@verbeth/sdk 0.1.4

package/dist/esm/src/identity.js

@@ -0,0 +1,70 @@
+import { sha256 } from "@noble/hashes/sha2";
+import { hkdf } from "@noble/hashes/hkdf";
+import { concat, hexlify } from "ethers";
+import nacl from "tweetnacl";
+import { encodeUnifiedPubKeys } from "./payload.js";
+/**
+ * HKDF (RFC 5869) identity key derivation.
+ * Returns a proof binding the derived keypair to the wallet address.
+ */
+export async function deriveIdentityKeyPairWithProof(signer, address) {
+    // 1) Local secret seed (32B CSPRNG), domain-separated by address
+    const r = nacl.randomBytes(32);
+    const enc = new TextEncoder();
+    const addrLower = address.toLowerCase();
+    // IKM = HKDF(r || "verbeth/addr:" || address_lower)
+    // salt/info are public domain labels
+    const seedSalt = enc.encode("verbeth/seed-v1");
+    const seedInfo = enc.encode("verbeth/ikm");
+    const ikmInput = concat([r, enc.encode("verbeth/addr:" + addrLower)]);
+    const ikm = hkdf(sha256, ikmInput, seedSalt, seedInfo, 32);
+    // Derive X25519 (encryption)
+    const info_x25519 = enc.encode("verbeth-x25519-v1");
+    const x25519_sk = hkdf(sha256, ikm, new Uint8Array(0), info_x25519, 32);
+    const boxKeyPair = nacl.box.keyPair.fromSecretKey(x25519_sk);
+    // Derive Ed25519 (signing)
+    const info_ed25519 = enc.encode("verbeth-ed25519-v1");
+    const ed25519_seed = hkdf(sha256, ikm, new Uint8Array(0), info_ed25519, 32);
+    const signKeyPair = nacl.sign.keyPair.fromSeed(ed25519_seed);
+    const pkX25519Hex = hexlify(boxKeyPair.publicKey);
+    const pkEd25519Hex = hexlify(signKeyPair.publicKey);
+    const keyPair = {
+        publicKey: boxKeyPair.publicKey,
+        secretKey: boxKeyPair.secretKey,
+        signingPublicKey: signKeyPair.publicKey,
+        signingSecretKey: signKeyPair.secretKey,
+    };
+    // 2) Single signature binding both public keys
+    const bindingMsgLines = [
+        "VerbEth Key Binding v1",
+        `Address: ${addrLower}`,
+        `PkEd25519: ${pkEd25519Hex}`,
+        `PkX25519: ${pkX25519Hex}`,
+        `Context: verbeth`,
+        `Version: 1`,
+    ];
+    const message = bindingMsgLines.join("\n");
+    const signature = await signer.signMessage(message);
+    const messageRawHex = ("0x" +
+        Buffer.from(message, "utf-8").toString("hex"));
+    return {
+        keyPair,
+        identityProof: {
+            message,
+            signature,
+            messageRawHex,
+        },
+    };
+}
+export async function deriveIdentityWithUnifiedKeys(signer, address) {
+    const result = await deriveIdentityKeyPairWithProof(signer, address);
+    const unifiedPubKeys = encodeUnifiedPubKeys(result.keyPair.publicKey, // X25519
+    result.keyPair.signingPublicKey // Ed25519
+    );
+    return {
+        identityProof: result.identityProof,
+        identityPubKey: result.keyPair.publicKey,
+        signingPubKey: result.keyPair.signingPublicKey,
+        unifiedPubKeys,
+    };
+}

package/dist/esm/src/index.d.ts

@@ -0,0 +1,18 @@
+export * from './crypto.js';
+export * from './payload.js';
+export * from './send.js';
+export * from './verify.js';
+export * from './types.js';
+export * from './utils.js';
+export * from './identity.js';
+export * from './executor.js';
+export { decryptMessage as decryptLog } from './crypto.js';
+export { getNextNonce } from './utils/nonce.js';
+export { encodeUnifiedPubKeys, decodeUnifiedPubKeys, createHandshakePayload, createHandshakeResponseContent, extractKeysFromHandshakePayload, extractKeysFromHandshakeResponse, parseHandshakeKeys } from './payload.js';
+export { decryptAndExtractHandshakeKeys, decryptMessage, decryptHandshakeResponse } from './crypto.js';
+export { verifyIdentityProof, verifyAndExtractHandshakeKeys, verifyAndExtractHandshakeResponseKeys } from './verify.js';
+export { deriveIdentityKeyPairWithProof, deriveIdentityWithUnifiedKeys } from './identity.js';
+export { IExecutor, EOAExecutor, UserOpExecutor, DirectEntryPointExecutor, ExecutorFactory } from './executor.js';
+export { VerbethClient } from './client/index.js';
+export type { VerbethClientConfig, HandshakeResult, HandshakeResponseResult } from './client/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/esm/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,eAAe,CAAC;AAE9B,OAAO,EAAE,cAAc,IAAI,UAAU,EAAE,MAAM,aAAa,CAAC;AAE3D,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAEhD,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,8BAA8B,EAC9B,+BAA+B,EAC/B,gCAAgC,EAChC,kBAAkB,EACnB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,8BAA8B,EAC9B,cAAc,EACd,wBAAwB,EACzB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,mBAAmB,EACnB,6BAA6B,EAC7B,qCAAqC,EACtC,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,8BAA8B,EAC9B,6BAA6B,EAC9B,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,SAAS,EACT,WAAW,EACX,cAAc,EACd,wBAAwB,EACxB,eAAe,EAChB,MAAM,eAAe,CAAC;AAGvB,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,YAAY,EACV,mBAAmB,EACnB,eAAe,EACf,uBAAuB,EACxB,MAAM,mBAAmB,CAAC"}

package/dist/esm/src/index.js

@@ -0,0 +1,17 @@
+export * from './crypto.js';
+export * from './payload.js';
+export * from './send.js';
+export * from './verify.js';
+export * from './types.js';
+export * from './utils.js';
+export * from './identity.js';
+export * from './executor.js';
+export { decryptMessage as decryptLog } from './crypto.js';
+export { getNextNonce } from './utils/nonce.js';
+export { encodeUnifiedPubKeys, decodeUnifiedPubKeys, createHandshakePayload, createHandshakeResponseContent, extractKeysFromHandshakePayload, extractKeysFromHandshakeResponse, parseHandshakeKeys } from './payload.js';
+export { decryptAndExtractHandshakeKeys, decryptMessage, decryptHandshakeResponse } from './crypto.js';
+export { verifyIdentityProof, verifyAndExtractHandshakeKeys, verifyAndExtractHandshakeResponseKeys } from './verify.js';
+export { deriveIdentityKeyPairWithProof, deriveIdentityWithUnifiedKeys } from './identity.js';
+export { EOAExecutor, UserOpExecutor, DirectEntryPointExecutor, ExecutorFactory } from './executor.js';
+// high-level client API 
+export { VerbethClient } from './client/index.js';

package/dist/esm/src/payload.d.ts

@@ -0,0 +1,94 @@
+import { IdentityProof, TopicInfoWire } from './types.js';
+export interface EncryptedPayload {
+    v: number;
+    epk: string;
+    n: string;
+    ct: string;
+    sig?: string;
+}
+export interface MessagePayload {
+    content: string;
+    timestamp?: number;
+    messageType?: 'text' | 'file' | 'media';
+    metadata?: Record<string, any>;
+}
+export interface HandshakeResponsePayload extends EncryptedPayload {
+}
+export interface HandshakeContent {
+    plaintextPayload: string;
+    identityProof: IdentityProof;
+}
+export declare function parseHandshakePayload(plaintextPayload: string): HandshakeContent;
+export declare function serializeHandshakeContent(content: HandshakeContent): string;
+export declare function encodePayload(ephemeralPubKey: Uint8Array, nonce: Uint8Array, ciphertext: Uint8Array, sig?: Uint8Array): string;
+export declare function decodePayload(json: string): {
+    epk: Uint8Array;
+    nonce: Uint8Array;
+    ciphertext: Uint8Array;
+    sig?: Uint8Array;
+};
+export declare function encodeStructuredContent<T>(content: T): Uint8Array;
+export declare function decodeStructuredContent<T>(encoded: Uint8Array, converter: (obj: any) => T): T;
+/**
+ * Encodes X25519 + Ed25519 keys into a single 65-byte array with versioning
+ */
+export declare function encodeUnifiedPubKeys(identityPubKey: Uint8Array, // X25519 - 32 bytes
+signingPubKey: Uint8Array): Uint8Array;
+/**
+ * Decodes unified pubKeys back to individual X25519 and Ed25519 keys
+ */
+export declare function decodeUnifiedPubKeys(pubKeys: Uint8Array): {
+    version: number;
+    identityPubKey: Uint8Array;
+    signingPubKey: Uint8Array;
+} | null;
+export interface HandshakePayload {
+    unifiedPubKeys: Uint8Array;
+    ephemeralPubKey: Uint8Array;
+    plaintextPayload: string;
+}
+export interface HandshakeResponseContent {
+    unifiedPubKeys: Uint8Array;
+    ephemeralPubKey: Uint8Array;
+    note?: string;
+    identityProof: IdentityProof;
+    topicInfo?: TopicInfoWire;
+}
+export declare function encodeHandshakePayload(payload: HandshakePayload): Uint8Array;
+export declare function decodeHandshakePayload(encoded: Uint8Array): HandshakePayload;
+export declare function encodeHandshakeResponseContent(content: HandshakeResponseContent): Uint8Array;
+export declare function decodeHandshakeResponseContent(encoded: Uint8Array): HandshakeResponseContent;
+/**
+ * Creates HandshakePayload from separate identity keys
+ */
+export declare function createHandshakePayload(identityPubKey: Uint8Array, signingPubKey: Uint8Array, ephemeralPubKey: Uint8Array, plaintextPayload: string): HandshakePayload;
+/**
+ * Creates HandshakeResponseContent from separate identity keys
+ */
+export declare function createHandshakeResponseContent(identityPubKey: Uint8Array, signingPubKey: Uint8Array, ephemeralPubKey: Uint8Array, note?: string, identityProof?: IdentityProof, topicInfo?: TopicInfoWire): HandshakeResponseContent;
+/**
+ * Extracts individual keys from HandshakePayload
+ */
+export declare function extractKeysFromHandshakePayload(payload: HandshakePayload): {
+    identityPubKey: Uint8Array;
+    signingPubKey: Uint8Array;
+    ephemeralPubKey: Uint8Array;
+} | null;
+/**
+ * Extracts individual keys from HandshakeResponseContent
+ */
+export declare function extractKeysFromHandshakeResponse(content: HandshakeResponseContent): {
+    identityPubKey: Uint8Array;
+    signingPubKey: Uint8Array;
+    ephemeralPubKey: Uint8Array;
+} | null;
+/**
+ * Parses unified pubKeys from HandshakeLog event
+ */
+export declare function parseHandshakeKeys(event: {
+    pubKeys: string;
+}): {
+    identityPubKey: Uint8Array;
+    signingPubKey: Uint8Array;
+} | null;
+//# sourceMappingURL=payload.d.ts.map

package/dist/esm/src/payload.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../src/payload.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAG1D,MAAM,WAAW,gBAAgB;IAC/B,CAAC,EAAE,MAAM,CAAC;IACV,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAGD,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,wBAAyB,SAAQ,gBAAgB;CACjE;AAED,MAAM,WAAW,gBAAgB;IAC/B,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,aAAa,CAAC;CAC9B;AAED,wBAAgB,qBAAqB,CAAC,gBAAgB,EAAE,MAAM,GAAG,gBAAgB,CAUhF;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,gBAAgB,GAAG,MAAM,CAE3E;AAED,wBAAgB,aAAa,CAAC,eAAe,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,UAAU,GAAG,MAAM,CAS9H;AAED,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG;IAC3C,GAAG,EAAE,UAAU,CAAC;IAChB,KAAK,EAAE,UAAU,CAAC;IAClB,UAAU,EAAE,UAAU,CAAC;IACvB,GAAG,CAAC,EAAE,UAAU,CAAA;CACjB,CAyBA;AAID,wBAAgB,uBAAuB,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,GAAG,UAAU,CAQjE;AAGD,wBAAgB,uBAAuB,CAAC,CAAC,EACvC,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,GACzB,CAAC,CAGH;AAID;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,cAAc,EAAE,UAAU,EAAG,oBAAoB;AACjD,aAAa,EAAE,UAAU,GACxB,UAAU,CAOZ;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,UAAU,GAAG;IACzD,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,UAAU,CAAC;IAC3B,aAAa,EAAE,UAAU,CAAC;CAC3B,GAAG,IAAI,CAoBP;AAED,MAAM,WAAW,gBAAgB;IAC/B,cAAc,EAAE,UAAU,CAAC;IAC3B,eAAe,EAAE,UAAU,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,wBAAwB;IACvC,cAAc,EAAE,UAAU,CAAC;IAC3B,eAAe,EAAE,UAAU,CAAC;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,CAAC,EAAE,aAAa,CAAC;CAC3B;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,gBAAgB,GAAG,UAAU,CAM5E;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,UAAU,GAAG,gBAAgB,CAQ5E;AAED,wBAAgB,8BAA8B,CAAC,OAAO,EAAE,wBAAwB,GAAG,UAAU,CAY1F;AAEH,wBAAgB,8BAA8B,CAAC,OAAO,EAAE,UAAU,GAAG,wBAAwB,CAmB5F;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,cAAc,EAAE,UAAU,EAC1B,aAAa,EAAE,UAAU,EACzB,eAAe,EAAE,UAAU,EAC3B,gBAAgB,EAAE,MAAM,GACvB,gBAAgB,CAMlB;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAC5C,cAAc,EAAE,UAAU,EAC1B,aAAa,EAAE,UAAU,EACzB,eAAe,EAAE,UAAU,EAC3B,IAAI,CAAC,EAAE,MAAM,EACb,aAAa,CAAC,EAAE,aAAa,EAC7B,SAAS,CAAC,EAAE,aAAa,GACxB,wBAAwB,CAY1B;AAED;;GAEG;AACH,wBAAgB,+BAA+B,CAAC,OAAO,EAAE,gBAAgB,GAAG;IAC1E,cAAc,EAAE,UAAU,CAAC;IAC3B,aAAa,EAAE,UAAU,CAAC;IAC1B,eAAe,EAAE,UAAU,CAAC;CAC7B,GAAG,IAAI,CASP;AAED;;GAEG;AACH,wBAAgB,gCAAgC,CAAC,OAAO,EAAE,wBAAwB,GAAG;IACnF,cAAc,EAAE,UAAU,CAAC;IAC3B,aAAa,EAAE,UAAU,CAAC;IAC1B,eAAe,EAAE,UAAU,CAAC;CAC7B,GAAG,IAAI,CASP;AAGD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG;IAC9D,cAAc,EAAE,UAAU,CAAC;IAC3B,aAAa,EAAE,UAAU,CAAC;CAC3B,GAAG,IAAI,CAkBP"}

package/dist/esm/src/payload.js

@@ -0,0 +1,216 @@
+export function parseHandshakePayload(plaintextPayload) {
+    try {
+        const parsed = JSON.parse(plaintextPayload);
+        if (typeof parsed === 'object' && parsed.plaintextPayload && parsed.identityProof) {
+            return parsed;
+        }
+    }
+    catch (e) {
+    }
+    throw new Error("Invalid handshake payload: missing identityProof");
+}
+export function serializeHandshakeContent(content) {
+    return JSON.stringify(content);
+}
+export function encodePayload(ephemeralPubKey, nonce, ciphertext, sig) {
+    const payload = {
+        v: 1,
+        epk: Buffer.from(ephemeralPubKey).toString('base64'),
+        n: Buffer.from(nonce).toString('base64'),
+        ct: Buffer.from(ciphertext).toString('base64'),
+        ...(sig && { sig: Buffer.from(sig).toString('base64') })
+    };
+    return JSON.stringify(payload);
+}
+export function decodePayload(json) {
+    let actualJson = json;
+    if (typeof json === 'string' && json.startsWith('0x')) {
+        try {
+            const bytes = new Uint8Array(Buffer.from(json.slice(2), 'hex'));
+            actualJson = new TextDecoder().decode(bytes);
+        }
+        catch (err) {
+            throw new Error(`Hex decode error: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    try {
+        const { epk, n, ct, sig } = JSON.parse(actualJson);
+        return {
+            epk: Buffer.from(epk, 'base64'),
+            nonce: Buffer.from(n, 'base64'),
+            ciphertext: Buffer.from(ct, 'base64'),
+            ...(sig && { sig: Buffer.from(sig, 'base64') })
+        };
+    }
+    catch (parseError) {
+        throw new Error(`JSON parse error: ${parseError instanceof Error ? parseError.message : String(parseError)}`);
+    }
+}
+// Unified function for encoding any structured content as Uint8Array
+export function encodeStructuredContent(content) {
+    const serialized = JSON.stringify(content, (key, value) => {
+        if (value instanceof Uint8Array) {
+            return Buffer.from(value).toString('base64');
+        }
+        return value;
+    });
+    return new TextEncoder().encode(serialized);
+}
+// Unified function for decoding structured content
+export function decodeStructuredContent(encoded, converter) {
+    const decoded = JSON.parse(new TextDecoder().decode(encoded));
+    return converter(decoded);
+}
+// ========== UNIFIED KEYS MANAGEMENT ==========
+/**
+ * Encodes X25519 + Ed25519 keys into a single 65-byte array with versioning
+ */
+export function encodeUnifiedPubKeys(identityPubKey, // X25519 - 32 bytes
+signingPubKey // Ed25519 - 32 bytes  
+) {
+    const version = new Uint8Array([0x01]); // v1
+    return new Uint8Array([
+        ...version,
+        ...identityPubKey,
+        ...signingPubKey
+    ]); // 65 bytes total
+}
+/**
+ * Decodes unified pubKeys back to individual X25519 and Ed25519 keys
+ */
+export function decodeUnifiedPubKeys(pubKeys) {
+    if (pubKeys.length === 64) {
+        // Legacy
+        return {
+            version: 0,
+            identityPubKey: pubKeys.slice(0, 32),
+            signingPubKey: pubKeys.slice(32, 64)
+        };
+    }
+    if (pubKeys.length === 65 && pubKeys[0] === 0x01) {
+        // V1: with versioning
+        return {
+            version: 1,
+            identityPubKey: pubKeys.slice(1, 33),
+            signingPubKey: pubKeys.slice(33, 65)
+        };
+    }
+    return null;
+}
+export function encodeHandshakePayload(payload) {
+    return new TextEncoder().encode(JSON.stringify({
+        unifiedPubKeys: Buffer.from(payload.unifiedPubKeys).toString('base64'),
+        ephemeralPubKey: Buffer.from(payload.ephemeralPubKey).toString('base64'),
+        plaintextPayload: payload.plaintextPayload
+    }));
+}
+export function decodeHandshakePayload(encoded) {
+    const json = new TextDecoder().decode(encoded);
+    const parsed = JSON.parse(json);
+    return {
+        unifiedPubKeys: Uint8Array.from(Buffer.from(parsed.unifiedPubKeys, 'base64')),
+        ephemeralPubKey: Uint8Array.from(Buffer.from(parsed.ephemeralPubKey, 'base64')),
+        plaintextPayload: parsed.plaintextPayload
+    };
+}
+export function encodeHandshakeResponseContent(content) {
+    return new TextEncoder().encode(JSON.stringify({
+        unifiedPubKeys: Buffer.from(content.unifiedPubKeys).toString('base64'),
+        ephemeralPubKey: Buffer.from(content.ephemeralPubKey).toString('base64'),
+        note: content.note,
+        identityProof: content.identityProof,
+        topicInfo: content.topicInfo ? {
+            out: content.topicInfo.out,
+            in: content.topicInfo.in,
+            chk: content.topicInfo.chk
+        } : undefined
+    }));
+}
+export function decodeHandshakeResponseContent(encoded) {
+    const json = new TextDecoder().decode(encoded);
+    const obj = JSON.parse(json);
+    if (!obj.identityProof) {
+        throw new Error("Invalid handshake response: missing identityProof");
+    }
+    return {
+        unifiedPubKeys: Uint8Array.from(Buffer.from(obj.unifiedPubKeys, 'base64')),
+        ephemeralPubKey: Uint8Array.from(Buffer.from(obj.ephemeralPubKey, 'base64')),
+        note: obj.note,
+        identityProof: obj.identityProof,
+        topicInfo: obj.topicInfo ? {
+            out: obj.topicInfo.out,
+            in: obj.topicInfo.in,
+            chk: obj.topicInfo.chk
+        } : undefined
+    };
+}
+/**
+ * Creates HandshakePayload from separate identity keys
+ */
+export function createHandshakePayload(identityPubKey, signingPubKey, ephemeralPubKey, plaintextPayload) {
+    return {
+        unifiedPubKeys: encodeUnifiedPubKeys(identityPubKey, signingPubKey),
+        ephemeralPubKey,
+        plaintextPayload
+    };
+}
+/**
+ * Creates HandshakeResponseContent from separate identity keys
+ */
+export function createHandshakeResponseContent(identityPubKey, signingPubKey, ephemeralPubKey, note, identityProof, topicInfo) {
+    if (!identityProof) {
+        throw new Error("Identity proof is now mandatory for handshake responses");
+    }
+    return {
+        unifiedPubKeys: encodeUnifiedPubKeys(identityPubKey, signingPubKey),
+        ephemeralPubKey,
+        note,
+        identityProof,
+        topicInfo
+    };
+}
+/**
+ * Extracts individual keys from HandshakePayload
+ */
+export function extractKeysFromHandshakePayload(payload) {
+    const decoded = decodeUnifiedPubKeys(payload.unifiedPubKeys);
+    if (!decoded)
+        return null;
+    return {
+        identityPubKey: decoded.identityPubKey,
+        signingPubKey: decoded.signingPubKey,
+        ephemeralPubKey: payload.ephemeralPubKey
+    };
+}
+/**
+ * Extracts individual keys from HandshakeResponseContent
+ */
+export function extractKeysFromHandshakeResponse(content) {
+    const decoded = decodeUnifiedPubKeys(content.unifiedPubKeys);
+    if (!decoded)
+        return null;
+    return {
+        identityPubKey: decoded.identityPubKey,
+        signingPubKey: decoded.signingPubKey,
+        ephemeralPubKey: content.ephemeralPubKey
+    };
+}
+/**
+ * Parses unified pubKeys from HandshakeLog event
+ */
+export function parseHandshakeKeys(event) {
+    try {
+        const pubKeysBytes = new Uint8Array(Buffer.from(event.pubKeys.slice(2), 'hex'));
+        const decoded = decodeUnifiedPubKeys(pubKeysBytes);
+        if (!decoded)
+            return null;
+        return {
+            identityPubKey: decoded.identityPubKey,
+            signingPubKey: decoded.signingPubKey
+        };
+    }
+    catch (error) {
+        console.error('Failed to parse handshake keys:', error);
+        return null;
+    }
+}

package/dist/esm/src/send.d.ts

@@ -0,0 +1,50 @@
+import { Signer } from "ethers";
+import nacl from 'tweetnacl';
+import { IdentityKeyPair, IdentityProof } from './types.js';
+import { IExecutor } from './executor.js';
+/**
+ * Sends an encrypted message assuming recipient's keys were already obtained via handshake.
+ * Executor-agnostic: works with EOA, UserOp, and Direct EntryPoint (for tests)
+ */
+export declare function sendEncryptedMessage({ executor, topic, message, recipientPubKey, senderAddress, senderSignKeyPair, timestamp }: {
+    executor: IExecutor;
+    topic: string;
+    message: string;
+    recipientPubKey: Uint8Array;
+    senderAddress: string;
+    senderSignKeyPair: nacl.SignKeyPair;
+    timestamp: number;
+}): Promise<any>;
+/**
+ * Initiates an on-chain handshake with unified keys and mandatory identity proof.
+ * Executor-agnostic: works with EOA, UserOp, and Direct EntryPoint (for tests)
+ */
+export declare function initiateHandshake({ executor, recipientAddress, identityKeyPair, ephemeralPubKey, plaintextPayload, identityProof, signer }: {
+    executor: IExecutor;
+    recipientAddress: string;
+    identityKeyPair: IdentityKeyPair;
+    ephemeralPubKey: Uint8Array;
+    plaintextPayload: string;
+    identityProof: IdentityProof;
+    signer: Signer;
+}): Promise<any>;
+/**
+ * Responds to a handshake with unified keys and mandatory identity proof.
+ * Executor-agnostic: works with EOA, UserOp, and Direct EntryPoint (for tests)
+ */
+export declare function respondToHandshake({ executor, initiatorPubKey, // X25519 key from initiator (ephemeral)
+responderIdentityKeyPair, responderEphemeralKeyPair, note, identityProof, signer, initiatorIdentityPubKey, }: {
+    executor: IExecutor;
+    initiatorPubKey: Uint8Array;
+    responderIdentityKeyPair: IdentityKeyPair;
+    responderEphemeralKeyPair?: nacl.BoxKeyPair;
+    note?: string;
+    identityProof: IdentityProof;
+    signer: Signer;
+    initiatorIdentityPubKey?: Uint8Array;
+}): Promise<{
+    tx: any;
+    salt: Uint8Array<ArrayBufferLike>;
+    tag: `0x${string}`;
+}>;
+//# sourceMappingURL=send.d.ts.map

package/dist/esm/src/send.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"send.d.ts","sourceRoot":"","sources":["../../../src/send.ts"],"names":[],"mappings":"AAEA,OAAO,EAIL,MAAM,EAEP,MAAM,QAAQ,CAAC;AAChB,OAAO,IAAI,MAAM,WAAW,CAAC;AAU7B,OAAO,EAAE,eAAe,EAAE,aAAa,EAAiB,MAAM,YAAY,CAAC;AAC3E,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAK1C;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,EACzC,QAAQ,EACR,KAAK,EACL,OAAO,EACP,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,SAAS,EACV,EAAE;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,UAAU,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,IAAI,CAAC,WAAW,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;CACnB,gBAmBA;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,EACtC,QAAQ,EACR,gBAAgB,EAChB,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,MAAM,EACP,EAAE;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,eAAe,CAAC;IACjC,eAAe,EAAE,UAAU,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,aAAa,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;CAChB,gBA4BA;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CAAC,EACvC,QAAQ,EACR,eAAe,EAAE,wCAAwC;AACzD,wBAAwB,EACxB,yBAAyB,EACzB,IAAI,EACJ,aAAa,EACb,MAAM,EACN,uBAAuB,GACxB,EAAE;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,eAAe,EAAE,UAAU,CAAC;IAC5B,wBAAwB,EAAE,eAAe,CAAC;IAC1C,yBAAyB,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC;IAC5C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,aAAa,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB,CAAC,EAAE,UAAU,CAAC;CACtC;;;;GAuDA"}

package/dist/esm/src/send.js

@@ -0,0 +1,75 @@
+// packages/sdk/src/send.ts
+import { keccak256, toUtf8Bytes, hexlify, getBytes } from "ethers";
+import nacl from 'tweetnacl';
+import { getNextNonce } from './utils/nonce.js';
+import { encryptMessage, encryptStructuredPayload, deriveDuplexTopics } from './crypto.js';
+import { serializeHandshakeContent, encodeUnifiedPubKeys, createHandshakeResponseContent, } from './payload.js';
+import { computeTagFromResponder } from './crypto.js';
+/**
+ * Sends an encrypted message assuming recipient's keys were already obtained via handshake.
+ * Executor-agnostic: works with EOA, UserOp, and Direct EntryPoint (for tests)
+ */
+export async function sendEncryptedMessage({ executor, topic, message, recipientPubKey, senderAddress, senderSignKeyPair, timestamp }) {
+    if (!executor) {
+        throw new Error("Executor must be provided");
+    }
+    const ephemeralKeyPair = nacl.box.keyPair();
+    const ciphertext = encryptMessage(message, recipientPubKey, // X25519 for encryption
+    ephemeralKeyPair.secretKey, ephemeralKeyPair.publicKey, senderSignKeyPair.secretKey, // Ed25519 for signing
+    senderSignKeyPair.publicKey);
+    const nonce = getNextNonce(senderAddress, topic);
+    return executor.sendMessage(toUtf8Bytes(ciphertext), topic, timestamp, nonce);
+}
+/**
+ * Initiates an on-chain handshake with unified keys and mandatory identity proof.
+ * Executor-agnostic: works with EOA, UserOp, and Direct EntryPoint (for tests)
+ */
+export async function initiateHandshake({ executor, recipientAddress, identityKeyPair, ephemeralPubKey, plaintextPayload, identityProof, signer }) {
+    if (!executor) {
+        throw new Error("Executor must be provided");
+    }
+    const recipientHash = keccak256(toUtf8Bytes('contact:' + recipientAddress.toLowerCase()));
+    const handshakeContent = {
+        plaintextPayload,
+        identityProof
+    };
+    const serializedPayload = serializeHandshakeContent(handshakeContent);
+    // Create unified pubKeys (65 bytes: version + X25519 + Ed25519)
+    const unifiedPubKeys = encodeUnifiedPubKeys(identityKeyPair.publicKey, // X25519 for encryption
+    identityKeyPair.signingPublicKey // Ed25519 for signing
+    );
+    return await executor.initiateHandshake(recipientHash, hexlify(unifiedPubKeys), hexlify(ephemeralPubKey), toUtf8Bytes(serializedPayload));
+}
+/**
+ * Responds to a handshake with unified keys and mandatory identity proof.
+ * Executor-agnostic: works with EOA, UserOp, and Direct EntryPoint (for tests)
+ */
+export async function respondToHandshake({ executor, initiatorPubKey, // X25519 key from initiator (ephemeral)
+responderIdentityKeyPair, responderEphemeralKeyPair, note, identityProof, signer, initiatorIdentityPubKey, }) {
+    if (!executor) {
+        throw new Error("Executor must be provided");
+    }
+    const ephemeralKeyPair = responderEphemeralKeyPair || nacl.box.keyPair();
+    // Generate a separate ephemeral key (R,r) just for the tag
+    const tagKeyPair = nacl.box.keyPair();
+    const inResponseTo = computeTagFromResponder(tagKeyPair.secretKey, initiatorPubKey);
+    const salt = getBytes(inResponseTo); // for topics HKDF
+    let topicInfo = undefined;
+    if (initiatorIdentityPubKey) {
+        const { topicOut, topicIn, checksum } = deriveDuplexTopics(responderIdentityKeyPair.secretKey, initiatorIdentityPubKey, salt);
+        topicInfo = { out: topicOut, in: topicIn, chk: checksum };
+    }
+    const responseContent = createHandshakeResponseContent(responderIdentityKeyPair.publicKey, // X25519
+    responderIdentityKeyPair.signingPublicKey, // Ed25519
+    ephemeralKeyPair.publicKey, note, identityProof, topicInfo);
+    // Encrypt the response for the initiator
+    const payload = encryptStructuredPayload(responseContent, initiatorPubKey, // Encrypt to initiator's X25519 (ephemeral) key
+    ephemeralKeyPair.secretKey, ephemeralKeyPair.publicKey);
+    // Execute the transaction
+    const tx = await executor.respondToHandshake(inResponseTo, hexlify(tagKeyPair.publicKey), toUtf8Bytes(payload));
+    return {
+        tx,
+        salt,
+        tag: inResponseTo
+    };
+}

package/dist/esm/src/types.d.ts

@@ -0,0 +1,73 @@
+export interface LogMessage {
+    sender: string;
+    ciphertext: string;
+    timestamp: number;
+    topic: string;
+    nonce: bigint;
+}
+export interface HandshakeLog {
+    recipientHash: string;
+    sender: string;
+    pubKeys: string;
+    ephemeralPubKey: string;
+    plaintextPayload: string;
+}
+export interface HandshakeResponseLog {
+    inResponseTo: string;
+    responder: string;
+    responderEphemeralR: string;
+    ciphertext: string;
+}
+export interface DuplexTopics {
+    /** Initiator → Responder */
+    topicOut: `0x${string}`;
+    /** Responder → Initiator */
+    topicIn: `0x${string}`;
+}
+/** Formato compatto per invio via HSR cifrata */
+export interface TopicInfoWire {
+    out: `0x${string}`;
+    in: `0x${string}`;
+    /** checksum corto per conferma (8 byte, hex) */
+    chk: `0x${string}`;
+}
+export interface IdentityKeyPair {
+    publicKey: Uint8Array;
+    secretKey: Uint8Array;
+    signingPublicKey: Uint8Array;
+    signingSecretKey: Uint8Array;
+}
+export interface IdentityProof {
+    message: string;
+    signature: string;
+    messageRawHex?: `0x${string}`;
+}
+export type PackedUserOperation = typeof DEFAULT_AA_VERSION extends "v0.6" ? UserOpV06 : UserOpV07;
+export interface BaseUserOp {
+    sender: string;
+    nonce: bigint;
+    initCode: string;
+    callData: string;
+    preVerificationGas: bigint;
+    paymasterAndData: string;
+    signature: string;
+}
+export interface UserOpV06 extends BaseUserOp {
+    callGasLimit: bigint;
+    verificationGasLimit: bigint;
+    maxFeePerGas: bigint;
+    maxPriorityFeePerGas: bigint;
+}
+export interface UserOpV07 extends BaseUserOp {
+    /**
+     * = (verificationGasLimit << 128) \| callGasLimit
+     */
+    accountGasLimits: bigint;
+    /**
+     * = (maxFeePerGas << 128) \| maxPriorityFeePerGas
+     */
+    gasFees: bigint;
+}
+export type AASpecVersion = "v0.6" | "v0.7";
+export declare const DEFAULT_AA_VERSION: AASpecVersion;
+//# sourceMappingURL=types.d.ts.map

package/dist/esm/src/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/types.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,oBAAoB;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACpB;AAGD,MAAM,WAAW,YAAY;IAC3B,4BAA4B;IAC5B,QAAQ,EAAE,KAAK,MAAM,EAAE,CAAC;IACxB,4BAA4B;IAC5B,OAAO,EAAE,KAAK,MAAM,EAAE,CAAC;CACxB;AAED,iDAAiD;AACjD,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,KAAK,MAAM,EAAE,CAAC;IACnB,EAAE,EAAE,KAAK,MAAM,EAAE,CAAC;IAClB,gDAAgD;IAChD,GAAG,EAAE,KAAK,MAAM,EAAE,CAAC;CACpB;AAGD,MAAM,WAAW,eAAe;IAE9B,SAAS,EAAE,UAAU,CAAC;IACtB,SAAS,EAAE,UAAU,CAAC;IAEtB,gBAAgB,EAAE,UAAU,CAAC;IAC7B,gBAAgB,EAAE,UAAU,CAAC;CAC9B;AAGD,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,KAAK,MAAM,EAAE,CAAC;CAC/B;AAED,MAAM,MAAM,mBAAmB,GAAG,OAAO,kBAAkB,SAAS,MAAM,GACtE,SAAS,GACT,SAAS,CAAC;AAEd,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,SAAU,SAAQ,UAAU;IAC3C,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,SAAU,SAAQ,UAAU;IAC3C;;OAEG;IACH,gBAAgB,EAAE,MAAM,CAAC;IACzB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,MAAM,CAAC;AAC5C,eAAO,MAAM,kBAAkB,EAAE,aAAsB,CAAC"}

package/dist/esm/src/types.js

@@ -0,0 +1,2 @@
+// packages/sdk/src/types.ts
+export const DEFAULT_AA_VERSION = "v0.7";

package/dist/esm/src/utils/nonce.d.ts

@@ -0,0 +1,2 @@
+export declare function getNextNonce(sender: string, topic: string): bigint;
+//# sourceMappingURL=nonce.d.ts.map

package/dist/esm/src/utils/nonce.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nonce.d.ts","sourceRoot":"","sources":["../../../../src/utils/nonce.ts"],"names":[],"mappings":"AAEA,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAIlE"}

package/dist/esm/src/utils/nonce.js

@@ -0,0 +1,6 @@
+const nonceRegistry = {};
+export function getNextNonce(sender, topic) {
+    const key = `${sender}-${topic}`;
+    nonceRegistry[key] = (nonceRegistry[key] ?? 0n) + 1n;
+    return nonceRegistry[key];
+}

package/dist/esm/src/utils/x25519.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Converts a 64-byte raw secp256k1 public key into a 32-byte x25519-compatible public key.
+ * This is done by hashing it and using the first 32 bytes.
+ */
+export declare function convertPublicKeyToX25519(secpPubKey: Uint8Array): Uint8Array;
+//# sourceMappingURL=x25519.d.ts.map