@thru/passkey 0.2.13 → 0.2.14

package/dist/server.js

@@ -0,0 +1,340 @@
+// src/server/create-wallet.ts
+import {
+  PASSKEY_MANAGER_PROGRAM_ADDRESS,
+  base64UrlToBytes,
+  buildAccountContext,
+  createCredentialLookupSeed,
+  createWalletSeed,
+  deriveCredentialLookupAddress,
+  deriveWalletAddress,
+  encodeCreateInstruction,
+  encodeRegisterCredentialInstruction
+} from "@thru/passkey-manager";
+
+// ../helpers/src/constants.ts
+var BASE64_URL_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+var tempMap = new Int16Array(256).fill(-1);
+for (let i = 0; i < BASE64_URL_ALPHABET.length; i++) {
+  tempMap[BASE64_URL_ALPHABET.charCodeAt(i)] = i;
+}
+
+// ../helpers/src/address.ts
+function encodeAddress(bytes) {
+  if (bytes.length !== 32) {
+    throw new Error("Expected 32-byte address");
+  }
+  let checksum = 0;
+  let accumulator = 0;
+  let bitsCollected = 0;
+  const output = ["t", "a"];
+  for (let i = 0; i < 30; i++) {
+    const byte = bytes[i];
+    checksum += byte;
+    accumulator = (accumulator << 8 | byte) >>> 0;
+    bitsCollected += 8;
+    while (bitsCollected >= 6) {
+      const index = accumulator >> bitsCollected - 6 & 63;
+      output.push(BASE64_URL_ALPHABET[index]);
+      bitsCollected -= 6;
+      accumulator &= maskForBits(bitsCollected);
+    }
+  }
+  const secondLast = bytes[30];
+  checksum += secondLast;
+  accumulator = (accumulator << 8 | secondLast) >>> 0;
+  bitsCollected += 8;
+  const last = bytes[31];
+  checksum += last;
+  accumulator = (accumulator << 8 | last) >>> 0;
+  bitsCollected += 8;
+  accumulator = (accumulator << 8 | checksum & 255) >>> 0;
+  bitsCollected += 8;
+  while (bitsCollected >= 6) {
+    const index = accumulator >> bitsCollected - 6 & 63;
+    output.push(BASE64_URL_ALPHABET[index]);
+    bitsCollected -= 6;
+    accumulator &= maskForBits(bitsCollected);
+  }
+  return output.join("");
+}
+function maskForBits(bits) {
+  return bits === 0 ? 0 : (1 << bits) - 1;
+}
+
+// src/server/utils.ts
+async function getStateProof(client, address, proofType = 1, targetSlot) {
+  const proofRequest = {
+    address,
+    proofType
+  };
+  if (targetSlot !== void 0) {
+    proofRequest.targetSlot = targetSlot;
+  }
+  const proof = await client.proofs.generate(proofRequest);
+  if (!proof.proof || proof.proof.length === 0) {
+    throw new Error(`No state proof returned for ${address}`);
+  }
+  return proof.proof;
+}
+async function trackTransaction(client, signature, timeoutMs = 5e3) {
+  try {
+    for await (const update of client.transactions.track(signature, { timeoutMs })) {
+      if (update.executionResult) {
+        return {
+          signature,
+          status: update.executionResult.userErrorCode === 0n ? "finalized" : "failed",
+          errorCode: update.executionResult.userErrorCode
+        };
+      }
+      if (update.statusCode === 3) {
+        return {
+          signature,
+          status: "finalized"
+        };
+      }
+    }
+  } catch {
+    return {
+      signature,
+      status: "timeout"
+    };
+  }
+  return {
+    signature,
+    status: "timeout"
+  };
+}
+function toThruAddress(bytes) {
+  return encodeAddress(bytes);
+}
+
+// src/server/create-wallet.ts
+async function createPasskeyWallet(opts) {
+  const walletName = opts.walletName ?? "default";
+  const seed = await createWalletSeed(walletName, opts.pubkeyX, opts.pubkeyY);
+  const walletBytes = await deriveWalletAddress(seed, PASSKEY_MANAGER_PROGRAM_ADDRESS);
+  const walletAddress = toThruAddress(walletBytes);
+  let walletExists = false;
+  try {
+    await opts.client.accounts.get(walletAddress);
+    walletExists = true;
+  } catch {
+    walletExists = false;
+  }
+  if (!walletExists) {
+    const stateProof = await getStateProof(opts.client, walletAddress);
+    const accountCtx = buildAccountContext({
+      walletAddress,
+      readWriteAccounts: [],
+      readOnlyAccounts: [],
+      feePayerAddress: opts.adminAddress,
+      programAddress: PASSKEY_MANAGER_PROGRAM_ADDRESS
+    });
+    const createIx = encodeCreateInstruction({
+      walletAccountIdx: accountCtx.walletAccountIdx,
+      authority: {
+        tag: 1,
+        pubkeyX: opts.pubkeyX,
+        pubkeyY: opts.pubkeyY
+      },
+      seed,
+      stateProof
+    });
+    const transaction = await opts.client.transactions.build({
+      feePayer: { publicKey: opts.adminPublicKey },
+      program: PASSKEY_MANAGER_PROGRAM_ADDRESS,
+      instructionData: createIx,
+      accounts: {
+        readWrite: [walletAddress],
+        readOnly: []
+      },
+      header: { fee: 0n }
+    });
+    await transaction.sign(opts.adminPrivateKey);
+    const signature = await opts.client.transactions.send(transaction.toWire());
+    const result = await trackTransaction(opts.client, signature, 6e4);
+    if (result.status !== "finalized") {
+      throw new Error(
+        `Wallet creation failed with error code: ${result.errorCode ?? "unknown"}`
+      );
+    }
+  }
+  let credentialLookupAddress;
+  if (opts.credentialId) {
+    const credentialIdBytes = base64UrlToBytes(opts.credentialId);
+    const lookupAddressBytes = await deriveCredentialLookupAddress(
+      credentialIdBytes,
+      walletName,
+      PASSKEY_MANAGER_PROGRAM_ADDRESS
+    );
+    credentialLookupAddress = toThruAddress(lookupAddressBytes);
+    let lookupExists = false;
+    try {
+      await opts.client.accounts.get(credentialLookupAddress);
+      lookupExists = true;
+    } catch {
+      lookupExists = false;
+    }
+    if (!lookupExists) {
+      try {
+        const credSeed = await createCredentialLookupSeed(credentialIdBytes, walletName);
+        const stateProof = await getStateProof(opts.client, credentialLookupAddress);
+        const accountCtx = buildAccountContext({
+          walletAddress,
+          readWriteAccounts: [lookupAddressBytes],
+          readOnlyAccounts: [],
+          feePayerAddress: opts.adminAddress,
+          programAddress: PASSKEY_MANAGER_PROGRAM_ADDRESS
+        });
+        const registerIx = encodeRegisterCredentialInstruction({
+          walletAccountIdx: accountCtx.walletAccountIdx,
+          lookupAccountIdx: accountCtx.getAccountIndex(lookupAddressBytes),
+          seed: credSeed,
+          stateProof
+        });
+        const transaction = await opts.client.transactions.build({
+          feePayer: { publicKey: opts.adminPublicKey },
+          program: PASSKEY_MANAGER_PROGRAM_ADDRESS,
+          instructionData: registerIx,
+          accounts: {
+            readWrite: [walletAddress, credentialLookupAddress],
+            readOnly: []
+          },
+          header: { fee: 0n }
+        });
+        await transaction.sign(opts.adminPrivateKey);
+        const signature = await opts.client.transactions.send(transaction.toWire());
+        const result = await trackTransaction(opts.client, signature, 6e4);
+        if (result.status !== "finalized") {
+          throw new Error(
+            `Credential registration failed with status: ${result.status}${result.errorCode !== void 0 ? ` (error code: ${result.errorCode})` : ""}`
+          );
+        }
+      } catch (error) {
+        console.warn("Credential registration failed (non-fatal):", error);
+      }
+    }
+  }
+  return {
+    walletAddress,
+    credentialLookupAddress
+  };
+}
+
+// src/server/challenge.ts
+import {
+  bytesToBase64Url,
+  createValidateChallenge,
+  fetchWalletNonce
+} from "@thru/passkey-manager";
+async function createPasskeyChallenge(opts) {
+  const nonce = await fetchWalletNonce(opts.client, opts.walletAddress);
+  const challenge = await createValidateChallenge(
+    nonce,
+    opts.accountCtx.accountAddresses,
+    opts.invokeIx
+  );
+  return {
+    challenge: bytesToBase64Url(challenge),
+    nonce: nonce.toString()
+  };
+}
+
+// src/server/submit.ts
+import {
+  PASSKEY_MANAGER_PROGRAM_ADDRESS as PASSKEY_MANAGER_PROGRAM_ADDRESS2,
+  concatenateInstructions,
+  encodeValidateInstruction,
+  hexToBytes as hexToBytes2
+} from "@thru/passkey-manager";
+async function submitPasskeyTransaction(opts) {
+  const validateIx = encodeValidateInstruction({
+    walletAccountIdx: opts.accountCtx.walletAccountIdx,
+    authIdx: 0,
+    signatureR: hexToBytes2(opts.signatureR),
+    signatureS: hexToBytes2(opts.signatureS),
+    authenticatorData: Buffer.from(opts.authenticatorData, "base64"),
+    clientDataJSON: Buffer.from(opts.clientDataJSON, "base64")
+  });
+  const instructionData = concatenateInstructions([validateIx, opts.invokeIx]);
+  const transaction = await opts.client.transactions.build({
+    feePayer: { publicKey: opts.adminPublicKey },
+    program: PASSKEY_MANAGER_PROGRAM_ADDRESS2,
+    instructionData,
+    accounts: {
+      readWrite: opts.accountCtx.readWriteAddresses,
+      readOnly: opts.accountCtx.readOnlyAddresses
+    },
+    header: { fee: 0n }
+  });
+  await transaction.sign(opts.adminPrivateKey);
+  const signature = await opts.client.transactions.send(transaction.toWire());
+  return trackTransaction(opts.client, signature);
+}
+
+// src/server/handlers.ts
+function createPasskeyHandlers(opts) {
+  const pendingContexts = /* @__PURE__ */ new Map();
+  const challengeTtlMs = opts.challengeTtlMs ?? 5 * 6e4;
+  function createPendingContextKey(walletAddress, nonce, challenge) {
+    return `${walletAddress}:${nonce}:${challenge}`;
+  }
+  function prunePendingContexts(now = Date.now()) {
+    for (const [nonce, entry] of pendingContexts.entries()) {
+      if (now - entry.createdAt > challengeTtlMs) {
+        pendingContexts.delete(nonce);
+      }
+    }
+  }
+  return {
+    challenge: async (walletAddress, params) => {
+      prunePendingContexts();
+      const context = await opts.buildContext(params);
+      const challenge = await createPasskeyChallenge({
+        client: opts.client,
+        walletAddress,
+        accountCtx: context.accountCtx,
+        invokeIx: context.invokeIx
+      });
+      pendingContexts.set(
+        createPendingContextKey(walletAddress, challenge.nonce, challenge.challenge),
+        {
+          context,
+          createdAt: Date.now()
+        }
+      );
+      return challenge;
+    },
+    submit: async (walletAddress, params, payload) => {
+      void params;
+      prunePendingContexts();
+      const pendingKey = createPendingContextKey(
+        walletAddress,
+        payload.nonce,
+        payload.challenge
+      );
+      const pending = pendingContexts.get(pendingKey);
+      if (!pending) {
+        throw new Error("Missing or expired challenge nonce");
+      }
+      pendingContexts.delete(pendingKey);
+      const { nonce: _nonce, challenge: _challenge, ...signaturePayload } = payload;
+      return submitPasskeyTransaction({
+        client: opts.client,
+        adminPublicKey: opts.adminPublicKey,
+        adminPrivateKey: opts.adminPrivateKey,
+        walletAddress,
+        accountCtx: pending.context.accountCtx,
+        invokeIx: pending.context.invokeIx,
+        ...signaturePayload
+      });
+    }
+  };
+}
+export {
+  createPasskeyChallenge,
+  createPasskeyHandlers,
+  createPasskeyWallet,
+  submitPasskeyTransaction
+};
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server/create-wallet.ts","../../helpers/src/constants.ts","../../helpers/src/address.ts","../src/server/utils.ts","../src/server/challenge.ts","../src/server/submit.ts","../src/server/handlers.ts"],"sourcesContent":["import {\n  PASSKEY_MANAGER_PROGRAM_ADDRESS,\n  base64UrlToBytes,\n  buildAccountContext,\n  createCredentialLookupSeed,\n  createWalletSeed,\n  deriveCredentialLookupAddress,\n  deriveWalletAddress,\n  encodeCreateInstruction,\n  encodeRegisterCredentialInstruction,\n} from '@thru/passkey-manager';\nimport { toThruAddress, getStateProof, trackTransaction } from './utils';\nimport type { ThruClient } from './types';\n\nexport async function createPasskeyWallet(opts: {\n  client: ThruClient;\n  adminPublicKey: Uint8Array;\n  adminPrivateKey: string;\n  adminAddress: string;\n  pubkeyX: Uint8Array;\n  pubkeyY: Uint8Array;\n  credentialId?: string;\n  walletName?: string;\n}): Promise<{ walletAddress: string; credentialLookupAddress?: string }> {\n  const walletName = opts.walletName ?? 'default';\n  const seed = await createWalletSeed(walletName, opts.pubkeyX, opts.pubkeyY);\n  const walletBytes = await deriveWalletAddress(seed, PASSKEY_MANAGER_PROGRAM_ADDRESS);\n  const walletAddress = toThruAddress(walletBytes);\n\n  let walletExists = false;\n  try {\n    await opts.client.accounts.get(walletAddress);\n    walletExists = true;\n  } catch {\n    walletExists = false;\n  }\n\n  if (!walletExists) {\n    const stateProof = await getStateProof(opts.client, walletAddress);\n    const accountCtx = buildAccountContext({\n      walletAddress,\n      readWriteAccounts: [],\n      readOnlyAccounts: [],\n      feePayerAddress: opts.adminAddress,\n      programAddress: PASSKEY_MANAGER_PROGRAM_ADDRESS,\n    });\n\n    const createIx = encodeCreateInstruction({\n      walletAccountIdx: accountCtx.walletAccountIdx,\n      authority: {\n        tag: 1,\n        pubkeyX: opts.pubkeyX,\n        pubkeyY: opts.pubkeyY,\n      },\n      seed,\n      stateProof,\n    });\n\n    const transaction = await opts.client.transactions.build({\n      feePayer: { publicKey: opts.adminPublicKey },\n      program: PASSKEY_MANAGER_PROGRAM_ADDRESS,\n      instructionData: createIx,\n      accounts: {\n        readWrite: [walletAddress],\n        readOnly: [],\n      },\n      header: { fee: 0n },\n    });\n\n    await transaction.sign(opts.adminPrivateKey);\n    const signature = await opts.client.transactions.send(transaction.toWire());\n    const result = await trackTransaction(opts.client, signature, 60000);\n    if (result.status !== 'finalized') {\n      throw new Error(\n        `Wallet creation failed with error code: ${result.errorCode ?? 'unknown'}`\n      );\n    }\n  }\n\n  let credentialLookupAddress: string | undefined;\n  if (opts.credentialId) {\n    const credentialIdBytes = base64UrlToBytes(opts.credentialId);\n    const lookupAddressBytes = await deriveCredentialLookupAddress(\n      credentialIdBytes,\n      walletName,\n      PASSKEY_MANAGER_PROGRAM_ADDRESS\n    );\n\n    credentialLookupAddress = toThruAddress(lookupAddressBytes);\n\n    let lookupExists = false;\n    try {\n      await opts.client.accounts.get(credentialLookupAddress);\n      lookupExists = true;\n    } catch {\n      lookupExists = false;\n    }\n\n    if (!lookupExists) {\n      try {\n        const credSeed = await createCredentialLookupSeed(credentialIdBytes, walletName);\n        const stateProof = await getStateProof(opts.client, credentialLookupAddress);\n        const accountCtx = buildAccountContext({\n          walletAddress,\n          readWriteAccounts: [lookupAddressBytes],\n          readOnlyAccounts: [],\n          feePayerAddress: opts.adminAddress,\n          programAddress: PASSKEY_MANAGER_PROGRAM_ADDRESS,\n        });\n\n        const registerIx = encodeRegisterCredentialInstruction({\n          walletAccountIdx: accountCtx.walletAccountIdx,\n          lookupAccountIdx: accountCtx.getAccountIndex(lookupAddressBytes),\n          seed: credSeed,\n          stateProof,\n        });\n\n        const transaction = await opts.client.transactions.build({\n          feePayer: { publicKey: opts.adminPublicKey },\n          program: PASSKEY_MANAGER_PROGRAM_ADDRESS,\n          instructionData: registerIx,\n          accounts: {\n            readWrite: [walletAddress, credentialLookupAddress],\n            readOnly: [],\n          },\n          header: { fee: 0n },\n        });\n\n        await transaction.sign(opts.adminPrivateKey);\n        const signature = await opts.client.transactions.send(transaction.toWire());\n        const result = await trackTransaction(opts.client, signature, 60000);\n        if (result.status !== 'finalized') {\n          throw new Error(\n            `Credential registration failed with status: ${result.status}${\n              result.errorCode !== undefined ? ` (error code: ${result.errorCode})` : ''\n            }`\n          );\n        }\n      } catch (error) {\n        console.warn('Credential registration failed (non-fatal):', error);\n      }\n    }\n  }\n\n  return {\n    walletAddress,\n    credentialLookupAddress,\n  };\n}\n","export const BASE64_URL_ALPHABET = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_\";\n\nconst tempMap = new Int16Array(256).fill(-1);\nfor (let i = 0; i < BASE64_URL_ALPHABET.length; i++) {\n    tempMap[BASE64_URL_ALPHABET.charCodeAt(i)] = i;\n}\nexport const BASE64_URL_MAP = tempMap\n\n","import { BASE64_URL_ALPHABET, BASE64_URL_MAP } from \"./constants\";\n\nexport function encodeAddress(bytes: Uint8Array): string {\n  if (bytes.length !== 32) {\n    throw new Error('Expected 32-byte address');\n  }\n\n  let checksum = 0;\n  let accumulator = 0;\n  let bitsCollected = 0;\n  const output: string[] = ['t', 'a'];\n\n  for (let i = 0; i < 30; i++) {\n    const byte = bytes[i];\n    checksum += byte;\n    accumulator = ((accumulator << 8) | byte) >>> 0;\n    bitsCollected += 8;\n    while (bitsCollected >= 6) {\n      const index = (accumulator >> (bitsCollected - 6)) & 0x3f;\n      output.push(BASE64_URL_ALPHABET[index]);\n      bitsCollected -= 6;\n      accumulator &= maskForBits(bitsCollected);\n    }\n  }\n\n  const secondLast = bytes[30];\n  checksum += secondLast;\n  accumulator = ((accumulator << 8) | secondLast) >>> 0;\n  bitsCollected += 8;\n\n  const last = bytes[31];\n  checksum += last;\n  accumulator = ((accumulator << 8) | last) >>> 0;\n  bitsCollected += 8;\n\n  accumulator = ((accumulator << 8) | (checksum & 0xff)) >>> 0;\n  bitsCollected += 8;\n\n  while (bitsCollected >= 6) {\n    const index = (accumulator >> (bitsCollected - 6)) & 0x3f;\n    output.push(BASE64_URL_ALPHABET[index]);\n    bitsCollected -= 6;\n    accumulator &= maskForBits(bitsCollected);\n  }\n\n  return output.join('');\n}\n\nexport function decodeAddress(value: string): Uint8Array {\n  if (value.length !== 46) {\n    throw new Error('Invalid address length');\n  }\n  if (!value.startsWith('ta')) {\n    throw new Error('Address must start with \"ta\"');\n  }\n\n  const output = new Uint8Array(32);\n  let checksum = 0;\n  let inIdx = 2;\n  let remaining = 40;\n  let outIdx = 0;\n\n  while (remaining >= 4) {\n    const a = BASE64_URL_MAP[value.charCodeAt(inIdx)];\n    const b = BASE64_URL_MAP[value.charCodeAt(inIdx + 1)];\n    const c = BASE64_URL_MAP[value.charCodeAt(inIdx + 2)];\n    const d = BASE64_URL_MAP[value.charCodeAt(inIdx + 3)];\n    if (a < 0 || b < 0 || c < 0 || d < 0) {\n      throw new Error('Invalid address encoding');\n    }\n    const triple = (a << 18) | (b << 12) | (c << 6) | d;\n    const byte1 = (triple >> 16) & 0xff;\n    const byte2 = (triple >> 8) & 0xff;\n    const byte3 = triple & 0xff;\n    checksum += byte1;\n    checksum += byte2;\n    checksum += byte3;\n    output[outIdx++] = byte1;\n    output[outIdx++] = byte2;\n    output[outIdx++] = byte3;\n    inIdx += 4;\n    remaining -= 4;\n  }\n\n  const a = BASE64_URL_MAP[value.charCodeAt(inIdx)];\n  const b = BASE64_URL_MAP[value.charCodeAt(inIdx + 1)];\n  const c = BASE64_URL_MAP[value.charCodeAt(inIdx + 2)];\n  const d = BASE64_URL_MAP[value.charCodeAt(inIdx + 3)];\n  if (a < 0 || b < 0 || c < 0 || d < 0) {\n    throw new Error('Invalid address encoding');\n  }\n  const triple = (a << 18) | (b << 12) | (c << 6) | d;\n  const byte1 = (triple >> 16) & 0xff;\n  const byte2 = (triple >> 8) & 0xff;\n  const incomingChecksum = triple & 0xff;\n\n  checksum += byte1;\n  checksum += byte2;\n  output[outIdx++] = byte1;\n  output[outIdx++] = byte2;\n\n  checksum &= 0xff;\n  if (checksum !== incomingChecksum) {\n    throw new Error('Address checksum mismatch');\n  }\n\n  return output;\n}\n\nfunction maskForBits(bits: number): number {\n  return bits === 0 ? 0 : (1 << bits) - 1;\n}\n","import { encodeAddress } from '@thru/helpers';\nimport type { ThruClient, TransactionResult } from './types';\n\nexport async function getStateProof(\n  client: ThruClient,\n  address: string,\n  proofType: number = 1,\n  targetSlot?: bigint\n): Promise<Uint8Array> {\n  const proofRequest: {\n    address: string;\n    proofType: number;\n    targetSlot?: bigint;\n  } = {\n    address,\n    proofType,\n  };\n\n  if (targetSlot !== undefined) {\n    proofRequest.targetSlot = targetSlot;\n  }\n\n  const proof = await client.proofs.generate(proofRequest);\n\n  if (!proof.proof || proof.proof.length === 0) {\n    throw new Error(`No state proof returned for ${address}`);\n  }\n\n  return proof.proof;\n}\n\nexport async function trackTransaction(\n  client: ThruClient,\n  signature: string,\n  timeoutMs: number = 5000\n): Promise<TransactionResult> {\n  try {\n    for await (const update of client.transactions.track(signature, { timeoutMs })) {\n      if (update.executionResult) {\n        return {\n          signature,\n          status: update.executionResult.userErrorCode === 0n ? 'finalized' : 'failed',\n          errorCode: update.executionResult.userErrorCode,\n        };\n      }\n\n      if (update.statusCode === 3) {\n        return {\n          signature,\n          status: 'finalized',\n        };\n      }\n    }\n  } catch {\n    return {\n      signature,\n      status: 'timeout',\n    };\n  }\n\n  return {\n    signature,\n    status: 'timeout',\n  };\n}\n\nexport function toThruAddress(bytes: Uint8Array): string {\n  return encodeAddress(bytes);\n}\n","import {\n  bytesToBase64Url,\n  createValidateChallenge,\n  fetchWalletNonce,\n} from '@thru/passkey-manager';\nimport type { AccountContext } from '@thru/passkey-manager';\nimport type { PasskeyChallengeResult, ThruClient } from './types';\n\nexport async function createPasskeyChallenge(opts: {\n  client: ThruClient;\n  walletAddress: string;\n  accountCtx: AccountContext;\n  invokeIx: Uint8Array;\n}): Promise<PasskeyChallengeResult> {\n  const nonce = await fetchWalletNonce(opts.client, opts.walletAddress);\n  const challenge = await createValidateChallenge(\n    nonce,\n    opts.accountCtx.accountAddresses,\n    opts.invokeIx\n  );\n\n  return {\n    challenge: bytesToBase64Url(challenge),\n    nonce: nonce.toString(),\n  };\n}\n","import {\n  PASSKEY_MANAGER_PROGRAM_ADDRESS,\n  concatenateInstructions,\n  encodeValidateInstruction,\n  hexToBytes,\n} from '@thru/passkey-manager';\nimport type { AccountContext } from '@thru/passkey-manager';\nimport { trackTransaction } from './utils';\nimport type {\n  PasskeySignaturePayload,\n  ThruClient,\n  TransactionResult,\n} from './types';\n\nexport async function submitPasskeyTransaction(opts: {\n  client: ThruClient;\n  adminPublicKey: Uint8Array;\n  adminPrivateKey: string;\n  walletAddress: string;\n  accountCtx: AccountContext;\n  invokeIx: Uint8Array;\n} & PasskeySignaturePayload): Promise<TransactionResult> {\n  const validateIx = encodeValidateInstruction({\n    walletAccountIdx: opts.accountCtx.walletAccountIdx,\n    authIdx: 0,\n    signatureR: hexToBytes(opts.signatureR),\n    signatureS: hexToBytes(opts.signatureS),\n    authenticatorData: Buffer.from(opts.authenticatorData, 'base64'),\n    clientDataJSON: Buffer.from(opts.clientDataJSON, 'base64'),\n  });\n\n  const instructionData = concatenateInstructions([validateIx, opts.invokeIx]);\n  const transaction = await opts.client.transactions.build({\n    feePayer: { publicKey: opts.adminPublicKey },\n    program: PASSKEY_MANAGER_PROGRAM_ADDRESS,\n    instructionData,\n    accounts: {\n      readWrite: opts.accountCtx.readWriteAddresses,\n      readOnly: opts.accountCtx.readOnlyAddresses,\n    },\n    header: { fee: 0n },\n  });\n\n  await transaction.sign(opts.adminPrivateKey);\n  const signature = await opts.client.transactions.send(transaction.toWire());\n  return trackTransaction(opts.client, signature);\n}\n","import type { PasskeyContextResult } from './types';\nimport { createPasskeyChallenge } from './challenge';\nimport { submitPasskeyTransaction } from './submit';\nimport type {\n  PasskeyChallengeSubmitPayload,\n  ThruClient,\n  TransactionResult,\n} from './types';\n\nexport function createPasskeyHandlers<P>(opts: {\n  buildContext: (params: P) => Promise<PasskeyContextResult>;\n  adminPublicKey: Uint8Array;\n  adminPrivateKey: string;\n  client: ThruClient;\n  challengeTtlMs?: number;\n}) {\n  const pendingContexts = new Map<\n    string,\n    { context: PasskeyContextResult; createdAt: number }\n  >();\n  const challengeTtlMs = opts.challengeTtlMs ?? 5 * 60_000;\n\n  function createPendingContextKey(\n    walletAddress: string,\n    nonce: string,\n    challenge: string\n  ): string {\n    return `${walletAddress}:${nonce}:${challenge}`;\n  }\n\n  function prunePendingContexts(now = Date.now()): void {\n    for (const [nonce, entry] of pendingContexts.entries()) {\n      if (now - entry.createdAt > challengeTtlMs) {\n        pendingContexts.delete(nonce);\n      }\n    }\n  }\n\n  return {\n    challenge: async (walletAddress: string, params: P) => {\n      prunePendingContexts();\n\n      const context = await opts.buildContext(params);\n      const challenge = await createPasskeyChallenge({\n        client: opts.client,\n        walletAddress,\n        accountCtx: context.accountCtx,\n        invokeIx: context.invokeIx,\n      });\n\n      pendingContexts.set(\n        createPendingContextKey(walletAddress, challenge.nonce, challenge.challenge),\n        {\n          context,\n          createdAt: Date.now(),\n        }\n      );\n\n      return challenge;\n    },\n    submit: async (\n      walletAddress: string,\n      params: P,\n      payload: PasskeyChallengeSubmitPayload\n    ): Promise<TransactionResult> => {\n      void params;\n      prunePendingContexts();\n\n      const pendingKey = createPendingContextKey(\n        walletAddress,\n        payload.nonce,\n        payload.challenge\n      );\n      const pending = pendingContexts.get(pendingKey);\n      if (!pending) {\n        throw new Error('Missing or expired challenge nonce');\n      }\n\n      pendingContexts.delete(pendingKey);\n      const { nonce: _nonce, challenge: _challenge, ...signaturePayload } = payload;\n\n      return submitPasskeyTransaction({\n        client: opts.client,\n        adminPublicKey: opts.adminPublicKey,\n        adminPrivateKey: opts.adminPrivateKey,\n        walletAddress,\n        accountCtx: pending.context.accountCtx,\n        invokeIx: pending.context.invokeIx,\n        ...signaturePayload,\n      });\n    },\n  };\n}\n"],"mappings":";AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;ACVA,IAAM,sBAAsB;AAEnC,IAAM,UAAU,IAAI,WAAW,GAAG,EAAE,KAAK,EAAE;AAC3C,SAAS,IAAI,GAAG,IAAI,oBAAoB,QAAQ,KAAK;AACjD,UAAQ,oBAAoB,WAAW,CAAC,CAAC,IAAI;AACjD;;;ACHO,SAAS,cAAc,OAA2B;AACvD,MAAI,MAAM,WAAW,IAAI;AACvB,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC5C;AAEA,MAAI,WAAW;AACf,MAAI,cAAc;AAClB,MAAI,gBAAgB;AACpB,QAAM,SAAmB,CAAC,KAAK,GAAG;AAElC,WAAS,IAAI,GAAG,IAAI,IAAI,KAAK;AAC3B,UAAM,OAAO,MAAM,CAAC;AACpB,gBAAY;AACZ,mBAAgB,eAAe,IAAK,UAAU;AAC9C,qBAAiB;AACjB,WAAO,iBAAiB,GAAG;AACzB,YAAM,QAAS,eAAgB,gBAAgB,IAAM;AACrD,aAAO,KAAK,oBAAoB,KAAK,CAAC;AACtC,uBAAiB;AACjB,qBAAe,YAAY,aAAa;AAAA,IAC1C;AAAA,EACF;AAEA,QAAM,aAAa,MAAM,EAAE;AAC3B,cAAY;AACZ,iBAAgB,eAAe,IAAK,gBAAgB;AACpD,mBAAiB;AAEjB,QAAM,OAAO,MAAM,EAAE;AACrB,cAAY;AACZ,iBAAgB,eAAe,IAAK,UAAU;AAC9C,mBAAiB;AAEjB,iBAAgB,eAAe,IAAM,WAAW,SAAW;AAC3D,mBAAiB;AAEjB,SAAO,iBAAiB,GAAG;AACzB,UAAM,QAAS,eAAgB,gBAAgB,IAAM;AACrD,WAAO,KAAK,oBAAoB,KAAK,CAAC;AACtC,qBAAiB;AACjB,mBAAe,YAAY,aAAa;AAAA,EAC1C;AAEA,SAAO,OAAO,KAAK,EAAE;AACvB;AA+DA,SAAS,YAAY,MAAsB;AACzC,SAAO,SAAS,IAAI,KAAK,KAAK,QAAQ;AACxC;;;AC5GA,eAAsB,cACpB,QACA,SACA,YAAoB,GACpB,YACqB;AACrB,QAAM,eAIF;AAAA,IACF;AAAA,IACA;AAAA,EACF;AAEA,MAAI,eAAe,QAAW;AAC5B,iBAAa,aAAa;AAAA,EAC5B;AAEA,QAAM,QAAQ,MAAM,OAAO,OAAO,SAAS,YAAY;AAEvD,MAAI,CAAC,MAAM,SAAS,MAAM,MAAM,WAAW,GAAG;AAC5C,UAAM,IAAI,MAAM,+BAA+B,OAAO,EAAE;AAAA,EAC1D;AAEA,SAAO,MAAM;AACf;AAEA,eAAsB,iBACpB,QACA,WACA,YAAoB,KACQ;AAC5B,MAAI;AACF,qBAAiB,UAAU,OAAO,aAAa,MAAM,WAAW,EAAE,UAAU,CAAC,GAAG;AAC9E,UAAI,OAAO,iBAAiB;AAC1B,eAAO;AAAA,UACL;AAAA,UACA,QAAQ,OAAO,gBAAgB,kBAAkB,KAAK,cAAc;AAAA,UACpE,WAAW,OAAO,gBAAgB;AAAA,QACpC;AAAA,MACF;AAEA,UAAI,OAAO,eAAe,GAAG;AAC3B,eAAO;AAAA,UACL;AAAA,UACA,QAAQ;AAAA,QACV;AAAA,MACF;AAAA,IACF;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,MACL;AAAA,MACA,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA,QAAQ;AAAA,EACV;AACF;AAEO,SAAS,cAAc,OAA2B;AACvD,SAAO,cAAc,KAAK;AAC5B;;;AHtDA,eAAsB,oBAAoB,MAS+B;AACvE,QAAM,aAAa,KAAK,cAAc;AACtC,QAAM,OAAO,MAAM,iBAAiB,YAAY,KAAK,SAAS,KAAK,OAAO;AAC1E,QAAM,cAAc,MAAM,oBAAoB,MAAM,+BAA+B;AACnF,QAAM,gBAAgB,cAAc,WAAW;AAE/C,MAAI,eAAe;AACnB,MAAI;AACF,UAAM,KAAK,OAAO,SAAS,IAAI,aAAa;AAC5C,mBAAe;AAAA,EACjB,QAAQ;AACN,mBAAe;AAAA,EACjB;AAEA,MAAI,CAAC,cAAc;AACjB,UAAM,aAAa,MAAM,cAAc,KAAK,QAAQ,aAAa;AACjE,UAAM,aAAa,oBAAoB;AAAA,MACrC;AAAA,MACA,mBAAmB,CAAC;AAAA,MACpB,kBAAkB,CAAC;AAAA,MACnB,iBAAiB,KAAK;AAAA,MACtB,gBAAgB;AAAA,IAClB,CAAC;AAED,UAAM,WAAW,wBAAwB;AAAA,MACvC,kBAAkB,WAAW;AAAA,MAC7B,WAAW;AAAA,QACT,KAAK;AAAA,QACL,SAAS,KAAK;AAAA,QACd,SAAS,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAED,UAAM,cAAc,MAAM,KAAK,OAAO,aAAa,MAAM;AAAA,MACvD,UAAU,EAAE,WAAW,KAAK,eAAe;AAAA,MAC3C,SAAS;AAAA,MACT,iBAAiB;AAAA,MACjB,UAAU;AAAA,QACR,WAAW,CAAC,aAAa;AAAA,QACzB,UAAU,CAAC;AAAA,MACb;AAAA,MACA,QAAQ,EAAE,KAAK,GAAG;AAAA,IACpB,CAAC;AAED,UAAM,YAAY,KAAK,KAAK,eAAe;AAC3C,UAAM,YAAY,MAAM,KAAK,OAAO,aAAa,KAAK,YAAY,OAAO,CAAC;AAC1E,UAAM,SAAS,MAAM,iBAAiB,KAAK,QAAQ,WAAW,GAAK;AACnE,QAAI,OAAO,WAAW,aAAa;AACjC,YAAM,IAAI;AAAA,QACR,2CAA2C,OAAO,aAAa,SAAS;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACJ,MAAI,KAAK,cAAc;AACrB,UAAM,oBAAoB,iBAAiB,KAAK,YAAY;AAC5D,UAAM,qBAAqB,MAAM;AAAA,MAC/B;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,8BAA0B,cAAc,kBAAkB;AAE1D,QAAI,eAAe;AACnB,QAAI;AACF,YAAM,KAAK,OAAO,SAAS,IAAI,uBAAuB;AACtD,qBAAe;AAAA,IACjB,QAAQ;AACN,qBAAe;AAAA,IACjB;AAEA,QAAI,CAAC,cAAc;AACjB,UAAI;AACF,cAAM,WAAW,MAAM,2BAA2B,mBAAmB,UAAU;AAC/E,cAAM,aAAa,MAAM,cAAc,KAAK,QAAQ,uBAAuB;AAC3E,cAAM,aAAa,oBAAoB;AAAA,UACrC;AAAA,UACA,mBAAmB,CAAC,kBAAkB;AAAA,UACtC,kBAAkB,CAAC;AAAA,UACnB,iBAAiB,KAAK;AAAA,UACtB,gBAAgB;AAAA,QAClB,CAAC;AAED,cAAM,aAAa,oCAAoC;AAAA,UACrD,kBAAkB,WAAW;AAAA,UAC7B,kBAAkB,WAAW,gBAAgB,kBAAkB;AAAA,UAC/D,MAAM;AAAA,UACN;AAAA,QACF,CAAC;AAED,cAAM,cAAc,MAAM,KAAK,OAAO,aAAa,MAAM;AAAA,UACvD,UAAU,EAAE,WAAW,KAAK,eAAe;AAAA,UAC3C,SAAS;AAAA,UACT,iBAAiB;AAAA,UACjB,UAAU;AAAA,YACR,WAAW,CAAC,eAAe,uBAAuB;AAAA,YAClD,UAAU,CAAC;AAAA,UACb;AAAA,UACA,QAAQ,EAAE,KAAK,GAAG;AAAA,QACpB,CAAC;AAED,cAAM,YAAY,KAAK,KAAK,eAAe;AAC3C,cAAM,YAAY,MAAM,KAAK,OAAO,aAAa,KAAK,YAAY,OAAO,CAAC;AAC1E,cAAM,SAAS,MAAM,iBAAiB,KAAK,QAAQ,WAAW,GAAK;AACnE,YAAI,OAAO,WAAW,aAAa;AACjC,gBAAM,IAAI;AAAA,YACR,+CAA+C,OAAO,MAAM,GAC1D,OAAO,cAAc,SAAY,iBAAiB,OAAO,SAAS,MAAM,EAC1E;AAAA,UACF;AAAA,QACF;AAAA,MACF,SAAS,OAAO;AACd,gBAAQ,KAAK,+CAA+C,KAAK;AAAA,MACnE;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;;;AIpJA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAIP,eAAsB,uBAAuB,MAKT;AAClC,QAAM,QAAQ,MAAM,iBAAiB,KAAK,QAAQ,KAAK,aAAa;AACpE,QAAM,YAAY,MAAM;AAAA,IACtB;AAAA,IACA,KAAK,WAAW;AAAA,IAChB,KAAK;AAAA,EACP;AAEA,SAAO;AAAA,IACL,WAAW,iBAAiB,SAAS;AAAA,IACrC,OAAO,MAAM,SAAS;AAAA,EACxB;AACF;;;ACzBA;AAAA,EACE,mCAAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA,cAAAC;AAAA,OACK;AASP,eAAsB,yBAAyB,MAOU;AACvD,QAAM,aAAa,0BAA0B;AAAA,IAC3C,kBAAkB,KAAK,WAAW;AAAA,IAClC,SAAS;AAAA,IACT,YAAYC,YAAW,KAAK,UAAU;AAAA,IACtC,YAAYA,YAAW,KAAK,UAAU;AAAA,IACtC,mBAAmB,OAAO,KAAK,KAAK,mBAAmB,QAAQ;AAAA,IAC/D,gBAAgB,OAAO,KAAK,KAAK,gBAAgB,QAAQ;AAAA,EAC3D,CAAC;AAED,QAAM,kBAAkB,wBAAwB,CAAC,YAAY,KAAK,QAAQ,CAAC;AAC3E,QAAM,cAAc,MAAM,KAAK,OAAO,aAAa,MAAM;AAAA,IACvD,UAAU,EAAE,WAAW,KAAK,eAAe;AAAA,IAC3C,SAASC;AAAA,IACT;AAAA,IACA,UAAU;AAAA,MACR,WAAW,KAAK,WAAW;AAAA,MAC3B,UAAU,KAAK,WAAW;AAAA,IAC5B;AAAA,IACA,QAAQ,EAAE,KAAK,GAAG;AAAA,EACpB,CAAC;AAED,QAAM,YAAY,KAAK,KAAK,eAAe;AAC3C,QAAM,YAAY,MAAM,KAAK,OAAO,aAAa,KAAK,YAAY,OAAO,CAAC;AAC1E,SAAO,iBAAiB,KAAK,QAAQ,SAAS;AAChD;;;ACrCO,SAAS,sBAAyB,MAMtC;AACD,QAAM,kBAAkB,oBAAI,IAG1B;AACF,QAAM,iBAAiB,KAAK,kBAAkB,IAAI;AAElD,WAAS,wBACP,eACA,OACA,WACQ;AACR,WAAO,GAAG,aAAa,IAAI,KAAK,IAAI,SAAS;AAAA,EAC/C;AAEA,WAAS,qBAAqB,MAAM,KAAK,IAAI,GAAS;AACpD,eAAW,CAAC,OAAO,KAAK,KAAK,gBAAgB,QAAQ,GAAG;AACtD,UAAI,MAAM,MAAM,YAAY,gBAAgB;AAC1C,wBAAgB,OAAO,KAAK;AAAA,MAC9B;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,WAAW,OAAO,eAAuB,WAAc;AACrD,2BAAqB;AAErB,YAAM,UAAU,MAAM,KAAK,aAAa,MAAM;AAC9C,YAAM,YAAY,MAAM,uBAAuB;AAAA,QAC7C,QAAQ,KAAK;AAAA,QACb;AAAA,QACA,YAAY,QAAQ;AAAA,QACpB,UAAU,QAAQ;AAAA,MACpB,CAAC;AAED,sBAAgB;AAAA,QACd,wBAAwB,eAAe,UAAU,OAAO,UAAU,SAAS;AAAA,QAC3E;AAAA,UACE;AAAA,UACA,WAAW,KAAK,IAAI;AAAA,QACtB;AAAA,MACF;AAEA,aAAO;AAAA,IACT;AAAA,IACA,QAAQ,OACN,eACA,QACA,YAC+B;AAC/B,WAAK;AACL,2BAAqB;AAErB,YAAM,aAAa;AAAA,QACjB;AAAA,QACA,QAAQ;AAAA,QACR,QAAQ;AAAA,MACV;AACA,YAAM,UAAU,gBAAgB,IAAI,UAAU;AAC9C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,oCAAoC;AAAA,MACtD;AAEA,sBAAgB,OAAO,UAAU;AACjC,YAAM,EAAE,OAAO,QAAQ,WAAW,YAAY,GAAG,iBAAiB,IAAI;AAEtE,aAAO,yBAAyB;AAAA,QAC9B,QAAQ,KAAK;AAAA,QACb,gBAAgB,KAAK;AAAA,QACrB,iBAAiB,KAAK;AAAA,QACtB;AAAA,QACA,YAAY,QAAQ,QAAQ;AAAA,QAC5B,UAAU,QAAQ,QAAQ;AAAA,QAC1B,GAAG;AAAA,MACL,CAAC;AAAA,IACH;AAAA,EACF;AACF;","names":["PASSKEY_MANAGER_PROGRAM_ADDRESS","hexToBytes","hexToBytes","PASSKEY_MANAGER_PROGRAM_ADDRESS"]}

package/dist/types-_HRzmn-j.d.cts

@@ -0,0 +1,125 @@
+import { PasskeySigningResult, PasskeyMetadata } from '@thru/passkey-manager';
+
+/**
+ * Signing result with stored passkey metadata attached.
+ */
+interface PasskeyStoredSigningResult extends PasskeySigningResult {
+    passkey: PasskeyMetadata;
+    accounts?: PasskeyPopupAccount[];
+}
+/**
+ * WebAuthn client capabilities map.
+ */
+interface PasskeyClientCapabilities {
+    conditionalCreate?: boolean;
+    conditionalGet?: boolean;
+    credentialProtectionPolicy?: boolean;
+    credProps?: boolean;
+    minPinLength?: boolean;
+    multiFactor?: boolean;
+    passkeyPlatformAuthenticator?: boolean;
+    largeBlob?: boolean;
+    rpId?: boolean;
+    userVerifyingPlatformAuthenticator?: boolean;
+    relatedOrigins?: boolean;
+}
+/**
+ * Context sent to popup for display purposes.
+ */
+interface PasskeyPopupContext {
+    appId?: string;
+    appName?: string;
+    appUrl?: string;
+    origin?: string;
+    imageUrl?: string;
+}
+/**
+ * Account info passed through popup bridge.
+ */
+interface PasskeyPopupAccount {
+    index: number;
+    label?: string;
+    publicKey: string;
+    path?: string;
+    createdAt?: string;
+    addressType?: string;
+    publicKeyRawBase64?: string;
+}
+type PasskeyPopupAction = 'get' | 'create' | 'getStored';
+interface PasskeyPopupGetRequestPayload {
+    credentialId: string;
+    challengeBase64Url: string;
+    rpId: string;
+}
+interface PasskeyPopupCreateRequestPayload {
+    alias: string;
+    userId: string;
+    rpId: string;
+}
+interface PasskeyPopupGetStoredRequestPayload {
+    challengeBase64Url: string;
+    context?: PasskeyPopupContext;
+}
+type PasskeyPopupRequestPayload = PasskeyPopupGetRequestPayload | PasskeyPopupCreateRequestPayload | PasskeyPopupGetStoredRequestPayload;
+interface PasskeyPopupRequest {
+    type: string;
+    requestId: string;
+    action: PasskeyPopupAction;
+    payload: PasskeyPopupRequestPayload;
+}
+interface PasskeyPopupSigningResult {
+    signatureBase64Url: string;
+    authenticatorDataBase64Url: string;
+    clientDataJSONBase64Url: string;
+    signatureRBase64Url: string;
+    signatureSBase64Url: string;
+}
+interface PasskeyPopupStoredPasskey {
+    credentialId: string;
+    publicKeyX: string;
+    publicKeyY: string;
+    rpId: string;
+    label?: string;
+    createdAt: string;
+    lastUsedAt: string;
+}
+interface PasskeyPopupStoredSigningResult extends PasskeyPopupSigningResult {
+    passkey: PasskeyPopupStoredPasskey;
+    accounts?: PasskeyPopupAccount[];
+}
+interface PasskeyPopupRegistrationResult {
+    credentialId: string;
+    publicKeyX: string;
+    publicKeyY: string;
+    rpId: string;
+}
+type PasskeyPopupResponse = {
+    type: string;
+    requestId: string;
+    action: 'get';
+    success: true;
+    result: PasskeyPopupSigningResult;
+} | {
+    type: string;
+    requestId: string;
+    action: 'create';
+    success: true;
+    result: PasskeyPopupRegistrationResult;
+} | {
+    type: string;
+    requestId: string;
+    action: 'getStored';
+    success: true;
+    result: PasskeyPopupStoredSigningResult;
+} | {
+    type: string;
+    requestId: string;
+    action: PasskeyPopupAction;
+    success: false;
+    error: {
+        name?: string;
+        message: string;
+    };
+};
+
+export type { PasskeyStoredSigningResult as P, PasskeyClientCapabilities as a, PasskeyPopupContext as b, PasskeyPopupAccount as c, PasskeyPopupAction as d, PasskeyPopupGetRequestPayload as e, PasskeyPopupCreateRequestPayload as f, PasskeyPopupGetStoredRequestPayload as g, PasskeyPopupRequestPayload as h, PasskeyPopupRequest as i, PasskeyPopupSigningResult as j, PasskeyPopupStoredPasskey as k, PasskeyPopupStoredSigningResult as l, PasskeyPopupRegistrationResult as m, PasskeyPopupResponse as n };

package/dist/types-_HRzmn-j.d.ts

@@ -0,0 +1,125 @@
+import { PasskeySigningResult, PasskeyMetadata } from '@thru/passkey-manager';
+
+/**
+ * Signing result with stored passkey metadata attached.
+ */
+interface PasskeyStoredSigningResult extends PasskeySigningResult {
+    passkey: PasskeyMetadata;
+    accounts?: PasskeyPopupAccount[];
+}
+/**
+ * WebAuthn client capabilities map.
+ */
+interface PasskeyClientCapabilities {
+    conditionalCreate?: boolean;
+    conditionalGet?: boolean;
+    credentialProtectionPolicy?: boolean;
+    credProps?: boolean;
+    minPinLength?: boolean;
+    multiFactor?: boolean;
+    passkeyPlatformAuthenticator?: boolean;
+    largeBlob?: boolean;
+    rpId?: boolean;
+    userVerifyingPlatformAuthenticator?: boolean;
+    relatedOrigins?: boolean;
+}
+/**
+ * Context sent to popup for display purposes.
+ */
+interface PasskeyPopupContext {
+    appId?: string;
+    appName?: string;
+    appUrl?: string;
+    origin?: string;
+    imageUrl?: string;
+}
+/**
+ * Account info passed through popup bridge.
+ */
+interface PasskeyPopupAccount {
+    index: number;
+    label?: string;
+    publicKey: string;
+    path?: string;
+    createdAt?: string;
+    addressType?: string;
+    publicKeyRawBase64?: string;
+}
+type PasskeyPopupAction = 'get' | 'create' | 'getStored';
+interface PasskeyPopupGetRequestPayload {
+    credentialId: string;
+    challengeBase64Url: string;
+    rpId: string;
+}
+interface PasskeyPopupCreateRequestPayload {
+    alias: string;
+    userId: string;
+    rpId: string;
+}
+interface PasskeyPopupGetStoredRequestPayload {
+    challengeBase64Url: string;
+    context?: PasskeyPopupContext;
+}
+type PasskeyPopupRequestPayload = PasskeyPopupGetRequestPayload | PasskeyPopupCreateRequestPayload | PasskeyPopupGetStoredRequestPayload;
+interface PasskeyPopupRequest {
+    type: string;
+    requestId: string;
+    action: PasskeyPopupAction;
+    payload: PasskeyPopupRequestPayload;
+}
+interface PasskeyPopupSigningResult {
+    signatureBase64Url: string;
+    authenticatorDataBase64Url: string;
+    clientDataJSONBase64Url: string;
+    signatureRBase64Url: string;
+    signatureSBase64Url: string;
+}
+interface PasskeyPopupStoredPasskey {
+    credentialId: string;
+    publicKeyX: string;
+    publicKeyY: string;
+    rpId: string;
+    label?: string;
+    createdAt: string;
+    lastUsedAt: string;
+}
+interface PasskeyPopupStoredSigningResult extends PasskeyPopupSigningResult {
+    passkey: PasskeyPopupStoredPasskey;
+    accounts?: PasskeyPopupAccount[];
+}
+interface PasskeyPopupRegistrationResult {
+    credentialId: string;
+    publicKeyX: string;
+    publicKeyY: string;
+    rpId: string;
+}
+type PasskeyPopupResponse = {
+    type: string;
+    requestId: string;
+    action: 'get';
+    success: true;
+    result: PasskeyPopupSigningResult;
+} | {
+    type: string;
+    requestId: string;
+    action: 'create';
+    success: true;
+    result: PasskeyPopupRegistrationResult;
+} | {
+    type: string;
+    requestId: string;
+    action: 'getStored';
+    success: true;
+    result: PasskeyPopupStoredSigningResult;
+} | {
+    type: string;
+    requestId: string;
+    action: PasskeyPopupAction;
+    success: false;
+    error: {
+        name?: string;
+        message: string;
+    };
+};
+
+export type { PasskeyStoredSigningResult as P, PasskeyClientCapabilities as a, PasskeyPopupContext as b, PasskeyPopupAccount as c, PasskeyPopupAction as d, PasskeyPopupGetRequestPayload as e, PasskeyPopupCreateRequestPayload as f, PasskeyPopupGetStoredRequestPayload as g, PasskeyPopupRequestPayload as h, PasskeyPopupRequest as i, PasskeyPopupSigningResult as j, PasskeyPopupStoredPasskey as k, PasskeyPopupStoredSigningResult as l, PasskeyPopupRegistrationResult as m, PasskeyPopupResponse as n };