@dexterai/vault 0.1.3 → 0.2.1

package/dist/signers/browser/index.cjs

@@ -0,0 +1,205 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/signers/browser/index.ts
+var browser_exports = {};
+__export(browser_exports, {
+  WebAuthnAssertion: () => WebAuthnAssertion,
+  WebAuthnAssertionError: () => WebAuthnAssertionError,
+  derSignatureToCompactLowS: () => derSignatureToCompactLowS
+});
+module.exports = __toCommonJS(browser_exports);
+var WebAuthnAssertionError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+    this.name = "WebAuthnAssertionError";
+  }
+};
+var WebAuthnAssertion = class {
+  credentialId;
+  publicKeyBase64;
+  rpId;
+  allowCredentials;
+  timeoutMs;
+  userVerification;
+  constructor(config) {
+    if (!(config.credentialId instanceof Uint8Array) || config.credentialId.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_credential_id",
+        "credentialId must be a non-empty Uint8Array"
+      );
+    }
+    this.credentialId = config.credentialId;
+    this.publicKeyBase64 = config.publicKeyBase64;
+    this.rpId = config.rpId;
+    this.allowCredentials = config.allowCredentials && config.allowCredentials.length > 0 ? config.allowCredentials : [{ id: config.credentialId }];
+    this.timeoutMs = config.timeoutMs ?? 6e4;
+    this.userVerification = config.userVerification ?? "preferred";
+  }
+  /**
+   * Run `navigator.credentials.get()` over `challenge` and return the
+   * three on-chain-ready buffers.
+   *
+   * The caller is responsible for what `challenge` *is*. For the vault
+   * program, this is typically `sha256(opMessage)` minted server-side
+   * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+   * does not impose policy here.
+   */
+  async assertOver(challenge) {
+    ensureBrowser();
+    if (!(challenge instanceof Uint8Array) || challenge.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_challenge",
+        "challenge must be a non-empty Uint8Array"
+      );
+    }
+    const requestOptions = {
+      challenge: toBufferSource(challenge),
+      allowCredentials: this.allowCredentials.map((c) => ({
+        id: toBufferSource(c.id),
+        type: "public-key",
+        transports: c.transports
+      })),
+      timeout: this.timeoutMs,
+      userVerification: this.userVerification,
+      ...this.rpId ? { rpId: this.rpId } : {}
+    };
+    const credential = await navigator.credentials.get({
+      publicKey: requestOptions
+    });
+    if (!credential) {
+      throw new WebAuthnAssertionError(
+        "user_cancelled",
+        "no assertion returned from authenticator"
+      );
+    }
+    if (credential.type !== "public-key") {
+      throw new WebAuthnAssertionError(
+        "credential_invalid",
+        `unexpected credential type: ${credential.type}`
+      );
+    }
+    const assertion = credential.response;
+    const derSignature = new Uint8Array(assertion.signature);
+    const compactSignature = derSignatureToCompactLowS(derSignature);
+    return {
+      signature: compactSignature,
+      signatureDer: derSignature,
+      clientDataJSON: new Uint8Array(assertion.clientDataJSON),
+      authenticatorData: new Uint8Array(assertion.authenticatorData)
+    };
+  }
+  /**
+   * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+   * to type against `PasskeySigner` (e.g. dexter-fe's
+   * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+   * that want the explicit name call `.assertOver(challenge)`. Same
+   * function, two names.
+   */
+  sign(challenge) {
+    return this.assertOver(challenge);
+  }
+};
+function ensureBrowser() {
+  if (typeof globalThis === "undefined" || typeof globalThis.navigator === "undefined") {
+    throw new WebAuthnAssertionError(
+      "not_browser",
+      "WebAuthnAssertion requires a browser environment (navigator.credentials)"
+    );
+  }
+  const cred = globalThis.navigator.credentials;
+  if (!cred || typeof cred.get !== "function") {
+    throw new WebAuthnAssertionError(
+      "webauthn_unsupported",
+      "this environment does not implement navigator.credentials.get"
+    );
+  }
+}
+function toBufferSource(bytes) {
+  const out = new ArrayBuffer(bytes.length);
+  new Uint8Array(out).set(bytes);
+  return out;
+}
+var P256_ORDER = BigInt(
+  "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"
+);
+var P256_HALF_ORDER = P256_ORDER >> BigInt(1);
+function bigintFromBytes(buf) {
+  let n = 0n;
+  for (const byte of buf) n = n << 8n | BigInt(byte);
+  return n;
+}
+function bytesFromBigint(n, length) {
+  const out = new Uint8Array(length);
+  for (let i = length - 1; i >= 0; i -= 1) {
+    out[i] = Number(n & 0xffn);
+    n >>= 8n;
+  }
+  return out;
+}
+function derSignatureToCompactLowS(der) {
+  let i = 0;
+  if (der[i++] !== 48) {
+    throw new WebAuthnAssertionError("bad_signature", "expected DER SEQUENCE");
+  }
+  i++;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected r INTEGER");
+  }
+  const rLen = der[i++];
+  if (rLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no r length)");
+  }
+  let r = der.slice(i, i + rLen);
+  i += rLen;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected s INTEGER");
+  }
+  const sLen = der[i++];
+  if (sLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no s length)");
+  }
+  let s = der.slice(i, i + sLen);
+  i += sLen;
+  if (r.length > 32 && r[0] === 0) r = r.slice(1);
+  if (s.length > 32 && s[0] === 0) s = s.slice(1);
+  if (r.length > 32 || s.length > 32) {
+    throw new WebAuthnAssertionError(
+      "bad_signature",
+      "DER component too large for P-256"
+    );
+  }
+  const rPadded = new Uint8Array(32);
+  rPadded.set(r, 32 - r.length);
+  let sN = bigintFromBytes(s);
+  if (sN > P256_HALF_ORDER) sN = P256_ORDER - sN;
+  const sPadded = bytesFromBigint(sN, 32);
+  const out = new Uint8Array(64);
+  out.set(rPadded, 0);
+  out.set(sPadded, 32);
+  return out;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  WebAuthnAssertion,
+  WebAuthnAssertionError,
+  derSignatureToCompactLowS
+});

package/dist/signers/browser/index.d.cts

@@ -0,0 +1,103 @@
+import { PasskeySigner } from '../types.cjs';
+
+/**
+ * WebAuthnAssertion — pure-browser P-256 passkey ceremony.
+ *
+ * Runs `navigator.credentials.get()` over a server-issued challenge and
+ * returns the three bytes the on-chain secp256r1 precompile + vault
+ * program need:
+ *
+ *   - signature (64-byte compact r||s with low-S enforcement)
+ *   - clientDataJSON  (raw, what the authenticator hashed)
+ *   - authenticatorData (raw, what the authenticator signed)
+ *
+ * Zero `fetch` calls. The consumer composes this with whatever server
+ * policy they enforce (replay defense, signature counter, AAGUID
+ * capture). For Dexter that policy lives in dexter-fe's
+ * `DexterApiBrowserPasskeySigner` adapter.
+ *
+ * The DER → compact lowS conversion is the canonical implementation —
+ * it lifts verbatim from dexter-fe/app/lib/passkey.ts (which had it
+ * duplicated in passkey-anon.ts). After v0.2 lands and dexter-fe
+ * swaps, those two copies go away.
+ */
+
+interface WebAuthnAssertionConfig {
+    /** Raw credential ID bytes (NOT base64-encoded). */
+    credentialId: Uint8Array;
+    /** 33-byte SEC1 compressed P-256 pubkey, base64. Kept for symmetry / future use; not consumed by `assertOver`. */
+    publicKeyBase64?: string;
+    /** WebAuthn relying-party identifier. Defaults to omitting the field (browser uses the page's RP ID). */
+    rpId?: string;
+    /** Optional allow-list. Default: just `credentialId`. */
+    allowCredentials?: Array<{
+        id: Uint8Array;
+        transports?: AuthenticatorTransport[];
+    }>;
+    /** WebAuthn timeout in milliseconds. Default 60_000. */
+    timeoutMs?: number;
+    /** UV requirement. Default "preferred". */
+    userVerification?: UserVerificationRequirement;
+}
+interface WebAuthnAssertionResult {
+    /** 64-byte compact r||s P-256 signature, lowS-normalized (SIMD-0075 requires lowS). */
+    signature: Uint8Array;
+    /**
+     * Raw DER-encoded ECDSA signature as returned by the authenticator,
+     * BEFORE the compact-lowS conversion. Kept so consumers that need to
+     * forward the assertion to a WebAuthn server library (which expects
+     * DER) don't have to re-run the ceremony. The on-chain bytes are
+     * `signature` (compact); DER is for server-side verify legs.
+     */
+    signatureDer: Uint8Array;
+    /** Raw clientDataJSON as returned by the authenticator. */
+    clientDataJSON: Uint8Array;
+    /** Raw authenticatorData as returned by the authenticator. */
+    authenticatorData: Uint8Array;
+}
+declare class WebAuthnAssertionError extends Error {
+    readonly code: string;
+    constructor(code: string, message: string);
+}
+/**
+ * Pure-browser WebAuthn assertion driver. Implements `PasskeySigner` so
+ * adapters that compose with server policy can plug straight in.
+ */
+declare class WebAuthnAssertion implements PasskeySigner {
+    readonly credentialId: Uint8Array;
+    readonly publicKeyBase64?: string;
+    private readonly rpId?;
+    private readonly allowCredentials;
+    private readonly timeoutMs;
+    private readonly userVerification;
+    constructor(config: WebAuthnAssertionConfig);
+    /**
+     * Run `navigator.credentials.get()` over `challenge` and return the
+     * three on-chain-ready buffers.
+     *
+     * The caller is responsible for what `challenge` *is*. For the vault
+     * program, this is typically `sha256(opMessage)` minted server-side
+     * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+     * does not impose policy here.
+     */
+    assertOver(challenge: Uint8Array): Promise<WebAuthnAssertionResult>;
+    /**
+     * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+     * to type against `PasskeySigner` (e.g. dexter-fe's
+     * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+     * that want the explicit name call `.assertOver(challenge)`. Same
+     * function, two names.
+     */
+    sign(challenge: Uint8Array): Promise<WebAuthnAssertionResult>;
+}
+/**
+ * Parse an ASN.1 DER ECDSA signature and return the 64-byte (r||s) form
+ * with s normalized to lowS (s ≤ n/2). SIMD-0075 rejects high-S
+ * signatures to prevent malleability replay.
+ *
+ * Exported so byte-parity tests can lock the conversion against the
+ * dexter-fe implementation it replaces.
+ */
+declare function derSignatureToCompactLowS(der: Uint8Array): Uint8Array;
+
+export { WebAuthnAssertion, type WebAuthnAssertionConfig, WebAuthnAssertionError, type WebAuthnAssertionResult, derSignatureToCompactLowS };

package/dist/signers/browser/index.d.ts

@@ -0,0 +1,103 @@
+import { PasskeySigner } from '../types.js';
+
+/**
+ * WebAuthnAssertion — pure-browser P-256 passkey ceremony.
+ *
+ * Runs `navigator.credentials.get()` over a server-issued challenge and
+ * returns the three bytes the on-chain secp256r1 precompile + vault
+ * program need:
+ *
+ *   - signature (64-byte compact r||s with low-S enforcement)
+ *   - clientDataJSON  (raw, what the authenticator hashed)
+ *   - authenticatorData (raw, what the authenticator signed)
+ *
+ * Zero `fetch` calls. The consumer composes this with whatever server
+ * policy they enforce (replay defense, signature counter, AAGUID
+ * capture). For Dexter that policy lives in dexter-fe's
+ * `DexterApiBrowserPasskeySigner` adapter.
+ *
+ * The DER → compact lowS conversion is the canonical implementation —
+ * it lifts verbatim from dexter-fe/app/lib/passkey.ts (which had it
+ * duplicated in passkey-anon.ts). After v0.2 lands and dexter-fe
+ * swaps, those two copies go away.
+ */
+
+interface WebAuthnAssertionConfig {
+    /** Raw credential ID bytes (NOT base64-encoded). */
+    credentialId: Uint8Array;
+    /** 33-byte SEC1 compressed P-256 pubkey, base64. Kept for symmetry / future use; not consumed by `assertOver`. */
+    publicKeyBase64?: string;
+    /** WebAuthn relying-party identifier. Defaults to omitting the field (browser uses the page's RP ID). */
+    rpId?: string;
+    /** Optional allow-list. Default: just `credentialId`. */
+    allowCredentials?: Array<{
+        id: Uint8Array;
+        transports?: AuthenticatorTransport[];
+    }>;
+    /** WebAuthn timeout in milliseconds. Default 60_000. */
+    timeoutMs?: number;
+    /** UV requirement. Default "preferred". */
+    userVerification?: UserVerificationRequirement;
+}
+interface WebAuthnAssertionResult {
+    /** 64-byte compact r||s P-256 signature, lowS-normalized (SIMD-0075 requires lowS). */
+    signature: Uint8Array;
+    /**
+     * Raw DER-encoded ECDSA signature as returned by the authenticator,
+     * BEFORE the compact-lowS conversion. Kept so consumers that need to
+     * forward the assertion to a WebAuthn server library (which expects
+     * DER) don't have to re-run the ceremony. The on-chain bytes are
+     * `signature` (compact); DER is for server-side verify legs.
+     */
+    signatureDer: Uint8Array;
+    /** Raw clientDataJSON as returned by the authenticator. */
+    clientDataJSON: Uint8Array;
+    /** Raw authenticatorData as returned by the authenticator. */
+    authenticatorData: Uint8Array;
+}
+declare class WebAuthnAssertionError extends Error {
+    readonly code: string;
+    constructor(code: string, message: string);
+}
+/**
+ * Pure-browser WebAuthn assertion driver. Implements `PasskeySigner` so
+ * adapters that compose with server policy can plug straight in.
+ */
+declare class WebAuthnAssertion implements PasskeySigner {
+    readonly credentialId: Uint8Array;
+    readonly publicKeyBase64?: string;
+    private readonly rpId?;
+    private readonly allowCredentials;
+    private readonly timeoutMs;
+    private readonly userVerification;
+    constructor(config: WebAuthnAssertionConfig);
+    /**
+     * Run `navigator.credentials.get()` over `challenge` and return the
+     * three on-chain-ready buffers.
+     *
+     * The caller is responsible for what `challenge` *is*. For the vault
+     * program, this is typically `sha256(opMessage)` minted server-side
+     * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+     * does not impose policy here.
+     */
+    assertOver(challenge: Uint8Array): Promise<WebAuthnAssertionResult>;
+    /**
+     * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+     * to type against `PasskeySigner` (e.g. dexter-fe's
+     * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+     * that want the explicit name call `.assertOver(challenge)`. Same
+     * function, two names.
+     */
+    sign(challenge: Uint8Array): Promise<WebAuthnAssertionResult>;
+}
+/**
+ * Parse an ASN.1 DER ECDSA signature and return the 64-byte (r||s) form
+ * with s normalized to lowS (s ≤ n/2). SIMD-0075 rejects high-S
+ * signatures to prevent malleability replay.
+ *
+ * Exported so byte-parity tests can lock the conversion against the
+ * dexter-fe implementation it replaces.
+ */
+declare function derSignatureToCompactLowS(der: Uint8Array): Uint8Array;
+
+export { WebAuthnAssertion, type WebAuthnAssertionConfig, WebAuthnAssertionError, type WebAuthnAssertionResult, derSignatureToCompactLowS };

package/dist/signers/browser/index.js

@@ -0,0 +1,178 @@
+// src/signers/browser/index.ts
+var WebAuthnAssertionError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+    this.name = "WebAuthnAssertionError";
+  }
+};
+var WebAuthnAssertion = class {
+  credentialId;
+  publicKeyBase64;
+  rpId;
+  allowCredentials;
+  timeoutMs;
+  userVerification;
+  constructor(config) {
+    if (!(config.credentialId instanceof Uint8Array) || config.credentialId.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_credential_id",
+        "credentialId must be a non-empty Uint8Array"
+      );
+    }
+    this.credentialId = config.credentialId;
+    this.publicKeyBase64 = config.publicKeyBase64;
+    this.rpId = config.rpId;
+    this.allowCredentials = config.allowCredentials && config.allowCredentials.length > 0 ? config.allowCredentials : [{ id: config.credentialId }];
+    this.timeoutMs = config.timeoutMs ?? 6e4;
+    this.userVerification = config.userVerification ?? "preferred";
+  }
+  /**
+   * Run `navigator.credentials.get()` over `challenge` and return the
+   * three on-chain-ready buffers.
+   *
+   * The caller is responsible for what `challenge` *is*. For the vault
+   * program, this is typically `sha256(opMessage)` minted server-side
+   * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+   * does not impose policy here.
+   */
+  async assertOver(challenge) {
+    ensureBrowser();
+    if (!(challenge instanceof Uint8Array) || challenge.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_challenge",
+        "challenge must be a non-empty Uint8Array"
+      );
+    }
+    const requestOptions = {
+      challenge: toBufferSource(challenge),
+      allowCredentials: this.allowCredentials.map((c) => ({
+        id: toBufferSource(c.id),
+        type: "public-key",
+        transports: c.transports
+      })),
+      timeout: this.timeoutMs,
+      userVerification: this.userVerification,
+      ...this.rpId ? { rpId: this.rpId } : {}
+    };
+    const credential = await navigator.credentials.get({
+      publicKey: requestOptions
+    });
+    if (!credential) {
+      throw new WebAuthnAssertionError(
+        "user_cancelled",
+        "no assertion returned from authenticator"
+      );
+    }
+    if (credential.type !== "public-key") {
+      throw new WebAuthnAssertionError(
+        "credential_invalid",
+        `unexpected credential type: ${credential.type}`
+      );
+    }
+    const assertion = credential.response;
+    const derSignature = new Uint8Array(assertion.signature);
+    const compactSignature = derSignatureToCompactLowS(derSignature);
+    return {
+      signature: compactSignature,
+      signatureDer: derSignature,
+      clientDataJSON: new Uint8Array(assertion.clientDataJSON),
+      authenticatorData: new Uint8Array(assertion.authenticatorData)
+    };
+  }
+  /**
+   * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+   * to type against `PasskeySigner` (e.g. dexter-fe's
+   * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+   * that want the explicit name call `.assertOver(challenge)`. Same
+   * function, two names.
+   */
+  sign(challenge) {
+    return this.assertOver(challenge);
+  }
+};
+function ensureBrowser() {
+  if (typeof globalThis === "undefined" || typeof globalThis.navigator === "undefined") {
+    throw new WebAuthnAssertionError(
+      "not_browser",
+      "WebAuthnAssertion requires a browser environment (navigator.credentials)"
+    );
+  }
+  const cred = globalThis.navigator.credentials;
+  if (!cred || typeof cred.get !== "function") {
+    throw new WebAuthnAssertionError(
+      "webauthn_unsupported",
+      "this environment does not implement navigator.credentials.get"
+    );
+  }
+}
+function toBufferSource(bytes) {
+  const out = new ArrayBuffer(bytes.length);
+  new Uint8Array(out).set(bytes);
+  return out;
+}
+var P256_ORDER = BigInt(
+  "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"
+);
+var P256_HALF_ORDER = P256_ORDER >> BigInt(1);
+function bigintFromBytes(buf) {
+  let n = 0n;
+  for (const byte of buf) n = n << 8n | BigInt(byte);
+  return n;
+}
+function bytesFromBigint(n, length) {
+  const out = new Uint8Array(length);
+  for (let i = length - 1; i >= 0; i -= 1) {
+    out[i] = Number(n & 0xffn);
+    n >>= 8n;
+  }
+  return out;
+}
+function derSignatureToCompactLowS(der) {
+  let i = 0;
+  if (der[i++] !== 48) {
+    throw new WebAuthnAssertionError("bad_signature", "expected DER SEQUENCE");
+  }
+  i++;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected r INTEGER");
+  }
+  const rLen = der[i++];
+  if (rLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no r length)");
+  }
+  let r = der.slice(i, i + rLen);
+  i += rLen;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected s INTEGER");
+  }
+  const sLen = der[i++];
+  if (sLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no s length)");
+  }
+  let s = der.slice(i, i + sLen);
+  i += sLen;
+  if (r.length > 32 && r[0] === 0) r = r.slice(1);
+  if (s.length > 32 && s[0] === 0) s = s.slice(1);
+  if (r.length > 32 || s.length > 32) {
+    throw new WebAuthnAssertionError(
+      "bad_signature",
+      "DER component too large for P-256"
+    );
+  }
+  const rPadded = new Uint8Array(32);
+  rPadded.set(r, 32 - r.length);
+  let sN = bigintFromBytes(s);
+  if (sN > P256_HALF_ORDER) sN = P256_ORDER - sN;
+  const sPadded = bytesFromBigint(sN, 32);
+  const out = new Uint8Array(64);
+  out.set(rPadded, 0);
+  out.set(sPadded, 32);
+  return out;
+}
+export {
+  WebAuthnAssertion,
+  WebAuthnAssertionError,
+  derSignatureToCompactLowS
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dexterai/vault",
-  "version": "0.1.3",
+  "version": "0.2.1",
   "description": "Canonical off-chain mirror of the dexter-vault Solana Anchor program — Solana instruction builders, byte-precise message encoders, account decoders, secp256r1/Ed25519 precompile helpers, counterfactual Swig derivation, and signer interfaces. The single source of truth for any TypeScript code that produces bytes the on-chain program will verify.",
   "author": "Dexter",
   "license": "MIT",
@@ -15,7 +15,8 @@
     "./reader": { "types": "./dist/reader/index.d.ts", "import": "./dist/reader/index.js", "require": "./dist/reader/index.cjs" },
     "./precompile": { "types": "./dist/precompile/index.d.ts", "import": "./dist/precompile/index.js", "require": "./dist/precompile/index.cjs" },
     "./signers": { "types": "./dist/signers/types.d.ts", "import": "./dist/signers/types.js", "require": "./dist/signers/types.cjs" },
-    "./signers/node": { "types": "./dist/signers/node/index.d.ts", "import": "./dist/signers/node/index.js", "require": "./dist/signers/node/index.cjs" }
+    "./signers/node": { "types": "./dist/signers/node/index.d.ts", "import": "./dist/signers/node/index.js", "require": "./dist/signers/node/index.cjs" },
+    "./signers/browser": { "types": "./dist/signers/browser/index.d.ts", "import": "./dist/signers/browser/index.js", "require": "./dist/signers/browser/index.cjs" }
   },
   "files": ["dist", "README.md", "LICENSE", "assets"],
   "scripts": {