@novasamatech/statement-store 0.8.0-1 → 0.8.0

package/dist/crypto.d.ts

@@ -1,4 +1,7 @@
+import { ensureSubstrateSlotSr25519Ready } from '@novasamatech/substrate-slot-sr25519-wasm';
 import type { Codec } from 'scale-ts';
+export { ensureSubstrateSlotSr25519Ready };
+export { ensureSubstrateSr25519Ready } from './substrateSr25519.js';
 export declare function BrandedBytesCodec<T extends Uint8Array>(length?: number): Codec<T>;
 export declare function stringToBytes(str: string): Uint8Array<ArrayBuffer>;
 /**
@@ -7,6 +10,14 @@ export declare function stringToBytes(str: string): Uint8Array<ArrayBuffer>;
 export declare function khash(secret: Uint8Array, message: Uint8Array): Uint8Array<ArrayBufferLike> & Uint8Array<ArrayBuffer>;
 export declare function createSr25519Secret(entropy: Uint8Array, derivation?: string): Uint8Array<ArrayBufferLike>;
 export declare function createSr25519Derivation(secret: Uint8Array, derivation: string): Uint8Array<ArrayBufferLike>;
-export declare function deriveSr25519PublicKey(secret: Uint8Array): Uint8Array;
-export declare function signWithSr25519Secret(secret: Uint8Array, message: Uint8Array): Uint8Array<ArrayBufferLike> & Uint8Array<ArrayBuffer>;
+/** Ed25519-expanded secret (scure HDKD / `createSr25519Secret`). */
+export declare function deriveSr25519PublicKey(secret: Uint8Array): Uint8Array<ArrayBufferLike>;
+export declare function signWithSr25519Secret(secret: Uint8Array, message: Uint8Array): Uint8Array<ArrayBufferLike>;
 export declare function verifySr25519Signature(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): boolean;
+/**
+ * Substrate slot secret (`privateKey || nonce`, 64 bytes) from mobile `SlotAccountKey`.
+ * Matches Android `deriveAccountId()` / `Sr25519.getPublicKeyFromSecret`.
+ */
+export declare function deriveSlotAccountPublicKey(secret: Uint8Array): Uint8Array<ArrayBufferLike>;
+export declare function signSlotAccountSecret(secret: Uint8Array, message: Uint8Array): Uint8Array<ArrayBufferLike>;
+export declare function verifySlotAccountSignature(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): boolean;

package/dist/crypto.js

@@ -1,7 +1,11 @@
 import { blake2b } from '@noble/hashes/blake2.js';
+import { deriveSlotAccountPublicKey as deriveSlotPublicKey, ensureSubstrateSlotSr25519Ready, signSlotAccountSecret as signSlotSecret, verifySlotAccountSignature as verifySlotSignature, } from '@novasamatech/substrate-slot-sr25519-wasm';
 import { entropyToMiniSecret } from '@polkadot-labs/hdkd-helpers';
-import { HDKD as sr25519HDKD, getPublicKey as sr25519GetPublicKey, secretFromSeed as sr25519SecretFromSeed, sign as sr25519Sign, verify as sr25519Verify, } from '@scure/sr25519';
+import { HDKD as sr25519HDKD, secretFromSeed as sr25519SecretFromSeed } from '@scure/sr25519';
 import { Bytes, str, u64 } from 'scale-ts';
+import { substrateSr25519PublicKey, substrateSr25519Sign, substrateSr25519Verify } from './substrateSr25519.js';
+export { ensureSubstrateSlotSr25519Ready };
+export { ensureSubstrateSr25519Ready } from './substrateSr25519.js';
 export function BrandedBytesCodec(length) {
     return Bytes(length);
 }
@@ -60,12 +64,26 @@ export function createSr25519Derivation(secret, derivation) {
         }
     }, secret);
 }
+/** Ed25519-expanded secret (scure HDKD / `createSr25519Secret`). */
 export function deriveSr25519PublicKey(secret) {
-    return sr25519GetPublicKey(secret);
+    return substrateSr25519PublicKey(secret);
 }
 export function signWithSr25519Secret(secret, message) {
-    return sr25519Sign(secret, message);
+    return substrateSr25519Sign(secret, message);
 }
 export function verifySr25519Signature(message, signature, publicKey) {
-    return sr25519Verify(message, signature, publicKey);
+    return substrateSr25519Verify(message, signature, publicKey);
+}
+/**
+ * Substrate slot secret (`privateKey || nonce`, 64 bytes) from mobile `SlotAccountKey`.
+ * Matches Android `deriveAccountId()` / `Sr25519.getPublicKeyFromSecret`.
+ */
+export function deriveSlotAccountPublicKey(secret) {
+    return deriveSlotPublicKey(secret);
+}
+export function signSlotAccountSecret(secret, message) {
+    return signSlotSecret(secret, message);
+}
+export function verifySlotAccountSignature(message, signature, publicKey) {
+    return verifySlotSignature(message, signature, publicKey);
 }

package/dist/crypto.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/crypto.spec.js

@@ -0,0 +1,90 @@
+import { blake2b } from '@noble/hashes/blake2.js';
+import { ensureSubstrateSlotSr25519Ready, substrateSlotSecretFromSeedBytes, } from '@novasamatech/substrate-slot-sr25519-wasm';
+import { mnemonicToEntropy, mnemonicToMiniSecret } from '@polkadot-labs/hdkd-helpers';
+import * as schnorrkelWasm from '@polkadot-labs/schnorrkel-wasm';
+import { HDKD, secretFromSeed } from '@scure/sr25519';
+import { str, u64 } from 'scale-ts';
+import { beforeAll, describe, expect, it } from 'vitest';
+import { createSr25519Secret, deriveSlotAccountPublicKey, deriveSr25519PublicKey, signSlotAccountSecret, signWithSr25519Secret, verifySlotAccountSignature, verifySr25519Signature, } from './crypto.js';
+const { sr25519_derive_keypair_hard, sr25519_keypair_from_seed, sr25519_pubkey } = schnorrkelWasm;
+const initSchnorrkelWasm = schnorrkelWasm.init;
+const DEV_MNEMONIC = 'bottom drive obey lake curtain smoke basket hold race lonely fit walk';
+const ALLOWANCE_PATH = '//allowance//bulletin//localhost:5173';
+const toHex = (bytes) => `0x${[...bytes].map(b => b.toString(16).padStart(2, '0')).join('')}`;
+function createChainCode(derivation) {
+    const encoded = /^\d+$/.test(derivation) ? u64.enc(BigInt(derivation)) : str.enc(derivation);
+    if (encoded.length > 32) {
+        return blake2b(encoded, { dkLen: 32 });
+    }
+    const chainCode = new Uint8Array(32);
+    chainCode.set(encoded);
+    return chainCode;
+}
+function wasmDeriveAllowanceKeypair(miniSecret) {
+    initSchnorrkelWasm();
+    let pair = sr25519_keypair_from_seed(miniSecret);
+    for (const match of ALLOWANCE_PATH.matchAll(/(\/{1,2})([^/]+)/g)) {
+        const type = match[1];
+        const code = match[2];
+        if (!type || !code) {
+            continue;
+        }
+        if (type !== '//') {
+            throw new Error('soft junction not expected in test path');
+        }
+        pair = sr25519_derive_keypair_hard(pair, createChainCode(code));
+    }
+    return pair;
+}
+describe('sr25519 crypto (Substrate-compatible)', () => {
+    beforeAll(async () => {
+        initSchnorrkelWasm();
+        await ensureSubstrateSlotSr25519Ready();
+    });
+    it('derives the same public key as schnorrkel-wasm for an allowance path secret', () => {
+        const entropy = mnemonicToEntropy(DEV_MNEMONIC);
+        const miniSecret = mnemonicToMiniSecret(DEV_MNEMONIC);
+        const secret = createSr25519Secret(entropy, ALLOWANCE_PATH);
+        const wasmPair = wasmDeriveAllowanceKeypair(miniSecret);
+        const wasmPublicKey = wasmPair.slice(64, 96);
+        expect(deriveSr25519PublicKey(secret)).toEqual(wasmPublicKey);
+        expect(toHex(deriveSr25519PublicKey(secret))).toBe(toHex(wasmPublicKey));
+    });
+    it('derives slot account pubkey via SecretKey::from_bytes (mobile SlotAccountKey shape)', () => {
+        const miniSecret = mnemonicToMiniSecret(DEV_MNEMONIC);
+        const slotSecret = substrateSlotSecretFromSeedBytes(miniSecret);
+        const wasmPublicKey = deriveSlotAccountPublicKey(slotSecret);
+        expect(wasmPublicKey).not.toEqual(sr25519_pubkey(slotSecret));
+        expect(deriveSlotAccountPublicKey(slotSecret)).toEqual(wasmPublicKey);
+    });
+    it('signs and verifies slot-account secrets with the substrate context', () => {
+        const miniSecret = mnemonicToMiniSecret(DEV_MNEMONIC);
+        const slotSecret = substrateSlotSecretFromSeedBytes(miniSecret);
+        const publicKey = deriveSlotAccountPublicKey(slotSecret);
+        const message = new TextEncoder().encode('substrate-context-test');
+        const signature = signSlotAccountSecret(slotSecret, message);
+        expect(verifySlotAccountSignature(message, signature, publicKey)).toBe(true);
+    });
+    it('signs and verifies ed25519-expanded secrets with the substrate context', () => {
+        const secret = createSr25519Secret(mnemonicToEntropy(DEV_MNEMONIC), ALLOWANCE_PATH);
+        const publicKey = deriveSr25519PublicKey(secret);
+        const message = new TextEncoder().encode('substrate-context-test');
+        const signature = signWithSr25519Secret(secret, message);
+        expect(verifySr25519Signature(message, signature, publicKey)).toBe(true);
+    });
+    it('matches scure HDKD secret bytes for wasm-derived allowance keys', () => {
+        const miniSecret = mnemonicToMiniSecret(DEV_MNEMONIC);
+        let scureSecret = secretFromSeed(miniSecret);
+        for (const match of ALLOWANCE_PATH.matchAll(/(\/{1,2})([^/]+)/g)) {
+            const type = match[1];
+            const code = match[2];
+            if (!type || !code) {
+                continue;
+            }
+            const cc = createChainCode(code);
+            scureSecret = Uint8Array.from(type === '//' ? HDKD.secretHard(scureSecret, cc) : HDKD.secretSoft(scureSecret, cc));
+        }
+        const wasmSecret = wasmDeriveAllowanceKeypair(miniSecret).slice(0, 64);
+        expect(toHex(scureSecret)).toBe(toHex(wasmSecret));
+    });
+});

package/dist/index.d.ts

@@ -16,4 +16,5 @@ export { createLazyClient } from './adapter/lazyClient.js';
 export type { StatementStoreAdapter } from './adapter/types.js';
 export { AccountFullError, AlreadyExpiredError, BadProofError, DataTooLargeError, EncodingTooLargeError, ExpiryTooLowError, InternalStoreError, KnownExpiredError, NoAllowanceError, NoProofError, StorageFullError, } from './adapter/types.js';
 export { createPapiStatementStoreAdapter } from './adapter/rpc.js';
-export { createSr25519Derivation, createSr25519Secret, deriveSr25519PublicKey, khash, signWithSr25519Secret, verifySr25519Signature, } from './crypto.js';
+export { createSr25519Derivation, createSr25519Secret, deriveSlotAccountPublicKey, deriveSr25519PublicKey, ensureSubstrateSlotSr25519Ready, ensureSubstrateSr25519Ready, khash, signSlotAccountSecret, signWithSr25519Secret, verifySlotAccountSignature, verifySr25519Signature, } from './crypto.js';
+export { substrateSr25519PublicKey } from './substrateSr25519.js';

package/dist/index.js

@@ -8,4 +8,5 @@ export { DecodingError, DecryptionError, UnknownError } from './session/error.js
 export { createLazyClient } from './adapter/lazyClient.js';
 export { AccountFullError, AlreadyExpiredError, BadProofError, DataTooLargeError, EncodingTooLargeError, ExpiryTooLowError, InternalStoreError, KnownExpiredError, NoAllowanceError, NoProofError, StorageFullError, } from './adapter/types.js';
 export { createPapiStatementStoreAdapter } from './adapter/rpc.js';
-export { createSr25519Derivation, createSr25519Secret, deriveSr25519PublicKey, khash, signWithSr25519Secret, verifySr25519Signature, } from './crypto.js';
+export { createSr25519Derivation, createSr25519Secret, deriveSlotAccountPublicKey, deriveSr25519PublicKey, ensureSubstrateSlotSr25519Ready, ensureSubstrateSr25519Ready, khash, signSlotAccountSecret, signWithSr25519Secret, verifySlotAccountSignature, verifySr25519Signature, } from './crypto.js';
+export { substrateSr25519PublicKey } from './substrateSr25519.js';

package/dist/session/session.js

@@ -32,9 +32,7 @@ export function createSession({ localAccount, remoteAccount, statementStore, enc
     const bufferedMessages = [];
     let storeUnsub = null;
     let responseStoreUnsub = null;
-    function submitStatementData(channel, topicSessionId, data) {
-        state.expiry = nextExpiry(state.expiry);
-        const expiry = state.expiry;
+    function submitStatementAt(expiry, channel, topicSessionId, data) {
         return encryption
             .encrypt(data)
             .map(encrypted => ({
@@ -46,6 +44,10 @@ export function createSession({ localAccount, remoteAccount, statementStore, enc
             .asyncAndThen(prover.generateMessageProof)
             .andThen(statementStore.submitStatement);
     }
+    function submitStatementData(channel, topicSessionId, data) {
+        state.expiry = nextExpiry(state.expiry);
+        return submitStatementAt(state.expiry, channel, topicSessionId, data);
+    }
     function encodeAndSubmitRequest(requestId, messages) {
         const encode = fromThrowable(StatementData.enc, toError);
         encode({ tag: 'request', value: { requestId, data: messages } })
@@ -261,6 +263,10 @@ export function createSession({ localAccount, remoteAccount, statementStore, enc
                 rejectFn = rej;
             });
             state.pendingDelivery.set(token, { resolve: resolveFn, reject: rejectFn, promise });
+            // Ensure a rejection from clearOutgoingStatement()/dispose() is always handled,
+            // even when no caller attached via waitForResponseMessage(); the real waiter
+            // still receives the rejection through its own handler.
+            promise.catch(() => undefined);
             if (state.phase === 'initialization') {
                 state.messageQueue.push({ encoded, token });
             }
@@ -332,6 +338,31 @@ export function createSession({ localAccount, remoteAccount, statementStore, enc
                 }
             };
         },
+        clearOutgoingStatement() {
+            const outgoing = state.outgoingRequest;
+            // Reuse the current expiry (do NOT call nextExpiry): the live batch was last
+            // submitted at state.expiry, so an empty statement at the same expiry on the
+            // same channel supersedes it. The store rejects only a strictly lower expiry.
+            const expiry = state.expiry;
+            // Always drop local outgoing state and reject pending waiters up-front,
+            // regardless of which path follows. This covers messages queued before the
+            // batch went out (e.g. during init, while outgoingRequest is still null) and
+            // guarantees cleanup even if the superseding submission below fails — the
+            // caller still receives any submission error.
+            state.outgoingRequest = null;
+            state.messageQueue = [];
+            rejectAllPending(new Error('Outgoing batch aborted'));
+            if (outgoing === null)
+                return okAsync(undefined);
+            const requestId = outgoing.requestIds[outgoing.requestIds.length - 1];
+            const encoded = fromThrowable(StatementData.enc, toError)({
+                tag: 'request',
+                value: { requestId, data: [] },
+            });
+            if (encoded.isErr())
+                return errAsync(encoded.error);
+            return submitStatementAt(expiry, createRequestChannel(outgoingSessionId), outgoingSessionId, encoded.value);
+        },
         dispose() {
             storeUnsub?.();
             storeUnsub = null;

package/dist/session/session.spec.js

@@ -1,5 +1,5 @@
 import { createExpiryFromDuration } from '@novasamatech/sdk-statement';
-import { ok, okAsync } from 'neverthrow';
+import { ResultAsync, errAsync, ok, okAsync } from 'neverthrow';
 import { Bytes, str } from 'scale-ts';
 import { describe, expect, it, vi } from 'vitest';
 import { createAccountId, createLocalSessionAccount, createRemoteSessionAccount } from '../model/sessionAccount.js';
@@ -545,4 +545,94 @@ describe('session', () => {
             expect(result.unwrapOr({ responseCode: 'unknown' }).responseCode).toBe('success');
         });
     });
+    describe('clearOutgoingStatement', () => {
+        it('is a no-op when there is no outgoing request', async () => {
+            const { session, adapter } = makeSession();
+            await delay();
+            const before = adapter.submitStatement.mock.calls.length;
+            const result = await session.clearOutgoingStatement();
+            expect(result.isOk()).toBe(true);
+            expect(adapter.submitStatement.mock.calls.length).toBe(before);
+        });
+        it('submits an empty request batch on the same channel at >= the live expiry and clears state', async () => {
+            const { session, adapter } = makeSession();
+            await delay();
+            const rawCodec = Bytes();
+            void session.submitRequestMessage(rawCodec, new Uint8Array([1, 2, 3]));
+            await delay();
+            const liveCall = adapter.submitStatement.mock.calls.at(-1)?.[0];
+            const liveDecoded = StatementData.dec(liveCall.data);
+            expect(liveDecoded.tag).toBe('request');
+            if (liveDecoded.tag === 'request')
+                expect(liveDecoded.value.data.length).toBe(1);
+            const result = await session.clearOutgoingStatement();
+            expect(result.isOk()).toBe(true);
+            const clearCall = adapter.submitStatement.mock.calls.at(-1)?.[0];
+            const clearDecoded = StatementData.dec(clearCall.data);
+            expect(clearDecoded.tag).toBe('request');
+            if (clearDecoded.tag === 'request')
+                expect(clearDecoded.value.data).toEqual([]);
+            expect(clearCall.channel).toBe(liveCall.channel);
+            expect(clearCall.expiry).toBeGreaterThanOrEqual(liveCall.expiry);
+            // Outgoing state is cleared: the next message starts a brand-new batch (data length 1, not 2).
+            void session.submitRequestMessage(rawCodec, new Uint8Array([4]));
+            await delay();
+            const afterClear = adapter.submitStatement.mock.calls.at(-1)?.[0];
+            const afterDecoded = StatementData.dec(afterClear.data);
+            if (afterDecoded.tag === 'request')
+                expect(afterDecoded.value.data.length).toBe(1);
+        });
+        it('rejects the pending response waiter so callers unwind', async () => {
+            const { session } = makeSession();
+            await delay();
+            const submit = await session.submitRequestMessage(Bytes(), new Uint8Array([9]));
+            expect(submit.isOk()).toBe(true);
+            const requestId = submit._unsafeUnwrap().requestId;
+            const waiter = session.waitForResponseMessage(requestId);
+            await session.clearOutgoingStatement();
+            const waited = await waiter;
+            expect(waited.isErr()).toBe(true);
+        });
+        it('clears local state and rejects waiters even when the superseding submission fails', async () => {
+            const { session, adapter } = makeSession();
+            await delay();
+            const rawCodec = Bytes();
+            const submit = await session.submitRequestMessage(rawCodec, new Uint8Array([1, 2, 3]));
+            const requestId = submit._unsafeUnwrap().requestId;
+            const waiter = session.waitForResponseMessage(requestId);
+            adapter.submitStatement.mockReturnValueOnce(errAsync(new Error('store rejected')));
+            const result = await session.clearOutgoingStatement();
+            expect(result.isErr()).toBe(true);
+            // The pending waiter is rejected despite the failed submission.
+            const waited = await waiter;
+            expect(waited.isErr()).toBe(true);
+            // Local state is cleared: the next message starts a brand-new batch (data length 1, not 2).
+            adapter.submitStatement.mockReturnValue(okAsync(undefined));
+            void session.submitRequestMessage(rawCodec, new Uint8Array([4]));
+            await delay();
+            const afterClear = adapter.submitStatement.mock.calls.at(-1)?.[0];
+            const afterDecoded = StatementData.dec(afterClear.data);
+            if (afterDecoded.tag === 'request')
+                expect(afterDecoded.value.data.length).toBe(1);
+        });
+        it('cancels messages queued before the batch is submitted (init still pending)', async () => {
+            // queryStatements never resolves, so init() stays pending and the message
+            // sits in the queue with outgoingRequest still null.
+            const neverResolves = vi
+                .fn()
+                .mockReturnValue(new ResultAsync(new Promise(() => undefined)));
+            const { session, adapter } = makeSession({ queryStatements: neverResolves });
+            const submit = await session.submitRequestMessage(Bytes(), new Uint8Array([7]));
+            const requestId = submit._unsafeUnwrap().requestId;
+            const waiter = session.waitForResponseMessage(requestId);
+            const submitsBefore = adapter.submitStatement.mock.calls.length;
+            const result = await session.clearOutgoingStatement();
+            expect(result.isOk()).toBe(true);
+            // The queued waiter is rejected rather than left to be submitted after init.
+            const waited = await waiter;
+            expect(waited.isErr()).toBe(true);
+            // No empty batch is submitted since there was no live on-chain request yet.
+            expect(adapter.submitStatement.mock.calls.length).toBe(submitsBefore);
+        });
+    });
 });

package/dist/session/types.d.ts

@@ -31,6 +31,15 @@ export type Session = {
         requestId: string;
     }, Error>;
     submitResponseMessage(requestId: string, responseCode: ResponseStatus): ResultAsync<void, Error>;
+    /**
+     * Replace the in-flight outgoing request batch with an empty one on the same
+     * request channel at the session's current expiry (the statement store keeps
+     * one statement per channel and rejects only a LOWER expiry, so an equal/higher
+     * expiry supersedes the live batch). Local outgoing state is always dropped and
+     * all pending response waiters are rejected, including queued messages that have
+     * not yet been submitted and even if the superseding submission itself fails.
+     */
+    clearOutgoingStatement(): ResultAsync<void, Error>;
     waitForRequestMessage<T, S>(codec: Codec<T>, filter: Filter<T, S>): ResultAsync<S, Error>;
     waitForResponseMessage(requestId: string): ResultAsync<ResponseMessage, Error>;
     subscribe<T>(codec: Codec<T>, callback: Callback<Message<T>[]>): VoidFunction;

package/dist/substrateSr25519.d.ts

@@ -0,0 +1,5 @@
+/** Ed25519-expanded sr25519 secrets (scure HDKD / `createSr25519Secret`). */
+export declare function ensureSubstrateSr25519Ready(): void;
+export declare function substrateSr25519PublicKey(secret: Uint8Array): Uint8Array;
+export declare function substrateSr25519Sign(secret: Uint8Array, message: Uint8Array): Uint8Array;
+export declare function substrateSr25519Verify(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): boolean;

package/dist/substrateSr25519.js

@@ -0,0 +1,25 @@
+import * as schnorrkelWasm from '@polkadot-labs/schnorrkel-wasm';
+const { sr25519_pubkey, sr25519_sign, sr25519_verify } = schnorrkelWasm;
+/** Published .d.ts omits `init`; it is exported from the package entry at runtime. */
+const initSchnorrkelWasm = schnorrkelWasm.init;
+let initialized = false;
+/** Ed25519-expanded sr25519 secrets (scure HDKD / `createSr25519Secret`). */
+export function ensureSubstrateSr25519Ready() {
+    if (!initialized) {
+        initSchnorrkelWasm();
+        initialized = true;
+    }
+}
+export function substrateSr25519PublicKey(secret) {
+    ensureSubstrateSr25519Ready();
+    return sr25519_pubkey(secret);
+}
+export function substrateSr25519Sign(secret, message) {
+    ensureSubstrateSr25519Ready();
+    const publicKey = sr25519_pubkey(secret);
+    return sr25519_sign(publicKey, secret, message);
+}
+export function substrateSr25519Verify(message, signature, publicKey) {
+    ensureSubstrateSr25519Ready();
+    return sr25519_verify(publicKey, message, signature);
+}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@novasamatech/statement-store",
   "type": "module",
-  "version": "0.8.0-1",
+  "version": "0.8.0",
   "description": "Statement store integration",
   "license": "Apache-2.0",
   "repository": {
@@ -25,16 +25,17 @@
     "README.md"
   ],
   "dependencies": {
-    "@novasamatech/scale": "0.8.0-1",
+    "@novasamatech/scale": "0.8.0",
     "@novasamatech/sdk-statement": "^0.6.0",
     "@polkadot-api/substrate-bindings": "^0.20.2",
     "@polkadot-api/substrate-client": "^0.7.0",
     "@polkadot-labs/hdkd-helpers": "^0.0.30",
+    "@polkadot-labs/schnorrkel-wasm": "0.0.8",
     "@noble/hashes": "2.2.0",
     "@noble/ciphers": "2.2.0",
     "@scure/sr25519": "2.2.0",
     "polkadot-api": ">=2",
-    "nanoid": "5.1.9",
+    "nanoid": "5.1.11",
     "neverthrow": "^8.2.0",
     "scale-ts": "1.6.1"
   },