@aastar/sdk 0.23.0 → 0.24.1

package/dist/channel.cjs

@@ -1,7 +1,7 @@
 'use strict';
 
-var chunk2GZMRCQW_cjs = require('./chunk-2GZMRCQW.cjs');
-require('./chunk-MFBTMF5U.cjs');
+var chunkA4ICWCHR_cjs = require('./chunk-A4ICWCHR.cjs');
+require('./chunk-MOJJ7QF6.cjs');
 require('./chunk-MXJEULSE.cjs');
 require('./chunk-Q7SFCCGT.cjs');
 
@@ -9,19 +9,19 @@ require('./chunk-Q7SFCCGT.cjs');
 
 Object.defineProperty(exports, "ChannelClient", {
   enumerable: true,
-  get: function () { return chunk2GZMRCQW_cjs.ChannelClient; }
+  get: function () { return chunkA4ICWCHR_cjs.ChannelClient; }
 });
 Object.defineProperty(exports, "VOUCHER_TYPES", {
   enumerable: true,
-  get: function () { return chunk2GZMRCQW_cjs.VOUCHER_TYPES; }
+  get: function () { return chunkA4ICWCHR_cjs.VOUCHER_TYPES; }
 });
 Object.defineProperty(exports, "getVoucherDomain", {
   enumerable: true,
-  get: function () { return chunk2GZMRCQW_cjs.getVoucherDomain; }
+  get: function () { return chunkA4ICWCHR_cjs.getVoucherDomain; }
 });
 Object.defineProperty(exports, "signVoucher", {
   enumerable: true,
-  get: function () { return chunk2GZMRCQW_cjs.signVoucher; }
+  get: function () { return chunkA4ICWCHR_cjs.signVoucher; }
 });
 //# sourceMappingURL=channel.cjs.map
 //# sourceMappingURL=channel.cjs.map

package/dist/channel.js

@@ -1,5 +1,5 @@
-export { ChannelClient, VOUCHER_TYPES, getVoucherDomain, signVoucher } from './chunk-SXLWFZFX.js';
-import './chunk-5G5SB6CP.js';
+export { ChannelClient, VOUCHER_TYPES, getVoucherDomain, signVoucher } from './chunk-PNBK2CLK.js';
+import './chunk-BYVG7MO7.js';
 import './chunk-UCLK6LTB.js';
 import './chunk-PZ5AY32C.js';
 //# sourceMappingURL=channel.js.map

package/dist/{chunk-V65JXHM6.js → chunk-2UC7UPHV.js}

@@ -1,7 +1,7 @@
 import { selectorFromId, keccak256, solidityPacked, ERC4337Utils, BLSManager, resolveTier, algIdForTier, encodeAbiParams, ecdsa, ALG_CUMULATIVE_T3, ALG_CUMULATIVE_T2, ALG_P256, ALG_ECDSA, ALG_BLS, weierstrass, sha256 } from './chunk-X3AMH53O.js';
-import { buildInitConfig } from './chunk-5G5SB6CP.js';
-import { CANONICAL_ADDRESSES } from './chunk-UCLK6LTB.js';
-import { parseAbi, createPublicClient, http, getContract, formatEther, parseUnits, parseEther, encodeFunctionData, concat, numberToHex, zeroAddress, hexToBytes, formatUnits, encodeAbiParameters, keccak256 as keccak256$1, hashMessage as hashMessage$1, toRlp, concatHex, recoverAddress as recoverAddress$1 } from 'viem';
+import { buildInitConfig, needsValidatorRouter, airAccountActions, airAccountFactoryActions } from './chunk-BYVG7MO7.js';
+import { CANONICAL_ADDRESSES, getCanonicalAddresses } from './chunk-UCLK6LTB.js';
+import { parseAbi, createPublicClient, http, getContract, formatEther, parseUnits, parseEther, encodeFunctionData, zeroAddress, concat, numberToHex, hexToBytes, formatUnits, encodeAbiParameters, keccak256 as keccak256$1, hashMessage as hashMessage$1, toRlp, concatHex, recoverAddress as recoverAddress$1 } from 'viem';
 import axios from 'axios';
 import { createHash } from 'crypto';
 import { privateKeyToAccount } from 'viem/accounts';
@@ -465,6 +465,10 @@ var EthereumProvider = class {
   getBundlerProvider() {
     return this.bundlerProvider;
   }
+  /** EVM chain id from the validated ServerConfig (deterministic — no RPC round-trip). */
+  getChainId() {
+    return this.config.chainId;
+  }
   /**
    * Raw bundler JSON-RPC call. The bundler exposes non-standard methods
    * (eth_sendUserOperation, pimlico_getUserOperationGasPrice, ...) that are not in
@@ -1099,8 +1103,130 @@ var AccountManager = class {
     this.logger.log(
       `[AccountManager] account created with ${params.p256Guardians.length} P-256 guardian(s): ${accountAddress}`
     );
+    if (needsValidatorRouter(config.approvedAlgIds)) {
+      this.logger.log(
+        `[AccountManager] account ${accountAddress} approved a router-delegated algorithm (approvedAlgIds=[${config.approvedAlgIds.join(", ")}]); use deployAndWireValidator(userId, { walletClient }) to deploy + setValidator(router) in one call (or ensureValidatorRouter(userId) after a manual deploy) \u2014 required for those algIds to validate.`
+      );
+    }
     return account;
   }
+  /**
+   * Gap B — wire the validator router for an account that approved a ROUTER-DELEGATED signature
+   * algorithm (BLS 0x01, cumulative T2 0x04, T3 0x05, weighted 0x07, session 0x08, ...). Such an
+   * account's `_validateTripleSignature` / `_callBLSValidator` return `1` (FAIL) while
+   * `validator() == address(0)`, so the algorithm is non-functional until the owner calls
+   * `setValidator(router)` (onlyOwner, SET-ONCE). Inline algIds (ECDSA 0x02, P256 0x03, COMBINED_T1
+   * 0x06) need no router and are a no-op here.
+   *
+   * MUST be called AFTER the account is deployed (setValidator is onlyOwner and needs code) — the
+   * lazy/counterfactual deploy path cannot setValidator at predict-time. Idempotent: re-running after
+   * the validator is set is a no-op (`reason: 'validator already set'`).
+   *
+   * On-chain access matches the rest of this package: reads via the EthereumProvider's PublicClient
+   * (`getAccountContract(...).read.validator()` and `getProvider().getCode()`); the state-changing
+   * `setValidator` is sent through a caller-supplied `WalletClient` whose account is the owner —
+   * the same convention used by `PaymasterManager.updatePrice` / `ForceExitService` (this manager's
+   * narrow `ISignerAdapter` only EIP-191 personal-signs and cannot send transactions).
+   *
+   * @param userId  the account owner's user id (storage key)
+   * @param opts.router        override the router address (defaults to the chain's canonical
+   *                           `aaStarValidator`); pass to target a non-canonical router
+   * @param opts.walletClient  viem WalletClient signing as the account OWNER — REQUIRED to send the tx
+   */
+  async ensureValidatorRouter(userId, opts) {
+    const account = await this.storage.findAccountByUserId(userId);
+    if (!account) throw new Error("Account not found");
+    const approvedAlgIds = account.approvedAlgIds;
+    if (!approvedAlgIds || approvedAlgIds.length === 0) {
+      return { set: false, reason: "no approvedAlgIds / not router-delegated" };
+    }
+    if (!needsValidatorRouter(approvedAlgIds)) {
+      return { set: false, reason: "no router-delegated algorithm" };
+    }
+    const chainId = this.ethereum.getChainId();
+    const canonicalRouter = getCanonicalAddresses(chainId)?.aaStarValidator;
+    const router = opts?.router ?? canonicalRouter;
+    if (!router || router.toLowerCase() === zeroAddress) {
+      return { set: false, reason: `no canonical validator router for chain ${chainId}` };
+    }
+    let deployed = false;
+    try {
+      const code = await this.ethereum.getProvider().getCode({ address: account.address });
+      deployed = !!code && code !== "0x";
+    } catch {
+    }
+    if (!deployed) {
+      return { set: false, reason: "account not deployed yet \u2014 call after deploy" };
+    }
+    const current = await this.ethereum.getAccountContract(account.address).read.validator([]);
+    if (current && current.toLowerCase() !== zeroAddress) {
+      return { set: false, reason: "validator already set" };
+    }
+    const walletClient = opts?.walletClient;
+    if (!walletClient || !walletClient.account) {
+      return {
+        set: false,
+        reason: "walletClient (account owner) required to send setValidator",
+        router
+      };
+    }
+    const tx = await airAccountActions(account.address)(walletClient).setValidator({
+      validator: router,
+      account: walletClient.account
+    });
+    this.logger.log(
+      `[AccountManager] setValidator(${router}) sent for account ${account.address} (tx ${tx})`
+    );
+    return { set: true, tx, router };
+  }
+  /**
+   * Gap B (complete auto-wiring): deploy a router-delegated account AND set its validator router in
+   * ONE call, so a BLS / cumulative / session-key account is immediately functional — no separate
+   * manual `ensureValidatorRouter` step. The factory's lazy first-UserOp deploy cannot bootstrap such
+   * an account (its own algorithm can't validate until the router is wired), so this performs an
+   * explicit `factory.createAccount(owner, salt, config)` deploy (if the account has no code yet),
+   * waits for it, then wires `setValidator(router)`. Both txs go through the caller-supplied owner/
+   * deployer `WalletClient` (this manager holds no transaction signer). For inline algIds (ECDSA/P256/
+   * COMBINED_T1) the validator step is a documented no-op.
+   *
+   * @returns `{ deployTx?, validator }` — `deployTx` is undefined if the account was already deployed.
+   */
+  async deployAndWireValidator(userId, opts) {
+    const account = await this.storage.findAccountByUserId(userId);
+    if (!account) throw new Error("Account not found");
+    const walletClient = opts.walletClient;
+    if (!walletClient || !walletClient.account) {
+      throw new Error("deployAndWireValidator: a walletClient (deployer/owner) is required");
+    }
+    let deployTx;
+    let code = "0x";
+    try {
+      code = await this.ethereum.getProvider().getCode({ address: account.address }) ?? "0x";
+    } catch {
+    }
+    if (!code || code === "0x") {
+      const config = initConfigFromRecord(account);
+      deployTx = await airAccountFactoryActions(account.factoryAddress)(walletClient).createAccount({
+        owner: account.signerAddress,
+        salt: BigInt(account.salt),
+        config,
+        account: walletClient.account
+      });
+      await this.ethereum.getProvider().waitForTransactionReceipt({ hash: deployTx });
+      account.deployed = true;
+      account.deploymentTxHash = deployTx;
+      await this.storage.saveAccount(account);
+      this.logger.log(`[AccountManager] deployed account ${account.address} (tx ${deployTx})`);
+    }
+    const validator = await this.ensureValidatorRouter(userId, {
+      walletClient,
+      router: opts.router
+    });
+    if (validator.set && validator.tx) {
+      await this.ethereum.getProvider().waitForTransactionReceipt({ hash: validator.tx });
+    }
+    return { deployTx, validator };
+  }
 };
 var EXECUTE_USER_OP_SELECTOR = selectorFromId(
   "executeUserOp((address,uint256,bytes,bytes,bytes32,uint256,bytes32,bytes,bytes),bytes32)"
@@ -4864,5 +4990,5 @@ var LocalWalletSigner = class {
 */
 
 export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, AirAccountServerClient, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildFullInitConfig, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, initConfigFromRecord, initConfigToTuple, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, serializeGuardianSpecs, toGuardianSpecs, validateConfig, wrapExecuteUserOp };
-//# sourceMappingURL=chunk-V65JXHM6.js.map
-//# sourceMappingURL=chunk-V65JXHM6.js.map
+//# sourceMappingURL=chunk-2UC7UPHV.js.map
+//# sourceMappingURL=chunk-2UC7UPHV.js.map