@dexterai/vault 0.5.0 → 0.6.0

package/dist/connect/index.cjs

@@ -0,0 +1,455 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/connect/index.ts
+var connect_exports = {};
+__export(connect_exports, {
+  connectTab: () => connectTab,
+  decodeChallengeTo32Bytes: () => decodeChallengeTo32Bytes,
+  verifyConnectProof: () => verifyConnectProof
+});
+module.exports = __toCommonJS(connect_exports);
+
+// src/connect/verify.ts
+var import_web34 = require("@solana/web3.js");
+var import_node_crypto = require("crypto");
+
+// src/instructions/provePasskey.ts
+var import_web32 = require("@solana/web3.js");
+
+// src/constants/index.ts
+var import_web3 = require("@solana/web3.js");
+var DEXTER_VAULT_PROGRAM_ID = new import_web3.PublicKey(
+  "Hg3wRaydFtJhYrdvYrKECacpJYDsC9Px7yKmpncj2fhc"
+);
+var SWIG_PROGRAM_ID = new import_web3.PublicKey(
+  "swigypWHEksbC64pWKwah1WTeh9JXwx8H1rJHLdbQMB"
+);
+var SECP256R1_PROGRAM_ID = new import_web3.PublicKey(
+  "Secp256r1SigVerify1111111111111111111111111"
+);
+var ED25519_PROGRAM_ID = new import_web3.PublicKey(
+  "Ed25519SigVerify111111111111111111111111111"
+);
+var INSTRUCTIONS_SYSVAR_ID = new import_web3.PublicKey(
+  "Sysvar1nstructions1111111111111111111111111"
+);
+var VAULT_SEED_PREFIX = Buffer.from("vault");
+var LOCKED_CLAIM_SEED = Buffer.from("locked-claim");
+var DISCRIMINATORS = Object.freeze({
+  initialize_vault: Uint8Array.from([48, 191, 163, 44, 71, 129, 63, 164]),
+  set_swig: Uint8Array.from([253, 229, 89, 206, 192, 118, 137, 165]),
+  settle_voucher: Uint8Array.from([144, 176, 128, 220, 156, 79, 41, 54]),
+  request_withdrawal: Uint8Array.from([251, 85, 121, 205, 56, 201, 12, 177]),
+  finalize_withdrawal: Uint8Array.from([178, 87, 206, 68, 201, 186, 164, 232]),
+  force_release: Uint8Array.from([122, 190, 243, 252, 54, 202, 208, 234]),
+  rotate_passkey: Uint8Array.from([28, 134, 49, 89, 196, 34, 58, 174]),
+  rotate_dexter_authority: Uint8Array.from([145, 60, 4, 119, 180, 205, 236, 134]),
+  prove_passkey: Uint8Array.from([35, 175, 41, 143, 201, 118, 49, 184]),
+  settle_tab_voucher: Uint8Array.from([173, 22, 98, 31, 110, 129, 59, 161]),
+  register_session_key: Uint8Array.from([69, 94, 60, 44, 49, 199, 183, 233]),
+  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151]),
+  lock_voucher: Uint8Array.from([91, 138, 5, 227, 119, 239, 48, 254]),
+  settle_locked_voucher: Uint8Array.from([44, 80, 216, 43, 247, 253, 101, 45]),
+  transfer_lock_ownership: Uint8Array.from([193, 13, 131, 134, 95, 25, 229, 157]),
+  recover_abandoned_lock: Uint8Array.from([169, 213, 107, 64, 229, 49, 43, 234]),
+  open_standby: Uint8Array.from([234, 184, 232, 135, 246, 191, 90, 250]),
+  draw_credit: Uint8Array.from([20, 84, 47, 211, 78, 117, 195, 210]),
+  repay_credit: Uint8Array.from([38, 113, 240, 182, 109, 179, 154, 245]),
+  seize_collateral: Uint8Array.from([40, 250, 7, 243, 168, 184, 116, 154]),
+  migrate_v4_to_v5: Uint8Array.from([226, 105, 140, 184, 101, 39, 235, 116])
+});
+var OTS_SESSION_REGISTER_V1_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REGISTER_V1"), 0);
+  return buf;
+})();
+var OTS_SESSION_REGISTER_V2_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REGISTER_V2"), 0);
+  return buf;
+})();
+var OTS_SESSION_REVOKE_V1_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REVOKE_V1"), 0);
+  return buf;
+})();
+
+// src/instructions/provePasskey.ts
+function encodeBytesVec(buf) {
+  const out = Buffer.alloc(4 + buf.length);
+  out.writeUInt32LE(buf.length, 0);
+  Buffer.from(buf).copy(out, 4);
+  return out;
+}
+function encodeFixedBytes(buf, len) {
+  if (buf.length !== len) {
+    throw new Error(`expected ${len} bytes, got ${buf.length}`);
+  }
+  return Buffer.from(buf);
+}
+function buildProvePasskeyInstruction(p) {
+  const argsBuf = Buffer.concat([
+    encodeFixedBytes(p.challenge, 32),
+    encodeBytesVec(p.clientDataJSON),
+    encodeBytesVec(p.authenticatorData)
+  ]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.prove_passkey), argsBuf]);
+  return new import_web32.TransactionInstruction({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.vaultPda, isSigner: false, isWritable: false },
+      { pubkey: import_web32.SYSVAR_INSTRUCTIONS_PUBKEY, isSigner: false, isWritable: false }
+    ],
+    data
+  });
+}
+
+// src/precompile/secp256r1.ts
+var import_web33 = require("@solana/web3.js");
+var SIGNATURE_OFFSETS_SERIALIZED_SIZE = 14;
+var SIGNATURE_SERIALIZED_SIZE = 64;
+var COMPRESSED_PUBKEY_SERIALIZED_SIZE = 33;
+var PRECOMPILE_DATA_START = 2;
+function buildSecp256r1VerifyInstruction(publicKey, signature, message) {
+  if (publicKey.length !== COMPRESSED_PUBKEY_SERIALIZED_SIZE) {
+    throw new Error(`expected ${COMPRESSED_PUBKEY_SERIALIZED_SIZE}-byte pubkey`);
+  }
+  if (signature.length !== SIGNATURE_SERIALIZED_SIZE) {
+    throw new Error(`expected ${SIGNATURE_SERIALIZED_SIZE}-byte signature`);
+  }
+  const signatureOffset = PRECOMPILE_DATA_START + SIGNATURE_OFFSETS_SERIALIZED_SIZE;
+  const publicKeyOffset = signatureOffset + SIGNATURE_SERIALIZED_SIZE;
+  const messageOffset = publicKeyOffset + COMPRESSED_PUBKEY_SERIALIZED_SIZE;
+  const messageSize = message.length;
+  const totalLen = messageOffset + messageSize;
+  const data = Buffer.alloc(totalLen);
+  data[0] = 1;
+  data[1] = 0;
+  data.writeUInt16LE(signatureOffset, PRECOMPILE_DATA_START + 0);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 2);
+  data.writeUInt16LE(publicKeyOffset, PRECOMPILE_DATA_START + 4);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 6);
+  data.writeUInt16LE(messageOffset, PRECOMPILE_DATA_START + 8);
+  data.writeUInt16LE(messageSize, PRECOMPILE_DATA_START + 10);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 12);
+  Buffer.from(signature).copy(data, signatureOffset);
+  Buffer.from(publicKey).copy(data, publicKeyOffset);
+  Buffer.from(message).copy(data, messageOffset);
+  return new import_web33.TransactionInstruction({
+    keys: [],
+    programId: SECP256R1_PROGRAM_ID,
+    data
+  });
+}
+async function buildPrecompileMessage(clientDataJSON, authenticatorData) {
+  const subtle = globalThis.crypto?.subtle;
+  let clientDataHash;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", clientDataJSON);
+    clientDataHash = new Uint8Array(buf);
+  } else {
+    const { createHash: createHash2 } = await import("crypto");
+    clientDataHash = createHash2("sha256").update(clientDataJSON).digest();
+  }
+  const out = new Uint8Array(authenticatorData.length + 32);
+  out.set(authenticatorData, 0);
+  out.set(clientDataHash, authenticatorData.length);
+  return out;
+}
+
+// src/connect/verify.ts
+function decodeChallengeTo32Bytes(challenge) {
+  const decoded = tryBase64urlDecode(challenge);
+  if (decoded && decoded.length === 32) return decoded;
+  return new Uint8Array((0, import_node_crypto.createHash)("sha256").update(challenge, "utf8").digest());
+}
+function tryBase64urlDecode(s) {
+  if (!/^[A-Za-z0-9\-_]+={0,2}$/.test(s)) return null;
+  try {
+    return new Uint8Array(Buffer.from(s, "base64url"));
+  } catch {
+    return null;
+  }
+}
+async function verifyConnectProof(args) {
+  const { connection, challenge, proof } = args;
+  try {
+    const challengeBytes = decodeChallengeTo32Bytes(challenge);
+    const vaultPda = new import_web34.PublicKey(proof.vault);
+    const precompileMessage = await buildPrecompileMessage(
+      proof.clientDataJSON,
+      proof.authenticatorData
+    );
+    const ix0 = buildSecp256r1VerifyInstruction(
+      proof.passkeyPubkey,
+      proof.signature,
+      precompileMessage
+    );
+    const ix1 = buildProvePasskeyInstruction({
+      vaultPda,
+      challenge: challengeBytes,
+      clientDataJSON: proof.clientDataJSON,
+      authenticatorData: proof.authenticatorData
+    });
+    const tx = new import_web34.Transaction();
+    tx.add(ix0, ix1);
+    tx.feePayer = vaultPda;
+    tx.recentBlockhash = import_web34.PublicKey.default.toBase58();
+    const simulate = args.simulate ?? ((t) => connection.simulateTransaction(t, void 0, false));
+    const res = await simulate(tx);
+    const err = res?.value?.err ?? null;
+    if (err === null) {
+      return { ok: true, vault: vaultPda };
+    }
+    return { ok: false, reason: `simulation rejected: ${stringifyErr(err)}` };
+  } catch (e) {
+    return { ok: false, reason: e instanceof Error ? e.message : String(e) };
+  }
+}
+function stringifyErr(err) {
+  try {
+    return JSON.stringify(err);
+  } catch {
+    return String(err);
+  }
+}
+
+// src/signers/browser/index.ts
+var WebAuthnAssertionError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+    this.name = "WebAuthnAssertionError";
+  }
+};
+var WebAuthnAssertion = class {
+  credentialId;
+  publicKeyBase64;
+  rpId;
+  allowCredentials;
+  timeoutMs;
+  userVerification;
+  constructor(config) {
+    if (!(config.credentialId instanceof Uint8Array) || config.credentialId.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_credential_id",
+        "credentialId must be a non-empty Uint8Array"
+      );
+    }
+    this.credentialId = config.credentialId;
+    this.publicKeyBase64 = config.publicKeyBase64;
+    this.rpId = config.rpId;
+    this.allowCredentials = config.allowCredentials && config.allowCredentials.length > 0 ? config.allowCredentials : [{ id: config.credentialId }];
+    this.timeoutMs = config.timeoutMs ?? 6e4;
+    this.userVerification = config.userVerification ?? "preferred";
+  }
+  /**
+   * Run `navigator.credentials.get()` over `challenge` and return the
+   * three on-chain-ready buffers.
+   *
+   * The caller is responsible for what `challenge` *is*. For the vault
+   * program, this is typically `sha256(opMessage)` minted server-side
+   * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+   * does not impose policy here.
+   */
+  async assertOver(challenge) {
+    ensureBrowser();
+    if (!(challenge instanceof Uint8Array) || challenge.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_challenge",
+        "challenge must be a non-empty Uint8Array"
+      );
+    }
+    const requestOptions = {
+      challenge: toBufferSource(challenge),
+      allowCredentials: this.allowCredentials.map((c) => ({
+        id: toBufferSource(c.id),
+        type: "public-key",
+        transports: c.transports
+      })),
+      timeout: this.timeoutMs,
+      userVerification: this.userVerification,
+      ...this.rpId ? { rpId: this.rpId } : {}
+    };
+    const credential = await navigator.credentials.get({
+      publicKey: requestOptions
+    });
+    if (!credential) {
+      throw new WebAuthnAssertionError(
+        "user_cancelled",
+        "no assertion returned from authenticator"
+      );
+    }
+    if (credential.type !== "public-key") {
+      throw new WebAuthnAssertionError(
+        "credential_invalid",
+        `unexpected credential type: ${credential.type}`
+      );
+    }
+    const assertion = credential.response;
+    const derSignature = new Uint8Array(assertion.signature);
+    const compactSignature = derSignatureToCompactLowS(derSignature);
+    return {
+      signature: compactSignature,
+      signatureDer: derSignature,
+      clientDataJSON: new Uint8Array(assertion.clientDataJSON),
+      authenticatorData: new Uint8Array(assertion.authenticatorData)
+    };
+  }
+  /**
+   * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+   * to type against `PasskeySigner` (e.g. dexter-fe's
+   * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+   * that want the explicit name call `.assertOver(challenge)`. Same
+   * function, two names.
+   */
+  sign(challenge) {
+    return this.assertOver(challenge);
+  }
+};
+function ensureBrowser() {
+  if (typeof globalThis === "undefined" || typeof globalThis.navigator === "undefined") {
+    throw new WebAuthnAssertionError(
+      "not_browser",
+      "WebAuthnAssertion requires a browser environment (navigator.credentials)"
+    );
+  }
+  const cred = globalThis.navigator.credentials;
+  if (!cred || typeof cred.get !== "function") {
+    throw new WebAuthnAssertionError(
+      "webauthn_unsupported",
+      "this environment does not implement navigator.credentials.get"
+    );
+  }
+}
+function toBufferSource(bytes) {
+  const out = new ArrayBuffer(bytes.length);
+  new Uint8Array(out).set(bytes);
+  return out;
+}
+var P256_ORDER = BigInt(
+  "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"
+);
+var P256_HALF_ORDER = P256_ORDER >> BigInt(1);
+function bigintFromBytes(buf) {
+  let n = 0n;
+  for (const byte of buf) n = n << 8n | BigInt(byte);
+  return n;
+}
+function bytesFromBigint(n, length) {
+  const out = new Uint8Array(length);
+  for (let i = length - 1; i >= 0; i -= 1) {
+    out[i] = Number(n & 0xffn);
+    n >>= 8n;
+  }
+  return out;
+}
+function derSignatureToCompactLowS(der) {
+  let i = 0;
+  if (der[i++] !== 48) {
+    throw new WebAuthnAssertionError("bad_signature", "expected DER SEQUENCE");
+  }
+  i++;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected r INTEGER");
+  }
+  const rLen = der[i++];
+  if (rLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no r length)");
+  }
+  let r = der.slice(i, i + rLen);
+  i += rLen;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected s INTEGER");
+  }
+  const sLen = der[i++];
+  if (sLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no s length)");
+  }
+  let s = der.slice(i, i + sLen);
+  i += sLen;
+  if (r.length > 32 && r[0] === 0) r = r.slice(1);
+  if (s.length > 32 && s[0] === 0) s = s.slice(1);
+  if (r.length > 32 || s.length > 32) {
+    throw new WebAuthnAssertionError(
+      "bad_signature",
+      "DER component too large for P-256"
+    );
+  }
+  const rPadded = new Uint8Array(32);
+  rPadded.set(r, 32 - r.length);
+  let sN = bigintFromBytes(s);
+  if (sN > P256_HALF_ORDER) sN = P256_ORDER - sN;
+  const sPadded = bytesFromBigint(sN, 32);
+  const out = new Uint8Array(64);
+  out.set(rPadded, 0);
+  out.set(sPadded, 32);
+  return out;
+}
+
+// src/connect/ceremony.ts
+var SIWX_LOGIN_PREFIX = "siwx_login";
+async function connectTab(args) {
+  const challengeBytes = decodeChallengeTo32Bytes(args.challenge);
+  const prefix = new TextEncoder().encode(SIWX_LOGIN_PREFIX);
+  const opMessage = new Uint8Array(prefix.length + challengeBytes.length);
+  opMessage.set(prefix, 0);
+  opMessage.set(challengeBytes, prefix.length);
+  const signedDigest = await sha256(opMessage);
+  const signer = new WebAuthnAssertion({
+    credentialId: args.credentialId,
+    ...args.rpId ? { rpId: args.rpId } : {}
+  });
+  const assertion = await signer.assertOver(signedDigest);
+  return {
+    passkeyPubkey: args.passkeyPubkey,
+    vault: args.vault,
+    clientDataJSON: assertion.clientDataJSON,
+    authenticatorData: assertion.authenticatorData,
+    signature: assertion.signature
+    // 64-byte compact lowS r||s
+  };
+}
+async function sha256(data) {
+  const subtle = globalThis.crypto?.subtle;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", data);
+    return new Uint8Array(buf);
+  }
+  const { createHash: createHash2 } = await import("crypto");
+  return new Uint8Array(createHash2("sha256").update(data).digest());
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  connectTab,
+  decodeChallengeTo32Bytes,
+  verifyConnectProof
+});

package/dist/connect/index.d.cts

@@ -0,0 +1,145 @@
+import { PublicKey, Transaction, Connection } from '@solana/web3.js';
+
+/**
+ * verifyConnectProof — the relying-app VERIFIER for "Connect a Tab" step 1.
+ *
+ * A third-party app uses this to confirm a user controls a named Dexter vault.
+ * It reconstructs the read-only two-instruction proof transaction
+ *   [secp256r1_verify, prove_passkey]
+ * from the proof + the challenge it issued + the vault's passkey pubkey, and
+ * simulates it against the caller-supplied Connection (Helius mainnet) via the
+ * legacy `Transaction` simulate overload — which does NOT verify signatures, so
+ * the placeholder blockhash and formal feePayer are never checked.
+ * `err === null` → the holder controls the vault.
+ *   (`connection.simulateTransaction(tx, undefined, false)`: signature is
+ *    `(transaction, signers?, includeAccounts?)`; the third arg is
+ *    `includeAccounts`, set false. There is no `sigVerify` param on this
+ *    overload — `sigVerify` exists only on the VersionedTransaction config.)
+ *
+ * This is THE canonical method documented in provePasskey.ts: a verifier treats
+ * a passing simulate of [secp256r1_verify, prove_passkey] (err === null) as
+ * proof of control.
+ * It reuses the exact on-chain P-256 semantics rather than re-implementing
+ * verification — a forged/wrong-key/wrong-challenge proof makes the on-chain
+ * precompile (or prove_passkey's op-message check) reject, and simulate
+ * returns a non-null err. The reject path is genuinely simulate-driven; it is
+ * NOT a bypassable string compare.
+ *
+ * The `simulate` step is injectable with a real default (the same
+ * injectable-default-real pattern ./tab and ./factoring use for assembleSignV2
+ * / readPriorSpent) so the assembly + decision logic is unit-testable offline,
+ * while production hits the real chain.
+ */
+
+interface ConnectProof {
+    /** 33-byte compressed P-256 passkey pubkey bound to the vault. */
+    passkeyPubkey: Uint8Array;
+    /** base58 vault PDA the proof claims control of. */
+    vault: string;
+    /** WebAuthn ceremony outputs (from WebAuthnAssertionResult). */
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+    /** 64-byte compact lowS r||s P-256 signature. */
+    signature: Uint8Array;
+}
+interface ConnectVerifyResult {
+    ok: boolean;
+    vault?: PublicKey;
+    reason?: string;
+}
+/** Injectable simulate fn — defaults to the real connection.simulateTransaction.
+ *  Matches the on-chain verifier method documented in provePasskey.ts.
+ *
+ *  The return shape is intentionally MINIMAL: only `value.err` is consumed by
+ *  the decision path. The real `simulateTransaction` response is richer —
+ *  `{ context, value: { err, logs, accounts, unitsConsumed, ... } }`. A future
+ *  maintainer wanting richer `reason` diagnostics can read `value.logs` (it is
+ *  present on the real response and on the optional `logs?` below). Keeping the
+ *  type narrow also keeps the tests' fake simulate trivial. */
+type SimulateFn = (tx: Transaction) => Promise<{
+    value: {
+        err: unknown;
+        logs?: string[] | null;
+    };
+}>;
+/**
+ * CHALLENGE-ENCODING CONTRACT (C2 — the ceremony — MUST match this):
+ *
+ * The on-chain prove_passkey takes a 32-byte `challenge` (the SIWX nonce/digest);
+ * its op-message is "siwx_login" || challenge, and the WebAuthn
+ * clientDataJSON.challenge field must base64url-decode to
+ * sha256("siwx_login" || challenge).
+ *
+ * The op-message is exactly utf8("siwx_login") concatenated DIRECTLY with the
+ * 32 challenge bytes — no separator, no length prefix, no padding between them
+ * (it is rebuilt on-chain by plain byte concatenation; see provePasskey.ts).
+ *
+ * The relying-app `challenge` STRING that this verifier receives maps to those
+ * 32 bytes by this rule:
+ *   - if it base64url-decodes to EXACTLY 32 bytes, those bytes ARE the challenge;
+ *   - otherwise, sha256(utf8(challenge)) → 32 bytes.
+ * The base64url form is accepted with OR without `=` padding; the canonical
+ * issuer form is unpadded `base64url(random 32 bytes)`.
+ *
+ * So a relying app SHOULD issue `base64url(random 32 bytes)` (the canonical,
+ * zero-ambiguity form). The fallback (sha256 of an arbitrary string) keeps any
+ * other issuer deterministic. C2 produces the matching ceremony challenge:
+ *   clientDataJSON.challenge = base64url(sha256("siwx_login" || challengeBytes)).
+ */
+declare function decodeChallengeTo32Bytes(challenge: string): Uint8Array;
+declare function verifyConnectProof(args: {
+    connection: Connection;
+    /** The challenge the relying app issued (raw string; the SAME one C2 signed). */
+    challenge: string;
+    proof: ConnectProof;
+    /** Default: real connection.simulateTransaction (injectable for tests). */
+    simulate?: SimulateFn;
+}): Promise<ConnectVerifyResult>;
+
+/**
+ * connectTab — the browser-side ceremony for "Connect a Tab" step 1 (auth).
+ *
+ * Runs the WebAuthn passkey assertion and returns a `ConnectProof` that the C1
+ * verifier (`verifyConnectProof`) accepts. connectTab + verifyConnectProof must
+ * agree byte-for-byte on the challenge contract — the round-trip test is the
+ * proof they do.
+ *
+ * THE CHALLENGE CONTRACT (must match verify.ts / provePasskey.ts / the IDL):
+ *   - The relying-app `challenge` STRING maps to 32 bytes via the SAME
+ *     `decodeChallengeTo32Bytes` the verifier uses.
+ *   - The on-chain prove_passkey op-message is utf8("siwx_login") concatenated
+ *     DIRECTLY with those 32 challenge bytes (no separator, no length prefix).
+ *   - The WebAuthn `clientDataJSON.challenge` field must equal
+ *     base64url(sha256("siwx_login" || challengeBytes)).
+ *
+ * Since `WebAuthnAssertion.assertOver(X)` causes the browser to write
+ * base64url(X) into clientDataJSON.challenge, the bytes we pass to assertOver
+ * are sha256("siwx_login" || challengeBytes) — the 32-byte digest, NOT the raw
+ * challenge. Then clientDataJSON.challenge == base64url(sha256(opMessage)),
+ * exactly what prove_passkey reconstructs and the precompile signature is over.
+ *
+ * Framework-agnostic: a plain browser function. The C3 button is documented as
+ * a snippet, not a shipped React component (React is not a dependency).
+ */
+
+interface ConnectTabArgs {
+    /** The challenge the relying app issued (same string the server will pass to verifyConnectProof). */
+    challenge: string;
+    /** base58 vault PDA being connected. */
+    vault: string;
+    /** 33-byte compressed P-256 passkey pubkey bound to the vault. */
+    passkeyPubkey: Uint8Array;
+    /** Raw WebAuthn credential ID bytes for the vault's passkey. */
+    credentialId: Uint8Array;
+    /** Optional WebAuthn RP id (defaults to the page's RP). */
+    rpId?: string;
+}
+/**
+ * Run the passkey assertion and return a verifier-ready ConnectProof.
+ *
+ * Browser-only (requires navigator.credentials). The returned proof feeds
+ * straight into verifyConnectProof with the SAME challenge string.
+ */
+declare function connectTab(args: ConnectTabArgs): Promise<ConnectProof>;
+
+export { type ConnectProof, type ConnectTabArgs, type ConnectVerifyResult, type SimulateFn, connectTab, decodeChallengeTo32Bytes, verifyConnectProof };

package/dist/connect/index.d.ts

@@ -0,0 +1,145 @@
+import { PublicKey, Transaction, Connection } from '@solana/web3.js';
+
+/**
+ * verifyConnectProof — the relying-app VERIFIER for "Connect a Tab" step 1.
+ *
+ * A third-party app uses this to confirm a user controls a named Dexter vault.
+ * It reconstructs the read-only two-instruction proof transaction
+ *   [secp256r1_verify, prove_passkey]
+ * from the proof + the challenge it issued + the vault's passkey pubkey, and
+ * simulates it against the caller-supplied Connection (Helius mainnet) via the
+ * legacy `Transaction` simulate overload — which does NOT verify signatures, so
+ * the placeholder blockhash and formal feePayer are never checked.
+ * `err === null` → the holder controls the vault.
+ *   (`connection.simulateTransaction(tx, undefined, false)`: signature is
+ *    `(transaction, signers?, includeAccounts?)`; the third arg is
+ *    `includeAccounts`, set false. There is no `sigVerify` param on this
+ *    overload — `sigVerify` exists only on the VersionedTransaction config.)
+ *
+ * This is THE canonical method documented in provePasskey.ts: a verifier treats
+ * a passing simulate of [secp256r1_verify, prove_passkey] (err === null) as
+ * proof of control.
+ * It reuses the exact on-chain P-256 semantics rather than re-implementing
+ * verification — a forged/wrong-key/wrong-challenge proof makes the on-chain
+ * precompile (or prove_passkey's op-message check) reject, and simulate
+ * returns a non-null err. The reject path is genuinely simulate-driven; it is
+ * NOT a bypassable string compare.
+ *
+ * The `simulate` step is injectable with a real default (the same
+ * injectable-default-real pattern ./tab and ./factoring use for assembleSignV2
+ * / readPriorSpent) so the assembly + decision logic is unit-testable offline,
+ * while production hits the real chain.
+ */
+
+interface ConnectProof {
+    /** 33-byte compressed P-256 passkey pubkey bound to the vault. */
+    passkeyPubkey: Uint8Array;
+    /** base58 vault PDA the proof claims control of. */
+    vault: string;
+    /** WebAuthn ceremony outputs (from WebAuthnAssertionResult). */
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+    /** 64-byte compact lowS r||s P-256 signature. */
+    signature: Uint8Array;
+}
+interface ConnectVerifyResult {
+    ok: boolean;
+    vault?: PublicKey;
+    reason?: string;
+}
+/** Injectable simulate fn — defaults to the real connection.simulateTransaction.
+ *  Matches the on-chain verifier method documented in provePasskey.ts.
+ *
+ *  The return shape is intentionally MINIMAL: only `value.err` is consumed by
+ *  the decision path. The real `simulateTransaction` response is richer —
+ *  `{ context, value: { err, logs, accounts, unitsConsumed, ... } }`. A future
+ *  maintainer wanting richer `reason` diagnostics can read `value.logs` (it is
+ *  present on the real response and on the optional `logs?` below). Keeping the
+ *  type narrow also keeps the tests' fake simulate trivial. */
+type SimulateFn = (tx: Transaction) => Promise<{
+    value: {
+        err: unknown;
+        logs?: string[] | null;
+    };
+}>;
+/**
+ * CHALLENGE-ENCODING CONTRACT (C2 — the ceremony — MUST match this):
+ *
+ * The on-chain prove_passkey takes a 32-byte `challenge` (the SIWX nonce/digest);
+ * its op-message is "siwx_login" || challenge, and the WebAuthn
+ * clientDataJSON.challenge field must base64url-decode to
+ * sha256("siwx_login" || challenge).
+ *
+ * The op-message is exactly utf8("siwx_login") concatenated DIRECTLY with the
+ * 32 challenge bytes — no separator, no length prefix, no padding between them
+ * (it is rebuilt on-chain by plain byte concatenation; see provePasskey.ts).
+ *
+ * The relying-app `challenge` STRING that this verifier receives maps to those
+ * 32 bytes by this rule:
+ *   - if it base64url-decodes to EXACTLY 32 bytes, those bytes ARE the challenge;
+ *   - otherwise, sha256(utf8(challenge)) → 32 bytes.
+ * The base64url form is accepted with OR without `=` padding; the canonical
+ * issuer form is unpadded `base64url(random 32 bytes)`.
+ *
+ * So a relying app SHOULD issue `base64url(random 32 bytes)` (the canonical,
+ * zero-ambiguity form). The fallback (sha256 of an arbitrary string) keeps any
+ * other issuer deterministic. C2 produces the matching ceremony challenge:
+ *   clientDataJSON.challenge = base64url(sha256("siwx_login" || challengeBytes)).
+ */
+declare function decodeChallengeTo32Bytes(challenge: string): Uint8Array;
+declare function verifyConnectProof(args: {
+    connection: Connection;
+    /** The challenge the relying app issued (raw string; the SAME one C2 signed). */
+    challenge: string;
+    proof: ConnectProof;
+    /** Default: real connection.simulateTransaction (injectable for tests). */
+    simulate?: SimulateFn;
+}): Promise<ConnectVerifyResult>;
+
+/**
+ * connectTab — the browser-side ceremony for "Connect a Tab" step 1 (auth).
+ *
+ * Runs the WebAuthn passkey assertion and returns a `ConnectProof` that the C1
+ * verifier (`verifyConnectProof`) accepts. connectTab + verifyConnectProof must
+ * agree byte-for-byte on the challenge contract — the round-trip test is the
+ * proof they do.
+ *
+ * THE CHALLENGE CONTRACT (must match verify.ts / provePasskey.ts / the IDL):
+ *   - The relying-app `challenge` STRING maps to 32 bytes via the SAME
+ *     `decodeChallengeTo32Bytes` the verifier uses.
+ *   - The on-chain prove_passkey op-message is utf8("siwx_login") concatenated
+ *     DIRECTLY with those 32 challenge bytes (no separator, no length prefix).
+ *   - The WebAuthn `clientDataJSON.challenge` field must equal
+ *     base64url(sha256("siwx_login" || challengeBytes)).
+ *
+ * Since `WebAuthnAssertion.assertOver(X)` causes the browser to write
+ * base64url(X) into clientDataJSON.challenge, the bytes we pass to assertOver
+ * are sha256("siwx_login" || challengeBytes) — the 32-byte digest, NOT the raw
+ * challenge. Then clientDataJSON.challenge == base64url(sha256(opMessage)),
+ * exactly what prove_passkey reconstructs and the precompile signature is over.
+ *
+ * Framework-agnostic: a plain browser function. The C3 button is documented as
+ * a snippet, not a shipped React component (React is not a dependency).
+ */
+
+interface ConnectTabArgs {
+    /** The challenge the relying app issued (same string the server will pass to verifyConnectProof). */
+    challenge: string;
+    /** base58 vault PDA being connected. */
+    vault: string;
+    /** 33-byte compressed P-256 passkey pubkey bound to the vault. */
+    passkeyPubkey: Uint8Array;
+    /** Raw WebAuthn credential ID bytes for the vault's passkey. */
+    credentialId: Uint8Array;
+    /** Optional WebAuthn RP id (defaults to the page's RP). */
+    rpId?: string;
+}
+/**
+ * Run the passkey assertion and return a verifier-ready ConnectProof.
+ *
+ * Browser-only (requires navigator.credentials). The returned proof feeds
+ * straight into verifyConnectProof with the SAME challenge string.
+ */
+declare function connectTab(args: ConnectTabArgs): Promise<ConnectProof>;
+
+export { type ConnectProof, type ConnectTabArgs, type ConnectVerifyResult, type SimulateFn, connectTab, decodeChallengeTo32Bytes, verifyConnectProof };

package/dist/connect/index.js

@@ -0,0 +1,419 @@
+// src/connect/verify.ts
+import { PublicKey as PublicKey3, Transaction } from "@solana/web3.js";
+import { createHash } from "crypto";
+
+// src/instructions/provePasskey.ts
+import {
+  TransactionInstruction,
+  SYSVAR_INSTRUCTIONS_PUBKEY
+} from "@solana/web3.js";
+
+// src/constants/index.ts
+import { PublicKey } from "@solana/web3.js";
+var DEXTER_VAULT_PROGRAM_ID = new PublicKey(
+  "Hg3wRaydFtJhYrdvYrKECacpJYDsC9Px7yKmpncj2fhc"
+);
+var SWIG_PROGRAM_ID = new PublicKey(
+  "swigypWHEksbC64pWKwah1WTeh9JXwx8H1rJHLdbQMB"
+);
+var SECP256R1_PROGRAM_ID = new PublicKey(
+  "Secp256r1SigVerify1111111111111111111111111"
+);
+var ED25519_PROGRAM_ID = new PublicKey(
+  "Ed25519SigVerify111111111111111111111111111"
+);
+var INSTRUCTIONS_SYSVAR_ID = new PublicKey(
+  "Sysvar1nstructions1111111111111111111111111"
+);
+var VAULT_SEED_PREFIX = Buffer.from("vault");
+var LOCKED_CLAIM_SEED = Buffer.from("locked-claim");
+var DISCRIMINATORS = Object.freeze({
+  initialize_vault: Uint8Array.from([48, 191, 163, 44, 71, 129, 63, 164]),
+  set_swig: Uint8Array.from([253, 229, 89, 206, 192, 118, 137, 165]),
+  settle_voucher: Uint8Array.from([144, 176, 128, 220, 156, 79, 41, 54]),
+  request_withdrawal: Uint8Array.from([251, 85, 121, 205, 56, 201, 12, 177]),
+  finalize_withdrawal: Uint8Array.from([178, 87, 206, 68, 201, 186, 164, 232]),
+  force_release: Uint8Array.from([122, 190, 243, 252, 54, 202, 208, 234]),
+  rotate_passkey: Uint8Array.from([28, 134, 49, 89, 196, 34, 58, 174]),
+  rotate_dexter_authority: Uint8Array.from([145, 60, 4, 119, 180, 205, 236, 134]),
+  prove_passkey: Uint8Array.from([35, 175, 41, 143, 201, 118, 49, 184]),
+  settle_tab_voucher: Uint8Array.from([173, 22, 98, 31, 110, 129, 59, 161]),
+  register_session_key: Uint8Array.from([69, 94, 60, 44, 49, 199, 183, 233]),
+  revoke_session_key: Uint8Array.from([81, 192, 32, 110, 104, 116, 144, 151]),
+  lock_voucher: Uint8Array.from([91, 138, 5, 227, 119, 239, 48, 254]),
+  settle_locked_voucher: Uint8Array.from([44, 80, 216, 43, 247, 253, 101, 45]),
+  transfer_lock_ownership: Uint8Array.from([193, 13, 131, 134, 95, 25, 229, 157]),
+  recover_abandoned_lock: Uint8Array.from([169, 213, 107, 64, 229, 49, 43, 234]),
+  open_standby: Uint8Array.from([234, 184, 232, 135, 246, 191, 90, 250]),
+  draw_credit: Uint8Array.from([20, 84, 47, 211, 78, 117, 195, 210]),
+  repay_credit: Uint8Array.from([38, 113, 240, 182, 109, 179, 154, 245]),
+  seize_collateral: Uint8Array.from([40, 250, 7, 243, 168, 184, 116, 154]),
+  migrate_v4_to_v5: Uint8Array.from([226, 105, 140, 184, 101, 39, 235, 116])
+});
+var OTS_SESSION_REGISTER_V1_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REGISTER_V1"), 0);
+  return buf;
+})();
+var OTS_SESSION_REGISTER_V2_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REGISTER_V2"), 0);
+  return buf;
+})();
+var OTS_SESSION_REVOKE_V1_DOMAIN = (() => {
+  const buf = new Uint8Array(32);
+  buf.set(new TextEncoder().encode("OTS_SESSION_REVOKE_V1"), 0);
+  return buf;
+})();
+
+// src/instructions/provePasskey.ts
+function encodeBytesVec(buf) {
+  const out = Buffer.alloc(4 + buf.length);
+  out.writeUInt32LE(buf.length, 0);
+  Buffer.from(buf).copy(out, 4);
+  return out;
+}
+function encodeFixedBytes(buf, len) {
+  if (buf.length !== len) {
+    throw new Error(`expected ${len} bytes, got ${buf.length}`);
+  }
+  return Buffer.from(buf);
+}
+function buildProvePasskeyInstruction(p) {
+  const argsBuf = Buffer.concat([
+    encodeFixedBytes(p.challenge, 32),
+    encodeBytesVec(p.clientDataJSON),
+    encodeBytesVec(p.authenticatorData)
+  ]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.prove_passkey), argsBuf]);
+  return new TransactionInstruction({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.vaultPda, isSigner: false, isWritable: false },
+      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY, isSigner: false, isWritable: false }
+    ],
+    data
+  });
+}
+
+// src/precompile/secp256r1.ts
+import { TransactionInstruction as TransactionInstruction2 } from "@solana/web3.js";
+var SIGNATURE_OFFSETS_SERIALIZED_SIZE = 14;
+var SIGNATURE_SERIALIZED_SIZE = 64;
+var COMPRESSED_PUBKEY_SERIALIZED_SIZE = 33;
+var PRECOMPILE_DATA_START = 2;
+function buildSecp256r1VerifyInstruction(publicKey, signature, message) {
+  if (publicKey.length !== COMPRESSED_PUBKEY_SERIALIZED_SIZE) {
+    throw new Error(`expected ${COMPRESSED_PUBKEY_SERIALIZED_SIZE}-byte pubkey`);
+  }
+  if (signature.length !== SIGNATURE_SERIALIZED_SIZE) {
+    throw new Error(`expected ${SIGNATURE_SERIALIZED_SIZE}-byte signature`);
+  }
+  const signatureOffset = PRECOMPILE_DATA_START + SIGNATURE_OFFSETS_SERIALIZED_SIZE;
+  const publicKeyOffset = signatureOffset + SIGNATURE_SERIALIZED_SIZE;
+  const messageOffset = publicKeyOffset + COMPRESSED_PUBKEY_SERIALIZED_SIZE;
+  const messageSize = message.length;
+  const totalLen = messageOffset + messageSize;
+  const data = Buffer.alloc(totalLen);
+  data[0] = 1;
+  data[1] = 0;
+  data.writeUInt16LE(signatureOffset, PRECOMPILE_DATA_START + 0);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 2);
+  data.writeUInt16LE(publicKeyOffset, PRECOMPILE_DATA_START + 4);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 6);
+  data.writeUInt16LE(messageOffset, PRECOMPILE_DATA_START + 8);
+  data.writeUInt16LE(messageSize, PRECOMPILE_DATA_START + 10);
+  data.writeUInt16LE(65535, PRECOMPILE_DATA_START + 12);
+  Buffer.from(signature).copy(data, signatureOffset);
+  Buffer.from(publicKey).copy(data, publicKeyOffset);
+  Buffer.from(message).copy(data, messageOffset);
+  return new TransactionInstruction2({
+    keys: [],
+    programId: SECP256R1_PROGRAM_ID,
+    data
+  });
+}
+async function buildPrecompileMessage(clientDataJSON, authenticatorData) {
+  const subtle = globalThis.crypto?.subtle;
+  let clientDataHash;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", clientDataJSON);
+    clientDataHash = new Uint8Array(buf);
+  } else {
+    const { createHash: createHash2 } = await import("crypto");
+    clientDataHash = createHash2("sha256").update(clientDataJSON).digest();
+  }
+  const out = new Uint8Array(authenticatorData.length + 32);
+  out.set(authenticatorData, 0);
+  out.set(clientDataHash, authenticatorData.length);
+  return out;
+}
+
+// src/connect/verify.ts
+function decodeChallengeTo32Bytes(challenge) {
+  const decoded = tryBase64urlDecode(challenge);
+  if (decoded && decoded.length === 32) return decoded;
+  return new Uint8Array(createHash("sha256").update(challenge, "utf8").digest());
+}
+function tryBase64urlDecode(s) {
+  if (!/^[A-Za-z0-9\-_]+={0,2}$/.test(s)) return null;
+  try {
+    return new Uint8Array(Buffer.from(s, "base64url"));
+  } catch {
+    return null;
+  }
+}
+async function verifyConnectProof(args) {
+  const { connection, challenge, proof } = args;
+  try {
+    const challengeBytes = decodeChallengeTo32Bytes(challenge);
+    const vaultPda = new PublicKey3(proof.vault);
+    const precompileMessage = await buildPrecompileMessage(
+      proof.clientDataJSON,
+      proof.authenticatorData
+    );
+    const ix0 = buildSecp256r1VerifyInstruction(
+      proof.passkeyPubkey,
+      proof.signature,
+      precompileMessage
+    );
+    const ix1 = buildProvePasskeyInstruction({
+      vaultPda,
+      challenge: challengeBytes,
+      clientDataJSON: proof.clientDataJSON,
+      authenticatorData: proof.authenticatorData
+    });
+    const tx = new Transaction();
+    tx.add(ix0, ix1);
+    tx.feePayer = vaultPda;
+    tx.recentBlockhash = PublicKey3.default.toBase58();
+    const simulate = args.simulate ?? ((t) => connection.simulateTransaction(t, void 0, false));
+    const res = await simulate(tx);
+    const err = res?.value?.err ?? null;
+    if (err === null) {
+      return { ok: true, vault: vaultPda };
+    }
+    return { ok: false, reason: `simulation rejected: ${stringifyErr(err)}` };
+  } catch (e) {
+    return { ok: false, reason: e instanceof Error ? e.message : String(e) };
+  }
+}
+function stringifyErr(err) {
+  try {
+    return JSON.stringify(err);
+  } catch {
+    return String(err);
+  }
+}
+
+// src/signers/browser/index.ts
+var WebAuthnAssertionError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+    this.name = "WebAuthnAssertionError";
+  }
+};
+var WebAuthnAssertion = class {
+  credentialId;
+  publicKeyBase64;
+  rpId;
+  allowCredentials;
+  timeoutMs;
+  userVerification;
+  constructor(config) {
+    if (!(config.credentialId instanceof Uint8Array) || config.credentialId.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_credential_id",
+        "credentialId must be a non-empty Uint8Array"
+      );
+    }
+    this.credentialId = config.credentialId;
+    this.publicKeyBase64 = config.publicKeyBase64;
+    this.rpId = config.rpId;
+    this.allowCredentials = config.allowCredentials && config.allowCredentials.length > 0 ? config.allowCredentials : [{ id: config.credentialId }];
+    this.timeoutMs = config.timeoutMs ?? 6e4;
+    this.userVerification = config.userVerification ?? "preferred";
+  }
+  /**
+   * Run `navigator.credentials.get()` over `challenge` and return the
+   * three on-chain-ready buffers.
+   *
+   * The caller is responsible for what `challenge` *is*. For the vault
+   * program, this is typically `sha256(opMessage)` minted server-side
+   * with replay defense (see DexterApiBrowserPasskeySigner). The SDK
+   * does not impose policy here.
+   */
+  async assertOver(challenge) {
+    ensureBrowser();
+    if (!(challenge instanceof Uint8Array) || challenge.length === 0) {
+      throw new WebAuthnAssertionError(
+        "invalid_challenge",
+        "challenge must be a non-empty Uint8Array"
+      );
+    }
+    const requestOptions = {
+      challenge: toBufferSource(challenge),
+      allowCredentials: this.allowCredentials.map((c) => ({
+        id: toBufferSource(c.id),
+        type: "public-key",
+        transports: c.transports
+      })),
+      timeout: this.timeoutMs,
+      userVerification: this.userVerification,
+      ...this.rpId ? { rpId: this.rpId } : {}
+    };
+    const credential = await navigator.credentials.get({
+      publicKey: requestOptions
+    });
+    if (!credential) {
+      throw new WebAuthnAssertionError(
+        "user_cancelled",
+        "no assertion returned from authenticator"
+      );
+    }
+    if (credential.type !== "public-key") {
+      throw new WebAuthnAssertionError(
+        "credential_invalid",
+        `unexpected credential type: ${credential.type}`
+      );
+    }
+    const assertion = credential.response;
+    const derSignature = new Uint8Array(assertion.signature);
+    const compactSignature = derSignatureToCompactLowS(derSignature);
+    return {
+      signature: compactSignature,
+      signatureDer: derSignature,
+      clientDataJSON: new Uint8Array(assertion.clientDataJSON),
+      authenticatorData: new Uint8Array(assertion.authenticatorData)
+    };
+  }
+  /**
+   * `PasskeySigner` shape — alias for `assertOver`. Consumers that want
+   * to type against `PasskeySigner` (e.g. dexter-fe's
+   * `DexterApiBrowserPasskeySigner`) call `.sign(challenge)`; consumers
+   * that want the explicit name call `.assertOver(challenge)`. Same
+   * function, two names.
+   */
+  sign(challenge) {
+    return this.assertOver(challenge);
+  }
+};
+function ensureBrowser() {
+  if (typeof globalThis === "undefined" || typeof globalThis.navigator === "undefined") {
+    throw new WebAuthnAssertionError(
+      "not_browser",
+      "WebAuthnAssertion requires a browser environment (navigator.credentials)"
+    );
+  }
+  const cred = globalThis.navigator.credentials;
+  if (!cred || typeof cred.get !== "function") {
+    throw new WebAuthnAssertionError(
+      "webauthn_unsupported",
+      "this environment does not implement navigator.credentials.get"
+    );
+  }
+}
+function toBufferSource(bytes) {
+  const out = new ArrayBuffer(bytes.length);
+  new Uint8Array(out).set(bytes);
+  return out;
+}
+var P256_ORDER = BigInt(
+  "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"
+);
+var P256_HALF_ORDER = P256_ORDER >> BigInt(1);
+function bigintFromBytes(buf) {
+  let n = 0n;
+  for (const byte of buf) n = n << 8n | BigInt(byte);
+  return n;
+}
+function bytesFromBigint(n, length) {
+  const out = new Uint8Array(length);
+  for (let i = length - 1; i >= 0; i -= 1) {
+    out[i] = Number(n & 0xffn);
+    n >>= 8n;
+  }
+  return out;
+}
+function derSignatureToCompactLowS(der) {
+  let i = 0;
+  if (der[i++] !== 48) {
+    throw new WebAuthnAssertionError("bad_signature", "expected DER SEQUENCE");
+  }
+  i++;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected r INTEGER");
+  }
+  const rLen = der[i++];
+  if (rLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no r length)");
+  }
+  let r = der.slice(i, i + rLen);
+  i += rLen;
+  if (der[i++] !== 2) {
+    throw new WebAuthnAssertionError("bad_signature", "expected s INTEGER");
+  }
+  const sLen = der[i++];
+  if (sLen === void 0) {
+    throw new WebAuthnAssertionError("bad_signature", "truncated DER (no s length)");
+  }
+  let s = der.slice(i, i + sLen);
+  i += sLen;
+  if (r.length > 32 && r[0] === 0) r = r.slice(1);
+  if (s.length > 32 && s[0] === 0) s = s.slice(1);
+  if (r.length > 32 || s.length > 32) {
+    throw new WebAuthnAssertionError(
+      "bad_signature",
+      "DER component too large for P-256"
+    );
+  }
+  const rPadded = new Uint8Array(32);
+  rPadded.set(r, 32 - r.length);
+  let sN = bigintFromBytes(s);
+  if (sN > P256_HALF_ORDER) sN = P256_ORDER - sN;
+  const sPadded = bytesFromBigint(sN, 32);
+  const out = new Uint8Array(64);
+  out.set(rPadded, 0);
+  out.set(sPadded, 32);
+  return out;
+}
+
+// src/connect/ceremony.ts
+var SIWX_LOGIN_PREFIX = "siwx_login";
+async function connectTab(args) {
+  const challengeBytes = decodeChallengeTo32Bytes(args.challenge);
+  const prefix = new TextEncoder().encode(SIWX_LOGIN_PREFIX);
+  const opMessage = new Uint8Array(prefix.length + challengeBytes.length);
+  opMessage.set(prefix, 0);
+  opMessage.set(challengeBytes, prefix.length);
+  const signedDigest = await sha256(opMessage);
+  const signer = new WebAuthnAssertion({
+    credentialId: args.credentialId,
+    ...args.rpId ? { rpId: args.rpId } : {}
+  });
+  const assertion = await signer.assertOver(signedDigest);
+  return {
+    passkeyPubkey: args.passkeyPubkey,
+    vault: args.vault,
+    clientDataJSON: assertion.clientDataJSON,
+    authenticatorData: assertion.authenticatorData,
+    signature: assertion.signature
+    // 64-byte compact lowS r||s
+  };
+}
+async function sha256(data) {
+  const subtle = globalThis.crypto?.subtle;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", data);
+    return new Uint8Array(buf);
+  }
+  const { createHash: createHash2 } = await import("crypto");
+  return new Uint8Array(createHash2("sha256").update(data).digest());
+}
+export {
+  connectTab,
+  decodeChallengeTo32Bytes,
+  verifyConnectProof
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dexterai/vault",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "description": "Canonical off-chain mirror of the dexter-vault Solana Anchor program — Solana instruction builders, byte-precise message encoders, account decoders, secp256r1/Ed25519 precompile helpers, counterfactual Swig derivation, and signer interfaces. The single source of truth for any TypeScript code that produces bytes the on-chain program will verify.",
   "author": "Dexter",
   "license": "MIT",
@@ -76,6 +76,11 @@
       "import": "./dist/tab/index.js",
       "require": "./dist/tab/index.cjs"
     },
+    "./connect": {
+      "types": "./dist/connect/index.d.ts",
+      "import": "./dist/connect/index.js",
+      "require": "./dist/connect/index.cjs"
+    },
     "./idl/dexter_vault.json": "./dist/idl/dexter_vault.json"
   },
   "files": [