Skip to main content

Module account_keychain

tempo_precompiles

Module account_keychain 

Source
Expand description

Account keychain precompile for managing session keys and spending limits.

Each account can authorize secondary keys (session keys) with per-token spending caps, signature type constraints, and expiry. The main key (address zero) retains full control; T6 admin keys can also manage other access keys.

Modules§

IAccountKeychain
Account Keychain interface for managing authorized keys
__packing_authorized_key
__packing_key_scope
__packing_selector_scope
__packing_spending_limit_state
__packing_target_scope
dispatch
ABI dispatch for the AccountKeychain precompile.
slots

Structs§

AccountKeychain
AuthorizedKey
Key information stored in the precompile
AuthorizedKeyHandler
Type-safe handler for accessing #struct_name in storage.
CallScope
Per-target call scope.
KeyInfo
Key information structure
KeyRestrictions
Optional access-key restrictions configured at authorization time.
KeyScope
Key-level call scope.
KeyScopeHandler
Type-safe handler for accessing #struct_name in storage.
SelectorRule
Selector-level recipient rule.
SelectorScope
Selector-level scope for one selector under one target.
SelectorScopeHandler
Type-safe handler for accessing #struct_name in storage.
SpendingLimitState
Per-token spending limit state.
SpendingLimitStateHandler
Type-safe handler for accessing #struct_name in storage.
TargetScope
Target-level scope for one target under one account key.
TargetScopeHandler
Type-safe handler for accessing #struct_name in storage.
TokenLimit
Token spending limit structure
authorizeKeyCall
Authorize a new key for the caller’s account with T3 extensions. @param keyId The key identifier (address derived from public key) @param signatureType 0: secp256k1, 1: P256, 2: WebAuthn @param config Access-key expiry and optional limits / call restrictions Function with signature authorizeKey(address,uint8,(uint64,bool,(address,uint256,uint64)[],bool,(address,(bytes4,address[])[])[])) and selector 0x980a6025.
authorizeKeyWithWitnessCall
Authorize a new key with a TIP-1053 witness. @dev The witness must not be burned for the caller’s account. bytes32(0) is valid. Function with signature authorizeKey(address,uint8,(uint64,bool,(address,uint256,uint64)[],bool,(address,(bytes4,address[])[])[]),bytes32) and selector 0xe3c154d2.
burnKeyAuthorizationWitnessCall
Burn a TIP-1053 key-authorization witness without authorizing a key. @dev Callable only by the account admin key. Function with signature burnKeyAuthorizationWitness(bytes32) and selector 0xcff31c46.
getAllowedCallsCall
Returns whether an account key is call-scoped and, if so, the configured call scopes. @dev isScoped = false means unrestricted. isScoped = true && scopes.length == 0 means scoped deny-all. @dev Missing, revoked, or expired access keys also return scoped deny-all so callers do not observe stale persisted scope state. Function with signature getAllowedCalls(address,address) and selector 0x0163e7ec.
getAllowedCallsReturn
Returns whether an account key is call-scoped and, if so, the configured call scopes. @dev isScoped = false means unrestricted. isScoped = true && scopes.length == 0 means scoped deny-all. @dev Missing, revoked, or expired access keys also return scoped deny-all so callers do not observe stale persisted scope state. Container type for the return parameters of the getAllowedCalls(address,address) function.
getKeyCall
Get key information @param account The account address @param publicKey The public key @return Key information Function with signature getKey(address,address) and selector 0xbc298553.
getRemainingLimitCall
Get remaining spending limit using the legacy pre-T3 return shape. @param account The account address @param publicKey The public key @param token The token address Function with signature getRemainingLimit(address,address,address) and selector 0x63b4290d.
getRemainingLimitReturn
Get remaining spending limit together with the active period end. @param account The account address @param publicKey The public key @param token The token address @return remaining Remaining spending amount @return periodEnd Period end timestamp for periodic limits (0 for one-time) Container type for the return parameters of the getRemainingLimitWithPeriod(address,address,address) function.
getRemainingLimitWithPeriodCall
Get remaining spending limit together with the active period end. @param account The account address @param publicKey The public key @param token The token address @return remaining Remaining spending amount @return periodEnd Period end timestamp for periodic limits (0 for one-time) Function with signature getRemainingLimitWithPeriod(address,address,address) and selector 0xa7f72cab.
getTransactionKeyCall
Get the key used in the current transaction @return The keyId used in the current transaction Function with signature getTransactionKey() and selector 0xb07fbc1a.
isKeyAuthorizationWitnessBurnedCall
Returns whether a TIP-1053 key-authorization witness has been manually burned. Function with signature isKeyAuthorizationWitnessBurned(address,bytes32) and selector 0x8e6c7e11.
removeAllowedCallsCall
Remove any configured call scope for a key+target pair. Function with signature removeAllowedCalls(address,address) and selector 0xf3941811.
revokeKeyCall
Revoke an authorized key @param publicKey The public key to revoke Function with signature revokeKey(address) and selector 0x5ae7ab32.
setAllowedCallsCall
Set or replace allowed calls for one or more key+target pairs. @dev Reverts if scopes is empty; use removeAllowedCalls to delete target scopes. @dev scope.selectorRules = [] does NOT block the target; it allows any selector on that target. @dev To block the target entirely, call removeAllowedCalls. To block one selector, omit that selector rule from scope.selectorRules. Function with signature setAllowedCalls(address,(address,(bytes4,address[])[])[]) and selector 0xf5456703.
updateSpendingLimitCall
Update spending limit for a key-token pair @param publicKey The public key @param token The token address @param newLimit The new spending limit Function with signature updateSpendingLimit(address,address,uint256) and selector 0xcbbb4480.

Enums§

SignatureType
StoredSignatureType

Constants§

TIP20_APPROVE_SELECTOR 🔒
TIP20_TRANSFER_SELECTOR 🔒
Allowed TIP-20 selectors for recipient-constrained rules.
TIP20_TRANSFER_WITH_MEMO_SELECTOR 🔒

Functions§

is_constrained_tip20_selector