@smartagentkit/sdk 0.1.0

package/dist/index.mjs

@@ -0,0 +1,1312 @@
+// src/client.ts
+import {
+  createPublicClient,
+  createWalletClient,
+  http,
+  encodeFunctionData
+} from "viem";
+import {
+  privateKeyToAccount,
+  mnemonicToAccount,
+  generatePrivateKey
+} from "viem/accounts";
+import { toSafeSmartAccount } from "permissionless/accounts";
+import {
+  createSmartAccountClient
+} from "permissionless/clients";
+import { erc7579Actions } from "permissionless/actions/erc7579";
+import { getHookMultiPlexer } from "@rhinestone/module-sdk";
+
+// src/presets.ts
+import { parseEther } from "viem";
+
+// src/constants.ts
+var MODULE_TYPE_VALIDATOR = 1;
+var MODULE_TYPE_EXECUTOR = 2;
+var MODULE_TYPE_FALLBACK = 3;
+var MODULE_TYPE_HOOK = 4;
+var NATIVE_TOKEN = "0x0000000000000000000000000000000000000000";
+var ENTRYPOINT_V07 = "0x0000000071727De22E5E9d8BAf0edAc6f37da032";
+var SAFE_7579_MODULE = "0x7579EE8307284F293B1927136486880611F20002";
+var SAFE_7579_LAUNCHPAD = "0x7579011aB74c46090561ea277Ba79D510c6C00ff";
+var RHINESTONE_ATTESTER = "0x000000333034E9f539ce08819E12c1b8Cb29084d";
+var ATTESTERS_THRESHOLD = 1;
+var WINDOW_1_HOUR = 3600;
+var WINDOW_1_DAY = 86400;
+var WINDOW_1_WEEK = 604800;
+var SPENDING_LIMIT_HOOK_ABI = [
+  {
+    name: "setSpendingLimit",
+    type: "function",
+    inputs: [
+      { name: "token", type: "address" },
+      { name: "limit", type: "uint256" },
+      { name: "windowDuration", type: "uint48" }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    name: "removeSpendingLimit",
+    type: "function",
+    inputs: [{ name: "token", type: "address" }],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    name: "getRemainingAllowance",
+    type: "function",
+    inputs: [
+      { name: "account", type: "address" },
+      { name: "token", type: "address" }
+    ],
+    outputs: [{ name: "remaining", type: "uint256" }],
+    stateMutability: "view"
+  },
+  {
+    name: "configs",
+    type: "function",
+    inputs: [
+      { name: "account", type: "address" },
+      { name: "token", type: "address" }
+    ],
+    outputs: [
+      { name: "limit", type: "uint256" },
+      { name: "spent", type: "uint256" },
+      { name: "windowDuration", type: "uint48" },
+      { name: "windowStart", type: "uint48" }
+    ],
+    stateMutability: "view"
+  }
+];
+var ALLOWLIST_HOOK_ABI = [
+  {
+    name: "addPermission",
+    type: "function",
+    inputs: [
+      { name: "target", type: "address" },
+      { name: "selector", type: "bytes4" }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    name: "removePermission",
+    type: "function",
+    inputs: [
+      { name: "target", type: "address" },
+      { name: "selector", type: "bytes4" }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    name: "setMode",
+    type: "function",
+    inputs: [{ name: "mode", type: "uint8" }],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    name: "isTargetAllowed",
+    type: "function",
+    inputs: [
+      { name: "account", type: "address" },
+      { name: "target", type: "address" },
+      { name: "selector", type: "bytes4" }
+    ],
+    outputs: [{ name: "", type: "bool" }],
+    stateMutability: "view"
+  }
+];
+var EMERGENCY_PAUSE_HOOK_ABI = [
+  {
+    name: "pause",
+    type: "function",
+    inputs: [{ name: "account", type: "address" }],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    name: "unpause",
+    type: "function",
+    inputs: [{ name: "account", type: "address" }],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    name: "isPaused",
+    type: "function",
+    inputs: [{ name: "account", type: "address" }],
+    outputs: [{ name: "", type: "bool" }],
+    stateMutability: "view"
+  },
+  {
+    name: "setGuardian",
+    type: "function",
+    inputs: [{ name: "newGuardian", type: "address" }],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    name: "setAutoUnpauseTimeout",
+    type: "function",
+    inputs: [{ name: "timeout", type: "uint48" }],
+    outputs: [],
+    stateMutability: "nonpayable"
+  }
+];
+var HOOK_MULTIPLEXER_ADDRESS = "0xF6782ed057F95f334D04F0Af1Af4D14fb84DE549";
+var HOOK_TYPE_GLOBAL = 0;
+var MODULE_ONINSTALL_ABI = [
+  {
+    name: "onInstall",
+    type: "function",
+    inputs: [{ name: "data", type: "bytes" }],
+    outputs: [],
+    stateMutability: "nonpayable"
+  }
+];
+var SET_TRUSTED_FORWARDER_ABI = [
+  {
+    name: "setTrustedForwarder",
+    type: "function",
+    inputs: [{ name: "forwarder", type: "address" }],
+    outputs: [],
+    stateMutability: "nonpayable"
+  }
+];
+var HOOK_MULTIPLEXER_ABI = [
+  {
+    name: "addHook",
+    type: "function",
+    inputs: [
+      { name: "hook", type: "address" },
+      { name: "hookType", type: "uint8" }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    name: "removeHook",
+    type: "function",
+    inputs: [
+      { name: "hook", type: "address" },
+      { name: "hookType", type: "uint8" }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  }
+];
+var MODULE_ADDRESSES = {
+  // Will be populated after deployment
+};
+
+// src/presets.ts
+var PRESETS = {
+  /**
+   * DeFi Trader preset:
+   *   - Daily spending limit on ETH and stablecoins
+   *   - Allowlist of approved DEX contracts
+   *   - Emergency pause with owner as guardian
+   */
+  "defi-trader": (owner, params = {}) => [
+    {
+      type: "spending-limit",
+      limits: [
+        {
+          token: NATIVE_TOKEN,
+          limit: params.dailyEthLimit ?? parseEther("1"),
+          window: WINDOW_1_DAY
+        },
+        ...params.stablecoinLimits ?? []
+      ]
+    },
+    // Only include allowlist if specific DEXes are provided;
+    // an empty allowlist in "allow" mode would block all transactions.
+    ...params.allowedDexes?.length ? [
+      {
+        type: "allowlist",
+        mode: "allow",
+        targets: params.allowedDexes.map((addr) => ({
+          address: addr,
+          selector: "0x00000000"
+        }))
+      }
+    ] : [],
+    {
+      type: "emergency-pause",
+      guardian: params.guardian ?? owner,
+      autoUnpauseAfter: WINDOW_1_DAY
+    }
+  ],
+  /**
+   * Treasury Agent preset:
+   *   - Lower spending limits with longer windows
+   *   - Emergency pause (manual only)
+   */
+  "treasury-agent": (owner, params = {}) => [
+    {
+      type: "spending-limit",
+      limits: [
+        {
+          token: NATIVE_TOKEN,
+          limit: params.weeklyEthLimit ?? parseEther("5"),
+          window: WINDOW_1_WEEK
+        }
+      ]
+    },
+    {
+      type: "emergency-pause",
+      guardian: params.guardian ?? owner,
+      autoUnpauseAfter: 0
+    }
+  ],
+  /**
+   * Payment Agent preset:
+   *   - Strict spending limits
+   *   - Allowlist of approved recipients only
+   *   - Emergency pause
+   */
+  "payment-agent": (owner, params = {}) => [
+    {
+      type: "spending-limit",
+      limits: [
+        {
+          token: NATIVE_TOKEN,
+          limit: params.dailyLimit ?? parseEther("0.1"),
+          window: WINDOW_1_DAY
+        }
+      ]
+    },
+    // Only include allowlist if specific recipients are provided;
+    // an empty allowlist in "allow" mode would block all transactions.
+    ...params.approvedRecipients?.length ? [
+      {
+        type: "allowlist",
+        mode: "allow",
+        targets: params.approvedRecipients.map(
+          (addr) => ({
+            address: addr
+          })
+        )
+      }
+    ] : [],
+    {
+      type: "emergency-pause",
+      guardian: params.guardian ?? owner,
+      autoUnpauseAfter: 3600
+    }
+  ],
+  /**
+   * Minimal preset:
+   *   - Just emergency pause
+   *   - For agents that need maximum flexibility with a kill switch
+   */
+  minimal: (owner, params = {}) => [
+    {
+      type: "emergency-pause",
+      guardian: params.guardian ?? owner,
+      autoUnpauseAfter: 0
+    }
+  ]
+};
+
+// src/policies.ts
+import { encodeAbiParameters, parseAbiParameters } from "viem";
+
+// src/errors.ts
+var SmartAgentKitError = class extends Error {
+  constructor(message, options) {
+    super(message, options);
+    this.name = "SmartAgentKitError";
+  }
+};
+var WalletCreationError = class extends SmartAgentKitError {
+  constructor(message, cause) {
+    super(`Wallet creation failed: ${message}`, { cause });
+    this.name = "WalletCreationError";
+  }
+};
+var PolicyConfigError = class extends SmartAgentKitError {
+  constructor(message, cause) {
+    super(`Invalid policy configuration: ${message}`, { cause });
+    this.name = "PolicyConfigError";
+  }
+};
+var ExecutionError = class extends SmartAgentKitError {
+  constructor(message, cause) {
+    super(`Transaction execution failed: ${message}`, { cause });
+    this.name = "ExecutionError";
+  }
+};
+var SpendingLimitExceededError = class extends SmartAgentKitError {
+  constructor(token, attempted, remaining) {
+    super(
+      `Spending limit exceeded for ${token}: attempted ${attempted}, remaining ${remaining}`
+    );
+    this.token = token;
+    this.attempted = attempted;
+    this.remaining = remaining;
+    this.name = "SpendingLimitExceededError";
+  }
+};
+var WalletPausedError = class extends SmartAgentKitError {
+  constructor(walletAddress) {
+    super(`Wallet ${walletAddress} is currently paused`);
+    this.walletAddress = walletAddress;
+    this.name = "WalletPausedError";
+  }
+};
+var SessionError = class extends SmartAgentKitError {
+  constructor(message, cause) {
+    super(`Session error: ${message}`, { cause });
+    this.name = "SessionError";
+  }
+};
+
+// src/policies.ts
+function encodePolicyInitData(policy, moduleAddresses, trustedForwarder = "0x0000000000000000000000000000000000000000") {
+  const zeroAddress = "0x0000000000000000000000000000000000000000";
+  switch (policy.type) {
+    case "spending-limit":
+      return {
+        moduleAddress: moduleAddresses?.spendingLimitHook ?? zeroAddress,
+        moduleType: MODULE_TYPE_HOOK,
+        initData: encodeSpendingLimitInitData(policy, trustedForwarder)
+      };
+    case "allowlist":
+      return {
+        moduleAddress: moduleAddresses?.allowlistHook ?? zeroAddress,
+        moduleType: MODULE_TYPE_HOOK,
+        initData: encodeAllowlistInitData(policy, trustedForwarder)
+      };
+    case "emergency-pause":
+      return {
+        moduleAddress: moduleAddresses?.emergencyPauseHook ?? zeroAddress,
+        moduleType: MODULE_TYPE_HOOK,
+        initData: encodeEmergencyPauseInitData(policy, trustedForwarder)
+      };
+    case "automation":
+      throw new PolicyConfigError(
+        "AutomationExecutor encoding is not yet implemented (Sprint 2)"
+      );
+    default: {
+      const _exhaustive = policy;
+      throw new PolicyConfigError(
+        `Unknown policy type: ${_exhaustive.type}`
+      );
+    }
+  }
+}
+function encodeSpendingLimitInitData(policy, trustedForwarder = "0x0000000000000000000000000000000000000000") {
+  if (policy.limits.length === 0) {
+    throw new PolicyConfigError("SpendingLimitPolicy must have at least one token limit");
+  }
+  const seenTokens = /* @__PURE__ */ new Set();
+  for (const limit of policy.limits) {
+    const tokenKey = limit.token.toLowerCase();
+    if (seenTokens.has(tokenKey)) {
+      throw new PolicyConfigError(
+        `Duplicate token address in limits: ${limit.token}. Only one limit per token is supported.`
+      );
+    }
+    seenTokens.add(tokenKey);
+    if (limit.limit <= 0n) {
+      throw new PolicyConfigError("Token limit must be greater than zero");
+    }
+    if (limit.window < 60) {
+      throw new PolicyConfigError("Window duration must be at least 60 seconds");
+    }
+  }
+  return encodeAbiParameters(
+    parseAbiParameters(
+      "address trustedForwarder, (address token, uint256 limit, uint48 windowDuration)[]"
+    ),
+    [
+      trustedForwarder,
+      policy.limits.map((l) => ({
+        token: l.token,
+        limit: l.limit,
+        windowDuration: l.window
+      }))
+    ]
+  );
+}
+function encodeAllowlistInitData(policy, trustedForwarder = "0x0000000000000000000000000000000000000000") {
+  if (policy.mode === "allow" && policy.targets.length === 0) {
+    throw new PolicyConfigError(
+      "AllowlistPolicy in 'allow' mode must have at least one target. An empty allowlist would block all transactions."
+    );
+  }
+  const mode = policy.mode === "allow" ? 0 : 1;
+  const wildcardSelector = "0x431e2cf5";
+  const protectedAddresses = policy.protectedAddresses ?? [];
+  if (protectedAddresses.length > 20) {
+    throw new PolicyConfigError(
+      "AllowlistPolicy protectedAddresses cannot exceed 20 entries (on-chain MAX_PROTECTED_ADDRESSES limit)"
+    );
+  }
+  return encodeAbiParameters(
+    parseAbiParameters(
+      "address trustedForwarder, uint8 mode, (address target, bytes4 selector)[], address[] protectedAddresses"
+    ),
+    [
+      trustedForwarder,
+      mode,
+      policy.targets.map((t) => ({
+        target: t.address,
+        selector: t.selector ?? wildcardSelector
+      })),
+      protectedAddresses
+    ]
+  );
+}
+function encodeEmergencyPauseInitData(policy, trustedForwarder = "0x0000000000000000000000000000000000000000") {
+  if (policy.guardian === "0x0000000000000000000000000000000000000000") {
+    throw new PolicyConfigError("Guardian address cannot be the zero address");
+  }
+  return encodeAbiParameters(
+    parseAbiParameters("address trustedForwarder, address guardian, uint48 autoUnpauseAfter"),
+    [trustedForwarder, policy.guardian, policy.autoUnpauseAfter ?? 0]
+  );
+}
+
+// src/deployments/base-sepolia.json
+var base_sepolia_default = {
+  chainId: 84532,
+  entryPoint: "0x0000000071727De22E5E9d8BAf0edAc6f37da032",
+  safe7579Module: "0x7579EE8307284F293B1927136486880611F20002",
+  safe7579Launchpad: "0x7579011aB74c46090561ea277Ba79D510c6C00ff",
+  rhinestoneAttester: "0x000000333034E9f539ce08819E12c1b8Cb29084d",
+  hookMultiPlexer: "0xF6782ed057F95f334D04F0Af1Af4D14fb84DE549",
+  spendingLimitHook: "0x0ea97ef2fc52700d1628110a8f411fefb0c0aa8b",
+  allowlistHook: "0x61a2100072d03f66de6f7dd0dfc2f7aa5c91e777",
+  emergencyPauseHook: "0xb8fdc9ee56cfb4077e132eff631b546fe6e79fec",
+  automationExecutor: "0x729c29b35c396b907ed118f00fbe4d4bcc3a7f46",
+  moduleSetupHelper: "0x4f1555baf4b3221c373094d47419596118828e41"
+};
+
+// src/deployments/sepolia.json
+var sepolia_default = {
+  chainId: 11155111,
+  entryPoint: "0x0000000071727De22E5E9d8BAf0edAc6f37da032",
+  safe7579Module: "0x7579EE8307284F293B1927136486880611F20002",
+  safe7579Launchpad: "0x7579011aB74c46090561ea277Ba79D510c6C00ff",
+  rhinestoneAttester: "0x000000333034E9f539ce08819E12c1b8Cb29084d",
+  hookMultiPlexer: "",
+  spendingLimitHook: "",
+  allowlistHook: "",
+  emergencyPauseHook: "",
+  automationExecutor: "",
+  moduleSetupHelper: ""
+};
+
+// src/deployments.ts
+var DEPLOYMENTS = {};
+function loadDeployment(json) {
+  if (json.spendingLimitHook && json.spendingLimitHook !== "") {
+    DEPLOYMENTS[json.chainId] = {
+      spendingLimitHook: json.spendingLimitHook,
+      allowlistHook: json.allowlistHook,
+      emergencyPauseHook: json.emergencyPauseHook,
+      automationExecutor: json.automationExecutor || void 0
+    };
+  }
+}
+loadDeployment(base_sepolia_default);
+loadDeployment(sepolia_default);
+
+// src/sessions.ts
+import {
+  encodeAbiParameters as encodeAbiParameters2,
+  parseAbiParameters as parseAbiParameters2,
+  keccak256,
+  concat,
+  toHex
+} from "viem";
+import {
+  getSmartSessionsValidator,
+  getPermissionId,
+  getEnableSessionDetails,
+  getRemoveSessionAction,
+  encodeSmartSessionSignature,
+  getTimeFramePolicy,
+  getSpendingLimitsPolicy,
+  SmartSessionMode
+} from "@rhinestone/module-sdk";
+import { SmartSessionMode as SmartSessionMode2 } from "@rhinestone/module-sdk";
+var SMART_SESSIONS_ADDRESS = "0x00000000002B0eCfbD0496EE71e01257dA0E37DE";
+var OWNABLE_VALIDATOR_ADDRESS = "0x2483DA3A338895199E5e538530213157e931Bf06";
+function buildSession(sessionKeyAddress, params, chainId, sessionValidatorAddress) {
+  const validatorAddress = sessionValidatorAddress ?? OWNABLE_VALIDATOR_ADDRESS;
+  const now = Math.floor(Date.now() / 1e3);
+  const sessionValidatorInitData = encodeAbiParameters2(
+    parseAbiParameters2("address"),
+    [sessionKeyAddress]
+  );
+  const userOpPolicies = [];
+  if (!params.expiresAt || params.expiresAt <= now) {
+    throw new SessionError("expiresAt must be in the future");
+  }
+  const timePolicy = getTimeFramePolicy({
+    validUntil: params.expiresAt,
+    validAfter: now
+  });
+  userOpPolicies.push({
+    policy: timePolicy.address,
+    initData: timePolicy.initData
+  });
+  if (params.spendingLimits && params.spendingLimits.length > 0) {
+    const spendingPolicy = getSpendingLimitsPolicy(
+      params.spendingLimits.map((l) => ({
+        token: l.token,
+        limit: l.limit
+      }))
+    );
+    userOpPolicies.push({
+      policy: spendingPolicy.address,
+      initData: spendingPolicy.initData
+    });
+  }
+  const actions = params.actions.map(
+    (action) => {
+      if (action.rules?.length) {
+        throw new SessionError(
+          "Per-action rules (SessionAction.rules) are not yet supported. Remove rules or wait for a future release."
+        );
+      }
+      return {
+        actionTarget: action.target,
+        actionTargetSelector: action.selector,
+        actionPolicies: []
+      };
+    }
+  );
+  if (actions.length === 0) {
+    throw new SessionError("Session must have at least one allowed action");
+  }
+  const randomBuf = new Uint8Array(32);
+  crypto.getRandomValues(randomBuf);
+  const salt = keccak256(
+    concat([sessionKeyAddress, toHex(randomBuf)])
+  );
+  return {
+    sessionValidator: validatorAddress,
+    sessionValidatorInitData,
+    salt,
+    userOpPolicies,
+    erc7739Policies: {
+      allowedERC7739Content: [],
+      erc1271Policies: []
+    },
+    actions,
+    permitERC4337Paymaster: true,
+    chainId
+  };
+}
+function getSmartSessionsModule(sessions) {
+  return getSmartSessionsValidator({
+    sessions,
+    useRegistry: true
+  });
+}
+function computePermissionId(session) {
+  return getPermissionId({ session });
+}
+async function getEnableDetails(sessions, account, publicClients, enableValidatorAddress) {
+  return getEnableSessionDetails({
+    sessions,
+    account: {
+      address: account.address,
+      type: account.type,
+      deployedOnChains: []
+    },
+    clients: publicClients,
+    enableValidatorAddress
+  });
+}
+function encodeUseSessionSignature(permissionId, signature) {
+  return encodeSmartSessionSignature({
+    mode: SmartSessionMode.USE,
+    permissionId,
+    signature
+  });
+}
+function encodeEnableSessionSignature(permissionId, signature, enableSessionData) {
+  return encodeSmartSessionSignature({
+    mode: SmartSessionMode.ENABLE,
+    permissionId,
+    signature,
+    enableSessionData
+  });
+}
+function getRemoveAction(permissionId) {
+  const action = getRemoveSessionAction({ permissionId });
+  const to = typeof action.target === "string" ? action.target : action.to;
+  if (!to) throw new SessionError("getRemoveSessionAction returned no target address");
+  let value;
+  if (typeof action.value === "bigint") {
+    value = action.value;
+  } else if (action.value != null) {
+    value = BigInt(String(action.value));
+  } else {
+    value = 0n;
+  }
+  const data = (typeof action.data === "string" ? action.data : action.callData) ?? "0x";
+  return { to, value, data };
+}
+
+// src/client.ts
+function resolveAccount(key) {
+  if (typeof key === "string") {
+    return privateKeyToAccount(key);
+  }
+  return mnemonicToAccount(key.mnemonic, {
+    addressIndex: key.addressIndex ?? 0
+  });
+}
+var SmartAgentKitClient = class {
+  config;
+  publicClient;
+  walletClients;
+  sessions;
+  constructor(config) {
+    if (!config.moduleAddresses) {
+      const builtIn = DEPLOYMENTS[config.chain.id];
+      if (builtIn) {
+        config = { ...config, moduleAddresses: builtIn };
+      }
+    }
+    this.config = config;
+    this.publicClient = createPublicClient({
+      chain: config.chain,
+      transport: http(config.rpcUrl)
+    });
+    this.walletClients = /* @__PURE__ */ new Map();
+    this.sessions = /* @__PURE__ */ new Map();
+  }
+  // ─── Wallet Creation ──────────────────────────────────────────
+  /**
+   * Deploy a new policy-governed smart wallet for an AI agent.
+   *
+   * The wallet is a Safe smart account with ERC-7579 modules. A
+   * HookMultiPlexer is installed as the single hook, and sub-hooks
+   * (SpendingLimit, Allowlist, EmergencyPause) are routed through it.
+   *
+   * The deployment and policy initialization happen atomically in
+   * the first UserOperation.
+   */
+  async createWallet(params) {
+    try {
+      const policies = this.resolvePolicies(params);
+      const moduleAddresses = this.requireModuleAddresses(policies);
+      if (!params.ownerPrivateKey && !params.ownerMnemonic) {
+        throw new WalletCreationError(
+          "Provide either ownerPrivateKey or ownerMnemonic"
+        );
+      }
+      const ownerKey = params.ownerMnemonic ? { mnemonic: params.ownerMnemonic, addressIndex: params.addressIndex } : params.ownerPrivateKey;
+      const ownerAccount = resolveAccount(ownerKey);
+      if (ownerAccount.address.toLowerCase() !== params.owner.toLowerCase()) {
+        throw new WalletCreationError(
+          `Owner address mismatch: key derives ${ownerAccount.address} but params.owner is ${params.owner}`
+        );
+      }
+      const hookModule = getHookMultiPlexer({
+        globalHooks: [],
+        valueHooks: [],
+        delegatecallHooks: [],
+        sigHooks: [],
+        targetHooks: []
+      });
+      const safeAccount = await toSafeSmartAccount({
+        client: this.publicClient,
+        owners: [ownerAccount],
+        version: "1.4.1",
+        entryPoint: {
+          address: ENTRYPOINT_V07,
+          version: "0.7"
+        },
+        safe4337ModuleAddress: SAFE_7579_MODULE,
+        erc7579LaunchpadAddress: SAFE_7579_LAUNCHPAD,
+        hooks: [
+          {
+            address: hookModule.address,
+            context: hookModule.initData
+          }
+        ],
+        attesters: [RHINESTONE_ATTESTER],
+        attestersThreshold: ATTESTERS_THRESHOLD,
+        saltNonce: params.salt ?? 0n
+      });
+      const smartAccountClient = createSmartAccountClient({
+        account: safeAccount,
+        chain: this.config.chain,
+        bundlerTransport: http(this.config.bundlerUrl),
+        client: this.publicClient
+      }).extend(erc7579Actions());
+      this.walletClients.set(safeAccount.address, smartAccountClient);
+      if (policies.length > 0 && moduleAddresses) {
+        await this.initializePolicies(
+          smartAccountClient,
+          policies,
+          moduleAddresses,
+          hookModule.address
+        );
+      }
+      return {
+        address: safeAccount.address,
+        owner: params.owner,
+        chain: this.config.chain,
+        isDeployed: policies.length > 0,
+        // Deployed if first UserOp was sent
+        policies: this.mapPoliciesToInstalled(policies, moduleAddresses),
+        sessions: []
+      };
+    } catch (error) {
+      if (error instanceof WalletCreationError) throw error;
+      throw new WalletCreationError(
+        error instanceof Error ? error.message : String(error),
+        error
+      );
+    }
+  }
+  /**
+   * Reconnect to an existing wallet for executing transactions.
+   * Accepts a private key or mnemonic credential.
+   */
+  async connectWallet(walletAddress, ownerKey) {
+    const ownerAccount = resolveAccount(ownerKey);
+    const safeAccount = await toSafeSmartAccount({
+      client: this.publicClient,
+      owners: [ownerAccount],
+      version: "1.4.1",
+      entryPoint: {
+        address: ENTRYPOINT_V07,
+        version: "0.7"
+      },
+      safe4337ModuleAddress: SAFE_7579_MODULE,
+      erc7579LaunchpadAddress: SAFE_7579_LAUNCHPAD,
+      address: walletAddress,
+      attesters: [RHINESTONE_ATTESTER],
+      attestersThreshold: ATTESTERS_THRESHOLD
+    });
+    const smartAccountClient = createSmartAccountClient({
+      account: safeAccount,
+      chain: this.config.chain,
+      bundlerTransport: http(this.config.bundlerUrl),
+      client: this.publicClient
+    }).extend(erc7579Actions());
+    this.walletClients.set(walletAddress, smartAccountClient);
+  }
+  async predictAddress(_owner, _salt) {
+    throw new Error("Not yet implemented \u2014 Sprint 3");
+  }
+  // ─── Policy Management ────────────────────────────────────────
+  async addPolicy(_wallet, _policy, _ownerPrivateKey) {
+    throw new Error("Not yet implemented \u2014 Sprint 3");
+  }
+  async removePolicy(_wallet, _moduleAddress, _ownerPrivateKey) {
+    throw new Error("Not yet implemented \u2014 Sprint 3");
+  }
+  async getPolicies(_walletAddress) {
+    throw new Error("Not yet implemented \u2014 Sprint 3");
+  }
+  // ─── Session Key Management ───────────────────────────────────
+  /**
+   * Create a session key for an AI agent.
+   *
+   * Generates a new ECDSA key pair and enables it as a session key on
+   * the smart account via Smart Sessions. The session is scoped to
+   * specific target contracts, function selectors, and time window.
+   *
+   * @returns The session key address, private key, and permission ID.
+   */
+  async createSession(wallet, params, ownerKey) {
+    const client = this.getWalletClient(wallet.address);
+    try {
+      const sessionPrivateKey = generatePrivateKey();
+      const sessionAccount = privateKeyToAccount(sessionPrivateKey);
+      const chainId = BigInt(this.config.chain.id);
+      const session = buildSession(
+        sessionAccount.address,
+        params,
+        chainId
+      );
+      const permissionId = computePermissionId(session);
+      const smartSessionsModule = getSmartSessionsModule();
+      try {
+        const isInstalled = await client.isModuleInstalled({
+          type: "validator",
+          address: smartSessionsModule.address,
+          context: "0x"
+        });
+        if (!isInstalled) {
+          await client.installModule({
+            type: "validator",
+            address: smartSessionsModule.address,
+            context: smartSessionsModule.initData
+          });
+        }
+      } catch {
+        await client.installModule({
+          type: "validator",
+          address: smartSessionsModule.address,
+          context: smartSessionsModule.initData
+        });
+      }
+      const enableDetails = await getEnableDetails(
+        [session],
+        { address: wallet.address, type: "safe" },
+        [this.publicClient]
+      );
+      const ownerAccount = resolveAccount(ownerKey);
+      const ownerSignature = await ownerAccount.signMessage({
+        message: { raw: enableDetails.permissionEnableHash }
+      });
+      const enableSig = encodeEnableSessionSignature(
+        enableDetails.permissionId,
+        ownerSignature,
+        enableDetails.enableSessionData
+      );
+      const walletSessions = this.sessions.get(wallet.address) ?? [];
+      walletSessions.push({
+        permissionId,
+        sessionKeyAddress: sessionAccount.address,
+        sessionKeyPrivateKey: sessionPrivateKey,
+        expiresAt: params.expiresAt,
+        actions: params.actions.map((a) => ({
+          target: a.target,
+          selector: a.selector
+        }))
+      });
+      this.sessions.set(wallet.address, walletSessions);
+      return {
+        sessionKey: sessionAccount.address,
+        privateKey: sessionPrivateKey,
+        permissionId
+      };
+    } catch (error) {
+      if (error instanceof SessionError) throw error;
+      throw new SessionError(
+        error instanceof Error ? error.message : String(error)
+      );
+    }
+  }
+  /**
+   * Revoke a session key, permanently disabling it.
+   */
+  async revokeSession(wallet, permissionId, _ownerKey) {
+    const client = this.getWalletClient(wallet.address);
+    try {
+      const removeAction = getRemoveAction(permissionId);
+      await client.sendTransaction({
+        calls: [removeAction]
+      });
+      const walletSessions = this.sessions.get(wallet.address) ?? [];
+      this.sessions.set(
+        wallet.address,
+        walletSessions.filter((s) => s.permissionId !== permissionId)
+      );
+    } catch (error) {
+      throw new SessionError(
+        error instanceof Error ? error.message : String(error)
+      );
+    }
+  }
+  /**
+   * Get active sessions for a wallet.
+   */
+  getActiveSessions(walletAddress) {
+    const now = Math.floor(Date.now() / 1e3);
+    const walletSessions = this.sessions.get(walletAddress) ?? [];
+    return walletSessions.filter((s) => s.expiresAt > now).map((s) => ({
+      sessionKey: s.sessionKeyAddress,
+      actions: s.actions.map((a) => ({ target: a.target, selector: a.selector })),
+      expiresAt: s.expiresAt,
+      isActive: true
+    }));
+  }
+  // ─── Transaction Execution ────────────────────────────────────
+  /**
+   * Execute a single transaction from the agent wallet.
+   * The transaction is submitted as a UserOperation through the bundler.
+   * Hooks (spending limits, allowlist, pause) are enforced on-chain.
+   */
+  async execute(wallet, params) {
+    const client = this.getWalletClient(wallet.address);
+    try {
+      const hash = await client.sendTransaction({
+        calls: [
+          {
+            to: params.target,
+            value: params.value ?? 0n,
+            data: params.data ?? "0x"
+          }
+        ]
+      });
+      return hash;
+    } catch (error) {
+      throw new ExecutionError(
+        error instanceof Error ? error.message : String(error),
+        error
+      );
+    }
+  }
+  /**
+   * Execute a batch of transactions atomically from the agent wallet.
+   * All calls are encoded into a single UserOperation with batch mode.
+   */
+  async executeBatch(wallet, params) {
+    const client = this.getWalletClient(wallet.address);
+    try {
+      const calls = params.calls.map((call) => ({
+        to: call.target,
+        value: call.value ?? 0n,
+        data: call.data ?? "0x"
+      }));
+      const hash = await client.sendTransaction({
+        calls
+      });
+      return hash;
+    } catch (error) {
+      throw new ExecutionError(
+        error instanceof Error ? error.message : String(error),
+        error
+      );
+    }
+  }
+  // ─── Query Functions ──────────────────────────────────────────
+  /**
+   * Get the remaining spending allowance for a token on a wallet.
+   * Reads directly from the SpendingLimitHook contract.
+   */
+  async getRemainingAllowance(walletAddress, token) {
+    const moduleAddresses = this.config.moduleAddresses;
+    if (!moduleAddresses) {
+      throw new PolicyConfigError(
+        "moduleAddresses not configured \u2014 cannot query SpendingLimitHook"
+      );
+    }
+    const result = await this.publicClient.readContract({
+      address: moduleAddresses.spendingLimitHook,
+      abi: SPENDING_LIMIT_HOOK_ABI,
+      functionName: "getRemainingAllowance",
+      args: [walletAddress, token]
+    });
+    return result;
+  }
+  /**
+   * Check if a wallet is currently paused.
+   * Reads directly from the EmergencyPauseHook contract.
+   */
+  async isPaused(walletAddress) {
+    const moduleAddresses = this.config.moduleAddresses;
+    if (!moduleAddresses) {
+      throw new PolicyConfigError(
+        "moduleAddresses not configured \u2014 cannot query EmergencyPauseHook"
+      );
+    }
+    const result = await this.publicClient.readContract({
+      address: moduleAddresses.emergencyPauseHook,
+      abi: EMERGENCY_PAUSE_HOOK_ABI,
+      functionName: "isPaused",
+      args: [walletAddress]
+    });
+    return result;
+  }
+  /**
+   * Get the native ETH balance of a wallet.
+   */
+  async getBalances(walletAddress) {
+    const eth = await this.publicClient.getBalance({
+      address: walletAddress
+    });
+    return { eth, tokens: [] };
+  }
+  // ─── Pause / Unpause (Guardian Actions) ───────────────────────
+  /**
+   * Pause a wallet. Must be called by the configured guardian.
+   * This is NOT a UserOp — it's a direct call to the EmergencyPauseHook.
+   */
+  async pause(walletAddress, guardianKey) {
+    const moduleAddresses = this.config.moduleAddresses;
+    if (!moduleAddresses) {
+      throw new PolicyConfigError("moduleAddresses not configured");
+    }
+    const guardian = resolveAccount(guardianKey);
+    const { request } = await this.publicClient.simulateContract({
+      account: guardian,
+      address: moduleAddresses.emergencyPauseHook,
+      abi: EMERGENCY_PAUSE_HOOK_ABI,
+      functionName: "pause",
+      args: [walletAddress]
+    });
+    const guardianClient = createWalletClient({
+      account: guardian,
+      chain: this.config.chain,
+      transport: http(this.config.rpcUrl)
+    });
+    return guardianClient.writeContract(request);
+  }
+  /**
+   * Unpause a wallet. Must be called by the configured guardian.
+   */
+  async unpause(walletAddress, guardianKey) {
+    const moduleAddresses = this.config.moduleAddresses;
+    if (!moduleAddresses) {
+      throw new PolicyConfigError("moduleAddresses not configured");
+    }
+    const guardian = resolveAccount(guardianKey);
+    const { request } = await this.publicClient.simulateContract({
+      account: guardian,
+      address: moduleAddresses.emergencyPauseHook,
+      abi: EMERGENCY_PAUSE_HOOK_ABI,
+      functionName: "unpause",
+      args: [walletAddress]
+    });
+    const guardianClient = createWalletClient({
+      account: guardian,
+      chain: this.config.chain,
+      transport: http(this.config.rpcUrl)
+    });
+    return guardianClient.writeContract(request);
+  }
+  // ─── Private Helpers ──────────────────────────────────────────
+  resolvePolicies(params) {
+    if (params.preset) {
+      return PRESETS[params.preset](params.owner, params.presetParams);
+    }
+    return params.policies ?? [];
+  }
+  requireModuleAddresses(policies) {
+    if (policies.length === 0) return void 0;
+    const moduleAddresses = this.config.moduleAddresses;
+    if (!moduleAddresses) {
+      throw new WalletCreationError(
+        "moduleAddresses must be configured when policies are specified. Provide the deployed hook contract addresses in SmartAgentKitConfig."
+      );
+    }
+    for (const policy of policies) {
+      switch (policy.type) {
+        case "spending-limit":
+          if (!moduleAddresses.spendingLimitHook) {
+            throw new WalletCreationError(
+              "spendingLimitHook address required for spending-limit policy"
+            );
+          }
+          break;
+        case "allowlist":
+          if (!moduleAddresses.allowlistHook) {
+            throw new WalletCreationError(
+              "allowlistHook address required for allowlist policy"
+            );
+          }
+          break;
+        case "emergency-pause":
+          if (!moduleAddresses.emergencyPauseHook) {
+            throw new WalletCreationError(
+              "emergencyPauseHook address required for emergency-pause policy"
+            );
+          }
+          break;
+        case "automation":
+          throw new PolicyConfigError(
+            "automation policies are not yet supported"
+          );
+      }
+    }
+    return moduleAddresses;
+  }
+  /**
+   * Build and send the first UserOp that initializes all sub-hooks
+   * and adds them to the HookMultiPlexer.
+   *
+   * This batch includes for each sub-hook:
+   * 1. onInstall(initData) — initialize the sub-hook for this account
+   * 2. setTrustedForwarder(hookMultiPlexer) — so sub-hooks resolve the
+   *    correct account when called through the multiplexer
+   * 3. addHook(hookAddress, GLOBAL) on HookMultiPlexer — register the
+   *    sub-hook for all transactions
+   */
+  async initializePolicies(client, policies, moduleAddresses, hookMultiPlexerAddress) {
+    const calls = [];
+    for (const policy of policies) {
+      switch (policy.type) {
+        case "spending-limit": {
+          const hookAddress = moduleAddresses.spendingLimitHook;
+          const initData = encodeSpendingLimitInitData(policy);
+          this.pushSubHookInitCalls(
+            calls,
+            hookAddress,
+            initData,
+            hookMultiPlexerAddress
+          );
+          break;
+        }
+        case "allowlist": {
+          const hookAddress = moduleAddresses.allowlistHook;
+          const initData = encodeAllowlistInitData(policy);
+          this.pushSubHookInitCalls(
+            calls,
+            hookAddress,
+            initData,
+            hookMultiPlexerAddress
+          );
+          break;
+        }
+        case "emergency-pause": {
+          const hookAddress = moduleAddresses.emergencyPauseHook;
+          const initData = encodeEmergencyPauseInitData(policy);
+          this.pushSubHookInitCalls(
+            calls,
+            hookAddress,
+            initData,
+            hookMultiPlexerAddress
+          );
+          break;
+        }
+        case "automation":
+          break;
+      }
+    }
+    if (calls.length === 0) return;
+    await client.sendTransaction({
+      calls
+    });
+  }
+  /**
+   * Push the 3 calls needed to initialize a sub-hook:
+   * 1. onInstall(initData) on the sub-hook
+   * 2. setTrustedForwarder(multiplexer) on the sub-hook
+   * 3. addHook(hookAddr, GLOBAL) on the HookMultiPlexer
+   */
+  pushSubHookInitCalls(calls, hookAddress, initData, hookMultiPlexerAddress) {
+    calls.push({
+      to: hookAddress,
+      value: 0n,
+      data: encodeFunctionData({
+        abi: MODULE_ONINSTALL_ABI,
+        functionName: "onInstall",
+        args: [initData]
+      })
+    });
+    calls.push({
+      to: hookAddress,
+      value: 0n,
+      data: encodeFunctionData({
+        abi: SET_TRUSTED_FORWARDER_ABI,
+        functionName: "setTrustedForwarder",
+        args: [hookMultiPlexerAddress]
+      })
+    });
+    calls.push({
+      to: hookMultiPlexerAddress,
+      value: 0n,
+      data: encodeFunctionData({
+        abi: HOOK_MULTIPLEXER_ABI,
+        functionName: "addHook",
+        args: [hookAddress, HOOK_TYPE_GLOBAL]
+      })
+    });
+  }
+  mapPoliciesToInstalled(policies, moduleAddresses) {
+    if (!moduleAddresses) return [];
+    return policies.map((policy) => {
+      switch (policy.type) {
+        case "spending-limit":
+          return {
+            moduleAddress: moduleAddresses.spendingLimitHook,
+            moduleType: 4,
+            name: "SpendingLimitHook",
+            config: policy
+          };
+        case "allowlist":
+          return {
+            moduleAddress: moduleAddresses.allowlistHook,
+            moduleType: 4,
+            name: "AllowlistHook",
+            config: policy
+          };
+        case "emergency-pause":
+          return {
+            moduleAddress: moduleAddresses.emergencyPauseHook,
+            moduleType: 4,
+            name: "EmergencyPauseHook",
+            config: policy
+          };
+        case "automation":
+          return {
+            moduleAddress: moduleAddresses.automationExecutor ?? "0x0000000000000000000000000000000000000000",
+            moduleType: 2,
+            name: "AutomationExecutor",
+            config: policy
+          };
+        default: {
+          const _exhaustive = policy;
+          return {
+            moduleAddress: "0x0000000000000000000000000000000000000000",
+            moduleType: 0,
+            name: "Unknown",
+            config: _exhaustive
+          };
+        }
+      }
+    });
+  }
+  getWalletClient(walletAddress) {
+    const client = this.walletClients.get(walletAddress);
+    if (!client) {
+      throw new ExecutionError(
+        `No client found for wallet ${walletAddress}. Call createWallet() or connectWallet() first.`
+      );
+    }
+    return client;
+  }
+};
+export {
+  ALLOWLIST_HOOK_ABI,
+  DEPLOYMENTS,
+  EMERGENCY_PAUSE_HOOK_ABI,
+  ENTRYPOINT_V07,
+  ExecutionError,
+  HOOK_MULTIPLEXER_ABI,
+  HOOK_MULTIPLEXER_ADDRESS,
+  HOOK_TYPE_GLOBAL,
+  MODULE_ADDRESSES,
+  MODULE_TYPE_EXECUTOR,
+  MODULE_TYPE_FALLBACK,
+  MODULE_TYPE_HOOK,
+  MODULE_TYPE_VALIDATOR,
+  NATIVE_TOKEN,
+  OWNABLE_VALIDATOR_ADDRESS,
+  PRESETS,
+  PolicyConfigError,
+  RHINESTONE_ATTESTER,
+  SAFE_7579_LAUNCHPAD,
+  SAFE_7579_MODULE,
+  SMART_SESSIONS_ADDRESS,
+  SPENDING_LIMIT_HOOK_ABI,
+  SessionError,
+  SmartAgentKitClient,
+  SmartAgentKitError,
+  SmartSessionMode2 as SmartSessionMode,
+  SpendingLimitExceededError,
+  WINDOW_1_DAY,
+  WINDOW_1_HOUR,
+  WINDOW_1_WEEK,
+  WalletCreationError,
+  WalletPausedError,
+  buildSession,
+  computePermissionId,
+  encodeAllowlistInitData,
+  encodeEmergencyPauseInitData,
+  encodeEnableSessionSignature,
+  encodePolicyInitData,
+  encodeSpendingLimitInitData,
+  encodeUseSessionSignature,
+  getRemoveAction as getRemoveSessionAction,
+  getSmartSessionsModule
+};
+//# sourceMappingURL=index.mjs.map