@cavos/kit 0.0.2 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.mts CHANGED
@@ -1,6 +1,7 @@
1
- import { A as AuthProvider, I as Identity, W as WalletRegistry, R as RegisteredWallet, D as DevicePublicKey, a as RecoveryClient, P as PendingDeviceRequest, b as DeviceSigner, c as DeviceSignature, C as ChainAdapter, d as ComputeAddressParams, e as ChainCall } from './Cavos-C2KHZxxu.mjs';
2
- export { f as Cavos, g as CavosSolana, h as CavosWallet, i as Chain, j as ConnectOptions, k as ConnectSolanaOptions, l as ConnectStatus, m as DEVICE_ACCOUNT_PROGRAM_ID, n as InMemoryWalletRegistry, o as InstructionAccount, p as InstructionData, N as NetworkEnv, q as RecoverSolanaOptions, r as RecoveryOptions, S as SECP256R1_PROGRAM_ID, s as SOLANA_NETWORKS, t as SolanaAdapter, u as SolanaAdapterOptions, v as SolanaNetwork, w as SolanaRelayer, x as SolanaRelayerOptions, y as StaticIdentity, z as anchorDiscriminator, B as buildSecp256r1Instruction, E as compressedPubkey, F as encodeLowSSignature, G as serializeInstructions } from './Cavos-C2KHZxxu.mjs';
1
+ import { A as AuthProvider, I as Identity, W as WalletRegistry, R as RegisteredWallet, D as DevicePublicKey, a as RecoveryClient, P as PendingDeviceRequest, b as DeviceSigner, c as DeviceSignature, C as ChainAdapter, d as ComputeAddressParams, e as ChainCall, f as PasskeyAssertion, S as StellarNetwork } from './Cavos-x9qFpOvJ.mjs';
2
+ export { g as Cavos, h as CavosSolana, i as CavosStellar, j as CavosWallet, k as Chain, l as ConnectOptions, m as ConnectSolanaOptions, n as ConnectStatus, o as ConnectStellarOptions, p as DEVICE_ACCOUNT_PROGRAM_ID, q as DEVICE_ACCOUNT_WASM_HASH, E as EnrolledPasskey, F as FACTORY_CONTRACT_ID, r as InMemoryWalletRegistry, s as InstructionAccount, t as InstructionData, N as NATIVE_SAC_ID, u as NetworkEnv, v as PasskeyApprovable, w as PasskeyEnrollParams, x as PasskeySigner, y as PasskeySignerOptions, z as RecoverSolanaOptions, B as RecoverStellarOptions, G as RecoveryOptions, H as SECP256R1_PROGRAM_ID, J as SOLANA_NETWORKS, K as STELLAR_NETWORKS, L as SolanaAdapter, M as SolanaAdapterOptions, O as SolanaNetwork, Q as SolanaRelayer, T as SolanaRelayerOptions, U as StaticIdentity, V as StellarRelayer, X as StellarRelayerOptions, Y as anchorDiscriminator, Z as approveDeviceEverywhere, _ as base64urlEncode, $ as batchChallenge, a0 as buildSecp256r1Instruction, a1 as compressedPubkey, a2 as encodeLowSSignature, a3 as lowS, a4 as recoverCandidatePublicKeys, a5 as serializeInstructions, a6 as webauthnDigest } from './Cavos-x9qFpOvJ.mjs';
3
3
  import { Signer, ArraySignatureType } from 'starknet';
4
+ import { rpc, xdr } from '@stellar/stellar-sdk';
4
5
  import '@solana/web3.js';
5
6
 
6
7
  interface CavosAuthOptions {
@@ -91,6 +92,13 @@ declare function deriveAddressSeed({ userId, appSalt }: IdentityInput): bigint;
91
92
  * address on each chain (different address spaces, one identity).
92
93
  */
93
94
  declare function deriveAddressSeedSolana({ userId, appSalt }: IdentityInput): Uint8Array;
95
+ /**
96
+ * Stellar variant: a 32-byte `address_seed` used as the Soroban account's seed
97
+ * and folded (with the initial device signer) into the factory deploy salt.
98
+ * Same identity input as the other chains, SHA-256 hashed, with a Stellar-scoped
99
+ * domain so the same user maps to a distinct address per chain.
100
+ */
101
+ declare function deriveAddressSeedStellar({ userId, appSalt }: IdentityInput): Uint8Array;
94
102
 
95
103
  interface HttpWalletRegistryOptions {
96
104
  /** Cavos backend base URL (e.g. https://cavos.xyz). */
@@ -249,6 +257,21 @@ declare class StarknetAdapter implements ChainAdapter {
249
257
  buildRemoveSigner(accountAddress: string, signer: DevicePublicKey): ChainCall;
250
258
  isAuthorizedSigner(accountAddress: string, signer: DevicePublicKey): Promise<boolean>;
251
259
  buildSignature(txHash: bigint): Promise<string[]>;
260
+ buildAddApprover(accountAddress: string, passkey: DevicePublicKey): ChainCall;
261
+ buildRemoveApprover(accountAddress: string, passkey: DevicePublicKey): ChainCall;
262
+ isApprover(accountAddress: string, passkey: DevicePublicKey): Promise<boolean>;
263
+ /** True if the account has at least one passkey registered as an approver.
264
+ * Lets the UI decide whether to offer passkey approval before prompting. */
265
+ hasPasskeyApprover(accountAddress: string): Promise<boolean>;
266
+ getPasskeyNonce(accountAddress: string): Promise<bigint>;
267
+ /** This chain's leaf for approving `add_signer(newSigner)` at `nonce`:
268
+ * `sha256(new_x || new_y || nonce)` (coords 32B BE, nonce 16B BE). The batch
269
+ * challenge the passkey signs is `sha256(concat(leaves))` across chains. */
270
+ passkeyLeaf(newSigner: DevicePublicKey, nonce: bigint): Uint8Array;
271
+ /** Passkey-authorized `add_signer` call. `leaves`/`leafIndex` place this chain's
272
+ * leaf in the multi-chain batch (single chain → `[leaf]`, index 0). `yParity`
273
+ * matches the raw `(r, s)` — the contract normalizes high-S internally. */
274
+ buildAddSignerViaPasskey(accountAddress: string, newSigner: DevicePublicKey, nonce: bigint, leaves: Uint8Array[], leafIndex: number, assertion: PasskeyAssertion, yParity: boolean): ChainCall;
252
275
  }
253
276
 
254
277
  /**
@@ -290,11 +313,114 @@ declare const UDC_ADDRESS = "0x041a78e741e5af2fec34b695679bc6891742439f7afb8484e
290
313
  * DeviceAccount class hash, per network. Populated from
291
314
  * `account-contracts/starknet/deployments/<network>.json` after declaring.
292
315
  *
293
- * Both networks were re-declared 2026-06-26 (code changed) to the same class
294
- * hash, so mainnet and sepolia run identical contract source.
316
+ * Sepolia re-declared 2026-07-01 with the passkey-approval surface + BATCHED
317
+ * multi-chain challenge (one passkey prompt approves a device on all chains).
318
+ * Mainnet still runs the prior class (no passkey) until it is re-declared.
295
319
  */
296
320
  declare const DEVICE_ACCOUNT_CLASS_HASH: Record<StarknetNetwork, string>;
297
321
 
322
+ interface StellarAdapterOptions {
323
+ network: StellarNetwork;
324
+ /** RPC override (else the network default). */
325
+ rpcUrl?: string;
326
+ /** Factory contract id override (else the per-network default). */
327
+ factoryId?: string;
328
+ /** The device signer that authorizes account operations. */
329
+ signer: DeviceSigner;
330
+ }
331
+ /**
332
+ * Stellar / Soroban implementation of the Cavos device-account surface. Unlike
333
+ * Starknet (`buildSignature(txHash: bigint)`) the Soroban signing unit is a
334
+ * 32-byte Soroban *auth-entry* preimage, so — as the Solana adapter did for its
335
+ * own model — this adapter exposes chain-native methods rather than the generic
336
+ * `ChainAdapter` shape. Its job:
337
+ * - derive the deterministic account address off-chain (matches the factory),
338
+ * - build the factory/account/token invocations as host functions, and
339
+ * - sign a Soroban authorization entry with the silent P-256 device key,
340
+ * producing the `Vec<DeviceSignature>` ScVal that the contract's
341
+ * `__check_auth` verifies.
342
+ */
343
+ declare class StellarAdapter {
344
+ readonly chain: "stellar";
345
+ readonly network: StellarNetwork;
346
+ readonly passphrase: string;
347
+ private readonly rpcUrl;
348
+ private readonly factoryId;
349
+ private readonly signer;
350
+ private _server?;
351
+ constructor(opts: StellarAdapterOptions);
352
+ server(): rpc.Server;
353
+ private networkId;
354
+ /**
355
+ * Deterministic account address for `(addressSeed, initialSigner)` — computed
356
+ * off-chain, byte-identical to the factory's on-chain `account_address`.
357
+ * `contractId = sha256(HashIdPreimage(networkId, factory, salt))` with
358
+ * `salt = sha256(addressSeed || sec1(initialSigner))`.
359
+ */
360
+ computeAddress(addressSeed: Uint8Array, initialSigner: DevicePublicKey): string;
361
+ /** `salt = sha256(addressSeed(32) || sec1(initialSigner)(65))` — matches the factory. */
362
+ accountSalt(addressSeed: Uint8Array, initialSigner: DevicePublicKey): Buffer;
363
+ /** Host function: `factory.deploy(address_seed, initial_signer)`. */
364
+ buildDeploy(addressSeed: Uint8Array, initialSigner: DevicePublicKey): xdr.HostFunction;
365
+ /** Host function: `account.add_signer(new_signer)` (requires device auth). */
366
+ buildAddSigner(accountAddress: string, signer: DevicePublicKey): xdr.HostFunction;
367
+ /** Host function: `account.remove_signer(signer)` (requires device auth). */
368
+ buildRemoveSigner(accountAddress: string, signer: DevicePublicKey): xdr.HostFunction;
369
+ /** Host function: `account.add_approver(passkey)` (requires device auth). */
370
+ buildAddApprover(accountAddress: string, passkey: DevicePublicKey): xdr.HostFunction;
371
+ /** Host function: `account.remove_approver(passkey)` (requires device auth). */
372
+ buildRemoveApprover(accountAddress: string, passkey: DevicePublicKey): xdr.HostFunction;
373
+ /** This chain's leaf for approving `add_signer(newSigner)` at `nonce`:
374
+ * `sha256(sec1(new_signer) || nonce_be8)`. The batch challenge the passkey signs
375
+ * is `sha256(concat(leaves))` across chains. */
376
+ passkeyLeaf(newSigner: DevicePublicKey, nonce: bigint): Uint8Array;
377
+ /** Host function: passkey-authorized `add_signer_via_passkey` (no device auth —
378
+ * authorized by the embedded WebAuthn assertion, so any relayer can submit).
379
+ * `leaves`/`leafIndex` place this chain's leaf in the multi-chain batch. */
380
+ buildAddSignerViaPasskey(accountAddress: string, newSigner: DevicePublicKey, passkey: DevicePublicKey, nonce: bigint, leaves: Uint8Array[], leafIndex: number, assertion: PasskeyAssertion): xdr.HostFunction;
381
+ /** Read whether `passkey` is a registered approver (read-only simulation). */
382
+ /** True if the account has at least one passkey registered as an approver.
383
+ * Reads the contract's `approvers` view and checks the list is non-empty. */
384
+ hasPasskeyApprover(accountAddress: string, readSource: string): Promise<boolean>;
385
+ isApprover(accountAddress: string, passkey: DevicePublicKey, readSource: string): Promise<boolean>;
386
+ /** Read the current passkey-approval nonce (read-only simulation). */
387
+ passkeyNonce(accountAddress: string, readSource: string): Promise<bigint>;
388
+ /** Host function: SEP-41 `token.transfer(from=account, to, amount)` (device auth). */
389
+ buildTransfer(tokenId: string, accountAddress: string, destination: string, amount: bigint): xdr.HostFunction;
390
+ /**
391
+ * Sign a Soroban authorization entry with the silent device key, producing the
392
+ * `Vec<DeviceSignature>` the account's `__check_auth` verifies. The device
393
+ * signs `sha256(preimage)` (WebCrypto hashes once more internally), which is
394
+ * exactly what the contract recomputes. Mutates + returns the entry.
395
+ */
396
+ signAuthEntry(entry: xdr.SorobanAuthorizationEntry, validUntilLedger: number): Promise<xdr.SorobanAuthorizationEntry>;
397
+ /**
398
+ * Read a SEP-41 token balance of `account` via a read-only simulation of
399
+ * `token.balance(account)`. Returns 0 when the account isn't deployed or holds
400
+ * none. `readSource` is any funded G-account (used only for the simulation).
401
+ */
402
+ readBalance(tokenId: string, account: string, readSource: string): Promise<bigint>;
403
+ /** Whether the account contract instance exists on-chain (is deployed). */
404
+ isDeployed(accountAddress: string): Promise<boolean>;
405
+ /**
406
+ * Read whether `signer` is a currently-authorized signer of the account, via a
407
+ * read-only simulation of `account.is_authorized(signer)`. `readSource` is any
408
+ * funded G-account (used only for the simulation's source/sequence).
409
+ */
410
+ isAuthorizedSigner(accountAddress: string, signer: DevicePublicKey, readSource: string): Promise<boolean>;
411
+ }
412
+ /** SEC-1 uncompressed P-256 public key (65 bytes: 0x04 || X || Y). */
413
+ declare function sec1Pubkey(pk: DevicePublicKey): Uint8Array;
414
+ /** Raw 64-byte `r || s`, normalized to low-S (secp256r1_verify requires it). */
415
+ declare function encodeLowSSignature(sig: DeviceSignature): Uint8Array;
416
+ /**
417
+ * The `Vec<DeviceSignature>` ScVal the contract's `__check_auth` decodes. Each
418
+ * element is a struct `{ public_key: BytesN<65>, signature: BytesN<64> }`.
419
+ * Soroban serializes a struct as a symbol-keyed map sorted by key; `public_key`
420
+ * precedes `signature`, so `nativeToScVal` (which sorts) yields the exact layout.
421
+ */
422
+ declare function deviceSignatureScVal(pubkey: DevicePublicKey, sig: DeviceSignature): xdr.ScVal;
423
+
298
424
  /**
299
425
  * Serialize a device signature to the felt array for `tx_info.signature`:
300
426
  * [ r_low, r_high, s_low, s_high, y_parity ]
@@ -320,4 +446,4 @@ declare function hexToBytes(hex: string): Uint8Array;
320
446
  /** A felt/bigint -> 32-byte big-endian Uint8Array (the tx-hash width). */
321
447
  declare function bigIntTo32Bytes(value: bigint): Uint8Array;
322
448
 
323
- export { AuthProvider, BackupSigner, CavosAuth, type CavosAuthOptions, ChainAdapter, ChainCall, ComputeAddressParams, DEVICE_ACCOUNT_CLASS_HASH, DevicePublicKey, DeviceSignature, DeviceSigner, HttpRecoveryClient, type HttpRecoveryClientOptions, HttpWalletRegistry, type HttpWalletRegistryOptions, Identity, type IdentityInput, PendingDeviceRequest, RecoveryClient, RegisteredWallet, STARKNET_NETWORKS, StarknetAdapter, type StarknetAdapterOptions, StarknetDeviceSigner, type StarknetNetwork, UDC_ADDRESS, WalletRegistry, WebCryptoSigner, type WebCryptoSignerOptions, bigIntTo32Bytes, bytesToBigInt, bytesToHex, deriveAddressSeed, deriveAddressSeedSolana, deriveBackupKey, generateRecoveryCode, hexToBytes, recoverYParity, signatureToFelts, u256ToFelts };
449
+ export { AuthProvider, BackupSigner, CavosAuth, type CavosAuthOptions, ChainAdapter, ChainCall, ComputeAddressParams, DEVICE_ACCOUNT_CLASS_HASH, DevicePublicKey, DeviceSignature, DeviceSigner, HttpRecoveryClient, type HttpRecoveryClientOptions, HttpWalletRegistry, type HttpWalletRegistryOptions, Identity, type IdentityInput, PasskeyAssertion, PendingDeviceRequest, RecoveryClient, RegisteredWallet, STARKNET_NETWORKS, StarknetAdapter, type StarknetAdapterOptions, StarknetDeviceSigner, type StarknetNetwork, StellarAdapter, type StellarAdapterOptions, StellarNetwork, UDC_ADDRESS, WalletRegistry, WebCryptoSigner, type WebCryptoSignerOptions, bigIntTo32Bytes, bytesToBigInt, bytesToHex, deriveAddressSeed, deriveAddressSeedSolana, deriveAddressSeedStellar, deriveBackupKey, deviceSignatureScVal, encodeLowSSignature as encodeStellarLowSSignature, generateRecoveryCode, hexToBytes, recoverYParity, sec1Pubkey, signatureToFelts, u256ToFelts };
package/dist/index.d.ts CHANGED
@@ -1,6 +1,7 @@
1
- import { A as AuthProvider, I as Identity, W as WalletRegistry, R as RegisteredWallet, D as DevicePublicKey, a as RecoveryClient, P as PendingDeviceRequest, b as DeviceSigner, c as DeviceSignature, C as ChainAdapter, d as ComputeAddressParams, e as ChainCall } from './Cavos-C2KHZxxu.js';
2
- export { f as Cavos, g as CavosSolana, h as CavosWallet, i as Chain, j as ConnectOptions, k as ConnectSolanaOptions, l as ConnectStatus, m as DEVICE_ACCOUNT_PROGRAM_ID, n as InMemoryWalletRegistry, o as InstructionAccount, p as InstructionData, N as NetworkEnv, q as RecoverSolanaOptions, r as RecoveryOptions, S as SECP256R1_PROGRAM_ID, s as SOLANA_NETWORKS, t as SolanaAdapter, u as SolanaAdapterOptions, v as SolanaNetwork, w as SolanaRelayer, x as SolanaRelayerOptions, y as StaticIdentity, z as anchorDiscriminator, B as buildSecp256r1Instruction, E as compressedPubkey, F as encodeLowSSignature, G as serializeInstructions } from './Cavos-C2KHZxxu.js';
1
+ import { A as AuthProvider, I as Identity, W as WalletRegistry, R as RegisteredWallet, D as DevicePublicKey, a as RecoveryClient, P as PendingDeviceRequest, b as DeviceSigner, c as DeviceSignature, C as ChainAdapter, d as ComputeAddressParams, e as ChainCall, f as PasskeyAssertion, S as StellarNetwork } from './Cavos-x9qFpOvJ.js';
2
+ export { g as Cavos, h as CavosSolana, i as CavosStellar, j as CavosWallet, k as Chain, l as ConnectOptions, m as ConnectSolanaOptions, n as ConnectStatus, o as ConnectStellarOptions, p as DEVICE_ACCOUNT_PROGRAM_ID, q as DEVICE_ACCOUNT_WASM_HASH, E as EnrolledPasskey, F as FACTORY_CONTRACT_ID, r as InMemoryWalletRegistry, s as InstructionAccount, t as InstructionData, N as NATIVE_SAC_ID, u as NetworkEnv, v as PasskeyApprovable, w as PasskeyEnrollParams, x as PasskeySigner, y as PasskeySignerOptions, z as RecoverSolanaOptions, B as RecoverStellarOptions, G as RecoveryOptions, H as SECP256R1_PROGRAM_ID, J as SOLANA_NETWORKS, K as STELLAR_NETWORKS, L as SolanaAdapter, M as SolanaAdapterOptions, O as SolanaNetwork, Q as SolanaRelayer, T as SolanaRelayerOptions, U as StaticIdentity, V as StellarRelayer, X as StellarRelayerOptions, Y as anchorDiscriminator, Z as approveDeviceEverywhere, _ as base64urlEncode, $ as batchChallenge, a0 as buildSecp256r1Instruction, a1 as compressedPubkey, a2 as encodeLowSSignature, a3 as lowS, a4 as recoverCandidatePublicKeys, a5 as serializeInstructions, a6 as webauthnDigest } from './Cavos-x9qFpOvJ.js';
3
3
  import { Signer, ArraySignatureType } from 'starknet';
4
+ import { rpc, xdr } from '@stellar/stellar-sdk';
4
5
  import '@solana/web3.js';
5
6
 
6
7
  interface CavosAuthOptions {
@@ -91,6 +92,13 @@ declare function deriveAddressSeed({ userId, appSalt }: IdentityInput): bigint;
91
92
  * address on each chain (different address spaces, one identity).
92
93
  */
93
94
  declare function deriveAddressSeedSolana({ userId, appSalt }: IdentityInput): Uint8Array;
95
+ /**
96
+ * Stellar variant: a 32-byte `address_seed` used as the Soroban account's seed
97
+ * and folded (with the initial device signer) into the factory deploy salt.
98
+ * Same identity input as the other chains, SHA-256 hashed, with a Stellar-scoped
99
+ * domain so the same user maps to a distinct address per chain.
100
+ */
101
+ declare function deriveAddressSeedStellar({ userId, appSalt }: IdentityInput): Uint8Array;
94
102
 
95
103
  interface HttpWalletRegistryOptions {
96
104
  /** Cavos backend base URL (e.g. https://cavos.xyz). */
@@ -249,6 +257,21 @@ declare class StarknetAdapter implements ChainAdapter {
249
257
  buildRemoveSigner(accountAddress: string, signer: DevicePublicKey): ChainCall;
250
258
  isAuthorizedSigner(accountAddress: string, signer: DevicePublicKey): Promise<boolean>;
251
259
  buildSignature(txHash: bigint): Promise<string[]>;
260
+ buildAddApprover(accountAddress: string, passkey: DevicePublicKey): ChainCall;
261
+ buildRemoveApprover(accountAddress: string, passkey: DevicePublicKey): ChainCall;
262
+ isApprover(accountAddress: string, passkey: DevicePublicKey): Promise<boolean>;
263
+ /** True if the account has at least one passkey registered as an approver.
264
+ * Lets the UI decide whether to offer passkey approval before prompting. */
265
+ hasPasskeyApprover(accountAddress: string): Promise<boolean>;
266
+ getPasskeyNonce(accountAddress: string): Promise<bigint>;
267
+ /** This chain's leaf for approving `add_signer(newSigner)` at `nonce`:
268
+ * `sha256(new_x || new_y || nonce)` (coords 32B BE, nonce 16B BE). The batch
269
+ * challenge the passkey signs is `sha256(concat(leaves))` across chains. */
270
+ passkeyLeaf(newSigner: DevicePublicKey, nonce: bigint): Uint8Array;
271
+ /** Passkey-authorized `add_signer` call. `leaves`/`leafIndex` place this chain's
272
+ * leaf in the multi-chain batch (single chain → `[leaf]`, index 0). `yParity`
273
+ * matches the raw `(r, s)` — the contract normalizes high-S internally. */
274
+ buildAddSignerViaPasskey(accountAddress: string, newSigner: DevicePublicKey, nonce: bigint, leaves: Uint8Array[], leafIndex: number, assertion: PasskeyAssertion, yParity: boolean): ChainCall;
252
275
  }
253
276
 
254
277
  /**
@@ -290,11 +313,114 @@ declare const UDC_ADDRESS = "0x041a78e741e5af2fec34b695679bc6891742439f7afb8484e
290
313
  * DeviceAccount class hash, per network. Populated from
291
314
  * `account-contracts/starknet/deployments/<network>.json` after declaring.
292
315
  *
293
- * Both networks were re-declared 2026-06-26 (code changed) to the same class
294
- * hash, so mainnet and sepolia run identical contract source.
316
+ * Sepolia re-declared 2026-07-01 with the passkey-approval surface + BATCHED
317
+ * multi-chain challenge (one passkey prompt approves a device on all chains).
318
+ * Mainnet still runs the prior class (no passkey) until it is re-declared.
295
319
  */
296
320
  declare const DEVICE_ACCOUNT_CLASS_HASH: Record<StarknetNetwork, string>;
297
321
 
322
+ interface StellarAdapterOptions {
323
+ network: StellarNetwork;
324
+ /** RPC override (else the network default). */
325
+ rpcUrl?: string;
326
+ /** Factory contract id override (else the per-network default). */
327
+ factoryId?: string;
328
+ /** The device signer that authorizes account operations. */
329
+ signer: DeviceSigner;
330
+ }
331
+ /**
332
+ * Stellar / Soroban implementation of the Cavos device-account surface. Unlike
333
+ * Starknet (`buildSignature(txHash: bigint)`) the Soroban signing unit is a
334
+ * 32-byte Soroban *auth-entry* preimage, so — as the Solana adapter did for its
335
+ * own model — this adapter exposes chain-native methods rather than the generic
336
+ * `ChainAdapter` shape. Its job:
337
+ * - derive the deterministic account address off-chain (matches the factory),
338
+ * - build the factory/account/token invocations as host functions, and
339
+ * - sign a Soroban authorization entry with the silent P-256 device key,
340
+ * producing the `Vec<DeviceSignature>` ScVal that the contract's
341
+ * `__check_auth` verifies.
342
+ */
343
+ declare class StellarAdapter {
344
+ readonly chain: "stellar";
345
+ readonly network: StellarNetwork;
346
+ readonly passphrase: string;
347
+ private readonly rpcUrl;
348
+ private readonly factoryId;
349
+ private readonly signer;
350
+ private _server?;
351
+ constructor(opts: StellarAdapterOptions);
352
+ server(): rpc.Server;
353
+ private networkId;
354
+ /**
355
+ * Deterministic account address for `(addressSeed, initialSigner)` — computed
356
+ * off-chain, byte-identical to the factory's on-chain `account_address`.
357
+ * `contractId = sha256(HashIdPreimage(networkId, factory, salt))` with
358
+ * `salt = sha256(addressSeed || sec1(initialSigner))`.
359
+ */
360
+ computeAddress(addressSeed: Uint8Array, initialSigner: DevicePublicKey): string;
361
+ /** `salt = sha256(addressSeed(32) || sec1(initialSigner)(65))` — matches the factory. */
362
+ accountSalt(addressSeed: Uint8Array, initialSigner: DevicePublicKey): Buffer;
363
+ /** Host function: `factory.deploy(address_seed, initial_signer)`. */
364
+ buildDeploy(addressSeed: Uint8Array, initialSigner: DevicePublicKey): xdr.HostFunction;
365
+ /** Host function: `account.add_signer(new_signer)` (requires device auth). */
366
+ buildAddSigner(accountAddress: string, signer: DevicePublicKey): xdr.HostFunction;
367
+ /** Host function: `account.remove_signer(signer)` (requires device auth). */
368
+ buildRemoveSigner(accountAddress: string, signer: DevicePublicKey): xdr.HostFunction;
369
+ /** Host function: `account.add_approver(passkey)` (requires device auth). */
370
+ buildAddApprover(accountAddress: string, passkey: DevicePublicKey): xdr.HostFunction;
371
+ /** Host function: `account.remove_approver(passkey)` (requires device auth). */
372
+ buildRemoveApprover(accountAddress: string, passkey: DevicePublicKey): xdr.HostFunction;
373
+ /** This chain's leaf for approving `add_signer(newSigner)` at `nonce`:
374
+ * `sha256(sec1(new_signer) || nonce_be8)`. The batch challenge the passkey signs
375
+ * is `sha256(concat(leaves))` across chains. */
376
+ passkeyLeaf(newSigner: DevicePublicKey, nonce: bigint): Uint8Array;
377
+ /** Host function: passkey-authorized `add_signer_via_passkey` (no device auth —
378
+ * authorized by the embedded WebAuthn assertion, so any relayer can submit).
379
+ * `leaves`/`leafIndex` place this chain's leaf in the multi-chain batch. */
380
+ buildAddSignerViaPasskey(accountAddress: string, newSigner: DevicePublicKey, passkey: DevicePublicKey, nonce: bigint, leaves: Uint8Array[], leafIndex: number, assertion: PasskeyAssertion): xdr.HostFunction;
381
+ /** Read whether `passkey` is a registered approver (read-only simulation). */
382
+ /** True if the account has at least one passkey registered as an approver.
383
+ * Reads the contract's `approvers` view and checks the list is non-empty. */
384
+ hasPasskeyApprover(accountAddress: string, readSource: string): Promise<boolean>;
385
+ isApprover(accountAddress: string, passkey: DevicePublicKey, readSource: string): Promise<boolean>;
386
+ /** Read the current passkey-approval nonce (read-only simulation). */
387
+ passkeyNonce(accountAddress: string, readSource: string): Promise<bigint>;
388
+ /** Host function: SEP-41 `token.transfer(from=account, to, amount)` (device auth). */
389
+ buildTransfer(tokenId: string, accountAddress: string, destination: string, amount: bigint): xdr.HostFunction;
390
+ /**
391
+ * Sign a Soroban authorization entry with the silent device key, producing the
392
+ * `Vec<DeviceSignature>` the account's `__check_auth` verifies. The device
393
+ * signs `sha256(preimage)` (WebCrypto hashes once more internally), which is
394
+ * exactly what the contract recomputes. Mutates + returns the entry.
395
+ */
396
+ signAuthEntry(entry: xdr.SorobanAuthorizationEntry, validUntilLedger: number): Promise<xdr.SorobanAuthorizationEntry>;
397
+ /**
398
+ * Read a SEP-41 token balance of `account` via a read-only simulation of
399
+ * `token.balance(account)`. Returns 0 when the account isn't deployed or holds
400
+ * none. `readSource` is any funded G-account (used only for the simulation).
401
+ */
402
+ readBalance(tokenId: string, account: string, readSource: string): Promise<bigint>;
403
+ /** Whether the account contract instance exists on-chain (is deployed). */
404
+ isDeployed(accountAddress: string): Promise<boolean>;
405
+ /**
406
+ * Read whether `signer` is a currently-authorized signer of the account, via a
407
+ * read-only simulation of `account.is_authorized(signer)`. `readSource` is any
408
+ * funded G-account (used only for the simulation's source/sequence).
409
+ */
410
+ isAuthorizedSigner(accountAddress: string, signer: DevicePublicKey, readSource: string): Promise<boolean>;
411
+ }
412
+ /** SEC-1 uncompressed P-256 public key (65 bytes: 0x04 || X || Y). */
413
+ declare function sec1Pubkey(pk: DevicePublicKey): Uint8Array;
414
+ /** Raw 64-byte `r || s`, normalized to low-S (secp256r1_verify requires it). */
415
+ declare function encodeLowSSignature(sig: DeviceSignature): Uint8Array;
416
+ /**
417
+ * The `Vec<DeviceSignature>` ScVal the contract's `__check_auth` decodes. Each
418
+ * element is a struct `{ public_key: BytesN<65>, signature: BytesN<64> }`.
419
+ * Soroban serializes a struct as a symbol-keyed map sorted by key; `public_key`
420
+ * precedes `signature`, so `nativeToScVal` (which sorts) yields the exact layout.
421
+ */
422
+ declare function deviceSignatureScVal(pubkey: DevicePublicKey, sig: DeviceSignature): xdr.ScVal;
423
+
298
424
  /**
299
425
  * Serialize a device signature to the felt array for `tx_info.signature`:
300
426
  * [ r_low, r_high, s_low, s_high, y_parity ]
@@ -320,4 +446,4 @@ declare function hexToBytes(hex: string): Uint8Array;
320
446
  /** A felt/bigint -> 32-byte big-endian Uint8Array (the tx-hash width). */
321
447
  declare function bigIntTo32Bytes(value: bigint): Uint8Array;
322
448
 
323
- export { AuthProvider, BackupSigner, CavosAuth, type CavosAuthOptions, ChainAdapter, ChainCall, ComputeAddressParams, DEVICE_ACCOUNT_CLASS_HASH, DevicePublicKey, DeviceSignature, DeviceSigner, HttpRecoveryClient, type HttpRecoveryClientOptions, HttpWalletRegistry, type HttpWalletRegistryOptions, Identity, type IdentityInput, PendingDeviceRequest, RecoveryClient, RegisteredWallet, STARKNET_NETWORKS, StarknetAdapter, type StarknetAdapterOptions, StarknetDeviceSigner, type StarknetNetwork, UDC_ADDRESS, WalletRegistry, WebCryptoSigner, type WebCryptoSignerOptions, bigIntTo32Bytes, bytesToBigInt, bytesToHex, deriveAddressSeed, deriveAddressSeedSolana, deriveBackupKey, generateRecoveryCode, hexToBytes, recoverYParity, signatureToFelts, u256ToFelts };
449
+ export { AuthProvider, BackupSigner, CavosAuth, type CavosAuthOptions, ChainAdapter, ChainCall, ComputeAddressParams, DEVICE_ACCOUNT_CLASS_HASH, DevicePublicKey, DeviceSignature, DeviceSigner, HttpRecoveryClient, type HttpRecoveryClientOptions, HttpWalletRegistry, type HttpWalletRegistryOptions, Identity, type IdentityInput, PasskeyAssertion, PendingDeviceRequest, RecoveryClient, RegisteredWallet, STARKNET_NETWORKS, StarknetAdapter, type StarknetAdapterOptions, StarknetDeviceSigner, type StarknetNetwork, StellarAdapter, type StellarAdapterOptions, StellarNetwork, UDC_ADDRESS, WalletRegistry, WebCryptoSigner, type WebCryptoSignerOptions, bigIntTo32Bytes, bytesToBigInt, bytesToHex, deriveAddressSeed, deriveAddressSeedSolana, deriveAddressSeedStellar, deriveBackupKey, deviceSignatureScVal, encodeLowSSignature as encodeStellarLowSSignature, generateRecoveryCode, hexToBytes, recoverYParity, sec1Pubkey, signatureToFelts, u256ToFelts };