@metamask/eth-ledger-bridge-keyring 12.0.3 → 12.2.0

package/dist/dmk/eth-get-app-configuration-command.mjs

@@ -0,0 +1,151 @@
+import { ApduBuilder, ApduParser, CommandResultFactory, InvalidStatusWordError } from "@ledgerhq/device-management-kit";
+const CLA = 0xe0;
+const INS = 0x06;
+// Feature flags defined by the Ethereum app `getAppConfiguration` APDU spec.
+// See: https://github.com/LedgerHQ/app-ethereum/blob/master/doc/ethapp.adoc#get-app-configuration
+//   0x01 - arbitrary data signature enabled by user (blind signing)
+//   0x02 - ERC 20 Token information needs to be provided externally
+//   0x10 - Transaction Check enabled (web3 checks)
+//   0x20 - Transaction Check Opt-In done (web3 checks opt-in)
+const BLIND_SIGNING_FLAG = 0x01;
+const WEB3_CHECKS_ENABLED_FLAG = 0x10;
+const WEB3_CHECKS_OPT_IN_FLAG = 0x20;
+const SUCCESS_STATUS_WORD_HI = 0x90;
+const SUCCESS_STATUS_WORD_LO = 0x00;
+/**
+ * Discriminator (`_tag`) used by `EthGetAppConfigurationCommand` when raising
+ * a {@link DeviceExchangeError}. Exported so tests and translators can
+ * reference the canonical string instead of repeating a magic literal.
+ */
+export const ETH_APP_COMMAND_ERROR_TAG = 'EthAppCommandError';
+/**
+ * Reads the Ethereum app configuration via the Ethereum application's
+ * `getAppConfiguration` APDU (CLA `0xE0`, INS `0x06`).
+ *
+ * ## Wire format
+ *
+ * Defined by the Ethereum application APDU specification
+ * ([`doc/ethapp.adoc`](https://github.com/LedgerHQ/app-ethereum/blob/master/doc/ethapp.adoc#get-app-configuration),
+ * § *GET APP CONFIGURATION*).
+ *
+ * The 4-byte response payload is laid out as:
+ *
+ * ```
+ *  byte 0       flags bitmask
+ *  bytes 1..3   app version (major, minor, patch)
+ * ```
+ *
+ * The `flags` byte is defined by the spec as:
+ *
+ * ```
+ *  0x01  arbitrary data signature enabled by user     (blind signing)
+ *  0x02  ERC 20 Token information needs to be provided externally
+ *  0x10  Transaction Check enabled                    (web3 checks)
+ *  0x20  Transaction Check Opt-In done                (web3 checks opt-in)
+ * ```
+ *
+ * This command mirrors the implementation in
+ * [`@ledgerhq/device-signer-kit-ethereum`](https://github.com/LedgerHQ/device-sdk-ts/blob/main/packages/signer/signer-eth/src/internal/app-binder/command/GetAppConfigurationCommand.ts)
+ * (`internal/app-binder/command/GetAppConfigurationCommand`), which is not
+ * re-exported from that package's public entry point. Until the signer kit
+ * exposes `GetAppConfiguration` publicly, this module is the only way to
+ * invoke the Ethereum `getAppConfiguration` APDU through the DMK
+ * `sendCommand` API.
+ *
+ * ## Related APDU docs
+ *
+ * The other Ethereum APDUs the DMK signer kit sends on our behalf are also
+ * defined in the same `ethapp.adoc` document:
+ *
+ * - `GET ETH PUBLIC ADDRESS`        — INS `0x02`
+ * - `SIGN ETH TRANSACTION`          — INS `0x04`
+ * - `SIGN ETH PERSONAL MESSAGE`     — INS `0x08`
+ * - `SIGN ETH EIP 712`              — INS `0x0C`
+ * - `SIGN EIP 7702 AUTHORIZATION`   — INS `0x34`
+ *
+ * ## Distinguishing DMK commands
+ *
+ * Note: this command is distinct from the DMK OS-level
+ * [`GetAppAndVersionCommand`](https://github.com/LedgerHQ/device-sdk-ts/blob/main/packages/device-management-kit/src/api/command/os/GetAppAndVersionCommand.ts)
+ * (`@ledgerhq/device-management-kit`), which returns only the app's name and
+ * version and does not expose Ethereum-specific feature flags.
+ */
+export class EthGetAppConfigurationCommand {
+    constructor() {
+        this.name = 'getAppConfiguration';
+    }
+    getApdu() {
+        return new ApduBuilder({ cla: CLA, ins: INS, p1: 0, p2: 0 }).build();
+    }
+    parseResponse(response) {
+        if (!isSuccessStatusCode(response.statusCode)) {
+            return CommandResultFactory({
+                error: createEthAppCommandError(response.statusCode),
+            });
+        }
+        const parser = new ApduParser(response);
+        const flags = parser.extract8BitUInt();
+        if (flags === undefined) {
+            return CommandResultFactory({
+                error: new InvalidStatusWordError('Cannot extract config flags from response body'),
+            });
+        }
+        const major = parser.extract8BitUInt();
+        const minor = parser.extract8BitUInt();
+        const patch = parser.extract8BitUInt();
+        if (major === undefined || minor === undefined || patch === undefined) {
+            return CommandResultFactory({
+                error: new InvalidStatusWordError('Cannot extract version bytes from response body'),
+            });
+        }
+        return CommandResultFactory({
+            data: {
+                blindSigningEnabled: isFlagSet(flags, BLIND_SIGNING_FLAG),
+                web3ChecksEnabled: isFlagSet(flags, WEB3_CHECKS_ENABLED_FLAG),
+                web3ChecksOptIn: isFlagSet(flags, WEB3_CHECKS_OPT_IN_FLAG),
+                version: `${major}.${minor}.${patch}`,
+            },
+        });
+    }
+}
+/**
+ * Test whether a single-bit flag is set in a bitmask.
+ *
+ * Per the Ethereum `getAppConfiguration` APDU spec
+ * ([ethapp.adoc](https://github.com/LedgerHQ/app-ethereum/blob/master/doc/ethapp.adoc#get-app-configuration)),
+ * each supported feature occupies one bit of the `flags` byte. The spec
+ * defines *which* bits carry meaning (`0x01`, `0x10`, `0x20`); it does not
+ * prescribe an implementation technique for testing them. Bitwise AND is
+ * the idiomatic way to test a single bit in any language, and is the
+ * same formulation used by Ledger's own
+ * [`GetAppConfiguration`](https://github.com/LedgerHQ/device-sdk-ts/blob/main/packages/signer/signer-eth/src/internal/app-binder/command/GetAppConfigurationCommand.ts)
+ * implementation upstream.
+ *
+ * @param flags - The bitmask (the first response byte).
+ * @param flag - The single-bit value to test (e.g. `0x01`, `0x10`, `0x20`).
+ * @returns `true` if the bit is set, `false` otherwise.
+ */
+function isFlagSet(flags, flag) {
+    // Bitwise AND is the idiomatic way to test a single-bit flag in a
+    // bitmask and matches the upstream Ledger implementation; the
+    // `ethapp.adoc` spec defines the flag *values* (0x01, 0x10, 0x20) but
+    // leaves the testing technique to the implementer.
+    // eslint-disable-next-line no-bitwise
+    return (flags & flag) !== 0;
+}
+function isSuccessStatusCode(statusCode) {
+    return (statusCode[0] === SUCCESS_STATUS_WORD_HI &&
+        statusCode[1] === SUCCESS_STATUS_WORD_LO);
+}
+function createEthAppCommandError(statusCode) {
+    const errorCode = Array.from(statusCode)
+        .map((byte) => byte.toString(16).padStart(2, '0'))
+        .join('');
+    return {
+        _tag: ETH_APP_COMMAND_ERROR_TAG,
+        errorCode,
+        message: `Ledger Ethereum app command failed with status 0x${errorCode}.`,
+        originalError: undefined,
+    };
+}
+//# sourceMappingURL=eth-get-app-configuration-command.mjs.map

package/dist/dmk/eth-get-app-configuration-command.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"eth-get-app-configuration-command.mjs","sourceRoot":"","sources":["../../src/dmk/eth-get-app-configuration-command.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,WAAW,EACX,UAAU,EACV,oBAAoB,EACpB,sBAAsB,EACvB,wCAAwC;AASzC,MAAM,GAAG,GAAG,IAAI,CAAC;AACjB,MAAM,GAAG,GAAG,IAAI,CAAC;AACjB,6EAA6E;AAC7E,kGAAkG;AAClG,oEAAoE;AACpE,oEAAoE;AACpE,mDAAmD;AACnD,8DAA8D;AAC9D,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAChC,MAAM,wBAAwB,GAAG,IAAI,CAAC;AACtC,MAAM,uBAAuB,GAAG,IAAI,CAAC;AACrC,MAAM,sBAAsB,GAAG,IAAI,CAAC;AACpC,MAAM,sBAAsB,GAAG,IAAI,CAAC;AAEpC;;;;GAIG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,oBAAoB,CAAC;AAE9D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AACH,MAAM,OAAO,6BAA6B;IAA1C;QAKW,SAAI,GAAG,qBAAqB,CAAC;IA8CxC,CAAC;IA5CC,OAAO;QACL,OAAO,IAAI,WAAW,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;IACvE,CAAC;IAED,aAAa,CACX,QAAsB;QAEtB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9C,OAAO,oBAAoB,CAAC;gBAC1B,KAAK,EAAE,wBAAwB,CAAC,QAAQ,CAAC,UAAU,CAAC;aACrD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;QAExC,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;QACvC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,oBAAoB,CAAC;gBAC1B,KAAK,EAAE,IAAI,sBAAsB,CAC/B,gDAAgD,CACjD;aACF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;QACvC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACtE,OAAO,oBAAoB,CAAC;gBAC1B,KAAK,EAAE,IAAI,sBAAsB,CAC/B,iDAAiD,CAClD;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO,oBAAoB,CAAC;YAC1B,IAAI,EAAE;gBACJ,mBAAmB,EAAE,SAAS,CAAC,KAAK,EAAE,kBAAkB,CAAC;gBACzD,iBAAiB,EAAE,SAAS,CAAC,KAAK,EAAE,wBAAwB,CAAC;gBAC7D,eAAe,EAAE,SAAS,CAAC,KAAK,EAAE,uBAAuB,CAAC;gBAC1D,OAAO,EAAE,GAAG,KAAK,IAAI,KAAK,IAAI,KAAK,EAAE;aACtC;SACF,CAAC,CAAC;IACL,CAAC;CACF;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,SAAS,SAAS,CAAC,KAAa,EAAE,IAAY;IAC5C,kEAAkE;IAClE,8DAA8D;IAC9D,sEAAsE;IACtE,mDAAmD;IACnD,sCAAsC;IACtC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,mBAAmB,CAAC,UAAsB;IACjD,OAAO,CACL,UAAU,CAAC,CAAC,CAAC,KAAK,sBAAsB;QACxC,UAAU,CAAC,CAAC,CAAC,KAAK,sBAAsB,CACzC,CAAC;AACJ,CAAC;AAED,SAAS,wBAAwB,CAC/B,UAAsB;IAEtB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;SACrC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACjD,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,OAAO;QACL,IAAI,EAAE,yBAAyB;QAC/B,SAAS;QACT,OAAO,EAAE,oDAAoD,SAAS,GAAG;QACzE,aAAa,EAAE,SAAS;KACzB,CAAC;AACJ,CAAC","sourcesContent":["import type {\n  Apdu,\n  ApduResponse,\n  Command,\n  CommandResult,\n  DeviceExchangeError,\n} from '@ledgerhq/device-management-kit';\nimport {\n  ApduBuilder,\n  ApduParser,\n  CommandResultFactory,\n  InvalidStatusWordError,\n} from '@ledgerhq/device-management-kit';\n\nexport type EthGetAppConfigurationResponse = {\n  readonly blindSigningEnabled: boolean;\n  readonly web3ChecksEnabled: boolean;\n  readonly web3ChecksOptIn: boolean;\n  readonly version: string;\n};\n\nconst CLA = 0xe0;\nconst INS = 0x06;\n// Feature flags defined by the Ethereum app `getAppConfiguration` APDU spec.\n// See: https://github.com/LedgerHQ/app-ethereum/blob/master/doc/ethapp.adoc#get-app-configuration\n//   0x01 - arbitrary data signature enabled by user (blind signing)\n//   0x02 - ERC 20 Token information needs to be provided externally\n//   0x10 - Transaction Check enabled (web3 checks)\n//   0x20 - Transaction Check Opt-In done (web3 checks opt-in)\nconst BLIND_SIGNING_FLAG = 0x01;\nconst WEB3_CHECKS_ENABLED_FLAG = 0x10;\nconst WEB3_CHECKS_OPT_IN_FLAG = 0x20;\nconst SUCCESS_STATUS_WORD_HI = 0x90;\nconst SUCCESS_STATUS_WORD_LO = 0x00;\n\n/**\n * Discriminator (`_tag`) used by `EthGetAppConfigurationCommand` when raising\n * a {@link DeviceExchangeError}. Exported so tests and translators can\n * reference the canonical string instead of repeating a magic literal.\n */\nexport const ETH_APP_COMMAND_ERROR_TAG = 'EthAppCommandError';\n\n/**\n * Reads the Ethereum app configuration via the Ethereum application's\n * `getAppConfiguration` APDU (CLA `0xE0`, INS `0x06`).\n *\n * ## Wire format\n *\n * Defined by the Ethereum application APDU specification\n * ([`doc/ethapp.adoc`](https://github.com/LedgerHQ/app-ethereum/blob/master/doc/ethapp.adoc#get-app-configuration),\n * § *GET APP CONFIGURATION*).\n *\n * The 4-byte response payload is laid out as:\n *\n * ```\n *  byte 0       flags bitmask\n *  bytes 1..3   app version (major, minor, patch)\n * ```\n *\n * The `flags` byte is defined by the spec as:\n *\n * ```\n *  0x01  arbitrary data signature enabled by user     (blind signing)\n *  0x02  ERC 20 Token information needs to be provided externally\n *  0x10  Transaction Check enabled                    (web3 checks)\n *  0x20  Transaction Check Opt-In done                (web3 checks opt-in)\n * ```\n *\n * This command mirrors the implementation in\n * [`@ledgerhq/device-signer-kit-ethereum`](https://github.com/LedgerHQ/device-sdk-ts/blob/main/packages/signer/signer-eth/src/internal/app-binder/command/GetAppConfigurationCommand.ts)\n * (`internal/app-binder/command/GetAppConfigurationCommand`), which is not\n * re-exported from that package's public entry point. Until the signer kit\n * exposes `GetAppConfiguration` publicly, this module is the only way to\n * invoke the Ethereum `getAppConfiguration` APDU through the DMK\n * `sendCommand` API.\n *\n * ## Related APDU docs\n *\n * The other Ethereum APDUs the DMK signer kit sends on our behalf are also\n * defined in the same `ethapp.adoc` document:\n *\n * - `GET ETH PUBLIC ADDRESS`        — INS `0x02`\n * - `SIGN ETH TRANSACTION`          — INS `0x04`\n * - `SIGN ETH PERSONAL MESSAGE`     — INS `0x08`\n * - `SIGN ETH EIP 712`              — INS `0x0C`\n * - `SIGN EIP 7702 AUTHORIZATION`   — INS `0x34`\n *\n * ## Distinguishing DMK commands\n *\n * Note: this command is distinct from the DMK OS-level\n * [`GetAppAndVersionCommand`](https://github.com/LedgerHQ/device-sdk-ts/blob/main/packages/device-management-kit/src/api/command/os/GetAppAndVersionCommand.ts)\n * (`@ledgerhq/device-management-kit`), which returns only the app's name and\n * version and does not expose Ethereum-specific feature flags.\n */\nexport class EthGetAppConfigurationCommand implements Command<\n  EthGetAppConfigurationResponse,\n  void,\n  string\n> {\n  readonly name = 'getAppConfiguration';\n\n  getApdu(): Apdu {\n    return new ApduBuilder({ cla: CLA, ins: INS, p1: 0, p2: 0 }).build();\n  }\n\n  parseResponse(\n    response: ApduResponse,\n  ): CommandResult<EthGetAppConfigurationResponse, string> {\n    if (!isSuccessStatusCode(response.statusCode)) {\n      return CommandResultFactory({\n        error: createEthAppCommandError(response.statusCode),\n      });\n    }\n\n    const parser = new ApduParser(response);\n\n    const flags = parser.extract8BitUInt();\n    if (flags === undefined) {\n      return CommandResultFactory({\n        error: new InvalidStatusWordError(\n          'Cannot extract config flags from response body',\n        ),\n      });\n    }\n\n    const major = parser.extract8BitUInt();\n    const minor = parser.extract8BitUInt();\n    const patch = parser.extract8BitUInt();\n    if (major === undefined || minor === undefined || patch === undefined) {\n      return CommandResultFactory({\n        error: new InvalidStatusWordError(\n          'Cannot extract version bytes from response body',\n        ),\n      });\n    }\n\n    return CommandResultFactory({\n      data: {\n        blindSigningEnabled: isFlagSet(flags, BLIND_SIGNING_FLAG),\n        web3ChecksEnabled: isFlagSet(flags, WEB3_CHECKS_ENABLED_FLAG),\n        web3ChecksOptIn: isFlagSet(flags, WEB3_CHECKS_OPT_IN_FLAG),\n        version: `${major}.${minor}.${patch}`,\n      },\n    });\n  }\n}\n\n/**\n * Test whether a single-bit flag is set in a bitmask.\n *\n * Per the Ethereum `getAppConfiguration` APDU spec\n * ([ethapp.adoc](https://github.com/LedgerHQ/app-ethereum/blob/master/doc/ethapp.adoc#get-app-configuration)),\n * each supported feature occupies one bit of the `flags` byte. The spec\n * defines *which* bits carry meaning (`0x01`, `0x10`, `0x20`); it does not\n * prescribe an implementation technique for testing them. Bitwise AND is\n * the idiomatic way to test a single bit in any language, and is the\n * same formulation used by Ledger's own\n * [`GetAppConfiguration`](https://github.com/LedgerHQ/device-sdk-ts/blob/main/packages/signer/signer-eth/src/internal/app-binder/command/GetAppConfigurationCommand.ts)\n * implementation upstream.\n *\n * @param flags - The bitmask (the first response byte).\n * @param flag - The single-bit value to test (e.g. `0x01`, `0x10`, `0x20`).\n * @returns `true` if the bit is set, `false` otherwise.\n */\nfunction isFlagSet(flags: number, flag: number): boolean {\n  // Bitwise AND is the idiomatic way to test a single-bit flag in a\n  // bitmask and matches the upstream Ledger implementation; the\n  // `ethapp.adoc` spec defines the flag *values* (0x01, 0x10, 0x20) but\n  // leaves the testing technique to the implementer.\n  // eslint-disable-next-line no-bitwise\n  return (flags & flag) !== 0;\n}\n\nfunction isSuccessStatusCode(statusCode: Uint8Array): boolean {\n  return (\n    statusCode[0] === SUCCESS_STATUS_WORD_HI &&\n    statusCode[1] === SUCCESS_STATUS_WORD_LO\n  );\n}\n\nfunction createEthAppCommandError(\n  statusCode: Uint8Array,\n): DeviceExchangeError<string> {\n  const errorCode = Array.from(statusCode)\n    .map((byte) => byte.toString(16).padStart(2, '0'))\n    .join('');\n\n  return {\n    _tag: ETH_APP_COMMAND_ERROR_TAG,\n    errorCode,\n    message: `Ledger Ethereum app command failed with status 0x${errorCode}.`,\n    originalError: undefined,\n  };\n}\n"]}

package/dist/dmk/internal-utils.cjs

@@ -0,0 +1,81 @@
+"use strict";
+/**
+ * Pure helpers shared by the DMK bridge and its tests. Extracted from
+ * `LedgerDmkBridge` so they can be unit-tested in isolation and reused
+ * without an instance.
+ *
+ * @module dmk/internal-utils
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hexToBytes = exports.toHexString = exports.stripPathPrefix = exports.stripHexPrefix = void 0;
+/**
+ * Strip a leading `0x` from a hex string, if present.
+ *
+ * @param value - The hex string (with or without `0x` prefix).
+ * @returns The hex string with no `0x` prefix.
+ */
+function stripHexPrefix(value) {
+    return value.startsWith('0x') ? value.slice(2) : value;
+}
+exports.stripHexPrefix = stripHexPrefix;
+/**
+ * Strip the leading `m/` from a BIP-32 derivation path.
+ *
+ * DMK / signer-kit accepts paths without the leading `m/`.
+ *
+ * @param path - The BIP-32 path (e.g. `m/44'/60'/0'/0/0`).
+ * @returns The path with no leading `m/`.
+ */
+function stripPathPrefix(path) {
+    return path.replace(/^m\//u, '');
+}
+exports.stripPathPrefix = stripPathPrefix;
+/**
+ * Normalize a signature `v` (or any numeric/string hex-ish value) to a hex
+ * string without `0x` prefix.
+ *
+ * @param value - The raw value (`bigint`, `number`, or hex string).
+ * @returns The hex string with no `0x` prefix.
+ */
+function toHexString(value) {
+    if (typeof value === 'string') {
+        return stripHexPrefix(value);
+    }
+    return value.toString(16);
+}
+exports.toHexString = toHexString;
+const HEX_PAIR_REGEX = /^[0-9a-fA-F]{2}$/u;
+/**
+ * Convert a hex string to a `Uint8Array`. Strips a leading `0x` if present.
+ *
+ * Throws on inputs that would silently produce wrong bytes:
+ *  - odd-length strings (e.g. `'abc'`)
+ *  - non-hex characters (e.g. `'zz'`)
+ *
+ * @param value - The hex string (with or without `0x` prefix).
+ * @returns The decoded bytes.
+ * @throws {Error} If the input has odd length or contains non-hex characters.
+ */
+function hexToBytes(value) {
+    const normalized = stripHexPrefix(value);
+    if (normalized.length === 0) {
+        return Uint8Array.from([]);
+    }
+    if (normalized.length % 2 !== 0) {
+        throw new Error('Hex string must have an even number of characters (got ' +
+            `${normalized.length}): "${normalized}"`);
+    }
+    const pairs = normalized.match(/.{1,2}/gu);
+    if (!pairs) {
+        // Should be unreachable given the length check above; defensive.
+        return Uint8Array.from([]);
+    }
+    for (const pair of pairs) {
+        if (!HEX_PAIR_REGEX.test(pair)) {
+            throw new Error(`Hex string contains non-hex characters: "${pair}" in "${normalized}"`);
+        }
+    }
+    return Uint8Array.from(pairs.map((pair) => parseInt(pair, 16)));
+}
+exports.hexToBytes = hexToBytes;
+//# sourceMappingURL=internal-utils.cjs.map

package/dist/dmk/internal-utils.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal-utils.cjs","sourceRoot":"","sources":["../../src/dmk/internal-utils.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAEH;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,KAAa;IAC1C,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AACzD,CAAC;AAFD,wCAEC;AAED;;;;;;;GAOG;AACH,SAAgB,eAAe,CAAC,IAAY;IAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AACnC,CAAC;AAFD,0CAEC;AAED;;;;;;GAMG;AACH,SAAgB,WAAW,CAAC,KAA+B;IACzD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IACD,OAAO,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC5B,CAAC;AALD,kCAKC;AAED,MAAM,cAAc,GAAG,mBAAmB,CAAC;AAE3C;;;;;;;;;;GAUG;AACH,SAAgB,UAAU,CAAC,KAAa;IACtC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACzC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CACb,yDAAyD;YACvD,GAAG,UAAU,CAAC,MAAM,OAAO,UAAU,GAAG,CAC3C,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,iEAAiE;QACjE,OAAO,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,4CAA4C,IAAI,SAAS,UAAU,GAAG,CACvE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;AAClE,CAAC;AA3BD,gCA2BC","sourcesContent":["/**\n * Pure helpers shared by the DMK bridge and its tests. Extracted from\n * `LedgerDmkBridge` so they can be unit-tested in isolation and reused\n * without an instance.\n *\n * @module dmk/internal-utils\n */\n\n/**\n * Strip a leading `0x` from a hex string, if present.\n *\n * @param value - The hex string (with or without `0x` prefix).\n * @returns The hex string with no `0x` prefix.\n */\nexport function stripHexPrefix(value: string): string {\n  return value.startsWith('0x') ? value.slice(2) : value;\n}\n\n/**\n * Strip the leading `m/` from a BIP-32 derivation path.\n *\n * DMK / signer-kit accepts paths without the leading `m/`.\n *\n * @param path - The BIP-32 path (e.g. `m/44'/60'/0'/0/0`).\n * @returns The path with no leading `m/`.\n */\nexport function stripPathPrefix(path: string): string {\n  return path.replace(/^m\\//u, '');\n}\n\n/**\n * Normalize a signature `v` (or any numeric/string hex-ish value) to a hex\n * string without `0x` prefix.\n *\n * @param value - The raw value (`bigint`, `number`, or hex string).\n * @returns The hex string with no `0x` prefix.\n */\nexport function toHexString(value: bigint | number | string): string {\n  if (typeof value === 'string') {\n    return stripHexPrefix(value);\n  }\n  return value.toString(16);\n}\n\nconst HEX_PAIR_REGEX = /^[0-9a-fA-F]{2}$/u;\n\n/**\n * Convert a hex string to a `Uint8Array`. Strips a leading `0x` if present.\n *\n * Throws on inputs that would silently produce wrong bytes:\n *  - odd-length strings (e.g. `'abc'`)\n *  - non-hex characters (e.g. `'zz'`)\n *\n * @param value - The hex string (with or without `0x` prefix).\n * @returns The decoded bytes.\n * @throws {Error} If the input has odd length or contains non-hex characters.\n */\nexport function hexToBytes(value: string): Uint8Array {\n  const normalized = stripHexPrefix(value);\n  if (normalized.length === 0) {\n    return Uint8Array.from([]);\n  }\n  if (normalized.length % 2 !== 0) {\n    throw new Error(\n      'Hex string must have an even number of characters (got ' +\n        `${normalized.length}): \"${normalized}\"`,\n    );\n  }\n\n  const pairs = normalized.match(/.{1,2}/gu);\n  if (!pairs) {\n    // Should be unreachable given the length check above; defensive.\n    return Uint8Array.from([]);\n  }\n\n  for (const pair of pairs) {\n    if (!HEX_PAIR_REGEX.test(pair)) {\n      throw new Error(\n        `Hex string contains non-hex characters: \"${pair}\" in \"${normalized}\"`,\n      );\n    }\n  }\n\n  return Uint8Array.from(pairs.map((pair) => parseInt(pair, 16)));\n}\n"]}

package/dist/dmk/internal-utils.d.cts

@@ -0,0 +1,44 @@
+/**
+ * Pure helpers shared by the DMK bridge and its tests. Extracted from
+ * `LedgerDmkBridge` so they can be unit-tested in isolation and reused
+ * without an instance.
+ *
+ * @module dmk/internal-utils
+ */
+/**
+ * Strip a leading `0x` from a hex string, if present.
+ *
+ * @param value - The hex string (with or without `0x` prefix).
+ * @returns The hex string with no `0x` prefix.
+ */
+export declare function stripHexPrefix(value: string): string;
+/**
+ * Strip the leading `m/` from a BIP-32 derivation path.
+ *
+ * DMK / signer-kit accepts paths without the leading `m/`.
+ *
+ * @param path - The BIP-32 path (e.g. `m/44'/60'/0'/0/0`).
+ * @returns The path with no leading `m/`.
+ */
+export declare function stripPathPrefix(path: string): string;
+/**
+ * Normalize a signature `v` (or any numeric/string hex-ish value) to a hex
+ * string without `0x` prefix.
+ *
+ * @param value - The raw value (`bigint`, `number`, or hex string).
+ * @returns The hex string with no `0x` prefix.
+ */
+export declare function toHexString(value: bigint | number | string): string;
+/**
+ * Convert a hex string to a `Uint8Array`. Strips a leading `0x` if present.
+ *
+ * Throws on inputs that would silently produce wrong bytes:
+ *  - odd-length strings (e.g. `'abc'`)
+ *  - non-hex characters (e.g. `'zz'`)
+ *
+ * @param value - The hex string (with or without `0x` prefix).
+ * @returns The decoded bytes.
+ * @throws {Error} If the input has odd length or contains non-hex characters.
+ */
+export declare function hexToBytes(value: string): Uint8Array;
+//# sourceMappingURL=internal-utils.d.cts.map

package/dist/dmk/internal-utils.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal-utils.d.cts","sourceRoot":"","sources":["../../src/dmk/internal-utils.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAKnE;AAID;;;;;;;;;;GAUG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CA2BpD"}

package/dist/dmk/internal-utils.d.mts

@@ -0,0 +1,44 @@
+/**
+ * Pure helpers shared by the DMK bridge and its tests. Extracted from
+ * `LedgerDmkBridge` so they can be unit-tested in isolation and reused
+ * without an instance.
+ *
+ * @module dmk/internal-utils
+ */
+/**
+ * Strip a leading `0x` from a hex string, if present.
+ *
+ * @param value - The hex string (with or without `0x` prefix).
+ * @returns The hex string with no `0x` prefix.
+ */
+export declare function stripHexPrefix(value: string): string;
+/**
+ * Strip the leading `m/` from a BIP-32 derivation path.
+ *
+ * DMK / signer-kit accepts paths without the leading `m/`.
+ *
+ * @param path - The BIP-32 path (e.g. `m/44'/60'/0'/0/0`).
+ * @returns The path with no leading `m/`.
+ */
+export declare function stripPathPrefix(path: string): string;
+/**
+ * Normalize a signature `v` (or any numeric/string hex-ish value) to a hex
+ * string without `0x` prefix.
+ *
+ * @param value - The raw value (`bigint`, `number`, or hex string).
+ * @returns The hex string with no `0x` prefix.
+ */
+export declare function toHexString(value: bigint | number | string): string;
+/**
+ * Convert a hex string to a `Uint8Array`. Strips a leading `0x` if present.
+ *
+ * Throws on inputs that would silently produce wrong bytes:
+ *  - odd-length strings (e.g. `'abc'`)
+ *  - non-hex characters (e.g. `'zz'`)
+ *
+ * @param value - The hex string (with or without `0x` prefix).
+ * @returns The decoded bytes.
+ * @throws {Error} If the input has odd length or contains non-hex characters.
+ */
+export declare function hexToBytes(value: string): Uint8Array;
+//# sourceMappingURL=internal-utils.d.mts.map

package/dist/dmk/internal-utils.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal-utils.d.mts","sourceRoot":"","sources":["../../src/dmk/internal-utils.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAKnE;AAID;;;;;;;;;;GAUG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CA2BpD"}

package/dist/dmk/internal-utils.mjs

@@ -0,0 +1,74 @@
+/**
+ * Pure helpers shared by the DMK bridge and its tests. Extracted from
+ * `LedgerDmkBridge` so they can be unit-tested in isolation and reused
+ * without an instance.
+ *
+ * @module dmk/internal-utils
+ */
+/**
+ * Strip a leading `0x` from a hex string, if present.
+ *
+ * @param value - The hex string (with or without `0x` prefix).
+ * @returns The hex string with no `0x` prefix.
+ */
+export function stripHexPrefix(value) {
+    return value.startsWith('0x') ? value.slice(2) : value;
+}
+/**
+ * Strip the leading `m/` from a BIP-32 derivation path.
+ *
+ * DMK / signer-kit accepts paths without the leading `m/`.
+ *
+ * @param path - The BIP-32 path (e.g. `m/44'/60'/0'/0/0`).
+ * @returns The path with no leading `m/`.
+ */
+export function stripPathPrefix(path) {
+    return path.replace(/^m\//u, '');
+}
+/**
+ * Normalize a signature `v` (or any numeric/string hex-ish value) to a hex
+ * string without `0x` prefix.
+ *
+ * @param value - The raw value (`bigint`, `number`, or hex string).
+ * @returns The hex string with no `0x` prefix.
+ */
+export function toHexString(value) {
+    if (typeof value === 'string') {
+        return stripHexPrefix(value);
+    }
+    return value.toString(16);
+}
+const HEX_PAIR_REGEX = /^[0-9a-fA-F]{2}$/u;
+/**
+ * Convert a hex string to a `Uint8Array`. Strips a leading `0x` if present.
+ *
+ * Throws on inputs that would silently produce wrong bytes:
+ *  - odd-length strings (e.g. `'abc'`)
+ *  - non-hex characters (e.g. `'zz'`)
+ *
+ * @param value - The hex string (with or without `0x` prefix).
+ * @returns The decoded bytes.
+ * @throws {Error} If the input has odd length or contains non-hex characters.
+ */
+export function hexToBytes(value) {
+    const normalized = stripHexPrefix(value);
+    if (normalized.length === 0) {
+        return Uint8Array.from([]);
+    }
+    if (normalized.length % 2 !== 0) {
+        throw new Error('Hex string must have an even number of characters (got ' +
+            `${normalized.length}): "${normalized}"`);
+    }
+    const pairs = normalized.match(/.{1,2}/gu);
+    if (!pairs) {
+        // Should be unreachable given the length check above; defensive.
+        return Uint8Array.from([]);
+    }
+    for (const pair of pairs) {
+        if (!HEX_PAIR_REGEX.test(pair)) {
+            throw new Error(`Hex string contains non-hex characters: "${pair}" in "${normalized}"`);
+        }
+    }
+    return Uint8Array.from(pairs.map((pair) => parseInt(pair, 16)));
+}
+//# sourceMappingURL=internal-utils.mjs.map

package/dist/dmk/internal-utils.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal-utils.mjs","sourceRoot":"","sources":["../../src/dmk/internal-utils.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AACzD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AACnC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,KAA+B;IACzD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IACD,OAAO,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,cAAc,GAAG,mBAAmB,CAAC;AAE3C;;;;;;;;;;GAUG;AACH,MAAM,UAAU,UAAU,CAAC,KAAa;IACtC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACzC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CACb,yDAAyD;YACvD,GAAG,UAAU,CAAC,MAAM,OAAO,UAAU,GAAG,CAC3C,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,iEAAiE;QACjE,OAAO,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,4CAA4C,IAAI,SAAS,UAAU,GAAG,CACvE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;AAClE,CAAC","sourcesContent":["/**\n * Pure helpers shared by the DMK bridge and its tests. Extracted from\n * `LedgerDmkBridge` so they can be unit-tested in isolation and reused\n * without an instance.\n *\n * @module dmk/internal-utils\n */\n\n/**\n * Strip a leading `0x` from a hex string, if present.\n *\n * @param value - The hex string (with or without `0x` prefix).\n * @returns The hex string with no `0x` prefix.\n */\nexport function stripHexPrefix(value: string): string {\n  return value.startsWith('0x') ? value.slice(2) : value;\n}\n\n/**\n * Strip the leading `m/` from a BIP-32 derivation path.\n *\n * DMK / signer-kit accepts paths without the leading `m/`.\n *\n * @param path - The BIP-32 path (e.g. `m/44'/60'/0'/0/0`).\n * @returns The path with no leading `m/`.\n */\nexport function stripPathPrefix(path: string): string {\n  return path.replace(/^m\\//u, '');\n}\n\n/**\n * Normalize a signature `v` (or any numeric/string hex-ish value) to a hex\n * string without `0x` prefix.\n *\n * @param value - The raw value (`bigint`, `number`, or hex string).\n * @returns The hex string with no `0x` prefix.\n */\nexport function toHexString(value: bigint | number | string): string {\n  if (typeof value === 'string') {\n    return stripHexPrefix(value);\n  }\n  return value.toString(16);\n}\n\nconst HEX_PAIR_REGEX = /^[0-9a-fA-F]{2}$/u;\n\n/**\n * Convert a hex string to a `Uint8Array`. Strips a leading `0x` if present.\n *\n * Throws on inputs that would silently produce wrong bytes:\n *  - odd-length strings (e.g. `'abc'`)\n *  - non-hex characters (e.g. `'zz'`)\n *\n * @param value - The hex string (with or without `0x` prefix).\n * @returns The decoded bytes.\n * @throws {Error} If the input has odd length or contains non-hex characters.\n */\nexport function hexToBytes(value: string): Uint8Array {\n  const normalized = stripHexPrefix(value);\n  if (normalized.length === 0) {\n    return Uint8Array.from([]);\n  }\n  if (normalized.length % 2 !== 0) {\n    throw new Error(\n      'Hex string must have an even number of characters (got ' +\n        `${normalized.length}): \"${normalized}\"`,\n    );\n  }\n\n  const pairs = normalized.match(/.{1,2}/gu);\n  if (!pairs) {\n    // Should be unreachable given the length check above; defensive.\n    return Uint8Array.from([]);\n  }\n\n  for (const pair of pairs) {\n    if (!HEX_PAIR_REGEX.test(pair)) {\n      throw new Error(\n        `Hex string contains non-hex characters: \"${pair}\" in \"${normalized}\"`,\n      );\n    }\n  }\n\n  return Uint8Array.from(pairs.map((pair) => parseInt(pair, 16)));\n}\n"]}