@dexterai/vault 0.1.2 → 0.2.0

package/dist/counterfactual.cjs

@@ -39,7 +39,7 @@ var import_lib2 = require("@swig-wallet/lib");
 var import_node_crypto = require("crypto");
 var import_kit = require("@swig-wallet/kit");
 var import_lib = require("@swig-wallet/lib");
-var import_bs58 = __toESM(require("bs58"), 1);
+var bs58Module = __toESM(require("bs58"), 1);
 var import_web32 = require("@solana/web3.js");
 
 // src/constants/index.ts

package/dist/counterfactual.js

@@ -15,7 +15,7 @@ import {
   createEd25519SessionAuthorityInfo,
   getCreateSwigWithMultipleAuthoritiesInstructionContextBuilder
 } from "@swig-wallet/lib";
-import bs58 from "bs58";
+import * as bs58Module from "bs58";
 import { PublicKey as PublicKey2 } from "@solana/web3.js";
 
 // src/constants/index.ts

package/dist/index.cjs

@@ -41,7 +41,7 @@ var import_lib2 = require("@swig-wallet/lib");
 var import_node_crypto = require("crypto");
 var import_kit = require("@swig-wallet/kit");
 var import_lib = require("@swig-wallet/lib");
-var import_bs58 = __toESM(require("bs58"), 1);
+var bs58Module = __toESM(require("bs58"), 1);
 var import_web32 = require("@solana/web3.js");
 
 // src/constants/index.ts

package/dist/index.js

@@ -15,7 +15,7 @@ import {
   createEd25519SessionAuthorityInfo,
   getCreateSwigWithMultipleAuthoritiesInstructionContextBuilder
 } from "@swig-wallet/lib";
-import bs58 from "bs58";
+import * as bs58Module from "bs58";
 import { PublicKey as PublicKey2 } from "@solana/web3.js";
 
 // src/constants/index.ts

package/dist/instructions/index.cjs

@@ -4869,8 +4869,9 @@ function createSolanaRpcFromTransport(transport) {
 }
 
 // src/instructions/swigBundle.ts
-var import_bs58 = __toESM(require("bs58"), 1);
+var bs58Module = __toESM(require("bs58"), 1);
 var import_web311 = require("@solana/web3.js");
+var bs58 = bs58Module.default ?? bs58Module;
 var SWIG_ID_DOMAIN = "dexter-swig-id:v1:";
 var DEFAULT_SESSION_TTL_SECONDS = BigInt(30 * 24 * 60 * 60);
 var DEFAULT_SPEND_LIMIT_ATOMIC = BigInt(1e9);
@@ -4916,9 +4917,9 @@ async function buildSwigCreationBundle(params) {
   const swigId = deriveSwigId(identitySeed, hmacKey);
   const swigPda = await (0, import_kit.findSwigPda)(swigId);
   const swigAddressStr = String(swigPda);
-  const feePayerBytes = import_bs58.default.decode(feePayer);
+  const feePayerBytes = bs58.decode(feePayer);
   const vaultProgramIdBytes = Uint8Array.from(DEXTER_VAULT_PROGRAM_ID.toBytes());
-  const dexterPubkeyBytes = import_bs58.default.decode(dexterMasterPubkey);
+  const dexterPubkeyBytes = bs58.decode(dexterMasterPubkey);
   const bootstrapAuthorityInfo = (0, import_lib.createEd25519AuthorityInfo)(feePayerBytes);
   const bootstrapActions = import_lib.Actions.set().manageAuthority().get();
   const vaultAuthorityInfo = (0, import_lib.createProgramExecAuthorityInfo)(
@@ -4935,7 +4936,7 @@ async function buildSwigCreationBundle(params) {
     dexterPubkeyBytes,
     sessionTtlSeconds
   );
-  const sessionActions = import_lib.Actions.set().tokenLimit({ mint: import_bs58.default.decode(USDC_MAINNET), amount: spendLimitAtomic }).programAll().get();
+  const sessionActions = import_lib.Actions.set().tokenLimit({ mint: bs58.decode(USDC_MAINNET), amount: spendLimitAtomic }).programAll().get();
   const builder = (0, import_lib.getCreateSwigWithMultipleAuthoritiesInstructionContextBuilder)({
     payer: address(feePayer),
     swigAddress: address(swigAddressStr),
@@ -4948,7 +4949,7 @@ async function buildSwigCreationBundle(params) {
   const instructions = contexts.flatMap((ctx) => (0, import_kit.getInstructionsFromContext)(ctx));
   return {
     swigAddress: swigAddressStr,
-    swigIdBase58: import_bs58.default.encode(swigId),
+    swigIdBase58: bs58.encode(swigId),
     instructions
   };
 }
@@ -4969,7 +4970,7 @@ async function verifySwigIsOurs(params) {
     const rpc = createSolanaRpc(rpcEndpoint);
     const swig = await (0, import_kit.fetchNullableSwig)(rpc, address(swigAddress));
     if (swig) {
-      const ourRoles = swig.findRolesByAuthorityAddress(import_bs58.default.decode(dexterMasterPubkey));
+      const ourRoles = swig.findRolesByAuthorityAddress(bs58.decode(dexterMasterPubkey));
       if (!ourRoles || ourRoles.length === 0) {
         return {
           ok: false,

package/dist/instructions/index.js

@@ -4843,8 +4843,9 @@ function createSolanaRpcFromTransport(transport) {
 }
 
 // src/instructions/swigBundle.ts
-import bs58 from "bs58";
+import * as bs58Module from "bs58";
 import { PublicKey as PublicKey11 } from "@solana/web3.js";
+var bs58 = bs58Module.default ?? bs58Module;
 var SWIG_ID_DOMAIN = "dexter-swig-id:v1:";
 var DEFAULT_SESSION_TTL_SECONDS = BigInt(30 * 24 * 60 * 60);
 var DEFAULT_SPEND_LIMIT_ATOMIC = BigInt(1e9);

package/dist/signers/browser/index.cjs

@@ -0,0 +1,204 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/signers/browser/index.ts
+var browser_exports = {};
+__export(browser_exports, {
+  WebAuthnAssertion: () => WebAuthnAssertion,
+  WebAuthnAssertionError: () => WebAuthnAssertionError,
+  derSignatureToCompactLowS: () => derSignatureToCompactLowS
+});
+module.exports = __toCommonJS(browser_exports);
+var WebAuthnAssertionError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+    this.name = "WebAuthnAssertionError";
+  }
+};
+var WebAuthnAssertion = class {
+  credentialId;
+  publicKeyBase64;
+  rpId;
+  allowCredentials;
+  timeoutMs;
+  userVerification;
+  constructor(config) {
+    if (!(config.credentialId instanceof Uint8Array) || config.credentialId.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_credential_id",
+        "credentialId must be a non-empty Uint8Array"
+      );
+    }
+    this.credentialId = config.credentialId;
+    this.publicKeyBase64 = config.publicKeyBase64;
+    this.rpId = config.rpId;
+    this.allowCredentials = config.allowCredentials && config.allowCredentials.length > 0 ? config.allowCredentials : [{ id: config.credentialId }];
+    this.timeoutMs = config.timeoutMs ?? 6e4;
+    this.userVerification = config.userVerification ?? "preferred";
+  }
+  /**
+   * Run `navigator.credentials.get()` over `challenge` and return the
+   * three on-chain-ready buffers.
+   *
+   * The caller is responsible for what `challenge` *is*. For the vault
+   * program, this is typically `sha256(opMessage)` minted server-side
+   * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+   * does not impose policy here.
+   */
+  async assertOver(challenge) {
+    ensureBrowser();
+    if (!(challenge instanceof Uint8Array) || challenge.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_challenge",
+        "challenge must be a non-empty Uint8Array"
+      );
+    }
+    const requestOptions = {
+      challenge: toBufferSource(challenge),
+      allowCredentials: this.allowCredentials.map((c) => ({
+        id: toBufferSource(c.id),
+        type: "public-key",
+        transports: c.transports
+      })),
+      timeout: this.timeoutMs,
+      userVerification: this.userVerification,
+      ...this.rpId ? { rpId: this.rpId } : {}
+    };
+    const credential = await navigator.credentials.get({
+      publicKey: requestOptions
+    });
+    if (!credential) {
+      throw new WebAuthnAssertionError(
+        "user_cancelled",
+        "no assertion returned from authenticator"
+      );
+    }
+    if (credential.type !== "public-key") {
+      throw new WebAuthnAssertionError(
+        "credential_invalid",
+        `unexpected credential type: ${credential.type}`
+      );
+    }
+    const assertion = credential.response;
+    const derSignature = new Uint8Array(assertion.signature);
+    const compactSignature = derSignatureToCompactLowS(derSignature);
+    return {
+      signature: compactSignature,
+      clientDataJSON: new Uint8Array(assertion.clientDataJSON),
+      authenticatorData: new Uint8Array(assertion.authenticatorData)
+    };
+  }
+  /**
+   * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+   * to type against `PasskeySigner` (e.g. dexter-fe's
+   * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+   * that want the explicit name call `.assertOver(challenge)`. Same
+   * function, two names.
+   */
+  sign(challenge) {
+    return this.assertOver(challenge);
+  }
+};
+function ensureBrowser() {
+  if (typeof globalThis === "undefined" || typeof globalThis.navigator === "undefined") {
+    throw new WebAuthnAssertionError(
+      "not_browser",
+      "WebAuthnAssertion requires a browser environment (navigator.credentials)"
+    );
+  }
+  const cred = globalThis.navigator.credentials;
+  if (!cred || typeof cred.get !== "function") {
+    throw new WebAuthnAssertionError(
+      "webauthn_unsupported",
+      "this environment does not implement navigator.credentials.get"
+    );
+  }
+}
+function toBufferSource(bytes) {
+  const out = new ArrayBuffer(bytes.length);
+  new Uint8Array(out).set(bytes);
+  return out;
+}
+var P256_ORDER = BigInt(
+  "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"
+);
+var P256_HALF_ORDER = P256_ORDER >> BigInt(1);
+function bigintFromBytes(buf) {
+  let n = 0n;
+  for (const byte of buf) n = n << 8n | BigInt(byte);
+  return n;
+}
+function bytesFromBigint(n, length) {
+  const out = new Uint8Array(length);
+  for (let i = length - 1; i >= 0; i -= 1) {
+    out[i] = Number(n & 0xffn);
+    n >>= 8n;
+  }
+  return out;
+}
+function derSignatureToCompactLowS(der) {
+  let i = 0;
+  if (der[i++] !== 48) {
+    throw new WebAuthnAssertionError("bad_signature", "expected DER SEQUENCE");
+  }
+  i++;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected r INTEGER");
+  }
+  const rLen = der[i++];
+  if (rLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no r length)");
+  }
+  let r = der.slice(i, i + rLen);
+  i += rLen;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected s INTEGER");
+  }
+  const sLen = der[i++];
+  if (sLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no s length)");
+  }
+  let s = der.slice(i, i + sLen);
+  i += sLen;
+  if (r.length > 32 && r[0] === 0) r = r.slice(1);
+  if (s.length > 32 && s[0] === 0) s = s.slice(1);
+  if (r.length > 32 || s.length > 32) {
+    throw new WebAuthnAssertionError(
+      "bad_signature",
+      "DER component too large for P-256"
+    );
+  }
+  const rPadded = new Uint8Array(32);
+  rPadded.set(r, 32 - r.length);
+  let sN = bigintFromBytes(s);
+  if (sN > P256_HALF_ORDER) sN = P256_ORDER - sN;
+  const sPadded = bytesFromBigint(sN, 32);
+  const out = new Uint8Array(64);
+  out.set(rPadded, 0);
+  out.set(sPadded, 32);
+  return out;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  WebAuthnAssertion,
+  WebAuthnAssertionError,
+  derSignatureToCompactLowS
+});

package/dist/signers/browser/index.d.cts

@@ -0,0 +1,95 @@
+import { PasskeySigner } from '../types.cjs';
+
+/**
+ * WebAuthnAssertion — pure-browser P-256 passkey ceremony.
+ *
+ * Runs `navigator.credentials.get()` over a server-issued challenge and
+ * returns the three bytes the on-chain secp256r1 precompile + vault
+ * program need:
+ *
+ *   - signature (64-byte compact r||s with low-S enforcement)
+ *   - clientDataJSON  (raw, what the authenticator hashed)
+ *   - authenticatorData (raw, what the authenticator signed)
+ *
+ * Zero `fetch` calls. The consumer composes this with whatever server
+ * policy they enforce (replay defense, signature counter, AAGUID
+ * capture). For Dexter that policy lives in dexter-fe's
+ * `DexterApiBrowserPasskeySigner` adapter.
+ *
+ * The DER → compact lowS conversion is the canonical implementation —
+ * it lifts verbatim from dexter-fe/app/lib/passkey.ts (which had it
+ * duplicated in passkey-anon.ts). After v0.2 lands and dexter-fe
+ * swaps, those two copies go away.
+ */
+
+interface WebAuthnAssertionConfig {
+    /** Raw credential ID bytes (NOT base64-encoded). */
+    credentialId: Uint8Array;
+    /** 33-byte SEC1 compressed P-256 pubkey, base64. Kept for symmetry / future use; not consumed by `assertOver`. */
+    publicKeyBase64?: string;
+    /** WebAuthn relying-party identifier. Defaults to omitting the field (browser uses the page's RP ID). */
+    rpId?: string;
+    /** Optional allow-list. Default: just `credentialId`. */
+    allowCredentials?: Array<{
+        id: Uint8Array;
+        transports?: AuthenticatorTransport[];
+    }>;
+    /** WebAuthn timeout in milliseconds. Default 60_000. */
+    timeoutMs?: number;
+    /** UV requirement. Default "preferred". */
+    userVerification?: UserVerificationRequirement;
+}
+interface WebAuthnAssertionResult {
+    /** 64-byte compact r||s P-256 signature, lowS-normalized (SIMD-0075 requires lowS). */
+    signature: Uint8Array;
+    /** Raw clientDataJSON as returned by the authenticator. */
+    clientDataJSON: Uint8Array;
+    /** Raw authenticatorData as returned by the authenticator. */
+    authenticatorData: Uint8Array;
+}
+declare class WebAuthnAssertionError extends Error {
+    readonly code: string;
+    constructor(code: string, message: string);
+}
+/**
+ * Pure-browser WebAuthn assertion driver. Implements `PasskeySigner` so
+ * adapters that compose with server policy can plug straight in.
+ */
+declare class WebAuthnAssertion implements PasskeySigner {
+    readonly credentialId: Uint8Array;
+    readonly publicKeyBase64?: string;
+    private readonly rpId?;
+    private readonly allowCredentials;
+    private readonly timeoutMs;
+    private readonly userVerification;
+    constructor(config: WebAuthnAssertionConfig);
+    /**
+     * Run `navigator.credentials.get()` over `challenge` and return the
+     * three on-chain-ready buffers.
+     *
+     * The caller is responsible for what `challenge` *is*. For the vault
+     * program, this is typically `sha256(opMessage)` minted server-side
+     * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+     * does not impose policy here.
+     */
+    assertOver(challenge: Uint8Array): Promise<WebAuthnAssertionResult>;
+    /**
+     * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+     * to type against `PasskeySigner` (e.g. dexter-fe's
+     * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+     * that want the explicit name call `.assertOver(challenge)`. Same
+     * function, two names.
+     */
+    sign(challenge: Uint8Array): Promise<WebAuthnAssertionResult>;
+}
+/**
+ * Parse an ASN.1 DER ECDSA signature and return the 64-byte (r||s) form
+ * with s normalized to lowS (s ≤ n/2). SIMD-0075 rejects high-S
+ * signatures to prevent malleability replay.
+ *
+ * Exported so byte-parity tests can lock the conversion against the
+ * dexter-fe implementation it replaces.
+ */
+declare function derSignatureToCompactLowS(der: Uint8Array): Uint8Array;
+
+export { WebAuthnAssertion, type WebAuthnAssertionConfig, WebAuthnAssertionError, type WebAuthnAssertionResult, derSignatureToCompactLowS };

package/dist/signers/browser/index.d.ts

@@ -0,0 +1,95 @@
+import { PasskeySigner } from '../types.js';
+
+/**
+ * WebAuthnAssertion — pure-browser P-256 passkey ceremony.
+ *
+ * Runs `navigator.credentials.get()` over a server-issued challenge and
+ * returns the three bytes the on-chain secp256r1 precompile + vault
+ * program need:
+ *
+ *   - signature (64-byte compact r||s with low-S enforcement)
+ *   - clientDataJSON  (raw, what the authenticator hashed)
+ *   - authenticatorData (raw, what the authenticator signed)
+ *
+ * Zero `fetch` calls. The consumer composes this with whatever server
+ * policy they enforce (replay defense, signature counter, AAGUID
+ * capture). For Dexter that policy lives in dexter-fe's
+ * `DexterApiBrowserPasskeySigner` adapter.
+ *
+ * The DER → compact lowS conversion is the canonical implementation —
+ * it lifts verbatim from dexter-fe/app/lib/passkey.ts (which had it
+ * duplicated in passkey-anon.ts). After v0.2 lands and dexter-fe
+ * swaps, those two copies go away.
+ */
+
+interface WebAuthnAssertionConfig {
+    /** Raw credential ID bytes (NOT base64-encoded). */
+    credentialId: Uint8Array;
+    /** 33-byte SEC1 compressed P-256 pubkey, base64. Kept for symmetry / future use; not consumed by `assertOver`. */
+    publicKeyBase64?: string;
+    /** WebAuthn relying-party identifier. Defaults to omitting the field (browser uses the page's RP ID). */
+    rpId?: string;
+    /** Optional allow-list. Default: just `credentialId`. */
+    allowCredentials?: Array<{
+        id: Uint8Array;
+        transports?: AuthenticatorTransport[];
+    }>;
+    /** WebAuthn timeout in milliseconds. Default 60_000. */
+    timeoutMs?: number;
+    /** UV requirement. Default "preferred". */
+    userVerification?: UserVerificationRequirement;
+}
+interface WebAuthnAssertionResult {
+    /** 64-byte compact r||s P-256 signature, lowS-normalized (SIMD-0075 requires lowS). */
+    signature: Uint8Array;
+    /** Raw clientDataJSON as returned by the authenticator. */
+    clientDataJSON: Uint8Array;
+    /** Raw authenticatorData as returned by the authenticator. */
+    authenticatorData: Uint8Array;
+}
+declare class WebAuthnAssertionError extends Error {
+    readonly code: string;
+    constructor(code: string, message: string);
+}
+/**
+ * Pure-browser WebAuthn assertion driver. Implements `PasskeySigner` so
+ * adapters that compose with server policy can plug straight in.
+ */
+declare class WebAuthnAssertion implements PasskeySigner {
+    readonly credentialId: Uint8Array;
+    readonly publicKeyBase64?: string;
+    private readonly rpId?;
+    private readonly allowCredentials;
+    private readonly timeoutMs;
+    private readonly userVerification;
+    constructor(config: WebAuthnAssertionConfig);
+    /**
+     * Run `navigator.credentials.get()` over `challenge` and return the
+     * three on-chain-ready buffers.
+     *
+     * The caller is responsible for what `challenge` *is*. For the vault
+     * program, this is typically `sha256(opMessage)` minted server-side
+     * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+     * does not impose policy here.
+     */
+    assertOver(challenge: Uint8Array): Promise<WebAuthnAssertionResult>;
+    /**
+     * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+     * to type against `PasskeySigner` (e.g. dexter-fe's
+     * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+     * that want the explicit name call `.assertOver(challenge)`. Same
+     * function, two names.
+     */
+    sign(challenge: Uint8Array): Promise<WebAuthnAssertionResult>;
+}
+/**
+ * Parse an ASN.1 DER ECDSA signature and return the 64-byte (r||s) form
+ * with s normalized to lowS (s ≤ n/2). SIMD-0075 rejects high-S
+ * signatures to prevent malleability replay.
+ *
+ * Exported so byte-parity tests can lock the conversion against the
+ * dexter-fe implementation it replaces.
+ */
+declare function derSignatureToCompactLowS(der: Uint8Array): Uint8Array;
+
+export { WebAuthnAssertion, type WebAuthnAssertionConfig, WebAuthnAssertionError, type WebAuthnAssertionResult, derSignatureToCompactLowS };

package/dist/signers/browser/index.js

@@ -0,0 +1,177 @@
+// src/signers/browser/index.ts
+var WebAuthnAssertionError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+    this.name = "WebAuthnAssertionError";
+  }
+};
+var WebAuthnAssertion = class {
+  credentialId;
+  publicKeyBase64;
+  rpId;
+  allowCredentials;
+  timeoutMs;
+  userVerification;
+  constructor(config) {
+    if (!(config.credentialId instanceof Uint8Array) || config.credentialId.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_credential_id",
+        "credentialId must be a non-empty Uint8Array"
+      );
+    }
+    this.credentialId = config.credentialId;
+    this.publicKeyBase64 = config.publicKeyBase64;
+    this.rpId = config.rpId;
+    this.allowCredentials = config.allowCredentials && config.allowCredentials.length > 0 ? config.allowCredentials : [{ id: config.credentialId }];
+    this.timeoutMs = config.timeoutMs ?? 6e4;
+    this.userVerification = config.userVerification ?? "preferred";
+  }
+  /**
+   * Run `navigator.credentials.get()` over `challenge` and return the
+   * three on-chain-ready buffers.
+   *
+   * The caller is responsible for what `challenge` *is*. For the vault
+   * program, this is typically `sha256(opMessage)` minted server-side
+   * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+   * does not impose policy here.
+   */
+  async assertOver(challenge) {
+    ensureBrowser();
+    if (!(challenge instanceof Uint8Array) || challenge.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_challenge",
+        "challenge must be a non-empty Uint8Array"
+      );
+    }
+    const requestOptions = {
+      challenge: toBufferSource(challenge),
+      allowCredentials: this.allowCredentials.map((c) => ({
+        id: toBufferSource(c.id),
+        type: "public-key",
+        transports: c.transports
+      })),
+      timeout: this.timeoutMs,
+      userVerification: this.userVerification,
+      ...this.rpId ? { rpId: this.rpId } : {}
+    };
+    const credential = await navigator.credentials.get({
+      publicKey: requestOptions
+    });
+    if (!credential) {
+      throw new WebAuthnAssertionError(
+        "user_cancelled",
+        "no assertion returned from authenticator"
+      );
+    }
+    if (credential.type !== "public-key") {
+      throw new WebAuthnAssertionError(
+        "credential_invalid",
+        `unexpected credential type: ${credential.type}`
+      );
+    }
+    const assertion = credential.response;
+    const derSignature = new Uint8Array(assertion.signature);
+    const compactSignature = derSignatureToCompactLowS(derSignature);
+    return {
+      signature: compactSignature,
+      clientDataJSON: new Uint8Array(assertion.clientDataJSON),
+      authenticatorData: new Uint8Array(assertion.authenticatorData)
+    };
+  }
+  /**
+   * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+   * to type against `PasskeySigner` (e.g. dexter-fe's
+   * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+   * that want the explicit name call `.assertOver(challenge)`. Same
+   * function, two names.
+   */
+  sign(challenge) {
+    return this.assertOver(challenge);
+  }
+};
+function ensureBrowser() {
+  if (typeof globalThis === "undefined" || typeof globalThis.navigator === "undefined") {
+    throw new WebAuthnAssertionError(
+      "not_browser",
+      "WebAuthnAssertion requires a browser environment (navigator.credentials)"
+    );
+  }
+  const cred = globalThis.navigator.credentials;
+  if (!cred || typeof cred.get !== "function") {
+    throw new WebAuthnAssertionError(
+      "webauthn_unsupported",
+      "this environment does not implement navigator.credentials.get"
+    );
+  }
+}
+function toBufferSource(bytes) {
+  const out = new ArrayBuffer(bytes.length);
+  new Uint8Array(out).set(bytes);
+  return out;
+}
+var P256_ORDER = BigInt(
+  "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"
+);
+var P256_HALF_ORDER = P256_ORDER >> BigInt(1);
+function bigintFromBytes(buf) {
+  let n = 0n;
+  for (const byte of buf) n = n << 8n | BigInt(byte);
+  return n;
+}
+function bytesFromBigint(n, length) {
+  const out = new Uint8Array(length);
+  for (let i = length - 1; i >= 0; i -= 1) {
+    out[i] = Number(n & 0xffn);
+    n >>= 8n;
+  }
+  return out;
+}
+function derSignatureToCompactLowS(der) {
+  let i = 0;
+  if (der[i++] !== 48) {
+    throw new WebAuthnAssertionError("bad_signature", "expected DER SEQUENCE");
+  }
+  i++;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected r INTEGER");
+  }
+  const rLen = der[i++];
+  if (rLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no r length)");
+  }
+  let r = der.slice(i, i + rLen);
+  i += rLen;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected s INTEGER");
+  }
+  const sLen = der[i++];
+  if (sLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no s length)");
+  }
+  let s = der.slice(i, i + sLen);
+  i += sLen;
+  if (r.length > 32 && r[0] === 0) r = r.slice(1);
+  if (s.length > 32 && s[0] === 0) s = s.slice(1);
+  if (r.length > 32 || s.length > 32) {
+    throw new WebAuthnAssertionError(
+      "bad_signature",
+      "DER component too large for P-256"
+    );
+  }
+  const rPadded = new Uint8Array(32);
+  rPadded.set(r, 32 - r.length);
+  let sN = bigintFromBytes(s);
+  if (sN > P256_HALF_ORDER) sN = P256_ORDER - sN;
+  const sPadded = bytesFromBigint(sN, 32);
+  const out = new Uint8Array(64);
+  out.set(rPadded, 0);
+  out.set(sPadded, 32);
+  return out;
+}
+export {
+  WebAuthnAssertion,
+  WebAuthnAssertionError,
+  derSignatureToCompactLowS
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dexterai/vault",
-  "version": "0.1.2",
+  "version": "0.2.0",
   "description": "Canonical off-chain mirror of the dexter-vault Solana Anchor program — Solana instruction builders, byte-precise message encoders, account decoders, secp256r1/Ed25519 precompile helpers, counterfactual Swig derivation, and signer interfaces. The single source of truth for any TypeScript code that produces bytes the on-chain program will verify.",
   "author": "Dexter",
   "license": "MIT",
@@ -15,7 +15,8 @@
     "./reader": { "types": "./dist/reader/index.d.ts", "import": "./dist/reader/index.js", "require": "./dist/reader/index.cjs" },
     "./precompile": { "types": "./dist/precompile/index.d.ts", "import": "./dist/precompile/index.js", "require": "./dist/precompile/index.cjs" },
     "./signers": { "types": "./dist/signers/types.d.ts", "import": "./dist/signers/types.js", "require": "./dist/signers/types.cjs" },
-    "./signers/node": { "types": "./dist/signers/node/index.d.ts", "import": "./dist/signers/node/index.js", "require": "./dist/signers/node/index.cjs" }
+    "./signers/node": { "types": "./dist/signers/node/index.d.ts", "import": "./dist/signers/node/index.js", "require": "./dist/signers/node/index.cjs" },
+    "./signers/browser": { "types": "./dist/signers/browser/index.d.ts", "import": "./dist/signers/browser/index.js", "require": "./dist/signers/browser/index.cjs" }
   },
   "files": ["dist", "README.md", "LICENSE", "assets"],
   "scripts": {