rise-wallet 0.1.4-beta.1 → 0.2.28

package/src/core/internal/relay/schema/intent.ts

@@ -0,0 +1,174 @@
+/**
+ * Intent.
+ *
+ * @see https://github.com/ithacaxyz/relay/blob/main/src/types/intent.rs
+ */
+
+import * as z from 'zod/mini'
+import * as u from '../../schema/utils.js'
+
+export const Intent = z.union([
+  z.object({
+    combinedGas: u.bigint(),
+    encodedFundTransfers: z.readonly(z.array(u.hex())),
+    encodedPreCalls: z.readonly(z.array(u.hex())),
+    eoa: u.address(),
+    executionData: u.hex(),
+    expiry: u.bigint(),
+    funder: u.address(),
+    funderSignature: u.hex(),
+    isMultichain: z.boolean(),
+    nonce: u.bigint(),
+    payer: u.address(),
+    paymentAmount: u.bigint(),
+    paymentMaxAmount: u.bigint(),
+    paymentRecipient: u.address(),
+    paymentSignature: u.hex(),
+    paymentToken: u.address(),
+    settler: u.address(),
+    settlerContext: u.hex(),
+    signature: u.hex(),
+    supportedAccountImplementation: u.address(),
+  }),
+  z.object({
+    /** The combined gas limit for payment, verification, and calling the EOA. */
+    combinedGas: u.bigint(),
+    /** Only relevant for multi chain intents. */
+    encodedFundTransfers: z.readonly(z.array(u.hex())),
+    /**
+     * Optional array of encoded Intents that will be verified and executed
+     * before the validation of the overall Intent.
+     *
+     * A PreCall will NOT have its gas limit or payment applied.
+     * The overall Intent's gas limit and payment will be applied, encompassing all its PreCalls.
+     * The execution of a PreCall will check and increment the nonce in the PreCall.
+     * If at any point, any PreCall cannot be verified to be correct, or fails in execution,
+     * the overall Intent will revert before validation, and execute will return a non-zero error.
+     * A PreCall can contain PreCalls, forming a tree structure.
+     * The `executionData` tree will be executed in post-order (i.e. left -> right -> current).
+     * The `encodedPreCalls` are included in the EIP712 signature, which enables execution order
+     * to be enforced on-the-fly even if the nonces are from different sequences.
+     */
+    encodedPreCalls: z.readonly(z.array(u.hex())),
+    /** Users address. */
+    eoa: u.address(),
+    /**
+     * An encoded array of calls, using ERC7579 batch execution encoding.
+     *
+     * The format is `abi.encode(calls)`, where `calls` is an array of type `Call[]`.
+     * This allows for more efficient safe forwarding to the EOA.
+     */
+    executionData: u.hex(),
+    /** The expiration time of the intent. */
+    expiry: u.bigint(),
+    /** The funder address. */
+    funder: u.address(),
+    /** The funder's signature. */
+    funderSignature: u.hex(),
+    /** Whether the intent is a multi-chain intent. */
+    isMultichain: z.boolean(),
+    /** Per delegated EOA.
+     *
+     * # Memory layout
+     *
+     * Each nonce has the following memory layout:
+     *
+     *      ,----------------------------------------------------.
+     * bits | 0-191 (192 bits)                | 192-255 (64 bits)|
+     *      |---------------------------------|------------------|
+     * desc | sequence key                    | sequential nonce |
+     *      `----------------.----------------|------------------'
+     *                       |
+     *                       v
+     *      ,-------------------------------------.
+     * bits | 0-15 (16 bits)  | 16-191 (176 bits) |
+     *      |-------------------------------------|
+     * desc | multichain flag | remainder         |
+     *      `-------------------------------------'
+     *
+     * If the upper 16 bits of the sequence key is `0xc1d0`, then the EIP-712 has
+     * of the Intent will exlude the chain ID.
+     *
+     * # Ordering
+     *
+     * Ordering matters within a sequence key, but not between sequence keys.
+     *
+     * This means that users who do not care about the order of specific intents
+     * can sign their intents using a random sequence key. On the other hand, if
+     * they do care about ordering, they would use the same sequence key.
+     */
+    nonce: u.bigint(),
+    /**
+     * The account paying the payment token.
+     * If this is `address(0)`, it defaults to the `eoa`.
+     */
+    payer: u.address(),
+    /**
+     * The payment recipient for the ERC20 token.
+     *
+     * Excluded from signature. The filler can replace this with their own address.
+     *
+     * This enables multiple fillers, allowing for competitive filling, better uptime.
+     * If `address(0)`, the payment will be accrued by the entry point.
+     */
+    paymentRecipient: u.address(),
+    /**
+     * Optional payment signature to be passed into the `compensate` function
+     * on the `payer`. This signature is NOT included in the EIP712 signature.
+     */
+    paymentSignature: u.hex(),
+    /** The ERC20 or native token used to pay for gas. */
+    paymentToken: u.address(),
+    /**
+     * The actual pre payment amount, requested by the filler.
+     * MUST be less than or equal to `prePaymentMaxAmount`.
+     */
+    prePaymentAmount: u.bigint(),
+    /**
+     * The amount of the token to pay, before the call batch is executed.
+     * This will be required to be less than `totalPaymentMaxAmount`.
+     */
+    prePaymentMaxAmount: u.bigint(),
+    /**
+     * The address of the settler.
+     */
+    settler: u.address(),
+    /**
+     * Context data passed to the settler for processing attestations.
+     *
+     * This data is ABI-encoded and contains information needed by the settler
+     * to process the multichain intent (e.g., list of chain IDs).
+     */
+    settlerContext: u.hex(),
+    /**
+     * The actual total payment amount, requested by the filler.
+     * MUST be less than or equal to `totalPaymentMaxAmount`
+     */
+    signature: u.hex(),
+    /**
+     * Optional. If non-zero, the EOA must use `supportedAccountImplementation`.
+     * Otherwise, if left as `address(0)`, any EOA implementation will be supported.
+     * This field is NOT included in the EIP712 signature.
+     */
+    supportedAccountImplementation: u.address(),
+    /**
+     * The wrapped signature.
+     *
+     * The format is `abi.encodePacked(innerSignature, keyHash, prehash)` for most signatures,
+     * except if it is signed by the EOA root key, in which case `abi.encodePacked(r, s, v)` is valid as well.
+     */
+    totalPaymentAmount: u.bigint(),
+    /**
+     * The maximum amount of the token to pay.
+     */
+    totalPaymentMaxAmount: u.bigint(),
+  }),
+])
+export type Intent = z.infer<typeof Intent>
+
+export const Partial = z.object({
+  eoa: u.address(),
+  executionData: u.hex(),
+  nonce: u.bigint(),
+})
+export type Partial = z.infer<typeof Partial>

package/src/core/internal/relay/schema/key.test.ts

@@ -0,0 +1,424 @@
+import { describe, expect, test } from 'vitest'
+import * as z from 'zod/mini'
+import * as u from '../../schema/utils.js'
+import * as Key from './key.js'
+
+describe('Key', () => {
+  test('param: validates required fields', () => {
+    expect(
+      u.toValidationError(z.safeParse(Key.Key, {}).error),
+    ).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 4 errors:
+
+      - at \`expiry\`: Expected template_literal. Needs string in format ^0x[A-Fa-f0-9]+$.
+      - at \`publicKey\`: Expected template_literal. Needs string in format ^0x[A-Fa-f0-9]+$.
+      - at \`role\`: Invalid union value.
+        - Expected "admin"
+        - Expected "normal"
+      - at \`type\`: Invalid union value.
+        - Expected "p256"
+        - Expected "secp256k1"
+        - Expected "webauthnp256"]
+    `,
+    )
+  })
+
+  test('param: validates expiry as number', () => {
+    expect(
+      u.toValidationError(
+        z.safeParse(Key.Key, {
+          expiry: 'invalid',
+          publicKey: '0x1234',
+          role: 'admin',
+          type: 'secp256k1',
+        }).error,
+      ),
+    ).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 1 error:
+
+      - at \`expiry\`: Must match pattern: ^0x[\\s\\S]{0,}$]
+    `,
+    )
+  })
+
+  test('param: validates publicKey as hex', () => {
+    expect(
+      u.toValidationError(
+        z.safeParse(Key.Key, {
+          expiry: '0x499602d2',
+          publicKey: 'invalid-hex',
+          role: 'admin',
+          type: 'secp256k1',
+        }).error,
+      ),
+    ).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 1 error:
+
+      - at \`publicKey\`: Must match pattern: ^0x[\\s\\S]{0,}$]
+    `,
+    )
+  })
+
+  test('param: validates role enum', () => {
+    expect(
+      u.toValidationError(
+        z.safeParse(Key.Key, {
+          expiry: '0x499602d2',
+          publicKey: '0x1234',
+          role: 'invalid',
+          type: 'secp256k1',
+        }).error,
+      ),
+    ).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 1 error:
+
+      - at \`role\`: Invalid union value.
+        - Expected "admin"
+        - Expected "normal"]
+    `,
+    )
+  })
+
+  test('param: validates type enum', () => {
+    expect(
+      u.toValidationError(
+        z.safeParse(Key.Key, {
+          expiry: '0x499602d2',
+          publicKey: '0x1234',
+          role: 'admin',
+          type: 'invalid',
+        }).error,
+      ),
+    ).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 1 error:
+
+      - at \`type\`: Invalid union value.
+        - Expected "p256"
+        - Expected "secp256k1"
+        - Expected "webauthnp256"]
+    `,
+    )
+  })
+
+  test('param: validates prehash as boolean when provided', () => {
+    expect(
+      u.toValidationError(
+        z.safeParse(Key.Key, {
+          expiry: '0x499602d2',
+          prehash: 'invalid',
+          publicKey: '0x1234',
+          role: 'admin',
+          type: 'secp256k1',
+        }).error,
+      ),
+    ).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 1 error:
+
+      - at \`prehash\`: Expected boolean. ]
+    `,
+    )
+  })
+
+  test('behavior: accepts valid key with all required fields', () => {
+    const key = z.parse(Key.Key, {
+      expiry: '0x499602d2',
+      publicKey: '0x1234567890abcdef',
+      role: 'admin',
+      type: 'secp256k1',
+    })
+
+    expect(key).toMatchInlineSnapshot(`
+      {
+        "expiry": 1234567890,
+        "publicKey": "0x1234567890abcdef",
+        "role": "admin",
+        "type": "secp256k1",
+      }
+    `)
+  })
+
+  test('behavior: accepts valid key with optional prehash', () => {
+    const key = u.toValidationError(
+      z.safeParse(Key.Key, {
+        expiry: '0x 499602d2',
+        prehash: true,
+        publicKey: '0x1234567890abcdef',
+        role: 'normal',
+        type: 'p256',
+      }).error,
+    )
+
+    expect(key).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 1 error:
+
+      - at \`expiry\`: Expected number. ]
+    `,
+    )
+  })
+
+  test.each([
+    { role: 'admin', type: 'secp256k1' },
+    { role: 'normal', type: 'p256' },
+    { role: 'admin', type: 'webauthnp256' },
+  ])('behavior: accepts valid role $role and type $type', ({ role, type }) => {
+    const key = z.parse(Key.Key, {
+      expiry: '0x499602d2',
+      publicKey: '0x1234567890abcdef',
+      role,
+      type,
+    })
+
+    expect(key.role).toBe(role)
+    expect(key.type).toBe(type)
+  })
+
+  test('behavior: prehash is optional', () => {
+    const keyWithoutPrehash = z.parse(Key.Key, {
+      expiry: '0x499602d2',
+      publicKey: '0x1234567890abcdef',
+      role: 'admin',
+      type: 'secp256k1',
+    })
+
+    expect(keyWithoutPrehash.prehash).toBeUndefined()
+  })
+
+  test('error: rejects invalid role values', () => {
+    expect(
+      u.toValidationError(
+        z.safeParse(Key.Key, {
+          expiry: '0x499602d2',
+          publicKey: '0x1234567890abcdef',
+          role: 'superuser',
+          type: 'secp256k1',
+        }).error,
+      ),
+    ).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 1 error:
+
+      - at \`role\`: Invalid union value.
+        - Expected "admin"
+        - Expected "normal"]
+    `,
+    )
+  })
+
+  test('error: rejects invalid type values', () => {
+    expect(
+      u.toValidationError(
+        z.safeParse(Key.Key, {
+          expiry: '0x123',
+          publicKey: '0x1234567890abcdef',
+          role: 'admin',
+          type: 'rsa',
+        }).error,
+      ),
+    ).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 1 error:
+
+      - at \`type\`: Invalid union value.
+        - Expected "p256"
+        - Expected "secp256k1"
+        - Expected "webauthnp256"]
+    `,
+    )
+  })
+
+  test('misc: encodes key correctly', () => {
+    const key = {
+      expiry: 1234567890,
+      prehash: true,
+      publicKey: '0x1234567890abcdef',
+      role: 'admin' as const,
+      type: 'secp256k1' as const,
+    } as const
+
+    const encoded = z.encode(Key.Key, key)
+    expect(encoded).toMatchInlineSnapshot(`
+      {
+        "expiry": "0x499602d2",
+        "prehash": true,
+        "publicKey": "0x1234567890abcdef",
+        "role": "admin",
+        "type": "secp256k1",
+      }
+    `)
+  })
+})
+
+describe('WithPermissions', () => {
+  test('param: validates permissions array', () => {
+    expect(
+      u.toValidationError(
+        z.safeParse(Key.WithPermissions, {
+          expiry: '0x499602d2',
+          permissions: 'invalid',
+          publicKey: '0x1234567890abcdef',
+          role: 'admin',
+          type: 'secp256k1',
+        }).error,
+      ),
+    ).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 1 error:
+
+      - at \`permissions\`: Expected array. ]
+    `,
+    )
+  })
+
+  test('param: validates permission objects in array', () => {
+    expect(
+      u.toValidationError(
+        z.safeParse(Key.WithPermissions, {
+          expiry: '0x499602d2',
+          permissions: [{ invalid: 'permission' }],
+          publicKey: '0x1234567890abcdef',
+          role: 'admin',
+          type: 'secp256k1',
+        }).error,
+      ),
+    ).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 1 error:
+
+      - at \`permissions[0]\`: Invalid union value.
+        - at \`selector\`: Expected template_literal. Needs string in format ^0x[A-Fa-f0-9]+$.
+        - at \`to\`: Expected template_literal. Needs string in format ^0x[A-Fa-f0-9]{40}$.
+        - at \`type\`: Expected "call"
+        - at \`limit\`: Expected template_literal. Needs string in format ^0x[A-Fa-f0-9]+$.
+        - at \`period\`: Invalid union value.
+          - Expected "minute"
+          - Expected "hour"
+          - Expected "day"
+          - Expected "week"
+          - Expected "month"
+          - Expected "year"
+        - at \`type\`: Expected "spend"]
+    `,
+    )
+  })
+
+  test('behavior: accepts key with empty permissions array', () => {
+    const keyWithPermissions = z.parse(Key.WithPermissions, {
+      expiry: '0x499602d2',
+      permissions: [],
+      publicKey: '0x1234567890abcdef',
+      role: 'admin',
+      type: 'secp256k1',
+    })
+
+    expect(keyWithPermissions).toMatchInlineSnapshot(`
+      {
+        "expiry": 1234567890,
+        "permissions": [],
+        "publicKey": "0x1234567890abcdef",
+        "role": "admin",
+        "type": "secp256k1",
+      }
+    `)
+  })
+
+  test('behavior: accepts key with valid permissions', () => {
+    const keyWithPermissions = z.parse(Key.WithPermissions, {
+      expiry: '0x499602d2',
+      permissions: [
+        {
+          selector: '0xa9059cbb',
+          to: '0x742d35Cc6634C0532925a3b8D000B4e20200000e',
+          type: 'call',
+        },
+      ],
+      publicKey: '0x1234567890abcdef',
+      role: 'admin',
+      type: 'secp256k1',
+    })
+
+    expect(keyWithPermissions.permissions).toHaveLength(1)
+    expect(keyWithPermissions.permissions[0]).toMatchInlineSnapshot(`
+      {
+        "selector": "0xa9059cbb",
+        "to": "0x742d35Cc6634C0532925a3b8D000B4e20200000e",
+        "type": "call",
+      }
+    `)
+  })
+
+  test('behavior: inherits all Key properties', () => {
+    const keyWithPermissions = z.parse(Key.WithPermissions, {
+      expiry: '0x499602d2',
+      permissions: [],
+      prehash: false,
+      publicKey: '0x1234567890abcdef',
+      role: 'normal',
+      type: 'p256',
+    })
+
+    expect(keyWithPermissions.expiry).toBe(1234567890)
+    expect(keyWithPermissions.publicKey).toBe('0x1234567890abcdef')
+    expect(keyWithPermissions.role).toBe('normal')
+    expect(keyWithPermissions.type).toBe('p256')
+    expect(keyWithPermissions.prehash).toBe(false)
+  })
+
+  test('error: rejects missing permissions field', () => {
+    expect(
+      u.toValidationError(
+        z.safeParse(Key.WithPermissions, {
+          expiry: '0x499602d2',
+          publicKey: '0x1234567890abcdef',
+          role: 'admin',
+          type: 'secp256k1',
+        }).error,
+      ),
+    ).toMatchInlineSnapshot(
+      `
+      [Schema.ValidationError: Validation failed with 1 error:
+
+      - at \`permissions\`: Expected array. ]
+    `,
+    )
+  })
+
+  test('misc: encodes key with permissions correctly', () => {
+    const keyWithPermissions = {
+      expiry: 1234567890,
+      permissions: [
+        {
+          selector: '0xa9059cbb',
+          to: '0x742d35Cc6634C0532925a3b8D000B4e20200000e',
+          type: 'call' as const,
+        },
+      ],
+      publicKey: '0x1234567890abcdef',
+      role: 'admin' as const,
+      type: 'secp256k1' as const,
+    } as const
+
+    const encoded = z.encode(Key.WithPermissions, keyWithPermissions)
+    expect(encoded).toMatchInlineSnapshot(`
+      {
+        "expiry": "0x499602d2",
+        "permissions": [
+          {
+            "selector": "0xa9059cbb",
+            "to": "0x742d35Cc6634C0532925a3b8D000B4e20200000e",
+            "type": "call",
+          },
+        ],
+        "publicKey": "0x1234567890abcdef",
+        "role": "admin",
+        "type": "secp256k1",
+      }
+    `)
+  })
+})

package/src/core/internal/relay/schema/key.ts

@@ -0,0 +1,34 @@
+/**
+ * RPC account key.
+ *
+ * @see https://github.com/ithacaxyz/relay/blob/main/src/types/key.rs
+ */
+
+import * as z from 'zod/mini'
+import * as u from '../../schema/utils.js'
+import * as Permission from './permission.js'
+
+export const Key = z.object({
+  /** The expiry of the key. */
+  expiry: u.number(),
+  /** Whether the digest was prehashed. */
+  prehash: z.optional(z.boolean()),
+  /** Public key. */
+  publicKey: u.hex(),
+  /** Role. */
+  role: z.union([z.literal('admin'), z.literal('normal')]),
+  /** Key type. */
+  type: z.union([
+    z.literal('p256'),
+    z.literal('secp256k1'),
+    z.literal('webauthnp256'),
+  ]),
+})
+export type Key = z.infer<typeof Key>
+
+export const WithPermissions = z.object({
+  ...Key.shape,
+  /** Represents key permissions. */
+  permissions: z.readonly(z.array(Permission.Permission)),
+})
+export type WithPermissions = z.infer<typeof WithPermissions>