@accesly/react 0.7.0 → 1.0.0-pre.1

package/dist/index.d.cts

@@ -1,60 +1,7 @@
-import { Environment, CognitoConfig, AuthClient, SessionStorage, TokenManager, AccesslyEndpoints, DeviceStore, AuthStatus, TelemetrySink, CredentialRecord, ConfigureRecoveryRequest, RecoveryConfigResponse, RecoverySignRequest, RecoverySignResponse, RecoveryDeleteResponse } from '@accesly/core';
+import { Environment, CognitoConfig, AuthClient, SessionStorage, DeviceStore, TelemetrySink, TokenManager, AccesslyEndpoints, AuthStatus, CredentialRecord } from '@accesly/core';
 import * as react from 'react';
 import { ReactNode } from 'react';
 
-/**
- * Structural type for the optional ZK email prover. Defined here (not
- * imported from `@accesly/zkemail`) so this package stays
- * runtime-independent of zkemail. Apps that wire recovery pass an
- * `@accesly/zkemail` `ZkEmailProver` instance — its public shape is a
- * superset of this.
- */
-interface ZkEmailProverHandle {
-    prove(args: {
-        readonly eml: string;
-        readonly recovery: {
-            readonly recipientEmail: string;
-            readonly walletAddress: string;
-            readonly newPasskeyPubkey: Uint8Array;
-            readonly domainSalt: Uint8Array;
-        };
-        readonly rsaModulus: bigint;
-    }): Promise<{
-        readonly bundle: {
-            readonly proof: {
-                readonly a: Uint8Array;
-                readonly b: Uint8Array;
-                readonly c: Uint8Array;
-            };
-            readonly publicSignals: readonly Uint8Array[];
-        };
-        readonly elapsedMs: number;
-    }>;
-}
-interface AcceslyContextValue {
-    readonly appId: string;
-    readonly env: Environment;
-    readonly apiUrl: string;
-    readonly cognitoConfig: CognitoConfig;
-    readonly authClient: AuthClient;
-    readonly sessionStorage: SessionStorage;
-    readonly tokenManager: TokenManager;
-    readonly endpoints: AccesslyEndpoints;
-    readonly deviceStore: DeviceStore;
-    /** Current auth status — re-rendered whenever it changes. */
-    readonly status: AuthStatus;
-    readonly username: string | null;
-    /** Force a re-read of `tokenManager.getStatus()`. */
-    readonly refreshStatus: () => Promise<void>;
-    /**
-     * Optional ZK email prover for SEP-30 recovery. When omitted,
-     * `auth.recover()` throws `RecoveryNotAvailableError`. Apps that need
-     * recovery wire it via `<AcceslyProvider zkEmailProver={...}>`.
-     */
-    readonly zkEmailProver?: ZkEmailProverHandle;
-}
-declare const AcceslyContext: react.Context<AcceslyContextValue | null>;
-
 /**
  * `AcceslyProvider` — top-level React provider that creates the SDK instances
  * once and exposes them through context. All hooks consume this.
@@ -84,15 +31,27 @@ interface AcceslyProviderProps {
     };
     /** Optional telemetry sink — surfaces every API request/response/retry. */
     readonly telemetry?: TelemetrySink;
-    /**
-     * Optional ZK email prover for SEP-30 recovery. Pass an instance from
-     * `@accesly/zkemail` (`createZkEmailProver({ artifactsBaseUrl })`). When
-     * omitted, `auth.recover()` throws `RecoveryNotAvailableError`.
-     */
-    readonly zkEmailProver?: ZkEmailProverHandle;
 }
 declare function AcceslyProvider(props: AcceslyProviderProps): JSX.Element;
 
+interface AcceslyContextValue {
+    readonly appId: string;
+    readonly env: Environment;
+    readonly apiUrl: string;
+    readonly cognitoConfig: CognitoConfig;
+    readonly authClient: AuthClient;
+    readonly sessionStorage: SessionStorage;
+    readonly tokenManager: TokenManager;
+    readonly endpoints: AccesslyEndpoints;
+    readonly deviceStore: DeviceStore;
+    /** Current auth status — re-rendered whenever it changes. */
+    readonly status: AuthStatus;
+    readonly username: string | null;
+    /** Force a re-read of `tokenManager.getStatus()`. */
+    readonly refreshStatus: () => Promise<void>;
+}
+declare const AcceslyContext: react.Context<AcceslyContextValue | null>;
+
 /**
  * Per-environment defaults — currently the only public stage is `dev`. The
  * others are placeholders so the SDK API doesn't change when `staging`/`prod`
@@ -136,58 +95,6 @@ declare const ENVIRONMENT_DEFAULTS: Record<Environment, EnvironmentDefaults>;
  * `auth` don't bring `wallet` into their render.
  */
 
-/**
- * Structural type of `@accesly/zkemail`'s `ZkEmailProver`. Defined here so
- * `@accesly/react` does not take a hard runtime dep on `@accesly/zkemail`.
- * Consumers who use recovery wire in a real prover via `<AcceslyProvider>`.
- */
-interface ZkEmailProverLike {
-    prove(args: {
-        readonly eml: string;
-        readonly recovery: {
-            readonly recipientEmail: string;
-            readonly walletAddress: string;
-            readonly newPasskeyPubkey: Uint8Array;
-            readonly domainSalt: Uint8Array;
-        };
-        readonly rsaModulus: bigint;
-    }): Promise<{
-        readonly bundle: {
-            readonly proof: {
-                readonly a: Uint8Array;
-                readonly b: Uint8Array;
-                readonly c: Uint8Array;
-            };
-            readonly publicSignals: readonly Uint8Array[];
-        };
-        readonly elapsedMs: number;
-    }>;
-}
-/** Input to `auth.recover()` once a `ZkEmailProver` is configured. */
-interface RecoverInput {
-    /** Raw .eml as downloaded by the user from Gmail's "Show original". */
-    readonly eml: string;
-    /** Lowercase, trimmed recipient address that received the DKIM-signed message. */
-    readonly recipientEmail: string;
-    /** Wallet address being recovered (G... strkey). */
-    readonly walletAddress: string;
-    /** New passkey public key (secp256r1, 64 bytes) that will replace the lost one. */
-    readonly newPasskeyPubkey: Uint8Array;
-    /** Domain salt from the deployed Smart Account, per D1.4. 32 bytes. */
-    readonly domainSalt: Uint8Array;
-    /** RSA-2048 modulus of the DKIM key that signed the .eml. */
-    readonly rsaModulus: bigint;
-}
-/** Output of a successful recovery proof build. The backend Lambda (Phase 6) submits this. */
-interface RecoverResult {
-    readonly proof: {
-        readonly a: Uint8Array;
-        readonly b: Uint8Array;
-        readonly c: Uint8Array;
-    };
-    readonly publicSignals: readonly Uint8Array[];
-    readonly elapsedMs: number;
-}
 interface AuthNamespace {
     readonly status: AuthStatus;
     readonly username: string | null;
@@ -199,24 +106,6 @@ interface AuthNamespace {
     resendConfirmation(email: string): Promise<void>;
     signIn(email: string, password: string): Promise<void>;
     signOut(): Promise<void>;
-    /**
-     * SEP-30 account recovery via ZK email proof. Generates a Groth16 proof
-     * client-side that the deployed Soroban verifier accepts. Throws
-     * `RecoveryNotAvailableError` if no `zkEmailProver` was configured on
-     * the `<AcceslyProvider>`.
-     *
-     * The returned `RecoverResult` is ready for the Phase 6 `sep30Handler`
-     * Lambda, which submits the rotation tx to Soroban on the user's behalf.
-     */
-    recover(input: RecoverInput): Promise<RecoverResult>;
-}
-/**
- * Thrown by `auth.recover()` when the app did not configure a `zkEmailProver`
- * on the `<AcceslyProvider>`. To enable recovery, install `@accesly/zkemail`
- * and pass `<AcceslyProvider zkEmailProver={prover}>`.
- */
-declare class RecoveryNotAvailableError extends Error {
-    constructor();
 }
 interface CreateWalletInput {
     readonly email: string;
@@ -238,6 +127,22 @@ interface CreateWalletInput {
     readonly credentialId?: Uint8Array;
     /** Optional. See `credentialId`. */
     readonly prfSalt?: Uint8Array;
+    /**
+     * Password de Cognito en plano (`Uint8Array` codificado UTF-8).
+     *
+     * Recovery v2 (Fase 1, 2026-06-15): si se provee, el SDK deriva
+     * `recoveryKey = PBKDF2(password, recoverySalt, 600k)` y la usa para
+     * cifrar F3 antes de enviarlo al backend, en vez de usar
+     * `encryptionKeys[2]`. El backend almacena F3 cifrado con esa key —
+     * SOLO descifrable client-side con el mismo password.
+     *
+     * Sin esta prop el wallet se crea pero NO podrá recuperarse vía OTP
+     * (F3 quedará cifrado con `encryptionKeys[2]`, igual que en 0.x).
+     *
+     * El caller es responsable de zeroizar este buffer tras `createWallet`
+     * (el SDK no lo retiene en memoria).
+     */
+    readonly cognitoPassword?: Uint8Array;
 }
 interface CreatedWalletInfo {
     readonly walletAddress: string;
@@ -521,27 +426,55 @@ declare class NotImplementedYetError extends Error {
     constructor(namespace: string, method: string);
 }
 /**
- * Backend-side SEP-30 recovery namespace. Wraps the public `/sep30/accounts/*`
- * endpoints exposed by the Phase 6 `sep30Handler` Lambda. These are SEP-30
- * standard — interoperable with Freighter/Lobstr/etc. — and stateful from the
- * backend's perspective (persists identities + signers in DynamoDB).
+ * Recovery v2 — OTP por email + password de Cognito (Fase 1, 2026-06-15).
  *
- * The cryptographic proof generation that authorizes the actual rotation
- * lives in `auth.recover()` (when a `ZkEmailProver` is wired).
+ * Flujo desde la UI:
+ *   1. `recovery.requestOtp({ email })` → manda el OTP por SES.
+ *   2. `recovery.verifyOtp({ email, code })` → devuelve `recoveryJwt`.
+ *   3. `recovery.finalize({ email, password, recoveryJwt })` orquesta todo:
+ *      - GET /fragments/3 con el JWT
+ *      - Deriva recoveryKey con el password + recoverySalt del backend
+ *      - Decifra F3
+ *      - Decifra F2 (vía session key ECDH)
+ *      - Combina F2+F3 → seed ed25519 reconstruida
+ *      - Genera new passkey + new Shamir split (F1', F2', F3')
+ *      - Re-cifra F3' con la misma recoveryKey + nuevo salt
+ *      - Firma la tx `rotate_signer` localmente
+ *      - POST /recovery/finalize con todo
+ *      - Persiste new CredentialRecord local
+ *      - Zero-iza la seed
  */
 interface RecoveryNamespace {
-    /** Persist or replace the recovery config for `walletAddress`. */
-    configure(walletAddress: string, input: ConfigureRecoveryRequest): Promise<RecoveryConfigResponse>;
-    /** Read the current recovery config, or `null` if none is registered. */
-    get(walletAddress: string): Promise<RecoveryConfigResponse | null>;
+    /** Pide OTP. Backend rate-limita; el caller debe respetar `cooldownSeconds`. */
+    requestOtp(input: {
+        email: string;
+    }): Promise<{
+        cooldownSeconds: number;
+        expiresInSeconds: number;
+    }>;
+    /** Verifica OTP. Devuelve `recoveryJwt` con TTL 5min. */
+    verifyOtp(input: {
+        email: string;
+        code: string;
+    }): Promise<{
+        recoveryJwt: string;
+        expiresAt: number;
+    }>;
     /**
-     * Ask the backend to authorize a recovery transaction. In `mock` mode it
-     * authorizes when the identity matches a registered one. In `real` mode it
-     * polls the on-chain `zk-email-verifier` event before authorizing.
+     * Cierra el flujo de recovery. Tras éxito el `walletAddress` rotó sus
+     * signers on-chain y el dispositivo nuevo tiene los fragmentos
+     * persistidos. Pasar el password de Cognito en plano (UTF-8).
+     *
+     * El caller es responsable de zeroizar `cognitoPassword` después.
      */
-    requestSignature(walletAddress: string, signingAddress: string, input: RecoverySignRequest): Promise<RecoverySignResponse>;
-    /** Remove the recovery config. Returns `null` if it did not exist. */
-    remove(walletAddress: string): Promise<RecoveryDeleteResponse | null>;
+    finalize(input: {
+        email: string;
+        cognitoPassword: Uint8Array;
+        recoveryJwt: string;
+    }): Promise<{
+        walletAddress: string;
+        txHash: string;
+    }>;
 }
 interface AcceslyHook {
     readonly auth: AuthNamespace;
@@ -581,4 +514,4 @@ declare function useAccesly(): AcceslyHook;
  */
 declare const REACT_ADAPTER_VERSION = "0.0.0";
 
-export { AcceslyContext, type AcceslyContextValue, type AcceslyHook, AcceslyProvider, type AcceslyProviderProps, type AuthNamespace, type CreateWalletInput, type CreatedWalletInfo, ENVIRONMENT_DEFAULTS, type EnsureWalletResult, type EnvironmentDefaults, type KycNamespace, NotImplementedYetError, REACT_ADAPTER_VERSION, type RecoverInput, type RecoverResult, type RecoveryNamespace, RecoveryNotAvailableError, type RemoteWalletInfo, type RetryDeployResult, type SendXlmInput, type SendXlmResult, type SessionNamespace, type SettingsNamespace, type TxNamespace, type WalletNamespace, type WalletStatus, type YieldNamespace, type ZkEmailProverHandle, type ZkEmailProverLike, useAccesly };
+export { AcceslyContext, type AcceslyContextValue, type AcceslyHook, AcceslyProvider, type AcceslyProviderProps, type AuthNamespace, type CreateWalletInput, type CreatedWalletInfo, ENVIRONMENT_DEFAULTS, type EnsureWalletResult, type EnvironmentDefaults, type KycNamespace, NotImplementedYetError, REACT_ADAPTER_VERSION, type RecoveryNamespace, type RemoteWalletInfo, type RetryDeployResult, type SendXlmInput, type SendXlmResult, type SessionNamespace, type SettingsNamespace, type TxNamespace, type WalletNamespace, type WalletStatus, type YieldNamespace, useAccesly };

package/dist/index.d.ts

@@ -1,60 +1,7 @@
-import { Environment, CognitoConfig, AuthClient, SessionStorage, TokenManager, AccesslyEndpoints, DeviceStore, AuthStatus, TelemetrySink, CredentialRecord, ConfigureRecoveryRequest, RecoveryConfigResponse, RecoverySignRequest, RecoverySignResponse, RecoveryDeleteResponse } from '@accesly/core';
+import { Environment, CognitoConfig, AuthClient, SessionStorage, DeviceStore, TelemetrySink, TokenManager, AccesslyEndpoints, AuthStatus, CredentialRecord } from '@accesly/core';
 import * as react from 'react';
 import { ReactNode } from 'react';
 
-/**
- * Structural type for the optional ZK email prover. Defined here (not
- * imported from `@accesly/zkemail`) so this package stays
- * runtime-independent of zkemail. Apps that wire recovery pass an
- * `@accesly/zkemail` `ZkEmailProver` instance — its public shape is a
- * superset of this.
- */
-interface ZkEmailProverHandle {
-    prove(args: {
-        readonly eml: string;
-        readonly recovery: {
-            readonly recipientEmail: string;
-            readonly walletAddress: string;
-            readonly newPasskeyPubkey: Uint8Array;
-            readonly domainSalt: Uint8Array;
-        };
-        readonly rsaModulus: bigint;
-    }): Promise<{
-        readonly bundle: {
-            readonly proof: {
-                readonly a: Uint8Array;
-                readonly b: Uint8Array;
-                readonly c: Uint8Array;
-            };
-            readonly publicSignals: readonly Uint8Array[];
-        };
-        readonly elapsedMs: number;
-    }>;
-}
-interface AcceslyContextValue {
-    readonly appId: string;
-    readonly env: Environment;
-    readonly apiUrl: string;
-    readonly cognitoConfig: CognitoConfig;
-    readonly authClient: AuthClient;
-    readonly sessionStorage: SessionStorage;
-    readonly tokenManager: TokenManager;
-    readonly endpoints: AccesslyEndpoints;
-    readonly deviceStore: DeviceStore;
-    /** Current auth status — re-rendered whenever it changes. */
-    readonly status: AuthStatus;
-    readonly username: string | null;
-    /** Force a re-read of `tokenManager.getStatus()`. */
-    readonly refreshStatus: () => Promise<void>;
-    /**
-     * Optional ZK email prover for SEP-30 recovery. When omitted,
-     * `auth.recover()` throws `RecoveryNotAvailableError`. Apps that need
-     * recovery wire it via `<AcceslyProvider zkEmailProver={...}>`.
-     */
-    readonly zkEmailProver?: ZkEmailProverHandle;
-}
-declare const AcceslyContext: react.Context<AcceslyContextValue | null>;
-
 /**
  * `AcceslyProvider` — top-level React provider that creates the SDK instances
  * once and exposes them through context. All hooks consume this.
@@ -84,15 +31,27 @@ interface AcceslyProviderProps {
     };
     /** Optional telemetry sink — surfaces every API request/response/retry. */
     readonly telemetry?: TelemetrySink;
-    /**
-     * Optional ZK email prover for SEP-30 recovery. Pass an instance from
-     * `@accesly/zkemail` (`createZkEmailProver({ artifactsBaseUrl })`). When
-     * omitted, `auth.recover()` throws `RecoveryNotAvailableError`.
-     */
-    readonly zkEmailProver?: ZkEmailProverHandle;
 }
 declare function AcceslyProvider(props: AcceslyProviderProps): JSX.Element;
 
+interface AcceslyContextValue {
+    readonly appId: string;
+    readonly env: Environment;
+    readonly apiUrl: string;
+    readonly cognitoConfig: CognitoConfig;
+    readonly authClient: AuthClient;
+    readonly sessionStorage: SessionStorage;
+    readonly tokenManager: TokenManager;
+    readonly endpoints: AccesslyEndpoints;
+    readonly deviceStore: DeviceStore;
+    /** Current auth status — re-rendered whenever it changes. */
+    readonly status: AuthStatus;
+    readonly username: string | null;
+    /** Force a re-read of `tokenManager.getStatus()`. */
+    readonly refreshStatus: () => Promise<void>;
+}
+declare const AcceslyContext: react.Context<AcceslyContextValue | null>;
+
 /**
  * Per-environment defaults — currently the only public stage is `dev`. The
  * others are placeholders so the SDK API doesn't change when `staging`/`prod`
@@ -136,58 +95,6 @@ declare const ENVIRONMENT_DEFAULTS: Record<Environment, EnvironmentDefaults>;
  * `auth` don't bring `wallet` into their render.
  */
 
-/**
- * Structural type of `@accesly/zkemail`'s `ZkEmailProver`. Defined here so
- * `@accesly/react` does not take a hard runtime dep on `@accesly/zkemail`.
- * Consumers who use recovery wire in a real prover via `<AcceslyProvider>`.
- */
-interface ZkEmailProverLike {
-    prove(args: {
-        readonly eml: string;
-        readonly recovery: {
-            readonly recipientEmail: string;
-            readonly walletAddress: string;
-            readonly newPasskeyPubkey: Uint8Array;
-            readonly domainSalt: Uint8Array;
-        };
-        readonly rsaModulus: bigint;
-    }): Promise<{
-        readonly bundle: {
-            readonly proof: {
-                readonly a: Uint8Array;
-                readonly b: Uint8Array;
-                readonly c: Uint8Array;
-            };
-            readonly publicSignals: readonly Uint8Array[];
-        };
-        readonly elapsedMs: number;
-    }>;
-}
-/** Input to `auth.recover()` once a `ZkEmailProver` is configured. */
-interface RecoverInput {
-    /** Raw .eml as downloaded by the user from Gmail's "Show original". */
-    readonly eml: string;
-    /** Lowercase, trimmed recipient address that received the DKIM-signed message. */
-    readonly recipientEmail: string;
-    /** Wallet address being recovered (G... strkey). */
-    readonly walletAddress: string;
-    /** New passkey public key (secp256r1, 64 bytes) that will replace the lost one. */
-    readonly newPasskeyPubkey: Uint8Array;
-    /** Domain salt from the deployed Smart Account, per D1.4. 32 bytes. */
-    readonly domainSalt: Uint8Array;
-    /** RSA-2048 modulus of the DKIM key that signed the .eml. */
-    readonly rsaModulus: bigint;
-}
-/** Output of a successful recovery proof build. The backend Lambda (Phase 6) submits this. */
-interface RecoverResult {
-    readonly proof: {
-        readonly a: Uint8Array;
-        readonly b: Uint8Array;
-        readonly c: Uint8Array;
-    };
-    readonly publicSignals: readonly Uint8Array[];
-    readonly elapsedMs: number;
-}
 interface AuthNamespace {
     readonly status: AuthStatus;
     readonly username: string | null;
@@ -199,24 +106,6 @@ interface AuthNamespace {
     resendConfirmation(email: string): Promise<void>;
     signIn(email: string, password: string): Promise<void>;
     signOut(): Promise<void>;
-    /**
-     * SEP-30 account recovery via ZK email proof. Generates a Groth16 proof
-     * client-side that the deployed Soroban verifier accepts. Throws
-     * `RecoveryNotAvailableError` if no `zkEmailProver` was configured on
-     * the `<AcceslyProvider>`.
-     *
-     * The returned `RecoverResult` is ready for the Phase 6 `sep30Handler`
-     * Lambda, which submits the rotation tx to Soroban on the user's behalf.
-     */
-    recover(input: RecoverInput): Promise<RecoverResult>;
-}
-/**
- * Thrown by `auth.recover()` when the app did not configure a `zkEmailProver`
- * on the `<AcceslyProvider>`. To enable recovery, install `@accesly/zkemail`
- * and pass `<AcceslyProvider zkEmailProver={prover}>`.
- */
-declare class RecoveryNotAvailableError extends Error {
-    constructor();
 }
 interface CreateWalletInput {
     readonly email: string;
@@ -238,6 +127,22 @@ interface CreateWalletInput {
     readonly credentialId?: Uint8Array;
     /** Optional. See `credentialId`. */
     readonly prfSalt?: Uint8Array;
+    /**
+     * Password de Cognito en plano (`Uint8Array` codificado UTF-8).
+     *
+     * Recovery v2 (Fase 1, 2026-06-15): si se provee, el SDK deriva
+     * `recoveryKey = PBKDF2(password, recoverySalt, 600k)` y la usa para
+     * cifrar F3 antes de enviarlo al backend, en vez de usar
+     * `encryptionKeys[2]`. El backend almacena F3 cifrado con esa key —
+     * SOLO descifrable client-side con el mismo password.
+     *
+     * Sin esta prop el wallet se crea pero NO podrá recuperarse vía OTP
+     * (F3 quedará cifrado con `encryptionKeys[2]`, igual que en 0.x).
+     *
+     * El caller es responsable de zeroizar este buffer tras `createWallet`
+     * (el SDK no lo retiene en memoria).
+     */
+    readonly cognitoPassword?: Uint8Array;
 }
 interface CreatedWalletInfo {
     readonly walletAddress: string;
@@ -521,27 +426,55 @@ declare class NotImplementedYetError extends Error {
     constructor(namespace: string, method: string);
 }
 /**
- * Backend-side SEP-30 recovery namespace. Wraps the public `/sep30/accounts/*`
- * endpoints exposed by the Phase 6 `sep30Handler` Lambda. These are SEP-30
- * standard — interoperable with Freighter/Lobstr/etc. — and stateful from the
- * backend's perspective (persists identities + signers in DynamoDB).
+ * Recovery v2 — OTP por email + password de Cognito (Fase 1, 2026-06-15).
  *
- * The cryptographic proof generation that authorizes the actual rotation
- * lives in `auth.recover()` (when a `ZkEmailProver` is wired).
+ * Flujo desde la UI:
+ *   1. `recovery.requestOtp({ email })` → manda el OTP por SES.
+ *   2. `recovery.verifyOtp({ email, code })` → devuelve `recoveryJwt`.
+ *   3. `recovery.finalize({ email, password, recoveryJwt })` orquesta todo:
+ *      - GET /fragments/3 con el JWT
+ *      - Deriva recoveryKey con el password + recoverySalt del backend
+ *      - Decifra F3
+ *      - Decifra F2 (vía session key ECDH)
+ *      - Combina F2+F3 → seed ed25519 reconstruida
+ *      - Genera new passkey + new Shamir split (F1', F2', F3')
+ *      - Re-cifra F3' con la misma recoveryKey + nuevo salt
+ *      - Firma la tx `rotate_signer` localmente
+ *      - POST /recovery/finalize con todo
+ *      - Persiste new CredentialRecord local
+ *      - Zero-iza la seed
  */
 interface RecoveryNamespace {
-    /** Persist or replace the recovery config for `walletAddress`. */
-    configure(walletAddress: string, input: ConfigureRecoveryRequest): Promise<RecoveryConfigResponse>;
-    /** Read the current recovery config, or `null` if none is registered. */
-    get(walletAddress: string): Promise<RecoveryConfigResponse | null>;
+    /** Pide OTP. Backend rate-limita; el caller debe respetar `cooldownSeconds`. */
+    requestOtp(input: {
+        email: string;
+    }): Promise<{
+        cooldownSeconds: number;
+        expiresInSeconds: number;
+    }>;
+    /** Verifica OTP. Devuelve `recoveryJwt` con TTL 5min. */
+    verifyOtp(input: {
+        email: string;
+        code: string;
+    }): Promise<{
+        recoveryJwt: string;
+        expiresAt: number;
+    }>;
     /**
-     * Ask the backend to authorize a recovery transaction. In `mock` mode it
-     * authorizes when the identity matches a registered one. In `real` mode it
-     * polls the on-chain `zk-email-verifier` event before authorizing.
+     * Cierra el flujo de recovery. Tras éxito el `walletAddress` rotó sus
+     * signers on-chain y el dispositivo nuevo tiene los fragmentos
+     * persistidos. Pasar el password de Cognito en plano (UTF-8).
+     *
+     * El caller es responsable de zeroizar `cognitoPassword` después.
      */
-    requestSignature(walletAddress: string, signingAddress: string, input: RecoverySignRequest): Promise<RecoverySignResponse>;
-    /** Remove the recovery config. Returns `null` if it did not exist. */
-    remove(walletAddress: string): Promise<RecoveryDeleteResponse | null>;
+    finalize(input: {
+        email: string;
+        cognitoPassword: Uint8Array;
+        recoveryJwt: string;
+    }): Promise<{
+        walletAddress: string;
+        txHash: string;
+    }>;
 }
 interface AcceslyHook {
     readonly auth: AuthNamespace;
@@ -581,4 +514,4 @@ declare function useAccesly(): AcceslyHook;
  */
 declare const REACT_ADAPTER_VERSION = "0.0.0";
 
-export { AcceslyContext, type AcceslyContextValue, type AcceslyHook, AcceslyProvider, type AcceslyProviderProps, type AuthNamespace, type CreateWalletInput, type CreatedWalletInfo, ENVIRONMENT_DEFAULTS, type EnsureWalletResult, type EnvironmentDefaults, type KycNamespace, NotImplementedYetError, REACT_ADAPTER_VERSION, type RecoverInput, type RecoverResult, type RecoveryNamespace, RecoveryNotAvailableError, type RemoteWalletInfo, type RetryDeployResult, type SendXlmInput, type SendXlmResult, type SessionNamespace, type SettingsNamespace, type TxNamespace, type WalletNamespace, type WalletStatus, type YieldNamespace, type ZkEmailProverHandle, type ZkEmailProverLike, useAccesly };
+export { AcceslyContext, type AcceslyContextValue, type AcceslyHook, AcceslyProvider, type AcceslyProviderProps, type AuthNamespace, type CreateWalletInput, type CreatedWalletInfo, ENVIRONMENT_DEFAULTS, type EnsureWalletResult, type EnvironmentDefaults, type KycNamespace, NotImplementedYetError, REACT_ADAPTER_VERSION, type RecoveryNamespace, type RemoteWalletInfo, type RetryDeployResult, type SendXlmInput, type SendXlmResult, type SessionNamespace, type SettingsNamespace, type TxNamespace, type WalletNamespace, type WalletStatus, type YieldNamespace, useAccesly };