@aastar/sdk 0.23.0 → 0.24.0

package/dist/{chunk-V65JXHM6.js → chunk-YUFQIYLR.js}

@@ -1,7 +1,7 @@
 import { selectorFromId, keccak256, solidityPacked, ERC4337Utils, BLSManager, resolveTier, algIdForTier, encodeAbiParams, ecdsa, ALG_CUMULATIVE_T3, ALG_CUMULATIVE_T2, ALG_P256, ALG_ECDSA, ALG_BLS, weierstrass, sha256 } from './chunk-X3AMH53O.js';
-import { buildInitConfig } from './chunk-5G5SB6CP.js';
-import { CANONICAL_ADDRESSES } from './chunk-UCLK6LTB.js';
-import { parseAbi, createPublicClient, http, getContract, formatEther, parseUnits, parseEther, encodeFunctionData, concat, numberToHex, zeroAddress, hexToBytes, formatUnits, encodeAbiParameters, keccak256 as keccak256$1, hashMessage as hashMessage$1, toRlp, concatHex, recoverAddress as recoverAddress$1 } from 'viem';
+import { buildInitConfig, needsValidatorRouter, airAccountActions } from './chunk-BYVG7MO7.js';
+import { CANONICAL_ADDRESSES, getCanonicalAddresses } from './chunk-UCLK6LTB.js';
+import { parseAbi, createPublicClient, http, getContract, formatEther, parseUnits, parseEther, encodeFunctionData, zeroAddress, concat, numberToHex, hexToBytes, formatUnits, encodeAbiParameters, keccak256 as keccak256$1, hashMessage as hashMessage$1, toRlp, concatHex, recoverAddress as recoverAddress$1 } from 'viem';
 import axios from 'axios';
 import { createHash } from 'crypto';
 import { privateKeyToAccount } from 'viem/accounts';
@@ -465,6 +465,10 @@ var EthereumProvider = class {
   getBundlerProvider() {
     return this.bundlerProvider;
   }
+  /** EVM chain id from the validated ServerConfig (deterministic — no RPC round-trip). */
+  getChainId() {
+    return this.config.chainId;
+  }
   /**
    * Raw bundler JSON-RPC call. The bundler exposes non-standard methods
    * (eth_sendUserOperation, pimlico_getUserOperationGasPrice, ...) that are not in
@@ -1099,8 +1103,82 @@ var AccountManager = class {
     this.logger.log(
       `[AccountManager] account created with ${params.p256Guardians.length} P-256 guardian(s): ${accountAddress}`
     );
+    if (needsValidatorRouter(config.approvedAlgIds)) {
+      this.logger.log(
+        `[AccountManager] account ${accountAddress} approved a router-delegated algorithm (approvedAlgIds=[${config.approvedAlgIds.join(", ")}]); call ensureValidatorRouter(userId) AFTER the account is deployed to wire setValidator(router) \u2014 required for those algIds to validate.`
+      );
+    }
     return account;
   }
+  /**
+   * Gap B — wire the validator router for an account that approved a ROUTER-DELEGATED signature
+   * algorithm (BLS 0x01, cumulative T2 0x04, T3 0x05, weighted 0x07, session 0x08, ...). Such an
+   * account's `_validateTripleSignature` / `_callBLSValidator` return `1` (FAIL) while
+   * `validator() == address(0)`, so the algorithm is non-functional until the owner calls
+   * `setValidator(router)` (onlyOwner, SET-ONCE). Inline algIds (ECDSA 0x02, P256 0x03, COMBINED_T1
+   * 0x06) need no router and are a no-op here.
+   *
+   * MUST be called AFTER the account is deployed (setValidator is onlyOwner and needs code) — the
+   * lazy/counterfactual deploy path cannot setValidator at predict-time. Idempotent: re-running after
+   * the validator is set is a no-op (`reason: 'validator already set'`).
+   *
+   * On-chain access matches the rest of this package: reads via the EthereumProvider's PublicClient
+   * (`getAccountContract(...).read.validator()` and `getProvider().getCode()`); the state-changing
+   * `setValidator` is sent through a caller-supplied `WalletClient` whose account is the owner —
+   * the same convention used by `PaymasterManager.updatePrice` / `ForceExitService` (this manager's
+   * narrow `ISignerAdapter` only EIP-191 personal-signs and cannot send transactions).
+   *
+   * @param userId  the account owner's user id (storage key)
+   * @param opts.router        override the router address (defaults to the chain's canonical
+   *                           `aaStarValidator`); pass to target a non-canonical router
+   * @param opts.walletClient  viem WalletClient signing as the account OWNER — REQUIRED to send the tx
+   */
+  async ensureValidatorRouter(userId, opts) {
+    const account = await this.storage.findAccountByUserId(userId);
+    if (!account) throw new Error("Account not found");
+    const approvedAlgIds = account.approvedAlgIds;
+    if (!approvedAlgIds || approvedAlgIds.length === 0) {
+      return { set: false, reason: "no approvedAlgIds / not router-delegated" };
+    }
+    if (!needsValidatorRouter(approvedAlgIds)) {
+      return { set: false, reason: "no router-delegated algorithm" };
+    }
+    const chainId = this.ethereum.getChainId();
+    const canonicalRouter = getCanonicalAddresses(chainId)?.aaStarValidator;
+    const router = opts?.router ?? canonicalRouter;
+    if (!router || router.toLowerCase() === zeroAddress) {
+      return { set: false, reason: `no canonical validator router for chain ${chainId}` };
+    }
+    let deployed = false;
+    try {
+      const code = await this.ethereum.getProvider().getCode({ address: account.address });
+      deployed = !!code && code !== "0x";
+    } catch {
+    }
+    if (!deployed) {
+      return { set: false, reason: "account not deployed yet \u2014 call after deploy" };
+    }
+    const current = await this.ethereum.getAccountContract(account.address).read.validator([]);
+    if (current && current.toLowerCase() !== zeroAddress) {
+      return { set: false, reason: "validator already set" };
+    }
+    const walletClient = opts?.walletClient;
+    if (!walletClient || !walletClient.account) {
+      return {
+        set: false,
+        reason: "walletClient (account owner) required to send setValidator",
+        router
+      };
+    }
+    const tx = await airAccountActions(account.address)(walletClient).setValidator({
+      validator: router,
+      account: walletClient.account
+    });
+    this.logger.log(
+      `[AccountManager] setValidator(${router}) sent for account ${account.address} (tx ${tx})`
+    );
+    return { set: true, tx, router };
+  }
 };
 var EXECUTE_USER_OP_SELECTOR = selectorFromId(
   "executeUserOp((address,uint256,bytes,bytes,bytes32,uint256,bytes32,bytes,bytes),bytes32)"
@@ -4864,5 +4942,5 @@ var LocalWalletSigner = class {
 */
 
 export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, AirAccountServerClient, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildFullInitConfig, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, initConfigFromRecord, initConfigToTuple, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, serializeGuardianSpecs, toGuardianSpecs, validateConfig, wrapExecuteUserOp };
-//# sourceMappingURL=chunk-V65JXHM6.js.map
-//# sourceMappingURL=chunk-V65JXHM6.js.map
+//# sourceMappingURL=chunk-YUFQIYLR.js.map
+//# sourceMappingURL=chunk-YUFQIYLR.js.map