npm - @dexterai/x402 - Versions diffs - 4.1.0 → 5.0.0 - Mend

@dexterai/x402 4.1.0 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +15 -4
package/dist/tab/adapters/solana/index.cjs +1 -1
package/dist/tab/adapters/solana/index.d.cts +13 -12
package/dist/tab/adapters/solana/index.d.ts +13 -12
package/dist/tab/adapters/solana/index.js +1 -1
package/package.json +3 -2

package/README.md CHANGED Viewed

@@ -38,9 +38,11 @@ The closest familiar shape is an auth-and-capture card hold, with the hold enfor
 ## Install
 ```bash
-npm install @dexterai/x402
+npm install @dexterai/x402 @dexterai/vault
 ```
+`@dexterai/vault` is a **peer dependency** (`>=0.19`): the tab adapter and your app share ONE vault instance — the passkey signer it consumes (`signOperation`) is the same type your app builds, with no bridge shim. Install it alongside.
 One install is both sides: the buyer surface at `@dexterai/x402/tab`, the seller surface at `@dexterai/x402/tab/seller`.
 ## Open a tab and pay (buyer)
@@ -54,7 +56,7 @@ const vault = createSolanaVaultAdapter({
   connection,        // your Solana Connection (any RPC)
   swigAddress,       // the vault's Swig state account, from enrollment
   vaultPda,          // the vault's gate PDA, from enrollment
-  passkeySigner,     // browser: WebAuthnAssertion; server agent: passkeySignerFromP256Keypair(kp)
+  passkeySigner,     // signOperation signer — browser: vault's DexterApiBrowserPasskeySigner; server agent: passkeySignerFromP256Keypair(kp)
   feePayer,          // lamport fee payer (a Signer)
 });
 ```
@@ -144,7 +146,7 @@ The full threat model and trust assumptions live in the program's [`SECURITY.md`
 When a partner's app opens a tab for a user, the approval runs on one Dexter-hosted consent screen, deep-linked from the partner's app. The user sees the counterparty, the cap, and the expiry, taps their passkey once, and control returns to the app. The partner builds no approval UI and never handles a passkey.
-The screen is hosted by Dexter for a structural reason, not a stylistic one: the vault's passkey can only sign on Dexter's own origin, so a user cannot be phished into approving on a look-alike page. The safety is a property of where the key will sign. Flow and routing: [docs.dexter.cash/tabs](https://docs.dexter.cash). **[TODO: confirm final docs path once #5 lands.]**
+The screen is hosted by Dexter for a structural reason, not a stylistic one: the vault's passkey can only sign on Dexter's own origin, so a user cannot be phished into approving on a look-alike page. The safety is a property of where the key will sign. Flow and routing: [docs.dexter.cash](https://docs.dexter.cash).
 ---
@@ -310,6 +312,15 @@ State auto-persists and resumes with `resumeBatchChannel({ wallet, network, salt
 `bazaarExtension()` plus `declareDiscoveryExtension(config)` attach a spec-compliant `extensions.bazaar` block to a route's 402; extensions are opt-in and failure-isolated, so the payment path is never affected. `sponsoredAccess` injects `_x402_sponsored` into responses; read it with `getSponsoredRecommendations(response)`. Campaign creation is x402-gated at `x402ads.io`.
+### Migrating to 5.0.0 (breaking)
+Two changes, both about packaging and the passkey signer — the payment path itself is unchanged.
+1. **`@dexterai/vault` is now a peer dependency** (`>=0.19`), not bundled. The tab adapter and your app share ONE vault instance, so there are no duplicate copies and no `instanceof`/type mismatches across packages. Install it alongside: `npm install @dexterai/x402 @dexterai/vault`.
+2. **The passkey signer contract is `signOperation(operationMessage)`**, replacing the old `sign(challenge)`. The adapter now hands the signer the RAW operation message and the signer hashes it internally (`challenge = sha256(op)`, the on-chain `webauthn.rs` law). If you wrote a custom signer against `sign(challenge)`, rename the method to `signOperation` and delete your pre-hash — pass the message straight through. Vault's `DexterApiBrowserPasskeySigner` (browser) and this package's `passkeySignerFromP256Keypair` (node/agent) already conform.
+To pin the old surface, stay on `@dexterai/x402@^4`.
 ### Removed in v4.0.0 (migration)
 The v1-era helpers were removed in `4.0.0`. The payment engine is unchanged — the canonical entrypoints have done their jobs since 3.x:
@@ -334,7 +345,7 @@ The v1-era helpers were removed in `4.0.0`. The payment engine is unchanged —
 npm run build      # ESM + CJS
 npm run dev        # Watch mode
 npm run typecheck
-npm test           # 359 vitest tests
+npm test           # 364 vitest tests
 ```
 ## License

package/dist/tab/adapters/solana/index.cjs CHANGED Viewed

	@@ -1 +1 @@
1	- "use strict";var te=Object.create;var f=Object.defineProperty;var ne=Object.getOwnPropertyDescriptor;var ie=Object.getOwnPropertyNames;var re=Object.getPrototypeOf,se=Object.prototype.hasOwnProperty;var oe=(e,t)=>{for(var n in t)f(e,n,{get:t[n],enumerable:!0})},V=(e,t,n,i)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of ie(t))!se.call(e,r)&&r!==n&&f(e,r,{get:()=>t[r],enumerable:!(i=ne(t,r))\|\|i.enumerable});return e};var L=(e,t,n)=>(n=e!=null?te(re(e)):{},V(t\|\|!e\|\|!e.__esModule?f(n,"default",{value:e,enumerable:!0}):n,e)),ae=e=>V(f({},"__esModule",{value:!0}),e);var Pe={};oe(Pe,{buildAdapterRegisterInstruction:()=>Q,createSolanaVaultAdapter:()=>he,deriveChannelId:()~~=>q,~~passkeySignerFromP256Keypair:()=>z});module.exports=ae(Pe);var c=require("@solana/web3.js"),Z=require("@solana/spl-token");var ce="solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",pe="solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",le="solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z";var w="eip155:8453",U="eip155:84532",C="eip155:42161",R="eip155:137",O="eip155:10",D="eip155:43114",N="eip155:56",T="eip155:1187947933",_="eip155:324705682",I="eip155:1";var W="EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";var ue="0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",ye="0x55d398326f99059fF775485246999027B3197955",F="0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",Ee={[N]:F,[w]:ue,[U]:"0x036CbD53842c5426634e7929541eC2318f3dCF7e",[C]:"0xaf88d065e77c8cC2239327C5EDb3A432268e5831",[R]:"0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",[O]:"0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",[D]:"0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E",[T]:"0x85889c8c714505E0c94b30fcfcF64fE3Ac8FCb20",[_]:"0x2e08028E3C4c2356572E096d8EF835cD5C6030bD",[I]:"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"},Ke={[ye]:{symbol:"USDT",decimals:18},[F]:{symbol:"USDC",decimals:18}};var ve={[N]:56,[w]:8453,[U]:84532,[C]:42161,[R]:137,[O]:10,[D]:43114,[T]:1187947933,[_]:324705682,[I]:1},we={[ce]:"https://api.dexter.cash/api/solana/rpc",[pe]:"https://api.devnet.solana.com",[le]:"https://api.testnet.solana.com"},Ue={[N]:"https://api.dexter.cash/api/evm/bsc/rpc",[w]:"https://api.dexter.cash/api/base/rpc",[U]:"https://sepolia.base.org",[C]:"https://api.dexter.cash/api/evm/arbitrum/rpc",[R]:"https://api.dexter.cash/api/evm/polygon/rpc",[O]:"https://api.dexter.cash/api/evm/optimism/rpc",[D]:"https://api.dexter.cash/api/evm/avalanche/rpc",[T]:"https://skale-base.skalenodes.com/v1/base",[_]:"https://base-sepolia-testnet.skalenodes.com/v1/jubilant-horrible-ancha",[I]:"https://eth.llamarpc.com"};var a=require("@dexterai/vault/instructions"),P=require("@dexterai/vault/precompile"),m=require("@dexterai/vault/constants");var s=require("@dexterai/vault/messages");var k=L(require("tweetnacl"),1);var $=require("@noble/hashes/sha256");function J(){let e=k.default.sign.keyPair();return{publicKey:e.publicKey,privateKey:e.secretKey}}function H(e,t,n){return{publicKey:e.publicKey,privateKey:e.privateKey,scope:t,registration:n}}function G(e,t,n){if(n.length!==32)throw new Error(`channelIdBytes must be 32 bytes, got ${n.length}`);let i=BigInt(t.cumulativeAmount),r=BigInt(e.scope.maxAmountAtomic);if(i>r)throw new Error(`voucher cumulative ${i} exceeds session cap ${r}`);let o=Math.floor(Date.now()/1e3);if(o>=e.scope.expiresAtUnix)throw new Error(`session expired at ${e.scope.expiresAtUnix}, now ${o}`);let p=(0,s.voucherPayloadMessage)({channelId:n,cumulativeAmount:i,sequenceNumber:t.sequenceNumber}),l=k.default.sign.detached(p,e.privateKey);return{payload:t,sessionPublicKey:e.publicKey,sessionRegistration:e.registration,sessionSignature:l}}function b(e){if(!/^\d+$/.test(e))throw new Error(`atomic amount must be a non-negative integer string, got "${e}"`);return BigInt(e)}function q(e){let t=new Uint8Array(8);new DataView(t.buffer).setBigUint64(0,e.nonce,!0);let n=new TextEncoder().encode(e.sellerUrl),i~~=$.~~sha256.create();return i.update(e.vaultPda.toBytes()),i.update(n),i.update(t),i.digest()}var d=require("@dexterai/vault/session"),g=require("@noble/hashes/sha256");var X=require("@noble/curves/p256"),E=require("@noble/hashes/sha256"),Y="dexter.cash";function me(e){return Buffer.from(e).toString("base64").replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function de(e,t=`https://${Y}`){let i={type:"webauthn.get",challenge:me(e),origin:t,crossOrigin:!1};return new TextEncoder().encode(JSON.stringify(i))}function ge(e=1){let t=(0,E.sha256)(new TextEncoder().encode(Y)),n=new Uint8Array(37);return n.set(t,0),n[32]=5,new DataView(n.buffer).setUint32(33,e,!1),n}function Ae(e,t){let n=de(t),i=ge(1),r=new Uint8Array(i.length+32);r.set(i,0),r.set((0,E.sha256)(n),i.length);let o=(0,E.sha256)(r);return{signature:X.p256.sign(o,e.privateKey,{lowS:!0}).toCompactRawBytes(),clientDataJSON:n,authenticatorData:i}}function z(e){return{publicKey:e.publicKey,~~sign~~:async t=>Ae(e,t)}}function Q(e){let t=(0,a.deriveSwigWalletAddress)(e.swigAddress),n=(0,Z.getAssociatedTokenAddressSync)(new c.PublicKey(W),t,!0);return(0,a.buildRegisterSessionKeyInstruction)({vaultPda:e.vaultPda,sessionPubkey:e.sessionPubkey,maxAmount:e.maxAmount,maxRevolvingCapacity:e.maxRevolvingCapacity,expiresAt:e.expiresAt,allowedCounterparty:e.allowedCounterparty,nonce:e.nonce,swigAddress:e.swigAddress,vaultUsdcAta:n,clientDataJSON:e.clientDataJSON,authenticatorData:e.authenticatorData,payer:e.payer,siblingSessionPdas:e.siblingSessionPdas})}var B=class{network="solana:mainnet";swigAddress;vaultPda;connection;vaultPdaKey;passkey;feePayer;confirmOptions;constructor(t){this.connection=t.connection,this.swigAddress=typeof t.swigAddress=="string"?t.swigAddress:t.swigAddress.toBase58(),this.vaultPdaKey=typeof t.vaultPda=="string"?new c.PublicKey(t.vaultPda):t.vaultPda,this.vaultPda=this.vaultPdaKey.toBase58(),this.passkey=t.passkeySigner,this.feePayer=t.feePayer,this.confirmOptions=t.confirmOptions??{commitment:"confirmed"}}async authorizeSession(t){let n=new c.PublicKey(t.allowedCounterparty),i=b(t.revolvingCapacityAtomic??t.maxAmountAtomic),r=J(),o=Se(),p=(0,s.sessionRegisterMessage)({programId:m.DEXTER_VAULT_PROGRAM_ID,vaultPda:this.vaultPdaKey,sessionPubkey:r.publicKey,maxAmount:b(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:o}),~~l=(0,g.sha256)(p),~~{signature:A,clientDataJSON:h,authenticatorData:S}=await this.passkey.~~sign~~(l),K=j(S,(0,g.sha256)(h)),u=(0,P.buildSecp256r1VerifyInstruction)(this.passkey.publicKey,A,K),x=(0,d.sessionPdasOf)(await(0,d.fetchVaultSessionAccounts)(this.connection,this.vaultPdaKey)),v=Q({vaultPda:this.vaultPdaKey,swigAddress:new c.PublicKey(this.swigAddress),sessionPubkey:r.publicKey,maxAmount:b(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:o,clientDataJSON:h,authenticatorData:S,payer:this.feePayer.publicKey,siblingSessionPdas:x}),y=new c.Transaction().add(u,v);y.feePayer=this.feePayer.publicKey;let{blockhash:M}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);y.recentBlockhash=M,y.sign(this.feePayer);let ee=await this.connection.sendRawTransaction(y.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:ee,blockhash:M,lastValidBlockHeight:(await this.connection.getLatestBlockhash(this.confirmOptions.commitment)).lastValidBlockHeight},this.confirmOptions.commitment),await(0,d.waitForSession)(this.connection,this.vaultPdaKey,n,{expectedSessionPubkey:r.publicKey,timeoutMs:2e4}),H(r,t,p)}async signWithSession(t,n){let i=await xe(n.channelId);return G(t,n,i)}async signOpenTab(t,n){return t.registration}async signCloseTab(t,n,i){let r=(0,s.sessionRevokeMessage)({programId:m.DEXTER_VAULT_PROGRAM_ID,vaultPda:this.vaultPdaKey,sessionPubkey:t.publicKey}),~~o=(0,g.sha256)(r),~~{signature:p,clientDataJSON:l,authenticatorData:A}=await this.passkey.~~sign~~(o),h=j(A,(0,g.sha256)(l)),S=(0,P.buildSecp256r1VerifyInstruction)(this.passkey.publicKey,p,h),K=(0,a.buildRevokeSessionKeyInstruction)({vaultPda:this.vaultPdaKey,allowedCounterparty:new c.PublicKey(t.scope.allowedCounterparty),clientDataJSON:l,authenticatorData:A}),u=new c.Transaction().add(S,K);u.feePayer=this.feePayer.publicKey;let{blockhash:x,lastValidBlockHeight:v}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);u.recentBlockhash=x,u.sign(this.feePayer);let y=await this.connection.sendRawTransaction(u.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:y,blockhash:x,lastValidBlockHeight:v},this.confirmOptions.commitment),r}};function he(e){return new B(e)}function j(e,t){let n=new Uint8Array(e.length+t.length);return n.set(e,0),n.set(t,e.length),n}function Se(){return Math.floor(Math.random()4294967295)>>>0}async function xe(e){if(/^[0-9a-f]{64}$/i.test(e))return fe(e);let{sha256:t}=await import("@noble/hashes/sha256");return t(new TextEncoder().encode(e))}function fe(e){let t=new Uint8Array(e.length/2);for(let n=0;n<t.length;n++)t[n]=parseInt(e.substr(n2,2),16);return t}0&&(module.exports={buildAdapterRegisterInstruction,createSolanaVaultAdapter,deriveChannelId,passkeySignerFromP256Keypair});
1	+ "use strict";var ee=Object.create;var x=Object.defineProperty;var te=Object.getOwnPropertyDescriptor;var ne=Object.getOwnPropertyNames;var ie=Object.getPrototypeOf,re=Object.prototype.hasOwnProperty;var se=(e,t)=>{for(var n in t)x(e,n,{get:t[n],enumerable:!0})},M=(e,t,n,i)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of ne(t))!re.call(e,r)&&r!==n&&x(e,r,{get:()=>t[r],enumerable:!(i=te(t,r))\|\|i.enumerable});return e};var V=(e,t,n)=>(n=e!=null?ee(ie(e)):{},M(t\|\|!e\|\|!e.__esModule?x(n,"default",{value:e,enumerable:!0}):n,e)),oe=e=>M(x({},"__esModule",{value:!0}),e);var fe={};se(fe,{buildAdapterRegisterInstruction:()=>Z,createSolanaVaultAdapter:()=>Ae,deriveChannelId:()=>$,passkeySignerFromP256Keypair:()=>Y});module.exports=oe(fe);var c=require("@solana/web3.js"),j=require("@solana/spl-token");var ae="solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",ce="solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",pe="solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z";var K="eip155:8453",v="eip155:84532",w="eip155:42161",C="eip155:137",R="eip155:10",O="eip155:43114",U="eip155:56",T="eip155:1187947933",_="eip155:324705682",N="eip155:1";var L="EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";var ue="0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",le="0x55d398326f99059fF775485246999027B3197955",W="0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",be={[U]:W,[K]:ue,[v]:"0x036CbD53842c5426634e7929541eC2318f3dCF7e",[w]:"0xaf88d065e77c8cC2239327C5EDb3A432268e5831",[C]:"0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",[R]:"0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",[O]:"0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E",[T]:"0x85889c8c714505E0c94b30fcfcF64fE3Ac8FCb20",[_]:"0x2e08028E3C4c2356572E096d8EF835cD5C6030bD",[N]:"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"},Ee={[le]:{symbol:"USDT",decimals:18},[W]:{symbol:"USDC",decimals:18}};var Ke={[U]:56,[K]:8453,[v]:84532,[w]:42161,[C]:137,[R]:10,[O]:43114,[T]:1187947933,[_]:324705682,[N]:1},ve={[ae]:"https://api.dexter.cash/api/solana/rpc",[ce]:"https://api.devnet.solana.com",[pe]:"https://api.testnet.solana.com"},we={[U]:"https://api.dexter.cash/api/evm/bsc/rpc",[K]:"https://api.dexter.cash/api/base/rpc",[v]:"https://sepolia.base.org",[w]:"https://api.dexter.cash/api/evm/arbitrum/rpc",[C]:"https://api.dexter.cash/api/evm/polygon/rpc",[R]:"https://api.dexter.cash/api/evm/optimism/rpc",[O]:"https://api.dexter.cash/api/evm/avalanche/rpc",[T]:"https://skale-base.skalenodes.com/v1/base",[_]:"https://base-sepolia-testnet.skalenodes.com/v1/jubilant-horrible-ancha",[N]:"https://eth.llamarpc.com"};var a=require("@dexterai/vault/instructions"),f=require("@dexterai/vault/precompile"),m=require("@dexterai/vault/constants");var s=require("@dexterai/vault/messages");var D=V(require("tweetnacl"),1);var G=require("@noble/hashes/sha256");function F(){let e=D.default.sign.keyPair();return{publicKey:e.publicKey,privateKey:e.secretKey}}function J(e,t,n){return{publicKey:e.publicKey,privateKey:e.privateKey,scope:t,registration:n}}function H(e,t,n){if(n.length!==32)throw new Error(`channelIdBytes must be 32 bytes, got ${n.length}`);let i=BigInt(t.cumulativeAmount),r=BigInt(e.scope.maxAmountAtomic);if(i>r)throw new Error(`voucher cumulative ${i} exceeds session cap ${r}`);let o=Math.floor(Date.now()/1e3);if(o>=e.scope.expiresAtUnix)throw new Error(`session expired at ${e.scope.expiresAtUnix}, now ${o}`);let p=(0,s.voucherPayloadMessage)({channelId:n,cumulativeAmount:i,sequenceNumber:t.sequenceNumber}),u=D.default.sign.detached(p,e.privateKey);return{payload:t,sessionPublicKey:e.publicKey,sessionRegistration:e.registration,sessionSignature:u}}function P(e){if(!/^\d+$/.test(e))throw new Error(`atomic amount must be a non-negative integer string, got "${e}"`);return BigInt(e)}function $(e){let t=new Uint8Array(8);new DataView(t.buffer).setBigUint64(0,e.nonce,!0);let n=new TextEncoder().encode(e.sellerUrl),i=G.sha256.create();return i.update(e.vaultPda.toBytes()),i.update(n),i.update(t),i.digest()}var d=require("@dexterai/vault/session"),I=require("@noble/hashes/sha256");var q=require("@noble/curves/p256"),g=require("@noble/hashes/sha256"),X="dexter.cash";function ye(e){return Buffer.from(e).toString("base64").replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function me(e,t=`https://${X}`){let i={type:"webauthn.get",challenge:ye(e),origin:t,crossOrigin:!1};return new TextEncoder().encode(JSON.stringify(i))}function de(e=1){let t=(0,g.sha256)(new TextEncoder().encode(X)),n=new Uint8Array(37);return n.set(t,0),n[32]=5,new DataView(n.buffer).setUint32(33,e,!1),n}function ge(e,t){let n=me(t),i=de(1),r=new Uint8Array(i.length+32);r.set(i,0),r.set((0,g.sha256)(n),i.length);let o=(0,g.sha256)(r);return{signature:q.p256.sign(o,e.privateKey,{lowS:!0}).toCompactRawBytes(),clientDataJSON:n,authenticatorData:i}}function Y(e){return{credentialId:new Uint8Array(0),publicKey:e.publicKey,signOperation:async t=>ge(e,(0,g.sha256)(t))}}function Z(e){let t=(0,a.deriveSwigWalletAddress)(e.swigAddress),n=(0,j.getAssociatedTokenAddressSync)(new c.PublicKey(L),t,!0);return(0,a.buildRegisterSessionKeyInstruction)({vaultPda:e.vaultPda,sessionPubkey:e.sessionPubkey,maxAmount:e.maxAmount,maxRevolvingCapacity:e.maxRevolvingCapacity,expiresAt:e.expiresAt,allowedCounterparty:e.allowedCounterparty,nonce:e.nonce,swigAddress:e.swigAddress,vaultUsdcAta:n,clientDataJSON:e.clientDataJSON,authenticatorData:e.authenticatorData,payer:e.payer,siblingSessionPdas:e.siblingSessionPdas})}var k=class{network="solana:mainnet";swigAddress;vaultPda;connection;vaultPdaKey;passkey;feePayer;confirmOptions;constructor(t){this.connection=t.connection,this.swigAddress=typeof t.swigAddress=="string"?t.swigAddress:t.swigAddress.toBase58(),this.vaultPdaKey=typeof t.vaultPda=="string"?new c.PublicKey(t.vaultPda):t.vaultPda,this.vaultPda=this.vaultPdaKey.toBase58(),this.passkey=t.passkeySigner,this.feePayer=t.feePayer,this.confirmOptions=t.confirmOptions??{commitment:"confirmed"}}async authorizeSession(t){let n=new c.PublicKey(t.allowedCounterparty),i=P(t.revolvingCapacityAtomic??t.maxAmountAtomic),r=F(),o=he(),p=(0,s.sessionRegisterMessage)({programId:m.DEXTER_VAULT_PROGRAM_ID,vaultPda:this.vaultPdaKey,sessionPubkey:r.publicKey,maxAmount:P(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:o}),{signature:u,clientDataJSON:A,authenticatorData:h}=await this.passkey.signOperation(p),b=z(h,(0,I.sha256)(A)),l=(0,f.buildSecp256r1VerifyInstruction)(this.passkey.publicKey,u,b),S=(0,d.sessionPdasOf)(await(0,d.fetchVaultSessionAccounts)(this.connection,this.vaultPdaKey)),E=Z({vaultPda:this.vaultPdaKey,swigAddress:new c.PublicKey(this.swigAddress),sessionPubkey:r.publicKey,maxAmount:P(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:o,clientDataJSON:A,authenticatorData:h,payer:this.feePayer.publicKey,siblingSessionPdas:S}),y=new c.Transaction().add(l,E);y.feePayer=this.feePayer.publicKey;let{blockhash:B}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);y.recentBlockhash=B,y.sign(this.feePayer);let Q=await this.connection.sendRawTransaction(y.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:Q,blockhash:B,lastValidBlockHeight:(await this.connection.getLatestBlockhash(this.confirmOptions.commitment)).lastValidBlockHeight},this.confirmOptions.commitment),await(0,d.waitForSession)(this.connection,this.vaultPdaKey,n,{expectedSessionPubkey:r.publicKey,timeoutMs:2e4}),J(r,t,p)}async signWithSession(t,n){let i=await Se(n.channelId);return H(t,n,i)}async signOpenTab(t,n){return t.registration}async signCloseTab(t,n,i){let r=(0,s.sessionRevokeMessage)({programId:m.DEXTER_VAULT_PROGRAM_ID,vaultPda:this.vaultPdaKey,sessionPubkey:t.publicKey}),{signature:o,clientDataJSON:p,authenticatorData:u}=await this.passkey.signOperation(r),A=z(u,(0,I.sha256)(p)),h=(0,f.buildSecp256r1VerifyInstruction)(this.passkey.publicKey,o,A),b=(0,a.buildRevokeSessionKeyInstruction)({vaultPda:this.vaultPdaKey,allowedCounterparty:new c.PublicKey(t.scope.allowedCounterparty),clientDataJSON:p,authenticatorData:u}),l=new c.Transaction().add(h,b);l.feePayer=this.feePayer.publicKey;let{blockhash:S,lastValidBlockHeight:E}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);l.recentBlockhash=S,l.sign(this.feePayer);let y=await this.connection.sendRawTransaction(l.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:y,blockhash:S,lastValidBlockHeight:E},this.confirmOptions.commitment),r}};function Ae(e){return new k(e)}function z(e,t){let n=new Uint8Array(e.length+t.length);return n.set(e,0),n.set(t,e.length),n}function he(){return Math.floor(Math.random()4294967295)>>>0}async function Se(e){if(/^[0-9a-f]{64}$/i.test(e))return xe(e);let{sha256:t}=await import("@noble/hashes/sha256");return t(new TextEncoder().encode(e))}function xe(e){let t=new Uint8Array(e.length/2);for(let n=0;n<t.length;n++)t[n]=parseInt(e.substr(n2,2),16);return t}0&&(module.exports={buildAdapterRegisterInstruction,createSolanaVaultAdapter,deriveChannelId,passkeySignerFromP256Keypair});

package/dist/tab/adapters/solana/index.d.cts CHANGED Viewed

@@ -49,6 +49,7 @@ declare function deriveChannelId(args: {
  * dexter-vault/tests/helpers/secp256r1.ts (signOperationWithPasskey).
  * Keep them in lockstep.
  */
 interface P256Keypair {
     /** 33-byte SEC1 compressed public key (the form the vault stores). */
     publicKey: Uint8Array;
@@ -56,20 +57,20 @@ interface P256Keypair {
     privateKey: Uint8Array;
 }
 /**
- * Build a unified `PasskeySignerWithPublicKey` (vault's canonical shape)
+ * Build a unified `PasskeySignerWithPublicKey` (vault's canonical 0.19 shape)
  * from a locally-held P-256 keypair — the node/CLI path. Returns
- * `{ publicKey, sign(challenge) }`; the adapter computes the challenge and
- * rebuilds the precompile message. Drop-in equivalent to vault's
- * DexterApiBrowserPasskeySigner.
+ * `{ credentialId, publicKey, signOperation(operationMessage) }`. The signer
+ * owns the hashing locus: it computes `challenge = sha256(operationMessage)`
+ * internally (mirroring vault's `DexterApiBrowserPasskeySigner.signOperation`),
+ * so the adapter hands it the RAW operation message and never pre-hashes.
+ * The adapter still rebuilds the precompile message from the returned bytes.
+ *
+ * `credentialId` is empty for the node path — there is no platform
+ * authenticator credential; the on-chain verifier authenticates via the
+ * secp256r1 precompile over the clientDataJSON/authenticatorData, not the
+ * credentialId, so an empty value is correct here.
  */
-declare function passkeySignerFromP256Keypair(kp: P256Keypair): {
-    publicKey: Uint8Array;
-    sign(challenge: Uint8Array): Promise<{
-        signature: Uint8Array;
-        clientDataJSON: Uint8Array;
-        authenticatorData: Uint8Array;
-    }>;
-};
+declare function passkeySignerFromP256Keypair(kp: P256Keypair): PasskeySignerWithPublicKey;
 interface CreateSolanaVaultAdapterOptions {
     /** RPC the adapter uses to submit txs. The buyer can pass their own

package/dist/tab/adapters/solana/index.d.ts CHANGED Viewed

@@ -49,6 +49,7 @@ declare function deriveChannelId(args: {
  * dexter-vault/tests/helpers/secp256r1.ts (signOperationWithPasskey).
  * Keep them in lockstep.
  */
 interface P256Keypair {
     /** 33-byte SEC1 compressed public key (the form the vault stores). */
     publicKey: Uint8Array;
@@ -56,20 +57,20 @@ interface P256Keypair {
     privateKey: Uint8Array;
 }
 /**
- * Build a unified `PasskeySignerWithPublicKey` (vault's canonical shape)
+ * Build a unified `PasskeySignerWithPublicKey` (vault's canonical 0.19 shape)
  * from a locally-held P-256 keypair — the node/CLI path. Returns
- * `{ publicKey, sign(challenge) }`; the adapter computes the challenge and
- * rebuilds the precompile message. Drop-in equivalent to vault's
- * DexterApiBrowserPasskeySigner.
+ * `{ credentialId, publicKey, signOperation(operationMessage) }`. The signer
+ * owns the hashing locus: it computes `challenge = sha256(operationMessage)`
+ * internally (mirroring vault's `DexterApiBrowserPasskeySigner.signOperation`),
+ * so the adapter hands it the RAW operation message and never pre-hashes.
+ * The adapter still rebuilds the precompile message from the returned bytes.
+ *
+ * `credentialId` is empty for the node path — there is no platform
+ * authenticator credential; the on-chain verifier authenticates via the
+ * secp256r1 precompile over the clientDataJSON/authenticatorData, not the
+ * credentialId, so an empty value is correct here.
  */
-declare function passkeySignerFromP256Keypair(kp: P256Keypair): {
-    publicKey: Uint8Array;
-    sign(challenge: Uint8Array): Promise<{
-        signature: Uint8Array;
-        clientDataJSON: Uint8Array;
-        authenticatorData: Uint8Array;
-    }>;
-};
+declare function passkeySignerFromP256Keypair(kp: P256Keypair): PasskeySignerWithPublicKey;
 interface CreateSolanaVaultAdapterOptions {
     /** RPC the adapter uses to submit txs. The buyer can pass their own

package/dist/tab/adapters/solana/index.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{PublicKey as l,Transaction as q}from"@solana/web3.js";import{getAssociatedTokenAddressSync as pe}from"@solana/spl-token";var z="solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",j="solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",Z="solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z";var x="eip155:8453",f="eip155:84532",P="eip155:42161",b="eip155:137",E="eip155:10",K="eip155:43114",v="eip155:56",w="eip155:1187947933",U="eip155:324705682",C="eip155:1";var _="EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";var Q="0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",ee="0x55d398326f99059fF775485246999027B3197955",I="0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",he={[v]:I,[x]:Q,[f]:"0x036CbD53842c5426634e7929541eC2318f3dCF7e",[P]:"0xaf88d065e77c8cC2239327C5EDb3A432268e5831",[b]:"0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",[E]:"0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",[K]:"0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E",[w]:"0x85889c8c714505E0c94b30fcfcF64fE3Ac8FCb20",[U]:"0x2e08028E3C4c2356572E096d8EF835cD5C6030bD",[C]:"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"},Se={[ee]:{symbol:"USDT",decimals:18},[I]:{symbol:"USDC",decimals:18}};var xe={[v]:56,[x]:8453,[f]:84532,[P]:42161,[b]:137,[E]:10,[K]:43114,[w]:1187947933,[U]:324705682,[C]:1},fe={[z]:"https://api.dexter.cash/api/solana/rpc",[j]:"https://api.devnet.solana.com",[Z]:"https://api.testnet.solana.com"},Pe={[v]:"https://api.dexter.cash/api/evm/bsc/rpc",[x]:"https://api.dexter.cash/api/base/rpc",[f]:"https://sepolia.base.org",[P]:"https://api.dexter.cash/api/evm/arbitrum/rpc",[b]:"https://api.dexter.cash/api/evm/polygon/rpc",[E]:"https://api.dexter.cash/api/evm/optimism/rpc",[K]:"https://api.dexter.cash/api/evm/avalanche/rpc",[w]:"https://skale-base.skalenodes.com/v1/base",[U]:"https://base-sepolia-testnet.skalenodes.com/v1/jubilant-horrible-ancha",[C]:"https://eth.llamarpc.com"};import{buildRegisterSessionKeyInstruction as k,buildRevokeSessionKeyInstruction as B,deriveSwigWalletAddress as M}from"@dexterai/vault/instructions";import{buildSecp256r1VerifyInstruction as R}from"@dexterai/vault/precompile";import{DEXTER_VAULT_PROGRAM_ID as O,SECP256R1_PROGRAM_ID as Ue,INSTRUCTIONS_SYSVAR_ID as Ce}from"@dexterai/vault/constants";import{sessionRegisterMessage as V,sessionRevokeMessage as L,voucherPayloadMessage as W,buildVoucherMessage as De}from"@dexterai/vault/messages";import F from"tweetnacl";import{sha256 as te}from"@noble/hashes/sha256";function J(){let e=F.sign.keyPair();return{publicKey:e.publicKey,privateKey:e.secretKey}}function H(e,t,n){return{publicKey:e.publicKey,privateKey:e.privateKey,scope:t,registration:n}}function G(e,t,n){if(n.length!==32)throw new Error(`channelIdBytes must be 32 bytes, got ${n.length}`);let i=BigInt(t.cumulativeAmount),r=BigInt(e.scope.maxAmountAtomic);if(i>r)throw new Error(`voucher cumulative ${i} exceeds session cap ${r}`);let s=Math.floor(Date.now()/1e3);if(s>=e.scope.expiresAtUnix)throw new Error(`session expired at ${e.scope.expiresAtUnix}, now ${s}`);let o=W({channelId:n,cumulativeAmount:i,sequenceNumber:t.sequenceNumber}),a=F.sign.detached(o,e.privateKey);return{payload:t,sessionPublicKey:e.publicKey,sessionRegistration:e.registration,sessionSignature:a}}function g(e){if(!/^\d+$/.test(e))throw new Error(`atomic amount must be a non-negative integer string, got "${e}"`);return BigInt(e)}function ne(e){let t=new Uint8Array(8);new DataView(t.buffer).setBigUint64(0,e.nonce,!0);let n=new TextEncoder().encode(e.sellerUrl),i=te.create();return i.update(e.vaultPda.toBytes()),i.update(n),i.update(t),i.digest()}import{fetchVaultSessionAccounts as le,sessionPdasOf as ue,waitForSession as ye}from"@dexterai/vault/session";import{sha256 as A}from"@noble/hashes/sha256";import{p256 as ie}from"@noble/curves/p256";import{sha256 as D}from"@noble/hashes/sha256";var $="dexter.cash";function re(e){return Buffer.from(e).toString("base64").replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function se(e,t=`https://${$}`){let i={type:"webauthn.get",challenge:re(e),origin:t,crossOrigin:!1};return new TextEncoder().encode(JSON.stringify(i))}function oe(e=1){let t=D(new TextEncoder().encode($)),n=new Uint8Array(37);return n.set(t,0),n[32]=5,new DataView(n.buffer).setUint32(33,e,!1),n}function ae(e,t){let n=se(t),i=oe(1),r=new Uint8Array(i.length+32);r.set(i,0),r.set(D(n),i.length);let s=D(r);return{signature:ie.sign(s,e.privateKey,{lowS:!0}).toCompactRawBytes(),clientDataJSON:n,authenticatorData:i}}function ce(e){return{publicKey:e.publicKey,~~sign~~:async t=>ae(e,t)}}function me(e){let t=M(e.swigAddress),n=pe(new l(_),t,!0);return k({vaultPda:e.vaultPda,sessionPubkey:e.sessionPubkey,maxAmount:e.maxAmount,maxRevolvingCapacity:e.maxRevolvingCapacity,expiresAt:e.expiresAt,allowedCounterparty:e.allowedCounterparty,nonce:e.nonce,swigAddress:e.swigAddress,vaultUsdcAta:n,clientDataJSON:e.clientDataJSON,authenticatorData:e.authenticatorData,payer:e.payer,siblingSessionPdas:e.siblingSessionPdas})}var N=class{network="solana:mainnet";swigAddress;vaultPda;connection;vaultPdaKey;passkey;feePayer;confirmOptions;constructor(t){this.connection=t.connection,this.swigAddress=typeof t.swigAddress=="string"?t.swigAddress:t.swigAddress.toBase58(),this.vaultPdaKey=typeof t.vaultPda=="string"?new l(t.vaultPda):t.vaultPda,this.vaultPda=this.vaultPdaKey.toBase58(),this.passkey=t.passkeySigner,this.feePayer=t.feePayer,this.confirmOptions=t.confirmOptions??{commitment:"confirmed"}}async authorizeSession(t){let n=new l(t.allowedCounterparty),i=g(t.revolvingCapacityAtomic??t.maxAmountAtomic),r=J(),s=de(),o=V({programId:O,vaultPda:this.vaultPdaKey,sessionPubkey:r.publicKey,maxAmount:g(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:s}),~~a=A(o),~~{signature:u,clientDataJSON:y,authenticatorData:m}=await this.passkey.~~sign~~(a),h=X(~~m,A~~(y)),c=R(this.passkey.publicKey,u,h),d=ue(await le(this.connection,this.vaultPdaKey)),S=me({vaultPda:this.vaultPdaKey,swigAddress:new l(this.swigAddress),sessionPubkey:r.publicKey,maxAmount:g(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:s,clientDataJSON:y,authenticatorData:m,payer:this.feePayer.publicKey,siblingSessionPdas:d}),p=new q().add(c,S);p.feePayer=this.feePayer.publicKey;let{blockhash:T}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);p.recentBlockhash=T,p.sign(this.feePayer);let Y=await this.connection.sendRawTransaction(p.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:Y,blockhash:T,lastValidBlockHeight:(await this.connection.getLatestBlockhash(this.confirmOptions.commitment)).lastValidBlockHeight},this.confirmOptions.commitment),await ye(this.connection,this.vaultPdaKey,n,{expectedSessionPubkey:r.publicKey,timeoutMs:2e4}),H(r,t,o)}async signWithSession(t,n){let i=await ge(n.channelId);return G(t,n,i)}async signOpenTab(t,n){return t.registration}async signCloseTab(t,n,i){let r=L({programId:O,vaultPda:this.vaultPdaKey,sessionPubkey:t.publicKey}),~~s=A(r),~~{signature:o,clientDataJSON:a,authenticatorData:u}=await this.passkey.~~sign~~(s),y=X(~~u,A~~(a)),m=R(this.passkey.publicKey,o,y),h=B({vaultPda:this.vaultPdaKey,allowedCounterparty:new l(t.scope.allowedCounterparty),clientDataJSON:a,authenticatorData:u}),c=new q().add(m,h);c.feePayer=this.feePayer.publicKey;let{blockhash:d,lastValidBlockHeight:S}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);c.recentBlockhash=d,c.sign(this.feePayer);let p=await this.connection.sendRawTransaction(c.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:p,blockhash:d,lastValidBlockHeight:S},this.confirmOptions.commitment),r}};function Xe(e){return new N(e)}function X(e,t){let n=new Uint8Array(e.length+t.length);return n.set(e,0),n.set(t,e.length),n}function de(){return Math.floor(Math.random()4294967295)>>>0}async function ge(e){if(/^[0-9a-f]{64}$/i.test(e))return Ae(e);let{sha256:t}=await import("@noble/hashes/sha256");return t(new TextEncoder().encode(e))}function Ae(e){let t=new Uint8Array(e.length/2);for(let n=0;n<t.length;n++)t[n]=parseInt(e.substr(n2,2),16);return t}export{me as buildAdapterRegisterInstruction,Xe as createSolanaVaultAdapter,ne as deriveChannelId,ce as passkeySignerFromP256Keypair};
1	+ import{PublicKey as u,Transaction as G}from"@solana/web3.js";import{getAssociatedTokenAddressSync as ce}from"@solana/spl-token";var Y="solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",z="solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",j="solana:4uhcVJyU9pJkvQyS88uRDiswHXSCkY3z";var S="eip155:8453",x="eip155:84532",f="eip155:42161",P="eip155:137",b="eip155:10",E="eip155:43114",K="eip155:56",v="eip155:1187947933",w="eip155:324705682",C="eip155:1";var _="EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";var Z="0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",Q="0x55d398326f99059fF775485246999027B3197955",N="0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",Ae={[K]:N,[S]:Z,[x]:"0x036CbD53842c5426634e7929541eC2318f3dCF7e",[f]:"0xaf88d065e77c8cC2239327C5EDb3A432268e5831",[P]:"0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",[b]:"0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",[E]:"0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E",[v]:"0x85889c8c714505E0c94b30fcfcF64fE3Ac8FCb20",[w]:"0x2e08028E3C4c2356572E096d8EF835cD5C6030bD",[C]:"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"},he={[Q]:{symbol:"USDT",decimals:18},[N]:{symbol:"USDC",decimals:18}};var Se={[K]:56,[S]:8453,[x]:84532,[f]:42161,[P]:137,[b]:10,[E]:43114,[v]:1187947933,[w]:324705682,[C]:1},xe={[Y]:"https://api.dexter.cash/api/solana/rpc",[z]:"https://api.devnet.solana.com",[j]:"https://api.testnet.solana.com"},fe={[K]:"https://api.dexter.cash/api/evm/bsc/rpc",[S]:"https://api.dexter.cash/api/base/rpc",[x]:"https://sepolia.base.org",[f]:"https://api.dexter.cash/api/evm/arbitrum/rpc",[P]:"https://api.dexter.cash/api/evm/polygon/rpc",[b]:"https://api.dexter.cash/api/evm/optimism/rpc",[E]:"https://api.dexter.cash/api/evm/avalanche/rpc",[v]:"https://skale-base.skalenodes.com/v1/base",[w]:"https://base-sepolia-testnet.skalenodes.com/v1/jubilant-horrible-ancha",[C]:"https://eth.llamarpc.com"};import{buildRegisterSessionKeyInstruction as D,buildRevokeSessionKeyInstruction as I,deriveSwigWalletAddress as k}from"@dexterai/vault/instructions";import{buildSecp256r1VerifyInstruction as R}from"@dexterai/vault/precompile";import{DEXTER_VAULT_PROGRAM_ID as O,SECP256R1_PROGRAM_ID as we,INSTRUCTIONS_SYSVAR_ID as Ce}from"@dexterai/vault/constants";import{sessionRegisterMessage as B,sessionRevokeMessage as M,voucherPayloadMessage as V,buildVoucherMessage as Ue}from"@dexterai/vault/messages";import L from"tweetnacl";import{sha256 as ee}from"@noble/hashes/sha256";function W(){let e=L.sign.keyPair();return{publicKey:e.publicKey,privateKey:e.secretKey}}function F(e,t,n){return{publicKey:e.publicKey,privateKey:e.privateKey,scope:t,registration:n}}function J(e,t,n){if(n.length!==32)throw new Error(`channelIdBytes must be 32 bytes, got ${n.length}`);let i=BigInt(t.cumulativeAmount),r=BigInt(e.scope.maxAmountAtomic);if(i>r)throw new Error(`voucher cumulative ${i} exceeds session cap ${r}`);let s=Math.floor(Date.now()/1e3);if(s>=e.scope.expiresAtUnix)throw new Error(`session expired at ${e.scope.expiresAtUnix}, now ${s}`);let o=V({channelId:n,cumulativeAmount:i,sequenceNumber:t.sequenceNumber}),a=L.sign.detached(o,e.privateKey);return{payload:t,sessionPublicKey:e.publicKey,sessionRegistration:e.registration,sessionSignature:a}}function d(e){if(!/^\d+$/.test(e))throw new Error(`atomic amount must be a non-negative integer string, got "${e}"`);return BigInt(e)}function te(e){let t=new Uint8Array(8);new DataView(t.buffer).setBigUint64(0,e.nonce,!0);let n=new TextEncoder().encode(e.sellerUrl),i=ee.create();return i.update(e.vaultPda.toBytes()),i.update(n),i.update(t),i.digest()}import{fetchVaultSessionAccounts as pe,sessionPdasOf as ue,waitForSession as le}from"@dexterai/vault/session";import{sha256 as $}from"@noble/hashes/sha256";import{p256 as ne}from"@noble/curves/p256";import{sha256 as g}from"@noble/hashes/sha256";var H="dexter.cash";function ie(e){return Buffer.from(e).toString("base64").replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function re(e,t=`https://${H}`){let i={type:"webauthn.get",challenge:ie(e),origin:t,crossOrigin:!1};return new TextEncoder().encode(JSON.stringify(i))}function se(e=1){let t=g(new TextEncoder().encode(H)),n=new Uint8Array(37);return n.set(t,0),n[32]=5,new DataView(n.buffer).setUint32(33,e,!1),n}function oe(e,t){let n=re(t),i=se(1),r=new Uint8Array(i.length+32);r.set(i,0),r.set(g(n),i.length);let s=g(r);return{signature:ne.sign(s,e.privateKey,{lowS:!0}).toCompactRawBytes(),clientDataJSON:n,authenticatorData:i}}function ae(e){return{credentialId:new Uint8Array(0),publicKey:e.publicKey,signOperation:async t=>oe(e,g(t))}}function ye(e){let t=k(e.swigAddress),n=ce(new u(_),t,!0);return D({vaultPda:e.vaultPda,sessionPubkey:e.sessionPubkey,maxAmount:e.maxAmount,maxRevolvingCapacity:e.maxRevolvingCapacity,expiresAt:e.expiresAt,allowedCounterparty:e.allowedCounterparty,nonce:e.nonce,swigAddress:e.swigAddress,vaultUsdcAta:n,clientDataJSON:e.clientDataJSON,authenticatorData:e.authenticatorData,payer:e.payer,siblingSessionPdas:e.siblingSessionPdas})}var U=class{network="solana:mainnet";swigAddress;vaultPda;connection;vaultPdaKey;passkey;feePayer;confirmOptions;constructor(t){this.connection=t.connection,this.swigAddress=typeof t.swigAddress=="string"?t.swigAddress:t.swigAddress.toBase58(),this.vaultPdaKey=typeof t.vaultPda=="string"?new u(t.vaultPda):t.vaultPda,this.vaultPda=this.vaultPdaKey.toBase58(),this.passkey=t.passkeySigner,this.feePayer=t.feePayer,this.confirmOptions=t.confirmOptions??{commitment:"confirmed"}}async authorizeSession(t){let n=new u(t.allowedCounterparty),i=d(t.revolvingCapacityAtomic??t.maxAmountAtomic),r=W(),s=me(),o=B({programId:O,vaultPda:this.vaultPdaKey,sessionPubkey:r.publicKey,maxAmount:d(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:s}),{signature:a,clientDataJSON:l,authenticatorData:y}=await this.passkey.signOperation(o),A=q(y,$(l)),c=R(this.passkey.publicKey,a,A),m=ue(await pe(this.connection,this.vaultPdaKey)),h=ye({vaultPda:this.vaultPdaKey,swigAddress:new u(this.swigAddress),sessionPubkey:r.publicKey,maxAmount:d(t.maxAmountAtomic),maxRevolvingCapacity:i,expiresAt:BigInt(t.expiresAtUnix),allowedCounterparty:n,nonce:s,clientDataJSON:l,authenticatorData:y,payer:this.feePayer.publicKey,siblingSessionPdas:m}),p=new G().add(c,h);p.feePayer=this.feePayer.publicKey;let{blockhash:T}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);p.recentBlockhash=T,p.sign(this.feePayer);let X=await this.connection.sendRawTransaction(p.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:X,blockhash:T,lastValidBlockHeight:(await this.connection.getLatestBlockhash(this.confirmOptions.commitment)).lastValidBlockHeight},this.confirmOptions.commitment),await le(this.connection,this.vaultPdaKey,n,{expectedSessionPubkey:r.publicKey,timeoutMs:2e4}),F(r,t,o)}async signWithSession(t,n){let i=await de(n.channelId);return J(t,n,i)}async signOpenTab(t,n){return t.registration}async signCloseTab(t,n,i){let r=M({programId:O,vaultPda:this.vaultPdaKey,sessionPubkey:t.publicKey}),{signature:s,clientDataJSON:o,authenticatorData:a}=await this.passkey.signOperation(r),l=q(a,$(o)),y=R(this.passkey.publicKey,s,l),A=I({vaultPda:this.vaultPdaKey,allowedCounterparty:new u(t.scope.allowedCounterparty),clientDataJSON:o,authenticatorData:a}),c=new G().add(y,A);c.feePayer=this.feePayer.publicKey;let{blockhash:m,lastValidBlockHeight:h}=await this.connection.getLatestBlockhash(this.confirmOptions.commitment);c.recentBlockhash=m,c.sign(this.feePayer);let p=await this.connection.sendRawTransaction(c.serialize(),{skipPreflight:!1,preflightCommitment:this.confirmOptions.preflightCommitment??this.confirmOptions.commitment});return await this.connection.confirmTransaction({signature:p,blockhash:m,lastValidBlockHeight:h},this.confirmOptions.commitment),r}};function qe(e){return new U(e)}function q(e,t){let n=new Uint8Array(e.length+t.length);return n.set(e,0),n.set(t,e.length),n}function me(){return Math.floor(Math.random()4294967295)>>>0}async function de(e){if(/^[0-9a-f]{64}$/i.test(e))return ge(e);let{sha256:t}=await import("@noble/hashes/sha256");return t(new TextEncoder().encode(e))}function ge(e){let t=new Uint8Array(e.length/2);for(let n=0;n<t.length;n++)t[n]=parseInt(e.substr(n2,2),16);return t}export{ye as buildAdapterRegisterInstruction,qe as createSolanaVaultAdapter,te as deriveChannelId,ae as passkeySignerFromP256Keypair};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dexterai/x402",
-  "version": "4.1.0",
+  "version": "5.0.0",
   "description": "Full-stack x402 SDK - add paid API monetization to any endpoint. Express middleware, React hooks, Access Pass, dynamic pricing. Solana, Base, Polygon, Arbitrum, Optimism, Avalanche, SKALE.",
   "author": "Dexter",
   "license": "MIT",
@@ -76,7 +76,6 @@
     "release:major": "npm version major && npm publish --access public"
   },
   "dependencies": {
-    "@dexterai/vault": "^0.13.0",
     "@dexterai/x402-ads-types": "^0.2.0",
     "@dexterai/x402-core": "^1.4.0",
     "@noble/curves": "^1.9.7",
@@ -89,6 +88,7 @@
     "tweetnacl": "^1.0.3"
   },
   "devDependencies": {
+    "@dexterai/vault": "^0.19.0",
     "@types/aws-lambda": "^8.10.161",
     "@types/express": "^5.0.6",
     "@types/node": "^22.10.0",
@@ -103,6 +103,7 @@
     "vitest": "^2.1.8"
   },
   "peerDependencies": {
+    "@dexterai/vault": ">=0.19.0",
     "@solana/wallet-adapter-base": "^0.9.0",
     "react": "^18.0.0 || ^19.0.0",
     "stripe": "^20.0.0",