@moon-x/core 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/README.md +2 -2
  2. package/dist/{chunk-CDT4MC7S.mjs → chunk-6LTEG7VN.mjs} +0 -39
  3. package/dist/{chunk-SOKLPX7V.mjs → chunk-VVL65GIB.mjs} +10 -0
  4. package/dist/index.d.mts +2 -2
  5. package/dist/index.d.ts +2 -2
  6. package/dist/index.js +10 -0
  7. package/dist/index.mjs +1 -1
  8. package/dist/interfaces-cdKh3sLA.d.mts +192 -0
  9. package/dist/interfaces-pNTEOKaK.d.ts +192 -0
  10. package/dist/lib/index.d.mts +1 -1
  11. package/dist/lib/index.d.ts +1 -1
  12. package/dist/lib/index.js +2 -47
  13. package/dist/lib/index.mjs +3 -15
  14. package/dist/passkey-cache-WnDFQ-v4.d.mts +26 -0
  15. package/dist/passkey-cache-WnDFQ-v4.d.ts +26 -0
  16. package/dist/{post-message-C_99BCBh.d.mts → post-message-CmgAfkOS.d.mts} +2 -0
  17. package/dist/{post-message-C_99BCBh.d.ts → post-message-CmgAfkOS.d.ts} +2 -0
  18. package/dist/react/index.d.mts +1 -0
  19. package/dist/react/index.d.ts +1 -0
  20. package/dist/react/index.js +2 -1
  21. package/dist/react/index.mjs +3 -2
  22. package/dist/sdk/index.d.mts +52 -21
  23. package/dist/sdk/index.d.ts +52 -21
  24. package/dist/sdk/index.js +252 -102
  25. package/dist/sdk/index.mjs +241 -80
  26. package/dist/types/index.d.mts +19 -12
  27. package/dist/types/index.d.ts +19 -12
  28. package/dist/utils/index.d.mts +1 -1
  29. package/dist/utils/index.d.ts +1 -1
  30. package/dist/utils/index.js +10 -0
  31. package/dist/utils/index.mjs +1 -1
  32. package/dist/web/index.d.mts +2 -2
  33. package/dist/web/index.d.ts +2 -2
  34. package/dist/web/index.js +50 -114
  35. package/dist/web/index.mjs +51 -58
  36. package/package.json +6 -2
  37. package/dist/interfaces-9k0eKCc4.d.ts +0 -120
  38. package/dist/interfaces-fNhwnCeY.d.mts +0 -120
  39. package/dist/passkey-cache-B9PT3AWX.d.mts +0 -47
  40. package/dist/passkey-cache-B9PT3AWX.d.ts +0 -47
package/README.md CHANGED
@@ -18,7 +18,7 @@ This package owns everything that's identical between web and mobile:
18
18
  - **Headless SDK factories** (`@moon-x/core/sdk`) — platform-agnostic implementations of `signMessage`, `signTransaction`, `sendTransaction`, etc. that take a `Transport` + `PasskeyAssertor` + `KvStorage` via DI. Web and RN both wire their platform impls into these factories.
19
19
  - **Web platform impls** (`@moon-x/core/web`) — `createIframeTransport`, `createWebAuthnPasskey`, `createLocalStorageKv`. React-native has its own equivalents inside `@moon-x/react-native-sdk/platform/*`.
20
20
  - **Shared React hooks** (`@moon-x/core/react`) — hooks that run identically on web + RN (`useUser`, `useWallets`, `useLogout`, `useLoginWithEmail`, `usePasskeyStatus`, `useAddPasskey`, `useRemovePasskey`, `useCreateWallet`, `useImportKey`, plus per-chain hooks under `@moon-x/core/react/ethereum` and `@moon-x/core/react/solana`). The platform SDKs re-export these directly so consumers never import from core.
21
- - **Pure utilities** (`@moon-x/core/lib`) — EVM chain/gas helpers (`getEvmGasPrice`, `estimateEvmGas`, `getEvmNonce`, `chains`), `prepareEvmSignTransaction` / `prepareEvmSendTransaction` (chain + RPC + nonce/gas/fee auto-fill), SIWE/SIWS message builders, passkey codec + cache (safe-by-default TTL=0; integrator opts in via `setAssertCacheTtlMs`) + AAGUID registry, Solana transaction log parser, etc.
21
+ - **Pure utilities** (`@moon-x/core/lib`) — EVM chain/gas helpers (`getEvmGasPrice`, `estimateEvmGas`, `getEvmNonce`, `chains`), `prepareEvmSignTransaction` / `prepareEvmSendTransaction` (chain + RPC + nonce/gas/fee auto-fill), SIWE/SIWS message builders, passkey codec + `generatePasskeyUserId`, AAGUID registry, Solana transaction log parser, etc. (The parent-side passkey-assertion cache was removed in Phase 4 of the presence-token gating work every sensitive op now mints scope-bound single-use tokens via `getInternalPresenceTokens`.)
22
22
 
23
23
  ## Subpath exports
24
24
 
@@ -36,4 +36,4 @@ This package owns everything that's identical between web and mobile:
36
36
 
37
37
  ## License
38
38
 
39
- MIT.
39
+ UNLICENSED. All rights reserved.
@@ -100,39 +100,6 @@ var toB64url = (bytes) => {
100
100
  };
101
101
 
102
102
  // src/lib/passkey/passkey-cache.ts
103
- var cacheTtlMs = 0;
104
- var cache = null;
105
- var setAssertCacheTtlMs = (ms) => {
106
- cacheTtlMs = Math.max(0, Math.floor(ms));
107
- if (cacheTtlMs === 0) {
108
- cache = null;
109
- }
110
- };
111
- var getAssertCacheTtlMs = () => cacheTtlMs;
112
- var clearParentAssertCache = () => {
113
- cache = null;
114
- };
115
- var readParentAssertCache = () => {
116
- if (cacheTtlMs <= 0) return null;
117
- if (!cache) return null;
118
- if (Date.now() - cache.ts >= cacheTtlMs) return null;
119
- return {
120
- userHandleB64url: cache.userHandleB64url,
121
- credentialIdB64url: cache.credentialIdB64url
122
- };
123
- };
124
- var writeParentAssertCache = (entry) => {
125
- if (cacheTtlMs <= 0) return;
126
- cache = { ...entry, ts: Date.now() };
127
- };
128
- var withClearOnFailure = async (fn) => {
129
- try {
130
- return await fn();
131
- } catch (error) {
132
- clearParentAssertCache();
133
- throw error;
134
- }
135
- };
136
103
  var generatePasskeyUserId = () => {
137
104
  const bytes = crypto.getRandomValues(new Uint8Array(32));
138
105
  return { userIdB64url: toB64url(bytes), userIdBytes: bytes };
@@ -1492,12 +1459,6 @@ export {
1492
1459
  verifyIdToken,
1493
1460
  fromB64url,
1494
1461
  toB64url,
1495
- setAssertCacheTtlMs,
1496
- getAssertCacheTtlMs,
1497
- clearParentAssertCache,
1498
- readParentAssertCache,
1499
- writeParentAssertCache,
1500
- withClearOnFailure,
1501
1462
  generatePasskeyUserId,
1502
1463
  formatPasskeyLabel,
1503
1464
  resolvePasskeyMetadata,
@@ -64,6 +64,16 @@ var PostMessageMethod = {
64
64
  // begin/verify HTTP calls (where the session JWT lives).
65
65
  PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN",
66
66
  PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY",
67
+ // Passkey-asserted step-up ("presence token"). Same split as register:
68
+ // parent owns the WebAuthn API call; iframe owns the begin/verify
69
+ // HTTP halves (where the session JWT lives). Mints a short-lived
70
+ // (`tt:"presence"`) JWT app backends can verify over JWKS.
71
+ // CRITICAL: parent MUST strip response.userHandle from the assertion
72
+ // before posting PASSKEY_PRESENCE_VERIFY. The userHandle carries DEK
73
+ // material in MoonX's overloaded model and has no business reaching
74
+ // the server. The server also defensively never reads it.
75
+ PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN",
76
+ PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY",
67
77
  GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS",
68
78
  // Parent-side passkey assertion plumbing. Parent calls GET_DEK_INFO
69
79
  // to learn which credential IDs to put in allowCredentials and to
package/dist/index.d.mts CHANGED
@@ -1,4 +1,4 @@
1
- export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
1
+ export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
2
2
  export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.mjs';
3
- export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-C_99BCBh.mjs';
3
+ export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-CmgAfkOS.mjs';
4
4
  export { B as BlockExplorer, C as Chain, a as ChainLikeWithId, E as EthereumChainConfig, N as NativeCurrency, R as RpcConfig, b as RpcUrls } from './chain-C9dvKXUY.mjs';
package/dist/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
1
+ export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
2
2
  export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.js';
3
- export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-C_99BCBh.js';
3
+ export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-CmgAfkOS.js';
4
4
  export { B as BlockExplorer, C as Chain, a as ChainLikeWithId, E as EthereumChainConfig, N as NativeCurrency, R as RpcConfig, b as RpcUrls } from './chain-C9dvKXUY.js';
package/dist/index.js CHANGED
@@ -190,6 +190,16 @@ var PostMessageMethod = {
190
190
  // begin/verify HTTP calls (where the session JWT lives).
191
191
  PASSKEY_REGISTER_BEGIN: "PASSKEY_REGISTER_BEGIN",
192
192
  PASSKEY_REGISTER_VERIFY: "PASSKEY_REGISTER_VERIFY",
193
+ // Passkey-asserted step-up ("presence token"). Same split as register:
194
+ // parent owns the WebAuthn API call; iframe owns the begin/verify
195
+ // HTTP halves (where the session JWT lives). Mints a short-lived
196
+ // (`tt:"presence"`) JWT app backends can verify over JWKS.
197
+ // CRITICAL: parent MUST strip response.userHandle from the assertion
198
+ // before posting PASSKEY_PRESENCE_VERIFY. The userHandle carries DEK
199
+ // material in MoonX's overloaded model and has no business reaching
200
+ // the server. The server also defensively never reads it.
201
+ PASSKEY_PRESENCE_BEGIN: "PASSKEY_PRESENCE_BEGIN",
202
+ PASSKEY_PRESENCE_VERIFY: "PASSKEY_PRESENCE_VERIFY",
193
203
  GET_PASSKEY_STATUS: "GET_PASSKEY_STATUS",
194
204
  // Parent-side passkey assertion plumbing. Parent calls GET_DEK_INFO
195
205
  // to learn which credential IDs to put in allowCredentials and to
package/dist/index.mjs CHANGED
@@ -14,7 +14,7 @@ import {
14
14
  PostMessageMethod,
15
15
  PostMessageServer,
16
16
  PostMessageType
17
- } from "./chunk-SOKLPX7V.mjs";
17
+ } from "./chunk-VVL65GIB.mjs";
18
18
  import {
19
19
  getMoonKeyApiUrl
20
20
  } from "./chunk-GQKIA37O.mjs";
@@ -0,0 +1,192 @@
1
+ import { c as PostMessageType, a as PostMessageMethod } from './post-message-CmgAfkOS.mjs';
2
+
3
+ /**
4
+ * Transport — the bidirectional postMessage channel between the parent
5
+ * (web SDK or RN SDK) and the iframe-app. Web wraps
6
+ * `createPostMessageClient(iframeRef.current.contentWindow, ...)`; RN
7
+ * wraps a `WebViewBridge` over react-native-webview.
8
+ *
9
+ * `send` resolves with the iframe handler's raw return value and rejects
10
+ * with the handler's thrown error (canonical envelope, no
11
+ * {success, data} unwrap at the call site).
12
+ */
13
+ interface Transport {
14
+ send<P, R>(type: PostMessageType, method: PostMessageMethod, payload: P): Promise<R>;
15
+ /**
16
+ * Register a handler for inbound messages from the iframe-app. Only
17
+ * needed by the parent-side `*WithUI` flow path, where the modal
18
+ * postMessages a result back that the SDK's pending Promise needs to
19
+ * resolve. Returns an unregister fn.
20
+ */
21
+ register?<P, R>(type: PostMessageType, method: PostMessageMethod, handler: (payload: P) => Promise<R> | R): () => void;
22
+ /**
23
+ * Whether the underlying iframe / WebView is loaded and ready to
24
+ * receive messages. SDK methods short-circuit with "SDK not ready"
25
+ * before calling `send` if this returns false.
26
+ */
27
+ isReady(): boolean;
28
+ }
29
+ /**
30
+ * PasskeyAssertor — runs the WebAuthn assertion ceremony in the *parent*
31
+ * (where user activation lives — cross-origin iframes/WebViews can't
32
+ * reliably get their own click handler).
33
+ *
34
+ * Two methods, two distinct flow shapes:
35
+ *
36
+ * - `assert` is the DEK-unwrap path: empty allowCredentials, harvests
37
+ * userHandle (= DEK wrap key in MoonX's overloaded model), consumed
38
+ * locally by the iframe-app. Never crosses the server boundary.
39
+ *
40
+ * - `assertForServer` is the server-roundtrip path (presence step-up,
41
+ * future passkey sign-in): server issues options, browser asserts,
42
+ * server verifies the signature. userHandle is stripped on the
43
+ * platform boundary (DEK hygiene) — the strip happens INSIDE the
44
+ * assertor impl, not in the orchestrator, so no caller can bypass
45
+ * it.
46
+ *
47
+ * Registration is handled separately via `@simplewebauthn/browser`'s
48
+ * `startRegistration` on web / `passkeyCreate` from
49
+ * `react-native-passkeys` on RN; this interface is assertion-only.
50
+ */
51
+ interface PasskeyAssertor {
52
+ /**
53
+ * Run a WebAuthn assertion (`navigator.credentials.get` on web,
54
+ * `passkeyGet` from react-native-passkeys on RN). Returns the
55
+ * platform-decoded base64url forms of the credential id and userHandle.
56
+ */
57
+ assert(opts: {
58
+ rpId: string;
59
+ challenge: string;
60
+ /**
61
+ * The wire `allow_credential_ids_b64url` list from GET_DEK_INFO,
62
+ * passed through for platforms that want to use it. Note both
63
+ * platforms today pass an empty array to the underlying API; this
64
+ * field is informational only (e.g. for telemetry or for a future
65
+ * platform that prefers non-discoverable login).
66
+ */
67
+ allowCredentials: string[];
68
+ }): Promise<{
69
+ rawIdB64url: string;
70
+ userHandleB64url: string;
71
+ }>;
72
+ /**
73
+ * Run a WebAuthn assertion for a SERVER-VERIFIED flow (presence
74
+ * step-up, future passkey sign-in). Takes a full
75
+ * `PublicKeyCredentialRequestOptionsJSON` (the server-issued
76
+ * `optionsJSON`) and returns the standard
77
+ * `AuthenticationResponseJSON` with `response.userHandle`
78
+ * **stripped** — DEK hygiene is enforced inside the impl so the
79
+ * orchestrator (and any future caller) cannot forget it.
80
+ *
81
+ * The returned object goes straight onto the wire to /presence/verify
82
+ * (or the future /login/verify). Each platform-specific impl is
83
+ * responsible for: (a) running the underlying ceremony, (b)
84
+ * shaping the result into AuthenticationResponseJSON, and (c) the
85
+ * userHandle strip.
86
+ */
87
+ assertForServer(opts: {
88
+ optionsJSON: WebAuthnRequestOptions;
89
+ }): Promise<WebAuthnAssertionResponse>;
90
+ /**
91
+ * Internal-use variant of assertForServer. Runs the same WebAuthn
92
+ * ceremony and returns the same sanitized assertion (userHandle
93
+ * stripped on the platform boundary), but ALSO surfaces the
94
+ * captured userHandle + credential id separately for the SDK
95
+ * orchestrator's downstream postMessage payload — the iframe needs
96
+ * the userHandle bytes to do AES-GCM unwrap of the DEK after the
97
+ * presence ceremony mints the scoped tokens.
98
+ *
99
+ * DEK hygiene boundary: the sanitized `response` field still has
100
+ * `response.userHandle === undefined`. The separate
101
+ * `userHandleB64url` field stays inside the orchestrator and is
102
+ * postMessaged to the iframe — never sent over the network to the
103
+ * presence-verify server call. The strip is enforced by the impl;
104
+ * the separate surfacing is opt-in via this method.
105
+ */
106
+ assertForInternalPresence(opts: {
107
+ optionsJSON: WebAuthnRequestOptions;
108
+ }): Promise<{
109
+ response: WebAuthnAssertionResponse;
110
+ userHandleB64url: string;
111
+ credentialIdB64url: string;
112
+ }>;
113
+ }
114
+ /**
115
+ * Subset of `PublicKeyCredentialRequestOptionsJSON` we forward to the
116
+ * platform impl. Kept loose-typed so a server adding fields doesn't
117
+ * require an interface change here.
118
+ */
119
+ interface WebAuthnRequestOptions {
120
+ challenge: string;
121
+ rpId?: string;
122
+ allowCredentials?: Array<{
123
+ id: string;
124
+ type?: string;
125
+ transports?: string[];
126
+ }>;
127
+ userVerification?: string;
128
+ timeout?: number;
129
+ extensions?: Record<string, unknown>;
130
+ }
131
+ /**
132
+ * Standard `AuthenticationResponseJSON` shape, with `userHandle`
133
+ * deliberately optional because the assertForServer contract is that
134
+ * impls strip it before returning. The field stays in the type so a
135
+ * server-side decoder can still parse it (= undefined) without a
136
+ * union mismatch.
137
+ */
138
+ interface WebAuthnAssertionResponse {
139
+ id: string;
140
+ rawId: string;
141
+ type: string;
142
+ response: {
143
+ clientDataJSON: string;
144
+ authenticatorData: string;
145
+ signature: string;
146
+ userHandle?: undefined;
147
+ };
148
+ clientExtensionResults?: Record<string, unknown>;
149
+ authenticatorAttachment?: string;
150
+ }
151
+ /**
152
+ * KvStorage — async key/value storage for ID tokens + session metadata.
153
+ * Web wraps `localStorage` (sync, lifted to a resolved Promise); RN
154
+ * wraps `@react-native-async-storage/async-storage` (natively async).
155
+ *
156
+ * Always async at the interface to unify both platforms.
157
+ */
158
+ interface KvStorage {
159
+ get(key: string): Promise<string | null>;
160
+ set(key: string, value: string): Promise<void>;
161
+ remove(key: string): Promise<void>;
162
+ }
163
+ /**
164
+ * OAuthOpener — start an OAuth authorize request and wait for the
165
+ * provider redirect to return with `code` + `state`. Web uses a
166
+ * full-page redirect or popup (completion picked up by
167
+ * `useOAuthCompletion` listening for postMessages); RN uses
168
+ * `expo-web-browser.openAuthSessionAsync` (single Promise resolves on
169
+ * deep-link callback).
170
+ */
171
+ interface OAuthOpener {
172
+ open(opts: {
173
+ authorizeUrl: string;
174
+ redirectUrl: string;
175
+ }): Promise<{
176
+ code: string;
177
+ state: string;
178
+ }>;
179
+ }
180
+ /**
181
+ * The bundle of platform impls that the SDK factories accept. Provider
182
+ * components on each platform construct one of these once and pass it
183
+ * through to the factories.
184
+ */
185
+ interface PlatformImpls {
186
+ transport: Transport;
187
+ passkey: PasskeyAssertor;
188
+ storage: KvStorage;
189
+ oauth: OAuthOpener;
190
+ }
191
+
192
+ export type { KvStorage as K, OAuthOpener as O, PasskeyAssertor as P, Transport as T, WebAuthnAssertionResponse as W, PlatformImpls as a, WebAuthnRequestOptions as b };
@@ -0,0 +1,192 @@
1
+ import { c as PostMessageType, a as PostMessageMethod } from './post-message-CmgAfkOS.js';
2
+
3
+ /**
4
+ * Transport — the bidirectional postMessage channel between the parent
5
+ * (web SDK or RN SDK) and the iframe-app. Web wraps
6
+ * `createPostMessageClient(iframeRef.current.contentWindow, ...)`; RN
7
+ * wraps a `WebViewBridge` over react-native-webview.
8
+ *
9
+ * `send` resolves with the iframe handler's raw return value and rejects
10
+ * with the handler's thrown error (canonical envelope, no
11
+ * {success, data} unwrap at the call site).
12
+ */
13
+ interface Transport {
14
+ send<P, R>(type: PostMessageType, method: PostMessageMethod, payload: P): Promise<R>;
15
+ /**
16
+ * Register a handler for inbound messages from the iframe-app. Only
17
+ * needed by the parent-side `*WithUI` flow path, where the modal
18
+ * postMessages a result back that the SDK's pending Promise needs to
19
+ * resolve. Returns an unregister fn.
20
+ */
21
+ register?<P, R>(type: PostMessageType, method: PostMessageMethod, handler: (payload: P) => Promise<R> | R): () => void;
22
+ /**
23
+ * Whether the underlying iframe / WebView is loaded and ready to
24
+ * receive messages. SDK methods short-circuit with "SDK not ready"
25
+ * before calling `send` if this returns false.
26
+ */
27
+ isReady(): boolean;
28
+ }
29
+ /**
30
+ * PasskeyAssertor — runs the WebAuthn assertion ceremony in the *parent*
31
+ * (where user activation lives — cross-origin iframes/WebViews can't
32
+ * reliably get their own click handler).
33
+ *
34
+ * Two methods, two distinct flow shapes:
35
+ *
36
+ * - `assert` is the DEK-unwrap path: empty allowCredentials, harvests
37
+ * userHandle (= DEK wrap key in MoonX's overloaded model), consumed
38
+ * locally by the iframe-app. Never crosses the server boundary.
39
+ *
40
+ * - `assertForServer` is the server-roundtrip path (presence step-up,
41
+ * future passkey sign-in): server issues options, browser asserts,
42
+ * server verifies the signature. userHandle is stripped on the
43
+ * platform boundary (DEK hygiene) — the strip happens INSIDE the
44
+ * assertor impl, not in the orchestrator, so no caller can bypass
45
+ * it.
46
+ *
47
+ * Registration is handled separately via `@simplewebauthn/browser`'s
48
+ * `startRegistration` on web / `passkeyCreate` from
49
+ * `react-native-passkeys` on RN; this interface is assertion-only.
50
+ */
51
+ interface PasskeyAssertor {
52
+ /**
53
+ * Run a WebAuthn assertion (`navigator.credentials.get` on web,
54
+ * `passkeyGet` from react-native-passkeys on RN). Returns the
55
+ * platform-decoded base64url forms of the credential id and userHandle.
56
+ */
57
+ assert(opts: {
58
+ rpId: string;
59
+ challenge: string;
60
+ /**
61
+ * The wire `allow_credential_ids_b64url` list from GET_DEK_INFO,
62
+ * passed through for platforms that want to use it. Note both
63
+ * platforms today pass an empty array to the underlying API; this
64
+ * field is informational only (e.g. for telemetry or for a future
65
+ * platform that prefers non-discoverable login).
66
+ */
67
+ allowCredentials: string[];
68
+ }): Promise<{
69
+ rawIdB64url: string;
70
+ userHandleB64url: string;
71
+ }>;
72
+ /**
73
+ * Run a WebAuthn assertion for a SERVER-VERIFIED flow (presence
74
+ * step-up, future passkey sign-in). Takes a full
75
+ * `PublicKeyCredentialRequestOptionsJSON` (the server-issued
76
+ * `optionsJSON`) and returns the standard
77
+ * `AuthenticationResponseJSON` with `response.userHandle`
78
+ * **stripped** — DEK hygiene is enforced inside the impl so the
79
+ * orchestrator (and any future caller) cannot forget it.
80
+ *
81
+ * The returned object goes straight onto the wire to /presence/verify
82
+ * (or the future /login/verify). Each platform-specific impl is
83
+ * responsible for: (a) running the underlying ceremony, (b)
84
+ * shaping the result into AuthenticationResponseJSON, and (c) the
85
+ * userHandle strip.
86
+ */
87
+ assertForServer(opts: {
88
+ optionsJSON: WebAuthnRequestOptions;
89
+ }): Promise<WebAuthnAssertionResponse>;
90
+ /**
91
+ * Internal-use variant of assertForServer. Runs the same WebAuthn
92
+ * ceremony and returns the same sanitized assertion (userHandle
93
+ * stripped on the platform boundary), but ALSO surfaces the
94
+ * captured userHandle + credential id separately for the SDK
95
+ * orchestrator's downstream postMessage payload — the iframe needs
96
+ * the userHandle bytes to do AES-GCM unwrap of the DEK after the
97
+ * presence ceremony mints the scoped tokens.
98
+ *
99
+ * DEK hygiene boundary: the sanitized `response` field still has
100
+ * `response.userHandle === undefined`. The separate
101
+ * `userHandleB64url` field stays inside the orchestrator and is
102
+ * postMessaged to the iframe — never sent over the network to the
103
+ * presence-verify server call. The strip is enforced by the impl;
104
+ * the separate surfacing is opt-in via this method.
105
+ */
106
+ assertForInternalPresence(opts: {
107
+ optionsJSON: WebAuthnRequestOptions;
108
+ }): Promise<{
109
+ response: WebAuthnAssertionResponse;
110
+ userHandleB64url: string;
111
+ credentialIdB64url: string;
112
+ }>;
113
+ }
114
+ /**
115
+ * Subset of `PublicKeyCredentialRequestOptionsJSON` we forward to the
116
+ * platform impl. Kept loose-typed so a server adding fields doesn't
117
+ * require an interface change here.
118
+ */
119
+ interface WebAuthnRequestOptions {
120
+ challenge: string;
121
+ rpId?: string;
122
+ allowCredentials?: Array<{
123
+ id: string;
124
+ type?: string;
125
+ transports?: string[];
126
+ }>;
127
+ userVerification?: string;
128
+ timeout?: number;
129
+ extensions?: Record<string, unknown>;
130
+ }
131
+ /**
132
+ * Standard `AuthenticationResponseJSON` shape, with `userHandle`
133
+ * deliberately optional because the assertForServer contract is that
134
+ * impls strip it before returning. The field stays in the type so a
135
+ * server-side decoder can still parse it (= undefined) without a
136
+ * union mismatch.
137
+ */
138
+ interface WebAuthnAssertionResponse {
139
+ id: string;
140
+ rawId: string;
141
+ type: string;
142
+ response: {
143
+ clientDataJSON: string;
144
+ authenticatorData: string;
145
+ signature: string;
146
+ userHandle?: undefined;
147
+ };
148
+ clientExtensionResults?: Record<string, unknown>;
149
+ authenticatorAttachment?: string;
150
+ }
151
+ /**
152
+ * KvStorage — async key/value storage for ID tokens + session metadata.
153
+ * Web wraps `localStorage` (sync, lifted to a resolved Promise); RN
154
+ * wraps `@react-native-async-storage/async-storage` (natively async).
155
+ *
156
+ * Always async at the interface to unify both platforms.
157
+ */
158
+ interface KvStorage {
159
+ get(key: string): Promise<string | null>;
160
+ set(key: string, value: string): Promise<void>;
161
+ remove(key: string): Promise<void>;
162
+ }
163
+ /**
164
+ * OAuthOpener — start an OAuth authorize request and wait for the
165
+ * provider redirect to return with `code` + `state`. Web uses a
166
+ * full-page redirect or popup (completion picked up by
167
+ * `useOAuthCompletion` listening for postMessages); RN uses
168
+ * `expo-web-browser.openAuthSessionAsync` (single Promise resolves on
169
+ * deep-link callback).
170
+ */
171
+ interface OAuthOpener {
172
+ open(opts: {
173
+ authorizeUrl: string;
174
+ redirectUrl: string;
175
+ }): Promise<{
176
+ code: string;
177
+ state: string;
178
+ }>;
179
+ }
180
+ /**
181
+ * The bundle of platform impls that the SDK factories accept. Provider
182
+ * components on each platform construct one of these once and pass it
183
+ * through to the factories.
184
+ */
185
+ interface PlatformImpls {
186
+ transport: Transport;
187
+ passkey: PasskeyAssertor;
188
+ storage: KvStorage;
189
+ oauth: OAuthOpener;
190
+ }
191
+
192
+ export type { KvStorage as K, OAuthOpener as O, PasskeyAssertor as P, Transport as T, WebAuthnAssertionResponse as W, PlatformImpls as a, WebAuthnRequestOptions as b };
@@ -1,4 +1,4 @@
1
- export { C as CachedAssertion, c as clearParentAssertCache, g as generatePasskeyUserId, a as getAssertCacheTtlMs, r as readParentAssertCache, s as setAssertCacheTtlMs, w as withClearOnFailure, b as writeParentAssertCache } from '../passkey-cache-B9PT3AWX.mjs';
1
+ export { C as CachedAssertion, g as generatePasskeyUserId } from '../passkey-cache-WnDFQ-v4.mjs';
2
2
  export { a as PasskeyFormFactor, P as PasskeyMetadata, b as PasskeyMetadataInput, f as formatPasskeyLabel, r as resolvePasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.mjs';
3
3
  import { C as Chain } from '../chain-C9dvKXUY.mjs';
4
4
  import { SiweMessage } from 'siwe';
@@ -1,4 +1,4 @@
1
- export { C as CachedAssertion, c as clearParentAssertCache, g as generatePasskeyUserId, a as getAssertCacheTtlMs, r as readParentAssertCache, s as setAssertCacheTtlMs, w as withClearOnFailure, b as writeParentAssertCache } from '../passkey-cache-B9PT3AWX.js';
1
+ export { C as CachedAssertion, g as generatePasskeyUserId } from '../passkey-cache-WnDFQ-v4.js';
2
2
  export { a as PasskeyFormFactor, P as PasskeyMetadata, b as PasskeyMetadataInput, f as formatPasskeyLabel, r as resolvePasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.js';
3
3
  import { C as Chain } from '../chain-C9dvKXUY.js';
4
4
  import { SiweMessage } from 'siwe';
package/dist/lib/index.js CHANGED
@@ -40,14 +40,12 @@ __export(lib_exports, {
40
40
  broadcastSolanaSigned: () => broadcastSolanaSigned,
41
41
  bs58ToBytes: () => bs58ToBytes,
42
42
  buildUrl: () => buildUrl,
43
- clearParentAssertCache: () => clearParentAssertCache,
44
43
  createManualSiweMessage: () => createManualSiweMessage,
45
44
  estimateEvmGas: () => estimateEvmGas,
46
45
  estimateEvmGasReserve: () => estimateEvmGasReserve,
47
46
  formatPasskeyLabel: () => formatPasskeyLabel,
48
47
  fromB64url: () => fromB64url,
49
48
  generatePasskeyUserId: () => generatePasskeyUserId,
50
- getAssertCacheTtlMs: () => getAssertCacheTtlMs,
51
49
  getChainById: () => getChainById,
52
50
  getDefaultChain: () => getDefaultChain,
53
51
  getEvmGasPrice: () => getEvmGasPrice,
@@ -60,18 +58,14 @@ __export(lib_exports, {
60
58
  isChainSupported: () => isChainSupported,
61
59
  prepareEvmSendTransaction: () => prepareEvmSendTransaction,
62
60
  prepareEvmSignTransaction: () => prepareEvmSignTransaction,
63
- readParentAssertCache: () => readParentAssertCache,
64
61
  resolveEvmChain: () => resolveEvmChain,
65
62
  resolvePasskeyMetadata: () => resolvePasskeyMetadata,
66
63
  sanitizeUserData: () => sanitizeUserData,
67
64
  serializeEthereumTransaction: () => serializeEthereumTransaction,
68
- setAssertCacheTtlMs: () => setAssertCacheTtlMs,
69
65
  setChainRpcUrl: () => setChainRpcUrl,
70
66
  toB64url: () => toB64url,
71
67
  validateChainConfig: () => validateChainConfig,
72
- verifyIdToken: () => verifyIdToken,
73
- withClearOnFailure: () => withClearOnFailure,
74
- writeParentAssertCache: () => writeParentAssertCache
68
+ verifyIdToken: () => verifyIdToken
75
69
  });
76
70
  module.exports = __toCommonJS(lib_exports);
77
71
 
@@ -190,39 +184,6 @@ var toB64url = (bytes) => {
190
184
  };
191
185
 
192
186
  // src/lib/passkey/passkey-cache.ts
193
- var cacheTtlMs = 0;
194
- var cache = null;
195
- var setAssertCacheTtlMs = (ms) => {
196
- cacheTtlMs = Math.max(0, Math.floor(ms));
197
- if (cacheTtlMs === 0) {
198
- cache = null;
199
- }
200
- };
201
- var getAssertCacheTtlMs = () => cacheTtlMs;
202
- var clearParentAssertCache = () => {
203
- cache = null;
204
- };
205
- var readParentAssertCache = () => {
206
- if (cacheTtlMs <= 0) return null;
207
- if (!cache) return null;
208
- if (Date.now() - cache.ts >= cacheTtlMs) return null;
209
- return {
210
- userHandleB64url: cache.userHandleB64url,
211
- credentialIdB64url: cache.credentialIdB64url
212
- };
213
- };
214
- var writeParentAssertCache = (entry) => {
215
- if (cacheTtlMs <= 0) return;
216
- cache = { ...entry, ts: Date.now() };
217
- };
218
- var withClearOnFailure = async (fn) => {
219
- try {
220
- return await fn();
221
- } catch (error) {
222
- clearParentAssertCache();
223
- throw error;
224
- }
225
- };
226
187
  var generatePasskeyUserId = () => {
227
188
  const bytes = crypto.getRandomValues(new Uint8Array(32));
228
189
  return { userIdB64url: toB64url(bytes), userIdBytes: bytes };
@@ -1587,14 +1548,12 @@ var bs58ToBytes = async (value) => {
1587
1548
  broadcastSolanaSigned,
1588
1549
  bs58ToBytes,
1589
1550
  buildUrl,
1590
- clearParentAssertCache,
1591
1551
  createManualSiweMessage,
1592
1552
  estimateEvmGas,
1593
1553
  estimateEvmGasReserve,
1594
1554
  formatPasskeyLabel,
1595
1555
  fromB64url,
1596
1556
  generatePasskeyUserId,
1597
- getAssertCacheTtlMs,
1598
1557
  getChainById,
1599
1558
  getDefaultChain,
1600
1559
  getEvmGasPrice,
@@ -1607,16 +1566,12 @@ var bs58ToBytes = async (value) => {
1607
1566
  isChainSupported,
1608
1567
  prepareEvmSendTransaction,
1609
1568
  prepareEvmSignTransaction,
1610
- readParentAssertCache,
1611
1569
  resolveEvmChain,
1612
1570
  resolvePasskeyMetadata,
1613
1571
  sanitizeUserData,
1614
1572
  serializeEthereumTransaction,
1615
- setAssertCacheTtlMs,
1616
1573
  setChainRpcUrl,
1617
1574
  toB64url,
1618
1575
  validateChainConfig,
1619
- verifyIdToken,
1620
- withClearOnFailure,
1621
- writeParentAssertCache
1576
+ verifyIdToken
1622
1577
  });