {
+  if (!profileUpdates) return false
+  if (
+    profileUpdates.ensName !== undefined
+    || profileUpdates.custodyMode !== undefined
+    || profileUpdates.ownerAddress !== undefined
+    || profileUpdates.approvedOperatorWallets !== undefined
+    || profileUpdates.activeOperatorAddress !== undefined
+    || profileUpdates.operatorVaultAddress !== undefined
+    || profileUpdates.restoreAccessEpoch !== undefined
+  ) return true
+  const profileFieldChanged =
+    profileUpdates.name !== undefined
+    || profileUpdates.description !== undefined
+    || profileUpdates.imagePath !== undefined
+  if (!profileFieldChanged) return false
+  return !advancedCustodyEnsAvailable(identity)
+}
+
+export function advancedCustodyEnsAvailable(identity: EthagentIdentity): boolean {
+  const baseState = (identity.state ?? {}) as Record<string, unknown>
+  if (readCustodyMode(baseState) !== 'advanced') return false
+  const ensName = typeof baseState.ensName === 'string' ? baseState.ensName.trim() : ''
+  if (!ensName) return false
+  const approved = normalizeApprovedOperatorWallets(baseState.approvedOperatorWallets)
+  return approved.length > 0
+}
+
+export function hasOperatorRestoreAccessKey(
+  identity: EthagentIdentity,
+  profileUpdates: ProfileUpdates | undefined,
+): boolean {
+  return restoreAccessKeysForSave(identity, profileUpdates)
+    .some(key => key.address.toLowerCase() !== ownerAddressForSnapshotSave(identity, profileUpdates).toLowerCase())
+}
+
+export function restoreAccessKeysForSave(
+  identity: EthagentIdentity,
+  profileUpdates: ProfileUpdates | undefined,
+): WalletContinuityRestoreAccessKey[] {
+  const baseState = (identity.state ?? {}) as Record<string, unknown>
+  const approved = profileUpdates?.approvedOperatorWallets !== undefined
+    ? normalizeApprovedOperatorWallets(profileUpdates.approvedOperatorWallets)
+    : normalizeApprovedOperatorWallets(baseState.approvedOperatorWallets)
+  return [
+    readRestoreAccessKey(baseState.ownerRestoreAccessKey),
+    ...approved.flatMap(record => record.restoreAccessKey ? [record.restoreAccessKey] : []),
+  ].filter((key): key is WalletContinuityRestoreAccessKey => Boolean(key))
+}
+
+export function resolveProfileUpdatesEpoch(
+  identity: EthagentIdentity,
+  profileUpdates: ProfileUpdates | undefined,
+): ProfileUpdates | undefined {
+  if (!profileUpdates?.bumpRestoreAccessEpoch) return profileUpdates
+  if (profileUpdates.restoreAccessEpoch !== undefined) {
+    const { bumpRestoreAccessEpoch: _drop, ...rest } = profileUpdates
+    return rest
+  }
+  const baseState = (identity.state ?? {}) as Record<string, unknown>
+  const current = readStateSafeInteger(baseState.restoreAccessEpoch) ?? 0
+  const { bumpRestoreAccessEpoch: _drop, ...rest } = profileUpdates
+  return { ...rest, restoreAccessEpoch: current + 1 }
+}
+
+export function walletRestoreAccessContext(
+  identity: EthagentIdentity,
+  registry: Erc8004RegistryConfig,
+  profileUpdates: ProfileUpdates | undefined,
+  _ownerAddress: string,
+): WalletRestoreAccessContext | null {
+  if (!identity.agentId) return null
+  const baseState = (identity.state ?? {}) as Record<string, unknown>
+  return {
+    token: {
+      chainId: registry.chainId,
+      identityRegistryAddress: registry.identityRegistryAddress,
+      agentId: identity.agentId,
+    },
+    accessEpoch: profileUpdates?.restoreAccessEpoch
+      ?? readStateSafeInteger(baseState.restoreAccessEpoch)
+      ?? 1,
+  }
+}
+
+export function createContinuityEnvelopeForSave(args: {
+  identity: EthagentIdentity
+  registry: Erc8004RegistryConfig
+  ownerAddress: Address
+  signerAddress: Address
+  walletSignature: string
+  state: Record<string, unknown>
+  files: ReturnType<typeof defaultContinuityFiles>
+  walletAccess: WalletRestoreAccessContext
+  challengePurpose?: WalletChallengePurpose
+}): ContinuitySnapshotEnvelope {
+  const signerIsOwner = args.signerAddress.toLowerCase() === args.ownerAddress.toLowerCase()
+  const ownerRestoreAccessKey = signerIsOwner
+    ? createWalletRestoreAccessKey({
+        token: args.walletAccess.token,
+        ownerAddress: args.ownerAddress,
+        walletAddress: args.ownerAddress,
+        walletSignature: args.walletSignature,
+        accessEpoch: args.walletAccess.accessEpoch,
+        createdAt: new Date().toISOString(),
+        ...(args.challengePurpose ? { purpose: args.challengePurpose } : {}),
+      })
+    : readRestoreAccessKey(args.state.ownerRestoreAccessKey)
+  if (!ownerRestoreAccessKey) {
+    throw new Error('Restore Slot Missing: this agent has not been saved by its owner wallet yet. Switch to the owner wallet and save once to authorize operator wallet writes.')
+  }
+  if (signerIsOwner) args.state.ownerRestoreAccessKey = ownerRestoreAccessKey
+  args.state.restoreAccessEpoch = args.walletAccess.accessEpoch
+  let signingOperatorKey: WalletContinuityRestoreAccessKey | undefined
+  if (!signerIsOwner) {
+    signingOperatorKey = createWalletRestoreAccessKey({
+      token: args.walletAccess.token,
+      ownerAddress: args.ownerAddress,
+      walletAddress: args.signerAddress,
+      walletSignature: args.walletSignature,
+      accessEpoch: args.walletAccess.accessEpoch,
+      createdAt: new Date().toISOString(),
+      ...(args.challengePurpose ? { purpose: args.challengePurpose } : {}),
+    })
+  }
+  const operatorKeys = normalizeApprovedOperatorWallets(args.state.approvedOperatorWallets)
+    .flatMap(record => record.restoreAccessKey ? [record.restoreAccessKey] : [])
+    .map(stored =>
+      signingOperatorKey && stored.address.toLowerCase() === args.signerAddress.toLowerCase()
+        ? signingOperatorKey
+        : stored,
+    )
+  const accessKeys = uniqueRestoreAccessKeys([
+    ownerRestoreAccessKey,
+    ...operatorKeys,
+  ])
+  return createWalletContinuitySnapshotEnvelope({
+    ownerAddress: args.ownerAddress,
+    signerAddress: args.signerAddress,
+    signerWalletSignature: args.walletSignature,
+    token: args.walletAccess.token,
+    accessEpoch: args.walletAccess.accessEpoch,
+    accessKeys,
+    payload: {
+      agent: continuityAgentSnapshot(args.identity),
+      files: args.files,
+      transcript: [],
+      state: args.state,
+    },
+  })
+}
+
+export function uniqueRestoreAccessKeys(keys: WalletContinuityRestoreAccessKey[]): WalletContinuityRestoreAccessKey[] {
+  const out: WalletContinuityRestoreAccessKey[] = []
+  const seen = new Set<string>()
+  for (const key of keys) {
+    const address = getAddress(key.address)
+    const dedupe = address.toLowerCase()
+    if (seen.has(dedupe)) continue
+    seen.add(dedupe)
+    out.push({ ...key, address })
+  }
+  return out
+}
+
+export function readRestoreAccessKey(input: unknown): WalletContinuityRestoreAccessKey | undefined {
+  if (!input || typeof input !== 'object' || Array.isArray(input)) return undefined
+  const obj = input as Partial<WalletContinuityRestoreAccessKey>
+  if (typeof obj.address !== 'string' || !isAddress(obj.address, { strict: false })) return undefined
+  if (typeof obj.challenge !== 'string' || typeof obj.salt !== 'string' || typeof obj.kemPublicKey !== 'string') return undefined
+  return {
+    address: getAddress(obj.address),
+    challenge: obj.challenge,
+    salt: obj.salt,
+    kemPublicKey: obj.kemPublicKey,
+    ...(typeof obj.createdAt === 'string' ? { createdAt: obj.createdAt } : {}),
+  }
+}
+
+export function readStateSafeInteger(input: unknown): number | undefined {
+  return typeof input === 'number' && Number.isSafeInteger(input) && input > 0 ? input : undefined
+}
+
+export function ownerAddressForSnapshotSave(
+  identity: EthagentIdentity,
+  profileUpdates: ProfileUpdates | undefined,
+): Address {
+  const baseState = (identity.state ?? {}) as Record<string, unknown>
+  const profileOwnerRaw = typeof profileUpdates?.ownerAddress === 'string' && profileUpdates.ownerAddress.trim()
+    ? profileUpdates.ownerAddress.trim()
+    : undefined
+  const stateOwnerRaw = readOwnerAddressField(baseState)
+  const owner = profileOwnerRaw ?? stateOwnerRaw
+  if (owner && /^0x[a-fA-F0-9]{40}$/.test(owner)) return getAddress(owner)
+  return getAddress(identity.ownerAddress ?? identity.address)
+}
+
+export function operatorsPointerFromState(
+  state: Record<string, unknown>,
+  ensName: string | undefined,
+): EthagentOperatorsPointer | undefined {
+  const approvedOperatorWallets = normalizeApprovedOperatorWallets(state.approvedOperatorWallets)
+  const activeRaw = typeof state.activeOperatorAddress === 'string' ? state.activeOperatorAddress : undefined
+  const activeOperatorAddress = activeRaw
+    ? assertActiveOperatorIsApproved(approvedOperatorWallets, activeRaw)
+    : undefined
+  const ownerRaw = readOwnerAddressField(state)
+  const ownerAddress = ownerRaw ? getAddress(ownerRaw) : undefined
+  const pointerEnsName = ensName ?? (typeof state.ensName === 'string' && state.ensName.trim() ? state.ensName.trim() : undefined)
+  const ownerRestoreAccessKey = readRestoreAccessKey(state.ownerRestoreAccessKey)
+  const restoreAccessEpoch = readStateSafeInteger(state.restoreAccessEpoch)
+  if (approvedOperatorWallets.length === 0 && !activeOperatorAddress && !ownerAddress && !ownerRestoreAccessKey && !restoreAccessEpoch) return undefined
+  return {
+    approvedOperatorWallets,
+    ...(activeOperatorAddress ? { activeOperatorAddress } : {}),
+    ...(ownerAddress ? { ownerAddress } : {}),
+    ...(pointerEnsName ? { ensName: pointerEnsName } : {}),
+    ...(restoreAccessEpoch ? { restoreAccessEpoch } : {}),
+    ...(ownerRestoreAccessKey ? { ownerRestoreAccessKey } : {}),
+  }
+}