npm - @bsv/wallet-toolbox - Versions diffs - 1.7.11 → 1.7.12 - Mend

@bsv/wallet-toolbox 1.7.11 → 1.7.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

package/CHANGELOG.md +7 -0
package/docs/client.md +213 -52
package/docs/wallet.md +213 -52
package/mobile/out/src/WalletPermissionsManager.d.ts +60 -0
package/mobile/out/src/WalletPermissionsManager.d.ts.map +1 -1
package/mobile/out/src/WalletPermissionsManager.js +200 -35
package/mobile/out/src/WalletPermissionsManager.js.map +1 -1
package/mobile/package-lock.json +2 -2
package/mobile/package.json +1 -1
package/out/src/WalletPermissionsManager.d.ts +60 -0
package/out/src/WalletPermissionsManager.d.ts.map +1 -1
package/out/src/WalletPermissionsManager.js +200 -35
package/out/src/WalletPermissionsManager.js.map +1 -1
package/out/src/__tests/WalletPermissionsManager.fixtures.d.ts.map +1 -1
package/out/src/__tests/WalletPermissionsManager.fixtures.js.map +1 -1
package/out/src/__tests/WalletPermissionsManager.pmodules.test.d.ts +2 -0
package/out/src/__tests/WalletPermissionsManager.pmodules.test.d.ts.map +1 -0
package/out/src/__tests/WalletPermissionsManager.pmodules.test.js +624 -0
package/out/src/__tests/WalletPermissionsManager.pmodules.test.js.map +1 -0
package/out/src/__tests/WalletPermissionsManager.proxying.test.js.map +1 -1
package/out/src/storage/remoting/StorageServer.d.ts.map +1 -1
package/out/src/storage/remoting/StorageServer.js.map +1 -1
package/out/tsconfig.all.tsbuildinfo +1 -1
package/package.json +1 -1
package/src/Wallet.ts +2 -2
package/src/WalletLogger.ts +1 -1
package/src/WalletPermissionsManager.ts +350 -42
package/src/__tests/WalletPermissionsManager.fixtures.ts +1 -2
package/src/__tests/WalletPermissionsManager.pmodules.test.ts +798 -0
package/src/__tests/WalletPermissionsManager.proxying.test.ts +2 -2
package/src/storage/remoting/StorageServer.ts +0 -2

package/mobile/out/src/WalletPermissionsManager.js CHANGED Viewed

@@ -120,6 +120,58 @@ class WalletPermissionsManager {
             ...config // override with user-specified config
         };
     }
+    /* ---------------------------------------------------------------------
+     *  HELPER METHODS FOR P-MODULE DELEGATION
+     * --------------------------------------------------------------------- */
+    /**
+     * Delegates a wallet method call to a P-module if the basket or protocol name uses a P-scheme.
+     * Handles the full request/response transformation flow.
+     *
+     * @param basketOrProtocolName - The basket or protocol name to check for p-module delegation
+     * @param method - The wallet method name being called
+     * @param args - The original args passed to the method
+     * @param originator - The originator of the request
+     * @param underlyingCall - Callback that executes the underlying wallet method with transformed args
+     * @returns The transformed response, or null if not a P-basket/protocol (caller should continue normal flow)
+     */
+    async delegateToPModuleIfNeeded(basketOrProtocolName, method, args, originator, underlyingCall) {
+        var _a;
+        // Check if this is a P-protocol/basket
+        if (!basketOrProtocolName.startsWith('p ')) {
+            return null; // If not, caller should continue normal flow
+        }
+        const schemeID = basketOrProtocolName.split(' ')[1];
+        const module = (_a = this.config.permissionModules) === null || _a === void 0 ? void 0 : _a[schemeID];
+        if (!module) {
+            throw new Error(`Unsupported P-module scheme: p ${schemeID}`);
+        }
+        // Transform request with module
+        const transformedReq = await module.onRequest({
+            method,
+            args,
+            originator
+        });
+        // Call underlying method with transformed request
+        const results = await underlyingCall(transformedReq.args, originator);
+        // Transform response with module
+        return await module.onResponse(results, {
+            method,
+            originator
+        });
+    }
+    /**
+     * Decrypts custom instructions in listOutputs results if encryption is configured.
+     */
+    async decryptListOutputsMetadata(results) {
+        if (results.outputs) {
+            for (let i = 0; i < results.outputs.length; i++) {
+                if (results.outputs[i].customInstructions) {
+                    results.outputs[i].customInstructions = await this.maybeDecryptMetadata(results.outputs[i].customInstructions);
+                }
+            }
+        }
+        return results;
+    }
     /* ---------------------------------------------------------------------
      *  1) PUBLIC API FOR REGISTERING CALLBACKS (UI PROMPTS, LOGGING, ETC.)
      * --------------------------------------------------------------------- */
@@ -1717,19 +1769,39 @@ class WalletPermissionsManager {
      *  7) BRC-100 WALLET INTERFACE FORWARDING WITH PERMISSION CHECKS
      * --------------------------------------------------------------------- */
     async createAction(args, originator) {
-        // 1) Ensure basket and label permissions
+        var _a;
+        // 1) Identify unique P-modules involved (one per schemeID)
+        const pModulesByScheme = new Map();
+        const nonPBaskets = [];
         if (args.outputs) {
             for (const out of args.outputs) {
                 if (out.basket) {
-                    await this.ensureBasketAccess({
-                        originator: originator,
-                        basket: out.basket,
-                        reason: args.description,
-                        usageType: 'insertion'
-                    });
+                    if (out.basket.startsWith('p ')) {
+                        const schemeID = out.basket.split(' ')[1];
+                        if (!pModulesByScheme.has(schemeID)) {
+                            const module = (_a = this.config.permissionModules) === null || _a === void 0 ? void 0 : _a[schemeID];
+                            if (!module) {
+                                throw new Error(`Unsupported P-basket scheme: p ${schemeID}`);
+                            }
+                            pModulesByScheme.set(schemeID, module);
+                        }
+                    }
+                    else {
+                        // Track non-P baskets for normal permission checks
+                        nonPBaskets.push(out.basket);
+                    }
                 }
             }
         }
+        // 2) Check permissions for non-P baskets
+        for (const basket of nonPBaskets) {
+            await this.ensureBasketAccess({
+                originator: originator,
+                basket,
+                reason: args.description,
+                usageType: 'insertion'
+            });
+        }
         if (args.labels) {
             for (const lbl of args.labels) {
                 await this.ensureLabelAccess({
@@ -1741,7 +1813,7 @@ class WalletPermissionsManager {
             }
         }
         /**
-         * 2) Force signAndProcess=false unless the originator is admin and explicitly sets it to true.
+         * 4) Force signAndProcess=false unless the originator is admin and explicitly sets it to true.
          *    This ensures the underlying wallet returns a signableTransaction, letting us parse the transaction
          *    to determine net spending and request authorization if needed.
          */
@@ -1752,7 +1824,7 @@ class WalletPermissionsManager {
         else if (!this.isAdminOriginator(originator)) {
             throw new Error('Only the admin originator can set signAndProcess=true explicitly.');
         }
-        // 3) Encrypt transaction metadata, saving originals for use in permissions and line items.
+        // 5) Encrypt transaction metadata, saving originals for use in permissions and line items.
         const originalDescription = args.description;
         const originalInputDescriptions = {};
         const originalOutputDescriptions = {};
@@ -1773,26 +1845,50 @@ class WalletPermissionsManager {
             }
         }
         /**
-         * 4) Call the underlying wallet’s createAction. We add two “admin” labels:
-         *    - "admin originator <domain>"
-         *    - "admin month YYYY-MM"
-         *    These labels help track the originator’s monthly spending.
+         * 6) Call the underlying wallet's createAction.
+         *    - If P-modules are involved, chain request transformations through them first
+         *    - Add two "admin" labels for tracking: "admin originator <domain>" and "admin month YYYY-MM"
+         *    - If P-modules are involved, chain response transformations back through them
          */
-        const createResult = await this.underlying.createAction({
+        const finalArgs = {
             ...args,
             options: modifiedOptions,
-            labels: [
-                ...(args.labels || []),
-                `admin originator ${originator}`,
-                `admin month ${this.getCurrentMonthYearUTC()}`
-            ]
-        }, originator);
+            labels: [...(args.labels || []), `admin originator ${originator}`, `admin month ${this.getCurrentMonthYearUTC()}`]
+        };
+        let createResult;
+        if (pModulesByScheme.size > 0) {
+            // P-modules are involved - chain transformations
+            const pModules = Array.from(pModulesByScheme.values());
+            // Chain onRequest calls through all modules
+            let transformedArgs = finalArgs;
+            for (const module of pModules) {
+                const transformed = await module.onRequest({
+                    method: 'createAction',
+                    args: transformedArgs,
+                    originator: originator
+                });
+                transformedArgs = transformed.args;
+            }
+            // Call underlying wallet with transformed args
+            createResult = await this.underlying.createAction(transformedArgs, originator);
+            // Chain onResponse calls in reverse order
+            for (let i = pModules.length - 1; i >= 0; i--) {
+                createResult = await pModules[i].onResponse(createResult, {
+                    method: 'createAction',
+                    originator: originator
+                });
+            }
+        }
+        else {
+            // No P-modules - call underlying wallet directly
+            createResult = await this.underlying.createAction(finalArgs, originator);
+        }
         // If there's no signableTransaction, the underlying wallet must have fully finalized it. Return as is.
         if (!createResult.signableTransaction) {
             return createResult;
         }
         /**
-         * 5) We have a signable transaction. Parse it to determine how much the originator is actually spending.
+         * 7) We have a signable transaction. Parse it to determine how much the originator is actually spending.
          *    We only consider inputs the originator explicitly listed in args.inputs.
          *    netSpent = (sum of originator-requested outputs) - (sum of matching originator inputs).
          *    If netSpent > 0, we need spending authorization.
@@ -1852,7 +1948,7 @@ class WalletPermissionsManager {
          * minus total foreign inflows. Fees are also considered.
          */
         netSpent = totalOutputSatoshis + tx.getFee() - totalInputSatoshis;
-        // 6) If netSpent > 0, require spending authorization. Abort if denied.
+        // 8) If netSpent > 0, require spending authorization. Abort if denied.
         if (netSpent > 0) {
             try {
                 await this.ensureSpendingAuthorization({
@@ -1868,7 +1964,7 @@ class WalletPermissionsManager {
             }
         }
         /**
-         * 7) Decide whether to finalize the transaction automatically or return the signableTransaction:
+         * 9) Decide whether to finalize the transaction automatically or return the signableTransaction:
          *    - If the user originally wanted signAndProcess (the default when undefined), we forcibly set it to false earlier, so check if we should now finalize it.
          *    - If the transaction still needs more signatures, we must return the signableTransaction.
          */
@@ -1937,6 +2033,18 @@ class WalletPermissionsManager {
         for (const outIndex in requestArgs.outputs) {
             const out = requestArgs.outputs[outIndex];
             if (out.protocol === 'basket insertion') {
+                // Delegate to permission module if needed
+                const pModuleResult = await this.delegateToPModuleIfNeeded(out.insertionRemittance.basket, 'internalizeAction', requestArgs, originator, async (transformedArgs) => {
+                    if (out.insertionRemittance.customInstructions) {
+                        ;
+                        transformedArgs.outputs[outIndex].insertionRemittance.customInstructions =
+                            await this.maybeEncryptMetadata(out.insertionRemittance.customInstructions);
+                    }
+                    return await this.underlying.internalizeAction(transformedArgs, originator);
+                });
+                if (pModuleResult !== null) {
+                    return pModuleResult;
+                }
                 await this.ensureBasketAccess({
                     originator: originator,
                     basket: out.insertionRemittance.basket,
@@ -1952,6 +2060,15 @@ class WalletPermissionsManager {
     }
     async listOutputs(...args) {
         const [requestArgs, originator] = args;
+        // Delegate to permission module if needed
+        const pModuleResult = await this.delegateToPModuleIfNeeded(requestArgs.basket, 'listOutputs', requestArgs, originator, async (transformedArgs) => {
+            const result = await this.underlying.listOutputs(transformedArgs, originator);
+            // Apply metadata decryption to permission module response
+            return await this.decryptListOutputsMetadata(result);
+        });
+        if (pModuleResult !== null) {
+            return pModuleResult;
+        }
         // Ensure the originator has permission for the basket.
         await this.ensureBasketAccess({
             originator: originator,
@@ -1960,18 +2077,18 @@ class WalletPermissionsManager {
             usageType: 'listing'
         });
         const results = await this.underlying.listOutputs(...args);
-        // Transparently decrypt transaction metadata, if configured to do so.
-        if (results.outputs) {
-            for (let i = 0; i < results.outputs.length; i++) {
-                if (results.outputs[i].customInstructions) {
-                    results.outputs[i].customInstructions = await this.maybeDecryptMetadata(results.outputs[i].customInstructions);
-                }
-            }
-        }
-        return results;
+        // Apply metadata decryption to regular response
+        return await this.decryptListOutputsMetadata(results);
     }
     async relinquishOutput(...args) {
         const [requestArgs, originator] = args;
+        // Delegate to permission module if needed
+        const pModuleResult = await this.delegateToPModuleIfNeeded(requestArgs.basket, 'relinquishOutput', requestArgs, originator, async (transformedArgs) => {
+            return await this.underlying.relinquishOutput(transformedArgs, originator);
+        });
+        if (pModuleResult !== null) {
+            return pModuleResult;
+        }
         await this.ensureBasketAccess({
             originator: originator,
             basket: requestArgs.basket,
@@ -1983,6 +2100,14 @@ class WalletPermissionsManager {
     async getPublicKey(...args) {
         const [requestArgs, originator] = args;
         if (requestArgs.protocolID) {
+            // Delegate to permission module if needed
+            const pModuleResult = await this.delegateToPModuleIfNeeded(requestArgs.protocolID[1], 'getPublicKey', requestArgs, originator, async (transformedArgs) => {
+                return await this.underlying.getPublicKey(transformedArgs, originator);
+            });
+            if (pModuleResult !== null) {
+                return pModuleResult;
+            }
+            // Not a P-protocol, continue with normal permission flow
             await this.ensureProtocolPermission({
                 originator: originator,
                 privileged: requestArgs.privileged,
@@ -2034,6 +2159,13 @@ class WalletPermissionsManager {
     }
     async encrypt(...args) {
         const [requestArgs, originator] = args;
+        // Delegate to permission module if needed
+        const pModuleResult = await this.delegateToPModuleIfNeeded(requestArgs.protocolID[1], 'encrypt', requestArgs, originator, async (transformedArgs) => {
+            return await this.underlying.encrypt(transformedArgs, originator);
+        });
+        if (pModuleResult !== null) {
+            return pModuleResult;
+        }
         await this.ensureProtocolPermission({
             originator: originator,
             protocolID: requestArgs.protocolID,
@@ -2046,6 +2178,13 @@ class WalletPermissionsManager {
     }
     async decrypt(...args) {
         const [requestArgs, originator] = args;
+        // Delegate to permission module if needed
+        const pModuleResult = await this.delegateToPModuleIfNeeded(requestArgs.protocolID[1], 'decrypt', requestArgs, originator, async (transformedArgs) => {
+            return await this.underlying.decrypt(transformedArgs, originator);
+        });
+        if (pModuleResult !== null) {
+            return pModuleResult;
+        }
         await this.ensureProtocolPermission({
             originator: originator,
             privileged: requestArgs.privileged,
@@ -2058,6 +2197,13 @@ class WalletPermissionsManager {
     }
     async createHmac(...args) {
         const [requestArgs, originator] = args;
+        // Delegate to permission module if needed
+        const pModuleResult = await this.delegateToPModuleIfNeeded(requestArgs.protocolID[1], 'createHmac', requestArgs, originator, async (transformedArgs) => {
+            return await this.underlying.createHmac(transformedArgs, originator);
+        });
+        if (pModuleResult !== null) {
+            return pModuleResult;
+        }
         await this.ensureProtocolPermission({
             originator: originator,
             privileged: requestArgs.privileged,
@@ -2070,6 +2216,13 @@ class WalletPermissionsManager {
     }
     async verifyHmac(...args) {
         const [requestArgs, originator] = args;
+        // Delegate to permission module if needed
+        const pModuleResult = await this.delegateToPModuleIfNeeded(requestArgs.protocolID[1], 'verifyHmac', requestArgs, originator, async (transformedArgs) => {
+            return await this.underlying.verifyHmac(transformedArgs, originator);
+        });
+        if (pModuleResult !== null) {
+            return pModuleResult;
+        }
         await this.ensureProtocolPermission({
             originator: originator,
             privileged: requestArgs.privileged,
@@ -2082,6 +2235,13 @@ class WalletPermissionsManager {
     }
     async createSignature(...args) {
         const [requestArgs, originator] = args;
+        // Delegate to permission module if needed
+        const pModuleResult = await this.delegateToPModuleIfNeeded(requestArgs.protocolID[1], 'createSignature', requestArgs, originator, async (transformedArgs) => {
+            return await this.underlying.createSignature(transformedArgs, originator);
+        });
+        if (pModuleResult !== null) {
+            return pModuleResult;
+        }
         await this.ensureProtocolPermission({
             originator: originator,
             privileged: requestArgs.privileged,
@@ -2094,6 +2254,13 @@ class WalletPermissionsManager {
     }
     async verifySignature(...args) {
         const [requestArgs, originator] = args;
+        // Delegate to permission module if needed
+        const pModuleResult = await this.delegateToPModuleIfNeeded(requestArgs.protocolID[1], 'verifySignature', requestArgs, originator, async (transformedArgs) => {
+            return await this.underlying.verifySignature(transformedArgs, originator);
+        });
+        if (pModuleResult !== null) {
+            return pModuleResult;
+        }
         await this.ensureProtocolPermission({
             originator: originator,
             privileged: requestArgs.privileged,
@@ -2327,7 +2494,7 @@ class WalletPermissionsManager {
      */
     isAdminProtocol(proto) {
         const protocolName = proto[1];
-        if (protocolName.startsWith('admin') || protocolName.startsWith('p ')) {
+        if (protocolName.startsWith('admin')) {
             return true;
         }
         return false;
@@ -2357,8 +2524,6 @@ class WalletPermissionsManager {
             return true;
         if (basket.startsWith('admin'))
             return true;
-        if (basket.startsWith('p '))
-            return true;
         return false;
     }
     /**