ethagent 3.3.4 → 4.0.0

package/src/identity/wallet/browserWallet/http.ts

@@ -26,3 +26,21 @@ export function respondJson(res: http.ServerResponse, status: number, body: Reco
   })
   res.end(JSON.stringify(body))
 }
+
+function isLoopbackHost(host: string | undefined): boolean {
+  if (!host) return true
+  const hostname = host.replace(/:\d+$/, '').replace(/^\[|\]$/g, '')
+  return hostname === 'localhost' || hostname === '127.0.0.1' || hostname === '::1'
+}
+
+export function isAllowedWalletOrigin(req: http.IncomingMessage): boolean {
+  const origin = req.headers.origin
+  if (origin && origin !== 'null') {
+    try {
+      if (!isLoopbackHost(new URL(origin).host)) return false
+    } catch {
+      return false
+    }
+  }
+  return isLoopbackHost(req.headers.host)
+}

package/src/identity/wallet/browserWallet/requestServer.ts

@@ -1,7 +1,7 @@
 import http from 'node:http'
 import { randomUUID } from 'node:crypto'
 import { walletPage } from './html.js'
-import { readJson, respondHtml, respondJson } from './http.js'
+import { isAllowedWalletOrigin, readJson, respondHtml, respondJson } from './http.js'
 import { BrowserWalletError, type ReadyHandler } from './types.js'
 import {
   assertSessionToken,
@@ -43,6 +43,10 @@ export function startBrowserWalletServer<T>(args: {
 
     const handleRequest = async (req: http.IncomingMessage, res: http.ServerResponse): Promise<void> => {
       const url = new URL(req.url ?? '/', 'http://127.0.0.1')
+      if (req.method === 'POST' && !isAllowedWalletOrigin(req)) {
+        respondJson(res, 403, { ok: false, error: 'forbidden origin' })
+        return
+      }
       if (req.method === 'GET' && (url.pathname === '/' || url.pathname === '/ethagent')) {
         respondHtml(res, walletPage(args.title, sessionToken, args.payload))
         return

package/src/identity/wallet/browserWallet/requests.ts

@@ -1,4 +1,3 @@
-import { recoverAddressFromSignature } from '../../crypto/eth.js'
 import { normalizeWalletPayloadPurpose } from '../walletPurposeCompat.js'
 import { startBrowserWalletServer } from './requestServer.js'
 import type {
@@ -12,10 +11,11 @@ import type {
   TransactionRequest,
 } from './types.js'
 import {
-  accountMismatchError,
+  assertExpectedAccount,
   chainIdHex,
   parseAccount,
   parseHex,
+  verifyRecoveredAccount,
 } from './validation.js'
 
 export async function requestBrowserWalletAccount(args: AccountRequest = {}): Promise<BrowserWalletAccount> {
@@ -55,9 +55,7 @@ export async function requestBrowserWalletSignature(args: SignatureRequest): Pro
     }),
     prepare: body => {
       const account = parseAccount(body.account)
-      if (args.expectedAccount && account.toLowerCase() !== args.expectedAccount.toLowerCase()) {
-        throw accountMismatchError(account, args.expectedAccount, args.purpose)
-      }
+      assertExpectedAccount(account, args.expectedAccount, args.purpose)
       const message = args.messageForAccount ? args.messageForAccount(account) : args.message!
       return { message }
     },
@@ -65,13 +63,8 @@ export async function requestBrowserWalletSignature(args: SignatureRequest): Pro
       const account = parseAccount(body.account)
       const message = typeof body.message === 'string' ? body.message : ''
       const signature = parseHex(body.signature, 'wallet signature')
-      if (args.expectedAccount && account.toLowerCase() !== args.expectedAccount.toLowerCase()) {
-        throw accountMismatchError(account, args.expectedAccount, args.purpose)
-      }
-      const recovered = recoverAddressFromSignature(message, signature)
-      if (recovered.toLowerCase() !== account.toLowerCase()) {
-        throw new Error('Wallet signature does not match connected account')
-      }
+      assertExpectedAccount(account, args.expectedAccount, args.purpose)
+      verifyRecoveredAccount(message, signature, account)
       return { account, message, signature }
     },
   })
@@ -101,9 +94,7 @@ export async function sendBrowserWalletTransaction(args: TransactionRequest): Pr
     }),
     complete: body => {
       const account = parseAccount(body.account)
-      if (account.toLowerCase() !== args.expectedAccount.toLowerCase()) {
-        throw accountMismatchError(account, args.expectedAccount, args.purpose)
-      }
+      assertExpectedAccount(account, args.expectedAccount, args.purpose)
       return { account, txHash: parseHex(body.txHash, 'transaction hash') }
     },
   })
@@ -140,9 +131,7 @@ export async function requestBrowserWalletSignatureAndTransaction<TPrepared>(
     }),
     prepare: body => {
       const account = parseAccount(body.account)
-      if (args.expectedAccount && account.toLowerCase() !== args.expectedAccount.toLowerCase()) {
-        throw accountMismatchError(account, args.expectedAccount, args.purpose)
-      }
+      assertExpectedAccount(account, args.expectedAccount, args.purpose)
       const message = args.messageForAccount ? args.messageForAccount(account) : args.message!
       return { message }
     },
@@ -150,13 +139,8 @@ export async function requestBrowserWalletSignatureAndTransaction<TPrepared>(
       const account = parseAccount(body.account)
       const message = typeof body.message === 'string' ? body.message : ''
       const signature = parseHex(body.signature, 'wallet signature')
-      if (args.expectedAccount && account.toLowerCase() !== args.expectedAccount.toLowerCase()) {
-        throw accountMismatchError(account, args.expectedAccount, args.purpose)
-      }
-      const recovered = recoverAddressFromSignature(message, signature)
-      if (recovered.toLowerCase() !== account.toLowerCase()) {
-        throw new Error('Wallet signature does not match connected account')
-      }
+      assertExpectedAccount(account, args.expectedAccount, args.purpose)
+      verifyRecoveredAccount(message, signature, account)
       const next = await args.prepareTransaction({ account, message, signature })
       prepared = {
         account,
@@ -176,9 +160,7 @@ export async function requestBrowserWalletSignatureAndTransaction<TPrepared>(
     complete: body => {
       if (!prepared) throw new Error('Wallet transaction was not prepared')
       const account = parseAccount(body.account)
-      if (account.toLowerCase() !== prepared.account.toLowerCase()) {
-        throw accountMismatchError(account, prepared.account, args.purpose)
-      }
+      assertExpectedAccount(account, prepared.account, args.purpose)
       return {
         account,
         message: prepared.message,

package/src/identity/wallet/browserWallet/session.ts

@@ -1,9 +1,10 @@
 import http from 'node:http'
 import { randomUUID } from 'node:crypto'
-import { recoverAddressFromSignature } from '../../crypto/eth.js'
 import { normalizeWalletPayloadPurpose } from '../walletPurposeCompat.js'
 import { walletPage } from './html.js'
-import { readJson, respondHtml, respondJson } from './http.js'
+import { isAllowedWalletOrigin, readJson, respondHtml, respondJson } from './http.js'
+
+const SSE_DRAIN_MS = 250
 import {
   BrowserWalletError,
   type BrowserWalletSession,
@@ -15,11 +16,12 @@ import {
   type SignAndTransactionRequest,
 } from './types.js'
 import {
-  accountMismatchError,
+  assertExpectedAccount,
   chainIdHex,
   parseAccount,
   parseBrowserWalletErrorBody,
   parseHex,
+  verifyRecoveredAccount,
 } from './validation.js'
 
 export async function openBrowserWalletSession(args: {
@@ -47,6 +49,10 @@ export async function openBrowserWalletSession(args: {
 
   const handleRequest = async (req: http.IncomingMessage, res: http.ServerResponse): Promise<void> => {
     const url = new URL(req.url ?? '/', 'http://127.0.0.1')
+    if ((req.method === 'POST' || url.pathname === '/events') && !isAllowedWalletOrigin(req)) {
+      respondJson(res, 403, { ok: false, error: 'forbidden origin' })
+      return
+    }
     if (req.method === 'GET' && (url.pathname === '/' || url.pathname === '/ethagent')) {
       respondHtml(res, walletPage(title, '', { kind: 'session-wait' }))
       return
@@ -98,10 +104,15 @@ export async function openBrowserWalletSession(args: {
         return
       }
       const finished = pending
+      try {
+        finished.resolve(body)
+      } catch (err) {
+        respondJson(res, 400, { ok: false, error: (err as Error).message })
+        return
+      }
       pending = null
-      respondJson(res, 200, { ok: true })
       clearTimeout(finished.timeout)
-      finished.resolve(body)
+      respondJson(res, 200, { ok: true })
       return
     }
     if (req.method === 'POST' && url.pathname === '/cancel') {
@@ -167,7 +178,7 @@ export async function openBrowserWalletSession(args: {
         ...(opts.prepare ? { prepare: opts.prepare } : {}),
         ...(opts.prepareTransaction ? { prepareTransaction: opts.prepareTransaction } : {}),
         resolve: body => {
-          try { resolve(opts.complete(body)) } catch (err) { reject(err) }
+          resolve(opts.complete(body))
         },
         reject,
         timeout,
@@ -194,9 +205,7 @@ export async function openBrowserWalletSession(args: {
         ...(req.timeoutMs !== undefined ? { timeoutMs: req.timeoutMs } : {}),
         prepare: body => {
           const account = parseAccount(body.account)
-          if (req.expectedAccount && account.toLowerCase() !== req.expectedAccount.toLowerCase()) {
-            throw accountMismatchError(account, req.expectedAccount, req.purpose)
-          }
+          assertExpectedAccount(account, req.expectedAccount, req.purpose)
           const message = req.messageForAccount ? req.messageForAccount(account) : req.message!
           return { message }
         },
@@ -204,13 +213,8 @@ export async function openBrowserWalletSession(args: {
           const account = parseAccount(body.account)
           const message = typeof body.message === 'string' ? body.message : ''
           const signature = parseHex(body.signature, 'wallet signature')
-          if (req.expectedAccount && account.toLowerCase() !== req.expectedAccount.toLowerCase()) {
-            throw accountMismatchError(account, req.expectedAccount, req.purpose)
-          }
-          const recovered = recoverAddressFromSignature(message, signature)
-          if (recovered.toLowerCase() !== account.toLowerCase()) {
-            throw new Error('Wallet signature does not match connected account')
-          }
+          assertExpectedAccount(account, req.expectedAccount, req.purpose)
+          verifyRecoveredAccount(message, signature, account)
           return { account, message, signature }
         },
       })
@@ -229,9 +233,7 @@ export async function openBrowserWalletSession(args: {
       ...(req.timeoutMs !== undefined ? { timeoutMs: req.timeoutMs } : {}),
       complete: body => {
         const account = parseAccount(body.account)
-        if (account.toLowerCase() !== req.expectedAccount.toLowerCase()) {
-          throw accountMismatchError(account, req.expectedAccount, req.purpose)
-        }
+        assertExpectedAccount(account, req.expectedAccount, req.purpose)
         return { account, txHash: parseHex(body.txHash, 'transaction hash') }
       },
     }),
@@ -262,9 +264,7 @@ export async function openBrowserWalletSession(args: {
         ...(req.timeoutMs !== undefined ? { timeoutMs: req.timeoutMs } : {}),
         prepare: body => {
           const account = parseAccount(body.account)
-          if (req.expectedAccount && account.toLowerCase() !== req.expectedAccount.toLowerCase()) {
-            throw accountMismatchError(account, req.expectedAccount, req.purpose)
-          }
+          assertExpectedAccount(account, req.expectedAccount, req.purpose)
           const message = req.messageForAccount ? req.messageForAccount(account) : req.message!
           return { message }
         },
@@ -272,13 +272,8 @@ export async function openBrowserWalletSession(args: {
           const account = parseAccount(body.account)
           const message = typeof body.message === 'string' ? body.message : ''
           const signature = parseHex(body.signature, 'wallet signature')
-          if (req.expectedAccount && account.toLowerCase() !== req.expectedAccount.toLowerCase()) {
-            throw accountMismatchError(account, req.expectedAccount, req.purpose)
-          }
-          const recovered = recoverAddressFromSignature(message, signature)
-          if (recovered.toLowerCase() !== account.toLowerCase()) {
-            throw new Error('Wallet signature does not match connected account')
-          }
+          assertExpectedAccount(account, req.expectedAccount, req.purpose)
+          verifyRecoveredAccount(message, signature, account)
           const next = await req.prepareTransaction({ account, message, signature })
           prepared = {
             account,
@@ -296,9 +291,7 @@ export async function openBrowserWalletSession(args: {
         complete: body => {
           if (!prepared) throw new Error('Wallet transaction was not prepared')
           const account = parseAccount(body.account)
-          if (account.toLowerCase() !== prepared.account.toLowerCase()) {
-            throw accountMismatchError(account, prepared.account, req.purpose)
-          }
+          assertExpectedAccount(account, prepared.account, req.purpose)
           return {
             account,
             message: prepared.message,
@@ -314,7 +307,7 @@ export async function openBrowserWalletSession(args: {
       closed = true
       if (pending) failPending(new Error('wallet session closed before request completed'))
       pushEvent('done', {})
-      await new Promise(resolve => setTimeout(resolve, 250))
+      await new Promise(resolve => setTimeout(resolve, SSE_DRAIN_MS))
       for (const res of sseClients) {
         try { res.end() } catch { }
       }

package/src/identity/wallet/browserWallet/validation.ts

@@ -1,7 +1,21 @@
 import { getAddress, type Address, type Hex } from 'viem'
+import { recoverAddressFromSignature } from '../../crypto/eth.js'
 import { normalizeWalletPurposeValue } from '../walletPurposeCompat.js'
 import type { BrowserWalletErrorPayload, WalletPurpose } from './types.js'
 
+export function assertExpectedAccount(account: Address, expectedAccount: Address | undefined, purpose?: WalletPurpose): void {
+  if (expectedAccount && account.toLowerCase() !== expectedAccount.toLowerCase()) {
+    throw accountMismatchError(account, expectedAccount, purpose)
+  }
+}
+
+export function verifyRecoveredAccount(message: string, signature: Hex, account: Address): void {
+  const recovered = recoverAddressFromSignature(message, signature)
+  if (recovered.toLowerCase() !== account.toLowerCase()) {
+    throw new Error('Wallet signature does not match connected account')
+  }
+}
+
 export function parseBrowserWalletErrorBody(body: Record<string, unknown>): BrowserWalletErrorPayload {
   const message = typeof body.message === 'string' && body.message.trim() ? body.message.trim() : 'Wallet request failed'
   const code = typeof body.code === 'string' && body.code.trim() ? body.code.trim() : undefined

package/src/identity/wallet/browserWallet/walletPageSource.ts

@@ -2,39 +2,28 @@ import { existsSync, readFileSync } from 'node:fs'
 import { dirname, join } from 'node:path'
 import { fileURLToPath } from 'node:url'
 
-const WALLET_PAGE_ENTRY_FILE = 'page.tsx'
-const WALLET_PAGE_MODULE_FILES = [
-  join('page', 'types.ts'),
-  join('page', 'html.ts'),
-  join('page', 'constants.ts'),
-  join('page', 'styles', 'base.ts'),
-  join('page', 'styles', 'components.ts'),
-  join('page', 'styles', 'responsive.ts'),
-  join('page', 'styles', 'index.ts'),
-  join('page', 'markup.ts'),
-  join('page', 'grainient.ts'),
-  join('page', 'state.ts'),
-  join('page', 'copy.ts'),
-  join('page', 'errorView.ts'),
-  join('page', 'walletProvider.ts'),
-  join('page', 'view.ts'),
-  join('page', 'controller.ts'),
-] as const
+const WALLET_PAGE_DIR = 'page'
 
-export function walletPageSourceFiles(fromUrl = import.meta.url): string[] {
-  const sourceRoot = locateWalletPageSourceRoot(fromUrl)
-  return [
-    ...WALLET_PAGE_MODULE_FILES.map(file => join(sourceRoot, file)),
-    join(sourceRoot, WALLET_PAGE_ENTRY_FILE),
-  ]
-}
-
-export function walletPageSourceFile(relativeFile: string, fromUrl = import.meta.url): string {
-  return join(locateWalletPageSourceRoot(fromUrl), relativeFile)
-}
+const WALLET_PAGE_PARTS = [
+  'types.ts',
+  'constants.ts',
+  'css.ts',
+  'markup.ts',
+  'config.ts',
+  'copy.ts',
+  'errors.ts',
+  'provider.ts',
+  'view.ts',
+  'resize.ts',
+  'timeline.ts',
+  'state.ts',
+  'flow.ts',
+  'boot.ts',
+]
 
 export function loadWalletPageRawSource(fromUrl = import.meta.url): string {
-  return walletPageSourceFiles(fromUrl).map(file => readFileSync(file, 'utf8')).join('\n')
+  const dir = locateWalletPageSourceRoot(fromUrl)
+  return WALLET_PAGE_PARTS.map(part => readFileSync(join(dir, part), 'utf8')).join('\n')
 }
 
 export function loadWalletPageSource(fromUrl = import.meta.url): string {
@@ -61,25 +50,18 @@ export function stripWalletModuleSyntax(source: string): string {
 
 function locateWalletPageSourceRoot(fromUrl: string): string {
   for (const candidate of walletPageSourceRootCandidates(fromUrl)) {
-    if (hasWalletPageSourceFiles(candidate)) return candidate
+    if (existsSync(join(candidate, WALLET_PAGE_PARTS[0]!))) return candidate
   }
   throw new Error('could not locate browser wallet page source files')
 }
 
 function walletPageSourceRootCandidates(fromUrl: string): string[] {
   const start = dirname(fileURLToPath(fromUrl))
-  const candidates = [join(start, '..')]
+  const candidates = [join(start, '..', WALLET_PAGE_DIR)]
   for (let dir = start; ; dir = dirname(dir)) {
-    candidates.push(join(dir, 'src', 'identity', 'wallet'))
+    candidates.push(join(dir, 'src', 'identity', 'wallet', WALLET_PAGE_DIR))
     const parent = dirname(dir)
     if (parent === dir) break
   }
   return Array.from(new Set(candidates))
 }
-
-function hasWalletPageSourceFiles(sourceRoot: string): boolean {
-  return [
-    ...WALLET_PAGE_MODULE_FILES,
-    WALLET_PAGE_ENTRY_FILE,
-  ].every(file => existsSync(join(sourceRoot, file)))
-}

package/src/identity/wallet/page/boot.ts

@@ -0,0 +1,43 @@
+function attachWalletHandlers(): void {
+  if (handlersAttached) return
+  handlersAttached = true
+  approve.onclick = runWalletFlow
+  cancel.onclick = cancelFlow
+  window.addEventListener('keydown', (e) => {
+    if (e.key === 'Escape') {
+      if (!escapeAllowed()) { e.preventDefault(); return }
+      e.preventDefault()
+      cancelFlow()
+    } else if (e.key === 'Enter') {
+      if (!approve.hidden && !approve.disabled) { e.preventDefault(); runWalletFlow(); return }
+    }
+  })
+}
+
+export function bootWallet(): void {
+  initializeViewElements()
+  attachWalletHandlers()
+  applyFlowChrome()
+  setupCardResize()
+  if (!window.__WALLET_PREVIEW__) {
+    if (document.readyState === 'loading') {
+      document.addEventListener('DOMContentLoaded', bootWallet, { once: true })
+    } else {
+      if (config && config.kind === 'session-wait') {
+        startSessionMode()
+      } else {
+        runWalletFlow()
+      }
+    }
+  } else {
+    window.__walletPreview = {
+      setState,
+      setConfig: (c: Partial<WalletConfig>) => { Object.assign(config, c); applyFlowChrome() },
+    }
+    runWalletFlow()
+  }
+}
+
+injectStylesAndMarkup()
+
+bootWallet()

package/src/identity/wallet/page/config.ts

@@ -0,0 +1,59 @@
+export const config: WalletConfig =
+  (window.__WALLET_CONFIG__ as WalletConfig) || {
+    sessionToken: 'preview',
+    kind: 'sign',
+    chainIdHex: '0xaa36a7',
+    message: 'identity proof for 0x9F2a???BC4e',
+  }
+
+export const CHAINS: Record<string, { name: string }> = {
+  "0x1": { name: "Ethereum Mainnet" },
+  "0xaa36a7": { name: "Sepolia" },
+  "0x2105": { name: "Base" },
+  "0x14a34": { name: "Base Sepolia" },
+};
+
+export interface FlowCopy {
+  accent: string;
+  tabTitle: string;
+  label: string;
+  title: string;
+  subtitle: string;
+  detail: string | null;
+}
+
+export const FLOW_COPY: Record<string, FlowCopy> = {
+  account:            { accent: "sign",        tabTitle: "Connect Wallet",   label: "Connection Request",   title: "Connect Wallet",   subtitle: "Shares your wallet address with the agent. No signature or transaction.", detail: null },
+  sign:               { accent: "sign",        tabTitle: "Sign Message",     label: "Signature Request",    title: "Sign Message",     subtitle: "Signs a message to prove wallet ownership. No transaction.", detail: "message" },
+  "sign-transaction": { accent: "transaction", tabTitle: "Sign Snapshot",    label: "Snapshot Signature",   title: "Sign Snapshot",    subtitle: "Signs your encrypted agent snapshot for restore access.", detail: null },
+  transaction:        { accent: "transaction", tabTitle: "Submit Transaction", label: "Onchain Transaction", title: "Submit Transaction", subtitle: "Submits one onchain transaction from your wallet.", detail: "registry" },
+};
+
+export const TRANSACTION_TITLES: Record<string, string> = {
+  "register-agent": "Mint Agent Token",
+  "create-agent": "Create Agent",
+  "update-ens-records": "Submit With ENS Controller Wallet",
+  "clear-ens-records": "Submit With ENS Controller Wallet",
+  "create-simple-ens-subdomain": "Submit With Connected Wallet",
+  "set-simple-ens-records": "Submit With Connected Wallet",
+  "create-agent-ens-subdomain": "Owner Wallet Required",
+  "set-agent-ens-records": "Owner Wallet Required",
+  "publish-transfer-snapshot": "Sender Wallet: Publish Snapshot",
+};
+
+export function transactionPurposeTitle(): string {
+  const key = config.purpose || "";
+  const fromPurpose = PURPOSE_COPY[key]?.flowTitle;
+  const explicit = TRANSACTION_TITLES[key];
+  return fromPurpose || explicit || FLOW_COPY.transaction!.title;
+}
+
+export const STATE_TITLES = {
+  connecting: "Connecting Wallet",
+  approveSign: "Sign Message",
+  preparingTransaction: "Preparing Transaction",
+  approveTransaction: "Review Transaction",
+  error: "Wallet Error",
+  cancelled: "Cancelled",
+  default: "Wallet Action",
+};

package/src/identity/wallet/page/constants.ts

@@ -1,3 +1,15 @@
+export const glyphs = {
+  ellipsis: "…",
+};
+
+export function escapeHtml(value: unknown): string {
+  return String(value == null ? "" : value)
+    .replaceAll("&", "&")
+    .replaceAll("<", "&lt;")
+    .replaceAll(">", "&gt;")
+    .replaceAll("\"", "&quot;");
+}
+
 export const CLOSE_DELAY_MS = 10000
 export const TX_CLOSE_DELAY_MS = 10000
 export const CANCEL_CLOSE_DELAY_MS = 10000