ox 0.13.1 → 0.14.0

package/tempo/TempoAddress.ts

@@ -0,0 +1,222 @@
+import * as Address from '../core/Address.js'
+import * as Bech32m from '../core/Bech32m.js'
+import * as Bytes from '../core/Bytes.js'
+import * as CompactSize from '../core/CompactSize.js'
+import * as Errors from '../core/Errors.js'
+import * as Hex from '../core/Hex.js'
+
+/** Root type for a Tempo Address. */
+export type TempoAddress = `tempo1${string}` | `tempoz1${string}`
+
+/**
+ * Formats a raw Ethereum address (and optional zone ID) into a Tempo address string.
+ *
+ * @example
+ * ```ts twoslash
+ * import { TempoAddress } from 'ox/tempo'
+ *
+ * const address = TempoAddress.format('0x742d35Cc6634C0532925a3b844Bc9e7595f2bD28')
+ * // @log: 'tempo1qp6z6dwvvc6vq5efyk3ms39une6etu4a9qtj2kk0'
+ * ```
+ *
+ * @example
+ * ### Zone Address
+ * ```ts twoslash
+ * import { TempoAddress } from 'ox/tempo'
+ *
+ * const address = TempoAddress.format(
+ *   '0x742d35Cc6634C0532925a3b844Bc9e7595f2bD28',
+ *   { zoneId: 1 },
+ * )
+ * // @log: 'tempoz1qqqhgtf4e3nrfszn9yj68wzyhj08t90jh55q74d9uj'
+ * ```
+ *
+ * @param address - The raw 20-byte Ethereum address.
+ * @param options - Options.
+ * @returns The encoded Tempo address string.
+ */
+export function format(
+  address: Address.Address,
+  options: format.Options = {},
+): TempoAddress {
+  const { zoneId } = options
+
+  const hrp = zoneId != null ? 'tempoz' : 'tempo'
+  const version = new Uint8Array([0x00])
+  const zone = zoneId != null ? CompactSize.toBytes(zoneId) : new Uint8Array()
+  const data = Bytes.concat(version, zone, Bytes.fromHex(address))
+
+  return Bech32m.encode(hrp, data) as TempoAddress
+}
+
+export declare namespace format {
+  type Options = {
+    /** Zone ID for zone addresses. */
+    zoneId?: number | bigint | undefined
+  }
+
+  type ErrorType = Errors.GlobalErrorType
+}
+
+/**
+ * Parses a Tempo address string into a raw Ethereum address and optional zone ID.
+ *
+ * @example
+ * ### Mainnet Address
+ * ```ts twoslash
+ * import { TempoAddress } from 'ox/tempo'
+ *
+ * const result = TempoAddress.parse(
+ *   'tempo1qp6z6dwvvc6vq5efyk3ms39une6etu4a9qtj2kk0',
+ * )
+ * // @log: { address: '0x742d35CC6634c0532925a3B844bc9e7595F2Bd28', zoneId: undefined }
+ * ```
+ *
+ * @example
+ * ### Zone Address
+ * ```ts twoslash
+ * import { TempoAddress } from 'ox/tempo'
+ *
+ * const result = TempoAddress.parse(
+ *   'tempoz1qqqhgtf4e3nrfszn9yj68wzyhj08t90jh55q74d9uj',
+ * )
+ * // @log: { address: '0x742d35CC6634c0532925a3B844bc9e7595F2Bd28', zoneId: 1 }
+ * ```
+ *
+ * @param tempoAddress - The Tempo address string to parse.
+ * @returns The parsed raw address and optional zone ID.
+ */
+export function parse(tempoAddress: string): parse.ReturnType {
+  let hrp: string
+  let data: Uint8Array
+  try {
+    const decoded = Bech32m.decode(tempoAddress)
+    hrp = decoded.hrp
+    data = decoded.data
+  } catch {
+    throw new InvalidChecksumError({ address: tempoAddress })
+  }
+
+  if (hrp !== 'tempo' && hrp !== 'tempoz')
+    throw new InvalidPrefixError({ address: tempoAddress })
+
+  if (data.length < 1 || data[0] !== 0x00)
+    throw new InvalidVersionError({
+      address: tempoAddress,
+      version: data.length > 0 ? data[0]! : undefined,
+    })
+
+  const payload = data.slice(1)
+
+  let zoneId: number | bigint | undefined
+  let rawAddress: Uint8Array
+  if (hrp === 'tempoz') {
+    const { value, size } = CompactSize.fromBytes(payload)
+    zoneId = value
+    rawAddress = payload.slice(size)
+  } else {
+    zoneId = undefined
+    rawAddress = payload
+  }
+
+  if (rawAddress.length !== 20)
+    throw new InvalidLengthError({
+      address: tempoAddress,
+      expected: 20,
+      actual: rawAddress.length,
+    })
+
+  const address = Address.checksum(Hex.fromBytes(rawAddress) as Address.Address)
+
+  return { address, zoneId }
+}
+
+export declare namespace parse {
+  type ReturnType = {
+    /** The raw 20-byte Ethereum address. */
+    address: Address.Address
+    /** The zone ID, or `undefined` for mainnet addresses. */
+    zoneId: number | bigint | undefined
+  }
+
+  type ErrorType =
+    | InvalidPrefixError
+    | InvalidVersionError
+    | InvalidLengthError
+    | InvalidChecksumError
+    | Errors.GlobalErrorType
+}
+
+/**
+ * Validates a Tempo address string.
+ *
+ * @example
+ * ```ts twoslash
+ * import { TempoAddress } from 'ox/tempo'
+ *
+ * const valid = TempoAddress.validate(
+ *   'tempo1qp6z6dwvvc6vq5efyk3ms39une6etu4a9qtj2kk0',
+ * )
+ * // @log: true
+ * ```
+ *
+ * @param tempoAddress - The Tempo address string to validate.
+ * @returns Whether the address is valid.
+ */
+export function validate(tempoAddress: string): boolean {
+  try {
+    parse(tempoAddress)
+    return true
+  } catch {
+    return false
+  }
+}
+
+/** Thrown when a Tempo address has an invalid prefix. */
+export class InvalidPrefixError extends Errors.BaseError {
+  override readonly name = 'TempoAddress.InvalidPrefixError'
+
+  constructor({ address }: { address: string }) {
+    super(
+      `Tempo address "${address}" has an invalid prefix. Expected "tempo1" or "tempoz1".`,
+    )
+  }
+}
+
+/** Thrown when a Tempo address has an unsupported version byte. */
+export class InvalidVersionError extends Errors.BaseError {
+  override readonly name = 'TempoAddress.InvalidVersionError'
+
+  constructor({
+    address,
+    version,
+  }: { address: string; version: number | undefined }) {
+    super(
+      `Tempo address "${address}" has unsupported version ${version === undefined ? '(missing)' : `0x${version.toString(16).padStart(2, '0')}`}. Only version 0x00 is supported.`,
+    )
+  }
+}
+
+/** Thrown when a Tempo address has an invalid payload length. */
+export class InvalidLengthError extends Errors.BaseError {
+  override readonly name = 'TempoAddress.InvalidLengthError'
+
+  constructor({
+    address,
+    expected,
+    actual,
+  }: { address: string; expected: number; actual: number }) {
+    super(
+      `Tempo address "${address}" has an invalid payload length. Expected ${expected} bytes, got ${actual}.`,
+    )
+  }
+}
+
+/** Thrown when a Tempo address has an invalid checksum. */
+export class InvalidChecksumError extends Errors.BaseError {
+  override readonly name = 'TempoAddress.InvalidChecksumError'
+
+  constructor({ address }: { address: string }) {
+    super(`Tempo address "${address}" has an invalid checksum.`)
+  }
+}

package/tempo/Transaction.test.ts

@@ -164,6 +164,7 @@ describe('fromRpc', () => {
         },
       ],
       keyAuthorization: {
+        chainId: '0x1',
         expiry: '0xffffffffffff',
         keyId: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
         keyType: 'secp256k1',
@@ -224,7 +225,7 @@ describe('fromRpc', () => {
         "hash": "0x353fdfc38a2f26115daadee9f5b8392ce62b84f410957967e2ed56b35338cdd0",
         "keyAuthorization": {
           "address": "0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c",
-          "chainId": 0n,
+          "chainId": 1n,
           "expiry": 281474976710655,
           "limits": [
             {
@@ -431,6 +432,7 @@ describe('toRpc', () => {
       data: undefined,
       keyAuthorization: {
         address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+        chainId: 1n,
         expiry: 281474976710655,
         type: 'secp256k1',
         limits: [
@@ -487,7 +489,7 @@ describe('toRpc', () => {
         "hash": "0x353fdfc38a2f26115daadee9f5b8392ce62b84f410957967e2ed56b35338cdd0",
         "input": undefined,
         "keyAuthorization": {
-          "chainId": "0x",
+          "chainId": "0x1",
           "expiry": "0xffffffffffff",
           "keyId": "0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c",
           "keyType": "secp256k1",

package/tempo/TxEnvelopeTempo.test.ts

@@ -257,6 +257,7 @@ describe('deserialize', () => {
     const keyAuthorization = KeyAuthorization.from({
       expiry: 1234567890,
       address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      chainId: 1n,
       type: 'secp256k1',
       limits: [
         {
@@ -894,6 +895,7 @@ describe('serialize', () => {
   test('keyAuthorization (secp256k1)', () => {
     const keyAuthorization = KeyAuthorization.from({
       address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      chainId: 1n,
       expiry: 1234567890,
       type: 'secp256k1',
       limits: [
@@ -918,7 +920,7 @@ describe('serialize', () => {
 
     const serialized = TxEnvelopeTempo.serialize(transaction)
     expect(serialized).toMatchInlineSnapshot(
-      `"0x76f8a201808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f87bf7808094be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b841635dc2033e60185bb36709c29c75d64ea51dfbd91c32ef4be198e4ceb169fb4d50c2667ac4c771072746acfdcf1f1483336dcca8bd2df47cd83175dbe60f05401b"`,
+      `"0x76f8a201808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f87bf7018094be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b841635dc2033e60185bb36709c29c75d64ea51dfbd91c32ef4be198e4ceb169fb4d50c2667ac4c771072746acfdcf1f1483336dcca8bd2df47cd83175dbe60f05401b"`,
     )
 
     const deserialized = TxEnvelopeTempo.deserialize(serialized)
@@ -928,6 +930,7 @@ describe('serialize', () => {
   test('keyAuthorization (p256)', () => {
     const keyAuthorization = KeyAuthorization.from({
       address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      chainId: 1n,
       expiry: 1234567890,
       type: 'p256',
       limits: [
@@ -959,7 +962,7 @@ describe('serialize', () => {
 
     const serialized = TxEnvelopeTempo.serialize(transaction)
     expect(serialized).toMatchInlineSnapshot(
-      `"0x76f8e301808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f8bcf7800194be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b88201ccbb3485d4726235f13cb15ef394fb7158179fb7b1925eccec0147671090c52e77c3c53373cc1e3b05e7c23f609deb17cea8fe097300c45411237e9fe4166b35ad8ac16e167d6992c3e120d7f17d2376bc1cbcf30c46ba6dd00ce07303e742f511edf6ce1c32de66846f56afa7be1cbd729bc35750b6d0cdcf3ec9d75461aba001"`,
+      `"0x76f8e301808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f8bcf7010194be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b88201ccbb3485d4726235f13cb15ef394fb7158179fb7b1925eccec0147671090c52e77c3c53373cc1e3b05e7c23f609deb17cea8fe097300c45411237e9fe4166b35ad8ac16e167d6992c3e120d7f17d2376bc1cbcf30c46ba6dd00ce07303e742f511edf6ce1c32de66846f56afa7be1cbd729bc35750b6d0cdcf3ec9d75461aba001"`,
     )
 
     const deserialized = TxEnvelopeTempo.deserialize(serialized)
@@ -979,6 +982,7 @@ describe('serialize', () => {
 
     const keyAuthorization = KeyAuthorization.from({
       address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      chainId: 1n,
       expiry: 1234567890,
       type: 'webAuthn',
       limits: [
@@ -1010,7 +1014,7 @@ describe('serialize', () => {
 
     const serialized = TxEnvelopeTempo.serialize(transaction)
     expect(serialized).toMatchInlineSnapshot(
-      `"0x76f9016501808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f9013df7800294be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b901020249960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d976305000000007b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a223371322d3777222c226f726967696e223a22687474703a2f2f6c6f63616c686f7374222c2263726f73734f726967696e223a66616c73657dccbb3485d4726235f13cb15ef394fb7158179fb7b1925eccec0147671090c52e77c3c53373cc1e3b05e7c23f609deb17cea8fe097300c45411237e9fe4166b35ad8ac16e167d6992c3e120d7f17d2376bc1cbcf30c46ba6dd00ce07303e742f511edf6ce1c32de66846f56afa7be1cbd729bc35750b6d0cdcf3ec9d75461aba0"`,
+      `"0x76f9016501808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f9013df7010294be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b901020249960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d976305000000007b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a223371322d3777222c226f726967696e223a22687474703a2f2f6c6f63616c686f7374222c2263726f73734f726967696e223a66616c73657dccbb3485d4726235f13cb15ef394fb7158179fb7b1925eccec0147671090c52e77c3c53373cc1e3b05e7c23f609deb17cea8fe097300c45411237e9fe4166b35ad8ac16e167d6992c3e120d7f17d2376bc1cbcf30c46ba6dd00ce07303e742f511edf6ce1c32de66846f56afa7be1cbd729bc35750b6d0cdcf3ec9d75461aba0"`,
     )
 
     // Verify roundtrip

package/tempo/TxEnvelopeTempo.ts

@@ -779,16 +779,67 @@ export declare namespace serialize {
  * const signature = Secp256k1.sign({ payload, privateKey: '0x...' })
  * ```
  *
+ * @example
+ * ### Access Keys
+ *
+ * When signing as an access key on behalf of a root account, pass the
+ * `from` option with the root account address. This computes
+ * `keccak256(0x04 || sigHash || from)` which binds the signature to the
+ * specific user account (V2 keychain format).
+ *
+ * ```ts twoslash
+ * // @noErrors
+ * import { Secp256k1 } from 'ox'
+ * import { TxEnvelopeTempo, SignatureEnvelope } from 'ox/tempo'
+ *
+ * const envelope = TxEnvelopeTempo.from({
+ *   chainId: 1,
+ *   calls: [{
+ *     data: '0xdeadbeef',
+ *     to: '0x70997970c51812dc3a010c7d01b50e0d17dc79c8',
+ *   }],
+ *   nonce: 0n,
+ *   maxFeePerGas: 1000000000n,
+ *   gas: 21000n,
+ * })
+ *
+ * const payload = TxEnvelopeTempo.getSignPayload(envelope, { from: '0x...' }) // [!code focus]
+ *
+ * const signature = Secp256k1.sign({ payload, privateKey: '0x...' })
+ *
+ * const signed = TxEnvelopeTempo.serialize(envelope, {
+ *   signature: SignatureEnvelope.from({
+ *     userAddress: from,
+ *     inner: SignatureEnvelope.from(signature),
+ *   }),
+ * })
+ * ```
+ *
  * @param envelope - The transaction envelope to get the sign payload for.
+ * @param options - Options.
  * @returns The sign payload.
  */
 export function getSignPayload(
   envelope: TxEnvelopeTempo,
+  options: getSignPayload.Options = {},
 ): getSignPayload.ReturnValue {
-  return hash(envelope, { presign: true })
+  const sigHash = hash(envelope, { presign: true })
+  if (options.from)
+    return Hash.keccak256(Hex.concat('0x04', sigHash, options.from))
+  return sigHash
 }
 
 export declare namespace getSignPayload {
+  type Options = {
+    /**
+     * The root account address for access key signing.
+     *
+     * When provided, computes `keccak256(0x04 || sigHash || from)` instead of
+     * the raw `sigHash`, binding the access key signature to the specific user account.
+     */
+    from?: Address.Address | undefined
+  }
+
   type ReturnValue = Hex.Hex
 
   type ErrorType = hash.ErrorType | Errors.GlobalErrorType

package/tempo/e2e.test.ts

@@ -9,7 +9,7 @@ import {
 } from 'ox'
 import { getTransactionCount } from 'viem/actions'
 import { beforeEach, describe, expect, test } from 'vitest'
-import { chain, client, fundAddress } from '../../test/tempo/config.js'
+import { chain, client, fundAddress, nodeEnv } from '../../test/tempo/config.js'
 import {
   AuthorizationTempo,
   KeyAuthorization,
@@ -20,6 +20,8 @@ import * as TransactionReceipt from './TransactionReceipt.js'
 import * as TxEnvelopeTempo from './TxEnvelopeTempo.js'
 
 const chainId = chain.id
+// TODO: remove when v2 keychain signatures are deployed to testnet.
+const keychainVersion = nodeEnv === 'localnet' ? 'v2' : undefined
 
 test('behavior: default (secp256k1)', async () => {
   const privateKey = Secp256k1.randomPrivateKey()
@@ -806,6 +808,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chain.id),
       type: 'secp256k1',
     })
 
@@ -839,7 +842,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = Secp256k1.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: access.privateKey,
     })
 
@@ -848,6 +853,7 @@ describe('behavior: keyAuthorization', () => {
         userAddress: root.address,
         inner: SignatureEnvelope.from(signature),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 
@@ -978,7 +984,9 @@ describe('behavior: keyAuthorization', () => {
       })
 
       const signature = Secp256k1.sign({
-        payload: TxEnvelopeTempo.getSignPayload(transaction),
+        payload: TxEnvelopeTempo.getSignPayload(transaction, {
+          from: keychainVersion === 'v2' ? root.address : undefined,
+        }),
         privateKey: access.privateKey,
       })
 
@@ -987,6 +995,7 @@ describe('behavior: keyAuthorization', () => {
           userAddress: root.address,
           inner: SignatureEnvelope.from(signature),
           type: 'keychain',
+          version: keychainVersion,
         }),
       })
 
@@ -1012,6 +1021,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chainId),
       type: 'p256',
     })
 
@@ -1045,7 +1055,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = P256.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: access.privateKey,
     })
 
@@ -1059,6 +1071,7 @@ describe('behavior: keyAuthorization', () => {
           type: 'p256',
         }),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 
@@ -1190,7 +1203,9 @@ describe('behavior: keyAuthorization', () => {
       })
 
       const signature = P256.sign({
-        payload: TxEnvelopeTempo.getSignPayload(transaction),
+        payload: TxEnvelopeTempo.getSignPayload(transaction, {
+          from: keychainVersion === 'v2' ? root.address : undefined,
+        }),
         privateKey: access.privateKey,
       })
 
@@ -1204,6 +1219,7 @@ describe('behavior: keyAuthorization', () => {
             type: 'p256',
           }),
           type: 'keychain',
+          version: keychainVersion,
         }),
       })
 
@@ -1227,6 +1243,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chainId),
       type: 'p256',
     })
 
@@ -1260,7 +1277,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = await WebCryptoP256.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: keyPair.privateKey,
     })
 
@@ -1274,6 +1293,7 @@ describe('behavior: keyAuthorization', () => {
           type: 'p256',
         }),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 
@@ -1366,7 +1386,9 @@ describe('behavior: keyAuthorization', () => {
       })
 
       const signature = await WebCryptoP256.sign({
-        payload: TxEnvelopeTempo.getSignPayload(transaction),
+        payload: TxEnvelopeTempo.getSignPayload(transaction, {
+          from: keychainVersion === 'v2' ? root.address : undefined,
+        }),
         privateKey: keyPair.privateKey,
       })
 
@@ -1380,6 +1402,7 @@ describe('behavior: keyAuthorization', () => {
             type: 'p256',
           }),
           type: 'keychain',
+          version: keychainVersion,
         }),
       })
 
@@ -1404,6 +1427,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chainId),
       type: 'p256',
       expiry: Math.floor(Date.now() / 1000) + 60 * 60,
       limits: [
@@ -1444,7 +1468,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = P256.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: access.privateKey,
     })
 
@@ -1458,6 +1484,7 @@ describe('behavior: keyAuthorization', () => {
           type: 'p256',
         }),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 
@@ -1498,6 +1525,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chainId),
       type: 'secp256k1',
       limits: [
         {
@@ -1537,7 +1565,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = Secp256k1.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: access.privateKey,
     })
 
@@ -1546,6 +1576,7 @@ describe('behavior: keyAuthorization', () => {
         userAddress: root.address,
         inner: SignatureEnvelope.from(signature),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 
@@ -1586,6 +1617,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chainId),
       type: 'secp256k1',
       expiry: Math.floor(Date.now() / 1000) + 60 * 60,
     })
@@ -1620,7 +1652,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = Secp256k1.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: access.privateKey,
     })
 
@@ -1629,6 +1663,7 @@ describe('behavior: keyAuthorization', () => {
         userAddress: root.address,
         inner: SignatureEnvelope.from(signature),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 

package/tempo/index.ts

@@ -121,6 +121,28 @@ export * as PoolId from './PoolId.js'
  */
 export * as SignatureEnvelope from './SignatureEnvelope.js'
 
+/**
+ * Tempo address encoding/decoding utilities for human-readable addresses.
+ *
+ * Tempo addresses use a bech32 base32-encoded format with `tempo1` prefix for mainnet
+ * and `tempoz1` prefix for zone addresses. Includes CompactSize zone ID encoding
+ * and double-SHA256 checksumming.
+ *
+ * @example
+ * ```ts twoslash
+ * import { TempoAddress } from 'ox/tempo'
+ *
+ * const encoded = TempoAddress.format('0x742d35Cc6634C0532925a3b844Bc9e7595f2bD28')
+ * // @log: 'tempo1wskntnrxxnq9x2f95wuyf0y7wk2l90fg0hlz9j'
+ *
+ * const { address, zoneId } = TempoAddress.parse(encoded)
+ * // @log: { address: '0x742d35CC6634c0532925a3B844bc9e7595F2Bd28', zoneId: undefined }
+ * ```
+ *
+ * @category Reference
+ */
+export * as TempoAddress from './TempoAddress.js'
+
 /**
  * Tick-based pricing utilities for DEX price conversions.
  *

package/version.ts

@@ -1,2 +1,2 @@
 /** @internal */
-export const version = '0.13.1'
+export const version = '0.14.0'