@silencelaboratories/walletprovider-sdk 1.7.0 → 4.0.1-hackathon

package/dist/index.esm.js

@@ -1,4 +1,4 @@
-var Ce=Object.defineProperty,Ke=Object.defineProperties;var Ie=Object.getOwnPropertyDescriptors;var pe=Object.getOwnPropertySymbols;var Ue=Object.prototype.hasOwnProperty,qe=Object.prototype.propertyIsEnumerable;var Y=(n,e,t)=>e in n?Ce(n,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):n[e]=t,y=(n,e)=>{for(var t in e||(e={}))Ue.call(e,t)&&Y(n,t,e[t]);if(pe)for(var t of pe(e))qe.call(e,t)&&Y(n,t,e[t]);return n},M=(n,e)=>Ke(n,Ie(e));var c=(n,e,t)=>Y(n,typeof e!="symbol"?e+"":e,t);import{canonicalize as Te}from"json-canonicalize";var d=(n,e)=>{g(typeof e!="string","".concat(n," must be string")),g((e==null?void 0:e.trim().length)===0,"".concat(n," cannot be empty"))},he=(n,e)=>{if(g(!(n instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")g(n.length!==65,"secp256k1: key length must be 65 bytes, got "+n.length);else if(e==="ed25519")g(n.length!==32,"ed25519: key length must be 32 bytes, got "+n.length);else throw new Error("Invalid signature algorithm")},le=(n,e)=>{if(g(!(n instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")g(n.length!==32,"secp256k1: key length must be 32 bytes, got "+n.length);else if(e==="ed25519")g(n.length!==32,"ed25519: key length must be 32 bytes, got "+n.length);else throw new Error("Invalid signature algorithm")},de=n=>{g(n!=="ed25519"&&n!=="secp256k1",'signAlg must be either "ed25519" or "secp256k"')},g=(n,e)=>{if(n)throw new Error(e)},Oe=(n,e)=>"Invalid payload ".concat(JSON.stringify(n),", cannot be authenticated by ").concat(e.toLocaleUpperCase()," method."),$=(n,e,t)=>{g(!e.some(r=>n instanceof r),Oe(n,t))};var U=class{constructor(){c(this,"signRequest",new Map)}setRequest(e,t,r){if(d("transactionId",e),d("message",t),d("requestType",r),this.signRequest.has(e))throw new Error("Transaction ID ".concat(e," is already set."));return this.signRequest.set(e,{signingMessage:t,requestType:r}),this}build(){let e={};if(this.signRequest.forEach((t,r)=>{e[r]=t}),Object.keys(e).length===0)throw new Error("No sign request is set.");return Te(e)}};import{canonicalize as we}from"json-canonicalize";import{Base64 as We}from"js-base64";function Me(n){return n instanceof Uint8Array||ArrayBuffer.isView(n)&&n.constructor.name==="Uint8Array"}function Z(n,...e){if(!Me(n))throw new Error("Uint8Array expected");if(e.length>0&&!e.includes(n.length))throw new Error("Uint8Array expected of length "+e+", got length="+n.length)}function ee(n,e=!0){if(n.destroyed)throw new Error("Hash instance has been destroyed");if(e&&n.finished)throw new Error("Hash#digest() has already been called")}function ge(n,e){Z(n);let t=e.outputLen;if(n.length<t)throw new Error("digestInto() expects output buffer of length at least "+t)}var H=n=>new DataView(n.buffer,n.byteOffset,n.byteLength),f=(n,e)=>n<<32-e|n>>>e;function $e(n){if(typeof n!="string")throw new Error("utf8ToBytes expected string, got "+typeof n);return new Uint8Array(new TextEncoder().encode(n))}function te(n){return typeof n=="string"&&(n=$e(n)),Z(n),n}var _=class{clone(){return this._cloneInto()}};function ye(n){let e=r=>n().update(te(r)).digest(),t=n();return e.outputLen=t.outputLen,e.blockLen=t.blockLen,e.create=()=>n(),e}function Ne(n,e,t,r){if(typeof n.setBigUint64=="function")return n.setBigUint64(e,t,r);let s=BigInt(32),o=BigInt(4294967295),i=Number(t>>s&o),a=Number(t&o),u=r?4:0,p=r?0:4;n.setUint32(e+u,i,r),n.setUint32(e+p,a,r)}var fe=(n,e,t)=>n&e^~n&t,me=(n,e,t)=>n&e^n&t^e&t,J=class extends _{constructor(e,t,r,s){super(),this.blockLen=e,this.outputLen=t,this.padOffset=r,this.isLE=s,this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.buffer=new Uint8Array(e),this.view=H(this.buffer)}update(e){ee(this);let{view:t,buffer:r,blockLen:s}=this;e=te(e);let o=e.length;for(let i=0;i<o;){let a=Math.min(s-this.pos,o-i);if(a===s){let u=H(e);for(;s<=o-i;i+=s)this.process(u,i);continue}r.set(e.subarray(i,i+a),this.pos),this.pos+=a,i+=a,this.pos===s&&(this.process(t,0),this.pos=0)}return this.length+=e.length,this.roundClean(),this}digestInto(e){ee(this),ge(e,this),this.finished=!0;let{buffer:t,view:r,blockLen:s,isLE:o}=this,{pos:i}=this;t[i++]=128,this.buffer.subarray(i).fill(0),this.padOffset>s-i&&(this.process(r,0),i=0);for(let h=i;h<s;h++)t[h]=0;Ne(r,s-8,BigInt(this.length*8),o),this.process(r,0);let a=H(e),u=this.outputLen;if(u%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let p=u/4,l=this.get();if(p>l.length)throw new Error("_sha2: outputLen bigger than state");for(let h=0;h<p;h++)a.setUint32(4*h,l[h],o)}digest(){let{buffer:e,outputLen:t}=this;this.digestInto(e);let r=e.slice(0,t);return this.destroy(),r}_cloneInto(e){e||(e=new this.constructor),e.set(...this.get());let{blockLen:t,buffer:r,length:s,finished:o,destroyed:i,pos:a}=this;return e.length=s,e.pos=a,e.finished=o,e.destroyed=i,s%t&&e.buffer.set(r),e}};var Ve=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),A=new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),b=new Uint32Array(64),re=class extends J{constructor(){super(64,32,8,!1),this.A=A[0]|0,this.B=A[1]|0,this.C=A[2]|0,this.D=A[3]|0,this.E=A[4]|0,this.F=A[5]|0,this.G=A[6]|0,this.H=A[7]|0}get(){let{A:e,B:t,C:r,D:s,E:o,F:i,G:a,H:u}=this;return[e,t,r,s,o,i,a,u]}set(e,t,r,s,o,i,a,u){this.A=e|0,this.B=t|0,this.C=r|0,this.D=s|0,this.E=o|0,this.F=i|0,this.G=a|0,this.H=u|0}process(e,t){for(let h=0;h<16;h++,t+=4)b[h]=e.getUint32(t,!1);for(let h=16;h<64;h++){let T=b[h-15],I=b[h-2],ue=f(T,7)^f(T,18)^T>>>3,X=f(I,17)^f(I,19)^I>>>10;b[h]=X+b[h-7]+ue+b[h-16]|0}let{A:r,B:s,C:o,D:i,E:a,F:u,G:p,H:l}=this;for(let h=0;h<64;h++){let T=f(a,6)^f(a,11)^f(a,25),I=l+T+fe(a,u,p)+Ve[h]+b[h]|0,X=(f(r,2)^f(r,13)^f(r,22))+me(r,s,o)|0;l=p,p=u,u=a,a=i+I|0,i=o,o=s,s=r,r=I+X|0}r=r+this.A|0,s=s+this.B|0,o=o+this.C|0,i=i+this.D|0,a=a+this.E|0,u=u+this.F|0,p=p+this.G|0,l=l+this.H|0,this.set(r,s,o,i,a,u,p,l)}roundClean(){b.fill(0)}destroy(){this.set(0,0,0,0,0,0,0,0),this.buffer.fill(0)}};var ne=ye(()=>new re);import{stringToBytes as De,toHex as Be}from"viem";var S=n=>We.fromUint8Array(new Uint8Array(n),!0),se=n=>{let e=De(n),t=ne(ne(e));return Be(t,{size:32}).slice(2)};var R=class{constructor(e,t){c(this,"userAuthentications");c(this,"authModule");c(this,"apiVersion");this.authModule=e,this.userAuthentications=new Map,this.apiVersion=t}async setDefaultAuth(e,t){let r=await this.authModule.authenticate({payload:e,challenge:t!=null?t:se(we(e))});this.userAuthentications.set("default",r)}async setKeygenUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for keygen");for(let r of e){let s=r.signAlg,o=t?t[s]:se(we(r));if(o){let i=await this.authModule.authenticate({payload:r,challenge:o});this.userAuthentications.set(s,i)}else throw new Error("no final challenge found in response for ".concat(s))}}async setSigngenUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for signgen v1");await this.setDefaultAuth(e,t)}async setAddEphKeyUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for add ephemeral key v1");await this.setDefaultAuth(e,t)}async setRevokeEphKeyUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for revoke ephemeral key v1");await this.setDefaultAuth(e,t)}async setRegisterPasskeyUserSigs(e,t){if(!t)throw new Error("missing challenge response for registerPasskey");await this.setDefaultAuth(e,t)}async setKeyRefreshUserSigs(e,t){if(!t)throw new Error("missing challenge response for keyRefresh");await this.setDefaultAuth(e,t)}async setFinishPresignUserSigs(e,t){await this.setDefaultAuth(e,t)}async build(e,t,r){if(e==="keygen"){let s=r?JSON.parse(r):void 0;await this.setKeygenUserSigs(t,s)}else e==="signgen"?await this.setSigngenUserSigs(t,r):e==="addEphemeralKey"?await this.setAddEphKeyUserSigs(t,r):e==="revokeEphemeralKey"?await this.setRevokeEphKeyUserSigs(t,r):e==="registerPasskey"?await this.setRegisterPasskeyUserSigs(t,r):e==="keyRefresh"?await this.setKeyRefreshUserSigs(t,r):e==="finishPresign"&&await this.setFinishPresignUserSigs(t,r);return Object.fromEntries(this.userAuthentications)}};var ie=n=>{let{sign:e,recid:t}=n,r=(27+t).toString(16);return"0x".concat(e).concat(r)};var x=class{constructor(e,t){c(this,"key_id");c(this,"eph_claim");d("keyId",e),this.key_id=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"RevokeEphKeyRequest"},{name:"challenge",type:"string"}],RevokeEphKeyRequest:[{name:"key_id",type:"string"},{name:"eph_claim",type:"string"}]}}},v=class{constructor(e,t){c(this,"key_id_list");c(this,"eph_claim");for(let r of e)d("keyId",r);this.key_id_list=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"AddEphKeyRequest"},{name:"challenge",type:"string"}],AddEphKeyRequest:[{name:"key_id_list",type:"string[]"},{name:"eph_claim",type:"string"}]}}},q=class{constructor(e){c(this,"options");d("options",e),this.options=e}},k=class{constructor({t:e,keyId:t,signAlg:r}){c(this,"t");c(this,"key_id");c(this,"sign_alg");d("keyId",t),d("signAlg",r),this.t=e,this.key_id=t,this.sign_alg=r}get eoaRequestSchema(){return{Request:[{name:"setup",type:"KeyRefreshRequest"},{name:"challenge",type:"string"}],KeyRefreshRequest:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"sign_alg",type:"string"}]}}};var Fe=[{name:"tag",type:"uint16"},{name:"value",type:"string"}],w=class{constructor({t:e,n:t,ephClaim:r,permissions:s,signAlg:o}){c(this,"t");c(this,"n");c(this,"ephClaim");c(this,"metadata");c(this,"signAlg");d("signAlg",o),this.t=e,this.n=t,this.signAlg=o,this.ephClaim=r==null?void 0:r.toJSON(),this.metadata=[],s&&this.metadata.push({tag:1,value:s})}get eoaRequestSchema(){return{Request:[{name:"setup",type:"KeygenSetupOpts"},{name:"challenge",type:"string"}],KeygenSetupOpts:this.ephClaim?[{name:"t",type:"uint32"},{name:"n",type:"uint32"},{name:"ephClaim",type:"string"},{name:"metadata",type:"TaggedValue[]"}]:[{name:"t",type:"uint32"},{name:"n",type:"uint32"},{name:"metadata",type:"TaggedValue[]"}],TaggedValue:Fe}}},m=class{constructor({t:e,key_id:t,signAlg:r,message:s}){c(this,"t");c(this,"key_id");c(this,"message");c(this,"signAlg");d("keyId",t),d("signAlg",r),d("message",s),this.t=e,this.key_id=t,this.message=s,this.signAlg=r}get eoaRequestSchema(){return{Request:[{name:"setup",type:"SignSetupOpts"},{name:"challenge",type:"string"}],SignSetupOpts:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"signAlg",type:"string"},{name:"message",type:"string"}]}}},N=class{constructor({amount:e,keyId:t,t:r,expiryInSecs:s}){c(this,"amount");c(this,"key_id");c(this,"t");c(this,"expiry");if(e<=0)throw new Error("Amount must be greater than 0");d("keyId",t),this.amount=e,this.key_id=t,this.t=r,this.expiry=s!=null?s:Math.floor(Date.now()/1e3)+7*24*3600}},P=class{constructor({presignSessionId:e,message:t}){c(this,"presignSessionId");c(this,"message");d("presignSessionId",e),d("message",t),this.presignSessionId=e,this.message=t}get eoaRequestSchema(){return{Request:[{name:"setup",type:"FinishPresignOpts"},{name:"challenge",type:"string"}],FinishPresignOpts:[{name:"presignSessionId",type:"string"},{name:"message",type:"string"}]}}};var Le={name:"SilentShard authentication",version:"0.1.0"},_e=[{name:"name",type:"string"},{name:"version",type:"string"}];function He(n,e){let t={setup:n,challenge:e};return{types:y({EIP712Domain:_e},n.eoaRequestSchema),domain:Le,primaryType:"Request",message:t}}async function Se({setup:n,eoa:e,challenge:t,browserWallet:r}){let s=He(n,t),o=await r.signTypedData(e,s);return{credentials:{credentials:"",method:"eoa",id:e},signature:o}}import{Base64 as Pe}from"js-base64";import{hexToBytes as Ae}from"viem";import{canonicalize as G}from"json-canonicalize";async function be({user:n,challenge:e,rpConfig:t}){let r=Ae("0x".concat(e),{size:32}),s={publicKey:{authenticatorSelection:{residentKey:"preferred",userVerification:"required"},challenge:r,excludeCredentials:[],pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],rp:{name:t.rpName,id:t.rpId},user:M(y({},n),{id:Pe.toUint8Array(n.id)})}},o=await navigator.credentials.create(s);if(o===null)throw new Error("No credential returned");let i=S(o.response.attestationObject),u={rawCredential:G({authenticatorAttachment:o.authenticatorAttachment,id:o.id,rawId:S(o.rawId),response:{attestationObject:i,clientDataJSON:S(o.response.clientDataJSON)},type:o.type}),origin:t.rpName,rpId:t.rpId};return{credentials:{credentials:"",method:"passkey",id:o.id},signature:G(u)}}async function Re({challenge:n,allowCredentialId:e,rpConfig:t}){let r=Ae("0x".concat(n),{size:32}),s=e?[{type:"public-key",id:Pe.toUint8Array(e)}]:[],o={publicKey:{userVerification:"required",challenge:r,allowCredentials:s}},i=await navigator.credentials.get(o);if(i===null)throw new Error("Failed to get navigator credentials");let a=i.response,u=a.userHandle;if(u===null)throw new Error("User handle cannot be null");let p=S(a.signature),h={rawCredential:G({authenticatorAttachment:i.authenticatorAttachment,id:i.id,rawId:S(i.rawId),response:{authenticatorData:S(a.authenticatorData),clientDataJSON:S(a.clientDataJSON),signature:p,userHandle:S(u)},type:i.type}),origin:t.rpName,rpId:t.rpId};return{credentials:{credentials:"",method:"passkey",id:i.id},signature:G(h)}}import{toHex as z}from"viem";import{ed25519 as oe}from"@noble/curves/ed25519";import{secp256k1 as xe}from"@noble/curves/secp256k1";import{signMessage as Je}from"viem/accounts";import{canonicalize as Ee}from"json-canonicalize";var C=class n{constructor(e,t,r,s=Math.floor(Date.now()/1e3)+3600){c(this,"ephId");c(this,"ephPK");c(this,"signAlg");c(this,"expiry");this.validateInputs(e,t,r,s),this.ephId=e,this.ephPK=z(t),this.signAlg=r,this.expiry=s}validateInputs(e,t,r,s){d("ephId",e),he(t,r),g(Number.isInteger(s)===!1,"expiry must be an integer");let o=Math.floor(Date.now()/1e3),i=s-o,a=i>0&&i<=365*24*60*60;g(!a,"lifetime must be greater than 0 and less than or equal to 365 days expiry - now ".concat(i,", expiry ").concat(s," now secs ").concat(o))}toJSON(){return Ee({ephId:this.ephId,ephPK:this.ephPK,expiry:this.expiry,signAlg:this.signAlg})}static generateKeys(e,t){let r=j(e),s=O(r,e),o=new n(z(s),s,e,t);return{privKey:r,pubKey:s,ephClaim:o}}};async function ve({setup:n,challenge:e,ephSK:t,ephClaim:r}){let s={setup:n,challenge:e},o=new TextEncoder().encode(Ee(s)),i=await Ge(o,t,r.signAlg);return{credentials:{credentials:r.toJSON(),method:"ephemeral",id:r.ephId},signature:i}}async function Ge(n,e,t){switch(t){case"ed25519":return z(oe.sign(n,e));case"secp256k1":return await Je({message:{raw:n},privateKey:z(e)});default:throw new Error("Invalid signature algorithm")}}function j(n){switch(n){case"ed25519":return oe.utils.randomPrivateKey();case"secp256k1":return xe.utils.randomPrivateKey();default:throw new Error("Invalid signature algorithm")}}function O(n,e){switch(e){case"ed25519":return oe.getPublicKey(n);case"secp256k1":return xe.getPublicKey(n,!1);default:throw new Error("Invalid signature algorithm")}}import{isAddress as ze}from"viem";var V=class{constructor(e,t){c(this,"browserWallet");c(this,"eoa");this.validateInputs(e,t),this.browserWallet=t,this.eoa=e}validateInputs(e,t){g(!ze(e),"invalid Ethereum address format"),g(!((t==null?void 0:t.signTypedData)instanceof Function),"invalid browserWallet")}async authenticate({payload:e,challenge:t}){return $(e,[w,k,v,x,m,P],"eoa"),await Se({setup:e,eoa:this.eoa,challenge:t,browserWallet:this.browserWallet})}},W=class{constructor(e,t,r){c(this,"ephSK");c(this,"ephClaim");le(t,r),this.ephSK=t;let s=O(this.ephSK,r);this.ephClaim=new C(e,s,r)}async authenticate({payload:e,challenge:t}){return $(e,[m,x,P],"ephemeral"),await ve({setup:e,challenge:t,ephSK:this.ephSK,ephClaim:this.ephClaim})}},K=class{constructor(e,t){c(this,"rpConfig");c(this,"allowCredentialId");this.rpConfig=e,this.allowCredentialId=t}async authenticate({payload:e,challenge:t}){return $(e,[w,v,x,m,P,k],"passkey"),await Re({allowCredentialId:this.allowCredentialId,challenge:t,rpConfig:this.rpConfig})}},D=class{constructor(e,t){c(this,"rpConfig");c(this,"user");this.rpConfig=e,this.user=t}async authenticate({payload:e,challenge:t}){return $(e,[q],"passkey"),await be({user:this.user,challenge:t,rpConfig:this.rpConfig})}};import{canonicalize as Q}from"json-canonicalize";var B=class{constructor(e){c(this,"walletProviderUrl");c(this,"apiVersion","v1");this.walletProviderUrl="".concat(e.walletProviderUrl,"/").concat(e.apiVersion),this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("keygen",e,t).then(s=>{try{return JSON.parse(s)}catch(o){throw new Error("Failed to parse keygen response: ".concat(s))}})}async startKeyRefresh({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e,t).then(s=>{try{return JSON.parse(s)}catch(o){throw new Error("Failed to parse key refresh response: ".concat(s))}})}async startSigngen({setup:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("signgen",e,t).then(s=>{try{return JSON.parse(s)}catch(o){throw new Error("Failed to parse signgen response: ".concat(s))}})}async addEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("addEphemeralKey",e,t).then(s=>{try{return JSON.parse(s)}catch(o){throw new Error("Failed to parse add ephemeral key response: ".concat(s))}})}async revokeEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("revokeEphemeralKey",e,t).then(s=>({status:s}))}async registerPasskey({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Passkey registration is not supported in v2 API");return this.connect.bind(this)("registerPasskey",e,t).then(s=>({passkeyCredentialId:s}))}connect(e,t,r){return new Promise((s,o)=>{let i=new WebSocket("".concat(this.walletProviderUrl,"/").concat(e)),a=0;return console.debug("Connecting to ",i.url),i.addEventListener("open",u=>{switch(console.debug("Connection opened in state ".concat(a," with event ").concat(JSON.stringify(u,void 0,"	"))),a){case 0:{a=1;try{let p=Q({payload:t});console.debug("Sending request:",p),i.send(p)}catch(p){this.finishWithError(i,a,p,"open event",o)}break}case 1:case 2:this.finishWithError(i,a,"Unexpected message in state waitingForResult.","open event",o);break;case 3:break}}),i.addEventListener("message",async u=>{switch(console.debug("Connection message in state ".concat(a," with event data ").concat(JSON.stringify(u.data,void 0,"	"))),a){case 0:this.finishWithError(i,a,"Unexpected message in state initiated.","message event",o);break;case 1:{a=2;try{let p=u.data,l=await new R(r,this.apiVersion).build(e,t,p);i.send(Q(l))}catch(p){this.finishWithError(i,a,p,"message event",o)}break}case 2:{a=3,i.close(),s(u.data);break}case 3:break}}),i.addEventListener("error",u=>{this.finishWithError(i,a,"Connection encountered an error event: ".concat(JSON.stringify(u,void 0,"	")),"error event",o)}),i.addEventListener("close",u=>{let p=u.reason||"No specific reason provided.",l=u.code;console.debug("Connection closed. State: ".concat(a,", Code: ").concat(l,", Reason: '").concat(p,"'"));let h=l>=4e3?"Application Error ".concat(l,": ").concat(p):l===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":"WebSocket Closed Unexpectedly (Code ".concat(l,"): ").concat(p);this.finishWithError(i,a,new Error(h),"close event",o)}),()=>{(i.readyState===WebSocket.OPEN||i.readyState===WebSocket.CONNECTING)&&i.close(1001,"Cleanup/Unmount")}})}connectV2(e,t,r){return new Promise((s,o)=>{let i=new WebSocket("".concat(this.walletProviderUrl,"/").concat(e)),a=0;return console.debug("Connecting to ",i.url),i.addEventListener("open",async u=>{switch(console.debug("Connection opened in state ".concat(a," with event ").concat(JSON.stringify(u,void 0,"	"))),a){case 0:a=2;try{let p=await new R(r,this.apiVersion).build(e,t);i.send(Q({payload:t,userSigs:p}))}catch(p){this.finishWithError(i,a,p,"open event",o)}break;case 2:a=3,this.finishWithError(i,a,"Unexpected message in state waitingForResult.","open event",o);break;case 3:break}}),i.addEventListener("message",async u=>{switch(console.debug("Connection message in state ".concat(a," with event ").concat(JSON.stringify(u,void 0,"	"))),a){case 0:this.finishWithError(i,a,"Unexpected message in state initiated.","message event",o);break;case 2:{a=3,i.close(),s(u.data);break}case 3:break}}),i.addEventListener("error",u=>{this.finishWithError(i,a,"Connection encountered an error event: ".concat(JSON.stringify(u,void 0,"	")),"error event",o)}),i.addEventListener("close",u=>{let p=u.reason||"No specific reason provided.",l=u.code;console.debug("Connection closed. State: ".concat(a,", Code: ").concat(l,", Reason: '").concat(p,"'"));let h=l>=4e3?"Application Error ".concat(l,": ").concat(p):l===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":"WebSocket Closed Unexpectedly (Code ".concat(l,"): ").concat(p);this.finishWithError(i,a,new Error(h),"close event",o)}),()=>{(i.readyState===WebSocket.OPEN||i.readyState===WebSocket.CONNECTING)&&i.close(1001,"Cleanup/Unmount")}})}finishWithError(e,t,r,s,o){t!==3&&(console.error("Error from ".concat(s," in state ").concat(t,":"),r),t=3,o(r instanceof Error?r:new Error(String(r)))),e.readyState===WebSocket.OPEN&&e.close(1e3,"Protocol run failed. Client attempted to close connection in state ".concat(t))}},E=class{constructor(e){c(this,"walletProviderUrl");c(this,"apiVersion","v1");this.walletProviderUrl="".concat(e.walletProviderUrl,"/").concat(e.apiVersion),this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e}){return this.connect.bind(this)("keygen",e).then(r=>{try{return JSON.parse(r)}catch(s){throw new Error("Failed to parse keygen response: ".concat(r))}})}async startSigngen({setup:e}){return this.connect.bind(this)("signgen",e).then(r=>{try{return JSON.parse(r)}catch(s){throw new Error("Failed to parse signgen response: ".concat(r))}})}async startKeyRefresh({payload:e}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e).then(r=>{try{return JSON.parse(r)}catch(s){throw new Error("Failed to parse key refresh response: ".concat(r))}})}connect(e,t){return new Promise((r,s)=>{let o=0,i=new WebSocket("".concat(this.walletProviderUrl,"/").concat(e));i.addEventListener("open",async a=>{switch(console.debug("Connection opened in state ".concat(o," with event ").concat(JSON.stringify(a,void 0,"	"))),o){case 0:o=2;try{i.send(Q({payload:t}))}catch(u){s(u)}break;case 2:o=3,s("Incorrect protocol state");break;case 3:break}}),i.addEventListener("message",async a=>{switch(console.debug("Connection message in state ".concat(o," with event ").concat(JSON.stringify(a,void 0,"	"))),o){case 0:o=3,s("Incorrect protocol state");break;case 2:{o=3,i.close(),r(a.data);break}case 3:break}}),i.addEventListener("error",a=>{console.debug("Connection error in state ".concat(o," with event ").concat(JSON.stringify(a,void 0,"	"))),o!=3&&(o=3,s("Incorrect protocol state"))}),i.addEventListener("close",a=>{console.debug("Connection closed in state ".concat(o," with event ").concat(JSON.stringify(a,void 0,"	"))),o!=3&&(o=3,s("Incorrect protocol state"))})})}};var F=class{constructor(e,t){c(this,"authModule");c(this,"wpClient");if(!t&&!(e instanceof E))throw new Error("missing authModule for wallet provider client in auth mode");if(t&&e instanceof E)throw new Error("authModule is required but using wallet provider client in no-auth mode");this.authModule=t,this.wpClient=e}validateQuorumSetup({threshold:e,totalNodes:t}){e&&g(e<2,"Threshold = ".concat(e," must be at least 2")),e&&t&&g(t<e,"Total nodes = ".concat(t," must be greater or equal to threshold = ").concat(e))}async generateKey(e,t,r,s,o){this.validateQuorumSetup({threshold:e,totalNodes:t});let i=r.map(a=>new w({t:e,n:t,ephClaim:s,permissions:o,signAlg:a}));return this.authModule?await this.wpClient.startKeygen({setups:i,authModule:this.authModule}):await this.wpClient.startKeygen({setups:i})}async signMessage(e,t,r,s){this.validateQuorumSetup({threshold:e}),de(r);let o=new m({t:e,key_id:t,signAlg:r,message:s});if(this.authModule){if(this.authModule instanceof K&&new Map(Object.entries(JSON.parse(s))).size>1)throw new Error("For Passkey Authentication only one message in signing request is supported");return await this.wpClient.startSigngen({setup:o,authModule:this.authModule})}else return await this.wpClient.startSigngen({setup:o})}async refreshKey(e,t,r){let s=new k({t:e,keyId:t,signAlg:r});return this.authModule?await this.wpClient.startKeyRefresh({payload:s,authModule:this.authModule}):await this.wpClient.startKeyRefresh({payload:s})}async addEphemeralKey(e,t){let r=new v(e,t);if(!this.authModule)throw new Error("Add ephemeral key is not supported in no auth mode");return await this.wpClient.addEphemeralKey({payload:r,authModule:this.authModule})}async revokeEphemeralKey(e,t){d("keyId",e);let r=new x(e,t);if(!this.authModule)throw new Error("Revoke ephemeral key is not supported in no auth mode");return await this.wpClient.revokeEphemeralKey({payload:r,authModule:this.authModule})}async registerPasskey(e){let t=new q(e!=null?e:"passkey options");if(!this.authModule)throw new Error("Register passkey is not supported in no auth mode");return await this.wpClient.registerPasskey({payload:t,authModule:this.authModule})}};import{canonicalize as je}from"json-canonicalize";var ae=class extends Error{constructor(t,r,s){super(s||r);this.status=t;this.statusText=r;this.name="HttpError"}},L=class{constructor(e="",t={}){c(this,"baseURL");c(this,"defaultHeaders");this.baseURL=e,this.validateHeaders(t),this.defaultHeaders=y({"Content-Type":"application/json"},t)}validateHeaders(e){if(typeof e!="object"||e===null)throw new Error("Headers must be an object.");for(let[t,r]of Object.entries(e))if(typeof t!="string"||typeof r!="string")throw new Error("Invalid header: ".concat(t,". Header names and values must be strings."))}setDefaultHeaders(e){this.defaultHeaders=y(y({},this.defaultHeaders),e)}buildUrl(e){return"".concat(this.baseURL).concat(e)}async handleResponse(e){if(!e.ok){let r;try{r=(await e.json()).message||e.statusText}catch(s){r=e.statusText}throw new ae(e.status,e.statusText,r)}let t=e.headers.get("content-type");return t&&t.includes("application/json")?e.json():e.text()}async request(e,t,r,s={}){let o=this.buildUrl(t),i=y(y({},this.defaultHeaders),s.headers),a=M(y({method:e,headers:i},s),{body:r?je(r):null}),u=await fetch(o,a);return this.handleResponse(u)}async get(e,t){return this.request("GET",e,void 0,t)}async post(e,t,r){return this.request("POST",e,t,r)}async put(e,t,r){return this.request("PUT",e,t,r)}async patch(e,t,r){return this.request("PATCH",e,t,r)}async delete(e,t){return this.request("DELETE",e,void 0,t)}};import{publicKeyToAddress as ke,toAccount as br}from"viem/accounts";import{secp256k1 as Qe}from"@noble/curves/secp256k1";import{hashMessage as vr,hashTypedData as kr,keccak256 as Cr,serializeSignature as Kr,serializeTransaction as Ir,toHex as qr}from"viem";import{Base64 as Tr}from"js-base64";function ce(n){if(n.startsWith("0x")&&(n=n.slice(2)),n.startsWith("04"))return ke("0x".concat(n," "));if(n.startsWith("02")||n.startsWith("03")){let e=Qe.ProjectivePoint.fromHex(n).toHex(!1);return ke("0x".concat(e))}else throw new Error("Invalid public key")}var zr={KeygenSetupOpts:w,InitPresignOpts:N,FinishPresignOpts:P,SignSetupOpts:m,UserSignatures:R,NetworkSigner:F,SignRequestBuilder:U,WalletProviderServiceClient:B,NoAuthWalletProviderServiceClient:E,HttpClient:L,EOAAuth:V,EphAuth:W,PasskeyAuth:K,PasskeyRegister:D,generateEphPrivateKey:j,getEphPublicKey:O,EphKeyClaim:C,computeAddress:ce,flattenSignature:ie};export{V as EOAAuth,W as EphAuth,C as EphKeyClaim,P as FinishPresignOpts,L as HttpClient,N as InitPresignOpts,w as KeygenSetupOpts,F as NetworkSigner,E as NoAuthWalletProviderServiceClient,K as PasskeyAuth,D as PasskeyRegister,U as SignRequestBuilder,m as SignSetupOpts,R as UserSignatures,B as WalletProviderServiceClient,ce as computeAddress,zr as default,ie as flattenSignature,j as generateEphPrivateKey,O as getEphPublicKey};
+var Pe=Object.defineProperty,Le=Object.defineProperties;var Je=Object.getOwnPropertyDescriptors;var we=Object.getOwnPropertySymbols;var He=Object.prototype.hasOwnProperty,Ge=Object.prototype.propertyIsEnumerable;var se=(s,e,t)=>e in s?Pe(s,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):s[e]=t,m=(s,e)=>{for(var t in e||(e={}))He.call(e,t)&&se(s,t,e[t]);if(we)for(var t of we(e))Ge.call(e,t)&&se(s,t,e[t]);return s},V=(s,e)=>Le(s,Je(e));var ze=(s,e)=>{for(var t in e)Pe(s,t,{get:e[t],enumerable:!0})};var c=(s,e,t)=>se(s,typeof e!="symbol"?e+"":e,t);import{canonicalize as Qe}from"json-canonicalize";var h=(s,e)=>{g(typeof e!="string","".concat(s," must be string")),g((e==null?void 0:e.trim().length)===0,"".concat(s," cannot be empty"))},Se=(s,e)=>{if(g(!(s instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")g(s.length!==65,"secp256k1: key length must be 65 bytes, got "+s.length);else if(e==="ed25519")g(s.length!==32,"ed25519: key length must be 32 bytes, got "+s.length);else throw new Error("Invalid signature algorithm")},Re=(s,e)=>{if(g(!(s instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")g(s.length!==32,"secp256k1: key length must be 32 bytes, got "+s.length);else if(e==="ed25519")g(s.length!==32,"ed25519: key length must be 32 bytes, got "+s.length);else throw new Error("Invalid signature algorithm")},Ae=s=>{g(s!=="ed25519"&&s!=="secp256k1",'signAlg must be either "ed25519" or "secp256k"')},g=(s,e)=>{if(s)throw new Error(e)},je=(s,e)=>"Invalid payload ".concat(JSON.stringify(s),", cannot be authenticated by ").concat(e.toLocaleUpperCase()," method."),W=(s,e,t)=>{g(!e.some(r=>s instanceof r),je(s,t))};var N=class{constructor(){c(this,"signRequest",new Map)}setRequest(e,t,r){if(h("transactionId",e),h("message",t),h("requestType",r),this.signRequest.has(e))throw new Error("Transaction ID ".concat(e," is already set."));return this.signRequest.set(e,{signingMessage:t,requestType:r}),this}build(){let e={};if(this.signRequest.forEach((t,r)=>{e[r]=t}),Object.keys(e).length===0)throw new Error("No sign request is set.");return Qe(e)}};import{canonicalize as ke}from"json-canonicalize";import{Base64 as tt}from"js-base64";function Xe(s){return s instanceof Uint8Array||ArrayBuffer.isView(s)&&s.constructor.name==="Uint8Array"}function ne(s,...e){if(!Xe(s))throw new Error("Uint8Array expected");if(e.length>0&&!e.includes(s.length))throw new Error("Uint8Array expected of length "+e+", got length="+s.length)}function ie(s,e=!0){if(s.destroyed)throw new Error("Hash instance has been destroyed");if(e&&s.finished)throw new Error("Hash#digest() has already been called")}function xe(s,e){ne(s);let t=e.outputLen;if(s.length<t)throw new Error("digestInto() expects output buffer of length at least "+t)}var j=s=>new DataView(s.buffer,s.byteOffset,s.byteLength),f=(s,e)=>s<<32-e|s>>>e;function Ye(s){if(typeof s!="string")throw new Error("utf8ToBytes expected string, got "+typeof s);return new Uint8Array(new TextEncoder().encode(s))}function oe(s){return typeof s=="string"&&(s=Ye(s)),ne(s),s}var z=class{clone(){return this._cloneInto()}};function be(s){let e=r=>s().update(oe(r)).digest(),t=s();return e.outputLen=t.outputLen,e.blockLen=t.blockLen,e.create=()=>s(),e}function Ze(s,e,t,r){if(typeof s.setBigUint64=="function")return s.setBigUint64(e,t,r);let n=BigInt(32),i=BigInt(4294967295),o=Number(t>>n&i),a=Number(t&i),l=r?4:0,u=r?0:4;s.setUint32(e+l,o,r),s.setUint32(e+u,a,r)}var Ee=(s,e,t)=>s&e^~s&t,ve=(s,e,t)=>s&e^s&t^e&t,Q=class extends z{constructor(e,t,r,n){super(),this.blockLen=e,this.outputLen=t,this.padOffset=r,this.isLE=n,this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.buffer=new Uint8Array(e),this.view=j(this.buffer)}update(e){ie(this);let{view:t,buffer:r,blockLen:n}=this;e=oe(e);let i=e.length;for(let o=0;o<i;){let a=Math.min(n-this.pos,i-o);if(a===n){let l=j(e);for(;n<=i-o;o+=n)this.process(l,o);continue}r.set(e.subarray(o,o+a),this.pos),this.pos+=a,o+=a,this.pos===n&&(this.process(t,0),this.pos=0)}return this.length+=e.length,this.roundClean(),this}digestInto(e){ie(this),xe(e,this),this.finished=!0;let{buffer:t,view:r,blockLen:n,isLE:i}=this,{pos:o}=this;t[o++]=128,this.buffer.subarray(o).fill(0),this.padOffset>n-o&&(this.process(r,0),o=0);for(let p=o;p<n;p++)t[p]=0;Ze(r,n-8,BigInt(this.length*8),i),this.process(r,0);let a=j(e),l=this.outputLen;if(l%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let u=l/4,d=this.get();if(u>d.length)throw new Error("_sha2: outputLen bigger than state");for(let p=0;p<u;p++)a.setUint32(4*p,d[p],i)}digest(){let{buffer:e,outputLen:t}=this;this.digestInto(e);let r=e.slice(0,t);return this.destroy(),r}_cloneInto(e){e||(e=new this.constructor),e.set(...this.get());let{blockLen:t,buffer:r,length:n,finished:i,destroyed:o,pos:a}=this;return e.length=n,e.pos=a,e.finished=i,e.destroyed=o,n%t&&e.buffer.set(r),e}};var et=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),E=new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),v=new Uint32Array(64),ae=class extends Q{constructor(){super(64,32,8,!1),this.A=E[0]|0,this.B=E[1]|0,this.C=E[2]|0,this.D=E[3]|0,this.E=E[4]|0,this.F=E[5]|0,this.G=E[6]|0,this.H=E[7]|0}get(){let{A:e,B:t,C:r,D:n,E:i,F:o,G:a,H:l}=this;return[e,t,r,n,i,o,a,l]}set(e,t,r,n,i,o,a,l){this.A=e|0,this.B=t|0,this.C=r|0,this.D=n|0,this.E=i|0,this.F=o|0,this.G=a|0,this.H=l|0}process(e,t){for(let p=0;p<16;p++,t+=4)v[p]=e.getUint32(t,!1);for(let p=16;p<64;p++){let $=v[p-15],O=v[p-2],fe=f($,7)^f($,18)^$>>>3,re=f(O,17)^f(O,19)^O>>>10;v[p]=re+v[p-7]+fe+v[p-16]|0}let{A:r,B:n,C:i,D:o,E:a,F:l,G:u,H:d}=this;for(let p=0;p<64;p++){let $=f(a,6)^f(a,11)^f(a,25),O=d+$+Ee(a,l,u)+et[p]+v[p]|0,re=(f(r,2)^f(r,13)^f(r,22))+ve(r,n,i)|0;d=u,u=l,l=a,a=o+O|0,o=i,i=n,n=r,r=O+re|0}r=r+this.A|0,n=n+this.B|0,i=i+this.C|0,o=o+this.D|0,a=a+this.E|0,l=l+this.F|0,u=u+this.G|0,d=d+this.H|0,this.set(r,n,i,o,a,l,u,d)}roundClean(){v.fill(0)}destroy(){this.set(0,0,0,0,0,0,0,0),this.buffer.fill(0)}};var ce=be(()=>new ae);import{stringToBytes as rt,toHex as st}from"viem";var A=s=>tt.fromUint8Array(new Uint8Array(s),!0),le=s=>{let e=rt(s),t=ce(ce(e));return st(t,{size:32}).slice(2)};var k=class{constructor(e,t){c(this,"userAuthentications");c(this,"authModule");c(this,"apiVersion");this.authModule=e,this.userAuthentications=new Map,this.apiVersion=t}async setDefaultAuth(e){let t=await this.authModule.authenticate({payload:e.payload,challenge:e.challenge});this.userAuthentications.set("default",t)}async setKeygenUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for keygen");for(let r of e){let n=r.signAlg,i=t?t[n]:le(ke(r));if(i){let o=await this.authModule.authenticate({payload:r,challenge:i});this.userAuthentications.set(n,o)}else throw new Error("no final challenge found in response for ".concat(n))}}async setSigngenUserSigs(e){await this.setDefaultAuth(e)}async setAddEphKeyUserSigs(e){await this.setDefaultAuth(e)}async setRevokeEphKeyUserSigs(e){await this.setDefaultAuth(e)}async setRegisterPasskeyUserSigs(e){await this.setDefaultAuth(e)}async setKeyRefreshUserSigs(e){await this.setDefaultAuth(e)}async setFinishPresignUserSigs(e){await this.setDefaultAuth(e)}async setUpdatePolicyUserSigs(e){await this.setDefaultAuth(e)}async setDeletePolicyUserSigs(e){await this.setDefaultAuth(e)}async build(e,t,r){if(this.apiVersion!=="v1"&&(e==="registerPasskey"||e==="keyRefresh"))throw new Error("".concat(e," is only supported in V1"));let{challenge:n}=r!=null?r:{};if(e==="keygen"){let i=n?JSON.parse(n):void 0;await this.setKeygenUserSigs(t,i)}else{if(this.apiVersion==="v1"&&!n)throw new Error("missing challenge response for ".concat(e," V1"));let i=n!=null?n:le(ke(t));e==="signgen"?await this.setSigngenUserSigs({payload:t,challenge:i}):e==="addEphemeralKey"?await this.setAddEphKeyUserSigs({payload:t,challenge:i}):e==="revokeEphemeralKey"?await this.setRevokeEphKeyUserSigs({payload:t,challenge:i}):e==="registerPasskey"?await this.setRegisterPasskeyUserSigs({payload:t,challenge:i}):e==="keyRefresh"?await this.setKeyRefreshUserSigs({payload:t,challenge:i}):e==="finishPresign"?await this.setFinishPresignUserSigs({payload:t,challenge:i}):e==="updatePolicy"?await this.setUpdatePolicyUserSigs({payload:t,challenge:i}):e==="deletePolicy"&&await this.setDeletePolicyUserSigs({payload:t,challenge:i})}return Object.fromEntries(this.userAuthentications)}};var ue=s=>{let{sign:e,recid:t}=s,r=(27+t).toString(16);return"0x".concat(e).concat(r)};var C=class{constructor(e,t){c(this,"key_id");c(this,"eph_claim");h("keyId",e),this.key_id=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"RevokeEphKeyRequest"},{name:"challenge",type:"string"}],RevokeEphKeyRequest:[{name:"key_id",type:"string"},{name:"eph_claim",type:"string"}]}}},q=class{constructor(e,t){c(this,"key_id_list");c(this,"eph_claim");for(let r of e)h("keyId",r);this.key_id_list=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"AddEphKeyRequest"},{name:"challenge",type:"string"}],AddEphKeyRequest:[{name:"key_id_list",type:"string[]"},{name:"eph_claim",type:"string"}]}}},D=class{constructor(e){c(this,"options");h("options",e),this.options=e}},U=class{constructor({t:e,keyId:t,signAlg:r}){c(this,"t");c(this,"key_id");c(this,"sign_alg");h("keyId",t),h("signAlg",r),this.t=e,this.key_id=t,this.sign_alg=r}get eoaRequestSchema(){return{Request:[{name:"setup",type:"KeyRefreshRequest"},{name:"challenge",type:"string"}],KeyRefreshRequest:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"sign_alg",type:"string"}]}}},P=class{constructor({keyId:e,policy:t}){c(this,"key_id");c(this,"policy");h("keyId",e),this.key_id=e,this.policy=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"UpdatePolicyRequest"},{name:"challenge",type:"string"}],UpdatePolicyRequest:[{name:"key_id",type:"string"},{name:"policy",type:"string"}]}}},S=class{constructor({keyId:e}){c(this,"key_id");h("keyId",e),this.key_id=e}get eoaRequestSchema(){return{Request:[{name:"setup",type:"DeletePolicyRequest"},{name:"challenge",type:"string"}],DeletePolicyRequest:[{name:"key_id",type:"string"}]}}};var nt=[{name:"tag",type:"uint16"},{name:"value",type:"string"}],R=class{constructor({t:e,n:t,ephClaim:r,policy:n,signAlg:i}){c(this,"t");c(this,"n");c(this,"ephClaim");c(this,"metadata");c(this,"signAlg");c(this,"policy");h("signAlg",i),this.t=e,this.n=t,this.signAlg=i,this.ephClaim=r==null?void 0:r.toJSON(),this.metadata=[],this.policy=n==null?void 0:n.toJSON()}get eoaRequestSchema(){let e=[{name:"t",type:"uint32"},{name:"n",type:"uint32"},{name:"metadata",type:"TaggedValue[]"}];return this.ephClaim&&e.push({name:"ephClaim",type:"string"}),this.policy&&e.push({name:"policy",type:"string"}),{Request:[{name:"setup",type:"KeygenSetupOpts"},{name:"challenge",type:"string"}],KeygenSetupOpts:e,TaggedValue:nt}}},w=class{constructor({t:e,key_id:t,signAlg:r,message:n}){c(this,"t");c(this,"key_id");c(this,"message");c(this,"signAlg");h("keyId",t),h("signAlg",r),h("message",n),this.t=e,this.key_id=t,this.message=n,this.signAlg=r}get eoaRequestSchema(){return{Request:[{name:"setup",type:"SignSetupOpts"},{name:"challenge",type:"string"}],SignSetupOpts:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"signAlg",type:"string"},{name:"message",type:"string"}]}}},B=class{constructor({amount:e,keyId:t,t:r,expiryInSecs:n}){c(this,"amount");c(this,"key_id");c(this,"t");c(this,"expiry");if(e<=0)throw new Error("Amount must be greater than 0");h("keyId",t),this.amount=e,this.key_id=t,this.t=r,this.expiry=n!=null?n:Math.floor(Date.now()/1e3)+7*24*3600}},x=class{constructor({presignSessionId:e,message:t}){c(this,"presignSessionId");c(this,"message");h("presignSessionId",e),h("message",t),this.presignSessionId=e,this.message=t}get eoaRequestSchema(){return{Request:[{name:"setup",type:"FinishPresignOpts"},{name:"challenge",type:"string"}],FinishPresignOpts:[{name:"presignSessionId",type:"string"},{name:"message",type:"string"}]}}};var it={name:"SilentShard authentication",version:"0.1.0"},ot=[{name:"name",type:"string"},{name:"version",type:"string"}];function at(s,e){let t={setup:s,challenge:e};return{types:m({EIP712Domain:ot},s.eoaRequestSchema),domain:it,primaryType:"Request",message:t}}async function Ce({setup:s,eoa:e,challenge:t,browserWallet:r}){let n=at(s,t),i=await r.signTypedData(e,n);return new b({method:"eoa",id:e},i)}import{Base64 as Ke}from"js-base64";import{hexToBytes as qe}from"viem";import{canonicalize as X}from"json-canonicalize";async function Ue({user:s,challenge:e,rpConfig:t}){let r=qe("0x".concat(e),{size:32}),n={publicKey:{authenticatorSelection:{residentKey:"preferred",userVerification:"required"},challenge:r,excludeCredentials:[],pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],rp:{name:t.rpName,id:t.rpId},user:V(m({},s),{id:Ke.toUint8Array(s.id)})}},i=await navigator.credentials.create(n);if(i===null)throw new Error("No credential returned");let o=A(i.response.attestationObject),l={rawCredential:X({authenticatorAttachment:i.authenticatorAttachment,id:i.id,rawId:A(i.rawId),response:{attestationObject:o,clientDataJSON:A(i.response.clientDataJSON)},type:i.type}),origin:t.rpName,rpId:t.rpId};return new b({method:"passkey",id:i.id},X(l))}async function Ie({challenge:s,allowCredentialId:e,rpConfig:t}){let r=qe("0x".concat(s),{size:32}),n=e?[{type:"public-key",id:Ke.toUint8Array(e)}]:[],i={publicKey:{userVerification:"required",challenge:r,allowCredentials:n}},o=await navigator.credentials.get(i);if(o===null)throw new Error("Failed to get navigator credentials");let a=o.response,l=a.userHandle;if(l===null)throw new Error("User handle cannot be null");let u=A(a.signature),p={rawCredential:X({authenticatorAttachment:o.authenticatorAttachment,id:o.id,rawId:A(o.rawId),response:{authenticatorData:A(a.authenticatorData),clientDataJSON:A(a.clientDataJSON),signature:u,userHandle:A(l)},type:o.type}),origin:t.rpName,rpId:t.rpId};return new b({method:"passkey",id:o.id},X(p))}import{toHex as Y}from"viem";import{ed25519 as pe}from"@noble/curves/ed25519";import{secp256k1 as Me}from"@noble/curves/secp256k1";import{signMessage as ct}from"viem/accounts";import{canonicalize as Oe}from"json-canonicalize";var I=class s{constructor(e,t,r,n=Math.floor(Date.now()/1e3)+3600){c(this,"ephId");c(this,"ephPK");c(this,"signAlg");c(this,"expiry");this.validateInputs(e,t,r,n),this.ephId=e,this.ephPK=Y(t),this.signAlg=r,this.expiry=n}validateInputs(e,t,r,n){h("ephId",e),Se(t,r),g(Number.isInteger(n)===!1,"expiry must be an integer");let i=Math.floor(Date.now()/1e3),o=n-i,a=o>0&&o<=365*24*60*60;g(!a,"lifetime must be greater than 0 and less than or equal to 365 days expiry - now ".concat(o,", expiry ").concat(n," now secs ").concat(i))}toJSON(){try{return Oe({ephId:this.ephId,ephPK:this.ephPK,expiry:this.expiry,signAlg:this.signAlg})}catch(e){throw console.error("Error while serializing ephemeral key claim",e),new Error("Error while serializing ephemeral key claim")}}static generateKeys(e,t){let r=Z(e),n=T(r,e),i=new s(Y(n),n,e,t);return{privKey:r,pubKey:n,ephClaim:i}}};async function Ne({setup:s,challenge:e,ephSK:t,ephClaim:r}){let n={setup:s,challenge:e},i=new TextEncoder().encode(Oe(n)),o=await lt(i,t,r.signAlg);return new b({method:"ephemeral",id:r.ephId},o)}async function lt(s,e,t){switch(t){case"ed25519":return Y(pe.sign(s,e));case"secp256k1":return await ct({message:{raw:s},privateKey:Y(e)});default:throw new Error("Invalid signature algorithm")}}function Z(s){switch(s){case"ed25519":return pe.utils.randomPrivateKey();case"secp256k1":return Me.utils.randomPrivateKey();default:throw new Error("Invalid signature algorithm")}}function T(s,e){switch(e){case"ed25519":return pe.getPublicKey(s);case"secp256k1":return Me.getPublicKey(s,!1);default:throw new Error("Invalid signature algorithm")}}import{isAddress as ut}from"viem";var b=class{constructor(e,t){this.credentials=e;this.signature=t;this.credentials=e,this.signature=t}},F=class{constructor(e,t){c(this,"browserWallet");c(this,"eoa");this.validateInputs(e,t),this.browserWallet=t,this.eoa=e}validateInputs(e,t){g(!ut(e),"invalid Ethereum address format"),g(!((t==null?void 0:t.signTypedData)instanceof Function),"invalid browserWallet")}async authenticate({payload:e,challenge:t}){return W(e,[R,U,q,C,w,x,P,S],"eoa"),await Ce({setup:e,eoa:this.eoa,challenge:t,browserWallet:this.browserWallet})}},_=class{constructor(e,t,r){c(this,"ephSK");c(this,"ephClaim");Re(t,r),this.ephSK=t;let n=T(this.ephSK,r);this.ephClaim=new I(e,n,r)}async authenticate({payload:e,challenge:t}){return W(e,[w,C,x],"ephemeral"),await Ne({setup:e,challenge:t,ephSK:this.ephSK,ephClaim:this.ephClaim})}},M=class{constructor(e,t){c(this,"rpConfig");c(this,"allowCredentialId");this.rpConfig=e,this.allowCredentialId=t}async authenticate({payload:e,challenge:t}){return W(e,[R,q,w,x,U,C,P,S],"passkey"),await Ie({allowCredentialId:this.allowCredentialId,challenge:t,rpConfig:this.rpConfig})}},L=class{constructor(e,t){c(this,"rpConfig");c(this,"user");this.rpConfig=e,this.user=t}async authenticate({payload:e,challenge:t}){return W(e,[D],"passkey"),await Ue({user:this.user,challenge:t,rpConfig:this.rpConfig})}};import{canonicalize as ee}from"json-canonicalize";var J=class{constructor(e){c(this,"walletProviderUrl");c(this,"apiVersion","v1");this.walletProviderUrl="".concat(e.walletProviderUrl,"/").concat(e.apiVersion),this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("keygen",e,t).then(n=>{try{return JSON.parse(n)}catch(i){throw new Error("Failed to parse keygen response: ".concat(n))}})}async startKeyRefresh({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e,t).then(n=>{try{return JSON.parse(n)}catch(i){throw new Error("Failed to parse key refresh response: ".concat(n))}})}async startSigngen({setup:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("signgen",e,t).then(n=>{try{return JSON.parse(n)}catch(i){throw new Error("Failed to parse signgen response: ".concat(n))}})}async addEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("addEphemeralKey",e,t).then(n=>{try{return JSON.parse(n)}catch(i){throw new Error("Failed to parse add ephemeral key response: ".concat(n))}})}async revokeEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("revokeEphemeralKey",e,t).then(n=>{try{return JSON.parse(n)}catch(i){throw new Error("Failed to parse revoke ephemeral key response: ".concat(n))}})}async registerPasskey({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Passkey registration is not supported in v2 API");return this.connect.bind(this)("registerPasskey",e,t).then(n=>({passkeyCredentialId:n}))}async updatePolicy({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("updatePolicy",e,t).then(n=>{try{return JSON.parse(n)}catch(i){throw new Error("Failed to parse update policy response: ".concat(n))}})}async deletePolicy({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("deletePolicy",e,t).then(n=>{try{return JSON.parse(n)}catch(i){throw new Error("Failed to parse delete policy response: ".concat(n))}})}connect(e,t,r){return new Promise((n,i)=>{let o=new WebSocket("".concat(this.walletProviderUrl,"/").concat(e)),a=0;return console.debug("Connecting to ",o.url),o.addEventListener("open",l=>{switch(console.debug("Connection opened in state ".concat(a," with event ").concat(JSON.stringify(l,void 0,"	"))),a){case 0:{a=1;try{let u=ee({payload:t});console.debug("Sending request:",u),o.send(u)}catch(u){this.finishWithError(o,a,u,"open event",i)}break}case 1:case 2:this.finishWithError(o,a,"Unexpected message in state waitingForResult.","open event",i);break;case 3:break}}),o.addEventListener("message",async l=>{switch(console.debug("Connection message in state ".concat(a," with event data ").concat(JSON.stringify(l.data,void 0,"	"))),a){case 0:this.finishWithError(o,a,"Unexpected message in state initiated.","message event",i);break;case 1:{a=2;try{let u=l.data,d=await new k(r,this.apiVersion).build(e,t,{challenge:u});o.send(ee(d))}catch(u){this.finishWithError(o,a,u,"message event",i)}break}case 2:{a=3,o.close(),n(l.data);break}case 3:break}}),o.addEventListener("error",l=>{this.finishWithError(o,a,"Connection encountered an error event: ".concat(JSON.stringify(l,void 0,"	")),"error event",i)}),o.addEventListener("close",l=>{let u=l.reason||"No specific reason provided.",d=l.code;console.debug("Connection closed. State: ".concat(a,", Code: ").concat(d,", Reason: '").concat(u,"'"));let p=d>=4e3?"Application Error ".concat(d,": ").concat(u):d===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":"WebSocket Closed Unexpectedly (Code ".concat(d,"): ").concat(u);this.finishWithError(o,a,new Error(p),"close event",i)}),()=>{(o.readyState===WebSocket.OPEN||o.readyState===WebSocket.CONNECTING)&&o.close(1001,"Cleanup/Unmount")}})}connectV2(e,t,r){return new Promise((n,i)=>{let o=new WebSocket("".concat(this.walletProviderUrl,"/").concat(e)),a=0;return console.debug("Connecting to ",o.url),o.addEventListener("open",async l=>{switch(console.debug("Connection opened in state ".concat(a," with event ").concat(JSON.stringify(l,void 0,"	"))),a){case 0:a=2;try{let u=await new k(r,this.apiVersion).build(e,t);o.send(ee({payload:t,userSigs:u}))}catch(u){this.finishWithError(o,a,u,"open event",i)}break;case 2:a=3,this.finishWithError(o,a,"Unexpected message in state waitingForResult.","open event",i);break;case 3:break}}),o.addEventListener("message",async l=>{switch(console.debug("Connection message in state ".concat(a," with event ").concat(JSON.stringify(l,void 0,"	"))),a){case 0:this.finishWithError(o,a,"Unexpected message in state initiated.","message event",i);break;case 2:{a=3,o.close(),n(l.data);break}case 3:break}}),o.addEventListener("error",l=>{this.finishWithError(o,a,"Connection encountered an error event: ".concat(JSON.stringify(l,void 0,"	")),"error event",i)}),o.addEventListener("close",l=>{let u=l.reason||"No specific reason provided.",d=l.code;console.debug("Connection closed. State: ".concat(a,", Code: ").concat(d,", Reason: '").concat(u,"'"));let p=d>=4e3?"Application Error ".concat(d,": ").concat(u):d===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":"WebSocket Closed Unexpectedly (Code ".concat(d,"): ").concat(u);this.finishWithError(o,a,new Error(p),"close event",i)}),()=>{(o.readyState===WebSocket.OPEN||o.readyState===WebSocket.CONNECTING)&&o.close(1001,"Cleanup/Unmount")}})}finishWithError(e,t,r,n,i){t!==3&&(console.error("Error from ".concat(n," in state ").concat(t,":"),r),t=3,i(r instanceof Error?r:new Error(String(r)))),e.readyState===WebSocket.OPEN&&e.close(1e3,"Protocol run failed. Client attempted to close connection in state ".concat(t))}},K=class{constructor(e){c(this,"walletProviderUrl");c(this,"apiVersion","v1");this.walletProviderUrl="".concat(e.walletProviderUrl,"/").concat(e.apiVersion),this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e}){return this.connect.bind(this)("keygen",e).then(r=>{try{return JSON.parse(r)}catch(n){throw new Error("Failed to parse keygen response: ".concat(r))}})}async startSigngen({setup:e}){return this.connect.bind(this)("signgen",e).then(r=>{try{return JSON.parse(r)}catch(n){throw new Error("Failed to parse signgen response: ".concat(r))}})}async startKeyRefresh({payload:e}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e).then(r=>{try{return JSON.parse(r)}catch(n){throw new Error("Failed to parse key refresh response: ".concat(r))}})}async updatePolicy({payload:e}){return this.connect.bind(this)("updatePolicy",e).then(r=>{try{return JSON.parse(r)}catch(n){throw new Error("Failed to parse update policy response: ".concat(r))}})}async deletePolicy({payload:e}){return this.connect.bind(this)("deletePolicy",e).then(r=>{try{return JSON.parse(r)}catch(n){throw new Error("Failed to parse delete policy response: ".concat(r))}})}connect(e,t){return new Promise((r,n)=>{let i=0,o=new WebSocket("".concat(this.walletProviderUrl,"/").concat(e));o.addEventListener("open",async a=>{switch(console.debug("Connection opened in state ".concat(i," with event ").concat(JSON.stringify(a,void 0,"	"))),i){case 0:i=2;try{o.send(ee({payload:t}))}catch(l){n(l)}break;case 2:i=3,n("Incorrect protocol state");break;case 3:break}}),o.addEventListener("message",async a=>{switch(console.debug("Connection message in state ".concat(i," with event ").concat(JSON.stringify(a,void 0,"	"))),i){case 0:i=3,n("Incorrect protocol state");break;case 2:{i=3,o.close(),r(a.data);break}case 3:break}}),o.addEventListener("error",a=>{console.debug("Connection error in state ".concat(i," with event ").concat(JSON.stringify(a,void 0,"	"))),i!=3&&(i=3,n("Incorrect protocol state"))}),o.addEventListener("close",a=>{console.debug("Connection closed in state ".concat(i," with event ").concat(JSON.stringify(a,void 0,"	"))),i!=3&&(i=3,n("Incorrect protocol state"))})})}};var H=class{constructor(e,t){c(this,"authModule");c(this,"wpClient");if(!t&&!(e instanceof K))throw new Error("missing authModule for wallet provider client in auth mode");if(t&&e instanceof K)throw new Error("authModule is required but using wallet provider client in no-auth mode");this.authModule=t,this.wpClient=e}validateQuorumSetup({threshold:e,totalNodes:t}){e&&g(e<2,"Threshold = ".concat(e," must be at least 2")),e&&t&&g(t<e,"Total nodes = ".concat(t," must be greater or equal to threshold = ").concat(e))}async generateKey(e,t,r,n,i){this.validateQuorumSetup({threshold:e,totalNodes:t});let o=r.map(a=>new R({t:e,n:t,ephClaim:n,policy:i,signAlg:a}));return this.authModule?await this.wpClient.startKeygen({setups:o,authModule:this.authModule}):await this.wpClient.startKeygen({setups:o})}async signMessage(e,t,r,n){this.validateQuorumSetup({threshold:e}),Ae(r);let i=new w({t:e,key_id:t,signAlg:r,message:n});if(this.authModule){if(this.authModule instanceof M&&new Map(Object.entries(JSON.parse(n))).size>1)throw new Error("For Passkey Authentication only one message in signing request is supported");return await this.wpClient.startSigngen({setup:i,authModule:this.authModule})}else return await this.wpClient.startSigngen({setup:i})}async refreshKey(e,t,r){let n=new U({t:e,keyId:t,signAlg:r});return this.authModule?await this.wpClient.startKeyRefresh({payload:n,authModule:this.authModule}):await this.wpClient.startKeyRefresh({payload:n})}async addEphemeralKey(e,t){let r=new q(e,t);if(!this.authModule)throw new Error("Add ephemeral key is not supported in no auth mode");return await this.wpClient.addEphemeralKey({payload:r,authModule:this.authModule})}async revokeEphemeralKey(e,t){h("keyId",e);let r=new C(e,t);if(!this.authModule)throw new Error("Revoke ephemeral key is not supported in no auth mode");return await this.wpClient.revokeEphemeralKey({payload:r,authModule:this.authModule})}async registerPasskey(e){let t=new D(e!=null?e:"passkey options");if(!this.authModule)throw new Error("Register passkey is not supported in no auth mode");return await this.wpClient.registerPasskey({payload:t,authModule:this.authModule})}async updatePolicy(e,t){let r=new P({keyId:e,policy:t});return this.authModule?await this.wpClient.updatePolicy({payload:r,authModule:this.authModule}):await this.wpClient.updatePolicy({payload:r})}async deletePolicy(e){let t=new S({keyId:e});return this.authModule?await this.wpClient.deletePolicy({payload:t,authModule:this.authModule}):await this.wpClient.deletePolicy({payload:t})}};import{canonicalize as pt}from"json-canonicalize";var he=class extends Error{constructor(t,r,n){super(n||r);this.status=t;this.statusText=r;this.name="HttpError"}},G=class{constructor(e="",t={}){c(this,"baseURL");c(this,"defaultHeaders");this.baseURL=e,this.validateHeaders(t),this.defaultHeaders=m({"Content-Type":"application/json"},t)}validateHeaders(e){if(typeof e!="object"||e===null)throw new Error("Headers must be an object.");for(let[t,r]of Object.entries(e))if(typeof t!="string"||typeof r!="string")throw new Error("Invalid header: ".concat(t,". Header names and values must be strings."))}setDefaultHeaders(e){this.defaultHeaders=m(m({},this.defaultHeaders),e)}buildUrl(e){return"".concat(this.baseURL).concat(e)}async handleResponse(e){if(!e.ok){let r;try{r=(await e.json()).message||e.statusText}catch(n){r=e.statusText}throw new he(e.status,e.statusText,r)}let t=e.headers.get("content-type");return t&&t.includes("application/json")?e.json():e.text()}async request(e,t,r,n={}){let i=this.buildUrl(t),o=m(m({},this.defaultHeaders),n.headers),a=V(m({method:e,headers:o},n),{body:r?pt(r):null}),l=await fetch(i,a);return this.handleResponse(l)}async get(e,t){return this.request("GET",e,void 0,t)}async post(e,t,r){return this.request("POST",e,t,r)}async put(e,t,r){return this.request("PUT",e,t,r)}async patch(e,t,r){return this.request("PATCH",e,t,r)}async delete(e,t){return this.request("DELETE",e,void 0,t)}};import{publicKeyToAddress as De,toAccount as Fr}from"viem/accounts";import{secp256k1 as ht}from"@noble/curves/secp256k1";import{hashMessage as Hr,hashTypedData as Gr,keccak256 as zr,serializeSignature as jr,serializeTransaction as Qr,toHex as Yr}from"viem";import{Base64 as es}from"js-base64";function de(s){if(s.startsWith("0x")&&(s=s.slice(2)),s.startsWith("04"))return De("0x".concat(s," "));if(s.startsWith("02")||s.startsWith("03")){let e=ht.ProjectivePoint.fromHex(s).toHex(!1);return De("0x".concat(e))}else throw new Error("Invalid public key")}var me={};ze(me,{Action:()=>$e,ChainType:()=>We,IssuerType:()=>Te,Logic:()=>Ve,Operator:()=>_e,Policy:()=>ye,Rule:()=>ge,TransactionAttribute:()=>Fe,TransactionType:()=>Be});import{canonicalize as dt}from"json-canonicalize";var te=512,Te=(r=>(r.SessionKeyId="SessionKeyId",r.UserId="UserId",r.All="*",r))(Te||{}),$e=(t=>(t.Allow="allow",t.Deny="deny",t))($e||{}),Ve=(t=>(t.Or="or",t.And="and",t))(Ve||{}),We=(r=>(r.Off="off",r.Ethereum="ethereum",r.Solana="solana",r))(We||{}),Be=(o=>(o.Eip712="eip712",o.Eip191="eip191",o.Erc20="erc20",o.Erc721="erc721",o.NativeTransfer="nativeTransfer",o.SolanaTransaction="solanaTransaction",o))(Be||{}),Fe=(y=>(y.Sender="sender",y.Receiver="receiver",y.NativeValue="nativeValue",y.ChainId="chainId",y.FunctionSelector="functionSelector",y.Message="message",y.VerifyingContract="verifyingContract",y.PrimaryType="primaryType",y.DomainName="domainName",y.DomainVersion="domainVersion",y.SolanaAccountKeys="solanaAccountKeys",y.SplTransferAmount="splTransferAmount",y.SplTokenMint="splTokenMint",y.CustomProgramInstruction="customProgramInstruction",y.SystemInstructionName="systemInstructionName",y.SplInstructionName="splInstructionName",y))(Fe||{}),_e=(l=>(l.Eq="eq",l.Neq="neq",l.Lt="lt",l.Lte="lte",l.Gt="gt",l.Gte="gte",l.In="in",l.All="all",l))(_e||{}),ge=class{constructor({description:e,chain_type:t,conditions:r,issuer:n,action:i,logic:o}){c(this,"description");c(this,"issuer");c(this,"action");c(this,"logic");c(this,"chain_type");c(this,"conditions");if(!r.length)throw new Error("Rule must have at least one condition");if(!t)throw new Error("Chain type must be set");if(e.length>te)throw new Error("Description length exceeds maximum of ".concat(te));this.description=e,this.chain_type=t,this.conditions=r,this.issuer=n||[{type:"*",id:"*"}],this.action=i||"allow",this.logic=o||"and"}},ye=class{constructor({version:e,description:t,rules:r}){c(this,"version");c(this,"description");c(this,"rules");if(!r.length)throw new Error("Policy must have at least one rule");if(t.length>te)throw new Error("Description length exceeds maximum of ".concat(te));this.version=e!=null?e:"1.0",this.description=t,this.rules=r}toJSON(){try{return dt({version:this.version,description:this.description,rules:this.rules})}catch(e){throw console.error("Error while serializing policy",e),new Error("Error while serializing policy")}}};var fs=m({KeygenSetupOpts:R,InitPresignOpts:B,FinishPresignOpts:x,SignSetupOpts:w,UserSignatures:k,NetworkSigner:H,SignRequestBuilder:N,WalletProviderServiceClient:J,NoAuthWalletProviderServiceClient:K,HttpClient:G,EOAAuth:F,EphAuth:_,PasskeyAuth:M,PasskeyRegister:L,generateEphPrivateKey:Z,getEphPublicKey:T,EphKeyClaim:I,computeAddress:de,flattenSignature:ue,UpdatePolicyRequest:P,DeletePolicyRequest:S},me);export{$e as Action,We as ChainType,S as DeletePolicyRequest,F as EOAAuth,_ as EphAuth,I as EphKeyClaim,x as FinishPresignOpts,G as HttpClient,B as InitPresignOpts,Te as IssuerType,R as KeygenSetupOpts,Ve as Logic,H as NetworkSigner,K as NoAuthWalletProviderServiceClient,_e as Operator,M as PasskeyAuth,L as PasskeyRegister,ye as Policy,ge as Rule,N as SignRequestBuilder,w as SignSetupOpts,Fe as TransactionAttribute,Be as TransactionType,P as UpdatePolicyRequest,k as UserSignatures,J as WalletProviderServiceClient,de as computeAddress,fs as default,ue as flattenSignature,Z as generateEphPrivateKey,T as getEphPublicKey};
 /*! Bundled license information:
 
 @noble/hashes/esm/utils.js:

package/dist/networkSigner.d.ts

@@ -0,0 +1,129 @@
+import { AuthModule } from './authentication';
+import { type IWalletProviderServiceClient } from './walletProviderServiceClientInterface';
+/**
+ * Response from the network for keygen requests
+ * @alpha
+ */
+export interface KeygenResponse {
+    /**
+     * Unique ID of produced key used in subsequent API calls.
+     */
+    keyId: string;
+    /**
+     * Public key encoded with SEC1 format.
+     *
+     * If point is uncompressed it's in a form of 0x04 || X || Y
+     *
+     * If point is compressed it's in a form Y || X,
+     *
+     * where Y is set to 0x02 if Y-coord is even, or 0x03 if Y-coord is odd
+     */
+    publicKey: string;
+    /**
+     * Signature algorithm that uses this key for signing
+     */
+    signAlg: string;
+}
+/**
+ * Response from the network for sign request
+ * @alpha
+ */
+export interface SignResponse {
+    /**
+     * Hexstring of length 128 bytes, in a form: r || s
+     */
+    sign: string;
+    /**
+     * Recovery id, either 0, or 1
+     */
+    recid: number;
+}
+/**
+ * Response from the network for adding ephemeral key request
+ * @alpha
+ */
+export interface OperationStatusResponse {
+    /**
+     * Status of the request.
+     */
+    status: string;
+}
+/**
+ * Response from the network for registering passkey request
+ * @alpha
+ */
+export interface RegisterPasskeyResponse {
+    /**
+     * The registered passkey credential id. This helps both the user and the network to identify the passkey.
+     * @alpha
+     */
+    passkeyCredentialId: string;
+}
+/** The networkSigner contains an API to communicate with the Silent MPC Network. Call to sign and keygen require
+ * the Auth module, that is used to prompt the User before executing the request.
+ * @alpha
+ */
+export declare class NetworkSigner {
+    /** Authentication module, used to get confirmation from the User before request execution */
+    authModule: AuthModule;
+    /** Number of nodes that needs to participate in protocol in order to generate valid signature. Also known as `t`. */
+    threshold: number;
+    /** Number of nodes that participate in keygen operation. Also known as `n`. */
+    totalNodes: number;
+    /** Wallet Provider backend client */
+    wpClient: IWalletProviderServiceClient;
+    /**
+     * Facade class used to execute operations on Silent Network.
+     * @param wpClient - Wallet Provider backend client
+     * @param threshold - Number of nodes that needs to participate in protocol in order to generate valid signature. Also known as `t`.
+     * @param totalNodes - Number of nodes that participate in keygen operation. Also known as `n`.
+     * @param authModule - Authentication module, used to get confirmation from the User before request execution
+     */
+    constructor(wpClient: IWalletProviderServiceClient, threshold: number, totalNodes: number, authModule: AuthModule);
+    /** Generate a distributed key that's generated by Silent Network.
+     * Uses `authModule` to authenticate the User with the Silent Network.
+     * @param signAlgs - signature algorithms for which MPC keys will be generated.
+     * @param permissions - optional permissions that will be stored in the key metadata.
+     * The permissions are validated during sign requests.
+     * @returns {@link KeygenResponse} containing `keyId` and the `pubKey` public part of the key
+     * @public
+     */
+    generateKey(signAlgs: string[], permissions?: string): Promise<KeygenResponse[]>;
+    /** Generate a signature by the distributed key of Silent Network.
+     * Uses `authModule` to authenticate the sign request by the User.
+     * The network chooses `t` nodes to execute the protocol.
+     * @param keyId - the key id returned from `keygen`
+     * @param signAlg - the signature algorithm to use for MPC signing, different form signAlg inside EphKeyClaim
+     * @param message - the message to sign by the MPC network
+     * @returns {@link SignResponse}
+     * @public
+     */
+    signMessage(keyId: string, signAlg: string, message: string): Promise<SignResponse>;
+    /** Add new ephemeral key to an exist distributed key on the network.
+     * Uses `authModule` to authenticate the request by the User.
+     * @param keyId - the key id returned from `keygen`
+     * @returns {@link OperationStatusResponse}
+     * @public
+     */
+    addEphemeralKey(keyId: string): Promise<OperationStatusResponse>;
+    /** Revoke ephemeral key of an exist distributed key on the network.
+     * Uses `authModule` to authenticate the request by the User.
+     * @param keyId - the key id returned from `keygen`
+     * @returns {@link OperationStatusResponse}
+     * @public
+     */
+    revokeEphemeralKey(keyId: string): Promise<OperationStatusResponse>;
+    /** Register new user's passkey on the network. This will try to register to all the available nodes on the network.
+     * Uses `authModule` to authenticate the request by the User.
+     * @returns {@link RegisterPasskeyResponse}
+     * @public
+     */
+    registerPasskey(): Promise<RegisterPasskeyResponse>;
+    private setEphClaimOf;
+}
+/**
+ *
+ * @param signgenResponse - response from the network for sign request
+ * @returns - flattened signature in a form: 0x{signature}{recover_id}
+ */
+export declare const flattenSignature: (signgenResponse: SignResponse) => `0x${string}`;

package/dist/passkeyAuthentication.d.ts

@@ -0,0 +1,28 @@
+import { UserAuthentication } from './authentication';
+import { EphKeyClaim } from './ephemeralAuthentication';
+/** Information about the user currently registering. Read more: https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-user
+ * @alpha
+ * */
+export type PasskeyUser = {
+    id: string;
+    name: string;
+    displayName: string;
+};
+/** The RP responsible for registering and authenticating the user. Read more: https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-rp
+ * @alpha
+ * */
+export type RelyingPartyConfig = {
+    rpName: string;
+    rpId: string;
+};
+export declare function passkeyRegister({ user, challenge, rpConfig, }: {
+    user: PasskeyUser;
+    challenge: string;
+    rpConfig: RelyingPartyConfig;
+}): Promise<UserAuthentication>;
+export declare function passkeyLogin({ challenge, allowCredentialId, rpConfig, ephClaim, }: {
+    challenge: string;
+    allowCredentialId: string | null;
+    rpConfig: RelyingPartyConfig;
+    ephClaim: EphKeyClaim;
+}): Promise<UserAuthentication>;

package/dist/policy.d.ts

@@ -0,0 +1,220 @@
+/**
+ * Core data structures for the policy engine
+ */
+/**
+ * Type of issuer identifier
+ */
+export declare enum IssuerType {
+    /** Session identifier, like Ephemeral key */
+    SessionKeyId = "SessionKeyId",
+    /** User identifier, like EOA, Passkey or custom user credentials */
+    UserId = "UserId",
+    /** Allow all kind of issuers */
+    All = "*"
+}
+/**
+ * Issuer is the entity who issue the request that will be evaluated by the policy engine
+ * Default we allow all issuers
+ */
+export interface Issuer {
+    /** Type of issuer identifier */
+    type: IssuerType;
+    /** Issuer identifier */
+    id: string;
+}
+/**
+ * Action to take when a rule matches
+ */
+export declare enum Action {
+    /** Allow the transaction */
+    Allow = "allow",
+    /** Deny the transaction */
+    Deny = "deny"
+}
+/**
+ * Boolean logic operator
+ */
+export declare enum Logic {
+    Or = "or",
+    And = "and"
+}
+/**
+ * Chain type for the transaction
+ */
+export declare enum ChainType {
+    Off = "off",
+    Ethereum = "ethereum",
+    Solana = "solana"
+}
+/**
+ * Type of transaction
+ */
+export declare enum TransactionType {
+    /** TypedData */
+    Eip712 = "eip712",
+    /** PersonalSign */
+    Eip191 = "eip191",
+    /** Fungible Token interaction */
+    Erc20 = "erc20",
+    /** NFT interaction */
+    Erc721 = "erc721",
+    /** Pure ETH/SOL transfer */
+    NativeTransfer = "nativeTransfer",
+    SolanaTransaction = "solanaTransaction"
+}
+/**
+ * Transaction attribute to extract and compare
+ */
+export declare enum TransactionAttribute {
+    /** Sender of the transaction */
+    Sender = "sender",
+    /** Destination of the transaction */
+    Receiver = "receiver",
+    /** Chain native token value (e.g., ETH/SOL) */
+    NativeValue = "nativeValue",
+    /** Chain ID for EIP-712/1559 transactions */
+    ChainId = "chainId",
+    /** Function signature (4 bytes) of Ethereum calldata */
+    FunctionSelector = "functionSelector",
+    /** EIP-191 message to sign */
+    Message = "message",
+    /** EIP-712 verifying contract address */
+    VerifyingContract = "verifyingContract",
+    /** EIP-712 primary type */
+    PrimaryType = "primaryType",
+    /** EIP-712 domain name */
+    DomainName = "domainName",
+    /** EIP-712 domain version */
+    DomainVersion = "domainVersion",
+    /** Solana account keys */
+    SolanaAccountKeys = "solanaAccountKeys",
+    /** SPL transfer amount */
+    SplTransferAmount = "splTransferAmount",
+    /** SPL token mint */
+    SplTokenMint = "splTokenMint",
+    /** Custom Solana program instruction */
+    CustomProgramInstruction = "customProgramInstruction",
+    /** Solana System instruction name */
+    SystemInstructionName = "systemInstructionName",
+    /** SPL instruction name */
+    SplInstructionName = "splInstructionName"
+}
+/**
+ * Comparison operator
+ */
+export declare enum Operator {
+    /** Equal to */
+    Eq = "eq",
+    /** Not equal to */
+    Neq = "neq",
+    /** Less than */
+    Lt = "lt",
+    /** Less than or equal to */
+    Lte = "lte",
+    /** Greater than */
+    Gt = "gt",
+    /** Greater than or equal to */
+    Gte = "gte",
+    /** Value is in array */
+    In = "in",
+    /** All values in array match */
+    All = "all"
+}
+/**
+ * Value to compare in a condition
+ */
+export type ConditionValue = string | number | string[] | boolean;
+/**
+ * A single condition to evaluate
+ */
+export interface Condition {
+    /** Type of transaction */
+    transaction_type: TransactionType;
+    /** Transaction attribute to check */
+    transaction_attr: string;
+    /** Optional ABI for decoding Ethereum calldata */
+    abi?: any;
+    /** Comparison operator */
+    operator: Operator;
+    /** Value to compare against */
+    value: ConditionValue;
+}
+/**
+ * A group of conditions with boolean logic
+ */
+export interface ConditionGroup {
+    /** Logic to apply to the group */
+    logic: Logic;
+    /** List of conditions in the group */
+    group: Condition[];
+    /**
+     * Optional ABI for decoding Ethereum calldata
+     * The condition-level ABI dominates over the group-level ABI
+     */
+    abi?: any;
+}
+/**
+ * Either a single condition or a group of conditions
+ */
+export type ConditionOrGroup = Condition | ConditionGroup;
+/**
+ * A rule contains conditions that must be satisfied
+ */
+export declare class Rule {
+    /** Human-readable description (max 512 characters) */
+    description: string;
+    /** List of issuers who issue the request that will be evaluated by the policy engine */
+    issuer: Issuer[];
+    /** Action to take if rule matches */
+    action: Action;
+    /** Logic to apply to conditions (default: AND) */
+    logic?: Logic;
+    /** Chain type this rule applies to */
+    chain_type: ChainType;
+    /** List of conditions or condition groups */
+    conditions: ConditionOrGroup[];
+    /**
+     * Creates a new Rule instance.
+     *
+     * @param description - A human-readable description of what the rule does.
+     * @param chain_type - The blockchain network this rule applies to (e.g., Ethereum, Solana).
+     * @param conditions - An array of conditions or condition groups that must be met.
+     * @param issuer - (Optional) The issuers to whom this rule applies. Defaults to allowing all issuers (*).
+     * @param action - (Optional) The action to take if the rule is matched (Allow/Deny). Defaults to Allow.
+     * @param logic - (Optional) The logic operator (AND/OR) to apply to the conditions. Defaults to AND.
+     * @throws Will throw an error if no conditions are provided or chain_type is missing.
+     */
+    constructor({ description, chain_type, conditions, issuer, action, logic, }: {
+        description: string;
+        chain_type: ChainType;
+        conditions: ConditionOrGroup[];
+        issuer?: Issuer[];
+        action?: Action;
+        logic?: Logic;
+    });
+}
+/**
+ * A policy contains multiple rules for transaction validation
+ */
+export declare class Policy {
+    /** Policy version */
+    version: string;
+    /** Human-readable description (max 512 characters) */
+    description: string;
+    /** Ordered list of rules to evaluate */
+    rules: Rule[];
+    /**
+     * Creates a new Policy instance.
+     *
+     * @param version - The version of the policy schema. Defaults to '1.0'.
+     * @param description - A human-readable description of the policy.
+     * @param rules - An array of Rule objects that define the policy.
+     * @throws Will throw an error if no rules are provided.
+     */
+    constructor({ version, description, rules }: {
+        version: string;
+        description: string;
+        rules: Rule[];
+    });
+    toJSON(): string;
+}

package/dist/setupMessage.d.ts

@@ -1,13 +1,6 @@
 import { EoaAuthPayload } from './auth/EOAauthentication';
 import { EphKeyClaim } from './auth/ephemeralAuthentication';
-/**
- * This tagged value is part of key share extra,
- * and never directly part of setup message.
- */
-export declare enum KeyshareExtraTag {
-    /** Permissions tag of key share extra. */
-    TAG_PERMISSIONS = 1
-}
+import { Policy } from './policy';
 /**
  * This class represents the setup message for DKG protocol.
  * It contains the setup parameters to run the protocol.
@@ -27,11 +20,13 @@ export declare class KeygenSetupOpts implements EoaAuthPayload {
     private metadata;
     /** Signature algorithm chosen for key generation */
     signAlg: string;
-    constructor({ t, n, ephClaim, permissions, signAlg, }: {
+    /** Optional policy attached to the newly generated key */
+    policy: string | undefined;
+    constructor({ t, n, ephClaim, policy, signAlg, }: {
         t: number;
         n: number;
         ephClaim: EphKeyClaim | undefined;
-        permissions: string | undefined;
+        policy: Policy | undefined;
         signAlg: string;
     });
     get eoaRequestSchema(): {