npm - @entros/pulse-sdk - Versions diffs - 3.3.0 → 3.4.0 - Mend

@entros/pulse-sdk 3.3.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -695,6 +695,20 @@ interface BaselineWallet {
     publicKey: PublicKey;
     signMessage: (msg: Uint8Array) => Promise<Uint8Array>;
 }
+/**
+ * Thrown when a `signMessage` result fails to verify against the wallet's own
+ * public key — i.e. a different wallet signed than the one connected. The most
+ * common cause is a second wallet extension (e.g. Backpack) set as the browser
+ * default and intercepting the prompt while a different wallet (e.g. Phantom)
+ * is the one actually connected. Surfaced so callers can tell the user to sign
+ * with the connected wallet, rather than deriving a key bound to the wrong
+ * wallet — which would silently corrupt the encrypted baseline and later
+ * misreport as a stale baseline.
+ */
+declare class WalletSignatureMismatchError extends Error {
+    readonly expectedWallet: string;
+    constructor(expectedWallet: string);
+}
 /**
  * Derive an AES-256 key from the wallet's deterministic signature over
  * the domain-separated payload, via HKDF-SHA256.
@@ -816,11 +830,16 @@ declare function loadVerificationData(): Promise<StoredVerificationData | null>;
  *     can't `signMessage` (no method on the adapter, e.g., older Ledger
  *     firmware) OR the user cancelled the prompt OR the wallet erred. The
  *     `detail` field carries the specific cause when present.
+ *   - `wallet-mismatch`: the `signMessage` signature did not verify against
+ *     the connected wallet's public key — a different wallet signed the
+ *     prompt (commonly another extension set as the browser default). NOT a
+ *     stale baseline: the on-chain blob is intact. UX should ask the user to
+ *     sign with the connected wallet and must NOT offer a destructive reset.
  *   - `stale-baseline`: blob predates a `reset_identity_state` cycle.
  *     Treat as terminal recovery failure; route to fresh-capture flow.
  *   - `unknown-error`: catch-all (RPC failure, malformed blob, etc.).
  */
-type BaselineRecoveryReason = "no-on-chain-identity" | "no-encrypted-baseline" | "signing-unavailable" | "stale-baseline" | "unknown-error";
+type BaselineRecoveryReason = "no-on-chain-identity" | "no-encrypted-baseline" | "signing-unavailable" | "wallet-mismatch" | "stale-baseline" | "unknown-error";
 interface BaselineRecoveryResult {
     recovered: boolean;
     reason?: BaselineRecoveryReason;
@@ -951,4 +970,4 @@ declare function fetchChallenge(executorUrl: string, walletAddress: string, apiK
  */
 declare function encodeAudioAsBase64(samples: Float32Array): string;
-export { type AgentHumanOperator, type AudioCapture, type BaselineRecoveryReason, type BaselineRecoveryResult, type BaselineWallet, type CaptureOptions, type CaptureStage, type ChallengeResponse, type CircuitInput, DEFAULT_CAPTURE_MS, DEFAULT_MIN_DISTANCE, DEFAULT_THRESHOLD, ENCRYPTED_BASELINE_BLOB_BYTES, type EntrosAttestation, FINGERPRINT_BITS, type FeatureVector, type FusedFeatureVector, type IdentityState, type LissajousParams, MAX_CAPTURE_MS, MIN_AUDIO_SAMPLES, MIN_CAPTURE_MS, MIN_MOTION_SAMPLES, MIN_TOUCH_SAMPLES, MOTION_FEATURE_COUNT, type MotionSample, PROGRAM_IDS, type PackedFingerprint, type Point2D, type ProofResult, type PulseConfig, PulseSDK, PulseSession, SPEAKER_FEATURE_COUNT, type SensorData, type SolanaProof, type StageState, StaleEncryptedBaselineError, type StatsSummary, type StoredVerificationData, type SubmissionResult, type TBH, TOUCH_FEATURE_COUNT, type TemporalFingerprint, type TouchSample, type VerificationResult, attestAgentOperator, bigintToBytes32, bytes32ToBigint, bytesToFingerprint, clearBaselineKeyCache, computeCommitment, decryptBaselineBlob, deriveBaselineKey, deriveEncryptedBaselinePda, encodeAudioAsBase64, encryptBaselineBlob, extractAccelerationMagnitude, extractMotionFeatures, extractMouseDynamics, extractSpeakerFeatures, extractSpeakerFeaturesDetailed, extractTouchFeatures, fetchChallenge, fetchEncryptedBaseline, fetchIdentityState, fingerprintToBytes, fuseFeatures, fuseRawFeatures, generateLissajousPoints, generateLissajousSequence, generatePhrase, generatePhraseSequence, generateProof, generateSalt, generateSolanaProof, generateTBH, getAgentHumanOperator, getOrDeriveBaselineKey, hammingDistance, loadVerificationData, packBits, prepareCircuitInput, randomLissajousParams, recoverBaselineFromChain, serializeProof, simhash, storeVerificationData, submitResetViaWallet, submitViaRelayer, submitViaWallet, toBigEndian32, verifyEntrosAttestation };
+export { type AgentHumanOperator, type AudioCapture, type BaselineRecoveryReason, type BaselineRecoveryResult, type BaselineWallet, type CaptureOptions, type CaptureStage, type ChallengeResponse, type CircuitInput, DEFAULT_CAPTURE_MS, DEFAULT_MIN_DISTANCE, DEFAULT_THRESHOLD, ENCRYPTED_BASELINE_BLOB_BYTES, type EntrosAttestation, FINGERPRINT_BITS, type FeatureVector, type FusedFeatureVector, type IdentityState, type LissajousParams, MAX_CAPTURE_MS, MIN_AUDIO_SAMPLES, MIN_CAPTURE_MS, MIN_MOTION_SAMPLES, MIN_TOUCH_SAMPLES, MOTION_FEATURE_COUNT, type MotionSample, PROGRAM_IDS, type PackedFingerprint, type Point2D, type ProofResult, type PulseConfig, PulseSDK, PulseSession, SPEAKER_FEATURE_COUNT, type SensorData, type SolanaProof, type StageState, StaleEncryptedBaselineError, type StatsSummary, type StoredVerificationData, type SubmissionResult, type TBH, TOUCH_FEATURE_COUNT, type TemporalFingerprint, type TouchSample, type VerificationResult, WalletSignatureMismatchError, attestAgentOperator, bigintToBytes32, bytes32ToBigint, bytesToFingerprint, clearBaselineKeyCache, computeCommitment, decryptBaselineBlob, deriveBaselineKey, deriveEncryptedBaselinePda, encodeAudioAsBase64, encryptBaselineBlob, extractAccelerationMagnitude, extractMotionFeatures, extractMouseDynamics, extractSpeakerFeatures, extractSpeakerFeaturesDetailed, extractTouchFeatures, fetchChallenge, fetchEncryptedBaseline, fetchIdentityState, fingerprintToBytes, fuseFeatures, fuseRawFeatures, generateLissajousPoints, generateLissajousSequence, generatePhrase, generatePhraseSequence, generateProof, generateSalt, generateSolanaProof, generateTBH, getAgentHumanOperator, getOrDeriveBaselineKey, hammingDistance, loadVerificationData, packBits, prepareCircuitInput, randomLissajousParams, recoverBaselineFromChain, serializeProof, simhash, storeVerificationData, submitResetViaWallet, submitViaRelayer, submitViaWallet, toBigEndian32, verifyEntrosAttestation };

package/dist/index.d.ts CHANGED Viewed

@@ -695,6 +695,20 @@ interface BaselineWallet {
     publicKey: PublicKey;
     signMessage: (msg: Uint8Array) => Promise<Uint8Array>;
 }
+/**
+ * Thrown when a `signMessage` result fails to verify against the wallet's own
+ * public key — i.e. a different wallet signed than the one connected. The most
+ * common cause is a second wallet extension (e.g. Backpack) set as the browser
+ * default and intercepting the prompt while a different wallet (e.g. Phantom)
+ * is the one actually connected. Surfaced so callers can tell the user to sign
+ * with the connected wallet, rather than deriving a key bound to the wrong
+ * wallet — which would silently corrupt the encrypted baseline and later
+ * misreport as a stale baseline.
+ */
+declare class WalletSignatureMismatchError extends Error {
+    readonly expectedWallet: string;
+    constructor(expectedWallet: string);
+}
 /**
  * Derive an AES-256 key from the wallet's deterministic signature over
  * the domain-separated payload, via HKDF-SHA256.
@@ -816,11 +830,16 @@ declare function loadVerificationData(): Promise<StoredVerificationData | null>;
  *     can't `signMessage` (no method on the adapter, e.g., older Ledger
  *     firmware) OR the user cancelled the prompt OR the wallet erred. The
  *     `detail` field carries the specific cause when present.
+ *   - `wallet-mismatch`: the `signMessage` signature did not verify against
+ *     the connected wallet's public key — a different wallet signed the
+ *     prompt (commonly another extension set as the browser default). NOT a
+ *     stale baseline: the on-chain blob is intact. UX should ask the user to
+ *     sign with the connected wallet and must NOT offer a destructive reset.
  *   - `stale-baseline`: blob predates a `reset_identity_state` cycle.
  *     Treat as terminal recovery failure; route to fresh-capture flow.
  *   - `unknown-error`: catch-all (RPC failure, malformed blob, etc.).
  */
-type BaselineRecoveryReason = "no-on-chain-identity" | "no-encrypted-baseline" | "signing-unavailable" | "stale-baseline" | "unknown-error";
+type BaselineRecoveryReason = "no-on-chain-identity" | "no-encrypted-baseline" | "signing-unavailable" | "wallet-mismatch" | "stale-baseline" | "unknown-error";
 interface BaselineRecoveryResult {
     recovered: boolean;
     reason?: BaselineRecoveryReason;
@@ -951,4 +970,4 @@ declare function fetchChallenge(executorUrl: string, walletAddress: string, apiK
  */
 declare function encodeAudioAsBase64(samples: Float32Array): string;
-export { type AgentHumanOperator, type AudioCapture, type BaselineRecoveryReason, type BaselineRecoveryResult, type BaselineWallet, type CaptureOptions, type CaptureStage, type ChallengeResponse, type CircuitInput, DEFAULT_CAPTURE_MS, DEFAULT_MIN_DISTANCE, DEFAULT_THRESHOLD, ENCRYPTED_BASELINE_BLOB_BYTES, type EntrosAttestation, FINGERPRINT_BITS, type FeatureVector, type FusedFeatureVector, type IdentityState, type LissajousParams, MAX_CAPTURE_MS, MIN_AUDIO_SAMPLES, MIN_CAPTURE_MS, MIN_MOTION_SAMPLES, MIN_TOUCH_SAMPLES, MOTION_FEATURE_COUNT, type MotionSample, PROGRAM_IDS, type PackedFingerprint, type Point2D, type ProofResult, type PulseConfig, PulseSDK, PulseSession, SPEAKER_FEATURE_COUNT, type SensorData, type SolanaProof, type StageState, StaleEncryptedBaselineError, type StatsSummary, type StoredVerificationData, type SubmissionResult, type TBH, TOUCH_FEATURE_COUNT, type TemporalFingerprint, type TouchSample, type VerificationResult, attestAgentOperator, bigintToBytes32, bytes32ToBigint, bytesToFingerprint, clearBaselineKeyCache, computeCommitment, decryptBaselineBlob, deriveBaselineKey, deriveEncryptedBaselinePda, encodeAudioAsBase64, encryptBaselineBlob, extractAccelerationMagnitude, extractMotionFeatures, extractMouseDynamics, extractSpeakerFeatures, extractSpeakerFeaturesDetailed, extractTouchFeatures, fetchChallenge, fetchEncryptedBaseline, fetchIdentityState, fingerprintToBytes, fuseFeatures, fuseRawFeatures, generateLissajousPoints, generateLissajousSequence, generatePhrase, generatePhraseSequence, generateProof, generateSalt, generateSolanaProof, generateTBH, getAgentHumanOperator, getOrDeriveBaselineKey, hammingDistance, loadVerificationData, packBits, prepareCircuitInput, randomLissajousParams, recoverBaselineFromChain, serializeProof, simhash, storeVerificationData, submitResetViaWallet, submitViaRelayer, submitViaWallet, toBigEndian32, verifyEntrosAttestation };
+export { type AgentHumanOperator, type AudioCapture, type BaselineRecoveryReason, type BaselineRecoveryResult, type BaselineWallet, type CaptureOptions, type CaptureStage, type ChallengeResponse, type CircuitInput, DEFAULT_CAPTURE_MS, DEFAULT_MIN_DISTANCE, DEFAULT_THRESHOLD, ENCRYPTED_BASELINE_BLOB_BYTES, type EntrosAttestation, FINGERPRINT_BITS, type FeatureVector, type FusedFeatureVector, type IdentityState, type LissajousParams, MAX_CAPTURE_MS, MIN_AUDIO_SAMPLES, MIN_CAPTURE_MS, MIN_MOTION_SAMPLES, MIN_TOUCH_SAMPLES, MOTION_FEATURE_COUNT, type MotionSample, PROGRAM_IDS, type PackedFingerprint, type Point2D, type ProofResult, type PulseConfig, PulseSDK, PulseSession, SPEAKER_FEATURE_COUNT, type SensorData, type SolanaProof, type StageState, StaleEncryptedBaselineError, type StatsSummary, type StoredVerificationData, type SubmissionResult, type TBH, TOUCH_FEATURE_COUNT, type TemporalFingerprint, type TouchSample, type VerificationResult, WalletSignatureMismatchError, attestAgentOperator, bigintToBytes32, bytes32ToBigint, bytesToFingerprint, clearBaselineKeyCache, computeCommitment, decryptBaselineBlob, deriveBaselineKey, deriveEncryptedBaselinePda, encodeAudioAsBase64, encryptBaselineBlob, extractAccelerationMagnitude, extractMotionFeatures, extractMouseDynamics, extractSpeakerFeatures, extractSpeakerFeaturesDetailed, extractTouchFeatures, fetchChallenge, fetchEncryptedBaseline, fetchIdentityState, fingerprintToBytes, fuseFeatures, fuseRawFeatures, generateLissajousPoints, generateLissajousSequence, generatePhrase, generatePhraseSequence, generateProof, generateSalt, generateSolanaProof, generateTBH, getAgentHumanOperator, getOrDeriveBaselineKey, hammingDistance, loadVerificationData, packBits, prepareCircuitInput, randomLissajousParams, recoverBaselineFromChain, serializeProof, simhash, storeVerificationData, submitResetViaWallet, submitViaRelayer, submitViaWallet, toBigEndian32, verifyEntrosAttestation };

package/dist/index.js CHANGED Viewed

@@ -47,6 +47,7 @@ __export(index_exports, {
   SPEAKER_FEATURE_COUNT: () => SPEAKER_FEATURE_COUNT,
   StaleEncryptedBaselineError: () => StaleEncryptedBaselineError,
   TOUCH_FEATURE_COUNT: () => TOUCH_FEATURE_COUNT,
+  WalletSignatureMismatchError: () => WalletSignatureMismatchError,
   attestAgentOperator: () => attestAgentOperator,
   bigintToBytes32: () => bigintToBytes32,
   bytes32ToBigint: () => bytes32ToBigint,
@@ -4744,6 +4745,7 @@ async function buildEd25519ReceiptIx(receipt) {
 }
 // src/identity/baseline.ts
+var import_ed25519 = require("@noble/curves/ed25519");
 var BLOB_VERSION = 1;
 var ALGORITHM_AES_256_GCM = 1;
 var ENCRYPTED_BASELINE_BLOB_BYTES = 96;
@@ -4803,17 +4805,40 @@ async function deriveEncryptedBaselinePda(walletPubkey) {
     programId
   );
 }
+var WalletSignatureMismatchError = class extends Error {
+  constructor(expectedWallet) {
+    super(
+      `signMessage did not verify against the connected wallet ${expectedWallet}. A different wallet likely signed the prompt \u2014 disable other wallet extensions or set your selected wallet as the default, then retry.`
+    );
+    this.name = "WalletSignatureMismatchError";
+    this.expectedWallet = expectedWallet;
+  }
+};
 async function deriveBaselineKey(wallet) {
   if (typeof wallet.signMessage !== "function") {
     throw new Error("wallet does not support signMessage");
   }
   const message = buildDomainMessage(wallet.publicKey);
-  const signature = await wallet.signMessage(new TextEncoder().encode(message));
+  const messageBytes = new TextEncoder().encode(message);
+  const signature = await wallet.signMessage(messageBytes);
   if (!(signature instanceof Uint8Array) || signature.length !== 64) {
     throw new Error(
       `expected 64-byte Ed25519 signature, got ${signature?.length ?? "non-Uint8Array"}`
     );
   }
+  let signatureValid;
+  try {
+    signatureValid = import_ed25519.ed25519.verify(
+      signature,
+      messageBytes,
+      wallet.publicKey.toBytes()
+    );
+  } catch {
+    signatureValid = false;
+  }
+  if (!signatureValid) {
+    throw new WalletSignatureMismatchError(wallet.publicKey.toBase58());
+  }
   const ikm = await crypto.subtle.importKey(
     "raw",
     signature,
@@ -5555,19 +5580,19 @@ async function fetchIdentityState(walletPubkey, connection) {
     const accountInfo = await connection.getAccountInfo(identityPda);
     if (!accountInfo) return null;
     const coder = new anchor.BorshAccountsCoder(entros_anchor_default);
-    const decoded = coder.decode("identityState", accountInfo.data);
+    const decoded = coder.decode("IdentityState", accountInfo.data);
     return {
       owner: decoded.owner.toBase58(),
-      creationTimestamp: decoded.creationTimestamp.toNumber(),
-      lastVerificationTimestamp: decoded.lastVerificationTimestamp.toNumber(),
-      verificationCount: decoded.verificationCount,
-      trustScore: decoded.trustScore,
-      currentCommitment: new Uint8Array(decoded.currentCommitment),
+      creationTimestamp: decoded.creation_timestamp.toNumber(),
+      lastVerificationTimestamp: decoded.last_verification_timestamp.toNumber(),
+      verificationCount: decoded.verification_count,
+      trustScore: decoded.trust_score,
+      currentCommitment: new Uint8Array(decoded.current_commitment),
       mint: decoded.mint.toBase58(),
       // Anchor's Borsh coder returns the raw BN for i64 fields; .toNumber()
       // is safe here because Unix timestamps fit in Number.MAX_SAFE_INTEGER
       // until year 275760.
-      lastResetTimestamp: decoded.lastResetTimestamp?.toNumber?.() ?? 0
+      lastResetTimestamp: decoded.last_reset_timestamp?.toNumber?.() ?? 0
     };
   } catch {
     return null;
@@ -5669,6 +5694,13 @@ async function recoverBaselineFromChain(wallet, connection) {
       key = await getOrDeriveBaselineKey(wallet);
     } catch (err) {
       const detail = err instanceof Error ? err.message : String(err);
+      if (err instanceof WalletSignatureMismatchError) {
+        return {
+          recovered: false,
+          reason: "wallet-mismatch",
+          detail
+        };
+      }
       return {
         recovered: false,
         reason: "signing-unavailable",
@@ -5948,6 +5980,7 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
   } else {
     isFirstVerification = !previousData;
   }
+  let walletMismatch = false;
   if (!isFirstVerification && !previousData && wallet && connection) {
     const baselineWallet = resolveBaselineWallet(wallet);
     if (baselineWallet) {
@@ -5957,6 +5990,7 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
         previousData = await loadVerificationData();
         sdkLog("[Entros SDK] On-chain encrypted baseline recovered");
       } else {
+        walletMismatch = recovery.reason === "wallet-mismatch";
         sdkLog(
           `[Entros SDK] On-chain encrypted baseline recovery not available (${recovery.reason ?? "unknown"})`
         );
@@ -5964,6 +5998,14 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
     }
   }
   if (!isFirstVerification && !previousData) {
+    if (walletMismatch) {
+      return {
+        success: false,
+        commitment: tbh.commitmentBytes,
+        isFirstVerification: false,
+        error: "A different wallet signed than the one connected. Another wallet extension likely intercepted the signature prompt. Sign with your connected wallet, or disable other wallet extensions (or unset their default), then try again."
+      };
+    }
     return {
       success: false,
       commitment: tbh.commitmentBytes,
@@ -7051,6 +7093,7 @@ async function fetchChallenge(executorUrl, walletAddress, apiKey) {
   SPEAKER_FEATURE_COUNT,
   StaleEncryptedBaselineError,
   TOUCH_FEATURE_COUNT,
+  WalletSignatureMismatchError,
   attestAgentOperator,
   bigintToBytes32,
   bytes32ToBigint,