@moon-x/core 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/dist/{chunk-6LTEG7VN.mjs → chunk-I56GRKAG.mjs} +19 -0
  2. package/dist/{chunk-VVL65GIB.mjs → chunk-JU5MWLXH.mjs} +14 -0
  3. package/dist/index.d.mts +2 -3
  4. package/dist/index.d.ts +2 -3
  5. package/dist/index.js +14 -0
  6. package/dist/index.mjs +1 -1
  7. package/dist/{interfaces-pNTEOKaK.d.ts → interfaces-BWxOajnD.d.mts} +17 -2
  8. package/dist/{interfaces-cdKh3sLA.d.mts → interfaces-BZ5GMWS9.d.ts} +17 -2
  9. package/dist/lib/index.d.mts +32 -2
  10. package/dist/lib/index.d.ts +32 -2
  11. package/dist/lib/index.js +21 -0
  12. package/dist/lib/index.mjs +5 -1
  13. package/dist/{post-message-CmgAfkOS.d.mts → post-message-Z6cLf0mS.d.mts} +3 -0
  14. package/dist/{post-message-CmgAfkOS.d.ts → post-message-Z6cLf0mS.d.ts} +3 -0
  15. package/dist/react/ethereum.d.mts +0 -1
  16. package/dist/react/ethereum.d.ts +0 -1
  17. package/dist/react/index.d.mts +41 -3
  18. package/dist/react/index.d.ts +41 -3
  19. package/dist/react/index.js +138 -12
  20. package/dist/react/index.mjs +137 -12
  21. package/dist/react/solana.d.mts +0 -1
  22. package/dist/react/solana.d.ts +0 -1
  23. package/dist/sdk/index.d.mts +68 -14
  24. package/dist/sdk/index.d.ts +68 -14
  25. package/dist/sdk/index.js +280 -20
  26. package/dist/sdk/index.mjs +264 -21
  27. package/dist/types/index.d.mts +135 -3
  28. package/dist/types/index.d.ts +135 -3
  29. package/dist/utils/index.d.mts +1 -1
  30. package/dist/utils/index.d.ts +1 -1
  31. package/dist/utils/index.js +14 -0
  32. package/dist/utils/index.mjs +1 -1
  33. package/dist/web/index.d.mts +2 -2
  34. package/dist/web/index.d.ts +2 -2
  35. package/dist/web/index.mjs +1 -1
  36. package/package.json +3 -1
  37. package/dist/chain-C9dvKXUY.d.mts +0 -48
  38. package/dist/chain-C9dvKXUY.d.ts +0 -48
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  PostMessageMethod,
3
3
  PostMessageType
4
- } from "../chunk-VVL65GIB.mjs";
4
+ } from "../chunk-JU5MWLXH.mjs";
5
5
  import {
6
6
  arrayLikeToBytes,
7
7
  authState,
@@ -10,9 +10,12 @@ import {
10
10
  bs58ToBytes,
11
11
  serializeEthereumTransaction,
12
12
  toB64url
13
- } from "../chunk-6LTEG7VN.mjs";
13
+ } from "../chunk-I56GRKAG.mjs";
14
14
  import "../chunk-GQKIA37O.mjs";
15
15
 
16
+ // src/sdk/interfaces.ts
17
+ var resolveRelyingPartyOrigin = async (input) => typeof input === "function" ? input() : input;
18
+
16
19
  // src/sdk/parent-passkey-assert.ts
17
20
  var assertPasskeyInParent = async ({
18
21
  transport,
@@ -56,10 +59,11 @@ var getPresenceToken = async ({
56
59
  publishableKey,
57
60
  relyingPartyOrigin
58
61
  }) => {
62
+ const rpOrigin = await resolveRelyingPartyOrigin(relyingPartyOrigin);
59
63
  const { token, optionsJSON } = await transport.send(
60
64
  PostMessageType.AUTH,
61
65
  PostMessageMethod.PASSKEY_PRESENCE_BEGIN,
62
- { publishableKey, relyingPartyOrigin }
66
+ { publishableKey, relyingPartyOrigin: rpOrigin }
63
67
  );
64
68
  const response = await passkey.assertForServer({ optionsJSON });
65
69
  const verify = await transport.send(
@@ -67,7 +71,7 @@ var getPresenceToken = async ({
67
71
  PostMessageMethod.PASSKEY_PRESENCE_VERIFY,
68
72
  {
69
73
  publishableKey,
70
- relyingPartyOrigin,
74
+ relyingPartyOrigin: rpOrigin,
71
75
  token,
72
76
  response
73
77
  }
@@ -84,32 +88,46 @@ var getInternalPresenceTokens = async ({
84
88
  passkey,
85
89
  publishableKey,
86
90
  relyingPartyOrigin,
87
- scopes
91
+ scopes,
92
+ scopeCounts
88
93
  }) => {
94
+ const rpOrigin = await resolveRelyingPartyOrigin(relyingPartyOrigin);
89
95
  const { token, optionsJSON } = await transport.send(
90
96
  PostMessageType.AUTH,
91
97
  PostMessageMethod.PASSKEY_PRESENCE_BEGIN,
92
- { publishableKey, relyingPartyOrigin }
98
+ { publishableKey, relyingPartyOrigin: rpOrigin }
93
99
  );
94
100
  const { response, userHandleB64url, credentialIdB64url } = await passkey.assertForInternalPresence({ optionsJSON });
101
+ const verifyPayload = {
102
+ publishableKey,
103
+ relyingPartyOrigin: rpOrigin,
104
+ token,
105
+ response,
106
+ purpose: "internal"
107
+ };
108
+ if (scopes && scopes.length > 0) verifyPayload.scopes = scopes;
109
+ if (scopeCounts && Object.keys(scopeCounts).length > 0) {
110
+ verifyPayload.scope_counts = scopeCounts;
111
+ }
95
112
  const verify = await transport.send(
96
113
  PostMessageType.AUTH,
97
114
  PostMessageMethod.PASSKEY_PRESENCE_VERIFY,
98
- {
99
- publishableKey,
100
- relyingPartyOrigin,
101
- token,
102
- response,
103
- purpose: "internal",
104
- scopes
105
- }
115
+ verifyPayload
106
116
  );
107
117
  const out = {};
108
118
  for (const [scope, t] of Object.entries(verify.tokens ?? {})) {
109
119
  out[scope] = { token: t.token, expiresAt: t.expires_at };
110
120
  }
121
+ const outBatches = {};
122
+ for (const [scope, batch] of Object.entries(verify.token_batches ?? {})) {
123
+ outBatches[scope] = batch.map((t) => ({
124
+ token: t.token,
125
+ expiresAt: t.expires_at
126
+ }));
127
+ }
111
128
  return {
112
129
  tokens: out,
130
+ tokenBatches: outBatches,
113
131
  userHandleB64url,
114
132
  credentialIdB64url
115
133
  };
@@ -556,6 +574,8 @@ var getHeadlessAuthenticationMethods = ({
556
574
  var SCOPES_CREATE_WALLET = ["dek_bootstrap", "keyshare_write"];
557
575
  var SCOPES_IMPORT_KEY = ["dek_bootstrap", "keyshare_write"];
558
576
  var SCOPES_REMOVE_PASSKEY = ["passkey_remove"];
577
+ var SCOPES_PROVISION_EPHEMERAL_SIGNER = ["keyshare_read"];
578
+ var SCOPES_REVOKE_EPHEMERAL_SIGNER = ["ephemeral_signer_revoke"];
559
579
  var getHeadlessGeneralMethods = ({
560
580
  transport,
561
581
  passkey,
@@ -571,7 +591,11 @@ var getHeadlessGeneralMethods = ({
571
591
  { publishableKey }
572
592
  ),
573
593
  removePasskey: async (credentialIdB64url) => {
574
- const { tokens, userHandleB64url, credentialIdB64url: assertedCredId } = await getInternalPresenceTokens({
594
+ const {
595
+ tokens,
596
+ userHandleB64url,
597
+ credentialIdB64url: assertedCredId
598
+ } = await getInternalPresenceTokens({
575
599
  transport,
576
600
  passkey,
577
601
  publishableKey,
@@ -644,6 +668,83 @@ var getHeadlessGeneralMethods = ({
644
668
  );
645
669
  return { wallet };
646
670
  },
671
+ provisionEphemeralSigner: async (params) => {
672
+ const walletCount = params.walletIds.length;
673
+ if (walletCount === 0) {
674
+ throw new Error(
675
+ "provisionEphemeralSigner: at least one walletId required"
676
+ );
677
+ }
678
+ const { userHandleB64url, credentialIdB64url, tokenBatches } = await getInternalPresenceTokens({
679
+ transport,
680
+ passkey,
681
+ publishableKey,
682
+ relyingPartyOrigin,
683
+ scopeCounts: { [SCOPES_PROVISION_EPHEMERAL_SIGNER[0]]: walletCount }
684
+ });
685
+ const keyshareReadBatch = (tokenBatches[SCOPES_PROVISION_EPHEMERAL_SIGNER[0]] ?? []).map((t) => t.token);
686
+ if (keyshareReadBatch.length !== walletCount) {
687
+ throw new Error(
688
+ `provisionEphemeralSigner: server returned ${keyshareReadBatch.length} tokens, expected ${walletCount}`
689
+ );
690
+ }
691
+ return transport.send(
692
+ PostMessageType.WALLET,
693
+ PostMessageMethod.PROVISION_EPHEMERAL_SIGNER,
694
+ {
695
+ publishableKey,
696
+ userHandleB64url,
697
+ credentialIdB64url,
698
+ // One keyshare_read token per wallet, parallel to params.walletIds
699
+ // (iframe consumes them positionally after wallet resolution).
700
+ presenceTokenBatches: {
701
+ [SCOPES_PROVISION_EPHEMERAL_SIGNER[0]]: keyshareReadBatch
702
+ },
703
+ walletIds: params.walletIds,
704
+ expiresAt: params.expiresAt?.toISOString(),
705
+ label: params.label
706
+ }
707
+ );
708
+ },
709
+ // Read-only: list the user's active (non-revoked) provisioned agents
710
+ // for the current app. No WebAuthn ceremony needed — the wallet
711
+ // session JWT is enough since this exposes only metadata (api_pub,
712
+ // key_ids, expiry) and not the private agent material.
713
+ listEphemeralSigners: async () => {
714
+ return transport.send(
715
+ PostMessageType.WALLET,
716
+ PostMessageMethod.LIST_EPHEMERAL_SIGNERS,
717
+ { publishableKey }
718
+ );
719
+ },
720
+ // Soft-revoke a signer (and forward the revoke to SES). Requires a
721
+ // fresh WebAuthn-bound presence token: ephemeral_signer_revoke scope. Wallet JWT
722
+ // alone isn't enough because revoke is destructive (DoS-grade) — the
723
+ // presence proof confirms it's really the user driving it.
724
+ revokeEphemeralSigner: async (params) => {
725
+ const { userHandleB64url, credentialIdB64url, tokens } = await getInternalPresenceTokens({
726
+ transport,
727
+ passkey,
728
+ publishableKey,
729
+ relyingPartyOrigin,
730
+ scopes: SCOPES_REVOKE_EPHEMERAL_SIGNER
731
+ });
732
+ await transport.send(
733
+ PostMessageType.WALLET,
734
+ PostMessageMethod.REVOKE_EPHEMERAL_SIGNER,
735
+ {
736
+ publishableKey,
737
+ apiPubHex: params.apiPubHex,
738
+ userHandleB64url,
739
+ credentialIdB64url,
740
+ presenceTokens: flattenPresenceTokens({
741
+ tokens,
742
+ userHandleB64url,
743
+ credentialIdB64url
744
+ })
745
+ }
746
+ );
747
+ },
647
748
  getWallets: async (walletType) => {
648
749
  const { wallets } = await transport.send(
649
750
  PostMessageType.WALLET,
@@ -660,11 +761,9 @@ var getHeadlessGeneralMethods = ({
660
761
  // silently extend session lifetime.
661
762
  getSessionTokens: async () => {
662
763
  try {
663
- const session = await transport.send(
664
- PostMessageType.AUTH,
665
- PostMessageMethod.GET_CURRENT_SESSION,
666
- { publishableKey }
667
- );
764
+ const session = await transport.send(PostMessageType.AUTH, PostMessageMethod.GET_CURRENT_SESSION, {
765
+ publishableKey
766
+ });
668
767
  return session ? {
669
768
  accessToken: session.accessToken,
670
769
  identityToken: session.identityToken,
@@ -728,7 +827,149 @@ var getHeadlessGeneralMethods = ({
728
827
  }
729
828
  }
730
829
  });
830
+
831
+ // src/sdk/ephemeral-signer-sign.ts
832
+ import { ed25519 } from "@noble/curves/ed25519";
833
+ import { bytesToHex, hexToBytes } from "@noble/hashes/utils";
834
+ function normalizeBase(url) {
835
+ return url.replace(/\/+$/, "");
836
+ }
837
+ var EphemeralSignerSignError = class extends Error {
838
+ constructor(message, status, body) {
839
+ super(message);
840
+ this.status = status;
841
+ this.body = body;
842
+ this.name = "EphemeralSignerSignError";
843
+ }
844
+ };
845
+ var bindingsCache = /* @__PURE__ */ new Map();
846
+ async function resolveBinding(input) {
847
+ const cached = bindingsCache.get(input.apiPubHex);
848
+ if (cached) {
849
+ const hit2 = cached.find((b) => b.walletId === input.walletId);
850
+ if (hit2) return hit2;
851
+ }
852
+ const issuedAt = (/* @__PURE__ */ new Date()).toISOString();
853
+ const signedBodyBytes = new TextEncoder().encode(
854
+ JSON.stringify({ issued_at: issuedAt })
855
+ );
856
+ const apiPrivBytes = hexToBytes(input.apiPrivHex);
857
+ const agentSig = ed25519.sign(signedBodyBytes, apiPrivBytes);
858
+ const url = `${normalizeBase(input.baseUrl)}/v0/wallets/ephemeral-signers/me/wallets`;
859
+ const fetchFn = input.fetchImpl ?? fetch;
860
+ let response;
861
+ try {
862
+ response = await fetchFn(url, {
863
+ method: "POST",
864
+ headers: {
865
+ "Content-Type": "application/json",
866
+ Authorization: `PublicToken ${input.publishableKey}`
867
+ },
868
+ body: JSON.stringify({
869
+ api_pub: input.apiPubHex,
870
+ signed_body: bytesToHex(signedBodyBytes),
871
+ agent_signature: bytesToHex(agentSig)
872
+ })
873
+ });
874
+ } catch (e) {
875
+ throw new EphemeralSignerSignError(
876
+ `wallet binding fetch failed: ${e instanceof Error ? e.message : String(e)}`
877
+ );
878
+ }
879
+ if (!response.ok) {
880
+ const body = await response.text().catch(() => "");
881
+ throw new EphemeralSignerSignError(
882
+ `wallet binding fetch failed: ${response.status}`,
883
+ response.status,
884
+ body
885
+ );
886
+ }
887
+ const json = await response.json();
888
+ const bindings = json.wallets.map((w) => ({
889
+ walletId: w.wallet_id,
890
+ keyId: w.key_id,
891
+ derivationPath: w.derivation_path
892
+ }));
893
+ bindingsCache.set(input.apiPubHex, bindings);
894
+ const hit = bindings.find((b) => b.walletId === input.walletId);
895
+ if (!hit) {
896
+ throw new EphemeralSignerSignError(
897
+ `walletId ${input.walletId} is not authorized for this agent`
898
+ );
899
+ }
900
+ return hit;
901
+ }
902
+ async function signWithEphemeralSigner(input) {
903
+ if (!/^[0-9a-f]{64}$/i.test(input.apiPubHex)) {
904
+ throw new EphemeralSignerSignError(
905
+ "apiPubHex must be 64 lowercase hex chars (32-byte Ed25519 pubkey)"
906
+ );
907
+ }
908
+ if (!/^[0-9a-f]{64}$/i.test(input.apiPrivHex)) {
909
+ throw new EphemeralSignerSignError(
910
+ "apiPrivHex must be 64 lowercase hex chars (32-byte Ed25519 privkey)"
911
+ );
912
+ }
913
+ if (!input.walletId) {
914
+ throw new EphemeralSignerSignError("walletId is required");
915
+ }
916
+ if (!input.rawSigningPayloadHex || !/^[0-9a-f]+$/i.test(input.rawSigningPayloadHex)) {
917
+ throw new EphemeralSignerSignError(
918
+ "rawSigningPayloadHex must be a non-empty lowercase hex string"
919
+ );
920
+ }
921
+ if (!input.publishableKey) {
922
+ throw new EphemeralSignerSignError(
923
+ "publishableKey is required \u2014 wallets backend gates /ephemeral-signers/* with RequirePublicToken"
924
+ );
925
+ }
926
+ const binding = await resolveBinding(input);
927
+ const issuedAt = (input.issuedAt ?? /* @__PURE__ */ new Date()).toISOString();
928
+ const signedPayload = {
929
+ raw_signing_payload: input.rawSigningPayloadHex,
930
+ key_id: binding.keyId,
931
+ derivation_path: binding.derivationPath,
932
+ issued_at: issuedAt
933
+ };
934
+ const signedBodyBytes = new TextEncoder().encode(
935
+ JSON.stringify(signedPayload)
936
+ );
937
+ const apiPrivBytes = hexToBytes(input.apiPrivHex);
938
+ const agentSig = ed25519.sign(signedBodyBytes, apiPrivBytes);
939
+ const requestBody = {
940
+ api_pub: input.apiPubHex,
941
+ signed_body: bytesToHex(signedBodyBytes),
942
+ agent_signature: bytesToHex(agentSig)
943
+ };
944
+ const url = `${normalizeBase(input.baseUrl)}/v0/wallets/ephemeral-signers/sign`;
945
+ const fetchFn = input.fetchImpl ?? fetch;
946
+ let response;
947
+ try {
948
+ response = await fetchFn(url, {
949
+ method: "POST",
950
+ headers: {
951
+ "Content-Type": "application/json",
952
+ Authorization: `PublicToken ${input.publishableKey}`
953
+ },
954
+ body: JSON.stringify(requestBody)
955
+ });
956
+ } catch (e) {
957
+ throw new EphemeralSignerSignError(
958
+ `transport failure: ${e instanceof Error ? e.message : String(e)}`
959
+ );
960
+ }
961
+ if (!response.ok) {
962
+ const body = await response.text().catch(() => "");
963
+ throw new EphemeralSignerSignError(
964
+ `ephemeral signer sign failed: ${response.status}`,
965
+ response.status,
966
+ body
967
+ );
968
+ }
969
+ return await response.json();
970
+ }
731
971
  export {
972
+ EphemeralSignerSignError,
732
973
  assertPasskeyInParent,
733
974
  flattenPresenceTokens,
734
975
  getHeadlessAuthenticationMethods,
@@ -736,5 +977,7 @@ export {
736
977
  getHeadlessGeneralMethods,
737
978
  getHeadlessSolanaMethods,
738
979
  getInternalPresenceTokens,
739
- getPresenceToken
980
+ getPresenceToken,
981
+ resolveRelyingPartyOrigin,
982
+ signWithEphemeralSigner
740
983
  };
@@ -1,5 +1,49 @@
1
- import { a as ChainLikeWithId, C as Chain } from '../chain-C9dvKXUY.mjs';
2
- export { B as BlockExplorer, E as EthereumChainConfig, N as NativeCurrency, R as RpcConfig, b as RpcUrls } from '../chain-C9dvKXUY.mjs';
1
+ type RpcUrls = {
2
+ http: readonly string[];
3
+ webSocket?: readonly string[];
4
+ };
5
+ type NativeCurrency = {
6
+ name: string;
7
+ symbol: string;
8
+ decimals: number;
9
+ };
10
+ type BlockExplorer = {
11
+ name: string;
12
+ url: string;
13
+ };
14
+ type Chain = {
15
+ id: number;
16
+ name: string;
17
+ network?: string;
18
+ nativeCurrency: NativeCurrency;
19
+ blockExplorers?: {
20
+ [key: string]: BlockExplorer;
21
+ default: BlockExplorer;
22
+ };
23
+ rpcUrls: {
24
+ [key: string]: RpcUrls;
25
+ default: RpcUrls;
26
+ };
27
+ testnet?: boolean;
28
+ };
29
+ type ChainLikeWithId = {
30
+ id: number;
31
+ };
32
+ type RpcConfig = {
33
+ rpcUrls?: {
34
+ [chainId: number]: string;
35
+ };
36
+ rpcTimeout?: number;
37
+ };
38
+ interface EthereumChainConfig {
39
+ defaultChain?: any;
40
+ supportedChains?: any[];
41
+ rpcs?: {
42
+ 'ethereum:mainnet': {
43
+ rpc: string;
44
+ };
45
+ };
46
+ }
3
47
 
4
48
  interface PublicWallet {
5
49
  id: string;
@@ -619,6 +663,94 @@ interface SolanaGetTokenAccountsByOwnerResult {
619
663
  tokenAccounts: any[];
620
664
  }
621
665
 
666
+ type EphemeralSignerScheme = "ecdsa_secp256k1" | "eddsa_ed25519";
667
+ type EphemeralSignerChain = "ethereum" | "solana";
668
+ interface ProvisionEphemeralSignerParams {
669
+ /**
670
+ * Wallet IDs (from `user.wallets[i].id`) the agent will be authorized
671
+ * over. The iframe resolves each ID to its `key_id`, chain → MPC
672
+ * scheme, and stored `derivation_path` — integrator code doesn't need
673
+ * to know about MPC internals or BIP-32 path formatting.
674
+ */
675
+ walletIds: string[];
676
+ /**
677
+ * Optional expiration. If set, the SES enclave refuses sign requests
678
+ * issued after this timestamp. Omit for an open-ended provisioning
679
+ * the user can revoke later.
680
+ */
681
+ expiresAt?: Date;
682
+ /**
683
+ * Optional user-facing name ("DCA bot"). Stored on the wallets
684
+ * backend for the manage view — not sealed into the SES AAD, so
685
+ * renaming later is a DB-only edit and doesn't invalidate the
686
+ * provisioned signer.
687
+ */
688
+ label?: string;
689
+ }
690
+ /**
691
+ * Per-wallet display entry inside an EphemeralSigner. The list
692
+ * response is deliberately slim — schemes / derivation paths stay
693
+ * server-side (SES enforces them) and are exposed via a per-signer
694
+ * detail endpoint if ever needed.
695
+ */
696
+ interface EphemeralSignerWallet {
697
+ /** Wallet's public address/key, as stored in `platform.wallets.public_key`. */
698
+ address: string;
699
+ /** "ethereum", "solana", etc. */
700
+ chain: string;
701
+ }
702
+ /**
703
+ * One previously-provisioned ephemeral signer as returned by the list
704
+ * endpoint. Lighter than ProvisionEphemeralSignerResult — no enclave
705
+ * attestation metadata, no priv key. Drives the manage view.
706
+ */
707
+ interface EphemeralSigner {
708
+ /** Lowercase-hex Ed25519 public key. Unique within the app. */
709
+ api_pub: string;
710
+ label?: string;
711
+ /** One entry per wallet the signer is authorized over, in provisioning order. */
712
+ wallets: EphemeralSignerWallet[];
713
+ /** RFC3339. Omitted if the signer has no expiration. */
714
+ expires_at?: string;
715
+ /** RFC3339. When the row was created. */
716
+ provisioned_at: string;
717
+ }
718
+ interface ListEphemeralSignersResult {
719
+ signers: EphemeralSigner[];
720
+ }
721
+ interface RevokeEphemeralSignerParams {
722
+ /** Lowercase-hex Ed25519 signer public key, no 0x. */
723
+ apiPubHex: string;
724
+ }
725
+ interface ProvisionEphemeralSignerResult {
726
+ /** 32-byte Ed25519 signer public key (lowercase hex, no 0x). Already provisioned in the SES enclave. */
727
+ apiPubHex: string;
728
+ /**
729
+ * 32-byte Ed25519 signer private key (lowercase hex, no 0x). MoonX
730
+ * does not persist this — the caller is responsible for surfacing it
731
+ * to the user exactly once and never storing it server-side.
732
+ */
733
+ apiPrivHex: string;
734
+ /** AWS Nitro module ID from the verified attestation (e.g. `i-…-enc…`). */
735
+ moduleId: string;
736
+ /** PCR indices that matched the operator-pinned allowlist (typically [0,1,2]). */
737
+ pcrsMatched: number[];
738
+ /**
739
+ * The exact ProvisionAad JSON the iframe sealed to the enclave —
740
+ * useful for rendering a confirmation summary in the parent UI
741
+ * without rebuilding it from `wallets`.
742
+ */
743
+ aad: {
744
+ api_pub: string;
745
+ shares: Array<{
746
+ key_id: string;
747
+ scheme: EphemeralSignerScheme;
748
+ allowed_derivation_paths: string[];
749
+ }>;
750
+ expires_at: string | null;
751
+ };
752
+ }
753
+
622
754
  type EmailOtpFlowState = {
623
755
  status: "start";
624
756
  } | {
@@ -1194,4 +1326,4 @@ interface WalletVerifyRequest {
1194
1326
  sessionExpiresIn: number;
1195
1327
  }
1196
1328
 
1197
- export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, Chain, ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PresenceTokenClaims, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
1329
+ export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, type BlockExplorer, type Chain, type ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EphemeralSigner, type EphemeralSignerChain, type EphemeralSignerScheme, type EphemeralSignerWallet, type EthereumChainConfig, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type ListEphemeralSignersResult, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, type NativeCurrency, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PresenceTokenClaims, type ProvisionEphemeralSignerParams, type ProvisionEphemeralSignerResult, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type RevokeEphemeralSignerParams, type RpcConfig, type RpcUrls, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };