@moon-x/core 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/dist/{chunk-6LTEG7VN.mjs → chunk-I56GRKAG.mjs} +19 -0
  2. package/dist/{chunk-VVL65GIB.mjs → chunk-JU5MWLXH.mjs} +14 -0
  3. package/dist/index.d.mts +2 -3
  4. package/dist/index.d.ts +2 -3
  5. package/dist/index.js +14 -0
  6. package/dist/index.mjs +1 -1
  7. package/dist/{interfaces-pNTEOKaK.d.ts → interfaces-1vfik3Ef.d.ts} +1 -1
  8. package/dist/{interfaces-cdKh3sLA.d.mts → interfaces-BdIeMGGD.d.mts} +1 -1
  9. package/dist/lib/index.d.mts +32 -2
  10. package/dist/lib/index.d.ts +32 -2
  11. package/dist/lib/index.js +21 -0
  12. package/dist/lib/index.mjs +5 -1
  13. package/dist/{post-message-CmgAfkOS.d.mts → post-message-Z6cLf0mS.d.mts} +3 -0
  14. package/dist/{post-message-CmgAfkOS.d.ts → post-message-Z6cLf0mS.d.ts} +3 -0
  15. package/dist/react/ethereum.d.mts +0 -1
  16. package/dist/react/ethereum.d.ts +0 -1
  17. package/dist/react/index.d.mts +41 -3
  18. package/dist/react/index.d.ts +41 -3
  19. package/dist/react/index.js +138 -12
  20. package/dist/react/index.mjs +137 -12
  21. package/dist/react/solana.d.mts +0 -1
  22. package/dist/react/solana.d.ts +0 -1
  23. package/dist/sdk/index.d.mts +63 -9
  24. package/dist/sdk/index.d.ts +63 -9
  25. package/dist/sdk/index.js +270 -17
  26. package/dist/sdk/index.mjs +255 -18
  27. package/dist/types/index.d.mts +135 -3
  28. package/dist/types/index.d.ts +135 -3
  29. package/dist/utils/index.d.mts +1 -1
  30. package/dist/utils/index.d.ts +1 -1
  31. package/dist/utils/index.js +14 -0
  32. package/dist/utils/index.mjs +1 -1
  33. package/dist/web/index.d.mts +2 -2
  34. package/dist/web/index.d.ts +2 -2
  35. package/dist/web/index.mjs +1 -1
  36. package/package.json +3 -1
  37. package/dist/chain-C9dvKXUY.d.mts +0 -48
  38. package/dist/chain-C9dvKXUY.d.ts +0 -48
@@ -1425,6 +1425,23 @@ var broadcastSolanaSigned = async (rpcUrl, signedBase58) => {
1425
1425
  return result.result;
1426
1426
  };
1427
1427
 
1428
+ // src/lib/wallet-algorithm.ts
1429
+ function canonicalAlgorithmFor(chain) {
1430
+ switch (chain) {
1431
+ case "ethereum":
1432
+ return "ecdsa";
1433
+ case "solana":
1434
+ return "exportable-ed25519";
1435
+ default:
1436
+ throw new Error(`No canonical algorithm for chain: ${chain}`);
1437
+ }
1438
+ }
1439
+ function parseDerivationPath(path) {
1440
+ if (!path || path === "m") return new Uint32Array([]);
1441
+ const rest = path.startsWith("m/") ? path.slice(2) : path;
1442
+ return new Uint32Array(rest.split("/").map((s) => Number(s)));
1443
+ }
1444
+
1428
1445
  // src/lib/wire-codec.ts
1429
1446
  var arrayLikeToBytes = (value) => {
1430
1447
  if (value instanceof Uint8Array) return value;
@@ -1488,6 +1505,8 @@ export {
1488
1505
  serializeEthereumTransaction,
1489
1506
  broadcastEthereumRaw,
1490
1507
  broadcastSolanaSigned,
1508
+ canonicalAlgorithmFor,
1509
+ parseDerivationPath,
1491
1510
  arrayLikeToBytes,
1492
1511
  bs58ToBytes
1493
1512
  };
@@ -51,6 +51,20 @@ var PostMessageMethod = {
51
51
  // dispatcher boring.
52
52
  SIGN_HASH: "SIGN_HASH",
53
53
  SIGN_7702_AUTHORIZATION: "SIGN_7702_AUTHORIZATION",
54
+ // Provision a SES (Secure Ephemeral Signer) over one or more of the
55
+ // user's MPC wallets. Iframe verifies the Nitro attestation, decrypts
56
+ // the selected keyshares, HPKE-seals them to the verified enclave
57
+ // pubkey, and returns a freshly-generated Ed25519 signer keypair.
58
+ // MoonX never persists the private key — the parent must hand it to
59
+ // the user immediately.
60
+ PROVISION_EPHEMERAL_SIGNER: "PROVISION_EPHEMERAL_SIGNER",
61
+ // List the user's active provisioned ephemeral signers from the
62
+ // wallets backend. Read-only; doesn't touch SES or the enclave.
63
+ LIST_EPHEMERAL_SIGNERS: "LIST_EPHEMERAL_SIGNERS",
64
+ // Soft-revoke a previously-provisioned ephemeral signer. The wallets
65
+ // backend updates revoked_at locally and forwards the revoke to SES
66
+ // so the enclave drops the policy.
67
+ REVOKE_EPHEMERAL_SIGNER: "REVOKE_EPHEMERAL_SIGNER",
54
68
  VERIFY_EMAIL_OTP: "VERIFY_EMAIL_OTP",
55
69
  VERIFY_OAUTH: "VERIFY_OAUTH",
56
70
  START_OAUTH: "START_OAUTH",
package/dist/index.d.mts CHANGED
@@ -1,4 +1,3 @@
1
- export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
1
+ export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, BlockExplorer, Chain, ChainLikeWithId, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EphemeralSigner, EphemeralSignerChain, EphemeralSignerScheme, EphemeralSignerWallet, EthereumChainConfig, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, ListEphemeralSignersResult, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, NativeCurrency, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, RevokeEphemeralSignerParams, RpcConfig, RpcUrls, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
2
2
  export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.mjs';
3
- export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-CmgAfkOS.mjs';
4
- export { B as BlockExplorer, C as Chain, a as ChainLikeWithId, E as EthereumChainConfig, N as NativeCurrency, R as RpcConfig, b as RpcUrls } from './chain-C9dvKXUY.mjs';
3
+ export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-Z6cLf0mS.mjs';
package/dist/index.d.ts CHANGED
@@ -1,4 +1,3 @@
1
- export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
1
+ export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, BlockExplorer, Chain, ChainLikeWithId, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EphemeralSigner, EphemeralSignerChain, EphemeralSignerScheme, EphemeralSignerWallet, EthereumChainConfig, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, ListEphemeralSignersResult, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, NativeCurrency, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, RevokeEphemeralSignerParams, RpcConfig, RpcUrls, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
2
2
  export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.js';
3
- export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-CmgAfkOS.js';
4
- export { B as BlockExplorer, C as Chain, a as ChainLikeWithId, E as EthereumChainConfig, N as NativeCurrency, R as RpcConfig, b as RpcUrls } from './chain-C9dvKXUY.js';
3
+ export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-Z6cLf0mS.js';
package/dist/index.js CHANGED
@@ -177,6 +177,20 @@ var PostMessageMethod = {
177
177
  // dispatcher boring.
178
178
  SIGN_HASH: "SIGN_HASH",
179
179
  SIGN_7702_AUTHORIZATION: "SIGN_7702_AUTHORIZATION",
180
+ // Provision a SES (Secure Ephemeral Signer) over one or more of the
181
+ // user's MPC wallets. Iframe verifies the Nitro attestation, decrypts
182
+ // the selected keyshares, HPKE-seals them to the verified enclave
183
+ // pubkey, and returns a freshly-generated Ed25519 signer keypair.
184
+ // MoonX never persists the private key — the parent must hand it to
185
+ // the user immediately.
186
+ PROVISION_EPHEMERAL_SIGNER: "PROVISION_EPHEMERAL_SIGNER",
187
+ // List the user's active provisioned ephemeral signers from the
188
+ // wallets backend. Read-only; doesn't touch SES or the enclave.
189
+ LIST_EPHEMERAL_SIGNERS: "LIST_EPHEMERAL_SIGNERS",
190
+ // Soft-revoke a previously-provisioned ephemeral signer. The wallets
191
+ // backend updates revoked_at locally and forwards the revoke to SES
192
+ // so the enclave drops the policy.
193
+ REVOKE_EPHEMERAL_SIGNER: "REVOKE_EPHEMERAL_SIGNER",
180
194
  VERIFY_EMAIL_OTP: "VERIFY_EMAIL_OTP",
181
195
  VERIFY_OAUTH: "VERIFY_OAUTH",
182
196
  START_OAUTH: "START_OAUTH",
package/dist/index.mjs CHANGED
@@ -14,7 +14,7 @@ import {
14
14
  PostMessageMethod,
15
15
  PostMessageServer,
16
16
  PostMessageType
17
- } from "./chunk-VVL65GIB.mjs";
17
+ } from "./chunk-JU5MWLXH.mjs";
18
18
  import {
19
19
  getMoonKeyApiUrl
20
20
  } from "./chunk-GQKIA37O.mjs";
@@ -1,4 +1,4 @@
1
- import { c as PostMessageType, a as PostMessageMethod } from './post-message-CmgAfkOS.js';
1
+ import { c as PostMessageType, a as PostMessageMethod } from './post-message-Z6cLf0mS.js';
2
2
 
3
3
  /**
4
4
  * Transport — the bidirectional postMessage channel between the parent
@@ -1,4 +1,4 @@
1
- import { c as PostMessageType, a as PostMessageMethod } from './post-message-CmgAfkOS.mjs';
1
+ import { c as PostMessageType, a as PostMessageMethod } from './post-message-Z6cLf0mS.mjs';
2
2
 
3
3
  /**
4
4
  * Transport — the bidirectional postMessage channel between the parent
@@ -1,6 +1,6 @@
1
1
  export { C as CachedAssertion, g as generatePasskeyUserId } from '../passkey-cache-WnDFQ-v4.mjs';
2
2
  export { a as PasskeyFormFactor, P as PasskeyMetadata, b as PasskeyMetadataInput, f as formatPasskeyLabel, r as resolvePasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.mjs';
3
- import { C as Chain } from '../chain-C9dvKXUY.mjs';
3
+ import { Chain, WalletChain } from '../types/index.mjs';
4
4
  import { SiweMessage } from 'siwe';
5
5
  import { Connection, PublicKey } from '@solana/web3.js';
6
6
 
@@ -389,6 +389,36 @@ declare const serializeEthereumTransaction: (transaction: any) => Promise<string
389
389
  declare const broadcastEthereumRaw: (rpcUrl: string, signedSerialized: string) => Promise<string>;
390
390
  declare const broadcastSolanaSigned: (rpcUrl: string, signedBase58: string) => Promise<string>;
391
391
 
392
+ /**
393
+ * Canonical algorithm name written to `app_user_wallet_keyshares.algorithm`.
394
+ *
395
+ * Matches Sodot's Vertex API path segment exactly:
396
+ *
397
+ * ethereum → "ecdsa"
398
+ * solana → "exportable-ed25519"
399
+ *
400
+ * `Algorithm.name.toLowerCase()` from the Sodot SDK would give
401
+ * `"exportableed25519"` (no hyphen) for Solana, which doesn't match
402
+ * anything else in the stack and causes sign dispatch to fall through
403
+ * to the default error branch. Use this helper instead.
404
+ */
405
+ declare function canonicalAlgorithmFor(chain: WalletChain): string;
406
+ /**
407
+ * Parse the canonical SES wire form of a derivation path into the
408
+ * integer array the Sodot MPC client expects.
409
+ *
410
+ * "m" → [] (root — imports + all
411
+ * exportable-ed25519 wallets)
412
+ * "m/44/60/0/0/0" → [44, 60, 0, 0, 0]
413
+ * "" → [] (legacy fallback; same as "m")
414
+ *
415
+ * Stays byte-for-byte identical to the Go-side `ParseDerivationPath`
416
+ * in `apps/wallets/internal/service/wallet.go` — both halves of the
417
+ * MPC ceremony have to agree on the path or Sodot returns "End-to-end
418
+ * decryption failed" with no further hint as to which input mismatched.
419
+ */
420
+ declare function parseDerivationPath(path: string): Uint32Array;
421
+
392
422
  /**
393
423
  * Convert any wire representation of a byte array back into Uint8Array.
394
424
  * Pass-through for actual `Uint8Array` and regular `number[]`. Used
@@ -407,4 +437,4 @@ declare const arrayLikeToBytes: (value: unknown) => Uint8Array;
407
437
  */
408
438
  declare const bs58ToBytes: (value: unknown) => Promise<Uint8Array>;
409
439
 
410
- export { type BuildUrlConfig, DEFAULT_AUTH_URL, EthereumSiweMessage, type EthereumSiweMessageProps, type EvmTransactionInput, type EvmTxPrepWallet, type ManualSiweMessageProps, SiwsMessage, SolanaTransactionParser, type VerifyIdTokenResponse, arrayLikeToBytes, authState, broadcastEthereumRaw, broadcastSolanaSigned, bs58ToBytes, buildUrl, createManualSiweMessage, estimateEvmGas, estimateEvmGasReserve, fromB64url, getChainById, getDefaultChain, getEvmGasPrice, getEvmMaxPriorityFeePerGas, getEvmNonce, getInstructionsForHTML, getRpcUrl, getSOLTransfersFromInstructions, getTransferInfoFromInstructions, isChainSupported, prepareEvmSendTransaction, prepareEvmSignTransaction, resolveEvmChain, sanitizeUserData, serializeEthereumTransaction, setChainRpcUrl, toB64url, validateChainConfig, verifyIdToken };
440
+ export { type BuildUrlConfig, DEFAULT_AUTH_URL, EthereumSiweMessage, type EthereumSiweMessageProps, type EvmTransactionInput, type EvmTxPrepWallet, type ManualSiweMessageProps, SiwsMessage, SolanaTransactionParser, type VerifyIdTokenResponse, arrayLikeToBytes, authState, broadcastEthereumRaw, broadcastSolanaSigned, bs58ToBytes, buildUrl, canonicalAlgorithmFor, createManualSiweMessage, estimateEvmGas, estimateEvmGasReserve, fromB64url, getChainById, getDefaultChain, getEvmGasPrice, getEvmMaxPriorityFeePerGas, getEvmNonce, getInstructionsForHTML, getRpcUrl, getSOLTransfersFromInstructions, getTransferInfoFromInstructions, isChainSupported, parseDerivationPath, prepareEvmSendTransaction, prepareEvmSignTransaction, resolveEvmChain, sanitizeUserData, serializeEthereumTransaction, setChainRpcUrl, toB64url, validateChainConfig, verifyIdToken };
@@ -1,6 +1,6 @@
1
1
  export { C as CachedAssertion, g as generatePasskeyUserId } from '../passkey-cache-WnDFQ-v4.js';
2
2
  export { a as PasskeyFormFactor, P as PasskeyMetadata, b as PasskeyMetadataInput, f as formatPasskeyLabel, r as resolvePasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.js';
3
- import { C as Chain } from '../chain-C9dvKXUY.js';
3
+ import { Chain, WalletChain } from '../types/index.js';
4
4
  import { SiweMessage } from 'siwe';
5
5
  import { Connection, PublicKey } from '@solana/web3.js';
6
6
 
@@ -389,6 +389,36 @@ declare const serializeEthereumTransaction: (transaction: any) => Promise<string
389
389
  declare const broadcastEthereumRaw: (rpcUrl: string, signedSerialized: string) => Promise<string>;
390
390
  declare const broadcastSolanaSigned: (rpcUrl: string, signedBase58: string) => Promise<string>;
391
391
 
392
+ /**
393
+ * Canonical algorithm name written to `app_user_wallet_keyshares.algorithm`.
394
+ *
395
+ * Matches Sodot's Vertex API path segment exactly:
396
+ *
397
+ * ethereum → "ecdsa"
398
+ * solana → "exportable-ed25519"
399
+ *
400
+ * `Algorithm.name.toLowerCase()` from the Sodot SDK would give
401
+ * `"exportableed25519"` (no hyphen) for Solana, which doesn't match
402
+ * anything else in the stack and causes sign dispatch to fall through
403
+ * to the default error branch. Use this helper instead.
404
+ */
405
+ declare function canonicalAlgorithmFor(chain: WalletChain): string;
406
+ /**
407
+ * Parse the canonical SES wire form of a derivation path into the
408
+ * integer array the Sodot MPC client expects.
409
+ *
410
+ * "m" → [] (root — imports + all
411
+ * exportable-ed25519 wallets)
412
+ * "m/44/60/0/0/0" → [44, 60, 0, 0, 0]
413
+ * "" → [] (legacy fallback; same as "m")
414
+ *
415
+ * Stays byte-for-byte identical to the Go-side `ParseDerivationPath`
416
+ * in `apps/wallets/internal/service/wallet.go` — both halves of the
417
+ * MPC ceremony have to agree on the path or Sodot returns "End-to-end
418
+ * decryption failed" with no further hint as to which input mismatched.
419
+ */
420
+ declare function parseDerivationPath(path: string): Uint32Array;
421
+
392
422
  /**
393
423
  * Convert any wire representation of a byte array back into Uint8Array.
394
424
  * Pass-through for actual `Uint8Array` and regular `number[]`. Used
@@ -407,4 +437,4 @@ declare const arrayLikeToBytes: (value: unknown) => Uint8Array;
407
437
  */
408
438
  declare const bs58ToBytes: (value: unknown) => Promise<Uint8Array>;
409
439
 
410
- export { type BuildUrlConfig, DEFAULT_AUTH_URL, EthereumSiweMessage, type EthereumSiweMessageProps, type EvmTransactionInput, type EvmTxPrepWallet, type ManualSiweMessageProps, SiwsMessage, SolanaTransactionParser, type VerifyIdTokenResponse, arrayLikeToBytes, authState, broadcastEthereumRaw, broadcastSolanaSigned, bs58ToBytes, buildUrl, createManualSiweMessage, estimateEvmGas, estimateEvmGasReserve, fromB64url, getChainById, getDefaultChain, getEvmGasPrice, getEvmMaxPriorityFeePerGas, getEvmNonce, getInstructionsForHTML, getRpcUrl, getSOLTransfersFromInstructions, getTransferInfoFromInstructions, isChainSupported, prepareEvmSendTransaction, prepareEvmSignTransaction, resolveEvmChain, sanitizeUserData, serializeEthereumTransaction, setChainRpcUrl, toB64url, validateChainConfig, verifyIdToken };
440
+ export { type BuildUrlConfig, DEFAULT_AUTH_URL, EthereumSiweMessage, type EthereumSiweMessageProps, type EvmTransactionInput, type EvmTxPrepWallet, type ManualSiweMessageProps, SiwsMessage, SolanaTransactionParser, type VerifyIdTokenResponse, arrayLikeToBytes, authState, broadcastEthereumRaw, broadcastSolanaSigned, bs58ToBytes, buildUrl, canonicalAlgorithmFor, createManualSiweMessage, estimateEvmGas, estimateEvmGasReserve, fromB64url, getChainById, getDefaultChain, getEvmGasPrice, getEvmMaxPriorityFeePerGas, getEvmNonce, getInstructionsForHTML, getRpcUrl, getSOLTransfersFromInstructions, getTransferInfoFromInstructions, isChainSupported, parseDerivationPath, prepareEvmSendTransaction, prepareEvmSignTransaction, resolveEvmChain, sanitizeUserData, serializeEthereumTransaction, setChainRpcUrl, toB64url, validateChainConfig, verifyIdToken };
package/dist/lib/index.js CHANGED
@@ -40,6 +40,7 @@ __export(lib_exports, {
40
40
  broadcastSolanaSigned: () => broadcastSolanaSigned,
41
41
  bs58ToBytes: () => bs58ToBytes,
42
42
  buildUrl: () => buildUrl,
43
+ canonicalAlgorithmFor: () => canonicalAlgorithmFor,
43
44
  createManualSiweMessage: () => createManualSiweMessage,
44
45
  estimateEvmGas: () => estimateEvmGas,
45
46
  estimateEvmGasReserve: () => estimateEvmGasReserve,
@@ -56,6 +57,7 @@ __export(lib_exports, {
56
57
  getSOLTransfersFromInstructions: () => getSOLTransfersFromInstructions,
57
58
  getTransferInfoFromInstructions: () => getTransferInfoFromInstructions,
58
59
  isChainSupported: () => isChainSupported,
60
+ parseDerivationPath: () => parseDerivationPath,
59
61
  prepareEvmSendTransaction: () => prepareEvmSendTransaction,
60
62
  prepareEvmSignTransaction: () => prepareEvmSignTransaction,
61
63
  resolveEvmChain: () => resolveEvmChain,
@@ -1509,6 +1511,23 @@ var broadcastSolanaSigned = async (rpcUrl, signedBase58) => {
1509
1511
  return result.result;
1510
1512
  };
1511
1513
 
1514
+ // src/lib/wallet-algorithm.ts
1515
+ function canonicalAlgorithmFor(chain) {
1516
+ switch (chain) {
1517
+ case "ethereum":
1518
+ return "ecdsa";
1519
+ case "solana":
1520
+ return "exportable-ed25519";
1521
+ default:
1522
+ throw new Error(`No canonical algorithm for chain: ${chain}`);
1523
+ }
1524
+ }
1525
+ function parseDerivationPath(path) {
1526
+ if (!path || path === "m") return new Uint32Array([]);
1527
+ const rest = path.startsWith("m/") ? path.slice(2) : path;
1528
+ return new Uint32Array(rest.split("/").map((s) => Number(s)));
1529
+ }
1530
+
1512
1531
  // src/lib/wire-codec.ts
1513
1532
  var arrayLikeToBytes = (value) => {
1514
1533
  if (value instanceof Uint8Array) return value;
@@ -1548,6 +1567,7 @@ var bs58ToBytes = async (value) => {
1548
1567
  broadcastSolanaSigned,
1549
1568
  bs58ToBytes,
1550
1569
  buildUrl,
1570
+ canonicalAlgorithmFor,
1551
1571
  createManualSiweMessage,
1552
1572
  estimateEvmGas,
1553
1573
  estimateEvmGasReserve,
@@ -1564,6 +1584,7 @@ var bs58ToBytes = async (value) => {
1564
1584
  getSOLTransfersFromInstructions,
1565
1585
  getTransferInfoFromInstructions,
1566
1586
  isChainSupported,
1587
+ parseDerivationPath,
1567
1588
  prepareEvmSendTransaction,
1568
1589
  prepareEvmSignTransaction,
1569
1590
  resolveEvmChain,
@@ -9,6 +9,7 @@ import {
9
9
  broadcastSolanaSigned,
10
10
  bs58ToBytes,
11
11
  buildUrl,
12
+ canonicalAlgorithmFor,
12
13
  createManualSiweMessage,
13
14
  estimateEvmGas,
14
15
  estimateEvmGasReserve,
@@ -25,6 +26,7 @@ import {
25
26
  getSOLTransfersFromInstructions,
26
27
  getTransferInfoFromInstructions,
27
28
  isChainSupported,
29
+ parseDerivationPath,
28
30
  prepareEvmSendTransaction,
29
31
  prepareEvmSignTransaction,
30
32
  resolveEvmChain,
@@ -35,7 +37,7 @@ import {
35
37
  toB64url,
36
38
  validateChainConfig,
37
39
  verifyIdToken
38
- } from "../chunk-6LTEG7VN.mjs";
40
+ } from "../chunk-I56GRKAG.mjs";
39
41
  import "../chunk-GQKIA37O.mjs";
40
42
  export {
41
43
  DEFAULT_AUTH_URL,
@@ -48,6 +50,7 @@ export {
48
50
  broadcastSolanaSigned,
49
51
  bs58ToBytes,
50
52
  buildUrl,
53
+ canonicalAlgorithmFor,
51
54
  createManualSiweMessage,
52
55
  estimateEvmGas,
53
56
  estimateEvmGasReserve,
@@ -64,6 +67,7 @@ export {
64
67
  getSOLTransfersFromInstructions,
65
68
  getTransferInfoFromInstructions,
66
69
  isChainSupported,
70
+ parseDerivationPath,
67
71
  prepareEvmSendTransaction,
68
72
  prepareEvmSignTransaction,
69
73
  resolveEvmChain,
@@ -31,6 +31,9 @@ declare const PostMessageMethod: {
31
31
  readonly SIGN_TYPED_DATA: "SIGN_TYPED_DATA";
32
32
  readonly SIGN_HASH: "SIGN_HASH";
33
33
  readonly SIGN_7702_AUTHORIZATION: "SIGN_7702_AUTHORIZATION";
34
+ readonly PROVISION_EPHEMERAL_SIGNER: "PROVISION_EPHEMERAL_SIGNER";
35
+ readonly LIST_EPHEMERAL_SIGNERS: "LIST_EPHEMERAL_SIGNERS";
36
+ readonly REVOKE_EPHEMERAL_SIGNER: "REVOKE_EPHEMERAL_SIGNER";
34
37
  readonly VERIFY_EMAIL_OTP: "VERIFY_EMAIL_OTP";
35
38
  readonly VERIFY_OAUTH: "VERIFY_OAUTH";
36
39
  readonly START_OAUTH: "START_OAUTH";
@@ -31,6 +31,9 @@ declare const PostMessageMethod: {
31
31
  readonly SIGN_TYPED_DATA: "SIGN_TYPED_DATA";
32
32
  readonly SIGN_HASH: "SIGN_HASH";
33
33
  readonly SIGN_7702_AUTHORIZATION: "SIGN_7702_AUTHORIZATION";
34
+ readonly PROVISION_EPHEMERAL_SIGNER: "PROVISION_EPHEMERAL_SIGNER";
35
+ readonly LIST_EPHEMERAL_SIGNERS: "LIST_EPHEMERAL_SIGNERS";
36
+ readonly REVOKE_EPHEMERAL_SIGNER: "REVOKE_EPHEMERAL_SIGNER";
34
37
  readonly VERIFY_EMAIL_OTP: "VERIFY_EMAIL_OTP";
35
38
  readonly VERIFY_OAUTH: "VERIFY_OAUTH";
36
39
  readonly START_OAUTH: "START_OAUTH";
@@ -1,5 +1,4 @@
1
1
  import { EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumSendTransactionParams, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult } from '../types/index.mjs';
2
- import '../chain-C9dvKXUY.mjs';
3
2
 
4
3
  declare const useSignMessage: () => {
5
4
  signMessage: (params: EthereumSignMessageParams) => Promise<EthereumSignMessageResult>;
@@ -1,5 +1,4 @@
1
1
  import { EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumSendTransactionParams, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult } from '../types/index.js';
2
- import '../chain-C9dvKXUY.js';
3
2
 
4
3
  declare const useSignMessage: () => {
5
4
  signMessage: (params: EthereumSignMessageParams) => Promise<EthereumSignMessageResult>;
@@ -1,7 +1,6 @@
1
1
  import * as react from 'react';
2
- import { PublicWallet } from '../types/index.mjs';
2
+ import { PublicWallet, EphemeralSigner, ListEphemeralSignersResult, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, RevokeEphemeralSignerParams } from '../types/index.mjs';
3
3
  import { P as PasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.mjs';
4
- import '../chain-C9dvKXUY.mjs';
5
4
 
6
5
  /**
7
6
  * The minimal SDK surface the shared hooks rely on. Both platform
@@ -37,6 +36,9 @@ interface MoonKeyHookSDK {
37
36
  logout: () => Promise<unknown>;
38
37
  getPasskeyStatus: () => Promise<unknown>;
39
38
  removePasskey: (credentialIdB64url: string) => Promise<unknown>;
39
+ provisionEphemeralSigner: (params: unknown) => Promise<unknown>;
40
+ listEphemeralSigners: () => Promise<unknown>;
41
+ revokeEphemeralSigner: (params: unknown) => Promise<unknown>;
40
42
  sendCode: (params: {
41
43
  email: string;
42
44
  disableSignup?: boolean;
@@ -139,6 +141,42 @@ declare const useImportKey: () => {
139
141
  }>;
140
142
  };
141
143
 
144
+ interface UseEphemeralSignerResult {
145
+ /** Active (non-revoked) ephemeral signers for the current user + app. */
146
+ signers: EphemeralSigner[];
147
+ /** True only on the very first load; false during background re-fetches. */
148
+ isLoading: boolean;
149
+ /** True during background re-fetches (e.g. after provision/revoke). */
150
+ isRefreshing: boolean;
151
+ /** Manual re-fetch. Usually unnecessary — provision/revoke trigger it automatically. */
152
+ refresh: () => Promise<ListEphemeralSignersResult>;
153
+ /**
154
+ * Provision a new ephemeral signer. Resolves to the full result
155
+ * (including the one-time api_priv hex). Triggers a list refresh on
156
+ * success.
157
+ */
158
+ provision: (params: ProvisionEphemeralSignerParams) => Promise<ProvisionEphemeralSignerResult>;
159
+ isProvisioning: boolean;
160
+ /**
161
+ * The most recent successful provision result. Stays populated so
162
+ * the caller can render the one-time priv-key surface until they
163
+ * call `reset()`.
164
+ */
165
+ lastProvisioned: ProvisionEphemeralSignerResult | null;
166
+ /**
167
+ * Soft-revoke an ephemeral signer (and forward the revoke to SES).
168
+ * Triggers a list refresh on success. Requires a fresh WebAuthn-bound
169
+ * presence token — the SDK handles the ceremony internally.
170
+ */
171
+ revoke: (params: RevokeEphemeralSignerParams) => Promise<void>;
172
+ isRevoking: boolean;
173
+ /** Most recent error across list/provision/revoke. Cleared by reset() or by the next successful op. */
174
+ error: string | null;
175
+ /** Clear `lastProvisioned` + `error`. Use after dismissing the success surface. */
176
+ reset: () => void;
177
+ }
178
+ declare const useEphemeralSigner: () => UseEphemeralSignerResult;
179
+
142
180
  interface PasskeyStatusEntry {
143
181
  id: string;
144
182
  credential_id: string;
@@ -180,4 +218,4 @@ interface UseRemovePasskeyResult {
180
218
  }
181
219
  declare const useRemovePasskey: () => UseRemovePasskeyResult;
182
220
 
183
- export { type LoginWithEmailState, type MoonKeyHookSDK, type PasskeyStatusEntry, type RegisterPasskeyResult, SDKProvider, type UseAddPasskeyResult, type UseLoginWithEmailCallbacks, type UsePasskeyStatusResult, type UseRemovePasskeyResult, useAddPasskey, useCreateWallet, useImportKey, useLoginWithEmail, useLogout, useMoonKeySDK, usePasskeyStatus, useRegisterPasskey, useRemovePasskey, useUser, useWallets };
221
+ export { type LoginWithEmailState, type MoonKeyHookSDK, type PasskeyStatusEntry, type RegisterPasskeyResult, SDKProvider, type UseAddPasskeyResult, type UseEphemeralSignerResult, type UseLoginWithEmailCallbacks, type UsePasskeyStatusResult, type UseRemovePasskeyResult, useAddPasskey, useCreateWallet, useEphemeralSigner, useImportKey, useLoginWithEmail, useLogout, useMoonKeySDK, usePasskeyStatus, useRegisterPasskey, useRemovePasskey, useUser, useWallets };
@@ -1,7 +1,6 @@
1
1
  import * as react from 'react';
2
- import { PublicWallet } from '../types/index.js';
2
+ import { PublicWallet, EphemeralSigner, ListEphemeralSignersResult, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, RevokeEphemeralSignerParams } from '../types/index.js';
3
3
  import { P as PasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.js';
4
- import '../chain-C9dvKXUY.js';
5
4
 
6
5
  /**
7
6
  * The minimal SDK surface the shared hooks rely on. Both platform
@@ -37,6 +36,9 @@ interface MoonKeyHookSDK {
37
36
  logout: () => Promise<unknown>;
38
37
  getPasskeyStatus: () => Promise<unknown>;
39
38
  removePasskey: (credentialIdB64url: string) => Promise<unknown>;
39
+ provisionEphemeralSigner: (params: unknown) => Promise<unknown>;
40
+ listEphemeralSigners: () => Promise<unknown>;
41
+ revokeEphemeralSigner: (params: unknown) => Promise<unknown>;
40
42
  sendCode: (params: {
41
43
  email: string;
42
44
  disableSignup?: boolean;
@@ -139,6 +141,42 @@ declare const useImportKey: () => {
139
141
  }>;
140
142
  };
141
143
 
144
+ interface UseEphemeralSignerResult {
145
+ /** Active (non-revoked) ephemeral signers for the current user + app. */
146
+ signers: EphemeralSigner[];
147
+ /** True only on the very first load; false during background re-fetches. */
148
+ isLoading: boolean;
149
+ /** True during background re-fetches (e.g. after provision/revoke). */
150
+ isRefreshing: boolean;
151
+ /** Manual re-fetch. Usually unnecessary — provision/revoke trigger it automatically. */
152
+ refresh: () => Promise<ListEphemeralSignersResult>;
153
+ /**
154
+ * Provision a new ephemeral signer. Resolves to the full result
155
+ * (including the one-time api_priv hex). Triggers a list refresh on
156
+ * success.
157
+ */
158
+ provision: (params: ProvisionEphemeralSignerParams) => Promise<ProvisionEphemeralSignerResult>;
159
+ isProvisioning: boolean;
160
+ /**
161
+ * The most recent successful provision result. Stays populated so
162
+ * the caller can render the one-time priv-key surface until they
163
+ * call `reset()`.
164
+ */
165
+ lastProvisioned: ProvisionEphemeralSignerResult | null;
166
+ /**
167
+ * Soft-revoke an ephemeral signer (and forward the revoke to SES).
168
+ * Triggers a list refresh on success. Requires a fresh WebAuthn-bound
169
+ * presence token — the SDK handles the ceremony internally.
170
+ */
171
+ revoke: (params: RevokeEphemeralSignerParams) => Promise<void>;
172
+ isRevoking: boolean;
173
+ /** Most recent error across list/provision/revoke. Cleared by reset() or by the next successful op. */
174
+ error: string | null;
175
+ /** Clear `lastProvisioned` + `error`. Use after dismissing the success surface. */
176
+ reset: () => void;
177
+ }
178
+ declare const useEphemeralSigner: () => UseEphemeralSignerResult;
179
+
142
180
  interface PasskeyStatusEntry {
143
181
  id: string;
144
182
  credential_id: string;
@@ -180,4 +218,4 @@ interface UseRemovePasskeyResult {
180
218
  }
181
219
  declare const useRemovePasskey: () => UseRemovePasskeyResult;
182
220
 
183
- export { type LoginWithEmailState, type MoonKeyHookSDK, type PasskeyStatusEntry, type RegisterPasskeyResult, SDKProvider, type UseAddPasskeyResult, type UseLoginWithEmailCallbacks, type UsePasskeyStatusResult, type UseRemovePasskeyResult, useAddPasskey, useCreateWallet, useImportKey, useLoginWithEmail, useLogout, useMoonKeySDK, usePasskeyStatus, useRegisterPasskey, useRemovePasskey, useUser, useWallets };
221
+ export { type LoginWithEmailState, type MoonKeyHookSDK, type PasskeyStatusEntry, type RegisterPasskeyResult, SDKProvider, type UseAddPasskeyResult, type UseEphemeralSignerResult, type UseLoginWithEmailCallbacks, type UsePasskeyStatusResult, type UseRemovePasskeyResult, useAddPasskey, useCreateWallet, useEphemeralSigner, useImportKey, useLoginWithEmail, useLogout, useMoonKeySDK, usePasskeyStatus, useRegisterPasskey, useRemovePasskey, useUser, useWallets };