[codex] fix createVault L1 signing (#22)

* fix createVault L1 signing

* docs clarify L1 vault and subaccount actions

Author: guibvieira

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+- Fix the `createVault` signing mode back to Hyperliquid L1 and document the failed user-signed experiment. Evidence: collected user-signed `HyperliquidTransaction:CreateVault` signatures recovered to their listed signers locally, but recovered to different addresses under the SDK L1 `Exchange`/`Agent` digest and Hyperliquid returned `Invalid multi-sig inner signer`; nktkas/hyperliquid marks `createVault` as `Signing: L1 Action` and executes it through `executeL1Action`, while its signing docs expose separate `signMultiSigL1` and `signMultiSigUserSigned` paths. Resources: https://github.com/nktkas/hyperliquid/blob/main/src/api/exchange/_methods/createVault.ts, https://jsr.io/%40nktkas/hyperliquid/doc/signing, https://github.com/nktkas/hyperliquid/blob/main/docs/signing.md (2026-06-21).
+- Record the failed browser-wallet test for SDK-correct multisig `createVault`: after switching local `createVault` signing back to the SDK L1 `Exchange`/`Agent` payload, Rabby rejected `eth_signTypedData_v4` with `chainId should be same as current chainId | -32602`. Do not retry fake chain/network switching or ask users to add chain `1337`; that was already tested and is not acceptable. The confirmed blocker is Rabby's chain-id validation for the documented Hyperliquid L1 typed-data domain, not JSON body shape. Zero-cost API probe with SDK-shaped dummy signatures returned HTTP 200 `Unable to recover signer`, proving the request shape reaches signature recovery (2026-06-21).
+- Record the validated agent-wallet route for `createVault`: a zero-cost probe signed SDK-correct single-agent L1 `createVault` with a throwaway local key and Hyperliquid returned HTTP 200 `User or API Wallet ... does not exist`, proving the server recovered the agent signer and accepted the L1 createVault request shape up to API-wallet authorization. Next viable path is to approve a generated agent wallet through the existing multisig `approveAgent` user-signed flow, verify it with a no-cost L1 action such as `noop`, then submit `createVault` signed by that approved agent. This does not expose multisig signer keys, but the agent key is sensitive and revocable (2026-06-21).
+- Record the single-EOA `createVault` signature validation: using a disposable funded-under-minimum account, SDK-correct L1 `createVault` signing returned HTTP 200 `Insufficient balance to create vault`, proving the L1 createVault signature/body construction is accepted by Hyperliquid up to the expected funding check. This confirms remaining failures are multisig browser-signing/authorization path issues, not the base createVault action schema (2026-06-21).
 - Add vault leader L1 actions `createVault`, `vaultModify`, `vaultDistribute` so a multisig can create and operate a Hyperliquid native vault end-to-end (2026-06-17).
 - Add WalletConnect support so signers can pair mobile wallets via QR (2026-04-27).
 - Add gitleaks-based secret scanning: server-side via GitHub Action and local via husky pre-commit hook (2026-04-27).

CLAUDE.md

@@ -135,6 +135,14 @@ Reusing or replaying a nonce lower than the last accepted one returns `"Invalid
 
 Rabby (and MetaMask internally via `@metamask/eth-sig-util`) computes a different domain separator when `EIP712Domain` is omitted from the `types` object. Always include it explicitly in both inner and outer `eth_signTypedData_v4` calls.
 
+**createVault is L1, not user-signed**
+
+`createVault` must stay in the Hyperliquid L1 `Exchange` / `Agent` signing family. The nktkas SDK marks it as `Signing: L1 Action` and calls `executeL1Action`. A user-signed `HyperliquidTransaction:CreateVault` experiment was tested: browser wallets signed it and local recovery matched, but Hyperliquid rejected the final submit with `"Invalid multi-sig inner signer"` because the signatures covered the wrong digest. See `docs/hyperliquid-signing.md` before changing any action's `signingMode`.
+
+**Do not add fake chain 1337 to wallets**
+
+The L1 signing domain uses EIP-712 `chainId: 1337` as part of Hyperliquid's exchange-action signing scheme. This is not an RPC chain this app should add to Rabby or MetaMask. Rabby was tested against the SDK-correct `Exchange` / `Agent` payload and rejected it with `"chainId should be same as current chainId"`. Do not repeat fake-network switching. For wallets that cannot sign the direct L1 multisig payload, use an approved API wallet / agent path or another provider that signs the SDK-correct payload.
+
 ## Pull requests
 
 - Pull request description must have sections Why (the rational of change), Lessons learnt (memory for future agents) and Summary (what was changed). No test plan or verification section.

README.md

@@ -65,6 +65,16 @@ Open Hyperliquid Multisigner supports both sides of this flow:
 - `Withdraw`, `USD Send`, `Spot Send`, `USD Class Transfer`, `Token Delegate`, `Convert to MultiSig` — the fund-moving actions that always require the full multisig quorum
 - L1 actions (`Place Order`, `Cancel Order`, `Vault Transfer`, `Sub-Account Transfer`, etc.) — signable either by the multisig quorum or, once delegation is set up, by the approved agent directly
 
+`Create Vault` is also an L1 action in the Hyperliquid protocol. It must use
+the same `Exchange` / `Agent` signing family as orders and vault transfers, not
+the user-signed `HyperliquidTransaction:*` family used by `Approve Agent`.
+Browser wallets may still sign an invented user-signed `Create Vault` payload,
+but Hyperliquid rejects those signatures as `Invalid multi-sig inner signer`.
+Vault deposits/withdrawals (`Vault Transfer`) and sub-account transfers are in
+that same L1 family.
+See [docs/hyperliquid-signing.md](docs/hyperliquid-signing.md) before changing
+any action's signing mode.
+
 For the canonical protocol reference, see the Hyperliquid documentation on [nonces and API wallets](https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api/nonces-and-api-wallets).
 
 # How to create Hyperliquid native multisignature wallet

docs/hyperliquid-signing.md

@@ -0,0 +1,117 @@
+# Hyperliquid signing modes
+
+This document records the signing-mode decisions for this app. Do not change
+an action from L1 to user-signed, or the reverse, without checking the SDK source
+and repeating the relevant recovery/API probe.
+
+## Two signing modes
+
+Hyperliquid has two distinct signing families:
+
+- **User-signed EIP-712**: actions such as `approveAgent`, `usdSend`,
+  `spotSend`, `withdraw`, `usdClassTransfer`, `approveBuilderFee`,
+  `tokenDelegate`, `convertToMultiSigUser`, and `sendAsset`. These use the
+  `HyperliquidSignTransaction` domain and an action-specific
+  `HyperliquidTransaction:*` primary type.
+- **L1 actions**: actions such as `order`, `cancel`, `vaultTransfer`,
+  `createVault`, `vaultModify`, `vaultDistribute`, `subAccountTransfer`,
+  `subAccountSpotTransfer`, and `createSubAccount`. These are hashed with the
+  Hyperliquid action hash and signed as `Exchange` / `Agent` typed data.
+
+`L1` here means Hyperliquid's exchange action signing scheme, not an Ethereum
+L1 RPC transaction. Do not add a fake chain 1337 network to a browser wallet.
+
+## Vault and sub-account operations
+
+Keep these actions in the L1 signing family:
+
+- `vaultTransfer`: deposit USDC into a vault or withdraw USDC from a vault.
+- `vaultModify`: change vault settings.
+- `vaultDistribute`: distribute vault funds back to depositors.
+- `subAccountTransfer`: move USDC to or from a sub-account.
+- `subAccountSpotTransfer`: move spot tokens to or from a sub-account.
+- `createSubAccount`: create a new named sub-account.
+
+These actions are operational Hyperliquid exchange actions. They are not the
+same user-signed family as `usdSend`, `spotSend`, `withdraw`, or
+`approveAgent`. Browser-wallet success against a locally invented
+`HyperliquidTransaction:*` schema is not evidence that Hyperliquid will accept
+the submit.
+
+## createVault decision
+
+`createVault` is an L1 action.
+
+References:
+
+- nktkas TypeScript SDK `createVault.ts` marks `createVault` as
+  `Signing: L1 Action` and calls `executeL1Action`.
+  https://github.com/nktkas/hyperliquid/blob/main/src/api/exchange/_methods/createVault.ts
+- The same SDK marks `approveAgent` as `Signing: User-Signed EIP-712` and calls
+  `executeUserSignedAction`.
+  https://github.com/nktkas/hyperliquid/blob/main/src/api/exchange/_methods/approveAgent.ts
+- The same SDK marks `vaultTransfer` as `Signing: L1 Action`.
+  https://github.com/nktkas/hyperliquid/blob/main/src/api/exchange/_methods/vaultTransfer.ts
+- Hyperliquid documents API wallets/agents as keys approved to sign on behalf
+  of the master account.
+  https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api/nonces-and-api-wallets
+
+## createVault test history
+
+The user-signed `createVault` experiment was wrong:
+
+- Browser wallets signed the local user-signed payload successfully.
+- Local recovery matched the listed signers.
+- Hyperliquid rejected the final multisig submit with
+  `Invalid multi-sig inner signer`.
+- Recovering those signatures against the SDK L1 digest returned different
+  addresses. They were valid signatures over the wrong digest.
+
+The SDK-correct direct multisig L1 browser path was also tested:
+
+- The exact SDK inner payload was captured:
+  `domain.name = Exchange`, `domain.chainId = 1337`,
+  `primaryType = Agent`.
+- Rabby rejected it before showing a useful signing path with:
+  `chainId should be same as current chainId | -32602`.
+- Do not retry fake chain switching or ask users to add chain 1337.
+
+The base single-EOA L1 createVault path was validated:
+
+- A disposable underfunded EOA signed SDK-correct L1 `createVault`.
+- Hyperliquid returned `Insufficient balance to create vault`.
+- Mutating the action after signing, or mutating the signature, returned
+  recovered-signer errors instead of the balance error. This proves the
+  insufficient-balance response happens after valid signer recovery.
+
+The agent-wallet path was partially validated:
+
+- A throwaway unapproved agent key signed SDK-correct single-agent L1
+  `createVault`.
+- Hyperliquid returned `User or API Wallet ... does not exist`, proving the
+  server recovered the signer and reached API-wallet authorisation.
+- The viable next path for browser multisigs that cannot sign `Exchange` /
+  `Agent` directly is:
+  1. Approve a generated agent wallet through multisig `approveAgent`.
+  2. Verify the agent with a no-cost L1 action such as `noop`.
+  3. Submit `createVault` signed by that approved agent.
+
+The agent wallet is a separate revocable API key. It is not a multisig signer
+private key, and it should be stored and rotated like any other trading agent
+key.
+
+## Action classification checklist
+
+Before adding a new action:
+
+1. Check the nktkas SDK method source for `Signing: L1 Action` or
+   `Signing: User-Signed EIP-712`.
+2. Check whether the SDK method calls `executeL1Action` or
+   `executeUserSignedAction`.
+3. If it is L1, ensure the action object is canonical and does not include
+   user-signed fields such as `signatureChainId` or `hyperliquidChain`.
+4. If it is user-signed, ensure the action includes the SDK's user-signed
+   fields and the correct action-specific EIP-712 primary type.
+5. For multisig submit, keep the outer `SendMultiSig` signature path unchanged:
+   trim inner signature `r`/`s`, use the same nonce as the inner action, and
+   commit to the same `outerSigner` in every inner signature.

src/lib/eip712.ts

@@ -145,6 +145,9 @@ export const ACTION_REGISTRY: Record<ActionType, ActionDef> = {
   },
 
   // ==== L1 ACTIONS (phantom agent pattern) ====
+  // These are Hyperliquid exchange actions, not user-signed wallet-transfer
+  // actions. Keep vault funding/operations, sub-account operations, and orders
+  // in this section unless SDK source says the specific method is user-signed.
 
   vaultTransfer: {
     type: 'vaultTransfer',
@@ -171,8 +174,10 @@ export const ACTION_REGISTRY: Record<ActionType, ActionDef> = {
     label: 'Create Vault',
     description:
       'Create a new Hyperliquid vault. The signing multisig becomes the vault leader. Minimum 100 USDC initial deposit.',
-    signingMode: 'user-signed',
-    primaryType: 'HyperliquidTransaction:CreateVault',
+    // Hyperliquid SDK marks createVault as "Signing: L1 Action".
+    // Do not move this to user-signed: browser wallets can sign that invented schema,
+    // but Hyperliquid rejects the submit with "Invalid multi-sig inner signer".
+    signingMode: 'l1',
     nonceField: 'nonce',
     fields: [
       {