@aastar/sdk 0.20.9 → 0.21.0

package/dist/{chunk-TFLZETWB.cjs → chunk-OVNOSAL3.cjs}

@@ -1,7 +1,7 @@
 'use strict';
 
 var chunkXQROKLZI_cjs = require('./chunk-XQROKLZI.cjs');
-var chunkS5IKOOUR_cjs = require('./chunk-S5IKOOUR.cjs');
+var chunkMXJEULSE_cjs = require('./chunk-MXJEULSE.cjs');
 var viem = require('viem');
 var axios = require('axios');
 var crypto = require('crypto');
@@ -12,7 +12,7 @@ function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 var axios__default = /*#__PURE__*/_interopDefault(axios);
 
 // ../airaccount/src/server/constants/entrypoint.ts
-var CORE_SEPOLIA = chunkS5IKOOUR_cjs.CANONICAL_ADDRESSES[11155111];
+var CORE_SEPOLIA = chunkMXJEULSE_cjs.CANONICAL_ADDRESSES[11155111];
 var EntryPointVersion = /* @__PURE__ */ ((EntryPointVersion2) => {
   EntryPointVersion2["V0_6"] = "0.6";
   EntryPointVersion2["V0_7"] = "0.7";
@@ -98,7 +98,7 @@ var AIRACCOUNT_ADDRESSES = {
     agentSessionKeyValidatorM7r4: "0x1F06961e133217801F92e1CF552187F594a32873",
     // ── Current: derived from @aastar/core CANONICAL_ADDRESSES[11155111] ───────────
     // SINGLE SOURCE OF TRUTH. Do NOT hand-copy hex here. core is synced on every
-    // protocol redeploy (currently AirAccount v0.19.0-beta.2, Sepolia 2026-06-16),
+    // protocol redeploy (currently AirAccount v0.20.0, Sepolia 2026-06-20),
     // and these fields re-derive automatically. The key mapping (airaccount field ←
     // core key) is asserted by entrypoint.addresses.test.ts so it can't silently drift.
     factory: CORE_SEPOLIA.airAccountFactoryV7,
@@ -186,13 +186,18 @@ var AIRACCOUNT_ABI = [
   "event ModuleInstalled(uint256 indexed moduleTypeId, address indexed module)",
   "event ModuleUninstalled(uint256 indexed moduleTypeId, address indexed module)",
   "event OwnerChanged(address indexed oldOwner, address indexed newOwner)",
-  "event RecoveryProposed(address indexed newOwner, address indexed proposedBy)",
+  // v0.20.0 (#120): recovery events gained a trailing `uint8 guardianIdx` naming the
+  // authorizing guardian slot (on P-256 relayer-submitted paths msg.sender is the relayer,
+  // not the guardian). topic0 of these three events changed — decoders must use the new shape.
+  "event RecoveryProposed(address indexed newOwner, address indexed proposedBy, uint8 guardianIdx)",
+  "event RecoveryApproved(address indexed newOwner, address indexed approvedBy, uint256 approvalCount, uint8 guardianIdx)",
+  "event RecoveryCancelVoted(address indexed votedBy, uint256 cancelCount, uint8 guardianIdx)",
   "event RecoveryExecuted(address indexed oldOwner, address indexed newOwner)"
 ];
 var AIRACCOUNT_FACTORY_ABI = [
   // Full config creation
-  "function createAccount(address owner, uint256 salt, (address[3] guardians, uint256 dailyLimit, uint8[] approvedAlgIds, uint256 minDailyLimit, address[] initialTokens, (uint256 tier1Limit, uint256 tier2Limit, uint256 dailyLimit)[] initialTokenConfigs) config) external returns (address)",
-  "function getAddress(address owner, uint256 salt, (address[3] guardians, uint256 dailyLimit, uint8[] approvedAlgIds, uint256 minDailyLimit, address[] initialTokens, (uint256 tier1Limit, uint256 tier2Limit, uint256 dailyLimit)[] initialTokenConfigs) config) external view returns (address)",
+  "function createAccount(address owner, uint256 salt, (address[3] guardians, bytes32[3] guardianP256X, bytes32[3] guardianP256Y, uint256 dailyLimit, uint8[] approvedAlgIds, uint256 minDailyLimit, address[] initialTokens, (uint256 tier1Limit, uint256 tier2Limit, uint256 dailyLimit)[] initialTokenConfigs) config) external returns (address)",
+  "function getAddress(address owner, uint256 salt, (address[3] guardians, bytes32[3] guardianP256X, bytes32[3] guardianP256Y, uint256 dailyLimit, uint8[] approvedAlgIds, uint256 minDailyLimit, address[] initialTokens, (uint256 tier1Limit, uint256 tier2Limit, uint256 dailyLimit)[] initialTokenConfigs) config) external view returns (address)",
   // Default guardian setup (requires guardian acceptance sigs — M5.3+)
   "function createAccountWithDefaults(address owner, uint256 salt, address guardian1, bytes guardian1Sig, address guardian2, bytes guardian2Sig, uint256 dailyLimit) external returns (address)",
   "function getAddressWithDefaults(address owner, uint256 salt, address guardian1, address guardian2, uint256 dailyLimit) external view returns (address)",
@@ -209,7 +214,7 @@ var AIRACCOUNT_FACTORY_ABI = [
   "function defaultHookModule() external view returns (address)",
   // M7.4 ERC-7828 chain-qualified address helpers
   "function getChainQualifiedAddress(address account) external view returns (bytes32)",
-  "function getAddressWithChainId(address owner, uint256 salt, (address[3] guardians, uint256 dailyLimit, uint8[] approvedAlgIds, uint256 minDailyLimit, address[] initialTokens, (uint256 tier1Limit, uint256 tier2Limit, uint256 dailyLimit)[] initialTokenConfigs) config) external view returns (address account, bytes32 chainQualified)",
+  "function getAddressWithChainId(address owner, uint256 salt, (address[3] guardians, bytes32[3] guardianP256X, bytes32[3] guardianP256Y, uint256 dailyLimit, uint8[] approvedAlgIds, uint256 minDailyLimit, address[] initialTokens, (uint256 tier1Limit, uint256 tier2Limit, uint256 dailyLimit)[] initialTokenConfigs) config) external view returns (address account, bytes32 chainQualified)",
   // Events
   "event AccountCreated(address indexed account, address indexed owner, uint256 salt)"
 ];
@@ -711,6 +716,8 @@ function readBuildP256GrantHash(validator, account, keyX, keyY, cfg) {
 }
 
 // ../airaccount/src/server/services/account-manager.ts
+var ZERO32 = "0x" + "0".repeat(64);
+var EMPTY_P256 = [ZERO32, ZERO32, ZERO32];
 var AccountManager = class {
   constructor(ethereum, storage, signer, logger) {
     this.ethereum = ethereum;
@@ -735,6 +742,10 @@ var AccountManager = class {
     const minimalConfig = [
       [viem.zeroAddress, viem.zeroAddress, viem.zeroAddress],
       // guardians (address[3])
+      EMPTY_P256,
+      // guardianP256X (bytes32[3]) — v0.20.0
+      EMPTY_P256,
+      // guardianP256Y (bytes32[3]) — v0.20.0
       dailyLimitValue,
       // dailyLimit (0 = no guard)
       [],
@@ -1231,6 +1242,8 @@ var PaymasterManager = class {
 };
 
 // ../airaccount/src/server/services/transfer-manager.ts
+var ZERO322 = "0x" + "0".repeat(64);
+var EMPTY_P2562 = [ZERO322, ZERO322, ZERO322];
 var AIRACCOUNT_ABI_PARSED = viem.parseAbi(AIRACCOUNT_ABI);
 var AIRACCOUNT_FACTORY_ABI_PARSED = viem.parseAbi(AIRACCOUNT_FACTORY_ABI);
 var FACTORY_ABI_V6_PARSED = viem.parseAbi(FACTORY_ABI_V6);
@@ -1549,6 +1562,10 @@ var TransferManager = class {
             const minimalConfig = [
               [viem.zeroAddress, viem.zeroAddress, viem.zeroAddress],
               // guardians (address[3])
+              EMPTY_P2562,
+              // guardianP256X (bytes32[3]) — v0.20.0
+              EMPTY_P2562,
+              // guardianP256Y (bytes32[3]) — v0.20.0
               storedDailyLimit,
               [],
               // approvedAlgIds
@@ -2839,6 +2856,7 @@ var AIRACCOUNT_ABI_PARSED2 = viem.parseAbi(AIRACCOUNT_ABI);
 var RECOVERY_THRESHOLD = 2;
 var MAX_GUARDIANS = 3;
 var RECOVERY_TIMELOCK_SECONDS = 2n * 24n * 60n * 60n;
+var GUARDIAN_SIG_VERSION = 4;
 function popcount(value) {
   let v = value;
   let count = 0;
@@ -2885,6 +2903,92 @@ var RecoveryService = class {
       args: [index, guardianSigs]
     });
   }
+  /**
+   * Build the RAW (un-prefixed) challenge hash that each guardian must sign to
+   * authorize `removeGuardian(index, ...)` / `removeGuardianWithMixedSigs(...)`.
+   *
+   * ## v0.20.0 breaking change (#120 final-review [HIGH], spec §6.4)
+   * The signed `opData` changed from `abi.encode(nonce, guardianToRemove)` to
+   * `abi.encode(nonce, index, guardianToRemove, p256X, p256Y)` — it now binds the
+   * SLOT INDEX and the slot's P-256 key. Because P-256 guardians all share the
+   * sentinel address, the old 2-field payload was identical for every P-256 slot,
+   * so a signature collected to remove slot A could be replayed to remove slot B
+   * (or survive a key rotation). The new 5-field payload affects EVERY removal,
+   * including the plain ECDSA path: for an ECDSA slot `p256X`/`p256Y` are both
+   * `bytes32(0)`, but the payload STRUCTURE (extra `index` + two key words) still
+   * changed, so the ECDSA `removeGuardian` signing payload MUST use this encoding.
+   *
+   * Hash construction (matches `AAStarAirAccountBase._guardianOpHash`):
+   * ```
+   * opData    = abi.encode(uint256 nonce, uint8 index, address guardianToRemove,
+   *                        bytes32 p256X, bytes32 p256Y)
+   * challenge = keccak256(abi.encode(uint8 GUARDIAN_SIG_VERSION, uint256 chainId,
+   *                        address account, "REMOVE_GUARDIAN", bytes opData))
+   * ```
+   * The contract additionally applies `toEthSignedMessageHash()` before
+   * `ecrecover`, so this returns the RAW inner hash and each guardian signs it via
+   * `personal_sign` / `signMessage({ raw: hash })` (which adds the EIP-191 prefix).
+   * Do NOT pre-apply the prefix here (mirrors `buildGuardianAcceptanceHash`).
+   *
+   * @param account          The AirAccount address whose guardian is being removed.
+   * @param chainId          EVM chain id (bound into the challenge).
+   * @param removalNonce     Current `_guardianRemovalNonce` — there is no on-chain
+   *                         getter (internal storage slot 15), so the caller tracks
+   *                         it (starts at 0, increments once per successful removal).
+   * @param index            Guardian slot being removed (0-indexed, < guardianCount).
+   * @param guardianToRemove Address stored in that slot (a P-256 slot stores
+   *                         {@link P256_GUARDIAN_SENTINEL}; an ECDSA slot stores the EOA).
+   * @param p256X            Slot's P-256 x coordinate; `bytes32(0)` for an ECDSA slot (default).
+   * @param p256Y            Slot's P-256 y coordinate; `bytes32(0)` for an ECDSA slot (default).
+   * @returns raw hex keccak256 challenge — guardians sign it with `personal_sign`.
+   */
+  buildRemoveGuardianHash(args) {
+    const ZERO323 = "0x0000000000000000000000000000000000000000000000000000000000000000";
+    const opData = viem.encodeAbiParameters(
+      [
+        { type: "uint256" },
+        // _guardianRemovalNonce
+        { type: "uint8" },
+        //   index
+        { type: "address" },
+        // guardianToRemove
+        { type: "bytes32" },
+        // p256X (0 for ECDSA slot)
+        { type: "bytes32" }
+        // p256Y (0 for ECDSA slot)
+      ],
+      [
+        args.removalNonce,
+        args.index,
+        args.guardianToRemove,
+        args.p256X ?? ZERO323,
+        args.p256Y ?? ZERO323
+      ]
+    );
+    return viem.keccak256(
+      viem.encodeAbiParameters(
+        [
+          { type: "uint8" },
+          //   GUARDIAN_SIG_VERSION
+          { type: "uint256" },
+          // chainId
+          { type: "address" },
+          // address(this) — the account
+          { type: "string" },
+          //  opLabel
+          { type: "bytes" }
+          //   opData
+        ],
+        [
+          GUARDIAN_SIG_VERSION,
+          BigInt(args.chainId),
+          args.account,
+          "REMOVE_GUARDIAN",
+          opData
+        ]
+      )
+    );
+  }
   /**
    * Encode `proposeRecovery(newOwner)` calldata. **Any guardian** may call.
    * Starts the {@link RECOVERY_TIMELOCK_SECONDS} timelock and records the
@@ -4689,5 +4793,5 @@ exports.runWebAuthnCeremony = runWebAuthnCeremony;
 exports.sepoliaV07Config = sepoliaV07Config;
 exports.validateConfig = validateConfig;
 exports.wrapExecuteUserOp = wrapExecuteUserOp;
-//# sourceMappingURL=chunk-TFLZETWB.cjs.map
-//# sourceMappingURL=chunk-TFLZETWB.cjs.map
+//# sourceMappingURL=chunk-OVNOSAL3.cjs.map
+//# sourceMappingURL=chunk-OVNOSAL3.cjs.map