@oleary-labs/signet-sdk 0.1.0

package/src/bundler.ts

@@ -0,0 +1,256 @@
+/**
+ * Bundler RPC client for ERC-4337 UserOperations.
+ *
+ * Framework-agnostic — all config is passed in, no env imports.
+ * Handles serialization between the packed UserOp format (used
+ * internally and for hashing) and the unpacked v0.7 RPC format
+ * expected by signet-min-bundler.
+ */
+
+import { type Address, type Hex, concat } from "viem";
+import type { PackedUserOperation } from "./userop";
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+export interface BundlerSendResult {
+  userOpHash: Hex;
+}
+
+export interface UserOpReceipt {
+  userOpHash: Hex;
+  transactionHash: Hex;
+  success: boolean;
+}
+
+export interface GasEstimate {
+  preVerificationGas: Hex;
+  verificationGasLimit: Hex;
+  callGasLimit: Hex;
+}
+
+/**
+ * ERC-7677 paymaster sponsorship result.
+ *
+ * The bundler returns paymaster gas limits as separate fields, but
+ * signet-min-bundler's wire format for eth_sendUserOperation expects
+ * them packed into the front of `paymasterData` (see packPaymasterData
+ * and the note on the getHash comment in internal/paymaster/paymaster.go).
+ */
+export interface PaymasterSponsorship {
+  paymaster: Address;
+  paymasterData: Hex;
+  paymasterVerificationGasLimit: Hex;
+  paymasterPostOpGasLimit: Hex;
+}
+
+/**
+ * ERC-7677 context object passed as the 4th parameter to
+ * pm_getPaymasterStubData / pm_getPaymasterData.
+ */
+export interface PaymasterContext {
+  invite_code?: string;
+}
+
+// ---------------------------------------------------------------------------
+// Bundler RPC
+// ---------------------------------------------------------------------------
+
+export async function sendUserOp(
+  bundlerUrl: string,
+  entryPointAddress: Address,
+  userOp: PackedUserOperation
+): Promise<BundlerSendResult> {
+  const json = await bundlerRpc(bundlerUrl, "eth_sendUserOperation", [
+    serializeUserOp(userOp),
+    entryPointAddress,
+  ]);
+  return { userOpHash: json.result };
+}
+
+export async function getUserOpReceipt(
+  bundlerUrl: string,
+  userOpHash: Hex
+): Promise<UserOpReceipt | null> {
+  const json = await bundlerRpc(bundlerUrl, "eth_getUserOperationReceipt", [
+    userOpHash,
+  ]);
+
+  if (!json.result) return null;
+
+  return {
+    userOpHash: json.result.userOpHash,
+    transactionHash: json.result.transactionHash,
+    success: json.result.success,
+  };
+}
+
+export async function estimateUserOpGas(
+  bundlerUrl: string,
+  entryPointAddress: Address,
+  userOp: PackedUserOperation
+): Promise<GasEstimate> {
+  const json = await bundlerRpc(bundlerUrl, "eth_estimateUserOperationGas", [
+    serializeUserOp(userOp),
+    entryPointAddress,
+  ]);
+  return json.result;
+}
+
+// ---------------------------------------------------------------------------
+// ERC-7677 Paymaster
+// ---------------------------------------------------------------------------
+
+/**
+ * Call pm_getPaymasterStubData.
+ *
+ * Returns paymaster fields with a correctly-sized but zeroed signature,
+ * suitable for gas estimation. Call this BEFORE eth_estimateUserOperationGas
+ * so the estimate accounts for the paymaster's verification overhead.
+ */
+export async function getPaymasterStubData(
+  bundlerUrl: string,
+  entryPointAddress: Address,
+  chainId: number,
+  userOp: PackedUserOperation,
+  context?: PaymasterContext,
+): Promise<PaymasterSponsorship> {
+  return paymasterCall(bundlerUrl, entryPointAddress, chainId, "pm_getPaymasterStubData", userOp, context);
+}
+
+/**
+ * Call pm_getPaymasterData.
+ *
+ * Returns a real paymaster signature. The bundler first checks the
+ * paymaster contract's shouldSponsor() policy via eth_call; if sponsorship
+ * is rejected, this throws.
+ *
+ * IMPORTANT: call AFTER gas estimation, because the paymaster signs over
+ * the gas fields. Changing gas after this call invalidates the signature.
+ */
+export async function getPaymasterData(
+  bundlerUrl: string,
+  entryPointAddress: Address,
+  chainId: number,
+  userOp: PackedUserOperation,
+  context?: PaymasterContext,
+): Promise<PaymasterSponsorship> {
+  return paymasterCall(bundlerUrl, entryPointAddress, chainId, "pm_getPaymasterData", userOp, context);
+}
+
+/**
+ * Pack an ERC-7677 sponsorship response into the on-chain paymasterAndData
+ * layout expected by EntryPoint v0.7:
+ *
+ *   [paymaster:20][verifGasLimit:16][postOpGasLimit:16][paymasterData:rest]
+ *
+ * The paymaster's getHash function reads paymasterAndData[20:52] as the
+ * packed (verifGasLimit || postOpGasLimit) uint128 pair — so the returned
+ * layout must match exactly or the paymaster signature will not verify
+ * on-chain (AA34 signature error).
+ *
+ * NOTE on the bundler's wire format: signet-min-bundler's FromRPC
+ * concatenates the JSON `paymaster` + `paymasterData` fields directly
+ * into paymasterAndData. It does NOT re-insert gas-limit bytes. So when
+ * serializing for eth_sendUserOperation, the `paymasterData` on the wire
+ * already includes the packed gas limits.
+ */
+export function applyPaymasterSponsorship(
+  userOp: PackedUserOperation,
+  s: PaymasterSponsorship
+): PackedUserOperation {
+  const verifGas = BigInt(s.paymasterVerificationGasLimit);
+  const postOpGas = BigInt(s.paymasterPostOpGasLimit);
+  const packedGas = (`0x${verifGas.toString(16).padStart(32, "0")}${postOpGas.toString(16).padStart(32, "0")}`) as Hex;
+  return {
+    ...userOp,
+    paymasterAndData: concat([s.paymaster, packedGas, s.paymasterData]),
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Internal
+// ---------------------------------------------------------------------------
+
+async function paymasterCall(
+  bundlerUrl: string,
+  entryPointAddress: Address,
+  chainId: number,
+  method: "pm_getPaymasterStubData" | "pm_getPaymasterData",
+  userOp: PackedUserOperation,
+  context?: PaymasterContext,
+): Promise<PaymasterSponsorship> {
+  const json = await bundlerRpc(bundlerUrl, method, [
+    serializeUserOp(userOp),
+    entryPointAddress,
+    `0x${chainId.toString(16)}`,
+    context ?? {},
+  ]);
+
+  return {
+    paymaster: json.result.paymaster as Address,
+    paymasterData: json.result.paymasterData as Hex,
+    paymasterVerificationGasLimit: json.result.paymasterVerificationGasLimit as Hex,
+    paymasterPostOpGasLimit: json.result.paymasterPostOpGasLimit as Hex,
+  };
+}
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+async function bundlerRpc(bundlerUrl: string, method: string, params: any[]): Promise<any> {
+  const res = await fetch(bundlerUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ jsonrpc: "2.0", id: 1, method, params }),
+  });
+
+  const json = await res.json();
+  if (json.error) {
+    throw new Error(`${method} failed: ${json.error.message}`);
+  }
+  return json;
+}
+
+/**
+ * Serialize a PackedUserOperation to the unpacked v0.7 RPC format
+ * expected by signet-min-bundler.
+ *
+ * Paymaster handling: the bundler's FromRPC builds paymasterAndData by
+ * concatenating `paymaster` + `paymasterData` with no re-insertion of gas
+ * limits, so we send `paymasterData` as bytes 20..end of our stored
+ * paymasterAndData (which already includes the packed gas limits written
+ * by applyPaymasterSponsorship).
+ */
+function serializeUserOp(userOp: PackedUserOperation) {
+  const gasLimitsHex = userOp.accountGasLimits.slice(2).padStart(64, "0");
+  const verificationGasLimit = `0x${BigInt("0x" + gasLimitsHex.slice(0, 32)).toString(16)}`;
+  const callGasLimit = `0x${BigInt("0x" + gasLimitsHex.slice(32, 64)).toString(16)}`;
+
+  const gasFeesHex = (userOp.gasFees as string).slice(2).padStart(64, "0");
+  const maxPriorityFeePerGas = `0x${BigInt("0x" + gasFeesHex.slice(0, 32)).toString(16)}`;
+  const maxFeePerGas = `0x${BigInt("0x" + gasFeesHex.slice(32, 64)).toString(16)}`;
+
+  const initCodeHex = userOp.initCode.slice(2);
+  const factory = initCodeHex.length >= 40 ? `0x${initCodeHex.slice(0, 40)}` : "";
+  const factoryData = initCodeHex.length > 40 ? `0x${initCodeHex.slice(40)}` : "";
+
+  const pmHex = userOp.paymasterAndData.slice(2);
+  const paymaster = pmHex.length >= 40 ? `0x${pmHex.slice(0, 40)}` : "";
+  const paymasterData = pmHex.length > 40 ? `0x${pmHex.slice(40)}` : "";
+
+  return {
+    sender: userOp.sender,
+    nonce: `0x${userOp.nonce.toString(16)}`,
+    factory,
+    factoryData,
+    callData: userOp.callData,
+    callGasLimit,
+    verificationGasLimit,
+    preVerificationGas: `0x${userOp.preVerificationGas.toString(16)}`,
+    maxFeePerGas,
+    maxPriorityFeePerGas,
+    paymaster,
+    paymasterData,
+    signature: userOp.signature,
+  };
+}

package/src/delegate.ts

@@ -0,0 +1,163 @@
+/**
+ * Delegation token minting and delegation-based auth.
+ *
+ * Delegation tokens are JWTs signed by a parent FROST/ECDSA key that grant
+ * an agent long-lived access to a specific scoped sub-key without requiring
+ * the user's OAuth session.
+ *
+ * Flow:
+ * 1. User creates parent key + scoped sub-key via keygen
+ * 2. User calls requestDelegation() → gets a JWT signed by parent key
+ * 3. Agent calls authenticateWithDelegation() → establishes session
+ * 4. Agent signs with the scoped sub-key via the session
+ */
+
+import type { SessionKeypair, IdTokenClaims } from "./types";
+import { signKeygenRequest } from "./request";
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+export interface DelegationResult {
+  token: string;
+  keyId: string;
+  parentKey: string;
+  expiresAt: number;
+}
+
+export interface DelegationAuthResult {
+  identity: string;
+  keyId: string;
+  expiresAt: number;
+}
+
+// ---------------------------------------------------------------------------
+// Mint delegation token (user path)
+// ---------------------------------------------------------------------------
+
+/**
+ * Request a delegation token for a scoped sub-key.
+ *
+ * Requires an active OAuth session. The node threshold-signs a JWT using
+ * the parent key, granting the token holder access to the sub-key.
+ *
+ * @param nodeUrl - Target group node URL
+ * @param proxyEndpoint - CORS proxy URL (e.g. "/api/node/proxy")
+ * @param groupId - Group contract address
+ * @param keyId - The sub-key to delegate access to
+ * @param parentKeyId - The parent key that signs the JWT
+ * @param curve - Key curve (e.g. "ecdsa_secp256k1")
+ * @param expiresIn - Token lifetime in seconds (e.g. 2592000 for 30 days)
+ * @param sessionKeypair - Active session keypair
+ * @param claims - OAuth claims for session auth
+ * @param identity - For auth key cert sessions
+ */
+export async function requestDelegation(
+  nodeUrl: string,
+  proxyEndpoint: string,
+  groupId: string,
+  keySuffix: string,
+  parentKeyId: string,
+  curve: string,
+  expiresIn: number,
+  sessionKeypair: SessionKeypair,
+  claims: IdTokenClaims,
+  identity?: string,
+): Promise<DelegationResult> {
+  // Build session-authenticated request.
+  // Try with suffix in the canonical hash — if the node resolves the key
+  // from session + suffix, the signature must cover the suffixed key ID.
+  const signReq = await signKeygenRequest(
+    sessionKeypair,
+    claims,
+    groupId,
+    keySuffix,
+    identity,
+  );
+
+
+
+  const res = await fetch(proxyEndpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-node-url": nodeUrl,
+      "x-node-path": "/v1/delegate",
+    },
+    body: JSON.stringify({
+      group_id: groupId.toLowerCase(),
+      key_suffix: keySuffix,
+      parent_key_id: parentKeyId,
+      curve,
+      expires_in: expiresIn,
+      session_pub: signReq.session_pub,
+      request_sig: signReq.request_sig,
+      nonce: signReq.nonce,
+      timestamp: signReq.timestamp,
+    }),
+  });
+
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Delegation failed: ${res.status} — ${body}`);
+  }
+
+  const data = await res.json();
+  return {
+    token: data.token,
+    keyId: data.key_id,
+    parentKey: data.parent_key,
+    expiresAt: data.expires_at,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Authenticate with delegation token (agent path)
+// ---------------------------------------------------------------------------
+
+/**
+ * Authenticate with a node using a delegation token.
+ *
+ * The agent presents a JWT signed by the parent key. The node verifies
+ * the signature and creates a session scoped to the sub-key.
+ *
+ * @param nodeUrl - Target group node URL
+ * @param proxyEndpoint - CORS proxy URL
+ * @param groupId - Group contract address
+ * @param delegationToken - The JWT from requestDelegation()
+ * @param sessionKeypair - Fresh ephemeral session keypair for the agent
+ */
+export async function authenticateWithDelegation(
+  nodeUrl: string,
+  proxyEndpoint: string,
+  groupId: string,
+  delegationToken: string,
+  sessionKeypair: SessionKeypair,
+): Promise<DelegationAuthResult> {
+  const res = await fetch(proxyEndpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-node-url": nodeUrl,
+      "x-node-path": "/v1/auth",
+    },
+    body: JSON.stringify({
+      group_id: groupId.toLowerCase(),
+      delegation_token: delegationToken,
+      session_pub: sessionKeypair.publicKeyHex,
+    }),
+  });
+
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Delegation auth failed: ${res.status} — ${body}`);
+  }
+
+  const data = await res.json();
+  return {
+    identity: data.identity,
+    keyId: data.key_id,
+    expiresAt: data.expires_at,
+  };
+}

package/src/frostVerify.ts

@@ -0,0 +1,79 @@
+/**
+ * Client-side FROST Schnorr signature verification (RFC 9591 secp256k1-SHA256-v1).
+ *
+ * Verifies a 65-byte FROST threshold signature against a compressed group
+ * public key and message. Uses the same algorithm as FROSTVerifier.sol:
+ *
+ *   Verification equation: z·G = R + c·Y
+ *   Challenge: c = H2(R || Y || msg) via expand_message_xmd (RFC 9380)
+ *   DST: "FROST-secp256k1-SHA256-v1chal"
+ *
+ * Uses @noble/curves (already installed) for elliptic curve arithmetic
+ * and RFC 9380 hash-to-curve utilities.
+ */
+
+import { secp256k1 } from "@noble/curves/secp256k1";
+import { expand_message_xmd } from "@noble/curves/abstract/hash-to-curve";
+import { sha256 } from "@noble/hashes/sha256";
+import { concatBytes } from "@noble/hashes/utils";
+
+const DST = new TextEncoder().encode("FROST-secp256k1-SHA256-v1chal");
+const N = secp256k1.CURVE.n;
+
+/**
+ * Verify a FROST Schnorr signature.
+ *
+ * @param message - The message bytes that were signed (typically 32 bytes)
+ * @param signature - 65-byte signature: R.x(32) || z(32) || v(1)
+ * @param groupPublicKey - 33-byte compressed secp256k1 group public key
+ * @returns true if the signature is valid
+ */
+export function verifyFrostSignature(
+  message: Uint8Array,
+  signature: Uint8Array,
+  groupPublicKey: Uint8Array,
+): boolean {
+  if (signature.length !== 65) return false;
+  if (groupPublicKey.length !== 33) return false;
+
+  const rx = signature.slice(0, 32);
+  const z = bytesToBigInt(signature.slice(32, 64));
+  const v = signature[64];
+
+  if (z === 0n || z >= N) return false;
+
+  // Reconstruct compressed R from R.x + parity
+  const rCompressed = new Uint8Array(33);
+  rCompressed[0] = v === 0 ? 0x02 : 0x03;
+  rCompressed.set(rx, 1);
+
+  // Challenge: c = H2(R_compressed || groupPublicKey || message)
+  // Uses expand_message_xmd (RFC 9380) with SHA-256, output 48 bytes, reduced mod N
+  const input = concatBytes(rCompressed, groupPublicKey, message);
+  const uniform = expand_message_xmd(input, DST, 48, sha256);
+  const c = bytesToBigInt(uniform) % N;
+
+  if (c === 0n) return false;
+
+  // Verify: z·G == R + c·Y
+  try {
+    const R = secp256k1.ProjectivePoint.fromHex(rCompressed);
+    const Y = secp256k1.ProjectivePoint.fromHex(groupPublicKey);
+    const G = secp256k1.ProjectivePoint.BASE;
+
+    const lhs = G.multiply(z);
+    const rhs = R.add(Y.multiply(c));
+
+    return lhs.equals(rhs);
+  } catch {
+    return false;
+  }
+}
+
+function bytesToBigInt(bytes: Uint8Array): bigint {
+  let result = 0n;
+  for (const b of bytes) {
+    result = (result << 8n) | BigInt(b);
+  }
+  return result;
+}

package/src/generate-inputs.ts

@@ -0,0 +1,158 @@
+import { generatePartialSHA256 } from './partial-sha';
+
+type GenerateInputsParams = {
+  jwt: string;
+  pubkey: JsonWebKey;
+  shaPrecomputeTillKeys?: string[];
+  maxSignedDataLength: number;
+}
+
+type JWTCircuitInputs = {
+  data?: {
+    storage: number[];
+    len: number;
+  };
+  base64_decode_offset: number;
+  pubkey_modulus_limbs: string[];
+  redc_params_limbs: string[];
+  signature_limbs: string[];
+  partial_data?: {
+    storage: number[];
+    len: number;
+  };
+  partial_hash?: number[];
+  full_data_length?: number;
+}
+
+/*
+* Generates circuit inputs required for the jwt lib
+* @param {Object} params - The input parameters
+* @param {string} params.jwt - The JWT token to process (string)
+* @param {JsonWebKey} params.pubkey - The public key to verify the signature (JsonWebKey)
+* @param {string[]} params.shaPrecomputeTillKeys - (optional) Key(s) in the payload until which SHA should be precomputed
+* @param {number} params.maxSignedDataLength - Maximum length of signed data (with or without partial hash) allowed by the circuit
+*/
+export async function generateInputs({
+  jwt,
+  pubkey,
+  shaPrecomputeTillKeys,
+  maxSignedDataLength, // when using partial hash, this will be the length of data after partial hash
+}: GenerateInputsParams) {
+  // Parse token
+  const [headerB64, payloadB64] = jwt.split(".");
+
+  // Extract signed data as byte array
+  const signedDataString = jwt.split(".").slice(0, 2).join("."); // $header.$payload
+  const signedData = new TextEncoder().encode(signedDataString) as Uint8Array;
+
+  // Extract signature as bigint
+  const signatureBase64Url = jwt.split(".")[2];
+  const signatureBase64 = signatureBase64Url
+    .replace(/-/g, "+")
+    .replace(/_/g, "/");
+
+  const signature = new Uint8Array(
+    atob(signatureBase64)
+      .split("")
+      .map((c) => c.charCodeAt(0))
+  );
+
+  const signatureBigInt = BigInt("0x" + Array.from(signature).map(b => b.toString(16).padStart(2, '0')).join(''));
+
+  // Extract pubkey modulus as bigint
+  const pubkeyBigInt = BigInt("0x" + atob(pubkey.n!.replace(/-/g, "+").replace(/_/g, "/"))
+    .split("")
+    .map(c => c.charCodeAt(0).toString(16).padStart(2, "0"))
+    .join(""));
+  const redcParam = (1n << (2n * 2048n + 4n)) / pubkeyBigInt; // something needed by the noir big-num lib 
+
+  const inputs: Partial<JWTCircuitInputs> = {
+    pubkey_modulus_limbs: splitBigIntToChunks(pubkeyBigInt, 120, 18).map(s => s.toString()),
+    redc_params_limbs: splitBigIntToChunks(redcParam, 120, 18).map(s => s.toString()),
+    signature_limbs: splitBigIntToChunks(signatureBigInt, 120, 18).map(s => s.toString()),
+  };
+
+  if (!shaPrecomputeTillKeys || shaPrecomputeTillKeys.length === 0) {
+    // No precompute selector - no need to precompute SHA256
+    if (signedData.length > maxSignedDataLength) {
+      throw new Error("Signed data length exceeds maxSignedDataLength");
+    }
+    const signedDataPadded = new Uint8Array(maxSignedDataLength);
+    signedDataPadded.set(signedData);
+    inputs.data = {
+      storage: Array.from(signedDataPadded),
+      len: signedData.length,
+    }
+    // entire payload is base64 decode-able when not using partial hash
+    // offset in signed data is the index of payload start
+    // this can be any multiple of 4 from payload start, if you want to skip some bytes from start
+    inputs.base64_decode_offset = headerB64.length + 1;
+  } else {
+    // Precompute SHA256 of the signed data
+    // SHA256 is done in 64 byte chunks, so we can hash upto certain portion outside of circuit to save constraints
+    // Signed data is $headerB64.$payloadB64
+    // We need to find the index in B64 payload corresponding to min(hdIndex, nonceIndex) when decoded
+    // Then we find the 64 byte boundary before this index and precompute the SHA256 upto that
+    const payloadString = atob(payloadB64);
+    const indicesOfPrecomputeKeys = shaPrecomputeTillKeys.map((key) =>
+      payloadString.indexOf(`"${key}":`)
+    );
+    const smallerIndex = Math.min(...indicesOfPrecomputeKeys);
+    const smallerIndexInB64 = Math.floor((smallerIndex * 4) / 3); // 4 B64 chars = 3 bytes
+
+    const sliceStart = headerB64.length + smallerIndexInB64 + 1; // +1 for the '.'
+
+    // Precompute the SHA256 hash
+    const { partialHash, remainingData } =
+      await generatePartialSHA256(signedData, sliceStart);
+
+    // Pad to the max length configured in the circuit
+    if (remainingData.length > maxSignedDataLength) {
+      throw new Error("remainingData after partial hash exceeds maxSignedDataLength");
+    }
+
+    const remainingDataPadded = new Uint8Array(maxSignedDataLength);
+    remainingDataPadded.set(remainingData);
+
+    inputs.partial_data = {
+      storage: Array.from(remainingDataPadded),
+      len: remainingData.length,
+    };
+    inputs.partial_hash = Array.from(partialHash);
+    inputs.full_data_length = signedData.length;
+
+    // when using partial hash, the data after the partial hash might not be a valid base64
+    // we need to find an offset (1, 2, or 3) such that the remaining payload is base64 decode-able
+    // this is the number that should be added to the "payload chunk that was included in SHA precompute"
+    // to make it a multiple of 4
+    // in other words, if you trim offset number of bytes from the remaining payload, it will be base64 decode-able
+    const shaCutoffIndex = signedData.length - remainingData.length;
+    const payloadBytesInShaPrecompute = shaCutoffIndex - (headerB64.length + 1);
+    const offsetToMakeIt4x = 4 - (payloadBytesInShaPrecompute % 4);
+    inputs.base64_decode_offset = offsetToMakeIt4x;
+  }
+
+  return inputs as JWTCircuitInputs;
+}
+
+
+/*
+* Splits a BigInt into fixed-size chunks
+* @param {bigint} bigInt - The BigInt to split
+* @param {number} chunkSize - Size of each chunk in bits
+* @param {number} numChunks - Number of chunks to split into
+* @returns {bigint[]} Array of BigInt chunks
+*/
+export function splitBigIntToChunks(
+  bigInt: bigint,
+  chunkSize: number,
+  numChunks: number
+) {
+  const chunks = [];
+  const mask = (1n << BigInt(chunkSize)) - 1n;
+  for (let i = 0; i < numChunks; i++) {
+    const chunk = (bigInt / (1n << (BigInt(i) * BigInt(chunkSize)))) & mask;
+    chunks.push(chunk);
+  }
+  return chunks;
+}

package/src/index.ts

@@ -0,0 +1,43 @@
+/**
+ * Signet DKMS SDK
+ *
+ * Framework-agnostic library for Signet protocol interactions.
+ *
+ * This barrel export includes only the core modules that have no heavy
+ * dependencies. For ZK proof generation (client-side), import directly:
+ *
+ *   import { generateJWTProof } from "@oleary-labs/signet-sdk/proof"
+ *   import { buildFullWitness } from "@oleary-labs/signet-sdk/witness"
+ *
+ * These require @noir-lang/noir_js, @aztec/bb.js, and
+ * @oleary-labs/signet-circuits as peer dependencies.
+ */
+
+// Core
+export * from "./types";
+export * from "./session";
+export * from "./request";
+export * from "./keygen";
+
+// Auth (lightweight — no WASM)
+export * from "./oauth";
+export * from "./jwt";
+export * from "./jwks";
+export * from "./bootstrap";
+export * from "./authkey-session";
+export * from "./server-prover";
+
+// Admin
+export * from "./admin";
+
+// Signing + Delegation
+export * from "./delegate";
+export * from "./scopedSign";
+export * from "./frostVerify";
+
+// x402
+export * from "./x402";
+
+// ERC-4337
+export * from "./userop";
+export * from "./bundler";