@thru/passkey-manager 0.2.1

package/src/accounts.ts

@@ -0,0 +1,26 @@
+import { WalletAccount } from './abi/thru/program/passkey_manager/types';
+
+/**
+ * Parse wallet account data to extract nonce.
+ */
+export function parseWalletNonce(data: Uint8Array): bigint {
+  const account = WalletAccount.from_array(data);
+  if (!account) return 0n;
+  return account.get_nonce();
+}
+
+/**
+ * Fetch wallet nonce from the chain.
+ * Takes an SDK-like object with accounts.get() method.
+ */
+export async function fetchWalletNonce(
+  sdk: { accounts: { get: (address: string) => Promise<{ data?: { data?: Uint8Array } }> } },
+  walletAddress: string
+): Promise<bigint> {
+  const account = await sdk.accounts.get(walletAddress);
+  const data = account.data?.data;
+  if (!data) return 0n;
+  const parsed = WalletAccount.from_array(data);
+  if (!parsed) return 0n;
+  return parsed.get_nonce();
+}

package/src/challenge.ts

@@ -0,0 +1,39 @@
+/**
+ * Create challenge for VALIDATE instruction.
+ * SHA256(nonce || account_0 || account_1 || ... || trailing_instruction_bytes)
+ */
+export async function createValidateChallenge(
+  nonce: bigint,
+  accountAddresses: string[],
+  trailingInstructionData: Uint8Array
+): Promise<Uint8Array> {
+  const encoder = new TextEncoder();
+  const accountBytes = accountAddresses.map((address) => {
+    return encoder.encode(address);
+  });
+
+  const totalSize =
+    accountBytes.reduce((sum, bytes) => sum + bytes.length, 8) +
+    trailingInstructionData.length;
+  const challengeData = new Uint8Array(totalSize);
+
+  let offset = 0;
+
+  // Write nonce as little-endian u64
+  let v = nonce;
+  for (let i = 0; i < 8; i++) {
+    challengeData[offset + i] = Number(v & 0xffn);
+    v >>= 8n;
+  }
+  offset += 8;
+
+  for (const bytes of accountBytes) {
+    challengeData.set(bytes, offset);
+    offset += bytes.length;
+  }
+
+  challengeData.set(trailingInstructionData, offset);
+
+  const hashBuffer = await crypto.subtle.digest('SHA-256', challengeData);
+  return new Uint8Array(hashBuffer);
+}

package/src/constants.ts

@@ -0,0 +1,14 @@
+export const PASSKEY_MANAGER_PROGRAM_ADDRESS =
+  'taNiWOgcxRz2DYI1Vbp6AOMdiEbC9nYwXd02dQJ4jnUUpF';
+
+// Instruction discriminants
+export const INSTRUCTION_CREATE = 0x00;
+export const INSTRUCTION_VALIDATE = 0x01;
+export const INSTRUCTION_TRANSFER = 0x02;
+export const INSTRUCTION_INVOKE = 0x03;
+export const INSTRUCTION_ADD_AUTHORITY = 0x04;
+export const INSTRUCTION_REMOVE_AUTHORITY = 0x05;
+
+// Authority tags
+export const AUTHORITY_TAG_PASSKEY = 1;
+export const AUTHORITY_TAG_PUBKEY = 2;

package/src/context.ts

@@ -0,0 +1,112 @@
+import { encodeAddress, decodeAddress } from '@thru/helpers';
+import { bytesEqual, compareBytes, uniqueAccounts } from './encoding';
+import { PASSKEY_MANAGER_PROGRAM_ADDRESS } from './constants';
+import type { AccountContext } from './types';
+
+/**
+ * Default fee payer address (manager profile).
+ */
+export const FEE_PAYER_ADDRESS =
+  'taVcZv3wB2m-euBpMHm2rF9fQRY_fO_g7WdOjs70CxDh_S';
+
+/**
+ * Build account context for passkey manager transactions.
+ * Handles account deduplication, sorting, and index lookup.
+ */
+export function buildAccountContext(params: {
+  walletAddress: string;
+  readWriteAccounts: Uint8Array[];
+  readOnlyAccounts: Uint8Array[];
+  feePayerAddress?: string;
+  programAddress?: string;
+}): AccountContext {
+  const feePayerBytes = decodeAddress(params.feePayerAddress ?? FEE_PAYER_ADDRESS);
+  const programBytes = decodeAddress(params.programAddress ?? PASSKEY_MANAGER_PROGRAM_ADDRESS);
+  const walletBytes = decodeAddress(params.walletAddress);
+
+  const readWriteBytes = uniqueAccounts([walletBytes, ...params.readWriteAccounts])
+    .filter(
+      (addr) => !bytesEqual(addr, feePayerBytes) && !bytesEqual(addr, programBytes)
+    )
+    .sort(compareBytes);
+
+  const readOnlyBytes = uniqueAccounts(params.readOnlyAccounts)
+    .filter(
+      (addr) =>
+        !bytesEqual(addr, feePayerBytes) &&
+        !bytesEqual(addr, programBytes) &&
+        !readWriteBytes.some((candidate) => bytesEqual(candidate, addr))
+    )
+    .sort(compareBytes);
+
+  const readWriteAddresses = readWriteBytes.map(encodeAddress);
+  const readOnlyAddresses = readOnlyBytes.map(encodeAddress);
+
+  const accountAddresses = [
+    encodeAddress(feePayerBytes),
+    encodeAddress(programBytes),
+    ...readWriteAddresses,
+    ...readOnlyAddresses,
+  ];
+
+  const findIndex = (target: Uint8Array): number => {
+    if (bytesEqual(target, feePayerBytes)) return 0;
+    if (bytesEqual(target, programBytes)) return 1;
+
+    const rwIndex = readWriteBytes.findIndex((candidate) => bytesEqual(candidate, target));
+    if (rwIndex >= 0) return rwIndex + 2;
+
+    const roIndex = readOnlyBytes.findIndex((candidate) => bytesEqual(candidate, target));
+    if (roIndex >= 0) return roIndex + 2 + readWriteBytes.length;
+
+    return -1;
+  };
+
+  const walletAccountIdx = findIndex(walletBytes);
+  if (walletAccountIdx < 2) {
+    throw new Error('Wallet account must be a non-fee-payer account');
+  }
+
+  return {
+    readWriteAddresses,
+    readOnlyAddresses,
+    accountAddresses,
+    walletAccountIdx,
+    getAccountIndex: (pubkey: Uint8Array) => {
+      const idx = findIndex(pubkey);
+      if (idx < 0) {
+        throw new Error('Account not found in transaction accounts');
+      }
+      return idx;
+    },
+  };
+}
+
+/**
+ * Build read-write accounts list for passkey manager transactions (simpler wallet-only version).
+ */
+export function buildPasskeyReadWriteAccounts(
+  userAccounts: Uint8Array[],
+  feePayerPublicKey: Uint8Array,
+  programAddress: Uint8Array
+): {
+  readWriteAddresses: string[];
+  findAccountIndex: (target: Uint8Array) => number;
+} {
+  const sortedUserAccounts = uniqueAccounts(userAccounts).sort(compareBytes);
+  const filteredUserAccounts = sortedUserAccounts.filter(
+    (addr) => !bytesEqual(addr, feePayerPublicKey) && !bytesEqual(addr, programAddress)
+  );
+  const readWriteAddresses = filteredUserAccounts.map((addr) => encodeAddress(addr));
+
+  const findAccountIndex = (target: Uint8Array): number => {
+    if (bytesEqual(target, feePayerPublicKey)) return 0;
+    if (bytesEqual(target, programAddress)) return 1;
+    for (let i = 0; i < filteredUserAccounts.length; i++) {
+      if (bytesEqual(filteredUserAccounts[i], target)) return i + 2;
+    }
+    return -1;
+  };
+
+  return { readWriteAddresses, findAccountIndex };
+}

package/src/crypto.ts

@@ -0,0 +1,80 @@
+/**
+ * P-256 curve order and half-order for low-S normalization.
+ */
+export const P256_N =
+  0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551n;
+export const P256_HALF_N = P256_N >> 1n;
+
+/**
+ * Parse DER-encoded ECDSA signature to get r and s components.
+ */
+export function parseDerSignature(der: Uint8Array): { r: Uint8Array; s: Uint8Array } {
+  if (der[0] !== 0x30) throw new Error('Invalid DER signature');
+
+  let offset = 2;
+
+  if (der[offset] !== 0x02) throw new Error('Invalid DER signature');
+  offset++;
+
+  const rLen = der[offset++];
+  let r: Uint8Array = der.slice(offset, offset + rLen);
+  offset += rLen;
+
+  if (der[offset] !== 0x02) throw new Error('Invalid DER signature');
+  offset++;
+
+  const sLen = der[offset++];
+  let s: Uint8Array = der.slice(offset, offset + sLen);
+
+  r = normalizeSignatureComponent(r);
+  s = normalizeSignatureComponent(s);
+
+  return { r, s };
+}
+
+/**
+ * Ensure S is in the lower half of the curve order (BIP-62 / SEC1 compliance).
+ */
+export function normalizeLowS(s: Uint8Array): Uint8Array {
+  const sValue = bytesToBigIntBE(s);
+  if (sValue > P256_HALF_N) {
+    return bigIntToBytesBE(P256_N - sValue, 32);
+  }
+  return s;
+}
+
+/**
+ * Normalize signature component to exactly 32 bytes.
+ */
+export function normalizeSignatureComponent(component: Uint8Array): Uint8Array {
+  if (component.length === 32) return component;
+
+  if (component.length > 32) {
+    if (component[0] === 0x00 && component.length === 33) {
+      return component.slice(1);
+    }
+    throw new Error('Invalid signature component length');
+  }
+
+  const normalized = new Uint8Array(32);
+  normalized.set(component, 32 - component.length);
+  return normalized;
+}
+
+export function bytesToBigIntBE(bytes: Uint8Array): bigint {
+  let value = 0n;
+  for (const byte of bytes) {
+    value = (value << 8n) | BigInt(byte);
+  }
+  return value;
+}
+
+export function bigIntToBytesBE(value: bigint, length: number): Uint8Array {
+  const out = new Uint8Array(length);
+  let v = value;
+  for (let i = length - 1; i >= 0; i--) {
+    out[i] = Number(v & 0xffn);
+    v >>= 8n;
+  }
+  return out;
+}

package/src/encoding.ts

@@ -0,0 +1,67 @@
+export function arrayBufferToBase64Url(buffer: ArrayBuffer | SharedArrayBuffer): string {
+  const bytes = new Uint8Array(buffer);
+  let base64 = '';
+  for (let i = 0; i < bytes.length; i++) {
+    base64 += String.fromCharCode(bytes[i]);
+  }
+  return btoa(base64).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+
+export function base64UrlToArrayBuffer(base64Url: string): ArrayBuffer {
+  const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
+  const padded = base64.padEnd(base64.length + ((4 - (base64.length % 4)) % 4), '=');
+  const binary = atob(padded);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes.buffer;
+}
+
+export function bytesToBase64Url(bytes: Uint8Array): string {
+  const slice = bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength);
+  return arrayBufferToBase64Url(slice);
+}
+
+export function base64UrlToBytes(base64Url: string): Uint8Array {
+  return new Uint8Array(base64UrlToArrayBuffer(base64Url));
+}
+
+export function bytesToHex(bytes: Uint8Array): string {
+  return Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('');
+}
+
+export function hexToBytes(hex: string): Uint8Array {
+  const normalized = hex.startsWith('0x') ? hex.slice(2) : hex;
+  const bytes = new Uint8Array(normalized.length / 2);
+  for (let i = 0; i < bytes.length; i++) {
+    bytes[i] = parseInt(normalized.slice(i * 2, i * 2 + 2), 16);
+  }
+  return bytes;
+}
+
+export function bytesEqual(a: Uint8Array, b: Uint8Array): boolean {
+  if (a.length !== b.length) return false;
+  for (let i = 0; i < a.length; i++) {
+    if (a[i] !== b[i]) return false;
+  }
+  return true;
+}
+
+export function compareBytes(a: Uint8Array, b: Uint8Array): number {
+  const len = Math.min(a.length, b.length);
+  for (let i = 0; i < len; i++) {
+    if (a[i] !== b[i]) return a[i] - b[i];
+  }
+  return a.length - b.length;
+}
+
+export function uniqueAccounts(accounts: Uint8Array[]): Uint8Array[] {
+  const unique: Uint8Array[] = [];
+  for (const account of accounts) {
+    if (!unique.some((candidate) => bytesEqual(candidate, account))) {
+      unique.push(account);
+    }
+  }
+  return unique;
+}

package/src/index.ts

@@ -0,0 +1,73 @@
+// Constants
+export {
+  PASSKEY_MANAGER_PROGRAM_ADDRESS,
+  INSTRUCTION_CREATE,
+  INSTRUCTION_VALIDATE,
+  INSTRUCTION_TRANSFER,
+  INSTRUCTION_INVOKE,
+  INSTRUCTION_ADD_AUTHORITY,
+  INSTRUCTION_REMOVE_AUTHORITY,
+  AUTHORITY_TAG_PASSKEY,
+  AUTHORITY_TAG_PUBKEY,
+} from './constants';
+
+// Types
+export type {
+  Authority,
+  CreateInstructionParams,
+  TransferInstructionParams,
+  ValidateInstructionParams,
+  AccountContext,
+  WalletSigner,
+  TransactionExecutionSummary,
+  PasskeyMetadata,
+  PasskeyRegistrationResult,
+  PasskeySigningResult,
+  PasskeyDiscoverableSigningResult,
+} from './types';
+
+// Instructions
+export { encodeCreateInstruction } from './instructions/create';
+export { encodeValidateInstruction } from './instructions/validate';
+export { encodeTransferInstruction } from './instructions/transfer';
+export { encodeInvokeInstruction } from './instructions/invoke';
+export { encodeAddAuthorityInstruction } from './instructions/add-authority';
+export { encodeRemoveAuthorityInstruction } from './instructions/remove-authority';
+export { concatenateInstructions } from './instructions/shared';
+
+// Challenge
+export { createValidateChallenge } from './challenge';
+
+// Seeds & derivation
+export { createWalletSeed, deriveWalletAddress } from './seeds';
+
+// Account context building
+export { buildAccountContext, buildPasskeyReadWriteAccounts, FEE_PAYER_ADDRESS } from './context';
+
+// Account parsing
+export { parseWalletNonce, fetchWalletNonce } from './accounts';
+
+// Crypto (platform-agnostic P-256 / DER utilities)
+export {
+  parseDerSignature,
+  normalizeLowS,
+  normalizeSignatureComponent,
+  P256_N,
+  P256_HALF_N,
+  bytesToBigIntBE,
+  bigIntToBytesBE,
+} from './crypto';
+
+// Encoding (platform-agnostic byte/base64/hex utilities)
+export {
+  arrayBufferToBase64Url,
+  base64UrlToArrayBuffer,
+  bytesToBase64Url,
+  base64UrlToBytes,
+  bytesToHex,
+  hexToBytes,
+  bytesEqual,
+  compareBytes,
+  uniqueAccounts,
+} from './encoding';
+

package/src/instructions/add-authority.ts

@@ -0,0 +1,21 @@
+import type { Authority } from '../types';
+import {
+  AddAuthorityArgsBuilder,
+  PasskeyInstructionBuilder,
+} from '../abi/thru/program/passkey_manager/types';
+import { buildAuthority } from './create';
+
+export function encodeAddAuthorityInstruction(params: { authority: Authority }): Uint8Array {
+  const authorityBytes = buildAuthority(params.authority);
+
+  const argsPayload = new AddAuthorityArgsBuilder()
+    .set_authority(authorityBytes)
+    .build();
+
+  return new PasskeyInstructionBuilder()
+    .payload()
+    .select('add_authority')
+    .writePayload(argsPayload)
+    .finish()
+    .build();
+}

package/src/instructions/create.ts

@@ -0,0 +1,54 @@
+import type { Authority, CreateInstructionParams } from '../types';
+import {
+  AuthorityBuilder,
+  CreateArgsBuilder,
+  PasskeyInstructionBuilder,
+} from '../abi/thru/program/passkey_manager/types';
+
+function buildAuthority(authority: Authority): Uint8Array {
+  const data = new Array<number>(64).fill(0);
+
+  if (authority.tag === 1) {
+    if (authority.pubkeyX.length !== 32) throw new Error('pubkeyX must be 32 bytes');
+    if (authority.pubkeyY.length !== 32) throw new Error('pubkeyY must be 32 bytes');
+    for (let i = 0; i < 32; i++) data[i] = authority.pubkeyX[i];
+    for (let i = 0; i < 32; i++) data[32 + i] = authority.pubkeyY[i];
+  } else if (authority.tag === 2) {
+    if (authority.pubkey.length !== 32) throw new Error('pubkey must be 32 bytes');
+    for (let i = 0; i < 32; i++) data[i] = authority.pubkey[i];
+  } else {
+    throw new Error('Invalid authority tag');
+  }
+
+  return new AuthorityBuilder()
+    .set_tag(authority.tag)
+    .set_data(data)
+    .build();
+}
+
+export { buildAuthority };
+
+export function encodeCreateInstruction(params: CreateInstructionParams): Uint8Array {
+  const { walletAccountIdx, authority, seed, stateProof } = params;
+
+  if (seed.length !== 32) throw new Error('seed must be 32 bytes');
+  if (walletAccountIdx < 0 || walletAccountIdx > 0xffff) {
+    throw new Error('walletAccountIdx must be 0-65535');
+  }
+
+  const authorityBytes = buildAuthority(authority);
+
+  const argsPayload = new CreateArgsBuilder()
+    .set_wallet_account_idx(walletAccountIdx)
+    .set_authority(authorityBytes)
+    .set_seed(seed)
+    .set_state_proof(stateProof)
+    .build();
+
+  return new PasskeyInstructionBuilder()
+    .payload()
+    .select('create')
+    .writePayload(argsPayload)
+    .finish()
+    .build();
+}

package/src/instructions/invoke.ts

@@ -0,0 +1,25 @@
+import {
+  InvokeArgsBuilder,
+  PasskeyInstructionBuilder,
+} from '../abi/thru/program/passkey_manager/types';
+
+export function encodeInvokeInstruction(
+  programPubkey: Uint8Array,
+  instruction: Uint8Array
+): Uint8Array {
+  if (programPubkey.length !== 32) {
+    throw new Error('Program pubkey must be 32 bytes');
+  }
+
+  const argsPayload = new InvokeArgsBuilder()
+    .set_program_pubkey(programPubkey)
+    .instr().write(instruction).finish()
+    .build();
+
+  return new PasskeyInstructionBuilder()
+    .payload()
+    .select('invoke')
+    .writePayload(argsPayload)
+    .finish()
+    .build();
+}

package/src/instructions/remove-authority.ts

@@ -0,0 +1,20 @@
+import {
+  RemoveAuthorityArgsBuilder,
+  PasskeyInstructionBuilder,
+} from '../abi/thru/program/passkey_manager/types';
+
+export function encodeRemoveAuthorityInstruction(params: { authIdx: number }): Uint8Array {
+  const { authIdx } = params;
+  if (authIdx < 0 || authIdx > 0xff) throw new Error('authIdx must be 0-255');
+
+  const argsPayload = new RemoveAuthorityArgsBuilder()
+    .set_auth_idx(authIdx)
+    .build();
+
+  return new PasskeyInstructionBuilder()
+    .payload()
+    .select('remove_authority')
+    .writePayload(argsPayload)
+    .finish()
+    .build();
+}

package/src/instructions/shared.ts

@@ -0,0 +1,12 @@
+export function concatenateInstructions(instructions: Uint8Array[]): Uint8Array {
+  const totalLength = instructions.reduce((sum, instr) => sum + instr.length, 0);
+  const result = new Uint8Array(totalLength);
+
+  let offset = 0;
+  for (const instr of instructions) {
+    result.set(instr, offset);
+    offset += instr.length;
+  }
+
+  return result;
+}

package/src/instructions/transfer.ts

@@ -0,0 +1,30 @@
+import type { TransferInstructionParams } from '../types';
+import {
+  TransferArgsBuilder,
+  PasskeyInstructionBuilder,
+} from '../abi/thru/program/passkey_manager/types';
+
+export function encodeTransferInstruction(params: TransferInstructionParams): Uint8Array {
+  const { walletAccountIdx, toAccountIdx, amount } = params;
+
+  if (walletAccountIdx < 0 || walletAccountIdx > 0xffff) {
+    throw new Error('walletAccountIdx must be 0-65535');
+  }
+  if (toAccountIdx < 0 || toAccountIdx > 0xffff) {
+    throw new Error('toAccountIdx must be 0-65535');
+  }
+  if (amount < 0n) throw new Error('amount must be non-negative');
+
+  const argsPayload = new TransferArgsBuilder()
+    .set_wallet_account_idx(walletAccountIdx)
+    .set_to_account_idx(toAccountIdx)
+    .set_amount(amount as unknown as number)
+    .build();
+
+  return new PasskeyInstructionBuilder()
+    .payload()
+    .select('transfer')
+    .writePayload(argsPayload)
+    .finish()
+    .build();
+}

package/src/instructions/validate.ts

@@ -0,0 +1,33 @@
+import type { ValidateInstructionParams } from '../types';
+import {
+  ValidateArgsBuilder,
+  PasskeyInstructionBuilder,
+} from '../abi/thru/program/passkey_manager/types';
+
+export function encodeValidateInstruction(params: ValidateInstructionParams): Uint8Array {
+  const { walletAccountIdx, authIdx, signatureR, signatureS, authenticatorData, clientDataJSON } =
+    params;
+
+  if (walletAccountIdx < 0 || walletAccountIdx > 0xffff) {
+    throw new Error('walletAccountIdx must be 0-65535');
+  }
+  if (authIdx < 0 || authIdx > 0xff) throw new Error('authIdx must be 0-255');
+  if (signatureR.length !== 32) throw new Error('signatureR must be 32 bytes');
+  if (signatureS.length !== 32) throw new Error('signatureS must be 32 bytes');
+
+  const argsPayload = new ValidateArgsBuilder()
+    .set_wallet_account_idx(walletAccountIdx)
+    .set_auth_idx(authIdx)
+    .set_signature_r(signatureR)
+    .set_signature_s(signatureS)
+    .authenticator_data().write(authenticatorData).finish()
+    .client_data().write(clientDataJSON).finish()
+    .build();
+
+  return new PasskeyInstructionBuilder()
+    .payload()
+    .select('validate')
+    .writePayload(argsPayload)
+    .finish()
+    .build();
+}

package/src/seeds.ts

@@ -0,0 +1,47 @@
+import { decodeAddress } from '@thru/helpers';
+
+/**
+ * Create a 32-byte seed from wallet name and passkey coordinates.
+ * SHA-256(walletName || pubkey_x || pubkey_y)
+ */
+export async function createWalletSeed(
+  walletName: string,
+  pubkeyX: Uint8Array,
+  pubkeyY: Uint8Array
+): Promise<Uint8Array> {
+  if (pubkeyX.length !== 32) throw new Error('pubkeyX must be 32 bytes');
+  if (pubkeyY.length !== 32) throw new Error('pubkeyY must be 32 bytes');
+
+  const nameBytes = new TextEncoder().encode(walletName);
+  const data = new Uint8Array(nameBytes.length + 32 + 32);
+  data.set(nameBytes, 0);
+  data.set(pubkeyX, nameBytes.length);
+  data.set(pubkeyY, nameBytes.length + 32);
+
+  const hashBuffer = await crypto.subtle.digest('SHA-256', data);
+  return new Uint8Array(hashBuffer);
+}
+
+/**
+ * Derive wallet account address from seed using proper PDA derivation.
+ * SHA256(program_address || is_ephemeral || seed)
+ */
+export async function deriveWalletAddress(
+  seed: Uint8Array,
+  programAddress: string
+): Promise<Uint8Array> {
+  if (seed.length !== 32) {
+    throw new Error('seed must be 32 bytes');
+  }
+
+  const programBytes = decodeAddress(programAddress);
+  const isEphemeral = new Uint8Array([0]);
+
+  const preimage = new Uint8Array(32 + 1 + 32);
+  preimage.set(programBytes, 0);
+  preimage.set(isEphemeral, 32);
+  preimage.set(seed, 33);
+
+  const hashBuffer = await crypto.subtle.digest('SHA-256', preimage);
+  return new Uint8Array(hashBuffer);
+}