kawasekit 0.8.0 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-N3CVLISJ.js → chunk-KYVAOUQV.js} +82 -22
- package/dist/chunk-KYVAOUQV.js.map +1 -0
- package/dist/{chunk-DMP7YFGA.js → chunk-OUCIKHS2.js} +4 -14
- package/dist/chunk-OUCIKHS2.js.map +1 -0
- package/dist/cli/index.cjs +41 -26
- package/dist/cli/index.cjs.map +1 -1
- package/dist/cli/index.js +3 -3
- package/dist/cli/index.js.map +1 -1
- package/dist/{index-DFChv_fT.d.cts → index-FxiMeqpl.d.cts} +132 -15
- package/dist/{index-CSpNGigO.d.ts → index-RsuBt-Xw.d.ts} +132 -15
- package/dist/index.cjs +78 -27
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +25 -102
- package/dist/index.d.ts +25 -102
- package/dist/index.js +2 -2
- package/dist/session/index.cjs +41 -26
- package/dist/session/index.cjs.map +1 -1
- package/dist/session/index.d.cts +2 -2
- package/dist/session/index.d.ts +2 -2
- package/dist/session/index.js +1 -1
- package/package.json +1 -1
- package/dist/chunk-DMP7YFGA.js.map +0 -1
- package/dist/chunk-N3CVLISJ.js.map +0 -1
|
@@ -1,10 +1,83 @@
|
|
|
1
|
-
import { Transport, Chain, Address, Hex,
|
|
1
|
+
import { LocalAccount, PublicClient, Transport, Chain, Address, Hex, Hash } from 'viem';
|
|
2
2
|
import { S as SupportedChainId } from './index-2fEOL83n.cjs';
|
|
3
3
|
import { Policy } from '@zerodev/permissions';
|
|
4
|
+
import { KernelValidator, CreateKernelAccountReturnType, KernelAccountClient } from '@zerodev/sdk';
|
|
4
5
|
import { EntryPointType, GetKernelVersion } from '@zerodev/sdk/types';
|
|
5
|
-
import { KernelAccountClient, CreateKernelAccountReturnType } from '@zerodev/sdk';
|
|
6
6
|
import { SmartAccount } from 'viem/account-abstraction';
|
|
7
7
|
|
|
8
|
+
/**
|
|
9
|
+
* Agent smart account = Kernel v3.1 + ECDSA sudo validator + session-key
|
|
10
|
+
* permission validator.
|
|
11
|
+
*
|
|
12
|
+
* The owner EOA keeps full control (sudo) and can revoke / rotate the session
|
|
13
|
+
* key at any time. The session key is the day-to-day signer the AI agent
|
|
14
|
+
* holds; whatever policies you attach (see {@link createJpycDailyLimitPolicies})
|
|
15
|
+
* are enforced at the ERC-4337 validation phase by ZeroDev's
|
|
16
|
+
* `PermissionValidator`. Violating userOps revert before execution — they
|
|
17
|
+
* never spend any of the smart account's funds, and a sponsored bundler
|
|
18
|
+
* cannot be tricked into paying for them either.
|
|
19
|
+
*
|
|
20
|
+
* @packageDocumentation
|
|
21
|
+
*/
|
|
22
|
+
|
|
23
|
+
/**
|
|
24
|
+
* Owner = ECDSA convenience XOR a pre-built sudo validator (weighted / passkey / MPC).
|
|
25
|
+
*
|
|
26
|
+
* @remarks Pass a pre-built validator via `sudoValidator`, never via `ownerSigner`.
|
|
27
|
+
* Because ZeroDev's `KernelValidator` structurally extends `LocalAccount`, a validator
|
|
28
|
+
* mis-passed in the `ownerSigner` slot type-checks and would be wrapped as an ECDSA
|
|
29
|
+
* signer (confusing downstream failure) rather than used as the sudo directly.
|
|
30
|
+
*/
|
|
31
|
+
type AgentOwner = {
|
|
32
|
+
readonly ownerSigner: LocalAccount;
|
|
33
|
+
readonly sudoValidator?: never;
|
|
34
|
+
} | {
|
|
35
|
+
readonly sudoValidator: KernelValidator;
|
|
36
|
+
readonly ownerSigner?: never;
|
|
37
|
+
};
|
|
38
|
+
/** Parameters for {@link createAgentSmartAccount}. */
|
|
39
|
+
type CreateAgentSmartAccountParams = {
|
|
40
|
+
readonly publicClient: PublicClient<Transport, Chain | undefined>;
|
|
41
|
+
readonly sessionKeySigner: LocalAccount;
|
|
42
|
+
readonly policies: readonly Policy[];
|
|
43
|
+
/** Bind to an existing deployed account (e.g. re-provision after recovery). */
|
|
44
|
+
readonly address?: Address;
|
|
45
|
+
readonly entryPoint?: EntryPointType<"0.7">;
|
|
46
|
+
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
47
|
+
} & AgentOwner;
|
|
48
|
+
/**
|
|
49
|
+
* Builds a Kernel v3.1 smart account with sudo (owner) + regular (session key)
|
|
50
|
+
* validators wired up.
|
|
51
|
+
*
|
|
52
|
+
* @example
|
|
53
|
+
* ```ts
|
|
54
|
+
* import { parseUnits } from "viem";
|
|
55
|
+
* import { privateKeyToAccount } from "viem/accounts";
|
|
56
|
+
* import {
|
|
57
|
+
* createAgentSmartAccount,
|
|
58
|
+
* createJpycDailyLimitPolicies,
|
|
59
|
+
* getJpycAddress,
|
|
60
|
+
* JPYC_DECIMALS,
|
|
61
|
+
* polygonAmoy,
|
|
62
|
+
* } from "kawasekit";
|
|
63
|
+
*
|
|
64
|
+
* const owner = privateKeyToAccount(process.env.OWNER_PRIVATE_KEY as `0x${string}`);
|
|
65
|
+
* const sessionKey = privateKeyToAccount(process.env.SESSION_KEY_PRIVATE_KEY as `0x${string}`);
|
|
66
|
+
*
|
|
67
|
+
* const account = await createAgentSmartAccount({
|
|
68
|
+
* publicClient,
|
|
69
|
+
* ownerSigner: owner,
|
|
70
|
+
* sessionKeySigner: sessionKey,
|
|
71
|
+
* policies: createJpycDailyLimitPolicies({
|
|
72
|
+
* jpycAddress: getJpycAddress(polygonAmoy.id),
|
|
73
|
+
* maxPerTransfer: parseUnits("100", JPYC_DECIMALS),
|
|
74
|
+
* maxTransfersPerDay: 10,
|
|
75
|
+
* }),
|
|
76
|
+
* });
|
|
77
|
+
* ```
|
|
78
|
+
*/
|
|
79
|
+
declare function createAgentSmartAccount(params: CreateAgentSmartAccountParams): Promise<CreateKernelAccountReturnType<"0.7">>;
|
|
80
|
+
|
|
8
81
|
/**
|
|
9
82
|
* High-level helper: transfer JPYC from a Kernel smart account via a sponsored
|
|
10
83
|
* UserOp.
|
|
@@ -231,22 +304,27 @@ declare class SessionEnvelopeParseError extends Error {
|
|
|
231
304
|
*/
|
|
232
305
|
|
|
233
306
|
/** Parameters for {@link issueSessionKey}. */
|
|
234
|
-
|
|
235
|
-
/**
|
|
236
|
-
* viem `PublicClient` on the chain the smart account will live on. Its
|
|
237
|
-
* `chain.id` MUST be a {@link SupportedChainId} and is recorded in the
|
|
238
|
-
* envelope so restore-time mismatches fail fast.
|
|
239
|
-
*/
|
|
307
|
+
type IssueSessionKeyParams = {
|
|
240
308
|
readonly publicClient: PublicClient<Transport, Chain>;
|
|
241
|
-
/** Owner EOA — retains sudo authority. */
|
|
242
|
-
readonly ownerSigner: LocalAccount;
|
|
243
|
-
/** Session-key EOA — the day-to-day signer the agent will hold. */
|
|
244
309
|
readonly sessionKeySigner: LocalAccount;
|
|
245
310
|
/**
|
|
246
|
-
* Policies the session key must satisfy at userOp validation time
|
|
247
|
-
*
|
|
311
|
+
* Policies the session key must satisfy at userOp validation time (e.g.
|
|
312
|
+
* {@link createJpycDailyLimitPolicies}). Supply the SAME policies in the SAME
|
|
313
|
+
* order to issue and to revoke (`buildRevokeSessionKeyCall`) — the validator
|
|
314
|
+
* identifier hashes the ordered policy array.
|
|
248
315
|
*/
|
|
249
316
|
readonly policies: readonly Policy[];
|
|
317
|
+
/** Bind issuance to an existing deployed account (re-provision after recovery). */
|
|
318
|
+
readonly address?: Address;
|
|
319
|
+
/**
|
|
320
|
+
* Weighted-enable seam (RFC-0003 U-B1). Called with the SDK-built permission
|
|
321
|
+
* validator; returns the enable signature for `serializePermissionAccount`'s
|
|
322
|
+
* 3rd arg. Omit for an ECDSA owner (the default single-signer enable). For a
|
|
323
|
+
* weighted sudo this is `approvePlugin(plugin)` + `encodeSignatures([approval], true)`,
|
|
324
|
+
* computed by the caller with their weighted client. A mismatch surfaces on-chain
|
|
325
|
+
* as `EnableNotApproved` at first use.
|
|
326
|
+
*/
|
|
327
|
+
readonly approveEnable?: (permissionValidator: KernelValidator) => Promise<Hex>;
|
|
250
328
|
/** Optional advisory expiry (unix seconds). Recorded in the envelope. */
|
|
251
329
|
readonly expiresAt?: bigint;
|
|
252
330
|
/** Optional advisory policy summary for host UI. */
|
|
@@ -255,7 +333,7 @@ interface IssueSessionKeyParams {
|
|
|
255
333
|
readonly entryPoint?: EntryPointType<"0.7">;
|
|
256
334
|
/** Kernel version override. Defaults to {@link KERNEL_V3_1}. */
|
|
257
335
|
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
258
|
-
}
|
|
336
|
+
} & AgentOwner;
|
|
259
337
|
/**
|
|
260
338
|
* Issues a fresh session key for an agent smart account.
|
|
261
339
|
*
|
|
@@ -507,6 +585,45 @@ interface RevokeSessionKeyResult {
|
|
|
507
585
|
* ```
|
|
508
586
|
*/
|
|
509
587
|
declare function revokeSessionKey(params: RevokeSessionKeyParams): Promise<RevokeSessionKeyResult>;
|
|
588
|
+
/** Parameters for {@link buildRevokeSessionKeyCall}. */
|
|
589
|
+
interface BuildRevokeSessionKeyCallParams {
|
|
590
|
+
/** A viem public client (the public API stays `PublicClient`; the shared builder widens to `Client` internally). */
|
|
591
|
+
readonly publicClient: PublicClient<Transport, Chain>;
|
|
592
|
+
/** The session-key signer the key was ISSUED with. */
|
|
593
|
+
readonly sessionKeySigner: LocalAccount;
|
|
594
|
+
/**
|
|
595
|
+
* The policies the key was issued with — identical policies in identical
|
|
596
|
+
* ORDER, since the validator identifier hashes the ordered policy array.
|
|
597
|
+
* A mismatch reverts at `uninstallValidation`.
|
|
598
|
+
*/
|
|
599
|
+
readonly policies: readonly Policy[];
|
|
600
|
+
/** The deployed agent smart-account address. */
|
|
601
|
+
readonly smartAccountAddress: Address;
|
|
602
|
+
readonly entryPoint?: EntryPointType<"0.7">;
|
|
603
|
+
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
604
|
+
}
|
|
605
|
+
/**
|
|
606
|
+
* Build the `uninstallValidation(vId, deinitData, hookDeinitData)` call that
|
|
607
|
+
* removes a session-key permission validator — a byte-exact reproduction of
|
|
608
|
+
* `@zerodev/sdk`'s `uninstallPlugin` inner call, which the SDK cannot call
|
|
609
|
+
* directly because it hardcodes the single-signer `sendUserOperation` path a
|
|
610
|
+
* weighted/passkey/MPC owner rejects.
|
|
611
|
+
*
|
|
612
|
+
* Submit it yourself: single-signer owners via {@link revokeSessionKey};
|
|
613
|
+
* weighted/passkey/MPC owners via their aggregate flow —
|
|
614
|
+
* `account.encodeCalls([{ to: smartAccountAddress, value: 0n, data }])` →
|
|
615
|
+
* `sendUserOperationWithSignatures`.
|
|
616
|
+
*
|
|
617
|
+
* @example
|
|
618
|
+
* ```ts
|
|
619
|
+
* const data = await buildRevokeSessionKeyCall({
|
|
620
|
+
* publicClient, sessionKeySigner, policies, smartAccountAddress,
|
|
621
|
+
* });
|
|
622
|
+
* const callData = await weightedAccount.encodeCalls([{ to: smartAccountAddress, value: 0n, data }]);
|
|
623
|
+
* // …approveUserOperation per signer → sendUserOperationWithSignatures(callData, signatures)
|
|
624
|
+
* ```
|
|
625
|
+
*/
|
|
626
|
+
declare function buildRevokeSessionKeyCall(params: BuildRevokeSessionKeyCallParams): Promise<Hex>;
|
|
510
627
|
|
|
511
628
|
/**
|
|
512
629
|
* `rotateSessionKey()` — a thin compositional helper that revokes the
|
|
@@ -563,4 +680,4 @@ interface RotateSessionKeyResult {
|
|
|
563
680
|
*/
|
|
564
681
|
declare function rotateSessionKey(params: RotateSessionKeyParams): Promise<RotateSessionKeyResult>;
|
|
565
682
|
|
|
566
|
-
export { type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type
|
|
683
|
+
export { type AgentOwner as A, type BuildRevokeSessionKeyCallParams as B, type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type CreateAgentSmartAccountParams as a, type KawasekitSessionEnvelope as b, type KawasekitSessionEnvelopeVersion as c, type KawasekitSessionPolicySummary as d, type RevokeSessionKeyParams as e, type RevokeSessionKeyResult as f, type RotateSessionKeyParams as g, type RotateSessionKeyResult as h, SessionEnvelopeParseError as i, SessionEnvelopeSignerMismatchError as j, SessionEnvelopeVersionError as k, type TransferJpycParams as l, type TransferJpycResult as m, buildRevokeSessionKeyCall as n, createAgentSmartAccount as o, issueSessionKey as p, parseSessionEnvelope as q, restoreSessionAccount as r, revokeSessionKey as s, rotateSessionKey as t, serializeSessionEnvelope as u, transferJpyc as v };
|
|
@@ -1,10 +1,83 @@
|
|
|
1
|
-
import { Transport, Chain, Address, Hex,
|
|
1
|
+
import { LocalAccount, PublicClient, Transport, Chain, Address, Hex, Hash } from 'viem';
|
|
2
2
|
import { S as SupportedChainId } from './index-2fEOL83n.js';
|
|
3
3
|
import { Policy } from '@zerodev/permissions';
|
|
4
|
+
import { KernelValidator, CreateKernelAccountReturnType, KernelAccountClient } from '@zerodev/sdk';
|
|
4
5
|
import { EntryPointType, GetKernelVersion } from '@zerodev/sdk/types';
|
|
5
|
-
import { KernelAccountClient, CreateKernelAccountReturnType } from '@zerodev/sdk';
|
|
6
6
|
import { SmartAccount } from 'viem/account-abstraction';
|
|
7
7
|
|
|
8
|
+
/**
|
|
9
|
+
* Agent smart account = Kernel v3.1 + ECDSA sudo validator + session-key
|
|
10
|
+
* permission validator.
|
|
11
|
+
*
|
|
12
|
+
* The owner EOA keeps full control (sudo) and can revoke / rotate the session
|
|
13
|
+
* key at any time. The session key is the day-to-day signer the AI agent
|
|
14
|
+
* holds; whatever policies you attach (see {@link createJpycDailyLimitPolicies})
|
|
15
|
+
* are enforced at the ERC-4337 validation phase by ZeroDev's
|
|
16
|
+
* `PermissionValidator`. Violating userOps revert before execution — they
|
|
17
|
+
* never spend any of the smart account's funds, and a sponsored bundler
|
|
18
|
+
* cannot be tricked into paying for them either.
|
|
19
|
+
*
|
|
20
|
+
* @packageDocumentation
|
|
21
|
+
*/
|
|
22
|
+
|
|
23
|
+
/**
|
|
24
|
+
* Owner = ECDSA convenience XOR a pre-built sudo validator (weighted / passkey / MPC).
|
|
25
|
+
*
|
|
26
|
+
* @remarks Pass a pre-built validator via `sudoValidator`, never via `ownerSigner`.
|
|
27
|
+
* Because ZeroDev's `KernelValidator` structurally extends `LocalAccount`, a validator
|
|
28
|
+
* mis-passed in the `ownerSigner` slot type-checks and would be wrapped as an ECDSA
|
|
29
|
+
* signer (confusing downstream failure) rather than used as the sudo directly.
|
|
30
|
+
*/
|
|
31
|
+
type AgentOwner = {
|
|
32
|
+
readonly ownerSigner: LocalAccount;
|
|
33
|
+
readonly sudoValidator?: never;
|
|
34
|
+
} | {
|
|
35
|
+
readonly sudoValidator: KernelValidator;
|
|
36
|
+
readonly ownerSigner?: never;
|
|
37
|
+
};
|
|
38
|
+
/** Parameters for {@link createAgentSmartAccount}. */
|
|
39
|
+
type CreateAgentSmartAccountParams = {
|
|
40
|
+
readonly publicClient: PublicClient<Transport, Chain | undefined>;
|
|
41
|
+
readonly sessionKeySigner: LocalAccount;
|
|
42
|
+
readonly policies: readonly Policy[];
|
|
43
|
+
/** Bind to an existing deployed account (e.g. re-provision after recovery). */
|
|
44
|
+
readonly address?: Address;
|
|
45
|
+
readonly entryPoint?: EntryPointType<"0.7">;
|
|
46
|
+
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
47
|
+
} & AgentOwner;
|
|
48
|
+
/**
|
|
49
|
+
* Builds a Kernel v3.1 smart account with sudo (owner) + regular (session key)
|
|
50
|
+
* validators wired up.
|
|
51
|
+
*
|
|
52
|
+
* @example
|
|
53
|
+
* ```ts
|
|
54
|
+
* import { parseUnits } from "viem";
|
|
55
|
+
* import { privateKeyToAccount } from "viem/accounts";
|
|
56
|
+
* import {
|
|
57
|
+
* createAgentSmartAccount,
|
|
58
|
+
* createJpycDailyLimitPolicies,
|
|
59
|
+
* getJpycAddress,
|
|
60
|
+
* JPYC_DECIMALS,
|
|
61
|
+
* polygonAmoy,
|
|
62
|
+
* } from "kawasekit";
|
|
63
|
+
*
|
|
64
|
+
* const owner = privateKeyToAccount(process.env.OWNER_PRIVATE_KEY as `0x${string}`);
|
|
65
|
+
* const sessionKey = privateKeyToAccount(process.env.SESSION_KEY_PRIVATE_KEY as `0x${string}`);
|
|
66
|
+
*
|
|
67
|
+
* const account = await createAgentSmartAccount({
|
|
68
|
+
* publicClient,
|
|
69
|
+
* ownerSigner: owner,
|
|
70
|
+
* sessionKeySigner: sessionKey,
|
|
71
|
+
* policies: createJpycDailyLimitPolicies({
|
|
72
|
+
* jpycAddress: getJpycAddress(polygonAmoy.id),
|
|
73
|
+
* maxPerTransfer: parseUnits("100", JPYC_DECIMALS),
|
|
74
|
+
* maxTransfersPerDay: 10,
|
|
75
|
+
* }),
|
|
76
|
+
* });
|
|
77
|
+
* ```
|
|
78
|
+
*/
|
|
79
|
+
declare function createAgentSmartAccount(params: CreateAgentSmartAccountParams): Promise<CreateKernelAccountReturnType<"0.7">>;
|
|
80
|
+
|
|
8
81
|
/**
|
|
9
82
|
* High-level helper: transfer JPYC from a Kernel smart account via a sponsored
|
|
10
83
|
* UserOp.
|
|
@@ -231,22 +304,27 @@ declare class SessionEnvelopeParseError extends Error {
|
|
|
231
304
|
*/
|
|
232
305
|
|
|
233
306
|
/** Parameters for {@link issueSessionKey}. */
|
|
234
|
-
|
|
235
|
-
/**
|
|
236
|
-
* viem `PublicClient` on the chain the smart account will live on. Its
|
|
237
|
-
* `chain.id` MUST be a {@link SupportedChainId} and is recorded in the
|
|
238
|
-
* envelope so restore-time mismatches fail fast.
|
|
239
|
-
*/
|
|
307
|
+
type IssueSessionKeyParams = {
|
|
240
308
|
readonly publicClient: PublicClient<Transport, Chain>;
|
|
241
|
-
/** Owner EOA — retains sudo authority. */
|
|
242
|
-
readonly ownerSigner: LocalAccount;
|
|
243
|
-
/** Session-key EOA — the day-to-day signer the agent will hold. */
|
|
244
309
|
readonly sessionKeySigner: LocalAccount;
|
|
245
310
|
/**
|
|
246
|
-
* Policies the session key must satisfy at userOp validation time
|
|
247
|
-
*
|
|
311
|
+
* Policies the session key must satisfy at userOp validation time (e.g.
|
|
312
|
+
* {@link createJpycDailyLimitPolicies}). Supply the SAME policies in the SAME
|
|
313
|
+
* order to issue and to revoke (`buildRevokeSessionKeyCall`) — the validator
|
|
314
|
+
* identifier hashes the ordered policy array.
|
|
248
315
|
*/
|
|
249
316
|
readonly policies: readonly Policy[];
|
|
317
|
+
/** Bind issuance to an existing deployed account (re-provision after recovery). */
|
|
318
|
+
readonly address?: Address;
|
|
319
|
+
/**
|
|
320
|
+
* Weighted-enable seam (RFC-0003 U-B1). Called with the SDK-built permission
|
|
321
|
+
* validator; returns the enable signature for `serializePermissionAccount`'s
|
|
322
|
+
* 3rd arg. Omit for an ECDSA owner (the default single-signer enable). For a
|
|
323
|
+
* weighted sudo this is `approvePlugin(plugin)` + `encodeSignatures([approval], true)`,
|
|
324
|
+
* computed by the caller with their weighted client. A mismatch surfaces on-chain
|
|
325
|
+
* as `EnableNotApproved` at first use.
|
|
326
|
+
*/
|
|
327
|
+
readonly approveEnable?: (permissionValidator: KernelValidator) => Promise<Hex>;
|
|
250
328
|
/** Optional advisory expiry (unix seconds). Recorded in the envelope. */
|
|
251
329
|
readonly expiresAt?: bigint;
|
|
252
330
|
/** Optional advisory policy summary for host UI. */
|
|
@@ -255,7 +333,7 @@ interface IssueSessionKeyParams {
|
|
|
255
333
|
readonly entryPoint?: EntryPointType<"0.7">;
|
|
256
334
|
/** Kernel version override. Defaults to {@link KERNEL_V3_1}. */
|
|
257
335
|
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
258
|
-
}
|
|
336
|
+
} & AgentOwner;
|
|
259
337
|
/**
|
|
260
338
|
* Issues a fresh session key for an agent smart account.
|
|
261
339
|
*
|
|
@@ -507,6 +585,45 @@ interface RevokeSessionKeyResult {
|
|
|
507
585
|
* ```
|
|
508
586
|
*/
|
|
509
587
|
declare function revokeSessionKey(params: RevokeSessionKeyParams): Promise<RevokeSessionKeyResult>;
|
|
588
|
+
/** Parameters for {@link buildRevokeSessionKeyCall}. */
|
|
589
|
+
interface BuildRevokeSessionKeyCallParams {
|
|
590
|
+
/** A viem public client (the public API stays `PublicClient`; the shared builder widens to `Client` internally). */
|
|
591
|
+
readonly publicClient: PublicClient<Transport, Chain>;
|
|
592
|
+
/** The session-key signer the key was ISSUED with. */
|
|
593
|
+
readonly sessionKeySigner: LocalAccount;
|
|
594
|
+
/**
|
|
595
|
+
* The policies the key was issued with — identical policies in identical
|
|
596
|
+
* ORDER, since the validator identifier hashes the ordered policy array.
|
|
597
|
+
* A mismatch reverts at `uninstallValidation`.
|
|
598
|
+
*/
|
|
599
|
+
readonly policies: readonly Policy[];
|
|
600
|
+
/** The deployed agent smart-account address. */
|
|
601
|
+
readonly smartAccountAddress: Address;
|
|
602
|
+
readonly entryPoint?: EntryPointType<"0.7">;
|
|
603
|
+
readonly kernelVersion?: GetKernelVersion<"0.7">;
|
|
604
|
+
}
|
|
605
|
+
/**
|
|
606
|
+
* Build the `uninstallValidation(vId, deinitData, hookDeinitData)` call that
|
|
607
|
+
* removes a session-key permission validator — a byte-exact reproduction of
|
|
608
|
+
* `@zerodev/sdk`'s `uninstallPlugin` inner call, which the SDK cannot call
|
|
609
|
+
* directly because it hardcodes the single-signer `sendUserOperation` path a
|
|
610
|
+
* weighted/passkey/MPC owner rejects.
|
|
611
|
+
*
|
|
612
|
+
* Submit it yourself: single-signer owners via {@link revokeSessionKey};
|
|
613
|
+
* weighted/passkey/MPC owners via their aggregate flow —
|
|
614
|
+
* `account.encodeCalls([{ to: smartAccountAddress, value: 0n, data }])` →
|
|
615
|
+
* `sendUserOperationWithSignatures`.
|
|
616
|
+
*
|
|
617
|
+
* @example
|
|
618
|
+
* ```ts
|
|
619
|
+
* const data = await buildRevokeSessionKeyCall({
|
|
620
|
+
* publicClient, sessionKeySigner, policies, smartAccountAddress,
|
|
621
|
+
* });
|
|
622
|
+
* const callData = await weightedAccount.encodeCalls([{ to: smartAccountAddress, value: 0n, data }]);
|
|
623
|
+
* // …approveUserOperation per signer → sendUserOperationWithSignatures(callData, signatures)
|
|
624
|
+
* ```
|
|
625
|
+
*/
|
|
626
|
+
declare function buildRevokeSessionKeyCall(params: BuildRevokeSessionKeyCallParams): Promise<Hex>;
|
|
510
627
|
|
|
511
628
|
/**
|
|
512
629
|
* `rotateSessionKey()` — a thin compositional helper that revokes the
|
|
@@ -563,4 +680,4 @@ interface RotateSessionKeyResult {
|
|
|
563
680
|
*/
|
|
564
681
|
declare function rotateSessionKey(params: RotateSessionKeyParams): Promise<RotateSessionKeyResult>;
|
|
565
682
|
|
|
566
|
-
export { type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type
|
|
683
|
+
export { type AgentOwner as A, type BuildRevokeSessionKeyCallParams as B, type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type CreateAgentSmartAccountParams as a, type KawasekitSessionEnvelope as b, type KawasekitSessionEnvelopeVersion as c, type KawasekitSessionPolicySummary as d, type RevokeSessionKeyParams as e, type RevokeSessionKeyResult as f, type RotateSessionKeyParams as g, type RotateSessionKeyResult as h, SessionEnvelopeParseError as i, SessionEnvelopeSignerMismatchError as j, SessionEnvelopeVersionError as k, type TransferJpycParams as l, type TransferJpycResult as m, buildRevokeSessionKeyCall as n, createAgentSmartAccount as o, issueSessionKey as p, parseSessionEnvelope as q, restoreSessionAccount as r, revokeSessionKey as s, rotateSessionKey as t, serializeSessionEnvelope as u, transferJpyc as v };
|
package/dist/index.cjs
CHANGED
|
@@ -10,26 +10,49 @@ var viem = require('viem');
|
|
|
10
10
|
var policies = require('@zerodev/permissions/policies');
|
|
11
11
|
|
|
12
12
|
// src/account/session-key.ts
|
|
13
|
+
async function resolveSudoValidator(params) {
|
|
14
|
+
if (params.ownerSigner !== void 0 && params.sudoValidator !== void 0) {
|
|
15
|
+
throw new Error("kawasekit: pass exactly one of `ownerSigner` or `sudoValidator`, not both.");
|
|
16
|
+
}
|
|
17
|
+
if (params.sudoValidator !== void 0) return params.sudoValidator;
|
|
18
|
+
if (params.ownerSigner === void 0) {
|
|
19
|
+
throw new Error("kawasekit: pass one of `ownerSigner` (ECDSA) or `sudoValidator` (pre-built).");
|
|
20
|
+
}
|
|
21
|
+
return ecdsaValidator.signerToEcdsaValidator(params.publicClient, {
|
|
22
|
+
signer: params.ownerSigner,
|
|
23
|
+
entryPoint: params.entryPoint,
|
|
24
|
+
kernelVersion: params.kernelVersion
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
async function buildSessionPermissionValidator(params) {
|
|
28
|
+
const signer = await signers.toECDSASigner({ signer: params.sessionKeySigner });
|
|
29
|
+
return permissions.toPermissionValidator(params.publicClient, {
|
|
30
|
+
signer,
|
|
31
|
+
policies: [...params.policies],
|
|
32
|
+
entryPoint: params.entryPoint,
|
|
33
|
+
kernelVersion: params.kernelVersion
|
|
34
|
+
});
|
|
35
|
+
}
|
|
13
36
|
async function createAgentSmartAccount(params) {
|
|
14
37
|
const entryPoint = params.entryPoint ?? constants.getEntryPoint("0.7");
|
|
15
38
|
const kernelVersion = params.kernelVersion ?? constants.KERNEL_V3_1;
|
|
16
|
-
const sudoValidator = await
|
|
17
|
-
|
|
39
|
+
const sudoValidator = await resolveSudoValidator({
|
|
40
|
+
publicClient: params.publicClient,
|
|
41
|
+
ownerSigner: params.ownerSigner,
|
|
42
|
+
sudoValidator: params.sudoValidator,
|
|
18
43
|
entryPoint,
|
|
19
44
|
kernelVersion
|
|
20
45
|
});
|
|
21
|
-
const
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
policies:
|
|
46
|
+
const permissionValidator = await buildSessionPermissionValidator({
|
|
47
|
+
publicClient: params.publicClient,
|
|
48
|
+
sessionKeySigner: params.sessionKeySigner,
|
|
49
|
+
policies: params.policies,
|
|
25
50
|
entryPoint,
|
|
26
51
|
kernelVersion
|
|
27
52
|
});
|
|
28
53
|
return sdk.createKernelAccount(params.publicClient, {
|
|
29
|
-
plugins: {
|
|
30
|
-
|
|
31
|
-
regular: permissionValidator
|
|
32
|
-
},
|
|
54
|
+
plugins: { sudo: sudoValidator, regular: permissionValidator },
|
|
55
|
+
...params.address !== void 0 ? { address: params.address } : {},
|
|
33
56
|
entryPoint,
|
|
34
57
|
kernelVersion
|
|
35
58
|
});
|
|
@@ -470,11 +493,6 @@ function createBuyListPolicies(params) {
|
|
|
470
493
|
"createBuyListPolicies: merchants must not be empty \u2014 a buy-list must target at least one merchant."
|
|
471
494
|
);
|
|
472
495
|
}
|
|
473
|
-
if (!Number.isInteger(params.maxTransfers) || params.maxTransfers < 1) {
|
|
474
|
-
throw new Error(
|
|
475
|
-
`createBuyListPolicies: maxTransfers must be a positive integer, got ${params.maxTransfers}.`
|
|
476
|
-
);
|
|
477
|
-
}
|
|
478
496
|
if (!Number.isInteger(params.validUntil) || params.validUntil <= 0) {
|
|
479
497
|
throw new Error(
|
|
480
498
|
`createBuyListPolicies: validUntil must be a positive unix-seconds integer, got ${params.validUntil}.`
|
|
@@ -497,15 +515,10 @@ function createBuyListPolicies(params) {
|
|
|
497
515
|
recipientAllowlist: params.merchants,
|
|
498
516
|
callPolicyVersion: params.callPolicyVersion
|
|
499
517
|
});
|
|
500
|
-
const rateLimitPolicy = policies.toRateLimitPolicy({
|
|
501
|
-
interval: params.validUntil - validAfter,
|
|
502
|
-
count: params.maxTransfers,
|
|
503
|
-
startAt: validAfter
|
|
504
|
-
});
|
|
505
518
|
const timestampPolicy = policies.toTimestampPolicy(
|
|
506
519
|
params.validAfter === void 0 ? { validUntil: params.validUntil } : { validAfter: params.validAfter, validUntil: params.validUntil }
|
|
507
520
|
);
|
|
508
|
-
return [callPolicy,
|
|
521
|
+
return [callPolicy, timestampPolicy];
|
|
509
522
|
}
|
|
510
523
|
var ONE_DAY_SECONDS = 86400;
|
|
511
524
|
function createJpycDailyLimitPolicies(params) {
|
|
@@ -3161,15 +3174,28 @@ async function issueSessionKey(params) {
|
|
|
3161
3174
|
const supportedChainId = chainId;
|
|
3162
3175
|
const entryPoint = params.entryPoint ?? constants.getEntryPoint("0.7");
|
|
3163
3176
|
const kernelVersion = params.kernelVersion ?? constants.KERNEL_V3_1;
|
|
3164
|
-
const
|
|
3177
|
+
const sudoValidator = await resolveSudoValidator({
|
|
3165
3178
|
publicClient: params.publicClient,
|
|
3166
3179
|
ownerSigner: params.ownerSigner,
|
|
3180
|
+
sudoValidator: params.sudoValidator,
|
|
3181
|
+
entryPoint,
|
|
3182
|
+
kernelVersion
|
|
3183
|
+
});
|
|
3184
|
+
const permissionValidator = await buildSessionPermissionValidator({
|
|
3185
|
+
publicClient: params.publicClient,
|
|
3167
3186
|
sessionKeySigner: params.sessionKeySigner,
|
|
3168
3187
|
policies: params.policies,
|
|
3169
3188
|
entryPoint,
|
|
3170
3189
|
kernelVersion
|
|
3171
3190
|
});
|
|
3172
|
-
const
|
|
3191
|
+
const account = await sdk.createKernelAccount(params.publicClient, {
|
|
3192
|
+
plugins: { sudo: sudoValidator, regular: permissionValidator },
|
|
3193
|
+
...params.address !== void 0 ? { address: params.address } : {},
|
|
3194
|
+
entryPoint,
|
|
3195
|
+
kernelVersion
|
|
3196
|
+
});
|
|
3197
|
+
const enableSignature = params.approveEnable ? await params.approveEnable(permissionValidator) : void 0;
|
|
3198
|
+
const serialized = enableSignature ? await permissions.serializePermissionAccount(account, void 0, enableSignature) : await permissions.serializePermissionAccount(account);
|
|
3173
3199
|
const base = {
|
|
3174
3200
|
kawasekitVersion: KAWASEKIT_SESSION_ENVELOPE_VERSION,
|
|
3175
3201
|
chainId: supportedChainId,
|
|
@@ -3245,10 +3271,10 @@ async function revokeSessionKey(params) {
|
|
|
3245
3271
|
"revokeSessionKey: ownerKernelClient.client is undefined \u2014 pass `client: publicClient` when constructing the Kernel client so the validator can be reconstructed."
|
|
3246
3272
|
);
|
|
3247
3273
|
}
|
|
3248
|
-
const
|
|
3249
|
-
|
|
3250
|
-
|
|
3251
|
-
policies
|
|
3274
|
+
const permissionPlugin = await buildSessionPermissionValidator({
|
|
3275
|
+
publicClient: ownerKernelClient.client,
|
|
3276
|
+
sessionKeySigner,
|
|
3277
|
+
policies,
|
|
3252
3278
|
entryPoint,
|
|
3253
3279
|
kernelVersion
|
|
3254
3280
|
});
|
|
@@ -3267,6 +3293,30 @@ async function revokeSessionKey(params) {
|
|
|
3267
3293
|
success: receipt.success
|
|
3268
3294
|
};
|
|
3269
3295
|
}
|
|
3296
|
+
var UNINSTALL_VALIDATION_ABI = viem.parseAbi([
|
|
3297
|
+
"function uninstallValidation(bytes21 vId, bytes deinitData, bytes hookDeinitData)"
|
|
3298
|
+
]);
|
|
3299
|
+
async function buildRevokeSessionKeyCall(params) {
|
|
3300
|
+
const entryPoint = params.entryPoint ?? constants.getEntryPoint("0.7");
|
|
3301
|
+
const kernelVersion = params.kernelVersion ?? constants.KERNEL_V3_1;
|
|
3302
|
+
const plugin = await buildSessionPermissionValidator({
|
|
3303
|
+
publicClient: params.publicClient,
|
|
3304
|
+
sessionKeySigner: params.sessionKeySigner,
|
|
3305
|
+
policies: params.policies,
|
|
3306
|
+
entryPoint,
|
|
3307
|
+
kernelVersion
|
|
3308
|
+
});
|
|
3309
|
+
const vId = viem.concatHex([
|
|
3310
|
+
constants.VALIDATOR_TYPE.PERMISSION,
|
|
3311
|
+
viem.pad(plugin.getIdentifier(), { size: 20, dir: "right" })
|
|
3312
|
+
]);
|
|
3313
|
+
const deinitData = await plugin.getEnableData(viem.getAddress(params.smartAccountAddress));
|
|
3314
|
+
return viem.encodeFunctionData({
|
|
3315
|
+
abi: UNINSTALL_VALIDATION_ABI,
|
|
3316
|
+
functionName: "uninstallValidation",
|
|
3317
|
+
args: [vId, deinitData, "0x"]
|
|
3318
|
+
});
|
|
3319
|
+
}
|
|
3270
3320
|
|
|
3271
3321
|
// src/session/rotate.ts
|
|
3272
3322
|
async function rotateSessionKey(params) {
|
|
@@ -3312,6 +3362,7 @@ exports.avalanche = avalanche;
|
|
|
3312
3362
|
exports.avalancheFuji = avalancheFuji;
|
|
3313
3363
|
exports.buildPaymentRequiredResponse = buildPaymentRequiredResponse;
|
|
3314
3364
|
exports.buildPaymentRequirements = buildPaymentRequirements;
|
|
3365
|
+
exports.buildRevokeSessionKeyCall = buildRevokeSessionKeyCall;
|
|
3315
3366
|
exports.cancelAuthorizationTypes = cancelAuthorizationTypes;
|
|
3316
3367
|
exports.canonicalRequestBytes = canonicalRequestBytes;
|
|
3317
3368
|
exports.chainIdToX402Network = chainIdToX402Network;
|