kawasekit 0.7.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-Y2LOACWO.js → chunk-DMP7YFGA.js} +37 -4
- package/dist/chunk-DMP7YFGA.js.map +1 -0
- package/dist/{chunk-N3CVLISJ.js → chunk-KYVAOUQV.js} +82 -22
- package/dist/chunk-KYVAOUQV.js.map +1 -0
- package/dist/cli/index.cjs +41 -26
- package/dist/cli/index.cjs.map +1 -1
- package/dist/cli/index.js +3 -3
- package/dist/{index-DFChv_fT.d.cts → index-FxiMeqpl.d.cts} +132 -15
- package/dist/{index-CSpNGigO.d.ts → index-RsuBt-Xw.d.ts} +132 -15
- package/dist/index.cjs +127 -34
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +77 -84
- package/dist/index.d.ts +77 -84
- package/dist/index.js +2 -2
- package/dist/session/index.cjs +41 -26
- package/dist/session/index.cjs.map +1 -1
- package/dist/session/index.d.cts +2 -2
- package/dist/session/index.d.ts +2 -2
- package/dist/session/index.js +1 -1
- package/package.json +1 -1
- package/dist/chunk-N3CVLISJ.js.map +0 -1
- package/dist/chunk-Y2LOACWO.js.map +0 -1
package/dist/cli/index.js
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
import { transferJpyc } from '../chunk-
|
|
2
|
+
import { transferJpyc } from '../chunk-DMP7YFGA.js';
|
|
3
3
|
import '../chunk-P5563RGP.js';
|
|
4
4
|
import '../chunk-PVUKX6IF.js';
|
|
5
5
|
import '../chunk-LEHWRDVS.js';
|
|
6
6
|
import '../chunk-TTX3RBIZ.js';
|
|
7
7
|
import '../chunk-QHUCU5YX.js';
|
|
8
|
-
import { issueSessionKey, serializeSessionEnvelope, restoreSessionAccount, revokeSessionKey, rotateSessionKey, parseSessionEnvelope } from '../chunk-
|
|
8
|
+
import { issueSessionKey, serializeSessionEnvelope, restoreSessionAccount, revokeSessionKey, rotateSessionKey, parseSessionEnvelope } from '../chunk-KYVAOUQV.js';
|
|
9
9
|
import '../chunk-NY6VLXQB.js';
|
|
10
10
|
import '../chunk-VJUXTVSW.js';
|
|
11
11
|
import '../chunk-WMVJNPX2.js';
|
|
@@ -980,7 +980,7 @@ function registerTransferCommand(program2) {
|
|
|
980
980
|
}
|
|
981
981
|
|
|
982
982
|
// cli/index.ts
|
|
983
|
-
var CLI_VERSION = "0.
|
|
983
|
+
var CLI_VERSION = "0.9.0" ;
|
|
984
984
|
var program = new Command();
|
|
985
985
|
program.name("kawasekit").description(
|
|
986
986
|
"kawasekit \u2014 CLI for the kawasekit SDK (AI-agent stablecoin payments, Japan-first, JPYC-native)."
|
|
@@ -1,10 +1,83 @@
|
|
|
1
|
-
import { Transport, Chain, Address, Hex,
|
|
1
|
+
import { LocalAccount, PublicClient, Transport, Chain, Address, Hex, Hash } from 'viem';
|
|
2
2
|
import { S as SupportedChainId } from './index-2fEOL83n.cjs';
|
|
3
3
|
import { Policy } from '@zerodev/permissions';
|
|
4
|
+
import { KernelValidator, CreateKernelAccountReturnType, KernelAccountClient } from '@zerodev/sdk';
|
|
4
5
|
import { EntryPointType, GetKernelVersion } from '@zerodev/sdk/types';
|
|
5
|
-
import { KernelAccountClient, CreateKernelAccountReturnType } from '@zerodev/sdk';
|
|
6
6
|
import { SmartAccount } from 'viem/account-abstraction';
|
|
7
7
|
|
|
8
|
+
/**
|
|
9
|
+
* Agent smart account = Kernel v3.1 + ECDSA sudo validator + session-key
|
|
10
|
+
* permission validator.
|
|
11
|
+
*
|
|
12
|
+
* The owner EOA keeps full control (sudo) and can revoke / rotate the session
|
|
13
|
+
* key at any time. The session key is the day-to-day signer the AI agent
|
|
14
|
+
* holds; whatever policies you attach (see {@link createJpycDailyLimitPolicies})
|
|
15
|
+
* are enforced at the ERC-4337 validation phase by ZeroDev's
|
|
16
|
+
* `PermissionValidator`. Violating userOps revert before execution — they
|
|
17
|
+
* never spend any of the smart account's funds, and a sponsored bundler
|
|
18
|
+
* cannot be tricked into paying for them either.
|
|
19
|
+
*
|
|
20
|
+
* @packageDocumentation
|
|
21
|
+
*/
|
|
22
|
+
|
|
23
|
+
/**
|
|
24
|
+
* Owner = ECDSA convenience XOR a pre-built sudo validator (weighted / passkey / MPC).
|
|
25
|
+
*
|
|
26
|
+
* @remarks Pass a pre-built validator via `sudoValidator`, never via `ownerSigner`.
|
|
27
|
+
* Because ZeroDev's `KernelValidator` structurally extends `LocalAccount`, a validator
|
|
28
|
+
* mis-passed in the `ownerSigner` slot type-checks and would be wrapped as an ECDSA
|
|
29
|
+
* signer (confusing downstream failure) rather than used as the sudo directly.
|
|
30
|
+
*/
|
|
31
|
+
type AgentOwner = {
|
|
32
|
+
readonly ownerSigner: LocalAccount;
|
|
33
|
+
readonly sudoValidator?: never;
|
|
34
|
+
} | {
|
|
35
|
+
readonly sudoValidator: KernelValidator;
|
|
36
|
+
readonly ownerSigner?: never;
|
|
37
|
+
};
|
|
38
|
+
/** Parameters for {@link createAgentSmartAccount}. */
|
|
39
|
+
type CreateAgentSmartAccountParams = {
|
|
40
|
+
readonly publicClient: PublicClient<Transport, Chain | undefined>;
|
|
41
|
+
readonly sessionKeySigner: LocalAccount;
|
|
42
|
+
readonly policies: readonly Policy[];
|
|
43
|
+
/** Bind to an existing deployed account (e.g. re-provision after recovery). */
|
|
44
|
+
readonly address?: Address;
|
|
45
|
+
readonly entryPoint?: EntryPointType<"0.7">;
|
|
46
|
+
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
47
|
+
} & AgentOwner;
|
|
48
|
+
/**
|
|
49
|
+
* Builds a Kernel v3.1 smart account with sudo (owner) + regular (session key)
|
|
50
|
+
* validators wired up.
|
|
51
|
+
*
|
|
52
|
+
* @example
|
|
53
|
+
* ```ts
|
|
54
|
+
* import { parseUnits } from "viem";
|
|
55
|
+
* import { privateKeyToAccount } from "viem/accounts";
|
|
56
|
+
* import {
|
|
57
|
+
* createAgentSmartAccount,
|
|
58
|
+
* createJpycDailyLimitPolicies,
|
|
59
|
+
* getJpycAddress,
|
|
60
|
+
* JPYC_DECIMALS,
|
|
61
|
+
* polygonAmoy,
|
|
62
|
+
* } from "kawasekit";
|
|
63
|
+
*
|
|
64
|
+
* const owner = privateKeyToAccount(process.env.OWNER_PRIVATE_KEY as `0x${string}`);
|
|
65
|
+
* const sessionKey = privateKeyToAccount(process.env.SESSION_KEY_PRIVATE_KEY as `0x${string}`);
|
|
66
|
+
*
|
|
67
|
+
* const account = await createAgentSmartAccount({
|
|
68
|
+
* publicClient,
|
|
69
|
+
* ownerSigner: owner,
|
|
70
|
+
* sessionKeySigner: sessionKey,
|
|
71
|
+
* policies: createJpycDailyLimitPolicies({
|
|
72
|
+
* jpycAddress: getJpycAddress(polygonAmoy.id),
|
|
73
|
+
* maxPerTransfer: parseUnits("100", JPYC_DECIMALS),
|
|
74
|
+
* maxTransfersPerDay: 10,
|
|
75
|
+
* }),
|
|
76
|
+
* });
|
|
77
|
+
* ```
|
|
78
|
+
*/
|
|
79
|
+
declare function createAgentSmartAccount(params: CreateAgentSmartAccountParams): Promise<CreateKernelAccountReturnType<"0.7">>;
|
|
80
|
+
|
|
8
81
|
/**
|
|
9
82
|
* High-level helper: transfer JPYC from a Kernel smart account via a sponsored
|
|
10
83
|
* UserOp.
|
|
@@ -231,22 +304,27 @@ declare class SessionEnvelopeParseError extends Error {
|
|
|
231
304
|
*/
|
|
232
305
|
|
|
233
306
|
/** Parameters for {@link issueSessionKey}. */
|
|
234
|
-
|
|
235
|
-
/**
|
|
236
|
-
* viem `PublicClient` on the chain the smart account will live on. Its
|
|
237
|
-
* `chain.id` MUST be a {@link SupportedChainId} and is recorded in the
|
|
238
|
-
* envelope so restore-time mismatches fail fast.
|
|
239
|
-
*/
|
|
307
|
+
type IssueSessionKeyParams = {
|
|
240
308
|
readonly publicClient: PublicClient<Transport, Chain>;
|
|
241
|
-
/** Owner EOA — retains sudo authority. */
|
|
242
|
-
readonly ownerSigner: LocalAccount;
|
|
243
|
-
/** Session-key EOA — the day-to-day signer the agent will hold. */
|
|
244
309
|
readonly sessionKeySigner: LocalAccount;
|
|
245
310
|
/**
|
|
246
|
-
* Policies the session key must satisfy at userOp validation time
|
|
247
|
-
*
|
|
311
|
+
* Policies the session key must satisfy at userOp validation time (e.g.
|
|
312
|
+
* {@link createJpycDailyLimitPolicies}). Supply the SAME policies in the SAME
|
|
313
|
+
* order to issue and to revoke (`buildRevokeSessionKeyCall`) — the validator
|
|
314
|
+
* identifier hashes the ordered policy array.
|
|
248
315
|
*/
|
|
249
316
|
readonly policies: readonly Policy[];
|
|
317
|
+
/** Bind issuance to an existing deployed account (re-provision after recovery). */
|
|
318
|
+
readonly address?: Address;
|
|
319
|
+
/**
|
|
320
|
+
* Weighted-enable seam (RFC-0003 U-B1). Called with the SDK-built permission
|
|
321
|
+
* validator; returns the enable signature for `serializePermissionAccount`'s
|
|
322
|
+
* 3rd arg. Omit for an ECDSA owner (the default single-signer enable). For a
|
|
323
|
+
* weighted sudo this is `approvePlugin(plugin)` + `encodeSignatures([approval], true)`,
|
|
324
|
+
* computed by the caller with their weighted client. A mismatch surfaces on-chain
|
|
325
|
+
* as `EnableNotApproved` at first use.
|
|
326
|
+
*/
|
|
327
|
+
readonly approveEnable?: (permissionValidator: KernelValidator) => Promise<Hex>;
|
|
250
328
|
/** Optional advisory expiry (unix seconds). Recorded in the envelope. */
|
|
251
329
|
readonly expiresAt?: bigint;
|
|
252
330
|
/** Optional advisory policy summary for host UI. */
|
|
@@ -255,7 +333,7 @@ interface IssueSessionKeyParams {
|
|
|
255
333
|
readonly entryPoint?: EntryPointType<"0.7">;
|
|
256
334
|
/** Kernel version override. Defaults to {@link KERNEL_V3_1}. */
|
|
257
335
|
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
258
|
-
}
|
|
336
|
+
} & AgentOwner;
|
|
259
337
|
/**
|
|
260
338
|
* Issues a fresh session key for an agent smart account.
|
|
261
339
|
*
|
|
@@ -507,6 +585,45 @@ interface RevokeSessionKeyResult {
|
|
|
507
585
|
* ```
|
|
508
586
|
*/
|
|
509
587
|
declare function revokeSessionKey(params: RevokeSessionKeyParams): Promise<RevokeSessionKeyResult>;
|
|
588
|
+
/** Parameters for {@link buildRevokeSessionKeyCall}. */
|
|
589
|
+
interface BuildRevokeSessionKeyCallParams {
|
|
590
|
+
/** A viem public client (the public API stays `PublicClient`; the shared builder widens to `Client` internally). */
|
|
591
|
+
readonly publicClient: PublicClient<Transport, Chain>;
|
|
592
|
+
/** The session-key signer the key was ISSUED with. */
|
|
593
|
+
readonly sessionKeySigner: LocalAccount;
|
|
594
|
+
/**
|
|
595
|
+
* The policies the key was issued with — identical policies in identical
|
|
596
|
+
* ORDER, since the validator identifier hashes the ordered policy array.
|
|
597
|
+
* A mismatch reverts at `uninstallValidation`.
|
|
598
|
+
*/
|
|
599
|
+
readonly policies: readonly Policy[];
|
|
600
|
+
/** The deployed agent smart-account address. */
|
|
601
|
+
readonly smartAccountAddress: Address;
|
|
602
|
+
readonly entryPoint?: EntryPointType<"0.7">;
|
|
603
|
+
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
604
|
+
}
|
|
605
|
+
/**
|
|
606
|
+
* Build the `uninstallValidation(vId, deinitData, hookDeinitData)` call that
|
|
607
|
+
* removes a session-key permission validator — a byte-exact reproduction of
|
|
608
|
+
* `@zerodev/sdk`'s `uninstallPlugin` inner call, which the SDK cannot call
|
|
609
|
+
* directly because it hardcodes the single-signer `sendUserOperation` path a
|
|
610
|
+
* weighted/passkey/MPC owner rejects.
|
|
611
|
+
*
|
|
612
|
+
* Submit it yourself: single-signer owners via {@link revokeSessionKey};
|
|
613
|
+
* weighted/passkey/MPC owners via their aggregate flow —
|
|
614
|
+
* `account.encodeCalls([{ to: smartAccountAddress, value: 0n, data }])` →
|
|
615
|
+
* `sendUserOperationWithSignatures`.
|
|
616
|
+
*
|
|
617
|
+
* @example
|
|
618
|
+
* ```ts
|
|
619
|
+
* const data = await buildRevokeSessionKeyCall({
|
|
620
|
+
* publicClient, sessionKeySigner, policies, smartAccountAddress,
|
|
621
|
+
* });
|
|
622
|
+
* const callData = await weightedAccount.encodeCalls([{ to: smartAccountAddress, value: 0n, data }]);
|
|
623
|
+
* // …approveUserOperation per signer → sendUserOperationWithSignatures(callData, signatures)
|
|
624
|
+
* ```
|
|
625
|
+
*/
|
|
626
|
+
declare function buildRevokeSessionKeyCall(params: BuildRevokeSessionKeyCallParams): Promise<Hex>;
|
|
510
627
|
|
|
511
628
|
/**
|
|
512
629
|
* `rotateSessionKey()` — a thin compositional helper that revokes the
|
|
@@ -563,4 +680,4 @@ interface RotateSessionKeyResult {
|
|
|
563
680
|
*/
|
|
564
681
|
declare function rotateSessionKey(params: RotateSessionKeyParams): Promise<RotateSessionKeyResult>;
|
|
565
682
|
|
|
566
|
-
export { type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type
|
|
683
|
+
export { type AgentOwner as A, type BuildRevokeSessionKeyCallParams as B, type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type CreateAgentSmartAccountParams as a, type KawasekitSessionEnvelope as b, type KawasekitSessionEnvelopeVersion as c, type KawasekitSessionPolicySummary as d, type RevokeSessionKeyParams as e, type RevokeSessionKeyResult as f, type RotateSessionKeyParams as g, type RotateSessionKeyResult as h, SessionEnvelopeParseError as i, SessionEnvelopeSignerMismatchError as j, SessionEnvelopeVersionError as k, type TransferJpycParams as l, type TransferJpycResult as m, buildRevokeSessionKeyCall as n, createAgentSmartAccount as o, issueSessionKey as p, parseSessionEnvelope as q, restoreSessionAccount as r, revokeSessionKey as s, rotateSessionKey as t, serializeSessionEnvelope as u, transferJpyc as v };
|
|
@@ -1,10 +1,83 @@
|
|
|
1
|
-
import { Transport, Chain, Address, Hex,
|
|
1
|
+
import { LocalAccount, PublicClient, Transport, Chain, Address, Hex, Hash } from 'viem';
|
|
2
2
|
import { S as SupportedChainId } from './index-2fEOL83n.js';
|
|
3
3
|
import { Policy } from '@zerodev/permissions';
|
|
4
|
+
import { KernelValidator, CreateKernelAccountReturnType, KernelAccountClient } from '@zerodev/sdk';
|
|
4
5
|
import { EntryPointType, GetKernelVersion } from '@zerodev/sdk/types';
|
|
5
|
-
import { KernelAccountClient, CreateKernelAccountReturnType } from '@zerodev/sdk';
|
|
6
6
|
import { SmartAccount } from 'viem/account-abstraction';
|
|
7
7
|
|
|
8
|
+
/**
|
|
9
|
+
* Agent smart account = Kernel v3.1 + ECDSA sudo validator + session-key
|
|
10
|
+
* permission validator.
|
|
11
|
+
*
|
|
12
|
+
* The owner EOA keeps full control (sudo) and can revoke / rotate the session
|
|
13
|
+
* key at any time. The session key is the day-to-day signer the AI agent
|
|
14
|
+
* holds; whatever policies you attach (see {@link createJpycDailyLimitPolicies})
|
|
15
|
+
* are enforced at the ERC-4337 validation phase by ZeroDev's
|
|
16
|
+
* `PermissionValidator`. Violating userOps revert before execution — they
|
|
17
|
+
* never spend any of the smart account's funds, and a sponsored bundler
|
|
18
|
+
* cannot be tricked into paying for them either.
|
|
19
|
+
*
|
|
20
|
+
* @packageDocumentation
|
|
21
|
+
*/
|
|
22
|
+
|
|
23
|
+
/**
|
|
24
|
+
* Owner = ECDSA convenience XOR a pre-built sudo validator (weighted / passkey / MPC).
|
|
25
|
+
*
|
|
26
|
+
* @remarks Pass a pre-built validator via `sudoValidator`, never via `ownerSigner`.
|
|
27
|
+
* Because ZeroDev's `KernelValidator` structurally extends `LocalAccount`, a validator
|
|
28
|
+
* mis-passed in the `ownerSigner` slot type-checks and would be wrapped as an ECDSA
|
|
29
|
+
* signer (confusing downstream failure) rather than used as the sudo directly.
|
|
30
|
+
*/
|
|
31
|
+
type AgentOwner = {
|
|
32
|
+
readonly ownerSigner: LocalAccount;
|
|
33
|
+
readonly sudoValidator?: never;
|
|
34
|
+
} | {
|
|
35
|
+
readonly sudoValidator: KernelValidator;
|
|
36
|
+
readonly ownerSigner?: never;
|
|
37
|
+
};
|
|
38
|
+
/** Parameters for {@link createAgentSmartAccount}. */
|
|
39
|
+
type CreateAgentSmartAccountParams = {
|
|
40
|
+
readonly publicClient: PublicClient<Transport, Chain | undefined>;
|
|
41
|
+
readonly sessionKeySigner: LocalAccount;
|
|
42
|
+
readonly policies: readonly Policy[];
|
|
43
|
+
/** Bind to an existing deployed account (e.g. re-provision after recovery). */
|
|
44
|
+
readonly address?: Address;
|
|
45
|
+
readonly entryPoint?: EntryPointType<"0.7">;
|
|
46
|
+
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
47
|
+
} & AgentOwner;
|
|
48
|
+
/**
|
|
49
|
+
* Builds a Kernel v3.1 smart account with sudo (owner) + regular (session key)
|
|
50
|
+
* validators wired up.
|
|
51
|
+
*
|
|
52
|
+
* @example
|
|
53
|
+
* ```ts
|
|
54
|
+
* import { parseUnits } from "viem";
|
|
55
|
+
* import { privateKeyToAccount } from "viem/accounts";
|
|
56
|
+
* import {
|
|
57
|
+
* createAgentSmartAccount,
|
|
58
|
+
* createJpycDailyLimitPolicies,
|
|
59
|
+
* getJpycAddress,
|
|
60
|
+
* JPYC_DECIMALS,
|
|
61
|
+
* polygonAmoy,
|
|
62
|
+
* } from "kawasekit";
|
|
63
|
+
*
|
|
64
|
+
* const owner = privateKeyToAccount(process.env.OWNER_PRIVATE_KEY as `0x${string}`);
|
|
65
|
+
* const sessionKey = privateKeyToAccount(process.env.SESSION_KEY_PRIVATE_KEY as `0x${string}`);
|
|
66
|
+
*
|
|
67
|
+
* const account = await createAgentSmartAccount({
|
|
68
|
+
* publicClient,
|
|
69
|
+
* ownerSigner: owner,
|
|
70
|
+
* sessionKeySigner: sessionKey,
|
|
71
|
+
* policies: createJpycDailyLimitPolicies({
|
|
72
|
+
* jpycAddress: getJpycAddress(polygonAmoy.id),
|
|
73
|
+
* maxPerTransfer: parseUnits("100", JPYC_DECIMALS),
|
|
74
|
+
* maxTransfersPerDay: 10,
|
|
75
|
+
* }),
|
|
76
|
+
* });
|
|
77
|
+
* ```
|
|
78
|
+
*/
|
|
79
|
+
declare function createAgentSmartAccount(params: CreateAgentSmartAccountParams): Promise<CreateKernelAccountReturnType<"0.7">>;
|
|
80
|
+
|
|
8
81
|
/**
|
|
9
82
|
* High-level helper: transfer JPYC from a Kernel smart account via a sponsored
|
|
10
83
|
* UserOp.
|
|
@@ -231,22 +304,27 @@ declare class SessionEnvelopeParseError extends Error {
|
|
|
231
304
|
*/
|
|
232
305
|
|
|
233
306
|
/** Parameters for {@link issueSessionKey}. */
|
|
234
|
-
|
|
235
|
-
/**
|
|
236
|
-
* viem `PublicClient` on the chain the smart account will live on. Its
|
|
237
|
-
* `chain.id` MUST be a {@link SupportedChainId} and is recorded in the
|
|
238
|
-
* envelope so restore-time mismatches fail fast.
|
|
239
|
-
*/
|
|
307
|
+
type IssueSessionKeyParams = {
|
|
240
308
|
readonly publicClient: PublicClient<Transport, Chain>;
|
|
241
|
-
/** Owner EOA — retains sudo authority. */
|
|
242
|
-
readonly ownerSigner: LocalAccount;
|
|
243
|
-
/** Session-key EOA — the day-to-day signer the agent will hold. */
|
|
244
309
|
readonly sessionKeySigner: LocalAccount;
|
|
245
310
|
/**
|
|
246
|
-
* Policies the session key must satisfy at userOp validation time
|
|
247
|
-
*
|
|
311
|
+
* Policies the session key must satisfy at userOp validation time (e.g.
|
|
312
|
+
* {@link createJpycDailyLimitPolicies}). Supply the SAME policies in the SAME
|
|
313
|
+
* order to issue and to revoke (`buildRevokeSessionKeyCall`) — the validator
|
|
314
|
+
* identifier hashes the ordered policy array.
|
|
248
315
|
*/
|
|
249
316
|
readonly policies: readonly Policy[];
|
|
317
|
+
/** Bind issuance to an existing deployed account (re-provision after recovery). */
|
|
318
|
+
readonly address?: Address;
|
|
319
|
+
/**
|
|
320
|
+
* Weighted-enable seam (RFC-0003 U-B1). Called with the SDK-built permission
|
|
321
|
+
* validator; returns the enable signature for `serializePermissionAccount`'s
|
|
322
|
+
* 3rd arg. Omit for an ECDSA owner (the default single-signer enable). For a
|
|
323
|
+
* weighted sudo this is `approvePlugin(plugin)` + `encodeSignatures([approval], true)`,
|
|
324
|
+
* computed by the caller with their weighted client. A mismatch surfaces on-chain
|
|
325
|
+
* as `EnableNotApproved` at first use.
|
|
326
|
+
*/
|
|
327
|
+
readonly approveEnable?: (permissionValidator: KernelValidator) => Promise<Hex>;
|
|
250
328
|
/** Optional advisory expiry (unix seconds). Recorded in the envelope. */
|
|
251
329
|
readonly expiresAt?: bigint;
|
|
252
330
|
/** Optional advisory policy summary for host UI. */
|
|
@@ -255,7 +333,7 @@ interface IssueSessionKeyParams {
|
|
|
255
333
|
readonly entryPoint?: EntryPointType<"0.7">;
|
|
256
334
|
/** Kernel version override. Defaults to {@link KERNEL_V3_1}. */
|
|
257
335
|
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
258
|
-
}
|
|
336
|
+
} & AgentOwner;
|
|
259
337
|
/**
|
|
260
338
|
* Issues a fresh session key for an agent smart account.
|
|
261
339
|
*
|
|
@@ -507,6 +585,45 @@ interface RevokeSessionKeyResult {
|
|
|
507
585
|
* ```
|
|
508
586
|
*/
|
|
509
587
|
declare function revokeSessionKey(params: RevokeSessionKeyParams): Promise<RevokeSessionKeyResult>;
|
|
588
|
+
/** Parameters for {@link buildRevokeSessionKeyCall}. */
|
|
589
|
+
interface BuildRevokeSessionKeyCallParams {
|
|
590
|
+
/** A viem public client (the public API stays `PublicClient`; the shared builder widens to `Client` internally). */
|
|
591
|
+
readonly publicClient: PublicClient<Transport, Chain>;
|
|
592
|
+
/** The session-key signer the key was ISSUED with. */
|
|
593
|
+
readonly sessionKeySigner: LocalAccount;
|
|
594
|
+
/**
|
|
595
|
+
* The policies the key was issued with — identical policies in identical
|
|
596
|
+
* ORDER, since the validator identifier hashes the ordered policy array.
|
|
597
|
+
* A mismatch reverts at `uninstallValidation`.
|
|
598
|
+
*/
|
|
599
|
+
readonly policies: readonly Policy[];
|
|
600
|
+
/** The deployed agent smart-account address. */
|
|
601
|
+
readonly smartAccountAddress: Address;
|
|
602
|
+
readonly entryPoint?: EntryPointType<"0.7">;
|
|
603
|
+
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
604
|
+
}
|
|
605
|
+
/**
|
|
606
|
+
* Build the `uninstallValidation(vId, deinitData, hookDeinitData)` call that
|
|
607
|
+
* removes a session-key permission validator — a byte-exact reproduction of
|
|
608
|
+
* `@zerodev/sdk`'s `uninstallPlugin` inner call, which the SDK cannot call
|
|
609
|
+
* directly because it hardcodes the single-signer `sendUserOperation` path a
|
|
610
|
+
* weighted/passkey/MPC owner rejects.
|
|
611
|
+
*
|
|
612
|
+
* Submit it yourself: single-signer owners via {@link revokeSessionKey};
|
|
613
|
+
* weighted/passkey/MPC owners via their aggregate flow —
|
|
614
|
+
* `account.encodeCalls([{ to: smartAccountAddress, value: 0n, data }])` →
|
|
615
|
+
* `sendUserOperationWithSignatures`.
|
|
616
|
+
*
|
|
617
|
+
* @example
|
|
618
|
+
* ```ts
|
|
619
|
+
* const data = await buildRevokeSessionKeyCall({
|
|
620
|
+
* publicClient, sessionKeySigner, policies, smartAccountAddress,
|
|
621
|
+
* });
|
|
622
|
+
* const callData = await weightedAccount.encodeCalls([{ to: smartAccountAddress, value: 0n, data }]);
|
|
623
|
+
* // …approveUserOperation per signer → sendUserOperationWithSignatures(callData, signatures)
|
|
624
|
+
* ```
|
|
625
|
+
*/
|
|
626
|
+
declare function buildRevokeSessionKeyCall(params: BuildRevokeSessionKeyCallParams): Promise<Hex>;
|
|
510
627
|
|
|
511
628
|
/**
|
|
512
629
|
* `rotateSessionKey()` — a thin compositional helper that revokes the
|
|
@@ -563,4 +680,4 @@ interface RotateSessionKeyResult {
|
|
|
563
680
|
*/
|
|
564
681
|
declare function rotateSessionKey(params: RotateSessionKeyParams): Promise<RotateSessionKeyResult>;
|
|
565
682
|
|
|
566
|
-
export { type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type
|
|
683
|
+
export { type AgentOwner as A, type BuildRevokeSessionKeyCallParams as B, type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type CreateAgentSmartAccountParams as a, type KawasekitSessionEnvelope as b, type KawasekitSessionEnvelopeVersion as c, type KawasekitSessionPolicySummary as d, type RevokeSessionKeyParams as e, type RevokeSessionKeyResult as f, type RotateSessionKeyParams as g, type RotateSessionKeyResult as h, SessionEnvelopeParseError as i, SessionEnvelopeSignerMismatchError as j, SessionEnvelopeVersionError as k, type TransferJpycParams as l, type TransferJpycResult as m, buildRevokeSessionKeyCall as n, createAgentSmartAccount as o, issueSessionKey as p, parseSessionEnvelope as q, restoreSessionAccount as r, revokeSessionKey as s, rotateSessionKey as t, serializeSessionEnvelope as u, transferJpyc as v };
|
package/dist/index.cjs
CHANGED
|
@@ -10,26 +10,49 @@ var viem = require('viem');
|
|
|
10
10
|
var policies = require('@zerodev/permissions/policies');
|
|
11
11
|
|
|
12
12
|
// src/account/session-key.ts
|
|
13
|
+
async function resolveSudoValidator(params) {
|
|
14
|
+
if (params.ownerSigner !== void 0 && params.sudoValidator !== void 0) {
|
|
15
|
+
throw new Error("kawasekit: pass exactly one of `ownerSigner` or `sudoValidator`, not both.");
|
|
16
|
+
}
|
|
17
|
+
if (params.sudoValidator !== void 0) return params.sudoValidator;
|
|
18
|
+
if (params.ownerSigner === void 0) {
|
|
19
|
+
throw new Error("kawasekit: pass one of `ownerSigner` (ECDSA) or `sudoValidator` (pre-built).");
|
|
20
|
+
}
|
|
21
|
+
return ecdsaValidator.signerToEcdsaValidator(params.publicClient, {
|
|
22
|
+
signer: params.ownerSigner,
|
|
23
|
+
entryPoint: params.entryPoint,
|
|
24
|
+
kernelVersion: params.kernelVersion
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
async function buildSessionPermissionValidator(params) {
|
|
28
|
+
const signer = await signers.toECDSASigner({ signer: params.sessionKeySigner });
|
|
29
|
+
return permissions.toPermissionValidator(params.publicClient, {
|
|
30
|
+
signer,
|
|
31
|
+
policies: [...params.policies],
|
|
32
|
+
entryPoint: params.entryPoint,
|
|
33
|
+
kernelVersion: params.kernelVersion
|
|
34
|
+
});
|
|
35
|
+
}
|
|
13
36
|
async function createAgentSmartAccount(params) {
|
|
14
37
|
const entryPoint = params.entryPoint ?? constants.getEntryPoint("0.7");
|
|
15
38
|
const kernelVersion = params.kernelVersion ?? constants.KERNEL_V3_1;
|
|
16
|
-
const sudoValidator = await
|
|
17
|
-
|
|
39
|
+
const sudoValidator = await resolveSudoValidator({
|
|
40
|
+
publicClient: params.publicClient,
|
|
41
|
+
ownerSigner: params.ownerSigner,
|
|
42
|
+
sudoValidator: params.sudoValidator,
|
|
18
43
|
entryPoint,
|
|
19
44
|
kernelVersion
|
|
20
45
|
});
|
|
21
|
-
const
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
policies:
|
|
46
|
+
const permissionValidator = await buildSessionPermissionValidator({
|
|
47
|
+
publicClient: params.publicClient,
|
|
48
|
+
sessionKeySigner: params.sessionKeySigner,
|
|
49
|
+
policies: params.policies,
|
|
25
50
|
entryPoint,
|
|
26
51
|
kernelVersion
|
|
27
52
|
});
|
|
28
53
|
return sdk.createKernelAccount(params.publicClient, {
|
|
29
|
-
plugins: {
|
|
30
|
-
|
|
31
|
-
regular: permissionValidator
|
|
32
|
-
},
|
|
54
|
+
plugins: { sudo: sudoValidator, regular: permissionValidator },
|
|
55
|
+
...params.address !== void 0 ? { address: params.address } : {},
|
|
33
56
|
entryPoint,
|
|
34
57
|
kernelVersion
|
|
35
58
|
});
|
|
@@ -123,6 +146,55 @@ function getChain(chainId) {
|
|
|
123
146
|
return chain;
|
|
124
147
|
}
|
|
125
148
|
|
|
149
|
+
// src/observability/hooks.ts
|
|
150
|
+
function invokeHookSafely(hook, event) {
|
|
151
|
+
if (hook === void 0) return;
|
|
152
|
+
try {
|
|
153
|
+
const result = hook(event);
|
|
154
|
+
if (result instanceof Promise) {
|
|
155
|
+
result.catch(() => {
|
|
156
|
+
});
|
|
157
|
+
}
|
|
158
|
+
} catch {
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
function extractAcceptedNetworks(requirements) {
|
|
162
|
+
return requirements.map((req) => req.network);
|
|
163
|
+
}
|
|
164
|
+
|
|
165
|
+
// src/client/sponsored-kernel-client.ts
|
|
166
|
+
async function sponsorWithObservability(sponsor, account, observability) {
|
|
167
|
+
try {
|
|
168
|
+
const data = await sponsor();
|
|
169
|
+
invokeHookSafely(observability?.onSponsor, { account });
|
|
170
|
+
return data;
|
|
171
|
+
} catch (error) {
|
|
172
|
+
invokeHookSafely(observability?.onSponsorError, { account, error });
|
|
173
|
+
throw error;
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
function createSponsoredKernelClient(params) {
|
|
177
|
+
const paymasterClient = sdk.createZeroDevPaymasterClient({
|
|
178
|
+
chain: params.chain,
|
|
179
|
+
transport: viem.http(params.zerodevRpc)
|
|
180
|
+
});
|
|
181
|
+
const client = sdk.createKernelAccountClient({
|
|
182
|
+
account: params.account,
|
|
183
|
+
chain: params.chain,
|
|
184
|
+
// exactOptionalPropertyTypes: only pass `client` when given (never `undefined`).
|
|
185
|
+
...params.publicClient !== void 0 ? { client: params.publicClient } : {},
|
|
186
|
+
bundlerTransport: viem.http(params.zerodevRpc),
|
|
187
|
+
paymaster: {
|
|
188
|
+
getPaymasterData: (userOperation) => sponsorWithObservability(
|
|
189
|
+
() => paymasterClient.sponsorUserOperation({ userOperation }),
|
|
190
|
+
params.account.address,
|
|
191
|
+
params.observability
|
|
192
|
+
)
|
|
193
|
+
}
|
|
194
|
+
});
|
|
195
|
+
return client;
|
|
196
|
+
}
|
|
197
|
+
|
|
126
198
|
// src/tokens/jpyc.ts
|
|
127
199
|
var JPYC_DECIMALS = 18;
|
|
128
200
|
var JPYC_EIP712_DOMAIN_HINT = {
|
|
@@ -1599,24 +1671,6 @@ function encodePaymentResponseHeader(payload) {
|
|
|
1599
1671
|
function decodePaymentResponseHeader(headerValue) {
|
|
1600
1672
|
return decodeHeader(X402_HEADER_PAYMENT_RESPONSE, headerValue);
|
|
1601
1673
|
}
|
|
1602
|
-
|
|
1603
|
-
// src/observability/hooks.ts
|
|
1604
|
-
function invokeHookSafely(hook, event) {
|
|
1605
|
-
if (hook === void 0) return;
|
|
1606
|
-
try {
|
|
1607
|
-
const result = hook(event);
|
|
1608
|
-
if (result instanceof Promise) {
|
|
1609
|
-
result.catch(() => {
|
|
1610
|
-
});
|
|
1611
|
-
}
|
|
1612
|
-
} catch {
|
|
1613
|
-
}
|
|
1614
|
-
}
|
|
1615
|
-
function extractAcceptedNetworks(requirements) {
|
|
1616
|
-
return requirements.map((req) => req.network);
|
|
1617
|
-
}
|
|
1618
|
-
|
|
1619
|
-
// src/x402/facilitator.ts
|
|
1620
1674
|
var X402_FACILITATOR_ERROR_CODES = {
|
|
1621
1675
|
insufficient_funds: "insufficient_funds",
|
|
1622
1676
|
invalid_exact_evm_payload_authorization_valid_after: "invalid_exact_evm_payload_authorization_valid_after",
|
|
@@ -3130,15 +3184,28 @@ async function issueSessionKey(params) {
|
|
|
3130
3184
|
const supportedChainId = chainId;
|
|
3131
3185
|
const entryPoint = params.entryPoint ?? constants.getEntryPoint("0.7");
|
|
3132
3186
|
const kernelVersion = params.kernelVersion ?? constants.KERNEL_V3_1;
|
|
3133
|
-
const
|
|
3187
|
+
const sudoValidator = await resolveSudoValidator({
|
|
3134
3188
|
publicClient: params.publicClient,
|
|
3135
3189
|
ownerSigner: params.ownerSigner,
|
|
3190
|
+
sudoValidator: params.sudoValidator,
|
|
3191
|
+
entryPoint,
|
|
3192
|
+
kernelVersion
|
|
3193
|
+
});
|
|
3194
|
+
const permissionValidator = await buildSessionPermissionValidator({
|
|
3195
|
+
publicClient: params.publicClient,
|
|
3136
3196
|
sessionKeySigner: params.sessionKeySigner,
|
|
3137
3197
|
policies: params.policies,
|
|
3138
3198
|
entryPoint,
|
|
3139
3199
|
kernelVersion
|
|
3140
3200
|
});
|
|
3141
|
-
const
|
|
3201
|
+
const account = await sdk.createKernelAccount(params.publicClient, {
|
|
3202
|
+
plugins: { sudo: sudoValidator, regular: permissionValidator },
|
|
3203
|
+
...params.address !== void 0 ? { address: params.address } : {},
|
|
3204
|
+
entryPoint,
|
|
3205
|
+
kernelVersion
|
|
3206
|
+
});
|
|
3207
|
+
const enableSignature = params.approveEnable ? await params.approveEnable(permissionValidator) : void 0;
|
|
3208
|
+
const serialized = enableSignature ? await permissions.serializePermissionAccount(account, void 0, enableSignature) : await permissions.serializePermissionAccount(account);
|
|
3142
3209
|
const base = {
|
|
3143
3210
|
kawasekitVersion: KAWASEKIT_SESSION_ENVELOPE_VERSION,
|
|
3144
3211
|
chainId: supportedChainId,
|
|
@@ -3214,10 +3281,10 @@ async function revokeSessionKey(params) {
|
|
|
3214
3281
|
"revokeSessionKey: ownerKernelClient.client is undefined \u2014 pass `client: publicClient` when constructing the Kernel client so the validator can be reconstructed."
|
|
3215
3282
|
);
|
|
3216
3283
|
}
|
|
3217
|
-
const
|
|
3218
|
-
|
|
3219
|
-
|
|
3220
|
-
policies
|
|
3284
|
+
const permissionPlugin = await buildSessionPermissionValidator({
|
|
3285
|
+
publicClient: ownerKernelClient.client,
|
|
3286
|
+
sessionKeySigner,
|
|
3287
|
+
policies,
|
|
3221
3288
|
entryPoint,
|
|
3222
3289
|
kernelVersion
|
|
3223
3290
|
});
|
|
@@ -3236,6 +3303,30 @@ async function revokeSessionKey(params) {
|
|
|
3236
3303
|
success: receipt.success
|
|
3237
3304
|
};
|
|
3238
3305
|
}
|
|
3306
|
+
var UNINSTALL_VALIDATION_ABI = viem.parseAbi([
|
|
3307
|
+
"function uninstallValidation(bytes21 vId, bytes deinitData, bytes hookDeinitData)"
|
|
3308
|
+
]);
|
|
3309
|
+
async function buildRevokeSessionKeyCall(params) {
|
|
3310
|
+
const entryPoint = params.entryPoint ?? constants.getEntryPoint("0.7");
|
|
3311
|
+
const kernelVersion = params.kernelVersion ?? constants.KERNEL_V3_1;
|
|
3312
|
+
const plugin = await buildSessionPermissionValidator({
|
|
3313
|
+
publicClient: params.publicClient,
|
|
3314
|
+
sessionKeySigner: params.sessionKeySigner,
|
|
3315
|
+
policies: params.policies,
|
|
3316
|
+
entryPoint,
|
|
3317
|
+
kernelVersion
|
|
3318
|
+
});
|
|
3319
|
+
const vId = viem.concatHex([
|
|
3320
|
+
constants.VALIDATOR_TYPE.PERMISSION,
|
|
3321
|
+
viem.pad(plugin.getIdentifier(), { size: 20, dir: "right" })
|
|
3322
|
+
]);
|
|
3323
|
+
const deinitData = await plugin.getEnableData(viem.getAddress(params.smartAccountAddress));
|
|
3324
|
+
return viem.encodeFunctionData({
|
|
3325
|
+
abi: UNINSTALL_VALIDATION_ABI,
|
|
3326
|
+
functionName: "uninstallValidation",
|
|
3327
|
+
args: [vId, deinitData, "0x"]
|
|
3328
|
+
});
|
|
3329
|
+
}
|
|
3239
3330
|
|
|
3240
3331
|
// src/session/rotate.ts
|
|
3241
3332
|
async function rotateSessionKey(params) {
|
|
@@ -3281,6 +3372,7 @@ exports.avalanche = avalanche;
|
|
|
3281
3372
|
exports.avalancheFuji = avalancheFuji;
|
|
3282
3373
|
exports.buildPaymentRequiredResponse = buildPaymentRequiredResponse;
|
|
3283
3374
|
exports.buildPaymentRequirements = buildPaymentRequirements;
|
|
3375
|
+
exports.buildRevokeSessionKeyCall = buildRevokeSessionKeyCall;
|
|
3284
3376
|
exports.cancelAuthorizationTypes = cancelAuthorizationTypes;
|
|
3285
3377
|
exports.canonicalRequestBytes = canonicalRequestBytes;
|
|
3286
3378
|
exports.chainIdToX402Network = chainIdToX402Network;
|
|
@@ -3295,6 +3387,7 @@ exports.createLocalPolicyGatedSigner = createLocalPolicyGatedSigner;
|
|
|
3295
3387
|
exports.createMpc2pPolicyGatedSigner = createMpc2pPolicyGatedSigner;
|
|
3296
3388
|
exports.createSelfFacilitator = createSelfFacilitator;
|
|
3297
3389
|
exports.createSpendingPolicy = createSpendingPolicy;
|
|
3390
|
+
exports.createSponsoredKernelClient = createSponsoredKernelClient;
|
|
3298
3391
|
exports.createX402Handler = createX402Handler;
|
|
3299
3392
|
exports.createX402PaymentSigner = createX402PaymentSigner;
|
|
3300
3393
|
exports.decodePaymentRequiredHeader = decodePaymentRequiredHeader;
|