@aastar/sdk 0.24.2 → 0.26.0

package/dist/{chunk-4Q6FADF6.cjs → chunk-UZE7IPOK.cjs}

@@ -1,8 +1,8 @@
 'use strict';
 
 var chunkXQROKLZI_cjs = require('./chunk-XQROKLZI.cjs');
-var chunkIB3KOSHW_cjs = require('./chunk-IB3KOSHW.cjs');
-var chunkMXJEULSE_cjs = require('./chunk-MXJEULSE.cjs');
+var chunkKOWTQJIX_cjs = require('./chunk-KOWTQJIX.cjs');
+var chunkG33MXEHU_cjs = require('./chunk-G33MXEHU.cjs');
 var viem = require('viem');
 var axios = require('axios');
 var crypto = require('crypto');
@@ -13,7 +13,7 @@ function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 var axios__default = /*#__PURE__*/_interopDefault(axios);
 
 // ../airaccount/src/server/constants/entrypoint.ts
-var CORE_SEPOLIA = chunkMXJEULSE_cjs.CANONICAL_ADDRESSES[11155111];
+var CORE_SEPOLIA = chunkG33MXEHU_cjs.CANONICAL_ADDRESSES[11155111];
 var EntryPointVersion = /* @__PURE__ */ ((EntryPointVersion2) => {
   EntryPointVersion2["V0_6"] = "0.6";
   EntryPointVersion2["V0_7"] = "0.7";
@@ -728,7 +728,7 @@ function toGuardianSpecs(p) {
   return specs;
 }
 function buildFullInitConfig(p) {
-  return chunkIB3KOSHW_cjs.buildInitConfig({
+  return chunkKOWTQJIX_cjs.buildInitConfig({
     guardians: toGuardianSpecs(p),
     dailyLimit: p.dailyLimit,
     ...p.approvedAlgIds ? { approvedAlgIds: p.approvedAlgIds } : {},
@@ -761,7 +761,7 @@ function initConfigFromRecord(record) {
   const guardians = record.guardianSpecs.map(
     (s) => "p256" in s ? { p256: { x: s.p256.x, y: s.p256.y } } : { ecdsa: s.ecdsa }
   );
-  return chunkIB3KOSHW_cjs.buildInitConfig({
+  return chunkKOWTQJIX_cjs.buildInitConfig({
     guardians,
     dailyLimit: record.dailyLimit ? BigInt(record.dailyLimit) : 0n,
     ...record.approvedAlgIds ? { approvedAlgIds: record.approvedAlgIds } : {},
@@ -1109,7 +1109,7 @@ var AccountManager = class {
     this.logger.log(
       `[AccountManager] account created with ${params.p256Guardians.length} P-256 guardian(s): ${accountAddress}`
     );
-    if (chunkIB3KOSHW_cjs.needsValidatorRouter(config.approvedAlgIds)) {
+    if (chunkKOWTQJIX_cjs.needsValidatorRouter(config.approvedAlgIds)) {
       this.logger.log(
         `[AccountManager] account ${accountAddress} approved a router-delegated algorithm (approvedAlgIds=[${config.approvedAlgIds.join(", ")}]); use deployAndWireValidator(userId, { walletClient }) to deploy + setValidator(router) in one call (or ensureValidatorRouter(userId) after a manual deploy) \u2014 required for those algIds to validate.`
       );
@@ -1146,11 +1146,11 @@ var AccountManager = class {
     if (!approvedAlgIds || approvedAlgIds.length === 0) {
       return { set: false, reason: "no approvedAlgIds / not router-delegated" };
     }
-    if (!chunkIB3KOSHW_cjs.needsValidatorRouter(approvedAlgIds)) {
+    if (!chunkKOWTQJIX_cjs.needsValidatorRouter(approvedAlgIds)) {
       return { set: false, reason: "no router-delegated algorithm" };
     }
     const chainId = this.ethereum.getChainId();
-    const canonicalRouter = chunkMXJEULSE_cjs.getCanonicalAddresses(chainId)?.aaStarValidator;
+    const canonicalRouter = chunkG33MXEHU_cjs.getCanonicalAddresses(chainId)?.aaStarValidator;
     const router = opts?.router ?? canonicalRouter;
     if (!router || router.toLowerCase() === viem.zeroAddress) {
       return { set: false, reason: `no canonical validator router for chain ${chainId}` };
@@ -1176,7 +1176,7 @@ var AccountManager = class {
         router
       };
     }
-    const tx = await chunkIB3KOSHW_cjs.airAccountActions(account.address)(walletClient).setValidator({
+    const tx = await chunkKOWTQJIX_cjs.airAccountActions(account.address)(walletClient).setValidator({
       validator: router,
       account: walletClient.account
     });
@@ -1212,7 +1212,7 @@ var AccountManager = class {
     }
     if (!code || code === "0x") {
       const config = initConfigFromRecord(account);
-      deployTx = await chunkIB3KOSHW_cjs.airAccountFactoryActions(account.factoryAddress)(walletClient).createAccount({
+      deployTx = await chunkKOWTQJIX_cjs.airAccountFactoryActions(account.factoryAddress)(walletClient).createAccount({
         owner: account.signerAddress,
         salt: BigInt(account.salt),
         config,
@@ -1616,7 +1616,12 @@ var TransferManager = class {
     );
     const userOpHash = await this.ethereum.getUserOpHash(userOp, version);
     await this.signer.ensureSigner(userId);
-    const assertionCtx = params.passkeyAssertion ? { assertion: params.passkeyAssertion } : void 0;
+    if (params.webAuthnAssertion && params.passkeyAssertion) {
+      throw new Error(
+        "Provide either webAuthnAssertion (preferred) or passkeyAssertion, not both."
+      );
+    }
+    const assertionCtx = params.webAuthnAssertion ? { webAuthnAssertion: params.webAuthnAssertion } : params.passkeyAssertion ? { assertion: params.passkeyAssertion } : void 0;
     let useECDSA = false;
     let isCompositeValidator = false;
     if (version === "0.7" /* V0_7 */ || version === "0.8" /* V0_8 */) {
@@ -1626,6 +1631,11 @@ var TransferManager = class {
         account.address
       ));
     }
+    if (assertionCtx && "webAuthnAssertion" in assertionCtx && !useECDSA && !(params.useAirAccountTiering && this.guardChecker)) {
+      throw new Error(
+        "A one-time webAuthnAssertion cannot authorize the legacy non-tiered BLS dual-sign (two owner signatures, one spent challenge). Use useAirAccountTiering:true (single owner signature), or supply two assertions via the legacy path."
+      );
+    }
     if (useECDSA) {
       const ecdsaSig = await this.signer.signMessage(
         userId,
@@ -2122,7 +2132,7 @@ var BLSSignatureService = class {
     }
     return nodes;
   }
-  async generateBLSSignature(userId, userOpHash, ctx) {
+  async generateBLSSignature(userId, userOpHash, ctx, options) {
     const manager = await this.ensureInitialized();
     const activeNodes = await this.getActiveSignerNodes();
     if (activeNodes.length < 1) {
@@ -2181,11 +2191,7 @@ var BLSSignatureService = class {
         `Wallet address mismatch! Wallet: ${walletAddress}, Expected: ${account.signerAddress}`
       );
     }
-    const aaSignature = await this.signer.signMessage(
-      userId,
-      viem.hexToBytes(userOpHash),
-      ctx
-    );
+    const aaSignature = options?.skipOwnerOpSignature ? "0x" : await this.signer.signMessage(userId, viem.hexToBytes(userOpHash), ctx);
     const messagePointHash = chunkXQROKLZI_cjs.keccak256(messagePoint);
     const messagePointSignature = await this.signer.signMessage(
       userId,
@@ -2202,6 +2208,11 @@ var BLSSignatureService = class {
     };
   }
   async packSignature(blsData) {
+    if (!blsData.aaSignature || blsData.aaSignature === "0x") {
+      throw new Error(
+        "packSignature requires aaSignature; this BLSSignatureData was generated with skipOwnerOpSignature (Tier-2/3 only). Use packCumulativeT2/T3Signature instead."
+      );
+    }
     const manager = await this.ensureInitialized();
     return manager.packSignature(blsData);
   }
@@ -2231,7 +2242,9 @@ var BLSSignatureService = class {
     if (!p256Signature) {
       throw new Error(`P256 signature required for Tier ${tier}`);
     }
-    const blsData = await this.generateBLSSignature(userId, userOpHash, ctx);
+    const blsData = await this.generateBLSSignature(userId, userOpHash, ctx, {
+      skipOwnerOpSignature: true
+    });
     if (tier === 2) {
       const t2Data = {
         p256Signature,
@@ -2259,6 +2272,84 @@ var BLSSignatureService = class {
     return manager.packCumulativeT3Signature(t3Data);
   }
 };
+var ALG_NAMES = {
+  [chunkXQROKLZI_cjs.ALG_BLS]: "BLS (0x01)",
+  [chunkXQROKLZI_cjs.ALG_ECDSA]: "ECDSA (0x02)",
+  [chunkXQROKLZI_cjs.ALG_P256]: "P256 (0x03)",
+  [chunkXQROKLZI_cjs.ALG_CUMULATIVE_T2]: "Cumulative T2 (0x04)",
+  [chunkXQROKLZI_cjs.ALG_CUMULATIVE_T3]: "Cumulative T3 (0x05)"
+};
+var GuardChecker = class {
+  constructor(ethereum, logger) {
+    this.ethereum = ethereum;
+    this.logger = logger ?? new ConsoleLogger("[GuardChecker]");
+  }
+  logger;
+  /**
+   * Fetch tier limits from an AirAccount contract.
+   */
+  async fetchTierConfig(accountAddress) {
+    const account = this.ethereum.getAccountContract(accountAddress);
+    return readAccountTierLimits(account);
+  }
+  /**
+   * Fetch guard status from the account's GlobalGuard.
+   */
+  async fetchGuardStatus(accountAddress) {
+    const account = this.ethereum.getAccountContract(accountAddress);
+    const guardAddress = await readAccountGuardAddress(account);
+    if (guardAddress === viem.zeroAddress) {
+      return {
+        hasGuard: false,
+        guardAddress: viem.zeroAddress,
+        dailyLimit: 0n,
+        dailyRemaining: 0n
+      };
+    }
+    const guard = viem.getContract({
+      address: guardAddress,
+      abi: viem.parseAbi(GLOBAL_GUARD_ABI),
+      client: this.ethereum.getProvider()
+    });
+    const { dailyLimit, dailyRemaining } = await readGuardDailyAllowance(guard);
+    return {
+      hasGuard: true,
+      guardAddress,
+      dailyLimit,
+      dailyRemaining
+    };
+  }
+  /**
+   * Pre-check a transaction: determine tier, check guard limits and algorithm approval.
+   * Returns errors array (empty = OK to proceed).
+   */
+  async preCheck(accountAddress, value) {
+    const errors = [];
+    const tierConfig = await this.fetchTierConfig(accountAddress);
+    const tier = chunkXQROKLZI_cjs.resolveTier(value, tierConfig);
+    const algId = chunkXQROKLZI_cjs.algIdForTier(tier);
+    const guard = await this.fetchGuardStatus(accountAddress);
+    if (!guard.hasGuard) {
+      return { ok: true, errors: [], tier, algId };
+    }
+    if (guard.dailyLimit > 0n && value > guard.dailyRemaining) {
+      errors.push(
+        `Daily limit exceeded: requesting ${value} wei but only ${guard.dailyRemaining} remaining (limit: ${guard.dailyLimit})`
+      );
+    }
+    const accountContract = this.ethereum.getAccountContract(accountAddress);
+    const isApproved = await readAlgorithmApproved(accountContract, algId);
+    if (!isApproved) {
+      errors.push(
+        `Algorithm ${ALG_NAMES[algId] ?? `0x${algId.toString(16)}`} is not approved by the account`
+      );
+    }
+    if (errors.length > 0) {
+      this.logger.warn(`Pre-check failed for ${accountAddress}: ${errors.join("; ")}`);
+    }
+    return { ok: errors.length === 0, errors, tier, algId };
+  }
+};
 var ERC20_ABI_PARSED = viem.parseAbi(ERC20_ABI);
 var TokenService = class {
   constructor(ethereum) {
@@ -2385,7 +2476,8 @@ var AirAccountServerClient = class {
       this.tokens,
       config.storage,
       config.signer,
-      logger
+      logger,
+      new GuardChecker(this.ethereum, logger)
     );
   }
 };
@@ -2920,84 +3012,6 @@ async function isOapdDeployed(provider, config) {
   const code = await provider.getCode({ address });
   return code !== void 0 && code !== "0x";
 }
-var ALG_NAMES = {
-  [chunkXQROKLZI_cjs.ALG_BLS]: "BLS (0x01)",
-  [chunkXQROKLZI_cjs.ALG_ECDSA]: "ECDSA (0x02)",
-  [chunkXQROKLZI_cjs.ALG_P256]: "P256 (0x03)",
-  [chunkXQROKLZI_cjs.ALG_CUMULATIVE_T2]: "Cumulative T2 (0x04)",
-  [chunkXQROKLZI_cjs.ALG_CUMULATIVE_T3]: "Cumulative T3 (0x05)"
-};
-var GuardChecker = class {
-  constructor(ethereum, logger) {
-    this.ethereum = ethereum;
-    this.logger = logger ?? new ConsoleLogger("[GuardChecker]");
-  }
-  logger;
-  /**
-   * Fetch tier limits from an AirAccount contract.
-   */
-  async fetchTierConfig(accountAddress) {
-    const account = this.ethereum.getAccountContract(accountAddress);
-    return readAccountTierLimits(account);
-  }
-  /**
-   * Fetch guard status from the account's GlobalGuard.
-   */
-  async fetchGuardStatus(accountAddress) {
-    const account = this.ethereum.getAccountContract(accountAddress);
-    const guardAddress = await readAccountGuardAddress(account);
-    if (guardAddress === viem.zeroAddress) {
-      return {
-        hasGuard: false,
-        guardAddress: viem.zeroAddress,
-        dailyLimit: 0n,
-        dailyRemaining: 0n
-      };
-    }
-    const guard = viem.getContract({
-      address: guardAddress,
-      abi: viem.parseAbi(GLOBAL_GUARD_ABI),
-      client: this.ethereum.getProvider()
-    });
-    const { dailyLimit, dailyRemaining } = await readGuardDailyAllowance(guard);
-    return {
-      hasGuard: true,
-      guardAddress,
-      dailyLimit,
-      dailyRemaining
-    };
-  }
-  /**
-   * Pre-check a transaction: determine tier, check guard limits and algorithm approval.
-   * Returns errors array (empty = OK to proceed).
-   */
-  async preCheck(accountAddress, value) {
-    const errors = [];
-    const tierConfig = await this.fetchTierConfig(accountAddress);
-    const tier = chunkXQROKLZI_cjs.resolveTier(value, tierConfig);
-    const algId = chunkXQROKLZI_cjs.algIdForTier(tier);
-    const guard = await this.fetchGuardStatus(accountAddress);
-    if (!guard.hasGuard) {
-      return { ok: true, errors: [], tier, algId };
-    }
-    if (guard.dailyLimit > 0n && value > guard.dailyRemaining) {
-      errors.push(
-        `Daily limit exceeded: requesting ${value} wei but only ${guard.dailyRemaining} remaining (limit: ${guard.dailyLimit})`
-      );
-    }
-    const accountContract = this.ethereum.getAccountContract(accountAddress);
-    const isApproved = await readAlgorithmApproved(accountContract, algId);
-    if (!isApproved) {
-      errors.push(
-        `Algorithm ${ALG_NAMES[algId] ?? `0x${algId.toString(16)}`} is not approved by the account`
-      );
-    }
-    if (errors.length > 0) {
-      this.logger.warn(`Pre-check failed for ${accountAddress}: ${errors.join("; ")}`);
-    }
-    return { ok: errors.length === 0, errors, tier, algId };
-  }
-};
 var FORCE_EXIT_ABI = [
   // ERC-7579 module lifecycle
   "function onInstall(bytes calldata data) external",
@@ -4187,6 +4201,9 @@ function hexToBytes4(hex) {
   if (clean.length % 2 !== 0) {
     throw new Error("hexToBytes: odd-length hex string");
   }
+  if (clean.length > 0 && !/^[0-9a-fA-F]+$/.test(clean)) {
+    throw new Error("hexToBytes: non-hex characters in input");
+  }
   const out = new Uint8Array(clean.length / 2);
   for (let i = 0; i < out.length; i++) {
     out[i] = parseInt(clean.slice(i * 2, i * 2 + 2), 16);
@@ -4221,11 +4238,14 @@ function buildClientDataJSON(challenge, origin = DEFAULT_ORIGIN) {
   return new TextEncoder().encode(json);
 }
 function buildAuthenticatorData(rpId = DEFAULT_RP_ID, signCount = 1) {
+  if (!Number.isInteger(signCount) || signCount < 0 || signCount > 4294967295) {
+    throw new Error(`buildAuthenticatorData: signCount must be a uint32 (0..2^32-1), got ${signCount}`);
+  }
   const rpIdHash = crypto.createHash("sha256").update(rpId).digest();
   const out = new Uint8Array(37);
   out.set(rpIdHash, 0);
   out[32] = 5;
-  new DataView(out.buffer).setUint32(33, signCount >>> 0, false);
+  new DataView(out.buffer).setUint32(33, signCount, false);
   return out;
 }
 async function buildAuthenticationCredential(opts) {
@@ -4250,23 +4270,42 @@ async function buildAuthenticationCredential(opts) {
     }
   };
 }
+function commitChallenge(nonceBase64Url, payload) {
+  const nonce = base64UrlDecode(nonceBase64Url);
+  const payloadBytes = typeof payload === "string" ? hexToBytes4(payload) : payload;
+  if (payloadBytes.length !== 32) {
+    throw new Error(`commitChallenge: payload must be a 32-byte digest, got ${payloadBytes.length} bytes`);
+  }
+  const committed = crypto.createHash("sha256").update(nonce).update(payloadBytes).digest();
+  return base64UrlEncode(new Uint8Array(committed));
+}
 async function runWebAuthnCeremony(begin, options) {
   const begun = await begin();
-  const challenge = begun?.Options?.challenge;
-  if (!begun?.ChallengeId || !challenge) {
+  const nonce = begun?.Options?.challenge;
+  if (!begun?.ChallengeId || !nonce) {
     throw new Error(
       "WebAuthn ceremony: begin endpoint did not return a ChallengeId + Options.challenge"
     );
   }
+  const challenge = options.payload ? commitChallenge(nonce, options.payload) : nonce;
   const credential = await buildAuthenticationCredential({
     challenge,
     signer: options.signer,
     rpId: options.rpId,
     origin: options.origin,
-    signCount: options.signCount
+    // The KMS enforces a strictly-increasing authenticator signCount (anti-clone). A
+    // server-held signer (P256PasskeySigner) has no native counter, so default to a
+    // monotonic value — else a second signature on the same key fails
+    // "signCount not incremented". A real device passkey passes its own counter.
+    signCount: options.signCount ?? nextSignCount()
   });
   return { ChallengeId: begun.ChallengeId, Credential: credential };
 }
+var _signCountCounter = Math.floor(Date.now() / 1e3);
+function nextSignCount() {
+  _signCountCounter = _signCountCounter + 1 >>> 0;
+  return _signCountCounter;
+}
 function beginAuthenticationChallenge(http2, keyId) {
   return http2.post("/BeginAuthentication", { KeyId: keyId });
 }
@@ -4289,6 +4328,133 @@ function runGrantSessionCeremony(http2, keyId, signer, options) {
 }
 
 // ../airaccount/src/server/services/kms-signer.ts
+function eip712Digest(params) {
+  const types = Object.fromEntries(
+    params.types.filter((t) => t.name !== "EIP712Domain").map((t) => [t.name, t.fields])
+  );
+  const message = Object.fromEntries(params.message.map((f) => [f.name, f.value]));
+  return viem.hashTypedData({
+    domain: params.domain,
+    types,
+    primaryType: params.primaryType,
+    message
+  });
+}
+function u256(x) {
+  if (typeof x === "number" && !Number.isSafeInteger(x)) {
+    throw new Error(`u256: number ${x} exceeds safe-integer range \u2014 pass a bigint or string`);
+  }
+  return BigInt(x);
+}
+var MINT_TAGS = { agent: "AA-AGENT-MINT-v1", p256: "AA-P256-SESSION-MINT-v1" };
+function mintDigest(p) {
+  const hex = p.walletId.replace(/-/g, "");
+  if (hex.length !== 32 || !/^[0-9a-fA-F]+$/.test(hex)) {
+    throw new Error("mintDigest: walletId must be a 16-byte UUID");
+  }
+  if (!Number.isInteger(p.index) || p.index < 0 || p.index > 4294967295) {
+    throw new Error(`mintDigest: index must be a uint32, got ${p.index}`);
+  }
+  if (typeof p.ttlSecs === "number" && !Number.isInteger(p.ttlSecs)) {
+    throw new Error(`mintDigest: ttlSecs must be an integer, got ${p.ttlSecs}`);
+  }
+  const ttlBig = BigInt(p.ttlSecs);
+  if (ttlBig < -(1n << 63n) || ttlBig > (1n << 63n) - 1n) {
+    throw new Error(`mintDigest: ttlSecs out of int64 range: ${ttlBig}`);
+  }
+  const sha2562 = (b) => new Uint8Array(crypto.createHash("sha256").update(b).digest());
+  const utf8 = (s) => new TextEncoder().encode(s);
+  const walletBytes = new Uint8Array(16);
+  for (let i = 0; i < 16; i++) walletBytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+  const idx = new Uint8Array(4);
+  new DataView(idx.buffer).setUint32(0, p.index, false);
+  const ttl = new Uint8Array(8);
+  new DataView(ttl.buffer).setBigInt64(0, ttlBig, false);
+  const parts = [utf8(MINT_TAGS[p.kind]), walletBytes, idx, ttl, sha2562(utf8(p.subject))];
+  const total = parts.reduce((n, a) => n + a.length, 0);
+  const buf = new Uint8Array(total);
+  let off = 0;
+  for (const a of parts) {
+    buf.set(a, off);
+    off += a.length;
+  }
+  return "0x" + Buffer.from(sha2562(buf)).toString("hex");
+}
+function grantSessionFinalHash(p) {
+  const callTargetsHash = viem.keccak256(viem.encodePacked(["address[]"], [p.callTargets]));
+  const selectorsHash = viem.keccak256(viem.encodePacked(["bytes4[]"], [p.selectorAllowlist]));
+  const isP256 = "keyX" in p;
+  const inner = isP256 ? viem.keccak256(
+    viem.encodeAbiParameters(
+      [
+        { type: "string" },
+        { type: "uint256" },
+        { type: "address" },
+        { type: "address" },
+        { type: "bytes32" },
+        { type: "bytes32" },
+        { type: "uint48" },
+        { type: "address" },
+        { type: "bytes4" },
+        { type: "uint16" },
+        { type: "uint32" },
+        { type: "bytes32" },
+        { type: "bytes32" },
+        { type: "uint256" }
+      ],
+      [
+        "GRANT_P256_SESSION_V2",
+        u256(p.chainId),
+        p.verifyingContract,
+        p.account,
+        p.keyX,
+        p.keyY,
+        p.expiry,
+        p.contractScope,
+        p.selectorScope,
+        p.velocityLimit,
+        p.velocityWindow,
+        callTargetsHash,
+        selectorsHash,
+        u256(p.nonce)
+      ]
+    )
+  ) : viem.keccak256(
+    viem.encodeAbiParameters(
+      [
+        { type: "string" },
+        { type: "uint256" },
+        { type: "address" },
+        { type: "address" },
+        { type: "address" },
+        { type: "uint48" },
+        { type: "address" },
+        { type: "bytes4" },
+        { type: "uint16" },
+        { type: "uint32" },
+        { type: "bytes32" },
+        { type: "bytes32" },
+        { type: "uint256" }
+      ],
+      [
+        "GRANT_SESSION_V2",
+        u256(p.chainId),
+        p.verifyingContract,
+        p.account,
+        p.sessionKey,
+        p.expiry,
+        p.contractScope,
+        p.selectorScope,
+        p.velocityLimit,
+        p.velocityWindow,
+        callTargetsHash,
+        selectorsHash,
+        u256(p.nonce)
+      ]
+    )
+  );
+  return viem.hashMessage({ raw: inner });
+}
 var KmsManager = class {
   client;
   logger;
@@ -4378,6 +4544,29 @@ var KmsManager = class {
     this.ensureEnabled();
     return this.amzPost("/ChangePasskey", "TrentService.ChangePasskey", params);
   }
+  // ── Ceremony wrappers for non-signing passkey ops (strict-readiness #135 item 2) ──
+  // These are NON-signing ops, so the challenge is the raw nonce (no payload commitment),
+  // but they MUST go through the ceremony (clientDataJSON present) — strict mode hard-rejects
+  // any assertion without clientDataJSON. Run the ceremony internally so callers never reach
+  // for the deprecated legacy `Passkey` field.
+  /** Schedule key deletion, running the WebAuthn ceremony internally (raw-nonce). */
+  async deleteKeyWithCeremony(params, signer, options) {
+    this.ensureEnabled();
+    const WebAuthn = await this.runAuthenticationCeremony(params.KeyId, signer, options);
+    return this.deleteKey({ ...params, WebAuthn });
+  }
+  /** Unfreeze a dormant key, running the WebAuthn ceremony internally (raw-nonce). */
+  async unfreezeKeyWithCeremony(params, signer, options) {
+    this.ensureEnabled();
+    const WebAuthn = await this.runAuthenticationCeremony(params.KeyId, signer, options);
+    return this.unfreezeKey({ ...params, WebAuthn });
+  }
+  /** Rotate the bound passkey, running the WebAuthn ceremony internally (raw-nonce). */
+  async changePasskeyWithCeremony(params, signer, options) {
+    this.ensureEnabled();
+    const WebAuthn = await this.runAuthenticationCeremony(params.KeyId, signer, options);
+    return this.changePasskey({ ...params, WebAuthn });
+  }
   /**
    * Sign a message or an EIP-155 transaction (WebAuthn-gated).
    * Provide exactly one of `Message` (hex) or `Transaction`. For a raw 32-byte
@@ -4519,24 +4708,50 @@ var KmsManager = class {
     return this.deriveAddress({ ...params, WebAuthn });
   }
   /**
-   * Sign a message or EIP-155 transaction, running the challenge-binding ceremony
-   * internally. `params.KeyId` is required (it identifies the wallet to challenge).
+   * Sign a message or EIP-155 transaction via `/Sign`, running the ceremony internally.
+   * `params.KeyId` is required.
+   *
+   * ⚠️ STRICT MODE: unlike {@link signHashWithCeremony} / {@link signTypedDataWithCeremony},
+   * this does NOT auto-bind a payload commitment, because the TA derives the signed digest
+   * from `Message` / `Transaction` host-side (EIP-191 / RLP) and the SDK can't reproduce it
+   * byte-exactly for every input. So it sends the RAW nonce by default — which the KMS will
+   * REJECT once strict mode (#63) is on. For strict-safe signing either:
+   *   - pass `options.payload` = the exact digest the TA will sign (you computed it), or
+   *   - prefer {@link signHashWithCeremony} (commits to a known 32-byte hash).
    */
   async signWithCeremony(params, signer, options) {
     this.ensureEnabled();
     const WebAuthn = await this.runAuthenticationCeremony(params.KeyId, signer, options);
     return this.sign({ ...params, WebAuthn });
   }
-  /** Sign a 32-byte digest, running the challenge-binding ceremony internally. */
+  /**
+   * Sign a 32-byte digest, running the challenge-binding ceremony internally.
+   * Binds the challenge to `hash` (WYSIWYS commitment, #68) by default — pass an
+   * explicit `options.payload` only to override.
+   */
   async signHashWithCeremony(hash, target, signer, options) {
     this.ensureEnabled();
-    const assertion = await this.runAuthenticationCeremony(target.KeyId, signer, options);
+    const assertion = await this.runAuthenticationCeremony(target.KeyId, signer, {
+      ...options,
+      payload: options?.payload ?? hash
+    });
     return this.signHashWithWebAuthn(hash, assertion.ChallengeId, assertion.Credential, target);
   }
-  /** Sign EIP-712 typed data, running the challenge-binding ceremony internally. */
+  /**
+   * Sign EIP-712 typed data, running the challenge-binding ceremony internally.
+   * Auto-binds the WYSIWYS commitment (#68): the ceremony challenge is
+   * `SHA-256(nonce ‖ eip712Digest)`, where `eip712Digest` is the standard EIP-712
+   * digest the KMS hashes host-side — computed here via {@link eip712Digest} so the
+   * user's signature commits to the exact typed-data payload. Pass an explicit
+   * `options.payload` only to override.
+   */
   async signTypedDataWithCeremony(params, signer, options) {
     this.ensureEnabled();
-    const webAuthnAssertion = await this.runAuthenticationCeremony(params.keyId, signer, options);
+    const payload = options?.payload ?? eip712Digest(params);
+    const webAuthnAssertion = await this.runAuthenticationCeremony(params.keyId, signer, {
+      ...options,
+      payload
+    });
     return this.signTypedDataWithWebAuthn({ ...params, webAuthnAssertion });
   }
   /**
@@ -4545,7 +4760,10 @@ var KmsManager = class {
    */
   async signGrantSessionWithCeremony(params, signer, options) {
     this.ensureEnabled();
-    const webAuthnAssertion = await this.runGrantSessionCeremony(params.keyId, signer, options);
+    const webAuthnAssertion = await this.runGrantSessionCeremony(params.keyId, signer, {
+      ...options,
+      payload: options?.payload ?? grantSessionFinalHash(params)
+    });
     return this.signGrantSession({ ...params, webAuthnAssertion });
   }
   /**
@@ -4554,7 +4772,10 @@ var KmsManager = class {
    */
   async signP256GrantSessionWithCeremony(params, signer, options) {
     this.ensureEnabled();
-    const webAuthnAssertion = await this.runGrantSessionCeremony(params.keyId, signer, options);
+    const webAuthnAssertion = await this.runGrantSessionCeremony(params.keyId, signer, {
+      ...options,
+      payload: options?.payload ?? grantSessionFinalHash(params)
+    });
     return this.signP256GrantSession({ ...params, webAuthnAssertion });
   }
   // ── WebAuthn Ceremonies ─────────────────────────────────────────
@@ -4583,27 +4804,100 @@ var KmsManager = class {
     return this.client.post("/BeginAuthentication", { KeyId: keyId });
   }
   // ── Factory ─────────────────────────────────────────────────────
+  /**
+   * Create a KMS signer that authorizes each signature with a LEGACY raw passkey
+   * assertion (reusable, no challenge consumption).
+   *
+   * @deprecated The KMS (v0.20.0+) rejects legacy raw passkey assertions for
+   * signing/mutating operations (`/SignHash` → 400, "no challenge binding —
+   * replayable"), unless `KMS_ALLOW_LEGACY_PASSKEY=1` is set on the KMS (test
+   * only). Prefer {@link createKmsSignerWithCeremony}, which runs a one-time
+   * challenge-bound WebAuthn ceremony per signature.
+   */
   createKmsSigner(keyId, address, assertionProvider) {
     this.ensureEnabled();
-    return new KmsSigner(keyId, address, this, assertionProvider);
+    return new KmsSigner(keyId, address, this, { mode: "legacy", assertionProvider });
+  }
+  /**
+   * Create a KMS signer that authorizes each signature with a one-time,
+   * challenge-bound WebAuthn ceremony (production-safe; replay-protected).
+   *
+   * Every `signMessage` call runs a FRESH ceremony (BeginAuthentication →
+   * authenticator assertion → `/SignHash` with the `WebAuthn` field), because the
+   * KMS consumes the challenge atomically (one challenge ⇒ one signature). A
+   * Tier-2/3 BLS transfer that needs N owner signatures therefore triggers N
+   * ceremonies — see {@link BLSSignatureService} (which now skips the unused
+   * userOpHash owner-ECDSA for tiered signatures, so Tier-2 needs only one).
+   *
+   * @param ceremonySigner authenticator that signs the WebAuthn challenge
+   *   (a browser passkey on the client, or {@link P256PasskeySigner} server-side).
+   */
+  createKmsSignerWithCeremony(keyId, address, ceremonySigner, ceremonyOptions, commitPayload = true) {
+    this.ensureEnabled();
+    return new KmsSigner(keyId, address, this, {
+      mode: "ceremony",
+      ceremonySigner,
+      ceremonyOptions,
+      commitPayload
+    });
   }
 };
 var KmsSigner = class {
-  constructor(keyId, _address, kmsManager, assertionProvider) {
+  constructor(keyId, _address, kmsManager, auth) {
     this.keyId = keyId;
     this._address = _address;
     this.kmsManager = kmsManager;
-    this.assertionProvider = assertionProvider;
+    this.auth = auth;
   }
   async getAddress() {
     return this._address;
   }
-  async signMessage(message) {
+  /**
+   * EIP-191 personal-sign over a digest. A string is hashed as UTF-8 text, a byte
+   * array as raw bytes — byte-identical to ethers `hashMessage`.
+   *
+   * @param webAuthnAssertion OPTIONAL pre-built, one-time ceremony assertion. Use
+   *   this in server flows where the passkey lives on the USER's device: the
+   *   frontend runs the BeginAuthentication ceremony and the backend forwards the
+   *   resulting `{ ChallengeId, Credential }` here. When supplied it takes
+   *   precedence over the signer's baked-in auth mode. Each assertion is one-time
+   *   (the KMS consumes the challenge), so a caller that needs N signatures must
+   *   supply N distinct assertions.
+   *
+   *   WYSIWYS (AirAccount #68): the frontend MUST build the assertion over the
+   *   payload-committed challenge `commitChallenge(nonce, hashOf(message))`, not the
+   *   raw nonce — otherwise a compromised host could swap the signed payload. The
+   *   raw-nonce assertion only works while the KMS runs in transition mode. (The
+   *   signer's own ceremony mode does this automatically.)
+   */
+  async signMessage(message, webAuthnAssertion) {
     const messageHash = hashMessage(message);
-    const assertion = await this.assertionProvider();
-    const signResponse = await this.kmsManager.signHash(messageHash, assertion, {
-      Address: this._address
-    });
+    const target = { Address: this._address };
+    if (webAuthnAssertion) {
+      const signResponse2 = await this.kmsManager.signHashWithWebAuthn(
+        messageHash,
+        webAuthnAssertion.ChallengeId,
+        webAuthnAssertion.Credential,
+        target
+      );
+      return "0x" + signResponse2.Signature;
+    }
+    if (this.auth.mode === "ceremony") {
+      const assertion2 = await this.kmsManager.runAuthenticationCeremony(
+        this.keyId,
+        this.auth.ceremonySigner,
+        this.auth.commitPayload ? { ...this.auth.ceremonyOptions, payload: messageHash } : this.auth.ceremonyOptions
+      );
+      const signResponse2 = await this.kmsManager.signHashWithWebAuthn(
+        messageHash,
+        assertion2.ChallengeId,
+        assertion2.Credential,
+        target
+      );
+      return "0x" + signResponse2.Signature;
+    }
+    const assertion = await this.auth.assertionProvider();
+    const signResponse = await this.kmsManager.signHash(messageHash, assertion, target);
     return "0x" + signResponse.Signature;
   }
 };
@@ -4666,7 +4960,15 @@ var KmsAgentService = class {
   // challenge bound to the HUMAN key. These helpers run the full ceremony
   // (begin → clientDataJSON → assertion) via the shared
   // {@link runAuthenticationCeremony} helper, then invoke the endpoint.
-  /** Mint an agent key, running the challenge-binding ceremony internally. */
+  /**
+   * Mint an agent key, running the challenge-binding ceremony internally.
+   *
+   * STRICT MODE (AirAccount #115): bind the mint params by passing `options.payload =
+   * mintDigest({ kind: "agent", walletId, index, ttlSecs, subject })` — `index` is the
+   * agent_index the KMS will assign (query it first), `subject` the JWT sub (human key id),
+   * `ttlSecs` the JWT lifetime. Without a payload the ceremony sends the raw nonce, which
+   * strict mode rejects.
+   */
   async createAgentKeyWithCeremony(params, signer, options) {
     this.http.ensureEnabled();
     const webAuthnAssertion = await runAuthenticationCeremony(
@@ -4753,7 +5055,15 @@ var KmsSessionService = class {
   // Create + revoke gate on the generic purpose="authentication" challenge bound
   // to the HUMAN key. These helpers run the full ceremony (begin → clientDataJSON
   // → assertion) via the shared {@link runAuthenticationCeremony} helper.
-  /** Create a P-256 session key, running the challenge-binding ceremony internally. */
+  /**
+   * Create a P-256 session key, running the challenge-binding ceremony internally.
+   *
+   * STRICT MODE (AirAccount #115): bind the mint params by passing `options.payload =
+   * mintDigest({ kind: "p256", walletId, index, ttlSecs, subject })` — `index` is the
+   * session_index the KMS will assign (query it first), `subject` the JWT sub (human key
+   * id), `ttlSecs` the JWT lifetime. Without a payload the ceremony sends the raw nonce,
+   * which strict mode rejects.
+   */
   async createP256SessionKeyWithCeremony(params, signer, options) {
     this.http.ensureEnabled();
     const webAuthnAssertion = await runAuthenticationCeremony(
@@ -4817,7 +5127,108 @@ var KmsPaymentSigner = class {
     this.http.ensureEnabled();
     return this.signWithAuth("/kms/SignX402Payment", { ...params }, auth);
   }
+  // ── Ceremony-internal variants with WYSIWYS payload commitment (#68 / #135 item 1) ──
+  // Each payment endpoint is a fixed-schema SignTypedData host-side, so the commitment
+  // payload is the EIP-712 digest of that schema. We compute it SDK-side (digest helpers
+  // below, schemas mirrored from kms/host/src/api_server.rs) and bind the ceremony
+  // challenge to it: challenge = SHA-256(nonce ‖ eip712Digest). Live-verified against KMS.
+  /** Sign a MicroPaymentChannel voucher, running the committed ceremony internally. */
+  async signMicropaymentVoucherWithCeremony(params, signer, options) {
+    this.http.ensureEnabled();
+    const webAuthnAssertion = await runAuthenticationCeremony(this.http, params.keyId, signer, {
+      ...options,
+      payload: micropaymentVoucherDigest(params)
+    });
+    return this.signMicropaymentVoucher(params, { webAuthnAssertion });
+  }
+  /** Sign a GToken EIP-3009 authorization, running the committed ceremony internally. */
+  async signGTokenAuthorizationWithCeremony(params, signer, options) {
+    this.http.ensureEnabled();
+    const webAuthnAssertion = await runAuthenticationCeremony(this.http, params.keyId, signer, {
+      ...options,
+      payload: gTokenAuthorizationDigest(params)
+    });
+    return this.signGTokenAuthorization(params, { webAuthnAssertion });
+  }
+  /** Sign an x402 payment, running the committed ceremony internally. */
+  async signX402PaymentWithCeremony(params, signer, options) {
+    this.http.ensureEnabled();
+    const webAuthnAssertion = await runAuthenticationCeremony(this.http, params.keyId, signer, {
+      ...options,
+      payload: x402PaymentDigest(params)
+    });
+    return this.signX402Payment(params, { webAuthnAssertion });
+  }
 };
+function micropaymentVoucherDigest(p) {
+  return eip712Digest({
+    domain: { name: "MicroPaymentChannel", version: "1.0.0", chainId: p.chainId, verifyingContract: p.verifyingContract },
+    primaryType: "Voucher",
+    types: [
+      {
+        name: "Voucher",
+        fields: [
+          { name: "channelId", type: "bytes32" },
+          { name: "cumulativeAmount", type: "uint256" }
+        ]
+      }
+    ],
+    message: [
+      { name: "channelId", value: p.channelId },
+      { name: "cumulativeAmount", value: p.cumulativeAmount }
+    ]
+  });
+}
+function gTokenAuthorizationDigest(p) {
+  return eip712Digest({
+    domain: { name: "GToken", version: "1", chainId: p.chainId, verifyingContract: p.gTokenAddress },
+    primaryType: "TransferWithAuthorization",
+    types: [
+      {
+        name: "TransferWithAuthorization",
+        fields: [
+          { name: "from", type: "address" },
+          { name: "to", type: "address" },
+          { name: "value", type: "uint256" },
+          { name: "validAfter", type: "uint256" },
+          { name: "validBefore", type: "uint256" },
+          { name: "nonce", type: "bytes32" }
+        ]
+      }
+    ],
+    message: [
+      { name: "from", value: p.from },
+      { name: "to", value: p.to },
+      { name: "value", value: p.value },
+      { name: "validAfter", value: p.validAfter },
+      { name: "validBefore", value: p.validBefore },
+      { name: "nonce", value: p.nonce }
+    ]
+  });
+}
+function x402PaymentDigest(p) {
+  return eip712Digest({
+    domain: { name: "SuperPaymaster", version: "1", chainId: p.chainId, verifyingContract: p.verifyingContract },
+    primaryType: "PaymentPayload",
+    types: [
+      {
+        name: "PaymentPayload",
+        fields: [
+          { name: "paymentId", type: "bytes32" },
+          { name: "amount", type: "uint256" },
+          { name: "recipient", type: "address" },
+          { name: "deadline", type: "uint256" }
+        ]
+      }
+    ],
+    message: [
+      { name: "paymentId", value: p.paymentId },
+      { name: "amount", value: p.amount },
+      { name: "recipient", value: p.recipient },
+      { name: "deadline", value: p.deadline }
+    ]
+  });
+}
 
 // ../airaccount/src/server/services/kms-monitor-service.ts
 var KmsMonitorService = class {
@@ -4989,6 +5400,37 @@ var LocalWalletSigner = class {
     return { address: this.account.address };
   }
 };
+
+// ../airaccount/src/server/adapters/kms-signer-adapter.ts
+var KmsSignerAdapter = class {
+  constructor(kms, resolveKey) {
+    this.kms = kms;
+    this.resolveKey = resolveKey;
+  }
+  async getAddress(userId) {
+    return (await this.resolveKey(userId)).address;
+  }
+  async ensureSigner(userId) {
+    return { address: (await this.resolveKey(userId)).address };
+  }
+  async signMessage(userId, message, ctx) {
+    const { address } = await this.resolveKey(userId);
+    const hash = hashMessage(message);
+    const target = { Address: address };
+    if (ctx && "webAuthnAssertion" in ctx) {
+      const { ChallengeId, Credential } = ctx.webAuthnAssertion;
+      const res = await this.kms.signHashWithWebAuthn(hash, ChallengeId, Credential, target);
+      return "0x" + res.Signature;
+    }
+    if (ctx && "assertion" in ctx) {
+      const res = await this.kms.signHash(hash, ctx.assertion, target);
+      return "0x" + res.Signature;
+    }
+    throw new Error(
+      "KmsSignerAdapter: KMS signing requires an auth context \u2014 pass a one-time WebAuthnCeremonyContext { webAuthnAssertion } (preferred)."
+    );
+  }
+};
 /*! Bundled license information:
 
 @noble/curves/nist.js:
@@ -5041,6 +5483,7 @@ exports.KmsMonitorService = KmsMonitorService;
 exports.KmsPaymentSigner = KmsPaymentSigner;
 exports.KmsSessionService = KmsSessionService;
 exports.KmsSigner = KmsSigner;
+exports.KmsSignerAdapter = KmsSignerAdapter;
 exports.L2_TYPE = L2_TYPE;
 exports.LocalWalletSigner = LocalWalletSigner;
 exports.MAX_GUARDIANS = MAX_GUARDIANS;
@@ -5076,15 +5519,21 @@ exports.buildClientDataJSON = buildClientDataJSON;
 exports.buildFullInitConfig = buildFullInitConfig;
 exports.buildInstallModuleHash = buildInstallModuleHash;
 exports.buildUninstallModuleHash = buildUninstallModuleHash;
+exports.commitChallenge = commitChallenge;
 exports.computeOapdSalt = computeOapdSalt;
+exports.eip712Digest = eip712Digest;
 exports.erc8004AddressesForChain = erc8004AddressesForChain;
+exports.gTokenAuthorizationDigest = gTokenAuthorizationDigest;
 exports.getOapdAddress = getOapdAddress;
 exports.getOapdAddressWithChainId = getOapdAddressWithChainId;
+exports.grantSessionFinalHash = grantSessionFinalHash;
 exports.initConfigFromRecord = initConfigFromRecord;
 exports.initConfigToTuple = initConfigToTuple;
 exports.isExecuteUserOpWrapped = isExecuteUserOpWrapped;
 exports.isOapdDeployed = isOapdDeployed;
 exports.isPendingConfirmation = isPendingConfirmation;
+exports.micropaymentVoucherDigest = micropaymentVoucherDigest;
+exports.mintDigest = mintDigest;
 exports.packP256SessionSignature = packP256SessionSignature;
 exports.packSecp256k1SessionSignature = packSecp256k1SessionSignature;
 exports.runAuthenticationCeremony = runAuthenticationCeremony;
@@ -5095,5 +5544,6 @@ exports.serializeGuardianSpecs = serializeGuardianSpecs;
 exports.toGuardianSpecs = toGuardianSpecs;
 exports.validateConfig = validateConfig;
 exports.wrapExecuteUserOp = wrapExecuteUserOp;
-//# sourceMappingURL=chunk-4Q6FADF6.cjs.map
-//# sourceMappingURL=chunk-4Q6FADF6.cjs.map
+exports.x402PaymentDigest = x402PaymentDigest;
+//# sourceMappingURL=chunk-UZE7IPOK.cjs.map
+//# sourceMappingURL=chunk-UZE7IPOK.cjs.map