@dexterai/vault 0.4.2 → 0.6.0

package/dist/connect/index.js

@@ -0,0 +1,419 @@
+// src/connect/verify.ts
+import { PublicKey as PublicKey3, Transaction } from "@solana/web3.js";
+import { createHash } from "crypto";
+
+// src/instructions/provePasskey.ts
+import {
+  TransactionInstruction,
+  SYSVAR_INSTRUCTIONS_PUBKEY
+} from "@solana/web3.js";
+
+// src/constants/index.ts
+import { PublicKey } from "@solana/web3.js";
+var DEXTER_VAULT_PROGRAM_ID = new PublicKey(
+  "Hg3wRaydFtJhYrdvYrKECacpJYDsC9Px7yKmpncj2fhc"
+);
+var SWIG_PROGRAM_ID = new PublicKey(
+  "swigypWHEksbC64pWKwah1WTeh9JXwx8H1rJHLdbQMB"
+);
+var SECP256R1_PROGRAM_ID = new PublicKey(
+  "Secp256r1SigVerify1111111111111111111111111"
+);
+var ED25519_PROGRAM_ID = new PublicKey(
+  "Ed25519SigVerify111111111111111111111111111"
+);
+var INSTRUCTIONS_SYSVAR_ID = new PublicKey(
+  "Sysvar1nstructions1111111111111111111111111"
+);
+var VAULT_SEED_PREFIX = Buffer.from("vault");
+var LOCKED_CLAIM_SEED = Buffer.from("locked-claim");
+var DISCRIMINATORS = Object.freeze({
+  initialize_vault: Uint8Array.from([48, 191, 163, 44, 71, 129, 63, 164]),
+  set_swig: Uint8Array.from([253, 229, 89, 206, 192, 118, 137, 165]),
+  settle_voucher: Uint8Array.from([144, 176, 128, 220, 156, 79, 41, 54]),
+  request_withdrawal: Uint8Array.from([251, 85, 121, 205, 56, 201, 12, 177]),
+  finalize_withdrawal: Uint8Array.from([178, 87, 206, 68, 201, 186, 164, 232]),
+  force_release: Uint8Array.from([122, 190, 243, 252, 54, 202, 208, 234]),
+  rotate_passkey: Uint8Array.from([28, 134, 49, 89, 196, 34, 58, 174]),
+  rotate_dexter_authority: Uint8Array.from([145, 60, 4, 119, 180, 205, 236, 134]),
+  prove_passkey: Uint8Array.from([35, 175, 41, 143, 201, 118, 49, 184]),
+  settle_tab_voucher: Uint8Array.from([173, 22, 98, 31, 110, 129, 59, 161]),
+  register_session_key: Uint8Array.from([69, 94, 60, 44, 49, 199, 183, 233]),
+  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151]),
+  lock_voucher: Uint8Array.from([91, 138, 5, 227, 119, 239, 48, 254]),
+  settle_locked_voucher: Uint8Array.from([44, 80, 216, 43, 247, 253, 101, 45]),
+  transfer_lock_ownership: Uint8Array.from([193, 13, 131, 134, 95, 25, 229, 157]),
+  recover_abandoned_lock: Uint8Array.from([169, 213, 107, 64, 229, 49, 43, 234]),
+  open_standby: Uint8Array.from([234, 184, 232, 135, 246, 191, 90, 250]),
+  draw_credit: Uint8Array.from([20, 84, 47, 211, 78, 117, 195, 210]),
+  repay_credit: Uint8Array.from([38, 113, 240, 182, 109, 179, 154, 245]),
+  seize_collateral: Uint8Array.from([40, 250, 7, 243, 168, 184, 116, 154]),
+  migrate_v4_to_v5: Uint8Array.from([226, 105, 140, 184, 101, 39, 235, 116])
+});
+var OTS_SESSION_REGISTER_V1_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REGISTER_V1"), 0);
+  return buf;
+})();
+var OTS_SESSION_REGISTER_V2_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REGISTER_V2"), 0);
+  return buf;
+})();
+var OTS_SESSION_REVOKE_V1_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REVOKE_V1"), 0);
+  return buf;
+})();
+
+// src/instructions/provePasskey.ts
+function encodeBytesVec(buf) {
+  const out = Buffer.alloc(4 + buf.length);
+  out.writeUInt32LE(buf.length, 0);
+  Buffer.from(buf).copy(out, 4);
+  return out;
+}
+function encodeFixedBytes(buf, len) {
+  if (buf.length !== len) {
+    throw new Error(`expected ${len} bytes, got ${buf.length}`);
+  }
+  return Buffer.from(buf);
+}
+function buildProvePasskeyInstruction(p) {
+  const argsBuf = Buffer.concat([
+    encodeFixedBytes(p.challenge, 32),
+    encodeBytesVec(p.clientDataJSON),
+    encodeBytesVec(p.authenticatorData)
+  ]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.prove_passkey), argsBuf]);
+  return new TransactionInstruction({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.vaultPda, isSigner: false, isWritable: false },
+      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY, isSigner: false, isWritable: false }
+    ],
+    data
+  });
+}
+
+// src/precompile/secp256r1.ts
+import { TransactionInstruction as TransactionInstruction2 } from "@solana/web3.js";
+var SIGNATURE_OFFSETS_SERIALIZED_SIZE = 14;
+var SIGNATURE_SERIALIZED_SIZE = 64;
+var COMPRESSED_PUBKEY_SERIALIZED_SIZE = 33;
+var PRECOMPILE_DATA_START = 2;
+function buildSecp256r1VerifyInstruction(publicKey, signature, message) {
+  if (publicKey.length !== COMPRESSED_PUBKEY_SERIALIZED_SIZE) {
+    throw new Error(`expected ${COMPRESSED_PUBKEY_SERIALIZED_SIZE}-byte pubkey`);
+  }
+  if (signature.length !== SIGNATURE_SERIALIZED_SIZE) {
+    throw new Error(`expected ${SIGNATURE_SERIALIZED_SIZE}-byte signature`);
+  }
+  const signatureOffset = PRECOMPILE_DATA_START + SIGNATURE_OFFSETS_SERIALIZED_SIZE;
+  const publicKeyOffset = signatureOffset + SIGNATURE_SERIALIZED_SIZE;
+  const messageOffset = publicKeyOffset + COMPRESSED_PUBKEY_SERIALIZED_SIZE;
+  const messageSize = message.length;
+  const totalLen = messageOffset + messageSize;
+  const data = Buffer.alloc(totalLen);
+  data[0] = 1;
+  data[1] = 0;
+  data.writeUInt16LE(signatureOffset, PRECOMPILE_DATA_START + 0);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 2);
+  data.writeUInt16LE(publicKeyOffset, PRECOMPILE_DATA_START + 4);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 6);
+  data.writeUInt16LE(messageOffset, PRECOMPILE_DATA_START + 8);
+  data.writeUInt16LE(messageSize, PRECOMPILE_DATA_START + 10);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 12);
+  Buffer.from(signature).copy(data, signatureOffset);
+  Buffer.from(publicKey).copy(data, publicKeyOffset);
+  Buffer.from(message).copy(data, messageOffset);
+  return new TransactionInstruction2({
+    keys: [],
+    programId: SECP256R1_PROGRAM_ID,
+    data
+  });
+}
+async function buildPrecompileMessage(clientDataJSON, authenticatorData) {
+  const subtle = globalThis.crypto?.subtle;
+  let clientDataHash;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", clientDataJSON);
+    clientDataHash = new Uint8Array(buf);
+  } else {
+    const { createHash: createHash2 } = await import("crypto");
+    clientDataHash = createHash2("sha256").update(clientDataJSON).digest();
+  }
+  const out = new Uint8Array(authenticatorData.length + 32);
+  out.set(authenticatorData, 0);
+  out.set(clientDataHash, authenticatorData.length);
+  return out;
+}
+
+// src/connect/verify.ts
+function decodeChallengeTo32Bytes(challenge) {
+  const decoded = tryBase64urlDecode(challenge);
+  if (decoded && decoded.length === 32) return decoded;
+  return new Uint8Array(createHash("sha256").update(challenge, "utf8").digest());
+}
+function tryBase64urlDecode(s) {
+  if (!/^[A-Za-z0-9\-_]+={0,2}$/.test(s)) return null;
+  try {
+    return new Uint8Array(Buffer.from(s, "base64url"));
+  } catch {
+    return null;
+  }
+}
+async function verifyConnectProof(args) {
+  const { connection, challenge, proof } = args;
+  try {
+    const challengeBytes = decodeChallengeTo32Bytes(challenge);
+    const vaultPda = new PublicKey3(proof.vault);
+    const precompileMessage = await buildPrecompileMessage(
+      proof.clientDataJSON,
+      proof.authenticatorData
+    );
+    const ix0 = buildSecp256r1VerifyInstruction(
+      proof.passkeyPubkey,
+      proof.signature,
+      precompileMessage
+    );
+    const ix1 = buildProvePasskeyInstruction({
+      vaultPda,
+      challenge: challengeBytes,
+      clientDataJSON: proof.clientDataJSON,
+      authenticatorData: proof.authenticatorData
+    });
+    const tx = new Transaction();
+    tx.add(ix0, ix1);
+    tx.feePayer = vaultPda;
+    tx.recentBlockhash = PublicKey3.default.toBase58();
+    const simulate = args.simulate ?? ((t) => connection.simulateTransaction(t, void 0, false));
+    const res = await simulate(tx);
+    const err = res?.value?.err ?? null;
+    if (err === null) {
+      return { ok: true, vault: vaultPda };
+    }
+    return { ok: false, reason: `simulation rejected: ${stringifyErr(err)}` };
+  } catch (e) {
+    return { ok: false, reason: e instanceof Error ? e.message : String(e) };
+  }
+}
+function stringifyErr(err) {
+  try {
+    return JSON.stringify(err);
+  } catch {
+    return String(err);
+  }
+}
+
+// src/signers/browser/index.ts
+var WebAuthnAssertionError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+    this.name = "WebAuthnAssertionError";
+  }
+};
+var WebAuthnAssertion = class {
+  credentialId;
+  publicKeyBase64;
+  rpId;
+  allowCredentials;
+  timeoutMs;
+  userVerification;
+  constructor(config) {
+    if (!(config.credentialId instanceof Uint8Array) || config.credentialId.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_credential_id",
+        "credentialId must be a non-empty Uint8Array"
+      );
+    }
+    this.credentialId = config.credentialId;
+    this.publicKeyBase64 = config.publicKeyBase64;
+    this.rpId = config.rpId;
+    this.allowCredentials = config.allowCredentials && config.allowCredentials.length > 0 ? config.allowCredentials : [{ id: config.credentialId }];
+    this.timeoutMs = config.timeoutMs ?? 6e4;
+    this.userVerification = config.userVerification ?? "preferred";
+  }
+  /**
+   * Run `navigator.credentials.get()` over `challenge` and return the
+   * three on-chain-ready buffers.
+   *
+   * The caller is responsible for what `challenge` *is*. For the vault
+   * program, this is typically `sha256(opMessage)` minted server-side
+   * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+   * does not impose policy here.
+   */
+  async assertOver(challenge) {
+    ensureBrowser();
+    if (!(challenge instanceof Uint8Array) || challenge.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_challenge",
+        "challenge must be a non-empty Uint8Array"
+      );
+    }
+    const requestOptions = {
+      challenge: toBufferSource(challenge),
+      allowCredentials: this.allowCredentials.map((c) => ({
+        id: toBufferSource(c.id),
+        type: "public-key",
+        transports: c.transports
+      })),
+      timeout: this.timeoutMs,
+      userVerification: this.userVerification,
+      ...this.rpId ? { rpId: this.rpId } : {}
+    };
+    const credential = await navigator.credentials.get({
+      publicKey: requestOptions
+    });
+    if (!credential) {
+      throw new WebAuthnAssertionError(
+        "user_cancelled",
+        "no assertion returned from authenticator"
+      );
+    }
+    if (credential.type !== "public-key") {
+      throw new WebAuthnAssertionError(
+        "credential_invalid",
+        `unexpected credential type: ${credential.type}`
+      );
+    }
+    const assertion = credential.response;
+    const derSignature = new Uint8Array(assertion.signature);
+    const compactSignature = derSignatureToCompactLowS(derSignature);
+    return {
+      signature: compactSignature,
+      signatureDer: derSignature,
+      clientDataJSON: new Uint8Array(assertion.clientDataJSON),
+      authenticatorData: new Uint8Array(assertion.authenticatorData)
+    };
+  }
+  /**
+   * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+   * to type against `PasskeySigner` (e.g. dexter-fe's
+   * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+   * that want the explicit name call `.assertOver(challenge)`. Same
+   * function, two names.
+   */
+  sign(challenge) {
+    return this.assertOver(challenge);
+  }
+};
+function ensureBrowser() {
+  if (typeof globalThis === "undefined" || typeof globalThis.navigator === "undefined") {
+    throw new WebAuthnAssertionError(
+      "not_browser",
+      "WebAuthnAssertion requires a browser environment (navigator.credentials)"
+    );
+  }
+  const cred = globalThis.navigator.credentials;
+  if (!cred || typeof cred.get !== "function") {
+    throw new WebAuthnAssertionError(
+      "webauthn_unsupported",
+      "this environment does not implement navigator.credentials.get"
+    );
+  }
+}
+function toBufferSource(bytes) {
+  const out = new ArrayBuffer(bytes.length);
+  new Uint8Array(out).set(bytes);
+  return out;
+}
+var P256_ORDER = BigInt(
+  "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"
+);
+var P256_HALF_ORDER = P256_ORDER >> BigInt(1);
+function bigintFromBytes(buf) {
+  let n = 0n;
+  for (const byte of buf) n = n << 8n | BigInt(byte);
+  return n;
+}
+function bytesFromBigint(n, length) {
+  const out = new Uint8Array(length);
+  for (let i = length - 1; i >= 0; i -= 1) {
+    out[i] = Number(n & 0xffn);
+    n >>= 8n;
+  }
+  return out;
+}
+function derSignatureToCompactLowS(der) {
+  let i = 0;
+  if (der[i++] !== 48) {
+    throw new WebAuthnAssertionError("bad_signature", "expected DER SEQUENCE");
+  }
+  i++;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected r INTEGER");
+  }
+  const rLen = der[i++];
+  if (rLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no r length)");
+  }
+  let r = der.slice(i, i + rLen);
+  i += rLen;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected s INTEGER");
+  }
+  const sLen = der[i++];
+  if (sLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no s length)");
+  }
+  let s = der.slice(i, i + sLen);
+  i += sLen;
+  if (r.length > 32 && r[0] === 0) r = r.slice(1);
+  if (s.length > 32 && s[0] === 0) s = s.slice(1);
+  if (r.length > 32 || s.length > 32) {
+    throw new WebAuthnAssertionError(
+      "bad_signature",
+      "DER component too large for P-256"
+    );
+  }
+  const rPadded = new Uint8Array(32);
+  rPadded.set(r, 32 - r.length);
+  let sN = bigintFromBytes(s);
+  if (sN > P256_HALF_ORDER) sN = P256_ORDER - sN;
+  const sPadded = bytesFromBigint(sN, 32);
+  const out = new Uint8Array(64);
+  out.set(rPadded, 0);
+  out.set(sPadded, 32);
+  return out;
+}
+
+// src/connect/ceremony.ts
+var SIWX_LOGIN_PREFIX = "siwx_login";
+async function connectTab(args) {
+  const challengeBytes = decodeChallengeTo32Bytes(args.challenge);
+  const prefix = new TextEncoder().encode(SIWX_LOGIN_PREFIX);
+  const opMessage = new Uint8Array(prefix.length + challengeBytes.length);
+  opMessage.set(prefix, 0);
+  opMessage.set(challengeBytes, prefix.length);
+  const signedDigest = await sha256(opMessage);
+  const signer = new WebAuthnAssertion({
+    credentialId: args.credentialId,
+    ...args.rpId ? { rpId: args.rpId } : {}
+  });
+  const assertion = await signer.assertOver(signedDigest);
+  return {
+    passkeyPubkey: args.passkeyPubkey,
+    vault: args.vault,
+    clientDataJSON: assertion.clientDataJSON,
+    authenticatorData: assertion.authenticatorData,
+    signature: assertion.signature
+    // 64-byte compact lowS r||s
+  };
+}
+async function sha256(data) {
+  const subtle = globalThis.crypto?.subtle;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", data);
+    return new Uint8Array(buf);
+  }
+  const { createHash: createHash2 } = await import("crypto");
+  return new Uint8Array(createHash2("sha256").update(data).digest());
+}
+export {
+  connectTab,
+  decodeChallengeTo32Bytes,
+  verifyConnectProof
+};

package/dist/constants/index.cjs

@@ -24,6 +24,7 @@ __export(constants_exports, {
   DISCRIMINATORS: () => DISCRIMINATORS,
   ED25519_PROGRAM_ID: () => ED25519_PROGRAM_ID,
   INSTRUCTIONS_SYSVAR_ID: () => INSTRUCTIONS_SYSVAR_ID,
+  LOCKED_CLAIM_SEED: () => LOCKED_CLAIM_SEED,
   OTS_SESSION_REGISTER_V1_DOMAIN: () => OTS_SESSION_REGISTER_V1_DOMAIN,
   OTS_SESSION_REGISTER_V2_DOMAIN: () => OTS_SESSION_REGISTER_V2_DOMAIN,
   OTS_SESSION_REVOKE_V1_DOMAIN: () => OTS_SESSION_REVOKE_V1_DOMAIN,
@@ -53,6 +54,7 @@ var INSTRUCTIONS_SYSVAR_ID = new import_web3.PublicKey(
 var USDC_MAINNET = "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";
 var USDC_DEVNET = "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU";
 var VAULT_SEED_PREFIX = Buffer.from("vault");
+var LOCKED_CLAIM_SEED = Buffer.from("locked-claim");
 var DISCRIMINATORS = Object.freeze({
   initialize_vault: Uint8Array.from([48, 191, 163, 44, 71, 129, 63, 164]),
   set_swig: Uint8Array.from([253, 229, 89, 206, 192, 118, 137, 165]),
@@ -65,7 +67,16 @@ var DISCRIMINATORS = Object.freeze({
   prove_passkey: Uint8Array.from([35, 175, 41, 143, 201, 118, 49, 184]),
   settle_tab_voucher: Uint8Array.from([173, 22, 98, 31, 110, 129, 59, 161]),
   register_session_key: Uint8Array.from([69, 94, 60, 44, 49, 199, 183, 233]),
-  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151])
+  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151]),
+  lock_voucher: Uint8Array.from([91, 138, 5, 227, 119, 239, 48, 254]),
+  settle_locked_voucher: Uint8Array.from([44, 80, 216, 43, 247, 253, 101, 45]),
+  transfer_lock_ownership: Uint8Array.from([193, 13, 131, 134, 95, 25, 229, 157]),
+  recover_abandoned_lock: Uint8Array.from([169, 213, 107, 64, 229, 49, 43, 234]),
+  open_standby: Uint8Array.from([234, 184, 232, 135, 246, 191, 90, 250]),
+  draw_credit: Uint8Array.from([20, 84, 47, 211, 78, 117, 195, 210]),
+  repay_credit: Uint8Array.from([38, 113, 240, 182, 109, 179, 154, 245]),
+  seize_collateral: Uint8Array.from([40, 250, 7, 243, 168, 184, 116, 154]),
+  migrate_v4_to_v5: Uint8Array.from([226, 105, 140, 184, 101, 39, 235, 116])
 });
 var OTS_SESSION_REGISTER_V1_DOMAIN = (() => {
   const buf = new Uint8Array(32);
@@ -88,6 +99,7 @@ var OTS_SESSION_REVOKE_V1_DOMAIN = (() => {
   DISCRIMINATORS,
   ED25519_PROGRAM_ID,
   INSTRUCTIONS_SYSVAR_ID,
+  LOCKED_CLAIM_SEED,
   OTS_SESSION_REGISTER_V1_DOMAIN,
   OTS_SESSION_REGISTER_V2_DOMAIN,
   OTS_SESSION_REVOKE_V1_DOMAIN,

package/dist/constants/index.d.cts

@@ -14,6 +14,7 @@ declare const INSTRUCTIONS_SYSVAR_ID: PublicKey;
 declare const USDC_MAINNET = "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";
 declare const USDC_DEVNET = "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU";
 declare const VAULT_SEED_PREFIX: Buffer<ArrayBuffer>;
+declare const LOCKED_CLAIM_SEED: Buffer<ArrayBuffer>;
 declare const DISCRIMINATORS: Readonly<{
     initialize_vault: Uint8Array<ArrayBuffer>;
     set_swig: Uint8Array<ArrayBuffer>;
@@ -27,9 +28,18 @@ declare const DISCRIMINATORS: Readonly<{
     settle_tab_voucher: Uint8Array<ArrayBuffer>;
     register_session_key: Uint8Array<ArrayBuffer>;
     revoke_session_key: Uint8Array<ArrayBuffer>;
+    lock_voucher: Uint8Array<ArrayBuffer>;
+    settle_locked_voucher: Uint8Array<ArrayBuffer>;
+    transfer_lock_ownership: Uint8Array<ArrayBuffer>;
+    recover_abandoned_lock: Uint8Array<ArrayBuffer>;
+    open_standby: Uint8Array<ArrayBuffer>;
+    draw_credit: Uint8Array<ArrayBuffer>;
+    repay_credit: Uint8Array<ArrayBuffer>;
+    seize_collateral: Uint8Array<ArrayBuffer>;
+    migrate_v4_to_v5: Uint8Array<ArrayBuffer>;
 }>;
 declare const OTS_SESSION_REGISTER_V1_DOMAIN: Uint8Array;
 declare const OTS_SESSION_REGISTER_V2_DOMAIN: Uint8Array;
 declare const OTS_SESSION_REVOKE_V1_DOMAIN: Uint8Array;
 
-export { DEXTER_VAULT_PROGRAM_ID, DISCRIMINATORS, ED25519_PROGRAM_ID, INSTRUCTIONS_SYSVAR_ID, OTS_SESSION_REGISTER_V1_DOMAIN, OTS_SESSION_REGISTER_V2_DOMAIN, OTS_SESSION_REVOKE_V1_DOMAIN, SECP256R1_PROGRAM_ID, SWIG_PROGRAM_ID, USDC_DEVNET, USDC_MAINNET, VAULT_SEED_PREFIX };
+export { DEXTER_VAULT_PROGRAM_ID, DISCRIMINATORS, ED25519_PROGRAM_ID, INSTRUCTIONS_SYSVAR_ID, LOCKED_CLAIM_SEED, OTS_SESSION_REGISTER_V1_DOMAIN, OTS_SESSION_REGISTER_V2_DOMAIN, OTS_SESSION_REVOKE_V1_DOMAIN, SECP256R1_PROGRAM_ID, SWIG_PROGRAM_ID, USDC_DEVNET, USDC_MAINNET, VAULT_SEED_PREFIX };

package/dist/constants/index.d.ts

@@ -14,6 +14,7 @@ declare const INSTRUCTIONS_SYSVAR_ID: PublicKey;
 declare const USDC_MAINNET = "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";
 declare const USDC_DEVNET = "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU";
 declare const VAULT_SEED_PREFIX: Buffer<ArrayBuffer>;
+declare const LOCKED_CLAIM_SEED: Buffer<ArrayBuffer>;
 declare const DISCRIMINATORS: Readonly<{
     initialize_vault: Uint8Array<ArrayBuffer>;
     set_swig: Uint8Array<ArrayBuffer>;
@@ -27,9 +28,18 @@ declare const DISCRIMINATORS: Readonly<{
     settle_tab_voucher: Uint8Array<ArrayBuffer>;
     register_session_key: Uint8Array<ArrayBuffer>;
     revoke_session_key: Uint8Array<ArrayBuffer>;
+    lock_voucher: Uint8Array<ArrayBuffer>;
+    settle_locked_voucher: Uint8Array<ArrayBuffer>;
+    transfer_lock_ownership: Uint8Array<ArrayBuffer>;
+    recover_abandoned_lock: Uint8Array<ArrayBuffer>;
+    open_standby: Uint8Array<ArrayBuffer>;
+    draw_credit: Uint8Array<ArrayBuffer>;
+    repay_credit: Uint8Array<ArrayBuffer>;
+    seize_collateral: Uint8Array<ArrayBuffer>;
+    migrate_v4_to_v5: Uint8Array<ArrayBuffer>;
 }>;
 declare const OTS_SESSION_REGISTER_V1_DOMAIN: Uint8Array;
 declare const OTS_SESSION_REGISTER_V2_DOMAIN: Uint8Array;
 declare const OTS_SESSION_REVOKE_V1_DOMAIN: Uint8Array;
 
-export { DEXTER_VAULT_PROGRAM_ID, DISCRIMINATORS, ED25519_PROGRAM_ID, INSTRUCTIONS_SYSVAR_ID, OTS_SESSION_REGISTER_V1_DOMAIN, OTS_SESSION_REGISTER_V2_DOMAIN, OTS_SESSION_REVOKE_V1_DOMAIN, SECP256R1_PROGRAM_ID, SWIG_PROGRAM_ID, USDC_DEVNET, USDC_MAINNET, VAULT_SEED_PREFIX };
+export { DEXTER_VAULT_PROGRAM_ID, DISCRIMINATORS, ED25519_PROGRAM_ID, INSTRUCTIONS_SYSVAR_ID, LOCKED_CLAIM_SEED, OTS_SESSION_REGISTER_V1_DOMAIN, OTS_SESSION_REGISTER_V2_DOMAIN, OTS_SESSION_REVOKE_V1_DOMAIN, SECP256R1_PROGRAM_ID, SWIG_PROGRAM_ID, USDC_DEVNET, USDC_MAINNET, VAULT_SEED_PREFIX };

package/dist/constants/index.js

@@ -18,6 +18,7 @@ var INSTRUCTIONS_SYSVAR_ID = new PublicKey(
 var USDC_MAINNET = "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";
 var USDC_DEVNET = "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU";
 var VAULT_SEED_PREFIX = Buffer.from("vault");
+var LOCKED_CLAIM_SEED = Buffer.from("locked-claim");
 var DISCRIMINATORS = Object.freeze({
   initialize_vault: Uint8Array.from([48, 191, 163, 44, 71, 129, 63, 164]),
   set_swig: Uint8Array.from([253, 229, 89, 206, 192, 118, 137, 165]),
@@ -30,7 +31,16 @@ var DISCRIMINATORS = Object.freeze({
   prove_passkey: Uint8Array.from([35, 175, 41, 143, 201, 118, 49, 184]),
   settle_tab_voucher: Uint8Array.from([173, 22, 98, 31, 110, 129, 59, 161]),
   register_session_key: Uint8Array.from([69, 94, 60, 44, 49, 199, 183, 233]),
-  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151])
+  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151]),
+  lock_voucher: Uint8Array.from([91, 138, 5, 227, 119, 239, 48, 254]),
+  settle_locked_voucher: Uint8Array.from([44, 80, 216, 43, 247, 253, 101, 45]),
+  transfer_lock_ownership: Uint8Array.from([193, 13, 131, 134, 95, 25, 229, 157]),
+  recover_abandoned_lock: Uint8Array.from([169, 213, 107, 64, 229, 49, 43, 234]),
+  open_standby: Uint8Array.from([234, 184, 232, 135, 246, 191, 90, 250]),
+  draw_credit: Uint8Array.from([20, 84, 47, 211, 78, 117, 195, 210]),
+  repay_credit: Uint8Array.from([38, 113, 240, 182, 109, 179, 154, 245]),
+  seize_collateral: Uint8Array.from([40, 250, 7, 243, 168, 184, 116, 154]),
+  migrate_v4_to_v5: Uint8Array.from([226, 105, 140, 184, 101, 39, 235, 116])
 });
 var OTS_SESSION_REGISTER_V1_DOMAIN = (() => {
   const buf = new Uint8Array(32);
@@ -52,6 +62,7 @@ export {
   DISCRIMINATORS,
   ED25519_PROGRAM_ID,
   INSTRUCTIONS_SYSVAR_ID,
+  LOCKED_CLAIM_SEED,
   OTS_SESSION_REGISTER_V1_DOMAIN,
   OTS_SESSION_REGISTER_V2_DOMAIN,
   OTS_SESSION_REVOKE_V1_DOMAIN,

package/dist/counterfactual.cjs

@@ -39,6 +39,7 @@ var import_lib2 = require("@swig-wallet/lib");
 var import_node_crypto = require("crypto");
 var import_kit = require("@swig-wallet/kit");
 var import_lib = require("@swig-wallet/lib");
+var import_kit2 = require("@solana/kit");
 var bs58Module = __toESM(require("bs58"), 1);
 var import_web32 = require("@solana/web3.js");
 
@@ -60,6 +61,7 @@ var INSTRUCTIONS_SYSVAR_ID = new import_web3.PublicKey(
   "Sysvar1nstructions1111111111111111111111111"
 );
 var VAULT_SEED_PREFIX = Buffer.from("vault");
+var LOCKED_CLAIM_SEED = Buffer.from("locked-claim");
 var DISCRIMINATORS = Object.freeze({
   initialize_vault: Uint8Array.from([48, 191, 163, 44, 71, 129, 63, 164]),
   set_swig: Uint8Array.from([253, 229, 89, 206, 192, 118, 137, 165]),
@@ -72,7 +74,16 @@ var DISCRIMINATORS = Object.freeze({
   prove_passkey: Uint8Array.from([35, 175, 41, 143, 201, 118, 49, 184]),
   settle_tab_voucher: Uint8Array.from([173, 22, 98, 31, 110, 129, 59, 161]),
   register_session_key: Uint8Array.from([69, 94, 60, 44, 49, 199, 183, 233]),
-  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151])
+  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151]),
+  lock_voucher: Uint8Array.from([91, 138, 5, 227, 119, 239, 48, 254]),
+  settle_locked_voucher: Uint8Array.from([44, 80, 216, 43, 247, 253, 101, 45]),
+  transfer_lock_ownership: Uint8Array.from([193, 13, 131, 134, 95, 25, 229, 157]),
+  recover_abandoned_lock: Uint8Array.from([169, 213, 107, 64, 229, 49, 43, 234]),
+  open_standby: Uint8Array.from([234, 184, 232, 135, 246, 191, 90, 250]),
+  draw_credit: Uint8Array.from([20, 84, 47, 211, 78, 117, 195, 210]),
+  repay_credit: Uint8Array.from([38, 113, 240, 182, 109, 179, 154, 245]),
+  seize_collateral: Uint8Array.from([40, 250, 7, 243, 168, 184, 116, 154]),
+  migrate_v4_to_v5: Uint8Array.from([226, 105, 140, 184, 101, 39, 235, 116])
 });
 var OTS_SESSION_REGISTER_V1_DOMAIN = (() => {
   const buf = new Uint8Array(32);

package/dist/counterfactual.js

@@ -15,6 +15,7 @@ import {
   createEd25519SessionAuthorityInfo,
   getCreateSwigWithMultipleAuthoritiesInstructionContextBuilder
 } from "@swig-wallet/lib";
+import { address, createSolanaRpc } from "@solana/kit";
 import * as bs58Module from "bs58";
 import { PublicKey as PublicKey2 } from "@solana/web3.js";
 
@@ -36,6 +37,7 @@ var INSTRUCTIONS_SYSVAR_ID = new PublicKey(
   "Sysvar1nstructions1111111111111111111111111"
 );
 var VAULT_SEED_PREFIX = Buffer.from("vault");
+var LOCKED_CLAIM_SEED = Buffer.from("locked-claim");
 var DISCRIMINATORS = Object.freeze({
   initialize_vault: Uint8Array.from([48, 191, 163, 44, 71, 129, 63, 164]),
   set_swig: Uint8Array.from([253, 229, 89, 206, 192, 118, 137, 165]),
@@ -48,7 +50,16 @@ var DISCRIMINATORS = Object.freeze({
   prove_passkey: Uint8Array.from([35, 175, 41, 143, 201, 118, 49, 184]),
   settle_tab_voucher: Uint8Array.from([173, 22, 98, 31, 110, 129, 59, 161]),
   register_session_key: Uint8Array.from([69, 94, 60, 44, 49, 199, 183, 233]),
-  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151])
+  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151]),
+  lock_voucher: Uint8Array.from([91, 138, 5, 227, 119, 239, 48, 254]),
+  settle_locked_voucher: Uint8Array.from([44, 80, 216, 43, 247, 253, 101, 45]),
+  transfer_lock_ownership: Uint8Array.from([193, 13, 131, 134, 95, 25, 229, 157]),
+  recover_abandoned_lock: Uint8Array.from([169, 213, 107, 64, 229, 49, 43, 234]),
+  open_standby: Uint8Array.from([234, 184, 232, 135, 246, 191, 90, 250]),
+  draw_credit: Uint8Array.from([20, 84, 47, 211, 78, 117, 195, 210]),
+  repay_credit: Uint8Array.from([38, 113, 240, 182, 109, 179, 154, 245]),
+  seize_collateral: Uint8Array.from([40, 250, 7, 243, 168, 184, 116, 154]),
+  migrate_v4_to_v5: Uint8Array.from([226, 105, 140, 184, 101, 39, 235, 116])
 });
 var OTS_SESSION_REGISTER_V1_DOMAIN = (() => {
   const buf = new Uint8Array(32);