Sync from opensea-devtools

Author: ryanio

.github/workflows/ci.yml

@@ -0,0 +1,21 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: .nvmrc
+      - run: npm install
+      - run: npm run build
+      - run: npm run lint
+      - run: npm run type-check
+      - run: npm test

.github/workflows/npm-publish-reusable.yml

@@ -0,0 +1,60 @@
+name: Publish npm package
+
+on:
+  workflow_call:
+    inputs:
+      build-before-publish:
+        description: Run build and test before publishing
+        type: boolean
+        default: true
+      stub-package-dir:
+        description: Path to stub package directory (e.g. packages/opensea-js-stub)
+        type: string
+        default: ""
+      node-version-file:
+        description: Path to node version file
+        type: string
+        default: .nvmrc
+    secrets:
+      OPENSEA_API_KEY:
+        required: false
+      ALCHEMY_API_KEY:
+        required: false
+
+jobs:
+  publish-npm:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: ${{ inputs.node-version-file }}
+          registry-url: https://registry.npmjs.org/
+
+      # Use npm install (not npm ci) because the package-lock.json may be
+      # out of sync after the sync-package workflow resolves workspace: protocols
+      # and updates dependencies. npm ci requires exact lockfile match.
+      #
+      # --legacy-peer-deps mirrors pnpm's permissive peer-dep behavior used in the
+      # monorepo. Without it, packages like api-types fail on openapi-typescript@^7
+      # which declares a strict `typescript@^5.x` peer while we ship typescript@^6.
+      - run: npm install --legacy-peer-deps
+
+      - if: ${{ inputs.build-before-publish }}
+        run: npm run build
+
+      - if: ${{ inputs.build-before-publish }}
+        run: npm test
+        env:
+          OPENSEA_API_KEY: ${{ secrets.OPENSEA_API_KEY }}
+          ALCHEMY_API_KEY: ${{ secrets.ALCHEMY_API_KEY }}
+
+      - run: npm publish --provenance --access public
+
+      - if: ${{ inputs.stub-package-dir != '' }}
+        run: npm publish --provenance --access public
+        working-directory: ${{ inputs.stub-package-dir }}
+        continue-on-error: true

.github/workflows/npm-publish.yml

@@ -0,0 +1,10 @@
+name: Node.js Package
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    uses: ./.github/workflows/npm-publish-reusable.yml
+    secrets: inherit

.nvmrc

@@ -0,0 +1 @@
+24.14.1

AGENTS.md

@@ -0,0 +1,66 @@
+# wallet-adapters — Agent Conventions
+
+Provider-agnostic wallet adapter library for signing and sending transactions across managed (Privy, Turnkey, Fireblocks) and local (private key) backends. Supports both viem and ethers.js via optional bridge utilities.
+
+## Quick Reference
+
+```bash
+cd packages/wallet-adapters
+pnpm install
+pnpm run build       # Build with tsup
+pnpm run test        # Run tests with Vitest
+pnpm run lint        # Lint with Biome
+pnpm run format      # Format with Biome
+pnpm run type-check  # TypeScript type checking
+```
+
+## Architecture
+
+| Path | Role |
+|------|------|
+| `src/index.ts` | Library entry point — public exports |
+| `src/types/index.ts` | Core interfaces: `WalletAdapter`, `TransactionRequest`, `WalletCapabilities` |
+| `src/adapters/privy.ts` | Privy server-side wallet API adapter |
+| `src/adapters/turnkey.ts` | Turnkey HSM-backed signing with P-256 stamp auth |
+| `src/adapters/fireblocks.ts` | Fireblocks enterprise MPC custody adapter |
+| `src/adapters/private-key.ts` | Raw private key adapter (dev/testing) |
+| `src/factory.ts` | `createWalletFromEnv()` — auto-detection from env vars |
+| `src/bridges/viem.ts` | Bridge: WalletAdapter → viem WalletClient |
+| `src/bridges/ethers.ts` | Bridge: WalletAdapter → ethers.js Signer |
+| `src/__tests__/` | Vitest test suite |
+
+## Design Principles
+
+1. **Minimal runtime dependencies.** Only `@noble/hashes` and `@noble/curves` for private key operations. Managed adapters (Privy, Turnkey, Fireblocks) use Web Crypto APIs for their auth cryptography.
+
+2. **Framework-agnostic core.** Adapters know nothing about viem or ethers.js. Bridge utilities (`./viem`, `./ethers`) are separate entry points with viem/ethers as optional peer dependencies.
+
+3. **Capabilities-based interface.** Each adapter declares its `WalletCapabilities` (signMessage, signTypedData, managedGas, managedNonce). Consumers check capabilities before calling optional methods.
+
+4. **Observability hooks.** All adapters support optional `onRequest` / `onResponse` callbacks for metrics, logging, and tracing.
+
+5. **TransactionRequest is extensible.** Optional fields (`gas`, `nonce`, `maxFeePerGas`, `maxPriorityFeePerGas`) let callers pass pre-estimated values to avoid redundant RPC calls.
+
+6. **Environment-based construction.** Each adapter has a `fromEnv()` static factory. `createWalletFromEnv()` auto-detects with priority: Privy > Fireblocks > Turnkey > PrivateKey.
+
+## Review Checklist
+
+When reviewing changes to this package, verify:
+
+1. **Interface backward compatibility.** The `WalletAdapter` interface is consumed by `@opensea/cli` and `@opensea/tool-sdk`. New optional fields are fine; removing or changing required fields is a breaking change.
+
+2. **Adapter parity.** All adapters must implement the full `WalletAdapter` interface and correctly declare their `capabilities`. Test coverage must verify both the happy path and error cases.
+
+3. **Security of key material.** Private keys, API secrets, and signing keys must never be logged, included in error messages, or exposed in stack traces.
+
+4. **Cryptographic correctness.** The Turnkey adapter uses P-256 ECDSA with DER-encoded signatures. The Fireblocks adapter uses RS256 (RSASSA-PKCS1-v1_5 with SHA-256) for JWT signing. The private-key adapter uses `@noble/curves/secp256k1` for ECDSA signing.
+
+5. **Bridge isolation.** viem and ethers bridges must remain in separate entry points (`./viem`, `./ethers`). They must not be imported by the core adapters.
+
+## Conventions
+
+- ESM-only (`"type": "module"`). Use `.js` extensions in import paths.
+- Biome for linting and formatting: double quotes, 2-space indent, trailing commas.
+- viem and ethers.js are optional peer dependencies — never import them from core adapter code.
+- Each adapter has a `fromEnv()` static factory and a constructor accepting a typed config object.
+- Environment variable names follow the pattern: `PROVIDER_FIELD` (e.g., `PRIVY_APP_ID`, `TURNKEY_API_PUBLIC_KEY`).

README.md

@@ -1,3 +1,145 @@
-# wallet-adapters
+# @opensea/wallet-adapters
 
-This repo is bootstrapping. Initial sync from opensea-devtools is in progress.
+Provider-agnostic wallet adapters for signing and sending transactions across managed and local backends.
+
+## Features
+
+- **Provider-agnostic interface** — unified `WalletAdapter` abstraction with capabilities declaration
+- **Managed providers** — Privy, Turnkey, Fireblocks (handle gas/nonce server-side)
+- **Local providers** — PrivateKey (handle gas/nonce client-side via RPC)
+- **Framework bridges** — optional adapters for viem and ethers.js
+- **Zero heavy dependencies** — core uses Web Crypto + `@noble/hashes` / `@noble/curves`
+- **Auto-detection** — `createWalletFromEnv()` picks the right provider from environment variables
+
+## Installation
+
+```bash
+npm install @opensea/wallet-adapters
+# or
+pnpm add @opensea/wallet-adapters
+```
+
+## Quick Start
+
+```ts
+import { createWalletFromEnv } from "@opensea/wallet-adapters"
+
+// Auto-detects provider from environment variables
+// Priority: Privy > Fireblocks > Turnkey > PrivateKey
+const wallet = createWalletFromEnv()
+
+const address = await wallet.getAddress()
+const result = await wallet.sendTransaction({
+  to: "0x...",
+  data: "0x...",
+  value: "0",
+  chainId: 8453,
+})
+console.log(`TX hash: ${result.hash}`)
+```
+
+## Adapters
+
+### Privy
+
+Server-side wallet via Privy's API. Handles gas estimation and nonce management.
+
+```ts
+import { PrivyAdapter } from "@opensea/wallet-adapters"
+
+const wallet = PrivyAdapter.fromEnv()
+// Requires: PRIVY_APP_ID, PRIVY_APP_SECRET, PRIVY_WALLET_ID
+```
+
+### Fireblocks
+
+Enterprise MPC custody via Fireblocks API.
+
+```ts
+import { FireblocksAdapter } from "@opensea/wallet-adapters"
+
+const wallet = FireblocksAdapter.fromEnv()
+// Requires: FIREBLOCKS_API_KEY, FIREBLOCKS_API_SECRET, FIREBLOCKS_VAULT_ID
+```
+
+### Turnkey
+
+HSM-backed signing with P-256 stamp authentication.
+
+```ts
+import { TurnkeyAdapter } from "@opensea/wallet-adapters"
+
+const wallet = TurnkeyAdapter.fromEnv()
+// Requires: TURNKEY_API_PUBLIC_KEY, TURNKEY_API_PRIVATE_KEY,
+//           TURNKEY_ORGANIZATION_ID, TURNKEY_WALLET_ADDRESS, TURNKEY_RPC_URL
+```
+
+### PrivateKey
+
+Local signing for development and testing.
+
+```ts
+import { PrivateKeyAdapter } from "@opensea/wallet-adapters"
+
+const wallet = PrivateKeyAdapter.fromEnv()
+// Requires: PRIVATE_KEY, RPC_URL
+```
+
+## Framework Bridges
+
+### viem
+
+```ts
+import { walletAdapterToViemClient } from "@opensea/wallet-adapters/viem"
+import { base } from "viem/chains"
+
+const client = walletAdapterToViemClient(wallet, base, "https://mainnet.base.org")
+// Use as a standard viem WalletClient
+```
+
+### ethers.js
+
+```ts
+import { walletAdapterToEthersSigner } from "@opensea/wallet-adapters/ethers"
+
+const signer = walletAdapterToEthersSigner(wallet, provider)
+// Use as a standard ethers.js Signer
+```
+
+## Capabilities
+
+Each adapter declares its capabilities so consumers can check before calling:
+
+```ts
+if (wallet.capabilities.signMessage) {
+  const sig = await wallet.signMessage({ message: "hello" })
+}
+
+if (wallet.capabilities.managedGas) {
+  // No need to estimate gas — the provider handles it
+}
+```
+
+| Capability | Privy | Fireblocks | Turnkey | PrivateKey |
+|------------|-------|------------|---------|------------|
+| `signMessage` | true | true | true | true |
+| `signTypedData` | true | true | true | true |
+| `managedGas` | true | true | false | false |
+| `managedNonce` | true | true | false | false |
+
+## Observability
+
+Attach hooks for tracing and monitoring:
+
+```ts
+wallet.onRequest = (method, params) => {
+  console.log(`→ ${method}`, params)
+}
+wallet.onResponse = (method, result, durationMs) => {
+  console.log(`← ${method} (${durationMs}ms)`, result)
+}
+```
+
+## License
+
+MIT

biome.json

@@ -0,0 +1,64 @@
+{
+  "$schema": "node_modules/@biomejs/biome/configuration_schema.json",
+  "files": {
+    "includes": [
+      "**/*.ts",
+      "**/*.js",
+      "**/*.json",
+      "!**/node_modules",
+      "!**/dist",
+      "!**/lib",
+      "!**/coverage",
+      "!**/.nyc_output",
+      "!packages/sdk/src/typechain",
+      "!**/typechain",
+      "!packages/api-types/src/generated.ts",
+      "!**/pnpm-lock.yaml",
+      "!**/package-lock.json"
+    ]
+  },
+  "formatter": {
+    "enabled": true,
+    "indentStyle": "space",
+    "indentWidth": 2,
+    "lineEnding": "lf",
+    "lineWidth": 80
+  },
+  "javascript": {
+    "formatter": {
+      "quoteStyle": "double",
+      "trailingCommas": "all",
+      "semicolons": "asNeeded",
+      "arrowParentheses": "asNeeded"
+    }
+  },
+  "linter": {
+    "enabled": true,
+    "rules": {
+      "recommended": true,
+      "suspicious": {
+        "noConsole": "off",
+        "noExplicitAny": "off"
+      },
+      "correctness": {
+        "noUnusedImports": "error"
+      },
+      "style": {
+        "noNonNullAssertion": "error",
+        "noUnusedTemplateLiteral": "off"
+      }
+    }
+  },
+  "overrides": [
+    {
+      "includes": ["**/*.test.ts", "**/*.spec.ts", "**/test/**"],
+      "linter": {
+        "rules": {
+          "style": {
+            "noNonNullAssertion": "off"
+          }
+        }
+      }
+    }
+  ]
+}