@thru/passkey 0.2.13 → 0.2.14

package/dist/server.cjs

@@ -0,0 +1,351 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/server/index.ts
+var server_exports = {};
+__export(server_exports, {
+  createPasskeyChallenge: () => createPasskeyChallenge,
+  createPasskeyHandlers: () => createPasskeyHandlers,
+  createPasskeyWallet: () => createPasskeyWallet,
+  submitPasskeyTransaction: () => submitPasskeyTransaction
+});
+module.exports = __toCommonJS(server_exports);
+
+// src/server/create-wallet.ts
+var import_passkey_manager = require("@thru/passkey-manager");
+
+// ../helpers/src/constants.ts
+var BASE64_URL_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+var tempMap = new Int16Array(256).fill(-1);
+for (let i = 0; i < BASE64_URL_ALPHABET.length; i++) {
+  tempMap[BASE64_URL_ALPHABET.charCodeAt(i)] = i;
+}
+
+// ../helpers/src/address.ts
+function encodeAddress(bytes) {
+  if (bytes.length !== 32) {
+    throw new Error("Expected 32-byte address");
+  }
+  let checksum = 0;
+  let accumulator = 0;
+  let bitsCollected = 0;
+  const output = ["t", "a"];
+  for (let i = 0; i < 30; i++) {
+    const byte = bytes[i];
+    checksum += byte;
+    accumulator = (accumulator << 8 | byte) >>> 0;
+    bitsCollected += 8;
+    while (bitsCollected >= 6) {
+      const index = accumulator >> bitsCollected - 6 & 63;
+      output.push(BASE64_URL_ALPHABET[index]);
+      bitsCollected -= 6;
+      accumulator &= maskForBits(bitsCollected);
+    }
+  }
+  const secondLast = bytes[30];
+  checksum += secondLast;
+  accumulator = (accumulator << 8 | secondLast) >>> 0;
+  bitsCollected += 8;
+  const last = bytes[31];
+  checksum += last;
+  accumulator = (accumulator << 8 | last) >>> 0;
+  bitsCollected += 8;
+  accumulator = (accumulator << 8 | checksum & 255) >>> 0;
+  bitsCollected += 8;
+  while (bitsCollected >= 6) {
+    const index = accumulator >> bitsCollected - 6 & 63;
+    output.push(BASE64_URL_ALPHABET[index]);
+    bitsCollected -= 6;
+    accumulator &= maskForBits(bitsCollected);
+  }
+  return output.join("");
+}
+function maskForBits(bits) {
+  return bits === 0 ? 0 : (1 << bits) - 1;
+}
+
+// src/server/utils.ts
+async function getStateProof(client, address, proofType = 1, targetSlot) {
+  const proofRequest = {
+    address,
+    proofType
+  };
+  if (targetSlot !== void 0) {
+    proofRequest.targetSlot = targetSlot;
+  }
+  const proof = await client.proofs.generate(proofRequest);
+  if (!proof.proof || proof.proof.length === 0) {
+    throw new Error(`No state proof returned for ${address}`);
+  }
+  return proof.proof;
+}
+async function trackTransaction(client, signature, timeoutMs = 5e3) {
+  try {
+    for await (const update of client.transactions.track(signature, { timeoutMs })) {
+      if (update.executionResult) {
+        return {
+          signature,
+          status: update.executionResult.userErrorCode === 0n ? "finalized" : "failed",
+          errorCode: update.executionResult.userErrorCode
+        };
+      }
+      if (update.statusCode === 3) {
+        return {
+          signature,
+          status: "finalized"
+        };
+      }
+    }
+  } catch {
+    return {
+      signature,
+      status: "timeout"
+    };
+  }
+  return {
+    signature,
+    status: "timeout"
+  };
+}
+function toThruAddress(bytes) {
+  return encodeAddress(bytes);
+}
+
+// src/server/create-wallet.ts
+async function createPasskeyWallet(opts) {
+  const walletName = opts.walletName ?? "default";
+  const seed = await (0, import_passkey_manager.createWalletSeed)(walletName, opts.pubkeyX, opts.pubkeyY);
+  const walletBytes = await (0, import_passkey_manager.deriveWalletAddress)(seed, import_passkey_manager.PASSKEY_MANAGER_PROGRAM_ADDRESS);
+  const walletAddress = toThruAddress(walletBytes);
+  let walletExists = false;
+  try {
+    await opts.client.accounts.get(walletAddress);
+    walletExists = true;
+  } catch {
+    walletExists = false;
+  }
+  if (!walletExists) {
+    const stateProof = await getStateProof(opts.client, walletAddress);
+    const accountCtx = (0, import_passkey_manager.buildAccountContext)({
+      walletAddress,
+      readWriteAccounts: [],
+      readOnlyAccounts: [],
+      feePayerAddress: opts.adminAddress,
+      programAddress: import_passkey_manager.PASSKEY_MANAGER_PROGRAM_ADDRESS
+    });
+    const createIx = (0, import_passkey_manager.encodeCreateInstruction)({
+      walletAccountIdx: accountCtx.walletAccountIdx,
+      authority: {
+        tag: 1,
+        pubkeyX: opts.pubkeyX,
+        pubkeyY: opts.pubkeyY
+      },
+      seed,
+      stateProof
+    });
+    const transaction = await opts.client.transactions.build({
+      feePayer: { publicKey: opts.adminPublicKey },
+      program: import_passkey_manager.PASSKEY_MANAGER_PROGRAM_ADDRESS,
+      instructionData: createIx,
+      accounts: {
+        readWrite: [walletAddress],
+        readOnly: []
+      },
+      header: { fee: 0n }
+    });
+    await transaction.sign(opts.adminPrivateKey);
+    const signature = await opts.client.transactions.send(transaction.toWire());
+    const result = await trackTransaction(opts.client, signature, 6e4);
+    if (result.status !== "finalized") {
+      throw new Error(
+        `Wallet creation failed with error code: ${result.errorCode ?? "unknown"}`
+      );
+    }
+  }
+  let credentialLookupAddress;
+  if (opts.credentialId) {
+    const credentialIdBytes = (0, import_passkey_manager.base64UrlToBytes)(opts.credentialId);
+    const lookupAddressBytes = await (0, import_passkey_manager.deriveCredentialLookupAddress)(
+      credentialIdBytes,
+      walletName,
+      import_passkey_manager.PASSKEY_MANAGER_PROGRAM_ADDRESS
+    );
+    credentialLookupAddress = toThruAddress(lookupAddressBytes);
+    let lookupExists = false;
+    try {
+      await opts.client.accounts.get(credentialLookupAddress);
+      lookupExists = true;
+    } catch {
+      lookupExists = false;
+    }
+    if (!lookupExists) {
+      try {
+        const credSeed = await (0, import_passkey_manager.createCredentialLookupSeed)(credentialIdBytes, walletName);
+        const stateProof = await getStateProof(opts.client, credentialLookupAddress);
+        const accountCtx = (0, import_passkey_manager.buildAccountContext)({
+          walletAddress,
+          readWriteAccounts: [lookupAddressBytes],
+          readOnlyAccounts: [],
+          feePayerAddress: opts.adminAddress,
+          programAddress: import_passkey_manager.PASSKEY_MANAGER_PROGRAM_ADDRESS
+        });
+        const registerIx = (0, import_passkey_manager.encodeRegisterCredentialInstruction)({
+          walletAccountIdx: accountCtx.walletAccountIdx,
+          lookupAccountIdx: accountCtx.getAccountIndex(lookupAddressBytes),
+          seed: credSeed,
+          stateProof
+        });
+        const transaction = await opts.client.transactions.build({
+          feePayer: { publicKey: opts.adminPublicKey },
+          program: import_passkey_manager.PASSKEY_MANAGER_PROGRAM_ADDRESS,
+          instructionData: registerIx,
+          accounts: {
+            readWrite: [walletAddress, credentialLookupAddress],
+            readOnly: []
+          },
+          header: { fee: 0n }
+        });
+        await transaction.sign(opts.adminPrivateKey);
+        const signature = await opts.client.transactions.send(transaction.toWire());
+        const result = await trackTransaction(opts.client, signature, 6e4);
+        if (result.status !== "finalized") {
+          throw new Error(
+            `Credential registration failed with status: ${result.status}${result.errorCode !== void 0 ? ` (error code: ${result.errorCode})` : ""}`
+          );
+        }
+      } catch (error) {
+        console.warn("Credential registration failed (non-fatal):", error);
+      }
+    }
+  }
+  return {
+    walletAddress,
+    credentialLookupAddress
+  };
+}
+
+// src/server/challenge.ts
+var import_passkey_manager2 = require("@thru/passkey-manager");
+async function createPasskeyChallenge(opts) {
+  const nonce = await (0, import_passkey_manager2.fetchWalletNonce)(opts.client, opts.walletAddress);
+  const challenge = await (0, import_passkey_manager2.createValidateChallenge)(
+    nonce,
+    opts.accountCtx.accountAddresses,
+    opts.invokeIx
+  );
+  return {
+    challenge: (0, import_passkey_manager2.bytesToBase64Url)(challenge),
+    nonce: nonce.toString()
+  };
+}
+
+// src/server/submit.ts
+var import_passkey_manager3 = require("@thru/passkey-manager");
+async function submitPasskeyTransaction(opts) {
+  const validateIx = (0, import_passkey_manager3.encodeValidateInstruction)({
+    walletAccountIdx: opts.accountCtx.walletAccountIdx,
+    authIdx: 0,
+    signatureR: (0, import_passkey_manager3.hexToBytes)(opts.signatureR),
+    signatureS: (0, import_passkey_manager3.hexToBytes)(opts.signatureS),
+    authenticatorData: Buffer.from(opts.authenticatorData, "base64"),
+    clientDataJSON: Buffer.from(opts.clientDataJSON, "base64")
+  });
+  const instructionData = (0, import_passkey_manager3.concatenateInstructions)([validateIx, opts.invokeIx]);
+  const transaction = await opts.client.transactions.build({
+    feePayer: { publicKey: opts.adminPublicKey },
+    program: import_passkey_manager3.PASSKEY_MANAGER_PROGRAM_ADDRESS,
+    instructionData,
+    accounts: {
+      readWrite: opts.accountCtx.readWriteAddresses,
+      readOnly: opts.accountCtx.readOnlyAddresses
+    },
+    header: { fee: 0n }
+  });
+  await transaction.sign(opts.adminPrivateKey);
+  const signature = await opts.client.transactions.send(transaction.toWire());
+  return trackTransaction(opts.client, signature);
+}
+
+// src/server/handlers.ts
+function createPasskeyHandlers(opts) {
+  const pendingContexts = /* @__PURE__ */ new Map();
+  const challengeTtlMs = opts.challengeTtlMs ?? 5 * 6e4;
+  function createPendingContextKey(walletAddress, nonce, challenge) {
+    return `${walletAddress}:${nonce}:${challenge}`;
+  }
+  function prunePendingContexts(now = Date.now()) {
+    for (const [nonce, entry] of pendingContexts.entries()) {
+      if (now - entry.createdAt > challengeTtlMs) {
+        pendingContexts.delete(nonce);
+      }
+    }
+  }
+  return {
+    challenge: async (walletAddress, params) => {
+      prunePendingContexts();
+      const context = await opts.buildContext(params);
+      const challenge = await createPasskeyChallenge({
+        client: opts.client,
+        walletAddress,
+        accountCtx: context.accountCtx,
+        invokeIx: context.invokeIx
+      });
+      pendingContexts.set(
+        createPendingContextKey(walletAddress, challenge.nonce, challenge.challenge),
+        {
+          context,
+          createdAt: Date.now()
+        }
+      );
+      return challenge;
+    },
+    submit: async (walletAddress, params, payload) => {
+      void params;
+      prunePendingContexts();
+      const pendingKey = createPendingContextKey(
+        walletAddress,
+        payload.nonce,
+        payload.challenge
+      );
+      const pending = pendingContexts.get(pendingKey);
+      if (!pending) {
+        throw new Error("Missing or expired challenge nonce");
+      }
+      pendingContexts.delete(pendingKey);
+      const { nonce: _nonce, challenge: _challenge, ...signaturePayload } = payload;
+      return submitPasskeyTransaction({
+        client: opts.client,
+        adminPublicKey: opts.adminPublicKey,
+        adminPrivateKey: opts.adminPrivateKey,
+        walletAddress,
+        accountCtx: pending.context.accountCtx,
+        invokeIx: pending.context.invokeIx,
+        ...signaturePayload
+      });
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createPasskeyChallenge,
+  createPasskeyHandlers,
+  createPasskeyWallet,
+  submitPasskeyTransaction
+});
+//# sourceMappingURL=server.cjs.map

package/dist/server.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server/index.ts","../src/server/create-wallet.ts","../../helpers/src/constants.ts","../../helpers/src/address.ts","../src/server/utils.ts","../src/server/challenge.ts","../src/server/submit.ts","../src/server/handlers.ts"],"sourcesContent":["export type {\n  ThruClient,\n  PasskeySignaturePayload,\n  PasskeyChallengeSubmitPayload,\n  TransactionResult,\n  PasskeyChallengeResult,\n  PasskeyContextResult,\n} from './types';\n\nexport { createPasskeyWallet } from './create-wallet';\nexport { createPasskeyChallenge } from './challenge';\nexport { submitPasskeyTransaction } from './submit';\nexport { createPasskeyHandlers } from './handlers';\n","import {\n  PASSKEY_MANAGER_PROGRAM_ADDRESS,\n  base64UrlToBytes,\n  buildAccountContext,\n  createCredentialLookupSeed,\n  createWalletSeed,\n  deriveCredentialLookupAddress,\n  deriveWalletAddress,\n  encodeCreateInstruction,\n  encodeRegisterCredentialInstruction,\n} from '@thru/passkey-manager';\nimport { toThruAddress, getStateProof, trackTransaction } from './utils';\nimport type { ThruClient } from './types';\n\nexport async function createPasskeyWallet(opts: {\n  client: ThruClient;\n  adminPublicKey: Uint8Array;\n  adminPrivateKey: string;\n  adminAddress: string;\n  pubkeyX: Uint8Array;\n  pubkeyY: Uint8Array;\n  credentialId?: string;\n  walletName?: string;\n}): Promise<{ walletAddress: string; credentialLookupAddress?: string }> {\n  const walletName = opts.walletName ?? 'default';\n  const seed = await createWalletSeed(walletName, opts.pubkeyX, opts.pubkeyY);\n  const walletBytes = await deriveWalletAddress(seed, PASSKEY_MANAGER_PROGRAM_ADDRESS);\n  const walletAddress = toThruAddress(walletBytes);\n\n  let walletExists = false;\n  try {\n    await opts.client.accounts.get(walletAddress);\n    walletExists = true;\n  } catch {\n    walletExists = false;\n  }\n\n  if (!walletExists) {\n    const stateProof = await getStateProof(opts.client, walletAddress);\n    const accountCtx = buildAccountContext({\n      walletAddress,\n      readWriteAccounts: [],\n      readOnlyAccounts: [],\n      feePayerAddress: opts.adminAddress,\n      programAddress: PASSKEY_MANAGER_PROGRAM_ADDRESS,\n    });\n\n    const createIx = encodeCreateInstruction({\n      walletAccountIdx: accountCtx.walletAccountIdx,\n      authority: {\n        tag: 1,\n        pubkeyX: opts.pubkeyX,\n        pubkeyY: opts.pubkeyY,\n      },\n      seed,\n      stateProof,\n    });\n\n    const transaction = await opts.client.transactions.build({\n      feePayer: { publicKey: opts.adminPublicKey },\n      program: PASSKEY_MANAGER_PROGRAM_ADDRESS,\n      instructionData: createIx,\n      accounts: {\n        readWrite: [walletAddress],\n        readOnly: [],\n      },\n      header: { fee: 0n },\n    });\n\n    await transaction.sign(opts.adminPrivateKey);\n    const signature = await opts.client.transactions.send(transaction.toWire());\n    const result = await trackTransaction(opts.client, signature, 60000);\n    if (result.status !== 'finalized') {\n      throw new Error(\n        `Wallet creation failed with error code: ${result.errorCode ?? 'unknown'}`\n      );\n    }\n  }\n\n  let credentialLookupAddress: string | undefined;\n  if (opts.credentialId) {\n    const credentialIdBytes = base64UrlToBytes(opts.credentialId);\n    const lookupAddressBytes = await deriveCredentialLookupAddress(\n      credentialIdBytes,\n      walletName,\n      PASSKEY_MANAGER_PROGRAM_ADDRESS\n    );\n\n    credentialLookupAddress = toThruAddress(lookupAddressBytes);\n\n    let lookupExists = false;\n    try {\n      await opts.client.accounts.get(credentialLookupAddress);\n      lookupExists = true;\n    } catch {\n      lookupExists = false;\n    }\n\n    if (!lookupExists) {\n      try {\n        const credSeed = await createCredentialLookupSeed(credentialIdBytes, walletName);\n        const stateProof = await getStateProof(opts.client, credentialLookupAddress);\n        const accountCtx = buildAccountContext({\n          walletAddress,\n          readWriteAccounts: [lookupAddressBytes],\n          readOnlyAccounts: [],\n          feePayerAddress: opts.adminAddress,\n          programAddress: PASSKEY_MANAGER_PROGRAM_ADDRESS,\n        });\n\n        const registerIx = encodeRegisterCredentialInstruction({\n          walletAccountIdx: accountCtx.walletAccountIdx,\n          lookupAccountIdx: accountCtx.getAccountIndex(lookupAddressBytes),\n          seed: credSeed,\n          stateProof,\n        });\n\n        const transaction = await opts.client.transactions.build({\n          feePayer: { publicKey: opts.adminPublicKey },\n          program: PASSKEY_MANAGER_PROGRAM_ADDRESS,\n          instructionData: registerIx,\n          accounts: {\n            readWrite: [walletAddress, credentialLookupAddress],\n            readOnly: [],\n          },\n          header: { fee: 0n },\n        });\n\n        await transaction.sign(opts.adminPrivateKey);\n        const signature = await opts.client.transactions.send(transaction.toWire());\n        const result = await trackTransaction(opts.client, signature, 60000);\n        if (result.status !== 'finalized') {\n          throw new Error(\n            `Credential registration failed with status: ${result.status}${\n              result.errorCode !== undefined ? ` (error code: ${result.errorCode})` : ''\n            }`\n          );\n        }\n      } catch (error) {\n        console.warn('Credential registration failed (non-fatal):', error);\n      }\n    }\n  }\n\n  return {\n    walletAddress,\n    credentialLookupAddress,\n  };\n}\n","export const BASE64_URL_ALPHABET = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_\";\n\nconst tempMap = new Int16Array(256).fill(-1);\nfor (let i = 0; i < BASE64_URL_ALPHABET.length; i++) {\n    tempMap[BASE64_URL_ALPHABET.charCodeAt(i)] = i;\n}\nexport const BASE64_URL_MAP = tempMap\n\n","import { BASE64_URL_ALPHABET, BASE64_URL_MAP } from \"./constants\";\n\nexport function encodeAddress(bytes: Uint8Array): string {\n  if (bytes.length !== 32) {\n    throw new Error('Expected 32-byte address');\n  }\n\n  let checksum = 0;\n  let accumulator = 0;\n  let bitsCollected = 0;\n  const output: string[] = ['t', 'a'];\n\n  for (let i = 0; i < 30; i++) {\n    const byte = bytes[i];\n    checksum += byte;\n    accumulator = ((accumulator << 8) | byte) >>> 0;\n    bitsCollected += 8;\n    while (bitsCollected >= 6) {\n      const index = (accumulator >> (bitsCollected - 6)) & 0x3f;\n      output.push(BASE64_URL_ALPHABET[index]);\n      bitsCollected -= 6;\n      accumulator &= maskForBits(bitsCollected);\n    }\n  }\n\n  const secondLast = bytes[30];\n  checksum += secondLast;\n  accumulator = ((accumulator << 8) | secondLast) >>> 0;\n  bitsCollected += 8;\n\n  const last = bytes[31];\n  checksum += last;\n  accumulator = ((accumulator << 8) | last) >>> 0;\n  bitsCollected += 8;\n\n  accumulator = ((accumulator << 8) | (checksum & 0xff)) >>> 0;\n  bitsCollected += 8;\n\n  while (bitsCollected >= 6) {\n    const index = (accumulator >> (bitsCollected - 6)) & 0x3f;\n    output.push(BASE64_URL_ALPHABET[index]);\n    bitsCollected -= 6;\n    accumulator &= maskForBits(bitsCollected);\n  }\n\n  return output.join('');\n}\n\nexport function decodeAddress(value: string): Uint8Array {\n  if (value.length !== 46) {\n    throw new Error('Invalid address length');\n  }\n  if (!value.startsWith('ta')) {\n    throw new Error('Address must start with \"ta\"');\n  }\n\n  const output = new Uint8Array(32);\n  let checksum = 0;\n  let inIdx = 2;\n  let remaining = 40;\n  let outIdx = 0;\n\n  while (remaining >= 4) {\n    const a = BASE64_URL_MAP[value.charCodeAt(inIdx)];\n    const b = BASE64_URL_MAP[value.charCodeAt(inIdx + 1)];\n    const c = BASE64_URL_MAP[value.charCodeAt(inIdx + 2)];\n    const d = BASE64_URL_MAP[value.charCodeAt(inIdx + 3)];\n    if (a < 0 || b < 0 || c < 0 || d < 0) {\n      throw new Error('Invalid address encoding');\n    }\n    const triple = (a << 18) | (b << 12) | (c << 6) | d;\n    const byte1 = (triple >> 16) & 0xff;\n    const byte2 = (triple >> 8) & 0xff;\n    const byte3 = triple & 0xff;\n    checksum += byte1;\n    checksum += byte2;\n    checksum += byte3;\n    output[outIdx++] = byte1;\n    output[outIdx++] = byte2;\n    output[outIdx++] = byte3;\n    inIdx += 4;\n    remaining -= 4;\n  }\n\n  const a = BASE64_URL_MAP[value.charCodeAt(inIdx)];\n  const b = BASE64_URL_MAP[value.charCodeAt(inIdx + 1)];\n  const c = BASE64_URL_MAP[value.charCodeAt(inIdx + 2)];\n  const d = BASE64_URL_MAP[value.charCodeAt(inIdx + 3)];\n  if (a < 0 || b < 0 || c < 0 || d < 0) {\n    throw new Error('Invalid address encoding');\n  }\n  const triple = (a << 18) | (b << 12) | (c << 6) | d;\n  const byte1 = (triple >> 16) & 0xff;\n  const byte2 = (triple >> 8) & 0xff;\n  const incomingChecksum = triple & 0xff;\n\n  checksum += byte1;\n  checksum += byte2;\n  output[outIdx++] = byte1;\n  output[outIdx++] = byte2;\n\n  checksum &= 0xff;\n  if (checksum !== incomingChecksum) {\n    throw new Error('Address checksum mismatch');\n  }\n\n  return output;\n}\n\nfunction maskForBits(bits: number): number {\n  return bits === 0 ? 0 : (1 << bits) - 1;\n}\n","import { encodeAddress } from '@thru/helpers';\nimport type { ThruClient, TransactionResult } from './types';\n\nexport async function getStateProof(\n  client: ThruClient,\n  address: string,\n  proofType: number = 1,\n  targetSlot?: bigint\n): Promise<Uint8Array> {\n  const proofRequest: {\n    address: string;\n    proofType: number;\n    targetSlot?: bigint;\n  } = {\n    address,\n    proofType,\n  };\n\n  if (targetSlot !== undefined) {\n    proofRequest.targetSlot = targetSlot;\n  }\n\n  const proof = await client.proofs.generate(proofRequest);\n\n  if (!proof.proof || proof.proof.length === 0) {\n    throw new Error(`No state proof returned for ${address}`);\n  }\n\n  return proof.proof;\n}\n\nexport async function trackTransaction(\n  client: ThruClient,\n  signature: string,\n  timeoutMs: number = 5000\n): Promise<TransactionResult> {\n  try {\n    for await (const update of client.transactions.track(signature, { timeoutMs })) {\n      if (update.executionResult) {\n        return {\n          signature,\n          status: update.executionResult.userErrorCode === 0n ? 'finalized' : 'failed',\n          errorCode: update.executionResult.userErrorCode,\n        };\n      }\n\n      if (update.statusCode === 3) {\n        return {\n          signature,\n          status: 'finalized',\n        };\n      }\n    }\n  } catch {\n    return {\n      signature,\n      status: 'timeout',\n    };\n  }\n\n  return {\n    signature,\n    status: 'timeout',\n  };\n}\n\nexport function toThruAddress(bytes: Uint8Array): string {\n  return encodeAddress(bytes);\n}\n","import {\n  bytesToBase64Url,\n  createValidateChallenge,\n  fetchWalletNonce,\n} from '@thru/passkey-manager';\nimport type { AccountContext } from '@thru/passkey-manager';\nimport type { PasskeyChallengeResult, ThruClient } from './types';\n\nexport async function createPasskeyChallenge(opts: {\n  client: ThruClient;\n  walletAddress: string;\n  accountCtx: AccountContext;\n  invokeIx: Uint8Array;\n}): Promise<PasskeyChallengeResult> {\n  const nonce = await fetchWalletNonce(opts.client, opts.walletAddress);\n  const challenge = await createValidateChallenge(\n    nonce,\n    opts.accountCtx.accountAddresses,\n    opts.invokeIx\n  );\n\n  return {\n    challenge: bytesToBase64Url(challenge),\n    nonce: nonce.toString(),\n  };\n}\n","import {\n  PASSKEY_MANAGER_PROGRAM_ADDRESS,\n  concatenateInstructions,\n  encodeValidateInstruction,\n  hexToBytes,\n} from '@thru/passkey-manager';\nimport type { AccountContext } from '@thru/passkey-manager';\nimport { trackTransaction } from './utils';\nimport type {\n  PasskeySignaturePayload,\n  ThruClient,\n  TransactionResult,\n} from './types';\n\nexport async function submitPasskeyTransaction(opts: {\n  client: ThruClient;\n  adminPublicKey: Uint8Array;\n  adminPrivateKey: string;\n  walletAddress: string;\n  accountCtx: AccountContext;\n  invokeIx: Uint8Array;\n} & PasskeySignaturePayload): Promise<TransactionResult> {\n  const validateIx = encodeValidateInstruction({\n    walletAccountIdx: opts.accountCtx.walletAccountIdx,\n    authIdx: 0,\n    signatureR: hexToBytes(opts.signatureR),\n    signatureS: hexToBytes(opts.signatureS),\n    authenticatorData: Buffer.from(opts.authenticatorData, 'base64'),\n    clientDataJSON: Buffer.from(opts.clientDataJSON, 'base64'),\n  });\n\n  const instructionData = concatenateInstructions([validateIx, opts.invokeIx]);\n  const transaction = await opts.client.transactions.build({\n    feePayer: { publicKey: opts.adminPublicKey },\n    program: PASSKEY_MANAGER_PROGRAM_ADDRESS,\n    instructionData,\n    accounts: {\n      readWrite: opts.accountCtx.readWriteAddresses,\n      readOnly: opts.accountCtx.readOnlyAddresses,\n    },\n    header: { fee: 0n },\n  });\n\n  await transaction.sign(opts.adminPrivateKey);\n  const signature = await opts.client.transactions.send(transaction.toWire());\n  return trackTransaction(opts.client, signature);\n}\n","import type { PasskeyContextResult } from './types';\nimport { createPasskeyChallenge } from './challenge';\nimport { submitPasskeyTransaction } from './submit';\nimport type {\n  PasskeyChallengeSubmitPayload,\n  ThruClient,\n  TransactionResult,\n} from './types';\n\nexport function createPasskeyHandlers<P>(opts: {\n  buildContext: (params: P) => Promise<PasskeyContextResult>;\n  adminPublicKey: Uint8Array;\n  adminPrivateKey: string;\n  client: ThruClient;\n  challengeTtlMs?: number;\n}) {\n  const pendingContexts = new Map<\n    string,\n    { context: PasskeyContextResult; createdAt: number }\n  >();\n  const challengeTtlMs = opts.challengeTtlMs ?? 5 * 60_000;\n\n  function createPendingContextKey(\n    walletAddress: string,\n    nonce: string,\n    challenge: string\n  ): string {\n    return `${walletAddress}:${nonce}:${challenge}`;\n  }\n\n  function prunePendingContexts(now = Date.now()): void {\n    for (const [nonce, entry] of pendingContexts.entries()) {\n      if (now - entry.createdAt > challengeTtlMs) {\n        pendingContexts.delete(nonce);\n      }\n    }\n  }\n\n  return {\n    challenge: async (walletAddress: string, params: P) => {\n      prunePendingContexts();\n\n      const context = await opts.buildContext(params);\n      const challenge = await createPasskeyChallenge({\n        client: opts.client,\n        walletAddress,\n        accountCtx: context.accountCtx,\n        invokeIx: context.invokeIx,\n      });\n\n      pendingContexts.set(\n        createPendingContextKey(walletAddress, challenge.nonce, challenge.challenge),\n        {\n          context,\n          createdAt: Date.now(),\n        }\n      );\n\n      return challenge;\n    },\n    submit: async (\n      walletAddress: string,\n      params: P,\n      payload: PasskeyChallengeSubmitPayload\n    ): Promise<TransactionResult> => {\n      void params;\n      prunePendingContexts();\n\n      const pendingKey = createPendingContextKey(\n        walletAddress,\n        payload.nonce,\n        payload.challenge\n      );\n      const pending = pendingContexts.get(pendingKey);\n      if (!pending) {\n        throw new Error('Missing or expired challenge nonce');\n      }\n\n      pendingContexts.delete(pendingKey);\n      const { nonce: _nonce, challenge: _challenge, ...signaturePayload } = payload;\n\n      return submitPasskeyTransaction({\n        client: opts.client,\n        adminPublicKey: opts.adminPublicKey,\n        adminPrivateKey: opts.adminPrivateKey,\n        walletAddress,\n        accountCtx: pending.context.accountCtx,\n        invokeIx: pending.context.invokeIx,\n        ...signaturePayload,\n      });\n    },\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,6BAUO;;;ACVA,IAAM,sBAAsB;AAEnC,IAAM,UAAU,IAAI,WAAW,GAAG,EAAE,KAAK,EAAE;AAC3C,SAAS,IAAI,GAAG,IAAI,oBAAoB,QAAQ,KAAK;AACjD,UAAQ,oBAAoB,WAAW,CAAC,CAAC,IAAI;AACjD;;;ACHO,SAAS,cAAc,OAA2B;AACvD,MAAI,MAAM,WAAW,IAAI;AACvB,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC5C;AAEA,MAAI,WAAW;AACf,MAAI,cAAc;AAClB,MAAI,gBAAgB;AACpB,QAAM,SAAmB,CAAC,KAAK,GAAG;AAElC,WAAS,IAAI,GAAG,IAAI,IAAI,KAAK;AAC3B,UAAM,OAAO,MAAM,CAAC;AACpB,gBAAY;AACZ,mBAAgB,eAAe,IAAK,UAAU;AAC9C,qBAAiB;AACjB,WAAO,iBAAiB,GAAG;AACzB,YAAM,QAAS,eAAgB,gBAAgB,IAAM;AACrD,aAAO,KAAK,oBAAoB,KAAK,CAAC;AACtC,uBAAiB;AACjB,qBAAe,YAAY,aAAa;AAAA,IAC1C;AAAA,EACF;AAEA,QAAM,aAAa,MAAM,EAAE;AAC3B,cAAY;AACZ,iBAAgB,eAAe,IAAK,gBAAgB;AACpD,mBAAiB;AAEjB,QAAM,OAAO,MAAM,EAAE;AACrB,cAAY;AACZ,iBAAgB,eAAe,IAAK,UAAU;AAC9C,mBAAiB;AAEjB,iBAAgB,eAAe,IAAM,WAAW,SAAW;AAC3D,mBAAiB;AAEjB,SAAO,iBAAiB,GAAG;AACzB,UAAM,QAAS,eAAgB,gBAAgB,IAAM;AACrD,WAAO,KAAK,oBAAoB,KAAK,CAAC;AACtC,qBAAiB;AACjB,mBAAe,YAAY,aAAa;AAAA,EAC1C;AAEA,SAAO,OAAO,KAAK,EAAE;AACvB;AA+DA,SAAS,YAAY,MAAsB;AACzC,SAAO,SAAS,IAAI,KAAK,KAAK,QAAQ;AACxC;;;AC5GA,eAAsB,cACpB,QACA,SACA,YAAoB,GACpB,YACqB;AACrB,QAAM,eAIF;AAAA,IACF;AAAA,IACA;AAAA,EACF;AAEA,MAAI,eAAe,QAAW;AAC5B,iBAAa,aAAa;AAAA,EAC5B;AAEA,QAAM,QAAQ,MAAM,OAAO,OAAO,SAAS,YAAY;AAEvD,MAAI,CAAC,MAAM,SAAS,MAAM,MAAM,WAAW,GAAG;AAC5C,UAAM,IAAI,MAAM,+BAA+B,OAAO,EAAE;AAAA,EAC1D;AAEA,SAAO,MAAM;AACf;AAEA,eAAsB,iBACpB,QACA,WACA,YAAoB,KACQ;AAC5B,MAAI;AACF,qBAAiB,UAAU,OAAO,aAAa,MAAM,WAAW,EAAE,UAAU,CAAC,GAAG;AAC9E,UAAI,OAAO,iBAAiB;AAC1B,eAAO;AAAA,UACL;AAAA,UACA,QAAQ,OAAO,gBAAgB,kBAAkB,KAAK,cAAc;AAAA,UACpE,WAAW,OAAO,gBAAgB;AAAA,QACpC;AAAA,MACF;AAEA,UAAI,OAAO,eAAe,GAAG;AAC3B,eAAO;AAAA,UACL;AAAA,UACA,QAAQ;AAAA,QACV;AAAA,MACF;AAAA,IACF;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,MACL;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA,QAAQ;AAAA,EACV;AACF;AAEO,SAAS,cAAc,OAA2B;AACvD,SAAO,cAAc,KAAK;AAC5B;;;AHtDA,eAAsB,oBAAoB,MAS+B;AACvE,QAAM,aAAa,KAAK,cAAc;AACtC,QAAM,OAAO,UAAM,yCAAiB,YAAY,KAAK,SAAS,KAAK,OAAO;AAC1E,QAAM,cAAc,UAAM,4CAAoB,MAAM,sDAA+B;AACnF,QAAM,gBAAgB,cAAc,WAAW;AAE/C,MAAI,eAAe;AACnB,MAAI;AACF,UAAM,KAAK,OAAO,SAAS,IAAI,aAAa;AAC5C,mBAAe;AAAA,EACjB,QAAQ;AACN,mBAAe;AAAA,EACjB;AAEA,MAAI,CAAC,cAAc;AACjB,UAAM,aAAa,MAAM,cAAc,KAAK,QAAQ,aAAa;AACjE,UAAM,iBAAa,4CAAoB;AAAA,MACrC;AAAA,MACA,mBAAmB,CAAC;AAAA,MACpB,kBAAkB,CAAC;AAAA,MACnB,iBAAiB,KAAK;AAAA,MACtB,gBAAgB;AAAA,IAClB,CAAC;AAED,UAAM,eAAW,gDAAwB;AAAA,MACvC,kBAAkB,WAAW;AAAA,MAC7B,WAAW;AAAA,QACT,KAAK;AAAA,QACL,SAAS,KAAK;AAAA,QACd,SAAS,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAED,UAAM,cAAc,MAAM,KAAK,OAAO,aAAa,MAAM;AAAA,MACvD,UAAU,EAAE,WAAW,KAAK,eAAe;AAAA,MAC3C,SAAS;AAAA,MACT,iBAAiB;AAAA,MACjB,UAAU;AAAA,QACR,WAAW,CAAC,aAAa;AAAA,QACzB,UAAU,CAAC;AAAA,MACb;AAAA,MACA,QAAQ,EAAE,KAAK,GAAG;AAAA,IACpB,CAAC;AAED,UAAM,YAAY,KAAK,KAAK,eAAe;AAC3C,UAAM,YAAY,MAAM,KAAK,OAAO,aAAa,KAAK,YAAY,OAAO,CAAC;AAC1E,UAAM,SAAS,MAAM,iBAAiB,KAAK,QAAQ,WAAW,GAAK;AACnE,QAAI,OAAO,WAAW,aAAa;AACjC,YAAM,IAAI;AAAA,QACR,2CAA2C,OAAO,aAAa,SAAS;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACJ,MAAI,KAAK,cAAc;AACrB,UAAM,wBAAoB,yCAAiB,KAAK,YAAY;AAC5D,UAAM,qBAAqB,UAAM;AAAA,MAC/B;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,8BAA0B,cAAc,kBAAkB;AAE1D,QAAI,eAAe;AACnB,QAAI;AACF,YAAM,KAAK,OAAO,SAAS,IAAI,uBAAuB;AACtD,qBAAe;AAAA,IACjB,QAAQ;AACN,qBAAe;AAAA,IACjB;AAEA,QAAI,CAAC,cAAc;AACjB,UAAI;AACF,cAAM,WAAW,UAAM,mDAA2B,mBAAmB,UAAU;AAC/E,cAAM,aAAa,MAAM,cAAc,KAAK,QAAQ,uBAAuB;AAC3E,cAAM,iBAAa,4CAAoB;AAAA,UACrC;AAAA,UACA,mBAAmB,CAAC,kBAAkB;AAAA,UACtC,kBAAkB,CAAC;AAAA,UACnB,iBAAiB,KAAK;AAAA,UACtB,gBAAgB;AAAA,QAClB,CAAC;AAED,cAAM,iBAAa,4DAAoC;AAAA,UACrD,kBAAkB,WAAW;AAAA,UAC7B,kBAAkB,WAAW,gBAAgB,kBAAkB;AAAA,UAC/D,MAAM;AAAA,UACN;AAAA,QACF,CAAC;AAED,cAAM,cAAc,MAAM,KAAK,OAAO,aAAa,MAAM;AAAA,UACvD,UAAU,EAAE,WAAW,KAAK,eAAe;AAAA,UAC3C,SAAS;AAAA,UACT,iBAAiB;AAAA,UACjB,UAAU;AAAA,YACR,WAAW,CAAC,eAAe,uBAAuB;AAAA,YAClD,UAAU,CAAC;AAAA,UACb;AAAA,UACA,QAAQ,EAAE,KAAK,GAAG;AAAA,QACpB,CAAC;AAED,cAAM,YAAY,KAAK,KAAK,eAAe;AAC3C,cAAM,YAAY,MAAM,KAAK,OAAO,aAAa,KAAK,YAAY,OAAO,CAAC;AAC1E,cAAM,SAAS,MAAM,iBAAiB,KAAK,QAAQ,WAAW,GAAK;AACnE,YAAI,OAAO,WAAW,aAAa;AACjC,gBAAM,IAAI;AAAA,YACR,+CAA+C,OAAO,MAAM,GAC1D,OAAO,cAAc,SAAY,iBAAiB,OAAO,SAAS,MAAM,EAC1E;AAAA,UACF;AAAA,QACF;AAAA,MACF,SAAS,OAAO;AACd,gBAAQ,KAAK,+CAA+C,KAAK;AAAA,MACnE;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;;;AIpJA,IAAAA,0BAIO;AAIP,eAAsB,uBAAuB,MAKT;AAClC,QAAM,QAAQ,UAAM,0CAAiB,KAAK,QAAQ,KAAK,aAAa;AACpE,QAAM,YAAY,UAAM;AAAA,IACtB;AAAA,IACA,KAAK,WAAW;AAAA,IAChB,KAAK;AAAA,EACP;AAEA,SAAO;AAAA,IACL,eAAW,0CAAiB,SAAS;AAAA,IACrC,OAAO,MAAM,SAAS;AAAA,EACxB;AACF;;;ACzBA,IAAAC,0BAKO;AASP,eAAsB,yBAAyB,MAOU;AACvD,QAAM,iBAAa,mDAA0B;AAAA,IAC3C,kBAAkB,KAAK,WAAW;AAAA,IAClC,SAAS;AAAA,IACT,gBAAY,oCAAW,KAAK,UAAU;AAAA,IACtC,gBAAY,oCAAW,KAAK,UAAU;AAAA,IACtC,mBAAmB,OAAO,KAAK,KAAK,mBAAmB,QAAQ;AAAA,IAC/D,gBAAgB,OAAO,KAAK,KAAK,gBAAgB,QAAQ;AAAA,EAC3D,CAAC;AAED,QAAM,sBAAkB,iDAAwB,CAAC,YAAY,KAAK,QAAQ,CAAC;AAC3E,QAAM,cAAc,MAAM,KAAK,OAAO,aAAa,MAAM;AAAA,IACvD,UAAU,EAAE,WAAW,KAAK,eAAe;AAAA,IAC3C,SAAS;AAAA,IACT;AAAA,IACA,UAAU;AAAA,MACR,WAAW,KAAK,WAAW;AAAA,MAC3B,UAAU,KAAK,WAAW;AAAA,IAC5B;AAAA,IACA,QAAQ,EAAE,KAAK,GAAG;AAAA,EACpB,CAAC;AAED,QAAM,YAAY,KAAK,KAAK,eAAe;AAC3C,QAAM,YAAY,MAAM,KAAK,OAAO,aAAa,KAAK,YAAY,OAAO,CAAC;AAC1E,SAAO,iBAAiB,KAAK,QAAQ,SAAS;AAChD;;;ACrCO,SAAS,sBAAyB,MAMtC;AACD,QAAM,kBAAkB,oBAAI,IAG1B;AACF,QAAM,iBAAiB,KAAK,kBAAkB,IAAI;AAElD,WAAS,wBACP,eACA,OACA,WACQ;AACR,WAAO,GAAG,aAAa,IAAI,KAAK,IAAI,SAAS;AAAA,EAC/C;AAEA,WAAS,qBAAqB,MAAM,KAAK,IAAI,GAAS;AACpD,eAAW,CAAC,OAAO,KAAK,KAAK,gBAAgB,QAAQ,GAAG;AACtD,UAAI,MAAM,MAAM,YAAY,gBAAgB;AAC1C,wBAAgB,OAAO,KAAK;AAAA,MAC9B;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,WAAW,OAAO,eAAuB,WAAc;AACrD,2BAAqB;AAErB,YAAM,UAAU,MAAM,KAAK,aAAa,MAAM;AAC9C,YAAM,YAAY,MAAM,uBAAuB;AAAA,QAC7C,QAAQ,KAAK;AAAA,QACb;AAAA,QACA,YAAY,QAAQ;AAAA,QACpB,UAAU,QAAQ;AAAA,MACpB,CAAC;AAED,sBAAgB;AAAA,QACd,wBAAwB,eAAe,UAAU,OAAO,UAAU,SAAS;AAAA,QAC3E;AAAA,UACE;AAAA,UACA,WAAW,KAAK,IAAI;AAAA,QACtB;AAAA,MACF;AAEA,aAAO;AAAA,IACT;AAAA,IACA,QAAQ,OACN,eACA,QACA,YAC+B;AAC/B,WAAK;AACL,2BAAqB;AAErB,YAAM,aAAa;AAAA,QACjB;AAAA,QACA,QAAQ;AAAA,QACR,QAAQ;AAAA,MACV;AACA,YAAM,UAAU,gBAAgB,IAAI,UAAU;AAC9C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,oCAAoC;AAAA,MACtD;AAEA,sBAAgB,OAAO,UAAU;AACjC,YAAM,EAAE,OAAO,QAAQ,WAAW,YAAY,GAAG,iBAAiB,IAAI;AAEtE,aAAO,yBAAyB;AAAA,QAC9B,QAAQ,KAAK;AAAA,QACb,gBAAgB,KAAK;AAAA,QACrB,iBAAiB,KAAK;AAAA,QACtB;AAAA,QACA,YAAY,QAAQ,QAAQ;AAAA,QAC5B,UAAU,QAAQ,QAAQ;AAAA,QAC1B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAAA,EACF;AACF;","names":["import_passkey_manager","import_passkey_manager"]}

package/dist/server.d.cts

@@ -0,0 +1,119 @@
+import { AccountContext } from '@thru/passkey-manager';
+
+interface ThruClient {
+    accounts: {
+        get: (address: string) => Promise<{
+            data?: {
+                data?: Uint8Array;
+            };
+        }>;
+    };
+    blocks: {
+        getBlockHeight: () => Promise<{
+            finalized: bigint;
+        }>;
+    };
+    proofs: {
+        generate: (params: {
+            address: string;
+            proofType: number;
+            targetSlot: bigint;
+        }) => Promise<{
+            proof?: Uint8Array;
+        }>;
+    };
+    transactions: {
+        build: (params: {
+            feePayer: {
+                publicKey: Uint8Array;
+            };
+            program: string;
+            instructionData: Uint8Array;
+            accounts: {
+                readWrite: string[];
+                readOnly: string[];
+            };
+            header: {
+                fee: bigint;
+            };
+        }) => Promise<{
+            sign: (privateKey: string) => Promise<unknown>;
+            toWire: () => Uint8Array;
+        }>;
+        send: (transaction: Uint8Array) => Promise<string>;
+        track: (signature: string, opts: {
+            timeoutMs: number;
+        }) => AsyncIterable<{
+            executionResult?: {
+                userErrorCode: bigint;
+            };
+            statusCode?: number;
+        }>;
+    };
+}
+interface PasskeySignaturePayload {
+    signatureR: string;
+    signatureS: string;
+    authenticatorData: string;
+    clientDataJSON: string;
+}
+interface PasskeyChallengeSubmitPayload extends PasskeySignaturePayload {
+    challenge: string;
+    nonce: string;
+}
+interface TransactionResult {
+    signature: string;
+    status: 'finalized' | 'failed' | 'timeout';
+    errorCode?: bigint;
+}
+interface PasskeyChallengeResult {
+    challenge: string;
+    nonce: string;
+}
+interface PasskeyContextResult {
+    accountCtx: AccountContext;
+    invokeIx: Uint8Array;
+}
+
+declare function createPasskeyWallet(opts: {
+    client: ThruClient;
+    adminPublicKey: Uint8Array;
+    adminPrivateKey: string;
+    adminAddress: string;
+    pubkeyX: Uint8Array;
+    pubkeyY: Uint8Array;
+    credentialId?: string;
+    walletName?: string;
+}): Promise<{
+    walletAddress: string;
+    credentialLookupAddress?: string;
+}>;
+
+declare function createPasskeyChallenge(opts: {
+    client: ThruClient;
+    walletAddress: string;
+    accountCtx: AccountContext;
+    invokeIx: Uint8Array;
+}): Promise<PasskeyChallengeResult>;
+
+declare function submitPasskeyTransaction(opts: {
+    client: ThruClient;
+    adminPublicKey: Uint8Array;
+    adminPrivateKey: string;
+    walletAddress: string;
+    accountCtx: AccountContext;
+    invokeIx: Uint8Array;
+} & PasskeySignaturePayload): Promise<TransactionResult>;
+
+declare function createPasskeyHandlers<P>(opts: {
+    buildContext: (params: P) => Promise<PasskeyContextResult>;
+    adminPublicKey: Uint8Array;
+    adminPrivateKey: string;
+    client: ThruClient;
+    challengeTtlMs?: number;
+}): {
+    challenge: (walletAddress: string, params: P) => Promise<PasskeyChallengeResult>;
+    submit: (walletAddress: string, params: P, payload: PasskeyChallengeSubmitPayload) => Promise<TransactionResult>;
+};
+
+export { type PasskeyChallengeResult, type PasskeyChallengeSubmitPayload, type PasskeyContextResult, type PasskeySignaturePayload, type ThruClient, type TransactionResult, createPasskeyChallenge, createPasskeyHandlers, createPasskeyWallet, submitPasskeyTransaction };

package/dist/server.d.ts

@@ -0,0 +1,119 @@
+import { AccountContext } from '@thru/passkey-manager';
+
+interface ThruClient {
+    accounts: {
+        get: (address: string) => Promise<{
+            data?: {
+                data?: Uint8Array;
+            };
+        }>;
+    };
+    blocks: {
+        getBlockHeight: () => Promise<{
+            finalized: bigint;
+        }>;
+    };
+    proofs: {
+        generate: (params: {
+            address: string;
+            proofType: number;
+            targetSlot: bigint;
+        }) => Promise<{
+            proof?: Uint8Array;
+        }>;
+    };
+    transactions: {
+        build: (params: {
+            feePayer: {
+                publicKey: Uint8Array;
+            };
+            program: string;
+            instructionData: Uint8Array;
+            accounts: {
+                readWrite: string[];
+                readOnly: string[];
+            };
+            header: {
+                fee: bigint;
+            };
+        }) => Promise<{
+            sign: (privateKey: string) => Promise<unknown>;
+            toWire: () => Uint8Array;
+        }>;
+        send: (transaction: Uint8Array) => Promise<string>;
+        track: (signature: string, opts: {
+            timeoutMs: number;
+        }) => AsyncIterable<{
+            executionResult?: {
+                userErrorCode: bigint;
+            };
+            statusCode?: number;
+        }>;
+    };
+}
+interface PasskeySignaturePayload {
+    signatureR: string;
+    signatureS: string;
+    authenticatorData: string;
+    clientDataJSON: string;
+}
+interface PasskeyChallengeSubmitPayload extends PasskeySignaturePayload {
+    challenge: string;
+    nonce: string;
+}
+interface TransactionResult {
+    signature: string;
+    status: 'finalized' | 'failed' | 'timeout';
+    errorCode?: bigint;
+}
+interface PasskeyChallengeResult {
+    challenge: string;
+    nonce: string;
+}
+interface PasskeyContextResult {
+    accountCtx: AccountContext;
+    invokeIx: Uint8Array;
+}
+
+declare function createPasskeyWallet(opts: {
+    client: ThruClient;
+    adminPublicKey: Uint8Array;
+    adminPrivateKey: string;
+    adminAddress: string;
+    pubkeyX: Uint8Array;
+    pubkeyY: Uint8Array;
+    credentialId?: string;
+    walletName?: string;
+}): Promise<{
+    walletAddress: string;
+    credentialLookupAddress?: string;
+}>;
+
+declare function createPasskeyChallenge(opts: {
+    client: ThruClient;
+    walletAddress: string;
+    accountCtx: AccountContext;
+    invokeIx: Uint8Array;
+}): Promise<PasskeyChallengeResult>;
+
+declare function submitPasskeyTransaction(opts: {
+    client: ThruClient;
+    adminPublicKey: Uint8Array;
+    adminPrivateKey: string;
+    walletAddress: string;
+    accountCtx: AccountContext;
+    invokeIx: Uint8Array;
+} & PasskeySignaturePayload): Promise<TransactionResult>;
+
+declare function createPasskeyHandlers<P>(opts: {
+    buildContext: (params: P) => Promise<PasskeyContextResult>;
+    adminPublicKey: Uint8Array;
+    adminPrivateKey: string;
+    client: ThruClient;
+    challengeTtlMs?: number;
+}): {
+    challenge: (walletAddress: string, params: P) => Promise<PasskeyChallengeResult>;
+    submit: (walletAddress: string, params: P, payload: PasskeyChallengeSubmitPayload) => Promise<TransactionResult>;
+};
+
+export { type PasskeyChallengeResult, type PasskeyChallengeSubmitPayload, type PasskeyContextResult, type PasskeySignaturePayload, type ThruClient, type TransactionResult, createPasskeyChallenge, createPasskeyHandlers, createPasskeyWallet, submitPasskeyTransaction };