@aastar/sdk 0.20.6 → 0.20.8

package/dist/kms.d.ts

@@ -1,7 +1,7 @@
-import { v as UserOperation, P as PackedUserOperation, h as BLSSignatureData, t as TierLevel$1, T as TierConfig, n as GuardStatus, s as PreCheckResult } from './tier-router-DLiMxs0h.js';
-export { A as ALG_BLS, a as ALG_CUMULATIVE_T2, b as ALG_CUMULATIVE_T3, c as ALG_ECDSA, d as ALG_P256, e as AlgId, B as BLSConfig, f as BLSManager, g as BLSNode, i as BeginAuthenticationResponse, j as BeginRegistrationResponse, k as BeginTransactionVerificationResponse, C as CryptoUtil, l as CumulativeT2SignatureData, m as CumulativeT3SignatureData, E as ERC4337Utils, G as GasEstimate, o as PasskeyAuthenticationParams, p as PasskeyInfo, q as PasskeyManager, r as PasskeyRegistrationParams, u as TransactionVerificationParams, U as UserOpBuilder, Y as YAAAClient, w as YAAAConfig, x as algIdForTier, y as resolveTier } from './tier-router-DLiMxs0h.js';
-import { ethers } from 'ethers';
+import { y as UserOperation, P as PackedUserOperation, j as BLSSignatureData, w as TierLevel$1, T as TierConfig, p as GuardStatus, v as PreCheckResult } from './tier-router-DeeVg69O.js';
+export { A as ALG_BLS, a as ALG_CUMULATIVE_T2, b as ALG_CUMULATIVE_T3, c as ALG_ECDSA, d as ALG_P256, e as AirAccountClient, f as AirAccountConfig, g as AlgId, B as BLSConfig, h as BLSManager, i as BLSNode, k as BeginAuthenticationResponse, l as BeginRegistrationResponse, m as BeginTransactionVerificationResponse, C as CryptoUtil, n as CumulativeT2SignatureData, o as CumulativeT3SignatureData, D as DEFAULT_PASSKEY_ROUTES, E as ERC4337Utils, G as GasEstimate, q as PasskeyAuthenticationParams, r as PasskeyInfo, s as PasskeyManager, t as PasskeyRegistrationParams, u as PasskeyRoutes, x as TransactionVerificationParams, U as UserOpBuilder, Y as YAAAClient, z as YAAAConfig, F as algIdForTier, H as resolveTier } from './tier-router-DeeVg69O.js';
 import { AxiosRequestConfig } from 'axios';
+import { PublicClient, Address, Abi, WalletClient, Hex } from 'viem';
 
 /**
  * Account record stored by the SDK.
@@ -735,26 +735,28 @@ declare class KmsManager {
      * challenge from {@link beginGrantSessionAuth} instead.)
      */
     beginWebAuthnAuth(keyId: string): Promise<KmsBeginAuthenticationResponse>;
-    createKmsSigner(keyId: string, address: string, assertionProvider: () => Promise<LegacyPasskeyAssertion>, provider?: ethers.Provider): KmsSigner;
+    createKmsSigner(keyId: string, address: string, assertionProvider: () => Promise<LegacyPasskeyAssertion>): KmsSigner;
 }
 /**
- * ethers.AbstractSigner backed by KMS with Passkey assertion.
+ * KMS-backed signer with Passkey assertion.
  *
  * Each signing operation calls the `assertionProvider` to obtain a Legacy
  * Passkey assertion, which is then passed to KMS SignHash. The Legacy format
  * is reusable (no challenge consumption), enabling BLS dual-signing.
+ *
+ * Narrowed during the ethers -> viem migration: only the EIP-191 personal-sign
+ * and address-read behaviour is actually consumed by the SDK, so the former
+ * ethers.AbstractSigner surface (signTransaction / signTypedData / connect /
+ * provider) has been dropped.
  */
-declare class KmsSigner extends ethers.AbstractSigner {
+declare class KmsSigner {
     private readonly keyId;
     private readonly _address;
     private readonly kmsManager;
     private readonly assertionProvider;
-    constructor(keyId: string, _address: string, kmsManager: KmsManager, assertionProvider: () => Promise<LegacyPasskeyAssertion>, provider?: ethers.Provider);
+    constructor(keyId: string, _address: string, kmsManager: KmsManager, assertionProvider: () => Promise<LegacyPasskeyAssertion>);
     getAddress(): Promise<string>;
     signMessage(message: string | Uint8Array): Promise<string>;
-    signTransaction(tx: ethers.TransactionRequest): Promise<string>;
-    signTypedData(domain: ethers.TypedDataDomain, types: Record<string, ethers.TypedDataField[]>, value: Record<string, unknown>): Promise<string>;
-    connect(provider: ethers.Provider): KmsSigner;
 }
 
 /**
@@ -767,19 +769,29 @@ interface PasskeyAssertionContext {
 /**
  * Pluggable signer adapter — replaces NestJS AuthService wallet management.
  * Implement this to provide signing capabilities from your key management system.
+ *
+ * Narrow by design: the only operations the SDK performs are EOA address
+ * lookup and EIP-191 personal-sign over a digest. There is no transaction
+ * signing / provider connection — that lives in the bundler/UserOp path.
  */
 interface ISignerAdapter {
     /** Get the EOA address for a given user. */
-    getAddress(userId: string): Promise<string>;
-    /** Get an ethers Signer instance for a given user. */
-    getSigner(userId: string, ctx?: PasskeyAssertionContext): Promise<ethers.Signer>;
+    getAddress(userId: string): Promise<`0x${string}`>;
+    /**
+     * Sign a message for a given user, applying EIP-191 personal-sign semantics
+     * (equivalent to ethers `signer.signMessage(bytes)` / viem
+     * `account.signMessage({ raw: bytes })`). A `Uint8Array` (or raw `0x` hex) is
+     * signed as raw bytes — callers pass a 32-byte digest, NOT UTF-8 text.
+     *
+     * @param ctx optional Passkey assertion context for KMS-backed signers.
+     */
+    signMessage(userId: string, message: `0x${string}` | Uint8Array, ctx?: PasskeyAssertionContext): Promise<`0x${string}`>;
     /**
      * Ensure a signer exists for the user (create on demand if needed).
-     * Returns the signer and its address.
+     * Returns the signer's address.
      */
     ensureSigner(userId: string): Promise<{
-        signer: ethers.Signer;
-        address: string;
+        address: `0x${string}`;
     }>;
 }
 
@@ -915,19 +927,19 @@ declare const AIRACCOUNT_ADDRESSES: {
         tierGuardHookM7r4: string;
         /** @deprecated */
         agentSessionKeyValidatorM7r4: string;
-        factory: string;
-        factoryM7: string;
-        accountImpl: string;
-        validatorRouter: string;
-        blsAlgorithm: string;
-        blsAggregator: string;
-        superPaymaster: string;
-        sessionKeyValidator: string;
-        forceExitModule: string;
-        airAccountDelegate: string;
-        airAccountExtension: string;
-        agentRegistry: string;
-        calldataParserRegistry: string;
+        factory: "0x52c5190E7308Ea9B149157FF016cC99B6C6bf984";
+        factoryM7: "0x52c5190E7308Ea9B149157FF016cC99B6C6bf984";
+        accountImpl: "0x7fe62d512f0b8238DE6Ff17175DcE40eA312bBF2";
+        validatorRouter: "0xC20A986Bcd5bF5Cc2fE5fFde6b155B8419E0389e";
+        blsAlgorithm: "0x68c381Ad3A2e3380F22840008027E9Ec2783F43A";
+        blsAggregator: "0x77f7bf95B8602b7851f392F412257539242947e0";
+        superPaymaster: "0x030025f40d509b1a99547bAEb3795bD27F7182b7";
+        sessionKeyValidator: "0x70de2e36004d6Ddc24DEB80e1Ef76c03EdC0c2AE";
+        forceExitModule: "0xd882a16Ea37Be463D1885EF4a397Dbbf157dC211";
+        airAccountDelegate: "0xA8D7f70c9D36bC4a4eb14F0dCEE19053FCB3309f";
+        airAccountExtension: "0xD61C0F3DE6D98070E9986743d35A56d56855A249";
+        agentRegistry: "0x3895b3E6fEf4e121E6289dC7881A0eEd5283C652";
+        calldataParserRegistry: "0xb8Af1C039dF88F6bD9fE36Ca683492a3c09e7D17";
         uniswapV3Parser: string;
     };
 };
@@ -960,31 +972,64 @@ declare const SESSION_KEY_VALIDATOR_ABI: string[];
 declare const CALLDATA_PARSER_REGISTRY_ABI: string[];
 declare const AIR_ACCOUNT_DELEGATE_ABI: string[];
 
+/**
+ * A viem contract instance bound to a read-only PublicClient.
+ *
+ * The EntryPoint/AirAccount ABIs are loaded from human-readable signatures via
+ * `parseAbi`, which yields the loosely-typed `Abi` shape. As a result `read`/`write`
+ * method access is not statically typed per-function; callers index by name and the
+ * returned value is `unknown` (cast at the call site). This mirrors the dynamic
+ * surface that `ethers.Contract` previously exposed.
+ */
+type ViemContractMethods = Record<string, (...args: unknown[]) => Promise<unknown>>;
+interface ViemContract {
+    address: Address;
+    abi: Abi;
+    /** Read (view/pure) calls: `contract.read.fnName([...args])`. */
+    read: ViemContractMethods;
+    /** State-changing calls (requires a wallet client — not provided by this read-only hub). */
+    write: ViemContractMethods;
+    estimateGas: ViemContractMethods;
+    simulate: ViemContractMethods;
+    getEvents: ViemContractMethods;
+}
 /**
  * Unified Ethereum provider — replaces NestJS EthereumService.
- * Manages RPC + Bundler providers and contract interactions.
+ * Manages RPC + Bundler clients (viem) and contract interactions.
  */
 declare class EthereumProvider {
+    /** Main-network read client. Pass to viem getContract / readContract calls. */
     private readonly provider;
+    /** Bundler client — used only for raw eth_ / pimlico_ userOp JSON-RPC. */
     private readonly bundlerProvider;
     private readonly config;
     private readonly logger;
     constructor(config: ServerConfig);
-    getProvider(): ethers.JsonRpcProvider;
-    getBundlerProvider(): ethers.JsonRpcProvider;
+    /** Returns the viem PublicClient for the main network RPC. */
+    getProvider(): PublicClient;
+    /** Returns the viem PublicClient bound to the bundler RPC (raw .request only). */
+    getBundlerProvider(): PublicClient;
+    /**
+     * Raw bundler JSON-RPC call. The bundler exposes non-standard methods
+     * (eth_sendUserOperation, pimlico_getUserOperationGasPrice, ...) that are not in
+     * viem's typed RPC schema, so we go through the transport's request fn untyped.
+     */
+    private bundlerRequest;
     private getVersionConfig;
     getEntryPointAddress(version: EntryPointVersion): string;
     getFactoryAddress(version: EntryPointVersion): string;
     getValidatorAddress(version: EntryPointVersion): string;
     getDefaultVersion(): EntryPointVersion;
-    getFactoryContract(version?: EntryPointVersion): ethers.Contract;
-    getEntryPointContract(version?: EntryPointVersion): ethers.Contract;
-    getValidatorContract(version?: EntryPointVersion): ethers.Contract;
-    getAccountContract(address: string): ethers.Contract;
-    getAgentSessionKeyValidatorContract(address?: string): ethers.Contract;
-    getTierGuardHookContract(address?: string): ethers.Contract;
-    getCompositeValidatorContract(address?: string): ethers.Contract;
-    getForceExitModuleContract(address: string): ethers.Contract;
+    /** Build a read-only viem contract bound to the main-network PublicClient. */
+    private contractAt;
+    getFactoryContract(version?: EntryPointVersion): ViemContract;
+    getEntryPointContract(version?: EntryPointVersion): ViemContract;
+    getValidatorContract(version?: EntryPointVersion): ViemContract;
+    getAccountContract(address: string): ViemContract;
+    getAgentSessionKeyValidatorContract(address?: string): ViemContract;
+    getTierGuardHookContract(address?: string): ViemContract;
+    getCompositeValidatorContract(address?: string): ViemContract;
+    getForceExitModuleContract(address: string): ViemContract;
     getBalance(address: string): Promise<string>;
     getNonce(accountAddress: string, key?: number, version?: EntryPointVersion): Promise<bigint>;
     getUserOpHash(userOp: UserOperation | PackedUserOperation, version?: EntryPointVersion): Promise<string>;
@@ -1085,6 +1130,15 @@ declare class AccountManager {
     }): Promise<AccountRecord>;
 }
 
+/**
+ * Minimal guardian signer surface (was `ethers.Signer`): an external signer that
+ * performs an EIP-191 personal-sign over raw bytes and returns a 0x-prefixed
+ * 65-byte hex signature. Structural — any ethers/viem signer with this method fits.
+ */
+interface GuardianSigner {
+    signMessage(message: Uint8Array): Promise<string>;
+}
+
 /**
  * Raised when a DVT node (aNode YetAnotherAA-Validator ≥ v1.3.0, running with
  * `CONFIRM_ENABLED=true`) withholds its co-signature on a high-value op pending
@@ -1139,7 +1193,7 @@ declare class BLSSignatureService {
      * @param userId - User ID for account lookup
      * @param userOpHash - The UserOp hash to sign
      * @param p256Signature - P256 passkey signature (64 bytes, required for tier 2/3)
-     * @param guardianSigner - Guardian ethers.Signer (required for tier 3)
+     * @param guardianSigner - Guardian signer (required for tier 3)
      * @param ctx - Optional passkey assertion context for KMS signing
      */
     generateTieredSignature(params: {
@@ -1147,7 +1201,7 @@ declare class BLSSignatureService {
         userId: string;
         userOpHash: string;
         p256Signature?: string;
-        guardianSigner?: ethers.Signer;
+        guardianSigner?: GuardianSigner;
         ctx?: PasskeyAssertionContext;
     }): Promise<string>;
 }
@@ -1215,9 +1269,10 @@ declare class PaymasterManager {
      * Call `updatePrice()` on a paymaster contract (permissionless).
      * Useful when `checkPriceFreshness()` reports stale price.
      *
-     * @param signer - An ethers Signer that will send the transaction (must have gas).
+     * @param walletClient - A viem WalletClient (with an account) that will send
+     *   the transaction (must have gas). Replaces the former ethers Signer param.
      */
-    updatePrice(paymasterAddress: string, signer: ethers.Signer): Promise<string>;
+    updatePrice(paymasterAddress: string, walletClient: WalletClient): Promise<string>;
     getPaymasterData(userId: string, paymasterName: string, userOp: unknown, entryPoint: string, customAddress?: string, options?: {
         tokenAddress?: string;
     }): Promise<string>;
@@ -1270,8 +1325,8 @@ interface ExecuteTransferParams {
     passkeyAssertion?: LegacyPasskeyAssertion;
     /** P256 passkey signature (64 bytes hex). Required for AirAccount Tier 2/3. */
     p256Signature?: string;
-    /** Guardian ethers.Signer instance. Required for AirAccount Tier 3. */
-    guardianSigner?: ethers.Signer;
+    /** Guardian signer instance. Required for AirAccount Tier 3. */
+    guardianSigner?: GuardianSigner;
     /** Enable AirAccount tiered signature routing. Default: false (legacy BLS-only). */
     useAirAccountTiering?: boolean;
     /**
@@ -1321,7 +1376,7 @@ declare class TransferManager {
         callGasLimit: string;
         verificationGasLimit: string;
         preVerificationGas: string;
-        validatorGasEstimate: any;
+        validatorGasEstimate: string;
         totalGasEstimate: string;
         maxFeePerGas: string;
         maxPriorityFeePerGas: string;
@@ -1344,11 +1399,10 @@ declare class TransferManager {
 declare class WalletManager {
     private readonly signer;
     constructor(signer: ISignerAdapter);
-    getAddress(userId: string): Promise<string>;
-    getSigner(userId: string): Promise<ethers.Signer>;
+    getAddress(userId: string): Promise<`0x${string}`>;
+    signMessage(userId: string, message: `0x${string}` | Uint8Array, ctx?: PasskeyAssertionContext): Promise<`0x${string}`>;
     ensureSigner(userId: string): Promise<{
-        signer: ethers.Signer;
-        address: string;
+        address: `0x${string}`;
     }>;
 }
 
@@ -1358,9 +1412,9 @@ declare class WalletManager {
  *
  * @example
  * ```ts
- * import { YAAAServerClient, MemoryStorage, LocalWalletSigner } from '@aastar/airaccount/server';
+ * import { AirAccountServerClient, MemoryStorage, LocalWalletSigner } from '@aastar/airaccount/server';
  *
- * const client = new YAAAServerClient({
+ * const client = new AirAccountServerClient({
  *   rpcUrl: 'https://sepolia.infura.io/v3/...',
  *   bundlerRpcUrl: 'https://api.pimlico.io/v2/11155111/rpc?apikey=...',
  *   chainId: 11155111,
@@ -1378,7 +1432,7 @@ declare class WalletManager {
  * const account = await client.accounts.createAccount('user-123');
  * ```
  */
-declare class YAAAServerClient {
+declare class AirAccountServerClient {
     readonly ethereum: EthereumProvider;
     readonly accounts: AccountManager;
     readonly transfers: TransferManager;
@@ -1388,6 +1442,11 @@ declare class YAAAServerClient {
     readonly wallets: WalletManager;
     constructor(config: ServerConfig);
 }
+/**
+ * @deprecated Renamed to {@link AirAccountServerClient}. This alias is kept for
+ * backward compatibility and will be removed in a future major version.
+ */
+declare const YAAAServerClient: typeof AirAccountServerClient;
 
 type ModuleTypeId = 1 | 2 | 3 | 4;
 interface InstallModuleParams {
@@ -1428,7 +1487,7 @@ interface UninstallModuleParams {
  *
  * @example
  * const hash = buildInstallModuleHash(chainId, account, 1, moduleAddress, moduleInitData);
- * const sig = await guardian.signMessage(ethers.getBytes(hash));
+ * const sig = await guardian.signMessage(hexToBytes(hash));
  */
 declare function buildInstallModuleHash(chainId: number, account: string, moduleTypeId: ModuleTypeId, module: string, moduleInitData?: string): string;
 /**
@@ -1445,7 +1504,7 @@ declare function buildUninstallModuleHash(chainId: number, account: string, modu
 declare class ModuleManager {
     private readonly provider;
     private readonly chainId;
-    constructor(provider: ethers.JsonRpcProvider, chainId: number);
+    constructor(provider: PublicClient, chainId: number);
     /**
      * Encode calldata for installModule().
      * Caller is responsible for submitting via UserOp (EntryPoint) or direct tx.
@@ -1557,10 +1616,9 @@ interface AgentSessionInfo extends AgentSessionConfig {
  *   hierarchical delegation (parent → sub-agent with scope narrowing).
  */
 declare class SessionKeyService {
-    private readonly provider;
     private readonly skValidator;
     private readonly askValidator;
-    constructor(provider: ethers.JsonRpcProvider, sessionKeyValidatorAddress: string, agentSessionKeyValidatorAddress: string);
+    constructor(provider: PublicClient, sessionKeyValidatorAddress: string, agentSessionKeyValidatorAddress: string);
     /**
      * Build the hash that the account owner must sign to grant a session key.
      * Use grantSession() with this sig, or grantSessionDirect() from the account itself.
@@ -1701,7 +1759,9 @@ interface TokenGuardState {
  */
 declare class GuardStateReader {
     private readonly provider;
-    constructor(provider: ethers.JsonRpcProvider);
+    constructor(provider: PublicClient);
+    private accountContract;
+    private guardContract;
     /**
      * Read the full ETH guard state for an account.
      * Returns null if the account has no guard (dailyLimit=0).
@@ -1723,18 +1783,6 @@ declare class GuardStateReader {
     isAlgorithmApproved(accountAddress: string, algId: number): Promise<boolean>;
 }
 
-/**
- * OAPD — One Account Per DApp address derivation (F7).
- *
- * Each DApp gets a unique counterfactual AirAccount address derived from:
- *   salt = keccak256(owner ‖ dappId)
- *
- * This prevents DApps from correlating user activity across sites while
- * sharing the same underlying owner key and guardians.
- *
- * The OAPD address is a standard AirAccount clone — it has its own guard,
- * its own daily limits, and can be funded independently.
- */
 interface OapdConfig {
     /** Account owner address */
     owner: string;
@@ -1768,25 +1816,25 @@ declare function computeOapdSalt(owner: string, dappId: string): bigint;
  * Predict the counterfactual OAPD address without deploying.
  * Uses the factory's getAddress() view function.
  */
-declare function getOapdAddress(provider: ethers.JsonRpcProvider, config: OapdConfig): Promise<string>;
+declare function getOapdAddress(provider: PublicClient, config: OapdConfig): Promise<string>;
 /**
  * Get the OAPD address and its ERC-7828 chain-qualified identifier.
  */
-declare function getOapdAddressWithChainId(provider: ethers.JsonRpcProvider, config: OapdConfig): Promise<{
+declare function getOapdAddressWithChainId(provider: PublicClient, config: OapdConfig): Promise<{
     address: string;
     chainQualified: string;
 }>;
 /**
  * Check if an OAPD account has been deployed yet.
  */
-declare function isOapdDeployed(provider: ethers.JsonRpcProvider, config: OapdConfig): Promise<boolean>;
+declare function isOapdDeployed(provider: PublicClient, config: OapdConfig): Promise<boolean>;
 
 /** 4-byte selector of `executeUserOp((PackedUserOperation),bytes32)`. */
-declare const EXECUTE_USER_OP_SELECTOR: string;
+declare const EXECUTE_USER_OP_SELECTOR: `0x${string}`;
 /** 4-byte selector of `execute(address,uint256,bytes)`. */
-declare const EXECUTE_SELECTOR: string;
+declare const EXECUTE_SELECTOR: `0x${string}`;
 /** 4-byte selector of `executeBatch(address[],uint256[],bytes[])`. */
-declare const EXECUTE_BATCH_SELECTOR: string;
+declare const EXECUTE_BATCH_SELECTOR: `0x${string}`;
 /**
  * Wrap inner `execute()` / `executeBatch()` callData with the `executeUserOp` selector so a
  * guard-enabled (v0.17.2-beta.4) account routes the bundler UserOp through `executeUserOp`.
@@ -1818,6 +1866,17 @@ interface PendingExit {
     approvalBitmap: bigint;
     guardians: [string, string, string];
 }
+/**
+ * A viem client capable of backing the ForceExit contract. A `PublicClient`
+ * alone enables the on-chain reads; a `WalletClient` (or the `{ public, wallet }`
+ * pair) is required for the state-changing `proposeForceExit`/`approveForceExit`/
+ * etc. transactions. This replaces the old `ethers.Provider | ethers.Signer`
+ * argument (provider = reads, signer = reads + writes).
+ */
+type ForceExitClient = PublicClient | WalletClient | {
+    public: PublicClient;
+    wallet: WalletClient;
+};
 /**
  * ForceExitService — typed wrappers for ForceExitModule ERC-7579 emergency L2→L1 exit.
  *
@@ -1832,8 +1891,7 @@ interface PendingExit {
 declare class ForceExitService {
     private readonly moduleAddress;
     private readonly contract;
-    private readonly iface;
-    constructor(moduleAddress: string, providerOrSigner: ethers.Provider | ethers.Signer);
+    constructor(moduleAddress: string, client: ForceExitClient);
     isInitialized(smartAccount: string): Promise<boolean>;
     getPendingExit(account: string): Promise<PendingExit>;
     getAccountL2Type(account: string): Promise<number>;
@@ -1862,10 +1920,10 @@ declare class ForceExitService {
     encodeApproveForceExit(account: string, guardianSig: string): string;
     encodeExecuteForceExit(account: string): string;
     encodeCancelForceExit(account: string): string;
-    proposeForceExit(target: string, value: bigint, data: string): Promise<ethers.TransactionResponse>;
-    approveForceExit(account: string, guardianSig: string): Promise<ethers.TransactionResponse>;
-    executeForceExit(account: string): Promise<ethers.TransactionResponse>;
-    cancelForceExit(account: string): Promise<ethers.TransactionResponse>;
+    proposeForceExit(target: string, value: bigint, data: string): Promise<Hex>;
+    approveForceExit(account: string, guardianSig: string): Promise<Hex>;
+    executeForceExit(account: string): Promise<Hex>;
+    cancelForceExit(account: string): Promise<Hex>;
 }
 
 /**
@@ -1957,9 +2015,13 @@ interface ActiveRecovery {
  * cleared via guardian `cancelRecovery()` votes before re-proposing.
  */
 declare class RecoveryService {
-    private readonly providerOrSigner;
-    private readonly iface;
-    constructor(providerOrSigner: ethers.Provider | ethers.Signer);
+    private readonly client;
+    /**
+     * @param client viem read client (was `ethers.Provider | ethers.Signer`). Only
+     *   on-chain reads are performed here; calldata encoders are pure and never
+     *   touch the client.
+     */
+    constructor(client: PublicClient);
     /**
      * Encode `addGuardian(guardian)` calldata. **Owner only.**
      * Registers a recovery guardian; reverts once 3 guardians are set, or if the
@@ -2061,15 +2123,17 @@ interface EIP7702Authorization {
  * The user's EOA address does NOT change — only its bytecode pointer changes to 0xef0100||addr.
  *
  * Usage:
- *   1. Build SET_CODE authorization payload (call signer.signAuthorization externally — viem/ethers)
+ *   1. Build SET_CODE authorization payload (call signer.signAuthorization externally — viem)
  *   2. Build initialize() calldata for the first UserOp / direct tx
  *   3. Submit both via integrator's relay
  */
 declare class EIP7702DelegateService {
     private readonly delegateAddress;
-    private readonly iface;
-    private readonly contract;
-    constructor(delegateAddress?: string, providerOrSigner?: ethers.Provider | ethers.Signer);
+    /** Parsed ABI (loose viem `Abi` shape) used for encoding calldata and on-chain reads. */
+    private readonly abi;
+    /** Optional viem read client (was `ethers.Provider | ethers.Signer`). Required only for on-chain reads. */
+    private readonly client?;
+    constructor(delegateAddress?: string, client?: PublicClient);
     /**
      * Encode initialize() calldata for the first post-delegation UserOp.
      * Must be the callData of a UserOp sent immediately after the SET_CODE delegation activates.
@@ -2085,7 +2149,7 @@ declare class EIP7702DelegateService {
      *
      * This is the hash the private key signs to delegate code execution to
      * AirAccountDelegate. Use this hash with your KMS sign-hash endpoint or
-     * local ethers Signer.
+     * local viem account.
      *
      * @param chainId - Target chain ID (11155111 for Sepolia)
      * @param nonce - EOA's current transaction nonce
@@ -2104,8 +2168,10 @@ declare class EIP7702DelegateService {
     /**
      * Verify that a signature is a valid EIP-7702 authorization for the given EOA address.
      * Recovers the signer from the authorization hash and checks it matches `eoa`.
+     *
+     * NOTE: now async — viem's `recoverAddress` is asynchronous (ethers' was sync).
      */
-    verifyAuthorization(eoa: string, chainId: number, nonce: bigint, signature: string): boolean;
+    verifyAuthorization(eoa: string, chainId: number, nonce: bigint, signature: string): Promise<boolean>;
     isInitialized(eoa: string): Promise<boolean>;
     getOwner(eoa: string): Promise<string>;
     getGuardians(eoa: string): Promise<[string, string, string]>;
@@ -2186,9 +2252,9 @@ interface PendingWeightChange {
  */
 declare class WeightedSignatureService {
     private readonly accountAddress;
-    private readonly contract;
-    private readonly iface;
-    constructor(accountAddress: string, providerOrSigner: ethers.Provider | ethers.Signer);
+    private readonly client;
+    private readonly address;
+    constructor(accountAddress: string, client: PublicClient);
     /** Read the account's current active WeightConfig. */
     getWeightConfig(): Promise<WeightConfig>;
     /**
@@ -2200,21 +2266,21 @@ declare class WeightedSignatureService {
      * Encode setWeightConfig calldata. OWNER only; for first-time setup or strengthening.
      * Weakening an existing config must go through encodeProposeWeightChange instead.
      */
-    encodeSetWeightConfig(config: WeightConfig): string;
+    encodeSetWeightConfig(config: WeightConfig): Hex;
     /**
      * Encode proposeWeightChange calldata. OWNER only; opens a guardian-governed proposal
      * (required for any weakening). Subject to 2-of-3 approval + 2-day timelock before execute.
      */
-    encodeProposeWeightChange(config: WeightConfig): string;
+    encodeProposeWeightChange(config: WeightConfig): Hex;
     /** Encode approveWeightChange calldata. GUARDIAN only; each guardian may approve once. */
-    encodeApproveWeightChange(): string;
+    encodeApproveWeightChange(): Hex;
     /** Encode cancelWeightChange calldata. OWNER or any GUARDIAN may cancel a pending proposal. */
-    encodeCancelWeightChange(): string;
+    encodeCancelWeightChange(): Hex;
     /**
      * Encode executeWeightChange calldata. Callable by anyone, but only succeeds once the
      * threshold (2-of-3) and timelock (2 days) are both satisfied and the proposal has not expired.
      */
-    encodeExecuteWeightChange(): string;
+    encodeExecuteWeightChange(): Hex;
 }
 
 interface CreateAgentAccountParams {
@@ -2249,20 +2315,16 @@ interface CreateAgentAccountParams {
  *    address before deployment.
  *
  * All `encode*` methods return ABI-encoded calldata ready for a UserOp (gasless) or a direct
- * owner transaction. Read methods require a provider (or a signer with an attached provider).
+ * owner transaction. Read methods require a viem `PublicClient`.
  */
 declare class AgentRegistryService {
     private readonly registryAddress;
-    private readonly contract;
-    private readonly iface;
-    private readonly factoryIface;
-    private readonly accountIface;
-    private readonly providerOrSigner;
+    private readonly client;
     /**
-     * @param providerOrSigner ethers Provider (reads only) or Signer (reads + sends).
-     * @param registryAddress  deployed AgentRegistry contract address.
+     * @param client          viem PublicClient for on-chain reads (e.g. `ethereum.getProvider()`).
+     * @param registryAddress deployed AgentRegistry contract address.
      */
-    constructor(providerOrSigner: ethers.Provider | ethers.Signer, registryAddress: string);
+    constructor(client: PublicClient, registryAddress: string);
     /** Encode `account.execute(registry, 0, registerAgent(agentWallet, agentWalletSig))`. */
     encodeRegisterAgentViaAccount(agentWallet: string, agentWalletSig: string): string;
     /** Encode `account.execute(registry, 0, revokeAgent(agentWallet))`. */
@@ -2418,9 +2480,16 @@ interface AgentReputationSummary {
  * fallback delegates to AirAccountExtension for these selectors.
  */
 declare class ERC8004Service {
-    private readonly iface;
+    private readonly abi;
     private readonly provider?;
-    constructor(provider?: ethers.Provider);
+    constructor(provider?: PublicClient);
+    /**
+     * Build a read-only viem contract bound to the account address. The ABI is loaded from
+     * human-readable signatures via `parseAbi` (loose `Abi`), so `read` methods are indexed by
+     * name and return `unknown` — cast at the call site. Mirrors the dynamic surface that
+     * `ethers.Contract` previously exposed. Caller must ensure `this.provider` is set.
+     */
+    private contractAt;
     /**
      * Encode calldata for `setAgentWallet`.
      *
@@ -2973,14 +3042,13 @@ declare class MemoryStorage implements IStorageAdapter {
  * per-user key management (e.g., KMS, HSM, or encrypted database).
  */
 declare class LocalWalletSigner implements ISignerAdapter {
-    private readonly wallet;
-    constructor(privateKey: string, provider?: ethers.Provider);
-    getAddress(_userId: string): Promise<string>;
-    getSigner(_userId: string, _ctx?: PasskeyAssertionContext): Promise<ethers.Signer>;
+    private readonly account;
+    constructor(privateKey: string);
+    getAddress(_userId: string): Promise<`0x${string}`>;
+    signMessage(_userId: string, message: `0x${string}` | Uint8Array, _ctx?: PasskeyAssertionContext): Promise<`0x${string}`>;
     ensureSigner(_userId: string): Promise<{
-        signer: ethers.Signer;
-        address: string;
+        address: `0x${string}`;
     }>;
 }
 
-export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, type AccountRecord, type ActiveRecovery, AgentRegistryService, type AgentReputationSummary, type AgentSessionConfig, type AgentSessionInfo, type AirAccountVersion, BLSSignatureData, BLSSignatureService, type BeginCeremonyResponse, type BindERC8004AgentWalletParams, type BlsConfigRecord, type BuildCredentialOptions, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, type CreateAgentAccountParams, type CreateP256SessionKeyRequest, type CreateP256SessionKeyResponse, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, type DelegateInitParams, DvtPendingConfirmationError, type EIP7702Authorization, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, type EntryPointConfig, EntryPointVersion, type EntryPointVersionConfig, type EstimateGasParams, EthereumProvider, type ExecuteTransferParams, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, type GrantP256SessionParams, type GrantSessionParams, GuardChecker, type GuardState, GuardStateReader, GuardStatus, type ILogger, type ISignerAdapter, type IStorageAdapter, type InstallModuleParams, KmsAgentService, type KmsAttestationManifestResponse, type KmsAttestationProofResponse, type KmsAttestationResponse, type KmsBeginAuthenticationRequest, type KmsBeginAuthenticationResponse, type KmsBeginGrantSessionAuthRequest, type KmsBeginGrantSessionAuthResponse, type KmsBeginRegistrationRequest, type KmsBeginRegistrationResponse, type KmsChangePasskeyResponse, type KmsCompleteRegistrationRequest, type KmsCompleteRegistrationResponse, type KmsCreateAgentKeyRequest, type KmsCreateAgentKeyResponse, type KmsCreateKeyRequest, type KmsCreateKeyResponse, type KmsDeleteKeyResponse, type KmsDeriveAddressResponse, type KmsDescribeKeyResponse, type KmsEip712Domain, type KmsEip712FieldValue, type KmsEip712TypeDef, type KmsEthereumTransaction, type KmsGetPublicKeyResponse, type KmsHealthResponse, KmsHttpClient, type KmsHttpClientOptions, type KmsKeyStatusResponse, type KmsListKeysResponse, KmsManager, KmsMonitorService, type KmsPaymentAuth, type KmsPaymentSignatureResponse, KmsPaymentSigner, type KmsPurgeKeyResponse, type KmsQueueStatusResponse, type KmsRefreshAgentCredentialRequest, type KmsRefreshAgentCredentialResponse, type KmsRevokeAgentCredentialRequest, type KmsRevokeAgentCredentialResponse, type KmsRollbackCounterResponse, KmsSessionService, type KmsSignAgentRequest, type KmsSignAgentResponse, type KmsSignGTokenAuthorizationRequest, type KmsSignGrantSessionRequest, type KmsSignGrantSessionResponse, type KmsSignHashResponse, type KmsSignMicropaymentVoucherRequest, type KmsSignP256GrantSessionRequest, type KmsSignRequest, type KmsSignResponse, type KmsSignTypedDataRequest, type KmsSignTypedDataResponse, type KmsSignX402PaymentRequest, KmsSigner, type KmsStatsResponse, type KmsVersionResponse, type L2Type, L2_TYPE, type LegacyPasskeyAssertion, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, type MintAgentIdentityParams, ModuleManager, type ModuleTypeId, type OapdConfig, P256PasskeySigner, PackedUserOperation, type PasskeyAssertionContext, type PasskeyCeremonySigner, PaymasterManager, PaymasterPriceStalenessError, type PaymasterRecord, type PendingExit, type PendingWeightChange, PreCheckResult, type QueryAgentReputationParams, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, type RevokeP256SessionKeyRequest, type RevokeP256SessionKeyResponse, type RunCeremonyOptions, SESSION_KEY_VALIDATOR_ABI, type ServerConfig, type SessionInfo, SessionKeyService, type SetAgentWalletParams, type SignP256UserOpRequest, type SignP256UserOpResponse, SilentLogger, type SubmitAgentReputationParams, TIER_GUARD_HOOK_ABI, TierConfig, TierLevel$1 as TierLevel, type TokenBalance, type TokenGuardState, type TokenInfo, TokenService, TransferManager, type TransferRecord, type TransferResult, type UninstallModuleParams, UserOperation, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, type WebAuthnAssertion, type WebAuthnAuthenticationCredential, type WeightConfig, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, validateConfig, wrapExecuteUserOp };
+export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, type AccountRecord, type ActiveRecovery, AgentRegistryService, type AgentReputationSummary, type AgentSessionConfig, type AgentSessionInfo, AirAccountServerClient, type AirAccountVersion, BLSSignatureData, BLSSignatureService, type BeginCeremonyResponse, type BindERC8004AgentWalletParams, type BlsConfigRecord, type BuildCredentialOptions, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, type CreateAgentAccountParams, type CreateP256SessionKeyRequest, type CreateP256SessionKeyResponse, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, type DelegateInitParams, DvtPendingConfirmationError, type EIP7702Authorization, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, type EntryPointConfig, EntryPointVersion, type EntryPointVersionConfig, type EstimateGasParams, EthereumProvider, type ExecuteTransferParams, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, type GrantP256SessionParams, type GrantSessionParams, GuardChecker, type GuardState, GuardStateReader, GuardStatus, type ILogger, type ISignerAdapter, type IStorageAdapter, type InstallModuleParams, KmsAgentService, type KmsAttestationManifestResponse, type KmsAttestationProofResponse, type KmsAttestationResponse, type KmsBeginAuthenticationRequest, type KmsBeginAuthenticationResponse, type KmsBeginGrantSessionAuthRequest, type KmsBeginGrantSessionAuthResponse, type KmsBeginRegistrationRequest, type KmsBeginRegistrationResponse, type KmsChangePasskeyResponse, type KmsCompleteRegistrationRequest, type KmsCompleteRegistrationResponse, type KmsCreateAgentKeyRequest, type KmsCreateAgentKeyResponse, type KmsCreateKeyRequest, type KmsCreateKeyResponse, type KmsDeleteKeyResponse, type KmsDeriveAddressResponse, type KmsDescribeKeyResponse, type KmsEip712Domain, type KmsEip712FieldValue, type KmsEip712TypeDef, type KmsEthereumTransaction, type KmsGetPublicKeyResponse, type KmsHealthResponse, KmsHttpClient, type KmsHttpClientOptions, type KmsKeyStatusResponse, type KmsListKeysResponse, KmsManager, KmsMonitorService, type KmsPaymentAuth, type KmsPaymentSignatureResponse, KmsPaymentSigner, type KmsPurgeKeyResponse, type KmsQueueStatusResponse, type KmsRefreshAgentCredentialRequest, type KmsRefreshAgentCredentialResponse, type KmsRevokeAgentCredentialRequest, type KmsRevokeAgentCredentialResponse, type KmsRollbackCounterResponse, KmsSessionService, type KmsSignAgentRequest, type KmsSignAgentResponse, type KmsSignGTokenAuthorizationRequest, type KmsSignGrantSessionRequest, type KmsSignGrantSessionResponse, type KmsSignHashResponse, type KmsSignMicropaymentVoucherRequest, type KmsSignP256GrantSessionRequest, type KmsSignRequest, type KmsSignResponse, type KmsSignTypedDataRequest, type KmsSignTypedDataResponse, type KmsSignX402PaymentRequest, KmsSigner, type KmsStatsResponse, type KmsVersionResponse, type L2Type, L2_TYPE, type LegacyPasskeyAssertion, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, type MintAgentIdentityParams, ModuleManager, type ModuleTypeId, type OapdConfig, P256PasskeySigner, PackedUserOperation, type PasskeyAssertionContext, type PasskeyCeremonySigner, PaymasterManager, PaymasterPriceStalenessError, type PaymasterRecord, type PendingExit, type PendingWeightChange, PreCheckResult, type QueryAgentReputationParams, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, type RevokeP256SessionKeyRequest, type RevokeP256SessionKeyResponse, type RunCeremonyOptions, SESSION_KEY_VALIDATOR_ABI, type ServerConfig, type SessionInfo, SessionKeyService, type SetAgentWalletParams, type SignP256UserOpRequest, type SignP256UserOpResponse, SilentLogger, type SubmitAgentReputationParams, TIER_GUARD_HOOK_ABI, TierConfig, TierLevel$1 as TierLevel, type TokenBalance, type TokenGuardState, type TokenInfo, TokenService, TransferManager, type TransferRecord, type TransferResult, type UninstallModuleParams, UserOperation, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, type WebAuthnAssertion, type WebAuthnAuthenticationCredential, type WeightConfig, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, validateConfig, wrapExecuteUserOp };

package/dist/kms.js

@@ -1,5 +1,7 @@
-export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, validateConfig, wrapExecuteUserOp } from './chunk-KISL64KW.js';
-export { ALG_BLS, ALG_CUMULATIVE_T2, ALG_CUMULATIVE_T3, ALG_ECDSA, ALG_P256, BLSManager, CryptoUtil, ERC4337Utils, PasskeyManager, UserOpBuilder, YAAAClient, algIdForTier, resolveTier } from './chunk-FUU7RIIA.js';
+export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, AirAccountServerClient, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, validateConfig, wrapExecuteUserOp } from './chunk-IC3G6YM2.js';
+export { ALG_BLS, ALG_CUMULATIVE_T2, ALG_CUMULATIVE_T3, ALG_ECDSA, ALG_P256, AirAccountClient, BLSManager, CryptoUtil, DEFAULT_PASSKEY_ROUTES, ERC4337Utils, PasskeyManager, UserOpBuilder, YAAAClient, algIdForTier, resolveTier } from './chunk-X3AMH53O.js';
+import './chunk-6QYXGMCR.js';
+import './chunk-G3UJC4EL.js';
 import './chunk-PZ5AY32C.js';
 //# sourceMappingURL=kms.js.map
 //# sourceMappingURL=kms.js.map