npm - signet-login - Versions diffs - 0.10.2 → 0.10.3 - Mend

signet-login 0.10.2 → 0.10.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +14 -1
package/dist/signers.d.ts +17 -5
package/dist/signers.js +51 -6
package/dist/signet-login.d.ts +2 -2
package/dist/signet-login.iife.js +16 -16
package/dist/signet-login.js +6 -2
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -164,9 +164,22 @@ await fetch('/api/login', {
 });
 ```
-Headless exports include `hasNip07`, `createNip07Signer`, `createBunkerSigner`, `createBunkerSignerFromNostrConnect`, `buildNostrConnectUri`, `createLocalSignerFromNsec`, `createLoginAuthEvent`, `createSessionFromSigner`, and `generateSecretKey`.
+Headless exports include `hasNip07`, `createNip07Signer`, `createBunkerSigner`, `createBunkerSignerFromNostrConnect`, `buildNostrConnectUri`, `buildBunkerUriFromNostrConnectUri`, `isBunkerUri`, `isNostrConnectUri`, `isSupportedPairingUri`, `createLocalSignerFromNsec`, `createLoginAuthEvent`, `createSessionFromSigner`, and `generateSecretKey`.
 The IIFE bundle attaches the same helpers to `window.Signet`.
+### NostrConnect and bunker roles
+NIP-46 has two URI directions:
+| URI | Producer | Consumer | Use |
+|---|---|---|---|
+| `nostrconnect://...` | The app / Signet Access client | Signer app scans or opens it | First pairing, where the app advertises its client pubkey, relays, requested permissions, and one-time secret |
+| `bunker://...` | The signer / bunker | App connects to it | Reconnect, paste/scan bunker flows, native clients, and persisted sessions |
+`createBunkerSignerFromNostrConnect()` waits for the signer response and then stores the equivalent `bunker://` reconnect URI internally, preserving the relay list and secret. This matters for apps such as Canary, Pallasite, and Axenstax: the user can pair once with NostrConnect, then `restoreSession()` can reconnect with the same stable client key instead of showing a fresh pairing request.
+Signet Access is the app-side session broker. Identity creation, recovery, and derived personas belong in Signet, Heartwood, and `nsec-tree`; app integrations should consume the returned pubkey and capability flags instead of deriving identities inside the login SDK.
 ### Custom storage
 By default, Signet Access stores session state in localStorage under `signet:login.*`. Pass `storage` when you need encrypted, async, IndexedDB, server-backed, or test storage:

package/dist/signers.d.ts CHANGED Viewed

@@ -85,11 +85,23 @@ export declare function buildNostrConnectUri(input: {
     appUrl?: string;
 }): string;
 /**
- * Connect a bunker session from a `bunker://` or `nostr+connect://` URI (or a
- * NIP-05 identifier). Pass `clientSecretKey` to bind a stable client pubkey the
- * signer can auto-approve (see `loadOrCreatePersistentClientSk`); when omitted a
- * fresh ephemeral key is generated, which a per-pubkey-approving bunker will
- * treat as a new, unapproved client.
+ * Convert an app-generated `nostrconnect://` pairing URI into the equivalent
+ * signer-published `bunker://` reconnect URI once the signer pubkey is known.
+ *
+ * `nostrconnect://` is a one-time app-to-signer invitation; it only contains
+ * the client pubkey. After the signer responds, future restores should use
+ * `bunker://signerPubkey?...` with the same relays and secret.
+ */
+export declare function buildBunkerUriFromNostrConnectUri(nostrConnectUri: string, signerPubkeyHex: string): string;
+export declare function isBunkerUri(value: string): boolean;
+export declare function isNostrConnectUri(value: string): boolean;
+export declare function isSupportedPairingUri(value: string): boolean;
+/**
+ * Connect a bunker session from a `bunker://` URI or NIP-05 identifier. Pass
+ * `clientSecretKey` to bind a stable client pubkey the signer can auto-approve
+ * (see `loadOrCreatePersistentClientSk`); when omitted a fresh ephemeral key is
+ * generated, which a per-pubkey-approving bunker will treat as a new,
+ * unapproved client.
  */
 export declare function createBunkerSigner(input: {
     uri: string;

package/dist/signers.js CHANGED Viewed

@@ -118,7 +118,8 @@ export async function createBunkerSignerFromNostrConnect(input) {
         await bunker.close().catch(() => { });
         throw new Error('invalid-pubkey-from-bunker');
     }
-    return new BunkerSignerImpl(pubkey.toLowerCase(), bunker, uri, clientSecretKey);
+    const normalizedBunkerUri = buildBunkerUriFromNostrConnectUri(uri, pubkey);
+    return new BunkerSignerImpl(pubkey.toLowerCase(), bunker, normalizedBunkerUri, clientSecretKey);
 }
 /**
  * Build a NIP-46 `nostrconnect://` URI for the app-initiated flow. The
@@ -149,6 +150,50 @@ export function buildNostrConnectUri(input) {
         params.set('url', input.appUrl);
     return `nostrconnect://${clientPubkeyHex}?${params.toString()}`;
 }
+/**
+ * Convert an app-generated `nostrconnect://` pairing URI into the equivalent
+ * signer-published `bunker://` reconnect URI once the signer pubkey is known.
+ *
+ * `nostrconnect://` is a one-time app-to-signer invitation; it only contains
+ * the client pubkey. After the signer responds, future restores should use
+ * `bunker://signerPubkey?...` with the same relays and secret.
+ */
+export function buildBunkerUriFromNostrConnectUri(nostrConnectUri, signerPubkeyHex) {
+    if (!/^[0-9a-f]{64}$/i.test(signerPubkeyHex))
+        throw new Error('invalid-signer-pubkey');
+    let parsed;
+    try {
+        parsed = new URL(nostrConnectUri);
+    }
+    catch {
+        throw new Error('invalid-nostrconnect-uri');
+    }
+    if (parsed.protocol !== 'nostrconnect:')
+        throw new Error('invalid-nostrconnect-uri');
+    const relays = parsed.searchParams.getAll('relay').map(relay => relay.trim()).filter(Boolean);
+    if (relays.length === 0)
+        throw new Error('relay-url-required');
+    for (const relayUrl of relays) {
+        if (!/^wss?:\/\//.test(relayUrl))
+            throw new Error('invalid-relay-url');
+    }
+    const secret = parsed.searchParams.get('secret');
+    const params = new URLSearchParams();
+    for (const relayUrl of relays)
+        params.append('relay', relayUrl);
+    if (secret)
+        params.set('secret', secret);
+    return `bunker://${signerPubkeyHex.toLowerCase()}?${params.toString()}`;
+}
+export function isBunkerUri(value) {
+    return value.trim().toLowerCase().startsWith('bunker://');
+}
+export function isNostrConnectUri(value) {
+    return value.trim().toLowerCase().startsWith('nostrconnect://');
+}
+export function isSupportedPairingUri(value) {
+    return isBunkerUri(value) || isNostrConnectUri(value);
+}
 /**
  * Race a bunker handshake against a deadline. nostr-tools' `BunkerSigner`
  * `sendRequest` has no per-request timeout — it publishes the request and only
@@ -177,11 +222,11 @@ async function raceBunkerHandshake(p, ms, bunker) {
     }
 }
 /**
- * Connect a bunker session from a `bunker://` or `nostr+connect://` URI (or a
- * NIP-05 identifier). Pass `clientSecretKey` to bind a stable client pubkey the
- * signer can auto-approve (see `loadOrCreatePersistentClientSk`); when omitted a
- * fresh ephemeral key is generated, which a per-pubkey-approving bunker will
- * treat as a new, unapproved client.
+ * Connect a bunker session from a `bunker://` URI or NIP-05 identifier. Pass
+ * `clientSecretKey` to bind a stable client pubkey the signer can auto-approve
+ * (see `loadOrCreatePersistentClientSk`); when omitted a fresh ephemeral key is
+ * generated, which a per-pubkey-approving bunker will treat as a new,
+ * unapproved client.
  */
 export async function createBunkerSigner(input) {
     const trimmed = input.uri.trim();

package/dist/signet-login.d.ts CHANGED Viewed

@@ -16,7 +16,7 @@
  */
 export type { NostrEvent, EventTemplate, LoginMethod, LoginPickerMethod, SignerCapabilities, SignetSigner, SignetAuthEvent, SignetSession, LoginOptions, RestoreOptions, SignetStorage, } from './types.js';
 import type { SignetSigner, LoginOptions, RestoreOptions, SignetSession, SignetAuthEvent, SignetStorage } from './types.js';
-import { hasNip07, createNip07Signer, createBunkerSigner, createBunkerSignerFromNostrConnect, buildNostrConnectUri, createLocalSignerFromNsec, generateSecretKey, Nip07Signer, BunkerSignerImpl, LocalSigner } from './signers.js';
+import { hasNip07, createNip07Signer, createBunkerSigner, createBunkerSignerFromNostrConnect, buildNostrConnectUri, buildBunkerUriFromNostrConnectUri, isBunkerUri, isNostrConnectUri, isSupportedPairingUri, createLocalSignerFromNsec, generateSecretKey, Nip07Signer, BunkerSignerImpl, LocalSigner } from './signers.js';
 import { type ConsumeAmberResult } from './amber.js';
 import { handleCallback as handlePopupCallback } from './callback.js';
 import type { ConsumeCallbackResult } from './redirect.js';
@@ -24,7 +24,7 @@ export type { CallbackResult } from './callback.js';
 export type { ConsumeCallbackResult } from './redirect.js';
 export type { ConsumeAmberResult } from './amber.js';
 export { isAndroid } from './amber.js';
-export { hasNip07, createNip07Signer, createBunkerSigner, createBunkerSignerFromNostrConnect, buildNostrConnectUri, createLocalSignerFromNsec, generateSecretKey, Nip07Signer, BunkerSignerImpl, LocalSigner, };
+export { hasNip07, createNip07Signer, createBunkerSigner, createBunkerSignerFromNostrConnect, buildNostrConnectUri, buildBunkerUriFromNostrConnectUri, isBunkerUri, isNostrConnectUri, isSupportedPairingUri, createLocalSignerFromNsec, generateSecretKey, Nip07Signer, BunkerSignerImpl, LocalSigner, };
 export interface HandleRedirectCallbackOptions {
     /**
      * Await the returned `bunker://` handoff before resolving the callback.