abstractionkit 0.3.4 → 0.3.5

package/dist/index.cjs

@@ -331,6 +331,61 @@ function createUserOperationHash(useroperation, entrypointAddress, chainId) {
 	return userOperationHash;
 }
 /**
+* @internal
+* Reconstruct the packed `initCode` field for an EntryPoint v0.8/v0.9
+* UserOperation. When `eip7702Auth.address` is set, the EIP-7702 delegatee
+* address replaces the factory address in initCode (only `factoryData` is
+* concatenated). Otherwise, behaves like v0.7 (`factory + factoryData`).
+*
+* Shared by {@link createPackedUserOperationV8} /
+* {@link createPackedUserOperationV9} and Simple7702Account's typed-data
+* builder. Not part of the public API; only `export`ed for cross-module
+* use within the package and not re-exported from `src/abstractionkit.ts`.
+*
+* @param useroperation - V8 or V9 UserOperation to read fields from
+* @returns Hex-encoded initCode
+*/
+function buildPackedInitCodeV8V9(useroperation) {
+	if (useroperation.factory == null) return "0x";
+	const eip7702Auth = useroperation.eip7702Auth;
+	return (eip7702Auth != null && eip7702Auth.address != null ? eip7702Auth.address : useroperation.factory) + (useroperation.factoryData != null ? useroperation.factoryData.slice(2) : "");
+}
+/**
+* @internal
+* Reconstruct the packed `paymasterAndData` field from a UserOperation's
+* separate paymaster fields. Returns `0x` when no paymaster is set.
+*
+* For EntryPoint v0.9, when `paymasterData` ends with the parallel-paymaster
+* signature magic suffix (`0x22e325a297439656`), the embedded signature is
+* stripped so the userOpHash does not commit to the paymaster's signature
+* over itself. Pass `stripV9PaymasterSig=false` to preserve the wire format.
+*
+* Shared by v7/v8/v9 packers and Simple7702Account's typed-data builder.
+* Not part of the public API; only `export`ed for cross-module use within
+* the package and not re-exported from `src/abstractionkit.ts`.
+*
+* @param useroperation - V7/V8/V9 UserOperation to read fields from
+* @param stripV9PaymasterSig - Whether to strip the v0.9 paymaster signature suffix
+* @returns Hex-encoded paymasterAndData
+*/
+function buildPaymasterAndData(useroperation, stripV9PaymasterSig = false) {
+	if (useroperation.paymaster == null) return "0x";
+	const abiCoder = ethers.AbiCoder.defaultAbiCoder();
+	let paymasterAndData = useroperation.paymaster;
+	if (useroperation.paymasterVerificationGasLimit != null) paymasterAndData += abiCoder.encode(["uint128"], [useroperation.paymasterVerificationGasLimit]).slice(34);
+	if (useroperation.paymasterPostOpGasLimit != null) paymasterAndData += abiCoder.encode(["uint128"], [useroperation.paymasterPostOpGasLimit]).slice(34);
+	if (useroperation.paymasterData != null) {
+		const PAYMASTER_SIG_MAGIC = "22e325a297439656";
+		if (stripV9PaymasterSig && useroperation.paymasterData.toLowerCase().endsWith(PAYMASTER_SIG_MAGIC)) {
+			const sigLenHex = useroperation.paymasterData.slice(useroperation.paymasterData.length - 16 - 4, useroperation.paymasterData.length - 16);
+			const sigLen = parseInt(sigLenHex, 16);
+			const prefixEnd = useroperation.paymasterData.length - 16 - 4 - sigLen * 2;
+			paymasterAndData += useroperation.paymasterData.slice(0, prefixEnd).replaceAll("0x", "") + PAYMASTER_SIG_MAGIC;
+		} else paymasterAndData += useroperation.paymasterData.slice(2);
+	}
+	return paymasterAndData;
+}
+/**
 * ABI-encode and pack a UserOperation for hashing (EntryPoint v0.6 format).
 * Bytes fields (initCode, callData, paymasterAndData) are keccak256-hashed before packing.
 *
@@ -379,13 +434,7 @@ function createPackedUserOperationV7(useroperation) {
 	}
 	const accountGasLimits = "0x" + abiCoder.encode(["uint128"], [useroperation.verificationGasLimit]).slice(34) + abiCoder.encode(["uint128"], [useroperation.callGasLimit]).slice(34);
 	const gasFees = "0x" + abiCoder.encode(["uint128"], [useroperation.maxPriorityFeePerGas]).slice(34) + abiCoder.encode(["uint128"], [useroperation.maxFeePerGas]).slice(34);
-	let paymasterAndData = "0x";
-	if (useroperation.paymaster != null) {
-		paymasterAndData = useroperation.paymaster;
-		if (useroperation.paymasterVerificationGasLimit != null) paymasterAndData += abiCoder.encode(["uint128"], [useroperation.paymasterVerificationGasLimit]).slice(34);
-		if (useroperation.paymasterPostOpGasLimit != null) paymasterAndData += abiCoder.encode(["uint128"], [useroperation.paymasterPostOpGasLimit]).slice(34);
-		if (useroperation.paymasterData != null) paymasterAndData += useroperation.paymasterData.slice(2);
-	}
+	const paymasterAndData = buildPaymasterAndData(useroperation);
 	const useroperationValuesArrayWithHashedByteValues = [
 		useroperation.sender,
 		useroperation.nonce,
@@ -433,30 +482,10 @@ function createPackedUserOperationV8(useroperation) {
 */
 function baseCreatePackedUserOperationV8V9(useroperation, is_v9) {
 	const abiCoder = ethers.AbiCoder.defaultAbiCoder();
-	let initCode = "0x";
-	if (useroperation.factory != null) {
-		const eip7702Auth = useroperation.eip7702Auth;
-		if (eip7702Auth != null && eip7702Auth.address != null) initCode = eip7702Auth.address;
-		else initCode = useroperation.factory;
-		if (useroperation.factoryData != null) initCode += useroperation.factoryData.slice(2);
-	}
+	const initCode = buildPackedInitCodeV8V9(useroperation);
 	const accountGasLimits = "0x" + abiCoder.encode(["uint128"], [useroperation.verificationGasLimit]).slice(34) + abiCoder.encode(["uint128"], [useroperation.callGasLimit]).slice(34);
 	const gasFees = "0x" + abiCoder.encode(["uint128"], [useroperation.maxPriorityFeePerGas]).slice(34) + abiCoder.encode(["uint128"], [useroperation.maxFeePerGas]).slice(34);
-	let paymasterAndData = "0x";
-	if (useroperation.paymaster != null) {
-		paymasterAndData = useroperation.paymaster;
-		if (useroperation.paymasterVerificationGasLimit != null) paymasterAndData += abiCoder.encode(["uint128"], [useroperation.paymasterVerificationGasLimit]).slice(34);
-		if (useroperation.paymasterPostOpGasLimit != null) paymasterAndData += abiCoder.encode(["uint128"], [useroperation.paymasterPostOpGasLimit]).slice(34);
-		if (useroperation.paymasterData != null) {
-			const PAYMASTER_SIG_MAGIC = "22e325a297439656";
-			if (is_v9 && useroperation.paymasterData.toLowerCase().endsWith(PAYMASTER_SIG_MAGIC)) {
-				const sigLenHex = useroperation.paymasterData.slice(useroperation.paymasterData.length - 16 - 4, useroperation.paymasterData.length - 16);
-				const sigLen = parseInt(sigLenHex, 16);
-				const prefixEnd = useroperation.paymasterData.length - 16 - 4 - sigLen * 2;
-				paymasterAndData += useroperation.paymasterData.slice(0, prefixEnd).replaceAll("0x", "") + PAYMASTER_SIG_MAGIC;
-			} else paymasterAndData += useroperation.paymasterData.slice(2);
-		}
-	}
+	const paymasterAndData = buildPaymasterAndData(useroperation, is_v9);
 	const useroperationValuesArrayWithHashedByteValues = [
 		"0x29a0bca4af4be3421398da00295e58e6d7de38cb492214754cb6a47507dd6f8e",
 		useroperation.sender,
@@ -2678,7 +2707,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 	static DEFAULT_WEB_AUTHN_SHARED_SIGNER = "0xfD90FAd33ee8b58f32c00aceEad1358e4AFC23f9";
 	static DEFAULT_WEB_AUTHN_SIGNER_SINGLETON = "0x270D7E4a57E6322f336261f3EaE2BADe72E68d72";
 	static DEFAULT_WEB_AUTHN_SIGNER_FACTORY = "0xF7488fFbe67327ac9f37D5F722d83Fc900852Fbf";
-	static DEFAULT_WEB_AUTHN_FCLP256_VERIFIER = "0x445a0683e494ea0c5AF3E83c5159fBE47Cf9e765";
+	static DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER = "0x445a0683e494ea0c5AF3E83c5159fBE47Cf9e765";
 	static DEFAULT_WEB_AUTHN_PRECOMPILE = "0x0000000000000000000000000000000000000000";
 	static DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE = "0x61010060405234801561001157600080fd5b506040516101ee3803806101ee83398101604081905261003091610058565b6001600160a01b0390931660805260a09190915260c0526001600160b01b031660e0526100bc565b6000806000806080858703121561006e57600080fd5b84516001600160a01b038116811461008557600080fd5b60208601516040870151606088015192965090945092506001600160b01b03811681146100b157600080fd5b939692955090935050565b60805160a05160c05160e05160ff6100ef60003960006008015260006031015260006059015260006080015260ff6000f3fe608060408190527f00000000000000000000000000000000000000000000000000000000000000003660b681018290527f000000000000000000000000000000000000000000000000000000000000000060a082018190527f00000000000000000000000000000000000000000000000000000000000000008285018190527f00000000000000000000000000000000000000000000000000000000000000009490939192600082376000806056360183885af490503d6000803e8060c3573d6000fd5b503d6000f3fea2646970667358221220ddd9bb059ba7a6497d560ca97aadf4dbf0476f578378554a50d41c6bb654beae64736f6c63430008180033";
 	static DEFAULT_MULTISEND_CONTRACT_ADDRESS = "0x38869bf66a61cF6bDB996A6aE40D5853Fd43B526";
@@ -3189,7 +3218,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 	*/
 	static createAccountAddressAndFactoryAddressAndData(owners, overrides, safe4337ModuleAddress, safeModuleSetupAddress) {
 		if (owners.length < 1) throw new RangeError("There should be at least one owner");
-		const initializerCallData = SafeAccount.createBaseInitializerCallData(owners, overrides.threshold ?? 1, safe4337ModuleAddress, safeModuleSetupAddress, overrides.multisendContractAddress ?? SafeAccount.DEFAULT_MULTISEND_CONTRACT_ADDRESS, overrides.webAuthnSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_SHARED_SIGNER, overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE, overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_FCLP256_VERIFIER);
+		const initializerCallData = SafeAccount.createBaseInitializerCallData(owners, overrides.threshold ?? 1, safe4337ModuleAddress, safeModuleSetupAddress, overrides.multisendContractAddress ?? SafeAccount.DEFAULT_MULTISEND_CONTRACT_ADDRESS, overrides.webAuthnSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_SHARED_SIGNER, overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE, overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER);
 		let safeAccountFactory;
 		if (overrides.safeAccountFactoryAddress != null) safeAccountFactory = new SafeAccountFactory(overrides.safeAccountFactoryAddress);
 		else safeAccountFactory = new SafeAccountFactory();
@@ -3211,7 +3240,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 			factoryGeneratorFunctionCallData
 		];
 	}
-	static createBaseInitializerCallData(owners, threshold, safe4337ModuleAddress, safeModuleSetupAddress, multisendContractAddress = SafeAccount.DEFAULT_MULTISEND_CONTRACT_ADDRESS, webAuthnSharedSigner = SafeAccount.DEFAULT_WEB_AUTHN_SHARED_SIGNER, eip7212WebAuthnPrecompileVerifierForSharedSigner = SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE, eip7212WebAuthnContractVerifierForSharedSigner = SafeAccount.DEFAULT_WEB_AUTHN_FCLP256_VERIFIER) {
+	static createBaseInitializerCallData(owners, threshold, safe4337ModuleAddress, safeModuleSetupAddress, multisendContractAddress = SafeAccount.DEFAULT_MULTISEND_CONTRACT_ADDRESS, webAuthnSharedSigner = SafeAccount.DEFAULT_WEB_AUTHN_SHARED_SIGNER, eip7212WebAuthnPrecompileVerifierForSharedSigner = SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE, eip7212WebAuthnContractVerifierForSharedSigner = SafeAccount.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER) {
 		if (owners.length < 1) throw new RangeError("There should be at least one owner");
 		if (threshold < 1) throw new RangeError("threshold should be at least one");
 		if (threshold > owners.length) throw new RangeError("threshold can't be larger than number of owners");
@@ -3287,7 +3316,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 		if (threshold < 1) throw new RangeError("threshold should be at least one");
 		if (threshold > owners.length) throw new RangeError("threshold can't be larger than number of owners");
 		if (c2Nonce < 0n) throw new RangeError("c2Nonce can't be negative");
-		const initializerCallData = SafeAccount.createBaseInitializerCallData(owners, overrides.threshold ?? 1, safe4337ModuleAddress, safeModuleSetupAddress, overrides.multisendContractAddress ?? SafeAccount.DEFAULT_MULTISEND_CONTRACT_ADDRESS, overrides.webAuthnSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_SHARED_SIGNER, overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE, overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_FCLP256_VERIFIER);
+		const initializerCallData = SafeAccount.createBaseInitializerCallData(owners, overrides.threshold ?? 1, safe4337ModuleAddress, safeModuleSetupAddress, overrides.multisendContractAddress ?? SafeAccount.DEFAULT_MULTISEND_CONTRACT_ADDRESS, overrides.webAuthnSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_SHARED_SIGNER, overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE, overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER);
 		let safeAccountFactory;
 		if (overrides.safeAccountFactoryAddress != null) safeAccountFactory = new SafeAccountFactory(overrides.safeAccountFactoryAddress);
 		else safeAccountFactory = new SafeAccountFactory();
@@ -3349,9 +3378,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 				eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier,
 				webAuthnSignerFactory: overrides.webAuthnSignerFactory,
 				webAuthnSignerSingleton: overrides.webAuthnSignerSingleton,
-				webAuthnSignerProxyCreationCode: overrides.webAuthnSignerProxyCreationCode,
-				validAfter,
-				validUntil
+				webAuthnSignerProxyCreationCode: overrides.webAuthnSignerProxyCreationCode
 			});
 			userOperation.signature = SafeAccount.formatSignaturesToUseroperationSignature(dummySignerSignaturePairs, {
 				validAfter,
@@ -3418,7 +3445,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 		maxFeePerGas = overrides.maxFeePerGas ?? maxFeePerGas * BigInt((overrides.maxFeePerGasPercentageMultiplier ?? 0) + 100) / 100n;
 		maxPriorityFeePerGas = overrides.maxPriorityFeePerGas ?? maxPriorityFeePerGas * BigInt((overrides.maxPriorityFeePerGasPercentageMultiplier ?? 0) + 100) / 100n;
 		const eip7212WebAuthnPrecompileVerifier = overrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE;
-		const eip7212WebAuthnContractVerifier = overrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_FCLP256_VERIFIER;
+		const eip7212WebAuthnContractVerifier = overrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER;
 		const webAuthnSignerFactory = overrides.webAuthnSignerFactory ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_FACTORY;
 		const webAuthnSignerSingleton = overrides.webAuthnSignerSingleton ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON;
 		const webAuthnSignerProxyCreationCode = overrides.webAuthnSignerProxyCreationCode ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE;
@@ -3493,16 +3520,14 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 				eip7212WebAuthnContractVerifier,
 				webAuthnSignerFactory,
 				webAuthnSignerSingleton,
-				webAuthnSignerProxyCreationCode,
-				validAfter,
-				validUntil
+				webAuthnSignerProxyCreationCode
 			});
 		}
 		userOperation.signature = SafeAccount.formatSignaturesToUseroperationSignature(dummySignerSignaturePairs, {
 			validAfter,
 			validUntil,
-			webAuthnSharedSigner,
-			isMultiChainSignature: overrides.isMultiChainSignature
+			isMultiChainSignature: overrides.isMultiChainSignature,
+			webAuthnSharedSigner
 		});
 		if (!(overrides.skipGasEstimation ?? false) && (overrides.preVerificationGas == null || overrides.verificationGasLimit == null || overrides.callGasLimit == null)) if (bundlerRpc != null) {
 			userOperation.callGasLimit = 0n;
@@ -3569,14 +3594,15 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 	* @param useroperation - useroperation to sign
 	* @param privateKeys - for the signers
 	* @param chainId - target chain id
-	* @param overrides - overrides for the default values
-	* @param overrides.validAfter - timestamp the signature will be valid after
-	* @param overrides.validUntil - timestamp the signature will be valid until
+	* @param entrypointAddress - target EntryPoint
+	* @param safe4337ModuleAddress - Safe 4337 module
+	* @param options - per-call signing options (timing, multi-chain encoding, module address) — passed through to {@link formatSignaturesToUseroperationSignature}
 	* @returns signature
 	*/
-	static baseSignSingleUserOperation(useroperation, privateKeys, chainId, entrypointAddress, safe4337ModuleAddress, overrides = {}) {
-		const validAfter = overrides.validAfter ?? 0n;
-		const validUntil = overrides.validUntil ?? 0n;
+	static baseSignSingleUserOperation(useroperation, privateKeys, chainId, entrypointAddress, safe4337ModuleAddress, options = {}) {
+		const validAfter = options.validAfter ?? 0n;
+		const validUntil = options.validUntil ?? 0n;
+		const moduleAddress = options.safe4337ModuleAddress ?? safe4337ModuleAddress;
 		if (privateKeys.length < 1) throw new RangeError("There should be at least one privateKey");
 		if (chainId < 0n) throw new RangeError("chainId can't be negative");
 		if (validAfter < 0n) throw new RangeError("validAfter can't be negative");
@@ -3585,7 +3611,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 			validAfter,
 			validUntil,
 			entrypointAddress,
-			safe4337ModuleAddress
+			safe4337ModuleAddress: moduleAddress
 		});
 		const signerSignaturePairs = [];
 		for (const privateKey of privateKeys) {
@@ -3597,9 +3623,9 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 			});
 		}
 		return SafeAccount.formatSignaturesToUseroperationSignature(signerSignaturePairs, {
+			...options,
 			validAfter,
-			validUntil,
-			isMultiChainSignature: overrides.isMultiChainSignature
+			validUntil
 		});
 	}
 	/**
@@ -3622,20 +3648,24 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 	* @param useroperation - UserOperation to sign
 	* @param signers - Signer instances (`fromViem(account)`, `fromEthersWallet(wallet)`, etc.)
 	* @param chainId - target chain id
-	* @param entrypointAddress - target EntryPoint
-	* @param safe4337ModuleAddress - Safe 4337 module
-	* @param overrides - optional validAfter / validUntil / multi-chain flag
+	* @param params - bag combining required wiring (`entrypointAddress`,
+	*   `safe4337ModuleAddress`, `context`) with optional `options`
+	*   ({@link SafeSignatureOptions}: timing, multi-chain encoding,
+	*   module address).
+	*   Both flow through to {@link formatSignaturesToUseroperationSignature}.
 	* @returns formatted signature
 	*/
-	static async baseSignUserOperationWithSigners(useroperation, signers, chainId, entrypointAddress, safe4337ModuleAddress, context, overrides = {}) {
-		const validAfter = overrides.validAfter ?? 0n;
-		const validUntil = overrides.validUntil ?? 0n;
+	static async baseSignUserOperationWithSigners(useroperation, signers, chainId, params) {
+		const { entrypointAddress, safe4337ModuleAddress, context, options = {} } = params;
+		const validAfter = options.validAfter ?? 0n;
+		const validUntil = options.validUntil ?? 0n;
+		const moduleAddress = options.safe4337ModuleAddress ?? safe4337ModuleAddress;
 		if (signers.length < 1) throw new RangeError("There should be at least one signer");
 		const typedDataRaw = SafeAccount.getUserOperationEip712Data(useroperation, chainId, {
 			validAfter,
 			validUntil,
 			entrypointAddress,
-			safe4337ModuleAddress
+			safe4337ModuleAddress: moduleAddress
 		});
 		const userOpHash = ethers.TypedDataEncoder.hash(typedDataRaw.domain, typedDataRaw.types, typedDataRaw.messageValue);
 		const { EIP712Domain: _drop, ...primaryTypes } = typedDataRaw.types;
@@ -3656,12 +3686,13 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 			context
 		})))).map((signature, i) => ({
 			signer: normalizedAddresses[i],
-			signature
+			signature,
+			isContractSignature: signers[i].type === "contract"
 		}));
 		return SafeAccount.formatSignaturesToUseroperationSignature(signerSignaturePairs, {
+			...options,
 			validAfter,
-			validUntil,
-			isMultiChainSignature: overrides.isMultiChainSignature
+			validUntil
 		});
 	}
 	/**
@@ -3674,7 +3705,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 	*/
 	static createWebAuthnSignerVerifierAddress(x, y, overrides = {}) {
 		const eip7212WebAuthnPrecompileVerifier = overrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE;
-		const eip7212WebAuthnContractVerifier = overrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_FCLP256_VERIFIER;
+		const eip7212WebAuthnContractVerifier = overrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER;
 		const webAuthnSignerFactory = overrides.webAuthnSignerFactory ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_FACTORY;
 		const webAuthnSignerSingleton = overrides.webAuthnSignerSingleton ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON;
 		if (eip7212WebAuthnPrecompileVerifier.length !== 42 || eip7212WebAuthnPrecompileVerifier.slice(0, 38) !== "0x0000000000000000000000000000000000000000".slice(0, 38)) throw new RangeError("Invalid precompile address. It should have the format 0x000000000000000000000000000000000000____");
@@ -3705,15 +3736,15 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 	/**
 	* format a list of eip712 signatures to a useroperation signature
 	* @param signerSignaturePairs - a list of a pair of a signer and it's signature
-	* @param overrides - overrides for the default values
+	* @param options - merged bag of {@link SafeSignatureOptions} (timing, multi-chain encoding, module address) and {@link WebAuthnSignatureOverrides} (verifier addresses, init flag). Single param for back-compat with the pre-split shape — callers may pass any combination of fields from either type.
 	* @returns signature
 	*/
-	static formatSignaturesToUseroperationSignature(signerSignaturePairs, overrides = {}) {
-		const validAfter = overrides.validAfter ?? 0n;
-		const validUntil = overrides.validUntil ?? 0n;
-		const signature = SafeAccount.buildSignaturesFromSingerSignaturePairs(signerSignaturePairs, overrides);
-		if (overrides.isMultiChainSignature) if (overrides.multiChainMerkleProof != null) {
-			const merkleProofLength = overrides.multiChainMerkleProof.slice(2).length;
+	static formatSignaturesToUseroperationSignature(signerSignaturePairs, options = {}) {
+		const validAfter = options.validAfter ?? 0n;
+		const validUntil = options.validUntil ?? 0n;
+		const signature = SafeAccount.buildSignaturesFromSingerSignaturePairs(signerSignaturePairs, options);
+		if (options.isMultiChainSignature) if (options.multiChainMerkleProof != null) {
+			const merkleProofLength = options.multiChainMerkleProof.slice(2).length;
 			if (merkleProofLength < 128 || merkleProofLength % 64 !== 0) throw new RangeError("invalid multiChainMerkleProof length.");
 			let merkleTreeDepthHex = (merkleProofLength / 64 - 1).toString(16);
 			if (merkleTreeDepthHex.length % 2 === 0) merkleTreeDepthHex = `0x${merkleTreeDepthHex}`;
@@ -3727,7 +3758,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 				merkleTreeDepthHex,
 				validAfter,
 				validUntil,
-				overrides.multiChainMerkleProof + signature.slice(2)
+				options.multiChainMerkleProof + signature.slice(2)
 			]);
 		} else return (0, ethers.solidityPacked)([
 			"bytes1",
@@ -3760,7 +3791,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 		if (typeof signer === "string") return signer.toLowerCase();
 		else {
 			const eip7212WebAuthnPrecompileVerifier = overrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE;
-			const eip7212WebAuthnContractVerifier = overrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_FCLP256_VERIFIER;
+			const eip7212WebAuthnContractVerifier = overrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER;
 			const webAuthnSignerFactory = overrides.webAuthnSignerFactory ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_FACTORY;
 			const webAuthnSignerSingleton = overrides.webAuthnSignerSingleton ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON;
 			const webAuthnSignerProxyCreationCode = overrides.webAuthnSignerProxyCreationCode ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE;
@@ -3786,7 +3817,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 	/**
 	* format a list of eip712 signatures to a safe signature (without the time range)
 	* @param signerSignaturePairs - a list of a pair of a signer and it's signature
-	* @param overrides - overrides for the default values
+	* @param webAuthnSignatureOverrides - WebAuthn-only configuration (verifier addresses, init flag)
 	* @returns signature
 	*/
 	static buildSignaturesFromSingerSignaturePairs(signerSignaturePairs, webAuthnSignatureOverrides = {}) {
@@ -3800,7 +3831,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 					if (webAuthnSignatureOverrides.isInit) signer = webAuthnSignatureOverrides.webAuthnSharedSigner ?? SafeAccount.DEFAULT_WEB_AUTHN_SHARED_SIGNER;
 					else {
 						const eip7212WebAuthnPrecompileVerifier = webAuthnSignatureOverrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE;
-						const eip7212WebAuthnContractVerifier = webAuthnSignatureOverrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_FCLP256_VERIFIER;
+						const eip7212WebAuthnContractVerifier = webAuthnSignatureOverrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER;
 						const webAuthnSignerFactory = webAuthnSignatureOverrides.webAuthnSignerFactory ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_FACTORY;
 						const webAuthnSignerSingleton = webAuthnSignatureOverrides.webAuthnSignerSingleton ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON;
 						const webAuthnSignerProxyCreationCode = webAuthnSignatureOverrides.webAuthnSignerProxyCreationCode ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE;
@@ -4071,7 +4102,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 	*/
 	static createDeployWebAuthnVerifierMetaTransaction(x, y, overrides = {}) {
 		const eip7212WebAuthnPrecompileVerifier = overrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE;
-		const eip7212WebAuthnContractVerifier = overrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_FCLP256_VERIFIER;
+		const eip7212WebAuthnContractVerifier = overrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER;
 		return {
 			to: overrides.webAuthnSignerFactory ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_FACTORY,
 			value: 0n,
@@ -4173,7 +4204,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 					signerSignaturePair.signer = webauthnsharedsigner;
 				} else {
 					const eip7212WebAuthnPrecompileVerifier = webAuthnSignatureOverrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE;
-					const eip7212WebAuthnContractVerifier = webAuthnSignatureOverrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_FCLP256_VERIFIER;
+					const eip7212WebAuthnContractVerifier = webAuthnSignatureOverrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER;
 					const webAuthnSignerFactory = webAuthnSignatureOverrides.webAuthnSignerFactory ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_FACTORY;
 					const webAuthnSignerSingleton = webAuthnSignatureOverrides.webAuthnSignerSingleton ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON;
 					const webAuthnSignerProxyCreationCode = webAuthnSignatureOverrides.webAuthnSignerProxyCreationCode ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE;
@@ -4207,7 +4238,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 	static async verifyWebAuthnSignatureForMessageHash(nodeRpcUrl, signer, messageHash, signature, overrides = {}) {
 		if (messageHash.length !== 66 || messageHash.slice(0, 2) !== "0x") throw new RangeError("Invalid messageHash, must be a 0x-prefixed keccak256 hash.");
 		const eip7212WebAuthnPrecompileVerifier = overrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_PRECOMPILE;
-		const eip7212WebAuthnContractVerifier = overrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_FCLP256_VERIFIER;
+		const eip7212WebAuthnContractVerifier = overrides.eip7212WebAuthnContractVerifier ?? SafeAccount.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER;
 		const webAuthnSignerSingleton = overrides.webAuthnSignerSingleton ?? SafeAccount.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON;
 		if (eip7212WebAuthnPrecompileVerifier.length !== 42 || eip7212WebAuthnPrecompileVerifier.slice(0, 38) !== "0x0000000000000000000000000000000000000000".slice(0, 38)) throw new RangeError("Invalid precompile address. It should have the format 0x000000000000000000000000000000000000____");
 		const callData = createCallData("0x1626ba7e", ["bytes32", "bytes"], [messageHash, signature]);
@@ -4337,7 +4368,7 @@ var SafeAccount = class SafeAccount extends SmartAccount {
 * @param toolVersion - tool version; defaults to the current abstractionkit version
 * @returns the on-chain identifier as a hex string (not 0x prefixed)
 */
-function generateOnChainIdentifier(project, platform = "Web", tool = "abstractionkit", toolVersion = "0.3.4") {
+function generateOnChainIdentifier(project, platform = "Web", tool = "abstractionkit", toolVersion = "0.3.5") {
 	const identifierPrefix = "5afe";
 	const identifierVersion = "00";
 	const projectHash = (0, ethers.keccak256)(`0x${Buffer.from(project, "utf8").toString("hex")}`).slice(-20);
@@ -5341,15 +5372,15 @@ var SafeAccountV0_3_0 = class SafeAccountV0_3_0 extends SafeAccount {
 	* @param useroperation - The UserOperation to sign
 	* @param privateKeys - Array of private keys for the signers
 	* @param chainId - The target chain ID
-	* @param overrides - Override validAfter and validUntil timestamps
+	* @param options - {@link SafeSignatureOptions} — timing, multi-chain encoding, module address
 	* @returns The formatted signature string ready to set on the UserOperation
 	*
 	* @example
 	* const signature = smartAccount.signUserOperation(userOp, [privateKey], 1n);
 	* userOp.signature = signature;
 	*/
-	signUserOperation(useroperation, privateKeys, chainId, overrides = {}) {
-		return SafeAccount.baseSignSingleUserOperation(useroperation, privateKeys, chainId, this.entrypointAddress, this.safe4337ModuleAddress, overrides);
+	signUserOperation(useroperation, privateKeys, chainId, options = {}) {
+		return SafeAccount.baseSignSingleUserOperation(useroperation, privateKeys, chainId, this.entrypointAddress, this.safe4337ModuleAddress, options);
 	}
 	/**
 	* Sign a UserOperation with one or more {@link ExternalSigner} instances
@@ -5371,16 +5402,21 @@ var SafeAccountV0_3_0 = class SafeAccountV0_3_0 extends SafeAccount {
 	* @param useroperation - UserOperation to sign
 	* @param signers - one ExternalSigner per owner (any order)
 	* @param chainId - target chain ID
-	* @param overrides - optional validAfter / validUntil / multi-chain flag
+	* @param options - {@link SafeSignatureOptions} — timing, multi-chain encoding, module address
 	* @returns Promise resolving to the formatted signature string
 	*/
-	signUserOperationWithSigners(useroperation, signers, chainId, overrides = {}) {
+	signUserOperationWithSigners(useroperation, signers, chainId, options = {}) {
 		const context = {
 			userOperation: useroperation,
 			chainId,
 			entryPoint: this.entrypointAddress
 		};
-		return SafeAccount.baseSignUserOperationWithSigners(useroperation, signers, chainId, this.entrypointAddress, this.safe4337ModuleAddress, context, overrides);
+		return SafeAccount.baseSignUserOperationWithSigners(useroperation, signers, chainId, {
+			entrypointAddress: this.entrypointAddress,
+			safe4337ModuleAddress: this.safe4337ModuleAddress,
+			context,
+			options
+		});
 	}
 };
 //#endregion
@@ -5623,28 +5659,39 @@ var SafeAccountV0_2_0 = class SafeAccountV0_2_0 extends SafeAccount {
 	* @param useroperation - The UserOperation to sign
 	* @param privateKeys - Array of private keys for the signers
 	* @param chainId - The target chain ID
-	* @param overrides - Override validAfter and validUntil timestamps
+	* @param options - {@link SafeSignatureOptions} — timing, multi-chain encoding, module address
 	* @returns The formatted signature string ready to set on the UserOperation
 	*
 	* @example
 	* const signature = smartAccount.signUserOperation(userOp, [privateKey], 1n);
 	* userOp.signature = signature;
 	*/
-	signUserOperation(useroperation, privateKeys, chainId, overrides = {}) {
-		return SafeAccount.baseSignSingleUserOperation(useroperation, privateKeys, chainId, this.entrypointAddress, this.safe4337ModuleAddress, overrides);
+	signUserOperation(useroperation, privateKeys, chainId, options = {}) {
+		return SafeAccount.baseSignSingleUserOperation(useroperation, privateKeys, chainId, this.entrypointAddress, this.safe4337ModuleAddress, options);
 	}
 	/**
 	* Sign a UserOperation using one or more {@link AkSigner} instances.
 	* See {@link SafeAccountV0_3_0.signUserOperationWithSigners} for full
 	* design rationale and examples.
+	*
+	* @param useroperation - The UserOperation to sign
+	* @param signers - one ExternalSigner per owner (any order)
+	* @param chainId - The target chain ID
+	* @param options - {@link SafeSignatureOptions} — timing, multi-chain encoding, module address
+	* @returns Promise resolving to the formatted signature string
 	*/
-	signUserOperationWithSigners(useroperation, signers, chainId, overrides = {}) {
+	signUserOperationWithSigners(useroperation, signers, chainId, options = {}) {
 		const context = {
 			userOperation: useroperation,
 			chainId,
 			entryPoint: this.entrypointAddress
 		};
-		return SafeAccount.baseSignUserOperationWithSigners(useroperation, signers, chainId, this.entrypointAddress, this.safe4337ModuleAddress, context, overrides);
+		return SafeAccount.baseSignUserOperationWithSigners(useroperation, signers, chainId, {
+			entrypointAddress: this.entrypointAddress,
+			safe4337ModuleAddress: this.safe4337ModuleAddress,
+			context,
+			options
+		});
 	}
 };
 //#endregion
@@ -5663,6 +5710,7 @@ var SafeAccountV0_2_0 = class SafeAccountV0_2_0 extends SafeAccount {
 var SafeAccountV1_5_0_M_0_3_0 = class SafeAccountV1_5_0_M_0_3_0 extends SafeAccountV0_3_0 {
 	static DEFAULT_WEB_AUTHN_PRECOMPILE = "0x0000000000000000000000000000000000000100";
 	static DEFAULT_WEB_AUTHN_DAIMO_VERIFIER = "0xc2b78104907F722DABAc4C69f826a522B2754De4";
+	static DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER = "0xc2b78104907F722DABAc4C69f826a522B2754De4";
 	/**
 	* Create a SafeAccountV1_5_0_M_0_3_0 instance for an existing deployed account.
 	* For new (undeployed) accounts, use the static `initializeNewAccount` method instead.
@@ -5711,7 +5759,7 @@ var SafeAccountV1_5_0_M_0_3_0 = class SafeAccountV1_5_0_M_0_3_0 extends SafeAcco
 			...overrides,
 			safeAccountSingleton: overrides.safeAccountSingleton ?? Safe_L2_V1_5_0,
 			eip7212WebAuthnPrecompileVerifierForSharedSigner: overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		};
 		return SafeAccountV0_3_0.initializeNewAccount(owners, modOverrides);
 	}
@@ -5728,7 +5776,7 @@ var SafeAccountV1_5_0_M_0_3_0 = class SafeAccountV1_5_0_M_0_3_0 extends SafeAcco
 			...overrides,
 			safeAccountSingleton: overrides.safeAccountSingleton ?? Safe_L2_V1_5_0,
 			eip7212WebAuthnPrecompileVerifierForSharedSigner: overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		};
 		return SafeAccountV0_3_0.createAccountAddress(owners, modOverrides);
 	}
@@ -5745,7 +5793,7 @@ var SafeAccountV1_5_0_M_0_3_0 = class SafeAccountV1_5_0_M_0_3_0 extends SafeAcco
 			...overrides,
 			safeAccountSingleton: overrides.safeAccountSingleton ?? Safe_L2_V1_5_0,
 			eip7212WebAuthnPrecompileVerifierForSharedSigner: overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		};
 		return SafeAccountV0_3_0.createFactoryAddressAndData(owners, modOverrides);
 	}
@@ -5763,7 +5811,7 @@ var SafeAccountV1_5_0_M_0_3_0 = class SafeAccountV1_5_0_M_0_3_0 extends SafeAcco
 		return super.createUserOperation(transactions, providerRpc, bundlerRpc, {
 			...overrides,
 			eip7212WebAuthnPrecompileVerifier: overrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		});
 	}
 	/**
@@ -5778,7 +5826,7 @@ var SafeAccountV1_5_0_M_0_3_0 = class SafeAccountV1_5_0_M_0_3_0 extends SafeAcco
 		return super.estimateUserOperationGas(userOperation, bundlerRpc, {
 			...overrides,
 			eip7212WebAuthnPrecompileVerifier: overrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		});
 	}
 	/**
@@ -5794,7 +5842,7 @@ var SafeAccountV1_5_0_M_0_3_0 = class SafeAccountV1_5_0_M_0_3_0 extends SafeAcco
 		return SafeAccount.createWebAuthnSignerVerifierAddress(x, y, {
 			...overrides,
 			eip7212WebAuthnPrecompileVerifier: overrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		});
 	}
 	/**
@@ -5810,7 +5858,7 @@ var SafeAccountV1_5_0_M_0_3_0 = class SafeAccountV1_5_0_M_0_3_0 extends SafeAcco
 		return SafeAccount.createDeployWebAuthnVerifierMetaTransaction(x, y, {
 			...overrides,
 			eip7212WebAuthnPrecompileVerifier: overrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		});
 	}
 	/**
@@ -5824,7 +5872,7 @@ var SafeAccountV1_5_0_M_0_3_0 = class SafeAccountV1_5_0_M_0_3_0 extends SafeAcco
 		return SafeAccount.createDummySignerSignaturePairForExpectedSigners(expectedSigners, {
 			...webAuthnSignatureOverrides,
 			eip7212WebAuthnPrecompileVerifier: webAuthnSignatureOverrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: webAuthnSignatureOverrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifier: webAuthnSignatureOverrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		});
 	}
 	/**
@@ -5842,7 +5890,7 @@ var SafeAccountV1_5_0_M_0_3_0 = class SafeAccountV1_5_0_M_0_3_0 extends SafeAcco
 		return SafeAccount.verifyWebAuthnSignatureForMessageHash(nodeRpcUrl, signer, messageHash, signature, {
 			...overrides,
 			eip7212WebAuthnPrecompileVerifier: overrides.eip7212WebAuthnPrecompileVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeAccountV1_5_0_M_0_3_0.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		});
 	}
 };
@@ -5936,6 +5984,7 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 	static DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE = DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE_V_0_2_1;
 	static DEFAULT_WEB_AUTHN_PRECOMPILE = DEFAULT_WEB_AUTHN_PRECOMPILE_RIP_7951;
 	static DEFAULT_WEB_AUTHN_DAIMO_VERIFIER = DEFAULT_WEB_AUTHN_DAIMO_VERIFIER_V_0_2_1;
+	static DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER = DEFAULT_WEB_AUTHN_DAIMO_VERIFIER_V_0_2_1;
 	/**
 	* Create a SafeMultiChainSigAccount instance for an existing or new account.
 	* @param accountAddress - the Safe account address
@@ -5961,7 +6010,7 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 			...overrides,
 			webAuthnSharedSigner: overrides.webAuthnSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SHARED_SIGNER,
 			eip7212WebAuthnPrecompileVerifierForSharedSigner: overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		};
 		const [accountAddress, ,] = SafeAccount.createAccountAddressAndFactoryAddressAndData(owners, modOverrides, overrides.safe4337ModuleAddress ?? SafeMultiChainSigAccountV1.DEFAULT_SAFE_4337_MODULE_ADDRESS, overrides.safeModuleSetupAddress ?? SafeMultiChainSigAccountV1.DEFAULT_SAFE_MODULE_SETUP_ADDRESS);
 		return accountAddress;
@@ -5991,7 +6040,7 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 			...overrides,
 			webAuthnSharedSigner: overrides.webAuthnSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SHARED_SIGNER,
 			eip7212WebAuthnPrecompileVerifierForSharedSigner: overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		};
 		const [accountAddress, factoryAddress, factoryData] = SafeAccount.createAccountAddressAndFactoryAddressAndData(owners, modOverrides, overrides.safe4337ModuleAddress ?? SafeMultiChainSigAccountV1.DEFAULT_SAFE_4337_MODULE_ADDRESS, overrides.safeModuleSetupAddress ?? SafeMultiChainSigAccountV1.DEFAULT_SAFE_MODULE_SETUP_ADDRESS);
 		const safe = new SafeMultiChainSigAccountV1(accountAddress, {
@@ -6068,7 +6117,7 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 	static createInitializerCallData(owners, threshold, overrides = {}) {
 		const safe4337ModuleAddress = overrides.safe4337ModuleAddress ?? SafeMultiChainSigAccountV1.DEFAULT_SAFE_4337_MODULE_ADDRESS;
 		const safeModuleSetupAddress = overrides.safeModuleSetupAddress ?? SafeMultiChainSigAccountV1.DEFAULT_SAFE_MODULE_SETUP_ADDRESS;
-		return SafeAccount.createBaseInitializerCallData(owners, threshold, safe4337ModuleAddress, safeModuleSetupAddress, overrides.multisendContractAddress, overrides.webAuthnSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SHARED_SIGNER, overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_PRECOMPILE, overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER);
+		return SafeAccount.createBaseInitializerCallData(owners, threshold, safe4337ModuleAddress, safeModuleSetupAddress, overrides.multisendContractAddress, overrides.webAuthnSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SHARED_SIGNER, overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_PRECOMPILE, overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER);
 	}
 	/**
 	* create account factory address and factory data
@@ -6081,7 +6130,7 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 			...overrides,
 			webAuthnSharedSigner: overrides.webAuthnSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SHARED_SIGNER,
 			eip7212WebAuthnPrecompileVerifierForSharedSigner: overrides.eip7212WebAuthnPrecompileVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER
+			eip7212WebAuthnContractVerifierForSharedSigner: overrides.eip7212WebAuthnContractVerifierForSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
 		};
 		return SafeAccount.createFactoryAddressAndData(owners, modOverrides, overrides.safe4337ModuleAddress ?? SafeMultiChainSigAccountV1.DEFAULT_SAFE_4337_MODULE_ADDRESS, overrides.safeModuleSetupAddress ?? SafeMultiChainSigAccountV1.DEFAULT_SAFE_MODULE_SETUP_ADDRESS);
 	}
@@ -6103,7 +6152,7 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 			isMultiChainSignature: true,
 			webAuthnSharedSigner: overrides.webAuthnSharedSigner ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SHARED_SIGNER,
 			eip7212WebAuthnPrecompileVerifier: overrides.eip7212WebAuthnPrecompileVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER,
+			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER,
 			webAuthnSignerFactory: overrides.webAuthnSignerFactory ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_FACTORY,
 			webAuthnSignerSingleton: overrides.webAuthnSignerSingleton ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON,
 			webAuthnSignerProxyCreationCode: overrides.webAuthnSignerProxyCreationCode ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE
@@ -6131,14 +6180,13 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 	* @param useroperation - useroperation to sign
 	* @param privateKeys - for the signers
 	* @param chainId - target chain id
-	* @param overrides - overrides for the default values
-	* @param overrides.validAfter - timestamp the signature will be valid after
-	* @param overrides.validUntil - timestamp the signature will be valid until
+	* @param options - {@link SafeSignatureOptions} — timing, multiChainMerkleProof, module address. The multi-chain flag is force-set true and overrides any caller value.
 	* @returns signature
 	*/
-	signUserOperation(userOperation, privateKeys, chainId, overrides = {}) {
+	signUserOperation(userOperation, privateKeys, chainId, options = {}) {
+		if (options.multiChainMerkleProof != null && options.multiChainMerkleProof.length > 0) throw new RangeError("signUserOperation does not accept multiChainMerkleProof; use signUserOperations for multi-op Merkle signatures");
 		return SafeAccount.baseSignSingleUserOperation(userOperation, privateKeys, chainId, this.entrypointAddress, this.safe4337ModuleAddress, {
-			...overrides,
+			...options,
 			isMultiChainSignature: true
 		});
 	}
@@ -6147,16 +6195,28 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 	* {@link AkSigner} instances. See
 	* {@link SafeAccountV0_3_0.signUserOperationWithSigners} for the full
 	* design rationale. Sets the multi-chain flag automatically.
+	*
+	* @param userOperation - UserOperation to sign
+	* @param signers - one ExternalSigner per owner (any order)
+	* @param chainId - target chain id
+	* @param options - {@link SafeSignatureOptions} — timing, multiChainMerkleProof, module address. The multi-chain flag is force-set true and overrides any caller value.
+	* @returns Promise resolving to the formatted signature string
 	*/
-	signUserOperationWithSigners(userOperation, signers, chainId, overrides = {}) {
+	signUserOperationWithSigners(userOperation, signers, chainId, options = {}) {
+		if (options.multiChainMerkleProof != null && options.multiChainMerkleProof.length > 0) throw new RangeError("signUserOperationWithSigners does not accept multiChainMerkleProof; use signUserOperationsWithSigners for multi-op Merkle signatures");
 		const context = {
 			userOperation,
 			chainId,
 			entryPoint: this.entrypointAddress
 		};
-		return SafeAccount.baseSignUserOperationWithSigners(userOperation, signers, chainId, this.entrypointAddress, this.safe4337ModuleAddress, context, {
-			...overrides,
-			isMultiChainSignature: true
+		return SafeAccount.baseSignUserOperationWithSigners(userOperation, signers, chainId, {
+			entrypointAddress: this.entrypointAddress,
+			safe4337ModuleAddress: this.safe4337ModuleAddress,
+			context,
+			options: {
+				...options,
+				isMultiChainSignature: true
+			}
 		});
 	}
 	/**
@@ -6277,10 +6337,15 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 			return userOpSignatures;
 		} else {
 			const u = userOperationsToSign[0];
-			return [await SafeAccount.baseSignUserOperationWithSigners(u.userOperation, signers, u.chainId, this.entrypointAddress, this.safe4337ModuleAddress, context, {
-				validAfter: u.validAfter,
-				validUntil: u.validUntil,
-				isMultiChainSignature: true
+			return [await SafeAccount.baseSignUserOperationWithSigners(u.userOperation, signers, u.chainId, {
+				entrypointAddress: this.entrypointAddress,
+				safe4337ModuleAddress: this.safe4337ModuleAddress,
+				context,
+				options: {
+					validAfter: u.validAfter,
+					validUntil: u.validUntil,
+					isMultiChainSignature: true
+				}
 			})];
 		}
 	}
@@ -6330,28 +6395,34 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 	*/
 	static formatSignaturesToUseroperationsSignatures(userOperationsToSign, signerSignaturePairs) {
 		if (userOperationsToSign.length < 1) throw new RangeError("There should be at least one userOperationsToSign");
-		const defaultOverrides = {
+		const defaultWebAuthnOverrides = {
 			eip7212WebAuthnPrecompileVerifier: SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER,
+			eip7212WebAuthnContractVerifier: SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER,
 			webAuthnSignerFactory: SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_FACTORY,
 			webAuthnSignerSingleton: SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON,
 			webAuthnSignerProxyCreationCode: SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE,
-			safe4337ModuleAddress: SafeMultiChainSigAccountV1.DEFAULT_SAFE_4337_MODULE_ADDRESS,
 			webAuthnSharedSigner: SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SHARED_SIGNER
 		};
+		const defaultOptions = { safe4337ModuleAddress: SafeMultiChainSigAccountV1.DEFAULT_SAFE_4337_MODULE_ADDRESS };
 		if (userOperationsToSign.length === 1) return [SafeAccount.formatSignaturesToUseroperationSignature(signerSignaturePairs, {
-			...defaultOverrides,
-			...userOperationsToSign[0].overrides,
+			...defaultOptions,
+			...defaultWebAuthnOverrides,
+			...userOperationsToSign[0].options,
+			...userOperationsToSign[0].webAuthnSignatureOverrides,
 			validAfter: userOperationsToSign[0].validAfter,
 			validUntil: userOperationsToSign[0].validUntil,
 			isMultiChainSignature: true
 		})];
 		const userOperationsHashes = [];
-		userOperationsToSign.forEach((userOperationToSign, _index) => {
+		const resolvedValidity = userOperationsToSign.map((userOperationToSign) => ({
+			validAfter: userOperationToSign.options?.validAfter ?? userOperationToSign.validAfter,
+			validUntil: userOperationToSign.options?.validUntil ?? userOperationToSign.validUntil
+		}));
+		userOperationsToSign.forEach((userOperationToSign, index) => {
 			const userOperationHash = SafeAccount.getUserOperationEip712Hash_V9(userOperationToSign.userOperation, userOperationToSign.chainId, {
-				validAfter: userOperationToSign.validAfter,
-				validUntil: userOperationToSign.validUntil,
-				safe4337ModuleAddress: userOperationToSign.overrides?.safe4337ModuleAddress ?? defaultOverrides.safe4337ModuleAddress
+				validAfter: resolvedValidity[index].validAfter,
+				validUntil: resolvedValidity[index].validUntil,
+				safe4337ModuleAddress: userOperationToSign.options?.safe4337ModuleAddress ?? defaultOptions.safe4337ModuleAddress
 			});
 			userOperationsHashes.push(userOperationHash);
 		});
@@ -6359,8 +6430,12 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 		const userOpSignatures = [];
 		userOperationsToSign.forEach((userOperationToSign, index) => {
 			userOpSignatures.push(SafeAccount.formatSignaturesToUseroperationSignature(signerSignaturePairs, {
-				...defaultOverrides,
-				...userOperationToSign.overrides,
+				...defaultOptions,
+				...defaultWebAuthnOverrides,
+				...userOperationToSign.options,
+				...userOperationToSign.webAuthnSignatureOverrides,
+				validAfter: resolvedValidity[index].validAfter,
+				validUntil: resolvedValidity[index].validUntil,
 				isMultiChainSignature: true,
 				multiChainMerkleProof: proofs[index]
 			}));
@@ -6371,7 +6446,7 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 		return SafeAccount.createWebAuthnSignerVerifierAddress(x, y, {
 			...overrides,
 			eip7212WebAuthnPrecompileVerifier: overrides.eip7212WebAuthnPrecompileVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER,
+			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER,
 			webAuthnSignerFactory: overrides.webAuthnSignerFactory ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_FACTORY,
 			webAuthnSignerSingleton: overrides.webAuthnSignerSingleton ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON,
 			webAuthnSignerProxyCreationCode: overrides.webAuthnSignerProxyCreationCode ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE
@@ -6381,7 +6456,7 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 		return SafeAccount.createDeployWebAuthnVerifierMetaTransaction(x, y, {
 			...overrides,
 			eip7212WebAuthnPrecompileVerifier: overrides.eip7212WebAuthnPrecompileVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER,
+			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER,
 			webAuthnSignerFactory: overrides.webAuthnSignerFactory ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_FACTORY
 		});
 	}
@@ -6389,7 +6464,7 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 		return SafeAccount.createDummySignerSignaturePairForExpectedSigners(expectedSigners, {
 			...webAuthnSignatureOverrides,
 			eip7212WebAuthnPrecompileVerifier: webAuthnSignatureOverrides.eip7212WebAuthnPrecompileVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: webAuthnSignatureOverrides.eip7212WebAuthnContractVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER,
+			eip7212WebAuthnContractVerifier: webAuthnSignatureOverrides.eip7212WebAuthnContractVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER,
 			webAuthnSignerFactory: webAuthnSignatureOverrides.webAuthnSignerFactory ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_FACTORY,
 			webAuthnSignerSingleton: webAuthnSignatureOverrides.webAuthnSignerSingleton ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON,
 			webAuthnSignerProxyCreationCode: webAuthnSignatureOverrides.webAuthnSignerProxyCreationCode ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE,
@@ -6400,7 +6475,7 @@ var SafeMultiChainSigAccountV1 = class SafeMultiChainSigAccountV1 extends SafeAc
 		return SafeAccount.verifyWebAuthnSignatureForMessageHash(nodeRpcUrl, signer, messageHash, signature, {
 			...overrides,
 			eip7212WebAuthnPrecompileVerifier: overrides.eip7212WebAuthnPrecompileVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_PRECOMPILE,
-			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_DAIMO_VERIFIER,
+			eip7212WebAuthnContractVerifier: overrides.eip7212WebAuthnContractVerifier ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER,
 			webAuthnSignerSingleton: overrides.webAuthnSignerSingleton ?? SafeMultiChainSigAccountV1.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON
 		});
 	}
@@ -6738,27 +6813,139 @@ var BaseSimple7702Account = class BaseSimple7702Account extends SmartAccount {
 		return new ethers.Wallet(privateKey).signingKey.sign(userOperationHash).serialized;
 	}
 	/**
-	* Schemes Simple7702 accepts from a Signer. Only raw-hash ECDSA, since
-	* the delegatee verifies a plain signature over the userOp hash.
+	* Schemes Simple7702 accepts from a Signer. EntryPoint v0.8/v0.9 introduced
+	* an EIP-712 domain at the EntryPoint contract, and the userOpHash IS the
+	* EIP-712 digest of the PackedUserOperation under that domain — so signing
+	* the typed data and signing the raw hash produce signatures that verify
+	* against the same `userOpHash` (and recover to the same signer address).
+	* Deterministic-ECDSA signers (ethers, viem, MetaMask) yield byte-identical
+	* bytes; signers that differ in `s` / `v` normalization still validate the
+	* same on-chain.
+	*
+	* `typedData` is listed first so JSON-RPC wallets that can only sign typed
+	* data work without a separate code path; `hash` remains a valid fallback
+	* for local-key signers.
 	*/
-	static ACCEPTED_SIGNING_SCHEMES = ["hash"];
+	static ACCEPTED_SIGNING_SCHEMES = ["typedData", "hash"];
 	/**
-	* Sign a UserOperation with an {@link AkSigner}. Signer must implement
-	* `signHash`, since Simple7702 only verifies raw ECDSA over the userOp
-	* hash. JSON-RPC wallets and anything that only provides `signTypedData`
-	* fail offline with a specific error.
+	* Build the EIP-712 typed data payload for a UserOperation under the
+	* EntryPoint v0.8 / v0.9 domain. Lower-level escape hatch for integrators
+	* driving `signTypedData` themselves with their own signing primitive
+	* (HSM, MPC, custom wallet abstraction). Most callers should pass an
+	* {@link AkSigner} to {@link signUserOperationWithSigner} instead, which
+	* builds this internally.
+	*
+	* The digest of the returned payload equals the UserOperation hash from
+	* {@link createUserOperationHash}, so a wallet calling
+	* `signTypedData(domain, types, message)` produces a signature that
+	* verifies against the same `userOpHash` as raw ECDSA over that hash.
+	* Deterministic-ECDSA signers yield byte-identical signatures; signers
+	* that differ in `s` / `v` normalization still validate the same on-chain.
+	*
+	* Common use cases beyond direct signing:
+	*   - Inspect / log the typed data the wallet will display.
+	*   - Render a custom confirmation UI before delegating to a wallet's
+	*     `signTypedData`.
+	*   - Drive non-`ExternalSigner`-shaped signers (HSM, MPC service,
+	*     backend signing pipelines).
+	*
+	* @param userOperation - Unsigned UserOperation to wrap
+	* @param chainId - Target chain ID (must match the chain that will validate
+	*   the signature)
+	* @returns EIP-712 {@link TypedData} payload ready for `signTypedData`
+	* @throws {AbstractionKitError} if this account targets an EntryPoint
+	*   version other than v0.8 / v0.9. Earlier EntryPoints define the
+	*   userOpHash differently and require raw-hash signing.
+	*/
+	getUserOperationEip712TypedData(userOperation, chainId) {
+		const ep = this.entrypointAddress.toLowerCase();
+		const isV9 = ep === ENTRYPOINT_V9.toLowerCase();
+		if (ep !== "0x4337084D9E255Ff0702461CF8895CE9E3b5Ff108".toLowerCase() && !isV9) throw new AbstractionKitError("BAD_DATA", `getUserOperationEip712TypedData supports EntryPoint v0.8 / v0.9 only; this account targets ${this.entrypointAddress}. Use signUserOperation (raw-hash ECDSA) for earlier EntryPoint versions.`);
+		const abiCoder = ethers.AbiCoder.defaultAbiCoder();
+		const initCode = buildPackedInitCodeV8V9(userOperation);
+		const accountGasLimits = "0x" + abiCoder.encode(["uint128"], [userOperation.verificationGasLimit]).slice(34) + abiCoder.encode(["uint128"], [userOperation.callGasLimit]).slice(34);
+		const gasFees = "0x" + abiCoder.encode(["uint128"], [userOperation.maxPriorityFeePerGas]).slice(34) + abiCoder.encode(["uint128"], [userOperation.maxFeePerGas]).slice(34);
+		const paymasterAndData = buildPaymasterAndData(userOperation, isV9);
+		return {
+			domain: {
+				name: "ERC4337",
+				version: "1",
+				chainId,
+				verifyingContract: this.entrypointAddress
+			},
+			types: { PackedUserOperation: [
+				{
+					name: "sender",
+					type: "address"
+				},
+				{
+					name: "nonce",
+					type: "uint256"
+				},
+				{
+					name: "initCode",
+					type: "bytes"
+				},
+				{
+					name: "callData",
+					type: "bytes"
+				},
+				{
+					name: "accountGasLimits",
+					type: "bytes32"
+				},
+				{
+					name: "preVerificationGas",
+					type: "uint256"
+				},
+				{
+					name: "gasFees",
+					type: "bytes32"
+				},
+				{
+					name: "paymasterAndData",
+					type: "bytes"
+				}
+			] },
+			primaryType: "PackedUserOperation",
+			message: {
+				sender: userOperation.sender,
+				nonce: userOperation.nonce,
+				initCode,
+				callData: userOperation.callData,
+				accountGasLimits,
+				preVerificationGas: userOperation.preVerificationGas,
+				gasFees,
+				paymasterAndData
+			}
+		};
+	}
+	/**
+	* Sign a UserOperation with an {@link AkSigner}. The signer can implement
+	* either `signTypedData` (preferred — JSON-RPC wallets, viem `WalletClient`)
+	* or `signHash` (local keys, hardware wallets). Both schemes produce
+	* signatures that validate against the same `userOpHash` because the
+	* v0.8 / v0.9 userOpHash IS the EIP-712 digest of the PackedUserOperation
+	* (deterministic-ECDSA signers yield byte-identical bytes).
+	*
+	* Signers that implement neither method fail offline with an actionable
+	* error.
 	*/
 	async baseSignUserOperationWithSigner(useroperation, signer, chainId) {
-		return invokeSigner(signer, pickScheme(signer, BaseSimple7702Account.ACCEPTED_SIGNING_SCHEMES, {
-			accountName: "Simple7702 (raw ECDSA over userOpHash)",
+		const scheme = pickScheme(signer, BaseSimple7702Account.ACCEPTED_SIGNING_SCHEMES, {
+			accountName: "Simple7702 (EIP-712 typed data or raw ECDSA over userOpHash)",
 			signerIndex: 0
-		}), {
-			hash: createUserOperationHash(useroperation, this.entrypointAddress, chainId),
-			context: {
-				userOperation: useroperation,
-				chainId,
-				entryPoint: this.entrypointAddress
-			}
+		});
+		const hash = createUserOperationHash(useroperation, this.entrypointAddress, chainId);
+		const context = {
+			userOperation: useroperation,
+			chainId,
+			entryPoint: this.entrypointAddress
+		};
+		return invokeSigner(signer, scheme, {
+			hash,
+			typedData: scheme === "typedData" ? this.getUserOperationEip712TypedData(useroperation, chainId) : void 0,
+			context
 		});
 	}
 	/**
@@ -6872,13 +7059,34 @@ var Simple7702Account = class Simple7702Account extends BaseSimple7702Account {
 		return this.baseSignUserOperation(useroperation, privateKey, chainId);
 	}
 	/**
-	* Sign a {@link UserOperationV8} using an {@link ExternalSigner}.
-	* Simple7702 only accepts raw-hash ECDSA; signers without `signHash`
-	* fail offline with an actionable error.
+	* Sign a {@link UserOperationV8} using an {@link ExternalSigner}. This is
+	* the recommended entry point for any non-private-key signer.
+	*
+	* Accepts signers that implement `signTypedData` (JSON-RPC wallets, viem
+	* `WalletClient`, browser wallets), `signHash` (local keys, hardware
+	* wallets), or both. The v0.8 userOpHash IS the EIP-712 digest of the
+	* PackedUserOperation under the EntryPoint domain, so both schemes
+	* produce signatures that validate against the same `userOpHash`.
+	*
+	* Wrapping a custom signing primitive is just an object literal; no
+	* adapter function required:
+	*
+	* ```ts
+	* const signer: ExternalSigner = {
+	*   address: ownerAddress,
+	*   signTypedData: async (td) => myWallet.signTypedData(td),
+	* }
+	* userOp.signature = await account.signUserOperationWithSigner(userOp, signer, chainId)
+	* ```
 	*
 	* For signing with a raw private-key string, use the sync
 	* {@link signUserOperation} method, or wrap explicitly with
 	* `fromPrivateKey(pk)`.
+	*
+	* @see {@link BaseSimple7702Account.getUserOperationEip712TypedData} for
+	*   the lower-level escape hatch when you need the typed data outside the
+	*   dispatcher (e.g., to render a custom confirmation UI or feed an HSM
+	*   that doesn't fit the {@link ExternalSigner} shape).
 	*/
 	async signUserOperationWithSigner(useroperation, signer, chainId) {
 		return this.baseSignUserOperationWithSigner(useroperation, signer, chainId);
@@ -6949,10 +7157,33 @@ var Simple7702AccountV09 = class Simple7702AccountV09 extends BaseSimple7702Acco
 		return this.baseSignUserOperation(useroperation, privateKey, chainId);
 	}
 	/**
-	* Sign a {@link UserOperationV9} using an {@link ExternalSigner}.
-	* Simple7702 only accepts raw-hash ECDSA; signers without `signHash`
-	* fail offline with an actionable error. For a raw pk string, use the
-	* sync {@link signUserOperation} method or wrap with `fromPrivateKey`.
+	* Sign a {@link UserOperationV9} using an {@link ExternalSigner}. This is
+	* the recommended entry point for any non-private-key signer.
+	*
+	* Accepts signers that implement `signTypedData` (JSON-RPC wallets, viem
+	* `WalletClient`, browser wallets), `signHash` (local keys, hardware
+	* wallets), or both. The v0.9 userOpHash IS the EIP-712 digest of the
+	* PackedUserOperation under the EntryPoint domain, so both schemes
+	* produce signatures that validate against the same `userOpHash`.
+	*
+	* Wrapping a custom signing primitive is just an object literal; no
+	* adapter function required:
+	*
+	* ```ts
+	* const signer: ExternalSigner = {
+	*   address: ownerAddress,
+	*   signTypedData: async (td) => myWallet.signTypedData(td),
+	* }
+	* userOp.signature = await account.signUserOperationWithSigner(userOp, signer, chainId)
+	* ```
+	*
+	* For signing with a raw private-key string, use the sync
+	* {@link signUserOperation} method, or wrap explicitly with
+	* `fromPrivateKey(pk)`.
+	*
+	* @see {@link BaseSimple7702Account.getUserOperationEip712TypedData} for
+	*   the lower-level escape hatch when you need the typed data outside the
+	*   dispatcher.
 	*/
 	async signUserOperationWithSigner(useroperation, signer, chainId) {
 		return this.baseSignUserOperationWithSigner(useroperation, signer, chainId);
@@ -7963,6 +8194,280 @@ function createWorldIdSignal(accountAddress, accountNonce, chainId) {
 	]));
 }
 //#endregion
+//#region src/account/Safe/adapters.ts
+/**
+* Adapt a WebAuthn credential to a Signer for `signUserOperationWithSigners`
+* on Safe accounts. Safe-specific (uses Safe's WebAuthn shared signer /
+* verifier proxy / signature encoding) — for non-Safe accounts, use the
+* account's own WebAuthn adapter.
+*
+* Hides the address routing (shared signer for the init UserOp, per-owner
+* verifier proxy after that), the `type: "contract"` tag, and the
+* Safe-specific signature encoding. The caller supplies a
+* {@link FromSafeWebauthnParams.getAssertion} callback that runs the
+* actual WebAuthn ceremony — this is where you call
+* `navigator.credentials.get(...)` (browser) or an equivalent native
+* bridge, since the SDK doesn't import `navigator` itself.
+*
+* Only `signHash` is exposed: WebAuthn signs a flat challenge, so a typed-data
+* preview would never reach the authenticator anyway.
+*
+* **Override consistency.** Pass the same `accountClass` you passed to
+* `initializeNewAccount` so the adapter sources the right Safe Passkey
+* module defaults — v0.2.0 / FCL P256 for `SafeAccount` / `SafeAccountV0_2_0`
+* / `SafeAccountV0_3_0`, v0.2.1 / Daimo P256 + RIP-7951 for
+* `SafeMultiChainSigAccountV1`. Every individual WebAuthn override
+* (`webAuthnSharedSigner`, `webAuthnSignerFactory`, `webAuthnSignerSingleton`,
+* `webAuthnSignerProxyCreationCode`, `eip7212WebAuthnPrecompileVerifier`,
+* `eip7212WebAuthnContractVerifier`) must likewise match what was passed to
+* `InitCodeOverrides` at init time — only set them when you've also
+* overridden them at init. The on-chain owner set is locked to whatever was
+* used at init: `webAuthnSharedSigner` for `isInit=true`, the deterministic
+* verifier proxy derived from the other five for `isInit=false`. A mismatch
+* produces a signature pointing at an address that isn't an owner; on-chain
+* `checkSignatures` reverts with `GS026` and the bundler surfaces it as a
+* generic "Invalid UserOp signature" with no offline diagnostic.
+*
+* @example
+* import { fromSafeWebauthn, SafeAccountV0_3_0 } from "abstractionkit";
+*
+* // Pass `expectedSigners: [{ x, y }]` so createUserOperation picks the
+* // WebAuthn dummy signature for gas estimation. Without it, the
+* // bundler sizes verification gas against the EOA dummy and the
+* // real signed UserOp gets rejected (or under-budgeted on-chain) at submit.
+* let userOperation = await safe.createUserOperation(
+*   transactions, nodeUrl, bundlerUrl,
+*   { expectedSigners: [{ x, y }] },
+* );
+*
+* const signer = fromSafeWebauthn({
+*   publicKey: { x, y },
+*   isInit: userOperation.nonce === 0n,
+*   accountClass: SafeAccountV0_3_0, // SafeMultiChainSigAccountV1 for multi-chain
+*   getAssertion: async (challenge) => {
+*     const assertion = await navigator.credentials.get({
+*       publicKey: { challenge, rpId, allowCredentials, userVerification },
+*     });
+*     return {
+*       authenticatorData: assertion.response.authenticatorData,
+*       clientDataFields: extractClientDataFields(assertion.response),
+*       rs: extractSignature(assertion.response),
+*     };
+*   },
+* });
+* userOperation.signature = await safe.signUserOperationWithSigners(
+*   userOperation, [signer], chainId,
+* );
+*/
+function fromSafeWebauthn(params) {
+	const { publicKey, isInit, getAssertion, accountClass, webAuthnSharedSigner, webAuthnSignerFactory, webAuthnSignerSingleton, webAuthnSignerProxyCreationCode, eip7212WebAuthnPrecompileVerifier, eip7212WebAuthnContractVerifier } = params;
+	if (typeof publicKey?.x !== "bigint" || typeof publicKey?.y !== "bigint") throw new TypeError("fromSafeWebauthn: publicKey.x and publicKey.y must be bigint. If they round-tripped through JSON.parse, hydrate them back to bigint first (e.g. BigInt(value) for decimal strings, or use a JSON reviver).");
+	return {
+		address: isInit ? webAuthnSharedSigner ?? accountClass.DEFAULT_WEB_AUTHN_SHARED_SIGNER : SafeAccount.createWebAuthnSignerVerifierAddress(publicKey.x, publicKey.y, {
+			webAuthnSignerFactory: webAuthnSignerFactory ?? accountClass.DEFAULT_WEB_AUTHN_SIGNER_FACTORY,
+			webAuthnSignerSingleton: webAuthnSignerSingleton ?? accountClass.DEFAULT_WEB_AUTHN_SIGNER_SINGLETON,
+			webAuthnSignerProxyCreationCode: webAuthnSignerProxyCreationCode ?? accountClass.DEFAULT_WEB_AUTHN_SIGNER_PROXY_CREATION_CODE,
+			eip7212WebAuthnPrecompileVerifier: eip7212WebAuthnPrecompileVerifier ?? accountClass.DEFAULT_WEB_AUTHN_PRECOMPILE,
+			eip7212WebAuthnContractVerifier: eip7212WebAuthnContractVerifier ?? accountClass.DEFAULT_WEB_AUTHN_CONTRACT_VERIFIER
+		}),
+		type: "contract",
+		signHash: async (hash) => {
+			const assertion = await getAssertion((0, ethers.getBytes)(hash));
+			return SafeAccount.createWebAuthnSignature(assertion);
+		}
+	};
+}
+/**
+* Coerce a `{ x, y }` pair where each coord may be `bigint`, hex string
+* (`"0x..."`), decimal string, or a safe-integer number into a canonical
+* {@link WebauthnPublicKey} with bigint coords. Used internally by
+* {@link pubkeyCoordinatesFromJson} — for non-JSON inputs (URL params,
+* RPC responses), pass the pre-parsed object straight to that helper.
+*
+* @throws if either coordinate is missing, the wrong type, or an
+* unparseable string.
+*/
+function toBigintPubkey(pubkey) {
+	if (!pubkey || pubkey.x == null || pubkey.y == null) throw new Error("toBigintPubkey: pubkey must be `{ x, y }` with both coords set");
+	return {
+		x: coerceBigint(pubkey.x, "x"),
+		y: coerceBigint(pubkey.y, "y")
+	};
+}
+function coerceBigint(v, field) {
+	let coerced;
+	if (typeof v === "bigint") coerced = v;
+	else if (typeof v === "string") try {
+		coerced = BigInt(v);
+	} catch {
+		throw new Error(`toBigintPubkey: pubkey.${field} ("${v}") is not a valid bigint string. Accepted: non-negative bigint, decimal string, or 0x-prefixed hex string.`);
+	}
+	else if (typeof v === "number") {
+		if (!Number.isSafeInteger(v)) throw new Error(`toBigintPubkey: pubkey.${field} is a Number but not a safe integer. Pass as bigint or hex string to avoid precision loss.`);
+		coerced = BigInt(v);
+	} else throw new Error(`toBigintPubkey: pubkey.${field} must be bigint, string, or number (got ${typeof v})`);
+	if (coerced < 0n) throw new Error(`toBigintPubkey: pubkey.${field} must be non-negative (got ${coerced.toString()}). P-256 coordinates are non-negative field elements; negative values aren't valid and would break canonical JSON round-trip serialization.`);
+	return coerced;
+}
+/**
+* Serialize a WebAuthn pubkey to a JSON string with hex-encoded
+* coordinates. Inverse of {@link pubkeyCoordinatesFromJson}.
+*
+* Any JSON-string persistence — localStorage, backend indexes, query
+* strings, IPC payloads — eventually needs a custom replacer for
+* `bigint` (which `JSON.stringify` can't serialize on its own). This
+* helper ships the canonical version so the round-trip is consistent
+* across call sites.
+*
+* @example
+* ```ts
+* localStorage.setItem("passkey", pubkeyCoordinatesToJson({ x: 0x7a..., y: 0x2e... }));
+* // Stored as: {"x":"0x7a...","y":"0x2e..."}
+* ```
+*/
+function pubkeyCoordinatesToJson(pubkey) {
+	return JSON.stringify({
+		x: "0x" + pubkey.x.toString(16),
+		y: "0x" + pubkey.y.toString(16)
+	});
+}
+/**
+* Parse a JSON string produced by {@link pubkeyCoordinatesToJson} (or
+* any JSON object with `x` / `y` fields as bigint-compatible values)
+* back into a {@link WebauthnPublicKey} with bigint coords.
+*
+* Lenient about input shape: accepts a JSON string, a pre-parsed object
+* (skip `JSON.parse` if you already ran it), and either hex (`"0x..."`)
+* or decimal-string coords. Same one-line cost regardless of where the
+* string came from — localStorage, backend response, query parameter.
+*
+* @example
+* ```ts
+* const raw = localStorage.getItem("passkey");
+* if (raw) {
+*   const pubkey = pubkeyCoordinatesFromJson(raw);
+*   // pubkey: { x: bigint, y: bigint }
+* }
+* ```
+*/
+function pubkeyCoordinatesFromJson(input) {
+	return toBigintPubkey(typeof input === "string" ? JSON.parse(input) : input);
+}
+/**
+* Turn a structural {@link AuthenticatorAssertionLike} into
+* {@link WebauthnSignatureData}, ready to feed straight into
+* `SafeAccount.createWebAuthnSignature` or the `getAssertion` callback
+* of `fromSafeWebauthn`.
+*
+* Replaces the ~13-line manual pipeline every Safe-passkeys consumer
+* has been writing — `JSON.parse` of `clientDataJSON`, destructure +
+* re-serialize the non-`type` / non-`challenge` fields, hex-encode,
+* normalize `authenticatorData`, parse DER signature → `(r, s)` —
+* with a single call.
+*
+* @example Browser:
+* ```ts
+* const assertion = await navigator.credentials.get({...});
+* return webauthnSignatureFromAssertion(assertion.response);
+* ```
+*
+* @example `ox/WebAuthnP256`:
+* ```ts
+* const { metadata, signature } = await sign({ challenge, credentialId });
+* return webauthnSignatureFromAssertion({
+*   authenticatorData: metadata.authenticatorData, // hex string from ox
+*   clientDataJSON: metadata.clientDataJSON,       // string from ox
+*   signature,                                      // { r, s } from ox
+* });
+* ```
+*/
+function webauthnSignatureFromAssertion(response) {
+	const authenticatorData = toArrayBuffer(response.authenticatorData);
+	const clientDataJSON = toUtf8String(response.clientDataJSON);
+	const rs = toRSPair(response.signature);
+	return {
+		authenticatorData,
+		clientDataFields: extractClientDataFieldsHex(clientDataJSON),
+		rs: [rs.r, rs.s]
+	};
+}
+function toArrayBuffer(input) {
+	if (input instanceof ArrayBuffer) return input;
+	const bytes = (0, ethers.getBytes)(input);
+	return bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength);
+}
+function toUtf8String(input) {
+	if (typeof input === "string") return input;
+	const bytes = input instanceof Uint8Array ? input : new Uint8Array(input);
+	return new TextDecoder("utf-8").decode(bytes);
+}
+function toRSPair(input) {
+	if (input !== null && typeof input === "object" && "r" in input && "s" in input && typeof input.r === "bigint" && typeof input.s === "bigint") return {
+		r: input.r,
+		s: input.s
+	};
+	return parseDerP256Signature(input instanceof Uint8Array ? input : new Uint8Array(input));
+}
+/**
+* Re-serialize every clientDataJSON field except `type` and `challenge`.
+* Robust to authenticators adding or reordering keys (e.g. Safari's
+* `crossOrigin`, future WebAuthn L3 fields) — parses JSON instead of
+* using a regex, validates the shape is a plain object, and emits hex
+* via `TextEncoder` (browser-safe; `Buffer` isn't defined in Vite /
+* Rollup / esbuild bundles without a polyfill).
+*/
+function extractClientDataFieldsHex(clientDataJSON) {
+	let parsed;
+	try {
+		parsed = JSON.parse(clientDataJSON);
+	} catch (err) {
+		throw new Error(`webauthnSignatureFromAssertion: clientDataJSON is not valid JSON (${err.message})`);
+	}
+	if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) throw new Error(`webauthnSignatureFromAssertion: clientDataJSON must parse to a plain object (got ${parsed === null ? "null" : Array.isArray(parsed) ? "array" : typeof parsed})`);
+	const { type: _type, challenge: _challenge, ...rest } = parsed;
+	const fields = Object.entries(rest).map(([key, value]) => `"${key}":${JSON.stringify(value)}`).join(",");
+	return (0, ethers.hexlify)(new TextEncoder().encode(fields));
+}
+/**
+* Parse a DER-encoded ECDSA P-256 signature into `(r, s)` bigints with
+* low-S normalization. Defends against truncated / malformed DER: every
+* length and tag is bounds-checked against the buffer before slicing,
+* because `Uint8Array.subarray` silently clamps OOB indices and would
+* otherwise produce attacker-controlled-length r/s.
+*
+* DER layout:
+*   0x30 | total-len | 0x02 | r-len | r-bytes | 0x02 | s-len | s-bytes
+*/
+function parseDerP256Signature(der) {
+	const malformed = () => /* @__PURE__ */ new Error("webauthnSignatureFromAssertion: malformed DER signature");
+	if (der.length < 8 || der[0] !== 48) throw malformed();
+	const headerLen = der[1] === 129 ? 3 : 2;
+	const outerLen = der[1] === 129 ? der[2] : der[1];
+	if (der.length !== headerLen + outerLen) throw malformed();
+	let offset = headerLen;
+	if (offset + 2 > der.length) throw malformed();
+	if (der[offset] !== 2) throw malformed();
+	const rLen = der[offset + 1];
+	if (rLen <= 0 || offset + 2 + rLen > der.length) throw malformed();
+	const rBytes = der.subarray(offset + 2, offset + 2 + rLen);
+	offset += 2 + rLen;
+	if (offset + 2 > der.length) throw malformed();
+	if (der[offset] !== 2) throw malformed();
+	const sLen = der[offset + 1];
+	if (sLen <= 0 || offset + 2 + sLen > der.length) throw malformed();
+	const sBytes = der.subarray(offset + 2, offset + 2 + sLen);
+	if (offset + 2 + sLen !== der.length) throw malformed();
+	const r = rBytes.length === 0 ? 0n : BigInt((0, ethers.hexlify)(rBytes));
+	let s = sBytes.length === 0 ? 0n : BigInt((0, ethers.hexlify)(sBytes));
+	const P256_N = 115792089210356248762697446949407573529996955224135760342422259061068512044369n;
+	const P256_N_HALF = P256_N >> 1n;
+	if (s > P256_N_HALF) s = P256_N - s;
+	return {
+		r,
+		s
+	};
+}
+//#endregion
 //#region src/signer/adapters.ts
 /**
 * Build a Signer from a raw private-key hex string. Supports both raw-hash
@@ -8101,6 +8606,7 @@ var abstractionkit_exports = /* @__PURE__ */ __exportAll({
 	fetchGasPrice: () => fetchGasPrice,
 	fromEthersWallet: () => fromEthersWallet,
 	fromPrivateKey: () => fromPrivateKey,
+	fromSafeWebauthn: () => fromSafeWebauthn,
 	fromViem: () => fromViem,
 	fromViemWalletClient: () => fromViemWalletClient,
 	getBalanceOf: () => getBalanceOf,
@@ -8108,6 +8614,8 @@ var abstractionkit_exports = /* @__PURE__ */ __exportAll({
 	getDepositInfo: () => getDepositInfo,
 	getFunctionSelector: () => getFunctionSelector,
 	getSafeMessageEip712Data: () => getSafeMessageEip712Data,
+	pubkeyCoordinatesFromJson: () => pubkeyCoordinatesFromJson,
+	pubkeyCoordinatesToJson: () => pubkeyCoordinatesToJson,
 	sendJsonRpcRequest: () => sendJsonRpcRequest,
 	shareTenderlySimulationAndCreateLink: () => shareTenderlySimulationAndCreateLink,
 	signHash: () => signHash,
@@ -8116,7 +8624,8 @@ var abstractionkit_exports = /* @__PURE__ */ __exportAll({
 	simulateUserOperationCallDataWithTenderly: () => simulateUserOperationCallDataWithTenderly,
 	simulateUserOperationCallDataWithTenderlyAndCreateShareLink: () => simulateUserOperationCallDataWithTenderlyAndCreateShareLink,
 	simulateUserOperationWithTenderly: () => simulateUserOperationWithTenderly,
-	simulateUserOperationWithTenderlyAndCreateShareLink: () => simulateUserOperationWithTenderlyAndCreateShareLink
+	simulateUserOperationWithTenderlyAndCreateShareLink: () => simulateUserOperationWithTenderlyAndCreateShareLink,
+	webauthnSignatureFromAssertion: () => webauthnSignatureFromAssertion
 });
 //#endregion
 exports.ALLOWANCE_MODULE_V0_1_0_ADDRESS = ALLOWANCE_MODULE_V0_1_0_ADDRESS;
@@ -8185,6 +8694,7 @@ exports.fetchAccountNonce = fetchAccountNonce;
 exports.fetchGasPrice = fetchGasPrice;
 exports.fromEthersWallet = fromEthersWallet;
 exports.fromPrivateKey = fromPrivateKey;
+exports.fromSafeWebauthn = fromSafeWebauthn;
 exports.fromViem = fromViem;
 exports.fromViemWalletClient = fromViemWalletClient;
 exports.getBalanceOf = getBalanceOf;
@@ -8192,6 +8702,8 @@ exports.getDelegatedAddress = getDelegatedAddress;
 exports.getDepositInfo = getDepositInfo;
 exports.getFunctionSelector = getFunctionSelector;
 exports.getSafeMessageEip712Data = getSafeMessageEip712Data;
+exports.pubkeyCoordinatesFromJson = pubkeyCoordinatesFromJson;
+exports.pubkeyCoordinatesToJson = pubkeyCoordinatesToJson;
 exports.sendJsonRpcRequest = sendJsonRpcRequest;
 exports.shareTenderlySimulationAndCreateLink = shareTenderlySimulationAndCreateLink;
 exports.signHash = signHash;
@@ -8201,3 +8713,4 @@ exports.simulateUserOperationCallDataWithTenderly = simulateUserOperationCallDat
 exports.simulateUserOperationCallDataWithTenderlyAndCreateShareLink = simulateUserOperationCallDataWithTenderlyAndCreateShareLink;
 exports.simulateUserOperationWithTenderly = simulateUserOperationWithTenderly;
 exports.simulateUserOperationWithTenderlyAndCreateShareLink = simulateUserOperationWithTenderlyAndCreateShareLink;
+exports.webauthnSignatureFromAssertion = webauthnSignatureFromAssertion;