@oobit/react-native-sdk 1.0.7 → 2.0.0

package/dist/cryptoUtils.d.ts

@@ -1,64 +0,0 @@
-/**
- * Crypto Utilities for Card Details Session Generation
- *
- * CRITICAL: This implementation MUST match Android's PublicKeyCryptoHelper.kt exactly:
- * - RSA Algorithm: RSA/ECB/OAEPWithSHA-1AndMGF1Padding
- * - Secret Key: UUID without dashes (32 hex chars = 16 bytes = 128-bit)
- * - Input to RSA: secretKey as Base64 string
- * - Output: encrypted sessionId as Base64 string
- *
- * Uses node-forge for pure JavaScript RSA-OAEP encryption.
- * This works in Expo Go without native modules.
- */
-/**
- * Generates a random hex key matching Android's generateRandomHexKey()
- *
- * Creates a UUID v4 without dashes = 32 hex characters = 16 bytes = 128-bit key
- * This matches the format used in Android's PublicKeyCryptoHelper
- *
- * @returns 32-character hexadecimal string
- */
-export declare function generateRandomHexKey(): string;
-/**
- * Converts a hex string to Base64 encoding
- * Matches Android's hexToBase64() method
- *
- * @param hexString - Hexadecimal string (must have even length)
- * @returns Base64 encoded string
- */
-export declare function hexToBase64(hexString: string): string;
-/**
- * Encrypts data using RSA with OAEP-SHA1 padding
- *
- * MUST match Android's RSA/ECB/OAEPWithSHA-1AndMGF1Padding algorithm
- *
- * @param data - Plain text data to encrypt (Base64 string of the secret key)
- * @param publicKeyPem - RSA public key in PEM format
- * @returns Encrypted data as Base64 string
- * @throws Error if encryption fails
- */
-export declare function encryptWithRSA(data: string, publicKeyPem: string): string;
-/**
- * Generates session credentials for card details API request
- *
- * This is the main function that creates the cryptographically linked
- * sessionId + secretKey pair, matching Android's PublicKeyCryptoHelper.generateSessionId()
- *
- * Flow:
- * 1. Generate random secretKeyHex (UUID without dashes)
- * 2. Convert secretKeyHex to Base64
- * 3. Encrypt Base64 key with RSA public key → sessionId
- * 4. Return both secretKeyHex (for client-side decryption) and sessionId (for API header)
- *
- * @param publicKeyPem - RSA public key in PEM format (from widget)
- * @returns Object containing:
- *   - secretKeyHex: Keep on device for AES-GCM decryption (32 hex chars)
- *   - sessionId: Send to API as SessionId header (RSA-encrypted, Base64)
- * @throws Error if key generation or encryption fails
- */
-export declare function generateSessionCredentials(publicKeyPem: string): SessionCredentials;
-export interface SessionCredentials {
-    secretKeyHex: string;
-    sessionId: string;
-}
-//# sourceMappingURL=cryptoUtils.d.ts.map

package/dist/cryptoUtils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"cryptoUtils.d.ts","sourceRoot":"","sources":["../src/cryptoUtils.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAU7C;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAUrD;AAED;;;;;;;;;GASG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CAmBzE;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,0BAA0B,CAAC,YAAY,EAAE,MAAM,GAAG,kBAAkB,CAqBnF;AAGD,MAAM,WAAW,kBAAkB;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dist/cryptoUtils.js

@@ -1,123 +0,0 @@
-"use strict";
-/**
- * Crypto Utilities for Card Details Session Generation
- *
- * CRITICAL: This implementation MUST match Android's PublicKeyCryptoHelper.kt exactly:
- * - RSA Algorithm: RSA/ECB/OAEPWithSHA-1AndMGF1Padding
- * - Secret Key: UUID without dashes (32 hex chars = 16 bytes = 128-bit)
- * - Input to RSA: secretKey as Base64 string
- * - Output: encrypted sessionId as Base64 string
- *
- * Uses node-forge for pure JavaScript RSA-OAEP encryption.
- * This works in Expo Go without native modules.
- */
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateRandomHexKey = generateRandomHexKey;
-exports.hexToBase64 = hexToBase64;
-exports.encryptWithRSA = encryptWithRSA;
-exports.generateSessionCredentials = generateSessionCredentials;
-const node_forge_1 = __importDefault(require("node-forge"));
-/**
- * Generates a random hex key matching Android's generateRandomHexKey()
- *
- * Creates a UUID v4 without dashes = 32 hex characters = 16 bytes = 128-bit key
- * This matches the format used in Android's PublicKeyCryptoHelper
- *
- * @returns 32-character hexadecimal string
- */
-function generateRandomHexKey() {
-    // Generate UUID v4 pattern and remove dashes
-    // This matches Android's java.util.UUID.randomUUID().toString().replace("-", "")
-    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'
-        .replace(/[xy]/g, (c) => {
-        const r = (Math.random() * 16) | 0;
-        const v = c === 'x' ? r : (r & 0x3) | 0x8;
-        return v.toString(16);
-    })
-        .replace(/-/g, '');
-}
-/**
- * Converts a hex string to Base64 encoding
- * Matches Android's hexToBase64() method
- *
- * @param hexString - Hexadecimal string (must have even length)
- * @returns Base64 encoded string
- */
-function hexToBase64(hexString) {
-    // Convert hex string to binary string
-    let binaryString = '';
-    for (let i = 0; i < hexString.length; i += 2) {
-        const byte = parseInt(hexString.substring(i, i + 2), 16);
-        binaryString += String.fromCharCode(byte);
-    }
-    // Use forge's utility for Base64 encoding
-    return node_forge_1.default.util.encode64(binaryString);
-}
-/**
- * Encrypts data using RSA with OAEP-SHA1 padding
- *
- * MUST match Android's RSA/ECB/OAEPWithSHA-1AndMGF1Padding algorithm
- *
- * @param data - Plain text data to encrypt (Base64 string of the secret key)
- * @param publicKeyPem - RSA public key in PEM format
- * @returns Encrypted data as Base64 string
- * @throws Error if encryption fails
- */
-function encryptWithRSA(data, publicKeyPem) {
-    try {
-        // Parse the PEM-formatted public key
-        const publicKey = node_forge_1.default.pki.publicKeyFromPem(publicKeyPem);
-        // Encrypt using RSA-OAEP with SHA-1 (matches Android's OAEPWithSHA-1AndMGF1Padding)
-        const encrypted = publicKey.encrypt(data, 'RSA-OAEP', {
-            md: node_forge_1.default.md.sha1.create(),
-            mgf1: {
-                md: node_forge_1.default.md.sha1.create(),
-            },
-        });
-        // Encode to Base64
-        return node_forge_1.default.util.encode64(encrypted);
-    }
-    catch (error) {
-        console.error('[CryptoUtils] RSA encryption failed:', error);
-        throw new Error('Failed to encrypt session data');
-    }
-}
-/**
- * Generates session credentials for card details API request
- *
- * This is the main function that creates the cryptographically linked
- * sessionId + secretKey pair, matching Android's PublicKeyCryptoHelper.generateSessionId()
- *
- * Flow:
- * 1. Generate random secretKeyHex (UUID without dashes)
- * 2. Convert secretKeyHex to Base64
- * 3. Encrypt Base64 key with RSA public key → sessionId
- * 4. Return both secretKeyHex (for client-side decryption) and sessionId (for API header)
- *
- * @param publicKeyPem - RSA public key in PEM format (from widget)
- * @returns Object containing:
- *   - secretKeyHex: Keep on device for AES-GCM decryption (32 hex chars)
- *   - sessionId: Send to API as SessionId header (RSA-encrypted, Base64)
- * @throws Error if key generation or encryption fails
- */
-function generateSessionCredentials(publicKeyPem) {
-    // Validate public key
-    if (!publicKeyPem || !publicKeyPem.includes('BEGIN PUBLIC KEY')) {
-        throw new Error('Invalid RSA public key format');
-    }
-    // Step 1: Generate random secret key (matches Android's generateRandomHexKey)
-    const secretKeyHex = generateRandomHexKey();
-    // Step 2: Convert to Base64 (matches Android's hexToBase64)
-    const secretKeyBase64 = hexToBase64(secretKeyHex);
-    // Step 3: Encrypt with RSA public key (matches Android's encryptWithPublicKey)
-    const sessionId = encryptWithRSA(secretKeyBase64, publicKeyPem);
-    console.log('[CryptoUtils] Session credentials generated successfully');
-    return {
-        secretKeyHex,
-        sessionId,
-    };
-}
-//# sourceMappingURL=cryptoUtils.js.map

package/dist/cryptoUtils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cryptoUtils.js","sourceRoot":"","sources":["../src/cryptoUtils.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;;;AAYH,oDAUC;AASD,kCAUC;AAYD,wCAmBC;AAoBD,gEAqBC;AA/GD,4DAA+B;AAE/B;;;;;;;GAOG;AACH,SAAgB,oBAAoB;IAClC,6CAA6C;IAC7C,iFAAiF;IACjF,OAAO,sCAAsC;SAC1C,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;QACtB,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;QAC1C,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC,CAAC;SACD,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AACvB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,WAAW,CAAC,SAAiB;IAC3C,sCAAsC;IACtC,IAAI,YAAY,GAAG,EAAE,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzD,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC;IAED,0CAA0C;IAC1C,OAAO,oBAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,cAAc,CAAC,IAAY,EAAE,YAAoB;IAC/D,IAAI,CAAC;QACH,qCAAqC;QACrC,MAAM,SAAS,GAAG,oBAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;QAE3D,oFAAoF;QACpF,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE;YACpD,EAAE,EAAE,oBAAK,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE;YAC1B,IAAI,EAAE;gBACJ,EAAE,EAAE,oBAAK,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE;aAC3B;SACF,CAAC,CAAC;QAEH,mBAAmB;QACnB,OAAO,oBAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAgB,0BAA0B,CAAC,YAAoB;IAC7D,sBAAsB;IACtB,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IAED,8EAA8E;IAC9E,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;IAE5C,4DAA4D;IAC5D,MAAM,eAAe,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;IAElD,+EAA+E;IAC/E,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;IAEhE,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;IAExE,OAAO;QACL,YAAY;QACZ,SAAS;KACV,CAAC;AACJ,CAAC"}

package/src/biometricUtils.ts

@@ -1,183 +0,0 @@
-/**
- * Biometric Authentication Utilities
- *
- * Provides cross-platform biometric authentication for card details access.
- * Uses expo-local-authentication which works in Expo Go without native modules.
- *
- * @requires expo-local-authentication - included in Expo SDK
- */
-
-import * as LocalAuthentication from 'expo-local-authentication';
-
-/**
- * Result of a biometric authentication attempt
- */
-export interface BiometricResult {
-  /** Whether authentication was successful */
-  success: boolean;
-  /** Error details if authentication failed */
-  error?: {
-    reason: 'cancelled' | 'failed' | 'not_available' | 'not_enrolled';
-    message?: string;
-  };
-}
-
-/**
- * Information about biometric capabilities on the device
- */
-export interface BiometricAvailability {
-  /** Whether any biometric authentication is available */
-  available: boolean;
-  /** The types of biometry available */
-  biometryTypes: LocalAuthentication.AuthenticationType[];
-}
-
-/**
- * Checks if biometric authentication is available on the device
- *
- * @returns Object containing availability status and biometry types
- */
-export async function isBiometricAvailable(): Promise<BiometricAvailability> {
-  try {
-    const hasHardware = await LocalAuthentication.hasHardwareAsync();
-    const isEnrolled = await LocalAuthentication.isEnrolledAsync();
-    const supportedTypes = await LocalAuthentication.supportedAuthenticationTypesAsync();
-
-    return {
-      available: hasHardware && isEnrolled,
-      biometryTypes: supportedTypes,
-    };
-  } catch (error) {
-    console.error('[BiometricUtils] Error checking biometric availability:', error);
-    return {
-      available: false,
-      biometryTypes: [],
-    };
-  }
-}
-
-/**
- * Prompts the user for biometric authentication
- *
- * This function should be called before generating session credentials
- * for viewing card details. It ensures proper user verification before
- * accessing sensitive payment card information.
- *
- * @param promptMessage - Message to display in the biometric prompt
- * @returns Result indicating success or failure with reason
- *
- * @example
- * ```typescript
- * const result = await authenticateWithBiometrics('Authenticate to view card details');
- * if (result.success) {
- *   // Proceed with generating session credentials
- * } else {
- *   // Handle failure based on result.error.reason
- * }
- * ```
- */
-export async function authenticateWithBiometrics(
-  promptMessage: string = 'Authenticate to view card details'
-): Promise<BiometricResult> {
-  try {
-    // First check if biometrics are available
-    const hasHardware = await LocalAuthentication.hasHardwareAsync();
-
-    if (!hasHardware) {
-      console.log('[BiometricUtils] Biometrics not available on device');
-      return {
-        success: false,
-        error: {
-          reason: 'not_available',
-          message: 'Biometric authentication is not available on this device',
-        },
-      };
-    }
-
-    // Check if biometrics are enrolled
-    const isEnrolled = await LocalAuthentication.isEnrolledAsync();
-
-    if (!isEnrolled) {
-      console.log('[BiometricUtils] No biometrics enrolled');
-      return {
-        success: false,
-        error: {
-          reason: 'not_enrolled',
-          message: 'No biometric authentication is set up on this device',
-        },
-      };
-    }
-
-    console.log('[BiometricUtils] Attempting biometric authentication...');
-
-    // Perform the biometric authentication
-    const result = await LocalAuthentication.authenticateAsync({
-      promptMessage,
-      cancelLabel: 'Cancel',
-      disableDeviceFallback: false, // Allow PIN/password fallback
-      fallbackLabel: 'Use Passcode',
-    });
-
-    if (result.success) {
-      console.log('[BiometricUtils] Biometric authentication successful');
-      return { success: true };
-    }
-
-    // Handle various failure reasons
-    console.log('[BiometricUtils] Biometric authentication failed:', result.error);
-
-    let reason: 'cancelled' | 'failed' | 'not_available' | 'not_enrolled' = 'failed';
-
-    if (result.error === 'user_cancel' || result.error === 'system_cancel') {
-      reason = 'cancelled';
-    } else if (result.error === 'not_enrolled') {
-      reason = 'not_enrolled';
-    } else if (result.error === 'not_available') {
-      reason = 'not_available';
-    }
-
-    return {
-      success: false,
-      error: {
-        reason,
-        message: result.warning || 'Authentication failed',
-      },
-    };
-  } catch (error) {
-    console.error('[BiometricUtils] Biometric authentication error:', error);
-
-    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred';
-
-    return {
-      success: false,
-      error: {
-        reason: 'failed',
-        message: errorMessage,
-      },
-    };
-  }
-}
-
-/**
- * Gets a user-friendly description of the biometric type
- *
- * @param biometryType - The biometry type from the device
- * @returns Human-readable string for the biometry type
- */
-export function getBiometryTypeLabel(
-  biometryType: LocalAuthentication.AuthenticationType
-): string {
-  switch (biometryType) {
-    case LocalAuthentication.AuthenticationType.FACIAL_RECOGNITION:
-      return 'Face ID';
-    case LocalAuthentication.AuthenticationType.FINGERPRINT:
-      return 'Touch ID';
-    case LocalAuthentication.AuthenticationType.IRIS:
-      return 'Iris';
-    default:
-      return 'Biometric Authentication';
-  }
-}
-
-// Re-export AuthenticationType for convenience
-export { AuthenticationType } from 'expo-local-authentication';

package/src/cryptoUtils.ts

@@ -1,131 +0,0 @@
-/**
- * Crypto Utilities for Card Details Session Generation
- *
- * CRITICAL: This implementation MUST match Android's PublicKeyCryptoHelper.kt exactly:
- * - RSA Algorithm: RSA/ECB/OAEPWithSHA-1AndMGF1Padding
- * - Secret Key: UUID without dashes (32 hex chars = 16 bytes = 128-bit)
- * - Input to RSA: secretKey as Base64 string
- * - Output: encrypted sessionId as Base64 string
- *
- * Uses node-forge for pure JavaScript RSA-OAEP encryption.
- * This works in Expo Go without native modules.
- */
-
-import forge from 'node-forge';
-
-/**
- * Generates a random hex key matching Android's generateRandomHexKey()
- *
- * Creates a UUID v4 without dashes = 32 hex characters = 16 bytes = 128-bit key
- * This matches the format used in Android's PublicKeyCryptoHelper
- *
- * @returns 32-character hexadecimal string
- */
-export function generateRandomHexKey(): string {
-  // Generate UUID v4 pattern and remove dashes
-  // This matches Android's java.util.UUID.randomUUID().toString().replace("-", "")
-  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'
-    .replace(/[xy]/g, (c) => {
-      const r = (Math.random() * 16) | 0;
-      const v = c === 'x' ? r : (r & 0x3) | 0x8;
-      return v.toString(16);
-    })
-    .replace(/-/g, '');
-}
-
-/**
- * Converts a hex string to Base64 encoding
- * Matches Android's hexToBase64() method
- *
- * @param hexString - Hexadecimal string (must have even length)
- * @returns Base64 encoded string
- */
-export function hexToBase64(hexString: string): string {
-  // Convert hex string to binary string
-  let binaryString = '';
-  for (let i = 0; i < hexString.length; i += 2) {
-    const byte = parseInt(hexString.substring(i, i + 2), 16);
-    binaryString += String.fromCharCode(byte);
-  }
-
-  // Use forge's utility for Base64 encoding
-  return forge.util.encode64(binaryString);
-}
-
-/**
- * Encrypts data using RSA with OAEP-SHA1 padding
- *
- * MUST match Android's RSA/ECB/OAEPWithSHA-1AndMGF1Padding algorithm
- *
- * @param data - Plain text data to encrypt (Base64 string of the secret key)
- * @param publicKeyPem - RSA public key in PEM format
- * @returns Encrypted data as Base64 string
- * @throws Error if encryption fails
- */
-export function encryptWithRSA(data: string, publicKeyPem: string): string {
-  try {
-    // Parse the PEM-formatted public key
-    const publicKey = forge.pki.publicKeyFromPem(publicKeyPem);
-
-    // Encrypt using RSA-OAEP with SHA-1 (matches Android's OAEPWithSHA-1AndMGF1Padding)
-    const encrypted = publicKey.encrypt(data, 'RSA-OAEP', {
-      md: forge.md.sha1.create(),
-      mgf1: {
-        md: forge.md.sha1.create(),
-      },
-    });
-
-    // Encode to Base64
-    return forge.util.encode64(encrypted);
-  } catch (error) {
-    console.error('[CryptoUtils] RSA encryption failed:', error);
-    throw new Error('Failed to encrypt session data');
-  }
-}
-
-/**
- * Generates session credentials for card details API request
- *
- * This is the main function that creates the cryptographically linked
- * sessionId + secretKey pair, matching Android's PublicKeyCryptoHelper.generateSessionId()
- *
- * Flow:
- * 1. Generate random secretKeyHex (UUID without dashes)
- * 2. Convert secretKeyHex to Base64
- * 3. Encrypt Base64 key with RSA public key → sessionId
- * 4. Return both secretKeyHex (for client-side decryption) and sessionId (for API header)
- *
- * @param publicKeyPem - RSA public key in PEM format (from widget)
- * @returns Object containing:
- *   - secretKeyHex: Keep on device for AES-GCM decryption (32 hex chars)
- *   - sessionId: Send to API as SessionId header (RSA-encrypted, Base64)
- * @throws Error if key generation or encryption fails
- */
-export function generateSessionCredentials(publicKeyPem: string): SessionCredentials {
-  // Validate public key
-  if (!publicKeyPem || !publicKeyPem.includes('BEGIN PUBLIC KEY')) {
-    throw new Error('Invalid RSA public key format');
-  }
-
-  // Step 1: Generate random secret key (matches Android's generateRandomHexKey)
-  const secretKeyHex = generateRandomHexKey();
-
-  // Step 2: Convert to Base64 (matches Android's hexToBase64)
-  const secretKeyBase64 = hexToBase64(secretKeyHex);
-
-  // Step 3: Encrypt with RSA public key (matches Android's encryptWithPublicKey)
-  const sessionId = encryptWithRSA(secretKeyBase64, publicKeyPem);
-
-  console.log('[CryptoUtils] Session credentials generated successfully');
-
-  return {
-    secretKeyHex,
-    sessionId,
-  };
-}
-
-// Export types for type safety
-export interface SessionCredentials {
-  secretKeyHex: string;
-  sessionId: string;
-}