Implement account permission delegation - XLS-74d and XLS-75d amendments (#840)

* Transaction model, unit and integ tests for Delegate XLS-74d amendment

* fix linter errors

* Update xrpl/models/transactions/transaction.py

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* address PR comments from Phu and Rabbit

* fix linter errors

* add DelegatableTransaction and GranularPermission string enums

* handle PermissionValue serialization

* add unit test for DelegateSet serialization

* fix integration tests

* refactor PermissionValue binary codec

* remove DelegatableTransaction enum

* refactor based on pr comments

* refactor definitions.py

* fix lint issue

* refactor integration test case

* refactor nit comment

* add TransactionType and GranularPermission for types

* pr review refactors

* pr review comments

---------

Co-authored-by: Chenna Keshava B S <[email protected]>
Co-authored-by: Chenna Keshava B S <[email protected]>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

Author: 3 people

.ci-config/rippled.cfg

@@ -196,6 +196,7 @@ fixEnforceNFTokenTrustline
 fixReducedOffersV2
 DeepFreeze
 PermissionedDomains
+PermissionDelegation
 
 # This section can be used to simulate various FeeSettings scenarios for rippled node in standalone mode
 [voting]

CHANGELOG.md

@@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 - Improved validation for models to also check param types
+- Support for `Account Permission` and `Account Permission Delegation` (XLS-74d, XLS-75d)
 
 ## [4.1.0] - 2025-2-13
 

tests/integration/transactions/test_delegate_set.py

@@ -0,0 +1,162 @@
+from tests.integration.integration_test_case import IntegrationTestCase
+from tests.integration.it_utils import (
+    fund_wallet_async,
+    sign_and_reliable_submission_async,
+    test_async_and_sync,
+)
+from xrpl.models.requests import AccountObjects, AccountObjectType, LedgerEntry
+from xrpl.models.requests.ledger_entry import Delegate
+from xrpl.models.response import ResponseStatus
+from xrpl.models.transactions import (
+    AccountSet,
+    DelegateSet,
+    GranularPermission,
+    Payment,
+)
+from xrpl.models.transactions.delegate_set import Permission
+from xrpl.models.transactions.types import TransactionType
+from xrpl.utils import xrp_to_drops
+from xrpl.wallet.main import Wallet
+
+
+class TestDelegateSet(IntegrationTestCase):
+    @test_async_and_sync(globals())
+    async def test_delegation_with_no_permission(self, client):
+        # Note: Using WALLET, DESTINATION accounts could pollute the test results
+        alice = Wallet.create()
+        await fund_wallet_async(alice)
+        bob = Wallet.create()
+        await fund_wallet_async(bob)
+        carol = Wallet.create()
+        await fund_wallet_async(carol)
+
+        # Use bob's account to execute a transaction on behalf of alice
+        payment = Payment(
+            account=alice.address,
+            amount=xrp_to_drops(1),
+            destination=carol.address,
+            delegate=bob.address,
+        )
+        response = await sign_and_reliable_submission_async(
+            payment, bob, client, check_fee=False
+        )
+        self.assertEqual(response.status, ResponseStatus.SUCCESS)
+
+        # The lack of AccountPermissionSet transaction will result in a tecNO_PERMISSION
+        self.assertEqual(response.result["engine_result"], "tecNO_PERMISSION")
+
+    @test_async_and_sync(globals())
+    async def test_delegate_set_workflow(self, client):
+        # Note: Using WALLET, DESTINATION accounts could pollute the test results
+        alice = Wallet.create()
+        await fund_wallet_async(alice)
+        bob = Wallet.create()
+        await fund_wallet_async(bob)
+        carol = Wallet.create()
+        await fund_wallet_async(carol)
+
+        delegate_set = DelegateSet(
+            account=alice.address,
+            authorize=bob.address,
+            # Authorize bob account to execute Payment transactions and
+            # modify the domain of an account behalf of alice's account.
+            permissions=[
+                Permission(permission_value=TransactionType.PAYMENT),
+                Permission(permission_value=GranularPermission.ACCOUNT_DOMAIN_SET),
+            ],
+        )
+        response = await sign_and_reliable_submission_async(
+            delegate_set, alice, client, check_fee=False
+        )
+        self.assertEqual(response.status, ResponseStatus.SUCCESS)
+        self.assertEqual(response.result["engine_result"], "tesSUCCESS")
+
+        # Use the bob's account to execute a transaction on behalf of alice
+        payment = Payment(
+            account=alice.address,
+            amount=xrp_to_drops(1),
+            destination=carol.address,
+            delegate=bob.address,
+        )
+        response = await sign_and_reliable_submission_async(
+            payment, bob, client, check_fee=False
+        )
+        self.assertEqual(response.status, ResponseStatus.SUCCESS)
+        self.assertEqual(response.result["engine_result"], "tesSUCCESS")
+
+        # Validate that the transaction was signed by bob
+        self.assertEqual(response.result["tx_json"]["Account"], alice.address)
+        self.assertEqual(response.result["tx_json"]["Delegate"], bob.address)
+        self.assertEqual(response.result["tx_json"]["SigningPubKey"], bob.public_key)
+
+        # Use the bob's account to execute a transaction on behalf of alice
+        account_set = AccountSet(
+            account=alice.address,
+            delegate=bob.address,
+            email_hash="10000000002000000000300000000012",
+        )
+        response = await sign_and_reliable_submission_async(
+            account_set, bob, client, check_fee=False
+        )
+        self.assertEqual(response.status, ResponseStatus.SUCCESS)
+        self.assertEqual(response.result["engine_result"], "tecNO_PERMISSION")
+
+        # test ledger entry
+        ledger_entry_response = await client.request(
+            LedgerEntry(
+                delegate=Delegate(
+                    account=alice.address,
+                    authorize=bob.address,
+                ),
+            )
+        )
+        self.assertTrue(ledger_entry_response.is_successful())
+        self.assertEqual(
+            ledger_entry_response.result["node"]["LedgerEntryType"],
+            "Delegate",
+        )
+        self.assertEqual(ledger_entry_response.result["node"]["Account"], alice.address)
+        self.assertEqual(ledger_entry_response.result["node"]["Authorize"], bob.address)
+        self.assertEqual(len(ledger_entry_response.result["node"]["Permissions"]), 2)
+
+    @test_async_and_sync(globals())
+    async def test_fetch_delegate_account_objects(self, client):
+        # Note: Using WALLET, DESTINATION accounts could pollute the test results
+        alice = Wallet.create()
+        await fund_wallet_async(alice)
+        bob = Wallet.create()
+        await fund_wallet_async(bob)
+
+        delegate_set = DelegateSet(
+            account=alice.address,
+            authorize=bob.address,
+            # Authorize bob's account to execute Payment transactions
+            # and authorize a trustline on behalf of alice's account.
+            permissions=[
+                Permission(permission_value=TransactionType.PAYMENT),
+                Permission(permission_value=GranularPermission.TRUSTLINE_AUTHORIZE),
+            ],
+        )
+        response = await sign_and_reliable_submission_async(
+            delegate_set, alice, client, check_fee=False
+        )
+
+        self.assertEqual(response.status, ResponseStatus.SUCCESS)
+        self.assertEqual(response.result["engine_result"], "tesSUCCESS")
+
+        account_objects_response = await client.request(
+            AccountObjects(account=alice.address, type=AccountObjectType.DELEGATE)
+        )
+
+        granted_permission = {
+            obj["Permission"]["PermissionValue"]
+            for obj in account_objects_response.result["account_objects"][0][
+                "Permissions"
+            ]
+        }
+
+        self.assertEqual(len(granted_permission), 2)
+        self.assertTrue(TransactionType.PAYMENT.value in granted_permission)
+        self.assertTrue(
+            GranularPermission.TRUSTLINE_AUTHORIZE.value in granted_permission
+        )

tests/unit/core/binarycodec/fixtures/data/codec-fixtures.json

@@ -4839,6 +4839,51 @@
         "SigningPubKey": "ED7453D2572A2104E7B266A45888C53F503CEB1F11DC4BB3710EB2995238EC65B8",
         "TxnSignature": "BC2F6E76969E3747E9BDE183C97573B086212F09D5387460E6EE2F32953E85EAEB9618FBBEF077276E30E59D619FCF7C7BDCDDDD9EB94D7CE1DD5CE9246B2107"
       }
+    },
+    {
+       "binary": "120007220000000024000195F964400000170A53AC2065D5460561EC9DE000000000000000000000000000494C53000000000092D705968936C419CE614BF264B5EEB1CEA47FF468400000000000000A7321028472865AF4CB32AA285834B57576B7290AA8C31B459047DB27E16F418D6A71667447304502202ABE08D5E78D1E74A4C18F2714F64E87B8BD57444AFA5733109EB3C077077520022100DB335EE97386E4C0591CAC024D50E9230D8F171EEB901B5E5E4BD6D1E0AEF98C811439408A69F0895E62149CFCC006FB89FA7D1E6E5D",
+        "json": {
+            "Account": "raD5qJMAShLeHZXf9wjUmo6vRK4arj9cF3",
+            "Fee": "10",
+            "Flags": 0,
+            "Sequence": 103929,
+            "SigningPubKey": 
+                "028472865AF4CB32AA285834B57576B7290AA8C31B459047DB27E16F418D6A7166",        
+            "TakerGets": {
+                "value": "1694.768",
+                "currency": "ILS",
+                "issuer": "rNPRNzBB92BVpAhhZr4iXDTveCgV5Pofm9"
+            },
+            "TakerPays": "98957503520",
+            "TransactionType": "OfferCreate",
+            "TxnSignature": "304502202ABE08D5E78D1E74A4C18F2714F64E87B8BD57444AFA5733109EB3C077077520022100DB335EE97386E4C0591CAC024D50E9230D8F171EEB901B5E5E4BD6D1E0AEF98C"           
+        }      
+    },
+    {
+        "binary": "120040210000F7E0228000000024000009186840000000000000C87321ED510865F867CDFCB944D435812ACF23D231E5C14534B146BCE46A2F794D198B777440D05A89D0B489DEC1CECBE0D33BA656C929CDCCC75D4D41B282B378544975B87A70C3E42147D980D1F6E2E4DC6316C99D7E2D4F6335F147C71C0DAA0D6516150D8114DB9157872FA63FAF7432CD300911A43B981B85A28514EBA79C385B47C50D52445DF2676EEC0231F732CEF01DEF203400000001E1EF203400000015E1F1",
+        "json": {
+            "Account": "rMryaYXZMchTWBovAzEsMzid9FUwmrmcH7",
+            "Authorize": "r4Vp2qvKR59guHDn4Yzw9owTzDVnt6TJZA",
+            "Fee": "200",
+            "Flags": 2147483648,
+            "NetworkID": 63456,
+            "Permissions": [
+                {
+                    "Permission": {
+                        "PermissionValue": "Payment"
+                    }
+                },
+                {
+                    "Permission": {
+                        "PermissionValue": "TrustSet"
+                    }
+                }
+            ],
+            "Sequence": 2328,
+            "SigningPubKey": "ED510865F867CDFCB944D435812ACF23D231E5C14534B146BCE46A2F794D198B77",
+            "TransactionType": "DelegateSet",
+            "TxnSignature": "D05A89D0B489DEC1CECBE0D33BA656C929CDCCC75D4D41B282B378544975B87A70C3E42147D980D1F6E2E4DC6316C99D7E2D4F6335F147C71C0DAA0D6516150D"
+        }        
     }
   ],
   "ledgerData": [{

tests/unit/models/transactions/test_delegate_set.py

@@ -0,0 +1,114 @@
+from unittest import TestCase
+
+from xrpl.models.exceptions import XRPLModelException
+from xrpl.models.transactions import DelegateSet
+from xrpl.models.transactions.delegate_set import (
+    PERMISSIONS_MAX_LENGTH,
+    GranularPermission,
+    Permission,
+)
+from xrpl.models.transactions.types import TransactionType
+
+_ACCOUNT = "r9LqNeG6qHxjeUocjvVki2XR35weJ9mZgQ"
+_DELEGATED_ACCOUNT = "rsA2LpzuawewSBQXkiju3YQTMzW13pAAdW"
+_MORE_THAN_10_PERMISSIONS = [
+    GranularPermission.PAYMENT_MINT,
+    GranularPermission.ACCOUNT_MESSAGE_KEY_SET,
+    GranularPermission.ACCOUNT_TICK_SIZE_SET,
+    GranularPermission.ACCOUNT_DOMAIN_SET,
+    TransactionType.PAYMENT,
+    TransactionType.AMM_CLAWBACK,
+    TransactionType.AMM_BID,
+    TransactionType.ORACLE_DELETE,
+    TransactionType.MPTOKEN_AUTHORIZE,
+    TransactionType.MPTOKEN_ISSUANCE_DESTROY,
+    TransactionType.CREDENTIAL_ACCEPT,
+]
+
+
+class TestDelegateSet(TestCase):
+    def test_delegate_set(self):
+        tx = DelegateSet(
+            account=_ACCOUNT,
+            authorize=_DELEGATED_ACCOUNT,
+            permissions=[
+                Permission(permission_value=GranularPermission.TRUSTLINE_AUTHORIZE),
+                Permission(permission_value=TransactionType.PAYMENT),
+            ],
+        )
+        self.assertTrue(tx.is_valid())
+
+    def test_delegate_set_granular_permission(self):
+        tx = DelegateSet(
+            account=_ACCOUNT,
+            authorize=_DELEGATED_ACCOUNT,
+            permissions=[Permission(permission_value=GranularPermission.PAYMENT_MINT)],
+        )
+        self.assertTrue(tx.is_valid())
+
+    def test_long_permissions_list(self):
+        with self.assertRaises(XRPLModelException) as error:
+            DelegateSet(
+                account=_ACCOUNT,
+                authorize=_DELEGATED_ACCOUNT,
+                permissions=[
+                    Permission(permission_value=_MORE_THAN_10_PERMISSIONS[i])
+                    for i in range(len(_MORE_THAN_10_PERMISSIONS))
+                ],
+            )
+        self.assertEqual(
+            error.exception.args[0],
+            "{'permissions': 'Length of `permissions` list is greater than "
+            + str(PERMISSIONS_MAX_LENGTH)
+            + ".'}",
+        )
+
+    def test_duplicate_permission_value(self):
+        with self.assertRaises(XRPLModelException) as error:
+            DelegateSet(
+                account=_ACCOUNT,
+                authorize=_DELEGATED_ACCOUNT,
+                permissions=[
+                    Permission(permission_value=TransactionType.ORACLE_DELETE),
+                    Permission(permission_value=TransactionType.ORACLE_DELETE),
+                ],
+            )
+        self.assertEqual(
+            error.exception.args[0],
+            "{'permissions': 'Duplicate permission value in `permissions` list.'}",
+        )
+
+    def test_account_and_delegate_are_the_same(self):
+        with self.assertRaises(XRPLModelException) as error:
+            DelegateSet(
+                account=_ACCOUNT,
+                authorize=_ACCOUNT,
+                permissions=[
+                    Permission(
+                        permission_value=GranularPermission.MPTOKEN_ISSUANCE_LOCK
+                    ),
+                ],
+            )
+        self.assertEqual(
+            error.exception.args[0],
+            "{'account_addresses': 'Field `authorize` and `account` must be different."
+            + "'}",
+        )
+
+    def test_non_delegatable_transactions(self):
+        with self.assertRaises(XRPLModelException) as error:
+            DelegateSet(
+                account=_ACCOUNT,
+                authorize=_DELEGATED_ACCOUNT,
+                permissions=[
+                    Permission(
+                        permission_value=GranularPermission.MPTOKEN_ISSUANCE_LOCK
+                    ),
+                    Permission(permission_value=TransactionType.ACCOUNT_DELETE),
+                ],
+            )
+        self.assertEqual(
+            error.exception.args[0],
+            "{'permissions': \"Non-delegatable transactions found in `permissions` "
+            "list: {<TransactionType.ACCOUNT_DELETE: 'AccountDelete'>}.\"}",
+        )

tests/unit/models/transactions/test_transaction.py

@@ -223,3 +223,31 @@ def test_payment_txn_API_identical_amount_and_deliver_max(self):
 
         payment_txn = Payment.from_xrpl(payment_tx_json)
         self.assertEqual(delivered_amount, payment_txn.to_dict()["amount"])
+
+    def test_duplicate_account_and_delegate_account(self):
+        with self.assertRaises(XRPLModelException) as err:
+            Transaction(
+                account=_ACCOUNT,
+                delegate=_ACCOUNT,
+                transaction_type=TransactionType.PAYMENT,
+            )
+
+        self.assertEqual(
+            err.exception.args[0],
+            "{'delegate': 'Account and delegate addresses cannot be the same'}",
+        )
+
+    def test_payment_with_delegate_account(self):
+        payment_tx_json = {
+            "Account": "rGWTUVmm1fB5QUjMYn8KfnyrFNgDiD9H9e",
+            "Destination": "rw71Qs1UYQrSQ9hSgRohqNNQcyjCCfffkQ",
+            "Delegate": "rJ73aumLPTQQmy5wnGhvrogqf5DDhjuzc9",
+            "TransactionType": "Payment",
+            "Amount": "1000000",
+            "Fee": "15",
+            "Flags": 0,
+            "Sequence": 144,
+            "LastLedgerSequence": 6220218,
+        }
+        payment_txn = Payment.from_xrpl(payment_tx_json)
+        self.assertTrue(payment_txn.is_valid())

xrpl/core/binarycodec/definitions/__init__.py

@@ -6,6 +6,8 @@
     get_field_name_from_header,
     get_ledger_entry_type_code,
     get_ledger_entry_type_name,
+    get_permission_value_type_code,
+    get_permission_value_type_name,
     get_transaction_result_code,
     get_transaction_result_name,
     get_transaction_type_code,
@@ -30,4 +32,6 @@
     "get_transaction_result_name",
     "get_transaction_type_code",
     "get_transaction_type_name",
+    "get_permission_value_type_code",
+    "get_permission_value_type_name",
 ]