@thru/passkey 0.2.21 → 0.2.23

package/src/server/create-wallet.ts

@@ -8,14 +8,14 @@ import {
   deriveWalletAddress,
   encodeCreateInstruction,
   encodeRegisterCredentialInstruction,
-} from '@thru/passkey-manager';
+} from '@thru/programs/passkey-manager';
 import {
   toThruAddress,
   getStateProof,
   trackTransaction,
   withSerializedFeePayer,
-} from './utils';
-import type { ThruClient } from './types';
+} from "./utils";
+import type { ThruClient } from "./types";
 
 export async function createPasskeyWallet(opts: {
   client: ThruClient;
@@ -27,9 +27,12 @@ export async function createPasskeyWallet(opts: {
   credentialId?: string;
   walletName?: string;
 }): Promise<{ walletAddress: string; credentialLookupAddress?: string }> {
-  const walletName = opts.walletName ?? 'default';
+  const walletName = opts.walletName ?? "default";
   const seed = await createWalletSeed(walletName, opts.pubkeyX, opts.pubkeyY);
-  const walletBytes = await deriveWalletAddress(seed, PASSKEY_MANAGER_PROGRAM_ADDRESS);
+  const walletBytes = await deriveWalletAddress(
+    seed,
+    PASSKEY_MANAGER_PROGRAM_ADDRESS,
+  );
   const walletAddress = toThruAddress(walletBytes);
 
   await withSerializedFeePayer(opts.adminPublicKey, async () => {
@@ -77,11 +80,13 @@ export async function createPasskeyWallet(opts: {
     await transaction.sign(opts.adminPrivateKey);
     const signature = await opts.client.transactions.send(transaction.toWire());
     const result = await trackTransaction(opts.client, signature, 60000);
-    if (result.status !== 'finalized') {
+    if (result.status !== "finalized") {
       throw new Error(
         `Wallet creation failed with status: ${result.status}${
-          result.errorCode !== undefined ? ` (error code: ${result.errorCode})` : ''
-        }`
+          result.errorCode !== undefined
+            ? ` (error code: ${result.errorCode})`
+            : ""
+        }`,
       );
     }
   });
@@ -91,8 +96,7 @@ export async function createPasskeyWallet(opts: {
     const credentialIdBytes = base64UrlToBytes(opts.credentialId);
     const lookupAddressBytes = await deriveCredentialLookupAddress(
       credentialIdBytes,
-      walletName,
-      PASSKEY_MANAGER_PROGRAM_ADDRESS
+      PASSKEY_MANAGER_PROGRAM_ADDRESS,
     );
     const lookupAddress = toThruAddress(lookupAddressBytes);
 
@@ -110,7 +114,7 @@ export async function createPasskeyWallet(opts: {
 
         if (lookupExists) return;
 
-        const credSeed = await createCredentialLookupSeed(credentialIdBytes, walletName);
+        const credSeed = await createCredentialLookupSeed(credentialIdBytes);
         const stateProof = await getStateProof(opts.client, lookupAddress);
         const accountCtx = buildAccountContext({
           walletAddress,
@@ -139,18 +143,22 @@ export async function createPasskeyWallet(opts: {
         });
 
         await transaction.sign(opts.adminPrivateKey);
-        const signature = await opts.client.transactions.send(transaction.toWire());
+        const signature = await opts.client.transactions.send(
+          transaction.toWire(),
+        );
         const result = await trackTransaction(opts.client, signature, 60000);
-        if (result.status !== 'finalized') {
+        if (result.status !== "finalized") {
           throw new Error(
             `Credential registration failed with status: ${result.status}${
-              result.errorCode !== undefined ? ` (error code: ${result.errorCode})` : ''
-            }`
+              result.errorCode !== undefined
+                ? ` (error code: ${result.errorCode})`
+                : ""
+            }`,
           );
         }
       });
     } catch (error) {
-      console.warn('Credential registration failed (non-fatal):', error);
+      console.warn("Credential registration failed (non-fatal):", error);
     }
   }
 

package/src/server/handlers.ts

@@ -45,7 +45,9 @@ export function createPasskeyHandlers<P>(opts: {
         client: opts.client,
         walletAddress,
         accountCtx: context.accountCtx,
-        invokeIx: context.invokeIx,
+        targetProgramAddress: context.targetProgramAddress,
+        instructionData: context.instructionData,
+        authIdx: context.authIdx,
       });
 
       pendingContexts.set(
@@ -85,7 +87,9 @@ export function createPasskeyHandlers<P>(opts: {
         adminPrivateKey: opts.adminPrivateKey,
         walletAddress,
         accountCtx: pending.context.accountCtx,
-        invokeIx: pending.context.invokeIx,
+        targetProgramAddress: pending.context.targetProgramAddress,
+        instructionData: pending.context.instructionData,
+        authIdx: pending.context.authIdx,
         ...signaturePayload,
       });
     },

package/src/server/submit.test.ts

@@ -1,20 +1,24 @@
 import { describe, expect, it, vi } from 'vitest';
-import type { AccountContext } from '@thru/passkey-manager';
+import type { AccountContext } from '@thru/programs/passkey-manager';
 import type { ThruClient } from './types';
 
-vi.mock('@thru/passkey-manager', () => ({
+const passkeyManagerMocks = vi.hoisted(() => ({
   PASSKEY_MANAGER_PROGRAM_ADDRESS: 'passkey-program',
-  concatenateInstructions: (instructions: Uint8Array[]) => new Uint8Array(instructions.flatMap((ix) => Array.from(ix))),
-  encodeValidateInstruction: () => new Uint8Array([1, 2]),
+  decodeAddress: vi.fn(() => new Uint8Array(32).fill(7)),
+  encodeValidateInstruction: vi.fn(() => new Uint8Array([1, 2])),
   hexToBytes: (value: string) => new Uint8Array(Buffer.from(value, 'hex')),
 }));
 
+vi.mock('@thru/programs/passkey-manager', () => passkeyManagerMocks);
+
 import { buildPasskeyTransaction, submitPasskeyTransaction } from './submit';
 
 const accountCtx = {
   walletAccountIdx: 3,
+  accountAddresses: ['fee-payer', 'passkey-program', 'wallet-address', 'readonly-address'],
   readWriteAddresses: ['lookup-address', 'wallet-address'],
   readOnlyAddresses: ['readonly-address'],
+  getAccountIndex: vi.fn(() => 4),
 } as AccountContext;
 
 const signaturePayload = {
@@ -58,7 +62,8 @@ describe('passkey submit', () => {
       adminPrivateKey: new Uint8Array(32).fill(2),
       walletAddress: 'wallet-address',
       accountCtx,
-      invokeIx: new Uint8Array([3, 4]),
+      targetProgramAddress: 'target-program',
+      instructionData: new Uint8Array([3, 4]),
       header: {
         fee: 0n,
         nonce: 42n,
@@ -76,7 +81,19 @@ describe('passkey submit', () => {
         fee: 0n,
         nonce: 42n,
       },
+      instructionData: new Uint8Array([1, 2]),
     }));
+    expect(passkeyManagerMocks.decodeAddress).toHaveBeenCalledWith('target-program');
+    expect(passkeyManagerMocks.encodeValidateInstruction).toHaveBeenCalledWith(
+      expect.objectContaining({
+        walletAccountIdx: 3,
+        authIdx: 0,
+        targetInstruction: {
+          programIdx: 4,
+          instructionData: new Uint8Array([3, 4]),
+        },
+      })
+    );
     expect(transaction.sign).toHaveBeenCalledWith(new Uint8Array(32).fill(2));
     expect(result.rawTransaction).toEqual(new Uint8Array([9, 9, 9]));
   });
@@ -90,7 +107,8 @@ describe('passkey submit', () => {
       adminPrivateKey: new Uint8Array(32).fill(2),
       walletAddress: 'wallet-address',
       accountCtx,
-      invokeIx: new Uint8Array([3, 4]),
+      targetProgramAddress: 'target-program',
+      instructionData: new Uint8Array([3, 4]),
       ...signaturePayload,
     })).resolves.toEqual({
       signature: 'tx-signature',

package/src/server/submit.ts

@@ -1,10 +1,10 @@
 import {
   PASSKEY_MANAGER_PROGRAM_ADDRESS,
-  concatenateInstructions,
+  decodeAddress,
   encodeValidateInstruction,
   hexToBytes,
-} from '@thru/passkey-manager';
-import type { AccountContext } from '@thru/passkey-manager';
+} from '@thru/programs/passkey-manager';
+import type { AccountContext } from '@thru/programs/passkey-manager';
 import { trackTransaction, withSerializedFeePayer } from './utils';
 import type {
   BuiltPasskeyTransaction,
@@ -14,6 +14,27 @@ import type {
   TransactionResult,
 } from './types';
 
+function base64ToBytes(base64: string): Uint8Array {
+  type BufferLike = {
+    from(value: string, encoding: 'base64'): Uint8Array;
+  };
+  const globalBuffer = (globalThis as { Buffer?: BufferLike }).Buffer;
+  if (globalBuffer) {
+    return globalBuffer.from(base64, 'base64');
+  }
+
+  if (typeof atob === 'function') {
+    const binary = atob(base64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+      bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+  }
+
+  throw new Error('Base64 decoding is not supported in this environment');
+}
+
 /**
  * Builds and signs a passkey-manager transaction without submitting it.
  *
@@ -27,23 +48,31 @@ export async function buildPasskeyTransaction(opts: {
   adminPrivateKey: Uint8Array;
   walletAddress: string;
   accountCtx: AccountContext;
-  invokeIx: Uint8Array;
+  targetProgramAddress: string;
+  instructionData: Uint8Array;
+  authIdx?: number;
   header?: PasskeyTransactionHeaderOverrides;
 } & PasskeySignaturePayload): Promise<BuiltPasskeyTransaction> {
+  const targetProgramIdx = opts.accountCtx.getAccountIndex(
+    decodeAddress(opts.targetProgramAddress)
+  );
   const validateIx = encodeValidateInstruction({
     walletAccountIdx: opts.accountCtx.walletAccountIdx,
-    authIdx: 0,
+    authIdx: opts.authIdx ?? 0,
+    targetInstruction: {
+      programIdx: targetProgramIdx,
+      instructionData: opts.instructionData,
+    },
     signatureR: hexToBytes(opts.signatureR),
     signatureS: hexToBytes(opts.signatureS),
-    authenticatorData: Buffer.from(opts.authenticatorData, 'base64'),
-    clientDataJSON: Buffer.from(opts.clientDataJSON, 'base64'),
+    authenticatorData: base64ToBytes(opts.authenticatorData),
+    clientDataJSON: base64ToBytes(opts.clientDataJSON),
   });
 
-  const instructionData = concatenateInstructions([validateIx, opts.invokeIx]);
   const transaction = await opts.client.transactions.build({
     feePayer: { publicKey: opts.adminPublicKey },
     program: PASSKEY_MANAGER_PROGRAM_ADDRESS,
-    instructionData,
+    instructionData: validateIx,
     accounts: {
       readWrite: opts.accountCtx.readWriteAddresses,
       readOnly: opts.accountCtx.readOnlyAddresses,
@@ -67,7 +96,9 @@ export async function submitPasskeyTransaction(opts: {
   adminPrivateKey: Uint8Array;
   walletAddress: string;
   accountCtx: AccountContext;
-  invokeIx: Uint8Array;
+  targetProgramAddress: string;
+  instructionData: Uint8Array;
+  authIdx?: number;
   header?: PasskeyTransactionHeaderOverrides;
 } & PasskeySignaturePayload): Promise<TransactionResult> {
   return withSerializedFeePayer(opts.adminPublicKey, async () => {

package/src/server/types.ts

@@ -1,5 +1,5 @@
-import type { AccountContext } from '@thru/passkey-manager';
-import type { TransactionHeaderConfig } from '@thru/thru-sdk';
+import type { AccountContext } from '@thru/programs/passkey-manager';
+import type { TransactionHeaderConfig } from '@thru/sdk';
 
 export type PasskeyTransactionHeaderOverrides = TransactionHeaderConfig;
 
@@ -79,5 +79,7 @@ export interface PasskeyChallengeResult {
 
 export interface PasskeyContextResult {
   accountCtx: AccountContext;
-  invokeIx: Uint8Array;
+  targetProgramAddress: string;
+  instructionData: Uint8Array;
+  authIdx?: number;
 }

package/src/server/utils.ts

@@ -1,4 +1,4 @@
-import { encodeAddress } from '@thru/helpers';
+import { encodeAddress } from '@thru/sdk/helpers';
 import type { ThruClient, TransactionResult } from './types';
 
 const feePayerQueueSymbol = Symbol.for('thru.sharedFeePayerQueues');

package/src/sign.ts

@@ -6,6 +6,7 @@ import type {
   PasskeyPopupContext,
   PasskeyPopupSigningResult,
   PasskeyPopupStoredSigningResult,
+  PasskeyStoredSigningOptions,
 } from './types';
 import {
   arrayBufferToBase64Url,
@@ -14,7 +15,7 @@ import {
   base64UrlToBytes,
   parseDerSignature,
   normalizeLowS,
-} from '@thru/passkey-manager';
+} from '@thru/programs/passkey-manager';
 import {
   isWebAuthnSupported,
   getPasskeyPromptMode,
@@ -23,7 +24,11 @@ import {
   shouldFallbackToPopup,
   type PasskeyPromptAction,
 } from './capabilities';
-import { requestPasskeyPopup, openPasskeyPopupWindow, closePopup } from './popup';
+import {
+  requestPasskeyPopup,
+  openPasskeyPopupWindow,
+  closePopup,
+} from './popup';
 
 /**
  * Sign a challenge with an existing passkey (by credential ID).
@@ -40,7 +45,8 @@ export async function signWithPasskey(
   return runWithPromptMode(
     'get',
     () => signWithPasskeyInline(credentialId, challenge, rpId),
-    (preopenedPopup) => signWithPasskeyViaPopup(credentialId, challenge, rpId, preopenedPopup)
+    (preopenedPopup) =>
+      signWithPasskeyViaPopup(credentialId, challenge, rpId, preopenedPopup)
   );
 }
 
@@ -52,16 +58,31 @@ export async function signWithStoredPasskey(
   rpId: string,
   preferredPasskey: PasskeyMetadata | null,
   allPasskeys: PasskeyMetadata[],
-  context?: PasskeyPopupContext
+  context?: PasskeyPopupContext,
+  options: PasskeyStoredSigningOptions = {}
 ): Promise<PasskeyStoredSigningResult> {
   if (!isWebAuthnSupported()) {
     throw new Error('WebAuthn is not supported in this browser');
   }
 
-  const preopenedPopup = maybePreopenPopup('get', openPasskeyPopupWindow);
-  const promptMode = await getPasskeyPromptMode('get');
+  const allowPopupFallback = options.allowPopupFallback ?? true;
+  const preopenedPopup = allowPopupFallback
+    ? maybePreopenPopup('get', openPasskeyPopupWindow)
+    : null;
+  const promptMode = allowPopupFallback
+    ? await getPasskeyPromptMode('get')
+    : 'inline';
   const storedPasskey = preferredPasskey;
-  const canUsePopup = isInIframe();
+  const canUsePopup = allowPopupFallback && isInIframe();
+
+  if (options.preferDiscoverable) {
+    closePopup(preopenedPopup);
+    return signWithDiscoverableStoredPasskey(
+      challenge,
+      storedPasskey?.rpId ?? rpId,
+      allPasskeys
+    );
+  }
 
   if (promptMode === 'popup' || (canUsePopup && !storedPasskey)) {
     return requestStoredPasskeyPopup(challenge, preopenedPopup, context);
@@ -71,37 +92,29 @@ export async function signWithStoredPasskey(
 
   try {
     if (storedPasskey) {
-      const result = await signWithPasskeyInline(
-        storedPasskey.credentialId,
-        challenge,
-        storedPasskey.rpId
-      );
-      return {
-        ...result,
-        passkey: storedPasskey,
-      };
+      try {
+        const result = await signWithPasskeyInline(
+          storedPasskey.credentialId,
+          challenge,
+          storedPasskey.rpId
+        );
+        return {
+          ...result,
+          passkey: storedPasskey,
+        };
+      } catch (error) {
+        if (!shouldFallbackToDiscoverable(error)) {
+          throw error;
+        }
+        return signWithDiscoverableStoredPasskey(
+          challenge,
+          storedPasskey.rpId,
+          allPasskeys
+        );
+      }
     }
 
-    const discoverable = await signWithDiscoverablePasskey(challenge, rpId);
-    const matchingPasskey = allPasskeys.find(p => p.credentialId === discoverable.credentialId) ?? null;
-    const now = new Date().toISOString();
-    const passkey = matchingPasskey ?? {
-      credentialId: discoverable.credentialId,
-      publicKeyX: '',
-      publicKeyY: '',
-      rpId: discoverable.rpId,
-      createdAt: now,
-      lastUsedAt: now,
-    };
-
-    return {
-      signature: discoverable.signature,
-      authenticatorData: discoverable.authenticatorData,
-      clientDataJSON: discoverable.clientDataJSON,
-      signatureR: discoverable.signatureR,
-      signatureS: discoverable.signatureS,
-      passkey,
-    };
+    return signWithDiscoverableStoredPasskey(challenge, rpId, allPasskeys);
   } catch (error) {
     if (canUsePopup && shouldFallbackToPopup(error)) {
       return requestStoredPasskeyPopup(challenge, undefined, context);
@@ -111,6 +124,66 @@ export async function signWithStoredPasskey(
   }
 }
 
+async function signWithDiscoverableStoredPasskey(
+  challenge: Uint8Array,
+  rpId: string,
+  allPasskeys: PasskeyMetadata[]
+): Promise<PasskeyStoredSigningResult> {
+  const discoverable = await signWithDiscoverablePasskey(challenge, rpId);
+  const matchingPasskey =
+    allPasskeys.find((p) => p.credentialId === discoverable.credentialId) ??
+    null;
+  const now = new Date().toISOString();
+  const passkey = matchingPasskey ?? {
+    credentialId: discoverable.credentialId,
+    publicKeyX: '',
+    publicKeyY: '',
+    rpId: discoverable.rpId,
+    createdAt: now,
+    lastUsedAt: now,
+  };
+
+  return {
+    signature: discoverable.signature,
+    authenticatorData: discoverable.authenticatorData,
+    clientDataJSON: discoverable.clientDataJSON,
+    signatureR: discoverable.signatureR,
+    signatureS: discoverable.signatureS,
+    authenticatorAttachment: discoverable.authenticatorAttachment,
+    passkey,
+  };
+}
+
+function shouldFallbackToDiscoverable(error: unknown): boolean {
+  const name =
+    error && typeof error === 'object' && 'name' in error
+      ? String((error as { name?: unknown }).name)
+      : '';
+  const message =
+    error && typeof error === 'object' && 'message' in error
+      ? String((error as { message?: unknown }).message)
+      : '';
+  const normalized = `${name} ${message}`.toLowerCase();
+
+  if (
+    normalized.includes('user rejected') ||
+    normalized.includes('user canceled') ||
+    normalized.includes('user cancelled')
+  ) {
+    return false;
+  }
+
+  return (
+    normalized.includes('notallowederror') ||
+    normalized.includes('invalidstateerror') ||
+    normalized.includes('notfounderror') ||
+    normalized.includes('not found') ||
+    normalized.includes('no passkey') ||
+    normalized.includes('no credential') ||
+    normalized.includes('saved for this app')
+  );
+}
+
 /**
  * Sign with a discoverable passkey (no credential ID - browser prompts user to select).
  */
@@ -133,6 +206,7 @@ export async function signWithDiscoverablePasskey(
     signatureS: result.signatureS,
     credentialId: result.credentialId,
     rpId: resolvedRpId,
+    authenticatorAttachment: result.authenticatorAttachment,
   };
 }
 
@@ -173,6 +247,7 @@ async function signWithPasskeyInline(
     clientDataJSON: result.clientDataJSON,
     signatureR: result.signatureR,
     signatureS: result.signatureS,
+    authenticatorAttachment: result.authenticatorAttachment,
   };
 }
 
@@ -214,6 +289,17 @@ async function signWithPasskeyAssertion(
   let { r, s } = parseDerSignature(signature);
   s = normalizeLowS(s);
 
+  /* `authenticatorAttachment` distinguishes a same-device passkey
+     ('platform') from a cross-device one signed via QR / hybrid
+     transport ('cross-platform'). Drives the wallet's add-device
+     prompt. Browsers may report null. */
+  const rawAttachment =
+    (
+      assertion as PublicKeyCredential & {
+        authenticatorAttachment?: AuthenticatorAttachment | null;
+      }
+    ).authenticatorAttachment ?? null;
+
   return {
     signature: new Uint8Array([...r, ...s]),
     authenticatorData: new Uint8Array(response.authenticatorData),
@@ -221,6 +307,7 @@ async function signWithPasskeyAssertion(
     signatureR: r,
     signatureS: s,
     credentialId: arrayBufferToBase64Url(assertion.rawId),
+    authenticatorAttachment: rawAttachment,
   };
 }
 
@@ -259,13 +346,16 @@ async function requestStoredPasskeyPopup(
   return decodePopupStoredSigningResult(result);
 }
 
-function decodePopupSigningResult(result: PasskeyPopupSigningResult): PasskeySigningResult {
+function decodePopupSigningResult(
+  result: PasskeyPopupSigningResult
+): PasskeySigningResult {
   return {
     signature: base64UrlToBytes(result.signatureBase64Url),
     authenticatorData: base64UrlToBytes(result.authenticatorDataBase64Url),
     clientDataJSON: base64UrlToBytes(result.clientDataJSONBase64Url),
     signatureR: base64UrlToBytes(result.signatureRBase64Url),
     signatureS: base64UrlToBytes(result.signatureSBase64Url),
+    authenticatorAttachment: result.authenticatorAttachment ?? null,
   };
 }
 

package/src/types.ts

@@ -1,4 +1,4 @@
-import type { PasskeySigningResult, PasskeyMetadata } from '@thru/passkey-manager';
+import type { PasskeySigningResult, PasskeyMetadata } from '@thru/programs/passkey-manager';
 
 // Re-export platform-agnostic types for backward compatibility
 export type {
@@ -6,7 +6,7 @@ export type {
   PasskeySigningResult,
   PasskeyDiscoverableSigningResult,
   PasskeyMetadata,
-} from '@thru/passkey-manager';
+} from '@thru/programs/passkey-manager';
 
 /**
  * Signing result with stored passkey metadata attached.
@@ -44,6 +44,25 @@ export interface PasskeyPopupContext {
   imageUrl?: string;
 }
 
+/**
+ * Options for stored passkey signing in embedded contexts.
+ */
+export interface PasskeyStoredSigningOptions {
+  allowPopupFallback?: boolean;
+  /** Prefer an RP-scoped discoverable credential prompt over a stored
+   * credential-id lookup. Native WebViews can show misleading
+   * app-level "no passkey" UI when allowCredentials is stale, while a
+   * discoverable prompt correctly lets the wallet/RP choose the passkey. */
+  preferDiscoverable?: boolean;
+}
+
+/**
+ * Options for passkey registration in embedded contexts.
+ */
+export interface PasskeyRegistrationOptions {
+  allowPopupFallback?: boolean;
+}
+
 /**
  * Account info passed through popup bridge.
  */
@@ -95,6 +114,7 @@ export interface PasskeyPopupSigningResult {
   clientDataJSONBase64Url: string;
   signatureRBase64Url: string;
   signatureSBase64Url: string;
+  authenticatorAttachment?: 'platform' | 'cross-platform' | null;
 }
 
 export interface PasskeyPopupStoredPasskey {
@@ -103,6 +123,10 @@ export interface PasskeyPopupStoredPasskey {
   publicKeyY: string;
   rpId: string;
   label?: string;
+  deviceName?: string;
+  devicePlatform?: string;
+  browserName?: string;
+  authenticatorAttachment?: 'platform' | 'cross-platform' | null;
   createdAt: string;
   lastUsedAt: string;
 }
@@ -117,6 +141,7 @@ export interface PasskeyPopupRegistrationResult {
   publicKeyX: string;
   publicKeyY: string;
   rpId: string;
+  authenticatorAttachment?: 'platform' | 'cross-platform' | null;
 }
 
 export type PasskeyPopupResponse =

package/src/web.ts

@@ -7,9 +7,13 @@ export type {
   PasskeyClientCapabilities,
   PasskeyPopupContext,
   PasskeyPopupAccount,
+  PasskeyStoredSigningOptions,
+  PasskeyRegistrationOptions,
 } from './types';
 
 export { registerPasskey } from './register';
+export { createDistinctPasskeyLabel } from './label';
+export type { DistinctPasskeyLabelOptions } from './label';
 
 export {
   signWithPasskey,
@@ -25,7 +29,7 @@ export {
   P256_HALF_N,
   bytesToBigIntBE,
   bigIntToBytesBE,
-} from '@thru/passkey-manager';
+} from '@thru/programs/passkey-manager';
 
 export {
   isWebAuthnSupported,
@@ -48,4 +52,4 @@ export {
   bytesEqual,
   compareBytes,
   uniqueAccounts,
-} from '@thru/passkey-manager';
+} from '@thru/programs/passkey-manager';

package/tsconfig.json

@@ -4,9 +4,10 @@
     "outDir": "./dist",
     "rootDir": "..",
     "baseUrl": ".",
+    "ignoreDeprecations": "6.0",
     "paths": {
-      "@thru/helpers": ["../helpers/src/index.ts"],
-      "@thru/passkey-manager": ["../passkey-manager/src/index.ts"]
+      "@thru/sdk/helpers": ["../sdk/src/helpers/index.ts"],
+      "@thru/programs/passkey-manager": ["../programs/src/passkey-manager/index.ts"]
     }
   },
   "include": ["src/**/*"],

package/tsup.config.ts

@@ -8,6 +8,7 @@ export default defineConfig({
     popup: 'src/popup-entry.ts',
     mobile: 'src/mobile/index.ts',
     auth: 'src/auth/index.ts',
+    'auth/add-device': 'src/auth/add-device.ts',
     server: 'src/server/index.ts',
   },
   external: ['expo-secure-store', 'react-native', 'react-native-passkeys', 'zustand'],