feat: remove session creation on deployment

this has been removed from the contracts, but still existed in the sdk
and UI. Best to make it clear that this doesn't exist

Author: cpb8010

examples/nft-quest-contracts/project.json

@@ -25,6 +25,14 @@
       },
       "dependsOn": ["build", "demo-app:deploy-msa-factory"]
     },
+    "deploy:nft-only": {
+      "executor": "nx:run-commands",
+      "options": {
+        "cwd": "examples/nft-quest-contracts",
+        "command": "./scripts/deploy-nft-only.sh"
+      },
+      "dependsOn": ["build", "demo-app:deploy-msa-factory"]
+    },
     "test": {
       "executor": "nx:run-commands",
       "options": {

examples/nft-quest-contracts/scripts/deploy-nft-only.sh

@@ -0,0 +1,103 @@
+#!/bin/bash
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
+CONTRACTS_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+echo -e "${GREEN}Deploying NFT Quest contract only...${NC}"
+
+# Configuration
+RPC_URL="http://127.0.0.1:8545"
+ANVIL_ACCOUNT_0_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"
+
+# Check if demo-app contracts exist
+DEMO_APP_CONTRACTS="$PROJECT_ROOT/examples/demo-app/contracts-anvil.json"
+if [ ! -f "$DEMO_APP_CONTRACTS" ]; then
+    echo -e "${RED}Error: Demo-app contracts not found at $DEMO_APP_CONTRACTS${NC}"
+    echo -e "${YELLOW}Please deploy ERC-4337 infrastructure first:${NC}"
+    echo -e "  pnpm nx deploy-msa-factory demo-app"
+    echo -e "${YELLOW}Or run auth-server dev which deploys it automatically:${NC}"
+    echo -e "  pnpm nx dev auth-server"
+    exit 1
+fi
+
+echo -e "${GREEN}Found demo-app contracts at $DEMO_APP_CONTRACTS${NC}"
+
+# Deploy NFT Contract
+echo -e "${GREEN}Deploying ZeekNFTQuest...${NC}"
+BASE_TOKEN_URI="https://nft.zksync.dev/nft/metadata.json"
+
+cd "$CONTRACTS_DIR"
+
+DEPLOY_OUTPUT=$(forge create \
+    --rpc-url "$RPC_URL" \
+    --private-key "$ANVIL_ACCOUNT_0_KEY" \
+    --broadcast \
+    contracts/ZeekNFTQuest.sol:ZeekNFTQuest \
+    --constructor-args "$BASE_TOKEN_URI" 2>&1)
+
+NFT_ADDRESS=$(echo "$DEPLOY_OUTPUT" | grep "Deployed to:" | awk '{print $3}')
+
+echo -e "${GREEN}NFT Contract deployed at: $NFT_ADDRESS${NC}"
+
+# Read shared infrastructure from demo-app
+PAYMASTER=$(jq -r '.mockPaymaster // .testPaymaster' "$DEMO_APP_CONTRACTS")
+SESSION_VALIDATOR=$(jq -r '.sessionValidator' "$DEMO_APP_CONTRACTS")
+WEBAUTHN_VALIDATOR=$(jq -r '.webauthnValidator' "$DEMO_APP_CONTRACTS")
+ENTRY_POINT=$(jq -r '.entryPoint' "$DEMO_APP_CONTRACTS")
+BUNDLER_URL=$(jq -r '.bundlerUrl // "http://localhost:4337"' "$DEMO_APP_CONTRACTS")
+FACTORY=$(jq -r '.factory' "$DEMO_APP_CONTRACTS")
+EOA_VALIDATOR=$(jq -r '.eoaValidator' "$DEMO_APP_CONTRACTS")
+GUARDIAN_EXECUTOR=$(jq -r '.guardianExecutor' "$DEMO_APP_CONTRACTS")
+
+echo -e "${GREEN}Using shared ERC-4337 infrastructure from demo-app:${NC}"
+echo -e "  Paymaster: $PAYMASTER"
+echo -e "  Session Validator: $SESSION_VALIDATOR"
+echo -e "  Webauthn Validator: $WEBAUTHN_VALIDATOR"
+echo -e "  Entry Point: $ENTRY_POINT"
+echo -e "  Bundler URL: $BUNDLER_URL"
+
+# Write .env.local for Nuxt runtime config
+ENV_FILE="$PROJECT_ROOT/examples/nft-quest/.env.local"
+cat > "$ENV_FILE" << EOF
+NUXT_PUBLIC_CONTRACTS_NFT=$NFT_ADDRESS
+NUXT_PUBLIC_CONTRACTS_PAYMASTER=$PAYMASTER
+EOF
+
+echo -e "${GREEN}.env.local written to $ENV_FILE${NC}"
+
+# Write public/contracts.json for runtime access
+PUBLIC_DIR="$PROJECT_ROOT/examples/nft-quest/public"
+mkdir -p "$PUBLIC_DIR"
+CONTRACTS_JSON="$PUBLIC_DIR/contracts.json"
+
+cat > "$CONTRACTS_JSON" << EOF
+{
+  "rpcUrl": "$RPC_URL",
+  "chainId": 1337,
+  "entryPoint": "$ENTRY_POINT",
+  "bundlerUrl": "$BUNDLER_URL",
+  "factory": "$FACTORY",
+  "eoaValidator": "$EOA_VALIDATOR",
+  "sessionValidator": "$SESSION_VALIDATOR",
+  "webauthnValidator": "$WEBAUTHN_VALIDATOR",
+  "guardianExecutor": "$GUARDIAN_EXECUTOR",
+  "testPaymaster": "$PAYMASTER",
+  "mockPaymaster": "$PAYMASTER",
+  "nftContract": "$NFT_ADDRESS"
+}
+EOF
+
+echo -e "${GREEN}contracts.json written to $CONTRACTS_JSON${NC}"
+
+echo -e "${GREEN}✅ NFT-Quest contract deployment complete!${NC}"
+echo -e "   - NFT Contract: $NFT_ADDRESS"
+echo -e "   - Paymaster (shared): $PAYMASTER"
+echo -e "   - Session Validator (shared): $SESSION_VALIDATOR"

examples/nft-quest/project.json

@@ -2,6 +2,19 @@
   "name": "nft-quest",
   "tags": ["type:app"],
   "targets": {
+    "dev-standalone": {
+      "executor": "nx:run-commands",
+      "options": {
+        "cwd": "examples/nft-quest",
+        "commands": [
+          {
+            "command": "PORT=3006 pnpm nuxt dev",
+            "prefix": "NFT-Quest:"
+          }
+        ]
+      },
+      "dependsOn": ["nft-quest-contracts:deploy:nft-only"]
+    },
     "dev": {
       "executor": "nx:run-commands",
       "options": {
@@ -17,7 +30,7 @@
           }
         ]
       },
-      "dependsOn": ["nft-quest-contracts:deploy:local"]
+      "dependsOn": ["nft-quest-contracts:deploy:nft-only"]
     },
     "build": {
       "executor": "nx:run-commands",

examples/nft-quest/public/contracts.json

@@ -0,0 +1,14 @@
+{
+  "rpcUrl": "http://127.0.0.1:8545",
+  "chainId": 1337,
+  "entryPoint": "0x4337084D9E255Ff0702461CF8895CE9E3b5Ff108",
+  "bundlerUrl": "http://localhost:4337",
+  "factory": "0x0356cA3d0350858BCac4De0FC1dEa3Bc6e7c3e3a",
+  "eoaValidator": "0xDd72e46653662b0118A2743574467FAA582D633e",
+  "sessionValidator": "0xCaec08bfd740F1Ae4300b3ab62B757F99222244b",
+  "webauthnValidator": "0xd71301c72D03b483F74BA569ff1132af81079858",
+  "guardianExecutor": "0xD4c76bC6306657FE415Ee6B09Ea61cFA50573848",
+  "testPaymaster": "0x206C056fE7Bddb5cC54CcB0331bcf2058b2D5BA6",
+  "mockPaymaster": "0x206C056fE7Bddb5cC54CcB0331bcf2058b2D5BA6",
+  "nftContract": "0xFF06F4b2ef9F9D9B96238397Db82d5C445B5244f"
+}

packages/auth-server-api/.env.example

@@ -2,7 +2,7 @@
 PORT=3004
 
 # CORS Configuration (comma-separated origins)
-CORS_ORIGINS=http://localhost:3002,http://localhost:3003,http://localhost:3004,http://localhost:3005,http://localhost:3000
+CORS_ORIGINS=http://localhost:3000,http://localhost:3002,http://localhost:3003,http://localhost:3004,http://localhost:3005,http://localhost:3006
 
 # Deployer Configuration (Private key with funds for deployment gas)
 # For local development, use the Anvil rich account:

packages/auth-server-api/src/config.ts

@@ -32,7 +32,7 @@ try {
 // Environment schema with optional contract addresses (can fall back to contracts.json)
 const envSchema = z.object({
   PORT: z.string().default("3004"),
-  CORS_ORIGINS: z.string().default("http://localhost:3002,http://localhost:3003,http://localhost:3004,http://localhost:3005,http://localhost:3000"),
+  CORS_ORIGINS: z.string().default("http://localhost:3000,http://localhost:3002,http://localhost:3003,http://localhost:3004,http://localhost:3005,http://localhost:3006"),
   DEPLOYER_PRIVATE_KEY: z.string().default("0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"),
   RPC_URL: z.string().default("http://127.0.0.1:8545"),
   FACTORY_ADDRESS: z.string().optional(),

packages/auth-server/components/views/confirmation/RequestSession.vue

@@ -13,7 +13,11 @@
       size="sm"
     />
 
-    <div class="space-y-2 mt-2">
+    <!-- Only show session permissions for logged-in users (adding session to existing account) -->
+    <div
+      v-if="isLoggedIn"
+      class="space-y-2 mt-2"
+    >
       <div class="bg-neutral-975 rounded-[28px]">
         <div class="px-5 py-2 text-neutral-400">
           Permissions
@@ -33,6 +37,7 @@
       </div>
     </div>
     <SessionTokens
+      v-if="isLoggedIn"
       :onchain-actions-count="onchainActionsCount"
       :fetch-tokens-error="fetchTokensError"
       :tokens-loading="tokensLoading"
@@ -42,6 +47,25 @@
       class="mt-1"
     />
 
+    <!-- For new accounts, show a simple message -->
+    <div
+      v-if="!isLoggedIn"
+      class="space-y-2 mt-2"
+    >
+      <div class="bg-neutral-975 rounded-[28px]">
+        <div class="px-5 py-2 text-neutral-400">
+          Account Creation
+        </div>
+        <CommonLine class="text-neutral-100">
+          <div class="py-3 px-3">
+            <p class="text-sm text-neutral-300">
+              A new smart account will be created for you. You can add spending permissions later when needed.
+            </p>
+          </div>
+        </CommonLine>
+      </div>
+    </div>
+
     <div
       v-if="hasDangerousActions"
       class="mt-2 bg-neutral-975 rounded-[28px]"
@@ -278,23 +302,21 @@ const confirmConnection = async () => {
 
   try {
     if (!isLoggedIn.value) {
-      // create a new account with initial session data
-      // Ignore paymaster provided in params for standard connect to avoid validation failures
-      const accountData = await createAccount(sessionConfig.value, undefined);
+      // Just create the account - session will be created by the dapp separately
+      const accountData = await createAccount();
       if (!accountData) return;
+      // Login with the new account
       login({
         address: accountData.address,
         credentialId: accountData.credentialId,
       });
 
+      // Return account info without session - dapp will create session separately
       response = {
         result: constructReturn({
-          address: accountData!.address,
-          chainId: accountData!.chainId,
-          session: {
-            sessionConfig: accountData!.sessionConfig!,
-            sessionKey: accountData!.sessionKey!,
-          },
+          address: accountData.address,
+          chainId: accountData.chainId,
+          // No session in response - dapp needs to create it separately
           prividiumMode: runtimeConfig.public.prividiumMode,
           prividiumProxyUrl: runtimeConfig.public.prividium?.rpcUrl || "",
         }),

packages/auth-server/composables/useAccountCreate.ts

@@ -1,38 +1,23 @@
-import type { Address } from "viem";
 import { generatePrivateKey, privateKeyToAddress } from "viem/accounts";
-import type { SessionSpec } from "zksync-sso-4337/client";
-import { sessionSpecToJSON } from "zksync-sso-4337/client";
 
 export const useAccountCreate = (_chainId: MaybeRef<SupportedChainId>) => {
   const chainId = toRef(_chainId);
   const { registerPasskey } = usePasskeyRegister();
   const runtimeConfig = useRuntimeConfig();
   const { getPrividiumInstance } = usePrividiumAuthStore();
 
-  const { inProgress: registerInProgress, error: createAccountError, execute: createAccount } = useAsync(async (session?: Omit<SessionSpec, "signer">, paymaster?: Address) => {
+  const { inProgress: registerInProgress, error: createAccountError, execute: createAccount } = useAsync(async () => {
     const result = await registerPasskey();
     if (!result) {
       throw new Error("Failed to register passkey");
     }
     const { credentialPublicKey, credentialId } = result;
 
-    // TODO: Session support during deployment - to be implemented
-    // For now, sessions can be added after deployment
-    let sessionData: SessionSpec | undefined;
-    const sessionKey = generatePrivateKey();
-    const signer = privateKeyToAddress(sessionKey);
-    if (session) {
-      sessionData = {
-        ...session,
-        signer: signer,
-      };
-    }
-
     // EOA owner for initial deployment signing
     const ownerKey = generatePrivateKey();
     const ownerAddress = privateKeyToAddress(ownerKey);
 
-    // Call backend API to deploy account
+    // Call backend API to deploy account (without session - session will be created separately)
     const apiUrl = runtimeConfig.public.authServerApiUrl;
     if (!apiUrl) {
       throw new Error("Auth Server API URL is not configured");
@@ -43,10 +28,8 @@ export const useAccountCreate = (_chainId: MaybeRef<SupportedChainId>) => {
       credentialId,
       credentialPublicKey,
       originDomain: window.location.origin,
-      session: sessionData ? sessionSpecToJSON(sessionData) : undefined,
       userId: credentialId,
       eoaSigners: [ownerAddress],
-      paymaster,
     };
 
     // Build headers - include Prividium auth if in Prividium mode
@@ -64,13 +47,33 @@ export const useAccountCreate = (_chainId: MaybeRef<SupportedChainId>) => {
       }
     }
 
-    const response = await fetch(`${apiUrl}/api/deploy-account`, {
-      method: "POST",
-      headers,
-      body: JSON.stringify(requestBody),
-    });
+    let response;
+    try {
+      response = await fetch(`${apiUrl}/api/deploy-account`, {
+        method: "POST",
+        headers,
+        body: JSON.stringify(requestBody),
+      });
+    } catch (error) {
+      console.error("Failed to connect to auth-server API:", error);
+      throw new Error(
+        `Cannot connect to auth-server API at ${apiUrl}. Please ensure:\n`
+        + "1. The auth-server-api is running (pnpm nx dev auth-server-api)\n"
+        + "2. CORS is properly configured\n"
+        + "3. The API URL is correct\n\n"
+        + `Original error: ${error instanceof Error ? error.message : String(error)}`,
+      );
+    }
 
-    const data = await response.json();
+    let data;
+    try {
+      data = await response.json();
+    } catch (error) {
+      throw new Error(
+        `${error} from auth-server API (status ${response.status}). `
+        + "This may indicate a contract deployment mismatch or API error.",
+      );
+    }
 
     // Check for errors in response
     if (data.error) {
@@ -86,9 +89,6 @@ export const useAccountCreate = (_chainId: MaybeRef<SupportedChainId>) => {
     return {
       address,
       chainId: chainId.value,
-      sessionKey: session ? sessionKey : undefined,
-      signer,
-      sessionConfig: sessionData,
       credentialId,
       credentialPublicKey,
     };

packages/auth-server/project.json

@@ -15,7 +15,8 @@
       "executor": "nx:run-commands",
       "options": {
         "cwd": "packages/auth-server",
-        "command": "pnpm run copy:snarkjs && PORT=3002 nuxt dev"
+        "commands": ["pnpm run copy:snarkjs && PORT=3002 nuxt dev", "pnpm nx run auth-server-api:dev"],
+        "parallel": true
       },
       "dependsOn": ["^build"]
     },

packages/auth-server/stores/local-node.json

@@ -2,15 +2,15 @@
   "rpcUrl": "http://localhost:8545",
   "chainId": 1337,
   "deployer": "0xa0Ee7A142d267C1f36714E4a8F75612F20a79720",
-  "eoaValidator": "0xa9D2feB10194d940A70391dFb186A649A3d52106",
-  "sessionValidator": "0x3a8604019733D4Aab2AA7CBAdb9E06E1B072b1ed",
-  "webauthnValidator": "0x4738752455Fd18DFf349C69f3E5b7576250D634a",
-  "guardianExecutor": "0x1e085C7feA39368ca2A435fF96CAf1aE60176fB5",
-  "accountImplementation": "0xd1d08C9cb5Df546975c9C8EAF8BA93775Ae2E2dF",
-  "beacon": "0x85152fDf961A761399C1b77BC3213C6F361f4f52",
-  "factory": "0xa669dd8684305c677f0d5Cd95D1a2E465164d984",
-  "testPaymaster": "0x480ce59387443A9Bf266a4657f0E2AE1E6a7B771",
-  "mockPaymaster": "0x480ce59387443A9Bf266a4657f0E2AE1E6a7B771",
+  "eoaValidator": "0xDd72e46653662b0118A2743574467FAA582D633e",
+  "sessionValidator": "0xCaec08bfd740F1Ae4300b3ab62B757F99222244b",
+  "webauthnValidator": "0xd71301c72D03b483F74BA569ff1132af81079858",
+  "guardianExecutor": "0xD4c76bC6306657FE415Ee6B09Ea61cFA50573848",
+  "accountImplementation": "0xB69ae22EE1F1141Cb8Fd6d465CC0f8eB5813C615",
+  "beacon": "0x809eBD30a2357012E6cBaB8776682318568556c1",
+  "factory": "0x0356cA3d0350858BCac4De0FC1dEa3Bc6e7c3e3a",
+  "testPaymaster": "0x206C056fE7Bddb5cC54CcB0331bcf2058b2D5BA6",
+  "mockPaymaster": "0x206C056fE7Bddb5cC54CcB0331bcf2058b2D5BA6",
   "entryPoint": "0x4337084D9E255Ff0702461CF8895CE9E3b5Ff108",
   "bundlerUrl": "http://localhost:4337"
 }