evm

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2026 License: MIT Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SignTypeHash        = "hash"
	SignTypeRawMessage  = "raw_message"
	SignTypeEIP191      = "eip191"
	SignTypePersonal    = "personal"
	SignTypeTypedData   = "typed_data"
	SignTypeTransaction = "transaction"
)

EVM sign types (match ethsig interfaces)

Variables

This section is empty.

Functions

This section is empty.

Types

type AddressListConfig 

type AddressListConfig struct {
	Addresses []string `json:"addresses"` // 0x prefixed
}

AddressListConfig defines addresses for whitelist/blocklist rules When mode=whitelist: transactions TO these addresses are allowed When mode=blocklist: transactions TO these addresses are blocked

type AddressListEvaluator 

type AddressListEvaluator struct{}

AddressListEvaluator checks if tx.To is in the address list Behavior depends on rule mode: - Whitelist mode: returns true if address IS in list (allow) - Blocklist mode: returns true if address IS in list (block)

func NewAddressListEvaluator 

func NewAddressListEvaluator() (*AddressListEvaluator, error)

NewAddressListEvaluator creates a new address list evaluator

func (*AddressListEvaluator) Evaluate 

func (e *AddressListEvaluator) Evaluate(ctx context.Context, r *types.Rule, req *types.SignRequest, parsed *types.ParsedPayload) (bool, string, error)

Evaluate checks if the recipient address is in the list For whitelist mode: returns true if address IS in list (allow transaction) For blocklist mode: returns true if address IS in list (block transaction)

func (*AddressListEvaluator) Type 

func (e *AddressListEvaluator) Type() types.RuleType

Type returns the rule type this evaluator handles

type BatchValidationResult 

type BatchValidationResult struct {
	Results []ValidationResult
	Valid   bool
}

BatchValidationResult contains results for batch validation

type CompositePasswordProvider 

type CompositePasswordProvider struct {
	// contains filtered or unexported fields
}

CompositePasswordProvider uses stdin for password_stdin=true, env otherwise

func NewCompositePasswordProvider 

func NewCompositePasswordProvider(hasStdinKeystores bool) (*CompositePasswordProvider, error)

NewCompositePasswordProvider creates a composite password provider that uses stdin for keystores with password_stdin=true, otherwise uses env vars

func (*CompositePasswordProvider) GetPassword 

func (p *CompositePasswordProvider) GetPassword(address string, config KeystoreConfig) ([]byte, error)

GetPassword returns the password using the appropriate provider based on config

type ContractMethodConfig 

type ContractMethodConfig struct {
	Contract   string   `json:"contract"`    // 0x prefixed
	MethodSigs []string `json:"method_sigs"` // 4-byte hex, 0x prefixed
}

ContractMethodConfig defines allowed contract methods

type ContractMethodEvaluator 

type ContractMethodEvaluator struct{}

ContractMethodEvaluator checks if the method selector matches allowed methods for a contract

func NewContractMethodEvaluator 

func NewContractMethodEvaluator() (*ContractMethodEvaluator, error)

NewContractMethodEvaluator creates a new contract method evaluator

func (*ContractMethodEvaluator) Evaluate 

func (e *ContractMethodEvaluator) Evaluate(ctx context.Context, r *types.Rule, req *types.SignRequest, parsed *types.ParsedPayload) (bool, string, error)

Evaluate checks if the contract and method selector are allowed

func (*ContractMethodEvaluator) Type 

func (e *ContractMethodEvaluator) Type() types.RuleType

Type returns the rule type this evaluator handles

type EVMAdapter 

type EVMAdapter struct {
	// contains filtered or unexported fields
}

EVMAdapter implements types.ChainAdapter for EVM chains

func NewEVMAdapter 

func NewEVMAdapter(registry *SignerRegistry) (*EVMAdapter, error)

NewEVMAdapter creates a new EVM chain adapter

func (*EVMAdapter) HasSigner 

func (a *EVMAdapter) HasSigner(ctx context.Context, address string) bool

HasSigner checks if a signer exists

func (*EVMAdapter) ListSigners 

func (a *EVMAdapter) ListSigners(ctx context.Context) ([]types.SignerInfo, error)

ListSigners returns available signers for this chain

func (*EVMAdapter) ParsePayload 

func (a *EVMAdapter) ParsePayload(ctx context.Context, signType string, payload []byte) (*types.ParsedPayload, error)

ParsePayload parses the payload for rule evaluation

func (*EVMAdapter) Sign 

func (a *EVMAdapter) Sign(ctx context.Context, signerAddress string, signType string, chainID string, payload []byte) (*types.SignResult, error)

Sign performs the actual signing operation

func (*EVMAdapter) Type 

func (a *EVMAdapter) Type() types.ChainType

Type returns the chain type this adapter handles

func (*EVMAdapter) ValidateBasicRequest added in v0.0.2 

func (a *EVMAdapter) ValidateBasicRequest(chainID, signerAddress, signType string, payload []byte) error

ValidateBasicRequest validates request format and size only (chain_id, signer_address, sign_type, payload size). Does not check signer existence or payload semantics. Used so that only well-formed requests are persisted for audit.

func (*EVMAdapter) ValidatePayload 

func (a *EVMAdapter) ValidatePayload(ctx context.Context, signType string, payload []byte) error

ValidatePayload validates the EVM-specific payload

type EVMSignPayload 

type EVMSignPayload struct {
	// For hash signing
	Hash string `json:"hash,omitempty"` // 0x prefixed, 32 bytes

	// For raw message signing
	RawMessage []byte `json:"raw_message,omitempty"`

	// For EIP-191/Personal signing
	Message string `json:"message,omitempty"`

	// For EIP-712 typed data signing
	TypedData *TypedDataPayload `json:"typed_data,omitempty"`

	// For transaction signing
	Transaction *TransactionPayload `json:"transaction,omitempty"`
}

EVMSignPayload is the payload for EVM sign requests

type EnvPasswordProvider 

type EnvPasswordProvider struct{}

EnvPasswordProvider reads passwords from environment variables

func NewEnvPasswordProvider 

func NewEnvPasswordProvider() (*EnvPasswordProvider, error)

NewEnvPasswordProvider creates a new environment variable based password provider

func (*EnvPasswordProvider) GetPassword 

func (p *EnvPasswordProvider) GetPassword(address string, config KeystoreConfig) ([]byte, error)

GetPassword reads the password from the environment variable specified in config

type KeystoreConfig 

type KeystoreConfig struct {
	Address       string `yaml:"address"`        // Expected address (for verification)
	Path          string `yaml:"path"`           // Path to keystore file
	PasswordEnv   string `yaml:"password_env"`   // Environment variable containing password (used when password_stdin is false)
	PasswordStdin bool   `yaml:"password_stdin"` // If true, read password from stdin at startup (more secure)
	Enabled       bool   `yaml:"enabled"`        // Whether this signer is enabled
}

KeystoreConfig defines a keystore signer configuration

type MessagePatternConfig 

type MessagePatternConfig struct {
	// Pattern is a regex pattern that the message must match (whitelist) or must not match (blocklist)
	Pattern string `json:"pattern"`

	// Patterns is a list of regex patterns (any match = rule fires)
	// If both Pattern and Patterns are specified, Pattern is added to Patterns
	Patterns []string `json:"patterns,omitempty"`

	// SignTypes restricts which sign types this rule applies to
	// If empty, applies to "personal" and "eip191" by default
	SignTypes []string `json:"sign_types,omitempty"`

	// Description provides human-readable explanation of what the pattern validates
	Description string `json:"description,omitempty"`

	// TestCases defines validation cases to verify rule correctness
	TestCases []MessagePatternTestCase `json:"test_cases,omitempty"`
}

MessagePatternConfig defines the configuration for message pattern matching

type MessagePatternEvaluator 

type MessagePatternEvaluator struct{}

MessagePatternEvaluator validates personal sign messages against regex patterns Behavior depends on rule mode: - Whitelist mode: returns true if message matches ANY pattern (allow) - Blocklist mode: returns true if message matches ANY pattern (block)

func NewMessagePatternEvaluator 

func NewMessagePatternEvaluator() (*MessagePatternEvaluator, error)

NewMessagePatternEvaluator creates a new message pattern evaluator

func (*MessagePatternEvaluator) AppliesToSignType 

func (e *MessagePatternEvaluator) AppliesToSignType(rule *types.Rule, signType string) bool

AppliesToSignType implements rule.SignTypeApplicable: returns false if the rule's sign_types do not include signType.

func (*MessagePatternEvaluator) Evaluate 

func (e *MessagePatternEvaluator) Evaluate(ctx context.Context, r *types.Rule, req *types.SignRequest, parsed *types.ParsedPayload) (bool, string, error)

Evaluate checks if the message matches the configured patterns For whitelist mode: returns true if message matches ANY pattern (allow signing) For blocklist mode: returns true if message matches ANY pattern (block signing)

func (*MessagePatternEvaluator) Type 

func (e *MessagePatternEvaluator) Type() types.RuleType

Type returns the rule type this evaluator handles

type MessagePatternRuleValidator 

type MessagePatternRuleValidator struct {
	// contains filtered or unexported fields
}

MessagePatternRuleValidator validates message_pattern rules

func NewMessagePatternRuleValidator 

func NewMessagePatternRuleValidator(logger *slog.Logger) (*MessagePatternRuleValidator, error)

NewMessagePatternRuleValidator creates a new message pattern rule validator

func (*MessagePatternRuleValidator) ValidateRule 

func (v *MessagePatternRuleValidator) ValidateRule(ctx context.Context, rule *types.Rule) (*ValidationResult, error)

ValidateRule validates a single message_pattern rule

type MessagePatternTestCase 

type MessagePatternTestCase struct {
	Name         string                  `json:"name"`
	Input        MessagePatternTestInput `json:"input"`
	ExpectPass   bool                    `json:"expect_pass"`
	ExpectReason string                  `json:"expect_reason,omitempty"`
}

MessagePatternTestCase defines a test case for validating a message_pattern rule

type MessagePatternTestInput 

type MessagePatternTestInput struct {
	RawMessage string `json:"raw_message"`
	SignType   string `json:"sign_type,omitempty"` // default: "personal"
}

MessagePatternTestInput defines the input for a message pattern test case

type PasswordProvider 

type PasswordProvider interface {
	// GetPassword returns the password for the given keystore configuration
	GetPassword(address string, config KeystoreConfig) ([]byte, error)
}

PasswordProvider provides passwords for keystore signers

type PrivateKeyConfig 

type PrivateKeyConfig struct {
	Address   string `yaml:"address"` // Expected address (for verification)
	KeyEnvVar string `yaml:"key_env"` // Environment variable containing hex private key
	Enabled   bool   `yaml:"enabled"` // Whether this signer is enabled
}

PrivateKeyConfig defines a private key signer configuration

type SecurityError 

type SecurityError struct {
	Pattern string `json:"pattern"`
	Message string `json:"message"`
}

SecurityError represents a security validation error

func ValidateSolidityCodeSecurity 

func ValidateSolidityCodeSecurity(code string) *SecurityError

ValidateSolidityCodeSecurity checks code for dangerous patterns Returns nil if code is safe, or SecurityError if dangerous patterns are found

type SignTypeRestrictionConfig 

type SignTypeRestrictionConfig struct {
	AllowedSignTypes []string `json:"allowed_sign_types"` // List of allowed sign types
}

SignTypeRestrictionConfig defines the configuration for sign type restrictions

type SignTypeRestrictionEvaluator 

type SignTypeRestrictionEvaluator struct{}

SignTypeRestrictionEvaluator checks if the sign type is allowed

func NewSignTypeRestrictionEvaluator 

func NewSignTypeRestrictionEvaluator() (*SignTypeRestrictionEvaluator, error)

NewSignTypeRestrictionEvaluator creates a new sign type restriction evaluator

func (*SignTypeRestrictionEvaluator) Evaluate 

func (e *SignTypeRestrictionEvaluator) Evaluate(ctx context.Context, r *types.Rule, req *types.SignRequest, parsed *types.ParsedPayload) (bool, string, error)

Evaluate checks if the sign type is in the allowed list

func (*SignTypeRestrictionEvaluator) Type 

func (e *SignTypeRestrictionEvaluator) Type() types.RuleType

Type returns the rule type this evaluator handles

type SignerConfig 

type SignerConfig struct {
	PrivateKeys []PrivateKeyConfig `yaml:"private_keys"`
	Keystores   []KeystoreConfig   `yaml:"keystores"`
}

SignerConfig defines configuration for EVM signers

type SignerManager 

type SignerManager interface {
	// CreateSigner creates a new signer based on the request type
	CreateSigner(ctx context.Context, req types.CreateSignerRequest) (*types.SignerInfo, error)

	// ListSigners returns signers matching the filter with pagination
	ListSigners(ctx context.Context, filter types.SignerFilter) (types.SignerListResult, error)
}

SignerManager manages signer lifecycle operations

type SignerManagerImpl 

type SignerManagerImpl struct {
	// contains filtered or unexported fields
}

SignerManagerImpl implements SignerManager

func NewSignerManager 

func NewSignerManager(registry *SignerRegistry, keystoreDir string, logger *slog.Logger) (*SignerManagerImpl, error)

NewSignerManager creates a new SignerManager

func (*SignerManagerImpl) CreateSigner 

func (m *SignerManagerImpl) CreateSigner(ctx context.Context, req types.CreateSignerRequest) (*types.SignerInfo, error)

CreateSigner creates a new signer based on the request type

func (*SignerManagerImpl) ListSigners 

func (m *SignerManagerImpl) ListSigners(ctx context.Context, filter types.SignerFilter) (types.SignerListResult, error)

ListSigners returns signers matching the filter with pagination

type SignerRegistry 

type SignerRegistry struct {
	// contains filtered or unexported fields
}

SignerRegistry manages EVM signers

func NewSignerRegistry 

func NewSignerRegistry(cfg SignerConfig) (*SignerRegistry, error)

NewSignerRegistry creates a new signer registry from configuration For keystores with password_stdin=true, passwords will be read from stdin interactively

func NewSignerRegistryWithProvider 

func NewSignerRegistryWithProvider(cfg SignerConfig, provider PasswordProvider) (*SignerRegistry, error)

NewSignerRegistryWithProvider creates a new signer registry with a custom password provider

func (*SignerRegistry) GetSigner 

func (r *SignerRegistry) GetSigner(address string) (*ethsig.Signer, error)

GetSigner returns the signer for the given address

func (*SignerRegistry) HasSigner 

func (r *SignerRegistry) HasSigner(address string) bool

HasSigner checks if a signer exists for the given address

func (*SignerRegistry) ListSigners 

func (r *SignerRegistry) ListSigners() []types.SignerInfo

ListSigners returns information about all registered signers

func (*SignerRegistry) ListSignersWithFilter 

func (r *SignerRegistry) ListSignersWithFilter(filter types.SignerFilter) types.SignerListResult

ListSignersWithFilter returns signers matching the filter with pagination

func (*SignerRegistry) RegisterKeystore 

func (r *SignerRegistry) RegisterKeystore(address string, keystorePath string, password []byte) error

RegisterKeystore dynamically registers a keystore signer

type SignerRestrictionConfig 

type SignerRestrictionConfig struct {
	AllowedSigners []string `json:"allowed_signers"` // List of allowed signer addresses
}

SignerRestrictionConfig defines the configuration for signer restrictions

type SignerRestrictionEvaluator 

type SignerRestrictionEvaluator struct{}

SignerRestrictionEvaluator checks if the signer is allowed for the API key

func NewSignerRestrictionEvaluator 

func NewSignerRestrictionEvaluator() (*SignerRestrictionEvaluator, error)

NewSignerRestrictionEvaluator creates a new signer restriction evaluator

func (*SignerRestrictionEvaluator) Evaluate 

func (e *SignerRestrictionEvaluator) Evaluate(ctx context.Context, r *types.Rule, req *types.SignRequest, parsed *types.ParsedPayload) (bool, string, error)

Evaluate checks if the signer is in the allowed list

func (*SignerRestrictionEvaluator) Type 

func (e *SignerRestrictionEvaluator) Type() types.RuleType

Type returns the rule type this evaluator handles

type SolidityEvaluatorConfig 

type SolidityEvaluatorConfig struct {
	ForgePath string        // path to forge binary, empty = auto-detect from PATH
	CacheDir  string        // cache directory for compiled scripts
	TempDir   string        // workspace dir (foundry.toml + lib/forge-std + rule scripts); empty = os.TempDir()/remote-signer-rules. When set to a dir with pre-installed lib/forge-std (e.g. Docker mount), ensureForgeStd is skipped.
	Timeout   time.Duration // max execution time per rule
	CacheTTL  time.Duration // TTL for execution result cache entries, 0 = no expiration
}

SolidityEvaluatorConfig holds configuration for the evaluator

type SolidityExpressionConfig 

type SolidityExpressionConfig struct {
	// Expression is the Solidity code containing require() statements (Mode 1)
	// Available variables:
	//   - address to       (transaction recipient)
	//   - uint256 value    (transaction value in wei)
	//   - bytes4 selector  (method selector, first 4 bytes of data)
	//   - bytes data       (full calldata)
	//   - uint256 chainId  (chain ID)
	//   - address signer   (signing address)
	// Example: require(value <= 1 ether, "exceeds limit");
	Expression string `json:"expression,omitempty"`

	// Functions contains user-defined Solidity functions (Mode 2)
	// When the transaction selector matches a function, it's called automatically
	// with decoded parameters. Context variables available as txTo, txValue, etc.
	// Example:
	//   function transfer(address to, uint256 amount) external {
	//       require(amount <= 10000e6, "exceeds 10k limit");
	//   }
	Functions string `json:"functions,omitempty"`

	// TypedDataExpression is Solidity code for EIP-712 typed data validation (Mode 3)
	// Available variables:
	//   - string eip712_primaryType       (primary type name, e.g., "Permit")
	//   - string eip712_domainName        (domain name)
	//   - string eip712_domainVersion     (domain version)
	//   - uint256 eip712_domainChainId    (domain chain ID)
	//   - address eip712_domainContract   (verifying contract address)
	//   - Plus message fields as defined by TypedDataTypes (or inferred from request)
	// Example: require(value <= 1000000e6, "permit value exceeds 1M limit");
	TypedDataExpression string `json:"typed_data_expression,omitempty"`

	// TypedDataStruct defines the expected EIP-712 message structure using Solidity struct syntax
	// When specified, the rule will:
	//   1. Only match requests where primaryType matches the struct name (or TypedDataPrimaryType if set)
	//   2. Generate a struct instance variable with lowercase name (e.g., Order -> order)
	//   3. Access fields using struct.field syntax (e.g., order.taker, order.feeRateBps)
	// Example:
	//   typed_data_struct: |
	//     struct Order {
	//         uint256 salt;
	//         address maker;
	//         address taker;
	//         uint256 feeRateBps;
	//     }
	//   typed_data_expression: |
	//     require(order.taker == address(0), "taker must be zero address");
	//     require(order.feeRateBps <= 1000, "fee exceeds 10%");
	TypedDataStruct string `json:"typed_data_struct,omitempty"`

	// TypedDataPrimaryType specifies the expected EIP-712 primaryType to match
	// If not set but TypedDataStruct is defined, uses the struct name as primaryType
	// The lowercase form of this name is used as the struct instance variable name
	// Example: "Order" -> instance variable "order" accessible in expressions
	TypedDataPrimaryType string `json:"typed_data_primary_type,omitempty"`

	// TypedDataFunctions contains struct definitions and validation functions (Mode 4)
	// Define structs matching EIP-712 types and functions to validate them
	// Example:
	//   struct Permit { address owner; address spender; uint256 value; ... }
	//   function validatePermit(Permit memory permit) external { ... }
	TypedDataFunctions string `json:"typed_data_functions,omitempty"`

	// SignTypeFilter restricts this rule to specific sign types
	// If empty, applies to all sign types (default behavior for transaction rules)
	// Common values: "transaction", "typed_data", "personal", "eip191"
	SignTypeFilter string `json:"sign_type_filter,omitempty"`

	// InMappingArrays supplies address lists for in(expr, varName): varName -> []address.
	// When rule body contains in(txTo, allowed_safe_addresses), generate allowed_safe_addresses_mapping
	// and set InMappingArrays["allowed_safe_addresses"] to the list. O(1) lookup instead of expanded OR chain.
	InMappingArrays map[string][]string `json:"in_mapping_arrays,omitempty"`

	// Description explains what the rule validates
	Description string `json:"description,omitempty"`

	// ABISignature defines custom ABI decoding (optional, only for Expression mode)
	// Format: "functionName(type1,type2,...)"
	ABISignature string `json:"abi_signature,omitempty"`

	// TestCases defines validation cases to verify rule correctness
	// Each test case is executed during rule creation/update to ensure validity
	TestCases []SolidityTestCase `json:"test_cases"`
}

SolidityExpressionConfig holds the Solidity code for rule evaluation Supports multiple modes:

  1. Expression mode: require() statements with context variables (for transactions)
  2. Function mode: define functions that auto-match transaction selectors
  3. TypedDataExpression mode: require() statements for EIP-712 typed data validation
  4. TypedDataFunctions mode: struct-based functions for EIP-712 validation

type SolidityRuleEvaluator 

type SolidityRuleEvaluator struct {
	// contains filtered or unexported fields
}

SolidityRuleEvaluator evaluates rules using Foundry's forge script

func NewSolidityRuleEvaluator 

func NewSolidityRuleEvaluator(cfg SolidityEvaluatorConfig, logger *slog.Logger) (*SolidityRuleEvaluator, error)

NewSolidityRuleEvaluator creates a new evaluator

func (*SolidityRuleEvaluator) AppliesToSignType 

func (e *SolidityRuleEvaluator) AppliesToSignType(rule *types.Rule, signType string) bool

AppliesToSignType implements rule.SignTypeApplicable: returns false if the rule's sign_type_filter does not match.

func (*SolidityRuleEvaluator) CanBatchEvaluate 

func (e *SolidityRuleEvaluator) CanBatchEvaluate(rules []*types.Rule) bool

CanBatchEvaluate returns true if the given rules can be evaluated together Rules can be batched if they all use compatible validation modes

func (*SolidityRuleEvaluator) Evaluate 

func (e *SolidityRuleEvaluator) Evaluate(
	ctx context.Context,
	rule *types.Rule,
	req *types.SignRequest,
	parsed *types.ParsedPayload,
) (bool, string, error)

Evaluate evaluates the rule against the request

func (*SolidityRuleEvaluator) EvaluateBatch 

func (e *SolidityRuleEvaluator) EvaluateBatch(
	ctx context.Context,
	rules []*types.Rule,
	req *types.SignRequest,
	parsed *types.ParsedPayload,
) ([]rule.BatchEvaluationResult, error)

EvaluateBatch evaluates multiple rules against the same request in a single forge execution

func (*SolidityRuleEvaluator) GenerateFunctionSyntaxCheckScript 

func (e *SolidityRuleEvaluator) GenerateFunctionSyntaxCheckScript(functions string) string

GenerateFunctionSyntaxCheckScript generates a script for compilation checking (Functions mode) Uses the same two-contract structure as solidityFunctionTemplate for consistency

func (*SolidityRuleEvaluator) GenerateSyntaxCheckScript 

func (e *SolidityRuleEvaluator) GenerateSyntaxCheckScript(expression string) string

GenerateSyntaxCheckScript generates a script for compilation checking (Expression mode)

func (*SolidityRuleEvaluator) GenerateTypedDataExpressionSyntaxCheckScript 

func (e *SolidityRuleEvaluator) GenerateTypedDataExpressionSyntaxCheckScript(expression string) string

GenerateTypedDataExpressionSyntaxCheckScript generates a syntax check script for TypedDataExpression mode. Callers must pass the rule's typed_data_struct via GenerateTypedDataExpressionSyntaxCheckScriptWithStruct; rules are the single source of truth.

func (*SolidityRuleEvaluator) GenerateTypedDataExpressionSyntaxCheckScriptWithStruct 

func (e *SolidityRuleEvaluator) GenerateTypedDataExpressionSyntaxCheckScriptWithStruct(expression string, structDef *StructDefinition) string

GenerateTypedDataExpressionSyntaxCheckScriptWithStruct generates a syntax check script from the rule's struct definition only. structDef must come from the rule config (typed_data_struct); no hardcoded structs. When structDef is nil, generates only EIP-712/ctx vars so expressions that reference structs fail at compile (caller should require typed_data_struct for typed_data_expression rules).

func (*SolidityRuleEvaluator) GenerateTypedDataFunctionsSyntaxCheckScript 

func (e *SolidityRuleEvaluator) GenerateTypedDataFunctionsSyntaxCheckScript(functions string) string

GenerateTypedDataFunctionsSyntaxCheckScript generates a syntax check script for TypedDataFunctions mode

func (*SolidityRuleEvaluator) GetCacheDir 

func (e *SolidityRuleEvaluator) GetCacheDir() string

GetCacheDir returns the cache directory path

func (*SolidityRuleEvaluator) GetFoundryPath 

func (e *SolidityRuleEvaluator) GetFoundryPath() string

GetFoundryPath returns the forge binary path

func (*SolidityRuleEvaluator) GetTempDir 

func (e *SolidityRuleEvaluator) GetTempDir() string

GetTempDir returns the temp directory path

func (*SolidityRuleEvaluator) GetTimeout added in v0.0.2 

func (e *SolidityRuleEvaluator) GetTimeout() time.Duration

GetTimeout returns the configured execution timeout (for validator to align forge build/test timeouts)

func (*SolidityRuleEvaluator) Type 

func (e *SolidityRuleEvaluator) Type() types.RuleType

Type returns the rule type this evaluator handles

type SolidityRuleValidator 

type SolidityRuleValidator struct {
	// contains filtered or unexported fields
}

SolidityRuleValidator validates Solidity expression rules before storage

func NewSolidityRuleValidator 

func NewSolidityRuleValidator(evaluator *SolidityRuleEvaluator, logger *slog.Logger) (*SolidityRuleValidator, error)

NewSolidityRuleValidator creates a new validator

func (*SolidityRuleValidator) ValidateRule 

func (v *SolidityRuleValidator) ValidateRule(ctx context.Context, rule *types.Rule) (*ValidationResult, error)

ValidateRule performs full validation of a Solidity expression rule

func (*SolidityRuleValidator) ValidateRulesBatch 

func (v *SolidityRuleValidator) ValidateRulesBatch(ctx context.Context, rules []*types.Rule) (*BatchValidationResult, error)

ValidateRulesBatch validates multiple rules in a single compilation This significantly improves performance by reducing the number of forge compilations. Rules are automatically grouped by validation mode and each group is batched separately.

type SolidityTestCase 

type SolidityTestCase struct {
	// Name describes what this test case validates
	Name string `json:"name"`

	// Input defines the transaction context for this test
	Input SolidityTestInput `json:"input"`

	// ExpectPass indicates whether the rule should pass (true) or revert (false)
	ExpectPass bool `json:"expect_pass"`

	// ExpectReason is the expected revert reason (only used when ExpectPass is false)
	// If empty, any revert is accepted; if set, must match the revert message
	ExpectReason string `json:"expect_reason,omitempty"`
}

SolidityTestCase defines a test case for validating a Solidity rule

type SolidityTestInput 

type SolidityTestInput struct {
	// Transaction context fields (for transaction rules)
	To       string `json:"to,omitempty"`       // recipient address, 0x-prefixed
	Value    string `json:"value,omitempty"`    // value in wei (decimal string)
	Selector string `json:"selector,omitempty"` // method selector, 0x-prefixed 4 bytes
	Data     string `json:"data,omitempty"`     // full calldata, 0x-prefixed hex
	ChainID  string `json:"chain_id,omitempty"` // chain ID (decimal string)
	Signer   string `json:"signer,omitempty"`   // signer address, 0x-prefixed

	// EIP-712 typed data fields (for typed_data rules)
	TypedData *TypedDataTestInput `json:"typed_data,omitempty"`
}

SolidityTestInput defines the transaction context for a test case

type StdinPasswordProvider 

type StdinPasswordProvider struct{}

StdinPasswordProvider reads passwords from stdin interactively

func NewStdinPasswordProvider 

func NewStdinPasswordProvider() (*StdinPasswordProvider, error)

NewStdinPasswordProvider creates a new stdin-based password provider

func (*StdinPasswordProvider) GetPassword 

func (p *StdinPasswordProvider) GetPassword(address string, config KeystoreConfig) ([]byte, error)

GetPassword reads the password from stdin interactively

type StructDefinition 

type StructDefinition struct {
	Name   string           // struct name (e.g., "Order")
	Fields []TypedDataField // ordered list of fields
}

StructDefinition represents a parsed Solidity struct

type SyntaxError 

type SyntaxError struct {
	Message  string `json:"message"`
	Line     int    `json:"line,omitempty"`
	Column   int    `json:"column,omitempty"`
	Severity string `json:"severity"` // "error" or "warning"
}

SyntaxError contains details about a Solidity compilation error

type TestCaseResult 

type TestCaseResult struct {
	Name           string `json:"name"`
	Passed         bool   `json:"passed"`
	ExpectedPass   bool   `json:"expected_pass"`
	ActualPass     bool   `json:"actual_pass"`
	ExpectedReason string `json:"expected_reason,omitempty"`
	ActualReason   string `json:"actual_reason,omitempty"`
	Error          string `json:"error,omitempty"`
}

TestCaseResult contains the result of a single test case execution

type TransactionPayload 

type TransactionPayload struct {
	To        *string `json:"to,omitempty"`   // nil for contract creation
	Value     string  `json:"value"`          // wei as decimal string
	Data      string  `json:"data,omitempty"` // 0x-prefixed hex string
	Nonce     *uint64 `json:"nonce,omitempty"`
	Gas       uint64  `json:"gas"`
	GasPrice  string  `json:"gasPrice,omitempty"`  // for legacy tx
	GasTipCap string  `json:"gasTipCap,omitempty"` // for EIP-1559
	GasFeeCap string  `json:"gasFeeCap,omitempty"` // for EIP-1559
	TxType    string  `json:"txType"`              // "legacy", "eip2930", "eip1559"
}

TransactionPayload represents an Ethereum transaction

type TransactionType 

type TransactionType string

TransactionType represents the Ethereum transaction type 

const (
	TransactionTypeLegacy  TransactionType = "legacy"
	TransactionTypeEIP2930 TransactionType = "eip2930"
	TransactionTypeEIP1559 TransactionType = "eip1559"
)

type TypedDataDomain 

type TypedDataDomain struct {
	Name              string `json:"name,omitempty"`
	Version           string `json:"version,omitempty"`
	ChainId           string `json:"chainId,omitempty"` // decimal string
	VerifyingContract string `json:"verifyingContract,omitempty"`
	Salt              string `json:"salt,omitempty"`
}

TypedDataDomain represents the domain of EIP-712 typed data

type TypedDataDomainInput 

type TypedDataDomainInput struct {
	Name              string `json:"name,omitempty"`
	Version           string `json:"version,omitempty"`
	ChainID           string `json:"chainId,omitempty"`
	VerifyingContract string `json:"verifyingContract,omitempty"`
	Salt              string `json:"salt,omitempty"`
}

TypedDataDomainInput defines the EIP-712 domain for test cases

type TypedDataField 

type TypedDataField struct {
	Name string `json:"name"`
	Type string `json:"type"`
}

TypedDataField represents a field in EIP-712 typed data

type TypedDataPayload 

type TypedDataPayload struct {
	Types       map[string][]TypedDataField `json:"types"`
	PrimaryType string                      `json:"primaryType"`
	Domain      TypedDataDomain             `json:"domain"`
	Message     map[string]interface{}      `json:"message"`
}

TypedDataPayload represents EIP-712 typed data

type TypedDataTestInput 

type TypedDataTestInput struct {
	// PrimaryType is the primary type name (e.g., "Permit")
	PrimaryType string `json:"primaryType,omitempty"`

	// Domain contains the EIP-712 domain parameters
	Domain *TypedDataDomainInput `json:"domain,omitempty"`

	// Message contains the typed data message fields
	// Keys are field names, values are field values (as strings)
	Message map[string]interface{} `json:"message,omitempty"`
}

TypedDataTestInput defines EIP-712 typed data for test cases

type ValidationMode 

type ValidationMode int

ValidationMode represents the validation mode for a Solidity rule 

const (
	ValidationModeExpression ValidationMode = iota
	ValidationModeFunctions
	ValidationModeTypedDataExpression
	ValidationModeTypedDataFunctions
)

type ValidationResult 

type ValidationResult struct {
	Valid           bool             `json:"valid"`
	SyntaxError     *SyntaxError     `json:"syntax_error,omitempty"`
	TestCaseResults []TestCaseResult `json:"test_case_results,omitempty"`
	FailedTestCases int              `json:"failed_test_cases"`
}

ValidationResult contains the result of rule validation

type ValueLimitConfig 

type ValueLimitConfig struct {
	MaxValue string `json:"max_value"` // wei as decimal string
}

ValueLimitConfig defines value limits

type ValueLimitEvaluator 

type ValueLimitEvaluator struct{}

ValueLimitEvaluator checks if the transaction value is within/exceeds the limit Behavior depends on rule mode: - Whitelist mode: returns true if value <= limit (allow small transactions) - Blocklist mode: returns true if value > limit (block large transactions)

func NewValueLimitEvaluator 

func NewValueLimitEvaluator() (*ValueLimitEvaluator, error)

NewValueLimitEvaluator creates a new value limit evaluator

func (*ValueLimitEvaluator) Evaluate 

func (e *ValueLimitEvaluator) Evaluate(ctx context.Context, r *types.Rule, req *types.SignRequest, parsed *types.ParsedPayload) (bool, string, error)

Evaluate checks the transaction value against the limit For blocklist mode: returns true if value EXCEEDS limit (violation) For whitelist mode: returns true if value is WITHIN limit (allowed)

func (*ValueLimitEvaluator) Type 

func (e *ValueLimitEvaluator) Type() types.RuleType

Type returns the rule type this evaluator handles

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.