feat: add redeemer rule (#212)

* feat: add redeemer execution rule and related types to permission requests

* feat: update execution rules to include GenericRule and remove KnownRule and UnknownRule

* feat: remove ExpiryRule, RedeemerRule, and GenericRule from permission types

* feat: update changelog to remove deprecated execution rules and clarify permission request parameters

* feat: refine Rule and PermissionRequest types documentation for clarity

Author: mj-kiwi

packages/smart-accounts-kit/CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Optional `redeemer` on `PermissionRequestParameter` maps to a `redeemer` execution rule; granted permission responses checksum-normalize redeemer addresses in `rules`.
+
 ## [1.2.0]
 
 ### Added

packages/smart-accounts-kit/src/actions/erc7715GetSupportedExecutionPermissionsAction.ts

@@ -22,13 +22,16 @@ export type { GetSupportedExecutionPermissionsResult } from './erc7715Types';
  * // {
  * //   "native-token-allowance": {
  * //     "chainIds": [1, 137],
- * //     "ruleTypes": ["expiry"]
+ * //     "ruleTypes": ["expiry", "redeemer"]
  * //   },
  * //   "erc20-token-allowance": {
  * //     "chainIds": [1],
- * //     "ruleTypes": []
+ * //     "ruleTypes": ["expiry"]
  * //   }
  * // }
+ * //
+ * // Which strings appear in `ruleTypes` is defined by the wallet; when supported,
+ * // `"redeemer"` indicates the wallet accepts a redeemer execution rule.
  * ```
  */
 export async function erc7715GetSupportedExecutionPermissionsAction(

packages/smart-accounts-kit/src/actions/erc7715Mapping.ts

@@ -8,7 +8,7 @@ import type {
   PermissionTypes as RpcPermissionTypes,
   Rule,
 } from '@metamask/7715-permission-types';
-import { hexToNumber, toHex } from 'viem';
+import { getAddress, hexToNumber, isAddress, toHex, type Hex } from 'viem';
 
 import { isDefined, toHexOrThrow } from '../utils';
 import type {
@@ -38,22 +38,39 @@ import type {
 export function permissionRequestToRpc(
   parameters: PermissionRequestParameter,
 ): PermissionRequest<RpcPermissionTypes> {
-  const { chainId, from, expiry } = parameters;
+  const { chainId, from, expiry, redeemer } = parameters;
 
   const converter = getPermissionRequestToRpcConverter(
     parameters.permission.type,
   );
 
-  const rules: Rule[] = isDefined(expiry)
-    ? [
-        {
-          type: 'expiry',
-          data: {
-            timestamp: expiry,
-          },
-        },
-      ]
-    : [];
+  const rules: Rule[] = [];
+  if (isDefined(expiry)) {
+    rules.push({
+      type: 'expiry',
+      data: {
+        timestamp: expiry,
+      },
+    });
+  }
+  if (isDefined(redeemer)) {
+    if (redeemer.length === 0) {
+      throw new Error(
+        'Invalid redeemers: must specify at least one redeemer address',
+      );
+    }
+    const addresses: Hex[] = [];
+    for (const addr of redeemer) {
+      if (!isAddress(addr)) {
+        throw new Error('Invalid redeemers: must be a valid address');
+      }
+      addresses.push(getAddress(addr));
+    }
+    rules.push({
+      type: 'redeemer',
+      data: { addresses },
+    });
+  }
 
   const optionalFields = {
     ...(from ? { from } : {}),
@@ -313,9 +330,40 @@ export function permissionResponsesFromRpc(
     ...permission,
     chainId: hexToNumber(permission.chainId),
     permission: permissionTypeFromRpc(permission.permission),
+    rules: normalizeRulesFromRpc(permission.rules),
   }));
 }
 
+/**
+ * Checksums addresses in `redeemer` rules; other rules are returned unchanged.
+ *
+ * @param rules - Rules from the wallet RPC response.
+ * @returns The same list with normalized redeemer addresses, or null/undefined if that was the input.
+ */
+function normalizeRulesFromRpc(
+  rules: Rule[] | null | undefined,
+): Rule[] | null | undefined {
+  if (rules === undefined || rules === null) {
+    return rules;
+  }
+  return rules.map((rule) => {
+    if (rule.type !== 'redeemer') {
+      return rule;
+    }
+    const rawAddresses = (rule.data as { addresses?: unknown } | undefined)
+      ?.addresses;
+    if (!Array.isArray(rawAddresses)) {
+      return rule;
+    }
+    return {
+      type: 'redeemer',
+      data: {
+        addresses: rawAddresses.map((addr) => getAddress(addr as Hex)),
+      },
+    };
+  });
+}
+
 /**
  * Converts RPC permission type data to developer-friendly types.
  * Converts hex amount fields to bigint.

packages/smart-accounts-kit/src/actions/erc7715Types.ts

@@ -2,6 +2,7 @@ import type {
   PermissionTypes as RpcPermissionTypes,
   PermissionRequest as RpcPermissionRequest,
   PermissionResponse as RpcPermissionResponse,
+  Rule,
 } from '@metamask/7715-permission-types';
 import type {
   Client,
@@ -13,6 +14,8 @@ import type {
   Address,
 } from 'viem';
 
+export type { Rule };
+
 // =============================================================================
 // Developer-facing types
 // These types represent the public API. Use bigint, number, Hex, and Address for
@@ -111,6 +114,10 @@ export type PermissionRequestParameter = {
   to: Hex;
   from?: Address | undefined | null;
   expiry?: number | undefined | null;
+  /**
+   * When set, adds a `redeemer` execution rule: only these addresses may redeem the permission.
+   */
+  redeemer?: readonly Address[] | undefined | null;
 };
 
 /**
@@ -143,7 +150,7 @@ export type PermissionRequest<TPermission extends PermissionTypes> = {
   from?: Hex;
   to: Hex;
   permission: TPermission;
-  rules?: Record<string, unknown>[] | null;
+  rules?: Rule[] | null;
 };
 
 /**

packages/smart-accounts-kit/src/actions/index.ts

@@ -67,6 +67,7 @@ export { erc7715GetGrantedExecutionPermissionsAction as getGrantedExecutionPermi
 export {
   type GetSupportedExecutionPermissionsResult,
   type GetGrantedExecutionPermissionsResult,
+  type Rule,
   type SupportedPermissionInfo,
   type PermissionTypes,
   type NativeTokenStreamPermission,

packages/smart-accounts-kit/test/actions/erc7715GetGrantedExecutionPermissionsAction.test.ts

@@ -4,7 +4,7 @@ import type {
 } from '@metamask/7715-permission-types';
 import { stub } from 'sinon';
 import type { Client } from 'viem';
-import { createClient, custom } from 'viem';
+import { createClient, custom, getAddress } from 'viem';
 import { beforeEach, describe, expect, it } from 'vitest';
 
 import {
@@ -79,6 +79,37 @@ describe('erc7715GetGrantedExecutionPermissionsAction', () => {
       ]);
     });
 
+    it('checksum-normalizes redeemer addresses in rules', async () => {
+      const responseWithRedeemer: RpcGetGrantedExecutionPermissionsResult = [
+        {
+          ...mockPermission,
+          rules: [
+            {
+              type: 'redeemer',
+              data: {
+                addresses: ['0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48'],
+              },
+            },
+          ],
+        },
+      ];
+      stubRequest.resolves(responseWithRedeemer);
+
+      const result =
+        await erc7715GetGrantedExecutionPermissionsAction(mockClient);
+
+      expect(result[0]?.rules).to.deep.equal([
+        {
+          type: 'redeemer',
+          data: {
+            addresses: [
+              getAddress('0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48'),
+            ],
+          },
+        },
+      ]);
+    });
+
     it('should set retryCount to 0', async () => {
       stubRequest.resolves(mockResponse);
 

packages/smart-accounts-kit/test/actions/erc7715Mapping.test.ts

@@ -1,4 +1,5 @@
 import type { Hex } from 'viem';
+import { getAddress } from 'viem';
 import { describe, expect, it } from 'vitest';
 
 import {
@@ -7,7 +8,10 @@ import {
   permissionTypeFromRpc,
   rpcSupportedPermissionsToDeveloper,
 } from '../../src/actions/erc7715Mapping';
-import type { RpcGetSupportedExecutionPermissionsResult } from '../../src/actions/erc7715Types';
+import type {
+  RpcGetGrantedExecutionPermissionsResult,
+  RpcGetSupportedExecutionPermissionsResult,
+} from '../../src/actions/erc7715Types';
 
 describe('erc7715Mapping', () => {
   const basePermissionFields = {
@@ -179,6 +183,45 @@ describe('erc7715Mapping', () => {
         },
       });
     });
+
+    it('checksum-normalizes redeemer rule addresses', () => {
+      const rpcPermissions = [
+        {
+          ...basePermissionFields,
+          rules: [
+            {
+              type: 'redeemer',
+              data: {
+                addresses: ['0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48'],
+              },
+            },
+          ],
+          permission: {
+            type: 'native-token-stream',
+            isAdjustmentAllowed: true,
+            data: {
+              amountPerSecond: '0x64',
+              startTime: 1700000000,
+            },
+          },
+        },
+      ];
+
+      const result = permissionResponsesFromRpc(
+        rpcPermissions as RpcGetGrantedExecutionPermissionsResult,
+      );
+
+      expect(result[0]?.rules).toStrictEqual([
+        {
+          type: 'redeemer',
+          data: {
+            addresses: [
+              getAddress('0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48'),
+            ],
+          },
+        },
+      ]);
+    });
   });
 
   describe('rpcSupportedPermissionsToDeveloper', () => {
@@ -261,6 +304,97 @@ describe('erc7715Mapping', () => {
       });
     });
 
+    it('adds redeemer rule with checksummed addresses', () => {
+      const permissionRequest = {
+        chainId: 1,
+        permission: {
+          type: 'native-token-stream',
+          data: { amountPerSecond: 0x1n },
+          isAdjustmentAllowed: false,
+        },
+        to: '0xabcdefabcdefabcdefabcdefabcdefabcdefabcd',
+        redeemer: ['0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48'],
+      } as const;
+
+      const result = permissionRequestToRpc(permissionRequest);
+
+      expect(result.rules).toStrictEqual([
+        {
+          type: 'redeemer',
+          data: {
+            addresses: [
+              getAddress('0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48'),
+            ],
+          },
+        },
+      ]);
+    });
+
+    it('adds expiry then redeemer when both are set', () => {
+      const permissionRequest = {
+        chainId: 1,
+        permission: {
+          type: 'native-token-stream',
+          data: { amountPerSecond: 0x1n },
+          isAdjustmentAllowed: false,
+        },
+        to: '0xabcdefabcdefabcdefabcdefabcdefabcdefabcd',
+        expiry: 1234567890,
+        redeemer: ['0x1111111111111111111111111111111111111111'],
+      } as const;
+
+      const result = permissionRequestToRpc(permissionRequest);
+
+      expect(result.rules).toStrictEqual([
+        {
+          type: 'expiry',
+          data: { timestamp: 1234567890 },
+        },
+        {
+          type: 'redeemer',
+          data: {
+            addresses: [
+              getAddress('0x1111111111111111111111111111111111111111'),
+            ],
+          },
+        },
+      ]);
+    });
+
+    it('throws when redeemer is empty', () => {
+      const permissionRequest = {
+        chainId: 1,
+        permission: {
+          type: 'native-token-stream',
+          data: { amountPerSecond: 0x1n },
+          isAdjustmentAllowed: false,
+        },
+        to: '0xabcdefabcdefabcdefabcdefabcdefabcdefabcd',
+        redeemer: [],
+      } as const;
+
+      expect(() => permissionRequestToRpc(permissionRequest)).toThrow(
+        'Invalid redeemers: must specify at least one redeemer address',
+      );
+    });
+
+    it('throws when redeemer contains invalid address', () => {
+      const permissionRequest = {
+        chainId: 1,
+        permission: {
+          type: 'native-token-stream',
+          data: { amountPerSecond: 0x1n },
+          isAdjustmentAllowed: false,
+        },
+        to: '0xabcdefabcdefabcdefabcdefabcdefabcdefabcd',
+        redeemer: ['0x1234'],
+      } as const;
+
+      expect(() => permissionRequestToRpc(permissionRequest)).toThrow(
+        'Invalid redeemers: must be a valid address',
+      );
+    });
+
     it('converts native-token-periodic: bigint → hex', () => {
       const permissionRequest = {
         chainId: 1,