@tetherto/wdk-react-native-secure-storage 1.0.0-beta.1 → 1.0.0-beta.3

package/dist/constants.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Timeout constants for keychain operations
+ */
+export declare const DEFAULT_TIMEOUT_MS = 30000;
+export declare const MIN_TIMEOUT_MS = 1000;
+export declare const MAX_TIMEOUT_MS: number;
+/**
+ * Cache TTL for device authentication availability (5 minutes)
+ */
+export declare const DEVICE_AUTH_CACHE_TTL_MS: number;
+//# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,kBAAkB,QAAQ,CAAA;AACvC,eAAO,MAAM,cAAc,OAAO,CAAA;AAClC,eAAO,MAAM,cAAc,QAAgB,CAAA;AAE3C;;GAEG;AACH,eAAO,MAAM,wBAAwB,QAAgB,CAAA"}

package/dist/constants.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEVICE_AUTH_CACHE_TTL_MS = exports.MAX_TIMEOUT_MS = exports.MIN_TIMEOUT_MS = exports.DEFAULT_TIMEOUT_MS = void 0;
+/**
+ * Timeout constants for keychain operations
+ */
+exports.DEFAULT_TIMEOUT_MS = 30000;
+exports.MIN_TIMEOUT_MS = 1000;
+exports.MAX_TIMEOUT_MS = 5 * 60 * 1000;
+/**
+ * Cache TTL for device authentication availability (5 minutes)
+ */
+exports.DEVICE_AUTH_CACHE_TTL_MS = 5 * 60 * 1000;

package/dist/errors.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Base error class for all secure storage errors
+ */
+export declare class SecureStorageError extends Error {
+    readonly code: string;
+    readonly cause?: Error | undefined;
+    constructor(message: string, code: string, cause?: Error | undefined);
+}
+/**
+ * Error thrown when keychain operations fail
+ *
+ * Note: This is a base error class for completeness. In practice, use
+ * KeychainWriteError or KeychainReadError for more specific error handling.
+ */
+export declare class KeychainError extends SecureStorageError {
+    constructor(message: string, cause?: Error);
+}
+/**
+ * Error thrown when keychain write operations fail
+ */
+export declare class KeychainWriteError extends SecureStorageError {
+    constructor(message: string, cause?: Error);
+}
+/**
+ * Error thrown when keychain read operations fail
+ */
+export declare class KeychainReadError extends SecureStorageError {
+    constructor(message: string, cause?: Error);
+}
+/**
+ * Error thrown when authentication fails or is required but unavailable
+ */
+export declare class AuthenticationError extends SecureStorageError {
+    constructor(message: string, cause?: Error);
+}
+/**
+ * Error thrown when input validation fails
+ */
+export declare class ValidationError extends SecureStorageError {
+    constructor(message: string);
+}
+/**
+ * Error thrown when an operation times out
+ */
+export declare class TimeoutError extends SecureStorageError {
+    constructor(message: string);
+}
+/**
+ * Error thrown when device security (PIN/pattern/password/biometrics) is not enabled
+ *
+ * This error can be used by apps that want to enforce device security as a prerequisite.
+ * Whether to require device security is up to the app - the library will still function
+ * on devices without authentication configured (data remains encrypted at rest).
+ */
+export declare class DeviceSecurityNotEnabledError extends SecureStorageError {
+    constructor(message?: string, cause?: Error);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;aAGzB,IAAI,EAAE,MAAM;aACZ,KAAK,CAAC,EAAE,KAAK;gBAF7B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM,EACZ,KAAK,CAAC,EAAE,KAAK,YAAA;CAYhC;AAED;;;;;GAKG;AACH,qBAAa,aAAc,SAAQ,kBAAkB;gBACvC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAI3C;AAED;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,kBAAkB;gBAC5C,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAI3C;AAED;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,kBAAkB;gBAC3C,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAI3C;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,kBAAkB;gBAC7C,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAI3C;AAED;;GAEG;AACH,qBAAa,eAAgB,SAAQ,kBAAkB;gBACzC,OAAO,EAAE,MAAM;CAI5B;AAED;;GAEG;AACH,qBAAa,YAAa,SAAQ,kBAAkB;gBACtC,OAAO,EAAE,MAAM;CAI5B;AAED;;;;;;GAMG;AACH,qBAAa,6BAA8B,SAAQ,kBAAkB;gBACvD,OAAO,GAAE,MAA0I,EAAE,KAAK,CAAC,EAAE,KAAK;CAI/K"}

package/dist/errors.js

@@ -0,0 +1,99 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DeviceSecurityNotEnabledError = exports.TimeoutError = exports.ValidationError = exports.AuthenticationError = exports.KeychainReadError = exports.KeychainWriteError = exports.KeychainError = exports.SecureStorageError = void 0;
+/**
+ * Base error class for all secure storage errors
+ */
+class SecureStorageError extends Error {
+    constructor(message, code, cause) {
+        super(message);
+        this.code = code;
+        this.cause = cause;
+        this.name = 'SecureStorageError';
+        // Maintains proper stack trace for where our error was thrown (only available on V8)
+        // Note: Error.captureStackTrace is V8-specific (Node.js, Chrome). In React Native,
+        // this will typically work on Android (V8) but may not work on iOS (JavaScriptCore).
+        // If unavailable, the standard Error stack trace will be used instead.
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, this.constructor);
+        }
+    }
+}
+exports.SecureStorageError = SecureStorageError;
+/**
+ * Error thrown when keychain operations fail
+ *
+ * Note: This is a base error class for completeness. In practice, use
+ * KeychainWriteError or KeychainReadError for more specific error handling.
+ */
+class KeychainError extends SecureStorageError {
+    constructor(message, cause) {
+        super(message, 'KEYCHAIN_ERROR', cause);
+        this.name = 'KeychainError';
+    }
+}
+exports.KeychainError = KeychainError;
+/**
+ * Error thrown when keychain write operations fail
+ */
+class KeychainWriteError extends SecureStorageError {
+    constructor(message, cause) {
+        super(message, 'KEYCHAIN_WRITE_ERROR', cause);
+        this.name = 'KeychainWriteError';
+    }
+}
+exports.KeychainWriteError = KeychainWriteError;
+/**
+ * Error thrown when keychain read operations fail
+ */
+class KeychainReadError extends SecureStorageError {
+    constructor(message, cause) {
+        super(message, 'KEYCHAIN_READ_ERROR', cause);
+        this.name = 'KeychainReadError';
+    }
+}
+exports.KeychainReadError = KeychainReadError;
+/**
+ * Error thrown when authentication fails or is required but unavailable
+ */
+class AuthenticationError extends SecureStorageError {
+    constructor(message, cause) {
+        super(message, 'AUTHENTICATION_ERROR', cause);
+        this.name = 'AuthenticationError';
+    }
+}
+exports.AuthenticationError = AuthenticationError;
+/**
+ * Error thrown when input validation fails
+ */
+class ValidationError extends SecureStorageError {
+    constructor(message) {
+        super(message, 'VALIDATION_ERROR');
+        this.name = 'ValidationError';
+    }
+}
+exports.ValidationError = ValidationError;
+/**
+ * Error thrown when an operation times out
+ */
+class TimeoutError extends SecureStorageError {
+    constructor(message) {
+        super(message, 'TIMEOUT_ERROR');
+        this.name = 'TimeoutError';
+    }
+}
+exports.TimeoutError = TimeoutError;
+/**
+ * Error thrown when device security (PIN/pattern/password/biometrics) is not enabled
+ *
+ * This error can be used by apps that want to enforce device security as a prerequisite.
+ * Whether to require device security is up to the app - the library will still function
+ * on devices without authentication configured (data remains encrypted at rest).
+ */
+class DeviceSecurityNotEnabledError extends SecureStorageError {
+    constructor(message = 'Device security is not enabled. Please set up a PIN, pattern, or password in your device settings to use secure wallet storage.', cause) {
+        super(message, 'DEVICE_SECURITY_NOT_ENABLED', cause);
+        this.name = 'DeviceSecurityNotEnabledError';
+    }
+}
+exports.DeviceSecurityNotEnabledError = DeviceSecurityNotEnabledError;

package/dist/index.d.ts

@@ -0,0 +1,18 @@
+/**
+ * @tetherto/wdk-react-native-secure-storage
+ *
+ * Secure storage abstractions for React Native
+ * Provides secure storage for sensitive data (encrypted seeds, keys)
+ *
+ * **Note on Internal Types:** Some internal types like `StorageKey` are intentionally
+ * not exported. These are implementation details that consumers should not use directly.
+ * Use the public API methods (setEncryptionKey, getEncryptionKey, etc.) instead.
+ */
+export type { SecureStorage, SecureStorageOptions, AuthenticationOptions, SecureStorageItemOptions, } from './secureStorage';
+export { createSecureStorage } from './secureStorage';
+export { SecureStorageError, KeychainError, KeychainWriteError, KeychainReadError, AuthenticationError, ValidationError, TimeoutError, DeviceSecurityNotEnabledError, } from './errors';
+export type { Logger, LogEntry } from './logger';
+export { LogLevel, defaultLogger } from './logger';
+export { MAX_IDENTIFIER_LENGTH, MAX_VALUE_LENGTH } from './validation';
+export { MIN_TIMEOUT_MS, MAX_TIMEOUT_MS } from './constants';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,YAAY,EACV,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,iBAAiB,CAAA;AACxB,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAA;AAGrD,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,YAAY,EACZ,6BAA6B,GAC9B,MAAM,UAAU,CAAA;AAGjB,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAA;AAChD,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAGlD,OAAO,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAGtE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA"}

package/dist/index.js

@@ -0,0 +1,36 @@
+"use strict";
+/**
+ * @tetherto/wdk-react-native-secure-storage
+ *
+ * Secure storage abstractions for React Native
+ * Provides secure storage for sensitive data (encrypted seeds, keys)
+ *
+ * **Note on Internal Types:** Some internal types like `StorageKey` are intentionally
+ * not exported. These are implementation details that consumers should not use directly.
+ * Use the public API methods (setEncryptionKey, getEncryptionKey, etc.) instead.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_TIMEOUT_MS = exports.MIN_TIMEOUT_MS = exports.MAX_VALUE_LENGTH = exports.MAX_IDENTIFIER_LENGTH = exports.defaultLogger = exports.LogLevel = exports.DeviceSecurityNotEnabledError = exports.TimeoutError = exports.ValidationError = exports.AuthenticationError = exports.KeychainReadError = exports.KeychainWriteError = exports.KeychainError = exports.SecureStorageError = exports.createSecureStorage = void 0;
+var secureStorage_1 = require("./secureStorage");
+Object.defineProperty(exports, "createSecureStorage", { enumerable: true, get: function () { return secureStorage_1.createSecureStorage; } });
+// Error classes
+var errors_1 = require("./errors");
+Object.defineProperty(exports, "SecureStorageError", { enumerable: true, get: function () { return errors_1.SecureStorageError; } });
+Object.defineProperty(exports, "KeychainError", { enumerable: true, get: function () { return errors_1.KeychainError; } });
+Object.defineProperty(exports, "KeychainWriteError", { enumerable: true, get: function () { return errors_1.KeychainWriteError; } });
+Object.defineProperty(exports, "KeychainReadError", { enumerable: true, get: function () { return errors_1.KeychainReadError; } });
+Object.defineProperty(exports, "AuthenticationError", { enumerable: true, get: function () { return errors_1.AuthenticationError; } });
+Object.defineProperty(exports, "ValidationError", { enumerable: true, get: function () { return errors_1.ValidationError; } });
+Object.defineProperty(exports, "TimeoutError", { enumerable: true, get: function () { return errors_1.TimeoutError; } });
+Object.defineProperty(exports, "DeviceSecurityNotEnabledError", { enumerable: true, get: function () { return errors_1.DeviceSecurityNotEnabledError; } });
+var logger_1 = require("./logger");
+Object.defineProperty(exports, "LogLevel", { enumerable: true, get: function () { return logger_1.LogLevel; } });
+Object.defineProperty(exports, "defaultLogger", { enumerable: true, get: function () { return logger_1.defaultLogger; } });
+// Validation constants
+var validation_1 = require("./validation");
+Object.defineProperty(exports, "MAX_IDENTIFIER_LENGTH", { enumerable: true, get: function () { return validation_1.MAX_IDENTIFIER_LENGTH; } });
+Object.defineProperty(exports, "MAX_VALUE_LENGTH", { enumerable: true, get: function () { return validation_1.MAX_VALUE_LENGTH; } });
+// Timeout constants
+var constants_1 = require("./constants");
+Object.defineProperty(exports, "MIN_TIMEOUT_MS", { enumerable: true, get: function () { return constants_1.MIN_TIMEOUT_MS; } });
+Object.defineProperty(exports, "MAX_TIMEOUT_MS", { enumerable: true, get: function () { return constants_1.MAX_TIMEOUT_MS; } });

package/dist/keychainHelpers.d.ts

@@ -0,0 +1,15 @@
+import * as Keychain from 'react-native-keychain';
+/**
+ * Keychain options for setGenericPassword
+ */
+export type KeychainOptions = Parameters<typeof Keychain.setGenericPassword>[2];
+/**
+ * Create keychain options with conditional access control
+ *
+ * @param deviceAuthAvailable - Whether device authentication (biometrics/PIN) is available
+ * @param requireAuth - Whether authentication should be required for this operation
+ * @param syncable - Whether the value should sync across devices (default: true)
+ * @returns Keychain options object with appropriate access control settings
+ */
+export declare function createKeychainOptions(deviceAuthAvailable: boolean, requireAuth?: boolean, syncable?: boolean): KeychainOptions;
+//# sourceMappingURL=keychainHelpers.d.ts.map

package/dist/keychainHelpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychainHelpers.d.ts","sourceRoot":"","sources":["../src/keychainHelpers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,uBAAuB,CAAA;AAEjD;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAA;AAE/E;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CACnC,mBAAmB,EAAE,OAAO,EAC5B,WAAW,GAAE,OAAc,EAC3B,QAAQ,GAAE,OAAc,GACvB,eAAe,CAYjB"}

package/dist/keychainHelpers.js

@@ -0,0 +1,56 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createKeychainOptions = createKeychainOptions;
+const Keychain = __importStar(require("react-native-keychain"));
+/**
+ * Create keychain options with conditional access control
+ *
+ * @param deviceAuthAvailable - Whether device authentication (biometrics/PIN) is available
+ * @param requireAuth - Whether authentication should be required for this operation
+ * @param syncable - Whether the value should sync across devices (default: true)
+ * @returns Keychain options object with appropriate access control settings
+ */
+function createKeychainOptions(deviceAuthAvailable, requireAuth = true, syncable = true) {
+    const options = {
+        accessible: syncable
+            ? Keychain.ACCESSIBLE.WHEN_UNLOCKED
+            : Keychain.ACCESSIBLE.WHEN_UNLOCKED_THIS_DEVICE_ONLY,
+    };
+    if (requireAuth && deviceAuthAvailable) {
+        options.accessControl = Keychain.ACCESS_CONTROL.BIOMETRY_ANY_OR_DEVICE_PASSCODE;
+    }
+    return options;
+}

package/dist/logger.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Log levels in order of severity
+ */
+export declare enum LogLevel {
+    DEBUG = 0,
+    INFO = 1,
+    WARN = 2,
+    ERROR = 3
+}
+/**
+ * Log entry structure
+ */
+export interface LogEntry {
+    level: LogLevel;
+    message: string;
+    timestamp: number;
+    context?: Record<string, unknown>;
+    error?: Error;
+}
+/**
+ * Logger interface for structured logging
+ */
+export interface Logger {
+    debug(message: string, context?: Record<string, unknown>): void;
+    info(message: string, context?: Record<string, unknown>): void;
+    warn(message: string, context?: Record<string, unknown>): void;
+    error(message: string, error?: Error, context?: Record<string, unknown>): void;
+    /**
+     * Set the minimum log level
+     * Logs below this level will be ignored
+     */
+    setLevel?(level: LogLevel): void;
+}
+/**
+ * Default logger implementation
+ * Uses console methods but provides structured logging interface
+ *
+ * **Default Log Level:** ERROR
+ *
+ * The default log level is set to ERROR to minimize log noise in production.
+ * This ensures that only critical errors are logged by default, which is appropriate
+ * for production environments where excessive logging can impact performance and
+ * expose sensitive information.
+ *
+ * For development or debugging, you can change the log level:
+ * ```typescript
+ * defaultLogger.setLevel(LogLevel.DEBUG)
+ * ```
+ *
+ * For production monitoring of security events, consider setting to WARN:
+ * ```typescript
+ * defaultLogger.setLevel(LogLevel.WARN)
+ * ```
+ */
+declare class DefaultLogger implements Logger {
+    private minLevel;
+    /**
+     * Set the minimum log level
+     */
+    setLevel(level: LogLevel): void;
+    /**
+     * Internal log method
+     */
+    private log;
+    debug(message: string, context?: Record<string, unknown>): void;
+    info(message: string, context?: Record<string, unknown>): void;
+    warn(message: string, context?: Record<string, unknown>): void;
+    error(message: string, error?: Error, context?: Record<string, unknown>): void;
+}
+/**
+ * Default logger instance
+ */
+export declare const defaultLogger: DefaultLogger;
+export {};
+//# sourceMappingURL=logger.d.ts.map

package/dist/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,oBAAY,QAAQ;IAClB,KAAK,IAAI;IACT,IAAI,IAAI;IACR,IAAI,IAAI;IACR,KAAK,IAAI;CACV;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,QAAQ,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACjC,KAAK,CAAC,EAAE,KAAK,CAAA;CACd;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAA;IAC/D,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAA;IAC9D,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAA;IAC9D,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAA;IAC9E;;;OAGG;IACH,QAAQ,CAAC,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI,CAAA;CACjC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,cAAM,aAAc,YAAW,MAAM;IACnC,OAAO,CAAC,QAAQ,CAA2B;IAE3C;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI;IAI/B;;OAEG;IACH,OAAO,CAAC,GAAG;IAiCX,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAI/D,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAI9D,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAI9D,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;CAG/E;AAED;;GAEG;AACH,eAAO,MAAM,aAAa,eAAsB,CAAA"}

package/dist/logger.js

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultLogger = exports.LogLevel = void 0;
+/**
+ * Log levels in order of severity
+ */
+var LogLevel;
+(function (LogLevel) {
+    LogLevel[LogLevel["DEBUG"] = 0] = "DEBUG";
+    LogLevel[LogLevel["INFO"] = 1] = "INFO";
+    LogLevel[LogLevel["WARN"] = 2] = "WARN";
+    LogLevel[LogLevel["ERROR"] = 3] = "ERROR";
+})(LogLevel || (exports.LogLevel = LogLevel = {}));
+/**
+ * Default logger implementation
+ * Uses console methods but provides structured logging interface
+ *
+ * **Default Log Level:** ERROR
+ *
+ * The default log level is set to ERROR to minimize log noise in production.
+ * This ensures that only critical errors are logged by default, which is appropriate
+ * for production environments where excessive logging can impact performance and
+ * expose sensitive information.
+ *
+ * For development or debugging, you can change the log level:
+ * ```typescript
+ * defaultLogger.setLevel(LogLevel.DEBUG)
+ * ```
+ *
+ * For production monitoring of security events, consider setting to WARN:
+ * ```typescript
+ * defaultLogger.setLevel(LogLevel.WARN)
+ * ```
+ */
+class DefaultLogger {
+    constructor() {
+        this.minLevel = LogLevel.ERROR;
+    }
+    /**
+     * Set the minimum log level
+     */
+    setLevel(level) {
+        this.minLevel = level;
+    }
+    /**
+     * Internal log method
+     */
+    log(level, message, error, context) {
+        if (level < this.minLevel) {
+            return;
+        }
+        const entry = {
+            level,
+            message,
+            timestamp: Date.now(),
+            context,
+            error,
+        };
+        // In production, this could send to a logging service
+        // For now, use console with structured output
+        // Note: Sensitive data (encryption keys, seeds, etc.) should never be logged
+        // The logger only logs error messages and metadata, never the actual stored values
+        const logMessage = JSON.stringify(entry, null, 2);
+        if (level >= LogLevel.ERROR) {
+            console.error(logMessage);
+        }
+        else if (level >= LogLevel.WARN) {
+            console.warn(logMessage);
+        }
+        else {
+            console.log(logMessage);
+        }
+    }
+    debug(message, context) {
+        this.log(LogLevel.DEBUG, message, undefined, context);
+    }
+    info(message, context) {
+        this.log(LogLevel.INFO, message, undefined, context);
+    }
+    warn(message, context) {
+        this.log(LogLevel.WARN, message, undefined, context);
+    }
+    error(message, error, context) {
+        this.log(LogLevel.ERROR, message, error, context);
+    }
+}
+/**
+ * Default logger instance
+ */
+exports.defaultLogger = new DefaultLogger();

package/dist/secureStorage.d.ts

@@ -0,0 +1,104 @@
+import { Logger } from './logger';
+/**
+ * Authentication options for biometric prompts
+ */
+export interface AuthenticationOptions {
+    promptMessage?: string;
+    cancelLabel?: string;
+    disableDeviceFallback?: boolean;
+}
+/**
+ * Options for a single secure storage item
+ */
+export interface SecureStorageItemOptions {
+    requireBiometrics?: boolean;
+}
+/**
+ * Options for creating secure storage instance
+ */
+export interface SecureStorageOptions {
+    logger?: Logger;
+    authentication?: AuthenticationOptions;
+    timeoutMs?: number;
+}
+/**
+ * Secure storage interface
+ *
+ * All methods accept an optional identifier parameter to support multiple wallets.
+ * When identifier is provided, it's used to create unique storage keys for each wallet.
+ * When identifier is undefined or empty, default keys are used (backward compatibility).
+ *
+ * Error Handling:
+ * - Getters return null when data is not found
+ * - All methods throw SecureStorageError or subclasses on failure
+ * - Validation errors are thrown before any operations
+ */
+export interface SecureStorage {
+    isDeviceSecurityEnabled(): Promise<boolean>;
+    isBiometricAvailable(): Promise<boolean>;
+    authenticate(): Promise<boolean>;
+    setEncryptionKey(key: string, identifier?: string, options?: SecureStorageItemOptions): Promise<void>;
+    getEncryptionKey(identifier?: string, options?: SecureStorageItemOptions): Promise<string | null>;
+    setEncryptedSeed(encryptedSeed: string, identifier?: string): Promise<void>;
+    getEncryptedSeed(identifier?: string): Promise<string | null>;
+    setEncryptedEntropy(encryptedEntropy: string, identifier?: string): Promise<void>;
+    getEncryptedEntropy(identifier?: string): Promise<string | null>;
+    getAllEncrypted(identifier?: string): Promise<{
+        encryptedSeed: string | null;
+        encryptedEntropy: string | null;
+        encryptionKey: string | null;
+    }>;
+    hasWallet(identifier?: string): Promise<boolean>;
+    deleteWallet(identifier?: string): Promise<void>;
+    /**
+     * Cleanup method to release resources associated with this storage instance
+     *
+     * This method should be called when the storage instance is no longer needed
+     * to ensure proper cleanup of resources. Note that this does NOT delete stored
+     * wallet data - use deleteWallet() for that purpose.
+     *
+     * Currently, this is a no-op as the module uses shared resources, but it's
+     * provided for future extensibility and to maintain a consistent API.
+     */
+    cleanup(): void;
+}
+/**
+ * Secure storage wrapper factory for wallet credentials
+ *
+ * Uses react-native-keychain which provides encrypted storage with selective cloud sync.
+ * Creates a new instance each time it's called, allowing different configurations
+ * for different use cases. For most apps, you should create one instance and reuse it.
+ *
+ * SECURITY:
+ * - Storage is app-scoped by the OS (isolated by bundle ID/package name)
+ * - iOS: Uses Keychain Services with iCloud Keychain sync (when user signed into iCloud)
+ * - Android: Uses KeyStore with Google Cloud backup (when device backup enabled)
+ * - Data is ALWAYS encrypted at rest by Keychain (iOS) / KeyStore (Android)
+ * - Cloud sync behavior:
+ *   - Encryption key: ACCESSIBLE.WHEN_UNLOCKED enables iCloud Keychain sync (iOS) and Google Cloud backup (Android)
+ *   - Encrypted seed and entropy: ACCESSIBLE.WHEN_UNLOCKED_THIS_DEVICE_ONLY prevents cloud sync (device-only storage)
+ * - Data is encrypted by Apple/Google's E2EE infrastructure
+ * - Encryption key requires device unlock + biometric/PIN authentication to access (when available)
+ * - Encrypted seed and entropy do not require authentication but are still encrypted at rest
+ * - On devices without authentication, data is still encrypted at rest but accessible when device is unlocked
+ * - Device-level keychain/keystore provides rate limiting and lockout mechanisms
+ * - Input validation prevents injection attacks
+ *
+ * Two different apps will NOT share data because storage is isolated by bundle ID/package name.
+ *
+ * @param options - Optional configuration for logger, authentication messages, and timeouts
+ * @returns SecureStorage instance
+ *
+ * @example
+ * ```typescript
+ * const storage = createSecureStorage({
+ *   logger: customLogger,
+ *   authentication: {
+ *     promptMessage: 'Authenticate to access wallet',
+ *   },
+ *   timeoutMs: 30000,
+ * })
+ * ```
+ */
+export declare function createSecureStorage(options?: SecureStorageOptions): SecureStorage;
+//# sourceMappingURL=secureStorage.d.ts.map

package/dist/secureStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secureStorage.d.ts","sourceRoot":"","sources":["../src/secureStorage.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,MAAM,EAAiB,MAAM,UAAU,CAAA;AAoBhD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,qBAAqB,CAAC,EAAE,OAAO,CAAA;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,cAAc,CAAC,EAAE,qBAAqB,CAAA;IACtC,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,aAAa;IAC5B,uBAAuB,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;IAC3C,oBAAoB,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;IACxC,YAAY,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;IAChC,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACrG,gBAAgB,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,wBAAwB,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IACjG,gBAAgB,CAAC,aAAa,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC3E,gBAAgB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IAC7D,mBAAmB,CAAC,gBAAgB,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACjF,mBAAmB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IAChE,eAAe,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAC5C,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;QAC5B,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAA;QAC/B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;KAC7B,CAAC,CAAA;IACF,SAAS,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAChD,YAAY,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAChD;;;;;;;;;OASG;IACH,OAAO,IAAI,IAAI,CAAA;CAChB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE,oBAAoB,GAAG,aAAa,CAsjBjF"}