@agenticprimitives/agent-account 0.1.0-alpha.2

package/dist/quorum.d.ts

@@ -0,0 +1,62 @@
+import { type Address, type Hex } from 'viem';
+/**
+ * One slot in the Safe-compatible packed signature blob. Each slot is
+ * 65 bytes: `{32 r}{32 s}{1 v}`. The `v` byte discriminates the
+ * verification path per spec 207 § 5 (see SignatureSlotRecovery):
+ *
+ *   v ∈ {27, 28}  → ECDSA over the raw payload hash
+ *   v > 30        → eth_sign / EIP-191-wrapped ECDSA (v - 4 = recovery)
+ *   v == 1        → pre-approved hash; `r` holds the signer
+ *                   (left-padded), `s` unused
+ *   v == 0        → ERC-1271 contract sig; `r` holds signer
+ *                   (left-padded), `s` holds the byte offset into the
+ *                   blob where the length-prefixed dynamic sig tail
+ *                   starts. (Not generated by this helper today —
+ *                   build the blob manually if you need this path.)
+ */
+export interface SafeSignatureSlot {
+    /** Address that signed (or the contract address for v=0). */
+    signer: Address;
+    /** Raw 65-byte ECDSA signature `{r}{s}{v}` from `viem.sign` or
+     *  `vm.sign`. The packer extracts the (r, s, v) bytes and writes
+     *  them into the appropriate slot ordering after sort. */
+    signature: Hex;
+}
+/**
+ * Pack signature slots into Safe's `checkSignatures` blob format
+ * (sorted-ascending by signer address — the anti-duplicate scheme).
+ *
+ * Caller MUST provide slots whose `signature` bytes are 65-byte ECDSA
+ * (r/s/v). The packer doesn't re-sign — it just sorts + concatenates.
+ * For non-ECDSA slot types (v=0 ERC-1271 with a dynamic tail; v=1
+ * pre-approved hash), build the blob via `encodePacked` directly with
+ * the per-slot conventions documented in `SafeSignatureSlot.v`.
+ */
+export declare function packSafeSignatures(slots: SafeSignatureSlot[]): Hex;
+/**
+ * Verbs used in `AgentAccount._adminPayloadHash` (packages/contracts/src/
+ * AgentAccount.sol). Bound to the payload alongside (proposalId,
+ * action, args, eta, address, chainid) so a propose sig can't be
+ * replayed as an execute sig + sigs don't cross-replay between
+ * accounts or chains.
+ */
+export declare const ADMIN_VERB_PROPOSE: Hex;
+export declare const ADMIN_VERB_EXECUTE: Hex;
+export declare const ADMIN_VERB_CANCEL: Hex;
+/**
+ * Match `AgentAccount._adminPayloadHash` exactly. Verbs are
+ * `bytes32("ADMIN_PROPOSE" | "ADMIN_EXECUTE" | "ADMIN_CANCEL")` —
+ * use the `ADMIN_VERB_*` constants below, NOT raw strings, because
+ * `bytes32(stringLiteral)` packs from the LEFT in Solidity and the
+ * SDK must match the exact byte layout.
+ */
+export declare function computeAdminPayloadHash(args: {
+    verb: 'PROPOSE' | 'EXECUTE' | 'CANCEL';
+    proposalId: bigint;
+    action: number;
+    callArgs: Hex;
+    eta: bigint;
+    account: Address;
+    chainId: bigint;
+}): Hex;
+//# sourceMappingURL=quorum.d.ts.map

package/dist/quorum.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"quorum.d.ts","sourceRoot":"","sources":["../src/quorum.ts"],"names":[],"mappings":"AAaA,OAAO,EAIL,KAAK,OAAO,EACZ,KAAK,GAAG,EACT,MAAM,MAAM,CAAC;AAId;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,iBAAiB;IAChC,6DAA6D;IAC7D,MAAM,EAAE,OAAO,CAAC;IAChB;;8DAE0D;IAC1D,SAAS,EAAE,GAAG,CAAC;CAChB;AAED;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,iBAAiB,EAAE,GAAG,GAAG,CA8BlE;AAID;;;;;;GAMG;AACH,eAAO,MAAM,kBAAkB,EAAE,GAA6C,CAAC;AAC/E,eAAO,MAAM,kBAAkB,EAAE,GAA2C,CAAC;AAC7E,eAAO,MAAM,iBAAiB,EAAE,GAA4C,CAAC;AAE7E;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE;IAC5C,IAAI,EAAE,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,GAAG,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB,GAAG,GAAG,CAoCN"}

package/dist/quorum.js

@@ -0,0 +1,103 @@
+// Spec 207 threshold-policy + quorum utilities.
+//
+// `packSafeSignatures` produces the Safe-compatible 65-byte-per-slot
+// signature blob that both `QuorumEnforcer.beforeHook` (caveat path)
+// and `AgentAccount._verifyQuorum` (admin/recovery path) expect.
+// `computeAdminPayloadHash` mirrors `AgentAccount._adminPayloadHash`
+// off-chain so SDK callers can derive the digest they need to sign
+// without a chain round-trip.
+//
+// Both utilities are pure — no providers, no chain reads. The
+// `AgentAccountClient` admin methods use them internally; consumers
+// who want to build their own admin tooling can import them directly.
+import { encodeAbiParameters, encodePacked, keccak256, } from 'viem';
+/**
+ * Pack signature slots into Safe's `checkSignatures` blob format
+ * (sorted-ascending by signer address — the anti-duplicate scheme).
+ *
+ * Caller MUST provide slots whose `signature` bytes are 65-byte ECDSA
+ * (r/s/v). The packer doesn't re-sign — it just sorts + concatenates.
+ * For non-ECDSA slot types (v=0 ERC-1271 with a dynamic tail; v=1
+ * pre-approved hash), build the blob via `encodePacked` directly with
+ * the per-slot conventions documented in `SafeSignatureSlot.v`.
+ */
+export function packSafeSignatures(slots) {
+    if (slots.length === 0) {
+        throw new Error('packSafeSignatures: at least one slot required');
+    }
+    // Validate sig shapes before sorting.
+    for (const s of slots) {
+        const bytes = s.signature.startsWith('0x') ? s.signature.slice(2) : s.signature;
+        if (bytes.length !== 130) {
+            throw new Error(`packSafeSignatures: signature for ${s.signer} must be 65 bytes (130 hex chars); got ${bytes.length}`);
+        }
+    }
+    // Sort ascending by signer address (case-insensitive — addresses are
+    // sometimes mixed-case via checksum normalisation).
+    const sorted = [...slots].sort((a, b) => a.signer.toLowerCase() < b.signer.toLowerCase() ? -1 : 1);
+    // Reject duplicate signers — the on-chain verifier would catch this
+    // anyway, but failing early is friendlier.
+    for (let i = 1; i < sorted.length; i++) {
+        if (sorted[i].signer.toLowerCase() === sorted[i - 1].signer.toLowerCase()) {
+            throw new Error(`packSafeSignatures: duplicate signer ${sorted[i].signer}`);
+        }
+    }
+    let out = '0x';
+    for (const s of sorted) {
+        out += s.signature.replace(/^0x/, '');
+    }
+    return out;
+}
+// ─── Admin payload-hash derivation ───────────────────────────────────
+/**
+ * Verbs used in `AgentAccount._adminPayloadHash` (packages/contracts/src/
+ * AgentAccount.sol). Bound to the payload alongside (proposalId,
+ * action, args, eta, address, chainid) so a propose sig can't be
+ * replayed as an execute sig + sigs don't cross-replay between
+ * accounts or chains.
+ */
+export const ADMIN_VERB_PROPOSE = '0x41444d494e5f50524f504f5345'; // bytes32("ADMIN_PROPOSE") — viem encodes properly
+export const ADMIN_VERB_EXECUTE = '0x41444d494e5f455845435554'; // bytes32("ADMIN_EXECUTE")
+export const ADMIN_VERB_CANCEL = '0x41444d494e5f43414e43454c'; // bytes32("ADMIN_CANCEL")
+/**
+ * Match `AgentAccount._adminPayloadHash` exactly. Verbs are
+ * `bytes32("ADMIN_PROPOSE" | "ADMIN_EXECUTE" | "ADMIN_CANCEL")` —
+ * use the `ADMIN_VERB_*` constants below, NOT raw strings, because
+ * `bytes32(stringLiteral)` packs from the LEFT in Solidity and the
+ * SDK must match the exact byte layout.
+ */
+export function computeAdminPayloadHash(args) {
+    // bytes32(string) in Solidity: left-justified, zero-padded right.
+    // Compute via encodePacked + hex-padding.
+    const verbBytes = new TextEncoder().encode(`ADMIN_${args.verb}`);
+    if (verbBytes.length > 32) {
+        throw new Error(`computeAdminPayloadHash: verb too long: ADMIN_${args.verb}`);
+    }
+    const padded = new Uint8Array(32);
+    padded.set(verbBytes, 0);
+    let verbHex = '0x';
+    for (const b of padded)
+        verbHex += b.toString(16).padStart(2, '0');
+    const callArgsHash = keccak256(args.callArgs);
+    return keccak256(encodeAbiParameters([
+        { type: 'bytes32' }, // verb
+        { type: 'uint256' }, // proposalId
+        { type: 'uint8' }, // action
+        { type: 'bytes32' }, // keccak256(args)
+        { type: 'uint64' }, // eta
+        { type: 'address' }, // address(account)
+        { type: 'uint256' }, // chainId
+    ], [
+        verbHex,
+        args.proposalId,
+        args.action,
+        callArgsHash,
+        args.eta,
+        args.account,
+        args.chainId,
+    ]));
+}
+// Suppress unused-import warning while the encodePacked path stays
+// reserved for future v=0 / v=1 slot helpers.
+void encodePacked;
+//# sourceMappingURL=quorum.js.map

package/dist/quorum.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"quorum.js","sourceRoot":"","sources":["../src/quorum.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAChD,EAAE;AACF,qEAAqE;AACrE,qEAAqE;AACrE,iEAAiE;AACjE,qEAAqE;AACrE,mEAAmE;AACnE,8BAA8B;AAC9B,EAAE;AACF,8DAA8D;AAC9D,oEAAoE;AACpE,sEAAsE;AAEtE,OAAO,EACL,mBAAmB,EACnB,YAAY,EACZ,SAAS,GAGV,MAAM,MAAM,CAAC;AA4Bd;;;;;;;;;GASG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAA0B;IAC3D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,sCAAsC;IACtC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAChF,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,qCAAqC,CAAC,CAAC,MAAM,0CAA0C,KAAK,CAAC,MAAM,EAAE,CACtG,CAAC;QACJ,CAAC;IACH,CAAC;IACD,qEAAqE;IACrE,oDAAoD;IACpD,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACtC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzD,CAAC;IACF,oEAAoE;IACpE,2CAA2C;IAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,IAAI,MAAM,CAAC,CAAC,CAAE,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5E,MAAM,IAAI,KAAK,CAAC,wCAAwC,MAAM,CAAC,CAAC,CAAE,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IACD,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,GAAG,IAAI,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,GAAU,CAAC;AACpB,CAAC;AAED,wEAAwE;AAExE;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAQ,8BAAuC,CAAC,CAAE,mDAAmD;AACpI,MAAM,CAAC,MAAM,kBAAkB,GAAQ,4BAAqC,CAAC,CAAK,2BAA2B;AAC7G,MAAM,CAAC,MAAM,iBAAiB,GAAS,4BAAqC,CAAC,CAAK,0BAA0B;AAE5G;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAQvC;IACC,kEAAkE;IAClE,0CAA0C;IAC1C,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACjE,IAAI,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,iDAAiD,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IACzB,IAAI,OAAO,GAAG,IAAI,CAAC;IACnB,KAAK,MAAM,CAAC,IAAI,MAAM;QAAE,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAEnE,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE9C,OAAO,SAAS,CACd,mBAAmB,CACjB;QACE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,OAAO;QAC5B,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,aAAa;QAClC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAI,SAAS;QAC9B,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,kBAAkB;QACvC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAG,MAAM;QAC3B,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,mBAAmB;QACxC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,UAAU;KAChC,EACD;QACE,OAAc;QACd,IAAI,CAAC,UAAU;QACf,IAAI,CAAC,MAAM;QACX,YAAY;QACZ,IAAI,CAAC,GAAG;QACR,IAAI,CAAC,OAAO;QACZ,IAAI,CAAC,OAAO;KACb,CACF,CACF,CAAC;AACJ,CAAC;AAED,mEAAmE;AACnE,8CAA8C;AAC9C,KAAK,YAAY,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,16 @@
+import type { Address, Hex } from '@agenticprimitives/types';
+export type { Address, Hex };
+export interface UserOperation {
+    sender: Address;
+    nonce: bigint;
+    initCode: Hex;
+    callData: Hex;
+    callGasLimit: bigint;
+    verificationGasLimit: bigint;
+    preVerificationGas: bigint;
+    maxFeePerGas: bigint;
+    maxPriorityFeePerGas: bigint;
+    paymasterAndData: Hex;
+    signature: Hex;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,0BAA0B,CAAC;AAE7D,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;AAE7B,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,GAAG,CAAC;IACd,QAAQ,EAAE,GAAG,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,gBAAgB,EAAE,GAAG,CAAC;IACtB,SAAS,EAAE,GAAG,CAAC;CAChB"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/webauthn-signature.d.ts

@@ -0,0 +1,34 @@
+/**
+ * WebAuthn on-chain signature wire format.
+ *
+ * Encodes a structured `WebAuthnAssertion` (produced by the ceremony in
+ * `@agenticprimitives/connect-auth/passkey`) into the byte layout
+ * `AgentAccount._validateSig` dispatches on:
+ *
+ *   0x01 || abi.encode(Assertion)
+ *
+ * where `Assertion` matches `WebAuthnLib.Assertion` in the Solidity
+ * source (see packages/contracts/src/libraries/WebAuthnLib.sol).
+ *
+ * Doctrine: this is the agent-account substrate's signature dispatch.
+ * The auth-method ceremony (DER parsing, COSE attestation, challenge
+ * encoding) lives in connect-auth. agent-account ships only the
+ * on-chain wire-format encoder.
+ */
+import type { WebAuthnAssertion } from '@agenticprimitives/connect-auth/passkey';
+/** First byte of the on-chain WebAuthn signature blob — matches
+ *  `SIG_TYPE_WEBAUTHN = 0x01` in AgentAccount.sol. */
+export declare const SIG_TYPE_WEBAUTHN: `0x${string}`;
+/** ABI-encode the assertion struct (without the leading type byte). */
+export declare function encodeAssertion(a: WebAuthnAssertion): `0x${string}`;
+/**
+ * Encode the assertion as a complete UserOp / ERC-1271 signature blob:
+ *
+ *   0x01 || abi.encode(Assertion)
+ *
+ * This is what `AgentAccount._validateSig` reads — the leading byte
+ * selects `SIG_TYPE_WEBAUTHN` and the remainder is the ABI-encoded
+ * `WebAuthnLib.Assertion` struct.
+ */
+export declare function encodeWebAuthnSignature(a: WebAuthnAssertion): `0x${string}`;
+//# sourceMappingURL=webauthn-signature.d.ts.map

package/dist/webauthn-signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webauthn-signature.d.ts","sourceRoot":"","sources":["../src/webauthn-signature.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAEjF;sDACsD;AACtD,eAAO,MAAM,iBAAiB,EAAE,KAAK,MAAM,EAAW,CAAC;AAEvD,uEAAuE;AACvE,wBAAgB,eAAe,CAAC,CAAC,EAAE,iBAAiB,GAAG,KAAK,MAAM,EAAE,CAkBnE;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CAAC,CAAC,EAAE,iBAAiB,GAAG,KAAK,MAAM,EAAE,CAE3E"}

package/dist/webauthn-signature.js

@@ -0,0 +1,51 @@
+/**
+ * WebAuthn on-chain signature wire format.
+ *
+ * Encodes a structured `WebAuthnAssertion` (produced by the ceremony in
+ * `@agenticprimitives/connect-auth/passkey`) into the byte layout
+ * `AgentAccount._validateSig` dispatches on:
+ *
+ *   0x01 || abi.encode(Assertion)
+ *
+ * where `Assertion` matches `WebAuthnLib.Assertion` in the Solidity
+ * source (see packages/contracts/src/libraries/WebAuthnLib.sol).
+ *
+ * Doctrine: this is the agent-account substrate's signature dispatch.
+ * The auth-method ceremony (DER parsing, COSE attestation, challenge
+ * encoding) lives in connect-auth. agent-account ships only the
+ * on-chain wire-format encoder.
+ */
+import { encodeAbiParameters, concat } from 'viem';
+/** First byte of the on-chain WebAuthn signature blob — matches
+ *  `SIG_TYPE_WEBAUTHN = 0x01` in AgentAccount.sol. */
+export const SIG_TYPE_WEBAUTHN = '0x01';
+/** ABI-encode the assertion struct (without the leading type byte). */
+export function encodeAssertion(a) {
+    return encodeAbiParameters([
+        {
+            type: 'tuple',
+            components: [
+                { name: 'authenticatorData', type: 'bytes' },
+                { name: 'clientDataJSON', type: 'string' },
+                { name: 'challengeIndex', type: 'uint256' },
+                { name: 'typeIndex', type: 'uint256' },
+                { name: 'r', type: 'uint256' },
+                { name: 's', type: 'uint256' },
+                { name: 'credentialIdDigest', type: 'bytes32' },
+            ],
+        },
+    ], [a]);
+}
+/**
+ * Encode the assertion as a complete UserOp / ERC-1271 signature blob:
+ *
+ *   0x01 || abi.encode(Assertion)
+ *
+ * This is what `AgentAccount._validateSig` reads — the leading byte
+ * selects `SIG_TYPE_WEBAUTHN` and the remainder is the ABI-encoded
+ * `WebAuthnLib.Assertion` struct.
+ */
+export function encodeWebAuthnSignature(a) {
+    return concat([SIG_TYPE_WEBAUTHN, encodeAssertion(a)]);
+}
+//# sourceMappingURL=webauthn-signature.js.map

package/dist/webauthn-signature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webauthn-signature.js","sourceRoot":"","sources":["../src/webauthn-signature.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAGnD;sDACsD;AACtD,MAAM,CAAC,MAAM,iBAAiB,GAAkB,MAAM,CAAC;AAEvD,uEAAuE;AACvE,MAAM,UAAU,eAAe,CAAC,CAAoB;IAClD,OAAO,mBAAmB,CACxB;QACE;YACE,IAAI,EAAE,OAAO;YACb,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,OAAO,EAAE;gBAC5C,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1C,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC3C,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE;gBACtC,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC9B,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC9B,EAAE,IAAI,EAAE,oBAAoB,EAAE,IAAI,EAAE,SAAS,EAAE;aAChD;SACF;KACF,EACD,CAAC,CAAC,CAAC,CACJ,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CAAC,CAAoB;IAC1D,OAAO,MAAM,CAAC,CAAC,iBAAiB,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC"}

package/package.json

@@ -0,0 +1,57 @@
+{
+  "name": "@agenticprimitives/agent-account",
+  "version": "0.1.0-alpha.2",
+  "description": "ERC-4337 smart-account substrate: deterministic addressing, factory deployment, ERC-1271 signing, UserOp building.",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/agentictrustlabs/agenticprimitives.git",
+    "directory": "packages/agent-account"
+  },
+  "homepage": "https://github.com/agentictrustlabs/agenticprimitives/tree/master/packages/agent-account",
+  "bugs": {
+    "url": "https://github.com/agentictrustlabs/agenticprimitives/issues"
+  },
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "LICENSE",
+    "dist",
+    "spec.md",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "test": "vitest run",
+    "test:unit": "vitest run test/unit",
+    "test:integration": "vitest run test/integration --passWithNoTests",
+    "test:watch": "vitest",
+    "clean": "rm -rf dist"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "peerDependencies": {
+    "@agenticprimitives/connect-auth": "workspace:*",
+    "@agenticprimitives/types": "workspace:*",
+    "viem": "^2.50.0"
+  },
+  "devDependencies": {
+    "vitest": "^2.1.0"
+  },
+  "keywords": [
+    "erc-4337",
+    "smart-account",
+    "account-abstraction",
+    "erc-1271",
+    "agentic"
+  ]
+}

package/spec.md

@@ -0,0 +1,6 @@
+# @agenticprimitives/agent-account — spec
+
+The authoritative specification lives at:
+**[`../../specs/201-agent-account.md`](../../specs/201-agent-account.md)**
+
+Do not edit a divergent copy here.