kawasekit 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli/index.js CHANGED
@@ -5,7 +5,7 @@ import '../chunk-PVUKX6IF.js';
5
5
  import '../chunk-LEHWRDVS.js';
6
6
  import '../chunk-TTX3RBIZ.js';
7
7
  import '../chunk-QHUCU5YX.js';
8
- import { issueSessionKey, serializeSessionEnvelope, restoreSessionAccount, revokeSessionKey, rotateSessionKey, parseSessionEnvelope } from '../chunk-N3CVLISJ.js';
8
+ import { issueSessionKey, serializeSessionEnvelope, restoreSessionAccount, revokeSessionKey, rotateSessionKey, parseSessionEnvelope } from '../chunk-KYVAOUQV.js';
9
9
  import '../chunk-NY6VLXQB.js';
10
10
  import '../chunk-VJUXTVSW.js';
11
11
  import '../chunk-WMVJNPX2.js';
@@ -980,7 +980,7 @@ function registerTransferCommand(program2) {
980
980
  }
981
981
 
982
982
  // cli/index.ts
983
- var CLI_VERSION = "0.8.0" ;
983
+ var CLI_VERSION = "0.9.0" ;
984
984
  var program = new Command();
985
985
  program.name("kawasekit").description(
986
986
  "kawasekit \u2014 CLI for the kawasekit SDK (AI-agent stablecoin payments, Japan-first, JPYC-native)."
@@ -1,10 +1,83 @@
1
- import { Transport, Chain, Address, Hex, PublicClient, LocalAccount, Hash } from 'viem';
1
+ import { LocalAccount, PublicClient, Transport, Chain, Address, Hex, Hash } from 'viem';
2
2
  import { S as SupportedChainId } from './index-2fEOL83n.cjs';
3
3
  import { Policy } from '@zerodev/permissions';
4
+ import { KernelValidator, CreateKernelAccountReturnType, KernelAccountClient } from '@zerodev/sdk';
4
5
  import { EntryPointType, GetKernelVersion } from '@zerodev/sdk/types';
5
- import { KernelAccountClient, CreateKernelAccountReturnType } from '@zerodev/sdk';
6
6
  import { SmartAccount } from 'viem/account-abstraction';
7
7
 
8
+ /**
9
+ * Agent smart account = Kernel v3.1 + ECDSA sudo validator + session-key
10
+ * permission validator.
11
+ *
12
+ * The owner EOA keeps full control (sudo) and can revoke / rotate the session
13
+ * key at any time. The session key is the day-to-day signer the AI agent
14
+ * holds; whatever policies you attach (see {@link createJpycDailyLimitPolicies})
15
+ * are enforced at the ERC-4337 validation phase by ZeroDev's
16
+ * `PermissionValidator`. Violating userOps revert before execution — they
17
+ * never spend any of the smart account's funds, and a sponsored bundler
18
+ * cannot be tricked into paying for them either.
19
+ *
20
+ * @packageDocumentation
21
+ */
22
+
23
+ /**
24
+ * Owner = ECDSA convenience XOR a pre-built sudo validator (weighted / passkey / MPC).
25
+ *
26
+ * @remarks Pass a pre-built validator via `sudoValidator`, never via `ownerSigner`.
27
+ * Because ZeroDev's `KernelValidator` structurally extends `LocalAccount`, a validator
28
+ * mis-passed in the `ownerSigner` slot type-checks and would be wrapped as an ECDSA
29
+ * signer (confusing downstream failure) rather than used as the sudo directly.
30
+ */
31
+ type AgentOwner = {
32
+ readonly ownerSigner: LocalAccount;
33
+ readonly sudoValidator?: never;
34
+ } | {
35
+ readonly sudoValidator: KernelValidator;
36
+ readonly ownerSigner?: never;
37
+ };
38
+ /** Parameters for {@link createAgentSmartAccount}. */
39
+ type CreateAgentSmartAccountParams = {
40
+ readonly publicClient: PublicClient<Transport, Chain | undefined>;
41
+ readonly sessionKeySigner: LocalAccount;
42
+ readonly policies: readonly Policy[];
43
+ /** Bind to an existing deployed account (e.g. re-provision after recovery). */
44
+ readonly address?: Address;
45
+ readonly entryPoint?: EntryPointType<"0.7">;
46
+ readonly kernelVersion?: GetKernelVersion<"0.7">;
47
+ } & AgentOwner;
48
+ /**
49
+ * Builds a Kernel v3.1 smart account with sudo (owner) + regular (session key)
50
+ * validators wired up.
51
+ *
52
+ * @example
53
+ * ```ts
54
+ * import { parseUnits } from "viem";
55
+ * import { privateKeyToAccount } from "viem/accounts";
56
+ * import {
57
+ * createAgentSmartAccount,
58
+ * createJpycDailyLimitPolicies,
59
+ * getJpycAddress,
60
+ * JPYC_DECIMALS,
61
+ * polygonAmoy,
62
+ * } from "kawasekit";
63
+ *
64
+ * const owner = privateKeyToAccount(process.env.OWNER_PRIVATE_KEY as `0x${string}`);
65
+ * const sessionKey = privateKeyToAccount(process.env.SESSION_KEY_PRIVATE_KEY as `0x${string}`);
66
+ *
67
+ * const account = await createAgentSmartAccount({
68
+ * publicClient,
69
+ * ownerSigner: owner,
70
+ * sessionKeySigner: sessionKey,
71
+ * policies: createJpycDailyLimitPolicies({
72
+ * jpycAddress: getJpycAddress(polygonAmoy.id),
73
+ * maxPerTransfer: parseUnits("100", JPYC_DECIMALS),
74
+ * maxTransfersPerDay: 10,
75
+ * }),
76
+ * });
77
+ * ```
78
+ */
79
+ declare function createAgentSmartAccount(params: CreateAgentSmartAccountParams): Promise<CreateKernelAccountReturnType<"0.7">>;
80
+
8
81
  /**
9
82
  * High-level helper: transfer JPYC from a Kernel smart account via a sponsored
10
83
  * UserOp.
@@ -231,22 +304,27 @@ declare class SessionEnvelopeParseError extends Error {
231
304
  */
232
305
 
233
306
  /** Parameters for {@link issueSessionKey}. */
234
- interface IssueSessionKeyParams {
235
- /**
236
- * viem `PublicClient` on the chain the smart account will live on. Its
237
- * `chain.id` MUST be a {@link SupportedChainId} and is recorded in the
238
- * envelope so restore-time mismatches fail fast.
239
- */
307
+ type IssueSessionKeyParams = {
240
308
  readonly publicClient: PublicClient<Transport, Chain>;
241
- /** Owner EOA — retains sudo authority. */
242
- readonly ownerSigner: LocalAccount;
243
- /** Session-key EOA — the day-to-day signer the agent will hold. */
244
309
  readonly sessionKeySigner: LocalAccount;
245
310
  /**
246
- * Policies the session key must satisfy at userOp validation time
247
- * (e.g. {@link createJpycDailyLimitPolicies}).
311
+ * Policies the session key must satisfy at userOp validation time (e.g.
312
+ * {@link createJpycDailyLimitPolicies}). Supply the SAME policies in the SAME
313
+ * order to issue and to revoke (`buildRevokeSessionKeyCall`) — the validator
314
+ * identifier hashes the ordered policy array.
248
315
  */
249
316
  readonly policies: readonly Policy[];
317
+ /** Bind issuance to an existing deployed account (re-provision after recovery). */
318
+ readonly address?: Address;
319
+ /**
320
+ * Weighted-enable seam (RFC-0003 U-B1). Called with the SDK-built permission
321
+ * validator; returns the enable signature for `serializePermissionAccount`'s
322
+ * 3rd arg. Omit for an ECDSA owner (the default single-signer enable). For a
323
+ * weighted sudo this is `approvePlugin(plugin)` + `encodeSignatures([approval], true)`,
324
+ * computed by the caller with their weighted client. A mismatch surfaces on-chain
325
+ * as `EnableNotApproved` at first use.
326
+ */
327
+ readonly approveEnable?: (permissionValidator: KernelValidator) => Promise<Hex>;
250
328
  /** Optional advisory expiry (unix seconds). Recorded in the envelope. */
251
329
  readonly expiresAt?: bigint;
252
330
  /** Optional advisory policy summary for host UI. */
@@ -255,7 +333,7 @@ interface IssueSessionKeyParams {
255
333
  readonly entryPoint?: EntryPointType<"0.7">;
256
334
  /** Kernel version override. Defaults to {@link KERNEL_V3_1}. */
257
335
  readonly kernelVersion?: GetKernelVersion<"0.7">;
258
- }
336
+ } & AgentOwner;
259
337
  /**
260
338
  * Issues a fresh session key for an agent smart account.
261
339
  *
@@ -507,6 +585,45 @@ interface RevokeSessionKeyResult {
507
585
  * ```
508
586
  */
509
587
  declare function revokeSessionKey(params: RevokeSessionKeyParams): Promise<RevokeSessionKeyResult>;
588
+ /** Parameters for {@link buildRevokeSessionKeyCall}. */
589
+ interface BuildRevokeSessionKeyCallParams {
590
+ /** A viem public client (the public API stays `PublicClient`; the shared builder widens to `Client` internally). */
591
+ readonly publicClient: PublicClient<Transport, Chain>;
592
+ /** The session-key signer the key was ISSUED with. */
593
+ readonly sessionKeySigner: LocalAccount;
594
+ /**
595
+ * The policies the key was issued with — identical policies in identical
596
+ * ORDER, since the validator identifier hashes the ordered policy array.
597
+ * A mismatch reverts at `uninstallValidation`.
598
+ */
599
+ readonly policies: readonly Policy[];
600
+ /** The deployed agent smart-account address. */
601
+ readonly smartAccountAddress: Address;
602
+ readonly entryPoint?: EntryPointType<"0.7">;
603
+ readonly kernelVersion?: GetKernelVersion<"0.7">;
604
+ }
605
+ /**
606
+ * Build the `uninstallValidation(vId, deinitData, hookDeinitData)` call that
607
+ * removes a session-key permission validator — a byte-exact reproduction of
608
+ * `@zerodev/sdk`'s `uninstallPlugin` inner call, which the SDK cannot call
609
+ * directly because it hardcodes the single-signer `sendUserOperation` path a
610
+ * weighted/passkey/MPC owner rejects.
611
+ *
612
+ * Submit it yourself: single-signer owners via {@link revokeSessionKey};
613
+ * weighted/passkey/MPC owners via their aggregate flow —
614
+ * `account.encodeCalls([{ to: smartAccountAddress, value: 0n, data }])` →
615
+ * `sendUserOperationWithSignatures`.
616
+ *
617
+ * @example
618
+ * ```ts
619
+ * const data = await buildRevokeSessionKeyCall({
620
+ * publicClient, sessionKeySigner, policies, smartAccountAddress,
621
+ * });
622
+ * const callData = await weightedAccount.encodeCalls([{ to: smartAccountAddress, value: 0n, data }]);
623
+ * // …approveUserOperation per signer → sendUserOperationWithSignatures(callData, signatures)
624
+ * ```
625
+ */
626
+ declare function buildRevokeSessionKeyCall(params: BuildRevokeSessionKeyCallParams): Promise<Hex>;
510
627
 
511
628
  /**
512
629
  * `rotateSessionKey()` — a thin compositional helper that revokes the
@@ -563,4 +680,4 @@ interface RotateSessionKeyResult {
563
680
  */
564
681
  declare function rotateSessionKey(params: RotateSessionKeyParams): Promise<RotateSessionKeyResult>;
565
682
 
566
- export { type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type KawasekitSessionEnvelope as a, type KawasekitSessionEnvelopeVersion as b, type KawasekitSessionPolicySummary as c, type RevokeSessionKeyParams as d, type RevokeSessionKeyResult as e, type RotateSessionKeyParams as f, type RotateSessionKeyResult as g, SessionEnvelopeParseError as h, SessionEnvelopeSignerMismatchError as i, SessionEnvelopeVersionError as j, type TransferJpycParams as k, type TransferJpycResult as l, issueSessionKey as m, revokeSessionKey as n, rotateSessionKey as o, parseSessionEnvelope as p, restoreSessionAccount as r, serializeSessionEnvelope as s, transferJpyc as t };
683
+ export { type AgentOwner as A, type BuildRevokeSessionKeyCallParams as B, type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type CreateAgentSmartAccountParams as a, type KawasekitSessionEnvelope as b, type KawasekitSessionEnvelopeVersion as c, type KawasekitSessionPolicySummary as d, type RevokeSessionKeyParams as e, type RevokeSessionKeyResult as f, type RotateSessionKeyParams as g, type RotateSessionKeyResult as h, SessionEnvelopeParseError as i, SessionEnvelopeSignerMismatchError as j, SessionEnvelopeVersionError as k, type TransferJpycParams as l, type TransferJpycResult as m, buildRevokeSessionKeyCall as n, createAgentSmartAccount as o, issueSessionKey as p, parseSessionEnvelope as q, restoreSessionAccount as r, revokeSessionKey as s, rotateSessionKey as t, serializeSessionEnvelope as u, transferJpyc as v };
@@ -1,10 +1,83 @@
1
- import { Transport, Chain, Address, Hex, PublicClient, LocalAccount, Hash } from 'viem';
1
+ import { LocalAccount, PublicClient, Transport, Chain, Address, Hex, Hash } from 'viem';
2
2
  import { S as SupportedChainId } from './index-2fEOL83n.js';
3
3
  import { Policy } from '@zerodev/permissions';
4
+ import { KernelValidator, CreateKernelAccountReturnType, KernelAccountClient } from '@zerodev/sdk';
4
5
  import { EntryPointType, GetKernelVersion } from '@zerodev/sdk/types';
5
- import { KernelAccountClient, CreateKernelAccountReturnType } from '@zerodev/sdk';
6
6
  import { SmartAccount } from 'viem/account-abstraction';
7
7
 
8
+ /**
9
+ * Agent smart account = Kernel v3.1 + ECDSA sudo validator + session-key
10
+ * permission validator.
11
+ *
12
+ * The owner EOA keeps full control (sudo) and can revoke / rotate the session
13
+ * key at any time. The session key is the day-to-day signer the AI agent
14
+ * holds; whatever policies you attach (see {@link createJpycDailyLimitPolicies})
15
+ * are enforced at the ERC-4337 validation phase by ZeroDev's
16
+ * `PermissionValidator`. Violating userOps revert before execution — they
17
+ * never spend any of the smart account's funds, and a sponsored bundler
18
+ * cannot be tricked into paying for them either.
19
+ *
20
+ * @packageDocumentation
21
+ */
22
+
23
+ /**
24
+ * Owner = ECDSA convenience XOR a pre-built sudo validator (weighted / passkey / MPC).
25
+ *
26
+ * @remarks Pass a pre-built validator via `sudoValidator`, never via `ownerSigner`.
27
+ * Because ZeroDev's `KernelValidator` structurally extends `LocalAccount`, a validator
28
+ * mis-passed in the `ownerSigner` slot type-checks and would be wrapped as an ECDSA
29
+ * signer (confusing downstream failure) rather than used as the sudo directly.
30
+ */
31
+ type AgentOwner = {
32
+ readonly ownerSigner: LocalAccount;
33
+ readonly sudoValidator?: never;
34
+ } | {
35
+ readonly sudoValidator: KernelValidator;
36
+ readonly ownerSigner?: never;
37
+ };
38
+ /** Parameters for {@link createAgentSmartAccount}. */
39
+ type CreateAgentSmartAccountParams = {
40
+ readonly publicClient: PublicClient<Transport, Chain | undefined>;
41
+ readonly sessionKeySigner: LocalAccount;
42
+ readonly policies: readonly Policy[];
43
+ /** Bind to an existing deployed account (e.g. re-provision after recovery). */
44
+ readonly address?: Address;
45
+ readonly entryPoint?: EntryPointType<"0.7">;
46
+ readonly kernelVersion?: GetKernelVersion<"0.7">;
47
+ } & AgentOwner;
48
+ /**
49
+ * Builds a Kernel v3.1 smart account with sudo (owner) + regular (session key)
50
+ * validators wired up.
51
+ *
52
+ * @example
53
+ * ```ts
54
+ * import { parseUnits } from "viem";
55
+ * import { privateKeyToAccount } from "viem/accounts";
56
+ * import {
57
+ * createAgentSmartAccount,
58
+ * createJpycDailyLimitPolicies,
59
+ * getJpycAddress,
60
+ * JPYC_DECIMALS,
61
+ * polygonAmoy,
62
+ * } from "kawasekit";
63
+ *
64
+ * const owner = privateKeyToAccount(process.env.OWNER_PRIVATE_KEY as `0x${string}`);
65
+ * const sessionKey = privateKeyToAccount(process.env.SESSION_KEY_PRIVATE_KEY as `0x${string}`);
66
+ *
67
+ * const account = await createAgentSmartAccount({
68
+ * publicClient,
69
+ * ownerSigner: owner,
70
+ * sessionKeySigner: sessionKey,
71
+ * policies: createJpycDailyLimitPolicies({
72
+ * jpycAddress: getJpycAddress(polygonAmoy.id),
73
+ * maxPerTransfer: parseUnits("100", JPYC_DECIMALS),
74
+ * maxTransfersPerDay: 10,
75
+ * }),
76
+ * });
77
+ * ```
78
+ */
79
+ declare function createAgentSmartAccount(params: CreateAgentSmartAccountParams): Promise<CreateKernelAccountReturnType<"0.7">>;
80
+
8
81
  /**
9
82
  * High-level helper: transfer JPYC from a Kernel smart account via a sponsored
10
83
  * UserOp.
@@ -231,22 +304,27 @@ declare class SessionEnvelopeParseError extends Error {
231
304
  */
232
305
 
233
306
  /** Parameters for {@link issueSessionKey}. */
234
- interface IssueSessionKeyParams {
235
- /**
236
- * viem `PublicClient` on the chain the smart account will live on. Its
237
- * `chain.id` MUST be a {@link SupportedChainId} and is recorded in the
238
- * envelope so restore-time mismatches fail fast.
239
- */
307
+ type IssueSessionKeyParams = {
240
308
  readonly publicClient: PublicClient<Transport, Chain>;
241
- /** Owner EOA — retains sudo authority. */
242
- readonly ownerSigner: LocalAccount;
243
- /** Session-key EOA — the day-to-day signer the agent will hold. */
244
309
  readonly sessionKeySigner: LocalAccount;
245
310
  /**
246
- * Policies the session key must satisfy at userOp validation time
247
- * (e.g. {@link createJpycDailyLimitPolicies}).
311
+ * Policies the session key must satisfy at userOp validation time (e.g.
312
+ * {@link createJpycDailyLimitPolicies}). Supply the SAME policies in the SAME
313
+ * order to issue and to revoke (`buildRevokeSessionKeyCall`) — the validator
314
+ * identifier hashes the ordered policy array.
248
315
  */
249
316
  readonly policies: readonly Policy[];
317
+ /** Bind issuance to an existing deployed account (re-provision after recovery). */
318
+ readonly address?: Address;
319
+ /**
320
+ * Weighted-enable seam (RFC-0003 U-B1). Called with the SDK-built permission
321
+ * validator; returns the enable signature for `serializePermissionAccount`'s
322
+ * 3rd arg. Omit for an ECDSA owner (the default single-signer enable). For a
323
+ * weighted sudo this is `approvePlugin(plugin)` + `encodeSignatures([approval], true)`,
324
+ * computed by the caller with their weighted client. A mismatch surfaces on-chain
325
+ * as `EnableNotApproved` at first use.
326
+ */
327
+ readonly approveEnable?: (permissionValidator: KernelValidator) => Promise<Hex>;
250
328
  /** Optional advisory expiry (unix seconds). Recorded in the envelope. */
251
329
  readonly expiresAt?: bigint;
252
330
  /** Optional advisory policy summary for host UI. */
@@ -255,7 +333,7 @@ interface IssueSessionKeyParams {
255
333
  readonly entryPoint?: EntryPointType<"0.7">;
256
334
  /** Kernel version override. Defaults to {@link KERNEL_V3_1}. */
257
335
  readonly kernelVersion?: GetKernelVersion<"0.7">;
258
- }
336
+ } & AgentOwner;
259
337
  /**
260
338
  * Issues a fresh session key for an agent smart account.
261
339
  *
@@ -507,6 +585,45 @@ interface RevokeSessionKeyResult {
507
585
  * ```
508
586
  */
509
587
  declare function revokeSessionKey(params: RevokeSessionKeyParams): Promise<RevokeSessionKeyResult>;
588
+ /** Parameters for {@link buildRevokeSessionKeyCall}. */
589
+ interface BuildRevokeSessionKeyCallParams {
590
+ /** A viem public client (the public API stays `PublicClient`; the shared builder widens to `Client` internally). */
591
+ readonly publicClient: PublicClient<Transport, Chain>;
592
+ /** The session-key signer the key was ISSUED with. */
593
+ readonly sessionKeySigner: LocalAccount;
594
+ /**
595
+ * The policies the key was issued with — identical policies in identical
596
+ * ORDER, since the validator identifier hashes the ordered policy array.
597
+ * A mismatch reverts at `uninstallValidation`.
598
+ */
599
+ readonly policies: readonly Policy[];
600
+ /** The deployed agent smart-account address. */
601
+ readonly smartAccountAddress: Address;
602
+ readonly entryPoint?: EntryPointType<"0.7">;
603
+ readonly kernelVersion?: GetKernelVersion<"0.7">;
604
+ }
605
+ /**
606
+ * Build the `uninstallValidation(vId, deinitData, hookDeinitData)` call that
607
+ * removes a session-key permission validator — a byte-exact reproduction of
608
+ * `@zerodev/sdk`'s `uninstallPlugin` inner call, which the SDK cannot call
609
+ * directly because it hardcodes the single-signer `sendUserOperation` path a
610
+ * weighted/passkey/MPC owner rejects.
611
+ *
612
+ * Submit it yourself: single-signer owners via {@link revokeSessionKey};
613
+ * weighted/passkey/MPC owners via their aggregate flow —
614
+ * `account.encodeCalls([{ to: smartAccountAddress, value: 0n, data }])` →
615
+ * `sendUserOperationWithSignatures`.
616
+ *
617
+ * @example
618
+ * ```ts
619
+ * const data = await buildRevokeSessionKeyCall({
620
+ * publicClient, sessionKeySigner, policies, smartAccountAddress,
621
+ * });
622
+ * const callData = await weightedAccount.encodeCalls([{ to: smartAccountAddress, value: 0n, data }]);
623
+ * // …approveUserOperation per signer → sendUserOperationWithSignatures(callData, signatures)
624
+ * ```
625
+ */
626
+ declare function buildRevokeSessionKeyCall(params: BuildRevokeSessionKeyCallParams): Promise<Hex>;
510
627
 
511
628
  /**
512
629
  * `rotateSessionKey()` — a thin compositional helper that revokes the
@@ -563,4 +680,4 @@ interface RotateSessionKeyResult {
563
680
  */
564
681
  declare function rotateSessionKey(params: RotateSessionKeyParams): Promise<RotateSessionKeyResult>;
565
682
 
566
- export { type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type KawasekitSessionEnvelope as a, type KawasekitSessionEnvelopeVersion as b, type KawasekitSessionPolicySummary as c, type RevokeSessionKeyParams as d, type RevokeSessionKeyResult as e, type RotateSessionKeyParams as f, type RotateSessionKeyResult as g, SessionEnvelopeParseError as h, SessionEnvelopeSignerMismatchError as i, SessionEnvelopeVersionError as j, type TransferJpycParams as k, type TransferJpycResult as l, issueSessionKey as m, revokeSessionKey as n, rotateSessionKey as o, parseSessionEnvelope as p, restoreSessionAccount as r, serializeSessionEnvelope as s, transferJpyc as t };
683
+ export { type AgentOwner as A, type BuildRevokeSessionKeyCallParams as B, type ConfiguredKernelClient as C, type IssueSessionKeyParams as I, KAWASEKIT_SESSION_ENVELOPE_VERSION as K, type RestoreSessionAccountParams as R, SessionEnvelopeChainMismatchError as S, TransferJpycInputError as T, type CreateAgentSmartAccountParams as a, type KawasekitSessionEnvelope as b, type KawasekitSessionEnvelopeVersion as c, type KawasekitSessionPolicySummary as d, type RevokeSessionKeyParams as e, type RevokeSessionKeyResult as f, type RotateSessionKeyParams as g, type RotateSessionKeyResult as h, SessionEnvelopeParseError as i, SessionEnvelopeSignerMismatchError as j, SessionEnvelopeVersionError as k, type TransferJpycParams as l, type TransferJpycResult as m, buildRevokeSessionKeyCall as n, createAgentSmartAccount as o, issueSessionKey as p, parseSessionEnvelope as q, restoreSessionAccount as r, revokeSessionKey as s, rotateSessionKey as t, serializeSessionEnvelope as u, transferJpyc as v };
package/dist/index.cjs CHANGED
@@ -10,26 +10,49 @@ var viem = require('viem');
10
10
  var policies = require('@zerodev/permissions/policies');
11
11
 
12
12
  // src/account/session-key.ts
13
+ async function resolveSudoValidator(params) {
14
+ if (params.ownerSigner !== void 0 && params.sudoValidator !== void 0) {
15
+ throw new Error("kawasekit: pass exactly one of `ownerSigner` or `sudoValidator`, not both.");
16
+ }
17
+ if (params.sudoValidator !== void 0) return params.sudoValidator;
18
+ if (params.ownerSigner === void 0) {
19
+ throw new Error("kawasekit: pass one of `ownerSigner` (ECDSA) or `sudoValidator` (pre-built).");
20
+ }
21
+ return ecdsaValidator.signerToEcdsaValidator(params.publicClient, {
22
+ signer: params.ownerSigner,
23
+ entryPoint: params.entryPoint,
24
+ kernelVersion: params.kernelVersion
25
+ });
26
+ }
27
+ async function buildSessionPermissionValidator(params) {
28
+ const signer = await signers.toECDSASigner({ signer: params.sessionKeySigner });
29
+ return permissions.toPermissionValidator(params.publicClient, {
30
+ signer,
31
+ policies: [...params.policies],
32
+ entryPoint: params.entryPoint,
33
+ kernelVersion: params.kernelVersion
34
+ });
35
+ }
13
36
  async function createAgentSmartAccount(params) {
14
37
  const entryPoint = params.entryPoint ?? constants.getEntryPoint("0.7");
15
38
  const kernelVersion = params.kernelVersion ?? constants.KERNEL_V3_1;
16
- const sudoValidator = await ecdsaValidator.signerToEcdsaValidator(params.publicClient, {
17
- signer: params.ownerSigner,
39
+ const sudoValidator = await resolveSudoValidator({
40
+ publicClient: params.publicClient,
41
+ ownerSigner: params.ownerSigner,
42
+ sudoValidator: params.sudoValidator,
18
43
  entryPoint,
19
44
  kernelVersion
20
45
  });
21
- const modularSessionSigner = await signers.toECDSASigner({ signer: params.sessionKeySigner });
22
- const permissionValidator = await permissions.toPermissionValidator(params.publicClient, {
23
- signer: modularSessionSigner,
24
- policies: [...params.policies],
46
+ const permissionValidator = await buildSessionPermissionValidator({
47
+ publicClient: params.publicClient,
48
+ sessionKeySigner: params.sessionKeySigner,
49
+ policies: params.policies,
25
50
  entryPoint,
26
51
  kernelVersion
27
52
  });
28
53
  return sdk.createKernelAccount(params.publicClient, {
29
- plugins: {
30
- sudo: sudoValidator,
31
- regular: permissionValidator
32
- },
54
+ plugins: { sudo: sudoValidator, regular: permissionValidator },
55
+ ...params.address !== void 0 ? { address: params.address } : {},
33
56
  entryPoint,
34
57
  kernelVersion
35
58
  });
@@ -3161,15 +3184,28 @@ async function issueSessionKey(params) {
3161
3184
  const supportedChainId = chainId;
3162
3185
  const entryPoint = params.entryPoint ?? constants.getEntryPoint("0.7");
3163
3186
  const kernelVersion = params.kernelVersion ?? constants.KERNEL_V3_1;
3164
- const account = await createAgentSmartAccount({
3187
+ const sudoValidator = await resolveSudoValidator({
3165
3188
  publicClient: params.publicClient,
3166
3189
  ownerSigner: params.ownerSigner,
3190
+ sudoValidator: params.sudoValidator,
3191
+ entryPoint,
3192
+ kernelVersion
3193
+ });
3194
+ const permissionValidator = await buildSessionPermissionValidator({
3195
+ publicClient: params.publicClient,
3167
3196
  sessionKeySigner: params.sessionKeySigner,
3168
3197
  policies: params.policies,
3169
3198
  entryPoint,
3170
3199
  kernelVersion
3171
3200
  });
3172
- const serialized = await permissions.serializePermissionAccount(account);
3201
+ const account = await sdk.createKernelAccount(params.publicClient, {
3202
+ plugins: { sudo: sudoValidator, regular: permissionValidator },
3203
+ ...params.address !== void 0 ? { address: params.address } : {},
3204
+ entryPoint,
3205
+ kernelVersion
3206
+ });
3207
+ const enableSignature = params.approveEnable ? await params.approveEnable(permissionValidator) : void 0;
3208
+ const serialized = enableSignature ? await permissions.serializePermissionAccount(account, void 0, enableSignature) : await permissions.serializePermissionAccount(account);
3173
3209
  const base = {
3174
3210
  kawasekitVersion: KAWASEKIT_SESSION_ENVELOPE_VERSION,
3175
3211
  chainId: supportedChainId,
@@ -3245,10 +3281,10 @@ async function revokeSessionKey(params) {
3245
3281
  "revokeSessionKey: ownerKernelClient.client is undefined \u2014 pass `client: publicClient` when constructing the Kernel client so the validator can be reconstructed."
3246
3282
  );
3247
3283
  }
3248
- const modularSigner = await signers.toECDSASigner({ signer: sessionKeySigner });
3249
- const permissionPlugin = await permissions.toPermissionValidator(ownerKernelClient.client, {
3250
- signer: modularSigner,
3251
- policies: [...policies],
3284
+ const permissionPlugin = await buildSessionPermissionValidator({
3285
+ publicClient: ownerKernelClient.client,
3286
+ sessionKeySigner,
3287
+ policies,
3252
3288
  entryPoint,
3253
3289
  kernelVersion
3254
3290
  });
@@ -3267,6 +3303,30 @@ async function revokeSessionKey(params) {
3267
3303
  success: receipt.success
3268
3304
  };
3269
3305
  }
3306
+ var UNINSTALL_VALIDATION_ABI = viem.parseAbi([
3307
+ "function uninstallValidation(bytes21 vId, bytes deinitData, bytes hookDeinitData)"
3308
+ ]);
3309
+ async function buildRevokeSessionKeyCall(params) {
3310
+ const entryPoint = params.entryPoint ?? constants.getEntryPoint("0.7");
3311
+ const kernelVersion = params.kernelVersion ?? constants.KERNEL_V3_1;
3312
+ const plugin = await buildSessionPermissionValidator({
3313
+ publicClient: params.publicClient,
3314
+ sessionKeySigner: params.sessionKeySigner,
3315
+ policies: params.policies,
3316
+ entryPoint,
3317
+ kernelVersion
3318
+ });
3319
+ const vId = viem.concatHex([
3320
+ constants.VALIDATOR_TYPE.PERMISSION,
3321
+ viem.pad(plugin.getIdentifier(), { size: 20, dir: "right" })
3322
+ ]);
3323
+ const deinitData = await plugin.getEnableData(viem.getAddress(params.smartAccountAddress));
3324
+ return viem.encodeFunctionData({
3325
+ abi: UNINSTALL_VALIDATION_ABI,
3326
+ functionName: "uninstallValidation",
3327
+ args: [vId, deinitData, "0x"]
3328
+ });
3329
+ }
3270
3330
 
3271
3331
  // src/session/rotate.ts
3272
3332
  async function rotateSessionKey(params) {
@@ -3312,6 +3372,7 @@ exports.avalanche = avalanche;
3312
3372
  exports.avalancheFuji = avalancheFuji;
3313
3373
  exports.buildPaymentRequiredResponse = buildPaymentRequiredResponse;
3314
3374
  exports.buildPaymentRequirements = buildPaymentRequirements;
3375
+ exports.buildRevokeSessionKeyCall = buildRevokeSessionKeyCall;
3315
3376
  exports.cancelAuthorizationTypes = cancelAuthorizationTypes;
3316
3377
  exports.canonicalRequestBytes = canonicalRequestBytes;
3317
3378
  exports.chainIdToX402Network = chainIdToX402Network;