@dexterai/connect 0.1.0 → 0.2.0

package/README.md

@@ -1,16 +1,91 @@
-# @dexterai/connect
+<p align="center">
+  <img src="https://raw.githubusercontent.com/Dexter-DAO/dexter-x402-sdk/main/assets/dexter-wordmark.svg" alt="Dexter" width="360">
+</p>
 
-**Sign in with Dexter** — a passkey connector. Tap your face, you're in.
+<h1 align="center">@dexterai/connect</h1>
 
-Composes [`@dexterai/vault`](https://www.npmjs.com/package/@dexterai/vault). Two entry points:
+<p align="center">
+  <strong>Sign in with Dexter — passkey sign-in for any app. Tap your face, you're in: a non-custodial Dexter Wallet and its live USD balance, in one component.</strong>
+</p>
 
-- `@dexterai/connect` — framework-free relay client + types
-- `@dexterai/connect/react` — `<SignInWithDexter/>` + `useSignInWithDexter()`
+<p align="center">
+  <a href="https://www.npmjs.com/package/@dexterai/connect"><img src="https://img.shields.io/npm/v/@dexterai/connect.svg" alt="npm"></a>
+  <a href="https://nodejs.org"><img src="https://img.shields.io/badge/react-%3E=18-brightgreen.svg" alt="React"></a>
+  <a href="https://www.w3.org/TR/webauthn-2/"><img src="https://img.shields.io/badge/auth-passkey-00FF88" alt="Passkey"></a>
+</p>
 
-Dependencies: `@dexterai/vault` + `react` (peer) **only**. No payment-layer peers — a
-sign-in button must not inherit a payment graph.
+---
 
-## Status
+## What this is
 
-Scaffolding — Milestone 1. Build plan + frozen contracts:
-`dexter-fe/docs/superpowers/plans/2026-06-20-signin-with-dexter-connect.md`.
+A React connector that adds **"Sign in with Dexter"** to any app. One
+`<SignInWithDexter/>` button runs a discoverable passkey ceremony — the user
+taps their face and you get back a session plus their non-custodial **Dexter
+Wallet** (address + live USD balance). No password, no seed phrase, no
+extension.
+
+The user holds their own keys. Nothing here is custodial — only the user's
+passkey moves funds, enforced on-chain. Composes
+[`@dexterai/vault`](https://www.npmjs.com/package/@dexterai/vault); the only
+peer is React.
+
+## Install
+
+```bash
+npm install @dexterai/connect react
+```
+
+## Quick start
+
+```tsx
+import { SignInWithDexter } from '@dexterai/connect/react';
+
+function Header() {
+  return (
+    <SignInWithDexter
+      onSuccess={({ session, vault }) => {
+        // session = auth tokens (camelCase); vault = the Dexter Wallet
+        seatYourSession(session);
+      }}
+    />
+  );
+}
+```
+
+Signed out, it renders a **Sign in with Dexter** button. On success it becomes
+a compact chip — the Dexter Wallet address + **"$X.XX available."**
+
+## Hook (full control)
+
+For your own UI, use the hook directly:
+
+```tsx
+import { useSignInWithDexter } from '@dexterai/connect/react';
+
+const c = useSignInWithDexter();
+await c.signIn();        // run the passkey ceremony
+c.status;                // idle → pending → done → error
+c.vaultAddress;          // the Dexter Wallet address (base58)
+c.usdcBalance;           // USD available (via Dexter's RPC), or null
+c.disconnect();
+```
+
+## What `useSignInWithDexter()` gives you
+
+| Field | What it is |
+|---|---|
+| `signIn()` / `disconnect()` | run the passkey ceremony / clear state |
+| `status` / `isVaultConnected` | `idle→pending→done→error` / connected flag |
+| `session` | auth session tokens (camelCase) |
+| `vaultAddress` / `vaultPda` | the Dexter Wallet address / PDA |
+| `usdcBalance` / `refreshBalance()` | USD available, best-effort via Dexter's RPC |
+| `vault` / `credentialId` / `error` | raw vault payload / credential id / typed error |
+
+## Exports
+
+- `@dexterai/connect` — framework-free: `passkeyLogin()`, `ConnectError`, types.
+- `@dexterai/connect/react` — `<SignInWithDexter/>`, `useSignInWithDexter()`.
+
+## License
+
+MIT

package/dist/chunk-46P7XAAI.js

@@ -0,0 +1,236 @@
+// src/types.ts
+var ConnectError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message ?? code);
+    this.code = code;
+    this.name = "ConnectError";
+  }
+};
+
+// src/base64.ts
+function base64ToBytes(s) {
+  const bin = atob(s);
+  const out = new Uint8Array(bin.length);
+  for (let i = 0; i < bin.length; i += 1) out[i] = bin.charCodeAt(i);
+  return out;
+}
+function base64urlToBytes(s) {
+  const pad = s.length % 4 === 0 ? "" : "=".repeat(4 - s.length % 4);
+  const b64 = s.replace(/-/g, "+").replace(/_/g, "/") + pad;
+  return base64ToBytes(b64);
+}
+function bytesToBase64(bytes) {
+  let bin = "";
+  for (let i = 0; i < bytes.length; i += 1) bin += String.fromCharCode(bytes[i]);
+  return btoa(bin);
+}
+function bytesToBase64url(bytes) {
+  return bytesToBase64(bytes).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function compactSignatureToDer(compact) {
+  if (compact.length !== 64) {
+    throw new Error(`expected 64-byte compact signature, got ${compact.length}`);
+  }
+  const r = derInteger(compact.subarray(0, 32));
+  const s = derInteger(compact.subarray(32, 64));
+  const body = new Uint8Array(r.length + s.length);
+  body.set(r, 0);
+  body.set(s, r.length);
+  const out = new Uint8Array(2 + body.length);
+  out[0] = 48;
+  out[1] = body.length;
+  out.set(body, 2);
+  return out;
+}
+function derInteger(component) {
+  let start = 0;
+  while (start < component.length - 1 && component[start] === 0) start += 1;
+  let content = component.subarray(start);
+  if (content[0] & 128) {
+    const padded = new Uint8Array(content.length + 1);
+    padded[0] = 0;
+    padded.set(content, 1);
+    content = padded;
+  }
+  const out = new Uint8Array(2 + content.length);
+  out[0] = 2;
+  out[1] = content.length;
+  out.set(content, 2);
+  return out;
+}
+
+// src/relay.ts
+var DEFAULT_API_BASE = "https://api.dexter.cash";
+var ANON_SIGN_BASE = "/api/passkey-anon/sign";
+async function passkeyLogin(config = {}) {
+  const apiBase = (config.apiBase ?? DEFAULT_API_BASE).replace(/\/$/, "");
+  const options = await fetchLoginChallenge(apiBase);
+  const credential = await getAssertion(options);
+  return submitLogin(apiBase, credential);
+}
+async function fetchLoginChallenge(apiBase) {
+  const res = await fetch(`${apiBase}${ANON_SIGN_BASE}/login-challenge`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: "{}"
+  });
+  if (!res.ok) {
+    throw new ConnectError("login_challenge_failed", `login-challenge ${res.status}`);
+  }
+  const data = await res.json();
+  if (!data?.options?.challenge) {
+    throw new ConnectError("login_challenge_malformed", "no challenge in response");
+  }
+  return data.options;
+}
+async function getAssertion(options) {
+  if (typeof navigator === "undefined" || !navigator.credentials) {
+    throw new ConnectError("webauthn_unsupported", "WebAuthn unavailable in this environment");
+  }
+  let credential;
+  try {
+    credential = await navigator.credentials.get({
+      publicKey: {
+        challenge: base64urlToBytes(options.challenge).buffer.slice(0),
+        rpId: options.rpId,
+        timeout: options.timeout ?? 6e4,
+        userVerification: options.userVerification ?? "required"
+        // No allowCredentials — discoverable resident-key login.
+      }
+    });
+  } catch (err) {
+    throw new ConnectError("webauthn_failed", err instanceof Error ? err.message : String(err));
+  }
+  if (!credential || credential.type !== "public-key") {
+    throw new ConnectError("no_credential", "WebAuthn returned no credential");
+  }
+  return credential;
+}
+async function submitLogin(apiBase, credential) {
+  const assertion = credential.response;
+  const credentialJson = {
+    id: credential.id,
+    rawId: bytesToBase64url(new Uint8Array(credential.rawId)),
+    type: credential.type,
+    response: {
+      clientDataJSON: bytesToBase64url(new Uint8Array(assertion.clientDataJSON)),
+      authenticatorData: bytesToBase64url(new Uint8Array(assertion.authenticatorData)),
+      signature: bytesToBase64url(new Uint8Array(assertion.signature)),
+      userHandle: assertion.userHandle ? bytesToBase64url(new Uint8Array(assertion.userHandle)) : null
+    },
+    clientExtensionResults: credential.getClientExtensionResults?.() ?? {}
+  };
+  const res = await fetch(`${apiBase}${ANON_SIGN_BASE}/passkey-login`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({ credential: credentialJson })
+  });
+  if (!res.ok) {
+    throw new ConnectError(await readErrorCode(res), `passkey-login ${res.status}`);
+  }
+  const data = await res.json();
+  const session = {
+    accessToken: data.accessToken,
+    refreshToken: data.refreshToken,
+    expiresAt: data.expiresAt,
+    expiresIn: data.expiresIn,
+    tokenType: data.tokenType
+  };
+  return data.vault ? { session, vault: data.vault } : { session };
+}
+async function readErrorCode(res) {
+  try {
+    const body = await res.json();
+    if (body?.error) return body.error;
+  } catch {
+  }
+  return `http_${res.status}`;
+}
+
+// src/anon-policy.ts
+var DEFAULT_API_BASE2 = "https://api.dexter.cash";
+var ANON_SIGN_BASE2 = "/api/passkey-anon/sign";
+function createAnonServerPolicy(apiBase = DEFAULT_API_BASE2) {
+  const base = apiBase.replace(/\/$/, "");
+  return {
+    async issueChallenge({ userHandle, operationHash }) {
+      const res = await fetch(`${base}${ANON_SIGN_BASE2}/challenge`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({
+          userHandle: bytesToBase64url(userHandle),
+          operationHash: bytesToBase64url(operationHash)
+        })
+      });
+      if (!res.ok) throw new ConnectError(await readErrorCode2(res), `challenge ${res.status}`);
+      const data = await res.json();
+      const options = data?.options;
+      if (!options?.challenge) {
+        throw new ConnectError("challenge_malformed", "no challenge in response");
+      }
+      const cred = options.allowCredentials?.[0];
+      if (!cred?.id) {
+        throw new ConnectError("no_credential", "no allow-listed credential for this userHandle");
+      }
+      return {
+        challenge: base64urlToBytes(options.challenge),
+        credentialId: base64urlToBytes(cred.id),
+        rpId: options.rpId,
+        transports: cred.transports
+      };
+    },
+    async verify({ userHandle, credentialId, signature, clientDataJSON, authenticatorData }) {
+      const credential = {
+        id: bytesToBase64url(credentialId),
+        rawId: bytesToBase64url(credentialId),
+        type: "public-key",
+        response: {
+          clientDataJSON: bytesToBase64url(clientDataJSON),
+          authenticatorData: bytesToBase64url(authenticatorData),
+          // SDK 0.19 passes the COMPACT sig; dexter-api's verifier wants DER.
+          signature: bytesToBase64url(compactSignatureToDer(signature)),
+          userHandle: null
+        },
+        clientExtensionResults: {},
+        authenticatorAttachment: null
+      };
+      const res = await fetch(`${base}${ANON_SIGN_BASE2}/verify`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ credential, userHandle: bytesToBase64url(userHandle) })
+      });
+      if (!res.ok) throw new ConnectError(await readErrorCode2(res), `verify ${res.status}`);
+      const data = await res.json();
+      if (data?.verified === false) {
+        throw new ConnectError("verification_failed", "server returned verified=false");
+      }
+    }
+  };
+}
+async function readErrorCode2(res) {
+  try {
+    const body = await res.json();
+    if (body?.error) return body.error;
+  } catch {
+  }
+  return `http_${res.status}`;
+}
+
+// src/signer.ts
+import { DexterApiBrowserPasskeySigner } from "@dexterai/vault/signers/browser";
+function createPasskeySigner(vault, apiBase, opts = {}) {
+  return new DexterApiBrowserPasskeySigner({
+    identity: { kind: "guest", userHandle: base64urlToBytes(vault.userHandle) },
+    publicKey: base64ToBytes(vault.publicKey),
+    anonPolicy: createAnonServerPolicy(apiBase),
+    ...opts.__assertion ? { __assertion: opts.__assertion } : {}
+  });
+}
+
+export {
+  ConnectError,
+  passkeyLogin,
+  createAnonServerPolicy,
+  createPasskeySigner
+};

package/dist/index.d.ts

@@ -1,5 +1,6 @@
-import { D as DexterConnectConfig, S as SignInResult } from './types-DT3KPBOE.js';
-export { C as ConnectError, a as ConnectVault, P as PasskeyLoginTokens } from './types-DT3KPBOE.js';
+import { D as DexterConnectConfig, S as SignInResult, C as ConnectVault } from './types---RcNI2Y.js';
+export { a as ConnectError, P as PasskeyLoginTokens } from './types---RcNI2Y.js';
+import { DexterApiBrowserPasskeySigner } from '@dexterai/vault/signers/browser';
 
 /**
  * "Sign in with Dexter" — the discoverable-credential login ceremony.
@@ -16,4 +17,63 @@ export { C as ConnectError, a as ConnectVault, P as PasskeyLoginTokens } from '.
  */
 declare function passkeyLogin(config?: DexterConnectConfig): Promise<SignInResult>;
 
-export { DexterConnectConfig, SignInResult, passkeyLogin };
+/** What `issueChallenge` returns to the SDK signer. */
+interface AnonChallengeResult {
+    /** Server-issued WebAuthn challenge (=== the supplied operationHash). */
+    challenge: Uint8Array;
+    /** Credential id the server resolved from the userHandle (allowCredentials[0]). */
+    credentialId: Uint8Array;
+    rpId?: string;
+    transports?: AuthenticatorTransport[];
+}
+/** The policy the SDK's guest `DexterApiBrowserPasskeySigner` consumes. */
+interface AnonServerPolicy {
+    issueChallenge(args: {
+        userHandle: Uint8Array;
+        operationHash: Uint8Array;
+    }): Promise<AnonChallengeResult>;
+    verify(args: {
+        userHandle: Uint8Array;
+        credentialId: Uint8Array;
+        signature: Uint8Array;
+        clientDataJSON: Uint8Array;
+        authenticatorData: Uint8Array;
+    }): Promise<void>;
+}
+/**
+ * Build the anon ServerPolicy for a given dexter-api base.
+ *
+ * `issueChallenge` → POST /challenge { userHandle, operationHash } (both base64url).
+ *   The server uses operationHash AS the WebAuthn challenge (replay binding +
+ *   the on-chain webauthn.rs law: clientDataJSON.challenge === sha256(op)) and
+ *   resolves the credential into options.allowCredentials[0].
+ * `verify` → POST /verify { credential, userHandle }. NOTE: the SDK hands us the
+ *   COMPACT 64-byte signature; dexter-api's WebAuthn verifier wants DER, so we
+ *   re-encode compact → DER here (compactSignatureToDer).
+ */
+declare function createAnonServerPolicy(apiBase?: string): AnonServerPolicy;
+
+/** Test seam mirroring the SDK's injected-assertion shape (production omits it). */
+type AssertionLike = {
+    credentialId: Uint8Array;
+    assertOver(challenge: Uint8Array): Promise<{
+        signature: Uint8Array;
+        clientDataJSON: Uint8Array;
+        authenticatorData: Uint8Array;
+    }>;
+};
+/**
+ * Construct the guest signer from a connected `ConnectVault`.
+ *
+ * `vault.publicKey` is base64 (33-byte SEC1 compressed P-256); `vault.userHandle`
+ * is base64url (server-minted). Both are decoded to the Uint8Arrays the SDK wants.
+ *
+ * @param vault    the connected vault from useSignInWithDexter()
+ * @param apiBase  dexter-api base (defaults to https://api.dexter.cash via the policy)
+ * @param opts.__assertion  test-only injected assertion (skips real WebAuthn)
+ */
+declare function createPasskeySigner(vault: ConnectVault, apiBase?: string, opts?: {
+    __assertion?: AssertionLike;
+}): DexterApiBrowserPasskeySigner;
+
+export { type AnonChallengeResult, type AnonServerPolicy, ConnectVault, DexterConnectConfig, SignInResult, createAnonServerPolicy, createPasskeySigner, passkeyLogin };

package/dist/index.js

@@ -1,8 +1,12 @@
 import {
   ConnectError,
+  createAnonServerPolicy,
+  createPasskeySigner,
   passkeyLogin
-} from "./chunk-65VT7AU2.js";
+} from "./chunk-46P7XAAI.js";
 export {
   ConnectError,
+  createAnonServerPolicy,
+  createPasskeySigner,
   passkeyLogin
 };

package/dist/react.d.ts

@@ -1,4 +1,5 @@
-import { S as SignInResult, P as PasskeyLoginTokens, a as ConnectVault, C as ConnectError } from './types-DT3KPBOE.js';
+import { DexterApiBrowserPasskeySigner } from '@dexterai/vault/signers/browser';
+import { S as SignInResult, P as PasskeyLoginTokens, C as ConnectVault, a as ConnectError } from './types---RcNI2Y.js';
 import { ReactElement } from 'react';
 
 type ConnectStatus = 'idle' | 'pending' | 'done' | 'error';
@@ -21,6 +22,9 @@ interface UseSignInWithDexter {
     vaultAddress: string | null;
     vaultPda: string | null;
     credentialId: string | null;
+    /** Guest passkey signer for authorizing spends / opening x402 tabs. null until
+     *  a vault is connected. Drive it via `passkeySigner.signOperation(op)`. */
+    passkeySigner: DexterApiBrowserPasskeySigner | null;
     /** USD available. number once read; null = unknown → chip shows wallet only. */
     usdcBalance: number | null;
     refreshBalance: () => Promise<void>;

package/dist/react.js

@@ -1,10 +1,11 @@
 import {
   ConnectError,
+  createPasskeySigner,
   passkeyLogin
-} from "./chunk-65VT7AU2.js";
+} from "./chunk-46P7XAAI.js";
 
 // src/useSignInWithDexter.ts
-import { useCallback, useEffect, useState } from "react";
+import { useCallback, useEffect, useMemo, useState } from "react";
 
 // src/balance.ts
 async function fetchUsdcBalance(rpcUrl, usdcAta) {
@@ -80,6 +81,10 @@ function useSignInWithDexter(config = {}) {
     setError(null);
     setStatus("idle");
   }, []);
+  const passkeySigner = useMemo(
+    () => vault ? createPasskeySigner(vault, apiBase) : null,
+    [vault, apiBase]
+  );
   useEffect(() => {
     void refreshBalance();
   }, [refreshBalance]);
@@ -93,6 +98,7 @@ function useSignInWithDexter(config = {}) {
     vaultAddress: vault?.swigAddress ?? null,
     vaultPda: vault?.vaultPda ?? null,
     credentialId: vault?.credentialId ?? null,
+    passkeySigner,
     usdcBalance,
     refreshBalance,
     error

package/dist/{types-DT3KPBOE.d.ts → types---RcNI2Y.d.ts}

@@ -42,4 +42,4 @@ declare class ConnectError extends Error {
     constructor(code: string, message?: string);
 }
 
-export { ConnectError as C, type DexterConnectConfig as D, type PasskeyLoginTokens as P, type SignInResult as S, type ConnectVault as a };
+export { type ConnectVault as C, type DexterConnectConfig as D, type PasskeyLoginTokens as P, type SignInResult as S, ConnectError as a };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dexterai/connect",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Sign in with Dexter — passkey connector. Composes @dexterai/vault.",
   "type": "module",
   "exports": {
@@ -21,13 +21,12 @@
     "test": "vitest run",
     "typecheck": "tsc --noEmit"
   },
-  "dependencies": {
-    "@dexterai/vault": "^0.14.1"
-  },
   "peerDependencies": {
+    "@dexterai/vault": ">=0.19",
     "react": ">=18"
   },
   "devDependencies": {
+    "@dexterai/vault": "^0.19.0",
     "@types/react": "^19.1.12",
     "react": "^19.2.5",
     "tsup": "^8.5.0",

package/dist/chunk-65VT7AU2.js

@@ -1,118 +0,0 @@
-// src/types.ts
-var ConnectError = class extends Error {
-  code;
-  constructor(code, message) {
-    super(message ?? code);
-    this.code = code;
-    this.name = "ConnectError";
-  }
-};
-
-// src/relay.ts
-var DEFAULT_API_BASE = "https://api.dexter.cash";
-var ANON_SIGN_BASE = "/api/passkey-anon/sign";
-async function passkeyLogin(config = {}) {
-  const apiBase = (config.apiBase ?? DEFAULT_API_BASE).replace(/\/$/, "");
-  const options = await fetchLoginChallenge(apiBase);
-  const credential = await getAssertion(options);
-  return submitLogin(apiBase, credential);
-}
-async function fetchLoginChallenge(apiBase) {
-  const res = await fetch(`${apiBase}${ANON_SIGN_BASE}/login-challenge`, {
-    method: "POST",
-    headers: { "content-type": "application/json" },
-    body: "{}"
-  });
-  if (!res.ok) {
-    throw new ConnectError("login_challenge_failed", `login-challenge ${res.status}`);
-  }
-  const data = await res.json();
-  if (!data?.options?.challenge) {
-    throw new ConnectError("login_challenge_malformed", "no challenge in response");
-  }
-  return data.options;
-}
-async function getAssertion(options) {
-  if (typeof navigator === "undefined" || !navigator.credentials) {
-    throw new ConnectError("webauthn_unsupported", "WebAuthn unavailable in this environment");
-  }
-  let credential;
-  try {
-    credential = await navigator.credentials.get({
-      publicKey: {
-        challenge: base64urlToBytes(options.challenge).buffer.slice(0),
-        rpId: options.rpId,
-        timeout: options.timeout ?? 6e4,
-        userVerification: options.userVerification ?? "required"
-        // No allowCredentials — discoverable resident-key login.
-      }
-    });
-  } catch (err) {
-    throw new ConnectError("webauthn_failed", err instanceof Error ? err.message : String(err));
-  }
-  if (!credential || credential.type !== "public-key") {
-    throw new ConnectError("no_credential", "WebAuthn returned no credential");
-  }
-  return credential;
-}
-async function submitLogin(apiBase, credential) {
-  const assertion = credential.response;
-  const credentialJson = {
-    id: credential.id,
-    rawId: bytesToBase64url(new Uint8Array(credential.rawId)),
-    type: credential.type,
-    response: {
-      clientDataJSON: bytesToBase64url(new Uint8Array(assertion.clientDataJSON)),
-      authenticatorData: bytesToBase64url(new Uint8Array(assertion.authenticatorData)),
-      signature: bytesToBase64url(new Uint8Array(assertion.signature)),
-      userHandle: assertion.userHandle ? bytesToBase64url(new Uint8Array(assertion.userHandle)) : null
-    },
-    clientExtensionResults: credential.getClientExtensionResults?.() ?? {}
-  };
-  const res = await fetch(`${apiBase}${ANON_SIGN_BASE}/passkey-login`, {
-    method: "POST",
-    headers: { "content-type": "application/json" },
-    body: JSON.stringify({ credential: credentialJson })
-  });
-  if (!res.ok) {
-    throw new ConnectError(await readErrorCode(res), `passkey-login ${res.status}`);
-  }
-  const data = await res.json();
-  const session = {
-    accessToken: data.accessToken,
-    refreshToken: data.refreshToken,
-    expiresAt: data.expiresAt,
-    expiresIn: data.expiresIn,
-    tokenType: data.tokenType
-  };
-  return data.vault ? { session, vault: data.vault } : { session };
-}
-async function readErrorCode(res) {
-  try {
-    const body = await res.json();
-    if (body?.error) return body.error;
-  } catch {
-  }
-  return `http_${res.status}`;
-}
-function base64ToBytes(s) {
-  const bin = atob(s);
-  const out = new Uint8Array(bin.length);
-  for (let i = 0; i < bin.length; i += 1) out[i] = bin.charCodeAt(i);
-  return out;
-}
-function base64urlToBytes(s) {
-  const pad = s.length % 4 === 0 ? "" : "=".repeat(4 - s.length % 4);
-  const b64 = s.replace(/-/g, "+").replace(/_/g, "/") + pad;
-  return base64ToBytes(b64);
-}
-function bytesToBase64url(bytes) {
-  let bin = "";
-  for (let i = 0; i < bytes.length; i += 1) bin += String.fromCharCode(bytes[i]);
-  return btoa(bin).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-
-export {
-  ConnectError,
-  passkeyLogin
-};