Initial checkin of AA/HC demo contracts.

 Changes to be committed:
	new file:   contracts/core/HCHelper.sol
	new file:   contracts/samples/HybridAccount.sol
	modified:   contracts/samples/SimpleAccount.sol
	modified:   contracts/test/TestCounter.sol

Author: mmontour1306

contracts/core/HCHelper.sol

@@ -0,0 +1,183 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.12;
+
+interface NonceMgr {
+    function getNonce(address sender, uint192 key) external view returns (uint256 nonce);
+}
+
+import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
+
+contract HCHelper {
+    using SafeERC20 for IERC20;
+
+    // Owner (creator) of this contract.
+    address public owner;
+
+    // Response data is stored here by PutResponse() and then consumed by TryCallOffchain().
+    // The storage slot must not be changed unless the corresponding code is updated in the Bundler.
+    mapping(bytes32=>bytes)  ResponseCache;
+
+    // BOBA token address
+    address public tokenAddr;
+
+    // Token amount required to purchase each prepaid credit (may be 0 for testing)
+    uint256 public pricePerCall;
+
+    // Account which is used to insert system error responses. Currently a single
+    // address but could be extended to a list of authorized accounts if needed.
+    address public systemAccount;
+
+
+    struct callerInfo {
+      address owner;
+      string url;
+      uint256 credits;
+    }
+
+    // Contracts which are allowed to use Hybrid Compute.
+    mapping(address=>callerInfo) public RegisteredCallers;
+
+    address immutable entryPoint;
+
+    constructor(address _entryPoint, address _tokenAddr, uint256 _pricePerCall) {
+        owner = msg.sender;
+	entryPoint = _entryPoint;
+	tokenAddr = _tokenAddr;
+	pricePerCall = _pricePerCall;
+    }
+
+    function RegisterUrl(address contract_addr, string calldata url) public {
+        // Temporary method, until an auto-registration protocol is developed
+        RegisteredCallers[contract_addr].owner = msg.sender;
+        RegisteredCallers[contract_addr].url = url;
+    }
+
+    function SetSystemAccount(address _systemAccount) public {
+        require(msg.sender == owner, "Only owner");
+        systemAccount = _systemAccount;
+    }
+
+    // Placeholder - this will transfer Boba tokens to this contract (or to a beneficiary)
+    // and add a corresponding number of credits for the specified contract address.
+    function AddCredit(address contract_addr, uint256 numCredits) public {
+        if (pricePerCall > 0) {
+            uint256 tokenPrice = numCredits * pricePerCall;
+            IERC20(tokenAddr).safeTransferFrom(msg.sender, address(this), tokenPrice);
+	}
+        RegisteredCallers[contract_addr].credits += numCredits;
+    }
+
+    function WithdrawTokens(uint256 amount, address withdrawTo) public {
+        require(msg.sender == owner, "Only owner");
+        IERC20(tokenAddr).safeTransferFrom(address(this), withdrawTo, amount);
+    }
+
+    // Called from a HybridAccount contract, to populate the response which it will
+    // subsequently request in TryCallOffchain()
+    function PutResponse(bytes32 subKey, bytes calldata response) public {
+        require(RegisteredCallers[msg.sender].owner != address(0), "Unregistered caller");
+        require(response.length >= 32*4, "Response too short");
+
+	(,, uint32 errCode,) = abi.decode(response,(address, uint256, uint32, bytes));
+        require(errCode < 2, "invalid errCode for PutResponse()");
+
+        bytes32 mapKey = keccak256(abi.encodePacked(msg.sender, subKey));
+        ResponseCache[mapKey] = response;
+    }
+
+    // Allow the system to supply an error response for unsuccessful requests.
+    // Any such response will only be retrieved if there was nothing supplied
+    // by PutResponse()
+    function PutSysResponse(bytes32 subKey, bytes calldata response) public {
+        require(msg.sender == systemAccount, "Only systemAccount may call PutSysResponse");
+        require(response.length >= 32*4, "Response too short");
+
+	(,, uint32 errCode,) = abi.decode(response,(address, uint256, uint32, bytes));
+        require(errCode >= 2, "PutSysResponse() may only be used for error responses");
+
+        bytes32 mapKey = keccak256(abi.encodePacked(address(this), subKey));
+        ResponseCache[mapKey] = response;
+    }
+
+    // Remove one or more map entries (only needed if response was not retrieved normally).
+    function RemoveResponse(bytes32[] calldata mapKeys) public {
+        require(msg.sender == owner, "Only owner");
+	for (uint32 i = 0; i < mapKeys.length; i++) {
+	    delete(ResponseCache[mapKeys[i]]);
+	}
+    }
+
+    // Try to retrieve an entry, also removing it from the mapping. This
+    // function will check for stale entries by checking the nonce of the srcAccount.
+    // Stale entries will return a "not found" condition.
+    function getEntry(bytes32 mapKey) internal returns (bool, uint32, bytes memory) {
+        bytes memory entry;
+	bool found;
+	uint32 errCode;
+	bytes memory response;
+	address srcAddr;
+	uint256 srcNonce;
+
+	entry = ResponseCache[mapKey];
+	if (entry.length == 1) {
+            // Used during state simulation to verify that a trigger request actually came from this helper contract
+            revert("_HC_VRFY");
+	} else if (entry.length != 0) {
+	    found = true;
+	    (srcAddr, srcNonce, errCode, response) = abi.decode(entry,(address, uint256, uint32, bytes));
+	    uint192 nonceKey = uint192(srcNonce >> 64);
+
+            NonceMgr NM = NonceMgr(entryPoint);
+	    uint256 actualNonce = NM.getNonce(srcAddr, nonceKey);
+
+	    if (srcNonce + 1 != actualNonce) {
+	        // stale entry
+		found = false;
+		errCode = 0;
+		response = "0x";
+	    }
+
+            delete(ResponseCache[mapKey]);
+	}
+	return (found, errCode, response);
+    }
+
+    // Make an offchain call to a pre-registered endpoint.
+    function TryCallOffchain(bytes32 userKey, bytes memory req) public returns (uint32, bytes memory) {
+        bool found;
+	uint32 errCode;
+        bytes memory ret;
+
+        require(RegisteredCallers[msg.sender].owner != address(0), "Calling contract not registered");
+
+	if (RegisteredCallers[msg.sender].credits ==  0) {
+	    return (5, "Insufficient credit");
+	}
+	RegisteredCallers[msg.sender].credits -= 1;
+
+        bytes32 subKey = keccak256(abi.encodePacked(userKey, req));
+        bytes32 mapKey = keccak256(abi.encodePacked(msg.sender, subKey));
+
+        (found, errCode, ret) = getEntry(mapKey);
+
+	if (found) {
+	    return (errCode, ret);
+	} else {
+	    // If no off-chain response, check for a system error response.
+            bytes32 errKey = keccak256(abi.encodePacked(address(this), subKey));
+
+	    (found, errCode, ret) = getEntry(errKey);
+	    if (found) {
+	        require(errCode >= 2, "invalid errCode");
+	        return (errCode, ret);
+	    } else {
+	        // Nothing found, so trigger a new request.
+                bytes memory prefix = "_HC_TRIG";
+                bytes memory r2 = bytes.concat(prefix, abi.encodePacked(msg.sender, userKey, req));
+                assembly {
+                    revert(add(r2, 32), mload(r2))
+	        }
+	    }
+	}
+    }
+}

contracts/samples/HybridAccount.sol

@@ -0,0 +1,161 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity ^0.8.12;
+
+/* solhint-disable avoid-low-level-calls */
+/* solhint-disable no-inline-assembly */
+/* solhint-disable reason-string */
+
+import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import "@openzeppelin/contracts/proxy/utils/Initializable.sol";
+import "@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol";
+
+import "../core/BaseAccount.sol";
+import "./callback/TokenCallbackHandler.sol";
+
+interface IHCHelper {
+  function TryCallOffchain(bytes32, bytes memory) external returns (uint32, bytes memory);
+}
+/**
+  * minimal account.
+  *  this is sample minimal account.
+  *  has execute, eth handling methods
+  *  has a single signer that can send requests through the entryPoint.
+  */
+contract HybridAccount is BaseAccount, TokenCallbackHandler, UUPSUpgradeable, Initializable {
+    using ECDSA for bytes32;
+
+    mapping(address=>bool) public PermittedCallers;
+
+    address public owner;
+
+    IEntryPoint private immutable _entryPoint;
+    address public _helperAddr;
+
+    event HybridAccountInitialized(IEntryPoint indexed entryPoint, address indexed owner);
+
+    modifier onlyOwner() {
+        _onlyOwner();
+        _;
+    }
+
+    /// @inheritdoc BaseAccount
+    function entryPoint() public view virtual override returns (IEntryPoint) {
+        require(2>1, "foo");
+	return _entryPoint;
+    }
+
+
+    // solhint-disable-next-line no-empty-blocks
+    receive() external payable {}
+
+    constructor(IEntryPoint anEntryPoint, address helperAddr) {
+        _entryPoint = anEntryPoint;
+	_helperAddr = helperAddr;
+        _disableInitializers();
+    }
+
+    function _onlyOwner() internal view {
+        //directly from EOA owner, or through the account itself (which gets redirected through execute())
+        require(msg.sender == owner || msg.sender == address(this), "only owner");
+    }
+
+    /**
+     * execute a transaction (called directly from owner, or by entryPoint)
+     */
+    function execute(address dest, uint256 value, bytes calldata func) external {
+        _requireFromEntryPointOrOwner();
+        _call(dest, value, func);
+    }
+
+    /**
+     * execute a sequence of transactions
+     */
+    function executeBatch(address[] calldata dest, bytes[] calldata func) external {
+        _requireFromEntryPointOrOwner();
+        require(dest.length == func.length, "wrong array lengths");
+        for (uint256 i = 0; i < dest.length; i++) {
+            _call(dest[i], 0, func[i]);
+        }
+    }
+
+    /**
+     * @dev The _entryPoint member is immutable, to reduce gas consumption.  To upgrade EntryPoint,
+     * a new implementation of HybridAccount must be deployed with the new EntryPoint address, then upgrading
+      * the implementation by calling `upgradeTo()`
+     */
+    function initialize(address anOwner) public virtual /*initializer*/ {
+        _initialize(anOwner);
+    }
+
+    function _initialize(address anOwner) internal virtual {
+        owner = anOwner;
+        emit HybridAccountInitialized(_entryPoint, owner);
+    }
+
+    // Require the function call went through EntryPoint or owner
+    function _requireFromEntryPointOrOwner() internal view {
+        require(msg.sender == address(entryPoint()) || msg.sender == owner, "account: not Owner or EntryPoint");
+    }
+
+    /// implement template method of BaseAccount
+    function _validateSignature(UserOperation calldata userOp, bytes32 userOpHash)
+    internal override virtual returns (uint256 validationData) {
+        bytes32 hash = userOpHash.toEthSignedMessageHash();
+        if (owner != hash.recover(userOp.signature))
+            return SIG_VALIDATION_FAILED;
+        return 0;
+    }
+
+    function _call(address target, uint256 value, bytes memory data) internal {
+        (bool success, bytes memory result) = target.call{value : value}(data);
+        if (!success) {
+            assembly {
+                revert(add(result, 32), mload(result))
+            }
+        }
+    }
+
+    /**
+     * check current account deposit in the entryPoint
+     */
+    function getDeposit() public view returns (uint256) {
+        return entryPoint().balanceOf(address(this));
+    }
+
+    /**
+     * deposit more funds for this account in the entryPoint
+     */
+    function addDeposit() public payable {
+        entryPoint().depositTo{value : msg.value}(address(this));
+    }
+
+    /**
+     * withdraw value from the account's deposit
+     * @param withdrawAddress target to send to
+     * @param amount to withdraw
+     */
+    function withdrawDepositTo(address payable withdrawAddress, uint256 amount) public onlyOwner {
+        entryPoint().withdrawTo(withdrawAddress, amount);
+    }
+
+    function _authorizeUpgrade(address newImplementation) internal view override {
+        (newImplementation);
+        _onlyOwner();
+    }
+
+    function PermitCaller(address caller, bool allowed) public {
+      _requireFromEntryPointOrOwner();
+      PermittedCallers[caller] = allowed;
+    }
+
+    function CallOffchain(bytes32 userKey, bytes memory req) public returns (uint32, bytes memory) {
+       /* By default a simple whitelist is used. Endpoint implementations may choose to allow
+          unrestricted access, to use a custom permission model, to charge fees, etc. */
+       require(_helperAddr != address(0), "Helper address not set");
+       require(PermittedCallers[msg.sender], "Permission denied");
+       IHCHelper HC = IHCHelper(_helperAddr);
+
+       userKey = keccak256(abi.encodePacked(userKey, msg.sender));
+       return HC.TryCallOffchain(userKey, req);
+    }
+}

contracts/samples/SimpleAccount.sol

@@ -75,7 +75,7 @@ contract SimpleAccount is BaseAccount, TokenCallbackHandler, UUPSUpgradeable, In
      * a new implementation of SimpleAccount must be deployed with the new EntryPoint address, then upgrading
       * the implementation by calling `upgradeTo()`
      */
-    function initialize(address anOwner) public virtual initializer {
+    function initialize(address anOwner) public virtual /*initializer*/ {
         _initialize(anOwner);
     }