kawasekit 0.1.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/asset-domain-4Ioxqn28.d.cts +348 -0
- package/dist/asset-domain-4Ioxqn28.d.ts +348 -0
- package/dist/{chunk-VPRR3TNA.js → chunk-5TTOAVHE.js} +65 -51
- package/dist/chunk-5TTOAVHE.js.map +1 -0
- package/dist/{chunk-YMABXRCK.js → chunk-6CNAYQOL.js} +2 -2
- package/dist/chunk-6CNAYQOL.js.map +1 -0
- package/dist/chunk-EUW7AZ4P.js +276 -0
- package/dist/chunk-EUW7AZ4P.js.map +1 -0
- package/dist/{chunk-E2EG72U2.js → chunk-G3UC6SME.js} +4 -9
- package/dist/chunk-G3UC6SME.js.map +1 -0
- package/dist/{chunk-UQ7WJY6O.js → chunk-RJLDKDWL.js} +2 -2
- package/dist/{chunk-UQ7WJY6O.js.map → chunk-RJLDKDWL.js.map} +1 -1
- package/dist/cli/index.cjs +1 -1
- package/dist/cli/index.js +6 -6
- package/dist/{index-BaAOB0xd.d.ts → index-C9tbaHPF.d.ts} +2 -2
- package/dist/{index-Z6AL1MR_.d.cts → index-CAmTA8xR.d.cts} +2 -2
- package/dist/index.cjs +236 -16
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +7 -172
- package/dist/index.d.ts +7 -172
- package/dist/index.js +5 -5
- package/dist/policy/index.cjs.map +1 -1
- package/dist/policy/index.d.cts +2 -2
- package/dist/policy/index.d.ts +2 -2
- package/dist/policy/index.js +1 -1
- package/dist/signer/index.cjs +227 -6
- package/dist/signer/index.cjs.map +1 -1
- package/dist/signer/index.d.cts +221 -6
- package/dist/signer/index.d.ts +221 -6
- package/dist/signer/index.js +3 -3
- package/dist/{spending-policy-DqBRDUxx.d.cts → spending-policy-BD2Mpm-L.d.ts} +4 -3
- package/dist/{spending-policy-DZSNHqnD.d.ts → spending-policy-CGIaBpg-.d.cts} +4 -3
- package/dist/{types-IEl-iOIx.d.cts → types-BLJU67HZ.d.cts} +11 -3
- package/dist/{types-IEl-iOIx.d.ts → types-BLJU67HZ.d.ts} +11 -3
- package/dist/x402/index.cjs +9 -6
- package/dist/x402/index.cjs.map +1 -1
- package/dist/x402/index.d.cts +3 -3
- package/dist/x402/index.d.ts +3 -3
- package/dist/x402/index.js +2 -2
- package/package.json +1 -1
- package/dist/asset-domain-CpJuDkI2.d.cts +0 -102
- package/dist/asset-domain-CpJuDkI2.d.ts +0 -102
- package/dist/chunk-E2EG72U2.js.map +0 -1
- package/dist/chunk-RUWCCP37.js +0 -76
- package/dist/chunk-RUWCCP37.js.map +0 -1
- package/dist/chunk-VPRR3TNA.js.map +0 -1
- package/dist/chunk-YMABXRCK.js.map +0 -1
package/dist/index.cjs
CHANGED
|
@@ -532,6 +532,12 @@ var PolicyGatedSignerConfigError = class extends Error {
|
|
|
532
532
|
this.reason = reason;
|
|
533
533
|
}
|
|
534
534
|
};
|
|
535
|
+
var CoSignUnavailableError = class extends Error {
|
|
536
|
+
constructor(message, options) {
|
|
537
|
+
super(message, options);
|
|
538
|
+
this.name = "CoSignUnavailableError";
|
|
539
|
+
}
|
|
540
|
+
};
|
|
535
541
|
|
|
536
542
|
// src/signer/gate.ts
|
|
537
543
|
function requireNonBypassable(signer) {
|
|
@@ -576,11 +582,11 @@ var X402PolicyRejectedError = class extends Error {
|
|
|
576
582
|
reason;
|
|
577
583
|
/** The full typed rejection (its `detail` never contains the nonce or signature). */
|
|
578
584
|
rejection;
|
|
579
|
-
constructor(
|
|
580
|
-
super(`x402 payment rejected by policy: ${
|
|
585
|
+
constructor(rejection2, options) {
|
|
586
|
+
super(`x402 payment rejected by policy: ${rejection2.reason} (${rejection2.detail})`, options);
|
|
581
587
|
this.name = "X402PolicyRejectedError";
|
|
582
|
-
this.reason =
|
|
583
|
-
this.rejection =
|
|
588
|
+
this.reason = rejection2.reason;
|
|
589
|
+
this.rejection = rejection2;
|
|
584
590
|
}
|
|
585
591
|
};
|
|
586
592
|
var KNOWN_ASSETS = [
|
|
@@ -646,6 +652,14 @@ function resolveAssetParam(asset) {
|
|
|
646
652
|
`unsupported kind ${JSON.stringify(exhaustive.kind)}. Expected "known" or "unsafeOverride".`
|
|
647
653
|
);
|
|
648
654
|
}
|
|
655
|
+
function resolvedAssetToEip3009Domain(asset, chainId) {
|
|
656
|
+
return {
|
|
657
|
+
name: asset.name,
|
|
658
|
+
version: asset.version,
|
|
659
|
+
chainId,
|
|
660
|
+
verifyingContract: asset.verifyingContract
|
|
661
|
+
};
|
|
662
|
+
}
|
|
649
663
|
var transferWithAuthorizationTypes = {
|
|
650
664
|
TransferWithAuthorization: [
|
|
651
665
|
{ name: "from", type: "address" },
|
|
@@ -797,12 +811,7 @@ function createLocalPolicyGatedSigner(params) {
|
|
|
797
811
|
}
|
|
798
812
|
const signed = await signTransferWithAuthorization(
|
|
799
813
|
account,
|
|
800
|
-
|
|
801
|
-
name: pinned.name,
|
|
802
|
-
version: pinned.version,
|
|
803
|
-
chainId: intent.chainId,
|
|
804
|
-
verifyingContract: pinned.verifyingContract
|
|
805
|
-
},
|
|
814
|
+
resolvedAssetToEip3009Domain(pinned, intent.chainId),
|
|
806
815
|
{
|
|
807
816
|
from,
|
|
808
817
|
to: intent.to,
|
|
@@ -826,6 +835,213 @@ function createLocalPolicyGatedSigner(params) {
|
|
|
826
835
|
};
|
|
827
836
|
}
|
|
828
837
|
|
|
838
|
+
// src/signer/mpc-2p-wire.ts
|
|
839
|
+
var WIRE_VERSION = 1;
|
|
840
|
+
function toWireIntent(intent) {
|
|
841
|
+
return {
|
|
842
|
+
token: intent.token.toLowerCase(),
|
|
843
|
+
chain_id: intent.chainId,
|
|
844
|
+
from: intent.from.toLowerCase(),
|
|
845
|
+
to: intent.to.toLowerCase(),
|
|
846
|
+
value: intent.value.toString(),
|
|
847
|
+
valid_after: intent.validAfter.toString(),
|
|
848
|
+
valid_before: intent.validBefore.toString(),
|
|
849
|
+
nonce: intent.nonce.toLowerCase()
|
|
850
|
+
};
|
|
851
|
+
}
|
|
852
|
+
function canonicalIntentBytes(intent) {
|
|
853
|
+
const lines = [
|
|
854
|
+
"kawasekit-mpc-2p/cosign-request/v2",
|
|
855
|
+
`token=${intent.token.toLowerCase()}`,
|
|
856
|
+
`chainId=${intent.chainId}`,
|
|
857
|
+
`from=${intent.from.toLowerCase()}`,
|
|
858
|
+
`to=${intent.to.toLowerCase()}`,
|
|
859
|
+
`value=${intent.value}`,
|
|
860
|
+
`validAfter=${intent.validAfter}`,
|
|
861
|
+
`validBefore=${intent.validBefore}`,
|
|
862
|
+
`nonce=${intent.nonce.toLowerCase()}`
|
|
863
|
+
];
|
|
864
|
+
return new TextEncoder().encode(lines.map((l) => `${l}
|
|
865
|
+
`).join(""));
|
|
866
|
+
}
|
|
867
|
+
|
|
868
|
+
// src/signer/mpc-2p.ts
|
|
869
|
+
var POLICY_REASONS = /* @__PURE__ */ new Set([
|
|
870
|
+
"revoked",
|
|
871
|
+
"expired",
|
|
872
|
+
"token_not_allowed",
|
|
873
|
+
"recipient_not_allowed",
|
|
874
|
+
"amount_exceeds_per_sign",
|
|
875
|
+
"amount_exceeds_cumulative",
|
|
876
|
+
"intent_digest_mismatch",
|
|
877
|
+
"unauthenticated",
|
|
878
|
+
"from_mismatch",
|
|
879
|
+
"nonce_reuse_conflict"
|
|
880
|
+
]);
|
|
881
|
+
function rejection(reason, detail) {
|
|
882
|
+
return { ok: false, rejection: { reason, detail } };
|
|
883
|
+
}
|
|
884
|
+
function createMpc2pPolicyGatedSigner(params) {
|
|
885
|
+
const { agent, transport, authenticator, session } = params;
|
|
886
|
+
const pinned = resolveAssetParam(params.asset);
|
|
887
|
+
const from = viem.getAddress(params.from);
|
|
888
|
+
const agentEoa = viem.getAddress(agent.groupEoa());
|
|
889
|
+
if (agentEoa !== from) {
|
|
890
|
+
throw new PolicyGatedSignerConfigError(
|
|
891
|
+
"from",
|
|
892
|
+
`the agent share controls ${agentEoa} but params.from is ${from}`
|
|
893
|
+
);
|
|
894
|
+
}
|
|
895
|
+
return {
|
|
896
|
+
enforcement: "cryptographic",
|
|
897
|
+
from,
|
|
898
|
+
async sign(intent) {
|
|
899
|
+
if (viem.getAddress(intent.from) !== from) {
|
|
900
|
+
return rejection(
|
|
901
|
+
"from_mismatch",
|
|
902
|
+
`intent.from ${viem.getAddress(intent.from)} does not equal signer.from ${from}`
|
|
903
|
+
);
|
|
904
|
+
}
|
|
905
|
+
if (viem.getAddress(intent.token) !== pinned.verifyingContract) {
|
|
906
|
+
return rejection(
|
|
907
|
+
"token_not_allowed",
|
|
908
|
+
`intent.token ${viem.getAddress(intent.token)} does not equal the signer's pinned verifyingContract ${pinned.verifyingContract}`
|
|
909
|
+
);
|
|
910
|
+
}
|
|
911
|
+
const digest = viem.hashTypedData({
|
|
912
|
+
domain: resolvedAssetToEip3009Domain(pinned, intent.chainId),
|
|
913
|
+
types: transferWithAuthorizationTypes,
|
|
914
|
+
primaryType: "TransferWithAuthorization",
|
|
915
|
+
message: {
|
|
916
|
+
from,
|
|
917
|
+
to: intent.to,
|
|
918
|
+
value: intent.value,
|
|
919
|
+
validAfter: intent.validAfter,
|
|
920
|
+
validBefore: intent.validBefore,
|
|
921
|
+
nonce: intent.nonce
|
|
922
|
+
}
|
|
923
|
+
});
|
|
924
|
+
const authTag = await authenticator.tag(canonicalIntentBytes(intent));
|
|
925
|
+
const conn = await openConnection(transport);
|
|
926
|
+
try {
|
|
927
|
+
return await runCeremony(conn, agent, session.id, intent, digest, authTag);
|
|
928
|
+
} finally {
|
|
929
|
+
try {
|
|
930
|
+
await conn.close();
|
|
931
|
+
} catch {
|
|
932
|
+
}
|
|
933
|
+
}
|
|
934
|
+
},
|
|
935
|
+
describe() {
|
|
936
|
+
return {
|
|
937
|
+
enforcement: "cryptographic",
|
|
938
|
+
from,
|
|
939
|
+
policyId: session.id,
|
|
940
|
+
notAfter: session.notAfter,
|
|
941
|
+
// The backend owns authoritative revocation (a revoked session → a
|
|
942
|
+
// rejection at sign time); this metadata field is best-effort.
|
|
943
|
+
revoked: false
|
|
944
|
+
};
|
|
945
|
+
}
|
|
946
|
+
};
|
|
947
|
+
}
|
|
948
|
+
async function openConnection(transport) {
|
|
949
|
+
try {
|
|
950
|
+
return await transport.connect();
|
|
951
|
+
} catch (cause) {
|
|
952
|
+
throw new CoSignUnavailableError("co-signer connection failed", { cause });
|
|
953
|
+
}
|
|
954
|
+
}
|
|
955
|
+
async function runCeremony(conn, agent, sessionId, intent, digest, authTag) {
|
|
956
|
+
const send = async (frame) => {
|
|
957
|
+
try {
|
|
958
|
+
await conn.send(frame);
|
|
959
|
+
} catch (cause) {
|
|
960
|
+
throw new CoSignUnavailableError("co-sign connection dropped while sending", { cause });
|
|
961
|
+
}
|
|
962
|
+
};
|
|
963
|
+
const recv = async () => {
|
|
964
|
+
let frame;
|
|
965
|
+
try {
|
|
966
|
+
frame = await conn.recv();
|
|
967
|
+
} catch (cause) {
|
|
968
|
+
throw new CoSignUnavailableError("co-sign connection dropped mid-ceremony", { cause });
|
|
969
|
+
}
|
|
970
|
+
if (frame.wire_version !== WIRE_VERSION) {
|
|
971
|
+
throw new CoSignUnavailableError(
|
|
972
|
+
`co-signer spoke wire_version ${frame.wire_version}, expected ${WIRE_VERSION}`
|
|
973
|
+
);
|
|
974
|
+
}
|
|
975
|
+
return frame;
|
|
976
|
+
};
|
|
977
|
+
await send({
|
|
978
|
+
wire_version: WIRE_VERSION,
|
|
979
|
+
kind: "request",
|
|
980
|
+
session_id: sessionId,
|
|
981
|
+
intent: toWireIntent(intent),
|
|
982
|
+
auth_tag: authTag
|
|
983
|
+
});
|
|
984
|
+
let first;
|
|
985
|
+
try {
|
|
986
|
+
first = agent.start(digest);
|
|
987
|
+
} catch (cause) {
|
|
988
|
+
throw new CoSignUnavailableError("the agent failed to start the ceremony", { cause });
|
|
989
|
+
}
|
|
990
|
+
await send({ wire_version: WIRE_VERSION, kind: "round", payload: first });
|
|
991
|
+
let agentSig = null;
|
|
992
|
+
for (; ; ) {
|
|
993
|
+
const frame = await recv();
|
|
994
|
+
switch (frame.kind) {
|
|
995
|
+
case "round": {
|
|
996
|
+
let step;
|
|
997
|
+
try {
|
|
998
|
+
step = agent.step(frame.payload);
|
|
999
|
+
} catch (cause) {
|
|
1000
|
+
throw new CoSignUnavailableError("the agent rejected a round frame", { cause });
|
|
1001
|
+
}
|
|
1002
|
+
if ("outbound" in step) {
|
|
1003
|
+
await send({ wire_version: WIRE_VERSION, kind: "round", payload: step.outbound });
|
|
1004
|
+
} else {
|
|
1005
|
+
agentSig = step.signature;
|
|
1006
|
+
}
|
|
1007
|
+
break;
|
|
1008
|
+
}
|
|
1009
|
+
case "result": {
|
|
1010
|
+
if (agentSig === null) {
|
|
1011
|
+
throw new CoSignUnavailableError(
|
|
1012
|
+
"the backend returned a result before the agent derived a signature"
|
|
1013
|
+
);
|
|
1014
|
+
}
|
|
1015
|
+
if (frame.r.toLowerCase() !== agentSig.r.toLowerCase() || frame.s.toLowerCase() !== agentSig.s.toLowerCase() || frame.v !== agentSig.v) {
|
|
1016
|
+
throw new CoSignUnavailableError("the backend and agent derived different signatures");
|
|
1017
|
+
}
|
|
1018
|
+
return { ok: true, signature: assembleSignature(agentSig), intent };
|
|
1019
|
+
}
|
|
1020
|
+
case "rejection": {
|
|
1021
|
+
if (POLICY_REASONS.has(frame.reason)) {
|
|
1022
|
+
return rejection(frame.reason, frame.detail);
|
|
1023
|
+
}
|
|
1024
|
+
throw new CoSignUnavailableError(
|
|
1025
|
+
`co-signer returned a non-policy rejection (${frame.reason}): ${frame.detail}`
|
|
1026
|
+
);
|
|
1027
|
+
}
|
|
1028
|
+
case "error": {
|
|
1029
|
+
throw new CoSignUnavailableError(`co-signer error: ${frame.message}`);
|
|
1030
|
+
}
|
|
1031
|
+
default: {
|
|
1032
|
+
throw new CoSignUnavailableError("co-signer sent an unexpected frame");
|
|
1033
|
+
}
|
|
1034
|
+
}
|
|
1035
|
+
}
|
|
1036
|
+
}
|
|
1037
|
+
function assembleSignature(sig) {
|
|
1038
|
+
const yParity = sig.v - 27;
|
|
1039
|
+
if (yParity !== 0 && yParity !== 1) {
|
|
1040
|
+
throw new CoSignUnavailableError(`malformed recovery id v=${sig.v} (expected 27 or 28)`);
|
|
1041
|
+
}
|
|
1042
|
+
return viem.serializeSignature({ r: sig.r, s: sig.s, yParity });
|
|
1043
|
+
}
|
|
1044
|
+
|
|
829
1045
|
// src/x402/types.ts
|
|
830
1046
|
var X402_VERSION = 2;
|
|
831
1047
|
var EIP155_PREFIX = "eip155:";
|
|
@@ -977,12 +1193,7 @@ function createX402PaymentSigner(params) {
|
|
|
977
1193
|
) : generateAuthorizationNonce();
|
|
978
1194
|
const signed = await signTransferWithAuthorization(
|
|
979
1195
|
account,
|
|
980
|
-
|
|
981
|
-
name: pinnedDomain.name,
|
|
982
|
-
version: pinnedDomain.version,
|
|
983
|
-
chainId,
|
|
984
|
-
verifyingContract: pinnedDomain.verifyingContract
|
|
985
|
-
},
|
|
1196
|
+
resolvedAssetToEip3009Domain(pinnedDomain, chainId),
|
|
986
1197
|
{
|
|
987
1198
|
from: account.address,
|
|
988
1199
|
to: payTo,
|
|
@@ -2827,6 +3038,7 @@ async function rotateSessionKey(params) {
|
|
|
2827
3038
|
}
|
|
2828
3039
|
|
|
2829
3040
|
exports.ChainNotSupportedError = ChainNotSupportedError;
|
|
3041
|
+
exports.CoSignUnavailableError = CoSignUnavailableError;
|
|
2830
3042
|
exports.IdempotencyConfigError = IdempotencyConfigError;
|
|
2831
3043
|
exports.IdempotencyRecordParseError = IdempotencyRecordParseError;
|
|
2832
3044
|
exports.IdempotencyRecordVersionError = IdempotencyRecordVersionError;
|
|
@@ -2844,6 +3056,7 @@ exports.SessionEnvelopeSignerMismatchError = SessionEnvelopeSignerMismatchError;
|
|
|
2844
3056
|
exports.SessionEnvelopeVersionError = SessionEnvelopeVersionError;
|
|
2845
3057
|
exports.SpendingPolicyConfigError = SpendingPolicyConfigError;
|
|
2846
3058
|
exports.TransferJpycInputError = TransferJpycInputError;
|
|
3059
|
+
exports.WIRE_VERSION = WIRE_VERSION;
|
|
2847
3060
|
exports.X402InvalidConfigError = X402InvalidConfigError;
|
|
2848
3061
|
exports.X402InvalidPayloadError = X402InvalidPayloadError;
|
|
2849
3062
|
exports.X402PolicyRejectedError = X402PolicyRejectedError;
|
|
@@ -2861,6 +3074,8 @@ exports.avalanche = avalanche;
|
|
|
2861
3074
|
exports.avalancheFuji = avalancheFuji;
|
|
2862
3075
|
exports.buildPaymentRequiredResponse = buildPaymentRequiredResponse;
|
|
2863
3076
|
exports.buildPaymentRequirements = buildPaymentRequirements;
|
|
3077
|
+
exports.cancelAuthorizationTypes = cancelAuthorizationTypes;
|
|
3078
|
+
exports.canonicalIntentBytes = canonicalIntentBytes;
|
|
2864
3079
|
exports.chainIdToX402Network = chainIdToX402Network;
|
|
2865
3080
|
exports.createAgentSmartAccount = createAgentSmartAccount;
|
|
2866
3081
|
exports.createCoinbaseFacilitator = createCoinbaseFacilitator;
|
|
@@ -2869,6 +3084,7 @@ exports.createIdempotencyKeyBuilder = createIdempotencyKeyBuilder;
|
|
|
2869
3084
|
exports.createInMemoryIdempotencyStore = createInMemoryIdempotencyStore;
|
|
2870
3085
|
exports.createJpycDailyLimitPolicies = createJpycDailyLimitPolicies;
|
|
2871
3086
|
exports.createLocalPolicyGatedSigner = createLocalPolicyGatedSigner;
|
|
3087
|
+
exports.createMpc2pPolicyGatedSigner = createMpc2pPolicyGatedSigner;
|
|
2872
3088
|
exports.createSelfFacilitator = createSelfFacilitator;
|
|
2873
3089
|
exports.createSpendingPolicy = createSpendingPolicy;
|
|
2874
3090
|
exports.createX402Handler = createX402Handler;
|
|
@@ -2904,7 +3120,9 @@ exports.parseIdempotencyRecord = parseIdempotencyRecord;
|
|
|
2904
3120
|
exports.parseSessionEnvelope = parseSessionEnvelope;
|
|
2905
3121
|
exports.polygon = polygon;
|
|
2906
3122
|
exports.polygonAmoy = polygonAmoy;
|
|
3123
|
+
exports.receiveWithAuthorizationTypes = receiveWithAuthorizationTypes;
|
|
2907
3124
|
exports.requireNonBypassable = requireNonBypassable;
|
|
3125
|
+
exports.resolvedAssetToEip3009Domain = resolvedAssetToEip3009Domain;
|
|
2908
3126
|
exports.restoreSessionAccount = restoreSessionAccount;
|
|
2909
3127
|
exports.revokeSessionKey = revokeSessionKey;
|
|
2910
3128
|
exports.rotateSessionKey = rotateSessionKey;
|
|
@@ -2915,7 +3133,9 @@ exports.signCancelAuthorization = signCancelAuthorization;
|
|
|
2915
3133
|
exports.signReceiveWithAuthorization = signReceiveWithAuthorization;
|
|
2916
3134
|
exports.signTransferWithAuthorization = signTransferWithAuthorization;
|
|
2917
3135
|
exports.supportedChains = supportedChains;
|
|
3136
|
+
exports.toWireIntent = toWireIntent;
|
|
2918
3137
|
exports.transferJpyc = transferJpyc;
|
|
3138
|
+
exports.transferWithAuthorizationTypes = transferWithAuthorizationTypes;
|
|
2919
3139
|
exports.wrapFetch = wrapFetch;
|
|
2920
3140
|
exports.x402NetworkToChainId = x402NetworkToChainId;
|
|
2921
3141
|
exports.zerodevRpcUrl = zerodevRpcUrl;
|