@aastar/sdk 0.21.1 → 0.23.0

package/dist/core.d.ts

@@ -2,6 +2,8 @@ import { Address, Chain, Hex, Account, Hash, BlockNumber, BlockTag, PublicClient
 import { P as PublicClient } from './doc-types-471vSmPO.js';
 export { W as WalletClient } from './doc-types-471vSmPO.js';
 export { a as BaseClient, B as BusinessResult, C as ClientConfig, T as TransactionOptions } from './BaseClient-BjbYP0cf.js';
+import { I as InitConfig } from './initConfig-D8jgrcDb.js';
+export { A as AirAccountActions, B as BuildInitConfigParams, D as DryRunValidationResult, G as GuardianSpec, O as OperatorConfig, d as PackedUserOperation, P as PendingModuleInstall, R as ResolvedAPNTsToken, a as SlashRecord, S as SuperPaymasterActions, T as TokenConfig, b as airAccountActions, c as buildInitConfig, s as superPaymasterActions } from './initConfig-D8jgrcDb.js';
 export { a as ChannelActions, C as ChannelState, c as channelActions } from './channel-CkRRbzT8.js';
 import * as node_modules_viem__types from 'node_modules/viem/_types';
 
@@ -3959,356 +3961,6 @@ type SBTActions = {
 };
 declare const sbtActions: (address: Address) => (client: PublicClient$1 | WalletClient) => SBTActions;
 
-/**
- * ERC-4337 v0.7 PackedUserOperation tuple, matching the `struct PackedUserOperation`
- * input of `dryRunValidation` / `validatePaymasterUserOp` in the SuperPaymaster ABI.
- * Field order is load-bearing: viem encodes the tuple positionally from this shape.
- */
-type PackedUserOperation = {
-    sender: Address;
-    nonce: bigint;
-    initCode: Hex;
-    callData: Hex;
-    accountGasLimits: Hex;
-    preVerificationGas: bigint;
-    gasFees: Hex;
-    paymasterAndData: Hex;
-    signature: Hex;
-};
-/**
- * Result of an off-chain `dryRunValidation` pre-flight check.
- * `ok` mirrors whether the paymaster would accept the UserOp; `reasonCode` is a
- * bytes32 machine-readable rejection code (zero when `ok` is true).
- */
-type DryRunValidationResult = {
-    ok: boolean;
-    reasonCode: Hex;
-};
-type SlashRecord = {
-    timestamp: bigint;
-    amount: bigint;
-    reputationLoss: bigint;
-    reason: string;
-    level: number;
-};
-type OperatorConfig = {
-    aPNTsBalance: bigint;
-    isConfigured: boolean;
-    isPaused: boolean;
-    xPNTsToken: Address;
-    reputation: number;
-    minTxInterval: number;
-    treasury: Address;
-    totalSpent: bigint;
-    totalTxSponsored: bigint;
-};
-/**
- * Runtime-resolved aPNTs token state read live from the SuperPaymaster contract.
- *
- * The contract exposes the currently active token via `APNTS_TOKEN()` and an
- * upcoming (timelocked) token via `pendingAPNTsToken()` / `pendingAPNTsTokenEta()`.
- * Consumers should prefer `active` and may surface `pending` to warn about an
- * upcoming migration.
- */
-type ResolvedAPNTsToken = {
-    /** Currently active aPNTs token address, read from `APNTS_TOKEN()`. */
-    active: Address;
-    /** aPNTs token queued for migration; `zeroAddress` when none is queued. */
-    pending: Address;
-    /** Unix-second ETA when the pending change becomes executable; `0n` when none is queued. */
-    pendingEta: bigint;
-    /** True only when `active` came from the explicit `fallback` option after a failed chain read. */
-    fallbackUsed: boolean;
-};
-type SuperPaymasterActions = {
-    deposit: (args: {
-        amount: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    depositETH: (args: {
-        value: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    depositFor: (args: {
-        targetOperator: Address;
-        amount: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    withdrawTo: (args: {
-        to: Address;
-        amount: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    withdraw: (args: {
-        amount: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    addStake: (args: {
-        unstakeDelaySec: number;
-        value: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    unlockStake: (args: {
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    withdrawStake: (args: {
-        to: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    configureOperator: (args: {
-        xPNTsToken: Address;
-        opTreasury: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    setOperatorPaused: (args: {
-        operator: Address;
-        paused: boolean;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    setOperatorLimits: (args: {
-        minTxInterval: number;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    updateReputation: (args: {
-        operator: Address;
-        newScore: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    executeSlashWithBLS: (args: {
-        operator: Address;
-        level: number;
-        proof: Hex;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    slashOperator: (args: {
-        operator: Address;
-        level: number;
-        penaltyAmount: bigint;
-        reason: string;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    updateBlockedStatus: (args: {
-        operator: Address;
-        users: Address[];
-        statuses: boolean[];
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    updateSBTStatus: (args: {
-        user: Address;
-        status: boolean;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    /** Read the unrecovered debt recorded for a user after a failed burn/recordDebt. */
-    pendingDebts: (args: {
-        token: Address;
-        user: Address;
-    }) => Promise<bigint>;
-    /** Operator retries recovering up to `amount` of the user's pending debt. */
-    retryPendingDebt: (args: {
-        token: Address;
-        user: Address;
-        amount: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    /** Operator force-clears the user's pending-debt entry without recording it. */
-    clearPendingDebt: (args: {
-        token: Address;
-        user: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    setAPNTSPrice: (args: {
-        newPrice: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    updatePrice: (args: {
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    updatePriceDVT: (args: {
-        price: bigint;
-        updatedAt: bigint;
-        proof: Hex;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    setProtocolFee: (args: {
-        newFeeBPS: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    setTreasury: (args: {
-        treasury: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    setXPNTsFactory: (args: {
-        factory: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    setAPNTsToken: (args: {
-        token: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    /** @deprecated The deployed SuperPaymaster ABI has no direct `setBLSAggregator` — the aggregator change is timelocked via {@link queueBLSAggregator} + {@link applyBLSAggregator}. Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
-    setBLSAggregator: (args: {
-        aggregator: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    withdrawProtocolRevenue: (args: {
-        to: Address;
-        amount: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    executeAPNTsTokenChange: (args: {
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    cancelAPNTsTokenChange: (args: {
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    pendingAPNTsToken: () => Promise<Address>;
-    pendingAPNTsTokenEta: () => Promise<bigint>;
-    /**
-     * Resolve the live aPNTs token address from chain instead of relying on a static constant.
-     *
-     * Reads `APNTS_TOKEN()` (active), `pendingAPNTsToken()` and `pendingAPNTsTokenEta()`
-     * in parallel and returns them as a structured result. Prefer `active` for runtime use.
-     *
-     * If `fallback` is supplied and the chain reads fail, the static `fallback` address is
-     * returned with `fallbackUsed: true` (pending fields zeroed). Without a `fallback` the
-     * underlying error is re-thrown rather than silently masked.
-     */
-    resolveAPNTsToken: (args?: {
-        fallback?: Address;
-    }) => Promise<ResolvedAPNTsToken>;
-    emergencySetPrice: (args: {
-        newPrice: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    executeEmergencyPrice: (args: {
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    cancelEmergencyPrice: (args: {
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    emergencyPendingPrice: () => Promise<bigint>;
-    emergencyActivatedAt: () => Promise<bigint>;
-    emergencyQueuedAt: () => Promise<bigint>;
-    EMERGENCY_TIMELOCK: () => Promise<bigint>;
-    queueBLSAggregator: (args: {
-        aggregator: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    applyBLSAggregator: (args: {
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    onTransferReceived: (args: {
-        operator: Address;
-        from: Address;
-        value: bigint;
-        data: Hex;
-    }) => Promise<Hex>;
-    validatePaymasterUserOp: (args: {
-        userOp: any;
-        userOpHash: Hex;
-        maxCost: bigint;
-    }) => Promise<{
-        context: Hex;
-        validationData: bigint;
-    }>;
-    /**
-     * Off-chain pre-flight validation of a UserOp against this paymaster.
-     * Returns `{ ok, reasonCode }` so callers can detect AA34-style rejections
-     * before submitting the UserOp on-chain. View call; never mutates state.
-     */
-    dryRunValidation: (args: {
-        userOp: PackedUserOperation;
-        maxCost: bigint;
-    }) => Promise<DryRunValidationResult>;
-    operators: (args: {
-        operator: Address;
-    }) => Promise<OperatorConfig>;
-    getAvailableCredit: (args: {
-        user: Address;
-        token: Address;
-    }) => Promise<bigint>;
-    getDeposit: () => Promise<bigint>;
-    getLatestSlash: (args: {
-        operator: Address;
-    }) => Promise<SlashRecord>;
-    getSlashCount: (args: {
-        operator: Address;
-    }) => Promise<bigint>;
-    getSlashHistory: (args: {
-        operator: Address;
-    }) => Promise<SlashRecord[]>;
-    slashHistory: (args: {
-        operator: Address;
-        index: bigint;
-    }) => Promise<SlashRecord>;
-    userOpState: (args: {
-        user: Address;
-        operator: Address;
-    }) => Promise<{
-        lastTimestamp: number;
-        isBlocked: boolean;
-    }>;
-    cachedPrice: () => Promise<{
-        price: bigint;
-        updatedAt: bigint;
-        roundId: bigint;
-        decimals: number;
-    }>;
-    aPNTsPriceUSD: () => Promise<bigint>;
-    protocolFeeBPS: () => Promise<bigint>;
-    protocolRevenue: () => Promise<bigint>;
-    totalTrackedBalance: () => Promise<bigint>;
-    priceStalenessThreshold: () => Promise<bigint>;
-    sbtHolders: (args: {
-        user: Address;
-    }) => Promise<boolean>;
-    /** True when the Chainlink ETH/USD feed is considered stale by the contract. */
-    isChainlinkStale: () => Promise<boolean>;
-    /** Current pricing mode (uint8 enum on the contract). */
-    priceMode: () => Promise<number>;
-    /** Unix-second timestamp until which the cached price remains valid (uint48). */
-    priceValidUntil: () => Promise<bigint>;
-    /** Address of the BLS aggregator pending the timelock (`zeroAddress` if none queued). */
-    pendingBLSAgg: () => Promise<Address>;
-    /** Unix-second ETA at which the pending BLS aggregator change becomes executable (uint48). */
-    pendingBLSAggEta: () => Promise<bigint>;
-    APNTS_TOKEN: () => Promise<Address>;
-    REGISTRY: () => Promise<Address>;
-    BLS_AGGREGATOR: () => Promise<Address>;
-    ETH_USD_PRICE_FEED: () => Promise<Address>;
-    treasury: () => Promise<Address>;
-    xpntsFactory: () => Promise<Address>;
-    entryPoint: () => Promise<Address>;
-    /** @deprecated Removed in the v5.x contract refactor — not in the deployed SuperPaymaster ABI. Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
-    MAX_PROTOCOL_FEE: () => Promise<bigint>;
-    /** @deprecated Removed from SuperPaymaster in the v5.x refactor (this bound belongs to the standalone Paymaster contract). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
-    MAX_ETH_USD_PRICE: () => Promise<bigint>;
-    /** @deprecated Removed from SuperPaymaster in the v5.x refactor (this bound belongs to the standalone Paymaster contract). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
-    MIN_ETH_USD_PRICE: () => Promise<bigint>;
-    /** @deprecated Removed in the v5.x contract refactor — not in the deployed SuperPaymaster ABI. Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
-    PAYMASTER_DATA_OFFSET: () => Promise<bigint>;
-    /** @deprecated Removed in the v5.x contract refactor — not in the deployed SuperPaymaster ABI. Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
-    PRICE_CACHE_DURATION: () => Promise<bigint>;
-    /** @deprecated Removed in the v5.x contract refactor — not in the deployed SuperPaymaster ABI. Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
-    RATE_OFFSET: () => Promise<bigint>;
-    /** @deprecated Removed in the v5.x contract refactor — not in the deployed SuperPaymaster ABI. Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
-    VALIDATION_BUFFER_BPS: () => Promise<bigint>;
-    /** @deprecated Removed in the v5.x contract refactor — not in the deployed SuperPaymaster ABI. Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
-    BPS_DENOMINATOR: () => Promise<bigint>;
-    /** Duration (seconds) of the aPNTs-token-change timelock. */
-    APNTS_TOKEN_TIMELOCK: () => Promise<bigint>;
-    owner: () => Promise<Address>;
-    transferOwnership: (args: {
-        newOwner: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    renounceOwnership: (args: {
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    version: () => Promise<string>;
-};
-declare const superPaymasterActions: (address: Address) => (client: PublicClient$1 | WalletClient) => SuperPaymasterActions;
-
 type PaymasterActions = {
     depositFor: (args: {
         user: Address;
@@ -5921,136 +5573,6 @@ type GTokenAuthorizationActions = GTokenActions & {
 };
 declare const gTokenAuthorizationActions: (client: PublicClient$1 | WalletClient) => GTokenAuthorizationActions;
 
-type TokenConfig = {
-    tier1Limit: bigint;
-    tier2Limit: bigint;
-    dailyLimit: bigint;
-};
-type InitConfig = {
-    guardians: readonly [Address, Address, Address];
-    guardianP256X: readonly [Hex, Hex, Hex];
-    guardianP256Y: readonly [Hex, Hex, Hex];
-    dailyLimit: bigint;
-    approvedAlgIds: readonly number[];
-    minDailyLimit: bigint;
-    initialTokens: readonly Address[];
-    initialTokenConfigs: readonly TokenConfig[];
-};
-type PendingModuleInstall = {
-    module: Address;
-    moduleTypeId: number;
-    proposedAt: number;
-    executeAfter: number;
-    initDataHash: Hex;
-};
-type AirAccountActions = {
-    owner: () => Promise<Address>;
-    guardianCount: () => Promise<number>;
-    guardians: (args: {
-        index: bigint | number;
-    }) => Promise<Address>;
-    accountId: () => Promise<string>;
-    isValidSignature: (args: {
-        hash: Hex;
-        sig: Hex;
-    }) => Promise<Hex>;
-    requiredTier: (args: {
-        txValue: bigint;
-    }) => Promise<number>;
-    supportsModule: (args: {
-        moduleTypeId: bigint;
-    }) => Promise<boolean>;
-    p256KeyX: () => Promise<Hex>;
-    p256KeyY: () => Promise<Hex>;
-    parserRegistry: () => Promise<Address>;
-    moduleManagementNonce: () => Promise<bigint>;
-    moduleInstallTimelock: () => Promise<bigint>;
-    pendingModuleInstall: () => Promise<PendingModuleInstall>;
-    setP256Key: (args: {
-        x: Hex;
-        y: Hex;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    setTierLimits: (args: {
-        tier1: bigint;
-        tier2: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    setValidator: (args: {
-        validator: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    setParserRegistry: (args: {
-        registry: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    /**
-     * Execute calls via an installed executor module (ERC-7579 `executeFromExecutor`).
-     * NOTE: this is a state-changing tx, so it resolves to the transaction `Hash` — the
-     * on-chain `bytes[] returnData` is NOT recoverable from a write. If you need the
-     * decoded return data, `simulateContract`/`call` the same function separately.
-     */
-    executeFromExecutor: (args: {
-        mode: Hex;
-        executionCalldata: Hex;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    validateUserOp: (args: {
-        userOp: PackedUserOperation;
-        userOpHash: Hex;
-        missingAccountFunds: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    initializeAgentAccount: (args: {
-        entryPoint: Address;
-        owner: Address;
-        config: InitConfig;
-        guardAddr: Address;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    guardAddTokenConfig: (args: {
-        token: Address;
-        config: TokenConfig;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    guardApproveAlgorithm: (args: {
-        algId: number;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    guardDecreaseDailyLimit: (args: {
-        newLimit: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    guardDecreaseTokenDailyLimit: (args: {
-        token: Address;
-        newLimit: bigint;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    guardSetStrictMode: (args: {
-        enabled: boolean;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    proposeModuleInstall: (args: {
-        moduleTypeId: bigint;
-        module: Address;
-        initData: Hex;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    executeModuleInstall: (args: {
-        moduleInitData: Hex;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    cancelModuleInstall: (args: {
-        account?: Account | Address;
-    }) => Promise<Hash>;
-    setModuleInstallTimelock: (args: {
-        newTimelock: bigint;
-        guardianSigs: Hex;
-        account?: Account | Address;
-    }) => Promise<Hash>;
-};
-declare const airAccountActions: (address: Address) => (client: PublicClient$1 | WalletClient) => AirAccountActions;
-
 type AirAccountFactoryActions = {
     getAddressWithChainId: (args: {
         owner: Address;
@@ -6131,20 +5653,45 @@ declare const airAccountFactoryActions: (address: Address) => (client: PublicCli
  * internally, so the on-chain `address` here is the smart-account address, never
  * the extension's own address.
  *
- * ## Batch split
+ * ## P-256 (passkey) guardian feature — fully wired (Batch 2)
  * The full P-256 / WebAuthn guardian feature (passkey-signed recovery, mixed
- * ECDSA+P-256 guardian consensus) landed in the contracts at v0.20.0 but is wired
- * into the SDK in **Batch 2**. This Batch-1 module ships:
- *   - the two trivial VIEW reads (`getRecoveryNonce`, `getGuardianP256Key`) as
- *     real on-chain calls, and
- *   - `NOT_IMPLEMENTED`-throwing stubs for the eight state-changing P-256 writes,
- *     so the doc-coverage gate stays green while the feature is finished.
+ * ECDSA+P-256 guardian consensus) landed in the contracts at v0.20.0 and is wired
+ * end-to-end here: the two VIEW reads plus the eight state-changing writes.
+ *
+ * The `sig` blobs these writes consume are built by the core crypto module
+ * (`@aastar/core` → `buildP256GuardianChallenge` / `encodeWebAuthnAssertion` /
+ * `signP256GuardianAssertion` in `crypto/p256Guardian.ts`). This action layer is the
+ * thin calldata wrapper; the security-critical encoding lives in that module and is
+ * decode-verified against a live Sepolia tx (see `tests/regression/onchain-evidence/`).
+ *
+ * ## Guardian bootstrap is guardianSig-free (spec §5.1 / §9)
+ * `addP256Guardian(x, y)` is **owner-only** and requires `_guardianCount < RECOVERY_THRESHOLD`
+ * (a single guardian can't form a quorum), so the FIRST P-256 guardian(s) need NO guardian
+ * signature — only the owner. The same holds for init-time setup via `InitConfig.guardianP256X/Y`
+ * (one factory tx, no window). Once `RECOVERY_THRESHOLD` guardians exist, expansion requires
+ * consensus via `addP256GuardianWithMixedSigs` / `addGuardianWithMixedSigs`.
  *
  * The plain ECDSA recovery lifecycle (`proposeRecovery` / `approveRecovery` /
- * `executeRecovery` / `cancelRecovery`) is unchanged at the byte level (same
- * 4-byte selectors, same semantics) and is encoded by the AirAccount server's
- * `RecoveryService` against the account address — it is NOT re-declared here.
+ * `executeRecovery` / `cancelRecovery`) is unchanged at the byte level and is encoded by
+ * the AirAccount server's `RecoveryService` against the account address — NOT re-declared here.
  */
+/**
+ * Storage slots of the mixed-sig operation nonces, taken VERBATIM from the contract's shared layout
+ * `AAStarAgentStorageLayout.sol` (forge-inspect-verified, identical for AAStarAirAccountV7 and
+ * AirAccountExtension — the parity that makes the fallback→delegatecall sharing safe). These nonces
+ * are `internal` (no public getter), so the SDK reads them via `eth_getStorageAt`.
+ *
+ *   slot 15 — `_guardianRemovalNonce`   (AAStarAgentStorageLayout.sol:118)
+ *   slot 16 — `_tierLimitNonce`         (AAStarAgentStorageLayout.sol:119)
+ *   slot 38 — `_recoveryNonce`          (AAStarAgentStorageLayout.sol:182; also the public `getRecoveryNonce()`)
+ *   slot 39 — `_guardianAdditionNonce`  (AAStarAgentStorageLayout.sol:186)
+ */
+declare const GUARDIAN_REMOVAL_NONCE_SLOT = 15n;
+declare const TIER_LIMIT_NONCE_SLOT = 16n;
+declare const RECOVERY_NONCE_SLOT = 38n;
+declare const GUARDIAN_ADDITION_NONCE_SLOT = 39n;
+/** Highest valid guardian slot index (the contract hard-caps the guardian set at 3: slots 0..2). */
+declare const MAX_GUARDIAN_SLOT = 2;
 type AirAccountExtensionActions = {
     /** `getRecoveryNonce()` — monotonic nonce that domain-separates P-256 / mixed-sig recovery payloads. */
     getRecoveryNonce: () => Promise<bigint>;
@@ -6155,54 +5702,94 @@ type AirAccountExtensionActions = {
         x: Hex;
         y: Hex;
     }>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+    /**
+     * `_guardianAdditionNonce` — the nonce bound into ADD_GUARDIAN / ADD_P256_GUARDIAN challenges.
+     * Read from internal storage slot 39 (no public getter). MUST be re-fetched immediately before
+     * collecting guardian signatures for `add*WithMixedSigs` (any successful add increments it).
+     */
+    getGuardianAdditionNonce: () => Promise<bigint>;
+    /**
+     * `_guardianRemovalNonce` — the nonce bound into REMOVE_GUARDIAN challenges. Read from internal
+     * storage slot 15 (no public getter). Re-fetch immediately before signing `removeGuardianWithMixedSigs`.
+     */
+    getGuardianRemovalNonce: () => Promise<bigint>;
+    /**
+     * `_tierLimitNonce` — the nonce bound into MODIFY_TIER_LIMITS challenges. Read from internal
+     * storage slot 16 (no public getter). Re-fetch immediately before signing `modifyTierLimitsWithMixedGuardians`.
+     */
+    getTierLimitNonce: () => Promise<bigint>;
+    /** `addP256Guardian(x, y)` — owner-only bootstrap of a passkey guardian (no guardianSig while `count < threshold`). */
     addP256Guardian: (args: {
         x: Hex;
         y: Hex;
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `addP256GuardianWithMixedSigs(x, y, signerIdxs, sigs)` — add a passkey guardian once `count >= threshold` (consensus required). */
     addP256GuardianWithMixedSigs: (args: {
         x: Hex;
         y: Hex;
         signerIdxs: readonly number[];
         sigs: readonly Hex[];
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `addGuardianWithMixedSigs(guardian, signerIdxs, sigs)` — add an ECDSA guardian with mixed-type guardian consensus. */
     addGuardianWithMixedSigs: (args: {
         guardian: Address;
         signerIdxs: readonly number[];
         sigs: readonly Hex[];
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `proposeRecoveryWithSig(newOwner, gIdx, sig)` — passkey guardian proposes recovery (any relayer submits). */
     proposeRecoveryWithSig: (args: {
         newOwner: Address;
         gIdx: number;
         sig: Hex;
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `approveRecoveryWithSig(gIdx, sig)` — passkey guardian approves the active recovery proposal. */
     approveRecoveryWithSig: (args: {
         gIdx: number;
         sig: Hex;
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `cancelRecoveryWithSig(gIdx, sig)` — passkey guardian votes to cancel the active recovery proposal. */
     cancelRecoveryWithSig: (args: {
         gIdx: number;
         sig: Hex;
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `removeGuardianWithMixedSigs(index, signerIdxs, sigs)` — owner-only removal with mixed-type guardian consensus. */
     removeGuardianWithMixedSigs: (args: {
         index: number;
         signerIdxs: readonly number[];
         sigs: readonly Hex[];
-    }) => Promise<never>;
-    /** Batch 2 (P-256 guardian feature). Throws {@link ErrorCode.NOT_IMPLEMENTED}. */
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
+    /** `modifyTierLimitsWithMixedGuardians(tier1, tier2, deadline, signerIdxs, sigs)` — owner-only tier change with mixed consensus. */
     modifyTierLimitsWithMixedGuardians: (args: {
         tier1: bigint;
         tier2: bigint;
         deadline: bigint;
         signerIdxs: readonly number[];
         sigs: readonly Hex[];
-    }) => Promise<never>;
+        account?: Account | Address;
+        maxFeePerGas?: bigint;
+        maxPriorityFeePerGas?: bigint;
+    }) => Promise<Hash>;
 };
 declare const airAccountExtensionActions: (address: Address) => (client: PublicClient$1 | WalletClient) => AirAccountExtensionActions;
 
@@ -6589,6 +6176,241 @@ interface HashToFieldU0U1 {
  */
 declare function hashToFieldU0U1(message: Hex): HashToFieldU0U1;
 
+/**
+ * P-256 (WebAuthn passkey) guardian wire encoders — airaccount-contract v0.20.0
+ * authoritative, byte-for-byte against the published
+ * `AirAccountExtension._verifyWebAuthnP256Sig` + `_p256GuardianChallenge`
+ * (src/core/AirAccountExtension.sol). See `docs/p256-guardian-spec.md` §2, §6.
+ *
+ * ## What the contract actually verifies (NOT the early "simplified" draft)
+ *
+ * A P-256 guardian signs a FULL WebAuthn assertion — exactly what
+ * `navigator.credentials.get()` returns — over the operation challenge:
+ *
+ * ```
+ *  challenge   = keccak256(abi.encode(
+ *                  uint8  GUARDIAN_SIG_VERSION (=4),
+ *                  uint256 chainId,
+ *                  address account,
+ *                  string  "P256_GUARDIAN",        // domain tag
+ *                  string  opLabel,                // "PROPOSE_RECOVERY" / …
+ *                  bytes   opData))                // per-op, see §6
+ *  clientDataJSON = '{"type":"webauthn.get","challenge":"' || base64url(challenge) || suffix
+ *  payloadHash    = sha256(authenticatorData || sha256(clientDataJSON))   // ES256 signs this
+ *  sig (on-chain) = abi.encode(bytes authenticatorData, bytes clientDataJSONPrefix,
+ *                              bytes clientDataJSONSuffix, bytes32 r, bytes32 s)
+ * ```
+ *
+ * The contract rebuilds `base64url(challenge)` on-chain (`_base64UrlEncode32`) and
+ * splices it between the SDK-supplied prefix/suffix, then runs the EIP-7212
+ * precompile against the guardian's stored `(x, y)`. It enforces:
+ *   - `clientDataJSONPrefix == '{"type":"webauthn.get","challenge":"'` (operation-type binding),
+ *   - `authenticatorData.length >= 37` and the UP flag (`authenticatorData[32] & 0x01`),
+ *   - low-S: `uint256(s) <= n/2`.
+ *
+ * It deliberately does NOT bind `origin` / `rpIdHash` / UV (platform-layer RP binding
+ * + challenge domain-separation cover replay). See spec §9.5.
+ *
+ * @module
+ */
+/** Guardian signature scheme version embedded in every challenge (contract: `GUARDIAN_SIG_VERSION`). */
+declare const GUARDIAN_SIG_VERSION: 4;
+/** Domain tag mixed into every P-256 guardian challenge (separates from the ECDSA-guardian hash). */
+declare const P256_GUARDIAN_DOMAIN: "P256_GUARDIAN";
+/**
+ * The EXACT `clientDataJSON` prefix the contract requires (operation-type binding). Any other
+ * prefix is rejected on-chain, so a `webauthn.create` (registration) assertion cannot be replayed
+ * through the `webauthn.get` (recovery) path. The base64url(challenge) MUST immediately follow this.
+ */
+declare const WEBAUTHN_GET_CHALLENGE_PREFIX: "{\"type\":\"webauthn.get\",\"challenge\":\"";
+/** Sentinel address stored in a guardian slot to mark it P-256 (contract: `P256_GUARDIAN_SENTINEL`). */
+declare const P256_GUARDIAN_SENTINEL: Address;
+/** secp256r1 (P-256) curve order `n` (fixed curve parameter). */
+declare const SECP256R1_N = 115792089210356248762697446949407573529996955224135760342422259061068512044369n;
+/**
+ * secp256r1 curve order / 2 — the low-S ceiling the contract enforces
+ * (`AirAccountExtension.SECP256R1_N_OVER_2`).
+ */
+declare const SECP256R1_N_OVER_2: bigint;
+/**
+ * base64url-encode bytes with no padding — byte-identical to the contract's `_base64UrlEncode32`
+ * for 32-byte input (43 chars) and to `Buffer.from(x).toString('base64url')`. Pure JS so `@aastar/core`
+ * stays isomorphic (no node `Buffer`).
+ */
+declare function base64UrlEncode(bytes: Uint8Array): string;
+/** The set of operation labels the contract recognises (string-matched in the challenge). */
+type GuardianOpLabel = 'PROPOSE_RECOVERY' | 'APPROVE_RECOVERY' | 'CANCEL_RECOVERY' | 'REMOVE_GUARDIAN' | 'MODIFY_TIER_LIMITS' | 'ADD_P256_GUARDIAN' | 'ADD_GUARDIAN';
+/** Parameters for {@link buildP256GuardianChallenge}. */
+interface BuildP256GuardianChallengeParams {
+    /** Signature scheme version. Defaults to {@link GUARDIAN_SIG_VERSION} (4). */
+    version?: number;
+    /** EVM chain id the account lives on (`block.chainid`). */
+    chainId: number | bigint;
+    /** The smart-account address (`address(this)` in the extension). */
+    account: Address;
+    /** Operation label, e.g. `"PROPOSE_RECOVERY"`. */
+    opLabel: GuardianOpLabel | string;
+    /** Operation payload (`abi.encode(...)` per op — use the `opData*` builders below). */
+    opData: Hex;
+}
+/**
+ * Build the 32-byte operation challenge the contract derives in `_p256GuardianChallenge`:
+ * `keccak256(abi.encode(uint8 version, uint256 chainId, address account, string "P256_GUARDIAN",
+ *  string opLabel, bytes opData))`. This is the value passed to `navigator.credentials.get()`.
+ */
+declare function buildP256GuardianChallenge(params: BuildP256GuardianChallengeParams): Hex;
+/** `opData` for PROPOSE_RECOVERY / APPROVE_RECOVERY / CANCEL_RECOVERY: `abi.encode(uint256 nonce, address newOwner)`. */
+declare function opDataRecovery(nonce: bigint, newOwner: Address): Hex;
+/** `opData` for ADD_P256_GUARDIAN: `abi.encode(uint256 nonce, bytes32 x, bytes32 y)`. */
+declare function opDataAddP256Guardian(nonce: bigint, x: Hex, y: Hex): Hex;
+/** `opData` for ADD_GUARDIAN (ECDSA): `abi.encode(uint256 nonce, address guardian)`. */
+declare function opDataAddGuardian(nonce: bigint, guardian: Address): Hex;
+/**
+ * `opData` for REMOVE_GUARDIAN (spec §6.4):
+ * `abi.encode(uint256 nonce, uint8 index, address guardianToRemove, bytes32 p256X, bytes32 p256Y)`.
+ * For an ECDSA slot pass the guardian address with `p256X=p256Y=0x0…0`; for a P-256 slot pass
+ * {@link P256_GUARDIAN_SENTINEL} with the slot's stored `(x, y)`.
+ */
+declare function opDataRemoveGuardian(nonce: bigint, index: number, guardianToRemove: Address, p256X: Hex, p256Y: Hex): Hex;
+/** `opData` for MODIFY_TIER_LIMITS: `abi.encode(uint256 nonce, uint256 tier1, uint256 tier2, uint256 deadline)`. */
+declare function opDataModifyTierLimits(nonce: bigint, tier1: bigint, tier2: bigint, deadline: bigint): Hex;
+interface OpChainCtx {
+    chainId: number | bigint;
+    account: Address;
+    version?: number;
+}
+/** Challenge for `proposeRecoveryWithSig(newOwner, gIdx, sig)`. `nonce` = `getRecoveryNonce()`. */
+declare function buildProposeRecoveryChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    newOwner: Address;
+}): Hex;
+/** Challenge for `approveRecoveryWithSig(gIdx, sig)`. `newOwner` = `activeRecovery().newOwner`. */
+declare function buildApproveRecoveryChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    newOwner: Address;
+}): Hex;
+/** Challenge for `cancelRecoveryWithSig(gIdx, sig)`. `newOwner` = `activeRecovery().newOwner`. */
+declare function buildCancelRecoveryChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    newOwner: Address;
+}): Hex;
+/** Challenge for `addP256GuardianWithMixedSigs(x, y, …)`. `nonce` = `_guardianAdditionNonce`. */
+declare function buildAddP256GuardianChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    x: Hex;
+    y: Hex;
+}): Hex;
+/** Challenge for `addGuardianWithMixedSigs(guardian, …)`. `nonce` = `_guardianAdditionNonce`. */
+declare function buildAddGuardianChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    guardian: Address;
+}): Hex;
+/** Challenge for `removeGuardianWithMixedSigs(index, …)`. `nonce` = `_guardianRemovalNonce`. */
+declare function buildRemoveGuardianChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    index: number;
+    guardianToRemove: Address;
+    p256X: Hex;
+    p256Y: Hex;
+}): Hex;
+/** Challenge for `modifyTierLimitsWithMixedGuardians(tier1, tier2, deadline, …)`. `nonce` = `_tierLimitNonce`. */
+declare function buildModifyTierLimitsChallenge(p: OpChainCtx & {
+    nonce: bigint;
+    tier1: bigint;
+    tier2: bigint;
+    deadline: bigint;
+}): Hex;
+/** A signature scalar accepted as a 0x-hex (≤32 bytes), raw bytes, or bigint. */
+type ScalarLike = Hex | Uint8Array | bigint;
+/** Parameters for {@link encodeWebAuthnAssertion}. */
+interface EncodeWebAuthnAssertionParams {
+    /** `authenticatorData` from the assertion: `rpIdHash(32) || flags(1) || signCount(4)` (≥37 bytes, UP set). */
+    authenticatorData: Hex | Uint8Array;
+    /**
+     * The FULL `clientDataJSON` the authenticator signed. MUST start with
+     * {@link WEBAUTHN_GET_CHALLENGE_PREFIX}, immediately followed by the 43-char base64url(challenge).
+     * Split into prefix/suffix here; the contract rebuilds the challenge on-chain.
+     */
+    clientDataJSON: Hex | Uint8Array | string;
+    /** ES256 signature `r` (32-byte scalar). */
+    r: ScalarLike;
+    /** ES256 signature `s` (32-byte scalar). Auto low-S normalised to satisfy the contract. */
+    s: ScalarLike;
+}
+/**
+ * ABI-encode a WebAuthn assertion into the on-chain `sig` the contract consumes:
+ * `abi.encode(bytes authenticatorData, bytes clientDataJSONPrefix, bytes clientDataJSONSuffix,
+ *  bytes32 r, bytes32 s)`.
+ *
+ * Validates the assertion against every constraint the contract enforces so a bad blob fails here
+ * (with a clear message) rather than as a generic on-chain revert:
+ *   - `authenticatorData.length >= 37` and the UP flag (`byte[32] & 0x01`) is set,
+ *   - `clientDataJSON` starts with the exact `webauthn.get` prefix and the 43-char challenge slot
+ *     is immediately followed by the closing `"` (so the contract's reconstruction lines up),
+ *   - `s` is low-S (`<= n/2`) — auto-normalised to `n - s` if the input was high-S (ECDSA-valid).
+ */
+declare function encodeWebAuthnAssertion(params: EncodeWebAuthnAssertionParams): Hex;
+/** Decoded view of an on-chain P-256 guardian `sig` blob. */
+interface DecodedWebAuthnAssertion {
+    authenticatorData: Hex;
+    clientDataJSONPrefix: Hex;
+    clientDataJSONSuffix: Hex;
+    r: Hex;
+    s: Hex;
+}
+/**
+ * Inverse of {@link encodeWebAuthnAssertion} — decode an on-chain `sig` blob back into its parts.
+ * Useful for evidence/decode-verification and debugging a rejected signature.
+ */
+declare function decodeWebAuthnAssertion(sig: Hex): DecodedWebAuthnAssertion;
+declare function coseToP256XY(cosePublicKey: Hex | Uint8Array): {
+    x: Hex;
+    y: Hex;
+};
+/** Parameters for {@link signP256GuardianAssertion}. */
+interface SignP256GuardianAssertionParams {
+    /** Raw 32-byte P-256 private scalar (hex or bytes). */
+    privateKey: Hex | Uint8Array;
+    /** The 32-byte operation challenge (from a `build*Challenge` helper). */
+    challenge: Hex;
+    /**
+     * RP id whose SHA-256 becomes `rpIdHash`. The contract does NOT verify this (§9.5), so any value
+     * works on-chain; defaults to a stable test RP. Set it to your real rpId for fidelity.
+     */
+    rpId?: string;
+    /** `origin` embedded in `clientDataJSON` suffix (also not verified on-chain). */
+    origin?: string;
+    /** authenticatorData flags byte. Defaults to `0x05` (UP | UV); the contract only requires UP (bit 0). */
+    flags?: number;
+    /** authenticatorData signCount (4-byte big-endian). */
+    signCount?: number;
+}
+/** Result of {@link signP256GuardianAssertion}. */
+interface SignedP256GuardianAssertion {
+    /** The on-chain `sig` blob, ready for `proposeRecoveryWithSig` / mixed-sig calls. */
+    sig: Hex;
+    /** authenticatorData used (hex). */
+    authenticatorData: Hex;
+    /** Full clientDataJSON signed (hex). */
+    clientDataJSON: Hex;
+    /** Low-S–normalised signature `r` (bytes32 hex). */
+    r: Hex;
+    /** Low-S–normalised signature `s` (bytes32 hex). */
+    s: Hex;
+}
+/**
+ * Software P-256 authenticator — produces a FULL WebAuthn assertion over `challenge`, byte-for-byte
+ * in the format `navigator.credentials.get()` returns (mirrors the contract's
+ * `test/webauthn/gen_p256_assertion.mjs`). The only difference vs a hardware passkey is WHERE the
+ * key lives. Use for the on-chain evidence E2E and for relaying software-held guardian keys.
+ */
+declare function signP256GuardianAssertion(params: SignP256GuardianAssertionParams): SignedP256GuardianAssertion;
+/** Derive the uncompressed-SEC1 `(x, y)` of a P-256 private key (for `addP256Guardian`). */
+declare function p256GuardianPublicKey(privateKey: Hex | Uint8Array): {
+    x: Hex;
+    y: Hex;
+};
+
 /**
  * Role constants and utilities for AAstar SDK
  * @dev All role hashes and configurations match exactly with Registry.sol v3.0.0
@@ -7045,4 +6867,4 @@ declare function resolveEnsVerified(name: string, options?: EnsOptions): Promise
     verified: boolean;
 }>;
 
-export { AASTAR_COMMUNITY, AAStarAirAccountFactoryV7ABI, AAStarAirAccountFactoryV7Artifact, AAStarAirAccountV7ABI, AAStarAirAccountV7Artifact, AAStarBLSAggregatorABI, AAStarBLSAggregatorArtifact, AAStarBLSAlgorithmABI, AAStarBLSAlgorithmArtifact, AAStarValidatorABI, AAStarValidatorArtifact, AGENT_IDENTITY_REGISTRY_ADDRESS, AGENT_REPUTATION_REGISTRY_ADDRESS, ALL_ADDRESSES, ALL_ROLES, APNTS_ADDRESS, type AccountActions, type AccountBalance, type AccountFactoryActions, type AgentActions, AgentRegistryABI, type AgentRegistryActions, AgentRegistryArtifact, type AgentSponsorshipPolicy, type AggregatorActions, type AirAccountActions, AirAccountDelegateABI, AirAccountDelegateArtifact, AirAccountExtensionABI, type AirAccountExtensionActions, AirAccountExtensionArtifact, type AirAccountFactoryActions, type AssetPolicy, type AssetPolicyInput, AuthorizationState, BLSAggregatorABI, BLSAggregatorArtifact, type BLSAlgorithmActions, type BLSG1Point, BLSHelpers, BLSSigner, BLSValidatorABI, BLSValidatorArtifact, BLS_AGGREGATOR_ADDRESS, BLS_POP_DST, BLS_VALIDATOR_ADDRESS, BPS_DENOMINATOR, BRANDING, BREAD_COMMUNITY, type BalanceValidationParams, type BatchMintResult, BundlerClient, type BundlerResponse, CANONICAL_ADDRESSES, CHAIN_MAINNET, CHAIN_SEPOLIA, COMMUNITIES, COMMUNITY_OWNERS, CONTRACTS, CONTRACT_METADATA, CONTRACT_SRC_HASH, CORE_ADDRESSES, CalldataParserRegistryABI, CalldataParserRegistryArtifact, type CanonicalAddresses, type CheckResourcesOptions, type CommunityConfig, type CommunityProfile, type ContractCategory, ContractConfigManager, type ContractNetwork, type ContractScope, type ContractScopeInput, type ContractVersion, DEFAULT_ADMIN_ROLE, DEFAULT_APNTS_PRICE_USD, DEFAULT_CALL_GAS_LIMIT, DEFAULT_GAS_TOKEN_MINT_AMOUNT, DEFAULT_PRE_VERIFICATION_GAS, DEFAULT_TIMEOUT_MS, DEFAULT_TOKEN_NAME, DEFAULT_TOKEN_SYMBOL, DEFAULT_USDT_MINT_AMOUNT, DEFAULT_VERIFICATION_GAS_LIMIT, type DVTAccountSignatureParams, type DVTActions, type DVTTier, DVTValidatorABI, DVTValidatorArtifact, DVT_TIER_T2, DVT_TIER_T3, DVT_VALIDATOR_ADDRESS, type DeploymentValidationParams, type DryRunValidationResult, ENTRY_POINT_ADDRESS, type ERC20Actions, type EnsOptions, EntryPointABI, type EntryPointActions, EntryPointArtifact, EntryPointVersion, FAUCET_API_URL, type FaucetConfig, type FaucetPreparationResult, type ForceExitActions, ForceExitModuleABI, ForceExitModuleArtifact, GTOKEN_ADDRESS, GTOKEN_STAKING_ADDRESS, GTokenABI, type GTokenActions, GTokenArtifact, GTokenAuthorizationABI, type GTokenAuthorizationActions, GTokenAuthorizationArtifact, GTokenStakingABI, GTokenStakingArtifact, type HashToFieldU0U1, type HeliosTransportConfig, INITIAL_ROLE_STAKES, type InitConfig, LINKS, MAX_SERVICE_FEE, MICRO_PAYMENT_CHANNEL_ADDRESS, MONITORING_ADDRESSES, MicroPaymentChannelABI, MicroPaymentChannelArtifact, MySBTABI, MySBTArtifact, NETWORKS, NODE_STAKE_AMOUNTS, type NetworkContracts, NodeType, OFFICIAL_ADDRESSES, type OperatorConfig, type OperatorMode, type P256SessionState, PAYMASTER_ADDRESSES, PAYMASTER_FACTORY_ADDRESS, PAYMASTER_V4_ADDRESS, PAYMASTER_V4_IMPL_ADDRESS, type PackedUserOperation, PaymasterABI, type PaymasterActions, PaymasterArtifact, PaymasterFactoryABI, type PaymasterFactoryActions, PaymasterFactoryArtifact, type PendingExit, type PendingModuleInstall, PolicyDecision, PolicyRegistryABI, type PolicyRegistryActions, PolicyRegistryArtifact, PublicClient, REGISTRY_ADDRESS, REPUTATION_SYSTEM_ADDRESS, ROLE_ANODE, ROLE_COMMUNITY, ROLE_DVT, ROLE_ENDUSER, ROLE_KMS, ROLE_NAMES, ROLE_PAYMASTER_AOA, ROLE_PAYMASTER_SUPER, ROLE_PERMISSION_LEVELS, RegistryABI, type RegistryActions, RegistryArtifact, type ReputationActions, type ReputationBreakdown, type ReputationRule, ReputationSystemABI, ReputationSystemArtifact, RequirementChecker, type ResolvedAPNTsToken, type ResourceBoolCheck, type ResourceReport, type ResourceStakeCheck, type RoleConfig, type RoleConfigDetailed, RolePermissionLevel, type RoleRequirement, type RoleValidationParams, type SBTActions, type SBTData, type SBTMembership, SBT_ADDRESS, SEPOLIA_CONTRACTS, SEPOLIA_V2_VERSIONS, SERVICE_FEE_RATE, SUPER_PAYMASTER_ADDRESS, SepoliaFaucetAPI, type SessionConfig, SessionKeyValidatorABI, type SessionKeyValidatorActions, SessionKeyValidatorArtifact, SimpleAccountABI, SimpleAccountArtifact, SimpleAccountFactoryABI, SimpleAccountFactoryArtifact, type SlashRecord, type SpendCounter, type StakingActions, StateValidator, SuperPaymasterABI, type SuperPaymasterActions, SuperPaymasterArtifact, type SuperPaymasterConfig, type SupportedChainId, type SupportedNetwork, TEST_ACCOUNT_ADDRESSES, TEST_ACCOUNT_POOL_SIZE, TEST_COMMUNITIES, TEST_TOKEN_ADDRESSES, TOKEN_ADDRESSES, type TokenActions, type TokenBalanceValidationParams, type TokenConfig, type UserOperationV07, V2_SUMMARY, type ValidationParams, type ValidationResult, type X402Actions, X402FacilitatorABI, X402FacilitatorArtifact, XPNTS_FACTORY_ADDRESS, type XPNTsFactoryActions, type XPNTsTokenActions, accountActions, accountFactoryActions, agentActions, agentRegistryActions, aggregatorActions, airAccountActions, airAccountExtensionActions, airAccountFactoryActions, applyConfig, blsAlgorithmActions, createAAStarPublicClient, createHeliosTransport, describeSupportedChains, dvtActions, encodeDVTAccountSignature, encodeDVTVerifierProof, encodeG2Point, entryPointActions, forceExitActions, gTokenActions, gTokenAuthorizationActions, getAddressUrl, getAllCommunityConfigs, getAllV2Contracts, getBlockExplorer, getCanonicalAddresses, getChainId, getCommunities, getCommunity, getCommunityConfig, getContract, getContractNetworks, getContracts, getCoreContracts, getDeploymentDate, getEntryPoint, getNetwork, getPaymasterV4_1, getRoleName, getRpcUrl, getSimpleAccountFactory, getSuperPaymasterV2, getTestAccounts, getTestTokenContracts, getTokenContracts, getTxUrl, getV2ContractByAddress, getV2ContractByName, getV2ContractsByDate, hashToFieldU0U1, isContractNetworkSupported, isRegisteredCommunity, isSupportedChainId, isV2Contract, listSupportedChainIds, lookupAddress, paymasterActions, paymasterFactoryActions, policyRegistryActions, registryActions, reputationActions, resolveEns, resolveEnsVerified, sbtActions, sessionKeyValidatorActions, stakingActions, superPaymasterActions, tokenActions, x402Actions, x402IsNonceUsed, x402NonceKey, xPNTsFactoryABI, xPNTsFactoryActions, xPNTsFactoryArtifact, xPNTsTokenABI, xPNTsTokenActions, xPNTsTokenArtifact };
+export { AASTAR_COMMUNITY, AAStarAirAccountFactoryV7ABI, AAStarAirAccountFactoryV7Artifact, AAStarAirAccountV7ABI, AAStarAirAccountV7Artifact, AAStarBLSAggregatorABI, AAStarBLSAggregatorArtifact, AAStarBLSAlgorithmABI, AAStarBLSAlgorithmArtifact, AAStarValidatorABI, AAStarValidatorArtifact, AGENT_IDENTITY_REGISTRY_ADDRESS, AGENT_REPUTATION_REGISTRY_ADDRESS, ALL_ADDRESSES, ALL_ROLES, APNTS_ADDRESS, type AccountActions, type AccountBalance, type AccountFactoryActions, type AgentActions, AgentRegistryABI, type AgentRegistryActions, AgentRegistryArtifact, type AgentSponsorshipPolicy, type AggregatorActions, AirAccountDelegateABI, AirAccountDelegateArtifact, AirAccountExtensionABI, type AirAccountExtensionActions, AirAccountExtensionArtifact, type AirAccountFactoryActions, type AssetPolicy, type AssetPolicyInput, AuthorizationState, BLSAggregatorABI, BLSAggregatorArtifact, type BLSAlgorithmActions, type BLSG1Point, BLSHelpers, BLSSigner, BLSValidatorABI, BLSValidatorArtifact, BLS_AGGREGATOR_ADDRESS, BLS_POP_DST, BLS_VALIDATOR_ADDRESS, BPS_DENOMINATOR, BRANDING, BREAD_COMMUNITY, type BalanceValidationParams, type BatchMintResult, type BuildP256GuardianChallengeParams, BundlerClient, type BundlerResponse, CANONICAL_ADDRESSES, CHAIN_MAINNET, CHAIN_SEPOLIA, COMMUNITIES, COMMUNITY_OWNERS, CONTRACTS, CONTRACT_METADATA, CONTRACT_SRC_HASH, CORE_ADDRESSES, CalldataParserRegistryABI, CalldataParserRegistryArtifact, type CanonicalAddresses, type CheckResourcesOptions, type CommunityConfig, type CommunityProfile, type ContractCategory, ContractConfigManager, type ContractNetwork, type ContractScope, type ContractScopeInput, type ContractVersion, DEFAULT_ADMIN_ROLE, DEFAULT_APNTS_PRICE_USD, DEFAULT_CALL_GAS_LIMIT, DEFAULT_GAS_TOKEN_MINT_AMOUNT, DEFAULT_PRE_VERIFICATION_GAS, DEFAULT_TIMEOUT_MS, DEFAULT_TOKEN_NAME, DEFAULT_TOKEN_SYMBOL, DEFAULT_USDT_MINT_AMOUNT, DEFAULT_VERIFICATION_GAS_LIMIT, type DVTAccountSignatureParams, type DVTActions, type DVTTier, DVTValidatorABI, DVTValidatorArtifact, DVT_TIER_T2, DVT_TIER_T3, DVT_VALIDATOR_ADDRESS, type DecodedWebAuthnAssertion, type DeploymentValidationParams, ENTRY_POINT_ADDRESS, type ERC20Actions, type EncodeWebAuthnAssertionParams, type EnsOptions, EntryPointABI, type EntryPointActions, EntryPointArtifact, EntryPointVersion, FAUCET_API_URL, type FaucetConfig, type FaucetPreparationResult, type ForceExitActions, ForceExitModuleABI, ForceExitModuleArtifact, GTOKEN_ADDRESS, GTOKEN_STAKING_ADDRESS, GTokenABI, type GTokenActions, GTokenArtifact, GTokenAuthorizationABI, type GTokenAuthorizationActions, GTokenAuthorizationArtifact, GTokenStakingABI, GTokenStakingArtifact, GUARDIAN_ADDITION_NONCE_SLOT, GUARDIAN_REMOVAL_NONCE_SLOT, GUARDIAN_SIG_VERSION, type GuardianOpLabel, type HashToFieldU0U1, type HeliosTransportConfig, INITIAL_ROLE_STAKES, InitConfig, LINKS, MAX_GUARDIAN_SLOT, MAX_SERVICE_FEE, MICRO_PAYMENT_CHANNEL_ADDRESS, MONITORING_ADDRESSES, MicroPaymentChannelABI, MicroPaymentChannelArtifact, MySBTABI, MySBTArtifact, NETWORKS, NODE_STAKE_AMOUNTS, type NetworkContracts, NodeType, OFFICIAL_ADDRESSES, type OperatorMode, type P256SessionState, P256_GUARDIAN_DOMAIN, P256_GUARDIAN_SENTINEL, PAYMASTER_ADDRESSES, PAYMASTER_FACTORY_ADDRESS, PAYMASTER_V4_ADDRESS, PAYMASTER_V4_IMPL_ADDRESS, PaymasterABI, type PaymasterActions, PaymasterArtifact, PaymasterFactoryABI, type PaymasterFactoryActions, PaymasterFactoryArtifact, type PendingExit, PolicyDecision, PolicyRegistryABI, type PolicyRegistryActions, PolicyRegistryArtifact, PublicClient, RECOVERY_NONCE_SLOT, REGISTRY_ADDRESS, REPUTATION_SYSTEM_ADDRESS, ROLE_ANODE, ROLE_COMMUNITY, ROLE_DVT, ROLE_ENDUSER, ROLE_KMS, ROLE_NAMES, ROLE_PAYMASTER_AOA, ROLE_PAYMASTER_SUPER, ROLE_PERMISSION_LEVELS, RegistryABI, type RegistryActions, RegistryArtifact, type ReputationActions, type ReputationBreakdown, type ReputationRule, ReputationSystemABI, ReputationSystemArtifact, RequirementChecker, type ResourceBoolCheck, type ResourceReport, type ResourceStakeCheck, type RoleConfig, type RoleConfigDetailed, RolePermissionLevel, type RoleRequirement, type RoleValidationParams, type SBTActions, type SBTData, type SBTMembership, SBT_ADDRESS, SECP256R1_N, SECP256R1_N_OVER_2, SEPOLIA_CONTRACTS, SEPOLIA_V2_VERSIONS, SERVICE_FEE_RATE, SUPER_PAYMASTER_ADDRESS, type ScalarLike, SepoliaFaucetAPI, type SessionConfig, SessionKeyValidatorABI, type SessionKeyValidatorActions, SessionKeyValidatorArtifact, type SignP256GuardianAssertionParams, type SignedP256GuardianAssertion, SimpleAccountABI, SimpleAccountArtifact, SimpleAccountFactoryABI, SimpleAccountFactoryArtifact, type SpendCounter, type StakingActions, StateValidator, SuperPaymasterABI, SuperPaymasterArtifact, type SuperPaymasterConfig, type SupportedChainId, type SupportedNetwork, TEST_ACCOUNT_ADDRESSES, TEST_ACCOUNT_POOL_SIZE, TEST_COMMUNITIES, TEST_TOKEN_ADDRESSES, TIER_LIMIT_NONCE_SLOT, TOKEN_ADDRESSES, type TokenActions, type TokenBalanceValidationParams, type UserOperationV07, V2_SUMMARY, type ValidationParams, type ValidationResult, WEBAUTHN_GET_CHALLENGE_PREFIX, type X402Actions, X402FacilitatorABI, X402FacilitatorArtifact, XPNTS_FACTORY_ADDRESS, type XPNTsFactoryActions, type XPNTsTokenActions, accountActions, accountFactoryActions, agentActions, agentRegistryActions, aggregatorActions, airAccountExtensionActions, airAccountFactoryActions, applyConfig, base64UrlEncode, blsAlgorithmActions, buildAddGuardianChallenge, buildAddP256GuardianChallenge, buildApproveRecoveryChallenge, buildCancelRecoveryChallenge, buildModifyTierLimitsChallenge, buildP256GuardianChallenge, buildProposeRecoveryChallenge, buildRemoveGuardianChallenge, coseToP256XY, createAAStarPublicClient, createHeliosTransport, decodeWebAuthnAssertion, describeSupportedChains, dvtActions, encodeDVTAccountSignature, encodeDVTVerifierProof, encodeG2Point, encodeWebAuthnAssertion, entryPointActions, forceExitActions, gTokenActions, gTokenAuthorizationActions, getAddressUrl, getAllCommunityConfigs, getAllV2Contracts, getBlockExplorer, getCanonicalAddresses, getChainId, getCommunities, getCommunity, getCommunityConfig, getContract, getContractNetworks, getContracts, getCoreContracts, getDeploymentDate, getEntryPoint, getNetwork, getPaymasterV4_1, getRoleName, getRpcUrl, getSimpleAccountFactory, getSuperPaymasterV2, getTestAccounts, getTestTokenContracts, getTokenContracts, getTxUrl, getV2ContractByAddress, getV2ContractByName, getV2ContractsByDate, hashToFieldU0U1, isContractNetworkSupported, isRegisteredCommunity, isSupportedChainId, isV2Contract, listSupportedChainIds, lookupAddress, opDataAddGuardian, opDataAddP256Guardian, opDataModifyTierLimits, opDataRecovery, opDataRemoveGuardian, p256GuardianPublicKey, paymasterActions, paymasterFactoryActions, policyRegistryActions, registryActions, reputationActions, resolveEns, resolveEnsVerified, sbtActions, sessionKeyValidatorActions, signP256GuardianAssertion, stakingActions, tokenActions, x402Actions, x402IsNonceUsed, x402NonceKey, xPNTsFactoryABI, xPNTsFactoryActions, xPNTsFactoryArtifact, xPNTsTokenABI, xPNTsTokenActions, xPNTsTokenArtifact };