@open-wallet-standard/core 0.4.1 → 0.4.3

package/README.md

@@ -7,9 +7,9 @@ Secure signing and wallet management for every chain. One vault, one interface
 
 ## Why OWS
 
-- **Zero key exposure.** Private keys are encrypted at rest, decrypted only inside an isolated signing process. Agents and LLMs never see raw key material.
+- **Zero key exposure.** Private keys are encrypted at rest, decrypted only after policy checks pass, then immediately wiped from memory. Agents authenticate with scoped API tokens and never see raw key material.
 - **Every chain, one interface.** EVM, Solana, Sui, Bitcoin, Cosmos, Tron, TON — all first-class. CAIP-2/CAIP-10 addressing abstracts away chain-specific details.
-- **Policy before signing.** A pre-signing policy engine gates every operation — spending limits, allowlists, chain restrictions — before any key is touched.
+- **Policy before signing.** A pre-signing policy engine gates agent (API key) operations — chain allowlists, expiry, and optional custom executables — before any key is touched.
 - **Built for agents.** MCP server, native SDK, and CLI. A wallet created by one tool works in every other.
 
 ## Install

package/index.d.ts

@@ -60,5 +60,30 @@ export declare function signTransaction(wallet: string, chain: string, txHex: st
 export declare function signMessage(wallet: string, chain: string, message: string, passphrase?: string | undefined | null, encoding?: string | undefined | null, index?: number | undefined | null, vaultPathOpt?: string | undefined | null): SignResult
 /** Sign EIP-712 typed structured data (EVM only). Returns hex-encoded signature. */
 export declare function signTypedData(wallet: string, chain: string, typedDataJson: string, passphrase?: string | undefined | null, index?: number | undefined | null, vaultPathOpt?: string | undefined | null): SignResult
+/** Register a policy from a JSON string. */
+export declare function createPolicy(policyJson: string, vaultPathOpt?: string | undefined | null): void
+/** List all registered policies. */
+export declare function listPolicies(vaultPathOpt?: string | undefined | null): Array<any>
+/** Get a single policy by ID. */
+export declare function getPolicy(id: string, vaultPathOpt?: string | undefined | null): any
+/** Delete a policy by ID. */
+export declare function deletePolicy(id: string, vaultPathOpt?: string | undefined | null): void
+/** API key creation result. */
+export interface ApiKeyResult {
+  /** The raw token (shown once — caller must save it). */
+  token: string
+  /** The key file ID. */
+  id: string
+  name: string
+}
+/**
+ * Create an API key for agent access to wallets.
+ * Returns the raw token (shown once) and key metadata.
+ */
+export declare function createApiKey(name: string, walletIds: Array<string>, policyIds: Array<string>, passphrase: string, expiresAt?: string | undefined | null, vaultPathOpt?: string | undefined | null): ApiKeyResult
+/** List all API keys (tokens are never returned). */
+export declare function listApiKeys(vaultPathOpt?: string | undefined | null): Array<any>
+/** Revoke (delete) an API key by ID. */
+export declare function revokeApiKey(id: string, vaultPathOpt?: string | undefined | null): void
 /** Sign and broadcast a transaction. Returns the transaction hash. */
 export declare function signAndSend(wallet: string, chain: string, txHex: string, passphrase?: string | undefined | null, index?: number | undefined | null, rpcUrl?: string | undefined | null, vaultPathOpt?: string | undefined | null): SendResult

package/index.js

@@ -310,7 +310,7 @@ if (!nativeBinding) {
   throw new Error(`Failed to load native binding`)
 }
 
-const { generateMnemonic, deriveAddress, createWallet, importWalletMnemonic, importWalletPrivateKey, listWallets, getWallet, deleteWallet, exportWallet, renameWallet, signTransaction, signMessage, signTypedData, signAndSend } = nativeBinding
+const { generateMnemonic, deriveAddress, createWallet, importWalletMnemonic, importWalletPrivateKey, listWallets, getWallet, deleteWallet, exportWallet, renameWallet, signTransaction, signMessage, signTypedData, createPolicy, listPolicies, getPolicy, deletePolicy, createApiKey, listApiKeys, revokeApiKey, signAndSend } = nativeBinding
 
 module.exports.generateMnemonic = generateMnemonic
 module.exports.deriveAddress = deriveAddress
@@ -325,4 +325,11 @@ module.exports.renameWallet = renameWallet
 module.exports.signTransaction = signTransaction
 module.exports.signMessage = signMessage
 module.exports.signTypedData = signTypedData
+module.exports.createPolicy = createPolicy
+module.exports.listPolicies = listPolicies
+module.exports.getPolicy = getPolicy
+module.exports.deletePolicy = deletePolicy
+module.exports.createApiKey = createApiKey
+module.exports.listApiKeys = listApiKeys
+module.exports.revokeApiKey = revokeApiKey
 module.exports.signAndSend = signAndSend

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@open-wallet-standard/core",
-  "version": "0.4.1",
+  "version": "0.4.3",
   "description": "Node.js native bindings for the Open Wallet Standard",
   "main": "index.js",
   "types": "index.d.ts",
@@ -31,10 +31,10 @@
     "@napi-rs/cli": "^2.18.0"
   },
   "optionalDependencies": {
-    "@open-wallet-standard/core-linux-x64-gnu": "0.4.1",
-    "@open-wallet-standard/core-linux-arm64-gnu": "0.4.1",
-    "@open-wallet-standard/core-darwin-x64": "0.4.1",
-    "@open-wallet-standard/core-darwin-arm64": "0.4.1"
+    "@open-wallet-standard/core-linux-x64-gnu": "0.4.3",
+    "@open-wallet-standard/core-linux-arm64-gnu": "0.4.3",
+    "@open-wallet-standard/core-darwin-x64": "0.4.3",
+    "@open-wallet-standard/core-darwin-arm64": "0.4.3"
   },
   "license": "MIT",
   "files": [