npm - @veridex/sdk - Versions diffs - 1.1.0 → 1.1.2 - Mend

@veridex/sdk 1.1.0 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/dist/{EVMClient-DtqvdfUP.d.mts → EVMClient-Bmy9czkE.d.mts} +2 -0
package/dist/auth/prepareAuth.js +107 -32
package/dist/auth/prepareAuth.js.map +1 -1
package/dist/auth/prepareAuth.mjs +6 -6
package/dist/chains/aptos/index.js.map +1 -1
package/dist/chains/aptos/index.mjs +3 -3
package/dist/chains/avalanche/index.d.mts +1 -1
package/dist/chains/avalanche/index.js +59 -11
package/dist/chains/avalanche/index.js.map +1 -1
package/dist/chains/avalanche/index.mjs +4 -4
package/dist/chains/evm/index.d.mts +3 -3
package/dist/chains/evm/index.js +59 -11
package/dist/chains/evm/index.js.map +1 -1
package/dist/chains/evm/index.mjs +3 -3
package/dist/chains/solana/index.js.map +1 -1
package/dist/chains/solana/index.mjs +3 -3
package/dist/chains/stacks/index.d.mts +1 -1
package/dist/chains/stacks/index.js.map +1 -1
package/dist/chains/stacks/index.mjs +3 -3
package/dist/chains/starknet/index.d.mts +1 -1
package/dist/chains/starknet/index.js.map +1 -1
package/dist/chains/starknet/index.mjs +3 -3
package/dist/chains/stellar/index.d.mts +312 -0
package/dist/chains/stellar/index.js +300 -0
package/dist/chains/stellar/index.js.map +1 -0
package/dist/chains/stellar/index.mjs +260 -0
package/dist/chains/stellar/index.mjs.map +1 -0
package/dist/chains/sui/index.d.mts +1 -1
package/dist/chains/sui/index.js.map +1 -1
package/dist/chains/sui/index.mjs +3 -3
package/dist/{chunk-Q5O3M5LP.mjs → chunk-2TS375ET.mjs} +2 -2
package/dist/{chunk-QT4ZZ4GM.mjs → chunk-5FDOTI5G.mjs} +2 -2
package/dist/{chunk-N4A2RMUN.mjs → chunk-AFHWA4CZ.mjs} +2 -2
package/dist/{chunk-5T6KPH7A.mjs → chunk-CSU4IV2F.mjs} +2 -2
package/dist/{chunk-YCUJZ6Z7.mjs → chunk-CTYDGO6E.mjs} +63 -6
package/dist/chunk-CTYDGO6E.mjs.map +1 -0
package/dist/{chunk-USDA5JTN.mjs → chunk-DZUNCSI5.mjs} +61 -13
package/dist/chunk-DZUNCSI5.mjs.map +1 -0
package/dist/{chunk-SXXGTQIR.mjs → chunk-E3SU36C2.mjs} +2 -2
package/dist/{chunk-NUWSMJFJ.mjs → chunk-EFIXFA6V.mjs} +2 -2
package/dist/{chunk-MLXQHIH2.mjs → chunk-GM5DKEHD.mjs} +2 -2
package/dist/{chunk-GWJRKDSA.mjs → chunk-GOWXQPTW.mjs} +3 -3
package/dist/{chunk-OVMMTL6H.mjs → chunk-ICGB3AHI.mjs} +2 -2
package/dist/{chunk-QDO6NQ7P.mjs → chunk-M3GUNREX.mjs} +20 -3
package/dist/{chunk-QDO6NQ7P.mjs.map → chunk-M3GUNREX.mjs.map} +1 -1
package/dist/{chunk-X7BZMSPQ.mjs → chunk-RD6ZYUVG.mjs} +52 -30
package/dist/chunk-RD6ZYUVG.mjs.map +1 -0
package/dist/{chunk-F3YAGZSW.mjs → chunk-TPEP6XUA.mjs} +2 -2
package/dist/{chunk-M3MM4YMF.mjs → chunk-UPO55SBK.mjs} +2 -2
package/dist/{chunk-PDHZ5X5O.mjs → chunk-YYT3V7CI.mjs} +2 -2
package/dist/constants.d.mts +2 -2
package/dist/constants.js +51 -29
package/dist/constants.js.map +1 -1
package/dist/constants.mjs +1 -1
package/dist/{index-DDalBhAm.d.mts → index-CKKUV4J7.d.mts} +10 -7
package/dist/index.d.mts +43 -14
package/dist/index.js +512 -159
package/dist/index.js.map +1 -1
package/dist/index.mjs +335 -128
package/dist/index.mjs.map +1 -1
package/dist/passkey.js +57 -4
package/dist/passkey.js.map +1 -1
package/dist/passkey.mjs +3 -3
package/dist/payload.js.map +1 -1
package/dist/payload.mjs +2 -2
package/dist/portfolio-JA4OTF7Y.mjs +13 -0
package/dist/queries/index.js +49 -27
package/dist/queries/index.js.map +1 -1
package/dist/queries/index.mjs +5 -5
package/dist/{types-B7V5VNbO.d.mts → types-C564CfsE.d.mts} +33 -4
package/dist/utils.js +49 -27
package/dist/utils.js.map +1 -1
package/dist/utils.mjs +2 -2
package/dist/wormhole.js.map +1 -1
package/dist/wormhole.mjs +2 -2
package/package.json +8 -1
package/dist/chunk-USDA5JTN.mjs.map +0 -1
package/dist/chunk-X7BZMSPQ.mjs.map +0 -1
package/dist/chunk-YCUJZ6Z7.mjs.map +0 -1
package/dist/portfolio-V347KZOL.mjs +0 -13
/package/dist/{chunk-Q5O3M5LP.mjs.map → chunk-2TS375ET.mjs.map} +0 -0
/package/dist/{chunk-QT4ZZ4GM.mjs.map → chunk-5FDOTI5G.mjs.map} +0 -0
/package/dist/{chunk-N4A2RMUN.mjs.map → chunk-AFHWA4CZ.mjs.map} +0 -0
/package/dist/{chunk-5T6KPH7A.mjs.map → chunk-CSU4IV2F.mjs.map} +0 -0
/package/dist/{chunk-SXXGTQIR.mjs.map → chunk-E3SU36C2.mjs.map} +0 -0
/package/dist/{chunk-NUWSMJFJ.mjs.map → chunk-EFIXFA6V.mjs.map} +0 -0
/package/dist/{chunk-MLXQHIH2.mjs.map → chunk-GM5DKEHD.mjs.map} +0 -0
/package/dist/{chunk-GWJRKDSA.mjs.map → chunk-GOWXQPTW.mjs.map} +0 -0
/package/dist/{chunk-OVMMTL6H.mjs.map → chunk-ICGB3AHI.mjs.map} +0 -0
/package/dist/{chunk-F3YAGZSW.mjs.map → chunk-TPEP6XUA.mjs.map} +0 -0
/package/dist/{chunk-M3MM4YMF.mjs.map → chunk-UPO55SBK.mjs.map} +0 -0
/package/dist/{chunk-PDHZ5X5O.mjs.map → chunk-YYT3V7CI.mjs.map} +0 -0
/package/dist/{portfolio-V347KZOL.mjs.map → portfolio-JA4OTF7Y.mjs.map} +0 -0

package/dist/chains/stellar/index.js ADDED Viewed

@@ -0,0 +1,300 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/chains/stellar/index.ts
+var stellar_exports = {};
+__export(stellar_exports, {
+  StellarModuleType: () => StellarModuleType,
+  StellarNetworks: () => StellarNetworks,
+  StellarPasskeySigner: () => StellarPasskeySigner,
+  VERIDEX_PASSKEY_ID: () => VERIDEX_PASSKEY_ID,
+  VeridexStellarWalletModule: () => VeridexStellarWalletModule,
+  deriveSmartAccountId: () => deriveSmartAccountId
+});
+module.exports = __toCommonJS(stellar_exports);
+// src/chains/stellar/StellarPasskeySigner.ts
+var import_sha2562 = require("@noble/hashes/sha256");
+// src/utils.ts
+var import_ethers = require("ethers");
+function base64URLDecode(str) {
+  const base64 = str.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = base64 + "=".repeat((4 - base64.length % 4) % 4);
+  const binary = atob(padded);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+// src/chains/stellar/types.ts
+var StellarNetworks = /* @__PURE__ */ ((StellarNetworks2) => {
+  StellarNetworks2["PUBLIC"] = "Public Global Stellar Network ; September 2015";
+  StellarNetworks2["TESTNET"] = "Test SDF Network ; September 2015";
+  StellarNetworks2["FUTURENET"] = "Test SDF Future Network ; October 2022";
+  StellarNetworks2["SANDBOX"] = "Local Sandbox Stellar Network ; September 2022";
+  StellarNetworks2["STANDALONE"] = "Standalone Network ; February 2017";
+  return StellarNetworks2;
+})(StellarNetworks || {});
+var StellarModuleType = /* @__PURE__ */ ((StellarModuleType2) => {
+  StellarModuleType2["HW_WALLET"] = "HW_WALLET";
+  StellarModuleType2["HOT_WALLET"] = "HOT_WALLET";
+  StellarModuleType2["BRIDGE_WALLET"] = "BRIDGE_WALLET";
+  StellarModuleType2["AIR_GAPED_WALLET"] = "AIR_GAPED_WALLET";
+  return StellarModuleType2;
+})(StellarModuleType || {});
+// src/chains/stellar/SmartAccount.ts
+var import_sha256 = require("@noble/hashes/sha256");
+function deriveSmartAccountId(keyHash, networkPassphrase, salt) {
+  const cleanHash = keyHash.startsWith("0x") ? keyHash.slice(2) : keyHash;
+  if (cleanHash.length !== 64) {
+    throw new Error(
+      `deriveSmartAccountId: keyHash must be 32 bytes (64 hex chars), got ${cleanHash.length}`
+    );
+  }
+  const cleanSalt = salt ? salt.startsWith("0x") ? salt.slice(2) : salt : "0".repeat(64);
+  if (cleanSalt.length !== 64) {
+    throw new Error(
+      `deriveSmartAccountId: salt must be 32 bytes (64 hex chars), got ${cleanSalt.length}`
+    );
+  }
+  const encoder = new TextEncoder();
+  const passphraseBytes = encoder.encode(networkPassphrase);
+  const keyHashBytes = hexToBytes(cleanHash);
+  const saltBytes = hexToBytes(cleanSalt);
+  const buffer = new Uint8Array(
+    passphraseBytes.length + keyHashBytes.length + saltBytes.length
+  );
+  buffer.set(passphraseBytes, 0);
+  buffer.set(keyHashBytes, passphraseBytes.length);
+  buffer.set(saltBytes, passphraseBytes.length + keyHashBytes.length);
+  const digest = (0, import_sha256.sha256)(buffer);
+  return "0x" + bytesToHex(digest);
+}
+function hexToBytes(hex) {
+  const out = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < out.length; i++) {
+    out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+  }
+  return out;
+}
+function bytesToHex(bytes) {
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += bytes[i].toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+// src/chains/stellar/StellarPasskeySigner.ts
+var StellarPasskeySigner = class {
+  passkey;
+  credential;
+  network;
+  smartAccountContractId;
+  constructor(opts) {
+    this.passkey = opts.passkey;
+    this.credential = opts.credential;
+    this.network = opts.config?.network ?? "Test SDF Network ; September 2015" /* TESTNET */;
+    this.smartAccountContractId = opts.config?.smartAccountContractId;
+  }
+  /**
+   * Returns the Soroban smart-account address (C-address-derivable hex)
+   * associated with the active passkey. If a fixed contract id was
+   * configured we return it verbatim; otherwise we derive deterministically.
+   */
+  async getAddress(skipRequestAccess = false) {
+    if (this.smartAccountContractId) {
+      return { address: this.smartAccountContractId };
+    }
+    const cred = await this.ensureCredential(skipRequestAccess);
+    const id = deriveSmartAccountId(cred.keyHash, this.network);
+    return { address: id };
+  }
+  /**
+   * Produce a SEP-43 `signedTxXdr` for the given transaction envelope XDR.
+   *
+   * Because we do not bundle `@stellar/stellar-sdk` we hash the XDR's
+   * binary form prefixed with the network passphrase. Consumers that need
+   * canonical Stellar transaction hashes should preprocess `xdr` to the
+   * spec-compliant preimage before calling, or override this method.
+   */
+  async signTransaction(xdr, opts) {
+    const cred = await this.ensureCredential(true);
+    const passphrase = opts?.networkPassphrase ?? this.network;
+    const challenge = this.hashTransactionXdr(xdr, passphrase);
+    const assertion = await this.signChallenge(challenge, cred);
+    const container = this.encodeAssertionContainer("tx", xdr, assertion);
+    const { address } = await this.getAddress(true);
+    return { signedTxXdr: container, signerAddress: opts?.address ?? address };
+  }
+  /**
+   * Sign a Soroban `HashIdPreimageSorobanAuthorization` XDR. The auth
+   * entry payload is hashed and wrapped identically to a transaction.
+   */
+  async signAuthEntry(authEntry, opts) {
+    const cred = await this.ensureCredential(true);
+    const passphrase = opts?.networkPassphrase ?? this.network;
+    const challenge = this.hashAuthEntry(authEntry, passphrase);
+    const assertion = await this.signChallenge(challenge, cred);
+    const container = this.encodeAssertionContainer("auth", authEntry, assertion);
+    const { address } = await this.getAddress(true);
+    return { signedAuthEntry: container, signerAddress: opts?.address ?? address };
+  }
+  /**
+   * Sign an arbitrary message per SEP-43 `signMessage`.
+   */
+  async signMessage(message, opts) {
+    const cred = await this.ensureCredential(true);
+    const challenge = (0, import_sha2562.sha256)(new TextEncoder().encode(message));
+    const assertion = await this.signChallenge(challenge, cred);
+    const container = this.encodeAssertionContainer("msg", message, assertion);
+    const { address } = await this.getAddress(true);
+    return { signedMessage: container, signerAddress: opts?.address ?? address };
+  }
+  // ------------------------------------------------------------------
+  // Internals
+  // ------------------------------------------------------------------
+  hashTransactionXdr(xdr, networkPassphrase) {
+    const passphraseHash = (0, import_sha2562.sha256)(new TextEncoder().encode(networkPassphrase));
+    const xdrBytes = this.decodeBase64(xdr);
+    const buf = new Uint8Array(passphraseHash.length + xdrBytes.length);
+    buf.set(passphraseHash, 0);
+    buf.set(xdrBytes, passphraseHash.length);
+    return (0, import_sha2562.sha256)(buf);
+  }
+  hashAuthEntry(authEntry, networkPassphrase) {
+    return this.hashTransactionXdr(authEntry, networkPassphrase);
+  }
+  async signChallenge(challenge, credential) {
+    const sig = await this.passkey.sign(challenge);
+    return {
+      keyHash: credential.keyHash,
+      authenticatorData: sig.authenticatorData,
+      clientDataJSON: sig.clientDataJSON,
+      challengeIndex: sig.challengeIndex,
+      typeIndex: sig.typeIndex,
+      signatureR: "0x" + sig.r.toString(16).padStart(64, "0"),
+      signatureS: "0x" + sig.s.toString(16).padStart(64, "0")
+    };
+  }
+  async ensureCredential(skipRequestAccess) {
+    if (this.credential) return this.credential;
+    if (skipRequestAccess) {
+      throw new Error(
+        "StellarPasskeySigner: no credential cached. Call passkey.authenticate() first or pass `credential` to the constructor."
+      );
+    }
+    const { credential } = await this.passkey.authenticate();
+    this.credential = credential;
+    return credential;
+  }
+  encodeAssertionContainer(kind, payload, assertion) {
+    const container = {
+      v: 1,
+      kind,
+      payload,
+      assertion
+    };
+    const json = JSON.stringify(container);
+    if (typeof Buffer !== "undefined") {
+      return Buffer.from(json, "utf8").toString("base64");
+    }
+    return btoa(unescape(encodeURIComponent(json)));
+  }
+  decodeBase64(input) {
+    try {
+      if (typeof Buffer !== "undefined") {
+        return new Uint8Array(Buffer.from(input, "base64"));
+      }
+      const binary = atob(input);
+      const bytes = new Uint8Array(binary.length);
+      for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+      return bytes;
+    } catch {
+      return base64URLDecode(input);
+    }
+  }
+};
+// src/chains/stellar/VeridexStellarWalletModule.ts
+var import_browser = require("@simplewebauthn/browser");
+var VERIDEX_PASSKEY_ID = "veridex-passkey";
+var VeridexStellarWalletModule = class {
+  moduleType = "HOT_WALLET" /* HOT_WALLET */;
+  productId = VERIDEX_PASSKEY_ID;
+  productName;
+  productUrl;
+  productIcon;
+  signer;
+  constructor(opts) {
+    this.signer = new StellarPasskeySigner({
+      passkey: opts.passkey,
+      credential: opts.credential,
+      config: opts.config
+    });
+    this.productName = opts.productName ?? "Veridex Passkey";
+    this.productUrl = opts.productUrl ?? "https://veridex.network";
+    this.productIcon = opts.productIcon ?? "https://veridex.network/icons/passkey-256.png";
+  }
+  async isAvailable() {
+    try {
+      return (0, import_browser.browserSupportsWebAuthn)();
+    } catch {
+      return false;
+    }
+  }
+  async isPlatformWrapper() {
+    return false;
+  }
+  async getAddress(params) {
+    return this.signer.getAddress(params?.skipRequestAccess);
+  }
+  async signTransaction(xdr, opts) {
+    return this.signer.signTransaction(xdr, {
+      networkPassphrase: opts?.networkPassphrase,
+      address: opts?.address
+    });
+  }
+  async signAuthEntry(authEntry, opts) {
+    return this.signer.signAuthEntry(authEntry, {
+      networkPassphrase: opts?.networkPassphrase,
+      address: opts?.address
+    });
+  }
+  async signMessage(message, opts) {
+    return this.signer.signMessage(message, {
+      networkPassphrase: opts?.networkPassphrase,
+      address: opts?.address
+    });
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  StellarModuleType,
+  StellarNetworks,
+  StellarPasskeySigner,
+  VERIDEX_PASSKEY_ID,
+  VeridexStellarWalletModule,
+  deriveSmartAccountId
+});
+//# sourceMappingURL=index.js.map

package/dist/chains/stellar/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../src/chains/stellar/index.ts","../../../src/chains/stellar/StellarPasskeySigner.ts","../../../src/utils.ts","../../../src/chains/stellar/types.ts","../../../src/chains/stellar/SmartAccount.ts","../../../src/chains/stellar/VeridexStellarWalletModule.ts"],"sourcesContent":["/**\n * Veridex Protocol SDK — Stellar chain module\n *\n * Provides:\n * - `StellarPasskeySigner`: SEP-43-compatible passkey signer\n * - `VeridexStellarWalletModule`: Stellar-Wallets-Kit `ModuleInterface`\n * - `deriveSmartAccountId`: deterministic Soroban smart-account derivation\n */\n\nexport { StellarPasskeySigner } from './StellarPasskeySigner.js';\nexport type { StellarPasskeySignerOptions } from './StellarPasskeySigner.js';\n\nexport {\n VeridexStellarWalletModule,\n VERIDEX_PASSKEY_ID,\n StellarNetworks,\n} from './VeridexStellarWalletModule.js';\nexport type { VeridexStellarWalletModuleOptions } from './VeridexStellarWalletModule.js';\n\nexport { deriveSmartAccountId } from './SmartAccount.js';\n\nexport {\n StellarModuleType,\n} from './types.js';\nexport type {\n StellarWalletModuleInterface,\n StellarKitError,\n VeridexStellarConfig,\n PasskeyAuthAssertion,\n} from './types.js';\n","/**\n * Veridex Protocol SDK — Stellar Passkey Signer\n *\n * Bridges Veridex's WebAuthn `PasskeyManager` to the SEP-43 signing surface\n * expected by Soroban smart accounts (and the Stellar-Wallets-Kit\n * `ModuleInterface`).\n *\n * Design:\n * - The signer treats every SEP-43 signing call (transaction / auth entry\n * / message) as a request to produce a WebAuthn assertion over the\n * SHA-256 of a canonical preimage.\n * - For a transaction we hash `network_id || tagged_tx_envelope` per the\n * XDR-hash spec; for an auth entry we hash the\n * `HashIdPreimageSorobanAuthorization`; for a message we hash the bytes\n * directly.\n * - The returned `signedTxXdr` / `signedAuthEntry` strings are\n * base64-encoded JSON containers carrying the assertion. The downstream\n * Soroban smart-account contract (`__check_auth`) is responsible for\n * parsing the container, verifying secp256r1, and authorizing.\n *\n * This separation lets `@veridex/sdk` ship without a hard dependency on\n * `@stellar/stellar-sdk`. Consumers who want full XDR-aware signing can\n * subclass and override `hashTransactionXdr` / `hashAuthEntry`.\n */\n\nimport { sha256 } from '@noble/hashes/sha256';\nimport { PasskeyManager } from '../../core/PasskeyManager.js';\nimport type { PasskeyCredential } from '../../core/PasskeyManager.js';\nimport { base64URLDecode } from '../../utils.js';\nimport {\n StellarNetworks,\n type PasskeyAuthAssertion,\n type VeridexStellarConfig,\n} from './types.js';\nimport { deriveSmartAccountId } from './SmartAccount.js';\n\nexport interface StellarPasskeySignerOptions {\n passkey: PasskeyManager;\n credential?: PasskeyCredential;\n config?: VeridexStellarConfig;\n}\n\nexport class StellarPasskeySigner {\n private readonly passkey: PasskeyManager;\n private credential?: PasskeyCredential;\n private readonly network: StellarNetworks;\n private readonly smartAccountContractId?: string;\n\n constructor(opts: StellarPasskeySignerOptions) {\n this.passkey = opts.passkey;\n this.credential = opts.credential;\n this.network = opts.config?.network ?? StellarNetworks.TESTNET;\n this.smartAccountContractId = opts.config?.smartAccountContractId;\n }\n\n /**\n * Returns the Soroban smart-account address (C-address-derivable hex)\n * associated with the active passkey. If a fixed contract id was\n * configured we return it verbatim; otherwise we derive deterministically.\n */\n async getAddress(skipRequestAccess = false): Promise<{ address: string }> {\n if (this.smartAccountContractId) {\n return { address: this.smartAccountContractId };\n }\n const cred = await this.ensureCredential(skipRequestAccess);\n const id = deriveSmartAccountId(cred.keyHash, this.network);\n return { address: id };\n }\n\n /**\n * Produce a SEP-43 `signedTxXdr` for the given transaction envelope XDR.\n *\n * Because we do not bundle `@stellar/stellar-sdk` we hash the XDR's\n * binary form prefixed with the network passphrase. Consumers that need\n * canonical Stellar transaction hashes should preprocess `xdr` to the\n * spec-compliant preimage before calling, or override this method.\n */\n async signTransaction(\n xdr: string,\n opts?: { networkPassphrase?: string; address?: string },\n ): Promise<{ signedTxXdr: string; signerAddress: string }> {\n const cred = await this.ensureCredential(true);\n const passphrase = opts?.networkPassphrase ?? this.network;\n const challenge = this.hashTransactionXdr(xdr, passphrase);\n const assertion = await this.signChallenge(challenge, cred);\n const container = this.encodeAssertionContainer('tx', xdr, assertion);\n const { address } = await this.getAddress(true);\n return { signedTxXdr: container, signerAddress: opts?.address ?? address };\n }\n\n /**\n * Sign a Soroban `HashIdPreimageSorobanAuthorization` XDR. The auth\n * entry payload is hashed and wrapped identically to a transaction.\n */\n async signAuthEntry(\n authEntry: string,\n opts?: { networkPassphrase?: string; address?: string },\n ): Promise<{ signedAuthEntry: string; signerAddress: string }> {\n const cred = await this.ensureCredential(true);\n const passphrase = opts?.networkPassphrase ?? this.network;\n const challenge = this.hashAuthEntry(authEntry, passphrase);\n const assertion = await this.signChallenge(challenge, cred);\n const container = this.encodeAssertionContainer('auth', authEntry, assertion);\n const { address } = await this.getAddress(true);\n return { signedAuthEntry: container, signerAddress: opts?.address ?? address };\n }\n\n /**\n * Sign an arbitrary message per SEP-43 `signMessage`.\n */\n async signMessage(\n message: string,\n opts?: { networkPassphrase?: string; address?: string },\n ): Promise<{ signedMessage: string; signerAddress: string }> {\n const cred = await this.ensureCredential(true);\n const challenge = sha256(new TextEncoder().encode(message));\n const assertion = await this.signChallenge(challenge, cred);\n const container = this.encodeAssertionContainer('msg', message, assertion);\n const { address } = await this.getAddress(true);\n return { signedMessage: container, signerAddress: opts?.address ?? address };\n }\n\n // ------------------------------------------------------------------\n // Internals\n // ------------------------------------------------------------------\n\n protected hashTransactionXdr(xdr: string, networkPassphrase: string): Uint8Array {\n const passphraseHash = sha256(new TextEncoder().encode(networkPassphrase));\n const xdrBytes = this.decodeBase64(xdr);\n const buf = new Uint8Array(passphraseHash.length + xdrBytes.length);\n buf.set(passphraseHash, 0);\n buf.set(xdrBytes, passphraseHash.length);\n return sha256(buf);\n }\n\n protected hashAuthEntry(authEntry: string, networkPassphrase: string): Uint8Array {\n return this.hashTransactionXdr(authEntry, networkPassphrase);\n }\n\n private async signChallenge(\n challenge: Uint8Array,\n credential: PasskeyCredential,\n ): Promise<PasskeyAuthAssertion> {\n const sig = await this.passkey.sign(challenge);\n return {\n keyHash: credential.keyHash,\n authenticatorData: sig.authenticatorData,\n clientDataJSON: sig.clientDataJSON,\n challengeIndex: sig.challengeIndex,\n typeIndex: sig.typeIndex,\n signatureR: '0x' + sig.r.toString(16).padStart(64, '0'),\n signatureS: '0x' + sig.s.toString(16).padStart(64, '0'),\n };\n }\n\n private async ensureCredential(skipRequestAccess: boolean): Promise<PasskeyCredential> {\n if (this.credential) return this.credential;\n if (skipRequestAccess) {\n throw new Error(\n 'StellarPasskeySigner: no credential cached. Call passkey.authenticate() ' +\n 'first or pass `credential` to the constructor.',\n );\n }\n const { credential } = await this.passkey.authenticate();\n this.credential = credential;\n return credential;\n }\n\n private encodeAssertionContainer(\n kind: 'tx' | 'auth' | 'msg',\n payload: string,\n assertion: PasskeyAuthAssertion,\n ): string {\n const container = {\n v: 1,\n kind,\n payload,\n assertion,\n };\n const json = JSON.stringify(container);\n if (typeof Buffer !== 'undefined') {\n return Buffer.from(json, 'utf8').toString('base64');\n }\n // Browser fallback.\n return btoa(unescape(encodeURIComponent(json)));\n }\n\n private decodeBase64(input: string): Uint8Array {\n try {\n if (typeof Buffer !== 'undefined') {\n return new Uint8Array(Buffer.from(input, 'base64'));\n }\n const binary = atob(input);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);\n return bytes;\n } catch {\n // Fall back to base64url if standard base64 fails.\n return base64URLDecode(input);\n }\n }\n}\n","/**\n * Veridex Protocol SDK - Utility Functions\n */\n\nimport { ethers } from 'ethers';\nimport type { ChainConfig } from './types.js';\nimport { TESTNET_CHAINS, MAINNET_CHAINS } from './constants.js';\n\n// ============================================================================\n// Base64URL Encoding/Decoding (WebAuthn compatible)\n// ============================================================================\n\n/**\n * Base64URL encode a buffer\n */\nexport function base64URLEncode(buffer: Uint8Array): string {\n // Convert Uint8Array to base64 using browser APIs\n const bytes = Array.from(buffer);\n const binary = String.fromCharCode(...bytes);\n const base64 = btoa(binary);\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n\n/**\n * Base64URL decode a string\n */\nexport function base64URLDecode(str: string): Uint8Array {\n const base64 = str.replace(/-/g, '+').replace(/_/g, '/');\n const padded = base64 + '='.repeat((4 - (base64.length % 4)) % 4);\n // Use browser's atob for base64 decoding\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n\n// ============================================================================\n// Signature Utilities\n// ============================================================================\n\n/**\n * Parse DER-encoded ECDSA signature to r and s values\n */\nexport function parseDERSignature(signature: Uint8Array): { r: Uint8Array; s: Uint8Array } {\n let offset = 0;\n\n if (signature[offset++] !== 0x30) {\n throw new Error('Invalid signature format');\n }\n\n // Skip total length\n offset++;\n\n if (signature[offset++] !== 0x02) {\n throw new Error('Invalid signature format');\n }\n\n const rLength = signature[offset++];\n if (rLength === undefined) {\n throw new Error('Invalid signature format: missing r length');\n }\n let r = signature.slice(offset, offset + rLength);\n offset += rLength;\n\n // Remove leading zero if present (for positive number representation)\n if (r[0] === 0x00 && r.length > 32) {\n r = r.slice(1);\n }\n // Pad to 32 bytes if needed\n if (r.length < 32) {\n const padded = new Uint8Array(32);\n padded.set(r, 32 - r.length);\n r = padded;\n }\n\n if (signature[offset++] !== 0x02) {\n throw new Error('Invalid signature format');\n }\n\n const sLength = signature[offset++];\n if (sLength === undefined) {\n throw new Error('Invalid signature format: missing s length');\n }\n let s = signature.slice(offset, offset + sLength);\n\n // Remove leading zero if present\n if (s[0] === 0x00 && s.length > 32) {\n s = s.slice(1);\n }\n // Pad to 32 bytes if needed\n if (s.length < 32) {\n const padded = new Uint8Array(32);\n padded.set(s, 32 - s.length);\n s = padded;\n }\n\n return { r, s };\n}\n\n/**\n * Encode signature for Solidity verification\n */\nexport function encodeSignatureForSolidity(r: bigint, s: bigint): string {\n return ethers.solidityPacked(['uint256', 'uint256'], [r, s]);\n}\n\n// ============================================================================\n// Key Hash Utilities\n// ============================================================================\n\n/**\n * Compute key hash from public key coordinates\n */\nexport function computeKeyHash(publicKeyX: bigint, publicKeyY: bigint): string {\n return ethers.keccak256(\n ethers.solidityPacked(['uint256', 'uint256'], [publicKeyX, publicKeyY])\n );\n}\n\n// ============================================================================\n// Chain Utilities\n// ============================================================================\n\n/**\n * Get chain config by name\n */\nexport function getChainConfig(chainName: string, testnet = true): ChainConfig | undefined {\n const chains = testnet ? TESTNET_CHAINS : MAINNET_CHAINS;\n return chains[chainName];\n}\n\n/**\n * Get chain config by Wormhole chain ID\n */\nexport function getChainByWormholeId(wormholeChainId: number, testnet = true): ChainConfig | undefined {\n const chains = testnet ? TESTNET_CHAINS : MAINNET_CHAINS;\n return Object.values(chains).find(chain => chain.wormholeChainId === wormholeChainId);\n}\n\n/**\n * Get chain config by EVM chain ID\n */\nexport function getChainByEvmId(evmChainId: number, testnet = true): ChainConfig | undefined {\n const chains = testnet ? TESTNET_CHAINS : MAINNET_CHAINS;\n return Object.values(chains).find(chain => chain.chainId === evmChainId);\n}\n\n/**\n * Check if a chain is EVM-compatible\n */\nexport function isEvmChain(wormholeChainId: number): boolean {\n // Non-EVM chains\n const nonEvmChains = new Set([1, 8, 15, 21, 22]); // Solana, Algorand, NEAR, Sui, Aptos\n return !nonEvmChains.has(wormholeChainId);\n}\n\n/**\n * Get all supported chains\n */\nexport function getSupportedChains(testnet = true): ChainConfig[] {\n const chains = testnet ? TESTNET_CHAINS : MAINNET_CHAINS;\n return Object.values(chains);\n}\n\n// ============================================================================\n// Explorer URL Utilities\n// ============================================================================\n\n/**\n * Get transaction explorer URL\n */\nexport function getTxExplorerUrl(chain: ChainConfig, txHash: string): string {\n if (chain.isEvm) {\n return `${chain.explorerUrl}/tx/${txHash}`;\n }\n\n // Non-EVM chains have different URL patterns\n switch (chain.wormholeChainId) {\n case 1: // Solana\n return `${chain.explorerUrl}/tx/${txHash}?cluster=devnet`;\n case 21: // Sui\n return `${chain.explorerUrl}/tx/${txHash}`;\n case 22: // Aptos\n return `${chain.explorerUrl}/txn/${txHash}?network=testnet`;\n default:\n return `${chain.explorerUrl}/tx/${txHash}`;\n }\n}\n\n/**\n * Get address explorer URL\n */\nexport function getAddressExplorerUrl(chain: ChainConfig, address: string): string {\n if (chain.isEvm) {\n return `${chain.explorerUrl}/address/${address}`;\n }\n\n switch (chain.wormholeChainId) {\n case 1: // Solana\n return `${chain.explorerUrl}/address/${address}?cluster=devnet`;\n case 21: // Sui\n return `${chain.explorerUrl}/account/${address}`;\n case 22: // Aptos\n return `${chain.explorerUrl}/account/${address}?network=testnet`;\n default:\n return `${chain.explorerUrl}/address/${address}`;\n }\n}\n\n// ============================================================================\n// Validation Utilities\n// ============================================================================\n\n/**\n * Validate an EVM address\n */\nexport function isValidEvmAddress(address: string): boolean {\n return ethers.isAddress(address);\n}\n\n/**\n * Validate a bytes32 hex string\n */\nexport function isValidBytes32(hex: string): boolean {\n const clean = hex.replace('0x', '');\n return /^[0-9a-fA-F]{64}$/.test(clean);\n}\n\n/**\n * Validate a Wormhole chain ID\n */\nexport function isValidWormholeChainId(chainId: number): boolean {\n // Valid Wormhole chain IDs range from 1 to ~10007 (testnets)\n return chainId >= 1 && chainId <= 50000;\n}\n\n// ============================================================================\n// Retry Utilities\n// ============================================================================\n\n/**\n * Retry a function with exponential backoff\n */\nexport async function retryWithBackoff<T>(\n fn: () => Promise<T>,\n options: {\n maxRetries?: number;\n initialDelayMs?: number;\n maxDelayMs?: number;\n backoffMultiplier?: number;\n onRetry?: (attempt: number, error: Error) => void;\n } = {}\n): Promise<T> {\n const {\n maxRetries = 5,\n initialDelayMs = 1000,\n maxDelayMs = 30000,\n backoffMultiplier = 2,\n onRetry,\n } = options;\n\n let lastError: Error | undefined;\n let delay = initialDelayMs;\n\n for (let attempt = 1; attempt <= maxRetries; attempt++) {\n try {\n return await fn();\n } catch (error) {\n lastError = error as Error;\n\n if (attempt < maxRetries) {\n onRetry?.(attempt, lastError);\n await sleep(delay);\n delay = Math.min(delay * backoffMultiplier, maxDelayMs);\n }\n }\n }\n\n throw lastError ?? new Error('Retry failed');\n}\n\n// ============================================================================\n// Helpers\n// ============================================================================\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise(resolve => setTimeout(resolve, ms));\n}\n","/**\n * Veridex Protocol SDK — Stellar chain types\n *\n * Local mirror of the subset of the Stellar-Wallets-Kit `ModuleInterface`\n * contract we implement. We mirror it (rather than importing from\n * `@creit.tech/stellar-wallets-kit`) so `@veridex/sdk` does not gain a hard\n * peer dependency on the kit. Consumers who already depend on the kit can\n * cast our module to the upstream type — the shapes are structurally\n * identical.\n *\n * Upstream reference: `@creit.tech/stellar-wallets-kit` →\n * src/types/mod.ts → `ModuleInterface`\n */\n\nexport enum StellarNetworks {\n PUBLIC = 'Public Global Stellar Network ; September 2015',\n TESTNET = 'Test SDF Network ; September 2015',\n FUTURENET = 'Test SDF Future Network ; October 2022',\n SANDBOX = 'Local Sandbox Stellar Network ; September 2022',\n STANDALONE = 'Standalone Network ; February 2017',\n}\n\nexport enum StellarModuleType {\n HW_WALLET = 'HW_WALLET',\n HOT_WALLET = 'HOT_WALLET',\n BRIDGE_WALLET = 'BRIDGE_WALLET',\n AIR_GAPED_WALLET = 'AIR_GAPED_WALLET',\n}\n\nexport interface StellarKitError {\n code: number;\n message: string;\n ext?: string;\n}\n\n/**\n * Stellar-Wallets-Kit `ModuleInterface` mirror.\n * Only the methods we implement are documented; signature-compatible with\n * the upstream contract.\n */\nexport interface StellarWalletModuleInterface {\n moduleType: StellarModuleType;\n productId: string;\n productName: string;\n productUrl: string;\n productIcon: string;\n\n isAvailable(): Promise<boolean>;\n isPlatformWrapper?(): Promise<boolean>;\n\n getAddress(params?: {\n path?: string;\n skipRequestAccess?: boolean;\n }): Promise<{ address: string }>;\n\n signTransaction(\n xdr: string,\n opts?: {\n networkPassphrase?: string;\n address?: string;\n path?: string;\n },\n ): Promise<{ signedTxXdr: string; signerAddress?: string }>;\n\n signAuthEntry(\n authEntry: string,\n opts?: {\n networkPassphrase?: string;\n address?: string;\n path?: string;\n },\n ): Promise<{ signedAuthEntry: string; signerAddress?: string }>;\n\n signMessage(\n message: string,\n opts?: {\n networkPassphrase?: string;\n address?: string;\n path?: string;\n },\n ): Promise<{ signedMessage: string; signerAddress?: string }>;\n}\n\n/**\n * Veridex-specific configuration for the Stellar passkey signer.\n */\nexport interface VeridexStellarConfig {\n /** Stellar network passphrase. Defaults to TESTNET. */\n network?: StellarNetworks;\n /**\n * Soroban RPC URL (used to resolve the smart-account address or submit\n * transactions when `signAndSubmitTransaction` is invoked).\n */\n rpcUrl?: string;\n /**\n * Optional pre-deployed smart-account contract id (C-address). If\n * provided, `getAddress()` returns this directly. Otherwise the address\n * is derived deterministically from the passkey `keyHash`.\n */\n smartAccountContractId?: string;\n /**\n * Override the deterministic smart-account factory contract. Used for\n * address derivation when `smartAccountContractId` is not set.\n */\n smartAccountFactory?: string;\n}\n\n/**\n * A signed WebAuthn assertion ready to be embedded in a Soroban auth entry.\n *\n * The shape matches what a Soroban smart-account's `__check_auth` entrypoint\n * needs to verify a secp256r1 passkey signature:\n * - `keyHash` identifies which registered passkey signed\n * - `authenticatorData` + `clientDataJSON` are the WebAuthn assertion\n * - `r`, `s` are the secp256r1 signature components\n */\nexport interface PasskeyAuthAssertion {\n keyHash: string;\n authenticatorData: string;\n clientDataJSON: string;\n challengeIndex: number;\n typeIndex: number;\n signatureR: string;\n signatureS: string;\n}\n","/**\n * Veridex Protocol SDK — Soroban smart-account address derivation\n *\n * The Veridex Stellar adapter binds a WebAuthn passkey to a Soroban smart\n * account whose `__check_auth` entry verifies secp256r1 signatures against\n * the passkey's `keyHash`.\n *\n * For the credibility-artifact stage we expose deterministic address\n * derivation only — actual deployment is handled by a separate Soroban\n * factory contract (see `contracts/stellar/` once added). This keeps the\n * SDK chain-agnostic and avoids pulling in the heavy `@stellar/stellar-sdk`\n * runtime.\n */\n\nimport { sha256 } from '@noble/hashes/sha256';\n\n/**\n * Deterministically derive a Soroban contract id (C-address) from a passkey\n * `keyHash`. This mirrors the SEP-0011 Stellar contract-id derivation\n * scheme: contract_id = sha256(networkPassphrase || keyHash || salt).\n *\n * NOTE: This returns a stable 32-byte identifier encoded as hex. To produce\n * a canonical `C...` strkey representation the consumer must encode it with\n * `StrKey.encodeContract` from `@stellar/stellar-sdk`. We deliberately keep\n * the encoding out of `@veridex/sdk` to avoid a hard dependency.\n *\n * @param keyHash - The Veridex passkey keyHash (hex, with or without 0x).\n * @param networkPassphrase - Stellar network passphrase (e.g. testnet).\n * @param salt - Optional 32-byte salt (hex). Defaults to all-zeros.\n * @returns The 32-byte contract id encoded as a 0x-prefixed hex string.\n */\nexport function deriveSmartAccountId(\n keyHash: string,\n networkPassphrase: string,\n salt?: string,\n): string {\n const cleanHash = keyHash.startsWith('0x') ? keyHash.slice(2) : keyHash;\n if (cleanHash.length !== 64) {\n throw new Error(\n `deriveSmartAccountId: keyHash must be 32 bytes (64 hex chars), got ${cleanHash.length}`,\n );\n }\n\n const cleanSalt = salt\n ? (salt.startsWith('0x') ? salt.slice(2) : salt)\n : '0'.repeat(64);\n if (cleanSalt.length !== 64) {\n throw new Error(\n `deriveSmartAccountId: salt must be 32 bytes (64 hex chars), got ${cleanSalt.length}`,\n );\n }\n\n const encoder = new TextEncoder();\n const passphraseBytes = encoder.encode(networkPassphrase);\n const keyHashBytes = hexToBytes(cleanHash);\n const saltBytes = hexToBytes(cleanSalt);\n\n const buffer = new Uint8Array(\n passphraseBytes.length + keyHashBytes.length + saltBytes.length,\n );\n buffer.set(passphraseBytes, 0);\n buffer.set(keyHashBytes, passphraseBytes.length);\n buffer.set(saltBytes, passphraseBytes.length + keyHashBytes.length);\n\n const digest = sha256(buffer);\n return '0x' + bytesToHex(digest);\n}\n\nfunction hexToBytes(hex: string): Uint8Array {\n const out = new Uint8Array(hex.length / 2);\n for (let i = 0; i < out.length; i++) {\n out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);\n }\n return out;\n}\n\nfunction bytesToHex(bytes: Uint8Array): string {\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += bytes[i].toString(16).padStart(2, '0');\n }\n return hex;\n}\n","/**\n * Veridex Protocol SDK — Stellar-Wallets-Kit ModuleInterface implementation\n *\n * Drop-in module for `@creit.tech/stellar-wallets-kit` that exposes\n * Veridex's passkey-backed Soroban smart account as a wallet option.\n *\n * Usage (downstream app):\n * ```ts\n * import { StellarWalletsKit, allowAllModules } from '@creit.tech/stellar-wallets-kit';\n * import { PasskeyManager } from '@veridex/sdk/passkey';\n * import { VeridexStellarWalletModule } from '@veridex/sdk/chains/stellar';\n *\n * const passkey = new PasskeyManager({ rpName: 'My Dapp' });\n * const veridexModule = new VeridexStellarWalletModule({ passkey });\n *\n * const kit = new StellarWalletsKit({\n * network: WalletNetwork.TESTNET,\n * selectedWalletId: VERIDEX_PASSKEY_ID,\n * modules: [...allowAllModules(), veridexModule],\n * });\n * ```\n */\n\nimport { browserSupportsWebAuthn } from '@simplewebauthn/browser';\nimport { PasskeyManager } from '../../core/PasskeyManager.js';\nimport type { PasskeyCredential } from '../../core/PasskeyManager.js';\nimport { StellarPasskeySigner } from './StellarPasskeySigner.js';\nimport {\n StellarModuleType,\n StellarNetworks,\n type StellarWalletModuleInterface,\n type VeridexStellarConfig,\n} from './types.js';\n\nexport const VERIDEX_PASSKEY_ID = 'veridex-passkey';\n\nexport interface VeridexStellarWalletModuleOptions {\n passkey: PasskeyManager;\n credential?: PasskeyCredential;\n config?: VeridexStellarConfig;\n productName?: string;\n productUrl?: string;\n productIcon?: string;\n}\n\nexport class VeridexStellarWalletModule implements StellarWalletModuleInterface {\n readonly moduleType: StellarModuleType = StellarModuleType.HOT_WALLET;\n readonly productId: string = VERIDEX_PASSKEY_ID;\n readonly productName: string;\n readonly productUrl: string;\n readonly productIcon: string;\n\n private readonly signer: StellarPasskeySigner;\n\n constructor(opts: VeridexStellarWalletModuleOptions) {\n this.signer = new StellarPasskeySigner({\n passkey: opts.passkey,\n credential: opts.credential,\n config: opts.config,\n });\n this.productName = opts.productName ?? 'Veridex Passkey';\n this.productUrl = opts.productUrl ?? 'https://veridex.network';\n this.productIcon =\n opts.productIcon ??\n 'https://veridex.network/icons/passkey-256.png';\n }\n\n async isAvailable(): Promise<boolean> {\n try {\n return browserSupportsWebAuthn();\n } catch {\n return false;\n }\n }\n\n async isPlatformWrapper(): Promise<boolean> {\n return false;\n }\n\n async getAddress(params?: {\n path?: string;\n skipRequestAccess?: boolean;\n }): Promise<{ address: string }> {\n return this.signer.getAddress(params?.skipRequestAccess);\n }\n\n async signTransaction(\n xdr: string,\n opts?: { networkPassphrase?: string; address?: string; path?: string },\n ): Promise<{ signedTxXdr: string; signerAddress?: string }> {\n return this.signer.signTransaction(xdr, {\n networkPassphrase: opts?.networkPassphrase,\n address: opts?.address,\n });\n }\n\n async signAuthEntry(\n authEntry: string,\n opts?: { networkPassphrase?: string; address?: string; path?: string },\n ): Promise<{ signedAuthEntry: string; signerAddress?: string }> {\n return this.signer.signAuthEntry(authEntry, {\n networkPassphrase: opts?.networkPassphrase,\n address: opts?.address,\n });\n }\n\n async signMessage(\n message: string,\n opts?: { networkPassphrase?: string; address?: string; path?: string },\n ): Promise<{ signedMessage: string; signerAddress?: string }> {\n return this.signer.signMessage(message, {\n networkPassphrase: opts?.networkPassphrase,\n address: opts?.address,\n });\n }\n}\n\nexport { StellarNetworks };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACyBA,IAAAA,iBAAuB;;;ACrBvB,oBAAuB;AAsBhB,SAAS,gBAAgB,KAAyB;AACvD,QAAM,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACvD,QAAM,SAAS,SAAS,IAAI,QAAQ,IAAK,OAAO,SAAS,KAAM,CAAC;AAEhE,QAAM,SAAS,KAAK,MAAM;AAC1B,QAAM,QAAQ,IAAI,WAAW,OAAO,MAAM;AAC1C,WAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,UAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AAAA,EAChC;AACA,SAAO;AACT;;;ACtBO,IAAK,kBAAL,kBAAKC,qBAAL;AACH,EAAAA,iBAAA,YAAS;AACT,EAAAA,iBAAA,aAAU;AACV,EAAAA,iBAAA,eAAY;AACZ,EAAAA,iBAAA,aAAU;AACV,EAAAA,iBAAA,gBAAa;AALL,SAAAA;AAAA,GAAA;AAQL,IAAK,oBAAL,kBAAKC,uBAAL;AACH,EAAAA,mBAAA,eAAY;AACZ,EAAAA,mBAAA,gBAAa;AACb,EAAAA,mBAAA,mBAAgB;AAChB,EAAAA,mBAAA,sBAAmB;AAJX,SAAAA;AAAA,GAAA;;;ACRZ,oBAAuB;AAiBhB,SAAS,qBACZ,SACA,mBACA,MACM;AACN,QAAM,YAAY,QAAQ,WAAW,IAAI,IAAI,QAAQ,MAAM,CAAC,IAAI;AAChE,MAAI,UAAU,WAAW,IAAI;AACzB,UAAM,IAAI;AAAA,MACN,sEAAsE,UAAU,MAAM;AAAA,IAC1F;AAAA,EACJ;AAEA,QAAM,YAAY,OACX,KAAK,WAAW,IAAI,IAAI,KAAK,MAAM,CAAC,IAAI,OACzC,IAAI,OAAO,EAAE;AACnB,MAAI,UAAU,WAAW,IAAI;AACzB,UAAM,IAAI;AAAA,MACN,mEAAmE,UAAU,MAAM;AAAA,IACvF;AAAA,EACJ;AAEA,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,kBAAkB,QAAQ,OAAO,iBAAiB;AACxD,QAAM,eAAe,WAAW,SAAS;AACzC,QAAM,YAAY,WAAW,SAAS;AAEtC,QAAM,SAAS,IAAI;AAAA,IACf,gBAAgB,SAAS,aAAa,SAAS,UAAU;AAAA,EAC7D;AACA,SAAO,IAAI,iBAAiB,CAAC;AAC7B,SAAO,IAAI,cAAc,gBAAgB,MAAM;AAC/C,SAAO,IAAI,WAAW,gBAAgB,SAAS,aAAa,MAAM;AAElE,QAAM,aAAS,sBAAO,MAAM;AAC5B,SAAO,OAAO,WAAW,MAAM;AACnC;AAEA,SAAS,WAAW,KAAyB;AACzC,QAAM,MAAM,IAAI,WAAW,IAAI,SAAS,CAAC;AACzC,WAAS,IAAI,GAAG,IAAI,IAAI,QAAQ,KAAK;AACjC,QAAI,CAAC,IAAI,SAAS,IAAI,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE;AAAA,EACrD;AACA,SAAO;AACX;AAEA,SAAS,WAAW,OAA2B;AAC3C,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACnC,WAAO,MAAM,CAAC,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,EAChD;AACA,SAAO;AACX;;;AHxCO,IAAM,uBAAN,MAA2B;AAAA,EACb;AAAA,EACT;AAAA,EACS;AAAA,EACA;AAAA,EAEjB,YAAY,MAAmC;AAC3C,SAAK,UAAU,KAAK;AACpB,SAAK,aAAa,KAAK;AACvB,SAAK,UAAU,KAAK,QAAQ;AAC5B,SAAK,yBAAyB,KAAK,QAAQ;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,WAAW,oBAAoB,OAAqC;AACtE,QAAI,KAAK,wBAAwB;AAC7B,aAAO,EAAE,SAAS,KAAK,uBAAuB;AAAA,IAClD;AACA,UAAM,OAAO,MAAM,KAAK,iBAAiB,iBAAiB;AAC1D,UAAM,KAAK,qBAAqB,KAAK,SAAS,KAAK,OAAO;AAC1D,WAAO,EAAE,SAAS,GAAG;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,gBACF,KACA,MACuD;AACvD,UAAM,OAAO,MAAM,KAAK,iBAAiB,IAAI;AAC7C,UAAM,aAAa,MAAM,qBAAqB,KAAK;AACnD,UAAM,YAAY,KAAK,mBAAmB,KAAK,UAAU;AACzD,UAAM,YAAY,MAAM,KAAK,cAAc,WAAW,IAAI;AAC1D,UAAM,YAAY,KAAK,yBAAyB,MAAM,KAAK,SAAS;AACpE,UAAM,EAAE,QAAQ,IAAI,MAAM,KAAK,WAAW,IAAI;AAC9C,WAAO,EAAE,aAAa,WAAW,eAAe,MAAM,WAAW,QAAQ;AAAA,EAC7E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,cACF,WACA,MAC2D;AAC3D,UAAM,OAAO,MAAM,KAAK,iBAAiB,IAAI;AAC7C,UAAM,aAAa,MAAM,qBAAqB,KAAK;AACnD,UAAM,YAAY,KAAK,cAAc,WAAW,UAAU;AAC1D,UAAM,YAAY,MAAM,KAAK,cAAc,WAAW,IAAI;AAC1D,UAAM,YAAY,KAAK,yBAAyB,QAAQ,WAAW,SAAS;AAC5E,UAAM,EAAE,QAAQ,IAAI,MAAM,KAAK,WAAW,IAAI;AAC9C,WAAO,EAAE,iBAAiB,WAAW,eAAe,MAAM,WAAW,QAAQ;AAAA,EACjF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YACF,SACA,MACyD;AACzD,UAAM,OAAO,MAAM,KAAK,iBAAiB,IAAI;AAC7C,UAAM,gBAAY,uBAAO,IAAI,YAAY,EAAE,OAAO,OAAO,CAAC;AAC1D,UAAM,YAAY,MAAM,KAAK,cAAc,WAAW,IAAI;AAC1D,UAAM,YAAY,KAAK,yBAAyB,OAAO,SAAS,SAAS;AACzE,UAAM,EAAE,QAAQ,IAAI,MAAM,KAAK,WAAW,IAAI;AAC9C,WAAO,EAAE,eAAe,WAAW,eAAe,MAAM,WAAW,QAAQ;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA,EAMU,mBAAmB,KAAa,mBAAuC;AAC7E,UAAM,qBAAiB,uBAAO,IAAI,YAAY,EAAE,OAAO,iBAAiB,CAAC;AACzE,UAAM,WAAW,KAAK,aAAa,GAAG;AACtC,UAAM,MAAM,IAAI,WAAW,eAAe,SAAS,SAAS,MAAM;AAClE,QAAI,IAAI,gBAAgB,CAAC;AACzB,QAAI,IAAI,UAAU,eAAe,MAAM;AACvC,eAAO,uBAAO,GAAG;AAAA,EACrB;AAAA,EAEU,cAAc,WAAmB,mBAAuC;AAC9E,WAAO,KAAK,mBAAmB,WAAW,iBAAiB;AAAA,EAC/D;AAAA,EAEA,MAAc,cACV,WACA,YAC6B;AAC7B,UAAM,MAAM,MAAM,KAAK,QAAQ,KAAK,SAAS;AAC7C,WAAO;AAAA,MACH,SAAS,WAAW;AAAA,MACpB,mBAAmB,IAAI;AAAA,MACvB,gBAAgB,IAAI;AAAA,MACpB,gBAAgB,IAAI;AAAA,MACpB,WAAW,IAAI;AAAA,MACf,YAAY,OAAO,IAAI,EAAE,SAAS,EAAE,EAAE,SAAS,IAAI,GAAG;AAAA,MACtD,YAAY,OAAO,IAAI,EAAE,SAAS,EAAE,EAAE,SAAS,IAAI,GAAG;AAAA,IAC1D;AAAA,EACJ;AAAA,EAEA,MAAc,iBAAiB,mBAAwD;AACnF,QAAI,KAAK,WAAY,QAAO,KAAK;AACjC,QAAI,mBAAmB;AACnB,YAAM,IAAI;AAAA,QACN;AAAA,MAEJ;AAAA,IACJ;AACA,UAAM,EAAE,WAAW,IAAI,MAAM,KAAK,QAAQ,aAAa;AACvD,SAAK,aAAa;AAClB,WAAO;AAAA,EACX;AAAA,EAEQ,yBACJ,MACA,SACA,WACM;AACN,UAAM,YAAY;AAAA,MACd,GAAG;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,IACJ;AACA,UAAM,OAAO,KAAK,UAAU,SAAS;AACrC,QAAI,OAAO,WAAW,aAAa;AAC/B,aAAO,OAAO,KAAK,MAAM,MAAM,EAAE,SAAS,QAAQ;AAAA,IACtD;AAEA,WAAO,KAAK,SAAS,mBAAmB,IAAI,CAAC,CAAC;AAAA,EAClD;AAAA,EAEQ,aAAa,OAA2B;AAC5C,QAAI;AACA,UAAI,OAAO,WAAW,aAAa;AAC/B,eAAO,IAAI,WAAW,OAAO,KAAK,OAAO,QAAQ,CAAC;AAAA,MACtD;AACA,YAAM,SAAS,KAAK,KAAK;AACzB,YAAM,QAAQ,IAAI,WAAW,OAAO,MAAM;AAC1C,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,IAAK,OAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AACtE,aAAO;AAAA,IACX,QAAQ;AAEJ,aAAO,gBAAgB,KAAK;AAAA,IAChC;AAAA,EACJ;AACJ;;;AIlLA,qBAAwC;AAWjC,IAAM,qBAAqB;AAW3B,IAAM,6BAAN,MAAyE;AAAA,EACnE;AAAA,EACA,YAAoB;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EAEQ;AAAA,EAEjB,YAAY,MAAyC;AACjD,SAAK,SAAS,IAAI,qBAAqB;AAAA,MACnC,SAAS,KAAK;AAAA,MACd,YAAY,KAAK;AAAA,MACjB,QAAQ,KAAK;AAAA,IACjB,CAAC;AACD,SAAK,cAAc,KAAK,eAAe;AACvC,SAAK,aAAa,KAAK,cAAc;AACrC,SAAK,cACD,KAAK,eACL;AAAA,EACR;AAAA,EAEA,MAAM,cAAgC;AAClC,QAAI;AACA,iBAAO,wCAAwB;AAAA,IACnC,QAAQ;AACJ,aAAO;AAAA,IACX;AAAA,EACJ;AAAA,EAEA,MAAM,oBAAsC;AACxC,WAAO;AAAA,EACX;AAAA,EAEA,MAAM,WAAW,QAGgB;AAC7B,WAAO,KAAK,OAAO,WAAW,QAAQ,iBAAiB;AAAA,EAC3D;AAAA,EAEA,MAAM,gBACF,KACA,MACwD;AACxD,WAAO,KAAK,OAAO,gBAAgB,KAAK;AAAA,MACpC,mBAAmB,MAAM;AAAA,MACzB,SAAS,MAAM;AAAA,IACnB,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,cACF,WACA,MAC4D;AAC5D,WAAO,KAAK,OAAO,cAAc,WAAW;AAAA,MACxC,mBAAmB,MAAM;AAAA,MACzB,SAAS,MAAM;AAAA,IACnB,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,YACF,SACA,MAC0D;AAC1D,WAAO,KAAK,OAAO,YAAY,SAAS;AAAA,MACpC,mBAAmB,MAAM;AAAA,MACzB,SAAS,MAAM;AAAA,IACnB,CAAC;AAAA,EACL;AACJ;","names":["import_sha256","StellarNetworks","StellarModuleType"]}

package/dist/chains/stellar/index.mjs ADDED Viewed

@@ -0,0 +1,260 @@
+import {
+  base64URLDecode
+} from "../../chunk-EFIXFA6V.mjs";
+import "../../chunk-RD6ZYUVG.mjs";
+// src/chains/stellar/StellarPasskeySigner.ts
+import { sha256 as sha2562 } from "@noble/hashes/sha256";
+// src/chains/stellar/types.ts
+var StellarNetworks = /* @__PURE__ */ ((StellarNetworks2) => {
+  StellarNetworks2["PUBLIC"] = "Public Global Stellar Network ; September 2015";
+  StellarNetworks2["TESTNET"] = "Test SDF Network ; September 2015";
+  StellarNetworks2["FUTURENET"] = "Test SDF Future Network ; October 2022";
+  StellarNetworks2["SANDBOX"] = "Local Sandbox Stellar Network ; September 2022";
+  StellarNetworks2["STANDALONE"] = "Standalone Network ; February 2017";
+  return StellarNetworks2;
+})(StellarNetworks || {});
+var StellarModuleType = /* @__PURE__ */ ((StellarModuleType2) => {
+  StellarModuleType2["HW_WALLET"] = "HW_WALLET";
+  StellarModuleType2["HOT_WALLET"] = "HOT_WALLET";
+  StellarModuleType2["BRIDGE_WALLET"] = "BRIDGE_WALLET";
+  StellarModuleType2["AIR_GAPED_WALLET"] = "AIR_GAPED_WALLET";
+  return StellarModuleType2;
+})(StellarModuleType || {});
+// src/chains/stellar/SmartAccount.ts
+import { sha256 } from "@noble/hashes/sha256";
+function deriveSmartAccountId(keyHash, networkPassphrase, salt) {
+  const cleanHash = keyHash.startsWith("0x") ? keyHash.slice(2) : keyHash;
+  if (cleanHash.length !== 64) {
+    throw new Error(
+      `deriveSmartAccountId: keyHash must be 32 bytes (64 hex chars), got ${cleanHash.length}`
+    );
+  }
+  const cleanSalt = salt ? salt.startsWith("0x") ? salt.slice(2) : salt : "0".repeat(64);
+  if (cleanSalt.length !== 64) {
+    throw new Error(
+      `deriveSmartAccountId: salt must be 32 bytes (64 hex chars), got ${cleanSalt.length}`
+    );
+  }
+  const encoder = new TextEncoder();
+  const passphraseBytes = encoder.encode(networkPassphrase);
+  const keyHashBytes = hexToBytes(cleanHash);
+  const saltBytes = hexToBytes(cleanSalt);
+  const buffer = new Uint8Array(
+    passphraseBytes.length + keyHashBytes.length + saltBytes.length
+  );
+  buffer.set(passphraseBytes, 0);
+  buffer.set(keyHashBytes, passphraseBytes.length);
+  buffer.set(saltBytes, passphraseBytes.length + keyHashBytes.length);
+  const digest = sha256(buffer);
+  return "0x" + bytesToHex(digest);
+}
+function hexToBytes(hex) {
+  const out = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < out.length; i++) {
+    out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+  }
+  return out;
+}
+function bytesToHex(bytes) {
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += bytes[i].toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+// src/chains/stellar/StellarPasskeySigner.ts
+var StellarPasskeySigner = class {
+  passkey;
+  credential;
+  network;
+  smartAccountContractId;
+  constructor(opts) {
+    this.passkey = opts.passkey;
+    this.credential = opts.credential;
+    this.network = opts.config?.network ?? "Test SDF Network ; September 2015" /* TESTNET */;
+    this.smartAccountContractId = opts.config?.smartAccountContractId;
+  }
+  /**
+   * Returns the Soroban smart-account address (C-address-derivable hex)
+   * associated with the active passkey. If a fixed contract id was
+   * configured we return it verbatim; otherwise we derive deterministically.
+   */
+  async getAddress(skipRequestAccess = false) {
+    if (this.smartAccountContractId) {
+      return { address: this.smartAccountContractId };
+    }
+    const cred = await this.ensureCredential(skipRequestAccess);
+    const id = deriveSmartAccountId(cred.keyHash, this.network);
+    return { address: id };
+  }
+  /**
+   * Produce a SEP-43 `signedTxXdr` for the given transaction envelope XDR.
+   *
+   * Because we do not bundle `@stellar/stellar-sdk` we hash the XDR's
+   * binary form prefixed with the network passphrase. Consumers that need
+   * canonical Stellar transaction hashes should preprocess `xdr` to the
+   * spec-compliant preimage before calling, or override this method.
+   */
+  async signTransaction(xdr, opts) {
+    const cred = await this.ensureCredential(true);
+    const passphrase = opts?.networkPassphrase ?? this.network;
+    const challenge = this.hashTransactionXdr(xdr, passphrase);
+    const assertion = await this.signChallenge(challenge, cred);
+    const container = this.encodeAssertionContainer("tx", xdr, assertion);
+    const { address } = await this.getAddress(true);
+    return { signedTxXdr: container, signerAddress: opts?.address ?? address };
+  }
+  /**
+   * Sign a Soroban `HashIdPreimageSorobanAuthorization` XDR. The auth
+   * entry payload is hashed and wrapped identically to a transaction.
+   */
+  async signAuthEntry(authEntry, opts) {
+    const cred = await this.ensureCredential(true);
+    const passphrase = opts?.networkPassphrase ?? this.network;
+    const challenge = this.hashAuthEntry(authEntry, passphrase);
+    const assertion = await this.signChallenge(challenge, cred);
+    const container = this.encodeAssertionContainer("auth", authEntry, assertion);
+    const { address } = await this.getAddress(true);
+    return { signedAuthEntry: container, signerAddress: opts?.address ?? address };
+  }
+  /**
+   * Sign an arbitrary message per SEP-43 `signMessage`.
+   */
+  async signMessage(message, opts) {
+    const cred = await this.ensureCredential(true);
+    const challenge = sha2562(new TextEncoder().encode(message));
+    const assertion = await this.signChallenge(challenge, cred);
+    const container = this.encodeAssertionContainer("msg", message, assertion);
+    const { address } = await this.getAddress(true);
+    return { signedMessage: container, signerAddress: opts?.address ?? address };
+  }
+  // ------------------------------------------------------------------
+  // Internals
+  // ------------------------------------------------------------------
+  hashTransactionXdr(xdr, networkPassphrase) {
+    const passphraseHash = sha2562(new TextEncoder().encode(networkPassphrase));
+    const xdrBytes = this.decodeBase64(xdr);
+    const buf = new Uint8Array(passphraseHash.length + xdrBytes.length);
+    buf.set(passphraseHash, 0);
+    buf.set(xdrBytes, passphraseHash.length);
+    return sha2562(buf);
+  }
+  hashAuthEntry(authEntry, networkPassphrase) {
+    return this.hashTransactionXdr(authEntry, networkPassphrase);
+  }
+  async signChallenge(challenge, credential) {
+    const sig = await this.passkey.sign(challenge);
+    return {
+      keyHash: credential.keyHash,
+      authenticatorData: sig.authenticatorData,
+      clientDataJSON: sig.clientDataJSON,
+      challengeIndex: sig.challengeIndex,
+      typeIndex: sig.typeIndex,
+      signatureR: "0x" + sig.r.toString(16).padStart(64, "0"),
+      signatureS: "0x" + sig.s.toString(16).padStart(64, "0")
+    };
+  }
+  async ensureCredential(skipRequestAccess) {
+    if (this.credential) return this.credential;
+    if (skipRequestAccess) {
+      throw new Error(
+        "StellarPasskeySigner: no credential cached. Call passkey.authenticate() first or pass `credential` to the constructor."
+      );
+    }
+    const { credential } = await this.passkey.authenticate();
+    this.credential = credential;
+    return credential;
+  }
+  encodeAssertionContainer(kind, payload, assertion) {
+    const container = {
+      v: 1,
+      kind,
+      payload,
+      assertion
+    };
+    const json = JSON.stringify(container);
+    if (typeof Buffer !== "undefined") {
+      return Buffer.from(json, "utf8").toString("base64");
+    }
+    return btoa(unescape(encodeURIComponent(json)));
+  }
+  decodeBase64(input) {
+    try {
+      if (typeof Buffer !== "undefined") {
+        return new Uint8Array(Buffer.from(input, "base64"));
+      }
+      const binary = atob(input);
+      const bytes = new Uint8Array(binary.length);
+      for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+      return bytes;
+    } catch {
+      return base64URLDecode(input);
+    }
+  }
+};
+// src/chains/stellar/VeridexStellarWalletModule.ts
+import { browserSupportsWebAuthn } from "@simplewebauthn/browser";
+var VERIDEX_PASSKEY_ID = "veridex-passkey";
+var VeridexStellarWalletModule = class {
+  moduleType = "HOT_WALLET" /* HOT_WALLET */;
+  productId = VERIDEX_PASSKEY_ID;
+  productName;
+  productUrl;
+  productIcon;
+  signer;
+  constructor(opts) {
+    this.signer = new StellarPasskeySigner({
+      passkey: opts.passkey,
+      credential: opts.credential,
+      config: opts.config
+    });
+    this.productName = opts.productName ?? "Veridex Passkey";
+    this.productUrl = opts.productUrl ?? "https://veridex.network";
+    this.productIcon = opts.productIcon ?? "https://veridex.network/icons/passkey-256.png";
+  }
+  async isAvailable() {
+    try {
+      return browserSupportsWebAuthn();
+    } catch {
+      return false;
+    }
+  }
+  async isPlatformWrapper() {
+    return false;
+  }
+  async getAddress(params) {
+    return this.signer.getAddress(params?.skipRequestAccess);
+  }
+  async signTransaction(xdr, opts) {
+    return this.signer.signTransaction(xdr, {
+      networkPassphrase: opts?.networkPassphrase,
+      address: opts?.address
+    });
+  }
+  async signAuthEntry(authEntry, opts) {
+    return this.signer.signAuthEntry(authEntry, {
+      networkPassphrase: opts?.networkPassphrase,
+      address: opts?.address
+    });
+  }
+  async signMessage(message, opts) {
+    return this.signer.signMessage(message, {
+      networkPassphrase: opts?.networkPassphrase,
+      address: opts?.address
+    });
+  }
+};
+export {
+  StellarModuleType,
+  StellarNetworks,
+  StellarPasskeySigner,
+  VERIDEX_PASSKEY_ID,
+  VeridexStellarWalletModule,
+  deriveSmartAccountId
+};
+//# sourceMappingURL=index.mjs.map