@breeztech/breez-sdk-spark-react-native 0.15.0 → 0.16.1-dev1

package/lib/typescript/module/src/passkey-prf-provider.d.ts

@@ -0,0 +1,135 @@
+import { PasskeyClient as SdkPasskeyClient, PasskeyProviderOptions, type PasskeyConfig, type PrfProvider } from './generated/breez_sdk_spark';
+/**
+ * A passkey credential from a register or sign-in ceremony. `credentialId`
+ * is always set; the attestation fields are populated on registration and
+ * absent on sign-in (an assertion carries no attestation). Persist
+ * `credentialId` to drive `excludeCredentials` / `allowCredentials` on later
+ * calls. Treat `aaguid` as an unverified display hint, never a trust decision.
+ * `userId` is the user handle minted by the native plugin (never host-supplied).
+ */
+export interface PasskeyCredential {
+    credentialId: Uint8Array;
+    userId: Uint8Array | null;
+    aaguid: Uint8Array | null;
+    backupEligible: boolean | null;
+}
+/**
+ * Result of {@link PasskeyProvider.checkDomainAssociation}. Switch on `kind`
+ * to handle each outcome.
+ */
+export type DomainAssociation = {
+    kind: 'Associated';
+} | {
+    kind: 'NotAssociated';
+    source: string;
+    reason: string;
+} | {
+    kind: 'Skipped';
+    reason: string;
+};
+/**
+ * Error thrown when a passkey operation fails, with a structured `code` for
+ * programmatic handling: `userCancelled`, `userTimedOut`, `prfNotSupported`,
+ * `noCredential`, `configuration`, `credentialAlreadyExists`, `unknown`.
+ * `userTimedOut` is the OS biometric inactivity timeout (distinct from the
+ * user dismissing the prompt), so hosts may safely auto-retry it.
+ */
+export declare class PasskeyPrfException extends Error {
+    readonly code: string;
+    constructor(code: string, message: string);
+}
+/**
+ * Built-in React Native passkey PRF provider, backed by AuthenticationServices
+ * on iOS and Credential Manager on Android. The default {@link PrfProvider};
+ * inject a configured instance through {@link PasskeyClientBuilder}. Requires
+ * iOS 18+ or Android 14+ (API 34) plus the Associated Domains entitlement
+ * (iOS) or assetlinks.json (Android) for the RP domain.
+ */
+export declare class PasskeyProvider {
+    /**
+     * Breez's shared `keys.breez.technology` RP. Pass as `rpId` to opt in
+     * (only valid for apps registered with Breez); apps with their own RP
+     * domain pass their own string.
+     */
+    static readonly BREEZ_RP_ID: string;
+    /** Default `rpName` for the zero-config client when none is supplied. */
+    static readonly DEFAULT_RP_NAME: string;
+    private rpId;
+    private rpName;
+    private userName;
+    private userDisplayName;
+    constructor(options: PasskeyProviderOptions);
+    /**
+     * Derive one 32-byte seed per salt from passkey PRF, in as few OS prompts
+     * as the platform supports. `allowCredentials` restricts the assertion to
+     * specific credential IDs (mainly for reauthentication) when non-empty;
+     * `preferImmediatelyAvailableCredentials` overrides the platform default
+     * when set. Returns the seeds plus the asserted credential ID.
+     */
+    deriveSeeds(request: {
+        salts: string[];
+        allowCredentials?: Uint8Array[];
+        preferImmediatelyAvailableCredentials?: boolean | null;
+    }): Promise<{
+        seeds: Uint8Array[];
+        credentialId?: Uint8Array;
+    }>;
+    /**
+     * Register a new PRF-capable passkey (one prompt, no seed derivation): use
+     * it to split credential creation from derivation in multi-step onboarding.
+     * `excludeCredentials` blocks re-registering a device that already holds a
+     * credential, surfaced as a `credentialAlreadyExists` failure. The returned
+     * user handle is minted fresh per call (never host-supplied).
+     */
+    createPasskey(excludeCredentials?: Uint8Array[]): Promise<PasskeyCredential>;
+    /** Whether this device supports passkeys with the PRF extension. */
+    isSupported(): Promise<boolean>;
+    /**
+     * Verify the app is associated with the configured `rpId` for WebAuthn.
+     * Android always returns `Skipped` rather than `NotAssociated`: Credential
+     * Manager runs its own check internally against fresher data.
+     */
+    checkDomainAssociation(): Promise<DomainAssociation>;
+}
+/**
+ * Builds a `PasskeyClient` backed by a caller-supplied provider. Use this
+ * for a custom PRF backend; omit the provider for the zero-config Breez-RP
+ * default and set `providerOptions` on the config to use your own RP.
+ */
+export declare class PasskeyClientBuilder {
+    private readonly breezApiKey?;
+    private readonly config?;
+    private provider?;
+    /**
+     * @param breezApiKey Breez relay key for authenticated (NIP-42) label
+     *   storage. Omit for public relays only.
+     * @param config Passkey client config. `providerOptions` configures the
+     *   default provider (ignored when a provider is injected via
+     *   {@link withPrfProvider}, which owns its RP); `defaultLabel` is the
+     *   label-store default.
+     */
+    constructor(breezApiKey?: string | undefined, config?: PasskeyConfig | undefined);
+    /**
+     * Inject the provider the client derives seeds through: the built-in
+     * {@link PasskeyProvider} or any custom `PrfProvider` implementation.
+     * Supersedes the config's `providerOptions` (the injected provider owns
+     * its RP).
+     */
+    withPrfProvider(provider: PrfProvider): this;
+    /**
+     * Construct the client. Falls back to a default {@link PasskeyProvider}
+     * on the config's `providerOptions` (default: the Breez RP) when no
+     * provider was injected.
+     */
+    build(): SdkPasskeyClient;
+}
+/**
+ * Zero-config passkey client on the Breez shared RP (`keys.breez.technology`),
+ * so a Breez-registered app needs only its relay key; set `providerOptions` on
+ * the config to use your own RP. For a custom PRF backend, build the provider
+ * and inject it via {@link PasskeyClientBuilder}.
+ */
+export declare const PasskeyClient: {
+    new (breezApiKey?: string, config?: PasskeyConfig): SdkPasskeyClient;
+};
+//# sourceMappingURL=passkey-prf-provider.d.ts.map

package/lib/typescript/module/src/passkey-prf-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey-prf-provider.d.ts","sourceRoot":"","sources":["../../../../src/passkey-prf-provider.ts"],"names":[],"mappings":"AACA,OAAO,EACL,aAAa,IAAI,gBAAgB,EACjC,sBAAsB,EACtB,KAAK,aAAa,EAClB,KAAK,WAAW,EACjB,MAAM,6BAA6B,CAAC;AAwCrC;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,UAAU,CAAC;IACzB,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IAC1B,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IAC1B,cAAc,EAAE,OAAO,GAAG,IAAI,CAAC;CAChC;AAED;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GACzB;IAAE,IAAI,EAAE,YAAY,CAAA;CAAE,GACtB;IAAE,IAAI,EAAE,eAAe,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GACzD;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAExC;;;;;;GAMG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAEV,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAK1C;AA+BD;;;;;;GAMG;AACH,qBAAa,eAAe;IAC1B;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAA2B;IAE9D,yEAAyE;IACzE,MAAM,CAAC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAW;IAElD,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,eAAe,CAAS;gBAEpB,OAAO,EAAE,sBAAsB;IAO3C;;;;;;OAMG;IACG,WAAW,CAAC,OAAO,EAAE;QACzB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,gBAAgB,CAAC,EAAE,UAAU,EAAE,CAAC;QAChC,qCAAqC,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;KACxD,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,UAAU,EAAE,CAAC;QAAC,YAAY,CAAC,EAAE,UAAU,CAAA;KAAE,CAAC;IA2C/D;;;;;;OAMG;IACG,aAAa,CAAC,kBAAkB,GAAE,UAAU,EAAO,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAgCtF,oEAAoE;IAC9D,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAQrC;;;;OAIG;IACG,sBAAsB,IAAI,OAAO,CAAC,iBAAiB,CAAC;CA6B3D;AAqBD;;;;GAIG;AACH,qBAAa,oBAAoB;IAY7B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;IAC7B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;IAZ1B,OAAO,CAAC,QAAQ,CAAC,CAAc;IAE/B;;;;;;;OAOG;gBAEgB,WAAW,CAAC,EAAE,MAAM,YAAA,EACpB,MAAM,CAAC,EAAE,aAAa,YAAA;IAGzC;;;;;OAKG;IACH,eAAe,CAAC,QAAQ,EAAE,WAAW,GAAG,IAAI;IAK5C;;;;OAIG;IACH,KAAK,IAAI,gBAAgB;CAU1B;AAUD;;;;;GAKG;AACH,eAAO,MAAM,aAAa,EAAE;IAC1B,KAAK,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,aAAa,GAAG,gBAAgB,CAAC;CAGtE,CAAC"}

package/package.json

@@ -1,12 +1,23 @@
 {
   "name": "@breeztech/breez-sdk-spark-react-native",
-  "version": "0.15.0",
+  "version": "0.16.1-dev1",
   "description": "React Native bindings for the Breez SDK - Nodeless (Spark Implementation)",
   "source": "./src/index.tsx",
   "main": "./lib/commonjs/index.js",
+  "types": "./lib/typescript/commonjs/src/index.d.ts",
   "module": "./lib/module/index.js",
   "exports": {
     "./app.plugin.js": "./app.plugin.js",
+    "./passkey-prf-provider": {
+      "import": {
+        "types": "./lib/typescript/module/src/passkey-prf-provider.d.ts",
+        "default": "./lib/module/passkey-prf-provider.js"
+      },
+      "require": {
+        "types": "./lib/typescript/commonjs/src/passkey-prf-provider.d.ts",
+        "default": "./lib/commonjs/passkey-prf-provider.js"
+      }
+    },
     ".": {
       "import": {
         "types": "./lib/typescript/module/src/index.d.ts",
@@ -52,11 +63,12 @@
     "prepare": "bob build && yarn plugin:build",
     "release": "release-it --only-version",
     "typecheck": "tsc",
-    "ubrn:android": "ubrn build android --release --config ubrn.config.yaml --and-generate",
+    "ubrn:android": "ubrn build android --release --config ubrn.config.yaml --and-generate && yarn post-ubrn",
     "ubrn:build": "yarn ubrn:ios && yarn ubrn:android",
     "ubrn:checkout": "ubrn checkout --config ubrn.config.yaml",
     "ubrn:clean": "rm -rfv cpp/ android/CMakeLists.txt android/src/main/java android/*.cpp ios/ src/Native* src/index.*ts* src/generated/",
-    "ubrn:ios": "ubrn build ios --release --config ubrn.config.yaml --and-generate"
+    "ubrn:ios": "ubrn build ios --release --config ubrn.config.yaml --and-generate && yarn post-ubrn",
+    "post-ubrn": "node ./scripts/post-ubrn.js"
   },
   "keywords": [
     "react-native",
@@ -197,7 +209,7 @@
     "version": "0.49.0"
   },
   "checksums": {
-    "android": "8575e29841c19347cc3d490914f155f9bc8db704144f6c6e1d5cb43cd33af39c",
-    "ios": "44b0cccd549afb6f6955148b0f701e9648617af0eadd8e107245d726dfc6a3b5"
+    "android": "221bd9a358381e424f56018a81c4e359fde5799382bacea4cff86cb9d3f19607",
+    "ios": "46fdfca17557a6a5b65785c1c65a1375e1b4b2c754c0402dda809150c6e144bd"
   }
 }

package/scripts/post-ubrn.js

@@ -0,0 +1,227 @@
+#!/usr/bin/env node
+/**
+ * Apply hand-edits to uniffi-bindgen-react-native-generated files after
+ * running `yarn ubrn:android`, `yarn ubrn:ios`, or `yarn ubrn:checkout`.
+ *
+ * The code generator is unaware of the built-in passkey PRF provider, so
+ * each regeneration would otherwise silently drop the few lines required
+ * to:
+ *
+ *   1. android/build.gradle
+ *        - add androidx.credentials / kotlinx-coroutines dependencies
+ *          (needed by the hand-written BreezSdkSparkPasskeyModule.kt and
+ *          CredentialManagerPrfCore.kt)
+ *        - add `src/main/kotlin` to the Android gradle sourceSets so
+ *          those hand-written files (which live under
+ *          `android/src/main/kotlin/...` to survive `yarn ubrn:clean`)
+ *          are actually compiled
+ *
+ *   2. android/src/main/java/.../BreezSdkSparkReactNativePackage.kt
+ *        - register BreezSdkSparkPasskeyModule alongside the generated
+ *          UniFFI TurboModule so React Native can find it at runtime
+ *
+ * The PasskeyProvider class is exposed via a subpath export
+ * (`@breeztech/breez-sdk-spark-react-native/passkey-prf-provider`) declared
+ * in package.json `exports`, so no edit to the generated `src/index.tsx`
+ * is required.
+ *
+ * Each patch is idempotent (runs as a no-op if already applied) and
+ * errors loudly if its anchor cannot be found. If uniffi-bindgen-react-native
+ * changes its output format, this script fails fast with an actionable
+ * message instead of silently producing a broken package.
+ *
+ * Invoked automatically by the `ubrn:*` npm scripts; can also be run
+ * manually via `yarn post-ubrn`.
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+const args = process.argv.slice(2);
+const checkMode = args.includes('--check') || args.includes('--dry-run');
+
+const repoRoot = path.resolve(__dirname, '..');
+const drift = [];
+const errors = [];
+
+function patchFile(relPath, label, patcher) {
+  const filePath = path.join(repoRoot, relPath);
+  if (!fs.existsSync(filePath)) {
+    console.log(`[post-ubrn] ${label}: skipping, file not yet generated (${relPath})`);
+    return;
+  }
+  let before, after;
+  try {
+    before = fs.readFileSync(filePath, 'utf8');
+    after = patcher(before, label, relPath);
+  } catch (err) {
+    errors.push({ label, relPath, message: err.message });
+    return;
+  }
+  if (before === after) {
+    console.log(`[post-ubrn] ${label}: already patched (${relPath})`);
+    return;
+  }
+  if (checkMode) {
+    drift.push({ label, relPath });
+    console.log(`[post-ubrn] ${label}: WOULD PATCH (${relPath})`);
+    return;
+  }
+  fs.writeFileSync(filePath, after);
+  console.log(`[post-ubrn] ${label}: patched (${relPath})`);
+}
+
+function requireAnchor(content, anchor, label, relPath) {
+  if (!content.includes(anchor)) {
+    throw new Error(
+      `anchor not found. The uniffi-bindgen-react-native output format may ` +
+        `have changed (check the installed version against the one this ` +
+        `script was written for). See CLAUDE.md "Generated Files Policy" ` +
+        `for how to update the patches. Expected anchor text:\n${anchor}`
+    );
+  }
+}
+
+// ---------------------------------------------------------------------------
+// 1. android/build.gradle
+// ---------------------------------------------------------------------------
+
+patchFile(
+  'android/build.gradle',
+  'androidx.credentials dependencies',
+  (content, label, relPath) => {
+    if (content.includes('androidx.credentials:credentials:1.3.0')) {
+      return content;
+    }
+    const anchor = '  implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"';
+    requireAnchor(content, anchor, label, relPath);
+    const injected = [
+      anchor,
+      '  implementation "androidx.credentials:credentials:1.3.0"',
+      '  implementation "androidx.credentials:credentials-play-services-auth:1.3.0"',
+      '  implementation "org.jetbrains.kotlinx:kotlinx-coroutines-android:1.8.0"',
+    ].join('\n');
+    return content.replace(anchor, injected);
+  }
+);
+
+patchFile(
+  'android/build.gradle',
+  'src/main/kotlin sourceSet',
+  (content, label, relPath) => {
+    if (content.includes("main.kotlin.srcDirs += 'src/main/kotlin'")) {
+      return content;
+    }
+    // The generated build.gradle already has a `sourceSets { main { ... } }`
+    // block (for the new-architecture jni dirs). Extend it by adding the
+    // hand-written kotlin source dir right after the opening `main {`.
+    const anchor = `  sourceSets {
+    main {
+      if (isNewArchitectureEnabled()) {`;
+    requireAnchor(content, anchor, label, relPath);
+    return content.replace(
+      anchor,
+      `  sourceSets {
+    main {
+      main.kotlin.srcDirs += 'src/main/kotlin'
+      if (isNewArchitectureEnabled()) {`
+    );
+  }
+);
+
+// ---------------------------------------------------------------------------
+// 2. android/src/main/java/.../BreezSdkSparkReactNativePackage.kt
+// ---------------------------------------------------------------------------
+
+const PACKAGE_KT_REL =
+  'android/src/main/java/com/breeztech/breezsdkspark/BreezSdkSparkReactNativePackage.kt';
+
+patchFile(
+  PACKAGE_KT_REL,
+  'BreezSdkSparkPasskeyModule getModule() registration',
+  (content, label, relPath) => {
+    if (content.includes('BreezSdkSparkPasskeyModule.NAME ->')) {
+      return content;
+    }
+    const anchor = `  override fun getModule(name: String, reactContext: ReactApplicationContext): NativeModule? {
+    return if (name == BreezSdkSparkReactNativeModule.NAME) {
+      BreezSdkSparkReactNativeModule(reactContext)
+    } else {
+      null
+    }
+  }`;
+    const replacement = `  override fun getModule(name: String, reactContext: ReactApplicationContext): NativeModule? {
+    return when (name) {
+      BreezSdkSparkReactNativeModule.NAME -> BreezSdkSparkReactNativeModule(reactContext)
+      BreezSdkSparkPasskeyModule.NAME -> BreezSdkSparkPasskeyModule(reactContext)
+      else -> null
+    }
+  }`;
+    requireAnchor(content, anchor, label, relPath);
+    return content.replace(anchor, replacement);
+  }
+);
+
+patchFile(
+  PACKAGE_KT_REL,
+  'BreezSdkSparkPasskeyModule ReactModuleInfo registration',
+  (content, label, relPath) => {
+    if (content.includes('moduleInfos[BreezSdkSparkPasskeyModule.NAME]')) {
+      return content;
+    }
+    const anchor = `        true // isTurboModule
+      )
+      moduleInfos
+    }
+  }
+}`;
+    const replacement = `        true // isTurboModule
+      )
+      moduleInfos[BreezSdkSparkPasskeyModule.NAME] = ReactModuleInfo(
+        BreezSdkSparkPasskeyModule.NAME,
+        BreezSdkSparkPasskeyModule.NAME,
+        false,  // canOverrideExistingModule
+        false,  // needsEagerInit
+        false,  // isCxxModule
+        false // isTurboModule (standard native module)
+      )
+      moduleInfos
+    }
+  }
+}`;
+    requireAnchor(content, anchor, label, relPath);
+    return content.replace(anchor, replacement);
+  }
+);
+
+if (errors.length > 0) {
+  console.error('');
+  console.error(`[post-ubrn] ${errors.length} patch(es) failed:`);
+  for (const { label, relPath, message } of errors) {
+    console.error(`  - ${label} (${relPath})`);
+    console.error(`    ${message.split('\n').join('\n    ')}`);
+  }
+  process.exit(2);
+}
+
+if (checkMode && drift.length > 0) {
+  console.error('');
+  console.error(
+    `[post-ubrn] ${drift.length} generated file(s) are out of sync with the ` +
+      `committed hand-edits:`
+  );
+  for (const { label, relPath } of drift) {
+    console.error(`  - ${label} (${relPath})`);
+  }
+  console.error('');
+  console.error(
+    'Run `yarn post-ubrn` inside packages/react-native and commit the diff, ' +
+      'or revert whatever change dropped the patches. See CLAUDE.md ' +
+      '"Generated Files Policy" for context.'
+  );
+  process.exit(1);
+}
+
+console.log('[post-ubrn] done.');