@aastar/sdk 0.21.1 → 0.22.0

package/dist/core.d.ts

@@ -6131,20 +6131,45 @@ declare const airAccountFactoryActions: (address: Address) => (client: PublicCli
  * internally, so the on-chain `address` here is the smart-account address, never
  * the extension's own address.
  *
- * ## Batch split
+ * ## P-256 (passkey) guardian feature — fully wired (Batch 2)
  * The full P-256 / WebAuthn guardian feature (passkey-signed recovery, mixed
- * ECDSA+P-256 guardian consensus) landed in the contracts at v0.20.0 but is wired
- * into the SDK in **Batch 2**. This Batch-1 module ships:
- *   - the two trivial VIEW reads (`getRecoveryNonce`, `getGuardianP256Key`) as
- *     real on-chain calls, and
- *   - `NOT_IMPLEMENTED`-throwing stubs for the eight state-changing P-256 writes,
- *     so the doc-coverage gate stays green while the feature is finished.
+ * ECDSA+P-256 guardian consensus) landed in the contracts at v0.20.0 and is wired
+ * end-to-end here: the two VIEW reads plus the eight state-changing writes.
+ *
+ * The `sig` blobs these writes consume are built by the core crypto module
+ * (`@aastar/core` → `buildP256GuardianChallenge` / `encodeWebAuthnAssertion` /
+ * `signP256GuardianAssertion` in `crypto/p256Guardian.ts`). This action layer is the
+ * thin calldata wrapper; the security-critical encoding lives in that module and is
+ * decode-verified against a live Sepolia tx (see `tests/regression/onchain-evidence/`).
+ *
+ * ## Guardian bootstrap is guardianSig-free (spec §5.1 / §9)
+ * `addP256Guardian(x, y)` is **owner-only** and requires `_guardianCount < RECOVERY_THRESHOLD`
+ * (a single guardian can't form a quorum), so the FIRST P-256 guardian(s) need NO guardian
+ * signature — only the owner. The same holds for init-time setup via `InitConfig.guardianP256X/Y`
+ * (one factory tx, no window). Once `RECOVERY_THRESHOLD` guardians exist, expansion requires
+ * consensus via `addP256GuardianWithMixedSigs` / `addGuardianWithMixedSigs`.
  *
  * The plain ECDSA recovery lifecycle (`proposeRecovery` / `approveRecovery` /
- * `executeRecovery` / `cancelRecovery`) is unchanged at the byte level (same
- * 4-byte selectors, same semantics) and is encoded by the AirAccount server's
- * `RecoveryService` against the account address — it is NOT re-declared here.
+ * `executeRecovery` / `cancelRecovery`) is unchanged at the byte level and is encoded by
+ * the AirAccount server's `RecoveryService` against the account address — NOT re-declared here.
  */
+/**
+ * Storage slots of the mixed-sig operation nonces, taken VERBATIM from the contract's shared layout
+ * `AAStarAgentStorageLayout.sol` (forge-inspect-verified, identical for AAStarAirAccountV7 and
+ * AirAccountExtension — the parity that makes the fallback→delegatecall sharing safe). These nonces
+ * are `internal` (no public getter), so the SDK reads them via `eth_getStorageAt`.
+ *
+ *   slot 15 — `_guardianRemovalNonce`   (AAStarAgentStorageLayout.sol:118)
+ *   slot 16 — `_tierLimitNonce`         (AAStarAgentStorageLayout.sol:119)
+ *   slot 38 — `_recoveryNonce`          (AAStarAgentStorageLayout.sol:182; also the public `getRecoveryNonce()`)
+ *   slot 39 — `_guardianAdditionNonce`  (AAStarAgentStorageLayout.sol:186)
+ */
+declare const GUARDIAN_REMOVAL_NONCE_SLOT = 15n;
+declare const TIER_LIMIT_NONCE_SLOT = 16n;
+declare const RECOVERY_NONCE_SLOT = 38n;
+declare const GUARDIAN_ADDITION_NONCE_SLOT = 39n;
+/** Highest valid guardian slot index (the contract hard-caps the guardian set at 3: slots 0..2). */
+declare const MAX_GUARDIAN_SLOT = 2;
 type AirAccountExtensionActions = {
     /** `getRecoveryNonce()` — monotonic nonce that domain-separates P-256 / mixed-sig recovery payloads. */
     getRecoveryNonce: () => Promise<bigint>;
@@ -6155,57 +6180,132 @@ type AirAccountExtensionActions = {
         x: Hex;
         y: Hex;
     }>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+    /**
+     * `_guardianAdditionNonce` — the nonce bound into ADD_GUARDIAN / ADD_P256_GUARDIAN challenges.
+     * Read from internal storage slot 39 (no public getter). MUST be re-fetched immediately before
+     * collecting guardian signatures for `add*WithMixedSigs` (any successful add increments it).
+     */
+    getGuardianAdditionNonce: () => Promise<bigint>;
+    /**
+     * `_guardianRemovalNonce` — the nonce bound into REMOVE_GUARDIAN challenges. Read from internal
+     * storage slot 15 (no public getter). Re-fetch immediately before signing `removeGuardianWithMixedSigs`.
+     */
+    getGuardianRemovalNonce: () => Promise<bigint>;
+    /**
+     * `_tierLimitNonce` — the nonce bound into MODIFY_TIER_LIMITS challenges. Read from internal
+     * storage slot 16 (no public getter). Re-fetch immediately before signing `modifyTierLimitsWithMixedGuardians`.
+     */
+    getTierLimitNonce: () => Promise<bigint>;
+    /** `addP256Guardian(x, y)` — owner-only bootstrap of a passkey guardian (no guardianSig while `count < threshold`). */
     addP256Guardian: (args: {
         x: Hex;
         y: Hex;
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `addP256GuardianWithMixedSigs(x, y, signerIdxs, sigs)` — add a passkey guardian once `count >= threshold` (consensus required). */
     addP256GuardianWithMixedSigs: (args: {
         x: Hex;
         y: Hex;
         signerIdxs: readonly number[];
         sigs: readonly Hex[];
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `addGuardianWithMixedSigs(guardian, signerIdxs, sigs)` — add an ECDSA guardian with mixed-type guardian consensus. */
     addGuardianWithMixedSigs: (args: {
         guardian: Address;
         signerIdxs: readonly number[];
         sigs: readonly Hex[];
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `proposeRecoveryWithSig(newOwner, gIdx, sig)` — passkey guardian proposes recovery (any relayer submits). */
     proposeRecoveryWithSig: (args: {
         newOwner: Address;
         gIdx: number;
         sig: Hex;
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `approveRecoveryWithSig(gIdx, sig)` — passkey guardian approves the active recovery proposal. */
     approveRecoveryWithSig: (args: {
         gIdx: number;
         sig: Hex;
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `cancelRecoveryWithSig(gIdx, sig)` — passkey guardian votes to cancel the active recovery proposal. */
     cancelRecoveryWithSig: (args: {
         gIdx: number;
         sig: Hex;
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `removeGuardianWithMixedSigs(index, signerIdxs, sigs)` — owner-only removal with mixed-type guardian consensus. */
     removeGuardianWithMixedSigs: (args: {
         index: number;
         signerIdxs: readonly number[];
         sigs: readonly Hex[];
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `modifyTierLimitsWithMixedGuardians(tier1, tier2, deadline, signerIdxs, sigs)` — owner-only tier change with mixed consensus. */
     modifyTierLimitsWithMixedGuardians: (args: {
         tier1: bigint;
         tier2: bigint;
         deadline: bigint;
         signerIdxs: readonly number[];
         sigs: readonly Hex[];
-    }) => Promise<never>;
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
 };
 declare const airAccountExtensionActions: (address: Address) => (client: PublicClient$1 | WalletClient) => AirAccountExtensionActions;
 
+/** One guardian slot for {@link buildInitConfig}: supply EXACTLY one of `ecdsa` or `p256`. */
+interface GuardianSpec {
+    /** An ECDSA (EOA / Safe) guardian address. Mutually exclusive with `p256`. */
+    ecdsa?: Address;
+    /** A P-256 (WebAuthn passkey) guardian public key (x, y, each bytes32). Mutually exclusive with `ecdsa`. */
+    p256?: {
+        x: Hex;
+        y: Hex;
+    };
+}
+/** Parameters for {@link buildInitConfig}. */
+interface BuildInitConfigParams {
+    /** Up to 3 guardian slots (ECDSA and/or P-256, freely mixed). Empty/omitted ⇒ no guardians. */
+    guardians?: readonly GuardianSpec[];
+    /** Per-account daily spend limit (wei). Must be > 0 to enable the on-chain GUARD. */
+    dailyLimit: bigint;
+    /**
+     * Validator algorithm ids approved at init (e.g. 2 = ECDSA, 1 = P-256/passkey). If omitted,
+     * derived from the owner/guardian mix is NOT possible (owner alg is separate), so it defaults
+     * to `[2]` (ECDSA) plus `1` (P-256) when any P-256 guardian is present.
+     */
+    approvedAlgIds?: readonly number[];
+    /** Floor the daily limit can be decreased to via the guard. Defaults to 0. */
+    minDailyLimit?: bigint;
+    /** ERC-20 tokens to pre-register with the guard. Defaults to none. */
+    initialTokens?: readonly Address[];
+    /** Per-token tier configs, index-aligned with `initialTokens`. Defaults to none. */
+    initialTokenConfigs?: readonly TokenConfig[];
+}
+/**
+ * Build a v0.20.0 `InitConfig` with mixed ECDSA + P-256 guardians.
+ * @throws {AAStarError} if any slot is ambiguous, the sentinel is misused, or > 3 guardians are given.
+ */
+declare function buildInitConfig(params: BuildInitConfigParams): InitConfig;
+
 type AgentRegistryActions = {
     deployer: () => Promise<Address>;
     factory: () => Promise<Address>;
@@ -6589,6 +6689,241 @@ interface HashToFieldU0U1 {
  */
 declare function hashToFieldU0U1(message: Hex): HashToFieldU0U1;
 
+/**
+ * P-256 (WebAuthn passkey) guardian wire encoders — airaccount-contract v0.20.0
+ * authoritative, byte-for-byte against the published
+ * `AirAccountExtension._verifyWebAuthnP256Sig` + `_p256GuardianChallenge`
+ * (src/core/AirAccountExtension.sol). See `docs/p256-guardian-spec.md` §2, §6.
+ *
+ * ## What the contract actually verifies (NOT the early "simplified" draft)
+ *
+ * A P-256 guardian signs a FULL WebAuthn assertion — exactly what
+ * `navigator.credentials.get()` returns — over the operation challenge:
+ *
+ * ```
+ *  challenge   = keccak256(abi.encode(
+ *                  uint8  GUARDIAN_SIG_VERSION (=4),
+ *                  uint256 chainId,
+ *                  address account,
+ *                  string  "P256_GUARDIAN",        // domain tag
+ *                  string  opLabel,                // "PROPOSE_RECOVERY" / …
+ *                  bytes   opData))                // per-op, see §6
+ *  clientDataJSON = '{"type":"webauthn.get","challenge":"' || base64url(challenge) || suffix
+ *  payloadHash    = sha256(authenticatorData || sha256(clientDataJSON))   // ES256 signs this
+ *  sig (on-chain) = abi.encode(bytes authenticatorData, bytes clientDataJSONPrefix,
+ *                              bytes clientDataJSONSuffix, bytes32 r, bytes32 s)
+ * ```
+ *
+ * The contract rebuilds `base64url(challenge)` on-chain (`_base64UrlEncode32`) and
+ * splices it between the SDK-supplied prefix/suffix, then runs the EIP-7212
+ * precompile against the guardian's stored `(x, y)`. It enforces:
+ *   - `clientDataJSONPrefix == '{"type":"webauthn.get","challenge":"'` (operation-type binding),
+ *   - `authenticatorData.length >= 37` and the UP flag (`authenticatorData[32] & 0x01`),
+ *   - low-S: `uint256(s) <= n/2`.
+ *
+ * It deliberately does NOT bind `origin` / `rpIdHash` / UV (platform-layer RP binding
+ * + challenge domain-separation cover replay). See spec §9.5.
+ *
+ * @module
+ */
+/** Guardian signature scheme version embedded in every challenge (contract: `GUARDIAN_SIG_VERSION`). */
+declare const GUARDIAN_SIG_VERSION: 4;
+/** Domain tag mixed into every P-256 guardian challenge (separates from the ECDSA-guardian hash). */
+declare const P256_GUARDIAN_DOMAIN: "P256_GUARDIAN";
+/**
+ * The EXACT `clientDataJSON` prefix the contract requires (operation-type binding). Any other
+ * prefix is rejected on-chain, so a `webauthn.create` (registration) assertion cannot be replayed
+ * through the `webauthn.get` (recovery) path. The base64url(challenge) MUST immediately follow this.
+ */
+declare const WEBAUTHN_GET_CHALLENGE_PREFIX: "{\"type\":\"webauthn.get\",\"challenge\":\"";
+/** Sentinel address stored in a guardian slot to mark it P-256 (contract: `P256_GUARDIAN_SENTINEL`). */
+declare const P256_GUARDIAN_SENTINEL: Address;
+/** secp256r1 (P-256) curve order `n` (fixed curve parameter). */
+declare const SECP256R1_N = 115792089210356248762697446949407573529996955224135760342422259061068512044369n;
+/**
+ * secp256r1 curve order / 2 — the low-S ceiling the contract enforces
+ * (`AirAccountExtension.SECP256R1_N_OVER_2`).
+ */
+declare const SECP256R1_N_OVER_2: bigint;
+/**
+ * base64url-encode bytes with no padding — byte-identical to the contract's `_base64UrlEncode32`
+ * for 32-byte input (43 chars) and to `Buffer.from(x).toString('base64url')`. Pure JS so `@aastar/core`
+ * stays isomorphic (no node `Buffer`).
+ */
+declare function base64UrlEncode(bytes: Uint8Array): string;
+/** The set of operation labels the contract recognises (string-matched in the challenge). */
+type GuardianOpLabel = 'PROPOSE_RECOVERY' | 'APPROVE_RECOVERY' | 'CANCEL_RECOVERY' | 'REMOVE_GUARDIAN' | 'MODIFY_TIER_LIMITS' | 'ADD_P256_GUARDIAN' | 'ADD_GUARDIAN';
+/** Parameters for {@link buildP256GuardianChallenge}. */
+interface BuildP256GuardianChallengeParams {
+    /** Signature scheme version. Defaults to {@link GUARDIAN_SIG_VERSION} (4). */
+    version?: number;
+    /** EVM chain id the account lives on (`block.chainid`). */
+    chainId: number | bigint;
+    /** The smart-account address (`address(this)` in the extension). */
+    account: Address;
+    /** Operation label, e.g. `"PROPOSE_RECOVERY"`. */
+    opLabel: GuardianOpLabel | string;
+    /** Operation payload (`abi.encode(...)` per op — use the `opData*` builders below). */
+    opData: Hex;
+}
+/**
+ * Build the 32-byte operation challenge the contract derives in `_p256GuardianChallenge`:
+ * `keccak256(abi.encode(uint8 version, uint256 chainId, address account, string "P256_GUARDIAN",
+ *  string opLabel, bytes opData))`. This is the value passed to `navigator.credentials.get()`.
+ */
+declare function buildP256GuardianChallenge(params: BuildP256GuardianChallengeParams): Hex;
+/** `opData` for PROPOSE_RECOVERY / APPROVE_RECOVERY / CANCEL_RECOVERY: `abi.encode(uint256 nonce, address newOwner)`. */
+declare function opDataRecovery(nonce: bigint, newOwner: Address): Hex;
+/** `opData` for ADD_P256_GUARDIAN: `abi.encode(uint256 nonce, bytes32 x, bytes32 y)`. */
+declare function opDataAddP256Guardian(nonce: bigint, x: Hex, y: Hex): Hex;
+/** `opData` for ADD_GUARDIAN (ECDSA): `abi.encode(uint256 nonce, address guardian)`. */
+declare function opDataAddGuardian(nonce: bigint, guardian: Address): Hex;
+/**
+ * `opData` for REMOVE_GUARDIAN (spec §6.4):
+ * `abi.encode(uint256 nonce, uint8 index, address guardianToRemove, bytes32 p256X, bytes32 p256Y)`.
+ * For an ECDSA slot pass the guardian address with `p256X=p256Y=0x0…0`; for a P-256 slot pass
+ * {@link P256_GUARDIAN_SENTINEL} with the slot's stored `(x, y)`.
+ */
+declare function opDataRemoveGuardian(nonce: bigint, index: number, guardianToRemove: Address, p256X: Hex, p256Y: Hex): Hex;
+/** `opData` for MODIFY_TIER_LIMITS: `abi.encode(uint256 nonce, uint256 tier1, uint256 tier2, uint256 deadline)`. */
+declare function opDataModifyTierLimits(nonce: bigint, tier1: bigint, tier2: bigint, deadline: bigint): Hex;
+interface OpChainCtx {
+    chainId: number | bigint;
+    account: Address;
+    version?: number;
+}
+/** Challenge for `proposeRecoveryWithSig(newOwner, gIdx, sig)`. `nonce` = `getRecoveryNonce()`. */
+declare function buildProposeRecoveryChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    newOwner: Address;
+}): Hex;
+/** Challenge for `approveRecoveryWithSig(gIdx, sig)`. `newOwner` = `activeRecovery().newOwner`. */
+declare function buildApproveRecoveryChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    newOwner: Address;
+}): Hex;
+/** Challenge for `cancelRecoveryWithSig(gIdx, sig)`. `newOwner` = `activeRecovery().newOwner`. */
+declare function buildCancelRecoveryChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    newOwner: Address;
+}): Hex;
+/** Challenge for `addP256GuardianWithMixedSigs(x, y, …)`. `nonce` = `_guardianAdditionNonce`. */
+declare function buildAddP256GuardianChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    x: Hex;
+    y: Hex;
+}): Hex;
+/** Challenge for `addGuardianWithMixedSigs(guardian, …)`. `nonce` = `_guardianAdditionNonce`. */
+declare function buildAddGuardianChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    guardian: Address;
+}): Hex;
+/** Challenge for `removeGuardianWithMixedSigs(index, …)`. `nonce` = `_guardianRemovalNonce`. */
+declare function buildRemoveGuardianChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    index: number;
+    guardianToRemove: Address;
+    p256X: Hex;
+    p256Y: Hex;
+}): Hex;
+/** Challenge for `modifyTierLimitsWithMixedGuardians(tier1, tier2, deadline, …)`. `nonce` = `_tierLimitNonce`. */
+declare function buildModifyTierLimitsChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    tier1: bigint;
+    tier2: bigint;
+    deadline: bigint;
+}): Hex;
+/** A signature scalar accepted as a 0x-hex (≤32 bytes), raw bytes, or bigint. */
+type ScalarLike = Hex | Uint8Array | bigint;
+/** Parameters for {@link encodeWebAuthnAssertion}. */
+interface EncodeWebAuthnAssertionParams {
+    /** `authenticatorData` from the assertion: `rpIdHash(32) || flags(1) || signCount(4)` (≥37 bytes, UP set). */
+    authenticatorData: Hex | Uint8Array;
+    /**
+     * The FULL `clientDataJSON` the authenticator signed. MUST start with
+     * {@link WEBAUTHN_GET_CHALLENGE_PREFIX}, immediately followed by the 43-char base64url(challenge).
+     * Split into prefix/suffix here; the contract rebuilds the challenge on-chain.
+     */
+    clientDataJSON: Hex | Uint8Array | string;
+    /** ES256 signature `r` (32-byte scalar). */
+    r: ScalarLike;
+    /** ES256 signature `s` (32-byte scalar). Auto low-S normalised to satisfy the contract. */
+    s: ScalarLike;
+}
+/**
+ * ABI-encode a WebAuthn assertion into the on-chain `sig` the contract consumes:
+ * `abi.encode(bytes authenticatorData, bytes clientDataJSONPrefix, bytes clientDataJSONSuffix,
+ *  bytes32 r, bytes32 s)`.
+ *
+ * Validates the assertion against every constraint the contract enforces so a bad blob fails here
+ * (with a clear message) rather than as a generic on-chain revert:
+ *   - `authenticatorData.length >= 37` and the UP flag (`byte[32] & 0x01`) is set,
+ *   - `clientDataJSON` starts with the exact `webauthn.get` prefix and the 43-char challenge slot
+ *     is immediately followed by the closing `"` (so the contract's reconstruction lines up),
+ *   - `s` is low-S (`<= n/2`) — auto-normalised to `n - s` if the input was high-S (ECDSA-valid).
+ */
+declare function encodeWebAuthnAssertion(params: EncodeWebAuthnAssertionParams): Hex;
+/** Decoded view of an on-chain P-256 guardian `sig` blob. */
+interface DecodedWebAuthnAssertion {
+    authenticatorData: Hex;
+    clientDataJSONPrefix: Hex;
+    clientDataJSONSuffix: Hex;
+    r: Hex;
+    s: Hex;
+}
+/**
+ * Inverse of {@link encodeWebAuthnAssertion} — decode an on-chain `sig` blob back into its parts.
+ * Useful for evidence/decode-verification and debugging a rejected signature.
+ */
+declare function decodeWebAuthnAssertion(sig: Hex): DecodedWebAuthnAssertion;
+declare function coseToP256XY(cosePublicKey: Hex | Uint8Array): {
+    x: Hex;
+    y: Hex;
+};
+/** Parameters for {@link signP256GuardianAssertion}. */
+interface SignP256GuardianAssertionParams {
+    /** Raw 32-byte P-256 private scalar (hex or bytes). */
+    privateKey: Hex | Uint8Array;
+    /** The 32-byte operation challenge (from a `build*Challenge` helper). */
+    challenge: Hex;
+    /**
+     * RP id whose SHA-256 becomes `rpIdHash`. The contract does NOT verify this (§9.5), so any value
+     * works on-chain; defaults to a stable test RP. Set it to your real rpId for fidelity.
+     */
+    rpId?: string;
+    /** `origin` embedded in `clientDataJSON` suffix (also not verified on-chain). */
+    origin?: string;
+    /** authenticatorData flags byte. Defaults to `0x05` (UP | UV); the contract only requires UP (bit 0). */
+    flags?: number;
+    /** authenticatorData signCount (4-byte big-endian). */
+    signCount?: number;
+}
+/** Result of {@link signP256GuardianAssertion}. */
+interface SignedP256GuardianAssertion {
+    /** The on-chain `sig` blob, ready for `proposeRecoveryWithSig` / mixed-sig calls. */
+    sig: Hex;
+    /** authenticatorData used (hex). */
+    authenticatorData: Hex;
+    /** Full clientDataJSON signed (hex). */
+    clientDataJSON: Hex;
+    /** Low-S–normalised signature `r` (bytes32 hex). */
+    r: Hex;
+    /** Low-S–normalised signature `s` (bytes32 hex). */
+    s: Hex;
+}
+/**
+ * Software P-256 authenticator — produces a FULL WebAuthn assertion over `challenge`, byte-for-byte
+ * in the format `navigator.credentials.get()` returns (mirrors the contract's
+ * `test/webauthn/gen_p256_assertion.mjs`). The only difference vs a hardware passkey is WHERE the
+ * key lives. Use for the on-chain evidence E2E and for relaying software-held guardian keys.
+ */
+declare function signP256GuardianAssertion(params: SignP256GuardianAssertionParams): SignedP256GuardianAssertion;
+/** Derive the uncompressed-SEC1 `(x, y)` of a P-256 private key (for `addP256Guardian`). */
+declare function p256GuardianPublicKey(privateKey: Hex | Uint8Array): {
+    x: Hex;
+    y: Hex;
+};
+
 /**
  * Role constants and utilities for AAstar SDK
  * @dev All role hashes and configurations match exactly with Registry.sol v3.0.0
@@ -7045,4 +7380,4 @@ declare function resolveEnsVerified(name: string, options?: EnsOptions): Promise
     verified: boolean;
 }>;
 
-export { AASTAR_COMMUNITY, AAStarAirAccountFactoryV7ABI, AAStarAirAccountFactoryV7Artifact, AAStarAirAccountV7ABI, AAStarAirAccountV7Artifact, AAStarBLSAggregatorABI, AAStarBLSAggregatorArtifact, AAStarBLSAlgorithmABI, AAStarBLSAlgorithmArtifact, AAStarValidatorABI, AAStarValidatorArtifact, AGENT_IDENTITY_REGISTRY_ADDRESS, AGENT_REPUTATION_REGISTRY_ADDRESS, ALL_ADDRESSES, ALL_ROLES, APNTS_ADDRESS, type AccountActions, type AccountBalance, type AccountFactoryActions, type AgentActions, AgentRegistryABI, type AgentRegistryActions, AgentRegistryArtifact, type AgentSponsorshipPolicy, type AggregatorActions, type AirAccountActions, AirAccountDelegateABI, AirAccountDelegateArtifact, AirAccountExtensionABI, type AirAccountExtensionActions, AirAccountExtensionArtifact, type AirAccountFactoryActions, type AssetPolicy, type AssetPolicyInput, AuthorizationState, BLSAggregatorABI, BLSAggregatorArtifact, type BLSAlgorithmActions, type BLSG1Point, BLSHelpers, BLSSigner, BLSValidatorABI, BLSValidatorArtifact, BLS_AGGREGATOR_ADDRESS, BLS_POP_DST, BLS_VALIDATOR_ADDRESS, BPS_DENOMINATOR, BRANDING, BREAD_COMMUNITY, type BalanceValidationParams, type BatchMintResult, BundlerClient, type BundlerResponse, CANONICAL_ADDRESSES, CHAIN_MAINNET, CHAIN_SEPOLIA, COMMUNITIES, COMMUNITY_OWNERS, CONTRACTS, CONTRACT_METADATA, CONTRACT_SRC_HASH, CORE_ADDRESSES, CalldataParserRegistryABI, CalldataParserRegistryArtifact, type CanonicalAddresses, type CheckResourcesOptions, type CommunityConfig, type CommunityProfile, type ContractCategory, ContractConfigManager, type ContractNetwork, type ContractScope, type ContractScopeInput, type ContractVersion, DEFAULT_ADMIN_ROLE, DEFAULT_APNTS_PRICE_USD, DEFAULT_CALL_GAS_LIMIT, DEFAULT_GAS_TOKEN_MINT_AMOUNT, DEFAULT_PRE_VERIFICATION_GAS, DEFAULT_TIMEOUT_MS, DEFAULT_TOKEN_NAME, DEFAULT_TOKEN_SYMBOL, DEFAULT_USDT_MINT_AMOUNT, DEFAULT_VERIFICATION_GAS_LIMIT, type DVTAccountSignatureParams, type DVTActions, type DVTTier, DVTValidatorABI, DVTValidatorArtifact, DVT_TIER_T2, DVT_TIER_T3, DVT_VALIDATOR_ADDRESS, type DeploymentValidationParams, type DryRunValidationResult, ENTRY_POINT_ADDRESS, type ERC20Actions, type EnsOptions, EntryPointABI, type EntryPointActions, EntryPointArtifact, EntryPointVersion, FAUCET_API_URL, type FaucetConfig, type FaucetPreparationResult, type ForceExitActions, ForceExitModuleABI, ForceExitModuleArtifact, GTOKEN_ADDRESS, GTOKEN_STAKING_ADDRESS, GTokenABI, type GTokenActions, GTokenArtifact, GTokenAuthorizationABI, type GTokenAuthorizationActions, GTokenAuthorizationArtifact, GTokenStakingABI, GTokenStakingArtifact, type HashToFieldU0U1, type HeliosTransportConfig, INITIAL_ROLE_STAKES, type InitConfig, LINKS, MAX_SERVICE_FEE, MICRO_PAYMENT_CHANNEL_ADDRESS, MONITORING_ADDRESSES, MicroPaymentChannelABI, MicroPaymentChannelArtifact, MySBTABI, MySBTArtifact, NETWORKS, NODE_STAKE_AMOUNTS, type NetworkContracts, NodeType, OFFICIAL_ADDRESSES, type OperatorConfig, type OperatorMode, type P256SessionState, PAYMASTER_ADDRESSES, PAYMASTER_FACTORY_ADDRESS, PAYMASTER_V4_ADDRESS, PAYMASTER_V4_IMPL_ADDRESS, type PackedUserOperation, PaymasterABI, type PaymasterActions, PaymasterArtifact, PaymasterFactoryABI, type PaymasterFactoryActions, PaymasterFactoryArtifact, type PendingExit, type PendingModuleInstall, PolicyDecision, PolicyRegistryABI, type PolicyRegistryActions, PolicyRegistryArtifact, PublicClient, REGISTRY_ADDRESS, REPUTATION_SYSTEM_ADDRESS, ROLE_ANODE, ROLE_COMMUNITY, ROLE_DVT, ROLE_ENDUSER, ROLE_KMS, ROLE_NAMES, ROLE_PAYMASTER_AOA, ROLE_PAYMASTER_SUPER, ROLE_PERMISSION_LEVELS, RegistryABI, type RegistryActions, RegistryArtifact, type ReputationActions, type ReputationBreakdown, type ReputationRule, ReputationSystemABI, ReputationSystemArtifact, RequirementChecker, type ResolvedAPNTsToken, type ResourceBoolCheck, type ResourceReport, type ResourceStakeCheck, type RoleConfig, type RoleConfigDetailed, RolePermissionLevel, type RoleRequirement, type RoleValidationParams, type SBTActions, type SBTData, type SBTMembership, SBT_ADDRESS, SEPOLIA_CONTRACTS, SEPOLIA_V2_VERSIONS, SERVICE_FEE_RATE, SUPER_PAYMASTER_ADDRESS, SepoliaFaucetAPI, type SessionConfig, SessionKeyValidatorABI, type SessionKeyValidatorActions, SessionKeyValidatorArtifact, SimpleAccountABI, SimpleAccountArtifact, SimpleAccountFactoryABI, SimpleAccountFactoryArtifact, type SlashRecord, type SpendCounter, type StakingActions, StateValidator, SuperPaymasterABI, type SuperPaymasterActions, SuperPaymasterArtifact, type SuperPaymasterConfig, type SupportedChainId, type SupportedNetwork, TEST_ACCOUNT_ADDRESSES, TEST_ACCOUNT_POOL_SIZE, TEST_COMMUNITIES, TEST_TOKEN_ADDRESSES, TOKEN_ADDRESSES, type TokenActions, type TokenBalanceValidationParams, type TokenConfig, type UserOperationV07, V2_SUMMARY, type ValidationParams, type ValidationResult, type X402Actions, X402FacilitatorABI, X402FacilitatorArtifact, XPNTS_FACTORY_ADDRESS, type XPNTsFactoryActions, type XPNTsTokenActions, accountActions, accountFactoryActions, agentActions, agentRegistryActions, aggregatorActions, airAccountActions, airAccountExtensionActions, airAccountFactoryActions, applyConfig, blsAlgorithmActions, createAAStarPublicClient, createHeliosTransport, describeSupportedChains, dvtActions, encodeDVTAccountSignature, encodeDVTVerifierProof, encodeG2Point, entryPointActions, forceExitActions, gTokenActions, gTokenAuthorizationActions, getAddressUrl, getAllCommunityConfigs, getAllV2Contracts, getBlockExplorer, getCanonicalAddresses, getChainId, getCommunities, getCommunity, getCommunityConfig, getContract, getContractNetworks, getContracts, getCoreContracts, getDeploymentDate, getEntryPoint, getNetwork, getPaymasterV4_1, getRoleName, getRpcUrl, getSimpleAccountFactory, getSuperPaymasterV2, getTestAccounts, getTestTokenContracts, getTokenContracts, getTxUrl, getV2ContractByAddress, getV2ContractByName, getV2ContractsByDate, hashToFieldU0U1, isContractNetworkSupported, isRegisteredCommunity, isSupportedChainId, isV2Contract, listSupportedChainIds, lookupAddress, paymasterActions, paymasterFactoryActions, policyRegistryActions, registryActions, reputationActions, resolveEns, resolveEnsVerified, sbtActions, sessionKeyValidatorActions, stakingActions, superPaymasterActions, tokenActions, x402Actions, x402IsNonceUsed, x402NonceKey, xPNTsFactoryABI, xPNTsFactoryActions, xPNTsFactoryArtifact, xPNTsTokenABI, xPNTsTokenActions, xPNTsTokenArtifact };
+export { AASTAR_COMMUNITY, AAStarAirAccountFactoryV7ABI, AAStarAirAccountFactoryV7Artifact, AAStarAirAccountV7ABI, AAStarAirAccountV7Artifact, AAStarBLSAggregatorABI, AAStarBLSAggregatorArtifact, AAStarBLSAlgorithmABI, AAStarBLSAlgorithmArtifact, AAStarValidatorABI, AAStarValidatorArtifact, AGENT_IDENTITY_REGISTRY_ADDRESS, AGENT_REPUTATION_REGISTRY_ADDRESS, ALL_ADDRESSES, ALL_ROLES, APNTS_ADDRESS, type AccountActions, type AccountBalance, type AccountFactoryActions, type AgentActions, AgentRegistryABI, type AgentRegistryActions, AgentRegistryArtifact, type AgentSponsorshipPolicy, type AggregatorActions, type AirAccountActions, AirAccountDelegateABI, AirAccountDelegateArtifact, AirAccountExtensionABI, type AirAccountExtensionActions, AirAccountExtensionArtifact, type AirAccountFactoryActions, type AssetPolicy, type AssetPolicyInput, AuthorizationState, BLSAggregatorABI, BLSAggregatorArtifact, type BLSAlgorithmActions, type BLSG1Point, BLSHelpers, BLSSigner, BLSValidatorABI, BLSValidatorArtifact, BLS_AGGREGATOR_ADDRESS, BLS_POP_DST, BLS_VALIDATOR_ADDRESS, BPS_DENOMINATOR, BRANDING, BREAD_COMMUNITY, type BalanceValidationParams, type BatchMintResult, type BuildInitConfigParams, type BuildP256GuardianChallengeParams, BundlerClient, type BundlerResponse, CANONICAL_ADDRESSES, CHAIN_MAINNET, CHAIN_SEPOLIA, COMMUNITIES, COMMUNITY_OWNERS, CONTRACTS, CONTRACT_METADATA, CONTRACT_SRC_HASH, CORE_ADDRESSES, CalldataParserRegistryABI, CalldataParserRegistryArtifact, type CanonicalAddresses, type CheckResourcesOptions, type CommunityConfig, type CommunityProfile, type ContractCategory, ContractConfigManager, type ContractNetwork, type ContractScope, type ContractScopeInput, type ContractVersion, DEFAULT_ADMIN_ROLE, DEFAULT_APNTS_PRICE_USD, DEFAULT_CALL_GAS_LIMIT, DEFAULT_GAS_TOKEN_MINT_AMOUNT, DEFAULT_PRE_VERIFICATION_GAS, DEFAULT_TIMEOUT_MS, DEFAULT_TOKEN_NAME, DEFAULT_TOKEN_SYMBOL, DEFAULT_USDT_MINT_AMOUNT, DEFAULT_VERIFICATION_GAS_LIMIT, type DVTAccountSignatureParams, type DVTActions, type DVTTier, DVTValidatorABI, DVTValidatorArtifact, DVT_TIER_T2, DVT_TIER_T3, DVT_VALIDATOR_ADDRESS, type DecodedWebAuthnAssertion, type DeploymentValidationParams, type DryRunValidationResult, ENTRY_POINT_ADDRESS, type ERC20Actions, type EncodeWebAuthnAssertionParams, type EnsOptions, EntryPointABI, type EntryPointActions, EntryPointArtifact, EntryPointVersion, FAUCET_API_URL, type FaucetConfig, type FaucetPreparationResult, type ForceExitActions, ForceExitModuleABI, ForceExitModuleArtifact, GTOKEN_ADDRESS, GTOKEN_STAKING_ADDRESS, GTokenABI, type GTokenActions, GTokenArtifact, GTokenAuthorizationABI, type GTokenAuthorizationActions, GTokenAuthorizationArtifact, GTokenStakingABI, GTokenStakingArtifact, GUARDIAN_ADDITION_NONCE_SLOT, GUARDIAN_REMOVAL_NONCE_SLOT, GUARDIAN_SIG_VERSION, type GuardianOpLabel, type GuardianSpec, type HashToFieldU0U1, type HeliosTransportConfig, INITIAL_ROLE_STAKES, type InitConfig, LINKS, MAX_GUARDIAN_SLOT, MAX_SERVICE_FEE, MICRO_PAYMENT_CHANNEL_ADDRESS, MONITORING_ADDRESSES, MicroPaymentChannelABI, MicroPaymentChannelArtifact, MySBTABI, MySBTArtifact, NETWORKS, NODE_STAKE_AMOUNTS, type NetworkContracts, NodeType, OFFICIAL_ADDRESSES, type OperatorConfig, type OperatorMode, type P256SessionState, P256_GUARDIAN_DOMAIN, P256_GUARDIAN_SENTINEL, PAYMASTER_ADDRESSES, PAYMASTER_FACTORY_ADDRESS, PAYMASTER_V4_ADDRESS, PAYMASTER_V4_IMPL_ADDRESS, type PackedUserOperation, PaymasterABI, type PaymasterActions, PaymasterArtifact, PaymasterFactoryABI, type PaymasterFactoryActions, PaymasterFactoryArtifact, type PendingExit, type PendingModuleInstall, PolicyDecision, PolicyRegistryABI, type PolicyRegistryActions, PolicyRegistryArtifact, PublicClient, RECOVERY_NONCE_SLOT, REGISTRY_ADDRESS, REPUTATION_SYSTEM_ADDRESS, ROLE_ANODE, ROLE_COMMUNITY, ROLE_DVT, ROLE_ENDUSER, ROLE_KMS, ROLE_NAMES, ROLE_PAYMASTER_AOA, ROLE_PAYMASTER_SUPER, ROLE_PERMISSION_LEVELS, RegistryABI, type RegistryActions, RegistryArtifact, type ReputationActions, type ReputationBreakdown, type ReputationRule, ReputationSystemABI, ReputationSystemArtifact, RequirementChecker, type ResolvedAPNTsToken, type ResourceBoolCheck, type ResourceReport, type ResourceStakeCheck, type RoleConfig, type RoleConfigDetailed, RolePermissionLevel, type RoleRequirement, type RoleValidationParams, type SBTActions, type SBTData, type SBTMembership, SBT_ADDRESS, SECP256R1_N, SECP256R1_N_OVER_2, SEPOLIA_CONTRACTS, SEPOLIA_V2_VERSIONS, SERVICE_FEE_RATE, SUPER_PAYMASTER_ADDRESS, type ScalarLike, SepoliaFaucetAPI, type SessionConfig, SessionKeyValidatorABI, type SessionKeyValidatorActions, SessionKeyValidatorArtifact, type SignP256GuardianAssertionParams, type SignedP256GuardianAssertion, SimpleAccountABI, SimpleAccountArtifact, SimpleAccountFactoryABI, SimpleAccountFactoryArtifact, type SlashRecord, type SpendCounter, type StakingActions, StateValidator, SuperPaymasterABI, type SuperPaymasterActions, SuperPaymasterArtifact, type SuperPaymasterConfig, type SupportedChainId, type SupportedNetwork, TEST_ACCOUNT_ADDRESSES, TEST_ACCOUNT_POOL_SIZE, TEST_COMMUNITIES, TEST_TOKEN_ADDRESSES, TIER_LIMIT_NONCE_SLOT, TOKEN_ADDRESSES, type TokenActions, type TokenBalanceValidationParams, type TokenConfig, type UserOperationV07, V2_SUMMARY, type ValidationParams, type ValidationResult, WEBAUTHN_GET_CHALLENGE_PREFIX, type X402Actions, X402FacilitatorABI, X402FacilitatorArtifact, XPNTS_FACTORY_ADDRESS, type XPNTsFactoryActions, type XPNTsTokenActions, accountActions, accountFactoryActions, agentActions, agentRegistryActions, aggregatorActions, airAccountActions, airAccountExtensionActions, airAccountFactoryActions, applyConfig, base64UrlEncode, blsAlgorithmActions, buildAddGuardianChallenge, buildAddP256GuardianChallenge, buildApproveRecoveryChallenge, buildCancelRecoveryChallenge, buildInitConfig, buildModifyTierLimitsChallenge, buildP256GuardianChallenge, buildProposeRecoveryChallenge, buildRemoveGuardianChallenge, coseToP256XY, createAAStarPublicClient, createHeliosTransport, decodeWebAuthnAssertion, describeSupportedChains, dvtActions, encodeDVTAccountSignature, encodeDVTVerifierProof, encodeG2Point, encodeWebAuthnAssertion, entryPointActions, forceExitActions, gTokenActions, gTokenAuthorizationActions, getAddressUrl, getAllCommunityConfigs, getAllV2Contracts, getBlockExplorer, getCanonicalAddresses, getChainId, getCommunities, getCommunity, getCommunityConfig, getContract, getContractNetworks, getContracts, getCoreContracts, getDeploymentDate, getEntryPoint, getNetwork, getPaymasterV4_1, getRoleName, getRpcUrl, getSimpleAccountFactory, getSuperPaymasterV2, getTestAccounts, getTestTokenContracts, getTokenContracts, getTxUrl, getV2ContractByAddress, getV2ContractByName, getV2ContractsByDate, hashToFieldU0U1, isContractNetworkSupported, isRegisteredCommunity, isSupportedChainId, isV2Contract, listSupportedChainIds, lookupAddress, opDataAddGuardian, opDataAddP256Guardian, opDataModifyTierLimits, opDataRecovery, opDataRemoveGuardian, p256GuardianPublicKey, paymasterActions, paymasterFactoryActions, policyRegistryActions, registryActions, reputationActions, resolveEns, resolveEnsVerified, sbtActions, sessionKeyValidatorActions, signP256GuardianAssertion, stakingActions, superPaymasterActions, tokenActions, x402Actions, x402IsNonceUsed, x402NonceKey, xPNTsFactoryABI, xPNTsFactoryActions, xPNTsFactoryArtifact, xPNTsTokenABI, xPNTsTokenActions, xPNTsTokenArtifact };

package/dist/core.js

@@ -1,4 +1,4 @@
-export { AASTAR_COMMUNITY, AAStarAirAccountFactoryV7ABI, AAStarAirAccountFactoryV7Artifact, AAStarAirAccountV7ABI, AAStarAirAccountV7Artifact, AAStarBLSAggregatorABI, AAStarBLSAggregatorArtifact, AAStarBLSAlgorithmABI, AAStarBLSAlgorithmArtifact, AAStarValidatorABI, AAStarValidatorArtifact, ALL_ROLES, AgentRegistryABI, AgentRegistryArtifact, AirAccountDelegateABI, AirAccountDelegateArtifact, AirAccountExtensionABI, AirAccountExtensionArtifact, AuthorizationState, BLSAggregatorABI, BLSAggregatorArtifact, BLSHelpers, BLSSigner, BLSValidatorABI, BLSValidatorArtifact, BLS_POP_DST, BRANDING, BREAD_COMMUNITY, BaseClient, BundlerClient, COMMUNITIES, CONTRACTS, CONTRACT_METADATA, CalldataParserRegistryABI, CalldataParserRegistryArtifact, ContractConfigManager, DEFAULT_ADMIN_ROLE, DVTValidatorABI, DVTValidatorArtifact, DVT_TIER_T2, DVT_TIER_T3, EntryPointABI, EntryPointArtifact, EntryPointVersion, ForceExitModuleABI, ForceExitModuleArtifact, GTokenABI, GTokenArtifact, GTokenAuthorizationABI, GTokenAuthorizationArtifact, GTokenStakingABI, GTokenStakingArtifact, INITIAL_ROLE_STAKES, LINKS, MicroPaymentChannelABI, MicroPaymentChannelArtifact, MySBTABI, MySBTArtifact, NETWORKS, NodeType, PaymasterABI, PaymasterArtifact, PaymasterFactoryABI, PaymasterFactoryArtifact, PolicyDecision, PolicyRegistryABI, PolicyRegistryArtifact, ROLE_ANODE, ROLE_COMMUNITY, ROLE_DVT, ROLE_ENDUSER, ROLE_KMS, ROLE_NAMES, ROLE_PAYMASTER_AOA, ROLE_PAYMASTER_SUPER, ROLE_PERMISSION_LEVELS, RegistryABI, RegistryArtifact, ReputationSystemABI, ReputationSystemArtifact, RequirementChecker, RolePermissionLevel, SEPOLIA_CONTRACTS, SEPOLIA_V2_VERSIONS, SepoliaFaucetAPI, SessionKeyValidatorABI, SessionKeyValidatorArtifact, SimpleAccountABI, SimpleAccountArtifact, SimpleAccountFactoryABI, SimpleAccountFactoryArtifact, StateValidator, SuperPaymasterABI, SuperPaymasterArtifact, V2_SUMMARY, X402FacilitatorABI, X402FacilitatorArtifact, accountActions, accountFactoryActions, agentActions, agentRegistryActions, aggregatorActions, airAccountActions, airAccountExtensionActions, airAccountFactoryActions, blsAlgorithmActions, channelActions, createAAStarPublicClient, createHeliosTransport, dvtActions, encodeDVTAccountSignature, encodeDVTVerifierProof, encodeG2Point, entryPointActions, forceExitActions, gTokenActions, gTokenAuthorizationActions, getAddressUrl, getAllCommunityConfigs, getAllV2Contracts, getBlockExplorer, getChainId, getCommunities, getCommunity, getCommunityConfig, getContract, getContractNetworks, getContracts, getCoreContracts, getDeploymentDate, getEntryPoint, getNetwork, getPaymasterV4_1, getRoleName, getRpcUrl, getSimpleAccountFactory, getSuperPaymasterV2, getTestAccounts, getTestTokenContracts, getTokenContracts, getTxUrl, getV2ContractByAddress, getV2ContractByName, getV2ContractsByDate, hashToFieldU0U1, isContractNetworkSupported, isRegisteredCommunity, isV2Contract, lookupAddress, paymasterActions, paymasterFactoryActions, policyRegistryActions, registryActions, reputationActions, resolveEns, resolveEnsVerified, sbtActions, sessionKeyValidatorActions, stakingActions, superPaymasterActions, tokenActions, x402Actions, x402IsNonceUsed, x402NonceKey, xPNTsFactoryABI, xPNTsFactoryActions, xPNTsFactoryArtifact, xPNTsTokenABI, xPNTsTokenActions, xPNTsTokenArtifact } from './chunk-M5WFKETT.js';
+export { AASTAR_COMMUNITY, AAStarAirAccountFactoryV7ABI, AAStarAirAccountFactoryV7Artifact, AAStarAirAccountV7ABI, AAStarAirAccountV7Artifact, AAStarBLSAggregatorABI, AAStarBLSAggregatorArtifact, AAStarBLSAlgorithmABI, AAStarBLSAlgorithmArtifact, AAStarValidatorABI, AAStarValidatorArtifact, ALL_ROLES, AgentRegistryABI, AgentRegistryArtifact, AirAccountDelegateABI, AirAccountDelegateArtifact, AirAccountExtensionABI, AirAccountExtensionArtifact, AuthorizationState, BLSAggregatorABI, BLSAggregatorArtifact, BLSHelpers, BLSSigner, BLSValidatorABI, BLSValidatorArtifact, BLS_POP_DST, BRANDING, BREAD_COMMUNITY, BaseClient, BundlerClient, COMMUNITIES, CONTRACTS, CONTRACT_METADATA, CalldataParserRegistryABI, CalldataParserRegistryArtifact, ContractConfigManager, DEFAULT_ADMIN_ROLE, DVTValidatorABI, DVTValidatorArtifact, DVT_TIER_T2, DVT_TIER_T3, EntryPointABI, EntryPointArtifact, EntryPointVersion, ForceExitModuleABI, ForceExitModuleArtifact, GTokenABI, GTokenArtifact, GTokenAuthorizationABI, GTokenAuthorizationArtifact, GTokenStakingABI, GTokenStakingArtifact, GUARDIAN_ADDITION_NONCE_SLOT, GUARDIAN_REMOVAL_NONCE_SLOT, GUARDIAN_SIG_VERSION, INITIAL_ROLE_STAKES, LINKS, MAX_GUARDIAN_SLOT, MicroPaymentChannelABI, MicroPaymentChannelArtifact, MySBTABI, MySBTArtifact, NETWORKS, NodeType, P256_GUARDIAN_DOMAIN, P256_GUARDIAN_SENTINEL, PaymasterABI, PaymasterArtifact, PaymasterFactoryABI, PaymasterFactoryArtifact, PolicyDecision, PolicyRegistryABI, PolicyRegistryArtifact, RECOVERY_NONCE_SLOT, ROLE_ANODE, ROLE_COMMUNITY, ROLE_DVT, ROLE_ENDUSER, ROLE_KMS, ROLE_NAMES, ROLE_PAYMASTER_AOA, ROLE_PAYMASTER_SUPER, ROLE_PERMISSION_LEVELS, RegistryABI, RegistryArtifact, ReputationSystemABI, ReputationSystemArtifact, RequirementChecker, RolePermissionLevel, SECP256R1_N, SECP256R1_N_OVER_2, SEPOLIA_CONTRACTS, SEPOLIA_V2_VERSIONS, SepoliaFaucetAPI, SessionKeyValidatorABI, SessionKeyValidatorArtifact, SimpleAccountABI, SimpleAccountArtifact, SimpleAccountFactoryABI, SimpleAccountFactoryArtifact, StateValidator, SuperPaymasterABI, SuperPaymasterArtifact, TIER_LIMIT_NONCE_SLOT, V2_SUMMARY, WEBAUTHN_GET_CHALLENGE_PREFIX, X402FacilitatorABI, X402FacilitatorArtifact, accountActions, accountFactoryActions, agentActions, agentRegistryActions, aggregatorActions, airAccountActions, airAccountExtensionActions, airAccountFactoryActions, base64UrlEncode, blsAlgorithmActions, buildAddGuardianChallenge, buildAddP256GuardianChallenge, buildApproveRecoveryChallenge, buildCancelRecoveryChallenge, buildInitConfig, buildModifyTierLimitsChallenge, buildP256GuardianChallenge, buildProposeRecoveryChallenge, buildRemoveGuardianChallenge, channelActions, coseToP256XY, createAAStarPublicClient, createHeliosTransport, decodeWebAuthnAssertion, dvtActions, encodeDVTAccountSignature, encodeDVTVerifierProof, encodeG2Point, encodeWebAuthnAssertion, entryPointActions, forceExitActions, gTokenActions, gTokenAuthorizationActions, getAddressUrl, getAllCommunityConfigs, getAllV2Contracts, getBlockExplorer, getChainId, getCommunities, getCommunity, getCommunityConfig, getContract, getContractNetworks, getContracts, getCoreContracts, getDeploymentDate, getEntryPoint, getNetwork, getPaymasterV4_1, getRoleName, getRpcUrl, getSimpleAccountFactory, getSuperPaymasterV2, getTestAccounts, getTestTokenContracts, getTokenContracts, getTxUrl, getV2ContractByAddress, getV2ContractByName, getV2ContractsByDate, hashToFieldU0U1, isContractNetworkSupported, isRegisteredCommunity, isV2Contract, lookupAddress, opDataAddGuardian, opDataAddP256Guardian, opDataModifyTierLimits, opDataRecovery, opDataRemoveGuardian, p256GuardianPublicKey, paymasterActions, paymasterFactoryActions, policyRegistryActions, registryActions, reputationActions, resolveEns, resolveEnsVerified, sbtActions, sessionKeyValidatorActions, signP256GuardianAssertion, stakingActions, superPaymasterActions, tokenActions, x402Actions, x402IsNonceUsed, x402NonceKey, xPNTsFactoryABI, xPNTsFactoryActions, xPNTsFactoryArtifact, xPNTsTokenABI, xPNTsTokenActions, xPNTsTokenArtifact } from './chunk-2TS6T2WY.js';
 export { AGENT_IDENTITY_REGISTRY_ADDRESS, AGENT_REPUTATION_REGISTRY_ADDRESS, ALL_ADDRESSES, APNTS_ADDRESS, BLS_AGGREGATOR_ADDRESS, BLS_VALIDATOR_ADDRESS, BPS_DENOMINATOR, CANONICAL_ADDRESSES, CHAIN_MAINNET, CHAIN_SEPOLIA, COMMUNITY_OWNERS, CONTRACT_SRC_HASH, CORE_ADDRESSES, DEFAULT_APNTS_PRICE_USD, DEFAULT_CALL_GAS_LIMIT, DEFAULT_GAS_TOKEN_MINT_AMOUNT, DEFAULT_PRE_VERIFICATION_GAS, DEFAULT_TIMEOUT_MS, DEFAULT_TOKEN_NAME, DEFAULT_TOKEN_SYMBOL, DEFAULT_USDT_MINT_AMOUNT, DEFAULT_VERIFICATION_GAS_LIMIT, DVT_VALIDATOR_ADDRESS, ENTRY_POINT_ADDRESS, FAUCET_API_URL, GTOKEN_ADDRESS, GTOKEN_STAKING_ADDRESS, MAX_SERVICE_FEE, MICRO_PAYMENT_CHANNEL_ADDRESS, MONITORING_ADDRESSES, NODE_STAKE_AMOUNTS, OFFICIAL_ADDRESSES, PAYMASTER_ADDRESSES, PAYMASTER_FACTORY_ADDRESS, PAYMASTER_V4_ADDRESS, PAYMASTER_V4_IMPL_ADDRESS, REGISTRY_ADDRESS, REPUTATION_SYSTEM_ADDRESS, SBT_ADDRESS, SERVICE_FEE_RATE, SUPER_PAYMASTER_ADDRESS, TEST_ACCOUNT_ADDRESSES, TEST_ACCOUNT_POOL_SIZE, TEST_COMMUNITIES, TEST_TOKEN_ADDRESSES, TOKEN_ADDRESSES, XPNTS_FACTORY_ADDRESS, applyConfig, describeSupportedChains, getCanonicalAddresses, isSupportedChainId, listSupportedChainIds } from './chunk-UCLK6LTB.js';
 import './chunk-PZ5AY32C.js';
 //# sourceMappingURL=core.js.map

package/dist/dapp.cjs

@@ -1,7 +1,7 @@
 'use strict';
 
-var chunkIZN2COBP_cjs = require('./chunk-IZN2COBP.cjs');
-var chunkCIEYY3A6_cjs = require('./chunk-CIEYY3A6.cjs');
+var chunkBBZAD5G2_cjs = require('./chunk-BBZAD5G2.cjs');
+var chunkTS5CXRNI_cjs = require('./chunk-TS5CXRNI.cjs');
 require('./chunk-MXJEULSE.cjs');
 require('./chunk-Q7SFCCGT.cjs');
 var viem = require('viem');
@@ -32,10 +32,10 @@ function useCreditScore({ chain, rpcUrl, registryAddress, userAddress }) {
     const fetchCredit = async () => {
       setLoading(true);
       try {
-        const client = chunkCIEYY3A6_cjs.createAAStarPublicClient(rpcUrl, chain);
+        const client = chunkTS5CXRNI_cjs.createAAStarPublicClient(rpcUrl, chain);
         const limit = await client.readContract({
           address: registryAddress,
-          abi: chunkCIEYY3A6_cjs.RegistryABI,
+          abi: chunkTS5CXRNI_cjs.RegistryABI,
           functionName: "getCreditLimit",
           args: [userAddress]
         });
@@ -58,7 +58,7 @@ function useSuperPaymaster(config) {
     setIsLoading(true);
     setError(null);
     try {
-      const middleware = chunkIZN2COBP_cjs.getSuperPaymasterMiddleware(config);
+      const middleware = chunkBBZAD5G2_cjs.getSuperPaymasterMiddleware(config);
       const result = await middleware.sponsorUserOperation({ userOperation: userOp });
       return result.paymasterAndData;
     } catch (err) {

package/dist/dapp.js

@@ -1,5 +1,5 @@
-import { getSuperPaymasterMiddleware } from './chunk-MKUILC7J.js';
-import { createAAStarPublicClient, RegistryABI } from './chunk-M5WFKETT.js';
+import { getSuperPaymasterMiddleware } from './chunk-SNVHOCU6.js';
+import { createAAStarPublicClient, RegistryABI } from './chunk-2TS6T2WY.js';
 import './chunk-UCLK6LTB.js';
 import './chunk-PZ5AY32C.js';
 import { parseAbi, createPublicClient, http, hashTypedData, hashMessage, hexToBytes, encodeFunctionData } from 'viem';

package/dist/enduser.cjs

@@ -1,8 +1,8 @@
 'use strict';
 
-var chunkHT6LGLDM_cjs = require('./chunk-HT6LGLDM.cjs');
-var chunkPED7PJQZ_cjs = require('./chunk-PED7PJQZ.cjs');
-require('./chunk-CIEYY3A6.cjs');
+var chunk6ISQM3SF_cjs = require('./chunk-6ISQM3SF.cjs');
+var chunkRF3MSLRW_cjs = require('./chunk-RF3MSLRW.cjs');
+require('./chunk-TS5CXRNI.cjs');
 require('./chunk-MXJEULSE.cjs');
 require('./chunk-Q7SFCCGT.cjs');
 
@@ -10,15 +10,15 @@ require('./chunk-Q7SFCCGT.cjs');
 
 Object.defineProperty(exports, "CommunityClient", {
   enumerable: true,
-  get: function () { return chunkHT6LGLDM_cjs.CommunityClient; }
+  get: function () { return chunk6ISQM3SF_cjs.CommunityClient; }
 });
 Object.defineProperty(exports, "UserLifecycle", {
   enumerable: true,
-  get: function () { return chunkHT6LGLDM_cjs.UserLifecycle; }
+  get: function () { return chunk6ISQM3SF_cjs.UserLifecycle; }
 });
 Object.defineProperty(exports, "UserClient", {
   enumerable: true,
-  get: function () { return chunkPED7PJQZ_cjs.UserClient; }
+  get: function () { return chunkRF3MSLRW_cjs.UserClient; }
 });
 //# sourceMappingURL=enduser.cjs.map
 //# sourceMappingURL=enduser.cjs.map

package/dist/enduser.js

@@ -1,6 +1,6 @@
-export { CommunityClient, UserLifecycle } from './chunk-JYHDAOUT.js';
-export { UserClient } from './chunk-UP2S7C7R.js';
-import './chunk-M5WFKETT.js';
+export { CommunityClient, UserLifecycle } from './chunk-VUNNHEND.js';
+export { UserClient } from './chunk-T2GF4S3E.js';
+import './chunk-2TS6T2WY.js';
 import './chunk-UCLK6LTB.js';
 import './chunk-PZ5AY32C.js';
 //# sourceMappingURL=enduser.js.map

package/dist/identity.cjs

@@ -1,7 +1,7 @@
 'use strict';
 
-var chunkWR4OZUXR_cjs = require('./chunk-WR4OZUXR.cjs');
-require('./chunk-CIEYY3A6.cjs');
+var chunk3OIVYXUG_cjs = require('./chunk-3OIVYXUG.cjs');
+require('./chunk-TS5CXRNI.cjs');
 require('./chunk-MXJEULSE.cjs');
 require('./chunk-Q7SFCCGT.cjs');
 
@@ -9,15 +9,15 @@ require('./chunk-Q7SFCCGT.cjs');
 
 Object.defineProperty(exports, "ReputationClient", {
   enumerable: true,
-  get: function () { return chunkWR4OZUXR_cjs.ReputationClient; }
+  get: function () { return chunk3OIVYXUG_cjs.ReputationClient; }
 });
 Object.defineProperty(exports, "checkMySBT", {
   enumerable: true,
-  get: function () { return chunkWR4OZUXR_cjs.checkMySBT; }
+  get: function () { return chunk3OIVYXUG_cjs.checkMySBT; }
 });
 Object.defineProperty(exports, "getMySBTId", {
   enumerable: true,
-  get: function () { return chunkWR4OZUXR_cjs.getMySBTId; }
+  get: function () { return chunk3OIVYXUG_cjs.getMySBTId; }
 });
 //# sourceMappingURL=identity.cjs.map
 //# sourceMappingURL=identity.cjs.map

package/dist/identity.js

@@ -1,5 +1,5 @@
-export { ReputationClient, checkMySBT, getMySBTId } from './chunk-KZERVPUR.js';
-import './chunk-M5WFKETT.js';
+export { ReputationClient, checkMySBT, getMySBTId } from './chunk-XTF6MNIK.js';
+import './chunk-2TS6T2WY.js';
 import './chunk-UCLK6LTB.js';
 import './chunk-PZ5AY32C.js';
 //# sourceMappingURL=identity.js.map