v1.21.0 ERC-4337 Session Keys — caps enforced BY THE CHAIN#78
Conversation
…ilder, permissionId, USE signature, deterministic module addresses, sessions cache Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…rd-party-account opt-in, account + bundler-host allowlists, validation Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Warning Review limit reached
More reviews will be available in 52 minutes and 5 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (5)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
ceoguy
changed the title
) * feat(tools): session grant/revoke/status + aa_submit_userop + agent_wallet_4337_sign_and_send — both fences (local gates + chain caps), hook coverage, docs, v1.21.0 Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * docs: SECURITY.md — disclosure policy + what counts as critical in a money-handling plugin Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * docs: agent-wallet refusal demo GIF (vhs, reproducible via docs/demo/*.tape) + README hero Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * docs(smart-sessions): record Base Sepolia eth_getCode verification of pinned module addresses Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> --------- Co-authored-by: Klow <deploy@klow.ai> Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
1 participant
What this is
Roadmap item 7, complete implementation (was: PR A libs only — now the full feature per
.plans/erc4337-session-keys.md). The trust story graduates from "our code enforces the caps" to "the chain enforces the caps even if the machine is compromised."The user's ERC-7579 smart account grants the agent's existing EOA a scoped on-chain session via the audited, vendor-neutral Smart Sessions module: cumulative per-token spend caps, mandatory expiry, optional usage caps — validated by the EntryPoint on every operation. Zero new dependencies (deterministic module addresses + viem encoders; no AGPL code vendored).
Surface (135 → 140 tools)
chaingpt_aa_session_build_grant/_build_revoke— UNSIGNED payloads; the account OWNER signs externally; unbounded grants refused by construction; revoke = chain-level kill.chaingpt_aa_session_status— chain-authoritative state (account kind, module installed, permission enabled, caps).chaingpt_aa_submit_userop— custody-free eth_sendUserOperation (refuses empty signatures).chaingpt_agent_wallet_4337_sign_and_send— local gates first (fail-closederc4337who/where sub-policy, OFF by default everywhere + standard per-tx/velocity checks on the inner call), then the agent signs in the Smart Sessions USE envelope and the chain enforces the granted caps. Bundler cap-rejections render as the chain-side refusal they are — never retried around.v1 account support: Biconomy Nexus 1.x (Kernel v3 / Safe7579 follow — the module layer is shared). PreToolUse guard asks on both new signing/submitting tools.
Verification
unrestrictedand the chain still refuses the over-cap transfer. The CHANGELOG carries this gate explicitly.erc4337.enabledabsent/false in every default and template), so merging ahead of the live loop changes nothing for any existing user.🤖 Generated with Claude Code