Session key module

.github/workflows/ci.yml

@@ -8,7 +8,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  contracts:
+  e2e:
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -40,13 +40,9 @@ jobs:
     - name: Build SDK
       run: pnpm nx build sdk
 
-    # Build contracts and generate types
-    - name: Build contracts
-      run: pnpm nx build contracts
-
-    # Run contract tests
-    - name: Run contract test
-      run: pnpm nx test contracts
+    # Deploy contracts
+    - name: Deploy contracts
+      run: pnpm nx deploy contracts
 
     # Run E2E tests
     - name: Install Playwright Browsers
@@ -60,3 +56,41 @@ jobs:
         name: playwright-report
         path: packages/demo-app/playwright-report/
         retention-days: 3
+
+
+  contracts:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+
+    # Start node
+    - name: Era Test Node Action
+      uses: dutterbutter/era-test-node-action@36ffd2eefd46dc16e7e2a8e1715124400ec0a3ba # v1
+
+    # Setup pnpm
+    - name: Setup pnpm
+      uses: pnpm/action-setup@v4
+      with:
+        version: 9.11.0
+
+    - name: Use Node.js
+      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4
+      with:
+        node-version: lts/Iron
+        cache: 'pnpm'
+
+    # Install dependencies for contracts/gateway/sdk
+    - name: Install dependencies
+      run: pnpm install -r --frozen-lockfile
+
+    # Build contracts and generate types
+    - name: Build contracts
+      run: pnpm nx build contracts
+
+    # Run contract tests
+    - name: Run contract test
+      run: pnpm nx test contracts
+

docs/sdk/client/README.md

@@ -24,24 +24,18 @@ development principles in mind.
 2. Deploy the account
 
    ```ts
-   import { generatePrivateKey, privateKeyToAccount } from "viem";
+   import { generatePrivateKey, privateKeyToAddress } from "viem";
    import { deployAccount } from "zksync-account/client";
 
    const deployerClient = ...; // Any client for deploying the account, make sure it has enough balance to cover the deployment cost
-   const sessionKey = generatePrivateKey();
-   const sessionPublicKey = privateKeyToAccount(sessionKey.value).address;
+   const sessionPrivateKey = generatePrivateKey();
+   const sessionKey = privateKeyToAddress(sessionPrivateKey.value);
 
    const { address } = await deployAccount(deployerClient, {
       credentialPublicKey,
-      initialSessions: [
-         {
-            sessionPublicKey,
-            expiresAt: (new Date(Date.now() + 1000 * 60 * 60 * 24)).toISOString(), // 1 day expiry
-            spendLimit: {
-               [Token.address]: "1000",
-            },
-         },
-      ],
+      // You can either create a session during deployment by passing a spec
+      // here, or create it later using `createSession` -- see step 4.
+      // initialSession: { ... },
       contracts,
    });
    ```
@@ -73,9 +67,17 @@ development principles in mind.
 4. Activating session key
 
    ```ts
-   await passkeyClient.addSessionKey({
-     sessionPublicKey,
-     token: Token.address, // Address of the token
-     expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24).toISOString(), // 1 day expiry
+   await passkeyClient.createSession({
+     session: {
+       sessionKey,
+       expiry: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 7, // 1 week
+       feeLimit: { limit: parseEther("0.01") },
+       transferPolicies: [
+         {
+           target: transferTarget.address,
+           maxValuePerUse: parseEther("0.1"),
+         },
+       ],
+     },
    });
    ```

packages/contracts/src/ClaveAccount.sol

@@ -103,13 +103,14 @@ contract ClaveAccount is
     bytes32 suggestedSignedHash,
     Transaction calldata transaction
   ) external payable override onlyBootloader returns (bytes4 magic) {
+    // FIXME session txs have their own nonce managers,
+    // so they have to not alter this nonce
     _incrementNonce(transaction.nonce);
 
     // The fact there is enough balance for the account
     // should be checked explicitly to prevent user paying for fee for a
     // transaction that wouldn't be included on Ethereum.
     if (transaction.totalRequiredBalance() > address(this).balance) {
-      Logger.logString("revert Errors.INSUFFICIENT_FUNDS()");
       revert Errors.INSUFFICIENT_FUNDS();
     }
 
@@ -209,13 +210,10 @@ contract ClaveAccount is
     bytes32 signedHash,
     Transaction calldata transaction
   ) internal returns (bytes4 magicValue) {
-    Logger.logString("_validateTransaction");
     if (transaction.signature.length == 65) {
-      Logger.logString("transaction.signature.length == 65");
       (address signer, ) = ECDSA.tryRecover(signedHash, transaction.signature);
-      Logger.logString("recovered signer");
+      Logger.logString("recovered EOA signer");
       Logger.logAddress(signer);
-      // gas estimation?
       if (signer == address(0)) {
         return bytes4(0);
       }

packages/contracts/src/interfaces/IValidatorManager.sol

@@ -18,6 +18,12 @@ interface IValidatorManager {
    */
   event K1AddValidator(address indexed validator);
 
+  /**
+   * @notice Event emitted when a modular validator is added
+   * @param validator address - Address of the added modular validator
+   */
+  event AddModuleValidator(address indexed validator);
+
   /**
    * @notice Event emitted when a r1 validator is removed
    * @param validator address - Address of the removed r1 validator
@@ -30,6 +36,12 @@ interface IValidatorManager {
    */
   event K1RemoveValidator(address indexed validator);
 
+  /**
+   * @notice Event emitted when a modular validator is removed
+   * @param validator address - Address of the removed modular validator
+   */
+  event RemoveModuleValidator(address indexed validator);
+
   /**
    * @notice Adds a validator to the list of r1 validators
    * @dev Can only be called by self or a whitelisted module
@@ -67,6 +79,13 @@ interface IValidatorManager {
    */
   function k1RemoveValidator(address validator) external;
 
+  /**
+   * @notice Removes a validator from the list of modular validators
+   * @dev Can only be called by self or a whitelisted module
+   * @param validator address - Address of the validator to remove
+   */
+  function removeModuleValidator(address validator) external;
+
   /**
    * @notice Checks if an address is in the r1 validator list
    * @param validator address -Address of the validator to check
@@ -81,6 +100,13 @@ interface IValidatorManager {
    */
   function k1IsValidator(address validator) external view returns (bool);
 
+  /**
+   * @notice Checks if an address is in the modular validator list
+   * @param validator address - Address of the validator to check
+   * @return True if the address is a validator, false otherwise
+   */
+  function isModuleValidator(address validator) external view returns (bool);
+
   /**
    * @notice Returns the list of r1 validators
    * @return validatorList address[] memory - Array of r1 validator addresses
@@ -92,4 +118,10 @@ interface IValidatorManager {
    * @return validatorList address[] memory - Array of k1 validator addresses
    */
   function k1ListValidators() external view returns (address[] memory validatorList);
+
+  /**
+   * @notice Returns the list of modular validators
+   * @return validatorList address[] memory - Array of modular validator addresses
+   */
+  function listModuleValidators() external view returns (address[] memory validatorList);
 }

packages/contracts/src/managers/ModuleManager.sol

@@ -15,8 +15,6 @@ import { IModuleManager } from "../interfaces/IModuleManager.sol";
 import { IUserOpValidator } from "../interfaces/IERC7579Validator.sol";
 import { IERC7579Module, IExecutor } from "../interfaces/IERC7579Module.sol";
 
-import "../helpers/Logger.sol";
-
 /**
  * @title Manager contract for modules
  * @notice Abstract contract for managing the enabled modules of the account
@@ -66,10 +64,7 @@ abstract contract ModuleManager is IModuleManager, Auth {
 
   function _addNativeModule(address moduleAddress, bytes memory moduleData) internal {
     if (!_supportsModule(moduleAddress)) {
-      Logger.logString("module is not supported");
-      Logger.logAddress(moduleAddress);
-      // FIXME: support native modules on install
-      // revert Errors.MODULE_ERC165_FAIL();
+      revert Errors.MODULE_ERC165_FAIL();
     }
 
     _modulesLinkedList().add(moduleAddress);
@@ -173,6 +168,8 @@ abstract contract ModuleManager is IModuleManager, Auth {
   }
 
   function _supportsModule(address module) internal view returns (bool) {
+    // this is pretty dumb, since type(IModule).interfaceId is 0x00000000, but is correct as per ERC165
+    // context: https://github.com/ethereum/solidity/issues/7856#issuecomment-585337461
     return module.supportsInterface(type(IModule).interfaceId);
   }
 }

packages/contracts/src/managers/ValidatorManager.sol

@@ -47,6 +47,11 @@ abstract contract ValidatorManager is IValidatorManager, Auth {
     _k1RemoveValidator(validator);
   }
 
+  ///@inheritdoc IValidatorManager
+  function removeModuleValidator(address validator) external onlySelfOrModule {
+    _removeModuleValidator(validator);
+  }
+
   /// @inheritdoc IValidatorManager
   function r1IsValidator(address validator) external view override returns (bool) {
     return _r1IsValidator(validator);
@@ -57,6 +62,11 @@ abstract contract ValidatorManager is IValidatorManager, Auth {
     return _k1IsValidator(validator);
   }
 
+  /// @inheritdoc IValidatorManager
+  function isModuleValidator(address validator) external view override returns (bool) {
+    return _isModuleValidator(validator);
+  }
+
   /// @inheritdoc IValidatorManager
   function r1ListValidators() external view override returns (address[] memory validatorList) {
     validatorList = _r1ValidatorsLinkedList().list();
@@ -67,6 +77,11 @@ abstract contract ValidatorManager is IValidatorManager, Auth {
     validatorList = _k1ValidatorsLinkedList().list();
   }
 
+  /// @inheritdoc IValidatorManager
+  function listModuleValidators() external view override returns (address[] memory validatorList) {
+    validatorList = _moduleValidatorsLinkedList().list();
+  }
+
   function _r1AddValidator(address validator) internal {
     if (!_supportsR1(validator)) {
       revert Errors.VALIDATOR_ERC165_FAIL();
@@ -78,8 +93,14 @@ abstract contract ValidatorManager is IValidatorManager, Auth {
   }
 
   function _addModuleValidator(address validator, bytes memory accountValidationKey) internal {
+    if (!_supportsModuleValidator(validator)) {
+      revert Errors.VALIDATOR_ERC165_FAIL();
+    }
+
     _moduleValidatorsLinkedList().add(validator);
     IModuleValidator(validator).addValidationKey(accountValidationKey);
+
+    emit AddModuleValidator(validator);
   }
 
   function _k1AddValidator(address validator) internal {
@@ -108,6 +129,12 @@ abstract contract ValidatorManager is IValidatorManager, Auth {
     emit K1RemoveValidator(validator);
   }
 
+  function _removeModuleValidator(address validator) internal {
+    _moduleValidatorsLinkedList().remove(validator);
+
+    emit RemoveModuleValidator(validator);
+  }
+
   function _r1IsValidator(address validator) internal view returns (bool) {
     return _r1ValidatorsLinkedList().exists(validator);
   }
@@ -128,6 +155,10 @@ abstract contract ValidatorManager is IValidatorManager, Auth {
     return validator.supportsInterface(type(IK1Validator).interfaceId);
   }
 
+  function _supportsModuleValidator(address validator) internal view returns (bool) {
+    return validator.supportsInterface(type(IModuleValidator).interfaceId);
+  }
+
   function _r1ValidatorsLinkedList() private view returns (mapping(address => address) storage r1Validators) {
     r1Validators = ClaveStorage.layout().r1Validators;
   }

packages/contracts/src/test/ERC20.sol

@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+
+contract TestERC20 is ERC20 {
+  constructor(address mintTo) ERC20("Test ERC20", "TEST") {
+    _mint(mintTo, 10 ** 18);
+  }
+}

packages/contracts/src/validators/PasskeyValidator.sol

@@ -3,6 +3,7 @@ pragma solidity ^0.8.24;
 
 import { Base64 } from "../helpers/Base64.sol";
 import { IR1Validator, IERC165 } from "../interfaces/IValidator.sol";
+import { IModule } from "../interfaces/IModule.sol";
 import { Errors } from "../libraries/Errors.sol";
 import { VerifierCaller } from "../helpers/VerifierCaller.sol";
 import { JsmnSolLib } from "../libraries/JsmnSolLib.sol";
@@ -41,7 +42,7 @@ contract PasskeyValidator is IR1Validator, VerifierCaller {
   }
 
   /// @inheritdoc IERC165
-  function supportsInterface(bytes4 interfaceId) external pure override returns (bool) {
+  function supportsInterface(bytes4 interfaceId) public pure virtual returns (bool) {
     return interfaceId == type(IR1Validator).interfaceId || interfaceId == type(IERC165).interfaceId;
   }