npm - @charterlabs/rhinestone-sdk - Versions diffs - 0.4.4 → 0.4.5 - Mend

@charterlabs/rhinestone-sdk 0.4.4 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/src/accounts/signing/common.d.ts CHANGED Viewed

@@ -20,7 +20,7 @@ type SigningFunctions<T> = {
 declare function signWithMultiFactorAuth<T>(signers: SignerSet & {
     type: 'owner';
     kind: 'multi-factor';
-}, chain: Chain, address: Address, params: T, isUserOpHash: boolean, signMain: (signers: SignerSet, chain: Chain, address: Address, params: T, isUserOpHash: boolean) => Promise<Hex>): Promise<Hex>;
+}, chain: Chain, address: Address, params: T, isUserOpHash: boolean, signMain: (signers: SignerSet, chain: Chain, address: Address, params: T, isUserOpHash: boolean) => Promise<Hex>, signingFunctions: SigningFunctions<T>): Promise<Hex>;
 declare function signWithSession(signers: ResolvedSessionSignerSet, chain: Chain, address: Address, hash: Hex, signMain: (signers: SignerSet, chain: Chain, address: Address, hash: Hex, isUserOpHash: boolean) => Promise<Hex>): Promise<Hex>;
 declare function signWithGuardians<T>(signers: SignerSet & {
     type: 'guardians';

package/dist/src/accounts/signing/common.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../../accounts/signing/common.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,OAAO,EACZ,KAAK,KAAK,EAMV,KAAK,GAAG,EAIT,MAAM,MAAM,CAAA;AACb,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAA;AAQ/D,OAAO,EAEL,KAAK,wBAAwB,EAC9B,MAAM,yCAAyC,CAAA;AAChD,OAAO,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAUtD,iBAAS,0BAA0B,CAAC,MAAM,EAAE,QAAQ,GAAG,SAAS,CAkE/D;AAED,KAAK,oBAAoB,GAAG;IAC1B,iBAAiB,EAAE,GAAG,CAAA;IACtB,cAAc,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACnC,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC9B,wBAAwB,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;CAC/C,CAAA;AAED,KAAK,gBAAgB,CAAC,CAAC,IAAI;IACzB,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IAC1E,WAAW,EAAE,CACX,OAAO,EAAE,eAAe,EACxB,MAAM,EAAE,CAAC,KACN,OAAO,CAAC;QACX,QAAQ,EAAE,oBAAoB,CAAA;QAC9B,SAAS,EAAE,GAAG,CAAA;KACf,CAAC,CAAA;CACH,CAAA;~~AAoDD~~,iBAAe,uBAAuB,CAAC,CAAC,EACtC,OAAO,EAAE,SAAS,GAAG;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,cAAc,CAAA;CAAE,EAC5D,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,CAAC,EACT,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,CACR,OAAO,EAAE,SAAS,EAClB,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,CAAC,EACT,YAAY,EAAE,OAAO,KAClB,OAAO,CAAC,GAAG,CAAC,~~GAChB~~,OAAO,CAAC,GAAG,CAAC,~~CA8Cd~~;AAED,iBAAe,eAAe,CAC5B,OAAO,EAAE,wBAAwB,EACjC,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,GAAG,EACT,QAAQ,EAAE,CACR,OAAO,EAAE,SAAS,EAClB,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,GAAG,EACT,YAAY,EAAE,OAAO,KAClB,OAAO,CAAC,GAAG,CAAC,GAChB,OAAO,CAAC,GAAG,CAAC,CAiBd;AAED,iBAAe,iBAAiB,CAAC,CAAC,EAChC,OAAO,EAAE,SAAS,GAAG;IAAE,IAAI,EAAE,WAAW,CAAA;CAAE,EAC1C,MAAM,EAAE,CAAC,EACT,gBAAgB,EAAE,gBAAgB,CAAC,CAAC,CAAC,GACpC,OAAO,CAAC,GAAG,CAAC,CAOd;AAED,iBAAe,cAAc,CAAC,CAAC,EAC7B,OAAO,EAAE,SAAS,GAAG;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,EACtC,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,CAAC,EACT,gBAAgB,EAAE,gBAAgB,CAAC,CAAC,CAAC,EACrC,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,CACR,OAAO,EAAE,SAAS,EAClB,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,CAAC,EACT,YAAY,EAAE,OAAO,KAClB,OAAO,CAAC,GAAG,CAAC,GAChB,OAAO,CAAC,GAAG,CAAC,~~CAqFd~~;AAED,OAAO,EACL,0BAA0B,EAC1B,uBAAuB,EACvB,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,KAAK,gBAAgB,GACtB,CAAA"}
1	+ {"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../../accounts/signing/common.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,OAAO,EACZ,KAAK,KAAK,EAMV,KAAK,GAAG,EAIT,MAAM,MAAM,CAAA;AACb,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAA;AAQ/D,OAAO,EAEL,KAAK,wBAAwB,EAC9B,MAAM,yCAAyC,CAAA;AAChD,OAAO,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAUtD,iBAAS,0BAA0B,CAAC,MAAM,EAAE,QAAQ,GAAG,SAAS,CAkE/D;AAED,KAAK,oBAAoB,GAAG;IAC1B,iBAAiB,EAAE,GAAG,CAAA;IACtB,cAAc,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACnC,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC9B,wBAAwB,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;CAC/C,CAAA;AAED,KAAK,gBAAgB,CAAC,CAAC,IAAI;IACzB,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IAC1E,WAAW,EAAE,CACX,OAAO,EAAE,eAAe,EACxB,MAAM,EAAE,CAAC,KACN,OAAO,CAAC;QACX,QAAQ,EAAE,oBAAoB,CAAA;QAC9B,SAAS,EAAE,GAAG,CAAA;KACf,CAAC,CAAA;CACH,CAAA;AAgDD,iBAAe,uBAAuB,CAAC,CAAC,EACtC,OAAO,EAAE,SAAS,GAAG;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,cAAc,CAAA;CAAE,EAC5D,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,CAAC,EACT,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,CACR,OAAO,EAAE,SAAS,EAClB,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,CAAC,EACT,YAAY,EAAE,OAAO,KAClB,OAAO,CAAC,GAAG,CAAC,EACjB,gBAAgB,EAAE,gBAAgB,CAAC,CAAC,CAAC,GACpC,OAAO,CAAC,GAAG,CAAC,CA+Cd;AAED,iBAAe,eAAe,CAC5B,OAAO,EAAE,wBAAwB,EACjC,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,GAAG,EACT,QAAQ,EAAE,CACR,OAAO,EAAE,SAAS,EAClB,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,GAAG,EACT,YAAY,EAAE,OAAO,KAClB,OAAO,CAAC,GAAG,CAAC,GAChB,OAAO,CAAC,GAAG,CAAC,CAiBd;AAED,iBAAe,iBAAiB,CAAC,CAAC,EAChC,OAAO,EAAE,SAAS,GAAG;IAAE,IAAI,EAAE,WAAW,CAAA;CAAE,EAC1C,MAAM,EAAE,CAAC,EACT,gBAAgB,EAAE,gBAAgB,CAAC,CAAC,CAAC,GACpC,OAAO,CAAC,GAAG,CAAC,CAOd;AAED,iBAAe,cAAc,CAAC,CAAC,EAC7B,OAAO,EAAE,SAAS,GAAG;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,EACtC,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,CAAC,EACT,gBAAgB,EAAE,gBAAgB,CAAC,CAAC,CAAC,EACrC,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,CACR,OAAO,EAAE,SAAS,EAClB,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,CAAC,EACT,YAAY,EAAE,OAAO,KAClB,OAAO,CAAC,GAAG,CAAC,GAChB,OAAO,CAAC,GAAG,CAAC,CAsFd;AAED,OAAO,EACL,0BAA0B,EAC1B,uBAAuB,EACvB,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,KAAK,gBAAgB,GACtB,CAAA"}

package/dist/src/accounts/signing/common.js CHANGED Viewed

@@ -79,28 +79,25 @@ function convertOwnerSetToSignerSet(owners) {
 function encodeValidatorId(id) {
     return (0, viem_1.padHex)(typeof id === 'number' ? (0, viem_1.toHex)(id) : id, { size: 12 });
 }
-async function signMfaSubValidator(validator, chain, address, params, isUserOpHash, signMain) {
+async function signMfaSubValidator(validator, chain, address, params, isUserOpHash, signMain, signingFunctions) {
     if (validator === null) {
         return '0x';
     }
     if (validator.type === 'passkey') {
-        const signature = await signMain({
-            type: 'owner',
-            kind: 'passkey',
-            accounts: validator.accounts,
-        }, chain, address, params, isUserOpHash);
+        // Sign each account directly and encode as a bare WebAuthnAuth[] sorted by
+        // the 2-arg MFA credential ID — matching WebAuthVerificationContext ordering.
+        const signResults = await Promise.all(validator.accounts.map((account) => signingFunctions.signPasskey(account, params)));
         return (0, mfa_webauthn_1.encodeMfaWebAuthnSignatureForAccounts)({
-            passkeySignature: signature,
             accounts: validator.accounts,
-            accountAddress: address,
+            signResults,
         });
     }
     const validatorSigners = convertOwnerSetToSignerSet(validator);
     return signMain(validatorSigners, chain, address, params, isUserOpHash);
 }
-async function signWithMultiFactorAuth(signers, chain, address, params, isUserOpHash, signMain) {
+async function signWithMultiFactorAuth(signers, chain, address, params, isUserOpHash, signMain, signingFunctions) {
     const validators = signers.validators.filter((validator) => validator !== null);
-    const signatures = await Promise.all(validators.map((validator) => signMfaSubValidator(validator, chain, address, params, isUserOpHash, signMain)));
+    const signatures = await Promise.all(validators.map((validator) => signMfaSubValidator(validator, chain, address, params, isUserOpHash, signMain, signingFunctions)));
     const data = (0, viem_1.encodeAbiParameters)([
         {
             components: [
@@ -178,7 +175,7 @@ async function signWithOwners(signers, chain, address, params, signingFunctions,
             const credIds = signers.accounts.map((account) => {
                 const publicKey = account.publicKey;
                 const { x, y } = (0, passkeys_1.parsePublicKey)(publicKey);
-                return (0, passkeys_1.generateCredentialId)(x, y, address);
+                return (0, passkeys_1.generateCredentialId)(x, y);
             });
             const webAuthns = signatures.map((signature) => {
                 const { r, s } = (0, passkeys_1.parseSignature)(signature.signature);
@@ -197,7 +194,7 @@ async function signWithOwners(signers, chain, address, params, signingFunctions,
             return (0, passkeys_1.packSignature)(credIds, usePrecompile, webAuthns);
         }
         case 'multi-factor': {
-            return signWithMultiFactorAuth(signers, chain, address, params, isUserOpHash, signMain);
+            return signWithMultiFactorAuth(signers, chain, address, params, isUserOpHash, signMain, signingFunctions);
         }
         default: {
             throw new Error('Unsupported owner kind');

package/dist/src/accounts/signing/mfa-webauthn.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { type Address, type Hex } from 'viem';
+import { type Hex } from 'viem';
 import type { WebAuthnAccount } from 'viem/account-abstraction';
 import { type WebAuthnSignature } from './passkeys';
 type WebAuthnCredentialData = {
@@ -6,24 +6,42 @@ type WebAuthnCredentialData = {
     pubKeyY: bigint;
     requireUV?: boolean;
 };
-type DecodedPasskeySignature = {
-    credIds: Hex[];
-    webAuthns: WebAuthnSignature[];
-};
-declare function generateMfaWebAuthnCredentialId(pubKeyX: bigint, pubKeyY: bigint): Hex;
+/**
+ * Encodes the WebAuthVerificationContext blob stored by MultiFactor for the
+ * WebAuthn sub-validator. Passed as `validatorStorageData` when MultiFactor
+ * calls WebAuthnValidator.validateSignatureWithData.
+ *
+ * Credential IDs are keccak256(abi.encode(pubKeyX, pubKeyY)) — matching
+ * WebAuthnValidator.generateCredentialId exactly.
+ */
 declare function encodeMfaWebAuthnValidatorData(input: {
     usePrecompile: boolean;
     threshold: number;
     credentials: WebAuthnCredentialData[];
 }): Hex;
-declare function decodePasskeySignature(signature: Hex): DecodedPasskeySignature;
+/**
+ * Encodes a sorted WebAuthnAuth[] array as the `signature` argument for
+ * WebAuthnValidator.validateSignatureWithData.
+ */
 declare function encodeMfaWebAuthnSignature(webAuthns: WebAuthnSignature[]): Hex;
-declare function extractMfaWebAuthnSignatureFromPasskeySignature(signature: Hex): Hex;
+type PasskeySignResult = {
+    webauthn: {
+        authenticatorData: Hex;
+        clientDataJSON: string;
+        challengeIndex?: number | undefined;
+        typeIndex?: number | undefined;
+    };
+    signature: Hex;
+};
+/**
+ * Produces the MFA sub-validator signature (bare WebAuthnAuth[]) directly from
+ * raw sign results. Entries are sorted by credential ID — keccak256(abi.encode(x, y))
+ * — matching the ordering stored in WebAuthVerificationContext.credentialIds.
+ */
 declare function encodeMfaWebAuthnSignatureForAccounts(input: {
-    passkeySignature: Hex;
     accounts: WebAuthnAccount[];
-    accountAddress: Address;
+    signResults: PasskeySignResult[];
 }): Hex;
-export { decodePasskeySignature, encodeMfaWebAuthnSignature, encodeMfaWebAuthnSignatureForAccounts, encodeMfaWebAuthnValidatorData, extractMfaWebAuthnSignatureFromPasskeySignature, generateMfaWebAuthnCredentialId, };
-export type { WebAuthnCredentialData };
+export { encodeMfaWebAuthnValidatorData, encodeMfaWebAuthnSignature, encodeMfaWebAuthnSignatureForAccounts, };
+export type { WebAuthnCredentialData, PasskeySignResult };
 //# sourceMappingURL=mfa-webauthn.d.ts.map

package/dist/src/accounts/signing/mfa-webauthn.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mfa-webauthn.d.ts","sourceRoot":"","sources":["../../../../accounts/signing/mfa-webauthn.ts"],"names":[],"mappings":"AAAA,OAAO,~~EACL~~,KAAK,~~OAAO,EAGZ,KAAK,~~GAAG,~~EAET~~,MAAM,MAAM,CAAA;~~AACb~~,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAA;AAC/D,OAAO,~~EAGL~~,KAAK,iBAAiB,EACvB,MAAM,YAAY,CAAA;AAEnB,KAAK,sBAAsB,GAAG;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB,CAAA;~~AAED,KAAK,uBAAuB,GAAG~~;~~IAC7B~~,~~OAAO,EAAE,GAAG,EAAE,CAAA;IACd,SAAS,EAAE,iBAAiB,EAAE,CAAA;CAC/B,CAAA;AA+CD,~~iBAAS~~,+BAA+B~~,~~CACtC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GACd,GAAG,CAcL;AAED,iBAAS,~~8BAA8B,CAAC,KAAK,EAAE;IAC7C,aAAa,EAAE,OAAO,CAAA;IACtB,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,sBAAsB,EAAE,CAAA;CACtC,GAAG,GAAG,~~CA4BN~~;AAED,iBAAS,~~sBAAsB~~,CAAC,SAAS,EAAE,GAAG,GAAG,~~uBAAuB,CAiBvE~~;AAED,~~iBAAS~~,~~0BAA0B~~,~~CAAC~~,~~SAAS~~,EAAE,iBAAiB,EAAE,GAAG,~~GAAG~~,~~CAEvE~~;~~AAED~~,~~iBAAS,+CAA+C~~,CAAC,SAAS,EAAE,~~GAAG~~,GAAG,GAAG,~~CAE5E~~;AAED,iBAAS,qCAAqC,CAAC,KAAK,EAAE;IACpD,~~gBAAgB,EAAE,GAAG,CAAA;IACrB,~~QAAQ,EAAE,eAAe,EAAE,CAAA;IAC3B,~~cAAc~~,EAAE,~~OAAO~~,CAAA;~~CACxB~~,GAAG,GAAG,~~CA8BN~~;AAED,OAAO,EACL,~~sBAAsB~~,~~EACtB~~,0BAA0B,EAC1B,qCAAqC,~~EACrC~~,~~8BAA8B,EAC9B,+CAA+C,EAC/C,+BAA+B,GAChC,~~CAAA;AACD,YAAY,EAAE,sBAAsB,EAAE,CAAA"}
1	+ {"version":3,"file":"mfa-webauthn.d.ts","sourceRoot":"","sources":["../../../../accounts/signing/mfa-webauthn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,KAAK,GAAG,EAAE,MAAM,MAAM,CAAA;AACpD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAA;AAC/D,OAAO,EAIL,KAAK,iBAAiB,EACvB,MAAM,YAAY,CAAA;AAEnB,KAAK,sBAAsB,GAAG;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB,CAAA;AA2CD;;;;;;;GAOG;AACH,iBAAS,8BAA8B,CAAC,KAAK,EAAE;IAC7C,aAAa,EAAE,OAAO,CAAA;IACtB,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,sBAAsB,EAAE,CAAA;CACtC,GAAG,GAAG,CAuBN;AAED;;;GAGG;AACH,iBAAS,0BAA0B,CAAC,SAAS,EAAE,iBAAiB,EAAE,GAAG,GAAG,CAEvE;AAED,KAAK,iBAAiB,GAAG;IACvB,QAAQ,EAAE;QACR,iBAAiB,EAAE,GAAG,CAAA;QACtB,cAAc,EAAE,MAAM,CAAA;QACtB,cAAc,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACnC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC/B,CAAA;IACD,SAAS,EAAE,GAAG,CAAA;CACf,CAAA;AAED;;;;GAIG;AACH,iBAAS,qCAAqC,CAAC,KAAK,EAAE;IACpD,QAAQ,EAAE,eAAe,EAAE,CAAA;IAC3B,WAAW,EAAE,iBAAiB,EAAE,CAAA;CACjC,GAAG,GAAG,CAgCN;AAED,OAAO,EACL,8BAA8B,EAC9B,0BAA0B,EAC1B,qCAAqC,GACtC,CAAA;AACD,YAAY,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,CAAA"}

package/dist/src/accounts/signing/mfa-webauthn.js CHANGED Viewed

@@ -1,13 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.decodePasskeySignature = decodePasskeySignature;
+exports.encodeMfaWebAuthnValidatorData = encodeMfaWebAuthnValidatorData;
 exports.encodeMfaWebAuthnSignature = encodeMfaWebAuthnSignature;
 exports.encodeMfaWebAuthnSignatureForAccounts = encodeMfaWebAuthnSignatureForAccounts;
-exports.encodeMfaWebAuthnValidatorData = encodeMfaWebAuthnValidatorData;
-exports.extractMfaWebAuthnSignatureFromPasskeySignature = extractMfaWebAuthnSignatureFromPasskeySignature;
-exports.generateMfaWebAuthnCredentialId = generateMfaWebAuthnCredentialId;
 const viem_1 = require("viem");
 const passkeys_1 = require("./passkeys");
+// ABI fragment for a WebAuthnAuth tuple array — the exact format expected by
+// WebAuthnValidator.validateSignatureWithData as its `signature` argument.
 const webAuthnAuthAbiParameter = {
     type: 'tuple[]',
     name: 'webAuthns',
@@ -20,11 +19,8 @@ const webAuthnAuthAbiParameter = {
         { type: 'uint256', name: 's' },
     ],
 };
-const passkeySignatureAbiParameters = [
-    { type: 'bytes32[]', name: 'credIds' },
-    { type: 'bool', name: 'usePrecompile' },
-    webAuthnAuthAbiParameter,
-];
+// ABI fragment for WebAuthVerificationContext — stored by MultiFactor as
+// `validatorStorageData` and passed to validateSignatureWithData as `data`.
 const webAuthnMfaContextAbiParameter = {
     type: 'tuple',
     name: 'context',
@@ -44,25 +40,22 @@ const webAuthnMfaContextAbiParameter = {
     ],
 };
 function compareHex(left, right) {
-    if (left === right) {
+    if (left === right)
         return 0;
-    }
     return left < right ? -1 : 1;
 }
-function generateMfaWebAuthnCredentialId(pubKeyX, pubKeyY) {
-    return (0, viem_1.keccak256)((0, viem_1.encodeAbiParameters)([
-        {
-            type: 'uint256',
-        },
-        {
-            type: 'uint256',
-        },
-    ], [pubKeyX, pubKeyY]));
-}
+/**
+ * Encodes the WebAuthVerificationContext blob stored by MultiFactor for the
+ * WebAuthn sub-validator. Passed as `validatorStorageData` when MultiFactor
+ * calls WebAuthnValidator.validateSignatureWithData.
+ *
+ * Credential IDs are keccak256(abi.encode(pubKeyX, pubKeyY)) — matching
+ * WebAuthnValidator.generateCredentialId exactly.
+ */
 function encodeMfaWebAuthnValidatorData(input) {
     const credentials = input.credentials
         .map((credential) => ({
-        credentialId: generateMfaWebAuthnCredentialId(credential.pubKeyX, credential.pubKeyY),
+        credentialId: (0, passkeys_1.generateCredentialId)(credential.pubKeyX, credential.pubKeyY),
         credentialData: {
             pubKeyX: credential.pubKeyX,
             pubKeyY: credential.pubKeyY,
@@ -74,51 +67,47 @@ function encodeMfaWebAuthnValidatorData(input) {
         {
             usePrecompile: input.usePrecompile,
             threshold: BigInt(input.threshold),
-            credentialIds: credentials.map((credential) => credential.credentialId),
-            credentialData: credentials.map((credential) => credential.credentialData),
+            credentialIds: credentials.map((c) => c.credentialId),
+            credentialData: credentials.map((c) => c.credentialData),
         },
     ]);
 }
-function decodePasskeySignature(signature) {
-    const [credIds, , webAuthns] = (0, viem_1.decodeAbiParameters)(passkeySignatureAbiParameters, signature);
-    return {
-        credIds: [...credIds],
-        webAuthns: webAuthns.map((webAuthn) => ({
-            authenticatorData: webAuthn.authenticatorData,
-            clientDataJSON: webAuthn.clientDataJSON,
-            challengeIndex: BigInt(webAuthn.challengeIndex),
-            typeIndex: BigInt(webAuthn.typeIndex),
-            r: BigInt(webAuthn.r),
-            s: BigInt(webAuthn.s),
-        })),
-    };
-}
+/**
+ * Encodes a sorted WebAuthnAuth[] array as the `signature` argument for
+ * WebAuthnValidator.validateSignatureWithData.
+ */
 function encodeMfaWebAuthnSignature(webAuthns) {
     return (0, viem_1.encodeAbiParameters)([webAuthnAuthAbiParameter], [webAuthns]);
 }
-function extractMfaWebAuthnSignatureFromPasskeySignature(signature) {
-    return encodeMfaWebAuthnSignature(decodePasskeySignature(signature).webAuthns);
-}
+/**
+ * Produces the MFA sub-validator signature (bare WebAuthnAuth[]) directly from
+ * raw sign results. Entries are sorted by credential ID — keccak256(abi.encode(x, y))
+ * — matching the ordering stored in WebAuthVerificationContext.credentialIds.
+ */
 function encodeMfaWebAuthnSignatureForAccounts(input) {
-    const decoded = decodePasskeySignature(input.passkeySignature);
-    const authByStatefulCredentialId = new Map(decoded.credIds.map((credId, index) => [
-        credId.toLowerCase(),
-        decoded.webAuthns[index],
-    ]));
-    const webAuthns = input.accounts
-        .map((account) => {
+    const { accounts, signResults } = input;
+    const entries = accounts.map((account, index) => {
         const { x, y } = (0, passkeys_1.parsePublicKey)(account.publicKey);
-        const statefulCredentialId = (0, passkeys_1.generateCredentialId)(x, y, input.accountAddress).toLowerCase();
-        const webAuthn = authByStatefulCredentialId.get(statefulCredentialId);
-        if (!webAuthn) {
-            throw new Error('Missing WebAuthn signature for MFA credential');
+        const credentialId = (0, passkeys_1.generateCredentialId)(x, y);
+        const sigResult = signResults[index];
+        if (!sigResult) {
+            throw new Error('Missing WebAuthn sign result for MFA credential');
         }
+        const { r, s } = (0, passkeys_1.parseSignature)(sigResult.signature);
         return {
-            credentialId: generateMfaWebAuthnCredentialId(x, y),
-            webAuthn,
+            credentialId,
+            webAuthn: {
+                authenticatorData: sigResult.webauthn.authenticatorData,
+                clientDataJSON: sigResult.webauthn.clientDataJSON,
+                challengeIndex: BigInt(sigResult.webauthn.challengeIndex ?? 0),
+                typeIndex: BigInt(sigResult.webauthn.typeIndex ?? 0),
+                r,
+                s,
+            },
         };
-    })
+    });
+    const sorted = entries
         .sort((left, right) => compareHex(left.credentialId, right.credentialId))
         .map(({ webAuthn }) => webAuthn);
-    return encodeMfaWebAuthnSignature(webAuthns);
+    return encodeMfaWebAuthnSignature(sorted);
 }

package/dist/src/accounts/signing/passkeys.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { type Address, type Hex } from 'viem';
+import { type Hex } from 'viem';
 interface WebAuthnSignature {
     authenticatorData: Hex;
     clientDataJSON: string;
@@ -15,7 +15,7 @@ declare function parseSignature(signature: Hex | Uint8Array): {
     r: bigint;
     s: bigint;
 };
-declare function generateCredentialId(pubKeyX: bigint, pubKeyY: bigint, account: Address): `0x${string}`;
+declare function generateCredentialId(pubKeyX: bigint, pubKeyY: bigint): Hex;
 declare function packSignature(credIds: Hex[], usePrecompile: boolean, webAuthns: {
     authenticatorData: Hex;
     clientDataJSON: string;

package/dist/src/accounts/signing/passkeys.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"passkeys.d.ts","sourceRoot":"","sources":["../../../../accounts/signing/passkeys.ts"],"names":[],"mappings":"AAAA,OAAO,~~EACL~~,KAAK,~~OAAO,EAGZ,KAAK,~~GAAG,EAGT,MAAM,MAAM,CAAA;AAEb,UAAU,iBAAiB;IACzB,iBAAiB,EAAE,GAAG,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,MAAM,CAAA;IACjB,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV;AAED,iBAAS,cAAc,CAAC,SAAS,EAAE,GAAG,GAAG,UAAU,GAAG;IACpD,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV,CAUA;AAED,iBAAS,cAAc,CAAC,SAAS,EAAE,GAAG,GAAG,UAAU,GAAG;IACpD,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV,CASA;AAED,iBAAS,oBAAoB,~~CAC3B~~,OAAO,EAAE,MAAM,~~EACf~~,OAAO,EAAE,MAAM,~~EACf~~,~~OAAO~~,~~EAAE,OAAO,iBAkBjB~~;AAED,iBAAS,aAAa,CACpB,OAAO,EAAE,GAAG,EAAE,EACd,aAAa,EAAE,OAAO,EACtB,SAAS,EAAE;IACT,iBAAiB,EAAE,GAAG,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,MAAM,CAAA;IACjB,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV,EAAE,GACF,GAAG,CAqDL;AAED,iBAAS,eAAe,CACtB,QAAQ,EAAE;IACR,iBAAiB,EAAE,GAAG,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,MAAM,GAAG,MAAM,CAAA;IAC1B,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV,EACD,cAAc,EAAE,OAAO,iBAqCxB;AAED,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,eAAe,GAChB,CAAA;AACD,YAAY,EAAE,iBAAiB,EAAE,CAAA"}
1	+ {"version":3,"file":"passkeys.d.ts","sourceRoot":"","sources":["../../../../accounts/signing/passkeys.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,GAAG,EAGT,MAAM,MAAM,CAAA;AAEb,UAAU,iBAAiB;IACzB,iBAAiB,EAAE,GAAG,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,MAAM,CAAA;IACjB,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV;AAED,iBAAS,cAAc,CAAC,SAAS,EAAE,GAAG,GAAG,UAAU,GAAG;IACpD,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV,CAUA;AAED,iBAAS,cAAc,CAAC,SAAS,EAAE,GAAG,GAAG,UAAU,GAAG;IACpD,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV,CASA;AAED,iBAAS,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,GAAG,CAOnE;AAED,iBAAS,aAAa,CACpB,OAAO,EAAE,GAAG,EAAE,EACd,aAAa,EAAE,OAAO,EACtB,SAAS,EAAE;IACT,iBAAiB,EAAE,GAAG,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,MAAM,CAAA;IACjB,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV,EAAE,GACF,GAAG,CAqDL;AAED,iBAAS,eAAe,CACtB,QAAQ,EAAE;IACR,iBAAiB,EAAE,GAAG,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,MAAM,GAAG,MAAM,CAAA;IAC1B,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV,EACD,cAAc,EAAE,OAAO,iBAqCxB;AAED,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,eAAe,GAChB,CAAA;AACD,YAAY,EAAE,iBAAiB,EAAE,CAAA"}

package/dist/src/accounts/signing/passkeys.js CHANGED Viewed

@@ -25,18 +25,8 @@ function parseSignature(signature) {
         s: BigInt((0, viem_1.bytesToHex)(s)),
     };
 }
-function generateCredentialId(pubKeyX, pubKeyY, account) {
-    return (0, viem_1.keccak256)((0, viem_1.encodeAbiParameters)([
-        {
-            type: 'uint256',
-        },
-        {
-            type: 'uint256',
-        },
-        {
-            type: 'address',
-        },
-    ], [pubKeyX, pubKeyY, account]));
+function generateCredentialId(pubKeyX, pubKeyY) {
+    return (0, viem_1.keccak256)((0, viem_1.encodeAbiParameters)([{ type: 'uint256' }, { type: 'uint256' }], [pubKeyX, pubKeyY]));
 }
 function packSignature(credIds, usePrecompile, webAuthns) {
     // Sort both `credIds` and `webAuthns` by credIds

package/dist/src/modules/validators/core.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../../../../modules/validators/core.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,OAAO,EAKZ,KAAK,GAAG,EAKT,MAAM,MAAM,CAAA;AAOb,OAAO,KAAK,EACV,kBAAkB,EAClB,sBAAsB,EACtB,QAAQ,EACR,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,aAAa,CAAA;AAEpB,OAAO,EAA4B,KAAK,MAAM,EAAE,MAAM,WAAW,CAAA;AAEjE,QAAA,MAAM,kCAAkC,EAAE,OACI,CAAA;AAC9C,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAE9C,UAAU,SAAS;IACjB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV;AAED,UAAU,kBAAkB;IAC1B,MAAM,EAAE,SAAS,GAAG,GAAG,GAAG,UAAU,CAAA;IACpC,eAAe,EAAE,MAAM,CAAA;CACxB;AAED,KAAK,+BAA+B,GAAG;IACrC,qBAAqB,CAAC,EAAE,OAAO,CAAA;CAChC,CAAA;AAED,QAAA,MAAM,yBAAyB,EAAE,OACa,CAAA;AAC9C,QAAA,MAAM,qBAAqB,EAAE,OACiB,CAAA;AAC9C,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAG9C,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAO9C,QAAA,MAAM,6BAA6B,EAAE,OACS,CAAA;~~AAO9C~~,iBAAS,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,UAKzD;AAED,iBAAS,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG,GAAG,~~CAwDjD~~;AAED,iBAAS,YAAY,CAAC,MAAM,EAAE,QAAQ,UA2BrC;AAsBD,iBAAS,mBAAmB,CAC1B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,OAAO,EAAE,EACjB,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CAiBR;AAED,iBAAS,eAAe,CACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,OAAO,EAAE,EACjB,gBAAgB,EAAE,MAAM,EAAE,EAC1B,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CAsCR;AAED,iBAAS,oBAAoB,CAC3B,SAAS,EAAE,MAAM,EACjB,mBAAmB,EAAE,kBAAkB,EAAE,EACzC,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CAwCR;AAqBD,iBAAS,8BAA8B,CACrC,SAAS,EACL,sBAAsB,GACtB,kBAAkB,GAClB,uBAAuB,EAC3B,OAAO,GAAE,+BAAoC,GAC5C,GAAG,CAaL;AAED,iBAAS,uBAAuB,CAC9B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,CACR,sBAAsB,GACtB,kBAAkB,GAClB,uBAAuB,GACvB,IAAI,CACP,EAAE,EACH,OAAO,GAAE,+BAAoC,GAC5C,MAAM,CAgDR;AAED,iBAAS,0BAA0B,CACjC,SAAS,EAAE,OAAO,EAAE,EACpB,SAAS,SAAI,GACZ,MAAM,CAsBR;AAeD,iBAAS,cAAc,CAAC,SAAS,EAAE,MAAM,WAUxC;AAED,OAAO,EACL,yBAAyB,EACzB,qBAAqB,EACrB,0BAA0B,EAC1B,8BAA8B,EAC9B,6BAA6B,EAC7B,8BAA8B,EAC9B,kCAAkC,EAClC,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,uBAAuB,EACvB,0BAA0B,EAC1B,YAAY,EACZ,gBAAgB,EAChB,8BAA8B,EAC9B,cAAc,GACf,CAAA;AACD,YAAY,EAAE,kBAAkB,EAAE,CAAA"}
1	+ {"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../../../../modules/validators/core.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,OAAO,EAKZ,KAAK,GAAG,EAKT,MAAM,MAAM,CAAA;AAOb,OAAO,KAAK,EACV,kBAAkB,EAClB,sBAAsB,EACtB,QAAQ,EACR,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,aAAa,CAAA;AAEpB,OAAO,EAA4B,KAAK,MAAM,EAAE,MAAM,WAAW,CAAA;AAEjE,QAAA,MAAM,kCAAkC,EAAE,OACI,CAAA;AAC9C,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAE9C,UAAU,SAAS;IACjB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACV;AAED,UAAU,kBAAkB;IAC1B,MAAM,EAAE,SAAS,GAAG,GAAG,GAAG,UAAU,CAAA;IACpC,eAAe,EAAE,MAAM,CAAA;CACxB;AAED,KAAK,+BAA+B,GAAG;IACrC,qBAAqB,CAAC,EAAE,OAAO,CAAA;CAChC,CAAA;AAED,QAAA,MAAM,yBAAyB,EAAE,OACa,CAAA;AAC9C,QAAA,MAAM,qBAAqB,EAAE,OACiB,CAAA;AAC9C,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAG9C,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAO9C,QAAA,MAAM,6BAA6B,EAAE,OACS,CAAA;AAsB9C,iBAAS,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,UAKzD;AAED,iBAAS,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG,GAAG,CAmDjD;AAED,iBAAS,YAAY,CAAC,MAAM,EAAE,QAAQ,UA2BrC;AAsBD,iBAAS,mBAAmB,CAC1B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,OAAO,EAAE,EACjB,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CAiBR;AAED,iBAAS,eAAe,CACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,OAAO,EAAE,EACjB,gBAAgB,EAAE,MAAM,EAAE,EAC1B,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CAsCR;AAED,iBAAS,oBAAoB,CAC3B,SAAS,EAAE,MAAM,EACjB,mBAAmB,EAAE,kBAAkB,EAAE,EACzC,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CAwCR;AAqBD,iBAAS,8BAA8B,CACrC,SAAS,EACL,sBAAsB,GACtB,kBAAkB,GAClB,uBAAuB,EAC3B,OAAO,GAAE,+BAAoC,GAC5C,GAAG,CAaL;AAED,iBAAS,uBAAuB,CAC9B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,CACR,sBAAsB,GACtB,kBAAkB,GAClB,uBAAuB,GACvB,IAAI,CACP,EAAE,EACH,OAAO,GAAE,+BAAoC,GAC5C,MAAM,CAgDR;AAED,iBAAS,0BAA0B,CACjC,SAAS,EAAE,OAAO,EAAE,EACpB,SAAS,SAAI,GACZ,MAAM,CAsBR;AAeD,iBAAS,cAAc,CAAC,SAAS,EAAE,MAAM,WAUxC;AAED,OAAO,EACL,yBAAyB,EACzB,qBAAqB,EACrB,0BAA0B,EAC1B,8BAA8B,EAC9B,6BAA6B,EAC7B,8BAA8B,EAC9B,kCAAkC,EAClC,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,uBAAuB,EACvB,0BAA0B,EAC1B,YAAY,EACZ,gBAAgB,EAChB,8BAA8B,EAC9B,cAAc,GACf,CAAA;AACD,YAAY,EAAE,kBAAkB,EAAE,CAAA"}

package/dist/src/modules/validators/core.js CHANGED Viewed

@@ -35,6 +35,18 @@ const WEBAUTHN_V0_VALIDATOR_ADDRESS = '0x0000000000578c4cb0e472a5462da43c495c3f3
 exports.WEBAUTHN_V0_VALIDATOR_ADDRESS = WEBAUTHN_V0_VALIDATOR_ADDRESS;
 const ECDSA_MOCK_SIGNATURE = '0x81d4b4981670cb18f99f0b4a66446df1bf5b204d24cfcb659bf38ba27a4359b5711649ec2423c5e1247245eba2964679b6a1dbb85c992ae40b9b00c6935b02ff1b';
 const WEBAUTHN_MOCK_SIGNATURE = '0x0000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000001b9b86eb98fda3ed4d797d9e690588dfadf17b329a76a47cec935bebf92d7ddc80000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000c00000000000000000000000000000000000000000000000000000000000000120000000000000000000000000000000000000000000000000000000000000001700000000000000000000000000000000000000000000000000000000000000019b2e9410bb6850f9f660a03d609d5a844fb96bcdc87a15139b03ee22c70f469100d2b865a215c3bf786387064effa8fcedcb1d625b5148f8a1236d5e3ff11acf000000000000000000000000000000000000000000000000000000000000002549960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000867b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a22396a4546696a75684557724d34534f572d7443684a625545484550343456636a634a2d42716f3166544d38222c226f726967696e223a22687474703a2f2f6c6f63616c686f73743a38303830222c2263726f73734f726967696e223a66616c73657d0000000000000000000000000000000000000000000000000000';
+// Bare WebAuthnAuth[] mock for the MFA sub-validator path.
+// Encodes a single dummy WebAuthnAuth entry matching WEBAUTHN_MOCK_SIGNATURE's inner auth data.
+const WEBAUTHN_MFA_MOCK_SIGNATURE = (0, mfa_webauthn_1.encodeMfaWebAuthnSignature)([
+    {
+        authenticatorData: '0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000100000000000000000000000000000000000000000000000000000000',
+        clientDataJSON: '{"type":"webauthn.get","challenge":"9jEFijuhEWrM4SOW-tChJbUEHEP44VcjcJ-Bqo1fTM8","origin":"http://localhost:8080","crossOrigin":false}',
+        challengeIndex: 23n,
+        typeIndex: 1n,
+        r: 70235888126729571064571568093815785379960052049327803024461697693617897013393n,
+        s: 612003553534680706344989555478059265065082866949551793736049920959897505487n,
+    },
+]);
 function getOwnerValidator(config) {
     if (!config.owners) {
         throw new error_1.OwnersFieldRequiredError();
@@ -55,16 +67,13 @@ function getMockSignature(ownerSet) {
         case 'multi-factor': {
             const mockValidators = ownerSet.validators.map((validator, index) => {
                 const validatorModule = getValidator(validator);
+                // For passkey sub-validators: produce bare WebAuthnAuth[] (the format
+                // validateSignatureWithData expects). For all others: use the normal mock.
                 const signature = validator.type === 'passkey'
-                    ? (0, mfa_webauthn_1.extractMfaWebAuthnSignatureFromPasskeySignature)(getMockSignature(validator))
+                    ? WEBAUTHN_MFA_MOCK_SIGNATURE
                     : getMockSignature(validator);
                 return {
-                    packedValidatorAndId: (0, viem_1.encodePacked)(['bytes12', 'address'], [
-                        (0, viem_1.pad)((0, viem_1.toHex)(index), {
-                            size: 12,
-                        }),
-                        validatorModule.address,
-                    ]),
+                    packedValidatorAndId: (0, viem_1.encodePacked)(['bytes12', 'address'], [(0, viem_1.pad)((0, viem_1.toHex)(index), { size: 12 }), validatorModule.address]),
                     data: signature,
                 };
             });

package/dist/src/modules/validators/webauthn-contract.d.ts CHANGED Viewed

@@ -12,9 +12,6 @@ declare const WEBAUTHN_VALIDATOR_ABI: readonly [{
     }, {
         readonly name: "pubKeyY";
         readonly type: "uint256";
-    }, {
-        readonly name: "account";
-        readonly type: "address";
     }];
     readonly outputs: readonly [{
         readonly name: "";
@@ -145,7 +142,7 @@ declare const WEBAUTHN_VALIDATOR_ABI: readonly [{
  * @param provider Optional provider configuration
  * @returns Promise resolving to the credential ID
  */
-declare function generateCredentialId(pubKeyX: bigint, pubKeyY: bigint, accountAddress: Address, chain: Chain, provider?: ProviderConfig): Promise<Hex>;
+declare function generateCredentialId(pubKeyX: bigint, pubKeyY: bigint, chain: Chain, provider?: ProviderConfig): Promise<Hex>;
 /**
  * Gets all credential IDs for an account
  * @param accountAddress Address of the account

package/dist/src/modules/validators/webauthn-contract.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"webauthn-contract.d.ts","sourceRoot":"","sources":["../../../../modules/validators/webauthn-contract.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,KAAK,EAGV,KAAK,GAAG,EACT,MAAM,MAAM,CAAA;AAGb,OAAO,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAGvD;;GAEG;AACH,QAAA,MAAM,sBAAsB~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyFlB~~,CAAA;AAEV;;;;;;;;GAQG;AACH,iBAAe,oBAAoB,CACjC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,~~cAAc,EAAE,OAAO,EACvB,~~KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,GAAG,CAAC,CAcd;AAED;;;;;;GAMG;AACH,iBAAe,gBAAgB,CAC7B,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,GAAG,EAAE,CAAC,CAchB;AAED;;;;;;;GAOG;AACH,iBAAe,iBAAiB,CAC9B,YAAY,EAAE,GAAG,EACjB,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;;;;GAQG;AACH,iBAAe,aAAa,CAC1B,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;;GAMG;AACH,iBAAS,aAAa,CACpB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,SAAS,UAAQ,GAChB,IAAI,CAUN;AAED;;;;;GAKG;AACH,iBAAS,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAUhE;AAED;;;;GAIG;AACH,iBAAS,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAU7C;AAED;;;;;;;GAOG;AACH,iBAAe,iBAAiB,CAC9B,YAAY,EAAE,GAAG,EACjB,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC;IACT,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,OAAO,CAAA;CACnB,CAAC,CAeD;AAED;;;;;;GAMG;AACH,iBAAe,YAAY,CACzB,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,MAAM,CAAC,CAcjB;AAED;;;;;;GAMG;AACH,iBAAe,cAAc,CAC3B,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CACR,KAAK,CAAC;IACJ,YAAY,EAAE,GAAG,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,OAAO,CAAA;CACnB,CAAC,CACH,CAqBA;AAED,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,sBAAsB,GACvB,CAAA"}
1	+ {"version":3,"file":"webauthn-contract.d.ts","sourceRoot":"","sources":["../../../../modules/validators/webauthn-contract.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,KAAK,EAGV,KAAK,GAAG,EACT,MAAM,MAAM,CAAA;AAGb,OAAO,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAGvD;;GAEG;AACH,QAAA,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwFlB,CAAA;AAEV;;;;;;;;GAQG;AACH,iBAAe,oBAAoB,CACjC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,GAAG,CAAC,CAcd;AAED;;;;;;GAMG;AACH,iBAAe,gBAAgB,CAC7B,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,GAAG,EAAE,CAAC,CAchB;AAED;;;;;;;GAOG;AACH,iBAAe,iBAAiB,CAC9B,YAAY,EAAE,GAAG,EACjB,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;;;;GAQG;AACH,iBAAe,aAAa,CAC1B,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;;GAMG;AACH,iBAAS,aAAa,CACpB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,SAAS,UAAQ,GAChB,IAAI,CAUN;AAED;;;;;GAKG;AACH,iBAAS,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAUhE;AAED;;;;GAIG;AACH,iBAAS,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAU7C;AAED;;;;;;;GAOG;AACH,iBAAe,iBAAiB,CAC9B,YAAY,EAAE,GAAG,EACjB,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC;IACT,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,OAAO,CAAA;CACnB,CAAC,CAeD;AAED;;;;;;GAMG;AACH,iBAAe,YAAY,CACzB,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,MAAM,CAAC,CAcjB;AAED;;;;;;GAMG;AACH,iBAAe,cAAc,CAC3B,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CACR,KAAK,CAAC;IACJ,YAAY,EAAE,GAAG,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,OAAO,CAAA;CACnB,CAAC,CACH,CAqBA;AAED,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,sBAAsB,GACvB,CAAA"}

package/dist/src/modules/validators/webauthn-contract.js CHANGED Viewed

@@ -24,7 +24,6 @@ const WEBAUTHN_VALIDATOR_ABI = [
         inputs: [
             { name: 'pubKeyX', type: 'uint256' },
             { name: 'pubKeyY', type: 'uint256' },
-            { name: 'account', type: 'address' },
         ],
         outputs: [{ name: '', type: 'bytes32' }],
         stateMutability: 'pure',
@@ -117,7 +116,7 @@ exports.WEBAUTHN_VALIDATOR_ABI = WEBAUTHN_VALIDATOR_ABI;
  * @param provider Optional provider configuration
  * @returns Promise resolving to the credential ID
  */
-async function generateCredentialId(pubKeyX, pubKeyY, accountAddress, chain, provider) {
+async function generateCredentialId(pubKeyX, pubKeyY, chain, provider) {
     const publicClient = (0, viem_1.createPublicClient)({
         chain,
         transport: (0, utils_1.createTransport)(chain, provider),
@@ -126,7 +125,7 @@ async function generateCredentialId(pubKeyX, pubKeyY, accountAddress, chain, pro
         abi: WEBAUTHN_VALIDATOR_ABI,
         address: core_1.WEBAUTHN_VALIDATOR_ADDRESS,
         functionName: 'generateCredentialId',
-        args: [pubKeyX, pubKeyY, accountAddress],
+        args: [pubKeyX, pubKeyY],
     });
     return result;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@charterlabs/rhinestone-sdk",
-  "version": "0.4.4",
+  "version": "0.4.5",
   "description": "Rhinestone SDK for Charter Labs",
   "author": {
     "name": "Charter Labs",