@blocklet/sdk 1.16.54-beta-20251017-133309-7d40faa6 → 1.16.54-beta-20251023-041534-36eec6b9

package/lib/util/jest-teardown.js

@@ -8,11 +8,11 @@ exports.default = setupJest;
 const os_1 = __importDefault(require("os"));
 const fs_extra_1 = __importDefault(require("fs-extra"));
 const path_1 = __importDefault(require("path"));
-const parse_1 = __importDefault(require("@blocklet/meta/lib/parse"));
+const parse_1 = require("@blocklet/meta/lib/parse");
 function setupJest() {
     try {
         const dir = process.cwd();
-        const meta = (0, parse_1.default)(dir, { ensureComponentStore: false });
+        const meta = (0, parse_1.parse)(dir, { ensureComponentStore: false });
         const tmpDir = path_1.default.join(os_1.default.tmpdir(), meta.did);
         if (fs_extra_1.default.existsSync(tmpDir)) {
             fs_extra_1.default.rm(tmpDir, { recursive: true });

package/lib/util/send-notification.d.ts

@@ -1,7 +1,9 @@
+import { WalletObject } from '@ocap/wallet';
 import { TNotification, TNotificationInput, TSendOptions } from '../types/notification';
 export type TNotificationSender = {
     appDid: string;
-    appSk: string;
+    wallet?: WalletObject;
+    appSk?: string;
     type?: 'server' | 'blocklet';
 };
 /**
@@ -9,33 +11,34 @@ export type TNotificationSender = {
  * @param {Object} notification
  * @param {{
  *   appDid: String
- *   appSk: String
+ *   wallet?: WalletObject
+ *   appSk?: string
  * }} sender
  * @param {String|Number} port port of abtnode service endpoint
  * @param {Object} options
  * @returns
  */
-declare const sendToUser: (receiver: string | string[], notification: TNotification | TNotificationInput, { appDid, appSk, type }: TNotificationSender, options?: {
+declare const sendToUser: (receiver: string | string[], notification: TNotification | TNotificationInput, sender: TNotificationSender, options?: {
     keepForOfflineUser?: boolean;
     locale?: string;
     channels?: ("app" | "email" | "push" | "webhook")[];
     raw?: boolean;
     ttl?: number;
 }, pathname?: string, port?: string) => Promise<any>;
-declare const sendToAppChannel: (channel: string, event: string, notification: TNotificationInput, { appDid, appSk }: TNotificationSender, options?: TSendOptions, port?: string) => Promise<any>;
-declare const sendToRelay: (topic: string, event: string, data: any, { appDid, appSk }: TNotificationSender, port?: string) => Promise<any>;
-declare const sendToEventBus: (event: any, { appDid, appSk }: TNotificationSender, port?: string) => Promise<any>;
+declare const sendToAppChannel: (channel: string, event: string, notification: TNotificationInput, sender: TNotificationSender, options?: TSendOptions, port?: string) => Promise<any>;
+declare const sendToRelay: (topic: string, event: string, data: any, sender: TNotificationSender, port?: string) => Promise<any>;
+declare const sendToEventBus: (event: any, sender: TNotificationSender, port?: string) => Promise<any>;
 export { sendToUser, sendToAppChannel, sendToRelay, sendToEventBus };
 declare const _default: {
-    sendToUser: (receiver: string | string[], notification: TNotification | TNotificationInput, { appDid, appSk, type }: TNotificationSender, options?: {
+    sendToUser: (receiver: string | string[], notification: TNotification | TNotificationInput, sender: TNotificationSender, options?: {
         keepForOfflineUser?: boolean;
         locale?: string;
         channels?: ("app" | "email" | "push" | "webhook")[];
         raw?: boolean;
         ttl?: number;
     }, pathname?: string, port?: string) => Promise<any>;
-    sendToAppChannel: (channel: string, event: string, notification: TNotificationInput, { appDid, appSk }: TNotificationSender, options?: TSendOptions, port?: string) => Promise<any>;
-    sendToRelay: (topic: string, event: string, data: any, { appDid, appSk }: TNotificationSender, port?: string) => Promise<any>;
-    sendToEventBus: (event: any, { appDid, appSk }: TNotificationSender, port?: string) => Promise<any>;
+    sendToAppChannel: (channel: string, event: string, notification: TNotificationInput, sender: TNotificationSender, options?: TSendOptions, port?: string) => Promise<any>;
+    sendToRelay: (topic: string, event: string, data: any, sender: TNotificationSender, port?: string) => Promise<any>;
+    sendToEventBus: (event: any, sender: TNotificationSender, port?: string) => Promise<any>;
 };
 export default _default;

package/lib/util/send-notification.js

@@ -1,37 +1,4 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -39,12 +6,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.sendToEventBus = exports.sendToRelay = exports.sendToAppChannel = exports.sendToUser = void 0;
 const axios_1 = __importDefault(require("axios"));
 const pick_1 = __importDefault(require("lodash/pick"));
-const JWT = __importStar(require("@arcblock/jwt"));
 const constant_1 = __importDefault(require("@abtnode/constant"));
 const channel_1 = require("@blocklet/meta/lib/channel");
 const did_1 = require("@arcblock/did");
 const ufo_1 = require("ufo");
 const error_1 = require("@blocklet/error");
+const wallet_1 = require("@ocap/wallet");
+const mcrypto_1 = require("@ocap/mcrypto");
 const index_1 = require("../validators/index");
 const constants_1 = require("./constants");
 const version_1 = require("../version");
@@ -54,18 +22,37 @@ const { NODE_MODES } = constant_1.default;
 const VERSION = version_1.version; // version of notification sdk
 const SERVER_MODE = process.env.ABT_NODE_MODE;
 const getRequestHeaders = () => ({ 'User-Agent': `BlockletSDK/${VERSION}` });
+/**
+ * Helper function to ensure we have a wallet object
+ * If wallet is not provided but appSk is, create wallet from appSk
+ */
+const ensureWallet = (sender) => {
+    if (sender.wallet) {
+        return sender.wallet;
+    }
+    if (sender.appSk) {
+        const walletType = (0, wallet_1.WalletType)({
+            role: mcrypto_1.types.RoleType.ROLE_APPLICATION,
+            pk: mcrypto_1.types.KeyType.ED25519,
+            hash: mcrypto_1.types.HashType.SHA3,
+        });
+        return (0, wallet_1.fromSecretKey)(sender.appSk, walletType);
+    }
+    throw new Error('Either wallet or appSk must be provided in sender');
+};
 /**
  * @param {String|Array} receiver
  * @param {Object} notification
  * @param {{
  *   appDid: String
- *   appSk: String
+ *   wallet?: WalletObject
+ *   appSk?: string
  * }} sender
  * @param {String|Number} port port of abtnode service endpoint
  * @param {Object} options
  * @returns
  */
-const sendToUser = async (receiver, notification, { appDid, appSk, type }, options = {}, pathname = 'send-to-user', port = process.env.ABT_NODE_SERVICE_PORT) => {
+const sendToUser = async (receiver, notification, sender, options = {}, pathname = 'send-to-user', port = process.env.ABT_NODE_SERVICE_PORT) => {
     if (['send-to-user', 'send-to-push-kit', 'send-to-wallet'].includes(pathname)) {
         await (0, index_1.validateReceiver)(receiver);
     }
@@ -78,13 +65,15 @@ const sendToUser = async (receiver, notification, { appDid, appSk, type }, optio
         await (0, index_1.validateNotification)(notification);
     }
     try {
+        const wallet = ensureWallet(sender);
+        const token = await wallet.signJWT({});
         const { data: res } = await axios.post((0, ufo_1.joinURL)(`http://${(0, parse_docker_endpoint_1.getServerHost)()}:${port}`, constants_1.SERVICE_PREFIX, 'api', pathname), {
             apiVersion: VERSION,
             data: {
                 sender: {
-                    appDid,
-                    type,
-                    token: JWT.sign(appDid, appSk),
+                    appDid: sender.appDid,
+                    type: sender.type,
+                    token,
                     componentDid: process.env.BLOCKLET_COMPONENT_DID,
                 },
                 receiver: Array.isArray(receiver) ? receiver.map(did_1.toAddress) : (0, did_1.toAddress)(receiver),
@@ -103,7 +92,7 @@ const sendToUser = async (receiver, notification, { appDid, appSk, type }, optio
     }
 };
 exports.sendToUser = sendToUser;
-const sendToAppChannel = async (channel, event, notification, { appDid, appSk }, options = {}, port = process.env.ABT_NODE_SERVICE_PORT) => {
+const sendToAppChannel = async (channel, event, notification, sender, options = {}, port = process.env.ABT_NODE_SERVICE_PORT) => {
     if (!channel) {
         throw new Error('channel is required');
     }
@@ -121,10 +110,12 @@ const sendToAppChannel = async (channel, event, notification, { appDid, appSk },
         await (0, index_1.validateNotification)(notification);
     }
     try {
+        const wallet = ensureWallet(sender);
+        const token = await wallet.signJWT({});
         const { data: res } = await axios.post(`http://${(0, parse_docker_endpoint_1.getServerHost)()}:${port}${constants_1.SERVICE_PREFIX}/api/send-to-app-channel`, {
             apiVersion: VERSION,
             data: {
-                sender: { appDid, token: JWT.sign(appDid, appSk) },
+                sender: { appDid: sender.appDid, token },
                 channel,
                 event,
                 notification,
@@ -142,7 +133,7 @@ const sendToAppChannel = async (channel, event, notification, { appDid, appSk },
     }
 };
 exports.sendToAppChannel = sendToAppChannel;
-const sendToRelay = async (topic, event, data, { appDid, appSk }, port = process.env.ABT_NODE_SERVICE_PORT) => {
+const sendToRelay = async (topic, event, data, sender, port = process.env.ABT_NODE_SERVICE_PORT) => {
     if (!topic) {
         throw new Error('topic is required');
     }
@@ -153,11 +144,13 @@ const sendToRelay = async (topic, event, data, { appDid, appSk }, port = process
         throw new Error('data is required');
     }
     try {
+        const wallet = ensureWallet(sender);
+        const token = await wallet.signJWT({});
         const { data: res } = await axios.post(`http://${(0, parse_docker_endpoint_1.getServerHost)()}:${port}${constants_1.SERVICE_PREFIX}/relay/api/send-to-relay-channel`, {
             apiVersion: VERSION,
             data: {
-                sender: { appDid, token: JWT.sign(appDid, appSk) },
-                channel: (0, channel_1.getRelayChannel)(appDid, topic),
+                sender: { appDid: sender.appDid, token },
+                channel: (0, channel_1.getRelayChannel)(sender.appDid, topic),
                 event,
                 data,
             },
@@ -173,16 +166,18 @@ const sendToRelay = async (topic, event, data, { appDid, appSk }, port = process
     }
 };
 exports.sendToRelay = sendToRelay;
-const sendToEventBus = async (event, { appDid, appSk }, port = process.env.ABT_NODE_SERVICE_PORT) => {
+const sendToEventBus = async (event, sender, port = process.env.ABT_NODE_SERVICE_PORT) => {
     if (!event) {
         throw new Error('event is required');
     }
     try {
+        const wallet = ensureWallet(sender);
+        const token = await wallet.signJWT({});
         const { data: res } = await axios.post(`http://${(0, parse_docker_endpoint_1.getServerHost)()}:${port}${constants_1.SERVICE_PREFIX}/api/send-to-event-bus`, {
             apiVersion: VERSION,
             data: {
-                sender: { appDid, token: JWT.sign(appDid, appSk) },
-                channel: (0, channel_1.getEventBusChannel)(appDid),
+                sender: { appDid: sender.appDid, token },
+                channel: (0, channel_1.getEventBusChannel)(sender.appDid),
                 event,
             },
         }, {

package/lib/util/service-api.js

@@ -13,6 +13,7 @@ const ufo_1 = require("ufo");
 const constants_1 = require("./constants");
 const verify_sign_1 = require("./verify-sign");
 const parse_docker_endpoint_1 = require("./parse-docker-endpoint");
+const { serverVersion } = env_1.blockletEnv;
 const axios = axios_1.default.create({
     // 为当前机器的内部调用，必须禁止 proxy 配置
     proxy: false,
@@ -20,19 +21,22 @@ const axios = axios_1.default.create({
     // 内部调用，超时时间不用过长
     timeout: 6 * 1000,
     headers: {
-        'User-Agent': `BlockletSDK/${env_1.serverVersion}`,
-        'x-blocklet-server-version': env_1.serverVersion,
+        'User-Agent': `BlockletSDK/${serverVersion}`,
+        'x-blocklet-server-version': serverVersion,
         // NOTICE: 需要注入以下两个 header，才能使 blocklet-service 中的代码识别到当前的 blocklet 环境
         'x-blocklet-did': process.env.BLOCKLET_DID,
         'x-blocklet-component-id': process.env.BLOCKLET_REAL_DID,
     },
 });
-axios.interceptors.request.use((config) => {
-    const { sig, exp, iat, version } = (0, verify_sign_1.getSignData)({
+axios.interceptors.request.use(async (config) => {
+    const { sig, exp, iat, version } = await (0, verify_sign_1.getSignData)({
         data: config.data,
         method: config.method,
         params: config.params,
         url: (0, ufo_1.joinURL)(constants_1.SERVICE_PREFIX, config.url),
+    }, {
+        // Compatible with previous version where APP_ASK does not exist
+        appSk: process.env.BLOCKLET_APP_ASK || process.env.BLOCKLET_APP_SK,
     });
     // 同时对 post 和 get 参数做签名，确保同时支持 post get 请求的校验
     // 签名使用的是当前 blocklet 的 appSk，固命名为 x-blocklet-sig，以后可做统一使用

package/lib/util/verify-session.js

@@ -9,16 +9,19 @@ exports.verifyAccessKey = verifyAccessKey;
 exports.verifyComponentCall = verifyComponentCall;
 exports.verifySignedToken = verifySignedToken;
 const constant_1 = require("@blocklet/constant");
+const jwt_1 = require("@arcblock/jwt");
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const mcrypto_1 = require("@ocap/mcrypto");
-const jwt_1 = require("@arcblock/jwt");
-const wallet_1 = __importDefault(require("../wallet"));
-const auth_1 = __importDefault(require("../middlewares/auth"));
+const wallet_1 = require("../wallet");
+const auth_1 = require("../middlewares/auth");
 const login_1 = require("./login");
 const config_1 = require("../config");
 const verify_sign_1 = require("./verify-sign");
 const getSessionSecret = () => {
-    const wallet = (0, wallet_1.default)();
+    if (process.env.BLOCKLET_SESSION_SECRET) {
+        return process.env.BLOCKLET_SESSION_SECRET;
+    }
+    const wallet = (0, wallet_1.getWallet)();
     const secret = mcrypto_1.Hasher.SHA3.hash256(Buffer.concat([wallet.secretKey, wallet.address, config_1.env.sessionSalt].filter(Boolean).map((v) => Buffer.from(v))));
     return secret;
 };
@@ -56,7 +59,7 @@ async function verifyAccessKey({ token, strictMode }) {
     if (!token)
         return null;
     try {
-        const client = auth_1.default.getServiceClient();
+        const client = auth_1.authMiddleware.getServiceClient();
         const result = await client.verifyAccessKey({ accessKeyId: token });
         const { createdBy, accessKeyId, passport = 'guest', remark = '' } = result.data;
         return {
@@ -80,7 +83,7 @@ async function verifyComponentCall({ req, strictMode }) {
     const { sig, data } = (0, verify_sign_1.getVerifyData)(req);
     if (!sig)
         return null;
-    if ((await (0, verify_sign_1.verify)(data, sig)) === false) {
+    if ((await (0, verify_sign_1.verify)(data, sig, { appSk: process.env.BLOCKLET_APP_ASK || process.env.BLOCKLET_APP_SK })) === false) {
         if (strictMode) {
             throw new Error('Unauthorized: Invalid signature');
         }
@@ -100,7 +103,7 @@ async function verifyComponentCall({ req, strictMode }) {
 async function verifySignedToken({ token, strictMode }) {
     if (!token)
         return null;
-    const wallet = (0, wallet_1.default)();
+    const wallet = (0, wallet_1.getWallet)();
     if (!(await (0, jwt_1.verify)(token, wallet.publicKey))) {
         if (strictMode) {
             throw new Error('Unauthorized: Invalid signed token');

package/lib/util/verify-sign.d.ts

@@ -1,14 +1,15 @@
 import { DIDTypeShortcut } from '@arcblock/did';
 import type { Request } from 'express';
-declare const verify: (data: object, sig: string, { type, appSk, appPk, }?: {
+type SignOptions = {
     type?: DIDTypeShortcut;
     appSk?: string;
-    appPk?: string;
-}) => any;
-declare const sign: (data: object, { type, appSk, }?: {
+};
+declare const verify: (data: object, sig: string, { type, appSk, appPk, }?: {
     type?: DIDTypeShortcut;
     appSk?: string;
-}) => string;
+    appPk?: string;
+}) => Promise<any>;
+declare const sign: (data: object, { type, appSk }?: SignOptions) => Promise<string>;
 type SignType = 'component' | 'blocklet';
 declare const getVerifyData: (req: Request, type?: SignType) => {
     sig: string;
@@ -29,11 +30,11 @@ declare const getSignData: ({ data, params, method, url, }: {
     params: object;
     method: string;
     url: string;
-}, signOptions?: object) => {
+}, signOptions?: SignOptions) => Promise<{
     sig: string;
     iat: number;
     exp: number;
     version: string;
     raw: SignSeed;
-};
+}>;
 export { verify, sign, getVerifyData, getSignData };

package/lib/util/verify-sign.js

@@ -2,39 +2,6 @@
 /*
  * @Description: 用于 sdk 中调用 blocklet-service 接口时的加解密工具库
  */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -46,20 +13,21 @@ const ufo_1 = require("ufo");
 const constant_1 = require("@blocklet/constant");
 const semver_1 = __importDefault(require("semver"));
 const qs_1 = __importDefault(require("qs"));
-const wallet_1 = __importStar(require("../wallet"));
-const verify = (data, sig, { type, appSk, appPk, } = {}) => {
+const wallet_1 = require("../wallet");
+const { getPkWallet } = wallet_1.getWallet;
+const verify = async (data, sig, { type, appSk, appPk, } = {}) => {
     try {
         if (!sig) {
             throw new Error('empty sig');
         }
         let wallet;
         if (appPk) {
-            wallet = (0, wallet_1.getPkWallet)(type, appPk);
+            wallet = getPkWallet(type, appPk);
         }
         else {
-            wallet = (0, wallet_1.default)(type, appSk);
+            wallet = (0, wallet_1.getWallet)(type, appSk);
         }
-        const verified = wallet.verify((0, json_stable_stringify_1.default)(data || {}), sig);
+        const verified = await wallet.verify((0, json_stable_stringify_1.default)(data || {}), sig);
         return verified;
     }
     catch {
@@ -67,8 +35,9 @@ const verify = (data, sig, { type, appSk, appPk, } = {}) => {
     }
 };
 exports.verify = verify;
-const sign = (data, { type, appSk, } = {}) => {
-    const wallet = (0, wallet_1.default)(type, appSk);
+// eslint-disable-next-line require-await
+const sign = async (data, { type, appSk } = {}) => {
+    const wallet = (0, wallet_1.getWallet)(type, appSk);
     return wallet.sign((0, json_stable_stringify_1.default)(data || {}));
 };
 exports.sign = sign;
@@ -115,7 +84,7 @@ const getVerifyData = (req, type = 'component') => {
     return { sig, data, sigVersion, sigPk };
 };
 exports.getVerifyData = getVerifyData;
-const getSignData = ({ data, params, method, url, }, signOptions) => {
+const getSignData = async ({ data, params, method, url, }, signOptions) => {
     const iat = Math.floor(Date.now() / 1000);
     const exp = iat + 60 * 5;
     const raw = {
@@ -129,7 +98,7 @@ const getSignData = ({ data, params, method, url, }, signOptions) => {
     raw.query = qs_1.default.parse(qs_1.default.stringify((0, merge_1.default)(qs_1.default.parse(tmp.search.slice(1)), params ?? {})));
     raw.method = method.toLowerCase();
     raw.url = tmp.pathname;
-    const sig = sign(raw, signOptions);
+    const sig = await sign(raw, signOptions);
     const version = constant_1.SIG_VERSION.DEFAULT;
     return {
         sig,

package/lib/wallet-authenticator.d.ts

@@ -5,4 +5,4 @@ declare class WalletAuthenticator extends Authenticator {
     private authClient;
     private blockletClient;
 }
-export = WalletAuthenticator;
+export { WalletAuthenticator };

package/lib/wallet-authenticator.js

@@ -1,21 +1,20 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WalletAuthenticator = void 0;
 const did_connect_js_1 = require("@arcblock/did-connect-js");
-const wallet_1 = __importDefault(require("./wallet"));
-const check_blocklet_env_1 = __importDefault(require("./util/check-blocklet-env"));
+const wallet_1 = require("./wallet");
+const check_blocklet_env_1 = require("./util/check-blocklet-env");
 const shared_1 = require("./connect/shared");
-const blocklet_1 = __importDefault(require("./service/blocklet"));
+const blocklet_1 = require("./service/blocklet");
 class WalletAuthenticator extends did_connect_js_1.WalletAuthenticator {
     constructor(options = {}) {
-        (0, check_blocklet_env_1.default)();
+        (0, check_blocklet_env_1.checkBlockletEnvironment)();
         super({
-            wallet: (0, wallet_1.default)().toJSON(),
+            wallet: (0, wallet_1.getWallet)(),
             ...(0, shared_1.getAuthenticatorProps)(options),
         });
-        this.blockletClient = new blocklet_1.default();
+        this.blockletClient = new blocklet_1.BlockletService();
         this.authClient = this.blockletClient;
     }
 }
-module.exports = WalletAuthenticator;
+exports.WalletAuthenticator = WalletAuthenticator;

package/lib/wallet-handler.d.ts

@@ -16,4 +16,4 @@ declare class WalletHandlers extends Handler {
         onStart?: () => {};
     }): void;
 }
-export = WalletHandlers;
+export { WalletHandlers };

package/lib/wallet-handler.js

@@ -35,6 +35,8 @@ var __importStar = (this && this.__importStar) || (function () {
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WalletHandlers = void 0;
 const get_1 = __importDefault(require("lodash/get"));
 const did_connect_js_1 = require("@arcblock/did-connect-js");
 const notification_1 = __importStar(require("./service/notification"));
@@ -129,4 +131,4 @@ class WalletHandlers extends did_connect_js_1.WalletHandlers {
         });
     }
 }
-module.exports = WalletHandlers;
+exports.WalletHandlers = WalletHandlers;

package/lib/wallet.d.ts

@@ -1,14 +1,42 @@
 import { WalletObject } from '@ocap/wallet';
-import { DIDTypeShortcut } from '@arcblock/did';
+import { DIDTypeShortcut, DIDTypeArg } from '@arcblock/did';
+import { LRUCache } from 'lru-cache';
+export declare const cacheWallet: LRUCache<string, WalletObject<string>, unknown>;
+/**
+ * Create a wallet from public key
+ * Internal helper function used by both createRemoteWallet and getWallet.getPkWallet
+ */
+export declare const getPkWallet: (type?: DIDTypeShortcut, appPk?: string) => WalletObject;
+/**
+ * Create a remote wallet with sign and signJWT methods that call blocklet-service
+ * @param publicKey - The public key to create the wallet from
+ * @param type - The wallet type
+ * @param keyType - Key type to use ('sk' or 'psk')
+ * @returns Wallet object with remote sign and signJWT methods
+ */
+export declare const createRemoteWallet: (publicKey: string, type?: any, keyType?: "sk" | "psk") => WalletObject;
 /**
  * @param {string} [type=process.env.CHAIN_TYPE] can only be 'eth|ethereum' or 'default|arcblock'
  * @param {string} [appSk=process.env.BLOCKLET_APP_SK] must be hex
+ * @param {string} [keyType='sk'] key type to use ('sk' or 'psk')
  * @return {WalletObject}  {WalletObject}
  */
-declare const getWallet: {
-    (type?: DIDTypeShortcut, appSk?: string): WalletObject;
-    getPermanentWallet(): WalletObject<string>;
-    getEthereumWallet(permanent?: boolean): WalletObject<string>;
-    getPkWallet(type?: DIDTypeShortcut, appPk?: string): WalletObject<string>;
+export declare const getWallet: {
+    (type?: DIDTypeShortcut, appSk?: string, keyType?: "sk" | "psk"): WalletObject;
+    getPermanentWallet: () => WalletObject<string>;
+    getEthereumWallet: (permanent?: boolean) => WalletObject<string>;
+    getPkWallet: (type?: DIDTypeShortcut, appPk?: string) => WalletObject;
+    deriveWallet: (sub: string, type?: DIDTypeArg, index?: number) => Promise<WalletObject>;
+    getAccessWallet: () => WalletObject<string>;
 };
-export = getWallet;
+/**
+ * Create wallet from app DID with automatic fallback to remote signing
+ * @param sub - Subject identifier (e.g., 'email|user@example.com')
+ * @param type - DID type shortcut (e.g., 'ethereum')
+ * @param index - Index for deriving wallet (default: 0)
+ * @returns Wallet object with sign and signJWT methods
+ */
+export declare const deriveWallet: (sub: string, type?: DIDTypeArg, index?: number) => Promise<WalletObject>;
+export declare const getPermanentWallet: () => WalletObject<string>;
+export declare const getEthereumWallet: (permanent?: boolean) => WalletObject<string>;
+export declare const getAccessWallet: () => WalletObject<string>;