@thru/passkey-manager 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/README.md +150 -0
  2. package/dist/index.cjs +6800 -0
  3. package/dist/index.cjs.map +1 -0
  4. package/dist/index.d.cts +201 -0
  5. package/dist/index.d.ts +201 -0
  6. package/dist/index.js +6734 -0
  7. package/dist/index.js.map +1 -0
  8. package/package.json +27 -0
  9. package/src/abi/thru/blockchain/state_proof/types.ts +1667 -0
  10. package/src/abi/thru/common/primitives/types.ts +2191 -0
  11. package/src/abi/thru/program/passkey_manager/types.ts +4392 -0
  12. package/src/accounts.ts +26 -0
  13. package/src/challenge.ts +39 -0
  14. package/src/constants.ts +14 -0
  15. package/src/context.ts +112 -0
  16. package/src/crypto.ts +80 -0
  17. package/src/encoding.ts +67 -0
  18. package/src/index.ts +73 -0
  19. package/src/instructions/add-authority.ts +21 -0
  20. package/src/instructions/create.ts +54 -0
  21. package/src/instructions/invoke.ts +25 -0
  22. package/src/instructions/remove-authority.ts +20 -0
  23. package/src/instructions/shared.ts +12 -0
  24. package/src/instructions/transfer.ts +30 -0
  25. package/src/instructions/validate.ts +33 -0
  26. package/src/seeds.ts +47 -0
  27. package/src/types.ts +92 -0
  28. package/tsconfig.json +9 -0
  29. package/tsup.config.ts +11 -0
package/dist/index.d.cts ADDED
@@ -0,0 +1,201 @@
1
+ declare const PASSKEY_MANAGER_PROGRAM_ADDRESS = "taNiWOgcxRz2DYI1Vbp6AOMdiEbC9nYwXd02dQJ4jnUUpF";
2
+ declare const INSTRUCTION_CREATE = 0;
3
+ declare const INSTRUCTION_VALIDATE = 1;
4
+ declare const INSTRUCTION_TRANSFER = 2;
5
+ declare const INSTRUCTION_INVOKE = 3;
6
+ declare const INSTRUCTION_ADD_AUTHORITY = 4;
7
+ declare const INSTRUCTION_REMOVE_AUTHORITY = 5;
8
+ declare const AUTHORITY_TAG_PASSKEY = 1;
9
+ declare const AUTHORITY_TAG_PUBKEY = 2;
10
+
11
+ /**
12
+ * Result of passkey registration (credential creation).
13
+ */
14
+ interface PasskeyRegistrationResult {
15
+ credentialId: string;
16
+ publicKeyX: string;
17
+ publicKeyY: string;
18
+ rpId: string;
19
+ }
20
+ /**
21
+ * Result of passkey signing (assertion).
22
+ */
23
+ interface PasskeySigningResult {
24
+ signature: Uint8Array;
25
+ authenticatorData: Uint8Array;
26
+ clientDataJSON: Uint8Array;
27
+ signatureR: Uint8Array;
28
+ signatureS: Uint8Array;
29
+ }
30
+ /**
31
+ * Signing result with discoverable credential info.
32
+ */
33
+ interface PasskeyDiscoverableSigningResult extends PasskeySigningResult {
34
+ credentialId: string;
35
+ rpId: string;
36
+ }
37
+ /**
38
+ * Passkey metadata stored locally (the actual private key lives in the device's secure enclave).
39
+ */
40
+ interface PasskeyMetadata {
41
+ credentialId: string;
42
+ publicKeyX: string;
43
+ publicKeyY: string;
44
+ rpId: string;
45
+ label?: string;
46
+ createdAt: string;
47
+ lastUsedAt: string;
48
+ }
49
+ type Authority = {
50
+ tag: 1;
51
+ pubkeyX: Uint8Array;
52
+ pubkeyY: Uint8Array;
53
+ } | {
54
+ tag: 2;
55
+ pubkey: Uint8Array;
56
+ };
57
+ interface CreateInstructionParams {
58
+ walletAccountIdx: number;
59
+ authority: Authority;
60
+ seed: Uint8Array;
61
+ stateProof: Uint8Array;
62
+ }
63
+ interface TransferInstructionParams {
64
+ walletAccountIdx: number;
65
+ toAccountIdx: number;
66
+ amount: bigint;
67
+ }
68
+ interface ValidateInstructionParams {
69
+ walletAccountIdx: number;
70
+ authIdx: number;
71
+ signatureR: Uint8Array;
72
+ signatureS: Uint8Array;
73
+ authenticatorData: Uint8Array;
74
+ clientDataJSON: Uint8Array;
75
+ }
76
+ interface AccountContext {
77
+ readWriteAddresses: string[];
78
+ readOnlyAddresses: string[];
79
+ accountAddresses: string[];
80
+ walletAccountIdx: number;
81
+ getAccountIndex: (pubkey: Uint8Array) => number;
82
+ }
83
+ type WalletSigner = {
84
+ signTransaction: (payloadBase64: string) => Promise<string>;
85
+ };
86
+ type TransactionExecutionSummary = {
87
+ executionResult?: bigint | number | null;
88
+ userErrorCode?: bigint | number | null;
89
+ vmError?: number | string | bigint | null;
90
+ };
91
+
92
+ declare function encodeCreateInstruction(params: CreateInstructionParams): Uint8Array;
93
+
94
+ declare function encodeValidateInstruction(params: ValidateInstructionParams): Uint8Array;
95
+
96
+ declare function encodeTransferInstruction(params: TransferInstructionParams): Uint8Array;
97
+
98
+ declare function encodeInvokeInstruction(programPubkey: Uint8Array, instruction: Uint8Array): Uint8Array;
99
+
100
+ declare function encodeAddAuthorityInstruction(params: {
101
+ authority: Authority;
102
+ }): Uint8Array;
103
+
104
+ declare function encodeRemoveAuthorityInstruction(params: {
105
+ authIdx: number;
106
+ }): Uint8Array;
107
+
108
+ declare function concatenateInstructions(instructions: Uint8Array[]): Uint8Array;
109
+
110
+ /**
111
+ * Create challenge for VALIDATE instruction.
112
+ * SHA256(nonce || account_0 || account_1 || ... || trailing_instruction_bytes)
113
+ */
114
+ declare function createValidateChallenge(nonce: bigint, accountAddresses: string[], trailingInstructionData: Uint8Array): Promise<Uint8Array>;
115
+
116
+ /**
117
+ * Create a 32-byte seed from wallet name and passkey coordinates.
118
+ * SHA-256(walletName || pubkey_x || pubkey_y)
119
+ */
120
+ declare function createWalletSeed(walletName: string, pubkeyX: Uint8Array, pubkeyY: Uint8Array): Promise<Uint8Array>;
121
+ /**
122
+ * Derive wallet account address from seed using proper PDA derivation.
123
+ * SHA256(program_address || is_ephemeral || seed)
124
+ */
125
+ declare function deriveWalletAddress(seed: Uint8Array, programAddress: string): Promise<Uint8Array>;
126
+
127
+ /**
128
+ * Default fee payer address (manager profile).
129
+ */
130
+ declare const FEE_PAYER_ADDRESS = "taVcZv3wB2m-euBpMHm2rF9fQRY_fO_g7WdOjs70CxDh_S";
131
+ /**
132
+ * Build account context for passkey manager transactions.
133
+ * Handles account deduplication, sorting, and index lookup.
134
+ */
135
+ declare function buildAccountContext(params: {
136
+ walletAddress: string;
137
+ readWriteAccounts: Uint8Array[];
138
+ readOnlyAccounts: Uint8Array[];
139
+ feePayerAddress?: string;
140
+ programAddress?: string;
141
+ }): AccountContext;
142
+ /**
143
+ * Build read-write accounts list for passkey manager transactions (simpler wallet-only version).
144
+ */
145
+ declare function buildPasskeyReadWriteAccounts(userAccounts: Uint8Array[], feePayerPublicKey: Uint8Array, programAddress: Uint8Array): {
146
+ readWriteAddresses: string[];
147
+ findAccountIndex: (target: Uint8Array) => number;
148
+ };
149
+
150
+ /**
151
+ * Parse wallet account data to extract nonce.
152
+ */
153
+ declare function parseWalletNonce(data: Uint8Array): bigint;
154
+ /**
155
+ * Fetch wallet nonce from the chain.
156
+ * Takes an SDK-like object with accounts.get() method.
157
+ */
158
+ declare function fetchWalletNonce(sdk: {
159
+ accounts: {
160
+ get: (address: string) => Promise<{
161
+ data?: {
162
+ data?: Uint8Array;
163
+ };
164
+ }>;
165
+ };
166
+ }, walletAddress: string): Promise<bigint>;
167
+
168
+ /**
169
+ * P-256 curve order and half-order for low-S normalization.
170
+ */
171
+ declare const P256_N = 115792089210356248762697446949407573529996955224135760342422259061068512044369n;
172
+ declare const P256_HALF_N: bigint;
173
+ /**
174
+ * Parse DER-encoded ECDSA signature to get r and s components.
175
+ */
176
+ declare function parseDerSignature(der: Uint8Array): {
177
+ r: Uint8Array;
178
+ s: Uint8Array;
179
+ };
180
+ /**
181
+ * Ensure S is in the lower half of the curve order (BIP-62 / SEC1 compliance).
182
+ */
183
+ declare function normalizeLowS(s: Uint8Array): Uint8Array;
184
+ /**
185
+ * Normalize signature component to exactly 32 bytes.
186
+ */
187
+ declare function normalizeSignatureComponent(component: Uint8Array): Uint8Array;
188
+ declare function bytesToBigIntBE(bytes: Uint8Array): bigint;
189
+ declare function bigIntToBytesBE(value: bigint, length: number): Uint8Array;
190
+
191
+ declare function arrayBufferToBase64Url(buffer: ArrayBuffer | SharedArrayBuffer): string;
192
+ declare function base64UrlToArrayBuffer(base64Url: string): ArrayBuffer;
193
+ declare function bytesToBase64Url(bytes: Uint8Array): string;
194
+ declare function base64UrlToBytes(base64Url: string): Uint8Array;
195
+ declare function bytesToHex(bytes: Uint8Array): string;
196
+ declare function hexToBytes(hex: string): Uint8Array;
197
+ declare function bytesEqual(a: Uint8Array, b: Uint8Array): boolean;
198
+ declare function compareBytes(a: Uint8Array, b: Uint8Array): number;
199
+ declare function uniqueAccounts(accounts: Uint8Array[]): Uint8Array[];
200
+
201
+ export { AUTHORITY_TAG_PASSKEY, AUTHORITY_TAG_PUBKEY, type AccountContext, type Authority, type CreateInstructionParams, FEE_PAYER_ADDRESS, INSTRUCTION_ADD_AUTHORITY, INSTRUCTION_CREATE, INSTRUCTION_INVOKE, INSTRUCTION_REMOVE_AUTHORITY, INSTRUCTION_TRANSFER, INSTRUCTION_VALIDATE, P256_HALF_N, P256_N, PASSKEY_MANAGER_PROGRAM_ADDRESS, type PasskeyDiscoverableSigningResult, type PasskeyMetadata, type PasskeyRegistrationResult, type PasskeySigningResult, type TransactionExecutionSummary, type TransferInstructionParams, type ValidateInstructionParams, type WalletSigner, arrayBufferToBase64Url, base64UrlToArrayBuffer, base64UrlToBytes, bigIntToBytesBE, buildAccountContext, buildPasskeyReadWriteAccounts, bytesEqual, bytesToBase64Url, bytesToBigIntBE, bytesToHex, compareBytes, concatenateInstructions, createValidateChallenge, createWalletSeed, deriveWalletAddress, encodeAddAuthorityInstruction, encodeCreateInstruction, encodeInvokeInstruction, encodeRemoveAuthorityInstruction, encodeTransferInstruction, encodeValidateInstruction, fetchWalletNonce, hexToBytes, normalizeLowS, normalizeSignatureComponent, parseDerSignature, parseWalletNonce, uniqueAccounts };
package/dist/index.d.ts ADDED
@@ -0,0 +1,201 @@
1
+ declare const PASSKEY_MANAGER_PROGRAM_ADDRESS = "taNiWOgcxRz2DYI1Vbp6AOMdiEbC9nYwXd02dQJ4jnUUpF";
2
+ declare const INSTRUCTION_CREATE = 0;
3
+ declare const INSTRUCTION_VALIDATE = 1;
4
+ declare const INSTRUCTION_TRANSFER = 2;
5
+ declare const INSTRUCTION_INVOKE = 3;
6
+ declare const INSTRUCTION_ADD_AUTHORITY = 4;
7
+ declare const INSTRUCTION_REMOVE_AUTHORITY = 5;
8
+ declare const AUTHORITY_TAG_PASSKEY = 1;
9
+ declare const AUTHORITY_TAG_PUBKEY = 2;
10
+
11
+ /**
12
+ * Result of passkey registration (credential creation).
13
+ */
14
+ interface PasskeyRegistrationResult {
15
+ credentialId: string;
16
+ publicKeyX: string;
17
+ publicKeyY: string;
18
+ rpId: string;
19
+ }
20
+ /**
21
+ * Result of passkey signing (assertion).
22
+ */
23
+ interface PasskeySigningResult {
24
+ signature: Uint8Array;
25
+ authenticatorData: Uint8Array;
26
+ clientDataJSON: Uint8Array;
27
+ signatureR: Uint8Array;
28
+ signatureS: Uint8Array;
29
+ }
30
+ /**
31
+ * Signing result with discoverable credential info.
32
+ */
33
+ interface PasskeyDiscoverableSigningResult extends PasskeySigningResult {
34
+ credentialId: string;
35
+ rpId: string;
36
+ }
37
+ /**
38
+ * Passkey metadata stored locally (the actual private key lives in the device's secure enclave).
39
+ */
40
+ interface PasskeyMetadata {
41
+ credentialId: string;
42
+ publicKeyX: string;
43
+ publicKeyY: string;
44
+ rpId: string;
45
+ label?: string;
46
+ createdAt: string;
47
+ lastUsedAt: string;
48
+ }
49
+ type Authority = {
50
+ tag: 1;
51
+ pubkeyX: Uint8Array;
52
+ pubkeyY: Uint8Array;
53
+ } | {
54
+ tag: 2;
55
+ pubkey: Uint8Array;
56
+ };
57
+ interface CreateInstructionParams {
58
+ walletAccountIdx: number;
59
+ authority: Authority;
60
+ seed: Uint8Array;
61
+ stateProof: Uint8Array;
62
+ }
63
+ interface TransferInstructionParams {
64
+ walletAccountIdx: number;
65
+ toAccountIdx: number;
66
+ amount: bigint;
67
+ }
68
+ interface ValidateInstructionParams {
69
+ walletAccountIdx: number;
70
+ authIdx: number;
71
+ signatureR: Uint8Array;
72
+ signatureS: Uint8Array;
73
+ authenticatorData: Uint8Array;
74
+ clientDataJSON: Uint8Array;
75
+ }
76
+ interface AccountContext {
77
+ readWriteAddresses: string[];
78
+ readOnlyAddresses: string[];
79
+ accountAddresses: string[];
80
+ walletAccountIdx: number;
81
+ getAccountIndex: (pubkey: Uint8Array) => number;
82
+ }
83
+ type WalletSigner = {
84
+ signTransaction: (payloadBase64: string) => Promise<string>;
85
+ };
86
+ type TransactionExecutionSummary = {
87
+ executionResult?: bigint | number | null;
88
+ userErrorCode?: bigint | number | null;
89
+ vmError?: number | string | bigint | null;
90
+ };
91
+
92
+ declare function encodeCreateInstruction(params: CreateInstructionParams): Uint8Array;
93
+
94
+ declare function encodeValidateInstruction(params: ValidateInstructionParams): Uint8Array;
95
+
96
+ declare function encodeTransferInstruction(params: TransferInstructionParams): Uint8Array;
97
+
98
+ declare function encodeInvokeInstruction(programPubkey: Uint8Array, instruction: Uint8Array): Uint8Array;
99
+
100
+ declare function encodeAddAuthorityInstruction(params: {
101
+ authority: Authority;
102
+ }): Uint8Array;
103
+
104
+ declare function encodeRemoveAuthorityInstruction(params: {
105
+ authIdx: number;
106
+ }): Uint8Array;
107
+
108
+ declare function concatenateInstructions(instructions: Uint8Array[]): Uint8Array;
109
+
110
+ /**
111
+ * Create challenge for VALIDATE instruction.
112
+ * SHA256(nonce || account_0 || account_1 || ... || trailing_instruction_bytes)
113
+ */
114
+ declare function createValidateChallenge(nonce: bigint, accountAddresses: string[], trailingInstructionData: Uint8Array): Promise<Uint8Array>;
115
+
116
+ /**
117
+ * Create a 32-byte seed from wallet name and passkey coordinates.
118
+ * SHA-256(walletName || pubkey_x || pubkey_y)
119
+ */
120
+ declare function createWalletSeed(walletName: string, pubkeyX: Uint8Array, pubkeyY: Uint8Array): Promise<Uint8Array>;
121
+ /**
122
+ * Derive wallet account address from seed using proper PDA derivation.
123
+ * SHA256(program_address || is_ephemeral || seed)
124
+ */
125
+ declare function deriveWalletAddress(seed: Uint8Array, programAddress: string): Promise<Uint8Array>;
126
+
127
+ /**
128
+ * Default fee payer address (manager profile).
129
+ */
130
+ declare const FEE_PAYER_ADDRESS = "taVcZv3wB2m-euBpMHm2rF9fQRY_fO_g7WdOjs70CxDh_S";
131
+ /**
132
+ * Build account context for passkey manager transactions.
133
+ * Handles account deduplication, sorting, and index lookup.
134
+ */
135
+ declare function buildAccountContext(params: {
136
+ walletAddress: string;
137
+ readWriteAccounts: Uint8Array[];
138
+ readOnlyAccounts: Uint8Array[];
139
+ feePayerAddress?: string;
140
+ programAddress?: string;
141
+ }): AccountContext;
142
+ /**
143
+ * Build read-write accounts list for passkey manager transactions (simpler wallet-only version).
144
+ */
145
+ declare function buildPasskeyReadWriteAccounts(userAccounts: Uint8Array[], feePayerPublicKey: Uint8Array, programAddress: Uint8Array): {
146
+ readWriteAddresses: string[];
147
+ findAccountIndex: (target: Uint8Array) => number;
148
+ };
149
+
150
+ /**
151
+ * Parse wallet account data to extract nonce.
152
+ */
153
+ declare function parseWalletNonce(data: Uint8Array): bigint;
154
+ /**
155
+ * Fetch wallet nonce from the chain.
156
+ * Takes an SDK-like object with accounts.get() method.
157
+ */
158
+ declare function fetchWalletNonce(sdk: {
159
+ accounts: {
160
+ get: (address: string) => Promise<{
161
+ data?: {
162
+ data?: Uint8Array;
163
+ };
164
+ }>;
165
+ };
166
+ }, walletAddress: string): Promise<bigint>;
167
+
168
+ /**
169
+ * P-256 curve order and half-order for low-S normalization.
170
+ */
171
+ declare const P256_N = 115792089210356248762697446949407573529996955224135760342422259061068512044369n;
172
+ declare const P256_HALF_N: bigint;
173
+ /**
174
+ * Parse DER-encoded ECDSA signature to get r and s components.
175
+ */
176
+ declare function parseDerSignature(der: Uint8Array): {
177
+ r: Uint8Array;
178
+ s: Uint8Array;
179
+ };
180
+ /**
181
+ * Ensure S is in the lower half of the curve order (BIP-62 / SEC1 compliance).
182
+ */
183
+ declare function normalizeLowS(s: Uint8Array): Uint8Array;
184
+ /**
185
+ * Normalize signature component to exactly 32 bytes.
186
+ */
187
+ declare function normalizeSignatureComponent(component: Uint8Array): Uint8Array;
188
+ declare function bytesToBigIntBE(bytes: Uint8Array): bigint;
189
+ declare function bigIntToBytesBE(value: bigint, length: number): Uint8Array;
190
+
191
+ declare function arrayBufferToBase64Url(buffer: ArrayBuffer | SharedArrayBuffer): string;
192
+ declare function base64UrlToArrayBuffer(base64Url: string): ArrayBuffer;
193
+ declare function bytesToBase64Url(bytes: Uint8Array): string;
194
+ declare function base64UrlToBytes(base64Url: string): Uint8Array;
195
+ declare function bytesToHex(bytes: Uint8Array): string;
196
+ declare function hexToBytes(hex: string): Uint8Array;
197
+ declare function bytesEqual(a: Uint8Array, b: Uint8Array): boolean;
198
+ declare function compareBytes(a: Uint8Array, b: Uint8Array): number;
199
+ declare function uniqueAccounts(accounts: Uint8Array[]): Uint8Array[];
200
+
201
+ export { AUTHORITY_TAG_PASSKEY, AUTHORITY_TAG_PUBKEY, type AccountContext, type Authority, type CreateInstructionParams, FEE_PAYER_ADDRESS, INSTRUCTION_ADD_AUTHORITY, INSTRUCTION_CREATE, INSTRUCTION_INVOKE, INSTRUCTION_REMOVE_AUTHORITY, INSTRUCTION_TRANSFER, INSTRUCTION_VALIDATE, P256_HALF_N, P256_N, PASSKEY_MANAGER_PROGRAM_ADDRESS, type PasskeyDiscoverableSigningResult, type PasskeyMetadata, type PasskeyRegistrationResult, type PasskeySigningResult, type TransactionExecutionSummary, type TransferInstructionParams, type ValidateInstructionParams, type WalletSigner, arrayBufferToBase64Url, base64UrlToArrayBuffer, base64UrlToBytes, bigIntToBytesBE, buildAccountContext, buildPasskeyReadWriteAccounts, bytesEqual, bytesToBase64Url, bytesToBigIntBE, bytesToHex, compareBytes, concatenateInstructions, createValidateChallenge, createWalletSeed, deriveWalletAddress, encodeAddAuthorityInstruction, encodeCreateInstruction, encodeInvokeInstruction, encodeRemoveAuthorityInstruction, encodeTransferInstruction, encodeValidateInstruction, fetchWalletNonce, hexToBytes, normalizeLowS, normalizeSignatureComponent, parseDerSignature, parseWalletNonce, uniqueAccounts };