@cavos/kit 0.0.1 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +113 -42
- package/dist/Cavos-BH2_tOQ2.d.mts +994 -0
- package/dist/Cavos-BH2_tOQ2.d.ts +994 -0
- package/dist/chunk-BNGLH3Q3.mjs +2777 -0
- package/dist/chunk-BNGLH3Q3.mjs.map +1 -0
- package/dist/index.d.mts +156 -242
- package/dist/index.d.ts +156 -242
- package/dist/index.js +1989 -151
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +88 -2
- package/dist/index.mjs.map +1 -1
- package/dist/react/index.d.mts +42 -5
- package/dist/react/index.d.ts +42 -5
- package/dist/react/index.js +1786 -86
- package/dist/react/index.js.map +1 -1
- package/dist/react/index.mjs +48 -7
- package/dist/react/index.mjs.map +1 -1
- package/package.json +4 -1
- package/dist/chunk-XWBX2ZIO.mjs +0 -1061
- package/dist/chunk-XWBX2ZIO.mjs.map +0 -1
- package/dist/constants-C530TZFF.d.mts +0 -89
- package/dist/constants-C530TZFF.d.ts +0 -89
package/dist/index.d.ts
CHANGED
|
@@ -1,244 +1,8 @@
|
|
|
1
|
-
import {
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
* Identity for a Cavos wallet. Login (email / social / OTP) only ever produces a
|
|
7
|
-
* stable `userId`; that's all the wallet needs to derive its address. Auth never
|
|
8
|
-
* touches signing — the device key does that, silently.
|
|
9
|
-
*
|
|
10
|
-
* Privy-style UX: the user "logs in" and the wallet is provisioned behind the
|
|
11
|
-
* scenes (device key + auto-deployed smart account). The app never handles keys.
|
|
12
|
-
*/
|
|
13
|
-
interface Identity {
|
|
14
|
-
/** Stable, backend-managed user identifier. */
|
|
15
|
-
userId: string;
|
|
16
|
-
/** Optional metadata (email, provider) for display only. */
|
|
17
|
-
email?: string;
|
|
18
|
-
provider?: "google" | "apple" | "email" | "otp" | string;
|
|
19
|
-
}
|
|
20
|
-
/**
|
|
21
|
-
* Authenticates a user and returns their stable identity. Implementations:
|
|
22
|
-
* - `CavosAuth` (hosted, mirrors `@cavos/react`: Google/Apple/email/OTP via the
|
|
23
|
-
* Cavos backend) — the default, Privy-like experience.
|
|
24
|
-
* - any custom provider (the app already authenticated the user elsewhere).
|
|
25
|
-
*/
|
|
26
|
-
interface AuthProvider {
|
|
27
|
-
authenticate(): Promise<Identity>;
|
|
28
|
-
}
|
|
29
|
-
/** Trivial provider when the app already has the user's stable id. */
|
|
30
|
-
declare class StaticIdentity implements AuthProvider {
|
|
31
|
-
private readonly identity;
|
|
32
|
-
constructor(identity: Identity);
|
|
33
|
-
authenticate(): Promise<Identity>;
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
/**
|
|
37
|
-
* Off-chain map of `user_id -> wallet`. Because the account address is
|
|
38
|
-
* `f(identity, first_device_pubkey)` (unforgeable, secure), it is NOT derivable
|
|
39
|
-
* from the identity alone on a new device. The backend is the source of truth
|
|
40
|
-
* for "does this user already have a wallet?" — enabling multi-device:
|
|
41
|
-
*
|
|
42
|
-
* - First device, unknown user -> deploy a new wallet, then `register`.
|
|
43
|
-
* - Same user, new device -> `lookup` returns the existing wallet; the
|
|
44
|
-
* new device is added as a signer (recovery
|
|
45
|
-
* approval), NOT a new wallet.
|
|
46
|
-
*
|
|
47
|
-
* The backend implements this (it already manages the user<->address binding).
|
|
48
|
-
*/
|
|
49
|
-
interface WalletRegistry {
|
|
50
|
-
/** The user's existing wallet, or null if they don't have one yet. */
|
|
51
|
-
lookup(userId: string): Promise<RegisteredWallet | null>;
|
|
52
|
-
/** Record a freshly deployed wallet for the user (first device). */
|
|
53
|
-
register(params: {
|
|
54
|
-
userId: string;
|
|
55
|
-
address: string;
|
|
56
|
-
initialSigner: DevicePublicKey;
|
|
57
|
-
}): Promise<void>;
|
|
58
|
-
/** Note an additional device signer for the user's wallet (after approval). */
|
|
59
|
-
addDevice?(params: {
|
|
60
|
-
userId: string;
|
|
61
|
-
address: string;
|
|
62
|
-
signer: DevicePublicKey;
|
|
63
|
-
}): Promise<void>;
|
|
64
|
-
}
|
|
65
|
-
interface RegisteredWallet {
|
|
66
|
-
address: string;
|
|
67
|
-
/** Public keys of the devices registered on this wallet (if tracked). */
|
|
68
|
-
devices?: DevicePublicKey[];
|
|
69
|
-
}
|
|
70
|
-
/** Simple in-memory registry for demos / tests. */
|
|
71
|
-
declare class InMemoryWalletRegistry implements WalletRegistry {
|
|
72
|
-
private wallets;
|
|
73
|
-
lookup(userId: string): Promise<RegisteredWallet | null>;
|
|
74
|
-
register(params: {
|
|
75
|
-
userId: string;
|
|
76
|
-
address: string;
|
|
77
|
-
initialSigner: DevicePublicKey;
|
|
78
|
-
}): Promise<void>;
|
|
79
|
-
addDevice(params: {
|
|
80
|
-
userId: string;
|
|
81
|
-
address: string;
|
|
82
|
-
signer: DevicePublicKey;
|
|
83
|
-
}): Promise<void>;
|
|
84
|
-
}
|
|
85
|
-
|
|
86
|
-
/**
|
|
87
|
-
* Multi-device / recovery flow (roadmap §1.2). A new device requests addition;
|
|
88
|
-
* the backend emails an approval prompt styled as a login request; the user
|
|
89
|
-
* approves on an ALREADY-registered device, which signs `add_signer` for the
|
|
90
|
-
* new pubkey. There is no legacy JWT path — recovery is purely device-signer
|
|
91
|
-
* based.
|
|
92
|
-
*
|
|
93
|
-
* The backend lives outside this repo; this is the client contract the kit
|
|
94
|
-
* speaks to. Provide an implementation (HTTP, etc.) when wiring an app.
|
|
95
|
-
*/
|
|
96
|
-
interface RecoveryClient {
|
|
97
|
-
/**
|
|
98
|
-
* Step 1 (new device): request that this pubkey be added to the user's
|
|
99
|
-
* account. Triggers the approval email. Returns a request id to poll.
|
|
100
|
-
*/
|
|
101
|
-
requestDeviceAddition(params: {
|
|
102
|
-
userId: string;
|
|
103
|
-
accountAddress: string;
|
|
104
|
-
newSigner: DevicePublicKey;
|
|
105
|
-
/** Owner email to send the approval link to (the SDK has it from login). */
|
|
106
|
-
email?: string;
|
|
107
|
-
/** Optional device label (browser/UA) shown in the approval email. */
|
|
108
|
-
deviceLabel?: string;
|
|
109
|
-
}): Promise<{
|
|
110
|
-
requestId: string;
|
|
111
|
-
}>;
|
|
112
|
-
/**
|
|
113
|
-
* Step 3-4 (existing device): fetch a pending addition request so the
|
|
114
|
-
* registered device can approve it by signing `add_signer`.
|
|
115
|
-
*/
|
|
116
|
-
getPendingRequest(requestId: string): Promise<PendingDeviceRequest | null>;
|
|
117
|
-
/** Mark a request approved after the `add_signer` tx is submitted. */
|
|
118
|
-
confirmDeviceAddition(params: {
|
|
119
|
-
requestId: string;
|
|
120
|
-
txHash: string;
|
|
121
|
-
}): Promise<void>;
|
|
122
|
-
}
|
|
123
|
-
interface PendingDeviceRequest {
|
|
124
|
-
requestId: string;
|
|
125
|
-
appId?: string;
|
|
126
|
-
userId: string;
|
|
127
|
-
accountAddress: string;
|
|
128
|
-
newSigner: DevicePublicKey;
|
|
129
|
-
createdAt: string;
|
|
130
|
-
status: "pending" | "approved" | "expired";
|
|
131
|
-
}
|
|
132
|
-
|
|
133
|
-
interface ConnectOptions {
|
|
134
|
-
network: StarknetNetwork;
|
|
135
|
-
/** Authenticated user (pass `identity` directly, or an `auth` provider). */
|
|
136
|
-
auth?: AuthProvider;
|
|
137
|
-
identity?: Identity;
|
|
138
|
-
appSalt: string;
|
|
139
|
-
/**
|
|
140
|
-
* Cavos App ID. When set (with `backendUrl`), the kit uses the hosted
|
|
141
|
-
* WalletRegistry + RecoveryClient by default for real multi-device support.
|
|
142
|
-
*/
|
|
143
|
-
appId?: string;
|
|
144
|
-
/** Cavos backend base URL. Defaults to https://cavos.xyz. */
|
|
145
|
-
backendUrl?: string;
|
|
146
|
-
/**
|
|
147
|
-
* Off-chain user_id -> wallet map. Defaults to the hosted HttpWalletRegistry
|
|
148
|
-
* when `appId` is set, else an in-memory registry (single-device only).
|
|
149
|
-
*/
|
|
150
|
-
registry?: WalletRegistry;
|
|
151
|
-
/**
|
|
152
|
-
* Device-approval relay. Defaults to HttpRecoveryClient when `appId` is set;
|
|
153
|
-
* used to request addition of this device when it isn't an authorized signer.
|
|
154
|
-
*/
|
|
155
|
-
recovery?: RecoveryClient;
|
|
156
|
-
/** Cavos paymaster API key (sponsors deploy + execute). */
|
|
157
|
-
paymasterApiKey: string;
|
|
158
|
-
paymasterUrl?: string;
|
|
159
|
-
rpcUrl?: string;
|
|
160
|
-
classHash?: string;
|
|
161
|
-
/** Override the device signer factory (native / tests); default WebCrypto. */
|
|
162
|
-
createSigner?: (keyId: string) => Promise<DeviceSigner>;
|
|
163
|
-
}
|
|
164
|
-
/** Whether this device can already operate the wallet, or needs to be added. */
|
|
165
|
-
type ConnectStatus = "ready" | "needs-device-approval";
|
|
166
|
-
/** Options for recovering an account after losing every device signer. */
|
|
167
|
-
interface RecoveryOptions {
|
|
168
|
-
/** The recovery code the user stored when they ran setupRecovery. */
|
|
169
|
-
code: string;
|
|
170
|
-
/** Authenticated identity (same user who owns the account). */
|
|
171
|
-
identity: Identity;
|
|
172
|
-
network: StarknetNetwork;
|
|
173
|
-
appSalt: string;
|
|
174
|
-
paymasterApiKey: string;
|
|
175
|
-
appId?: string;
|
|
176
|
-
backendUrl?: string;
|
|
177
|
-
rpcUrl?: string;
|
|
178
|
-
paymasterUrl?: string;
|
|
179
|
-
classHash?: string;
|
|
180
|
-
/** Off-chain user_id -> wallet map. Defaults to the hosted registry. */
|
|
181
|
-
registry?: WalletRegistry;
|
|
182
|
-
/** Override the new device's signer (native / tests); default WebCrypto. */
|
|
183
|
-
createSigner?: (keyId: string) => Promise<DeviceSigner>;
|
|
184
|
-
}
|
|
185
|
-
/**
|
|
186
|
-
* High-level Cavos wallet. One call logs the user in and returns a ready, gas-
|
|
187
|
-
* sponsored smart account controlled by a silent device key.
|
|
188
|
-
*
|
|
189
|
-
* const cavos = await Cavos.connect({ network, identity, appSalt, registry, paymasterApiKey });
|
|
190
|
-
* if (cavos.status === "ready") await cavos.execute(calls);
|
|
191
|
-
*
|
|
192
|
-
* The account address is `f(identity, device_pubkey)` — unforgeable, so it can't
|
|
193
|
-
* be hijacked. The `registry` recognizes returning users across devices: a new
|
|
194
|
-
* device on an existing account is flagged `needs-device-approval` (add it via
|
|
195
|
-
* an already-registered device) instead of creating a second wallet.
|
|
196
|
-
*/
|
|
197
|
-
declare class Cavos {
|
|
198
|
-
readonly identity: Identity;
|
|
199
|
-
readonly address: string;
|
|
200
|
-
readonly status: ConnectStatus;
|
|
201
|
-
readonly account: Account;
|
|
202
|
-
private readonly adapter;
|
|
203
|
-
private readonly devicePubkey;
|
|
204
|
-
/** Request id of the pending device-addition, when status is needs-device-approval. */
|
|
205
|
-
pendingRequestId: string | null;
|
|
206
|
-
private constructor();
|
|
207
|
-
static connect(opts: ConnectOptions): Promise<Cavos>;
|
|
208
|
-
/** This device's public key (e.g. to request addition to an existing wallet). */
|
|
209
|
-
get publicKey(): DevicePublicKey;
|
|
210
|
-
/** Execute a sponsored (gasless) multicall, signed silently by the device. */
|
|
211
|
-
execute(calls: ChainCall[]): Promise<{
|
|
212
|
-
transactionHash: string;
|
|
213
|
-
}>;
|
|
214
|
-
/** Authorize an additional device signer (sponsored). Self-submitted. */
|
|
215
|
-
addSigner(pubkey: DevicePublicKey): Promise<{
|
|
216
|
-
transactionHash: string;
|
|
217
|
-
}>;
|
|
218
|
-
/**
|
|
219
|
-
* Register a self-custodial backup signer derived from `code`, so the account
|
|
220
|
-
* can be recovered after the user loses every device. Idempotent: if the
|
|
221
|
-
* derived backup key is already an authorised signer, this is a no-op.
|
|
222
|
-
*
|
|
223
|
-
* The code never leaves the device — only its deterministic public key is
|
|
224
|
-
* added on-chain as an ordinary signer. Sponsor this like any other
|
|
225
|
-
* add_signer (gasless). Returns the transaction hash (or undefined when the
|
|
226
|
-
* backup was already set up).
|
|
227
|
-
*/
|
|
228
|
-
setupRecovery(code: string): Promise<{
|
|
229
|
-
transactionHash: string;
|
|
230
|
-
} | undefined>;
|
|
231
|
-
/**
|
|
232
|
-
* Recover an account after losing every device signer. Derives the backup key
|
|
233
|
-
* from `code`, uses it (not the new device key) to sign an `add_signer` for
|
|
234
|
-
* the new device, and returns a ready Cavos bound to the new device. The
|
|
235
|
-
* account address is unchanged.
|
|
236
|
-
*
|
|
237
|
-
* Self-custodial: only someone holding the code (i.e. the rightful owner) can
|
|
238
|
-
* re-derive the backup key. The backend never sees the code.
|
|
239
|
-
*/
|
|
240
|
-
static recover(opts: RecoveryOptions): Promise<Cavos>;
|
|
241
|
-
}
|
|
1
|
+
import { A as AuthProvider, I as Identity, W as WalletRegistry, R as RegisteredWallet, D as DevicePublicKey, a as RecoveryClient, P as PendingDeviceRequest, b as DeviceSigner, c as DeviceSignature, C as ChainAdapter, d as ComputeAddressParams, e as ChainCall, f as PasskeyAssertion, S as StellarNetwork } from './Cavos-BH2_tOQ2.js';
|
|
2
|
+
export { g as Cavos, h as CavosSolana, i as CavosStellar, j as CavosWallet, k as Chain, l as ConnectOptions, m as ConnectSolanaOptions, n as ConnectStatus, o as ConnectStellarOptions, p as DEVICE_ACCOUNT_PROGRAM_ID, q as DEVICE_ACCOUNT_WASM_HASH, E as EnrolledPasskey, F as FACTORY_CONTRACT_ID, r as InMemoryWalletRegistry, s as InstructionAccount, t as InstructionData, N as NATIVE_SAC_ID, u as NetworkEnv, v as PasskeyApprovable, w as PasskeyEnrollParams, x as PasskeySigner, y as PasskeySignerOptions, z as RecoverSolanaOptions, B as RecoverStellarOptions, G as RecoveryOptions, H as SECP256R1_PROGRAM_ID, J as SOLANA_NETWORKS, K as STELLAR_NETWORKS, L as SolanaAdapter, M as SolanaAdapterOptions, O as SolanaNetwork, Q as SolanaRelayer, T as SolanaRelayerOptions, U as StaticIdentity, V as StellarRelayer, X as StellarRelayerOptions, Y as anchorDiscriminator, Z as approveDeviceEverywhere, _ as base64urlEncode, $ as batchChallenge, a0 as buildSecp256r1Instruction, a1 as compressedPubkey, a2 as encodeLowSSignature, a3 as lowS, a4 as recoverCandidatePublicKeys, a5 as serializeInstructions, a6 as webauthnDigest } from './Cavos-BH2_tOQ2.js';
|
|
3
|
+
import { Signer, ArraySignatureType } from 'starknet';
|
|
4
|
+
import { rpc, xdr } from '@stellar/stellar-sdk';
|
|
5
|
+
import '@solana/web3.js';
|
|
242
6
|
|
|
243
7
|
interface CavosAuthOptions {
|
|
244
8
|
/** Cavos backend base URL. Defaults to the hosted service (same as @cavos/react). */
|
|
@@ -320,6 +84,21 @@ interface IdentityInput {
|
|
|
320
84
|
}
|
|
321
85
|
/** Derive the felt `address_seed` passed to the contract constructor. */
|
|
322
86
|
declare function deriveAddressSeed({ userId, appSalt }: IdentityInput): bigint;
|
|
87
|
+
/**
|
|
88
|
+
* Solana variant: a 32-byte `address_seed` for the Cavos device-account PDA.
|
|
89
|
+
* Uses the SAME identity input as Starknet (`userId + appSalt`) but hashes with
|
|
90
|
+
* SHA-256 instead of Poseidon, since Solana has no native Poseidon and the PDA
|
|
91
|
+
* seed is raw bytes. The same user therefore maps to a stable, app-scoped
|
|
92
|
+
* address on each chain (different address spaces, one identity).
|
|
93
|
+
*/
|
|
94
|
+
declare function deriveAddressSeedSolana({ userId, appSalt }: IdentityInput): Uint8Array;
|
|
95
|
+
/**
|
|
96
|
+
* Stellar variant: a 32-byte `address_seed` used as the Soroban account's seed
|
|
97
|
+
* and folded (with the initial device signer) into the factory deploy salt.
|
|
98
|
+
* Same identity input as the other chains, SHA-256 hashed, with a Stellar-scoped
|
|
99
|
+
* domain so the same user maps to a distinct address per chain.
|
|
100
|
+
*/
|
|
101
|
+
declare function deriveAddressSeedStellar({ userId, appSalt }: IdentityInput): Uint8Array;
|
|
323
102
|
|
|
324
103
|
interface HttpWalletRegistryOptions {
|
|
325
104
|
/** Cavos backend base URL (e.g. https://cavos.xyz). */
|
|
@@ -478,6 +257,18 @@ declare class StarknetAdapter implements ChainAdapter {
|
|
|
478
257
|
buildRemoveSigner(accountAddress: string, signer: DevicePublicKey): ChainCall;
|
|
479
258
|
isAuthorizedSigner(accountAddress: string, signer: DevicePublicKey): Promise<boolean>;
|
|
480
259
|
buildSignature(txHash: bigint): Promise<string[]>;
|
|
260
|
+
buildAddApprover(accountAddress: string, passkey: DevicePublicKey): ChainCall;
|
|
261
|
+
buildRemoveApprover(accountAddress: string, passkey: DevicePublicKey): ChainCall;
|
|
262
|
+
isApprover(accountAddress: string, passkey: DevicePublicKey): Promise<boolean>;
|
|
263
|
+
getPasskeyNonce(accountAddress: string): Promise<bigint>;
|
|
264
|
+
/** This chain's leaf for approving `add_signer(newSigner)` at `nonce`:
|
|
265
|
+
* `sha256(new_x || new_y || nonce)` (coords 32B BE, nonce 16B BE). The batch
|
|
266
|
+
* challenge the passkey signs is `sha256(concat(leaves))` across chains. */
|
|
267
|
+
passkeyLeaf(newSigner: DevicePublicKey, nonce: bigint): Uint8Array;
|
|
268
|
+
/** Passkey-authorized `add_signer` call. `leaves`/`leafIndex` place this chain's
|
|
269
|
+
* leaf in the multi-chain batch (single chain → `[leaf]`, index 0). `yParity`
|
|
270
|
+
* matches the raw `(r, s)` — the contract normalizes high-S internally. */
|
|
271
|
+
buildAddSignerViaPasskey(accountAddress: string, newSigner: DevicePublicKey, nonce: bigint, leaves: Uint8Array[], leafIndex: number, assertion: PasskeyAssertion, yParity: boolean): ChainCall;
|
|
481
272
|
}
|
|
482
273
|
|
|
483
274
|
/**
|
|
@@ -501,6 +292,129 @@ declare class StarknetDeviceSigner extends Signer {
|
|
|
501
292
|
protected signRaw(msgHash: string): Promise<ArraySignatureType>;
|
|
502
293
|
}
|
|
503
294
|
|
|
295
|
+
/** Starknet network presets and well-known addresses for the kit. */
|
|
296
|
+
declare const STARKNET_NETWORKS: {
|
|
297
|
+
readonly sepolia: {
|
|
298
|
+
readonly chainId: "0x534e5f5345504f4c4941";
|
|
299
|
+
readonly rpcUrl: "https://api.cartridge.gg/x/starknet/sepolia";
|
|
300
|
+
};
|
|
301
|
+
readonly mainnet: {
|
|
302
|
+
readonly chainId: "0x534e5f4d41494e";
|
|
303
|
+
readonly rpcUrl: "https://api.cartridge.gg/x/starknet/mainnet";
|
|
304
|
+
};
|
|
305
|
+
};
|
|
306
|
+
type StarknetNetwork = keyof typeof STARKNET_NETWORKS;
|
|
307
|
+
/** Universal Deployer Contract (same address on mainnet & sepolia). */
|
|
308
|
+
declare const UDC_ADDRESS = "0x041a78e741e5af2fec34b695679bc6891742439f7afb8484ecd7766661ad02bf";
|
|
309
|
+
/**
|
|
310
|
+
* DeviceAccount class hash, per network. Populated from
|
|
311
|
+
* `account-contracts/starknet/deployments/<network>.json` after declaring.
|
|
312
|
+
*
|
|
313
|
+
* Sepolia re-declared 2026-07-01 with the passkey-approval surface + BATCHED
|
|
314
|
+
* multi-chain challenge (one passkey prompt approves a device on all chains).
|
|
315
|
+
* Mainnet still runs the prior class (no passkey) until it is re-declared.
|
|
316
|
+
*/
|
|
317
|
+
declare const DEVICE_ACCOUNT_CLASS_HASH: Record<StarknetNetwork, string>;
|
|
318
|
+
|
|
319
|
+
interface StellarAdapterOptions {
|
|
320
|
+
network: StellarNetwork;
|
|
321
|
+
/** RPC override (else the network default). */
|
|
322
|
+
rpcUrl?: string;
|
|
323
|
+
/** Factory contract id override (else the per-network default). */
|
|
324
|
+
factoryId?: string;
|
|
325
|
+
/** The device signer that authorizes account operations. */
|
|
326
|
+
signer: DeviceSigner;
|
|
327
|
+
}
|
|
328
|
+
/**
|
|
329
|
+
* Stellar / Soroban implementation of the Cavos device-account surface. Unlike
|
|
330
|
+
* Starknet (`buildSignature(txHash: bigint)`) the Soroban signing unit is a
|
|
331
|
+
* 32-byte Soroban *auth-entry* preimage, so — as the Solana adapter did for its
|
|
332
|
+
* own model — this adapter exposes chain-native methods rather than the generic
|
|
333
|
+
* `ChainAdapter` shape. Its job:
|
|
334
|
+
* - derive the deterministic account address off-chain (matches the factory),
|
|
335
|
+
* - build the factory/account/token invocations as host functions, and
|
|
336
|
+
* - sign a Soroban authorization entry with the silent P-256 device key,
|
|
337
|
+
* producing the `Vec<DeviceSignature>` ScVal that the contract's
|
|
338
|
+
* `__check_auth` verifies.
|
|
339
|
+
*/
|
|
340
|
+
declare class StellarAdapter {
|
|
341
|
+
readonly chain: "stellar";
|
|
342
|
+
readonly network: StellarNetwork;
|
|
343
|
+
readonly passphrase: string;
|
|
344
|
+
private readonly rpcUrl;
|
|
345
|
+
private readonly factoryId;
|
|
346
|
+
private readonly signer;
|
|
347
|
+
private _server?;
|
|
348
|
+
constructor(opts: StellarAdapterOptions);
|
|
349
|
+
server(): rpc.Server;
|
|
350
|
+
private networkId;
|
|
351
|
+
/**
|
|
352
|
+
* Deterministic account address for `(addressSeed, initialSigner)` — computed
|
|
353
|
+
* off-chain, byte-identical to the factory's on-chain `account_address`.
|
|
354
|
+
* `contractId = sha256(HashIdPreimage(networkId, factory, salt))` with
|
|
355
|
+
* `salt = sha256(addressSeed || sec1(initialSigner))`.
|
|
356
|
+
*/
|
|
357
|
+
computeAddress(addressSeed: Uint8Array, initialSigner: DevicePublicKey): string;
|
|
358
|
+
/** `salt = sha256(addressSeed(32) || sec1(initialSigner)(65))` — matches the factory. */
|
|
359
|
+
accountSalt(addressSeed: Uint8Array, initialSigner: DevicePublicKey): Buffer;
|
|
360
|
+
/** Host function: `factory.deploy(address_seed, initial_signer)`. */
|
|
361
|
+
buildDeploy(addressSeed: Uint8Array, initialSigner: DevicePublicKey): xdr.HostFunction;
|
|
362
|
+
/** Host function: `account.add_signer(new_signer)` (requires device auth). */
|
|
363
|
+
buildAddSigner(accountAddress: string, signer: DevicePublicKey): xdr.HostFunction;
|
|
364
|
+
/** Host function: `account.remove_signer(signer)` (requires device auth). */
|
|
365
|
+
buildRemoveSigner(accountAddress: string, signer: DevicePublicKey): xdr.HostFunction;
|
|
366
|
+
/** Host function: `account.add_approver(passkey)` (requires device auth). */
|
|
367
|
+
buildAddApprover(accountAddress: string, passkey: DevicePublicKey): xdr.HostFunction;
|
|
368
|
+
/** Host function: `account.remove_approver(passkey)` (requires device auth). */
|
|
369
|
+
buildRemoveApprover(accountAddress: string, passkey: DevicePublicKey): xdr.HostFunction;
|
|
370
|
+
/** This chain's leaf for approving `add_signer(newSigner)` at `nonce`:
|
|
371
|
+
* `sha256(sec1(new_signer) || nonce_be8)`. The batch challenge the passkey signs
|
|
372
|
+
* is `sha256(concat(leaves))` across chains. */
|
|
373
|
+
passkeyLeaf(newSigner: DevicePublicKey, nonce: bigint): Uint8Array;
|
|
374
|
+
/** Host function: passkey-authorized `add_signer_via_passkey` (no device auth —
|
|
375
|
+
* authorized by the embedded WebAuthn assertion, so any relayer can submit).
|
|
376
|
+
* `leaves`/`leafIndex` place this chain's leaf in the multi-chain batch. */
|
|
377
|
+
buildAddSignerViaPasskey(accountAddress: string, newSigner: DevicePublicKey, passkey: DevicePublicKey, nonce: bigint, leaves: Uint8Array[], leafIndex: number, assertion: PasskeyAssertion): xdr.HostFunction;
|
|
378
|
+
/** Read whether `passkey` is a registered approver (read-only simulation). */
|
|
379
|
+
isApprover(accountAddress: string, passkey: DevicePublicKey, readSource: string): Promise<boolean>;
|
|
380
|
+
/** Read the current passkey-approval nonce (read-only simulation). */
|
|
381
|
+
passkeyNonce(accountAddress: string, readSource: string): Promise<bigint>;
|
|
382
|
+
/** Host function: SEP-41 `token.transfer(from=account, to, amount)` (device auth). */
|
|
383
|
+
buildTransfer(tokenId: string, accountAddress: string, destination: string, amount: bigint): xdr.HostFunction;
|
|
384
|
+
/**
|
|
385
|
+
* Sign a Soroban authorization entry with the silent device key, producing the
|
|
386
|
+
* `Vec<DeviceSignature>` the account's `__check_auth` verifies. The device
|
|
387
|
+
* signs `sha256(preimage)` (WebCrypto hashes once more internally), which is
|
|
388
|
+
* exactly what the contract recomputes. Mutates + returns the entry.
|
|
389
|
+
*/
|
|
390
|
+
signAuthEntry(entry: xdr.SorobanAuthorizationEntry, validUntilLedger: number): Promise<xdr.SorobanAuthorizationEntry>;
|
|
391
|
+
/**
|
|
392
|
+
* Read a SEP-41 token balance of `account` via a read-only simulation of
|
|
393
|
+
* `token.balance(account)`. Returns 0 when the account isn't deployed or holds
|
|
394
|
+
* none. `readSource` is any funded G-account (used only for the simulation).
|
|
395
|
+
*/
|
|
396
|
+
readBalance(tokenId: string, account: string, readSource: string): Promise<bigint>;
|
|
397
|
+
/** Whether the account contract instance exists on-chain (is deployed). */
|
|
398
|
+
isDeployed(accountAddress: string): Promise<boolean>;
|
|
399
|
+
/**
|
|
400
|
+
* Read whether `signer` is a currently-authorized signer of the account, via a
|
|
401
|
+
* read-only simulation of `account.is_authorized(signer)`. `readSource` is any
|
|
402
|
+
* funded G-account (used only for the simulation's source/sequence).
|
|
403
|
+
*/
|
|
404
|
+
isAuthorizedSigner(accountAddress: string, signer: DevicePublicKey, readSource: string): Promise<boolean>;
|
|
405
|
+
}
|
|
406
|
+
/** SEC-1 uncompressed P-256 public key (65 bytes: 0x04 || X || Y). */
|
|
407
|
+
declare function sec1Pubkey(pk: DevicePublicKey): Uint8Array;
|
|
408
|
+
/** Raw 64-byte `r || s`, normalized to low-S (secp256r1_verify requires it). */
|
|
409
|
+
declare function encodeLowSSignature(sig: DeviceSignature): Uint8Array;
|
|
410
|
+
/**
|
|
411
|
+
* The `Vec<DeviceSignature>` ScVal the contract's `__check_auth` decodes. Each
|
|
412
|
+
* element is a struct `{ public_key: BytesN<65>, signature: BytesN<64> }`.
|
|
413
|
+
* Soroban serializes a struct as a symbol-keyed map sorted by key; `public_key`
|
|
414
|
+
* precedes `signature`, so `nativeToScVal` (which sorts) yields the exact layout.
|
|
415
|
+
*/
|
|
416
|
+
declare function deviceSignatureScVal(pubkey: DevicePublicKey, sig: DeviceSignature): xdr.ScVal;
|
|
417
|
+
|
|
504
418
|
/**
|
|
505
419
|
* Serialize a device signature to the felt array for `tx_info.signature`:
|
|
506
420
|
* [ r_low, r_high, s_low, s_high, y_parity ]
|
|
@@ -526,4 +440,4 @@ declare function hexToBytes(hex: string): Uint8Array;
|
|
|
526
440
|
/** A felt/bigint -> 32-byte big-endian Uint8Array (the tx-hash width). */
|
|
527
441
|
declare function bigIntTo32Bytes(value: bigint): Uint8Array;
|
|
528
442
|
|
|
529
|
-
export {
|
|
443
|
+
export { AuthProvider, BackupSigner, CavosAuth, type CavosAuthOptions, ChainAdapter, ChainCall, ComputeAddressParams, DEVICE_ACCOUNT_CLASS_HASH, DevicePublicKey, DeviceSignature, DeviceSigner, HttpRecoveryClient, type HttpRecoveryClientOptions, HttpWalletRegistry, type HttpWalletRegistryOptions, Identity, type IdentityInput, PasskeyAssertion, PendingDeviceRequest, RecoveryClient, RegisteredWallet, STARKNET_NETWORKS, StarknetAdapter, type StarknetAdapterOptions, StarknetDeviceSigner, type StarknetNetwork, StellarAdapter, type StellarAdapterOptions, StellarNetwork, UDC_ADDRESS, WalletRegistry, WebCryptoSigner, type WebCryptoSignerOptions, bigIntTo32Bytes, bytesToBigInt, bytesToHex, deriveAddressSeed, deriveAddressSeedSolana, deriveAddressSeedStellar, deriveBackupKey, deviceSignatureScVal, encodeLowSSignature as encodeStellarLowSSignature, generateRecoveryCode, hexToBytes, recoverYParity, sec1Pubkey, signatureToFelts, u256ToFelts };
|