@aastar/sdk 0.20.4 → 0.20.6

package/dist/airaccount.js

@@ -1,4501 +1,5 @@
-import { ecdsa, bls12_381, weierstrass, sha256 } from './chunk-4KRQXOTI.js';
-export { BLSManager, CryptoUtil, ERC4337Utils, PasskeyManager, UserOpBuilder, YAAAClient } from './chunk-4KRQXOTI.js';
+export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, validateConfig, wrapExecuteUserOp } from './chunk-KISL64KW.js';
+export { ALG_BLS, ALG_CUMULATIVE_T2, ALG_CUMULATIVE_T3, ALG_ECDSA, ALG_P256, BLSManager, CryptoUtil, ERC4337Utils, PasskeyManager, UserOpBuilder, YAAAClient, algIdForTier, resolveTier } from './chunk-FUU7RIIA.js';
 import './chunk-PZ5AY32C.js';
-import { ethers } from 'ethers';
-import axios from 'axios';
-import { createHash } from 'crypto';
-
-// ../../node_modules/.pnpm/@noble+curves@2.0.1/node_modules/@noble/curves/nist.js
-var p256_CURVE = /* @__PURE__ */ (() => ({
-  p: BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"),
-  n: BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),
-  h: BigInt(1),
-  a: BigInt("0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc"),
-  b: BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),
-  Gx: BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
-  Gy: BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5")
-}))();
-var p256_Point = /* @__PURE__ */ weierstrass(p256_CURVE);
-var p256 = /* @__PURE__ */ ecdsa(p256_Point, sha256);
-
-// ../airaccount/dist/server/index.js
-var EntryPointVersion = /* @__PURE__ */ ((EntryPointVersion2) => {
-  EntryPointVersion2["V0_6"] = "0.6";
-  EntryPointVersion2["V0_7"] = "0.7";
-  EntryPointVersion2["V0_8"] = "0.8";
-  return EntryPointVersion2;
-})(EntryPointVersion || {});
-var ENTRYPOINT_ADDRESSES = {
-  [
-    "0.6"
-    /* V0_6 */
-  ]: {
-    sepolia: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789",
-    mainnet: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789",
-    optimism: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789"
-  },
-  [
-    "0.7"
-    /* V0_7 */
-  ]: {
-    sepolia: "0x0000000071727De22E5E9d8BAf0edAc6f37da032",
-    mainnet: "0x0000000071727De22E5E9d8BAf0edAc6f37da032",
-    optimism: "0x0000000071727De22E5E9d8BAf0edAc6f37da032"
-  },
-  [
-    "0.8"
-    /* V0_8 */
-  ]: {
-    sepolia: "0x0576a174D229E3cFA37253523E645A78A0C91B57",
-    mainnet: "0x0576a174D229E3cFA37253523E645A78A0C91B57",
-    optimism: "0x0576a174D229E3cFA37253523E645A78A0C91B57"
-  }
-};
-var ENTRYPOINT_ABI_V6 = [
-  "function simulateValidation((address,uint256,bytes,bytes,uint256,uint256,uint256,uint256,uint256,bytes,bytes) userOp) external",
-  "function getNonce(address sender, uint192 key) external view returns (uint256 nonce)",
-  "function getUserOpHash((address,uint256,bytes,bytes,uint256,uint256,uint256,uint256,uint256,bytes,bytes) userOp) external view returns (bytes32)",
-  "function handleOps((address,uint256,bytes,bytes,uint256,uint256,uint256,uint256,uint256,bytes,bytes)[] ops, address payable beneficiary) external"
-];
-var ENTRYPOINT_ABI_V7_V8 = [
-  "function simulateValidation((address,uint256,bytes,bytes,bytes32,uint256,bytes32,bytes,bytes) packedUserOp) external",
-  "function getNonce(address sender, uint192 key) external view returns (uint256 nonce)",
-  "function getUserOpHash((address,uint256,bytes,bytes,bytes32,uint256,bytes32,bytes,bytes) packedUserOp) external view returns (bytes32)",
-  "function handleOps((address,uint256,bytes,bytes,bytes32,uint256,bytes32,bytes,bytes)[] ops, address payable beneficiary) external"
-];
-var FACTORY_ABI_V6 = [
-  "function getAddress(address creator, address signer, address validator, bool useAAStarValidator, uint256 salt) view returns (address)",
-  "function createAccountWithAAStarValidator(address creator, address signer, address aaStarValidator, bool useAAStarValidator, uint256 salt) returns (address)"
-];
-var FACTORY_ABI_V7_V8 = [
-  "function getAddress(address creator, address signer, address validator, bool useAAStarValidator, uint256 salt) view returns (address)",
-  "function createAccount(address creator, address signer, address aaStarValidator, bool useAAStarValidator, uint256 salt) returns (address)"
-];
-var ACCOUNT_ABI = [
-  "function execute(address dest, uint256 value, bytes calldata func) external"
-];
-var VALIDATOR_ABI = [
-  "function getGasEstimate(uint256 nodeCount) external pure returns (uint256 gasEstimate)"
-];
-var AIRACCOUNT_ADDRESSES = {
-  sepolia: {
-    // M4 factory (legacy — 3-field InitConfig)
-    factoryM4: "0x914db0a849f55e68a726c72fd02b7114b1176d88",
-    // M5 factory r5 — 6-field InitConfig, guardian acceptance sigs required
-    factoryM5: "0xd72a236d84be6c388a8bc7deb64afd54704ae385",
-    /** @deprecated defaultCommunityGuardian was address(0); superseded by r6 and r4. Do not use for new accounts. */
-    factoryM7r5Prev: "0xa0007c5dB27548D8c1582773856dB1D123107383",
-    // ── Deprecated: r6 addresses (2026-03-29 deployment, superseded by r4 audit-final) ──────────
-    // Retain for legacy account lookups and historical event indexing ONLY.
-    // DO NOT use for new account creation — CREATE2 address will differ from r4.
-    /** @deprecated Use {@link factory} (r4 audit-final) for new accounts. */
-    factoryM7r6: "0x42f82d77f9cf940686b6a64a369245cb563e0e85",
-    /** @deprecated Use {@link accountImpl} (r4 audit-final). */
-    accountImplM7r6: "0x2F1B4EB63143D338bE78d0AF878B806f075080c1",
-    /** @deprecated Use {@link compositeValidator} (r4 audit-final). */
-    compositeValidatorM7r6: "0x4135c539fec5e200fe9762b721f6829b2315cbe1",
-    /** @deprecated Use {@link tierGuardHook} (r4 audit-final). */
-    tierGuardHookM7r6: "0x73572e9e6138fd53465ee243e2fb4842cf86a787",
-    /** @deprecated Use {@link agentSessionKeyValidator} (r4 audit-final). */
-    agentSessionKeyValidatorM7r6: "0xa3e52db4b6e0a9d7cd5dd1414a90eedcf950e029",
-    // ── Deprecated: r4 audit-final (v0.16.0 era — pre-beta). Retained for existing account recovery. ─
-    /** @deprecated Use factory (beta.4) for new accounts. */
-    factoryM7r4: "0x61bBAf9E1b8Fd78fF874776cFa50497dB9d43C3F",
-    /** @deprecated */
-    accountImplM7r4: "0xA674D308ce22230B70412b20Ee5a66fC6B24F49c",
-    /** @deprecated Use validatorRouter. */
-    validatorRouterM7r4: "0x730a162Ce3202b94cC5B74181B75b11eBB3045B1",
-    /** @deprecated */
-    compositeValidatorM7r4: "0xB65569950C48AA56dbe876915ca3605fD6FF2980",
-    /** @deprecated */
-    tierGuardHookM7r4: "0x67f878295cFF7451CBD2A775C4490607AF1b07d7",
-    /** @deprecated */
-    agentSessionKeyValidatorM7r4: "0x1F06961e133217801F92e1CF552187F594a32873",
-    // ── Current: v0.17.2-beta.4 (bundler-compat — algId whitelist on account + executeUserOp) ─────
-    // beta.4 upgrades the AirAccount account contracts; it REUSES the beta.3 router /
-    // sessionKey / forceExit / BLS (per the beta.4 migration notes).
-    factory: "0x3a9127a5f0b4ca734d54629d0c3ad9f52739c071",
-    // beta.4
-    factoryM7: "0x3a9127a5f0b4ca734d54629d0c3ad9f52739c071",
-    // beta.4
-    accountImpl: "0x0321Fa7261Ad5945e4B3f0c73aFD7D9392E39796",
-    // beta.4
-    validatorRouter: "0x3c2b06f50300912794f29de031b33dd37bb8d6c6",
-    // beta.3 (reused; M3 timelock)
-    blsAlgorithm: "0xB82127182A855B82eED05e47536FcE568b626457",
-    blsAggregator: "0xBAc3f24946d0eb15189E1c01e38182e5B078Bbc1",
-    superPaymaster: "0xFb090E82bD041C6e9787eDEbE1D3BE55b3c7266a",
-    // beta.3 ERC-7579 modules (reused by beta.4)
-    sessionKeyValidator: "0x655ca2e9a2d1178f7fbcea1856560d1e0c657ebf",
-    forceExitModule: "0xdb396ca2dc279f9bcb95fa3d8275f77c9f0c8702",
-    airAccountDelegate: "0x4bda4849b80cc444fb2da65beec0724005c6675c",
-    // beta.4
-    airAccountExtension: "0x20FB2A65a52Fc6507FdD51260f055017a2BA2860",
-    // beta.4
-    agentRegistry: "0xe1320c35485b4d7817866a8d0d8f77dd58202253",
-    // beta.4
-    calldataParserRegistry: "0x076EE45d2a97F70FCb2e45809DC5f9b72BB4883F",
-    uniswapV3Parser: "0x5671810ac8aa1857397870e60232579cfc519515"
-  }
-};
-var AIRACCOUNT_ABI = [
-  // ── Core execution ──
-  "function execute(address dest, uint256 value, bytes calldata func) external",
-  "function executeBatch(address[] calldata dest, uint256[] calldata value, bytes[] calldata func) external",
-  // ── ERC-7579 Module Management (M7.2) ──
-  "function installModule(uint256 moduleTypeId, address module, bytes calldata initData) external",
-  "function uninstallModule(uint256 moduleTypeId, address module, bytes calldata deInitData) external",
-  "function executeFromExecutor(bytes32 mode, bytes calldata executionCalldata) external returns (bytes[] memory returnData)",
-  // ── ERC-7579 Introspection ──
-  "function accountId() external pure returns (string memory)",
-  "function supportsModule(uint256 moduleTypeId) external pure returns (bool)",
-  "function isModuleInstalled(uint256 moduleTypeId, address module, bytes calldata additionalContext) external view returns (bool)",
-  // ── ERC-1271 / ERC-165 ──
-  "function isValidSignature(bytes32 hash, bytes calldata sig) external view returns (bytes4)",
-  "function validateCompositeSignature(bytes32 hash, bytes calldata sig) external returns (uint256)",
-  "function supportsInterface(bytes4 interfaceId) external pure returns (bool)",
-  // ── State readers ──
-  "function owner() external view returns (address)",
-  "function entryPoint() external view returns (address)",
-  "function validator() external view returns (address)",
-  "function guard() external view returns (address)",
-  "function guardianCount() external view returns (uint8)",
-  "function guardians(uint256 index) external view returns (address)",
-  "function p256KeyX() external view returns (bytes32)",
-  "function p256KeyY() external view returns (bytes32)",
-  "function getConfigDescription() external view returns (tuple(address accountOwner, address guardAddress, uint256 dailyLimit, uint256 dailyRemaining, uint256 tier1Limit, uint256 tier2Limit, address[3] guardianAddresses, uint8 guardianCount, bool hasP256Key, bool hasValidator, bool hasAggregator, bool hasActiveRecovery))",
-  // ── Owner / key management ──
-  "function setValidator(address _validator) external",
-  "function setP256Key(bytes32 _x, bytes32 _y) external",
-  "function setTierLimits(uint256 _tier1, uint256 _tier2) external",
-  "function modifyTierLimitsWithGuardians(uint256 _tier1, uint256 _tier2, uint256 deadline, bytes[] calldata guardianSigs) external",
-  // ── Algorithm whitelist (v0.17.2-beta.4: single source of truth on the ACCOUNT, not the guard) ──
-  "function approvedAlgorithms(uint8 algId) external view returns (bool)",
-  "function guardApproveAlgorithm(uint8 algId) external",
-  // ── Social / guardian recovery (F28) ──
-  // Guardian set: owner adds guardians (max 3); removal needs RECOVERY_THRESHOLD guardian sigs.
-  // Recovery lifecycle: a guardian proposes a new owner (starts the timelock), guardians
-  // approve to reach 2-of-3 threshold, then anyone executes after the timelock; guardians
-  // (not the owner) can vote to cancel. See RecoveryService for the full flow.
-  "function addGuardian(address _guardian) external",
-  "function removeGuardian(uint8 index, bytes[] calldata guardianSigs) external",
-  "function proposeRecovery(address _newOwner) external",
-  "function approveRecovery() external",
-  "function cancelRecovery() external",
-  "function executeRecovery() external",
-  "function activeRecovery() external view returns (address newOwner, uint256 proposedAt, uint256 approvalBitmap, uint256 cancellationBitmap)",
-  // ── Weighted-signature governance (algId 0x07) ──
-  // WeightConfig tuple = (passkeyWeight, ecdsaWeight, blsWeight, guardian0Weight,
-  //   guardian1Weight, guardian2Weight, _padding, tier1Threshold, tier2Threshold, tier3Threshold)
-  "function setWeightConfig((uint8 passkeyWeight, uint8 ecdsaWeight, uint8 blsWeight, uint8 guardian0Weight, uint8 guardian1Weight, uint8 guardian2Weight, uint8 _padding, uint8 tier1Threshold, uint8 tier2Threshold, uint8 tier3Threshold) config) external",
-  "function proposeWeightChange((uint8 passkeyWeight, uint8 ecdsaWeight, uint8 blsWeight, uint8 guardian0Weight, uint8 guardian1Weight, uint8 guardian2Weight, uint8 _padding, uint8 tier1Threshold, uint8 tier2Threshold, uint8 tier3Threshold) proposed) external",
-  "function approveWeightChange() external",
-  "function cancelWeightChange() external",
-  "function executeWeightChange() external",
-  "function weightConfig() external view returns (uint8 passkeyWeight, uint8 ecdsaWeight, uint8 blsWeight, uint8 guardian0Weight, uint8 guardian1Weight, uint8 guardian2Weight, uint8 _padding, uint8 tier1Threshold, uint8 tier2Threshold, uint8 tier3Threshold)",
-  "function pendingWeightChange() external view returns ((uint8 passkeyWeight, uint8 ecdsaWeight, uint8 blsWeight, uint8 guardian0Weight, uint8 guardian1Weight, uint8 guardian2Weight, uint8 _padding, uint8 tier1Threshold, uint8 tier2Threshold, uint8 tier3Threshold) proposed, uint256 proposedAt, uint256 approvalBitmap)",
-  // ── ERC-4337 v0.7 bundler entrypoint (v0.17.2-beta.4) ──
-  // Routes a UserOp whose callData starts with the executeUserOp selector to the account,
-  // re-deriving the signature algId in-frame (fixes guard-account bundler gas estimation).
-  // Only an inner execute()/executeBatch() may be wrapped (else reverts UnsupportedInnerSelector).
-  "function executeUserOp((address sender, uint256 nonce, bytes initCode, bytes callData, bytes32 accountGasLimits, uint256 preVerificationGas, bytes32 gasFees, bytes paymasterAndData, bytes signature) userOp, bytes32 userOpHash) external",
-  // ── Events ──
-  "event ModuleInstalled(uint256 indexed moduleTypeId, address indexed module)",
-  "event ModuleUninstalled(uint256 indexed moduleTypeId, address indexed module)",
-  "event OwnerChanged(address indexed oldOwner, address indexed newOwner)",
-  "event RecoveryProposed(address indexed newOwner, address indexed proposedBy)",
-  "event RecoveryExecuted(address indexed oldOwner, address indexed newOwner)"
-];
-var AIRACCOUNT_FACTORY_ABI = [
-  // Full config creation
-  "function createAccount(address owner, uint256 salt, (address[3] guardians, uint256 dailyLimit, uint8[] approvedAlgIds, uint256 minDailyLimit, address[] initialTokens, (uint256 tier1Limit, uint256 tier2Limit, uint256 dailyLimit)[] initialTokenConfigs) config) external returns (address)",
-  "function getAddress(address owner, uint256 salt, (address[3] guardians, uint256 dailyLimit, uint8[] approvedAlgIds, uint256 minDailyLimit, address[] initialTokens, (uint256 tier1Limit, uint256 tier2Limit, uint256 dailyLimit)[] initialTokenConfigs) config) external view returns (address)",
-  // Default guardian setup (requires guardian acceptance sigs — M5.3+)
-  "function createAccountWithDefaults(address owner, uint256 salt, address guardian1, bytes guardian1Sig, address guardian2, bytes guardian2Sig, uint256 dailyLimit) external returns (address)",
-  "function getAddressWithDefaults(address owner, uint256 salt, address guardian1, address guardian2, uint256 dailyLimit) external view returns (address)",
-  // Agent-account creation (V7: agentKey + human-guardian2 co-owned account, registered in AgentRegistry)
-  "function createAgentAccount(address agentKey, bytes32 agentId, address guardian2, bytes guardian2Sig, bytes agentKeySig, uint48 deadline, uint256 dailyLimit) external returns (address account)",
-  "function getAgentAddress(address humanOwner, address agentKey, bytes32 agentId) external view returns (address)",
-  "function setAgentRegistry(address _agentRegistry) external",
-  "function agentRegistry() external view returns (address)",
-  // M7 immutable state
-  "function implementation() external view returns (address)",
-  "function entryPoint() external view returns (address)",
-  "function defaultCommunityGuardian() external view returns (address)",
-  "function defaultValidatorModule() external view returns (address)",
-  "function defaultHookModule() external view returns (address)",
-  // M7.4 ERC-7828 chain-qualified address helpers
-  "function getChainQualifiedAddress(address account) external view returns (bytes32)",
-  "function getAddressWithChainId(address owner, uint256 salt, (address[3] guardians, uint256 dailyLimit, uint8[] approvedAlgIds, uint256 minDailyLimit, address[] initialTokens, (uint256 tier1Limit, uint256 tier2Limit, uint256 dailyLimit)[] initialTokenConfigs) config) external view returns (address account, bytes32 chainQualified)",
-  // Events
-  "event AccountCreated(address indexed account, address indexed owner, uint256 salt)"
-];
-var GLOBAL_GUARD_ABI = [
-  "function remainingDailyAllowance() external view returns (uint256)",
-  "function dailyLimit() external view returns (uint256)",
-  "function account() external view returns (address)",
-  // Spend accounting (record* — algId dropped from the ETH path; kept for per-token tier math)
-  "function recordSpend(uint256 value) external returns (bool)",
-  "function recordTokenSpend(address token, uint256 amount, uint8 algId) external returns (bool)"
-];
-var ERC20_ABI = [
-  "function name() view returns (string)",
-  "function symbol() view returns (string)",
-  "function decimals() view returns (uint8)",
-  "function totalSupply() view returns (uint256)",
-  "function balanceOf(address owner) view returns (uint256)",
-  "function transfer(address to, uint256 amount) returns (bool)",
-  "function allowance(address owner, address spender) view returns (uint256)",
-  "function approve(address spender, uint256 amount) returns (bool)"
-];
-var AGENT_SESSION_KEY_VALIDATOR_ABI = [
-  // ERC-7579 lifecycle
-  "function onInstall(bytes calldata data) external",
-  "function onUninstall(bytes calldata data) external",
-  "function isInitialized(address smartAccount) external view returns (bool)",
-  // Session management
-  "function grantAgentSession(address sessionKey, (uint48 expiry, uint16 velocityLimit, uint32 velocityWindow, bool revoked, address[] callTargets, bytes4[] selectorAllowlist) cfg) external",
-  "function delegateSession(address account, address subKey, (uint48 expiry, uint16 velocityLimit, uint32 velocityWindow, bool revoked, address[] callTargets, bytes4[] selectorAllowlist) subCfg) external",
-  "function revokeAgentSession(address sessionKey) external",
-  // Validation
-  "function validateUserOp((address sender, uint256 nonce, bytes initCode, bytes callData, bytes32 accountGasLimits, uint256 preVerificationGas, bytes32 gasFees, bytes paymasterAndData, bytes signature) userOp, bytes32 userOpHash) external returns (uint256 validationData)",
-  "function isValidSignatureWithSender(address sender, bytes32 hash, bytes calldata data) external pure returns (bytes4)",
-  // Enforcement
-  "function enforceSessionScope(address account, address sessionKey, address callTarget, bytes4 selector) external view",
-  // State readers
-  "function agentSessions(address account, address sessionKey) external view returns (uint48 expiry, uint16 velocityLimit, uint32 velocityWindow, bool revoked, address[] memory callTargets, bytes4[] memory selectorAllowlist)",
-  "function sessionStates(address account, address sessionKey) external view returns (uint256 callCount, uint256 windowStart)",
-  "function sessionKeyOwner(address sessionKey) external view returns (address)",
-  "function delegatedBy(address account, address subKey) external view returns (address parentKey)",
-  // Events
-  "event AgentSessionGranted(address indexed account, address indexed sessionKey, uint48 expiry)",
-  "event AgentSessionRevoked(address indexed account, address indexed sessionKey)",
-  "event AgentSessionDelegated(address indexed parentAccount, address indexed parentKey, address indexed subKey, uint48 expiry)"
-];
-var TIER_GUARD_HOOK_ABI = [
-  // ERC-7579 lifecycle
-  "function onInstall(bytes calldata data) external",
-  "function onUninstall(bytes calldata data) external",
-  "function isInitialized(address smartAccount) external view returns (bool)",
-  // ERC-7579 Hook interface
-  "function preCheck(address msgSender, uint256 msgValue, bytes calldata msgData) external returns (bytes memory hookData)",
-  "function postCheck(bytes calldata hookData) external",
-  // State readers
-  "function accountGuard(address account) external view returns (address)",
-  "function accountTier1(address account) external view returns (uint256)",
-  "function accountTier2(address account) external view returns (uint256)"
-];
-var AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI = [
-  // ERC-7579 lifecycle
-  "function onInstall(bytes calldata data) external",
-  "function onUninstall(bytes calldata data) external",
-  "function isInitialized(address smartAccount) external view returns (bool)",
-  // ERC-7579 Validator interface
-  "function validateUserOp((address sender, uint256 nonce, bytes initCode, bytes callData, bytes32 accountGasLimits, uint256 preVerificationGas, bytes32 gasFees, bytes paymasterAndData, bytes signature) userOp, bytes32 userOpHash) external returns (uint256 validationData)",
-  "function isValidSignatureWithSender(address sender, bytes32 hash, bytes calldata data) external view returns (bytes4 magicValue)"
-];
-var FORCE_EXIT_MODULE_ABI = [
-  // ERC-7579 lifecycle
-  "function onInstall(bytes calldata data) external",
-  "function onUninstall(bytes calldata data) external",
-  "function isInitialized(address smartAccount) external view returns (bool)",
-  // Force exit flow
-  "function proposeForceExit(address target, uint256 value, bytes calldata data) external",
-  "function approveForceExit(address account, bytes calldata guardianSig) external",
-  "function executeForceExit(address account) external",
-  "function cancelForceExit(address account) external",
-  // State readers
-  "function accountL2Type(address account) external view returns (uint8)",
-  "function getPendingExit(address account) external view returns (address target, uint256 value, bytes memory data, uint256 proposedAt, uint256 approvalBitmap, address[3] memory guardians)",
-  // Events
-  "event ExitProposed(address indexed account, address indexed target, uint256 value)",
-  "event ExitApproved(address indexed account, address indexed guardian, uint256 bitmap)",
-  "event ExitExecuted(address indexed account, address indexed target, uint256 value)",
-  "event ExitCancelled(address indexed account)"
-];
-var MODULE_TYPE = {
-  VALIDATOR: 1,
-  EXECUTOR: 2,
-  FALLBACK: 3,
-  HOOK: 4
-};
-var ALG_ID = {
-  BLS: 1,
-  ECDSA: 2,
-  P256: 3,
-  CUMULATIVE_T2: 4,
-  // P256 + BLS
-  CUMULATIVE_T3: 5,
-  // P256 + BLS + Guardian ECDSA
-  COMBINED_T1: 6,
-  // P256 AND ECDSA simultaneously
-  WEIGHTED: 7,
-  // Weighted multi-signature
-  SESSION_KEY: 8,
-  // Time-limited session key (SessionKeyValidator)
-  AGENT_SESSION_KEY: 9
-  // AI agent session key (AgentSessionKeyValidator)
-};
-var SESSION_KEY_VALIDATOR_ABI = [
-  // Session struct (8 fields) — authoritative tuple shape from
-  // airaccount-contract/src/validators/SessionKeyValidator.sol and
-  // packages/core/src/abis/SessionKeyValidator.json. The grant/build/read
-  // functions take/return this tuple as a single arg — NOT flat params.
-  // Canonical tuple type: (uint48,address,bytes4,bool,uint16,uint32,address[],bytes4[])
-  // ECDSA session key
-  "function grantSession(address account, address sessionKey, (uint48 expiry, address contractScope, bytes4 selectorScope, bool revoked, uint16 velocityLimit, uint32 velocityWindow, address[] callTargets, bytes4[] selectorAllowlist) cfg, bytes calldata ownerSig) external",
-  "function grantSessionDirect(address account, address sessionKey, (uint48 expiry, address contractScope, bytes4 selectorScope, bool revoked, uint16 velocityLimit, uint32 velocityWindow, address[] callTargets, bytes4[] selectorAllowlist) cfg) external",
-  "function revokeSession(address account, address sessionKey) external",
-  "function isSessionActive(address account, address sessionKey) external view returns (bool)",
-  "function getSession(address account, address sessionKey) external view returns ((uint48 expiry, address contractScope, bytes4 selectorScope, bool revoked, uint16 velocityLimit, uint32 velocityWindow, address[] callTargets, bytes4[] selectorAllowlist))",
-  "function buildGrantHash(address account, address sessionKey, (uint48 expiry, address contractScope, bytes4 selectorScope, bool revoked, uint16 velocityLimit, uint32 velocityWindow, address[] callTargets, bytes4[] selectorAllowlist) cfg) external view returns (bytes32)",
-  // P256 session key
-  "function grantP256Session(address account, bytes32 p256KeyX, bytes32 p256KeyY, (uint48 expiry, address contractScope, bytes4 selectorScope, bool revoked, uint16 velocityLimit, uint32 velocityWindow, address[] callTargets, bytes4[] selectorAllowlist) cfg, bytes calldata ownerSig) external",
-  "function grantP256SessionDirect(address account, bytes32 p256KeyX, bytes32 p256KeyY, (uint48 expiry, address contractScope, bytes4 selectorScope, bool revoked, uint16 velocityLimit, uint32 velocityWindow, address[] callTargets, bytes4[] selectorAllowlist) cfg) external",
-  "function revokeP256Session(address account, bytes32 p256KeyX, bytes32 p256KeyY) external",
-  "function isP256SessionActive(address account, bytes32 p256KeyX, bytes32 p256KeyY) external view returns (bool)",
-  "function getP256Session(address account, bytes32 p256KeyHash) external view returns ((uint48 expiry, address contractScope, bytes4 selectorScope, bool revoked, uint16 velocityLimit, uint32 velocityWindow, address[] callTargets, bytes4[] selectorAllowlist))",
-  "function buildP256GrantHash(address account, bytes32 p256KeyX, bytes32 p256KeyY, (uint48 expiry, address contractScope, bytes4 selectorScope, bool revoked, uint16 velocityLimit, uint32 velocityWindow, address[] callTargets, bytes4[] selectorAllowlist) cfg) external view returns (bytes32)",
-  // Events
-  "event SessionGranted(address indexed account, address indexed sessionKey, uint48 expiry, address contractScope, bytes4 selectorScope)",
-  "event SessionRevoked(address indexed account, address indexed sessionKey)",
-  "event P256SessionGranted(address indexed account, bytes32 indexed p256KeyHash, uint48 expiry)",
-  "event P256SessionRevoked(address indexed account, bytes32 indexed p256KeyHash)"
-];
-var CALLDATA_PARSER_REGISTRY_ABI = [
-  "function registerParser(address dest, address parser) external",
-  "function getParser(address dest) external view returns (address)",
-  "function transferOwnership(address newOwner) external",
-  "function parserFor(address dest) external view returns (address)",
-  "event ParserRegistered(address indexed dest, address indexed parser)",
-  "event OwnershipTransferred(address indexed previousOwner, address indexed newOwner)"
-];
-var AIR_ACCOUNT_DELEGATE_ABI = [
-  // EIP-7702 初始化（仅限 EOA 自身调用）
-  "function initialize(address guardian1, bytes calldata g1Sig, address guardian2, bytes calldata g2Sig, uint256 dailyLimit) external",
-  // ERC-4337 执行
-  "function validateUserOp((address sender, uint256 nonce, bytes initCode, bytes callData, bytes32 accountGasLimits, uint256 preVerificationGas, bytes32 gasFees, bytes paymasterAndData, bytes signature) userOp, bytes32 userOpHash, uint256 missingAccountFunds) external returns (uint256)",
-  "function execute(address dest, uint256 value, bytes calldata data) external",
-  "function executeBatch(address[] calldata dest, uint256[] calldata value, bytes[] calldata data) external",
-  // 社会恢复（Rescue，EIP-7702 术语避免与 AirAccount Recovery 混淆）
-  "function initiateRescue(address rescueTo) external",
-  "function approveRescue() external",
-  "function executeRescue() external",
-  // Events
-  "event DelegateInitialized(address indexed eoa, address guard, address g1, address g2)",
-  "event RescueInitiated(address indexed eoa, address rescueTo, address indexed initiator)",
-  "event RescueApproved(address indexed eoa, address indexed guardian, uint8 approvals)",
-  "event RescueExecuted(address indexed eoa, address rescueTo, uint256 ethAmount)",
-  "event RescueCancelled(address indexed eoa)"
-];
-function sepoliaV07Config(version = "M7") {
-  const factoryAddress = version === "M5" ? AIRACCOUNT_ADDRESSES.sepolia.factoryM5 : version === "M7r6" ? AIRACCOUNT_ADDRESSES.sepolia.factoryM7r6 : AIRACCOUNT_ADDRESSES.sepolia.factory;
-  return {
-    entryPointAddress: ENTRYPOINT_ADDRESSES[
-      "0.7"
-      /* V0_7 */
-    ].sepolia,
-    factoryAddress,
-    validatorAddress: AIRACCOUNT_ADDRESSES.sepolia.validatorRouter
-  };
-}
-function validateConfig(config) {
-  if (!config.rpcUrl) {
-    throw new Error("ServerConfig: rpcUrl is required");
-  }
-  if (!config.bundlerRpcUrl) {
-    throw new Error("ServerConfig: bundlerRpcUrl is required");
-  }
-  if (!config.chainId) {
-    throw new Error("ServerConfig: chainId is required");
-  }
-  const { entryPoints } = config;
-  if (!entryPoints || !entryPoints.v06 && !entryPoints.v07 && !entryPoints.v08) {
-    throw new Error("ServerConfig: at least one entryPoint version must be configured");
-  }
-  for (const [key, ep] of Object.entries(entryPoints)) {
-    if (ep) {
-      if (!ep.entryPointAddress) {
-        throw new Error(`ServerConfig: entryPoints.${key}.entryPointAddress is required`);
-      }
-      if (!ep.factoryAddress) {
-        throw new Error(`ServerConfig: entryPoints.${key}.factoryAddress is required`);
-      }
-      if (!ep.validatorAddress) {
-        throw new Error(`ServerConfig: entryPoints.${key}.validatorAddress is required`);
-      }
-    }
-  }
-  if (!config.storage) {
-    throw new Error("ServerConfig: storage adapter is required");
-  }
-  if (!config.signer) {
-    throw new Error("ServerConfig: signer adapter is required");
-  }
-}
-var ConsoleLogger = class {
-  constructor(prefix = "[YAAA]") {
-    this.prefix = prefix;
-  }
-  debug(message, ...args) {
-    console.debug(`${this.prefix} ${message}`, ...args);
-  }
-  log(message, ...args) {
-    console.log(`${this.prefix} ${message}`, ...args);
-  }
-  warn(message, ...args) {
-    console.warn(`${this.prefix} ${message}`, ...args);
-  }
-  error(message, ...args) {
-    console.error(`${this.prefix} ${message}`, ...args);
-  }
-};
-var SilentLogger = class {
-  debug() {
-  }
-  log() {
-  }
-  warn() {
-  }
-  error() {
-  }
-};
-var EthereumProvider = class {
-  provider;
-  bundlerProvider;
-  config;
-  logger;
-  constructor(config) {
-    this.config = config;
-    this.logger = config.logger ?? new ConsoleLogger("[EthereumProvider]");
-    this.provider = new ethers.JsonRpcProvider(config.rpcUrl);
-    this.bundlerProvider = new ethers.JsonRpcProvider(config.bundlerRpcUrl);
-  }
-  getProvider() {
-    return this.provider;
-  }
-  getBundlerProvider() {
-    return this.bundlerProvider;
-  }
-  // ── Config helpers ──────────────────────────────────────────────
-  getVersionConfig(version) {
-    const map = {
-      [
-        "0.6"
-        /* V0_6 */
-      ]: this.config.entryPoints.v06,
-      [
-        "0.7"
-        /* V0_7 */
-      ]: this.config.entryPoints.v07,
-      [
-        "0.8"
-        /* V0_8 */
-      ]: this.config.entryPoints.v08
-    };
-    const versionConfig = map[version];
-    if (!versionConfig) {
-      throw new Error(`EntryPoint version ${version} is not configured`);
-    }
-    return versionConfig;
-  }
-  getEntryPointAddress(version) {
-    return this.getVersionConfig(version).entryPointAddress;
-  }
-  getFactoryAddress(version) {
-    return this.getVersionConfig(version).factoryAddress;
-  }
-  getValidatorAddress(version) {
-    return this.getVersionConfig(version).validatorAddress;
-  }
-  getDefaultVersion() {
-    const v = this.config.defaultVersion;
-    if (v === "0.7") return "0.7";
-    if (v === "0.8") return "0.8";
-    return "0.6";
-  }
-  // ── Contract factories ──────────────────────────────────────────
-  getFactoryContract(version = "0.6") {
-    const address = this.getFactoryAddress(version);
-    const abi = version === "0.6" ? FACTORY_ABI_V6 : AIRACCOUNT_FACTORY_ABI;
-    return new ethers.Contract(address, abi, this.provider);
-  }
-  getEntryPointContract(version = "0.6") {
-    const address = this.getEntryPointAddress(version);
-    const abi = version === "0.6" ? ENTRYPOINT_ABI_V6 : ENTRYPOINT_ABI_V7_V8;
-    return new ethers.Contract(address, abi, this.provider);
-  }
-  getValidatorContract(version = "0.6") {
-    const address = this.getValidatorAddress(version);
-    return new ethers.Contract(address, VALIDATOR_ABI, this.provider);
-  }
-  getAccountContract(address) {
-    return new ethers.Contract(address, AIRACCOUNT_ABI, this.provider);
-  }
-  // ── M7 Module contracts ─────────────────────────────────────────
-  // M7 r4 module helpers — addresses renamed to *M7r4 suffix in beta.3 to avoid ambiguity.
-  // These methods are retained for backwards compatibility; callers should pass an explicit address.
-  getAgentSessionKeyValidatorContract(address = AIRACCOUNT_ADDRESSES.sepolia.agentSessionKeyValidatorM7r4) {
-    return new ethers.Contract(address, AGENT_SESSION_KEY_VALIDATOR_ABI, this.provider);
-  }
-  getTierGuardHookContract(address = AIRACCOUNT_ADDRESSES.sepolia.tierGuardHookM7r4) {
-    return new ethers.Contract(address, TIER_GUARD_HOOK_ABI, this.provider);
-  }
-  getCompositeValidatorContract(address = AIRACCOUNT_ADDRESSES.sepolia.compositeValidatorM7r4) {
-    return new ethers.Contract(address, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, this.provider);
-  }
-  getForceExitModuleContract(address) {
-    return new ethers.Contract(address, FORCE_EXIT_MODULE_ABI, this.provider);
-  }
-  // ── On-chain queries ────────────────────────────────────────────
-  async getBalance(address) {
-    const balance = await this.provider.getBalance(address);
-    return ethers.formatEther(balance);
-  }
-  async getNonce(accountAddress, key = 0, version = "0.6") {
-    const entryPoint = this.getEntryPointContract(version);
-    return await entryPoint.getNonce(accountAddress, key);
-  }
-  async getUserOpHash(userOp, version = "0.6") {
-    const entryPoint = this.getEntryPointContract(version);
-    if (version === "0.6") {
-      const op = userOp;
-      const userOpArray = [
-        op.sender,
-        op.nonce,
-        op.initCode || "0x",
-        op.callData,
-        op.callGasLimit,
-        op.verificationGasLimit,
-        op.preVerificationGas,
-        op.maxFeePerGas,
-        op.maxPriorityFeePerGas,
-        op.paymasterAndData || "0x",
-        "0x"
-        // Always use empty signature for hash calculation
-      ];
-      return await entryPoint.getUserOpHash(userOpArray);
-    } else {
-      const packedOp = userOp;
-      const packedOpArray = [
-        packedOp.sender,
-        packedOp.nonce,
-        packedOp.initCode || "0x",
-        packedOp.callData,
-        packedOp.accountGasLimits,
-        packedOp.preVerificationGas,
-        packedOp.gasFees,
-        packedOp.paymasterAndData || "0x",
-        "0x"
-      ];
-      return await entryPoint.getUserOpHash(packedOpArray);
-    }
-  }
-  // ── Bundler RPC ─────────────────────────────────────────────────
-  async estimateUserOperationGas(userOp, version = "0.6") {
-    try {
-      return await this.bundlerProvider.send("eth_estimateUserOperationGas", [
-        userOp,
-        this.getEntryPointAddress(version)
-      ]);
-    } catch {
-      return {
-        callGasLimit: "0x249f0",
-        verificationGasLimit: "0x3d0900",
-        // 4M — enough for M4 factory deployment + BLS verification
-        preVerificationGas: "0x11170"
-      };
-    }
-  }
-  async sendUserOperation(userOp, version = "0.6") {
-    return await this.bundlerProvider.send("eth_sendUserOperation", [
-      userOp,
-      this.getEntryPointAddress(version)
-    ]);
-  }
-  async getUserOperationReceipt(userOpHash) {
-    return await this.bundlerProvider.send("eth_getUserOperationReceipt", [userOpHash]);
-  }
-  async waitForUserOp(userOpHash, maxAttempts = 60) {
-    const pollInterval = 2e3;
-    for (let attempt = 0; attempt < maxAttempts; attempt++) {
-      try {
-        const receipt = await this.getUserOperationReceipt(userOpHash);
-        if (receipt) {
-          const txHash = receipt.transactionHash || receipt.receipt?.transactionHash;
-          if (txHash) return txHash;
-        }
-      } catch {
-      }
-      await new Promise((resolve) => setTimeout(resolve, pollInterval));
-    }
-    throw new Error(`UserOp timeout: ${userOpHash}`);
-  }
-  async getUserOperationGasPrice() {
-    try {
-      const gasPrice = await this.bundlerProvider.send("pimlico_getUserOperationGasPrice", []);
-      return {
-        maxFeePerGas: gasPrice.fast.maxFeePerGas,
-        maxPriorityFeePerGas: gasPrice.fast.maxPriorityFeePerGas
-      };
-    } catch {
-      try {
-        const feeData = await this.provider.getFeeData();
-        const baseFee = feeData.maxFeePerGas || ethers.parseUnits("20", "gwei");
-        const priorityFee = feeData.maxPriorityFeePerGas || ethers.parseUnits("2", "gwei");
-        const maxFeePerGas = baseFee * 3n / 2n;
-        const maxPriorityFeePerGas = priorityFee * 3n / 2n;
-        return {
-          maxFeePerGas: "0x" + maxFeePerGas.toString(16),
-          maxPriorityFeePerGas: "0x" + maxPriorityFeePerGas.toString(16)
-        };
-      } catch {
-        return {
-          maxFeePerGas: "0x" + ethers.parseUnits("3", "gwei").toString(16),
-          maxPriorityFeePerGas: "0x" + ethers.parseUnits("1", "gwei").toString(16)
-        };
-      }
-    }
-  }
-};
-var AccountManager = class {
-  constructor(ethereum, storage, signer, logger) {
-    this.ethereum = ethereum;
-    this.storage = storage;
-    this.signer = signer;
-    this.logger = logger ?? new ConsoleLogger("[AccountManager]");
-  }
-  logger;
-  async createAccount(userId, options) {
-    const version = options?.entryPointVersion ?? this.ethereum.getDefaultVersion();
-    const versionStr = version;
-    const existingAccounts = await this.storage.getAccounts();
-    const existing = existingAccounts.find(
-      (a) => a.userId === userId && a.entryPointVersion === versionStr
-    );
-    if (existing) return existing;
-    const factory = this.ethereum.getFactoryContract(version);
-    const validatorAddress = this.ethereum.getValidatorContract(version).target || this.ethereum.getValidatorAddress(version);
-    const { address: signerAddress } = await this.signer.ensureSigner(userId);
-    const salt = options?.salt ?? Math.floor(Math.random() * 1e6);
-    const dailyLimitValue = options?.dailyLimit ?? 0n;
-    const minimalConfig = [
-      [ethers.ZeroAddress, ethers.ZeroAddress, ethers.ZeroAddress],
-      // guardians (address[3])
-      dailyLimitValue,
-      // dailyLimit (0 = no guard)
-      [],
-      // approvedAlgIds
-      0n,
-      // minDailyLimit
-      [],
-      // initialTokens
-      []
-      // initialTokenConfigs
-    ];
-    const accountAddress = await factory.getFunction("getAddress")(signerAddress, salt, minimalConfig);
-    let deployed = false;
-    try {
-      const code = await this.ethereum.getProvider().getCode(accountAddress);
-      deployed = code !== "0x";
-    } catch {
-    }
-    const account = {
-      userId,
-      address: accountAddress,
-      signerAddress,
-      salt,
-      deployed,
-      deploymentTxHash: null,
-      validatorAddress,
-      entryPointVersion: versionStr,
-      factoryAddress: factory.target || this.ethereum.getFactoryAddress(version),
-      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-      // Persist dailyLimit so buildUserOperation can reconstruct identical initCode at deploy time.
-      ...dailyLimitValue > 0n ? { dailyLimit: dailyLimitValue.toString() } : {}
-    };
-    await this.storage.saveAccount(account);
-    return account;
-  }
-  async getAccount(userId) {
-    const account = await this.storage.findAccountByUserId(userId);
-    if (!account) return null;
-    let balance = "0";
-    try {
-      balance = await this.ethereum.getBalance(account.address);
-    } catch {
-    }
-    const version = account.entryPointVersion || "0.6";
-    const nonce = await this.ethereum.getNonce(account.address, 0, version);
-    return { ...account, balance, nonce: nonce.toString() };
-  }
-  async getAccountAddress(userId) {
-    const account = await this.storage.findAccountByUserId(userId);
-    if (!account) throw new Error("Account not found");
-    return account.address;
-  }
-  async getAccountBalance(userId) {
-    const account = await this.storage.findAccountByUserId(userId);
-    if (!account) throw new Error("Account not found");
-    const balance = await this.ethereum.getBalance(account.address);
-    return {
-      address: account.address,
-      balance,
-      balanceInWei: ethers.parseEther(balance).toString()
-    };
-  }
-  async getAccountNonce(userId) {
-    const account = await this.storage.findAccountByUserId(userId);
-    if (!account) throw new Error("Account not found");
-    const nonce = await this.ethereum.getNonce(account.address);
-    return { address: account.address, nonce: nonce.toString() };
-  }
-  async getAccountByUserId(userId) {
-    return this.storage.findAccountByUserId(userId);
-  }
-  /**
-   * Build the acceptance hash that guardian devices must sign before account creation.
-   *
-   * Encoding: keccak256(solidityPacked(
-   *   ["string","uint256","address","address","uint256","uint256"],
-   *   ["ACCEPT_GUARDIAN", chainId, factoryAddress, owner, salt, dailyLimit]
-   * ))
-   *
-   * dailyLimit is bound in the hash (PR #47 / C-3) to prevent a front-runner from
-   * replaying guardian sigs with a weaker limit on the same counterfactual address.
-   *
-   * Returns the RAW keccak256 hash (no EIP-191 prefix).
-   * Guardians MUST sign via personal_sign / ethers.signMessage(ethers.getBytes(hash)).
-   * Do NOT use eth_sign — the EIP-191 "\x19Ethereum Signed Message:\n32" prefix
-   * is applied inside the contract (toEthSignedMessageHash) before ecrecover, not here.
-   *
-   * @returns raw hex keccak256 hash — encode this into the QR code shown to guardian devices
-   */
-  buildGuardianAcceptanceHash(owner, salt, factoryAddress, chainId, dailyLimit) {
-    if (typeof salt === "number" && !Number.isSafeInteger(salt)) {
-      throw new Error(
-        `salt value ${salt} exceeds Number.MAX_SAFE_INTEGER; pass as bigint to avoid precision loss`
-      );
-    }
-    return ethers.keccak256(
-      ethers.solidityPacked(
-        ["string", "uint256", "address", "address", "uint256", "uint256"],
-        ["ACCEPT_GUARDIAN", chainId, factoryAddress, owner, salt, dailyLimit]
-      )
-    );
-  }
-  /**
-   * Encode calldata for modifyTierLimitsWithGuardians() — guardian-gated tier-limit change (PR #43).
-   *
-   * Both tier1 and tier2 can be raised or lowered, subject to guardian approval.
-   * Caller is responsible for building and submitting the resulting UserOp.
-   *
-   * @param tier1        New Tier-1 ceiling in wei (ECDSA-only spending; 0 = no limit)
-   * @param tier2        New Tier-2 ceiling in wei (dual-factor; 0 = no limit)
-   * @param deadline     Unix timestamp — guardian sigs rejected after this
-   * @param guardianSigs 65-byte EIP-191 hex signatures from required guardians
-   */
-  encodeModifyTierLimits(tier1, tier2, deadline, guardianSigs) {
-    const iface = new ethers.Interface(AIRACCOUNT_ABI);
-    return iface.encodeFunctionData("modifyTierLimitsWithGuardians", [
-      tier1,
-      tier2,
-      deadline,
-      guardianSigs
-    ]);
-  }
-  /**
-   * Create an AirAccount with 3 on-chain guardians:
-   *   - guardian1 and guardian2: user's own devices (passkeys on phone 1 and phone 2)
-   *   - guardian3: team Safe multisig (defaultCommunityGuardian, set in factory at deploy time)
-   *
-   * Both guardian1 and guardian2 must sign the acceptance hash produced by
-   * buildGuardianAcceptanceHash() before this method is called.
-   *
-   * Recovery: any 2-of-3 guardians can initiate social recovery after a 48h timelock.
-   */
-  async createAccountWithGuardians(userId, params) {
-    if (params.guardian1.toLowerCase() === params.guardian2.toLowerCase()) {
-      throw new Error("guardian1 and guardian2 must be different addresses");
-    }
-    if (params.dailyLimit <= 0n) {
-      throw new Error("Guardian accounts require dailyLimit > 0 (on-chain enforcement)");
-    }
-    const version = params.entryPointVersion ?? this.ethereum.getDefaultVersion();
-    if (version === "0.6") {
-      throw new Error(
-        "createAccountWithGuardians requires EntryPoint v0.7 or v0.8; v0.6 factory does not support getAddressWithDefaults"
-      );
-    }
-    const versionStr = version;
-    const existingAccounts = await this.storage.getAccounts();
-    const existing = existingAccounts.find(
-      (a) => a.userId === userId && a.entryPointVersion === versionStr && a.guardian1
-    );
-    if (existing) return existing;
-    const { address: signerAddress } = await this.signer.ensureSigner(userId);
-    const salt = params.salt ?? Math.floor(Math.random() * 1e6);
-    const factory = this.ethereum.getFactoryContract(version);
-    const factoryAddress = factory.target ?? this.ethereum.getFactoryAddress(version);
-    const accountAddress = await factory.getFunction("getAddressWithDefaults")(
-      signerAddress,
-      salt,
-      params.guardian1,
-      params.guardian2,
-      params.dailyLimit
-    );
-    let deployed = false;
-    try {
-      const code = await this.ethereum.getProvider().getCode(accountAddress);
-      deployed = code !== "0x";
-    } catch {
-    }
-    const validatorAddress = this.ethereum.getValidatorAddress(version);
-    const account = {
-      userId,
-      address: accountAddress,
-      signerAddress,
-      salt,
-      deployed,
-      deploymentTxHash: null,
-      validatorAddress,
-      entryPointVersion: versionStr,
-      factoryAddress,
-      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-      // Persist dailyLimit so transfer-manager can reconstruct identical initCode at deploy time.
-      ...params.dailyLimit > 0n ? { dailyLimit: params.dailyLimit.toString() } : {},
-      // Persist guardian addresses and sigs so transfer-manager can use createAccountWithDefaults
-      // to reconstruct the correct initCode on first UserOp deployment.
-      guardian1: params.guardian1,
-      guardian1Sig: params.guardian1Sig,
-      guardian2: params.guardian2,
-      guardian2Sig: params.guardian2Sig
-    };
-    await this.storage.saveAccount(account);
-    this.logger.log(`[AccountManager] account created with guardians: ${accountAddress}`);
-    return account;
-  }
-};
-var EXECUTE_USER_OP_SELECTOR = ethers.id("executeUserOp((address,uint256,bytes,bytes,bytes32,uint256,bytes32,bytes,bytes),bytes32)").slice(0, 10);
-var EXECUTE_SELECTOR = ethers.id("execute(address,uint256,bytes)").slice(0, 10);
-var EXECUTE_BATCH_SELECTOR = ethers.id("executeBatch(address[],uint256[],bytes[])").slice(0, 10);
-function wrapExecuteUserOp(innerCallData) {
-  if (!/^0x[0-9a-fA-F]*$/.test(innerCallData) || innerCallData.length < 10) {
-    throw new Error("wrapExecuteUserOp: innerCallData must be 0x-prefixed calldata with a 4-byte selector");
-  }
-  const sel = innerCallData.slice(0, 10).toLowerCase();
-  if (sel !== EXECUTE_SELECTOR && sel !== EXECUTE_BATCH_SELECTOR) {
-    throw new Error(
-      `wrapExecuteUserOp: only execute()/executeBatch() may be wrapped (got selector ${sel}); the account reverts UnsupportedInnerSelector otherwise`
-    );
-  }
-  return ethers.concat([EXECUTE_USER_OP_SELECTOR, innerCallData]);
-}
-function isExecuteUserOpWrapped(callData) {
-  return callData.slice(0, 10).toLowerCase() === EXECUTE_USER_OP_SELECTOR;
-}
-var PaymasterPriceStalenessError = class extends Error {
-  constructor(paymasterAddress, ageSeconds, thresholdSeconds) {
-    super(
-      `Paymaster ${paymasterAddress} price is stale (age: ${Math.floor(ageSeconds / 60)}min, threshold: ${Math.floor(thresholdSeconds / 60)}min). Call updatePrice() on the paymaster contract before retrying.`
-    );
-    this.paymasterAddress = paymasterAddress;
-    this.ageSeconds = ageSeconds;
-    this.thresholdSeconds = thresholdSeconds;
-    this.name = "PaymasterPriceStalenessError";
-  }
-};
-var PAYMASTER_PRICE_ABI = [
-  "function token() view returns (address)",
-  "function cachedPriceTimestamp() view returns (uint256)",
-  "function priceStalenessThreshold() view returns (uint256)",
-  "function updatePrice() external"
-];
-var PaymasterManager = class {
-  constructor(ethereum, storage, logger) {
-    this.ethereum = ethereum;
-    this.storage = storage;
-    this.logger = logger ?? new ConsoleLogger("[PaymasterManager]");
-  }
-  logger;
-  async getAvailablePaymasters(userId) {
-    const paymasters = await this.storage.getPaymasters(userId);
-    return paymasters.map((config) => ({
-      name: config.name,
-      address: config.address,
-      configured: !!config.address && config.address !== "0x"
-    }));
-  }
-  async addCustomPaymaster(userId, name, address, type = "custom", apiKey, endpoint) {
-    const paymaster = {
-      id: `${userId}-${name}-${Date.now()}`,
-      name,
-      address,
-      type,
-      apiKey,
-      endpoint,
-      createdAt: (/* @__PURE__ */ new Date()).toISOString()
-    };
-    await this.storage.savePaymaster(userId, paymaster);
-  }
-  async removeCustomPaymaster(userId, name) {
-    return this.storage.removePaymaster(userId, name);
-  }
-  /**
-   * Check whether a paymaster's on-chain price cache is still fresh.
-   * Returns `{ fresh, ageSeconds, thresholdSeconds }`.
-   * Throws if the contract does not implement `cachedPriceTimestamp()` / `priceStalenessThreshold()`.
-   */
-  async checkPriceFreshness(paymasterAddress) {
-    const provider = this.ethereum.getProvider();
-    const contract = new ethers.Contract(paymasterAddress, PAYMASTER_PRICE_ABI, provider);
-    const [timestamp, threshold] = await Promise.all([
-      contract.cachedPriceTimestamp(),
-      contract.priceStalenessThreshold()
-    ]);
-    const nowSeconds = Math.floor(Date.now() / 1e3);
-    const ageSeconds = nowSeconds - Number(timestamp);
-    const thresholdSeconds = Number(threshold);
-    return {
-      fresh: ageSeconds <= thresholdSeconds,
-      ageSeconds,
-      thresholdSeconds
-    };
-  }
-  /**
-   * Call `updatePrice()` on a paymaster contract (permissionless).
-   * Useful when `checkPriceFreshness()` reports stale price.
-   *
-   * @param signer - An ethers Signer that will send the transaction (must have gas).
-   */
-  async updatePrice(paymasterAddress, signer) {
-    const contract = new ethers.Contract(paymasterAddress, PAYMASTER_PRICE_ABI, signer);
-    const tx = await contract.updatePrice({ gasLimit: 3e5 });
-    await tx.wait();
-    this.logger.log(`Paymaster ${paymasterAddress} price updated, tx: ${tx.hash}`);
-    return tx.hash;
-  }
-  async getPaymasterData(userId, paymasterName, userOp, entryPoint, customAddress, options) {
-    if (paymasterName === "custom-user-provided" && customAddress) {
-      const formattedAddress = customAddress.toLowerCase().startsWith("0x") ? customAddress : `0x${customAddress}`;
-      if (!/^0x[a-fA-F0-9]{40}$/.test(formattedAddress)) {
-        throw new Error(`Invalid paymaster address format: ${customAddress}`);
-      }
-      const isV07OrV08 = entryPoint.toLowerCase() === "0x0000000071727De22E5E9d8BAf0edAc6f37da032".toLowerCase() || entryPoint.toLowerCase() === "0x0576a174D229E3cFA37253523E645A78A0C91B57".toLowerCase();
-      if (isV07OrV08) {
-        const provider = this.ethereum.getProvider();
-        let isSuperPaymaster = false;
-        let operatorAddress = "0x";
-        try {
-          const spContract = new ethers.Contract(
-            formattedAddress,
-            [
-              "function owner() view returns (address)",
-              "function operators(address) view returns (bool,uint256,address,uint256)"
-            ],
-            provider
-          );
-          const owner = await spContract.owner();
-          const opInfo = await spContract.operators(owner);
-          if (opInfo && opInfo[0] === true) {
-            isSuperPaymaster = true;
-            operatorAddress = owner;
-            this.logger.log(`SuperPaymaster detected, operator: ${operatorAddress}`);
-          }
-        } catch {
-        }
-        if (isSuperPaymaster) {
-          const verGas = BigInt(8e4);
-          const postGas = BigInt(3e5);
-          const maxRate = (BigInt(1) << BigInt(256)) - BigInt(1);
-          return ethers.concat([
-            formattedAddress,
-            ethers.zeroPadValue(ethers.toBeHex(verGas), 16),
-            ethers.zeroPadValue(ethers.toBeHex(postGas), 16),
-            operatorAddress,
-            ethers.zeroPadValue(ethers.toBeHex(maxRate), 32)
-          ]);
-        }
-        const paymasterVerificationGasLimit = BigInt(196608);
-        const paymasterPostOpGasLimit = BigInt(196608);
-        let tokenAddress = options?.tokenAddress ?? null;
-        if (tokenAddress) {
-          this.logger.log(`PaymasterV4 token from options: ${tokenAddress}`);
-        } else {
-          try {
-            const pmContract = new ethers.Contract(
-              formattedAddress,
-              PAYMASTER_PRICE_ABI,
-              provider
-            );
-            tokenAddress = await pmContract.token();
-            if (tokenAddress === ethers.ZeroAddress) tokenAddress = null;
-            if (tokenAddress) {
-              this.logger.log(`PaymasterV4 token auto-detected: ${tokenAddress}`);
-            }
-          } catch {
-            this.logger.log(`PaymasterV4 token() not available, paymasterData will have no token`);
-          }
-        }
-        const parts = [
-          formattedAddress,
-          ethers.zeroPadValue(ethers.toBeHex(paymasterVerificationGasLimit), 16),
-          ethers.zeroPadValue(ethers.toBeHex(paymasterPostOpGasLimit), 16)
-        ];
-        if (tokenAddress) {
-          parts.push(tokenAddress);
-        }
-        return ethers.concat(parts);
-      }
-      return formattedAddress;
-    }
-    const paymasters = await this.storage.getPaymasters(userId);
-    const config = paymasters.find((p) => p.name === paymasterName);
-    if (!config) {
-      throw new Error(`Paymaster ${paymasterName} not found`);
-    }
-    switch (config.type) {
-      case "pimlico":
-        if (!config.apiKey) return "0x";
-        return this.getPimlicoPaymasterData(config, userOp, entryPoint);
-      case "stackup":
-        if (!config.apiKey) return "0x";
-        return this.getStackUpPaymasterData(config, userOp, entryPoint);
-      case "alchemy":
-        if (!config.apiKey) return "0x";
-        return this.getAlchemyPaymasterData(config, userOp, entryPoint);
-      case "custom":
-        if (config.address.toLowerCase() === "0x0000000000325602a77416A16136FDafd04b299f".toLowerCase() && config.apiKey) {
-          return this.getPimlicoPaymasterData(
-            { ...config, type: "pimlico", endpoint: "https://api.pimlico.io/v2/11155111/rpc" },
-            userOp,
-            entryPoint
-          );
-        }
-        return config.address;
-      default:
-        return "0x";
-    }
-  }
-  async getPimlicoPaymasterData(config, userOp, entryPoint) {
-    const url = `${config.endpoint}?apikey=${config.apiKey}`;
-    const response = await globalThis.fetch(url, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        jsonrpc: "2.0",
-        method: "pm_sponsorUserOperation",
-        params: [userOp, entryPoint, {}],
-        id: 1
-      })
-    });
-    const result = await response.json();
-    if (result.error) {
-      throw new Error(
-        `Pimlico sponsorship failed: ${result.error.message || JSON.stringify(result.error)}`
-      );
-    }
-    if (result.result) {
-      if (result.result.paymasterAndData) {
-        return result.result.paymasterAndData;
-      }
-      if (result.result.paymaster) {
-        return ethers.concat([
-          result.result.paymaster,
-          ethers.zeroPadValue(
-            ethers.toBeHex(BigInt(result.result.paymasterVerificationGasLimit || "0x30000")),
-            16
-          ),
-          ethers.zeroPadValue(
-            ethers.toBeHex(BigInt(result.result.paymasterPostOpGasLimit || "0x30000")),
-            16
-          ),
-          result.result.paymasterData || "0x"
-        ]);
-      }
-    }
-    throw new Error("Pimlico API did not return valid paymaster data");
-  }
-  async getStackUpPaymasterData(config, userOp, entryPoint) {
-    try {
-      const response = await globalThis.fetch(`${config.endpoint}/${config.apiKey}`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-          jsonrpc: "2.0",
-          method: "pm_sponsorUserOperation",
-          params: { userOperation: userOp, entryPoint, context: { type: "payg" } },
-          id: 1
-        })
-      });
-      const result = await response.json();
-      if (result.error) return "0x";
-      return result.result || "0x";
-    } catch {
-      return "0x";
-    }
-  }
-  async getAlchemyPaymasterData(config, userOp, entryPoint) {
-    try {
-      const response = await globalThis.fetch(`${config.endpoint}/${config.apiKey}`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-          jsonrpc: "2.0",
-          method: "alchemy_requestGasAndPaymasterAndData",
-          params: [{ policyId: "default", entryPoint, userOperation: userOp }],
-          id: 1
-        })
-      });
-      const result = await response.json();
-      if (result.error) return "0x";
-      return result.result?.paymasterAndData || "0x";
-    } catch {
-      return "0x";
-    }
-  }
-};
-var ERC4337Utils2 = class _ERC4337Utils {
-  static packAccountGasLimits(verificationGasLimit, callGasLimit) {
-    const vgl = BigInt(verificationGasLimit);
-    const cgl = BigInt(callGasLimit);
-    const packed = vgl << 128n | cgl;
-    return "0x" + packed.toString(16).padStart(64, "0");
-  }
-  static unpackAccountGasLimits(accountGasLimits) {
-    const packed = BigInt(accountGasLimits);
-    return {
-      verificationGasLimit: packed >> 128n,
-      callGasLimit: packed & (1n << 128n) - 1n
-    };
-  }
-  static packGasFees(maxPriorityFeePerGas, maxFeePerGas) {
-    const priority = BigInt(maxPriorityFeePerGas);
-    const max = BigInt(maxFeePerGas);
-    const packed = priority << 128n | max;
-    return "0x" + packed.toString(16).padStart(64, "0");
-  }
-  static unpackGasFees(gasFees) {
-    const packed = BigInt(gasFees);
-    return {
-      maxPriorityFeePerGas: packed >> 128n,
-      maxFeePerGas: packed & (1n << 128n) - 1n
-    };
-  }
-  static packUserOperation(userOp) {
-    return {
-      sender: userOp.sender,
-      nonce: userOp.nonce,
-      initCode: userOp.initCode || "0x",
-      callData: userOp.callData,
-      accountGasLimits: _ERC4337Utils.packAccountGasLimits(
-        userOp.verificationGasLimit,
-        userOp.callGasLimit
-      ),
-      preVerificationGas: userOp.preVerificationGas,
-      gasFees: _ERC4337Utils.packGasFees(userOp.maxPriorityFeePerGas, userOp.maxFeePerGas),
-      paymasterAndData: userOp.paymasterAndData || "0x",
-      signature: userOp.signature || "0x"
-    };
-  }
-  static unpackUserOperation(packedOp) {
-    const gasLimits = _ERC4337Utils.unpackAccountGasLimits(packedOp.accountGasLimits);
-    const gasFees = _ERC4337Utils.unpackGasFees(packedOp.gasFees);
-    return {
-      sender: packedOp.sender,
-      nonce: packedOp.nonce,
-      initCode: packedOp.initCode,
-      callData: packedOp.callData,
-      callGasLimit: "0x" + gasLimits.callGasLimit.toString(16),
-      verificationGasLimit: "0x" + gasLimits.verificationGasLimit.toString(16),
-      preVerificationGas: packedOp.preVerificationGas,
-      maxFeePerGas: "0x" + gasFees.maxFeePerGas.toString(16),
-      maxPriorityFeePerGas: "0x" + gasFees.maxPriorityFeePerGas.toString(16),
-      paymasterAndData: packedOp.paymasterAndData,
-      signature: packedOp.signature
-    };
-  }
-};
-async function detectSignatureStrategy(provider, accountAddress) {
-  try {
-    const accountCode = await provider.getCode(accountAddress);
-    if (accountCode === "0x") {
-      return { useECDSA: true, isCompositeValidator: true };
-    }
-    const acc = new ethers.Contract(
-      accountAddress,
-      ["function validator() view returns (address)"],
-      provider
-    );
-    const v = await acc.validator();
-    return { useECDSA: v === ethers.ZeroAddress, isCompositeValidator: true };
-  } catch {
-    return { useECDSA: true, isCompositeValidator: false };
-  }
-}
-function generateId() {
-  const hex = () => Math.random().toString(16).slice(2, 10);
-  return `${hex()}${hex()}-${hex()}-${hex()}-${hex()}-${hex()}${hex()}${hex()}`;
-}
-var TransferManager = class {
-  constructor(ethereum, accountManager, blsService, paymasterManager, tokenService, storage, signer, logger, guardChecker) {
-    this.ethereum = ethereum;
-    this.accountManager = accountManager;
-    this.blsService = blsService;
-    this.paymasterManager = paymasterManager;
-    this.tokenService = tokenService;
-    this.storage = storage;
-    this.signer = signer;
-    this.logger = logger ?? new ConsoleLogger("[TransferManager]");
-    this.guardChecker = guardChecker ?? null;
-  }
-  logger;
-  guardChecker;
-  async executeTransfer(userId, params) {
-    const account = await this.accountManager.getAccountByUserId(userId);
-    if (!account) throw new Error("User account not found");
-    const code = await this.ethereum.getProvider().getCode(account.address);
-    const needsDeployment = code === "0x";
-    if (needsDeployment) {
-      this.logger.log("Account needs deployment, will deploy with first transaction");
-    }
-    const smartAccountBalance = parseFloat(await this.ethereum.getBalance(account.address));
-    const isTokenTransfer = !!params.tokenAddress;
-    const transferAmount = isTokenTransfer ? 0 : parseFloat(params.amount);
-    if (!params.usePaymaster) {
-      const minRequiredBalance = 2e-4;
-      const totalNeeded = transferAmount + minRequiredBalance;
-      if (smartAccountBalance < totalNeeded) {
-        throw new Error(
-          `Insufficient balance: Account has ${smartAccountBalance} ETH but needs ${totalNeeded} ETH`
-        );
-      }
-    } else if (!isTokenTransfer && transferAmount > smartAccountBalance) {
-      throw new Error(
-        `Insufficient balance: Account has ${smartAccountBalance} ETH but trying to send ${transferAmount} ETH`
-      );
-    }
-    const version = account.entryPointVersion || "0.6";
-    const userOp = await this.buildUserOperation(
-      userId,
-      account.address,
-      params.to,
-      params.amount,
-      params.data || "0x",
-      params.usePaymaster,
-      params.paymasterAddress,
-      params.paymasterData,
-      params.tokenAddress,
-      version,
-      params.paymasterTokenAddress,
-      params.wrapExecuteUserOp ?? false
-    );
-    const userOpHash = await this.ethereum.getUserOpHash(userOp, version);
-    await this.signer.ensureSigner(userId);
-    const assertionCtx = params.passkeyAssertion ? { assertion: params.passkeyAssertion } : void 0;
-    let useECDSA = false;
-    let isCompositeValidator = false;
-    if (version === "0.7" || version === "0.8") {
-      const provider = this.ethereum.getProvider();
-      ({ useECDSA, isCompositeValidator } = await detectSignatureStrategy(
-        provider,
-        account.address
-      ));
-    }
-    if (useECDSA) {
-      const signer = await this.signer.getSigner(userId, assertionCtx);
-      const ecdsaSig = await signer.signMessage(ethers.getBytes(userOpHash));
-      if (isCompositeValidator) {
-        this.logger.log("ECDSA path for compositeValidator: prepending algId prefix");
-        userOp.signature = ethers.concat([ethers.toBeHex(ALG_ID.ECDSA, 1), ecdsaSig]);
-      } else {
-        this.logger.log("ECDSA path for non-compositeValidator: raw signature");
-        userOp.signature = ecdsaSig;
-      }
-    } else if (params.useAirAccountTiering && this.guardChecker) {
-      const transferValue = params.tokenAddress ? 0n : ethers.parseEther(params.amount);
-      const preCheck = await this.guardChecker.preCheck(account.address, transferValue);
-      if (!preCheck.ok) {
-        throw new Error(`Guard pre-check failed: ${preCheck.errors.join("; ")}`);
-      }
-      this.logger.log(
-        `Tier ${preCheck.tier} selected (algId=0x${preCheck.algId.toString(16).padStart(2, "0")})`
-      );
-      userOp.signature = await this.blsService.generateTieredSignature({
-        tier: preCheck.tier,
-        userId,
-        userOpHash,
-        p256Signature: params.p256Signature,
-        guardianSigner: params.guardianSigner,
-        ctx: assertionCtx
-      });
-    } else {
-      const blsData = await this.blsService.generateBLSSignature(userId, userOpHash, assertionCtx);
-      const packedBls = await this.blsService.packSignature(blsData);
-      userOp.signature = ethers.concat([ethers.toBeHex(ALG_ID.BLS, 1), packedBls]);
-    }
-    const transferId = generateId();
-    let tokenSymbol = "ETH";
-    if (params.tokenAddress) {
-      try {
-        const tokenInfo = await this.tokenService.getTokenInfo(params.tokenAddress);
-        tokenSymbol = tokenInfo.symbol;
-      } catch {
-        tokenSymbol = `${params.tokenAddress.slice(0, 6)}...${params.tokenAddress.slice(-4)}`;
-      }
-    }
-    await this.storage.saveTransfer({
-      id: transferId,
-      userId,
-      from: account.address,
-      to: params.to,
-      amount: params.amount,
-      data: params.data,
-      userOpHash,
-      status: "pending",
-      nodeIndices: [],
-      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-      tokenAddress: params.tokenAddress,
-      tokenSymbol
-    });
-    this.processTransferAsync(transferId, userOp, account.address, version);
-    return {
-      success: true,
-      transferId,
-      userOpHash,
-      status: "pending",
-      message: "Transfer submitted successfully. Use transferId to check status.",
-      from: account.address,
-      to: params.to,
-      amount: params.amount
-    };
-  }
-  async processTransferAsync(transferId, userOp, from, version) {
-    try {
-      const formatted = this.formatUserOpForBundler(userOp, version);
-      const bundlerUserOpHash = await this.ethereum.sendUserOperation(formatted, version);
-      await this.storage.updateTransfer(transferId, {
-        bundlerUserOpHash,
-        status: "submitted",
-        submittedAt: (/* @__PURE__ */ new Date()).toISOString()
-      });
-      const txHash = await this.ethereum.waitForUserOp(bundlerUserOpHash);
-      await this.storage.updateTransfer(transferId, {
-        transactionHash: txHash,
-        status: "completed",
-        completedAt: (/* @__PURE__ */ new Date()).toISOString()
-      });
-      const code = await this.ethereum.getProvider().getCode(from);
-      if (code !== "0x") {
-        const account = (await this.storage.getAccounts()).find((a) => a.address === from);
-        if (account && !account.deployed) {
-          await this.storage.updateAccount(account.userId, {
-            deployed: true,
-            deploymentTxHash: txHash
-          });
-        }
-      }
-    } catch (error) {
-      let message = error instanceof Error ? error.message : String(error);
-      if (message.includes("expires too soon") || message.includes("AA32") || message.includes("paymaster deposit not locked")) {
-        const validUntilMatch = message.match(/validUntil=(\d+)/);
-        const hint = validUntilMatch ? ` (validUntil=${validUntilMatch[1]}, expired ${Math.floor(Date.now() / 1e3) - Number(validUntilMatch[1])}s ago)` : "";
-        message = `Paymaster price is stale${hint}. Call paymasterManager.checkPriceFreshness(paymasterAddress) to diagnose, then paymasterManager.updatePrice(paymasterAddress, signer) to refresh. Original error: ${message}`;
-        error = new PaymasterPriceStalenessError(
-          "unknown",
-          0,
-          0
-        );
-        error.message = message;
-      }
-      await this.storage.updateTransfer(transferId, {
-        status: "failed",
-        error: message,
-        failedAt: (/* @__PURE__ */ new Date()).toISOString()
-      });
-      this.logger.error(`Transfer ${transferId} failed: ${message}`);
-    }
-  }
-  async estimateGas(userId, params) {
-    const account = await this.accountManager.getAccountByUserId(userId);
-    if (!account) throw new Error("User account not found");
-    const version = account.entryPointVersion || "0.6";
-    const userOp = await this.buildUserOperation(
-      userId,
-      account.address,
-      params.to,
-      params.amount,
-      params.data || "0x",
-      false,
-      void 0,
-      void 0,
-      params.tokenAddress,
-      version,
-      void 0,
-      params.wrapExecuteUserOp ?? false
-    );
-    const formatted = this.formatUserOpForBundler(userOp, version);
-    const gasEstimates = await this.ethereum.estimateUserOperationGas(formatted, version);
-    const gasPrices = await this.ethereum.getUserOperationGasPrice();
-    const validatorContract = this.ethereum.getValidatorContract(version);
-    const validatorGasEstimate = await validatorContract.getGasEstimate(3);
-    return {
-      callGasLimit: gasEstimates.callGasLimit,
-      verificationGasLimit: gasEstimates.verificationGasLimit,
-      preVerificationGas: gasEstimates.preVerificationGas,
-      validatorGasEstimate: validatorGasEstimate.toString(),
-      totalGasEstimate: (BigInt(gasEstimates.callGasLimit) + BigInt(gasEstimates.verificationGasLimit) + BigInt(gasEstimates.preVerificationGas)).toString(),
-      maxFeePerGas: gasPrices.maxFeePerGas,
-      maxPriorityFeePerGas: gasPrices.maxPriorityFeePerGas
-    };
-  }
-  async getTransferStatus(userId, transferId) {
-    const transfer = await this.storage.findTransferById(transferId);
-    if (!transfer || transfer.userId !== userId) {
-      throw new Error("Transfer not found");
-    }
-    const response = { ...transfer };
-    if (transfer.status === "pending" || transfer.status === "submitted") {
-      const elapsed = Math.floor((Date.now() - new Date(transfer.createdAt).getTime()) / 1e3);
-      response.elapsedSeconds = elapsed;
-    }
-    if (transfer.transactionHash) {
-      response.explorerUrl = `https://sepolia.etherscan.io/tx/${transfer.transactionHash}`;
-    }
-    const statusDescriptions = {
-      pending: "Preparing transaction and generating signatures",
-      submitted: "Transaction submitted to bundler, waiting for confirmation",
-      completed: "Transaction confirmed on chain",
-      failed: "Transaction failed"
-    };
-    response.statusDescription = statusDescriptions[transfer.status] || transfer.status;
-    return response;
-  }
-  async getTransferHistory(userId, page = 1, limit = 10) {
-    const transfers = await this.storage.findTransfersByUserId(userId);
-    if (!transfers || transfers.length === 0) {
-      return { transfers: [], total: 0, page, limit, totalPages: 0 };
-    }
-    transfers.sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime());
-    const start = (page - 1) * limit;
-    const paginated = transfers.slice(start, start + limit);
-    return {
-      transfers: paginated,
-      total: transfers.length,
-      page,
-      limit,
-      totalPages: Math.ceil(transfers.length / limit)
-    };
-  }
-  // ── Private helpers ─────────────────────────────────────────────
-  async buildUserOperation(userId, sender, to, amount, data, usePaymaster, paymasterAddress, _paymasterData, tokenAddress, version = "0.6", paymasterTokenAddress, wrapExecuteUserOpFlag = false) {
-    const accountContract = this.ethereum.getAccountContract(sender);
-    const nonce = await this.ethereum.getNonce(sender, 0, version);
-    const provider = this.ethereum.getProvider();
-    const code = await provider.getCode(sender);
-    const needsDeployment = code === "0x";
-    let initCode = "0x";
-    if (needsDeployment) {
-      const accounts = await this.storage.getAccounts();
-      const account = accounts.find((a) => a.address === sender);
-      if (account) {
-        const factory = this.ethereum.getFactoryContract(version);
-        const factoryAddress = await factory.getAddress();
-        let deployCalldata;
-        if (version === "0.7" || version === "0.8") {
-          const storedDailyLimit = account.dailyLimit ? BigInt(account.dailyLimit) : 0n;
-          if (account.guardian1 && account.guardian2 && account.guardian1Sig && account.guardian2Sig) {
-            const sig1 = account.guardian1Sig.startsWith("0x") ? account.guardian1Sig : `0x${account.guardian1Sig}`;
-            const sig2 = account.guardian2Sig.startsWith("0x") ? account.guardian2Sig : `0x${account.guardian2Sig}`;
-            deployCalldata = factory.interface.encodeFunctionData("createAccountWithDefaults", [
-              account.signerAddress,
-              account.salt,
-              account.guardian1,
-              sig1,
-              account.guardian2,
-              sig2,
-              storedDailyLimit
-            ]);
-          } else {
-            const minimalConfig = [
-              [ethers.ZeroAddress, ethers.ZeroAddress, ethers.ZeroAddress],
-              // guardians (address[3])
-              storedDailyLimit,
-              [],
-              // approvedAlgIds
-              0n,
-              // minDailyLimit
-              [],
-              // initialTokens
-              []
-              // initialTokenConfigs
-            ];
-            deployCalldata = factory.interface.encodeFunctionData("createAccount", [
-              account.signerAddress,
-              account.salt,
-              minimalConfig
-            ]);
-          }
-        } else {
-          deployCalldata = factory.interface.encodeFunctionData(
-            "createAccountWithAAStarValidator",
-            [
-              account.signerAddress,
-              account.signerAddress,
-              account.validatorAddress,
-              true,
-              account.salt
-            ]
-          );
-        }
-        initCode = ethers.concat([factoryAddress, deployCalldata]);
-      }
-    }
-    let callData;
-    if (tokenAddress) {
-      const tokenInfo = await this.tokenService.getTokenInfo(tokenAddress);
-      const transferCalldata = this.tokenService.generateTransferCalldata(
-        to,
-        amount,
-        tokenInfo.decimals
-      );
-      callData = accountContract.interface.encodeFunctionData("execute", [
-        tokenAddress,
-        0,
-        transferCalldata
-      ]);
-    } else {
-      callData = accountContract.interface.encodeFunctionData("execute", [
-        to,
-        ethers.parseEther(amount),
-        data
-      ]);
-    }
-    if (wrapExecuteUserOpFlag) {
-      callData = wrapExecuteUserOp(callData);
-    }
-    const gasPrices = await this.ethereum.getUserOperationGasPrice();
-    const isV07 = version === "0.7" || version === "0.8";
-    let baseUserOp;
-    if (isV07) {
-      let factory;
-      let factoryData;
-      if (initCode && initCode !== "0x" && initCode.length > 2) {
-        factory = initCode.slice(0, 42);
-        factoryData = initCode.length > 42 ? "0x" + initCode.slice(42) : "0x";
-      }
-      baseUserOp = {
-        sender,
-        nonce: "0x" + nonce.toString(16),
-        ...factory ? { factory, factoryData } : {},
-        callData,
-        callGasLimit: "0x0",
-        verificationGasLimit: "0x0",
-        preVerificationGas: "0x0",
-        maxFeePerGas: gasPrices.maxFeePerGas,
-        maxPriorityFeePerGas: gasPrices.maxPriorityFeePerGas,
-        signature: "0x"
-      };
-    } else {
-      baseUserOp = {
-        sender,
-        nonce: "0x" + nonce.toString(16),
-        initCode,
-        callData,
-        callGasLimit: "0x0",
-        verificationGasLimit: "0x0",
-        preVerificationGas: "0x0",
-        maxFeePerGas: gasPrices.maxFeePerGas,
-        maxPriorityFeePerGas: gasPrices.maxPriorityFeePerGas,
-        paymasterAndData: "0x",
-        signature: "0x"
-      };
-    }
-    let paymasterAndData = "0x";
-    if (usePaymaster) {
-      if (paymasterAddress) {
-        const entryPoint = this.ethereum.getEntryPointAddress(version);
-        paymasterAndData = await this.paymasterManager.getPaymasterData(
-          userId,
-          "custom-user-provided",
-          baseUserOp,
-          entryPoint,
-          paymasterAddress,
-          paymasterTokenAddress ? { tokenAddress: paymasterTokenAddress } : void 0
-        );
-      } else {
-        const available = await this.paymasterManager.getAvailablePaymasters(userId);
-        const configured = available.find((pm) => pm.configured);
-        if (configured) {
-          const entryPoint = this.ethereum.getEntryPointAddress(version);
-          paymasterAndData = await this.paymasterManager.getPaymasterData(
-            userId,
-            configured.name,
-            baseUserOp,
-            entryPoint
-          );
-        } else {
-          throw new Error("No paymaster configured and no paymaster address provided");
-        }
-      }
-      if (!paymasterAndData || paymasterAndData === "0x") {
-        throw new Error(
-          `Paymaster failed to provide sponsorship data. The paymaster at ${paymasterAddress} may not be configured correctly.`
-        );
-      }
-      if (isV07) {
-        baseUserOp.paymaster = paymasterAndData.slice(0, 42);
-        if (paymasterAndData.length >= 74) {
-          baseUserOp.paymasterVerificationGasLimit = "0x" + BigInt("0x" + paymasterAndData.slice(42, 74)).toString(16);
-        }
-        if (paymasterAndData.length >= 106) {
-          baseUserOp.paymasterPostOpGasLimit = "0x" + BigInt("0x" + paymasterAndData.slice(74, 106)).toString(16);
-        }
-        if (paymasterAndData.length > 106) {
-          baseUserOp.paymasterData = "0x" + paymasterAndData.slice(106);
-        }
-      } else {
-        baseUserOp.paymasterAndData = paymasterAndData;
-      }
-    }
-    const gasEstimates = await this.ethereum.estimateUserOperationGas(baseUserOp, version);
-    const standardUserOp = {
-      sender,
-      nonce,
-      initCode,
-      callData,
-      callGasLimit: BigInt(gasEstimates.callGasLimit),
-      verificationGasLimit: BigInt(gasEstimates.verificationGasLimit),
-      preVerificationGas: BigInt(gasEstimates.preVerificationGas),
-      maxFeePerGas: BigInt(gasPrices.maxFeePerGas),
-      maxPriorityFeePerGas: BigInt(gasPrices.maxPriorityFeePerGas),
-      paymasterAndData,
-      signature: "0x"
-    };
-    if (version === "0.7" || version === "0.8") {
-      return ERC4337Utils2.packUserOperation(standardUserOp);
-    }
-    return standardUserOp;
-  }
-  formatUserOpForBundler(userOp, version = "0.6") {
-    if (version === "0.7" || version === "0.8") {
-      const packedOp = userOp;
-      const gasLimits = ERC4337Utils2.unpackAccountGasLimits(packedOp.accountGasLimits);
-      const gasFees = ERC4337Utils2.unpackGasFees(packedOp.gasFees);
-      let factory;
-      let factoryData;
-      if (packedOp.initCode && packedOp.initCode !== "0x" && packedOp.initCode.length > 2) {
-        factory = packedOp.initCode.slice(0, 42);
-        if (packedOp.initCode.length > 42) {
-          factoryData = "0x" + packedOp.initCode.slice(42);
-        }
-      }
-      let paymaster;
-      let paymasterVerificationGasLimit;
-      let paymasterPostOpGasLimit;
-      let paymasterData;
-      if (packedOp.paymasterAndData && packedOp.paymasterAndData !== "0x" && packedOp.paymasterAndData.length > 2) {
-        paymaster = packedOp.paymasterAndData.slice(0, 42);
-        if (packedOp.paymasterAndData.length >= 74) {
-          paymasterVerificationGasLimit = "0x" + BigInt("0x" + packedOp.paymasterAndData.slice(42, 74)).toString(16);
-        }
-        if (packedOp.paymasterAndData.length >= 106) {
-          paymasterPostOpGasLimit = "0x" + BigInt("0x" + packedOp.paymasterAndData.slice(74, 106)).toString(16);
-        }
-        if (packedOp.paymasterAndData.length > 106) {
-          paymasterData = "0x" + packedOp.paymasterAndData.slice(106);
-        }
-      }
-      const result = {
-        sender: packedOp.sender,
-        nonce: typeof packedOp.nonce === "bigint" ? "0x" + packedOp.nonce.toString(16) : packedOp.nonce.toString().startsWith("0x") ? packedOp.nonce.toString() : "0x" + BigInt(packedOp.nonce).toString(16),
-        callData: packedOp.callData,
-        callGasLimit: "0x" + gasLimits.callGasLimit.toString(16),
-        verificationGasLimit: "0x" + gasLimits.verificationGasLimit.toString(16),
-        preVerificationGas: typeof packedOp.preVerificationGas === "bigint" ? "0x" + packedOp.preVerificationGas.toString(16) : packedOp.preVerificationGas.toString().startsWith("0x") ? packedOp.preVerificationGas.toString() : "0x" + BigInt(packedOp.preVerificationGas).toString(16),
-        maxFeePerGas: "0x" + gasFees.maxFeePerGas.toString(16),
-        maxPriorityFeePerGas: "0x" + gasFees.maxPriorityFeePerGas.toString(16),
-        signature: packedOp.signature || "0x"
-      };
-      if (factory) result.factory = factory;
-      if (factoryData) result.factoryData = factoryData;
-      if (paymaster) {
-        result.paymaster = paymaster;
-        result.paymasterVerificationGasLimit = paymasterVerificationGasLimit || "0x30000";
-        result.paymasterPostOpGasLimit = paymasterPostOpGasLimit || "0x30000";
-        if (paymasterData && paymasterData !== "0x") {
-          result.paymasterData = paymasterData;
-        }
-      }
-      return result;
-    }
-    const op = userOp;
-    return {
-      sender: op.sender,
-      nonce: "0x" + op.nonce.toString(16),
-      initCode: op.initCode,
-      callData: op.callData,
-      callGasLimit: "0x" + op.callGasLimit.toString(16),
-      verificationGasLimit: "0x" + op.verificationGasLimit.toString(16),
-      preVerificationGas: "0x" + op.preVerificationGas.toString(16),
-      maxFeePerGas: "0x" + op.maxFeePerGas.toString(16),
-      maxPriorityFeePerGas: "0x" + op.maxPriorityFeePerGas.toString(16),
-      paymasterAndData: op.paymasterAndData,
-      signature: op.signature
-    };
-  }
-};
-var BLSManager2 = class {
-  config;
-  constructor(config) {
-    this.config = config;
-  }
-  /**
-   * Discover available BLS nodes from seed nodes (Gossip network)
-   */
-  async getAvailableNodes() {
-    const { seedNodes, discoveryTimeout = 5e3 } = this.config;
-    for (const seedEndpoint of seedNodes) {
-      try {
-        const response = await axios.get(`${seedEndpoint}/gossip/peers`, {
-          timeout: discoveryTimeout
-        });
-        const peers = response.data.peers || [];
-        const activeNodes = peers.filter((p) => p.status === "active" && p.apiEndpoint && p.publicKey).map((p, index) => ({
-          index: index + 1,
-          // 1-based index likely expected by contract if using bitmap
-          nodeId: p.nodeId,
-          nodeName: p.nodeName,
-          apiEndpoint: p.apiEndpoint,
-          status: "active",
-          publicKey: p.publicKey
-        }));
-        if (activeNodes.length > 0) {
-          return activeNodes;
-        }
-      } catch {
-        continue;
-      }
-    }
-    return [];
-  }
-  /**
-   * Helper to pack the full signature for ERC-4337 UserOp
-   * Format: [nodeIdsLength][nodeIds...][blsSignature][messagePoint][aaSignature][messagePointSignature]
-   */
-  packSignature(data) {
-    if (!data.nodeIds || !data.aaSignature || !data.messagePointSignature) {
-      throw new Error("Missing required signature components");
-    }
-    const nodeIdsLength = ethers.solidityPacked(["uint256"], [data.nodeIds.length]);
-    const nodeIdsBytes = ethers.solidityPacked(
-      Array(data.nodeIds.length).fill("bytes32"),
-      data.nodeIds
-    );
-    return ethers.solidityPacked(
-      ["bytes", "bytes", "bytes", "bytes", "bytes", "bytes"],
-      [
-        nodeIdsLength,
-        nodeIdsBytes,
-        data.signature,
-        data.messagePoint,
-        data.aaSignature,
-        data.messagePointSignature
-      ]
-    );
-  }
-  /**
-   * Calculate the MessagePoint G2 point for a given message (UserOpHash)
-   */
-  async generateMessagePoint(message) {
-    const messageBytes = typeof message === "string" ? ethers.getBytes(message) : message;
-    const DST = "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_";
-    const messagePointBLS = await bls12_381.G2.hashToCurve(messageBytes, { DST });
-    const messageG2EIP = this.encodeG2Point(messagePointBLS);
-    return "0x" + Buffer.from(messageG2EIP).toString("hex");
-  }
-  /**
-   * Encode G2 Point to bytes for EIP-2537 format
-   */
-  encodeG2Point(point) {
-    const result = new Uint8Array(256);
-    const affine = point.toAffine();
-    const x0Bytes = this.hexToBytes(affine.x.c0.toString(16).padStart(96, "0"));
-    const x1Bytes = this.hexToBytes(affine.x.c1.toString(16).padStart(96, "0"));
-    const y0Bytes = this.hexToBytes(affine.y.c0.toString(16).padStart(96, "0"));
-    const y1Bytes = this.hexToBytes(affine.y.c1.toString(16).padStart(96, "0"));
-    result.set(x0Bytes, 16);
-    result.set(x1Bytes, 80);
-    result.set(y0Bytes, 144);
-    result.set(y1Bytes, 208);
-    return result;
-  }
-  hexToBytes(hex) {
-    if (hex.startsWith("0x")) hex = hex.slice(2);
-    const bytes = new Uint8Array(hex.length / 2);
-    for (let i = 0; i < hex.length; i += 2) {
-      bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
-    }
-    return bytes;
-  }
-  /**
-   * Pack cumulative Tier 2 signature (algId 0x04): P256 + BLS.
-   *
-   * Format:
-   *   [algId=0x04 (1)] [P256 r (32)] [P256 s (32)]
-   *   [nodeIdsLength (32)] [nodeIds (N×32)]
-   *   [blsAggregateSig (256)] [messagePoint (256)]
-   *   [messagePointECDSA (65)]
-   */
-  packCumulativeT2Signature(data) {
-    const nodeIdsLength = ethers.solidityPacked(["uint256"], [data.nodeIds.length]);
-    const nodeIdsBytes = ethers.solidityPacked(
-      Array(data.nodeIds.length).fill("bytes32"),
-      data.nodeIds
-    );
-    return ethers.solidityPacked(
-      ["bytes1", "bytes", "bytes", "bytes", "bytes", "bytes", "bytes"],
-      [
-        "0x04",
-        data.p256Signature,
-        nodeIdsLength,
-        nodeIdsBytes,
-        data.blsSignature,
-        data.messagePoint,
-        data.messagePointSignature
-      ]
-    );
-  }
-  /**
-   * Pack cumulative Tier 3 signature (algId 0x05): P256 + BLS + Guardian.
-   *
-   * Format:
-   *   [algId=0x05 (1)] [P256 r (32)] [P256 s (32)]
-   *   [nodeIdsLength (32)] [nodeIds (N×32)]
-   *   [blsAggregateSig (256)] [messagePoint (256)]
-   *   [messagePointECDSA (65)] [guardianECDSA (65)]
-   */
-  packCumulativeT3Signature(data) {
-    const nodeIdsLength = ethers.solidityPacked(["uint256"], [data.nodeIds.length]);
-    const nodeIdsBytes = ethers.solidityPacked(
-      Array(data.nodeIds.length).fill("bytes32"),
-      data.nodeIds
-    );
-    return ethers.solidityPacked(
-      ["bytes1", "bytes", "bytes", "bytes", "bytes", "bytes", "bytes", "bytes"],
-      [
-        "0x05",
-        data.p256Signature,
-        nodeIdsLength,
-        nodeIdsBytes,
-        data.blsSignature,
-        data.messagePoint,
-        data.messagePointSignature,
-        data.guardianSignature
-      ]
-    );
-  }
-  /**
-   * Request signature from a single node
-   */
-  async requestNodeSignature(node, message) {
-    const response = await axios.post(`${node.apiEndpoint}/signature/sign`, {
-      message
-    });
-    const signatureEIP = response.data.signature;
-    const signature = response.data.signatureCompact || signatureEIP;
-    return {
-      signature: signature.startsWith("0x") ? signature : `0x${signature}`,
-      publicKey: response.data.publicKey
-    };
-  }
-  /**
-   * Request aggregation from a node
-   */
-  async aggregateSignatures(node, signatures) {
-    const response = await axios.post(`${node.apiEndpoint}/signature/aggregate`, {
-      signatures
-    });
-    const sig = response.data.signature;
-    return sig.startsWith("0x") ? sig : `0x${sig}`;
-  }
-};
-var DvtPendingConfirmationError = class extends Error {
-  constructor(userOpHash, nodeEndpoint) {
-    super(
-      `DVT node ${nodeEndpoint} withheld its co-signature pending out-of-band confirmation for userOpHash ${userOpHash}; release it via POST /signature/confirm.`
-    );
-    this.userOpHash = userOpHash;
-    this.nodeEndpoint = nodeEndpoint;
-    this.name = "DvtPendingConfirmationError";
-  }
-};
-function isPendingConfirmation(data) {
-  return typeof data === "object" && data !== null && data.status === "pending_confirmation";
-}
-var BLSSignatureService = class {
-  constructor(config, ethereum, storage, signer, logger) {
-    this.config = config;
-    this.ethereum = ethereum;
-    this.storage = storage;
-    this.signer = signer;
-    this.logger = logger ?? new ConsoleLogger("[BLSSignatureService]");
-  }
-  blsManager = null;
-  logger;
-  /** Lazy-initialize BLSManager on first use. */
-  async ensureInitialized() {
-    if (this.blsManager) return this.blsManager;
-    const blsConfig = await this.storage.getBlsConfig();
-    const seedNodes = this.config.blsSeedNodes ?? blsConfig?.discovery?.seedNodes?.map((n) => n.endpoint) ?? [];
-    this.blsManager = new BLSManager2({
-      seedNodes,
-      discoveryTimeout: this.config.blsDiscoveryTimeout ?? 1e4
-    });
-    return this.blsManager;
-  }
-  async getActiveSignerNodes() {
-    const manager = await this.ensureInitialized();
-    const nodes = await manager.getAvailableNodes();
-    if (nodes.length > 0) {
-      try {
-        await this.storage.updateSignerNodesCache(nodes);
-      } catch {
-      }
-    }
-    return nodes;
-  }
-  async generateBLSSignature(userId, userOpHash, ctx) {
-    const manager = await this.ensureInitialized();
-    const activeNodes = await this.getActiveSignerNodes();
-    if (activeNodes.length < 1) {
-      throw new Error("No active BLS signer nodes available");
-    }
-    const selectedNodes = activeNodes.slice(0, Math.min(3, activeNodes.length));
-    const signerNodeSignatures = [];
-    const signerNodeIds = [];
-    for (const node of selectedNodes) {
-      try {
-        const response = await axios.post(`${node.apiEndpoint}/signature/sign`, {
-          message: userOpHash
-        });
-        if (isPendingConfirmation(response.data)) {
-          throw new DvtPendingConfirmationError(response.data.userOpHash ?? userOpHash, node.apiEndpoint);
-        }
-        const signatureForAggregation = response.data.signatureCompact || response.data.signature;
-        const formatted = signatureForAggregation.startsWith("0x") ? signatureForAggregation : `0x${signatureForAggregation}`;
-        signerNodeSignatures.push(formatted);
-        signerNodeIds.push(response.data.nodeId);
-      } catch (err) {
-        if (err instanceof DvtPendingConfirmationError) throw err;
-      }
-    }
-    if (signerNodeSignatures.length === 0) {
-      throw new Error("Failed to get signatures from any BLS signer nodes");
-    }
-    let aggregatedSignature;
-    if (signerNodeSignatures.length > 1) {
-      const aggregateResponse = await axios.post(
-        `${selectedNodes[0].apiEndpoint}/signature/aggregate`,
-        { signatures: signerNodeSignatures }
-      );
-      aggregatedSignature = aggregateResponse.data.signature.startsWith("0x") ? aggregateResponse.data.signature : `0x${aggregateResponse.data.signature}`;
-    } else {
-      const singleSignResponse = await axios.post(
-        `${selectedNodes[0].apiEndpoint}/signature/sign`,
-        { message: userOpHash }
-      );
-      if (isPendingConfirmation(singleSignResponse.data)) {
-        throw new DvtPendingConfirmationError(
-          singleSignResponse.data.userOpHash ?? userOpHash,
-          selectedNodes[0].apiEndpoint
-        );
-      }
-      aggregatedSignature = singleSignResponse.data.signature.startsWith("0x") ? singleSignResponse.data.signature : `0x${singleSignResponse.data.signature}`;
-    }
-    const messagePoint = await manager.generateMessagePoint(userOpHash);
-    const account = await this.storage.findAccountByUserId(userId);
-    if (!account) {
-      throw new Error(`User account not found for userId: ${userId}`);
-    }
-    const wallet = await this.signer.getSigner(userId, ctx);
-    const walletAddress = await wallet.getAddress();
-    if (walletAddress.toLowerCase() !== account.signerAddress.toLowerCase()) {
-      throw new Error(
-        `Wallet address mismatch! Wallet: ${walletAddress}, Expected: ${account.signerAddress}`
-      );
-    }
-    const aaSignature = await wallet.signMessage(ethers.getBytes(userOpHash));
-    const messagePointHash = ethers.keccak256(messagePoint);
-    const messagePointSignature = await wallet.signMessage(ethers.getBytes(messagePointHash));
-    return {
-      nodeIds: signerNodeIds,
-      signature: aggregatedSignature,
-      messagePoint,
-      aaAddress: account.signerAddress,
-      aaSignature,
-      messagePointSignature
-    };
-  }
-  async packSignature(blsData) {
-    const manager = await this.ensureInitialized();
-    return manager.packSignature(blsData);
-  }
-  // ── Tiered Signature Support (M4) ─────────────────────────────
-  /**
-   * Generate a tiered signature based on the required tier level.
-   *
-   * - Tier 1: raw 65-byte ECDSA (no algId prefix, backwards-compat)
-   * - Tier 2: algId 0x04 — P256 + BLS aggregate + messagePoint ECDSA
-   * - Tier 3: algId 0x05 — P256 + BLS + messagePoint ECDSA + Guardian ECDSA
-   *
-   * @param tier - Required tier level (1, 2, or 3)
-   * @param userId - User ID for account lookup
-   * @param userOpHash - The UserOp hash to sign
-   * @param p256Signature - P256 passkey signature (64 bytes, required for tier 2/3)
-   * @param guardianSigner - Guardian ethers.Signer (required for tier 3)
-   * @param ctx - Optional passkey assertion context for KMS signing
-   */
-  async generateTieredSignature(params) {
-    const { tier, userId, userOpHash, p256Signature, guardianSigner, ctx } = params;
-    const manager = await this.ensureInitialized();
-    if (tier === 1) {
-      const account = await this.storage.findAccountByUserId(userId);
-      if (!account) throw new Error(`User account not found for userId: ${userId}`);
-      const wallet = await this.signer.getSigner(userId, ctx);
-      return wallet.signMessage(ethers.getBytes(userOpHash));
-    }
-    if (!p256Signature) {
-      throw new Error(`P256 signature required for Tier ${tier}`);
-    }
-    const blsData = await this.generateBLSSignature(userId, userOpHash, ctx);
-    if (tier === 2) {
-      const t2Data = {
-        p256Signature,
-        nodeIds: blsData.nodeIds,
-        blsSignature: blsData.signature,
-        messagePoint: blsData.messagePoint,
-        messagePointSignature: blsData.messagePointSignature
-      };
-      return manager.packCumulativeT2Signature(t2Data);
-    }
-    if (!guardianSigner) {
-      throw new Error("Guardian signer required for Tier 3");
-    }
-    const guardianSignature = await guardianSigner.signMessage(ethers.getBytes(userOpHash));
-    const t3Data = {
-      p256Signature,
-      nodeIds: blsData.nodeIds,
-      blsSignature: blsData.signature,
-      messagePoint: blsData.messagePoint,
-      messagePointSignature: blsData.messagePointSignature,
-      guardianSignature
-    };
-    return manager.packCumulativeT3Signature(t3Data);
-  }
-};
-var TokenService = class {
-  constructor(ethereum) {
-    this.ethereum = ethereum;
-  }
-  async getTokenInfo(tokenAddress) {
-    const provider = this.ethereum.getProvider();
-    const contract = new ethers.Contract(tokenAddress, ERC20_ABI, provider);
-    const [name, symbol, decimals] = await Promise.all([
-      contract.name(),
-      contract.symbol(),
-      contract.decimals()
-    ]);
-    return {
-      address: tokenAddress.toLowerCase(),
-      name,
-      symbol,
-      decimals: Number(decimals)
-    };
-  }
-  async getTokenBalance(tokenAddress, walletAddress) {
-    const provider = this.ethereum.getProvider();
-    const contract = new ethers.Contract(tokenAddress, ERC20_ABI, provider);
-    try {
-      const balance = await contract.balanceOf(walletAddress);
-      return balance.toString();
-    } catch {
-      return "0";
-    }
-  }
-  async getFormattedTokenBalance(tokenAddress, walletAddress) {
-    const tokenInfo = await this.getTokenInfo(tokenAddress);
-    const rawBalance = await this.getTokenBalance(tokenAddress, walletAddress);
-    const formattedBalance = ethers.formatUnits(rawBalance, tokenInfo.decimals);
-    return { token: tokenInfo, balance: rawBalance, formattedBalance };
-  }
-  generateTransferCalldata(to, amount, decimals) {
-    const contract = new ethers.Contract(ethers.ZeroAddress, ERC20_ABI);
-    const parsedAmount = ethers.parseUnits(amount, decimals);
-    return contract.interface.encodeFunctionData("transfer", [to, parsedAmount]);
-  }
-  async validateToken(tokenAddress) {
-    try {
-      const provider = this.ethereum.getProvider();
-      const contract = new ethers.Contract(tokenAddress, ERC20_ABI, provider);
-      const [name, symbol, decimals] = await Promise.race([
-        Promise.all([contract.name(), contract.symbol(), contract.decimals()]),
-        new Promise((_, reject) => setTimeout(() => reject(new Error("Timeout")), 1e4))
-      ]);
-      return {
-        isValid: true,
-        token: {
-          address: tokenAddress.toLowerCase(),
-          name,
-          symbol,
-          decimals: Number(decimals)
-        }
-      };
-    } catch (error) {
-      return {
-        isValid: false,
-        error: error instanceof Error ? error.message : "Invalid ERC20 token"
-      };
-    }
-  }
-};
-var WalletManager = class {
-  constructor(signer) {
-    this.signer = signer;
-  }
-  async getAddress(userId) {
-    return this.signer.getAddress(userId);
-  }
-  async getSigner(userId) {
-    return this.signer.getSigner(userId);
-  }
-  async ensureSigner(userId) {
-    return this.signer.ensureSigner(userId);
-  }
-};
-var YAAAServerClient = class {
-  ethereum;
-  accounts;
-  transfers;
-  bls;
-  paymaster;
-  tokens;
-  wallets;
-  constructor(config) {
-    validateConfig(config);
-    const logger = config.logger ?? new ConsoleLogger("[YAAA]");
-    this.ethereum = new EthereumProvider(config);
-    this.wallets = new WalletManager(config.signer);
-    this.tokens = new TokenService(this.ethereum);
-    this.paymaster = new PaymasterManager(this.ethereum, config.storage, logger);
-    this.accounts = new AccountManager(this.ethereum, config.storage, config.signer, logger);
-    this.bls = new BLSSignatureService(
-      config,
-      this.ethereum,
-      config.storage,
-      config.signer,
-      logger
-    );
-    this.transfers = new TransferManager(
-      this.ethereum,
-      this.accounts,
-      this.bls,
-      this.paymaster,
-      this.tokens,
-      config.storage,
-      config.signer,
-      logger
-    );
-  }
-};
-function buildInstallModuleHash(chainId, account, moduleTypeId, module, moduleInitData = "0x") {
-  const moduleInitDataHash = ethers.keccak256(moduleInitData);
-  const raw = ethers.keccak256(
-    ethers.solidityPacked(
-      ["string", "uint256", "address", "uint256", "address", "bytes32"],
-      ["INSTALL_MODULE", chainId, account, moduleTypeId, module, moduleInitDataHash]
-    )
-  );
-  return ethers.hashMessage(ethers.getBytes(raw));
-}
-function buildUninstallModuleHash(chainId, account, moduleTypeId, module) {
-  const raw = ethers.keccak256(
-    ethers.solidityPacked(
-      ["string", "uint256", "address", "uint256", "address"],
-      ["UNINSTALL_MODULE", chainId, account, moduleTypeId, module]
-    )
-  );
-  return ethers.hashMessage(ethers.getBytes(raw));
-}
-var ModuleManager = class {
-  provider;
-  chainId;
-  constructor(provider, chainId) {
-    this.provider = provider;
-    this.chainId = chainId;
-  }
-  /**
-   * Encode calldata for installModule().
-   * Caller is responsible for submitting via UserOp (EntryPoint) or direct tx.
-   */
-  encodeInstall(params) {
-    const sigs = params.guardianSigs ?? [];
-    const initData = params.moduleInitData ?? "0x";
-    const packed = sigs.length > 0 ? ethers.concat([...sigs.map((s) => ethers.getBytes(s)), ethers.getBytes(initData)]) : ethers.getBytes(initData);
-    const iface = new ethers.Interface(AIRACCOUNT_ABI);
-    return iface.encodeFunctionData("installModule", [
-      params.moduleTypeId,
-      params.module,
-      packed
-    ]);
-  }
-  /**
-   * Encode calldata for uninstallModule().
-   * Always requires 2 guardian signatures.
-   */
-  encodeUninstall(params) {
-    const deInitData = params.moduleDeInitData ?? "0x";
-    const packed = ethers.concat([
-      ethers.getBytes(params.guardianSig1),
-      ethers.getBytes(params.guardianSig2),
-      ethers.getBytes(deInitData)
-    ]);
-    const iface = new ethers.Interface(AIRACCOUNT_ABI);
-    return iface.encodeFunctionData("uninstallModule", [
-      params.moduleTypeId,
-      params.module,
-      packed
-    ]);
-  }
-  /** Check if a module is currently installed on the account. */
-  async isInstalled(account, moduleTypeId, module) {
-    const contract = new ethers.Contract(account, AIRACCOUNT_ABI, this.provider);
-    return contract.isModuleInstalled(moduleTypeId, module, "0x");
-  }
-  /** Return the install hash for a guardian to sign (r5 format, includes moduleInitData hash). */
-  installHash(account, moduleTypeId, module, moduleInitData = "0x") {
-    return buildInstallModuleHash(this.chainId, account, moduleTypeId, module, moduleInitData);
-  }
-  /** Return the uninstall hash for guardians to sign. */
-  uninstallHash(account, moduleTypeId, module) {
-    return buildUninstallModuleHash(this.chainId, account, moduleTypeId, module);
-  }
-  /**
-   * Convenience: build install calldata for the standard M7 module set.
-   * Uses pre-deployed Sepolia addresses (r4 audit-final). No guardian sigs required when
-   * account threshold <= 40 (default for newly created accounts).
-   *
-   * Note: beta.3 unifies these into SessionKeyValidator. This helper retains the r4
-   * addresses for accounts already deployed on r4; new accounts use SessionKeyValidator.
-   */
-  encodeInstallDefaultModules(account) {
-    const addresses = AIRACCOUNT_ADDRESSES.sepolia;
-    return {
-      compositeValidator: this.encodeInstall({
-        account,
-        moduleTypeId: MODULE_TYPE.VALIDATOR,
-        module: addresses.compositeValidatorM7r4
-      }),
-      tierGuardHook: this.encodeInstall({
-        account,
-        moduleTypeId: MODULE_TYPE.HOOK,
-        module: addresses.tierGuardHookM7r4
-      })
-    };
-  }
-};
-function buildSessionStruct(params) {
-  return {
-    expiry: params.expiry,
-    contractScope: params.contractScope ?? ethers.ZeroAddress,
-    selectorScope: params.selectorScope ?? "0x00000000",
-    revoked: false,
-    velocityLimit: params.velocityLimit ?? 0,
-    velocityWindow: params.velocityWindow ?? 0,
-    callTargets: params.callTargets ?? [],
-    selectorAllowlist: params.selectorAllowlist ?? []
-  };
-}
-function decodeSessionInfo(session) {
-  const s = session;
-  const expiry = Number(s[0]);
-  const now = Math.floor(Date.now() / 1e3);
-  return {
-    expiry,
-    contractScope: s[1],
-    selectorScope: s[2],
-    revoked: s[3],
-    velocityLimit: Number(s[4]),
-    velocityWindow: Number(s[5]),
-    callTargets: [...s[6] ?? []],
-    selectorAllowlist: [...s[7] ?? []],
-    active: expiry > now && !s[3]
-  };
-}
-var SessionKeyService = class {
-  provider;
-  skValidator;
-  askValidator;
-  constructor(provider, sessionKeyValidatorAddress, agentSessionKeyValidatorAddress) {
-    this.provider = provider;
-    this.skValidator = new ethers.Contract(
-      sessionKeyValidatorAddress,
-      SESSION_KEY_VALIDATOR_ABI,
-      provider
-    );
-    this.askValidator = new ethers.Contract(
-      agentSessionKeyValidatorAddress,
-      AGENT_SESSION_KEY_VALIDATOR_ABI,
-      provider
-    );
-  }
-  // ── M6: Basic Session Keys ────────────────────────────────────
-  /**
-   * Build the hash that the account owner must sign to grant a session key.
-   * Use grantSession() with this sig, or grantSessionDirect() from the account itself.
-   */
-  async buildGrantHash(params) {
-    return this.skValidator.buildGrantHash(
-      params.account,
-      params.sessionKey,
-      buildSessionStruct(params)
-    );
-  }
-  /** Query an ECDSA session key state (decodes the 8-field Session tuple). */
-  async getSession(account, sessionKey) {
-    const session = await this.skValidator.getSession(account, sessionKey);
-    return decodeSessionInfo(session);
-  }
-  /** Check if an ECDSA session is currently active. */
-  async isSessionActive(account, sessionKey) {
-    return this.skValidator.isSessionActive(account, sessionKey);
-  }
-  /**
-   * Encode calldata for session grant.
-   *
-   * - **With ownerSig** → `grantSession()` — for gasless/UserOp flows.
-   *   Owner signs the GRANT_SESSION_V2 typed hash via KMS `sign-grant-session`,
-   *   then the relayer calls `grantSession(account, key, cfg, ownerSig)` on-chain.
-   *   This is the ONLY path for ERC-4337 sponsored / gasless grant flows.
-   *
-   * - **Without ownerSig** → `grantSessionDirect()` — **owner EOA direct-send only**.
-   *   Since v0.17.2 round 3, `grantSessionDirect` requires `msg.sender == ownerOf(account)`.
-   *   It does NOT accept `msg.sender == account` (removed in round 3 — confused-deputy fix).
-   *   Do NOT encode this for a UserOp callData; the EntryPoint is not the owner EOA.
-   */
-  encodeGrantSession(params) {
-    const iface = new ethers.Interface(SESSION_KEY_VALIDATOR_ABI);
-    const cfg = buildSessionStruct(params);
-    if (params.ownerSig) {
-      return iface.encodeFunctionData("grantSession", [
-        params.account,
-        params.sessionKey,
-        cfg,
-        params.ownerSig
-      ]);
-    }
-    return iface.encodeFunctionData("grantSessionDirect", [
-      params.account,
-      params.sessionKey,
-      cfg
-    ]);
-  }
-  /** Encode calldata for revokeSession(). */
-  encodeRevokeSession(account, sessionKey) {
-    const iface = new ethers.Interface(SESSION_KEY_VALIDATOR_ABI);
-    return iface.encodeFunctionData("revokeSession", [account, sessionKey]);
-  }
-  // ── M6: P256 / Passkey Session Keys ───────────────────────────
-  /**
-   * Build the hash that the account owner must sign to grant a P256/passkey session key.
-   * Use grantP256Session() with this sig, or grantP256SessionDirect() from the owner EOA itself.
-   * The owner/KMS signs this hash to authorize a gasless grantP256Session().
-   */
-  async buildP256GrantHash(params) {
-    return this.skValidator.buildP256GrantHash(
-      params.account,
-      params.keyX,
-      params.keyY,
-      buildSessionStruct(params)
-    );
-  }
-  /**
-   * Query a P256 session key state (decodes the 8-field Session tuple).
-   * @param keyHash The keccak256 hash of (keyX, keyY) used as the on-chain session id.
-   */
-  async getP256Session(account, keyHash) {
-    const session = await this.skValidator.getP256Session(account, keyHash);
-    return decodeSessionInfo(session);
-  }
-  /** Check if a P256 session is currently active. */
-  async isP256SessionActive(account, keyX, keyY) {
-    return this.skValidator.isP256SessionActive(account, keyX, keyY);
-  }
-  /**
-   * Encode calldata for a P256/passkey session grant.
-   *
-   * - **With ownerSig** → `grantP256Session()` — for gasless/UserOp flows.
-   *   Owner signs the buildP256GrantHash() digest via KMS `sign-p256-grant-session`,
-   *   then the relayer calls `grantP256Session(account, keyX, keyY, cfg, ownerSig)` on-chain.
-   *   This is the ONLY path for ERC-4337 sponsored / gasless P256 grant flows.
-   *
-   * - **Without ownerSig** → `grantP256SessionDirect()` — **owner EOA direct-send only**.
-   *   Since v0.17.2 round 3, `grantP256SessionDirect` requires `msg.sender == ownerOf(account)`.
-   *   It does NOT accept `msg.sender == account` (removed in round 3 — confused-deputy fix).
-   *   Do NOT encode this for a UserOp callData; the EntryPoint is not the owner EOA.
-   */
-  encodeGrantP256Session(params) {
-    const iface = new ethers.Interface(SESSION_KEY_VALIDATOR_ABI);
-    const cfg = buildSessionStruct(params);
-    if (params.ownerSig) {
-      return iface.encodeFunctionData("grantP256Session", [
-        params.account,
-        params.keyX,
-        params.keyY,
-        cfg,
-        params.ownerSig
-      ]);
-    }
-    return iface.encodeFunctionData("grantP256SessionDirect", [
-      params.account,
-      params.keyX,
-      params.keyY,
-      cfg
-    ]);
-  }
-  /** Encode calldata for revokeP256Session(). */
-  encodeRevokeP256Session(account, keyX, keyY) {
-    const iface = new ethers.Interface(SESSION_KEY_VALIDATOR_ABI);
-    return iface.encodeFunctionData("revokeP256Session", [account, keyX, keyY]);
-  }
-  // ── M7: Agent Session Keys ────────────────────────────────────
-  /**
-   * Encode calldata for grantAgentSession().
-   * Must be called from the account (via UserOp or direct execute).
-   * The contract uses msg.sender as the account — no account param needed.
-   */
-  encodeGrantAgentSession(sessionKey, cfg) {
-    const iface = new ethers.Interface(AGENT_SESSION_KEY_VALIDATOR_ABI);
-    return iface.encodeFunctionData("grantAgentSession", [
-      sessionKey,
-      {
-        expiry: cfg.expiry,
-        velocityLimit: cfg.velocityLimit,
-        velocityWindow: cfg.velocityWindow,
-        revoked: false,
-        callTargets: cfg.callTargets,
-        selectorAllowlist: cfg.selectorAllowlist
-      }
-    ]);
-  }
-  /**
-   * Encode calldata for delegateSession() — sub-agent delegation.
-   * The sub-agent config must be a strict subset of the parent session's scope.
-   * Called by the parent session key (not the account owner).
-   * @param account The smart account under which the parent session was granted.
-   */
-  encodeDelegateSession(account, subKey, subCfg) {
-    const iface = new ethers.Interface(AGENT_SESSION_KEY_VALIDATOR_ABI);
-    return iface.encodeFunctionData("delegateSession", [
-      account,
-      subKey,
-      {
-        expiry: subCfg.expiry,
-        velocityLimit: subCfg.velocityLimit,
-        velocityWindow: subCfg.velocityWindow,
-        revoked: false,
-        callTargets: subCfg.callTargets,
-        selectorAllowlist: subCfg.selectorAllowlist
-      }
-    ]);
-  }
-  /** Encode calldata for revokeAgentSession(). */
-  encodeRevokeAgentSession(sessionKey) {
-    const iface = new ethers.Interface(AGENT_SESSION_KEY_VALIDATOR_ABI);
-    return iface.encodeFunctionData("revokeAgentSession", [sessionKey]);
-  }
-  /** Query agent session config + runtime state. */
-  async getAgentSession(account, sessionKey) {
-    const [expiry, velocityLimit, velocityWindow, revoked, callTargets, selectorAllowlist] = await this.askValidator.agentSessions(account, sessionKey);
-    const [callCount, windowStart] = await this.askValidator.sessionStates(account, sessionKey);
-    return {
-      expiry: Number(expiry),
-      velocityLimit: Number(velocityLimit),
-      velocityWindow: Number(velocityWindow),
-      callTargets,
-      selectorAllowlist,
-      revoked,
-      callCount: BigInt(callCount),
-      windowStart: BigInt(windowStart)
-    };
-  }
-  /** Check if an agent session is active (not expired, not revoked). */
-  async isAgentSessionActive(account, sessionKey) {
-    const session = await this.getAgentSession(account, sessionKey);
-    return session.expiry > Math.floor(Date.now() / 1e3) && !session.revoked;
-  }
-  /** Return the parent account of a delegated session key. */
-  async getSessionKeyOwner(sessionKey) {
-    return this.askValidator.sessionKeyOwner(sessionKey);
-  }
-  /** Return the parent key that delegated to subKey, or ZeroAddress if not delegated. */
-  async getDelegatedBy(account, subKey) {
-    return this.askValidator.delegatedBy(account, subKey);
-  }
-};
-function packSecp256k1SessionSignature(account, sessionKey, signature) {
-  const acc = account.startsWith("0x") ? account.slice(2) : account;
-  const key = sessionKey.startsWith("0x") ? sessionKey.slice(2) : sessionKey;
-  const sig = signature.startsWith("0x") ? signature.slice(2) : signature;
-  if (acc.length !== 40) throw new Error("account must be 20 bytes (40 hex chars)");
-  if (key.length !== 40) throw new Error("sessionKey must be 20 bytes (40 hex chars)");
-  if (sig.length !== 130) throw new Error("signature must be 65 bytes (130 hex chars)");
-  return `0x08${acc}${key}${sig}`;
-}
-function packP256SessionSignature(account, keyX, keyY, signature) {
-  const acc = account.startsWith("0x") ? account.slice(2) : account;
-  const x = keyX.startsWith("0x") ? keyX.slice(2) : keyX;
-  const y = keyY.startsWith("0x") ? keyY.slice(2) : keyY;
-  const sig = signature.startsWith("0x") ? signature.slice(2) : signature;
-  if (acc.length !== 40) throw new Error("account must be 20 bytes (40 hex chars)");
-  if (x.length !== 64) throw new Error("keyX must be 32 bytes (64 hex chars)");
-  if (y.length !== 64) throw new Error("keyY must be 32 bytes (64 hex chars)");
-  if (sig.length !== 128) throw new Error("P256 signature must be 64 bytes (128 hex chars, R||S)");
-  return `0x08${acc}${x}${y}${sig}`;
-}
-var EXTENDED_GUARD_ABI = [
-  ...GLOBAL_GUARD_ABI,
-  "function todaySpent() external view returns (uint256)",
-  "function tokenTodaySpent(address token) external view returns (uint256)",
-  // approvedAlgorithms removed from the guard in v0.17.2-beta.4 — now read from the account.
-  "function tier1Limit() external view returns (uint256)",
-  "function tier2Limit() external view returns (uint256)",
-  "function minDailyLimit() external view returns (uint256)"
-];
-var GuardStateReader = class {
-  provider;
-  constructor(provider) {
-    this.provider = provider;
-  }
-  /**
-   * Read the full ETH guard state for an account.
-   * Returns null if the account has no guard (dailyLimit=0).
-   */
-  async getGuardState(accountAddress) {
-    const account = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, this.provider);
-    const guardAddress = await account.guard();
-    if (guardAddress === ethers.ZeroAddress) return null;
-    const guard = new ethers.Contract(guardAddress, EXTENDED_GUARD_ABI, this.provider);
-    const [dailyLimit, remaining, todaySpent, tier1Limit, tier2Limit, minDailyLimit] = await Promise.all([
-      guard.dailyLimit(),
-      guard.remainingDailyAllowance(),
-      guard.todaySpent(),
-      guard.tier1Limit().catch(() => 0n),
-      guard.tier2Limit().catch(() => 0n),
-      guard.minDailyLimit().catch(() => 0n)
-    ]);
-    return {
-      dailyLimit: BigInt(dailyLimit),
-      todaySpent: BigInt(todaySpent),
-      remaining: BigInt(remaining),
-      currentTier: resolveTierFromSpend(BigInt(todaySpent), BigInt(tier1Limit), BigInt(tier2Limit)),
-      tier1Limit: BigInt(tier1Limit),
-      tier2Limit: BigInt(tier2Limit),
-      minDailyLimit: BigInt(minDailyLimit),
-      guardAddress
-    };
-  }
-  /**
-   * Read per-token guard state.
-   * Returns null if the token is not configured on the guard.
-   */
-  async getTokenGuardState(accountAddress, token) {
-    const account = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, this.provider);
-    const guardAddress = await account.guard();
-    if (guardAddress === ethers.ZeroAddress) return null;
-    const guard = new ethers.Contract(guardAddress, EXTENDED_GUARD_ABI, this.provider);
-    try {
-      const todaySpent = await guard.tokenTodaySpent(token);
-      return {
-        token,
-        todaySpent: BigInt(todaySpent),
-        dailyLimit: 0n,
-        // token daily limit not directly exposed
-        remaining: 0n,
-        currentTier: 1,
-        tier1Limit: 0n,
-        tier2Limit: 0n
-      };
-    } catch {
-      return null;
-    }
-  }
-  /**
-   * Determine the minimum tier required to send a given ETH amount.
-   * Useful for showing "this transfer needs 2 signatures" before submission.
-   */
-  async requiredTierForAmount(accountAddress, amountWei) {
-    const state = await this.getGuardState(accountAddress);
-    if (!state) return 1;
-    const projectedSpend = state.todaySpent + amountWei;
-    return resolveTierFromSpend(projectedSpend, state.tier1Limit, state.tier2Limit);
-  }
-  /**
-   * Check if a given algorithm ID is approved on the guard.
-   */
-  async isAlgorithmApproved(accountAddress, algId) {
-    const account = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, this.provider);
-    return account.approvedAlgorithms(algId);
-  }
-};
-function resolveTierFromSpend(spent, tier1Limit, tier2Limit) {
-  if (tier1Limit === 0n) return 1;
-  if (spent < tier1Limit) return 1;
-  if (tier2Limit === 0n || spent < tier2Limit) return 2;
-  return 3;
-}
-function computeOapdSalt(owner, dappId) {
-  const packed = ethers.solidityPacked(["address", "string"], [owner, dappId]);
-  return BigInt(ethers.keccak256(packed));
-}
-async function getOapdAddress(provider, config) {
-  const factoryAddress = config.factoryAddress ?? AIRACCOUNT_ADDRESSES.sepolia.factory;
-  const factory = new ethers.Contract(factoryAddress, AIRACCOUNT_FACTORY_ABI, provider);
-  const salt = computeOapdSalt(config.owner, config.dappId);
-  return factory.getFunction("getAddress")(config.owner, salt, config.initConfig);
-}
-async function getOapdAddressWithChainId(provider, config) {
-  const factoryAddress = config.factoryAddress ?? AIRACCOUNT_ADDRESSES.sepolia.factory;
-  const factory = new ethers.Contract(factoryAddress, AIRACCOUNT_FACTORY_ABI, provider);
-  const salt = computeOapdSalt(config.owner, config.dappId);
-  const result = await factory.getFunction("getAddressWithChainId")(
-    config.owner,
-    salt,
-    config.initConfig
-  );
-  return { address: result[0], chainQualified: result[1] };
-}
-async function isOapdDeployed(provider, config) {
-  const address = await getOapdAddress(provider, config);
-  const code = await provider.getCode(address);
-  return code !== "0x";
-}
-var ALG_BLS = 1;
-var ALG_ECDSA = 2;
-var ALG_P256 = 3;
-var ALG_CUMULATIVE_T2 = 4;
-var ALG_CUMULATIVE_T3 = 5;
-function resolveTier(value, config) {
-  if (config.tier1Limit === 0n && config.tier2Limit === 0n) return 1;
-  if (config.tier1Limit > 0n && value <= config.tier1Limit) return 1;
-  if (config.tier2Limit > 0n && value <= config.tier2Limit) return 2;
-  return 3;
-}
-function algIdForTier(tier) {
-  switch (tier) {
-    case 1:
-      return ALG_ECDSA;
-    case 2:
-      return ALG_CUMULATIVE_T2;
-    case 3:
-      return ALG_CUMULATIVE_T3;
-  }
-}
-var ALG_NAMES = {
-  [ALG_BLS]: "BLS (0x01)",
-  [ALG_ECDSA]: "ECDSA (0x02)",
-  [ALG_P256]: "P256 (0x03)",
-  [ALG_CUMULATIVE_T2]: "Cumulative T2 (0x04)",
-  [ALG_CUMULATIVE_T3]: "Cumulative T3 (0x05)"
-};
-var GuardChecker = class {
-  constructor(ethereum, logger) {
-    this.ethereum = ethereum;
-    this.logger = logger ?? new ConsoleLogger("[GuardChecker]");
-  }
-  logger;
-  /**
-   * Fetch tier limits from an AirAccount contract.
-   */
-  async fetchTierConfig(accountAddress) {
-    const provider = this.ethereum.getProvider();
-    const account = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, provider);
-    const [tier1Limit, tier2Limit] = await Promise.all([
-      account.tier1Limit(),
-      account.tier2Limit()
-    ]);
-    return {
-      tier1Limit: BigInt(tier1Limit),
-      tier2Limit: BigInt(tier2Limit)
-    };
-  }
-  /**
-   * Fetch guard status from the account's GlobalGuard.
-   */
-  async fetchGuardStatus(accountAddress) {
-    const provider = this.ethereum.getProvider();
-    const account = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, provider);
-    const config = await account.getConfigDescription();
-    const guardAddress = config.guardAddress;
-    if (guardAddress === ethers.ZeroAddress) {
-      return {
-        hasGuard: false,
-        guardAddress: ethers.ZeroAddress,
-        dailyLimit: 0n,
-        dailyRemaining: 0n
-      };
-    }
-    const guard = new ethers.Contract(guardAddress, GLOBAL_GUARD_ABI, provider);
-    const [dailyLimit, dailyRemaining] = await Promise.all([
-      guard.dailyLimit(),
-      guard.remainingDailyAllowance()
-    ]);
-    return {
-      hasGuard: true,
-      guardAddress,
-      dailyLimit: BigInt(dailyLimit),
-      dailyRemaining: BigInt(dailyRemaining)
-    };
-  }
-  /**
-   * Pre-check a transaction: determine tier, check guard limits and algorithm approval.
-   * Returns errors array (empty = OK to proceed).
-   */
-  async preCheck(accountAddress, value) {
-    const errors = [];
-    const tierConfig = await this.fetchTierConfig(accountAddress);
-    const tier = resolveTier(value, tierConfig);
-    const algId = algIdForTier(tier);
-    const guard = await this.fetchGuardStatus(accountAddress);
-    if (!guard.hasGuard) {
-      return { ok: true, errors: [], tier, algId };
-    }
-    if (guard.dailyLimit > 0n && value > guard.dailyRemaining) {
-      errors.push(
-        `Daily limit exceeded: requesting ${value} wei but only ${guard.dailyRemaining} remaining (limit: ${guard.dailyLimit})`
-      );
-    }
-    const provider = this.ethereum.getProvider();
-    const accountContract = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, provider);
-    const isApproved = await accountContract.approvedAlgorithms(algId);
-    if (!isApproved) {
-      errors.push(
-        `Algorithm ${ALG_NAMES[algId] ?? `0x${algId.toString(16)}`} is not approved by the account`
-      );
-    }
-    if (errors.length > 0) {
-      this.logger.warn(`Pre-check failed for ${accountAddress}: ${errors.join("; ")}`);
-    }
-    return { ok: errors.length === 0, errors, tier, algId };
-  }
-};
-var FORCE_EXIT_ABI = [
-  // ERC-7579 module lifecycle
-  "function onInstall(bytes calldata data) external",
-  "function onUninstall(bytes calldata data) external",
-  "function isInitialized(address smartAccount) external view returns (bool)",
-  // Proposal lifecycle
-  "function proposeForceExit(address target, uint256 value, bytes calldata data) external",
-  "function approveForceExit(address account, bytes calldata guardianSig) external",
-  "function executeForceExit(address account) external",
-  "function cancelForceExit(address account) external",
-  // State readers
-  "function getPendingExit(address account) external view returns (address target, uint256 value, bytes memory data, uint256 proposedAt, uint256 approvalBitmap, address[3] memory guardians)",
-  "function accountL2Type(address account) external view returns (uint8)",
-  // Constants
-  "function APPROVAL_THRESHOLD() external view returns (uint8)",
-  "function MODULE_VERSION() external view returns (string)",
-  // Errors (for decoding reverts)
-  "error AlreadyApproved()",
-  "error AlreadyProposed()",
-  "error ForceExitCallFailed()",
-  "error IncompatibleAccount()",
-  "error InvalidGuardianSig()",
-  "error NoProposal()",
-  "error NotEnoughApprovals()",
-  "error NotInstalled()",
-  "error NotOwner()",
-  "error SignerNoLongerGuardian()",
-  "error UnsupportedL2Type()"
-];
-var L2_TYPE = {
-  OPTIMISM: 1,
-  ARBITRUM: 2
-};
-var ForceExitService = class {
-  constructor(moduleAddress, providerOrSigner) {
-    this.moduleAddress = moduleAddress;
-    this.contract = new ethers.Contract(moduleAddress, FORCE_EXIT_ABI, providerOrSigner);
-    this.iface = new ethers.Interface(FORCE_EXIT_ABI);
-  }
-  contract;
-  iface;
-  // ── On-chain reads ──────────────────────────────────────────────
-  async isInitialized(smartAccount) {
-    return this.contract.isInitialized(smartAccount);
-  }
-  async getPendingExit(account) {
-    const [target, value, data, proposedAt, approvalBitmap, guardians] = await this.contract.getPendingExit(account);
-    return {
-      target,
-      value: BigInt(value),
-      data,
-      proposedAt: BigInt(proposedAt),
-      approvalBitmap: BigInt(approvalBitmap),
-      guardians
-    };
-  }
-  async getAccountL2Type(account) {
-    return Number(await this.contract.accountL2Type(account));
-  }
-  async getApprovalThreshold() {
-    return Number(await this.contract.APPROVAL_THRESHOLD());
-  }
-  async getModuleVersion() {
-    return this.contract.MODULE_VERSION();
-  }
-  // ── Calldata encoders (for UserOp or direct tx submission) ─────
-  /**
-   * Encode onInstall calldata for installModule() call on the smart account.
-   * Must be submitted by the account owner, with moduleTypeId=2 (EXECUTOR).
-   *
-   * @param l2Type - L2_TYPE.OPTIMISM (1) or L2_TYPE.ARBITRUM (2)
-   * @example
-   * const calldata = forceExit.encodeOnInstall(L2_TYPE.OPTIMISM);
-   * // account.installModule(2, forceExitModuleAddress, calldata)
-   */
-  encodeOnInstall(l2Type) {
-    return this.iface.encodeFunctionData("onInstall", [
-      ethers.AbiCoder.defaultAbiCoder().encode(["uint8"], [l2Type])
-    ]);
-  }
-  encodeOnUninstall() {
-    return this.iface.encodeFunctionData("onUninstall", ["0x"]);
-  }
-  /**
-   * Encode calldata for proposeForceExit — the exit payload to bridge out of L2.
-   * `target` is the L2→L1 bridge contract; `data` is the bridge call payload.
-   */
-  encodeProposeForceExit(target, value, data) {
-    return this.iface.encodeFunctionData("proposeForceExit", [target, value, data]);
-  }
-  /**
-   * Encode calldata for approveForceExit — guardian signs off on the pending proposal.
-   * `guardianSig` must be an EIP-191 personal_sign over the proposal hash.
-   */
-  encodeApproveForceExit(account, guardianSig) {
-    return this.iface.encodeFunctionData("approveForceExit", [account, guardianSig]);
-  }
-  encodeExecuteForceExit(account) {
-    return this.iface.encodeFunctionData("executeForceExit", [account]);
-  }
-  encodeCancelForceExit(account) {
-    return this.iface.encodeFunctionData("cancelForceExit", [account]);
-  }
-  // ── Convenience: send transactions (requires Signer) ──────────
-  async proposeForceExit(target, value, data) {
-    return this.contract.proposeForceExit(target, value, data);
-  }
-  async approveForceExit(account, guardianSig) {
-    return this.contract.approveForceExit(account, guardianSig);
-  }
-  async executeForceExit(account) {
-    return this.contract.executeForceExit(account);
-  }
-  async cancelForceExit(account) {
-    return this.contract.cancelForceExit(account);
-  }
-};
-var RECOVERY_THRESHOLD = 2;
-var MAX_GUARDIANS = 3;
-var RECOVERY_TIMELOCK_SECONDS = 2n * 24n * 60n * 60n;
-function popcount(value) {
-  let v = value;
-  let count = 0;
-  while (v > 0n) {
-    count += Number(v & 1n);
-    v >>= 1n;
-  }
-  return count;
-}
-var RecoveryService = class {
-  constructor(providerOrSigner) {
-    this.providerOrSigner = providerOrSigner;
-    this.iface = new ethers.Interface(AIRACCOUNT_ABI);
-  }
-  iface;
-  // ── Calldata encoders (submit TO the account address) ─────────────
-  /**
-   * Encode `addGuardian(guardian)` calldata. **Owner only.**
-   * Registers a recovery guardian; reverts once 3 guardians are set, or if the
-   * guardian is `address(0)`, the owner, or already registered.
-   */
-  encodeAddGuardian(guardian) {
-    return this.iface.encodeFunctionData("addGuardian", [guardian]);
-  }
-  /**
-   * Encode `removeGuardian(index, guardianSigs)` calldata. **Owner only**, and
-   * requires >= {@link RECOVERY_THRESHOLD} guardian signatures over the removal
-   * hash. Cannot remove while a recovery is active, nor drop below 2 guardians.
-   *
-   * @param index        Guardian slot to remove (0-indexed).
-   * @param guardianSigs EIP-191 guardian signatures over the removal hash.
-   */
-  encodeRemoveGuardian(index, guardianSigs) {
-    return this.iface.encodeFunctionData("removeGuardian", [index, guardianSigs]);
-  }
-  /**
-   * Encode `proposeRecovery(newOwner)` calldata. **Any guardian** may call.
-   * Starts the {@link RECOVERY_TIMELOCK_SECONDS} timelock and records the
-   * proposer's approval (1 of {@link RECOVERY_THRESHOLD}).
-   */
-  encodeProposeRecovery(newOwner) {
-    return this.iface.encodeFunctionData("proposeRecovery", [newOwner]);
-  }
-  /**
-   * Encode `approveRecovery()` calldata. **Another guardian** approves the
-   * active proposal, setting its bit in `approvalBitmap`.
-   */
-  encodeApproveRecovery() {
-    return this.iface.encodeFunctionData("approveRecovery", []);
-  }
-  /**
-   * Encode `cancelRecovery()` calldata. **Guardians only** — each call is one
-   * vote; recovery is dropped once {@link RECOVERY_THRESHOLD} cancel votes are
-   * reached. The owner cannot cancel.
-   */
-  encodeCancelRecovery() {
-    return this.iface.encodeFunctionData("cancelRecovery", []);
-  }
-  /**
-   * Encode `executeRecovery()` calldata. **Anyone** may call, but it only
-   * succeeds once the timelock has elapsed and the approval threshold is met.
-   * Rotates the account owner to the proposed `newOwner`.
-   */
-  encodeExecuteRecovery() {
-    return this.iface.encodeFunctionData("executeRecovery", []);
-  }
-  // ── On-chain reads (against the account address) ──────────────────
-  /**
-   * Read and decode the account's `activeRecovery()` struct.
-   * Returns derived `approvalCount`, `cancellationCount`, `executeAfter`, and
-   * `isActive` alongside the raw fields.
-   *
-   * @param account The AirAccount address to query.
-   */
-  async getActiveRecovery(account) {
-    const contract = new ethers.Contract(account, AIRACCOUNT_ABI, this.providerOrSigner);
-    const [newOwner, proposedAt, approvalBitmap, cancellationBitmap] = await contract.activeRecovery();
-    const proposedAtBn = BigInt(proposedAt);
-    const approvalBitmapBn = BigInt(approvalBitmap);
-    const cancellationBitmapBn = BigInt(cancellationBitmap);
-    return {
-      newOwner,
-      proposedAt: proposedAtBn,
-      approvalBitmap: approvalBitmapBn,
-      cancellationBitmap: cancellationBitmapBn,
-      approvalCount: popcount(approvalBitmapBn),
-      cancellationCount: popcount(cancellationBitmapBn),
-      executeAfter: proposedAtBn + RECOVERY_TIMELOCK_SECONDS,
-      isActive: newOwner !== ethers.ZeroAddress
-    };
-  }
-  /**
-   * Read the number of registered guardians via `guardianCount()`.
-   *
-   * @param account The AirAccount address to query.
-   */
-  async getGuardianCount(account) {
-    const contract = new ethers.Contract(account, AIRACCOUNT_ABI, this.providerOrSigner);
-    return Number(await contract.guardianCount());
-  }
-  /**
-   * Read the full guardian address list.
-   *
-   * The V7 account exposes positional `guardians(uint256 i)` (3 packed slots) plus
-   * `guardianCount()` — there is no single `getGuardians()` getter on the account
-   * (that exists only on `AirAccountDelegate`, the EIP-7702 path). This reads slots
-   * `0..guardianCount-1` and returns the non-zero guardian addresses.
-   *
-   * @param account The AirAccount address to query.
-   */
-  async getGuardians(account) {
-    const contract = new ethers.Contract(account, AIRACCOUNT_ABI, this.providerOrSigner);
-    const count = Number(await contract.guardianCount());
-    const guardians = [];
-    for (let i = 0; i < count; i++) {
-      const g = await contract.guardians(i);
-      if (g !== ethers.ZeroAddress) guardians.push(g);
-    }
-    return guardians;
-  }
-};
-var DELEGATE_ABI = [
-  "function initialize(address guardian1, bytes calldata g1Sig, address guardian2, bytes calldata g2Sig, uint256 dailyLimit) external",
-  "function owner() external view returns (address)",
-  "function isInitialized() external view returns (bool)",
-  "function entryPoint() external view returns (address)",
-  "function getGuardians() external view returns (address[3] memory)",
-  "function getDeposit() external view returns (uint256)",
-  "function execute(address dest, uint256 value, bytes calldata data) external",
-  "function executeBatch(address[] calldata dest, uint256[] calldata value, bytes[] calldata data) external",
-  "function validateUserOp((address sender, uint256 nonce, bytes initCode, bytes callData, bytes32 accountGasLimits, uint256 preVerificationGas, bytes32 gasFees, bytes paymasterAndData, bytes signature) calldata userOp, bytes32 userOpHash, uint256 missingFunds) external returns (uint256)",
-  "function initiateRescue(address rescueTo) external",
-  "function approveRescue() external",
-  "function cancelRescue() external",
-  "function executeRescue() external",
-  "function addDeposit() external payable",
-  "function withdrawDepositTo(address to, uint256 amount) external",
-  "error AlreadyInitialized()",
-  "error NotInitialized()",
-  "error InvalidAddress()",
-  "error InvalidGuardianSignature()"
-];
-var AIR_ACCOUNT_DELEGATE_ADDRESS = "0x8603AAF6C3f07fdae810B323c95a198D796EC52E";
-var EIP7702DelegateService = class {
-  constructor(delegateAddress = AIR_ACCOUNT_DELEGATE_ADDRESS, providerOrSigner) {
-    this.delegateAddress = delegateAddress;
-    this.iface = new ethers.Interface(DELEGATE_ABI);
-    if (providerOrSigner) {
-      this.contract = new ethers.Contract(delegateAddress, DELEGATE_ABI, providerOrSigner);
-    } else {
-      this.contract = new ethers.Contract(delegateAddress, DELEGATE_ABI);
-    }
-  }
-  iface;
-  contract;
-  // ── Calldata encoders ─────────────────────────────────────────
-  /**
-   * Encode initialize() calldata for the first post-delegation UserOp.
-   * Must be the callData of a UserOp sent immediately after the SET_CODE delegation activates.
-   * Guardian acceptance sigs follow the same EIP-712 scheme as AirAccountV7 createAccount.
-   */
-  encodeInitialize(params) {
-    return this.iface.encodeFunctionData("initialize", [
-      params.guardian1,
-      params.guardian1Sig,
-      params.guardian2,
-      params.guardian2Sig,
-      params.dailyLimit
-    ]);
-  }
-  encodeExecute(dest, value, data) {
-    return this.iface.encodeFunctionData("execute", [dest, value, data]);
-  }
-  encodeExecuteBatch(dests, values, datas) {
-    return this.iface.encodeFunctionData("executeBatch", [dests, values, datas]);
-  }
-  // ── EIP-7702 authorization hash construction ──────────────────
-  /**
-   * Compute the EIP-7702 SET_CODE authorization hash that the EOA must sign.
-   *
-   * Hash = keccak256(0x05 || RLP([chainId, address, nonce]))
-   *
-   * This is the hash the private key signs to delegate code execution to
-   * AirAccountDelegate. Use this hash with your KMS sign-hash endpoint or
-   * local ethers Signer.
-   *
-   * @param chainId - Target chain ID (11155111 for Sepolia)
-   * @param nonce - EOA's current transaction nonce
-   * @returns 32-byte hash (0x-prefixed) ready for signing
-   */
-  buildAuthorizationHash(chainId, nonce) {
-    const encoded = ethers.encodeRlp([
-      chainId === 0 ? "0x" : ethers.toBeHex(chainId),
-      this.delegateAddress,
-      nonce === 0n ? "0x" : ethers.toBeHex(nonce)
-    ]);
-    return ethers.keccak256(ethers.concat(["0x05", encoded]));
-  }
-  /**
-   * Build the full EIP-7702 authorization object for relay submission.
-   * The caller must sign `buildAuthorizationHash()` externally and pass the result here.
-   *
-   * @param chainId - Target chain ID
-   * @param nonce - EOA's current nonce
-   * @param signature - 65-byte ECDSA signature (R||S||V) over the authorization hash
-   */
-  buildAuthorization(chainId, nonce, signature) {
-    return {
-      chainId,
-      address: this.delegateAddress,
-      nonce,
-      signature
-    };
-  }
-  /**
-   * Verify that a signature is a valid EIP-7702 authorization for the given EOA address.
-   * Recovers the signer from the authorization hash and checks it matches `eoa`.
-   */
-  verifyAuthorization(eoa, chainId, nonce, signature) {
-    const hash = this.buildAuthorizationHash(chainId, nonce);
-    const recovered = ethers.recoverAddress(hash, signature);
-    return recovered.toLowerCase() === eoa.toLowerCase();
-  }
-  // ── On-chain reads (requires provider) ───────────────────────
-  async isInitialized(eoa) {
-    const provider = this.contract.runner;
-    if (!provider) throw new Error("EIP7702DelegateService: provider required for on-chain reads");
-    const c = new ethers.Contract(eoa, DELEGATE_ABI, provider);
-    return c.isInitialized();
-  }
-  async getOwner(eoa) {
-    const provider = this.contract.runner;
-    if (!provider) throw new Error("EIP7702DelegateService: provider required for on-chain reads");
-    const c = new ethers.Contract(eoa, DELEGATE_ABI, provider);
-    return c.owner();
-  }
-  async getGuardians(eoa) {
-    const provider = this.contract.runner;
-    if (!provider) throw new Error("EIP7702DelegateService: provider required for on-chain reads");
-    const c = new ethers.Contract(eoa, DELEGATE_ABI, provider);
-    return c.getGuardians();
-  }
-};
-var WEIGHTED_SIGNATURE_ABI = [
-  // Direct owner set (first-time / strengthening only)
-  "function setWeightConfig((uint8 passkeyWeight, uint8 ecdsaWeight, uint8 blsWeight, uint8 guardian0Weight, uint8 guardian1Weight, uint8 guardian2Weight, uint8 _padding, uint8 tier1Threshold, uint8 tier2Threshold, uint8 tier3Threshold) config) external",
-  // Guardian-governed change flow (required for any weakening)
-  "function proposeWeightChange((uint8 passkeyWeight, uint8 ecdsaWeight, uint8 blsWeight, uint8 guardian0Weight, uint8 guardian1Weight, uint8 guardian2Weight, uint8 _padding, uint8 tier1Threshold, uint8 tier2Threshold, uint8 tier3Threshold) proposed) external",
-  "function approveWeightChange() external",
-  "function cancelWeightChange() external",
-  "function executeWeightChange() external",
-  // State readers
-  "function weightConfig() external view returns (uint8 passkeyWeight, uint8 ecdsaWeight, uint8 blsWeight, uint8 guardian0Weight, uint8 guardian1Weight, uint8 guardian2Weight, uint8 _padding, uint8 tier1Threshold, uint8 tier2Threshold, uint8 tier3Threshold)",
-  "function pendingWeightChange() external view returns ((uint8 passkeyWeight, uint8 ecdsaWeight, uint8 blsWeight, uint8 guardian0Weight, uint8 guardian1Weight, uint8 guardian2Weight, uint8 _padding, uint8 tier1Threshold, uint8 tier2Threshold, uint8 tier3Threshold) proposed, uint256 proposedAt, uint256 approvalBitmap)",
-  // Errors (for decoding reverts)
-  "error InsecureWeightConfig()",
-  "error WeakeningRequiresProposal()",
-  "error WeightChangePending()",
-  "error NoWeightChangeProposal()",
-  "error WeightChangeAlreadyApproved()",
-  "error WeightChangeNotApproved()",
-  "error WeightChangeTimelockNotExpired()"
-];
-var WEIGHT_CHANGE_TIMELOCK_SECONDS = 2 * 24 * 60 * 60;
-var WEIGHT_CHANGE_THRESHOLD = 2;
-var WEIGHT_CHANGE_EXPIRY_SECONDS = 30 * 24 * 60 * 60;
-var WEIGHT_CONFIG_FIELDS = [
-  "passkeyWeight",
-  "ecdsaWeight",
-  "blsWeight",
-  "guardian0Weight",
-  "guardian1Weight",
-  "guardian2Weight",
-  "_padding",
-  "tier1Threshold",
-  "tier2Threshold",
-  "tier3Threshold"
-];
-function toConfigTuple(config) {
-  return WEIGHT_CONFIG_FIELDS.map((f) => config[f]);
-}
-function fromConfigResult(result) {
-  const r = result;
-  const pick = (name, idx) => Number(r[name] ?? r[idx]);
-  return {
-    passkeyWeight: pick("passkeyWeight", 0),
-    ecdsaWeight: pick("ecdsaWeight", 1),
-    blsWeight: pick("blsWeight", 2),
-    guardian0Weight: pick("guardian0Weight", 3),
-    guardian1Weight: pick("guardian1Weight", 4),
-    guardian2Weight: pick("guardian2Weight", 5),
-    _padding: pick("_padding", 6),
-    tier1Threshold: pick("tier1Threshold", 7),
-    tier2Threshold: pick("tier2Threshold", 8),
-    tier3Threshold: pick("tier3Threshold", 9)
-  };
-}
-var WeightedSignatureService = class {
-  constructor(accountAddress, providerOrSigner) {
-    this.accountAddress = accountAddress;
-    this.contract = new ethers.Contract(accountAddress, WEIGHTED_SIGNATURE_ABI, providerOrSigner);
-    this.iface = new ethers.Interface(WEIGHTED_SIGNATURE_ABI);
-  }
-  contract;
-  iface;
-  // ── On-chain reads ──────────────────────────────────────────────
-  /** Read the account's current active WeightConfig. */
-  async getWeightConfig() {
-    const result = await this.contract.weightConfig();
-    return fromConfigResult(result);
-  }
-  /**
-   * Read the pending weight-change proposal. When `proposedAt === 0n` there is no
-   * active proposal (the returned `proposed` config will be all zeros).
-   */
-  async getPendingWeightChange() {
-    const [proposed, proposedAt, approvalBitmap] = await this.contract.pendingWeightChange();
-    return {
-      proposed: fromConfigResult(proposed),
-      proposedAt: BigInt(proposedAt),
-      approvalBitmap: BigInt(approvalBitmap)
-    };
-  }
-  // ── Calldata encoders (for UserOp or direct tx submission) ─────
-  /**
-   * Encode setWeightConfig calldata. OWNER only; for first-time setup or strengthening.
-   * Weakening an existing config must go through encodeProposeWeightChange instead.
-   */
-  encodeSetWeightConfig(config) {
-    return this.iface.encodeFunctionData("setWeightConfig", [toConfigTuple(config)]);
-  }
-  /**
-   * Encode proposeWeightChange calldata. OWNER only; opens a guardian-governed proposal
-   * (required for any weakening). Subject to 2-of-3 approval + 2-day timelock before execute.
-   */
-  encodeProposeWeightChange(config) {
-    return this.iface.encodeFunctionData("proposeWeightChange", [toConfigTuple(config)]);
-  }
-  /** Encode approveWeightChange calldata. GUARDIAN only; each guardian may approve once. */
-  encodeApproveWeightChange() {
-    return this.iface.encodeFunctionData("approveWeightChange", []);
-  }
-  /** Encode cancelWeightChange calldata. OWNER or any GUARDIAN may cancel a pending proposal. */
-  encodeCancelWeightChange() {
-    return this.iface.encodeFunctionData("cancelWeightChange", []);
-  }
-  /**
-   * Encode executeWeightChange calldata. Callable by anyone, but only succeeds once the
-   * threshold (2-of-3) and timelock (2 days) are both satisfied and the proposal has not expired.
-   */
-  encodeExecuteWeightChange() {
-    return this.iface.encodeFunctionData("executeWeightChange", []);
-  }
-};
-var AGENT_REGISTRY_ABI = [
-  // ── Writes ──
-  "function registerAgent(address agentWallet, bytes agentWalletSig) external",
-  "function revokeAgent(address agentWallet) external",
-  "function deregisterAgent(address agentWallet) external",
-  // ── Reads ──
-  "function isRegisteredAgent(address agentWallet) external view returns (bool)",
-  "function isValidAccount(address account) external view returns (bool)",
-  "function getHumanOwner(address agentWallet) external view returns (address)",
-  "function getAgentCount(address owner) external view returns (uint256)",
-  "function getAgentByIndex(address owner, uint256 index) external view returns (address)",
-  "function getAgents(address humanOwner) external view returns (address[])",
-  "function getAgentsPage(address owner, uint256 start, uint256 count) external view returns (address[] page)",
-  "function agentWalletOwner(address agentWallet) external view returns (address)",
-  "function ownerAgents(address owner, uint256 index) external view returns (address)",
-  "function balanceOf(address humanOwner) external view returns (uint256)",
-  // ── Errors (for decoding reverts) ──
-  "error AgentAlreadyRegistered()",
-  "error CallerNotAirAccount()",
-  "error InvalidAddress()",
-  "error InvalidAgentSignature()",
-  "error NotAgentOwner()",
-  "error SelfRegistrationForbidden()"
-];
-var AgentRegistryService = class {
-  /**
-   * @param providerOrSigner ethers Provider (reads only) or Signer (reads + sends).
-   * @param registryAddress  deployed AgentRegistry contract address.
-   */
-  constructor(providerOrSigner, registryAddress) {
-    this.registryAddress = registryAddress;
-    this.providerOrSigner = providerOrSigner;
-    this.contract = new ethers.Contract(registryAddress, AGENT_REGISTRY_ABI, providerOrSigner);
-    this.iface = new ethers.Interface(AGENT_REGISTRY_ABI);
-    this.factoryIface = new ethers.Interface(AIRACCOUNT_FACTORY_ABI);
-    this.accountIface = new ethers.Interface(AIRACCOUNT_ABI);
-  }
-  contract;
-  iface;
-  factoryIface;
-  accountIface;
-  providerOrSigner;
-  // ── Composed register/revoke-via-account scenario encoders ──────────────────
-  // registerAgent/revokeAgent require msg.sender == the agent account, so they are delivered
-  // through the account's execute(registry, 0, calldata). These return the FULL execute
-  // calldata to submit TO the agent account (owner-signed) — the scenario-level entry point.
-  /** Encode `account.execute(registry, 0, registerAgent(agentWallet, agentWalletSig))`. */
-  encodeRegisterAgentViaAccount(agentWallet, agentWalletSig) {
-    return this.accountIface.encodeFunctionData("execute", [
-      this.registryAddress,
-      0n,
-      this.encodeRegisterAgent(agentWallet, agentWalletSig)
-    ]);
-  }
-  /** Encode `account.execute(registry, 0, revokeAgent(agentWallet))`. */
-  encodeRevokeAgentViaAccount(agentWallet) {
-    return this.accountIface.encodeFunctionData("execute", [
-      this.registryAddress,
-      0n,
-      this.encodeRevokeAgent(agentWallet)
-    ]);
-  }
-  // ── AgentRegistry calldata encoders ─────────────────────────────────────────
-  /**
-   * Encode calldata for `registerAgent(agentWallet, agentWalletSig)`.
-   *
-   * Binds `agentWallet` to the caller (the human owner). `agentWalletSig` must be the agent
-   * wallet's EIP-191 signature proving control of the key. Reverts with
-   * `SelfRegistrationForbidden` if the caller registers itself, or `AgentAlreadyRegistered`
-   * if the wallet is already bound.
-   */
-  encodeRegisterAgent(agentWallet, agentWalletSig) {
-    return this.iface.encodeFunctionData("registerAgent", [agentWallet, agentWalletSig]);
-  }
-  /**
-   * Encode calldata for `revokeAgent(agentWallet)`.
-   *
-   * Owner-initiated revocation of a previously registered agent wallet. Caller must be the
-   * agent's human owner (else `NotAgentOwner`).
-   */
-  encodeRevokeAgent(agentWallet) {
-    return this.iface.encodeFunctionData("revokeAgent", [agentWallet]);
-  }
-  /**
-   * Encode calldata for `deregisterAgent(agentWallet)`.
-   *
-   * Removes the agent wallet from the registry (full deregistration, distinct from the
-   * lighter-weight `revokeAgent`). Caller must be the agent's human owner.
-   */
-  encodeDeregisterAgent(agentWallet) {
-    return this.iface.encodeFunctionData("deregisterAgent", [agentWallet]);
-  }
-  // ── AgentRegistry on-chain reads ────────────────────────────────────────────
-  /** Whether `agentWallet` is currently registered in the registry. */
-  async isRegisteredAgent(agentWallet) {
-    return this.contract.isRegisteredAgent(agentWallet);
-  }
-  /** Whether `account` has been marked valid (e.g. an AirAccount minted by the bound factory). */
-  async isValidAccount(account) {
-    return this.contract.isValidAccount(account);
-  }
-  /** The human owner bound to `agentWallet` (ZeroAddress if unregistered). */
-  async getHumanOwner(agentWallet) {
-    return this.contract.getHumanOwner(agentWallet);
-  }
-  /** Number of agents registered under `owner`. */
-  async getAgentCount(owner) {
-    return BigInt(await this.contract.getAgentCount(owner));
-  }
-  /** The agent wallet at `index` in `owner`'s agent list. */
-  async getAgentByIndex(owner, index) {
-    return this.contract.getAgentByIndex(owner, index);
-  }
-  /** Full list of agent wallets registered under `humanOwner`. */
-  async getAgents(humanOwner) {
-    const result = await this.contract.getAgents(humanOwner);
-    return Array.from(result);
-  }
-  /**
-   * Paginated slice of `owner`'s agent wallets: `count` entries starting at `start`.
-   * The contract clamps `count` to the remaining length, so the returned array may be shorter.
-   */
-  async getAgentsPage(owner, start, count) {
-    const result = await this.contract.getAgentsPage(owner, start, count);
-    return Array.from(result);
-  }
-  /** Raw `agentWalletOwner` mapping read (agentWallet → owner). */
-  async agentWalletOwner(agentWallet) {
-    return this.contract.agentWalletOwner(agentWallet);
-  }
-  /** Raw `ownerAgents` array read (owner, index → agentWallet). */
-  async ownerAgents(owner, index) {
-    return this.contract.ownerAgents(owner, index);
-  }
-  // ── Factory agent-account helpers (AAStarAirAccountFactoryV7) ───────────────
-  /**
-   * Encode calldata for the factory's `createAgentAccount(...)`.
-   *
-   * Targets the AAStarAirAccountFactoryV7, NOT the AgentRegistry. The factory deploys the agent
-   * AirAccount and registers it in the bound AgentRegistry in one transaction. Submit this
-   * calldata to the factory address (direct tx or via a relayer).
-   */
-  encodeCreateAgentAccount(params) {
-    return this.factoryIface.encodeFunctionData("createAgentAccount", [
-      params.agentKey,
-      params.agentId,
-      params.guardian2,
-      params.guardian2Sig,
-      params.agentKeySig,
-      params.deadline,
-      params.dailyLimit
-    ]);
-  }
-  /**
-   * Encode calldata for the factory's `setAgentRegistry(_agentRegistry)` (factory-admin only).
-   */
-  encodeSetAgentRegistry(agentRegistry) {
-    return this.factoryIface.encodeFunctionData("setAgentRegistry", [agentRegistry]);
-  }
-  /**
-   * Predict the CREATE2 address of an agent account via the factory's `getAgentAddress(...)`.
-   *
-   * @param factoryAddress AAStarAirAccountFactoryV7 address.
-   * @param humanOwner     the human guardian/owner co-owning the agent account.
-   * @param agentKey       the agent's signing key.
-   * @param agentId        the bytes32 agent identifier.
-   */
-  async getAgentAccountAddress(factoryAddress, humanOwner, agentKey, agentId) {
-    const factory = new ethers.Contract(
-      factoryAddress,
-      AIRACCOUNT_FACTORY_ABI,
-      this.providerOrSigner
-    );
-    return factory.getAgentAddress(humanOwner, agentKey, agentId);
-  }
-  /** Read the AgentRegistry address currently bound to the factory. */
-  async getFactoryAgentRegistry(factoryAddress) {
-    const factory = new ethers.Contract(
-      factoryAddress,
-      AIRACCOUNT_FACTORY_ABI,
-      this.providerOrSigner
-    );
-    return factory.agentRegistry();
-  }
-};
-var ERC8004_ABI = [
-  "function setAgentWallet(uint256 agentId, address agentWallet, address agentRegistry, bytes agentWalletSig) external",
-  "function mintAgentIdentity(address identityRegistry, string agentURI) external returns (uint256 agentId)",
-  "function bindERC8004AgentWallet(address identityRegistry, uint256 agentId, address agentWallet, uint256 deadline, bytes signature) external",
-  "function submitAgentReputation(address reputationRegistry, uint256 agentId, int128 value, uint8 valueDecimals, string tag1, string tag2, string endpoint, string feedbackURI, bytes32 feedbackHash) external",
-  "function queryAgentReputation(address reputationRegistry, uint256 agentId, address[] clientAddresses, string tag1, string tag2) external view returns (uint64 count, int128 summaryValue, uint8 summaryDecimals)",
-  "function agentExtension() external view returns (address)"
-];
-var ERC8004_ADDRESSES = {
-  mainnet: {
-    identityRegistry: "0x8004A169FB4a3325136EB29fA0ceB6D2e539a432",
-    reputationRegistry: "0x8004BAa17C55a88189AE136b182e5fdA19dE9b63",
-    validationRegistry: "0x8004Cc8439f36fd5F9F049D9fF86523Df6dAAB58"
-  },
-  testnet: {
-    identityRegistry: "0x8004A818BFB912233c491871b3d84c89A494BD9e",
-    reputationRegistry: "0x8004B663056A597Dffe9eCcC1965A193B7388713",
-    validationRegistry: "0x8004Cb1BF31DAf7788923b405b754f57acEB4272"
-  }
-};
-var MAINNET_CHAIN_IDS = /* @__PURE__ */ new Set([1, 10, 137, 8453, 42161, 43114, 56, 534352, 100, 42220, 59144, 5e3, 167e3, 360]);
-var TESTNET_CHAIN_IDS = /* @__PURE__ */ new Set([11155111, 11155420, 84532, 421614, 80002]);
-function erc8004AddressesForChain(chainId) {
-  if (MAINNET_CHAIN_IDS.has(chainId)) return ERC8004_ADDRESSES.mainnet;
-  if (TESTNET_CHAIN_IDS.has(chainId)) return ERC8004_ADDRESSES.testnet;
-  throw new Error(`ERC-8004: unsupported chain ${chainId}`);
-}
-var ERC8004Service = class {
-  iface;
-  provider;
-  constructor(provider) {
-    this.iface = new ethers.Interface(ERC8004_ABI);
-    this.provider = provider;
-  }
-  // ── AAStar AgentRegistry path ─────────────────────────────────────────────
-  /**
-   * Encode calldata for `setAgentWallet`.
-   *
-   * Registers `agentWallet` in the AAStar AgentRegistry (SuperPaymaster-facing). This is the
-   * correct path when the goal is SuperPaymaster gasless sponsorship for the agent.
-   *
-   * **Not** a call to the official ERC-8004 IdentityRegistry. Use `encodeMintAgentIdentity`
-   * + `encodeBindERC8004AgentWallet` for the ERC-8004 standard path.
-   *
-   * Callable: owner EOA direct tx OR via UserOp (gasless).
-   */
-  encodeSetAgentWallet(params) {
-    return this.iface.encodeFunctionData("setAgentWallet", [
-      params.agentId,
-      params.agentWallet,
-      params.agentRegistry,
-      params.agentWalletSig
-    ]);
-  }
-  // ── Official ERC-8004 identity path ──────────────────────────────────────
-  /**
-   * Encode calldata for `mintAgentIdentity`.
-   *
-   * Mints an ERC-721 agent identity NFT in the official ERC-8004 IdentityRegistry and returns
-   * the new `agentId` (decoded from the tx receipt). The `identityRegistry` must be
-   * `erc8004AddressesForChain(chainId).identityRegistry` — the contract reverts otherwise.
-   *
-   * Callable: owner EOA direct tx OR via UserOp (gasless).
-   */
-  encodeMintAgentIdentity(params) {
-    return this.iface.encodeFunctionData("mintAgentIdentity", [
-      params.identityRegistry,
-      params.agentURI
-    ]);
-  }
-  /**
-   * Encode calldata for `bindERC8004AgentWallet`.
-   *
-   * Binds an execution wallet to an existing ERC-8004 agent identity NFT. Requires a
-   * deadline-bounded signature from the expected signer (see the IdentityRegistry contract).
-   * The `identityRegistry` must be the official chain-specific address.
-   *
-   * Callable: owner EOA direct tx OR via UserOp (gasless).
-   */
-  encodeBindERC8004AgentWallet(params) {
-    return this.iface.encodeFunctionData("bindERC8004AgentWallet", [
-      params.identityRegistry,
-      params.agentId,
-      params.agentWallet,
-      params.deadline,
-      params.signature
-    ]);
-  }
-  // ── Reputation ────────────────────────────────────────────────────────────
-  /**
-   * Encode calldata for `submitAgentReputation`.
-   *
-   * Submits a reputation feedback entry to the official ERC-8004 ReputationRegistry.
-   * `reputationRegistry` must be `erc8004AddressesForChain(chainId).reputationRegistry`.
-   *
-   * Callable: owner EOA direct tx OR via UserOp (gasless).
-   */
-  encodeSubmitAgentReputation(params) {
-    return this.iface.encodeFunctionData("submitAgentReputation", [
-      params.reputationRegistry,
-      params.agentId,
-      params.value,
-      params.valueDecimals,
-      params.tag1,
-      params.tag2,
-      params.endpoint,
-      params.feedbackURI,
-      params.feedbackHash
-    ]);
-  }
-  /**
-   * Query aggregated reputation for an agent from the official ERC-8004 ReputationRegistry.
-   * Returns `null` when no provider was supplied at construction.
-   */
-  async queryAgentReputation(accountAddress, params) {
-    if (!this.provider) throw new Error("ERC8004Service: provider required for on-chain reads");
-    const contract = new ethers.Contract(accountAddress, ERC8004_ABI, this.provider);
-    const [count, summaryValue, summaryDecimals] = await contract.queryAgentReputation(
-      params.reputationRegistry,
-      params.agentId,
-      params.clientAddresses,
-      params.tag1,
-      params.tag2
-    );
-    return { count: BigInt(count), summaryValue: BigInt(summaryValue), summaryDecimals: Number(summaryDecimals) };
-  }
-  /**
-   * Encode calldata for `queryAgentReputation` (for static-call or eth_call without a signer).
-   */
-  encodeQueryAgentReputation(params) {
-    return this.iface.encodeFunctionData("queryAgentReputation", [
-      params.reputationRegistry,
-      params.agentId,
-      params.clientAddresses,
-      params.tag1,
-      params.tag2
-    ]);
-  }
-  /**
-   * Read the agentExtension implementation address from a deployed AirAccount.
-   */
-  async getAgentExtensionAddress(accountAddress) {
-    if (!this.provider) throw new Error("ERC8004Service: provider required for on-chain reads");
-    const contract = new ethers.Contract(accountAddress, ERC8004_ABI, this.provider);
-    return contract.agentExtension();
-  }
-};
-var DEFAULT_KMS_ENDPOINT = "https://kms.aastar.io";
-var KmsHttpClient = class {
-  endpoint;
-  enabled;
-  logger;
-  apiKey;
-  http;
-  constructor(options) {
-    this.endpoint = options.kmsEndpoint ?? DEFAULT_KMS_ENDPOINT;
-    this.enabled = options.kmsEnabled === true;
-    this.apiKey = options.kmsApiKey;
-    this.logger = options.logger ?? new ConsoleLogger("[KmsHttpClient]");
-    const headers = { "Content-Type": "application/json" };
-    if (this.apiKey) {
-      headers["x-api-key"] = this.apiKey;
-    }
-    this.http = axios.create({ baseURL: this.endpoint, headers });
-  }
-  /** Throw if KMS is not enabled — every operation must call this first. */
-  ensureEnabled() {
-    if (!this.enabled) {
-      throw new Error("KMS service is not enabled");
-    }
-  }
-  /**
-   * Plain JSON POST. The axios `config` arg is only forwarded when defined, so a
-   * config-less call results in `http.post(path, body)` (2 args) — preserving the
-   * exact call shape the existing unit tests assert against.
-   */
-  async post(path, body, config) {
-    const response = config === void 0 ? await this.http.post(path, body) : await this.http.post(path, body, config);
-    return response.data;
-  }
-  /** Plain JSON GET. */
-  async get(path, config) {
-    const response = config === void 0 ? await this.http.get(path) : await this.http.get(path, config);
-    return response.data;
-  }
-  /** POST with AWS-KMS framing (x-amz-target header) — required for wallet/signing ops. */
-  async amzPost(path, target, body) {
-    return this.post(path, body, {
-      headers: {
-        "Content-Type": "application/x-amz-json-1.1",
-        "x-amz-target": target
-      }
-    });
-  }
-  /** POST authenticated with a TEE-issued agent/session JWT (Authorization: Bearer). */
-  async postWithBearer(path, body, jwt) {
-    return this.post(path, body, {
-      headers: { authorization: `Bearer ${jwt}` }
-    });
-  }
-};
-var DEFAULT_RP_ID = "aastar.io";
-var DEFAULT_ORIGIN = "https://aastar.io";
-var DEFAULT_CREDENTIAL_ID = "dGVzdC1jcmVkZW50aWFs";
-function base64UrlEncode(bytes) {
-  return Buffer.from(bytes).toString("base64url");
-}
-function base64UrlDecode(value) {
-  return new Uint8Array(Buffer.from(value, "base64url"));
-}
-function hexToBytes(hex) {
-  const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
-  if (clean.length % 2 !== 0) {
-    throw new Error("hexToBytes: odd-length hex string");
-  }
-  const out = new Uint8Array(clean.length / 2);
-  for (let i = 0; i < out.length; i++) {
-    out[i] = parseInt(clean.slice(i * 2, i * 2 + 2), 16);
-  }
-  return out;
-}
-var P256PasskeySigner = class {
-  credentialId;
-  privateKey;
-  /**
-   * @param privateKey raw 32-byte P-256 scalar (Uint8Array or hex, 0x optional).
-   * @param credentialId base64url credential id (defaults to the reference fixture).
-   */
-  constructor(privateKey, credentialId = DEFAULT_CREDENTIAL_ID) {
-    this.privateKey = typeof privateKey === "string" ? hexToBytes(privateKey) : privateKey;
-    this.credentialId = credentialId;
-  }
-  /**
-   * Uncompressed (0x04…, 65-byte) P-256 public key hex. Register this with the
-   * KMS via CreateKey `PasskeyPublicKey` (or ChangePasskey) so the TA can verify
-   * assertions produced by this signer.
-   */
-  get publicKeyHex() {
-    return "0x" + Buffer.from(p256.getPublicKey(this.privateKey, false)).toString("hex");
-  }
-  sign(message) {
-    return p256.sign(message, this.privateKey, { prehash: true, format: "der" });
-  }
-};
-function buildClientDataJSON(challenge, origin = DEFAULT_ORIGIN) {
-  const json = JSON.stringify({ type: "webauthn.get", challenge, origin });
-  return new TextEncoder().encode(json);
-}
-function buildAuthenticatorData(rpId = DEFAULT_RP_ID, signCount = 1) {
-  const rpIdHash = createHash("sha256").update(rpId).digest();
-  const out = new Uint8Array(37);
-  out.set(rpIdHash, 0);
-  out[32] = 5;
-  new DataView(out.buffer).setUint32(33, signCount >>> 0, false);
-  return out;
-}
-async function buildAuthenticationCredential(opts) {
-  const origin = opts.origin ?? DEFAULT_ORIGIN;
-  const rpId = opts.rpId ?? DEFAULT_RP_ID;
-  const signCount = opts.signCount ?? 1;
-  const clientDataJSON = buildClientDataJSON(opts.challenge, origin);
-  const authenticatorData = buildAuthenticatorData(rpId, signCount);
-  const clientDataHash = createHash("sha256").update(clientDataJSON).digest();
-  const message = new Uint8Array(authenticatorData.length + clientDataHash.length);
-  message.set(authenticatorData, 0);
-  message.set(clientDataHash, authenticatorData.length);
-  const signature = await opts.signer.sign(message);
-  return {
-    id: opts.signer.credentialId,
-    rawId: opts.signer.credentialId,
-    type: "public-key",
-    response: {
-      clientDataJSON: base64UrlEncode(clientDataJSON),
-      authenticatorData: base64UrlEncode(authenticatorData),
-      signature: base64UrlEncode(signature)
-    }
-  };
-}
-async function runWebAuthnCeremony(begin, options) {
-  const begun = await begin();
-  const challenge = begun?.Options?.challenge;
-  if (!begun?.ChallengeId || !challenge) {
-    throw new Error(
-      "WebAuthn ceremony: begin endpoint did not return a ChallengeId + Options.challenge"
-    );
-  }
-  const credential = await buildAuthenticationCredential({
-    challenge,
-    signer: options.signer,
-    rpId: options.rpId,
-    origin: options.origin,
-    signCount: options.signCount
-  });
-  return { ChallengeId: begun.ChallengeId, Credential: credential };
-}
-function beginAuthenticationChallenge(http, keyId) {
-  return http.post("/BeginAuthentication", { KeyId: keyId });
-}
-function beginGrantSessionChallenge(http, keyId) {
-  return http.get("/kms/begin-grant-session-auth", {
-    params: { keyId }
-  });
-}
-function runAuthenticationCeremony(http, keyId, signer, options) {
-  return runWebAuthnCeremony(() => beginAuthenticationChallenge(http, keyId), {
-    signer,
-    ...options
-  });
-}
-function runGrantSessionCeremony(http, keyId, signer, options) {
-  return runWebAuthnCeremony(() => beginGrantSessionChallenge(http, keyId), {
-    signer,
-    ...options
-  });
-}
-var KmsManager = class {
-  client;
-  logger;
-  constructor(options) {
-    this.client = new KmsHttpClient(options);
-    this.logger = this.client.logger;
-  }
-  isKmsEnabled() {
-    return this.client.enabled;
-  }
-  /** Shared HTTP transport — pass to KmsAgentService / KmsSessionService / etc. */
-  get httpClient() {
-    return this.client;
-  }
-  ensureEnabled() {
-    this.client.ensureEnabled();
-  }
-  /** POST with x-amz-target header (required for wallet/signing operations). */
-  async amzPost(path, target, body) {
-    return this.client.amzPost(path, target, body);
-  }
-  // ── Key Management ──────────────────────────────────────────────
-  async createKey(description, passkeyPublicKey) {
-    this.ensureEnabled();
-    return this.amzPost("/CreateKey", "TrentService.CreateKey", {
-      Description: description,
-      KeyUsage: "SIGN_VERIFY",
-      KeySpec: "ECC_SECG_P256K1",
-      Origin: "EXTERNAL_KMS",
-      PasskeyPublicKey: passkeyPublicKey
-    });
-  }
-  async getKeyStatus(keyId) {
-    this.ensureEnabled();
-    return this.client.get("/KeyStatus", {
-      params: { KeyId: keyId }
-    });
-  }
-  async describeKey(keyId) {
-    this.ensureEnabled();
-    return this.amzPost("/DescribeKey", "TrentService.DescribeKey", { KeyId: keyId });
-  }
-  /** Get a key's public key (uncompressed). Not WebAuthn-gated. */
-  async getPublicKey(target) {
-    this.ensureEnabled();
-    return this.amzPost("/GetPublicKey", "TrentService.GetPublicKey", target);
-  }
-  /**
-   * Derive an Ethereum address at a BIP-44 path (WebAuthn-gated).
-   * Provide a WebAuthn ceremony assertion (preferred) or a Legacy passkey assertion.
-   */
-  async deriveAddress(params) {
-    this.ensureEnabled();
-    return this.amzPost("/DeriveAddress", "TrentService.DeriveAddress", params);
-  }
-  /** List keys (paginated). Not WebAuthn-gated. */
-  async listKeys(params = {}) {
-    this.ensureEnabled();
-    return this.amzPost("/ListKeys", "TrentService.ListKeys", params);
-  }
-  /**
-   * Schedule key deletion (AWS-KMS action ScheduleKeyDeletion; WebAuthn-gated).
-   * RPMB-bound on the TEE — requires a passkey/WebAuthn assertion on the normal path.
-   */
-  async deleteKey(params) {
-    this.ensureEnabled();
-    return this.amzPost("/DeleteKey", "TrentService.ScheduleKeyDeletion", params);
-  }
-  /**
-   * Unfreeze a dormant (frozen) key (issue #42; WebAuthn-gated).
-   * A key auto-frozen by the dormant-key sweep rejects signing until unfrozen.
-   * The TEE verifies the owner via the same strict WebAuthn ceremony as
-   * {@link deleteKey}; ownership is checked even when the key is already active,
-   * so this cannot be used as an unauthenticated key-state probe. Unlike DeleteKey
-   * this endpoint takes no `x-amz-target` header — it authenticates via the default
-   * API key plus the WebAuthn assertion in the body.
-   */
-  async unfreezeKey(params) {
-    this.ensureEnabled();
-    return this.client.post("/UnfreezeKey", params);
-  }
-  /**
-   * Rotate the WebAuthn passkey bound to a key (WebAuthn-gated, RPMB-bound).
-   * `PasskeyPublicKey` is the NEW P-256 public key (0x04… 65-byte uncompressed).
-   */
-  async changePasskey(params) {
-    this.ensureEnabled();
-    return this.amzPost("/ChangePasskey", "TrentService.ChangePasskey", params);
-  }
-  /**
-   * Sign a message or an EIP-155 transaction (WebAuthn-gated).
-   * Provide exactly one of `Message` (hex) or `Transaction`. For a raw 32-byte
-   * digest use {@link signHash} / {@link signHashWithWebAuthn} instead.
-   */
-  async sign(params) {
-    this.ensureEnabled();
-    return this.amzPost("/Sign", "TrentService.Sign", params);
-  }
-  /**
-   * Poll KeyStatus until the key is ready (address derived) or timeout.
-   * STM32 key derivation takes 60-75 seconds on first creation.
-   */
-  async pollUntilReady(keyId, timeoutMs = 12e4, intervalMs = 3e3) {
-    this.ensureEnabled();
-    const deadline = Date.now() + timeoutMs;
-    while (Date.now() < deadline) {
-      const status = await this.getKeyStatus(keyId);
-      this.logger.debug(`Key ${keyId} status: ${status.Status}`);
-      if (status.Status === "ready") {
-        return status;
-      }
-      if (status.Status === "error") {
-        throw new Error(`KMS key derivation failed: ${status.Error ?? "unknown error"}`);
-      }
-      await new Promise((resolve) => setTimeout(resolve, intervalMs));
-    }
-    throw new Error(`KMS key derivation timed out after ${timeoutMs}ms`);
-  }
-  // ── Signing ─────────────────────────────────────────────────────
-  /**
-   * Sign a hash using Legacy Passkey assertion (reusable for BLS dual-signing).
-   */
-  async signHash(hash, assertion, target) {
-    this.ensureEnabled();
-    const formattedHash = hash.startsWith("0x") ? hash : `0x${hash}`;
-    const body = {
-      Hash: formattedHash,
-      Passkey: assertion
-    };
-    if (target.Address) {
-      body.Address = target.Address;
-    }
-    if (target.KeyId) {
-      body.KeyId = target.KeyId;
-    }
-    return this.amzPost("/SignHash", "TrentService.SignHash", body);
-  }
-  /**
-   * Sign a hash using a WebAuthn ceremony assertion (one-time use).
-   */
-  async signHashWithWebAuthn(hash, challengeId, credential, target) {
-    this.ensureEnabled();
-    const formattedHash = hash.startsWith("0x") ? hash : `0x${hash}`;
-    const body = {
-      Hash: formattedHash,
-      WebAuthn: { ChallengeId: challengeId, Credential: credential }
-    };
-    if (target.Address) {
-      body.Address = target.Address;
-    }
-    if (target.KeyId) {
-      body.KeyId = target.KeyId;
-    }
-    return this.amzPost("/SignHash", "TrentService.SignHash", body);
-  }
-  // ── Sign Typed Data (v0.19.0+) ─────────────────────────────────
-  /**
-   * Sign arbitrary EIP-712 typed data via `POST /kms/SignTypedData` (v0.20.0).
-   *
-   * The KMS hashes the typed data host-side, so the FULL EIP-712 structure
-   * (domain / primaryType / types / message) is sent — not a pre-hashed
-   * domainSeparator/structHash. The `webAuthnAssertion` challenge comes from a
-   * generic {@link beginAuthentication} ceremony (purpose="authentication").
-   *
-   * Alternatively, agents authenticate with a Bearer JWT — see KmsAgentService.
-   */
-  async signTypedDataWithWebAuthn(params) {
-    this.ensureEnabled();
-    return this.client.post("/kms/SignTypedData", params);
-  }
-  // ── Grant Session Off-chain Signing (v0.19.0+) ─────────────────
-  /**
-   * Begin a grant-session WebAuthn challenge.
-   * The returned challengeId can ONLY be used with sign-grant-session, not sign-typed-data.
-   */
-  async beginGrantSessionAuth(params) {
-    this.ensureEnabled();
-    return this.client.get("/kms/begin-grant-session-auth", {
-      params: { keyId: params.keyId }
-    });
-  }
-  /**
-   * Sign a GRANT_SESSION_V2 hash off-chain inside the TEE (secp256k1 session key).
-   * Returns a 65-byte signature (R||S||V, V=27/28) for use in grantSessionWithSig().
-   */
-  async signGrantSession(params) {
-    this.ensureEnabled();
-    return this.client.post("/kms/sign-grant-session", params);
-  }
-  /**
-   * Sign a GRANT_P256_SESSION_V2 hash off-chain inside the TEE (P256 session key).
-   * Returns a 65-byte signature for use in grantP256SessionWithSig().
-   */
-  async signP256GrantSession(params) {
-    this.ensureEnabled();
-    return this.client.post("/kms/sign-p256-grant-session", params);
-  }
-  // ── Challenge-binding ceremonies (#49 / Beta3) ──────────────────
-  //
-  // These run the full WebAuthn challenge-binding ceremony in one call:
-  // fetch the TA one-time nonce, embed it in clientDataJSON, build + sign the
-  // assertion, then invoke the signing endpoint with the resulting
-  // `WebAuthn` / `webAuthnAssertion`. They share the
-  // {@link runAuthenticationCeremony} / {@link runGrantSessionCeremony} helper,
-  // so every path produces an identical, replay-protected assertion structure.
-  /**
-   * Run a generic authentication ceremony (purpose="authentication") bound to a
-   * fresh TA challenge. The returned assertion is valid for DeriveAddress / Sign
-   * / SignHash / SignTypedData / agent-key / p256-session signing.
-   */
-  async runAuthenticationCeremony(keyId, signer, options) {
-    this.ensureEnabled();
-    return runAuthenticationCeremony(this.client, keyId, signer, options);
-  }
-  /**
-   * Run a grant-session ceremony (purpose="grant-session") bound to a fresh TA
-   * challenge — required by {@link signGrantSession} / {@link signP256GrantSession}
-   * (the generic 'authentication' challenge is rejected there for replay safety).
-   */
-  async runGrantSessionCeremony(keyId, signer, options) {
-    this.ensureEnabled();
-    return runGrantSessionCeremony(this.client, keyId, signer, options);
-  }
-  /** Derive an address, running the challenge-binding ceremony internally. */
-  async deriveAddressWithCeremony(params, signer, options) {
-    this.ensureEnabled();
-    const WebAuthn = await this.runAuthenticationCeremony(params.KeyId, signer, options);
-    return this.deriveAddress({ ...params, WebAuthn });
-  }
-  /**
-   * Sign a message or EIP-155 transaction, running the challenge-binding ceremony
-   * internally. `params.KeyId` is required (it identifies the wallet to challenge).
-   */
-  async signWithCeremony(params, signer, options) {
-    this.ensureEnabled();
-    const WebAuthn = await this.runAuthenticationCeremony(params.KeyId, signer, options);
-    return this.sign({ ...params, WebAuthn });
-  }
-  /** Sign a 32-byte digest, running the challenge-binding ceremony internally. */
-  async signHashWithCeremony(hash, target, signer, options) {
-    this.ensureEnabled();
-    const assertion = await this.runAuthenticationCeremony(target.KeyId, signer, options);
-    return this.signHashWithWebAuthn(hash, assertion.ChallengeId, assertion.Credential, target);
-  }
-  /** Sign EIP-712 typed data, running the challenge-binding ceremony internally. */
-  async signTypedDataWithCeremony(params, signer, options) {
-    this.ensureEnabled();
-    const webAuthnAssertion = await this.runAuthenticationCeremony(params.keyId, signer, options);
-    return this.signTypedDataWithWebAuthn({ ...params, webAuthnAssertion });
-  }
-  /**
-   * Sign a GRANT_SESSION_V2 hash, running the grant-session ceremony internally
-   * (uses the purpose-bound `begin-grant-session-auth` challenge).
-   */
-  async signGrantSessionWithCeremony(params, signer, options) {
-    this.ensureEnabled();
-    const webAuthnAssertion = await this.runGrantSessionCeremony(params.keyId, signer, options);
-    return this.signGrantSession({ ...params, webAuthnAssertion });
-  }
-  /**
-   * Sign a GRANT_P256_SESSION_V2 hash, running the grant-session ceremony
-   * internally (uses the purpose-bound `begin-grant-session-auth` challenge).
-   */
-  async signP256GrantSessionWithCeremony(params, signer, options) {
-    this.ensureEnabled();
-    const webAuthnAssertion = await this.runGrantSessionCeremony(params.keyId, signer, options);
-    return this.signP256GrantSession({ ...params, webAuthnAssertion });
-  }
-  // ── WebAuthn Ceremonies ─────────────────────────────────────────
-  async beginRegistration(params) {
-    this.ensureEnabled();
-    return this.client.post("/BeginRegistration", params);
-  }
-  async completeRegistration(params) {
-    this.ensureEnabled();
-    return this.client.post("/CompleteRegistration", params);
-  }
-  async beginAuthentication(params) {
-    this.ensureEnabled();
-    return this.client.post("/BeginAuthentication", params);
-  }
-  /**
-   * Begin a generic WebAuthn authentication ceremony for a key, returning a
-   * challenge usable for SignHash / SignTypedData (purpose="authentication").
-   *
-   * NOTE: there is no dedicated `begin-webauthn-auth` endpoint — this delegates
-   * to `POST /BeginAuthentication`. (Grant-session signing needs a purpose-bound
-   * challenge from {@link beginGrantSessionAuth} instead.)
-   */
-  async beginWebAuthnAuth(keyId) {
-    this.ensureEnabled();
-    return this.client.post("/BeginAuthentication", { KeyId: keyId });
-  }
-  // ── Factory ─────────────────────────────────────────────────────
-  createKmsSigner(keyId, address, assertionProvider, provider) {
-    this.ensureEnabled();
-    return new KmsSigner(keyId, address, this, assertionProvider, provider);
-  }
-};
-var KmsSigner = class _KmsSigner extends ethers.AbstractSigner {
-  constructor(keyId, _address, kmsManager, assertionProvider, provider) {
-    super(provider);
-    this.keyId = keyId;
-    this._address = _address;
-    this.kmsManager = kmsManager;
-    this.assertionProvider = assertionProvider;
-  }
-  async getAddress() {
-    return this._address;
-  }
-  async signMessage(message) {
-    const messageBytes = typeof message === "string" ? ethers.toUtf8Bytes(message) : message;
-    const messageHash = ethers.hashMessage(messageBytes);
-    const assertion = await this.assertionProvider();
-    const signResponse = await this.kmsManager.signHash(messageHash, assertion, {
-      Address: this._address
-    });
-    return "0x" + signResponse.Signature;
-  }
-  async signTransaction(tx) {
-    if (!this.provider) {
-      throw new Error("Provider is required for signing transactions");
-    }
-    const populated = await this.populateTransaction(tx);
-    const unsignedTx = ethers.Transaction.from(populated);
-    const txHash = unsignedTx.hash;
-    if (!txHash) {
-      throw new Error("Failed to compute transaction hash");
-    }
-    const assertion = await this.assertionProvider();
-    const signResponse = await this.kmsManager.signHash(txHash, assertion, {
-      Address: this._address
-    });
-    const sig = ethers.Signature.from("0x" + signResponse.Signature);
-    unsignedTx.signature = sig;
-    return unsignedTx.serialized;
-  }
-  async signTypedData(domain, types, value) {
-    const hash = ethers.TypedDataEncoder.hash(domain, types, value);
-    const assertion = await this.assertionProvider();
-    const signResponse = await this.kmsManager.signHash(hash, assertion, {
-      Address: this._address
-    });
-    return "0x" + signResponse.Signature;
-  }
-  connect(provider) {
-    return new _KmsSigner(
-      this.keyId,
-      this._address,
-      this.kmsManager,
-      this.assertionProvider,
-      provider
-    );
-  }
-};
-var KmsAgentService = class {
-  constructor(http) {
-    this.http = http;
-  }
-  /**
-   * Mint a new agent key under an existing human key (WebAuthn-gated).
-   *
-   * The WebAuthn challenge is obtained from a generic
-   * {@link KmsManager.beginAuthentication} ceremony (purpose="authentication");
-   * the caller supplies the resulting assertion in the request.
-   */
-  async createAgentKey(params) {
-    this.http.ensureEnabled();
-    return this.http.post("/kms/create-agent-key", params);
-  }
-  /**
-   * Sign a userOpHash with an agent key, authenticated by the agent's TEE-JWT
-   * credential (`jwt`, the `agentCredential` from {@link createAgentKey}).
-   * Returns the 106-byte packed signature for ERC-4337 sponsorship.
-   */
-  async signAgent(params, jwt) {
-    this.http.ensureEnabled();
-    return this.http.postWithBearer("/kms/sign-agent", params, jwt);
-  }
-  /**
-   * Refresh (re-mint) an agent credential before it expires. Authenticated with
-   * the existing credential (`jwt`, Bearer) plus a human WebAuthn / passkey
-   * assertion in the request.
-   */
-  async refreshAgentCredential(params, jwt) {
-    this.http.ensureEnabled();
-    return this.http.postWithBearer(
-      "/kms/refresh-agent-credential",
-      params,
-      jwt
-    );
-  }
-  /**
-   * Revoke an agent's credential (WebAuthn-gated).
-   *
-   * The WebAuthn challenge is obtained from a generic
-   * {@link KmsManager.beginAuthentication} ceremony (purpose="authentication");
-   * the caller supplies the resulting assertion in the request.
-   */
-  async revokeAgentCredential(params) {
-    this.http.ensureEnabled();
-    return this.http.post(
-      "/kms/revoke-agent-credential",
-      params
-    );
-  }
-  // ── Challenge-binding ceremony variants (#49 / Beta3) ────────────
-  //
-  // All agent-key WebAuthn gates use the generic purpose="authentication"
-  // challenge bound to the HUMAN key. These helpers run the full ceremony
-  // (begin → clientDataJSON → assertion) via the shared
-  // {@link runAuthenticationCeremony} helper, then invoke the endpoint.
-  /** Mint an agent key, running the challenge-binding ceremony internally. */
-  async createAgentKeyWithCeremony(params, signer, options) {
-    this.http.ensureEnabled();
-    const webAuthnAssertion = await runAuthenticationCeremony(
-      this.http,
-      params.humanKeyId,
-      signer,
-      options
-    );
-    return this.createAgentKey({ ...params, webAuthnAssertion });
-  }
-  /**
-   * Refresh an agent credential, running the challenge-binding ceremony
-   * internally. `humanKeyId` is the owning human key challenged by the ceremony
-   * (distinct from the agent `keyId` in `params`); `jwt` is the existing credential.
-   */
-  async refreshAgentCredentialWithCeremony(params, humanKeyId, jwt, signer, options) {
-    this.http.ensureEnabled();
-    const webAuthnAssertion = await runAuthenticationCeremony(this.http, humanKeyId, signer, options);
-    return this.refreshAgentCredential({ ...params, webAuthnAssertion }, jwt);
-  }
-  /**
-   * Revoke an agent credential, running the challenge-binding ceremony internally.
-   * `humanKeyId` is the owning human key challenged by the ceremony (distinct from
-   * the agent `keyId` in `params`).
-   */
-  async revokeAgentCredentialWithCeremony(params, humanKeyId, signer, options) {
-    this.http.ensureEnabled();
-    const webAuthnAssertion = await runAuthenticationCeremony(this.http, humanKeyId, signer, options);
-    return this.revokeAgentCredential({ ...params, webAuthnAssertion });
-  }
-};
-var KmsSessionService = class {
-  constructor(http) {
-    this.http = http;
-  }
-  /**
-   * Create a P-256 session key under a human key (WebAuthn-gated).
-   *
-   * `POST /kms/create-p256-session-key`. The `webAuthnAssertion` challenge comes
-   * from a generic {@link KmsManager.beginAuthentication} ceremony supplied by
-   * the caller. Returns the session key's public key plus an `agentCredential`
-   * JWT used to authenticate subsequent {@link signP256UserOp} calls.
-   */
-  async createP256SessionKey(params) {
-    this.http.ensureEnabled();
-    return this.http.post(
-      "/kms/create-p256-session-key",
-      params
-    );
-  }
-  /**
-   * Sign an ERC-4337 UserOp hash with a P-256 session key (Bearer JWT auth).
-   *
-   * `POST /kms/sign-p256-user-op`, authenticated with the `agentCredential` JWT
-   * returned by {@link createP256SessionKey}. Returns the 149-byte P256
-   * session-key wire-format signature.
-   */
-  async signP256UserOp(params, jwt) {
-    this.http.ensureEnabled();
-    return this.http.postWithBearer(
-      "/kms/sign-p256-user-op",
-      params,
-      jwt
-    );
-  }
-  /**
-   * Revoke a P-256 session key (WebAuthn-gated, idempotent).
-   *
-   * `POST /kms/revoke-p256-session-key`. The `webAuthnAssertion` challenge comes
-   * from a generic {@link KmsManager.beginAuthentication} ceremony supplied by
-   * the caller. Idempotent: revoking an already-revoked key still resolves.
-   */
-  async revokeP256SessionKey(params) {
-    this.http.ensureEnabled();
-    return this.http.post(
-      "/kms/revoke-p256-session-key",
-      params
-    );
-  }
-  // ── Challenge-binding ceremony variants (#49 / Beta3) ────────────
-  //
-  // Create + revoke gate on the generic purpose="authentication" challenge bound
-  // to the HUMAN key. These helpers run the full ceremony (begin → clientDataJSON
-  // → assertion) via the shared {@link runAuthenticationCeremony} helper.
-  /** Create a P-256 session key, running the challenge-binding ceremony internally. */
-  async createP256SessionKeyWithCeremony(params, signer, options) {
-    this.http.ensureEnabled();
-    const webAuthnAssertion = await runAuthenticationCeremony(
-      this.http,
-      params.humanKeyId,
-      signer,
-      options
-    );
-    return this.createP256SessionKey({ ...params, webAuthnAssertion });
-  }
-  /**
-   * Revoke a P-256 session key, running the challenge-binding ceremony internally.
-   * `humanKeyId` is the owning human key challenged by the ceremony (distinct from
-   * the session `keyId` in `params`).
-   */
-  async revokeP256SessionKeyWithCeremony(params, humanKeyId, signer, options) {
-    this.http.ensureEnabled();
-    const webAuthnAssertion = await runAuthenticationCeremony(this.http, humanKeyId, signer, options);
-    return this.revokeP256SessionKey({ ...params, webAuthnAssertion });
-  }
-};
-var KmsPaymentSigner = class {
-  constructor(http) {
-    this.http = http;
-  }
-  /**
-   * Dispatch a payment-signing request with the chosen auth mode.
-   * JWT auth uses `postWithBearer`; WebAuthn auth merges the assertion into the body.
-   */
-  async signWithAuth(path, body, auth) {
-    if ("jwt" in auth) {
-      return this.http.postWithBearer(path, body, auth.jwt);
-    }
-    return this.http.post(path, {
-      ...body,
-      webAuthnAssertion: auth.webAuthnAssertion
-    });
-  }
-  /**
-   * Sign a MicroPaymentChannel voucher (cumulative-amount EIP-712 message)
-   * via `POST /kms/SignMicropaymentVoucher`.
-   */
-  async signMicropaymentVoucher(params, auth) {
-    this.http.ensureEnabled();
-    return this.signWithAuth("/kms/SignMicropaymentVoucher", { ...params }, auth);
-  }
-  /**
-   * Sign an EIP-3009 TransferWithAuthorization for a GToken transfer
-   * via `POST /kms/SignGTokenAuthorization`. `from` MUST equal the derived address.
-   */
-  async signGTokenAuthorization(params, auth) {
-    this.http.ensureEnabled();
-    return this.signWithAuth("/kms/SignGTokenAuthorization", { ...params }, auth);
-  }
-  /**
-   * Sign an x402 payment authorization via `POST /kms/SignX402Payment`.
-   */
-  async signX402Payment(params, auth) {
-    this.http.ensureEnabled();
-    return this.signWithAuth("/kms/SignX402Payment", { ...params }, auth);
-  }
-};
-var KmsMonitorService = class {
-  constructor(http) {
-    this.http = http;
-  }
-  /**
-   * Liveness probe (`GET /health`, no auth). Does NOT require the KMS feature
-   * flag to be enabled.
-   */
-  async health() {
-    return this.http.get("/health");
-  }
-  /**
-   * Version / capability descriptor (`GET /version`, no auth). Does NOT require
-   * the KMS feature flag to be enabled.
-   */
-  async version() {
-    return this.http.get("/version");
-  }
-  /**
-   * Request-queue health and circuit-breaker state (`GET /QueueStatus`).
-   */
-  async queueStatus() {
-    this.http.ensureEnabled();
-    return this.http.get("/QueueStatus");
-  }
-  /**
-   * RPMB anti-rollback monotonic counter (`GET /RollbackCounter`, diagnostic,
-   * v0.20.0).
-   */
-  async rollbackCounter() {
-    this.http.ensureEnabled();
-    return this.http.get("/RollbackCounter");
-  }
-  /**
-   * Machine-readable runtime statistics (`GET /stats`, v0.20.0) — wallets, tx,
-   * queue, warnings.
-   */
-  async stats() {
-    this.http.ensureEnabled();
-    return this.http.get("/stats");
-  }
-  /**
-   * TEE remote-attestation evidence bound to a caller nonce (`GET /attestation`,
-   * #37). Public (no auth) — pass a fresh random `nonce` (hex, ≤64 bytes) to bind
-   * the evidence + defeat replay, then verify the returned signed measurement.
-   */
-  async getAttestation(nonce) {
-    return this.http.get("/attestation", { params: { nonce } });
-  }
-  /**
-   * Ed25519-signed measurement manifest, version → ta_measurement
-   * (`GET /.well-known/attestation-measurements.json`, #12). Public.
-   */
-  async getAttestationMeasurements() {
-    return this.http.get("/.well-known/attestation-measurements.json");
-  }
-  /**
-   * Sigsum transparency proof sidecar for the measurement manifest
-   * (`GET /.well-known/attestation-measurements-proof.json`, #87). Public.
-   */
-  async getAttestationMeasurementsProof() {
-    return this.http.get("/.well-known/attestation-measurements-proof.json");
-  }
-  /**
-   * WARNING — DESTRUCTIVE, IRREVERSIBLE. Force-purges a key from both the TEE
-   * and the SQLite store with NO passkey/WebAuthn check (`POST /admin/purge-key`,
-   * v0.20.0). Operator-only: authorised solely by the `KMS_ADMIN_TOKEN` operator
-   * secret sent as `Authorization: Bearer <adminToken>`. There is no recovery
-   * once a key is purged.
-   *
-   * @internal Operator/break-glass tooling only — not part of the general SDK surface.
-   *   The endpoint is gated server-side and intentionally omitted from the public KMS
-   *   docs; do not expose it in application-facing flows.
-   */
-  async adminPurgeKey(params, adminToken) {
-    this.http.ensureEnabled();
-    return this.http.postWithBearer("/admin/purge-key", params, adminToken);
-  }
-};
-var MemoryStorage = class {
-  accounts = [];
-  transfers = [];
-  paymasters = /* @__PURE__ */ new Map();
-  blsConfig = null;
-  // ── Accounts ─────────────────────────────────────────────────
-  async getAccounts() {
-    return [...this.accounts];
-  }
-  async saveAccount(account) {
-    this.accounts.push({ ...account });
-  }
-  async findAccountByUserId(userId) {
-    return this.accounts.find((a) => a.userId === userId) ?? null;
-  }
-  async updateAccount(userId, updates) {
-    const index = this.accounts.findIndex((a) => a.userId === userId);
-    if (index >= 0) {
-      this.accounts[index] = { ...this.accounts[index], ...updates };
-    }
-  }
-  // ── Transfers ────────────────────────────────────────────────
-  async saveTransfer(transfer) {
-    this.transfers.push({ ...transfer });
-  }
-  async findTransfersByUserId(userId) {
-    return this.transfers.filter((t) => t.userId === userId);
-  }
-  async findTransferById(id) {
-    return this.transfers.find((t) => t.id === id) ?? null;
-  }
-  async updateTransfer(id, updates) {
-    const index = this.transfers.findIndex((t) => t.id === id);
-    if (index >= 0) {
-      this.transfers[index] = { ...this.transfers[index], ...updates };
-    }
-  }
-  // ── Paymasters ───────────────────────────────────────────────
-  async getPaymasters(userId) {
-    return this.paymasters.get(userId) ?? [];
-  }
-  async savePaymaster(userId, paymaster) {
-    const list = this.paymasters.get(userId) ?? [];
-    const existingIndex = list.findIndex((p) => p.name === paymaster.name);
-    if (existingIndex >= 0) {
-      list[existingIndex] = { ...paymaster };
-    } else {
-      list.push({ ...paymaster });
-    }
-    this.paymasters.set(userId, list);
-  }
-  async removePaymaster(userId, name) {
-    const list = this.paymasters.get(userId) ?? [];
-    const filtered = list.filter((p) => p.name !== name);
-    if (filtered.length < list.length) {
-      this.paymasters.set(userId, filtered);
-      return true;
-    }
-    return false;
-  }
-  // ── BLS Config ───────────────────────────────────────────────
-  async getBlsConfig() {
-    return this.blsConfig;
-  }
-  async updateSignerNodesCache(nodes) {
-    this.blsConfig = {
-      ...this.blsConfig,
-      signerNodes: {
-        nodes
-      }
-    };
-  }
-};
-var LocalWalletSigner = class {
-  wallet;
-  constructor(privateKey, provider) {
-    this.wallet = new ethers.Wallet(privateKey, provider);
-  }
-  async getAddress(_userId) {
-    return this.wallet.address;
-  }
-  async getSigner(_userId, _ctx) {
-    return this.wallet;
-  }
-  async ensureSigner(_userId) {
-    return { signer: this.wallet, address: this.wallet.address };
-  }
-};
-/*! Bundled license information:
-
-@noble/curves/nist.js:
-  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
-*/
-
-export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, validateConfig, wrapExecuteUserOp };
 //# sourceMappingURL=airaccount.js.map
 //# sourceMappingURL=airaccount.js.map