feat: add more debugging options from local test

also address code revie comments

Author: cpb8010

examples/demo-app/scripts/deploy-msa-anvil.sh

@@ -60,6 +60,10 @@ cast send "$PAYMASTER" --value 10ether --private-key "$ANVIL_ACCOUNT_0_KEY" --rp
 echo "💳 Depositing 10 ETH into EntryPoint for paymaster..."
 cast send "$PAYMASTER" "deposit()" --value 10ether --private-key "$ANVIL_ACCOUNT_0_KEY" --rpc-url "$RPC_URL" 2>&1 || echo "Deposit initiated"
 
+# Add stake to the paymaster (required for ERC-4337)
+echo "🔒 Adding stake to paymaster (1 day unlock delay)..."
+cast send "$PAYMASTER" "addStake(uint32)" 86400 --value 1ether --private-key "$ANVIL_ACCOUNT_0_KEY" --rpc-url "$RPC_URL" 2>&1 || echo "Stake added"
+
 # Verify all addresses were extracted
 if [ -z "$EOA_VALIDATOR" ] || [ -z "$SESSION_VALIDATOR" ] || [ -z "$WEBAUTHN_VALIDATOR" ] || \
   [ -z "$GUARDIAN_EXECUTOR" ] || [ -z "$ACCOUNT_IMPL" ] || [ -z "$BEACON" ] || [ -z "$FACTORY" ] || [ -z "$PAYMASTER" ]; then

packages/auth-server/composables/useGuardianModuleCheck.ts

@@ -0,0 +1,60 @@
+/**
+ * Composable for checking if the guardian module is installed on an account
+ */
+
+import type { Address } from "viem";
+import { isGuardianModuleInstalled } from "zksync-sso-4337";
+
+export const useGuardianModuleCheck = () => {
+  const { getPublicClient, defaultChain, contractsByChain } = useClientStore();
+  const contracts = contractsByChain[defaultChain!.id];
+
+  const checkInProgress = ref(false);
+  const checkError = ref<Error | null>(null);
+  const isInstalled = ref<boolean | null>(null);
+
+  /**
+   * Check if the guardian executor module is installed on the given account
+   *
+   * This is useful for verifying that accounts deployed on testnet have the
+   * guardian recovery module properly configured.
+   *
+   * @param accountAddress - The smart account address to check
+   * @returns Promise that resolves to true if module is installed, false otherwise
+   */
+  async function checkGuardianModuleInstalled(accountAddress: Address): Promise<boolean> {
+    checkInProgress.value = true;
+    checkError.value = null;
+    isInstalled.value = null;
+
+    try {
+      if (!contracts.guardianExecutor) {
+        throw new Error("GuardianExecutor contract address not configured for this chain");
+      }
+
+      const client = getPublicClient({ chainId: defaultChain.id });
+
+      const result = await isGuardianModuleInstalled({
+        client,
+        accountAddress,
+        guardianExecutorAddress: contracts.guardianExecutor,
+      });
+
+      isInstalled.value = result.isInstalled;
+      return result.isInstalled;
+    } catch (err) {
+      const error = err instanceof Error ? err : new Error(String(err));
+      checkError.value = error;
+      throw error;
+    } finally {
+      checkInProgress.value = false;
+    }
+  }
+
+  return {
+    checkGuardianModuleInstalled,
+    checkInProgress: readonly(checkInProgress),
+    checkError: readonly(checkError),
+    isInstalled: readonly(isInstalled),
+  };
+};

packages/auth-server/composables/useRecoveryGuardian.ts

@@ -273,7 +273,18 @@ export const useRecoveryGuardian = () => {
     let recoveryData: Hex;
 
     if (recoveryType === RecoveryType.WebAuthn) {
+      // Validate inputs before encoding
+      if (!credentialId || credentialId.trim().length === 0) {
+        throw new Error("credentialId cannot be empty");
+      }
+
       const publicKeyBytes = getPublicKeyBytesFromPasskeySignature(credentialPublicKey);
+
+      // Validate that public key coordinates are valid 32-byte values
+      if (publicKeyBytes[0].length !== 32 || publicKeyBytes[1].length !== 32) {
+        throw new Error("Invalid public key coordinates: must be 32 bytes each");
+      }
+
       const publicKeyHex = [
         pad(`0x${publicKeyBytes[0].toString("hex")}`),
         pad(`0x${publicKeyBytes[1].toString("hex")}`),

packages/auth-server/pages/recovery/guardian/(actions)/confirm-guardian.vue

@@ -108,6 +108,7 @@ import { AddressSchema } from "@/utils/schemas";
 const accountData = useAppKitAccount();
 const route = useRoute();
 const { confirmGuardian, confirmGuardianInProgress, getGuardians, getGuardiansData } = useRecoveryGuardian();
+const { verifyAccountSetup } = useDebugGuardian();
 const { getConfigurableAccount, getConfigurableAccountInProgress } = useConfigurableAccount();
 const { getWalletClient, defaultChain } = useClientStore();
 const { isSsoAccount: checkIsSsoAccount, isLoading: isSsoAccountLoading, error: isSsoAccountError } = useIsSsoAccount();
@@ -176,6 +177,11 @@ const status = computed(() => {
 const confirmGuardianAction = async () => {
   try {
     confirmGuardianError.value = null;
+
+    // Debug: Verify account setup before attempting confirmation
+    console.log("=== Starting Guardian Confirmation Debug ===");
+    await verifyAccountSetup(accountAddress.value);
+
     let client;
 
     if (isSsoAccount.value) {

packages/auth-server/stores/local-node.json

@@ -2,15 +2,15 @@
   "rpcUrl": "http://localhost:8545",
   "chainId": 1337,
   "deployer": "0xa0Ee7A142d267C1f36714E4a8F75612F20a79720",
-  "eoaValidator": "0x7079ade5d4C71aE7868E6AC8553148FfC3D8d660",
-  "sessionValidator": "0xE619369f26285FEd402bd0c3526aEb1faf2BE2C0",
-  "webauthnValidator": "0x85ed36BD17265a4eb2f6d87FAd3E6277066986f0",
-  "guardianExecutor": "0xb3b3496CC339d80b2182a3985FeF5EBE60bc896C",
-  "accountImplementation": "0xddfa09697bCe57712B5365ff573c3e6b3C8FFDDb",
-  "beacon": "0x197072f17a5e1A35C1909999e6f3cFEDe5A42BB8",
-  "factory": "0xF9e4C9Cfec57860d82e6B41Cd50DEF2b3826D5CF",
-  "testPaymaster": "0xf8C803b1378C96557381f43F86f77D72D79BeE95",
-  "mockPaymaster": "0xf8C803b1378C96557381f43F86f77D72D79BeE95",
+  "eoaValidator": "0xEc5AB17Cc35221cdF54EaEb0868eA82d4D75D9Bf",
+  "sessionValidator": "0xd512108c249cC5ec5370491AD916Be31bb88Dad2",
+  "webauthnValidator": "0xadF4aCF92F0A1398d50402Db551feb92b1125DAb",
+  "guardianExecutor": "0x0efdDbB35e9BBc8c762E5B4a0f627210b6c9A721",
+  "accountImplementation": "0xd7400e73bA36388c71C850aC96288E390bd22Ebe",
+  "beacon": "0xbe38809914b552f295cD3e8dF2e77b3DA69cBC8b",
+  "factory": "0xb11632A56608Bad85562FaE6f1AF269d1fE9e8e6",
+  "testPaymaster": "0x287E8b17ce85B451a906EA8A179212e5a24680A3",
+  "mockPaymaster": "0x287E8b17ce85B451a906EA8A179212e5a24680A3",
   "entryPoint": "0x4337084D9E255Ff0702461CF8895CE9E3b5Ff108",
   "bundlerUrl": "http://localhost:4337"
 }

packages/sdk-4337/src/client/actions/index.ts

@@ -28,5 +28,12 @@ export type {
 } from "./passkey.js";
 export { addPasskey, fetchAccount, findAddressesByPasskey } from "./passkey.js";
 
+// Module management exports
+export type {
+  IsModuleInstalledParams,
+  IsModuleInstalledResult,
+} from "./modules.js";
+export { isGuardianModuleInstalled, isModuleInstalled, ModuleType } from "./modules.js";
+
 // Utilities
 export { generateAccountId } from "./utils.js";

packages/sdk-4337/src/client/actions/modules.ts

@@ -0,0 +1,112 @@
+/**
+ * Module management actions for ERC-7579 smart accounts
+ */
+
+import type { Address, Hex, PublicClient } from "viem";
+
+/**
+ * ERC-7579 module type IDs
+ */
+export const ModuleType = {
+  VALIDATOR: 1n,
+  EXECUTOR: 2n,
+  FALLBACK: 3n,
+  HOOK: 4n,
+} as const;
+
+/**
+ * Minimal ABI for isModuleInstalled function on ERC-7579 accounts
+ */
+const IERC7579AccountAbi = [
+  {
+    type: "function",
+    name: "isModuleInstalled",
+    inputs: [
+      { name: "moduleTypeId", type: "uint256", internalType: "uint256" },
+      { name: "module", type: "address", internalType: "address" },
+      { name: "additionalContext", type: "bytes", internalType: "bytes" },
+    ],
+    outputs: [{ name: "", type: "bool", internalType: "bool" }],
+    stateMutability: "view",
+  },
+] as const;
+
+export type IsModuleInstalledParams = {
+  /** Public client for reading contract state */
+  client: PublicClient;
+  /** The smart account address to check */
+  accountAddress: Address;
+  /** The module address to check for installation */
+  moduleAddress: Address;
+  /** The module type ID (use ModuleType constants) */
+  moduleTypeId: bigint;
+  /** Optional additional context for module lookup (usually empty) */
+  additionalContext?: Hex;
+};
+
+export type IsModuleInstalledResult = {
+  /** Whether the module is installed on the account */
+  isInstalled: boolean;
+};
+
+/**
+ * Check if a module is installed on an ERC-7579 smart account
+ *
+ * @example
+ * ```typescript
+ * const result = await isModuleInstalled({
+ *   client: publicClient,
+ *   accountAddress: "0x...",
+ *   moduleAddress: "0x...",
+ *   moduleTypeId: ModuleType.EXECUTOR,
+ * });
+ * console.log("Guardian module installed:", result.isInstalled);
+ * ```
+ */
+export async function isModuleInstalled(
+  params: IsModuleInstalledParams,
+): Promise<IsModuleInstalledResult> {
+  const {
+    client,
+    accountAddress,
+    moduleAddress,
+    moduleTypeId,
+    additionalContext = "0x",
+  } = params;
+
+  const isInstalled = await client.readContract({
+    address: accountAddress,
+    abi: IERC7579AccountAbi,
+    functionName: "isModuleInstalled",
+    args: [moduleTypeId, moduleAddress, additionalContext],
+  });
+
+  return { isInstalled };
+}
+
+/**
+ * Check if the guardian executor module is installed on an account
+ *
+ * @example
+ * ```typescript
+ * const result = await isGuardianModuleInstalled({
+ *   client: publicClient,
+ *   accountAddress: "0x...",
+ *   guardianExecutorAddress: "0x...",
+ * });
+ * if (!result.isInstalled) {
+ *   console.warn("Guardian module not installed on account");
+ * }
+ * ```
+ */
+export async function isGuardianModuleInstalled(params: {
+  client: PublicClient;
+  accountAddress: Address;
+  guardianExecutorAddress: Address;
+}): Promise<IsModuleInstalledResult> {
+  return isModuleInstalled({
+    ...params,
+    moduleAddress: params.guardianExecutorAddress,
+    moduleTypeId: ModuleType.EXECUTOR,
+  });
+}

packages/sdk-4337/src/client/actions/passkey.ts

@@ -315,7 +315,7 @@ export async function fetchAccount(
   });
 
   if (!publicKeyCoords || !publicKeyCoords[0] || !publicKeyCoords[1]) {
-    throw new Error(`Passkey credentials not found in on-chain module for passkey ${credentialId}`);
+    throw new Error(`Credential not found in on-chain module for credential ${credentialId}`);
   }
 
   // Convert the public key coordinates back to COSE format