ox 0.14.11 → 0.14.13

package/_types/tempo/Period.d.ts

@@ -0,0 +1,78 @@
+/**
+ * Returns the number of seconds in `n` days.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Period } from 'ox/tempo'
+ *
+ * const seconds = Period.days(1) // 86400
+ * ```
+ */
+export declare function days(n: number): number;
+/**
+ * Returns the number of seconds in `n` hours.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Period } from 'ox/tempo'
+ *
+ * const seconds = Period.hours(2) // 7200
+ * ```
+ */
+export declare function hours(n: number): number;
+/**
+ * Returns the number of seconds in `n` minutes.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Period } from 'ox/tempo'
+ *
+ * const seconds = Period.minutes(5) // 300
+ * ```
+ */
+export declare function minutes(n: number): number;
+/**
+ * Returns the number of seconds in `n` months (30 days).
+ *
+ * @example
+ * ```ts twoslash
+ * import { Period } from 'ox/tempo'
+ *
+ * const seconds = Period.months(1) // 2592000
+ * ```
+ */
+export declare function months(n: number): number;
+/**
+ * Returns the number of seconds in `n` seconds.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Period } from 'ox/tempo'
+ *
+ * const seconds = Period.seconds(30) // 30
+ * ```
+ */
+export declare function seconds(n: number): number;
+/**
+ * Returns the number of seconds in `n` weeks.
+ *
+ * @example
+ * ```ts twoslash
+ * import { Period } from 'ox/tempo'
+ *
+ * const seconds = Period.weeks(1) // 604800
+ * ```
+ */
+export declare function weeks(n: number): number;
+/**
+ * Returns the number of seconds in `n` years (365 days).
+ *
+ * @example
+ * ```ts twoslash
+ * import { Period } from 'ox/tempo'
+ *
+ * const seconds = Period.years(1) // 31536000
+ * ```
+ */
+export declare function years(n: number): number;
+//# sourceMappingURL=Period.d.ts.map

package/_types/tempo/Period.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Period.d.ts","sourceRoot":"","sources":["../../tempo/Period.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,wBAAgB,IAAI,CAAC,CAAC,EAAE,MAAM,UAE7B;AAED;;;;;;;;;GASG;AACH,wBAAgB,KAAK,CAAC,CAAC,EAAE,MAAM,UAE9B;AAED;;;;;;;;;GASG;AACH,wBAAgB,OAAO,CAAC,CAAC,EAAE,MAAM,UAEhC;AAED;;;;;;;;;GASG;AACH,wBAAgB,MAAM,CAAC,CAAC,EAAE,MAAM,UAE/B;AAED;;;;;;;;;GASG;AACH,wBAAgB,OAAO,CAAC,CAAC,EAAE,MAAM,UAEhC;AAED;;;;;;;;;GASG;AACH,wBAAgB,KAAK,CAAC,CAAC,EAAE,MAAM,UAE9B;AAED;;;;;;;;;GASG;AACH,wBAAgB,KAAK,CAAC,CAAC,EAAE,MAAM,UAE9B"}

package/_types/tempo/index.d.ts

@@ -73,6 +73,35 @@ export * as AuthorizationTempo from './AuthorizationTempo.js';
  * @category Reference
  */
 export * as KeyAuthorization from './KeyAuthorization.js';
+/**
+ * Utilities for constructing period durations (in seconds) for recurring spending limits.
+ *
+ * Periods define the reset interval for access key spending limits. A spending limit with a
+ * period will reset every `period` seconds. For example, a daily spending limit uses
+ * `Period.days(1)` (86400 seconds).
+ *
+ * @example
+ * ```ts twoslash
+ * import { Value } from 'ox'
+ * import { KeyAuthorization, Period } from 'ox/tempo'
+ *
+ * const authorization = KeyAuthorization.from({
+ *   address: '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c',
+ *   chainId: 4217n,
+ *   type: 'secp256k1',
+ *   limits: [{
+ *     token: '0x20c0000000000000000000000000000000000001',
+ *     limit: Value.from('100', 6),
+ *     period: Period.days(1), // resets daily
+ *   }],
+ * })
+ * ```
+ *
+ * [Access Keys Specification](https://docs.tempo.xyz/protocol/transactions/spec-tempo-transaction#access-keys)
+ *
+ * @category Reference
+ */
+export * as Period from './Period.js';
 /**
  * Pool ID utilities for computing pool identifiers from token pairs.
  *

package/_types/tempo/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../tempo/index.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAEhC,YAAY,EAAE,CAAA;AAEd;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,OAAO,KAAK,kBAAkB,MAAM,yBAAyB,CAAA;AAE7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,OAAO,KAAK,gBAAgB,MAAM,uBAAuB,CAAA;AAEzD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAA;AAErC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,KAAK,iBAAiB,MAAM,wBAAwB,CAAA;AAE3D;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,KAAK,YAAY,MAAM,mBAAmB,CAAA;AAEjD;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAA;AAEjC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,KAAK,OAAO,MAAM,cAAc,CAAA;AAEvC;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,KAAK,SAAS,MAAM,gBAAgB,CAAA;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AACH,OAAO,KAAK,WAAW,MAAM,kBAAkB,CAAA;AAC/C;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,OAAO,KAAK,kBAAkB,MAAM,yBAAyB,CAAA;AAC7D;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,KAAK,kBAAkB,MAAM,yBAAyB,CAAA;AAC7D;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,OAAO,KAAK,eAAe,MAAM,sBAAsB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../tempo/index.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAEhC,YAAY,EAAE,CAAA;AAEd;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,OAAO,KAAK,kBAAkB,MAAM,yBAAyB,CAAA;AAE7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,OAAO,KAAK,gBAAgB,MAAM,uBAAuB,CAAA;AAEzD;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAA;AAErC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAA;AAErC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,KAAK,iBAAiB,MAAM,wBAAwB,CAAA;AAE3D;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,KAAK,YAAY,MAAM,mBAAmB,CAAA;AAEjD;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAA;AAEjC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,KAAK,OAAO,MAAM,cAAc,CAAA;AAEvC;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,KAAK,SAAS,MAAM,gBAAgB,CAAA;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AACH,OAAO,KAAK,WAAW,MAAM,kBAAkB,CAAA;AAC/C;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,OAAO,KAAK,kBAAkB,MAAM,yBAAyB,CAAA;AAC7D;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,KAAK,kBAAkB,MAAM,yBAAyB,CAAA;AAC7D;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,OAAO,KAAK,eAAe,MAAM,sBAAsB,CAAA"}

package/_types/version.d.ts

@@ -1,3 +1,3 @@
 /** @internal */
-export declare const version = "0.14.11";
+export declare const version = "0.14.13";
 //# sourceMappingURL=version.d.ts.map

package/erc8021/Attribution.ts

@@ -58,6 +58,8 @@ export type AttributionSchemaId2 = {
   appCode?: string | undefined
   /** Wallet attribution code. */
   walletCode?: string | undefined
+  /** Service codes identifying additional service providers (e.g., block builders, relayers, solvers). */
+  serviceCodes?: readonly string[] | undefined
   /** Custom code registries keyed by entity type. */
   registries?: AttributionSchemaId2Registries | undefined
   /** Arbitrary metadata key-value pairs. */
@@ -134,7 +136,12 @@ export const ercSuffixSize = /*#__PURE__*/ Hex.size(ercSuffix)
  * @returns The schema ID (0 for canonical registry, 1 for custom registry, 2 for CBOR-encoded).
  */
 export function getSchemaId(attribution: Attribution): SchemaId {
-  if ('appCode' in attribution || 'walletCode' in attribution) return 2
+  if (
+    'appCode' in attribution ||
+    'walletCode' in attribution ||
+    'serviceCodes' in attribution
+  )
+    return 2
   if ('codeRegistry' in attribution) return 1
   return 0
 }
@@ -416,6 +423,7 @@ export declare namespace fromData {
 type Schema2CborMap = {
   a?: string
   w?: string
+  s?: string[]
   r?: {
     a?: { c: string; a: string }
     w?: { c: string; a: string }
@@ -429,6 +437,8 @@ function schema2ToDataSuffix(attribution: AttributionSchemaId2): Hex.Hex {
 
   if (attribution.appCode) cborMap.a = attribution.appCode
   if (attribution.walletCode) cborMap.w = attribution.walletCode
+  if (attribution.serviceCodes && attribution.serviceCodes.length > 0)
+    cborMap.s = [...attribution.serviceCodes]
 
   if (attribution.registries) {
     const r: Schema2CborMap['r'] = {}
@@ -484,6 +494,7 @@ function schema2FromData(data: Hex.Hex): AttributionSchemaId2 | undefined {
 
   if (typeof decoded.a === 'string') result.appCode = decoded.a
   if (typeof decoded.w === 'string') result.walletCode = decoded.w
+  if (Array.isArray(decoded.s)) result.serviceCodes = decoded.s
 
   if (decoded.r) {
     const registries: AttributionSchemaId2Registries = {}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "ox",
   "description": "Ethereum Standard Library",
-  "version": "0.14.11",
+  "version": "0.14.13",
   "main": "./_cjs/index.js",
   "module": "./_esm/index.js",
   "types": "./_types/index.d.ts",
@@ -509,6 +509,11 @@
       "import": "./_esm/tempo/KeyAuthorization.js",
       "default": "./_cjs/tempo/KeyAuthorization.js"
     },
+    "./tempo/Period": {
+      "types": "./_types/tempo/Period.d.ts",
+      "import": "./_esm/tempo/Period.js",
+      "default": "./_cjs/tempo/Period.js"
+    },
     "./tempo/PoolId": {
       "types": "./_types/tempo/PoolId.d.ts",
       "import": "./_esm/tempo/PoolId.js",

package/tempo/KeyAuthorization.test.ts

@@ -9,6 +9,7 @@ import {
 } from 'ox'
 import { describe, expect, test } from 'vitest'
 import * as KeyAuthorization from './KeyAuthorization.js'
+import * as Period from './Period.js'
 import * as SignatureEnvelope from './SignatureEnvelope.js'
 
 const address = '0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c'
@@ -1670,11 +1671,10 @@ describe('toTuple', () => {
     expect(restored.limits?.[0]?.limit).toBe(0n)
   })
 
-  test('zero expiry roundtrips through RLP', () => {
+  test('undefined expiry roundtrips through RLP', () => {
     const authorization = KeyAuthorization.from({
       address,
       chainId: 0n,
-      expiry: 0,
       type: 'secp256k1',
       limits: [
         {
@@ -1709,7 +1709,7 @@ describe('toTuple', () => {
     expect(rlpDecoded).toEqual(authorizationTuple)
 
     const restored = KeyAuthorization.fromTuple(tuple)
-    expect(restored.expiry).toBe(0)
+    expect(restored.expiry).toBeUndefined()
   })
 
   test('hash works with zero spending limit', () => {
@@ -1728,4 +1728,408 @@ describe('toTuple', () => {
 
     expect(() => KeyAuthorization.hash(authorization)).not.toThrow()
   })
+
+  test('periodic spending limit (period > 0)', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      expiry,
+      type: 'secp256k1',
+      limits: [
+        {
+          token,
+          limit: Value.from('10', 6),
+          period: Period.months(1),
+        },
+      ],
+    })
+
+    const tuple = KeyAuthorization.toTuple(authorization)
+
+    expect(tuple).toMatchInlineSnapshot(`
+      [
+        [
+          "0x1",
+          "0x",
+          "0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c",
+          "0x499602d2",
+          [
+            [
+              "0x20c0000000000000000000000000000000000001",
+              "0x989680",
+              "0x278d00",
+            ],
+          ],
+        ],
+      ]
+    `)
+
+    // Roundtrip
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.limits?.[0]?.period).toBe(2592000)
+    expect(restored.limits?.[0]?.limit).toBe(Value.from('10', 6))
+  })
+
+  test('one-time limit omits period from tuple', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      expiry,
+      type: 'secp256k1',
+      limits: [
+        {
+          token,
+          limit: Value.from('10', 6),
+        },
+      ],
+    })
+
+    const tuple = KeyAuthorization.toTuple(authorization)
+    // Canonical 2-field form — no period element
+    const [authTuple] = tuple
+    const limitTuple = (authTuple as any)[4][0]
+    expect(limitTuple).toHaveLength(2)
+  })
+
+  test('mixed one-time and periodic limits', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      expiry,
+      type: 'secp256k1',
+      limits: [
+        {
+          token: '0x20c0000000000000000000000000000000000001',
+          limit: Value.from('10', 6),
+        },
+        {
+          token: '0x20c0000000000000000000000000000000000002',
+          limit: Value.from('100', 6),
+          period: Period.days(1),
+        },
+      ],
+    })
+
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.limits?.[0]?.period).toBeUndefined()
+    expect(restored.limits?.[1]?.period).toBe(86400)
+  })
+
+  test('call scopes: address-only (any selector)', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      type: 'secp256k1',
+      scopes: [
+        {
+          address: '0x1234567890123456789012345678901234567890',
+        },
+      ],
+    })
+
+    const tuple = KeyAuthorization.toTuple(authorization)
+    expect(tuple).toMatchInlineSnapshot(`
+      [
+        [
+          "0x1",
+          "0x",
+          "0xbe95c3f554e9fc85ec51be69a3d807a0d55bcf2c",
+          "0x",
+          [],
+          [
+            [
+              "0x1234567890123456789012345678901234567890",
+              [],
+            ],
+          ],
+        ],
+      ]
+    `)
+
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.scopes).toHaveLength(1)
+    expect(restored.scopes?.[0]?.address).toBe(
+      '0x1234567890123456789012345678901234567890',
+    )
+    expect(restored.scopes?.[0]?.selector).toBeUndefined()
+  })
+
+  test('call scopes: explicit selectors', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      type: 'secp256k1',
+      scopes: [
+        {
+          address: '0x1234567890123456789012345678901234567890',
+          selector: '0xa9059cbb', // transfer
+        },
+        {
+          address: '0x1234567890123456789012345678901234567890',
+          selector: '0x095ea7b3', // approve
+        },
+      ],
+    })
+
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.scopes).toHaveLength(2)
+    expect(restored.scopes?.[0]?.selector).toBe('0xa9059cbb')
+    expect(restored.scopes?.[1]?.selector).toBe('0x095ea7b3')
+    expect(restored.scopes?.[0]?.recipients).toBeUndefined()
+  })
+
+  test('call scopes: selectors with recipients', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      type: 'secp256k1',
+      scopes: [
+        {
+          address: token,
+          selector: '0xa9059cbb',
+          recipients: [
+            '0x1111111111111111111111111111111111111111',
+            '0x2222222222222222222222222222222222222222',
+          ],
+        },
+      ],
+    })
+
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.scopes?.[0]?.recipients).toEqual([
+      '0x1111111111111111111111111111111111111111',
+      '0x2222222222222222222222222222222222222222',
+    ])
+  })
+
+  test('scopes = undefined (unrestricted, omitted from wire)', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      type: 'secp256k1',
+    })
+
+    const tuple = KeyAuthorization.toTuple(authorization)
+    // No scopes field in tuple
+    const [authTuple] = tuple
+    expect((authTuple as unknown as any[]).length).toBe(3) // chainId, type, address
+
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.scopes).toBeUndefined()
+  })
+
+  test('scopes = [] (scoped, no calls allowed)', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      type: 'secp256k1',
+      scopes: [],
+    })
+
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.scopes).toEqual([])
+  })
+
+  test('scopes + limits + expiry combined', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      expiry,
+      type: 'secp256k1',
+      limits: [
+        {
+          token,
+          limit: Value.from('10', 6),
+          period: Period.days(1),
+        },
+      ],
+      scopes: [
+        {
+          address: '0x1234567890123456789012345678901234567890',
+          selector: '0xa9059cbb',
+          recipients: ['0x1111111111111111111111111111111111111111'],
+        },
+      ],
+    })
+
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.expiry).toBe(expiry)
+    expect(restored.limits?.[0]?.period).toBe(86400)
+    expect(restored.scopes?.[0]?.recipients).toEqual([
+      '0x1111111111111111111111111111111111111111',
+    ])
+  })
+
+  test('hash consistency with scopes', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      type: 'secp256k1',
+      scopes: [
+        {
+          address: '0x1234567890123456789012345678901234567890',
+          selector: '0xa9059cbb',
+        },
+      ],
+    })
+
+    const hash1 = KeyAuthorization.hash(authorization)
+    const hash2 = KeyAuthorization.hash(authorization)
+    expect(hash1).toBe(hash2)
+
+    // Different scopes should produce different hash
+    const authorization2 = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      type: 'secp256k1',
+      scopes: [
+        {
+          address: '0x1234567890123456789012345678901234567890',
+          selector: '0x095ea7b3',
+        },
+      ],
+    })
+    expect(KeyAuthorization.hash(authorization2)).not.toBe(hash1)
+  })
+
+  test('call scopes: selector from function signature string', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      type: 'secp256k1',
+      scopes: [
+        {
+          address: '0x1234567890123456789012345678901234567890',
+          selector: 'function transfer(address,uint256)',
+        },
+        {
+          address: '0x1234567890123456789012345678901234567890',
+          selector: 'function approve(address,uint256)',
+        },
+      ],
+    })
+
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.scopes).toHaveLength(2)
+    // transfer(address,uint256) => 0xa9059cbb
+    expect(restored.scopes?.[0]?.selector).toBe('0xa9059cbb')
+    // approve(address,uint256) => 0x095ea7b3
+    expect(restored.scopes?.[1]?.selector).toBe('0x095ea7b3')
+  })
+
+  test('call scopes: selector from signature with recipients', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      type: 'secp256k1',
+      scopes: [
+        {
+          address: token,
+          selector: 'function transfer(address,uint256)',
+          recipients: ['0x1111111111111111111111111111111111111111'],
+        },
+      ],
+    })
+
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.scopes?.[0]?.selector).toBe('0xa9059cbb')
+    expect(restored.scopes?.[0]?.recipients).toEqual([
+      '0x1111111111111111111111111111111111111111',
+    ])
+  })
+
+  test('call scopes: selector from bare signature (no function prefix)', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      type: 'secp256k1',
+      scopes: [
+        {
+          address: '0x1234567890123456789012345678901234567890',
+          selector: 'transfer(address,uint256)',
+        },
+        {
+          address: '0x1234567890123456789012345678901234567890',
+          selector: 'approve(address,uint256)',
+        },
+      ],
+    })
+
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.scopes).toHaveLength(2)
+    expect(restored.scopes?.[0]?.selector).toBe('0xa9059cbb')
+    expect(restored.scopes?.[1]?.selector).toBe('0x095ea7b3')
+  })
+
+  test('call scopes: mixed hex and signature selectors', () => {
+    const authorization = KeyAuthorization.from({
+      address,
+      chainId: 1n,
+      type: 'secp256k1',
+      scopes: [
+        {
+          address: '0x1234567890123456789012345678901234567890',
+          selector: '0xa9059cbb',
+        },
+        {
+          address: '0x1234567890123456789012345678901234567890',
+          selector: 'function approve(address,uint256)',
+        },
+      ],
+    })
+
+    const serialized = KeyAuthorization.serialize(authorization)
+    const restored = KeyAuthorization.deserialize(serialized)
+    expect(restored.scopes?.[0]?.selector).toBe('0xa9059cbb')
+    expect(restored.scopes?.[1]?.selector).toBe('0x095ea7b3')
+  })
+
+  test('toRpc/fromRpc roundtrip with period and scopes', () => {
+    const authorization = KeyAuthorization.from(
+      {
+        address,
+        chainId: 1n,
+        expiry,
+        type: 'secp256k1',
+        limits: [
+          {
+            token,
+            limit: Value.from('10', 6),
+            period: Period.months(1),
+          },
+        ],
+        scopes: [
+          {
+            address: token,
+            selector: '0xa9059cbb',
+            recipients: ['0x1111111111111111111111111111111111111111'],
+          },
+        ],
+      },
+      {
+        signature: SignatureEnvelope.from(signature_secp256k1),
+      },
+    )
+
+    const rpc = KeyAuthorization.toRpc(authorization)
+    const restored = KeyAuthorization.fromRpc(rpc)
+
+    expect(restored.limits?.[0]?.period).toBe(2592000)
+    expect(restored.scopes?.[0]?.address).toBe(token)
+    expect(restored.scopes?.[0]?.selector).toBe('0xa9059cbb')
+    expect(restored.scopes?.[0]?.recipients).toEqual([
+      '0x1111111111111111111111111111111111111111',
+    ])
+  })
 })