accounts 0.3.0 → 0.4.1

package/dist/core/Ceremony.d.ts

@@ -0,0 +1,109 @@
+import type { Hex } from 'viem';
+import { Authentication, Registration } from 'webauthx/server';
+import * as Storage from './Storage.js';
+/** Pluggable strategy for WebAuthn registration and authentication ceremonies. */
+export type Ceremony = {
+    /** Get credential creation options for `navigator.credentials.create()`. */
+    getRegistrationOptions: (params: getRegistrationOptions.Parameters) => Promise<getRegistrationOptions.ReturnType>;
+    /** Verify a registration response and extract the public key. */
+    verifyRegistration: (credential: Registration.Credential, options?: verifyRegistration.Options | undefined) => Promise<verifyRegistration.ReturnType>;
+    /** Get credential request options for `navigator.credentials.get()`. */
+    getAuthenticationOptions: (params?: getAuthenticationOptions.Parameters | undefined) => Promise<getAuthenticationOptions.ReturnType>;
+    /** Verify an authentication response and extract the public key. */
+    verifyAuthentication: (response: Authentication.Response) => Promise<verifyAuthentication.ReturnType>;
+};
+export declare namespace getRegistrationOptions {
+    type Parameters = {
+        /** Credential IDs to exclude (prevents re-registering existing credentials). */
+        excludeCredentialIds?: readonly string[] | undefined;
+        /** Credential display name (e.g. `"alice"`). */
+        name: string;
+        /** Opaque user identifier. Encoded as `user.id` in the WebAuthn creation options. */
+        userId?: string | undefined;
+    };
+    type ReturnType = {
+        options: Registration.Options;
+    };
+}
+export declare namespace verifyRegistration {
+    type Options = {
+        /** Display name for the credential (e.g. user's email). */
+        name?: string | undefined;
+    };
+    type ReturnType = {
+        /** The registered credential's ID. */
+        credentialId: string;
+        /** The credential's public key (uncompressed P256, hex-encoded). */
+        publicKey: Hex;
+    };
+}
+export declare namespace getAuthenticationOptions {
+    type Parameters = {
+        /** Credential IDs to allow (restricts which credentials can be used). */
+        allowCredentialIds?: readonly string[] | undefined;
+        /** Challenge to use. */
+        challenge?: `0x${string}` | undefined;
+        /** Credential ID to restrict authentication to a specific credential. */
+        credentialId?: string | undefined;
+        /** Mediation hint for passkey autofill / conditional UI. */
+        mediation?: 'conditional' | 'optional' | 'required' | 'silent' | undefined;
+    };
+    type ReturnType = {
+        options: Authentication.Options;
+    };
+}
+export declare namespace verifyAuthentication {
+    type ReturnType = {
+        /** The authenticated credential's ID. */
+        credentialId: string;
+        /** The credential's public key (uncompressed P256, hex-encoded). */
+        publicKey: Hex;
+        /** User identifier from the authenticator's `userHandle` (discoverable/conditional flows). */
+        userId?: string | undefined;
+    };
+}
+/** Creates a {@link Ceremony} from a custom implementation. */
+export declare function from(ceremony: Ceremony): Ceremony;
+/**
+ * Creates a pure client-side ceremony for development and prototyping.
+ *
+ * Generates challenges and verifies responses locally using `webauthx/server`.
+ * Stores credentials in memory. No external server needed.
+ *
+ * @example
+ * ```ts
+ * import { Ceremony } from 'accounts'
+ *
+ * const ceremony = Ceremony.local()
+ * ```
+ */
+export declare function local(options?: local.Options): Ceremony;
+export declare namespace local {
+    type Options = {
+        /** Relying Party ID (e.g. `"example.com"`). @default location.hostname */
+        rpId?: string | undefined;
+        /** Storage adapter for credential persistence. @default Storage.idb() in browser, Storage.memory() otherwise. */
+        storage?: Storage.Storage | undefined;
+    };
+}
+/**
+ * Creates a server-backed ceremony that delegates to a remote {@link Handler.webauthn} endpoint.
+ *
+ * All challenge generation, verification, and credential storage happen server-side.
+ * The client uses `fetch()` to communicate with 4 POST endpoints derived from the base URL.
+ *
+ * @example
+ * ```ts
+ * import { Ceremony } from 'accounts'
+ *
+ * const ceremony = Ceremony.server({ url: 'https://example.com/webauthn' })
+ * ```
+ */
+export declare function server(options: server.Options): Ceremony;
+export declare namespace server {
+    type Options = {
+        /** Base URL of the WebAuthn handler (e.g. `"https://example.com/webauthn"`). */
+        url: string;
+    };
+}
+//# sourceMappingURL=Ceremony.d.ts.map

package/dist/core/Ceremony.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Ceremony.d.ts","sourceRoot":"","sources":["../../src/core/Ceremony.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,MAAM,CAAA;AAC/B,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAE9D,OAAO,KAAK,OAAO,MAAM,cAAc,CAAA;AAEvC,kFAAkF;AAClF,MAAM,MAAM,QAAQ,GAAG;IACrB,4EAA4E;IAC5E,sBAAsB,EAAE,CACtB,MAAM,EAAE,sBAAsB,CAAC,UAAU,KACtC,OAAO,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAA;IAC/C,iEAAiE;IACjE,kBAAkB,EAAE,CAClB,UAAU,EAAE,YAAY,CAAC,UAAU,EACnC,OAAO,CAAC,EAAE,kBAAkB,CAAC,OAAO,GAAG,SAAS,KAC7C,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;IAC3C,wEAAwE;IACxE,wBAAwB,EAAE,CACxB,MAAM,CAAC,EAAE,wBAAwB,CAAC,UAAU,GAAG,SAAS,KACrD,OAAO,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAA;IACjD,oEAAoE;IACpE,oBAAoB,EAAE,CACpB,QAAQ,EAAE,cAAc,CAAC,QAAQ,KAC9B,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAA;CAC9C,CAAA;AAED,MAAM,CAAC,OAAO,WAAW,sBAAsB,CAAC;IAC9C,KAAK,UAAU,GAAG;QAChB,gFAAgF;QAChF,oBAAoB,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAA;QACpD,gDAAgD;QAChD,IAAI,EAAE,MAAM,CAAA;QACZ,qFAAqF;QACrF,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC5B,CAAA;IACD,KAAK,UAAU,GAAG;QAAE,OAAO,EAAE,YAAY,CAAC,OAAO,CAAA;KAAE,CAAA;CACpD;AAED,MAAM,CAAC,OAAO,WAAW,kBAAkB,CAAC;IAC1C,KAAK,OAAO,GAAG;QACb,2DAA2D;QAC3D,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC1B,CAAA;IACD,KAAK,UAAU,GAAG;QAChB,sCAAsC;QACtC,YAAY,EAAE,MAAM,CAAA;QACpB,oEAAoE;QACpE,SAAS,EAAE,GAAG,CAAA;KACf,CAAA;CACF;AAED,MAAM,CAAC,OAAO,WAAW,wBAAwB,CAAC;IAChD,KAAK,UAAU,GAAG;QAChB,yEAAyE;QACzE,kBAAkB,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAA;QAClD,wBAAwB;QACxB,SAAS,CAAC,EAAE,KAAK,MAAM,EAAE,GAAG,SAAS,CAAA;QACrC,yEAAyE;QACzE,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACjC,4DAA4D;QAC5D,SAAS,CAAC,EAAE,aAAa,GAAG,UAAU,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAA;KAC3E,CAAA;IACD,KAAK,UAAU,GAAG;QAAE,OAAO,EAAE,cAAc,CAAC,OAAO,CAAA;KAAE,CAAA;CACtD;AAED,MAAM,CAAC,OAAO,WAAW,oBAAoB,CAAC;IAC5C,KAAK,UAAU,GAAG;QAChB,yCAAyC;QACzC,YAAY,EAAE,MAAM,CAAA;QACpB,oEAAoE;QACpE,SAAS,EAAE,GAAG,CAAA;QACd,8FAA8F;QAC9F,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC5B,CAAA;CACF;AAED,+DAA+D;AAC/D,wBAAgB,IAAI,CAAC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAEjD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,KAAK,CAAC,OAAO,GAAE,KAAK,CAAC,OAAY,GAAG,QAAQ,CA2C3D;AAED,MAAM,CAAC,OAAO,WAAW,KAAK,CAAC;IAC7B,KAAK,OAAO,GAAG;QACb,0EAA0E;QAC1E,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACzB,iHAAiH;QACjH,OAAO,CAAC,EAAE,OAAO,CAAC,OAAO,GAAG,SAAS,CAAA;KACtC,CAAA;CACF;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,GAAG,QAAQ,CAiCxD;AAED,MAAM,CAAC,OAAO,WAAW,MAAM,CAAC;IAC9B,KAAK,OAAO,GAAG;QACb,gFAAgF;QAChF,GAAG,EAAE,MAAM,CAAA;KACZ,CAAA;CACF"}

package/dist/core/Ceremony.js

@@ -0,0 +1,104 @@
+import { Bytes } from 'ox';
+import { Authentication, Registration } from 'webauthx/server';
+import * as Storage from './Storage.js';
+/** Creates a {@link Ceremony} from a custom implementation. */
+export function from(ceremony) {
+    return ceremony;
+}
+/**
+ * Creates a pure client-side ceremony for development and prototyping.
+ *
+ * Generates challenges and verifies responses locally using `webauthx/server`.
+ * Stores credentials in memory. No external server needed.
+ *
+ * @example
+ * ```ts
+ * import { Ceremony } from 'accounts'
+ *
+ * const ceremony = Ceremony.local()
+ * ```
+ */
+export function local(options = {}) {
+    const rpId = options.rpId ?? (typeof location !== 'undefined' ? location.hostname : 'localhost');
+    const storage = options.storage ?? (typeof window !== 'undefined' ? Storage.idb() : Storage.memory());
+    const storageKey = 'credentials';
+    return from({
+        async getRegistrationOptions(parameters) {
+            const { excludeCredentialIds, name, userId } = parameters;
+            const { options } = Registration.getOptions({
+                excludeCredentialIds: excludeCredentialIds,
+                name,
+                rp: { id: rpId, name: rpId },
+                user: userId ? { id: Bytes.fromString(userId), name } : undefined,
+            });
+            return { options };
+        },
+        async verifyRegistration(credential) {
+            const publicKey = credential.publicKey;
+            const credentials = (await storage.getItem(storageKey)) ?? {};
+            credentials[credential.id] = publicKey;
+            await storage.setItem(storageKey, credentials);
+            return { credentialId: credential.id, publicKey };
+        },
+        async getAuthenticationOptions(parameters = {}) {
+            const { allowCredentialIds, challenge, credentialId } = parameters;
+            const { options } = Authentication.getOptions({
+                challenge,
+                credentialId: allowCredentialIds ?? credentialId,
+                rpId,
+            });
+            return { options };
+        },
+        async verifyAuthentication(response) {
+            const credentials = (await storage.getItem(storageKey)) ?? {};
+            const publicKey = credentials[response.id];
+            if (!publicKey)
+                throw new Error(`Unknown credential: ${response.id}`);
+            return { credentialId: response.id, publicKey };
+        },
+    });
+}
+/**
+ * Creates a server-backed ceremony that delegates to a remote {@link Handler.webauthn} endpoint.
+ *
+ * All challenge generation, verification, and credential storage happen server-side.
+ * The client uses `fetch()` to communicate with 4 POST endpoints derived from the base URL.
+ *
+ * @example
+ * ```ts
+ * import { Ceremony } from 'accounts'
+ *
+ * const ceremony = Ceremony.server({ url: 'https://example.com/webauthn' })
+ * ```
+ */
+export function server(options) {
+    const { url } = options;
+    async function request(path, body) {
+        const response = await fetch(`${url}${path}`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(body),
+        });
+        const json = await response.json();
+        if (!response.ok)
+            throw new Error(json.error ?? 'Request failed');
+        return json;
+    }
+    return from({
+        async getRegistrationOptions(parameters) {
+            const { excludeCredentialIds, name, userId } = parameters;
+            return request('/register/options', { excludeCredentialIds, name, userId });
+        },
+        async verifyRegistration(credential) {
+            return request('/register', credential);
+        },
+        async getAuthenticationOptions(parameters = {}) {
+            const { allowCredentialIds, challenge, credentialId, mediation } = parameters;
+            return request('/login/options', { allowCredentialIds, challenge, credentialId, mediation });
+        },
+        async verifyAuthentication(response) {
+            return request('/login', response);
+        },
+    });
+}
+//# sourceMappingURL=Ceremony.js.map

package/dist/core/Ceremony.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Ceremony.js","sourceRoot":"","sources":["../../src/core/Ceremony.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,IAAI,CAAA;AAE1B,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAE9D,OAAO,KAAK,OAAO,MAAM,cAAc,CAAA;AAyEvC,+DAA+D;AAC/D,MAAM,UAAU,IAAI,CAAC,QAAkB;IACrC,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,KAAK,CAAC,UAAyB,EAAE;IAC/C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;IAChG,MAAM,OAAO,GACX,OAAO,CAAC,OAAO,IAAI,CAAC,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;IACvF,MAAM,UAAU,GAAG,aAAa,CAAA;IAEhC,OAAO,IAAI,CAAC;QACV,KAAK,CAAC,sBAAsB,CAAC,UAAU;YACrC,MAAM,EAAE,oBAAoB,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,UAAU,CAAA;YACzD,MAAM,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC,UAAU,CAAC;gBAC1C,oBAAoB,EAAE,oBAA4C;gBAClE,IAAI;gBACJ,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;gBAC5B,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;aAClE,CAAC,CAAA;YACF,OAAO,EAAE,OAAO,EAAE,CAAA;QACpB,CAAC;QAED,KAAK,CAAC,kBAAkB,CAAC,UAAU;YACjC,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,CAAA;YACtC,MAAM,WAAW,GAAG,CAAC,MAAM,OAAO,CAAC,OAAO,CAAsB,UAAU,CAAC,CAAC,IAAI,EAAE,CAAA;YAClF,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC,GAAG,SAAS,CAAA;YACtC,MAAM,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA;YAC9C,OAAO,EAAE,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,CAAA;QACnD,CAAC;QAED,KAAK,CAAC,wBAAwB,CAAC,UAAU,GAAG,EAAE;YAC5C,MAAM,EAAE,kBAAkB,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,UAAU,CAAA;YAClE,MAAM,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,UAAU,CAAC;gBAC5C,SAAS;gBACT,YAAY,EAAG,kBAA2C,IAAI,YAAY;gBAC1E,IAAI;aACL,CAAC,CAAA;YACF,OAAO,EAAE,OAAO,EAAE,CAAA;QACpB,CAAC;QAED,KAAK,CAAC,oBAAoB,CAAC,QAAQ;YACjC,MAAM,WAAW,GAAG,CAAC,MAAM,OAAO,CAAC,OAAO,CAAsB,UAAU,CAAC,CAAC,IAAI,EAAE,CAAA;YAClF,MAAM,SAAS,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;YAC1C,IAAI,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAA;YACrE,OAAO,EAAE,YAAY,EAAE,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,CAAA;QACjD,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAWD;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,MAAM,CAAC,OAAuB;IAC5C,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAA;IAEvB,KAAK,UAAU,OAAO,CAAa,IAAY,EAAE,IAAa;QAC5D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,GAAG,GAAG,IAAI,EAAE,EAAE;YAC5C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAA;QACF,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;QAClC,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAE,IAA2B,CAAC,KAAK,IAAI,gBAAgB,CAAC,CAAA;QACzF,OAAO,IAAkB,CAAA;IAC3B,CAAC;IAED,OAAO,IAAI,CAAC;QACV,KAAK,CAAC,sBAAsB,CAAC,UAAU;YACrC,MAAM,EAAE,oBAAoB,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,UAAU,CAAA;YACzD,OAAO,OAAO,CAAC,mBAAmB,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAA;QAC7E,CAAC;QAED,KAAK,CAAC,kBAAkB,CAAC,UAAU;YACjC,OAAO,OAAO,CAAC,WAAW,EAAE,UAAU,CAAC,CAAA;QACzC,CAAC;QAED,KAAK,CAAC,wBAAwB,CAAC,UAAU,GAAG,EAAE;YAC5C,MAAM,EAAE,kBAAkB,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,UAAU,CAAA;YAC7E,OAAO,OAAO,CAAC,gBAAgB,EAAE,EAAE,kBAAkB,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC,CAAA;QAC9F,CAAC;QAED,KAAK,CAAC,oBAAoB,CAAC,QAAQ;YACjC,OAAO,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACpC,CAAC;KACF,CAAC,CAAA;AACJ,CAAC"}

package/dist/core/Client.d.ts

@@ -0,0 +1,16 @@
+import { type Chain, type Client, type Transport } from 'viem';
+import type { tempo } from 'viem/chains';
+import type * as Store from './Store.js';
+/** Resolves a viem Client for a given chain ID (cached). */
+export declare function fromChainId(chainId: number | undefined, options: fromChainId.Options): Client<Transport, typeof tempo>;
+export declare namespace fromChainId {
+    type Options = {
+        /** Supported chains. */
+        chains: readonly [Chain, ...Chain[]];
+        /** Fee payer service URL. When set, the transport routes fee-payer RPC calls to this URL. */
+        feePayer?: string | undefined;
+        /** Reactive state store. */
+        store: Store.Store;
+    };
+}
+//# sourceMappingURL=Client.d.ts.map

package/dist/core/Client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Client.d.ts","sourceRoot":"","sources":["../../src/core/Client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,KAAK,EAAgB,KAAK,MAAM,EAAQ,KAAK,SAAS,EAAE,MAAM,MAAM,CAAA;AAClF,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AAGxC,OAAO,KAAK,KAAK,KAAK,MAAM,YAAY,CAAA;AAIxC,4DAA4D;AAC5D,wBAAgB,WAAW,CACzB,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,OAAO,EAAE,WAAW,CAAC,OAAO,GAC3B,MAAM,CAAC,SAAS,EAAE,OAAO,KAAK,CAAC,CAYjC;AAED,MAAM,CAAC,OAAO,WAAW,WAAW,CAAC;IACnC,KAAK,OAAO,GAAG;QACb,wBAAwB;QACxB,MAAM,EAAE,SAAS,CAAC,KAAK,EAAE,GAAG,KAAK,EAAE,CAAC,CAAA;QACpC,6FAA6F;QAC7F,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QAC7B,4BAA4B;QAC5B,KAAK,EAAE,KAAK,CAAC,KAAK,CAAA;KACnB,CAAA;CACF"}

package/dist/core/Client.js

@@ -0,0 +1,18 @@
+import { createClient, http } from 'viem';
+import { withFeePayer } from 'viem/tempo';
+const clients = new Map();
+/** Resolves a viem Client for a given chain ID (cached). */
+export function fromChainId(chainId, options) {
+    const { chains, feePayer, store } = options;
+    const id = chainId ?? store.getState().chainId;
+    const key = `${id}:${feePayer ?? ''}`;
+    let client = clients.get(key);
+    if (!client) {
+        const chain = chains.find((c) => c.id === id) ?? chains[0];
+        const transport = feePayer ? withFeePayer(http(), http(feePayer)) : http();
+        client = createClient({ chain, transport, pollingInterval: 1000 });
+        clients.set(key, client);
+    }
+    return client;
+}
+//# sourceMappingURL=Client.js.map

package/dist/core/Client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Client.js","sourceRoot":"","sources":["../../src/core/Client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,YAAY,EAAe,IAAI,EAAkB,MAAM,MAAM,CAAA;AAElF,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAIzC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAA;AAEzC,4DAA4D;AAC5D,MAAM,UAAU,WAAW,CACzB,OAA2B,EAC3B,OAA4B;IAE5B,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;IAC3C,MAAM,EAAE,GAAG,OAAO,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAA;IAC9C,MAAM,GAAG,GAAG,GAAG,EAAE,IAAI,QAAQ,IAAI,EAAE,EAAE,CAAA;IACrC,IAAI,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC7B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,CAAE,CAAA;QAC3D,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QAC1E,MAAM,GAAG,YAAY,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAA;QAClE,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;IAC1B,CAAC;IACD,OAAO,MAAe,CAAA;AACxB,CAAC"}

package/dist/core/Dialog.d.ts

@@ -0,0 +1,52 @@
+import type * as Store from './Store.js';
+/** Dialog interface — manages the iframe/popup lifecycle for cross-origin auth. */
+export type Dialog = SetupFn & Meta;
+/** Static metadata attached to a dialog function. */
+export type Meta = {
+    /** Identifier for the dialog type (e.g. `'iframe'`, `'popup'`). */
+    name?: string | undefined;
+};
+export type Instance = {
+    /** Close the dialog (hide iframe / close popup). */
+    close: () => void;
+    /** Destroy the dialog (remove DOM elements, clean up). */
+    destroy: () => void;
+    /** Open the dialog (show iframe / open popup). */
+    open: () => void;
+    /** Sync the pending request queue to the remote auth app. */
+    syncRequests: (requests: readonly Store.QueuedRequest[]) => Promise<void>;
+};
+/** The setup function a dialog must implement. */
+export type SetupFn = (parameters: SetupFn.Parameters) => Instance;
+export declare namespace SetupFn {
+    type Parameters = {
+        /** URL of the Tempo Auth app. */
+        host: string;
+        /** Reactive state store. */
+        store: Store.Store;
+    };
+}
+export declare const defaultSize: {
+    height: number;
+    width: number;
+};
+/** Creates a dialog from metadata and a setup function. */
+export declare function define(meta: Meta, fn: SetupFn): Dialog;
+/** Detects Safari (which does not support WebAuthn in cross-origin iframes). */
+export declare function isSafari(): boolean;
+/** Creates an iframe dialog that embeds the auth app in a `<dialog>` element. */
+export declare function iframe(): Dialog;
+/** Opens the auth app in a new browser window. */
+export declare function popup(options?: popup.Options): Dialog;
+export declare namespace popup {
+    type Options = {
+        /** Popup window dimensions. @default `{ width: 360, height: 440 }` */
+        size?: {
+            width: number;
+            height: number;
+        } | undefined;
+    };
+}
+/** Returns a no-op dialog for SSR environments. */
+export declare function noop(): Dialog;
+//# sourceMappingURL=Dialog.d.ts.map

package/dist/core/Dialog.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Dialog.d.ts","sourceRoot":"","sources":["../../src/core/Dialog.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,KAAK,KAAK,MAAM,YAAY,CAAA;AAExC,mFAAmF;AACnF,MAAM,MAAM,MAAM,GAAG,OAAO,GAAG,IAAI,CAAA;AAEnC,qDAAqD;AACrD,MAAM,MAAM,IAAI,GAAG;IACjB,mEAAmE;IACnE,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,QAAQ,GAAG;IACrB,oDAAoD;IACpD,KAAK,EAAE,MAAM,IAAI,CAAA;IACjB,0DAA0D;IAC1D,OAAO,EAAE,MAAM,IAAI,CAAA;IACnB,kDAAkD;IAClD,IAAI,EAAE,MAAM,IAAI,CAAA;IAChB,6DAA6D;IAC7D,YAAY,EAAE,CAAC,QAAQ,EAAE,SAAS,KAAK,CAAC,aAAa,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1E,CAAA;AAED,kDAAkD;AAClD,MAAM,MAAM,OAAO,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,UAAU,KAAK,QAAQ,CAAA;AAElE,MAAM,CAAC,OAAO,WAAW,OAAO,CAAC;IAC/B,KAAK,UAAU,GAAG;QAChB,iCAAiC;QACjC,IAAI,EAAE,MAAM,CAAA;QACZ,4BAA4B;QAC5B,KAAK,EAAE,KAAK,CAAC,KAAK,CAAA;KACnB,CAAA;CACF;AAED,eAAO,MAAM,WAAW;;;CAA8B,CAAA;AAEtD,2DAA2D;AAC3D,wBAAgB,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO,GAAG,MAAM,CAItD;AAED,gFAAgF;AAChF,wBAAgB,QAAQ,IAAI,OAAO,CAIlC;AAED,iFAAiF;AACjF,wBAAgB,MAAM,IAAI,MAAM,CA6M/B;AAED,kDAAkD;AAClD,wBAAgB,KAAK,CAAC,OAAO,GAAE,KAAK,CAAC,OAAY,GAAG,MAAM,CAoFzD;AAED,MAAM,CAAC,OAAO,WAAW,KAAK,CAAC;IAC7B,KAAK,OAAO,GAAG;QACb,sEAAsE;QACtE,IAAI,CAAC,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,GAAG,SAAS,CAAA;KACrD,CAAA;CACF;AAED,mDAAmD;AACnD,wBAAgB,IAAI,IAAI,MAAM,CAO7B"}

package/dist/core/Dialog.js

@@ -0,0 +1,342 @@
+import * as Messenger from './Messenger.js';
+export const defaultSize = { height: 440, width: 360 };
+/** Creates a dialog from metadata and a setup function. */
+export function define(meta, fn) {
+    const { name, ...rest } = meta;
+    Object.defineProperty(fn, 'name', { value: name, configurable: true });
+    return Object.assign(fn, rest);
+}
+/** Detects Safari (which does not support WebAuthn in cross-origin iframes). */
+export function isSafari() {
+    if (typeof navigator === 'undefined')
+        return false;
+    const ua = navigator.userAgent.toLowerCase();
+    return ua.includes('safari') && !ua.includes('chrome');
+}
+/** Creates an iframe dialog that embeds the auth app in a `<dialog>` element. */
+export function iframe() {
+    if (typeof window === 'undefined')
+        return noop();
+    return define({ name: 'iframe' }, (parameters) => {
+        const { host, store } = parameters;
+        const fallback = popup()(parameters);
+        let open = false;
+        const referrer = getReferrer();
+        const hostUrl = new URL(host);
+        hostUrl.searchParams.set('chainId', String(store.getState().chainId));
+        hostUrl.searchParams.set('mode', 'iframe');
+        if (referrer.icon) {
+            if (typeof referrer.icon === 'string')
+                hostUrl.searchParams.set('icon', referrer.icon);
+            else {
+                hostUrl.searchParams.set('icon', referrer.icon.light);
+                hostUrl.searchParams.set('iconDark', referrer.icon.dark);
+            }
+        }
+        const root = document.createElement('dialog');
+        root.dataset.tempoWallet = '';
+        root.setAttribute('role', 'dialog');
+        root.setAttribute('aria-closed', 'true');
+        root.setAttribute('aria-label', 'Tempo Auth');
+        root.setAttribute('hidden', 'until-found');
+        Object.assign(root.style, {
+            background: 'transparent',
+            border: '0',
+            outline: '0',
+            padding: '0',
+            position: 'fixed',
+        });
+        document.body.appendChild(root);
+        const frame = document.createElement('iframe');
+        frame.dataset.testid = 'tempo-wallet';
+        frame.setAttribute('allow', [
+            `publickey-credentials-get ${hostUrl.origin}`,
+            `publickey-credentials-create ${hostUrl.origin}`,
+            'clipboard-write',
+        ].join('; '));
+        frame.setAttribute('allowtransparency', 'true');
+        frame.setAttribute('tabindex', '0');
+        frame.setAttribute('title', 'Tempo Auth');
+        frame.src = hostUrl.toString();
+        Object.assign(frame.style, {
+            backgroundColor: 'transparent',
+            border: '0',
+            colorScheme: 'light dark',
+            height: '100%',
+            left: '0',
+            position: 'fixed',
+            top: '0',
+            width: '100%',
+        });
+        const style = document.createElement('style');
+        style.innerHTML = `
+        dialog[data-tempo-wallet]::backdrop {
+          background: transparent!important;
+        }
+      `;
+        root.appendChild(style);
+        root.appendChild(frame);
+        const messenger = Messenger.bridge({
+            from: Messenger.fromWindow(window, { targetOrigin: hostUrl.origin }),
+            to: Messenger.fromWindow(frame.contentWindow, {
+                targetOrigin: hostUrl.origin,
+            }),
+            waitForReady: true,
+        });
+        messenger.on('rpc-response', (response) => handleResponse(store, response));
+        let savedOverflow = '';
+        let opener = null;
+        const onBlur = () => handleBlur(store);
+        // 1Password extension adds `inert` attribute to `dialog` rendering it unusable.
+        const inertObserver = new MutationObserver((mutations) => {
+            for (const mutation of mutations) {
+                if (mutation.type !== 'attributes')
+                    continue;
+                if (mutation.attributeName !== 'inert')
+                    continue;
+                root.removeAttribute('inert');
+            }
+        });
+        inertObserver.observe(root, { attributeOldValue: true, attributes: true });
+        // dialog/page interactivity (no visibility change)
+        let dialogActive = false;
+        const activatePage = () => {
+            if (!dialogActive)
+                return;
+            dialogActive = false;
+            root.removeEventListener('cancel', onBlur);
+            root.removeEventListener('click', onBlur);
+            root.style.pointerEvents = 'none';
+            opener?.focus();
+            opener = null;
+            document.body.style.overflow = savedOverflow;
+        };
+        const activateDialog = () => {
+            if (dialogActive)
+                return;
+            dialogActive = true;
+            root.addEventListener('cancel', onBlur);
+            root.addEventListener('click', onBlur);
+            frame.focus();
+            root.style.pointerEvents = 'auto';
+            savedOverflow = document.body.style.overflow;
+            document.body.style.overflow = 'hidden';
+        };
+        // dialog visibility
+        let visible = false;
+        const showDialog = () => {
+            if (visible)
+                return;
+            visible = true;
+            if (document.activeElement instanceof HTMLElement)
+                opener = document.activeElement;
+            root.removeAttribute('hidden');
+            root.removeAttribute('aria-closed');
+            root.showModal();
+        };
+        const hideDialog = () => {
+            if (!visible)
+                return;
+            visible = false;
+            root.setAttribute('hidden', 'true');
+            root.setAttribute('aria-closed', 'true');
+            root.close();
+            // 1Password extension sometimes adds `inert` to dialog siblings
+            // and does not clean up when dialog closes.
+            for (const sibling of root.parentNode ? Array.from(root.parentNode.children) : []) {
+                if (sibling === root)
+                    continue;
+                if (!sibling.hasAttribute('inert'))
+                    continue;
+                sibling.removeAttribute('inert');
+            }
+        };
+        return {
+            close() {
+                fallback.close();
+                open = false;
+                hideDialog();
+                activatePage();
+            },
+            destroy() {
+                fallback.close();
+                open = false;
+                activatePage();
+                hideDialog();
+                fallback.destroy();
+                messenger.destroy();
+                root.remove();
+                inertObserver.disconnect();
+            },
+            open() {
+                if (open)
+                    return;
+                open = true;
+                showDialog();
+                activateDialog();
+            },
+            async syncRequests(requests) {
+                // Safari does not support WebAuthn credential creation in iframes.
+                // Fall back to popup dialog.
+                const unsupported = isSafari() &&
+                    requests.some((x) => ['wallet_connect', 'eth_requestAccounts'].includes(x.request.method));
+                if (unsupported) {
+                    fallback.syncRequests(requests);
+                }
+                else {
+                    const requiresConfirm = requests.some((x) => x.status === 'pending');
+                    if (!open && requiresConfirm)
+                        this.open();
+                    messenger.send('rpc-requests', {
+                        account: getAccount(store),
+                        chainId: store.getState().chainId,
+                        requests,
+                    });
+                }
+            },
+        };
+    });
+}
+/** Opens the auth app in a new browser window. */
+export function popup(options = {}) {
+    if (typeof window === 'undefined')
+        return noop();
+    const { size = defaultSize } = options;
+    return define({ name: 'popup' }, (parameters) => {
+        const { host, store } = parameters;
+        let win = null;
+        function onBlur() {
+            if (win)
+                handleBlur(store);
+        }
+        const offDetectClosed = (() => {
+            const timer = setInterval(() => {
+                if (win?.closed)
+                    handleBlur(store);
+            }, 100);
+            return () => clearInterval(timer);
+        })();
+        let messenger;
+        return {
+            close() {
+                if (!win)
+                    return;
+                win.close();
+                win = null;
+            },
+            destroy() {
+                this.close();
+                window.removeEventListener('focus', onBlur);
+                messenger?.destroy();
+                offDetectClosed();
+            },
+            open() {
+                const referrer = getReferrer();
+                const hostUrl = new URL(host);
+                hostUrl.searchParams.set('chainId', String(store.getState().chainId));
+                hostUrl.searchParams.set('mode', 'popup');
+                if (referrer.icon) {
+                    if (typeof referrer.icon === 'string')
+                        hostUrl.searchParams.set('icon', referrer.icon);
+                    else {
+                        hostUrl.searchParams.set('icon', referrer.icon.light);
+                        hostUrl.searchParams.set('iconDark', referrer.icon.dark);
+                    }
+                }
+                const left = (window.innerWidth - size.width) / 2 + window.screenX;
+                const top = window.screenY + 100;
+                win = window.open(hostUrl.toString(), '_blank', `width=${size.width},height=${size.height},left=${left},top=${top}`);
+                if (!win)
+                    throw new Error('Failed to open popup');
+                messenger = Messenger.bridge({
+                    from: Messenger.fromWindow(window, { targetOrigin: hostUrl.origin }),
+                    to: Messenger.fromWindow(win, { targetOrigin: hostUrl.origin }),
+                    waitForReady: true,
+                });
+                messenger.on('rpc-response', (response) => handleResponse(store, response));
+                window.removeEventListener('focus', onBlur);
+                window.addEventListener('focus', onBlur);
+            },
+            async syncRequests(requests) {
+                const requiresConfirm = requests.some((x) => x.status === 'pending');
+                if (requiresConfirm) {
+                    if (!win || win.closed)
+                        this.open();
+                    win?.focus();
+                }
+                messenger?.send('rpc-requests', {
+                    account: getAccount(store),
+                    chainId: store.getState().chainId,
+                    requests,
+                });
+            },
+        };
+    });
+}
+/** Returns a no-op dialog for SSR environments. */
+export function noop() {
+    return define({ name: 'noop' }, () => ({
+        open() { },
+        close() { },
+        destroy() { },
+        async syncRequests() { },
+    }));
+}
+/** Updates the store with an RPC response from the remote auth app. */
+function handleResponse(store, response) {
+    store.setState((x) => ({
+        ...x,
+        requestQueue: x.requestQueue.map((queued) => {
+            if (queued.request.id !== response.id)
+                return queued;
+            if (response.error)
+                return {
+                    request: queued.request,
+                    error: response.error,
+                    status: 'error',
+                };
+            return {
+                request: queued.request,
+                result: response.result,
+                status: 'success',
+            };
+        }),
+    }));
+}
+/** Marks all pending requests as rejected (user closed the dialog). */
+function handleBlur(store) {
+    store.setState((x) => ({
+        ...x,
+        requestQueue: x.requestQueue.map((queued) => queued.status === 'pending'
+            ? {
+                request: queued.request,
+                error: { code: 4001, message: 'User rejected the request.' },
+                status: 'error',
+            }
+            : queued),
+    }));
+}
+/** Returns the active account from the store, or `undefined` if none. */
+function getAccount(store) {
+    const { accounts, activeAccount } = store.getState();
+    const account = accounts[activeAccount];
+    if (!account)
+        return undefined;
+    return { address: account.address };
+}
+/**
+ * Extracts referrer metadata from the host page.
+ * Must be called in the host page context (where `document` is accessible).
+ */
+function getReferrer() {
+    const icon = (() => {
+        const dark = document.querySelector('link[rel~="icon"][media="(prefers-color-scheme: dark)"]');
+        const light = (document.querySelector('link[rel~="icon"][media="(prefers-color-scheme: light)"]') ?? document.querySelector('link[rel~="icon"]'));
+        if (dark?.href && light?.href && dark.href !== light.href)
+            return { dark: dark.href, light: light.href };
+        const isDark = window.matchMedia('(prefers-color-scheme: dark)').matches;
+        return (isDark ? dark?.href : light?.href) ?? light?.href;
+    })();
+    return { icon, title: document.title };
+}
+//# sourceMappingURL=Dialog.js.map