@moon-x/core 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -18,7 +18,7 @@ This package owns everything that's identical between web and mobile:
18
18
  - **Headless SDK factories** (`@moon-x/core/sdk`) — platform-agnostic implementations of `signMessage`, `signTransaction`, `sendTransaction`, etc. that take a `Transport` + `PasskeyAssertor` + `KvStorage` via DI. Web and RN both wire their platform impls into these factories.
19
19
  - **Web platform impls** (`@moon-x/core/web`) — `createIframeTransport`, `createWebAuthnPasskey`, `createLocalStorageKv`. React-native has its own equivalents inside `@moon-x/react-native-sdk/platform/*`.
20
20
  - **Shared React hooks** (`@moon-x/core/react`) — hooks that run identically on web + RN (`useUser`, `useWallets`, `useLogout`, `useLoginWithEmail`, `usePasskeyStatus`, `useAddPasskey`, `useRemovePasskey`, `useCreateWallet`, `useImportKey`, plus per-chain hooks under `@moon-x/core/react/ethereum` and `@moon-x/core/react/solana`). The platform SDKs re-export these directly so consumers never import from core.
21
- - **Pure utilities** (`@moon-x/core/lib`) — EVM chain/gas helpers (`getEvmGasPrice`, `estimateEvmGas`, `getEvmNonce`, `chains`), `prepareEvmSignTransaction` / `prepareEvmSendTransaction` (chain + RPC + nonce/gas/fee auto-fill), SIWE/SIWS message builders, passkey codec + cache (safe-by-default TTL=0; integrator opts in via `setAssertCacheTtlMs`) + AAGUID registry, Solana transaction log parser, etc.
21
+ - **Pure utilities** (`@moon-x/core/lib`) — EVM chain/gas helpers (`getEvmGasPrice`, `estimateEvmGas`, `getEvmNonce`, `chains`), `prepareEvmSignTransaction` / `prepareEvmSendTransaction` (chain + RPC + nonce/gas/fee auto-fill), SIWE/SIWS message builders, passkey codec + `generatePasskeyUserId`, AAGUID registry, Solana transaction log parser, etc. (The parent-side passkey-assertion cache was removed in Phase 4 of the presence-token gating work every sensitive op now mints scope-bound single-use tokens via `getInternalPresenceTokens`.)
22
22
 
23
23
  ## Subpath exports
24
24
 
@@ -100,39 +100,6 @@ var toB64url = (bytes) => {
100
100
  };
101
101
 
102
102
  // src/lib/passkey/passkey-cache.ts
103
- var cacheTtlMs = 0;
104
- var cache = null;
105
- var setAssertCacheTtlMs = (ms) => {
106
- cacheTtlMs = Math.max(0, Math.floor(ms));
107
- if (cacheTtlMs === 0) {
108
- cache = null;
109
- }
110
- };
111
- var getAssertCacheTtlMs = () => cacheTtlMs;
112
- var clearParentAssertCache = () => {
113
- cache = null;
114
- };
115
- var readParentAssertCache = () => {
116
- if (cacheTtlMs <= 0) return null;
117
- if (!cache) return null;
118
- if (Date.now() - cache.ts >= cacheTtlMs) return null;
119
- return {
120
- userHandleB64url: cache.userHandleB64url,
121
- credentialIdB64url: cache.credentialIdB64url
122
- };
123
- };
124
- var writeParentAssertCache = (entry) => {
125
- if (cacheTtlMs <= 0) return;
126
- cache = { ...entry, ts: Date.now() };
127
- };
128
- var withClearOnFailure = async (fn) => {
129
- try {
130
- return await fn();
131
- } catch (error) {
132
- clearParentAssertCache();
133
- throw error;
134
- }
135
- };
136
103
  var generatePasskeyUserId = () => {
137
104
  const bytes = crypto.getRandomValues(new Uint8Array(32));
138
105
  return { userIdB64url: toB64url(bytes), userIdBytes: bytes };
@@ -1492,12 +1459,6 @@ export {
1492
1459
  verifyIdToken,
1493
1460
  fromB64url,
1494
1461
  toB64url,
1495
- setAssertCacheTtlMs,
1496
- getAssertCacheTtlMs,
1497
- clearParentAssertCache,
1498
- readParentAssertCache,
1499
- writeParentAssertCache,
1500
- withClearOnFailure,
1501
1462
  generatePasskeyUserId,
1502
1463
  formatPasskeyLabel,
1503
1464
  resolvePasskeyMetadata,
@@ -87,6 +87,29 @@ interface PasskeyAssertor {
87
87
  assertForServer(opts: {
88
88
  optionsJSON: WebAuthnRequestOptions;
89
89
  }): Promise<WebAuthnAssertionResponse>;
90
+ /**
91
+ * Internal-use variant of assertForServer. Runs the same WebAuthn
92
+ * ceremony and returns the same sanitized assertion (userHandle
93
+ * stripped on the platform boundary), but ALSO surfaces the
94
+ * captured userHandle + credential id separately for the SDK
95
+ * orchestrator's downstream postMessage payload — the iframe needs
96
+ * the userHandle bytes to do AES-GCM unwrap of the DEK after the
97
+ * presence ceremony mints the scoped tokens.
98
+ *
99
+ * DEK hygiene boundary: the sanitized `response` field still has
100
+ * `response.userHandle === undefined`. The separate
101
+ * `userHandleB64url` field stays inside the orchestrator and is
102
+ * postMessaged to the iframe — never sent over the network to the
103
+ * presence-verify server call. The strip is enforced by the impl;
104
+ * the separate surfacing is opt-in via this method.
105
+ */
106
+ assertForInternalPresence(opts: {
107
+ optionsJSON: WebAuthnRequestOptions;
108
+ }): Promise<{
109
+ response: WebAuthnAssertionResponse;
110
+ userHandleB64url: string;
111
+ credentialIdB64url: string;
112
+ }>;
90
113
  }
91
114
  /**
92
115
  * Subset of `PublicKeyCredentialRequestOptionsJSON` we forward to the
@@ -87,6 +87,29 @@ interface PasskeyAssertor {
87
87
  assertForServer(opts: {
88
88
  optionsJSON: WebAuthnRequestOptions;
89
89
  }): Promise<WebAuthnAssertionResponse>;
90
+ /**
91
+ * Internal-use variant of assertForServer. Runs the same WebAuthn
92
+ * ceremony and returns the same sanitized assertion (userHandle
93
+ * stripped on the platform boundary), but ALSO surfaces the
94
+ * captured userHandle + credential id separately for the SDK
95
+ * orchestrator's downstream postMessage payload — the iframe needs
96
+ * the userHandle bytes to do AES-GCM unwrap of the DEK after the
97
+ * presence ceremony mints the scoped tokens.
98
+ *
99
+ * DEK hygiene boundary: the sanitized `response` field still has
100
+ * `response.userHandle === undefined`. The separate
101
+ * `userHandleB64url` field stays inside the orchestrator and is
102
+ * postMessaged to the iframe — never sent over the network to the
103
+ * presence-verify server call. The strip is enforced by the impl;
104
+ * the separate surfacing is opt-in via this method.
105
+ */
106
+ assertForInternalPresence(opts: {
107
+ optionsJSON: WebAuthnRequestOptions;
108
+ }): Promise<{
109
+ response: WebAuthnAssertionResponse;
110
+ userHandleB64url: string;
111
+ credentialIdB64url: string;
112
+ }>;
90
113
  }
91
114
  /**
92
115
  * Subset of `PublicKeyCredentialRequestOptionsJSON` we forward to the
@@ -1,4 +1,4 @@
1
- export { C as CachedAssertion, c as clearParentAssertCache, g as generatePasskeyUserId, a as getAssertCacheTtlMs, r as readParentAssertCache, s as setAssertCacheTtlMs, w as withClearOnFailure, b as writeParentAssertCache } from '../passkey-cache-B9PT3AWX.mjs';
1
+ export { C as CachedAssertion, g as generatePasskeyUserId } from '../passkey-cache-WnDFQ-v4.mjs';
2
2
  export { a as PasskeyFormFactor, P as PasskeyMetadata, b as PasskeyMetadataInput, f as formatPasskeyLabel, r as resolvePasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.mjs';
3
3
  import { C as Chain } from '../chain-C9dvKXUY.mjs';
4
4
  import { SiweMessage } from 'siwe';
@@ -1,4 +1,4 @@
1
- export { C as CachedAssertion, c as clearParentAssertCache, g as generatePasskeyUserId, a as getAssertCacheTtlMs, r as readParentAssertCache, s as setAssertCacheTtlMs, w as withClearOnFailure, b as writeParentAssertCache } from '../passkey-cache-B9PT3AWX.js';
1
+ export { C as CachedAssertion, g as generatePasskeyUserId } from '../passkey-cache-WnDFQ-v4.js';
2
2
  export { a as PasskeyFormFactor, P as PasskeyMetadata, b as PasskeyMetadataInput, f as formatPasskeyLabel, r as resolvePasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.js';
3
3
  import { C as Chain } from '../chain-C9dvKXUY.js';
4
4
  import { SiweMessage } from 'siwe';
package/dist/lib/index.js CHANGED
@@ -40,14 +40,12 @@ __export(lib_exports, {
40
40
  broadcastSolanaSigned: () => broadcastSolanaSigned,
41
41
  bs58ToBytes: () => bs58ToBytes,
42
42
  buildUrl: () => buildUrl,
43
- clearParentAssertCache: () => clearParentAssertCache,
44
43
  createManualSiweMessage: () => createManualSiweMessage,
45
44
  estimateEvmGas: () => estimateEvmGas,
46
45
  estimateEvmGasReserve: () => estimateEvmGasReserve,
47
46
  formatPasskeyLabel: () => formatPasskeyLabel,
48
47
  fromB64url: () => fromB64url,
49
48
  generatePasskeyUserId: () => generatePasskeyUserId,
50
- getAssertCacheTtlMs: () => getAssertCacheTtlMs,
51
49
  getChainById: () => getChainById,
52
50
  getDefaultChain: () => getDefaultChain,
53
51
  getEvmGasPrice: () => getEvmGasPrice,
@@ -60,18 +58,14 @@ __export(lib_exports, {
60
58
  isChainSupported: () => isChainSupported,
61
59
  prepareEvmSendTransaction: () => prepareEvmSendTransaction,
62
60
  prepareEvmSignTransaction: () => prepareEvmSignTransaction,
63
- readParentAssertCache: () => readParentAssertCache,
64
61
  resolveEvmChain: () => resolveEvmChain,
65
62
  resolvePasskeyMetadata: () => resolvePasskeyMetadata,
66
63
  sanitizeUserData: () => sanitizeUserData,
67
64
  serializeEthereumTransaction: () => serializeEthereumTransaction,
68
- setAssertCacheTtlMs: () => setAssertCacheTtlMs,
69
65
  setChainRpcUrl: () => setChainRpcUrl,
70
66
  toB64url: () => toB64url,
71
67
  validateChainConfig: () => validateChainConfig,
72
- verifyIdToken: () => verifyIdToken,
73
- withClearOnFailure: () => withClearOnFailure,
74
- writeParentAssertCache: () => writeParentAssertCache
68
+ verifyIdToken: () => verifyIdToken
75
69
  });
76
70
  module.exports = __toCommonJS(lib_exports);
77
71
 
@@ -190,39 +184,6 @@ var toB64url = (bytes) => {
190
184
  };
191
185
 
192
186
  // src/lib/passkey/passkey-cache.ts
193
- var cacheTtlMs = 0;
194
- var cache = null;
195
- var setAssertCacheTtlMs = (ms) => {
196
- cacheTtlMs = Math.max(0, Math.floor(ms));
197
- if (cacheTtlMs === 0) {
198
- cache = null;
199
- }
200
- };
201
- var getAssertCacheTtlMs = () => cacheTtlMs;
202
- var clearParentAssertCache = () => {
203
- cache = null;
204
- };
205
- var readParentAssertCache = () => {
206
- if (cacheTtlMs <= 0) return null;
207
- if (!cache) return null;
208
- if (Date.now() - cache.ts >= cacheTtlMs) return null;
209
- return {
210
- userHandleB64url: cache.userHandleB64url,
211
- credentialIdB64url: cache.credentialIdB64url
212
- };
213
- };
214
- var writeParentAssertCache = (entry) => {
215
- if (cacheTtlMs <= 0) return;
216
- cache = { ...entry, ts: Date.now() };
217
- };
218
- var withClearOnFailure = async (fn) => {
219
- try {
220
- return await fn();
221
- } catch (error) {
222
- clearParentAssertCache();
223
- throw error;
224
- }
225
- };
226
187
  var generatePasskeyUserId = () => {
227
188
  const bytes = crypto.getRandomValues(new Uint8Array(32));
228
189
  return { userIdB64url: toB64url(bytes), userIdBytes: bytes };
@@ -1587,14 +1548,12 @@ var bs58ToBytes = async (value) => {
1587
1548
  broadcastSolanaSigned,
1588
1549
  bs58ToBytes,
1589
1550
  buildUrl,
1590
- clearParentAssertCache,
1591
1551
  createManualSiweMessage,
1592
1552
  estimateEvmGas,
1593
1553
  estimateEvmGasReserve,
1594
1554
  formatPasskeyLabel,
1595
1555
  fromB64url,
1596
1556
  generatePasskeyUserId,
1597
- getAssertCacheTtlMs,
1598
1557
  getChainById,
1599
1558
  getDefaultChain,
1600
1559
  getEvmGasPrice,
@@ -1607,16 +1566,12 @@ var bs58ToBytes = async (value) => {
1607
1566
  isChainSupported,
1608
1567
  prepareEvmSendTransaction,
1609
1568
  prepareEvmSignTransaction,
1610
- readParentAssertCache,
1611
1569
  resolveEvmChain,
1612
1570
  resolvePasskeyMetadata,
1613
1571
  sanitizeUserData,
1614
1572
  serializeEthereumTransaction,
1615
- setAssertCacheTtlMs,
1616
1573
  setChainRpcUrl,
1617
1574
  toB64url,
1618
1575
  validateChainConfig,
1619
- verifyIdToken,
1620
- withClearOnFailure,
1621
- writeParentAssertCache
1576
+ verifyIdToken
1622
1577
  });
@@ -9,14 +9,12 @@ import {
9
9
  broadcastSolanaSigned,
10
10
  bs58ToBytes,
11
11
  buildUrl,
12
- clearParentAssertCache,
13
12
  createManualSiweMessage,
14
13
  estimateEvmGas,
15
14
  estimateEvmGasReserve,
16
15
  formatPasskeyLabel,
17
16
  fromB64url,
18
17
  generatePasskeyUserId,
19
- getAssertCacheTtlMs,
20
18
  getChainById,
21
19
  getDefaultChain,
22
20
  getEvmGasPrice,
@@ -29,19 +27,15 @@ import {
29
27
  isChainSupported,
30
28
  prepareEvmSendTransaction,
31
29
  prepareEvmSignTransaction,
32
- readParentAssertCache,
33
30
  resolveEvmChain,
34
31
  resolvePasskeyMetadata,
35
32
  sanitizeUserData,
36
33
  serializeEthereumTransaction,
37
- setAssertCacheTtlMs,
38
34
  setChainRpcUrl,
39
35
  toB64url,
40
36
  validateChainConfig,
41
- verifyIdToken,
42
- withClearOnFailure,
43
- writeParentAssertCache
44
- } from "../chunk-CDT4MC7S.mjs";
37
+ verifyIdToken
38
+ } from "../chunk-6LTEG7VN.mjs";
45
39
  import "../chunk-GQKIA37O.mjs";
46
40
  export {
47
41
  DEFAULT_AUTH_URL,
@@ -54,14 +48,12 @@ export {
54
48
  broadcastSolanaSigned,
55
49
  bs58ToBytes,
56
50
  buildUrl,
57
- clearParentAssertCache,
58
51
  createManualSiweMessage,
59
52
  estimateEvmGas,
60
53
  estimateEvmGasReserve,
61
54
  formatPasskeyLabel,
62
55
  fromB64url,
63
56
  generatePasskeyUserId,
64
- getAssertCacheTtlMs,
65
57
  getChainById,
66
58
  getDefaultChain,
67
59
  getEvmGasPrice,
@@ -74,16 +66,12 @@ export {
74
66
  isChainSupported,
75
67
  prepareEvmSendTransaction,
76
68
  prepareEvmSignTransaction,
77
- readParentAssertCache,
78
69
  resolveEvmChain,
79
70
  resolvePasskeyMetadata,
80
71
  sanitizeUserData,
81
72
  serializeEthereumTransaction,
82
- setAssertCacheTtlMs,
83
73
  setChainRpcUrl,
84
74
  toB64url,
85
75
  validateChainConfig,
86
- verifyIdToken,
87
- withClearOnFailure,
88
- writeParentAssertCache
76
+ verifyIdToken
89
77
  };
@@ -0,0 +1,26 @@
1
+ interface CachedAssertion {
2
+ userHandleB64url: string;
3
+ credentialIdB64url: string;
4
+ }
5
+ /**
6
+ * Generate fresh user.id bytes for a new WebAuthn credential. The
7
+ * caller overrides `options.user.id` with these bytes before
8
+ * navigator.credentials.create so the authenticator persists them as
9
+ * the credential's user.id; on every subsequent assertion they come
10
+ * back as response.userHandle and serve as the AES-GCM key for that
11
+ * credential's DEK wrap.
12
+ *
13
+ * Returns the bytes both as base64url (what the WebAuthn options
14
+ * accept and what we ship over postMessage) and as raw bytes (for
15
+ * any caller that prefers direct binary).
16
+ *
17
+ * Requires a working `crypto.getRandomValues`. On RN this is provided
18
+ * by the `react-native-get-random-values` polyfill that the SDK's
19
+ * docs ask consumers to import at app entry.
20
+ */
21
+ declare const generatePasskeyUserId: () => {
22
+ userIdB64url: string;
23
+ userIdBytes: Uint8Array;
24
+ };
25
+
26
+ export { type CachedAssertion as C, generatePasskeyUserId as g };
@@ -0,0 +1,26 @@
1
+ interface CachedAssertion {
2
+ userHandleB64url: string;
3
+ credentialIdB64url: string;
4
+ }
5
+ /**
6
+ * Generate fresh user.id bytes for a new WebAuthn credential. The
7
+ * caller overrides `options.user.id` with these bytes before
8
+ * navigator.credentials.create so the authenticator persists them as
9
+ * the credential's user.id; on every subsequent assertion they come
10
+ * back as response.userHandle and serve as the AES-GCM key for that
11
+ * credential's DEK wrap.
12
+ *
13
+ * Returns the bytes both as base64url (what the WebAuthn options
14
+ * accept and what we ship over postMessage) and as raw bytes (for
15
+ * any caller that prefers direct binary).
16
+ *
17
+ * Requires a working `crypto.getRandomValues`. On RN this is provided
18
+ * by the `react-native-get-random-values` polyfill that the SDK's
19
+ * docs ask consumers to import at app entry.
20
+ */
21
+ declare const generatePasskeyUserId: () => {
22
+ userIdB64url: string;
23
+ userIdBytes: Uint8Array;
24
+ };
25
+
26
+ export { type CachedAssertion as C, generatePasskeyUserId as g };
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  formatPasskeyLabel,
3
3
  resolvePasskeyMetadata
4
- } from "../chunk-CDT4MC7S.mjs";
4
+ } from "../chunk-6LTEG7VN.mjs";
5
5
  import "../chunk-GQKIA37O.mjs";
6
6
  import {
7
7
  SDKProvider,
@@ -1,16 +1,15 @@
1
- import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-CYtJHALV.mjs';
2
- export { O as OAuthOpener, a as PlatformImpls, W as WebAuthnAssertionResponse, b as WebAuthnRequestOptions } from '../interfaces-CYtJHALV.mjs';
3
- import { C as CachedAssertion } from '../passkey-cache-B9PT3AWX.mjs';
1
+ import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-cdKh3sLA.mjs';
2
+ export { O as OAuthOpener, a as PlatformImpls, W as WebAuthnAssertionResponse, b as WebAuthnRequestOptions } from '../interfaces-cdKh3sLA.mjs';
3
+ import { C as CachedAssertion } from '../passkey-cache-WnDFQ-v4.mjs';
4
4
  import { EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSendTransactionParams, EthereumSendTransactionResult, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SendEmailOtpResponse, PublicWallet } from '../types/index.mjs';
5
5
  import '../post-message-CmgAfkOS.mjs';
6
6
  import '../chain-C9dvKXUY.mjs';
7
7
 
8
8
  type AssertPasskeyInParentResult = CachedAssertion;
9
- declare const assertPasskeyInParent: ({ transport, passkey, publishableKey, requireFreshAssertion, validateCredentialInAllowList, }: {
9
+ declare const assertPasskeyInParent: ({ transport, passkey, publishableKey, validateCredentialInAllowList, }: {
10
10
  transport: Transport;
11
11
  passkey: PasskeyAssertor;
12
12
  publishableKey: string;
13
- requireFreshAssertion?: boolean;
14
13
  validateCredentialInAllowList?: boolean;
15
14
  }) => Promise<AssertPasskeyInParentResult>;
16
15
 
@@ -25,10 +24,29 @@ declare const getPresenceToken: ({ transport, passkey, publishableKey, relyingPa
25
24
  relyingPartyOrigin: string;
26
25
  }) => Promise<GetPresenceTokenResult>;
27
26
 
28
- declare const getHeadlessEthereumMethods: ({ transport, passkey, publishableKey, }: {
27
+ interface ScopedPresenceToken {
28
+ token: string;
29
+ expiresAt: number;
30
+ }
31
+ interface GetInternalPresenceTokensResult {
32
+ tokens: Record<string, ScopedPresenceToken>;
33
+ userHandleB64url: string;
34
+ credentialIdB64url: string;
35
+ }
36
+ declare const getInternalPresenceTokens: ({ transport, passkey, publishableKey, relyingPartyOrigin, scopes, }: {
37
+ transport: Transport;
38
+ passkey: PasskeyAssertor;
39
+ publishableKey: string;
40
+ relyingPartyOrigin: string;
41
+ scopes: string[];
42
+ }) => Promise<GetInternalPresenceTokensResult>;
43
+ declare const flattenPresenceTokens: (result: GetInternalPresenceTokensResult) => Record<string, string>;
44
+
45
+ declare const getHeadlessEthereumMethods: ({ transport, passkey, publishableKey, relyingPartyOrigin, }: {
29
46
  transport: Transport;
30
47
  passkey: PasskeyAssertor;
31
48
  publishableKey: string;
49
+ relyingPartyOrigin: string;
32
50
  }) => {
33
51
  signEthereumMessageHeadless: (params: EthereumSignMessageParams) => Promise<EthereumSignMessageResult>;
34
52
  signEthereumTransactionHeadless: (params: EthereumSignTransactionParams) => Promise<EthereumSignTransactionResult>;
@@ -46,10 +64,11 @@ declare const getHeadlessEthereumMethods: ({ transport, passkey, publishableKey,
46
64
  }) => Promise<unknown>;
47
65
  };
48
66
 
49
- declare const getHeadlessSolanaMethods: ({ transport, passkey, publishableKey, }: {
67
+ declare const getHeadlessSolanaMethods: ({ transport, passkey, publishableKey, relyingPartyOrigin, }: {
50
68
  transport: Transport;
51
69
  passkey: PasskeyAssertor;
52
70
  publishableKey: string;
71
+ relyingPartyOrigin: string;
53
72
  }) => {
54
73
  signSolanaMessageHeadless: (params: SolanaSignMessageParams) => Promise<SolanaSignMessageResult>;
55
74
  signSolanaTransactionHeadless: (params: SolanaSignTransactionParams) => Promise<SolanaSignTransactionResult>;
@@ -98,11 +117,12 @@ declare const getHeadlessAuthenticationMethods: ({ transport, publishableKey, se
98
117
  verifyOAuth: (params: VerifyOAuthParams) => Promise<unknown>;
99
118
  };
100
119
 
101
- declare const getHeadlessGeneralMethods: ({ transport, passkey, storage, publishableKey, setIsAuthenticated, setUser, }: {
120
+ declare const getHeadlessGeneralMethods: ({ transport, passkey, storage, publishableKey, relyingPartyOrigin, setIsAuthenticated, setUser, }: {
102
121
  transport: Transport;
103
122
  passkey: PasskeyAssertor;
104
123
  storage: KvStorage;
105
124
  publishableKey: string;
125
+ relyingPartyOrigin: string;
106
126
  setIsAuthenticated?: (isAuth: boolean) => void;
107
127
  setUser?: (user: unknown | null) => void;
108
128
  }) => {
@@ -111,13 +131,10 @@ declare const getHeadlessGeneralMethods: ({ transport, passkey, storage, publish
111
131
  createWallet: (walletType: "solana" | "ethereum", options?: {
112
132
  createAdditional?: boolean;
113
133
  walletIndex?: number;
114
- requireFreshAssertion?: boolean;
115
134
  }) => Promise<{
116
135
  wallet: PublicWallet;
117
136
  }>;
118
- importKey: (walletType: "solana" | "ethereum", key: string, options?: {
119
- requireFreshAssertion?: boolean;
120
- }) => Promise<{
137
+ importKey: (walletType: "solana" | "ethereum", key: string) => Promise<{
121
138
  wallet: PublicWallet;
122
139
  }>;
123
140
  getWallets: (walletType: "solana" | "ethereum") => Promise<{
@@ -137,4 +154,4 @@ declare const getHeadlessGeneralMethods: ({ transport, passkey, storage, publish
137
154
  getUser: () => Promise<unknown>;
138
155
  };
139
156
 
140
- export { type AssertPasskeyInParentResult, type GetPresenceTokenResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods, getPresenceToken };
157
+ export { type AssertPasskeyInParentResult, type GetInternalPresenceTokensResult, type GetPresenceTokenResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, type ScopedPresenceToken, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, flattenPresenceTokens, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods, getInternalPresenceTokens, getPresenceToken };
@@ -1,16 +1,15 @@
1
- import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-Bm7fGOAI.js';
2
- export { O as OAuthOpener, a as PlatformImpls, W as WebAuthnAssertionResponse, b as WebAuthnRequestOptions } from '../interfaces-Bm7fGOAI.js';
3
- import { C as CachedAssertion } from '../passkey-cache-B9PT3AWX.js';
1
+ import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-pNTEOKaK.js';
2
+ export { O as OAuthOpener, a as PlatformImpls, W as WebAuthnAssertionResponse, b as WebAuthnRequestOptions } from '../interfaces-pNTEOKaK.js';
3
+ import { C as CachedAssertion } from '../passkey-cache-WnDFQ-v4.js';
4
4
  import { EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSendTransactionParams, EthereumSendTransactionResult, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SendEmailOtpResponse, PublicWallet } from '../types/index.js';
5
5
  import '../post-message-CmgAfkOS.js';
6
6
  import '../chain-C9dvKXUY.js';
7
7
 
8
8
  type AssertPasskeyInParentResult = CachedAssertion;
9
- declare const assertPasskeyInParent: ({ transport, passkey, publishableKey, requireFreshAssertion, validateCredentialInAllowList, }: {
9
+ declare const assertPasskeyInParent: ({ transport, passkey, publishableKey, validateCredentialInAllowList, }: {
10
10
  transport: Transport;
11
11
  passkey: PasskeyAssertor;
12
12
  publishableKey: string;
13
- requireFreshAssertion?: boolean;
14
13
  validateCredentialInAllowList?: boolean;
15
14
  }) => Promise<AssertPasskeyInParentResult>;
16
15
 
@@ -25,10 +24,29 @@ declare const getPresenceToken: ({ transport, passkey, publishableKey, relyingPa
25
24
  relyingPartyOrigin: string;
26
25
  }) => Promise<GetPresenceTokenResult>;
27
26
 
28
- declare const getHeadlessEthereumMethods: ({ transport, passkey, publishableKey, }: {
27
+ interface ScopedPresenceToken {
28
+ token: string;
29
+ expiresAt: number;
30
+ }
31
+ interface GetInternalPresenceTokensResult {
32
+ tokens: Record<string, ScopedPresenceToken>;
33
+ userHandleB64url: string;
34
+ credentialIdB64url: string;
35
+ }
36
+ declare const getInternalPresenceTokens: ({ transport, passkey, publishableKey, relyingPartyOrigin, scopes, }: {
37
+ transport: Transport;
38
+ passkey: PasskeyAssertor;
39
+ publishableKey: string;
40
+ relyingPartyOrigin: string;
41
+ scopes: string[];
42
+ }) => Promise<GetInternalPresenceTokensResult>;
43
+ declare const flattenPresenceTokens: (result: GetInternalPresenceTokensResult) => Record<string, string>;
44
+
45
+ declare const getHeadlessEthereumMethods: ({ transport, passkey, publishableKey, relyingPartyOrigin, }: {
29
46
  transport: Transport;
30
47
  passkey: PasskeyAssertor;
31
48
  publishableKey: string;
49
+ relyingPartyOrigin: string;
32
50
  }) => {
33
51
  signEthereumMessageHeadless: (params: EthereumSignMessageParams) => Promise<EthereumSignMessageResult>;
34
52
  signEthereumTransactionHeadless: (params: EthereumSignTransactionParams) => Promise<EthereumSignTransactionResult>;
@@ -46,10 +64,11 @@ declare const getHeadlessEthereumMethods: ({ transport, passkey, publishableKey,
46
64
  }) => Promise<unknown>;
47
65
  };
48
66
 
49
- declare const getHeadlessSolanaMethods: ({ transport, passkey, publishableKey, }: {
67
+ declare const getHeadlessSolanaMethods: ({ transport, passkey, publishableKey, relyingPartyOrigin, }: {
50
68
  transport: Transport;
51
69
  passkey: PasskeyAssertor;
52
70
  publishableKey: string;
71
+ relyingPartyOrigin: string;
53
72
  }) => {
54
73
  signSolanaMessageHeadless: (params: SolanaSignMessageParams) => Promise<SolanaSignMessageResult>;
55
74
  signSolanaTransactionHeadless: (params: SolanaSignTransactionParams) => Promise<SolanaSignTransactionResult>;
@@ -98,11 +117,12 @@ declare const getHeadlessAuthenticationMethods: ({ transport, publishableKey, se
98
117
  verifyOAuth: (params: VerifyOAuthParams) => Promise<unknown>;
99
118
  };
100
119
 
101
- declare const getHeadlessGeneralMethods: ({ transport, passkey, storage, publishableKey, setIsAuthenticated, setUser, }: {
120
+ declare const getHeadlessGeneralMethods: ({ transport, passkey, storage, publishableKey, relyingPartyOrigin, setIsAuthenticated, setUser, }: {
102
121
  transport: Transport;
103
122
  passkey: PasskeyAssertor;
104
123
  storage: KvStorage;
105
124
  publishableKey: string;
125
+ relyingPartyOrigin: string;
106
126
  setIsAuthenticated?: (isAuth: boolean) => void;
107
127
  setUser?: (user: unknown | null) => void;
108
128
  }) => {
@@ -111,13 +131,10 @@ declare const getHeadlessGeneralMethods: ({ transport, passkey, storage, publish
111
131
  createWallet: (walletType: "solana" | "ethereum", options?: {
112
132
  createAdditional?: boolean;
113
133
  walletIndex?: number;
114
- requireFreshAssertion?: boolean;
115
134
  }) => Promise<{
116
135
  wallet: PublicWallet;
117
136
  }>;
118
- importKey: (walletType: "solana" | "ethereum", key: string, options?: {
119
- requireFreshAssertion?: boolean;
120
- }) => Promise<{
137
+ importKey: (walletType: "solana" | "ethereum", key: string) => Promise<{
121
138
  wallet: PublicWallet;
122
139
  }>;
123
140
  getWallets: (walletType: "solana" | "ethereum") => Promise<{
@@ -137,4 +154,4 @@ declare const getHeadlessGeneralMethods: ({ transport, passkey, storage, publish
137
154
  getUser: () => Promise<unknown>;
138
155
  };
139
156
 
140
- export { type AssertPasskeyInParentResult, type GetPresenceTokenResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods, getPresenceToken };
157
+ export { type AssertPasskeyInParentResult, type GetInternalPresenceTokensResult, type GetPresenceTokenResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, type ScopedPresenceToken, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, flattenPresenceTokens, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods, getInternalPresenceTokens, getPresenceToken };