@thru/programs 0.2.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/README.md +168 -0
  2. package/dist/passkey-manager/index.cjs +7364 -0
  3. package/dist/passkey-manager/index.cjs.map +1 -0
  4. package/dist/passkey-manager/index.d.cts +319 -0
  5. package/dist/passkey-manager/index.d.ts +319 -0
  6. package/dist/passkey-manager/index.js +7303 -0
  7. package/dist/passkey-manager/index.js.map +1 -0
  8. package/dist/token/index.cjs +7130 -0
  9. package/dist/token/index.cjs.map +1 -0
  10. package/dist/token/index.d.cts +1264 -0
  11. package/dist/token/index.d.ts +1264 -0
  12. package/dist/token/index.js +7102 -0
  13. package/dist/token/index.js.map +1 -0
  14. package/package.json +29 -0
  15. package/src/passkey-manager/abi/thru/blockchain/state_proof/types.ts +1667 -0
  16. package/src/passkey-manager/abi/thru/common/primitives/types.ts +2191 -0
  17. package/src/passkey-manager/abi/thru/program/passkey_manager/types.ts +4977 -0
  18. package/src/passkey-manager/accounts.ts +142 -0
  19. package/src/passkey-manager/authority.ts +148 -0
  20. package/src/passkey-manager/challenge.ts +39 -0
  21. package/src/passkey-manager/constants.ts +15 -0
  22. package/src/passkey-manager/context.ts +112 -0
  23. package/src/passkey-manager/crypto.ts +80 -0
  24. package/src/passkey-manager/encoding.ts +85 -0
  25. package/src/passkey-manager/index.ts +99 -0
  26. package/src/passkey-manager/instructions/add-authority.ts +21 -0
  27. package/src/passkey-manager/instructions/create.ts +54 -0
  28. package/src/passkey-manager/instructions/invoke.ts +25 -0
  29. package/src/passkey-manager/instructions/register-credential.ts +33 -0
  30. package/src/passkey-manager/instructions/remove-authority.ts +20 -0
  31. package/src/passkey-manager/instructions/shared.ts +12 -0
  32. package/src/passkey-manager/instructions/transfer.ts +30 -0
  33. package/src/passkey-manager/instructions/validate.ts +33 -0
  34. package/src/passkey-manager/seeds.ts +73 -0
  35. package/src/passkey-manager/types.ts +112 -0
  36. package/src/token/abi/thru/blockchain/state_proof/types.ts +1667 -0
  37. package/src/token/abi/thru/common/primitives/types.ts +1141 -0
  38. package/src/token/abi/thru/program/token/types.ts +6303 -0
  39. package/src/token/accounts.ts +72 -0
  40. package/src/token/constants.ts +3 -0
  41. package/src/token/derivation.ts +78 -0
  42. package/src/token/format.ts +24 -0
  43. package/src/token/index.ts +46 -0
  44. package/src/token/instructions/index.ts +5 -0
  45. package/src/token/instructions/initialize-account.ts +27 -0
  46. package/src/token/instructions/initialize-mint.ts +76 -0
  47. package/src/token/instructions/mint-to.ts +26 -0
  48. package/src/token/instructions/shared.ts +20 -0
  49. package/src/token/instructions/transfer.ts +24 -0
  50. package/src/token/types.ts +54 -0
  51. package/tsconfig.json +9 -0
  52. package/tsup.config.ts +13 -0
@@ -0,0 +1,319 @@
1
+ export { decodeAddress, encodeAddress } from '@thru/sdk/helpers';
2
+
3
+ declare const PASSKEY_MANAGER_PROGRAM_ADDRESS = "taUDdQyFxvM5i0HFRkEK3W45kWLyblAHSnMg4zplgUnz6Z";
4
+ declare const INSTRUCTION_CREATE = 0;
5
+ declare const INSTRUCTION_VALIDATE = 1;
6
+ declare const INSTRUCTION_TRANSFER = 2;
7
+ declare const INSTRUCTION_INVOKE = 3;
8
+ declare const INSTRUCTION_ADD_AUTHORITY = 4;
9
+ declare const INSTRUCTION_REMOVE_AUTHORITY = 5;
10
+ declare const INSTRUCTION_REGISTER_CREDENTIAL = 6;
11
+ declare const AUTHORITY_TAG_PASSKEY = 1;
12
+ declare const AUTHORITY_TAG_PUBKEY = 2;
13
+
14
+ /**
15
+ * Result of passkey registration (credential creation).
16
+ */
17
+ interface PasskeyRegistrationResult {
18
+ credentialId: string;
19
+ publicKeyX: string;
20
+ publicKeyY: string;
21
+ rpId: string;
22
+ authenticatorAttachment?: 'platform' | 'cross-platform' | null;
23
+ }
24
+ /**
25
+ * Result of passkey signing (assertion).
26
+ */
27
+ interface PasskeySigningResult {
28
+ signature: Uint8Array;
29
+ authenticatorData: Uint8Array;
30
+ clientDataJSON: Uint8Array;
31
+ signatureR: Uint8Array;
32
+ signatureS: Uint8Array;
33
+ /** WebAuthn authenticator attachment, if surfaced by the browser:
34
+ * - 'platform': built-in / passkey on this device
35
+ * - 'cross-platform': e.g. signed in via QR using another device
36
+ * Used by the wallet to decide whether to offer "add this device". */
37
+ authenticatorAttachment?: 'platform' | 'cross-platform' | null;
38
+ }
39
+ /**
40
+ * Signing result with discoverable credential info.
41
+ */
42
+ interface PasskeyDiscoverableSigningResult extends PasskeySigningResult {
43
+ credentialId: string;
44
+ rpId: string;
45
+ }
46
+ /**
47
+ * Passkey metadata stored locally (the actual private key lives in the device's secure enclave).
48
+ */
49
+ interface PasskeyMetadata {
50
+ credentialId: string;
51
+ publicKeyX: string;
52
+ publicKeyY: string;
53
+ rpId: string;
54
+ /** On-chain passkey authority index for this wallet account.
55
+ * Omitted for the primary authority, which defaults to index 0. */
56
+ authIdx?: number;
57
+ label?: string;
58
+ deviceName?: string;
59
+ devicePlatform?: string;
60
+ browserName?: string;
61
+ authenticatorAttachment?: 'platform' | 'cross-platform' | null;
62
+ createdAt: string;
63
+ lastUsedAt: string;
64
+ }
65
+ type Authority = {
66
+ tag: 1;
67
+ pubkeyX: Uint8Array;
68
+ pubkeyY: Uint8Array;
69
+ } | {
70
+ tag: 2;
71
+ pubkey: Uint8Array;
72
+ };
73
+ interface CreateInstructionParams {
74
+ walletAccountIdx: number;
75
+ authority: Authority;
76
+ seed: Uint8Array;
77
+ stateProof: Uint8Array;
78
+ }
79
+ interface TransferInstructionParams {
80
+ walletAccountIdx: number;
81
+ toAccountIdx: number;
82
+ amount: bigint;
83
+ }
84
+ interface ValidateInstructionParams {
85
+ walletAccountIdx: number;
86
+ authIdx: number;
87
+ signatureR: Uint8Array;
88
+ signatureS: Uint8Array;
89
+ authenticatorData: Uint8Array;
90
+ clientDataJSON: Uint8Array;
91
+ }
92
+ interface AccountContext {
93
+ readWriteAddresses: string[];
94
+ readOnlyAddresses: string[];
95
+ accountAddresses: string[];
96
+ walletAccountIdx: number;
97
+ getAccountIndex: (pubkey: Uint8Array) => number;
98
+ }
99
+ interface RegisterCredentialInstructionParams {
100
+ walletAccountIdx: number;
101
+ lookupAccountIdx: number;
102
+ seed: Uint8Array;
103
+ stateProof: Uint8Array;
104
+ }
105
+ type WalletSigner = {
106
+ signTransaction: (payloadBase64: string) => Promise<string>;
107
+ };
108
+ type TransactionExecutionSummary = {
109
+ executionResult?: bigint | number | null;
110
+ userErrorCode?: bigint | number | null;
111
+ vmError?: number | string | bigint | null;
112
+ };
113
+
114
+ declare function encodeCreateInstruction(params: CreateInstructionParams): Uint8Array;
115
+
116
+ declare function encodeValidateInstruction(params: ValidateInstructionParams): Uint8Array;
117
+
118
+ declare function encodeTransferInstruction(params: TransferInstructionParams): Uint8Array;
119
+
120
+ declare function encodeInvokeInstruction(programPubkey: Uint8Array, instruction: Uint8Array): Uint8Array;
121
+
122
+ declare function encodeAddAuthorityInstruction(params: {
123
+ authority: Authority;
124
+ }): Uint8Array;
125
+
126
+ declare function encodeRemoveAuthorityInstruction(params: {
127
+ authIdx: number;
128
+ }): Uint8Array;
129
+
130
+ declare function encodeRegisterCredentialInstruction(params: RegisterCredentialInstructionParams): Uint8Array;
131
+
132
+ declare function concatenateInstructions(instructions: Uint8Array[]): Uint8Array;
133
+
134
+ /**
135
+ * Create challenge for VALIDATE instruction.
136
+ * SHA256(nonce || account_0 || account_1 || ... || trailing_instruction_bytes)
137
+ */
138
+ declare function createValidateChallenge(nonce: bigint, accountAddresses: string[], trailingInstructionData: Uint8Array): Promise<Uint8Array>;
139
+
140
+ /**
141
+ * Create a 32-byte seed from wallet name and passkey coordinates.
142
+ * SHA-256(walletName || pubkey_x || pubkey_y)
143
+ */
144
+ declare function createWalletSeed(walletName: string, pubkeyX: Uint8Array, pubkeyY: Uint8Array): Promise<Uint8Array>;
145
+ /**
146
+ * Derive wallet account address from seed using proper PDA derivation.
147
+ * SHA256(program_address || is_ephemeral || seed)
148
+ */
149
+ declare function deriveWalletAddress(seed: Uint8Array, programAddress: string): Promise<Uint8Array>;
150
+ /**
151
+ * Create a 32-byte seed for a credential lookup PDA.
152
+ * SHA-256(credentialId)
153
+ */
154
+ declare function createCredentialLookupSeed(credentialId: Uint8Array): Promise<Uint8Array>;
155
+ /**
156
+ * Derive credential lookup PDA address from a credential ID.
157
+ * Convenience wrapper: deriveWalletAddress(SHA-256(credentialId), programAddress)
158
+ */
159
+ declare function deriveCredentialLookupAddress(credentialId: Uint8Array, programAddress: string): Promise<Uint8Array>;
160
+
161
+ /**
162
+ * Default fee payer address (manager profile).
163
+ */
164
+ declare const FEE_PAYER_ADDRESS = "taVcZv3wB2m-euBpMHm2rF9fQRY_fO_g7WdOjs70CxDh_S";
165
+ /**
166
+ * Build account context for passkey manager transactions.
167
+ * Handles account deduplication, sorting, and index lookup.
168
+ */
169
+ declare function buildAccountContext(params: {
170
+ walletAddress: string;
171
+ readWriteAccounts: Uint8Array[];
172
+ readOnlyAccounts: Uint8Array[];
173
+ feePayerAddress?: string;
174
+ programAddress?: string;
175
+ }): AccountContext;
176
+ /**
177
+ * Build read-write accounts list for passkey manager transactions (simpler wallet-only version).
178
+ */
179
+ declare function buildPasskeyReadWriteAccounts(userAccounts: Uint8Array[], feePayerPublicKey: Uint8Array, programAddress: Uint8Array): {
180
+ readWriteAddresses: string[];
181
+ findAccountIndex: (target: Uint8Array) => number;
182
+ };
183
+
184
+ /**
185
+ * Parse wallet account data to extract nonce.
186
+ */
187
+ declare function parseWalletNonce(data: Uint8Array): bigint;
188
+ /**
189
+ * Fetch wallet nonce from the chain.
190
+ * Takes an SDK-like object with accounts.get() method.
191
+ */
192
+ declare function fetchWalletNonce(sdk: {
193
+ accounts: {
194
+ get: (address: string) => Promise<{
195
+ data?: {
196
+ data?: Uint8Array;
197
+ };
198
+ }>;
199
+ };
200
+ }, walletAddress: string): Promise<bigint>;
201
+ type ParsedAuthority = {
202
+ idx: number;
203
+ kind: 'passkey';
204
+ x: Uint8Array;
205
+ y: Uint8Array;
206
+ } | {
207
+ idx: number;
208
+ kind: 'pubkey';
209
+ pubkey: Uint8Array;
210
+ } | {
211
+ idx: number;
212
+ kind: 'unknown';
213
+ tag: number;
214
+ data: Uint8Array;
215
+ };
216
+ interface WalletAuthorities {
217
+ nonce: bigint;
218
+ authorities: ParsedAuthority[];
219
+ }
220
+ /**
221
+ * Parse the on-chain WalletAccount data buffer into its nonce and full
222
+ * authority list. The on-chain layout is:
223
+ *
224
+ * num_auth: u8
225
+ * nonce: u64 LE
226
+ * authorities[num_auth + 1]: { tag: u8, data: [u8; 64] }
227
+ *
228
+ * (`num_auth + 1` because num_auth stores the count minus one.)
229
+ */
230
+ declare function parseWalletAuthorities(data: Uint8Array): WalletAuthorities;
231
+ /**
232
+ * Encode a 32-byte pubkey to its base58 wallet address representation.
233
+ */
234
+ declare function formatAuthorityPubkey(pubkey: Uint8Array): string;
235
+ /**
236
+ * Parse a CredentialLookup account and return the wallet account pubkey
237
+ * stored inside it.
238
+ */
239
+ declare function parseCredentialLookupWallet(data: Uint8Array): Uint8Array | null;
240
+
241
+ interface PasskeyAuthorityIdentity {
242
+ publicKeyX?: string | null;
243
+ publicKeyY?: string | null;
244
+ }
245
+ interface CheckablePasskeyAuthorityIdentity {
246
+ publicKeyX: string;
247
+ publicKeyY: string;
248
+ }
249
+ interface AccountLike {
250
+ data?: {
251
+ data?: Uint8Array;
252
+ };
253
+ }
254
+ interface ThruAccountClient {
255
+ accounts: {
256
+ get(address: string): Promise<AccountLike>;
257
+ };
258
+ }
259
+ interface PasskeyAuthorityTarget<T> {
260
+ account: T;
261
+ walletAddress: string;
262
+ authIdx: number;
263
+ authorities: ParsedAuthority[];
264
+ }
265
+ interface PreparePasskeyAuthorityTargetsOptions<T> {
266
+ accounts: T[];
267
+ passkey?: PasskeyAuthorityIdentity | null;
268
+ thru: ThruAccountClient;
269
+ getWalletAddress: (account: T) => string;
270
+ concurrency?: number;
271
+ }
272
+ declare function isPasskeyAuthorityCheckable(passkey: PasskeyAuthorityIdentity | null | undefined): passkey is CheckablePasskeyAuthorityIdentity;
273
+ declare function findPasskeyAuthorityIndexForIdentity(authorities: ParsedAuthority[], passkey: PasskeyAuthorityIdentity | null | undefined): number | null;
274
+ declare function findPasskeyAuthorityIndexInWalletData(walletData: Uint8Array, passkey: PasskeyAuthorityIdentity | null | undefined): {
275
+ authIdx: number;
276
+ authorities: ParsedAuthority[];
277
+ } | null;
278
+ declare function resolvePasskeyAuthorityIndex(params: {
279
+ thru: ThruAccountClient;
280
+ walletAddress: string;
281
+ passkey?: PasskeyAuthorityIdentity | null;
282
+ }): Promise<number | null>;
283
+ declare function preparePasskeyAuthorityTargets<T>({ accounts, passkey, thru, getWalletAddress, concurrency, }: PreparePasskeyAuthorityTargetsOptions<T>): Promise<PasskeyAuthorityTarget<T>[]>;
284
+
285
+ /**
286
+ * P-256 curve order and half-order for low-S normalization.
287
+ */
288
+ declare const P256_N = 115792089210356248762697446949407573529996955224135760342422259061068512044369n;
289
+ declare const P256_HALF_N: bigint;
290
+ /**
291
+ * Parse DER-encoded ECDSA signature to get r and s components.
292
+ */
293
+ declare function parseDerSignature(der: Uint8Array): {
294
+ r: Uint8Array;
295
+ s: Uint8Array;
296
+ };
297
+ /**
298
+ * Ensure S is in the lower half of the curve order (BIP-62 / SEC1 compliance).
299
+ */
300
+ declare function normalizeLowS(s: Uint8Array): Uint8Array;
301
+ /**
302
+ * Normalize signature component to exactly 32 bytes.
303
+ */
304
+ declare function normalizeSignatureComponent(component: Uint8Array): Uint8Array;
305
+ declare function bytesToBigIntBE(bytes: Uint8Array): bigint;
306
+ declare function bigIntToBytesBE(value: bigint, length: number): Uint8Array;
307
+
308
+ declare function arrayBufferToBase64Url(buffer: ArrayBuffer | SharedArrayBuffer): string;
309
+ declare function base64UrlToArrayBuffer(base64Url: string): ArrayBuffer;
310
+ declare function bytesToBase64Url(bytes: Uint8Array): string;
311
+ declare function bytesToBase64(bytes: Uint8Array): string;
312
+ declare function base64UrlToBytes(base64Url: string): Uint8Array;
313
+ declare function bytesToHex(bytes: Uint8Array): string;
314
+ declare function hexToBytes(hex: string): Uint8Array;
315
+ declare function bytesEqual(a: Uint8Array, b: Uint8Array): boolean;
316
+ declare function compareBytes(a: Uint8Array, b: Uint8Array): number;
317
+ declare function uniqueAccounts(accounts: Uint8Array[]): Uint8Array[];
318
+
319
+ export { AUTHORITY_TAG_PASSKEY, AUTHORITY_TAG_PUBKEY, type AccountContext, type Authority, type CheckablePasskeyAuthorityIdentity, type CreateInstructionParams, FEE_PAYER_ADDRESS, INSTRUCTION_ADD_AUTHORITY, INSTRUCTION_CREATE, INSTRUCTION_INVOKE, INSTRUCTION_REGISTER_CREDENTIAL, INSTRUCTION_REMOVE_AUTHORITY, INSTRUCTION_TRANSFER, INSTRUCTION_VALIDATE, P256_HALF_N, P256_N, PASSKEY_MANAGER_PROGRAM_ADDRESS, type ParsedAuthority, type PasskeyAuthorityIdentity, type PasskeyAuthorityTarget, type PasskeyDiscoverableSigningResult, type PasskeyMetadata, type PasskeyRegistrationResult, type PasskeySigningResult, type PreparePasskeyAuthorityTargetsOptions, type RegisterCredentialInstructionParams, type TransactionExecutionSummary, type TransferInstructionParams, type ValidateInstructionParams, type WalletAuthorities, type WalletSigner, arrayBufferToBase64Url, base64UrlToArrayBuffer, base64UrlToBytes, bigIntToBytesBE, buildAccountContext, buildPasskeyReadWriteAccounts, bytesEqual, bytesToBase64, bytesToBase64Url, bytesToBigIntBE, bytesToHex, compareBytes, concatenateInstructions, createCredentialLookupSeed, createValidateChallenge, createWalletSeed, deriveCredentialLookupAddress, deriveWalletAddress, encodeAddAuthorityInstruction, encodeCreateInstruction, encodeInvokeInstruction, encodeRegisterCredentialInstruction, encodeRemoveAuthorityInstruction, encodeTransferInstruction, encodeValidateInstruction, fetchWalletNonce, findPasskeyAuthorityIndexForIdentity, findPasskeyAuthorityIndexInWalletData, formatAuthorityPubkey, hexToBytes, isPasskeyAuthorityCheckable, normalizeLowS, normalizeSignatureComponent, parseCredentialLookupWallet, parseDerSignature, parseWalletAuthorities, parseWalletNonce, preparePasskeyAuthorityTargets, resolvePasskeyAuthorityIndex, uniqueAccounts };
@@ -0,0 +1,319 @@
1
+ export { decodeAddress, encodeAddress } from '@thru/sdk/helpers';
2
+
3
+ declare const PASSKEY_MANAGER_PROGRAM_ADDRESS = "taUDdQyFxvM5i0HFRkEK3W45kWLyblAHSnMg4zplgUnz6Z";
4
+ declare const INSTRUCTION_CREATE = 0;
5
+ declare const INSTRUCTION_VALIDATE = 1;
6
+ declare const INSTRUCTION_TRANSFER = 2;
7
+ declare const INSTRUCTION_INVOKE = 3;
8
+ declare const INSTRUCTION_ADD_AUTHORITY = 4;
9
+ declare const INSTRUCTION_REMOVE_AUTHORITY = 5;
10
+ declare const INSTRUCTION_REGISTER_CREDENTIAL = 6;
11
+ declare const AUTHORITY_TAG_PASSKEY = 1;
12
+ declare const AUTHORITY_TAG_PUBKEY = 2;
13
+
14
+ /**
15
+ * Result of passkey registration (credential creation).
16
+ */
17
+ interface PasskeyRegistrationResult {
18
+ credentialId: string;
19
+ publicKeyX: string;
20
+ publicKeyY: string;
21
+ rpId: string;
22
+ authenticatorAttachment?: 'platform' | 'cross-platform' | null;
23
+ }
24
+ /**
25
+ * Result of passkey signing (assertion).
26
+ */
27
+ interface PasskeySigningResult {
28
+ signature: Uint8Array;
29
+ authenticatorData: Uint8Array;
30
+ clientDataJSON: Uint8Array;
31
+ signatureR: Uint8Array;
32
+ signatureS: Uint8Array;
33
+ /** WebAuthn authenticator attachment, if surfaced by the browser:
34
+ * - 'platform': built-in / passkey on this device
35
+ * - 'cross-platform': e.g. signed in via QR using another device
36
+ * Used by the wallet to decide whether to offer "add this device". */
37
+ authenticatorAttachment?: 'platform' | 'cross-platform' | null;
38
+ }
39
+ /**
40
+ * Signing result with discoverable credential info.
41
+ */
42
+ interface PasskeyDiscoverableSigningResult extends PasskeySigningResult {
43
+ credentialId: string;
44
+ rpId: string;
45
+ }
46
+ /**
47
+ * Passkey metadata stored locally (the actual private key lives in the device's secure enclave).
48
+ */
49
+ interface PasskeyMetadata {
50
+ credentialId: string;
51
+ publicKeyX: string;
52
+ publicKeyY: string;
53
+ rpId: string;
54
+ /** On-chain passkey authority index for this wallet account.
55
+ * Omitted for the primary authority, which defaults to index 0. */
56
+ authIdx?: number;
57
+ label?: string;
58
+ deviceName?: string;
59
+ devicePlatform?: string;
60
+ browserName?: string;
61
+ authenticatorAttachment?: 'platform' | 'cross-platform' | null;
62
+ createdAt: string;
63
+ lastUsedAt: string;
64
+ }
65
+ type Authority = {
66
+ tag: 1;
67
+ pubkeyX: Uint8Array;
68
+ pubkeyY: Uint8Array;
69
+ } | {
70
+ tag: 2;
71
+ pubkey: Uint8Array;
72
+ };
73
+ interface CreateInstructionParams {
74
+ walletAccountIdx: number;
75
+ authority: Authority;
76
+ seed: Uint8Array;
77
+ stateProof: Uint8Array;
78
+ }
79
+ interface TransferInstructionParams {
80
+ walletAccountIdx: number;
81
+ toAccountIdx: number;
82
+ amount: bigint;
83
+ }
84
+ interface ValidateInstructionParams {
85
+ walletAccountIdx: number;
86
+ authIdx: number;
87
+ signatureR: Uint8Array;
88
+ signatureS: Uint8Array;
89
+ authenticatorData: Uint8Array;
90
+ clientDataJSON: Uint8Array;
91
+ }
92
+ interface AccountContext {
93
+ readWriteAddresses: string[];
94
+ readOnlyAddresses: string[];
95
+ accountAddresses: string[];
96
+ walletAccountIdx: number;
97
+ getAccountIndex: (pubkey: Uint8Array) => number;
98
+ }
99
+ interface RegisterCredentialInstructionParams {
100
+ walletAccountIdx: number;
101
+ lookupAccountIdx: number;
102
+ seed: Uint8Array;
103
+ stateProof: Uint8Array;
104
+ }
105
+ type WalletSigner = {
106
+ signTransaction: (payloadBase64: string) => Promise<string>;
107
+ };
108
+ type TransactionExecutionSummary = {
109
+ executionResult?: bigint | number | null;
110
+ userErrorCode?: bigint | number | null;
111
+ vmError?: number | string | bigint | null;
112
+ };
113
+
114
+ declare function encodeCreateInstruction(params: CreateInstructionParams): Uint8Array;
115
+
116
+ declare function encodeValidateInstruction(params: ValidateInstructionParams): Uint8Array;
117
+
118
+ declare function encodeTransferInstruction(params: TransferInstructionParams): Uint8Array;
119
+
120
+ declare function encodeInvokeInstruction(programPubkey: Uint8Array, instruction: Uint8Array): Uint8Array;
121
+
122
+ declare function encodeAddAuthorityInstruction(params: {
123
+ authority: Authority;
124
+ }): Uint8Array;
125
+
126
+ declare function encodeRemoveAuthorityInstruction(params: {
127
+ authIdx: number;
128
+ }): Uint8Array;
129
+
130
+ declare function encodeRegisterCredentialInstruction(params: RegisterCredentialInstructionParams): Uint8Array;
131
+
132
+ declare function concatenateInstructions(instructions: Uint8Array[]): Uint8Array;
133
+
134
+ /**
135
+ * Create challenge for VALIDATE instruction.
136
+ * SHA256(nonce || account_0 || account_1 || ... || trailing_instruction_bytes)
137
+ */
138
+ declare function createValidateChallenge(nonce: bigint, accountAddresses: string[], trailingInstructionData: Uint8Array): Promise<Uint8Array>;
139
+
140
+ /**
141
+ * Create a 32-byte seed from wallet name and passkey coordinates.
142
+ * SHA-256(walletName || pubkey_x || pubkey_y)
143
+ */
144
+ declare function createWalletSeed(walletName: string, pubkeyX: Uint8Array, pubkeyY: Uint8Array): Promise<Uint8Array>;
145
+ /**
146
+ * Derive wallet account address from seed using proper PDA derivation.
147
+ * SHA256(program_address || is_ephemeral || seed)
148
+ */
149
+ declare function deriveWalletAddress(seed: Uint8Array, programAddress: string): Promise<Uint8Array>;
150
+ /**
151
+ * Create a 32-byte seed for a credential lookup PDA.
152
+ * SHA-256(credentialId)
153
+ */
154
+ declare function createCredentialLookupSeed(credentialId: Uint8Array): Promise<Uint8Array>;
155
+ /**
156
+ * Derive credential lookup PDA address from a credential ID.
157
+ * Convenience wrapper: deriveWalletAddress(SHA-256(credentialId), programAddress)
158
+ */
159
+ declare function deriveCredentialLookupAddress(credentialId: Uint8Array, programAddress: string): Promise<Uint8Array>;
160
+
161
+ /**
162
+ * Default fee payer address (manager profile).
163
+ */
164
+ declare const FEE_PAYER_ADDRESS = "taVcZv3wB2m-euBpMHm2rF9fQRY_fO_g7WdOjs70CxDh_S";
165
+ /**
166
+ * Build account context for passkey manager transactions.
167
+ * Handles account deduplication, sorting, and index lookup.
168
+ */
169
+ declare function buildAccountContext(params: {
170
+ walletAddress: string;
171
+ readWriteAccounts: Uint8Array[];
172
+ readOnlyAccounts: Uint8Array[];
173
+ feePayerAddress?: string;
174
+ programAddress?: string;
175
+ }): AccountContext;
176
+ /**
177
+ * Build read-write accounts list for passkey manager transactions (simpler wallet-only version).
178
+ */
179
+ declare function buildPasskeyReadWriteAccounts(userAccounts: Uint8Array[], feePayerPublicKey: Uint8Array, programAddress: Uint8Array): {
180
+ readWriteAddresses: string[];
181
+ findAccountIndex: (target: Uint8Array) => number;
182
+ };
183
+
184
+ /**
185
+ * Parse wallet account data to extract nonce.
186
+ */
187
+ declare function parseWalletNonce(data: Uint8Array): bigint;
188
+ /**
189
+ * Fetch wallet nonce from the chain.
190
+ * Takes an SDK-like object with accounts.get() method.
191
+ */
192
+ declare function fetchWalletNonce(sdk: {
193
+ accounts: {
194
+ get: (address: string) => Promise<{
195
+ data?: {
196
+ data?: Uint8Array;
197
+ };
198
+ }>;
199
+ };
200
+ }, walletAddress: string): Promise<bigint>;
201
+ type ParsedAuthority = {
202
+ idx: number;
203
+ kind: 'passkey';
204
+ x: Uint8Array;
205
+ y: Uint8Array;
206
+ } | {
207
+ idx: number;
208
+ kind: 'pubkey';
209
+ pubkey: Uint8Array;
210
+ } | {
211
+ idx: number;
212
+ kind: 'unknown';
213
+ tag: number;
214
+ data: Uint8Array;
215
+ };
216
+ interface WalletAuthorities {
217
+ nonce: bigint;
218
+ authorities: ParsedAuthority[];
219
+ }
220
+ /**
221
+ * Parse the on-chain WalletAccount data buffer into its nonce and full
222
+ * authority list. The on-chain layout is:
223
+ *
224
+ * num_auth: u8
225
+ * nonce: u64 LE
226
+ * authorities[num_auth + 1]: { tag: u8, data: [u8; 64] }
227
+ *
228
+ * (`num_auth + 1` because num_auth stores the count minus one.)
229
+ */
230
+ declare function parseWalletAuthorities(data: Uint8Array): WalletAuthorities;
231
+ /**
232
+ * Encode a 32-byte pubkey to its base58 wallet address representation.
233
+ */
234
+ declare function formatAuthorityPubkey(pubkey: Uint8Array): string;
235
+ /**
236
+ * Parse a CredentialLookup account and return the wallet account pubkey
237
+ * stored inside it.
238
+ */
239
+ declare function parseCredentialLookupWallet(data: Uint8Array): Uint8Array | null;
240
+
241
+ interface PasskeyAuthorityIdentity {
242
+ publicKeyX?: string | null;
243
+ publicKeyY?: string | null;
244
+ }
245
+ interface CheckablePasskeyAuthorityIdentity {
246
+ publicKeyX: string;
247
+ publicKeyY: string;
248
+ }
249
+ interface AccountLike {
250
+ data?: {
251
+ data?: Uint8Array;
252
+ };
253
+ }
254
+ interface ThruAccountClient {
255
+ accounts: {
256
+ get(address: string): Promise<AccountLike>;
257
+ };
258
+ }
259
+ interface PasskeyAuthorityTarget<T> {
260
+ account: T;
261
+ walletAddress: string;
262
+ authIdx: number;
263
+ authorities: ParsedAuthority[];
264
+ }
265
+ interface PreparePasskeyAuthorityTargetsOptions<T> {
266
+ accounts: T[];
267
+ passkey?: PasskeyAuthorityIdentity | null;
268
+ thru: ThruAccountClient;
269
+ getWalletAddress: (account: T) => string;
270
+ concurrency?: number;
271
+ }
272
+ declare function isPasskeyAuthorityCheckable(passkey: PasskeyAuthorityIdentity | null | undefined): passkey is CheckablePasskeyAuthorityIdentity;
273
+ declare function findPasskeyAuthorityIndexForIdentity(authorities: ParsedAuthority[], passkey: PasskeyAuthorityIdentity | null | undefined): number | null;
274
+ declare function findPasskeyAuthorityIndexInWalletData(walletData: Uint8Array, passkey: PasskeyAuthorityIdentity | null | undefined): {
275
+ authIdx: number;
276
+ authorities: ParsedAuthority[];
277
+ } | null;
278
+ declare function resolvePasskeyAuthorityIndex(params: {
279
+ thru: ThruAccountClient;
280
+ walletAddress: string;
281
+ passkey?: PasskeyAuthorityIdentity | null;
282
+ }): Promise<number | null>;
283
+ declare function preparePasskeyAuthorityTargets<T>({ accounts, passkey, thru, getWalletAddress, concurrency, }: PreparePasskeyAuthorityTargetsOptions<T>): Promise<PasskeyAuthorityTarget<T>[]>;
284
+
285
+ /**
286
+ * P-256 curve order and half-order for low-S normalization.
287
+ */
288
+ declare const P256_N = 115792089210356248762697446949407573529996955224135760342422259061068512044369n;
289
+ declare const P256_HALF_N: bigint;
290
+ /**
291
+ * Parse DER-encoded ECDSA signature to get r and s components.
292
+ */
293
+ declare function parseDerSignature(der: Uint8Array): {
294
+ r: Uint8Array;
295
+ s: Uint8Array;
296
+ };
297
+ /**
298
+ * Ensure S is in the lower half of the curve order (BIP-62 / SEC1 compliance).
299
+ */
300
+ declare function normalizeLowS(s: Uint8Array): Uint8Array;
301
+ /**
302
+ * Normalize signature component to exactly 32 bytes.
303
+ */
304
+ declare function normalizeSignatureComponent(component: Uint8Array): Uint8Array;
305
+ declare function bytesToBigIntBE(bytes: Uint8Array): bigint;
306
+ declare function bigIntToBytesBE(value: bigint, length: number): Uint8Array;
307
+
308
+ declare function arrayBufferToBase64Url(buffer: ArrayBuffer | SharedArrayBuffer): string;
309
+ declare function base64UrlToArrayBuffer(base64Url: string): ArrayBuffer;
310
+ declare function bytesToBase64Url(bytes: Uint8Array): string;
311
+ declare function bytesToBase64(bytes: Uint8Array): string;
312
+ declare function base64UrlToBytes(base64Url: string): Uint8Array;
313
+ declare function bytesToHex(bytes: Uint8Array): string;
314
+ declare function hexToBytes(hex: string): Uint8Array;
315
+ declare function bytesEqual(a: Uint8Array, b: Uint8Array): boolean;
316
+ declare function compareBytes(a: Uint8Array, b: Uint8Array): number;
317
+ declare function uniqueAccounts(accounts: Uint8Array[]): Uint8Array[];
318
+
319
+ export { AUTHORITY_TAG_PASSKEY, AUTHORITY_TAG_PUBKEY, type AccountContext, type Authority, type CheckablePasskeyAuthorityIdentity, type CreateInstructionParams, FEE_PAYER_ADDRESS, INSTRUCTION_ADD_AUTHORITY, INSTRUCTION_CREATE, INSTRUCTION_INVOKE, INSTRUCTION_REGISTER_CREDENTIAL, INSTRUCTION_REMOVE_AUTHORITY, INSTRUCTION_TRANSFER, INSTRUCTION_VALIDATE, P256_HALF_N, P256_N, PASSKEY_MANAGER_PROGRAM_ADDRESS, type ParsedAuthority, type PasskeyAuthorityIdentity, type PasskeyAuthorityTarget, type PasskeyDiscoverableSigningResult, type PasskeyMetadata, type PasskeyRegistrationResult, type PasskeySigningResult, type PreparePasskeyAuthorityTargetsOptions, type RegisterCredentialInstructionParams, type TransactionExecutionSummary, type TransferInstructionParams, type ValidateInstructionParams, type WalletAuthorities, type WalletSigner, arrayBufferToBase64Url, base64UrlToArrayBuffer, base64UrlToBytes, bigIntToBytesBE, buildAccountContext, buildPasskeyReadWriteAccounts, bytesEqual, bytesToBase64, bytesToBase64Url, bytesToBigIntBE, bytesToHex, compareBytes, concatenateInstructions, createCredentialLookupSeed, createValidateChallenge, createWalletSeed, deriveCredentialLookupAddress, deriveWalletAddress, encodeAddAuthorityInstruction, encodeCreateInstruction, encodeInvokeInstruction, encodeRegisterCredentialInstruction, encodeRemoveAuthorityInstruction, encodeTransferInstruction, encodeValidateInstruction, fetchWalletNonce, findPasskeyAuthorityIndexForIdentity, findPasskeyAuthorityIndexInWalletData, formatAuthorityPubkey, hexToBytes, isPasskeyAuthorityCheckable, normalizeLowS, normalizeSignatureComponent, parseCredentialLookupWallet, parseDerSignature, parseWalletAuthorities, parseWalletNonce, preparePasskeyAuthorityTargets, resolvePasskeyAuthorityIndex, uniqueAccounts };