@zerodev/wallet-core 0.0.1-alpha.21 → 0.0.1-alpha.22

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zerodev/wallet-core",
-  "version": "0.0.1-alpha.21",
+  "version": "0.0.1-alpha.22",
   "description": "ZeroDev Wallet SDK built on Turnkey",
   "sideEffects": false,
   "main": "./dist/_cjs/index.js",
@@ -31,6 +31,7 @@
     },
     "./react-native": {
       "browser": "./dist/_esm/stubs/native-on-web.js",
+      "node": "./dist/_esm/stubs/native-on-web.js",
       "import": {
         "types": "./dist/_types/index.native.d.ts",
         "default": "./dist/_esm/index.native.js"
@@ -39,6 +40,7 @@
     },
     "./react-native/stampers/secure-store": {
       "browser": "./dist/_esm/stubs/native-on-web.js",
+      "node": "./dist/_esm/stubs/native-on-web.js",
       "import": {
         "types": "./dist/_types/native/stampers/secureStore.d.ts",
         "default": "./dist/_esm/native/stampers/secureStore.js"
@@ -47,6 +49,7 @@
     },
     "./react-native/stampers/passkey": {
       "browser": "./dist/_esm/stubs/native-on-web.js",
+      "node": "./dist/_esm/stubs/native-on-web.js",
       "import": {
         "types": "./dist/_types/native/stampers/passkey.d.ts",
         "default": "./dist/_esm/native/stampers/passkey.js"
@@ -55,6 +58,7 @@
     },
     "./react-native/storage/async-storage": {
       "browser": "./dist/_esm/stubs/native-on-web.js",
+      "node": "./dist/_esm/stubs/native-on-web.js",
       "import": {
         "types": "./dist/_types/native/storage/asyncStorage.d.ts",
         "default": "./dist/_esm/native/storage/asyncStorage.js"

package/src/core/createZeroDevWalletCore.ts

@@ -16,6 +16,7 @@ import {
   DEFAULT_SESSION_EXPIRATION_IN_SECONDS,
   KMS_SERVER_URL,
 } from '../constants.js'
+import { createNoopPasskeyStamper } from '../stampers/noopPasskeyStamper.js'
 import type { ApiKeyStamper, PasskeyStamper } from '../stampers/types.js'
 import {
   createStorageManager,
@@ -32,7 +33,7 @@ export interface ZeroDevWalletConfigCore {
   sessionStorage: StorageAdapter
   rpId: string
   apiKeyStamper: ApiKeyStamper
-  passkeyStamper: PasskeyStamper
+  passkeyStamper?: PasskeyStamper
   fetchOptions?: CreateTransportOptions['fetchOptions']
 }
 
@@ -123,9 +124,9 @@ export async function createZeroDevWalletCore(
     sessionStorage,
     rpId,
     apiKeyStamper,
-    passkeyStamper,
     organizationId = DEFAULT_ORGANIZATION_ID,
   } = config
+  const passkeyStamper = config.passkeyStamper ?? createNoopPasskeyStamper()
 
   const sessionStorageManager = createStorageManager(sessionStorage)
 

package/src/index.native.ts

@@ -79,13 +79,14 @@ export type {
   AuthParams,
   ZeroDevWalletSDK,
 } from './core/createZeroDevWalletCore.js'
-// RN entry re-exports core directly. `ZeroDevWalletConfigCore` already has
-// all four adapter fields required, so RN consumers get compile-time enforcement
-// without a separate type wrapper.
+// RN entry re-exports through a thin wrapper that auto-injects the
+// `Origin: https://${rpId}` header on Turnkey requests. `ZeroDevWalletConfig`
+// matches the strict `ZeroDevWalletConfigCore` shape, so RN consumers still
+// get compile-time enforcement of the four required adapter fields.
 export {
-  createZeroDevWalletCore as createZeroDevWallet,
-  type ZeroDevWalletConfigCore as ZeroDevWalletConfig,
-} from './core/createZeroDevWalletCore.js'
+  createZeroDevWallet,
+  type ZeroDevWalletConfig,
+} from './native/createZeroDevWallet.js'
 export type {
   ApiKeyStamper,
   Attestation,

package/src/native/createZeroDevWallet.ts

@@ -0,0 +1,26 @@
+import {
+  createZeroDevWalletCore,
+  type ZeroDevWalletConfigCore,
+  type ZeroDevWalletSDK,
+} from '../core/createZeroDevWalletCore.js'
+
+/**
+ * React Native config — mirrors `web/createZeroDevWallet.ts`'s wrapper
+ * pattern. RN consumers must supply all four adapter fields up front
+ * (no platform-native defaults exist for IndexedDB/WebAuthn). The only
+ * RN-specific defaulting is `fetchOptions`: when omitted, we set
+ * `Origin: https://${rpId}` so Turnkey's ACL accepts the request. Power
+ * users wanting a different Origin can pass `fetchOptions` explicitly.
+ */
+export type ZeroDevWalletConfig = ZeroDevWalletConfigCore
+
+export async function createZeroDevWallet(
+  config: ZeroDevWalletConfig,
+): Promise<ZeroDevWalletSDK> {
+  return createZeroDevWalletCore({
+    ...config,
+    fetchOptions: config.fetchOptions ?? {
+      headers: { Origin: `https://${config.rpId}` },
+    },
+  })
+}

package/src/stampers/noopPasskeyStamper.ts

@@ -0,0 +1,21 @@
+import type { PasskeyStamper } from './types.js'
+
+const NOT_CONFIGURED_MESSAGE =
+  'passkeyStamper is not configured. Pass passkeyStamper to zeroDevWallet({ ... }) — use createReactNativePasskeyStamper({ rpId }) on React Native or createWebauthnStamper({ rpId }) on web.'
+
+/**
+ * Internal fallback used when a consumer doesn't supply a `passkeyStamper`.
+ * Methods throw on use, so passkey register/login fails with an actionable
+ * message — all other flows (apiKey signing, OAuth, OTP) are unaffected.
+ */
+export function createNoopPasskeyStamper(): PasskeyStamper {
+  return {
+    async stamp() {
+      throw new Error(NOT_CONFIGURED_MESSAGE)
+    },
+    async register() {
+      throw new Error(NOT_CONFIGURED_MESSAGE)
+    },
+    async clear() {},
+  }
+}

package/src/stubs/native-on-web.ts

@@ -1,3 +1,29 @@
-throw new Error(
-  '@zerodev/wallet-core react-native subpaths cannot be imported in a web environment. Use the bare specifier (`import { ... } from "@zerodev/wallet-core"`) instead.',
-)
+// Catch-all stub used by every `./react-native/*` subpath in this package
+// under the `browser` and `node` exports conditions. Both are needed for
+// Expo web: the client bundle resolves with `browser` active, while Expo
+// Router's SSR/RSC route render drops platform conditions (no `browser`)
+// and turns on `node` instead — so the web stub has to be gated on both or
+// the SSR pass falls through to the native impl. Imports must be safe on web
+// (some route files are bundled even when they aren't rendered) so we expose
+// the RN-only symbols as throw-on-use functions instead of throwing at
+// module-init time.
+//
+// Anyone who *uses* these on web gets a clear actionable error; anyone who
+// merely imports them (typically because their universal app bundles the
+// native variant too) is unaffected.
+
+const message =
+  '@zerodev/wallet-core react-native subpaths cannot be imported in a web environment. Use the bare specifier (`import { ... } from "@zerodev/wallet-core"`) instead.'
+
+function throwOnUse(): never {
+  throw new Error(message)
+}
+
+export const createSecureStoreStamper = throwOnUse
+export const createReactNativePasskeyStamper = throwOnUse
+export const asyncStorageAdapter = throwOnUse
+
+// For the broad `./react-native` entry: any consumer reaching it on web is
+// already off-pattern (they should use the bare specifier). Default export
+// covers `import X from '...'`.
+export default throwOnUse

package/src/utils/exportWallet.ts

@@ -43,84 +43,79 @@ export async function exportWallet(
 ): Promise<{ exportBundle: string; walletId: string; organizationId: string }> {
   const { targetPublicKey, wallet } = params
 
-  try {
-    const session = await wallet.getSession()
-    if (!session) {
-      throw new Error('Session not found')
-    }
-    const { organizationId } = session
+  const session = await wallet.getSession()
+  if (!session) {
+    throw new Error('Session not found')
+  }
+  const { organizationId } = session
 
-    const listWalletsBody = JSON.stringify({
-      organizationId,
-    })
+  const listWalletsBody = JSON.stringify({
+    organizationId,
+  })
 
-    const listWalletsStamp =
-      await wallet.client[
-        session.stamperType === 'apiKey' ? 'apiKeyStamper' : 'passkeyStamper'
-      ].stamp(listWalletsBody)
-    if (!listWalletsStamp) {
-      throw new Error('Failed to stamp list wallets body')
-    }
+  const listWalletsStamp =
+    await wallet.client[
+      session.stamperType === 'apiKey' ? 'apiKeyStamper' : 'passkeyStamper'
+    ].stamp(listWalletsBody)
+  if (!listWalletsStamp) {
+    throw new Error('Failed to stamp list wallets body')
+  }
 
-    const listWalletsResponse = await fetch(
-      'https://api.turnkey.com/public/v1/query/list_wallets',
-      {
-        method: 'POST',
-        body: listWalletsBody,
-        headers: {
-          [listWalletsStamp.stampHeaderName]: listWalletsStamp.stampHeaderValue,
-        },
+  const listWalletsResponse = await fetch(
+    'https://api.turnkey.com/public/v1/query/list_wallets',
+    {
+      method: 'POST',
+      body: listWalletsBody,
+      headers: {
+        [listWalletsStamp.stampHeaderName]: listWalletsStamp.stampHeaderValue,
       },
-    )
-    if (!listWalletsResponse.ok) {
-      throw new Error('Failed to list wallets')
-    }
-    const listWalletsData = await listWalletsResponse.json()
+    },
+  )
+  if (!listWalletsResponse.ok) {
+    throw new Error('Failed to list wallets')
+  }
+  const listWalletsData = await listWalletsResponse.json()
 
-    const walletId = listWalletsData.wallets[0].walletId
+  const walletId = listWalletsData.wallets[0].walletId
 
-    const exportWalletBody = JSON.stringify({
-      type: 'ACTIVITY_TYPE_EXPORT_WALLET',
-      timestampMs: Date.now().toString(),
-      organizationId: organizationId,
-      parameters: {
-        walletId: walletId,
-        targetPublicKey,
-        language: 'MNEMONIC_LANGUAGE_ENGLISH',
-      },
-    })
-    const exportWalletStamp =
-      await wallet.client[
-        session.stamperType === 'apiKey' ? 'apiKeyStamper' : 'passkeyStamper'
-      ].stamp(exportWalletBody)
-    if (!exportWalletStamp) {
-      throw new Error('Failed to stamp export wallet body')
-    }
-    const exportWalletResponse = await fetch(
-      'https://api.turnkey.com/public/v1/submit/export_wallet',
-      {
-        method: 'POST',
-        body: exportWalletBody,
-        headers: {
-          [exportWalletStamp.stampHeaderName]:
-            exportWalletStamp.stampHeaderValue,
-        },
+  const exportWalletBody = JSON.stringify({
+    type: 'ACTIVITY_TYPE_EXPORT_WALLET',
+    timestampMs: Date.now().toString(),
+    organizationId: organizationId,
+    parameters: {
+      walletId: walletId,
+      targetPublicKey,
+      language: 'MNEMONIC_LANGUAGE_ENGLISH',
+    },
+  })
+  const exportWalletStamp =
+    await wallet.client[
+      session.stamperType === 'apiKey' ? 'apiKeyStamper' : 'passkeyStamper'
+    ].stamp(exportWalletBody)
+  if (!exportWalletStamp) {
+    throw new Error('Failed to stamp export wallet body')
+  }
+  const exportWalletResponse = await fetch(
+    'https://api.turnkey.com/public/v1/submit/export_wallet',
+    {
+      method: 'POST',
+      body: exportWalletBody,
+      headers: {
+        [exportWalletStamp.stampHeaderName]: exportWalletStamp.stampHeaderValue,
       },
-    )
-    if (!exportWalletResponse.ok) {
-      throw new Error('Failed to export wallet')
-    }
-    const exportWalletData = await exportWalletResponse.json()
-
-    const exportBundle =
-      exportWalletData?.activity?.result?.exportWalletResult?.exportBundle
+    },
+  )
+  if (!exportWalletResponse.ok) {
+    throw new Error('Failed to export wallet')
+  }
+  const exportWalletData = await exportWalletResponse.json()
 
-    if (!exportBundle) {
-      throw new Error('Export bundle not found in response')
-    }
+  const exportBundle =
+    exportWalletData?.activity?.result?.exportWalletResult?.exportBundle
 
-    return { exportBundle, walletId, organizationId }
-  } catch (_) {
-    throw new Error('Error exporting wallet')
+  if (!exportBundle) {
+    throw new Error('Export bundle not found in response')
   }
+
+  return { exportBundle, walletId, organizationId }
 }