@nockchain/rose 0.1.4-nightly.5

package/extension/shared/wallet-crypto.ts

@@ -0,0 +1,77 @@
+/**
+ * Wallet cryptographic utilities
+ * Integrates Nockchain WASM bindings
+ */
+
+import {
+  generateMnemonic as generateMnemonicScure,
+  validateMnemonic as validateMnemonicScure,
+} from '@scure/bip39';
+import { wordlist } from '@scure/bip39/wordlists/english.js';
+import { deriveMasterKeyFromMnemonic } from '@nockchain/rose-wasm/rose_wasm.js';
+import { publicKeyToPKH } from './address-encoding';
+import { initIrisSdkOnce } from './wasm-utils';
+
+/**
+ * Generates a BIP-39 mnemonic (24 words)
+ * Uses 256 bits of entropy for maximum security
+ */
+export function generateMnemonic(): string {
+  return generateMnemonicScure(wordlist, 256);
+}
+
+/**
+ * Validates a BIP-39 mnemonic
+ * @param mnemonic - The mnemonic phrase to validate
+ * @returns true if valid, false otherwise
+ */
+export function validateMnemonic(mnemonic: string): boolean {
+  return validateMnemonicScure(mnemonic, wordlist);
+}
+
+/**
+ * Derives a Nockchain v1 PKH address from the master key (no child derivation)
+ * This matches the CLI wallet behavior
+ * @param mnemonic - The BIP-39 mnemonic phrase
+ * @returns A Base58-encoded Nockchain v1 PKH address (~60 characters)
+ */
+export async function deriveAddressFromMaster(mnemonic: string): Promise<string> {
+  await initIrisSdkOnce();
+
+  // Derive master key from mnemonic
+  const masterKey = deriveMasterKeyFromMnemonic(mnemonic, '');
+
+  // Use master key public key directly (no child derivation)
+  const address = publicKeyToPKH(masterKey.publicKey);
+
+  // Clean up WASM memory
+  masterKey.free();
+
+  return address;
+}
+
+/**
+ * Derives a Nockchain v1 PKH address from a mnemonic using SLIP-10 child derivation
+ * @param mnemonic - The BIP-39 mnemonic phrase
+ * @param accountIndex - The account derivation index (default 0)
+ * @returns A Base58-encoded Nockchain v1 PKH address (~60 characters)
+ */
+export async function deriveAddress(mnemonic: string, accountIndex: number = 0): Promise<string> {
+  await initIrisSdkOnce();
+
+  // Derive master key from mnemonic
+  const masterKey = deriveMasterKeyFromMnemonic(mnemonic, '');
+
+  // Derive child key at account index
+  const childKey = masterKey.deriveChild(accountIndex);
+
+  // Get the public key hash (PKH) for v1 addresses
+  // v1 uses TIP5 hash of the public key, base58 encoded
+  const address = publicKeyToPKH(childKey.publicKey);
+
+  // Clean up WASM memory
+  childKey.free();
+  masterKey.free();
+
+  return address;
+}

package/extension/shared/wasm-utils.ts

@@ -0,0 +1,76 @@
+/**
+ * WASM Utilities
+ * Centralized utilities for loading and initializing WASM modules
+ */
+
+import initWasm from '@nockchain/rose-wasm/rose_wasm.js';
+
+/**
+ * Track if WASM modules have been initialized (per-context)
+ */
+let wasmInitialized = false;
+const IRIS_WASM_INIT_KEY = '__rose_wasm_init_promise__';
+
+/**
+ * Initialize WASM modules (low-level, no caching).
+ *
+ * Prefer calling `initIrisSdkOnce()` (or its aliases) instead.
+ */
+async function initWasmModulesRaw(): Promise<void> {
+  // Let the wasm-bindgen loader resolve the `.wasm` URL via `import.meta.url`.
+  // Vite will rewrite that into a hashed asset (e.g. `dist/assets/rose_wasm_bg-<hash>.wasm`)
+  // and the extension can fetch it from its own origin.
+  await initWasm();
+}
+
+/**
+ * Initialize Rose WASM once per context (promise-cached).
+ * Concurrent callers share a single init Promise (SDK-style).
+ */
+export async function initIrisSdkOnce(): Promise<void> {
+  if (wasmInitialized) return;
+
+  const g = globalThis as typeof globalThis & Record<string, unknown>;
+  const existing = g[IRIS_WASM_INIT_KEY];
+
+  if (existing && existing instanceof Promise) {
+    return existing.catch(err => {
+      if (g[IRIS_WASM_INIT_KEY] === existing) {
+        delete g[IRIS_WASM_INIT_KEY];
+      }
+      throw err;
+    });
+  }
+
+  const p = initWasmModulesRaw()
+    .then(() => {
+      wasmInitialized = true;
+    })
+    .catch(err => {
+      if (g[IRIS_WASM_INIT_KEY] === p) {
+        delete g[IRIS_WASM_INIT_KEY];
+      }
+      throw err;
+    });
+
+  g[IRIS_WASM_INIT_KEY] = p;
+  await p;
+}
+
+/**
+ * Back-compat alias.
+ * Historically, the codebase used `ensureWasmInitialized()` to mean "once per context".
+ */
+export async function ensureWasmInitialized(): Promise<void> {
+  return initIrisSdkOnce();
+}
+
+/**
+ * Exported for compatibility with recent call sites.
+ *
+ * Important: despite the name, this is intentionally **deduped** and safe to call many times.
+ * If you truly need a raw init (rare), use a dedicated helper in this module.
+ */
+export async function initWasmModules(): Promise<void> {
+  return initIrisSdkOnce();
+}

package/extension/shared/webcrypto.ts

@@ -0,0 +1,67 @@
+/**
+ * WebCrypto utilities for vault encryption/decryption
+ * Uses PBKDF2 for key derivation and AES-GCM for encryption
+ */
+
+/** PBKDF2 iteration count (OWASP recommends 600k+ for SHA-256, we use 310k for UX balance) */
+export const PBKDF2_ITERATIONS = 310_000;
+
+export function rand(n: number): Uint8Array {
+  const u = new Uint8Array(n);
+  crypto.getRandomValues(u);
+  return u;
+}
+
+export async function deriveKeyPBKDF2(
+  password: string,
+  salt: Uint8Array,
+  iterations: number = PBKDF2_ITERATIONS,
+  hash: 'SHA-256' | 'SHA-512' = 'SHA-256'
+): Promise<{ key: CryptoKey; salt: Uint8Array }> {
+  const enc = new TextEncoder();
+  const baseKey = await crypto.subtle.importKey(
+    'raw',
+    enc.encode(password),
+    { name: 'PBKDF2' },
+    false,
+    ['deriveKey']
+  );
+  const key = await crypto.subtle.deriveKey(
+    {
+      name: 'PBKDF2',
+      salt: salt as BufferSource,
+      iterations,
+      hash,
+    },
+    baseKey,
+    { name: 'AES-GCM', length: 256 },
+    true,
+    ['encrypt', 'decrypt']
+  );
+  // Return key and salt as plain object (safe - no mutation of CryptoKey)
+  return { key, salt };
+}
+
+export async function encryptGCM(
+  key: CryptoKey,
+  data: Uint8Array
+): Promise<{ iv: Uint8Array; ct: Uint8Array }> {
+  const iv = rand(12);
+  const ct = new Uint8Array(
+    await crypto.subtle.encrypt(
+      { name: 'AES-GCM', iv: iv as BufferSource },
+      key,
+      data as BufferSource
+    )
+  );
+  return { iv, ct };
+}
+
+export async function decryptGCM(key: CryptoKey, iv: Uint8Array, ct: Uint8Array): Promise<string> {
+  const pt = await crypto.subtle.decrypt(
+    { name: 'AES-GCM', iv: iv as BufferSource },
+    key,
+    ct as BufferSource
+  );
+  return new TextDecoder().decode(pt);
+}

package/extension/types/wasm.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Type declarations for WASM modules
+ * TypeScript can't find the .d.ts files when importing .js extensions
+ * with moduleResolution: "bundler", so we declare them here
+ */
+
+/// <reference path="@nockchain/rose-wasm/rose_wasm.d.ts" />
+
+declare module '@nockchain/rose-wasm/rose_wasm.js' {
+  export * from '@nockchain/rose-wasm/rose_wasm';
+  import init from '@nockchain/rose-wasm/rose_wasm';
+  export default init;
+}

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "@nockchain/rose",
+  "version": "0.1.4-nightly.5",
+  "description": "Rose - Chrome Wallet Extension for Nockchain",
+  "type": "module",
+  "scripts": {
+    "dev": "vite build --watch",
+    "build": "tsc && vite build",
+    "preview": "vite preview",
+    "format": "prettier --write .",
+    "format:check": "prettier --check .",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@fontsource/inter": "5.2.8",
+    "@fontsource/lora": "5.2.8",
+    "@nockchain/sdk": "0.1.4-nightly.5",
+    "@scure/base": "2.0.0",
+    "@scure/bip39": "2.0.1",
+    "react": "19.2.3",
+    "react-dom": "19.2.3",
+    "zustand": "5.0.9"
+  },
+  "devDependencies": {
+    "@crxjs/vite-plugin": "2.3.0",
+    "@tailwindcss/postcss": "4.1.18",
+    "@types/chrome": "0.1.32",
+    "@types/node": "20.19.6",
+    "@types/react": "19.2.7",
+    "@types/react-dom": "19.2.3",
+    "autoprefixer": "10.4.23",
+    "postcss": "8.5.6",
+    "prettier": "3.7.4",
+    "tailwindcss": "4.1.18",
+    "terser": "5.44.1",
+    "typescript": "5.9.3",
+    "vite": "7.3.0"
+  }
+}

package/postcss.config.js

@@ -0,0 +1,6 @@
+export default {
+  plugins: {
+    '@tailwindcss/postcss': {},
+    autoprefixer: {},
+  },
+};

package/sdk/README.md

@@ -0,0 +1,88 @@
+# `@nockchain/sdk`
+
+TypeScript SDK for interacting with the **Rose** browser wallet extension (Nockchain).
+
+## Install
+
+```bash
+npm i @nockchain/sdk
+```
+
+## What you get
+
+- **`NockchainProvider`**: connect to Rose and request signatures / transactions (EIP-1193-ish API).
+- **`TransactionBuilder`**: small fluent helper for constructing the simple “send transaction” payload.
+- **WASM**: use `@nockchain/rose-wasm` directly for `TxBuilder`, `GrpcClient`, etc.
+- **React Hook**: `useIris()` for one-time WASM init + gRPC client + provider wiring.
+
+## Basic usage (provider)
+
+```ts
+import { NockchainProvider } from '@nockchain/sdk';
+
+const provider = new NockchainProvider();
+const { pkh, grpcEndpoint } = await provider.connect();
+
+const sig = await provider.signMessage('hello');
+console.log(sig.signature, sig.publicKeyHex);
+```
+
+## Building a simple transaction payload
+
+```ts
+import { NockchainProvider, TransactionBuilder } from '@nockchain/sdk';
+
+const provider = new NockchainProvider();
+await provider.connect();
+
+const tx = new TransactionBuilder().to('...recipient_pkh...').amount(1_000_000).build();
+const txId = await provider.sendTransaction(tx);
+```
+
+## WASM / raw transaction signing
+
+If you’re using `@nockchain/rose-wasm` types like `TxBuilder`, import them directly:
+
+```ts
+import {
+  TxBuilder,
+  Pkh,
+  SpendCondition,
+  Digest,
+  GrpcClient,
+  RawTx,
+  Note,
+} from '@nockchain/rose-wasm/rose_wasm.js';
+import { NockchainProvider } from '@nockchain/sdk';
+```
+
+See `sdk/examples/` for an end-to-end example of building + signing a raw transaction.
+
+## React: `useIris` hook
+
+```tsx
+import { useIris } from '@nockchain/sdk';
+
+export function App() {
+  const { provider, rpcClient, status, error, isReady } = useIris({
+    rpcUrl: 'https://rpc.nockbox.org',
+  });
+
+  if (status === 'loading') return <div>Loading…</div>;
+  if (status === 'error') return <pre>{String(error)}</pre>;
+  if (!isReady) return null;
+
+  return <div>Ready: {String(!!provider && !!rpcClient)}</div>;
+}
+```
+
+Notes:
+
+- `react` is a **peer dependency** (you bring your own React).
+- The hook initializes WASM once per page load (safe for StrictMode/HMR).
+
+## Development notes (this monorepo)
+
+This SDK is built with `tsc` and publishes **compiled output** from `sdk/dist/`.
+
+If you are iterating on `@nockchain/rose-wasm`, the recommended workflow is to publish it to a **local npm registry** (e.g. Verdaccio), then publish `@nockchain/sdk` against that version, and finally consume Rose using normal semver dependencies (no `file:`).

package/sdk/examples/app.ts

@@ -0,0 +1,166 @@
+import { NockchainProvider, wasm } from '../src/index';
+
+const statusDiv = document.getElementById('status')!;
+const outputPre = document.getElementById('output')!;
+const connectBtn = document.getElementById('connectBtn') as HTMLButtonElement;
+const signRawTxBtn = document.getElementById('signRawTxBtn') as HTMLButtonElement;
+const recipientInput = document.getElementById('recipientInput') as HTMLInputElement;
+
+let provider: NockchainProvider;
+let grpcEndpoint: string | null = null;
+let walletPkh: string | null = null;
+
+function log(msg: string) {
+  outputPre.textContent += msg + '\n';
+  console.log(msg);
+}
+
+async function init() {
+  try {
+    await wasm.default();
+    log('WASM initialized');
+
+    // Initialize NockchainProvider
+    provider = new NockchainProvider();
+    log('NockchainProvider initialized');
+  } catch (e) {
+    log('Failed to init: ' + e);
+  }
+}
+
+connectBtn.onclick = async () => {
+  if (!provider) {
+    log('Provider not initialized');
+    return;
+  }
+  try {
+    // Connect to wallet (returns pkh and grpcEndpoint)
+    const info = await provider.connect();
+    grpcEndpoint = info.grpcEndpoint;
+    walletPkh = info.pkh;
+
+    statusDiv.textContent = 'Connected: ' + walletPkh;
+    signRawTxBtn.disabled = false;
+    log('Connected: ' + walletPkh + ' @ ' + grpcEndpoint);
+  } catch (e: any) {
+    log('Connect failed: ' + e.message);
+  }
+};
+
+signRawTxBtn.onclick = async () => {
+  try {
+    log('Building transaction...');
+
+    // 1. Validate inputs
+    if (!grpcEndpoint || !walletPkh) {
+      log('Please connect and get wallet info first');
+      return;
+    }
+
+    const recipient = recipientInput.value.trim();
+    if (!recipient) {
+      log('Please enter a recipient address');
+      return;
+    }
+
+    // 2. Create gRPC client
+    log('Creating gRPC client for: ' + grpcEndpoint);
+    const grpcClient = new wasm.GrpcClient(grpcEndpoint);
+
+    // 3. Create spend condition using wallet PKH (single, no timelock)
+    log('Creating spend condition for PKH: ' + walletPkh);
+    const pkh = wasm.Pkh.single(walletPkh);
+    const spendCondition = wasm.SpendCondition.newPkh(pkh);
+
+    // 4. Get firstName from spend condition
+    const firstName = spendCondition.firstName();
+    log('First name: ' + firstName.value.substring(0, 20) + '...');
+
+    // 5. Query notes matching this firstName
+    log('Querying notes from gRPC...');
+    const balance = await grpcClient.getBalanceByFirstName(firstName.value);
+
+    if (!balance || !balance.notes || balance.notes.length === 0) {
+      log('No notes found - wallet might be empty');
+      return;
+    }
+
+    log('Found ' + balance.notes.length + ' notes');
+
+    // Convert notes from protobuf
+    const notes = balance.notes.map((n: any) => wasm.Note.fromProtobuf(n.note));
+    const note = notes[0];
+    const noteAssets = note.assets;
+    log('Using note with ' + noteAssets + ' nicks');
+
+    // 6. Build transaction (send 10 NOCK = 655360 nicks)
+    const TEN_NOCK_IN_NICKS = BigInt(10 * 65536);
+    const feePerWord = BigInt(32768); // 0.5 NOCK per word
+
+    log('Building transaction to send 10 NOCK...');
+    const builder = new wasm.TxBuilder(feePerWord);
+
+    // Create recipient digest
+    const recipientDigest = new wasm.Digest(recipient);
+
+    // Create refund digest (same as wallet PKH)
+    const refundDigest = new wasm.Digest(walletPkh);
+
+    // Use simpleSpend (no lockData for lower fees)
+    builder.simpleSpend(
+      [notes[0]],
+      [spendCondition],
+      recipientDigest,
+      TEN_NOCK_IN_NICKS,
+      null, // fee_override (let it auto-calculate)
+      refundDigest,
+      false // include_lock_data
+    );
+
+    // 7. Build the transaction and get notes/spend conditions
+    log('Building raw transaction...');
+    const nockchainTx = builder.build();
+    const txId = nockchainTx.id;
+    log('Transaction ID: ' + txId.value);
+
+    const rawTxProtobuf = nockchainTx.toRawTx().toProtobuf();
+
+    // Get notes and spend conditions from builder
+    const txNotes = builder.allNotes();
+
+    log('Notes count: ' + txNotes.notes.length);
+    log('Spend conditions count: ' + txNotes.spendConditions.length);
+
+    // 8. Sign using provider.signRawTx (pass wasm objects directly)
+    log('Signing transaction...');
+    const signedTxProtobuf = await provider.signRawTx({
+      rawTx: rawTxProtobuf, // Pass wasm RawTx directly
+      notes: txNotes.notes, // Pass wasm Note objects directly
+      spendConditions: txNotes.spendConditions, // Pass wasm SpendCondition objects directly
+    });
+
+    log('Transaction signed successfully!');
+
+    // Convert to jam string for file download
+    const signedTx = wasm.RawTx.fromProtobuf(signedTxProtobuf);
+    const jamBytes = signedTx.toJam();
+
+    // 9. Download to file using transaction ID
+    const blob = new Blob([new Uint8Array(jamBytes)], { type: 'application/jam' });
+    const url = URL.createObjectURL(blob);
+    const a = document.createElement('a');
+    a.href = url;
+    a.download = `${txId.value}.tx`;
+    document.body.appendChild(a);
+    a.click();
+    document.body.removeChild(a);
+    URL.revokeObjectURL(url);
+
+    log('Downloaded transaction to file: ' + txId.value + '.tx');
+  } catch (e: any) {
+    log('Error: ' + e.message);
+    console.error(e);
+  }
+};
+
+init();

package/sdk/examples/index.html

@@ -0,0 +1,51 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Nockbox SDK Test</title>
+    <style>
+      body {
+        font-family: sans-serif;
+        padding: 20px;
+        max-width: 800px;
+        margin: 0 auto;
+      }
+
+      button {
+        margin: 5px;
+        padding: 10px;
+      }
+
+      #output {
+        background: #f5f5f5;
+        padding: 10px;
+        border: 1px solid #ccc;
+        max-height: 400px;
+        overflow-y: auto;
+      }
+
+      input {
+        padding: 8px;
+        width: 400px;
+      }
+
+      .input-group {
+        margin: 10px 0;
+      }
+    </style>
+  </head>
+
+  <body>
+    <h1>Nockbox SDK Test</h1>
+    <div id="status">Not connected</div>
+    <button id="connectBtn">Connect</button>
+    <div class="input-group">
+      <label for="recipientInput">Recipient Address:</label><br />
+      <input type="text" id="recipientInput" placeholder="Enter recipient PKH address" />
+    </div>
+    <button id="signRawTxBtn" disabled>Build & Sign Transaction</button>
+    <pre id="output"></pre>
+    <script type="module" src="./app.ts"></script>
+  </body>
+</html>

package/sdk/examples/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "module": "ESNext",
+    "lib": ["ES2020", "DOM"],
+    "moduleResolution": "bundler",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "noEmit": true
+  },
+  "include": ["**/*"]
+}