@cef-ai/wallet-identity 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md ADDED
@@ -0,0 +1,64 @@
1
+ # @cef-ai/wallet-identity
2
+
3
+ WebAuthn-based identity layer for the SCP Wallet. Performs the WebAuthn ceremony,
4
+ derives Ed25519 and secp256k1 key material from the PRF extension output via HKDF,
5
+ and exposes a session vault as MobX-observable state.
6
+
7
+ ## What it does
8
+
9
+ - **WebAuthn ceremony.** `WebAuthnCeremonyAdapter` wraps
10
+ `navigator.credentials.create()` / `.get()` with the PRF extension.
11
+ - **PRF → keys.** PRF output is fed through HKDF to derive Ed25519 (Polkadot/Cere
12
+ SS58, Solana) and secp256k1 (EVM) key material. Implemented via `@noble/curves`
13
+ and `@noble/hashes`.
14
+ - **Session vault.** A closure-encapsulated key store (`createSessionVault()`); raw
15
+ key material is never exposed as a property — only `InternalSign` closures are
16
+ handed out.
17
+ - **Observable identity.** `IdentityImpl` exposes `isAuthenticated`, `addresses`,
18
+ and `credentialId` as MobX observables so UI components re-render when the session
19
+ changes.
20
+ - **Cross-tab sync.** `CrossTabSync` propagates logout across SPA tabs via
21
+ `BroadcastChannel('scp-wallet-v2')`.
22
+
23
+ ## Quick start
24
+
25
+ ```ts
26
+ import { IdentityImpl, WebAuthnCeremonyAdapter } from '@cef-ai/wallet-identity';
27
+ import { ApiClient } from '@cef-ai/wallet-api-client';
28
+
29
+ const identity = new IdentityImpl({
30
+ apiClient: new ApiClient({ baseUrl: 'https://wallet-api.example.com' }),
31
+ ceremony: new WebAuthnCeremonyAdapter(),
32
+ });
33
+
34
+ await identity.register({ label: 'my-device' });
35
+ // or, on a return visit:
36
+ await identity.login();
37
+
38
+ console.log(identity.isAuthenticated); // true
39
+ console.log(identity.addresses); // { cere, evm, solana }
40
+ console.log(identity.credentialId); // base64url string
41
+ ```
42
+
43
+ ## Public exports consumed by the embed-sdk
44
+
45
+ - `IdentityImpl` — constructor + lifecycle (`register`, `login`, `logout`, `dispose`).
46
+ - `WebAuthnCeremonyAdapter` — real WebAuthn binding.
47
+ - `SoftAuthenticator` — test-only (see below).
48
+ - `CrossTabSync` — cross-tab logout.
49
+ - Address derivation helpers (`deriveCereAddress`, `deriveEvmAddress`,
50
+ `deriveSolanaAddress`) and the `derivedKeys` HKDF routine.
51
+
52
+ ## `SoftAuthenticator` — test-only
53
+
54
+ `SoftAuthenticator` is a deterministic in-memory replacement for
55
+ `WebAuthnCeremonyAdapter`. It exists because Chromium's virtual authenticator
56
+ does not support the PRF extension; without `SoftAuthenticator`, e2e tests
57
+ cannot exercise the identity layer at all.
58
+
59
+ It is **opt-in only** via `VITE_USE_SOFT_AUTHENTICATOR=true` and is bound to
60
+ non-production builds. There is no path that loads it in a production bundle.
61
+
62
+ ## Status
63
+
64
+ Workspace-internal — not published to npm.