BaseAppAccount by badjer · Pull Request #22 · atxp-dev/sdk

badjer · 2025-08-26T06:54:58Z

Introduces a new BaseAppAccount, which:

is compatible with Base MiniApps and their smart wallets
uses a paymaster to pay for gas, so user accounts don't require ETH for transactions
creates ephemeral wallets for the user for each application, asks the user to grant them a spend permission, and then makes transactions through that ephemeral wallet. This means the user is only prompted to allow a spend permission, not to confirm every transaction

Usage:

import { useAccount } from "wagmi";
import { BaseAppAccount } from "@atxp/base";

const { address } = useAccount();
// Base mini app API key from the Coinbase Developer Portal
const apiKey = process.env.NEXT_PUBLIC_ONCHAINKIT_API_KEY!;
...
const account = await BaseAppAccount.initialize({
  walletAddress: address,
  apiKey,
  appName: 'Mini App ATXP',
  allowance: BigInt('10000000'), // 10 USDC
  periodInDays: 30,
});

// To clear existing data:
BaseAppAccount.clearAllStoredData(address);

… ETH, and we can't give spend permission for that)

badjer · 2025-08-26T17:10:41Z

+  // In Node.js or other environments, use fetch as-is
+  return fetch;
+};
+


Fixes the bug in the browser environment outlined in the comments above

badjer · 2025-08-26T17:16:13Z

+  protected logger: Logger;

-  constructor(baseRPCUrl: string, sourceSecretKey: Hex, logger?: Logger) {
+  constructor(baseRPCUrl: string, walletClient: WalletClient, logger?: Logger) {


This is a slightly worse devex, since we're now requiring the caller to do privateKeyToAccount(sourceSecretKey), but the upside is that this now supports non-EOA wallets, so it seems worth the tradeoff. Generally speaking, external devs aren't going to instantiate this class directly anyways - they're going to create a BaseAccount, which still does take a secret key as the constructor arg.

robdimarco-atxp · 2025-08-26T17:57:28Z

+      }
+    });
+    const provider = sdk.getProvider();
+    await sdk.getProvider().request({ method: 'wallet_connect' });


Should we be using the provider above or do we need to get it again?

Ah, good catch - will update

robdimarco-atxp · 2025-08-26T17:58:46Z

+
+const DEFAULT_ALLOWANCE = 10n;
+const DEFAULT_PERIOD_IN_DAYS = 7;
+const PAYMASTER_URL = 'https://api.developer.coinbase.com/rpc/v1/base/snPdXqIzOGhRkGNJvEHM5bl9Hm3yRO3m';


Should this be configurable via Env Vars? I'm wondering if we might want different dev / staging / production values?

They're settable via params - eg miniapp-example sets them here. I think that's probably adequate?

The PAYMASTER_URL is not settable. Maybe that's ok?

That should be ok, at least for now. The paymaster is US, and we don't want devs to bring their own paymasters at this point.

robdimarco-atxp · 2025-08-26T18:47:36Z

+      calls: [{
+        to: smartWallet.address,
+        value: 0n,
+        data: '0x' as `0x${string}`


FYI, packages/atxp-client/src/types.ts has a Hex type. Maybe we should use it?

Fair - viem also defines a Hex type with the same format. Updated

robdimarco-atxp · 2025-08-26T18:49:54Z

+import { prepareSpendCallData } from '@base-org/account/spend-permission';
+
+// Helper function to convert to base64url that works in both Node.js and browsers
+function toBase64Url(data: string): string {


Nit, this isn't producing a URL, it's just the base64 string. Not-blocking...

It produces a 'base64url' encoded string; I thought the naming was evocative of toBase64

robdimarco-atxp

LGTM!

napoleond and others added 30 commits August 26, 2025 09:15

scaffolding

8b656c5

flesh out

3e8b6e7

Revert base payment maker class changes

3ba1393

Cleanup, cleaner inheritence, npm install, storage abstraction, rebase

d30674b

Fixup build, lint, scripts, etc

162a0d2

npm install

70fc232

rebase issues

cadc299

In browser context, bind fetch to window to solve IllegalOperation error

66c7489

Use minikit for wallet access instead of base-org/account API

25809ed

Base64url encode isn't on browsers - implement

95343c7

Spend permission working (now failing because ephemeral wallet has no…

868576e

… ETH, and we can't give spend permission for that)

SmartWallet

c60ad0d

Test; lint

5b0f596

Delete smart wallet; push on creation

8df7ce8

Logs

bcae307

Coinbase smart wallet

c9c7ab9

Get contract deployed

1d87903

More attempts at smart wallet

cde396f

Debugging

71d4e7a

Refactor/simplify

2ed496f

Further debugging and simplification

49bb514

Try using main account with BasePaymentMaker to sign

51b2307

More minor basePaymentMaker refactor for account

86d7a3c

Some sort of working signing

b3b224b

Despair

b00f49d

WIP

cce6bf1

Comment-out unused code in basePaymentMaker

bb4f58c

Restore tsconfigs

6a8c266

Comment out code to get clean build without ox dep TS build issue

5b2de82

More consistent message format

a16986e

badjer and others added 12 commits August 26, 2025 09:18

Plumb through ephemeralSmartWallet to baseAppPaymentMaker

9e73187

Up to making a payment

c0df54d

standalone payment maker

c182a9f

Signatures from ephemeral smart wallets are still eip1271

b420a09

So close

79ab5e8

End-to-end works (modulo address-match bug in JWT)

014ea8f

Also include transfer to receiver in payment...

bc90fdf

npm install --workspaces after rebase

b03b54f

Rebase build issues

7b5d61c

Build cleanup

29c2cc3

Clean up extraneous params

24df2e4

More cleanup

c00a562

badjer force-pushed the dnr/base-app branch from bec4e75 to c00a562 Compare August 26, 2025 17:05

badjer commented Aug 26, 2025

View reviewed changes

badjer added 3 commits August 26, 2025 10:21

Remove atxp-base readme and unnecessary vitest.config.ts

d2dd340

Lint

b4007cb

Lint; tests

da67e72

badjer force-pushed the dnr/base-app branch from aa1440a to da67e72 Compare August 26, 2025 17:48

badjer marked this pull request as ready for review August 26, 2025 17:51

robdimarco-atxp reviewed Aug 26, 2025

View reviewed changes

Don't recreate provider

a71be98

robdimarco-atxp reviewed Aug 26, 2025

View reviewed changes

Use Hex type instead of

2ee8162

robdimarco-atxp approved these changes Aug 26, 2025

View reviewed changes

Attempt to fix CI issues

564b1f1

badjer merged commit 813dbc2 into main Aug 26, 2025
7 checks passed

badjer deleted the dnr/base-app branch August 26, 2025 19:23

Conversation

badjer commented Aug 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

robdimarco-atxp Aug 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

robdimarco-atxp left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

badjer commented Aug 26, 2025 •

edited

Loading

robdimarco-atxp Aug 26, 2025 •

edited

Loading