@aastar/sdk 0.20.5 → 0.20.7

package/dist/{chunk-WPSWFZKF.js → chunk-UIFMIVDK.js}

@@ -1,22 +1,10 @@
-import { ecdsa, bls12_381, weierstrass, sha256 } from './chunk-4KRQXOTI.js';
-import { ethers } from 'ethers';
+import { selectorFromId, keccak256, solidityPacked, ERC4337Utils, BLSManager, resolveTier, algIdForTier, encodeAbiParams, ecdsa, ALG_CUMULATIVE_T3, ALG_CUMULATIVE_T2, ALG_P256, ALG_ECDSA, ALG_BLS, weierstrass, sha256 } from './chunk-X3AMH53O.js';
+import { parseAbi, createPublicClient, http, getContract, formatEther, parseUnits, parseEther, encodeFunctionData, concat, numberToHex, zeroAddress, hexToBytes, formatUnits, hashMessage as hashMessage$1, toRlp, keccak256 as keccak256$1, concatHex, recoverAddress as recoverAddress$1 } from 'viem';
 import axios from 'axios';
 import { createHash } from 'crypto';
+import { privateKeyToAccount } from 'viem/accounts';
 
-// ../../node_modules/.pnpm/@noble+curves@2.0.1/node_modules/@noble/curves/nist.js
-var p256_CURVE = /* @__PURE__ */ (() => ({
-  p: BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"),
-  n: BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),
-  h: BigInt(1),
-  a: BigInt("0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc"),
-  b: BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),
-  Gx: BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
-  Gy: BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5")
-}))();
-var p256_Point = /* @__PURE__ */ weierstrass(p256_CURVE);
-var p256 = /* @__PURE__ */ ecdsa(p256_Point, sha256);
-
-// ../airaccount/dist/server/index.js
+// ../airaccount/src/server/constants/entrypoint.ts
 var EntryPointVersion = /* @__PURE__ */ ((EntryPointVersion2) => {
   EntryPointVersion2["V0_6"] = "0.6";
   EntryPointVersion2["V0_7"] = "0.7";
@@ -24,26 +12,17 @@ var EntryPointVersion = /* @__PURE__ */ ((EntryPointVersion2) => {
   return EntryPointVersion2;
 })(EntryPointVersion || {});
 var ENTRYPOINT_ADDRESSES = {
-  [
-    "0.6"
-    /* V0_6 */
-  ]: {
+  ["0.6" /* V0_6 */]: {
     sepolia: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789",
     mainnet: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789",
     optimism: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789"
   },
-  [
-    "0.7"
-    /* V0_7 */
-  ]: {
+  ["0.7" /* V0_7 */]: {
     sepolia: "0x0000000071727De22E5E9d8BAf0edAc6f37da032",
     mainnet: "0x0000000071727De22E5E9d8BAf0edAc6f37da032",
     optimism: "0x0000000071727De22E5E9d8BAf0edAc6f37da032"
   },
-  [
-    "0.8"
-    /* V0_8 */
-  ]: {
+  ["0.8" /* V0_8 */]: {
     sepolia: "0x0576a174D229E3cFA37253523E645A78A0C91B57",
     mainnet: "0x0576a174D229E3cFA37253523E645A78A0C91B57",
     optimism: "0x0576a174D229E3cFA37253523E645A78A0C91B57"
@@ -161,7 +140,9 @@ var AIRACCOUNT_ABI = [
   "function guardians(uint256 index) external view returns (address)",
   "function p256KeyX() external view returns (bytes32)",
   "function p256KeyY() external view returns (bytes32)",
-  "function getConfigDescription() external view returns (tuple(address accountOwner, address guardAddress, uint256 dailyLimit, uint256 dailyRemaining, uint256 tier1Limit, uint256 tier2Limit, address[3] guardianAddresses, uint8 guardianCount, bool hasP256Key, bool hasValidator, bool hasAggregator, bool hasActiveRecovery))",
+  // abitype/viem human-readable ABIs use a bare parenthesised tuple `(...)`, not the
+  // ethers-style `tuple(...)` keyword (which parseAbi rejects with "Invalid ABI parameter").
+  "function getConfigDescription() external view returns ((address accountOwner, address guardAddress, uint256 dailyLimit, uint256 dailyRemaining, uint256 tier1Limit, uint256 tier2Limit, address[3] guardianAddresses, uint8 guardianCount, bool hasP256Key, bool hasValidator, bool hasAggregator, bool hasActiveRecovery))",
   // ── Owner / key management ──
   "function setValidator(address _validator) external",
   "function setP256Key(bytes32 _x, bytes32 _y) external",
@@ -386,13 +367,12 @@ var AIR_ACCOUNT_DELEGATE_ABI = [
   "event RescueExecuted(address indexed eoa, address rescueTo, uint256 ethAmount)",
   "event RescueCancelled(address indexed eoa)"
 ];
+
+// ../airaccount/src/server/config.ts
 function sepoliaV07Config(version = "M7") {
   const factoryAddress = version === "M5" ? AIRACCOUNT_ADDRESSES.sepolia.factoryM5 : version === "M7r6" ? AIRACCOUNT_ADDRESSES.sepolia.factoryM7r6 : AIRACCOUNT_ADDRESSES.sepolia.factory;
   return {
-    entryPointAddress: ENTRYPOINT_ADDRESSES[
-      "0.7"
-      /* V0_7 */
-    ].sepolia,
+    entryPointAddress: ENTRYPOINT_ADDRESSES["0.7" /* V0_7 */].sepolia,
     factoryAddress,
     validatorAddress: AIRACCOUNT_ADDRESSES.sepolia.validatorRouter
   };
@@ -431,6 +411,8 @@ function validateConfig(config) {
     throw new Error("ServerConfig: signer adapter is required");
   }
 }
+
+// ../airaccount/src/server/interfaces/logger.ts
 var ConsoleLogger = class {
   constructor(prefix = "[YAAA]") {
     this.prefix = prefix;
@@ -459,37 +441,43 @@ var SilentLogger = class {
   }
 };
 var EthereumProvider = class {
+  /** Main-network read client. Pass to viem getContract / readContract calls. */
   provider;
+  /** Bundler client — used only for raw eth_ / pimlico_ userOp JSON-RPC. */
   bundlerProvider;
   config;
   logger;
   constructor(config) {
     this.config = config;
     this.logger = config.logger ?? new ConsoleLogger("[EthereumProvider]");
-    this.provider = new ethers.JsonRpcProvider(config.rpcUrl);
-    this.bundlerProvider = new ethers.JsonRpcProvider(config.bundlerRpcUrl);
+    this.provider = createPublicClient({ transport: http(config.rpcUrl) });
+    this.bundlerProvider = createPublicClient({ transport: http(config.bundlerRpcUrl) });
   }
+  /** Returns the viem PublicClient for the main network RPC. */
   getProvider() {
     return this.provider;
   }
+  /** Returns the viem PublicClient bound to the bundler RPC (raw .request only). */
   getBundlerProvider() {
     return this.bundlerProvider;
   }
+  /**
+   * Raw bundler JSON-RPC call. The bundler exposes non-standard methods
+   * (eth_sendUserOperation, pimlico_getUserOperationGasPrice, ...) that are not in
+   * viem's typed RPC schema, so we go through the transport's request fn untyped.
+   */
+  async bundlerRequest(method, params) {
+    return await this.bundlerProvider.request({
+      method,
+      params
+    });
+  }
   // ── Config helpers ──────────────────────────────────────────────
   getVersionConfig(version) {
     const map = {
-      [
-        "0.6"
-        /* V0_6 */
-      ]: this.config.entryPoints.v06,
-      [
-        "0.7"
-        /* V0_7 */
-      ]: this.config.entryPoints.v07,
-      [
-        "0.8"
-        /* V0_8 */
-      ]: this.config.entryPoints.v08
+      ["0.6" /* V0_6 */]: this.config.entryPoints.v06,
+      ["0.7" /* V0_7 */]: this.config.entryPoints.v07,
+      ["0.8" /* V0_8 */]: this.config.entryPoints.v08
     };
     const versionConfig = map[version];
     if (!versionConfig) {
@@ -508,91 +496,103 @@ var EthereumProvider = class {
   }
   getDefaultVersion() {
     const v = this.config.defaultVersion;
-    if (v === "0.7") return "0.7";
-    if (v === "0.8") return "0.8";
-    return "0.6";
+    if (v === "0.7") return "0.7" /* V0_7 */;
+    if (v === "0.8") return "0.8" /* V0_8 */;
+    return "0.6" /* V0_6 */;
   }
   // ── Contract factories ──────────────────────────────────────────
-  getFactoryContract(version = "0.6") {
+  /** Build a read-only viem contract bound to the main-network PublicClient. */
+  contractAt(address, abi) {
+    return getContract({
+      address,
+      abi: parseAbi(abi),
+      client: this.provider
+    });
+  }
+  getFactoryContract(version = "0.6" /* V0_6 */) {
     const address = this.getFactoryAddress(version);
-    const abi = version === "0.6" ? FACTORY_ABI_V6 : AIRACCOUNT_FACTORY_ABI;
-    return new ethers.Contract(address, abi, this.provider);
+    const abi = version === "0.6" /* V0_6 */ ? FACTORY_ABI_V6 : AIRACCOUNT_FACTORY_ABI;
+    return this.contractAt(address, abi);
   }
-  getEntryPointContract(version = "0.6") {
+  getEntryPointContract(version = "0.6" /* V0_6 */) {
     const address = this.getEntryPointAddress(version);
-    const abi = version === "0.6" ? ENTRYPOINT_ABI_V6 : ENTRYPOINT_ABI_V7_V8;
-    return new ethers.Contract(address, abi, this.provider);
+    const abi = version === "0.6" /* V0_6 */ ? ENTRYPOINT_ABI_V6 : ENTRYPOINT_ABI_V7_V8;
+    return this.contractAt(address, abi);
   }
-  getValidatorContract(version = "0.6") {
+  getValidatorContract(version = "0.6" /* V0_6 */) {
     const address = this.getValidatorAddress(version);
-    return new ethers.Contract(address, VALIDATOR_ABI, this.provider);
+    return this.contractAt(address, VALIDATOR_ABI);
   }
   getAccountContract(address) {
-    return new ethers.Contract(address, AIRACCOUNT_ABI, this.provider);
+    return this.contractAt(address, AIRACCOUNT_ABI);
   }
   // ── M7 Module contracts ─────────────────────────────────────────
   // M7 r4 module helpers — addresses renamed to *M7r4 suffix in beta.3 to avoid ambiguity.
   // These methods are retained for backwards compatibility; callers should pass an explicit address.
   getAgentSessionKeyValidatorContract(address = AIRACCOUNT_ADDRESSES.sepolia.agentSessionKeyValidatorM7r4) {
-    return new ethers.Contract(address, AGENT_SESSION_KEY_VALIDATOR_ABI, this.provider);
+    return this.contractAt(address, AGENT_SESSION_KEY_VALIDATOR_ABI);
   }
   getTierGuardHookContract(address = AIRACCOUNT_ADDRESSES.sepolia.tierGuardHookM7r4) {
-    return new ethers.Contract(address, TIER_GUARD_HOOK_ABI, this.provider);
+    return this.contractAt(address, TIER_GUARD_HOOK_ABI);
   }
   getCompositeValidatorContract(address = AIRACCOUNT_ADDRESSES.sepolia.compositeValidatorM7r4) {
-    return new ethers.Contract(address, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, this.provider);
+    return this.contractAt(address, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI);
   }
   getForceExitModuleContract(address) {
-    return new ethers.Contract(address, FORCE_EXIT_MODULE_ABI, this.provider);
+    return this.contractAt(address, FORCE_EXIT_MODULE_ABI);
   }
   // ── On-chain queries ────────────────────────────────────────────
   async getBalance(address) {
-    const balance = await this.provider.getBalance(address);
-    return ethers.formatEther(balance);
+    const balance = await this.provider.getBalance({ address });
+    return formatEther(balance);
   }
-  async getNonce(accountAddress, key = 0, version = "0.6") {
+  async getNonce(accountAddress, key = 0, version = "0.6" /* V0_6 */) {
     const entryPoint = this.getEntryPointContract(version);
-    return await entryPoint.getNonce(accountAddress, key);
+    return await entryPoint.read.getNonce([
+      accountAddress,
+      BigInt(key)
+    ]);
   }
-  async getUserOpHash(userOp, version = "0.6") {
+  async getUserOpHash(userOp, version = "0.6" /* V0_6 */) {
     const entryPoint = this.getEntryPointContract(version);
-    if (version === "0.6") {
+    const read = entryPoint.read;
+    if (version === "0.6" /* V0_6 */) {
       const op = userOp;
       const userOpArray = [
         op.sender,
-        op.nonce,
+        BigInt(op.nonce),
         op.initCode || "0x",
         op.callData,
-        op.callGasLimit,
-        op.verificationGasLimit,
-        op.preVerificationGas,
-        op.maxFeePerGas,
-        op.maxPriorityFeePerGas,
+        BigInt(op.callGasLimit),
+        BigInt(op.verificationGasLimit),
+        BigInt(op.preVerificationGas),
+        BigInt(op.maxFeePerGas),
+        BigInt(op.maxPriorityFeePerGas),
         op.paymasterAndData || "0x",
         "0x"
         // Always use empty signature for hash calculation
       ];
-      return await entryPoint.getUserOpHash(userOpArray);
+      return await read.getUserOpHash([userOpArray]);
     } else {
       const packedOp = userOp;
       const packedOpArray = [
         packedOp.sender,
-        packedOp.nonce,
+        BigInt(packedOp.nonce),
         packedOp.initCode || "0x",
         packedOp.callData,
         packedOp.accountGasLimits,
-        packedOp.preVerificationGas,
+        BigInt(packedOp.preVerificationGas),
         packedOp.gasFees,
         packedOp.paymasterAndData || "0x",
         "0x"
       ];
-      return await entryPoint.getUserOpHash(packedOpArray);
+      return await read.getUserOpHash([packedOpArray]);
     }
   }
   // ── Bundler RPC ─────────────────────────────────────────────────
-  async estimateUserOperationGas(userOp, version = "0.6") {
+  async estimateUserOperationGas(userOp, version = "0.6" /* V0_6 */) {
     try {
-      return await this.bundlerProvider.send("eth_estimateUserOperationGas", [
+      return await this.bundlerRequest("eth_estimateUserOperationGas", [
         userOp,
         this.getEntryPointAddress(version)
       ]);
@@ -605,14 +605,14 @@ var EthereumProvider = class {
       };
     }
   }
-  async sendUserOperation(userOp, version = "0.6") {
-    return await this.bundlerProvider.send("eth_sendUserOperation", [
+  async sendUserOperation(userOp, version = "0.6" /* V0_6 */) {
+    return await this.bundlerRequest("eth_sendUserOperation", [
       userOp,
       this.getEntryPointAddress(version)
     ]);
   }
   async getUserOperationReceipt(userOpHash) {
-    return await this.bundlerProvider.send("eth_getUserOperationReceipt", [userOpHash]);
+    return await this.bundlerRequest("eth_getUserOperationReceipt", [userOpHash]);
   }
   async waitForUserOp(userOpHash, maxAttempts = 60) {
     const pollInterval = 2e3;
@@ -631,16 +631,16 @@ var EthereumProvider = class {
   }
   async getUserOperationGasPrice() {
     try {
-      const gasPrice = await this.bundlerProvider.send("pimlico_getUserOperationGasPrice", []);
+      const gasPrice = await this.bundlerRequest("pimlico_getUserOperationGasPrice", []);
       return {
         maxFeePerGas: gasPrice.fast.maxFeePerGas,
         maxPriorityFeePerGas: gasPrice.fast.maxPriorityFeePerGas
       };
     } catch {
       try {
-        const feeData = await this.provider.getFeeData();
-        const baseFee = feeData.maxFeePerGas || ethers.parseUnits("20", "gwei");
-        const priorityFee = feeData.maxPriorityFeePerGas || ethers.parseUnits("2", "gwei");
+        const feeData = await this.provider.estimateFeesPerGas();
+        const baseFee = feeData.maxFeePerGas || parseUnits("20", 9);
+        const priorityFee = feeData.maxPriorityFeePerGas || parseUnits("2", 9);
         const maxFeePerGas = baseFee * 3n / 2n;
         const maxPriorityFeePerGas = priorityFee * 3n / 2n;
         return {
@@ -649,13 +649,64 @@ var EthereumProvider = class {
         };
       } catch {
         return {
-          maxFeePerGas: "0x" + ethers.parseUnits("3", "gwei").toString(16),
-          maxPriorityFeePerGas: "0x" + ethers.parseUnits("1", "gwei").toString(16)
+          maxFeePerGas: "0x" + parseUnits("3", 9).toString(16),
+          // gwei
+          maxPriorityFeePerGas: "0x" + parseUnits("1", 9).toString(16)
+          // gwei
         };
       }
     }
   }
 };
+
+// ../airaccount/src/server/providers/typed-reads.ts
+function readFn(contract, name) {
+  return contract.read[name];
+}
+function readValidatorGasEstimate(validator, nodeCount) {
+  return readFn(validator, "getGasEstimate")([nodeCount]);
+}
+function readPredictedAddress(factory, owner, salt, config) {
+  return readFn(factory, "getAddress")([owner, salt, config]);
+}
+function readPredictedAddressWithDefaults(factory, owner, salt, guardian1, guardian2, dailyLimit) {
+  return readFn(factory, "getAddressWithDefaults")([
+    owner,
+    salt,
+    guardian1,
+    guardian2,
+    dailyLimit
+  ]);
+}
+async function readAccountTierLimits(account) {
+  const [tier1Limit, tier2Limit] = await Promise.all([
+    readFn(account, "tier1Limit")([]),
+    readFn(account, "tier2Limit")([])
+  ]);
+  return { tier1Limit, tier2Limit };
+}
+function readAlgorithmApproved(account, algId) {
+  return readFn(account, "approvedAlgorithms")([algId]);
+}
+async function readAccountGuardAddress(account) {
+  const config = await readFn(account, "getConfigDescription")([]);
+  return config.guardAddress;
+}
+async function readGuardDailyAllowance(guard) {
+  const [dailyLimit, dailyRemaining] = await Promise.all([
+    readFn(guard, "dailyLimit")([]),
+    readFn(guard, "remainingDailyAllowance")([])
+  ]);
+  return { dailyLimit, dailyRemaining };
+}
+function readBuildGrantHash(validator, account, sessionKey, cfg) {
+  return readFn(validator, "buildGrantHash")([account, sessionKey, cfg]);
+}
+function readBuildP256GrantHash(validator, account, keyX, keyY, cfg) {
+  return readFn(validator, "buildP256GrantHash")([account, keyX, keyY, cfg]);
+}
+
+// ../airaccount/src/server/services/account-manager.ts
 var AccountManager = class {
   constructor(ethereum, storage, signer, logger) {
     this.ethereum = ethereum;
@@ -673,12 +724,12 @@ var AccountManager = class {
     );
     if (existing) return existing;
     const factory = this.ethereum.getFactoryContract(version);
-    const validatorAddress = this.ethereum.getValidatorContract(version).target || this.ethereum.getValidatorAddress(version);
+    const validatorAddress = this.ethereum.getValidatorContract(version).address || this.ethereum.getValidatorAddress(version);
     const { address: signerAddress } = await this.signer.ensureSigner(userId);
     const salt = options?.salt ?? Math.floor(Math.random() * 1e6);
     const dailyLimitValue = options?.dailyLimit ?? 0n;
     const minimalConfig = [
-      [ethers.ZeroAddress, ethers.ZeroAddress, ethers.ZeroAddress],
+      [zeroAddress, zeroAddress, zeroAddress],
       // guardians (address[3])
       dailyLimitValue,
       // dailyLimit (0 = no guard)
@@ -691,11 +742,16 @@ var AccountManager = class {
       []
       // initialTokenConfigs
     ];
-    const accountAddress = await factory.getFunction("getAddress")(signerAddress, salt, minimalConfig);
+    const accountAddress = await readPredictedAddress(
+      factory,
+      signerAddress,
+      BigInt(salt),
+      minimalConfig
+    );
     let deployed = false;
     try {
-      const code = await this.ethereum.getProvider().getCode(accountAddress);
-      deployed = code !== "0x";
+      const code = await this.ethereum.getProvider().getCode({ address: accountAddress });
+      deployed = !!code && code !== "0x";
     } catch {
     }
     const account = {
@@ -707,7 +763,7 @@ var AccountManager = class {
       deploymentTxHash: null,
       validatorAddress,
       entryPointVersion: versionStr,
-      factoryAddress: factory.target || this.ethereum.getFactoryAddress(version),
+      factoryAddress: factory.address || this.ethereum.getFactoryAddress(version),
       createdAt: (/* @__PURE__ */ new Date()).toISOString(),
       // Persist dailyLimit so buildUserOperation can reconstruct identical initCode at deploy time.
       ...dailyLimitValue > 0n ? { dailyLimit: dailyLimitValue.toString() } : {}
@@ -739,7 +795,7 @@ var AccountManager = class {
     return {
       address: account.address,
       balance,
-      balanceInWei: ethers.parseEther(balance).toString()
+      balanceInWei: parseEther(balance).toString()
     };
   }
   async getAccountNonce(userId) {
@@ -775,10 +831,10 @@ var AccountManager = class {
         `salt value ${salt} exceeds Number.MAX_SAFE_INTEGER; pass as bigint to avoid precision loss`
       );
     }
-    return ethers.keccak256(
-      ethers.solidityPacked(
+    return keccak256(
+      solidityPacked(
         ["string", "uint256", "address", "address", "uint256", "uint256"],
-        ["ACCEPT_GUARDIAN", chainId, factoryAddress, owner, salt, dailyLimit]
+        ["ACCEPT_GUARDIAN", BigInt(chainId), factoryAddress, owner, BigInt(salt), dailyLimit]
       )
     );
   }
@@ -794,13 +850,11 @@ var AccountManager = class {
    * @param guardianSigs 65-byte EIP-191 hex signatures from required guardians
    */
   encodeModifyTierLimits(tier1, tier2, deadline, guardianSigs) {
-    const iface = new ethers.Interface(AIRACCOUNT_ABI);
-    return iface.encodeFunctionData("modifyTierLimitsWithGuardians", [
-      tier1,
-      tier2,
-      deadline,
-      guardianSigs
-    ]);
+    return encodeFunctionData({
+      abi: parseAbi(AIRACCOUNT_ABI),
+      functionName: "modifyTierLimitsWithGuardians",
+      args: [tier1, tier2, deadline, guardianSigs]
+    });
   }
   /**
    * Create an AirAccount with 3 on-chain guardians:
@@ -820,7 +874,7 @@ var AccountManager = class {
       throw new Error("Guardian accounts require dailyLimit > 0 (on-chain enforcement)");
     }
     const version = params.entryPointVersion ?? this.ethereum.getDefaultVersion();
-    if (version === "0.6") {
+    if (version === "0.6" /* V0_6 */) {
       throw new Error(
         "createAccountWithGuardians requires EntryPoint v0.7 or v0.8; v0.6 factory does not support getAddressWithDefaults"
       );
@@ -834,18 +888,19 @@ var AccountManager = class {
     const { address: signerAddress } = await this.signer.ensureSigner(userId);
     const salt = params.salt ?? Math.floor(Math.random() * 1e6);
     const factory = this.ethereum.getFactoryContract(version);
-    const factoryAddress = factory.target ?? this.ethereum.getFactoryAddress(version);
-    const accountAddress = await factory.getFunction("getAddressWithDefaults")(
+    const factoryAddress = factory.address ?? this.ethereum.getFactoryAddress(version);
+    const accountAddress = await readPredictedAddressWithDefaults(
+      factory,
       signerAddress,
-      salt,
+      BigInt(salt),
       params.guardian1,
       params.guardian2,
       params.dailyLimit
     );
     let deployed = false;
     try {
-      const code = await this.ethereum.getProvider().getCode(accountAddress);
-      deployed = code !== "0x";
+      const code = await this.ethereum.getProvider().getCode({ address: accountAddress });
+      deployed = !!code && code !== "0x";
     } catch {
     }
     const validatorAddress = this.ethereum.getValidatorAddress(version);
@@ -874,9 +929,13 @@ var AccountManager = class {
     return account;
   }
 };
-var EXECUTE_USER_OP_SELECTOR = ethers.id("executeUserOp((address,uint256,bytes,bytes,bytes32,uint256,bytes32,bytes,bytes),bytes32)").slice(0, 10);
-var EXECUTE_SELECTOR = ethers.id("execute(address,uint256,bytes)").slice(0, 10);
-var EXECUTE_BATCH_SELECTOR = ethers.id("executeBatch(address[],uint256[],bytes[])").slice(0, 10);
+var EXECUTE_USER_OP_SELECTOR = selectorFromId(
+  "executeUserOp((address,uint256,bytes,bytes,bytes32,uint256,bytes32,bytes,bytes),bytes32)"
+);
+var EXECUTE_SELECTOR = selectorFromId("execute(address,uint256,bytes)");
+var EXECUTE_BATCH_SELECTOR = selectorFromId(
+  "executeBatch(address[],uint256[],bytes[])"
+);
 function wrapExecuteUserOp(innerCallData) {
   if (!/^0x[0-9a-fA-F]*$/.test(innerCallData) || innerCallData.length < 10) {
     throw new Error("wrapExecuteUserOp: innerCallData must be 0x-prefixed calldata with a 4-byte selector");
@@ -887,7 +946,7 @@ function wrapExecuteUserOp(innerCallData) {
       `wrapExecuteUserOp: only execute()/executeBatch() may be wrapped (got selector ${sel}); the account reverts UnsupportedInnerSelector otherwise`
     );
   }
-  return ethers.concat([EXECUTE_USER_OP_SELECTOR, innerCallData]);
+  return concat([EXECUTE_USER_OP_SELECTOR, innerCallData]);
 }
 function isExecuteUserOpWrapped(callData) {
   return callData.slice(0, 10).toLowerCase() === EXECUTE_USER_OP_SELECTOR;
@@ -903,12 +962,16 @@ var PaymasterPriceStalenessError = class extends Error {
     this.name = "PaymasterPriceStalenessError";
   }
 };
-var PAYMASTER_PRICE_ABI = [
+var PAYMASTER_PRICE_ABI = parseAbi([
   "function token() view returns (address)",
   "function cachedPriceTimestamp() view returns (uint256)",
   "function priceStalenessThreshold() view returns (uint256)",
   "function updatePrice() external"
-];
+]);
+var SUPER_PAYMASTER_DETECT_ABI = parseAbi([
+  "function owner() view returns (address)",
+  "function operators(address) view returns (bool,uint256,address,uint256)"
+]);
 var PaymasterManager = class {
   constructor(ethereum, storage, logger) {
     this.ethereum = ethereum;
@@ -946,10 +1009,14 @@ var PaymasterManager = class {
    */
   async checkPriceFreshness(paymasterAddress) {
     const provider = this.ethereum.getProvider();
-    const contract = new ethers.Contract(paymasterAddress, PAYMASTER_PRICE_ABI, provider);
+    const contract = getContract({
+      address: paymasterAddress,
+      abi: PAYMASTER_PRICE_ABI,
+      client: provider
+    });
     const [timestamp, threshold] = await Promise.all([
-      contract.cachedPriceTimestamp(),
-      contract.priceStalenessThreshold()
+      contract.read.cachedPriceTimestamp(),
+      contract.read.priceStalenessThreshold()
     ]);
     const nowSeconds = Math.floor(Date.now() / 1e3);
     const ageSeconds = nowSeconds - Number(timestamp);
@@ -964,14 +1031,26 @@ var PaymasterManager = class {
    * Call `updatePrice()` on a paymaster contract (permissionless).
    * Useful when `checkPriceFreshness()` reports stale price.
    *
-   * @param signer - An ethers Signer that will send the transaction (must have gas).
+   * @param walletClient - A viem WalletClient (with an account) that will send
+   *   the transaction (must have gas). Replaces the former ethers Signer param.
    */
-  async updatePrice(paymasterAddress, signer) {
-    const contract = new ethers.Contract(paymasterAddress, PAYMASTER_PRICE_ABI, signer);
-    const tx = await contract.updatePrice({ gasLimit: 3e5 });
-    await tx.wait();
-    this.logger.log(`Paymaster ${paymasterAddress} price updated, tx: ${tx.hash}`);
-    return tx.hash;
+  async updatePrice(paymasterAddress, walletClient) {
+    const account = walletClient.account;
+    if (!account) {
+      throw new Error("updatePrice requires a WalletClient with a configured account");
+    }
+    const hash = await walletClient.writeContract({
+      address: paymasterAddress,
+      abi: PAYMASTER_PRICE_ABI,
+      functionName: "updatePrice",
+      args: [],
+      gas: BigInt(3e5),
+      account,
+      chain: walletClient.chain
+    });
+    await this.ethereum.getProvider().waitForTransactionReceipt({ hash });
+    this.logger.log(`Paymaster ${paymasterAddress} price updated, tx: ${hash}`);
+    return hash;
   }
   async getPaymasterData(userId, paymasterName, userOp, entryPoint, customAddress, options) {
     if (paymasterName === "custom-user-provided" && customAddress) {
@@ -985,16 +1064,13 @@ var PaymasterManager = class {
         let isSuperPaymaster = false;
         let operatorAddress = "0x";
         try {
-          const spContract = new ethers.Contract(
-            formattedAddress,
-            [
-              "function owner() view returns (address)",
-              "function operators(address) view returns (bool,uint256,address,uint256)"
-            ],
-            provider
-          );
-          const owner = await spContract.owner();
-          const opInfo = await spContract.operators(owner);
+          const spContract = getContract({
+            address: formattedAddress,
+            abi: SUPER_PAYMASTER_DETECT_ABI,
+            client: provider
+          });
+          const owner = await spContract.read.owner();
+          const opInfo = await spContract.read.operators([owner]);
           if (opInfo && opInfo[0] === true) {
             isSuperPaymaster = true;
             operatorAddress = owner;
@@ -1006,12 +1082,12 @@ var PaymasterManager = class {
           const verGas = BigInt(8e4);
           const postGas = BigInt(3e5);
           const maxRate = (BigInt(1) << BigInt(256)) - BigInt(1);
-          return ethers.concat([
+          return concat([
             formattedAddress,
-            ethers.zeroPadValue(ethers.toBeHex(verGas), 16),
-            ethers.zeroPadValue(ethers.toBeHex(postGas), 16),
+            numberToHex(verGas, { size: 16 }),
+            numberToHex(postGas, { size: 16 }),
             operatorAddress,
-            ethers.zeroPadValue(ethers.toBeHex(maxRate), 32)
+            numberToHex(maxRate, { size: 32 })
           ]);
         }
         const paymasterVerificationGasLimit = BigInt(196608);
@@ -1021,13 +1097,13 @@ var PaymasterManager = class {
           this.logger.log(`PaymasterV4 token from options: ${tokenAddress}`);
         } else {
           try {
-            const pmContract = new ethers.Contract(
-              formattedAddress,
-              PAYMASTER_PRICE_ABI,
-              provider
-            );
-            tokenAddress = await pmContract.token();
-            if (tokenAddress === ethers.ZeroAddress) tokenAddress = null;
+            const pmContract = getContract({
+              address: formattedAddress,
+              abi: PAYMASTER_PRICE_ABI,
+              client: provider
+            });
+            tokenAddress = await pmContract.read.token();
+            if (tokenAddress === zeroAddress) tokenAddress = null;
             if (tokenAddress) {
               this.logger.log(`PaymasterV4 token auto-detected: ${tokenAddress}`);
             }
@@ -1037,13 +1113,13 @@ var PaymasterManager = class {
         }
         const parts = [
           formattedAddress,
-          ethers.zeroPadValue(ethers.toBeHex(paymasterVerificationGasLimit), 16),
-          ethers.zeroPadValue(ethers.toBeHex(paymasterPostOpGasLimit), 16)
+          numberToHex(paymasterVerificationGasLimit, { size: 16 }),
+          numberToHex(paymasterPostOpGasLimit, { size: 16 })
         ];
         if (tokenAddress) {
           parts.push(tokenAddress);
         }
-        return ethers.concat(parts);
+        return concat(parts);
       }
       return formattedAddress;
     }
@@ -1098,16 +1174,12 @@ var PaymasterManager = class {
         return result.result.paymasterAndData;
       }
       if (result.result.paymaster) {
-        return ethers.concat([
+        return concat([
           result.result.paymaster,
-          ethers.zeroPadValue(
-            ethers.toBeHex(BigInt(result.result.paymasterVerificationGasLimit || "0x30000")),
-            16
-          ),
-          ethers.zeroPadValue(
-            ethers.toBeHex(BigInt(result.result.paymasterPostOpGasLimit || "0x30000")),
-            16
-          ),
+          numberToHex(BigInt(result.result.paymasterVerificationGasLimit || "0x30000"), {
+            size: 16
+          }),
+          numberToHex(BigInt(result.result.paymasterPostOpGasLimit || "0x30000"), { size: 16 }),
           result.result.paymasterData || "0x"
         ]);
       }
@@ -1153,80 +1225,27 @@ var PaymasterManager = class {
     }
   }
 };
-var ERC4337Utils = class _ERC4337Utils {
-  static packAccountGasLimits(verificationGasLimit, callGasLimit) {
-    const vgl = BigInt(verificationGasLimit);
-    const cgl = BigInt(callGasLimit);
-    const packed = vgl << 128n | cgl;
-    return "0x" + packed.toString(16).padStart(64, "0");
-  }
-  static unpackAccountGasLimits(accountGasLimits) {
-    const packed = BigInt(accountGasLimits);
-    return {
-      verificationGasLimit: packed >> 128n,
-      callGasLimit: packed & (1n << 128n) - 1n
-    };
-  }
-  static packGasFees(maxPriorityFeePerGas, maxFeePerGas) {
-    const priority = BigInt(maxPriorityFeePerGas);
-    const max = BigInt(maxFeePerGas);
-    const packed = priority << 128n | max;
-    return "0x" + packed.toString(16).padStart(64, "0");
-  }
-  static unpackGasFees(gasFees) {
-    const packed = BigInt(gasFees);
-    return {
-      maxPriorityFeePerGas: packed >> 128n,
-      maxFeePerGas: packed & (1n << 128n) - 1n
-    };
-  }
-  static packUserOperation(userOp) {
-    return {
-      sender: userOp.sender,
-      nonce: userOp.nonce,
-      initCode: userOp.initCode || "0x",
-      callData: userOp.callData,
-      accountGasLimits: _ERC4337Utils.packAccountGasLimits(
-        userOp.verificationGasLimit,
-        userOp.callGasLimit
-      ),
-      preVerificationGas: userOp.preVerificationGas,
-      gasFees: _ERC4337Utils.packGasFees(userOp.maxPriorityFeePerGas, userOp.maxFeePerGas),
-      paymasterAndData: userOp.paymasterAndData || "0x",
-      signature: userOp.signature || "0x"
-    };
-  }
-  static unpackUserOperation(packedOp) {
-    const gasLimits = _ERC4337Utils.unpackAccountGasLimits(packedOp.accountGasLimits);
-    const gasFees = _ERC4337Utils.unpackGasFees(packedOp.gasFees);
-    return {
-      sender: packedOp.sender,
-      nonce: packedOp.nonce,
-      initCode: packedOp.initCode,
-      callData: packedOp.callData,
-      callGasLimit: "0x" + gasLimits.callGasLimit.toString(16),
-      verificationGasLimit: "0x" + gasLimits.verificationGasLimit.toString(16),
-      preVerificationGas: packedOp.preVerificationGas,
-      maxFeePerGas: "0x" + gasFees.maxFeePerGas.toString(16),
-      maxPriorityFeePerGas: "0x" + gasFees.maxPriorityFeePerGas.toString(16),
-      paymasterAndData: packedOp.paymasterAndData,
-      signature: packedOp.signature
-    };
-  }
-};
+
+// ../airaccount/src/server/services/transfer-manager.ts
+var AIRACCOUNT_ABI_PARSED = parseAbi(AIRACCOUNT_ABI);
+var AIRACCOUNT_FACTORY_ABI_PARSED = parseAbi(AIRACCOUNT_FACTORY_ABI);
+var FACTORY_ABI_V6_PARSED = parseAbi(FACTORY_ABI_V6);
+var VALIDATOR_GETTER_ABI = parseAbi(["function validator() view returns (address)"]);
+function encodeFn(abi, functionName, args) {
+  return encodeFunctionData({ abi, functionName, args });
+}
 async function detectSignatureStrategy(provider, accountAddress) {
   try {
-    const accountCode = await provider.getCode(accountAddress);
-    if (accountCode === "0x") {
+    const accountCode = await provider.getCode({ address: accountAddress });
+    if (!accountCode || accountCode === "0x") {
       return { useECDSA: true, isCompositeValidator: true };
     }
-    const acc = new ethers.Contract(
-      accountAddress,
-      ["function validator() view returns (address)"],
-      provider
-    );
-    const v = await acc.validator();
-    return { useECDSA: v === ethers.ZeroAddress, isCompositeValidator: true };
+    const v = await provider.readContract({
+      address: accountAddress,
+      abi: VALIDATOR_GETTER_ABI,
+      functionName: "validator"
+    });
+    return { useECDSA: v === zeroAddress, isCompositeValidator: true };
   } catch {
     return { useECDSA: true, isCompositeValidator: false };
   }
@@ -1252,8 +1271,8 @@ var TransferManager = class {
   async executeTransfer(userId, params) {
     const account = await this.accountManager.getAccountByUserId(userId);
     if (!account) throw new Error("User account not found");
-    const code = await this.ethereum.getProvider().getCode(account.address);
-    const needsDeployment = code === "0x";
+    const code = await this.ethereum.getProvider().getCode({ address: account.address });
+    const needsDeployment = !code || code === "0x";
     if (needsDeployment) {
       this.logger.log("Account needs deployment, will deploy with first transaction");
     }
@@ -1293,7 +1312,7 @@ var TransferManager = class {
     const assertionCtx = params.passkeyAssertion ? { assertion: params.passkeyAssertion } : void 0;
     let useECDSA = false;
     let isCompositeValidator = false;
-    if (version === "0.7" || version === "0.8") {
+    if (version === "0.7" /* V0_7 */ || version === "0.8" /* V0_8 */) {
       const provider = this.ethereum.getProvider();
       ({ useECDSA, isCompositeValidator } = await detectSignatureStrategy(
         provider,
@@ -1301,17 +1320,23 @@ var TransferManager = class {
       ));
     }
     if (useECDSA) {
-      const signer = await this.signer.getSigner(userId, assertionCtx);
-      const ecdsaSig = await signer.signMessage(ethers.getBytes(userOpHash));
+      const ecdsaSig = await this.signer.signMessage(
+        userId,
+        hexToBytes(userOpHash),
+        assertionCtx
+      );
       if (isCompositeValidator) {
         this.logger.log("ECDSA path for compositeValidator: prepending algId prefix");
-        userOp.signature = ethers.concat([ethers.toBeHex(ALG_ID.ECDSA, 1), ecdsaSig]);
+        userOp.signature = concat([
+          numberToHex(ALG_ID.ECDSA, { size: 1 }),
+          ecdsaSig
+        ]);
       } else {
         this.logger.log("ECDSA path for non-compositeValidator: raw signature");
         userOp.signature = ecdsaSig;
       }
     } else if (params.useAirAccountTiering && this.guardChecker) {
-      const transferValue = params.tokenAddress ? 0n : ethers.parseEther(params.amount);
+      const transferValue = params.tokenAddress ? 0n : parseEther(params.amount);
       const preCheck = await this.guardChecker.preCheck(account.address, transferValue);
       if (!preCheck.ok) {
         throw new Error(`Guard pre-check failed: ${preCheck.errors.join("; ")}`);
@@ -1330,7 +1355,10 @@ var TransferManager = class {
     } else {
       const blsData = await this.blsService.generateBLSSignature(userId, userOpHash, assertionCtx);
       const packedBls = await this.blsService.packSignature(blsData);
-      userOp.signature = ethers.concat([ethers.toBeHex(ALG_ID.BLS, 1), packedBls]);
+      userOp.signature = concat([
+        numberToHex(ALG_ID.BLS, { size: 1 }),
+        packedBls
+      ]);
     }
     const transferId = generateId();
     let tokenSymbol = "ETH";
@@ -1383,8 +1411,8 @@ var TransferManager = class {
         status: "completed",
         completedAt: (/* @__PURE__ */ new Date()).toISOString()
       });
-      const code = await this.ethereum.getProvider().getCode(from);
-      if (code !== "0x") {
+      const code = await this.ethereum.getProvider().getCode({ address: from });
+      if (code && code !== "0x") {
         const account = (await this.storage.getAccounts()).find((a) => a.address === from);
         if (account && !account.deployed) {
           await this.storage.updateAccount(account.userId, {
@@ -1436,7 +1464,7 @@ var TransferManager = class {
     const gasEstimates = await this.ethereum.estimateUserOperationGas(formatted, version);
     const gasPrices = await this.ethereum.getUserOperationGasPrice();
     const validatorContract = this.ethereum.getValidatorContract(version);
-    const validatorGasEstimate = await validatorContract.getGasEstimate(3);
+    const validatorGasEstimate = await readValidatorGasEstimate(validatorContract, 3n);
     return {
       callGasLimit: gasEstimates.callGasLimit,
       verificationGasLimit: gasEstimates.verificationGasLimit,
@@ -1486,28 +1514,27 @@ var TransferManager = class {
     };
   }
   // ── Private helpers ─────────────────────────────────────────────
-  async buildUserOperation(userId, sender, to, amount, data, usePaymaster, paymasterAddress, _paymasterData, tokenAddress, version = "0.6", paymasterTokenAddress, wrapExecuteUserOpFlag = false) {
-    const accountContract = this.ethereum.getAccountContract(sender);
+  async buildUserOperation(userId, sender, to, amount, data, usePaymaster, paymasterAddress, _paymasterData, tokenAddress, version = "0.6" /* V0_6 */, paymasterTokenAddress, wrapExecuteUserOpFlag = false) {
     const nonce = await this.ethereum.getNonce(sender, 0, version);
     const provider = this.ethereum.getProvider();
-    const code = await provider.getCode(sender);
-    const needsDeployment = code === "0x";
+    const code = await provider.getCode({ address: sender });
+    const needsDeployment = !code || code === "0x";
     let initCode = "0x";
     if (needsDeployment) {
       const accounts = await this.storage.getAccounts();
       const account = accounts.find((a) => a.address === sender);
       if (account) {
         const factory = this.ethereum.getFactoryContract(version);
-        const factoryAddress = await factory.getAddress();
+        const factoryAddress = factory.address;
         let deployCalldata;
-        if (version === "0.7" || version === "0.8") {
+        if (version === "0.7" /* V0_7 */ || version === "0.8" /* V0_8 */) {
           const storedDailyLimit = account.dailyLimit ? BigInt(account.dailyLimit) : 0n;
           if (account.guardian1 && account.guardian2 && account.guardian1Sig && account.guardian2Sig) {
             const sig1 = account.guardian1Sig.startsWith("0x") ? account.guardian1Sig : `0x${account.guardian1Sig}`;
             const sig2 = account.guardian2Sig.startsWith("0x") ? account.guardian2Sig : `0x${account.guardian2Sig}`;
-            deployCalldata = factory.interface.encodeFunctionData("createAccountWithDefaults", [
+            deployCalldata = encodeFn(AIRACCOUNT_FACTORY_ABI_PARSED, "createAccountWithDefaults", [
               account.signerAddress,
-              account.salt,
+              BigInt(account.salt),
               account.guardian1,
               sig1,
               account.guardian2,
@@ -1516,7 +1543,7 @@ var TransferManager = class {
             ]);
           } else {
             const minimalConfig = [
-              [ethers.ZeroAddress, ethers.ZeroAddress, ethers.ZeroAddress],
+              [zeroAddress, zeroAddress, zeroAddress],
               // guardians (address[3])
               storedDailyLimit,
               [],
@@ -1528,25 +1555,22 @@ var TransferManager = class {
               []
               // initialTokenConfigs
             ];
-            deployCalldata = factory.interface.encodeFunctionData("createAccount", [
+            deployCalldata = encodeFn(AIRACCOUNT_FACTORY_ABI_PARSED, "createAccount", [
               account.signerAddress,
-              account.salt,
+              BigInt(account.salt),
               minimalConfig
             ]);
           }
         } else {
-          deployCalldata = factory.interface.encodeFunctionData(
-            "createAccountWithAAStarValidator",
-            [
-              account.signerAddress,
-              account.signerAddress,
-              account.validatorAddress,
-              true,
-              account.salt
-            ]
-          );
+          deployCalldata = encodeFn(FACTORY_ABI_V6_PARSED, "createAccountWithAAStarValidator", [
+            account.signerAddress,
+            account.signerAddress,
+            account.validatorAddress,
+            true,
+            BigInt(account.salt)
+          ]);
         }
-        initCode = ethers.concat([factoryAddress, deployCalldata]);
+        initCode = concat([factoryAddress, deployCalldata]);
       }
     }
     let callData;
@@ -1557,23 +1581,15 @@ var TransferManager = class {
         amount,
         tokenInfo.decimals
       );
-      callData = accountContract.interface.encodeFunctionData("execute", [
-        tokenAddress,
-        0,
-        transferCalldata
-      ]);
+      callData = encodeFn(AIRACCOUNT_ABI_PARSED, "execute", [tokenAddress, 0n, transferCalldata]);
     } else {
-      callData = accountContract.interface.encodeFunctionData("execute", [
-        to,
-        ethers.parseEther(amount),
-        data
-      ]);
+      callData = encodeFn(AIRACCOUNT_ABI_PARSED, "execute", [to, parseEther(amount), data]);
     }
     if (wrapExecuteUserOpFlag) {
       callData = wrapExecuteUserOp(callData);
     }
     const gasPrices = await this.ethereum.getUserOperationGasPrice();
-    const isV07 = version === "0.7" || version === "0.8";
+    const isV07 = version === "0.7" /* V0_7 */ || version === "0.8" /* V0_8 */;
     let baseUserOp;
     if (isV07) {
       let factory;
@@ -1670,13 +1686,13 @@ var TransferManager = class {
       paymasterAndData,
       signature: "0x"
     };
-    if (version === "0.7" || version === "0.8") {
+    if (version === "0.7" /* V0_7 */ || version === "0.8" /* V0_8 */) {
       return ERC4337Utils.packUserOperation(standardUserOp);
     }
     return standardUserOp;
   }
-  formatUserOpForBundler(userOp, version = "0.6") {
-    if (version === "0.7" || version === "0.8") {
+  formatUserOpForBundler(userOp, version = "0.6" /* V0_6 */) {
+    if (version === "0.7" /* V0_7 */ || version === "0.8" /* V0_8 */) {
       const packedOp = userOp;
       const gasLimits = ERC4337Utils.unpackAccountGasLimits(packedOp.accountGasLimits);
       const gasFees = ERC4337Utils.unpackGasFees(packedOp.gasFees);
@@ -1743,181 +1759,6 @@ var TransferManager = class {
     };
   }
 };
-var BLSManager = class {
-  config;
-  constructor(config) {
-    this.config = config;
-  }
-  /**
-   * Discover available BLS nodes from seed nodes (Gossip network)
-   */
-  async getAvailableNodes() {
-    const { seedNodes, discoveryTimeout = 5e3 } = this.config;
-    for (const seedEndpoint of seedNodes) {
-      try {
-        const response = await axios.get(`${seedEndpoint}/gossip/peers`, {
-          timeout: discoveryTimeout
-        });
-        const peers = response.data.peers || [];
-        const activeNodes = peers.filter((p) => p.status === "active" && p.apiEndpoint && p.publicKey).map((p, index) => ({
-          index: index + 1,
-          // 1-based index likely expected by contract if using bitmap
-          nodeId: p.nodeId,
-          nodeName: p.nodeName,
-          apiEndpoint: p.apiEndpoint,
-          status: "active",
-          publicKey: p.publicKey
-        }));
-        if (activeNodes.length > 0) {
-          return activeNodes;
-        }
-      } catch {
-        continue;
-      }
-    }
-    return [];
-  }
-  /**
-   * Helper to pack the full signature for ERC-4337 UserOp
-   * Format: [nodeIdsLength][nodeIds...][blsSignature][messagePoint][aaSignature][messagePointSignature]
-   */
-  packSignature(data) {
-    if (!data.nodeIds || !data.aaSignature || !data.messagePointSignature) {
-      throw new Error("Missing required signature components");
-    }
-    const nodeIdsLength = ethers.solidityPacked(["uint256"], [data.nodeIds.length]);
-    const nodeIdsBytes = ethers.solidityPacked(
-      Array(data.nodeIds.length).fill("bytes32"),
-      data.nodeIds
-    );
-    return ethers.solidityPacked(
-      ["bytes", "bytes", "bytes", "bytes", "bytes", "bytes"],
-      [
-        nodeIdsLength,
-        nodeIdsBytes,
-        data.signature,
-        data.messagePoint,
-        data.aaSignature,
-        data.messagePointSignature
-      ]
-    );
-  }
-  /**
-   * Calculate the MessagePoint G2 point for a given message (UserOpHash)
-   */
-  async generateMessagePoint(message) {
-    const messageBytes = typeof message === "string" ? ethers.getBytes(message) : message;
-    const DST = "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_";
-    const messagePointBLS = await bls12_381.G2.hashToCurve(messageBytes, { DST });
-    const messageG2EIP = this.encodeG2Point(messagePointBLS);
-    return "0x" + Buffer.from(messageG2EIP).toString("hex");
-  }
-  /**
-   * Encode G2 Point to bytes for EIP-2537 format
-   */
-  encodeG2Point(point) {
-    const result = new Uint8Array(256);
-    const affine = point.toAffine();
-    const x0Bytes = this.hexToBytes(affine.x.c0.toString(16).padStart(96, "0"));
-    const x1Bytes = this.hexToBytes(affine.x.c1.toString(16).padStart(96, "0"));
-    const y0Bytes = this.hexToBytes(affine.y.c0.toString(16).padStart(96, "0"));
-    const y1Bytes = this.hexToBytes(affine.y.c1.toString(16).padStart(96, "0"));
-    result.set(x0Bytes, 16);
-    result.set(x1Bytes, 80);
-    result.set(y0Bytes, 144);
-    result.set(y1Bytes, 208);
-    return result;
-  }
-  hexToBytes(hex) {
-    if (hex.startsWith("0x")) hex = hex.slice(2);
-    const bytes = new Uint8Array(hex.length / 2);
-    for (let i = 0; i < hex.length; i += 2) {
-      bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
-    }
-    return bytes;
-  }
-  /**
-   * Pack cumulative Tier 2 signature (algId 0x04): P256 + BLS.
-   *
-   * Format:
-   *   [algId=0x04 (1)] [P256 r (32)] [P256 s (32)]
-   *   [nodeIdsLength (32)] [nodeIds (N×32)]
-   *   [blsAggregateSig (256)] [messagePoint (256)]
-   *   [messagePointECDSA (65)]
-   */
-  packCumulativeT2Signature(data) {
-    const nodeIdsLength = ethers.solidityPacked(["uint256"], [data.nodeIds.length]);
-    const nodeIdsBytes = ethers.solidityPacked(
-      Array(data.nodeIds.length).fill("bytes32"),
-      data.nodeIds
-    );
-    return ethers.solidityPacked(
-      ["bytes1", "bytes", "bytes", "bytes", "bytes", "bytes", "bytes"],
-      [
-        "0x04",
-        data.p256Signature,
-        nodeIdsLength,
-        nodeIdsBytes,
-        data.blsSignature,
-        data.messagePoint,
-        data.messagePointSignature
-      ]
-    );
-  }
-  /**
-   * Pack cumulative Tier 3 signature (algId 0x05): P256 + BLS + Guardian.
-   *
-   * Format:
-   *   [algId=0x05 (1)] [P256 r (32)] [P256 s (32)]
-   *   [nodeIdsLength (32)] [nodeIds (N×32)]
-   *   [blsAggregateSig (256)] [messagePoint (256)]
-   *   [messagePointECDSA (65)] [guardianECDSA (65)]
-   */
-  packCumulativeT3Signature(data) {
-    const nodeIdsLength = ethers.solidityPacked(["uint256"], [data.nodeIds.length]);
-    const nodeIdsBytes = ethers.solidityPacked(
-      Array(data.nodeIds.length).fill("bytes32"),
-      data.nodeIds
-    );
-    return ethers.solidityPacked(
-      ["bytes1", "bytes", "bytes", "bytes", "bytes", "bytes", "bytes", "bytes"],
-      [
-        "0x05",
-        data.p256Signature,
-        nodeIdsLength,
-        nodeIdsBytes,
-        data.blsSignature,
-        data.messagePoint,
-        data.messagePointSignature,
-        data.guardianSignature
-      ]
-    );
-  }
-  /**
-   * Request signature from a single node
-   */
-  async requestNodeSignature(node, message) {
-    const response = await axios.post(`${node.apiEndpoint}/signature/sign`, {
-      message
-    });
-    const signatureEIP = response.data.signature;
-    const signature = response.data.signatureCompact || signatureEIP;
-    return {
-      signature: signature.startsWith("0x") ? signature : `0x${signature}`,
-      publicKey: response.data.publicKey
-    };
-  }
-  /**
-   * Request aggregation from a node
-   */
-  async aggregateSignatures(node, signatures) {
-    const response = await axios.post(`${node.apiEndpoint}/signature/aggregate`, {
-      signatures
-    });
-    const sig = response.data.signature;
-    return sig.startsWith("0x") ? sig : `0x${sig}`;
-  }
-};
 var DvtPendingConfirmationError = class extends Error {
   constructor(userOpHash, nodeEndpoint) {
     super(
@@ -2016,16 +1857,23 @@ var BLSSignatureService = class {
     if (!account) {
       throw new Error(`User account not found for userId: ${userId}`);
     }
-    const wallet = await this.signer.getSigner(userId, ctx);
-    const walletAddress = await wallet.getAddress();
+    const walletAddress = await this.signer.getAddress(userId);
     if (walletAddress.toLowerCase() !== account.signerAddress.toLowerCase()) {
       throw new Error(
         `Wallet address mismatch! Wallet: ${walletAddress}, Expected: ${account.signerAddress}`
       );
     }
-    const aaSignature = await wallet.signMessage(ethers.getBytes(userOpHash));
-    const messagePointHash = ethers.keccak256(messagePoint);
-    const messagePointSignature = await wallet.signMessage(ethers.getBytes(messagePointHash));
+    const aaSignature = await this.signer.signMessage(
+      userId,
+      hexToBytes(userOpHash),
+      ctx
+    );
+    const messagePointHash = keccak256(messagePoint);
+    const messagePointSignature = await this.signer.signMessage(
+      userId,
+      hexToBytes(messagePointHash),
+      ctx
+    );
     return {
       nodeIds: signerNodeIds,
       signature: aggregatedSignature,
@@ -2051,7 +1899,7 @@ var BLSSignatureService = class {
    * @param userId - User ID for account lookup
    * @param userOpHash - The UserOp hash to sign
    * @param p256Signature - P256 passkey signature (64 bytes, required for tier 2/3)
-   * @param guardianSigner - Guardian ethers.Signer (required for tier 3)
+   * @param guardianSigner - Guardian signer (required for tier 3)
    * @param ctx - Optional passkey assertion context for KMS signing
    */
   async generateTieredSignature(params) {
@@ -2060,8 +1908,7 @@ var BLSSignatureService = class {
     if (tier === 1) {
       const account = await this.storage.findAccountByUserId(userId);
       if (!account) throw new Error(`User account not found for userId: ${userId}`);
-      const wallet = await this.signer.getSigner(userId, ctx);
-      return wallet.signMessage(ethers.getBytes(userOpHash));
+      return this.signer.signMessage(userId, hexToBytes(userOpHash), ctx);
     }
     if (!p256Signature) {
       throw new Error(`P256 signature required for Tier ${tier}`);
@@ -2080,7 +1927,9 @@ var BLSSignatureService = class {
     if (!guardianSigner) {
       throw new Error("Guardian signer required for Tier 3");
     }
-    const guardianSignature = await guardianSigner.signMessage(ethers.getBytes(userOpHash));
+    const guardianSignature = await guardianSigner.signMessage(
+      hexToBytes(userOpHash)
+    );
     const t3Data = {
       p256Signature,
       nodeIds: blsData.nodeIds,
@@ -2092,17 +1941,18 @@ var BLSSignatureService = class {
     return manager.packCumulativeT3Signature(t3Data);
   }
 };
+var ERC20_ABI_PARSED = parseAbi(ERC20_ABI);
 var TokenService = class {
   constructor(ethereum) {
     this.ethereum = ethereum;
   }
   async getTokenInfo(tokenAddress) {
-    const provider = this.ethereum.getProvider();
-    const contract = new ethers.Contract(tokenAddress, ERC20_ABI, provider);
+    const client = this.ethereum.getProvider();
+    const address = tokenAddress;
     const [name, symbol, decimals] = await Promise.all([
-      contract.name(),
-      contract.symbol(),
-      contract.decimals()
+      client.readContract({ address, abi: ERC20_ABI_PARSED, functionName: "name" }),
+      client.readContract({ address, abi: ERC20_ABI_PARSED, functionName: "symbol" }),
+      client.readContract({ address, abi: ERC20_ABI_PARSED, functionName: "decimals" })
     ]);
     return {
       address: tokenAddress.toLowerCase(),
@@ -2112,10 +1962,14 @@ var TokenService = class {
     };
   }
   async getTokenBalance(tokenAddress, walletAddress) {
-    const provider = this.ethereum.getProvider();
-    const contract = new ethers.Contract(tokenAddress, ERC20_ABI, provider);
+    const client = this.ethereum.getProvider();
     try {
-      const balance = await contract.balanceOf(walletAddress);
+      const balance = await client.readContract({
+        address: tokenAddress,
+        abi: ERC20_ABI_PARSED,
+        functionName: "balanceOf",
+        args: [walletAddress]
+      });
       return balance.toString();
     } catch {
       return "0";
@@ -2124,20 +1978,27 @@ var TokenService = class {
   async getFormattedTokenBalance(tokenAddress, walletAddress) {
     const tokenInfo = await this.getTokenInfo(tokenAddress);
     const rawBalance = await this.getTokenBalance(tokenAddress, walletAddress);
-    const formattedBalance = ethers.formatUnits(rawBalance, tokenInfo.decimals);
+    const formattedBalance = formatUnits(BigInt(rawBalance), tokenInfo.decimals);
     return { token: tokenInfo, balance: rawBalance, formattedBalance };
   }
   generateTransferCalldata(to, amount, decimals) {
-    const contract = new ethers.Contract(ethers.ZeroAddress, ERC20_ABI);
-    const parsedAmount = ethers.parseUnits(amount, decimals);
-    return contract.interface.encodeFunctionData("transfer", [to, parsedAmount]);
+    const parsedAmount = parseUnits(amount, decimals);
+    return encodeFunctionData({
+      abi: ERC20_ABI_PARSED,
+      functionName: "transfer",
+      args: [to, parsedAmount]
+    });
   }
   async validateToken(tokenAddress) {
     try {
-      const provider = this.ethereum.getProvider();
-      const contract = new ethers.Contract(tokenAddress, ERC20_ABI, provider);
+      const client = this.ethereum.getProvider();
+      const address = tokenAddress;
       const [name, symbol, decimals] = await Promise.race([
-        Promise.all([contract.name(), contract.symbol(), contract.decimals()]),
+        Promise.all([
+          client.readContract({ address, abi: ERC20_ABI_PARSED, functionName: "name" }),
+          client.readContract({ address, abi: ERC20_ABI_PARSED, functionName: "symbol" }),
+          client.readContract({ address, abi: ERC20_ABI_PARSED, functionName: "decimals" })
+        ]),
         new Promise((_, reject) => setTimeout(() => reject(new Error("Timeout")), 1e4))
       ]);
       return {
@@ -2157,6 +2018,8 @@ var TokenService = class {
     }
   }
 };
+
+// ../airaccount/src/server/services/wallet-manager.ts
 var WalletManager = class {
   constructor(signer) {
     this.signer = signer;
@@ -2164,14 +2027,16 @@ var WalletManager = class {
   async getAddress(userId) {
     return this.signer.getAddress(userId);
   }
-  async getSigner(userId) {
-    return this.signer.getSigner(userId);
+  async signMessage(userId, message, ctx) {
+    return this.signer.signMessage(userId, message, ctx);
   }
   async ensureSigner(userId) {
     return this.signer.ensureSigner(userId);
   }
 };
-var YAAAServerClient = class {
+
+// ../airaccount/src/server/server-client.ts
+var AirAccountServerClient = class {
   ethereum;
   accounts;
   transfers;
@@ -2206,24 +2071,47 @@ var YAAAServerClient = class {
     );
   }
 };
+var YAAAServerClient = AirAccountServerClient;
+function hashMessage(message) {
+  if (typeof message === "string") return hashMessage$1(message);
+  return hashMessage$1({ raw: message });
+}
+async function recoverAddress(hash, signature) {
+  return recoverAddress$1({ hash, signature });
+}
+function buildAuthorizationHash(chainId, nonce, delegateAddress) {
+  const encoded = toRlp([
+    chainId === 0 ? "0x" : numberToHex(chainId),
+    delegateAddress,
+    nonce === 0n ? "0x" : numberToHex(nonce)
+  ]);
+  return keccak256$1(concatHex(["0x05", encoded]));
+}
+async function verifyAuthorization(eoa, chainId, nonce, signature, delegateAddress) {
+  const hash = buildAuthorizationHash(chainId, nonce, delegateAddress);
+  const recovered = await recoverAddress(hash, signature);
+  return recovered.toLowerCase() === eoa.toLowerCase();
+}
+
+// ../airaccount/src/server/services/module-manager.ts
 function buildInstallModuleHash(chainId, account, moduleTypeId, module, moduleInitData = "0x") {
-  const moduleInitDataHash = ethers.keccak256(moduleInitData);
-  const raw = ethers.keccak256(
-    ethers.solidityPacked(
+  const moduleInitDataHash = keccak256(moduleInitData);
+  const raw = keccak256(
+    solidityPacked(
       ["string", "uint256", "address", "uint256", "address", "bytes32"],
-      ["INSTALL_MODULE", chainId, account, moduleTypeId, module, moduleInitDataHash]
+      ["INSTALL_MODULE", BigInt(chainId), account, BigInt(moduleTypeId), module, moduleInitDataHash]
     )
   );
-  return ethers.hashMessage(ethers.getBytes(raw));
+  return hashMessage(hexToBytes(raw));
 }
 function buildUninstallModuleHash(chainId, account, moduleTypeId, module) {
-  const raw = ethers.keccak256(
-    ethers.solidityPacked(
+  const raw = keccak256(
+    solidityPacked(
       ["string", "uint256", "address", "uint256", "address"],
-      ["UNINSTALL_MODULE", chainId, account, moduleTypeId, module]
+      ["UNINSTALL_MODULE", BigInt(chainId), account, BigInt(moduleTypeId), module]
     )
   );
-  return ethers.hashMessage(ethers.getBytes(raw));
+  return hashMessage(hexToBytes(raw));
 }
 var ModuleManager = class {
   provider;
@@ -2239,13 +2127,12 @@ var ModuleManager = class {
   encodeInstall(params) {
     const sigs = params.guardianSigs ?? [];
     const initData = params.moduleInitData ?? "0x";
-    const packed = sigs.length > 0 ? ethers.concat([...sigs.map((s) => ethers.getBytes(s)), ethers.getBytes(initData)]) : ethers.getBytes(initData);
-    const iface = new ethers.Interface(AIRACCOUNT_ABI);
-    return iface.encodeFunctionData("installModule", [
-      params.moduleTypeId,
-      params.module,
-      packed
-    ]);
+    const packed = sigs.length > 0 ? concat([...sigs, initData]) : initData;
+    return encodeFunctionData({
+      abi: parseAbi(AIRACCOUNT_ABI),
+      functionName: "installModule",
+      args: [BigInt(params.moduleTypeId), params.module, packed]
+    });
   }
   /**
    * Encode calldata for uninstallModule().
@@ -2253,22 +2140,25 @@ var ModuleManager = class {
    */
   encodeUninstall(params) {
     const deInitData = params.moduleDeInitData ?? "0x";
-    const packed = ethers.concat([
-      ethers.getBytes(params.guardianSig1),
-      ethers.getBytes(params.guardianSig2),
-      ethers.getBytes(deInitData)
-    ]);
-    const iface = new ethers.Interface(AIRACCOUNT_ABI);
-    return iface.encodeFunctionData("uninstallModule", [
-      params.moduleTypeId,
-      params.module,
-      packed
+    const packed = concat([
+      params.guardianSig1,
+      params.guardianSig2,
+      deInitData
     ]);
+    return encodeFunctionData({
+      abi: parseAbi(AIRACCOUNT_ABI),
+      functionName: "uninstallModule",
+      args: [BigInt(params.moduleTypeId), params.module, packed]
+    });
   }
   /** Check if a module is currently installed on the account. */
   async isInstalled(account, moduleTypeId, module) {
-    const contract = new ethers.Contract(account, AIRACCOUNT_ABI, this.provider);
-    return contract.isModuleInstalled(moduleTypeId, module, "0x");
+    return await this.provider.readContract({
+      address: account,
+      abi: parseAbi(AIRACCOUNT_ABI),
+      functionName: "isModuleInstalled",
+      args: [BigInt(moduleTypeId), module, "0x"]
+    });
   }
   /** Return the install hash for a guardian to sign (r5 format, includes moduleInitData hash). */
   installHash(account, moduleTypeId, module, moduleInitData = "0x") {
@@ -2302,10 +2192,12 @@ var ModuleManager = class {
     };
   }
 };
+var SESSION_KEY_VALIDATOR_VIEM_ABI = parseAbi(SESSION_KEY_VALIDATOR_ABI);
+var AGENT_SESSION_KEY_VALIDATOR_VIEM_ABI = parseAbi(AGENT_SESSION_KEY_VALIDATOR_ABI);
 function buildSessionStruct(params) {
   return {
     expiry: params.expiry,
-    contractScope: params.contractScope ?? ethers.ZeroAddress,
+    contractScope: params.contractScope ?? zeroAddress,
     selectorScope: params.selectorScope ?? "0x00000000",
     revoked: false,
     velocityLimit: params.velocityLimit ?? 0,
@@ -2316,36 +2208,34 @@ function buildSessionStruct(params) {
 }
 function decodeSessionInfo(session) {
   const s = session;
-  const expiry = Number(s[0]);
+  const expiry = Number(s.expiry);
   const now = Math.floor(Date.now() / 1e3);
   return {
     expiry,
-    contractScope: s[1],
-    selectorScope: s[2],
-    revoked: s[3],
-    velocityLimit: Number(s[4]),
-    velocityWindow: Number(s[5]),
-    callTargets: [...s[6] ?? []],
-    selectorAllowlist: [...s[7] ?? []],
-    active: expiry > now && !s[3]
+    contractScope: s.contractScope,
+    selectorScope: s.selectorScope,
+    revoked: s.revoked,
+    velocityLimit: Number(s.velocityLimit),
+    velocityWindow: Number(s.velocityWindow),
+    callTargets: [...s.callTargets ?? []],
+    selectorAllowlist: [...s.selectorAllowlist ?? []],
+    active: expiry > now && !s.revoked
   };
 }
 var SessionKeyService = class {
-  provider;
   skValidator;
   askValidator;
   constructor(provider, sessionKeyValidatorAddress, agentSessionKeyValidatorAddress) {
-    this.provider = provider;
-    this.skValidator = new ethers.Contract(
-      sessionKeyValidatorAddress,
-      SESSION_KEY_VALIDATOR_ABI,
-      provider
-    );
-    this.askValidator = new ethers.Contract(
-      agentSessionKeyValidatorAddress,
-      AGENT_SESSION_KEY_VALIDATOR_ABI,
-      provider
-    );
+    this.skValidator = getContract({
+      address: sessionKeyValidatorAddress,
+      abi: SESSION_KEY_VALIDATOR_VIEM_ABI,
+      client: provider
+    });
+    this.askValidator = getContract({
+      address: agentSessionKeyValidatorAddress,
+      abi: AGENT_SESSION_KEY_VALIDATOR_VIEM_ABI,
+      client: provider
+    });
   }
   // ── M6: Basic Session Keys ────────────────────────────────────
   /**
@@ -2353,7 +2243,8 @@ var SessionKeyService = class {
    * Use grantSession() with this sig, or grantSessionDirect() from the account itself.
    */
   async buildGrantHash(params) {
-    return this.skValidator.buildGrantHash(
+    return readBuildGrantHash(
+      this.skValidator,
       params.account,
       params.sessionKey,
       buildSessionStruct(params)
@@ -2361,12 +2252,12 @@ var SessionKeyService = class {
   }
   /** Query an ECDSA session key state (decodes the 8-field Session tuple). */
   async getSession(account, sessionKey) {
-    const session = await this.skValidator.getSession(account, sessionKey);
+    const session = await this.skValidator.read.getSession([account, sessionKey]);
     return decodeSessionInfo(session);
   }
   /** Check if an ECDSA session is currently active. */
   async isSessionActive(account, sessionKey) {
-    return this.skValidator.isSessionActive(account, sessionKey);
+    return this.skValidator.read.isSessionActive([account, sessionKey]);
   }
   /**
    * Encode calldata for session grant.
@@ -2382,26 +2273,27 @@ var SessionKeyService = class {
    *   Do NOT encode this for a UserOp callData; the EntryPoint is not the owner EOA.
    */
   encodeGrantSession(params) {
-    const iface = new ethers.Interface(SESSION_KEY_VALIDATOR_ABI);
     const cfg = buildSessionStruct(params);
     if (params.ownerSig) {
-      return iface.encodeFunctionData("grantSession", [
-        params.account,
-        params.sessionKey,
-        cfg,
-        params.ownerSig
-      ]);
+      return encodeFunctionData({
+        abi: SESSION_KEY_VALIDATOR_VIEM_ABI,
+        functionName: "grantSession",
+        args: [params.account, params.sessionKey, cfg, params.ownerSig]
+      });
     }
-    return iface.encodeFunctionData("grantSessionDirect", [
-      params.account,
-      params.sessionKey,
-      cfg
-    ]);
+    return encodeFunctionData({
+      abi: SESSION_KEY_VALIDATOR_VIEM_ABI,
+      functionName: "grantSessionDirect",
+      args: [params.account, params.sessionKey, cfg]
+    });
   }
   /** Encode calldata for revokeSession(). */
   encodeRevokeSession(account, sessionKey) {
-    const iface = new ethers.Interface(SESSION_KEY_VALIDATOR_ABI);
-    return iface.encodeFunctionData("revokeSession", [account, sessionKey]);
+    return encodeFunctionData({
+      abi: SESSION_KEY_VALIDATOR_VIEM_ABI,
+      functionName: "revokeSession",
+      args: [account, sessionKey]
+    });
   }
   // ── M6: P256 / Passkey Session Keys ───────────────────────────
   /**
@@ -2410,7 +2302,8 @@ var SessionKeyService = class {
    * The owner/KMS signs this hash to authorize a gasless grantP256Session().
    */
   async buildP256GrantHash(params) {
-    return this.skValidator.buildP256GrantHash(
+    return readBuildP256GrantHash(
+      this.skValidator,
       params.account,
       params.keyX,
       params.keyY,
@@ -2422,12 +2315,12 @@ var SessionKeyService = class {
    * @param keyHash The keccak256 hash of (keyX, keyY) used as the on-chain session id.
    */
   async getP256Session(account, keyHash) {
-    const session = await this.skValidator.getP256Session(account, keyHash);
+    const session = await this.skValidator.read.getP256Session([account, keyHash]);
     return decodeSessionInfo(session);
   }
   /** Check if a P256 session is currently active. */
   async isP256SessionActive(account, keyX, keyY) {
-    return this.skValidator.isP256SessionActive(account, keyX, keyY);
+    return this.skValidator.read.isP256SessionActive([account, keyX, keyY]);
   }
   /**
    * Encode calldata for a P256/passkey session grant.
@@ -2443,28 +2336,27 @@ var SessionKeyService = class {
    *   Do NOT encode this for a UserOp callData; the EntryPoint is not the owner EOA.
    */
   encodeGrantP256Session(params) {
-    const iface = new ethers.Interface(SESSION_KEY_VALIDATOR_ABI);
     const cfg = buildSessionStruct(params);
     if (params.ownerSig) {
-      return iface.encodeFunctionData("grantP256Session", [
-        params.account,
-        params.keyX,
-        params.keyY,
-        cfg,
-        params.ownerSig
-      ]);
+      return encodeFunctionData({
+        abi: SESSION_KEY_VALIDATOR_VIEM_ABI,
+        functionName: "grantP256Session",
+        args: [params.account, params.keyX, params.keyY, cfg, params.ownerSig]
+      });
     }
-    return iface.encodeFunctionData("grantP256SessionDirect", [
-      params.account,
-      params.keyX,
-      params.keyY,
-      cfg
-    ]);
+    return encodeFunctionData({
+      abi: SESSION_KEY_VALIDATOR_VIEM_ABI,
+      functionName: "grantP256SessionDirect",
+      args: [params.account, params.keyX, params.keyY, cfg]
+    });
   }
   /** Encode calldata for revokeP256Session(). */
   encodeRevokeP256Session(account, keyX, keyY) {
-    const iface = new ethers.Interface(SESSION_KEY_VALIDATOR_ABI);
-    return iface.encodeFunctionData("revokeP256Session", [account, keyX, keyY]);
+    return encodeFunctionData({
+      abi: SESSION_KEY_VALIDATOR_VIEM_ABI,
+      functionName: "revokeP256Session",
+      args: [account, keyX, keyY]
+    });
   }
   // ── M7: Agent Session Keys ────────────────────────────────────
   /**
@@ -2473,18 +2365,21 @@ var SessionKeyService = class {
    * The contract uses msg.sender as the account — no account param needed.
    */
   encodeGrantAgentSession(sessionKey, cfg) {
-    const iface = new ethers.Interface(AGENT_SESSION_KEY_VALIDATOR_ABI);
-    return iface.encodeFunctionData("grantAgentSession", [
-      sessionKey,
-      {
-        expiry: cfg.expiry,
-        velocityLimit: cfg.velocityLimit,
-        velocityWindow: cfg.velocityWindow,
-        revoked: false,
-        callTargets: cfg.callTargets,
-        selectorAllowlist: cfg.selectorAllowlist
-      }
-    ]);
+    return encodeFunctionData({
+      abi: AGENT_SESSION_KEY_VALIDATOR_VIEM_ABI,
+      functionName: "grantAgentSession",
+      args: [
+        sessionKey,
+        {
+          expiry: cfg.expiry,
+          velocityLimit: cfg.velocityLimit,
+          velocityWindow: cfg.velocityWindow,
+          revoked: false,
+          callTargets: cfg.callTargets,
+          selectorAllowlist: cfg.selectorAllowlist
+        }
+      ]
+    });
   }
   /**
    * Encode calldata for delegateSession() — sub-agent delegation.
@@ -2493,29 +2388,35 @@ var SessionKeyService = class {
    * @param account The smart account under which the parent session was granted.
    */
   encodeDelegateSession(account, subKey, subCfg) {
-    const iface = new ethers.Interface(AGENT_SESSION_KEY_VALIDATOR_ABI);
-    return iface.encodeFunctionData("delegateSession", [
-      account,
-      subKey,
-      {
-        expiry: subCfg.expiry,
-        velocityLimit: subCfg.velocityLimit,
-        velocityWindow: subCfg.velocityWindow,
-        revoked: false,
-        callTargets: subCfg.callTargets,
-        selectorAllowlist: subCfg.selectorAllowlist
-      }
-    ]);
+    return encodeFunctionData({
+      abi: AGENT_SESSION_KEY_VALIDATOR_VIEM_ABI,
+      functionName: "delegateSession",
+      args: [
+        account,
+        subKey,
+        {
+          expiry: subCfg.expiry,
+          velocityLimit: subCfg.velocityLimit,
+          velocityWindow: subCfg.velocityWindow,
+          revoked: false,
+          callTargets: subCfg.callTargets,
+          selectorAllowlist: subCfg.selectorAllowlist
+        }
+      ]
+    });
   }
   /** Encode calldata for revokeAgentSession(). */
   encodeRevokeAgentSession(sessionKey) {
-    const iface = new ethers.Interface(AGENT_SESSION_KEY_VALIDATOR_ABI);
-    return iface.encodeFunctionData("revokeAgentSession", [sessionKey]);
+    return encodeFunctionData({
+      abi: AGENT_SESSION_KEY_VALIDATOR_VIEM_ABI,
+      functionName: "revokeAgentSession",
+      args: [sessionKey]
+    });
   }
   /** Query agent session config + runtime state. */
   async getAgentSession(account, sessionKey) {
-    const [expiry, velocityLimit, velocityWindow, revoked, callTargets, selectorAllowlist] = await this.askValidator.agentSessions(account, sessionKey);
-    const [callCount, windowStart] = await this.askValidator.sessionStates(account, sessionKey);
+    const [expiry, velocityLimit, velocityWindow, revoked, callTargets, selectorAllowlist] = await this.askValidator.read.agentSessions([account, sessionKey]);
+    const [callCount, windowStart] = await this.askValidator.read.sessionStates([account, sessionKey]);
     return {
       expiry: Number(expiry),
       velocityLimit: Number(velocityLimit),
@@ -2534,11 +2435,11 @@ var SessionKeyService = class {
   }
   /** Return the parent account of a delegated session key. */
   async getSessionKeyOwner(sessionKey) {
-    return this.askValidator.sessionKeyOwner(sessionKey);
+    return this.askValidator.read.sessionKeyOwner([sessionKey]);
   }
   /** Return the parent key that delegated to subKey, or ZeroAddress if not delegated. */
   async getDelegatedBy(account, subKey) {
-    return this.askValidator.delegatedBy(account, subKey);
+    return this.askValidator.read.delegatedBy([account, subKey]);
   }
 };
 function packSecp256k1SessionSignature(account, sessionKey, signature) {
@@ -2575,28 +2476,46 @@ var GuardStateReader = class {
   constructor(provider) {
     this.provider = provider;
   }
+  accountContract(accountAddress) {
+    return getContract({
+      address: accountAddress,
+      abi: parseAbi(AIRACCOUNT_ABI),
+      client: this.provider
+    });
+  }
+  guardContract(guardAddress) {
+    return getContract({
+      address: guardAddress,
+      abi: parseAbi(EXTENDED_GUARD_ABI),
+      client: this.provider
+    });
+  }
   /**
    * Read the full ETH guard state for an account.
    * Returns null if the account has no guard (dailyLimit=0).
    */
   async getGuardState(accountAddress) {
-    const account = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, this.provider);
-    const guardAddress = await account.guard();
-    if (guardAddress === ethers.ZeroAddress) return null;
-    const guard = new ethers.Contract(guardAddress, EXTENDED_GUARD_ABI, this.provider);
+    const account = this.accountContract(accountAddress).read;
+    const guardAddress = await account.guard([]);
+    if (guardAddress === zeroAddress) return null;
+    const guard = this.guardContract(guardAddress).read;
     const [dailyLimit, remaining, todaySpent, tier1Limit, tier2Limit, minDailyLimit] = await Promise.all([
-      guard.dailyLimit(),
-      guard.remainingDailyAllowance(),
-      guard.todaySpent(),
-      guard.tier1Limit().catch(() => 0n),
-      guard.tier2Limit().catch(() => 0n),
-      guard.minDailyLimit().catch(() => 0n)
+      guard.dailyLimit([]),
+      guard.remainingDailyAllowance([]),
+      guard.todaySpent([]),
+      guard.tier1Limit([]).catch(() => 0n),
+      guard.tier2Limit([]).catch(() => 0n),
+      guard.minDailyLimit([]).catch(() => 0n)
     ]);
     return {
       dailyLimit: BigInt(dailyLimit),
       todaySpent: BigInt(todaySpent),
       remaining: BigInt(remaining),
-      currentTier: resolveTierFromSpend(BigInt(todaySpent), BigInt(tier1Limit), BigInt(tier2Limit)),
+      currentTier: resolveTierFromSpend(
+        BigInt(todaySpent),
+        BigInt(tier1Limit),
+        BigInt(tier2Limit)
+      ),
       tier1Limit: BigInt(tier1Limit),
       tier2Limit: BigInt(tier2Limit),
       minDailyLimit: BigInt(minDailyLimit),
@@ -2608,12 +2527,12 @@ var GuardStateReader = class {
    * Returns null if the token is not configured on the guard.
    */
   async getTokenGuardState(accountAddress, token) {
-    const account = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, this.provider);
-    const guardAddress = await account.guard();
-    if (guardAddress === ethers.ZeroAddress) return null;
-    const guard = new ethers.Contract(guardAddress, EXTENDED_GUARD_ABI, this.provider);
+    const account = this.accountContract(accountAddress).read;
+    const guardAddress = await account.guard([]);
+    if (guardAddress === zeroAddress) return null;
+    const guard = this.guardContract(guardAddress).read;
     try {
-      const todaySpent = await guard.tokenTodaySpent(token);
+      const todaySpent = await guard.tokenTodaySpent([token]);
       return {
         token,
         todaySpent: BigInt(todaySpent),
@@ -2642,8 +2561,8 @@ var GuardStateReader = class {
    * Check if a given algorithm ID is approved on the guard.
    */
   async isAlgorithmApproved(accountAddress, algId) {
-    const account = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, this.provider);
-    return account.approvedAlgorithms(algId);
+    const account = this.accountContract(accountAddress).read;
+    return await account.approvedAlgorithms([BigInt(algId)]);
   }
 };
 function resolveTierFromSpend(spent, tier1Limit, tier2Limit) {
@@ -2652,52 +2571,36 @@ function resolveTierFromSpend(spent, tier1Limit, tier2Limit) {
   if (tier2Limit === 0n || spent < tier2Limit) return 2;
   return 3;
 }
+var FACTORY_ABI = parseAbi(AIRACCOUNT_FACTORY_ABI);
 function computeOapdSalt(owner, dappId) {
-  const packed = ethers.solidityPacked(["address", "string"], [owner, dappId]);
-  return BigInt(ethers.keccak256(packed));
+  const packed = solidityPacked(["address", "string"], [owner, dappId]);
+  return BigInt(keccak256(packed));
 }
 async function getOapdAddress(provider, config) {
   const factoryAddress = config.factoryAddress ?? AIRACCOUNT_ADDRESSES.sepolia.factory;
-  const factory = new ethers.Contract(factoryAddress, AIRACCOUNT_FACTORY_ABI, provider);
   const salt = computeOapdSalt(config.owner, config.dappId);
-  return factory.getFunction("getAddress")(config.owner, salt, config.initConfig);
+  return provider.readContract({
+    address: factoryAddress,
+    abi: FACTORY_ABI,
+    functionName: "getAddress",
+    args: [config.owner, salt, config.initConfig]
+  });
 }
 async function getOapdAddressWithChainId(provider, config) {
   const factoryAddress = config.factoryAddress ?? AIRACCOUNT_ADDRESSES.sepolia.factory;
-  const factory = new ethers.Contract(factoryAddress, AIRACCOUNT_FACTORY_ABI, provider);
   const salt = computeOapdSalt(config.owner, config.dappId);
-  const result = await factory.getFunction("getAddressWithChainId")(
-    config.owner,
-    salt,
-    config.initConfig
-  );
+  const result = await provider.readContract({
+    address: factoryAddress,
+    abi: FACTORY_ABI,
+    functionName: "getAddressWithChainId",
+    args: [config.owner, salt, config.initConfig]
+  });
   return { address: result[0], chainQualified: result[1] };
 }
 async function isOapdDeployed(provider, config) {
   const address = await getOapdAddress(provider, config);
-  const code = await provider.getCode(address);
-  return code !== "0x";
-}
-var ALG_BLS = 1;
-var ALG_ECDSA = 2;
-var ALG_P256 = 3;
-var ALG_CUMULATIVE_T2 = 4;
-var ALG_CUMULATIVE_T3 = 5;
-function resolveTier(value, config) {
-  if (config.tier1Limit === 0n && config.tier2Limit === 0n) return 1;
-  if (config.tier1Limit > 0n && value <= config.tier1Limit) return 1;
-  if (config.tier2Limit > 0n && value <= config.tier2Limit) return 2;
-  return 3;
-}
-function algIdForTier(tier) {
-  switch (tier) {
-    case 1:
-      return ALG_ECDSA;
-    case 2:
-      return ALG_CUMULATIVE_T2;
-    case 3:
-      return ALG_CUMULATIVE_T3;
-  }
+  const code = await provider.getCode({ address });
+  return code !== void 0 && code !== "0x";
 }
 var ALG_NAMES = {
   [ALG_BLS]: "BLS (0x01)",
@@ -2716,43 +2619,34 @@ var GuardChecker = class {
    * Fetch tier limits from an AirAccount contract.
    */
   async fetchTierConfig(accountAddress) {
-    const provider = this.ethereum.getProvider();
-    const account = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, provider);
-    const [tier1Limit, tier2Limit] = await Promise.all([
-      account.tier1Limit(),
-      account.tier2Limit()
-    ]);
-    return {
-      tier1Limit: BigInt(tier1Limit),
-      tier2Limit: BigInt(tier2Limit)
-    };
+    const account = this.ethereum.getAccountContract(accountAddress);
+    return readAccountTierLimits(account);
   }
   /**
    * Fetch guard status from the account's GlobalGuard.
    */
   async fetchGuardStatus(accountAddress) {
-    const provider = this.ethereum.getProvider();
-    const account = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, provider);
-    const config = await account.getConfigDescription();
-    const guardAddress = config.guardAddress;
-    if (guardAddress === ethers.ZeroAddress) {
+    const account = this.ethereum.getAccountContract(accountAddress);
+    const guardAddress = await readAccountGuardAddress(account);
+    if (guardAddress === zeroAddress) {
       return {
         hasGuard: false,
-        guardAddress: ethers.ZeroAddress,
+        guardAddress: zeroAddress,
         dailyLimit: 0n,
         dailyRemaining: 0n
       };
     }
-    const guard = new ethers.Contract(guardAddress, GLOBAL_GUARD_ABI, provider);
-    const [dailyLimit, dailyRemaining] = await Promise.all([
-      guard.dailyLimit(),
-      guard.remainingDailyAllowance()
-    ]);
+    const guard = getContract({
+      address: guardAddress,
+      abi: parseAbi(GLOBAL_GUARD_ABI),
+      client: this.ethereum.getProvider()
+    });
+    const { dailyLimit, dailyRemaining } = await readGuardDailyAllowance(guard);
     return {
       hasGuard: true,
       guardAddress,
-      dailyLimit: BigInt(dailyLimit),
-      dailyRemaining: BigInt(dailyRemaining)
+      dailyLimit,
+      dailyRemaining
     };
   }
   /**
@@ -2773,9 +2667,8 @@ var GuardChecker = class {
         `Daily limit exceeded: requesting ${value} wei but only ${guard.dailyRemaining} remaining (limit: ${guard.dailyLimit})`
       );
     }
-    const provider = this.ethereum.getProvider();
-    const accountContract = new ethers.Contract(accountAddress, AIRACCOUNT_ABI, provider);
-    const isApproved = await accountContract.approvedAlgorithms(algId);
+    const accountContract = this.ethereum.getAccountContract(accountAddress);
+    const isApproved = await readAlgorithmApproved(accountContract, algId);
     if (!isApproved) {
       errors.push(
         `Algorithm ${ALG_NAMES[algId] ?? `0x${algId.toString(16)}`} is not approved by the account`
@@ -2816,24 +2709,29 @@ var FORCE_EXIT_ABI = [
   "error SignerNoLongerGuardian()",
   "error UnsupportedL2Type()"
 ];
+var FORCE_EXIT_PARSED_ABI = parseAbi(FORCE_EXIT_ABI);
 var L2_TYPE = {
   OPTIMISM: 1,
   ARBITRUM: 2
 };
 var ForceExitService = class {
-  constructor(moduleAddress, providerOrSigner) {
+  constructor(moduleAddress, client) {
     this.moduleAddress = moduleAddress;
-    this.contract = new ethers.Contract(moduleAddress, FORCE_EXIT_ABI, providerOrSigner);
-    this.iface = new ethers.Interface(FORCE_EXIT_ABI);
+    this.contract = getContract({
+      address: moduleAddress,
+      abi: FORCE_EXIT_PARSED_ABI,
+      // viem inspects the client's actions at runtime to expose read/write; the
+      // cast only satisfies the static union — a wallet client still yields writes.
+      client
+    });
   }
   contract;
-  iface;
   // ── On-chain reads ──────────────────────────────────────────────
   async isInitialized(smartAccount) {
-    return this.contract.isInitialized(smartAccount);
+    return await this.contract.read.isInitialized([smartAccount]);
   }
   async getPendingExit(account) {
-    const [target, value, data, proposedAt, approvalBitmap, guardians] = await this.contract.getPendingExit(account);
+    const [target, value, data, proposedAt, approvalBitmap, guardians] = await this.contract.read.getPendingExit([account]);
     return {
       target,
       value: BigInt(value),
@@ -2844,13 +2742,13 @@ var ForceExitService = class {
     };
   }
   async getAccountL2Type(account) {
-    return Number(await this.contract.accountL2Type(account));
+    return Number(await this.contract.read.accountL2Type([account]));
   }
   async getApprovalThreshold() {
-    return Number(await this.contract.APPROVAL_THRESHOLD());
+    return Number(await this.contract.read.APPROVAL_THRESHOLD([]));
   }
   async getModuleVersion() {
-    return this.contract.MODULE_VERSION();
+    return await this.contract.read.MODULE_VERSION([]);
   }
   // ── Calldata encoders (for UserOp or direct tx submission) ─────
   /**
@@ -2863,47 +2761,77 @@ var ForceExitService = class {
    * // account.installModule(2, forceExitModuleAddress, calldata)
    */
   encodeOnInstall(l2Type) {
-    return this.iface.encodeFunctionData("onInstall", [
-      ethers.AbiCoder.defaultAbiCoder().encode(["uint8"], [l2Type])
-    ]);
+    return encodeFunctionData({
+      abi: FORCE_EXIT_PARSED_ABI,
+      functionName: "onInstall",
+      args: [encodeAbiParams(["uint8"], [l2Type])]
+    });
   }
   encodeOnUninstall() {
-    return this.iface.encodeFunctionData("onUninstall", ["0x"]);
+    return encodeFunctionData({
+      abi: FORCE_EXIT_PARSED_ABI,
+      functionName: "onUninstall",
+      args: ["0x"]
+    });
   }
   /**
    * Encode calldata for proposeForceExit — the exit payload to bridge out of L2.
    * `target` is the L2→L1 bridge contract; `data` is the bridge call payload.
    */
   encodeProposeForceExit(target, value, data) {
-    return this.iface.encodeFunctionData("proposeForceExit", [target, value, data]);
+    return encodeFunctionData({
+      abi: FORCE_EXIT_PARSED_ABI,
+      functionName: "proposeForceExit",
+      args: [target, value, data]
+    });
   }
   /**
    * Encode calldata for approveForceExit — guardian signs off on the pending proposal.
    * `guardianSig` must be an EIP-191 personal_sign over the proposal hash.
    */
   encodeApproveForceExit(account, guardianSig) {
-    return this.iface.encodeFunctionData("approveForceExit", [account, guardianSig]);
+    return encodeFunctionData({
+      abi: FORCE_EXIT_PARSED_ABI,
+      functionName: "approveForceExit",
+      args: [account, guardianSig]
+    });
   }
   encodeExecuteForceExit(account) {
-    return this.iface.encodeFunctionData("executeForceExit", [account]);
+    return encodeFunctionData({
+      abi: FORCE_EXIT_PARSED_ABI,
+      functionName: "executeForceExit",
+      args: [account]
+    });
   }
   encodeCancelForceExit(account) {
-    return this.iface.encodeFunctionData("cancelForceExit", [account]);
+    return encodeFunctionData({
+      abi: FORCE_EXIT_PARSED_ABI,
+      functionName: "cancelForceExit",
+      args: [account]
+    });
   }
-  // ── Convenience: send transactions (requires Signer) ──────────
+  // ── Convenience: send transactions (requires a WalletClient) ──────────
   async proposeForceExit(target, value, data) {
-    return this.contract.proposeForceExit(target, value, data);
+    return await this.contract.write.proposeForceExit([
+      target,
+      value,
+      data
+    ]);
   }
   async approveForceExit(account, guardianSig) {
-    return this.contract.approveForceExit(account, guardianSig);
+    return await this.contract.write.approveForceExit([
+      account,
+      guardianSig
+    ]);
   }
   async executeForceExit(account) {
-    return this.contract.executeForceExit(account);
+    return await this.contract.write.executeForceExit([account]);
   }
   async cancelForceExit(account) {
-    return this.contract.cancelForceExit(account);
+    return await this.contract.write.cancelForceExit([account]);
   }
 };
+var AIRACCOUNT_ABI_PARSED2 = parseAbi(AIRACCOUNT_ABI);
 var RECOVERY_THRESHOLD = 2;
 var MAX_GUARDIANS = 3;
 var RECOVERY_TIMELOCK_SECONDS = 2n * 24n * 60n * 60n;
@@ -2917,11 +2845,14 @@ function popcount(value) {
   return count;
 }
 var RecoveryService = class {
-  constructor(providerOrSigner) {
-    this.providerOrSigner = providerOrSigner;
-    this.iface = new ethers.Interface(AIRACCOUNT_ABI);
+  /**
+   * @param client viem read client (was `ethers.Provider | ethers.Signer`). Only
+   *   on-chain reads are performed here; calldata encoders are pure and never
+   *   touch the client.
+   */
+  constructor(client) {
+    this.client = client;
   }
-  iface;
   // ── Calldata encoders (submit TO the account address) ─────────────
   /**
    * Encode `addGuardian(guardian)` calldata. **Owner only.**
@@ -2929,7 +2860,11 @@ var RecoveryService = class {
    * guardian is `address(0)`, the owner, or already registered.
    */
   encodeAddGuardian(guardian) {
-    return this.iface.encodeFunctionData("addGuardian", [guardian]);
+    return encodeFunctionData({
+      abi: AIRACCOUNT_ABI_PARSED2,
+      functionName: "addGuardian",
+      args: [guardian]
+    });
   }
   /**
    * Encode `removeGuardian(index, guardianSigs)` calldata. **Owner only**, and
@@ -2940,7 +2875,11 @@ var RecoveryService = class {
    * @param guardianSigs EIP-191 guardian signatures over the removal hash.
    */
   encodeRemoveGuardian(index, guardianSigs) {
-    return this.iface.encodeFunctionData("removeGuardian", [index, guardianSigs]);
+    return encodeFunctionData({
+      abi: AIRACCOUNT_ABI_PARSED2,
+      functionName: "removeGuardian",
+      args: [index, guardianSigs]
+    });
   }
   /**
    * Encode `proposeRecovery(newOwner)` calldata. **Any guardian** may call.
@@ -2948,14 +2887,22 @@ var RecoveryService = class {
    * proposer's approval (1 of {@link RECOVERY_THRESHOLD}).
    */
   encodeProposeRecovery(newOwner) {
-    return this.iface.encodeFunctionData("proposeRecovery", [newOwner]);
+    return encodeFunctionData({
+      abi: AIRACCOUNT_ABI_PARSED2,
+      functionName: "proposeRecovery",
+      args: [newOwner]
+    });
   }
   /**
    * Encode `approveRecovery()` calldata. **Another guardian** approves the
    * active proposal, setting its bit in `approvalBitmap`.
    */
   encodeApproveRecovery() {
-    return this.iface.encodeFunctionData("approveRecovery", []);
+    return encodeFunctionData({
+      abi: AIRACCOUNT_ABI_PARSED2,
+      functionName: "approveRecovery",
+      args: []
+    });
   }
   /**
    * Encode `cancelRecovery()` calldata. **Guardians only** — each call is one
@@ -2963,7 +2910,11 @@ var RecoveryService = class {
    * reached. The owner cannot cancel.
    */
   encodeCancelRecovery() {
-    return this.iface.encodeFunctionData("cancelRecovery", []);
+    return encodeFunctionData({
+      abi: AIRACCOUNT_ABI_PARSED2,
+      functionName: "cancelRecovery",
+      args: []
+    });
   }
   /**
    * Encode `executeRecovery()` calldata. **Anyone** may call, but it only
@@ -2971,7 +2922,11 @@ var RecoveryService = class {
    * Rotates the account owner to the proposed `newOwner`.
    */
   encodeExecuteRecovery() {
-    return this.iface.encodeFunctionData("executeRecovery", []);
+    return encodeFunctionData({
+      abi: AIRACCOUNT_ABI_PARSED2,
+      functionName: "executeRecovery",
+      args: []
+    });
   }
   // ── On-chain reads (against the account address) ──────────────────
   /**
@@ -2982,8 +2937,11 @@ var RecoveryService = class {
    * @param account The AirAccount address to query.
    */
   async getActiveRecovery(account) {
-    const contract = new ethers.Contract(account, AIRACCOUNT_ABI, this.providerOrSigner);
-    const [newOwner, proposedAt, approvalBitmap, cancellationBitmap] = await contract.activeRecovery();
+    const [newOwner, proposedAt, approvalBitmap, cancellationBitmap] = await this.client.readContract({
+      address: account,
+      abi: AIRACCOUNT_ABI_PARSED2,
+      functionName: "activeRecovery"
+    });
     const proposedAtBn = BigInt(proposedAt);
     const approvalBitmapBn = BigInt(approvalBitmap);
     const cancellationBitmapBn = BigInt(cancellationBitmap);
@@ -2995,7 +2953,7 @@ var RecoveryService = class {
       approvalCount: popcount(approvalBitmapBn),
       cancellationCount: popcount(cancellationBitmapBn),
       executeAfter: proposedAtBn + RECOVERY_TIMELOCK_SECONDS,
-      isActive: newOwner !== ethers.ZeroAddress
+      isActive: newOwner.toLowerCase() !== zeroAddress
     };
   }
   /**
@@ -3004,8 +2962,12 @@ var RecoveryService = class {
    * @param account The AirAccount address to query.
    */
   async getGuardianCount(account) {
-    const contract = new ethers.Contract(account, AIRACCOUNT_ABI, this.providerOrSigner);
-    return Number(await contract.guardianCount());
+    const count = await this.client.readContract({
+      address: account,
+      abi: AIRACCOUNT_ABI_PARSED2,
+      functionName: "guardianCount"
+    });
+    return Number(count);
   }
   /**
    * Read the full guardian address list.
@@ -3018,12 +2980,22 @@ var RecoveryService = class {
    * @param account The AirAccount address to query.
    */
   async getGuardians(account) {
-    const contract = new ethers.Contract(account, AIRACCOUNT_ABI, this.providerOrSigner);
-    const count = Number(await contract.guardianCount());
+    const count = Number(
+      await this.client.readContract({
+        address: account,
+        abi: AIRACCOUNT_ABI_PARSED2,
+        functionName: "guardianCount"
+      })
+    );
     const guardians = [];
     for (let i = 0; i < count; i++) {
-      const g = await contract.guardians(i);
-      if (g !== ethers.ZeroAddress) guardians.push(g);
+      const g = await this.client.readContract({
+        address: account,
+        abi: AIRACCOUNT_ABI_PARSED2,
+        functionName: "guardians",
+        args: [BigInt(i)]
+      });
+      if (g.toLowerCase() !== zeroAddress) guardians.push(g);
     }
     return guardians;
   }
@@ -3051,17 +3023,15 @@ var DELEGATE_ABI = [
 ];
 var AIR_ACCOUNT_DELEGATE_ADDRESS = "0x8603AAF6C3f07fdae810B323c95a198D796EC52E";
 var EIP7702DelegateService = class {
-  constructor(delegateAddress = AIR_ACCOUNT_DELEGATE_ADDRESS, providerOrSigner) {
+  constructor(delegateAddress = AIR_ACCOUNT_DELEGATE_ADDRESS, client) {
     this.delegateAddress = delegateAddress;
-    this.iface = new ethers.Interface(DELEGATE_ABI);
-    if (providerOrSigner) {
-      this.contract = new ethers.Contract(delegateAddress, DELEGATE_ABI, providerOrSigner);
-    } else {
-      this.contract = new ethers.Contract(delegateAddress, DELEGATE_ABI);
-    }
+    this.abi = parseAbi(DELEGATE_ABI);
+    this.client = client;
   }
-  iface;
-  contract;
+  /** Parsed ABI (loose viem `Abi` shape) used for encoding calldata and on-chain reads. */
+  abi;
+  /** Optional viem read client (was `ethers.Provider | ethers.Signer`). Required only for on-chain reads. */
+  client;
   // ── Calldata encoders ─────────────────────────────────────────
   /**
    * Encode initialize() calldata for the first post-delegation UserOp.
@@ -3069,19 +3039,31 @@ var EIP7702DelegateService = class {
    * Guardian acceptance sigs follow the same EIP-712 scheme as AirAccountV7 createAccount.
    */
   encodeInitialize(params) {
-    return this.iface.encodeFunctionData("initialize", [
-      params.guardian1,
-      params.guardian1Sig,
-      params.guardian2,
-      params.guardian2Sig,
-      params.dailyLimit
-    ]);
+    return encodeFunctionData({
+      abi: this.abi,
+      functionName: "initialize",
+      args: [
+        params.guardian1,
+        params.guardian1Sig,
+        params.guardian2,
+        params.guardian2Sig,
+        params.dailyLimit
+      ]
+    });
   }
   encodeExecute(dest, value, data) {
-    return this.iface.encodeFunctionData("execute", [dest, value, data]);
+    return encodeFunctionData({
+      abi: this.abi,
+      functionName: "execute",
+      args: [dest, value, data]
+    });
   }
   encodeExecuteBatch(dests, values, datas) {
-    return this.iface.encodeFunctionData("executeBatch", [dests, values, datas]);
+    return encodeFunctionData({
+      abi: this.abi,
+      functionName: "executeBatch",
+      args: [dests, values, datas]
+    });
   }
   // ── EIP-7702 authorization hash construction ──────────────────
   /**
@@ -3091,19 +3073,14 @@ var EIP7702DelegateService = class {
    *
    * This is the hash the private key signs to delegate code execution to
    * AirAccountDelegate. Use this hash with your KMS sign-hash endpoint or
-   * local ethers Signer.
+   * local viem account.
    *
    * @param chainId - Target chain ID (11155111 for Sepolia)
    * @param nonce - EOA's current transaction nonce
    * @returns 32-byte hash (0x-prefixed) ready for signing
    */
   buildAuthorizationHash(chainId, nonce) {
-    const encoded = ethers.encodeRlp([
-      chainId === 0 ? "0x" : ethers.toBeHex(chainId),
-      this.delegateAddress,
-      nonce === 0n ? "0x" : ethers.toBeHex(nonce)
-    ]);
-    return ethers.keccak256(ethers.concat(["0x05", encoded]));
+    return buildAuthorizationHash(chainId, nonce, this.delegateAddress);
   }
   /**
    * Build the full EIP-7702 authorization object for relay submission.
@@ -3124,30 +3101,42 @@ var EIP7702DelegateService = class {
   /**
    * Verify that a signature is a valid EIP-7702 authorization for the given EOA address.
    * Recovers the signer from the authorization hash and checks it matches `eoa`.
+   *
+   * NOTE: now async — viem's `recoverAddress` is asynchronous (ethers' was sync).
    */
   verifyAuthorization(eoa, chainId, nonce, signature) {
-    const hash = this.buildAuthorizationHash(chainId, nonce);
-    const recovered = ethers.recoverAddress(hash, signature);
-    return recovered.toLowerCase() === eoa.toLowerCase();
+    return verifyAuthorization(
+      eoa,
+      chainId,
+      nonce,
+      signature,
+      this.delegateAddress
+    );
   }
   // ── On-chain reads (requires provider) ───────────────────────
   async isInitialized(eoa) {
-    const provider = this.contract.runner;
-    if (!provider) throw new Error("EIP7702DelegateService: provider required for on-chain reads");
-    const c = new ethers.Contract(eoa, DELEGATE_ABI, provider);
-    return c.isInitialized();
+    if (!this.client) throw new Error("EIP7702DelegateService: provider required for on-chain reads");
+    return await this.client.readContract({
+      address: eoa,
+      abi: this.abi,
+      functionName: "isInitialized"
+    });
   }
   async getOwner(eoa) {
-    const provider = this.contract.runner;
-    if (!provider) throw new Error("EIP7702DelegateService: provider required for on-chain reads");
-    const c = new ethers.Contract(eoa, DELEGATE_ABI, provider);
-    return c.owner();
+    if (!this.client) throw new Error("EIP7702DelegateService: provider required for on-chain reads");
+    return await this.client.readContract({
+      address: eoa,
+      abi: this.abi,
+      functionName: "owner"
+    });
   }
   async getGuardians(eoa) {
-    const provider = this.contract.runner;
-    if (!provider) throw new Error("EIP7702DelegateService: provider required for on-chain reads");
-    const c = new ethers.Contract(eoa, DELEGATE_ABI, provider);
-    return c.getGuardians();
+    if (!this.client) throw new Error("EIP7702DelegateService: provider required for on-chain reads");
+    return await this.client.readContract({
+      address: eoa,
+      abi: this.abi,
+      functionName: "getGuardians"
+    });
   }
 };
 var WEIGHTED_SIGNATURE_ABI = [
@@ -3170,6 +3159,7 @@ var WEIGHTED_SIGNATURE_ABI = [
   "error WeightChangeNotApproved()",
   "error WeightChangeTimelockNotExpired()"
 ];
+var WEIGHTED_SIGNATURE_ABI_PARSED = parseAbi(WEIGHTED_SIGNATURE_ABI);
 var WEIGHT_CHANGE_TIMELOCK_SECONDS = 2 * 24 * 60 * 60;
 var WEIGHT_CHANGE_THRESHOLD = 2;
 var WEIGHT_CHANGE_EXPIRY_SECONDS = 30 * 24 * 60 * 60;
@@ -3205,17 +3195,20 @@ function fromConfigResult(result) {
   };
 }
 var WeightedSignatureService = class {
-  constructor(accountAddress, providerOrSigner) {
+  constructor(accountAddress, client) {
     this.accountAddress = accountAddress;
-    this.contract = new ethers.Contract(accountAddress, WEIGHTED_SIGNATURE_ABI, providerOrSigner);
-    this.iface = new ethers.Interface(WEIGHTED_SIGNATURE_ABI);
+    this.client = client;
+    this.address = accountAddress;
   }
-  contract;
-  iface;
+  address;
   // ── On-chain reads ──────────────────────────────────────────────
   /** Read the account's current active WeightConfig. */
   async getWeightConfig() {
-    const result = await this.contract.weightConfig();
+    const result = await this.client.readContract({
+      address: this.address,
+      abi: WEIGHTED_SIGNATURE_ABI_PARSED,
+      functionName: "weightConfig"
+    });
     return fromConfigResult(result);
   }
   /**
@@ -3223,7 +3216,11 @@ var WeightedSignatureService = class {
    * active proposal (the returned `proposed` config will be all zeros).
    */
   async getPendingWeightChange() {
-    const [proposed, proposedAt, approvalBitmap] = await this.contract.pendingWeightChange();
+    const [proposed, proposedAt, approvalBitmap] = await this.client.readContract({
+      address: this.address,
+      abi: WEIGHTED_SIGNATURE_ABI_PARSED,
+      functionName: "pendingWeightChange"
+    });
     return {
       proposed: fromConfigResult(proposed),
       proposedAt: BigInt(proposedAt),
@@ -3236,29 +3233,46 @@ var WeightedSignatureService = class {
    * Weakening an existing config must go through encodeProposeWeightChange instead.
    */
   encodeSetWeightConfig(config) {
-    return this.iface.encodeFunctionData("setWeightConfig", [toConfigTuple(config)]);
+    return encodeFunctionData({
+      abi: WEIGHTED_SIGNATURE_ABI_PARSED,
+      functionName: "setWeightConfig",
+      args: [toConfigTuple(config)]
+    });
   }
   /**
    * Encode proposeWeightChange calldata. OWNER only; opens a guardian-governed proposal
    * (required for any weakening). Subject to 2-of-3 approval + 2-day timelock before execute.
    */
   encodeProposeWeightChange(config) {
-    return this.iface.encodeFunctionData("proposeWeightChange", [toConfigTuple(config)]);
+    return encodeFunctionData({
+      abi: WEIGHTED_SIGNATURE_ABI_PARSED,
+      functionName: "proposeWeightChange",
+      args: [toConfigTuple(config)]
+    });
   }
   /** Encode approveWeightChange calldata. GUARDIAN only; each guardian may approve once. */
   encodeApproveWeightChange() {
-    return this.iface.encodeFunctionData("approveWeightChange", []);
+    return encodeFunctionData({
+      abi: WEIGHTED_SIGNATURE_ABI_PARSED,
+      functionName: "approveWeightChange"
+    });
   }
   /** Encode cancelWeightChange calldata. OWNER or any GUARDIAN may cancel a pending proposal. */
   encodeCancelWeightChange() {
-    return this.iface.encodeFunctionData("cancelWeightChange", []);
+    return encodeFunctionData({
+      abi: WEIGHTED_SIGNATURE_ABI_PARSED,
+      functionName: "cancelWeightChange"
+    });
   }
   /**
    * Encode executeWeightChange calldata. Callable by anyone, but only succeeds once the
    * threshold (2-of-3) and timelock (2 days) are both satisfied and the proposal has not expired.
    */
   encodeExecuteWeightChange() {
-    return this.iface.encodeFunctionData("executeWeightChange", []);
+    return encodeFunctionData({
+      abi: WEIGHTED_SIGNATURE_ABI_PARSED,
+      functionName: "executeWeightChange"
+    });
   }
 };
 var AGENT_REGISTRY_ABI = [
@@ -3285,43 +3299,42 @@ var AGENT_REGISTRY_ABI = [
   "error NotAgentOwner()",
   "error SelfRegistrationForbidden()"
 ];
+var REGISTRY_ABI = parseAbi(AGENT_REGISTRY_ABI);
+var FACTORY_ABI2 = parseAbi(AIRACCOUNT_FACTORY_ABI);
+var ACCOUNT_ABI3 = parseAbi(AIRACCOUNT_ABI);
 var AgentRegistryService = class {
   /**
-   * @param providerOrSigner ethers Provider (reads only) or Signer (reads + sends).
-   * @param registryAddress  deployed AgentRegistry contract address.
+   * @param client          viem PublicClient for on-chain reads (e.g. `ethereum.getProvider()`).
+   * @param registryAddress deployed AgentRegistry contract address.
    */
-  constructor(providerOrSigner, registryAddress) {
+  constructor(client, registryAddress) {
     this.registryAddress = registryAddress;
-    this.providerOrSigner = providerOrSigner;
-    this.contract = new ethers.Contract(registryAddress, AGENT_REGISTRY_ABI, providerOrSigner);
-    this.iface = new ethers.Interface(AGENT_REGISTRY_ABI);
-    this.factoryIface = new ethers.Interface(AIRACCOUNT_FACTORY_ABI);
-    this.accountIface = new ethers.Interface(AIRACCOUNT_ABI);
+    this.client = client;
   }
-  contract;
-  iface;
-  factoryIface;
-  accountIface;
-  providerOrSigner;
+  client;
   // ── Composed register/revoke-via-account scenario encoders ──────────────────
   // registerAgent/revokeAgent require msg.sender == the agent account, so they are delivered
   // through the account's execute(registry, 0, calldata). These return the FULL execute
   // calldata to submit TO the agent account (owner-signed) — the scenario-level entry point.
   /** Encode `account.execute(registry, 0, registerAgent(agentWallet, agentWalletSig))`. */
   encodeRegisterAgentViaAccount(agentWallet, agentWalletSig) {
-    return this.accountIface.encodeFunctionData("execute", [
-      this.registryAddress,
-      0n,
-      this.encodeRegisterAgent(agentWallet, agentWalletSig)
-    ]);
+    return encodeFunctionData({
+      abi: ACCOUNT_ABI3,
+      functionName: "execute",
+      args: [
+        this.registryAddress,
+        0n,
+        this.encodeRegisterAgent(agentWallet, agentWalletSig)
+      ]
+    });
   }
   /** Encode `account.execute(registry, 0, revokeAgent(agentWallet))`. */
   encodeRevokeAgentViaAccount(agentWallet) {
-    return this.accountIface.encodeFunctionData("execute", [
-      this.registryAddress,
-      0n,
-      this.encodeRevokeAgent(agentWallet)
-    ]);
+    return encodeFunctionData({
+      abi: ACCOUNT_ABI3,
+      functionName: "execute",
+      args: [this.registryAddress, 0n, this.encodeRevokeAgent(agentWallet)]
+    });
   }
   // ── AgentRegistry calldata encoders ─────────────────────────────────────────
   /**
@@ -3333,7 +3346,11 @@ var AgentRegistryService = class {
    * if the wallet is already bound.
    */
   encodeRegisterAgent(agentWallet, agentWalletSig) {
-    return this.iface.encodeFunctionData("registerAgent", [agentWallet, agentWalletSig]);
+    return encodeFunctionData({
+      abi: REGISTRY_ABI,
+      functionName: "registerAgent",
+      args: [agentWallet, agentWalletSig]
+    });
   }
   /**
    * Encode calldata for `revokeAgent(agentWallet)`.
@@ -3342,7 +3359,11 @@ var AgentRegistryService = class {
    * agent's human owner (else `NotAgentOwner`).
    */
   encodeRevokeAgent(agentWallet) {
-    return this.iface.encodeFunctionData("revokeAgent", [agentWallet]);
+    return encodeFunctionData({
+      abi: REGISTRY_ABI,
+      functionName: "revokeAgent",
+      args: [agentWallet]
+    });
   }
   /**
    * Encode calldata for `deregisterAgent(agentWallet)`.
@@ -3351,32 +3372,68 @@ var AgentRegistryService = class {
    * lighter-weight `revokeAgent`). Caller must be the agent's human owner.
    */
   encodeDeregisterAgent(agentWallet) {
-    return this.iface.encodeFunctionData("deregisterAgent", [agentWallet]);
+    return encodeFunctionData({
+      abi: REGISTRY_ABI,
+      functionName: "deregisterAgent",
+      args: [agentWallet]
+    });
   }
   // ── AgentRegistry on-chain reads ────────────────────────────────────────────
   /** Whether `agentWallet` is currently registered in the registry. */
   async isRegisteredAgent(agentWallet) {
-    return this.contract.isRegisteredAgent(agentWallet);
+    return await this.client.readContract({
+      address: this.registryAddress,
+      abi: REGISTRY_ABI,
+      functionName: "isRegisteredAgent",
+      args: [agentWallet]
+    });
   }
   /** Whether `account` has been marked valid (e.g. an AirAccount minted by the bound factory). */
   async isValidAccount(account) {
-    return this.contract.isValidAccount(account);
+    return await this.client.readContract({
+      address: this.registryAddress,
+      abi: REGISTRY_ABI,
+      functionName: "isValidAccount",
+      args: [account]
+    });
   }
   /** The human owner bound to `agentWallet` (ZeroAddress if unregistered). */
   async getHumanOwner(agentWallet) {
-    return this.contract.getHumanOwner(agentWallet);
+    return await this.client.readContract({
+      address: this.registryAddress,
+      abi: REGISTRY_ABI,
+      functionName: "getHumanOwner",
+      args: [agentWallet]
+    });
   }
   /** Number of agents registered under `owner`. */
   async getAgentCount(owner) {
-    return BigInt(await this.contract.getAgentCount(owner));
+    return BigInt(
+      await this.client.readContract({
+        address: this.registryAddress,
+        abi: REGISTRY_ABI,
+        functionName: "getAgentCount",
+        args: [owner]
+      })
+    );
   }
   /** The agent wallet at `index` in `owner`'s agent list. */
   async getAgentByIndex(owner, index) {
-    return this.contract.getAgentByIndex(owner, index);
+    return await this.client.readContract({
+      address: this.registryAddress,
+      abi: REGISTRY_ABI,
+      functionName: "getAgentByIndex",
+      args: [owner, BigInt(index)]
+    });
   }
   /** Full list of agent wallets registered under `humanOwner`. */
   async getAgents(humanOwner) {
-    const result = await this.contract.getAgents(humanOwner);
+    const result = await this.client.readContract({
+      address: this.registryAddress,
+      abi: REGISTRY_ABI,
+      functionName: "getAgents",
+      args: [humanOwner]
+    });
     return Array.from(result);
   }
   /**
@@ -3384,16 +3441,31 @@ var AgentRegistryService = class {
    * The contract clamps `count` to the remaining length, so the returned array may be shorter.
    */
   async getAgentsPage(owner, start, count) {
-    const result = await this.contract.getAgentsPage(owner, start, count);
+    const result = await this.client.readContract({
+      address: this.registryAddress,
+      abi: REGISTRY_ABI,
+      functionName: "getAgentsPage",
+      args: [owner, BigInt(start), BigInt(count)]
+    });
     return Array.from(result);
   }
   /** Raw `agentWalletOwner` mapping read (agentWallet → owner). */
   async agentWalletOwner(agentWallet) {
-    return this.contract.agentWalletOwner(agentWallet);
+    return await this.client.readContract({
+      address: this.registryAddress,
+      abi: REGISTRY_ABI,
+      functionName: "agentWalletOwner",
+      args: [agentWallet]
+    });
   }
   /** Raw `ownerAgents` array read (owner, index → agentWallet). */
   async ownerAgents(owner, index) {
-    return this.contract.ownerAgents(owner, index);
+    return await this.client.readContract({
+      address: this.registryAddress,
+      abi: REGISTRY_ABI,
+      functionName: "ownerAgents",
+      args: [owner, BigInt(index)]
+    });
   }
   // ── Factory agent-account helpers (AAStarAirAccountFactoryV7) ───────────────
   /**
@@ -3404,21 +3476,29 @@ var AgentRegistryService = class {
    * calldata to the factory address (direct tx or via a relayer).
    */
   encodeCreateAgentAccount(params) {
-    return this.factoryIface.encodeFunctionData("createAgentAccount", [
-      params.agentKey,
-      params.agentId,
-      params.guardian2,
-      params.guardian2Sig,
-      params.agentKeySig,
-      params.deadline,
-      params.dailyLimit
-    ]);
+    return encodeFunctionData({
+      abi: FACTORY_ABI2,
+      functionName: "createAgentAccount",
+      args: [
+        params.agentKey,
+        params.agentId,
+        params.guardian2,
+        params.guardian2Sig,
+        params.agentKeySig,
+        BigInt(params.deadline),
+        params.dailyLimit
+      ]
+    });
   }
   /**
    * Encode calldata for the factory's `setAgentRegistry(_agentRegistry)` (factory-admin only).
    */
   encodeSetAgentRegistry(agentRegistry) {
-    return this.factoryIface.encodeFunctionData("setAgentRegistry", [agentRegistry]);
+    return encodeFunctionData({
+      abi: FACTORY_ABI2,
+      functionName: "setAgentRegistry",
+      args: [agentRegistry]
+    });
   }
   /**
    * Predict the CREATE2 address of an agent account via the factory's `getAgentAddress(...)`.
@@ -3429,21 +3509,21 @@ var AgentRegistryService = class {
    * @param agentId        the bytes32 agent identifier.
    */
   async getAgentAccountAddress(factoryAddress, humanOwner, agentKey, agentId) {
-    const factory = new ethers.Contract(
-      factoryAddress,
-      AIRACCOUNT_FACTORY_ABI,
-      this.providerOrSigner
-    );
-    return factory.getAgentAddress(humanOwner, agentKey, agentId);
+    return await this.client.readContract({
+      address: factoryAddress,
+      abi: FACTORY_ABI2,
+      functionName: "getAgentAddress",
+      args: [humanOwner, agentKey, agentId]
+    });
   }
   /** Read the AgentRegistry address currently bound to the factory. */
   async getFactoryAgentRegistry(factoryAddress) {
-    const factory = new ethers.Contract(
-      factoryAddress,
-      AIRACCOUNT_FACTORY_ABI,
-      this.providerOrSigner
-    );
-    return factory.agentRegistry();
+    return await this.client.readContract({
+      address: factoryAddress,
+      abi: FACTORY_ABI2,
+      functionName: "agentRegistry",
+      args: []
+    });
   }
 };
 var ERC8004_ABI = [
@@ -3474,12 +3554,25 @@ function erc8004AddressesForChain(chainId) {
   throw new Error(`ERC-8004: unsupported chain ${chainId}`);
 }
 var ERC8004Service = class {
-  iface;
+  abi;
   provider;
   constructor(provider) {
-    this.iface = new ethers.Interface(ERC8004_ABI);
+    this.abi = parseAbi(ERC8004_ABI);
     this.provider = provider;
   }
+  /**
+   * Build a read-only viem contract bound to the account address. The ABI is loaded from
+   * human-readable signatures via `parseAbi` (loose `Abi`), so `read` methods are indexed by
+   * name and return `unknown` — cast at the call site. Mirrors the dynamic surface that
+   * `ethers.Contract` previously exposed. Caller must ensure `this.provider` is set.
+   */
+  contractAt(accountAddress) {
+    return getContract({
+      address: accountAddress,
+      abi: this.abi,
+      client: this.provider
+    });
+  }
   // ── AAStar AgentRegistry path ─────────────────────────────────────────────
   /**
    * Encode calldata for `setAgentWallet`.
@@ -3493,12 +3586,11 @@ var ERC8004Service = class {
    * Callable: owner EOA direct tx OR via UserOp (gasless).
    */
   encodeSetAgentWallet(params) {
-    return this.iface.encodeFunctionData("setAgentWallet", [
-      params.agentId,
-      params.agentWallet,
-      params.agentRegistry,
-      params.agentWalletSig
-    ]);
+    return encodeFunctionData({
+      abi: this.abi,
+      functionName: "setAgentWallet",
+      args: [params.agentId, params.agentWallet, params.agentRegistry, params.agentWalletSig]
+    });
   }
   // ── Official ERC-8004 identity path ──────────────────────────────────────
   /**
@@ -3511,10 +3603,11 @@ var ERC8004Service = class {
    * Callable: owner EOA direct tx OR via UserOp (gasless).
    */
   encodeMintAgentIdentity(params) {
-    return this.iface.encodeFunctionData("mintAgentIdentity", [
-      params.identityRegistry,
-      params.agentURI
-    ]);
+    return encodeFunctionData({
+      abi: this.abi,
+      functionName: "mintAgentIdentity",
+      args: [params.identityRegistry, params.agentURI]
+    });
   }
   /**
    * Encode calldata for `bindERC8004AgentWallet`.
@@ -3526,13 +3619,17 @@ var ERC8004Service = class {
    * Callable: owner EOA direct tx OR via UserOp (gasless).
    */
   encodeBindERC8004AgentWallet(params) {
-    return this.iface.encodeFunctionData("bindERC8004AgentWallet", [
-      params.identityRegistry,
-      params.agentId,
-      params.agentWallet,
-      params.deadline,
-      params.signature
-    ]);
+    return encodeFunctionData({
+      abi: this.abi,
+      functionName: "bindERC8004AgentWallet",
+      args: [
+        params.identityRegistry,
+        params.agentId,
+        params.agentWallet,
+        params.deadline,
+        params.signature
+      ]
+    });
   }
   // ── Reputation ────────────────────────────────────────────────────────────
   /**
@@ -3544,17 +3641,21 @@ var ERC8004Service = class {
    * Callable: owner EOA direct tx OR via UserOp (gasless).
    */
   encodeSubmitAgentReputation(params) {
-    return this.iface.encodeFunctionData("submitAgentReputation", [
-      params.reputationRegistry,
-      params.agentId,
-      params.value,
-      params.valueDecimals,
-      params.tag1,
-      params.tag2,
-      params.endpoint,
-      params.feedbackURI,
-      params.feedbackHash
-    ]);
+    return encodeFunctionData({
+      abi: this.abi,
+      functionName: "submitAgentReputation",
+      args: [
+        params.reputationRegistry,
+        params.agentId,
+        params.value,
+        params.valueDecimals,
+        params.tag1,
+        params.tag2,
+        params.endpoint,
+        params.feedbackURI,
+        params.feedbackHash
+      ]
+    });
   }
   /**
    * Query aggregated reputation for an agent from the official ERC-8004 ReputationRegistry.
@@ -3562,35 +3663,40 @@ var ERC8004Service = class {
    */
   async queryAgentReputation(accountAddress, params) {
     if (!this.provider) throw new Error("ERC8004Service: provider required for on-chain reads");
-    const contract = new ethers.Contract(accountAddress, ERC8004_ABI, this.provider);
-    const [count, summaryValue, summaryDecimals] = await contract.queryAgentReputation(
+    const contract = this.contractAt(accountAddress);
+    const [count, summaryValue, summaryDecimals] = await contract.read.queryAgentReputation([
       params.reputationRegistry,
       params.agentId,
       params.clientAddresses,
       params.tag1,
       params.tag2
-    );
+    ]);
     return { count: BigInt(count), summaryValue: BigInt(summaryValue), summaryDecimals: Number(summaryDecimals) };
   }
   /**
    * Encode calldata for `queryAgentReputation` (for static-call or eth_call without a signer).
    */
   encodeQueryAgentReputation(params) {
-    return this.iface.encodeFunctionData("queryAgentReputation", [
-      params.reputationRegistry,
-      params.agentId,
-      params.clientAddresses,
-      params.tag1,
-      params.tag2
-    ]);
+    return encodeFunctionData({
+      abi: this.abi,
+      functionName: "queryAgentReputation",
+      args: [
+        params.reputationRegistry,
+        params.agentId,
+        params.clientAddresses,
+        params.tag1,
+        params.tag2
+      ]
+    });
   }
   /**
    * Read the agentExtension implementation address from a deployed AirAccount.
    */
   async getAgentExtensionAddress(accountAddress) {
     if (!this.provider) throw new Error("ERC8004Service: provider required for on-chain reads");
-    const contract = new ethers.Contract(accountAddress, ERC8004_ABI, this.provider);
-    return contract.agentExtension();
+    const contract = this.contractAt(accountAddress);
+    const extension = await contract.read.agentExtension([]);
+    return extension;
   }
 };
 var DEFAULT_KMS_ENDPOINT = "https://kms.aastar.io";
@@ -3647,6 +3753,21 @@ var KmsHttpClient = class {
     });
   }
 };
+
+// ../../node_modules/.pnpm/@noble+curves@2.0.1/node_modules/@noble/curves/nist.js
+var p256_CURVE = /* @__PURE__ */ (() => ({
+  p: BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"),
+  n: BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),
+  h: BigInt(1),
+  a: BigInt("0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc"),
+  b: BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),
+  Gx: BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
+  Gy: BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5")
+}))();
+var p256_Point = /* @__PURE__ */ weierstrass(p256_CURVE);
+var p256 = /* @__PURE__ */ ecdsa(p256_Point, sha256);
+
+// ../airaccount/src/server/services/webauthn-ceremony.ts
 var DEFAULT_RP_ID = "aastar.io";
 var DEFAULT_ORIGIN = "https://aastar.io";
 var DEFAULT_CREDENTIAL_ID = "dGVzdC1jcmVkZW50aWFs";
@@ -3656,7 +3777,7 @@ function base64UrlEncode(bytes) {
 function base64UrlDecode(value) {
   return new Uint8Array(Buffer.from(value, "base64url"));
 }
-function hexToBytes(hex) {
+function hexToBytes4(hex) {
   const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
   if (clean.length % 2 !== 0) {
     throw new Error("hexToBytes: odd-length hex string");
@@ -3675,7 +3796,7 @@ var P256PasskeySigner = class {
    * @param credentialId base64url credential id (defaults to the reference fixture).
    */
   constructor(privateKey, credentialId = DEFAULT_CREDENTIAL_ID) {
-    this.privateKey = typeof privateKey === "string" ? hexToBytes(privateKey) : privateKey;
+    this.privateKey = typeof privateKey === "string" ? hexToBytes4(privateKey) : privateKey;
     this.credentialId = credentialId;
   }
   /**
@@ -3741,26 +3862,28 @@ async function runWebAuthnCeremony(begin, options) {
   });
   return { ChallengeId: begun.ChallengeId, Credential: credential };
 }
-function beginAuthenticationChallenge(http, keyId) {
-  return http.post("/BeginAuthentication", { KeyId: keyId });
+function beginAuthenticationChallenge(http2, keyId) {
+  return http2.post("/BeginAuthentication", { KeyId: keyId });
 }
-function beginGrantSessionChallenge(http, keyId) {
-  return http.get("/kms/begin-grant-session-auth", {
+function beginGrantSessionChallenge(http2, keyId) {
+  return http2.get("/kms/begin-grant-session-auth", {
     params: { keyId }
   });
 }
-function runAuthenticationCeremony(http, keyId, signer, options) {
-  return runWebAuthnCeremony(() => beginAuthenticationChallenge(http, keyId), {
+function runAuthenticationCeremony(http2, keyId, signer, options) {
+  return runWebAuthnCeremony(() => beginAuthenticationChallenge(http2, keyId), {
     signer,
     ...options
   });
 }
-function runGrantSessionCeremony(http, keyId, signer, options) {
-  return runWebAuthnCeremony(() => beginGrantSessionChallenge(http, keyId), {
+function runGrantSessionCeremony(http2, keyId, signer, options) {
+  return runWebAuthnCeremony(() => beginGrantSessionChallenge(http2, keyId), {
     signer,
     ...options
   });
 }
+
+// ../airaccount/src/server/services/kms-signer.ts
 var KmsManager = class {
   client;
   logger;
@@ -4055,14 +4178,13 @@ var KmsManager = class {
     return this.client.post("/BeginAuthentication", { KeyId: keyId });
   }
   // ── Factory ─────────────────────────────────────────────────────
-  createKmsSigner(keyId, address, assertionProvider, provider) {
+  createKmsSigner(keyId, address, assertionProvider) {
     this.ensureEnabled();
-    return new KmsSigner(keyId, address, this, assertionProvider, provider);
+    return new KmsSigner(keyId, address, this, assertionProvider);
   }
 };
-var KmsSigner = class _KmsSigner extends ethers.AbstractSigner {
-  constructor(keyId, _address, kmsManager, assertionProvider, provider) {
-    super(provider);
+var KmsSigner = class {
+  constructor(keyId, _address, kmsManager, assertionProvider) {
     this.keyId = keyId;
     this._address = _address;
     this.kmsManager = kmsManager;
@@ -4072,53 +4194,19 @@ var KmsSigner = class _KmsSigner extends ethers.AbstractSigner {
     return this._address;
   }
   async signMessage(message) {
-    const messageBytes = typeof message === "string" ? ethers.toUtf8Bytes(message) : message;
-    const messageHash = ethers.hashMessage(messageBytes);
+    const messageHash = hashMessage(message);
     const assertion = await this.assertionProvider();
     const signResponse = await this.kmsManager.signHash(messageHash, assertion, {
       Address: this._address
     });
     return "0x" + signResponse.Signature;
   }
-  async signTransaction(tx) {
-    if (!this.provider) {
-      throw new Error("Provider is required for signing transactions");
-    }
-    const populated = await this.populateTransaction(tx);
-    const unsignedTx = ethers.Transaction.from(populated);
-    const txHash = unsignedTx.hash;
-    if (!txHash) {
-      throw new Error("Failed to compute transaction hash");
-    }
-    const assertion = await this.assertionProvider();
-    const signResponse = await this.kmsManager.signHash(txHash, assertion, {
-      Address: this._address
-    });
-    const sig = ethers.Signature.from("0x" + signResponse.Signature);
-    unsignedTx.signature = sig;
-    return unsignedTx.serialized;
-  }
-  async signTypedData(domain, types, value) {
-    const hash = ethers.TypedDataEncoder.hash(domain, types, value);
-    const assertion = await this.assertionProvider();
-    const signResponse = await this.kmsManager.signHash(hash, assertion, {
-      Address: this._address
-    });
-    return "0x" + signResponse.Signature;
-  }
-  connect(provider) {
-    return new _KmsSigner(
-      this.keyId,
-      this._address,
-      this.kmsManager,
-      this.assertionProvider,
-      provider
-    );
-  }
 };
+
+// ../airaccount/src/server/services/kms-agent-service.ts
 var KmsAgentService = class {
-  constructor(http) {
-    this.http = http;
+  constructor(http2) {
+    this.http = http2;
   }
   /**
    * Mint a new agent key under an existing human key (WebAuthn-gated).
@@ -4205,9 +4293,11 @@ var KmsAgentService = class {
     return this.revokeAgentCredential({ ...params, webAuthnAssertion });
   }
 };
+
+// ../airaccount/src/server/services/kms-session-service.ts
 var KmsSessionService = class {
-  constructor(http) {
-    this.http = http;
+  constructor(http2) {
+    this.http = http2;
   }
   /**
    * Create a P-256 session key under a human key (WebAuthn-gated).
@@ -4280,9 +4370,11 @@ var KmsSessionService = class {
     return this.revokeP256SessionKey({ ...params, webAuthnAssertion });
   }
 };
+
+// ../airaccount/src/server/services/kms-payment-signer.ts
 var KmsPaymentSigner = class {
-  constructor(http) {
-    this.http = http;
+  constructor(http2) {
+    this.http = http2;
   }
   /**
    * Dispatch a payment-signing request with the chosen auth mode.
@@ -4321,9 +4413,11 @@ var KmsPaymentSigner = class {
     return this.signWithAuth("/kms/SignX402Payment", { ...params }, auth);
   }
 };
+
+// ../airaccount/src/server/services/kms-monitor-service.ts
 var KmsMonitorService = class {
-  constructor(http) {
-    this.http = http;
+  constructor(http2) {
+    this.http = http2;
   }
   /**
    * Liveness probe (`GET /health`, no auth). Does NOT require the KMS feature
@@ -4400,6 +4494,8 @@ var KmsMonitorService = class {
     return this.http.postWithBearer("/admin/purge-key", params, adminToken);
   }
 };
+
+// ../airaccount/src/server/adapters/memory-storage.ts
 var MemoryStorage = class {
   accounts = [];
   transfers = [];
@@ -4474,18 +4570,18 @@ var MemoryStorage = class {
   }
 };
 var LocalWalletSigner = class {
-  wallet;
-  constructor(privateKey, provider) {
-    this.wallet = new ethers.Wallet(privateKey, provider);
+  account;
+  constructor(privateKey) {
+    this.account = privateKeyToAccount(privateKey);
   }
   async getAddress(_userId) {
-    return this.wallet.address;
+    return this.account.address;
   }
-  async getSigner(_userId, _ctx) {
-    return this.wallet;
+  async signMessage(_userId, message, _ctx) {
+    return this.account.signMessage({ message: { raw: message } });
   }
   async ensureSigner(_userId) {
-    return { signer: this.wallet, address: this.wallet.address };
+    return { address: this.account.address };
   }
 };
 /*! Bundled license information:
@@ -4494,6 +4590,6 @@ var LocalWalletSigner = class {
   (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
 */
 
-export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, validateConfig, wrapExecuteUserOp };
-//# sourceMappingURL=chunk-WPSWFZKF.js.map
-//# sourceMappingURL=chunk-WPSWFZKF.js.map
+export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, AirAccountServerClient, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, validateConfig, wrapExecuteUserOp };
+//# sourceMappingURL=chunk-UIFMIVDK.js.map
+//# sourceMappingURL=chunk-UIFMIVDK.js.map