update (#24)

Author: truemagic-coder

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "sakit"
-version = "13.3.4"
+version = "13.3.5"
 description = "Solana Agent Kit"
 authors = ["Bevan Hunt <bevan@bevanhunt.com>"]
 license = "MIT"

sakit/privy_recurring.py

@@ -12,6 +12,7 @@
 from solana_agent import AutoTool, ToolRegistry
 from privy import AsyncPrivyAPI
 from privy.lib.authorization_signatures import get_authorization_signature
+from cryptography.hazmat.primitives import serialization
 from solders.keypair import Keypair  # type: ignore
 from solders.transaction import VersionedTransaction  # type: ignore
 from solders.message import to_bytes_versioned  # type: ignore
@@ -21,6 +22,60 @@
 logger = logging.getLogger(__name__)
 
 
+def _convert_key_to_pkcs8_pem(key_string: str) -> str:
+    """Convert a private key to PKCS#8 PEM format for the Privy SDK."""
+    private_key_string = key_string.replace("wallet-auth:", "")
+
+    # Try loading as PKCS#8 PEM format first
+    try:
+        private_key_pem = f"-----BEGIN PRIVATE KEY-----\n{private_key_string}\n-----END PRIVATE KEY-----"
+        serialization.load_pem_private_key(
+            private_key_pem.encode("utf-8"), password=None
+        )
+        return private_key_string
+    except (ValueError, TypeError):
+        pass
+
+    # Try as EC PRIVATE KEY (SEC1) format
+    try:
+        ec_key_pem = f"-----BEGIN EC PRIVATE KEY-----\n{private_key_string}\n-----END EC PRIVATE KEY-----"
+        private_key = serialization.load_pem_private_key(
+            ec_key_pem.encode("utf-8"), password=None
+        )
+        pkcs8_bytes = private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption(),
+        )
+        pkcs8_pem = pkcs8_bytes.decode("utf-8")
+        lines = pkcs8_pem.strip().split("\n")
+        return "".join(lines[1:-1])
+    except (ValueError, TypeError):
+        pass
+
+    # Try loading as raw DER bytes
+    try:
+        der_bytes = base64.b64decode(private_key_string)
+        try:
+            private_key = serialization.load_der_private_key(der_bytes, password=None)
+        except (ValueError, TypeError):
+            from cryptography.hazmat.primitives.asymmetric import ec
+
+            private_key = ec.derive_private_key(
+                int.from_bytes(der_bytes, "big"), ec.SECP256R1()
+            )
+        pkcs8_bytes = private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption(),
+        )
+        pkcs8_pem = pkcs8_bytes.decode("utf-8")
+        lines = pkcs8_pem.strip().split("\n")
+        return "".join(lines[1:-1])
+    except (ValueError, TypeError) as e:
+        raise ValueError(f"Could not load private key: {e}")
+
+
 async def _get_privy_embedded_wallet(
     privy_client: AsyncPrivyAPI, user_id: str
 ) -> Optional[Dict[str, str]]:
@@ -82,6 +137,9 @@ async def _privy_sign_transaction(
 ) -> Optional[str]:
     """Sign a Solana transaction via Privy using the official SDK."""
     try:
+        # Convert the key to PKCS#8 format expected by the SDK
+        pkcs8_key = _convert_key_to_pkcs8_pem(signing_key)
+
         url = f"https://api.privy.io/v1/wallets/{wallet_id}/rpc"
         body = {
             "method": "signTransaction",
@@ -93,7 +151,7 @@ async def _privy_sign_transaction(
             body=body,
             method="POST",
             app_id=privy_client.app_id,
-            private_key=signing_key,
+            private_key=pkcs8_key,
         )
 
         result = await privy_client.wallets.rpc(

sakit/privy_transfer.py

@@ -4,6 +4,7 @@
 from solana_agent import AutoTool, ToolRegistry
 from privy import AsyncPrivyAPI
 from privy.lib.authorization_signatures import get_authorization_signature
+from cryptography.hazmat.primitives import serialization
 from sakit.utils.wallet import SolanaWalletClient
 from sakit.utils.transfer import TokenTransferManager
 
@@ -14,6 +15,60 @@
 TOKEN_2022_PROGRAM_ID = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb"
 
 
+def _convert_key_to_pkcs8_pem(key_string: str) -> str:
+    """Convert a private key to PKCS#8 PEM format for the Privy SDK."""
+    private_key_string = key_string.replace("wallet-auth:", "")
+
+    # Try loading as PKCS#8 PEM format first
+    try:
+        private_key_pem = f"-----BEGIN PRIVATE KEY-----\n{private_key_string}\n-----END PRIVATE KEY-----"
+        serialization.load_pem_private_key(
+            private_key_pem.encode("utf-8"), password=None
+        )
+        return private_key_string
+    except (ValueError, TypeError):
+        pass
+
+    # Try as EC PRIVATE KEY (SEC1) format
+    try:
+        ec_key_pem = f"-----BEGIN EC PRIVATE KEY-----\n{private_key_string}\n-----END EC PRIVATE KEY-----"
+        private_key = serialization.load_pem_private_key(
+            ec_key_pem.encode("utf-8"), password=None
+        )
+        pkcs8_bytes = private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption(),
+        )
+        pkcs8_pem = pkcs8_bytes.decode("utf-8")
+        lines = pkcs8_pem.strip().split("\n")
+        return "".join(lines[1:-1])
+    except (ValueError, TypeError):
+        pass
+
+    # Try loading as raw DER bytes
+    try:
+        der_bytes = base64.b64decode(private_key_string)
+        try:
+            private_key = serialization.load_der_private_key(der_bytes, password=None)
+        except (ValueError, TypeError):
+            from cryptography.hazmat.primitives.asymmetric import ec
+
+            private_key = ec.derive_private_key(
+                int.from_bytes(der_bytes, "big"), ec.SECP256R1()
+            )
+        pkcs8_bytes = private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption(),
+        )
+        pkcs8_pem = pkcs8_bytes.decode("utf-8")
+        lines = pkcs8_pem.strip().split("\n")
+        return "".join(lines[1:-1])
+    except (ValueError, TypeError) as e:
+        raise ValueError(f"Could not load private key: {e}")
+
+
 async def get_privy_embedded_wallet(
     user_id: str, privy_client: AsyncPrivyAPI
 ) -> Optional[Dict[str, str]]:
@@ -65,25 +120,26 @@ async def privy_sign_and_send(
 ) -> Dict[str, Any]:
     """Sign and send a transaction using Privy SDK."""
     try:
+        # Convert key to PKCS#8 PEM format for SDK compatibility
+        pem_key = _convert_key_to_pkcs8_pem(privy_auth_key)
+
         # Generate authorization signature using SDK
         url = f"https://api.privy.io/v1/wallets/{wallet_id}/rpc"
         body = {
             "method": "signAndSendTransaction",
-            "caip2": "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",
             "params": {"transaction": encoded_tx, "encoding": "base64"},
         }
         auth_signature = get_authorization_signature(
             url=url,
             body=body,
             privy_app_id=privy_client.app_id,
-            privy_authorization_key=privy_auth_key,
+            privy_authorization_key=pem_key,
         )
 
-        # Use SDK's wallets.rpc method with caip2 for signAndSendTransaction
+        # Use SDK's wallets.rpc method for signAndSendTransaction
         result = await privy_client.wallets.rpc(
             wallet_id=wallet_id,
             method="signAndSendTransaction",
-            caip2="solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",
             params={"transaction": encoded_tx, "encoding": "base64"},
             privy_authorization_signature=auth_signature,
         )

sakit/privy_trigger.py

@@ -12,6 +12,7 @@
 from solana_agent import AutoTool, ToolRegistry
 from privy import AsyncPrivyAPI
 from privy.lib.authorization_signatures import get_authorization_signature
+from cryptography.hazmat.primitives import serialization
 from solders.keypair import Keypair  # type: ignore
 from solders.transaction import VersionedTransaction  # type: ignore
 from solders.message import to_bytes_versioned  # type: ignore
@@ -21,6 +22,60 @@
 logger = logging.getLogger(__name__)
 
 
+def _convert_key_to_pkcs8_pem(key_string: str) -> str:
+    """Convert a private key to PKCS#8 PEM format for the Privy SDK."""
+    private_key_string = key_string.replace("wallet-auth:", "")
+
+    # Try loading as PKCS#8 PEM format first
+    try:
+        private_key_pem = f"-----BEGIN PRIVATE KEY-----\n{private_key_string}\n-----END PRIVATE KEY-----"
+        serialization.load_pem_private_key(
+            private_key_pem.encode("utf-8"), password=None
+        )
+        return private_key_string
+    except (ValueError, TypeError):
+        pass
+
+    # Try as EC PRIVATE KEY (SEC1) format
+    try:
+        ec_key_pem = f"-----BEGIN EC PRIVATE KEY-----\n{private_key_string}\n-----END EC PRIVATE KEY-----"
+        private_key = serialization.load_pem_private_key(
+            ec_key_pem.encode("utf-8"), password=None
+        )
+        pkcs8_bytes = private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption(),
+        )
+        pkcs8_pem = pkcs8_bytes.decode("utf-8")
+        lines = pkcs8_pem.strip().split("\n")
+        return "".join(lines[1:-1])
+    except (ValueError, TypeError):
+        pass
+
+    # Try loading as raw DER bytes
+    try:
+        der_bytes = base64.b64decode(private_key_string)
+        try:
+            private_key = serialization.load_der_private_key(der_bytes, password=None)
+        except (ValueError, TypeError):
+            from cryptography.hazmat.primitives.asymmetric import ec
+
+            private_key = ec.derive_private_key(
+                int.from_bytes(der_bytes, "big"), ec.SECP256R1()
+            )
+        pkcs8_bytes = private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption(),
+        )
+        pkcs8_pem = pkcs8_bytes.decode("utf-8")
+        lines = pkcs8_pem.strip().split("\n")
+        return "".join(lines[1:-1])
+    except (ValueError, TypeError) as e:
+        raise ValueError(f"Could not load private key: {e}")
+
+
 async def _get_privy_embedded_wallet(
     privy_client: AsyncPrivyAPI, user_id: str
 ) -> Optional[Dict[str, str]]:
@@ -82,6 +137,9 @@ async def _privy_sign_transaction(
 ) -> Optional[str]:
     """Sign a Solana transaction via Privy using the official SDK."""
     try:
+        # Convert the key to PKCS#8 format expected by the SDK
+        pkcs8_key = _convert_key_to_pkcs8_pem(signing_key)
+
         url = f"https://api.privy.io/v1/wallets/{wallet_id}/rpc"
         body = {
             "method": "signTransaction",
@@ -93,7 +151,7 @@ async def _privy_sign_transaction(
             body=body,
             method="POST",
             app_id=privy_client.app_id,
-            private_key=signing_key,
+            private_key=pkcs8_key,
         )
 
         result = await privy_client.wallets.rpc(

sakit/privy_ultra.py

@@ -12,6 +12,7 @@
 from solana_agent import AutoTool, ToolRegistry
 from privy import AsyncPrivyAPI
 from privy.lib.authorization_signatures import get_authorization_signature
+from cryptography.hazmat.primitives import serialization
 from solders.keypair import Keypair
 from solders.transaction import VersionedTransaction
 from solders.message import to_bytes_versioned
@@ -21,6 +22,81 @@
 logger = logging.getLogger(__name__)
 
 
+def convert_key_to_pkcs8_pem(key_string: str) -> str:
+    """Convert a private key to PKCS#8 PEM format for the Privy SDK.
+
+    The SDK expects keys in PKCS#8 PEM format (-----BEGIN PRIVATE KEY-----).
+    This function handles keys in various formats:
+    - Already in PKCS#8 PEM base64
+    - SEC1 EC format (-----BEGIN EC PRIVATE KEY-----)
+    - Raw DER bytes (PKCS#8 or SEC1)
+
+    Returns the base64 content (without headers) in PKCS#8 format.
+    """
+    # Strip wallet-auth: prefix if present
+    private_key_string = key_string.replace("wallet-auth:", "")
+
+    # Try loading as PKCS#8 PEM format first
+    try:
+        private_key_pem = f"-----BEGIN PRIVATE KEY-----\n{private_key_string}\n-----END PRIVATE KEY-----"
+        private_key = serialization.load_pem_private_key(
+            private_key_pem.encode("utf-8"), password=None
+        )
+        # Already in correct format, return as-is
+        return private_key_string
+    except (ValueError, TypeError):
+        pass
+
+    # Try as EC PRIVATE KEY (SEC1) format
+    try:
+        ec_key_pem = f"-----BEGIN EC PRIVATE KEY-----\n{private_key_string}\n-----END EC PRIVATE KEY-----"
+        private_key = serialization.load_pem_private_key(
+            ec_key_pem.encode("utf-8"), password=None
+        )
+        # Convert to PKCS#8 format
+        pkcs8_bytes = private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption(),
+        )
+        # Extract base64 content (remove headers and newlines)
+        pkcs8_pem = pkcs8_bytes.decode("utf-8")
+        lines = pkcs8_pem.strip().split("\n")
+        base64_content = "".join(lines[1:-1])
+        return base64_content
+    except (ValueError, TypeError):
+        pass
+
+    # Try loading as raw DER bytes
+    try:
+        der_bytes = base64.b64decode(private_key_string)
+        # Try PKCS#8 DER
+        try:
+            private_key = serialization.load_der_private_key(der_bytes, password=None)
+        except (ValueError, TypeError):
+            # Try SEC1 DER
+            from cryptography.hazmat.primitives.asymmetric import ec
+
+            private_key = ec.derive_private_key(
+                int.from_bytes(der_bytes, "big"), ec.SECP256R1()
+            )
+        # Convert to PKCS#8 PEM format
+        pkcs8_bytes = private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption(),
+        )
+        pkcs8_pem = pkcs8_bytes.decode("utf-8")
+        lines = pkcs8_pem.strip().split("\n")
+        base64_content = "".join(lines[1:-1])
+        return base64_content
+    except (ValueError, TypeError) as e:
+        raise ValueError(
+            f"Could not load private key. Expected base64-encoded PKCS#8 or SEC1 format. "
+            f"Generate with: openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256. Error: {e}"
+        )
+
+
 async def get_privy_embedded_wallet(
     privy_client: AsyncPrivyAPI, user_id: str
 ) -> Optional[Dict[str, str]]:
@@ -116,6 +192,9 @@ async def privy_sign_transaction(
     Uses the wallets.rpc method with method="signTransaction" for Solana.
     The SDK handles authorization signature generation automatically when provided.
     """
+    # Convert the key to PKCS#8 format expected by the SDK
+    pkcs8_key = convert_key_to_pkcs8_pem(signing_key)
+
     # Generate the authorization signature using the SDK's utility
     url = f"https://api.privy.io/v1/wallets/{wallet_id}/rpc"
     body = {
@@ -129,7 +208,7 @@ async def privy_sign_transaction(
         body=body,
         method="POST",
         app_id=privy_client.app_id,
-        private_key=signing_key,
+        private_key=pkcs8_key,
     )
 
     # Call the SDK's rpc method for Solana signTransaction