@prism-ing/wallet 0.1.0

package/dist/internal/recovery-manager.js

@@ -0,0 +1,161 @@
+/**
+ * Recovery manager — rotates the smart contract's authorized signer.
+ *
+ * @remarks
+ * Never touches private keys. EVM recovery uses ZeroDev Social Recovery
+ * (removeValidator(old) + addValidator(new)). Solana recovery uses Squads V4
+ * (multisigAddMember(new) + multisigRemoveMember(old)).
+ *
+ * Both on-chain backends are injected via {@link RecoveryBackends} so
+ * that the wallet package itself carries no runtime dependency on
+ * `@zerodev/sdk` or `@sqds/multisig`.
+ *
+ * @internal
+ */
+import { bytesToHex, concatBytes } from '@noble/hashes/utils';
+import { keccak_256 } from '@noble/hashes/sha3';
+import { toAddress } from '../result.js';
+import { walletErrors } from '../errors.js';
+const textEncoder = new TextEncoder();
+const RECOVERY_DOMAIN_TAG = textEncoder.encode('prism-recovery-v1');
+// ---------------------------------------------------------------------------
+// Factory
+// ---------------------------------------------------------------------------
+/**
+ * Create a recovery manager for the given wallet signer.
+ *
+ * @param currentSignerEvmAddress - The EVM address of the current authorized signer.
+ * @param currentSignerSolanaAddress - The Solana address of the current authorized signer.
+ * @param backends - Injected on-chain recovery backends.
+ * @returns A fully-wired {@link RecoveryManager}.
+ *
+ * @internal
+ */
+export function createRecoveryManager(currentSignerEvmAddress, currentSignerSolanaAddress, backends) {
+    let passkeyCredentialId;
+    const manager = {
+        async setupPasskey() {
+            if (backends.passkey === undefined) {
+                throw toWalletErrorException(walletErrors.enclaveUnavailable('passkey'));
+            }
+            const credential = await backends.passkey.register('prism.xyz');
+            passkeyCredentialId = credential.id;
+            if (backends.evm !== undefined) {
+                // Derive a temporary guardian address from passkey pubkey bytes
+                const passkeyGuardianAddress = deriveAddressFromPasskey(credential.publicKey);
+                await backends.evm.addGuardian(passkeyGuardianAddress);
+            }
+            return { id: credential.id, type: 'passkey' };
+        },
+        async addDeviceGuardian(deviceEvmAddress, deviceSolanaAddress) {
+            if (backends.evm !== undefined) {
+                await backends.evm.addGuardian(deviceEvmAddress);
+            }
+            if (backends.solana !== undefined) {
+                await backends.solana.addMember(deviceSolanaAddress);
+            }
+        },
+        async addContactGuardian(ethAddress) {
+            if (backends.evm === undefined) {
+                throw toWalletErrorException(walletErrors.recoveryGuardianInvalid(ethAddress, 'EVM recovery backend not configured'));
+            }
+            await backends.evm.addGuardian(ethAddress);
+        },
+        async initiateRecovery(newSigner) {
+            // Generate guardian proof with dynamic challenge (prevents replay attacks)
+            const guardianProof = await getGuardianProof(backends, passkeyCredentialId, currentSignerEvmAddress, newSigner.evmAddress);
+            // Reject recovery when no backends can verify the proof.
+            // If EVM or Solana backends are present, they handle proof validation.
+            // If only a passkey backend exists but no proof was obtained, reject.
+            const hasRecoveryBackend = backends.evm !== undefined || backends.solana !== undefined;
+            if (guardianProof.length === 0 && !hasRecoveryBackend) {
+                throw toWalletErrorException(walletErrors.recoveryGuardianInvalid(newSigner.evmAddress, 'No guardian proof available and no recovery backends configured. Set up a passkey, device, or contact guardian before initiating recovery.'));
+            }
+            // Rotate EVM signer
+            let evmTxId = '';
+            if (backends.evm !== undefined) {
+                evmTxId = await backends.evm.rotateValidator(currentSignerEvmAddress, newSigner.evmAddress, guardianProof);
+            }
+            // Rotate Solana signer
+            let solanaTxId = '';
+            if (backends.solana !== undefined) {
+                solanaTxId = await backends.solana.rotateMember(currentSignerSolanaAddress, newSigner.solanaAddress, guardianProof);
+            }
+            return {
+                recoveryId: evmTxId || solanaTxId || 'recovery-pending',
+                status: 'pending',
+                newEvmAddress: newSigner.evmAddress,
+                newSolanaAddress: newSigner.solanaAddress,
+            };
+        },
+    };
+    return manager;
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/**
+ * Derive a deterministic EVM address from a passkey public key.
+ * Hashes the public key with keccak256 and takes the last 20 bytes,
+ * matching standard Ethereum address derivation from a public key.
+ *
+ * @internal
+ */
+function deriveAddressFromPasskey(publicKey) {
+    const hash = keccak_256(publicKey);
+    const raw = `0x${bytesToHex(hash.slice(12))}`;
+    // Safe to use value directly — keccak256 output always produces valid 20-byte addresses
+    const result = toAddress(raw);
+    if (!result.ok) {
+        throw new Error(`Invalid derived address: ${raw}`);
+    }
+    return result.value;
+}
+/**
+ * Build a dynamic recovery challenge that binds to the specific recovery operation.
+ *
+ * @remarks
+ * The challenge includes:
+ * - A domain tag ("prism-recovery-v1") to prevent cross-protocol replay
+ * - The current signer address being rotated away
+ * - The new signer address being rotated to
+ * - A timestamp to prevent replay of old proofs
+ *
+ * This is hashed with keccak256 to produce a fixed-size challenge.
+ *
+ * @internal
+ */
+export function buildRecoveryChallenge(currentSigner, newSigner) {
+    const currentBytes = textEncoder.encode(currentSigner);
+    const newBytes = textEncoder.encode(newSigner);
+    // Quantize timestamp to 5-minute windows to allow for clock drift
+    // while still preventing replay beyond that window
+    const timestampWindow = Math.floor(Date.now() / (5 * 60 * 1000));
+    const timestampBytes = textEncoder.encode(String(timestampWindow));
+    return keccak_256(concatBytes(RECOVERY_DOMAIN_TAG, currentBytes, newBytes, timestampBytes));
+}
+/**
+ * Obtain a guardian proof for recovery.
+ * If a passkey was registered, signs a dynamic recovery challenge.
+ * Otherwise returns an empty proof (for testing or when guardian
+ * approval happens out-of-band).
+ */
+async function getGuardianProof(backends, passkeyCredentialId, currentSigner, newSigner) {
+    if (backends.passkey !== undefined && passkeyCredentialId !== undefined) {
+        const challenge = buildRecoveryChallenge(currentSigner, newSigner);
+        return backends.passkey.sign(passkeyCredentialId, challenge);
+    }
+    // No passkey — return empty proof (guardian approval via other mechanism)
+    return new Uint8Array(0);
+}
+/**
+ * Convert a WalletError to an exception for throwing at the boundary.
+ * RecoveryManager methods throw because the interface uses bare Promises,
+ * not Result types.
+ */
+function toWalletErrorException(error) {
+    const err = new Error(error.code);
+    err.walletError = error;
+    return err;
+}
+//# sourceMappingURL=recovery-manager.js.map

package/dist/internal/recovery-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"recovery-manager.js","sourceRoot":"","sources":["../../src/internal/recovery-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AASzC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;AACtC,MAAM,mBAAmB,GAAG,WAAW,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;AAEpE,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CACnC,uBAAgC,EAChC,0BAAkC,EAClC,QAA0B;IAE1B,IAAI,mBAAuC,CAAC;IAE5C,MAAM,OAAO,GAAoB;QAC/B,KAAK,CAAC,YAAY;YAChB,IAAI,QAAQ,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;gBACnC,MAAM,sBAAsB,CAC1B,YAAY,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAC3C,CAAC;YACJ,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAChE,mBAAmB,GAAG,UAAU,CAAC,EAAE,CAAC;YAEpC,IAAI,QAAQ,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC/B,gEAAgE;gBAChE,MAAM,sBAAsB,GAAG,wBAAwB,CACrD,UAAU,CAAC,SAAS,CACrB,CAAC;gBACF,MAAM,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;YACzD,CAAC;YAED,OAAO,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,IAAI,EAAE,SAAkB,EAAE,CAAC;QACzD,CAAC;QAED,KAAK,CAAC,iBAAiB,CACrB,gBAAyB,EACzB,mBAA2B;YAE3B,IAAI,QAAQ,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC;YACnD,CAAC;YACD,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;QAED,KAAK,CAAC,kBAAkB,CAAC,UAAmB;YAC1C,IAAI,QAAQ,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,sBAAsB,CAC1B,YAAY,CAAC,uBAAuB,CAClC,UAAU,EACV,qCAAqC,CACtC,CACF,CAAC;YACJ,CAAC;YACD,MAAM,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAC7C,CAAC;QAED,KAAK,CAAC,gBAAgB,CAAC,SAAsB;YAC3C,2EAA2E;YAC3E,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAC1C,QAAQ,EACR,mBAAmB,EACnB,uBAAuB,EACvB,SAAS,CAAC,UAAU,CACrB,CAAC;YAEF,yDAAyD;YACzD,uEAAuE;YACvE,sEAAsE;YACtE,MAAM,kBAAkB,GAAG,QAAQ,CAAC,GAAG,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC;YACvF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACtD,MAAM,sBAAsB,CAC1B,YAAY,CAAC,uBAAuB,CAClC,SAAS,CAAC,UAAoB,EAC9B,4IAA4I,CAC7I,CACF,CAAC;YACJ,CAAC;YAED,oBAAoB;YACpB,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC/B,OAAO,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,eAAe,CAC1C,uBAAuB,EACvB,SAAS,CAAC,UAAU,EACpB,aAAa,CACd,CAAC;YACJ,CAAC;YAED,uBAAuB;YACvB,IAAI,UAAU,GAAG,EAAE,CAAC;YACpB,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAClC,UAAU,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,YAAY,CAC7C,0BAA0B,EAC1B,SAAS,CAAC,aAAa,EACvB,aAAa,CACd,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,UAAU,EAAE,OAAO,IAAI,UAAU,IAAI,kBAAkB;gBACvD,MAAM,EAAE,SAAS;gBACjB,aAAa,EAAE,SAAS,CAAC,UAAU;gBACnC,gBAAgB,EAAE,SAAS,CAAC,aAAa;aAC1C,CAAC;QACJ,CAAC;KACF,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;;;;GAMG;AACH,SAAS,wBAAwB,CAAC,SAAqB;IACrD,MAAM,IAAI,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,KAAK,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAC9C,wFAAwF;IACxF,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,EAAE,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,MAAM,CAAC,KAAK,CAAC;AACtB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,sBAAsB,CACpC,aAAsB,EACtB,SAAkB;IAElB,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,CAAC,aAAuB,CAAC,CAAC;IACjE,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,SAAmB,CAAC,CAAC;IACzD,kEAAkE;IAClE,mDAAmD;IACnD,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IACjE,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC;IAEnE,OAAO,UAAU,CAAC,WAAW,CAAC,mBAAmB,EAAE,YAAY,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;AAC9F,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,gBAAgB,CAC7B,QAA0B,EAC1B,mBAAuC,EACvC,aAAsB,EACtB,SAAkB;IAElB,IAAI,QAAQ,CAAC,OAAO,KAAK,SAAS,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACxE,MAAM,SAAS,GAAG,sBAAsB,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QACnE,OAAO,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;IAC/D,CAAC;IACD,0EAA0E;IAC1E,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED;;;;GAIG;AACH,SAAS,sBAAsB,CAAC,KAAkB;IAChD,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACjC,GAA4C,CAAC,WAAW,GAAG,KAAK,CAAC;IAClE,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/result.d.ts

@@ -0,0 +1,132 @@
+/**
+ * Core Result type and branded primitives for `@prism-ing/wallet`.
+ *
+ * @remarks
+ * Every function that can fail returns `Result<T, E>` instead of throwing.
+ * Branded types enforce domain safety at compile time — construct once via
+ * `toAddress()` / `toHex()` etc., then trust downstream.
+ *
+ * @packageDocumentation
+ */
+/**
+ * Base error type for all Prism packages.
+ * Each package extends this with its own error codes.
+ */
+export type PrismError = {
+    readonly code: string;
+    readonly message?: string;
+    readonly cause?: unknown;
+};
+/**
+ * A discriminated union representing success or failure.
+ *
+ * @example
+ * ```ts
+ * const result = await createWallet(config, deps);
+ * if (!result.ok) {
+ *   console.error(result.error.code);
+ *   return;
+ * }
+ * // result.value is narrowed here
+ * ```
+ */
+export type Result<T, E = PrismError> = {
+    readonly ok: true;
+    readonly value: T;
+} | {
+    readonly ok: false;
+    readonly error: E;
+};
+/** Construct a successful Result. */
+export declare const Ok: <T>(value: T) => Result<T, never>;
+/** Construct a failed Result. */
+export declare const Err: <E>(error: E) => Result<never, E>;
+/**
+ * Map over a successful Result, leaving errors untouched.
+ *
+ * @example
+ * ```ts
+ * const doubled = mapResult(getAmount(), (n) => n * 2n);
+ * ```
+ */
+export declare const mapResult: <T, U, E>(result: Result<T, E>, fn: (value: T) => U) => Result<U, E>;
+/**
+ * Chain Results — flatMap for the Result type.
+ *
+ * @example
+ * ```ts
+ * const result = flatMapResult(
+ *   parseAddress(raw),
+ *   (addr) => getBalance(addr),
+ * );
+ * ```
+ */
+export declare const flatMapResult: <T, U, E>(result: Result<T, E>, fn: (value: T) => Result<U, E>) => Result<U, E>;
+/**
+ * Unwrap a Result or throw. Only use at the outermost boundary
+ * (CLI entry point, HTTP handler). Never in business logic.
+ */
+export declare const unwrapResult: <T>(result: Result<T>) => T;
+/**
+ * Wrap a Promise that might reject into a Result.
+ * Use at the boundary when calling third-party code that throws.
+ *
+ * @example
+ * ```ts
+ * const result = await fromPromise(
+ *   fetch(url),
+ *   (e) => ({ code: 'NETWORK_ERROR' as const, cause: String(e) }),
+ * );
+ * ```
+ */
+export declare const fromPromise: <T, E>(promise: Promise<T>, mapError: (error: unknown) => E) => Promise<Result<T, E>>;
+/** An EVM address (0x-prefixed, 42 chars). */
+export type Address = string & {
+    readonly __brand: 'Address';
+};
+/** A hex-encoded string (0x-prefixed). */
+export type Hex = string & {
+    readonly __brand: 'Hex';
+};
+/** A Solana public key (base58-encoded). */
+export type SolanaPublicKey = string & {
+    readonly __brand: 'SolanaPublicKey';
+};
+/** Basis points (0–10000). */
+export type Bps = number & {
+    readonly __brand: 'Bps';
+};
+/** Lamports (Solana's smallest unit). */
+export type Lamports = bigint & {
+    readonly __brand: 'Lamports';
+};
+/** Brand validation error. */
+export type BrandError = {
+    readonly code: 'INVALID_ADDRESS' | 'INVALID_HEX' | 'INVALID_SOLANA_PUBKEY' | 'INVALID_BPS' | 'INVALID_LAMPORTS';
+    readonly raw: string;
+};
+/** Parse a raw string into a branded {@link Address}. */
+export declare const toAddress: (raw: string) => Result<Address, BrandError>;
+/** Parse a raw string into a branded {@link Hex}. */
+export declare const toHex: (raw: string) => Result<Hex, BrandError>;
+/** Parse a raw string into a branded {@link SolanaPublicKey}. */
+export declare const toSolanaPublicKey: (raw: string) => Result<SolanaPublicKey, BrandError>;
+/** Parse a raw number into branded {@link Bps}. */
+export declare const toBps: (raw: number) => Result<Bps, BrandError>;
+/** Parse a raw bigint into branded {@link Lamports}. */
+export declare const toLamports: (raw: bigint) => Result<Lamports, BrandError>;
+/**
+ * Assert that a code path is unreachable.
+ * Use in the default branch of switch/if chains on discriminated unions.
+ *
+ * @example
+ * ```ts
+ * switch (action.type) {
+ *   case 'deposit': return handleDeposit(action);
+ *   case 'withdraw': return handleWithdraw(action);
+ *   default: return assertNever(action.type);
+ * }
+ * ```
+ */
+export declare const assertNever: (value: never) => never;
+//# sourceMappingURL=result.d.ts.map

package/dist/result.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"result.d.ts","sourceRoot":"","sources":["../src/result.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH;;;GAGG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,MAAM,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,IAChC;IAAE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;IAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAA;CAAE,GACxC;IAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAC;IAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAA;CAAE,CAAC;AAE9C,qCAAqC;AACrC,eAAO,MAAM,EAAE,GAAI,CAAC,EAAE,OAAO,CAAC,KAAG,MAAM,CAAC,CAAC,EAAE,KAAK,CAG9C,CAAC;AAEH,iCAAiC;AACjC,eAAO,MAAM,GAAG,GAAI,CAAC,EAAE,OAAO,CAAC,KAAG,MAAM,CAAC,KAAK,EAAE,CAAC,CAG/C,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,SAAS,GAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAC/B,QAAQ,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,EACpB,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,KAClB,MAAM,CAAC,CAAC,EAAE,CAAC,CAAgD,CAAC;AAE/D;;;;;;;;;;GAUG;AACH,eAAO,MAAM,aAAa,GAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EACnC,QAAQ,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,EACpB,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,KAC7B,MAAM,CAAC,CAAC,EAAE,CAAC,CAA4C,CAAC;AAE3D;;;GAGG;AACH,eAAO,MAAM,YAAY,GAAI,CAAC,EAAE,QAAQ,MAAM,CAAC,CAAC,CAAC,KAAG,CAKnD,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,WAAW,GAAU,CAAC,EAAE,CAAC,EACpC,SAAS,OAAO,CAAC,CAAC,CAAC,EACnB,UAAU,CAAC,KAAK,EAAE,OAAO,KAAK,CAAC,KAC9B,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAOtB,CAAC;AAMF,8CAA8C;AAC9C,MAAM,MAAM,OAAO,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAA;CAAE,CAAC;AAE/D,0CAA0C;AAC1C,MAAM,MAAM,GAAG,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAA;CAAE,CAAC;AAEvD,4CAA4C;AAC5C,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,iBAAiB,CAAA;CAAE,CAAC;AAE/E,8BAA8B;AAC9B,MAAM,MAAM,GAAG,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAA;CAAE,CAAC;AAEvD,yCAAyC;AACzC,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAA;CAAE,CAAC;AAMjE,8BAA8B;AAC9B,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,CAAC,IAAI,EACT,iBAAiB,GACjB,aAAa,GACb,uBAAuB,GACvB,aAAa,GACb,kBAAkB,CAAC;IACvB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB,CAAC;AAMF,yDAAyD;AACzD,eAAO,MAAM,SAAS,GAAI,KAAK,MAAM,KAAG,MAAM,CAAC,OAAO,EAAE,UAAU,CAGvB,CAAC;AAE5C,qDAAqD;AACrD,eAAO,MAAM,KAAK,GAAI,KAAK,MAAM,KAAG,MAAM,CAAC,GAAG,EAAE,UAAU,CAGnB,CAAC;AAExC,iEAAiE;AACjE,eAAO,MAAM,iBAAiB,GAC5B,KAAK,MAAM,KACV,MAAM,CAAC,eAAe,EAAE,UAAU,CAGY,CAAC;AAElD,mDAAmD;AACnD,eAAO,MAAM,KAAK,GAAI,KAAK,MAAM,KAAG,MAAM,CAAC,GAAG,EAAE,UAAU,CAGN,CAAC;AAErD,wDAAwD;AACxD,eAAO,MAAM,UAAU,GAAI,KAAK,MAAM,KAAG,MAAM,CAAC,QAAQ,EAAE,UAAU,CAGX,CAAC;AAM1D;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,WAAW,GAAI,OAAO,KAAK,KAAG,KAE1C,CAAC"}

package/dist/result.js

@@ -0,0 +1,114 @@
+/**
+ * Core Result type and branded primitives for `@prism-ing/wallet`.
+ *
+ * @remarks
+ * Every function that can fail returns `Result<T, E>` instead of throwing.
+ * Branded types enforce domain safety at compile time — construct once via
+ * `toAddress()` / `toHex()` etc., then trust downstream.
+ *
+ * @packageDocumentation
+ */
+/** Construct a successful Result. */
+export const Ok = (value) => ({
+    ok: true,
+    value,
+});
+/** Construct a failed Result. */
+export const Err = (error) => ({
+    ok: false,
+    error,
+});
+/**
+ * Map over a successful Result, leaving errors untouched.
+ *
+ * @example
+ * ```ts
+ * const doubled = mapResult(getAmount(), (n) => n * 2n);
+ * ```
+ */
+export const mapResult = (result, fn) => (result.ok ? Ok(fn(result.value)) : result);
+/**
+ * Chain Results — flatMap for the Result type.
+ *
+ * @example
+ * ```ts
+ * const result = flatMapResult(
+ *   parseAddress(raw),
+ *   (addr) => getBalance(addr),
+ * );
+ * ```
+ */
+export const flatMapResult = (result, fn) => (result.ok ? fn(result.value) : result);
+/**
+ * Unwrap a Result or throw. Only use at the outermost boundary
+ * (CLI entry point, HTTP handler). Never in business logic.
+ */
+export const unwrapResult = (result) => {
+    if (result.ok)
+        return result.value;
+    throw new Error(`Unwrap called on Err: ${JSON.stringify(result.error)}`);
+};
+/**
+ * Wrap a Promise that might reject into a Result.
+ * Use at the boundary when calling third-party code that throws.
+ *
+ * @example
+ * ```ts
+ * const result = await fromPromise(
+ *   fetch(url),
+ *   (e) => ({ code: 'NETWORK_ERROR' as const, cause: String(e) }),
+ * );
+ * ```
+ */
+export const fromPromise = async (promise, mapError) => {
+    try {
+        const value = await promise;
+        return Ok(value);
+    }
+    catch (error) {
+        return Err(mapError(error));
+    }
+};
+const EVM_ADDRESS_RE = /^0x[a-fA-F0-9]{40}$/;
+const HEX_RE = /^0x[a-fA-F0-9]*$/;
+const BASE58_RE = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+/** Parse a raw string into a branded {@link Address}. */
+export const toAddress = (raw) => EVM_ADDRESS_RE.test(raw)
+    ? Ok(raw)
+    : Err({ code: 'INVALID_ADDRESS', raw });
+/** Parse a raw string into a branded {@link Hex}. */
+export const toHex = (raw) => HEX_RE.test(raw)
+    ? Ok(raw)
+    : Err({ code: 'INVALID_HEX', raw });
+/** Parse a raw string into a branded {@link SolanaPublicKey}. */
+export const toSolanaPublicKey = (raw) => BASE58_RE.test(raw)
+    ? Ok(raw)
+    : Err({ code: 'INVALID_SOLANA_PUBKEY', raw });
+/** Parse a raw number into branded {@link Bps}. */
+export const toBps = (raw) => Number.isInteger(raw) && raw >= 0 && raw <= 10_000
+    ? Ok(raw)
+    : Err({ code: 'INVALID_BPS', raw: String(raw) });
+/** Parse a raw bigint into branded {@link Lamports}. */
+export const toLamports = (raw) => raw >= 0n
+    ? Ok(raw)
+    : Err({ code: 'INVALID_LAMPORTS', raw: String(raw) });
+// ---------------------------------------------------------------------------
+// Exhaustiveness
+// ---------------------------------------------------------------------------
+/**
+ * Assert that a code path is unreachable.
+ * Use in the default branch of switch/if chains on discriminated unions.
+ *
+ * @example
+ * ```ts
+ * switch (action.type) {
+ *   case 'deposit': return handleDeposit(action);
+ *   case 'withdraw': return handleWithdraw(action);
+ *   default: return assertNever(action.type);
+ * }
+ * ```
+ */
+export const assertNever = (value) => {
+    throw new Error(`Unexpected value: ${JSON.stringify(value)}`);
+};
+//# sourceMappingURL=result.js.map

package/dist/result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"result.js","sourceRoot":"","sources":["../src/result.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAiCH,qCAAqC;AACrC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAI,KAAQ,EAAoB,EAAE,CAAC,CAAC;IACpD,EAAE,EAAE,IAAI;IACR,KAAK;CACN,CAAC,CAAC;AAEH,iCAAiC;AACjC,MAAM,CAAC,MAAM,GAAG,GAAG,CAAI,KAAQ,EAAoB,EAAE,CAAC,CAAC;IACrD,EAAE,EAAE,KAAK;IACT,KAAK;CACN,CAAC,CAAC;AAEH;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,CACvB,MAAoB,EACpB,EAAmB,EACL,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AAE/D;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,MAAoB,EACpB,EAA8B,EAChB,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AAE3D;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAI,MAAiB,EAAK,EAAE;IACtD,IAAI,MAAM,CAAC,EAAE;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC;IACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACxD,CAAC;AACJ,CAAC,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAC9B,OAAmB,EACnB,QAA+B,EACR,EAAE;IACzB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC;QAC5B,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,OAAO,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC,CAAC;AAoCF,MAAM,cAAc,GAAG,qBAAqB,CAAC;AAC7C,MAAM,MAAM,GAAG,kBAAkB,CAAC;AAClC,MAAM,SAAS,GAAG,+BAA+B,CAAC;AAElD,yDAAyD;AACzD,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,GAAW,EAA+B,EAAE,CACpE,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC;IACtB,CAAC,CAAC,EAAE,CAAC,GAAc,CAAC;IACpB,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,GAAG,EAAE,CAAC,CAAC;AAE5C,qDAAqD;AACrD,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,GAAW,EAA2B,EAAE,CAC5D,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;IACd,CAAC,CAAC,EAAE,CAAC,GAAU,CAAC;IAChB,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC,CAAC;AAExC,iEAAiE;AACjE,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,GAAW,EAC0B,EAAE,CACvC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC;IACjB,CAAC,CAAC,EAAE,CAAC,GAAsB,CAAC;IAC5B,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,GAAG,EAAE,CAAC,CAAC;AAElD,mDAAmD;AACnD,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,GAAW,EAA2B,EAAE,CAC5D,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,MAAM;IAChD,CAAC,CAAC,EAAE,CAAC,GAAU,CAAC;IAChB,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAErD,wDAAwD;AACxD,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,GAAW,EAAgC,EAAE,CACtE,GAAG,IAAI,EAAE;IACP,CAAC,CAAC,EAAE,CAAC,GAAe,CAAC;IACrB,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAE1D,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,KAAY,EAAS,EAAE;IACjD,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;AAChE,CAAC,CAAC"}

package/dist/schemas.d.ts

@@ -0,0 +1,184 @@
+/**
+ * Zod schemas for @prism-ing/wallet input validation.
+ *
+ * @remarks
+ * External data enters the system exactly once, through these schemas.
+ * After parsing, the inferred types are trusted everywhere downstream.
+ *
+ * @packageDocumentation
+ */
+import { z } from 'zod';
+import type { Address } from './result.js';
+/** Schema for an EVM address (0x-prefixed, 40 hex chars). */
+export declare const AddressSchema: z.ZodType<Address>;
+/** Schema for a Solana public key (base58, 32-44 chars). */
+export declare const SolanaPublicKeySchema: z.ZodString;
+/** Schema for a positive bigint amount. */
+export declare const PositiveBigIntSchema: z.ZodEffects<z.ZodBigInt, bigint, bigint>;
+/** Schema for basis points (0-10000). */
+export declare const BpsSchema: z.ZodNumber;
+export declare const SignerConfigSchema: z.ZodObject<{
+    walletName: z.ZodString;
+    passphrase: z.ZodOptional<z.ZodString>;
+    apiKey: z.ZodOptional<z.ZodString>;
+    vaultPath: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    walletName: string;
+    passphrase?: string | undefined;
+    apiKey?: string | undefined;
+    vaultPath?: string | undefined;
+}, {
+    walletName: string;
+    passphrase?: string | undefined;
+    apiKey?: string | undefined;
+    vaultPath?: string | undefined;
+}>;
+export declare const RecoveryConfigSchema: z.ZodObject<{
+    evm: z.ZodOptional<z.ZodObject<{
+        guardians: z.ZodArray<z.ZodType<Address, z.ZodTypeDef, Address>, "many">;
+        threshold: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+        guardians: Address[];
+        threshold: number;
+    }, {
+        guardians: Address[];
+        threshold: number;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    evm?: {
+        guardians: Address[];
+        threshold: number;
+    } | undefined;
+}, {
+    evm?: {
+        guardians: Address[];
+        threshold: number;
+    } | undefined;
+}>;
+export declare const AccountTypeSchema: z.ZodLiteral<"kernel-v3.1-ecdsa">;
+export declare const WalletConfigSchema: z.ZodObject<{
+    signer: z.ZodObject<{
+        walletName: z.ZodString;
+        passphrase: z.ZodOptional<z.ZodString>;
+        apiKey: z.ZodOptional<z.ZodString>;
+        vaultPath: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        walletName: string;
+        passphrase?: string | undefined;
+        apiKey?: string | undefined;
+        vaultPath?: string | undefined;
+    }, {
+        walletName: string;
+        passphrase?: string | undefined;
+        apiKey?: string | undefined;
+        vaultPath?: string | undefined;
+    }>;
+    oneBalanceApiKey: z.ZodString;
+    accountType: z.ZodDefault<z.ZodOptional<z.ZodLiteral<"kernel-v3.1-ecdsa">>>;
+    chains: z.ZodOptional<z.ZodArray<z.ZodNumber, "many">>;
+    recovery: z.ZodOptional<z.ZodObject<{
+        evm: z.ZodOptional<z.ZodObject<{
+            guardians: z.ZodArray<z.ZodType<Address, z.ZodTypeDef, Address>, "many">;
+            threshold: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            guardians: Address[];
+            threshold: number;
+        }, {
+            guardians: Address[];
+            threshold: number;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        evm?: {
+            guardians: Address[];
+            threshold: number;
+        } | undefined;
+    }, {
+        evm?: {
+            guardians: Address[];
+            threshold: number;
+        } | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    signer: {
+        walletName: string;
+        passphrase?: string | undefined;
+        apiKey?: string | undefined;
+        vaultPath?: string | undefined;
+    };
+    oneBalanceApiKey: string;
+    accountType: "kernel-v3.1-ecdsa";
+    chains?: number[] | undefined;
+    recovery?: {
+        evm?: {
+            guardians: Address[];
+            threshold: number;
+        } | undefined;
+    } | undefined;
+}, {
+    signer: {
+        walletName: string;
+        passphrase?: string | undefined;
+        apiKey?: string | undefined;
+        vaultPath?: string | undefined;
+    };
+    oneBalanceApiKey: string;
+    accountType?: "kernel-v3.1-ecdsa" | undefined;
+    chains?: number[] | undefined;
+    recovery?: {
+        evm?: {
+            guardians: Address[];
+            threshold: number;
+        } | undefined;
+    } | undefined;
+}>;
+export declare const DepositParamsSchema: z.ZodObject<{
+    token: z.ZodType<Address, z.ZodTypeDef, Address>;
+    amount: z.ZodEffects<z.ZodBigInt, bigint, bigint>;
+    chainId: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    chainId: number;
+    token: string & {
+        readonly __brand: "Address";
+    };
+    amount: bigint;
+}, {
+    chainId: number;
+    token: string & {
+        readonly __brand: "Address";
+    };
+    amount: bigint;
+}>;
+export declare const CrossChainSwapParamsSchema: z.ZodObject<{
+    tokenIn: z.ZodType<Address, z.ZodTypeDef, Address>;
+    chainIn: z.ZodNumber;
+    tokenOut: z.ZodType<Address, z.ZodTypeDef, Address>;
+    chainOut: z.ZodNumber;
+    amount: z.ZodEffects<z.ZodBigInt, bigint, bigint>;
+    slippageBps: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+}, "strip", z.ZodTypeAny, {
+    amount: bigint;
+    tokenIn: string & {
+        readonly __brand: "Address";
+    };
+    chainIn: number;
+    tokenOut: string & {
+        readonly __brand: "Address";
+    };
+    chainOut: number;
+    slippageBps: number;
+}, {
+    amount: bigint;
+    tokenIn: string & {
+        readonly __brand: "Address";
+    };
+    chainIn: number;
+    tokenOut: string & {
+        readonly __brand: "Address";
+    };
+    chainOut: number;
+    slippageBps?: number | undefined;
+}>;
+export type ParsedWalletConfig = z.infer<typeof WalletConfigSchema>;
+export type ParsedDepositParams = z.infer<typeof DepositParamsSchema>;
+export type ParsedCrossChainSwapParams = z.infer<typeof CrossChainSwapParamsSchema>;
+//# sourceMappingURL=schemas.d.ts.map

package/dist/schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../src/schemas.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAM3C,6DAA6D;AAC7D,eAAO,MAAM,aAAa,EAKR,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AAErC,4DAA4D;AAC5D,eAAO,MAAM,qBAAqB,aAEoC,CAAC;AAEvE,2CAA2C;AAC3C,eAAO,MAAM,oBAAoB,2CAEkB,CAAC;AAEpD,yCAAyC;AACzC,eAAO,MAAM,SAAS,aAIR,CAAC;AAMf,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;EAK7B,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;EAO/B,CAAC;AAEH,eAAO,MAAM,iBAAiB,mCAAiC,CAAC;AAEhE,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM7B,CAAC;AAMH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;EAI9B,CAAC;AAMH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAOrC,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACpE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AACtE,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC"}