@pafi-dev/issuer 0.7.5 → 0.7.7

package/dist/index.d.cts

@@ -1,4 +1,4 @@
-import { PafiSdkError, SdkErrorHttpStatus, PointTokenDomainConfig, PartialUserOperation, BurnRequest, PoolKey, UserOpTypedData, decodeBatchExecuteCalls, BROKER_HASHES, Eip7702AuthorizationJsonRpc, BuiltSponsorAuth, ENTRY_POINT_V08 } from '@pafi-dev/core';
+import { PafiSdkError, SdkErrorHttpStatus, PointTokenDomainConfig, PartialUserOperation, BurnRequest, PoolKey, UserOpTypedData, decodeBatchExecuteCalls, BROKER_HASHES, BuiltSponsorAuth, ENTRY_POINT_V08 } from '@pafi-dev/core';
 export { PAFI_SUBGRAPH_URL, PafiSdkError, SdkErrorHttpStatus, ValidationError } from '@pafi-dev/core';
 import { Address, Hex, PublicClient, WalletClient } from 'viem';
 
@@ -1481,6 +1481,25 @@ interface PendingUserOpEntry {
         preVerificationGas: string;
         userOpHash: Hex;
     };
+    /**
+     * EIP-7702 authorization tuple — present only on the `delegate`
+     * scenario where the UserOp anchors the EOA's one-time delegation
+     * to a 7702 implementation. Embedded into the eth_sendUserOperation
+     * payload at submit time so Pimlico bundler applies the bytecode
+     * atomically with the UserOp execution. Pre-computed at prepare
+     * time from the user's `signAuthorization` signature so submit
+     * doesn't need to re-derive it.
+     *
+     * v0.7.7 — added per delegate-flow refactor (mobile prepare/submit).
+     */
+    eip7702Auth?: {
+        chainId: string;
+        address: string;
+        nonce: string;
+        r: string;
+        s: string;
+        yParity: string;
+    };
 }
 /**
  * Storage backend for pending UserOps in the mobile prepare/submit pattern.
@@ -1969,55 +1988,30 @@ declare class PerpDepositHandler {
     handle(request: PerpDepositRequest): Promise<PerpDepositResponse>;
 }
 
-/**
- * Pure mechanics for the EIP-7702 delegation submit flow. Builds the
- * delegation-anchor UserOp via `buildDelegationUserOp` (self-call EOA
- * with empty calldata), attaches paymaster sponsorship, splits the
- * user's authorization signature into the JSON-RPC tuple, and relays
- * via the PAFI sponsor-relayer.
- *
- * The UserOp itself is a no-op — a self-call to the user's EOA with
- * `data: "0x"`. The work is in the `eip7702Auth` object: the bundler
- * picks it up, runs the EIP-7702 path, and installs the delegation on
- * the user's EOA atomically with the (no-op) UserOp.
- *
- * v0.7.1 — switched from `encodeBatchExecute([])` (which throws
- * "operations array must not be empty") to `buildDelegationUserOp`
- * (self-call pattern). See SDK_CORE_TRADING_AUDIT.md C1.
- *
- * Throws the same `BundlerNotConfiguredError` / `BundlerRejectedError`
- * as other relay paths so issuer controllers can use one error mapper.
- */
 interface HandleDelegateSubmitParams {
-    userAddress: Address;
-    chainId: number;
-    /** Account nonce read at `delegate/prepare` time and signed by the user. */
-    delegationNonce: bigint;
-    /** ERC-4337 account nonce. Caller fetches via EntryPoint.getNonce. */
-    aaNonce: bigint;
-    /** 65-byte secp256k1 signature over the EIP-7702 authorization hash. */
-    authSig: Hex | string;
-    /** EIP-1559 fees from `provider.estimateFeesPerGas()` (or RPC equivalent). */
-    fees: {
-        maxFeePerGas?: bigint;
-        maxPriorityFeePerGas?: bigint;
-    };
+    lockId: string;
+    /** Authenticated user EOA — must match the entry's `sender`. */
+    authenticatedAddress: Address;
+    /** User signature over the persisted userOpHash. */
+    userOpSig: Hex;
+    store: IPendingUserOpStore;
     pafiBackendClient?: PafiBackendClient | null;
-    onWarning?: (msg: string) => void;
-    /** Override gas limits for the empty-batch UserOp. */
-    gasLimits?: {
-        callGasLimit?: bigint;
-        verificationGasLimit?: bigint;
-        preVerificationGas?: bigint;
-    };
+    /** Defaults to `ENTRY_POINT_V08`. */
+    entryPoint?: string;
 }
 interface HandleDelegateSubmitResult {
     userOpHash: Hex;
-    /** True when paymaster sponsorship was applied (gas is free). */
-    isSponsored: boolean;
-    /** The authorization tuple actually sent to the bundler. */
-    authorization: Eip7702AuthorizationJsonRpc;
 }
+/**
+ * Retrieve the persisted delegate UserOp, embed the user's signature,
+ * and submit to the bundler with the cached `eip7702Auth` field.
+ *
+ * Throws:
+ *   - `PendingUserOpNotFoundError` — entry expired or already submitted (404)
+ *   - `PendingUserOpForbiddenError` — sender mismatch (403)
+ *   - `BundlerNotConfiguredError` — `pafiBackendClient` missing (503)
+ *   - `BundlerRejectedError` — bundler rejected the UserOp (422)
+ */
 declare function handleDelegateSubmit(params: HandleDelegateSubmitParams): Promise<HandleDelegateSubmitResult>;
 
 /**
@@ -2312,7 +2306,24 @@ interface DelegateStatusDto {
     batchExecutorAddress: Address;
 }
 interface DelegatePrepareDto {
-    authorizationHash: Hex;
+    /**
+     * v0.7.7 — refactored to mobile prepare/submit pattern. Mobile signs
+     * the EIP-7702 authorization LOCALLY (Privy `signAuthorization`),
+     * then signs `userOpHash` (or `typedData`) BEFORE submit. See
+     * `handleDelegatePrepare` for rationale.
+     *
+     * Pre-v0.7.7 callers expected `{ authorizationHash, delegationNonce,
+     * batchExecutorAddress, chainId }` — `delegationNonce` +
+     * `batchExecutorAddress` retained for back-compat so mobile can
+     * compute the authorization hash if needed; `authorizationHash`
+     * removed (mobile's Privy hook computes it locally).
+     */
+    lockId: string;
+    userOpHash: Hex;
+    typedData: SerializedUserOpTypedData;
+    expiresInSeconds: number;
+    isSponsored: boolean;
+    /** Echoed for mobile to recompute the authorization hash if desired. */
     delegationNonce: string;
     batchExecutorAddress: Address;
     chainId: number;
@@ -2379,13 +2390,32 @@ declare class IssuerApiAdapter {
     claimStatus(authenticatedAddress: Address, lockId: string): Promise<MintStatusResponse>;
     redeemStatus(authenticatedAddress: Address, lockId: string): Promise<BurnStatusResponse>;
     delegateStatus(authenticatedAddress: Address, chainId: number): Promise<DelegateStatusDto>;
-    delegatePrepare(authenticatedAddress: Address, chainId: number): Promise<DelegatePrepareDto>;
-    delegateSubmit(input: {
-        authenticatedAddress: Address;
+    /**
+     * Build the delegation-anchor UserOp + obtain paymaster sponsorship
+     * + persist as a pending entry. Mobile must:
+     *
+     *   1. Sign EIP-7702 authorization LOCALLY (Privy `signAuthorization`
+     *      with `{contractAddress: batchExecutorAddress, chainId,
+     *      nonce: delegationNonce}`) → 65-byte authSig hex.
+     *   2. POST `/delegate/prepare` with `{ chainId, delegationNonce,
+     *      authSig }` → this method.
+     *   3. Sign returned `userOpHash` LOCALLY (`signTypedData(typedData)`).
+     *   4. POST `/delegate/submit` with `{ lockId, userOpSig }`.
+     *
+     * v0.7.7 — replaces single-shot delegateSubmit that tried to relay
+     * a UserOp with empty `signature: "0x"` (Simple7702Account's
+     * validateUserOp reverts `ECDSAInvalidSignatureLength` 0xfce698f7).
+     */
+    delegatePrepare(authenticatedAddress: Address, input: {
         chainId: number;
         delegationNonce: bigint;
-        aaNonce: bigint;
         authSig: Hex | string;
+        aaNonce: bigint;
+    }): Promise<DelegatePrepareDto>;
+    delegateSubmit(input: {
+        authenticatedAddress: Address;
+        lockId: string;
+        userOpSig: Hex;
     }): Promise<MobileSubmitDto>;
     /**
      * Build + sign a SponsorAuth payload. Returns `undefined` when no

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { PafiSdkError, SdkErrorHttpStatus, PointTokenDomainConfig, PartialUserOperation, BurnRequest, PoolKey, UserOpTypedData, decodeBatchExecuteCalls, BROKER_HASHES, Eip7702AuthorizationJsonRpc, BuiltSponsorAuth, ENTRY_POINT_V08 } from '@pafi-dev/core';
+import { PafiSdkError, SdkErrorHttpStatus, PointTokenDomainConfig, PartialUserOperation, BurnRequest, PoolKey, UserOpTypedData, decodeBatchExecuteCalls, BROKER_HASHES, BuiltSponsorAuth, ENTRY_POINT_V08 } from '@pafi-dev/core';
 export { PAFI_SUBGRAPH_URL, PafiSdkError, SdkErrorHttpStatus, ValidationError } from '@pafi-dev/core';
 import { Address, Hex, PublicClient, WalletClient } from 'viem';
 
@@ -1481,6 +1481,25 @@ interface PendingUserOpEntry {
         preVerificationGas: string;
         userOpHash: Hex;
     };
+    /**
+     * EIP-7702 authorization tuple — present only on the `delegate`
+     * scenario where the UserOp anchors the EOA's one-time delegation
+     * to a 7702 implementation. Embedded into the eth_sendUserOperation
+     * payload at submit time so Pimlico bundler applies the bytecode
+     * atomically with the UserOp execution. Pre-computed at prepare
+     * time from the user's `signAuthorization` signature so submit
+     * doesn't need to re-derive it.
+     *
+     * v0.7.7 — added per delegate-flow refactor (mobile prepare/submit).
+     */
+    eip7702Auth?: {
+        chainId: string;
+        address: string;
+        nonce: string;
+        r: string;
+        s: string;
+        yParity: string;
+    };
 }
 /**
  * Storage backend for pending UserOps in the mobile prepare/submit pattern.
@@ -1969,55 +1988,30 @@ declare class PerpDepositHandler {
     handle(request: PerpDepositRequest): Promise<PerpDepositResponse>;
 }
 
-/**
- * Pure mechanics for the EIP-7702 delegation submit flow. Builds the
- * delegation-anchor UserOp via `buildDelegationUserOp` (self-call EOA
- * with empty calldata), attaches paymaster sponsorship, splits the
- * user's authorization signature into the JSON-RPC tuple, and relays
- * via the PAFI sponsor-relayer.
- *
- * The UserOp itself is a no-op — a self-call to the user's EOA with
- * `data: "0x"`. The work is in the `eip7702Auth` object: the bundler
- * picks it up, runs the EIP-7702 path, and installs the delegation on
- * the user's EOA atomically with the (no-op) UserOp.
- *
- * v0.7.1 — switched from `encodeBatchExecute([])` (which throws
- * "operations array must not be empty") to `buildDelegationUserOp`
- * (self-call pattern). See SDK_CORE_TRADING_AUDIT.md C1.
- *
- * Throws the same `BundlerNotConfiguredError` / `BundlerRejectedError`
- * as other relay paths so issuer controllers can use one error mapper.
- */
 interface HandleDelegateSubmitParams {
-    userAddress: Address;
-    chainId: number;
-    /** Account nonce read at `delegate/prepare` time and signed by the user. */
-    delegationNonce: bigint;
-    /** ERC-4337 account nonce. Caller fetches via EntryPoint.getNonce. */
-    aaNonce: bigint;
-    /** 65-byte secp256k1 signature over the EIP-7702 authorization hash. */
-    authSig: Hex | string;
-    /** EIP-1559 fees from `provider.estimateFeesPerGas()` (or RPC equivalent). */
-    fees: {
-        maxFeePerGas?: bigint;
-        maxPriorityFeePerGas?: bigint;
-    };
+    lockId: string;
+    /** Authenticated user EOA — must match the entry's `sender`. */
+    authenticatedAddress: Address;
+    /** User signature over the persisted userOpHash. */
+    userOpSig: Hex;
+    store: IPendingUserOpStore;
     pafiBackendClient?: PafiBackendClient | null;
-    onWarning?: (msg: string) => void;
-    /** Override gas limits for the empty-batch UserOp. */
-    gasLimits?: {
-        callGasLimit?: bigint;
-        verificationGasLimit?: bigint;
-        preVerificationGas?: bigint;
-    };
+    /** Defaults to `ENTRY_POINT_V08`. */
+    entryPoint?: string;
 }
 interface HandleDelegateSubmitResult {
     userOpHash: Hex;
-    /** True when paymaster sponsorship was applied (gas is free). */
-    isSponsored: boolean;
-    /** The authorization tuple actually sent to the bundler. */
-    authorization: Eip7702AuthorizationJsonRpc;
 }
+/**
+ * Retrieve the persisted delegate UserOp, embed the user's signature,
+ * and submit to the bundler with the cached `eip7702Auth` field.
+ *
+ * Throws:
+ *   - `PendingUserOpNotFoundError` — entry expired or already submitted (404)
+ *   - `PendingUserOpForbiddenError` — sender mismatch (403)
+ *   - `BundlerNotConfiguredError` — `pafiBackendClient` missing (503)
+ *   - `BundlerRejectedError` — bundler rejected the UserOp (422)
+ */
 declare function handleDelegateSubmit(params: HandleDelegateSubmitParams): Promise<HandleDelegateSubmitResult>;
 
 /**
@@ -2312,7 +2306,24 @@ interface DelegateStatusDto {
     batchExecutorAddress: Address;
 }
 interface DelegatePrepareDto {
-    authorizationHash: Hex;
+    /**
+     * v0.7.7 — refactored to mobile prepare/submit pattern. Mobile signs
+     * the EIP-7702 authorization LOCALLY (Privy `signAuthorization`),
+     * then signs `userOpHash` (or `typedData`) BEFORE submit. See
+     * `handleDelegatePrepare` for rationale.
+     *
+     * Pre-v0.7.7 callers expected `{ authorizationHash, delegationNonce,
+     * batchExecutorAddress, chainId }` — `delegationNonce` +
+     * `batchExecutorAddress` retained for back-compat so mobile can
+     * compute the authorization hash if needed; `authorizationHash`
+     * removed (mobile's Privy hook computes it locally).
+     */
+    lockId: string;
+    userOpHash: Hex;
+    typedData: SerializedUserOpTypedData;
+    expiresInSeconds: number;
+    isSponsored: boolean;
+    /** Echoed for mobile to recompute the authorization hash if desired. */
     delegationNonce: string;
     batchExecutorAddress: Address;
     chainId: number;
@@ -2379,13 +2390,32 @@ declare class IssuerApiAdapter {
     claimStatus(authenticatedAddress: Address, lockId: string): Promise<MintStatusResponse>;
     redeemStatus(authenticatedAddress: Address, lockId: string): Promise<BurnStatusResponse>;
     delegateStatus(authenticatedAddress: Address, chainId: number): Promise<DelegateStatusDto>;
-    delegatePrepare(authenticatedAddress: Address, chainId: number): Promise<DelegatePrepareDto>;
-    delegateSubmit(input: {
-        authenticatedAddress: Address;
+    /**
+     * Build the delegation-anchor UserOp + obtain paymaster sponsorship
+     * + persist as a pending entry. Mobile must:
+     *
+     *   1. Sign EIP-7702 authorization LOCALLY (Privy `signAuthorization`
+     *      with `{contractAddress: batchExecutorAddress, chainId,
+     *      nonce: delegationNonce}`) → 65-byte authSig hex.
+     *   2. POST `/delegate/prepare` with `{ chainId, delegationNonce,
+     *      authSig }` → this method.
+     *   3. Sign returned `userOpHash` LOCALLY (`signTypedData(typedData)`).
+     *   4. POST `/delegate/submit` with `{ lockId, userOpSig }`.
+     *
+     * v0.7.7 — replaces single-shot delegateSubmit that tried to relay
+     * a UserOp with empty `signature: "0x"` (Simple7702Account's
+     * validateUserOp reverts `ECDSAInvalidSignatureLength` 0xfce698f7).
+     */
+    delegatePrepare(authenticatedAddress: Address, input: {
         chainId: number;
         delegationNonce: bigint;
-        aaNonce: bigint;
         authSig: Hex | string;
+        aaNonce: bigint;
+    }): Promise<DelegatePrepareDto>;
+    delegateSubmit(input: {
+        authenticatedAddress: Address;
+        lockId: string;
+        userOpSig: Hex;
     }): Promise<MobileSubmitDto>;
     /**
      * Build + sign a SponsorAuth payload. Returns `undefined` when no

package/dist/index.js

@@ -2283,15 +2283,18 @@ import {
   ENTRY_POINT_V08 as ENTRY_POINT_V082,
   buildDelegationUserOp,
   buildEip7702Authorization,
+  computeUserOpHash as computeUserOpHash2,
+  buildUserOpTypedData as buildUserOpTypedData2,
   getContractAddresses as getContractAddresses5,
   serializeUserOpToJsonRpc as serializeUserOpToJsonRpc2
 } from "@pafi-dev/core";
+import { getAddress as getAddress9 } from "viem";
 var DEFAULT_DELEGATE_GAS = {
   callGasLimit: 100000n,
   verificationGasLimit: 150000n,
   preVerificationGas: 50000n
 };
-async function handleDelegateSubmit(params) {
+async function handleDelegatePrepare(params) {
   const { batchExecutor } = getContractAddresses5(params.chainId);
   const partial = buildDelegationUserOp({
     userAddress: params.userAddress,
@@ -2328,39 +2331,76 @@ async function handleDelegateSubmit(params) {
     onWarning: params.onWarning
   });
   const merged = {
-    ...userOp,
-    ...paymasterFields ?? {}
+    sender: userOp.sender,
+    nonce: userOp.nonce,
+    callData: userOp.callData,
+    callGasLimit: paymasterFields?.callGasLimit ?? userOp.callGasLimit,
+    verificationGasLimit: paymasterFields?.verificationGasLimit ?? userOp.verificationGasLimit,
+    preVerificationGas: paymasterFields?.preVerificationGas ?? userOp.preVerificationGas,
+    maxFeePerGas: paymasterFields?.maxFeePerGas ?? userOp.maxFeePerGas,
+    maxPriorityFeePerGas: paymasterFields?.maxPriorityFeePerGas ?? userOp.maxPriorityFeePerGas,
+    paymaster: paymasterFields?.paymaster,
+    paymasterVerificationGasLimit: paymasterFields?.paymasterVerificationGasLimit,
+    paymasterPostOpGasLimit: paymasterFields?.paymasterPostOpGasLimit,
+    paymasterData: paymasterFields?.paymasterData
   };
-  const userOpJson = serializeUserOpToJsonRpc2(
+  const userOpHash = computeUserOpHash2(merged, params.chainId);
+  const typed = buildUserOpTypedData2(merged, params.chainId);
+  await params.store.save(
+    params.lockId,
     {
       sender: merged.sender,
-      nonce: merged.nonce,
+      nonce: merged.nonce.toString(10),
       callData: merged.callData,
-      callGasLimit: merged.callGasLimit,
-      verificationGasLimit: merged.verificationGasLimit,
-      preVerificationGas: merged.preVerificationGas,
-      maxFeePerGas: merged.maxFeePerGas,
-      maxPriorityFeePerGas: merged.maxPriorityFeePerGas,
-      paymaster: paymasterFields?.paymaster,
-      paymasterVerificationGasLimit: paymasterFields?.paymasterVerificationGasLimit,
-      paymasterPostOpGasLimit: paymasterFields?.paymasterPostOpGasLimit,
-      paymasterData: paymasterFields?.paymasterData
+      callGasLimit: merged.callGasLimit.toString(10),
+      verificationGasLimit: merged.verificationGasLimit.toString(10),
+      preVerificationGas: merged.preVerificationGas.toString(10),
+      maxFeePerGas: merged.maxFeePerGas.toString(10),
+      maxPriorityFeePerGas: merged.maxPriorityFeePerGas.toString(10),
+      ...merged.paymaster ? { paymaster: merged.paymaster } : {},
+      ...merged.paymasterVerificationGasLimit ? {
+        paymasterVerificationGasLimit: merged.paymasterVerificationGasLimit.toString(10)
+      } : {},
+      ...merged.paymasterPostOpGasLimit ? {
+        paymasterPostOpGasLimit: merged.paymasterPostOpGasLimit.toString(10)
+      } : {},
+      ...merged.paymasterData ? { paymasterData: merged.paymasterData } : {},
+      chainId: params.chainId,
+      userOpHash,
+      eip7702Auth: authorization
     },
-    // Delegation UserOp is submitted unsigned — the EIP-7702 authorization
-    // is the user's "consent"; no separate AA signature is needed.
-    "0x"
+    params.ttlSeconds
   );
+  return {
+    lockId: params.lockId,
+    userOpHash,
+    typedData: serializeUserOpTypedData(typed),
+    expiresInSeconds: params.ttlSeconds,
+    isSponsored: !!paymasterFields
+  };
+}
+async function handleDelegateSubmit(params) {
+  const entry = await params.store.get(params.lockId);
+  if (!entry) {
+    throw new PendingUserOpNotFoundError(params.lockId);
+  }
+  if (getAddress9(entry.sender) !== getAddress9(params.authenticatedAddress)) {
+    throw new PendingUserOpForbiddenError(params.lockId);
+  }
+  if (!entry.eip7702Auth) {
+    throw new Error(
+      `delegate entry ${params.lockId} missing eip7702Auth \u2014 prepare step did not run correctly`
+    );
+  }
+  const userOpJson = serializeEntryToJsonRpc(entry, params.userOpSig, "sponsored");
   const result = await relayUserOp({
     client: params.pafiBackendClient,
     userOp: userOpJson,
-    entryPoint: ENTRY_POINT_V082,
-    eip7702Auth: authorization
+    entryPoint: params.entryPoint ?? ENTRY_POINT_V082,
+    eip7702Auth: entry.eip7702Auth
   });
-  return {
-    userOpHash: result.userOpHash,
-    isSponsored: !!paymasterFields,
-    authorization
-  };
+  await params.store.delete(params.lockId);
+  return { userOpHash: result.userOpHash };
 }
 
 // src/api/errorMapper.ts
@@ -2389,10 +2429,10 @@ function createSdkErrorMapper(factories) {
 }
 
 // src/api/issuerApiAdapter.ts
-import { getAddress as getAddress9 } from "viem";
+import { randomUUID } from "crypto";
+import { getAddress as getAddress10 } from "viem";
 import {
   buildAndSignSponsorAuth,
-  computeAuthorizationHash,
   decodeBatchExecuteCalls as decodeBatchExecuteCalls3,
   encodeBatchExecute,
   ENTRY_POINT_V08 as ENTRY_POINT_V083,
@@ -2455,7 +2495,7 @@ var IssuerApiAdapter = class {
   async pools(authenticatedAddress, chainId, pointTokenAddress) {
     const result = await this.cfg.issuerService.api.handlePools(
       authenticatedAddress,
-      { chainId, pointTokenAddress: getAddress9(pointTokenAddress) }
+      { chainId, pointTokenAddress: getAddress10(pointTokenAddress) }
     );
     return { pools: result.pools };
   }
@@ -2464,8 +2504,8 @@ var IssuerApiAdapter = class {
       authenticatedAddress,
       {
         chainId,
-        userAddress: getAddress9(userAddress),
-        pointTokenAddress: getAddress9(pointTokenAddress)
+        userAddress: getAddress10(userAddress),
+        pointTokenAddress: getAddress10(pointTokenAddress)
       }
     );
     return {
@@ -2487,7 +2527,7 @@ var IssuerApiAdapter = class {
       "ptClaimHandler",
       "claim"
     );
-    const pointTokenAddress = getAddress9(input.pointTokenAddress);
+    const pointTokenAddress = getAddress10(input.pointTokenAddress);
     const result = await ptClaimHandler.handle({
       authenticatedAddress: input.authenticatedAddress,
       userAddress: input.authenticatedAddress,
@@ -2582,7 +2622,7 @@ var IssuerApiAdapter = class {
       "ptClaimHandler",
       "claimPrepare"
     );
-    const pointTokenAddress = getAddress9(input.pointTokenAddress);
+    const pointTokenAddress = getAddress10(input.pointTokenAddress);
     const claimResult = await ptClaimHandler.handle({
       authenticatedAddress: input.authenticatedAddress,
       userAddress: input.authenticatedAddress,
@@ -2628,7 +2668,7 @@ var IssuerApiAdapter = class {
   }
   async redeemPrepare(input) {
     this.assertRedeemHandler();
-    const pointTokenAddress = getAddress9(input.pointTokenAddress);
+    const pointTokenAddress = getAddress10(input.pointTokenAddress);
     const redeemResponse = await this.cfg.ptRedeemHandler.handle({
       userAddress: input.authenticatedAddress,
       authenticatedAddress: input.authenticatedAddress,
@@ -2701,37 +2741,59 @@ var IssuerApiAdapter = class {
       batchExecutorAddress: batchExecutor
     };
   }
-  async delegatePrepare(authenticatedAddress, chainId) {
-    const { batchExecutor } = getContractAddresses6(chainId);
-    const accountNonce = BigInt(
-      await this.cfg.provider.getTransactionCount({
-        address: authenticatedAddress
-      })
-    );
-    const authorizationHash = computeAuthorizationHash(
-      chainId,
-      batchExecutor,
-      accountNonce
-    );
-    return {
-      authorizationHash,
-      delegationNonce: accountNonce.toString(),
-      batchExecutorAddress: batchExecutor,
-      chainId
-    };
-  }
-  async delegateSubmit(input) {
+  /**
+   * Build the delegation-anchor UserOp + obtain paymaster sponsorship
+   * + persist as a pending entry. Mobile must:
+   *
+   *   1. Sign EIP-7702 authorization LOCALLY (Privy `signAuthorization`
+   *      with `{contractAddress: batchExecutorAddress, chainId,
+   *      nonce: delegationNonce}`) → 65-byte authSig hex.
+   *   2. POST `/delegate/prepare` with `{ chainId, delegationNonce,
+   *      authSig }` → this method.
+   *   3. Sign returned `userOpHash` LOCALLY (`signTypedData(typedData)`).
+   *   4. POST `/delegate/submit` with `{ lockId, userOpSig }`.
+   *
+   * v0.7.7 — replaces single-shot delegateSubmit that tried to relay
+   * a UserOp with empty `signature: "0x"` (Simple7702Account's
+   * validateUserOp reverts `ECDSAInvalidSignatureLength` 0xfce698f7).
+   */
+  async delegatePrepare(authenticatedAddress, input) {
+    const { batchExecutor } = getContractAddresses6(input.chainId);
     const fees = await this.cfg.provider.estimateFeesPerGas();
-    const result = await handleDelegateSubmit({
-      userAddress: input.authenticatedAddress,
+    const lockId = randomUUID();
+    const result = await handleDelegatePrepare({
+      userAddress: authenticatedAddress,
       chainId: input.chainId,
       delegationNonce: input.delegationNonce,
       aaNonce: input.aaNonce,
       authSig: input.authSig,
       fees,
+      lockId,
+      store: this.cfg.pendingUserOpStore,
+      ttlSeconds: 15 * 60,
+      // 15min — match claim/redeem mobile lock duration
       pafiBackendClient: this.cfg.pafiBackendClient,
       onWarning: this.cfg.onWarning
     });
+    return {
+      lockId: result.lockId,
+      userOpHash: result.userOpHash,
+      typedData: result.typedData,
+      expiresInSeconds: result.expiresInSeconds,
+      isSponsored: result.isSponsored,
+      delegationNonce: input.delegationNonce.toString(),
+      batchExecutorAddress: batchExecutor,
+      chainId: input.chainId
+    };
+  }
+  async delegateSubmit(input) {
+    const result = await handleDelegateSubmit({
+      lockId: input.lockId,
+      authenticatedAddress: input.authenticatedAddress,
+      userOpSig: input.userOpSig,
+      store: this.cfg.pendingUserOpStore,
+      pafiBackendClient: this.cfg.pafiBackendClient
+    });
     return { userOpHash: result.userOpHash };
   }
   // ------------------------------ Internal helpers -------------------------
@@ -3372,7 +3434,7 @@ var PafiBackendClient = class {
 };
 
 // src/config.ts
-import { getAddress as getAddress10 } from "viem";
+import { getAddress as getAddress11 } from "viem";
 import { getContractAddresses as getContractAddresses7 } from "@pafi-dev/core";
 function createIssuerService(config) {
   if (!config.provider) {
@@ -3393,7 +3455,7 @@ function createIssuerService(config) {
       "createIssuerService: at least one of pointTokenAddress / pointTokenAddresses is required"
     );
   }
-  const tokenAddresses = rawAddresses.map((a) => getAddress10(a));
+  const tokenAddresses = rawAddresses.map((a) => getAddress11(a));
   const ledger = config.ledger;
   const sessionStore = config.sessionStore ?? new MemorySessionStore();
   const policy = config.policy ?? new DefaultPolicyEngine({ ledger });
@@ -3482,7 +3544,7 @@ function createIssuerService(config) {
 }
 
 // src/issuer-state/validator.ts
-import { getAddress as getAddress11 } from "viem";
+import { getAddress as getAddress12 } from "viem";
 import {
   POINT_TOKEN_V2_ABI as POINT_TOKEN_V2_ABI3,
   issuerRegistryGetIssuerFlatAbi,
@@ -3513,7 +3575,7 @@ var IssuerStateValidator = class _IssuerStateValidator {
    */
   invalidate(pointToken) {
     if (pointToken) {
-      const key = getAddress11(pointToken);
+      const key = getAddress12(pointToken);
       this.pointTokenIssuerCache.delete(key);
       this.stateCache.delete(key);
       this.inflight.delete(key);
@@ -3528,7 +3590,7 @@ var IssuerStateValidator = class _IssuerStateValidator {
    * The issuer field is set at `initialize()` and never changes.
    */
   async getIssuerAddressForPointToken(pointToken) {
-    const key = getAddress11(pointToken);
+    const key = getAddress12(pointToken);
     const cached = this.pointTokenIssuerCache.get(key);
     if (cached) return cached;
     const issuer = await this.provider.readContract({
@@ -3536,15 +3598,15 @@ var IssuerStateValidator = class _IssuerStateValidator {
       abi: POINT_TOKEN_V2_ABI3,
       functionName: "issuer"
     });
-    this.pointTokenIssuerCache.set(key, getAddress11(issuer));
-    return getAddress11(issuer);
+    this.pointTokenIssuerCache.set(key, getAddress12(issuer));
+    return getAddress12(issuer);
   }
   /**
    * Read registry record + totalSupply, with 30s cache and in-flight
    * deduplication. Does NOT throw on inactive/missing — returns raw state.
    */
   async getIssuerState(pointToken) {
-    const tokenAddr = getAddress11(pointToken);
+    const tokenAddr = getAddress12(pointToken);
     const now = Date.now();
     const cached = this.stateCache.get(tokenAddr);
     if (cached && cached.expiresAt > now) return cached.value;
@@ -3642,7 +3704,7 @@ var IssuerStateValidator = class _IssuerStateValidator {
 };
 
 // src/index.ts
-var PAFI_ISSUER_SDK_VERSION = true ? "0.7.5" : "dev";
+var PAFI_ISSUER_SDK_VERSION = true ? "0.7.7" : "dev";
 export {
   AdapterMisconfiguredError,
   AuthError,