Support IAW auth tokens for EOA signing

Cargo.toml

@@ -1,3 +1,3 @@
 [workspace]
-members = ["aa-core", "core", "executors", "server", "thirdweb-core", "twmq"]
+members = ["aa-core", "core", "executors", "server", "thirdweb-core", "twmq", "types-core"]
 resolver = "2"

aa-core/Cargo.toml

@@ -7,6 +7,7 @@ edition = "2024"
 alloy = { version = "1.0.8", features = ["serde"] }
 tokio = "1.44.2"
 engine-core = { path = "../core" }
+thirdweb-core = { path = "../thirdweb-core" }
 vault-types = { version = "0.1.0", git = "ssh://[email protected]/thirdweb-dev/vault.git", branch = "main" }
 vault-sdk = { version = "0.1.0", git = "ssh://[email protected]/thirdweb-dev/vault.git", branch = "main" }
 serde = "1.0.219"

aa-core/src/userop/builder.rs

@@ -11,8 +11,9 @@ use engine_core::{
     credentials::SigningCredential,
     error::{AlloyRpcErrorToEngineError, EngineError},
     execution_options::aa::{EntrypointAndFactoryDetails, EntrypointVersion},
-    userop::{UserOpSigner, UserOpSignerParams, UserOpVersion},
+    userop::{UserOpSigner, UserOpSignerParams},
 };
+use thirdweb_core::iaw::UserOpVersion;
 
 pub struct UserOpBuilderConfig<'a, C: Chain> {
     pub account_address: Address,

core/Cargo.toml

@@ -16,6 +16,7 @@ tracing = "0.1.41"
 async-nats = "0.40.0"
 twmq = { version = "0.1.0", path = "../twmq" }
 thirdweb-core = { version = "0.1.0", path = "../thirdweb-core" }
+types-core = { path = "../types-core" }
 uuid = { version = "1.17.0", features = ["v4"] }
 utoipa = { version = "5.4.0", features = ["preserve_order"] }
 serde_with = "3.13.0"

core/src/credentials.rs

@@ -1,7 +1,13 @@
 use serde::{Deserialize, Serialize};
+use thirdweb_core::auth::ThirdwebAuth;
+use thirdweb_core::iaw::AuthToken;
 use vault_types::enclave::auth::Auth;
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub enum SigningCredential {
     Vault(Auth),
+    Iaw { 
+        auth_token: AuthToken, 
+        thirdweb_auth: ThirdwebAuth 
+    },
 }

core/src/error.rs

@@ -8,6 +8,7 @@ use alloy::{
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use thirdweb_core::error::ThirdwebError;
+
 use thiserror::Error;
 use twmq::error::TwmqError;
 
@@ -206,6 +207,11 @@ pub enum EngineError {
     #[serde(rename_all = "camelCase")]
     VaultError { message: String },
 
+    #[schema(title = "Engine IAW Service Error")]
+    #[error("Error interaction with IAW service: {message}")]
+    #[serde(rename_all = "camelCase")]
+    IawError { message: String },
+
     #[schema(title = "RPC Configuration Error")]
     #[error("Bad RPC configuration: {message}")]
     RpcConfigError { message: String },
@@ -456,3 +462,11 @@ impl From<TwmqError> for EngineError {
         }
     }
 }
+
+impl From<thirdweb_core::iaw::IAWError> for EngineError {
+    fn from(error: thirdweb_core::iaw::IAWError) -> Self {
+        EngineError::IawError {
+            message: error.to_string(),
+        }
+    }
+}

core/src/rpc_clients/bundler.rs

@@ -6,7 +6,7 @@ use alloy::transports::{IntoBoxTransport, TransportResult};
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 
-use crate::userop::UserOpVersion;
+use types_core::UserOpVersion;
 
 // Gas buffer added for managed account factories (matches TypeScript)
 pub const MANAGED_ACCOUNT_GAS_BUFFER: U256 = U256::from_limbs([21_000, 0, 0, 0]);

core/src/signer.rs

@@ -5,6 +5,7 @@ use alloy::{
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use serde_with::{DisplayFromStr, PickFirst, serde_as};
+use thirdweb_core::iaw::IAWClient;
 use vault_sdk::VaultClient;
 use vault_types::enclave::encrypted::eoa::MessageFormat;
 
@@ -164,12 +165,13 @@ pub trait AccountSigner {
 #[derive(Clone)]
 pub struct EoaSigner {
     pub vault_client: VaultClient,
+    pub iaw_client: IAWClient,
 }
 
 impl EoaSigner {
     /// Create a new EOA signer
-    pub fn new(vault_client: VaultClient) -> Self {
-        Self { vault_client }
+    pub fn new(vault_client: VaultClient, iaw_client: IAWClient) -> Self {
+        Self { vault_client, iaw_client }
     }
 }
 
@@ -196,12 +198,37 @@ impl AccountSigner for EoaSigner {
                     )
                     .await
                     .map_err(|e| {
-                        tracing::error!("Error signing message with EOA: {:?}", e);
+                        tracing::error!("Error signing message with EOA (Vault): {:?}", e);
                         e
                     })?;
 
                 Ok(vault_result.signature)
             }
+            SigningCredential::Iaw { auth_token, thirdweb_auth } => {
+                // Convert MessageFormat to IAW MessageFormat
+                let iaw_format = match format {
+                    MessageFormat::Text => thirdweb_core::iaw::MessageFormat::Text,
+                    MessageFormat::Hex => thirdweb_core::iaw::MessageFormat::Hex,
+                };
+
+                let iaw_result = self
+                    .iaw_client
+                    .sign_message(
+                        auth_token,
+                        thirdweb_auth,
+                        message.to_string(),
+                        options.from,
+                        options.chain_id,
+                        Some(iaw_format),
+                    )
+                    .await
+                    .map_err(|e| {
+                        tracing::error!("Error signing message with EOA (IAW): {:?}", e);
+                        EngineError::from(e)
+                    })?;
+
+                Ok(iaw_result.signature)
+            }
         }
     }
 
@@ -218,12 +245,29 @@ impl AccountSigner for EoaSigner {
                     .sign_typed_data(auth_method.clone(), typed_data.clone(), options.from)
                     .await
                     .map_err(|e| {
-                        tracing::error!("Error signing typed data with EOA: {:?}", e);
+                        tracing::error!("Error signing typed data with EOA (Vault): {:?}", e);
                         e
                     })?;
 
                 Ok(vault_result.signature)
             }
+            SigningCredential::Iaw { auth_token, thirdweb_auth } => {
+                let iaw_result = self
+                    .iaw_client
+                    .sign_typed_data(
+                        auth_token.clone(),
+                        thirdweb_auth.clone(),
+                        typed_data.clone(),
+                        options.from,
+                    )
+                    .await
+                    .map_err(|e| {
+                        tracing::error!("Error signing typed data with EOA (IAW): {:?}", e);
+                        EngineError::from(e)
+                    })?;
+
+                Ok(iaw_result.signature)
+            }
         }
     }
 }