@droplinked_inc/wallet-connection 0.1.1

package/dist/connectors/phantom.js

@@ -0,0 +1,340 @@
+/**
+ * Phantom (Solana) connector.
+ *
+ * Hardening deltas vs. v1.0.1:
+ *   1. No `window.open('https://phantom.app/', '_blank')` redirect — the
+ *      original silently popped a new tab when Phantom was missing, which
+ *      is a phishing-friendly UX. We throw a typed error and let the host
+ *      app decide what to render.
+ *   2. No `while(true) { sleep; getParsedTransaction }` busy-loop — the
+ *      original could hang a tab forever if the network stalled. We
+ *      surface the unsigned-transaction hash and let the caller poll.
+ *   3. No `console.log(error); throw error` — errors propagate without
+ *      leaking through stdout.
+ *   4. Signature buffer is returned as base64 rather than the raw
+ *      Uint8Array — same format as MetaMask EIP-712 output so server
+ *      verification is uniform.
+ *   5. Login signs a SIWS-style (Sign-In With Solana, https://siws.xyz/)
+ *      JSON payload with domain, nonce, chainId, issuedAt,
+ *      expirationTime — NOT a static plaintext. The signature is
+ *      bound to origin + chain + time and cannot be replayed across
+ *      sites or sessions. Verification is provided alongside.
+ */
+import { z } from 'zod';
+import * as ed25519 from '@noble/ed25519';
+import { Chain, ChainWallet, Network } from '../types.js';
+import { InvalidSignatureError, OriginMismatchError, SignaturePayloadInvalidError, WalletNotFoundException, } from '../errors.js';
+function requirePhantom() {
+    const g = globalThis;
+    if (g.solana === undefined || g.solana.isPhantom !== true) {
+        throw new WalletNotFoundException('Phantom wallet not found. Install Phantom from https://phantom.app/ and reload.');
+    }
+    // LOW-1: When `window.phantom.solana` is set, cross-check that the
+    // injected `window.solana` is the same surface. This stops a wallet
+    // that sets `isPhantom: true` on its own `window.solana` injection
+    // from impersonating Phantom in the presence of the canonical
+    // `window.phantom` namespace.
+    if (g.phantom?.solana !== undefined && g.phantom.solana !== g.solana) {
+        throw new WalletNotFoundException('window.solana and window.phantom.solana differ — possible Phantom impersonation');
+    }
+    return g.solana;
+}
+/* -------------------------------------------------------------------------- */
+/*  SIWS-style login payload (CRITICAL-2 mitigation)                           */
+/* -------------------------------------------------------------------------- */
+/**
+ * Default human-readable statement embedded in the signed payload so
+ * Phantom's prompt explains *why* the user is signing.
+ */
+export const DEFAULT_SOLANA_LOGIN_STATEMENT = 'Sign in to droplinked. This signature does not authorize any token transfer.';
+/** Allowed Solana chain identifiers; `chain` is bound into the payload. */
+export const SOLANA_CHAIN_IDS = ['solana-mainnet', 'solana-devnet', 'solana-testnet'];
+/** Hard upper bound on payload TTL — refused at build time. */
+export const SOLANA_LOGIN_MAX_TTL_SECONDS = 15 * 60;
+/** Default TTL when caller does not specify one. */
+export const SOLANA_LOGIN_DEFAULT_TTL_SECONDS = 5 * 60;
+export const SolanaLoginPayloadSchema = z.object({
+    domain: z
+        .string()
+        .min(1)
+        .max(253)
+        .regex(/^[a-z0-9.\-:]+$/iu, 'invalid domain'),
+    address: z.string().min(32).max(64).regex(/^[1-9A-HJ-NP-Za-km-z]+$/u, 'invalid base58 address'),
+    chain: z.enum(SOLANA_CHAIN_IDS),
+    nonce: z
+        .string()
+        .min(8)
+        .max(128)
+        .regex(/^[A-Za-z0-9_-]+$/u, 'nonce must be url-safe'),
+    issuedAt: z.string().datetime(),
+    expirationTime: z.string().datetime(),
+    statement: z.string().max(512),
+});
+/** 256-bit URL-safe nonce. */
+function generateSolanaNonce() {
+    const c = globalThis.crypto;
+    if (c === undefined || typeof c.getRandomValues !== 'function') {
+        throw new Error('Web Crypto API unavailable; cannot generate nonce');
+    }
+    const bytes = new Uint8Array(32);
+    c.getRandomValues(bytes);
+    let bin = '';
+    for (let i = 0; i < bytes.length; i++) {
+        bin += String.fromCharCode(bytes[i]);
+    }
+    return btoa(bin).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/u, '');
+}
+function extractHost(origin) {
+    try {
+        return new URL(origin).host;
+    }
+    catch {
+        throw new SignaturePayloadInvalidError(`invalid origin: ${origin}`);
+    }
+}
+/**
+ * Build a SIWS-style login payload binding the signature to
+ * (domain, chain, nonce, issuedAt, expirationTime). Refuses any TTL
+ * over `SOLANA_LOGIN_MAX_TTL_SECONDS`.
+ */
+export function buildSolanaLoginPayload(args) {
+    const ttl = args.expiresInSeconds ?? SOLANA_LOGIN_DEFAULT_TTL_SECONDS;
+    if (ttl <= 0 || ttl > SOLANA_LOGIN_MAX_TTL_SECONDS) {
+        throw new SignaturePayloadInvalidError(`expiresInSeconds must be in (0, ${SOLANA_LOGIN_MAX_TTL_SECONDS}]; got ${ttl}`);
+    }
+    const issuedAt = new Date().toISOString();
+    const expirationTime = new Date(Date.now() + ttl * 1000).toISOString();
+    const payload = {
+        domain: extractHost(args.origin),
+        address: args.address,
+        chain: args.chain,
+        nonce: generateSolanaNonce(),
+        issuedAt,
+        expirationTime,
+        statement: args.statement ?? DEFAULT_SOLANA_LOGIN_STATEMENT,
+    };
+    const parsed = SolanaLoginPayloadSchema.safeParse(payload);
+    if (!parsed.success) {
+        throw new SignaturePayloadInvalidError(parsed.error.message);
+    }
+    return parsed.data;
+}
+/**
+ * Canonicalize the payload to a deterministic JSON string with sorted
+ * keys. This is what gets signed — same string on both sides of the
+ * verification boundary.
+ */
+export function canonicalizeSolanaLoginPayload(payload) {
+    const sortedKeys = Object.keys(payload).sort();
+    const sorted = {};
+    for (const k of sortedKeys) {
+        sorted[k] = payload[k];
+    }
+    return JSON.stringify(sorted);
+}
+/* -------------------------------------------------------------------------- */
+/*  base58 decoder (for Solana public keys)                                   */
+/* -------------------------------------------------------------------------- */
+// eslint-disable-next-line no-secrets/no-secrets -- Base58 alphabet (public constant, not a secret)
+const BASE58_ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+const BASE58_MAP = (() => {
+    const m = {};
+    for (let i = 0; i < BASE58_ALPHABET.length; i++) {
+        m[BASE58_ALPHABET[i]] = i;
+    }
+    return m;
+})();
+/** Decode a base58-encoded string into bytes. Throws on invalid input. */
+export function base58Decode(input) {
+    if (input.length === 0) {
+        return new Uint8Array();
+    }
+    const bytes = [0];
+    for (const c of input) {
+        const v = BASE58_MAP[c];
+        if (v === undefined) {
+            throw new SignaturePayloadInvalidError(`invalid base58 character: ${c}`);
+        }
+        let carry = v;
+        for (let j = 0; j < bytes.length; j++) {
+            const x = bytes[j] * 58 + carry;
+            bytes[j] = x & 0xff;
+            carry = x >>> 8;
+        }
+        while (carry > 0) {
+            bytes.push(carry & 0xff);
+            carry >>>= 8;
+        }
+    }
+    // leading zeros
+    for (let k = 0; k < input.length && input[k] === '1'; k++) {
+        bytes.push(0);
+    }
+    return new Uint8Array(bytes.reverse());
+}
+function base64DecodeToBytes(s) {
+    const bin = atob(s);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+/**
+ * Verify a Phantom (Solana) SIWS-style login signature.
+ *
+ * Checks (in order):
+ *   1. Payload shape validates against `SolanaLoginPayloadSchema`.
+ *   2. `payload.chain === expectedChain` (cross-network replay refused).
+ *   3. `payload.domain === host(expectedOrigin)` (origin-spoofing refused).
+ *   4. `payload.address === expectedAddress`.
+ *   5. `now < expirationTime` AND `issuedAt <= now` (freshness).
+ *   6. The base64 signature is a valid ed25519 signature over
+ *      `utf8(canonicalizeSolanaLoginPayload(payload))` for the public
+ *      key derived from `expectedAddress` (base58-decoded).
+ *
+ * Note: nonce replay tracking is the responsibility of the server-side
+ * caller — this function does not maintain a seen-nonces store. The
+ * canonical pattern is to record `(payload.nonce, payload.address)`
+ * in a short-lived store keyed by `expirationTime` and reject any
+ * second presentation.
+ */
+export async function verifySolanaLoginSignature(args) {
+    const parsed = SolanaLoginPayloadSchema.safeParse(args.payload);
+    if (!parsed.success) {
+        throw new SignaturePayloadInvalidError(parsed.error.message);
+    }
+    const payload = parsed.data;
+    if (payload.chain !== args.expectedChain) {
+        throw new InvalidSignatureError(`chain mismatch: payload=${payload.chain} expected=${args.expectedChain}`);
+    }
+    const expectedHost = extractHost(args.expectedOrigin).toLowerCase();
+    if (payload.domain.toLowerCase() !== expectedHost) {
+        throw new OriginMismatchError(`origin mismatch: payload=${payload.domain} expected=${expectedHost}`);
+    }
+    if (payload.address !== args.expectedAddress) {
+        throw new InvalidSignatureError(`address mismatch: payload=${payload.address} expected=${args.expectedAddress}`);
+    }
+    const now = args.nowMs ?? Date.now();
+    const expMs = Date.parse(payload.expirationTime);
+    if (Number.isNaN(expMs) || expMs <= now) {
+        throw new InvalidSignatureError('login payload expired');
+    }
+    const issMs = Date.parse(payload.issuedAt);
+    if (Number.isNaN(issMs) || issMs > now + 60_000) {
+        // tolerate up to 60s clock skew
+        throw new InvalidSignatureError('login payload issuedAt is in the future');
+    }
+    const canonical = canonicalizeSolanaLoginPayload(payload);
+    const messageBytes = new TextEncoder().encode(canonical);
+    let signatureBytes;
+    try {
+        signatureBytes = base64DecodeToBytes(args.signature);
+    }
+    catch {
+        throw new InvalidSignatureError('signature is not valid base64');
+    }
+    if (signatureBytes.length !== 64) {
+        throw new InvalidSignatureError(`signature wrong length: expected 64 bytes, got ${signatureBytes.length}`);
+    }
+    const pubkeyBytes = base58Decode(args.expectedAddress);
+    if (pubkeyBytes.length !== 32) {
+        throw new SignaturePayloadInvalidError(`expected address decodes to ${pubkeyBytes.length} bytes; want 32`);
+    }
+    const ok = await ed25519.verifyAsync(signatureBytes, messageBytes, pubkeyBytes);
+    if (!ok) {
+        throw new InvalidSignatureError('signature did not verify against expected pubkey');
+    }
+}
+function resolveOrigin() {
+    const g = globalThis;
+    return g.location?.origin ?? 'https://droplinked.com';
+}
+function defaultChainId(network) {
+    return network === Network.MAINNET ? 'solana-mainnet' : 'solana-devnet';
+}
+export class PhantomConnector {
+    chain = Chain.SOLANA;
+    network;
+    address = '';
+    wallet = ChainWallet.PhantomWallet;
+    origin;
+    chainId;
+    constructor(networkOrOptions) {
+        if (typeof networkOrOptions === 'string') {
+            this.network = networkOrOptions;
+            this.origin = resolveOrigin();
+            this.chainId = defaultChainId(networkOrOptions);
+        }
+        else {
+            this.network = networkOrOptions.network;
+            this.origin = networkOrOptions.origin ?? resolveOrigin();
+            this.chainId = networkOrOptions.chainId ?? defaultChainId(networkOrOptions.network);
+        }
+    }
+    setAddress(address) {
+        this.address = address;
+        return this;
+    }
+    setWallet(wallet) {
+        if (wallet !== ChainWallet.PhantomWallet) {
+            throw new WalletNotFoundException(`PhantomConnector only supports PhantomWallet; got ${wallet}`);
+        }
+        this.wallet = wallet;
+        return this;
+    }
+    /**
+     * Connect + SIWS-style typed login. Builds a fresh payload with a
+     * 256-bit nonce, binds it to origin + chain + time, asks Phantom to
+     * sign the canonicalized JSON, and returns the payload alongside the
+     * base64 signature. Server-side verification uses
+     * `verifySolanaLoginSignature`.
+     *
+     * Replaces the v1.0.1 / pre-audit static-plaintext signMessage path,
+     * which was replayable across origins, chains, and sessions.
+     */
+    async walletLogin() {
+        const provider = requirePhantom();
+        const resp = await provider.connect();
+        const address = resp.publicKey.toString();
+        const payload = buildSolanaLoginPayload({
+            address,
+            chain: this.chainId,
+            origin: this.origin,
+        });
+        const canonical = canonicalizeSolanaLoginPayload(payload);
+        const encoded = new TextEncoder().encode(canonical);
+        const signed = await provider.signMessage(encoded, 'utf8');
+        this.address = address;
+        return {
+            address,
+            signature: toBase64(signed.signature),
+            payload,
+        };
+    }
+    /**
+     * SPL token transfer is intentionally not implemented in this minimal
+     * recover+harden. The original v1.0.1 relied on the long-deprecated
+     * `@solana/spl-token` v0.1.x Token-class API (removed in v0.2). Re-
+     * implementing it correctly against the current `@solana/spl-token` v0.4
+     * APIs is out of scope for the first PR; it will land in a follow-up.
+     *
+     * The method throws a typed error so consumers fail loudly rather than
+     * silently mis-routing a transfer.
+     */
+    paymentWithToken(_receiver, _amount, _tokenAddress) {
+        return Promise.reject(new Error('PhantomConnector.paymentWithToken(): SPL transfer pending. ' +
+            'Tracked in follow-up; do not call in production.'));
+    }
+    payment(_data) {
+        return Promise.reject(new Error('PhantomConnector.payment(): Solana checkout not implemented'));
+    }
+}
+/** base64-encode a Uint8Array. Browser-safe; no Buffer dependency. */
+export function toBase64(bytes) {
+    let bin = '';
+    for (let i = 0; i < bytes.length; i++) {
+        bin += String.fromCharCode(bytes[i]);
+    }
+    return btoa(bin);
+}
+//# sourceMappingURL=phantom.js.map

package/dist/connectors/phantom.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"phantom.js","sourceRoot":"","sources":["../../src/connectors/phantom.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,OAAO,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAA0C,MAAM,aAAa,CAAC;AAClG,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,4BAA4B,EAC5B,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAStB,SAAS,cAAc;IACrB,MAAM,CAAC,GAAG,UAGT,CAAC;IACF,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,IAAI,uBAAuB,CAC/B,iFAAiF,CAClF,CAAC;IACJ,CAAC;IACD,mEAAmE;IACnE,oEAAoE;IACpE,mEAAmE;IACnE,8DAA8D;IAC9D,8BAA8B;IAC9B,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,KAAK,SAAS,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QACrE,MAAM,IAAI,uBAAuB,CAC/B,iFAAiF,CAClF,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,CAAC,MAAM,CAAC;AAClB,CAAC;AAED,gFAAgF;AAChF,iFAAiF;AACjF,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,CAAC,MAAM,8BAA8B,GACzC,8EAA8E,CAAC;AAEjF,2EAA2E;AAC3E,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,gBAAgB,EAAE,eAAe,EAAE,gBAAgB,CAAU,CAAC;AAG/F,+DAA+D;AAC/D,MAAM,CAAC,MAAM,4BAA4B,GAAG,EAAE,GAAG,EAAE,CAAC;AACpD,oDAAoD;AACpD,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,GAAG,EAAE,CAAC;AAEvD,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,MAAM,EAAE,CAAC;SACN,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,GAAG,CAAC;SACR,KAAK,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;IAC/C,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,0BAA0B,EAAE,wBAAwB,CAAC;IAC/F,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC;IAC/B,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,GAAG,CAAC;SACR,KAAK,CAAC,mBAAmB,EAAE,wBAAwB,CAAC;IACvD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;CAC/B,CAAC,CAAC;AAYH,8BAA8B;AAC9B,SAAS,mBAAmB;IAC1B,MAAM,CAAC,GAAI,UAA0E,CAAC,MAAM,CAAC;IAC7F,IAAI,CAAC,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;QAC/D,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IACzB,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAW,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,4BAA4B,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC;IACtE,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAiC;IACvE,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,IAAI,gCAAgC,CAAC;IACtE,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,GAAG,4BAA4B,EAAE,CAAC;QACnD,MAAM,IAAI,4BAA4B,CACpC,mCAAmC,4BAA4B,UAAU,GAAG,EAAE,CAC/E,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC1C,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IACvE,MAAM,OAAO,GAAuB;QAClC,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;QAChC,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,KAAK,EAAE,mBAAmB,EAAE;QAC5B,QAAQ;QACR,cAAc;QACd,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,8BAA8B;KAC5D,CAAC;IACF,MAAM,MAAM,GAAG,wBAAwB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC3D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,4BAA4B,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAA2B;IACxE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/C,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,MAAM,CAAC,CAAC,CAAC,GAAI,OAA8C,CAAC,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,gFAAgF;AAChF,gFAAgF;AAChF,gFAAgF;AAEhF,oGAAoG;AACpG,MAAM,eAAe,GAAG,4DAA4D,CAAC;AACrF,MAAM,UAAU,GAAqC,CAAC,GAAG,EAAE;IACzD,MAAM,CAAC,GAA2B,EAAE,CAAC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChD,CAAC,CAAC,eAAe,CAAC,CAAC,CAAW,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC,CAAC,EAAE,CAAC;AAEL,0EAA0E;AAC1E,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,UAAU,EAAE,CAAC;IAC1B,CAAC;IACD,MAAM,KAAK,GAAa,CAAC,CAAC,CAAC,CAAC;IAC5B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,4BAA4B,CAAC,6BAA6B,CAAC,EAAE,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,CAAC,GAAI,KAAK,CAAC,CAAC,CAAY,GAAG,EAAE,GAAG,KAAK,CAAC;YAC5C,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;YACpB,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,KAAK,GAAG,CAAC,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;YACzB,KAAK,MAAM,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IACD,gBAAgB;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAChB,CAAC;IACD,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AACzC,CAAC;AAgBD,SAAS,mBAAmB,CAAC,CAAS;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,IAA2B;IAE3B,MAAM,MAAM,GAAG,wBAAwB,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAChE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,4BAA4B,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC;IAE5B,IAAI,OAAO,CAAC,KAAK,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;QACzC,MAAM,IAAI,qBAAqB,CAC7B,2BAA2B,OAAO,CAAC,KAAK,aAAa,IAAI,CAAC,aAAa,EAAE,CAC1E,CAAC;IACJ,CAAC;IACD,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC;IACpE,IAAI,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,YAAY,EAAE,CAAC;QAClD,MAAM,IAAI,mBAAmB,CAC3B,4BAA4B,OAAO,CAAC,MAAM,aAAa,YAAY,EAAE,CACtE,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,OAAO,KAAK,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7C,MAAM,IAAI,qBAAqB,CAC7B,6BAA6B,OAAO,CAAC,OAAO,aAAa,IAAI,CAAC,eAAe,EAAE,CAChF,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACjD,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;QACxC,MAAM,IAAI,qBAAqB,CAAC,uBAAuB,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,GAAG,GAAG,MAAM,EAAE,CAAC;QAChD,gCAAgC;QAChC,MAAM,IAAI,qBAAqB,CAAC,yCAAyC,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,SAAS,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;IAC1D,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACzD,IAAI,cAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,cAAc,GAAG,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,qBAAqB,CAAC,+BAA+B,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,cAAc,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACjC,MAAM,IAAI,qBAAqB,CAC7B,kDAAkD,cAAc,CAAC,MAAM,EAAE,CAC1E,CAAC;IACJ,CAAC;IACD,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACvD,IAAI,WAAW,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC9B,MAAM,IAAI,4BAA4B,CACpC,+BAA+B,WAAW,CAAC,MAAM,iBAAiB,CACnE,CAAC;IACJ,CAAC;IACD,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,cAAc,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IAChF,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,qBAAqB,CAAC,kDAAkD,CAAC,CAAC;IACtF,CAAC;AACH,CAAC;AAcD,SAAS,aAAa;IACpB,MAAM,CAAC,GAAG,UAA2D,CAAC;IACtE,OAAO,CAAC,CAAC,QAAQ,EAAE,MAAM,IAAI,wBAAwB,CAAC;AACxD,CAAC;AAED,SAAS,cAAc,CAAC,OAAgB;IACtC,OAAO,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,eAAe,CAAC;AAC1E,CAAC;AAED,MAAM,OAAO,gBAAgB;IACX,KAAK,GAAU,KAAK,CAAC,MAAM,CAAC;IAC5B,OAAO,CAAU;IAC1B,OAAO,GAAW,EAAE,CAAC;IACrB,MAAM,GAAgB,WAAW,CAAC,aAAa,CAAC;IACtC,MAAM,CAAS;IACf,OAAO,CAAgB;IAExC,YAAY,gBAAmD;QAC7D,IAAI,OAAO,gBAAgB,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,OAAO,GAAG,gBAAgB,CAAC;YAChC,IAAI,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;YAC9B,IAAI,CAAC,OAAO,GAAG,cAAc,CAAC,gBAAgB,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC;YACxC,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,IAAI,aAAa,EAAE,CAAC;YACzD,IAAI,CAAC,OAAO,GAAG,gBAAgB,CAAC,OAAO,IAAI,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAED,UAAU,CAAC,OAAe;QACxB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,SAAS,CAAC,MAAmB;QAC3B,IAAI,MAAM,KAAK,WAAW,CAAC,aAAa,EAAE,CAAC;YACzC,MAAM,IAAI,uBAAuB,CAC/B,qDAAqD,MAAM,EAAE,CAC9D,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,WAAW;QAKf,MAAM,QAAQ,GAAG,cAAc,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;QAE1C,MAAM,OAAO,GAAG,uBAAuB,CAAC;YACtC,OAAO;YACP,KAAK,EAAE,IAAI,CAAC,OAAO;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAE3D,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,OAAO;YACL,OAAO;YACP,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC;YACrC,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,gBAAgB,CACd,SAAiB,EACjB,OAAe,EACf,aAAqB;QAErB,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,KAAK,CACP,6DAA6D;YAC3D,kDAAkD,CACrD,CACF,CAAC;IACJ,CAAC;IAED,OAAO,CACL,KAAoB;QAEpB,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,KAAK,CAAC,6DAA6D,CAAC,CACzE,CAAC;IACJ,CAAC;CACF;AAED,sEAAsE;AACtE,MAAM,UAAU,QAAQ,CAAC,KAAiB;IACxC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAW,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC"}

package/dist/errors.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Typed error classes. All errors extend native Error so callers can use
+ * `instanceof` and stack traces work correctly. The original v1.0.1
+ * package's classes did *not* extend Error — that was a footgun that
+ * silently broke try/catch in framework error boundaries.
+ */
+export declare class WalletConnectionError extends Error {
+    readonly name: string;
+    constructor(message: string);
+}
+export declare class WalletNotFoundException extends WalletConnectionError {
+    readonly name = "WalletNotFoundException";
+    constructor(message: string);
+}
+export declare class AccountChangedException extends WalletConnectionError {
+    readonly name = "AccountChangedException";
+    constructor(message: string);
+}
+export declare class ChainNotImplementedException extends WalletConnectionError {
+    readonly name = "ChainNotImplementedException";
+    constructor(message: string);
+}
+export declare class InvalidSignatureError extends WalletConnectionError {
+    readonly name = "InvalidSignatureError";
+    constructor(message: string);
+}
+export declare class ChainMismatchError extends WalletConnectionError {
+    readonly name = "ChainMismatchError";
+    constructor(message: string);
+}
+export declare class OriginMismatchError extends WalletConnectionError {
+    readonly name = "OriginMismatchError";
+    constructor(message: string);
+}
+export declare class SignaturePayloadInvalidError extends WalletConnectionError {
+    readonly name = "SignaturePayloadInvalidError";
+    constructor(message: string);
+}
+/**
+ * Raised by `EvmConnector.submitRawTransaction` when the caller-supplied
+ * `to` does not match the configured checkout contract, or when the
+ * 4-byte function selector at the start of `data` is not on the explicit
+ * allowlist. The intent is to stop a compromised checkout API (or XSS in
+ * a consumer) from coercing the wallet into signing `approve(spender,
+ * MAX_UINT256)`, `setApprovalForAll`, NFT `safeTransferFrom`, etc.
+ */
+export declare class InvalidTransactionError extends WalletConnectionError {
+    readonly name = "InvalidTransactionError";
+    constructor(message: string);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,qBAAa,qBAAsB,SAAQ,KAAK;IAC9C,SAAkB,IAAI,EAAE,MAAM,CAA2B;gBAE7C,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,uBAAwB,SAAQ,qBAAqB;IAChE,SAAkB,IAAI,6BAA6B;gBACvC,OAAO,EAAE,MAAM;CAG5B;AAED,qBAAa,uBAAwB,SAAQ,qBAAqB;IAChE,SAAkB,IAAI,6BAA6B;gBACvC,OAAO,EAAE,MAAM;CAG5B;AAED,qBAAa,4BAA6B,SAAQ,qBAAqB;IACrE,SAAkB,IAAI,kCAAkC;gBAC5C,OAAO,EAAE,MAAM;CAG5B;AAED,qBAAa,qBAAsB,SAAQ,qBAAqB;IAC9D,SAAkB,IAAI,2BAA2B;gBACrC,OAAO,EAAE,MAAM;CAG5B;AAED,qBAAa,kBAAmB,SAAQ,qBAAqB;IAC3D,SAAkB,IAAI,wBAAwB;gBAClC,OAAO,EAAE,MAAM;CAG5B;AAED,qBAAa,mBAAoB,SAAQ,qBAAqB;IAC5D,SAAkB,IAAI,yBAAyB;gBACnC,OAAO,EAAE,MAAM;CAG5B;AAED,qBAAa,4BAA6B,SAAQ,qBAAqB;IACrE,SAAkB,IAAI,kCAAkC;gBAC5C,OAAO,EAAE,MAAM;CAG5B;AAED;;;;;;;GAOG;AACH,qBAAa,uBAAwB,SAAQ,qBAAqB;IAChE,SAAkB,IAAI,6BAA6B;gBACvC,OAAO,EAAE,MAAM;CAG5B"}

package/dist/errors.js

@@ -0,0 +1,70 @@
+/**
+ * Typed error classes. All errors extend native Error so callers can use
+ * `instanceof` and stack traces work correctly. The original v1.0.1
+ * package's classes did *not* extend Error — that was a footgun that
+ * silently broke try/catch in framework error boundaries.
+ */
+export class WalletConnectionError extends Error {
+    name = 'WalletConnectionError';
+    constructor(message) {
+        super(message);
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+export class WalletNotFoundException extends WalletConnectionError {
+    name = 'WalletNotFoundException';
+    constructor(message) {
+        super(message);
+    }
+}
+export class AccountChangedException extends WalletConnectionError {
+    name = 'AccountChangedException';
+    constructor(message) {
+        super(message);
+    }
+}
+export class ChainNotImplementedException extends WalletConnectionError {
+    name = 'ChainNotImplementedException';
+    constructor(message) {
+        super(message);
+    }
+}
+export class InvalidSignatureError extends WalletConnectionError {
+    name = 'InvalidSignatureError';
+    constructor(message) {
+        super(message);
+    }
+}
+export class ChainMismatchError extends WalletConnectionError {
+    name = 'ChainMismatchError';
+    constructor(message) {
+        super(message);
+    }
+}
+export class OriginMismatchError extends WalletConnectionError {
+    name = 'OriginMismatchError';
+    constructor(message) {
+        super(message);
+    }
+}
+export class SignaturePayloadInvalidError extends WalletConnectionError {
+    name = 'SignaturePayloadInvalidError';
+    constructor(message) {
+        super(message);
+    }
+}
+/**
+ * Raised by `EvmConnector.submitRawTransaction` when the caller-supplied
+ * `to` does not match the configured checkout contract, or when the
+ * 4-byte function selector at the start of `data` is not on the explicit
+ * allowlist. The intent is to stop a compromised checkout API (or XSS in
+ * a consumer) from coercing the wallet into signing `approve(spender,
+ * MAX_UINT256)`, `setApprovalForAll`, NFT `safeTransferFrom`, etc.
+ */
+export class InvalidTransactionError extends WalletConnectionError {
+    name = 'InvalidTransactionError';
+    constructor(message) {
+        super(message);
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC5B,IAAI,GAAW,uBAAuB,CAAC;IAEzD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAED,MAAM,OAAO,uBAAwB,SAAQ,qBAAqB;IAC9C,IAAI,GAAG,yBAAyB,CAAC;IACnD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED,MAAM,OAAO,uBAAwB,SAAQ,qBAAqB;IAC9C,IAAI,GAAG,yBAAyB,CAAC;IACnD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED,MAAM,OAAO,4BAA6B,SAAQ,qBAAqB;IACnD,IAAI,GAAG,8BAA8B,CAAC;IACxD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED,MAAM,OAAO,qBAAsB,SAAQ,qBAAqB;IAC5C,IAAI,GAAG,uBAAuB,CAAC;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED,MAAM,OAAO,kBAAmB,SAAQ,qBAAqB;IACzC,IAAI,GAAG,oBAAoB,CAAC;IAC9C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,qBAAqB;IAC1C,IAAI,GAAG,qBAAqB,CAAC;IAC/C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED,MAAM,OAAO,4BAA6B,SAAQ,qBAAqB;IACnD,IAAI,GAAG,8BAA8B,CAAC;IACxD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED;;;;;;;GAOG;AACH,MAAM,OAAO,uBAAwB,SAAQ,qBAAqB;IAC9C,IAAI,GAAG,yBAAyB,CAAC;IACnD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Public API surface for @droplinked_inc/wallet-connection.
+ *
+ * This package is a hardened rewrite of the original
+ * @droplinked/wallet-connection@1.0.1 (hostile-published by an external
+ * actor). The on-the-wire shape of types matches the original where
+ * feasible; behavior has been tightened — see THREAT_MODEL.md for the
+ * full delta.
+ */
+import { Chain, ChainWallet, Network, type ChainProvider } from './types.js';
+export { Chain, Network, ChainWallet, ProductType, type Proof, type Beneficiary, type CartItem, type IChainPayment, type ChainProvider, type EvmAddress, type LoginPayload, ProofSchema, BeneficiarySchema, CartItemSchema, ChainPaymentSchema, LoginPayloadSchema, EvmAddressSchema, ChainSchema, NetworkSchema, ChainWalletSchema, getEmptyProof, } from './types.js';
+export { WalletConnectionError, WalletNotFoundException, AccountChangedException, ChainNotImplementedException, InvalidSignatureError, ChainMismatchError, OriginMismatchError, SignaturePayloadInvalidError, InvalidTransactionError, } from './errors.js';
+export { EvmConnector, SUBMIT_RAW_TX_SELECTOR_ALLOWLIST, KNOWN_DRAINER_SELECTORS, } from './connectors/evm.js';
+export { PhantomConnector, buildSolanaLoginPayload, canonicalizeSolanaLoginPayload, verifySolanaLoginSignature, SolanaLoginPayloadSchema, SOLANA_CHAIN_IDS, SOLANA_LOGIN_MAX_TTL_SECONDS, SOLANA_LOGIN_DEFAULT_TTL_SECONDS, DEFAULT_SOLANA_LOGIN_STATEMENT, base58Decode, type SolanaLoginPayload, type SolanaChainId, type PhantomConnectorOptions, } from './connectors/phantom.js';
+export { isMetamaskInstalled, isCoinBaseInstalled, getAccounts, isWalletConnected, getBalance, selectMetaMaskProvider, selectCoinbaseProvider, discoverEip6963Providers, findProviderByRdns, WALLET_RDNS, type Eip1193Provider, type Eip6963ProviderInfo, type Eip6963ProviderDetail, type WalletRdns, } from './provider.js';
+export { getChainMetadata, hasChainMetadata, type ChainMetadata } from './chains.js';
+export { buildLoginPayload, signLoginPayload, verifyLoginSignature, generateNonce, constantTimeStringEquals, TYPED_DATA_DOMAIN_NAME, LOGIN_TYPES, } from './signing.js';
+export { saveSession, loadSession, clearSession, buildSession, WalletSessionSchema, type WalletSession, type SessionStorage, } from './session.js';
+export interface GetNetworkProviderArgs {
+    readonly chain: Chain;
+    readonly network: Network;
+    readonly address: string;
+    readonly wallet?: ChainWallet;
+    readonly checkoutContractAddress?: `0x${string}`;
+    readonly origin?: string;
+}
+/**
+ * Returns the correct ChainProvider for the (chain, network, wallet)
+ * triple. Mirrors the original `getNetworkProvider` factory but takes
+ * an options object rather than positional args.
+ */
+export declare function getNetworkProvider(args: GetNetworkProviderArgs): ChainProvider;
+/**
+ * @deprecated kept for v1.0.1 source compatibility. Use the standard
+ * Web APIs (`btoa` for strings) directly.
+ */
+export declare function toBase64(str: string): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EACL,KAAK,EACL,WAAW,EACX,OAAO,EAEP,KAAK,aAAa,EACnB,MAAM,YAAY,CAAC;AAMpB,OAAO,EACL,KAAK,EACL,OAAO,EACP,WAAW,EACX,WAAW,EACX,KAAK,KAAK,EACV,KAAK,WAAW,EAChB,KAAK,QAAQ,EACb,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,WAAW,EACX,aAAa,EACb,iBAAiB,EACjB,aAAa,GACd,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,EAC5B,qBAAqB,EACrB,kBAAkB,EAClB,mBAAmB,EACnB,4BAA4B,EAC5B,uBAAuB,GACxB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,YAAY,EACZ,gCAAgC,EAChC,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,8BAA8B,EAC9B,0BAA0B,EAC1B,wBAAwB,EACxB,gBAAgB,EAChB,4BAA4B,EAC5B,gCAAgC,EAChC,8BAA8B,EAC9B,YAAY,EACZ,KAAK,kBAAkB,EACvB,KAAK,aAAa,EAClB,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,sBAAsB,EACtB,sBAAsB,EACtB,wBAAwB,EACxB,kBAAkB,EAClB,WAAW,EACX,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,EAC1B,KAAK,UAAU,GAChB,MAAM,eAAe,CAAC;AAGvB,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AAGrF,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,aAAa,EACb,wBAAwB,EACxB,sBAAsB,EACtB,WAAW,GACZ,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,WAAW,EACX,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,KAAK,aAAa,EAClB,KAAK,cAAc,GACpB,MAAM,cAAc,CAAC;AAItB,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,uBAAuB,CAAC,EAAE,KAAK,MAAM,EAAE,CAAC;IACjD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,sBAAsB,GAAG,aAAa,CAmC9E;AAID;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE5C"}

package/dist/index.js

@@ -0,0 +1,69 @@
+/**
+ * Public API surface for @droplinked_inc/wallet-connection.
+ *
+ * This package is a hardened rewrite of the original
+ * @droplinked/wallet-connection@1.0.1 (hostile-published by an external
+ * actor). The on-the-wire shape of types matches the original where
+ * feasible; behavior has been tightened — see THREAT_MODEL.md for the
+ * full delta.
+ */
+import { Chain, ChainWallet, Network, EvmAddressSchema, } from './types.js';
+import { ChainNotImplementedException } from './errors.js';
+import { EvmConnector } from './connectors/evm.js';
+import { PhantomConnector } from './connectors/phantom.js';
+/* ---------------------------- Types & enums ------------------------------- */
+export { Chain, Network, ChainWallet, ProductType, ProofSchema, BeneficiarySchema, CartItemSchema, ChainPaymentSchema, LoginPayloadSchema, EvmAddressSchema, ChainSchema, NetworkSchema, ChainWalletSchema, getEmptyProof, } from './types.js';
+/* ---------------------------- Errors -------------------------------------- */
+export { WalletConnectionError, WalletNotFoundException, AccountChangedException, ChainNotImplementedException, InvalidSignatureError, ChainMismatchError, OriginMismatchError, SignaturePayloadInvalidError, InvalidTransactionError, } from './errors.js';
+/* ---------------------------- Connectors ---------------------------------- */
+export { EvmConnector, SUBMIT_RAW_TX_SELECTOR_ALLOWLIST, KNOWN_DRAINER_SELECTORS, } from './connectors/evm.js';
+export { PhantomConnector, buildSolanaLoginPayload, canonicalizeSolanaLoginPayload, verifySolanaLoginSignature, SolanaLoginPayloadSchema, SOLANA_CHAIN_IDS, SOLANA_LOGIN_MAX_TTL_SECONDS, SOLANA_LOGIN_DEFAULT_TTL_SECONDS, DEFAULT_SOLANA_LOGIN_STATEMENT, base58Decode, } from './connectors/phantom.js';
+/* ---------------------------- Provider helpers ---------------------------- */
+export { isMetamaskInstalled, isCoinBaseInstalled, getAccounts, isWalletConnected, getBalance, selectMetaMaskProvider, selectCoinbaseProvider, discoverEip6963Providers, findProviderByRdns, WALLET_RDNS, } from './provider.js';
+/* ---------------------------- Chains -------------------------------------- */
+export { getChainMetadata, hasChainMetadata } from './chains.js';
+/* ---------------------------- Signing ------------------------------------- */
+export { buildLoginPayload, signLoginPayload, verifyLoginSignature, generateNonce, constantTimeStringEquals, TYPED_DATA_DOMAIN_NAME, LOGIN_TYPES, } from './signing.js';
+/* ---------------------------- Session ------------------------------------- */
+export { saveSession, loadSession, clearSession, buildSession, WalletSessionSchema, } from './session.js';
+/**
+ * Returns the correct ChainProvider for the (chain, network, wallet)
+ * triple. Mirrors the original `getNetworkProvider` factory but takes
+ * an options object rather than positional args.
+ */
+export function getNetworkProvider(args) {
+    if (args.chain === Chain.SOLANA) {
+        const connector = new PhantomConnector(args.network);
+        connector.setAddress(args.address);
+        return connector;
+    }
+    if (args.chain === Chain.STACKS ||
+        (args.chain === Chain.SKALE && args.network === Network.MAINNET)) {
+        throw new ChainNotImplementedException(`Chain ${args.chain} on ${args.network} is not implemented`);
+    }
+    const wallet = args.wallet ?? ChainWallet.Metamask;
+    if (wallet !== ChainWallet.Metamask && wallet !== ChainWallet.CoinBase) {
+        throw new ChainNotImplementedException(`Wallet ${wallet} not supported on EVM chain ${args.chain}`);
+    }
+    const baseOpts = {
+        chain: args.chain,
+        network: args.network,
+        wallet,
+        ...(args.checkoutContractAddress !== undefined
+            ? { checkoutContractAddress: args.checkoutContractAddress }
+            : {}),
+        ...(args.origin !== undefined ? { origin: args.origin } : {}),
+    };
+    const connector = new EvmConnector(baseOpts);
+    connector.setAddress(EvmAddressSchema.parse(args.address));
+    return connector;
+}
+/* ---------------------------- toBase64 (legacy) --------------------------- */
+/**
+ * @deprecated kept for v1.0.1 source compatibility. Use the standard
+ * Web APIs (`btoa` for strings) directly.
+ */
+export function toBase64(str) {
+    return btoa(str);
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EACL,KAAK,EACL,WAAW,EACX,OAAO,EACP,gBAAgB,GAEjB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,gFAAgF;AAChF,OAAO,EACL,KAAK,EACL,OAAO,EACP,WAAW,EACX,WAAW,EAQX,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,WAAW,EACX,aAAa,EACb,iBAAiB,EACjB,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,gFAAgF;AAChF,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,EAC5B,qBAAqB,EACrB,kBAAkB,EAClB,mBAAmB,EACnB,4BAA4B,EAC5B,uBAAuB,GACxB,MAAM,aAAa,CAAC;AAErB,gFAAgF;AAChF,OAAO,EACL,YAAY,EACZ,gCAAgC,EAChC,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,8BAA8B,EAC9B,0BAA0B,EAC1B,wBAAwB,EACxB,gBAAgB,EAChB,4BAA4B,EAC5B,gCAAgC,EAChC,8BAA8B,EAC9B,YAAY,GAIb,MAAM,yBAAyB,CAAC;AAEjC,gFAAgF;AAChF,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,sBAAsB,EACtB,sBAAsB,EACtB,wBAAwB,EACxB,kBAAkB,EAClB,WAAW,GAKZ,MAAM,eAAe,CAAC;AAEvB,gFAAgF;AAChF,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAsB,MAAM,aAAa,CAAC;AAErF,gFAAgF;AAChF,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,aAAa,EACb,wBAAwB,EACxB,sBAAsB,EACtB,WAAW,GACZ,MAAM,cAAc,CAAC;AAEtB,gFAAgF;AAChF,OAAO,EACL,WAAW,EACX,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,mBAAmB,GAGpB,MAAM,cAAc,CAAC;AAatB;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAA4B;IAC7D,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrD,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IACE,IAAI,CAAC,KAAK,KAAK,KAAK,CAAC,MAAM;QAC3B,CAAC,IAAI,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,EAChE,CAAC;QACD,MAAM,IAAI,4BAA4B,CACpC,SAAS,IAAI,CAAC,KAAK,OAAO,IAAI,CAAC,OAAO,qBAAqB,CAC5D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC,QAAQ,CAAC;IACnD,IAAI,MAAM,KAAK,WAAW,CAAC,QAAQ,IAAI,MAAM,KAAK,WAAW,CAAC,QAAQ,EAAE,CAAC;QACvE,MAAM,IAAI,4BAA4B,CACpC,UAAU,MAAM,+BAA+B,IAAI,CAAC,KAAK,EAAE,CAC5D,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG;QACf,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,MAAM;QACN,GAAG,CAAC,IAAI,CAAC,uBAAuB,KAAK,SAAS;YAC5C,CAAC,CAAC,EAAE,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,EAAE;YAC3D,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9D,CAAC;IACF,MAAM,SAAS,GAAG,IAAI,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC7C,SAAS,CAAC,UAAU,CAAC,gBAAgB,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3D,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAW;IAClC,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC"}