@agenticvault/agentic-vault 0.1.0

package/dist/cli/index.js

@@ -0,0 +1,108 @@
+#!/usr/bin/env node
+import { parseGlobalArgs, buildWorkflowContext, buildDryRunContext } from './context.js';
+import { parseOutputFormat } from './formatters.js';
+import { runSign } from './commands/sign.js';
+import { runSignPermit } from './commands/sign-permit.js';
+import { runDryRun } from './commands/dry-run.js';
+import { runGetAddress } from './commands/get-address.js';
+import { runHealth } from './commands/health.js';
+import { runMcp } from './commands/mcp.js';
+import { runDecode } from './commands/decode.js';
+import { runEncode } from './commands/encode.js';
+const USAGE = `Usage: agentic-vault <command> [options]
+
+Commands:
+  sign            Sign a DeFi transaction (decoded + policy validated)
+  sign-permit     Sign an EIP-2612 permit
+  dry-run         Decode + policy check without signing
+  encode          Encode intent parameters into calldata hex
+  decode          Decode calldata hex into intent JSON
+  get-address     Get the vault wallet address
+  health          Check signer health status
+  mcp             Start MCP stdio server
+
+Global options:
+  --key-id <id>           AWS KMS key ID (or set VAULT_KEY_ID env var)
+  --region <region>       AWS region (or set VAULT_REGION env var)
+  --expected-address <a>  Expected wallet address (optional)
+  --policy-config <path>  Policy config JSON file (optional)
+  --output <format>       Output format: json (default), human, raw
+  --help, -h              Show this help message
+`;
+function usage(exitCode = 1) {
+    const stream = exitCode === 0 ? process.stdout : process.stderr;
+    stream.write(USAGE);
+    process.exit(exitCode);
+}
+async function main() {
+    const subcommand = process.argv[2];
+    const rest = process.argv.slice(3);
+    if (subcommand === '--help' || subcommand === '-h') {
+        usage(0);
+    }
+    if (!subcommand) {
+        usage(1);
+    }
+    // Subcommand-level --help: show global usage (subcommand-specific help not yet implemented)
+    if (rest.includes('--help') || rest.includes('-h')) {
+        usage(0);
+    }
+    switch (subcommand) {
+        case 'sign': {
+            const args = parseGlobalArgs(rest);
+            const ctx = buildWorkflowContext(args);
+            await runSign(ctx, rest);
+            break;
+        }
+        case 'sign-permit': {
+            const args = parseGlobalArgs(rest);
+            const ctx = buildWorkflowContext(args);
+            await runSignPermit(ctx, rest);
+            break;
+        }
+        case 'dry-run': {
+            // dry-run does not require signer credentials, but supports --policy-config
+            let policyConfig;
+            for (let i = 0; i < rest.length; i++) {
+                if (rest[i] === '--policy-config')
+                    policyConfig = rest[++i];
+            }
+            const ctx = buildDryRunContext({ policyConfig });
+            await runDryRun(ctx, rest);
+            break;
+        }
+        case 'get-address': {
+            const args = parseGlobalArgs(rest);
+            const ctx = buildWorkflowContext(args);
+            await runGetAddress(ctx, parseOutputFormat(rest));
+            break;
+        }
+        case 'health': {
+            const args = parseGlobalArgs(rest);
+            const ctx = buildWorkflowContext(args);
+            await runHealth(ctx, parseOutputFormat(rest));
+            break;
+        }
+        case 'encode': {
+            await runEncode(rest);
+            break;
+        }
+        case 'decode': {
+            await runDecode(rest);
+            break;
+        }
+        case 'mcp': {
+            const args = parseGlobalArgs(rest);
+            await runMcp(args, rest);
+            break;
+        }
+        default:
+            usage();
+    }
+}
+main().catch((error) => {
+    const message = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`Error: ${message}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/cli/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACzF,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAEjD,MAAM,KAAK,GAAG;;;;;;;;;;;;;;;;;;;CAmBb,CAAC;AAEF,SAAS,KAAK,CAAC,QAAQ,GAAG,CAAC;IACzB,MAAM,MAAM,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IAChE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACpB,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACzB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnC,IAAI,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACnD,KAAK,CAAC,CAAC,CAAC,CAAC;IACX,CAAC;IAED,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,KAAK,CAAC,CAAC,CAAC,CAAC;IACX,CAAC;IAED,4FAA4F;IAC5F,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,KAAK,CAAC,CAAC,CAAC,CAAC;IACX,CAAC;IAED,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,GAAG,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;YACvC,MAAM,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACzB,MAAM;QACR,CAAC;QACD,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,GAAG,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;YACvC,MAAM,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC/B,MAAM;QACR,CAAC;QACD,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,4EAA4E;YAC5E,IAAI,YAAgC,CAAC;YACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACrC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,iBAAiB;oBAAE,YAAY,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAC9D,CAAC;YACD,MAAM,GAAG,GAAG,kBAAkB,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC;YACjD,MAAM,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC3B,MAAM;QACR,CAAC;QACD,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,GAAG,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;YACvC,MAAM,aAAa,CAAC,GAAG,EAAE,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;YAClD,MAAM;QACR,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,GAAG,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;YACvC,MAAM,SAAS,CAAC,GAAG,EAAE,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC9C,MAAM;QACR,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC;YACtB,MAAM;QACR,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC;YACtB,MAAM;QACR,CAAC;QACD,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACzB,MAAM;QACR,CAAC;QACD;YACE,KAAK,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,OAAO,IAAI,CAAC,CAAC;IAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/core/evm-signer-adapter.d.ts

@@ -0,0 +1,42 @@
+import { type Address, type Hex, type TransactionSerializable } from 'viem';
+import type { SigningProvider } from './signing-provider.js';
+import type { SignTypedDataParams, SignatureComponents, SignerAdapter } from '../types.js';
+export interface EvmSignerAdapterConfig {
+    expectedAddress?: Address;
+}
+/**
+ * EVM signing adapter that delegates to a SigningProvider.
+ * Same orchestration logic as KmsSignerAdapter but provider-agnostic.
+ */
+export declare class EvmSignerAdapter implements SignerAdapter {
+    private readonly expectedAddress?;
+    private readonly provider;
+    private addressPromise;
+    constructor(provider: SigningProvider, config?: EvmSignerAdapterConfig);
+    /**
+     * Get the Ethereum address derived from the provider's public key.
+     * Uses promise memoization to avoid concurrent calls during cold start.
+     */
+    getAddress(): Promise<Address>;
+    /**
+     * Sign a transaction: serialize -> keccak256 -> provider sign -> DER decode -> assemble signed tx.
+     */
+    signTransaction(tx: TransactionSerializable): Promise<Hex>;
+    /**
+     * Sign EIP-712 typed data. Returns {v, r, s} for permit-style calls.
+     * v = yParity + 27 (legacy recovery id format expected by EIP-2612 selfPermit).
+     */
+    signTypedData(params: SignTypedDataParams): Promise<SignatureComponents>;
+    /**
+     * Health check: verify provider is healthy and address matches expectations.
+     */
+    healthCheck(): Promise<void>;
+    /**
+     * Internal: sign a 32-byte digest via provider and resolve the recovery parameter.
+     */
+    private signDigestAndRecover;
+    /**
+     * Internal: derive address from provider's public key.
+     */
+    private deriveAddress;
+}

package/dist/core/evm-signer-adapter.js

@@ -0,0 +1,92 @@
+import { hashTypedData, keccak256, serializeTransaction, toHex, } from 'viem';
+import { normalizeSignature, parseDerSignature, publicToAddress, resolveRecoveryParam, } from '../evm-signer.util.js';
+/**
+ * EVM signing adapter that delegates to a SigningProvider.
+ * Same orchestration logic as KmsSignerAdapter but provider-agnostic.
+ */
+export class EvmSignerAdapter {
+    expectedAddress;
+    provider;
+    addressPromise = null;
+    constructor(provider, config) {
+        this.provider = provider;
+        this.expectedAddress = config?.expectedAddress;
+    }
+    /**
+     * Get the Ethereum address derived from the provider's public key.
+     * Uses promise memoization to avoid concurrent calls during cold start.
+     */
+    getAddress() {
+        if (!this.addressPromise) {
+            this.addressPromise = this.deriveAddress();
+        }
+        return this.addressPromise;
+    }
+    /**
+     * Sign a transaction: serialize -> keccak256 -> provider sign -> DER decode -> assemble signed tx.
+     */
+    async signTransaction(tx) {
+        const serialized = serializeTransaction(tx);
+        const digest = keccak256(serialized, 'bytes');
+        const { r, s, yParity } = await this.signDigestAndRecover(digest);
+        return serializeTransaction(tx, {
+            r: toHex(r, { size: 32 }),
+            s: toHex(s, { size: 32 }),
+            yParity,
+        });
+    }
+    /**
+     * Sign EIP-712 typed data. Returns {v, r, s} for permit-style calls.
+     * v = yParity + 27 (legacy recovery id format expected by EIP-2612 selfPermit).
+     */
+    async signTypedData(params) {
+        const hash = hashTypedData(params);
+        const digest = hexToBytes(hash);
+        const { r, s, yParity } = await this.signDigestAndRecover(digest);
+        return {
+            v: yParity + 27,
+            r: toHex(r, { size: 32 }),
+            s: toHex(s, { size: 32 }),
+        };
+    }
+    /**
+     * Health check: verify provider is healthy and address matches expectations.
+     */
+    async healthCheck() {
+        await this.provider.healthCheck();
+        if (this.expectedAddress) {
+            const derivedAddress = await this.getAddress();
+            if (derivedAddress.toLowerCase() !== this.expectedAddress.toLowerCase()) {
+                throw new Error(`Derived address ${derivedAddress} does not match expected ${this.expectedAddress}`);
+            }
+        }
+    }
+    /**
+     * Internal: sign a 32-byte digest via provider and resolve the recovery parameter.
+     */
+    async signDigestAndRecover(digest) {
+        const address = await this.getAddress();
+        const signatureBlob = await this.provider.signDigest(digest);
+        const { r, s: rawS } = parseDerSignature(signatureBlob.bytes);
+        const { r: normalizedR, s } = normalizeSignature(r, rawS);
+        const yParity = await resolveRecoveryParam(digest, normalizedR, s, address);
+        return { r: normalizedR, s, yParity };
+    }
+    /**
+     * Internal: derive address from provider's public key.
+     */
+    async deriveAddress() {
+        const publicKeyBlob = await this.provider.getPublicKey();
+        return publicToAddress(publicKeyBlob.bytes);
+    }
+}
+/** Convert a 0x-prefixed hex string to Uint8Array */
+function hexToBytes(hex) {
+    const stripped = hex.startsWith('0x') ? hex.slice(2) : hex;
+    const bytes = new Uint8Array(stripped.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(stripped.slice(i * 2, i * 2 + 2), 16);
+    }
+    return bytes;
+}
+//# sourceMappingURL=evm-signer-adapter.js.map

package/dist/core/evm-signer-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evm-signer-adapter.js","sourceRoot":"","sources":["../../src/core/evm-signer-adapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,aAAa,EACb,SAAS,EACT,oBAAoB,EACpB,KAAK,GACN,MAAM,MAAM,CAAC;AAGd,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,eAAe,EACf,oBAAoB,GACrB,MAAM,uBAAuB,CAAC;AAM/B;;;GAGG;AACH,MAAM,OAAO,gBAAgB;IACV,eAAe,CAAW;IAC1B,QAAQ,CAAkB;IACnC,cAAc,GAA4B,IAAI,CAAC;IAEvD,YAAY,QAAyB,EAAE,MAA+B;QACpE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,eAAe,GAAG,MAAM,EAAE,eAAe,CAAC;IACjD,CAAC;IAED;;;OAGG;IACH,UAAU;QACR,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAC7C,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,EAA2B;QAC/C,MAAM,UAAU,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAE9C,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAElE,OAAO,oBAAoB,CAAC,EAAE,EAAE;YAC9B,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;YACzB,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;YACzB,OAAO;SACsC,CAAC,CAAC;IACnD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CAAC,MAA2B;QAC7C,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;QAEhC,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAElE,OAAO;YACL,CAAC,EAAE,OAAO,GAAG,EAAE;YACf,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;YACzB,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;SAC1B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAElC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAC/C,IAAI,cAAc,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxE,MAAM,IAAI,KAAK,CACb,mBAAmB,cAAc,4BAA4B,IAAI,CAAC,eAAe,EAAE,CACpF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAChC,MAAkB;QAElB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAE7D,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAC9D,MAAM,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,GAAG,kBAAkB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;QAE5E,OAAO,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa;QACzB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC;QACzD,OAAO,eAAe,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;IAC9C,CAAC;CACF;AAED,qDAAqD;AACrD,SAAS,UAAU,CAAC,GAAQ;IAC1B,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAC3D,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,KAAK,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/core/signing-provider.d.ts

@@ -0,0 +1,14 @@
+export interface SignatureBlob {
+    readonly bytes: Uint8Array;
+    readonly encoding: 'der' | 'raw';
+    readonly algorithm: 'secp256k1' | 'ed25519';
+}
+export interface PublicKeyBlob {
+    readonly bytes: Uint8Array;
+    readonly algorithm: 'secp256k1' | 'ed25519';
+}
+export interface SigningProvider {
+    signDigest(digest: Uint8Array): Promise<SignatureBlob>;
+    getPublicKey(): Promise<PublicKeyBlob>;
+    healthCheck(): Promise<void>;
+}

package/dist/core/signing-provider.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=signing-provider.js.map

package/dist/core/signing-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing-provider.js","sourceRoot":"","sources":["../../src/core/signing-provider.ts"],"names":[],"mappings":""}

package/dist/crypto/evm-signer.util.d.ts

@@ -0,0 +1,43 @@
+import { type Address } from 'viem';
+/**
+ * Parse a DER-encoded ECDSA signature into r and s components.
+ *
+ * DER format: 0x30 <total-len> 0x02 <r-len> <r-bytes> 0x02 <s-len> <s-bytes>
+ */
+export declare function parseDerSignature(der: Uint8Array): {
+    r: Uint8Array;
+    s: Uint8Array;
+};
+/**
+ * Parse a DER-encoded SPKI public key to extract the uncompressed secp256k1 point (65 bytes).
+ *
+ * SPKI structure for secp256k1:
+ *   SEQUENCE {
+ *     SEQUENCE { OID ecPublicKey, OID secp256k1 }
+ *     BIT STRING { 0x00 (unused bits) 0x04 <x 32 bytes> <y 32 bytes> }
+ *   }
+ */
+export declare function parseDerPublicKey(der: Uint8Array): Uint8Array;
+/**
+ * Apply EIP-2 low-s normalization.
+ * If s > secp256k1n/2, replace s with secp256k1n - s.
+ */
+export declare function normalizeSignature(r: Uint8Array, s: Uint8Array): {
+    r: Uint8Array;
+    s: Uint8Array;
+};
+/**
+ * Resolve the recovery parameter (yParity) by trying 0 and 1,
+ * then comparing the recovered address against the expected address.
+ * Uses viem's recoverAddress internally.
+ */
+export declare function resolveRecoveryParam(digest: Uint8Array, r: Uint8Array, s: Uint8Array, address: Address): Promise<number>;
+/**
+ * Derive Ethereum address from an uncompressed secp256k1 public key (65 bytes).
+ * address = keccak256(pubkey[1:])[12:]
+ */
+export declare function publicToAddress(pubkey: Uint8Array): Address;
+/** Convert a Uint8Array to a BigInt */
+export declare function bytesToBigInt(bytes: Uint8Array): bigint;
+/** Convert a BigInt to a 32-byte Uint8Array */
+export declare function bigIntTo32Bytes(value: bigint): Uint8Array;

package/dist/crypto/evm-signer.util.js

@@ -0,0 +1,151 @@
+import { keccak256, recoverAddress, toHex } from 'viem';
+/**
+ * secp256k1 curve order (n).
+ * Used for low-s normalization (EIP-2).
+ */
+const SECP256K1_N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141n;
+const SECP256K1_HALF_N = SECP256K1_N / 2n;
+/**
+ * Parse a DER-encoded ECDSA signature into r and s components.
+ *
+ * DER format: 0x30 <total-len> 0x02 <r-len> <r-bytes> 0x02 <s-len> <s-bytes>
+ */
+export function parseDerSignature(der) {
+    let offset = 0;
+    if (der[offset++] !== 0x30) {
+        throw new Error('Invalid DER signature: missing SEQUENCE tag');
+    }
+    // total length (skip, we parse by structure)
+    const totalLen = der[offset++];
+    if (offset + totalLen > der.length) {
+        throw new Error('Invalid DER signature: length exceeds buffer');
+    }
+    // Parse r
+    if (der[offset++] !== 0x02) {
+        throw new Error('Invalid DER signature: missing INTEGER tag for r');
+    }
+    const rLen = der[offset++];
+    const rRaw = new Uint8Array(der.buffer, der.byteOffset + offset, rLen);
+    offset += rLen;
+    // Parse s
+    if (der[offset++] !== 0x02) {
+        throw new Error('Invalid DER signature: missing INTEGER tag for s');
+    }
+    const sLen = der[offset++];
+    const sRaw = new Uint8Array(der.buffer, der.byteOffset + offset, sLen);
+    // Strip leading zero padding (DER uses signed integers) and pad to 32 bytes
+    const r = padTo32Bytes(stripLeadingZeros(rRaw));
+    const s = padTo32Bytes(stripLeadingZeros(sRaw));
+    return { r, s };
+}
+/**
+ * Parse a DER-encoded SPKI public key to extract the uncompressed secp256k1 point (65 bytes).
+ *
+ * SPKI structure for secp256k1:
+ *   SEQUENCE {
+ *     SEQUENCE { OID ecPublicKey, OID secp256k1 }
+ *     BIT STRING { 0x00 (unused bits) 0x04 <x 32 bytes> <y 32 bytes> }
+ *   }
+ */
+export function parseDerPublicKey(der) {
+    // Find the BIT STRING containing the public key
+    // The uncompressed key starts with 0x04 and is 65 bytes
+    for (let i = 0; i <= der.length - 65; i++) {
+        if (der[i] === 0x04) {
+            // Verify the byte before is 0x00 (BIT STRING unused bits indicator)
+            if (i > 0 && der[i - 1] === 0x00) {
+                return new Uint8Array(der.buffer, der.byteOffset + i, 65);
+            }
+        }
+    }
+    throw new Error('Failed to extract uncompressed public key from SPKI DER');
+}
+/**
+ * Apply EIP-2 low-s normalization.
+ * If s > secp256k1n/2, replace s with secp256k1n - s.
+ */
+export function normalizeSignature(r, s) {
+    const sBigInt = bytesToBigInt(s);
+    if (sBigInt > SECP256K1_HALF_N) {
+        const normalizedS = SECP256K1_N - sBigInt;
+        return { r, s: bigIntTo32Bytes(normalizedS) };
+    }
+    return { r, s };
+}
+/**
+ * Resolve the recovery parameter (yParity) by trying 0 and 1,
+ * then comparing the recovered address against the expected address.
+ * Uses viem's recoverAddress internally.
+ */
+export async function resolveRecoveryParam(digest, r, s, address) {
+    const hashHex = toHex(digest);
+    const rHex = toHex(r, { size: 32 });
+    const sHex = toHex(s, { size: 32 });
+    for (const yParity of [0, 1]) {
+        try {
+            const recovered = await recoverAddress({
+                hash: hashHex,
+                signature: { r: rHex, s: sHex, yParity },
+            });
+            if (recovered.toLowerCase() === address.toLowerCase()) {
+                return yParity;
+            }
+        }
+        catch {
+            // Try next recovery value
+        }
+    }
+    throw new Error('Failed to resolve recovery parameter: no matching yParity found');
+}
+/**
+ * Derive Ethereum address from an uncompressed secp256k1 public key (65 bytes).
+ * address = keccak256(pubkey[1:])[12:]
+ */
+export function publicToAddress(pubkey) {
+    if (pubkey.length !== 65 || pubkey[0] !== 0x04) {
+        throw new Error('Expected 65-byte uncompressed public key starting with 0x04');
+    }
+    // Hash the 64-byte x,y coordinates (skip the 0x04 prefix)
+    const coordBytes = new Uint8Array(pubkey.buffer, pubkey.byteOffset + 1, 64);
+    const hash = keccak256(toHex(coordBytes));
+    // Take last 20 bytes (40 hex chars) of the hash
+    return `0x${hash.slice(26)}`;
+}
+/** Strip leading zero bytes from a byte array */
+function stripLeadingZeros(bytes) {
+    let start = 0;
+    while (start < bytes.length - 1 && bytes[start] === 0) {
+        start++;
+    }
+    return start > 0 ? new Uint8Array(bytes.buffer, bytes.byteOffset + start, bytes.length - start) : bytes;
+}
+/** Left-pad a byte array to 32 bytes */
+function padTo32Bytes(bytes) {
+    if (bytes.length === 32)
+        return bytes;
+    if (bytes.length > 32) {
+        throw new Error(`Invalid DER integer: ${bytes.length} bytes exceeds 32-byte secp256k1 scalar`);
+    }
+    const padded = new Uint8Array(32);
+    padded.set(bytes, 32 - bytes.length);
+    return padded;
+}
+/** Convert a Uint8Array to a BigInt */
+export function bytesToBigInt(bytes) {
+    let result = 0n;
+    for (const byte of bytes) {
+        result = (result << 8n) | BigInt(byte);
+    }
+    return result;
+}
+/** Convert a BigInt to a 32-byte Uint8Array */
+export function bigIntTo32Bytes(value) {
+    const bytes = new Uint8Array(32);
+    let v = value;
+    for (let i = 31; i >= 0; i--) {
+        bytes[i] = Number(v & 0xffn);
+        v >>= 8n;
+    }
+    return bytes;
+}
+//# sourceMappingURL=evm-signer.util.js.map

package/dist/crypto/evm-signer.util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evm-signer.util.js","sourceRoot":"","sources":["../../src/crypto/evm-signer.util.ts"],"names":[],"mappings":"AAAA,OAAO,EAA0B,SAAS,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,MAAM,CAAC;AAEhF;;;GAGG;AACH,MAAM,WAAW,GAAG,mEAAmE,CAAC;AACxF,MAAM,gBAAgB,GAAG,WAAW,GAAG,EAAE,CAAC;AAE1C;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAe;IAI/C,IAAI,MAAM,GAAG,CAAC,CAAC;IAEf,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IAED,6CAA6C;IAC7C,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,EAAE,CAAE,CAAC;IAChC,IAAI,MAAM,GAAG,QAAQ,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,UAAU;IACV,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,EAAE,CAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,GAAG,MAAM,EAAE,IAAI,CAAC,CAAC;IACvE,MAAM,IAAI,IAAI,CAAC;IAEf,UAAU;IACV,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,EAAE,CAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,GAAG,MAAM,EAAE,IAAI,CAAC,CAAC;IAEvE,4EAA4E;IAC5E,MAAM,CAAC,GAAG,YAAY,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;IAChD,MAAM,CAAC,GAAG,YAAY,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;IAEhD,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;AAClB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAe;IAC/C,gDAAgD;IAChD,wDAAwD;IACxD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACpB,oEAAoE;YACpE,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACjC,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;AAC7E,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,CAAa,EACb,CAAa;IAEb,MAAM,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAEjC,IAAI,OAAO,GAAG,gBAAgB,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,WAAW,GAAG,OAAO,CAAC;QAC1C,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;IAChD,CAAC;IAED,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAkB,EAClB,CAAa,EACb,CAAa,EACb,OAAgB;IAEhB,MAAM,OAAO,GAAQ,KAAK,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,IAAI,GAAQ,KAAK,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IACzC,MAAM,IAAI,GAAQ,KAAK,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAEzC,KAAK,MAAM,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,CAAU,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC;gBACrC,IAAI,EAAE,OAAO;gBACb,SAAS,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE;aACzC,CAAC,CAAC;YACH,IAAI,SAAS,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;gBACtD,OAAO,OAAO,CAAC;YACjB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;AACrF,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,MAAkB;IAChD,IAAI,MAAM,CAAC,MAAM,KAAK,EAAE,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;IACjF,CAAC;IAED,0DAA0D;IAC1D,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5E,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;IAC1C,gDAAgD;IAChD,OAAO,KAAK,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,EAAa,CAAC;AAC1C,CAAC;AAED,iDAAiD;AACjD,SAAS,iBAAiB,CAAC,KAAiB;IAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,OAAO,KAAK,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QACtD,KAAK,EAAE,CAAC;IACV,CAAC;IACD,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,UAAU,GAAG,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AAC1G,CAAC;AAED,wCAAwC;AACxC,SAAS,YAAY,CAAC,KAAiB;IACrC,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IACtC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,wBAAwB,KAAK,CAAC,MAAM,yCAAyC,CAAC,CAAC;IACjG,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IACrC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uCAAuC;AACvC,MAAM,UAAU,aAAa,CAAC,KAAiB;IAC7C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+CAA+C;AAC/C,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,IAAI,CAAC,GAAG,KAAK,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;QAC7B,CAAC,KAAK,EAAE,CAAC;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/evm-signer.util.d.ts

@@ -0,0 +1 @@
+export { parseDerSignature, parseDerPublicKey, normalizeSignature, resolveRecoveryParam, publicToAddress, bytesToBigInt, bigIntTo32Bytes, } from './crypto/evm-signer.util.js';

package/dist/evm-signer.util.js

@@ -0,0 +1,4 @@
+// Re-export shim for backward compatibility.
+// Canonical location: src/crypto/evm-signer.util.ts
+export { parseDerSignature, parseDerPublicKey, normalizeSignature, resolveRecoveryParam, publicToAddress, bytesToBigInt, bigIntTo32Bytes, } from './crypto/evm-signer.util.js';
+//# sourceMappingURL=evm-signer.util.js.map

package/dist/evm-signer.util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evm-signer.util.js","sourceRoot":"","sources":["../src/evm-signer.util.ts"],"names":[],"mappings":"AAAA,6CAA6C;AAC7C,oDAAoD;AACpD,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,eAAe,EACf,aAAa,EACb,eAAe,GAChB,MAAM,6BAA6B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+export { KmsSignerAdapter, type KmsSignerConfig } from './kms-signer.js';
+export { AwsKmsClient, type IKmsClient, type KmsKeyMetadata } from './kms-client.js';
+export type { SignerAdapter, SignatureComponents, SignTypedDataParams } from './types.js';
+export { parseDerSignature, parseDerPublicKey, normalizeSignature, resolveRecoveryParam, publicToAddress, } from './evm-signer.util.js';
+export type { SigningProvider, SignatureBlob, PublicKeyBlob, } from './core/signing-provider.js';
+export { EvmSignerAdapter, type EvmSignerAdapterConfig } from './core/evm-signer-adapter.js';
+export { AwsKmsProvider, type AwsKmsProviderConfig } from './providers/aws-kms/aws-kms-provider.js';
+export { createSigningProvider, type SigningProviderConfig, type AwsKmsSigningProviderConfig, } from './provider/factory.js';
+export type { PolicyConfig, PolicyRequest, PolicyEvaluation } from './protocols/policy/types.js';
+export type { AuditEntry } from './agentic/audit/types.js';
+export { AuditLogger } from './agentic/audit/logger.js';

package/dist/index.js

@@ -0,0 +1,9 @@
+// ─── Backward-compatible exports (unchanged) ───
+export { KmsSignerAdapter } from './kms-signer.js';
+export { AwsKmsClient } from './kms-client.js';
+export { parseDerSignature, parseDerPublicKey, normalizeSignature, resolveRecoveryParam, publicToAddress, } from './evm-signer.util.js';
+export { EvmSignerAdapter } from './core/evm-signer-adapter.js';
+export { AwsKmsProvider } from './providers/aws-kms/aws-kms-provider.js';
+export { createSigningProvider, } from './provider/factory.js';
+export { AuditLogger } from './agentic/audit/logger.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kDAAkD;AAClD,OAAO,EAAE,gBAAgB,EAAwB,MAAM,iBAAiB,CAAC;AACzE,OAAO,EAAE,YAAY,EAAwC,MAAM,iBAAiB,CAAC;AAErF,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,eAAe,GAChB,MAAM,sBAAsB,CAAC;AAQ9B,OAAO,EAAE,gBAAgB,EAA+B,MAAM,8BAA8B,CAAC;AAC7F,OAAO,EAAE,cAAc,EAA6B,MAAM,yCAAyC,CAAC;AACpG,OAAO,EACL,qBAAqB,GAGtB,MAAM,uBAAuB,CAAC;AAQ/B,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC"}

package/dist/kms-client.d.ts

@@ -0,0 +1 @@
+export { AwsKmsClient, type IKmsClient, type KmsKeyMetadata, } from './providers/aws-kms/aws-kms-client.js';

package/dist/kms-client.js

@@ -0,0 +1,4 @@
+// Re-export shim for backward compatibility.
+// Canonical location: src/providers/aws-kms/aws-kms-client.ts
+export { AwsKmsClient, } from './providers/aws-kms/aws-kms-client.js';
+//# sourceMappingURL=kms-client.js.map

package/dist/kms-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kms-client.js","sourceRoot":"","sources":["../src/kms-client.ts"],"names":[],"mappings":"AAAA,6CAA6C;AAC7C,8DAA8D;AAC9D,OAAO,EACL,YAAY,GAGb,MAAM,uCAAuC,CAAC"}

package/dist/kms-signer.d.ts

@@ -0,0 +1 @@
+export { KmsSignerAdapter, type KmsSignerConfig, } from './providers/aws-kms/kms-signer-adapter.js';

package/dist/kms-signer.js

@@ -0,0 +1,4 @@
+// Re-export shim for backward compatibility.
+// Canonical location: src/providers/aws-kms/kms-signer-adapter.ts
+export { KmsSignerAdapter, } from './providers/aws-kms/kms-signer-adapter.js';
+//# sourceMappingURL=kms-signer.js.map

package/dist/kms-signer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kms-signer.js","sourceRoot":"","sources":["../src/kms-signer.ts"],"names":[],"mappings":"AAAA,6CAA6C;AAC7C,kEAAkE;AAClE,OAAO,EACL,gBAAgB,GAEjB,MAAM,2CAA2C,CAAC"}