accounts 0.10.4 → 0.10.6

package/CHANGELOG.md

@@ -1,5 +1,27 @@
 # accounts
 
+## 0.10.6
+
+### Patch Changes
+
+- e12ae75: Added `auth` option to the `webAuthn` adapter, mirroring the Provider `auth` capability shape (`string | { url, ... }`); the existing `authUrl` option is preserved as a deprecated alias.
+
+  ```diff
+  - webAuthn({ authUrl: '/webauthn' })
+  + webAuthn({ auth: '/webauthn' })
+  ```
+
+## 0.10.5
+
+### Patch Changes
+
+- b65893e: Renamed the `dangerous_secp256k1` adapter to `secp256k1`. The old name is preserved as a deprecated alias so existing imports keep working.
+
+  ```diff
+  - import { dangerous_secp256k1 } from 'accounts'
+  + import { secp256k1 } from 'accounts'
+  ```
+
 ## 0.10.4
 
 ### Patch Changes

package/dist/core/Adapter.d.ts

@@ -70,7 +70,7 @@ export type Instance = {
      * wallet host's own Provider runs the orchestration instead of racing
      * the dapp-side Provider for the challenge.
      *
-     * Wallet-host adapters (`local`, `webAuthn`, `dangerous_secp256k1`)
+     * Wallet-host adapters (`local`, `webAuthn`, `secp256k1`)
      * leave this unset.
      */
     forwardsAuth?: boolean | undefined;

package/dist/core/adapters/secp256k1.d.ts

@@ -0,0 +1,45 @@
+import type { Hex } from 'viem';
+import * as Adapter from '../Adapter.js';
+/**
+ * Creates a secp256k1 adapter that signs in-process with a `secp256k1` private key.
+ *
+ * If `privateKey` is provided, the adapter pins that key as the signer (useful
+ * for server-side use, where the key is supplied by the host environment).
+ *
+ * If `privateKey` is omitted, the adapter generates a random key on first
+ * connect and persists it via the provider's storage adapter (e.g.
+ * `localStorage`, cookies). Storing keys in browser storage in plaintext is
+ * dangerous — only use the unpinned form for development, testing, or when the
+ * threat model allows it.
+ *
+ * Wraps the {@link local} adapter.
+ *
+ * @example
+ * ```ts
+ * import { secp256k1, Provider } from 'accounts'
+ *
+ * // Server-side (pinned key):
+ * const provider = Provider.create({
+ *   adapter: secp256k1({ privateKey: process.env.PRIVATE_KEY }),
+ * })
+ *
+ * // Client-side (random key, persisted to storage):
+ * const provider = Provider.create({
+ *   adapter: secp256k1(),
+ * })
+ * ```
+ */
+export declare function secp256k1(options?: secp256k1.Options): Adapter.Adapter;
+export declare namespace secp256k1 {
+    type Options = {
+        /** Data URI of the provider icon. @default Black 1×1 SVG. */
+        icon?: `data:image/${string}` | undefined;
+        /** Display name of the provider (e.g. `"My Wallet"`). @default "Injected Wallet" */
+        name?: string | undefined;
+        /** Fixed private key to expose instead of generating/loading one from storage. */
+        privateKey?: Hex | undefined;
+        /** Reverse DNS identifier. @default `com.{lowercase name}` */
+        rdns?: string | undefined;
+    };
+}
+//# sourceMappingURL=secp256k1.d.ts.map

package/dist/core/adapters/secp256k1.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secp256k1.d.ts","sourceRoot":"","sources":["../../../src/core/adapters/secp256k1.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,MAAM,CAAA;AAG/B,OAAO,KAAK,OAAO,MAAM,eAAe,CAAA;AAGxC;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAgB,SAAS,CAAC,OAAO,GAAE,SAAS,CAAC,OAAY,GAAG,OAAO,CAAC,OAAO,CA6B1E;AAED,MAAM,CAAC,OAAO,WAAW,SAAS,CAAC;IACjC,KAAK,OAAO,GAAG;QACb,6DAA6D;QAC7D,IAAI,CAAC,EAAE,cAAc,MAAM,EAAE,GAAG,SAAS,CAAA;QACzC,oFAAoF;QACpF,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACzB,kFAAkF;QAClF,UAAU,CAAC,EAAE,GAAG,GAAG,SAAS,CAAA;QAC5B,8DAA8D;QAC9D,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC1B,CAAA;CACF"}

package/dist/core/adapters/{dangerous_secp256k1.js → secp256k1.js}

@@ -2,23 +2,35 @@ import { Account as TempoAccount, Secp256k1 } from 'viem/tempo';
 import * as Adapter from '../Adapter.js';
 import { local } from './local.js';
 /**
- * Creates a secp256k1 adapter that generates random private keys and persists them to storage.
+ * Creates a secp256k1 adapter that signs in-process with a `secp256k1` private key.
  *
- * ⚠️ **Dangerous**: Private keys are stored in plaintext via the provider's storage adapter
- * (e.g. localStorage, cookies). Use only for development, testing, or when the threat model allows it.
+ * If `privateKey` is provided, the adapter pins that key as the signer (useful
+ * for server-side use, where the key is supplied by the host environment).
  *
- * Wraps the {@link local} adapter with automatic key generation.
+ * If `privateKey` is omitted, the adapter generates a random key on first
+ * connect and persists it via the provider's storage adapter (e.g.
+ * `localStorage`, cookies). Storing keys in browser storage in plaintext is
+ * dangerous — only use the unpinned form for development, testing, or when the
+ * threat model allows it.
+ *
+ * Wraps the {@link local} adapter.
  *
  * @example
  * ```ts
- * import { dangerous_secp256k1, Provider } from 'accounts'
+ * import { secp256k1, Provider } from 'accounts'
+ *
+ * // Server-side (pinned key):
+ * const provider = Provider.create({
+ *   adapter: secp256k1({ privateKey: process.env.PRIVATE_KEY }),
+ * })
  *
+ * // Client-side (random key, persisted to storage):
  * const provider = Provider.create({
- *   adapter: dangerous_secp256k1(),
+ *   adapter: secp256k1(),
  * })
  * ```
  */
-export function dangerous_secp256k1(options = {}) {
+export function secp256k1(options = {}) {
     const { icon, name, privateKey, rdns } = options;
     const fixed = privateKey
         ? {
@@ -47,4 +59,4 @@ export function dangerous_secp256k1(options = {}) {
         })(config);
     });
 }
-//# sourceMappingURL=dangerous_secp256k1.js.map
+//# sourceMappingURL=secp256k1.js.map

package/dist/core/adapters/secp256k1.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secp256k1.js","sourceRoot":"","sources":["../../../src/core/adapters/secp256k1.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,SAAS,EAAE,MAAM,YAAY,CAAA;AAE/D,OAAO,KAAK,OAAO,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAElC;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,UAAU,SAAS,CAAC,UAA6B,EAAE;IACvD,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IAChD,MAAM,KAAK,GAAG,UAAU;QACtB,CAAC,CAAC;YACE,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,OAAO;YACvD,OAAO,EAAE,WAAoB;YAC7B,UAAU;SACX;QACH,CAAC,CAAC,SAAS,CAAA;IAEb,OAAO,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,MAAM,EAAE,EAAE;QACrD,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAA;QAExB,OAAO,KAAK,CAAC;YACX,KAAK,CAAC,aAAa;gBACjB,IAAI,KAAK;oBAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,CAAA;gBAEvC,MAAM,UAAU,GAAG,SAAS,CAAC,gBAAgB,EAAE,CAAA;gBAC/C,MAAM,SAAS,GAAG,YAAY,CAAC,aAAa,CAAC,UAAU,CAAC,CAAA;gBACxD,OAAO;oBACL,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,WAAoB,EAAE,UAAU,EAAE,CAAC;iBACtF,CAAA;YACH,CAAC;YACD,KAAK,CAAC,YAAY;gBAChB,IAAI,KAAK;oBAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,CAAA;gBACvC,OAAO,EAAE,QAAQ,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAA;YACrD,CAAC;SACF,CAAC,CAAC,MAAM,CAAC,CAAA;IACZ,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/core/adapters/webAuthn.d.ts

@@ -1,6 +1,8 @@
+import type { z } from 'zod';
 import type { OneOf } from '../../internal/types.js';
 import * as Adapter from '../Adapter.js';
 import * as WebAuthnCeremony from '../WebAuthnCeremony.js';
+import * as Rpc from '../zod/rpc.js';
 /**
  * Creates a WebAuthn adapter backed by real passkey ceremonies.
  *
@@ -22,7 +24,15 @@ export declare namespace webAuthn {
         /** Ceremony strategy for WebAuthn registration and authentication. @default WebAuthnCeremony.local() */
         ceremony?: WebAuthnCeremony.WebAuthnCeremony | undefined;
     } | {
-        /** URL of a WebAuthn handler (shorthand for `WebAuthnCeremony.server({ url })`). */
+        /**
+         * Server Authentication endpoint for WebAuthn ceremonies (shorthand for
+         * `WebAuthnCeremony.server({ url })`). Accepts the same shape as the
+         * Provider `auth` capability — only the `url` field is consumed here;
+         * other fields (`challenge`, `verify`, `logout`, `returnToken`) are
+         * SIWE-only and ignored by the WebAuthn ceremony.
+         */
+        auth?: z.input<typeof Rpc.wallet_connect.auth> | undefined;
+        /** @deprecated Use `auth` instead. */
         authUrl?: string | undefined;
     }> & {
         /** Data URI of the provider icon. @default Black 1×1 SVG. */

package/dist/core/adapters/webAuthn.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"webAuthn.d.ts","sourceRoot":"","sources":["../../../src/core/adapters/webAuthn.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,KAAK,OAAO,MAAM,eAAe,CAAA;AACxC,OAAO,KAAK,gBAAgB,MAAM,wBAAwB,CAAA;AAG1D;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,QAAQ,CAAC,OAAO,GAAE,QAAQ,CAAC,OAAY,GAAG,OAAO,CAAC,OAAO,CAwFxE;AAED,MAAM,CAAC,OAAO,WAAW,QAAQ,CAAC;IAChC,KAAK,OAAO,GAAG,KAAK,CAChB;QACE,wGAAwG;QACxG,QAAQ,CAAC,EAAE,gBAAgB,CAAC,gBAAgB,GAAG,SAAS,CAAA;KACzD,GACD;QACE,oFAAoF;QACpF,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC7B,CACJ,GAAG;QACF,6DAA6D;QAC7D,IAAI,CAAC,EAAE,cAAc,MAAM,EAAE,GAAG,SAAS,CAAA;QACzC,oFAAoF;QACpF,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACzB,8DAA8D;QAC9D,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC1B,CAAA;CACF"}
+{"version":3,"file":"webAuthn.d.ts","sourceRoot":"","sources":["../../../src/core/adapters/webAuthn.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAE5B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,KAAK,OAAO,MAAM,eAAe,CAAA;AACxC,OAAO,KAAK,gBAAgB,MAAM,wBAAwB,CAAA;AAC1D,OAAO,KAAK,GAAG,MAAM,eAAe,CAAA;AAGpC;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,QAAQ,CAAC,OAAO,GAAE,QAAQ,CAAC,OAAY,GAAG,OAAO,CAAC,OAAO,CA6FxE;AAED,MAAM,CAAC,OAAO,WAAW,QAAQ,CAAC;IAChC,KAAK,OAAO,GAAG,KAAK,CAChB;QACE,wGAAwG;QACxG,QAAQ,CAAC,EAAE,gBAAgB,CAAC,gBAAgB,GAAG,SAAS,CAAA;KACzD,GACD;QACE;;;;;;WAMG;QACH,IAAI,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,SAAS,CAAA;QAC1D,sCAAsC;QACtC,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC7B,CACJ,GAAG;QACF,6DAA6D;QAC7D,IAAI,CAAC,EAAE,cAAc,MAAM,EAAE,GAAG,SAAS,CAAA;QACzC,oFAAoF;QACpF,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACzB,8DAA8D;QAC9D,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC1B,CAAA;CACF"}

package/dist/core/adapters/webAuthn.js

@@ -4,6 +4,7 @@ import { Account } from 'viem/tempo';
 import { Authentication, Registration } from 'webauthx/client';
 import * as Adapter from '../Adapter.js';
 import * as WebAuthnCeremony from '../WebAuthnCeremony.js';
+import * as Rpc from '../zod/rpc.js';
 import { local } from './local.js';
 /**
  * Creates a WebAuthn adapter backed by real passkey ceremonies.
@@ -21,11 +22,16 @@ import { local } from './local.js';
  * ```
  */
 export function webAuthn(options = {}) {
-    const { authUrl, icon, name, rdns } = options;
+    const { auth, authUrl, icon, name, rdns } = options;
+    const url = (() => {
+        if (auth)
+            return typeof auth === 'string' ? auth : auth.url;
+        return authUrl;
+    })();
     return Adapter.define({ icon, name, rdns }, (parameters) => {
         const { storage } = parameters;
         const ceremony = options.ceremony ??
-            (authUrl ? WebAuthnCeremony.server({ url: authUrl }) : WebAuthnCeremony.local({ storage }));
+            (url ? WebAuthnCeremony.server({ url }) : WebAuthnCeremony.local({ storage }));
         const base = local({
             async createAccount(parameters) {
                 const { options } = await ceremony.getRegistrationOptions(parameters);

package/dist/core/adapters/webAuthn.js.map

@@ -1 +1 @@
-{"version":3,"file":"webAuthn.js","sourceRoot":"","sources":["../../../src/core/adapters/webAuthn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,IAAI,CAAA;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAA;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAG9D,OAAO,KAAK,OAAO,MAAM,eAAe,CAAA;AACxC,OAAO,KAAK,gBAAgB,MAAM,wBAAwB,CAAA;AAC1D,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAElC;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,QAAQ,CAAC,UAA4B,EAAE;IACrD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IAE7C,OAAO,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,UAAU,EAAE,EAAE;QACzD,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,CAAA;QAE9B,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ;YAChB,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAA;QAE7F,MAAM,IAAI,GAAG,KAAK,CAAC;YACjB,KAAK,CAAC,aAAa,CAAC,UAAU;gBAC5B,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAA;gBACrE,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,EAAE,CAAA;gBACrC,IAAI,CAAC,IAAI;oBAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;gBAC9C,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;gBACzD,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,QAAQ,CAAC,kBAAkB,CAAC,UAAU,EAAE;oBACnF,IAAI,EAAE,UAAU,CAAC,IAAI;iBACtB,CAAC,CAAA;gBACF,MAAM,OAAO,CAAC,OAAO,CAAC,kBAAkB,EAAE,UAAU,CAAC,EAAE,CAAC,CAAA;gBACxD,MAAM,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;gBAC1E,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,OAAO,EAAE,OAAO,CAAC,OAAO;4BACxB,KAAK,EAAE,UAAU,CAAC,IAAI;4BACtB,OAAO,EAAE,UAAU;4BACnB,UAAU,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;yBACnD;qBACF;oBACD,KAAK;oBACL,QAAQ;iBACT,CAAA;YACH,CAAC;YACD,KAAK,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE;gBAChC,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,UAAU,CAAA;gBAE5C,MAAM,YAAY,GAAG,aAAa;oBAChC,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY;wBACzB,CAAC,MAAM,OAAO,CAAC,OAAO,CAAS,kBAAkB,CAAC,CAAC;wBACnD,SAAS,CAAC,CAAA;gBAEd,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,QAAQ,CAAC,wBAAwB,CAAC;oBAC1D,GAAG,UAAU;oBACb,SAAS,EAAE,MAAM;oBACjB,YAAY;iBACb,CAAC,CAAA;gBAEF,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,EAAE,IAAI,CAAA;gBACpC,IAAI,CAAC,IAAI;oBAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;gBAE9C,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;gBACvD,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,QAAQ,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAA;gBAEpF,MAAM,OAAO,CAAC,OAAO,CAAC,kBAAkB,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAA;gBAEtD,MAAM,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;gBAElF,MAAM,SAAS,GAAG,MAAM;oBACtB,CAAC,CAAC,iBAAiB,CAAC,SAAS,CACzB;wBACE,QAAQ,EAAE,QAAQ,CAAC,QAAQ;wBAC3B,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;wBACvC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;wBAC7C,IAAI,EAAE,UAAU;qBACjB,EACD,EAAE,KAAK,EAAE,IAAI,EAAE,CAChB;oBACH,CAAC,CAAC,SAAS,CAAA;gBAEb,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,OAAO,EAAE,OAAO,CAAC,OAAO;4BACxB,OAAO,EAAE,UAAU;4BACnB,UAAU,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;yBACjD;qBACF;oBACD,KAAK;oBACL,SAAS;oBACT,QAAQ;iBACT,CAAA;YACH,CAAC;SACF,CAAC,CAAC,UAAU,CAAC,CAAA;QAEd,OAAO,EAAE,GAAG,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,CAAA;IAC3C,CAAC,CAAC,CAAA;AACJ,CAAC"}
+{"version":3,"file":"webAuthn.js","sourceRoot":"","sources":["../../../src/core/adapters/webAuthn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,IAAI,CAAA;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAA;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAI9D,OAAO,KAAK,OAAO,MAAM,eAAe,CAAA;AACxC,OAAO,KAAK,gBAAgB,MAAM,wBAAwB,CAAA;AAC1D,OAAO,KAAK,GAAG,MAAM,eAAe,CAAA;AACpC,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAElC;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,QAAQ,CAAC,UAA4B,EAAE;IACrD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IAEnD,MAAM,GAAG,GAAG,CAAC,GAAG,EAAE;QAChB,IAAI,IAAI;YAAE,OAAO,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAA;QAC3D,OAAO,OAAO,CAAA;IAChB,CAAC,CAAC,EAAE,CAAA;IAEJ,OAAO,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,UAAU,EAAE,EAAE;QACzD,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,CAAA;QAE9B,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ;YAChB,CAAC,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAA;QAEhF,MAAM,IAAI,GAAG,KAAK,CAAC;YACjB,KAAK,CAAC,aAAa,CAAC,UAAU;gBAC5B,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAA;gBACrE,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,EAAE,CAAA;gBACrC,IAAI,CAAC,IAAI;oBAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;gBAC9C,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;gBACzD,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,QAAQ,CAAC,kBAAkB,CAAC,UAAU,EAAE;oBACnF,IAAI,EAAE,UAAU,CAAC,IAAI;iBACtB,CAAC,CAAA;gBACF,MAAM,OAAO,CAAC,OAAO,CAAC,kBAAkB,EAAE,UAAU,CAAC,EAAE,CAAC,CAAA;gBACxD,MAAM,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;gBAC1E,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,OAAO,EAAE,OAAO,CAAC,OAAO;4BACxB,KAAK,EAAE,UAAU,CAAC,IAAI;4BACtB,OAAO,EAAE,UAAU;4BACnB,UAAU,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;yBACnD;qBACF;oBACD,KAAK;oBACL,QAAQ;iBACT,CAAA;YACH,CAAC;YACD,KAAK,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE;gBAChC,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,UAAU,CAAA;gBAE5C,MAAM,YAAY,GAAG,aAAa;oBAChC,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY;wBACzB,CAAC,MAAM,OAAO,CAAC,OAAO,CAAS,kBAAkB,CAAC,CAAC;wBACnD,SAAS,CAAC,CAAA;gBAEd,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,QAAQ,CAAC,wBAAwB,CAAC;oBAC1D,GAAG,UAAU;oBACb,SAAS,EAAE,MAAM;oBACjB,YAAY;iBACb,CAAC,CAAA;gBAEF,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,EAAE,IAAI,CAAA;gBACpC,IAAI,CAAC,IAAI;oBAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;gBAE9C,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;gBACvD,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,QAAQ,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAA;gBAEpF,MAAM,OAAO,CAAC,OAAO,CAAC,kBAAkB,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAA;gBAEtD,MAAM,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;gBAElF,MAAM,SAAS,GAAG,MAAM;oBACtB,CAAC,CAAC,iBAAiB,CAAC,SAAS,CACzB;wBACE,QAAQ,EAAE,QAAQ,CAAC,QAAQ;wBAC3B,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;wBACvC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;wBAC7C,IAAI,EAAE,UAAU;qBACjB,EACD,EAAE,KAAK,EAAE,IAAI,EAAE,CAChB;oBACH,CAAC,CAAC,SAAS,CAAA;gBAEb,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,OAAO,EAAE,OAAO,CAAC,OAAO;4BACxB,OAAO,EAAE,UAAU;4BACnB,UAAU,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;yBACjD;qBACF;oBACD,KAAK;oBACL,SAAS;oBACT,QAAQ;iBACT,CAAA;YACH,CAAC;SACF,CAAC,CAAC,UAAU,CAAC,CAAA;QAEd,OAAO,EAAE,GAAG,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,CAAA;IAC3C,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/index.d.ts

@@ -15,5 +15,7 @@ export { dialog, dialog as tempoWallet } from './core/adapters/dialog.js';
 export { local } from './core/adapters/local.js';
 export { turnkey } from './core/adapters/turnkey.js';
 export { webAuthn } from './core/adapters/webAuthn.js';
-export { dangerous_secp256k1 } from './core/adapters/dangerous_secp256k1.js';
+export { secp256k1, 
+/** @deprecated Use `secp256k1` instead. */
+secp256k1 as dangerous_secp256k1, } from './core/adapters/secp256k1.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,oBAAoB,MAAM,gCAAgC,CAAA;AACtE,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,cAAc,MAAM,0BAA0B,CAAA;AAC1D,OAAO,KAAK,SAAS,MAAM,qBAAqB,CAAA;AAChD,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,QAAQ,MAAM,oBAAoB,CAAA;AAC9C,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,GAAG,MAAM,mBAAmB,CAAA;AACxC,OAAO,KAAK,KAAK,MAAM,iBAAiB,CAAA;AACxC,OAAO,KAAK,OAAO,MAAM,mBAAmB,CAAA;AAC5C,OAAO,KAAK,YAAY,MAAM,wBAAwB,CAAA;AACtD,OAAO,KAAK,gBAAgB,MAAM,4BAA4B,CAAA;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,WAAW,EAAE,MAAM,2BAA2B,CAAA;AACzE,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAA;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAA;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,oBAAoB,MAAM,gCAAgC,CAAA;AACtE,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,cAAc,MAAM,0BAA0B,CAAA;AAC1D,OAAO,KAAK,SAAS,MAAM,qBAAqB,CAAA;AAChD,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,QAAQ,MAAM,oBAAoB,CAAA;AAC9C,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,GAAG,MAAM,mBAAmB,CAAA;AACxC,OAAO,KAAK,KAAK,MAAM,iBAAiB,CAAA;AACxC,OAAO,KAAK,OAAO,MAAM,mBAAmB,CAAA;AAC5C,OAAO,KAAK,YAAY,MAAM,wBAAwB,CAAA;AACtD,OAAO,KAAK,gBAAgB,MAAM,4BAA4B,CAAA;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,WAAW,EAAE,MAAM,2BAA2B,CAAA;AACzE,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAA;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAA;AACtD,OAAO,EACL,SAAS;AACT,2CAA2C;AAC3C,SAAS,IAAI,mBAAmB,GACjC,MAAM,8BAA8B,CAAA"}

package/dist/index.js

@@ -15,5 +15,7 @@ export { dialog, dialog as tempoWallet } from './core/adapters/dialog.js';
 export { local } from './core/adapters/local.js';
 export { turnkey } from './core/adapters/turnkey.js';
 export { webAuthn } from './core/adapters/webAuthn.js';
-export { dangerous_secp256k1 } from './core/adapters/dangerous_secp256k1.js';
+export { secp256k1, 
+/** @deprecated Use `secp256k1` instead. */
+secp256k1 as dangerous_secp256k1, } from './core/adapters/secp256k1.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,oBAAoB,MAAM,gCAAgC,CAAA;AACtE,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,cAAc,MAAM,0BAA0B,CAAA;AAC1D,OAAO,KAAK,SAAS,MAAM,qBAAqB,CAAA;AAChD,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,QAAQ,MAAM,oBAAoB,CAAA;AAC9C,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,GAAG,MAAM,mBAAmB,CAAA;AACxC,OAAO,KAAK,KAAK,MAAM,iBAAiB,CAAA;AACxC,OAAO,KAAK,OAAO,MAAM,mBAAmB,CAAA;AAC5C,OAAO,KAAK,YAAY,MAAM,wBAAwB,CAAA;AACtD,OAAO,KAAK,gBAAgB,MAAM,4BAA4B,CAAA;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,WAAW,EAAE,MAAM,2BAA2B,CAAA;AACzE,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAA;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAA;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,oBAAoB,MAAM,gCAAgC,CAAA;AACtE,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,cAAc,MAAM,0BAA0B,CAAA;AAC1D,OAAO,KAAK,SAAS,MAAM,qBAAqB,CAAA;AAChD,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,QAAQ,MAAM,oBAAoB,CAAA;AAC9C,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,MAAM,MAAM,kBAAkB,CAAA;AAC1C,OAAO,KAAK,GAAG,MAAM,mBAAmB,CAAA;AACxC,OAAO,KAAK,KAAK,MAAM,iBAAiB,CAAA;AACxC,OAAO,KAAK,OAAO,MAAM,mBAAmB,CAAA;AAC5C,OAAO,KAAK,YAAY,MAAM,wBAAwB,CAAA;AACtD,OAAO,KAAK,gBAAgB,MAAM,4BAA4B,CAAA;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,WAAW,EAAE,MAAM,2BAA2B,CAAA;AACzE,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAA;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAA;AACtD,OAAO,EACL,SAAS;AACT,2CAA2C;AAC3C,SAAS,IAAI,mBAAmB,GACjC,MAAM,8BAA8B,CAAA"}

package/package.json

@@ -2,7 +2,7 @@
   "name": "accounts",
   "description": "Tempo Accounts SDK",
   "type": "module",
-  "version": "0.10.4",
+  "version": "0.10.6",
   "dependencies": {
     "hono": "^4.12.18",
     "idb-keyval": "^6.2.2",

package/src/core/Adapter.ts

@@ -132,7 +132,7 @@ export type Instance = {
    * wallet host's own Provider runs the orchestration instead of racing
    * the dapp-side Provider for the challenge.
    *
-   * Wallet-host adapters (`local`, `webAuthn`, `dangerous_secp256k1`)
+   * Wallet-host adapters (`local`, `webAuthn`, `secp256k1`)
    * leave this unset.
    */
   forwardsAuth?: boolean | undefined

package/src/core/adapters/{dangerous_secp256k1.test.ts → secp256k1.test.ts}

@@ -3,14 +3,14 @@ import { describe, expect, test } from 'vp/test'
 import { accounts, privateKeys } from '../../../test/config.js'
 import * as Provider from '../Provider.js'
 import * as Storage from '../Storage.js'
-import { dangerous_secp256k1 } from './dangerous_secp256k1.js'
+import { secp256k1 } from './secp256k1.js'
 
-describe('dangerous_secp256k1', () => {
+describe('secp256k1', () => {
   test('behavior: privateKey option pins the connected account', async () => {
     const account = accounts[1]!
     const provider = Provider.create({
-      adapter: dangerous_secp256k1({ privateKey: privateKeys[1]! }),
-      storage: Storage.memory({ key: 'dangerous-secp256k1-private-key' }),
+      adapter: secp256k1({ privateKey: privateKeys[1]! }),
+      storage: Storage.memory({ key: 'secp256k1-private-key' }),
     })
 
     const result = await provider.request({ method: 'wallet_connect' })

package/src/core/adapters/{dangerous_secp256k1.ts → secp256k1.ts}

@@ -5,23 +5,35 @@ import * as Adapter from '../Adapter.js'
 import { local } from './local.js'
 
 /**
- * Creates a secp256k1 adapter that generates random private keys and persists them to storage.
+ * Creates a secp256k1 adapter that signs in-process with a `secp256k1` private key.
  *
- * ⚠️ **Dangerous**: Private keys are stored in plaintext via the provider's storage adapter
- * (e.g. localStorage, cookies). Use only for development, testing, or when the threat model allows it.
+ * If `privateKey` is provided, the adapter pins that key as the signer (useful
+ * for server-side use, where the key is supplied by the host environment).
  *
- * Wraps the {@link local} adapter with automatic key generation.
+ * If `privateKey` is omitted, the adapter generates a random key on first
+ * connect and persists it via the provider's storage adapter (e.g.
+ * `localStorage`, cookies). Storing keys in browser storage in plaintext is
+ * dangerous — only use the unpinned form for development, testing, or when the
+ * threat model allows it.
+ *
+ * Wraps the {@link local} adapter.
  *
  * @example
  * ```ts
- * import { dangerous_secp256k1, Provider } from 'accounts'
+ * import { secp256k1, Provider } from 'accounts'
+ *
+ * // Server-side (pinned key):
+ * const provider = Provider.create({
+ *   adapter: secp256k1({ privateKey: process.env.PRIVATE_KEY }),
+ * })
  *
+ * // Client-side (random key, persisted to storage):
  * const provider = Provider.create({
- *   adapter: dangerous_secp256k1(),
+ *   adapter: secp256k1(),
  * })
  * ```
  */
-export function dangerous_secp256k1(options: dangerous_secp256k1.Options = {}): Adapter.Adapter {
+export function secp256k1(options: secp256k1.Options = {}): Adapter.Adapter {
   const { icon, name, privateKey, rdns } = options
   const fixed = privateKey
     ? {
@@ -52,7 +64,7 @@ export function dangerous_secp256k1(options: dangerous_secp256k1.Options = {}):
   })
 }
 
-export declare namespace dangerous_secp256k1 {
+export declare namespace secp256k1 {
   type Options = {
     /** Data URI of the provider icon. @default Black 1×1 SVG. */
     icon?: `data:image/${string}` | undefined

package/src/core/adapters/turnkey.test.ts

@@ -292,27 +292,55 @@ declare namespace setup {
 }
 
 function createClient(options: setup.Options = {}) {
-  const client = {
+  type WalletShape = { accounts: { address: string; addressFormat: string }[] }
+  const state = {
     fetchCalls: 0,
     initCalls: 0,
     loadCalls: 0,
     signPayloads: [] as Hex.Hex[],
     signWith: [] as string[],
-    wallets: [{ accounts: [{ address, addressFormat: 'ADDRESS_FORMAT_ETHEREUM' }] }],
-    async fetchWallets() {
-      client.fetchCalls++
-      return client.wallets
+    wallets: [
+      { accounts: [{ address, addressFormat: 'ADDRESS_FORMAT_ETHEREUM' }] },
+    ] as WalletShape[],
+  }
+  const client = {
+    get fetchCalls() {
+      return state.fetchCalls
     },
-    async getSession() {
-      return options.session === undefined
-        ? { expiry: Math.floor(Date.now() / 1000) + 60 }
-        : options.session
+    get initCalls() {
+      return state.initCalls
+    },
+    get loadCalls() {
+      return state.loadCalls
+    },
+    set loadCalls(value: number) {
+      state.loadCalls = value
     },
+    get signPayloads() {
+      return state.signPayloads
+    },
+    get signWith() {
+      return state.signWith
+    },
+    get wallets() {
+      return state.wallets
+    },
+    set wallets(value: WalletShape[]) {
+      state.wallets = value
+    },
+    fetchWallets: async () => {
+      state.fetchCalls++
+      return state.wallets as readonly turnkey.Wallet[]
+    },
+    getSession: async () =>
+      options.session === undefined
+        ? { expiry: Math.floor(Date.now() / 1000) + 60 }
+        : options.session,
     httpClient: {
-      async signRawPayload(parameters: turnkey.SignRawPayloadParameters) {
+      signRawPayload: async (parameters: turnkey.SignRawPayloadParameters) => {
         if (options.signError) throw options.signError
-        client.signPayloads.push(parameters.payload)
-        client.signWith.push(parameters.signWith)
+        state.signPayloads.push(parameters.payload)
+        state.signWith.push(parameters.signWith)
         return {
           r: Hex.padLeft('0x11', 32),
           s: Hex.padLeft('0x22', 32),
@@ -320,17 +348,17 @@ function createClient(options: setup.Options = {}) {
         }
       },
     },
-    init() {
-      client.initCalls++
+    init: () => {
+      state.initCalls++
     },
-    logout() {},
+    logout: () => {},
   } satisfies turnkey.Client & {
     fetchCalls: number
     initCalls: number
     loadCalls: number
     signPayloads: Hex.Hex[]
     signWith: string[]
-    wallets: turnkey.Wallet[]
+    wallets: WalletShape[]
   }
 
   return client

package/src/core/adapters/webAuthn.ts

@@ -2,10 +2,12 @@ import { PublicKey, Signature } from 'ox'
 import { SignatureEnvelope } from 'ox/tempo'
 import { Account } from 'viem/tempo'
 import { Authentication, Registration } from 'webauthx/client'
+import type { z } from 'zod'
 
 import type { OneOf } from '../../internal/types.js'
 import * as Adapter from '../Adapter.js'
 import * as WebAuthnCeremony from '../WebAuthnCeremony.js'
+import * as Rpc from '../zod/rpc.js'
 import { local } from './local.js'
 
 /**
@@ -24,14 +26,19 @@ import { local } from './local.js'
  * ```
  */
 export function webAuthn(options: webAuthn.Options = {}): Adapter.Adapter {
-  const { authUrl, icon, name, rdns } = options
+  const { auth, authUrl, icon, name, rdns } = options
+
+  const url = (() => {
+    if (auth) return typeof auth === 'string' ? auth : auth.url
+    return authUrl
+  })()
 
   return Adapter.define({ icon, name, rdns }, (parameters) => {
     const { storage } = parameters
 
     const ceremony =
       options.ceremony ??
-      (authUrl ? WebAuthnCeremony.server({ url: authUrl }) : WebAuthnCeremony.local({ storage }))
+      (url ? WebAuthnCeremony.server({ url }) : WebAuthnCeremony.local({ storage }))
 
     const base = local({
       async createAccount(parameters) {
@@ -120,7 +127,15 @@ export declare namespace webAuthn {
         ceremony?: WebAuthnCeremony.WebAuthnCeremony | undefined
       }
     | {
-        /** URL of a WebAuthn handler (shorthand for `WebAuthnCeremony.server({ url })`). */
+        /**
+         * Server Authentication endpoint for WebAuthn ceremonies (shorthand for
+         * `WebAuthnCeremony.server({ url })`). Accepts the same shape as the
+         * Provider `auth` capability — only the `url` field is consumed here;
+         * other fields (`challenge`, `verify`, `logout`, `returnToken`) are
+         * SIWE-only and ignored by the WebAuthn ceremony.
+         */
+        auth?: z.input<typeof Rpc.wallet_connect.auth> | undefined
+        /** @deprecated Use `auth` instead. */
         authUrl?: string | undefined
       }
   > & {

package/src/index.ts

@@ -15,4 +15,8 @@ export { dialog, dialog as tempoWallet } from './core/adapters/dialog.js'
 export { local } from './core/adapters/local.js'
 export { turnkey } from './core/adapters/turnkey.js'
 export { webAuthn } from './core/adapters/webAuthn.js'
-export { dangerous_secp256k1 } from './core/adapters/dangerous_secp256k1.js'
+export {
+  secp256k1,
+  /** @deprecated Use `secp256k1` instead. */
+  secp256k1 as dangerous_secp256k1,
+} from './core/adapters/secp256k1.js'

package/src/server/internal/handlers/relay.test.ts

@@ -355,7 +355,7 @@ describe('behavior: with feePayer.feeToken', () => {
     const { transaction } = await fillTransaction(client, {
       account: userAccount.address,
       calls: [transferCall()],
-      feePayer: false,
+      feePayer: false as never,
       feeToken: addresses.alphaUsd as Address,
     })
     expect(transaction.feeToken?.toLowerCase()).toBe(addresses.alphaUsd.toLowerCase())

package/dist/core/adapters/dangerous_secp256k1.d.ts

@@ -1,33 +0,0 @@
-import type { Hex } from 'viem';
-import * as Adapter from '../Adapter.js';
-/**
- * Creates a secp256k1 adapter that generates random private keys and persists them to storage.
- *
- * ⚠️ **Dangerous**: Private keys are stored in plaintext via the provider's storage adapter
- * (e.g. localStorage, cookies). Use only for development, testing, or when the threat model allows it.
- *
- * Wraps the {@link local} adapter with automatic key generation.
- *
- * @example
- * ```ts
- * import { dangerous_secp256k1, Provider } from 'accounts'
- *
- * const provider = Provider.create({
- *   adapter: dangerous_secp256k1(),
- * })
- * ```
- */
-export declare function dangerous_secp256k1(options?: dangerous_secp256k1.Options): Adapter.Adapter;
-export declare namespace dangerous_secp256k1 {
-    type Options = {
-        /** Data URI of the provider icon. @default Black 1×1 SVG. */
-        icon?: `data:image/${string}` | undefined;
-        /** Display name of the provider (e.g. `"My Wallet"`). @default "Injected Wallet" */
-        name?: string | undefined;
-        /** Fixed private key to expose instead of generating/loading one from storage. */
-        privateKey?: Hex | undefined;
-        /** Reverse DNS identifier. @default `com.{lowercase name}` */
-        rdns?: string | undefined;
-    };
-}
-//# sourceMappingURL=dangerous_secp256k1.d.ts.map

package/dist/core/adapters/dangerous_secp256k1.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"dangerous_secp256k1.d.ts","sourceRoot":"","sources":["../../../src/core/adapters/dangerous_secp256k1.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,MAAM,CAAA;AAG/B,OAAO,KAAK,OAAO,MAAM,eAAe,CAAA;AAGxC;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,GAAE,mBAAmB,CAAC,OAAY,GAAG,OAAO,CAAC,OAAO,CA6B9F;AAED,MAAM,CAAC,OAAO,WAAW,mBAAmB,CAAC;IAC3C,KAAK,OAAO,GAAG;QACb,6DAA6D;QAC7D,IAAI,CAAC,EAAE,cAAc,MAAM,EAAE,GAAG,SAAS,CAAA;QACzC,oFAAoF;QACpF,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACzB,kFAAkF;QAClF,UAAU,CAAC,EAAE,GAAG,GAAG,SAAS,CAAA;QAC5B,8DAA8D;QAC9D,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC1B,CAAA;CACF"}

package/dist/core/adapters/dangerous_secp256k1.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"dangerous_secp256k1.js","sourceRoot":"","sources":["../../../src/core/adapters/dangerous_secp256k1.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,SAAS,EAAE,MAAM,YAAY,CAAA;AAE/D,OAAO,KAAK,OAAO,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAElC;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAuC,EAAE;IAC3E,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IAChD,MAAM,KAAK,GAAG,UAAU;QACtB,CAAC,CAAC;YACE,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,OAAO;YACvD,OAAO,EAAE,WAAoB;YAC7B,UAAU;SACX;QACH,CAAC,CAAC,SAAS,CAAA;IAEb,OAAO,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,MAAM,EAAE,EAAE;QACrD,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAA;QAExB,OAAO,KAAK,CAAC;YACX,KAAK,CAAC,aAAa;gBACjB,IAAI,KAAK;oBAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,CAAA;gBAEvC,MAAM,UAAU,GAAG,SAAS,CAAC,gBAAgB,EAAE,CAAA;gBAC/C,MAAM,SAAS,GAAG,YAAY,CAAC,aAAa,CAAC,UAAU,CAAC,CAAA;gBACxD,OAAO;oBACL,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,WAAoB,EAAE,UAAU,EAAE,CAAC;iBACtF,CAAA;YACH,CAAC;YACD,KAAK,CAAC,YAAY;gBAChB,IAAI,KAAK;oBAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,CAAA;gBACvC,OAAO,EAAE,QAAQ,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAA;YACrD,CAAC;SACF,CAAC,CAAC,MAAM,CAAC,CAAA;IACZ,CAAC,CAAC,CAAA;AACJ,CAAC"}