feat(networks): add sessionSigs support

Ansonhkg · Ansonhkg · commit 9f4918862fc0 · 2025-10-23T01:53:38.000+01:00
diff --git a/packages/networks/src/networks/vNaga/shared/factories/BaseModuleFactory.ts b/packages/networks/src/networks/vNaga/shared/factories/BaseModuleFactory.ts
@@ -575,11 +575,25 @@ export function createBaseModule<T, M>(config: BaseModuleConfig<T, M>) {
         ): Promise<RequestItem<z.infer<typeof EncryptedVersion1Schema>>[]> => {
           _logger.info({ params }, 'pkpSign:createRequest: Creating request');
 
-          // Generate session sigs
-          const sessionSigs = await issueSessionFromContext({
-            pricingContext: PricingContextSchema.parse(params.pricingContext),
-            authContext: params.authContext,
-          });
+          // Generate or reuse session sigs
+          let sessionSigs: Record<string, AuthSig>;
+          if (params.sessionSigs && Object.keys(params.sessionSigs).length > 0) {
+            sessionSigs = params.sessionSigs;
+          } else {
+            if (!params.authContext) {
+              throw new Error(
+                'authContext is required when sessionSigs are not provided for pkpSign.'
+              );
+            }
+            const pricingContext = PricingContextSchema.parse(
+              params.pricingContext
+            );
+            sessionSigs = await issueSessionFromContext({
+              pricingContext,
+              authContext: params.authContext,
+              delegationAuthSig: params.delegationAuthSig,
+            });
+          }
 
           _logger.info('pkpSign:createRequest: Session sigs generated');
 
@@ -688,6 +702,11 @@ export function createBaseModule<T, M>(config: BaseModuleConfig<T, M>) {
           _logger.info({ params }, 'decrypt:createRequest: Creating request');
 
           // Generate session sigs for decrypt
+          if (!params.authContext) {
+            throw new Error(
+              'authContext is required when generating sessionSigs for decrypt.'
+            );
+          }
           const sessionSigs = await issueSessionFromContext({
             pricingContext: PricingContextSchema.parse(params.pricingContext),
             authContext: params.authContext,
@@ -1048,11 +1067,24 @@ export function createBaseModule<T, M>(config: BaseModuleConfig<T, M>) {
           // Store response strategy for later use in handleResponse
           executeJsResponseStrategy = params.responseStrategy;
 
-          // Generate session sigs
-          const sessionSigs = await issueSessionFromContext({
-            pricingContext: PricingContextSchema.parse(params.pricingContext),
-            authContext: params.authContext,
-          });
+          let sessionSigs: Record<string, AuthSig>;
+          if (params.sessionSigs && Object.keys(params.sessionSigs).length > 0) {
+            sessionSigs = params.sessionSigs;
+          } else {
+            if (!params.authContext) {
+              throw new Error(
+                'authContext is required when sessionSigs are not provided for executeJs.'
+              );
+            }
+            const pricingContext = PricingContextSchema.parse(
+              params.pricingContext
+            );
+            sessionSigs = await issueSessionFromContext({
+              pricingContext,
+              authContext: params.authContext,
+              delegationAuthSig: params.delegationAuthSig,
+            });
+          }
 
           // Generate requests
           const _requestId = createRequestId();
diff --git a/packages/networks/src/networks/vNaga/shared/managers/api-manager/APIFactory.ts b/packages/networks/src/networks/vNaga/shared/managers/api-manager/APIFactory.ts
@@ -5,7 +5,7 @@ import {
   GenericEncryptedPayloadSchema,
   GenericResultBuilder,
 } from '@lit-protocol/schemas';
-import { RequestItem, NagaJitContext } from '@lit-protocol/types';
+import { AuthSig, NagaJitContext, RequestItem } from '@lit-protocol/types';
 
 import { E2EERequestManager } from './e2ee-request-manager/E2EERequestManager';
 import { composeLitUrl } from '../endpoints-manager/composeLitUrl';
@@ -37,11 +37,20 @@ export function createPKPSignAPI<T, M>(networkConfig: INetworkConfig<T, M>) {
     ): Promise<RequestItem<z.infer<typeof EncryptedVersion1Schema>>[]> => {
       _logger.info({ params }, 'pkpSign:createRequest: Creating request');
 
-      // Generate session sigs
-      const sessionSigs = await issueSessionFromContext({
-        pricingContext: PricingContextSchema.parse(params.pricingContext),
-        authContext: params.authContext,
-      });
+      // Generate or reuse session sigs
+      let sessionSigs: Record<string, AuthSig>;
+      if ('sessionSigs' in params && params.sessionSigs) {
+        sessionSigs = params.sessionSigs;
+      } else {
+        const pricingContext = PricingContextSchema.parse(
+          params.pricingContext
+        );
+        sessionSigs = await issueSessionFromContext({
+          pricingContext,
+          authContext: params.authContext,
+          delegationAuthSig: params.delegationAuthSig,
+        });
+      }
 
       _logger.info('pkpSign:createRequest: Session sigs generated');
 
@@ -222,11 +231,19 @@ export function createExecuteJsAPI<T, M>(networkConfig: INetworkConfig<T, M>) {
     createRequest: async (params: ExecuteJsCreateRequestParams) => {
       _logger.info({ params }, 'executeJs:createRequest: Creating request');
 
-      // Generate session sigs
-      const sessionSigs = await issueSessionFromContext({
-        pricingContext: PricingContextSchema.parse(params.pricingContext),
-        authContext: params.authContext,
-      });
+      let sessionSigs: Record<string, AuthSig>;
+      if ('sessionSigs' in params && params.sessionSigs) {
+        sessionSigs = params.sessionSigs;
+      } else {
+        const pricingContext = PricingContextSchema.parse(
+          params.pricingContext
+        );
+        sessionSigs = await issueSessionFromContext({
+          pricingContext,
+          authContext: params.authContext,
+          delegationAuthSig: params.delegationAuthSig,
+        });
+      }
 
       const _requestId = createRequestId();
       const requests: RequestItem<z.infer<typeof EncryptedVersion1Schema>>[] =
diff --git a/packages/networks/src/networks/vNaga/shared/managers/api-manager/executeJs/executeJs.CreateRequestParams.ts b/packages/networks/src/networks/vNaga/shared/managers/api-manager/executeJs/executeJs.CreateRequestParams.ts
@@ -1,17 +1,11 @@
-import {
-  PKPAuthContextSchema,
-  EoaAuthContextSchema,
-} from '@lit-protocol/schemas';
-import { LitActionResponseStrategy, NagaJitContext } from '@lit-protocol/types';
+import { PKPAuthContextSchema, EoaAuthContextSchema } from '@lit-protocol/schemas';
+import { AuthSig, LitActionResponseStrategy, NagaJitContext } from '@lit-protocol/types';
 import { z } from 'zod';
 import { PricingContextSchema } from '../../pricing-manager/schema';
 import { ConnectionInfo } from '../../LitChainClient/types';
 
-export type ExecuteJsCreateRequestParams = {
+type ExecuteJsCreateRequestParamsBase = {
   pricingContext: z.input<typeof PricingContextSchema>;
-  authContext: z.input<
-    typeof PKPAuthContextSchema | typeof EoaAuthContextSchema
-  >;
   executionContext: {
     code?: string;
     ipfsId?: string;
@@ -23,3 +17,23 @@ export type ExecuteJsCreateRequestParams = {
   responseStrategy?: LitActionResponseStrategy;
   jitContext: NagaJitContext;
 };
+
+export type ExecuteJsCreateRequestParamsWithAuthContext =
+  ExecuteJsCreateRequestParamsBase & {
+    authContext: z.input<
+      typeof PKPAuthContextSchema | typeof EoaAuthContextSchema
+    >;
+    sessionSigs?: never;
+    delegationAuthSig?: AuthSig;
+  };
+
+export type ExecuteJsCreateRequestParamsWithSessionSigs =
+  ExecuteJsCreateRequestParamsBase & {
+    sessionSigs: Record<string, AuthSig>;
+    authContext?: undefined;
+    delegationAuthSig?: AuthSig;
+  };
+
+export type ExecuteJsCreateRequestParams =
+  | ExecuteJsCreateRequestParamsWithAuthContext
+  | ExecuteJsCreateRequestParamsWithSessionSigs;
diff --git a/packages/networks/src/networks/vNaga/shared/managers/api-manager/executeJs/executeJs.InputSchema.ts b/packages/networks/src/networks/vNaga/shared/managers/api-manager/executeJs/executeJs.InputSchema.ts
@@ -1,63 +1,91 @@
 import {
   PKPAuthContextSchema,
   EoaAuthContextSchema,
+  AuthSigSchema,
 } from '@lit-protocol/schemas';
 import { LitActionResponseStrategy } from '@lit-protocol/types';
 import { z } from 'zod';
 
-/**
- * ExecuteJs Input Schema
- * Based on JsonExecutionSdkParams but following the naga-dev module pattern
- */
-export const ExecuteJsInputSchema = z
-  .object({
-    /**
-     * JS code to run on the nodes
-     */
-    code: z.string().optional(),
+const SessionSigsSchema = z.record(z.string(), AuthSigSchema);
 
-    /**
-     * The IPFS ID of some JS code to run on the nodes
-     */
-    ipfsId: z.string().optional(),
+const ExecuteJsSharedFieldsSchema = z.object({
+  /**
+   * JS code to run on the nodes
+   */
+  code: z.string().optional(),
 
-    /**
-     * An object that contains params to expose to the Lit Action.
-     * These will be injected to the JS runtime before your code runs.
-     */
-    jsParams: z
-      .union([
-        z.any(),
-        z
-          .object({
-            publicKey: z.string().optional(),
-            sigName: z.string().optional(),
-          })
-          .catchall(z.any()),
-      ])
-      .optional(),
+  /**
+   * The IPFS ID of some JS code to run on the nodes
+   */
+  ipfsId: z.string().optional(),
 
-    /**
-     * Authentication context - either PKP or EOA based
-     */
-    authContext: z.union([PKPAuthContextSchema, EoaAuthContextSchema]),
+  /**
+   * An object that contains params to expose to the Lit Action.
+   * These will be injected to the JS runtime before your code runs.
+   */
+  jsParams: z
+    .union([
+      z.any(),
+      z
+        .object({
+          publicKey: z.string().optional(),
+          sigName: z.string().optional(),
+        })
+        .catchall(z.any()),
+    ])
+    .optional(),
 
-    /**
-     * User's maximum price they're willing to pay for the request
-     */
-    userMaxPrice: z.bigint().optional(),
+  /**
+   * User's maximum price they're willing to pay for the request
+   */
+  userMaxPrice: z.bigint().optional(),
+
+  /**
+   * Only run the action on a single node; this will only work if all code in your action is non-interactive
+   */
+  useSingleNode: z.boolean().optional(),
+
+  /**
+   * Response strategy for processing Lit Action responses
+   */
+  responseStrategy: z.custom<LitActionResponseStrategy>().optional(),
+});
+
+const ExecuteJsInputWithAuthContextSchema = ExecuteJsSharedFieldsSchema.extend({
+  /**
+   * Authentication context - either PKP or EOA based
+   */
+  authContext: z.union([PKPAuthContextSchema, EoaAuthContextSchema]),
+
+  /**
+   * Session signatures must not be supplied when an auth context is provided.
+   */
+  sessionSigs: z.never().optional(),
+});
 
+const ExecuteJsInputWithSessionSigsSchema =
+  ExecuteJsSharedFieldsSchema.extend({
     /**
-     * Only run the action on a single node; this will only work if all code in your action is non-interactive
+     * Pre-generated session signatures; when provided, authContext must be omitted.
      */
-    useSingleNode: z.boolean().optional(),
+    sessionSigs: SessionSigsSchema,
 
     /**
-     * Response strategy for processing Lit Action responses
+     * authContext is intentionally unsupported in this branch.
      */
-    responseStrategy: z.custom<LitActionResponseStrategy>().optional(),
-  })
+    authContext: z.undefined().optional(),
+  });
+
+export const ExecuteJsInputSchema = z
+  .union([
+    ExecuteJsInputWithAuthContextSchema,
+    ExecuteJsInputWithSessionSigsSchema,
+  ])
   .refine((data) => data.code || data.ipfsId, {
     message: "Either 'code' or 'ipfsId' must be provided",
     path: ['code'],
   });
+
+export type ExecuteJsInput =
+  | z.infer<typeof ExecuteJsInputWithAuthContextSchema>
+  | z.infer<typeof ExecuteJsInputWithSessionSigsSchema>;
diff --git a/packages/networks/src/networks/vNaga/shared/managers/api-manager/pkpSign/pkpSign.CreateRequestParams.ts b/packages/networks/src/networks/vNaga/shared/managers/api-manager/pkpSign/pkpSign.CreateRequestParams.ts
@@ -5,7 +5,7 @@ import {
   PKPAuthContextSchema,
   SigningChainSchema,
 } from '@lit-protocol/schemas';
-import { NagaJitContext } from '@lit-protocol/types';
+import { NagaJitContext, AuthSig, SessionSigsMap } from '@lit-protocol/types';
 import { z } from 'zod';
 import { ConnectionInfo } from '../../LitChainClient/types';
 import { PricingContextSchema } from '../../pricing-manager/schema';
@@ -30,4 +30,6 @@ export type PKPSignCreateRequestParams = {
   version: string;
   chain: z.infer<typeof SigningChainSchema>;
   jitContext: NagaJitContext;
+  sessionSigs?: SessionSigsMap;
+  delegationAuthSig?: AuthSig;
 };
diff --git a/packages/networks/src/networks/vNaga/shared/managers/session-manager/issueSessionFromContext.ts b/packages/networks/src/networks/vNaga/shared/managers/session-manager/issueSessionFromContext.ts
@@ -5,6 +5,7 @@ import {
   AuthConfigSchema,
 } from '@lit-protocol/schemas';
 import {
+  AuthSig,
   LitResourceAbilityRequest,
   SessionSigningTemplate,
   SessionSigsMap,
@@ -59,9 +60,11 @@ export const issueSessionFromContext = async (params: {
     typeof PKPAuthContextSchema | typeof EoaAuthContextSchema
   >;
   pricingContext: PricingContext;
+  delegationAuthSig?: AuthSig;
   // latestBlockhash: string;
 }): Promise<SessionSigsMap> => {
-  const authSig = await params.authContext.authNeededCallback();
+  const authSig =
+    params.delegationAuthSig || (await params.authContext.authNeededCallback());
   const _authConfig = AuthConfigSchema.parse(params.authContext.authConfig);
 
   const capabilities = [
