@opaquecash/opaque 0.1.1 → 0.2.0

package/dist/resolve.js

@@ -0,0 +1,221 @@
+/**
+ * Recipient identity resolution beyond the on-chain registries (CSAP §2.9).
+ *
+ * `OpaqueClient.resolveRecipient` accepts, in one entry point:
+ *   - a raw 66-byte meta-address (`0x…` 132 hex, optionally `st:opq:`-prefixed)
+ *   - a 20-byte EVM address  → ERC-6538 `StealthMetaAddressRegistry`
+ *   - a Solana base58 pubkey → `stealth-registry` PDA
+ *   - `ipfs://…` / bare CID  → off-chain DID document fetch (gateway or injected loader)
+ *   - `*.eth`                → ENS `com.opaque.meta` text record (read path; ONS is Phase 6)
+ *
+ * Every path funnels through {@link parseMetaAddressValue}, which validates that both
+ * 33-byte halves are valid compressed secp256k1 points before the value is used.
+ */
+import { secp256k1 } from "@noble/curves/secp256k1";
+/** ENSIP-5 reverse-DNS record key for a published meta-address (CSAP §2.9). */
+export const OPAQUE_META_RECORD_KEY = "com.opaque.meta";
+/** Optional self-describing prefix for published meta-address values (CSAP §2.9). */
+export const META_ADDRESS_VALUE_PREFIX = "st:opq:";
+/** Default public IPFS gateways tried in order for `ipfs://` recipients. */
+export const DEFAULT_IPFS_GATEWAYS = [
+    "https://ipfs.io",
+    "https://cloudflare-ipfs.com",
+];
+/**
+ * Parse and validate a published meta-address value: the §2.1 serialisation
+ * (`0x` + 132 hex, `V‖S`), optionally `st:opq:`-prefixed. Returns the canonical
+ * `0x`-form, or `null` when malformed or when either 33-byte half is not a valid
+ * compressed secp256k1 point.
+ */
+export function parseMetaAddressValue(value) {
+    let v = value.trim();
+    if (v.startsWith(META_ADDRESS_VALUE_PREFIX)) {
+        v = v.slice(META_ADDRESS_VALUE_PREFIX.length).trim();
+    }
+    if (!v.startsWith("0x") && /^[0-9a-fA-F]{132}$/.test(v))
+        v = `0x${v}`;
+    if (!/^0x[0-9a-fA-F]{132}$/.test(v))
+        return null;
+    const viewHalf = v.slice(2, 68);
+    const spendHalf = v.slice(68, 134);
+    for (const half of [viewHalf, spendHalf]) {
+        if (!isCompressedSecp256k1Point(half))
+            return null;
+    }
+    return v.toLowerCase();
+}
+function isCompressedSecp256k1Point(hex66) {
+    const prefix = hex66.slice(0, 2);
+    if (prefix !== "02" && prefix !== "03")
+        return false;
+    try {
+        secp256k1.ProjectivePoint.fromHex(hex66).assertValidity();
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/** True for a 20-byte `0x` EVM address. */
+export function isEvmAddressInput(input) {
+    return /^0x[0-9a-fA-F]{40}$/.test(input);
+}
+/** True for a plausible Solana base58 pubkey (32 bytes ≈ 32–44 base58 chars). */
+export function isSolanaPubkeyInput(input) {
+    return /^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(input);
+}
+/** True for an ENS name (`*.eth`). */
+export function isEnsNameInput(input) {
+    return /^[^\s.]+(\.[^\s.]+)*\.eth$/i.test(input);
+}
+/** True for an SNS name (`*.sol`). */
+export function isSnsNameInput(input) {
+    return /^[^\s.]+(\.[^\s.]+)*\.sol$/i.test(input);
+}
+/**
+ * True when `input` is a depth-1 subname of the ONS parent in force
+ * (`alice.opq.eth` for parent `opq.eth`; `alice.opqtest.eth` on testnet).
+ */
+export function isOnsNameInput(input, parentName) {
+    const lower = input.toLowerCase();
+    const parent = parentName.toLowerCase();
+    if (!lower.endsWith(`.${parent}`))
+        return false;
+    const label = lower.slice(0, lower.length - parent.length - 1);
+    return /^[a-z0-9-]{1,63}$/.test(label) && !label.startsWith("-") && !label.endsWith("-");
+}
+/**
+ * Read the `com.opaque.meta` TXT record of a `.sol` domain through the injected
+ * SNS reader and validate it. Throws when no reader is configured, the record is
+ * unset, or the value is not a valid meta-address.
+ */
+export async function resolveSnsMetaAddress(name, snsGetRecord) {
+    if (!snsGetRecord) {
+        throw new Error("Opaque: .sol resolution needs SNS access (pass `solana` to OpaqueClient.create for the " +
+            "bundled Records V2 TXT reader, or inject sns.getRecord).");
+    }
+    const value = await snsGetRecord(name, OPAQUE_META_RECORD_KEY);
+    if (!value) {
+        throw new Error(`Opaque: ${name} has no ${OPAQUE_META_RECORD_KEY} (TXT) record.`);
+    }
+    const meta = parseMetaAddressValue(value);
+    if (!meta) {
+        throw new Error(`Opaque: ${name}'s TXT record is not a valid 66-byte meta-address.`);
+    }
+    return meta;
+}
+/**
+ * Extract the `<cid>[/path]` from an `ipfs://` URI, an `/ipfs/` gateway path, or a
+ * bare CID (v0 `Qm…` base58 or v1 base32). Returns `null` when the input is not IPFS-shaped.
+ */
+export function ipfsPathFromInput(input) {
+    let rest = null;
+    if (input.startsWith("ipfs://")) {
+        rest = input.slice("ipfs://".length).replace(/^ipfs\//, "");
+    }
+    else if (input.startsWith("/ipfs/")) {
+        rest = input.slice("/ipfs/".length);
+    }
+    else if (/^Qm[1-9A-HJ-NP-Za-km-z]{44}(\/.*)?$/.test(input) ||
+        /^b[a-z2-7]{30,}(\/.*)?$/.test(input)) {
+        rest = input;
+    }
+    if (!rest)
+        return null;
+    const cid = rest.split("/")[0];
+    const cidOk = /^Qm[1-9A-HJ-NP-Za-km-z]{44}$/.test(cid) || /^b[a-z2-7]{30,}$/.test(cid);
+    return cidOk ? rest : null;
+}
+/**
+ * Pull a meta-address out of a DID document (or any JSON object) fetched from IPFS.
+ * Accepted shapes, in order:
+ *   1. a `service` entry of type `OpaqueStealthMetaAddress` whose `serviceEndpoint`
+ *      carries the value (W3C DID style)
+ *   2. a top-level `com.opaque.meta` or `opaqueMetaAddress` field
+ * Values may be `st:opq:`-prefixed; both halves are point-validated.
+ */
+export function extractMetaAddressFromDidDocument(doc) {
+    if (doc == null || typeof doc !== "object")
+        return null;
+    const d = doc;
+    const services = Array.isArray(d.service) ? d.service : [];
+    for (const s of services) {
+        if (s == null || typeof s !== "object")
+            continue;
+        const svc = s;
+        if (svc.type !== "OpaqueStealthMetaAddress")
+            continue;
+        const endpoint = svc.serviceEndpoint;
+        if (typeof endpoint === "string") {
+            const meta = parseMetaAddressValue(endpoint);
+            if (meta)
+                return meta;
+        }
+    }
+    for (const key of [OPAQUE_META_RECORD_KEY, "opaqueMetaAddress"]) {
+        const v = d[key];
+        if (typeof v === "string") {
+            const meta = parseMetaAddressValue(v);
+            if (meta)
+                return meta;
+        }
+    }
+    return null;
+}
+/**
+ * Fetch a DID document from IPFS via the configured gateways (tried in order) and
+ * extract its meta-address. Throws when every gateway fails or no valid meta-address
+ * is present in the document.
+ */
+export async function resolveIpfsDidMetaAddress(cidPath, transports = {}) {
+    const gateways = transports.ipfsGateways ?? DEFAULT_IPFS_GATEWAYS;
+    const fetchFn = transports.fetchFn ?? globalThis.fetch;
+    if (!fetchFn) {
+        throw new Error("Opaque: no fetch implementation available for IPFS resolution; pass transports.fetchFn.");
+    }
+    let lastError = null;
+    for (const gateway of gateways) {
+        const url = `${gateway.replace(/\/$/, "")}/ipfs/${cidPath}`;
+        try {
+            const res = await fetchFn(url);
+            if (!res.ok) {
+                lastError = new Error(`${url} -> HTTP ${res.status}`);
+                continue;
+            }
+            const doc = await res.json();
+            const meta = extractMetaAddressFromDidDocument(doc);
+            if (!meta) {
+                throw new Error(`Opaque: DID document at ipfs://${cidPath} carries no valid com.opaque.meta meta-address.`);
+            }
+            return meta;
+        }
+        catch (e) {
+            if (e instanceof Error && e.message.includes("com.opaque.meta"))
+                throw e;
+            lastError = e;
+        }
+    }
+    throw new Error(`Opaque: failed to fetch DID document ipfs://${cidPath} from ${gateways.length} gateway(s): ${String(lastError)}`);
+}
+/**
+ * Read the `com.opaque.meta` text record for an ENS name through the injected reader
+ * and validate it. Throws when the record is unset or invalid. The on-chain registry
+ * stays authoritative on conflict (CSAP §2.9) — callers who also hold a registry entry
+ * for the name's address SHOULD prefer that entry.
+ */
+export async function resolveEnsMetaAddress(name, transports) {
+    if (!transports.ensGetText) {
+        throw new Error("Opaque: ENS resolution needs an ens.getText reader (pass `ens` to OpaqueClient.create " +
+            "or transports.ensGetText). An ENS-capable RPC (mainnet/Sepolia) is required.");
+    }
+    const value = await transports.ensGetText(name, OPAQUE_META_RECORD_KEY);
+    if (!value) {
+        throw new Error(`Opaque: ${name} has no ${OPAQUE_META_RECORD_KEY} text record.`);
+    }
+    const meta = parseMetaAddressValue(value);
+    if (!meta) {
+        throw new Error(`Opaque: ${name}'s ${OPAQUE_META_RECORD_KEY} record is not a valid 66-byte meta-address.`);
+    }
+    return meta;
+}
+//# sourceMappingURL=resolve.js.map

package/dist/resolve.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve.js","sourceRoot":"","sources":["../src/resolve.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAGpD,+EAA+E;AAC/E,MAAM,CAAC,MAAM,sBAAsB,GAAG,iBAAiB,CAAC;AAExD,qFAAqF;AACrF,MAAM,CAAC,MAAM,yBAAyB,GAAG,SAAS,CAAC;AAEnD,4EAA4E;AAC5E,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,iBAAiB;IACjB,6BAA6B;CACrB,CAAC;AAuCX;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAa;IACjD,IAAI,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACrB,IAAI,CAAC,CAAC,UAAU,CAAC,yBAAyB,CAAC,EAAE,CAAC;QAC5C,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC;IACtE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;IACnC,KAAK,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE,CAAC;QACzC,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACrD,CAAC;IACD,OAAO,CAAC,CAAC,WAAW,EAAS,CAAC;AAChC,CAAC;AAED,SAAS,0BAA0B,CAAC,KAAa;IAC/C,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjC,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACrD,IAAI,CAAC;QACH,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,cAAc,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,2CAA2C;AAC3C,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,OAAO,+BAA+B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACrD,CAAC;AAED,sCAAsC;AACtC,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,OAAO,6BAA6B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACnD,CAAC;AAED,sCAAsC;AACtC,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,OAAO,6BAA6B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa,EAAE,UAAkB;IAC9D,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,MAAM,MAAM,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IACxC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC;QAAE,OAAO,KAAK,CAAC;IAChD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/D,OAAO,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC3F,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,IAAY,EACZ,YAAmF;IAEnF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CACb,yFAAyF;YACvF,0DAA0D,CAC7D,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;IAC/D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,WAAW,IAAI,WAAW,sBAAsB,gBAAgB,CAAC,CAAC;IACpF,CAAC;IACD,MAAM,IAAI,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;IAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CACb,WAAW,IAAI,oDAAoD,CACpE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,IAAI,IAAI,GAAkB,IAAI,CAAC;IAC/B,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC9D,CAAC;SAAM,IAAI,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;SAAM,IACL,qCAAqC,CAAC,IAAI,CAAC,KAAK,CAAC;QACjD,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,EACrC,CAAC;QACD,IAAI,GAAG,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,KAAK,GACT,8BAA8B,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3E,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7B,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,iCAAiC,CAAC,GAAY;IAC5D,IAAI,GAAG,IAAI,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACxD,MAAM,CAAC,GAAG,GAA8B,CAAC;IACzC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3D,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,SAAS;QACjD,MAAM,GAAG,GAAG,CAA4B,CAAC;QACzC,IAAI,GAAG,CAAC,IAAI,KAAK,0BAA0B;YAAE,SAAS;QACtD,MAAM,QAAQ,GAAG,GAAG,CAAC,eAAe,CAAC;QACrC,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC;YAC7C,IAAI,IAAI;gBAAE,OAAO,IAAI,CAAC;QACxB,CAAC;IACH,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,CAAC,sBAAsB,EAAE,mBAAmB,CAAC,EAAE,CAAC;QAChE,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;QACjB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACtC,IAAI,IAAI;gBAAE,OAAO,IAAI,CAAC;QACxB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,OAAe,EACf,aAAgC,EAAE;IAElC,MAAM,QAAQ,GAAG,UAAU,CAAC,YAAY,IAAI,qBAAqB,CAAC;IAClE,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC;IACvD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;IACJ,CAAC;IACD,IAAI,SAAS,GAAY,IAAI,CAAC;IAC9B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,OAAO,EAAE,CAAC;QAC5D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,SAAS,GAAG,IAAI,KAAK,CAAC,GAAG,GAAG,YAAY,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;gBACtD,SAAS;YACX,CAAC;YACD,MAAM,GAAG,GAAY,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,iCAAiC,CAAC,GAAG,CAAC,CAAC;YACpD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CACb,kCAAkC,OAAO,iDAAiD,CAC3F,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAAE,MAAM,CAAC,CAAC;YACzE,SAAS,GAAG,CAAC,CAAC;QAChB,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CACb,+CAA+C,OAAO,SAAS,QAAQ,CAAC,MAAM,gBAAgB,MAAM,CAAC,SAAS,CAAC,EAAE,CAClH,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,IAAY,EACZ,UAA6B;IAE7B,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,wFAAwF;YACtF,8EAA8E,CACjF,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;IACxE,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,WAAW,IAAI,WAAW,sBAAsB,eAAe,CAAC,CAAC;IACnF,CAAC;IACD,MAAM,IAAI,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;IAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CACb,WAAW,IAAI,MAAM,sBAAsB,8CAA8C,CAC1F,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/signer.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Unified signer abstraction (Phase 2.5): one adapter shape over EIP-1193
+ * (`personal_sign`) and Solana wallet-adapter (`signMessage`), so integrators hand
+ * {@link OpaqueClient.fromWallet} whatever wallet they have and get a fully wired
+ * client back — setup-signature prompt, key derivation, and per-chain write signers.
+ */
+import type { Address, EIP1193Provider, Hex, WalletClient } from "viem";
+import type { PublicKey, Transaction } from "@solana/web3.js";
+/** An Ethereum wallet in unified shape: EIP-1193 provider or a pre-built viem WalletClient. */
+export interface EvmUnifiedSigner {
+    chain: "ethereum";
+    /** Account that signs the setup message and transactions. */
+    address: Address;
+    /** EIP-1193 provider (`window.ethereum`, a connector bridge, …). */
+    provider?: EIP1193Provider;
+    /** Alternative to `provider`: a viem WalletClient (e.g. wagmi's, or `privateKeyToAccount`). */
+    walletClient?: WalletClient;
+}
+/** A Solana wallet in unified shape (wallet-adapter compatible). */
+export interface SolanaUnifiedSigner {
+    chain: "solana";
+    publicKey: PublicKey | string;
+    /** wallet-adapter `signMessage`; required only when this wallet derives the keys. */
+    signMessage?: (message: Uint8Array) => Promise<Uint8Array>;
+    /** wallet-adapter `signTransaction`; required for Solana writes. */
+    signTransaction?: (transaction: Transaction) => Promise<Transaction>;
+}
+/** One wallet, either chain — the single shape integrators pass around. */
+export type UnifiedSigner = EvmUnifiedSigner | SolanaUnifiedSigner;
+/**
+ * Prompt `signer` for the canonical {@link SETUP_MESSAGE} signature used as HKDF
+ * entropy for the viewing/spending keys. Ethereum signs via `personal_sign`
+ * (WalletClient when given, raw EIP-1193 otherwise); Solana signs the UTF-8 bytes
+ * via wallet-adapter `signMessage`. The signature never goes on-chain.
+ */
+export declare function requestSetupSignature(signer: UnifiedSigner): Promise<Hex>;
+/** Pick the first signer for a chain out of a one-or-many `wallets` argument. */
+export declare function selectSigner<C extends UnifiedSigner["chain"]>(wallets: UnifiedSigner | UnifiedSigner[], chain: C): Extract<UnifiedSigner, {
+    chain: C;
+}> | undefined;
+//# sourceMappingURL=signer.d.ts.map

package/dist/signer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../src/signer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,EAAE,YAAY,EAAE,MAAM,MAAM,CAAC;AAExE,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAG9D,+FAA+F;AAC/F,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,UAAU,CAAC;IAClB,6DAA6D;IAC7D,OAAO,EAAE,OAAO,CAAC;IACjB,oEAAoE;IACpE,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,+FAA+F;IAC/F,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED,oEAAoE;AACpE,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,QAAQ,CAAC;IAChB,SAAS,EAAE,SAAS,GAAG,MAAM,CAAC;IAC9B,qFAAqF;IACrF,WAAW,CAAC,EAAE,CAAC,OAAO,EAAE,UAAU,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3D,oEAAoE;IACpE,eAAe,CAAC,EAAE,CAAC,WAAW,EAAE,WAAW,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;CACtE;AAED,2EAA2E;AAC3E,MAAM,MAAM,aAAa,GAAG,gBAAgB,GAAG,mBAAmB,CAAC;AAEnE;;;;;GAKG;AACH,wBAAsB,qBAAqB,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,CAgC/E;AAED,iFAAiF;AACjF,wBAAgB,YAAY,CAAC,CAAC,SAAS,aAAa,CAAC,OAAO,CAAC,EAC3D,OAAO,EAAE,aAAa,GAAG,aAAa,EAAE,EACxC,KAAK,EAAE,CAAC,GACP,OAAO,CAAC,aAAa,EAAE;IAAE,KAAK,EAAE,CAAC,CAAA;CAAE,CAAC,GAAG,SAAS,CAKlD"}

package/dist/signer.js

@@ -0,0 +1,47 @@
+/**
+ * Unified signer abstraction (Phase 2.5): one adapter shape over EIP-1193
+ * (`personal_sign`) and Solana wallet-adapter (`signMessage`), so integrators hand
+ * {@link OpaqueClient.fromWallet} whatever wallet they have and get a fully wired
+ * client back — setup-signature prompt, key derivation, and per-chain write signers.
+ */
+import { stringToHex } from "viem";
+import { SETUP_MESSAGE } from "./crypto/dksap.js";
+/**
+ * Prompt `signer` for the canonical {@link SETUP_MESSAGE} signature used as HKDF
+ * entropy for the viewing/spending keys. Ethereum signs via `personal_sign`
+ * (WalletClient when given, raw EIP-1193 otherwise); Solana signs the UTF-8 bytes
+ * via wallet-adapter `signMessage`. The signature never goes on-chain.
+ */
+export async function requestSetupSignature(signer) {
+    if (signer.chain === "ethereum") {
+        if (signer.walletClient) {
+            return (await signer.walletClient.signMessage({
+                account: signer.walletClient.account ?? signer.address,
+                message: SETUP_MESSAGE,
+            }));
+        }
+        if (signer.provider) {
+            return (await signer.provider.request({
+                method: "personal_sign",
+                params: [stringToHex(SETUP_MESSAGE), signer.address],
+            }));
+        }
+        throw new Error("Opaque: Ethereum unified signer needs a `provider` (EIP-1193) or `walletClient`.");
+    }
+    if (signer.chain === "solana") {
+        if (!signer.signMessage) {
+            throw new Error("Opaque: Solana unified signer needs `signMessage` to derive keys (or pass a cached walletSignature).");
+        }
+        const sig = await signer.signMessage(new TextEncoder().encode(SETUP_MESSAGE));
+        return (`0x${Array.from(sig)
+            .map((b) => b.toString(16).padStart(2, "0"))
+            .join("")}`);
+    }
+    throw new Error(`Opaque: unsupported unified signer chain "${signer.chain}".`);
+}
+/** Pick the first signer for a chain out of a one-or-many `wallets` argument. */
+export function selectSigner(wallets, chain) {
+    const list = Array.isArray(wallets) ? wallets : [wallets];
+    return list.find((w) => w.chain === chain);
+}
+//# sourceMappingURL=signer.js.map

package/dist/signer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer.js","sourceRoot":"","sources":["../src/signer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AAEnC,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AA0BlD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,MAAqB;IAC/D,IAAI,MAAM,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;QAChC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACxB,OAAO,CAAC,MAAM,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC;gBAC5C,OAAO,EAAE,MAAM,CAAC,YAAY,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO;gBACtD,OAAO,EAAE,aAAa;aACvB,CAAC,CAAQ,CAAC;QACb,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,OAAO,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC;gBACpC,MAAM,EAAE,eAAe;gBACvB,MAAM,EAAE,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC;aACrD,CAAC,CAAQ,CAAC;QACb,CAAC;QACD,MAAM,IAAI,KAAK,CACb,kFAAkF,CACnF,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CACb,sGAAsG,CACvG,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;aACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,EAAE,CAAQ,CAAC;IACxB,CAAC;IACD,MAAM,IAAI,KAAK,CACb,6CAA8C,MAA4B,CAAC,KAAK,IAAI,CACrF,CAAC;AACJ,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,YAAY,CAC1B,OAAwC,EACxC,KAAQ;IAER,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC1D,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,CAE5B,CAAC;AAChB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opaquecash/opaque",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Unified Opaque SDK client: config, indexer announcements, announce payloads, balances, traits",
   "type": "module",
   "main": "./dist/index.js",
@@ -11,7 +11,11 @@
       "import": "./dist/index.js"
     }
   },
-  "files": ["dist", "API.md", "README.md"],
+  "files": [
+    "dist",
+    "API.md",
+    "README.md"
+  ],
   "scripts": {
     "build": "tsc -p tsconfig.json",
     "clean": "rm -rf dist"
@@ -19,14 +23,30 @@
   "dependencies": {
     "@noble/curves": "^1.6.0",
     "@noble/hashes": "^1.5.0",
-    "@opaquecash/psr-chain": "0.1.0",
-    "@opaquecash/psr-core": "0.1.0",
-    "@opaquecash/psr-prover": "0.1.0",
-    "@opaquecash/stealth-balance": "0.1.0",
-    "@opaquecash/stealth-chain": "0.1.0",
-    "@opaquecash/stealth-core": "0.1.0",
-    "@opaquecash/stealth-wasm": "0.1.0",
+    "@opaquecash/adapter": "0.2.0",
+    "@opaquecash/deployments": "0.2.0",
+    "@opaquecash/psr-chain": "0.2.0",
+    "@opaquecash/psr-chain-solana": "0.2.0",
+    "@opaquecash/psr-core": "0.2.0",
+    "@opaquecash/psr-prover": "0.2.0",
+    "@opaquecash/stealth-balance": "0.2.0",
+    "@opaquecash/stealth-chain": "0.2.0",
+    "@opaquecash/stealth-chain-solana": "0.2.0",
+    "@opaquecash/stealth-core": "0.2.0",
+    "@opaquecash/stealth-wasm": "0.2.0",
+    "@opaquecash/uab": "0.2.0",
+    "@solana/web3.js": "^1.98.4",
     "viem": "^2.21.0"
   },
-  "sideEffects": false
+  "sideEffects": false,
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/opaquecash/sdk.git",
+    "directory": "packages/opaque"
+  },
+  "homepage": "https://docs.opaque.cash",
+  "publishConfig": {
+    "access": "public"
+  }
 }