← Back to Blog

Inside v0.18.0: Native Account Abstraction Phase 1 & Operations Hardening

·Shell Chain Team
releaseaccount-abstractionoperationspost-quantumobservability

Two tracks, one release

v0.18.0 is the first Shell Chain release to ship a user-visible protocol feature and deep infrastructure hardening in the same cycle. The two tracks are designed to be independent — you can use AA without caring about storage profiles, and you can upgrade a node to get Prometheus metrics without touching any wallet code.

This post covers both.

Track 1 — Native Account Abstraction Phase 1

What shipped

Atomic batch transactions. A new transaction type (tx_type = 0x7E) carries a bundle of inner calls. One ML-DSA-65 signature authorizes the whole batch. If any inner call reverts, the entire batch is atomically reverted. Gas and nonce are deducted once for the bundle.

BatchTransaction {
    tx_type: 0x7E,
    nonce:   u64,
    gas:     u64,
    inner_calls: Vec<InnerCall>,   // max 16 calls
    paymaster: Option<Address>,
    paymaster_signature: Option<Bytes>,
    signature: PqSignature,        // ML-DSA-65 over the bundle hash
}

Sponsored gas (Paymaster). The paymaster and paymaster_signature fields let a third party pay gas on behalf of the sender. The paymaster's ML-DSA-65 signature over (bundle_hash, validity_window) is verified at mempool admission time. Execution debits gas from the paymaster account. This is a "native paymaster account" design — no contract stack required.

New RPC endpoints:

Method Description
shell_estimateBatch Simulate a bundle and return per-call gas estimates
shell_getPaymasterPolicy Query a paymaster's sponsorship policy
shell_isSponsored Check whether a confirmed tx was sponsored
shell_getWitness Return full Merkle proof + state root for a block

Hash domain isolation

The bundle signing hash uses domain byte 0x42:

bundle_hash = keccak256(0x42 || RLP(tx) || RLP(bundle_fields))

This is explicitly distinct from the v0.17.0 single-tx domain (0x01), preventing cross-version signature replay.

Backward compatibility

All AA fields are optional. A wallet that has never heard of v0.18.0 can still submit normal transactions without any change.

What is not in Phase 1

  • Contract-based paymasters (ERC-4337-style EntryPoint logic) → v0.19.0
  • Session keys / guardian recovery → v0.19.0
  • Cross-chain AA → roadmap

Track 2 — Operations & Stability Hardening

OPS-1: Storage Profiles

Nodes now expose a declared storage profile — archive, full, or light — via CLI flag and config, and via the shell_getStorageProfile RPC.

Profile What is retained
archive Full history: all blocks, all state trie nodes, all tx bodies
full Recent state + block headers; pruned history beyond configured depth
light Headers only; relies on witness proofs for state queries

The node validates that its on-disk data is consistent with the declared profile on startup. Switching between archive and full is supported at runtime; downgrading to light requires a re-sync.

The wallet now shows the connected node's profile as a badge. Explorers can surface it on the node info page.

OPS-2: Witness Endpoint Hardening

shell_getWitness was previously a 501 Not Implemented stub on full nodes and silently missing on light clients. It now:

  • Returns a complete Merkle proof, state root, and block context on all node types.
  • Includes the PQ witness bundle (aggregated validator signatures) so light clients can independently verify block finality.
  • Is tested with unit tests in crates/light-client/.

OPS-3: Observability

A Prometheus-compatible /metrics endpoint is now served on the RPC port (configurable). Key exported metrics:

shell_mempool_size
shell_blocks_per_second
shell_peer_count
shell_rpc_latency_seconds{method="..."}
shell_libp2p_errors_total{error="..."}

/healthz (liveness) and /readyz (readiness) HTTP endpoints are also available. Tracing spans cover the full critical path: RPC handler → execution → consensus tick. Level is controlled with SHELL_LOG env var.

See docs/observability.md for a starter Grafana dashboard JSON.

OPS-4: RPC Stability & Documentation

All JSON-RPC error codes are now defined in crates/rpc/src/error.rs as a single authoritative table. The -32xxx space is audited; ambiguous codes were resolved. docs/rpc-reference.md is auto-generated from handler annotations and included in the repository.

Batch JSON-RPC ({"jsonrpc":"2.0","method":"..."} arrays) is now formally tested for both eth_* and shell_* namespaces.

Ecosystem updates

Component Version Key changes
shell-sdk 0.4.0 AA builders, ML-DSA-65 canonical naming, new RPC types
shella-chrome-wallet 0.18.0 Batch approval UI, sponsored badge, storage profile display
shell-explorer 0.18.0 Batch tx inner calls, sponsored indicator, /node page

Upgrading

  1. Nodes: update shell-chain binary; set --storage-profile=full (or archive) in your start script. First boot will validate existing data.
  2. SDK users: npm install shell-sdk@0.4.0. The AA builders are additive; existing code compiles without changes.
  3. Wallet: Extension auto-updates on Chrome Web Store (dev channel). No user action required.

Full release notes and migration guide: docs/CHANGELOG.md