npm - @parity/product-sdk-terminal - Versions diffs - 0.1.0 - Mend

@parity/product-sdk-terminal 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/LICENSE +201 -0
package/README.md +261 -0
package/dist/chunk-5MCLSFKQ.js +210 -0
package/dist/chunk-5MCLSFKQ.js.map +1 -0
package/dist/index.d.ts +151 -0
package/dist/index.js +327 -0
package/dist/index.js.map +1 -0
package/dist/loader.mjs +76 -0
package/dist/register.d.ts +2 -0
package/dist/register.js +9 -0
package/dist/register.js.map +1 -0
package/dist/testing.d.ts +92 -0
package/dist/testing.js +294 -0
package/dist/testing.js.map +1 -0
package/package.json +64 -0
package/scripts/patch-wasm.sh +27 -0

package/dist/register.js ADDED Viewed

@@ -0,0 +1,9 @@
+// src/register.ts
+import { register } from "module";
+import { pathToFileURL } from "url";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+var __dirname = dirname(fileURLToPath(import.meta.url));
+var loaderPath = join(__dirname, "loader.mjs");
+register(pathToFileURL(loaderPath).href, { parentURL: import.meta.url });
+//# sourceMappingURL=register.js.map

package/dist/register.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/register.ts"],"sourcesContent":["/**\n * Register the verifiablejs Node.js loader hook.\n *\n * Must be loaded BEFORE the application entry point so the loader\n * intercepts `verifiablejs/bundler` imports from the host-papp SDK.\n *\n * @example\n * ```bash\n * node --import @parity/product-sdk-terminal/register app.js\n * tsx --import @parity/product-sdk-terminal/register app.ts\n * ```\n */\nimport { register } from \"node:module\";\nimport { pathToFileURL } from \"node:url\";\nimport { dirname, join } from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\n\nconst __dirname = dirname(fileURLToPath(import.meta.url));\nconst loaderPath = join(__dirname, \"loader.mjs\");\n\nregister(pathToFileURL(loaderPath).href, { parentURL: import.meta.url });\n"],"mappings":";AAYA,SAAS,gBAAgB;AACzB,SAAS,qBAAqB;AAC9B,SAAS,SAAS,YAAY;AAC9B,SAAS,qBAAqB;AAE9B,IAAM,YAAY,QAAQ,cAAc,YAAY,GAAG,CAAC;AACxD,IAAM,aAAa,KAAK,WAAW,YAAY;AAE/C,SAAS,cAAc,UAAU,EAAE,MAAM,EAAE,WAAW,YAAY,IAAI,CAAC;","names":[]}

package/dist/testing.d.ts ADDED Viewed

@@ -0,0 +1,92 @@
+interface CreateTestSessionOptions {
+    /** Unique app identifier. Must match the one passed to `createTerminalAdapter`. */
+    appId: string;
+    /**
+     * Directory where session files are written. Must match the one the
+     * CLI reads from — pass the same value to `createTerminalAdapter`'s
+     * `storageDir` option.
+     */
+    storageDir: string;
+    /** BIP39 mnemonic for the local (host-side) account. Default: freshly generated. */
+    localMnemonic?: string;
+    /** Derivation path for the local account. Default: `"//wallet//sso"` (matches production). */
+    localDerivation?: string;
+    /** BIP39 mnemonic for the remote (phone) account. Default: freshly generated. */
+    remoteMnemonic?: string;
+    /** Derivation path for the remote account. Default: `""`. */
+    remoteDerivation?: string;
+    /** Stable session id. Default: random nanoid(12). */
+    sessionId?: string;
+    /**
+     * Whether to write the encrypted `UserSecrets_<id>` file. Default: `true`.
+     * Set to `false` to exercise recovery paths where a session exists on disk
+     * but its secrets are missing.
+     */
+    includeSecrets?: boolean;
+}
+interface TestSession {
+    sessionId: string;
+    /** Sr25519 public key of the local (host) account, 32 bytes. */
+    localAccountId: Uint8Array;
+    /** Sr25519 public key of the remote (phone) account, 32 bytes. */
+    remoteAccountId: Uint8Array;
+    localMnemonic: string;
+    localDerivation: string;
+    remoteMnemonic: string;
+    remoteDerivation: string;
+}
+/**
+ * Write a valid persisted session to `storageDir`, as if the user had
+ * completed QR pairing + attestation. A `TerminalAdapter` created with the
+ * same `appId` + `storageDir` will emit the synthesized session from
+ * `adapter.sessions.sessions`.
+ *
+ * @remarks
+ * **Dev utility — not a stable contract.** This helper hand-rolls SCALE codecs
+ * that mirror an internal on-disk format used by `@novasamatech/host-papp`'s
+ * session repositories. The format is not part of host-papp's documented public
+ * API and may change on minor version bumps. The `testing.interop.test.ts`
+ * round-trip test fails loudly when the format drifts. Use this only in test code.
+ *
+ * ## Limits
+ *
+ * - **Signing does not round-trip.** Sending a request via `session.signRaw`
+ *   still goes out over the statement store and expects a real phone to
+ *   respond. Use this helper for flows that test session discovery,
+ *   persistence, and logout — not end-to-end signing.
+ * - **Signing attempts surface `NoAllowanceError`.** The synthesized local
+ *   account was never registered on the People chain, so the first write
+ *   to the statement store fails with `NoAllowanceError`. That's the same
+ *   error path the CLI sees when a previously valid session's on-chain
+ *   attestation has expired, so tests that assert "CLI handles an expired
+ *   session" *can* be written against a synthesized session even though
+ *   there's no `expiresAt` knob to turn.
+ * - **No `expiresAt`.** The on-disk codec has no expiry field; validity is
+ *   tracked via on-chain attestation state. See above for how expiry-path
+ *   tests still work in practice.
+ * - **Corrupted-session cases** don't need a helper — write garbage to
+ *   `<storageDir>/<appId>_SsoSessions.json` with `fs.writeFile` directly.
+ * - **Repeated calls replace the session list.** Each call writes a fresh
+ *   single-entry `SsoSessions` file, so calling twice on the same
+ *   `storageDir`+`appId` leaves only the second session on disk. Use a
+ *   fresh `mkdtempSync` per test to keep cases isolated.
+ *
+ * @example
+ * ```ts
+ * import { mkdtempSync } from "node:fs";
+ * import { tmpdir } from "node:os";
+ * import { join } from "node:path";
+ * import { createTestSession } from "@parity/product-sdk-terminal/testing";
+ * import { createTerminalAdapter, waitForSessions } from "@parity/product-sdk-terminal";
+ *
+ * const storageDir = mkdtempSync(join(tmpdir(), "e2e-"));
+ * const { sessionId } = await createTestSession({ appId: "dot-cli", storageDir });
+ *
+ * const adapter = createTerminalAdapter({ appId: "dot-cli", metadataUrl: "…", storageDir });
+ * const sessions = await waitForSessions(adapter);
+ * // sessions[0].id === sessionId
+ * ```
+ */
+declare function createTestSession(options: CreateTestSessionOptions): Promise<TestSession>;
+export { type CreateTestSessionOptions, type TestSession, createTestSession };

package/dist/testing.js ADDED Viewed

@@ -0,0 +1,294 @@
+import {
+  sanitizeKey
+} from "./chunk-5MCLSFKQ.js";
+// src/testing.ts
+import { gcm } from "@noble/ciphers/aes.js";
+import { p256 } from "@noble/curves/nist.js";
+import { blake2b } from "@noble/hashes/blake2.js";
+import {
+  LocalSessionAccountCodec,
+  RemoteSessionAccountCodec,
+  createAccountId,
+  createLocalSessionAccount,
+  createRemoteSessionAccount,
+  createSr25519Secret,
+  deriveSr25519PublicKey
+} from "@novasamatech/statement-store";
+import { toHex } from "@polkadot-api/utils";
+import {
+  entropyToMiniSecret,
+  generateMnemonic,
+  mnemonicToEntropy
+} from "@polkadot-labs/hdkd-helpers";
+import { mkdir, writeFile } from "fs/promises";
+import { join } from "path";
+import { nanoid } from "nanoid";
+import { Bytes, Struct, Vector, str } from "scale-ts";
+var storedUserSessionCodec = Struct({
+  id: str,
+  localAccount: LocalSessionAccountCodec,
+  remoteAccount: RemoteSessionAccountCodec
+});
+var sessionsCodec = Vector(storedUserSessionCodec);
+var storedUserSecretsCodec = Struct({
+  ssSecret: Bytes(),
+  encrSecret: Bytes(),
+  entropy: Bytes()
+});
+function encryptSecrets(appId, plaintext) {
+  const key = blake2b(new TextEncoder().encode(appId), { dkLen: 16 });
+  const nonce = blake2b(new TextEncoder().encode("nonce"), { dkLen: 32 });
+  return toHex(gcm(key, nonce).encrypt(plaintext));
+}
+function p256SecretFromEntropy(entropy) {
+  const seed = new Uint8Array(48);
+  seed.set(entropyToMiniSecret(entropy));
+  return p256.keygen(seed).secretKey;
+}
+async function createTestSession(options) {
+  await mkdir(options.storageDir, { recursive: true });
+  const localMnemonic = options.localMnemonic ?? generateMnemonic();
+  const localDerivation = options.localDerivation ?? "//wallet//sso";
+  const localEntropy = mnemonicToEntropy(localMnemonic);
+  const localSecret = createSr25519Secret(localEntropy, localDerivation);
+  const localPublicKey = deriveSr25519PublicKey(localSecret);
+  const localEncrSecret = p256SecretFromEntropy(localEntropy);
+  const remoteMnemonic = options.remoteMnemonic ?? generateMnemonic();
+  const remoteDerivation = options.remoteDerivation ?? "";
+  const remoteEntropy = mnemonicToEntropy(remoteMnemonic);
+  const remoteSecret = createSr25519Secret(remoteEntropy, remoteDerivation);
+  const remotePublicKey = deriveSr25519PublicKey(remoteSecret);
+  const remoteEncrPublicKey = p256.getPublicKey(p256SecretFromEntropy(remoteEntropy), false);
+  const sharedSecret = p256.getSharedSecret(localEncrSecret, remoteEncrPublicKey).slice(1, 33);
+  const sessionId = options.sessionId ?? nanoid(12);
+  const session = {
+    id: sessionId,
+    localAccount: createLocalSessionAccount(createAccountId(localPublicKey), void 0),
+    remoteAccount: createRemoteSessionAccount(
+      createAccountId(remotePublicKey),
+      sharedSecret,
+      void 0
+    )
+  };
+  await writeFile(
+    join(options.storageDir, `${sanitizeKey(options.appId, "SsoSessions")}.json`),
+    toHex(sessionsCodec.enc([session])),
+    "utf-8"
+  );
+  const includeSecrets = options.includeSecrets ?? true;
+  if (includeSecrets) {
+    const encoded = storedUserSecretsCodec.enc({
+      ssSecret: localSecret,
+      encrSecret: localEncrSecret,
+      entropy: localEntropy
+    });
+    await writeFile(
+      join(
+        options.storageDir,
+        `${sanitizeKey(options.appId, `UserSecrets_${sessionId}`)}.json`
+      ),
+      encryptSecrets(options.appId, encoded),
+      "utf-8"
+    );
+  }
+  return {
+    sessionId,
+    localAccountId: localPublicKey,
+    remoteAccountId: remotePublicKey,
+    localMnemonic,
+    localDerivation,
+    remoteMnemonic,
+    remoteDerivation
+  };
+}
+if (void 0) {
+  const { describe, test, expect, beforeEach, afterAll } = void 0;
+  const { mkdtemp, readFile, rm } = await null;
+  const { tmpdir } = await null;
+  const { fromHex } = await null;
+  const LOCAL_MNEMONIC = "bottom drive obey lake curtain smoke basket hold race lonely fit walk";
+  const REMOTE_MNEMONIC = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about";
+  let storageDir;
+  beforeEach(async () => {
+    storageDir = await mkdtemp(join(tmpdir(), "terminal-testing-"));
+  });
+  afterAll(async () => {
+    try {
+      await rm(storageDir, { recursive: true });
+    } catch {
+    }
+  });
+  describe("createTestSession", () => {
+    test("writes both SsoSessions and UserSecrets files by default", async () => {
+      const result = await createTestSession({
+        appId: "my-app",
+        storageDir,
+        localMnemonic: LOCAL_MNEMONIC,
+        remoteMnemonic: REMOTE_MNEMONIC
+      });
+      const sessions = await readFile(join(storageDir, "my-app_SsoSessions.json"), "utf-8");
+      expect(sessions).toMatch(/^0x[0-9a-f]+$/);
+      const secrets = await readFile(
+        join(storageDir, `my-app_UserSecrets_${result.sessionId}.json`),
+        "utf-8"
+      );
+      expect(secrets).toMatch(/^0x[0-9a-f]+$/);
+    });
+    test("omits UserSecrets file when includeSecrets is false", async () => {
+      const result = await createTestSession({
+        appId: "my-app",
+        storageDir,
+        localMnemonic: LOCAL_MNEMONIC,
+        remoteMnemonic: REMOTE_MNEMONIC,
+        includeSecrets: false
+      });
+      await expect(
+        readFile(join(storageDir, "my-app_SsoSessions.json"), "utf-8")
+      ).resolves.toMatch(/^0x/);
+      await expect(
+        readFile(join(storageDir, `my-app_UserSecrets_${result.sessionId}.json`), "utf-8")
+      ).rejects.toThrow(/ENOENT/);
+    });
+    test("SsoSessions file decodes with the host-papp session codec shape", async () => {
+      const result = await createTestSession({
+        appId: "my-app",
+        storageDir,
+        localMnemonic: LOCAL_MNEMONIC,
+        remoteMnemonic: REMOTE_MNEMONIC,
+        sessionId: "stable-test-id"
+      });
+      const hex = await readFile(join(storageDir, "my-app_SsoSessions.json"), "utf-8");
+      const decoded = sessionsCodec.dec(fromHex(hex));
+      expect(decoded).toHaveLength(1);
+      expect(decoded[0].id).toBe("stable-test-id");
+      expect(decoded[0].localAccount.accountId).toEqual(result.localAccountId);
+      expect(decoded[0].localAccount.pin).toBeUndefined();
+      expect(decoded[0].remoteAccount.accountId).toEqual(result.remoteAccountId);
+      expect(decoded[0].remoteAccount.publicKey).toHaveLength(32);
+      expect(decoded[0].remoteAccount.pin).toBeUndefined();
+    });
+    test("localAccountId matches the Sr25519 public key derived from the mnemonic", async () => {
+      const result = await createTestSession({
+        appId: "my-app",
+        storageDir,
+        localMnemonic: LOCAL_MNEMONIC,
+        remoteMnemonic: REMOTE_MNEMONIC
+      });
+      const expected = deriveSr25519PublicKey(
+        createSr25519Secret(mnemonicToEntropy(LOCAL_MNEMONIC), "//wallet//sso")
+      );
+      expect(result.localAccountId).toEqual(expected);
+      expect(result.localAccountId).toHaveLength(32);
+    });
+    test("UserSecrets file decrypts and decodes with the host-papp secret codec shape", async () => {
+      const appId = "my-app";
+      const result = await createTestSession({
+        appId,
+        storageDir,
+        localMnemonic: LOCAL_MNEMONIC,
+        remoteMnemonic: REMOTE_MNEMONIC
+      });
+      const hex = await readFile(
+        join(storageDir, `${appId}_UserSecrets_${result.sessionId}.json`),
+        "utf-8"
+      );
+      const key = blake2b(new TextEncoder().encode(appId), { dkLen: 16 });
+      const nonce = blake2b(new TextEncoder().encode("nonce"), { dkLen: 32 });
+      const decrypted = gcm(key, nonce).decrypt(fromHex(hex));
+      const decoded = storedUserSecretsCodec.dec(decrypted);
+      expect(decoded.entropy).toEqual(mnemonicToEntropy(LOCAL_MNEMONIC));
+      expect(decoded.ssSecret).toHaveLength(64);
+      expect(decoded.encrSecret).toHaveLength(32);
+    });
+    test("different appIds produce files under different prefixes", async () => {
+      await createTestSession({ appId: "app-a", storageDir, sessionId: "id" });
+      await createTestSession({ appId: "app-b", storageDir, sessionId: "id" });
+      await expect(
+        readFile(join(storageDir, "app-a_SsoSessions.json"), "utf-8")
+      ).resolves.toMatch(/^0x/);
+      await expect(
+        readFile(join(storageDir, "app-b_SsoSessions.json"), "utf-8")
+      ).resolves.toMatch(/^0x/);
+    });
+    test("sanitizes appIds with special characters", async () => {
+      await createTestSession({
+        appId: "app/with spaces",
+        storageDir,
+        sessionId: "id"
+      });
+      await expect(
+        readFile(join(storageDir, "app_with_spaces_SsoSessions.json"), "utf-8")
+      ).resolves.toMatch(/^0x/);
+    });
+    test("creates storageDir when it does not yet exist", async () => {
+      const nested = join(storageDir, "does", "not", "exist");
+      await createTestSession({ appId: "my-app", storageDir: nested });
+      await expect(
+        readFile(join(nested, "my-app_SsoSessions.json"), "utf-8")
+      ).resolves.toMatch(/^0x/);
+    });
+    test("generates fresh mnemonics when none are supplied", async () => {
+      const a = await createTestSession({ appId: "a", storageDir });
+      const b = await createTestSession({ appId: "b", storageDir });
+      expect(a.localMnemonic).not.toBe(b.localMnemonic);
+      expect(a.remoteMnemonic).not.toBe(b.remoteMnemonic);
+      expect(a.sessionId).not.toBe(b.sessionId);
+    });
+    test("respects an explicit sessionId", async () => {
+      const result = await createTestSession({
+        appId: "my-app",
+        storageDir,
+        sessionId: "pinned-id"
+      });
+      expect(result.sessionId).toBe("pinned-id");
+      await expect(
+        readFile(join(storageDir, "my-app_UserSecrets_pinned-id.json"), "utf-8")
+      ).resolves.toMatch(/^0x/);
+    });
+    test("respects a custom localDerivation", async () => {
+      const result = await createTestSession({
+        appId: "my-app",
+        storageDir,
+        localMnemonic: LOCAL_MNEMONIC,
+        remoteMnemonic: REMOTE_MNEMONIC,
+        localDerivation: "//custom//path"
+      });
+      expect(result.localDerivation).toBe("//custom//path");
+      const expected = deriveSr25519PublicKey(
+        createSr25519Secret(mnemonicToEntropy(LOCAL_MNEMONIC), "//custom//path")
+      );
+      expect(result.localAccountId).toEqual(expected);
+    });
+    test("repeated calls replace the session list", async () => {
+      const first = await createTestSession({
+        appId: "my-app",
+        storageDir,
+        sessionId: "first"
+      });
+      const second = await createTestSession({
+        appId: "my-app",
+        storageDir,
+        sessionId: "second"
+      });
+      const hex = await readFile(join(storageDir, "my-app_SsoSessions.json"), "utf-8");
+      const decoded = sessionsCodec.dec(fromHex(hex));
+      expect(decoded).toHaveLength(1);
+      expect(decoded[0].id).toBe("second");
+      await expect(
+        readFile(join(storageDir, `my-app_UserSecrets_${first.sessionId}.json`), "utf-8")
+      ).resolves.toMatch(/^0x/);
+      await expect(
+        readFile(join(storageDir, `my-app_UserSecrets_${second.sessionId}.json`), "utf-8")
+      ).resolves.toMatch(/^0x/);
+    });
+    test("AccountIdCodec is Bytes(32) \u2014 keep this invariant if upstream changes", () => {
+      const encoded = AccountIdCodec.enc(createAccountId(new Uint8Array(32).fill(7)));
+      expect(encoded).toHaveLength(32);
+    });
+  });
+}
+export {
+  createTestSession
+};
+//# sourceMappingURL=testing.js.map

package/dist/testing.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/testing.ts"],"sourcesContent":["/**\n * Test helpers for synthesizing persisted sessions.\n *\n * Production sessions are persisted to the storage directory by\n * `createNodeStorageAdapter` in the SCALE-encoded / AES-GCM-encrypted\n * format defined by `@novasamatech/host-papp`'s internal repositories.\n * There is no public API on the adapter to write a session without going\n * through the QR pairing + on-chain attestation flow, which makes E2E\n * testing of session-dependent CLI flows impossible without a real phone.\n *\n * This module mirrors that format using only public primitives, so E2E\n * tests can inject a known-good session file. The `testing.test.ts`\n * integration test reads the synthesized files back through the real\n * `ssoSessionRepository` + `userSecretRepository` from `@novasamatech/host-papp`\n * and fails if the upstream format ever drifts from our reproduction.\n */\nimport { gcm } from \"@noble/ciphers/aes.js\";\nimport { p256 } from \"@noble/curves/nist.js\";\nimport { blake2b } from \"@noble/hashes/blake2.js\";\nimport {\n AccountIdCodec,\n LocalSessionAccountCodec,\n RemoteSessionAccountCodec,\n createAccountId,\n createLocalSessionAccount,\n createRemoteSessionAccount,\n createSr25519Secret,\n deriveSr25519PublicKey,\n} from \"@novasamatech/statement-store\";\nimport { toHex } from \"@polkadot-api/utils\";\nimport {\n entropyToMiniSecret,\n generateMnemonic,\n mnemonicToEntropy,\n} from \"@polkadot-labs/hdkd-helpers\";\nimport { mkdir, writeFile } from \"node:fs/promises\";\nimport { join } from \"node:path\";\nimport { nanoid } from \"nanoid\";\nimport { Bytes, Struct, Vector, str } from \"scale-ts\";\n\nimport { sanitizeKey } from \"./node-storage.js\";\n\n// Mirrors the internal codec in @novasamatech/host-papp's userSessionRepository.\nconst storedUserSessionCodec = Struct({\n id: str,\n localAccount: LocalSessionAccountCodec,\n remoteAccount: RemoteSessionAccountCodec,\n});\nconst sessionsCodec = Vector(storedUserSessionCodec);\n\n// Mirrors the internal StoredUserSecretsCodec in host-papp's userSecretRepository.\nconst storedUserSecretsCodec = Struct({\n ssSecret: Bytes(),\n encrSecret: Bytes(),\n entropy: Bytes(),\n});\n\n// Mirrors host-papp's userSecretRepository AES-GCM wrapper: the encryption\n// key is blake2b(appId, 16) and the nonce is blake2b(\"nonce\", 32). The appId\n// doubles as the salt, so sessions written by this helper are only readable\n// by a TerminalAdapter configured with the same appId.\nfunction encryptSecrets(appId: string, plaintext: Uint8Array): string {\n const key = blake2b(new TextEncoder().encode(appId), { dkLen: 16 });\n const nonce = blake2b(new TextEncoder().encode(\"nonce\"), { dkLen: 32 });\n return toHex(gcm(key, nonce).encrypt(plaintext));\n}\n\n/** Mirrors host-papp's createEncrSecret: pad the mini-secret to 48 bytes and feed it to P256 keygen. */\nfunction p256SecretFromEntropy(entropy: Uint8Array): Uint8Array {\n const seed = new Uint8Array(48);\n seed.set(entropyToMiniSecret(entropy));\n return p256.keygen(seed).secretKey;\n}\n\nexport interface CreateTestSessionOptions {\n /** Unique app identifier. Must match the one passed to `createTerminalAdapter`. */\n appId: string;\n /**\n * Directory where session files are written. Must match the one the\n * CLI reads from — pass the same value to `createTerminalAdapter`'s\n * `storageDir` option.\n */\n storageDir: string;\n /** BIP39 mnemonic for the local (host-side) account. Default: freshly generated. */\n localMnemonic?: string;\n /** Derivation path for the local account. Default: `\"//wallet//sso\"` (matches production). */\n localDerivation?: string;\n /** BIP39 mnemonic for the remote (phone) account. Default: freshly generated. */\n remoteMnemonic?: string;\n /** Derivation path for the remote account. Default: `\"\"`. */\n remoteDerivation?: string;\n /** Stable session id. Default: random nanoid(12). */\n sessionId?: string;\n /**\n * Whether to write the encrypted `UserSecrets_<id>` file. Default: `true`.\n * Set to `false` to exercise recovery paths where a session exists on disk\n * but its secrets are missing.\n */\n includeSecrets?: boolean;\n}\n\nexport interface TestSession {\n sessionId: string;\n /** Sr25519 public key of the local (host) account, 32 bytes. */\n localAccountId: Uint8Array;\n /** Sr25519 public key of the remote (phone) account, 32 bytes. */\n remoteAccountId: Uint8Array;\n localMnemonic: string;\n localDerivation: string;\n remoteMnemonic: string;\n remoteDerivation: string;\n}\n\n/**\n * Write a valid persisted session to `storageDir`, as if the user had\n * completed QR pairing + attestation. A `TerminalAdapter` created with the\n * same `appId` + `storageDir` will emit the synthesized session from\n * `adapter.sessions.sessions`.\n *\n * @remarks\n * **Dev utility — not a stable contract.** This helper hand-rolls SCALE codecs\n * that mirror an internal on-disk format used by `@novasamatech/host-papp`'s\n * session repositories. The format is not part of host-papp's documented public\n * API and may change on minor version bumps. The `testing.interop.test.ts`\n * round-trip test fails loudly when the format drifts. Use this only in test code.\n *\n * ## Limits\n *\n * - **Signing does not round-trip.** Sending a request via `session.signRaw`\n * still goes out over the statement store and expects a real phone to\n * respond. Use this helper for flows that test session discovery,\n * persistence, and logout — not end-to-end signing.\n * - **Signing attempts surface `NoAllowanceError`.** The synthesized local\n * account was never registered on the People chain, so the first write\n * to the statement store fails with `NoAllowanceError`. That's the same\n * error path the CLI sees when a previously valid session's on-chain\n * attestation has expired, so tests that assert \"CLI handles an expired\n * session\" *can* be written against a synthesized session even though\n * there's no `expiresAt` knob to turn.\n * - **No `expiresAt`.** The on-disk codec has no expiry field; validity is\n * tracked via on-chain attestation state. See above for how expiry-path\n * tests still work in practice.\n * - **Corrupted-session cases** don't need a helper — write garbage to\n * `<storageDir>/<appId>_SsoSessions.json` with `fs.writeFile` directly.\n * - **Repeated calls replace the session list.** Each call writes a fresh\n * single-entry `SsoSessions` file, so calling twice on the same\n * `storageDir`+`appId` leaves only the second session on disk. Use a\n * fresh `mkdtempSync` per test to keep cases isolated.\n *\n * @example\n * ```ts\n * import { mkdtempSync } from \"node:fs\";\n * import { tmpdir } from \"node:os\";\n * import { join } from \"node:path\";\n * import { createTestSession } from \"@parity/product-sdk-terminal/testing\";\n * import { createTerminalAdapter, waitForSessions } from \"@parity/product-sdk-terminal\";\n *\n * const storageDir = mkdtempSync(join(tmpdir(), \"e2e-\"));\n * const { sessionId } = await createTestSession({ appId: \"dot-cli\", storageDir });\n *\n * const adapter = createTerminalAdapter({ appId: \"dot-cli\", metadataUrl: \"…\", storageDir });\n * const sessions = await waitForSessions(adapter);\n * // sessions[0].id === sessionId\n * ```\n */\nexport async function createTestSession(options: CreateTestSessionOptions): Promise<TestSession> {\n await mkdir(options.storageDir, { recursive: true });\n\n const localMnemonic = options.localMnemonic ?? generateMnemonic();\n const localDerivation = options.localDerivation ?? \"//wallet//sso\";\n const localEntropy = mnemonicToEntropy(localMnemonic);\n const localSecret = createSr25519Secret(localEntropy, localDerivation);\n const localPublicKey = deriveSr25519PublicKey(localSecret);\n const localEncrSecret = p256SecretFromEntropy(localEntropy);\n\n const remoteMnemonic = options.remoteMnemonic ?? generateMnemonic();\n const remoteDerivation = options.remoteDerivation ?? \"\";\n const remoteEntropy = mnemonicToEntropy(remoteMnemonic);\n const remoteSecret = createSr25519Secret(remoteEntropy, remoteDerivation);\n const remotePublicKey = deriveSr25519PublicKey(remoteSecret);\n const remoteEncrPublicKey = p256.getPublicKey(p256SecretFromEntropy(remoteEntropy), false);\n\n // In production, `remoteAccount.publicKey` is the ECDH shared secret\n // between the host's P256 encryption key and the phone's P256 encryption\n // key. We compute the same thing from two mnemonic-derived P256 keys so\n // the synthesized session is cryptographically well-formed.\n const sharedSecret = p256.getSharedSecret(localEncrSecret, remoteEncrPublicKey).slice(1, 33);\n\n const sessionId = options.sessionId ?? nanoid(12);\n\n const session = {\n id: sessionId,\n localAccount: createLocalSessionAccount(createAccountId(localPublicKey), undefined),\n remoteAccount: createRemoteSessionAccount(\n createAccountId(remotePublicKey),\n sharedSecret,\n undefined,\n ),\n };\n\n await writeFile(\n join(options.storageDir, `${sanitizeKey(options.appId, \"SsoSessions\")}.json`),\n toHex(sessionsCodec.enc([session])),\n \"utf-8\",\n );\n\n const includeSecrets = options.includeSecrets ?? true;\n if (includeSecrets) {\n const encoded = storedUserSecretsCodec.enc({\n ssSecret: localSecret,\n encrSecret: localEncrSecret,\n entropy: localEntropy,\n });\n await writeFile(\n join(\n options.storageDir,\n `${sanitizeKey(options.appId, `UserSecrets_${sessionId}`)}.json`,\n ),\n encryptSecrets(options.appId, encoded),\n \"utf-8\",\n );\n }\n\n return {\n sessionId,\n localAccountId: localPublicKey,\n remoteAccountId: remotePublicKey,\n localMnemonic,\n localDerivation,\n remoteMnemonic,\n remoteDerivation,\n };\n}\n\nif (import.meta.vitest) {\n const { describe, test, expect, beforeEach, afterAll } = import.meta.vitest;\n const { mkdtemp, readFile, rm } = await import(\"node:fs/promises\");\n const { tmpdir } = await import(\"node:os\");\n const { fromHex } = await import(\"@polkadot-api/utils\");\n\n // Stable dev mnemonics — deterministic inputs keep the tests hermetic.\n // The first is the well-known Substrate dev root (the source of `//Alice`\n // et al.); the second is the BIP39 all-abandon test vector.\n const LOCAL_MNEMONIC = \"bottom drive obey lake curtain smoke basket hold race lonely fit walk\";\n const REMOTE_MNEMONIC =\n \"abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about\";\n\n let storageDir: string;\n\n beforeEach(async () => {\n storageDir = await mkdtemp(join(tmpdir(), \"terminal-testing-\"));\n });\n\n afterAll(async () => {\n try {\n await rm(storageDir, { recursive: true });\n } catch {\n /* ignore */\n }\n });\n\n describe(\"createTestSession\", () => {\n test(\"writes both SsoSessions and UserSecrets files by default\", async () => {\n const result = await createTestSession({\n appId: \"my-app\",\n storageDir,\n localMnemonic: LOCAL_MNEMONIC,\n remoteMnemonic: REMOTE_MNEMONIC,\n });\n\n const sessions = await readFile(join(storageDir, \"my-app_SsoSessions.json\"), \"utf-8\");\n expect(sessions).toMatch(/^0x[0-9a-f]+$/);\n\n const secrets = await readFile(\n join(storageDir, `my-app_UserSecrets_${result.sessionId}.json`),\n \"utf-8\",\n );\n expect(secrets).toMatch(/^0x[0-9a-f]+$/);\n });\n\n test(\"omits UserSecrets file when includeSecrets is false\", async () => {\n const result = await createTestSession({\n appId: \"my-app\",\n storageDir,\n localMnemonic: LOCAL_MNEMONIC,\n remoteMnemonic: REMOTE_MNEMONIC,\n includeSecrets: false,\n });\n\n await expect(\n readFile(join(storageDir, \"my-app_SsoSessions.json\"), \"utf-8\"),\n ).resolves.toMatch(/^0x/);\n\n await expect(\n readFile(join(storageDir, `my-app_UserSecrets_${result.sessionId}.json`), \"utf-8\"),\n ).rejects.toThrow(/ENOENT/);\n });\n\n test(\"SsoSessions file decodes with the host-papp session codec shape\", async () => {\n const result = await createTestSession({\n appId: \"my-app\",\n storageDir,\n localMnemonic: LOCAL_MNEMONIC,\n remoteMnemonic: REMOTE_MNEMONIC,\n sessionId: \"stable-test-id\",\n });\n\n const hex = await readFile(join(storageDir, \"my-app_SsoSessions.json\"), \"utf-8\");\n const decoded = sessionsCodec.dec(fromHex(hex));\n\n expect(decoded).toHaveLength(1);\n expect(decoded[0].id).toBe(\"stable-test-id\");\n expect(decoded[0].localAccount.accountId).toEqual(result.localAccountId);\n expect(decoded[0].localAccount.pin).toBeUndefined();\n expect(decoded[0].remoteAccount.accountId).toEqual(result.remoteAccountId);\n expect(decoded[0].remoteAccount.publicKey).toHaveLength(32);\n expect(decoded[0].remoteAccount.pin).toBeUndefined();\n });\n\n test(\"localAccountId matches the Sr25519 public key derived from the mnemonic\", async () => {\n const result = await createTestSession({\n appId: \"my-app\",\n storageDir,\n localMnemonic: LOCAL_MNEMONIC,\n remoteMnemonic: REMOTE_MNEMONIC,\n });\n\n const expected = deriveSr25519PublicKey(\n createSr25519Secret(mnemonicToEntropy(LOCAL_MNEMONIC), \"//wallet//sso\"),\n );\n expect(result.localAccountId).toEqual(expected);\n expect(result.localAccountId).toHaveLength(32);\n });\n\n test(\"UserSecrets file decrypts and decodes with the host-papp secret codec shape\", async () => {\n const appId = \"my-app\";\n const result = await createTestSession({\n appId,\n storageDir,\n localMnemonic: LOCAL_MNEMONIC,\n remoteMnemonic: REMOTE_MNEMONIC,\n });\n\n const hex = await readFile(\n join(storageDir, `${appId}_UserSecrets_${result.sessionId}.json`),\n \"utf-8\",\n );\n const key = blake2b(new TextEncoder().encode(appId), { dkLen: 16 });\n const nonce = blake2b(new TextEncoder().encode(\"nonce\"), { dkLen: 32 });\n const decrypted = gcm(key, nonce).decrypt(fromHex(hex));\n const decoded = storedUserSecretsCodec.dec(decrypted);\n\n expect(decoded.entropy).toEqual(mnemonicToEntropy(LOCAL_MNEMONIC));\n // Sr25519 secret is 64 bytes (32-byte secret + 32-byte nonce).\n expect(decoded.ssSecret).toHaveLength(64);\n // P256 secret is 32 bytes.\n expect(decoded.encrSecret).toHaveLength(32);\n });\n\n test(\"different appIds produce files under different prefixes\", async () => {\n await createTestSession({ appId: \"app-a\", storageDir, sessionId: \"id\" });\n await createTestSession({ appId: \"app-b\", storageDir, sessionId: \"id\" });\n\n await expect(\n readFile(join(storageDir, \"app-a_SsoSessions.json\"), \"utf-8\"),\n ).resolves.toMatch(/^0x/);\n await expect(\n readFile(join(storageDir, \"app-b_SsoSessions.json\"), \"utf-8\"),\n ).resolves.toMatch(/^0x/);\n });\n\n test(\"sanitizes appIds with special characters\", async () => {\n await createTestSession({\n appId: \"app/with spaces\",\n storageDir,\n sessionId: \"id\",\n });\n await expect(\n readFile(join(storageDir, \"app_with_spaces_SsoSessions.json\"), \"utf-8\"),\n ).resolves.toMatch(/^0x/);\n });\n\n test(\"creates storageDir when it does not yet exist\", async () => {\n const nested = join(storageDir, \"does\", \"not\", \"exist\");\n await createTestSession({ appId: \"my-app\", storageDir: nested });\n await expect(\n readFile(join(nested, \"my-app_SsoSessions.json\"), \"utf-8\"),\n ).resolves.toMatch(/^0x/);\n });\n\n test(\"generates fresh mnemonics when none are supplied\", async () => {\n const a = await createTestSession({ appId: \"a\", storageDir });\n const b = await createTestSession({ appId: \"b\", storageDir });\n expect(a.localMnemonic).not.toBe(b.localMnemonic);\n expect(a.remoteMnemonic).not.toBe(b.remoteMnemonic);\n expect(a.sessionId).not.toBe(b.sessionId);\n });\n\n test(\"respects an explicit sessionId\", async () => {\n const result = await createTestSession({\n appId: \"my-app\",\n storageDir,\n sessionId: \"pinned-id\",\n });\n expect(result.sessionId).toBe(\"pinned-id\");\n await expect(\n readFile(join(storageDir, \"my-app_UserSecrets_pinned-id.json\"), \"utf-8\"),\n ).resolves.toMatch(/^0x/);\n });\n\n test(\"respects a custom localDerivation\", async () => {\n const result = await createTestSession({\n appId: \"my-app\",\n storageDir,\n localMnemonic: LOCAL_MNEMONIC,\n remoteMnemonic: REMOTE_MNEMONIC,\n localDerivation: \"//custom//path\",\n });\n expect(result.localDerivation).toBe(\"//custom//path\");\n const expected = deriveSr25519PublicKey(\n createSr25519Secret(mnemonicToEntropy(LOCAL_MNEMONIC), \"//custom//path\"),\n );\n expect(result.localAccountId).toEqual(expected);\n });\n\n test(\"repeated calls replace the session list\", async () => {\n // Documented behavior — second call leaves only the second session\n // on disk. Callers who want multiple sessions should use separate\n // storage dirs.\n const first = await createTestSession({\n appId: \"my-app\",\n storageDir,\n sessionId: \"first\",\n });\n const second = await createTestSession({\n appId: \"my-app\",\n storageDir,\n sessionId: \"second\",\n });\n\n const hex = await readFile(join(storageDir, \"my-app_SsoSessions.json\"), \"utf-8\");\n const decoded = sessionsCodec.dec(fromHex(hex));\n expect(decoded).toHaveLength(1);\n expect(decoded[0].id).toBe(\"second\");\n // The first session's UserSecrets file is left behind (not cleaned).\n // This matches a real logout flow as well, so we don't try to hide it.\n await expect(\n readFile(join(storageDir, `my-app_UserSecrets_${first.sessionId}.json`), \"utf-8\"),\n ).resolves.toMatch(/^0x/);\n await expect(\n readFile(join(storageDir, `my-app_UserSecrets_${second.sessionId}.json`), \"utf-8\"),\n ).resolves.toMatch(/^0x/);\n });\n\n test(\"AccountIdCodec is Bytes(32) — keep this invariant if upstream changes\", () => {\n // Guards against silent upstream changes to the session-account\n // codec shape that would make our synthesized files unreadable.\n const encoded = AccountIdCodec.enc(createAccountId(new Uint8Array(32).fill(7)));\n expect(encoded).toHaveLength(32);\n });\n });\n}\n"],"mappings":";;;;;AAgBA,SAAS,WAAW;AACpB,SAAS,YAAY;AACrB,SAAS,eAAe;AACxB;AAAA,EAEI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AACP,SAAS,aAAa;AACtB;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,OACG;AACP,SAAS,OAAO,iBAAiB;AACjC,SAAS,YAAY;AACrB,SAAS,cAAc;AACvB,SAAS,OAAO,QAAQ,QAAQ,WAAW;AAK3C,IAAM,yBAAyB,OAAO;AAAA,EAClC,IAAI;AAAA,EACJ,cAAc;AAAA,EACd,eAAe;AACnB,CAAC;AACD,IAAM,gBAAgB,OAAO,sBAAsB;AAGnD,IAAM,yBAAyB,OAAO;AAAA,EAClC,UAAU,MAAM;AAAA,EAChB,YAAY,MAAM;AAAA,EAClB,SAAS,MAAM;AACnB,CAAC;AAMD,SAAS,eAAe,OAAe,WAA+B;AAClE,QAAM,MAAM,QAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,GAAG,EAAE,OAAO,GAAG,CAAC;AAClE,QAAM,QAAQ,QAAQ,IAAI,YAAY,EAAE,OAAO,OAAO,GAAG,EAAE,OAAO,GAAG,CAAC;AACtE,SAAO,MAAM,IAAI,KAAK,KAAK,EAAE,QAAQ,SAAS,CAAC;AACnD;AAGA,SAAS,sBAAsB,SAAiC;AAC5D,QAAM,OAAO,IAAI,WAAW,EAAE;AAC9B,OAAK,IAAI,oBAAoB,OAAO,CAAC;AACrC,SAAO,KAAK,OAAO,IAAI,EAAE;AAC7B;AA6FA,eAAsB,kBAAkB,SAAyD;AAC7F,QAAM,MAAM,QAAQ,YAAY,EAAE,WAAW,KAAK,CAAC;AAEnD,QAAM,gBAAgB,QAAQ,iBAAiB,iBAAiB;AAChE,QAAM,kBAAkB,QAAQ,mBAAmB;AACnD,QAAM,eAAe,kBAAkB,aAAa;AACpD,QAAM,cAAc,oBAAoB,cAAc,eAAe;AACrE,QAAM,iBAAiB,uBAAuB,WAAW;AACzD,QAAM,kBAAkB,sBAAsB,YAAY;AAE1D,QAAM,iBAAiB,QAAQ,kBAAkB,iBAAiB;AAClE,QAAM,mBAAmB,QAAQ,oBAAoB;AACrD,QAAM,gBAAgB,kBAAkB,cAAc;AACtD,QAAM,eAAe,oBAAoB,eAAe,gBAAgB;AACxE,QAAM,kBAAkB,uBAAuB,YAAY;AAC3D,QAAM,sBAAsB,KAAK,aAAa,sBAAsB,aAAa,GAAG,KAAK;AAMzF,QAAM,eAAe,KAAK,gBAAgB,iBAAiB,mBAAmB,EAAE,MAAM,GAAG,EAAE;AAE3F,QAAM,YAAY,QAAQ,aAAa,OAAO,EAAE;AAEhD,QAAM,UAAU;AAAA,IACZ,IAAI;AAAA,IACJ,cAAc,0BAA0B,gBAAgB,cAAc,GAAG,MAAS;AAAA,IAClF,eAAe;AAAA,MACX,gBAAgB,eAAe;AAAA,MAC/B;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AAEA,QAAM;AAAA,IACF,KAAK,QAAQ,YAAY,GAAG,YAAY,QAAQ,OAAO,aAAa,CAAC,OAAO;AAAA,IAC5E,MAAM,cAAc,IAAI,CAAC,OAAO,CAAC,CAAC;AAAA,IAClC;AAAA,EACJ;AAEA,QAAM,iBAAiB,QAAQ,kBAAkB;AACjD,MAAI,gBAAgB;AAChB,UAAM,UAAU,uBAAuB,IAAI;AAAA,MACvC,UAAU;AAAA,MACV,YAAY;AAAA,MACZ,SAAS;AAAA,IACb,CAAC;AACD,UAAM;AAAA,MACF;AAAA,QACI,QAAQ;AAAA,QACR,GAAG,YAAY,QAAQ,OAAO,eAAe,SAAS,EAAE,CAAC;AAAA,MAC7D;AAAA,MACA,eAAe,QAAQ,OAAO,OAAO;AAAA,MACrC;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AAAA,IACH;AAAA,IACA,gBAAgB;AAAA,IAChB,iBAAiB;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACJ;AAEA,IAAI,QAAoB;AACpB,QAAM,EAAE,UAAU,MAAM,QAAQ,YAAY,SAAS,IAAI;AACzD,QAAM,EAAE,SAAS,UAAU,GAAG,IAAI,MAAa;AAC/C,QAAM,EAAE,OAAO,IAAI,MAAa;AAChC,QAAM,EAAE,QAAQ,IAAI,MAAa;AAKjC,QAAM,iBAAiB;AACvB,QAAM,kBACF;AAEJ,MAAI;AAEJ,aAAW,YAAY;AACnB,iBAAa,MAAM,QAAQ,KAAK,OAAO,GAAG,mBAAmB,CAAC;AAAA,EAClE,CAAC;AAED,WAAS,YAAY;AACjB,QAAI;AACA,YAAM,GAAG,YAAY,EAAE,WAAW,KAAK,CAAC;AAAA,IAC5C,QAAQ;AAAA,IAER;AAAA,EACJ,CAAC;AAED,WAAS,qBAAqB,MAAM;AAChC,SAAK,4DAA4D,YAAY;AACzE,YAAM,SAAS,MAAM,kBAAkB;AAAA,QACnC,OAAO;AAAA,QACP;AAAA,QACA,eAAe;AAAA,QACf,gBAAgB;AAAA,MACpB,CAAC;AAED,YAAM,WAAW,MAAM,SAAS,KAAK,YAAY,yBAAyB,GAAG,OAAO;AACpF,aAAO,QAAQ,EAAE,QAAQ,eAAe;AAExC,YAAM,UAAU,MAAM;AAAA,QAClB,KAAK,YAAY,sBAAsB,OAAO,SAAS,OAAO;AAAA,QAC9D;AAAA,MACJ;AACA,aAAO,OAAO,EAAE,QAAQ,eAAe;AAAA,IAC3C,CAAC;AAED,SAAK,uDAAuD,YAAY;AACpE,YAAM,SAAS,MAAM,kBAAkB;AAAA,QACnC,OAAO;AAAA,QACP;AAAA,QACA,eAAe;AAAA,QACf,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,MACpB,CAAC;AAED,YAAM;AAAA,QACF,SAAS,KAAK,YAAY,yBAAyB,GAAG,OAAO;AAAA,MACjE,EAAE,SAAS,QAAQ,KAAK;AAExB,YAAM;AAAA,QACF,SAAS,KAAK,YAAY,sBAAsB,OAAO,SAAS,OAAO,GAAG,OAAO;AAAA,MACrF,EAAE,QAAQ,QAAQ,QAAQ;AAAA,IAC9B,CAAC;AAED,SAAK,mEAAmE,YAAY;AAChF,YAAM,SAAS,MAAM,kBAAkB;AAAA,QACnC,OAAO;AAAA,QACP;AAAA,QACA,eAAe;AAAA,QACf,gBAAgB;AAAA,QAChB,WAAW;AAAA,MACf,CAAC;AAED,YAAM,MAAM,MAAM,SAAS,KAAK,YAAY,yBAAyB,GAAG,OAAO;AAC/E,YAAM,UAAU,cAAc,IAAI,QAAQ,GAAG,CAAC;AAE9C,aAAO,OAAO,EAAE,aAAa,CAAC;AAC9B,aAAO,QAAQ,CAAC,EAAE,EAAE,EAAE,KAAK,gBAAgB;AAC3C,aAAO,QAAQ,CAAC,EAAE,aAAa,SAAS,EAAE,QAAQ,OAAO,cAAc;AACvE,aAAO,QAAQ,CAAC,EAAE,aAAa,GAAG,EAAE,cAAc;AAClD,aAAO,QAAQ,CAAC,EAAE,cAAc,SAAS,EAAE,QAAQ,OAAO,eAAe;AACzE,aAAO,QAAQ,CAAC,EAAE,cAAc,SAAS,EAAE,aAAa,EAAE;AAC1D,aAAO,QAAQ,CAAC,EAAE,cAAc,GAAG,EAAE,cAAc;AAAA,IACvD,CAAC;AAED,SAAK,2EAA2E,YAAY;AACxF,YAAM,SAAS,MAAM,kBAAkB;AAAA,QACnC,OAAO;AAAA,QACP;AAAA,QACA,eAAe;AAAA,QACf,gBAAgB;AAAA,MACpB,CAAC;AAED,YAAM,WAAW;AAAA,QACb,oBAAoB,kBAAkB,cAAc,GAAG,eAAe;AAAA,MAC1E;AACA,aAAO,OAAO,cAAc,EAAE,QAAQ,QAAQ;AAC9C,aAAO,OAAO,cAAc,EAAE,aAAa,EAAE;AAAA,IACjD,CAAC;AAED,SAAK,+EAA+E,YAAY;AAC5F,YAAM,QAAQ;AACd,YAAM,SAAS,MAAM,kBAAkB;AAAA,QACnC;AAAA,QACA;AAAA,QACA,eAAe;AAAA,QACf,gBAAgB;AAAA,MACpB,CAAC;AAED,YAAM,MAAM,MAAM;AAAA,QACd,KAAK,YAAY,GAAG,KAAK,gBAAgB,OAAO,SAAS,OAAO;AAAA,QAChE;AAAA,MACJ;AACA,YAAM,MAAM,QAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,GAAG,EAAE,OAAO,GAAG,CAAC;AAClE,YAAM,QAAQ,QAAQ,IAAI,YAAY,EAAE,OAAO,OAAO,GAAG,EAAE,OAAO,GAAG,CAAC;AACtE,YAAM,YAAY,IAAI,KAAK,KAAK,EAAE,QAAQ,QAAQ,GAAG,CAAC;AACtD,YAAM,UAAU,uBAAuB,IAAI,SAAS;AAEpD,aAAO,QAAQ,OAAO,EAAE,QAAQ,kBAAkB,cAAc,CAAC;AAEjE,aAAO,QAAQ,QAAQ,EAAE,aAAa,EAAE;AAExC,aAAO,QAAQ,UAAU,EAAE,aAAa,EAAE;AAAA,IAC9C,CAAC;AAED,SAAK,2DAA2D,YAAY;AACxE,YAAM,kBAAkB,EAAE,OAAO,SAAS,YAAY,WAAW,KAAK,CAAC;AACvE,YAAM,kBAAkB,EAAE,OAAO,SAAS,YAAY,WAAW,KAAK,CAAC;AAEvE,YAAM;AAAA,QACF,SAAS,KAAK,YAAY,wBAAwB,GAAG,OAAO;AAAA,MAChE,EAAE,SAAS,QAAQ,KAAK;AACxB,YAAM;AAAA,QACF,SAAS,KAAK,YAAY,wBAAwB,GAAG,OAAO;AAAA,MAChE,EAAE,SAAS,QAAQ,KAAK;AAAA,IAC5B,CAAC;AAED,SAAK,4CAA4C,YAAY;AACzD,YAAM,kBAAkB;AAAA,QACpB,OAAO;AAAA,QACP;AAAA,QACA,WAAW;AAAA,MACf,CAAC;AACD,YAAM;AAAA,QACF,SAAS,KAAK,YAAY,kCAAkC,GAAG,OAAO;AAAA,MAC1E,EAAE,SAAS,QAAQ,KAAK;AAAA,IAC5B,CAAC;AAED,SAAK,iDAAiD,YAAY;AAC9D,YAAM,SAAS,KAAK,YAAY,QAAQ,OAAO,OAAO;AACtD,YAAM,kBAAkB,EAAE,OAAO,UAAU,YAAY,OAAO,CAAC;AAC/D,YAAM;AAAA,QACF,SAAS,KAAK,QAAQ,yBAAyB,GAAG,OAAO;AAAA,MAC7D,EAAE,SAAS,QAAQ,KAAK;AAAA,IAC5B,CAAC;AAED,SAAK,oDAAoD,YAAY;AACjE,YAAM,IAAI,MAAM,kBAAkB,EAAE,OAAO,KAAK,WAAW,CAAC;AAC5D,YAAM,IAAI,MAAM,kBAAkB,EAAE,OAAO,KAAK,WAAW,CAAC;AAC5D,aAAO,EAAE,aAAa,EAAE,IAAI,KAAK,EAAE,aAAa;AAChD,aAAO,EAAE,cAAc,EAAE,IAAI,KAAK,EAAE,cAAc;AAClD,aAAO,EAAE,SAAS,EAAE,IAAI,KAAK,EAAE,SAAS;AAAA,IAC5C,CAAC;AAED,SAAK,kCAAkC,YAAY;AAC/C,YAAM,SAAS,MAAM,kBAAkB;AAAA,QACnC,OAAO;AAAA,QACP;AAAA,QACA,WAAW;AAAA,MACf,CAAC;AACD,aAAO,OAAO,SAAS,EAAE,KAAK,WAAW;AACzC,YAAM;AAAA,QACF,SAAS,KAAK,YAAY,mCAAmC,GAAG,OAAO;AAAA,MAC3E,EAAE,SAAS,QAAQ,KAAK;AAAA,IAC5B,CAAC;AAED,SAAK,qCAAqC,YAAY;AAClD,YAAM,SAAS,MAAM,kBAAkB;AAAA,QACnC,OAAO;AAAA,QACP;AAAA,QACA,eAAe;AAAA,QACf,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,MACrB,CAAC;AACD,aAAO,OAAO,eAAe,EAAE,KAAK,gBAAgB;AACpD,YAAM,WAAW;AAAA,QACb,oBAAoB,kBAAkB,cAAc,GAAG,gBAAgB;AAAA,MAC3E;AACA,aAAO,OAAO,cAAc,EAAE,QAAQ,QAAQ;AAAA,IAClD,CAAC;AAED,SAAK,2CAA2C,YAAY;AAIxD,YAAM,QAAQ,MAAM,kBAAkB;AAAA,QAClC,OAAO;AAAA,QACP;AAAA,QACA,WAAW;AAAA,MACf,CAAC;AACD,YAAM,SAAS,MAAM,kBAAkB;AAAA,QACnC,OAAO;AAAA,QACP;AAAA,QACA,WAAW;AAAA,MACf,CAAC;AAED,YAAM,MAAM,MAAM,SAAS,KAAK,YAAY,yBAAyB,GAAG,OAAO;AAC/E,YAAM,UAAU,cAAc,IAAI,QAAQ,GAAG,CAAC;AAC9C,aAAO,OAAO,EAAE,aAAa,CAAC;AAC9B,aAAO,QAAQ,CAAC,EAAE,EAAE,EAAE,KAAK,QAAQ;AAGnC,YAAM;AAAA,QACF,SAAS,KAAK,YAAY,sBAAsB,MAAM,SAAS,OAAO,GAAG,OAAO;AAAA,MACpF,EAAE,SAAS,QAAQ,KAAK;AACxB,YAAM;AAAA,QACF,SAAS,KAAK,YAAY,sBAAsB,OAAO,SAAS,OAAO,GAAG,OAAO;AAAA,MACrF,EAAE,SAAS,QAAQ,KAAK;AAAA,IAC5B,CAAC;AAED,SAAK,8EAAyE,MAAM;AAGhF,YAAM,UAAU,eAAe,IAAI,gBAAgB,IAAI,WAAW,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;AAC9E,aAAO,OAAO,EAAE,aAAa,EAAE;AAAA,IACnC,CAAC;AAAA,EACL,CAAC;AACL;","names":[]}

package/package.json ADDED Viewed

@@ -0,0 +1,64 @@
+{
+  "name": "@parity/product-sdk-terminal",
+  "description": "QR code login and signing for CLI/terminal apps via Polkadot mobile wallet pairing",
+  "version": "0.1.0",
+  "type": "module",
+  "sideEffects": [
+    "./dist/register.js"
+  ],
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./register": {
+      "types": "./dist/register.d.ts",
+      "import": "./dist/register.js"
+    },
+    "./testing": {
+      "types": "./dist/testing.d.ts",
+      "import": "./dist/testing.js"
+    }
+  },
+  "files": [
+    "dist",
+    "scripts"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@noble/ciphers": "^2.1.0",
+    "@noble/curves": "^2.0.1",
+    "@noble/hashes": "^2.0.1",
+    "@novasamatech/host-papp": "^0.7.7",
+    "@novasamatech/statement-store": "^0.7.7",
+    "@novasamatech/storage-adapter": "^0.7.7",
+    "@polkadot-api/utils": "^0.4.0",
+    "@polkadot-api/ws-provider": "^0.9.0",
+    "@polkadot-labs/hdkd-helpers": "^0.0.27",
+    "nanoid": "^5.1.7",
+    "neverthrow": "^8.2.0",
+    "polkadot-api": "^2.1.2",
+    "qrcode": "^1.5.4",
+    "scale-ts": "^1.6.1",
+    "@parity/product-sdk-logger": "0.1.1"
+  },
+  "devDependencies": {
+    "@types/qrcode": "^1.5.5",
+    "tsup": "^8.4.0",
+    "typescript": "^5.9.3",
+    "vitest": "^3.1.4"
+  },
+  "license": "Apache-2.0",
+  "scripts": {
+    "postinstall": "bash scripts/patch-wasm.sh",
+    "build": "tsup",
+    "clean": "rm -rf dist",
+    "pretest": "tsup",
+    "test": "vitest run"
+  }
+}

package/scripts/patch-wasm.sh ADDED Viewed

@@ -0,0 +1,27 @@
+#!/bin/bash
+# Patch verifiablejs/bundler to load WASM via base64 embed instead of inline import.
+# Required for bun runtime. Node.js/tsx users should use the ESM loader hook instead:
+#   --import @polkadot-apps/terminal/register
+BUNDLER_JS=$(find node_modules -path "*/verifiablejs/pkg-bundler/verifiablejs.js" 2>/dev/null | head -1)
+[ -z "$BUNDLER_JS" ] && exit 0
+# Skip if already patched
+head -1 "$BUNDLER_JS" | grep -q "__wbg_set_wasm" && exit 0
+BUNDLER_DIR=$(dirname "$BUNDLER_JS")
+# -w 0 disables line wrapping on Linux; -i is macOS flag
+WASM_B64=$(base64 -w 0 "$BUNDLER_DIR/verifiablejs_bg.wasm" 2>/dev/null || base64 -i "$BUNDLER_DIR/verifiablejs_bg.wasm" 2>/dev/null || base64 "$BUNDLER_DIR/verifiablejs_bg.wasm")
+cat > "$BUNDLER_JS" << SHIM
+import { __wbg_set_wasm } from "./verifiablejs_bg.js";
+import * as bg from "./verifiablejs_bg.js";
+const wasmBytes = Uint8Array.from(atob("$WASM_B64"), c => c.charCodeAt(0));
+const wasmModule = new WebAssembly.Module(wasmBytes);
+const wasmInstance = new WebAssembly.Instance(wasmModule, { "./verifiablejs_bg.js": bg });
+__wbg_set_wasm(wasmInstance.exports);
+wasmInstance.exports.__wbindgen_start();
+export * from "./verifiablejs_bg.js";
+SHIM