feat(m8): enforce session scope in TierGuardHook via AgentSessionKeyValidator#36
Open
jhfnetboy wants to merge 1 commit into
Open
feat(m8): enforce session scope in TierGuardHook via AgentSessionKeyValidator#36jhfnetboy wants to merge 1 commit into
jhfnetboy wants to merge 1 commit into
Conversation
…alidator Part A: AAStarAirAccountV7.validateUserOp — when routing to AgentSessionKeyValidator (ALG_SESSION_KEY, 0x08), recover the session key from the 66-byte ECDSA signature and store it in transient storage via _storeSessionKey() so TierGuardHook can access it. Part B: AAStarAirAccountBase — add getCurrentSessionKey() (non-consuming peek) mirroring getCurrentAlgId(), allowing hooks to read the queued session key without consuming it. Also modify _dispatchHook() to forward the full execute() calldata (msg.data) as the bytes msgData parameter so TierGuardHook can parse dest and inner call selector. Part C: TierGuardHook — add accountAgentValidator mapping, extend onInstall() to accept optional 4th param (128-byte format) for AgentSessionKeyValidator address, add _getSessionKeyFromAccount() helper, and wire session scope enforcement in preCheck(): when agentValidator is set and algId==ALG_SESSION_KEY, call enforceSessionScope() on the validator with the parsed dest and inner selector. Reverts TierGuardHookUnauthorized on forbidden call target. Tests: 4 new unit tests in TierGuardHook.t.sol covering block-forbidden, allow-permitted, no-validator-skips, and empty-allowlist-allows-all scenarios. All 684 tests pass. Closes TODO at AAStarAirAccountBase.sol:1101.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Part A (
AAStarAirAccountV7.sol): InvalidateUserOp(), when routing to a module validator withALG_SESSION_KEY(0x08), recover the session key from the 66-byte ECDSA signature and store it in transient storage via_storeSessionKey(). This bridges the validation→execution gap soTierGuardHookcan access the session key duringpreCheck.Part B (
AAStarAirAccountBase.sol): AddgetCurrentSessionKey()(non-consuming peek, mirrorsgetCurrentAlgId()). Modify_dispatchHook()to forward the fullexecute()calldata (msg.data) as thebytes msgDataparameter, enabling the hook to parsedestand inner call selector.Part C (
TierGuardHook.sol): AddaccountAgentValidatormapping. ExtendonInstall()to accept optional 4th param (128-byte ABI-encoded format) forAgentSessionKeyValidatoraddress (backward compatible with existing 3-param format). Add_getSessionKeyFromAccount()helper. Wire session scope enforcement inpreCheck(): whenagentValidatoris set andalgId == ALG_SESSION_KEY, callenforceSessionScope()with parsed dest and inner selector. RevertsTierGuardHookUnauthorizedon forbidden call target.This closes the TODO documented at
AAStarAirAccountBase.sol:1101.Test plan
forge test --match-path test/TierGuardHook.t.sol -v— all 23 tests pass (19 existing + 4 new)test_PreCheck_SessionKey_enforcesCallTarget_blocks_forbidden— calling tokenB (not in allowlist) revertstest_PreCheck_SessionKey_enforcesCallTarget_allows_permitted— calling tokenA (in allowlist) succeedstest_PreCheck_SessionKey_noValidator_skipsEnforcement— no agentValidator → no scope checktest_PreCheck_SessionKey_emptyAllowlist_allowsAll— empty callTargets → any target allowedforge test --match-path test/AgentSessionKeyValidator.t.sol— all 47 existing tests still pass (regression)forge test— all 684 tests pass (680 existing + 4 new)