@silencelaboratories/walletprovider-sdk 4.1.2 → 4.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -11,7 +11,7 @@ export interface IJWTIssuer {
11
11
  * @throws Throws an error if JWT issuance failed.
12
12
  * @returns Valid and signed JWT:
13
13
  * Three Base64URL encoded strings, joined together by periods. Follows the structure: header.payload.signature.
14
- * The claim `challenge` should contain the parameter `challenge`.
14
+ * The claim `sl_nonce` should contain the parameter `challenge`.
15
15
  */
16
16
  issueToken(challenge: string): Promise<string>;
17
17
  }
@@ -0,0 +1,61 @@
1
+ import { Auth0Client, LogoutOptions } from '@auth0/auth0-spa-js';
2
+ import { IJWTIssuer } from './JWTAuthentication';
3
+ type Auth0TokenClient = Pick<Auth0Client, 'getTokenSilently' | 'getTokenWithPopup'> & Partial<Pick<Auth0Client, 'getUser' | 'isAuthenticated' | 'logout'>>;
4
+ declare const AUTH0_INTERACTIVE_TOKEN_MODES: readonly ["silent", "popup", "silent-with-popup-fallback"];
5
+ export type Auth0InteractiveTokenMode = (typeof AUTH0_INTERACTIVE_TOKEN_MODES)[number];
6
+ /** Configuration for Auth0-backed JWT issuance in browser/WPFE flows.
7
+ * @public
8
+ */
9
+ export type Auth0JWTIssuerConfig = {
10
+ /** Auth0 tenant domain, for example `dev-example.us.auth0.com`. */
11
+ domain: string;
12
+ /** Auth0 Single Page Application client ID. */
13
+ clientId: string;
14
+ /** Auth0 API identifier. This makes Auth0 return a JWT access token for MPCNode verification. */
15
+ audience: string;
16
+ /** OAuth scopes to request for the Silent Network API. */
17
+ scope?: string;
18
+ /** Redirect URI registered in Auth0. Defaults to `window.location.origin` in browsers. */
19
+ redirectUri?: string;
20
+ /** Token acquisition mode. Defaults to silent first, then popup if user interaction is required. */
21
+ interactiveMode?: Auth0InteractiveTokenMode;
22
+ /** Reuse an existing Auth0 client, useful for apps that already initialize Auth0 or for tests. */
23
+ auth0Client?: Auth0TokenClient;
24
+ /** Forwarded to Auth0 SPA SDK when this issuer creates the client. */
25
+ useRefreshTokens?: boolean;
26
+ /** Forwarded to Auth0 SPA SDK when this issuer creates the client. */
27
+ useRefreshTokensFallback?: boolean;
28
+ };
29
+ /** Auth0 implementation of `IJWTIssuer` for browser/WPFE social-login flows.
30
+ * @public
31
+ */
32
+ export declare class Auth0JWTIssuer implements IJWTIssuer {
33
+ private readonly config;
34
+ private auth0Client;
35
+ private auth0ClientPromise;
36
+ constructor(config: Auth0JWTIssuerConfig);
37
+ /** Request a fresh Auth0 access token bound to the provided operation challenge. */
38
+ issueToken(challenge: string): Promise<string>;
39
+ /** Return whether Auth0 currently has an authenticated browser session.
40
+ * @public
41
+ */
42
+ isAuthenticated(): Promise<boolean>;
43
+ /** Return the Auth0 user profile for the current browser session.
44
+ * @public
45
+ */
46
+ getUser<TUser extends Record<string, unknown> = Record<string, unknown>>(): Promise<TUser | undefined>;
47
+ /** Log out the Auth0 browser session.
48
+ * @public
49
+ */
50
+ logout(options?: LogoutOptions): Promise<void>;
51
+ private validateInputs;
52
+ private getClient;
53
+ private buildClientOptions;
54
+ private getRedirectUri;
55
+ private buildAuthorizationParams;
56
+ private getToken;
57
+ private getTokenWithPopup;
58
+ private isInteractiveAuthError;
59
+ private validateTokenChallenge;
60
+ }
61
+ export {};
@@ -1,7 +1,6 @@
1
- import { AuthModule, AuthModuleParams } from '../auth/authentication';
1
+ import { AuthModule } from '../auth/authentication';
2
2
  import { ApiVersion, RequestPayloadV1, RequestPayloadV2, Slug, WpUserSignatures } from '../client/walletProviderServiceClientInterface';
3
- import { FinishPresignOpts, KeygenSetupOpts, SignSetupOpts } from '../setupMessage';
4
- import { AddEphKeyRequest, CreateStateControllerRequest, DeleteStateControllerRequest, KeyIdOfPolicy, KeyRefreshRequest, RegisterPasskeyRequest, RevokeEphKeyRequest, UpdatePolicyRequest } from '../client/networkRequest';
3
+ import { KeygenSetupOpts } from '../setupMessage';
5
4
  export type UserSignaturesOptionalParams = {
6
5
  challenge?: string | undefined;
7
6
  };
@@ -21,15 +20,5 @@ export declare class UserSignatures {
21
20
  setKeygenUserSigs(payload: KeygenSetupOpts[], challenges?: {
22
21
  [key: string]: string;
23
22
  }): Promise<void>;
24
- setSigngenUserSigs(authParams: AuthModuleParams<SignSetupOpts>): Promise<void>;
25
- setAddEphKeyUserSigs(authParams: AuthModuleParams<AddEphKeyRequest>): Promise<void>;
26
- setRevokeEphKeyUserSigs(authParams: AuthModuleParams<RevokeEphKeyRequest>): Promise<void>;
27
- setRegisterPasskeyUserSigs(authParams: AuthModuleParams<RegisterPasskeyRequest>): Promise<void>;
28
- setKeyRefreshUserSigs(authParams: AuthModuleParams<KeyRefreshRequest>): Promise<void>;
29
- setFinishPresignUserSigs(authParams: AuthModuleParams<FinishPresignOpts>): Promise<void>;
30
- setUpdatePolicyUserSigs(authParams: AuthModuleParams<UpdatePolicyRequest>): Promise<void>;
31
- setKeyIdOfPolicyUserSigs(authParams: AuthModuleParams<KeyIdOfPolicy>): Promise<void>;
32
- setCreateStateControllerUserSigs(authParams: AuthModuleParams<CreateStateControllerRequest>): Promise<void>;
33
- setDeleteStateControllerUserSigs(authParams: AuthModuleParams<DeleteStateControllerRequest>): Promise<void>;
34
23
  build(slug: Slug, payload: RequestPayloadV1 | RequestPayloadV2, options?: UserSignaturesOptionalParams): Promise<WpUserSignatures>;
35
24
  }
@@ -140,3 +140,31 @@ export declare class DeleteStateControllerRequest implements EoaAuthPayload {
140
140
  }[];
141
141
  };
142
142
  }
143
+ export declare class DryRunPolicyRequest implements EoaAuthPayload {
144
+ readonly key_id: string;
145
+ readonly message: string;
146
+ readonly signAlg: string;
147
+ readonly policy: string;
148
+ readonly state_controllers: string;
149
+ readonly initial_state_entries: string;
150
+ readonly evaluation_count: number;
151
+ constructor({ keyId, message, signAlg, policy, stateControllers, initialStateEntries, evaluationCount, }: {
152
+ keyId: string;
153
+ message: string;
154
+ signAlg: string;
155
+ policy: Policy | '';
156
+ stateControllers: string;
157
+ initialStateEntries: string;
158
+ evaluationCount?: number;
159
+ });
160
+ get eoaRequestSchema(): {
161
+ Request: {
162
+ name: string;
163
+ type: string;
164
+ }[];
165
+ DryRunPolicyRequest: {
166
+ name: string;
167
+ type: string;
168
+ }[];
169
+ };
170
+ }
@@ -1,4 +1,4 @@
1
- import { StateControllerPartitionField, StateControllerWindowConfig } from '../policy';
1
+ import { Action, PolicyStateController } from '../policy';
2
2
  /**
3
3
  * Response from the SDK for keygen. Receive plaintext response from network.
4
4
  * @public
@@ -101,14 +101,7 @@ export interface StateEntryResponse {
101
101
  * Response from the network for getting policy state controller request.
102
102
  * @public
103
103
  */
104
- export interface StateControllerResponse {
105
- id: string;
106
- key_id: string;
107
- description: string;
108
- method: string;
109
- window_config: StateControllerWindowConfig;
110
- partition_by: StateControllerPartitionField[];
111
- referenced_by: string | null;
104
+ export interface StateControllerResponse extends PolicyStateController {
112
105
  entries: StateEntryResponse[];
113
106
  }
114
107
  /**
@@ -125,4 +118,31 @@ export interface GetStateControllersResponse {
125
118
  export interface DeleteStateControllerResponse {
126
119
  status: string;
127
120
  }
121
+ /**
122
+ * Response from the network for dry-run policy state entry changes.
123
+ * @public
124
+ */
125
+ export interface DryRunPolicyStateEntry {
126
+ controller_id: string;
127
+ partition_key: number[];
128
+ window_start: string;
129
+ value: string;
130
+ base_version?: number | null;
131
+ }
132
+ /**
133
+ * Response from the network for dry-run policy request.
134
+ * @public
135
+ */
136
+ export interface DryRunPolicyResponse {
137
+ policy_valid: boolean;
138
+ stateful: boolean;
139
+ evaluation_count: number;
140
+ results: {
141
+ evaluation_index: number;
142
+ evaluated_at?: string;
143
+ action: Action;
144
+ reasons?: string[];
145
+ state_changes?: DryRunPolicyStateEntry[];
146
+ }[];
147
+ }
128
148
  export {};
@@ -1,7 +1,7 @@
1
1
  import { AuthModule, UserAuthentication } from '../auth/authentication';
2
2
  import { KeygenResponse, SignResponse, AddEphKeyResponse, RegisterPasskeyResponse, RevokeEphKeyResponse, KeyRefreshResponse, UpdatePolicyResponse, DeletePolicyResponse } from './networkResponse';
3
3
  import { KeygenSetupOpts, SignSetupOpts, InitPresignOpts, FinishPresignOpts } from '../setupMessage';
4
- import { AddEphKeyRequest, CreateStateControllerRequest, KeyIdOfPolicy, DeleteStateControllerRequest, KeyRefreshRequest, RegisterPasskeyRequest, RevokeEphKeyRequest, UpdatePolicyRequest } from './networkRequest';
4
+ import { AddEphKeyRequest, CreateStateControllerRequest, KeyIdOfPolicy, DeleteStateControllerRequest, KeyRefreshRequest, RegisterPasskeyRequest, RevokeEphKeyRequest, UpdatePolicyRequest, DryRunPolicyRequest } from './networkRequest';
5
5
  /**
6
6
  * The config used to create Wallet Provider Service backend client.
7
7
  * Please refer to {@link https://shipyard.rs/silencelaboratories/crates/wallet-provider-service | example backend service}
@@ -66,9 +66,9 @@ export interface IWalletProviderServiceClient {
66
66
  authModule: AuthModule;
67
67
  }): Promise<DeletePolicyResponse>;
68
68
  }
69
- export type Slug = 'signgen' | 'keygen' | 'keyRefresh' | 'quorumChange' | 'addEphemeralKey' | 'revokeEphemeralKey' | 'registerPasskey' | 'initPresign' | 'finishPresign' | 'updatePolicy' | 'deletePolicy' | 'getStateControllers' | 'createStateController' | 'deleteStateController';
69
+ export type Slug = 'signgen' | 'keygen' | 'keyRefresh' | 'quorumChange' | 'addEphemeralKey' | 'revokeEphemeralKey' | 'registerPasskey' | 'initPresign' | 'finishPresign' | 'updatePolicy' | 'deletePolicy' | 'getStateControllers' | 'createStateController' | 'deleteStateController' | 'dryRunPolicy';
70
70
  export type RequestPayloadV1 = KeygenSetupOpts[] | KeyRefreshRequest | SignSetupOpts | AddEphKeyRequest | RevokeEphKeyRequest | RegisterPasskeyRequest | UpdatePolicyRequest | KeyIdOfPolicy | FinishPresignOpts;
71
- export type RequestPayloadV2 = KeygenSetupOpts[] | SignSetupOpts | AddEphKeyRequest | RevokeEphKeyRequest | InitPresignOpts | FinishPresignOpts | UpdatePolicyRequest | KeyIdOfPolicy | CreateStateControllerRequest | DeleteStateControllerRequest;
71
+ export type RequestPayloadV2 = KeygenSetupOpts[] | SignSetupOpts | AddEphKeyRequest | RevokeEphKeyRequest | InitPresignOpts | FinishPresignOpts | UpdatePolicyRequest | KeyIdOfPolicy | CreateStateControllerRequest | DeleteStateControllerRequest | DryRunPolicyRequest;
72
72
  export type WpPayload = RequestPayloadV1 | RequestPayloadV2;
73
73
  export interface WpRequest {
74
74
  payload: WpPayload;
package/dist/index.cjs.js CHANGED
@@ -1,4 +1,4 @@
1
- "use strict";var ee=Object.defineProperty;var et=Object.getOwnPropertyDescriptor;var tt=Object.getOwnPropertyNames;var rt=Object.prototype.hasOwnProperty;var st=(s,e,t)=>e in s?ee(s,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):s[e]=t;var Oe=(s,e)=>{for(var t in e)ee(s,t,{get:e[t],enumerable:!0})},nt=(s,e,t,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let n of tt(e))!rt.call(s,n)&&n!==t&&ee(s,n,{get:()=>e[n],enumerable:!(r=et(e,n))||r.enumerable});return s};var it=s=>nt(ee({},"__esModule",{value:!0}),s);var a=(s,e,t)=>st(s,typeof e!="symbol"?e+"":e,t);var wt={};Oe(wt,{Action:()=>Ce,ChainType:()=>ke,CreateStateControllerRequest:()=>I,DeletePolicyRequest:()=>m,DeleteStateControllerRequest:()=>K,EOAAuth:()=>V,EphAuth:()=>F,EphKeyClaim:()=>q,FinishPresignOpts:()=>x,GetStateControllersRequest:()=>m,HttpClient:()=>G,InitPresignOpts:()=>_,IssuerType:()=>Ee,JWTAuth:()=>L,KeygenSetupOpts:()=>w,Logic:()=>ve,NetworkSigner:()=>H,NoAuthWalletProviderServiceClient:()=>E,Operator:()=>qe,PasskeyAuth:()=>U,PasskeyRegister:()=>B,Policy:()=>pe,Rule:()=>ue,SignRequestBuilder:()=>M,SignSetupOpts:()=>f,TransactionAttribute:()=>Ke,TransactionType:()=>Ie,UpdatePolicyRequest:()=>R,UserAuthentication:()=>P,UserSignatures:()=>b,WalletProviderServiceClient:()=>J,computeAddress:()=>le,default:()=>ft,flattenSignature:()=>ie,generateEphPrivateKey:()=>Y,getEphPublicKey:()=>D});module.exports=it(wt);var We=require("json-canonicalize");var h=(s,e)=>{g(typeof e!="string",`${s} must be string`),g((e==null?void 0:e.trim().length)===0,`${s} cannot be empty`)},Te=(s,e)=>{if(g(!(s instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")g(s.length!==65,"secp256k1: key length must be 65 bytes, got "+s.length);else if(e==="ed25519")g(s.length!==32,"ed25519: key length must be 32 bytes, got "+s.length);else throw new Error("Invalid signature algorithm")},De=(s,e)=>{if(g(!(s instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")g(s.length!==32,"secp256k1: key length must be 32 bytes, got "+s.length);else if(e==="ed25519")g(s.length!==32,"ed25519: key length must be 32 bytes, got "+s.length);else throw new Error("Invalid signature algorithm")},Ne=s=>{g(s!=="ed25519"&&s!=="secp256k1"&&s!=="mldsa44"&&s!=="mldsa65"&&s!=="mldsa87",'signAlg must be one of "ed25519", "secp256k1", "mldsa44", "mldsa65", or "mldsa87"')},g=(s,e)=>{if(s)throw new Error(e)},ot=(s,e)=>`Invalid payload ${JSON.stringify(s)}, cannot be authenticated by ${e.toLocaleUpperCase()} method.`,W=(s,e,t)=>{g(!e.some(r=>s instanceof r),ot(s,t))};var M=class{constructor(){a(this,"signRequest",new Map)}setRequest(e,t,r){if(h("transactionId",e),h("message",t),h("requestType",r),this.signRequest.has(e))throw new Error(`Transaction ID ${e} is already set.`);return this.signRequest.set(e,{signingMessage:t,requestType:r}),this}build(){let e={};if(this.signRequest.forEach((t,r)=>{e[r]=t}),Object.keys(e).length===0)throw new Error("No sign request is set.");return(0,We.canonicalize)(e)}};var Pe=require("json-canonicalize");var Be=require("js-base64");function at(s){return s instanceof Uint8Array||ArrayBuffer.isView(s)&&s.constructor.name==="Uint8Array"}function de(s,...e){if(!at(s))throw new Error("Uint8Array expected");if(e.length>0&&!e.includes(s.length))throw new Error("Uint8Array expected of length "+e+", got length="+s.length)}function ge(s,e=!0){if(s.destroyed)throw new Error("Hash instance has been destroyed");if(e&&s.finished)throw new Error("Hash#digest() has already been called")}function $e(s,e){de(s);let t=e.outputLen;if(s.length<t)throw new Error("digestInto() expects output buffer of length at least "+t)}var re=s=>new DataView(s.buffer,s.byteOffset,s.byteLength),S=(s,e)=>s<<32-e|s>>>e;function lt(s){if(typeof s!="string")throw new Error("utf8ToBytes expected string, got "+typeof s);return new Uint8Array(new TextEncoder().encode(s))}function ye(s){return typeof s=="string"&&(s=lt(s)),de(s),s}var te=class{clone(){return this._cloneInto()}};function _e(s){let e=r=>s().update(ye(r)).digest(),t=s();return e.outputLen=t.outputLen,e.blockLen=t.blockLen,e.create=()=>s(),e}function ct(s,e,t,r){if(typeof s.setBigUint64=="function")return s.setBigUint64(e,t,r);let n=BigInt(32),i=BigInt(4294967295),o=Number(t>>n&i),l=Number(t&i),c=r?4:0,u=r?0:4;s.setUint32(e+c,o,r),s.setUint32(e+u,l,r)}var Ve=(s,e,t)=>s&e^~s&t,Fe=(s,e,t)=>s&e^s&t^e&t,se=class extends te{constructor(e,t,r,n){super(),this.blockLen=e,this.outputLen=t,this.padOffset=r,this.isLE=n,this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.buffer=new Uint8Array(e),this.view=re(this.buffer)}update(e){ge(this);let{view:t,buffer:r,blockLen:n}=this;e=ye(e);let i=e.length;for(let o=0;o<i;){let l=Math.min(n-this.pos,i-o);if(l===n){let c=re(e);for(;n<=i-o;o+=n)this.process(c,o);continue}r.set(e.subarray(o,o+l),this.pos),this.pos+=l,o+=l,this.pos===n&&(this.process(t,0),this.pos=0)}return this.length+=e.length,this.roundClean(),this}digestInto(e){ge(this),$e(e,this),this.finished=!0;let{buffer:t,view:r,blockLen:n,isLE:i}=this,{pos:o}=this;t[o++]=128,this.buffer.subarray(o).fill(0),this.padOffset>n-o&&(this.process(r,0),o=0);for(let p=o;p<n;p++)t[p]=0;ct(r,n-8,BigInt(this.length*8),i),this.process(r,0);let l=re(e),c=this.outputLen;if(c%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let u=c/4,d=this.get();if(u>d.length)throw new Error("_sha2: outputLen bigger than state");for(let p=0;p<u;p++)l.setUint32(4*p,d[p],i)}digest(){let{buffer:e,outputLen:t}=this;this.digestInto(e);let r=e.slice(0,t);return this.destroy(),r}_cloneInto(e){e||(e=new this.constructor),e.set(...this.get());let{blockLen:t,buffer:r,length:n,finished:i,destroyed:o,pos:l}=this;return e.length=n,e.pos=l,e.finished=i,e.destroyed=o,n%t&&e.buffer.set(r),e}};var ut=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),C=new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),v=new Uint32Array(64),me=class extends se{constructor(){super(64,32,8,!1),this.A=C[0]|0,this.B=C[1]|0,this.C=C[2]|0,this.D=C[3]|0,this.E=C[4]|0,this.F=C[5]|0,this.G=C[6]|0,this.H=C[7]|0}get(){let{A:e,B:t,C:r,D:n,E:i,F:o,G:l,H:c}=this;return[e,t,r,n,i,o,l,c]}set(e,t,r,n,i,o,l,c){this.A=e|0,this.B=t|0,this.C=r|0,this.D=n|0,this.E=i|0,this.F=o|0,this.G=l|0,this.H=c|0}process(e,t){for(let p=0;p<16;p++,t+=4)v[p]=e.getUint32(t,!1);for(let p=16;p<64;p++){let j=v[p-15],N=v[p-2],Me=S(j,7)^S(j,18)^j>>>3,he=S(N,17)^S(N,19)^N>>>10;v[p]=he+v[p-7]+Me+v[p-16]|0}let{A:r,B:n,C:i,D:o,E:l,F:c,G:u,H:d}=this;for(let p=0;p<64;p++){let j=S(l,6)^S(l,11)^S(l,25),N=d+j+Ve(l,c,u)+ut[p]+v[p]|0,he=(S(r,2)^S(r,13)^S(r,22))+Fe(r,n,i)|0;d=u,u=c,c=l,l=o+N|0,o=i,i=n,n=r,r=N+he|0}r=r+this.A|0,n=n+this.B|0,i=i+this.C|0,o=o+this.D|0,l=l+this.E|0,c=c+this.F|0,u=u+this.G|0,d=d+this.H|0,this.set(r,n,i,o,l,c,u,d)}roundClean(){v.fill(0)}destroy(){this.set(0,0,0,0,0,0,0,0),this.buffer.fill(0)}};var fe=_e(()=>new me);var ne=require("viem"),A=s=>Be.Base64.fromUint8Array(new Uint8Array(s),!0),we=s=>{let e=(0,ne.stringToBytes)(s),t=fe(fe(e));return(0,ne.toHex)(t,{size:32}).slice(2)};var b=class{constructor(e,t){a(this,"userAuthentications");a(this,"authModule");a(this,"apiVersion");this.authModule=e,this.userAuthentications=new Map,this.apiVersion=t}async setDefaultAuth(e){let t=await this.authModule.authenticate({payload:e.payload,challenge:e.challenge});this.userAuthentications.set("default",t)}async setKeygenUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for keygen");for(let r of e){let n=r.signAlg,i=t?t[n]:we((0,Pe.canonicalize)(r));if(i){let o=await this.authModule.authenticate({payload:r,challenge:i});this.userAuthentications.set(n,o)}else throw new Error(`no final challenge found in response for ${n}`)}}async setSigngenUserSigs(e){await this.setDefaultAuth(e)}async setAddEphKeyUserSigs(e){await this.setDefaultAuth(e)}async setRevokeEphKeyUserSigs(e){await this.setDefaultAuth(e)}async setRegisterPasskeyUserSigs(e){await this.setDefaultAuth(e)}async setKeyRefreshUserSigs(e){await this.setDefaultAuth(e)}async setFinishPresignUserSigs(e){await this.setDefaultAuth(e)}async setUpdatePolicyUserSigs(e){await this.setDefaultAuth(e)}async setKeyIdOfPolicyUserSigs(e){await this.setDefaultAuth(e)}async setCreateStateControllerUserSigs(e){await this.setDefaultAuth(e)}async setDeleteStateControllerUserSigs(e){await this.setDefaultAuth(e)}async build(e,t,r){if(this.apiVersion!=="v1"&&(e==="registerPasskey"||e==="keyRefresh"))throw new Error(`${e} is only supported in V1`);let{challenge:n}=r!=null?r:{};if(e==="keygen"){let i=n?JSON.parse(n):void 0;await this.setKeygenUserSigs(t,i)}else{if(this.apiVersion==="v1"&&!n)throw new Error(`missing challenge response for ${e} V1`);let i=n!=null?n:we((0,Pe.canonicalize)(t));e==="signgen"?await this.setSigngenUserSigs({payload:t,challenge:i}):e==="addEphemeralKey"?await this.setAddEphKeyUserSigs({payload:t,challenge:i}):e==="revokeEphemeralKey"?await this.setRevokeEphKeyUserSigs({payload:t,challenge:i}):e==="registerPasskey"?await this.setRegisterPasskeyUserSigs({payload:t,challenge:i}):e==="keyRefresh"?await this.setKeyRefreshUserSigs({payload:t,challenge:i}):e==="finishPresign"?await this.setFinishPresignUserSigs({payload:t,challenge:i}):e==="updatePolicy"?await this.setUpdatePolicyUserSigs({payload:t,challenge:i}):e==="deletePolicy"||e==="getStateControllers"?await this.setKeyIdOfPolicyUserSigs({payload:t,challenge:i}):e==="createStateController"?await this.setCreateStateControllerUserSigs({payload:t,challenge:i}):e==="deleteStateController"&&await this.setDeleteStateControllerUserSigs({payload:t,challenge:i})}return Object.fromEntries(this.userAuthentications)}};var ie=s=>{let{sign:e,recid:t}=s,r=(27+t).toString(16);return`0x${e}${r}`};var k=class{constructor(e,t){a(this,"key_id");a(this,"eph_claim");h("keyId",e),this.key_id=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"RevokeEphKeyRequest"},{name:"challenge",type:"string"}],RevokeEphKeyRequest:[{name:"key_id",type:"string"},{name:"eph_claim",type:"string"}]}}},O=class{constructor(e,t){a(this,"key_id_list");a(this,"eph_claim");for(let r of e)h("keyId",r);this.key_id_list=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"AddEphKeyRequest"},{name:"challenge",type:"string"}],AddEphKeyRequest:[{name:"key_id_list",type:"string[]"},{name:"eph_claim",type:"string"}]}}},$=class{constructor(e){a(this,"options");h("options",e),this.options=e}},T=class{constructor({t:e,keyId:t,signAlg:r}){a(this,"t");a(this,"key_id");a(this,"sign_alg");h("keyId",t),h("signAlg",r),this.t=e,this.key_id=t,this.sign_alg=r}get eoaRequestSchema(){return{Request:[{name:"setup",type:"KeyRefreshRequest"},{name:"challenge",type:"string"}],KeyRefreshRequest:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"sign_alg",type:"string"}]}}},R=class{constructor({keyId:e,policy:t}){a(this,"key_id");a(this,"policy");h("keyId",e),this.key_id=e,this.policy=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"UpdatePolicyRequest"},{name:"challenge",type:"string"}],UpdatePolicyRequest:[{name:"key_id",type:"string"},{name:"policy",type:"string"}]}}},m=class{constructor({keyId:e}){a(this,"key_id");h("keyId",e),this.key_id=e}get eoaRequestSchema(){return{Request:[{name:"setup",type:"KeyIdOfPolicy"},{name:"challenge",type:"string"}],KeyIdOfPolicy:[{name:"key_id",type:"string"}]}}},I=class{constructor({key_id:e,description:t,method:r,window:n,partition_by:i}){a(this,"key_id");a(this,"description");a(this,"method");a(this,"window");a(this,"partition_by");h("key_id",e),this.key_id=e,this.description=t!=null?t:"",this.method=r,this.window=JSON.stringify(n),this.partition_by=JSON.stringify(i)}get eoaRequestSchema(){return{Request:[{name:"setup",type:"CreateStateControllerRequest"},{name:"challenge",type:"string"}],CreateStateControllerRequest:[{name:"key_id",type:"string"},{name:"description",type:"string"},{name:"method",type:"string"},{name:"window",type:"string"},{name:"partition_by",type:"string"}]}}},K=class{constructor({key_id:e,controller_id:t}){a(this,"key_id");a(this,"controller_id");h("key_id",e),this.key_id=e,h("controller_id",t),this.controller_id=t}get eoaRequestSchema(){return{Request:[{name:"setup",type:"DeleteStateControllerRequest"},{name:"challenge",type:"string"}],DeleteStateControllerRequest:[{name:"key_id",type:"string"},{name:"controller_id",type:"string"}]}}};var pt=[{name:"tag",type:"uint16"},{name:"value",type:"string"}],w=class{constructor({t:e,n:t,ephClaim:r,policy:n,signAlg:i}){a(this,"t");a(this,"n");a(this,"ephClaim");a(this,"metadata");a(this,"signAlg");a(this,"policy");h("signAlg",i),this.t=e,this.n=t,this.signAlg=i,this.ephClaim=r==null?void 0:r.toJSON(),this.metadata=[],this.policy=n==null?void 0:n.toJSON()}get eoaRequestSchema(){let e=[{name:"t",type:"uint32"},{name:"n",type:"uint32"},{name:"metadata",type:"TaggedValue[]"}];return this.ephClaim&&e.push({name:"ephClaim",type:"string"}),this.policy&&e.push({name:"policy",type:"string"}),{Request:[{name:"setup",type:"KeygenSetupOpts"},{name:"challenge",type:"string"}],KeygenSetupOpts:e,TaggedValue:pt}}},f=class{constructor({t:e,key_id:t,signAlg:r,message:n}){a(this,"t");a(this,"key_id");a(this,"message");a(this,"signAlg");h("keyId",t),h("signAlg",r),h("message",n),this.t=e,this.key_id=t,this.message=n,this.signAlg=r}get eoaRequestSchema(){return{Request:[{name:"setup",type:"SignSetupOpts"},{name:"challenge",type:"string"}],SignSetupOpts:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"signAlg",type:"string"},{name:"message",type:"string"}]}}},_=class{constructor({amount:e,keyId:t,t:r,expiryInSecs:n}){a(this,"amount");a(this,"key_id");a(this,"t");a(this,"expiry");if(e<=0)throw new Error("Amount must be greater than 0");h("keyId",t),this.amount=e,this.key_id=t,this.t=r,this.expiry=n!=null?n:Math.floor(Date.now()/1e3)+7*24*3600}},x=class{constructor({presignSessionId:e,message:t}){a(this,"presignSessionId");a(this,"message");h("presignSessionId",e),h("message",t),this.presignSessionId=e,this.message=t}get eoaRequestSchema(){return{Request:[{name:"setup",type:"FinishPresignOpts"},{name:"challenge",type:"string"}],FinishPresignOpts:[{name:"presignSessionId",type:"string"},{name:"message",type:"string"}]}}};var ht={name:"SilentShard authentication",version:"0.1.0"},dt=[{name:"name",type:"string"},{name:"version",type:"string"}];function gt(s,e){let t={setup:s,challenge:e};return{types:{EIP712Domain:dt,...s.eoaRequestSchema},domain:ht,primaryType:"Request",message:t}}async function Le({setup:s,eoa:e,challenge:t,browserWallet:r}){let n=gt(s,t),i=await r.signTypedData(e,n);return new P({method:"eoa",id:e},i)}var Se=require("js-base64"),Re=require("viem"),Q=require("json-canonicalize");async function Je({user:s,challenge:e,rpConfig:t}){let r=(0,Re.hexToBytes)(`0x${e}`,{size:32}),n={publicKey:{authenticatorSelection:{residentKey:"preferred",userVerification:"required"},challenge:r,excludeCredentials:[],pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],rp:{name:t.rpName,id:t.rpId},user:{...s,id:Se.Base64.toUint8Array(s.id)}}},i=await navigator.credentials.create(n);if(i===null)throw new Error("No credential returned");let o=A(i.response.attestationObject),c={rawCredential:(0,Q.canonicalize)({authenticatorAttachment:i.authenticatorAttachment,id:i.id,rawId:A(i.rawId),response:{attestationObject:o,clientDataJSON:A(i.response.clientDataJSON)},type:i.type}),origin:t.rpName,rpId:t.rpId};return new P({method:"passkey",id:i.id},(0,Q.canonicalize)(c))}async function He({challenge:s,allowCredentialId:e,rpConfig:t}){let r=(0,Re.hexToBytes)(`0x${s}`,{size:32}),n=e?[{type:"public-key",id:Se.Base64.toUint8Array(e)}]:[],i={publicKey:{userVerification:"required",challenge:r,allowCredentials:n}},o=await navigator.credentials.get(i);if(o===null)throw new Error("Failed to get navigator credentials");let l=o.response,c=l.userHandle;if(c===null)throw new Error("User handle cannot be null");let u=A(l.signature),p={rawCredential:(0,Q.canonicalize)({authenticatorAttachment:o.authenticatorAttachment,id:o.id,rawId:A(o.rawId),response:{authenticatorData:A(l.authenticatorData),clientDataJSON:A(l.clientDataJSON),signature:u,userHandle:A(c)},type:o.type}),origin:t.rpName,rpId:t.rpId};return new P({method:"passkey",id:o.id},(0,Q.canonicalize)(p))}var X=require("viem");var oe=require("@noble/curves/ed25519"),xe=require("@noble/curves/secp256k1");var Ge=require("viem/accounts"),Ae=require("json-canonicalize");var q=class s{constructor(e,t,r,n=Math.floor(Date.now()/1e3)+3600){a(this,"ephId");a(this,"ephPK");a(this,"signAlg");a(this,"expiry");this.validateInputs(e,t,r,n),this.ephId=e,this.ephPK=(0,X.toHex)(t),this.signAlg=r,this.expiry=n}validateInputs(e,t,r,n){h("ephId",e),Te(t,r),g(Number.isInteger(n)===!1,"expiry must be an integer");let i=Math.floor(Date.now()/1e3),o=n-i,l=o>0&&o<=365*24*60*60;g(!l,`lifetime must be greater than 0 and less than or equal to 365 days expiry - now ${o}, expiry ${n} now secs ${i}`)}toJSON(){try{return(0,Ae.canonicalize)({ephId:this.ephId,ephPK:this.ephPK,expiry:this.expiry,signAlg:this.signAlg})}catch(e){throw console.error("Error while serializing ephemeral key claim",e),new Error("Error while serializing ephemeral key claim")}}static generateKeys(e,t){let r=Y(e),n=D(r,e),i=new s((0,X.toHex)(n),n,e,t);return{privKey:r,pubKey:n,ephClaim:i}}};async function ze({setup:s,challenge:e,ephSK:t,ephClaim:r}){let n={setup:s,challenge:e},i=new TextEncoder().encode((0,Ae.canonicalize)(n)),o=await yt(i,t,r.signAlg);return new P({method:"ephemeral",id:r.ephId},o)}async function yt(s,e,t){switch(t){case"ed25519":return(0,X.toHex)(oe.ed25519.sign(s,e));case"secp256k1":return await(0,Ge.signMessage)({message:{raw:s},privateKey:(0,X.toHex)(e)});default:throw new Error("Invalid signature algorithm")}}function Y(s){switch(s){case"ed25519":return oe.ed25519.utils.randomPrivateKey();case"secp256k1":return xe.secp256k1.utils.randomPrivateKey();default:throw new Error("Invalid signature algorithm")}}function D(s,e){switch(e){case"ed25519":return oe.ed25519.getPublicKey(s);case"secp256k1":return xe.secp256k1.getPublicKey(s,!1);default:throw new Error("Invalid signature algorithm")}}var je=require("viem"),Qe=require("jsonwebtoken");var P=class{constructor(e,t){this.credentials=e;this.signature=t;this.credentials=e,this.signature=t}},V=class{constructor(e,t){a(this,"browserWallet");a(this,"eoa");this.validateInputs(e,t),this.browserWallet=t,this.eoa=e}validateInputs(e,t){g(!(0,je.isAddress)(e),"invalid Ethereum address format"),g(!((t==null?void 0:t.signTypedData)instanceof Function),"invalid browserWallet")}async authenticate({payload:e,challenge:t}){return W(e,[w,T,O,k,f,x,R,m,I,K],"eoa"),await Le({setup:e,eoa:this.eoa,challenge:t,browserWallet:this.browserWallet})}},F=class{constructor(e,t,r){a(this,"ephSK");a(this,"ephClaim");De(t,r),this.ephSK=t;let n=D(this.ephSK,r);this.ephClaim=new q(e,n,r)}async authenticate({payload:e,challenge:t}){return W(e,[f,k,x],"ephemeral"),await ze({setup:e,challenge:t,ephSK:this.ephSK,ephClaim:this.ephClaim})}},U=class{constructor(e,t){a(this,"rpConfig");a(this,"allowCredentialId");this.rpConfig=e,this.allowCredentialId=t}async authenticate({payload:e,challenge:t}){return W(e,[w,O,f,x,T,k,R,m],"passkey"),await He({allowCredentialId:this.allowCredentialId,challenge:t,rpConfig:this.rpConfig})}},B=class{constructor(e,t){a(this,"rpConfig");a(this,"user");this.rpConfig=e,this.user=t}async authenticate({payload:e,challenge:t}){return W(e,[$],"passkey"),await Je({user:this.user,challenge:t,rpConfig:this.rpConfig})}},L=class{constructor(e){a(this,"jwtIssuer");this.validateInputs(e),this.jwtIssuer=e}validateInputs(e){g(!((e==null?void 0:e.issueToken)instanceof Function),"invalid jwtIssuer")}async authenticate({payload:e,challenge:t}){W(e,[w,f],"jwt");let r=await this.jwtIssuer.issueToken(t),n=(0,Qe.decode)(r);g(!n||typeof n=="string","Failed to decode JWT token");let{iss:i,sub:o}=n;return g(!i||!o,"JWT token is missing iss or sub claims"),new P({method:"jwt",id:{iss:i,sub:o}},r)}};var Z=require("json-canonicalize");var J=class{constructor(e){a(this,"walletProviderUrl");a(this,"apiVersion","v1");this.walletProviderUrl=`${e.walletProviderUrl}/${e.apiVersion}`,this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("keygen",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse keygen response: ${n}`)}})}async startKeyRefresh({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse key refresh response: ${n}`)}})}async startSigngen({setup:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("signgen",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse signgen response: ${n}`)}})}async addEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("addEphemeralKey",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse add ephemeral key response: ${n}`)}})}async revokeEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("revokeEphemeralKey",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse revoke ephemeral key response: ${n}`)}})}async registerPasskey({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Passkey registration is not supported in v2 API");return this.connect.bind(this)("registerPasskey",e,t).then(n=>({passkeyCredentialId:n}))}async updatePolicy({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("updatePolicy",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse update policy response: ${n}`)}})}async deletePolicy({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("deletePolicy",e,t).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse delete policy response: ${n}`)}})}connect(e,t,r){return new Promise((n,i)=>{let o=new WebSocket(`${this.walletProviderUrl}/${e}`),l=0;return console.debug("Connecting to ",o.url),o.addEventListener("open",c=>{switch(console.debug(`Connection opened in state ${l} with event ${JSON.stringify(c,void 0," ")}`),l){case 0:{l=1;try{let u=(0,Z.canonicalize)({payload:t});console.debug("Sending request:",u),o.send(u)}catch(u){this.finishWithError(o,l,u,"open event",i)}break}case 1:case 2:this.finishWithError(o,l,"Unexpected message in state waitingForResult.","open event",i);break;case 3:break}}),o.addEventListener("message",async c=>{switch(console.debug(`Connection message in state ${l} with event data ${JSON.stringify(c.data,void 0," ")}`),l){case 0:this.finishWithError(o,l,"Unexpected message in state initiated.","message event",i);break;case 1:{l=2;try{let u=c.data,d=await new b(r,this.apiVersion).build(e,t,{challenge:u});o.send((0,Z.canonicalize)(d))}catch(u){this.finishWithError(o,l,u,"message event",i)}break}case 2:{l=3,o.close(),n(c.data);break}case 3:break}}),o.addEventListener("error",c=>{this.finishWithError(o,l,`Connection encountered an error event: ${JSON.stringify(c,void 0," ")}`,"error event",i)}),o.addEventListener("close",c=>{let u=c.reason||"No specific reason provided.",d=c.code;console.debug(`Connection closed. State: ${l}, Code: ${d}, Reason: '${u}'`);let p=d>=4e3?`Application Error ${d}: ${u}`:d===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":`WebSocket Closed Unexpectedly (Code ${d}): ${u}`;this.finishWithError(o,l,new Error(p),"close event",i)}),()=>{(o.readyState===WebSocket.OPEN||o.readyState===WebSocket.CONNECTING)&&o.close(1001,"Cleanup/Unmount")}})}connectV2(e,t,r){return new Promise((n,i)=>{let o=new WebSocket(`${this.walletProviderUrl}/${e}`),l=0;return console.debug("Connecting to ",o.url),o.addEventListener("open",async c=>{switch(console.debug(`Connection opened in state ${l} with event ${JSON.stringify(c,void 0," ")}`),l){case 0:l=2;try{let u=await new b(r,this.apiVersion).build(e,t);o.send((0,Z.canonicalize)({payload:t,userSigs:u}))}catch(u){this.finishWithError(o,l,u,"open event",i)}break;case 2:l=3,this.finishWithError(o,l,"Unexpected message in state waitingForResult.","open event",i);break;case 3:break}}),o.addEventListener("message",async c=>{switch(console.debug(`Connection message in state ${l} with event ${JSON.stringify(c,void 0," ")}`),l){case 0:this.finishWithError(o,l,"Unexpected message in state initiated.","message event",i);break;case 2:{l=3,o.close(),n(c.data);break}case 3:break}}),o.addEventListener("error",c=>{this.finishWithError(o,l,`Connection encountered an error event: ${JSON.stringify(c,void 0," ")}`,"error event",i)}),o.addEventListener("close",c=>{let u=c.reason||"No specific reason provided.",d=c.code;console.debug(`Connection closed. State: ${l}, Code: ${d}, Reason: '${u}'`);let p=d>=4e3?`Application Error ${d}: ${u}`:d===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":`WebSocket Closed Unexpectedly (Code ${d}): ${u}`;this.finishWithError(o,l,new Error(p),"close event",i)}),()=>{(o.readyState===WebSocket.OPEN||o.readyState===WebSocket.CONNECTING)&&o.close(1001,"Cleanup/Unmount")}})}finishWithError(e,t,r,n,i){t!==3&&(console.error(`Error from ${n} in state ${t}:`,r),t=3,i(r instanceof Error?r:new Error(String(r)))),e.readyState===WebSocket.OPEN&&e.close(1e3,`Protocol run failed. Client attempted to close connection in state ${t}`)}},E=class{constructor(e){a(this,"walletProviderUrl");a(this,"apiVersion","v1");this.walletProviderUrl=`${e.walletProviderUrl}/${e.apiVersion}`,this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e}){return this.connect.bind(this)("keygen",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse keygen response: ${r}`)}})}async startSigngen({setup:e}){return this.connect.bind(this)("signgen",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse signgen response: ${r}`)}})}async startKeyRefresh({payload:e}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse key refresh response: ${r}`)}})}async updatePolicy({payload:e}){return this.connect.bind(this)("updatePolicy",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse update policy response: ${r}`)}})}async deletePolicy({payload:e}){return this.connect.bind(this)("deletePolicy",e).then(r=>{try{return JSON.parse(r)}catch{throw new Error(`Failed to parse delete policy response: ${r}`)}})}connect(e,t){return new Promise((r,n)=>{let i=0,o=new WebSocket(`${this.walletProviderUrl}/${e}`);o.addEventListener("open",async l=>{switch(console.debug(`Connection opened in state ${i} with event ${JSON.stringify(l,void 0," ")}`),i){case 0:i=2;try{o.send((0,Z.canonicalize)({payload:t}))}catch(c){n(c)}break;case 2:i=3,n("Incorrect protocol state");break;case 3:break}}),o.addEventListener("message",async l=>{switch(console.debug(`Connection message in state ${i} with event ${JSON.stringify(l,void 0," ")}`),i){case 0:i=3,n("Incorrect protocol state");break;case 2:{i=3,o.close(),r(l.data);break}case 3:break}}),o.addEventListener("error",l=>{console.debug(`Connection error in state ${i} with event ${JSON.stringify(l,void 0," ")}`),i!=3&&(i=3,n("Incorrect protocol state"))}),o.addEventListener("close",l=>{console.debug(`Connection closed in state ${i} with event ${JSON.stringify(l,void 0," ")}`),i!=3&&(i=3,n("Incorrect protocol state"))})})}};var H=class{constructor(e,t){a(this,"authModule");a(this,"wpClient");if(!t&&!(e instanceof E))throw new Error("missing authModule for wallet provider client in auth mode");if(t&&e instanceof E)throw new Error("authModule is required but using wallet provider client in no-auth mode");this.authModule=t,this.wpClient=e}validateQuorumSetup({threshold:e,totalNodes:t}){e&&g(e<2,`Threshold = ${e} must be at least 2`),e&&t&&g(t<e,`Total nodes = ${t} must be greater or equal to threshold = ${e}`)}async generateKey(e,t,r,n,i){this.validateQuorumSetup({threshold:e,totalNodes:t});let o=r.map(l=>new w({t:e,n:t,ephClaim:n,policy:i,signAlg:l}));return this.authModule?await this.wpClient.startKeygen({setups:o,authModule:this.authModule}):await this.wpClient.startKeygen({setups:o})}async signMessage(e,t,r,n){this.validateQuorumSetup({threshold:e}),Ne(r);let i=new f({t:e,key_id:t,signAlg:r,message:n});if(this.authModule){if(this.authModule instanceof U&&new Map(Object.entries(JSON.parse(n))).size>1)throw new Error("For Passkey Authentication only one message in signing request is supported");return await this.wpClient.startSigngen({setup:i,authModule:this.authModule})}else return await this.wpClient.startSigngen({setup:i})}async refreshKey(e,t,r){let n=new T({t:e,keyId:t,signAlg:r});return this.authModule?await this.wpClient.startKeyRefresh({payload:n,authModule:this.authModule}):await this.wpClient.startKeyRefresh({payload:n})}async addEphemeralKey(e,t){let r=new O(e,t);if(!this.authModule)throw new Error("Add ephemeral key is not supported in no auth mode");return await this.wpClient.addEphemeralKey({payload:r,authModule:this.authModule})}async revokeEphemeralKey(e,t){h("keyId",e);let r=new k(e,t);if(!this.authModule)throw new Error("Revoke ephemeral key is not supported in no auth mode");return await this.wpClient.revokeEphemeralKey({payload:r,authModule:this.authModule})}async registerPasskey(e){let t=new $(e!=null?e:"passkey options");if(!this.authModule)throw new Error("Register passkey is not supported in no auth mode");return await this.wpClient.registerPasskey({payload:t,authModule:this.authModule})}async updatePolicy(e,t){let r=new R({keyId:e,policy:t});return this.authModule?await this.wpClient.updatePolicy({payload:r,authModule:this.authModule}):await this.wpClient.updatePolicy({payload:r})}async deletePolicy(e){let t=new m({keyId:e});return this.authModule?await this.wpClient.deletePolicy({payload:t,authModule:this.authModule}):await this.wpClient.deletePolicy({payload:t})}};var Xe=require("json-canonicalize");var be=class extends Error{constructor(t,r,n){super(n||r);this.status=t;this.statusText=r;this.name="HttpError"}},G=class{constructor(e="",t={}){a(this,"baseURL");a(this,"defaultHeaders");this.baseURL=e,this.validateHeaders(t),this.defaultHeaders={"Content-Type":"application/json",...t}}validateHeaders(e){if(typeof e!="object"||e===null)throw new Error("Headers must be an object.");for(let[t,r]of Object.entries(e))if(typeof t!="string"||typeof r!="string")throw new Error(`Invalid header: ${t}. Header names and values must be strings.`)}setDefaultHeaders(e){this.defaultHeaders={...this.defaultHeaders,...e}}buildUrl(e){return`${this.baseURL}${e}`}async handleResponse(e){if(!e.ok){let r;try{r=(await e.json()).message||e.statusText}catch{r=e.statusText}throw new be(e.status,e.statusText,r)}let t=e.headers.get("content-type");return t&&t.includes("application/json")?e.json():e.text()}async request(e,t,r,n={}){let i=this.buildUrl(t),o={...this.defaultHeaders,...n.headers},l={method:e,headers:o,...n,body:r?(0,Xe.canonicalize)(r):null},c=await fetch(i,l);return this.handleResponse(c)}async get(e,t){return this.request("GET",e,void 0,t)}async post(e,t,r){return this.request("POST",e,t,r)}async put(e,t,r){return this.request("PUT",e,t,r)}async patch(e,t,r){return this.request("PATCH",e,t,r)}async delete(e,t){return this.request("DELETE",e,void 0,t)}};var ae=require("viem/accounts"),Ye=require("@noble/curves/secp256k1"),z=require("viem"),mt=require("js-base64");function le(s){if(s.startsWith("0x")&&(s=s.slice(2)),s.startsWith("04"))return(0,ae.publicKeyToAddress)(`0x${s} `);if(s.startsWith("02")||s.startsWith("03")){let e=Ye.secp256k1.ProjectivePoint.fromHex(s).toHex(!1);return(0,ae.publicKeyToAddress)(`0x${e}`)}else throw new Error("Invalid public key")}var Ue={};Oe(Ue,{Action:()=>Ce,ChainType:()=>ke,IssuerType:()=>Ee,Logic:()=>ve,Operator:()=>qe,Policy:()=>pe,Rule:()=>ue,TransactionAttribute:()=>Ke,TransactionType:()=>Ie});var Ze=require("json-canonicalize");var ce=512,Ee=(r=>(r.SessionKeyId="SessionKeyId",r.UserId="UserId",r.All="*",r))(Ee||{}),Ce=(t=>(t.Allow="allow",t.Deny="deny",t))(Ce||{}),ve=(t=>(t.Or="or",t.And="and",t))(ve||{}),ke=(r=>(r.Off="off",r.Ethereum="ethereum",r.Solana="solana",r))(ke||{}),Ie=(o=>(o.Eip712="eip712",o.Eip191="eip191",o.Erc20="erc20",o.Erc721="erc721",o.NativeTransfer="nativeTransfer",o.SolanaTransaction="solanaTransaction",o))(Ie||{}),Ke=(y=>(y.Sender="sender",y.Receiver="receiver",y.NativeValue="nativeValue",y.ChainId="chainId",y.FunctionSelector="functionSelector",y.Message="message",y.VerifyingContract="verifyingContract",y.PrimaryType="primaryType",y.DomainName="domainName",y.DomainVersion="domainVersion",y.SolanaAccountKeys="solanaAccountKeys",y.SplTransferAmount="splTransferAmount",y.SplTransferSrc="splTransferSrc",y.SplTransferDest="splTransferDest",y.SplTokenMint="splTokenMint",y.CustomProgramInstruction="customProgramInstruction",y.SystemInstructionName="systemInstructionName",y.SplInstructionName="splInstructionName",y))(Ke||{}),qe=(c=>(c.Eq="eq",c.Neq="neq",c.Lt="lt",c.Lte="lte",c.Gt="gt",c.Gte="gte",c.In="in",c.All="all",c))(qe||{}),ue=class{constructor({description:e,chain_type:t,conditions:r,issuer:n,action:i,logic:o}){a(this,"description");a(this,"issuer");a(this,"action");a(this,"logic");a(this,"chain_type");a(this,"conditions");if(!r.length)throw new Error("Rule must have at least one condition");if(!t)throw new Error("Chain type must be set");if(e.length>ce)throw new Error(`Description length exceeds maximum of ${ce}`);this.description=e,this.chain_type=t,this.conditions=r,this.issuer=n||[{type:"*",id:"*"}],this.action=i||"allow",this.logic=o||"and"}},pe=class{constructor({version:e,description:t,rules:r}){a(this,"version");a(this,"description");a(this,"rules");if(t.length>ce)throw new Error(`Description length exceeds maximum of ${ce}`);this.version=e!=null?e:"1.0",this.description=t,this.rules=r}toJSON(){try{return(0,Ze.canonicalize)({version:this.version,description:this.description,rules:this.rules})}catch(e){throw console.error("Error while serializing policy",e),new Error("Error while serializing policy")}}};var ft={KeygenSetupOpts:w,InitPresignOpts:_,FinishPresignOpts:x,SignSetupOpts:f,UserSignatures:b,NetworkSigner:H,SignRequestBuilder:M,WalletProviderServiceClient:J,NoAuthWalletProviderServiceClient:E,HttpClient:G,EOAAuth:V,EphAuth:F,PasskeyAuth:U,PasskeyRegister:B,generateEphPrivateKey:Y,getEphPublicKey:D,EphKeyClaim:q,computeAddress:le,flattenSignature:ie,UpdatePolicyRequest:R,DeletePolicyRequest:m,GetStateControllersRequest:m,CreateStateControllerRequest:I,DeleteStateControllerRequest:K,...Ue,JWTAuth:L};0&&(module.exports={Action,ChainType,CreateStateControllerRequest,DeletePolicyRequest,DeleteStateControllerRequest,EOAAuth,EphAuth,EphKeyClaim,FinishPresignOpts,GetStateControllersRequest,HttpClient,InitPresignOpts,IssuerType,JWTAuth,KeygenSetupOpts,Logic,NetworkSigner,NoAuthWalletProviderServiceClient,Operator,PasskeyAuth,PasskeyRegister,Policy,Rule,SignRequestBuilder,SignSetupOpts,TransactionAttribute,TransactionType,UpdatePolicyRequest,UserAuthentication,UserSignatures,WalletProviderServiceClient,computeAddress,flattenSignature,generateEphPrivateKey,getEphPublicKey});
1
+ "use strict";var ie=Object.defineProperty;var at=Object.getOwnPropertyDescriptor;var ct=Object.getOwnPropertyNames;var lt=Object.prototype.hasOwnProperty;var ut=(r,e,t)=>e in r?ie(r,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):r[e]=t;var Ne=(r,e)=>{for(var t in e)ie(r,t,{get:e[t],enumerable:!0})},ht=(r,e,t,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of ct(e))!lt.call(r,i)&&i!==t&&ie(r,i,{get:()=>e[i],enumerable:!(n=at(e,i))||n.enumerable});return r};var pt=r=>ht(ie({},"__esModule",{value:!0}),r);var a=(r,e,t)=>ut(r,typeof e!="symbol"?e+"":e,t);var vt={};Ne(vt,{Action:()=>Ue,Auth0JWTIssuer:()=>j,ChainType:()=>Ke,CreateStateControllerRequest:()=>T,DeletePolicyRequest:()=>m,DeleteStateControllerRequest:()=>U,DryRunPolicyRequest:()=>C,EOAAuth:()=>B,EphAuth:()=>L,EphKeyClaim:()=>q,FinishPresignOpts:()=>S,GetStateControllersRequest:()=>m,HttpClient:()=>$,InitPresignOpts:()=>N,IssuerType:()=>Te,JWTAuth:()=>z,KeygenSetupOpts:()=>x,Logic:()=>qe,NetworkSigner:()=>F,NoAuthWalletProviderServiceClient:()=>E,Operator:()=>_e,PasskeyAuth:()=>J,PasskeyRegister:()=>G,Policy:()=>xe,Rule:()=>me,SignRequestBuilder:()=>K,SignSetupOpts:()=>y,TransactionAttribute:()=>Oe,TransactionType:()=>Me,UpdatePolicyRequest:()=>P,UserAuthentication:()=>w,UserSignatures:()=>k,WalletProviderServiceClient:()=>V,computeAddress:()=>fe,default:()=>Et,flattenSignature:()=>he,generateEphPrivateKey:()=>ne,getEphPublicKey:()=>_});module.exports=pt(vt);var $e=require("json-canonicalize");var d=(r,e)=>{h(typeof e!="string",`${r} must be string`),h((e==null?void 0:e.trim().length)===0,`${r} cannot be empty`)},He=(r,e)=>{if(h(!(r instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")h(r.length!==65,"secp256k1: key length must be 65 bytes, got "+r.length);else if(e==="ed25519")h(r.length!==32,"ed25519: key length must be 32 bytes, got "+r.length);else throw new Error("Invalid signature algorithm")},Ve=(r,e)=>{if(h(!(r instanceof Uint8Array),"key must be an Uint8Array"),e==="secp256k1")h(r.length!==32,"secp256k1: key length must be 32 bytes, got "+r.length);else if(e==="ed25519")h(r.length!==32,"ed25519: key length must be 32 bytes, got "+r.length);else throw new Error("Invalid signature algorithm")},Fe=r=>{h(r!=="ed25519"&&r!=="secp256k1"&&r!=="mldsa44"&&r!=="mldsa65"&&r!=="mldsa87",'signAlg must be one of "ed25519", "secp256k1", "mldsa44", "mldsa65", or "mldsa87"')},h=(r,e)=>{if(r)throw new Error(e)},dt=(r,e)=>`Invalid payload ${JSON.stringify(r)}, cannot be authenticated by ${e.toLocaleUpperCase()} method.`,D=(r,e,t)=>{h(!e.some(n=>r instanceof n),dt(r,t))};var K=class{constructor(){a(this,"signRequest",new Map)}setRequest(e,t,n){if(d("transactionId",e),d("message",t),d("requestType",n),this.signRequest.has(e))throw new Error(`Transaction ID ${e} is already set.`);return this.signRequest.set(e,{signingMessage:t,requestType:n}),this}build(){let e={};if(this.signRequest.forEach((t,n)=>{e[n]=t}),Object.keys(e).length===0)throw new Error("No sign request is set.");if(Object.keys(e).length>1)throw new Error("More than one sign request is set. Cannot build request.");return(0,$e.canonicalize)(e)}};var Re=require("json-canonicalize");var je=require("js-base64");function gt(r){return r instanceof Uint8Array||ArrayBuffer.isView(r)&&r.constructor.name==="Uint8Array"}function oe(r,...e){if(!gt(r))throw new Error("Uint8Array expected");if(e.length>0&&!e.includes(r.length))throw new Error("Uint8Array expected of length "+e+", got length="+r.length)}function be(r,e=!0){if(r.destroyed)throw new Error("Hash instance has been destroyed");if(e&&r.finished)throw new Error("Hash#digest() has already been called")}function Be(r,e){oe(r);let t=e.outputLen;if(r.length<t)throw new Error("digestInto() expects output buffer of length at least "+t)}function Y(...r){for(let e=0;e<r.length;e++)r[e].fill(0)}function ae(r){return new DataView(r.buffer,r.byteOffset,r.byteLength)}function b(r,e){return r<<32-e|r>>>e}function ft(r){if(typeof r!="string")throw new Error("string expected");return new Uint8Array(new TextEncoder().encode(r))}function Pe(r){return typeof r=="string"&&(r=ft(r)),oe(r),r}var se=class{};function Le(r){let e=n=>r().update(Pe(n)).digest(),t=r();return e.outputLen=t.outputLen,e.blockLen=t.blockLen,e.create=()=>r(),e}function yt(r,e,t,n){if(typeof r.setBigUint64=="function")return r.setBigUint64(e,t,n);let i=BigInt(32),o=BigInt(4294967295),s=Number(t>>i&o),c=Number(t&o),l=n?4:0,u=n?0:4;r.setUint32(e+l,s,n),r.setUint32(e+u,c,n)}function Je(r,e,t){return r&e^~r&t}function Ge(r,e,t){return r&e^r&t^e&t}var ce=class extends se{constructor(e,t,n,i){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=e,this.outputLen=t,this.padOffset=n,this.isLE=i,this.buffer=new Uint8Array(e),this.view=ae(this.buffer)}update(e){be(this),e=Pe(e),oe(e);let{view:t,buffer:n,blockLen:i}=this,o=e.length;for(let s=0;s<o;){let c=Math.min(i-this.pos,o-s);if(c===i){let l=ae(e);for(;i<=o-s;s+=i)this.process(l,s);continue}n.set(e.subarray(s,s+c),this.pos),this.pos+=c,s+=c,this.pos===i&&(this.process(t,0),this.pos=0)}return this.length+=e.length,this.roundClean(),this}digestInto(e){be(this),Be(e,this),this.finished=!0;let{buffer:t,view:n,blockLen:i,isLE:o}=this,{pos:s}=this;t[s++]=128,Y(this.buffer.subarray(s)),this.padOffset>i-s&&(this.process(n,0),s=0);for(let p=s;p<i;p++)t[p]=0;yt(n,i-8,BigInt(this.length*8),o),this.process(n,0);let c=ae(e),l=this.outputLen;if(l%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let u=l/4,g=this.get();if(u>g.length)throw new Error("_sha2: outputLen bigger than state");for(let p=0;p<u;p++)c.setUint32(4*p,g[p],o)}digest(){let{buffer:e,outputLen:t}=this;this.digestInto(e);let n=e.slice(0,t);return this.destroy(),n}_cloneInto(e){e||(e=new this.constructor),e.set(...this.get());let{blockLen:t,buffer:n,length:i,finished:o,destroyed:s,pos:c}=this;return e.destroyed=s,e.finished=o,e.length=i,e.pos=c,i%t&&e.buffer.set(n),e}clone(){return this._cloneInto()}},A=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]);var mt=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),v=new Uint32Array(64),le=class extends ce{constructor(e=32){super(64,e,8,!1),this.A=A[0]|0,this.B=A[1]|0,this.C=A[2]|0,this.D=A[3]|0,this.E=A[4]|0,this.F=A[5]|0,this.G=A[6]|0,this.H=A[7]|0}get(){let{A:e,B:t,C:n,D:i,E:o,F:s,G:c,H:l}=this;return[e,t,n,i,o,s,c,l]}set(e,t,n,i,o,s,c,l){this.A=e|0,this.B=t|0,this.C=n|0,this.D=i|0,this.E=o|0,this.F=s|0,this.G=c|0,this.H=l|0}process(e,t){for(let p=0;p<16;p++,t+=4)v[p]=e.getUint32(t,!1);for(let p=16;p<64;p++){let X=v[p-15],W=v[p-2],De=b(X,7)^b(X,18)^X>>>3,we=b(W,17)^b(W,19)^W>>>10;v[p]=we+v[p-7]+De+v[p-16]|0}let{A:n,B:i,C:o,D:s,E:c,F:l,G:u,H:g}=this;for(let p=0;p<64;p++){let X=b(c,6)^b(c,11)^b(c,25),W=g+X+Je(c,l,u)+mt[p]+v[p]|0,we=(b(n,2)^b(n,13)^b(n,22))+Ge(n,i,o)|0;g=u,u=l,l=c,c=s+W|0,s=o,o=i,i=n,n=W+we|0}n=n+this.A|0,i=i+this.B|0,o=o+this.C|0,s=s+this.D|0,c=c+this.E|0,l=l+this.F|0,u=u+this.G|0,g=g+this.H|0,this.set(n,i,o,s,c,l,u,g)}roundClean(){Y(v)}destroy(){this.set(0,0,0,0,0,0,0,0),Y(this.buffer)}};var ze=Le(()=>new le);var Se=ze;var ue=require("viem"),R=r=>je.Base64.fromUint8Array(new Uint8Array(r),!0),Ae=r=>{let e=(0,ue.stringToBytes)(r),t=Se(Se(e));return(0,ue.toHex)(t,{size:32}).slice(2)};var xt=new Set(["signgen","addEphemeralKey","revokeEphemeralKey","registerPasskey","keyRefresh","finishPresign","updatePolicy","deletePolicy","getStateControllers","createStateController","deleteStateController","dryRunPolicy"]),k=class{constructor(e,t){a(this,"userAuthentications");a(this,"authModule");a(this,"apiVersion");this.authModule=e,this.userAuthentications=new Map,this.apiVersion=t}async setDefaultAuth(e){let t=await this.authModule.authenticate({payload:e.payload,challenge:e.challenge});this.userAuthentications.set("default",t)}async setKeygenUserSigs(e,t){if(this.apiVersion==="v1"&&!t)throw new Error("no challenge response for keygen");for(let n of e){let i=n.signAlg,o=t?t[i]:Ae((0,Re.canonicalize)(n));if(o){let s=await this.authModule.authenticate({payload:n,challenge:o});this.userAuthentications.set(i,s)}else throw new Error(`no final challenge found in response for ${i}`)}}async build(e,t,n){if(this.apiVersion!=="v1"&&(e==="registerPasskey"||e==="keyRefresh"))throw new Error(`${e} is only supported in V1`);let{challenge:i}=n!=null?n:{};if(e==="keygen"){let o=i?JSON.parse(i):void 0;await this.setKeygenUserSigs(t,o)}else{if(this.apiVersion==="v1"&&!i)throw new Error(`missing challenge response for ${e} V1`);let o=i!=null?i:Ae((0,Re.canonicalize)(t));xt.has(e)&&await this.setDefaultAuth({payload:t,challenge:o})}return Object.fromEntries(this.userAuthentications)}};var he=r=>{let{sign:e,recid:t}=r,n=(27+t).toString(16);return`0x${e}${n}`};var wt=[{name:"tag",type:"uint16"},{name:"value",type:"string"}],x=class{constructor({t:e,n:t,ephClaim:n,policy:i,signAlg:o}){a(this,"t");a(this,"n");a(this,"ephClaim");a(this,"metadata");a(this,"signAlg");a(this,"policy");d("signAlg",o),this.t=e,this.n=t,this.signAlg=o,this.ephClaim=n==null?void 0:n.toJSON(),this.metadata=[],this.policy=i==null?void 0:i.toJSON()}get eoaRequestSchema(){let e=[{name:"t",type:"uint32"},{name:"n",type:"uint32"},{name:"metadata",type:"TaggedValue[]"}];return this.ephClaim&&e.push({name:"ephClaim",type:"string"}),this.policy&&e.push({name:"policy",type:"string"}),{Request:[{name:"setup",type:"KeygenSetupOpts"},{name:"challenge",type:"string"}],KeygenSetupOpts:e,TaggedValue:wt}}},y=class{constructor({t:e,key_id:t,signAlg:n,message:i}){a(this,"t");a(this,"key_id");a(this,"message");a(this,"signAlg");d("keyId",t),d("signAlg",n),d("message",i),this.t=e,this.key_id=t,this.message=i,this.signAlg=n}get eoaRequestSchema(){return{Request:[{name:"setup",type:"SignSetupOpts"},{name:"challenge",type:"string"}],SignSetupOpts:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"signAlg",type:"string"},{name:"message",type:"string"}]}}},N=class{constructor({amount:e,keyId:t,t:n,expiryInSecs:i}){a(this,"amount");a(this,"key_id");a(this,"t");a(this,"expiry");if(e<=0)throw new Error("Amount must be greater than 0");d("keyId",t),this.amount=e,this.key_id=t,this.t=n,this.expiry=i!=null?i:Math.floor(Date.now()/1e3)+7*24*3600}},S=class{constructor({presignSessionId:e,message:t}){a(this,"presignSessionId");a(this,"message");d("presignSessionId",e),d("message",t),this.presignSessionId=e,this.message=t}get eoaRequestSchema(){return{Request:[{name:"setup",type:"FinishPresignOpts"},{name:"challenge",type:"string"}],FinishPresignOpts:[{name:"presignSessionId",type:"string"},{name:"message",type:"string"}]}}};var I=class{constructor(e,t){a(this,"key_id");a(this,"eph_claim");d("keyId",e),this.key_id=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"RevokeEphKeyRequest"},{name:"challenge",type:"string"}],RevokeEphKeyRequest:[{name:"key_id",type:"string"},{name:"eph_claim",type:"string"}]}}},M=class{constructor(e,t){a(this,"key_id_list");a(this,"eph_claim");for(let n of e)d("keyId",n);this.key_id_list=e,this.eph_claim=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"AddEphKeyRequest"},{name:"challenge",type:"string"}],AddEphKeyRequest:[{name:"key_id_list",type:"string[]"},{name:"eph_claim",type:"string"}]}}},H=class{constructor(e){a(this,"options");d("options",e),this.options=e}},O=class{constructor({t:e,keyId:t,signAlg:n}){a(this,"t");a(this,"key_id");a(this,"sign_alg");d("keyId",t),d("signAlg",n),this.t=e,this.key_id=t,this.sign_alg=n}get eoaRequestSchema(){return{Request:[{name:"setup",type:"KeyRefreshRequest"},{name:"challenge",type:"string"}],KeyRefreshRequest:[{name:"t",type:"uint32"},{name:"key_id",type:"string"},{name:"sign_alg",type:"string"}]}}},P=class{constructor({keyId:e,policy:t}){a(this,"key_id");a(this,"policy");d("keyId",e),this.key_id=e,this.policy=t.toJSON()}get eoaRequestSchema(){return{Request:[{name:"setup",type:"UpdatePolicyRequest"},{name:"challenge",type:"string"}],UpdatePolicyRequest:[{name:"key_id",type:"string"},{name:"policy",type:"string"}]}}},m=class{constructor({keyId:e}){a(this,"key_id");d("keyId",e),this.key_id=e}get eoaRequestSchema(){return{Request:[{name:"setup",type:"KeyIdOfPolicy"},{name:"challenge",type:"string"}],KeyIdOfPolicy:[{name:"key_id",type:"string"}]}}},T=class{constructor({key_id:e,description:t,method:n,window:i,partition_by:o}){a(this,"key_id");a(this,"description");a(this,"method");a(this,"window");a(this,"partition_by");d("key_id",e),this.key_id=e,this.description=t!=null?t:"",this.method=n,this.window=JSON.stringify(i),this.partition_by=JSON.stringify(o)}get eoaRequestSchema(){return{Request:[{name:"setup",type:"CreateStateControllerRequest"},{name:"challenge",type:"string"}],CreateStateControllerRequest:[{name:"key_id",type:"string"},{name:"description",type:"string"},{name:"method",type:"string"},{name:"window",type:"string"},{name:"partition_by",type:"string"}]}}},U=class{constructor({key_id:e,controller_id:t}){a(this,"key_id");a(this,"controller_id");d("key_id",e),this.key_id=e,d("controller_id",t),this.controller_id=t}get eoaRequestSchema(){return{Request:[{name:"setup",type:"DeleteStateControllerRequest"},{name:"challenge",type:"string"}],DeleteStateControllerRequest:[{name:"key_id",type:"string"},{name:"controller_id",type:"string"}]}}},C=class{constructor({keyId:e,message:t,signAlg:n,policy:i,stateControllers:o="[]",initialStateEntries:s="[]",evaluationCount:c=1}){a(this,"key_id");a(this,"message");a(this,"signAlg");a(this,"policy");a(this,"state_controllers");a(this,"initial_state_entries");a(this,"evaluation_count");if(d("keyId",e),d("message",t),d("signAlg",n),i===""&&(o!=="[]"||s!=="[]"))throw new Error("Policy is empty, state_controllers and initial_state_entries must be empty");this.key_id=e,this.message=t,this.signAlg=n,this.policy=i===""?i:i.toJSON(),this.state_controllers=o,this.initial_state_entries=s,this.evaluation_count=c}get eoaRequestSchema(){return{Request:[{name:"setup",type:"DryRunPolicyRequest"},{name:"challenge",type:"string"}],DryRunPolicyRequest:[{name:"key_id",type:"string"},{name:"message",type:"string"},{name:"signAlg",type:"string"},{name:"policy",type:"string"},{name:"state_controllers",type:"string"},{name:"initial_state_entries",type:"string"},{name:"evaluation_count",type:"uint32"}]}}};var Z=require("json-canonicalize");var V=class{constructor(e){a(this,"walletProviderUrl");a(this,"apiVersion","v1");this.walletProviderUrl=`${e.walletProviderUrl}/${e.apiVersion}`,this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("keygen",e,t).then(i=>{try{return JSON.parse(i)}catch{throw new Error(`Failed to parse keygen response: ${i}`)}})}async startKeyRefresh({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e,t).then(i=>{try{return JSON.parse(i)}catch{throw new Error(`Failed to parse key refresh response: ${i}`)}})}async startSigngen({setup:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("signgen",e,t).then(i=>{try{return JSON.parse(i)}catch{throw new Error(`Failed to parse signgen response: ${i}`)}})}async addEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("addEphemeralKey",e,t).then(i=>{try{return JSON.parse(i)}catch{throw new Error(`Failed to parse add ephemeral key response: ${i}`)}})}async revokeEphemeralKey({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("revokeEphemeralKey",e,t).then(i=>{try{return JSON.parse(i)}catch{throw new Error(`Failed to parse revoke ephemeral key response: ${i}`)}})}async registerPasskey({payload:e,authModule:t}){if(this.apiVersion==="v2")throw new Error("Passkey registration is not supported in v2 API");return this.connect.bind(this)("registerPasskey",e,t).then(i=>({passkeyCredentialId:i}))}async updatePolicy({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("updatePolicy",e,t).then(i=>{try{return JSON.parse(i)}catch{throw new Error(`Failed to parse update policy response: ${i}`)}})}async deletePolicy({payload:e,authModule:t}){return(this.apiVersion==="v1"?this.connect.bind(this):this.connectV2.bind(this))("deletePolicy",e,t).then(i=>{try{return JSON.parse(i)}catch{throw new Error(`Failed to parse delete policy response: ${i}`)}})}connect(e,t,n){return new Promise((i,o)=>{let s=new WebSocket(`${this.walletProviderUrl}/${e}`),c=0;return console.debug("Connecting to ",s.url),s.addEventListener("open",l=>{switch(console.debug(`Connection opened in state ${c} with event ${JSON.stringify(l,void 0," ")}`),c){case 0:{c=1;try{let u=(0,Z.canonicalize)({payload:t});console.debug("Sending request:",u),s.send(u)}catch(u){this.finishWithError(s,c,u,"open event",o)}break}case 1:case 2:this.finishWithError(s,c,"Unexpected message in state waitingForResult.","open event",o);break;case 3:break}}),s.addEventListener("message",async l=>{switch(console.debug(`Connection message in state ${c} with event data ${JSON.stringify(l.data,void 0," ")}`),c){case 0:this.finishWithError(s,c,"Unexpected message in state initiated.","message event",o);break;case 1:{c=2;try{let u=l.data,g=await new k(n,this.apiVersion).build(e,t,{challenge:u});s.send((0,Z.canonicalize)(g))}catch(u){this.finishWithError(s,c,u,"message event",o)}break}case 2:{c=3,s.close(),i(l.data);break}case 3:break}}),s.addEventListener("error",l=>{this.finishWithError(s,c,`Connection encountered an error event: ${JSON.stringify(l,void 0," ")}`,"error event",o)}),s.addEventListener("close",l=>{let u=l.reason||"No specific reason provided.",g=l.code;console.debug(`Connection closed. State: ${c}, Code: ${g}, Reason: '${u}'`);let p=g>=4e3?`Application Error ${g}: ${u}`:g===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":`WebSocket Closed Unexpectedly (Code ${g}): ${u}`;this.finishWithError(s,c,new Error(p),"close event",o)}),()=>{(s.readyState===WebSocket.OPEN||s.readyState===WebSocket.CONNECTING)&&s.close(1001,"Cleanup/Unmount")}})}connectV2(e,t,n){return new Promise((i,o)=>{let s=new WebSocket(`${this.walletProviderUrl}/${e}`),c=0;return console.debug("Connecting to ",s.url),s.addEventListener("open",async l=>{switch(console.debug(`Connection opened in state ${c} with event ${JSON.stringify(l,void 0," ")}`),c){case 0:c=2;try{let u=await new k(n,this.apiVersion).build(e,t);s.send((0,Z.canonicalize)({payload:t,userSigs:u}))}catch(u){this.finishWithError(s,c,u,"open event",o)}break;case 2:c=3,this.finishWithError(s,c,"Unexpected message in state waitingForResult.","open event",o);break;case 3:break}}),s.addEventListener("message",async l=>{switch(console.debug(`Connection message in state ${c} with event ${JSON.stringify(l,void 0," ")}`),c){case 0:this.finishWithError(s,c,"Unexpected message in state initiated.","message event",o);break;case 2:{c=3,s.close(),i(l.data);break}case 3:break}}),s.addEventListener("error",l=>{this.finishWithError(s,c,`Connection encountered an error event: ${JSON.stringify(l,void 0," ")}`,"error event",o)}),s.addEventListener("close",l=>{let u=l.reason||"No specific reason provided.",g=l.code;console.debug(`Connection closed. State: ${c}, Code: ${g}, Reason: '${u}'`);let p=g>=4e3?`Application Error ${g}: ${u}`:g===1006?"Connection Abnormality (Code 1006): Server closed connection unexpectedly or network issue.":`WebSocket Closed Unexpectedly (Code ${g}): ${u}`;this.finishWithError(s,c,new Error(p),"close event",o)}),()=>{(s.readyState===WebSocket.OPEN||s.readyState===WebSocket.CONNECTING)&&s.close(1001,"Cleanup/Unmount")}})}finishWithError(e,t,n,i,o){t!==3&&(console.error(`Error from ${i} in state ${t}:`,n),t=3,o(n instanceof Error?n:new Error(String(n)))),e.readyState===WebSocket.OPEN&&e.close(1e3,`Protocol run failed. Client attempted to close connection in state ${t}`)}},E=class{constructor(e){a(this,"walletProviderUrl");a(this,"apiVersion","v1");this.walletProviderUrl=`${e.walletProviderUrl}/${e.apiVersion}`,this.apiVersion=e.apiVersion}getVersion(){return this.apiVersion}async startKeygen({setups:e}){return this.connect.bind(this)("keygen",e).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse keygen response: ${n}`)}})}async startSigngen({setup:e}){return this.connect.bind(this)("signgen",e).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse signgen response: ${n}`)}})}async startKeyRefresh({payload:e}){if(this.apiVersion==="v2")throw new Error("Key refresh is not supported in v2 API");return this.connect.bind(this)("keyRefresh",e).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse key refresh response: ${n}`)}})}async updatePolicy({payload:e}){return this.connect.bind(this)("updatePolicy",e).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse update policy response: ${n}`)}})}async deletePolicy({payload:e}){return this.connect.bind(this)("deletePolicy",e).then(n=>{try{return JSON.parse(n)}catch{throw new Error(`Failed to parse delete policy response: ${n}`)}})}connect(e,t){return new Promise((n,i)=>{let o=0,s=new WebSocket(`${this.walletProviderUrl}/${e}`);s.addEventListener("open",async c=>{switch(console.debug(`Connection opened in state ${o} with event ${JSON.stringify(c,void 0," ")}`),o){case 0:o=2;try{s.send((0,Z.canonicalize)({payload:t}))}catch(l){i(l)}break;case 2:o=3,i("Incorrect protocol state");break;case 3:break}}),s.addEventListener("message",async c=>{switch(console.debug(`Connection message in state ${o} with event ${JSON.stringify(c,void 0," ")}`),o){case 0:o=3,i("Incorrect protocol state");break;case 2:{o=3,s.close(),n(c.data);break}case 3:break}}),s.addEventListener("error",c=>{console.debug(`Connection error in state ${o} with event ${JSON.stringify(c,void 0," ")}`),o!=3&&(o=3,i("Incorrect protocol state"))}),s.addEventListener("close",c=>{console.debug(`Connection closed in state ${o} with event ${JSON.stringify(c,void 0," ")}`),o!=3&&(o=3,i("Incorrect protocol state"))})})}};var F=class{constructor(e,t){a(this,"authModule");a(this,"wpClient");if(!t&&!(e instanceof E))throw new Error("missing authModule for wallet provider client in auth mode");if(t&&e instanceof E)throw new Error("authModule is required but using wallet provider client in no-auth mode");this.authModule=t,this.wpClient=e}validateQuorumSetup({threshold:e,totalNodes:t}){e&&h(e<2,`Threshold = ${e} must be at least 2`),e&&t&&h(t<e,`Total nodes = ${t} must be greater or equal to threshold = ${e}`)}async generateKey(e,t,n,i,o){this.validateQuorumSetup({threshold:e,totalNodes:t});let s=n.map(c=>new x({t:e,n:t,ephClaim:i,policy:o,signAlg:c}));return this.authModule?await this.wpClient.startKeygen({setups:s,authModule:this.authModule}):await this.wpClient.startKeygen({setups:s})}async signMessage(e,t,n,i){this.validateQuorumSetup({threshold:e}),Fe(n);let o=new y({t:e,key_id:t,signAlg:n,message:i});return this.authModule?await this.wpClient.startSigngen({setup:o,authModule:this.authModule}):await this.wpClient.startSigngen({setup:o})}async refreshKey(e,t,n){let i=new O({t:e,keyId:t,signAlg:n});return this.authModule?await this.wpClient.startKeyRefresh({payload:i,authModule:this.authModule}):await this.wpClient.startKeyRefresh({payload:i})}async addEphemeralKey(e,t){let n=new M(e,t);if(!this.authModule)throw new Error("Add ephemeral key is not supported in no auth mode");return await this.wpClient.addEphemeralKey({payload:n,authModule:this.authModule})}async revokeEphemeralKey(e,t){d("keyId",e);let n=new I(e,t);if(!this.authModule)throw new Error("Revoke ephemeral key is not supported in no auth mode");return await this.wpClient.revokeEphemeralKey({payload:n,authModule:this.authModule})}async registerPasskey(e){let t=new H(e!=null?e:"passkey options");if(!this.authModule)throw new Error("Register passkey is not supported in no auth mode");return await this.wpClient.registerPasskey({payload:t,authModule:this.authModule})}async updatePolicy(e,t){let n=new P({keyId:e,policy:t});return this.authModule?await this.wpClient.updatePolicy({payload:n,authModule:this.authModule}):await this.wpClient.updatePolicy({payload:n})}async deletePolicy(e){let t=new m({keyId:e});return this.authModule?await this.wpClient.deletePolicy({payload:t,authModule:this.authModule}):await this.wpClient.deletePolicy({payload:t})}};var Qe=require("json-canonicalize");var ke=class extends Error{constructor(t,n,i){super(i||n);this.status=t;this.statusText=n;this.name="HttpError"}},$=class{constructor(e="",t={}){a(this,"baseURL");a(this,"defaultHeaders");this.baseURL=e,this.validateHeaders(t),this.defaultHeaders={"Content-Type":"application/json",...t}}validateHeaders(e){if(typeof e!="object"||e===null)throw new Error("Headers must be an object.");for(let[t,n]of Object.entries(e))if(typeof t!="string"||typeof n!="string")throw new Error(`Invalid header: ${t}. Header names and values must be strings.`)}setDefaultHeaders(e){this.defaultHeaders={...this.defaultHeaders,...e}}buildUrl(e){return`${this.baseURL}${e}`}async handleResponse(e){if(!e.ok){let n;try{n=(await e.json()).message||e.statusText}catch{n=e.statusText}throw new ke(e.status,e.statusText,n)}let t=e.headers.get("content-type");return t&&t.includes("application/json")?e.json():e.text()}async request(e,t,n,i={}){let o=this.buildUrl(t),s={...this.defaultHeaders,...i.headers},c={method:e,headers:s,...i,body:n?(0,Qe.canonicalize)(n):null},l=await fetch(o,c);return this.handleResponse(l)}async get(e,t){return this.request("GET",e,void 0,t)}async post(e,t,n){return this.request("POST",e,t,n)}async put(e,t,n){return this.request("PUT",e,t,n)}async patch(e,t,n){return this.request("PATCH",e,t,n)}async delete(e,t){return this.request("DELETE",e,void 0,t)}};var bt={name:"SilentShard authentication",version:"0.1.0"},Pt=[{name:"name",type:"string"},{name:"version",type:"string"}];function St(r,e){let t={setup:r,challenge:e};return{types:{EIP712Domain:Pt,...r.eoaRequestSchema},domain:bt,primaryType:"Request",message:t}}async function Xe({setup:r,eoa:e,challenge:t,browserWallet:n}){let i=St(r,t),o=await n.signTypedData(e,i);return new w({method:"eoa",id:e},o)}var Ce=require("js-base64"),Ee=require("viem"),ee=require("json-canonicalize");async function Ye({user:r,challenge:e,rpConfig:t}){let n=(0,Ee.hexToBytes)(`0x${e}`,{size:32}),i={publicKey:{authenticatorSelection:{residentKey:"preferred",userVerification:"required"},challenge:n,excludeCredentials:[],pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],rp:{name:t.rpName,id:t.rpId},user:{...r,id:Ce.Base64.toUint8Array(r.id)}}},o=await navigator.credentials.create(i);if(o===null)throw new Error("No credential returned");let s=R(o.response.attestationObject),l={rawCredential:(0,ee.canonicalize)({authenticatorAttachment:o.authenticatorAttachment,id:o.id,rawId:R(o.rawId),response:{attestationObject:s,clientDataJSON:R(o.response.clientDataJSON)},type:o.type}),origin:t.rpName,rpId:t.rpId};return new w({method:"passkey",id:o.id},(0,ee.canonicalize)(l))}async function Ze({challenge:r,allowCredentialId:e,rpConfig:t}){let n=(0,Ee.hexToBytes)(`0x${r}`,{size:32}),i=e?[{type:"public-key",id:Ce.Base64.toUint8Array(e)}]:[],o={publicKey:{userVerification:"required",challenge:n,allowCredentials:i}},s=await navigator.credentials.get(o);if(s===null)throw new Error("Failed to get navigator credentials");let c=s.response,l=c.userHandle;if(l===null)throw new Error("User handle cannot be null");let u=R(c.signature),p={rawCredential:(0,ee.canonicalize)({authenticatorAttachment:s.authenticatorAttachment,id:s.id,rawId:R(s.rawId),response:{authenticatorData:R(c.authenticatorData),clientDataJSON:R(c.clientDataJSON),signature:u,userHandle:R(l)},type:s.type}),origin:t.rpName,rpId:t.rpId};return new w({method:"passkey",id:s.id},(0,ee.canonicalize)(p))}var te=require("viem");var pe=require("@noble/curves/ed25519"),ve=require("@noble/curves/secp256k1");var et=require("viem/accounts"),Ie=require("json-canonicalize");var q=class r{constructor(e,t,n,i=Math.floor(Date.now()/1e3)+3600){a(this,"ephId");a(this,"ephPK");a(this,"signAlg");a(this,"expiry");this.validateInputs(e,t,n,i),this.ephId=e,this.ephPK=(0,te.toHex)(t),this.signAlg=n,this.expiry=i}validateInputs(e,t,n,i){d("ephId",e),He(t,n),h(Number.isInteger(i)===!1,"expiry must be an integer");let o=Math.floor(Date.now()/1e3),s=i-o,c=s>0&&s<=365*24*60*60;h(!c,`lifetime must be greater than 0 and less than or equal to 365 days expiry - now ${s}, expiry ${i} now secs ${o}`)}toJSON(){try{return(0,Ie.canonicalize)({ephId:this.ephId,ephPK:this.ephPK,expiry:this.expiry,signAlg:this.signAlg})}catch(e){throw console.error("Error while serializing ephemeral key claim",e),new Error("Error while serializing ephemeral key claim")}}static generateKeys(e,t){let n=ne(e),i=_(n,e),o=new r((0,te.toHex)(i),i,e,t);return{privKey:n,pubKey:i,ephClaim:o}}};async function tt({setup:r,challenge:e,ephSK:t,ephClaim:n}){let i={setup:r,challenge:e},o=new TextEncoder().encode((0,Ie.canonicalize)(i)),s=await At(o,t,n.signAlg);return new w({method:"ephemeral",id:n.ephId},s)}async function At(r,e,t){switch(t){case"ed25519":return(0,te.toHex)(pe.ed25519.sign(r,e));case"secp256k1":return await(0,et.signMessage)({message:{raw:r},privateKey:(0,te.toHex)(e)});default:throw new Error("Invalid signature algorithm")}}function ne(r){switch(r){case"ed25519":return pe.ed25519.utils.randomPrivateKey();case"secp256k1":return ve.secp256k1.utils.randomPrivateKey();default:throw new Error("Invalid signature algorithm")}}function _(r,e){switch(e){case"ed25519":return pe.ed25519.getPublicKey(r);case"secp256k1":return ve.secp256k1.getPublicKey(r,!1);default:throw new Error("Invalid signature algorithm")}}var rt=require("viem");var nt=require("jwt-decode"),de=r=>{try{let e=(0,nt.jwtDecode)(r);return e&&typeof e=="object"&&!Array.isArray(e)?e:void 0}catch{return}};var w=class{constructor(e,t){this.credentials=e;this.signature=t;this.credentials=e,this.signature=t}},B=class{constructor(e,t){a(this,"browserWallet");a(this,"eoa");this.validateInputs(e,t),this.browserWallet=t,this.eoa=e}validateInputs(e,t){h(!(0,rt.isAddress)(e),"invalid Ethereum address format"),h(!((t==null?void 0:t.signTypedData)instanceof Function),"invalid browserWallet")}async authenticate({payload:e,challenge:t}){return D(e,[x,O,M,I,y,S,P,m,T,U,C],"eoa"),await Xe({setup:e,eoa:this.eoa,challenge:t,browserWallet:this.browserWallet})}},L=class{constructor(e,t,n){a(this,"ephSK");a(this,"ephClaim");Ve(t,n),this.ephSK=t;let i=_(this.ephSK,n);this.ephClaim=new q(e,i,n)}async authenticate({payload:e,challenge:t}){return D(e,[y,I,S],"ephemeral"),await tt({setup:e,challenge:t,ephSK:this.ephSK,ephClaim:this.ephClaim})}},J=class{constructor(e,t){a(this,"rpConfig");a(this,"allowCredentialId");this.rpConfig=e,this.allowCredentialId=t}async authenticate({payload:e,challenge:t}){return D(e,[x,M,y,S,O,I,P,C,m],"passkey"),await Ze({allowCredentialId:this.allowCredentialId,challenge:t,rpConfig:this.rpConfig})}},G=class{constructor(e,t){a(this,"rpConfig");a(this,"user");this.rpConfig=e,this.user=t}async authenticate({payload:e,challenge:t}){return D(e,[H],"passkey"),await Ye({user:this.user,challenge:t,rpConfig:this.rpConfig})}},z=class{constructor(e){a(this,"jwtIssuer");this.validateInputs(e),this.jwtIssuer=e}validateInputs(e){h(!((e==null?void 0:e.issueToken)instanceof Function),"invalid jwtIssuer")}async authenticate({payload:e,challenge:t}){D(e,[x,y],"jwt");let n=await this.jwtIssuer.issueToken(t),i=de(n);h(!i,"Failed to decode JWT token");let{iss:o,sub:s}=i;return h(!o||!s,"JWT token is missing iss or sub claims"),new w({method:"jwt",id:{iss:o,sub:s}},n)}};var it=require("@auth0/auth0-spa-js");var Rt=["silent","popup","silent-with-popup-fallback"],re="sl_nonce",kt=(r,e)=>typeof e=="string"&&r.includes(e),j=class{constructor(e){a(this,"config");a(this,"auth0Client");a(this,"auth0ClientPromise");var t;this.validateInputs(e),this.config={domain:e.domain,clientId:e.clientId,audience:e.audience,interactiveMode:(t=e.interactiveMode)!=null?t:"silent-with-popup-fallback"},e.scope&&(this.config.scope=e.scope),e.redirectUri&&(this.config.redirectUri=e.redirectUri),e.useRefreshTokens!==void 0&&(this.config.useRefreshTokens=e.useRefreshTokens),e.useRefreshTokensFallback!==void 0&&(this.config.useRefreshTokensFallback=e.useRefreshTokensFallback),e.auth0Client&&(this.auth0Client=e.auth0Client)}async issueToken(e){h(!e,"missing challenge for Auth0 token issuance");let t=await this.getToken(e);return this.validateTokenChallenge(t,e),t}async isAuthenticated(){let e=await this.getClient();if(!(e.isAuthenticated instanceof Function))throw new Error("Auth0 session lookup is not available");return await e.isAuthenticated()}async getUser(){let e=await this.getClient();if(!(e.getUser instanceof Function))throw new Error("Auth0 user lookup is not available");return await e.getUser()}async logout(e){let t=await this.getClient();if(!(t.logout instanceof Function))throw new Error("Auth0 logout is not available");await t.logout(e)}validateInputs(e){var n,i;h(!(e!=null&&e.domain),"missing Auth0 domain"),h(!(e!=null&&e.clientId),"missing Auth0 clientId"),h(!(e!=null&&e.audience),"missing Auth0 audience"),h(e.interactiveMode!==void 0&&!kt(Rt,e.interactiveMode),"invalid Auth0 interactiveMode");let t=(n=e.interactiveMode)!=null?n:"silent-with-popup-fallback";e.auth0Client!==void 0&&(h(!(((i=e.auth0Client)==null?void 0:i.getTokenSilently)instanceof Function),"invalid auth0Client"),h(t!=="silent"&&!(e.auth0Client.getTokenWithPopup instanceof Function),"invalid auth0Client: missing getTokenWithPopup"))}async getClient(){return this.auth0Client?this.auth0Client:(this.auth0ClientPromise||(this.auth0ClientPromise=(0,it.createAuth0Client)(this.buildClientOptions())),this.auth0Client=await this.auth0ClientPromise,this.auth0Client)}buildClientOptions(){let e={audience:this.config.audience};this.config.scope&&(e.scope=this.config.scope);let t=this.getRedirectUri();return t&&(e.redirect_uri=t),{domain:this.config.domain,clientId:this.config.clientId,authorizationParams:e,...this.config.useRefreshTokens!==void 0?{useRefreshTokens:this.config.useRefreshTokens}:{},...this.config.useRefreshTokensFallback!==void 0?{useRefreshTokensFallback:this.config.useRefreshTokensFallback}:{}}}getRedirectUri(){if(this.config.redirectUri)return this.config.redirectUri;if(typeof window<"u")return window.location.origin}buildAuthorizationParams(e){let t={audience:this.config.audience,[re]:e};this.config.scope&&(t.scope=this.config.scope);let n=this.getRedirectUri();return n&&(t.redirect_uri=n),t}async getToken(e){let t=await this.getClient(),n=this.buildAuthorizationParams(e);if(this.config.interactiveMode==="popup")return await this.getTokenWithPopup(t,n);try{return await t.getTokenSilently({cacheMode:"off",authorizationParams:n})}catch(i){if(this.config.interactiveMode!=="silent-with-popup-fallback"||!this.isInteractiveAuthError(i))throw i;return await this.getTokenWithPopup(t,n)}}async getTokenWithPopup(e,t){h(!(e.getTokenWithPopup instanceof Function),"Auth0 popup token flow is not available");let n=await e.getTokenWithPopup({cacheMode:"off",authorizationParams:t});if(!n)throw new Error("Auth0 popup token flow did not return an access token");return n}isInteractiveAuthError(e){var n;let t=e;return["consent_required","interaction_required","login_required","mfa_required","missing_refresh_token"].includes((n=t.error)!=null?n:"")}validateTokenChallenge(e,t){let n=de(e);if(!n)throw new Error("Failed to decode Auth0 access token");let i=Object.entries(n).find(([s])=>s===re);if(i===void 0)throw new Error(`Auth0 access token is missing ${re} claim`);let o=i[1];h(typeof o!="string",`Auth0 access token ${re} claim must be a string`),h(o!==t,`Expected ${re} claim to match ${t}, found ${String(o)}`)}};var ge=require("viem/accounts"),st=require("@noble/curves/secp256k1"),Q=require("viem"),Ct=require("js-base64");function fe(r){if(r.startsWith("0x")&&(r=r.slice(2)),r.startsWith("04"))return(0,ge.publicKeyToAddress)(`0x${r} `);if(r.startsWith("02")||r.startsWith("03")){let e=st.secp256k1.ProjectivePoint.fromHex(r).toHex(!1);return(0,ge.publicKeyToAddress)(`0x${e}`)}else throw new Error("Invalid public key")}var We={};Ne(We,{Action:()=>Ue,ChainType:()=>Ke,IssuerType:()=>Te,Logic:()=>qe,Operator:()=>_e,Policy:()=>xe,Rule:()=>me,TransactionAttribute:()=>Oe,TransactionType:()=>Me});var ot=require("json-canonicalize");var ye=512,Te=(n=>(n.SessionKeyId="SessionKeyId",n.UserId="UserId",n.All="*",n))(Te||{}),Ue=(t=>(t.Allow="allow",t.Deny="deny",t))(Ue||{}),qe=(t=>(t.Or="or",t.And="and",t))(qe||{}),Ke=(n=>(n.Off="off",n.Ethereum="ethereum",n.Solana="solana",n))(Ke||{}),Me=(s=>(s.Eip712="eip712",s.Eip191="eip191",s.Erc20="erc20",s.Erc721="erc721",s.NativeTransfer="nativeTransfer",s.SolanaTransaction="solanaTransaction",s))(Me||{}),Oe=(f=>(f.Sender="sender",f.Receiver="receiver",f.NativeValue="nativeValue",f.ChainId="chainId",f.FunctionSelector="functionSelector",f.Message="message",f.VerifyingContract="verifyingContract",f.PrimaryType="primaryType",f.DomainName="domainName",f.DomainVersion="domainVersion",f.SolanaAccountKeys="solanaAccountKeys",f.SplTransferAmount="splTransferAmount",f.SplTransferSrc="splTransferSrc",f.SplTransferDest="splTransferDest",f.SplTokenMint="splTokenMint",f.CustomProgramInstruction="customProgramInstruction",f.SystemInstructionName="systemInstructionName",f.SplInstructionName="splInstructionName",f))(Oe||{}),_e=(l=>(l.Eq="eq",l.Neq="neq",l.Lt="lt",l.Lte="lte",l.Gt="gt",l.Gte="gte",l.In="in",l.All="all",l))(_e||{}),me=class{constructor({description:e,chain_type:t,conditions:n,issuer:i,action:o,logic:s}){a(this,"description");a(this,"issuer");a(this,"action");a(this,"logic");a(this,"chain_type");a(this,"conditions");if(!n.length)throw new Error("Rule must have at least one condition");if(!t)throw new Error("Chain type must be set");if(e.length>ye)throw new Error(`Description length exceeds maximum of ${ye}`);this.description=e,this.chain_type=t,this.conditions=n,this.issuer=i||[{type:"*",id:"*"}],this.action=o||"allow",this.logic=s||"and"}},xe=class{constructor({version:e,description:t,rules:n}){a(this,"version");a(this,"description");a(this,"rules");if(t.length>ye)throw new Error(`Description length exceeds maximum of ${ye}`);this.version=e!=null?e:"1.0",this.description=t,this.rules=n}toJSON(){try{return(0,ot.canonicalize)({version:this.version,description:this.description,rules:this.rules})}catch(e){throw console.error("Error while serializing policy",e),new Error("Error while serializing policy")}}};var Et={KeygenSetupOpts:x,InitPresignOpts:N,FinishPresignOpts:S,SignSetupOpts:y,UserSignatures:k,NetworkSigner:F,SignRequestBuilder:K,WalletProviderServiceClient:V,NoAuthWalletProviderServiceClient:E,HttpClient:$,EOAAuth:B,EphAuth:L,PasskeyAuth:J,PasskeyRegister:G,generateEphPrivateKey:ne,getEphPublicKey:_,EphKeyClaim:q,computeAddress:fe,flattenSignature:he,UpdatePolicyRequest:P,DeletePolicyRequest:m,GetStateControllersRequest:m,CreateStateControllerRequest:T,DeleteStateControllerRequest:U,DryRunPolicyRequest:C,...We,JWTAuth:z,Auth0JWTIssuer:j};0&&(module.exports={Action,Auth0JWTIssuer,ChainType,CreateStateControllerRequest,DeletePolicyRequest,DeleteStateControllerRequest,DryRunPolicyRequest,EOAAuth,EphAuth,EphKeyClaim,FinishPresignOpts,GetStateControllersRequest,HttpClient,InitPresignOpts,IssuerType,JWTAuth,KeygenSetupOpts,Logic,NetworkSigner,NoAuthWalletProviderServiceClient,Operator,PasskeyAuth,PasskeyRegister,Policy,Rule,SignRequestBuilder,SignSetupOpts,TransactionAttribute,TransactionType,UpdatePolicyRequest,UserAuthentication,UserSignatures,WalletProviderServiceClient,computeAddress,flattenSignature,generateEphPrivateKey,getEphPublicKey});
2
2
  /*! Bundled license information:
3
3
 
4
4
  @noble/hashes/esm/utils.js:
package/dist/index.d.ts CHANGED
@@ -4,8 +4,9 @@ export type { ApiVersion, ClientConfig, IWalletProviderServiceClient, INoAuthWpS
4
4
  export type { IBrowserWallet, TypedData } from './auth/EOAauthentication';
5
5
  export type { PasskeyUser, RelyingPartyConfig } from './auth/passkeyAuthentication';
6
6
  export type { IJWTIssuer } from './auth/JWTAuthentication';
7
+ export type { Auth0JWTIssuerConfig, Auth0InteractiveTokenMode } from './auth/auth0JWTIssuer';
7
8
  export type { AuthModule, AuthModuleParams } from './auth/authentication';
8
- export type { KeygenResponse, KeyRefreshResponse, SignResponse, AddEphKeyResponse, RevokeEphKeyResponse, RegisterPasskeyResponse, UpdatePolicyResponse, DeletePolicyResponse, GetStateControllersResponse, DeleteStateControllerResponse, } from './client/networkResponse';
9
+ export type { KeygenResponse, KeyRefreshResponse, SignResponse, AddEphKeyResponse, RevokeEphKeyResponse, RegisterPasskeyResponse, UpdatePolicyResponse, DeletePolicyResponse, GetStateControllersResponse, DeleteStateControllerResponse, DryRunPolicyResponse, DryRunPolicyStateEntry, } from './client/networkResponse';
9
10
  export type { MPCSignAlgorithm } from './client/networkSigner';
10
11
  export type { EphKeySignAlgorithm } from './auth/ephemeralAuthentication';
11
12
  export type { DSGOpts } from './viemSigner';
@@ -18,10 +19,11 @@ export { NetworkSigner } from './client/networkSigner';
18
19
  export { WalletProviderServiceClient, NoAuthWalletProviderServiceClient } from './client/walletProviderServiceClient';
19
20
  export { HttpClient } from './client/httpClient';
20
21
  export { EOAAuth, EphAuth, PasskeyAuth, PasskeyRegister, UserAuthentication, JWTAuth, type JWTIdentifier, } from './auth/authentication';
22
+ export { Auth0JWTIssuer } from './auth/auth0JWTIssuer';
21
23
  export { generateEphPrivateKey, getEphPublicKey, EphKeyClaim } from './auth/ephemeralAuthentication';
22
24
  export { computeAddress } from './viemSigner';
23
25
  export { KeygenSetupOpts, InitPresignOpts, FinishPresignOpts, SignSetupOpts } from './setupMessage';
24
- export { UpdatePolicyRequest, KeyIdOfPolicy as DeletePolicyRequest, KeyIdOfPolicy as GetStateControllersRequest, CreateStateControllerRequest, DeleteStateControllerRequest, } from './client/networkRequest';
26
+ export { UpdatePolicyRequest, KeyIdOfPolicy as DeletePolicyRequest, KeyIdOfPolicy as GetStateControllersRequest, CreateStateControllerRequest, DeleteStateControllerRequest, DryRunPolicyRequest, } from './client/networkRequest';
25
27
  export * from './policy';
26
28
  import { SignRequestBuilder } from './builder/signRequest';
27
29
  import { UserSignatures } from './builder/userAuth';
@@ -29,13 +31,15 @@ import { NetworkSigner } from './client/networkSigner';
29
31
  import { WalletProviderServiceClient, NoAuthWalletProviderServiceClient } from './client/walletProviderServiceClient';
30
32
  import { HttpClient } from './client/httpClient';
31
33
  import { EOAAuth, EphAuth, PasskeyAuth, PasskeyRegister, JWTAuth } from './auth/authentication';
34
+ import { Auth0JWTIssuer } from './auth/auth0JWTIssuer';
32
35
  import { generateEphPrivateKey, getEphPublicKey, EphKeyClaim } from './auth/ephemeralAuthentication';
33
36
  import { computeAddress } from './viemSigner';
34
37
  import { KeygenSetupOpts, InitPresignOpts, FinishPresignOpts, SignSetupOpts } from './setupMessage';
35
- import { UpdatePolicyRequest, KeyIdOfPolicy, CreateStateControllerRequest, DeleteStateControllerRequest } from './client/networkRequest';
38
+ import { UpdatePolicyRequest, KeyIdOfPolicy, CreateStateControllerRequest, DeleteStateControllerRequest, DryRunPolicyRequest } from './client/networkRequest';
36
39
  import * as policy from './policy';
37
40
  declare const _default: {
38
41
  JWTAuth: typeof JWTAuth;
42
+ Auth0JWTIssuer: typeof Auth0JWTIssuer;
39
43
  IssuerType: typeof policy.IssuerType;
40
44
  Action: typeof policy.Action;
41
45
  Logic: typeof policy.Logic;
@@ -69,5 +73,6 @@ declare const _default: {
69
73
  GetStateControllersRequest: typeof KeyIdOfPolicy;
70
74
  CreateStateControllerRequest: typeof CreateStateControllerRequest;
71
75
  DeleteStateControllerRequest: typeof DeleteStateControllerRequest;
76
+ DryRunPolicyRequest: typeof DryRunPolicyRequest;
72
77
  };
73
78
  export default _default;