@aastar/sdk 0.24.2 → 0.26.0

package/dist/{chunk-BPAAWQQA.js → chunk-4GJSK7E6.js}

@@ -1,7 +1,7 @@
 import { selectorFromId, keccak256, solidityPacked, ERC4337Utils, BLSManager, resolveTier, algIdForTier, encodeAbiParams, ecdsa, ALG_CUMULATIVE_T3, ALG_CUMULATIVE_T2, ALG_P256, ALG_ECDSA, ALG_BLS, weierstrass, sha256 } from './chunk-X3AMH53O.js';
-import { buildInitConfig, needsValidatorRouter, airAccountActions, airAccountFactoryActions } from './chunk-EEWLL7GE.js';
-import { CANONICAL_ADDRESSES, getCanonicalAddresses } from './chunk-UCLK6LTB.js';
-import { parseAbi, createPublicClient, http, getContract, formatEther, parseUnits, parseEther, encodeFunctionData, zeroAddress, concat, numberToHex, hexToBytes, formatUnits, encodeAbiParameters, keccak256 as keccak256$1, hashMessage as hashMessage$1, toRlp, concatHex, recoverAddress as recoverAddress$1 } from 'viem';
+import { buildInitConfig, needsValidatorRouter, airAccountActions, airAccountFactoryActions } from './chunk-6DZCDV4Q.js';
+import { CANONICAL_ADDRESSES, getCanonicalAddresses } from './chunk-MBWBHKUE.js';
+import { parseAbi, createPublicClient, http, getContract, formatEther, parseUnits, parseEther, encodeFunctionData, zeroAddress, concat, numberToHex, hexToBytes, formatUnits, encodeAbiParameters, keccak256 as keccak256$1, hashTypedData, encodePacked, hashMessage as hashMessage$1, toRlp, concatHex, recoverAddress as recoverAddress$1 } from 'viem';
 import axios from 'axios';
 import { createHash } from 'crypto';
 import { privateKeyToAccount } from 'viem/accounts';
@@ -1610,7 +1610,12 @@ var TransferManager = class {
     );
     const userOpHash = await this.ethereum.getUserOpHash(userOp, version);
     await this.signer.ensureSigner(userId);
-    const assertionCtx = params.passkeyAssertion ? { assertion: params.passkeyAssertion } : void 0;
+    if (params.webAuthnAssertion && params.passkeyAssertion) {
+      throw new Error(
+        "Provide either webAuthnAssertion (preferred) or passkeyAssertion, not both."
+      );
+    }
+    const assertionCtx = params.webAuthnAssertion ? { webAuthnAssertion: params.webAuthnAssertion } : params.passkeyAssertion ? { assertion: params.passkeyAssertion } : void 0;
     let useECDSA = false;
     let isCompositeValidator = false;
     if (version === "0.7" /* V0_7 */ || version === "0.8" /* V0_8 */) {
@@ -1620,6 +1625,11 @@ var TransferManager = class {
         account.address
       ));
     }
+    if (assertionCtx && "webAuthnAssertion" in assertionCtx && !useECDSA && !(params.useAirAccountTiering && this.guardChecker)) {
+      throw new Error(
+        "A one-time webAuthnAssertion cannot authorize the legacy non-tiered BLS dual-sign (two owner signatures, one spent challenge). Use useAirAccountTiering:true (single owner signature), or supply two assertions via the legacy path."
+      );
+    }
     if (useECDSA) {
       const ecdsaSig = await this.signer.signMessage(
         userId,
@@ -2116,7 +2126,7 @@ var BLSSignatureService = class {
     }
     return nodes;
   }
-  async generateBLSSignature(userId, userOpHash, ctx) {
+  async generateBLSSignature(userId, userOpHash, ctx, options) {
     const manager = await this.ensureInitialized();
     const activeNodes = await this.getActiveSignerNodes();
     if (activeNodes.length < 1) {
@@ -2175,11 +2185,7 @@ var BLSSignatureService = class {
         `Wallet address mismatch! Wallet: ${walletAddress}, Expected: ${account.signerAddress}`
       );
     }
-    const aaSignature = await this.signer.signMessage(
-      userId,
-      hexToBytes(userOpHash),
-      ctx
-    );
+    const aaSignature = options?.skipOwnerOpSignature ? "0x" : await this.signer.signMessage(userId, hexToBytes(userOpHash), ctx);
     const messagePointHash = keccak256(messagePoint);
     const messagePointSignature = await this.signer.signMessage(
       userId,
@@ -2196,6 +2202,11 @@ var BLSSignatureService = class {
     };
   }
   async packSignature(blsData) {
+    if (!blsData.aaSignature || blsData.aaSignature === "0x") {
+      throw new Error(
+        "packSignature requires aaSignature; this BLSSignatureData was generated with skipOwnerOpSignature (Tier-2/3 only). Use packCumulativeT2/T3Signature instead."
+      );
+    }
     const manager = await this.ensureInitialized();
     return manager.packSignature(blsData);
   }
@@ -2225,7 +2236,9 @@ var BLSSignatureService = class {
     if (!p256Signature) {
       throw new Error(`P256 signature required for Tier ${tier}`);
     }
-    const blsData = await this.generateBLSSignature(userId, userOpHash, ctx);
+    const blsData = await this.generateBLSSignature(userId, userOpHash, ctx, {
+      skipOwnerOpSignature: true
+    });
     if (tier === 2) {
       const t2Data = {
         p256Signature,
@@ -2253,6 +2266,84 @@ var BLSSignatureService = class {
     return manager.packCumulativeT3Signature(t3Data);
   }
 };
+var ALG_NAMES = {
+  [ALG_BLS]: "BLS (0x01)",
+  [ALG_ECDSA]: "ECDSA (0x02)",
+  [ALG_P256]: "P256 (0x03)",
+  [ALG_CUMULATIVE_T2]: "Cumulative T2 (0x04)",
+  [ALG_CUMULATIVE_T3]: "Cumulative T3 (0x05)"
+};
+var GuardChecker = class {
+  constructor(ethereum, logger) {
+    this.ethereum = ethereum;
+    this.logger = logger ?? new ConsoleLogger("[GuardChecker]");
+  }
+  logger;
+  /**
+   * Fetch tier limits from an AirAccount contract.
+   */
+  async fetchTierConfig(accountAddress) {
+    const account = this.ethereum.getAccountContract(accountAddress);
+    return readAccountTierLimits(account);
+  }
+  /**
+   * Fetch guard status from the account's GlobalGuard.
+   */
+  async fetchGuardStatus(accountAddress) {
+    const account = this.ethereum.getAccountContract(accountAddress);
+    const guardAddress = await readAccountGuardAddress(account);
+    if (guardAddress === zeroAddress) {
+      return {
+        hasGuard: false,
+        guardAddress: zeroAddress,
+        dailyLimit: 0n,
+        dailyRemaining: 0n
+      };
+    }
+    const guard = getContract({
+      address: guardAddress,
+      abi: parseAbi(GLOBAL_GUARD_ABI),
+      client: this.ethereum.getProvider()
+    });
+    const { dailyLimit, dailyRemaining } = await readGuardDailyAllowance(guard);
+    return {
+      hasGuard: true,
+      guardAddress,
+      dailyLimit,
+      dailyRemaining
+    };
+  }
+  /**
+   * Pre-check a transaction: determine tier, check guard limits and algorithm approval.
+   * Returns errors array (empty = OK to proceed).
+   */
+  async preCheck(accountAddress, value) {
+    const errors = [];
+    const tierConfig = await this.fetchTierConfig(accountAddress);
+    const tier = resolveTier(value, tierConfig);
+    const algId = algIdForTier(tier);
+    const guard = await this.fetchGuardStatus(accountAddress);
+    if (!guard.hasGuard) {
+      return { ok: true, errors: [], tier, algId };
+    }
+    if (guard.dailyLimit > 0n && value > guard.dailyRemaining) {
+      errors.push(
+        `Daily limit exceeded: requesting ${value} wei but only ${guard.dailyRemaining} remaining (limit: ${guard.dailyLimit})`
+      );
+    }
+    const accountContract = this.ethereum.getAccountContract(accountAddress);
+    const isApproved = await readAlgorithmApproved(accountContract, algId);
+    if (!isApproved) {
+      errors.push(
+        `Algorithm ${ALG_NAMES[algId] ?? `0x${algId.toString(16)}`} is not approved by the account`
+      );
+    }
+    if (errors.length > 0) {
+      this.logger.warn(`Pre-check failed for ${accountAddress}: ${errors.join("; ")}`);
+    }
+    return { ok: errors.length === 0, errors, tier, algId };
+  }
+};
 var ERC20_ABI_PARSED = parseAbi(ERC20_ABI);
 var TokenService = class {
   constructor(ethereum) {
@@ -2379,7 +2470,8 @@ var AirAccountServerClient = class {
       this.tokens,
       config.storage,
       config.signer,
-      logger
+      logger,
+      new GuardChecker(this.ethereum, logger)
     );
   }
 };
@@ -2914,84 +3006,6 @@ async function isOapdDeployed(provider, config) {
   const code = await provider.getCode({ address });
   return code !== void 0 && code !== "0x";
 }
-var ALG_NAMES = {
-  [ALG_BLS]: "BLS (0x01)",
-  [ALG_ECDSA]: "ECDSA (0x02)",
-  [ALG_P256]: "P256 (0x03)",
-  [ALG_CUMULATIVE_T2]: "Cumulative T2 (0x04)",
-  [ALG_CUMULATIVE_T3]: "Cumulative T3 (0x05)"
-};
-var GuardChecker = class {
-  constructor(ethereum, logger) {
-    this.ethereum = ethereum;
-    this.logger = logger ?? new ConsoleLogger("[GuardChecker]");
-  }
-  logger;
-  /**
-   * Fetch tier limits from an AirAccount contract.
-   */
-  async fetchTierConfig(accountAddress) {
-    const account = this.ethereum.getAccountContract(accountAddress);
-    return readAccountTierLimits(account);
-  }
-  /**
-   * Fetch guard status from the account's GlobalGuard.
-   */
-  async fetchGuardStatus(accountAddress) {
-    const account = this.ethereum.getAccountContract(accountAddress);
-    const guardAddress = await readAccountGuardAddress(account);
-    if (guardAddress === zeroAddress) {
-      return {
-        hasGuard: false,
-        guardAddress: zeroAddress,
-        dailyLimit: 0n,
-        dailyRemaining: 0n
-      };
-    }
-    const guard = getContract({
-      address: guardAddress,
-      abi: parseAbi(GLOBAL_GUARD_ABI),
-      client: this.ethereum.getProvider()
-    });
-    const { dailyLimit, dailyRemaining } = await readGuardDailyAllowance(guard);
-    return {
-      hasGuard: true,
-      guardAddress,
-      dailyLimit,
-      dailyRemaining
-    };
-  }
-  /**
-   * Pre-check a transaction: determine tier, check guard limits and algorithm approval.
-   * Returns errors array (empty = OK to proceed).
-   */
-  async preCheck(accountAddress, value) {
-    const errors = [];
-    const tierConfig = await this.fetchTierConfig(accountAddress);
-    const tier = resolveTier(value, tierConfig);
-    const algId = algIdForTier(tier);
-    const guard = await this.fetchGuardStatus(accountAddress);
-    if (!guard.hasGuard) {
-      return { ok: true, errors: [], tier, algId };
-    }
-    if (guard.dailyLimit > 0n && value > guard.dailyRemaining) {
-      errors.push(
-        `Daily limit exceeded: requesting ${value} wei but only ${guard.dailyRemaining} remaining (limit: ${guard.dailyLimit})`
-      );
-    }
-    const accountContract = this.ethereum.getAccountContract(accountAddress);
-    const isApproved = await readAlgorithmApproved(accountContract, algId);
-    if (!isApproved) {
-      errors.push(
-        `Algorithm ${ALG_NAMES[algId] ?? `0x${algId.toString(16)}`} is not approved by the account`
-      );
-    }
-    if (errors.length > 0) {
-      this.logger.warn(`Pre-check failed for ${accountAddress}: ${errors.join("; ")}`);
-    }
-    return { ok: errors.length === 0, errors, tier, algId };
-  }
-};
 var FORCE_EXIT_ABI = [
   // ERC-7579 module lifecycle
   "function onInstall(bytes calldata data) external",
@@ -4181,6 +4195,9 @@ function hexToBytes4(hex) {
   if (clean.length % 2 !== 0) {
     throw new Error("hexToBytes: odd-length hex string");
   }
+  if (clean.length > 0 && !/^[0-9a-fA-F]+$/.test(clean)) {
+    throw new Error("hexToBytes: non-hex characters in input");
+  }
   const out = new Uint8Array(clean.length / 2);
   for (let i = 0; i < out.length; i++) {
     out[i] = parseInt(clean.slice(i * 2, i * 2 + 2), 16);
@@ -4215,11 +4232,14 @@ function buildClientDataJSON(challenge, origin = DEFAULT_ORIGIN) {
   return new TextEncoder().encode(json);
 }
 function buildAuthenticatorData(rpId = DEFAULT_RP_ID, signCount = 1) {
+  if (!Number.isInteger(signCount) || signCount < 0 || signCount > 4294967295) {
+    throw new Error(`buildAuthenticatorData: signCount must be a uint32 (0..2^32-1), got ${signCount}`);
+  }
   const rpIdHash = createHash("sha256").update(rpId).digest();
   const out = new Uint8Array(37);
   out.set(rpIdHash, 0);
   out[32] = 5;
-  new DataView(out.buffer).setUint32(33, signCount >>> 0, false);
+  new DataView(out.buffer).setUint32(33, signCount, false);
   return out;
 }
 async function buildAuthenticationCredential(opts) {
@@ -4244,23 +4264,42 @@ async function buildAuthenticationCredential(opts) {
     }
   };
 }
+function commitChallenge(nonceBase64Url, payload) {
+  const nonce = base64UrlDecode(nonceBase64Url);
+  const payloadBytes = typeof payload === "string" ? hexToBytes4(payload) : payload;
+  if (payloadBytes.length !== 32) {
+    throw new Error(`commitChallenge: payload must be a 32-byte digest, got ${payloadBytes.length} bytes`);
+  }
+  const committed = createHash("sha256").update(nonce).update(payloadBytes).digest();
+  return base64UrlEncode(new Uint8Array(committed));
+}
 async function runWebAuthnCeremony(begin, options) {
   const begun = await begin();
-  const challenge = begun?.Options?.challenge;
-  if (!begun?.ChallengeId || !challenge) {
+  const nonce = begun?.Options?.challenge;
+  if (!begun?.ChallengeId || !nonce) {
     throw new Error(
       "WebAuthn ceremony: begin endpoint did not return a ChallengeId + Options.challenge"
     );
   }
+  const challenge = options.payload ? commitChallenge(nonce, options.payload) : nonce;
   const credential = await buildAuthenticationCredential({
     challenge,
     signer: options.signer,
     rpId: options.rpId,
     origin: options.origin,
-    signCount: options.signCount
+    // The KMS enforces a strictly-increasing authenticator signCount (anti-clone). A
+    // server-held signer (P256PasskeySigner) has no native counter, so default to a
+    // monotonic value — else a second signature on the same key fails
+    // "signCount not incremented". A real device passkey passes its own counter.
+    signCount: options.signCount ?? nextSignCount()
   });
   return { ChallengeId: begun.ChallengeId, Credential: credential };
 }
+var _signCountCounter = Math.floor(Date.now() / 1e3);
+function nextSignCount() {
+  _signCountCounter = _signCountCounter + 1 >>> 0;
+  return _signCountCounter;
+}
 function beginAuthenticationChallenge(http2, keyId) {
   return http2.post("/BeginAuthentication", { KeyId: keyId });
 }
@@ -4283,6 +4322,133 @@ function runGrantSessionCeremony(http2, keyId, signer, options) {
 }
 
 // ../airaccount/src/server/services/kms-signer.ts
+function eip712Digest(params) {
+  const types = Object.fromEntries(
+    params.types.filter((t) => t.name !== "EIP712Domain").map((t) => [t.name, t.fields])
+  );
+  const message = Object.fromEntries(params.message.map((f) => [f.name, f.value]));
+  return hashTypedData({
+    domain: params.domain,
+    types,
+    primaryType: params.primaryType,
+    message
+  });
+}
+function u256(x) {
+  if (typeof x === "number" && !Number.isSafeInteger(x)) {
+    throw new Error(`u256: number ${x} exceeds safe-integer range \u2014 pass a bigint or string`);
+  }
+  return BigInt(x);
+}
+var MINT_TAGS = { agent: "AA-AGENT-MINT-v1", p256: "AA-P256-SESSION-MINT-v1" };
+function mintDigest(p) {
+  const hex = p.walletId.replace(/-/g, "");
+  if (hex.length !== 32 || !/^[0-9a-fA-F]+$/.test(hex)) {
+    throw new Error("mintDigest: walletId must be a 16-byte UUID");
+  }
+  if (!Number.isInteger(p.index) || p.index < 0 || p.index > 4294967295) {
+    throw new Error(`mintDigest: index must be a uint32, got ${p.index}`);
+  }
+  if (typeof p.ttlSecs === "number" && !Number.isInteger(p.ttlSecs)) {
+    throw new Error(`mintDigest: ttlSecs must be an integer, got ${p.ttlSecs}`);
+  }
+  const ttlBig = BigInt(p.ttlSecs);
+  if (ttlBig < -(1n << 63n) || ttlBig > (1n << 63n) - 1n) {
+    throw new Error(`mintDigest: ttlSecs out of int64 range: ${ttlBig}`);
+  }
+  const sha2562 = (b) => new Uint8Array(createHash("sha256").update(b).digest());
+  const utf8 = (s) => new TextEncoder().encode(s);
+  const walletBytes = new Uint8Array(16);
+  for (let i = 0; i < 16; i++) walletBytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+  const idx = new Uint8Array(4);
+  new DataView(idx.buffer).setUint32(0, p.index, false);
+  const ttl = new Uint8Array(8);
+  new DataView(ttl.buffer).setBigInt64(0, ttlBig, false);
+  const parts = [utf8(MINT_TAGS[p.kind]), walletBytes, idx, ttl, sha2562(utf8(p.subject))];
+  const total = parts.reduce((n, a) => n + a.length, 0);
+  const buf = new Uint8Array(total);
+  let off = 0;
+  for (const a of parts) {
+    buf.set(a, off);
+    off += a.length;
+  }
+  return "0x" + Buffer.from(sha2562(buf)).toString("hex");
+}
+function grantSessionFinalHash(p) {
+  const callTargetsHash = keccak256$1(encodePacked(["address[]"], [p.callTargets]));
+  const selectorsHash = keccak256$1(encodePacked(["bytes4[]"], [p.selectorAllowlist]));
+  const isP256 = "keyX" in p;
+  const inner = isP256 ? keccak256$1(
+    encodeAbiParameters(
+      [
+        { type: "string" },
+        { type: "uint256" },
+        { type: "address" },
+        { type: "address" },
+        { type: "bytes32" },
+        { type: "bytes32" },
+        { type: "uint48" },
+        { type: "address" },
+        { type: "bytes4" },
+        { type: "uint16" },
+        { type: "uint32" },
+        { type: "bytes32" },
+        { type: "bytes32" },
+        { type: "uint256" }
+      ],
+      [
+        "GRANT_P256_SESSION_V2",
+        u256(p.chainId),
+        p.verifyingContract,
+        p.account,
+        p.keyX,
+        p.keyY,
+        p.expiry,
+        p.contractScope,
+        p.selectorScope,
+        p.velocityLimit,
+        p.velocityWindow,
+        callTargetsHash,
+        selectorsHash,
+        u256(p.nonce)
+      ]
+    )
+  ) : keccak256$1(
+    encodeAbiParameters(
+      [
+        { type: "string" },
+        { type: "uint256" },
+        { type: "address" },
+        { type: "address" },
+        { type: "address" },
+        { type: "uint48" },
+        { type: "address" },
+        { type: "bytes4" },
+        { type: "uint16" },
+        { type: "uint32" },
+        { type: "bytes32" },
+        { type: "bytes32" },
+        { type: "uint256" }
+      ],
+      [
+        "GRANT_SESSION_V2",
+        u256(p.chainId),
+        p.verifyingContract,
+        p.account,
+        p.sessionKey,
+        p.expiry,
+        p.contractScope,
+        p.selectorScope,
+        p.velocityLimit,
+        p.velocityWindow,
+        callTargetsHash,
+        selectorsHash,
+        u256(p.nonce)
+      ]
+    )
+  );
+  return hashMessage$1({ raw: inner });
+}
 var KmsManager = class {
   client;
   logger;
@@ -4372,6 +4538,29 @@ var KmsManager = class {
     this.ensureEnabled();
     return this.amzPost("/ChangePasskey", "TrentService.ChangePasskey", params);
   }
+  // ── Ceremony wrappers for non-signing passkey ops (strict-readiness #135 item 2) ──
+  // These are NON-signing ops, so the challenge is the raw nonce (no payload commitment),
+  // but they MUST go through the ceremony (clientDataJSON present) — strict mode hard-rejects
+  // any assertion without clientDataJSON. Run the ceremony internally so callers never reach
+  // for the deprecated legacy `Passkey` field.
+  /** Schedule key deletion, running the WebAuthn ceremony internally (raw-nonce). */
+  async deleteKeyWithCeremony(params, signer, options) {
+    this.ensureEnabled();
+    const WebAuthn = await this.runAuthenticationCeremony(params.KeyId, signer, options);
+    return this.deleteKey({ ...params, WebAuthn });
+  }
+  /** Unfreeze a dormant key, running the WebAuthn ceremony internally (raw-nonce). */
+  async unfreezeKeyWithCeremony(params, signer, options) {
+    this.ensureEnabled();
+    const WebAuthn = await this.runAuthenticationCeremony(params.KeyId, signer, options);
+    return this.unfreezeKey({ ...params, WebAuthn });
+  }
+  /** Rotate the bound passkey, running the WebAuthn ceremony internally (raw-nonce). */
+  async changePasskeyWithCeremony(params, signer, options) {
+    this.ensureEnabled();
+    const WebAuthn = await this.runAuthenticationCeremony(params.KeyId, signer, options);
+    return this.changePasskey({ ...params, WebAuthn });
+  }
   /**
    * Sign a message or an EIP-155 transaction (WebAuthn-gated).
    * Provide exactly one of `Message` (hex) or `Transaction`. For a raw 32-byte
@@ -4513,24 +4702,50 @@ var KmsManager = class {
     return this.deriveAddress({ ...params, WebAuthn });
   }
   /**
-   * Sign a message or EIP-155 transaction, running the challenge-binding ceremony
-   * internally. `params.KeyId` is required (it identifies the wallet to challenge).
+   * Sign a message or EIP-155 transaction via `/Sign`, running the ceremony internally.
+   * `params.KeyId` is required.
+   *
+   * ⚠️ STRICT MODE: unlike {@link signHashWithCeremony} / {@link signTypedDataWithCeremony},
+   * this does NOT auto-bind a payload commitment, because the TA derives the signed digest
+   * from `Message` / `Transaction` host-side (EIP-191 / RLP) and the SDK can't reproduce it
+   * byte-exactly for every input. So it sends the RAW nonce by default — which the KMS will
+   * REJECT once strict mode (#63) is on. For strict-safe signing either:
+   *   - pass `options.payload` = the exact digest the TA will sign (you computed it), or
+   *   - prefer {@link signHashWithCeremony} (commits to a known 32-byte hash).
    */
   async signWithCeremony(params, signer, options) {
     this.ensureEnabled();
     const WebAuthn = await this.runAuthenticationCeremony(params.KeyId, signer, options);
     return this.sign({ ...params, WebAuthn });
   }
-  /** Sign a 32-byte digest, running the challenge-binding ceremony internally. */
+  /**
+   * Sign a 32-byte digest, running the challenge-binding ceremony internally.
+   * Binds the challenge to `hash` (WYSIWYS commitment, #68) by default — pass an
+   * explicit `options.payload` only to override.
+   */
   async signHashWithCeremony(hash, target, signer, options) {
     this.ensureEnabled();
-    const assertion = await this.runAuthenticationCeremony(target.KeyId, signer, options);
+    const assertion = await this.runAuthenticationCeremony(target.KeyId, signer, {
+      ...options,
+      payload: options?.payload ?? hash
+    });
     return this.signHashWithWebAuthn(hash, assertion.ChallengeId, assertion.Credential, target);
   }
-  /** Sign EIP-712 typed data, running the challenge-binding ceremony internally. */
+  /**
+   * Sign EIP-712 typed data, running the challenge-binding ceremony internally.
+   * Auto-binds the WYSIWYS commitment (#68): the ceremony challenge is
+   * `SHA-256(nonce ‖ eip712Digest)`, where `eip712Digest` is the standard EIP-712
+   * digest the KMS hashes host-side — computed here via {@link eip712Digest} so the
+   * user's signature commits to the exact typed-data payload. Pass an explicit
+   * `options.payload` only to override.
+   */
   async signTypedDataWithCeremony(params, signer, options) {
     this.ensureEnabled();
-    const webAuthnAssertion = await this.runAuthenticationCeremony(params.keyId, signer, options);
+    const payload = options?.payload ?? eip712Digest(params);
+    const webAuthnAssertion = await this.runAuthenticationCeremony(params.keyId, signer, {
+      ...options,
+      payload
+    });
     return this.signTypedDataWithWebAuthn({ ...params, webAuthnAssertion });
   }
   /**
@@ -4539,7 +4754,10 @@ var KmsManager = class {
    */
   async signGrantSessionWithCeremony(params, signer, options) {
     this.ensureEnabled();
-    const webAuthnAssertion = await this.runGrantSessionCeremony(params.keyId, signer, options);
+    const webAuthnAssertion = await this.runGrantSessionCeremony(params.keyId, signer, {
+      ...options,
+      payload: options?.payload ?? grantSessionFinalHash(params)
+    });
     return this.signGrantSession({ ...params, webAuthnAssertion });
   }
   /**
@@ -4548,7 +4766,10 @@ var KmsManager = class {
    */
   async signP256GrantSessionWithCeremony(params, signer, options) {
     this.ensureEnabled();
-    const webAuthnAssertion = await this.runGrantSessionCeremony(params.keyId, signer, options);
+    const webAuthnAssertion = await this.runGrantSessionCeremony(params.keyId, signer, {
+      ...options,
+      payload: options?.payload ?? grantSessionFinalHash(params)
+    });
     return this.signP256GrantSession({ ...params, webAuthnAssertion });
   }
   // ── WebAuthn Ceremonies ─────────────────────────────────────────
@@ -4577,27 +4798,100 @@ var KmsManager = class {
     return this.client.post("/BeginAuthentication", { KeyId: keyId });
   }
   // ── Factory ─────────────────────────────────────────────────────
+  /**
+   * Create a KMS signer that authorizes each signature with a LEGACY raw passkey
+   * assertion (reusable, no challenge consumption).
+   *
+   * @deprecated The KMS (v0.20.0+) rejects legacy raw passkey assertions for
+   * signing/mutating operations (`/SignHash` → 400, "no challenge binding —
+   * replayable"), unless `KMS_ALLOW_LEGACY_PASSKEY=1` is set on the KMS (test
+   * only). Prefer {@link createKmsSignerWithCeremony}, which runs a one-time
+   * challenge-bound WebAuthn ceremony per signature.
+   */
   createKmsSigner(keyId, address, assertionProvider) {
     this.ensureEnabled();
-    return new KmsSigner(keyId, address, this, assertionProvider);
+    return new KmsSigner(keyId, address, this, { mode: "legacy", assertionProvider });
+  }
+  /**
+   * Create a KMS signer that authorizes each signature with a one-time,
+   * challenge-bound WebAuthn ceremony (production-safe; replay-protected).
+   *
+   * Every `signMessage` call runs a FRESH ceremony (BeginAuthentication →
+   * authenticator assertion → `/SignHash` with the `WebAuthn` field), because the
+   * KMS consumes the challenge atomically (one challenge ⇒ one signature). A
+   * Tier-2/3 BLS transfer that needs N owner signatures therefore triggers N
+   * ceremonies — see {@link BLSSignatureService} (which now skips the unused
+   * userOpHash owner-ECDSA for tiered signatures, so Tier-2 needs only one).
+   *
+   * @param ceremonySigner authenticator that signs the WebAuthn challenge
+   *   (a browser passkey on the client, or {@link P256PasskeySigner} server-side).
+   */
+  createKmsSignerWithCeremony(keyId, address, ceremonySigner, ceremonyOptions, commitPayload = true) {
+    this.ensureEnabled();
+    return new KmsSigner(keyId, address, this, {
+      mode: "ceremony",
+      ceremonySigner,
+      ceremonyOptions,
+      commitPayload
+    });
   }
 };
 var KmsSigner = class {
-  constructor(keyId, _address, kmsManager, assertionProvider) {
+  constructor(keyId, _address, kmsManager, auth) {
     this.keyId = keyId;
     this._address = _address;
     this.kmsManager = kmsManager;
-    this.assertionProvider = assertionProvider;
+    this.auth = auth;
   }
   async getAddress() {
     return this._address;
   }
-  async signMessage(message) {
+  /**
+   * EIP-191 personal-sign over a digest. A string is hashed as UTF-8 text, a byte
+   * array as raw bytes — byte-identical to ethers `hashMessage`.
+   *
+   * @param webAuthnAssertion OPTIONAL pre-built, one-time ceremony assertion. Use
+   *   this in server flows where the passkey lives on the USER's device: the
+   *   frontend runs the BeginAuthentication ceremony and the backend forwards the
+   *   resulting `{ ChallengeId, Credential }` here. When supplied it takes
+   *   precedence over the signer's baked-in auth mode. Each assertion is one-time
+   *   (the KMS consumes the challenge), so a caller that needs N signatures must
+   *   supply N distinct assertions.
+   *
+   *   WYSIWYS (AirAccount #68): the frontend MUST build the assertion over the
+   *   payload-committed challenge `commitChallenge(nonce, hashOf(message))`, not the
+   *   raw nonce — otherwise a compromised host could swap the signed payload. The
+   *   raw-nonce assertion only works while the KMS runs in transition mode. (The
+   *   signer's own ceremony mode does this automatically.)
+   */
+  async signMessage(message, webAuthnAssertion) {
     const messageHash = hashMessage(message);
-    const assertion = await this.assertionProvider();
-    const signResponse = await this.kmsManager.signHash(messageHash, assertion, {
-      Address: this._address
-    });
+    const target = { Address: this._address };
+    if (webAuthnAssertion) {
+      const signResponse2 = await this.kmsManager.signHashWithWebAuthn(
+        messageHash,
+        webAuthnAssertion.ChallengeId,
+        webAuthnAssertion.Credential,
+        target
+      );
+      return "0x" + signResponse2.Signature;
+    }
+    if (this.auth.mode === "ceremony") {
+      const assertion2 = await this.kmsManager.runAuthenticationCeremony(
+        this.keyId,
+        this.auth.ceremonySigner,
+        this.auth.commitPayload ? { ...this.auth.ceremonyOptions, payload: messageHash } : this.auth.ceremonyOptions
+      );
+      const signResponse2 = await this.kmsManager.signHashWithWebAuthn(
+        messageHash,
+        assertion2.ChallengeId,
+        assertion2.Credential,
+        target
+      );
+      return "0x" + signResponse2.Signature;
+    }
+    const assertion = await this.auth.assertionProvider();
+    const signResponse = await this.kmsManager.signHash(messageHash, assertion, target);
     return "0x" + signResponse.Signature;
   }
 };
@@ -4660,7 +4954,15 @@ var KmsAgentService = class {
   // challenge bound to the HUMAN key. These helpers run the full ceremony
   // (begin → clientDataJSON → assertion) via the shared
   // {@link runAuthenticationCeremony} helper, then invoke the endpoint.
-  /** Mint an agent key, running the challenge-binding ceremony internally. */
+  /**
+   * Mint an agent key, running the challenge-binding ceremony internally.
+   *
+   * STRICT MODE (AirAccount #115): bind the mint params by passing `options.payload =
+   * mintDigest({ kind: "agent", walletId, index, ttlSecs, subject })` — `index` is the
+   * agent_index the KMS will assign (query it first), `subject` the JWT sub (human key id),
+   * `ttlSecs` the JWT lifetime. Without a payload the ceremony sends the raw nonce, which
+   * strict mode rejects.
+   */
   async createAgentKeyWithCeremony(params, signer, options) {
     this.http.ensureEnabled();
     const webAuthnAssertion = await runAuthenticationCeremony(
@@ -4747,7 +5049,15 @@ var KmsSessionService = class {
   // Create + revoke gate on the generic purpose="authentication" challenge bound
   // to the HUMAN key. These helpers run the full ceremony (begin → clientDataJSON
   // → assertion) via the shared {@link runAuthenticationCeremony} helper.
-  /** Create a P-256 session key, running the challenge-binding ceremony internally. */
+  /**
+   * Create a P-256 session key, running the challenge-binding ceremony internally.
+   *
+   * STRICT MODE (AirAccount #115): bind the mint params by passing `options.payload =
+   * mintDigest({ kind: "p256", walletId, index, ttlSecs, subject })` — `index` is the
+   * session_index the KMS will assign (query it first), `subject` the JWT sub (human key
+   * id), `ttlSecs` the JWT lifetime. Without a payload the ceremony sends the raw nonce,
+   * which strict mode rejects.
+   */
   async createP256SessionKeyWithCeremony(params, signer, options) {
     this.http.ensureEnabled();
     const webAuthnAssertion = await runAuthenticationCeremony(
@@ -4811,7 +5121,108 @@ var KmsPaymentSigner = class {
     this.http.ensureEnabled();
     return this.signWithAuth("/kms/SignX402Payment", { ...params }, auth);
   }
+  // ── Ceremony-internal variants with WYSIWYS payload commitment (#68 / #135 item 1) ──
+  // Each payment endpoint is a fixed-schema SignTypedData host-side, so the commitment
+  // payload is the EIP-712 digest of that schema. We compute it SDK-side (digest helpers
+  // below, schemas mirrored from kms/host/src/api_server.rs) and bind the ceremony
+  // challenge to it: challenge = SHA-256(nonce ‖ eip712Digest). Live-verified against KMS.
+  /** Sign a MicroPaymentChannel voucher, running the committed ceremony internally. */
+  async signMicropaymentVoucherWithCeremony(params, signer, options) {
+    this.http.ensureEnabled();
+    const webAuthnAssertion = await runAuthenticationCeremony(this.http, params.keyId, signer, {
+      ...options,
+      payload: micropaymentVoucherDigest(params)
+    });
+    return this.signMicropaymentVoucher(params, { webAuthnAssertion });
+  }
+  /** Sign a GToken EIP-3009 authorization, running the committed ceremony internally. */
+  async signGTokenAuthorizationWithCeremony(params, signer, options) {
+    this.http.ensureEnabled();
+    const webAuthnAssertion = await runAuthenticationCeremony(this.http, params.keyId, signer, {
+      ...options,
+      payload: gTokenAuthorizationDigest(params)
+    });
+    return this.signGTokenAuthorization(params, { webAuthnAssertion });
+  }
+  /** Sign an x402 payment, running the committed ceremony internally. */
+  async signX402PaymentWithCeremony(params, signer, options) {
+    this.http.ensureEnabled();
+    const webAuthnAssertion = await runAuthenticationCeremony(this.http, params.keyId, signer, {
+      ...options,
+      payload: x402PaymentDigest(params)
+    });
+    return this.signX402Payment(params, { webAuthnAssertion });
+  }
 };
+function micropaymentVoucherDigest(p) {
+  return eip712Digest({
+    domain: { name: "MicroPaymentChannel", version: "1.0.0", chainId: p.chainId, verifyingContract: p.verifyingContract },
+    primaryType: "Voucher",
+    types: [
+      {
+        name: "Voucher",
+        fields: [
+          { name: "channelId", type: "bytes32" },
+          { name: "cumulativeAmount", type: "uint256" }
+        ]
+      }
+    ],
+    message: [
+      { name: "channelId", value: p.channelId },
+      { name: "cumulativeAmount", value: p.cumulativeAmount }
+    ]
+  });
+}
+function gTokenAuthorizationDigest(p) {
+  return eip712Digest({
+    domain: { name: "GToken", version: "1", chainId: p.chainId, verifyingContract: p.gTokenAddress },
+    primaryType: "TransferWithAuthorization",
+    types: [
+      {
+        name: "TransferWithAuthorization",
+        fields: [
+          { name: "from", type: "address" },
+          { name: "to", type: "address" },
+          { name: "value", type: "uint256" },
+          { name: "validAfter", type: "uint256" },
+          { name: "validBefore", type: "uint256" },
+          { name: "nonce", type: "bytes32" }
+        ]
+      }
+    ],
+    message: [
+      { name: "from", value: p.from },
+      { name: "to", value: p.to },
+      { name: "value", value: p.value },
+      { name: "validAfter", value: p.validAfter },
+      { name: "validBefore", value: p.validBefore },
+      { name: "nonce", value: p.nonce }
+    ]
+  });
+}
+function x402PaymentDigest(p) {
+  return eip712Digest({
+    domain: { name: "SuperPaymaster", version: "1", chainId: p.chainId, verifyingContract: p.verifyingContract },
+    primaryType: "PaymentPayload",
+    types: [
+      {
+        name: "PaymentPayload",
+        fields: [
+          { name: "paymentId", type: "bytes32" },
+          { name: "amount", type: "uint256" },
+          { name: "recipient", type: "address" },
+          { name: "deadline", type: "uint256" }
+        ]
+      }
+    ],
+    message: [
+      { name: "paymentId", value: p.paymentId },
+      { name: "amount", value: p.amount },
+      { name: "recipient", value: p.recipient },
+      { name: "deadline", value: p.deadline }
+    ]
+  });
+}
 
 // ../airaccount/src/server/services/kms-monitor-service.ts
 var KmsMonitorService = class {
@@ -4983,12 +5394,43 @@ var LocalWalletSigner = class {
     return { address: this.account.address };
   }
 };
+
+// ../airaccount/src/server/adapters/kms-signer-adapter.ts
+var KmsSignerAdapter = class {
+  constructor(kms, resolveKey) {
+    this.kms = kms;
+    this.resolveKey = resolveKey;
+  }
+  async getAddress(userId) {
+    return (await this.resolveKey(userId)).address;
+  }
+  async ensureSigner(userId) {
+    return { address: (await this.resolveKey(userId)).address };
+  }
+  async signMessage(userId, message, ctx) {
+    const { address } = await this.resolveKey(userId);
+    const hash = hashMessage(message);
+    const target = { Address: address };
+    if (ctx && "webAuthnAssertion" in ctx) {
+      const { ChallengeId, Credential } = ctx.webAuthnAssertion;
+      const res = await this.kms.signHashWithWebAuthn(hash, ChallengeId, Credential, target);
+      return "0x" + res.Signature;
+    }
+    if (ctx && "assertion" in ctx) {
+      const res = await this.kms.signHash(hash, ctx.assertion, target);
+      return "0x" + res.Signature;
+    }
+    throw new Error(
+      "KmsSignerAdapter: KMS signing requires an auth context \u2014 pass a one-time WebAuthnCeremonyContext { webAuthnAssertion } (preferred)."
+    );
+  }
+};
 /*! Bundled license information:
 
 @noble/curves/nist.js:
   (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
 */
 
-export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, AirAccountServerClient, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildFullInitConfig, buildInstallModuleHash, buildUninstallModuleHash, computeOapdSalt, erc8004AddressesForChain, getOapdAddress, getOapdAddressWithChainId, initConfigFromRecord, initConfigToTuple, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, serializeGuardianSpecs, toGuardianSpecs, validateConfig, wrapExecuteUserOp };
-//# sourceMappingURL=chunk-BPAAWQQA.js.map
-//# sourceMappingURL=chunk-BPAAWQQA.js.map
+export { ACCOUNT_ABI, AGENT_SESSION_KEY_VALIDATOR_ABI, AIRACCOUNT_ABI, AIRACCOUNT_ADDRESSES, AIRACCOUNT_FACTORY_ABI, AIR_ACCOUNT_COMPOSITE_VALIDATOR_ABI, AIR_ACCOUNT_DELEGATE_ABI, AIR_ACCOUNT_DELEGATE_ADDRESS, ALG_ID, AccountManager, AgentRegistryService, AirAccountServerClient, BLSSignatureService, CALLDATA_PARSER_REGISTRY_ABI, ConsoleLogger, DEFAULT_CREDENTIAL_ID, DEFAULT_KMS_ENDPOINT, DEFAULT_ORIGIN, DEFAULT_RP_ID, DvtPendingConfirmationError, EIP7702DelegateService, ENTRYPOINT_ABI_V6, ENTRYPOINT_ABI_V7_V8, ENTRYPOINT_ADDRESSES, ERC20_ABI, ERC8004Service, ERC8004_ADDRESSES, EXECUTE_BATCH_SELECTOR, EXECUTE_SELECTOR, EXECUTE_USER_OP_SELECTOR, EntryPointVersion, EthereumProvider, FACTORY_ABI_V6, FACTORY_ABI_V7_V8, FORCE_EXIT_MODULE_ABI, ForceExitService, GLOBAL_GUARD_ABI, GuardChecker, GuardStateReader, KmsAgentService, KmsHttpClient, KmsManager, KmsMonitorService, KmsPaymentSigner, KmsSessionService, KmsSigner, KmsSignerAdapter, L2_TYPE, LocalWalletSigner, MAX_GUARDIANS, MODULE_TYPE, MemoryStorage, ModuleManager, P256PasskeySigner, PaymasterManager, PaymasterPriceStalenessError, RECOVERY_THRESHOLD, RECOVERY_TIMELOCK_SECONDS, RecoveryService, SESSION_KEY_VALIDATOR_ABI, SessionKeyService, SilentLogger, TIER_GUARD_HOOK_ABI, TokenService, TransferManager, VALIDATOR_ABI, WEIGHT_CHANGE_EXPIRY_SECONDS, WEIGHT_CHANGE_THRESHOLD, WEIGHT_CHANGE_TIMELOCK_SECONDS, WalletManager, WeightedSignatureService, YAAAServerClient, base64UrlDecode, base64UrlEncode, beginAuthenticationChallenge, beginGrantSessionChallenge, buildAuthenticationCredential, buildAuthenticatorData, buildClientDataJSON, buildFullInitConfig, buildInstallModuleHash, buildUninstallModuleHash, commitChallenge, computeOapdSalt, eip712Digest, erc8004AddressesForChain, gTokenAuthorizationDigest, getOapdAddress, getOapdAddressWithChainId, grantSessionFinalHash, initConfigFromRecord, initConfigToTuple, isExecuteUserOpWrapped, isOapdDeployed, isPendingConfirmation, micropaymentVoucherDigest, mintDigest, packP256SessionSignature, packSecp256k1SessionSignature, runAuthenticationCeremony, runGrantSessionCeremony, runWebAuthnCeremony, sepoliaV07Config, serializeGuardianSpecs, toGuardianSpecs, validateConfig, wrapExecuteUserOp, x402PaymentDigest };
+//# sourceMappingURL=chunk-4GJSK7E6.js.map
+//# sourceMappingURL=chunk-4GJSK7E6.js.map