@zerodev/wallet-core 0.0.1-alpha.19 → 0.0.1-alpha.21

package/package.json

@@ -1,15 +1,65 @@
 {
   "name": "@zerodev/wallet-core",
-  "version": "0.0.1-alpha.19",
+  "version": "0.0.1-alpha.21",
   "description": "ZeroDev Wallet SDK built on Turnkey",
+  "sideEffects": false,
   "main": "./dist/_cjs/index.js",
   "module": "./dist/_esm/index.js",
   "types": "./dist/_types/index.d.ts",
   "exports": {
     ".": {
-      "types": "./dist/_types/index.d.ts",
-      "import": "./dist/_esm/index.js",
-      "require": "./dist/_cjs/index.js"
+      "react-native": {
+        "types": "./dist/_types/index.native.d.ts",
+        "default": "./dist/_esm/index.native.js"
+      },
+      "browser": {
+        "types": "./dist/_types/index.d.ts",
+        "default": "./dist/_esm/index.js"
+      },
+      "import": {
+        "types": "./dist/_types/index.d.ts",
+        "default": "./dist/_esm/index.js"
+      },
+      "require": {
+        "types": "./dist/_types/index.d.ts",
+        "default": "./dist/_cjs/index.js"
+      },
+      "default": {
+        "types": "./dist/_types/index.d.ts",
+        "default": "./dist/_esm/index.js"
+      }
+    },
+    "./react-native": {
+      "browser": "./dist/_esm/stubs/native-on-web.js",
+      "import": {
+        "types": "./dist/_types/index.native.d.ts",
+        "default": "./dist/_esm/index.native.js"
+      },
+      "default": "./dist/_esm/index.native.js"
+    },
+    "./react-native/stampers/secure-store": {
+      "browser": "./dist/_esm/stubs/native-on-web.js",
+      "import": {
+        "types": "./dist/_types/native/stampers/secureStore.d.ts",
+        "default": "./dist/_esm/native/stampers/secureStore.js"
+      },
+      "default": "./dist/_esm/native/stampers/secureStore.js"
+    },
+    "./react-native/stampers/passkey": {
+      "browser": "./dist/_esm/stubs/native-on-web.js",
+      "import": {
+        "types": "./dist/_types/native/stampers/passkey.d.ts",
+        "default": "./dist/_esm/native/stampers/passkey.js"
+      },
+      "default": "./dist/_esm/native/stampers/passkey.js"
+    },
+    "./react-native/storage/async-storage": {
+      "browser": "./dist/_esm/stubs/native-on-web.js",
+      "import": {
+        "types": "./dist/_types/native/storage/asyncStorage.d.ts",
+        "default": "./dist/_esm/native/storage/asyncStorage.js"
+      },
+      "default": "./dist/_esm/native/storage/asyncStorage.js"
     },
     "./viem": {
       "types": "./dist/_types/adapters/viem.d.ts",
@@ -20,11 +70,6 @@
       "types": "./dist/_types/actions/index.d.ts",
       "import": "./dist/_esm/actions/index.js",
       "require": "./dist/_cjs/actions/index.js"
-    },
-    "./stampers": {
-      "types": "./dist/_types/stampers/index.d.ts",
-      "import": "./dist/_esm/stampers/index.js",
-      "require": "./dist/_cjs/stampers/index.js"
     }
   },
   "files": [
@@ -59,12 +104,48 @@
     "json-canonicalize": "^2.0.0"
   },
   "peerDependencies": {
-    "viem": "^2.38.0"
+    "viem": "^2.38.0",
+    "@react-native-async-storage/async-storage": ">=2.0.0",
+    "@turnkey/api-key-stamper": ">=0.6.0",
+    "@turnkey/crypto": ">=2.8.0",
+    "@turnkey/react-native-passkey-stamper": ">=1.2.0",
+    "expo-secure-store": ">=14.0.0",
+    "react-native": ">=0.73.0",
+    "uuid": ">=11.0.0"
+  },
+  "peerDependenciesMeta": {
+    "@react-native-async-storage/async-storage": {
+      "optional": true
+    },
+    "@turnkey/api-key-stamper": {
+      "optional": true
+    },
+    "@turnkey/crypto": {
+      "optional": true
+    },
+    "@turnkey/react-native-passkey-stamper": {
+      "optional": true
+    },
+    "expo-secure-store": {
+      "optional": true
+    },
+    "react-native": {
+      "optional": true
+    },
+    "uuid": {
+      "optional": true
+    }
   },
   "devDependencies": {
     "@hpke/core": "^1.9.0",
+    "@react-native-async-storage/async-storage": "2.2.0",
+    "@turnkey/api-key-stamper": "0.6.4",
+    "@turnkey/crypto": "2.8.13",
+    "@turnkey/react-native-passkey-stamper": "1.2.12",
     "@types/node": "^20.0.0",
-    "typescript": "5.9.3"
+    "expo-secure-store": "55.0.9",
+    "typescript": "5.9.3",
+    "uuid": "^13.0.0"
   },
   "scripts": {
     "build": "pnpm run clean && pnpm run build:cjs && pnpm run build:esm && pnpm run build:types",

package/src/actions/auth/authenticateWithOAuth.ts

@@ -7,6 +7,8 @@ export type AuthenticateWithOAuthParameters = {
   projectId: string
   /** The session ID from the OAuth callback URL */
   sessionId: string
+  /** Proof-of-possession signature for `sessionId`. */
+  popSignature: string
 }
 
 export type AuthenticateWithOAuthReturnType = {
@@ -37,6 +39,7 @@ export type AuthenticateWithOAuthReturnType = {
  *   provider: 'google',
  *   projectId: 'proj_456',
  *   sessionId: 'abc123',
+ *   popSignature: '3045022100...',
  * });
  * ```
  */
@@ -44,11 +47,11 @@ export async function authenticateWithOAuth(
   client: Client,
   params: AuthenticateWithOAuthParameters,
 ): Promise<AuthenticateWithOAuthReturnType> {
-  const { projectId, sessionId } = params
+  const { projectId, sessionId, popSignature } = params
 
   return await client.request({
     path: `${projectId}/auth/oauth`,
     method: 'POST',
-    body: { sessionId },
+    body: { sessionId, popSignature },
   })
 }

package/src/client/index.ts

@@ -10,7 +10,10 @@ export {
   createClient,
   type ZeroDevWalletClient,
 } from './createClient.js'
-export { zeroDevWalletTransport } from './transports/createTransport.js'
+export {
+  type CreateTransportOptions,
+  zeroDevWalletTransport,
+} from './transports/createTransport.js'
 export type {
   Client,
   ClientConfig,

package/src/client/transports/createTransport.ts

@@ -10,6 +10,8 @@ export type CreateTransportOptions = {
   key?: string
   /** Transport name */
   name?: string
+  /** Extra options merged into every fetch() call */
+  fetchOptions?: Omit<RequestInit, 'body' | 'method' | 'signal'>
 }
 
 /**
@@ -34,6 +36,7 @@ export function zeroDevWalletTransport(
       name,
       apiKeyStamper,
       passkeyStamper,
+      ...(options.fetchOptions && { fetchOptions: options.fetchOptions }),
     })
 
     return {

package/src/client/transports/rest.ts

@@ -50,9 +50,9 @@ export function rest(url: string, cfg: RestTransportConfig): RestTransport {
     try {
       let requestBody = args.body
       let requestHeaders = {
-        'content-type': 'application/json',
-        ...(args.headers ?? {}),
         ...(cfg.fetchOptions?.headers ?? {}),
+        ...(args.headers ?? {}),
+        'content-type': 'application/json',
       }
 
       // Handle stamping if requested

package/src/core/{createZeroDevWallet.ts → createZeroDevWalletCore.ts}

@@ -5,6 +5,7 @@ import type {
 } from '../actions/auth/index.js'
 import { toViemAccount } from '../adapters/viem.js'
 import {
+  type CreateTransportOptions,
   createAuthProxyClient,
   createClient,
   type ZeroDevWalletClient,
@@ -15,10 +16,7 @@ import {
   DEFAULT_SESSION_EXPIRATION_IN_SECONDS,
   KMS_SERVER_URL,
 } from '../constants.js'
-import { createIndexedDbStamper } from '../stampers/indexedDbStamper.js'
 import type { ApiKeyStamper, PasskeyStamper } from '../stampers/types.js'
-import { createWebauthnStamper } from '../stampers/webauthnStamper.js'
-import { createWebStorageAdapter } from '../storage/adapters.js'
 import {
   createStorageManager,
   type StorageAdapter,
@@ -27,14 +25,15 @@ import { SessionType, type ZeroDevWalletSession } from '../types/session.js'
 import { buildClientSignature } from '../utils/buildClientSignature.js'
 import { encryptOtpAttempt } from '../utils/encryptOtpAttempt.js'
 import { humanReadableDateTime, parseSession } from '../utils/utils.js'
-export interface ZeroDevWalletConfig {
+export interface ZeroDevWalletConfigCore {
   organizationId?: string
   proxyBaseUrl?: string
   projectId: string
-  sessionStorage?: StorageAdapter
-  rpId?: string
-  apiKeyStamper?: ApiKeyStamper
-  passkeyStamper?: PasskeyStamper
+  sessionStorage: StorageAdapter
+  rpId: string
+  apiKeyStamper: ApiKeyStamper
+  passkeyStamper: PasskeyStamper
+  fetchOptions?: CreateTransportOptions['fetchOptions']
 }
 
 // Re-export EmailCustomization for convenience
@@ -116,30 +115,26 @@ export interface ZeroDevWalletSDK {
   toAccount: () => Promise<LocalAccount>
 }
 
-export async function createZeroDevWallet(
-  config: ZeroDevWalletConfig,
+export async function createZeroDevWalletCore(
+  config: ZeroDevWalletConfigCore,
 ): Promise<ZeroDevWalletSDK> {
   const {
     projectId,
     sessionStorage,
-    rpId = window.location.hostname,
+    rpId,
+    apiKeyStamper,
+    passkeyStamper,
     organizationId = DEFAULT_ORGANIZATION_ID,
   } = config
 
-  const sessionStorageManager = createStorageManager(
-    sessionStorage || createWebStorageAdapter(),
-  )
-
-  const apiKeyStamper = config.apiKeyStamper ?? (await createIndexedDbStamper())
-
-  const passkeyStamper =
-    config.passkeyStamper ?? (await createWebauthnStamper({ rpId }))
+  const sessionStorageManager = createStorageManager(sessionStorage)
 
   const client = createClient({
     apiKeyStamper,
     passkeyStamper,
     transport: zeroDevWalletTransport({
       baseUrl: config.proxyBaseUrl || `${KMS_SERVER_URL}/api/v1`,
+      ...(config.fetchOptions && { fetchOptions: config.fetchOptions }),
     }),
   })
 
@@ -220,10 +215,12 @@ export async function createZeroDevWallet(
     async auth(params: AuthParams) {
       switch (params.type) {
         case 'oauth': {
+          const popSignature = await client.apiKeyStamper.sign(params.sessionId)
           const data = await client.authenticateWithOAuth({
             provider: params.provider,
             projectId,
             sessionId: params.sessionId,
+            popSignature,
           })
 
           if (data.session) {

package/src/index.native.ts

@@ -0,0 +1,102 @@
+import { isReactNative } from './utils/platform.js'
+
+if (!isReactNative()) {
+  // biome-ignore lint/suspicious/noConsole: Warning users if they try to use the web entry on React Native.
+  console.warn(
+    '@zerodev/wallet-core/react-native: the React Native entry was loaded outside a React Native runtime. If this is a non-RN context, import `@zerodev/wallet-core` (the bare specifier) instead.',
+  )
+}
+
+// Re-export shared API surface. Note: we intentionally do NOT re-export the
+// web stamper factories (createIndexedDbStamper, createWebauthnStamper,
+// createIframeStamper) here — they're web-only. The native adapter factories
+// live behind their own granular subpaths so consumers using alternative
+// adapters (Keychain, MMKV, custom) skip the unused peer-dep installs.
+export type {
+  ApiKeyAuthenticator,
+  AuthenticateWithEmailParameters,
+  AuthenticateWithEmailReturnType,
+  AuthenticateWithOAuthParameters,
+  AuthenticateWithOAuthReturnType,
+  EmailContact,
+  EmailCustomization,
+  GetAuthenticatorsParameters,
+  GetAuthenticatorsReturnType,
+  GetUserWalletParameters,
+  GetUserWalletReturnType,
+  GetWhoamiParameters,
+  GetWhoamiReturnType,
+  LoginWithOTPParameters,
+  LoginWithOTPReturnType,
+  OAuthAuthenticator,
+  OtpContact,
+  PasskeyAuthenticator,
+  RegisterWithOTPParameters,
+  RegisterWithOTPReturnType,
+  Sign7702AuthorizationParameters,
+  Sign7702AuthorizationReturnType,
+  SignMessageParameters,
+  SignMessageReturnType,
+  SignTransactionParameters,
+  SignTransactionReturnType,
+  SignTypedDataV4Parameters,
+  SignTypedDataV4ReturnType,
+  SignUserOperationParameters,
+  SignUserOperationReturnType,
+} from './actions/index.js'
+export {
+  authenticateWithEmail,
+  authenticateWithOAuth,
+  getAuthenticators,
+  getUserWallet,
+  getWhoami,
+  loginWithOTP,
+  registerWithOTP,
+  sign7702Authorization,
+  signMessage,
+  signTransaction,
+  signTypedDataV4,
+  signUserOperation,
+} from './actions/index.js'
+export type { ToViemAccountParams } from './adapters/viem.js'
+export { toViemAccount } from './adapters/viem.js'
+export type { ZeroDevWalletActions } from './client/decorators/client.js'
+export { zeroDevWalletActions } from './client/decorators/client.js'
+export type {
+  Client,
+  ClientConfig,
+  CreateTransportOptions,
+  Transport,
+} from './client/index.js'
+export {
+  createBaseClient,
+  createClient,
+  type ZeroDevWalletClient,
+  zeroDevWalletTransport,
+} from './client/index.js'
+export { KMS_SERVER_URL } from './constants.js'
+export type {
+  AuthParams,
+  ZeroDevWalletSDK,
+} from './core/createZeroDevWalletCore.js'
+// RN entry re-exports core directly. `ZeroDevWalletConfigCore` already has
+// all four adapter fields required, so RN consumers get compile-time enforcement
+// without a separate type wrapper.
+export {
+  createZeroDevWalletCore as createZeroDevWallet,
+  type ZeroDevWalletConfigCore as ZeroDevWalletConfig,
+} from './core/createZeroDevWalletCore.js'
+export type {
+  ApiKeyStamper,
+  Attestation,
+  IframeStamper,
+  PasskeyRegistrationOptions,
+  PasskeyRegistrationResult,
+  PasskeyStamper,
+} from './stampers/types.js'
+export type { StorageAdapter, StorageManager } from './storage/manager.js'
+export type { StamperType, ZeroDevWalletSession } from './types/session.js'
+export type { KeyFormat } from './utils/exportPrivateKey.js'
+export { exportPrivateKey } from './utils/exportPrivateKey.js'
+export { exportWallet } from './utils/exportWallet.js'
+export { normalizeTimestamp } from './utils/utils.js'

package/src/index.ts

@@ -1,3 +1,12 @@
+import { isReactNative } from './utils/platform.js'
+
+if (isReactNative()) {
+  // biome-ignore lint/suspicious/noConsole: Warning users if they try to use the web entry on React Native.
+  console.warn(
+    '@zerodev/wallet-core: the web entry was loaded in a React Native runtime. Check that your metro.config.js has `unstable_enablePackageExports: true` and `"react-native"` in `unstable_conditionNames`.',
+  )
+}
+
 export type {
   // Auth types
   ApiKeyAuthenticator,
@@ -56,7 +65,12 @@ export { toViemAccount } from './adapters/viem.js'
 export type { ZeroDevWalletActions } from './client/decorators/client.js'
 // Client decorators
 export { zeroDevWalletActions } from './client/decorators/client.js'
-export type { Client, ClientConfig, Transport } from './client/index.js'
+export type {
+  Client,
+  ClientConfig,
+  CreateTransportOptions,
+  Transport,
+} from './client/index.js'
 // Client
 export {
   createBaseClient,
@@ -68,17 +82,10 @@ export {
 export { KMS_SERVER_URL } from './constants.js'
 export type {
   AuthParams,
-  ZeroDevWalletConfig,
   ZeroDevWalletSDK,
-} from './core/createZeroDevWallet.js'
-// Core
-export { createZeroDevWallet } from './core/createZeroDevWallet.js'
+} from './core/createZeroDevWalletCore.js'
 // Stampers
-export {
-  createIframeStamper,
-  createIndexedDbStamper,
-  createWebauthnStamper,
-} from './stampers/index.js'
+export { createIframeStamper } from './stampers/iframeStamper.js'
 export type {
   ApiKeyStamper,
   Attestation,
@@ -96,3 +103,11 @@ export { exportPrivateKey } from './utils/exportPrivateKey.js'
 export { exportWallet } from './utils/exportWallet.js'
 // Utils
 export { normalizeTimestamp } from './utils/utils.js'
+// Core — bare specifier resolves web defaults (IndexedDB, WebAuthn, session
+// storage, hostname-derived rpId) before forwarding to the shared factory.
+// RN consumers go through `@zerodev/wallet-core/react-native`, which exposes
+// the strict `ZeroDevWalletConfig` (= core's required-fields shape) directly.
+export {
+  createZeroDevWallet,
+  type ZeroDevWalletConfig,
+} from './web/createZeroDevWallet.js'

package/src/native/stampers/passkey.ts

@@ -0,0 +1,39 @@
+import {
+  createPasskey,
+  PasskeyStamper as TurnkeyPasskeyStamper,
+} from '@turnkey/react-native-passkey-stamper'
+import { v4 as uuidv4 } from 'uuid'
+import type {
+  PasskeyRegistrationOptions,
+  PasskeyStamper,
+} from '../../stampers/types.js'
+
+export async function createReactNativePasskeyStamper({
+  rpId,
+}: {
+  rpId: string
+}): Promise<PasskeyStamper> {
+  const inner = new TurnkeyPasskeyStamper({ rpId })
+
+  return {
+    async stamp(payload: string) {
+      return await inner.stamp(payload)
+    },
+    async clear() {},
+    async register({ rp, userName }: PasskeyRegistrationOptions) {
+      const { attestation, challenge: encodedChallenge } = await createPasskey({
+        rp: {
+          id: rp.id,
+          name: rp.name ?? 'Turnkey',
+        },
+        user: {
+          id: uuidv4(),
+          name: userName,
+          displayName: userName,
+        },
+        authenticatorName: userName ?? 'End-User Passkey',
+      })
+      return { attestation, encodedChallenge }
+    },
+  }
+}

package/src/native/stampers/secureStore.ts

@@ -0,0 +1,139 @@
+import { ApiKeyStamper, SignatureFormat } from '@turnkey/api-key-stamper'
+import { generateP256KeyPair } from '@turnkey/crypto'
+import * as SecureStore from 'expo-secure-store'
+import type { ApiKeyStamper as ZDApiKeyStamper } from '../../stampers/types.js'
+
+const PUBLIC_KEY = 'zerodev.publicKey'
+const PRIVATE_KEY = 'zerodev.privateKey'
+
+class SecureStoreStamperInner {
+  private publicKeyHex: string | null = null
+
+  async init(): Promise<void> {
+    const publicKey = await SecureStore.getItemAsync(PUBLIC_KEY)
+    const privateKey = await SecureStore.getItemAsync(PRIVATE_KEY)
+
+    if (publicKey && privateKey) {
+      this.publicKeyHex = publicKey
+    } else {
+      await this.resetKeyPair()
+    }
+  }
+
+  async getPublicKey(): Promise<string | null> {
+    return this.publicKeyHex
+  }
+
+  async resetKeyPair(externalKeyPair?: {
+    publicKey: string
+    privateKey: string
+  }): Promise<void> {
+    await this.clear()
+
+    const pair = externalKeyPair ?? generateP256KeyPair()
+
+    await SecureStore.setItemAsync(PUBLIC_KEY, pair.publicKey)
+    await SecureStore.setItemAsync(PRIVATE_KEY, pair.privateKey)
+
+    this.publicKeyHex = pair.publicKey
+  }
+
+  private async getTurnkeyApiKeyStamper(): Promise<ApiKeyStamper> {
+    if (!this.publicKeyHex) {
+      throw new Error(
+        'Key not initialized. Call init() or resetKeyPair() first.',
+      )
+    }
+
+    const privateKey = await SecureStore.getItemAsync(PRIVATE_KEY)
+    if (!privateKey) {
+      throw new Error('No private key found in secure store.')
+    }
+
+    return new ApiKeyStamper({
+      apiPublicKey: this.publicKeyHex,
+      apiPrivateKey: privateKey,
+    })
+  }
+
+  async stamp(
+    payload: string,
+  ): Promise<{ stampHeaderName: string; stampHeaderValue: string }> {
+    const stamper = await this.getTurnkeyApiKeyStamper()
+    const { stampHeaderName, stampHeaderValue } = await stamper.stamp(payload)
+    return { stampHeaderName, stampHeaderValue }
+  }
+
+  async sign(payload: string): Promise<string> {
+    const stamper = await this.getTurnkeyApiKeyStamper()
+    return stamper.sign(payload, SignatureFormat.Der)
+  }
+
+  async clear(): Promise<void> {
+    await SecureStore.deleteItemAsync(PUBLIC_KEY)
+    await SecureStore.deleteItemAsync(PRIVATE_KEY)
+    this.publicKeyHex = null
+  }
+}
+
+async function warmApiKeyStamperForMetroDev(
+  inner: SecureStoreStamperInner,
+): Promise<void> {
+  // `__DEV__` is a global set by React Native's Metro; read it via globalThis
+  // so this file needs no ambient `.d.ts` (which would conflict with RN's own
+  // typings when both happen to be in scope, e.g. in the editor).
+  if (!(globalThis as { __DEV__?: boolean }).__DEV__) return
+
+  // In Expo dev, Turnkey's API key stamper loads its React Native signer with a
+  // dynamic import the first time `stamp()` runs. OTP verification is usually
+  // the first code path that stamps a payload, and if the app was backgrounded
+  // while the user copied the code, Metro can serve that lazy module after
+  // foregrounding and trigger a full JS reload. Warming the stamper during dev
+  // startup makes Metro load the signer while the app is foregrounded; production
+  // builds do not use Metro and skip this block via `__DEV__`.
+  try {
+    await inner.stamp('{"purpose":"metro-dev-warmup"}')
+  } catch (error) {
+    // biome-ignore lint/suspicious/noConsole: This only runs in dev mode
+    console.warn('Failed to warm API key stamper in dev:', error)
+  }
+}
+
+export async function createSecureStoreStamper(): Promise<ZDApiKeyStamper> {
+  const inner = new SecureStoreStamperInner()
+  await inner.init()
+  await warmApiKeyStamperForMetroDev(inner)
+
+  let pendingKeyPair: { publicKey: string; privateKey: string } | null = null
+
+  return {
+    async getPublicKey() {
+      return inner.getPublicKey()
+    },
+    async stamp(payload: string) {
+      return inner.stamp(payload)
+    },
+    async sign(payload: string) {
+      return inner.sign(payload)
+    },
+    async clear() {
+      await inner.clear()
+    },
+    async resetKeyPair() {
+      pendingKeyPair = null
+      await inner.resetKeyPair()
+    },
+    async prepareKeyRotation() {
+      const keyPair = generateP256KeyPair()
+      pendingKeyPair = keyPair
+      return keyPair.publicKey
+    },
+    async commitKeyRotation() {
+      if (!pendingKeyPair) {
+        throw new Error('No pending key rotation to commit')
+      }
+      await inner.resetKeyPair(pendingKeyPair)
+      pendingKeyPair = null
+    },
+  }
+}

package/src/native/storage/asyncStorage.ts

@@ -0,0 +1,18 @@
+import type { AsyncStorageStatic } from '@react-native-async-storage/async-storage'
+import * as AsyncStorageNS from '@react-native-async-storage/async-storage'
+import type { StorageAdapter } from '../../storage/manager.js'
+
+// CJS package whose `.d.ts` declares `export default AsyncStorage`. Our tsconfig
+// keeps `esModuleInterop: false` (and `verbatimModuleSyntax: true`), so a plain
+// `import AsyncStorage from '...'` types as the module namespace instead of
+// the default. Unwrap explicitly. At runtime Metro returns the default object
+// either way; this only affects the static type.
+const AsyncStorage: AsyncStorageStatic = (
+  AsyncStorageNS as unknown as { default: AsyncStorageStatic }
+).default
+
+export const asyncStorageAdapter: StorageAdapter = {
+  getItem: (key) => AsyncStorage.getItem(key),
+  setItem: (key, value) => AsyncStorage.setItem(key, value),
+  removeItem: (key) => AsyncStorage.removeItem(key),
+}

package/src/stampers/indexedDbStamper.ts

@@ -15,6 +15,9 @@ export async function createIndexedDbStamper(): Promise<ApiKeyStamper> {
     async stamp(payload: string) {
       return await inner.stamp(payload)
     },
+    async sign(payload: string) {
+      return await inner.sign(payload)
+    },
     async clear() {
       await inner.clear()
     },

package/src/stampers/types.ts

@@ -39,6 +39,11 @@ export type ApiKeyStamper = Stamper & {
   prepareKeyRotation: () => Promise<string>
   /** Promote the pending key to active. Call after the server accepts the new key. */
   commitKeyRotation: () => Promise<void>
+  /**
+   * Sign `payload` with the currently active key. Returns a hex-encoded
+   * ECDSA-P256 / SHA-256 signature in ASN.1 DER form.
+   */
+  sign: (payload: string) => Promise<string>
 }
 export type Attestation = {
   attestationObject: string

package/src/stubs/native-on-web.ts

@@ -0,0 +1,3 @@
+throw new Error(
+  '@zerodev/wallet-core react-native subpaths cannot be imported in a web environment. Use the bare specifier (`import { ... } from "@zerodev/wallet-core"`) instead.',
+)