@mysten/signers 1.0.1 → 1.0.4

package/CHANGELOG.md

@@ -1,5 +1,48 @@
 # @mysten/signers
 
+## 1.0.4
+
+### Patch Changes
+
+- 9e067cf: Validate the new per-package release flow end-to-end across every public @mysten package.
+  No functional changes — empty patch bump to force the orchestrator to dispatch every
+  release-<pkg>.yml workflow with `dry_run=false` so each package publishes via OIDC trusted
+  publishing.
+- Updated dependencies [9e067cf]
+  - @mysten/aws-kms-signer@0.1.1
+  - @mysten/gcp-kms-signer@0.1.1
+  - @mysten/ledger-signer@0.1.1
+  - @mysten/sui@2.16.1
+  - @mysten/webcrypto-signer@0.1.1
+
+## 1.0.3
+
+### Patch Changes
+
+- 75a32c1: Internal refactor: each backend now lives in its own package (`@mysten/aws-kms-signer`,
+  `@mysten/gcp-kms-signer`, `@mysten/ledger-signer`, `@mysten/webcrypto-signer`). The
+  `@mysten/signers/{aws,gcp,ledger,webcrypto}` subpaths now re-export from the new packages — no
+  public API change. To shrink your dependency tree, switch to importing from the per-backend
+  package directly.
+- Updated dependencies [75a32c1]
+- Updated dependencies [75a32c1]
+- Updated dependencies [75a32c1]
+- Updated dependencies [75a32c1]
+  - @mysten/aws-kms-signer@0.1.0
+  - @mysten/gcp-kms-signer@0.1.0
+  - @mysten/ledger-signer@0.1.0
+  - @mysten/webcrypto-signer@0.1.0
+
+## 1.0.2
+
+### Patch Changes
+
+- Updated dependencies [78a577b]
+- Updated dependencies [ef90be0]
+- Updated dependencies [2ee1a2a]
+  - @mysten/sui@2.10.0
+  - @mysten/ledgerjs-hw-app-sui@0.8.0
+
 ## 1.0.1
 
 ### Patch Changes

package/README.md

@@ -195,7 +195,7 @@ console.log(signer.toSuiAddress());
 
 // Define a test transaction:
 const testTransaction = new Transaction();
-const transactionBytes = await testTransaction.build();
+const transactionBytes = await testTransaction.build({ client: suiClient });
 
 // Sign a test transaction:
 const { signature } = await signer.signTransaction(transactionBytes);

package/dist/aws/index.d.mts

@@ -1,3 +1 @@
-import { AwsClientOptions } from "./aws-client.mjs";
-import { AwsKmsSigner, AwsKmsSignerOptions } from "./aws-kms-signer.mjs";
-export { type AwsClientOptions, AwsKmsSigner, type AwsKmsSignerOptions };
+export * from "@mysten/aws-kms-signer";

package/dist/aws/index.mjs

@@ -1,3 +1,3 @@
-import { AwsKmsSigner } from "./aws-kms-signer.mjs";
+export * from "@mysten/aws-kms-signer"
 
-export { AwsKmsSigner };
+export {  };

package/dist/gcp/index.d.mts

@@ -1,2 +1 @@
-import { GcpKmsSigner, GcpKmsSignerOptions } from "./gcp-kms-client.mjs";
-export { GcpKmsSigner, type GcpKmsSignerOptions };
+export * from "@mysten/gcp-kms-signer";

package/dist/gcp/index.mjs

@@ -1,3 +1,3 @@
-import { GcpKmsSigner } from "./gcp-kms-client.mjs";
+export * from "@mysten/gcp-kms-signer"
 
-export { GcpKmsSigner };
+export {  };

package/dist/ledger/index.d.mts

@@ -1,74 +1 @@
-import { getInputObjects } from "./objects.mjs";
-import { SignatureWithBytes, Signer } from "@mysten/sui/cryptography";
-import { Ed25519PublicKey } from "@mysten/sui/keypairs/ed25519";
-import SuiLedgerClient, { Resolution } from "@mysten/ledgerjs-hw-app-sui";
-import { ClientWithCoreApi } from "@mysten/sui/client";
-
-//#region src/ledger/index.d.ts
-
-/**
- * Configuration options for initializing the LedgerSigner.
- */
-interface LedgerSignerOptions {
-  publicKey: Ed25519PublicKey;
-  derivationPath: string;
-  ledgerClient: SuiLedgerClient;
-  suiClient: ClientWithCoreApi;
-}
-/**
- * Ledger integrates with the Sui blockchain to provide signing capabilities using Ledger devices.
- */
-declare class LedgerSigner extends Signer {
-  #private;
-  /**
-   * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.
-   * @example
-   * ```
-   * const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);
-   * ```
-   */
-  constructor({
-    publicKey,
-    derivationPath,
-    ledgerClient,
-    suiClient
-  }: LedgerSignerOptions);
-  /**
-   * Retrieves the key scheme used by this signer.
-   */
-  getKeyScheme(): "ED25519";
-  /**
-   * Retrieves the public key associated with this signer.
-   * @returns The Ed25519PublicKey instance.
-   */
-  getPublicKey(): Ed25519PublicKey;
-  /**
-   * Signs the provided transaction bytes.
-   * @returns The signed transaction bytes and signature.
-   */
-  signTransaction(bytes: Uint8Array, bcsObjects?: Uint8Array[], resolution?: Resolution): Promise<SignatureWithBytes>;
-  /**
-   * Signs the provided personal message.
-   * @returns The signed message bytes and signature.
-   */
-  signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes>;
-  /**
-   * Prepares the signer by fetching and setting the public key from a Ledger device.
-   * It is recommended to initialize an `LedgerSigner` instance using this function.
-   * @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).
-   */
-  static fromDerivationPath(derivationPath: string, ledgerClient: SuiLedgerClient, suiClient: ClientWithCoreApi): Promise<LedgerSigner>;
-  /**
-   * Generic signing is not supported by Ledger.
-   * @throws Always throws an error indicating generic signing is unsupported.
-   */
-  sign(): never;
-  /**
-   * Generic signing is not supported by Ledger.
-   * @throws Always throws an error indicating generic signing is unsupported.
-   */
-  signWithIntent(): never;
-}
-//#endregion
-export { LedgerSigner, LedgerSignerOptions, getInputObjects };
-//# sourceMappingURL=index.d.mts.map
+export * from "@mysten/ledger-signer";

package/dist/ledger/index.mjs

@@ -1,110 +1,3 @@
-import { getInputObjects } from "./objects.mjs";
-import { Signer, messageWithIntent, toSerializedSignature } from "@mysten/sui/cryptography";
-import { toBase64 } from "@mysten/sui/utils";
-import { Ed25519PublicKey } from "@mysten/sui/keypairs/ed25519";
-import { Transaction } from "@mysten/sui/transactions";
-import { bcs } from "@mysten/sui/bcs";
+export * from "@mysten/ledger-signer"
 
-//#region src/ledger/index.ts
-/**
-* Ledger integrates with the Sui blockchain to provide signing capabilities using Ledger devices.
-*/
-var LedgerSigner = class LedgerSigner extends Signer {
-	#derivationPath;
-	#publicKey;
-	#ledgerClient;
-	#suiClient;
-	/**
-	* Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.
-	* @example
-	* ```
-	* const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);
-	* ```
-	*/
-	constructor({ publicKey, derivationPath, ledgerClient, suiClient }) {
-		super();
-		this.#publicKey = publicKey;
-		this.#derivationPath = derivationPath;
-		this.#ledgerClient = ledgerClient;
-		this.#suiClient = suiClient;
-	}
-	/**
-	* Retrieves the key scheme used by this signer.
-	*/
-	getKeyScheme() {
-		return "ED25519";
-	}
-	/**
-	* Retrieves the public key associated with this signer.
-	* @returns The Ed25519PublicKey instance.
-	*/
-	getPublicKey() {
-		return this.#publicKey;
-	}
-	/**
-	* Signs the provided transaction bytes.
-	* @returns The signed transaction bytes and signature.
-	*/
-	async signTransaction(bytes, bcsObjects, resolution) {
-		const transactionOptions = bcsObjects ? { bcsObjects } : await getInputObjects(Transaction.from(bytes), this.#suiClient).catch(() => ({ bcsObjects: [] }));
-		const intentMessage = messageWithIntent("TransactionData", bytes);
-		const { signature } = await this.#ledgerClient.signTransaction(this.#derivationPath, intentMessage, transactionOptions, resolution);
-		return {
-			bytes: toBase64(bytes),
-			signature: toSerializedSignature({
-				signature,
-				signatureScheme: this.getKeyScheme(),
-				publicKey: this.#publicKey
-			})
-		};
-	}
-	/**
-	* Signs the provided personal message.
-	* @returns The signed message bytes and signature.
-	*/
-	async signPersonalMessage(bytes) {
-		const intentMessage = messageWithIntent("PersonalMessage", bcs.byteVector().serialize(bytes).toBytes());
-		const { signature } = await this.#ledgerClient.signTransaction(this.#derivationPath, intentMessage);
-		return {
-			bytes: toBase64(bytes),
-			signature: toSerializedSignature({
-				signature,
-				signatureScheme: this.getKeyScheme(),
-				publicKey: this.#publicKey
-			})
-		};
-	}
-	/**
-	* Prepares the signer by fetching and setting the public key from a Ledger device.
-	* It is recommended to initialize an `LedgerSigner` instance using this function.
-	* @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).
-	*/
-	static async fromDerivationPath(derivationPath, ledgerClient, suiClient) {
-		const { publicKey } = await ledgerClient.getPublicKey(derivationPath);
-		if (!publicKey) throw new Error("Failed to get public key from Ledger.");
-		return new LedgerSigner({
-			derivationPath,
-			publicKey: new Ed25519PublicKey(publicKey),
-			ledgerClient,
-			suiClient
-		});
-	}
-	/**
-	* Generic signing is not supported by Ledger.
-	* @throws Always throws an error indicating generic signing is unsupported.
-	*/
-	sign() {
-		throw new Error("Ledger Signer does not support generic signing.");
-	}
-	/**
-	* Generic signing is not supported by Ledger.
-	* @throws Always throws an error indicating generic signing is unsupported.
-	*/
-	signWithIntent() {
-		throw new Error("Ledger Signer does not support generic signing.");
-	}
-};
-
-//#endregion
-export { LedgerSigner, getInputObjects };
-//# sourceMappingURL=index.mjs.map
+export {  };

package/dist/webcrypto/index.d.mts

@@ -1,32 +1 @@
-import { SignatureScheme, Signer } from "@mysten/sui/cryptography";
-import { Secp256r1PublicKey } from "@mysten/sui/keypairs/secp256r1";
-
-//#region src/webcrypto/index.d.ts
-interface ExportedWebCryptoKeypair {
-  privateKey: CryptoKey;
-  publicKey: Uint8Array<ArrayBuffer>;
-}
-declare class WebCryptoSigner extends Signer {
-  #private;
-  privateKey: CryptoKey;
-  static generate({
-    extractable
-  }?: {
-    extractable?: boolean;
-  }): Promise<WebCryptoSigner>;
-  /**
-   * Imports a keypair using the value returned by `export()`.
-   */
-  static import(data: ExportedWebCryptoKeypair): WebCryptoSigner;
-  getKeyScheme(): SignatureScheme;
-  constructor(privateKey: CryptoKey, publicKey: Uint8Array);
-  /**
-   * Exports the keypair so that it can be stored in IndexedDB.
-   */
-  export(): ExportedWebCryptoKeypair;
-  getPublicKey(): Secp256r1PublicKey;
-  sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
-}
-//#endregion
-export { ExportedWebCryptoKeypair, WebCryptoSigner };
-//# sourceMappingURL=index.d.mts.map
+export * from "@mysten/webcrypto-signer";

package/dist/webcrypto/index.mjs

@@ -1,70 +1,3 @@
-import { Signer } from "@mysten/sui/cryptography";
-import { p256 } from "@noble/curves/nist.js";
-import { Secp256r1PublicKey } from "@mysten/sui/keypairs/secp256r1";
+export * from "@mysten/webcrypto-signer"
 
-//#region src/webcrypto/index.ts
-function getCompressedPublicKey(publicKey) {
-	const rawBytes = new Uint8Array(publicKey);
-	const x = rawBytes.slice(1, 33);
-	const prefix = (rawBytes.slice(33, 65)[31] & 1) === 0 ? 2 : 3;
-	const compressed = new Uint8Array(Secp256r1PublicKey.SIZE);
-	compressed[0] = prefix;
-	compressed.set(x, 1);
-	return compressed;
-}
-var WebCryptoSigner = class WebCryptoSigner extends Signer {
-	#publicKey;
-	static async generate({ extractable = false } = {}) {
-		const keypair = await globalThis.crypto.subtle.generateKey({
-			name: "ECDSA",
-			namedCurve: "P-256"
-		}, extractable, ["sign", "verify"]);
-		const publicKey = await globalThis.crypto.subtle.exportKey("raw", keypair.publicKey);
-		return new WebCryptoSigner(keypair.privateKey, getCompressedPublicKey(new Uint8Array(publicKey)));
-	}
-	/**
-	* Imports a keypair using the value returned by `export()`.
-	*/
-	static import(data) {
-		return new WebCryptoSigner(data.privateKey, data.publicKey);
-	}
-	getKeyScheme() {
-		return "Secp256r1";
-	}
-	constructor(privateKey, publicKey) {
-		super();
-		this.privateKey = privateKey;
-		this.#publicKey = new Secp256r1PublicKey(publicKey);
-	}
-	/**
-	* Exports the keypair so that it can be stored in IndexedDB.
-	*/
-	export() {
-		const exportedKeypair = {
-			privateKey: this.privateKey,
-			publicKey: this.#publicKey.toRawBytes()
-		};
-		Object.defineProperty(exportedKeypair, "toJSON", {
-			enumerable: false,
-			value: () => {
-				throw new Error("The exported keypair must not be serialized. It must be stored in IndexedDB directly.");
-			}
-		});
-		return exportedKeypair;
-	}
-	getPublicKey() {
-		return this.#publicKey;
-	}
-	async sign(bytes) {
-		const rawSignature = await globalThis.crypto.subtle.sign({
-			name: "ECDSA",
-			hash: "SHA-256"
-		}, this.privateKey, bytes);
-		const signature = p256.Signature.fromBytes(new Uint8Array(rawSignature));
-		return (signature.hasHighS() ? new p256.Signature(signature.r, p256.Point.Fn.neg(signature.s)) : signature).toBytes("compact");
-	}
-};
-
-//#endregion
-export { WebCryptoSigner };
-//# sourceMappingURL=index.mjs.map
+export {  };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mysten/signers",
-  "version": "1.0.1",
+  "version": "1.0.4",
   "description": "A collection of signers for various providers",
   "license": "Apache-2.0",
   "author": "Mysten Labs <build@mystenlabs.com>",
@@ -32,13 +32,8 @@
     "CHANGELOG.md",
     "LICENSE",
     "README.md",
-    "aws",
     "dist",
-    "gcp",
-    "ledger",
-    "src",
-    "src",
-    "webcrypto"
+    "src"
   ],
   "repository": {
     "type": "git",
@@ -50,23 +45,19 @@
   "homepage": "https://github.com/MystenLabs/ts-sdks/tree/main/packages/signers#readme",
   "devDependencies": {
     "@types/node": "^25.0.8",
-    "dotenv": "^17.2.3",
-    "typescript": "^5.9.3",
-    "vitest": "^4.0.17",
-    "@mysten/sui": "^2.3.2"
+    "typescript": "^5.9.3"
   },
   "dependencies": {
-    "@google-cloud/kms": "^5.2.1",
-    "@noble/curves": "^2.0.1",
-    "@noble/hashes": "^2.0.1",
-    "asn1-ts": "^11.0.5",
-    "@mysten/ledgerjs-hw-app-sui": "^0.7.1"
+    "@mysten/aws-kms-signer": "^0.1.1",
+    "@mysten/gcp-kms-signer": "^0.1.1",
+    "@mysten/ledger-signer": "^0.1.1",
+    "@mysten/webcrypto-signer": "^0.1.1"
   },
   "engines": {
     "node": ">=22"
   },
   "peerDependencies": {
-    "@mysten/sui": "^2.3.2"
+    "@mysten/sui": "^2.16.1"
   },
   "scripts": {
     "clean": "rm -rf tsconfig.tsbuildinfo ./dist",
@@ -76,7 +67,6 @@
     "oxlint:check": "oxlint  .",
     "oxlint:fix": "oxlint --fix",
     "lint": "pnpm run oxlint:check && pnpm run prettier:check",
-    "lint:fix": "pnpm run oxlint:fix && pnpm run prettier:fix",
-    "test": "vitest run"
+    "lint:fix": "pnpm run oxlint:fix && pnpm run prettier:fix"
   }
 }

package/src/aws/index.ts

@@ -1,9 +1,4 @@
 // Copyright (c) Mysten Labs, Inc.
 // SPDX-License-Identifier: Apache-2.0
-import type { AwsClientOptions } from './aws-client.js';
-import type { AwsKmsSignerOptions } from './aws-kms-signer.js';
-import { AwsKmsSigner } from './aws-kms-signer.js';
 
-export { AwsKmsSigner };
-
-export type { AwsKmsSignerOptions, AwsClientOptions };
+export * from '@mysten/aws-kms-signer';

package/src/gcp/index.ts

@@ -1,9 +1,4 @@
 // Copyright (c) Mysten Labs, Inc.
 // SPDX-License-Identifier: Apache-2.0
 
-import type { GcpKmsSignerOptions } from './gcp-kms-client.js';
-import { GcpKmsSigner } from './gcp-kms-client.js';
-
-export { GcpKmsSigner };
-
-export type { GcpKmsSignerOptions };
+export * from '@mysten/gcp-kms-signer';

package/src/ledger/index.ts

@@ -1,163 +1,4 @@
 // Copyright (c) Mysten Labs, Inc.
 // SPDX-License-Identifier: Apache-2.0
 
-import type SuiLedgerClient from '@mysten/ledgerjs-hw-app-sui';
-import type { ClientWithCoreApi } from '@mysten/sui/client';
-import type { SignatureWithBytes } from '@mysten/sui/cryptography';
-import { messageWithIntent, Signer, toSerializedSignature } from '@mysten/sui/cryptography';
-import { Ed25519PublicKey } from '@mysten/sui/keypairs/ed25519';
-import { Transaction } from '@mysten/sui/transactions';
-import { toBase64 } from '@mysten/sui/utils';
-
-import { bcs } from '@mysten/sui/bcs';
-import { getInputObjects } from './objects.js';
-import type { Resolution } from '@mysten/ledgerjs-hw-app-sui';
-
-export { getInputObjects } from './objects.js';
-
-/**
- * Configuration options for initializing the LedgerSigner.
- */
-export interface LedgerSignerOptions {
-	publicKey: Ed25519PublicKey;
-	derivationPath: string;
-	ledgerClient: SuiLedgerClient;
-	suiClient: ClientWithCoreApi;
-}
-
-/**
- * Ledger integrates with the Sui blockchain to provide signing capabilities using Ledger devices.
- */
-export class LedgerSigner extends Signer {
-	#derivationPath: string;
-	#publicKey: Ed25519PublicKey;
-	#ledgerClient: SuiLedgerClient;
-	#suiClient: ClientWithCoreApi;
-
-	/**
-	 * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.
-	 * @example
-	 * ```
-	 * const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);
-	 * ```
-	 */
-	constructor({ publicKey, derivationPath, ledgerClient, suiClient }: LedgerSignerOptions) {
-		super();
-		this.#publicKey = publicKey;
-		this.#derivationPath = derivationPath;
-		this.#ledgerClient = ledgerClient;
-		this.#suiClient = suiClient;
-	}
-
-	/**
-	 * Retrieves the key scheme used by this signer.
-	 */
-	override getKeyScheme() {
-		return 'ED25519' as const;
-	}
-
-	/**
-	 * Retrieves the public key associated with this signer.
-	 * @returns The Ed25519PublicKey instance.
-	 */
-	override getPublicKey() {
-		return this.#publicKey;
-	}
-
-	/**
-	 * Signs the provided transaction bytes.
-	 * @returns The signed transaction bytes and signature.
-	 */
-	override async signTransaction(
-		bytes: Uint8Array,
-		bcsObjects?: Uint8Array[],
-		resolution?: Resolution,
-	): Promise<SignatureWithBytes> {
-		const transactionOptions = bcsObjects
-			? { bcsObjects }
-			: await getInputObjects(Transaction.from(bytes), this.#suiClient).catch(() => ({
-					// Fail gracefully so network errors or serialization issues don't break transaction signing:
-					bcsObjects: [],
-				}));
-
-		const intentMessage = messageWithIntent('TransactionData', bytes);
-		const { signature } = await this.#ledgerClient.signTransaction(
-			this.#derivationPath,
-			intentMessage,
-			transactionOptions,
-			resolution,
-		);
-
-		return {
-			bytes: toBase64(bytes),
-			signature: toSerializedSignature({
-				signature,
-				signatureScheme: this.getKeyScheme(),
-				publicKey: this.#publicKey,
-			}),
-		};
-	}
-
-	/**
-	 * Signs the provided personal message.
-	 * @returns The signed message bytes and signature.
-	 */
-	override async signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes> {
-		const intentMessage = messageWithIntent(
-			'PersonalMessage',
-			bcs.byteVector().serialize(bytes).toBytes(),
-		);
-		const { signature } = await this.#ledgerClient.signTransaction(
-			this.#derivationPath,
-			intentMessage,
-		);
-
-		return {
-			bytes: toBase64(bytes),
-			signature: toSerializedSignature({
-				signature,
-				signatureScheme: this.getKeyScheme(),
-				publicKey: this.#publicKey,
-			}),
-		};
-	}
-
-	/**
-	 * Prepares the signer by fetching and setting the public key from a Ledger device.
-	 * It is recommended to initialize an `LedgerSigner` instance using this function.
-	 * @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).
-	 */
-	static async fromDerivationPath(
-		derivationPath: string,
-		ledgerClient: SuiLedgerClient,
-		suiClient: ClientWithCoreApi,
-	) {
-		const { publicKey } = await ledgerClient.getPublicKey(derivationPath);
-		if (!publicKey) {
-			throw new Error('Failed to get public key from Ledger.');
-		}
-
-		return new LedgerSigner({
-			derivationPath,
-			publicKey: new Ed25519PublicKey(publicKey),
-			ledgerClient,
-			suiClient,
-		});
-	}
-
-	/**
-	 * Generic signing is not supported by Ledger.
-	 * @throws Always throws an error indicating generic signing is unsupported.
-	 */
-	override sign(): never {
-		throw new Error('Ledger Signer does not support generic signing.');
-	}
-
-	/**
-	 * Generic signing is not supported by Ledger.
-	 * @throws Always throws an error indicating generic signing is unsupported.
-	 */
-	override signWithIntent(): never {
-		throw new Error('Ledger Signer does not support generic signing.');
-	}
-}
+export * from '@mysten/ledger-signer';