@opendatalabs/vana-sdk 3.0.1 → 3.2.0

package/dist/index.node.cjs

@@ -1173,6 +1173,9 @@ var init_browser2 = __esm({
 // src/index.node.ts
 var index_node_exports = {};
 __export(index_node_exports, {
+  ACCOUNT_PERSONAL_SERVER_REGISTRATION_INTENT: () => ACCOUNT_PERSONAL_SERVER_REGISTRATION_INTENT,
+  AccountPersonalServerLiteOwnerBindingError: () => AccountPersonalServerLiteOwnerBindingError,
+  AccountPersonalServerRegistrationError: () => AccountPersonalServerRegistrationError,
   BUILDER_REGISTRATION_TYPES: () => BUILDER_REGISTRATION_TYPES,
   BlockchainError: () => BlockchainError,
   BrowserPlatformAdapter: () => BrowserPlatformAdapter,
@@ -1199,6 +1202,12 @@ __export(index_node_exports, {
   NodeECIESProvider: () => NodeECIESUint8Provider,
   NodePlatformAdapter: () => NodePlatformAdapter,
   NonceError: () => NonceError,
+  OAuthClient: () => OAuthClient,
+  PERSONAL_SERVER_LITE_OWNER_BINDING_PREFIX: () => PERSONAL_SERVER_LITE_OWNER_BINDING_PREFIX,
+  PERSONAL_SERVER_LITE_OWNER_BINDING_PURPOSE: () => PERSONAL_SERVER_LITE_OWNER_BINDING_PURPOSE,
+  PERSONAL_SERVER_LITE_OWNER_BINDING_VERSION: () => PERSONAL_SERVER_LITE_OWNER_BINDING_VERSION,
+  PERSONAL_SERVER_REGISTRATION_DEFAULT_CHAIN_ID: () => PERSONAL_SERVER_REGISTRATION_DEFAULT_CHAIN_ID,
+  PERSONAL_SERVER_REGISTRATION_DEFAULT_VERIFYING_CONTRACT: () => PERSONAL_SERVER_REGISTRATION_DEFAULT_VERIFYING_CONTRACT,
   PKCE_CHALLENGE_PATTERN: () => PKCE_CHALLENGE_PATTERN,
   PKCE_VERIFIER_PATTERN: () => PKCE_VERIFIER_PATTERN,
   PSError: () => PSError,
@@ -1220,6 +1229,10 @@ __export(index_node_exports, {
   VanaError: () => VanaError,
   VanaStorage: () => VanaStorage,
   assertValidPkceVerifier: () => assertValidPkceVerifier,
+  buildPersonalServerLiteOwnerBindingMessage: () => buildPersonalServerLiteOwnerBindingMessage,
+  buildPersonalServerLiteOwnerBindingSignature: () => buildPersonalServerLiteOwnerBindingSignature,
+  buildPersonalServerRegistrationSignature: () => buildPersonalServerRegistrationSignature,
+  buildPersonalServerRegistrationTypedData: () => buildPersonalServerRegistrationTypedData,
   buildWeb3SignedHeader: () => buildWeb3SignedHeader,
   builderRegistrationDomain: () => builderRegistrationDomain,
   chains: () => chains,
@@ -1235,6 +1248,8 @@ __export(index_node_exports, {
   createPlatformAdapterFor: () => createPlatformAdapterFor,
   createPlatformAdapterSafe: () => createPlatformAdapterSafe,
   createVanaStorageProvider: () => createVanaStorageProvider,
+  createViemPersonalServerLiteOwnerBindingSigner: () => createViemPersonalServerLiteOwnerBindingSigner,
+  createViemPersonalServerRegistrationSigner: () => createViemPersonalServerRegistrationSigner,
   decryptWithPassword: () => decryptWithPassword,
   deriveMasterKey: () => deriveMasterKey,
   deriveScopeKey: () => deriveScopeKey,
@@ -1264,12 +1279,17 @@ __export(index_node_exports, {
   parsePSError: () => parsePSError,
   parseScope: () => parseScope,
   parseWeb3SignedHeader: () => parseWeb3SignedHeader,
+  personalServerRegistrationDomain: () => personalServerRegistrationDomain,
   recoverServerOwner: () => recoverServerOwner,
+  registerPersonalServerSignature: () => registerPersonalServerSignature,
   scopeCoveredByGrant: () => scopeCoveredByGrant,
   scopeMatchesPattern: () => scopeMatchesPattern,
   scopeToPathSegments: () => scopeToPathSegments,
   serializeECIES: () => serializeECIES,
   serverRegistrationDomain: () => serverRegistrationDomain,
+  signPersonalServerLiteOwnerBinding: () => signPersonalServerLiteOwnerBinding,
+  signPersonalServerLiteOwnerBindingWithAccountClient: () => signPersonalServerLiteOwnerBindingWithAccountClient,
+  signPersonalServerRegistrationWithAccount: () => signPersonalServerRegistrationWithAccount,
   vanaMainnet: () => vanaMainnet2,
   verifyGrantRegistration: () => verifyGrantRegistration,
   verifyPkceChallenge: () => verifyPkceChallenge,
@@ -29139,7 +29159,7 @@ async function buildWeb3SignedHeader(params) {
 }
 
 // src/storage/providers/vana-storage.ts
-var DEFAULT_ENDPOINT = "https://storage.vana.com";
+var DEFAULT_ENDPOINT = "https://storage.vana.org";
 var BLOB_PATH_PREFIX = "/v1/blobs";
 var DEFAULT_TOKEN_TTL_SECONDS = 300;
 var VanaStorage = class {
@@ -32402,6 +32422,228 @@ var InMemoryTokenStore = class {
   }
 };
 
+// src/auth/oauth-client.ts
+var VERIFIER_TTL_SECONDS = 600;
+var RESERVED_AUTHORIZE_PARAMS = /* @__PURE__ */ new Set([
+  "response_type",
+  "client_id",
+  "redirect_uri",
+  "scope",
+  "state",
+  "code_challenge",
+  "code_challenge_method"
+]);
+var OAuthClient = class {
+  #config;
+  constructor(config) {
+    const fetchImpl = config.fetchImpl ?? globalThis.fetch;
+    if (typeof fetchImpl !== "function") {
+      throw new TypeError(
+        "OAuthClient requires a global `fetch` or an explicit `fetchImpl`"
+      );
+    }
+    this.#config = {
+      authorizationEndpoint: config.authorizationEndpoint,
+      tokenEndpoint: config.tokenEndpoint,
+      clientId: config.clientId,
+      redirectUri: config.redirectUri,
+      scope: config.scope,
+      tokenStore: config.tokenStore ?? new InMemoryTokenStore(),
+      fetchImpl,
+      generateState: config.generateState ?? defaultGenerateState
+    };
+  }
+  /** Build the authorize URL and persist the PKCE verifier keyed by `state`. */
+  async buildAuthorizationUrl(opts = {}) {
+    const state = opts.state ?? this.#config.generateState();
+    const scope = opts.scope ?? this.#config.scope;
+    const verifier = generatePkceVerifier();
+    const challenge = await computePkceChallenge(verifier);
+    await this.#config.tokenStore.set(this.#verifierKey(state), {
+      token: verifier,
+      expiresAt: Math.floor(Date.now() / 1e3) + VERIFIER_TTL_SECONDS
+    });
+    const params = new URLSearchParams();
+    params.set("response_type", "code");
+    params.set("client_id", this.#config.clientId);
+    params.set("redirect_uri", this.#config.redirectUri);
+    if (scope !== void 0 && scope.length > 0) {
+      params.set("scope", scope);
+    }
+    params.set("state", state);
+    params.set("code_challenge", challenge);
+    params.set("code_challenge_method", "S256");
+    if (opts.extraParams !== void 0) {
+      for (const k of Object.keys(opts.extraParams)) {
+        if (RESERVED_AUTHORIZE_PARAMS.has(k)) {
+          throw new Error(
+            `extraParams may not override the reserved OAuth/PKCE parameter "${k}"`
+          );
+        }
+      }
+      for (const [k, v] of Object.entries(opts.extraParams)) {
+        params.set(k, v);
+      }
+    }
+    const sep = this.#config.authorizationEndpoint.includes("?") ? "&" : "?";
+    const url = `${this.#config.authorizationEndpoint}${sep}${params.toString()}`;
+    return { url, state };
+  }
+  /**
+   * Handle the redirect-callback URL. Validates `state`, retrieves the saved
+   * verifier, exchanges the authorization code + verifier for tokens, and
+   * persists them. Returns the access {@link TokenRecord}.
+   */
+  async handleCallback(callbackUrl) {
+    const parsed = new URL(callbackUrl);
+    const params = parsed.searchParams;
+    const errorCode = params.get("error");
+    if (errorCode !== null) {
+      throw new Error(
+        formatOAuthError({
+          error: errorCode,
+          error_description: params.get("error_description") ?? void 0
+        })
+      );
+    }
+    const code = params.get("code");
+    const state = params.get("state");
+    if (code === null || state === null) {
+      throw new Error("OAuth callback is missing `code` or `state`");
+    }
+    const verifierRecord = await this.#config.tokenStore.get(
+      this.#verifierKey(state)
+    );
+    if (verifierRecord === null) {
+      throw new Error(
+        "OAuth callback state does not match any in-flight verifier (possible CSRF or expired flow)"
+      );
+    }
+    const body = new URLSearchParams();
+    body.set("grant_type", "authorization_code");
+    body.set("code", code);
+    body.set("redirect_uri", this.#config.redirectUri);
+    body.set("client_id", this.#config.clientId);
+    body.set("code_verifier", verifierRecord.token);
+    let tokens;
+    try {
+      tokens = await this.#tokenRequest(body);
+    } finally {
+      await this.#config.tokenStore.delete(this.#verifierKey(state));
+    }
+    return this.#persistTokens(tokens);
+  }
+  /**
+   * Exchange a stored refresh token for a fresh access token. Throws if no
+   * refresh token is available.
+   */
+  async refresh() {
+    const refreshRecord = await this.#config.tokenStore.get(this.#refreshKey());
+    if (refreshRecord === null) {
+      throw new Error("OAuth refresh failed: no refresh token stored");
+    }
+    const body = new URLSearchParams();
+    body.set("grant_type", "refresh_token");
+    body.set("refresh_token", refreshRecord.token);
+    body.set("client_id", this.#config.clientId);
+    const tokens = await this.#tokenRequest(body);
+    return this.#persistTokens(tokens, refreshRecord.token);
+  }
+  /**
+   * Get the current access token if valid (refreshing first if expired and a
+   * refresh token is available). Returns `null` when no usable token exists.
+   */
+  async getAccessToken() {
+    const stored = await this.#config.tokenStore.get(this.#accessKey());
+    if (stored !== null) return stored.token;
+    const refresh = await this.#config.tokenStore.get(this.#refreshKey());
+    if (refresh === null) return null;
+    try {
+      const refreshed = await this.refresh();
+      return refreshed.token;
+    } catch {
+      return null;
+    }
+  }
+  /** Forget tokens (logout). Does NOT call any remote revocation endpoint. */
+  async signOut() {
+    await this.#config.tokenStore.delete(this.#accessKey());
+    await this.#config.tokenStore.delete(this.#refreshKey());
+  }
+  #accessKey() {
+    return `oauth:tokens:${this.#config.clientId}`;
+  }
+  #refreshKey() {
+    return `oauth:refresh:${this.#config.clientId}`;
+  }
+  #verifierKey(state) {
+    return `oauth:verifier:${state}`;
+  }
+  async #tokenRequest(body) {
+    const response = await this.#config.fetchImpl(this.#config.tokenEndpoint, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        Accept: "application/json"
+      },
+      body: body.toString()
+    });
+    const text = await response.text();
+    const parsed = parseJsonBody(text);
+    if (!response.ok) {
+      throw new Error(formatOAuthError(parsed ?? {}, response.status));
+    }
+    if (parsed === null || typeof parsed !== "object" || typeof parsed.access_token !== "string") {
+      throw new Error(
+        "OAuth token endpoint returned a response without an `access_token` string"
+      );
+    }
+    return parsed;
+  }
+  async #persistTokens(tokens, previousRefreshToken) {
+    const record = { token: tokens.access_token };
+    if (typeof tokens.expires_in === "number" && tokens.expires_in > 0) {
+      record.expiresAt = Math.floor(Date.now() / 1e3) + tokens.expires_in;
+    }
+    await this.#config.tokenStore.set(this.#accessKey(), record);
+    const newRefresh = tokens.refresh_token ?? previousRefreshToken;
+    if (newRefresh !== void 0) {
+      await this.#config.tokenStore.set(this.#refreshKey(), {
+        token: newRefresh
+      });
+    }
+    return record;
+  }
+};
+function defaultGenerateState() {
+  const bytes = new Uint8Array(24);
+  crypto.getRandomValues(bytes);
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function parseJsonBody(text) {
+  if (text.length === 0) return null;
+  try {
+    return JSON.parse(text);
+  } catch {
+    return null;
+  }
+}
+function formatOAuthError(body, status) {
+  const parts = ["OAuth token request failed"];
+  if (status !== void 0) parts.push(`(HTTP ${String(status)})`);
+  if (body.error !== void 0 && body.error.length > 0) {
+    parts.push(`: ${body.error}`);
+    if (body.error_description !== void 0 && body.error_description.length > 0) {
+      parts.push(`- ${body.error_description}`);
+    }
+  }
+  return parts.join(" ").replace(" : ", ": ").replace(" - ", " - ");
+}
+
 // src/protocol/eip712.ts
 var DOMAIN_NAME = "Vana Data Portability";
 var DOMAIN_VERSION = "1";
@@ -32481,8 +32723,429 @@ var BUILDER_REGISTRATION_TYPES = {
   ]
 };
 
-// src/protocol/grants.ts
+// src/protocol/personal-server-registration.ts
 var import_viem14 = require("viem");
+var PERSONAL_SERVER_REGISTRATION_DEFAULT_CHAIN_ID = 1480;
+var PERSONAL_SERVER_REGISTRATION_DEFAULT_VERIFYING_CONTRACT = "0x1483B1F634DBA75AeaE60da7f01A679aabd5ee2c";
+function assertAddress(value, name) {
+  if (!(0, import_viem14.isAddress)(value)) {
+    throw new Error(`${name} must be a valid EVM address`);
+  }
+}
+function getAccountAddress(account) {
+  if (!account) {
+    return void 0;
+  }
+  return typeof account === "string" ? account : account.address;
+}
+function isPersonalServerRegistrationSigner(source) {
+  return "address" in source && typeof source.signTypedData === "function";
+}
+function createViemPersonalServerRegistrationSigner(source, options = {}) {
+  if (isPersonalServerRegistrationSigner(source)) {
+    return source;
+  }
+  const accountAddress = getAccountAddress(options.account) ?? getAccountAddress(source.account);
+  if (accountAddress) {
+    return {
+      address: accountAddress,
+      signTypedData: (typedData) => source.signTypedData({
+        ...typedData,
+        account: options.account ?? source.account ?? accountAddress
+      })
+    };
+  }
+  throw new Error(
+    "Viem wallet client requires an account option or account property"
+  );
+}
+function personalServerRegistrationDomain(input = {}) {
+  if (input.config) {
+    return serverRegistrationDomain(input.config);
+  }
+  const verifyingContract = input.verifyingContract ?? PERSONAL_SERVER_REGISTRATION_DEFAULT_VERIFYING_CONTRACT;
+  assertAddress(verifyingContract, "verifyingContract");
+  return {
+    name: "Vana Data Portability",
+    version: "1",
+    chainId: input.chainId ?? PERSONAL_SERVER_REGISTRATION_DEFAULT_CHAIN_ID,
+    verifyingContract
+  };
+}
+function buildPersonalServerRegistrationTypedData(input) {
+  assertAddress(input.ownerAddress, "ownerAddress");
+  assertAddress(input.serverAddress, "serverAddress");
+  return {
+    domain: personalServerRegistrationDomain(input),
+    types: SERVER_REGISTRATION_TYPES,
+    primaryType: "ServerRegistration",
+    message: {
+      ownerAddress: input.ownerAddress,
+      serverAddress: input.serverAddress,
+      publicKey: input.serverPublicKey,
+      serverUrl: input.serverUrl
+    }
+  };
+}
+async function buildPersonalServerRegistrationSignature(input) {
+  const typedData = buildPersonalServerRegistrationTypedData({
+    ownerAddress: input.signer.address,
+    serverAddress: input.serverAddress,
+    serverPublicKey: input.serverPublicKey,
+    serverUrl: input.serverUrl,
+    config: input.config,
+    chainId: input.chainId,
+    verifyingContract: input.verifyingContract
+  });
+  const signature = await input.signer.signTypedData(typedData);
+  return {
+    signature,
+    signerAddress: input.signer.address,
+    typedData
+  };
+}
+var registerPersonalServerSignature = buildPersonalServerRegistrationSignature;
+
+// src/protocol/personal-server-lite-owner-binding.ts
+var import_viem15 = require("viem");
+var PERSONAL_SERVER_LITE_OWNER_BINDING_VERSION = "vana.account.v1";
+var PERSONAL_SERVER_LITE_OWNER_BINDING_PURPOSE = "ps-lite-owner";
+var PERSONAL_SERVER_LITE_OWNER_BINDING_PREFIX = `${PERSONAL_SERVER_LITE_OWNER_BINDING_VERSION}:${PERSONAL_SERVER_LITE_OWNER_BINDING_PURPOSE}:`;
+function assertAddress2(value, name) {
+  if (!(0, import_viem15.isAddress)(value)) {
+    throw new Error(`${name} must be a valid EVM address`);
+  }
+}
+function getAccountAddress2(account) {
+  if (!account) {
+    return void 0;
+  }
+  return typeof account === "string" ? account : account.address;
+}
+function isPersonalServerLiteOwnerBindingSigner(source) {
+  return "address" in source && typeof source.signMessage === "function";
+}
+function buildPersonalServerLiteOwnerBindingMessage(ownerAddress) {
+  assertAddress2(ownerAddress, "ownerAddress");
+  return `${PERSONAL_SERVER_LITE_OWNER_BINDING_PREFIX}${ownerAddress.toLowerCase()}`;
+}
+function createViemPersonalServerLiteOwnerBindingSigner(source, options = {}) {
+  if (isPersonalServerLiteOwnerBindingSigner(source)) {
+    return source;
+  }
+  const accountAddress = getAccountAddress2(options.account) ?? getAccountAddress2(source.account);
+  if (accountAddress) {
+    return {
+      address: accountAddress,
+      signMessage: ({ message }) => source.signMessage({
+        account: options.account ?? source.account ?? accountAddress,
+        message
+      })
+    };
+  }
+  throw new Error(
+    "Viem wallet client requires an account option or account property"
+  );
+}
+async function buildPersonalServerLiteOwnerBindingSignature(input) {
+  const message = buildPersonalServerLiteOwnerBindingMessage(
+    input.signer.address
+  );
+  const signature = await input.signer.signMessage({ message });
+  return {
+    signature,
+    signerAddress: input.signer.address,
+    message,
+    purpose: PERSONAL_SERVER_LITE_OWNER_BINDING_PURPOSE
+  };
+}
+var signPersonalServerLiteOwnerBinding = buildPersonalServerLiteOwnerBindingSignature;
+
+// src/account/personal-server-registration.ts
+var import_viem16 = require("viem");
+var ACCOUNT_PERSONAL_SERVER_REGISTRATION_INTENT = "personal_server.server_registration.v1";
+var AccountPersonalServerRegistrationError = class extends Error {
+  status;
+  code;
+  details;
+  constructor(input) {
+    super(input.message);
+    this.name = "AccountPersonalServerRegistrationError";
+    this.status = input.status;
+    this.code = input.code;
+    this.details = input.details;
+  }
+};
+var DEFAULT_ACCOUNT_PS_REGISTRATION_PATH = "/api/v1/intents/personal-server-registration/sign";
+function trimTrailingSlash(value) {
+  return value.replace(/\/+$/, "");
+}
+function assertAddress3(value, name) {
+  if (!(0, import_viem16.isAddress)(value)) {
+    throw new Error(`${name} must be a valid EVM address`);
+  }
+}
+async function parseAccountResponse(response) {
+  const body = await response.json().catch(() => void 0);
+  if (!response.ok) {
+    throw new AccountPersonalServerRegistrationError({
+      status: response.status,
+      code: accountErrorCode(body),
+      message: accountErrorMessage(response.status, body),
+      details: body
+    });
+  }
+  return body;
+}
+function accountErrorMessage(status, body) {
+  const nestedMessage = nestedAccountErrorField(body, "message");
+  if (nestedMessage) {
+    return nestedMessage;
+  }
+  if (isRecord(body) && typeof body.message === "string") {
+    return body.message;
+  }
+  const code = accountErrorCode(body);
+  if (code) {
+    return `Account PS registration signing failed: ${code}`;
+  }
+  return `Account PS registration signing failed: ${status}`;
+}
+function accountErrorCode(body) {
+  const nestedCode = nestedAccountErrorField(body, "code");
+  if (nestedCode) {
+    return nestedCode;
+  }
+  if (isRecord(body)) {
+    if (typeof body.code === "string") {
+      return body.code;
+    }
+    if (typeof body.error === "string") {
+      return body.error;
+    }
+  }
+  return void 0;
+}
+function nestedAccountErrorField(body, field) {
+  if (!isRecord(body) || !isRecord(body.error)) {
+    return void 0;
+  }
+  const value = body.error[field];
+  return typeof value === "string" ? value : void 0;
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function normalizeAccountResponse(response) {
+  return {
+    ...response,
+    status: response.status === "fallback_required" ? "confirmation_required" : response.status,
+    signerAddress: response.signerAddress ?? response.signer?.address,
+    typedData: response.typedData ?? response.typed_data
+  };
+}
+function buildSignedResult(response, request) {
+  assertAddress3(response.signerAddress, "signerAddress");
+  if (response.typedData) {
+    assertTypedDataMatchesRequest(
+      response.typedData,
+      request,
+      response.signerAddress
+    );
+  }
+  return {
+    signature: response.signature,
+    signerAddress: response.signerAddress,
+    typedData: response.typedData ?? buildPersonalServerRegistrationTypedData({
+      ownerAddress: response.signerAddress,
+      ...request
+    }),
+    intent: ACCOUNT_PERSONAL_SERVER_REGISTRATION_INTENT
+  };
+}
+function assertTypedDataMatchesRequest(typedData, request, expectedSignerAddress) {
+  assertAddress3(
+    typedData.message.ownerAddress,
+    "typedData.message.ownerAddress"
+  );
+  assertAddress3(
+    typedData.message.serverAddress,
+    "typedData.message.serverAddress"
+  );
+  if (expectedSignerAddress && !sameAddress(typedData.message.ownerAddress, expectedSignerAddress)) {
+    throw new Error(
+      "Account typedData ownerAddress must match the expected signer address"
+    );
+  }
+  if (!sameAddress(typedData.message.serverAddress, request.serverAddress)) {
+    throw new Error(
+      "Account typedData serverAddress must match the requested serverAddress"
+    );
+  }
+  if (typedData.message.publicKey !== request.serverPublicKey) {
+    throw new Error(
+      "Account typedData publicKey must match the requested serverPublicKey"
+    );
+  }
+  if (typedData.message.serverUrl !== request.serverUrl) {
+    throw new Error(
+      "Account typedData serverUrl must match the requested serverUrl"
+    );
+  }
+  if (typedData.primaryType !== "ServerRegistration") {
+    throw new Error("Account typedData primaryType must be ServerRegistration");
+  }
+  if (JSON.stringify(typedData.types) !== JSON.stringify(SERVER_REGISTRATION_TYPES)) {
+    throw new Error("Account typedData types must be ServerRegistration types");
+  }
+  const expectedDomain = personalServerRegistrationDomain({
+    config: request.config,
+    chainId: request.chainId,
+    verifyingContract: request.verifyingContract
+  });
+  if (!domainsEqual(typedData.domain, expectedDomain)) {
+    throw new Error("Account typedData domain must match the requested domain");
+  }
+}
+function sameAddress(a, b) {
+  return a.toLowerCase() === b.toLowerCase();
+}
+function domainsEqual(a, b) {
+  if (!a || !b) {
+    return false;
+  }
+  return a.name === b.name && a.version === b.version && Number(a.chainId) === Number(b.chainId) && String(a.verifyingContract ?? "").toLowerCase() === String(b.verifyingContract ?? "").toLowerCase() && a.salt === b.salt;
+}
+async function signPersonalServerRegistrationWithAccount(config, request) {
+  assertAddress3(request.serverAddress, "serverAddress");
+  const fetchImpl = config.fetchImpl ?? globalThis.fetch.bind(globalThis);
+  const endpoint = new URL(
+    config.endpointPath ?? DEFAULT_ACCOUNT_PS_REGISTRATION_PATH,
+    `${trimTrailingSlash(config.accountOrigin)}/`
+  );
+  const response = await fetchImpl(endpoint, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    credentials: "include",
+    body: JSON.stringify({
+      intent: ACCOUNT_PERSONAL_SERVER_REGISTRATION_INTENT,
+      serverAddress: request.serverAddress,
+      serverPublicKey: request.serverPublicKey,
+      serverUrl: request.serverUrl,
+      config: request.config,
+      chainId: request.chainId,
+      verifyingContract: request.verifyingContract
+    })
+  });
+  const body = normalizeAccountResponse(await parseAccountResponse(response));
+  if (body.status === "signed") {
+    if (!body.signature || !body.signerAddress) {
+      throw new Error(
+        "Account signed response must include signature and signerAddress"
+      );
+    }
+    return {
+      status: "signed",
+      result: buildSignedResult(
+        {
+          signature: body.signature,
+          signerAddress: body.signerAddress,
+          typedData: body.typedData
+        },
+        request
+      )
+    };
+  }
+  if (body.status === "confirmation_required") {
+    if (!body.typedData) {
+      throw new Error(
+        "Account confirmation_required response must include typedData"
+      );
+    }
+    assertTypedDataMatchesRequest(body.typedData, request, body.signerAddress);
+    if (!config.fallbackSigner) {
+      return {
+        status: "confirmation_required",
+        typedData: body.typedData,
+        signerAddress: body.signerAddress
+      };
+    }
+    assertTypedDataMatchesRequest(
+      body.typedData,
+      request,
+      config.fallbackSigner.address
+    );
+    const signature = await config.fallbackSigner.signTypedData(body.typedData);
+    return {
+      status: "fallback_signed",
+      accountStatus: "confirmation_required",
+      result: {
+        signature,
+        signerAddress: config.fallbackSigner.address,
+        typedData: body.typedData,
+        intent: ACCOUNT_PERSONAL_SERVER_REGISTRATION_INTENT
+      }
+    };
+  }
+  throw new Error(
+    `Unsupported Account PS registration signing status: ${String(body.status)}`
+  );
+}
+
+// src/account/personal-server-lite-owner-binding.ts
+var AccountPersonalServerLiteOwnerBindingError = class extends Error {
+  code;
+  details;
+  constructor(input) {
+    super(input.message);
+    this.name = "AccountPersonalServerLiteOwnerBindingError";
+    this.code = input.code;
+    this.details = input.details;
+  }
+};
+async function signPersonalServerLiteOwnerBindingWithAccountClient(config) {
+  let address;
+  try {
+    address = await config.client.getAddress();
+  } catch (error) {
+    throw accountOwnerBindingError(error);
+  }
+  if (!address) {
+    throw new AccountPersonalServerLiteOwnerBindingError({
+      message: "Account did not return a wallet address",
+      code: "account_address_required"
+    });
+  }
+  const message = buildPersonalServerLiteOwnerBindingMessage(address);
+  let signature;
+  try {
+    signature = await config.client.signMessage({ message });
+  } catch (error) {
+    throw accountOwnerBindingError(error);
+  }
+  return {
+    signature,
+    signerAddress: address,
+    message,
+    purpose: PERSONAL_SERVER_LITE_OWNER_BINDING_PURPOSE
+  };
+}
+function accountOwnerBindingError(error) {
+  if (error instanceof AccountPersonalServerLiteOwnerBindingError) {
+    return error;
+  }
+  const rpcError = error;
+  const code = rpcError?.code;
+  const message = typeof rpcError?.message === "string" && rpcError.message.length > 0 ? rpcError.message : "Account PS Lite owner-binding signature failed";
+  return new AccountPersonalServerLiteOwnerBindingError({
+    message,
+    code,
+    details: error
+  });
+}
+
+// src/protocol/grants.ts
+var import_viem17 = require("viem");
 function isHexString(value) {
   return typeof value === "string" && value.startsWith("0x");
 }
@@ -32560,7 +33223,7 @@ async function verifyGrantRegistration(input) {
   }
   let valid;
   try {
-    valid = await (0, import_viem14.verifyTypedData)({
+    valid = await (0, import_viem17.verifyTypedData)({
       address: input.grantorAddress,
       domain: grantRegistrationDomain(input.gatewayConfig),
       types: GRANT_REGISTRATION_TYPES,
@@ -32891,7 +33554,7 @@ var KNOWN_CODES = /* @__PURE__ */ new Set([
   "server_not_configured",
   "content_too_large"
 ]);
-function isRecord(value) {
+function isRecord2(value) {
   return value !== null && typeof value === "object" && !Array.isArray(value);
 }
 function normalizeCode(value) {
@@ -32902,10 +33565,10 @@ function normalizeCode(value) {
   return KNOWN_CODES.has(code) ? code : null;
 }
 function extractPSErrorBody(body) {
-  if (!isRecord(body)) {
+  if (!isRecord2(body)) {
     return null;
   }
-  const nested = isRecord(body.error) ? body.error : null;
+  const nested = isRecord2(body.error) ? body.error : null;
   const code = normalizeCode(
     nested?.errorCode ?? nested?.code ?? body.errorCode ?? body.code
   );
@@ -32930,6 +33593,9 @@ async function parsePSError(response) {
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  ACCOUNT_PERSONAL_SERVER_REGISTRATION_INTENT,
+  AccountPersonalServerLiteOwnerBindingError,
+  AccountPersonalServerRegistrationError,
   BUILDER_REGISTRATION_TYPES,
   BlockchainError,
   BrowserPlatformAdapter,
@@ -32956,6 +33622,12 @@ async function parsePSError(response) {
   NodeECIESProvider,
   NodePlatformAdapter,
   NonceError,
+  OAuthClient,
+  PERSONAL_SERVER_LITE_OWNER_BINDING_PREFIX,
+  PERSONAL_SERVER_LITE_OWNER_BINDING_PURPOSE,
+  PERSONAL_SERVER_LITE_OWNER_BINDING_VERSION,
+  PERSONAL_SERVER_REGISTRATION_DEFAULT_CHAIN_ID,
+  PERSONAL_SERVER_REGISTRATION_DEFAULT_VERIFYING_CONTRACT,
   PKCE_CHALLENGE_PATTERN,
   PKCE_VERIFIER_PATTERN,
   PSError,
@@ -32977,6 +33649,10 @@ async function parsePSError(response) {
   VanaError,
   VanaStorage,
   assertValidPkceVerifier,
+  buildPersonalServerLiteOwnerBindingMessage,
+  buildPersonalServerLiteOwnerBindingSignature,
+  buildPersonalServerRegistrationSignature,
+  buildPersonalServerRegistrationTypedData,
   buildWeb3SignedHeader,
   builderRegistrationDomain,
   chains,
@@ -32992,6 +33668,8 @@ async function parsePSError(response) {
   createPlatformAdapterFor,
   createPlatformAdapterSafe,
   createVanaStorageProvider,
+  createViemPersonalServerLiteOwnerBindingSigner,
+  createViemPersonalServerRegistrationSigner,
   decryptWithPassword,
   deriveMasterKey,
   deriveScopeKey,
@@ -33021,12 +33699,17 @@ async function parsePSError(response) {
   parsePSError,
   parseScope,
   parseWeb3SignedHeader,
+  personalServerRegistrationDomain,
   recoverServerOwner,
+  registerPersonalServerSignature,
   scopeCoveredByGrant,
   scopeMatchesPattern,
   scopeToPathSegments,
   serializeECIES,
   serverRegistrationDomain,
+  signPersonalServerLiteOwnerBinding,
+  signPersonalServerLiteOwnerBindingWithAccountClient,
+  signPersonalServerRegistrationWithAccount,
   vanaMainnet,
   verifyGrantRegistration,
   verifyPkceChallenge,