@cedros/login-react 0.0.1

package/dist/crypto/capabilities.d.ts

@@ -0,0 +1,35 @@
+import { CryptoCapabilities } from './types';
+/**
+ * Check all required crypto capabilities
+ *
+ * @returns Capability check results
+ */
+export declare function checkCryptoCapabilities(): Promise<CryptoCapabilities>;
+/**
+ * Get a human-readable message about missing capabilities
+ *
+ * @param capabilities - Capability check results
+ * @returns Error message describing what's missing, or null if all supported
+ */
+export declare function getMissingCapabilitiesMessage(capabilities: CryptoCapabilities): string | null;
+/**
+ * Check if the browser is known to support all required features
+ *
+ * @returns Object with browser info and support status
+ */
+export declare function getBrowserSupportInfo(): {
+    browser: string;
+    version: string;
+    likelySupported: boolean;
+};
+/**
+ * Get cached capabilities or check if not cached
+ *
+ * @param forceRefresh - If true, bypass cache and recheck
+ * @returns Capability check results
+ */
+export declare function getCryptoCapabilities(forceRefresh?: boolean): Promise<CryptoCapabilities>;
+/**
+ * Clear the capability cache (useful for testing)
+ */
+export declare function clearCapabilityCache(): void;

package/dist/crypto/entropy.d.ts

@@ -0,0 +1,56 @@
+import { Seed, AesNonce, Argon2Salt, PrfSalt } from './types';
+/**
+ * Get cryptographically secure random bytes
+ *
+ * @param length - Number of bytes to generate
+ * @returns Random bytes
+ * @throws Error if WebCrypto is not available
+ */
+export declare function getRandomBytes(length: number): Uint8Array;
+/**
+ * Generate a cryptographically secure 16-byte seed for wallet derivation
+ *
+ * Note: 16 bytes (128 bits) matches standard Solana wallet format.
+ *
+ * @returns 16-byte seed
+ * @throws Error if WebCrypto is not available
+ */
+export declare function generateSeed(): Seed;
+/**
+ * Generate a 12-byte nonce for AES-GCM encryption
+ *
+ * Security: AES-GCM requires a unique nonce per encryption with the same key.
+ * Using random nonces is safe for reasonable message counts (< 2^32).
+ *
+ * CRYPTO-03: For high-volume encryption scenarios (>2^30 messages with same key),
+ * the birthday bound risk of nonce collision increases. Recommendations:
+ * 1. Rotate encryption keys periodically (e.g., every 2^20 encryptions)
+ * 2. Use counter-based nonces instead of random for sequential encryption
+ * 3. Monitor encryption count and trigger re-keying before limits are reached
+ *
+ * For typical wallet use cases (encrypting seed once), random nonces are safe.
+ *
+ * @returns 12-byte nonce
+ * @throws Error if WebCrypto is not available
+ */
+export declare function generateNonce(): AesNonce;
+/**
+ * Generate a 16-byte salt for Argon2id KDF
+ *
+ * Security: Salt must be unique per user/password combination.
+ * 16 bytes provides sufficient uniqueness.
+ *
+ * @returns 16-byte salt
+ * @throws Error if WebCrypto is not available
+ */
+export declare function generateArgon2Salt(): Argon2Salt;
+/**
+ * Generate a 32-byte salt for WebAuthn PRF extension
+ *
+ * Security: PRF salt is used as input to the PRF to derive unique
+ * per-credential keys. Must be stored alongside encrypted share.
+ *
+ * @returns 32-byte PRF salt
+ * @throws Error if WebCrypto is not available
+ */
+export declare function generatePrfSalt(): PrfSalt;

package/dist/crypto/hkdf.d.ts

@@ -0,0 +1,38 @@
+import { EncryptionKey } from './types';
+/**
+ * Derive an encryption key using HKDF-SHA256
+ *
+ * @param inputKeyMaterial - Raw key material (e.g., from PRF)
+ * @param salt - Optional salt (if not provided, uses zero-filled buffer)
+ * @param info - Context/application-specific info string
+ * @param outputLength - Desired output key length in bytes (default: 32)
+ * @returns Derived key
+ */
+export declare function hkdfDerive(inputKeyMaterial: Uint8Array, salt: Uint8Array | undefined, info: string, outputLength?: number): Promise<Uint8Array>;
+/**
+ * Derive a 256-bit encryption key from PRF output
+ *
+ * @param prfOutput - Output from WebAuthn PRF extension (typically 32 bytes)
+ * @param prfSalt - Salt used with PRF (stored with encrypted share)
+ * @returns 32-byte encryption key suitable for AES-256-GCM
+ */
+export declare function deriveKeyFromPrf(prfOutput: Uint8Array, prfSalt: Uint8Array): Promise<EncryptionKey>;
+/**
+ * Derive a key with domain separation for different purposes
+ *
+ * @param inputKeyMaterial - Base key material
+ * @param domain - Domain separator string (e.g., 'signing', 'encryption')
+ * @param salt - Optional salt
+ * @returns Derived key
+ *
+ * @security Domain strings MUST be unique across the codebase. Using the same
+ * domain with the same input key material will produce identical keys, which
+ * could lead to key reuse vulnerabilities. See module-level docs for reserved domains.
+ */
+export declare function deriveKeyWithDomain(inputKeyMaterial: Uint8Array, domain: string, salt?: Uint8Array): Promise<Uint8Array>;
+/**
+ * Check if HKDF is supported in the current environment
+ *
+ * @returns true if HKDF is available
+ */
+export declare function isHkdfSupported(): Promise<boolean>;

package/dist/crypto/index.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Crypto module exports for SSS wallet implementation
+ *
+ * This module provides all cryptographic primitives needed for the
+ * non-custodial Solana wallet feature using Shamir Secret Sharing.
+ *
+ * Key components:
+ * - Entropy: Secure random number generation
+ * - Shamir: Secret splitting and reconstruction
+ * - AES-GCM: Authenticated encryption
+ * - Argon2: Password-based key derivation
+ * - HKDF: Key derivation from PRF output
+ * - BIP-39: Mnemonic encoding for recovery phrase
+ * - WebAuthn PRF: Device key derivation via passkeys
+ * - Solana Keypair: Ed25519 keypair derivation
+ * - Secure Wipe: Memory cleanup utilities
+ * - Capabilities: Feature detection
+ */
+export * from './types';
+export { getRandomBytes, generateSeed, generateNonce, generateArgon2Salt, generatePrfSalt, } from './entropy';
+export { wipeBytes, wipeAll, withSecureCleanup, withSecureCleanupSync, createSecureContainer, type SecureContainer, } from './secureWipe';
+export { aesGcmEncrypt, aesGcmDecrypt, aesGcmEncryptToBase64, aesGcmDecryptFromBase64, encryptWithPasswordKey, decryptWithPasswordKey, encryptAndWipe, uint8ArrayToBase64, base64ToUint8Array, type AesGcmEncryptResult, } from './aesGcm';
+export { hkdfDerive, deriveKeyFromPrf, deriveKeyWithDomain, isHkdfSupported } from './hkdf';
+export { argon2Derive, argon2DeriveFromBytes, validateKdfParams, isArgon2Supported, verifyPassword, getRecommendedParams, } from './argon2';
+export { argon2DeriveInWorker } from './argon2WorkerClient';
+export { splitSecret, combineShares, verifyShares, getShareIndex, padToLength, SHAMIR_THRESHOLD, SHAMIR_TOTAL, type ShareId, type ShamirSplitResult, } from './shamir';
+export { shareToMnemonic, mnemonicToShare, seedToMnemonic, mnemonicToSeed, isValidMnemonic, isValidWord, getWordSuggestions, generateRandomMnemonic, formatMnemonicForDisplay, parseMnemonicInput, wipeMnemonic, getWordlist, getWordIndex, MNEMONIC_WORD_COUNT, } from './bip39';
+export { isWebAuthnAvailable, isPrfSupported, registerPasskeyWithPrf, authenticateWithPrf, authenticateWithDiscoverablePrf, getEncryptionKeyFromPasskey, isCredentialAvailable, type PasskeyRegistrationResult, type PasskeyAuthResult, } from './webauthnPrf';
+export { deriveKeypairFromSeed, getPublicKeyFromSeed, publicKeyToBase58, base58ToPublicKey, isValidSolanaAddress, type SolanaKeypair, } from './solanaKeypair';
+export { checkCryptoCapabilities, getMissingCapabilitiesMessage, getBrowserSupportInfo, getCryptoCapabilities, clearCapabilityCache, } from './capabilities';

package/dist/crypto/secureWipe.d.ts

@@ -0,0 +1,90 @@
+/**
+ * Secure memory wiping utilities
+ *
+ * Security: JavaScript does not guarantee memory clearing due to GC and
+ * JIT optimization. These functions provide best-effort clearing of
+ * sensitive data. For truly sensitive operations, consider using
+ * WebAssembly with explicit memory management.
+ *
+ * IMPORTANT - String vs Uint8Array:
+ * - Uint8Array CAN be wiped (wipeBytes) - use for keys, seeds, passwords
+ * - Strings CANNOT be wiped in JavaScript - they are immutable
+ * - The wipeString() function returns '' but does NOT clear memory
+ * - Always prefer Uint8Array for sensitive cryptographic material
+ *
+ * Best practices:
+ * - Call wipe functions as soon as sensitive data is no longer needed
+ * - Use try/finally blocks to ensure wiping on errors
+ * - Keep sensitive data lifetime as short as possible
+ * - Convert sensitive strings to Uint8Array immediately, wipe after use
+ */
+/**
+ * Best-effort wipe of a Uint8Array by zeroing all bytes
+ *
+ * Warning: JavaScript JIT may optimize away this operation. This provides
+ * defense-in-depth but is not a guarantee against memory inspection.
+ *
+ * @param data - Array to wipe
+ */
+export declare function wipeBytes(data: Uint8Array): void;
+/**
+ * Wipe multiple byte arrays
+ *
+ * @param arrays - Arrays to wipe
+ */
+export declare function wipeAll(...arrays: (Uint8Array | undefined | null)[]): void;
+/**
+ * Best-effort wipe of a string by replacing with spaces
+ *
+ * @security CRYPTO-2: JavaScript strings are immutable - this is a BEST-EFFORT
+ * operation only. The original string content WILL persist in memory until
+ * garbage collected, and may be copied by the JS engine's string interning.
+ * There is NO WAY to securely wipe strings in JavaScript.
+ *
+ * DO NOT rely on this for security-critical wiping. Always prefer Uint8Array
+ * for sensitive data (keys, passwords, seeds) which CAN be securely wiped.
+ *
+ * @deprecated This function provides NO security guarantee. It exists only
+ * for API completeness. Use Uint8Array + wipeBytes() for sensitive data.
+ *
+ * @param _str - String to "wipe" (cannot actually be cleared)
+ * @returns Empty string (original cannot be modified)
+ */
+export declare function wipeString(_str: string): string;
+/**
+ * Execute a function with automatic cleanup of byte arrays
+ *
+ * @param arrays - Arrays to wipe after function completes
+ * @param fn - Function to execute
+ * @returns Result of function
+ */
+export declare function withSecureCleanup<T>(arrays: Uint8Array[], fn: () => Promise<T>): Promise<T>;
+/**
+ * Execute a synchronous function with automatic cleanup of byte arrays
+ *
+ * @param arrays - Arrays to wipe after function completes
+ * @param fn - Function to execute
+ * @returns Result of function
+ */
+export declare function withSecureCleanupSync<T>(arrays: Uint8Array[], fn: () => T): T;
+/**
+ * Create a scoped container for sensitive byte data with automatic cleanup
+ *
+ * Usage:
+ * ```typescript
+ * const container = createSecureContainer();
+ * try {
+ *   const key = container.track(generateKey());
+ *   // use key...
+ * } finally {
+ *   container.wipeAll();
+ * }
+ * ```
+ */
+export declare function createSecureContainer(): SecureContainer;
+export interface SecureContainer {
+    /** Track a byte array for later cleanup */
+    track<T extends Uint8Array>(data: T): T;
+    /** Wipe all tracked arrays */
+    wipeAll(): void;
+}

package/dist/crypto/shamir.d.ts

@@ -0,0 +1,52 @@
+import { Seed, ShamirShare } from './types';
+/** Shamir threshold (minimum shares to reconstruct) */
+export declare const SHAMIR_THRESHOLD = 2;
+/** Total number of shares */
+export declare const SHAMIR_TOTAL = 3;
+/** Share identifiers */
+export type ShareId = 'A' | 'B' | 'C';
+/** Result of splitting a secret into shares */
+export interface ShamirSplitResult {
+    /** Share A (for password encryption) */
+    shareA: ShamirShare;
+    /** Share B (for device PRF encryption) */
+    shareB: ShamirShare;
+    /** Share C (for recovery phrase) */
+    shareC: ShamirShare;
+}
+/**
+ * Split a 16-byte seed into 3 shares using Shamir's Secret Sharing
+ *
+ * @param seed - 16-byte seed to split
+ * @returns Three shares (any 2 can reconstruct the seed)
+ */
+export declare function splitSecret(seed: Seed): ShamirSplitResult;
+/**
+ * Combine 2 shares to reconstruct the original seed
+ *
+ * @param share1 - First share
+ * @param share2 - Second share (must be different from first)
+ * @returns Reconstructed 16-byte seed (MAINT-03: fixed from incorrect "32-byte")
+ * @throws Error if shares are invalid or cannot reconstruct
+ */
+export declare function combineShares(share1: ShamirShare, share2: ShamirShare): Seed;
+/**
+ * Verify that shares can successfully reconstruct a seed
+ *
+ * @param share1 - First share
+ * @param share2 - Second share
+ * @param expectedSeed - Expected seed after reconstruction
+ * @returns true if shares reconstruct to expected seed
+ */
+export declare function verifyShares(share1: ShamirShare, share2: ShamirShare, expectedSeed: Seed): boolean;
+/**
+ * Extract share index from a share (useful for debugging)
+ *
+ * @param share - Share to inspect
+ * @returns Share index (1-based)
+ */
+export declare function getShareIndex(share: ShamirShare): number;
+/**
+ * Pad a Uint8Array to a specific length
+ */
+export declare function padToLength(data: Uint8Array, targetLength: number): Uint8Array;

package/dist/crypto/solanaKeypair.d.ts

@@ -0,0 +1,63 @@
+import { Seed } from './types';
+/** Solana keypair with public and secret key */
+export interface SolanaKeypair {
+    /** 32-byte Ed25519 public key */
+    publicKey: Uint8Array;
+    /** 64-byte Ed25519 secret key (32-byte expanded seed + 32-byte public key) */
+    secretKey: Uint8Array;
+}
+/**
+ * Derive an Ed25519 keypair from a 16-byte seed
+ *
+ * The 16-byte seed is expanded to 32 bytes using SHA-256, then used for
+ * Ed25519 derivation which internally:
+ * - Hashes expanded seed with SHA-512
+ * - Clamps lower 32 bytes to form scalar
+ * - Multiplies by Ed25519 base point
+ *
+ * @param seed - 16-byte seed (128-bit entropy)
+ * @returns Keypair with 32-byte public key and 64-byte secret key
+ *
+ * @security **CALLER MUST WIPE secretKey AFTER USE**
+ * The returned `secretKey` contains sensitive cryptographic material.
+ * Callers are responsible for wiping it when no longer needed:
+ * ```ts
+ * const keypair = deriveKeypairFromSeed(seed);
+ * try {
+ *   // use keypair.secretKey for signing
+ * } finally {
+ *   wipeBytes(keypair.secretKey);
+ * }
+ * ```
+ * Failure to wipe may leave key material in memory, vulnerable to memory
+ * dump attacks. The internal `expandedSeed` is automatically wiped.
+ */
+export declare function deriveKeypairFromSeed(seed: Seed): SolanaKeypair;
+/**
+ * Get the public key from a seed without returning the secret key
+ *
+ * @param seed - 32-byte seed
+ * @returns 32-byte Ed25519 public key
+ */
+export declare function getPublicKeyFromSeed(seed: Seed): Uint8Array;
+/**
+ * Encode a public key as a Base58 Solana address
+ *
+ * @param publicKey - 32-byte public key
+ * @returns Base58-encoded address string
+ */
+export declare function publicKeyToBase58(publicKey: Uint8Array): string;
+/**
+ * Decode a Base58 Solana address to public key bytes
+ *
+ * @param address - Base58-encoded address
+ * @returns 32-byte public key
+ */
+export declare function base58ToPublicKey(address: string): Uint8Array;
+/**
+ * Validate a Solana address format
+ *
+ * @param address - Address string to validate
+ * @returns true if valid Base58 and correct length
+ */
+export declare function isValidSolanaAddress(address: string): boolean;

package/dist/crypto/types.d.ts

@@ -0,0 +1,134 @@
+/**
+ * Cryptographic type definitions for SSS wallet implementation
+ *
+ * Security: These types define the structure for client-side key material.
+ * The server never receives plaintext seeds or derived keys.
+ */
+/** 16-byte seed for wallet derivation (128 bits, standard Solana format) */
+export type Seed = Uint8Array & {
+    readonly _brand: 'Seed';
+};
+/** 16-byte Shamir share (128 bits) */
+export type ShamirShare = Uint8Array & {
+    readonly _brand: 'ShamirShare';
+};
+/** 32-byte encryption key */
+export type EncryptionKey = Uint8Array & {
+    readonly _brand: 'EncryptionKey';
+};
+/** 12-byte AES-GCM nonce */
+export type AesNonce = Uint8Array & {
+    readonly _brand: 'AesNonce';
+};
+/** 16+ byte Argon2 salt */
+export type Argon2Salt = Uint8Array & {
+    readonly _brand: 'Argon2Salt';
+};
+/** 32-byte PRF salt */
+export type PrfSalt = Uint8Array & {
+    readonly _brand: 'PrfSalt';
+};
+/** Argon2id KDF parameters (OWASP recommended) */
+export interface KdfParams {
+    /** Memory cost in KiB (default: 19456 = 19 MiB) */
+    mCost: number;
+    /** Time cost / iterations (default: 2) */
+    tCost: number;
+    /** Parallelism (default: 1) */
+    pCost: number;
+}
+/** Default OWASP-recommended Argon2id parameters */
+export declare const DEFAULT_KDF_PARAMS: KdfParams;
+/** Encrypted data with nonce for AES-GCM */
+export interface EncryptedData {
+    /** Base64-encoded ciphertext */
+    ciphertext: string;
+    /** Base64-encoded 12-byte nonce */
+    nonce: string;
+}
+/** Enrollment flow state */
+export type EnrollmentStep = 'idle' | 'generating_seed' | 'splitting_shares' | 'encrypting_shares' | 'registering_passkey' | 'uploading' | 'showing_recovery' | 'complete' | 'error';
+/** Enrollment flow state machine */
+export interface EnrollmentState {
+    step: EnrollmentStep;
+    error?: string;
+    /** BIP-39 mnemonic words (only during showing_recovery step) */
+    recoveryPhrase?: string[];
+    /** Solana public key (after complete) */
+    solanaPubkey?: string;
+}
+/** Recovery flow state */
+export type RecoveryStep = 'idle' | 'entering_phrase' | 'validating' | 'prompting_password' | 'registering_passkey' | 'encrypting' | 'uploading' | 'complete' | 'error';
+/** Recovery flow state machine */
+export interface RecoveryState {
+    step: RecoveryStep;
+    error?: string;
+    /**
+     * New recovery phrase (12 words) shown ONLY on successful completion.
+     * SECURITY: Must be displayed to user immediately and never logged.
+     * User should write down and securely store this phrase.
+     */
+    recoveryPhrase?: string[];
+}
+/** Crypto capability detection results */
+export interface CryptoCapabilities {
+    /** WebCrypto API available */
+    webCrypto: boolean;
+    /** AES-GCM supported */
+    aesGcm: boolean;
+    /** HKDF supported */
+    hkdf: boolean;
+    /** Ed25519 signing supported */
+    ed25519: boolean;
+    /** WebAuthn available */
+    webAuthn: boolean;
+    /** WebAuthn PRF extension supported */
+    webAuthnPrf: boolean;
+    /** Argon2 WASM can be loaded */
+    argon2: boolean;
+    /** All required capabilities available */
+    allSupported: boolean;
+}
+/** Wallet status */
+export type WalletStatus = 'loading' | 'not_enrolled' | 'enrolled_locked' | 'enrolled_unlocked' | 'unlocked' | 'error';
+/** Type guard: verify Seed length (16 bytes) */
+export declare function isSeed(data: Uint8Array): data is Seed;
+/** Type guard: verify ShamirShare is valid
+ * CRYPTO-4: Improved validation to check secrets.js format markers.
+ * secrets.js produces shares with format: {bits}{id}{data}
+ *
+ * Note: BIP-39 mnemonic system stores 16-byte entropy without secrets.js
+ * metadata, so we also accept exactly 16-byte arrays for compatibility.
+ */
+export declare function isShamirShare(data: Uint8Array): data is ShamirShare;
+/** Type guard: verify EncryptionKey length */
+export declare function isEncryptionKey(data: Uint8Array): data is EncryptionKey;
+/** Type guard: verify AesNonce length */
+export declare function isAesNonce(data: Uint8Array): data is AesNonce;
+/** Type guard: verify Argon2Salt length (16+ bytes) */
+export declare function isArgon2Salt(data: Uint8Array): data is Argon2Salt;
+/** Type guard: verify PrfSalt length */
+export declare function isPrfSalt(data: Uint8Array): data is PrfSalt;
+/** Create branded Seed from Uint8Array (throws if invalid) */
+export declare function toSeed(data: Uint8Array): Seed;
+/** Create branded ShamirShare from Uint8Array (throws if invalid) */
+export declare function toShamirShare(data: Uint8Array): ShamirShare;
+/** Create branded EncryptionKey from Uint8Array (throws if invalid) */
+export declare function toEncryptionKey(data: Uint8Array): EncryptionKey;
+/** Create branded AesNonce from Uint8Array (throws if invalid) */
+export declare function toAesNonce(data: Uint8Array): AesNonce;
+/** Create branded Argon2Salt from Uint8Array (throws if invalid) */
+export declare function toArgon2Salt(data: Uint8Array): Argon2Salt;
+/** Create branded PrfSalt from Uint8Array (throws if invalid) */
+export declare function toPrfSalt(data: Uint8Array): PrfSalt;
+/**
+ * Cast branded Uint8Array types to BufferSource for Web Crypto API compatibility.
+ *
+ * Web Crypto APIs (importKey, encrypt, decrypt, etc.) expect BufferSource which only
+ * accepts plain Uint8Array with ArrayBuffer (not ArrayBufferLike), not our branded types.
+ * This function returns a new Uint8Array backed by a plain ArrayBuffer to satisfy the type.
+ *
+ * @param data - Any branded Uint8Array type (Seed, EncryptionKey, AesNonce, etc.)
+ * @returns BufferSource suitable for Web Crypto APIs
+ */
+export declare function toBufferSource<T extends Uint8Array>(data: T): BufferSource;

package/dist/crypto/webauthnPrf.d.ts

@@ -0,0 +1,118 @@
+import { PrfSalt } from './types';
+/**
+ * SEC-004: Validate the current hostname against allowed RP domains.
+ *
+ * This prevents WebAuthn credential creation/usage on unexpected domains,
+ * which could be used in phishing attacks.
+ *
+ * @param allowedDomains - List of allowed domain names. Empty means validation is skipped.
+ * @throws Error if hostname is not in allowed list (production only)
+ */
+export declare function validateRpDomain(allowedDomains?: string[]): void;
+/** Result of registering a new passkey with PRF */
+export interface PasskeyRegistrationResult {
+    /** Base64-encoded credential ID */
+    credentialId: string;
+    /** Base64-encoded PRF salt */
+    prfSalt: string;
+    /** PRF output (32 bytes) for key derivation */
+    prfOutput: Uint8Array;
+}
+/** Result of authenticating with an existing passkey */
+export interface PasskeyAuthResult {
+    /** PRF output (32 bytes) for key derivation */
+    prfOutput: Uint8Array;
+}
+/**
+ * Check if WebAuthn is available in this browser
+ */
+export declare function isWebAuthnAvailable(): boolean;
+/**
+ * Check if the PRF extension is supported
+ *
+ * Note: This only checks for API support, not actual authenticator support.
+ * The actual PRF availability depends on the user's authenticator.
+ */
+export declare function isPrfSupported(): Promise<boolean>;
+/** Options for passkey operations */
+export interface PasskeyOptions {
+    /** SEC-004: Allowed domains for RP ID validation */
+    allowedDomains?: string[];
+}
+/**
+ * Register a new passkey with PRF extension for wallet encryption
+ *
+ * @param userId - User ID bytes (from authenticated user)
+ * @param userName - Display name for the passkey
+ * @param displayName - User's display name
+ * @param prfSalt - Optional PRF salt (generated if not provided)
+ * @param options - Optional configuration including allowed domains
+ * @returns Registration result with credential ID and PRF output
+ * @throws Error if registration fails or PRF is not supported
+ */
+export declare function registerPasskeyWithPrf(userId: Uint8Array, userName: string, displayName: string, prfSalt?: PrfSalt, options?: PasskeyOptions): Promise<PasskeyRegistrationResult>;
+/**
+ * Authenticate with an existing passkey and get PRF output
+ *
+ * @param credentialId - Base64-encoded credential ID
+ * @param prfSalt - Base64-encoded PRF salt
+ * @param options - Optional configuration including allowed domains
+ * @returns Authentication result with PRF output
+ * @throws Error if authentication fails
+ */
+export declare function authenticateWithPrf(credentialId: string, prfSalt: string, options?: PasskeyOptions): Promise<PasskeyAuthResult>;
+/**
+ * Get encryption key from passkey via PRF extension
+ *
+ * This combines authentication and key derivation in a single operation.
+ *
+ * ## SEC-03: Key Lifecycle Management
+ *
+ * **IMPORTANT**: The returned encryption key is sensitive cryptographic material.
+ * Callers are responsible for:
+ *
+ * 1. Using the key only for its intended purpose (Share B decryption)
+ * 2. Wiping the key from memory after use by calling `key.fill(0)`
+ * 3. Not storing the key in persistent storage (localStorage, IndexedDB, etc.)
+ * 4. Not logging or transmitting the key
+ *
+ * The PRF output used to derive this key is automatically wiped in the finally
+ * block, but the derived key must be managed by the caller.
+ *
+ * @example
+ * ```typescript
+ * const key = await getEncryptionKeyFromPasskey(credentialId, prfSalt);
+ * try {
+ *   const plaintext = await decryptShareB(ciphertext, key);
+ *   // ... use plaintext
+ * } finally {
+ *   key.fill(0); // Wipe key after use
+ * }
+ * ```
+ *
+ * @param credentialId - Base64-encoded credential ID
+ * @param prfSalt - Base64-encoded PRF salt
+ * @param options - Optional configuration including allowed domains
+ * @returns 32-byte encryption key derived from PRF output. **Caller must wipe after use.**
+ */
+export declare function getEncryptionKeyFromPasskey(credentialId: string, prfSalt: string, options?: PasskeyOptions): Promise<Uint8Array>;
+/**
+ * Check if a credential ID is valid for this user
+ *
+ * @param credentialId - Base64-encoded credential ID to check
+ * @param options - Optional configuration including allowed domains
+ * @returns true if credential exists and can be used
+ */
+export declare function isCredentialAvailable(credentialId: string, options?: PasskeyOptions): Promise<boolean>;
+/**
+ * Authenticate with any discoverable passkey and get PRF output
+ *
+ * This allows authentication without specifying a credential ID, letting
+ * the browser present all available passkeys for this domain.
+ *
+ * @param prfSalt - Base64-encoded PRF salt
+ * @param options - Optional configuration including allowed domains
+ * @returns Authentication result with PRF output
+ * @throws Error if authentication fails
+ */
+export declare function authenticateWithDiscoverablePrf(prfSalt: string, options?: PasskeyOptions): Promise<PasskeyAuthResult>;

package/dist/email-only.cjs

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("./ErrorMessage-CntMyn93.cjs"),r=require("./EmailRegisterForm-D_uCEdX9.cjs"),o=require("./validation-BeXIfuHB.cjs");exports.CedrosLoginProvider=e.CedrosLoginProvider;exports.ErrorMessage=e.ErrorMessage;exports.LoadingSpinner=e.LoadingSpinner;exports.useAuth=e.useAuth;exports.useCedrosLogin=e.useCedrosLogin;exports.EmailLoginForm=r.EmailLoginForm;exports.EmailRegisterForm=r.EmailRegisterForm;exports.PasswordInput=r.PasswordInput;exports.useEmailAuth=r.useEmailAuth;exports.validatePassword=o.validatePassword;

package/dist/email-only.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-only.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}

package/dist/email-only.d.ts

@@ -0,0 +1,16 @@
+/**
+ * @cedros/login-react/email-only
+ *
+ * Minimal bundle with only email/password authentication (~15KB).
+ */
+export { CedrosLoginProvider } from './context/CedrosLoginProvider';
+export { useCedrosLogin } from './context/useCedrosLogin';
+export { EmailLoginForm } from './components/email/EmailLoginForm';
+export { EmailRegisterForm } from './components/email/EmailRegisterForm';
+export { PasswordInput } from './components/email/PasswordInput';
+export { LoadingSpinner } from './components/shared/LoadingSpinner';
+export { ErrorMessage } from './components/shared/ErrorMessage';
+export { useAuth } from './hooks/useAuth';
+export { useEmailAuth } from './hooks/useEmailAuth';
+export type { AuthMethod, AuthUser, TokenPair, AuthError, AuthErrorCode, AuthResponse, AuthState, PasswordValidation, SessionStorage, ThemeMode, FeatureFlags, SessionConfig, AuthCallbacks, ThemeOverrides, CedrosLoginConfig, } from './types';
+export { validatePassword } from './utils/validation';

package/dist/email-only.js

@@ -0,0 +1,15 @@
+import { C as r, E as o, L as e, a as i, u as m } from "./ErrorMessage-Bm1j5mBT.js";
+import { E as u, a as d, P as n, u as g } from "./EmailRegisterForm-m3rX3A6X.js";
+import { v as p } from "./validation-BebL7hMF.js";
+export {
+  r as CedrosLoginProvider,
+  u as EmailLoginForm,
+  d as EmailRegisterForm,
+  o as ErrorMessage,
+  e as LoadingSpinner,
+  n as PasswordInput,
+  i as useAuth,
+  m as useCedrosLogin,
+  g as useEmailAuth,
+  p as validatePassword
+};

package/dist/email-only.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-only.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;"}

package/dist/google-only.cjs

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("./ErrorMessage-CntMyn93.cjs"),e=require("./GoogleLoginButton-CJNJ-THo.cjs");exports.CedrosLoginProvider=o.CedrosLoginProvider;exports.ErrorMessage=o.ErrorMessage;exports.LoadingSpinner=o.LoadingSpinner;exports.useAuth=o.useAuth;exports.useCedrosLogin=o.useCedrosLogin;exports.GoogleLoginButton=e.GoogleLoginButton;exports.useGoogleAuth=e.useGoogleAuth;

package/dist/google-only.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-only.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}