@silencelaboratories/walletprovider-sdk 1.7.0 → 4.0.1-hackathon

package/dist/client/networkResponse.d.ts

@@ -45,30 +45,27 @@ export interface SignResponse {
      */
     recid: number;
 }
+interface SimpleResponse {
+    /**
+     * Status of the request.
+     */
+    status: string;
+}
 /**
  * Response from the SDK for adding ephemeral key request. Receive plaintext response from network.
  * @public
  */
-export interface AddEphKeyResponse {
+export interface AddEphKeyResponse extends SimpleResponse {
     /**
      * Unique ID of produced key used in subsequent API calls.
      */
     keyId: string;
-    /**
-     * Status of the request.
-     */
-    status: string;
 }
 /**
  * Response from the network for revoking ephemeral key request.
  * @public
  */
-export interface RevokeEphKeyResponse {
-    /**
-     * Status of the request.
-     */
-    status: string;
-}
+export type RevokeEphKeyResponse = SimpleResponse;
 /**
  * Response from the network for registering passkey request.
  * @public
@@ -80,3 +77,14 @@ export interface RegisterPasskeyResponse {
      */
     passkeyCredentialId: string;
 }
+/**
+ * Response from the network for updating passkey policy request.
+ * @public
+ */
+export type UpdatePolicyResponse = SimpleResponse;
+/**
+ * Response from the network for deleting passkey policy request.
+ * @public
+ */
+export type DeletePolicyResponse = SimpleResponse;
+export {};

package/dist/client/networkSigner.d.ts

@@ -1,7 +1,8 @@
 import { AuthModule } from '../auth/authentication';
 import { INoAuthWpServiceClient, type IWalletProviderServiceClient } from './walletProviderServiceClientInterface';
-import { KeygenResponse, AddEphKeyResponse, RegisterPasskeyResponse, SignResponse, RevokeEphKeyResponse, KeyRefreshResponse } from './networkResponse';
+import { KeygenResponse, AddEphKeyResponse, RegisterPasskeyResponse, SignResponse, RevokeEphKeyResponse, KeyRefreshResponse, UpdatePolicyResponse, DeletePolicyResponse } from './networkResponse';
 import { EphKeyClaim } from '../auth/ephemeralAuthentication';
+import { Policy } from '../policy';
 /**
  * Supported signature algorithms for MPC signing.
  * @public
@@ -32,12 +33,12 @@ export declare class NetworkSigner {
      * @param totalNodes - Number of nodes that participate in keygen operation. Also known as `n`.
      * @param signAlgs - signature algorithms for which MPC keys will be generated.
      * @param eph_claim - optional eph key added to the generated key
-     * @param permissions - optional permissions that will be stored in the key metadata.
-     * The permissions are validated during sign requests.
+     * @param policy - optional policy that will be stored in the key metadata.
+     * The policy are validated during sign requests.
      * @returns {@link KeygenResponse} containing `keyId` and the `pubKey` public part of the key
      * @public
      */
-    generateKey(threshold: number, totalNodes: number, signAlgs: string[], ephClaim?: EphKeyClaim, permissions?: string): Promise<KeygenResponse[]>;
+    generateKey(threshold: number, totalNodes: number, signAlgs: string[], ephClaim?: EphKeyClaim, policy?: Policy): Promise<KeygenResponse[]>;
     /** Generate a signature by the distributed key of Silent Network.
      * Uses `authModule` to authenticate the sign request by the User.
      * The network chooses `t` nodes to execute the protocol.
@@ -81,4 +82,19 @@ export declare class NetworkSigner {
      * @public
      */
     registerPasskey(options?: string): Promise<RegisterPasskeyResponse>;
+    /** Update user's key policy on the network. This will try to update to all the available nodes on the network.
+     * Uses `authModule` to authenticate the request by the User.
+     * @param keyId - the key id returned from `keygen`
+     * @param policy - the key policy to be updated
+     * @returns {@link UpdatePolicyResponse}
+     * @public
+     */
+    updatePolicy(keyId: string, policy: Policy): Promise<UpdatePolicyResponse>;
+    /** Delete user's key policy on the network. This will try to delete to all the available nodes on the network.
+     * Uses `authModule` to authenticate the request by the User.
+     * @param keyId - the key id returned from `keygen`
+     * @returns {@link DeletePolicyResponse}
+     * @public
+     */
+    deletePolicy(keyId: string): Promise<DeletePolicyResponse>;
 }

package/dist/client/types.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Response from the network for keygen requests
+ * @alpha
+ */
+export interface KeygenResponse {
+    /**
+     * Unique ID of produced key used in subsequent API calls.
+     */
+    keyId: string;
+    /**
+     * Public key encoded with SEC1 format.
+     *
+     * If point is uncompressed it's in a form of 0x04 || X || Y
+     *
+     * If point is compressed it's in a form Y || X,
+     *
+     * where Y is set to 0x02 if Y-coord is even, or 0x03 if Y-coord is odd
+     */
+    publicKey: string;
+    /**
+     * Signature algorithm that uses this key for signing
+     */
+    signAlg: string;
+}
+/**
+ * Response from the network for sign request
+ * @alpha
+ */
+export interface SignResponse {
+    transactionId: string;
+    /**
+     * Hexstring of length 128 bytes, in a form: r || s
+     */
+    sign: string;
+    /**
+     * Recovery id, either 0, or 1
+     */
+    recid: number;
+}
+/**
+ * Response from the network for adding ephemeral key request
+ * @alpha
+ */
+export interface OperationStatusResponse {
+    /**
+     * Status of the request.
+     */
+    status: string;
+}
+/**
+ * Response from the network for registering passkey request
+ * @alpha
+ */
+export interface RegisterPasskeyResponse {
+    /**
+     * The registered passkey credential id. This helps both the user and the network to identify the passkey.
+     * @alpha
+     */
+    passkeyCredentialId: string;
+}

package/dist/client/walletProviderServiceClient.d.ts

@@ -1,8 +1,8 @@
 import { AuthModule } from '../auth/authentication';
-import { type KeygenResponse, type SignResponse, type AddEphKeyResponse, type RegisterPasskeyResponse, RevokeEphKeyResponse, KeyRefreshResponse } from './networkResponse';
+import { type KeygenResponse, type SignResponse, type AddEphKeyResponse, type RegisterPasskeyResponse, RevokeEphKeyResponse, KeyRefreshResponse, UpdatePolicyResponse, DeletePolicyResponse } from './networkResponse';
 import { KeygenSetupOpts, SignSetupOpts } from '../setupMessage';
 import { ApiVersion, type ClientConfig, IWalletProviderServiceClient, Slug, RequestPayloadV1, RequestPayloadV2, INoAuthWpServiceClient, NoAuthSlug, NoAuthRequestPayload } from './walletProviderServiceClientInterface';
-import { AddEphKeyRequest, KeyRefreshRequest, RegisterPasskeyRequest, RevokeEphKeyRequest } from './networkRequest';
+import { AddEphKeyRequest, DeletePolicyRequest, KeyRefreshRequest, RegisterPasskeyRequest, RevokeEphKeyRequest, UpdatePolicyRequest } from './networkRequest';
 declare enum ProtocolState {
     initiated = 0,
     waitingForSign = 1,
@@ -47,6 +47,14 @@ export declare class WalletProviderServiceClient implements IWalletProviderServi
         payload: RegisterPasskeyRequest;
         authModule: AuthModule;
     }): Promise<RegisterPasskeyResponse>;
+    updatePolicy({ payload, authModule, }: {
+        payload: UpdatePolicyRequest;
+        authModule: AuthModule;
+    }): Promise<UpdatePolicyResponse>;
+    deletePolicy({ payload, authModule, }: {
+        payload: DeletePolicyRequest;
+        authModule: AuthModule;
+    }): Promise<DeletePolicyResponse>;
     connect(slug: Slug, payload: RequestPayloadV1, authModule: AuthModule): Promise<string>;
     connectV2(slug: Slug, payload: RequestPayloadV2, authModule: AuthModule): Promise<string>;
     /**
@@ -85,6 +93,12 @@ export declare class NoAuthWalletProviderServiceClient implements INoAuthWpServi
     startKeyRefresh({ payload }: {
         payload: KeyRefreshRequest;
     }): Promise<KeyRefreshResponse>;
+    updatePolicy({ payload }: {
+        payload: UpdatePolicyRequest;
+    }): Promise<UpdatePolicyResponse>;
+    deletePolicy({ payload }: {
+        payload: DeletePolicyRequest;
+    }): Promise<DeletePolicyResponse>;
     connect(slug: NoAuthSlug, payload: NoAuthRequestPayload): Promise<string>;
 }
 export {};

package/dist/client/walletProviderServiceClientInterface.d.ts

@@ -1,7 +1,7 @@
 import { AuthModule, UserAuthentication } from '../auth/authentication';
-import { KeygenResponse, SignResponse, AddEphKeyResponse, RegisterPasskeyResponse, RevokeEphKeyResponse, KeyRefreshResponse } from './networkResponse';
+import { KeygenResponse, SignResponse, AddEphKeyResponse, RegisterPasskeyResponse, RevokeEphKeyResponse, KeyRefreshResponse, UpdatePolicyResponse, DeletePolicyResponse } from './networkResponse';
 import { KeygenSetupOpts, SignSetupOpts, InitPresignOpts, FinishPresignOpts } from '../setupMessage';
-import { AddEphKeyRequest, KeyRefreshRequest, RegisterPasskeyRequest, RevokeEphKeyRequest } from './networkRequest';
+import { AddEphKeyRequest, DeletePolicyRequest, KeyRefreshRequest, RegisterPasskeyRequest, RevokeEphKeyRequest, UpdatePolicyRequest } from './networkRequest';
 /**
  * The config used to create Wallet Provider Service backend client.
  * Please refer to {@link https://shipyard.rs/silencelaboratories/crates/wallet-provider-service | example backend service}
@@ -54,10 +54,18 @@ export interface IWalletProviderServiceClient {
         payload: RegisterPasskeyRequest;
         authModule: AuthModule;
     }): Promise<RegisterPasskeyResponse>;
+    updatePolicy({ payload, authModule, }: {
+        payload: UpdatePolicyRequest;
+        authModule: AuthModule;
+    }): Promise<UpdatePolicyResponse>;
+    deletePolicy({ payload, authModule, }: {
+        payload: DeletePolicyRequest;
+        authModule: AuthModule;
+    }): Promise<DeletePolicyResponse>;
 }
-export type Slug = 'signgen' | 'keygen' | 'keyRefresh' | 'quorumChange' | 'addEphemeralKey' | 'revokeEphemeralKey' | 'registerPasskey' | 'initPresign' | 'finishPresign';
-export type RequestPayloadV1 = KeygenSetupOpts[] | KeyRefreshRequest | SignSetupOpts | AddEphKeyRequest | RevokeEphKeyRequest | RegisterPasskeyRequest | FinishPresignOpts;
-export type RequestPayloadV2 = KeygenSetupOpts[] | SignSetupOpts | AddEphKeyRequest | RevokeEphKeyRequest | InitPresignOpts | FinishPresignOpts;
+export type Slug = 'signgen' | 'keygen' | 'keyRefresh' | 'quorumChange' | 'addEphemeralKey' | 'revokeEphemeralKey' | 'registerPasskey' | 'initPresign' | 'finishPresign' | 'updatePolicy' | 'deletePolicy';
+export type RequestPayloadV1 = KeygenSetupOpts[] | KeyRefreshRequest | SignSetupOpts | AddEphKeyRequest | RevokeEphKeyRequest | RegisterPasskeyRequest | UpdatePolicyRequest | DeletePolicyRequest | FinishPresignOpts;
+export type RequestPayloadV2 = KeygenSetupOpts[] | SignSetupOpts | AddEphKeyRequest | RevokeEphKeyRequest | InitPresignOpts | FinishPresignOpts | UpdatePolicyRequest | DeletePolicyRequest;
 export interface WpRequest {
     payload: RequestPayloadV1 | RequestPayloadV2;
     userSigs: Record<string, UserAuthentication> | undefined;
@@ -76,6 +84,12 @@ export interface INoAuthWpServiceClient {
     startKeyRefresh({ payload }: {
         payload: KeyRefreshRequest;
     }): Promise<KeyRefreshResponse>;
+    updatePolicy({ payload }: {
+        payload: UpdatePolicyRequest;
+    }): Promise<UpdatePolicyResponse>;
+    deletePolicy({ payload }: {
+        payload: DeletePolicyRequest;
+    }): Promise<DeletePolicyResponse>;
 }
-export type NoAuthSlug = 'signgen' | 'keygen' | 'keyRefresh';
-export type NoAuthRequestPayload = KeygenSetupOpts[] | SignSetupOpts | InitPresignOpts | FinishPresignOpts | KeyRefreshRequest;
+export type NoAuthSlug = 'signgen' | 'keygen' | 'keyRefresh' | 'updatePolicy' | 'deletePolicy';
+export type NoAuthRequestPayload = KeygenSetupOpts[] | SignSetupOpts | InitPresignOpts | FinishPresignOpts | KeyRefreshRequest | UpdatePolicyRequest | DeletePolicyRequest;

package/dist/encoding.d.ts

@@ -0,0 +1,4 @@
+export declare const decodeBase64: (b64: string) => Uint8Array;
+export declare const encodeBase64: (b: Uint8Array) => string;
+export declare const arrayBufferToBase64Url: (a: ArrayBuffer) => string;
+export declare const calculateFinalChallenge: (setupOpts: string) => string;

package/dist/ephemeralAuthentication.d.ts

@@ -0,0 +1,44 @@
+import { UserAuthentication } from './authentication';
+import { SignSetupOpts } from './setupMessage';
+/**
+ * Supported signature algorithms for ephemeral key
+ * @alpha
+ */
+export type SignAlgorithm = 'ed25519' | 'secp256k1';
+/** The `EphKeyClaim` object represents the public claim of the ephemeral key.
+ * @alpha
+ */
+export declare class EphKeyClaim {
+    ephId: string;
+    ephPK: string;
+    signAlg: SignAlgorithm;
+    expiry: number;
+    /**
+     *
+     * @param ephId - Ephemeral key ID
+     * @param ephPK - Ephemeral public key
+     * @param signAlg - Signature algorithm.
+     * @param lifetime - Lifetime of the ephemeral key. Default is 1 hour
+     */
+    constructor(ephId: string, ephPK: Uint8Array, signAlg: SignAlgorithm, lifetime?: number);
+    private validateInputs;
+    toJSON(): string;
+}
+/** Locally sign the signature requests to network without asking the user, the ephSK is registered during keygen.
+ * The signature is the authorization for signgen operation
+ */
+export declare function authenticateUsingEphKey({ setup, challenge, ephSK, ephClaim, }: {
+    setup: SignSetupOpts;
+    challenge: string;
+    ephSK: Uint8Array;
+    ephClaim: EphKeyClaim;
+}): Promise<UserAuthentication>;
+export declare function genHexSignature(msg: Uint8Array, ephSK: Uint8Array, signAlg: SignAlgorithm): Promise<string>;
+/** Generate Ephemeral `privateKey`
+ * @public
+ */
+export declare function generateEphPrivateKey(algSign: SignAlgorithm): Uint8Array;
+/** Derive Ephemeral `publicKey` from `privateKey` returned from `generateEphPrivateKey`
+ * @public
+ */
+export declare function getEphPublicKey(ephSK: Uint8Array, algSign: SignAlgorithm): Uint8Array;

package/dist/index.cjs.js

@@ -1,4 +1,4 @@
-"use strict";var G=Object.defineProperty;var Oe=Object.getOwnPropertyDescriptor;var Te=Object.getOwnPropertyNames;var Me=Object.prototype.hasOwnProperty;var $e=(n,e,t)=>e in n?G(n,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):n[e]=t;var Ne=(n,e)=>{for(var t in e)G(n,t,{get:e[t],enumerable:!0})},Ve=(n,e,t,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of Te(e))!Me.call(n,s)&&s!==t&&G(n,s,{get:()=>e[s],enumerable:!(r=Oe(e,s))||r.enumerable});return n};var We=n=>Ve(G({},"__esModule",{value:!0}),n);var c=(n,e,t)=>$e(n,typeof e!="symbol"?e+"":e,t);var Ye={};Ne(Ye,{EOAAuth:()=>T,EphAuth:()=>M,EphKeyClaim:()=>E,FinishPresignOpts:()=>w,HttpClient:()=>W,InitPresignOpts:()=>O,KeygenSetupOpts:()=>m,NetworkSigner:()=>V,NoAuthWalletProviderServiceClient:()=>A,PasskeyAuth:()=>v,PasskeyRegister:()=>$,SignRequestBuilder:()=>k,SignSetupOpts:()=>y,UserSignatures:()=>P,WalletProviderServiceClient:()=>N,computeAddress:()=>te,default:()=>Xe,flattenSignature:()=>Y,generateEphPrivateKey:()=>H,getEphPublicKey:()=>I});module.exports=We(Ye);var Se=require("json-canonicalize");var d=(n,e)=>{g(typeof e!="string",`${n} must be string`),g((e==null?void 0:e.trim().length)===0,`${n} cannot be empty`)},fe=(n,e)=>{if(g(!(n instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")g(n.length!==65,"secp256k1: key length must be 65 bytes, got "+n.length);else if(e==="ed25519")g(n.length!==32,"ed25519: key length must be 32 bytes, got "+n.length);else throw new Error("Invalid signature algorithm")},me=(n,e)=>{if(g(!(n instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")g(n.length!==32,"secp256k1: key length must be 32 bytes, got "+n.length);else if(e==="ed25519")g(n.length!==32,"ed25519: key length must be 32 bytes, got "+n.length);else throw new Error("Invalid signature algorithm")},we=n=>{g(n!=="ed25519"&&n!=="secp256k1",'signAlg must be either "ed25519" or "secp256k"')},g=(n,e)=>{if(n)throw new Error(e)},De=(n,e)=>`Invalid payload ${JSON.stringify(n)}, cannot be authenticated by ${e.toLocaleUpperCase()} method.`,F=(n,e,t)=>{g(!e.some(r=>n instanceof r),De(n,t))};var k=class{constructor(){c(this,"signRequest",new Map)}setRequest(e,t,r){if(d("transactionId",e),d("message",t),d("requestType",r),this.signRequest.has(e))throw new Error(`Transaction ID ${e} is already set.`);return this.signRequest.set(e,{signingMessage:t,requestType:r}),this}build(){let e={};if(this.signRequest.forEach((t,r)=>{e[r]=t}),Object.keys(e).length===0)throw new Error("No sign request is set.");return(0,Se.canonicalize)(e)}};var ue=require("json-canonicalize");var xe=require("js-base64");function Be(n){return n instanceof Uint8Array||ArrayBuffer.isView(n)&&n.constructor.name==="Uint8Array"}function ne(n,...e){if(!Be(n))throw new Error("Uint8Array expected");if(e.length>0&&!e.includes(n.length))throw new Error("Uint8Array expected of length "+e+", got length="+n.length)}function se(n,e=!0){if(n.destroyed)throw new Error("Hash instance has been destroyed");if(e&&n.finished)throw new Error("Hash#digest() has already been called")}function Pe(n,e){ne(n);let t=e.outputLen;if(n.length<t)throw new Error("digestInto() expects output buffer of length at least "+t)}var j=n=>new DataView(n.buffer,n.byteOffset,n.byteLength),f=(n,e)=>n<<32-e|n>>>e;function Fe(n){if(typeof n!="string")throw new Error("utf8ToBytes expected string, got "+typeof n);return new Uint8Array(new TextEncoder().encode(n))}function ie(n){return typeof n=="string"&&(n=Fe(n)),ne(n),n}var z=class{clone(){return this._cloneInto()}};function Ae(n){let e=r=>n().update(ie(r)).digest(),t=n();return e.outputLen=t.outputLen,e.blockLen=t.blockLen,e.create=()=>n(),e}function Le(n,e,t,r){if(typeof n.setBigUint64=="function")return n.setBigUint64(e,t,r);let s=BigInt(32),o=BigInt(4294967295),i=Number(t>>s&o),a=Number(t&o),u=r?4:0,p=r?0:4;n.setUint32(e+u,i,r),n.setUint32(e+p,a,r)}var be=(n,e,t)=>n&e^~n&t,Re=(n,e,t)=>n&e^n&t^e&t,Q=class extends z{constructor(e,t,r,s){super(),this.blockLen=e,this.outputLen=t,this.padOffset=r,this.isLE=s,this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.buffer=new Uint8Array(e),this.view=j(this.buffer)}update(e){se(this);let{view:t,buffer:r,blockLen:s}=this;e=ie(e);let o=e.length;for(let i=0;i<o;){let a=Math.min(s-this.pos,o-i);if(a===s){let u=j(e);for(;s<=o-i;i+=s)this.process(u,i);continue}r.set(e.subarray(i,i+a),this.pos),this.pos+=a,i+=a,this.pos===s&&(this.process(t,0),this.pos=0)}return this.length+=e.length,this.roundClean(),this}digestInto(e){se(this),Pe(e,this),this.finished=!0;let{buffer:t,view:r,blockLen:s,isLE:o}=this,{pos:i}=this;t[i++]=128,this.buffer.subarray(i).fill(0),this.padOffset>s-i&&(this.process(r,0),i=0);for(let h=i;h<s;h++)t[h]=0;Le(r,s-8,BigInt(this.length*8),o),this.process(r,0);let a=j(e),u=this.outputLen;if(u%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let p=u/4,l=this.get();if(p>l.length)throw new Error("_sha2: outputLen bigger than state");for(let h=0;h<p;h++)a.setUint32(4*h,l[h],o)}digest(){let{buffer:e,outputLen:t}=this;this.digestInto(e);let r=e.slice(0,t);return this.destroy(),r}_cloneInto(e){e||(e=new this.constructor),e.set(...this.get());let{blockLen:t,buffer:r,length:s,finished:o,destroyed:i,pos:a}=this;return e.length=s,e.pos=a,e.finished=o,e.destroyed=i,s%t&&e.buffer.set(r),e}};var _e=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),b=new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),R=new Uint32Array(64),oe=class extends Q{constructor(){super(64,32,8,!1),this.A=b[0]|0,this.B=b[1]|0,this.C=b[2]|0,this.D=b[3]|0,this.E=b[4]|0,this.F=b[5]|0,this.G=b[6]|0,this.H=b[7]|0}get(){let{A:e,B:t,C:r,D:s,E:o,F:i,G:a,H:u}=this;return[e,t,r,s,o,i,a,u]}set(e,t,r,s,o,i,a,u){this.A=e|0,this.B=t|0,this.C=r|0,this.D=s|0,this.E=o|0,this.F=i|0,this.G=a|0,this.H=u|0}process(e,t){for(let h=0;h<16;h++,t+=4)R[h]=e.getUint32(t,!1);for(let h=16;h<64;h++){let B=R[h-15],U=R[h-2],ye=f(B,7)^f(B,18)^B>>>3,re=f(U,17)^f(U,19)^U>>>10;R[h]=re+R[h-7]+ye+R[h-16]|0}let{A:r,B:s,C:o,D:i,E:a,F:u,G:p,H:l}=this;for(let h=0;h<64;h++){let B=f(a,6)^f(a,11)^f(a,25),U=l+B+be(a,u,p)+_e[h]+R[h]|0,re=(f(r,2)^f(r,13)^f(r,22))+Re(r,s,o)|0;l=p,p=u,u=a,a=i+U|0,i=o,o=s,s=r,r=U+re|0}r=r+this.A|0,s=s+this.B|0,o=o+this.C|0,i=i+this.D|0,a=a+this.E|0,u=u+this.F|0,p=p+this.G|0,l=l+this.H|0,this.set(r,s,o,i,a,u,p,l)}roundClean(){R.fill(0)}destroy(){this.set(0,0,0,0,0,0,0,0),this.buffer.fill(0)}};var ae=Ae(()=>new oe);var X=require("viem"),S=n=>xe.Base64.fromUint8Array(new Uint8Array(n),!0),ce=n=>{let e=(0,X.stringToBytes)(n),t=ae(ae(e));return(0,X.toHex)(t,{size:32}).slice(2)};var P=class{constructor(e,t){c(this,"userAuthentications");c(this,"authModule");c(this,"apiVersion");this.authModule=e,this.userAuthentications=new Map,this.apiVersion=t}async setDefaultAuth(e,t){let r=await this.authModule.authenticate({payload:e,challenge:t!=null?t:ce((0,ue.canonicalize)(e))});this.userAuthentications.set("default",r)}async setKeygenUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for keygen");for(let r of e){let s=r.signAlg,o=t?t[s]:ce((0,ue.canonicalize)(r));if(o){let i=await this.authModule.authenticate({payload:r,challenge:o});this.userAuthentications.set(s,i)}else throw new Error(`no final challenge found in response for ${s}`)}}async setSigngenUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for signgen v1");await this.setDefaultAuth(e,t)}async setAddEphKeyUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for add ephemeral key v1");await this.setDefaultAuth(e,t)}async setRevokeEphKeyUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for revoke ephemeral key v1");await this.setDefaultAuth(e,t)}async setRegisterPasskeyUserSigs(e,t){if(!t)throw new Error("missing challenge response for registerPasskey");await this.setDefaultAuth(e,t)}async setKeyRefreshUserSigs(e,t){if(!t)throw new Error("missing challenge response for keyRefresh");await this.setDefaultAuth(e,t)}async setFinishPresignUserSigs(e,t){await this.setDefaultAuth(e,t)}async build(e,t,r){if(e==="keygen"){let s=r?JSON.parse(r):void 0;await this.setKeygenUserSigs(t,s)}else e==="signgen"?await this.setSigngenUserSigs(t,r):e==="addEphemeralKey"?await this.setAddEphKeyUserSigs(t,r):e==="revokeEphemeralKey"?await this.setRevokeEphKeyUserSigs(t,r):e==="registerPasskey"?await this.setRegisterPasskeyUserSigs(t,r):e==="keyRefresh"?await this.setKeyRefreshUserSigs(t,r):e==="finishPresign"&&await this.setFinishPresignUserSigs(t,r);return Object.fromEntries(this.userAuthentications)}};var Y=n=>{let{sign:e,recid:t}=n,r=(27+t).toString(16);return`0x${e}${r}`};var x=class{constructor(e,t){c(this,"key_id");c(this,"eph_claim");d("keyId",e),this.key_id=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"RevokeEphKeyRequest"},{name:"challenge",type:"string"}],RevokeEphKeyRequest:[{name:"key_id",type:"string"},{name:"eph_claim",type:"string"}]}}},C=class{constructor(e,t){c(this,"key_id_list");c(this,"eph_claim");for(let r of e)d("keyId",r);this.key_id_list=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"AddEphKeyRequest"},{name:"challenge",type:"string"}],AddEphKeyRequest:[{name:"key_id_list",type:"string[]"},{name:"eph_claim",type:"string"}]}}},q=class{constructor(e){c(this,"options");d("options",e),this.options=e}},K=class{constructor({t:e,keyId:t,signAlg:r}){c(this,"t");c(this,"key_id");c(this,"sign_alg");d("keyId",t),d("signAlg",r),this.t=e,this.key_id=t,this.sign_alg=r}get eoaRequestSchema(){return{Request:[{name:"setup",type:"KeyRefreshRequest"},{name:"challenge",type:"string"}],KeyRefreshRequest:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"sign_alg",type:"string"}]}}};var He=[{name:"tag",type:"uint16"},{name:"value",type:"string"}],m=class{constructor({t:e,n:t,ephClaim:r,permissions:s,signAlg:o}){c(this,"t");c(this,"n");c(this,"ephClaim");c(this,"metadata");c(this,"signAlg");d("signAlg",o),this.t=e,this.n=t,this.signAlg=o,this.ephClaim=r==null?void 0:r.toJSON(),this.metadata=[],s&&this.metadata.push({tag:1,value:s})}get eoaRequestSchema(){return{Request:[{name:"setup",type:"KeygenSetupOpts"},{name:"challenge",type:"string"}],KeygenSetupOpts:this.ephClaim?[{name:"t",type:"uint32"},{name:"n",type:"uint32"},{name:"ephClaim",type:"string"},{name:"metadata",type:"TaggedValue[]"}]:[{name:"t",type:"uint32"},{name:"n",type:"uint32"},{name:"metadata",type:"TaggedValue[]"}],TaggedValue:He}}},y=class{constructor({t:e,key_id:t,signAlg:r,message:s}){c(this,"t");c(this,"key_id");c(this,"message");c(this,"signAlg");d("keyId",t),d("signAlg",r),d("message",s),this.t=e,this.key_id=t,this.message=s,this.signAlg=r}get eoaRequestSchema(){return{Request:[{name:"setup",type:"SignSetupOpts"},{name:"challenge",type:"string"}],SignSetupOpts:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"signAlg",type:"string"},{name:"message",type:"string"}]}}},O=class{constructor({amount:e,keyId:t,t:r,expiryInSecs:s}){c(this,"amount");c(this,"key_id");c(this,"t");c(this,"expiry");if(e<=0)throw new Error("Amount must be greater than 0");d("keyId",t),this.amount=e,this.key_id=t,this.t=r,this.expiry=s!=null?s:Math.floor(Date.now()/1e3)+7*24*3600}},w=class{constructor({presignSessionId:e,message:t}){c(this,"presignSessionId");c(this,"message");d("presignSessionId",e),d("message",t),this.presignSessionId=e,this.message=t}get eoaRequestSchema(){return{Request:[{name:"setup",type:"FinishPresignOpts"},{name:"challenge",type:"string"}],FinishPresignOpts:[{name:"presignSessionId",type:"string"},{name:"message",type:"string"}]}}};var Je={name:"SilentShard authentication",version:"0.1.0"},Ge=[{name:"name",type:"string"},{name:"version",type:"string"}];function ze(n,e){let t={setup:n,challenge:e};return{types:{EIP712Domain:Ge,...n.eoaRequestSchema},domain:Je,primaryType:"Request",message:t}}async function Ee({setup:n,eoa:e,challenge:t,browserWallet:r}){let s=ze(n,t),o=await r.signTypedData(e,s);return{credentials:{credentials:"",method:"eoa",id:e},signature:o}}var pe=require("js-base64"),he=require("viem"),L=require("json-canonicalize");async function ve({user:n,challenge:e,rpConfig:t}){let r=(0,he.hexToBytes)(`0x${e}`,{size:32}),s={publicKey:{authenticatorSelection:{residentKey:"preferred",userVerification:"required"},challenge:r,excludeCredentials:[],pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],rp:{name:t.rpName,id:t.rpId},user:{...n,id:pe.Base64.toUint8Array(n.id)}}},o=await navigator.credentials.create(s);if(o===null)throw new Error("No credential returned");let i=S(o.response.attestationObject),u={rawCredential:(0,L.canonicalize)({authenticatorAttachment:o.authenticatorAttachment,id:o.id,rawId:S(o.rawId),response:{attestationObject:i,clientDataJSON:S(o.response.clientDataJSON)},type:o.type}),origin:t.rpName,rpId:t.rpId};return{credentials:{credentials:"",method:"passkey",id:o.id},signature:(0,L.canonicalize)(u)}}async function ke({challenge:n,allowCredentialId:e,rpConfig:t}){let r=(0,he.hexToBytes)(`0x${n}`,{size:32}),s=e?[{type:"public-key",id:pe.Base64.toUint8Array(e)}]:[],o={publicKey:{userVerification:"required",challenge:r,allowCredentials:s}},i=await navigator.credentials.get(o);if(i===null)throw new Error("Failed to get navigator credentials");let a=i.response,u=a.userHandle;if(u===null)throw new Error("User handle cannot be null");let p=S(a.signature),h={rawCredential:(0,L.canonicalize)({authenticatorAttachment:i.authenticatorAttachment,id:i.id,rawId:S(i.rawId),response:{authenticatorData:S(a.authenticatorData),clientDataJSON:S(a.clientDataJSON),signature:p,userHandle:S(u)},type:i.type}),origin:t.rpName,rpId:t.rpId};return{credentials:{credentials:"",method:"passkey",id:i.id},signature:(0,L.canonicalize)(h)}}var _=require("viem"),Z=require("@noble/curves/ed25519"),le=require("@noble/curves/secp256k1");var Ce=require("viem/accounts"),de=require("json-canonicalize");var E=class n{constructor(e,t,r,s=Math.floor(Date.now()/1e3)+3600){c(this,"ephId");c(this,"ephPK");c(this,"signAlg");c(this,"expiry");this.validateInputs(e,t,r,s),this.ephId=e,this.ephPK=(0,_.toHex)(t),this.signAlg=r,this.expiry=s}validateInputs(e,t,r,s){d("ephId",e),fe(t,r),g(Number.isInteger(s)===!1,"expiry must be an integer");let o=Math.floor(Date.now()/1e3),i=s-o,a=i>0&&i<=365*24*60*60;g(!a,`lifetime must be greater than 0 and less than or equal to 365 days expiry - now ${i}, expiry ${s} now secs ${o}`)}toJSON(){return(0,de.canonicalize)({ephId:this.ephId,ephPK:this.ephPK,expiry:this.expiry,signAlg:this.signAlg})}static generateKeys(e,t){let r=H(e),s=I(r,e),o=new n((0,_.toHex)(s),s,e,t);return{privKey:r,pubKey:s,ephClaim:o}}};async function Ke({setup:n,challenge:e,ephSK:t,ephClaim:r}){let s={setup:n,challenge:e},o=new TextEncoder().encode((0,de.canonicalize)(s)),i=await je(o,t,r.signAlg);return{credentials:{credentials:r.toJSON(),method:"ephemeral",id:r.ephId},signature:i}}async function je(n,e,t){switch(t){case"ed25519":return(0,_.toHex)(Z.ed25519.sign(n,e));case"secp256k1":return await(0,Ce.signMessage)({message:{raw:n},privateKey:(0,_.toHex)(e)});default:throw new Error("Invalid signature algorithm")}}function H(n){switch(n){case"ed25519":return Z.ed25519.utils.randomPrivateKey();case"secp256k1":return le.secp256k1.utils.randomPrivateKey();default:throw new Error("Invalid signature algorithm")}}function I(n,e){switch(e){case"ed25519":return Z.ed25519.getPublicKey(n);case"secp256k1":return le.secp256k1.getPublicKey(n,!1);default:throw new Error("Invalid signature algorithm")}}var Ie=require("viem");var T=class{constructor(e,t){c(this,"browserWallet");c(this,"eoa");this.validateInputs(e,t),this.browserWallet=t,this.eoa=e}validateInputs(e,t){g(!(0,Ie.isAddress)(e),"invalid Ethereum address format"),g(!((t==null?void 0:t.signTypedData)instanceof Function),"invalid browserWallet")}async authenticate({payload:e,challenge:t}){return F(e,[m,K,C,x,y,w],"eoa"),await Ee({setup:e,eoa:this.eoa,challenge:t,browserWallet:this.browserWallet})}},M=class{constructor(e,t,r){c(this,"ephSK");c(this,"ephClaim");me(t,r),this.ephSK=t;let s=I(this.ephSK,r);this.ephClaim=new E(e,s,r)}async authenticate({payload:e,challenge:t}){return F(e,[y,x,w],"ephemeral"),await Ke({setup:e,challenge:t,ephSK:this.ephSK,ephClaim:this.ephClaim})}},v=class{constructor(e,t){c(this,"rpConfig");c(this,"allowCredentialId");this.rpConfig=e,this.allowCredentialId=t}async authenticate({payload:e,challenge:t}){return F(e,[m,C,x,y,w,K],"passkey"),await ke({allowCredentialId:this.allowCredentialId,challenge:t,rpConfig:this.rpConfig})}},$=class{constructor(e,t){c(this,"rpConfig");c(this,"user");this.rpConfig=e,this.user=t}async authenticate({payload:e,challenge:t}){return F(e,[q],"passkey"),await ve({user:this.user,challenge:t,rpConfig:this.rpConfig})}};var J=require("json-canonicalize");var N=class{constructor(e){c(this,"walletProviderUrl");c(this,"apiVersion","v1");this.walletProviderUrl=`${e.walletProviderUrl}/${e.apiVersion}`,this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("keygen",e,t).then(s=>{try{return JSON.parse(s)}catch{throw new Error(`Failed to parse keygen response: ${s}`)}})}async startKeyRefresh({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e,t).then(s=>{try{return JSON.parse(s)}catch{throw new Error(`Failed to parse key refresh response: ${s}`)}})}async startSigngen({setup:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("signgen",e,t).then(s=>{try{return JSON.parse(s)}catch{throw new Error(`Failed to parse signgen response: ${s}`)}})}async addEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("addEphemeralKey",e,t).then(s=>{try{return JSON.parse(s)}catch{throw new Error(`Failed to parse add ephemeral key response: ${s}`)}})}async revokeEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("revokeEphemeralKey",e,t).then(s=>({status:s}))}async registerPasskey({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Passkey registration is not supported in v2 API");return this.connect.bind(this)("registerPasskey",e,t).then(s=>({passkeyCredentialId:s}))}connect(e,t,r){return new Promise((s,o)=>{let i=new WebSocket(`${this.walletProviderUrl}/${e}`),a=0;return console.debug("Connecting to ",i.url),i.addEventListener("open",u=>{switch(console.debug(`Connection opened in state ${a} with event ${JSON.stringify(u,void 0,"	")}`),a){case 0:{a=1;try{let p=(0,J.canonicalize)({payload:t});console.debug("Sending request:",p),i.send(p)}catch(p){this.finishWithError(i,a,p,"open event",o)}break}case 1:case 2:this.finishWithError(i,a,"Unexpected message in state waitingForResult.","open event",o);break;case 3:break}}),i.addEventListener("message",async u=>{switch(console.debug(`Connection message in state ${a} with event data ${JSON.stringify(u.data,void 0,"	")}`),a){case 0:this.finishWithError(i,a,"Unexpected message in state initiated.","message event",o);break;case 1:{a=2;try{let p=u.data,l=await new P(r,this.apiVersion).build(e,t,p);i.send((0,J.canonicalize)(l))}catch(p){this.finishWithError(i,a,p,"message event",o)}break}case 2:{a=3,i.close(),s(u.data);break}case 3:break}}),i.addEventListener("error",u=>{this.finishWithError(i,a,`Connection encountered an error event: ${JSON.stringify(u,void 0,"	")}`,"error event",o)}),i.addEventListener("close",u=>{let p=u.reason||"No specific reason provided.",l=u.code;console.debug(`Connection closed. State: ${a}, Code: ${l}, Reason: '${p}'`);let h=l>=4e3?`Application Error ${l}: ${p}`:l===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":`WebSocket Closed Unexpectedly (Code ${l}): ${p}`;this.finishWithError(i,a,new Error(h),"close event",o)}),()=>{(i.readyState===WebSocket.OPEN||i.readyState===WebSocket.CONNECTING)&&i.close(1001,"Cleanup/Unmount")}})}connectV2(e,t,r){return new Promise((s,o)=>{let i=new WebSocket(`${this.walletProviderUrl}/${e}`),a=0;return console.debug("Connecting to ",i.url),i.addEventListener("open",async u=>{switch(console.debug(`Connection opened in state ${a} with event ${JSON.stringify(u,void 0,"	")}`),a){case 0:a=2;try{let p=await new P(r,this.apiVersion).build(e,t);i.send((0,J.canonicalize)({payload:t,userSigs:p}))}catch(p){this.finishWithError(i,a,p,"open event",o)}break;case 2:a=3,this.finishWithError(i,a,"Unexpected message in state waitingForResult.","open event",o);break;case 3:break}}),i.addEventListener("message",async u=>{switch(console.debug(`Connection message in state ${a} with event ${JSON.stringify(u,void 0,"	")}`),a){case 0:this.finishWithError(i,a,"Unexpected message in state initiated.","message event",o);break;case 2:{a=3,i.close(),s(u.data);break}case 3:break}}),i.addEventListener("error",u=>{this.finishWithError(i,a,`Connection encountered an error event: ${JSON.stringify(u,void 0,"	")}`,"error event",o)}),i.addEventListener("close",u=>{let p=u.reason||"No specific reason provided.",l=u.code;console.debug(`Connection closed. State: ${a}, Code: ${l}, Reason: '${p}'`);let h=l>=4e3?`Application Error ${l}: ${p}`:l===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":`WebSocket Closed Unexpectedly (Code ${l}): ${p}`;this.finishWithError(i,a,new Error(h),"close event",o)}),()=>{(i.readyState===WebSocket.OPEN||i.readyState===WebSocket.CONNECTING)&&i.close(1001,"Cleanup/Unmount")}})}finishWithError(e,t,r,s,o){t!==3&&(console.error(`Error from ${s} in state ${t}:`,r),t=3,o(r instanceof Error?r:new Error(String(r)))),e.readyState===WebSocket.OPEN&&e.close(1e3,`Protocol run failed. Client attempted to close connection in state ${t}`)}},A=class{constructor(e){c(this,"walletProviderUrl");c(this,"apiVersion","v1");this.walletProviderUrl=`${e.walletProviderUrl}/${e.apiVersion}`,this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e}){return this.connect.bind(this)("keygen",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse keygen response: ${r}`)}})}async startSigngen({setup:e}){return this.connect.bind(this)("signgen",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse signgen response: ${r}`)}})}async startKeyRefresh({payload:e}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse key refresh response: ${r}`)}})}connect(e,t){return new Promise((r,s)=>{let o=0,i=new WebSocket(`${this.walletProviderUrl}/${e}`);i.addEventListener("open",async a=>{switch(console.debug(`Connection opened in state ${o} with event ${JSON.stringify(a,void 0,"	")}`),o){case 0:o=2;try{i.send((0,J.canonicalize)({payload:t}))}catch(u){s(u)}break;case 2:o=3,s("Incorrect protocol state");break;case 3:break}}),i.addEventListener("message",async a=>{switch(console.debug(`Connection message in state ${o} with event ${JSON.stringify(a,void 0,"	")}`),o){case 0:o=3,s("Incorrect protocol state");break;case 2:{o=3,i.close(),r(a.data);break}case 3:break}}),i.addEventListener("error",a=>{console.debug(`Connection error in state ${o} with event ${JSON.stringify(a,void 0,"	")}`),o!=3&&(o=3,s("Incorrect protocol state"))}),i.addEventListener("close",a=>{console.debug(`Connection closed in state ${o} with event ${JSON.stringify(a,void 0,"	")}`),o!=3&&(o=3,s("Incorrect protocol state"))})})}};var V=class{constructor(e,t){c(this,"authModule");c(this,"wpClient");if(!t&&!(e instanceof A))throw new Error("missing authModule for wallet provider client in auth mode");if(t&&e instanceof A)throw new Error("authModule is required but using wallet provider client in no-auth mode");this.authModule=t,this.wpClient=e}validateQuorumSetup({threshold:e,totalNodes:t}){e&&g(e<2,`Threshold = ${e} must be at least 2`),e&&t&&g(t<e,`Total nodes = ${t} must be greater or equal to threshold = ${e}`)}async generateKey(e,t,r,s,o){this.validateQuorumSetup({threshold:e,totalNodes:t});let i=r.map(a=>new m({t:e,n:t,ephClaim:s,permissions:o,signAlg:a}));return this.authModule?await this.wpClient.startKeygen({setups:i,authModule:this.authModule}):await this.wpClient.startKeygen({setups:i})}async signMessage(e,t,r,s){this.validateQuorumSetup({threshold:e}),we(r);let o=new y({t:e,key_id:t,signAlg:r,message:s});if(this.authModule){if(this.authModule instanceof v&&new Map(Object.entries(JSON.parse(s))).size>1)throw new Error("For Passkey Authentication only one message in signing request is supported");return await this.wpClient.startSigngen({setup:o,authModule:this.authModule})}else return await this.wpClient.startSigngen({setup:o})}async refreshKey(e,t,r){let s=new K({t:e,keyId:t,signAlg:r});return this.authModule?await this.wpClient.startKeyRefresh({payload:s,authModule:this.authModule}):await this.wpClient.startKeyRefresh({payload:s})}async addEphemeralKey(e,t){let r=new C(e,t);if(!this.authModule)throw new Error("Add ephemeral key is not supported in no auth mode");return await this.wpClient.addEphemeralKey({payload:r,authModule:this.authModule})}async revokeEphemeralKey(e,t){d("keyId",e);let r=new x(e,t);if(!this.authModule)throw new Error("Revoke ephemeral key is not supported in no auth mode");return await this.wpClient.revokeEphemeralKey({payload:r,authModule:this.authModule})}async registerPasskey(e){let t=new q(e!=null?e:"passkey options");if(!this.authModule)throw new Error("Register passkey is not supported in no auth mode");return await this.wpClient.registerPasskey({payload:t,authModule:this.authModule})}};var Ue=require("json-canonicalize");var ge=class extends Error{constructor(t,r,s){super(s||r);this.status=t;this.statusText=r;this.name="HttpError"}},W=class{constructor(e="",t={}){c(this,"baseURL");c(this,"defaultHeaders");this.baseURL=e,this.validateHeaders(t),this.defaultHeaders={"Content-Type":"application/json",...t}}validateHeaders(e){if(typeof e!="object"||e===null)throw new Error("Headers must be an object.");for(let[t,r]of Object.entries(e))if(typeof t!="string"||typeof r!="string")throw new Error(`Invalid header: ${t}. Header names and values must be strings.`)}setDefaultHeaders(e){this.defaultHeaders={...this.defaultHeaders,...e}}buildUrl(e){return`${this.baseURL}${e}`}async handleResponse(e){if(!e.ok){let r;try{r=(await e.json()).message||e.statusText}catch{r=e.statusText}throw new ge(e.status,e.statusText,r)}let t=e.headers.get("content-type");return t&&t.includes("application/json")?e.json():e.text()}async request(e,t,r,s={}){let o=this.buildUrl(t),i={...this.defaultHeaders,...s.headers},a={method:e,headers:i,...s,body:r?(0,Ue.canonicalize)(r):null},u=await fetch(o,a);return this.handleResponse(u)}async get(e,t){return this.request("GET",e,void 0,t)}async post(e,t,r){return this.request("POST",e,t,r)}async put(e,t,r){return this.request("PUT",e,t,r)}async patch(e,t,r){return this.request("PATCH",e,t,r)}async delete(e,t){return this.request("DELETE",e,void 0,t)}};var ee=require("viem/accounts"),qe=require("@noble/curves/secp256k1"),D=require("viem"),Qe=require("js-base64");function te(n){if(n.startsWith("0x")&&(n=n.slice(2)),n.startsWith("04"))return(0,ee.publicKeyToAddress)(`0x${n} `);if(n.startsWith("02")||n.startsWith("03")){let e=qe.secp256k1.ProjectivePoint.fromHex(n).toHex(!1);return(0,ee.publicKeyToAddress)(`0x${e}`)}else throw new Error("Invalid public key")}var Xe={KeygenSetupOpts:m,InitPresignOpts:O,FinishPresignOpts:w,SignSetupOpts:y,UserSignatures:P,NetworkSigner:V,SignRequestBuilder:k,WalletProviderServiceClient:N,NoAuthWalletProviderServiceClient:A,HttpClient:W,EOAAuth:T,EphAuth:M,PasskeyAuth:v,PasskeyRegister:$,generateEphPrivateKey:H,getEphPublicKey:I,EphKeyClaim:E,computeAddress:te,flattenSignature:Y};0&&(module.exports={EOAAuth,EphAuth,EphKeyClaim,FinishPresignOpts,HttpClient,InitPresignOpts,KeygenSetupOpts,NetworkSigner,NoAuthWalletProviderServiceClient,PasskeyAuth,PasskeyRegister,SignRequestBuilder,SignSetupOpts,UserSignatures,WalletProviderServiceClient,computeAddress,flattenSignature,generateEphPrivateKey,getEphPublicKey});
+"use strict";var X=Object.defineProperty;var Qe=Object.getOwnPropertyDescriptor;var Xe=Object.getOwnPropertyNames;var Ye=Object.prototype.hasOwnProperty;var Ze=(s,e,t)=>e in s?X(s,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):s[e]=t;var Ue=(s,e)=>{for(var t in e)X(s,t,{get:e[t],enumerable:!0})},et=(s,e,t,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let n of Xe(e))!Ye.call(s,n)&&n!==t&&X(s,n,{get:()=>e[n],enumerable:!(r=Qe(e,n))||r.enumerable});return s};var tt=s=>et(X({},"__esModule",{value:!0}),s);var c=(s,e,t)=>Ze(s,typeof e!="symbol"?e+"":e,t);var gt={};Ue(gt,{Action:()=>xe,ChainType:()=>Ee,DeletePolicyRequest:()=>P,EOAAuth:()=>$,EphAuth:()=>V,EphKeyClaim:()=>K,FinishPresignOpts:()=>R,HttpClient:()=>_,InitPresignOpts:()=>T,IssuerType:()=>Ae,KeygenSetupOpts:()=>S,Logic:()=>be,NetworkSigner:()=>F,NoAuthWalletProviderServiceClient:()=>E,Operator:()=>Ce,PasskeyAuth:()=>q,PasskeyRegister:()=>W,Policy:()=>ce,Rule:()=>ae,SignRequestBuilder:()=>U,SignSetupOpts:()=>m,TransactionAttribute:()=>ke,TransactionType:()=>ve,UpdatePolicyRequest:()=>w,UserSignatures:()=>x,WalletProviderServiceClient:()=>B,computeAddress:()=>ie,default:()=>dt,flattenSignature:()=>re,generateEphPrivateKey:()=>j,getEphPublicKey:()=>O});module.exports=tt(gt);var Ne=require("json-canonicalize");var h=(s,e)=>{g(typeof e!="string",`${s} must be string`),g((e==null?void 0:e.trim().length)===0,`${s} cannot be empty`)},Ie=(s,e)=>{if(g(!(s instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")g(s.length!==65,"secp256k1: key length must be 65 bytes, got "+s.length);else if(e==="ed25519")g(s.length!==32,"ed25519: key length must be 32 bytes, got "+s.length);else throw new Error("Invalid signature algorithm")},Me=(s,e)=>{if(g(!(s instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")g(s.length!==32,"secp256k1: key length must be 32 bytes, got "+s.length);else if(e==="ed25519")g(s.length!==32,"ed25519: key length must be 32 bytes, got "+s.length);else throw new Error("Invalid signature algorithm")},Oe=s=>{g(s!=="ed25519"&&s!=="secp256k1",'signAlg must be either "ed25519" or "secp256k"')},g=(s,e)=>{if(s)throw new Error(e)},rt=(s,e)=>`Invalid payload ${JSON.stringify(s)}, cannot be authenticated by ${e.toLocaleUpperCase()} method.`,H=(s,e,t)=>{g(!e.some(r=>s instanceof r),rt(s,t))};var U=class{constructor(){c(this,"signRequest",new Map)}setRequest(e,t,r){if(h("transactionId",e),h("message",t),h("requestType",r),this.signRequest.has(e))throw new Error(`Transaction ID ${e} is already set.`);return this.signRequest.set(e,{signingMessage:t,requestType:r}),this}build(){let e={};if(this.signRequest.forEach((t,r)=>{e[r]=t}),Object.keys(e).length===0)throw new Error("No sign request is set.");return(0,Ne.canonicalize)(e)}};var me=require("json-canonicalize");var We=require("js-base64");function st(s){return s instanceof Uint8Array||ArrayBuffer.isView(s)&&s.constructor.name==="Uint8Array"}function ue(s,...e){if(!st(s))throw new Error("Uint8Array expected");if(e.length>0&&!e.includes(s.length))throw new Error("Uint8Array expected of length "+e+", got length="+s.length)}function pe(s,e=!0){if(s.destroyed)throw new Error("Hash instance has been destroyed");if(e&&s.finished)throw new Error("Hash#digest() has already been called")}function De(s,e){ue(s);let t=e.outputLen;if(s.length<t)throw new Error("digestInto() expects output buffer of length at least "+t)}var Z=s=>new DataView(s.buffer,s.byteOffset,s.byteLength),f=(s,e)=>s<<32-e|s>>>e;function nt(s){if(typeof s!="string")throw new Error("utf8ToBytes expected string, got "+typeof s);return new Uint8Array(new TextEncoder().encode(s))}function he(s){return typeof s=="string"&&(s=nt(s)),ue(s),s}var Y=class{clone(){return this._cloneInto()}};function Te(s){let e=r=>s().update(he(r)).digest(),t=s();return e.outputLen=t.outputLen,e.blockLen=t.blockLen,e.create=()=>s(),e}function it(s,e,t,r){if(typeof s.setBigUint64=="function")return s.setBigUint64(e,t,r);let n=BigInt(32),o=BigInt(4294967295),i=Number(t>>n&o),a=Number(t&o),l=r?4:0,u=r?0:4;s.setUint32(e+l,i,r),s.setUint32(e+u,a,r)}var $e=(s,e,t)=>s&e^~s&t,Ve=(s,e,t)=>s&e^s&t^e&t,ee=class extends Y{constructor(e,t,r,n){super(),this.blockLen=e,this.outputLen=t,this.padOffset=r,this.isLE=n,this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.buffer=new Uint8Array(e),this.view=Z(this.buffer)}update(e){pe(this);let{view:t,buffer:r,blockLen:n}=this;e=he(e);let o=e.length;for(let i=0;i<o;){let a=Math.min(n-this.pos,o-i);if(a===n){let l=Z(e);for(;n<=o-i;i+=n)this.process(l,i);continue}r.set(e.subarray(i,i+a),this.pos),this.pos+=a,i+=a,this.pos===n&&(this.process(t,0),this.pos=0)}return this.length+=e.length,this.roundClean(),this}digestInto(e){pe(this),De(e,this),this.finished=!0;let{buffer:t,view:r,blockLen:n,isLE:o}=this,{pos:i}=this;t[i++]=128,this.buffer.subarray(i).fill(0),this.padOffset>n-i&&(this.process(r,0),i=0);for(let p=i;p<n;p++)t[p]=0;it(r,n-8,BigInt(this.length*8),o),this.process(r,0);let a=Z(e),l=this.outputLen;if(l%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let u=l/4,d=this.get();if(u>d.length)throw new Error("_sha2: outputLen bigger than state");for(let p=0;p<u;p++)a.setUint32(4*p,d[p],o)}digest(){let{buffer:e,outputLen:t}=this;this.digestInto(e);let r=e.slice(0,t);return this.destroy(),r}_cloneInto(e){e||(e=new this.constructor),e.set(...this.get());let{blockLen:t,buffer:r,length:n,finished:o,destroyed:i,pos:a}=this;return e.length=n,e.pos=a,e.finished=o,e.destroyed=i,n%t&&e.buffer.set(r),e}};var ot=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),v=new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),k=new Uint32Array(64),de=class extends ee{constructor(){super(64,32,8,!1),this.A=v[0]|0,this.B=v[1]|0,this.C=v[2]|0,this.D=v[3]|0,this.E=v[4]|0,this.F=v[5]|0,this.G=v[6]|0,this.H=v[7]|0}get(){let{A:e,B:t,C:r,D:n,E:o,F:i,G:a,H:l}=this;return[e,t,r,n,o,i,a,l]}set(e,t,r,n,o,i,a,l){this.A=e|0,this.B=t|0,this.C=r|0,this.D=n|0,this.E=o|0,this.F=i|0,this.G=a|0,this.H=l|0}process(e,t){for(let p=0;p<16;p++,t+=4)k[p]=e.getUint32(t,!1);for(let p=16;p<64;p++){let J=k[p-15],N=k[p-2],qe=f(J,7)^f(J,18)^J>>>3,le=f(N,17)^f(N,19)^N>>>10;k[p]=le+k[p-7]+qe+k[p-16]|0}let{A:r,B:n,C:o,D:i,E:a,F:l,G:u,H:d}=this;for(let p=0;p<64;p++){let J=f(a,6)^f(a,11)^f(a,25),N=d+J+$e(a,l,u)+ot[p]+k[p]|0,le=(f(r,2)^f(r,13)^f(r,22))+Ve(r,n,o)|0;d=u,u=l,l=a,a=i+N|0,i=o,o=n,n=r,r=N+le|0}r=r+this.A|0,n=n+this.B|0,o=o+this.C|0,i=i+this.D|0,a=a+this.E|0,l=l+this.F|0,u=u+this.G|0,d=d+this.H|0,this.set(r,n,o,i,a,l,u,d)}roundClean(){k.fill(0)}destroy(){this.set(0,0,0,0,0,0,0,0),this.buffer.fill(0)}};var ge=Te(()=>new de);var te=require("viem"),A=s=>We.Base64.fromUint8Array(new Uint8Array(s),!0),ye=s=>{let e=(0,te.stringToBytes)(s),t=ge(ge(e));return(0,te.toHex)(t,{size:32}).slice(2)};var x=class{constructor(e,t){c(this,"userAuthentications");c(this,"authModule");c(this,"apiVersion");this.authModule=e,this.userAuthentications=new Map,this.apiVersion=t}async setDefaultAuth(e){let t=await this.authModule.authenticate({payload:e.payload,challenge:e.challenge});this.userAuthentications.set("default",t)}async setKeygenUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for keygen");for(let r of e){let n=r.signAlg,o=t?t[n]:ye((0,me.canonicalize)(r));if(o){let i=await this.authModule.authenticate({payload:r,challenge:o});this.userAuthentications.set(n,i)}else throw new Error(`no final challenge found in response for ${n}`)}}async setSigngenUserSigs(e){await this.setDefaultAuth(e)}async setAddEphKeyUserSigs(e){await this.setDefaultAuth(e)}async setRevokeEphKeyUserSigs(e){await this.setDefaultAuth(e)}async setRegisterPasskeyUserSigs(e){await this.setDefaultAuth(e)}async setKeyRefreshUserSigs(e){await this.setDefaultAuth(e)}async setFinishPresignUserSigs(e){await this.setDefaultAuth(e)}async setUpdatePolicyUserSigs(e){await this.setDefaultAuth(e)}async setDeletePolicyUserSigs(e){await this.setDefaultAuth(e)}async build(e,t,r){if(this.apiVersion!=="v1"&&(e==="registerPasskey"||e==="keyRefresh"))throw new Error(`${e} is only supported in V1`);let{challenge:n}=r!=null?r:{};if(e==="keygen"){let o=n?JSON.parse(n):void 0;await this.setKeygenUserSigs(t,o)}else{if(this.apiVersion==="v1"&&!n)throw new Error(`missing challenge response for ${e} V1`);let o=n!=null?n:ye((0,me.canonicalize)(t));e==="signgen"?await this.setSigngenUserSigs({payload:t,challenge:o}):e==="addEphemeralKey"?await this.setAddEphKeyUserSigs({payload:t,challenge:o}):e==="revokeEphemeralKey"?await this.setRevokeEphKeyUserSigs({payload:t,challenge:o}):e==="registerPasskey"?await this.setRegisterPasskeyUserSigs({payload:t,challenge:o}):e==="keyRefresh"?await this.setKeyRefreshUserSigs({payload:t,challenge:o}):e==="finishPresign"?await this.setFinishPresignUserSigs({payload:t,challenge:o}):e==="updatePolicy"?await this.setUpdatePolicyUserSigs({payload:t,challenge:o}):e==="deletePolicy"&&await this.setDeletePolicyUserSigs({payload:t,challenge:o})}return Object.fromEntries(this.userAuthentications)}};var re=s=>{let{sign:e,recid:t}=s,r=(27+t).toString(16);return`0x${e}${r}`};var C=class{constructor(e,t){c(this,"key_id");c(this,"eph_claim");h("keyId",e),this.key_id=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"RevokeEphKeyRequest"},{name:"challenge",type:"string"}],RevokeEphKeyRequest:[{name:"key_id",type:"string"},{name:"eph_claim",type:"string"}]}}},I=class{constructor(e,t){c(this,"key_id_list");c(this,"eph_claim");for(let r of e)h("keyId",r);this.key_id_list=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"AddEphKeyRequest"},{name:"challenge",type:"string"}],AddEphKeyRequest:[{name:"key_id_list",type:"string[]"},{name:"eph_claim",type:"string"}]}}},D=class{constructor(e){c(this,"options");h("options",e),this.options=e}},M=class{constructor({t:e,keyId:t,signAlg:r}){c(this,"t");c(this,"key_id");c(this,"sign_alg");h("keyId",t),h("signAlg",r),this.t=e,this.key_id=t,this.sign_alg=r}get eoaRequestSchema(){return{Request:[{name:"setup",type:"KeyRefreshRequest"},{name:"challenge",type:"string"}],KeyRefreshRequest:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"sign_alg",type:"string"}]}}},w=class{constructor({keyId:e,policy:t}){c(this,"key_id");c(this,"policy");h("keyId",e),this.key_id=e,this.policy=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"UpdatePolicyRequest"},{name:"challenge",type:"string"}],UpdatePolicyRequest:[{name:"key_id",type:"string"},{name:"policy",type:"string"}]}}},P=class{constructor({keyId:e}){c(this,"key_id");h("keyId",e),this.key_id=e}get eoaRequestSchema(){return{Request:[{name:"setup",type:"DeletePolicyRequest"},{name:"challenge",type:"string"}],DeletePolicyRequest:[{name:"key_id",type:"string"}]}}};var at=[{name:"tag",type:"uint16"},{name:"value",type:"string"}],S=class{constructor({t:e,n:t,ephClaim:r,policy:n,signAlg:o}){c(this,"t");c(this,"n");c(this,"ephClaim");c(this,"metadata");c(this,"signAlg");c(this,"policy");h("signAlg",o),this.t=e,this.n=t,this.signAlg=o,this.ephClaim=r==null?void 0:r.toJSON(),this.metadata=[],this.policy=n==null?void 0:n.toJSON()}get eoaRequestSchema(){let e=[{name:"t",type:"uint32"},{name:"n",type:"uint32"},{name:"metadata",type:"TaggedValue[]"}];return this.ephClaim&&e.push({name:"ephClaim",type:"string"}),this.policy&&e.push({name:"policy",type:"string"}),{Request:[{name:"setup",type:"KeygenSetupOpts"},{name:"challenge",type:"string"}],KeygenSetupOpts:e,TaggedValue:at}}},m=class{constructor({t:e,key_id:t,signAlg:r,message:n}){c(this,"t");c(this,"key_id");c(this,"message");c(this,"signAlg");h("keyId",t),h("signAlg",r),h("message",n),this.t=e,this.key_id=t,this.message=n,this.signAlg=r}get eoaRequestSchema(){return{Request:[{name:"setup",type:"SignSetupOpts"},{name:"challenge",type:"string"}],SignSetupOpts:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"signAlg",type:"string"},{name:"message",type:"string"}]}}},T=class{constructor({amount:e,keyId:t,t:r,expiryInSecs:n}){c(this,"amount");c(this,"key_id");c(this,"t");c(this,"expiry");if(e<=0)throw new Error("Amount must be greater than 0");h("keyId",t),this.amount=e,this.key_id=t,this.t=r,this.expiry=n!=null?n:Math.floor(Date.now()/1e3)+7*24*3600}},R=class{constructor({presignSessionId:e,message:t}){c(this,"presignSessionId");c(this,"message");h("presignSessionId",e),h("message",t),this.presignSessionId=e,this.message=t}get eoaRequestSchema(){return{Request:[{name:"setup",type:"FinishPresignOpts"},{name:"challenge",type:"string"}],FinishPresignOpts:[{name:"presignSessionId",type:"string"},{name:"message",type:"string"}]}}};var ct={name:"SilentShard authentication",version:"0.1.0"},lt=[{name:"name",type:"string"},{name:"version",type:"string"}];function ut(s,e){let t={setup:s,challenge:e};return{types:{EIP712Domain:lt,...s.eoaRequestSchema},domain:ct,primaryType:"Request",message:t}}async function Be({setup:s,eoa:e,challenge:t,browserWallet:r}){let n=ut(s,t),o=await r.signTypedData(e,n);return new b({method:"eoa",id:e},o)}var fe=require("js-base64"),we=require("viem"),G=require("json-canonicalize");async function Fe({user:s,challenge:e,rpConfig:t}){let r=(0,we.hexToBytes)(`0x${e}`,{size:32}),n={publicKey:{authenticatorSelection:{residentKey:"preferred",userVerification:"required"},challenge:r,excludeCredentials:[],pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],rp:{name:t.rpName,id:t.rpId},user:{...s,id:fe.Base64.toUint8Array(s.id)}}},o=await navigator.credentials.create(n);if(o===null)throw new Error("No credential returned");let i=A(o.response.attestationObject),l={rawCredential:(0,G.canonicalize)({authenticatorAttachment:o.authenticatorAttachment,id:o.id,rawId:A(o.rawId),response:{attestationObject:i,clientDataJSON:A(o.response.clientDataJSON)},type:o.type}),origin:t.rpName,rpId:t.rpId};return new b({method:"passkey",id:o.id},(0,G.canonicalize)(l))}async function _e({challenge:s,allowCredentialId:e,rpConfig:t}){let r=(0,we.hexToBytes)(`0x${s}`,{size:32}),n=e?[{type:"public-key",id:fe.Base64.toUint8Array(e)}]:[],o={publicKey:{userVerification:"required",challenge:r,allowCredentials:n}},i=await navigator.credentials.get(o);if(i===null)throw new Error("Failed to get navigator credentials");let a=i.response,l=a.userHandle;if(l===null)throw new Error("User handle cannot be null");let u=A(a.signature),p={rawCredential:(0,G.canonicalize)({authenticatorAttachment:i.authenticatorAttachment,id:i.id,rawId:A(i.rawId),response:{authenticatorData:A(a.authenticatorData),clientDataJSON:A(a.clientDataJSON),signature:u,userHandle:A(l)},type:i.type}),origin:t.rpName,rpId:t.rpId};return new b({method:"passkey",id:i.id},(0,G.canonicalize)(p))}var z=require("viem");var se=require("@noble/curves/ed25519"),Pe=require("@noble/curves/secp256k1");var Le=require("viem/accounts"),Se=require("json-canonicalize");var K=class s{constructor(e,t,r,n=Math.floor(Date.now()/1e3)+3600){c(this,"ephId");c(this,"ephPK");c(this,"signAlg");c(this,"expiry");this.validateInputs(e,t,r,n),this.ephId=e,this.ephPK=(0,z.toHex)(t),this.signAlg=r,this.expiry=n}validateInputs(e,t,r,n){h("ephId",e),Ie(t,r),g(Number.isInteger(n)===!1,"expiry must be an integer");let o=Math.floor(Date.now()/1e3),i=n-o,a=i>0&&i<=365*24*60*60;g(!a,`lifetime must be greater than 0 and less than or equal to 365 days expiry - now ${i}, expiry ${n} now secs ${o}`)}toJSON(){try{return(0,Se.canonicalize)({ephId:this.ephId,ephPK:this.ephPK,expiry:this.expiry,signAlg:this.signAlg})}catch(e){throw console.error("Error while serializing ephemeral key claim",e),new Error("Error while serializing ephemeral key claim")}}static generateKeys(e,t){let r=j(e),n=O(r,e),o=new s((0,z.toHex)(n),n,e,t);return{privKey:r,pubKey:n,ephClaim:o}}};async function Je({setup:s,challenge:e,ephSK:t,ephClaim:r}){let n={setup:s,challenge:e},o=new TextEncoder().encode((0,Se.canonicalize)(n)),i=await pt(o,t,r.signAlg);return new b({method:"ephemeral",id:r.ephId},i)}async function pt(s,e,t){switch(t){case"ed25519":return(0,z.toHex)(se.ed25519.sign(s,e));case"secp256k1":return await(0,Le.signMessage)({message:{raw:s},privateKey:(0,z.toHex)(e)});default:throw new Error("Invalid signature algorithm")}}function j(s){switch(s){case"ed25519":return se.ed25519.utils.randomPrivateKey();case"secp256k1":return Pe.secp256k1.utils.randomPrivateKey();default:throw new Error("Invalid signature algorithm")}}function O(s,e){switch(e){case"ed25519":return se.ed25519.getPublicKey(s);case"secp256k1":return Pe.secp256k1.getPublicKey(s,!1);default:throw new Error("Invalid signature algorithm")}}var He=require("viem");var b=class{constructor(e,t){this.credentials=e;this.signature=t;this.credentials=e,this.signature=t}},$=class{constructor(e,t){c(this,"browserWallet");c(this,"eoa");this.validateInputs(e,t),this.browserWallet=t,this.eoa=e}validateInputs(e,t){g(!(0,He.isAddress)(e),"invalid Ethereum address format"),g(!((t==null?void 0:t.signTypedData)instanceof Function),"invalid browserWallet")}async authenticate({payload:e,challenge:t}){return H(e,[S,M,I,C,m,R,w,P],"eoa"),await Be({setup:e,eoa:this.eoa,challenge:t,browserWallet:this.browserWallet})}},V=class{constructor(e,t,r){c(this,"ephSK");c(this,"ephClaim");Me(t,r),this.ephSK=t;let n=O(this.ephSK,r);this.ephClaim=new K(e,n,r)}async authenticate({payload:e,challenge:t}){return H(e,[m,C,R],"ephemeral"),await Je({setup:e,challenge:t,ephSK:this.ephSK,ephClaim:this.ephClaim})}},q=class{constructor(e,t){c(this,"rpConfig");c(this,"allowCredentialId");this.rpConfig=e,this.allowCredentialId=t}async authenticate({payload:e,challenge:t}){return H(e,[S,I,m,R,M,C,w,P],"passkey"),await _e({allowCredentialId:this.allowCredentialId,challenge:t,rpConfig:this.rpConfig})}},W=class{constructor(e,t){c(this,"rpConfig");c(this,"user");this.rpConfig=e,this.user=t}async authenticate({payload:e,challenge:t}){return H(e,[D],"passkey"),await Fe({user:this.user,challenge:t,rpConfig:this.rpConfig})}};var Q=require("json-canonicalize");var B=class{constructor(e){c(this,"walletProviderUrl");c(this,"apiVersion","v1");this.walletProviderUrl=`${e.walletProviderUrl}/${e.apiVersion}`,this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("keygen",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse keygen response: ${n}`)}})}async startKeyRefresh({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse key refresh response: ${n}`)}})}async startSigngen({setup:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("signgen",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse signgen response: ${n}`)}})}async addEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("addEphemeralKey",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse add ephemeral key response: ${n}`)}})}async revokeEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("revokeEphemeralKey",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse revoke ephemeral key response: ${n}`)}})}async registerPasskey({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Passkey registration is not supported in v2 API");return this.connect.bind(this)("registerPasskey",e,t).then(n=>({passkeyCredentialId:n}))}async updatePolicy({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("updatePolicy",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse update policy response: ${n}`)}})}async deletePolicy({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("deletePolicy",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse delete policy response: ${n}`)}})}connect(e,t,r){return new Promise((n,o)=>{let i=new WebSocket(`${this.walletProviderUrl}/${e}`),a=0;return console.debug("Connecting to ",i.url),i.addEventListener("open",l=>{switch(console.debug(`Connection opened in state ${a} with event ${JSON.stringify(l,void 0,"	")}`),a){case 0:{a=1;try{let u=(0,Q.canonicalize)({payload:t});console.debug("Sending request:",u),i.send(u)}catch(u){this.finishWithError(i,a,u,"open event",o)}break}case 1:case 2:this.finishWithError(i,a,"Unexpected message in state waitingForResult.","open event",o);break;case 3:break}}),i.addEventListener("message",async l=>{switch(console.debug(`Connection message in state ${a} with event data ${JSON.stringify(l.data,void 0,"	")}`),a){case 0:this.finishWithError(i,a,"Unexpected message in state initiated.","message event",o);break;case 1:{a=2;try{let u=l.data,d=await new x(r,this.apiVersion).build(e,t,{challenge:u});i.send((0,Q.canonicalize)(d))}catch(u){this.finishWithError(i,a,u,"message event",o)}break}case 2:{a=3,i.close(),n(l.data);break}case 3:break}}),i.addEventListener("error",l=>{this.finishWithError(i,a,`Connection encountered an error event: ${JSON.stringify(l,void 0,"	")}`,"error event",o)}),i.addEventListener("close",l=>{let u=l.reason||"No specific reason provided.",d=l.code;console.debug(`Connection closed. State: ${a}, Code: ${d}, Reason: '${u}'`);let p=d>=4e3?`Application Error ${d}: ${u}`:d===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":`WebSocket Closed Unexpectedly (Code ${d}): ${u}`;this.finishWithError(i,a,new Error(p),"close event",o)}),()=>{(i.readyState===WebSocket.OPEN||i.readyState===WebSocket.CONNECTING)&&i.close(1001,"Cleanup/Unmount")}})}connectV2(e,t,r){return new Promise((n,o)=>{let i=new WebSocket(`${this.walletProviderUrl}/${e}`),a=0;return console.debug("Connecting to ",i.url),i.addEventListener("open",async l=>{switch(console.debug(`Connection opened in state ${a} with event ${JSON.stringify(l,void 0,"	")}`),a){case 0:a=2;try{let u=await new x(r,this.apiVersion).build(e,t);i.send((0,Q.canonicalize)({payload:t,userSigs:u}))}catch(u){this.finishWithError(i,a,u,"open event",o)}break;case 2:a=3,this.finishWithError(i,a,"Unexpected message in state waitingForResult.","open event",o);break;case 3:break}}),i.addEventListener("message",async l=>{switch(console.debug(`Connection message in state ${a} with event ${JSON.stringify(l,void 0,"	")}`),a){case 0:this.finishWithError(i,a,"Unexpected message in state initiated.","message event",o);break;case 2:{a=3,i.close(),n(l.data);break}case 3:break}}),i.addEventListener("error",l=>{this.finishWithError(i,a,`Connection encountered an error event: ${JSON.stringify(l,void 0,"	")}`,"error event",o)}),i.addEventListener("close",l=>{let u=l.reason||"No specific reason provided.",d=l.code;console.debug(`Connection closed. State: ${a}, Code: ${d}, Reason: '${u}'`);let p=d>=4e3?`Application Error ${d}: ${u}`:d===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":`WebSocket Closed Unexpectedly (Code ${d}): ${u}`;this.finishWithError(i,a,new Error(p),"close event",o)}),()=>{(i.readyState===WebSocket.OPEN||i.readyState===WebSocket.CONNECTING)&&i.close(1001,"Cleanup/Unmount")}})}finishWithError(e,t,r,n,o){t!==3&&(console.error(`Error from ${n} in state ${t}:`,r),t=3,o(r instanceof Error?r:new Error(String(r)))),e.readyState===WebSocket.OPEN&&e.close(1e3,`Protocol run failed. Client attempted to close connection in state ${t}`)}},E=class{constructor(e){c(this,"walletProviderUrl");c(this,"apiVersion","v1");this.walletProviderUrl=`${e.walletProviderUrl}/${e.apiVersion}`,this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e}){return this.connect.bind(this)("keygen",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse keygen response: ${r}`)}})}async startSigngen({setup:e}){return this.connect.bind(this)("signgen",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse signgen response: ${r}`)}})}async startKeyRefresh({payload:e}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse key refresh response: ${r}`)}})}async updatePolicy({payload:e}){return this.connect.bind(this)("updatePolicy",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse update policy response: ${r}`)}})}async deletePolicy({payload:e}){return this.connect.bind(this)("deletePolicy",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse delete policy response: ${r}`)}})}connect(e,t){return new Promise((r,n)=>{let o=0,i=new WebSocket(`${this.walletProviderUrl}/${e}`);i.addEventListener("open",async a=>{switch(console.debug(`Connection opened in state ${o} with event ${JSON.stringify(a,void 0,"	")}`),o){case 0:o=2;try{i.send((0,Q.canonicalize)({payload:t}))}catch(l){n(l)}break;case 2:o=3,n("Incorrect protocol state");break;case 3:break}}),i.addEventListener("message",async a=>{switch(console.debug(`Connection message in state ${o} with event ${JSON.stringify(a,void 0,"	")}`),o){case 0:o=3,n("Incorrect protocol state");break;case 2:{o=3,i.close(),r(a.data);break}case 3:break}}),i.addEventListener("error",a=>{console.debug(`Connection error in state ${o} with event ${JSON.stringify(a,void 0,"	")}`),o!=3&&(o=3,n("Incorrect protocol state"))}),i.addEventListener("close",a=>{console.debug(`Connection closed in state ${o} with event ${JSON.stringify(a,void 0,"	")}`),o!=3&&(o=3,n("Incorrect protocol state"))})})}};var F=class{constructor(e,t){c(this,"authModule");c(this,"wpClient");if(!t&&!(e instanceof E))throw new Error("missing authModule for wallet provider client in auth mode");if(t&&e instanceof E)throw new Error("authModule is required but using wallet provider client in no-auth mode");this.authModule=t,this.wpClient=e}validateQuorumSetup({threshold:e,totalNodes:t}){e&&g(e<2,`Threshold = ${e} must be at least 2`),e&&t&&g(t<e,`Total nodes = ${t} must be greater or equal to threshold = ${e}`)}async generateKey(e,t,r,n,o){this.validateQuorumSetup({threshold:e,totalNodes:t});let i=r.map(a=>new S({t:e,n:t,ephClaim:n,policy:o,signAlg:a}));return this.authModule?await this.wpClient.startKeygen({setups:i,authModule:this.authModule}):await this.wpClient.startKeygen({setups:i})}async signMessage(e,t,r,n){this.validateQuorumSetup({threshold:e}),Oe(r);let o=new m({t:e,key_id:t,signAlg:r,message:n});if(this.authModule){if(this.authModule instanceof q&&new Map(Object.entries(JSON.parse(n))).size>1)throw new Error("For Passkey Authentication only one message in signing request is supported");return await this.wpClient.startSigngen({setup:o,authModule:this.authModule})}else return await this.wpClient.startSigngen({setup:o})}async refreshKey(e,t,r){let n=new M({t:e,keyId:t,signAlg:r});return this.authModule?await this.wpClient.startKeyRefresh({payload:n,authModule:this.authModule}):await this.wpClient.startKeyRefresh({payload:n})}async addEphemeralKey(e,t){let r=new I(e,t);if(!this.authModule)throw new Error("Add ephemeral key is not supported in no auth mode");return await this.wpClient.addEphemeralKey({payload:r,authModule:this.authModule})}async revokeEphemeralKey(e,t){h("keyId",e);let r=new C(e,t);if(!this.authModule)throw new Error("Revoke ephemeral key is not supported in no auth mode");return await this.wpClient.revokeEphemeralKey({payload:r,authModule:this.authModule})}async registerPasskey(e){let t=new D(e!=null?e:"passkey options");if(!this.authModule)throw new Error("Register passkey is not supported in no auth mode");return await this.wpClient.registerPasskey({payload:t,authModule:this.authModule})}async updatePolicy(e,t){let r=new w({keyId:e,policy:t});return this.authModule?await this.wpClient.updatePolicy({payload:r,authModule:this.authModule}):await this.wpClient.updatePolicy({payload:r})}async deletePolicy(e){let t=new P({keyId:e});return this.authModule?await this.wpClient.deletePolicy({payload:t,authModule:this.authModule}):await this.wpClient.deletePolicy({payload:t})}};var Ge=require("json-canonicalize");var Re=class extends Error{constructor(t,r,n){super(n||r);this.status=t;this.statusText=r;this.name="HttpError"}},_=class{constructor(e="",t={}){c(this,"baseURL");c(this,"defaultHeaders");this.baseURL=e,this.validateHeaders(t),this.defaultHeaders={"Content-Type":"application/json",...t}}validateHeaders(e){if(typeof e!="object"||e===null)throw new Error("Headers must be an object.");for(let[t,r]of Object.entries(e))if(typeof t!="string"||typeof r!="string")throw new Error(`Invalid header: ${t}. Header names and values must be strings.`)}setDefaultHeaders(e){this.defaultHeaders={...this.defaultHeaders,...e}}buildUrl(e){return`${this.baseURL}${e}`}async handleResponse(e){if(!e.ok){let r;try{r=(await e.json()).message||e.statusText}catch{r=e.statusText}throw new Re(e.status,e.statusText,r)}let t=e.headers.get("content-type");return t&&t.includes("application/json")?e.json():e.text()}async request(e,t,r,n={}){let o=this.buildUrl(t),i={...this.defaultHeaders,...n.headers},a={method:e,headers:i,...n,body:r?(0,Ge.canonicalize)(r):null},l=await fetch(o,a);return this.handleResponse(l)}async get(e,t){return this.request("GET",e,void 0,t)}async post(e,t,r){return this.request("POST",e,t,r)}async put(e,t,r){return this.request("PUT",e,t,r)}async patch(e,t,r){return this.request("PATCH",e,t,r)}async delete(e,t){return this.request("DELETE",e,void 0,t)}};var ne=require("viem/accounts"),ze=require("@noble/curves/secp256k1"),L=require("viem"),ht=require("js-base64");function ie(s){if(s.startsWith("0x")&&(s=s.slice(2)),s.startsWith("04"))return(0,ne.publicKeyToAddress)(`0x${s} `);if(s.startsWith("02")||s.startsWith("03")){let e=ze.secp256k1.ProjectivePoint.fromHex(s).toHex(!1);return(0,ne.publicKeyToAddress)(`0x${e}`)}else throw new Error("Invalid public key")}var Ke={};Ue(Ke,{Action:()=>xe,ChainType:()=>Ee,IssuerType:()=>Ae,Logic:()=>be,Operator:()=>Ce,Policy:()=>ce,Rule:()=>ae,TransactionAttribute:()=>ke,TransactionType:()=>ve});var je=require("json-canonicalize");var oe=512,Ae=(r=>(r.SessionKeyId="SessionKeyId",r.UserId="UserId",r.All="*",r))(Ae||{}),xe=(t=>(t.Allow="allow",t.Deny="deny",t))(xe||{}),be=(t=>(t.Or="or",t.And="and",t))(be||{}),Ee=(r=>(r.Off="off",r.Ethereum="ethereum",r.Solana="solana",r))(Ee||{}),ve=(i=>(i.Eip712="eip712",i.Eip191="eip191",i.Erc20="erc20",i.Erc721="erc721",i.NativeTransfer="nativeTransfer",i.SolanaTransaction="solanaTransaction",i))(ve||{}),ke=(y=>(y.Sender="sender",y.Receiver="receiver",y.NativeValue="nativeValue",y.ChainId="chainId",y.FunctionSelector="functionSelector",y.Message="message",y.VerifyingContract="verifyingContract",y.PrimaryType="primaryType",y.DomainName="domainName",y.DomainVersion="domainVersion",y.SolanaAccountKeys="solanaAccountKeys",y.SplTransferAmount="splTransferAmount",y.SplTokenMint="splTokenMint",y.CustomProgramInstruction="customProgramInstruction",y.SystemInstructionName="systemInstructionName",y.SplInstructionName="splInstructionName",y))(ke||{}),Ce=(l=>(l.Eq="eq",l.Neq="neq",l.Lt="lt",l.Lte="lte",l.Gt="gt",l.Gte="gte",l.In="in",l.All="all",l))(Ce||{}),ae=class{constructor({description:e,chain_type:t,conditions:r,issuer:n,action:o,logic:i}){c(this,"description");c(this,"issuer");c(this,"action");c(this,"logic");c(this,"chain_type");c(this,"conditions");if(!r.length)throw new Error("Rule must have at least one condition");if(!t)throw new Error("Chain type must be set");if(e.length>oe)throw new Error(`Description length exceeds maximum of ${oe}`);this.description=e,this.chain_type=t,this.conditions=r,this.issuer=n||[{type:"*",id:"*"}],this.action=o||"allow",this.logic=i||"and"}},ce=class{constructor({version:e,description:t,rules:r}){c(this,"version");c(this,"description");c(this,"rules");if(!r.length)throw new Error("Policy must have at least one rule");if(t.length>oe)throw new Error(`Description length exceeds maximum of ${oe}`);this.version=e!=null?e:"1.0",this.description=t,this.rules=r}toJSON(){try{return(0,je.canonicalize)({version:this.version,description:this.description,rules:this.rules})}catch(e){throw console.error("Error while serializing policy",e),new Error("Error while serializing policy")}}};var dt={KeygenSetupOpts:S,InitPresignOpts:T,FinishPresignOpts:R,SignSetupOpts:m,UserSignatures:x,NetworkSigner:F,SignRequestBuilder:U,WalletProviderServiceClient:B,NoAuthWalletProviderServiceClient:E,HttpClient:_,EOAAuth:$,EphAuth:V,PasskeyAuth:q,PasskeyRegister:W,generateEphPrivateKey:j,getEphPublicKey:O,EphKeyClaim:K,computeAddress:ie,flattenSignature:re,UpdatePolicyRequest:w,DeletePolicyRequest:P,...Ke};0&&(module.exports={Action,ChainType,DeletePolicyRequest,EOAAuth,EphAuth,EphKeyClaim,FinishPresignOpts,HttpClient,InitPresignOpts,IssuerType,KeygenSetupOpts,Logic,NetworkSigner,NoAuthWalletProviderServiceClient,Operator,PasskeyAuth,PasskeyRegister,Policy,Rule,SignRequestBuilder,SignSetupOpts,TransactionAttribute,TransactionType,UpdatePolicyRequest,UserSignatures,WalletProviderServiceClient,computeAddress,flattenSignature,generateEphPrivateKey,getEphPublicKey});
 /*! Bundled license information:
 
 @noble/hashes/esm/utils.js:

package/dist/index.d.ts

@@ -1,9 +1,10 @@
 export type { SignRequestType } from './builder/signRequest';
+export type { UserSignaturesOptionalParams } from './builder/userAuth';
 export type { ApiVersion, ClientConfig, IWalletProviderServiceClient, INoAuthWpServiceClient, } from './client/walletProviderServiceClientInterface';
 export type { IBrowserWallet, TypedData } from './auth/EOAauthentication';
 export type { PasskeyUser, RelyingPartyConfig } from './auth/passkeyAuthentication';
 export type { UserAuthentication } from './auth/authentication';
-export type { KeygenResponse, KeyRefreshResponse, SignResponse, AddEphKeyResponse, RevokeEphKeyResponse, RegisterPasskeyResponse, } from './client/networkResponse';
+export type { KeygenResponse, KeyRefreshResponse, SignResponse, AddEphKeyResponse, RevokeEphKeyResponse, RegisterPasskeyResponse, UpdatePolicyResponse, DeletePolicyResponse, } from './client/networkResponse';
 export type { MPCSignAlgorithm } from './client/networkSigner';
 export type { EphKeySignAlgorithm } from './auth/ephemeralAuthentication';
 export type { DSGOpts } from './viemSigner';
@@ -17,6 +18,8 @@ export { EOAAuth, EphAuth, PasskeyAuth, PasskeyRegister } from './auth/authentic
 export { generateEphPrivateKey, getEphPublicKey, EphKeyClaim } from './auth/ephemeralAuthentication';
 export { computeAddress } from './viemSigner';
 export { KeygenSetupOpts, InitPresignOpts, FinishPresignOpts, SignSetupOpts } from './setupMessage';
+export { UpdatePolicyRequest, DeletePolicyRequest } from './client/networkRequest';
+export * from './policy';
 import { SignRequestBuilder } from './builder/signRequest';
 import { UserSignatures } from './builder/userAuth';
 import { NetworkSigner } from './client/networkSigner';
@@ -26,7 +29,18 @@ import { EOAAuth, EphAuth, PasskeyAuth, PasskeyRegister } from './auth/authentic
 import { generateEphPrivateKey, getEphPublicKey, EphKeyClaim } from './auth/ephemeralAuthentication';
 import { computeAddress } from './viemSigner';
 import { KeygenSetupOpts, InitPresignOpts, FinishPresignOpts, SignSetupOpts } from './setupMessage';
+import { UpdatePolicyRequest, DeletePolicyRequest } from './client/networkRequest';
+import * as policy from './policy';
 declare const _default: {
+    IssuerType: typeof policy.IssuerType;
+    Action: typeof policy.Action;
+    Logic: typeof policy.Logic;
+    ChainType: typeof policy.ChainType;
+    TransactionType: typeof policy.TransactionType;
+    TransactionAttribute: typeof policy.TransactionAttribute;
+    Operator: typeof policy.Operator;
+    Rule: typeof policy.Rule;
+    Policy: typeof policy.Policy;
     KeygenSetupOpts: typeof KeygenSetupOpts;
     InitPresignOpts: typeof InitPresignOpts;
     FinishPresignOpts: typeof FinishPresignOpts;
@@ -46,5 +60,7 @@ declare const _default: {
     EphKeyClaim: typeof EphKeyClaim;
     computeAddress: typeof computeAddress;
     flattenSignature: (signgenResponse: import(".").SignResponse) => `0x${string}`;
+    UpdatePolicyRequest: typeof UpdatePolicyRequest;
+    DeletePolicyRequest: typeof DeletePolicyRequest;
 };
 export default _default;