tempo.ts 0.7.5 → 0.8.0

package/src/wagmi/Actions/amm.test.ts

@@ -1,8 +1,8 @@
-import { connect } from '@wagmi/core'
+import { connect, getConnectorClient } from '@wagmi/core'
 import { parseUnits } from 'viem'
 import { describe, expect, test } from 'vitest'
 import { addresses } from '../../../test/config.js'
-import { accounts } from '../../../test/viem/config.js'
+import { accounts, setupPoolWithLiquidity } from '../../../test/viem/config.js'
 import { config, queryClient } from '../../../test/wagmi/config.js'
 import * as ammActions from './amm.js'
 import * as tokenActions from './token.js'
@@ -115,3 +115,94 @@ describe('mintSync', () => {
     `)
   })
 })
+
+describe.skip('burnSync', () => {
+  test('default', async () => {
+    await connect(config, {
+      connector: config.connectors[0]!,
+    })
+
+    const client = await getConnectorClient(config)
+    const { tokenAddress } = await setupPoolWithLiquidity(client)
+
+    const account2 = accounts[1]
+
+    // Get LP balance before burn
+    const lpBalanceBefore = await ammActions.getLiquidityBalance(config, {
+      userToken: tokenAddress,
+      validatorToken: addresses.alphaUsd,
+      address: account.address,
+    })
+
+    // TODO(TEMPO-1183): Remove this janky fix to get some user token in the pool
+    await tokenActions.transferSync(config, {
+      to: account2.address,
+      amount: 600n,
+      token: tokenAddress,
+      feeToken: tokenAddress,
+    })
+
+    // Burn half of LP tokens
+    const { receipt: burnReceipt, ...burnResult } = await ammActions.burnSync(
+      config,
+      {
+        userToken: tokenAddress,
+        validatorToken: addresses.alphaUsd,
+        liquidity: lpBalanceBefore / 2n,
+        to: account.address,
+      },
+    )
+    expect(burnReceipt).toBeDefined()
+    expect(burnResult).toMatchInlineSnapshot(`
+      {
+        "amountUserToken": 337n,
+        "amountValidatorToken": 49998664n,
+        "liquidity": 24999500n,
+        "sender": "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266",
+        "to": "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266",
+        "userToken": "0x20c0000000000000000000000000000000000005",
+        "validatorToken": "0x20C0000000000000000000000000000000000001",
+      }
+    `)
+  })
+})
+
+describe.skip('rebalanceSwapSync', () => {
+  test('default', async () => {
+    await connect(config, {
+      connector: config.connectors[0]!,
+    })
+
+    const client = await getConnectorClient(config)
+    const { tokenAddress } = await setupPoolWithLiquidity(client)
+
+    const account2 = accounts[1]
+
+    // TODO(TEMPO-1183): Remove this janky fix to get some user token in the pool
+    await tokenActions.transferSync(config, {
+      to: account2.address,
+      amount: 600n,
+      token: tokenAddress,
+      feeToken: tokenAddress,
+    })
+
+    // Perform rebalance swap
+    const { receipt: swapReceipt, ...swapResult } =
+      await ammActions.rebalanceSwapSync(config, {
+        userToken: tokenAddress,
+        validatorToken: addresses.alphaUsd,
+        amountOut: 100n,
+        to: account2.address,
+      })
+    expect(swapReceipt).toBeDefined()
+    expect(swapResult).toMatchInlineSnapshot(`
+      {
+        "amountIn": 100n,
+        "amountOut": 100n,
+        "swapper": "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266",
+        "userToken": "0x20C0000000000000000000000000000000000006",
+        "validatorToken": "0x20C0000000000000000000000000000000000001",
+      }
+    `)
+  })
+})

package/src/wagmi/Actions/amm.ts

@@ -322,14 +322,9 @@ export declare namespace rebalanceSwapSync {
  * })
  *
  * const hash = await Actions.amm.mint(config, {
- *   userToken: {
- *     address: '0x20c0...beef',
- *     amount: 100n,
- *   },
- *   validatorToken: {
- *     address: '0x20c0...babe',
- *     amount: 100n,
- *   },
+ *   userTokenAddress: '0x20c0...beef',
+ *   validatorTokenAddress: '0x20c0...babe',
+ *   validatorTokenAmount: 100n,
  *   to: '0xfeed...fede',
  * })
  * ```
@@ -382,14 +377,9 @@ export declare namespace mint {
  * })
  *
  * const result = await Actions.amm.mintSync(config, {
- *   userToken: {
- *     address: '0x20c0...beef',
- *     amount: 100n,
- *   },
- *   validatorToken: {
- *     address: '0x20c0...babe',
- *     amount: 100n,
- *   },
+ *   userTokenAddress: '0x20c0...beef',
+ *   validatorTokenAddress: '0x20c0...babe',
+ *   validatorTokenAmount: 100n,
  *   to: '0xfeed...fede',
  * })
  * ```

package/src/wagmi/Connector.test.ts

@@ -40,10 +40,10 @@ test('connect', async (context) => {
   expect(result.current.useAccount.status).toEqual('disconnected')
 
   result.current.useConnect.connect({
+    capabilities: { type: 'sign-up', label: 'Test Account' },
     connector: webAuthn({
       keyManager: KeyManager.localStorage(),
     }),
-    capabilities: { createAccount: { label: 'Test Account' } },
   })
 
   await vi.waitFor(() =>

package/src/wagmi/Connector.ts

@@ -1,5 +1,6 @@
 import * as Address from 'ox/Address'
 import type * as Hex from 'ox/Hex'
+import * as PublicKey from 'ox/PublicKey'
 import {
   createClient,
   type EIP1193Provider,
@@ -9,11 +10,16 @@ import {
 } from 'viem'
 import { generatePrivateKey, privateKeyToAccount } from 'viem/accounts'
 import { ChainNotConfiguredError, createConnector } from 'wagmi'
+import type { OneOf } from '../internal/types.js'
+import * as KeyAuthorization from '../ox/KeyAuthorization.js'
+import * as SignatureEnvelope from '../ox/SignatureEnvelope.js'
 import * as Account from '../viem/Account.js'
 import type * as tempo_Chain from '../viem/Chain.js'
 import { normalizeValue } from '../viem/internal/utils.js'
+import * as Storage from '../viem/Storage.js'
 import { walletNamespaceCompat } from '../viem/Transport.js'
 import * as WebAuthnP256 from '../viem/WebAuthnP256.js'
+import * as WebCryptoP256 from '../viem/WebCryptoP256.js'
 import type * as KeyManager from './KeyManager.js'
 
 type Chain = ReturnType<ReturnType<typeof tempo_Chain.define>>
@@ -35,9 +41,12 @@ export function dangerous_secp256k1(
   type Properties = {
     connect<withCapabilities extends boolean = false>(parameters: {
       capabilities?:
-        | {
-            createAccount?: boolean | undefined
-          }
+        | OneOf<
+            | {
+                type: 'sign-up'
+              }
+            | {}
+          >
         | undefined
       chainId?: number | undefined
       isReconnecting?: boolean | undefined
@@ -75,7 +84,7 @@ export function dangerous_secp256k1(
       const address = await (async () => {
         if (
           'capabilities' in parameters &&
-          parameters.capabilities?.createAccount
+          parameters.capabilities?.type === 'sign-up'
         ) {
           const privateKey = generatePrivateKey()
           const account = privateKeyToAccount(privateKey)
@@ -197,20 +206,28 @@ export declare namespace dangerous_secp256k1 {
  * @returns Connector.
  */
 export function webAuthn(options: webAuthn.Parameters) {
-  let account: Account.Account | undefined
+  let account: Account.RootAccount | undefined
+  let accessKey: Account.AccessKeyAccount | undefined
+
+  const idbStorage = Storage.idb<{
+    [key: `accessKey:${string}`]: WebCryptoP256.createKeyPair.ReturnType
+  }>()
 
   type Properties = {
     connect<withCapabilities extends boolean = false>(parameters: {
       chainId?: number | undefined
       capabilities?:
-        | {
-            createAccount?:
-              | boolean
-              | {
-                  label?: string | undefined
-                }
-              | undefined
-          }
+        | OneOf<
+            | {
+                label?: string | undefined
+                type: 'sign-up'
+              }
+            | {
+                selectAccount?: boolean | undefined
+                type: 'sign-in'
+              }
+            | {}
+          >
         | undefined
       isReconnecting?: boolean | undefined
       withCapabilities?: withCapabilities | boolean | undefined
@@ -234,50 +251,107 @@ export function webAuthn(options: webAuthn.Parameters) {
       account = Account.fromWebAuthnP256(credential)
     },
     async connect(parameters = {}) {
-      account ??= await (async () => {
-        let credential: WebAuthnP256.P256Credential | undefined
+      const { grantAccessKey = false } = options
+      const capabilities =
+        'capabilities' in parameters ? (parameters.capabilities ?? {}) : {}
 
-        if (
-          'capabilities' in parameters &&
-          parameters.capabilities?.createAccount
-        ) {
+      // We are going to need to find:
+      // - a WebAuthn `credential` to instantiate an account
+      // - optionally, a `keyPair` to use as the access key for the account
+      // - optionally, a signed `keyAuthorization` to provision the access key
+      const { credential, keyAuthorization, keyPair } = await (async () => {
+        // If the connection type is of "sign-up", we are going to create a new credential
+        // and provision an access key (if needed).
+        if (capabilities.type === 'sign-up') {
           // Create credential (sign up)
-          const createOptions =
-            typeof parameters.capabilities?.createAccount === 'boolean'
-              ? {}
-              : parameters.capabilities?.createAccount
           const createOptions_remote = await options.keyManager.getChallenge?.()
-          credential = await WebAuthnP256.createCredential({
+          const label =
+            capabilities.label ??
+            options.createOptions?.label ??
+            new Date().toISOString()
+          const rpId =
+            createOptions_remote?.rp?.id ??
+            options.createOptions?.rpId ??
+            options.rpId
+          const credential = await WebAuthnP256.createCredential({
             ...(options.createOptions ?? {}),
-            label:
-              createOptions.label ??
-              options.createOptions?.label ??
-              `Account ${new Date().toISOString().split('T')[0]}`,
-            rpId:
-              createOptions_remote?.rp?.id ??
-              options.createOptions?.rpId ??
-              options.rpId,
+            label,
+            rpId,
             ...(createOptions_remote ?? {}),
           })
           await options.keyManager.setPublicKey({
             credential: credential.raw,
             publicKey: credential.publicKey,
           })
-        } else {
-          // Load credential (log in)
-          credential = (await config.storage?.getItem(
+
+          // Get key pair (access key) to use for the account.
+          const keyPair = await (async () => {
+            if (!grantAccessKey) return undefined
+            return await WebCryptoP256.createKeyPair()
+          })()
+
+          return { credential, keyPair }
+        }
+
+        // If we are not selecting an account, we will check if an active credential is present in
+        // storage and if so, we will use it to instantiate an account.
+        if (!capabilities.selectAccount) {
+          const credential = (await config.storage?.getItem(
             'webAuthn.activeCredential',
-          )) as WebAuthnP256.P256Credential | undefined
+          )) as WebAuthnP256.getCredential.ReturnValue | undefined
 
-          // If no active credential, load (last active, if present) credential from keychain.
-          const lastActiveCredential = await config.storage?.getItem(
-            'webAuthn.lastActiveCredential',
-          )
-          credential ??= await WebAuthnP256.getCredential({
+          if (credential) {
+            // Get key pair (access key) to use for the account.
+            const keyPair = await (async () => {
+              if (!grantAccessKey) return undefined
+              const address = Address.fromPublicKey(
+                PublicKey.fromHex(credential.publicKey),
+              )
+              return await idbStorage.getItem(`accessKey:${address}`)
+            })()
+
+            // If the access key policy is lax, return the credential and key pair (if exists).
+            if (grantAccessKey === 'lax') return { credential, keyPair }
+
+            // If a key pair is found, return the credential and key pair.
+            if (keyPair) return { credential, keyPair }
+
+            // If we are reconnecting, throw an error if not found.
+            if (parameters.isReconnecting)
+              throw new Error('credential not found.')
+
+            // Otherwise, we want to continue to sign up or register against new key pair.
+          }
+        }
+
+        // Discover credential
+        {
+          // Get key pair (access key) to use for the account.
+          const keyPair = await (async () => {
+            if (!grantAccessKey) return undefined
+            return await WebCryptoP256.createKeyPair()
+          })()
+
+          // If we are provisioning an access key, we will need to sign a key authorization.
+          // We will need the hash (digest) to sign, and the address of the access key to construct the key authorization.
+          const { accessKeyAddress, hash } = await (async () => {
+            if (!keyPair)
+              return { accessKeyAddress: undefined, hash: undefined }
+            const accessKeyAddress = Address.fromPublicKey(keyPair.publicKey)
+            const hash = KeyAuthorization.getSignPayload({
+              address: accessKeyAddress,
+              type: 'p256',
+            })
+            return { accessKeyAddress, hash, keyPair }
+          })()
+
+          // If no active credential, we will attempt to load the last active credential from storage.
+          const lastActiveCredential = !capabilities.selectAccount
+            ? await config.storage?.getItem('webAuthn.lastActiveCredential')
+            : undefined
+          const credential = await WebAuthnP256.getCredential({
             ...(options.getOptions ?? {}),
             credentialId: lastActiveCredential?.id,
-            // biome-ignore lint/suspicious/noTsIgnore: _
-            // @ts-ignore
             async getPublicKey(credential) {
               const publicKey = await options.keyManager.getPublicKey({
                 credential,
@@ -285,21 +359,63 @@ export function webAuthn(options: webAuthn.Parameters) {
               if (!publicKey) throw new Error('publicKey not found.')
               return publicKey
             },
+            hash,
             rpId: options.getOptions?.rpId ?? options.rpId,
           })
-        }
 
-        config.storage?.setItem(
-          'webAuthn.activeCredential',
-          normalizeValue(credential),
-        )
-        config.storage?.setItem(
-          'webAuthn.lastActiveCredential',
-          normalizeValue(credential),
-        )
-        return Account.fromWebAuthnP256(credential)
+          const keyAuthorization = accessKeyAddress
+            ? KeyAuthorization.from({
+                address: accessKeyAddress,
+                signature: SignatureEnvelope.from({
+                  metadata: credential.metadata,
+                  signature: credential.signature,
+                  publicKey: PublicKey.fromHex(credential.publicKey),
+                  type: 'webAuthn',
+                }),
+                type: 'p256',
+              })
+            : undefined
+
+          return { credential, keyAuthorization, keyPair }
+        }
       })()
 
+      config.storage?.setItem(
+        'webAuthn.lastActiveCredential',
+        normalizeValue(credential),
+      )
+      config.storage?.setItem(
+        'webAuthn.activeCredential',
+        normalizeValue(credential),
+      )
+
+      account = Account.fromWebAuthnP256(credential, {
+        storage: Storage.from(config.storage as never),
+      })
+
+      if (keyPair) {
+        accessKey = Account.fromWebCryptoP256(keyPair, {
+          access: account,
+          storage: Storage.from(config.storage as never),
+        })
+
+        // If we are not reconnecting, orchestrate the provisioning of the access key.
+        if (!parameters.isReconnecting) {
+          const keyAuth =
+            keyAuthorization ?? (await account.signKeyAuthorization(accessKey))
+
+          await account.storage.setItem('pendingKeyAuthorization', keyAuth)
+          await idbStorage.setItem(
+            `accessKey:${account.address.toLowerCase()}`,
+            keyPair,
+          )
+        }
+        // If we are granting an access key, throw an error if the access key is not provisioned.
+      } else if (grantAccessKey === true) {
+        await config.storage?.removeItem('webAuthn.activeCredential')
+        throw new Error('access key not found')
+      }
+
       const address = getAddress(account.address)
 
       const chainId = parameters.chainId ?? config.chains[0]?.id
@@ -361,7 +477,7 @@ export function webAuthn(options: webAuthn.Parameters) {
       if (!transport) throw new ChainNotConfiguredError()
 
       return createClient({
-        account,
+        account: accessKey ?? account,
         chain: chain as Chain,
         transport: walletNamespaceCompat(transport),
       })
@@ -386,6 +502,20 @@ export namespace webAuthn {
     getOptions?:
       | Pick<WebAuthnP256.getCredential.Parameters, 'getFn' | 'rpId'>
       | undefined
+    /**
+     * Whether or not to grant an access key upon connection.
+     *
+     * - `true`: The account MUST have an access key provisioned.
+     *   On failure, the connection will fail.
+     * - `"lax"`: The account MAY have an access key provisioned.
+     *   On failure, the connection will succeed, but the access key will not be provisioned
+     *   and must be provisioned manually if the user wants to enforce access keys.
+     * - `false`: The account WILL NOT have an access key provisioned. The access key must be
+     *   provisioned manually if the user wants to enforce access keys.
+     *
+     * @default false
+     */
+    grantAccessKey?: boolean | 'lax'
     /** Public key manager. */
     keyManager: KeyManager.KeyManager
     /** The RP ID to use for WebAuthn. */