litentry
diff --git a/‎tee-worker/omni-executor/aa-contracts/ABI-SYNC.md
Lines changed: 69 additions & 0 deletions b/‎tee-worker/omni-executor/aa-contracts/ABI-SYNC.md
Lines changed: 69 additions & 0 deletions
diff --git a/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/README.md
Lines changed: 36 additions & 5 deletions b/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/README.md
Lines changed: 36 additions & 5 deletions
diff --git a/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/components/AuthorizeTEEWorker.tsx
Lines changed: 4 additions & 23 deletions b/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/components/AuthorizeTEEWorker.tsx
Lines changed: 4 additions & 23 deletions
diff --git a/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/components/AuthorizedSigners.tsx
Lines changed: 9 additions & 54 deletions b/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/components/AuthorizedSigners.tsx
Lines changed: 9 additions & 54 deletions
diff --git a/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/contracts/abis/EntryPoint.json
Lines changed: 1068 additions & 1 deletion b/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/contracts/abis/EntryPoint.json
Lines changed: 1068 additions & 1 deletion
diff --git a/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/contracts/abis/IEntryPoint.json
Lines changed: 1068 additions & 1 deletion b/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/contracts/abis/IEntryPoint.json
Lines changed: 1068 additions & 1 deletion
diff --git a/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/contracts/abis/OmniAccount.json
Lines changed: 866 additions & 1 deletion b/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/contracts/abis/OmniAccount.json
Lines changed: 866 additions & 1 deletion
diff --git a/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/contracts/abis/OmniAccountFactory.json
Lines changed: 122 additions & 1 deletion b/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/contracts/abis/OmniAccountFactory.json
Lines changed: 122 additions & 1 deletion
diff --git a/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/contracts/abis/SimplePaymaster.json
Lines changed: 468 additions & 1 deletion b/‎tee-worker/omni-executor/aa-contracts/aa-demo-app/src/contracts/abis/SimplePaymaster.json
Lines changed: 468 additions & 1 deletion
@@ -0,0 +1,69 @@
+# ABI Synchronization Documentation
+
+## Overview
+
+This document explains the automated ABI synchronization system that keeps the demo app in sync with the smart contracts, even when contract names change (e.g., V1 naming).
+
+## Automated Workflow
+
+### 1. During Deployment (`deploy-local.sh`)
+- Deploys V1 contracts: `EntryPointV1`, `OmniAccountFactoryV1`, etc.
+- Saves deployment artifacts to `deployments/local/local.json` with:
+  - Contract addresses
+  - Full ABIs
+  - Metadata (for tokens)
+- Automatically runs `sync-abis-from-deployment.sh` if available
+
+### 2. ABI Synchronization (`sync-abis-from-deployment.sh`)
+- Reads deployment artifacts from `deployments/local/local.json`
+- Maps V1 contract names to demo app expected names:
+  - `EntryPointV1` → `EntryPoint.json`
+  - `OmniAccountFactoryV1` → `OmniAccountFactory.json`
+- Extracts `OmniAccountV1` ABI from compiled artifacts
+- Saves all ABIs to `aa-demo-app/src/contracts/abis/`
+
+### 3. Address Update (`update-demo-addresses.sh`)
+- Primary source: deployment artifacts (`deployments/local/local.json`)
+- Fallback: broadcast files
+- Automatically runs ABI sync after updating addresses
+- Updates `.env.local` with contract addresses
+
+## Manual Usage
+
+### Sync ABIs Only
+```bash
+./sync-abis-from-deployment.sh
+```
+
+### Update Addresses and ABIs
+```bash
+./update-demo-addresses.sh
+```
+
+### For Different Environments
+```bash
+DEPLOYMENT_ENV=staging ./sync-abis-from-deployment.sh
+DEPLOYMENT_ENV=staging ./update-demo-addresses.sh
+```
+
+## Benefits
+
+1. **Single Source of Truth**: Deployment artifacts contain everything
+2. **Automatic V1 Mapping**: No need to update demo app for V1 naming
+3. **Version Agnostic**: Works with any contract version naming
+4. **Environment Support**: Easy switching between local/staging/production
+5. **No Manual Compilation**: Reuses existing artifacts
+
+## Troubleshooting
+
+### Missing OmniAccount ABI
+The script will automatically run `forge build` if needed to generate the OmniAccountV1 artifact.
+
+### Multiple Test Tokens
+The script handles multiple TestToken instances by checking metadata for USDC/USDT symbols.
+
+### Custom Networks
+Set `DEPLOYMENT_ENV` to use different deployment files:
+```bash
+DEPLOYMENT_ENV=arbitrum-sepolia ./sync-abis-from-deployment.sh
+```
@@ -284,21 +284,28 @@ aa-demo-app/
 │   ├── app/              # Next.js app router pages
 │   ├── components/       # React components
 │   │   ├── AccountsDashboard.tsx    # Displays wallet and OmniAccount balances
-│   │   ├── AuthorizedSigners.tsx    # Manage authorized signers
-│   │   ├── AuthorizeTEEWorker.tsx   # TEE worker authorization flow
+│   │   ├── AuthorizedSigners.tsx    # Manage authorized signers (direct calls, no execute wrapper)
+│   │   ├── AuthorizeTEEWorker.tsx   # TEE worker authorization flow (uses Owner signer type)
 │   │   ├── FundingGuide.tsx         # ETH funding guide
 │   │   ├── TEETokenTransfer.tsx     # Token transfer through TEE worker
 │   │   ├── CreateOmniAccount.tsx    # Smart account creation flow with paymaster option
 │   │   └── WalletConnect.tsx        # Wallet connection component
-│   ├── contracts/        # Contract ABIs
-│   │   ├── ...existing ABIs
+│   ├── contracts/        # Contract ABIs (auto-synced from V1 contracts)
+│   │   ├── EntryPoint.json          # Synced from EntryPointV1
+│   │   ├── OmniAccount.json         # Synced from OmniAccountV1
+│   │   ├── OmniAccountFactory.json  # Synced from OmniAccountFactoryV1
 │   │   └── SimplePaymaster.json     # Paymaster contract ABI
 │   └── lib/             # Utilities and configuration
 │       ├── aa-utils.ts  # AA utilities including UserOp construction
 │       ├── constants.ts # Contract addresses and token configs
 │       ├── tee-worker-client.ts # TEE Worker RPC client with submitUserOpTest
 │       └── wagmi.ts     # Web3 configuration
 └── public/              # Static assets
+
+Parent directory scripts:
+├── sync-abis-from-deployment.sh  # Syncs V1 contract ABIs to demo app
+├── update-demo-addresses.sh      # Updates addresses and runs ABI sync
+└── deploy-local.sh              # Deploys contracts and auto-syncs ABIs
 ```
 
 ## Troubleshooting
@@ -336,6 +343,12 @@ You might see errors like `execution reverted` for `symbol()` or `decimals()` ca
 - **Transaction fails with paymaster**: Ensure the paymaster is properly configured
 - **DemoPaymaster vs SimplePaymaster**: DemoPaymaster accepts all operations (testing only), SimplePaymaster requires authorized bundlers
 
+### Signer Management Issues
+- **"Transaction reverted" when adding signers**: Ensure you're connected with the account owner (not a root signer)
+- **"Only owner" errors**: The connected wallet must be the original account creator
+- **Authorization failures**: Check that the UserOperation is signed with `UserOpSigner.Owner` type for restricted functions
+- **TEE Worker not added**: Verify the transaction succeeded and check the signer list
+
 ## Environment Variables
 
 The app uses these environment variables:
@@ -411,6 +424,23 @@ export const PAYMASTER_CONFIG = {
 
 ## Technical Details
 
+### Contract Versions and ABI Management
+
+The demo app works with V1 contracts (`OmniAccountV1`, `OmniAccountFactoryV1`, `EntryPointV1`) while maintaining backward-compatible naming:
+
+- **Automatic ABI Synchronization**: The `sync-abis-from-deployment.sh` script automatically maps V1 contract ABIs to expected names
+- **Deployment Integration**: Running `./deploy-local.sh` automatically syncs ABIs after deployment
+- **Version Support**: The contracts include a `version()` function returning "1.0.0"
+
+### Access Control and Signer Management
+
+Recent updates to the smart contracts have enhanced access control:
+
+- **Direct EntryPoint Calls**: The `onlyOwner` modifier now allows the EntryPoint to directly call restricted functions
+- **No Execute Wrapper Needed**: Functions like `addRootSigner` and `removeRootSigner` are called directly in UserOperations
+- **Signer Type Requirements**: Only `UserOpSigner.Owner` can call restricted functions (not `RootKey` or `SessionKey`)
+- **Signer Hierarchy**: For non-EVM owners, passkey signers have priority over root signers (when passkeys are present)
+
 ### Paymaster Integration
 
 The app integrates paymaster functionality for gas sponsorship:
@@ -419,12 +449,13 @@ The app integrates paymaster functionality for gas sponsorship:
 - **Balance Checking**: Verifies paymaster has sufficient deposit at EntryPoint
 - **Dynamic Toggle**: Users can enable/disable paymaster per transaction
 
-### New Utility Functions
+### Key Utility Functions
 
 - `buildTokenTransferUserOp()`: Creates UserOperation for ERC20 token transfers
 - `buildERC20TransferCallData()`: Encodes ERC20 transfer function call
 - `toSerializablePackedUserOperation()`: Converts PackedUserOperation to serializable format
 - `submitUserOpTest()`: Submits UserOperations through TEE worker RPC
+- `signUserOperation()`: Signs UserOperations with proper signer type validation
 
 ### RPC Method Updates
 
 
@@ -92,32 +92,13 @@ export function AuthorizeTEEWorker({
             // Step 2: Add the TEE worker as an authorized signer
             setIsAddingSigner(true);
 
-            // First encode the addRootSigner call
-            const addSignerData = encodeFunctionData({
+            // Directly encode the addRootSigner call (no execute wrapper needed)
+            const callData = encodeFunctionData({
                 abi: CONTRACTS.OmniAccountImplementation.abi,
                 functionName: "addRootSigner",
                 args: [teeWorkerAddress as `0x${string}`],
             });
 
-            // Then wrap it in an execute call (the account calls itself)
-            const callData = encodeFunctionData({
-                abi: [
-                    {
-                        name: "execute",
-                        type: "function",
-                        inputs: [
-                            { name: "target", type: "address" },
-                            { name: "value", type: "uint256" },
-                            { name: "data", type: "bytes" },
-                        ],
-                        outputs: [],
-                        stateMutability: "nonpayable",
-                    },
-                ],
-                functionName: "execute",
-                args: [omniAccountAddress as `0x${string}`, BigInt(0), addSignerData],
-            });
-
             // Get current nonce for the account
             const nonce = (await publicClient.readContract({
                 address: CONTRACTS.EntryPoint.address,
@@ -145,14 +126,14 @@ export function AuthorizeTEEWorker({
                     : undefined,
             });
 
-            // Sign UserOperation with RootKey signer type
+            // Sign UserOperation with Owner signer type (required for restricted functions)
             const signature = await signUserOperation(
                 walletClient,
                 evmAddress,
                 userOp as UserOperation,
                 CONTRACTS.EntryPoint.address,
                 BigInt(await publicClient.getChainId()),
-                UserOpSigner.RootKey,
+                UserOpSigner.Owner,
             );
 
             userOp.signature = signature;
 
@@ -101,36 +101,14 @@ export function AuthorizedSigners({
 
         setIsAddingSigner(true);
         try {
-            // IMPORTANT: We need to wrap the addRootSigner call in an execute call
-            // This is because the EntryPoint calls the account, and the account needs
-            // to call itself to satisfy the onlyOwner modifier (msg.sender == address(this))
-
-            // First encode the addRootSigner call
-            const addSignerData = encodeFunctionData({
+            // Directly encode the addRootSigner call
+            // The EntryPoint can call restricted functions on behalf of the owner
+            const callData = encodeFunctionData({
                 abi: CONTRACTS.OmniAccountImplementation.abi,
                 functionName: "addRootSigner",
                 args: [newSignerAddress as `0x${string}`],
             });
 
-            // Then wrap it in an execute call (the account calls itself)
-            const callData = encodeFunctionData({
-                abi: [
-                    {
-                        name: "execute",
-                        type: "function",
-                        inputs: [
-                            { name: "target", type: "address" },
-                            { name: "value", type: "uint256" },
-                            { name: "data", type: "bytes" },
-                        ],
-                        outputs: [],
-                        stateMutability: "nonpayable",
-                    },
-                ],
-                functionName: "execute",
-                args: [omniAccountAddress as `0x${string}`, BigInt(0), addSignerData],
-            });
-
             // Get current nonce for the account
             const nonce = (await publicClient.readContract({
                 address: CONTRACTS.EntryPoint.address,
@@ -158,14 +136,14 @@ export function AuthorizedSigners({
                     : undefined,
             });
 
-            // Sign UserOperation with RootKey signer type
+            // Sign UserOperation with Owner signer type (required for restricted functions)
             const signature = await signUserOperation(
                 walletClient,
                 evmAddress,
                 userOp as UserOperation,
                 CONTRACTS.EntryPoint.address,
                 BigInt(await publicClient.getChainId()),
-                UserOpSigner.RootKey,
+                UserOpSigner.Owner,
             );
 
             userOp.signature = signature;
@@ -237,36 +215,13 @@ export function AuthorizedSigners({
             return;
 
         try {
-            // First encode the removeRootSigner call
-            const removeSignerData = encodeFunctionData({
+            // Directly encode the removeRootSigner call
+            const callData = encodeFunctionData({
                 abi: CONTRACTS.OmniAccountImplementation.abi,
                 functionName: "removeRootSigner",
                 args: [signerToRemove as `0x${string}`],
             });
 
-            // Then wrap it in an execute call (the account calls itself)
-            const callData = encodeFunctionData({
-                abi: [
-                    {
-                        name: "execute",
-                        type: "function",
-                        inputs: [
-                            { name: "target", type: "address" },
-                            { name: "value", type: "uint256" },
-                            { name: "data", type: "bytes" },
-                        ],
-                        outputs: [],
-                        stateMutability: "nonpayable",
-                    },
-                ],
-                functionName: "execute",
-                args: [
-                    omniAccountAddress as `0x${string}`,
-                    BigInt(0),
-                    removeSignerData,
-                ],
-            });
-
             // Get current nonce for the account
             const nonce = (await publicClient.readContract({
                 address: CONTRACTS.EntryPoint.address,
@@ -294,14 +249,14 @@ export function AuthorizedSigners({
                     : undefined,
             });
 
-            // Sign UserOperation with RootKey signer type
+            // Sign UserOperation with Owner signer type (required for restricted functions)
             const signature = await signUserOperation(
                 walletClient,
                 evmAddress,
                 userOp as UserOperation,
                 CONTRACTS.EntryPoint.address,
                 BigInt(await publicClient.getChainId()),
-                UserOpSigner.RootKey,
+                UserOpSigner.Owner,
             );
 
             userOp.signature = signature;