ox 0.13.2 → 0.14.0

package/tempo/TxEnvelopeTempo.test.ts

@@ -257,6 +257,7 @@ describe('deserialize', () => {
     const keyAuthorization = KeyAuthorization.from({
       expiry: 1234567890,
       address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      chainId: 1n,
       type: 'secp256k1',
       limits: [
         {
@@ -894,6 +895,7 @@ describe('serialize', () => {
   test('keyAuthorization (secp256k1)', () => {
     const keyAuthorization = KeyAuthorization.from({
       address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      chainId: 1n,
       expiry: 1234567890,
       type: 'secp256k1',
       limits: [
@@ -918,7 +920,7 @@ describe('serialize', () => {
 
     const serialized = TxEnvelopeTempo.serialize(transaction)
     expect(serialized).toMatchInlineSnapshot(
-      `"0x76f8a201808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f87bf7808094be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b841635dc2033e60185bb36709c29c75d64ea51dfbd91c32ef4be198e4ceb169fb4d50c2667ac4c771072746acfdcf1f1483336dcca8bd2df47cd83175dbe60f05401b"`,
+      `"0x76f8a201808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f87bf7018094be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b841635dc2033e60185bb36709c29c75d64ea51dfbd91c32ef4be198e4ceb169fb4d50c2667ac4c771072746acfdcf1f1483336dcca8bd2df47cd83175dbe60f05401b"`,
     )
 
     const deserialized = TxEnvelopeTempo.deserialize(serialized)
@@ -928,6 +930,7 @@ describe('serialize', () => {
   test('keyAuthorization (p256)', () => {
     const keyAuthorization = KeyAuthorization.from({
       address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      chainId: 1n,
       expiry: 1234567890,
       type: 'p256',
       limits: [
@@ -959,7 +962,7 @@ describe('serialize', () => {
 
     const serialized = TxEnvelopeTempo.serialize(transaction)
     expect(serialized).toMatchInlineSnapshot(
-      `"0x76f8e301808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f8bcf7800194be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b88201ccbb3485d4726235f13cb15ef394fb7158179fb7b1925eccec0147671090c52e77c3c53373cc1e3b05e7c23f609deb17cea8fe097300c45411237e9fe4166b35ad8ac16e167d6992c3e120d7f17d2376bc1cbcf30c46ba6dd00ce07303e742f511edf6ce1c32de66846f56afa7be1cbd729bc35750b6d0cdcf3ec9d75461aba001"`,
+      `"0x76f8e301808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f8bcf7010194be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b88201ccbb3485d4726235f13cb15ef394fb7158179fb7b1925eccec0147671090c52e77c3c53373cc1e3b05e7c23f609deb17cea8fe097300c45411237e9fe4166b35ad8ac16e167d6992c3e120d7f17d2376bc1cbcf30c46ba6dd00ce07303e742f511edf6ce1c32de66846f56afa7be1cbd729bc35750b6d0cdcf3ec9d75461aba001"`,
     )
 
     const deserialized = TxEnvelopeTempo.deserialize(serialized)
@@ -979,6 +982,7 @@ describe('serialize', () => {
 
     const keyAuthorization = KeyAuthorization.from({
       address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+      chainId: 1n,
       expiry: 1234567890,
       type: 'webAuthn',
       limits: [
@@ -1010,7 +1014,7 @@ describe('serialize', () => {
 
     const serialized = TxEnvelopeTempo.serialize(transaction)
     expect(serialized).toMatchInlineSnapshot(
-      `"0x76f9016501808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f9013df7800294be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b901020249960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d976305000000007b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a223371322d3777222c226f726967696e223a22687474703a2f2f6c6f63616c686f7374222c2263726f73734f726967696e223a66616c73657dccbb3485d4726235f13cb15ef394fb7158179fb7b1925eccec0147671090c52e77c3c53373cc1e3b05e7c23f609deb17cea8fe097300c45411237e9fe4166b35ad8ac16e167d6992c3e120d7f17d2376bc1cbcf30c46ba6dd00ce07303e742f511edf6ce1c32de66846f56afa7be1cbd729bc35750b6d0cdcf3ec9d75461aba0"`,
+      `"0x76f9016501808080d8d79470997970c51812dc3a010c7d01b50e0d17dc79c88080c0808080808080c0f9013df7010294be95c3f554e9fc85ec51be69a3d807a0d55bcf2c84499602d2dad99420c000000000000000000000000000000000000183989680b901020249960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d976305000000007b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a223371322d3777222c226f726967696e223a22687474703a2f2f6c6f63616c686f7374222c2263726f73734f726967696e223a66616c73657dccbb3485d4726235f13cb15ef394fb7158179fb7b1925eccec0147671090c52e77c3c53373cc1e3b05e7c23f609deb17cea8fe097300c45411237e9fe4166b35ad8ac16e167d6992c3e120d7f17d2376bc1cbcf30c46ba6dd00ce07303e742f511edf6ce1c32de66846f56afa7be1cbd729bc35750b6d0cdcf3ec9d75461aba0"`,
     )
 
     // Verify roundtrip

package/tempo/TxEnvelopeTempo.ts

@@ -779,16 +779,67 @@ export declare namespace serialize {
  * const signature = Secp256k1.sign({ payload, privateKey: '0x...' })
  * ```
  *
+ * @example
+ * ### Access Keys
+ *
+ * When signing as an access key on behalf of a root account, pass the
+ * `from` option with the root account address. This computes
+ * `keccak256(0x04 || sigHash || from)` which binds the signature to the
+ * specific user account (V2 keychain format).
+ *
+ * ```ts twoslash
+ * // @noErrors
+ * import { Secp256k1 } from 'ox'
+ * import { TxEnvelopeTempo, SignatureEnvelope } from 'ox/tempo'
+ *
+ * const envelope = TxEnvelopeTempo.from({
+ *   chainId: 1,
+ *   calls: [{
+ *     data: '0xdeadbeef',
+ *     to: '0x70997970c51812dc3a010c7d01b50e0d17dc79c8',
+ *   }],
+ *   nonce: 0n,
+ *   maxFeePerGas: 1000000000n,
+ *   gas: 21000n,
+ * })
+ *
+ * const payload = TxEnvelopeTempo.getSignPayload(envelope, { from: '0x...' }) // [!code focus]
+ *
+ * const signature = Secp256k1.sign({ payload, privateKey: '0x...' })
+ *
+ * const signed = TxEnvelopeTempo.serialize(envelope, {
+ *   signature: SignatureEnvelope.from({
+ *     userAddress: from,
+ *     inner: SignatureEnvelope.from(signature),
+ *   }),
+ * })
+ * ```
+ *
  * @param envelope - The transaction envelope to get the sign payload for.
+ * @param options - Options.
  * @returns The sign payload.
  */
 export function getSignPayload(
   envelope: TxEnvelopeTempo,
+  options: getSignPayload.Options = {},
 ): getSignPayload.ReturnValue {
-  return hash(envelope, { presign: true })
+  const sigHash = hash(envelope, { presign: true })
+  if (options.from)
+    return Hash.keccak256(Hex.concat('0x04', sigHash, options.from))
+  return sigHash
 }
 
 export declare namespace getSignPayload {
+  type Options = {
+    /**
+     * The root account address for access key signing.
+     *
+     * When provided, computes `keccak256(0x04 || sigHash || from)` instead of
+     * the raw `sigHash`, binding the access key signature to the specific user account.
+     */
+    from?: Address.Address | undefined
+  }
+
   type ReturnValue = Hex.Hex
 
   type ErrorType = hash.ErrorType | Errors.GlobalErrorType

package/tempo/e2e.test.ts

@@ -9,7 +9,7 @@ import {
 } from 'ox'
 import { getTransactionCount } from 'viem/actions'
 import { beforeEach, describe, expect, test } from 'vitest'
-import { chain, client, fundAddress } from '../../test/tempo/config.js'
+import { chain, client, fundAddress, nodeEnv } from '../../test/tempo/config.js'
 import {
   AuthorizationTempo,
   KeyAuthorization,
@@ -20,6 +20,8 @@ import * as TransactionReceipt from './TransactionReceipt.js'
 import * as TxEnvelopeTempo from './TxEnvelopeTempo.js'
 
 const chainId = chain.id
+// TODO: remove when v2 keychain signatures are deployed to testnet.
+const keychainVersion = nodeEnv === 'localnet' ? 'v2' : undefined
 
 test('behavior: default (secp256k1)', async () => {
   const privateKey = Secp256k1.randomPrivateKey()
@@ -806,6 +808,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chain.id),
       type: 'secp256k1',
     })
 
@@ -839,7 +842,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = Secp256k1.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: access.privateKey,
     })
 
@@ -848,6 +853,7 @@ describe('behavior: keyAuthorization', () => {
         userAddress: root.address,
         inner: SignatureEnvelope.from(signature),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 
@@ -978,7 +984,9 @@ describe('behavior: keyAuthorization', () => {
       })
 
       const signature = Secp256k1.sign({
-        payload: TxEnvelopeTempo.getSignPayload(transaction),
+        payload: TxEnvelopeTempo.getSignPayload(transaction, {
+          from: keychainVersion === 'v2' ? root.address : undefined,
+        }),
         privateKey: access.privateKey,
       })
 
@@ -987,6 +995,7 @@ describe('behavior: keyAuthorization', () => {
           userAddress: root.address,
           inner: SignatureEnvelope.from(signature),
           type: 'keychain',
+          version: keychainVersion,
         }),
       })
 
@@ -1012,6 +1021,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chainId),
       type: 'p256',
     })
 
@@ -1045,7 +1055,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = P256.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: access.privateKey,
     })
 
@@ -1059,6 +1071,7 @@ describe('behavior: keyAuthorization', () => {
           type: 'p256',
         }),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 
@@ -1190,7 +1203,9 @@ describe('behavior: keyAuthorization', () => {
       })
 
       const signature = P256.sign({
-        payload: TxEnvelopeTempo.getSignPayload(transaction),
+        payload: TxEnvelopeTempo.getSignPayload(transaction, {
+          from: keychainVersion === 'v2' ? root.address : undefined,
+        }),
         privateKey: access.privateKey,
       })
 
@@ -1204,6 +1219,7 @@ describe('behavior: keyAuthorization', () => {
             type: 'p256',
           }),
           type: 'keychain',
+          version: keychainVersion,
         }),
       })
 
@@ -1227,6 +1243,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chainId),
       type: 'p256',
     })
 
@@ -1260,7 +1277,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = await WebCryptoP256.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: keyPair.privateKey,
     })
 
@@ -1274,6 +1293,7 @@ describe('behavior: keyAuthorization', () => {
           type: 'p256',
         }),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 
@@ -1366,7 +1386,9 @@ describe('behavior: keyAuthorization', () => {
       })
 
       const signature = await WebCryptoP256.sign({
-        payload: TxEnvelopeTempo.getSignPayload(transaction),
+        payload: TxEnvelopeTempo.getSignPayload(transaction, {
+          from: keychainVersion === 'v2' ? root.address : undefined,
+        }),
         privateKey: keyPair.privateKey,
       })
 
@@ -1380,6 +1402,7 @@ describe('behavior: keyAuthorization', () => {
             type: 'p256',
           }),
           type: 'keychain',
+          version: keychainVersion,
         }),
       })
 
@@ -1404,6 +1427,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chainId),
       type: 'p256',
       expiry: Math.floor(Date.now() / 1000) + 60 * 60,
       limits: [
@@ -1444,7 +1468,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = P256.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: access.privateKey,
     })
 
@@ -1458,6 +1484,7 @@ describe('behavior: keyAuthorization', () => {
           type: 'p256',
         }),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 
@@ -1498,6 +1525,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chainId),
       type: 'secp256k1',
       limits: [
         {
@@ -1537,7 +1565,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = Secp256k1.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: access.privateKey,
     })
 
@@ -1546,6 +1576,7 @@ describe('behavior: keyAuthorization', () => {
         userAddress: root.address,
         inner: SignatureEnvelope.from(signature),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 
@@ -1586,6 +1617,7 @@ describe('behavior: keyAuthorization', () => {
 
     const keyAuth = KeyAuthorization.from({
       address: access.address,
+      chainId: BigInt(chainId),
       type: 'secp256k1',
       expiry: Math.floor(Date.now() / 1000) + 60 * 60,
     })
@@ -1620,7 +1652,9 @@ describe('behavior: keyAuthorization', () => {
     })
 
     const signature = Secp256k1.sign({
-      payload: TxEnvelopeTempo.getSignPayload(transaction),
+      payload: TxEnvelopeTempo.getSignPayload(transaction, {
+        from: keychainVersion === 'v2' ? root.address : undefined,
+      }),
       privateKey: access.privateKey,
     })
 
@@ -1629,6 +1663,7 @@ describe('behavior: keyAuthorization', () => {
         userAddress: root.address,
         inner: SignatureEnvelope.from(signature),
         type: 'keychain',
+        version: keychainVersion,
       }),
     })
 

package/tempo/index.ts

@@ -120,6 +120,7 @@ export * as PoolId from './PoolId.js'
  * @category Reference
  */
 export * as SignatureEnvelope from './SignatureEnvelope.js'
+
 /**
  * Tempo address encoding/decoding utilities for human-readable addresses.
  *
@@ -132,15 +133,16 @@ export * as SignatureEnvelope from './SignatureEnvelope.js'
  * import { TempoAddress } from 'ox/tempo'
  *
  * const encoded = TempoAddress.format('0x742d35Cc6634C0532925a3b844Bc9e7595f2bD28')
- * // @log: 'tempo1wskntnrxxnq9x2f95wuyf0y7wk2l90fg8zd8djs'
+ * // @log: 'tempo1wskntnrxxnq9x2f95wuyf0y7wk2l90fg0hlz9j'
  *
  * const { address, zoneId } = TempoAddress.parse(encoded)
- * // @log: { address: '0x742d35CC6634c0532925a3B844bc9e7595F2Bd28' }
+ * // @log: { address: '0x742d35CC6634c0532925a3B844bc9e7595F2Bd28', zoneId: undefined }
  * ```
  *
  * @category Reference
  */
 export * as TempoAddress from './TempoAddress.js'
+
 /**
  * Tick-based pricing utilities for DEX price conversions.
  *
@@ -161,6 +163,7 @@ export * as TempoAddress from './TempoAddress.js'
  * @category Reference
  */
 export * as Tick from './Tick.js'
+
 /**
  * TIP-20 token ID utilities for converting between token IDs and addresses.
  *
@@ -182,6 +185,7 @@ export * as Tick from './Tick.js'
  * @category Reference
  */
 export * as TokenId from './TokenId.js'
+
 /**
  * Token role utilities for serializing role identifiers to keccak256 hashes.
  *

package/version.ts

@@ -1,2 +1,2 @@
 /** @internal */
-export const version = '0.13.2'
+export const version = '0.14.0'