diff --git a/packages/test/v0.7/multiTenantSessionAccount.test.ts b/packages/test/v0.7/multiTenantSessionAccount.test.ts index 23d5f859..21b49e8d 100644 --- a/packages/test/v0.7/multiTenantSessionAccount.test.ts +++ b/packages/test/v0.7/multiTenantSessionAccount.test.ts @@ -1,37 +1,21 @@ // @ts-expect-error import { beforeAll, describe, test } from "bun:test" -import { - type KernelAccountClient, - type KernelSmartAccount, - KernelV3AccountAbi -} from "@zerodev/sdk" +import type { KernelAccountClient, KernelSmartAccount } from "@zerodev/sdk" import { getInstallDMAsExecutorCallData } from "@zerodev/session-account" -import { - type BundlerClient, - ENTRYPOINT_ADDRESS_V07, - bundlerActions -} from "permissionless" -import { SmartAccount } from "permissionless/accounts" -import { paymasterActionsEip7677 } from "permissionless/experimental/eip7677/clients/decorators/paymasterActionsEip7677" +import { type BundlerClient, bundlerActions } from "permissionless" import type { ENTRYPOINT_ADDRESS_V07_TYPE } from "permissionless/types/entrypoint" import { type Chain, - type Hex, type PublicClient, type Transport, - concatHex, - encodeAbiParameters, - encodeFunctionData, - parseAbiParameters, - zeroAddress + zeroAddress, + decodeErrorResult, + encodeFunctionData } from "viem" import { generatePrivateKey, privateKeyToAccount } from "viem/accounts" import type { SessionAccount } from "../../../plugins/multi-tenant-session-account" import { dmActionsEip7710 } from "../../../plugins/multi-tenant-session-account/clients" -import { - DMVersionToAddressMap, - ROOT_AUTHORITY -} from "../../../plugins/multi-tenant-session-account/constants" +import { ROOT_AUTHORITY } from "../../../plugins/multi-tenant-session-account/constants" import type { Delegation } from "../../../plugins/multi-tenant-session-account/types" import type { YiSubAccount } from "../../../plugins/yiSubAccount" import { toAllowedTargetsEnforcer } from "../../../plugins/yiSubAccount/enforcers/allowed-targets/toAllowedTargetsEnforcer" @@ -41,9 +25,15 @@ import { getKernelAccountClient, getPublicClient, getSessionAccount, - getSignerToEcdsaKernelAccount, - getZeroDevPaymasterClient + getZeroDevPaymasterClient, + mintToAccount } from "./utils" +import { + ParamCondition, + toAllowedParamsEnforcer +} from "@zerodev/session-account/enforcers" +import { TEST_ERC20Abi } from "../abis/Test_ERC20Abi" +import { Test_ERC20Address } from "../utils" const TEST_TIMEOUT = 1000000 @@ -67,6 +57,22 @@ describe("Yi SubAccount", () => { > let delegations: Delegation[] + const res=decodeErrorResult({ + abi: [ + { + inputs: [ + { + type: "string" + } + ], + name: "Error", + type: "error" + } + ], + data: "0x08c379a000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000033416c6c6f776564506172616d73456e666f726365723a6e6f2d6d61746368696e672d7065726d697373696f6e732d666f756e6400000000000000000000000000" + }) + console.log({res}) + beforeAll(async () => { const ownerPrivateKey = process.env.TEST_PRIVATE_KEY if (!ownerPrivateKey) { @@ -90,65 +96,163 @@ describe("Yi SubAccount", () => { }) bundlerClient = kernelClient.extend(bundlerActions(getEntryPoint())) + }) - const caveat = toAllowedTargetsEnforcer({ - targets: [zeroAddress] - }) - const caveats = [] - const privateSessionKey = generatePrivateKey() - const sessionKeyAccount = privateKeyToAccount(privateSessionKey) - delegations = [ - { - delegator: mainDelegatorAccount.address, - delegate: sessionKeyAccount.address, - authority: ROOT_AUTHORITY, - caveats, - salt: 0n, - signature: "0x" - } - ] + test( + "Send a sudo tx without caveat from kernelAccount through sessionAccount", + async () => { + const caveats = [] + const privateSessionKey = generatePrivateKey() + const sessionKeyAccount = privateKeyToAccount(privateSessionKey) + delegations = [ + { + delegator: mainDelegatorAccount.address, + delegate: sessionKeyAccount.address, + authority: ROOT_AUTHORITY, + caveats, + salt: 0n, + signature: "0x" + } + ] - const kernelClientDM = kernelClient.extend( - dmActionsEip7710< - ENTRYPOINT_ADDRESS_V07_TYPE, - KernelSmartAccount - >() - ) + const kernelClientDM = kernelClient.extend( + dmActionsEip7710< + ENTRYPOINT_ADDRESS_V07_TYPE, + KernelSmartAccount + >() + ) - const mainDeleGatorSignature = await kernelClientDM.signDelegation({ - delegation: delegations[0] - }) - console.log({ mainDeleGatorSignature }) - delegations[0].signature = mainDeleGatorSignature - const initCode = await mainDelegatorAccount.getInitCode() - sessionAccount = await getSessionAccount( - delegations, - privateSessionKey, - initCode - ) - sessionAccountClient = await getKernelAccountClient({ - // @ts-ignore: fix return type error - account: sessionAccount, - middleware: { - sponsorUserOperation: async ({ userOperation }) => { - const zeroDevPaymaster = getZeroDevPaymasterClient() - return zeroDevPaymaster.sponsorUserOperation({ - userOperation, - entryPoint: getEntryPoint() - }) + const mainDeleGatorSignature = await kernelClientDM.signDelegation({ + delegation: delegations[0] + }) + console.log({ mainDeleGatorSignature }) + delegations[0].signature = mainDeleGatorSignature + const initCode = await mainDelegatorAccount.getInitCode() + sessionAccount = await getSessionAccount( + delegations, + privateSessionKey, + initCode + ) + sessionAccountClient = await getKernelAccountClient({ + // @ts-ignore: fix return type error + account: sessionAccount, + middleware: { + sponsorUserOperation: async ({ userOperation }) => { + const zeroDevPaymaster = getZeroDevPaymasterClient() + return zeroDevPaymaster.sponsorUserOperation({ + userOperation, + entryPoint: getEntryPoint() + }) + } } - } - }) - }) + }) + const userOpHash = await sessionAccountClient.sendUserOperation({ + userOperation: { + callData: await sessionAccount.encodeCallData({ + to: zeroAddress, + data: "0x", + value: 0n + }), + preVerificationGas: 84700n, + callGasLimit: 1273781n, + verificationGasLimit: 726789n + } + }) + const receipt = await bundlerClient.waitForUserOperationReceipt({ + hash: userOpHash + }) + console.log( + "transactionHash", + `https://sepolia.etherscan.io/tx/${receipt.receipt.transactionHash}` + ) + }, + TEST_TIMEOUT + ) test( - "Send tx from subAccount through sessionAccount", + "Send tx with allowedParams caveats from kernelAccount through sessionAccount", async () => { + const privateSessionKey = generatePrivateKey() + const sessionKeyAccount = privateKeyToAccount(privateSessionKey) + const allowedParamsCaveat = toAllowedParamsEnforcer({ + permissions: [ + { + abi: TEST_ERC20Abi, + target: Test_ERC20Address, + functionName: "transfer", + args: [ + { + condition: ParamCondition.EQUAL, + value: sessionKeyAccount.address + }, + null + ] + } + ] + }) + const caveats = [allowedParamsCaveat] + + delegations = [ + { + delegator: mainDelegatorAccount.address, + delegate: sessionKeyAccount.address, + authority: ROOT_AUTHORITY, + caveats, + salt: 0n, + signature: "0x" + } + ] + + const kernelClientDM = kernelClient.extend( + dmActionsEip7710< + ENTRYPOINT_ADDRESS_V07_TYPE, + KernelSmartAccount + >() + ) + + const mainDeleGatorSignature = await kernelClientDM.signDelegation({ + delegation: delegations[0] + }) + console.log({ mainDeleGatorSignature }) + delegations[0].signature = mainDeleGatorSignature + const initCode = await mainDelegatorAccount.getInitCode() + sessionAccount = await getSessionAccount( + delegations, + privateSessionKey, + initCode + ) + sessionAccountClient = await getKernelAccountClient({ + // @ts-ignore: fix return type error + account: sessionAccount, + middleware: { + sponsorUserOperation: async ({ userOperation }) => { + const zeroDevPaymaster = getZeroDevPaymasterClient() + return zeroDevPaymaster.sponsorUserOperation({ + userOperation, + entryPoint: getEntryPoint() + }) + } + } + }) + + await mintToAccount( + kernelClient.account.client as PublicClient, + kernelClient, + kernelClient.account.address, + 100000000n + ) + + const amountToTransfer = 10000n + const transferData = encodeFunctionData({ + abi: TEST_ERC20Abi, + functionName: "transfer", + args: [sessionKeyAccount.address, amountToTransfer] + }) const userOpHash = await sessionAccountClient.sendUserOperation({ userOperation: { callData: await sessionAccount.encodeCallData({ - to: zeroAddress, - data: "0x", + to: Test_ERC20Address, + data: transferData, value: 0n }), preVerificationGas: 84700n, diff --git a/packages/test/v0.7/utils.ts b/packages/test/v0.7/utils.ts index 31eb73a8..e2f858f4 100644 --- a/packages/test/v0.7/utils.ts +++ b/packages/test/v0.7/utils.ts @@ -275,12 +275,12 @@ export const getSessionAccount = async ( privateKey: Hex, delegatorInitCode?: Hex ) => { - const sessionKeyAccount = privateKeyToAccount(privateKey) + const sessionKeySigner = privateKeyToAccount(privateKey) const publicClient = await getPublicClient() return createSessionAccount(publicClient, { entryPoint: getEntryPoint(), - sessionKeyAccount, + sessionKeySigner, delegations, delegatorInitCode }) diff --git a/plugins/multi-tenant-session-account/account/createSessionAccount.ts b/plugins/multi-tenant-session-account/account/createSessionAccount.ts index 6cac3833..d197ed68 100644 --- a/plugins/multi-tenant-session-account/account/createSessionAccount.ts +++ b/plugins/multi-tenant-session-account/account/createSessionAccount.ts @@ -58,7 +58,7 @@ export type CreateSessionAccountParameters< TAddress extends Address = Address > = { entryPoint: entryPoint - sessionKeyAccount: SmartAccountSigner + sessionKeySigner: SmartAccountSigner delegations: Delegation[] multiTenantSessionAccountAddress?: Address delegatorInitCode?: Hex @@ -75,14 +75,14 @@ export async function createSessionAccount< { entryPoint: entryPointAddress, delegations, - sessionKeyAccount, + sessionKeySigner, multiTenantSessionAccountAddress: accountAddress = MULTI_TENANT_SESSION_ACCOUNT_ADDRESS, delegatorInitCode = "0x" }: CreateSessionAccountParameters ): Promise> { const viemSigner: LocalAccount = { - ...sessionKeyAccount, + ...sessionKeySigner, signTransaction: (_, __) => { throw new SignTransactionNotSupportedBySmartAccount() } diff --git a/plugins/multi-tenant-session-account/enforcers/allowed-params/constants.ts b/plugins/multi-tenant-session-account/enforcers/allowed-params/constants.ts new file mode 100644 index 00000000..f130bd61 --- /dev/null +++ b/plugins/multi-tenant-session-account/enforcers/allowed-params/constants.ts @@ -0,0 +1,18 @@ +export enum CallType { + CALL = "0x00", + BATCH_CALL = "0x01", + DELEGATE_CALL = "0xff" +} + +export enum ParamCondition { + EQUAL = 0, + GREATER_THAN = 1, + LESS_THAN = 2, + GREATER_THAN_OR_EQUAL = 3, + LESS_THAN_OR_EQUAL = 4, + NOT_EQUAL = 5, + ONE_OF = 6 +} + +export const AllowedParamsEnforcerAddress = + "0x54F1f6aAe77D2E3feA4c40A7d99E4aDcEFa00c79" diff --git a/plugins/multi-tenant-session-account/enforcers/allowed-params/index.ts b/plugins/multi-tenant-session-account/enforcers/allowed-params/index.ts new file mode 100644 index 00000000..f192a60f --- /dev/null +++ b/plugins/multi-tenant-session-account/enforcers/allowed-params/index.ts @@ -0,0 +1,4 @@ +export * from "./toAllowedParamsEnforcer.js" +export * from "./utils.js" +export type * from "./types.js" +export * from "./constants.js" diff --git a/plugins/multi-tenant-session-account/enforcers/allowed-params/toAllowedParamsEnforcer.ts b/plugins/multi-tenant-session-account/enforcers/allowed-params/toAllowedParamsEnforcer.ts new file mode 100644 index 00000000..dce00a97 --- /dev/null +++ b/plugins/multi-tenant-session-account/enforcers/allowed-params/toAllowedParamsEnforcer.ts @@ -0,0 +1,47 @@ +import { type Address, type Abi, pad } from "viem" +import type { Caveat } from "../../types.js" +import type { Permission } from "./types.js" +import { encodePermissionData, getPermissionFromABI } from "./utils.js" +import { AllowedParamsEnforcerAddress, CallType } from "./constants.js" + +export type AllowedParamsEnforcerParams< + TAbi extends Abi | readonly unknown[], + TFunctionName extends string | undefined = string +> = { + permissions?: Permission[] + enforcerAddress?: Address +} + +export function toAllowedParamsEnforcer< + TAbi extends Abi | readonly unknown[], + TFunctionName extends string | undefined = string +>({ + permissions, + enforcerAddress = AllowedParamsEnforcerAddress +}: AllowedParamsEnforcerParams): Caveat { + const generatedPermissionParams = permissions?.map((perm) => + getPermissionFromABI({ + abi: perm.abi as Abi, + functionName: perm.functionName as string, + args: perm.args as [] + }) + ) + + permissions = + permissions?.map((perm, index) => ({ + ...perm, + callType: perm.callType ?? CallType.CALL, + selector: + perm.selector ?? + generatedPermissionParams?.[index]?.selector ?? + pad("0x", { size: 4 }), + rules: perm.rules ?? generatedPermissionParams?.[index]?.rules ?? [] + })) ?? [] + + const encodedPermissionData = encodePermissionData(permissions) + return { + enforcer: enforcerAddress, + terms: encodedPermissionData, + args: "0x" + } +} diff --git a/plugins/multi-tenant-session-account/enforcers/allowed-params/types.ts b/plugins/multi-tenant-session-account/enforcers/allowed-params/types.ts new file mode 100644 index 00000000..9ee72163 --- /dev/null +++ b/plugins/multi-tenant-session-account/enforcers/allowed-params/types.ts @@ -0,0 +1,116 @@ +import type { ExtractAbiFunction, ExtractAbiFunctionNames } from "abitype" +import type { + Abi, + AbiFunction, + AbiParameter, + AbiParameterKind, + AbiParameterToPrimitiveType, + AbiStateMutability, + Address, + Hex, + Narrow +} from "viem" +import type { CallType, ParamCondition } from "./constants.js" + +export interface ParamRule { + condition: ParamCondition + offset: number + params: Hex | Hex[] +} + +export type PermissionCore = { + callType?: CallType + target: Address + selector?: Hex + rules?: ParamRule[] +} + +export type InferFunctionName< + TAbi extends Abi | readonly unknown[] = Abi, + TFunctionName extends string | undefined = string, + TAbiStateMutability extends AbiStateMutability = AbiStateMutability +> = TAbi extends Abi + ? ExtractAbiFunctionNames< + TAbi, + TAbiStateMutability + > extends infer AbiFunctionNames + ? + | AbiFunctionNames + | (TFunctionName extends AbiFunctionNames ? TFunctionName : never) + | (Abi extends TAbi ? string : never) + : never + : TFunctionName + +export type GetFunctionArgs< + TAbi extends Abi | readonly unknown[], + TFunctionName extends string, + TAbiFunction extends AbiFunction = TAbi extends Abi + ? ExtractAbiFunction + : AbiFunction, + TArgs = CombinedArgs, + FailedToParseArgs = + | ([TArgs] extends [never] ? true : false) + | (readonly unknown[] extends TArgs ? true : false) +> = true extends FailedToParseArgs + ? { + args?: readonly unknown[] + } + : TArgs extends readonly [] + ? { args?: never } + : { + args?: TArgs + } + +export type Permission< + TAbi extends Abi | readonly unknown[], + TFunctionName extends string | undefined = string, + _FunctionName = TAbi extends Abi + ? InferFunctionName + : never +> = PermissionCore & { + functionName?: _FunctionName +} & (TFunctionName extends string + ? { abi?: Narrow } & GetFunctionArgs + : _FunctionName extends string + ? { abi?: [Narrow] } & GetFunctionArgs< + TAbi, + _FunctionName + > + : never) + +type ConditionValue< + TAbiParameter extends AbiParameter, + TAbiParameterKind extends AbiParameterKind +> = + | { + condition: ParamCondition.ONE_OF + value: AbiParameterToPrimitiveType[] + } + | { + condition: Exclude + value: AbiParameterToPrimitiveType + } + +export type CombinedArgs< + TAbiParameters extends readonly AbiParameter[], + TAbiParameterKind extends AbiParameterKind = AbiParameterKind +> = { + [K in keyof TAbiParameters]: ConditionValue< + TAbiParameters[K], + TAbiParameterKind + > | null +} + +export type GeneratePermissionFromArgsParameters< + TAbi extends Abi | readonly unknown[], + TFunctionName extends string | undefined = string, + _FunctionName = TAbi extends Abi + ? InferFunctionName + : never +> = { + functionName?: _FunctionName +} & (TFunctionName extends string + ? { abi: Narrow } & GetFunctionArgs + : _FunctionName extends string + ? { abi: [Narrow] } & GetFunctionArgs + : never) diff --git a/plugins/multi-tenant-session-account/enforcers/allowed-params/utils.ts b/plugins/multi-tenant-session-account/enforcers/allowed-params/utils.ts new file mode 100644 index 00000000..99788af9 --- /dev/null +++ b/plugins/multi-tenant-session-account/enforcers/allowed-params/utils.ts @@ -0,0 +1,134 @@ +import { + type Abi, + type AbiFunction, + type GetAbiItemParameters, + type Hex, + encodeAbiParameters, + getAbiItem, + isHex, + pad, + toFunctionSelector, + toHex +} from "viem" +import type { + CombinedArgs, + ParamRule, + PermissionCore, + GeneratePermissionFromArgsParameters +} from "./types.js" +import { ParamCondition } from "./constants.js" + +export function getPermissionFromABI< + TAbi extends Abi | readonly unknown[], + TFunctionName extends string | undefined = string +>({ + abi, + args, + functionName +}: GeneratePermissionFromArgsParameters): Pick< + PermissionCore, + "selector" | "rules" +> { + if (!abi || !functionName) { + return { + selector: undefined, + rules: undefined + } + } + const abiItem = getAbiItem({ + abi, + args, + name: functionName + } as GetAbiItemParameters) + if (abiItem?.type !== "function") { + throw Error(`${functionName} not found in abi`) + } + const functionSelector = toFunctionSelector(abiItem) + let paramRules: ParamRule[] = [] + if (args && Array.isArray(args)) { + paramRules = (args as CombinedArgs) + .map((arg, i) => { + if (!arg) return null + + let params: Hex[] + if (arg.condition === ParamCondition.ONE_OF) { + params = arg.value.map((value) => + pad( + isHex(value) + ? value + : toHex(value as Parameters[0]), + { size: 32 } + ) + ) + } else { + params = [ + pad( + isHex(arg.value) + ? arg.value + : toHex( + arg.value as Parameters[0] + ), + { size: 32 } + ) + ] + } + return { + params, + offset: i * 32, + condition: arg.condition + } + }) + .filter((rule) => rule) as ParamRule[] + } + return { + selector: functionSelector, + rules: paramRules + } +} + +export const encodePermissionData = ( + permission: PermissionCore | PermissionCore[] +): Hex => { + const permissionParam = { + components: [ + { + internalType: "enum CallType", + name: "callType", + type: "bytes1" + }, + { + name: "target", + type: "address" + }, + { + name: "selector", + type: "bytes4" + }, + { + components: [ + { + internalType: "enum ParamCondition", + name: "condition", + type: "uint8" + }, + { + name: "offset", + type: "uint64" + }, + { + name: "params", + type: "bytes32[]" + } + ], + name: "rules", + type: "tuple[]" + } + ], + name: "permission", + type: "tuple[]" + } + const params = [permissionParam] + const values = [permission] + + return encodeAbiParameters(params, values) +} diff --git a/plugins/multi-tenant-session-account/enforcers/index.ts b/plugins/multi-tenant-session-account/enforcers/index.ts index ab5b041d..003abedb 100644 --- a/plugins/multi-tenant-session-account/enforcers/index.ts +++ b/plugins/multi-tenant-session-account/enforcers/index.ts @@ -3,3 +3,4 @@ export { type AllowedTargetsEnforcerParams, toAllowedTargetsEnforcer } from "./allowed-targets/toAllowedTargetsEnforcer.js" +export * from "./allowed-params/index.js" diff --git a/plugins/multi-tenant-session-account/package.json b/plugins/multi-tenant-session-account/package.json index a4342eb5..81a77669 100644 --- a/plugins/multi-tenant-session-account/package.json +++ b/plugins/multi-tenant-session-account/package.json @@ -1,6 +1,6 @@ { "name": "@zerodev/session-account", - "version": "5.3.0-alpha-6", + "version": "5.3.0-alpha-7", "author": "ZeroDev", "main": "./_cjs/index.js", "module": "./_esm/index.js", diff --git a/wallet/KernelEIP1193Provider.ts b/wallet/KernelEIP1193Provider.ts index 3cc18669..14cdd112 100644 --- a/wallet/KernelEIP1193Provider.ts +++ b/wallet/KernelEIP1193Provider.ts @@ -59,7 +59,7 @@ import type { SendCallsResult, SessionType } from "./types" -import { validatePermissions } from "./utils/permissions" +import { getCaveats, validatePermissions } from "./utils/permissions" import { KernelLocalStorage } from "./utils/storage" const WALLET_CAPABILITIES_STORAGE_KEY = "WALLET_CAPABILITIES" @@ -306,7 +306,7 @@ export class KernelEIP1193Provider< toHex(accountChainId) ]?.find((session) => session.sessionId === sessionId) if (session && this.kernelClient?.account?.client) { - const sessionSigner = privateKeyToAccount(session.signerPrivateKey) + const sessionKeySigner = privateKeyToAccount(session.signerPrivateKey) const [delegations, delegatorInitCode] = decodeAbiParameters( [getDelegationTupleType(true), { type: "bytes" }], @@ -320,7 +320,7 @@ export class KernelEIP1193Provider< >, { entryPoint: this.kernelClient.account.entryPoint, - sessionKeyAccount: sessionSigner, + sessionKeySigner, delegations: delegations as Delegation[], delegatorInitCode } @@ -424,7 +424,7 @@ export class KernelEIP1193Provider< .permissions.permissionTypes validatePermissions(params[0], capabilities) - // const policies = getPolicies(params[0]) + const caveats = getCaveats(params[0]) const permissions = params[0].permissions // signer @@ -444,7 +444,7 @@ export class KernelEIP1193Provider< delegator: this.kernelClient.account.address, delegate: sessionKeySigner.address, authority: ROOT_AUTHORITY, - caveats: [], + caveats, salt: 0n, signature: "0x" } diff --git a/wallet/package.json b/wallet/package.json index 8b7f075a..b8f74285 100644 --- a/wallet/package.json +++ b/wallet/package.json @@ -1,6 +1,6 @@ { "name": "@zerodev/wallet", - "version": "0.2.0-alpha-7", + "version": "0.2.0-alpha-8", "author": "ZeroDev", "main": "./_cjs/index.js", "module": "./_esm/index.js", @@ -39,7 +39,7 @@ "@zerodev/passkey-validator": "^5.3.4", "@zerodev/permissions": "^5.3.1", "@zerodev/sdk": "^5.3.2", - "@zerodev/session-account": "^5.3.0-alpha-6" + "@zerodev/session-account": "^5.3.0-alpha-7" }, "peerDependencies": { "wagmi": "^2.9.0", diff --git a/wallet/utils/permissions.ts b/wallet/utils/permissions.ts index 3141d74b..9e1ec8f1 100644 --- a/wallet/utils/permissions.ts +++ b/wallet/utils/permissions.ts @@ -11,6 +11,8 @@ import { import type { Policy } from "@zerodev/permissions/types" import { type Address, toHex } from "viem" import type { GrantPermissionsParams, Permission, SessionType } from "../types" +import type { Caveat } from "@zerodev/session-account" +import { toAllowedParamsEnforcer } from "@zerodev/session-account/enforcers" export const validatePermissions = ( permissionsParams: GrantPermissionsParams, @@ -88,6 +90,34 @@ export const getPolicies = ( return policies } +export const getPermissionCaveat = (permission: Permission): Caveat[] => { + const caveats: Caveat[] = [] + switch (permission.type) { + case "sudo": + break + case "contract-call": + caveats.push( + toAllowedParamsEnforcer({ + ...permission.data + }) + ) + break + default: + break + } + + return caveats +} +export const getCaveats = ( + permissionsParams: GrantPermissionsParams +): Caveat[] => { + const caveats = permissionsParams.permissions.flatMap((permission) => + getPermissionCaveat(permission) + ) + + return caveats +} + export const isSessionValid = ( sessionId: `0x${string}` | undefined, permission: SessionType | undefined,