@cedros/login-react 0.0.1

package/dist/components/totp/TotpSetup.d.ts

@@ -0,0 +1,23 @@
+/**
+ * TOTP Setup component for enabling two-factor authentication
+ *
+ * Guides users through:
+ * 1. Scanning QR code with authenticator app
+ * 2. Saving backup codes
+ * 3. Verifying setup with a code
+ */
+export interface TotpSetupProps {
+    /** Called when setup is completed successfully */
+    onSuccess?: () => void;
+    /** Called when user cancels setup */
+    onCancel?: () => void;
+    /** Additional CSS class */
+    className?: string;
+}
+/**
+ * Two-factor authentication setup wizard.
+ *
+ * Displays QR code for authenticator app scanning,
+ * recovery codes for account recovery, and verification step.
+ */
+export declare function TotpSetup({ onSuccess, onCancel, className }: TotpSetupProps): import("react/jsx-runtime").JSX.Element | null;

package/dist/components/totp/TotpVerify.d.ts

@@ -0,0 +1,25 @@
+/**
+ * TOTP Verification component for login flow
+ *
+ * Displayed when a user with 2FA enabled needs to
+ * enter their verification code to complete login.
+ */
+export interface TotpVerifyProps {
+    /** Temporary token from password authentication */
+    mfaToken: string;
+    /** Email address (for display) */
+    email?: string;
+    /** Called when verification succeeds */
+    onSuccess?: () => void;
+    /** Called when user wants to go back */
+    onBack?: () => void;
+    /** Additional CSS class */
+    className?: string;
+}
+/**
+ * Two-factor authentication verification for login.
+ *
+ * Accepts 6-digit codes from authenticator apps
+ * or recovery codes for account recovery.
+ */
+export declare function TotpVerify({ mfaToken, email, onSuccess, onBack, className, }: TotpVerifyProps): import("react/jsx-runtime").JSX.Element;

package/dist/components/totp/index.d.ts

@@ -0,0 +1,10 @@
+export { OtpInput } from './OtpInput';
+export type { OtpInputProps } from './OtpInput';
+export { QrCode } from './QrCode';
+export type { QrCodeProps } from './QrCode';
+export { TotpSetup } from './TotpSetup';
+export type { TotpSetupProps } from './TotpSetup';
+export { TotpVerify } from './TotpVerify';
+export type { TotpVerifyProps } from './TotpVerify';
+export { TotpSettings } from './TotpSettings';
+export type { TotpSettingsProps } from './TotpSettings';

package/dist/components/wallet/CapabilityWarning.d.ts

@@ -0,0 +1,11 @@
+import { CryptoCapabilities } from '../../crypto';
+export interface CapabilityWarningProps {
+    /** Capability check results */
+    capabilities: CryptoCapabilities;
+    /** Optional class name */
+    className?: string;
+}
+/**
+ * Warning display for missing capabilities
+ */
+export declare function CapabilityWarning({ capabilities, className }: CapabilityWarningProps): import("react/jsx-runtime").JSX.Element | null;

package/dist/components/wallet/PasskeyPrompt.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Passkey prompt component for WebAuthn interactions
+ *
+ * Provides visual feedback during WebAuthn ceremonies:
+ * - Registration of new passkeys
+ * - Authentication with existing passkeys
+ * - PRF extension operations
+ */
+export interface PasskeyPromptProps {
+    /** Type of WebAuthn operation */
+    mode: 'register' | 'authenticate';
+    /** Whether the operation is in progress */
+    isLoading?: boolean;
+    /** Error message if operation failed */
+    error?: string;
+    /** Callback to trigger the operation */
+    onPrompt?: () => void;
+    /** Callback to retry after error */
+    onRetry?: () => void;
+    /** Callback to cancel the operation */
+    onCancel?: () => void;
+    /** Optional custom title */
+    title?: string;
+    /** Optional custom description */
+    description?: string;
+    /** Additional CSS classes */
+    className?: string;
+}
+/**
+ * WebAuthn passkey interaction prompt
+ *
+ * Displays appropriate UI and messaging for passkey operations.
+ */
+export declare function PasskeyPrompt({ mode, isLoading, error, onPrompt, onRetry, onCancel, title, description, className, }: PasskeyPromptProps): import("react/jsx-runtime").JSX.Element;

package/dist/components/wallet/RecoveryPhraseDisplay.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Component to display BIP-39 recovery phrase
+ *
+ * Shows 12 words in a grid format with copy functionality.
+ * Includes security warnings about storing the phrase safely.
+ */
+export interface RecoveryPhraseDisplayProps {
+    /** Array of 12 mnemonic words */
+    words: string[];
+    /** Callback when user confirms they've saved the phrase */
+    onConfirm: () => void;
+    /** Optional class name */
+    className?: string;
+}
+/**
+ * Display recovery phrase with security warnings
+ */
+export declare function RecoveryPhraseDisplay({ words, onConfirm, className, }: RecoveryPhraseDisplayProps): import("react/jsx-runtime").JSX.Element;

package/dist/components/wallet/RecoveryPhraseInput.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Component for entering BIP-39 recovery phrase
+ *
+ * Provides input fields for 12 words with validation and autocomplete.
+ */
+export interface RecoveryPhraseInputProps {
+    /** Callback when valid phrase is entered */
+    onSubmit: (words: string[]) => void;
+    /** Callback to cancel */
+    onCancel?: () => void;
+    /** Whether submission is in progress */
+    isSubmitting?: boolean;
+    /** Error message to display */
+    error?: string;
+    /** Optional class name */
+    className?: string;
+}
+/**
+ * Input form for recovery phrase
+ */
+export declare function RecoveryPhraseInput({ onSubmit, onCancel, isSubmitting, error, className, }: RecoveryPhraseInputProps): import("react/jsx-runtime").JSX.Element;

package/dist/components/wallet/WalletAddressRow.d.ts

@@ -0,0 +1,10 @@
+export interface WalletAddressRowProps {
+    address: string;
+    label?: string;
+    showCopy?: boolean;
+    showExplorerLink?: boolean;
+    /** If address is long, show a truncated preview with a reveal toggle. */
+    allowReveal?: boolean;
+    className?: string;
+}
+export declare function WalletAddressRow({ address, label, showCopy, showExplorerLink, allowReveal, className, }: WalletAddressRowProps): import("react/jsx-runtime").JSX.Element;

package/dist/components/wallet/WalletEnrollment.d.ts

@@ -0,0 +1,15 @@
+import { ShareAAuthMethod } from '../../types/wallet';
+export interface WalletEnrollmentProps {
+    /** Callback when enrollment completes */
+    onComplete?: (solanaPubkey: string) => void;
+    /** Callback to cancel enrollment */
+    onCancel?: () => void;
+    /** Optional class name */
+    className?: string;
+    /** Force a specific auth method (otherwise auto-detected) */
+    forceAuthMethod?: ShareAAuthMethod;
+}
+/**
+ * Wallet enrollment wizard
+ */
+export declare function WalletEnrollment({ onComplete, onCancel, className, forceAuthMethod, }: WalletEnrollmentProps): import("react/jsx-runtime").JSX.Element;

package/dist/components/wallet/WalletManager.d.ts

@@ -0,0 +1,9 @@
+export interface WalletManagerProps {
+    className?: string;
+    showActions?: boolean;
+}
+/**
+ * Orchestrates embedded wallet flows in one cohesive surface:
+ * status -> enroll/unlock/recover.
+ */
+export declare function WalletManager({ className, showActions }: WalletManagerProps): import("react/jsx-runtime").JSX.Element;

package/dist/components/wallet/WalletRecovery.d.ts

@@ -0,0 +1,19 @@
+import { ShareAAuthMethod } from '../../types/wallet';
+export interface WalletRecoveryProps {
+    /** Callback when recovery completes successfully */
+    onComplete?: () => void;
+    /** Callback when user cancels recovery */
+    onCancel?: () => void;
+    /** Additional CSS classes */
+    className?: string;
+    /** Default auth method (optional) */
+    defaultAuthMethod?: ShareAAuthMethod;
+}
+/**
+ * Wallet recovery wizard
+ *
+ * Two-phase flow:
+ * 1. Enter recovery phrase
+ * 2. Enter new credential (password/passkey)
+ */
+export declare function WalletRecovery({ onComplete, onCancel, className, defaultAuthMethod, }: WalletRecoveryProps): import("react/jsx-runtime").JSX.Element;

package/dist/components/wallet/WalletStatus.d.ts

@@ -0,0 +1,28 @@
+import { WalletStatus as WalletStatusType } from '../../types/wallet';
+export interface WalletStatusProps {
+    /** Controlled mode: Override wallet status (for demos/stories) */
+    status?: WalletStatusType;
+    /** Controlled mode: Override public key display */
+    publicKey?: string;
+    /** Controlled mode: Override lock state */
+    onLock?: () => void;
+    /** Callback when user wants to create a wallet */
+    onEnroll?: () => void;
+    /** Callback when user wants to unlock wallet */
+    onUnlock?: () => void;
+    /** Callback when user wants to recover wallet */
+    onRecover?: () => void;
+    /** Whether to show action buttons */
+    showActions?: boolean;
+    /** Compact display mode */
+    compact?: boolean;
+    /** Additional CSS classes */
+    className?: string;
+}
+/**
+ * Wallet status indicator
+ *
+ * Shows current wallet state with optional action buttons.
+ * Pass `status` prop to use in controlled mode (bypasses hook).
+ */
+export declare function WalletStatus({ status: controlledStatus, publicKey: controlledPubkey, onLock: _onLock, onEnroll, onUnlock, onRecover, showActions, compact, className, }: WalletStatusProps): import("react/jsx-runtime").JSX.Element;

package/dist/components/wallet/WalletUnlock.d.ts

@@ -0,0 +1,23 @@
+import { ShareAAuthMethod } from '../../types/wallet';
+export interface WalletUnlockProps {
+    /** Callback when wallet is successfully unlocked */
+    onUnlock?: () => void;
+    /** Callback when unlock is cancelled */
+    onCancel?: () => void;
+    /** Whether to show the cancel button */
+    showCancel?: boolean;
+    /** The wallet's auth method (if known) */
+    authMethod?: ShareAAuthMethod;
+    /** Additional CSS classes */
+    className?: string;
+}
+/**
+ * Wallet unlock form
+ *
+ * Simple single-credential flow:
+ * - Password users: Enter password
+ * - Passkey users: Authenticate with passkey
+ *
+ * Server validates credential and caches derived key for session signing.
+ */
+export declare function WalletUnlock({ onUnlock, onCancel, showCancel, authMethod: propAuthMethod, className, }: WalletUnlockProps): import("react/jsx-runtime").JSX.Element;

package/dist/components/wallet/index.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Wallet component exports
+ */
+export { RecoveryPhraseDisplay } from './RecoveryPhraseDisplay';
+export type { RecoveryPhraseDisplayProps } from './RecoveryPhraseDisplay';
+export { RecoveryPhraseInput } from './RecoveryPhraseInput';
+export type { RecoveryPhraseInputProps } from './RecoveryPhraseInput';
+export { CapabilityWarning } from './CapabilityWarning';
+export type { CapabilityWarningProps } from './CapabilityWarning';
+export { WalletEnrollment } from './WalletEnrollment';
+export type { WalletEnrollmentProps } from './WalletEnrollment';
+export { WalletUnlock } from './WalletUnlock';
+export type { WalletUnlockProps } from './WalletUnlock';
+export { WalletRecovery } from './WalletRecovery';
+export type { WalletRecoveryProps } from './WalletRecovery';
+export { WalletManager } from './WalletManager';
+export type { WalletManagerProps } from './WalletManager';
+export { WalletStatus } from './WalletStatus';
+export type { WalletStatusProps } from './WalletStatus';
+export { WalletAddressRow } from './WalletAddressRow';
+export type { WalletAddressRowProps } from './WalletAddressRow';
+export { PasskeyPrompt } from './PasskeyPrompt';
+export type { PasskeyPromptProps } from './PasskeyPrompt';

package/dist/components/webauthn/PasskeyLoginButton.d.ts

@@ -0,0 +1,8 @@
+import { ReactNode } from 'react';
+export interface PasskeyLoginButtonProps {
+    onSuccess?: () => void;
+    className?: string;
+    children?: ReactNode;
+    disabled?: boolean;
+}
+export declare function PasskeyLoginButton({ onSuccess, className, children, disabled, }: PasskeyLoginButtonProps): import("react/jsx-runtime").JSX.Element;

package/dist/context/CedrosLoginContext.d.ts

@@ -0,0 +1,24 @@
+import { CedrosLoginConfig, AuthUser, AuthState, AuthError, TokenPair } from '../types';
+/**
+ * Internal helpers for auth hooks (not part of public API)
+ */
+export interface CedrosLoginInternalAPI {
+    handleLoginSuccess: (user: AuthUser, tokens?: TokenPair) => void;
+    getAccessToken: () => string | null;
+}
+/**
+ * Context value provided by CedrosLoginProvider
+ */
+export interface CedrosLoginContextValue {
+    config: CedrosLoginConfig;
+    user: AuthUser | null;
+    authState: AuthState;
+    error: AuthError | null;
+    logout: () => Promise<void>;
+    refreshUser: () => Promise<void>;
+    isModalOpen: boolean;
+    openModal: () => void;
+    closeModal: () => void;
+    _internal?: CedrosLoginInternalAPI;
+}
+export declare const CedrosLoginContext: import('react').Context<CedrosLoginContextValue | null>;

package/dist/context/CedrosLoginProvider.d.ts

@@ -0,0 +1,17 @@
+import { ReactNode } from 'react';
+import { CedrosLoginConfig } from '../types';
+export interface CedrosLoginProviderProps {
+    config: CedrosLoginConfig;
+    children: ReactNode;
+}
+/**
+ * Provider component that wraps your app and provides authentication context.
+ *
+ * @example
+ * ```tsx
+ * <CedrosLoginProvider config={{ serverUrl: 'https://api.example.com' }}>
+ *   <App />
+ * </CedrosLoginProvider>
+ * ```
+ */
+export declare function CedrosLoginProvider({ config, children }: CedrosLoginProviderProps): import("react/jsx-runtime").JSX.Element;

package/dist/context/EmbeddedWalletExposure.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Internal component that exposes embedded wallet availability
+ *
+ * This component must be rendered inside CedrosLoginProvider since
+ * it uses hooks that depend on the login context.
+ *
+ * @internal
+ */
+/**
+ * Exposes embedded wallet availability via window global when enabled
+ *
+ * Only exposes info when:
+ * 1. config.wallet.exposeAvailability is true
+ * 2. User is logged in
+ * 3. Wallet status is known
+ *
+ * @internal
+ */
+export declare function EmbeddedWalletExposure(): null;

package/dist/context/useCedrosLogin.d.ts

@@ -0,0 +1,12 @@
+import { CedrosLoginContextValue } from './CedrosLoginContext';
+/**
+ * Hook to access the Cedros Login context.
+ * Must be used within a CedrosLoginProvider.
+ */
+export declare function useCedrosLogin(): CedrosLoginContextValue;
+/**
+ * Optional version of useCedrosLogin that returns null instead of throwing
+ * when used outside a CedrosLoginProvider. Useful for components that need
+ * to work in both provider and non-provider contexts (e.g., Storybook demos).
+ */
+export declare function useCedrosLoginOptional(): CedrosLoginContextValue | null;

package/dist/crypto/aesGcm.d.ts

@@ -0,0 +1,89 @@
+import { EncryptionKey, AesNonce } from './types';
+/** Result of AES-GCM encryption */
+export interface AesGcmEncryptResult {
+    /** Ciphertext including authentication tag */
+    ciphertext: Uint8Array;
+    /** 12-byte nonce used */
+    nonce: AesNonce;
+}
+/**
+ * Encrypt plaintext using AES-256-GCM
+ *
+ * @param plaintext - Data to encrypt
+ * @param key - 32-byte encryption key
+ * @param nonce - Optional 12-byte nonce (generated if not provided)
+ * @returns Ciphertext and nonce
+ * @throws Error if encryption fails
+ */
+export declare function aesGcmEncrypt(plaintext: Uint8Array, key: EncryptionKey, nonce?: AesNonce): Promise<AesGcmEncryptResult>;
+/**
+ * Decrypt ciphertext using AES-256-GCM
+ *
+ * @param ciphertext - Data to decrypt (includes auth tag)
+ * @param key - 32-byte encryption key
+ * @param nonce - 12-byte nonce used during encryption
+ * @returns Decrypted plaintext
+ * @throws Error if decryption or authentication fails
+ */
+export declare function aesGcmDecrypt(ciphertext: Uint8Array, key: EncryptionKey, nonce: AesNonce): Promise<Uint8Array>;
+/**
+ * Encrypt plaintext and return base64-encoded results
+ *
+ * @param plaintext - Data to encrypt
+ * @param key - 32-byte encryption key
+ * @returns Base64-encoded ciphertext and nonce
+ */
+export declare function aesGcmEncryptToBase64(plaintext: Uint8Array, key: EncryptionKey): Promise<{
+    ciphertext: string;
+    nonce: string;
+}>;
+/**
+ * Decrypt base64-encoded ciphertext
+ *
+ * @param ciphertextB64 - Base64-encoded ciphertext
+ * @param nonceB64 - Base64-encoded nonce
+ * @param key - 32-byte encryption key
+ * @returns Decrypted plaintext
+ */
+export declare function aesGcmDecryptFromBase64(ciphertextB64: string, nonceB64: string, key: EncryptionKey): Promise<Uint8Array>;
+/**
+ * Encrypt with automatic key derivation from password
+ *
+ * This is a convenience wrapper that combines Argon2 KDF with AES-GCM.
+ * For more control, use argon2 and aesGcmEncrypt separately.
+ *
+ * @param plaintext - Data to encrypt
+ * @param passwordKey - Key derived from password via Argon2
+ * @returns Encrypted result with nonce
+ */
+export declare function encryptWithPasswordKey(plaintext: Uint8Array, passwordKey: Uint8Array): Promise<AesGcmEncryptResult>;
+/**
+ * Decrypt with password-derived key
+ *
+ * @param ciphertext - Data to decrypt
+ * @param nonce - Nonce used during encryption
+ * @param passwordKey - Key derived from password via Argon2
+ * @returns Decrypted plaintext
+ */
+export declare function decryptWithPasswordKey(ciphertext: Uint8Array, nonce: AesNonce, passwordKey: Uint8Array): Promise<Uint8Array>;
+/**
+ * Convert Uint8Array to base64 string
+ *
+ * MAINT-01: Uses chunked String.fromCharCode for O(n) performance.
+ * Simple concatenation (`binary += char`) would be O(n²).
+ */
+export declare function uint8ArrayToBase64(bytes: Uint8Array): string;
+/**
+ * Convert base64 string to Uint8Array
+ *
+ * @throws Error if input is not valid base64
+ */
+export declare function base64ToUint8Array(base64: string): Uint8Array;
+/**
+ * Encrypt and securely wipe plaintext after encryption
+ *
+ * @param plaintext - Data to encrypt (will be wiped)
+ * @param key - Encryption key
+ * @returns Encrypted result
+ */
+export declare function encryptAndWipe(plaintext: Uint8Array, key: EncryptionKey): Promise<AesGcmEncryptResult>;

package/dist/crypto/argon2.d.ts

@@ -0,0 +1,65 @@
+import { EncryptionKey, Argon2Salt, KdfParams } from './types';
+/**
+ * Derive an encryption key from a password using Argon2id
+ *
+ * @security H-01: The password string cannot be wiped from memory after use.
+ * For sensitive applications, prefer argon2DeriveFromBytes() which accepts
+ * Uint8Array that CAN be securely wiped.
+ *
+ * @param password - User password or PIN
+ * @param salt - Unique salt (16+ bytes)
+ * @param params - KDF parameters (memory, time, parallelism)
+ * @returns 32-byte encryption key
+ */
+export declare function argon2Derive(password: string, salt: Argon2Salt, params?: KdfParams): Promise<EncryptionKey>;
+/**
+ * Derive key from password bytes (for non-string passwords like PINs)
+ *
+ * @param passwordBytes - Password as bytes
+ * @param salt - Unique salt
+ * @param params - KDF parameters
+ * @returns 32-byte encryption key
+ */
+export declare function argon2DeriveFromBytes(passwordBytes: Uint8Array, salt: Argon2Salt, params?: KdfParams): Promise<EncryptionKey>;
+/**
+ * Validate KDF parameters are within safe bounds
+ *
+ * Prevents DoS attacks via excessive resource consumption.
+ *
+ * @param params - Parameters to validate
+ * @throws Error if parameters are out of bounds
+ */
+export declare function validateKdfParams(params: KdfParams): void;
+/**
+ * Check if Argon2 WASM is available and working
+ *
+ * @returns true if Argon2 can be used
+ */
+export declare function isArgon2Supported(): Promise<boolean>;
+/**
+ * Verify a password against stored parameters
+ *
+ * This is primarily for testing/validation, not for authentication
+ * (the server handles authentication).
+ *
+ * M-06: Timing Leak Note
+ * The length check at the start of comparison returns early on mismatch,
+ * creating a timing side-channel. This is acceptable because:
+ * 1. Server handles real authentication (not this client-side code)
+ * 2. Key lengths are fixed (32 bytes), so mismatch indicates corruption not attack
+ * 3. Argon2 derivation dominates timing regardless of comparison path
+ *
+ * @param password - Password to verify
+ * @param salt - Salt used during original derivation
+ * @param params - KDF parameters used
+ * @param expectedKey - Expected derived key
+ * @returns true if password produces the same key
+ */
+export declare function verifyPassword(password: string, salt: Argon2Salt, params: KdfParams, expectedKey: Uint8Array): Promise<boolean>;
+/**
+ * Get recommended KDF parameters based on target duration
+ *
+ * @param targetMs - Target duration in milliseconds (default: 500ms)
+ * @returns Recommended parameters
+ */
+export declare function getRecommendedParams(targetMs?: number): KdfParams;

package/dist/crypto/argon2Worker.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/crypto/argon2WorkerClient.d.ts

@@ -0,0 +1,28 @@
+import { Argon2Salt, EncryptionKey, KdfParams } from './types';
+/**
+ * Derive an encryption key from password using Argon2id in a Web Worker.
+ *
+ * Offloads CPU-intensive Argon2id KDF to a background thread to avoid
+ * blocking the main thread. Falls back to synchronous derivation if
+ * Web Workers are not available.
+ *
+ * @param password - User's password
+ * @param salt - 16-byte random salt
+ * @param params - KDF parameters (memory, iterations, parallelism)
+ * @returns 32-byte encryption key
+ *
+ * @security **CALLER MUST WIPE RETURNED KEY AFTER USE**
+ * The returned key contains sensitive cryptographic material.
+ * Callers are responsible for wiping it when no longer needed:
+ * ```ts
+ * const key = await argon2DeriveInWorker(password, salt);
+ * try {
+ *   // use key for encryption/decryption
+ * } finally {
+ *   wipeBytes(key);
+ * }
+ * ```
+ * Failure to wipe may leave key material in memory, vulnerable to memory
+ * dump attacks.
+ */
+export declare function argon2DeriveInWorker(password: string, salt: Argon2Salt, params?: KdfParams): Promise<EncryptionKey>;

package/dist/crypto/bip39.d.ts

@@ -0,0 +1,106 @@
+import { Seed, ShamirShare } from './types';
+/** Number of words in recovery phrase (12 = 128 bits, standard Solana format) */
+export declare const MNEMONIC_WORD_COUNT = 12;
+/**
+ * Encode a Shamir share as a BIP-39 mnemonic phrase
+ *
+ * @param share - 16-byte share to encode
+ * @returns Array of 12 mnemonic words
+ */
+export declare function shareToMnemonic(share: ShamirShare): string[];
+/**
+ * Decode a BIP-39 mnemonic phrase back to a Shamir share
+ *
+ * @param words - Array of 12 mnemonic words
+ * @returns 16-byte share
+ * @throws Error if mnemonic is invalid
+ */
+export declare function mnemonicToShare(words: string[]): ShamirShare;
+/**
+ * Encode a 16-byte seed as a BIP-39 mnemonic phrase
+ *
+ * This is used for the recovery phrase which encodes the FULL SEED
+ * (not a Shamir share) to allow complete wallet recovery.
+ *
+ * @param seed - 16-byte seed to encode
+ * @returns Array of 12 mnemonic words
+ */
+export declare function seedToMnemonic(seed: Seed): string[];
+/**
+ * Decode a BIP-39 mnemonic phrase back to a seed
+ *
+ * This is used during recovery to restore the full wallet seed.
+ *
+ * @param words - Array of 12 mnemonic words
+ * @returns 16-byte seed
+ * @throws Error if mnemonic is invalid
+ */
+export declare function mnemonicToSeed(words: string[]): Seed;
+/**
+ * Validate a mnemonic phrase without decoding
+ *
+ * @param words - Array of words to validate
+ * @returns true if valid BIP-39 mnemonic
+ */
+export declare function isValidMnemonic(words: string[]): boolean;
+/**
+ * Check if a single word is in the BIP-39 wordlist
+ *
+ * @param word - Word to check
+ * @returns true if word is in the wordlist
+ */
+export declare function isValidWord(word: string): boolean;
+/**
+ * Get word suggestions for autocomplete
+ *
+ * @param prefix - Partial word input
+ * @param limit - Maximum number of suggestions
+ * @returns Array of matching words from wordlist
+ */
+export declare function getWordSuggestions(prefix: string, limit?: number): string[];
+/**
+ * Generate a random mnemonic for testing purposes
+ *
+ * WARNING: Do not use this for actual wallet generation.
+ * Use the proper enrollment flow which generates a seed and splits it.
+ *
+ * @returns Array of 12 random words
+ */
+export declare function generateRandomMnemonic(): string[];
+/**
+ * Format mnemonic words for display (groups of 4)
+ *
+ * @param words - Array of mnemonic words
+ * @returns Array of word groups
+ */
+export declare function formatMnemonicForDisplay(words: string[]): string[][];
+/**
+ * Parse user input into word array, handling various formats
+ *
+ * @param input - User input (space/comma/newline separated)
+ * @returns Array of normalized words
+ */
+export declare function parseMnemonicInput(input: string): string[];
+/**
+ * Securely wipe mnemonic array
+ *
+ * @security CRYPTO-2: This is BEST-EFFORT only. JavaScript strings are immutable
+ * and the original word values WILL persist in memory until garbage collected.
+ * See secureWipe.ts wipeString() for details on JS string wiping limitations.
+ *
+ * @param words - Array of words to wipe
+ */
+export declare function wipeMnemonic(words: string[]): void;
+/**
+ * Get the BIP-39 wordlist for UI purposes (e.g., validation indicators)
+ *
+ * @returns Copy of the wordlist
+ */
+export declare function getWordlist(): readonly string[];
+/**
+ * Calculate the index of a word in the wordlist
+ *
+ * @param word - Word to look up
+ * @returns Index (0-2047) or -1 if not found
+ */
+export declare function getWordIndex(word: string): number;