@moon-x/core 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -36,4 +36,4 @@ This package owns everything that's identical between web and mobile:
36
36
 
37
37
  ## License
38
38
 
39
- MIT.
39
+ UNLICENSED. All rights reserved.
@@ -64,6 +64,16 @@ var PostMessageMethod = {
64
64
  // begin/verify HTTP calls (where the session JWT lives).
65
65
  PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN",
66
66
  PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY",
67
+ // Passkey-asserted step-up ("presence token"). Same split as register:
68
+ // parent owns the WebAuthn API call; iframe owns the begin/verify
69
+ // HTTP halves (where the session JWT lives). Mints a short-lived
70
+ // (`tt:"presence"`) JWT app backends can verify over JWKS.
71
+ // CRITICAL: parent MUST strip response.userHandle from the assertion
72
+ // before posting PASSKEY_PRESENCE_VERIFY. The userHandle carries DEK
73
+ // material in MoonX's overloaded model and has no business reaching
74
+ // the server. The server also defensively never reads it.
75
+ PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN",
76
+ PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY",
67
77
  GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS",
68
78
  // Parent-side passkey assertion plumbing. Parent calls GET_DEK_INFO
69
79
  // to learn which credential IDs to put in allowCredentials and to
package/dist/index.d.mts CHANGED
@@ -1,4 +1,4 @@
1
- export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
1
+ export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
2
2
  export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.mjs';
3
- export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-C_99BCBh.mjs';
3
+ export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-CmgAfkOS.mjs';
4
4
  export { B as BlockExplorer, C as Chain, a as ChainLikeWithId, E as EthereumChainConfig, N as NativeCurrency, R as RpcConfig, b as RpcUrls } from './chain-C9dvKXUY.mjs';
package/dist/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
1
+ export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
2
2
  export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.js';
3
- export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-C_99BCBh.js';
3
+ export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-CmgAfkOS.js';
4
4
  export { B as BlockExplorer, C as Chain, a as ChainLikeWithId, E as EthereumChainConfig, N as NativeCurrency, R as RpcConfig, b as RpcUrls } from './chain-C9dvKXUY.js';
package/dist/index.js CHANGED
@@ -190,6 +190,16 @@ var PostMessageMethod = {
190
190
  // begin/verify HTTP calls (where the session JWT lives).
191
191
  PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN",
192
192
  PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY",
193
+ // Passkey-asserted step-up ("presence token"). Same split as register:
194
+ // parent owns the WebAuthn API call; iframe owns the begin/verify
195
+ // HTTP halves (where the session JWT lives). Mints a short-lived
196
+ // (`tt:"presence"`) JWT app backends can verify over JWKS.
197
+ // CRITICAL: parent MUST strip response.userHandle from the assertion
198
+ // before posting PASSKEY_PRESENCE_VERIFY. The userHandle carries DEK
199
+ // material in MoonX's overloaded model and has no business reaching
200
+ // the server. The server also defensively never reads it.
201
+ PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN",
202
+ PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY",
193
203
  GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS",
194
204
  // Parent-side passkey assertion plumbing. Parent calls GET_DEK_INFO
195
205
  // to learn which credential IDs to put in allowCredentials and to
package/dist/index.mjs CHANGED
@@ -14,7 +14,7 @@ import {
14
14
  PostMessageMethod,
15
15
  PostMessageServer,
16
16
  PostMessageType
17
- } from "./chunk-SOKLPX7V.mjs";
17
+ } from "./chunk-VVL65GIB.mjs";
18
18
  import {
19
19
  getMoonKeyApiUrl
20
20
  } from "./chunk-GQKIA37O.mjs";
@@ -1,4 +1,4 @@
1
- import { c as PostMessageType, a as PostMessageMethod } from './post-message-C_99BCBh.js';
1
+ import { c as PostMessageType, a as PostMessageMethod } from './post-message-CmgAfkOS.js';
2
2
 
3
3
  /**
4
4
  * Transport — the bidirectional postMessage channel between the parent
@@ -27,14 +27,26 @@ interface Transport {
27
27
  isReady(): boolean;
28
28
  }
29
29
  /**
30
- * PasskeyAssertor — runs the WebAuthn ceremony in the *parent* (where
31
- * user activation lives — cross-origin iframes/WebViews can't reliably
32
- * get their own click handler).
30
+ * PasskeyAssertor — runs the WebAuthn assertion ceremony in the *parent*
31
+ * (where user activation lives — cross-origin iframes/WebViews can't
32
+ * reliably get their own click handler).
33
33
  *
34
- * Both `assert` and `create` use empty `allowCredentials` on the
35
- * underlying API to force the discoverable-login codepath where
36
- * userHandle is REQUIRED. The userHandle bytes are the wrap key the
37
- * iframe-app uses to unwrap the DEK before signing.
34
+ * Two methods, two distinct flow shapes:
35
+ *
36
+ * - `assert` is the DEK-unwrap path: empty allowCredentials, harvests
37
+ * userHandle (= DEK wrap key in MoonX's overloaded model), consumed
38
+ * locally by the iframe-app. Never crosses the server boundary.
39
+ *
40
+ * - `assertForServer` is the server-roundtrip path (presence step-up,
41
+ * future passkey sign-in): server issues options, browser asserts,
42
+ * server verifies the signature. userHandle is stripped on the
43
+ * platform boundary (DEK hygiene) — the strip happens INSIDE the
44
+ * assertor impl, not in the orchestrator, so no caller can bypass
45
+ * it.
46
+ *
47
+ * Registration is handled separately via `@simplewebauthn/browser`'s
48
+ * `startRegistration` on web / `passkeyCreate` from
49
+ * `react-native-passkeys` on RN; this interface is assertion-only.
38
50
  */
39
51
  interface PasskeyAssertor {
40
52
  /**
@@ -58,23 +70,60 @@ interface PasskeyAssertor {
58
70
  userHandleB64url: string;
59
71
  }>;
60
72
  /**
61
- * Run a WebAuthn registration (`navigator.credentials.create` on web,
62
- * `passkeyCreate` from react-native-passkeys on RN). Used by passkey
63
- * register flows.
73
+ * Run a WebAuthn assertion for a SERVER-VERIFIED flow (presence
74
+ * step-up, future passkey sign-in). Takes a full
75
+ * `PublicKeyCredentialRequestOptionsJSON` (the server-issued
76
+ * `optionsJSON`) and returns the standard
77
+ * `AuthenticationResponseJSON` with `response.userHandle`
78
+ * **stripped** — DEK hygiene is enforced inside the impl so the
79
+ * orchestrator (and any future caller) cannot forget it.
80
+ *
81
+ * The returned object goes straight onto the wire to /presence/verify
82
+ * (or the future /login/verify). Each platform-specific impl is
83
+ * responsible for: (a) running the underlying ceremony, (b)
84
+ * shaping the result into AuthenticationResponseJSON, and (c) the
85
+ * userHandle strip.
64
86
  */
65
- create(opts: {
66
- rpId: string;
67
- rpName: string;
68
- userId: Uint8Array;
69
- userName: string;
70
- userDisplayName: string;
71
- challenge: string;
72
- excludeCredentials?: string[];
73
- }): Promise<{
74
- rawIdB64url: string;
75
- clientDataJSONB64url: string;
76
- attestationObjectB64url: string;
87
+ assertForServer(opts: {
88
+ optionsJSON: WebAuthnRequestOptions;
89
+ }): Promise<WebAuthnAssertionResponse>;
90
+ }
91
+ /**
92
+ * Subset of `PublicKeyCredentialRequestOptionsJSON` we forward to the
93
+ * platform impl. Kept loose-typed so a server adding fields doesn't
94
+ * require an interface change here.
95
+ */
96
+ interface WebAuthnRequestOptions {
97
+ challenge: string;
98
+ rpId?: string;
99
+ allowCredentials?: Array<{
100
+ id: string;
101
+ type?: string;
102
+ transports?: string[];
77
103
  }>;
104
+ userVerification?: string;
105
+ timeout?: number;
106
+ extensions?: Record<string, unknown>;
107
+ }
108
+ /**
109
+ * Standard `AuthenticationResponseJSON` shape, with `userHandle`
110
+ * deliberately optional because the assertForServer contract is that
111
+ * impls strip it before returning. The field stays in the type so a
112
+ * server-side decoder can still parse it (= undefined) without a
113
+ * union mismatch.
114
+ */
115
+ interface WebAuthnAssertionResponse {
116
+ id: string;
117
+ rawId: string;
118
+ type: string;
119
+ response: {
120
+ clientDataJSON: string;
121
+ authenticatorData: string;
122
+ signature: string;
123
+ userHandle?: undefined;
124
+ };
125
+ clientExtensionResults?: Record<string, unknown>;
126
+ authenticatorAttachment?: string;
78
127
  }
79
128
  /**
80
129
  * KvStorage — async key/value storage for ID tokens + session metadata.
@@ -117,4 +166,4 @@ interface PlatformImpls {
117
166
  oauth: OAuthOpener;
118
167
  }
119
168
 
120
- export type { KvStorage as K, OAuthOpener as O, PasskeyAssertor as P, Transport as T, PlatformImpls as a };
169
+ export type { KvStorage as K, OAuthOpener as O, PasskeyAssertor as P, Transport as T, WebAuthnAssertionResponse as W, PlatformImpls as a, WebAuthnRequestOptions as b };
@@ -1,4 +1,4 @@
1
- import { c as PostMessageType, a as PostMessageMethod } from './post-message-C_99BCBh.mjs';
1
+ import { c as PostMessageType, a as PostMessageMethod } from './post-message-CmgAfkOS.mjs';
2
2
 
3
3
  /**
4
4
  * Transport — the bidirectional postMessage channel between the parent
@@ -27,14 +27,26 @@ interface Transport {
27
27
  isReady(): boolean;
28
28
  }
29
29
  /**
30
- * PasskeyAssertor — runs the WebAuthn ceremony in the *parent* (where
31
- * user activation lives — cross-origin iframes/WebViews can't reliably
32
- * get their own click handler).
30
+ * PasskeyAssertor — runs the WebAuthn assertion ceremony in the *parent*
31
+ * (where user activation lives — cross-origin iframes/WebViews can't
32
+ * reliably get their own click handler).
33
33
  *
34
- * Both `assert` and `create` use empty `allowCredentials` on the
35
- * underlying API to force the discoverable-login codepath where
36
- * userHandle is REQUIRED. The userHandle bytes are the wrap key the
37
- * iframe-app uses to unwrap the DEK before signing.
34
+ * Two methods, two distinct flow shapes:
35
+ *
36
+ * - `assert` is the DEK-unwrap path: empty allowCredentials, harvests
37
+ * userHandle (= DEK wrap key in MoonX's overloaded model), consumed
38
+ * locally by the iframe-app. Never crosses the server boundary.
39
+ *
40
+ * - `assertForServer` is the server-roundtrip path (presence step-up,
41
+ * future passkey sign-in): server issues options, browser asserts,
42
+ * server verifies the signature. userHandle is stripped on the
43
+ * platform boundary (DEK hygiene) — the strip happens INSIDE the
44
+ * assertor impl, not in the orchestrator, so no caller can bypass
45
+ * it.
46
+ *
47
+ * Registration is handled separately via `@simplewebauthn/browser`'s
48
+ * `startRegistration` on web / `passkeyCreate` from
49
+ * `react-native-passkeys` on RN; this interface is assertion-only.
38
50
  */
39
51
  interface PasskeyAssertor {
40
52
  /**
@@ -58,23 +70,60 @@ interface PasskeyAssertor {
58
70
  userHandleB64url: string;
59
71
  }>;
60
72
  /**
61
- * Run a WebAuthn registration (`navigator.credentials.create` on web,
62
- * `passkeyCreate` from react-native-passkeys on RN). Used by passkey
63
- * register flows.
73
+ * Run a WebAuthn assertion for a SERVER-VERIFIED flow (presence
74
+ * step-up, future passkey sign-in). Takes a full
75
+ * `PublicKeyCredentialRequestOptionsJSON` (the server-issued
76
+ * `optionsJSON`) and returns the standard
77
+ * `AuthenticationResponseJSON` with `response.userHandle`
78
+ * **stripped** — DEK hygiene is enforced inside the impl so the
79
+ * orchestrator (and any future caller) cannot forget it.
80
+ *
81
+ * The returned object goes straight onto the wire to /presence/verify
82
+ * (or the future /login/verify). Each platform-specific impl is
83
+ * responsible for: (a) running the underlying ceremony, (b)
84
+ * shaping the result into AuthenticationResponseJSON, and (c) the
85
+ * userHandle strip.
64
86
  */
65
- create(opts: {
66
- rpId: string;
67
- rpName: string;
68
- userId: Uint8Array;
69
- userName: string;
70
- userDisplayName: string;
71
- challenge: string;
72
- excludeCredentials?: string[];
73
- }): Promise<{
74
- rawIdB64url: string;
75
- clientDataJSONB64url: string;
76
- attestationObjectB64url: string;
87
+ assertForServer(opts: {
88
+ optionsJSON: WebAuthnRequestOptions;
89
+ }): Promise<WebAuthnAssertionResponse>;
90
+ }
91
+ /**
92
+ * Subset of `PublicKeyCredentialRequestOptionsJSON` we forward to the
93
+ * platform impl. Kept loose-typed so a server adding fields doesn't
94
+ * require an interface change here.
95
+ */
96
+ interface WebAuthnRequestOptions {
97
+ challenge: string;
98
+ rpId?: string;
99
+ allowCredentials?: Array<{
100
+ id: string;
101
+ type?: string;
102
+ transports?: string[];
77
103
  }>;
104
+ userVerification?: string;
105
+ timeout?: number;
106
+ extensions?: Record<string, unknown>;
107
+ }
108
+ /**
109
+ * Standard `AuthenticationResponseJSON` shape, with `userHandle`
110
+ * deliberately optional because the assertForServer contract is that
111
+ * impls strip it before returning. The field stays in the type so a
112
+ * server-side decoder can still parse it (= undefined) without a
113
+ * union mismatch.
114
+ */
115
+ interface WebAuthnAssertionResponse {
116
+ id: string;
117
+ rawId: string;
118
+ type: string;
119
+ response: {
120
+ clientDataJSON: string;
121
+ authenticatorData: string;
122
+ signature: string;
123
+ userHandle?: undefined;
124
+ };
125
+ clientExtensionResults?: Record<string, unknown>;
126
+ authenticatorAttachment?: string;
78
127
  }
79
128
  /**
80
129
  * KvStorage — async key/value storage for ID tokens + session metadata.
@@ -117,4 +166,4 @@ interface PlatformImpls {
117
166
  oauth: OAuthOpener;
118
167
  }
119
168
 
120
- export type { KvStorage as K, OAuthOpener as O, PasskeyAssertor as P, Transport as T, PlatformImpls as a };
169
+ export type { KvStorage as K, OAuthOpener as O, PasskeyAssertor as P, Transport as T, WebAuthnAssertionResponse as W, PlatformImpls as a, WebAuthnRequestOptions as b };
@@ -40,6 +40,8 @@ declare const PostMessageMethod: {
40
40
  readonly DETACH_OAUTH: "DETACH_OAUTH";
41
41
  readonly PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN";
42
42
  readonly PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY";
43
+ readonly PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN";
44
+ readonly PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY";
43
45
  readonly GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS";
44
46
  readonly GET_DEK_INFO: "GET_DEK_INFO";
45
47
  readonly ADD_PASSKEY_WRAP: "ADD_PASSKEY_WRAP";
@@ -40,6 +40,8 @@ declare const PostMessageMethod: {
40
40
  readonly DETACH_OAUTH: "DETACH_OAUTH";
41
41
  readonly PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN";
42
42
  readonly PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY";
43
+ readonly PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN";
44
+ readonly PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY";
43
45
  readonly GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS";
44
46
  readonly GET_DEK_INFO: "GET_DEK_INFO";
45
47
  readonly ADD_PASSKEY_WRAP: "ADD_PASSKEY_WRAP";
@@ -16,6 +16,7 @@ interface MoonKeyHookSDK {
16
16
  isAuthenticated?: boolean;
17
17
  ready?: boolean;
18
18
  refreshUser?: () => Promise<unknown>;
19
+ revalidatedAt?: number;
19
20
  signEthereumMessageHeadless: (params: unknown) => Promise<unknown>;
20
21
  signEthereumTransactionHeadless: (params: unknown) => Promise<unknown>;
21
22
  signEthereumTypedDataHeadless: (params: unknown) => Promise<unknown>;
@@ -16,6 +16,7 @@ interface MoonKeyHookSDK {
16
16
  isAuthenticated?: boolean;
17
17
  ready?: boolean;
18
18
  refreshUser?: () => Promise<unknown>;
19
+ revalidatedAt?: number;
19
20
  signEthereumMessageHeadless: (params: unknown) => Promise<unknown>;
20
21
  signEthereumTransactionHeadless: (params: unknown) => Promise<unknown>;
21
22
  signEthereumTypedDataHeadless: (params: unknown) => Promise<unknown>;
@@ -174,6 +174,7 @@ var useWallets = (walletType) => {
174
174
  const [loading, setLoading] = (0, import_react5.useState)(false);
175
175
  const [error, setError] = (0, import_react5.useState)(null);
176
176
  const isAuthenticated = !!sdk.isAuthenticated;
177
+ const revalidatedAt = sdk.revalidatedAt ?? 0;
177
178
  const refresh = (0, import_react5.useCallback)(async () => {
178
179
  setLoading(true);
179
180
  setError(null);
@@ -192,7 +193,7 @@ var useWallets = (walletType) => {
192
193
  return;
193
194
  }
194
195
  refresh();
195
- }, [isAuthenticated, refresh]);
196
+ }, [isAuthenticated, revalidatedAt, refresh]);
196
197
  return { wallets, loading, error, refresh, refetch: refresh };
197
198
  };
198
199
 
@@ -123,6 +123,7 @@ var useWallets = (walletType) => {
123
123
  const [loading, setLoading] = useState4(false);
124
124
  const [error, setError] = useState4(null);
125
125
  const isAuthenticated = !!sdk.isAuthenticated;
126
+ const revalidatedAt = sdk.revalidatedAt ?? 0;
126
127
  const refresh = useCallback4(async () => {
127
128
  setLoading(true);
128
129
  setError(null);
@@ -141,7 +142,7 @@ var useWallets = (walletType) => {
141
142
  return;
142
143
  }
143
144
  refresh();
144
- }, [isAuthenticated, refresh]);
145
+ }, [isAuthenticated, revalidatedAt, refresh]);
145
146
  return { wallets, loading, error, refresh, refetch: refresh };
146
147
  };
147
148
 
@@ -1,18 +1,30 @@
1
- import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-fNhwnCeY.mjs';
2
- export { O as OAuthOpener, a as PlatformImpls } from '../interfaces-fNhwnCeY.mjs';
1
+ import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-CYtJHALV.mjs';
2
+ export { O as OAuthOpener, a as PlatformImpls, W as WebAuthnAssertionResponse, b as WebAuthnRequestOptions } from '../interfaces-CYtJHALV.mjs';
3
3
  import { C as CachedAssertion } from '../passkey-cache-B9PT3AWX.mjs';
4
- import { EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSendTransactionParams, EthereumSendTransactionResult, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, PublicWallet } from '../types/index.mjs';
5
- import '../post-message-C_99BCBh.mjs';
4
+ import { EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSendTransactionParams, EthereumSendTransactionResult, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SendEmailOtpResponse, PublicWallet } from '../types/index.mjs';
5
+ import '../post-message-CmgAfkOS.mjs';
6
6
  import '../chain-C9dvKXUY.mjs';
7
7
 
8
8
  type AssertPasskeyInParentResult = CachedAssertion;
9
- declare const assertPasskeyInParent: ({ transport, passkey, publishableKey, requireFreshAssertion, }: {
9
+ declare const assertPasskeyInParent: ({ transport, passkey, publishableKey, requireFreshAssertion, validateCredentialInAllowList, }: {
10
10
  transport: Transport;
11
11
  passkey: PasskeyAssertor;
12
12
  publishableKey: string;
13
13
  requireFreshAssertion?: boolean;
14
+ validateCredentialInAllowList?: boolean;
14
15
  }) => Promise<AssertPasskeyInParentResult>;
15
16
 
17
+ interface GetPresenceTokenResult {
18
+ presenceToken: string;
19
+ expiresAt: number;
20
+ }
21
+ declare const getPresenceToken: ({ transport, passkey, publishableKey, relyingPartyOrigin, }: {
22
+ transport: Transport;
23
+ passkey: PasskeyAssertor;
24
+ publishableKey: string;
25
+ relyingPartyOrigin: string;
26
+ }) => Promise<GetPresenceTokenResult>;
27
+
16
28
  declare const getHeadlessEthereumMethods: ({ transport, passkey, publishableKey, }: {
17
29
  transport: Transport;
18
30
  passkey: PasskeyAssertor;
@@ -59,17 +71,19 @@ interface VerifyOAuthParams {
59
71
  token?: string;
60
72
  state?: string;
61
73
  }
62
- declare const getHeadlessAuthenticationMethods: ({ transport, publishableKey, emailConfig, setIsAuthenticated, setUser, }: {
74
+ declare const getHeadlessAuthenticationMethods: ({ transport, publishableKey, setIsAuthenticated, setUser, }: {
63
75
  transport: Transport;
64
76
  publishableKey: string;
65
- emailConfig?: {
66
- expiresIn?: number;
67
- };
68
77
  setIsAuthenticated?: (isAuth: boolean) => void;
69
78
  setUser?: (user: unknown | null) => void;
70
79
  }) => {
71
- /** Send a one-time passcode to the user's email address. */
72
- sendCode: (params: SendCodeParams) => Promise<void>;
80
+ /**
81
+ * Send a one-time passcode to the user's email address. Returns the
82
+ * server's response — most importantly `expires_at` (unix seconds),
83
+ * which the UI uses to render a countdown that cannot drift from the
84
+ * authoritative server-side TTL.
85
+ */
86
+ sendCode: (params: SendCodeParams) => Promise<SendEmailOtpResponse>;
73
87
  /**
74
88
  * Verify the OTP and complete the login. The iframe-app handles
75
89
  * session persistence; on success the SDK flips isAuthenticated and
@@ -123,4 +137,4 @@ declare const getHeadlessGeneralMethods: ({ transport, passkey, storage, publish
123
137
  getUser: () => Promise<unknown>;
124
138
  };
125
139
 
126
- export { type AssertPasskeyInParentResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods };
140
+ export { type AssertPasskeyInParentResult, type GetPresenceTokenResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods, getPresenceToken };
@@ -1,18 +1,30 @@
1
- import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-9k0eKCc4.js';
2
- export { O as OAuthOpener, a as PlatformImpls } from '../interfaces-9k0eKCc4.js';
1
+ import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-Bm7fGOAI.js';
2
+ export { O as OAuthOpener, a as PlatformImpls, W as WebAuthnAssertionResponse, b as WebAuthnRequestOptions } from '../interfaces-Bm7fGOAI.js';
3
3
  import { C as CachedAssertion } from '../passkey-cache-B9PT3AWX.js';
4
- import { EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSendTransactionParams, EthereumSendTransactionResult, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, PublicWallet } from '../types/index.js';
5
- import '../post-message-C_99BCBh.js';
4
+ import { EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSendTransactionParams, EthereumSendTransactionResult, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SendEmailOtpResponse, PublicWallet } from '../types/index.js';
5
+ import '../post-message-CmgAfkOS.js';
6
6
  import '../chain-C9dvKXUY.js';
7
7
 
8
8
  type AssertPasskeyInParentResult = CachedAssertion;
9
- declare const assertPasskeyInParent: ({ transport, passkey, publishableKey, requireFreshAssertion, }: {
9
+ declare const assertPasskeyInParent: ({ transport, passkey, publishableKey, requireFreshAssertion, validateCredentialInAllowList, }: {
10
10
  transport: Transport;
11
11
  passkey: PasskeyAssertor;
12
12
  publishableKey: string;
13
13
  requireFreshAssertion?: boolean;
14
+ validateCredentialInAllowList?: boolean;
14
15
  }) => Promise<AssertPasskeyInParentResult>;
15
16
 
17
+ interface GetPresenceTokenResult {
18
+ presenceToken: string;
19
+ expiresAt: number;
20
+ }
21
+ declare const getPresenceToken: ({ transport, passkey, publishableKey, relyingPartyOrigin, }: {
22
+ transport: Transport;
23
+ passkey: PasskeyAssertor;
24
+ publishableKey: string;
25
+ relyingPartyOrigin: string;
26
+ }) => Promise<GetPresenceTokenResult>;
27
+
16
28
  declare const getHeadlessEthereumMethods: ({ transport, passkey, publishableKey, }: {
17
29
  transport: Transport;
18
30
  passkey: PasskeyAssertor;
@@ -59,17 +71,19 @@ interface VerifyOAuthParams {
59
71
  token?: string;
60
72
  state?: string;
61
73
  }
62
- declare const getHeadlessAuthenticationMethods: ({ transport, publishableKey, emailConfig, setIsAuthenticated, setUser, }: {
74
+ declare const getHeadlessAuthenticationMethods: ({ transport, publishableKey, setIsAuthenticated, setUser, }: {
63
75
  transport: Transport;
64
76
  publishableKey: string;
65
- emailConfig?: {
66
- expiresIn?: number;
67
- };
68
77
  setIsAuthenticated?: (isAuth: boolean) => void;
69
78
  setUser?: (user: unknown | null) => void;
70
79
  }) => {
71
- /** Send a one-time passcode to the user's email address. */
72
- sendCode: (params: SendCodeParams) => Promise<void>;
80
+ /**
81
+ * Send a one-time passcode to the user's email address. Returns the
82
+ * server's response — most importantly `expires_at` (unix seconds),
83
+ * which the UI uses to render a countdown that cannot drift from the
84
+ * authoritative server-side TTL.
85
+ */
86
+ sendCode: (params: SendCodeParams) => Promise<SendEmailOtpResponse>;
73
87
  /**
74
88
  * Verify the OTP and complete the login. The iframe-app handles
75
89
  * session persistence; on success the SDK flips isAuthenticated and
@@ -123,4 +137,4 @@ declare const getHeadlessGeneralMethods: ({ transport, passkey, storage, publish
123
137
  getUser: () => Promise<unknown>;
124
138
  };
125
139
 
126
- export { type AssertPasskeyInParentResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods };
140
+ export { type AssertPasskeyInParentResult, type GetPresenceTokenResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods, getPresenceToken };