npm - @dexterai/connect - Versions diffs - 0.3.0 → 0.5.0 - Mend

@dexterai/connect 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/{chunk-HFG2GUFX.js → chunk-LYIBVWRG.js} +74 -3
package/dist/index.d.ts +26 -3
package/dist/index.js +142 -3
package/dist/react.d.ts +16 -7
package/dist/react.js +28 -3
package/dist/{walletStore-CWXhXuzK.d.ts → signals-CkBFwCNw.d.ts} +52 -2
package/package.json +1 -1

package/dist/{chunk-HFG2GUFX.js → chunk-LYIBVWRG.js} RENAMED Viewed

@@ -276,7 +276,7 @@ function getActiveHandle() {
     return null;
   }
 }
-function setActiveHandle(handle, label) {
+function setActiveHandle(handle, label, credentialId) {
   if (!hasStorage() || !handle) return;
   try {
     window.localStorage.setItem(ACTIVE_HANDLE_KEY, handle);
@@ -289,12 +289,16 @@ function setActiveHandle(handle, label) {
   if (existing) {
     existing.lastUsedAt = now;
     if (label !== void 0) existing.label = label;
+    if (credentialId !== void 0) existing.credentialId = credentialId;
   } else {
-    roster.push({ handle, label, lastUsedAt: now });
+    roster.push({ handle, label, credentialId, lastUsedAt: now });
   }
   writeRoster(roster);
   emit();
 }
+function getCredentialId(handle) {
+  return readRoster().find((w) => w.handle === handle)?.credentialId;
+}
 function ejectActiveWallet(opts) {
   if (!hasStorage()) return;
   const current = getActiveHandle();
@@ -340,17 +344,84 @@ function onStorageEvent(e) {
 }
 var ACTIVE_WALLET_STORAGE_KEY = ACTIVE_HANDLE_KEY;
+// src/signals.ts
+function pkc() {
+  if (typeof window === "undefined") return null;
+  const g = globalThis.PublicKeyCredential;
+  return g ?? null;
+}
+function defaultRpId() {
+  return typeof window !== "undefined" ? window.location.hostname : "";
+}
+function passkeySignalSupport() {
+  const p = pkc();
+  return {
+    rename: typeof p?.signalCurrentUserDetails === "function",
+    prune: typeof p?.signalUnknownCredential === "function",
+    syncAccepted: typeof p?.signalAllAcceptedCredentials === "function"
+  };
+}
+async function renamePasskey(args) {
+  const p = pkc();
+  if (typeof p?.signalCurrentUserDetails !== "function") return false;
+  try {
+    await p.signalCurrentUserDetails({
+      rpId: args.rpId ?? defaultRpId(),
+      userId: args.userId,
+      name: args.name,
+      displayName: args.displayName ?? args.name
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function prunePasskey(args) {
+  const p = pkc();
+  if (typeof p?.signalUnknownCredential !== "function") return false;
+  try {
+    await p.signalUnknownCredential({
+      rpId: args.rpId ?? defaultRpId(),
+      credentialId: args.credentialId
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function syncAcceptedPasskeys(args) {
+  const p = pkc();
+  if (typeof p?.signalAllAcceptedCredentials !== "function") return false;
+  try {
+    await p.signalAllAcceptedCredentials({
+      rpId: args.rpId ?? defaultRpId(),
+      userId: args.userId,
+      allAcceptedCredentialIds: args.acceptedCredentialIds
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
 export {
   ConnectError,
+  base64urlToBytes,
+  bytesToBase64url,
   passkeyLogin,
   createAnonServerPolicy,
   createPasskeySigner,
   getActiveHandle,
   setActiveHandle,
+  getCredentialId,
   ejectActiveWallet,
   listWallets,
   switchWallet,
   forgetWallet,
   subscribe,
-  ACTIVE_WALLET_STORAGE_KEY
+  ACTIVE_WALLET_STORAGE_KEY,
+  passkeySignalSupport,
+  renamePasskey,
+  prunePasskey,
+  syncAcceptedPasskeys
 };

package/dist/index.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { D as DexterConnectConfig, S as SignInResult, C as ConnectVault } from './walletStore-CWXhXuzK.js';
-export { A as ACTIVE_WALLET_STORAGE_KEY, a as ConnectError, P as PasskeyLoginTokens, b as StoredWallet, e as ejectActiveWallet, f as forgetWallet, g as getActiveHandle, l as listWallets, s as setActiveHandle, c as subscribeWallet, d as switchWallet } from './walletStore-CWXhXuzK.js';
+import { D as DexterConnectConfig, S as SignInResult, C as ConnectVault } from './signals-CkBFwCNw.js';
+export { A as ACTIVE_WALLET_STORAGE_KEY, a as ConnectError, P as PasskeyLoginTokens, b as PasskeySignalSupport, c as StoredWallet, e as ejectActiveWallet, f as forgetWallet, g as getActiveHandle, d as getCredentialId, l as listWallets, p as passkeySignalSupport, h as prunePasskey, r as renamePasskey, s as setActiveHandle, i as subscribeWallet, j as switchWallet, k as syncAcceptedPasskeys } from './signals-CkBFwCNw.js';
 import { DexterApiBrowserPasskeySigner } from '@dexterai/vault/signers/browser';
 /**
@@ -76,4 +76,27 @@ declare function createPasskeySigner(vault: ConnectVault, apiBase?: string, opts
     __assertion?: AssertionLike;
 }): DexterApiBrowserPasskeySigner;
-export { type AnonChallengeResult, type AnonServerPolicy, ConnectVault, DexterConnectConfig, SignInResult, createAnonServerPolicy, createPasskeySigner, passkeyLogin };
+interface CreateWalletConfig extends DexterConnectConfig {
+    /** Label for the passkey in the OS keychain AND the wallet roster. Set at
+     *  creation — the only moment naming is guaranteed to stick. Default "Dexter Wallet". */
+    name?: string;
+    /** RP id for the new credential. Default "dexter.cash". */
+    rpId?: string;
+}
+interface CreateWalletResult {
+    /** Server-minted 16-byte user handle, base64url — the vault identity. */
+    handle: string;
+    /** base64url credential id of the new passkey. */
+    credentialId: string;
+    /** The freshly initialized vault (swig not yet deployed; deploys lazily). */
+    vault: ConnectVault;
+}
+/**
+ * Mint a brand-new Dexter wallet (passkey + vault) and make it the active wallet.
+ *
+ * One passkey approval. Throws ConnectError on any failed leg (the `code` is the
+ * server's error string, or webauthn_failed / no_credential for the ceremony).
+ */
+declare function createWallet(config?: CreateWalletConfig): Promise<CreateWalletResult>;
+export { type AnonChallengeResult, type AnonServerPolicy, ConnectVault, type CreateWalletConfig, type CreateWalletResult, DexterConnectConfig, SignInResult, createAnonServerPolicy, createPasskeySigner, createWallet, passkeyLogin };

package/dist/index.js CHANGED Viewed

@@ -1,28 +1,167 @@
 import {
   ACTIVE_WALLET_STORAGE_KEY,
   ConnectError,
+  base64urlToBytes,
+  bytesToBase64url,
   createAnonServerPolicy,
   createPasskeySigner,
   ejectActiveWallet,
   forgetWallet,
   getActiveHandle,
+  getCredentialId,
   listWallets,
   passkeyLogin,
+  passkeySignalSupport,
+  prunePasskey,
+  renamePasskey,
   setActiveHandle,
   subscribe,
-  switchWallet
-} from "./chunk-HFG2GUFX.js";
+  switchWallet,
+  syncAcceptedPasskeys
+} from "./chunk-LYIBVWRG.js";
+// src/enroll.ts
+var DEFAULT_API_BASE = "https://api.dexter.cash";
+var DEFAULT_RP_ID = "dexter.cash";
+var DEFAULT_WALLET_NAME = "Dexter Wallet";
+async function createWallet(config = {}) {
+  if (typeof navigator === "undefined" || !navigator.credentials) {
+    throw new ConnectError("webauthn_unsupported", "WebAuthn unavailable in this environment");
+  }
+  const apiBase = (config.apiBase ?? DEFAULT_API_BASE).replace(/\/$/, "");
+  const rpId = config.rpId ?? DEFAULT_RP_ID;
+  const name = config.name && config.name.trim() || DEFAULT_WALLET_NAME;
+  const options = await fetchEnrollChallenge(apiBase);
+  const credential = await createCredential(options, name, rpId);
+  const enrolled = await submitEnrollComplete(apiBase, credential);
+  const init = await initializeVault(apiBase, enrolled.userHandle, enrolled.credentialId);
+  setActiveHandle(enrolled.userHandle, name, enrolled.credentialId);
+  return {
+    handle: enrolled.userHandle,
+    credentialId: enrolled.credentialId,
+    vault: {
+      vaultPda: init.vaultPda,
+      swigAddress: init.swigStateAddress,
+      // FAIL SAFE: never invent a receive address — null until the server returns
+      // one (depositing to the config PDA would strand funds).
+      receiveAddress: init.receiveAddress ?? null,
+      usdcAta: null,
+      // swig not deployed yet (counterfactual pattern)
+      publicKey: enrolled.publicKey,
+      userHandle: enrolled.userHandle,
+      credentialId: enrolled.credentialId
+    }
+  };
+}
+async function fetchEnrollChallenge(apiBase) {
+  const res = await fetch(`${apiBase}/api/passkey-anon/enroll/challenge`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: "{}"
+  });
+  if (!res.ok) throw new ConnectError("enroll_challenge_failed", `enroll/challenge ${res.status}`);
+  const data = await res.json();
+  if (!data?.options?.challenge) {
+    throw new ConnectError("enroll_challenge_malformed", "no creation options in response");
+  }
+  return data.options;
+}
+async function createCredential(options, name, rpId) {
+  let credential;
+  try {
+    credential = await navigator.credentials.create({
+      publicKey: buildCreationOptions(options, name, rpId)
+    });
+  } catch (err) {
+    throw new ConnectError("webauthn_failed", err instanceof Error ? err.message : String(err));
+  }
+  if (!credential || credential.type !== "public-key") {
+    throw new ConnectError("no_credential", "authenticator returned no credential");
+  }
+  return credential;
+}
+async function submitEnrollComplete(apiBase, credential) {
+  const attestation = credential.response;
+  const credentialJson = {
+    id: credential.id,
+    rawId: bytesToBase64url(new Uint8Array(credential.rawId)),
+    type: credential.type,
+    response: {
+      attestationObject: bytesToBase64url(new Uint8Array(attestation.attestationObject)),
+      clientDataJSON: bytesToBase64url(new Uint8Array(attestation.clientDataJSON)),
+      transports: typeof attestation.getTransports === "function" ? attestation.getTransports() : []
+    },
+    clientExtensionResults: credential.getClientExtensionResults?.() ?? {},
+    authenticatorAttachment: credential.authenticatorAttachment ?? null
+  };
+  const res = await fetch(`${apiBase}/api/passkey-anon/enroll/complete`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({ credential: credentialJson })
+  });
+  if (!res.ok) throw new ConnectError(await readErrorCode(res), `enroll/complete ${res.status}`);
+  return await res.json();
+}
+async function initializeVault(apiBase, userHandle, credentialId) {
+  const res = await fetch(`${apiBase}/api/passkey-vault-anon/initialize`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({ userHandle, credentialId, coolingOffSeconds: 0 })
+  });
+  if (!res.ok) throw new ConnectError(await readErrorCode(res), `initialize ${res.status}`);
+  return await res.json();
+}
+function toBuf(b64url) {
+  return base64urlToBytes(b64url).buffer.slice(0);
+}
+function buildCreationOptions(o, name, rpId) {
+  return {
+    // rp.name = the site shown in the keychain; user.name/displayName = the
+    // wallet label the user sees. We override the server's user.name (a raw,
+    // unreadable handle) with the chosen wallet name.
+    rp: { id: o.rp.id ?? rpId, name: "Dexter" },
+    user: {
+      id: toBuf(o.user.id),
+      name,
+      displayName: name
+    },
+    challenge: toBuf(o.challenge),
+    pubKeyCredParams: o.pubKeyCredParams,
+    timeout: o.timeout,
+    excludeCredentials: o.excludeCredentials?.map((c) => ({
+      id: toBuf(c.id),
+      type: c.type,
+      transports: c.transports
+    })),
+    authenticatorSelection: o.authenticatorSelection,
+    attestation: o.attestation
+  };
+}
+async function readErrorCode(res) {
+  try {
+    const body = await res.json();
+    if (body?.error) return body.error;
+  } catch {
+  }
+  return `http_${res.status}`;
+}
 export {
   ACTIVE_WALLET_STORAGE_KEY,
   ConnectError,
   createAnonServerPolicy,
   createPasskeySigner,
+  createWallet,
   ejectActiveWallet,
   forgetWallet,
   getActiveHandle,
+  getCredentialId,
   listWallets,
   passkeyLogin,
+  passkeySignalSupport,
+  prunePasskey,
+  renamePasskey,
   setActiveHandle,
   subscribe as subscribeWallet,
-  switchWallet
+  switchWallet,
+  syncAcceptedPasskeys
 };

package/dist/react.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { DexterApiBrowserPasskeySigner } from '@dexterai/vault/signers/browser';
-import { S as SignInResult, P as PasskeyLoginTokens, C as ConnectVault, a as ConnectError, b as StoredWallet } from './walletStore-CWXhXuzK.js';
+import { S as SignInResult, P as PasskeyLoginTokens, C as ConnectVault, a as ConnectError, c as StoredWallet, b as PasskeySignalSupport } from './signals-CkBFwCNw.js';
 import { ReactElement } from 'react';
 type ConnectStatus = 'idle' | 'pending' | 'done' | 'error';
@@ -69,19 +69,28 @@ interface UseDexterWallet {
     activeHandle: string | null;
     /** Known wallets on this browser, most-recently-used first. */
     wallets: StoredWallet[];
+    /** What the WebAuthn Signal API supports in THIS browser (rename / prune). */
+    support: PasskeySignalSupport;
     /**
-     * Eject the active wallet — "switch / start fresh / sign out of this wallet".
-     * The browser is no longer bound to it; the next enroll/recover starts clean.
-     * Pass `{ forget: true }` to also drop it from the roster.
+     * Eject the active wallet — "switch / start fresh". Clears the local binding
+     * and, where supported, prunes the old passkey from the OS manager so it
+     * disappears from the user's list. `{ forget: true }` also drops it from the
+     * roster.
      */
     eject: (opts?: {
         forget?: boolean;
     }) => void;
     /** Switch the active wallet to a known handle. No-op if unknown. */
     switchTo: (handle: string) => boolean;
-    /** Record/activate a handle (after enroll or recover). Prefer this over
-     *  hand-writing localStorage so the roster + subscribers stay correct. */
-    setActive: (handle: string, label?: string) => void;
+    /** Record/activate a handle (after enroll or recover). Prefer over writing
+     *  localStorage by hand so the roster + subscribers stay correct. */
+    setActive: (handle: string, label?: string, credentialId?: string) => void;
+    /**
+     * Rename the ACTIVE passkey in the OS keychain (post-creation). Returns true
+     * if the browser supported it and the signal fired; false otherwise (the
+     * keychain entry is then just left as-is).
+     */
+    rename: (name: string, displayName?: string) => Promise<boolean>;
 }
 declare function useDexterWallet(): UseDexterWallet;

package/dist/react.js CHANGED Viewed

@@ -3,12 +3,16 @@ import {
   createPasskeySigner,
   ejectActiveWallet,
   getActiveHandle,
+  getCredentialId,
   listWallets,
   passkeyLogin,
+  passkeySignalSupport,
+  prunePasskey,
+  renamePasskey,
   setActiveHandle,
   subscribe,
   switchWallet
-} from "./chunk-HFG2GUFX.js";
+} from "./chunk-LYIBVWRG.js";
 // src/useSignInWithDexter.ts
 import { useCallback, useEffect, useMemo, useState } from "react";
@@ -207,23 +211,44 @@ var DISCONNECT = {
 // src/useDexterWallet.ts
 import { useCallback as useCallback2, useEffect as useEffect2, useState as useState2 } from "react";
+var NO_SUPPORT = { rename: false, prune: false, syncAccepted: false };
 function useDexterWallet() {
   const [activeHandle, setHandle] = useState2(() => getActiveHandle());
   const [wallets, setWallets] = useState2(() => listWallets());
+  const [support, setSupport] = useState2(NO_SUPPORT);
   useEffect2(() => {
     const sync = () => {
       setHandle(getActiveHandle());
       setWallets(listWallets());
     };
+    setSupport(passkeySignalSupport());
     sync();
     return subscribe(sync);
   }, []);
+  const eject = useCallback2((opts) => {
+    const handle = getActiveHandle();
+    const credentialId = handle ? getCredentialId(handle) : void 0;
+    ejectActiveWallet(opts);
+    if (credentialId) void prunePasskey({ credentialId });
+  }, []);
+  const rename = useCallback2(async (name, displayName) => {
+    const handle = getActiveHandle();
+    if (!handle) return false;
+    const ok = await renamePasskey({ userId: handle, name, displayName });
+    if (ok) setActiveHandle(handle, name);
+    return ok;
+  }, []);
   return {
     activeHandle,
     wallets,
-    eject: useCallback2((opts) => ejectActiveWallet(opts), []),
+    support,
+    eject,
     switchTo: useCallback2((handle) => switchWallet(handle), []),
-    setActive: useCallback2((handle, label) => setActiveHandle(handle, label), [])
+    setActive: useCallback2(
+      (handle, label, credentialId) => setActiveHandle(handle, label, credentialId),
+      []
+    ),
+    rename
   };
 }
 export {

package/dist/{walletStore-CWXhXuzK.d.ts → signals-CkBFwCNw.d.ts} RENAMED Viewed

@@ -48,6 +48,9 @@ interface StoredWallet {
     handle: string;
     /** Human label for switch UIs (e.g. an email, or "Dexter Wallet"). */
     label?: string;
+    /** base64url credential id — enables the WebAuthn Signal API to prune this
+     *  passkey from the OS manager on eject (see ./signals). */
+    credentialId?: string;
     /** Epoch ms of last activation — for ordering the switcher. */
     lastUsedAt?: number;
 }
@@ -58,7 +61,9 @@ declare function getActiveHandle(): string | null;
  * Set the active wallet handle (e.g. after enroll or recover), upserting it into
  * the roster with a fresh `lastUsedAt`. Idempotent. Fires subscribers.
  */
-declare function setActiveHandle(handle: string, label?: string): void;
+declare function setActiveHandle(handle: string, label?: string, credentialId?: string): void;
+/** Look up a known wallet's stored credentialId (for Signal-API prune on eject). */
+declare function getCredentialId(handle: string): string | undefined;
 /**
  * EJECT — clear the active wallet so the browser is no longer bound to it. This
  * is "switch / start fresh / sign out of this wallet". The wallet stays in the
@@ -89,4 +94,49 @@ declare function subscribe(listener: Listener): () => void;
  *  tests). Prefer the accessors above — do NOT read localStorage by hand. */
 declare const ACTIVE_WALLET_STORAGE_KEY = "dexter:passkey:userHandle";
-export { ACTIVE_WALLET_STORAGE_KEY as A, type ConnectVault as C, type DexterConnectConfig as D, type PasskeyLoginTokens as P, type SignInResult as S, ConnectError as a, type StoredWallet as b, subscribe as c, switchWallet as d, ejectActiveWallet as e, forgetWallet as f, getActiveHandle as g, listWallets as l, setActiveHandle as s };
+interface PasskeySignalSupport {
+    /** signalCurrentUserDetails — rename a passkey post-creation. */
+    rename: boolean;
+    /** signalUnknownCredential — remove one stale passkey from the manager. */
+    prune: boolean;
+    /** signalAllAcceptedCredentials — reconcile the full valid set. */
+    syncAccepted: boolean;
+}
+/**
+ * What the CURRENT browser supports, by direct feature-detection. Instant, no
+ * network, no UA sniffing — tells you exactly what will light up on THIS device
+ * (e.g. call once on Branch's iPhone to learn its Safari's status).
+ */
+declare function passkeySignalSupport(): PasskeySignalSupport;
+/**
+ * Rename a passkey in the OS keychain AFTER creation. `userId` is the base64url
+ * user handle; `rpId` defaults to the current host. Returns true if the signal
+ * fired, false if unsupported/failed (caller treats false as "left as-is").
+ */
+declare function renamePasskey(args: {
+    userId: string;
+    name: string;
+    displayName?: string;
+    rpId?: string;
+}): Promise<boolean>;
+/**
+ * Tell the OS manager a credential is gone so it removes that passkey from the
+ * user's list — the welded-old-wallet auto-cleanup. `credentialId` is base64url.
+ * Returns true if fired, false if unsupported/failed.
+ */
+declare function prunePasskey(args: {
+    credentialId: string;
+    rpId?: string;
+}): Promise<boolean>;
+/**
+ * Declare the FULL set of still-valid credential IDs for a user; the manager
+ * prunes anything not listed. Use after sign-in or eject to reconcile in one
+ * shot (pass `[]` to clear all of a user's passkeys). Returns true if fired.
+ */
+declare function syncAcceptedPasskeys(args: {
+    userId: string;
+    acceptedCredentialIds: string[];
+    rpId?: string;
+}): Promise<boolean>;
+export { ACTIVE_WALLET_STORAGE_KEY as A, type ConnectVault as C, type DexterConnectConfig as D, type PasskeyLoginTokens as P, type SignInResult as S, ConnectError as a, type PasskeySignalSupport as b, type StoredWallet as c, getCredentialId as d, ejectActiveWallet as e, forgetWallet as f, getActiveHandle as g, prunePasskey as h, subscribe as i, switchWallet as j, syncAcceptedPasskeys as k, listWallets as l, passkeySignalSupport as p, renamePasskey as r, setActiveHandle as s };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dexterai/connect",
-  "version": "0.3.0",
+  "version": "0.5.0",
   "description": "Sign in with Dexter — passkey connector. Composes @dexterai/vault.",
   "type": "module",
   "exports": {