@terminal3/t3n-sdk 0.4.0 → 0.5.0

package/README.md

@@ -425,7 +425,7 @@ With `--provider`, the demo runs a **user update** (create/update profile) by de
 
 3. **OID4VP present only** – When you pass **`--oid4vp-only --did <did>`**, the demo skips user update and sends only the OID4VP present request for the given DID.
 
-Payloads are configurable via **defaults** or **JSON files** (`--user-update-json`, `--oid4vp-json`). The request body is signed with EIP-191 using the provider’s EOA key. The key must match the TEE’s provider config (see `tests/integration/provider_configs/provider_configs.json`: `auth_method.public_key` for the provider). By default the demo uses the test key (`0x01`×32); override with `--provider-signing-key` or `PROVIDER_SIGNING_KEY` for other environments.
+Payloads are configurable via **defaults** or **JSON files** (`--user-update-json`, `--oid4vp-json`). The request body is signed with EIP-191 using the provider’s EOA key. The key must match `auth_method.public_key` for the provider in the TEE's provider config. By default the demo uses the test key (`0x01`×32); override with `--provider-signing-key` or `PROVIDER_SIGNING_KEY` for other environments.
 
 ```bash
 # User update only (default)
@@ -472,7 +472,7 @@ The demo supports the following command-line arguments:
 
 - `--wait-tx`: After step 1 (user update), wait for transaction confirmation before step 2. Can also set env `WAIT_FOR_TX=true`. (Tx wait is not implemented; flag is accepted for future use.)
 
-- `--provider-signing-key`: EOA private key (32-byte hex, e.g. `0x01...01`) for signing provider webhooks. Must match the TEE’s provider config `auth_method.public_key` for the provider. Default is the test key used in integration (see `tests/integration/provider_configs/provider_configs.json`). Can also set env `PROVIDER_SIGNING_KEY`.
+- `--provider-signing-key`: EOA private key (32-byte hex, e.g. `0x01...01`) for signing provider webhooks. Must match the TEE’s provider config `auth_method.public_key` for the provider. Default is the test key used in integration. Can also set env `PROVIDER_SIGNING_KEY`.
 
 - `--script-version`: Optional override for contract script version used by session-based actions (`--upsert`, `--get-profile`, `--agent-auth`). If omitted, the demo resolves the latest version dynamically from `/api/contracts/current` for `tee:user/contracts`.
 

package/dist/index.d.ts

@@ -75,11 +75,10 @@ interface SessionCrypto {
     /**
      * Encrypt plaintext using session
      * @param session - Session state (opaque bytes)
-     * @param nonce - Nonce to use for encryption
      * @param plaintext - Data to encrypt
      * @returns Promise with encrypted bytes
      */
-    encrypt(session: Uint8Array, nonce: Uint8Array, plaintext: Uint8Array): Promise<Uint8Array>;
+    encrypt(session: Uint8Array, plaintext: Uint8Array): Promise<Uint8Array>;
     /**
      * Decrypt ciphertext using session
      * @param session - Session state (opaque bytes)
@@ -155,22 +154,22 @@ interface Logger {
      * Log a debug message (most verbose)
      * @param args - Arguments to log
      */
-    debug(...args: any[]): void;
+    debug(...args: unknown[]): void;
     /**
      * Log an info message
      * @param args - Arguments to log
      */
-    info(...args: any[]): void;
+    info(...args: unknown[]): void;
     /**
      * Log a warning message
      * @param args - Arguments to log
      */
-    warn(...args: any[]): void;
+    warn(...args: unknown[]): void;
     /**
      * Log an error message (least verbose)
      * @param args - Arguments to log
      */
-    error(...args: any[]): void;
+    error(...args: unknown[]): void;
 }
 /**
  * Set the global default log level for all components
@@ -224,7 +223,7 @@ interface WasmLoadConfig {
     /** Custom fetch function for loading WASM */
     fetchFn?: typeof fetch;
     /** Additional initialization options */
-    initOptions?: Record<string, any>;
+    initOptions?: Record<string, unknown>;
     /** Optional logger instance - if not provided, uses global default */
     logger?: Logger;
 }
@@ -320,9 +319,16 @@ declare function createOidcAuthInput(credentials: OidcCredentials): OidcAuthInpu
  */
 /**
  * Guest-to-Host request handler function type
- * Handles requests from WASM guest that need host (SDK) to perform side effects
+ *
+ * Handles requests from WASM guest that need host (SDK) to perform side
+ * effects. The exact shape of `requestData` depends on the specific
+ * handler — see `GuestToHostHandlers` below for the per-handler shapes.
+ * The wrapper layer in `T3nClient.handleGuestToHost` parses the JSON
+ * envelope and calls the matching handler with the parsed data, so
+ * each handler's implementation should narrow `requestData` to its
+ * own expected shape.
  */
-type GuestToHostHandler = (requestData: any) => Promise<Uint8Array>;
+type GuestToHostHandler = (requestData: Record<string, unknown>) => Promise<Uint8Array>;
 /**
  * Map of guest-to-host request handlers
  * Keys match the guest_to_host tag values from the WASM
@@ -361,7 +367,7 @@ interface GuestToHostHandlers {
 interface JsonRpcRequest {
     jsonrpc: "2.0";
     method: string;
-    params: any;
+    params: unknown;
     id: string | number;
 }
 /**
@@ -369,11 +375,11 @@ interface JsonRpcRequest {
  */
 interface JsonRpcResponse {
     jsonrpc: "2.0";
-    result?: any;
+    result?: unknown;
     error?: {
         code: number;
         message: string;
-        data?: any;
+        data?: unknown;
     };
     id: string | number;
 }
@@ -435,7 +441,7 @@ declare class MockTransport implements Transport {
     /**
      * Mock an error response for a specific method
      */
-    mockError(method: string, code: number, message: string, data?: any): void;
+    mockError(method: string, code: number, message: string, data?: unknown): void;
     /**
      * Get all requests that were sent
      */
@@ -567,6 +573,14 @@ declare class T3nClient {
  * Examples: signing challenges, providing public keys, generating random bytes.
  */
 
+/**
+ * Account — MetaMask handler accepts either a plain address string or an
+ * object with an `address` field (for compatibility with various wallet
+ * libraries).
+ */
+type EthAccount = string | {
+    address: string;
+};
 /**
  * Create an EthSign handler using MetaMask (window.ethereum)
  * @param account - MetaMask account (string address or object with address property)
@@ -574,7 +588,7 @@ declare class T3nClient {
  *   Pass a custom logger to override logging behavior for this handler.
  * @param privateKey - Optional private key for signing (if provided, MetaMask is not used)
  */
-declare function metamask_sign(account: any, logger?: Logger, privateKey?: string | undefined): GuestToHostHandler;
+declare function metamask_sign(account: EthAccount, logger?: Logger, privateKey?: string | undefined): GuestToHostHandler;
 /**
  * Get the current MetaMask address
  * @returns Ethereum address (lowercase, 0x prefixed)
@@ -720,7 +734,7 @@ declare function extractWasmError(error: unknown): string;
 /**
  * Redact secrets from values before logging
  */
-declare function redactSecrets(value: any): any;
+declare function redactSecrets(value: unknown): unknown;
 /**
  * Redact secrets from a JSON string
  */