@aastar/sdk 0.24.1 → 0.25.0

package/dist/{chunk-2UC7UPHV.js → chunk-D2RDBN46.js}

@@ -1,6 +1,6 @@
 import { selectorFromId, keccak256, solidityPacked, ERC4337Utils, BLSManager, resolveTier, algIdForTier, encodeAbiParams, ecdsa, ALG_CUMULATIVE_T3, ALG_CUMULATIVE_T2, ALG_P256, ALG_ECDSA, ALG_BLS, weierstrass, sha256 } from './chunk-X3AMH53O.js';
-import { buildInitConfig, needsValidatorRouter, airAccountActions, airAccountFactoryActions } from './chunk-BYVG7MO7.js';
-import { CANONICAL_ADDRESSES, getCanonicalAddresses } from './chunk-UCLK6LTB.js';
+import { buildInitConfig, needsValidatorRouter, airAccountActions, airAccountFactoryActions } from './chunk-6DZCDV4Q.js';
+import { CANONICAL_ADDRESSES, getCanonicalAddresses } from './chunk-MBWBHKUE.js';
 import { parseAbi, createPublicClient, http, getContract, formatEther, parseUnits, parseEther, encodeFunctionData, zeroAddress, concat, numberToHex, hexToBytes, formatUnits, encodeAbiParameters, keccak256 as keccak256$1, hashMessage as hashMessage$1, toRlp, concatHex, recoverAddress as recoverAddress$1 } from 'viem';
 import axios from 'axios';
 import { createHash } from 'crypto';
@@ -1610,7 +1610,12 @@ var TransferManager = class {
     );
     const userOpHash = await this.ethereum.getUserOpHash(userOp, version);
     await this.signer.ensureSigner(userId);
-    const assertionCtx = params.passkeyAssertion ? { assertion: params.passkeyAssertion } : void 0;
+    if (params.webAuthnAssertion && params.passkeyAssertion) {
+      throw new Error(
+        "Provide either webAuthnAssertion (preferred) or passkeyAssertion, not both."
+      );
+    }
+    const assertionCtx = params.webAuthnAssertion ? { webAuthnAssertion: params.webAuthnAssertion } : params.passkeyAssertion ? { assertion: params.passkeyAssertion } : void 0;
     let useECDSA = false;
     let isCompositeValidator = false;
     if (version === "0.7" /* V0_7 */ || version === "0.8" /* V0_8 */) {
@@ -1620,6 +1625,11 @@ var TransferManager = class {
         account.address
       ));
     }
+    if (assertionCtx && "webAuthnAssertion" in assertionCtx && !useECDSA && !(params.useAirAccountTiering && this.guardChecker)) {
+      throw new Error(
+        "A one-time webAuthnAssertion cannot authorize the legacy non-tiered BLS dual-sign (two owner signatures, one spent challenge). Use useAirAccountTiering:true (single owner signature), or supply two assertions via the legacy path."
+      );
+    }
     if (useECDSA) {
       const ecdsaSig = await this.signer.signMessage(
         userId,
@@ -2116,7 +2126,7 @@ var BLSSignatureService = class {
     }
     return nodes;
   }
-  async generateBLSSignature(userId, userOpHash, ctx) {
+  async generateBLSSignature(userId, userOpHash, ctx, options) {
     const manager = await this.ensureInitialized();
     const activeNodes = await this.getActiveSignerNodes();
     if (activeNodes.length < 1) {
@@ -2175,11 +2185,7 @@ var BLSSignatureService = class {
         `Wallet address mismatch! Wallet: ${walletAddress}, Expected: ${account.signerAddress}`
       );
     }
-    const aaSignature = await this.signer.signMessage(
-      userId,
-      hexToBytes(userOpHash),
-      ctx
-    );
+    const aaSignature = options?.skipOwnerOpSignature ? "0x" : await this.signer.signMessage(userId, hexToBytes(userOpHash), ctx);
     const messagePointHash = keccak256(messagePoint);
     const messagePointSignature = await this.signer.signMessage(
       userId,
@@ -2196,6 +2202,11 @@ var BLSSignatureService = class {
     };
   }
   async packSignature(blsData) {
+    if (!blsData.aaSignature || blsData.aaSignature === "0x") {
+      throw new Error(
+        "packSignature requires aaSignature; this BLSSignatureData was generated with skipOwnerOpSignature (Tier-2/3 only). Use packCumulativeT2/T3Signature instead."
+      );
+    }
     const manager = await this.ensureInitialized();
     return manager.packSignature(blsData);
   }
@@ -2225,7 +2236,9 @@ var BLSSignatureService = class {
     if (!p256Signature) {
       throw new Error(`P256 signature required for Tier ${tier}`);
     }
-    const blsData = await this.generateBLSSignature(userId, userOpHash, ctx);
+    const blsData = await this.generateBLSSignature(userId, userOpHash, ctx, {
+      skipOwnerOpSignature: true
+    });
     if (tier === 2) {
       const t2Data = {
         p256Signature,
@@ -2253,6 +2266,84 @@ var BLSSignatureService = class {
     return manager.packCumulativeT3Signature(t3Data);
   }
 };
+var ALG_NAMES = {
+  [ALG_BLS]: "BLS (0x01)",
+  [ALG_ECDSA]: "ECDSA (0x02)",
+  [ALG_P256]: "P256 (0x03)",
+  [ALG_CUMULATIVE_T2]: "Cumulative T2 (0x04)",
+  [ALG_CUMULATIVE_T3]: "Cumulative T3 (0x05)"
+};
+var GuardChecker = class {
+  constructor(ethereum, logger) {
+    this.ethereum = ethereum;
+    this.logger = logger ?? new ConsoleLogger("[GuardChecker]");
+  }
+  logger;
+  /**
+   * Fetch tier limits from an AirAccount contract.
+   */
+  async fetchTierConfig(accountAddress) {
+    const account = this.ethereum.getAccountContract(accountAddress);
+    return readAccountTierLimits(account);
+  }
+  /**
+   * Fetch guard status from the account's GlobalGuard.
+   */
+  async fetchGuardStatus(accountAddress) {
+    const account = this.ethereum.getAccountContract(accountAddress);
+    const guardAddress = await readAccountGuardAddress(account);
+    if (guardAddress === zeroAddress) {
+      return {
+        hasGuard: false,
+        guardAddress: zeroAddress,
+        dailyLimit: 0n,
+        dailyRemaining: 0n
+      };
+    }
+    const guard = getContract({
+      address: guardAddress,
+      abi: parseAbi(GLOBAL_GUARD_ABI),
+      client: this.ethereum.getProvider()
+    });
+    const { dailyLimit, dailyRemaining } = await readGuardDailyAllowance(guard);
+    return {
+      hasGuard: true,
+      guardAddress,
+      dailyLimit,
+      dailyRemaining
+    };
+  }
+  /**
+   * Pre-check a transaction: determine tier, check guard limits and algorithm approval.
+   * Returns errors array (empty = OK to proceed).
+   */
+  async preCheck(accountAddress, value) {
+    const errors = [];
+    const tierConfig = await this.fetchTierConfig(accountAddress);
+    const tier = resolveTier(value, tierConfig);
+    const algId = algIdForTier(tier);
+    const guard = await this.fetchGuardStatus(accountAddress);
+    if (!guard.hasGuard) {
+      return { ok: true, errors: [], tier, algId };
+    }
+    if (guard.dailyLimit > 0n && value > guard.dailyRemaining) {
+      errors.push(
+        `Daily limit exceeded: requesting ${value} wei but only ${guard.dailyRemaining} remaining (limit: ${guard.dailyLimit})`
+      );
+    }
+    const accountContract = this.ethereum.getAccountContract(accountAddress);
+    const isApproved = await readAlgorithmApproved(accountContract, algId);
+    if (!isApproved) {
+      errors.push(
+        `Algorithm ${ALG_NAMES[algId] ?? `0x${algId.toString(16)}`} is not approved by the account`
+      );
+    }
+    if (errors.length > 0) {
+      this.logger.warn(`Pre-check failed for ${accountAddress}: ${errors.join("; ")}`);
+    }
+    return { ok: errors.length === 0, errors, tier, algId };
+  }
+};
 var ERC20_ABI_PARSED = parseAbi(ERC20_ABI);
 var TokenService = class {
   constructor(ethereum) {
@@ -2379,7 +2470,8 @@ var AirAccountServerClient = class {
       this.tokens,
       config.storage,
       config.signer,
-      logger
+      logger,
+      new GuardChecker(this.ethereum, logger)
     );
   }
 };
@@ -2914,84 +3006,6 @@ async function isOapdDeployed(provider, config) {
   const code = await provider.getCode({ address });
   return code !== void 0 && code !== "0x";
 }
-var ALG_NAMES = {
-  [ALG_BLS]: "BLS (0x01)",
-  [ALG_ECDSA]: "ECDSA (0x02)",
-  [ALG_P256]: "P256 (0x03)",
-  [ALG_CUMULATIVE_T2]: "Cumulative T2 (0x04)",
-  [ALG_CUMULATIVE_T3]: "Cumulative T3 (0x05)"
-};
-var GuardChecker = class {
-  constructor(ethereum, logger) {
-    this.ethereum = ethereum;
-    this.logger = logger ?? new ConsoleLogger("[GuardChecker]");
-  }
-  logger;
-  /**
-   * Fetch tier limits from an AirAccount contract.
-   */
-  async fetchTierConfig(accountAddress) {
-    const account = this.ethereum.getAccountContract(accountAddress);
-    return readAccountTierLimits(account);
-  }
-  /**
-   * Fetch guard status from the account's GlobalGuard.
-   */
-  async fetchGuardStatus(accountAddress) {
-    const account = this.ethereum.getAccountContract(accountAddress);
-    const guardAddress = await readAccountGuardAddress(account);
-    if (guardAddress === zeroAddress) {
-      return {
-        hasGuard: false,
-        guardAddress: zeroAddress,
-        dailyLimit: 0n,
-        dailyRemaining: 0n
-      };
-    }
-    const guard = getContract({
-      address: guardAddress,
-      abi: parseAbi(GLOBAL_GUARD_ABI),
-      client: this.ethereum.getProvider()
-    });
-    const { dailyLimit, dailyRemaining } = await readGuardDailyAllowance(guard);
-    return {
-      hasGuard: true,
-      guardAddress,
-      dailyLimit,
-      dailyRemaining
-    };
-  }
-  /**
-   * Pre-check a transaction: determine tier, check guard limits and algorithm approval.
-   * Returns errors array (empty = OK to proceed).
-   */
-  async preCheck(accountAddress, value) {
-    const errors = [];
-    const tierConfig = await this.fetchTierConfig(accountAddress);
-    const tier = resolveTier(value, tierConfig);
-    const algId = algIdForTier(tier);
-    const guard = await this.fetchGuardStatus(accountAddress);
-    if (!guard.hasGuard) {
-      return { ok: true, errors: [], tier, algId };
-    }
-    if (guard.dailyLimit > 0n && value > guard.dailyRemaining) {
-      errors.push(
-        `Daily limit exceeded: requesting ${value} wei but only ${guard.dailyRemaining} remaining (limit: ${guard.dailyLimit})`
-      );
-    }
-    const accountContract = this.ethereum.getAccountContract(accountAddress);
-    const isApproved = await readAlgorithmApproved(accountContract, algId);
-    if (!isApproved) {
-      errors.push(
-        `Algorithm ${ALG_NAMES[algId] ?? `0x${algId.toString(16)}`} is not approved by the account`
-      );
-    }
-    if (errors.length > 0) {
-      this.logger.warn(`Pre-check failed for ${accountAddress}: ${errors.join("; ")}`);
-    }
-    return { ok: errors.length === 0, errors, tier, algId };
-  }
-};
 var FORCE_EXIT_ABI = [
   // ERC-7579 module lifecycle
   "function onInstall(bytes calldata data) external",
@@ -4244,14 +4258,21 @@ async function buildAuthenticationCredential(opts) {
     }
   };
 }
+function commitChallenge(nonceBase64Url, payload) {
+  const nonce = base64UrlDecode(nonceBase64Url);
+  const payloadBytes = typeof payload === "string" ? hexToBytes4(payload) : payload;
+  const committed = createHash("sha256").update(nonce).update(payloadBytes).digest();
+  return base64UrlEncode(new Uint8Array(committed));
+}
 async function runWebAuthnCeremony(begin, options) {
   const begun = await begin();
-  const challenge = begun?.Options?.challenge;
-  if (!begun?.ChallengeId || !challenge) {
+  const nonce = begun?.Options?.challenge;
+  if (!begun?.ChallengeId || !nonce) {
     throw new Error(
       "WebAuthn ceremony: begin endpoint did not return a ChallengeId + Options.challenge"
     );
   }
+  const challenge = options.payload ? commitChallenge(nonce, options.payload) : nonce;
   const credential = await buildAuthenticationCredential({
     challenge,
     signer: options.signer,
@@ -4577,27 +4598,100 @@ var KmsManager = class {
     return this.client.post("/BeginAuthentication", { KeyId: keyId });
   }
   // ── Factory ─────────────────────────────────────────────────────
+  /**
+   * Create a KMS signer that authorizes each signature with a LEGACY raw passkey
+   * assertion (reusable, no challenge consumption).
+   *
+   * @deprecated The KMS (v0.20.0+) rejects legacy raw passkey assertions for
+   * signing/mutating operations (`/SignHash` → 400, "no challenge binding —
+   * replayable"), unless `KMS_ALLOW_LEGACY_PASSKEY=1` is set on the KMS (test
+   * only). Prefer {@link createKmsSignerWithCeremony}, which runs a one-time
+   * challenge-bound WebAuthn ceremony per signature.
+   */
   createKmsSigner(keyId, address, assertionProvider) {
     this.ensureEnabled();
-    return new KmsSigner(keyId, address, this, assertionProvider);
+    return new KmsSigner(keyId, address, this, { mode: "legacy", assertionProvider });
+  }
+  /**
+   * Create a KMS signer that authorizes each signature with a one-time,
+   * challenge-bound WebAuthn ceremony (production-safe; replay-protected).
+   *
+   * Every `signMessage` call runs a FRESH ceremony (BeginAuthentication →
+   * authenticator assertion → `/SignHash` with the `WebAuthn` field), because the
+   * KMS consumes the challenge atomically (one challenge ⇒ one signature). A
+   * Tier-2/3 BLS transfer that needs N owner signatures therefore triggers N
+   * ceremonies — see {@link BLSSignatureService} (which now skips the unused
+   * userOpHash owner-ECDSA for tiered signatures, so Tier-2 needs only one).
+   *
+   * @param ceremonySigner authenticator that signs the WebAuthn challenge
+   *   (a browser passkey on the client, or {@link P256PasskeySigner} server-side).
+   */
+  createKmsSignerWithCeremony(keyId, address, ceremonySigner, ceremonyOptions, commitPayload = false) {
+    this.ensureEnabled();
+    return new KmsSigner(keyId, address, this, {
+      mode: "ceremony",
+      ceremonySigner,
+      ceremonyOptions,
+      commitPayload
+    });
   }
 };
 var KmsSigner = class {
-  constructor(keyId, _address, kmsManager, assertionProvider) {
+  constructor(keyId, _address, kmsManager, auth) {
     this.keyId = keyId;
     this._address = _address;
     this.kmsManager = kmsManager;
-    this.assertionProvider = assertionProvider;
+    this.auth = auth;
   }
   async getAddress() {
     return this._address;
   }
-  async signMessage(message) {
+  /**
+   * EIP-191 personal-sign over a digest. A string is hashed as UTF-8 text, a byte
+   * array as raw bytes — byte-identical to ethers `hashMessage`.
+   *
+   * @param webAuthnAssertion OPTIONAL pre-built, one-time ceremony assertion. Use
+   *   this in server flows where the passkey lives on the USER's device: the
+   *   frontend runs the BeginAuthentication ceremony and the backend forwards the
+   *   resulting `{ ChallengeId, Credential }` here. When supplied it takes
+   *   precedence over the signer's baked-in auth mode. Each assertion is one-time
+   *   (the KMS consumes the challenge), so a caller that needs N signatures must
+   *   supply N distinct assertions.
+   *
+   *   WYSIWYS (AirAccount #68): the frontend MUST build the assertion over the
+   *   payload-committed challenge `commitChallenge(nonce, hashOf(message))`, not the
+   *   raw nonce — otherwise a compromised host could swap the signed payload. The
+   *   raw-nonce assertion only works while the KMS runs in transition mode. (The
+   *   signer's own ceremony mode does this automatically.)
+   */
+  async signMessage(message, webAuthnAssertion) {
     const messageHash = hashMessage(message);
-    const assertion = await this.assertionProvider();
-    const signResponse = await this.kmsManager.signHash(messageHash, assertion, {
-      Address: this._address
-    });
+    const target = { Address: this._address };
+    if (webAuthnAssertion) {
+      const signResponse2 = await this.kmsManager.signHashWithWebAuthn(
+        messageHash,
+        webAuthnAssertion.ChallengeId,
+        webAuthnAssertion.Credential,
+        target
+      );
+      return "0x" + signResponse2.Signature;
+    }
+    if (this.auth.mode === "ceremony") {
+      const assertion2 = await this.kmsManager.runAuthenticationCeremony(
+        this.keyId,
+        this.auth.ceremonySigner,
+        this.auth.commitPayload ? { ...this.auth.ceremonyOptions, payload: messageHash } : this.auth.ceremonyOptions
+      );
+      const signResponse2 = await this.kmsManager.signHashWithWebAuthn(
+        messageHash,
+        assertion2.ChallengeId,
+        assertion2.Credential,
+        target
+      );
+      return "0x" + signResponse2.Signature;
+    }
+    const assertion = await this.auth.assertionProvider();
+    const signResponse = await this.kmsManager.signHash(messageHash, assertion, target);
     return "0x" + signResponse.Signature;
   }
 };
@@ -4983,12 +5077,43 @@ var LocalWalletSigner = class {
     return { address: this.account.address };
   }
 };
+
+// ../airaccount/src/server/adapters/kms-signer-adapter.ts
+var KmsSignerAdapter = class {
+  constructor(kms, resolveKey) {
+    this.kms = kms;
+    this.resolveKey = resolveKey;
+  }
+  async getAddress(userId) {
+    return (await this.resolveKey(userId)).address;
+  }
+  async ensureSigner(userId) {
+    return { address: (await this.resolveKey(userId)).address };
+  }
+  async signMessage(userId, message, ctx) {
+    const { address } = await this.resolveKey(userId);
+    const hash = hashMessage(message);
+    const target = { Address: address };
+    if (ctx && "webAuthnAssertion" in ctx) {
+      const { ChallengeId, Credential } = ctx.webAuthnAssertion;
+      const res = await this.kms.signHashWithWebAuthn(hash, ChallengeId, Credential, target);
+      return "0x" + res.Signature;
+    }
+    if (ctx && "assertion" in ctx) {
+      const res = await this.kms.signHash(hash, ctx.assertion, target);
+      return "0x" + res.Signature;
+    }
+    throw new Error(
+      "KmsSignerAdapter: KMS signing requires an auth context \u2014 pass a one-time WebAuthnCeremonyContext { webAuthnAssertion } (preferred)."
+    );
+  }
+};
 /*! Bundled license information:
 
 @noble/curves/nist.js:
   (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
 */
 
-export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, AirAccountServerClient, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildFullInitConfig, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, initConfigFromRecord, initConfigToTuple, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, serializeGuardianSpecs, toGuardianSpecs, validateConfig, wrapExecuteUserOp };
-//# sourceMappingURL=chunk-2UC7UPHV.js.map
-//# sourceMappingURL=chunk-2UC7UPHV.js.map
+export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, AirAccountServerClient, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, KmsSignerAdapter, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildFullInitConfig, buildInstallModuleHash, buildUninstallModuleHash, commitChallenge, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, initConfigFromRecord, initConfigToTuple, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, serializeGuardianSpecs, toGuardianSpecs, validateConfig, wrapExecuteUserOp };
+//# sourceMappingURL=chunk-D2RDBN46.js.map
+//# sourceMappingURL=chunk-D2RDBN46.js.map