@cef-ai/wallet-identity 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +64 -0
- package/dist/index.cjs +690 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +443 -0
- package/dist/index.d.ts +443 -0
- package/dist/index.js +667 -0
- package/dist/index.js.map +1 -0
- package/package.json +48 -0
package/README.md
ADDED
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# @cef-ai/wallet-identity
|
|
2
|
+
|
|
3
|
+
WebAuthn-based identity layer for the SCP Wallet. Performs the WebAuthn ceremony,
|
|
4
|
+
derives Ed25519 and secp256k1 key material from the PRF extension output via HKDF,
|
|
5
|
+
and exposes a session vault as MobX-observable state.
|
|
6
|
+
|
|
7
|
+
## What it does
|
|
8
|
+
|
|
9
|
+
- **WebAuthn ceremony.** `WebAuthnCeremonyAdapter` wraps
|
|
10
|
+
`navigator.credentials.create()` / `.get()` with the PRF extension.
|
|
11
|
+
- **PRF → keys.** PRF output is fed through HKDF to derive Ed25519 (Polkadot/Cere
|
|
12
|
+
SS58, Solana) and secp256k1 (EVM) key material. Implemented via `@noble/curves`
|
|
13
|
+
and `@noble/hashes`.
|
|
14
|
+
- **Session vault.** A closure-encapsulated key store (`createSessionVault()`); raw
|
|
15
|
+
key material is never exposed as a property — only `InternalSign` closures are
|
|
16
|
+
handed out.
|
|
17
|
+
- **Observable identity.** `IdentityImpl` exposes `isAuthenticated`, `addresses`,
|
|
18
|
+
and `credentialId` as MobX observables so UI components re-render when the session
|
|
19
|
+
changes.
|
|
20
|
+
- **Cross-tab sync.** `CrossTabSync` propagates logout across SPA tabs via
|
|
21
|
+
`BroadcastChannel('scp-wallet-v2')`.
|
|
22
|
+
|
|
23
|
+
## Quick start
|
|
24
|
+
|
|
25
|
+
```ts
|
|
26
|
+
import { IdentityImpl, WebAuthnCeremonyAdapter } from '@cef-ai/wallet-identity';
|
|
27
|
+
import { ApiClient } from '@cef-ai/wallet-api-client';
|
|
28
|
+
|
|
29
|
+
const identity = new IdentityImpl({
|
|
30
|
+
apiClient: new ApiClient({ baseUrl: 'https://wallet-api.example.com' }),
|
|
31
|
+
ceremony: new WebAuthnCeremonyAdapter(),
|
|
32
|
+
});
|
|
33
|
+
|
|
34
|
+
await identity.register({ label: 'my-device' });
|
|
35
|
+
// or, on a return visit:
|
|
36
|
+
await identity.login();
|
|
37
|
+
|
|
38
|
+
console.log(identity.isAuthenticated); // true
|
|
39
|
+
console.log(identity.addresses); // { cere, evm, solana }
|
|
40
|
+
console.log(identity.credentialId); // base64url string
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
## Public exports consumed by the embed-sdk
|
|
44
|
+
|
|
45
|
+
- `IdentityImpl` — constructor + lifecycle (`register`, `login`, `logout`, `dispose`).
|
|
46
|
+
- `WebAuthnCeremonyAdapter` — real WebAuthn binding.
|
|
47
|
+
- `SoftAuthenticator` — test-only (see below).
|
|
48
|
+
- `CrossTabSync` — cross-tab logout.
|
|
49
|
+
- Address derivation helpers (`deriveCereAddress`, `deriveEvmAddress`,
|
|
50
|
+
`deriveSolanaAddress`) and the `derivedKeys` HKDF routine.
|
|
51
|
+
|
|
52
|
+
## `SoftAuthenticator` — test-only
|
|
53
|
+
|
|
54
|
+
`SoftAuthenticator` is a deterministic in-memory replacement for
|
|
55
|
+
`WebAuthnCeremonyAdapter`. It exists because Chromium's virtual authenticator
|
|
56
|
+
does not support the PRF extension; without `SoftAuthenticator`, e2e tests
|
|
57
|
+
cannot exercise the identity layer at all.
|
|
58
|
+
|
|
59
|
+
It is **opt-in only** via `VITE_USE_SOFT_AUTHENTICATOR=true` and is bound to
|
|
60
|
+
non-production builds. There is no path that loads it in a production bundle.
|
|
61
|
+
|
|
62
|
+
## Status
|
|
63
|
+
|
|
64
|
+
Workspace-internal — not published to npm.
|