Skip to content

chore: interface update #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zerosnacks merged 1 commit into from
Apr 8, 2026
Merged

chore: interface update #93

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 6 additions & 18 deletions src/interfaces/IAccountKeychain.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ interface IAccountKeychain {
uint64 expiry; // Unix timestamp when key expires (use type(uint64).max for never)
bool enforceLimits; // Whether spending limits are enforced for this key
TokenLimit[] limits; // Token spending limits
bool allowAnyCalls; // true = unrestricted calls (allowedCalls must be empty), false = allowedCalls defines scope
bool allowAnyCalls; // true = unrestricted calls (allowedCalls must be empty)
CallScope[] allowedCalls; // Call scopes when allowAnyCalls is false
}

Expand Down Expand Up @@ -124,12 +124,11 @@ interface IAccountKeychain {

/**
* @notice Legacy authorize-key entrypoint used before T3
* @dev MUST only be called in transactions signed by the Root Key
* @param keyId The key identifier (address) to authorize
* @param signatureType Signature type of the key (0: Secp256k1, 1: P256, 2: WebAuthn)
* @param expiry Unix timestamp when key expires (use type(uint64).max for never expires)
* @param signatureType Signature type of the key
* @param expiry Unix timestamp when key expires
* @param enforceLimits Whether to enforce spending limits for this key
* @param limits Initial spending limits for tokens (only used if enforceLimits is true)
* @param limits Initial spending limits for tokens
*/
function authorizeKey(
address keyId,
Expand All @@ -141,23 +140,20 @@ interface IAccountKeychain {

/**
* @notice Authorize a new key for the caller's account with T3 extensions
* @dev MUST only be called in transactions signed by the Root Key
* @param keyId The key identifier (address derived from public key)
* @param signatureType Signature type of the key (0: Secp256k1, 1: P256, 2: WebAuthn)
* @param signatureType Signature type of the key
* @param config Access-key expiry and optional limits / call restrictions
*/
function authorizeKey(address keyId, SignatureType signatureType, KeyRestrictions calldata config) external;

/**
* @notice Revoke an authorized key
* @dev MUST only be called in transactions signed by the Root Key
* @param keyId The key ID to revoke
*/
function revokeKey(address keyId) external;

/**
* @notice Update spending limit for a specific token on an authorized key
* @dev MUST only be called in transactions signed by the Root Key
* @param keyId The key ID to update
* @param token The token address
* @param newLimit The new spending limit
Expand All @@ -166,17 +162,13 @@ interface IAccountKeychain {

/**
* @notice Set or replace allowed calls for one or more key+target pairs
* @dev MUST only be called in transactions signed by the Root Key.
* Reverts if `scopes` is empty; use `removeAllowedCalls` to delete target scopes.
* `scope.selectorRules = []` allows any selector on that target.
* @param keyId The key ID to configure
* @param scopes The call scopes to set
*/
function setAllowedCalls(address keyId, CallScope[] calldata scopes) external;

/**
* @notice Remove any configured call scope for a key+target pair
* @dev MUST only be called in transactions signed by the Root Key
* @param keyId The key ID to update
* @param target The target contract to remove from allowed calls
*/
Expand Down Expand Up @@ -217,10 +209,7 @@ interface IAccountKeychain {
returns (uint256 remaining, uint64 periodEnd);

/**
* @notice Returns whether an account key is call-scoped and, if so, the configured call scopes
* @dev `isScoped = false` means unrestricted. `isScoped = true && scopes.length == 0`
* means scoped deny-all. Missing, revoked, or expired access keys also return scoped
* deny-all so callers do not observe stale persisted scope state.
* @notice Returns whether an account key is call-scoped and the configured call scopes
* @param account The account address
* @param keyId The key ID
* @return isScoped Whether the key is call-scoped
Expand All @@ -233,7 +222,6 @@ interface IAccountKeychain {

/**
* @notice Get the transaction key used in the current transaction
* @dev Returns address(0) if the Root Key is being used
* @return The key ID that signed the transaction
*/
function getTransactionKey() external view returns (address);
Expand Down