@oleary-labs/signet-sdk 0.1.0

package/dist/scopedSign.js

@@ -0,0 +1,130 @@
+/**
+ * Structured EIP-712 signing for scoped keys.
+ *
+ * Scoped keys reject raw hash signing — the caller must provide a
+ * structured payload that the node verifies against the key's scope
+ * before computing the hash and signing.
+ */
+import { signKeygenRequest } from "./request";
+// ---------------------------------------------------------------------------
+// Scope construction
+// ---------------------------------------------------------------------------
+/**
+ * Build an EIP-712 domain scope (scheme 0x03).
+ *
+ * Format: 0x03 | chainId (8 bytes, uint64 BE) | verifyingContract (20 bytes)
+ * Total: 29 bytes.
+ */
+export function buildEIP712Scope(chainId, verifyingContract) {
+    const buf = new Uint8Array(29);
+    buf[0] = 0x03;
+    // chainId as 8-byte big-endian
+    const view = new DataView(buf.buffer);
+    view.setBigUint64(1, BigInt(chainId));
+    // verifyingContract as 20 bytes
+    const addr = verifyingContract.startsWith("0x")
+        ? verifyingContract.slice(2)
+        : verifyingContract;
+    for (let i = 0; i < 20; i++) {
+        buf[9 + i] = parseInt(addr.slice(i * 2, i * 2 + 2), 16);
+    }
+    return "0x" + Array.from(buf).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+// ---------------------------------------------------------------------------
+// Structured signing
+// ---------------------------------------------------------------------------
+/**
+ * Sign a structured EIP-712 payload with a scoped key.
+ *
+ * The node extracts the domain from the typed data, verifies it matches
+ * the key's scope, computes hashTypedData, and threshold-signs.
+ *
+ * @param nodeUrl - Target group node URL
+ * @param proxyEndpoint - CORS proxy URL
+ * @param groupId - Group contract address
+ * @param keyId - The scoped sub-key to sign with
+ * @param curve - Key curve (e.g. "ecdsa_secp256k1")
+ * @param typedData - Full EIP-712 typed data structure
+ * @param sessionKeypair - Active session keypair
+ * @param claims - OAuth/identity claims for session auth
+ * @param identity - For auth key cert sessions
+ */
+export async function signTypedData(nodeUrl, proxyEndpoint, groupId, keyId, curve, typedData, sessionKeypair, claims, identity) {
+    // Build session-authenticated request (no message hash — payload is sent separately)
+    // The canonical hash must use the full sub-key ID (identity + suffix).
+    // Extract suffix from keyId: "oauth:iss:sub:suffix" → suffix is last segment
+    // The identity param is "iss:sub", so we need to add the suffix.
+    const keyParts = keyId.split(":");
+    const keySuffix = keyParts.length > 1 ? keyParts[keyParts.length - 1] : undefined;
+    const signReq = await signKeygenRequest(sessionKeypair, claims, groupId, keySuffix, identity);
+    const res = await fetch(proxyEndpoint, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            "x-node-url": nodeUrl,
+            "x-node-path": "/v1/sign",
+        },
+        body: JSON.stringify({
+            group_id: groupId.toLowerCase(),
+            key_id: keyId,
+            key_suffix: keySuffix,
+            curve,
+            payload: {
+                scheme: "eip712",
+                typed_data: typedData,
+            },
+            session_pub: signReq.session_pub,
+            request_sig: signReq.request_sig,
+            nonce: signReq.nonce,
+            timestamp: signReq.timestamp,
+        }),
+    });
+    if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`Scoped sign failed: ${res.status} — ${body}`);
+    }
+    const data = await res.json();
+    return {
+        signature: data.signature,
+        ecdsaSignature: data.ecdsa_signature,
+        curve: data.curve ?? curve,
+    };
+}
+// ---------------------------------------------------------------------------
+// Presets
+// ---------------------------------------------------------------------------
+export const CHAIN_PRESETS = [
+    {
+        label: "USDC on Base",
+        chainId: 8453,
+        contractName: "USDC",
+        verifyingContract: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+        eip712Name: "USD Coin",
+        eip712Version: "2",
+    },
+    {
+        label: "USDC on Base Sepolia",
+        chainId: 84532,
+        contractName: "USDC",
+        verifyingContract: "0x036CbD53842c5426634e7929541eC2318f3dCF7e",
+        eip712Name: "USD Coin",
+        eip712Version: "2",
+    },
+    {
+        label: "USDC on Ethereum",
+        chainId: 1,
+        contractName: "USDC",
+        verifyingContract: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
+        eip712Name: "USD Coin",
+        eip712Version: "2",
+    },
+    {
+        label: "USDC on Sepolia",
+        chainId: 11155111,
+        contractName: "USDC",
+        verifyingContract: "0x1c7D4B196Cb0C7B01d743Fbc6116a902379C7238",
+        eip712Name: "USD Coin",
+        eip712Version: "2",
+    },
+];
+//# sourceMappingURL=scopedSign.js.map

package/dist/scopedSign.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scopedSign.js","sourceRoot":"","sources":["../src/scopedSign.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AA0B9C,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe,EAAE,iBAAyB;IACzE,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC/B,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAEd,+BAA+B;IAC/B,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtC,IAAI,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IAEtC,gCAAgC;IAChC,MAAM,IAAI,GAAG,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC;QAC7C,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5B,CAAC,CAAC,iBAAiB,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACrF,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAe,EACf,aAAqB,EACrB,OAAe,EACf,KAAa,EACb,KAAa,EACb,SAA0B,EAC1B,cAA8B,EAC9B,MAAqB,EACrB,QAAiB;IAEjB,qFAAqF;IACrF,uEAAuE;IACvE,6EAA6E;IAC7E,iEAAiE;IACjE,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAElF,MAAM,OAAO,GAAG,MAAM,iBAAiB,CACrC,cAAc,EACd,MAAM,EACN,OAAO,EACP,SAAS,EACT,QAAQ,CACT,CAAC;IAEF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;QACrC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,YAAY,EAAE,OAAO;YACrB,aAAa,EAAE,UAAU;SAC1B;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,QAAQ,EAAE,OAAO,CAAC,WAAW,EAAE;YAC/B,MAAM,EAAE,KAAK;YACb,UAAU,EAAE,SAAS;YACrB,KAAK;YACL,OAAO,EAAE;gBACP,MAAM,EAAE,QAAQ;gBAChB,UAAU,EAAE,SAAS;aACtB;YACD,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAC9B,OAAO;QACL,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,cAAc,EAAE,IAAI,CAAC,eAAe;QACpC,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,KAAK;KAC3B,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B;QACE,KAAK,EAAE,cAAc;QACrB,OAAO,EAAE,IAAI;QACb,YAAY,EAAE,MAAM;QACpB,iBAAiB,EAAE,4CAA4C;QAC/D,UAAU,EAAE,UAAU;QACtB,aAAa,EAAE,GAAG;KACnB;IACD;QACE,KAAK,EAAE,sBAAsB;QAC7B,OAAO,EAAE,KAAK;QACd,YAAY,EAAE,MAAM;QACpB,iBAAiB,EAAE,4CAA4C;QAC/D,UAAU,EAAE,UAAU;QACtB,aAAa,EAAE,GAAG;KACnB;IACD;QACE,KAAK,EAAE,kBAAkB;QACzB,OAAO,EAAE,CAAC;QACV,YAAY,EAAE,MAAM;QACpB,iBAAiB,EAAE,4CAA4C;QAC/D,UAAU,EAAE,UAAU;QACtB,aAAa,EAAE,GAAG;KACnB;IACD;QACE,KAAK,EAAE,iBAAiB;QACxB,OAAO,EAAE,QAAQ;QACjB,YAAY,EAAE,MAAM;QACpB,iBAAiB,EAAE,4CAA4C;QAC/D,UAAU,EAAE,UAAU;QACtB,aAAa,EAAE,GAAG;KACnB;CACO,CAAC"}

package/dist/server-prover.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Server-side ZK proof generation via the bundler's /v1/prove endpoint.
+ *
+ * Delegates JWT proof generation to the bundler instead of running
+ * noir + bb.js client-side via WASM. Faster (~2-3s vs 2-7s) and
+ * avoids shipping heavy WASM binaries to the browser.
+ *
+ * The returned proof + claims + modulus are everything needed to
+ * call authenticateWithBootstrap.
+ */
+export interface ServerProofResult {
+    proof: Uint8Array;
+    sub: string;
+    iss: string;
+    exp: number;
+    aud: string;
+    azp: string;
+    jwksModulus: Uint8Array;
+    sessionPub: string;
+}
+/**
+ * Generate a ZK proof of a JWT via the bundler's server-side prover.
+ *
+ * @param bundlerProxyUrl - URL of the bundler proxy (e.g. "/api/bundler")
+ * @param jwt - Raw JWT from OAuth provider
+ * @param sessionPubHex - 33-byte compressed secp256k1 public key, hex-encoded
+ */
+export declare function generateServerProof(bundlerProxyUrl: string, jwt: string, sessionPubHex: string, apiKey?: string): Promise<ServerProofResult>;
+//# sourceMappingURL=server-prover.d.ts.map

package/dist/server-prover.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-prover.d.ts","sourceRoot":"","sources":["../src/server-prover.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,UAAU,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,UAAU,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,eAAe,EAAE,MAAM,EACvB,GAAG,EAAE,MAAM,EACX,aAAa,EAAE,MAAM,EACrB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,iBAAiB,CAAC,CAkC5B"}

package/dist/server-prover.js

@@ -0,0 +1,54 @@
+/**
+ * Server-side ZK proof generation via the bundler's /v1/prove endpoint.
+ *
+ * Delegates JWT proof generation to the bundler instead of running
+ * noir + bb.js client-side via WASM. Faster (~2-3s vs 2-7s) and
+ * avoids shipping heavy WASM binaries to the browser.
+ *
+ * The returned proof + claims + modulus are everything needed to
+ * call authenticateWithBootstrap.
+ */
+/**
+ * Generate a ZK proof of a JWT via the bundler's server-side prover.
+ *
+ * @param bundlerProxyUrl - URL of the bundler proxy (e.g. "/api/bundler")
+ * @param jwt - Raw JWT from OAuth provider
+ * @param sessionPubHex - 33-byte compressed secp256k1 public key, hex-encoded
+ */
+export async function generateServerProof(bundlerProxyUrl, jwt, sessionPubHex, apiKey) {
+    const headers = {
+        "Content-Type": "application/json",
+        "x-bundler-path": "/v1/prove",
+    };
+    if (apiKey)
+        headers["X-API-Key"] = apiKey;
+    const res = await fetch(bundlerProxyUrl, {
+        method: "POST",
+        headers,
+        body: JSON.stringify({ jwt, session_pub: sessionPubHex }),
+    });
+    const result = await res.json();
+    if (!res.ok) {
+        const msg = result.error ?? JSON.stringify(result);
+        throw new Error(`Server proof generation failed: ${res.status} — ${msg}`);
+    }
+    if (result.error) {
+        const msg = typeof result.error === "string" ? result.error : JSON.stringify(result.error);
+        throw new Error(`Server proof generation failed: ${msg}`);
+    }
+    return {
+        proof: hexToBytes(result.proof),
+        sub: result.sub,
+        iss: result.iss,
+        exp: result.exp,
+        aud: result.aud,
+        azp: result.azp,
+        jwksModulus: hexToBytes(result.jwks_modulus),
+        sessionPub: result.session_pub,
+    };
+}
+function hexToBytes(hex) {
+    const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
+    return new Uint8Array((clean.match(/.{2}/g) ?? []).map((b) => parseInt(b, 16)));
+}
+//# sourceMappingURL=server-prover.js.map

package/dist/server-prover.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-prover.js","sourceRoot":"","sources":["../src/server-prover.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAaH;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,eAAuB,EACvB,GAAW,EACX,aAAqB,EACrB,MAAe;IAEf,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;QAClC,gBAAgB,EAAE,WAAW;KAC9B,CAAC;IACF,IAAI,MAAM;QAAE,OAAO,CAAC,WAAW,CAAC,GAAG,MAAM,CAAC;IAE1C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE;QACvC,MAAM,EAAE,MAAM;QACd,OAAO;QACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC;KAC1D,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAEhC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,CAAC,MAAM,MAAM,GAAG,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,GAAG,GAAG,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC3F,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO;QACL,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC;QAC/B,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,WAAW,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC;QAC5C,UAAU,EAAE,MAAM,CAAC,WAAW;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACxD,OAAO,IAAI,UAAU,CACnB,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CACzD,CAAC;AACJ,CAAC"}

package/dist/session.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Session keypair management (secp256k1).
+ *
+ * Generates an ephemeral keypair for authenticating with bootstrap nodes.
+ * The private key is held in memory only — never persisted.
+ */
+import type { SessionKeypair } from "./types";
+/**
+ * Generate a new ephemeral secp256k1 session keypair.
+ */
+export declare function generateSessionKeypair(): Promise<SessionKeypair>;
+export declare function bytesToHex(bytes: Uint8Array): string;
+export declare function hexToBytes(hex: string): Uint8Array;
+//# sourceMappingURL=session.d.ts.map

package/dist/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAE9C;;GAEG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,cAAc,CAAC,CAMtE;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAIpD;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAMlD"}

package/dist/session.js

@@ -0,0 +1,29 @@
+/**
+ * Session keypair management (secp256k1).
+ *
+ * Generates an ephemeral keypair for authenticating with bootstrap nodes.
+ * The private key is held in memory only — never persisted.
+ */
+/**
+ * Generate a new ephemeral secp256k1 session keypair.
+ */
+export async function generateSessionKeypair() {
+    const { utils, getPublicKey } = await import("@noble/secp256k1");
+    const privateKey = utils.randomSecretKey();
+    const publicKeyBytes = getPublicKey(privateKey, true); // compressed
+    const publicKeyHex = bytesToHex(publicKeyBytes);
+    return { privateKey, publicKeyHex };
+}
+export function bytesToHex(bytes) {
+    return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+export function hexToBytes(hex) {
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    }
+    return bytes;
+}
+//# sourceMappingURL=session.js.map

package/dist/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,KAAK,CAAC,eAAe,EAAE,CAAC;IAC3C,MAAM,cAAc,GAAG,YAAY,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,aAAa;IACpE,MAAM,YAAY,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC;IAChD,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,KAAiB;IAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SACrB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,KAAK,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Shared types for the Signet SDK.
+ */
+/** Decoded Google ID token claims. */
+export interface IdTokenClaims {
+    iss: string;
+    sub: string;
+    email: string;
+    name?: string;
+    picture?: string;
+    azp: string;
+    aud: string;
+    exp: number;
+    iat: number;
+}
+/** RSA public key from JWKS. */
+export interface JWKSKey {
+    kid: string;
+    kty: string;
+    alg: string;
+    n: string;
+    e: string;
+}
+/** Session keypair (secp256k1). */
+export interface SessionKeypair {
+    privateKey: Uint8Array;
+    publicKeyHex: string;
+}
+/** Witness inputs for the jwt_auth noir circuit. */
+export interface CircuitWitness {
+    data: number[];
+    dataLen: number;
+    base64DecodeOffset: number;
+    redcParamsLimbs: string[];
+    signatureLimbs: string[];
+    pubkeyModulusLimbs: string[];
+    iss: string;
+    sub: string;
+    exp: number;
+    aud: string;
+    azp: string;
+    sessionPub: number[];
+}
+/** Auth request body for bootstrap node /v1/auth (OAuth/ZK path). */
+export interface NodeAuthRequest {
+    group_id: string;
+    session_pub: string;
+    proof: string;
+    sub: string;
+    iss: string;
+    exp: number;
+    aud: string;
+    azp: string;
+    jwks_modulus: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,sCAAsC;AACtC,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,gCAAgC;AAChC,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED,mCAAmC;AACnC,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,UAAU,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,oDAAoD;AACpD,MAAM,WAAW,cAAc;IAE7B,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IAGzB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,qEAAqE;AACrE,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,EAAE,MAAM,CAAC;CACtB"}

package/dist/types.js

@@ -0,0 +1,5 @@
+/**
+ * Shared types for the Signet SDK.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/userop.d.ts

@@ -0,0 +1,104 @@
+/**
+ * Signet UserOperation pipeline.
+ *
+ * Framework-agnostic orchestration of the full ERC-4337 flow:
+ *   build → (paymaster stub) → estimate → (paymaster real) → hash → FROST sign → submit → confirm
+ *
+ * The caller provides an already-encoded callData (the app-specific part);
+ * everything else is generic Signet protocol logic.
+ */
+import { type Address, type Hex } from "viem";
+import type { SessionKeypair, IdTokenClaims } from "./types";
+import { type PaymasterContext } from "./bundler";
+/**
+ * ERC-4337 PackedUserOperation.
+ *
+ * This is the format expected by the EntryPoint and validated
+ * by SignetAccount.validateUserOp. The signature field carries
+ * a 65-byte FROST Schnorr signature (Rx || z || v).
+ */
+export interface PackedUserOperation {
+    sender: Address;
+    nonce: bigint;
+    initCode: Hex;
+    callData: Hex;
+    accountGasLimits: Hex;
+    preVerificationGas: bigint;
+    gasFees: Hex;
+    paymasterAndData: Hex;
+    signature: Hex;
+}
+export type UserOpStatus = "building" | "sponsoring-stub" | "estimating" | "sponsoring" | "signing" | "submitting" | "confirming";
+export interface SignetWriteConfig {
+    rpcUrl: string;
+    chainId: number;
+    entryPointAddress: Address;
+    bundlerProxyUrl: string;
+    nodeProxyUrl: string;
+    bootstrapGroup: Address;
+    bootstrapNodes: string[];
+    accountFactoryAddress: Address;
+    accountFactoryAbi: readonly Record<string, unknown>[];
+    usePaymaster: boolean;
+    paymasterContext?: PaymasterContext;
+}
+export interface SignetWriteParams {
+    account: Address;
+    groupPublicKey: Hex;
+    dest: Address;
+    value?: bigint;
+    callData: Hex;
+    sessionKeypair: SessionKeypair;
+    claims: IdTokenClaims;
+    onStatus?: (status: UserOpStatus) => void;
+}
+export interface SignetWriteResult {
+    userOpHash: Hex;
+    transactionHash: Hex;
+}
+/**
+ * Submit a UserOperation through the full Signet pipeline.
+ *
+ * Ordering is strict — see CLAUDE.md "Write flow ordering" for rationale:
+ * 1. Build unsigned UserOp (with initCode if account not deployed)
+ * 2. (if paymaster) Attach stub paymasterAndData for gas estimation
+ * 3. Estimate gas via bundler
+ * 4. (if paymaster) Replace stub with real signed paymaster blob
+ * 5. Compute UserOp hash
+ * 6. FROST threshold sign via bootstrap group
+ * 7. Submit to bundler
+ * 8. Poll for receipt
+ */
+export declare function submitUserOp(config: SignetWriteConfig, params: SignetWriteParams): Promise<SignetWriteResult>;
+/**
+ * Build an unsigned UserOperation for a SignetAccount.execute call.
+ */
+export declare function buildUserOp(params: {
+    sender: Address;
+    nonce: bigint;
+    initCode?: Hex;
+    dest: Address;
+    value?: bigint;
+    callData: Hex;
+}): PackedUserOperation;
+/**
+ * Compute the UserOperation hash for signing.
+ *
+ * Matches EntryPoint v0.7 packed format:
+ *   keccak256(abi.encode(keccak256(packedFields), entryPoint, chainId))
+ */
+export declare function getUserOpHash(userOp: PackedUserOperation, entryPoint: Address, chainId: number): Hex;
+/**
+ * Fetch the current nonce for an account from the EntryPoint.
+ */
+export declare function fetchNonce(rpcUrl: string, entryPointAddress: Address, account: Address): Promise<bigint>;
+/**
+ * Check if a SignetAccount is deployed at the given address.
+ */
+export declare function isAccountDeployed(rpcUrl: string, account: Address): Promise<boolean>;
+/**
+ * Build initCode for deploying a SignetAccount via the account factory.
+ * Returns "0x" if the account is already deployed.
+ */
+export declare function buildInitCode(config: Pick<SignetWriteConfig, "rpcUrl" | "accountFactoryAddress" | "accountFactoryAbi" | "entryPointAddress">, account: Address, groupPublicKey: Hex): Promise<Hex>;
+//# sourceMappingURL=userop.d.ts.map

package/dist/userop.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"userop.d.ts","sourceRoot":"","sources":["../src/userop.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,GAAG,EAOT,MAAM,MAAM,CAAC;AACd,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7D,OAAO,EAOL,KAAK,gBAAgB,EACtB,MAAM,WAAW,CAAC;AAMnB;;;;;;GAMG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,GAAG,CAAC;IACd,QAAQ,EAAE,GAAG,CAAC;IACd,gBAAgB,EAAE,GAAG,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,GAAG,CAAC;IACb,gBAAgB,EAAE,GAAG,CAAC;IACtB,SAAS,EAAE,GAAG,CAAC;CAChB;AAED,MAAM,MAAM,YAAY,GACpB,UAAU,GACV,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,SAAS,GACT,YAAY,GACZ,YAAY,CAAC;AAEjB,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,iBAAiB,EAAE,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;IACtD,YAAY,EAAE,OAAO,CAAC;IACtB,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,EAAE,GAAG,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,GAAG,CAAC;IACd,cAAc,EAAE,cAAc,CAAC;IAC/B,MAAM,EAAE,aAAa,CAAC;IACtB,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,YAAY,KAAK,IAAI,CAAC;CAC3C;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,GAAG,CAAC;IAChB,eAAe,EAAE,GAAG,CAAC;CACtB;AAMD;;;;;;;;;;;;GAYG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,iBAAiB,EACzB,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,iBAAiB,CAAC,CA+F5B;AAMD;;GAEG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE;IAClC,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,GAAG,CAAC;CACf,GAAG,mBAAmB,CA6BtB;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAE,mBAAmB,EAC3B,UAAU,EAAE,OAAO,EACnB,OAAO,EAAE,MAAM,GACd,GAAG,CAgCL;AAED;;GAEG;AACH,wBAAsB,UAAU,CAC9B,MAAM,EAAE,MAAM,EACd,iBAAiB,EAAE,OAAO,EAC1B,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,MAAM,CAAC,CAiBjB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,OAAO,CAAC,CAIlB;AAED;;;GAGG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,QAAQ,GAAG,uBAAuB,GAAG,mBAAmB,GAAG,mBAAmB,CAAC,EAC/G,OAAO,EAAE,OAAO,EAChB,cAAc,EAAE,GAAG,GAClB,OAAO,CAAC,GAAG,CAAC,CAWd"}