fix: align shell-sdk signing hashes with shell-chain v0.23.0

[LucienSong]

Summary

• replace legacy keccak256(RLP(tx)) helpers with the canonical shell-chain v0.23.0 BLAKE3 signing preimages
• fix AA sender/paymaster hashing, add Rust-compatible vectors, and guard AA signing so bundle hashes cannot silently fall back to the legacy path
• add signer disposal helpers and zero decrypted secret-key buffers after keystore decryption
• bump the SDK package version to 0.9.2

Validation

• npm run build
• npm test

Impact-Deferred: shell-dex: downstream UI build/smoke tests require the separate DEX repo and were not run in this SDK PR.
Impact-Deferred: shell-explorer: explorer smoke tests require the separate repo and a live devnet.
Impact-Deferred: shella-chrome-wallet: wallet integration/keystore round-trip tests require the separate repo and extension environment.
Impact-Deferred: shell-site: site docs/examples live in the separate site repo and were not updated in this SDK-only PR.

[Copilot]

Pull request overview

This PR updates shell-sdk’s signing and hashing logic to match shell-chain v0.23.0, switching from legacy keccak256(RLP(tx)) hashing to canonical BLAKE3 structured-preimage hashes (including AA bundle/paymaster flows), while also improving key material lifecycle handling (dispose/zeroization) and bumping the package version to 0.9.2.

Changes:

• Replace legacy transaction + AA sender hashing with shell-chain v0.23.0 BLAKE3 signing preimages; add paymaster signing hash helper and updated deterministic vectors.
• Add signer/adapter disposal and keystore decryption zeroization helpers; add withDecryptedKeystoreSigner() convenience API.
• Update integration/unit tests, fixtures, docs (README/CHANGELOG), and bump package versions.

Reviewed changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
tests/node.integration.test.mjs	Updates integration tests to rely on auto-derived hashes, adds disposal and AA-guard coverage.
tests/fixtures/rust-compatibility.json	Regenerates Rust-compat transaction hash vectors for the new signing hash scheme.
tests/browser.integration.test.mjs	Removes manual hashTransaction usage in browser integration flow.
tests/aa.test.mjs	Updates AA hash assertions for BLAKE3, adds fixed vectors and paymaster hash coverage.
src/transactions.ts	Implements BLAKE3 structured-preimage hashing for txs + AA sender/paymaster hashes; introduces encoding helpers.
src/signer.ts	Adds dispose() support, guards AA signing, and auto-computes correct signing hashes when txHash is omitted.
src/keystore.ts	Zeroes decrypted key material, documents disposal, and adds withDecryptedKeystoreSigner() helper.
src/index.ts	Re-exports new helpers (hashPaymasterTransaction, withDecryptedKeystoreSigner).
src/adapters.ts	Adds adapter secret-key lifecycle management (cloning + disposal/zeroization) and safer public key accessors.
README.md	Updates v0.23.0 alignment notes and examples to reflect the new hashing/signing behavior.
package.json	Bumps SDK version to 0.9.2.
package-lock.json	Updates lockfile package version to 0.9.2.
CHANGELOG.md	Adds 0.9.2 release notes reflecting hashing, AA, and disposal changes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.