Build Session Key Approval Flow in Chat Interface #189
Description
Objective
Create an AI-driven conversational flow for users to approve session keys that grant the backend permission to execute automated transactions with specific limits and constraints.
Background
After a user creates an embedded smart wallet and wants to use automation features (TWAP, stop-loss), they need to approve a session key. This approval is a one-time signature that grants the backend limited permissions to execute transactions on their behalf.
The flow must clearly explain what permissions are being granted, provide transparency about limits, and build user trust.
Acceptance Criteria
- AI detects when automation feature requires session key
- Backend creates session key with appropriate permissions
- AI displays session key permissions in clear, user-friendly format
- User approves session key with single signature
- Backend stores approval and activates session
- AI confirms session is active and ready to use
- Handle rejection gracefully (user can decline)
- Support revoking existing sessions
- Show active sessions on request
User Experience Flow
User: "Set up a TWAP order to buy $1000 ETH over 24 hours"
AI: [Wallet funded]
"To execute this TWAP order automatically, I need your approval for a session key.
Session Permissions:
✓ Can execute: Uniswap V3 swaps only
✓ Max per trade: $50 USDC
✓ Total limit: $1000 USDC
✓ Expires in: 24 hours
✓ You can revoke anytime
✗ Cannot: Transfer to other addresses
✗ Cannot: Exceed spending limits
✗ Cannot: Access after expiration
Approve this session?"
[User signs approval]
AI: "Session approved! Your TWAP order is now active.
I'll execute $41.67 trades every hour for the next 24 hours.
You can check status or cancel anytime by saying 'show my automations'"
Technical Context
AI Tool for Session Approval:
Create tool similar to swap/send execution:
interface SessionApprovalParams {
walletAddress: string
duration: number // seconds
permissions: {
chainId: number
contractAddress: string
allowedFunctions: string[]
maxPerTransaction: string
maxTotal: string
rateLimit: {count: number, period: number}
}
}Backend Integration:
- Backend creates session key via ZeroDev SDK
- Returns session key address and approval message to sign
- Frontend prompts user to sign approval
- User signature sent back to backend
- Backend stores session + approval, marks as active
ZeroDev Session Key API:
Reference: https://docs.zerodev.app/sdk/advanced/session-keys
Typical flow:
- Create session key signer
- Define permissions (policy)
- Generate approval signature request
- User signs
- Session becomes active
Files to Modify/Create:
- AI tool for session approval
- Execution hook (similar to
/apps/agentic-chat/src/hooks/useSwapExecution.tsx) - Backend API endpoints for session key creation/approval
- Chat prompt updates to guide users through approval
Permission Display Format
Clear Language:
- Avoid technical jargon (no "function selectors", say "swaps only")
- Use checkmarks and X marks for visual clarity
- Show amounts in human-readable format ($1000, not wei)
- Explain time duration clearly (24 hours, not 86400 seconds)
Trust Building:
- Explicitly state what the session CAN do
- Explicitly state what the session CANNOT do
- Show clear expiration time
- Mention revocation capability
- Link to help docs if needed
Error Handling
- User rejects approval signature
- Backend fails to create session key
- Network error during approval
- Session creation succeeds but approval fails
- User tries to create duplicate session
For each error:
- Clear error message
- Option to retry
- Fallback to manual operation (user signs each transaction)
Session Management Commands
Support conversational commands:
- "Show my active sessions"
- "Show my automations"
- "Cancel my TWAP order"
- "Revoke session for [feature]"
Response should list:
- Active sessions with permissions
- When they expire
- How much they've spent/executed
- Option to revoke each
Testing Scenarios
- User approves session successfully
- User rejects session approval
- User tries to approve with insufficient wallet balance
- Session expires automatically after duration
- User manually revokes active session
- User requests list of active sessions
- Multiple concurrent sessions (TWAP + stop-loss)
Security Considerations
User Understanding:
- Users must understand what they're approving
- Permissions must be clearly stated
- No hidden capabilities
Backend Validation:
- Backend must enforce permissions strictly
- Cannot execute transactions outside approved scope
- Must respect rate limits and amount caps
Audit Trail:
- Log all session approvals
- Log all session executions
- User can view full history
Dependencies
- Requires "Design Session Key Backend Architecture and Storage"
- Requires "Implement Fund Transfer Flow from BYO to Embedded Wallet"
- Requires "Integrate ZeroDev for ERC-4337 Smart Wallet Support"