@thru/passkey 0.2.13 → 0.2.14

package/dist/index.js

@@ -1,809 +1,48 @@
-// src/register.ts
-import { arrayBufferToBase64Url, bytesToHex } from "@thru/passkey-manager";
-
-// src/capabilities.ts
-var DEBUG = typeof process !== "undefined" && process.env?.NEXT_PUBLIC_PASSKEY_DEBUG === "1";
-var cachedClientCapabilities;
-var clientCapabilitiesPromise = null;
-function isWebAuthnSupported() {
-  const supported = typeof window !== "undefined" && typeof window.PublicKeyCredential !== "undefined" && typeof navigator.credentials !== "undefined";
-  if (DEBUG) {
-    console.log("[Passkey] WebAuthn support check:", {
-      window: typeof window !== "undefined",
-      PublicKeyCredential: typeof window !== "undefined" && typeof window.PublicKeyCredential !== "undefined",
-      credentials: typeof window !== "undefined" && typeof navigator !== "undefined" && typeof navigator.credentials !== "undefined",
-      supported
-    });
-  }
-  return supported;
-}
-async function fetchPasskeyClientCapabilities() {
-  if (typeof window === "undefined" || typeof window.PublicKeyCredential === "undefined") {
-    return null;
-  }
-  const getClientCapabilities = window.PublicKeyCredential.getClientCapabilities;
-  if (typeof getClientCapabilities !== "function") {
-    return null;
-  }
-  try {
-    const capabilities = await getClientCapabilities.call(window.PublicKeyCredential);
-    if (DEBUG) {
-      console.log("[Passkey] WebAuthn client capabilities:", capabilities);
-    }
-    return capabilities ?? null;
-  } catch (error) {
-    if (DEBUG) {
-      console.warn("[Passkey] Failed to read client capabilities:", error);
-    }
-    return null;
-  }
-}
-function preloadPasskeyClientCapabilities() {
-  if (cachedClientCapabilities !== void 0 || clientCapabilitiesPromise) {
-    return;
-  }
-  clientCapabilitiesPromise = fetchPasskeyClientCapabilities().then((capabilities) => {
-    cachedClientCapabilities = capabilities;
-    return capabilities;
-  });
-}
-async function getPasskeyClientCapabilities() {
-  if (cachedClientCapabilities !== void 0) {
-    return cachedClientCapabilities;
-  }
-  if (!clientCapabilitiesPromise) {
-    preloadPasskeyClientCapabilities();
-  }
-  if (!clientCapabilitiesPromise) {
-    cachedClientCapabilities = null;
-    return null;
-  }
-  const capabilities = await clientCapabilitiesPromise;
-  cachedClientCapabilities = capabilities;
-  return capabilities;
-}
-function getCachedPasskeyClientCapabilities() {
-  return cachedClientCapabilities;
-}
-function isInIframe() {
-  if (typeof window === "undefined") {
-    return false;
-  }
-  try {
-    return window.self !== window.top;
-  } catch {
-    return true;
-  }
-}
-async function shouldUsePasskeyPopup(action) {
-  if (!isInIframe()) {
-    return false;
-  }
-  const mode = await getPasskeyPromptMode(action);
-  return mode === "popup";
-}
-function getPermissionsPolicyAllowsFeature(feature) {
-  if (typeof document === "undefined") {
-    return null;
-  }
-  const policy = document.permissionsPolicy;
-  const featurePolicy = document.featurePolicy;
-  const allowsFeature = policy?.allowsFeature || featurePolicy?.allowsFeature;
-  if (typeof allowsFeature !== "function") {
-    return null;
-  }
-  try {
-    return allowsFeature(feature);
-  } catch {
-    return null;
-  }
-}
-function getCachedPromptMode(action) {
-  if (!isInIframe()) {
-    return "inline";
-  }
-  if (cachedClientCapabilities === void 0 && !clientCapabilitiesPromise) {
-    preloadPasskeyClientCapabilities();
-  }
-  const feature = action === "create" ? "publickey-credentials-create" : "publickey-credentials-get";
-  const policyAllows = getPermissionsPolicyAllowsFeature(feature);
-  const capabilities = getCachedPasskeyClientCapabilities();
-  const supportsInline = capabilities?.passkeyPlatformAuthenticator === true || capabilities?.userVerifyingPlatformAuthenticator === true;
-  if (policyAllows === false) {
-    return "popup";
-  }
-  if (capabilities === void 0) {
-    return "unknown";
-  }
-  if (!supportsInline) {
-    return "popup";
-  }
-  return "inline";
-}
-async function getPasskeyPromptMode(action) {
-  if (!isInIframe()) {
-    return "inline";
-  }
-  const feature = action === "create" ? "publickey-credentials-create" : "publickey-credentials-get";
-  const policyAllows = getPermissionsPolicyAllowsFeature(feature);
-  const capabilities = await getPasskeyClientCapabilities();
-  const supportsInline = capabilities?.passkeyPlatformAuthenticator === true || capabilities?.userVerifyingPlatformAuthenticator === true;
-  if (DEBUG) {
-    console.log("[Passkey] Prompt mode check:", {
-      action,
-      policyAllows,
-      supportsInline,
-      capabilities
-    });
-  }
-  if (!supportsInline) {
-    return "popup";
-  }
-  if (policyAllows === false) {
-    return "popup";
-  }
-  return "inline";
-}
-function maybePreopenPopup(action, openPopupFn) {
-  const cachedMode = getCachedPromptMode(action);
-  if (cachedMode !== "popup") {
-    return null;
-  }
-  try {
-    return openPopupFn();
-  } catch {
-    return null;
-  }
-}
-function shouldFallbackToPopup(error) {
-  if (!isInIframe()) {
-    return false;
-  }
-  const name = error && typeof error === "object" && "name" in error ? String(error.name) : "";
-  const message = error && typeof error === "object" && "message" in error ? String(error.message) : "";
-  const normalized = `${name} ${message}`.toLowerCase();
-  if (normalized.includes("cancel") || normalized.includes("canceled") || normalized.includes("cancelled") || normalized.includes("user canceled") || normalized.includes("user cancelled") || normalized.includes("aborted")) {
-    return false;
-  }
-  if (normalized.includes("securityerror")) {
-    return true;
-  }
-  if (normalized.includes("notallowederror")) {
-    if (normalized.includes("permission") || normalized.includes("policy") || normalized.includes("iframe") || normalized.includes("frame")) {
-      return true;
-    }
-  }
-  return false;
-}
-
-// src/popup.ts
-var PASSKEY_POPUP_PATH = "/passkey/popup";
-var PASSKEY_POPUP_READY_EVENT = "thru:passkey-popup-ready";
-var PASSKEY_POPUP_REQUEST_EVENT = "thru:passkey-popup-request";
-var PASSKEY_POPUP_RESPONSE_EVENT = "thru:passkey-popup-response";
-var PASSKEY_POPUP_CHANNEL = "thru:passkey-popup-channel";
-var PASSKEY_POPUP_TIMEOUT_MS = 6e4;
-function closePopup(popup) {
-  if (popup && !popup.closed) {
-    popup.close();
-  }
-}
-function openPasskeyPopupWindow() {
-  const popupUrl = new URL(PASSKEY_POPUP_PATH, window.location.origin).toString();
-  const popup = window.open(
-    popupUrl,
-    "thru_passkey_popup",
-    "popup=yes,width=440,height=640"
-  );
-  if (!popup) {
-    throw new Error("Passkey popup was blocked");
-  }
-  return popup;
-}
-function createPopupRequestId() {
-  const rand = Math.random().toString(36).slice(2, 10);
-  return `passkey_${Date.now()}_${rand}`;
-}
-async function requestPasskeyPopup(action, payload, preopenedPopup) {
-  if (typeof window === "undefined") {
-    throw new Error("Passkey popup is only available in the browser");
-  }
-  const requestId = createPopupRequestId();
-  const targetOrigin = window.location.origin;
-  let popup = preopenedPopup ?? null;
-  const channel = typeof BroadcastChannel !== "undefined" ? new BroadcastChannel(PASSKEY_POPUP_CHANNEL) : null;
-  return new Promise((resolve, reject) => {
-    let timeout = null;
-    let closePoll = null;
-    let requestSent = false;
-    const cleanup = () => {
-      if (timeout) {
-        clearTimeout(timeout);
-        timeout = null;
-      }
-      if (closePoll) {
-        clearInterval(closePoll);
-        closePoll = null;
-      }
-      window.removeEventListener("message", handleMessage);
-      if (channel) {
-        channel.removeEventListener("message", handleChannelMessage);
-        channel.close();
-      }
-    };
-    const sendRequest = (viaChannel) => {
-      if (requestSent) {
-        return;
-      }
-      requestSent = true;
-      const request = {
-        type: PASSKEY_POPUP_REQUEST_EVENT,
-        requestId,
-        action,
-        payload
-      };
-      if (viaChannel) {
-        channel?.postMessage(request);
-        return;
-      }
-      popup?.postMessage(request, targetOrigin);
-    };
-    const handleResponse = (data) => {
-      if (data.requestId !== requestId) {
-        return;
-      }
-      cleanup();
-      if (popup && !popup.closed) {
-        popup.close();
-      }
-      if (data.success) {
-        resolve(data.result);
-      } else {
-        const err = new Error(data.error?.message || "Passkey popup failed");
-        if (data.error?.name) {
-          err.name = data.error.name;
-        }
-        reject(err);
-      }
-    };
-    const handleMessage = (event) => {
-      if (event.origin !== targetOrigin) {
-        return;
-      }
-      const data = event.data;
-      if (!data || typeof data !== "object") {
-        return;
-      }
-      if (data.type === PASSKEY_POPUP_READY_EVENT) {
-        if (popup && event.source !== popup) {
-          return;
-        }
-        sendRequest(false);
-        return;
-      }
-      if (data.type === PASSKEY_POPUP_RESPONSE_EVENT && "requestId" in data) {
-        handleResponse(data);
-      }
-    };
-    window.addEventListener("message", handleMessage);
-    const handleChannelMessage = (event) => {
-      const data = event.data;
-      if (!data || typeof data !== "object") {
-        return;
-      }
-      if (data.type === PASSKEY_POPUP_READY_EVENT) {
-        sendRequest(true);
-        return;
-      }
-      if (data.type === PASSKEY_POPUP_RESPONSE_EVENT && "requestId" in data) {
-        handleResponse(data);
-      }
-    };
-    if (channel) {
-      channel.addEventListener("message", handleChannelMessage);
-    }
-    if (!popup) {
-      try {
-        popup = openPasskeyPopupWindow();
-      } catch (error) {
-        cleanup();
-        reject(error);
-        return;
-      }
-    }
-    timeout = setTimeout(() => {
-      cleanup();
-      try {
-        popup?.close();
-      } catch {
-      }
-      reject(new Error("Passkey popup timed out"));
-    }, PASSKEY_POPUP_TIMEOUT_MS);
-    closePoll = setInterval(() => {
-      if (popup && popup.closed) {
-        cleanup();
-        reject(new Error("Passkey popup was closed"));
-      }
-    }, 250);
-  });
-}
-
-// src/register.ts
-async function registerPasskey(alias, userId, rpId) {
-  if (!isWebAuthnSupported()) {
-    throw new Error("WebAuthn is not supported in this browser");
-  }
-  return runWithPromptMode(
-    "create",
-    () => registerPasskeyInline(alias, userId, rpId),
-    (preopenedPopup) => registerPasskeyViaPopup(alias, userId, rpId, preopenedPopup)
-  );
-}
-async function runWithPromptMode(action, inlineFn, popupFn) {
-  const preopenedPopup = maybePreopenPopup(action, openPasskeyPopupWindow);
-  const promptMode = await getPasskeyPromptMode(action);
-  if (promptMode === "popup") {
-    return popupFn(preopenedPopup);
-  }
-  closePopup(preopenedPopup);
-  try {
-    return await inlineFn();
-  } catch (error) {
-    if (shouldFallbackToPopup(error)) {
-      return popupFn();
-    }
-    throw error;
-  }
-}
-async function registerPasskeyInline(alias, userId, rpId) {
-  const rpName = "Thru Wallet";
-  const userIdBytes = new TextEncoder().encode(userId);
-  const userIdBuffer = userIdBytes.slice(0, 64);
-  const challenge = crypto.getRandomValues(new Uint8Array(32));
-  const createOptions = {
-    challenge,
-    rp: {
-      id: rpId,
-      name: rpName
-    },
-    user: {
-      id: userIdBuffer,
-      name: alias,
-      displayName: alias
-    },
-    pubKeyCredParams: [
-      { type: "public-key", alg: -7 }
-    ],
-    authenticatorSelection: {
-      authenticatorAttachment: "platform",
-      userVerification: "required",
-      residentKey: "required",
-      requireResidentKey: true
-    },
-    attestation: "none",
-    timeout: 6e4
-  };
-  const credential = await navigator.credentials.create({
-    publicKey: createOptions
-  });
-  if (!credential) {
-    throw new Error("Passkey registration was cancelled");
-  }
-  const response = credential.response;
-  const { x, y } = extractP256PublicKey(response);
-  return {
-    credentialId: arrayBufferToBase64Url(credential.rawId),
-    publicKeyX: bytesToHex(x),
-    publicKeyY: bytesToHex(y),
-    rpId
-  };
-}
-async function registerPasskeyViaPopup(alias, userId, rpId, preopenedPopup) {
-  const result = await requestPasskeyPopup(
-    "create",
-    { alias, userId, rpId },
-    preopenedPopup
-  );
-  return result;
-}
-function extractP256PublicKey(response) {
-  if (typeof response.getPublicKey === "function") {
-    const spkiKey = response.getPublicKey();
-    if (spkiKey) {
-      return extractFromSpki(new Uint8Array(spkiKey));
-    }
-  }
-  if (typeof response.getAuthenticatorData === "function") {
-    const authData = new Uint8Array(response.getAuthenticatorData());
-    return extractFromAuthenticatorData(authData);
-  }
-  throw new Error("Unable to extract public key: browser does not support required WebAuthn methods");
-}
-function extractFromSpki(spki) {
-  const pointStart = spki.length - 65;
-  if (spki[pointStart] !== 4) {
-    throw new Error("Invalid SPKI format: expected uncompressed point");
-  }
-  const x = spki.slice(pointStart + 1, pointStart + 33);
-  const y = spki.slice(pointStart + 33, pointStart + 65);
-  if (x.length !== 32 || y.length !== 32) {
-    throw new Error("Invalid SPKI format: incorrect coordinate length");
-  }
-  return { x, y };
-}
-function extractFromAuthenticatorData(authData) {
-  const rpIdHashLength = 32;
-  const flagsLength = 1;
-  const counterLength = 4;
-  const offset = rpIdHashLength + flagsLength + counterLength;
-  const aaguidLength = 16;
-  const credIdLenOffset = offset + aaguidLength;
-  const credIdLength = authData[credIdLenOffset] << 8 | authData[credIdLenOffset + 1];
-  const coseKeyOffset = credIdLenOffset + 2 + credIdLength;
-  const coseKey = authData.slice(coseKeyOffset);
-  return extractFromCoseKey(coseKey);
-}
-function extractFromCoseKey(coseKey) {
-  const mapStart = coseKey[0];
-  if (mapStart !== 165 && mapStart !== 164) {
-    throw new Error("Invalid COSE key format");
-  }
-  let offset = 1;
-  let x = null;
-  let y = null;
-  while (offset < coseKey.length) {
-    const key = coseKey[offset++];
-    const valueType = coseKey[offset++];
-    if (key === 33) {
-      const length = valueType & 31;
-      x = coseKey.slice(offset, offset + length);
-      offset += length;
-      continue;
-    }
-    if (key === 34) {
-      const length = valueType & 31;
-      y = coseKey.slice(offset, offset + length);
-      offset += length;
-      continue;
-    }
-    if (valueType >= 64 && valueType <= 95) {
-      const length = valueType & 31;
-      offset += length;
-      continue;
-    }
-    if (valueType === 1 || valueType === 2 || valueType === 3) {
-      continue;
-    }
-    if (valueType >= 24 && valueType <= 27) {
-      const size = 1 << valueType - 24;
-      offset += size;
-      continue;
-    }
-  }
-  if (!x || !y) {
-    throw new Error("Failed to extract P-256 public key from COSE data");
-  }
-  if (x.length !== 32 || y.length !== 32) {
-    throw new Error("Invalid COSE key: incorrect coordinate length");
-  }
-  return { x, y };
-}
-
-// src/sign.ts
 import {
-  arrayBufferToBase64Url as arrayBufferToBase64Url2,
+  P256_HALF_N,
+  P256_N,
+  arrayBufferToBase64Url,
   base64UrlToArrayBuffer,
-  bytesToBase64Url,
   base64UrlToBytes,
-  parseDerSignature,
-  normalizeLowS
-} from "@thru/passkey-manager";
-async function signWithPasskey(credentialId, challenge, rpId) {
-  if (!isWebAuthnSupported()) {
-    throw new Error("WebAuthn is not supported in this browser");
-  }
-  return runWithPromptMode2(
-    "get",
-    () => signWithPasskeyInline(credentialId, challenge, rpId),
-    (preopenedPopup) => signWithPasskeyViaPopup(credentialId, challenge, rpId, preopenedPopup)
-  );
-}
-async function signWithStoredPasskey(challenge, rpId, preferredPasskey, allPasskeys, context) {
-  if (!isWebAuthnSupported()) {
-    throw new Error("WebAuthn is not supported in this browser");
-  }
-  const preopenedPopup = maybePreopenPopup("get", openPasskeyPopupWindow);
-  const promptMode = await getPasskeyPromptMode("get");
-  const storedPasskey = preferredPasskey;
-  const canUsePopup = isInIframe();
-  if (promptMode === "popup" || canUsePopup && !storedPasskey) {
-    return requestStoredPasskeyPopup(challenge, preopenedPopup, context);
-  }
-  closePopup(preopenedPopup);
-  try {
-    if (storedPasskey) {
-      const result = await signWithPasskeyInline(
-        storedPasskey.credentialId,
-        challenge,
-        storedPasskey.rpId
-      );
-      return {
-        ...result,
-        passkey: storedPasskey
-      };
-    }
-    const discoverable = await signWithDiscoverablePasskey(challenge, rpId);
-    const matchingPasskey = allPasskeys.find((p) => p.credentialId === discoverable.credentialId) ?? null;
-    const now = (/* @__PURE__ */ new Date()).toISOString();
-    const passkey = matchingPasskey ?? {
-      credentialId: discoverable.credentialId,
-      publicKeyX: "",
-      publicKeyY: "",
-      rpId: discoverable.rpId,
-      createdAt: now,
-      lastUsedAt: now
-    };
-    return {
-      signature: discoverable.signature,
-      authenticatorData: discoverable.authenticatorData,
-      clientDataJSON: discoverable.clientDataJSON,
-      signatureR: discoverable.signatureR,
-      signatureS: discoverable.signatureS,
-      passkey
-    };
-  } catch (error) {
-    if (canUsePopup && shouldFallbackToPopup(error)) {
-      return requestStoredPasskeyPopup(challenge, void 0, context);
-    }
-    throw error;
-  }
-}
-async function signWithDiscoverablePasskey(challenge, rpId) {
-  if (!isWebAuthnSupported()) {
-    throw new Error("WebAuthn is not supported in this browser");
-  }
-  const resolvedRpId = rpId;
-  const result = await signWithPasskeyAssertion(challenge, resolvedRpId);
-  return {
-    signature: result.signature,
-    authenticatorData: result.authenticatorData,
-    clientDataJSON: result.clientDataJSON,
-    signatureR: result.signatureR,
-    signatureS: result.signatureS,
-    credentialId: result.credentialId,
-    rpId: resolvedRpId
-  };
-}
-async function runWithPromptMode2(action, inlineFn, popupFn) {
-  const preopenedPopup = maybePreopenPopup(action, openPasskeyPopupWindow);
-  const promptMode = await getPasskeyPromptMode(action);
-  if (promptMode === "popup") {
-    return popupFn(preopenedPopup);
-  }
-  closePopup(preopenedPopup);
-  try {
-    return await inlineFn();
-  } catch (error) {
-    if (shouldFallbackToPopup(error)) {
-      return popupFn();
-    }
-    throw error;
-  }
-}
-async function signWithPasskeyInline(credentialId, challenge, rpId) {
-  const result = await signWithPasskeyAssertion(challenge, rpId, credentialId);
-  return {
-    signature: result.signature,
-    authenticatorData: result.authenticatorData,
-    clientDataJSON: result.clientDataJSON,
-    signatureR: result.signatureR,
-    signatureS: result.signatureS
-  };
-}
-async function signWithPasskeyAssertion(challenge, rpId, credentialId) {
-  const challengeBytes = new Uint8Array(challenge);
-  const getOptions = {
-    challenge: challengeBytes,
-    rpId,
-    userVerification: "required",
-    timeout: 6e4
-  };
-  if (credentialId) {
-    const credentialIdBuffer = base64UrlToArrayBuffer(credentialId);
-    getOptions.allowCredentials = [
-      {
-        type: "public-key",
-        id: credentialIdBuffer,
-        transports: ["internal", "hybrid", "usb", "ble", "nfc"]
-      }
-    ];
-  }
-  const assertion = await navigator.credentials.get({
-    publicKey: getOptions
-  });
-  if (!assertion) {
-    throw new Error("Passkey authentication was cancelled");
-  }
-  const response = assertion.response;
-  const signature = new Uint8Array(response.signature);
-  let { r, s } = parseDerSignature(signature);
-  s = normalizeLowS(s);
-  return {
-    signature: new Uint8Array([...r, ...s]),
-    authenticatorData: new Uint8Array(response.authenticatorData),
-    clientDataJSON: new Uint8Array(response.clientDataJSON),
-    signatureR: r,
-    signatureS: s,
-    credentialId: arrayBufferToBase64Url2(assertion.rawId)
-  };
-}
-async function signWithPasskeyViaPopup(credentialId, challenge, rpId, preopenedPopup) {
-  const result = await requestPasskeyPopup(
-    "get",
-    {
-      credentialId,
-      challengeBase64Url: bytesToBase64Url(challenge),
-      rpId
-    },
-    preopenedPopup
-  );
-  return decodePopupSigningResult(result);
-}
-async function requestStoredPasskeyPopup(challenge, preopenedPopup, context) {
-  const result = await requestPasskeyPopup(
-    "getStored",
-    {
-      challengeBase64Url: bytesToBase64Url(challenge),
-      context
-    },
-    preopenedPopup
-  );
-  return decodePopupStoredSigningResult(result);
-}
-function decodePopupSigningResult(result) {
-  return {
-    signature: base64UrlToBytes(result.signatureBase64Url),
-    authenticatorData: base64UrlToBytes(result.authenticatorDataBase64Url),
-    clientDataJSON: base64UrlToBytes(result.clientDataJSONBase64Url),
-    signatureR: base64UrlToBytes(result.signatureRBase64Url),
-    signatureS: base64UrlToBytes(result.signatureSBase64Url)
-  };
-}
-function decodePopupStoredSigningResult(result) {
-  return {
-    ...decodePopupSigningResult(result),
-    passkey: result.passkey,
-    accounts: result.accounts
-  };
-}
-
-// src/index.ts
-import {
-  parseDerSignature as parseDerSignature2,
-  normalizeLowS as normalizeLowS2,
-  normalizeSignatureComponent,
-  P256_N,
-  P256_HALF_N,
-  bytesToBigIntBE,
-  bigIntToBytesBE
-} from "@thru/passkey-manager";
-import {
-  arrayBufferToBase64Url as arrayBufferToBase64Url3,
-  base64UrlToArrayBuffer as base64UrlToArrayBuffer2,
-  bytesToBase64Url as bytesToBase64Url3,
-  base64UrlToBytes as base64UrlToBytes3,
-  bytesToHex as bytesToHex2,
-  hexToBytes,
+  bigIntToBytesBE,
   bytesEqual,
+  bytesToBase64,
+  bytesToBase64Url,
+  bytesToBigIntBE,
+  bytesToHex,
   compareBytes,
+  getCachedPasskeyClientCapabilities,
+  getPasskeyClientCapabilities,
+  hexToBytes,
+  isInIframe,
+  isWebAuthnSupported,
+  normalizeLowS,
+  normalizeSignatureComponent,
+  parseDerSignature,
+  preloadPasskeyClientCapabilities,
+  registerPasskey,
+  shouldUsePasskeyPopup,
+  signWithDiscoverablePasskey,
+  signWithPasskey,
+  signWithStoredPasskey,
   uniqueAccounts
-} from "@thru/passkey-manager";
-
-// src/popup-service.ts
-import { bytesToBase64Url as bytesToBase64Url2, base64UrlToBytes as base64UrlToBytes2 } from "@thru/passkey-manager";
-function toPopupSigningResult(result) {
-  return {
-    signatureBase64Url: bytesToBase64Url2(result.signature),
-    authenticatorDataBase64Url: bytesToBase64Url2(result.authenticatorData),
-    clientDataJSONBase64Url: bytesToBase64Url2(result.clientDataJSON),
-    signatureRBase64Url: bytesToBase64Url2(result.signatureR),
-    signatureSBase64Url: bytesToBase64Url2(result.signatureS)
-  };
-}
-function buildSuccessResponse(requestId, action, result) {
-  return {
-    type: PASSKEY_POPUP_RESPONSE_EVENT,
-    requestId,
-    action,
-    success: true,
-    result
-  };
-}
-function decodeChallenge(base64Url) {
-  return base64UrlToBytes2(base64Url);
-}
-function getPopupDisplayInfo(context) {
-  const name = context?.appName || context?.origin || "A dApp";
-  const url = context?.appUrl || context?.origin;
-  const logoText = name.charAt(0).toUpperCase() || "A";
-  return {
-    name,
-    url,
-    imageUrl: context?.imageUrl,
-    logoText
-  };
-}
-function getResponseError(action, error) {
-  const { name, message } = normalizeError(error);
-  const actionLabel = `Popup ${action}`;
-  const messageText = message || "Passkey popup failed";
-  const detailedMessage = messageText.includes("Popup") ? messageText : `${actionLabel}: ${messageText}`;
-  return {
-    name,
-    message: detailedMessage
-  };
-}
-async function signWithPreferredPasskey(preferredPasskey, challenge, log) {
-  const resolvedRpId = preferredPasskey?.rpId ?? window.location.hostname;
-  if (preferredPasskey?.credentialId && preferredPasskey.rpId) {
-    try {
-      const storedResult = await signWithPasskey(
-        preferredPasskey.credentialId,
-        challenge,
-        preferredPasskey.rpId
-      );
-      return {
-        result: storedResult,
-        credentialId: preferredPasskey.credentialId,
-        rpId: preferredPasskey.rpId
-      };
-    } catch (error) {
-      if (!shouldFallbackToDiscoverable(error)) {
-        throw error;
-      }
-      if (log) {
-        log("stored passkey failed; falling back to discoverable prompt");
-      }
-    }
-  }
-  const discovered = await signWithDiscoverablePasskey(challenge, resolvedRpId);
-  return {
-    result: discovered,
-    credentialId: discovered.credentialId,
-    rpId: resolvedRpId
-  };
-}
-function buildStoredPasskeyResult(signed, preferredPasskey, profiles, accounts) {
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const matchingPasskey = profiles.find((profile) => profile.passkey?.credentialId === signed.credentialId)?.passkey ?? null;
-  const passkey = matchingPasskey ?? {
-    credentialId: signed.credentialId,
-    publicKeyX: "",
-    publicKeyY: "",
-    rpId: signed.rpId,
-    label: preferredPasskey?.label,
-    createdAt: now,
-    lastUsedAt: now
-  };
-  return {
-    ...toPopupSigningResult(signed.result),
-    passkey: matchingPasskey ? { ...passkey, lastUsedAt: now } : passkey,
-    accounts
-  };
-}
-function normalizeError(error) {
-  const name = error && typeof error === "object" && "name" in error ? String(error.name) : "";
-  const message = error && typeof error === "object" && "message" in error ? String(error.message) : "";
-  return {
-    name,
-    message,
-    normalized: `${name} ${message}`.toLowerCase()
-  };
-}
-function shouldFallbackToDiscoverable(error) {
-  const normalized = normalizeError(error).normalized;
-  return normalized.includes("notfounderror") || normalized.includes("notallowederror") || normalized.includes("securityerror");
-}
+} from "./chunk-B5SN7AS7.js";
+import {
+  buildSuccessResponse,
+  decodeChallenge,
+  getResponseError,
+  toPopupSigningResult
+} from "./chunk-75G2FPYW.js";
+import {
+  PASSKEY_POPUP_CHANNEL,
+  PASSKEY_POPUP_PATH,
+  PASSKEY_POPUP_READY_EVENT,
+  PASSKEY_POPUP_REQUEST_EVENT,
+  PASSKEY_POPUP_RESPONSE_EVENT,
+  closePopup,
+  openPasskeyPopupWindow,
+  requestPasskeyPopup
+} from "./chunk-LNDWK3FA.js";
 export {
   P256_HALF_N,
   P256_N,
@@ -812,37 +51,35 @@ export {
   PASSKEY_POPUP_READY_EVENT,
   PASSKEY_POPUP_REQUEST_EVENT,
   PASSKEY_POPUP_RESPONSE_EVENT,
-  arrayBufferToBase64Url3 as arrayBufferToBase64Url,
-  base64UrlToArrayBuffer2 as base64UrlToArrayBuffer,
-  base64UrlToBytes3 as base64UrlToBytes,
+  arrayBufferToBase64Url,
+  base64UrlToArrayBuffer,
+  base64UrlToBytes,
   bigIntToBytesBE,
-  buildStoredPasskeyResult,
   buildSuccessResponse,
   bytesEqual,
-  bytesToBase64Url3 as bytesToBase64Url,
+  bytesToBase64,
+  bytesToBase64Url,
   bytesToBigIntBE,
-  bytesToHex2 as bytesToHex,
+  bytesToHex,
   closePopup,
   compareBytes,
   decodeChallenge,
   getCachedPasskeyClientCapabilities,
   getPasskeyClientCapabilities,
-  getPopupDisplayInfo,
   getResponseError,
   hexToBytes,
   isInIframe,
   isWebAuthnSupported,
-  normalizeLowS2 as normalizeLowS,
+  normalizeLowS,
   normalizeSignatureComponent,
   openPasskeyPopupWindow,
-  parseDerSignature2 as parseDerSignature,
+  parseDerSignature,
   preloadPasskeyClientCapabilities,
   registerPasskey,
   requestPasskeyPopup,
   shouldUsePasskeyPopup,
   signWithDiscoverablePasskey,
   signWithPasskey,
-  signWithPreferredPasskey,
   signWithStoredPasskey,
   toPopupSigningResult,
   uniqueAccounts