@portal-hq/web 3.6.2-alpha → 3.7.0

package/hypernative.d.ts

@@ -0,0 +1,346 @@
+export type ScreenAddressRequestOptions = {
+  screenerPolicyId?: string
+}
+
+export interface ScreenAddressApiResponse {
+  data: {
+    rawResponse: ScreenAddressResponse[]
+  }
+}
+
+export interface ScanEVMRequest {
+  transaction: TransactionObject
+  url?: string
+  blockNumber?: number
+  validateNonce?: boolean
+  showFullFindings?: boolean
+  policy?: string
+}
+
+export interface ScanEVMResponse {
+  data: {
+    rawResponse: {
+      success: boolean
+      data: TransactionRiskData
+      error: string | null
+      version?: string
+      service?: string
+    }
+  }
+}
+
+export interface ScanEip712Request {
+  walletAddress: string
+  chainId: string
+  eip712Message: Eip712TypedData
+  showFullFindings?: boolean
+  policy?: string
+}
+
+export interface ScanEip712Response {
+  data: {
+    rawResponse: {
+      success: boolean
+      data: TypedMessageRiskData
+      error: string | null
+      version?: string
+      service?: string
+    }
+  }
+}
+
+export interface ScanSolanaRequest {
+  transaction: SolanaTransaction
+  url?: string
+  validateRecentBlockHash?: boolean
+  showFullFindings?: boolean
+  policy?: string
+}
+
+export interface ScanSolanaResponse {
+  data: {
+    rawResponse: {
+      success: boolean
+      data: SolanaTransactionRiskData
+      error: string | null
+      version?: string
+      service?: string
+    }
+  }
+}
+
+export type ScanNftsRequest = ScanNftRequestItem[]
+
+export interface ScanNftsResponse {
+  data: {
+    rawResponse: {
+      success: boolean
+      data: {
+        nfts: ScanNftResponseItem[]
+      }
+      error: string | null
+      version?: string
+      service?: string
+    }
+  }
+}
+
+export type ScanTokensRequest = ScanTokenRequestItem[]
+
+export interface ScanTokensResponse {
+  data: {
+    rawResponse: {
+      success: boolean
+      data: {
+        tokens: ScanTokenResponseItem[]
+      }
+      error: string | null
+      version?: string
+      service?: string
+    }
+  }
+}
+
+export type ScanUrlRequest = string
+
+export interface ScanUrlResponse {
+  data: {
+    rawResponse: {
+      success: boolean
+      data: {
+        isMalicious: boolean
+        deepScanTriggered?: boolean
+      }
+      error: string | null
+      version?: string
+      service?: string
+    }
+  }
+}
+
+export interface ScreenAddressResponse {
+  address: string
+  recommendation: string
+  severity: string
+  totalIncomingUsd: number
+  policyId: string
+  timestamp: string
+  flags: Flag[]
+}
+
+export interface Flag {
+  title: string
+  flagId: string
+  chain: string
+  severity: string
+  lastUpdate?: string
+  events: HypernativeEvent[]
+  exposures: Exposure[]
+}
+
+export interface HypernativeEvent {
+  eventId: string
+  address: string
+  chain: string
+  flagId: string
+  timestampEvent: string
+  txHash: string
+  direction: string
+  hop: number
+  counterpartyAddress: string
+  counterpartyAlias?: string
+  counterpartyFlagId: string
+  tokenSymbol: string
+  tokenAmount: number
+  tokenUsdValue: number
+  reason: string
+  source: string
+  originalFlaggedAddress: string
+  originalFlaggedAlias?: string
+  originalFlaggedChain: string
+}
+
+export interface Exposure {
+  exposurePortion: number
+  exposureType?: string
+  totalExposureUsd: number
+  flaggedInteractions: FlaggedInteraction[]
+}
+
+export interface FlaggedInteraction {
+  address: string
+  chain: string
+  alias?: string
+  minHop: number
+  totalExposureUsd: number
+}
+
+export interface TransactionRiskData {
+  assessmentId?: string
+  assessmentTimestamp?: string
+  recommendation: 'accept' | 'notes' | 'warn' | 'deny' | 'autoAccept'
+  expectedStatus?: 'success' | 'fail'
+  findings?: Finding[]
+  involvedAssets?: Asset[]
+  balanceChanges?: Record<string, BalanceChange[]> | null
+  parsedActions?: Record<string, unknown[]>
+  blockNumber?: number
+  riIds?: string[]
+  signature?: string
+}
+
+export interface TypedMessageRiskData {
+  assessmentId?: string
+  assessmentTimestamp?: string
+  blockNumber?: number
+  recommendation: 'accept' | 'notes' | 'warn' | 'deny' | 'autoAccept'
+  findings?: Finding[]
+  involvedAssets?: Asset[]
+  parsedActions?: Record<string, unknown[]>
+  riIds?: string[]
+}
+
+export interface SolanaTransactionRiskData {
+  recommendation: 'accept' | 'notes' | 'warn' | 'deny' | 'autoAccept'
+  expectedStatus?: 'success' | 'fail'
+  findings?: Finding[]
+  involvedAssets?: Asset[]
+  balanceChanges?: Record<string, BalanceChange[]> | null
+  parsedActions?: Record<string, unknown[]>
+  blockNumber?: number
+  riIds?: string[]
+}
+
+export interface Finding {
+  typeId: string
+  title: string
+  description: string
+  details?: string
+  severity: 'Accept' | 'Notes' | 'Warn' | 'Deny' | 'AutoAccept'
+  relatedAssets?: Asset[]
+}
+
+export interface Asset {
+  chain: string
+  evmChainId?: string
+  address: string
+  type: 'Wallet' | 'Contract'
+  involvementTypes: string[]
+  tag: string
+  alias?: string
+  note?: string
+}
+
+export interface BalanceChange {
+  changeType: 'send' | 'receive'
+  tokenSymbol: string
+  tokenAddress?: string
+  usdValue?: string
+  amount: string
+  chain: string
+  evmChainId?: string
+}
+
+export interface ScanNftRequestItem {
+  address: string
+  chain?: string
+  evmChainId?: number | string
+}
+
+export interface ScanNftResponseItem {
+  address: string
+  chain: string
+  evmChainId: string
+  accept: boolean
+}
+
+export interface ScanTokenRequestItem {
+  address: string
+  chain?: string
+  evmChainId?: number | string
+}
+
+export interface ScanTokenResponseItem {
+  address: string
+  chain: string
+  reputation?: {
+    recommendation: 'accept' | 'deny'
+  }
+}
+
+export interface TransactionObject {
+  chain: string
+  fromAddress: string
+  toAddress: string
+  input?: string
+  value?: string | number
+  nonce?: string | number
+  hash?: string
+  gas?: string | number
+  gasPrice?: string | number
+  maxPriorityFeePerGas?: string | number
+  maxFeePerGas?: string | number
+}
+
+export interface Eip712TypeProperty {
+  name: string
+  type: string
+}
+
+export type Eip712Value =
+  | string
+  | number
+  | boolean
+  | null
+  | undefined
+  | Eip712Value[]
+  | { [key: string]: Eip712Value }
+
+export interface Eip712Domain {
+  name?: string
+  version?: string
+  chainId?: number | string
+  verifyingContract?: string
+  salt?: string
+  [key: string]: Eip712Value
+}
+
+export interface Eip712TypedData {
+  primaryType: string
+  types: Record<string, Eip712TypeProperty[]>
+  domain: Eip712Domain
+  message: Record<string, Eip712Value>
+}
+
+export interface SolanaHeader {
+  numRequiredSignatures?: number
+  numReadonlySignedAccounts?: number
+  numReadonlyUnsignedAccounts?: number
+}
+
+export interface SolanaInstruction {
+  accounts: number[]
+  data: string
+  programIdIndex: number
+}
+
+export interface AddressTableLookup {
+  accountKey: string
+  writableIndexes: number[]
+  readonlyIndexes: number[]
+}
+
+export interface SolanaMessage {
+  accountKeys: string[]
+  header: SolanaHeader
+  instructions: SolanaInstruction[]
+  addressTableLookups?: AddressTableLookup[]
+  recentBlockhash: string
+}
+
+export interface SolanaTransaction {
+  message?: SolanaMessage
+  signatures?: string[]
+  rawTransaction?: string
+  version?: 'legacy' | '0'
+}

package/lib/commonjs/index.js

@@ -41,6 +41,8 @@ const mpc_1 = __importDefault(require("./mpc"));
 const provider_1 = __importStar(require("./provider"));
 const yield_1 = __importDefault(require("./integrations/yield"));
 const trading_1 = __importDefault(require("./integrations/trading"));
+const security_1 = __importDefault(require("./integrations/security"));
+const passkeys_1 = __importDefault(require("./passkeys"));
 class Portal {
     get ready() {
         return this.mpc.ready;
@@ -85,6 +87,7 @@ class Portal {
         });
         this.yield = new yield_1.default({ mpc: this.mpc });
         this.trading = new trading_1.default({ mpc: this.mpc });
+        this.security = new security_1.default({ mpc: this.mpc });
         this.provider = new provider_1.default({
             portal: this,
             chainId: chainId ? Number(chainId) : undefined,
@@ -148,6 +151,98 @@ class Portal {
             return address;
         });
     }
+    generateBackupShare(progress = () => {
+        // Noop
+    }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield this.mpc.backup({
+                backupMethod: BackupMethods.custom,
+                backupConfigs: {},
+                host: this.host,
+                mpcVersion: this.mpcVersion,
+                featureFlags: this.featureFlags,
+            }, progress);
+            if (!response.encryptionKey) {
+                throw new Error('[Portal] Custom backup did not return an encryption key. Please ensure you are using the latest iframe bundle.');
+            }
+            return {
+                cipherText: response.cipherText,
+                encryptionKey: response.encryptionKey,
+            };
+        });
+    }
+    registerPasskeyAndStoreEncryptionKey(cipherText, encryptionKey, options = {}) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { service, customDomain, relyingPartyId, relyingPartyName } = this.resolvePasskeyOptions(options);
+            yield service.registerPasskeyAndStoreKey({
+                customDomain,
+                relyingPartyName,
+                encryptionKey,
+                relyingPartyId,
+                cipherText,
+            });
+        });
+    }
+    authenticatePasskeyAndRetrieveKey(options = {}) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { service, customDomain, relyingPartyId, relyingPartyName } = this.resolvePasskeyOptions(options);
+            return yield service.authenticatePasskeyAndRetrieveKey({
+                customDomain,
+                relyingPartyName,
+                relyingPartyId,
+            });
+        });
+    }
+    /**
+     * Register a passkey without tying it to an encryption key.
+     * The encryption key can be stored later using authenticatePasskeyAndWriteKey.
+     */
+    registerPasskey(options = {}) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { service, customDomain, relyingPartyId, relyingPartyName } = this.resolvePasskeyOptions(options);
+            yield service.registerPasskey({
+                customDomain,
+                relyingPartyName,
+                relyingPartyId,
+            });
+        });
+    }
+    /**
+     * Authenticate with passkey and store an encryption key.
+     * Used after registerPasskey to associate an encryption key with the passkey.
+     */
+    authenticatePasskeyAndWriteKey(encryptionKey, options = {}) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { service, customDomain, relyingPartyId, relyingPartyName } = this.resolvePasskeyOptions(options);
+            yield service.authenticatePasskeyAndWriteKey({
+                customDomain,
+                relyingPartyName,
+                relyingPartyId,
+                encryptionKey,
+            });
+        });
+    }
+    backupWithPasskey(options = {}, progress = () => {
+        // Noop
+    }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { usePopup = true, customDomain, relyingPartyName, backupMethod = BackupMethods.passkey, } = options;
+            if (usePopup) {
+                yield this.backupWallet(backupMethod, progress, {});
+                return;
+            }
+            if (backupMethod !== BackupMethods.passkey) {
+                throw new Error(`[Portal] Direct passkey backup currently supports only BackupMethods.passkey (received ${backupMethod}).`);
+            }
+            const { cipherText, encryptionKey } = yield this.generateBackupShare(progress);
+            yield this.registerPasskeyAndStoreEncryptionKey(cipherText, encryptionKey, {
+                customDomain,
+                relyingPartyName,
+                usePopup,
+            });
+            yield this.storedClientBackupShare(true, BackupMethods.passkey);
+        });
+    }
     backupWallet(backupMethod, progress = () => {
         // Noop
     }, backupConfigs = {}) {
@@ -361,6 +456,7 @@ class Portal {
                             chainId,
                             method: 'eth_sendTransaction',
                             params: [buildTxResponse.transaction],
+                            sponsorGas: params.sponsorGas,
                         });
                         break;
                     }
@@ -369,6 +465,7 @@ class Portal {
                             chainId,
                             method: 'sol_signAndSendTransaction',
                             params: [buildTxResponse.transaction],
+                            sponsorGas: params.sponsorGas,
                         });
                         break;
                     }
@@ -711,7 +808,7 @@ class Portal {
     getQuote(apiKey, args, chainId) {
         var _a;
         return __awaiter(this, void 0, void 0, function* () {
-            return (_a = this.mpc) === null || _a === void 0 ? void 0 : _a.getQuote(apiKey, args, chainId);
+            return (_a = this.mpc) === null || _a === void 0 ? void 0 : _a.getQuote(chainId, args, apiKey);
         });
     }
     /**
@@ -720,7 +817,7 @@ class Portal {
     getSources(apiKey, chainId) {
         var _a;
         return __awaiter(this, void 0, void 0, function* () {
-            return (_a = this.mpc) === null || _a === void 0 ? void 0 : _a.getSources(apiKey, chainId);
+            return (_a = this.mpc) === null || _a === void 0 ? void 0 : _a.getSources(chainId, apiKey);
         });
     }
     /*******************************
@@ -808,6 +905,50 @@ class Portal {
         }
         return chainId;
     }
+    ensurePasskeyService() {
+        const defaultDomain = this.getDefaultPasskeyDomain();
+        if (!this.passkeyService ||
+            this.passkeyServiceDefaultDomain !== defaultDomain) {
+            this.passkeyService = new passkeys_1.default({
+                defaultDomain,
+                getJwt: () => this.mpc.getPasskeyJwt(),
+            });
+            this.passkeyServiceDefaultDomain = defaultDomain;
+        }
+        return this.passkeyService;
+    }
+    getDefaultPasskeyDomain() {
+        var _a, _b;
+        return (_b = (_a = this.passkeyConfig) === null || _a === void 0 ? void 0 : _a.webAuthnHost) !== null && _b !== void 0 ? _b : 'backup.web.portalhq.io';
+    }
+    extractRpId(domain) {
+        const targetDomain = domain !== null && domain !== void 0 ? domain : this.getDefaultPasskeyDomain();
+        try {
+            const normalized = targetDomain.startsWith('http')
+                ? targetDomain
+                : `https://${targetDomain}`;
+            return new URL(normalized).hostname;
+        }
+        catch (_a) {
+            return targetDomain;
+        }
+    }
+    resolvePasskeyOptions(options) {
+        var _a, _b, _c, _d, _e;
+        if (options.usePopup) {
+            throw new Error('[Portal] This method does not support the popup flow. Use usePopup: false.');
+        }
+        const service = this.ensurePasskeyService();
+        const domain = (_a = options.customDomain) !== null && _a !== void 0 ? _a : this.getDefaultPasskeyDomain();
+        const relyingPartyId = (_b = options.relyingPartyId) !== null && _b !== void 0 ? _b : this.extractRpId(domain);
+        const relyingPartyName = (_e = (_c = options.relyingPartyName) !== null && _c !== void 0 ? _c : (_d = this.passkeyConfig) === null || _d === void 0 ? void 0 : _d.relyingParty) !== null && _e !== void 0 ? _e : 'Portal';
+        return {
+            service,
+            customDomain: options.customDomain,
+            relyingPartyId,
+            relyingPartyName,
+        };
+    }
 }
 var mpc_2 = require("./mpc");
 Object.defineProperty(exports, "MpcError", { enumerable: true, get: function () { return mpc_2.MpcError; } });
@@ -833,6 +974,7 @@ var BackupMethods;
     BackupMethods["gdrive"] = "GDRIVE";
     BackupMethods["password"] = "PASSWORD";
     BackupMethods["passkey"] = "PASSKEY";
+    BackupMethods["custom"] = "CUSTOM";
     BackupMethods["unknown"] = "UNKNOWN";
 })(BackupMethods = exports.BackupMethods || (exports.BackupMethods = {}));
 var GetTransactionsOrder;

package/lib/commonjs/index.test.js

@@ -144,6 +144,123 @@ describe('Portal', () => {
             }, mockProgressFn);
         }));
     });
+    describe('generateBackupShare', () => {
+        it('should request a custom backup and return cipherText and encryptionKey', () => __awaiter(void 0, void 0, void 0, function* () {
+            const storageCallback = jest.fn().mockResolvedValue(undefined);
+            portal.mpc.backup.mockResolvedValueOnce({
+                cipherText: constants_1.mockCipherText,
+                encryptionKey: 'manual-key',
+                storageCallback,
+            });
+            const result = yield portal.generateBackupShare();
+            expect(result).toEqual({
+                cipherText: constants_1.mockCipherText,
+                encryptionKey: 'manual-key',
+            });
+            expect(portal.mpc.backup).toHaveBeenCalledWith({
+                backupMethod: _1.BackupMethods.custom,
+                backupConfigs: {},
+                host: 'web.portalhq.io',
+                mpcVersion: 'v6',
+                featureFlags: {},
+            }, expect.any(Function));
+        }));
+        it('should throw if the iframe response does not contain an encryption key', () => __awaiter(void 0, void 0, void 0, function* () {
+            ;
+            portal.mpc.backup.mockResolvedValueOnce({
+                cipherText: constants_1.mockCipherText,
+                storageCallback: jest.fn(),
+            });
+            yield expect(portal.generateBackupShare()).rejects.toThrow('Custom backup did not return an encryption key');
+        }));
+    });
+    describe('registerPasskeyAndStoreEncryptionKey', () => {
+        it('should delegate to the passkey service with computed relying party data', () => __awaiter(void 0, void 0, void 0, function* () {
+            const passkeyServiceMock = {
+                registerPasskeyAndStoreKey: jest.fn().mockResolvedValue(undefined),
+            };
+            portal.passkeyService = passkeyServiceMock;
+            portal.passkeyServiceDefaultDomain = 'backup.web.portalhq.io';
+            portal.passkeyServiceApiKey = portal.apiKey;
+            yield portal.registerPasskeyAndStoreEncryptionKey(constants_1.mockCipherText, 'manual-key');
+            expect(passkeyServiceMock.registerPasskeyAndStoreKey).toHaveBeenCalledTimes(1);
+            expect(passkeyServiceMock.registerPasskeyAndStoreKey).toHaveBeenCalledWith(expect.objectContaining({
+                customDomain: undefined,
+                encryptionKey: 'manual-key',
+                relyingPartyId: 'backup.web.portalhq.io',
+                relyingPartyName: 'Portal',
+                cipherText: constants_1.mockCipherText,
+            }));
+        }));
+        it('should throw when usePopup is requested', () => __awaiter(void 0, void 0, void 0, function* () {
+            yield expect(portal.registerPasskeyAndStoreEncryptionKey(constants_1.mockCipherText, 'manual-key', { usePopup: true })).rejects.toThrow('does not support the popup flow');
+        }));
+    });
+    describe('authenticatePasskeyAndRetrieveKey', () => {
+        it('should invoke the passkey service for direct authentication', () => __awaiter(void 0, void 0, void 0, function* () {
+            const passkeyServiceMock = {
+                authenticatePasskeyAndRetrieveKey: jest
+                    .fn()
+                    .mockResolvedValue('retrieved-key'),
+            };
+            portal.passkeyService = passkeyServiceMock;
+            portal.passkeyServiceDefaultDomain = 'backup.web.portalhq.io';
+            portal.passkeyServiceApiKey = portal.apiKey;
+            const key = yield portal.authenticatePasskeyAndRetrieveKey();
+            expect(key).toEqual('retrieved-key');
+            expect(passkeyServiceMock.authenticatePasskeyAndRetrieveKey).toHaveBeenCalledWith(expect.objectContaining({
+                customDomain: undefined,
+                relyingPartyId: 'backup.web.portalhq.io',
+                relyingPartyName: 'Portal',
+            }));
+        }));
+        it('should throw when usePopup is true', () => __awaiter(void 0, void 0, void 0, function* () {
+            yield expect(portal.authenticatePasskeyAndRetrieveKey({ usePopup: true })).rejects.toThrow('does not support the popup flow');
+        }));
+    });
+    describe('backupWithPasskey', () => {
+        it('should orchestrate the direct passkey flow when usePopup is false', () => __awaiter(void 0, void 0, void 0, function* () {
+            const directShare = {
+                cipherText: constants_1.mockCipherText,
+                encryptionKey: 'manual-key',
+            };
+            const generateSpy = jest
+                .spyOn(portal, 'generateBackupShare')
+                .mockResolvedValue(directShare);
+            const registerSpy = jest
+                .spyOn(portal, 'registerPasskeyAndStoreEncryptionKey')
+                .mockResolvedValue(undefined);
+            const storedClientBackupShareSpy = jest
+                .spyOn(portal, 'storedClientBackupShare')
+                .mockResolvedValue(undefined);
+            yield portal.backupWithPasskey({
+                usePopup: false,
+                customDomain: 'passkeys.wigwam.app',
+                relyingPartyName: 'Wigwam',
+            }, undefined);
+            expect(generateSpy).toHaveBeenCalledTimes(1);
+            expect(registerSpy).toHaveBeenCalledWith(directShare.cipherText, directShare.encryptionKey, expect.objectContaining({
+                customDomain: 'passkeys.wigwam.app',
+                relyingPartyName: 'Wigwam',
+                usePopup: false,
+            }));
+            expect(storedClientBackupShareSpy).toHaveBeenCalledWith(true, _1.BackupMethods.passkey);
+            generateSpy.mockRestore();
+            registerSpy.mockRestore();
+            storedClientBackupShareSpy.mockRestore();
+        }));
+        it('should fall back to the legacy popup flow when usePopup is true', () => __awaiter(void 0, void 0, void 0, function* () {
+            const progress = jest.fn();
+            yield portal.backupWithPasskey({}, progress);
+            expect(portal.mpc.backup).toHaveBeenCalledWith({
+                backupMethod: _1.BackupMethods.passkey,
+                backupConfigs: {},
+                host: 'web.portalhq.io',
+                mpcVersion: 'v6',
+                featureFlags: {},
+            }, progress);
+        }));
+    });
     describe('recoverWallet', () => {
         it('should successfully recover a wallet and call mpc.recover correctly', () => __awaiter(void 0, void 0, void 0, function* () {
             const mockProgressFn = jest.fn();
@@ -565,14 +682,14 @@ describe('Portal', () => {
         it('should correctly call mpc.getQuote', () => __awaiter(void 0, void 0, void 0, function* () {
             yield portal.getQuote('test', constants_1.mockQuoteArgs, 'eip155:1');
             expect(portal.mpc.getQuote).toHaveBeenCalledTimes(1);
-            expect(portal.mpc.getQuote).toHaveBeenCalledWith('test', constants_1.mockQuoteArgs, 'eip155:1');
+            expect(portal.mpc.getQuote).toHaveBeenCalledWith('eip155:1', constants_1.mockQuoteArgs, 'test');
         }));
     });
     describe('getSources', () => {
         it('should correctly call mpc.getSources', () => __awaiter(void 0, void 0, void 0, function* () {
             yield portal.getSources('test', 'eip155:1');
             expect(portal.mpc.getSources).toHaveBeenCalledTimes(1);
-            expect(portal.mpc.getSources).toHaveBeenCalledWith('test', 'eip155:1');
+            expect(portal.mpc.getSources).toHaveBeenCalledWith('eip155:1', 'test');
         }));
     });
     describe('storedClientBackupShare', () => {