@haneullabs/signers 0.1.0 → 1.0.1

package/dist/webcrypto/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["#publicKey","secp256r1"],"sources":["../../src/webcrypto/index.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { SignatureScheme } from '@haneullabs/haneul/cryptography';\nimport { Signer } from '@haneullabs/haneul/cryptography';\nimport { Secp256r1PublicKey } from '@haneullabs/haneul/keypairs/secp256r1';\nimport { p256 as secp256r1 } from '@noble/curves/nist.js';\n\n// Convert from uncompressed (65 bytes) to compressed (33 bytes) format\nfunction getCompressedPublicKey(publicKey: Uint8Array) {\n\tconst rawBytes = new Uint8Array(publicKey);\n\tconst x = rawBytes.slice(1, 33);\n\tconst y = rawBytes.slice(33, 65);\n\n\tconst prefix = (y[31] & 1) === 0 ? 0x02 : 0x03;\n\n\tconst compressed = new Uint8Array(Secp256r1PublicKey.SIZE);\n\tcompressed[0] = prefix;\n\tcompressed.set(x, 1);\n\n\treturn compressed;\n}\n\nexport interface ExportedWebCryptoKeypair {\n\tprivateKey: CryptoKey;\n\tpublicKey: Uint8Array<ArrayBuffer>;\n}\n\nexport class WebCryptoSigner extends Signer {\n\tprivateKey: CryptoKey;\n\n\t#publicKey: Secp256r1PublicKey;\n\n\tstatic async generate({ extractable = false }: { extractable?: boolean } = {}) {\n\t\tconst keypair = await globalThis.crypto.subtle.generateKey(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\tnamedCurve: 'P-256',\n\t\t\t},\n\t\t\textractable,\n\t\t\t['sign', 'verify'],\n\t\t);\n\n\t\tconst publicKey = await globalThis.crypto.subtle.exportKey('raw', keypair.publicKey);\n\n\t\treturn new WebCryptoSigner(\n\t\t\tkeypair.privateKey,\n\t\t\tgetCompressedPublicKey(new Uint8Array(publicKey)),\n\t\t);\n\t}\n\n\t/**\n\t * Imports a keypair using the value returned by `export()`.\n\t */\n\tstatic import(data: ExportedWebCryptoKeypair) {\n\t\treturn new WebCryptoSigner(data.privateKey, data.publicKey);\n\t}\n\n\tgetKeyScheme(): SignatureScheme {\n\t\treturn 'Secp256r1';\n\t}\n\n\tconstructor(privateKey: CryptoKey, publicKey: Uint8Array) {\n\t\tsuper();\n\t\tthis.privateKey = privateKey;\n\t\tthis.#publicKey = new Secp256r1PublicKey(publicKey);\n\t}\n\n\t/**\n\t * Exports the keypair so that it can be stored in IndexedDB.\n\t */\n\texport(): ExportedWebCryptoKeypair {\n\t\tconst exportedKeypair = {\n\t\t\tprivateKey: this.privateKey,\n\t\t\tpublicKey: this.#publicKey.toRawBytes(),\n\t\t};\n\n\t\tObject.defineProperty(exportedKeypair, 'toJSON', {\n\t\t\tenumerable: false,\n\t\t\tvalue: () => {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'The exported keypair must not be serialized. It must be stored in IndexedDB directly.',\n\t\t\t\t);\n\t\t\t},\n\t\t});\n\n\t\treturn exportedKeypair;\n\t}\n\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst rawSignature = await globalThis.crypto.subtle.sign(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\thash: 'SHA-256',\n\t\t\t},\n\t\t\tthis.privateKey,\n\t\t\tbytes as BufferSource,\n\t\t);\n\n\t\tconst signature = secp256r1.Signature.fromBytes(new Uint8Array(rawSignature));\n\t\tconst normalizedSig = signature.hasHighS()\n\t\t\t? new secp256r1.Signature(signature.r, secp256r1.Point.Fn.neg(signature.s))\n\t\t\t: signature;\n\n\t\treturn normalizedSig.toBytes('compact') as Uint8Array<ArrayBuffer>;\n\t}\n}\n"],"mappings":";;;;;AASA,SAAS,uBAAuB,WAAuB;CACtD,MAAM,WAAW,IAAI,WAAW,UAAU;CAC1C,MAAM,IAAI,SAAS,MAAM,GAAG,GAAG;CAG/B,MAAM,UAFI,SAAS,MAAM,IAAI,GAAG,CAEd,MAAM,OAAO,IAAI,IAAO;CAE1C,MAAM,aAAa,IAAI,WAAW,mBAAmB,KAAK;AAC1D,YAAW,KAAK;AAChB,YAAW,IAAI,GAAG,EAAE;AAEpB,QAAO;;AAQR,IAAa,kBAAb,MAAa,wBAAwB,OAAO;CAG3C;CAEA,aAAa,SAAS,EAAE,cAAc,UAAqC,EAAE,EAAE;EAC9E,MAAM,UAAU,MAAM,WAAW,OAAO,OAAO,YAC9C;GACC,MAAM;GACN,YAAY;GACZ,EACD,aACA,CAAC,QAAQ,SAAS,CAClB;EAED,MAAM,YAAY,MAAM,WAAW,OAAO,OAAO,UAAU,OAAO,QAAQ,UAAU;AAEpF,SAAO,IAAI,gBACV,QAAQ,YACR,uBAAuB,IAAI,WAAW,UAAU,CAAC,CACjD;;;;;CAMF,OAAO,OAAO,MAAgC;AAC7C,SAAO,IAAI,gBAAgB,KAAK,YAAY,KAAK,UAAU;;CAG5D,eAAgC;AAC/B,SAAO;;CAGR,YAAY,YAAuB,WAAuB;AACzD,SAAO;AACP,OAAK,aAAa;AAClB,QAAKA,YAAa,IAAI,mBAAmB,UAAU;;;;;CAMpD,SAAmC;EAClC,MAAM,kBAAkB;GACvB,YAAY,KAAK;GACjB,WAAW,MAAKA,UAAW,YAAY;GACvC;AAED,SAAO,eAAe,iBAAiB,UAAU;GAChD,YAAY;GACZ,aAAa;AACZ,UAAM,IAAI,MACT,wFACA;;GAEF,CAAC;AAEF,SAAO;;CAGR,eAAe;AACd,SAAO,MAAKA;;CAGb,MAAM,KAAK,OAAqD;EAC/D,MAAM,eAAe,MAAM,WAAW,OAAO,OAAO,KACnD;GACC,MAAM;GACN,MAAM;GACN,EACD,KAAK,YACL,MACA;EAED,MAAM,YAAYC,KAAU,UAAU,UAAU,IAAI,WAAW,aAAa,CAAC;AAK7E,UAJsB,UAAU,UAAU,GACvC,IAAIA,KAAU,UAAU,UAAU,GAAGA,KAAU,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC,GACzE,WAEkB,QAAQ,UAAU"}

package/package.json

@@ -1,26 +1,30 @@
 {
   "name": "@haneullabs/signers",
-  "version": "0.1.0",
+  "version": "1.0.1",
   "description": "A collection of signers for various providers",
   "license": "Apache-2.0",
-  "author": "Haneul Labs <build@haneullabs.com>",
-  "type": "commonjs",
+  "author": "Haneul Labs <build@haneul-labs.com>",
+  "type": "module",
   "exports": {
     "./aws": {
-      "import": "./dist/esm/aws/index.js",
-      "require": "./dist/cjs/aws/index.js"
+      "types": "./dist/aws/index.d.mts",
+      "import": "./dist/aws/index.mjs",
+      "default": "./dist/aws/index.mjs"
     },
     "./gcp": {
-      "import": "./dist/esm/gcp/index.js",
-      "require": "./dist/cjs/gcp/index.js"
+      "types": "./dist/gcp/index.d.mts",
+      "import": "./dist/gcp/index.mjs",
+      "default": "./dist/gcp/index.mjs"
     },
     "./ledger": {
-      "import": "./dist/esm/ledger/index.js",
-      "require": "./dist/cjs/ledger/index.js"
+      "types": "./dist/ledger/index.d.mts",
+      "import": "./dist/ledger/index.mjs",
+      "default": "./dist/ledger/index.mjs"
     },
     "./webcrypto": {
-      "import": "./dist/esm/webcrypto/index.js",
-      "require": "./dist/cjs/webcrypto/index.js"
+      "types": "./dist/webcrypto/index.d.mts",
+      "import": "./dist/webcrypto/index.mjs",
+      "default": "./dist/webcrypto/index.mjs"
     }
   },
   "sideEffects": false,
@@ -38,39 +42,41 @@
   ],
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/GeunhwaJeong/haneul-ts-sdks.git"
+    "url": "git+https://github.com/GeunhwaJeong/ts-sdks.git"
   },
   "bugs": {
-    "url": "https://github.com/haneullabs/ts-sdks/issues"
+    "url": "https://github.com/mystenlabs/ts-sdks/issues"
   },
-  "homepage": "https://github.com/GeunhwaJeong/haneul-ts-sdks/tree/main/packages/signers#readme",
+  "homepage": "https://github.com/GeunhwaJeong/ts-sdks/tree/main/packages/signers#readme",
   "devDependencies": {
-    "@types/node": "^24.10.1",
+    "@types/node": "^25.0.8",
     "dotenv": "^17.2.3",
     "typescript": "^5.9.3",
-    "vitest": "^4.0.15",
-    "@haneullabs/build-scripts": "0.1.0"
+    "vitest": "^4.0.17",
+    "@haneullabs/haneul": "^2.4.0"
   },
   "dependencies": {
-    "@google-cloud/kms": "^4.5.0",
-    "@noble/curves": "=1.9.4",
-    "@noble/hashes": "^1.8.0",
-    "asn1-ts": "^8.0.2",
-    "@haneullabs/haneul": "0.1.0",
-    "@haneullabs/ledgerjs-hw-app-haneul": "0.1.0"
+    "@google-cloud/kms": "^5.2.1",
+    "@noble/curves": "^2.0.1",
+    "@noble/hashes": "^2.0.1",
+    "asn1-ts": "^11.0.5",
+    "@haneullabs/ledgerjs-hw-app-haneul": "^0.7.1"
   },
   "engines": {
-    "node": ">=20"
+    "node": ">=22"
+  },
+  "peerDependencies": {
+    "@haneullabs/haneul": "^2.4.0"
   },
   "scripts": {
     "clean": "rm -rf tsconfig.tsbuildinfo ./dist",
-    "build": "build-package",
+    "build": "rm -rf dist && tsc --noEmit && tsdown",
     "prettier:check": "prettier -c --ignore-unknown .",
     "prettier:fix": "prettier -w --ignore-unknown .",
-    "eslint:check": "eslint --max-warnings=0 .",
-    "eslint:fix": "pnpm run eslint:check --fix",
-    "lint": "pnpm run eslint:check && pnpm run prettier:check",
-    "lint:fix": "pnpm run eslint:fix && pnpm run prettier:fix",
+    "oxlint:check": "oxlint  .",
+    "oxlint:fix": "oxlint --fix",
+    "lint": "pnpm run oxlint:check && pnpm run prettier:check",
+    "lint:fix": "pnpm run oxlint:fix && pnpm run prettier:fix",
     "test": "vitest run"
   }
 }

package/src/aws/aws-kms-signer.ts

@@ -83,15 +83,6 @@ export class AwsKmsSigner extends Signer {
 		return getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());
 	}
 
-	/**
-	 * Synchronous signing is not supported by AWS KMS.
-	 * @throws Always throws an error indicating synchronous signing is unsupported.
-	 * @deprecated use `sign` instead
-	 */
-	signData(): never {
-		throw new Error('KMS Signer does not support sync signing');
-	}
-
 	/**
 	 * Prepares the signer by fetching and setting the public key from AWS KMS.
 	 * It is recommended to initialize an `AwsKmsSigner` instance using this function.

package/src/gcp/gcp-kms-client.ts

@@ -86,15 +86,6 @@ export class GcpKmsSigner extends Signer {
 		return getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());
 	}
 
-	/**
-	 * Synchronous signing is not supported by GCP KMS.
-	 * @throws Always throws an error indicating synchronous signing is unsupported.
-	 * @deprecated use `sign` instead
-	 */
-	signData(): never {
-		throw new Error('GCP Signer does not support sync signing');
-	}
-
 	/**
 	 * Creates a GCP KMS signer from the provided options.
 	 * Expects the credentials file to be set as an env variable

package/src/ledger/index.ts

@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import type HaneulLedgerClient from '@haneullabs/ledgerjs-hw-app-haneul';
-import type { HaneulClient } from '@haneullabs/haneul/client';
+import type { ClientWithCoreApi } from '@haneullabs/haneul/client';
 import type { SignatureWithBytes } from '@haneullabs/haneul/cryptography';
 import { messageWithIntent, Signer, toSerializedSignature } from '@haneullabs/haneul/cryptography';
 import { Ed25519PublicKey } from '@haneullabs/haneul/keypairs/ed25519';
@@ -13,7 +13,6 @@ import { bcs } from '@haneullabs/haneul/bcs';
 import { getInputObjects } from './objects.js';
 import type { Resolution } from '@haneullabs/ledgerjs-hw-app-haneul';
 
-export { HaneulMoveObject } from './bcs.js';
 export { getInputObjects } from './objects.js';
 
 /**
@@ -23,7 +22,7 @@ export interface LedgerSignerOptions {
 	publicKey: Ed25519PublicKey;
 	derivationPath: string;
 	ledgerClient: HaneulLedgerClient;
-	haneulClient: HaneulClient;
+	suiClient: ClientWithCoreApi;
 }
 
 /**
@@ -33,7 +32,7 @@ export class LedgerSigner extends Signer {
 	#derivationPath: string;
 	#publicKey: Ed25519PublicKey;
 	#ledgerClient: HaneulLedgerClient;
-	#haneulClient: HaneulClient;
+	#suiClient: ClientWithCoreApi;
 
 	/**
 	 * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.
@@ -42,12 +41,12 @@ export class LedgerSigner extends Signer {
 	 * const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);
 	 * ```
 	 */
-	constructor({ publicKey, derivationPath, ledgerClient, haneulClient }: LedgerSignerOptions) {
+	constructor({ publicKey, derivationPath, ledgerClient, suiClient }: LedgerSignerOptions) {
 		super();
 		this.#publicKey = publicKey;
 		this.#derivationPath = derivationPath;
 		this.#ledgerClient = ledgerClient;
-		this.#haneulClient = haneulClient;
+		this.#suiClient = suiClient;
 	}
 
 	/**
@@ -76,7 +75,7 @@ export class LedgerSigner extends Signer {
 	): Promise<SignatureWithBytes> {
 		const transactionOptions = bcsObjects
 			? { bcsObjects }
-			: await getInputObjects(Transaction.from(bytes), this.#haneulClient).catch(() => ({
+			: await getInputObjects(Transaction.from(bytes), this.#suiClient).catch(() => ({
 					// Fail gracefully so network errors or serialization issues don't break transaction signing:
 					bcsObjects: [],
 				}));
@@ -131,7 +130,7 @@ export class LedgerSigner extends Signer {
 	static async fromDerivationPath(
 		derivationPath: string,
 		ledgerClient: HaneulLedgerClient,
-		haneulClient: HaneulClient,
+		suiClient: ClientWithCoreApi,
 	) {
 		const { publicKey } = await ledgerClient.getPublicKey(derivationPath);
 		if (!publicKey) {
@@ -142,7 +141,7 @@ export class LedgerSigner extends Signer {
 			derivationPath,
 			publicKey: new Ed25519PublicKey(publicKey),
 			ledgerClient,
-			haneulClient,
+			suiClient,
 		});
 	}
 

package/src/ledger/objects.ts

@@ -2,10 +2,9 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import type { Transaction } from '@haneullabs/haneul/transactions';
-import type { HaneulClient } from '@haneullabs/haneul/client';
-import { HaneulMoveObject } from './bcs.js';
+import type { ClientWithCoreApi } from '@haneullabs/haneul/client';
 
-export const getInputObjects = async (transaction: Transaction, client: HaneulClient) => {
+export const getInputObjects = async (transaction: Transaction, client: ClientWithCoreApi) => {
 	const data = transaction.getData();
 
 	const gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];
@@ -17,40 +16,17 @@ export const getInputObjects = async (transaction: Transaction, client: HaneulCl
 		})
 		.filter((objectId): objectId is string => !!objectId);
 
-	const objects = await client.multiGetObjects({
-		ids: [...gasObjectIds, ...inputObjectIds],
-		options: {
-			showBcs: true,
-			showPreviousTransaction: true,
-			showStorageRebate: true,
-			showOwner: true,
+	const response = await client.core.getObjects({
+		objectIds: [...gasObjectIds, ...inputObjectIds],
+		include: {
+			objectBcs: true,
 		},
 	});
 
-	// NOTE: We should probably get rid of this manual serialization logic in favor of using the
-	// already serialized object bytes from the GraphQL API once there is more mainstream support
-	// for it + we can enforce the transport type on the Haneul client.
-	const bcsObjects = objects
-		.map((object) => {
-			if (object.error || !object.data || object.data.bcs?.dataType !== 'moveObject') {
-				return null;
-			}
-
-			return HaneulMoveObject.serialize({
-				data: {
-					MoveObject: {
-						type: object.data.bcs.type,
-						hasPublicTransfer: object.data.bcs.hasPublicTransfer,
-						version: object.data.bcs.version,
-						contents: object.data.bcs.bcsBytes,
-					},
-				},
-				owner: object.data.owner!,
-				previousTransaction: object.data.previousTransaction!,
-				storageRebate: object.data.storageRebate!,
-			}).toBytes();
-		})
-		.filter((bcsBytes): bcsBytes is Uint8Array<ArrayBuffer> => !!bcsBytes);
+	const bcsObjects = response.objects
+		.filter((obj): obj is Exclude<typeof obj, Error> => !(obj instanceof Error))
+		.map((object) => object.objectBcs)
+		.filter((bytes): bytes is Uint8Array<ArrayBuffer> => !!bytes);
 
 	return { bcsObjects };
 };

package/src/utils/utils.ts

@@ -1,8 +1,8 @@
 // Copyright (c) Mysten Labs, Inc.
 // SPDX-License-Identifier: Apache-2.0
 
-import { secp256r1 } from '@noble/curves/p256';
-import { secp256k1 } from '@noble/curves/secp256k1';
+import { p256 as secp256r1 } from '@noble/curves/nist.js';
+import { secp256k1 } from '@noble/curves/secp256k1.js';
 import { ASN1Construction, ASN1TagClass, DERElement } from 'asn1-ts';
 
 /** The total number of bits in the DER bit string for the uncompressed public key. */
@@ -70,14 +70,22 @@ export function getConcatenatedSignature(signature: Uint8Array, keyScheme: strin
 	const [r, s] = derElement.toJSON() as [string, string];
 
 	switch (keyScheme) {
-		case 'Secp256k1':
-			return new secp256k1.Signature(BigInt(r), BigInt(s))
-				.normalizeS()
-				.toCompactRawBytes() as Uint8Array<ArrayBuffer>;
-		case 'Secp256r1':
-			return new secp256r1.Signature(BigInt(r), BigInt(s))
-				.normalizeS()
-				.toCompactRawBytes() as Uint8Array<ArrayBuffer>;
+		case 'Secp256k1': {
+			const sig = new secp256k1.Signature(BigInt(r), BigInt(s));
+			const normalized = sig.hasHighS()
+				? new secp256k1.Signature(sig.r, secp256k1.Point.Fn.neg(sig.s))
+				: sig;
+
+			return normalized.toBytes('compact') as Uint8Array<ArrayBuffer>;
+		}
+		case 'Secp256r1': {
+			const sig = new secp256r1.Signature(BigInt(r), BigInt(s));
+			const normalized = sig.hasHighS()
+				? new secp256r1.Signature(sig.r, secp256r1.Point.Fn.neg(sig.s))
+				: sig;
+
+			return normalized.toBytes('compact') as Uint8Array<ArrayBuffer>;
+		}
 		default:
 			throw new Error('Unsupported key scheme');
 	}

package/src/webcrypto/index.ts

@@ -4,7 +4,7 @@
 import type { SignatureScheme } from '@haneullabs/haneul/cryptography';
 import { Signer } from '@haneullabs/haneul/cryptography';
 import { Secp256r1PublicKey } from '@haneullabs/haneul/keypairs/secp256r1';
-import { secp256r1 } from '@noble/curves/p256';
+import { p256 as secp256r1 } from '@noble/curves/nist.js';
 
 // Convert from uncompressed (65 bytes) to compressed (33 bytes) format
 function getCompressedPublicKey(publicKey: Uint8Array) {
@@ -101,8 +101,11 @@ export class WebCryptoSigner extends Signer {
 			bytes as BufferSource,
 		);
 
-		const signature = secp256r1.Signature.fromCompact(new Uint8Array(rawSignature));
+		const signature = secp256r1.Signature.fromBytes(new Uint8Array(rawSignature));
+		const normalizedSig = signature.hasHighS()
+			? new secp256r1.Signature(signature.r, secp256r1.Point.Fn.neg(signature.s))
+			: signature;
 
-		return signature.normalizeS().toCompactRawBytes() as Uint8Array<ArrayBuffer>;
+		return normalizedSig.toBytes('compact') as Uint8Array<ArrayBuffer>;
 	}
 }

package/aws/package.json

@@ -1,6 +0,0 @@
-{
-	"private": true,
-	"import": "../dist/esm/aws/index.js",
-	"main": "../dist/cjs/aws/index.js",
-	"sideEffects": false
-}

package/dist/cjs/aws/aws-client.d.ts

@@ -1,43 +0,0 @@
-import { Secp256k1PublicKey } from '@haneullabs/haneul/keypairs/secp256k1';
-import { Secp256r1PublicKey } from '@haneullabs/haneul/keypairs/secp256r1';
-import { AwsClient } from './aws4fetch.js';
-interface KmsCommands {
-    Sign: {
-        request: {
-            KeyId: string;
-            Message: string;
-            MessageType: 'RAW' | 'DIGEST';
-            SigningAlgorithm: 'ECDSA_SHA_256';
-        };
-        response: {
-            KeyId: string;
-            KeyOrigin: string;
-            Signature: string;
-            SigningAlgorithm: string;
-        };
-    };
-    GetPublicKey: {
-        request: {
-            KeyId: string;
-        };
-        response: {
-            CustomerMasterKeySpec: string;
-            KeyId: string;
-            KeyOrigin: string;
-            KeySpec: string;
-            KeyUsage: string;
-            PublicKey: string;
-            SigningAlgorithms: string[];
-        };
-    };
-}
-export interface AwsClientOptions extends Partial<ConstructorParameters<typeof AwsClient>[0]> {
-}
-export declare class AwsKmsClient extends AwsClient {
-    constructor(options?: AwsClientOptions);
-    getPublicKey(keyId: string): Promise<Secp256r1PublicKey | Secp256k1PublicKey>;
-    runCommand<T extends keyof KmsCommands>(command: T, body: KmsCommands[T]['request'], { region, }?: {
-        region?: string;
-    }): Promise<KmsCommands[T]['response']>;
-}
-export {};

package/dist/cjs/aws/aws-client.js

@@ -1,79 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var aws_client_exports = {};
-__export(aws_client_exports, {
-  AwsKmsClient: () => AwsKmsClient
-});
-module.exports = __toCommonJS(aws_client_exports);
-var import_secp256k1 = require("@haneullabs/haneul/keypairs/secp256k1");
-var import_secp256r1 = require("@haneullabs/haneul/keypairs/secp256r1");
-var import_utils = require("@haneullabs/haneul/utils");
-var import_utils2 = require("../utils/utils.js");
-var import_aws4fetch = require("./aws4fetch.js");
-class AwsKmsClient extends import_aws4fetch.AwsClient {
-  constructor(options = {}) {
-    if (!options.accessKeyId || !options.secretAccessKey) {
-      throw new Error("AWS Access Key ID and Secret Access Key are required");
-    }
-    if (!options.region) {
-      throw new Error("Region is required");
-    }
-    super({
-      region: options.region,
-      accessKeyId: options.accessKeyId,
-      secretAccessKey: options.secretAccessKey,
-      service: "kms",
-      ...options
-    });
-  }
-  async getPublicKey(keyId) {
-    const publicKeyResponse = await this.runCommand("GetPublicKey", { KeyId: keyId });
-    if (!publicKeyResponse.PublicKey) {
-      throw new Error("Public Key not found for the supplied `keyId`");
-    }
-    const compressedKey = (0, import_utils2.publicKeyFromDER)((0, import_utils.fromBase64)(publicKeyResponse.PublicKey));
-    switch (publicKeyResponse.KeySpec) {
-      case "ECC_NIST_P256":
-        return new import_secp256r1.Secp256r1PublicKey(compressedKey);
-      case "ECC_SECG_P256K1":
-        return new import_secp256k1.Secp256k1PublicKey(compressedKey);
-      default:
-        throw new Error("Unsupported key spec: " + publicKeyResponse.KeySpec);
-    }
-  }
-  async runCommand(command, body, {
-    region = this.region
-  } = {}) {
-    if (!region) {
-      throw new Error("Region is required");
-    }
-    const res = await this.fetch(`https://kms.${region}.amazonaws.com/`, {
-      headers: {
-        "Content-Type": "application/x-amz-json-1.1",
-        "X-Amz-Target": `TrentService.${command}`
-      },
-      body: JSON.stringify(body)
-    });
-    if (!res.ok) {
-      throw new Error(await res.text());
-    }
-    return res.json();
-  }
-}
-//# sourceMappingURL=aws-client.js.map

package/dist/cjs/aws/aws-client.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../../src/aws/aws-client.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { Secp256k1PublicKey } from '@haneullabs/haneul/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@haneullabs/haneul/keypairs/secp256r1';\nimport { fromBase64 } from '@haneullabs/haneul/utils';\n\nimport { publicKeyFromDER } from '../utils/utils.js';\nimport { AwsClient } from './aws4fetch.js';\n\ninterface KmsCommands {\n\tSign: {\n\t\trequest: {\n\t\t\tKeyId: string;\n\t\t\tMessage: string;\n\t\t\tMessageType: 'RAW' | 'DIGEST';\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256';\n\t\t};\n\t\tresponse: {\n\t\t\tKeyId: string;\n\t\t\tKeyOrigin: string;\n\t\t\tSignature: string;\n\t\t\tSigningAlgorithm: string;\n\t\t};\n\t};\n\tGetPublicKey: {\n\t\trequest: { KeyId: string };\n\t\tresponse: {\n\t\t\tCustomerMasterKeySpec: string;\n\t\t\tKeyId: string;\n\t\t\tKeyOrigin: string;\n\t\t\tKeySpec: string;\n\t\t\tKeyUsage: string;\n\t\t\tPublicKey: string;\n\t\t\tSigningAlgorithms: string[];\n\t\t};\n\t};\n}\n\nexport interface AwsClientOptions extends Partial<ConstructorParameters<typeof AwsClient>[0]> {}\n\nexport class AwsKmsClient extends AwsClient {\n\tconstructor(options: AwsClientOptions = {}) {\n\t\tif (!options.accessKeyId || !options.secretAccessKey) {\n\t\t\tthrow new Error('AWS Access Key ID and Secret Access Key are required');\n\t\t}\n\n\t\tif (!options.region) {\n\t\t\tthrow new Error('Region is required');\n\t\t}\n\n\t\tsuper({\n\t\t\tregion: options.region,\n\t\t\taccessKeyId: options.accessKeyId,\n\t\t\tsecretAccessKey: options.secretAccessKey,\n\t\t\tservice: 'kms',\n\t\t\t...options,\n\t\t});\n\t}\n\n\tasync getPublicKey(keyId: string) {\n\t\tconst publicKeyResponse = await this.runCommand('GetPublicKey', { KeyId: keyId });\n\n\t\tif (!publicKeyResponse.PublicKey) {\n\t\t\tthrow new Error('Public Key not found for the supplied `keyId`');\n\t\t}\n\n\t\tconst compressedKey = publicKeyFromDER(fromBase64(publicKeyResponse.PublicKey));\n\n\t\tswitch (publicKeyResponse.KeySpec) {\n\t\t\tcase 'ECC_NIST_P256':\n\t\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\t\tcase 'ECC_SECG_P256K1':\n\t\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\t\tdefault:\n\t\t\t\tthrow new Error('Unsupported key spec: ' + publicKeyResponse.KeySpec);\n\t\t}\n\t}\n\n\tasync runCommand<T extends keyof KmsCommands>(\n\t\tcommand: T,\n\t\tbody: KmsCommands[T]['request'],\n\t\t{\n\t\t\tregion = this.region!,\n\t\t}: {\n\t\t\tregion?: string;\n\t\t} = {},\n\t): Promise<KmsCommands[T]['response']> {\n\t\tif (!region) {\n\t\t\tthrow new Error('Region is required');\n\t\t}\n\n\t\tconst res = await this.fetch(`https://kms.${region}.amazonaws.com/`, {\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/x-amz-json-1.1',\n\t\t\t\t'X-Amz-Target': `TrentService.${command}`,\n\t\t\t},\n\t\t\tbody: JSON.stringify(body),\n\t\t});\n\n\t\tif (!res.ok) {\n\t\t\tthrow new Error(await res.text());\n\t\t}\n\n\t\treturn res.json();\n\t}\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,uBAAmC;AACnC,uBAAmC;AACnC,mBAA2B;AAE3B,IAAAA,gBAAiC;AACjC,uBAA0B;AAiCnB,MAAM,qBAAqB,2BAAU;AAAA,EAC3C,YAAY,UAA4B,CAAC,GAAG;AAC3C,QAAI,CAAC,QAAQ,eAAe,CAAC,QAAQ,iBAAiB;AACrD,YAAM,IAAI,MAAM,sDAAsD;AAAA,IACvE;AAEA,QAAI,CAAC,QAAQ,QAAQ;AACpB,YAAM,IAAI,MAAM,oBAAoB;AAAA,IACrC;AAEA,UAAM;AAAA,MACL,QAAQ,QAAQ;AAAA,MAChB,aAAa,QAAQ;AAAA,MACrB,iBAAiB,QAAQ;AAAA,MACzB,SAAS;AAAA,MACT,GAAG;AAAA,IACJ,CAAC;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,OAAe;AACjC,UAAM,oBAAoB,MAAM,KAAK,WAAW,gBAAgB,EAAE,OAAO,MAAM,CAAC;AAEhF,QAAI,CAAC,kBAAkB,WAAW;AACjC,YAAM,IAAI,MAAM,+CAA+C;AAAA,IAChE;AAEA,UAAM,oBAAgB,oCAAiB,yBAAW,kBAAkB,SAAS,CAAC;AAE9E,YAAQ,kBAAkB,SAAS;AAAA,MAClC,KAAK;AACJ,eAAO,IAAI,oCAAmB,aAAa;AAAA,MAC5C,KAAK;AACJ,eAAO,IAAI,oCAAmB,aAAa;AAAA,MAC5C;AACC,cAAM,IAAI,MAAM,2BAA2B,kBAAkB,OAAO;AAAA,IACtE;AAAA,EACD;AAAA,EAEA,MAAM,WACL,SACA,MACA;AAAA,IACC,SAAS,KAAK;AAAA,EACf,IAEI,CAAC,GACiC;AACtC,QAAI,CAAC,QAAQ;AACZ,YAAM,IAAI,MAAM,oBAAoB;AAAA,IACrC;AAEA,UAAM,MAAM,MAAM,KAAK,MAAM,eAAe,MAAM,mBAAmB;AAAA,MACpE,SAAS;AAAA,QACR,gBAAgB;AAAA,QAChB,gBAAgB,gBAAgB,OAAO;AAAA,MACxC;AAAA,MACA,MAAM,KAAK,UAAU,IAAI;AAAA,IAC1B,CAAC;AAED,QAAI,CAAC,IAAI,IAAI;AACZ,YAAM,IAAI,MAAM,MAAM,IAAI,KAAK,CAAC;AAAA,IACjC;AAEA,WAAO,IAAI,KAAK;AAAA,EACjB;AACD;",
-  "names": ["import_utils"]
-}

package/dist/cjs/aws/aws-kms-signer.d.ts

@@ -1,61 +0,0 @@
-import type { PublicKey } from '@haneullabs/haneul/cryptography';
-import { Signer } from '@haneullabs/haneul/cryptography';
-import type { AwsClientOptions } from './aws-client.js';
-import { AwsKmsClient } from './aws-client.js';
-/**
- * Configuration options for initializing the AwsKmsSigner.
- */
-export interface AwsKmsSignerOptions {
-    /** AWS KMS Key ID used for signing */
-    kmsKeyId: string;
-    /** Options for setting up the AWS KMS client */
-    client: AwsKmsClient;
-    /** Public key */
-    publicKey: PublicKey;
-}
-/**
- * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Haneul blockchain
- * to provide signing capabilities using AWS-managed cryptographic keys.
- */
-export declare class AwsKmsSigner extends Signer {
-    #private;
-    /**
-     * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.
-     * For example:
-     * ```
-     * const signer = await AwsKmsSigner.fromKeyId(keyId, options);
-     * ```
-     * @throws Will throw an error if required AWS credentials or region are not provided.
-     */
-    constructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions);
-    /**
-     * Retrieves the key scheme used by this signer.
-     * @returns AWS supports only Secp256k1 and Secp256r1 schemes.
-     */
-    getKeyScheme(): "Secp256k1" | "Secp256r1" | "ED25519" | "MultiSig" | "ZkLogin" | "Passkey";
-    /**
-     * Retrieves the public key associated with this signer.
-     * @returns The Secp256k1PublicKey instance.
-     * @throws Will throw an error if the public key has not been initialized.
-     */
-    getPublicKey(): PublicKey;
-    /**
-     * Signs the given data using AWS KMS.
-     * @param bytes - The data to be signed as a Uint8Array.
-     * @returns A promise that resolves to the signature as a Uint8Array.
-     * @throws Will throw an error if the public key is not initialized or if signing fails.
-     */
-    sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
-    /**
-     * Synchronous signing is not supported by AWS KMS.
-     * @throws Always throws an error indicating synchronous signing is unsupported.
-     * @deprecated use `sign` instead
-     */
-    signData(): never;
-    /**
-     * Prepares the signer by fetching and setting the public key from AWS KMS.
-     * It is recommended to initialize an `AwsKmsSigner` instance using this function.
-     * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).
-     */
-    static fromKeyId(keyId: string, options: AwsClientOptions): Promise<AwsKmsSigner>;
-}