@introspectivelabs/x402-evm 0.1.0-beta.0 → 0.1.0-beta.10

package/dist/cjs/accounts/index.d.ts

@@ -0,0 +1,150 @@
+import { SmartAccount, WebAuthnAccount } from 'viem/account-abstraction';
+import { b as ToSafeSmartAccountParams, T as ToP256SafeSmartAccountParams } from '../types-lO5B0FRc.js';
+export { P as P256Signer, S as SafeMessageSigner, a as SignerConfig } from '../types-lO5B0FRc.js';
+import { PublicClient, Transport, Chain, Hex } from 'viem';
+
+/**
+ * Creates a Safe SmartAccount with a unified signer configuration.
+ *
+ * Dispatches to the appropriate implementation based on `signerConfig.type`:
+ * - `"p256"`: P256 contract owner (existing `toP256SafeSmartAccount`)
+ * - `"webauthn"`: WebAuthn passkey via permissionless native support
+ * - `"multi"`: Both P256 and WebAuthn owners on a single Safe
+ *
+ * @example
+ * ```typescript
+ * // P256 only
+ * const account = await toSafeSmartAccount({
+ *   client,
+ *   signerConfig: { type: "p256", p256Signer },
+ * });
+ *
+ * // WebAuthn only
+ * const account = await toSafeSmartAccount({
+ *   client,
+ *   signerConfig: { type: "webauthn", webAuthnAccount },
+ * });
+ *
+ * // Multi-signer (threshold 1, P256 signs by default)
+ * const account = await toSafeSmartAccount({
+ *   client,
+ *   signerConfig: {
+ *     type: "multi",
+ *     signers: { p256: p256Signer, webAuthn: webAuthnAccount },
+ *     threshold: 1,
+ *   },
+ * });
+ * ```
+ */
+declare function toSafeSmartAccount(params: ToSafeSmartAccountParams): Promise<SmartAccount>;
+
+/**
+ * Creates a Safe SmartAccount that signs UserOperations with a P256 contract owner.
+ *
+ * This wraps permissionless's `toSafeSmartAccount` and overrides `signUserOperation`
+ * to produce P256 signatures in Safe's contract signature format (v=0). The resulting
+ * account is compatible with `SafeAccountSigner` and `ExactEvmSchemeERC4337`.
+ *
+ * The caller is responsible for:
+ * - Deploying the P256Owner contract (or computing its deterministic address)
+ * - Providing the `sign()` function (e.g., using `@noble/curves/p256` with `prehash: false`)
+ * - Ensuring the P256Owner is an owner of the Safe
+ *
+ * @example
+ * ```typescript
+ * import { toP256SafeSmartAccount } from '@introspectivelabs/x402-evm';
+ * import { p256 } from '@noble/curves/p256';
+ *
+ * const account = await toP256SafeSmartAccount({
+ *   client: publicClient,
+ *   p256Signer: {
+ *     p256OwnerAddress: '0x349c...',
+ *     sign: async (hash) => {
+ *       const sig = p256.sign(hash.slice(2), privateKey, { prehash: false, lowS: true });
+ *       return {
+ *         r: `0x${sig.r.toString(16).padStart(64, '0')}`,
+ *         s: `0x${sig.s.toString(16).padStart(64, '0')}`,
+ *       };
+ *     },
+ *   },
+ *   safeAddress: '0x...',
+ * });
+ *
+ * const scheme = new ExactEvmSchemeERC4337({ account });
+ * ```
+ */
+declare function toP256SafeSmartAccount(params: ToP256SafeSmartAccountParams): Promise<SmartAccount>;
+
+type ToWebAuthnSafeSmartAccountParams = {
+    client: PublicClient<Transport, Chain>;
+    webAuthnAccount: WebAuthnAccount;
+    safeAddress?: Hex;
+    entryPoint?: {
+        address: Hex;
+        version: "0.7";
+    };
+    safe4337ModuleAddress?: Hex;
+    safeWebAuthnSharedSignerAddress?: Hex;
+};
+/**
+ * Creates a Safe SmartAccount that signs UserOperations with a WebAuthn passkey.
+ */
+declare function toWebAuthnSafeSmartAccount(params: ToWebAuthnSafeSmartAccountParams): Promise<SmartAccount>;
+
+/**
+ * Encodes a signature in Safe's contract signature format (v=0).
+ *
+ * Safe's `checkNSignatures` expects this layout for contract owners:
+ *
+ * Static part (65 bytes):
+ *   - r (32 bytes): owner address padded to 32 bytes
+ *   - s (32 bytes): offset to dynamic data (relative to start of signatures)
+ *   - v (1 byte):   0x00 (indicates contract signature)
+ *
+ * Dynamic part (at the offset):
+ *   - length (32 bytes): length of the signature data
+ *   - data (variable):   the actual signature bytes
+ *
+ * For a single signer, the static part is 65 bytes, so the dynamic data
+ * starts at offset 65.
+ */
+declare function encodeContractSignature(ownerAddress: Hex, signatureData: Hex): Hex;
+
+interface SafeOpHashParams {
+    sender: Hex;
+    nonce: bigint;
+    factory?: Hex | null;
+    factoryData?: Hex | null;
+    callData: Hex;
+    verificationGasLimit: bigint;
+    callGasLimit: bigint;
+    preVerificationGas: bigint;
+    maxPriorityFeePerGas: bigint;
+    maxFeePerGas: bigint;
+    paymaster?: Hex | null;
+    paymasterVerificationGasLimit?: bigint | null;
+    paymasterPostOpGasLimit?: bigint | null;
+    paymasterData?: Hex | null;
+}
+/**
+ * Computes the EIP-712 SafeOp hash that Safe4337Module uses for signature verification.
+ *
+ * The Safe4337Module converts the EntryPoint v0.7 UserOperation into a SafeOp struct,
+ * packing initCode and paymasterAndData into their v0.6-style concatenated forms,
+ * then hashes the struct using EIP-712.
+ */
+declare function computeSafeOpHash(userOp: SafeOpHashParams, chainId: number, safe4337ModuleAddress?: Hex, entryPointAddress?: Hex): Hex;
+
+/**
+ * Extracts P256 public key coordinates from a WebAuthn credential.
+ *
+ * Replaces `extractPasskeyData` from `@safe-global/protocol-kit`.
+ * Uses only the Web Crypto API (no external dependencies).
+ */
+declare function extractPasskeyCoordinates(credential: PublicKeyCredential): Promise<{
+    rawId: string;
+    x: Hex;
+    y: Hex;
+}>;
+
+export { type SafeOpHashParams, ToP256SafeSmartAccountParams, ToSafeSmartAccountParams, type ToWebAuthnSafeSmartAccountParams, computeSafeOpHash, encodeContractSignature, extractPasskeyCoordinates, toP256SafeSmartAccount, toSafeSmartAccount, toWebAuthnSafeSmartAccount };

package/dist/cjs/accounts/index.js

@@ -0,0 +1,476 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/accounts/index.ts
+var accounts_exports = {};
+__export(accounts_exports, {
+  computeSafeOpHash: () => computeSafeOpHash,
+  encodeContractSignature: () => encodeContractSignature,
+  extractPasskeyCoordinates: () => extractPasskeyCoordinates,
+  toP256SafeSmartAccount: () => toP256SafeSmartAccount,
+  toSafeSmartAccount: () => toSafeSmartAccount3,
+  toWebAuthnSafeSmartAccount: () => toWebAuthnSafeSmartAccount
+});
+module.exports = __toCommonJS(accounts_exports);
+
+// src/accounts/toSafeSmartAccount.ts
+var import_viem4 = require("viem");
+var import_accounts3 = require("permissionless/accounts");
+
+// src/accounts/toP256SafeSmartAccount.ts
+var import_viem3 = require("viem");
+var import_accounts = require("permissionless/accounts");
+
+// src/accounts/encodeContractSignature.ts
+var import_viem = require("viem");
+function encodeContractSignature(ownerAddress, signatureData) {
+  const r = (0, import_viem.pad)(ownerAddress, { size: 32 });
+  const dynamicOffset = 65;
+  const s = (0, import_viem.pad)((0, import_viem.toHex)(dynamicOffset), { size: 32 });
+  const v = "0x00";
+  const signatureBytes = (signatureData.length - 2) / 2;
+  const length = (0, import_viem.pad)((0, import_viem.toHex)(signatureBytes), { size: 32 });
+  return (0, import_viem.concat)([r, s, v, length, signatureData]);
+}
+
+// src/accounts/computeSafeOpHash.ts
+var import_viem2 = require("viem");
+var SAFE_4337_MODULE_DEFAULT = "0x75cf11467937ce3F2f357CE24ffc3DBF8fD5c226";
+var ENTRYPOINT_V07 = "0x0000000071727De22E5E9d8BAf0edAc6f37da032";
+var SAFE_OP_TYPES = {
+  SafeOp: [
+    { type: "address", name: "safe" },
+    { type: "uint256", name: "nonce" },
+    { type: "bytes", name: "initCode" },
+    { type: "bytes", name: "callData" },
+    { type: "uint128", name: "verificationGasLimit" },
+    { type: "uint128", name: "callGasLimit" },
+    { type: "uint256", name: "preVerificationGas" },
+    { type: "uint128", name: "maxPriorityFeePerGas" },
+    { type: "uint128", name: "maxFeePerGas" },
+    { type: "bytes", name: "paymasterAndData" },
+    { type: "uint48", name: "validAfter" },
+    { type: "uint48", name: "validUntil" },
+    { type: "address", name: "entryPoint" }
+  ]
+};
+function computeSafeOpHash(userOp, chainId, safe4337ModuleAddress = SAFE_4337_MODULE_DEFAULT, entryPointAddress = ENTRYPOINT_V07) {
+  const initCode = userOp.factory && (0, import_viem2.isAddress)(userOp.factory) ? (0, import_viem2.concat)([userOp.factory, userOp.factoryData || "0x"]) : "0x";
+  let paymasterAndData = "0x";
+  if (userOp.paymaster && (0, import_viem2.isAddress)(userOp.paymaster)) {
+    paymasterAndData = (0, import_viem2.concat)([
+      userOp.paymaster,
+      (0, import_viem2.pad)((0, import_viem2.toHex)(userOp.paymasterVerificationGasLimit || 0n), { size: 16 }),
+      (0, import_viem2.pad)((0, import_viem2.toHex)(userOp.paymasterPostOpGasLimit || 0n), { size: 16 }),
+      userOp.paymasterData || "0x"
+    ]);
+  }
+  return (0, import_viem2.hashTypedData)({
+    domain: {
+      chainId,
+      verifyingContract: safe4337ModuleAddress
+    },
+    types: SAFE_OP_TYPES,
+    primaryType: "SafeOp",
+    message: {
+      safe: userOp.sender,
+      nonce: userOp.nonce,
+      initCode,
+      callData: userOp.callData,
+      verificationGasLimit: userOp.verificationGasLimit,
+      callGasLimit: userOp.callGasLimit,
+      preVerificationGas: userOp.preVerificationGas,
+      maxPriorityFeePerGas: userOp.maxPriorityFeePerGas,
+      maxFeePerGas: userOp.maxFeePerGas,
+      paymasterAndData,
+      validAfter: 0,
+      validUntil: 0,
+      entryPoint: entryPointAddress
+    }
+  });
+}
+
+// src/accounts/toP256SafeSmartAccount.ts
+var SAFE_4337_MODULE_DEFAULT2 = "0x75cf11467937ce3F2f357CE24ffc3DBF8fD5c226";
+var ENTRYPOINT_V07_ADDRESS = "0x0000000071727De22E5E9d8BAf0edAc6f37da032";
+function createMockLocalAccount(address) {
+  const notImplemented = () => {
+    throw new Error("P256 contract owner: use signUserOperation instead");
+  };
+  return {
+    address,
+    type: "local",
+    source: "custom",
+    publicKey: "0x",
+    signMessage: notImplemented,
+    signTypedData: notImplemented,
+    signTransaction: notImplemented,
+    sign: notImplemented
+  };
+}
+async function toP256SafeSmartAccount(params) {
+  const safe4337ModuleAddress = params.safe4337ModuleAddress ?? SAFE_4337_MODULE_DEFAULT2;
+  const entryPointAddress = params.entryPoint?.address ?? ENTRYPOINT_V07_ADDRESS;
+  const mockOwner = createMockLocalAccount(params.p256Signer.p256OwnerAddress);
+  const baseAccount = await (0, import_accounts.toSafeSmartAccount)({
+    client: params.client,
+    owners: [mockOwner],
+    version: "1.5.0",
+    ...params.safeAddress ? { address: params.safeAddress } : {},
+    entryPoint: {
+      address: entryPointAddress,
+      version: "0.7"
+    },
+    safe4337ModuleAddress
+  });
+  const chainId = await params.client.getChainId();
+  return {
+    ...baseAccount,
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    async signUserOperation(userOp) {
+      const op = userOp;
+      const hashParams = {
+        sender: op.sender,
+        nonce: BigInt(op.nonce),
+        factory: op.factory ?? null,
+        factoryData: op.factoryData ?? null,
+        callData: op.callData,
+        verificationGasLimit: BigInt(op.verificationGasLimit),
+        callGasLimit: BigInt(op.callGasLimit),
+        preVerificationGas: BigInt(op.preVerificationGas),
+        maxPriorityFeePerGas: BigInt(op.maxPriorityFeePerGas),
+        maxFeePerGas: BigInt(op.maxFeePerGas),
+        paymaster: op.paymaster ?? null,
+        paymasterVerificationGasLimit: op.paymasterVerificationGasLimit ? BigInt(op.paymasterVerificationGasLimit) : null,
+        paymasterPostOpGasLimit: op.paymasterPostOpGasLimit ? BigInt(op.paymasterPostOpGasLimit) : null,
+        paymasterData: op.paymasterData ?? null
+      };
+      const safeOpHash = computeSafeOpHash(
+        hashParams,
+        chainId,
+        safe4337ModuleAddress,
+        entryPointAddress
+      );
+      const { r, s } = await params.p256Signer.sign(safeOpHash);
+      const rPadded = (0, import_viem3.pad)(r, { size: 32 });
+      const sPadded = (0, import_viem3.pad)(s, { size: 32 });
+      const p256Signature = (0, import_viem3.concat)([rPadded, sPadded]);
+      const contractSig = encodeContractSignature(
+        params.p256Signer.p256OwnerAddress,
+        p256Signature
+      );
+      const validAfter = (0, import_viem3.pad)((0, import_viem3.toHex)(0), { size: 6 });
+      const validUntil = (0, import_viem3.pad)((0, import_viem3.toHex)(0), { size: 6 });
+      return (0, import_viem3.concat)([validAfter, validUntil, contractSig]);
+    }
+  };
+}
+
+// src/accounts/toWebAuthnSafeSmartAccount.ts
+var import_accounts2 = require("permissionless/accounts");
+var SAFE_4337_MODULE_DEFAULT3 = "0x75cf11467937ce3F2f357CE24ffc3DBF8fD5c226";
+var ENTRYPOINT_V07_ADDRESS2 = "0x0000000071727De22E5E9d8BAf0edAc6f37da032";
+async function toWebAuthnSafeSmartAccount(params) {
+  const safe4337ModuleAddress = params.safe4337ModuleAddress ?? SAFE_4337_MODULE_DEFAULT3;
+  const entryPointAddress = params.entryPoint?.address ?? ENTRYPOINT_V07_ADDRESS2;
+  const baseAccount = await (0, import_accounts2.toSafeSmartAccount)({
+    client: params.client,
+    owners: [params.webAuthnAccount],
+    version: "1.5.0",
+    ...params.safeAddress ? { address: params.safeAddress } : {},
+    entryPoint: {
+      address: entryPointAddress,
+      version: "0.7"
+    },
+    safe4337ModuleAddress,
+    ...params.safeWebAuthnSharedSignerAddress ? { safeWebAuthnSharedSignerAddress: params.safeWebAuthnSharedSignerAddress } : {}
+  });
+  return baseAccount;
+}
+
+// src/accounts/toSafeSmartAccount.ts
+var SAFE_4337_MODULE_DEFAULT4 = "0x75cf11467937ce3F2f357CE24ffc3DBF8fD5c226";
+var ENTRYPOINT_V07_ADDRESS3 = "0x0000000071727De22E5E9d8BAf0edAc6f37da032";
+var SAFE_WEBAUTHN_SHARED_SIGNER = "0xfD90FAd33ee8b58f32c00aceEad1358e4AFC23f9";
+async function toSafeSmartAccount3(params) {
+  const { signerConfig } = params;
+  switch (signerConfig.type) {
+    case "p256":
+      return toP256SafeSmartAccount({
+        client: params.client,
+        p256Signer: signerConfig.p256Signer,
+        safeAddress: params.safeAddress,
+        entryPoint: params.entryPoint,
+        safe4337ModuleAddress: params.safe4337ModuleAddress
+      });
+    case "webauthn":
+      return toWebAuthnSafeSmartAccount({
+        client: params.client,
+        webAuthnAccount: signerConfig.webAuthnAccount,
+        safeAddress: params.safeAddress,
+        entryPoint: params.entryPoint,
+        safe4337ModuleAddress: params.safe4337ModuleAddress,
+        safeWebAuthnSharedSignerAddress: signerConfig.safeWebAuthnSharedSignerAddress
+      });
+    case "multi":
+      return buildMultiSignerAccount(params, signerConfig.signers, signerConfig.threshold ?? 1);
+  }
+}
+function createMockLocalAccount2(address) {
+  const notImplemented = () => {
+    throw new Error("Mock owner: use signUserOperation instead");
+  };
+  return {
+    address,
+    type: "local",
+    source: "custom",
+    publicKey: "0x",
+    signMessage: notImplemented,
+    signTypedData: notImplemented,
+    signTransaction: notImplemented,
+    sign: notImplemented
+  };
+}
+async function encodeWebAuthnSignature(owner, hash) {
+  const { signature: signatureData, webauthn } = await owner.sign({ hash });
+  const sigBytes = signatureData.slice(2);
+  const r = BigInt("0x" + sigBytes.slice(0, 64));
+  const s = BigInt("0x" + sigBytes.slice(64, 128));
+  const match = webauthn.clientDataJSON.match(
+    /^\{"type":"webauthn.get","challenge":"[A-Za-z0-9\-_]{43}",(.*)\}$/
+  );
+  const clientDataFields = match ? match[1] : "";
+  return (0, import_viem4.encodeAbiParameters)(
+    [
+      { name: "authenticatorData", type: "bytes" },
+      { name: "clientDataFields", type: "string" },
+      { name: "signature", type: "uint256[2]" }
+    ],
+    [webauthn.authenticatorData, clientDataFields, [r, s]]
+  );
+}
+async function buildMultiSignerAccount(params, signers, threshold) {
+  if (!signers.p256 && !signers.webAuthn) {
+    throw new Error("Multi-signer config requires at least one signer");
+  }
+  if (signers.p256 && !signers.webAuthn) {
+    return toP256SafeSmartAccount({
+      client: params.client,
+      p256Signer: signers.p256,
+      safeAddress: params.safeAddress,
+      entryPoint: params.entryPoint,
+      safe4337ModuleAddress: params.safe4337ModuleAddress
+    });
+  }
+  if (signers.webAuthn && !signers.p256) {
+    const signerConfig = params.signerConfig;
+    const sharedSignerAddr = signerConfig.type === "multi" ? signerConfig.safeWebAuthnSharedSignerAddress : void 0;
+    return toWebAuthnSafeSmartAccount({
+      client: params.client,
+      webAuthnAccount: signers.webAuthn,
+      safeAddress: params.safeAddress,
+      entryPoint: params.entryPoint,
+      safe4337ModuleAddress: params.safe4337ModuleAddress,
+      safeWebAuthnSharedSignerAddress: sharedSignerAddr
+    });
+  }
+  const p256Signer = signers.p256;
+  const webAuthnAccount = signers.webAuthn;
+  const safe4337ModuleAddress = params.safe4337ModuleAddress ?? SAFE_4337_MODULE_DEFAULT4;
+  const entryPointAddress = params.entryPoint?.address ?? ENTRYPOINT_V07_ADDRESS3;
+  const mockP256Owner = createMockLocalAccount2(p256Signer.p256OwnerAddress);
+  const baseAccount = await (0, import_accounts3.toSafeSmartAccount)({
+    client: params.client,
+    owners: [mockP256Owner, webAuthnAccount],
+    version: "1.5.0",
+    threshold: BigInt(threshold),
+    ...params.safeAddress ? { address: params.safeAddress } : {},
+    entryPoint: {
+      address: entryPointAddress,
+      version: "0.7"
+    },
+    safe4337ModuleAddress
+  });
+  const chainId = await params.client.getChainId();
+  if (threshold >= 2) {
+    return buildThreshold2Account(
+      baseAccount,
+      p256Signer,
+      webAuthnAccount,
+      chainId,
+      safe4337ModuleAddress,
+      entryPointAddress
+    );
+  }
+  return buildThreshold1Account(
+    baseAccount,
+    p256Signer,
+    chainId,
+    safe4337ModuleAddress,
+    entryPointAddress
+  );
+}
+function buildThreshold1Account(baseAccount, p256Signer, chainId, safe4337ModuleAddress, entryPointAddress) {
+  return {
+    ...baseAccount,
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    async signUserOperation(userOp) {
+      const safeOpHash = computeSafeOpHash(
+        extractSafeOpHashParams(userOp),
+        chainId,
+        safe4337ModuleAddress,
+        entryPointAddress
+      );
+      const { r, s } = await p256Signer.sign(safeOpHash);
+      const rPadded = (0, import_viem4.pad)(r, { size: 32 });
+      const sPadded = (0, import_viem4.pad)(s, { size: 32 });
+      const p256Signature = (0, import_viem4.concat)([rPadded, sPadded]);
+      const contractSig = encodeContractSignature(
+        p256Signer.p256OwnerAddress,
+        p256Signature
+      );
+      const validAfter = (0, import_viem4.pad)((0, import_viem4.toHex)(0), { size: 6 });
+      const validUntil = (0, import_viem4.pad)((0, import_viem4.toHex)(0), { size: 6 });
+      return (0, import_viem4.concat)([validAfter, validUntil, contractSig]);
+    }
+  };
+}
+function buildThreshold2Account(baseAccount, p256Signer, webAuthnAccount, chainId, safe4337ModuleAddress, entryPointAddress) {
+  return {
+    ...baseAccount,
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    async signUserOperation(userOp) {
+      const safeOpHash = computeSafeOpHash(
+        extractSafeOpHashParams(userOp),
+        chainId,
+        safe4337ModuleAddress,
+        entryPointAddress
+      );
+      const { r, s } = await p256Signer.sign(safeOpHash);
+      const rPadded = (0, import_viem4.pad)(r, { size: 32 });
+      const sPadded = (0, import_viem4.pad)(s, { size: 32 });
+      const p256SignatureData = (0, import_viem4.concat)([rPadded, sPadded]);
+      const webAuthnSignatureData = await encodeWebAuthnSignature(
+        webAuthnAccount,
+        safeOpHash
+      );
+      const p256SignerAddress = p256Signer.p256OwnerAddress.toLowerCase();
+      const webAuthnSignerAddress = SAFE_WEBAUTHN_SHARED_SIGNER.toLowerCase();
+      const signerEntries = [
+        {
+          address: p256SignerAddress,
+          data: p256SignatureData,
+          dynamic: true,
+          contractOwner: true
+        },
+        {
+          address: webAuthnSignerAddress,
+          data: webAuthnSignatureData,
+          dynamic: true,
+          contractOwner: false
+        }
+      ].sort((a, b) => a.address < b.address ? -1 : 1);
+      const concatenatedSig = concatSafeSignatures(signerEntries);
+      const validAfter = (0, import_viem4.pad)((0, import_viem4.toHex)(0), { size: 6 });
+      const validUntil = (0, import_viem4.pad)((0, import_viem4.toHex)(0), { size: 6 });
+      return (0, import_viem4.concat)([validAfter, validUntil, concatenatedSig]);
+    }
+  };
+}
+function concatSafeSignatures(entries) {
+  const staticPartSize = 65;
+  const totalStaticSize = staticPartSize * entries.length;
+  const staticParts = [];
+  const dynamicParts = [];
+  let dynamicOffset = totalStaticSize;
+  for (const entry of entries) {
+    if (entry.dynamic) {
+      const r = (0, import_viem4.pad)(entry.address, { size: 32 });
+      const s = (0, import_viem4.pad)((0, import_viem4.toHex)(dynamicOffset), { size: 32 });
+      const v = "0x00";
+      staticParts.push((0, import_viem4.concat)([r, s, v]));
+      const dataBytes = (entry.data.length - 2) / 2;
+      const length = (0, import_viem4.pad)((0, import_viem4.toHex)(dataBytes), { size: 32 });
+      dynamicParts.push((0, import_viem4.concat)([length, entry.data]));
+      dynamicOffset += 32 + dataBytes;
+    } else {
+      staticParts.push(entry.data);
+    }
+  }
+  return (0, import_viem4.concat)([...staticParts, ...dynamicParts]);
+}
+function extractSafeOpHashParams(userOp) {
+  const op = userOp;
+  return {
+    sender: op.sender,
+    nonce: BigInt(op.nonce),
+    factory: op.factory ?? null,
+    factoryData: op.factoryData ?? null,
+    callData: op.callData,
+    verificationGasLimit: BigInt(op.verificationGasLimit),
+    callGasLimit: BigInt(op.callGasLimit),
+    preVerificationGas: BigInt(op.preVerificationGas),
+    maxPriorityFeePerGas: BigInt(op.maxPriorityFeePerGas),
+    maxFeePerGas: BigInt(op.maxFeePerGas),
+    paymaster: op.paymaster ?? null,
+    paymasterVerificationGasLimit: op.paymasterVerificationGasLimit ? BigInt(op.paymasterVerificationGasLimit) : null,
+    paymasterPostOpGasLimit: op.paymasterPostOpGasLimit ? BigInt(op.paymasterPostOpGasLimit) : null,
+    paymasterData: op.paymasterData ?? null
+  };
+}
+
+// src/accounts/extractPasskeyCoordinates.ts
+function bufferToHex(buffer) {
+  return Array.from(new Uint8Array(buffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function base64urlToHex(base64url) {
+  const base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
+  const binary = atob(base64);
+  return Array.from(binary, (c) => c.charCodeAt(0).toString(16).padStart(2, "0")).join("");
+}
+async function extractPasskeyCoordinates(credential) {
+  const rawId = bufferToHex(credential.rawId);
+  const response = credential.response;
+  const publicKey = response.getPublicKey();
+  if (!publicKey) throw new Error("Failed to extract public key from credential");
+  const key = await crypto.subtle.importKey(
+    "spki",
+    publicKey,
+    { name: "ECDSA", namedCurve: "P-256" },
+    true,
+    ["verify"]
+  );
+  const jwk = await crypto.subtle.exportKey("jwk", key);
+  if (!jwk.x || !jwk.y) throw new Error("Missing coordinates in JWK");
+  return {
+    rawId,
+    x: "0x" + base64urlToHex(jwk.x),
+    y: "0x" + base64urlToHex(jwk.y)
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  computeSafeOpHash,
+  encodeContractSignature,
+  extractPasskeyCoordinates,
+  toP256SafeSmartAccount,
+  toSafeSmartAccount,
+  toWebAuthnSafeSmartAccount
+});
+//# sourceMappingURL=index.js.map