@dexterai/connect 0.2.0 → 0.4.0

package/dist/{chunk-46P7XAAI.js → chunk-2V6EGIHV.js}

@@ -228,9 +228,198 @@ function createPasskeySigner(vault, apiBase, opts = {}) {
   });
 }
 
+// src/walletStore.ts
+var ACTIVE_HANDLE_KEY = "dexter:passkey:userHandle";
+var ROSTER_KEY = "dexter:passkey:wallets";
+var listeners = /* @__PURE__ */ new Set();
+function hasStorage() {
+  try {
+    return typeof window !== "undefined" && !!window.localStorage;
+  } catch {
+    return false;
+  }
+}
+function readRoster() {
+  if (!hasStorage()) return [];
+  try {
+    const raw = window.localStorage.getItem(ROSTER_KEY);
+    if (!raw) return [];
+    const parsed = JSON.parse(raw);
+    if (!Array.isArray(parsed)) return [];
+    return parsed.filter(
+      (w) => !!w && typeof w === "object" && typeof w.handle === "string"
+    );
+  } catch {
+    return [];
+  }
+}
+function writeRoster(wallets) {
+  if (!hasStorage()) return;
+  try {
+    window.localStorage.setItem(ROSTER_KEY, JSON.stringify(wallets));
+  } catch {
+  }
+}
+function emit() {
+  for (const l of listeners) {
+    try {
+      l();
+    } catch {
+    }
+  }
+}
+function getActiveHandle() {
+  if (!hasStorage()) return null;
+  try {
+    return window.localStorage.getItem(ACTIVE_HANDLE_KEY);
+  } catch {
+    return null;
+  }
+}
+function setActiveHandle(handle, label, credentialId) {
+  if (!hasStorage() || !handle) return;
+  try {
+    window.localStorage.setItem(ACTIVE_HANDLE_KEY, handle);
+  } catch {
+    return;
+  }
+  const roster = readRoster();
+  const existing = roster.find((w) => w.handle === handle);
+  const now = Date.now();
+  if (existing) {
+    existing.lastUsedAt = now;
+    if (label !== void 0) existing.label = label;
+    if (credentialId !== void 0) existing.credentialId = credentialId;
+  } else {
+    roster.push({ handle, label, credentialId, lastUsedAt: now });
+  }
+  writeRoster(roster);
+  emit();
+}
+function getCredentialId(handle) {
+  return readRoster().find((w) => w.handle === handle)?.credentialId;
+}
+function ejectActiveWallet(opts) {
+  if (!hasStorage()) return;
+  const current = getActiveHandle();
+  try {
+    window.localStorage.removeItem(ACTIVE_HANDLE_KEY);
+  } catch {
+  }
+  if (opts?.forget && current) {
+    writeRoster(readRoster().filter((w) => w.handle !== current));
+  }
+  emit();
+}
+function listWallets() {
+  return readRoster().sort((a, b) => (b.lastUsedAt ?? 0) - (a.lastUsedAt ?? 0));
+}
+function switchWallet(handle) {
+  if (!readRoster().some((w) => w.handle === handle)) return false;
+  setActiveHandle(handle);
+  return true;
+}
+function forgetWallet(handle) {
+  if (getActiveHandle() === handle) {
+    ejectActiveWallet({ forget: true });
+    return;
+  }
+  writeRoster(readRoster().filter((w) => w.handle !== handle));
+  emit();
+}
+function subscribe(listener) {
+  listeners.add(listener);
+  if (hasStorage() && listeners.size === 1) {
+    window.addEventListener("storage", onStorageEvent);
+  }
+  return () => {
+    listeners.delete(listener);
+    if (hasStorage() && listeners.size === 0) {
+      window.removeEventListener("storage", onStorageEvent);
+    }
+  };
+}
+function onStorageEvent(e) {
+  if (e.key === ACTIVE_HANDLE_KEY || e.key === ROSTER_KEY || e.key === null) emit();
+}
+var ACTIVE_WALLET_STORAGE_KEY = ACTIVE_HANDLE_KEY;
+
+// src/signals.ts
+function pkc() {
+  if (typeof window === "undefined") return null;
+  const g = globalThis.PublicKeyCredential;
+  return g ?? null;
+}
+function defaultRpId() {
+  return typeof window !== "undefined" ? window.location.hostname : "";
+}
+function passkeySignalSupport() {
+  const p = pkc();
+  return {
+    rename: typeof p?.signalCurrentUserDetails === "function",
+    prune: typeof p?.signalUnknownCredential === "function",
+    syncAccepted: typeof p?.signalAllAcceptedCredentials === "function"
+  };
+}
+async function renamePasskey(args) {
+  const p = pkc();
+  if (typeof p?.signalCurrentUserDetails !== "function") return false;
+  try {
+    await p.signalCurrentUserDetails({
+      rpId: args.rpId ?? defaultRpId(),
+      userId: args.userId,
+      name: args.name,
+      displayName: args.displayName ?? args.name
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function prunePasskey(args) {
+  const p = pkc();
+  if (typeof p?.signalUnknownCredential !== "function") return false;
+  try {
+    await p.signalUnknownCredential({
+      rpId: args.rpId ?? defaultRpId(),
+      credentialId: args.credentialId
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function syncAcceptedPasskeys(args) {
+  const p = pkc();
+  if (typeof p?.signalAllAcceptedCredentials !== "function") return false;
+  try {
+    await p.signalAllAcceptedCredentials({
+      rpId: args.rpId ?? defaultRpId(),
+      userId: args.userId,
+      allAcceptedCredentialIds: args.acceptedCredentialIds
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
 export {
   ConnectError,
   passkeyLogin,
   createAnonServerPolicy,
-  createPasskeySigner
+  createPasskeySigner,
+  getActiveHandle,
+  setActiveHandle,
+  getCredentialId,
+  ejectActiveWallet,
+  listWallets,
+  switchWallet,
+  forgetWallet,
+  subscribe,
+  ACTIVE_WALLET_STORAGE_KEY,
+  passkeySignalSupport,
+  renamePasskey,
+  prunePasskey,
+  syncAcceptedPasskeys
 };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { D as DexterConnectConfig, S as SignInResult, C as ConnectVault } from './types---RcNI2Y.js';
-export { a as ConnectError, P as PasskeyLoginTokens } from './types---RcNI2Y.js';
+import { D as DexterConnectConfig, S as SignInResult, C as ConnectVault } from './signals-CkBFwCNw.js';
+export { A as ACTIVE_WALLET_STORAGE_KEY, a as ConnectError, P as PasskeyLoginTokens, b as PasskeySignalSupport, c as StoredWallet, e as ejectActiveWallet, f as forgetWallet, g as getActiveHandle, d as getCredentialId, l as listWallets, p as passkeySignalSupport, h as prunePasskey, r as renamePasskey, s as setActiveHandle, i as subscribeWallet, j as switchWallet, k as syncAcceptedPasskeys } from './signals-CkBFwCNw.js';
 import { DexterApiBrowserPasskeySigner } from '@dexterai/vault/signers/browser';
 
 /**

package/dist/index.js

@@ -1,12 +1,38 @@
 import {
+  ACTIVE_WALLET_STORAGE_KEY,
   ConnectError,
   createAnonServerPolicy,
   createPasskeySigner,
-  passkeyLogin
-} from "./chunk-46P7XAAI.js";
+  ejectActiveWallet,
+  forgetWallet,
+  getActiveHandle,
+  getCredentialId,
+  listWallets,
+  passkeyLogin,
+  passkeySignalSupport,
+  prunePasskey,
+  renamePasskey,
+  setActiveHandle,
+  subscribe,
+  switchWallet,
+  syncAcceptedPasskeys
+} from "./chunk-2V6EGIHV.js";
 export {
+  ACTIVE_WALLET_STORAGE_KEY,
   ConnectError,
   createAnonServerPolicy,
   createPasskeySigner,
-  passkeyLogin
+  ejectActiveWallet,
+  forgetWallet,
+  getActiveHandle,
+  getCredentialId,
+  listWallets,
+  passkeyLogin,
+  passkeySignalSupport,
+  prunePasskey,
+  renamePasskey,
+  setActiveHandle,
+  subscribe as subscribeWallet,
+  switchWallet,
+  syncAcceptedPasskeys
 };

package/dist/react.d.ts

@@ -1,5 +1,5 @@
 import { DexterApiBrowserPasskeySigner } from '@dexterai/vault/signers/browser';
-import { S as SignInResult, P as PasskeyLoginTokens, C as ConnectVault, a as ConnectError } from './types---RcNI2Y.js';
+import { S as SignInResult, P as PasskeyLoginTokens, C as ConnectVault, a as ConnectError, c as StoredWallet, b as PasskeySignalSupport } from './signals-CkBFwCNw.js';
 import { ReactElement } from 'react';
 
 type ConnectStatus = 'idle' | 'pending' | 'done' | 'error';
@@ -64,4 +64,34 @@ interface SignInWithDexterProps extends UseSignInWithDexterConfig {
  */
 declare function SignInWithDexter(props: SignInWithDexterProps): ReactElement | null;
 
-export { type ConnectStatus, SignInWithDexter, type SignInWithDexterProps, type UseSignInWithDexter, type UseSignInWithDexterConfig, useSignInWithDexter };
+interface UseDexterWallet {
+    /** Active wallet handle, or null if this browser has no active wallet. */
+    activeHandle: string | null;
+    /** Known wallets on this browser, most-recently-used first. */
+    wallets: StoredWallet[];
+    /** What the WebAuthn Signal API supports in THIS browser (rename / prune). */
+    support: PasskeySignalSupport;
+    /**
+     * Eject the active wallet — "switch / start fresh". Clears the local binding
+     * and, where supported, prunes the old passkey from the OS manager so it
+     * disappears from the user's list. `{ forget: true }` also drops it from the
+     * roster.
+     */
+    eject: (opts?: {
+        forget?: boolean;
+    }) => void;
+    /** Switch the active wallet to a known handle. No-op if unknown. */
+    switchTo: (handle: string) => boolean;
+    /** Record/activate a handle (after enroll or recover). Prefer over writing
+     *  localStorage by hand so the roster + subscribers stay correct. */
+    setActive: (handle: string, label?: string, credentialId?: string) => void;
+    /**
+     * Rename the ACTIVE passkey in the OS keychain (post-creation). Returns true
+     * if the browser supported it and the signal fired; false otherwise (the
+     * keychain entry is then just left as-is).
+     */
+    rename: (name: string, displayName?: string) => Promise<boolean>;
+}
+declare function useDexterWallet(): UseDexterWallet;
+
+export { type ConnectStatus, SignInWithDexter, type SignInWithDexterProps, type UseDexterWallet, type UseSignInWithDexter, type UseSignInWithDexterConfig, useDexterWallet, useSignInWithDexter };

package/dist/react.js

@@ -1,8 +1,18 @@
 import {
   ConnectError,
   createPasskeySigner,
-  passkeyLogin
-} from "./chunk-46P7XAAI.js";
+  ejectActiveWallet,
+  getActiveHandle,
+  getCredentialId,
+  listWallets,
+  passkeyLogin,
+  passkeySignalSupport,
+  prunePasskey,
+  renamePasskey,
+  setActiveHandle,
+  subscribe,
+  switchWallet
+} from "./chunk-2V6EGIHV.js";
 
 // src/useSignInWithDexter.ts
 import { useCallback, useEffect, useMemo, useState } from "react";
@@ -198,7 +208,51 @@ var DISCONNECT = {
   lineHeight: 1,
   opacity: 0.6
 };
+
+// src/useDexterWallet.ts
+import { useCallback as useCallback2, useEffect as useEffect2, useState as useState2 } from "react";
+var NO_SUPPORT = { rename: false, prune: false, syncAccepted: false };
+function useDexterWallet() {
+  const [activeHandle, setHandle] = useState2(() => getActiveHandle());
+  const [wallets, setWallets] = useState2(() => listWallets());
+  const [support, setSupport] = useState2(NO_SUPPORT);
+  useEffect2(() => {
+    const sync = () => {
+      setHandle(getActiveHandle());
+      setWallets(listWallets());
+    };
+    setSupport(passkeySignalSupport());
+    sync();
+    return subscribe(sync);
+  }, []);
+  const eject = useCallback2((opts) => {
+    const handle = getActiveHandle();
+    const credentialId = handle ? getCredentialId(handle) : void 0;
+    ejectActiveWallet(opts);
+    if (credentialId) void prunePasskey({ credentialId });
+  }, []);
+  const rename = useCallback2(async (name, displayName) => {
+    const handle = getActiveHandle();
+    if (!handle) return false;
+    const ok = await renamePasskey({ userId: handle, name, displayName });
+    if (ok) setActiveHandle(handle, name);
+    return ok;
+  }, []);
+  return {
+    activeHandle,
+    wallets,
+    support,
+    eject,
+    switchTo: useCallback2((handle) => switchWallet(handle), []),
+    setActive: useCallback2(
+      (handle, label, credentialId) => setActiveHandle(handle, label, credentialId),
+      []
+    ),
+    rename
+  };
+}
 export {
   SignInWithDexter,
+  useDexterWallet,
   useSignInWithDexter
 };

package/dist/signals-CkBFwCNw.d.ts

@@ -0,0 +1,142 @@
+/** Supabase session tokens returned by dexter-api's passkey-login (camelCase). */
+interface PasskeyLoginTokens {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    expiresIn: number;
+    tokenType: string;
+}
+/**
+ * Vault identity, returned ALONGSIDE the session by passkey-login once
+ * vault-review ships the dexter-api change (ASK 1). Optional until then —
+ * the connector degrades to session-only. Consumers that open x402 tabs
+ * (dexter-agents) need `vaultPda` + `publicKey` to build a passkey signer.
+ */
+interface ConnectVault {
+    vaultPda: string;
+    /** Swig state address, base58 — the user-facing Dexter Wallet address. */
+    swigAddress: string;
+    /** v2 swig wallet PDA (deposit address); null until the swig is deployed. */
+    receiveAddress: string | null;
+    /** Swig wallet's USDC ATA, base58 (for the connected-chip balance read);
+     *  null until the swig is deployed. Server-resolved (off-curve-safe). */
+    usdcAta: string | null;
+    /** base64 33-byte SEC1 compressed P-256 authority pubkey (for the signer). */
+    publicKey: string;
+    userHandle: string;
+    credentialId: string;
+}
+/** Result of a completed "Sign in with Dexter" ceremony. */
+interface SignInResult {
+    session: PasskeyLoginTokens;
+    /** Present once vault-review ships the vault-in-login change. */
+    vault?: ConnectVault;
+}
+interface DexterConnectConfig {
+    /** dexter-api base. Default https://api.dexter.cash. */
+    apiBase?: string;
+}
+/** Typed error whose `code` is the server's snake_case error string. */
+declare class ConnectError extends Error {
+    readonly code: string;
+    constructor(code: string, message?: string);
+}
+
+/** A wallet this browser knows about. `handle` is the identity; the rest is UX. */
+interface StoredWallet {
+    /** base64url 16-byte user handle — the vault identity. */
+    handle: string;
+    /** Human label for switch UIs (e.g. an email, or "Dexter Wallet"). */
+    label?: string;
+    /** base64url credential id — enables the WebAuthn Signal API to prune this
+     *  passkey from the OS manager on eject (see ./signals). */
+    credentialId?: string;
+    /** Epoch ms of last activation — for ordering the switcher. */
+    lastUsedAt?: number;
+}
+type Listener = () => void;
+/** The active wallet handle, or null if this browser has no active wallet. */
+declare function getActiveHandle(): string | null;
+/**
+ * Set the active wallet handle (e.g. after enroll or recover), upserting it into
+ * the roster with a fresh `lastUsedAt`. Idempotent. Fires subscribers.
+ */
+declare function setActiveHandle(handle: string, label?: string, credentialId?: string): void;
+/** Look up a known wallet's stored credentialId (for Signal-API prune on eject). */
+declare function getCredentialId(handle: string): string | undefined;
+/**
+ * EJECT — clear the active wallet so the browser is no longer bound to it. This
+ * is "switch / start fresh / sign out of this wallet". The wallet stays in the
+ * roster (so the user can switch back) unless `forget` is true. After eject,
+ * `getActiveHandle()` is null and the next enroll/recover starts clean. Fires
+ * subscribers. This is the function whose absence WAS the welded-wallet bug.
+ */
+declare function ejectActiveWallet(opts?: {
+    forget?: boolean;
+}): void;
+/** Every wallet this browser knows about, most-recently-used first. */
+declare function listWallets(): StoredWallet[];
+/**
+ * Switch the active wallet to a handle ALREADY in the roster. Returns false (and
+ * does nothing) if the handle is unknown — switching is only ever to a wallet
+ * this browser has seen, never to an arbitrary string.
+ */
+declare function switchWallet(handle: string): boolean;
+/** Remove a wallet from the roster entirely; clears active if it was active. */
+declare function forgetWallet(handle: string): void;
+/**
+ * Subscribe to active-wallet/roster changes. Returns an unsubscribe fn. Also
+ * wires the cross-tab `storage` event once, so ejecting in one tab updates the
+ * others. The React hook (`useDexterWallet`) is a thin wrapper over this.
+ */
+declare function subscribe(listener: Listener): () => void;
+/** Exposed for consumers that must reference the canonical key (migrations,
+ *  tests). Prefer the accessors above — do NOT read localStorage by hand. */
+declare const ACTIVE_WALLET_STORAGE_KEY = "dexter:passkey:userHandle";
+
+interface PasskeySignalSupport {
+    /** signalCurrentUserDetails — rename a passkey post-creation. */
+    rename: boolean;
+    /** signalUnknownCredential — remove one stale passkey from the manager. */
+    prune: boolean;
+    /** signalAllAcceptedCredentials — reconcile the full valid set. */
+    syncAccepted: boolean;
+}
+/**
+ * What the CURRENT browser supports, by direct feature-detection. Instant, no
+ * network, no UA sniffing — tells you exactly what will light up on THIS device
+ * (e.g. call once on Branch's iPhone to learn its Safari's status).
+ */
+declare function passkeySignalSupport(): PasskeySignalSupport;
+/**
+ * Rename a passkey in the OS keychain AFTER creation. `userId` is the base64url
+ * user handle; `rpId` defaults to the current host. Returns true if the signal
+ * fired, false if unsupported/failed (caller treats false as "left as-is").
+ */
+declare function renamePasskey(args: {
+    userId: string;
+    name: string;
+    displayName?: string;
+    rpId?: string;
+}): Promise<boolean>;
+/**
+ * Tell the OS manager a credential is gone so it removes that passkey from the
+ * user's list — the welded-old-wallet auto-cleanup. `credentialId` is base64url.
+ * Returns true if fired, false if unsupported/failed.
+ */
+declare function prunePasskey(args: {
+    credentialId: string;
+    rpId?: string;
+}): Promise<boolean>;
+/**
+ * Declare the FULL set of still-valid credential IDs for a user; the manager
+ * prunes anything not listed. Use after sign-in or eject to reconcile in one
+ * shot (pass `[]` to clear all of a user's passkeys). Returns true if fired.
+ */
+declare function syncAcceptedPasskeys(args: {
+    userId: string;
+    acceptedCredentialIds: string[];
+    rpId?: string;
+}): Promise<boolean>;
+
+export { ACTIVE_WALLET_STORAGE_KEY as A, type ConnectVault as C, type DexterConnectConfig as D, type PasskeyLoginTokens as P, type SignInResult as S, ConnectError as a, type PasskeySignalSupport as b, type StoredWallet as c, getCredentialId as d, ejectActiveWallet as e, forgetWallet as f, getActiveHandle as g, prunePasskey as h, subscribe as i, switchWallet as j, syncAcceptedPasskeys as k, listWallets as l, passkeySignalSupport as p, renamePasskey as r, setActiveHandle as s };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dexterai/connect",
-  "version": "0.2.0",
+  "version": "0.4.0",
   "description": "Sign in with Dexter — passkey connector. Composes @dexterai/vault.",
   "type": "module",
   "exports": {

package/dist/types---RcNI2Y.d.ts

@@ -1,45 +0,0 @@
-/** Supabase session tokens returned by dexter-api's passkey-login (camelCase). */
-interface PasskeyLoginTokens {
-    accessToken: string;
-    refreshToken: string;
-    expiresAt: number;
-    expiresIn: number;
-    tokenType: string;
-}
-/**
- * Vault identity, returned ALONGSIDE the session by passkey-login once
- * vault-review ships the dexter-api change (ASK 1). Optional until then —
- * the connector degrades to session-only. Consumers that open x402 tabs
- * (dexter-agents) need `vaultPda` + `publicKey` to build a passkey signer.
- */
-interface ConnectVault {
-    vaultPda: string;
-    /** Swig state address, base58 — the user-facing Dexter Wallet address. */
-    swigAddress: string;
-    /** v2 swig wallet PDA (deposit address); null until the swig is deployed. */
-    receiveAddress: string | null;
-    /** Swig wallet's USDC ATA, base58 (for the connected-chip balance read);
-     *  null until the swig is deployed. Server-resolved (off-curve-safe). */
-    usdcAta: string | null;
-    /** base64 33-byte SEC1 compressed P-256 authority pubkey (for the signer). */
-    publicKey: string;
-    userHandle: string;
-    credentialId: string;
-}
-/** Result of a completed "Sign in with Dexter" ceremony. */
-interface SignInResult {
-    session: PasskeyLoginTokens;
-    /** Present once vault-review ships the vault-in-login change. */
-    vault?: ConnectVault;
-}
-interface DexterConnectConfig {
-    /** dexter-api base. Default https://api.dexter.cash. */
-    apiBase?: string;
-}
-/** Typed error whose `code` is the server's snake_case error string. */
-declare class ConnectError extends Error {
-    readonly code: string;
-    constructor(code: string, message?: string);
-}
-
-export { type ConnectVault as C, type DexterConnectConfig as D, type PasskeyLoginTokens as P, type SignInResult as S, ConnectError as a };