feat!: add TIP-1011 authorizeKey with KeyRestrictions (T3+)#39
Merged
feat!: add TIP-1011 authorizeKey with KeyRestrictions (T3+)#39
Conversation
Add the new authorizeKey(address,uint8,KeyRestrictions) ABI entry and the CallScope/KeyRestrictions types to IAccountKeychain.json. Rename the existing authorize_key() to authorize_key_legacy() (pre-T3) and make authorize_key() use the T3+ KeyRestrictions struct with allow_any_calls and allowed_calls params. Co-Authored-By: 0xrusowsky <90208954+0xrusowsky@users.noreply.github.com>
Co-Authored-By: 0xrusowsky <90208954+0xrusowsky@users.noreply.github.com>
decofe
changed the title
Co-Authored-By: 0xrusowsky <90208954+0xrusowsky@users.noreply.github.com>
Co-Authored-By: grandizzy <38490174+grandizzy@users.noreply.github.com>
- TokenLimit: add period (uint64) field for T3+ overload - CallScope: use SelectorRule[] instead of flat bytes4 - Add missing functions: setAllowedCalls, removeAllowedCalls, getRemainingLimitWithPeriod, getAllowedCalls - Add AccessKeySpend event - Fix ruff lint warnings (UP045/UP037) Co-Authored-By: grandizzy <38490174+grandizzy@users.noreply.github.com>
- Sync base ABI from tempo-std via tempo_abis.sh --sync - Add T3 authorizeKey overload + new T3 functions on top (tempo-std not yet updated for T3) - Resolve cherry-pick conflict with PR #40 RLP fix (expiry=0 handling already in as_rlp_payload) - Fix test_inline_key_auth_with_limits: pass SignedKeyAuthorization object instead of raw bytes Co-Authored-By: grandizzy <38490174+grandizzy@users.noreply.github.com>
The test calls authorize_key() which defaults to T3 ABI. On pre-T3 nodes (testnet/devnet nightly), the T3 selector is rejected. Detect hardfork and pass legacy=True on T2 nodes. Co-Authored-By: grandizzy <38490174+grandizzy@users.noreply.github.com>
The previous approach queried eth_getBlockByNumber for t3Time but that field is in the chain config, not block data. Instead, probe the AccountKeychain precompile with the T3 authorizeKey selector (0x980a6025) and check if it returns UnknownFunctionSelector. Co-Authored-By: grandizzy <38490174+grandizzy@users.noreply.github.com>
Read TEMPO_HARDFORK (default T3), use is_t2 fixture to gate legacy ABI. Pass TEMPO_HARDFORK=T2 in testnet CI workflow. Co-Authored-By: grandizzy <38490174+grandizzy@users.noreply.github.com>
0xrusowsky
reviewed
Apr 7, 2026
.changelog/calm-lakes-wink.md
Outdated
| @@ -0,0 +1,5 @@ | |||
| --- | |||
| pytempo: minor | |||
Contributor
There was a problem hiding this comment.
i think this should be a major, as the SDK has been refactored to be more strongly typed, and breaks some previous API patterns
Co-Authored-By: grandizzy <38490174+grandizzy@users.noreply.github.com> Amp-Thread-ID: https://ampcode.com/threads/T-019d6690-d702-750b-9b66-34568bdf245d
Co-Authored-By: georgen <129292+georgen@users.noreply.github.com> Amp-Thread-ID: https://ampcode.com/threads/T-019d66a3-f741-70eb-bda2-125c37eab1f5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds support for the TIP-1011
authorizeKeyABI change that ships with the T3 hardfork.Breaking Change
AccountKeychain.authorize_key()now emits the T3+authorizeKey(address,uint8,KeyRestrictions)selector. Callers targeting pre-T3 nodes must switch toAccountKeychain.authorize_key_legacy().Changes
IAccountKeychain.json: Added newauthorizeKey(address,uint8,KeyRestrictions)ABI entry withCallScopeandKeyRestrictionsstruct types. AddedLegacyAuthorizeKeySelectorChangederror. Legacy overload preserved.account_keychain.py:authorize_key()now builds the T3+ call withKeyRestrictions(includesallow_any_callsandallowed_callsparams). Addedauthorize_key_legacy()for pre-T3 nodes.keychain.py: AddedCallScopedataclass for strongly-typed call scope restrictions.__init__.py: ExportedCallScope.Integration tests use inline
KeyAuthorization(RLP-encoded in the tx), not the ABI-encoded precompile call, so they work on both T2 and T3 without changes.Testing
Prompted by: rusowsky