diff --git a/README.md b/README.md index 94e3150..f686a2d 100644 --- a/README.md +++ b/README.md @@ -1,78 +1,57 @@ -# @metamask/template-snap-monorepo -This repository demonstrates how to develop a snap with TypeScript. For detailed instructions, see [the MetaMask documentation](https://docs.metamask.io/guide/snaps.html#serving-a-snap-to-your-local-environment). +## How to build? -MetaMask Snaps is a system that allows anyone to safely expand the capabilities of MetaMask. A _snap_ is a program that we run in an isolated environment that can customize the wallet experience. +Run `yarn install`. -## Snaps is pre-release software +To build, please note that we have encountered a strange Webpack build bug when building the @lit-protocol SDK in the normal way. +To solve it, comment out the following line: +`import * as LitJsSdk from '@lit-protocol/lit-node-client';` +and add the following line in lit.ts: +`const LitJsSdk = {} as any;` +https://github.com/enu-kuro/bailout/blob/main/packages/site/src/utils/lit.ts -To interact with (your) Snaps, you will need to install [MetaMask Flask](https://metamask.io/flask/), a canary distribution for developers that provides access to upcoming features. +After making these changes, run yarn start. + Once the app starts, you can revert the changes and Webpack will rebuild the app without errors. -## Getting Started +To enable Google authentication, also run `yarn start` in the "/google-auth" directory. -Clone the template-snap repository [using this template](https://github.com/MetaMask/template-snap-monorepo/generate) and setup the development environment: -```shell -yarn install && yarn start -``` - -## Cloning - -This repository contains GitHub Actions that you may find useful, see `.github/workflows` and [Releasing & Publishing](https://github.com/MetaMask/template-snap-monorepo/edit/main/README.md#releasing--publishing) below for more information. - -If you clone or create this repository outside the MetaMask GitHub organization, you probably want to run `./scripts/cleanup.sh` to remove some files that will not work properly outside the MetaMask GitHub organization. - -Note that the `action-publish-release.yml` workflow contains a step that publishes the frontend of this snap (contained in the `public/` directory) to GitHub pages. If you do not want to publish the frontend to GitHub pages, simply remove the step named "Publish to GitHub Pages" in that workflow. - -If you don't wish to use any of the existing GitHub actions in this repository, simply delete the `.github/workflows` directory. - -## Contributing - -### Testing and Linting - -Run `yarn test` to run the tests once. +## 2 Factor Authentication -Run `yarn lint` to run the linter, or run `yarn lint:fix` to run the linter and fix any automatically fixable issues. +### Setting up 2FA -### Releasing & Publishing - -The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions [`action-create-release-pr`](https://github.com/MetaMask/action-create-release-pr) and [`action-publish-release`](https://github.com/MetaMask/action-publish-release) are used to automate the release process; see those repositories for more information about how they work. - -1. Choose a release version. - -- The release version should be chosen according to SemVer. Analyze the changes to see whether they include any breaking changes, new features, or deprecations, then choose the appropriate SemVer version. See [the SemVer specification](https://semver.org/) for more information. - -2. If this release is backporting changes onto a previous release, then ensure there is a major version branch for that version (e.g. `1.x` for a `v1` backport release). +``` +To set up 2FA, create a private key less MPC wallet utilizing Lit Protocol. +Actually it's not a private key less: the Lit nodes manage private keys in a distributed manner. +Users can sign transactions with this private key using Web2 Auth like Google. +Set the ETH address of the wallet contract as the 2FA address. +``` -- The major version branch should be set to the most recent release with that major version. For example, when backporting a `v1.0.2` release, you'd want to ensure there was a `1.x` branch that was set to the `v1.0.1` tag. +To mint PKP for 2FA, use mintPKPWithCredential: +https://github.com/enu-kuro/bailout/blob/d644b2dddb5fef3014d67e804493be8c72c12cc5/packages/site/src/snapMock/lit.ts#L85 -3. Trigger the [`workflow_dispatch`](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch) event [manually](https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow) for the `Create Release Pull Request` action to create the release PR. -- For a backport release, the base branch should be the major version branch that you ensured existed in step 2. For a normal release, the base branch should be the main branch for that repository (which should be the default value). -- This should trigger the [`action-create-release-pr`](https://github.com/MetaMask/action-create-release-pr) workflow to create the release PR. +To set the 2FA address to the AA contract, use set2Fa: +https://github.com/enu-kuro/bailout/blob/d644b2dddb5fef3014d67e804493be8c72c12cc5/packages/site/src/snapMock/aaWallet.ts#L85 -4. Update the changelog to move each change entry into the appropriate change category ([See here](https://keepachangelog.com/en/1.0.0/#types) for the full list of change categories, and the correct ordering), and edit them to be more easily understood by users of the package. -- Generally any changes that don't affect consumers of the package (e.g. lockfile changes or development environment changes) are omitted. Exceptions may be made for changes that might be of interest despite not having an effect upon the published package (e.g. major test improvements, security improvements, improved documentation, etc.). -- Try to explain each change in terms that users of the package would understand (e.g. avoid referencing internal variables/concepts). -- Consolidate related changes into one change entry if it makes it easier to explain. -- Run `yarn auto-changelog validate --rc` to check that the changelog is correctly formatted. +Note that the first contract call always fails for some reason, so we need to call it twice. The first call is to transfer 0 ETH to itself for simply activating the deployment process. -5. Review and QA the release. -- If changes are made to the base branch, the release branch will need to be updated with these changes and review/QA will need to restart again. As such, it's probably best to avoid merging other PRs into the base branch while review is underway. +### Verifying 2FA +``` +Our approach is to concatenate the signatures of the EOA and the 2FA PKP and put them in the signature field of the UserOp. On the contract side, we will split them and verify the signature of the EOA and the 2FA PKP separately." +``` -6. Squash & Merge the release. +To verify 2FA, create an Unsigned UserOp using createUnsignedUserOp: +https://github.com/enu-kuro/bailout/blob/d644b2dddb5fef3014d67e804493be8c72c12cc5/packages/site/src/snapMock/aaWallet.ts#L151 -- This should trigger the [`action-publish-release`](https://github.com/MetaMask/action-publish-release) workflow to tag the final release commit and publish the release on GitHub. +Sign this Unsigned UserOp with the 2FA PKP using signWithPkp: +https://github.com/enu-kuro/bailout/blob/d644b2dddb5fef3014d67e804493be8c72c12cc5/packages/site/src/utils/lit.ts#L72 -7. Publish the release on npm. +Sign this Unsigned Userop with EOA and concatenate both signatures and send the transaction to the bundler using transfer: +https://github.com/enu-kuro/bailout/blob/d644b2dddb5fef3014d67e804493be8c72c12cc5/packages/site/src/snapMock/aaWallet.ts#L193 -- Be very careful to use a clean local environment to publish the release, and follow exactly the same steps used during CI. -- Use `npm publish --dry-run` to examine the release contents to ensure the correct files are included. Compare to previous releases if necessary (e.g. using `https://unpkg.com/browse/[package name]@[package version]/`). -- Once you are confident the release contents are correct, publish the release using `npm publish`. +Note that 2FA is not yet implemented on the Contract side, so the verification process is currently skipped. -## Notes -- Babel is used for transpiling TypeScript to JavaScript, so when building with the CLI, - `transpilationMode` must be set to `localOnly` (default) or `localAndDeps`.