@dbsc-toolkit/client 0.1.0

package/LICENSE

@@ -0,0 +1,132 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction,
+and distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by
+the copyright owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all
+other entities that control, are controlled by, or are under common
+control with that entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity
+exercising permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications,
+including but not limited to software source code, documentation
+source, and configuration files.
+
+"Object" form shall mean any form resulting from mechanical
+transformation or translation of a Source form, including but
+not limited to compiled object code, generated documentation,
+and conversions to other media types.
+
+"Work" shall mean the work of authorship made available under
+the License, as indicated by a copyright notice that is included in
+or attached to the work.
+
+"Derivative Works" shall mean any work, whether in Source or Object
+form, that is based on (or derived from) the Work and for which the
+editorial revisions, annotations, elaborations, or other transformations
+represent, as a whole, an original work of authorship.
+
+"Contribution" shall mean any work of authorship, including
+the original version of the Work and any modifications or additions
+to that Work or Derivative Works of the Work, that is intentionally
+submitted to the Licensor for inclusion in the Work by the copyright owner
+or by an individual or Legal Entity authorized to submit on behalf of
+the copyright owner.
+
+"Contributor" shall mean Licensor and any Legal Entity
+on behalf of whom a Contribution has been received by the Licensor and
+subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+copyright license to reproduce, prepare Derivative Works of,
+publicly display, publicly perform, sublicense, and distribute the
+Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+(except as stated in this section) patent license to make, have made,
+use, offer to sell, sell, import, and otherwise transfer the Work,
+where such license applies only to those patent claims licensable
+by such Contributor that are necessarily infringed by their
+Contribution(s) alone or by the combined work of their Contribution(s)
+with the Work to which such Contribution(s) was submitted.
+
+4. Redistribution. You may reproduce and distribute copies of the
+Work or Derivative Works thereof in any medium, with or without
+modifications, and in Source or Object form, provided that You
+meet the following conditions:
+
+(a) You must give any other recipients of the Work or Derivative Works
+a copy of this License; and
+
+(b) You must cause any modified files to carry prominent notices
+stating that You changed the files; and
+
+(c) You must retain, in the Source form of any Derivative Works
+that You distribute, all copyright, patent, trademark, and
+attribution notices from the Source form of the Work; and
+
+(d) If the Work includes a "NOTICE" text file, you must include a
+readable copy of the attribution notices contained within such NOTICE
+file, in at least one of the following places: within a NOTICE text
+file distributed as part of the Derivative Works; or, within the
+Source form or documentation, if provided along with the Derivative
+Works; or, on a display generated by the Derivative Works.
+
+The "NOTICE" file referenced above refers to a text file that may
+accompany the source form of the Work.
+
+You may add Your own attribution notices within Derivative Works
+that You distribute, alongside or as an addendum to the NOTICE text
+from the Work, provided that such additional attribution notices
+cannot be construed as modifying the License.
+
+You may add Your own license statement for Your modifications and
+may provide additional grant of rights to use, reproduce, or
+distribute Derivative Works, subject to the terms and conditions
+for the Work itself.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+any Contribution intentionally submitted for inclusion in the Work
+by You to the Licensor shall be under the terms and conditions of
+this License, without any additional terms or conditions.
+
+6. Trademarks. This License does not grant permission to use the trade
+names, trademarks, service marks, or product names of the Licensor.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+agreed to in writing, Licensor provides the Work (and each Contributor
+provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES
+OR CONDITIONS OF ANY KIND, either express or implied, including,
+without limitation, any warranties or conditions of TITLE,
+NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+8. Limitation of Liability. In no event and under no legal theory,
+whether in tort (including negligence), contract, or otherwise,
+unless required by applicable law (such as deliberate and grossly
+negligent acts) or agreed to in writing, shall any Contributor be
+liable to You for damages, including any direct, indirect, special,
+incidental, or exemplary damages of any character arising as a
+result of this License or out of the use or inability to use the
+Work.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+the Work or Derivative Works thereof, You may choose to offer, and
+charge a fee for, acceptance of support, warranty, indemnity,
+or other liability obligations and/or rights consistent with this License.
+
+END OF TERMS AND CONDITIONS

package/README.md

@@ -0,0 +1,30 @@
+# @dbsc-toolkit/client
+
+Browser SDK for the DBSC Toolkit's fallback paths. You only need this if you want to support browsers that do not implement DBSC natively (anything other than Chrome 147+ on a hardware-key-capable platform).
+
+If your users are all on DBSC-capable Chrome, you do not need this package — the browser drives the protocol on its own.
+
+## Install
+
+```sh
+pnpm add @dbsc-toolkit/client
+```
+
+## Usage
+
+```ts
+import { dbscClient } from "@dbsc-toolkit/client";
+
+await dbscClient.init({
+  registerEndpoint: "/dbsc/fallback/webauthn/register",
+  signalEndpoint: "/dbsc/fallback/hmac/signals",
+});
+```
+
+`init()` detects DBSC support via feature detection. If absent, it tries WebAuthn. If WebAuthn is also absent, it posts the HMAC signal bundle.
+
+The protection tier reached is decided server-side and reported via the existing session API on your backend.
+
+## License
+
+Apache-2.0

package/dist/detect.d.ts

@@ -0,0 +1,3 @@
+export type ClientTier = "dbsc" | "webauthn" | "hmac" | "none";
+export declare function detectClientTier(): Promise<ClientTier>;
+//# sourceMappingURL=detect.d.ts.map

package/dist/detect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../src/detect.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,UAAU,GAAG,MAAM,GAAG,MAAM,CAAC;AAE/D,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,UAAU,CAAC,CAoB5D"}

package/dist/detect.js

@@ -0,0 +1,20 @@
+export async function detectClientTier() {
+    // DBSC is browser-native; Chrome 146+ handles it automatically via HTTP headers.
+    // No JS detection is needed for the DBSC path — the browser drives it.
+    // This SDK only handles the fallback paths.
+    if (typeof window === "undefined")
+        return "none";
+    if (window.PublicKeyCredential &&
+        typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable === "function") {
+        try {
+            const available = await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();
+            if (available)
+                return "webauthn";
+        }
+        catch {
+            // platform check failed, fall through to hmac
+        }
+    }
+    return "hmac";
+}
+//# sourceMappingURL=detect.js.map

package/dist/detect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.js","sourceRoot":"","sources":["../src/detect.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,iFAAiF;IACjF,uEAAuE;IACvE,4CAA4C;IAE5C,IAAI,OAAO,MAAM,KAAK,WAAW;QAAE,OAAO,MAAM,CAAC;IAEjD,IACE,MAAM,CAAC,mBAAmB;QAC1B,OAAO,mBAAmB,CAAC,6CAA6C,KAAK,UAAU,EACvF,CAAC;QACD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,mBAAmB,CAAC,6CAA6C,EAAE,CAAC;YAC5F,IAAI,SAAS;gBAAE,OAAO,UAAU,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;QAChD,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export { detectClientTier, type ClientTier } from "./detect.js";
+export { registerWebAuthn, authenticateWebAuthn } from "./webauthn.js";
+export { collectClientSignals, type ClientSignals } from "./signals.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,KAAK,aAAa,EAAE,MAAM,cAAc,CAAC"}

package/dist/index.js

@@ -0,0 +1,4 @@
+export { detectClientTier } from "./detect.js";
+export { registerWebAuthn, authenticateWebAuthn } from "./webauthn.js";
+export { collectClientSignals } from "./signals.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAmB,MAAM,aAAa,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAsB,MAAM,cAAc,CAAC"}

package/dist/signals.d.ts

@@ -0,0 +1,9 @@
+export interface ClientSignals {
+    userAgent: string;
+    acceptLanguage: string;
+    secureContext: boolean;
+    screenDepth: number;
+    timezone: string;
+}
+export declare function collectClientSignals(): ClientSignals;
+//# sourceMappingURL=signals.d.ts.map

package/dist/signals.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signals.d.ts","sourceRoot":"","sources":["../src/signals.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,oBAAoB,IAAI,aAAa,CAQpD"}

package/dist/signals.js

@@ -0,0 +1,13 @@
+// Signal collection for the HMAC fallback tier.
+// This is NOT hardware binding. It is best-effort context binding.
+// Operators using this tier must review GDPR obligations for signal collection.
+export function collectClientSignals() {
+    return {
+        userAgent: navigator.userAgent,
+        acceptLanguage: navigator.language,
+        secureContext: window.isSecureContext,
+        screenDepth: screen.colorDepth,
+        timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+    };
+}
+//# sourceMappingURL=signals.js.map

package/dist/signals.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signals.js","sourceRoot":"","sources":["../src/signals.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAChD,mEAAmE;AACnE,gFAAgF;AAUhF,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,cAAc,EAAE,SAAS,CAAC,QAAQ;QAClC,aAAa,EAAE,MAAM,CAAC,eAAe;QACrC,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,QAAQ,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,eAAe,EAAE,CAAC,QAAQ;KAC3D,CAAC;AACJ,CAAC"}

package/dist/webauthn.d.ts

@@ -0,0 +1,3 @@
+export declare function registerWebAuthn(options: unknown): Promise<unknown>;
+export declare function authenticateWebAuthn(options: unknown): Promise<unknown>;
+//# sourceMappingURL=webauthn.d.ts.map

package/dist/webauthn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webauthn.d.ts","sourceRoot":"","sources":["../src/webauthn.ts"],"names":[],"mappings":"AAEA,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAEzE;AAED,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAE7E"}

package/dist/webauthn.js

@@ -0,0 +1,8 @@
+import { startRegistration, startAuthentication } from "@simplewebauthn/browser";
+export async function registerWebAuthn(options) {
+    return startRegistration(options);
+}
+export async function authenticateWebAuthn(options) {
+    return startAuthentication(options);
+}
+//# sourceMappingURL=webauthn.js.map

package/dist/webauthn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webauthn.js","sourceRoot":"","sources":["../src/webauthn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAEjF,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAgB;IACrD,OAAO,iBAAiB,CAAC,OAAkD,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAgB;IACzD,OAAO,mBAAmB,CAAC,OAAoD,CAAC,CAAC;AACnF,CAAC"}

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "@dbsc-toolkit/client",
+  "version": "0.1.0",
+  "description": "Browser SDK for DBSC Toolkit fallback paths (WebAuthn + HMAC)",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "devDependencies": {
+    "@simplewebauthn/browser": "^10.0.0",
+    "typescript": "^5.4.0",
+    "vitest": "^1.6.0"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "license": "Apache-2.0",
+  "homepage": "https://github.com/SulimanAbdulrazzaq/dbsc-toolkit#readme",
+  "bugs": {
+    "url": "https://github.com/SulimanAbdulrazzaq/dbsc-toolkit/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/SulimanAbdulrazzaq/dbsc-toolkit.git",
+    "directory": "packages/client"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "keywords": [
+    "dbsc",
+    "browser",
+    "webauthn",
+    "session",
+    "security"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "test": "vitest run --passWithNoTests",
+    "clean": "rm -rf dist"
+  }
+}