@thru/passkey 0.2.13 → 0.2.15

package/dist/auth.cjs

@@ -0,0 +1,672 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/auth/index.ts
+var auth_exports = {};
+__export(auth_exports, {
+  createPasskeyAuthStore: () => createPasskeyAuthStore,
+  executePasskeyTransaction: () => executePasskeyTransaction,
+  getPasskeyAuthStore: () => getPasskeyAuthStore,
+  usePasskeyAuth: () => usePasskeyAuth
+});
+module.exports = __toCommonJS(auth_exports);
+
+// src/auth/execute-tx.ts
+var import_passkey_manager2 = require("@thru/passkey-manager");
+
+// src/mobile/passkey.ts
+var import_react_native_passkeys = require("react-native-passkeys");
+var import_passkey_manager = require("@thru/passkey-manager");
+function getDefaultConfig(config) {
+  const env = globalThis.process?.env ?? {};
+  return {
+    rpId: config?.rpId ?? env.EXPO_PUBLIC_PASSKEY_RP_ID ?? "wallet.thru.org",
+    rpName: config?.rpName ?? env.EXPO_PUBLIC_PASSKEY_RP_NAME ?? "Thru Wallet"
+  };
+}
+async function registerPasskey(alias, userId, config) {
+  const { rpId, rpName } = getDefaultConfig(config);
+  const challenge = (0, import_passkey_manager.bytesToBase64Url)(crypto.getRandomValues(new Uint8Array(32)));
+  const userIdB64 = (0, import_passkey_manager.bytesToBase64Url)(new TextEncoder().encode(userId));
+  const result = await (0, import_react_native_passkeys.create)({
+    challenge,
+    rp: { id: rpId, name: rpName },
+    user: { id: userIdB64, name: alias, displayName: alias },
+    pubKeyCredParams: [{ type: "public-key", alg: -7 }],
+    authenticatorSelection: {
+      authenticatorAttachment: "platform",
+      userVerification: "required",
+      residentKey: "required"
+    },
+    attestation: "none",
+    timeout: 6e4
+  });
+  if (!result) {
+    throw new Error("Passkey registration was cancelled");
+  }
+  const publicKeyB64 = result.response.getPublicKey?.();
+  if (!publicKeyB64) {
+    throw new Error("Failed to retrieve public key from registration");
+  }
+  const keyBytes = (0, import_passkey_manager.base64UrlToBytes)(publicKeyB64);
+  const { x, y } = extractP256Coordinates(keyBytes);
+  return {
+    credentialId: result.id,
+    publicKeyX: x,
+    publicKeyY: y,
+    rpId
+  };
+}
+async function signWithPasskey(credentialId, challenge, rpId) {
+  const resolvedRpId = rpId ?? getDefaultConfig().rpId;
+  const challengeB64 = (0, import_passkey_manager.bytesToBase64Url)(challenge);
+  const result = await (0, import_react_native_passkeys.get)({
+    challenge: challengeB64,
+    rpId: resolvedRpId,
+    allowCredentials: [{ type: "public-key", id: credentialId }],
+    userVerification: "required",
+    timeout: 6e4
+  });
+  if (!result) {
+    throw new Error("Passkey authentication was cancelled");
+  }
+  const derSignature = (0, import_passkey_manager.base64UrlToBytes)(result.response.signature);
+  let { r, s } = (0, import_passkey_manager.parseDerSignature)(derSignature);
+  s = (0, import_passkey_manager.normalizeLowS)(s);
+  return {
+    signature: new Uint8Array([...r, ...s]),
+    authenticatorData: (0, import_passkey_manager.base64UrlToBytes)(result.response.authenticatorData),
+    clientDataJSON: (0, import_passkey_manager.base64UrlToBytes)(result.response.clientDataJSON),
+    signatureR: r,
+    signatureS: s
+  };
+}
+async function authenticateWithDiscoverablePasskey(config) {
+  const { rpId } = getDefaultConfig(config);
+  try {
+    const challenge = (0, import_passkey_manager.bytesToBase64Url)(crypto.getRandomValues(new Uint8Array(32)));
+    const result = await (0, import_react_native_passkeys.get)({
+      challenge,
+      rpId,
+      userVerification: "required",
+      timeout: 6e4
+    });
+    return result ? { credentialId: result.id, rpId } : null;
+  } catch {
+    return null;
+  }
+}
+function extractP256Coordinates(keyBytes) {
+  if (keyBytes.length === 64) {
+    return {
+      x: keyBytes.slice(0, 32),
+      y: keyBytes.slice(32, 64)
+    };
+  }
+  if (keyBytes.length === 65 && keyBytes[0] === 4) {
+    return {
+      x: keyBytes.slice(1, 33),
+      y: keyBytes.slice(33, 65)
+    };
+  }
+  const pointStart = keyBytes.length - 65;
+  if (pointStart > 0 && keyBytes[pointStart] === 4) {
+    return {
+      x: keyBytes.slice(pointStart + 1, pointStart + 33),
+      y: keyBytes.slice(pointStart + 33, pointStart + 65)
+    };
+  }
+  throw new Error(
+    `Unsupported public key format (${keyBytes.length} bytes). Expected raw X||Y (64), uncompressed point (65), or SPKI DER (91).`
+  );
+}
+
+// src/mobile/storage.ts
+var SecureStore = __toESM(require("expo-secure-store"), 1);
+var SECURE_STORE_OPTS = {
+  keychainAccessible: SecureStore.WHEN_UNLOCKED_THIS_DEVICE_ONLY
+};
+var PASSKEY_CREDENTIAL_ID_KEY = "thru_passkey_credential_id";
+var PASSKEY_PUBLIC_KEY_X_KEY = "thru_passkey_pubkey_x";
+var PASSKEY_PUBLIC_KEY_Y_KEY = "thru_passkey_pubkey_y";
+var PASSKEY_RP_ID_KEY = "thru_passkey_rp_id";
+var PASSKEY_LABEL_KEY = "thru_passkey_label";
+var PASSKEY_CREATED_AT_KEY = "thru_passkey_created_at";
+var PASSKEY_LAST_USED_AT_KEY = "thru_passkey_last_used_at";
+var ADDRESS_KEY = "thru_address";
+var USER_ID_KEY = "thru_user_id";
+var TOKEN_ACCOUNT_KEY = "thru_token_account";
+async function storePasskeyMetadata(metadata) {
+  await Promise.all([
+    SecureStore.setItemAsync(PASSKEY_CREDENTIAL_ID_KEY, metadata.credentialId, SECURE_STORE_OPTS),
+    SecureStore.setItemAsync(PASSKEY_PUBLIC_KEY_X_KEY, metadata.publicKeyX, SECURE_STORE_OPTS),
+    SecureStore.setItemAsync(PASSKEY_PUBLIC_KEY_Y_KEY, metadata.publicKeyY, SECURE_STORE_OPTS),
+    SecureStore.setItemAsync(PASSKEY_RP_ID_KEY, metadata.rpId, SECURE_STORE_OPTS),
+    SecureStore.setItemAsync(PASSKEY_LABEL_KEY, metadata.label ?? "", SECURE_STORE_OPTS),
+    SecureStore.setItemAsync(PASSKEY_CREATED_AT_KEY, metadata.createdAt, SECURE_STORE_OPTS),
+    SecureStore.setItemAsync(PASSKEY_LAST_USED_AT_KEY, metadata.lastUsedAt, SECURE_STORE_OPTS)
+  ]);
+}
+async function getStoredPasskeyMetadata() {
+  const credentialId = await SecureStore.getItemAsync(PASSKEY_CREDENTIAL_ID_KEY);
+  if (!credentialId) return null;
+  const [publicKeyX, publicKeyY, rpId, label, createdAt, lastUsedAt] = await Promise.all([
+    SecureStore.getItemAsync(PASSKEY_PUBLIC_KEY_X_KEY),
+    SecureStore.getItemAsync(PASSKEY_PUBLIC_KEY_Y_KEY),
+    SecureStore.getItemAsync(PASSKEY_RP_ID_KEY),
+    SecureStore.getItemAsync(PASSKEY_LABEL_KEY),
+    SecureStore.getItemAsync(PASSKEY_CREATED_AT_KEY),
+    SecureStore.getItemAsync(PASSKEY_LAST_USED_AT_KEY)
+  ]);
+  if (!rpId || !createdAt) return null;
+  return {
+    credentialId,
+    publicKeyX: publicKeyX ?? "",
+    publicKeyY: publicKeyY ?? "",
+    rpId,
+    label: label || void 0,
+    createdAt,
+    lastUsedAt: lastUsedAt ?? createdAt
+  };
+}
+async function touchPasskeyLastUsedAt(lastUsedAt = (/* @__PURE__ */ new Date()).toISOString()) {
+  await SecureStore.setItemAsync(PASSKEY_LAST_USED_AT_KEY, lastUsedAt, SECURE_STORE_OPTS);
+  return lastUsedAt;
+}
+async function hasStoredPasskey() {
+  return await SecureStore.getItemAsync(PASSKEY_CREDENTIAL_ID_KEY) !== null;
+}
+async function clearPasskeyMetadata() {
+  await Promise.all([
+    SecureStore.deleteItemAsync(PASSKEY_CREDENTIAL_ID_KEY),
+    SecureStore.deleteItemAsync(PASSKEY_PUBLIC_KEY_X_KEY),
+    SecureStore.deleteItemAsync(PASSKEY_PUBLIC_KEY_Y_KEY),
+    SecureStore.deleteItemAsync(PASSKEY_RP_ID_KEY),
+    SecureStore.deleteItemAsync(PASSKEY_LABEL_KEY),
+    SecureStore.deleteItemAsync(PASSKEY_CREATED_AT_KEY),
+    SecureStore.deleteItemAsync(PASSKEY_LAST_USED_AT_KEY)
+  ]);
+}
+async function storeWalletInfo(address, userId, tokenAccountAddress) {
+  await Promise.all([
+    SecureStore.setItemAsync(ADDRESS_KEY, address, SECURE_STORE_OPTS),
+    SecureStore.setItemAsync(USER_ID_KEY, userId, SECURE_STORE_OPTS),
+    tokenAccountAddress ? SecureStore.setItemAsync(TOKEN_ACCOUNT_KEY, tokenAccountAddress, SECURE_STORE_OPTS) : SecureStore.deleteItemAsync(TOKEN_ACCOUNT_KEY)
+  ]);
+}
+async function hasStoredWallet() {
+  return await SecureStore.getItemAsync(ADDRESS_KEY) !== null;
+}
+async function getStoredAddress() {
+  return SecureStore.getItemAsync(ADDRESS_KEY);
+}
+async function getStoredUserId() {
+  return SecureStore.getItemAsync(USER_ID_KEY);
+}
+async function clearSession() {
+  await Promise.all([
+    SecureStore.deleteItemAsync(ADDRESS_KEY),
+    SecureStore.deleteItemAsync(USER_ID_KEY),
+    SecureStore.deleteItemAsync(TOKEN_ACCOUNT_KEY)
+  ]);
+}
+
+// src/auth/execute-tx.ts
+async function readJson(response) {
+  try {
+    return await response.json();
+  } catch {
+    throw new Error(`Non-JSON response (HTTP ${response.status})`);
+  }
+}
+async function executePasskeyTransaction(opts) {
+  let challengeRes;
+  try {
+    challengeRes = await fetch(opts.challengeUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(opts.params)
+    });
+  } catch {
+    throw new Error("Network request failed (challenge)");
+  }
+  const challengeData = await readJson(challengeRes);
+  if (!challengeRes.ok || challengeData.success !== true) {
+    throw new Error(
+      typeof challengeData.error === "string" ? challengeData.error : "Failed to get challenge"
+    );
+  }
+  if (typeof challengeData.challenge !== "string") {
+    throw new Error("Challenge response did not include a challenge");
+  }
+  const challengeBytes = (0, import_passkey_manager2.base64UrlToBytes)(challengeData.challenge);
+  const signature = await signWithPasskey(
+    opts.credentialId,
+    challengeBytes,
+    opts.rpId
+  );
+  await touchPasskeyLastUsedAt().catch((error) => {
+    console.warn("Failed to update passkey last-used timestamp:", error);
+  });
+  const { success: _success, error: _error, ...challengeFields } = challengeData;
+  let submitRes;
+  try {
+    submitRes = await fetch(opts.submitUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        ...opts.params,
+        ...challengeFields,
+        signatureR: (0, import_passkey_manager2.bytesToHex)(signature.signatureR),
+        signatureS: (0, import_passkey_manager2.bytesToHex)(signature.signatureS),
+        authenticatorData: (0, import_passkey_manager2.bytesToBase64)(signature.authenticatorData),
+        clientDataJSON: (0, import_passkey_manager2.bytesToBase64)(signature.clientDataJSON)
+      })
+    });
+  } catch {
+    throw new Error("Network request failed (submit)");
+  }
+  const submitData = await readJson(submitRes);
+  if (!submitRes.ok || submitData.success !== true) {
+    throw new Error(
+      typeof submitData.error === "string" ? submitData.error : "Failed to submit transaction"
+    );
+  }
+  return submitData;
+}
+
+// src/auth/use-passkey-auth.ts
+var import_passkey_manager3 = require("@thru/passkey-manager");
+var import_zustand = require("zustand");
+
+// src/mobile/errors.ts
+var PASSKEY_ERRORS = {
+  USER_CANCELLED: [
+    "error 1001",
+    "UserCancelled",
+    "Passkey authentication was cancelled",
+    "Passkey registration was cancelled"
+  ],
+  NOT_FOUND: [
+    "not found",
+    "No credentials available",
+    "no passkey",
+    "NoCredentials"
+  ]
+};
+function classifyPasskeyError(error) {
+  const message = error instanceof Error ? error.message : typeof error === "string" ? error : null;
+  if (!message) return null;
+  for (const [kind, patterns] of Object.entries(PASSKEY_ERRORS)) {
+    if (patterns.some((pattern) => message.includes(pattern))) {
+      return kind;
+    }
+  }
+  return null;
+}
+
+// src/auth/use-passkey-auth.ts
+var storeCache = /* @__PURE__ */ new Map();
+function createStoreKey(config) {
+  return [config.apiUrl, config.alias ?? "", config.rpId ?? "", config.rpName ?? ""].join("::");
+}
+function buildDisplayName(address) {
+  return `${address.slice(0, 8)}...${address.slice(-4)}`;
+}
+function toPasskeyUser(user) {
+  return {
+    id: user.id,
+    displayName: buildDisplayName(user.publicKey),
+    tokenAccountAddress: user.tokenAccountAddress ?? null,
+    extras: user.extras
+  };
+}
+async function readJson2(response) {
+  return await response.json();
+}
+async function postJson(url, body) {
+  const response = await fetch(url, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  const data = await readJson2(response);
+  if (!response.ok || data.success !== true) {
+    throw new Error(
+      typeof data.error === "string" ? data.error : "Request failed"
+    );
+  }
+  return data;
+}
+async function getCurrentUser(apiUrl, address) {
+  const response = await fetch(`${apiUrl}/auth/me`, {
+    headers: {
+      "Content-Type": "application/json",
+      "x-wallet-address": address
+    }
+  });
+  if (response.status === 404) return null;
+  const data = await readJson2(response);
+  if (!response.ok || data.success !== true) {
+    throw new Error(
+      typeof data.error === "string" ? data.error : "Failed to fetch current user"
+    );
+  }
+  return data;
+}
+function createPasskeyAuthStore(config) {
+  const resolvedAlias = config.alias ?? "Thru Wallet";
+  return (0, import_zustand.create)((set, get) => ({
+    isAuthenticated: false,
+    isLoading: false,
+    isInitialized: false,
+    hasExistingPasskey: false,
+    needsNewPasskey: false,
+    error: null,
+    user: null,
+    address: null,
+    activeCredentialId: null,
+    initialize: async () => {
+      try {
+        const hasPasskey = await hasStoredPasskey();
+        if (hasPasskey) {
+          const storedAddress = await getStoredAddress();
+          if (storedAddress) {
+            const user = await Promise.race([
+              getCurrentUser(config.apiUrl, storedAddress),
+              new Promise(
+                (_, reject) => setTimeout(() => reject(new Error("timeout")), 2e3)
+              )
+            ]).catch(() => void 0);
+            if (user === null) {
+              await clearSession();
+              await clearPasskeyMetadata();
+              set({ isInitialized: true, hasExistingPasskey: false });
+              return;
+            }
+          } else {
+            const metadata = await getStoredPasskeyMetadata();
+            if (metadata && !metadata.publicKeyX && !metadata.publicKeyY) {
+              await clearPasskeyMetadata();
+              set({ isInitialized: true, hasExistingPasskey: false });
+              return;
+            }
+          }
+        }
+        set({ isInitialized: true, hasExistingPasskey: hasPasskey });
+      } catch (error) {
+        console.error("Failed to initialize passkey auth:", error);
+        set({ isInitialized: true, error: "Failed to initialize wallet" });
+      }
+    },
+    createWallet: async () => {
+      set({ isLoading: true, error: null, needsNewPasskey: false });
+      try {
+        const tempId = `user-${Date.now()}`;
+        const { credentialId, publicKeyX, publicKeyY, rpId } = await registerPasskey(resolvedAlias, tempId, {
+          rpId: config.rpId,
+          rpName: config.rpName
+        });
+        const now = (/* @__PURE__ */ new Date()).toISOString();
+        const pubkeyXHex = (0, import_passkey_manager3.bytesToHex)(publicKeyX);
+        const pubkeyYHex = (0, import_passkey_manager3.bytesToHex)(publicKeyY);
+        await storePasskeyMetadata({
+          credentialId,
+          publicKeyX: pubkeyXHex,
+          publicKeyY: pubkeyYHex,
+          rpId,
+          createdAt: now,
+          lastUsedAt: now
+        });
+        const response = await postJson(
+          `${config.apiUrl}/auth/register-passkey-wallet`,
+          {
+            pubkeyX: pubkeyXHex,
+            pubkeyY: pubkeyYHex,
+            credentialId
+          }
+        );
+        const walletAddress = response.user.publicKey;
+        await storeWalletInfo(
+          walletAddress,
+          response.user.id,
+          response.user.tokenAccountAddress ?? void 0
+        );
+        set({
+          isLoading: false,
+          isAuthenticated: true,
+          hasExistingPasskey: true,
+          activeCredentialId: credentialId,
+          address: walletAddress,
+          user: toPasskeyUser(response.user)
+        });
+        return true;
+      } catch (error) {
+        if (classifyPasskeyError(error) === "USER_CANCELLED") {
+          set({ isLoading: false });
+          return false;
+        }
+        console.error("Failed to create passkey wallet:", error);
+        set({
+          isLoading: false,
+          error: error instanceof Error ? error.message : "Failed to create wallet"
+        });
+        return false;
+      }
+    },
+    unlockWithPasskey: async () => {
+      set({ isLoading: true, error: null, needsNewPasskey: false });
+      try {
+        const metadata = await getStoredPasskeyMetadata();
+        if (!metadata) throw new Error("No stored passkey found");
+        await signWithPasskey(
+          metadata.credentialId,
+          crypto.getRandomValues(new Uint8Array(32)),
+          metadata.rpId
+        );
+        await touchPasskeyLastUsedAt().catch((error) => {
+          console.warn("Failed to update passkey last-used timestamp:", error);
+        });
+        const hasWallet = await hasStoredWallet();
+        let walletAddress;
+        let userId;
+        let tokenAccountAddress;
+        let response = null;
+        if (hasWallet) {
+          const storedAddress = await getStoredAddress();
+          const storedUserId = await getStoredUserId();
+          if (!storedAddress || !storedUserId) {
+            throw new Error("Incomplete wallet data");
+          }
+          walletAddress = storedAddress;
+          userId = storedUserId;
+          const current = await getCurrentUser(config.apiUrl, walletAddress);
+          if (current) {
+            response = current;
+            tokenAccountAddress = current.user.tokenAccountAddress ?? void 0;
+          } else if (metadata.publicKeyX && metadata.publicKeyY) {
+            response = await postJson(
+              `${config.apiUrl}/auth/register-passkey-wallet`,
+              {
+                pubkeyX: metadata.publicKeyX,
+                pubkeyY: metadata.publicKeyY,
+                credentialId: metadata.credentialId
+              }
+            );
+            walletAddress = response.user.publicKey;
+            userId = response.user.id;
+            tokenAccountAddress = response.user.tokenAccountAddress ?? void 0;
+            await storeWalletInfo(walletAddress, userId, tokenAccountAddress);
+          } else {
+            await clearSession();
+            await clearPasskeyMetadata();
+            set({ isLoading: false, hasExistingPasskey: false, error: null });
+            return false;
+          }
+        } else if (metadata.publicKeyX && metadata.publicKeyY) {
+          response = await postJson(
+            `${config.apiUrl}/auth/register-passkey-wallet`,
+            {
+              pubkeyX: metadata.publicKeyX,
+              pubkeyY: metadata.publicKeyY,
+              credentialId: metadata.credentialId
+            }
+          );
+          walletAddress = response.user.publicKey;
+          userId = response.user.id;
+          tokenAccountAddress = response.user.tokenAccountAddress ?? void 0;
+          await storeWalletInfo(walletAddress, userId, tokenAccountAddress);
+        } else {
+          const recovered = await postJson(
+            `${config.apiUrl}/auth/recover-passkey-wallet`,
+            { credentialId: metadata.credentialId }
+          ).catch(() => null);
+          if (!recovered) {
+            await clearSession();
+            await clearPasskeyMetadata();
+            set({ isLoading: false, hasExistingPasskey: false, error: null });
+            return false;
+          }
+          response = recovered;
+          walletAddress = recovered.user.publicKey;
+          userId = recovered.user.id;
+          tokenAccountAddress = recovered.user.tokenAccountAddress ?? void 0;
+          await storeWalletInfo(walletAddress, userId, tokenAccountAddress);
+        }
+        set({
+          isLoading: false,
+          isAuthenticated: true,
+          activeCredentialId: metadata.credentialId,
+          address: walletAddress,
+          user: response ? toPasskeyUser(response.user) : get().user
+        });
+        return true;
+      } catch (error) {
+        console.error("Failed to unlock with passkey:", error);
+        const kind = classifyPasskeyError(error);
+        if (kind === "USER_CANCELLED") {
+          set({ isLoading: false });
+        } else if (kind === "NOT_FOUND") {
+          await clearPasskeyMetadata();
+          set({ isLoading: false, hasExistingPasskey: false, error: null });
+        } else {
+          set({
+            isLoading: false,
+            error: error instanceof Error ? error.message : "Failed to unlock"
+          });
+        }
+        return false;
+      }
+    },
+    recoverWithDiscoverablePasskey: async () => {
+      set({ isLoading: true, error: null, needsNewPasskey: false });
+      try {
+        const discovered = await authenticateWithDiscoverablePasskey({
+          rpId: config.rpId
+        });
+        if (!discovered) {
+          set({ isLoading: false });
+          return false;
+        }
+        const response = await postJson(
+          `${config.apiUrl}/auth/recover-passkey-wallet`,
+          { credentialId: discovered.credentialId }
+        ).catch(() => null);
+        if (!response) {
+          set({ isLoading: false, needsNewPasskey: true });
+          return false;
+        }
+        const walletAddress = response.user.publicKey;
+        const userId = response.user.id;
+        const tokenAccountAddress = response.user.tokenAccountAddress ?? void 0;
+        const now = (/* @__PURE__ */ new Date()).toISOString();
+        await storePasskeyMetadata({
+          credentialId: discovered.credentialId,
+          publicKeyX: "",
+          publicKeyY: "",
+          rpId: discovered.rpId,
+          createdAt: now,
+          lastUsedAt: now
+        });
+        await storeWalletInfo(walletAddress, userId, tokenAccountAddress);
+        set({
+          isLoading: false,
+          isAuthenticated: true,
+          hasExistingPasskey: true,
+          activeCredentialId: discovered.credentialId,
+          address: walletAddress,
+          user: toPasskeyUser(response.user)
+        });
+        return true;
+      } catch (error) {
+        console.error("Failed to recover with discoverable passkey:", error);
+        set({
+          isLoading: false,
+          error: error instanceof Error ? error.message : "Failed to recover wallet"
+        });
+        return false;
+      }
+    },
+    logout: async () => {
+      try {
+        await clearSession();
+      } catch (error) {
+        console.error("Failed to clear passkey session:", error);
+      }
+      set({
+        isAuthenticated: false,
+        needsNewPasskey: false,
+        user: null,
+        address: null,
+        activeCredentialId: null
+      });
+    },
+    clearError: () => set({ error: null }),
+    dismissNewPasskey: () => set({ needsNewPasskey: false })
+  }));
+}
+function getPasskeyAuthStore(config) {
+  const key = createStoreKey(config);
+  const cached = storeCache.get(key);
+  if (cached) return cached;
+  const store = createPasskeyAuthStore(config);
+  storeCache.set(key, store);
+  return store;
+}
+function usePasskeyAuth(config) {
+  return getPasskeyAuthStore(config)();
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createPasskeyAuthStore,
+  executePasskeyTransaction,
+  getPasskeyAuthStore,
+  usePasskeyAuth
+});
+//# sourceMappingURL=auth.cjs.map