@dexterai/connect 0.4.0 → 0.5.0

package/dist/{chunk-2V6EGIHV.js → chunk-LYIBVWRG.js}

@@ -406,6 +406,8 @@ async function syncAcceptedPasskeys(args) {
 
 export {
   ConnectError,
+  base64urlToBytes,
+  bytesToBase64url,
   passkeyLogin,
   createAnonServerPolicy,
   createPasskeySigner,

package/dist/index.d.ts

@@ -76,4 +76,27 @@ declare function createPasskeySigner(vault: ConnectVault, apiBase?: string, opts
     __assertion?: AssertionLike;
 }): DexterApiBrowserPasskeySigner;
 
-export { type AnonChallengeResult, type AnonServerPolicy, ConnectVault, DexterConnectConfig, SignInResult, createAnonServerPolicy, createPasskeySigner, passkeyLogin };
+interface CreateWalletConfig extends DexterConnectConfig {
+    /** Label for the passkey in the OS keychain AND the wallet roster. Set at
+     *  creation — the only moment naming is guaranteed to stick. Default "Dexter Wallet". */
+    name?: string;
+    /** RP id for the new credential. Default "dexter.cash". */
+    rpId?: string;
+}
+interface CreateWalletResult {
+    /** Server-minted 16-byte user handle, base64url — the vault identity. */
+    handle: string;
+    /** base64url credential id of the new passkey. */
+    credentialId: string;
+    /** The freshly initialized vault (swig not yet deployed; deploys lazily). */
+    vault: ConnectVault;
+}
+/**
+ * Mint a brand-new Dexter wallet (passkey + vault) and make it the active wallet.
+ *
+ * One passkey approval. Throws ConnectError on any failed leg (the `code` is the
+ * server's error string, or webauthn_failed / no_credential for the ceremony).
+ */
+declare function createWallet(config?: CreateWalletConfig): Promise<CreateWalletResult>;
+
+export { type AnonChallengeResult, type AnonServerPolicy, ConnectVault, type CreateWalletConfig, type CreateWalletResult, DexterConnectConfig, SignInResult, createAnonServerPolicy, createPasskeySigner, createWallet, passkeyLogin };

package/dist/index.js

@@ -1,6 +1,8 @@
 import {
   ACTIVE_WALLET_STORAGE_KEY,
   ConnectError,
+  base64urlToBytes,
+  bytesToBase64url,
   createAnonServerPolicy,
   createPasskeySigner,
   ejectActiveWallet,
@@ -16,12 +18,139 @@ import {
   subscribe,
   switchWallet,
   syncAcceptedPasskeys
-} from "./chunk-2V6EGIHV.js";
+} from "./chunk-LYIBVWRG.js";
+
+// src/enroll.ts
+var DEFAULT_API_BASE = "https://api.dexter.cash";
+var DEFAULT_RP_ID = "dexter.cash";
+var DEFAULT_WALLET_NAME = "Dexter Wallet";
+async function createWallet(config = {}) {
+  if (typeof navigator === "undefined" || !navigator.credentials) {
+    throw new ConnectError("webauthn_unsupported", "WebAuthn unavailable in this environment");
+  }
+  const apiBase = (config.apiBase ?? DEFAULT_API_BASE).replace(/\/$/, "");
+  const rpId = config.rpId ?? DEFAULT_RP_ID;
+  const name = config.name && config.name.trim() || DEFAULT_WALLET_NAME;
+  const options = await fetchEnrollChallenge(apiBase);
+  const credential = await createCredential(options, name, rpId);
+  const enrolled = await submitEnrollComplete(apiBase, credential);
+  const init = await initializeVault(apiBase, enrolled.userHandle, enrolled.credentialId);
+  setActiveHandle(enrolled.userHandle, name, enrolled.credentialId);
+  return {
+    handle: enrolled.userHandle,
+    credentialId: enrolled.credentialId,
+    vault: {
+      vaultPda: init.vaultPda,
+      swigAddress: init.swigStateAddress,
+      // FAIL SAFE: never invent a receive address — null until the server returns
+      // one (depositing to the config PDA would strand funds).
+      receiveAddress: init.receiveAddress ?? null,
+      usdcAta: null,
+      // swig not deployed yet (counterfactual pattern)
+      publicKey: enrolled.publicKey,
+      userHandle: enrolled.userHandle,
+      credentialId: enrolled.credentialId
+    }
+  };
+}
+async function fetchEnrollChallenge(apiBase) {
+  const res = await fetch(`${apiBase}/api/passkey-anon/enroll/challenge`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: "{}"
+  });
+  if (!res.ok) throw new ConnectError("enroll_challenge_failed", `enroll/challenge ${res.status}`);
+  const data = await res.json();
+  if (!data?.options?.challenge) {
+    throw new ConnectError("enroll_challenge_malformed", "no creation options in response");
+  }
+  return data.options;
+}
+async function createCredential(options, name, rpId) {
+  let credential;
+  try {
+    credential = await navigator.credentials.create({
+      publicKey: buildCreationOptions(options, name, rpId)
+    });
+  } catch (err) {
+    throw new ConnectError("webauthn_failed", err instanceof Error ? err.message : String(err));
+  }
+  if (!credential || credential.type !== "public-key") {
+    throw new ConnectError("no_credential", "authenticator returned no credential");
+  }
+  return credential;
+}
+async function submitEnrollComplete(apiBase, credential) {
+  const attestation = credential.response;
+  const credentialJson = {
+    id: credential.id,
+    rawId: bytesToBase64url(new Uint8Array(credential.rawId)),
+    type: credential.type,
+    response: {
+      attestationObject: bytesToBase64url(new Uint8Array(attestation.attestationObject)),
+      clientDataJSON: bytesToBase64url(new Uint8Array(attestation.clientDataJSON)),
+      transports: typeof attestation.getTransports === "function" ? attestation.getTransports() : []
+    },
+    clientExtensionResults: credential.getClientExtensionResults?.() ?? {},
+    authenticatorAttachment: credential.authenticatorAttachment ?? null
+  };
+  const res = await fetch(`${apiBase}/api/passkey-anon/enroll/complete`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({ credential: credentialJson })
+  });
+  if (!res.ok) throw new ConnectError(await readErrorCode(res), `enroll/complete ${res.status}`);
+  return await res.json();
+}
+async function initializeVault(apiBase, userHandle, credentialId) {
+  const res = await fetch(`${apiBase}/api/passkey-vault-anon/initialize`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({ userHandle, credentialId, coolingOffSeconds: 0 })
+  });
+  if (!res.ok) throw new ConnectError(await readErrorCode(res), `initialize ${res.status}`);
+  return await res.json();
+}
+function toBuf(b64url) {
+  return base64urlToBytes(b64url).buffer.slice(0);
+}
+function buildCreationOptions(o, name, rpId) {
+  return {
+    // rp.name = the site shown in the keychain; user.name/displayName = the
+    // wallet label the user sees. We override the server's user.name (a raw,
+    // unreadable handle) with the chosen wallet name.
+    rp: { id: o.rp.id ?? rpId, name: "Dexter" },
+    user: {
+      id: toBuf(o.user.id),
+      name,
+      displayName: name
+    },
+    challenge: toBuf(o.challenge),
+    pubKeyCredParams: o.pubKeyCredParams,
+    timeout: o.timeout,
+    excludeCredentials: o.excludeCredentials?.map((c) => ({
+      id: toBuf(c.id),
+      type: c.type,
+      transports: c.transports
+    })),
+    authenticatorSelection: o.authenticatorSelection,
+    attestation: o.attestation
+  };
+}
+async function readErrorCode(res) {
+  try {
+    const body = await res.json();
+    if (body?.error) return body.error;
+  } catch {
+  }
+  return `http_${res.status}`;
+}
 export {
   ACTIVE_WALLET_STORAGE_KEY,
   ConnectError,
   createAnonServerPolicy,
   createPasskeySigner,
+  createWallet,
   ejectActiveWallet,
   forgetWallet,
   getActiveHandle,

package/dist/react.js

@@ -12,7 +12,7 @@ import {
   setActiveHandle,
   subscribe,
   switchWallet
-} from "./chunk-2V6EGIHV.js";
+} from "./chunk-LYIBVWRG.js";
 
 // src/useSignInWithDexter.ts
 import { useCallback, useEffect, useMemo, useState } from "react";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dexterai/connect",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "Sign in with Dexter — passkey connector. Composes @dexterai/vault.",
   "type": "module",
   "exports": {