npm - tenzro-wallet - Versions diffs - 0.1.0 - Mend

tenzro-wallet 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (471) hide show

package/LICENSE +201 -0
package/README.md +128 -0
package/dist/balance/aggregator.d.ts +16 -0
package/dist/balance/aggregator.d.ts.map +1 -0
package/dist/balance/aggregator.js +73 -0
package/dist/balance/aggregator.js.map +1 -0
package/dist/balance/index.d.ts +3 -0
package/dist/balance/index.d.ts.map +1 -0
package/dist/balance/index.js +2 -0
package/dist/balance/index.js.map +1 -0
package/dist/consent/index.d.ts +3 -0
package/dist/consent/index.d.ts.map +1 -0
package/dist/consent/index.js +2 -0
package/dist/consent/index.js.map +1 -0
package/dist/consent/policy.d.ts +27 -0
package/dist/consent/policy.d.ts.map +1 -0
package/dist/consent/policy.js +121 -0
package/dist/consent/policy.js.map +1 -0
package/dist/crypto/eip1559.d.ts +53 -0
package/dist/crypto/eip1559.d.ts.map +1 -0
package/dist/crypto/eip1559.js +79 -0
package/dist/crypto/eip1559.js.map +1 -0
package/dist/crypto/keccak256.d.ts +20 -0
package/dist/crypto/keccak256.d.ts.map +1 -0
package/dist/crypto/keccak256.js +167 -0
package/dist/crypto/keccak256.js.map +1 -0
package/dist/crypto/rlp.d.ts +30 -0
package/dist/crypto/rlp.d.ts.map +1 -0
package/dist/crypto/rlp.js +165 -0
package/dist/crypto/rlp.js.map +1 -0
package/dist/crypto/sha256.d.ts +14 -0
package/dist/crypto/sha256.d.ts.map +1 -0
package/dist/crypto/sha256.js +33 -0
package/dist/crypto/sha256.js.map +1 -0
package/dist/crypto/solana.d.ts +86 -0
package/dist/crypto/solana.d.ts.map +1 -0
package/dist/crypto/solana.js +218 -0
package/dist/crypto/solana.js.map +1 -0
package/dist/custody/frost/backend.d.ts +59 -0
package/dist/custody/frost/backend.d.ts.map +1 -0
package/dist/custody/frost/backend.js +83 -0
package/dist/custody/frost/backend.js.map +1 -0
package/dist/custody/frost/coordinator.d.ts +148 -0
package/dist/custody/frost/coordinator.d.ts.map +1 -0
package/dist/custody/frost/coordinator.js +58 -0
package/dist/custody/frost/coordinator.js.map +1 -0
package/dist/custody/frost/ed25519-driver.d.ts +30 -0
package/dist/custody/frost/ed25519-driver.d.ts.map +1 -0
package/dist/custody/frost/ed25519-driver.js +76 -0
package/dist/custody/frost/ed25519-driver.js.map +1 -0
package/dist/custody/frost/http-adapter.d.ts +77 -0
package/dist/custody/frost/http-adapter.d.ts.map +1 -0
package/dist/custody/frost/http-adapter.js +168 -0
package/dist/custody/frost/http-adapter.js.map +1 -0
package/dist/custody/frost/hybrid-driver.d.ts +37 -0
package/dist/custody/frost/hybrid-driver.d.ts.map +1 -0
package/dist/custody/frost/hybrid-driver.js +60 -0
package/dist/custody/frost/hybrid-driver.js.map +1 -0
package/dist/custody/frost/index.d.ts +12 -0
package/dist/custody/frost/index.d.ts.map +1 -0
package/dist/custody/frost/index.js +6 -0
package/dist/custody/frost/index.js.map +1 -0
package/dist/custody/frost/secp256k1-driver.d.ts +26 -0
package/dist/custody/frost/secp256k1-driver.d.ts.map +1 -0
package/dist/custody/frost/secp256k1-driver.js +78 -0
package/dist/custody/frost/secp256k1-driver.js.map +1 -0
package/dist/custody/index.d.ts +9 -0
package/dist/custody/index.d.ts.map +1 -0
package/dist/custody/index.js +11 -0
package/dist/custody/index.js.map +1 -0
package/dist/custody/internal-mpc.d.ts +14 -0
package/dist/custody/internal-mpc.d.ts.map +1 -0
package/dist/custody/internal-mpc.js +40 -0
package/dist/custody/internal-mpc.js.map +1 -0
package/dist/custody/mldsa/coordinator.d.ts +63 -0
package/dist/custody/mldsa/coordinator.d.ts.map +1 -0
package/dist/custody/mldsa/coordinator.js +44 -0
package/dist/custody/mldsa/coordinator.js.map +1 -0
package/dist/custody/mldsa/driver.d.ts +23 -0
package/dist/custody/mldsa/driver.d.ts.map +1 -0
package/dist/custody/mldsa/driver.js +43 -0
package/dist/custody/mldsa/driver.js.map +1 -0
package/dist/custody/mldsa/http-adapter.d.ts +59 -0
package/dist/custody/mldsa/http-adapter.d.ts.map +1 -0
package/dist/custody/mldsa/http-adapter.js +103 -0
package/dist/custody/mldsa/http-adapter.js.map +1 -0
package/dist/custody/mldsa/index.d.ts +7 -0
package/dist/custody/mldsa/index.d.ts.map +1 -0
package/dist/custody/mldsa/index.js +4 -0
package/dist/custody/mldsa/index.js.map +1 -0
package/dist/custody/pairing/http-adapter.d.ts +40 -0
package/dist/custody/pairing/http-adapter.d.ts.map +1 -0
package/dist/custody/pairing/http-adapter.js +113 -0
package/dist/custody/pairing/http-adapter.js.map +1 -0
package/dist/custody/pairing/index.d.ts +10 -0
package/dist/custody/pairing/index.d.ts.map +1 -0
package/dist/custody/pairing/index.js +8 -0
package/dist/custody/pairing/index.js.map +1 -0
package/dist/custody/pairing/port.d.ts +121 -0
package/dist/custody/pairing/port.d.ts.map +1 -0
package/dist/custody/pairing/port.js +40 -0
package/dist/custody/pairing/port.js.map +1 -0
package/dist/custody/passkey-share/http-adapter.d.ts +77 -0
package/dist/custody/passkey-share/http-adapter.d.ts.map +1 -0
package/dist/custody/passkey-share/http-adapter.js +125 -0
package/dist/custody/passkey-share/http-adapter.js.map +1 -0
package/dist/custody/passkey-share/index.d.ts +7 -0
package/dist/custody/passkey-share/index.d.ts.map +1 -0
package/dist/custody/passkey-share/index.js +4 -0
package/dist/custody/passkey-share/index.js.map +1 -0
package/dist/custody/passkey-share/unwrapper.d.ts +174 -0
package/dist/custody/passkey-share/unwrapper.d.ts.map +1 -0
package/dist/custody/passkey-share/unwrapper.js +132 -0
package/dist/custody/passkey-share/unwrapper.js.map +1 -0
package/dist/custody/passkey-share/webauthn-adapter.d.ts +112 -0
package/dist/custody/passkey-share/webauthn-adapter.d.ts.map +1 -0
package/dist/custody/passkey-share/webauthn-adapter.js +150 -0
package/dist/custody/passkey-share/webauthn-adapter.js.map +1 -0
package/dist/custody/surface-key-id.d.ts +15 -0
package/dist/custody/surface-key-id.d.ts.map +1 -0
package/dist/custody/surface-key-id.js +25 -0
package/dist/custody/surface-key-id.js.map +1 -0
package/dist/dapp/eip6963.d.ts +64 -0
package/dist/dapp/eip6963.d.ts.map +1 -0
package/dist/dapp/eip6963.js +55 -0
package/dist/dapp/eip6963.js.map +1 -0
package/dist/dapp/index.d.ts +21 -0
package/dist/dapp/index.d.ts.map +1 -0
package/dist/dapp/index.js +24 -0
package/dist/dapp/index.js.map +1 -0
package/dist/identity/delegate-set.d.ts +57 -0
package/dist/identity/delegate-set.d.ts.map +1 -0
package/dist/identity/delegate-set.js +85 -0
package/dist/identity/delegate-set.js.map +1 -0
package/dist/identity/did.d.ts +17 -0
package/dist/identity/did.d.ts.map +1 -0
package/dist/identity/did.js +60 -0
package/dist/identity/did.js.map +1 -0
package/dist/identity/index.d.ts +14 -0
package/dist/identity/index.d.ts.map +1 -0
package/dist/identity/index.js +8 -0
package/dist/identity/index.js.map +1 -0
package/dist/identity/provision.d.ts +13 -0
package/dist/identity/provision.d.ts.map +1 -0
package/dist/identity/provision.js +151 -0
package/dist/identity/provision.js.map +1 -0
package/dist/identity/provisioning-http-adapter.d.ts +81 -0
package/dist/identity/provisioning-http-adapter.d.ts.map +1 -0
package/dist/identity/provisioning-http-adapter.js +114 -0
package/dist/identity/provisioning-http-adapter.js.map +1 -0
package/dist/identity/recovery-http-adapter.d.ts +83 -0
package/dist/identity/recovery-http-adapter.d.ts.map +1 -0
package/dist/identity/recovery-http-adapter.js +139 -0
package/dist/identity/recovery-http-adapter.js.map +1 -0
package/dist/identity/wallet-new.d.ts +132 -0
package/dist/identity/wallet-new.d.ts.map +1 -0
package/dist/identity/wallet-new.js +94 -0
package/dist/identity/wallet-new.js.map +1 -0
package/dist/identity/wallet-recover.d.ts +116 -0
package/dist/identity/wallet-recover.d.ts.map +1 -0
package/dist/identity/wallet-recover.js +95 -0
package/dist/identity/wallet-recover.js.map +1 -0
package/dist/index.d.ts +12 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +11 -0
package/dist/index.js.map +1 -0
package/dist/kernel.d.ts +119 -0
package/dist/kernel.d.ts.map +1 -0
package/dist/kernel.js +144 -0
package/dist/kernel.js.map +1 -0
package/dist/ports/adapters/tenzro-identity-adapter.d.ts +44 -0
package/dist/ports/adapters/tenzro-identity-adapter.d.ts.map +1 -0
package/dist/ports/adapters/tenzro-identity-adapter.js +60 -0
package/dist/ports/adapters/tenzro-identity-adapter.js.map +1 -0
package/dist/ports/adapters/tenzro-sdk-adapter.d.ts +86 -0
package/dist/ports/adapters/tenzro-sdk-adapter.d.ts.map +1 -0
package/dist/ports/adapters/tenzro-sdk-adapter.js +100 -0
package/dist/ports/adapters/tenzro-sdk-adapter.js.map +1 -0
package/dist/ports/agent/acp.d.ts +66 -0
package/dist/ports/agent/acp.d.ts.map +1 -0
package/dist/ports/agent/acp.js +27 -0
package/dist/ports/agent/acp.js.map +1 -0
package/dist/ports/agent/adapters/acp-adapter.d.ts +67 -0
package/dist/ports/agent/adapters/acp-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/acp-adapter.js +70 -0
package/dist/ports/agent/adapters/acp-adapter.js.map +1 -0
package/dist/ports/agent/adapters/agent-bond-adapter.d.ts +31 -0
package/dist/ports/agent/adapters/agent-bond-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/agent-bond-adapter.js +82 -0
package/dist/ports/agent/adapters/agent-bond-adapter.js.map +1 -0
package/dist/ports/agent/adapters/agent-payment-adapter.d.ts +66 -0
package/dist/ports/agent/adapters/agent-payment-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/agent-payment-adapter.js +75 -0
package/dist/ports/agent/adapters/agent-payment-adapter.js.map +1 -0
package/dist/ports/agent/adapters/ap2-adapter.d.ts +28 -0
package/dist/ports/agent/adapters/ap2-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/ap2-adapter.js +97 -0
package/dist/ports/agent/adapters/ap2-adapter.js.map +1 -0
package/dist/ports/agent/adapters/auth-approval-adapter.d.ts +26 -0
package/dist/ports/agent/adapters/auth-approval-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/auth-approval-adapter.js +37 -0
package/dist/ports/agent/adapters/auth-approval-adapter.js.map +1 -0
package/dist/ports/agent/adapters/erc7802-adapter.d.ts +30 -0
package/dist/ports/agent/adapters/erc7802-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/erc7802-adapter.js +60 -0
package/dist/ports/agent/adapters/erc7802-adapter.js.map +1 -0
package/dist/ports/agent/adapters/erc8004-adapter.d.ts +54 -0
package/dist/ports/agent/adapters/erc8004-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/erc8004-adapter.js +53 -0
package/dist/ports/agent/adapters/erc8004-adapter.js.map +1 -0
package/dist/ports/agent/adapters/escrow-adapter.d.ts +33 -0
package/dist/ports/agent/adapters/escrow-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/escrow-adapter.js +109 -0
package/dist/ports/agent/adapters/escrow-adapter.js.map +1 -0
package/dist/ports/agent/adapters/fee-estimator-adapter.d.ts +31 -0
package/dist/ports/agent/adapters/fee-estimator-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/fee-estimator-adapter.js +103 -0
package/dist/ports/agent/adapters/fee-estimator-adapter.js.map +1 -0
package/dist/ports/agent/adapters/htlc-escrow-adapter.d.ts +68 -0
package/dist/ports/agent/adapters/htlc-escrow-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/htlc-escrow-adapter.js +131 -0
package/dist/ports/agent/adapters/htlc-escrow-adapter.js.map +1 -0
package/dist/ports/agent/adapters/insurance-adapter.d.ts +32 -0
package/dist/ports/agent/adapters/insurance-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/insurance-adapter.js +103 -0
package/dist/ports/agent/adapters/insurance-adapter.js.map +1 -0
package/dist/ports/agent/adapters/lifecycle-adapter.d.ts +26 -0
package/dist/ports/agent/adapters/lifecycle-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/lifecycle-adapter.js +136 -0
package/dist/ports/agent/adapters/lifecycle-adapter.js.map +1 -0
package/dist/ports/agent/adapters/nanopayment-adapter.d.ts +62 -0
package/dist/ports/agent/adapters/nanopayment-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/nanopayment-adapter.js +76 -0
package/dist/ports/agent/adapters/nanopayment-adapter.js.map +1 -0
package/dist/ports/agent/adapters/payment-rails-adapter.d.ts +67 -0
package/dist/ports/agent/adapters/payment-rails-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/payment-rails-adapter.js +108 -0
package/dist/ports/agent/adapters/payment-rails-adapter.js.map +1 -0
package/dist/ports/agent/adapters/principal-chain-adapter.d.ts +23 -0
package/dist/ports/agent/adapters/principal-chain-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/principal-chain-adapter.js +156 -0
package/dist/ports/agent/adapters/principal-chain-adapter.js.map +1 -0
package/dist/ports/agent/adapters/session-key-adapter.d.ts +45 -0
package/dist/ports/agent/adapters/session-key-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/session-key-adapter.js +80 -0
package/dist/ports/agent/adapters/session-key-adapter.js.map +1 -0
package/dist/ports/agent/adapters/tee-attestation-adapter.d.ts +32 -0
package/dist/ports/agent/adapters/tee-attestation-adapter.d.ts.map +1 -0
package/dist/ports/agent/adapters/tee-attestation-adapter.js +38 -0
package/dist/ports/agent/adapters/tee-attestation-adapter.js.map +1 -0
package/dist/ports/agent/agent-bond.d.ts +80 -0
package/dist/ports/agent/agent-bond.d.ts.map +1 -0
package/dist/ports/agent/agent-bond.js +23 -0
package/dist/ports/agent/agent-bond.js.map +1 -0
package/dist/ports/agent/agent-payment.d.ts +72 -0
package/dist/ports/agent/agent-payment.d.ts.map +1 -0
package/dist/ports/agent/agent-payment.js +17 -0
package/dist/ports/agent/agent-payment.js.map +1 -0
package/dist/ports/agent/ap2.d.ts +104 -0
package/dist/ports/agent/ap2.d.ts.map +1 -0
package/dist/ports/agent/ap2.js +22 -0
package/dist/ports/agent/ap2.js.map +1 -0
package/dist/ports/agent/auth-approval.d.ts +40 -0
package/dist/ports/agent/auth-approval.d.ts.map +1 -0
package/dist/ports/agent/auth-approval.js +23 -0
package/dist/ports/agent/auth-approval.js.map +1 -0
package/dist/ports/agent/erc7802.d.ts +94 -0
package/dist/ports/agent/erc7802.d.ts.map +1 -0
package/dist/ports/agent/erc7802.js +30 -0
package/dist/ports/agent/erc7802.js.map +1 -0
package/dist/ports/agent/erc8004.d.ts +57 -0
package/dist/ports/agent/erc8004.d.ts.map +1 -0
package/dist/ports/agent/erc8004.js +20 -0
package/dist/ports/agent/erc8004.js.map +1 -0
package/dist/ports/agent/escrow.d.ts +74 -0
package/dist/ports/agent/escrow.d.ts.map +1 -0
package/dist/ports/agent/escrow.js +18 -0
package/dist/ports/agent/escrow.js.map +1 -0
package/dist/ports/agent/fee-estimator.d.ts +71 -0
package/dist/ports/agent/fee-estimator.d.ts.map +1 -0
package/dist/ports/agent/fee-estimator.js +21 -0
package/dist/ports/agent/fee-estimator.js.map +1 -0
package/dist/ports/agent/htlc-escrow.d.ts +94 -0
package/dist/ports/agent/htlc-escrow.d.ts.map +1 -0
package/dist/ports/agent/htlc-escrow.js +25 -0
package/dist/ports/agent/htlc-escrow.js.map +1 -0
package/dist/ports/agent/index.d.ts +58 -0
package/dist/ports/agent/index.d.ts.map +1 -0
package/dist/ports/agent/index.js +24 -0
package/dist/ports/agent/index.js.map +1 -0
package/dist/ports/agent/insurance.d.ts +65 -0
package/dist/ports/agent/insurance.d.ts.map +1 -0
package/dist/ports/agent/insurance.js +18 -0
package/dist/ports/agent/insurance.js.map +1 -0
package/dist/ports/agent/lifecycle.d.ts +69 -0
package/dist/ports/agent/lifecycle.d.ts.map +1 -0
package/dist/ports/agent/lifecycle.js +17 -0
package/dist/ports/agent/lifecycle.js.map +1 -0
package/dist/ports/agent/nanopayment.d.ts +72 -0
package/dist/ports/agent/nanopayment.d.ts.map +1 -0
package/dist/ports/agent/nanopayment.js +16 -0
package/dist/ports/agent/nanopayment.js.map +1 -0
package/dist/ports/agent/payment-rails.d.ts +140 -0
package/dist/ports/agent/payment-rails.d.ts.map +1 -0
package/dist/ports/agent/payment-rails.js +25 -0
package/dist/ports/agent/payment-rails.js.map +1 -0
package/dist/ports/agent/principal-chain.d.ts +95 -0
package/dist/ports/agent/principal-chain.d.ts.map +1 -0
package/dist/ports/agent/principal-chain.js +16 -0
package/dist/ports/agent/principal-chain.js.map +1 -0
package/dist/ports/agent/session-key.d.ts +94 -0
package/dist/ports/agent/session-key.d.ts.map +1 -0
package/dist/ports/agent/session-key.js +31 -0
package/dist/ports/agent/session-key.js.map +1 -0
package/dist/ports/agent/tee-attestation.d.ts +51 -0
package/dist/ports/agent/tee-attestation.d.ts.map +1 -0
package/dist/ports/agent/tee-attestation.js +28 -0
package/dist/ports/agent/tee-attestation.js.map +1 -0
package/dist/ports/bridge/adapters/bridge-adapter-base.d.ts +47 -0
package/dist/ports/bridge/adapters/bridge-adapter-base.d.ts.map +1 -0
package/dist/ports/bridge/adapters/bridge-adapter-base.js +144 -0
package/dist/ports/bridge/adapters/bridge-adapter-base.js.map +1 -0
package/dist/ports/bridge/adapters/canton-bridge-adapter.d.ts +30 -0
package/dist/ports/bridge/adapters/canton-bridge-adapter.d.ts.map +1 -0
package/dist/ports/bridge/adapters/canton-bridge-adapter.js +31 -0
package/dist/ports/bridge/adapters/canton-bridge-adapter.js.map +1 -0
package/dist/ports/bridge/adapters/ccip-adapter.d.ts +30 -0
package/dist/ports/bridge/adapters/ccip-adapter.d.ts.map +1 -0
package/dist/ports/bridge/adapters/ccip-adapter.js +31 -0
package/dist/ports/bridge/adapters/ccip-adapter.js.map +1 -0
package/dist/ports/bridge/adapters/debridge-adapter.d.ts +27 -0
package/dist/ports/bridge/adapters/debridge-adapter.d.ts.map +1 -0
package/dist/ports/bridge/adapters/debridge-adapter.js +28 -0
package/dist/ports/bridge/adapters/debridge-adapter.js.map +1 -0
package/dist/ports/bridge/adapters/layerzero-adapter.d.ts +30 -0
package/dist/ports/bridge/adapters/layerzero-adapter.d.ts.map +1 -0
package/dist/ports/bridge/adapters/layerzero-adapter.js +31 -0
package/dist/ports/bridge/adapters/layerzero-adapter.js.map +1 -0
package/dist/ports/bridge/adapters/lifi-adapter.d.ts +48 -0
package/dist/ports/bridge/adapters/lifi-adapter.d.ts.map +1 -0
package/dist/ports/bridge/adapters/lifi-adapter.js +49 -0
package/dist/ports/bridge/adapters/lifi-adapter.js.map +1 -0
package/dist/ports/bridge/adapters/wormhole-adapter.d.ts +26 -0
package/dist/ports/bridge/adapters/wormhole-adapter.d.ts.map +1 -0
package/dist/ports/bridge/adapters/wormhole-adapter.js +27 -0
package/dist/ports/bridge/adapters/wormhole-adapter.js.map +1 -0
package/dist/ports/bridge/bridge.d.ts +123 -0
package/dist/ports/bridge/bridge.d.ts.map +1 -0
package/dist/ports/bridge/bridge.js +20 -0
package/dist/ports/bridge/bridge.js.map +1 -0
package/dist/ports/bridge/index.d.ts +13 -0
package/dist/ports/bridge/index.d.ts.map +1 -0
package/dist/ports/bridge/index.js +11 -0
package/dist/ports/bridge/index.js.map +1 -0
package/dist/ports/canton/adapters/ledger-api-adapter.d.ts +52 -0
package/dist/ports/canton/adapters/ledger-api-adapter.d.ts.map +1 -0
package/dist/ports/canton/adapters/ledger-api-adapter.js +232 -0
package/dist/ports/canton/adapters/ledger-api-adapter.js.map +1 -0
package/dist/ports/canton/canton-identity.d.ts +60 -0
package/dist/ports/canton/canton-identity.d.ts.map +1 -0
package/dist/ports/canton/canton-identity.js +28 -0
package/dist/ports/canton/canton-identity.js.map +1 -0
package/dist/ports/canton/canton-validator.d.ts +182 -0
package/dist/ports/canton/canton-validator.d.ts.map +1 -0
package/dist/ports/canton/canton-validator.js +39 -0
package/dist/ports/canton/canton-validator.js.map +1 -0
package/dist/ports/canton/fingerprint.d.ts +24 -0
package/dist/ports/canton/fingerprint.d.ts.map +1 -0
package/dist/ports/canton/fingerprint.js +31 -0
package/dist/ports/canton/fingerprint.js.map +1 -0
package/dist/ports/canton/hash.d.ts +37 -0
package/dist/ports/canton/hash.d.ts.map +1 -0
package/dist/ports/canton/hash.js +68 -0
package/dist/ports/canton/hash.js.map +1 -0
package/dist/ports/canton/http.d.ts +64 -0
package/dist/ports/canton/http.d.ts.map +1 -0
package/dist/ports/canton/http.js +177 -0
package/dist/ports/canton/http.js.map +1 -0
package/dist/ports/cross-vm.d.ts +79 -0
package/dist/ports/cross-vm.d.ts.map +1 -0
package/dist/ports/cross-vm.js +81 -0
package/dist/ports/cross-vm.js.map +1 -0
package/dist/ports/index.d.ts +18 -0
package/dist/ports/index.d.ts.map +1 -0
package/dist/ports/index.js +11 -0
package/dist/ports/index.js.map +1 -0
package/dist/ports/tenzro-identity.d.ts +29 -0
package/dist/ports/tenzro-identity.d.ts.map +1 -0
package/dist/ports/tenzro-identity.js +19 -0
package/dist/ports/tenzro-identity.js.map +1 -0
package/dist/ports/tenzro-rpc.d.ts +79 -0
package/dist/ports/tenzro-rpc.d.ts.map +1 -0
package/dist/ports/tenzro-rpc.js +21 -0
package/dist/ports/tenzro-rpc.js.map +1 -0
package/dist/router/index.d.ts +3 -0
package/dist/router/index.d.ts.map +1 -0
package/dist/router/index.js +2 -0
package/dist/router/index.js.map +1 -0
package/dist/router/route.d.ts +17 -0
package/dist/router/route.d.ts.map +1 -0
package/dist/router/route.js +78 -0
package/dist/router/route.js.map +1 -0
package/dist/settlement/nanopayment-flow.d.ts +48 -0
package/dist/settlement/nanopayment-flow.d.ts.map +1 -0
package/dist/settlement/nanopayment-flow.js +111 -0
package/dist/settlement/nanopayment-flow.js.map +1 -0
package/dist/surfaces/canton-external.d.ts +43 -0
package/dist/surfaces/canton-external.d.ts.map +1 -0
package/dist/surfaces/canton-external.js +252 -0
package/dist/surfaces/canton-external.js.map +1 -0
package/dist/surfaces/canton-internal.d.ts +34 -0
package/dist/surfaces/canton-internal.d.ts.map +1 -0
package/dist/surfaces/canton-internal.js +163 -0
package/dist/surfaces/canton-internal.js.map +1 -0
package/dist/surfaces/canton-onboarding.d.ts +64 -0
package/dist/surfaces/canton-onboarding.d.ts.map +1 -0
package/dist/surfaces/canton-onboarding.js +113 -0
package/dist/surfaces/canton-onboarding.js.map +1 -0
package/dist/surfaces/evm-on-tenzro.d.ts +29 -0
package/dist/surfaces/evm-on-tenzro.d.ts.map +1 -0
package/dist/surfaces/evm-on-tenzro.js +226 -0
package/dist/surfaces/evm-on-tenzro.js.map +1 -0
package/dist/surfaces/index.d.ts +13 -0
package/dist/surfaces/index.d.ts.map +1 -0
package/dist/surfaces/index.js +7 -0
package/dist/surfaces/index.js.map +1 -0
package/dist/surfaces/svm-on-tenzro.d.ts +24 -0
package/dist/surfaces/svm-on-tenzro.d.ts.map +1 -0
package/dist/surfaces/svm-on-tenzro.js +238 -0
package/dist/surfaces/svm-on-tenzro.js.map +1 -0
package/dist/surfaces/tenzro-native.d.ts +45 -0
package/dist/surfaces/tenzro-native.d.ts.map +1 -0
package/dist/surfaces/tenzro-native.js +299 -0
package/dist/surfaces/tenzro-native.js.map +1 -0
package/dist/surfaces/util.d.ts +18 -0
package/dist/surfaces/util.d.ts.map +1 -0
package/dist/surfaces/util.js +36 -0
package/dist/surfaces/util.js.map +1 -0
package/dist/types/asset.d.ts +43 -0
package/dist/types/asset.d.ts.map +1 -0
package/dist/types/asset.js +13 -0
package/dist/types/asset.js.map +1 -0
package/dist/types/consent.d.ts +46 -0
package/dist/types/consent.d.ts.map +1 -0
package/dist/types/consent.js +18 -0
package/dist/types/consent.js.map +1 -0
package/dist/types/identity.d.ts +115 -0
package/dist/types/identity.d.ts.map +1 -0
package/dist/types/identity.js +12 -0
package/dist/types/identity.js.map +1 -0
package/dist/types/index.d.ts +10 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +3 -0
package/dist/types/index.js.map +1 -0
package/dist/types/intent.d.ts +132 -0
package/dist/types/intent.d.ts.map +1 -0
package/dist/types/intent.js +8 -0
package/dist/types/intent.js.map +1 -0
package/dist/types/signing-driver.d.ts +48 -0
package/dist/types/signing-driver.d.ts.map +1 -0
package/dist/types/signing-driver.js +9 -0
package/dist/types/signing-driver.js.map +1 -0
package/dist/types/surface-module.d.ts +38 -0
package/dist/types/surface-module.d.ts.map +1 -0
package/dist/types/surface-module.js +19 -0
package/dist/types/surface-module.js.map +1 -0
package/dist/types/surface.d.ts +17 -0
package/dist/types/surface.d.ts.map +1 -0
package/dist/types/surface.js +28 -0
package/dist/types/surface.js.map +1 -0
package/package.json +84 -0

package/dist/identity/wallet-new.js ADDED Viewed

@@ -0,0 +1,94 @@
+/**
+ * `walletNew()` — passkey-quorum provisioning flow per DESIGN.md §4.3.2.
+ *
+ * Replaces M1's deterministic `provisionIdentity()` (which mocks shares
+ * locally) with the M5 network-governed ceremony. The kernel orchestrates;
+ * Tenzro's `/wallet/new/*` endpoints + the host's WebAuthn glue do the
+ * heavy lifting.
+ *
+ * Steps mapped to DESIGN.md §4.3.2:
+ *
+ *   1. Host opens an onboarding page; the kernel is invoked from that page.
+ *   2. Host runs `navigator.credentials.create` via `PasskeyEnroller`,
+ *      yielding a fresh passkey credential bound to the Tenzro relying-party.
+ *   3. Kernel calls `ProvisioningPort.start({credentialId, attestation, kind})`.
+ *      The node-TEE runs DKG, returns the new DID + per-surface public keys
+ *      + the wrapped device share + AEAD metadata.
+ *   4. Kernel hands the wrapped share to `ShareStore.put(...)` so the host
+ *      can persist it under the platform's secure storage (IndexedDB, OS
+ *      keychain, largeBlob, …). The unwrap key never enters JS memory.
+ *   5. Kernel calls `ProvisioningPort.confirm({did, sessionId})` so the
+ *      node-TEE finalises the topology record (DID Document, threshold,
+ *      verificationMethods).
+ *   6. Kernel returns the resulting `TdipIdentity` and the credential id
+ *      bound to the device share, so subsequent signing flows can pass
+ *      it into `PasskeyShareUnwrapper`.
+ *
+ * Errors abort cleanly: if `confirm` fails, the kernel calls
+ * `ProvisioningPort.cancel(sessionId)` so the node drops the half-built
+ * record and the wrapped share, and re-throws the original error. The
+ * host is responsible for surfacing the failure to the user.
+ *
+ * Browser-clean: no Node-specific globals.
+ */
+export async function walletNew(opts) {
+    const kind = opts.kind ?? 'human';
+    const start = await opts.provisioning.start({ kind });
+    let enrolment;
+    try {
+        enrolment = await opts.enroller.enroll({
+            challenge: start.challenge,
+            userId: start.userHandle,
+            userDisplayName: start.userDisplayName,
+        });
+    }
+    catch (err) {
+        // User cancelled the passkey UI, or the authenticator failed.
+        await safeCancel(opts.provisioning, start.sessionId);
+        throw err;
+    }
+    let finalised;
+    try {
+        finalised = await opts.provisioning.finalize({
+            sessionId: start.sessionId,
+            enrolment,
+        });
+    }
+    catch (err) {
+        await safeCancel(opts.provisioning, start.sessionId);
+        throw err;
+    }
+    if (opts.shareStore) {
+        try {
+            await opts.shareStore.put({
+                did: finalised.identity.did,
+                share: finalised.wrappedShare,
+            });
+        }
+        catch (err) {
+            await safeCancel(opts.provisioning, start.sessionId);
+            throw err;
+        }
+    }
+    try {
+        await opts.provisioning.confirm({ sessionId: start.sessionId });
+    }
+    catch (err) {
+        await safeCancel(opts.provisioning, start.sessionId);
+        throw err;
+    }
+    return {
+        identity: finalised.identity,
+        threshold: finalised.threshold,
+        credentialId: finalised.wrappedShare.credentialId,
+    };
+}
+async function safeCancel(p, sessionId) {
+    try {
+        await p.cancel({ sessionId });
+    }
+    catch {
+        // Best-effort; the node's own session-TTL will clean up.
+    }
+}
+//# sourceMappingURL=wallet-new.js.map

package/dist/identity/wallet-new.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wallet-new.js","sourceRoot":"","sources":["../../src/identity/wallet-new.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAwGH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAAsB;IACpD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC;IAClC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;IAEtD,IAAI,SAA2B,CAAC;IAChC,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACrC,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,UAAU;YACxB,eAAe,EAAE,KAAK,CAAC,eAAe;SACvC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,8DAA8D;QAC9D,MAAM,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,IAAI,SAA4D,CAAC;IACjE,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC;YAC3C,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBACxB,GAAG,EAAE,SAAS,CAAC,QAAQ,CAAC,GAAG;gBAC3B,KAAK,EAAE,SAAS,CAAC,YAAY;aAC9B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;YACrD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;IAClE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,SAAS,CAAC,QAAQ;QAC5B,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,YAAY,EAAE,SAAS,CAAC,YAAY,CAAC,YAAY;KAClD,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,CAAmB,EAAE,SAAiB;IAC9D,IAAI,CAAC;QACH,MAAM,CAAC,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,yDAAyD;IAC3D,CAAC;AACH,CAAC"}

package/dist/identity/wallet-recover.d.ts ADDED Viewed

@@ -0,0 +1,116 @@
+/**
+ * `walletRecover()` — passkey-quorum recovery flow per DESIGN.md §4.3.5.
+ *
+ * Two recovery paths covered by the same orchestrator (the node decides
+ * which proof to accept based on what the user pre-registered at
+ * provisioning time):
+ *
+ *   - **Device lost, TEE survives** (single-device or `2-of-2` testnet
+ *     case): user opens `/wallet/recover` on a new device, runs a
+ *     passkey ceremony, and submits a recovery proof (verified email
+ *     OTP, social-recovery delegate signatures per
+ *     `delegate-set.ts`, or pre-registered Tenzro-id KYC re-assertion).
+ *     The TEE re-randomises the device leg and deals a fresh share to
+ *     the new device. Same DID, rotated public keys + new credentialId.
+ *
+ *   - **Compromise suspected**: same flow, optionally `forceRotate`
+ *     forces both shares to re-randomise.
+ *
+ * The kernel orchestrates; Tenzro's `/wallet/recover/*` endpoints + the
+ * host's WebAuthn enroller do the cryptographic work. We mirror
+ * `wallet-new.ts` shape on purpose — the only differences are:
+ *
+ *   - `start` takes the existing `did` plus a recovery-proof envelope;
+ *   - `finalize` may rotate per-surface public keys, so the result
+ *     yields the *new* `TdipIdentity`;
+ *   - the new `credentialId` is the freshly-enrolled passkey, not the
+ *     lost device's.
+ *
+ * Errors abort cleanly via `cancel(sessionId)`, same as `walletNew`.
+ *
+ * Browser-clean: no Node-specific globals.
+ */
+import type { TdipDid, TdipIdentity } from '../types/identity.js';
+import type { DeviceShareStore, PasskeyEnroller, PasskeyEnrolment, WalletThresholdRecord, WrappedDeviceShare } from './wallet-new.js';
+/**
+ * Recovery proof envelope. The kernel does not interpret these; the
+ * node verifies them against what the user pre-registered at
+ * provisioning. The discriminator is forwarded verbatim.
+ *
+ * Three kinds the M5 design covers:
+ *   - `email-otp` — node-issued OTP delivered out-of-band.
+ *   - `social` — k of n delegate signatures over a recovery message.
+ *   - `tenzro-id-kyc` — fresh KYC re-assertion (vendor proof of liveness).
+ */
+export type RecoveryProof = {
+    readonly kind: 'email-otp';
+    readonly otp: string;
+} | {
+    readonly kind: 'social';
+    /** Pre-validated against `delegate-set.ts` shape upstream. */
+    readonly delegateSignatures: ReadonlyArray<{
+        readonly delegateDid: TdipDid;
+        readonly signature: Uint8Array;
+    }>;
+} | {
+    readonly kind: 'tenzro-id-kyc';
+    /** Vendor-specific proof token (Persona, Sumsub, etc). */
+    readonly proofToken: string;
+};
+export interface RecoveryStartReply {
+    readonly sessionId: string;
+    readonly challenge: Uint8Array;
+    readonly userHandle: Uint8Array;
+    readonly userDisplayName: string;
+}
+/**
+ * Server transport for `/wallet/recover/*`. Tenzro implements; kernel
+ * consumes.
+ *
+ *   POST /wallet/recover/start    → { session_id, challenge_b64,
+ *                                     user_handle_b64, user_display_name }
+ *   POST /wallet/recover/finalize → { identity, threshold, wrapped_share }
+ *   POST /wallet/recover/confirm  → 204
+ *   POST /wallet/recover/cancel   → 204  (idempotent)
+ */
+export interface RecoveryPort {
+    start(req: {
+        readonly did: TdipDid;
+        readonly proof: RecoveryProof;
+        /**
+         * Optional: also rotate the TEE-side share. Default `false` —
+         * device-lost-TEE-survives only re-randomises the device leg.
+         * `true` is for compromise-suspected: both legs rotate.
+         */
+        readonly forceRotate?: boolean;
+    }): Promise<RecoveryStartReply>;
+    finalize(req: {
+        readonly sessionId: string;
+        readonly enrolment: PasskeyEnrolment;
+    }): Promise<{
+        readonly identity: TdipIdentity;
+        readonly threshold: WalletThresholdRecord;
+        readonly wrappedShare: WrappedDeviceShare;
+    }>;
+    confirm(req: {
+        readonly sessionId: string;
+    }): Promise<void>;
+    cancel(req: {
+        readonly sessionId: string;
+    }): Promise<void>;
+}
+export interface WalletRecoverOptions {
+    readonly did: TdipDid;
+    readonly proof: RecoveryProof;
+    readonly forceRotate?: boolean;
+    readonly enroller: PasskeyEnroller;
+    readonly recovery: RecoveryPort;
+    readonly shareStore?: DeviceShareStore;
+}
+export interface WalletRecoverResult {
+    readonly identity: TdipIdentity;
+    readonly threshold: WalletThresholdRecord;
+    readonly credentialId: string;
+}
+export declare function walletRecover(opts: WalletRecoverOptions): Promise<WalletRecoverResult>;
+//# sourceMappingURL=wallet-recover.d.ts.map

package/dist/identity/wallet-recover.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wallet-recover.d.ts","sourceRoot":"","sources":["../../src/identity/wallet-recover.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACrB,kBAAkB,EACnB,MAAM,iBAAiB,CAAC;AAEzB;;;;;;;;;GASG;AACH,MAAM,MAAM,aAAa,GACrB;IACE,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;IAC3B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB,GACD;IACE,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,8DAA8D;IAC9D,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC;QACzC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;QAC9B,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;KAChC,CAAC,CAAC;CACJ,GACD;IACE,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IAC/B,0DAA0D;IAC1D,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B,CAAC;AAEN,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;IAC/B,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;CAClC;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,YAAY;IAC3B,KAAK,CAAC,GAAG,EAAE;QACT,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;QACtB,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC;QAC9B;;;;WAIG;QACH,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;KAChC,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAEhC,QAAQ,CAAC,GAAG,EAAE;QACZ,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAC;KACtC,GAAG,OAAO,CAAC;QACV,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;QAChC,QAAQ,CAAC,SAAS,EAAE,qBAAqB,CAAC;QAC1C,QAAQ,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC3C,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5D,MAAM,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5D;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC;IAC9B,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,UAAU,CAAC,EAAE,gBAAgB,CAAC;CACxC;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,qBAAqB,CAAC;IAC1C,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;CAC/B;AAED,wBAAsB,aAAa,CAAC,IAAI,EAAE,oBAAoB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAsD5F"}

package/dist/identity/wallet-recover.js ADDED Viewed

@@ -0,0 +1,95 @@
+/**
+ * `walletRecover()` — passkey-quorum recovery flow per DESIGN.md §4.3.5.
+ *
+ * Two recovery paths covered by the same orchestrator (the node decides
+ * which proof to accept based on what the user pre-registered at
+ * provisioning time):
+ *
+ *   - **Device lost, TEE survives** (single-device or `2-of-2` testnet
+ *     case): user opens `/wallet/recover` on a new device, runs a
+ *     passkey ceremony, and submits a recovery proof (verified email
+ *     OTP, social-recovery delegate signatures per
+ *     `delegate-set.ts`, or pre-registered Tenzro-id KYC re-assertion).
+ *     The TEE re-randomises the device leg and deals a fresh share to
+ *     the new device. Same DID, rotated public keys + new credentialId.
+ *
+ *   - **Compromise suspected**: same flow, optionally `forceRotate`
+ *     forces both shares to re-randomise.
+ *
+ * The kernel orchestrates; Tenzro's `/wallet/recover/*` endpoints + the
+ * host's WebAuthn enroller do the cryptographic work. We mirror
+ * `wallet-new.ts` shape on purpose — the only differences are:
+ *
+ *   - `start` takes the existing `did` plus a recovery-proof envelope;
+ *   - `finalize` may rotate per-surface public keys, so the result
+ *     yields the *new* `TdipIdentity`;
+ *   - the new `credentialId` is the freshly-enrolled passkey, not the
+ *     lost device's.
+ *
+ * Errors abort cleanly via `cancel(sessionId)`, same as `walletNew`.
+ *
+ * Browser-clean: no Node-specific globals.
+ */
+export async function walletRecover(opts) {
+    const start = await opts.recovery.start({
+        did: opts.did,
+        proof: opts.proof,
+        ...(opts.forceRotate !== undefined ? { forceRotate: opts.forceRotate } : {}),
+    });
+    let enrolment;
+    try {
+        enrolment = await opts.enroller.enroll({
+            challenge: start.challenge,
+            userId: start.userHandle,
+            userDisplayName: start.userDisplayName,
+        });
+    }
+    catch (err) {
+        await safeCancel(opts.recovery, start.sessionId);
+        throw err;
+    }
+    let finalised;
+    try {
+        finalised = await opts.recovery.finalize({
+            sessionId: start.sessionId,
+            enrolment,
+        });
+    }
+    catch (err) {
+        await safeCancel(opts.recovery, start.sessionId);
+        throw err;
+    }
+    if (opts.shareStore) {
+        try {
+            await opts.shareStore.put({
+                did: finalised.identity.did,
+                share: finalised.wrappedShare,
+            });
+        }
+        catch (err) {
+            await safeCancel(opts.recovery, start.sessionId);
+            throw err;
+        }
+    }
+    try {
+        await opts.recovery.confirm({ sessionId: start.sessionId });
+    }
+    catch (err) {
+        await safeCancel(opts.recovery, start.sessionId);
+        throw err;
+    }
+    return {
+        identity: finalised.identity,
+        threshold: finalised.threshold,
+        credentialId: finalised.wrappedShare.credentialId,
+    };
+}
+async function safeCancel(p, sessionId) {
+    try {
+        await p.cancel({ sessionId });
+    }
+    catch {
+        // Best-effort; node's session-TTL cleans up.
+    }
+}
+//# sourceMappingURL=wallet-recover.js.map

package/dist/identity/wallet-recover.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wallet-recover.js","sourceRoot":"","sources":["../../src/identity/wallet-recover.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAiGH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAA0B;IAC5D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QACtC,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,GAAG,CAAC,IAAI,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7E,CAAC,CAAC;IAEH,IAAI,SAA2B,CAAC;IAChC,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACrC,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,UAAU;YACxB,eAAe,EAAE,KAAK,CAAC,eAAe;SACvC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,IAAI,SAAwD,CAAC;IAC7D,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACvC,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBACxB,GAAG,EAAE,SAAS,CAAC,QAAQ,CAAC,GAAG;gBAC3B,KAAK,EAAE,SAAS,CAAC,YAAY;aAC9B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;YACjD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;IAC9D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,SAAS,CAAC,QAAQ;QAC5B,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,YAAY,EAAE,SAAS,CAAC,YAAY,CAAC,YAAY;KAClD,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,CAAe,EAAE,SAAiB;IAC1D,IAAI,CAAC;QACH,MAAM,CAAC,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,6CAA6C;IAC/C,CAAC;AACH,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+export { WalletKernel } from './kernel.js';
+export type { WalletKernelOptions, AgentPortsBundle } from './kernel.js';
+export * from './types/index.js';
+export * from './identity/index.js';
+export * from './custody/index.js';
+export * from './consent/index.js';
+export * from './balance/index.js';
+export * from './router/index.js';
+export * from './surfaces/index.js';
+export * from './ports/index.js';
+export * from './dapp/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,YAAY,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEzE,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,11 @@
+export { WalletKernel } from "./kernel.js";
+export * from "./types/index.js";
+export * from "./identity/index.js";
+export * from "./custody/index.js";
+export * from "./consent/index.js";
+export * from "./balance/index.js";
+export * from "./router/index.js";
+export * from "./surfaces/index.js";
+export * from "./ports/index.js";
+export * from "./dapp/index.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC"}

package/dist/kernel.d.ts ADDED Viewed

@@ -0,0 +1,119 @@
+/**
+ * WalletKernel — the facade. Wires identity, custody, surfaces, router, and
+ * consent. UI/SDK consumers only ever touch this class.
+ */
+import { type BalanceProvider } from './balance/index.js';
+import type { AcpPort, AgentPaymentPort, Ap2Port, AuthApprovalPort, Erc7802Port, Erc8004Port, EscrowPort, HtlcEscrowPort, NanopaymentPort, PaymentRailsPort, SessionKeyPort, TeeAttestationPort } from './ports/agent/index.js';
+import type { BridgeAdapterId, BridgeRoutePort } from './ports/bridge/index.js';
+import type { UnifiedBalance } from './types/asset.js';
+import type { Consent, SpendingPolicy } from './types/consent.js';
+import type { SurfaceKey, TdipDid, TdipIdentity } from './types/identity.js';
+import { type Intent, type MemoSpec, type PreparedTx, type SignedTx, type TxHandle, type TxStatus } from './types/intent.js';
+import type { SurfaceModule } from './types/surface-module.js';
+import type { SurfaceName } from './types/surface.js';
+/**
+ * Optional bundle of agent-payment ports. None of these are surfaces in the
+ * lifecycle sense (no prepare→sign→submit→watch); they're verification +
+ * policy + session-management facades over Tenzro's RPC layer. ERC-8004
+ * specifically returns calldata that surfaces (typically `evm-on-tenzro`)
+ * sign and broadcast.
+ *
+ * Each field is independently optional so kernels can be assembled with
+ * just AP2 (for verification gating), just ERC-8004 (for agent-identity
+ * setup flows), etc.
+ */
+export interface AgentPortsBundle {
+    readonly ap2?: Ap2Port;
+    readonly erc8004?: Erc8004Port;
+    readonly agentPayment?: AgentPaymentPort;
+    readonly nanopayment?: NanopaymentPort;
+    /** Human-in-the-loop pending-approvals queue (auth engine). */
+    readonly authApproval?: AuthApprovalPort;
+    /** TEE attestation verification for the node's hybrid-signing co-signer. */
+    readonly teeAttestation?: TeeAttestationPort;
+    /** Scoped delegations (substrate for AP2 / Mastercard / x402 caps). */
+    readonly sessionKey?: SessionKeyPort;
+    /** Native escrow primitive (CreateEscrow/Release/Refund). */
+    readonly escrow?: EscrowPort;
+    /** Payment rails (MPP / x402 / AP2 / Visa TAP / Mastercard) settlement. */
+    readonly paymentRails?: PaymentRailsPort;
+    /** OpenAI ACP (Agentic Commerce Protocol) buyer-side. SDK adapter pending. */
+    readonly acp?: AcpPort;
+    /** HTLC cross-chain escrow (v2 — DESIGN.md §11.7). SDK adapter pending. */
+    readonly htlcEscrow?: HtlcEscrowPort;
+    /** ERC-7802 SuperchainERC20 cross-chain mint/burn calldata encoder. */
+    readonly erc7802?: Erc7802Port;
+}
+export interface WalletKernelOptions {
+    readonly identity: TdipIdentity;
+    readonly surfaces: ReadonlyMap<SurfaceName, SurfaceModule>;
+    readonly balanceProviders?: readonly BalanceProvider[];
+    /** Identity-level delegation scope, set by the user. */
+    readonly delegationScope?: SpendingPolicy;
+    /** Per-session policy, set when a session is opened. */
+    readonly sessionPolicy?: SpendingPolicy;
+    /** Optional agent-payment ports (AP2, ERC-8004, agent-payment, nano).
+     *  When omitted, `kernel.agent.<port>` accessors throw. */
+    readonly agentPorts?: AgentPortsBundle;
+    /** Optional bridge router adapters (LI.FI / CCIP / LayerZero), keyed by
+     *  `adapterId`. Consumers query each for a quote and pick the winner;
+     *  the kernel never picks for them. Empty by default; M8 work. */
+    readonly bridgeAdapters?: ReadonlyArray<BridgeRoutePort>;
+}
+export declare class WalletKernel {
+    #private;
+    readonly identity: TdipIdentity;
+    constructor(opts: WalletKernelOptions);
+    /**
+     * Bridge router accessors. Consumers fan out across all registered
+     * adapters for `quote()` (cheapest/fastest pick is theirs to make),
+     * then call `build()`/`track()` on the chosen adapter.
+     */
+    readonly bridge: {
+        /** All registered adapters, in registration order. */
+        readonly adapters: () => readonly BridgeRoutePort[];
+        /** Look up a single adapter by `adapterId`. */
+        readonly get: (id: BridgeAdapterId) => BridgeRoutePort | undefined;
+    };
+    /**
+     * Agent-payment ports — AP2 (mandate verification + session lifecycle),
+     * ERC-8004 (agent registry calldata), agent-payment (spending policy +
+     * payForService), nanopayment (per-token streaming channels). Each
+     * accessor throws if the port wasn't configured at construction time.
+     */
+    readonly agent: {
+        readonly ap2: () => Ap2Port;
+        readonly erc8004: () => Erc8004Port;
+        readonly agentPayment: () => AgentPaymentPort;
+        readonly nanopayment: () => NanopaymentPort;
+        readonly authApproval: () => AuthApprovalPort;
+        readonly teeAttestation: () => TeeAttestationPort;
+        readonly sessionKey: () => SessionKeyPort;
+        readonly escrow: () => EscrowPort;
+        readonly paymentRails: () => PaymentRailsPort;
+        readonly acp: () => AcpPort;
+        readonly htlcEscrow: () => HtlcEscrowPort;
+        readonly erc7802: () => Erc7802Port;
+    };
+    /** Resolve a surface key for a DID — the `keyResolver` surface modules call. */
+    resolveKey(did: TdipDid, surface: SurfaceName): SurfaceKey | undefined;
+    /** Aggregate balances across all registered providers. */
+    balances(): Promise<readonly UnifiedBalance[]>;
+    /**
+     * What memo / destination-tag shape does this intent need? Used by UIs to
+     * render the right input field with the right validation. Surfaces that
+     * never accept memos return `MEMO_SPEC_NONE`; surfaces that conditionally
+     * require them (e.g. Canton transfers to certain exchange parties) return
+     * a per-intent spec.
+     */
+    memoSpec(intent: Intent): MemoSpec;
+    /** First step: produce a Preview the user can confirm. */
+    prepare(intent: Intent): Promise<PreparedTx>;
+    /** Second step: enforce policy, then sign. */
+    sign(prepared: PreparedTx, consent: Consent): Promise<SignedTx>;
+    /** Third step: submit. */
+    submit(signed: SignedTx): Promise<TxHandle>;
+    /** Fourth step: watch finality. */
+    watch(handle: TxHandle): AsyncIterable<TxStatus>;
+}
+//# sourceMappingURL=kernel.d.ts.map

package/dist/kernel.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"kernel.d.ts","sourceRoot":"","sources":["../src/kernel.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,KAAK,eAAe,EAAqB,MAAM,oBAAoB,CAAC;AAE7E,OAAO,KAAK,EACV,OAAO,EACP,gBAAgB,EAChB,OAAO,EACP,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,UAAU,EACV,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EACnB,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAEhF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAC7E,OAAO,EACL,KAAK,MAAM,EAEX,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,QAAQ,EACb,KAAK,QAAQ,EACd,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEtD;;;;;;;;;;GAUG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,OAAO,CAAC,EAAE,WAAW,CAAC;IAC/B,QAAQ,CAAC,YAAY,CAAC,EAAE,gBAAgB,CAAC;IACzC,QAAQ,CAAC,WAAW,CAAC,EAAE,eAAe,CAAC;IACvC,+DAA+D;IAC/D,QAAQ,CAAC,YAAY,CAAC,EAAE,gBAAgB,CAAC;IACzC,4EAA4E;IAC5E,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC;IAC7C,uEAAuE;IACvE,QAAQ,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC;IACrC,6DAA6D;IAC7D,QAAQ,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC;IAC7B,2EAA2E;IAC3E,QAAQ,CAAC,YAAY,CAAC,EAAE,gBAAgB,CAAC;IACzC,8EAA8E;IAC9E,QAAQ,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC;IACvB,2EAA2E;IAC3E,QAAQ,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC;IACrC,uEAAuE;IACvE,QAAQ,CAAC,OAAO,CAAC,EAAE,WAAW,CAAC;CAChC;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAC3D,QAAQ,CAAC,gBAAgB,CAAC,EAAE,SAAS,eAAe,EAAE,CAAC;IACvD,wDAAwD;IACxD,QAAQ,CAAC,eAAe,CAAC,EAAE,cAAc,CAAC;IAC1C,wDAAwD;IACxD,QAAQ,CAAC,aAAa,CAAC,EAAE,cAAc,CAAC;IACxC;+DAC2D;IAC3D,QAAQ,CAAC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IACvC;;sEAEkE;IAClE,QAAQ,CAAC,cAAc,CAAC,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;CAC1D;AAED,qBAAa,YAAY;;IACvB,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;gBASpB,IAAI,EAAE,mBAAmB;IAUrC;;;;OAIG;IACH,QAAQ,CAAC,MAAM;QACb,sDAAsD;iCACxC,SAAS,eAAe,EAAE;QACxC,+CAA+C;2BACrC,eAAe,KAAG,eAAe,GAAG,SAAS;MAC9C;IAEX;;;;;OAKG;IACH,QAAQ,CAAC,KAAK;4BACH,OAAO;gCACH,WAAW;qCACN,gBAAgB;oCACjB,eAAe;qCACd,gBAAgB;uCACd,kBAAkB;mCACtB,cAAc;+BAClB,UAAU;qCACJ,gBAAgB;4BACzB,OAAO;mCACA,cAAc;gCACjB,WAAW;MACf;IAYX,gFAAgF;IAChF,UAAU,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,GAAG,UAAU,GAAG,SAAS;IAKtE,0DAA0D;IACpD,QAAQ,IAAI,OAAO,CAAC,SAAS,cAAc,EAAE,CAAC;IAIpD;;;;;;OAMG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,QAAQ;IAMlC,0DAA0D;IACpD,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAoBlD,8CAA8C;IACxC,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAmBrE,0BAA0B;IACpB,MAAM,CAAC,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IASjD,mCAAmC;IACnC,KAAK,CAAC,MAAM,EAAE,QAAQ,GAAG,aAAa,CAAC,QAAQ,CAAC;CAWjD"}

package/dist/kernel.js ADDED Viewed

@@ -0,0 +1,144 @@
+/**
+ * WalletKernel — the facade. Wires identity, custody, surfaces, router, and
+ * consent. UI/SDK consumers only ever touch this class.
+ */
+import { aggregateBalances } from "./balance/index.js";
+import { enforcePolicy } from "./consent/index.js";
+import { selectRoute } from "./router/index.js";
+import { MEMO_SPEC_NONE, } from "./types/intent.js";
+export class WalletKernel {
+    identity;
+    #surfaces;
+    #balanceProviders;
+    #delegationScope;
+    #sessionPolicy;
+    #agentPorts;
+    #bridgeAdapters;
+    #spentToday = 0n;
+    constructor(opts) {
+        this.identity = opts.identity;
+        this.#surfaces = opts.surfaces;
+        this.#balanceProviders = opts.balanceProviders ?? [];
+        this.#delegationScope = opts.delegationScope;
+        this.#sessionPolicy = opts.sessionPolicy;
+        this.#agentPorts = opts.agentPorts ?? {};
+        this.#bridgeAdapters = new Map((opts.bridgeAdapters ?? []).map((a) => [a.adapterId, a]));
+    }
+    /**
+     * Bridge router accessors. Consumers fan out across all registered
+     * adapters for `quote()` (cheapest/fastest pick is theirs to make),
+     * then call `build()`/`track()` on the chosen adapter.
+     */
+    bridge = {
+        /** All registered adapters, in registration order. */
+        adapters: () => Array.from(this.#bridgeAdapters.values()),
+        /** Look up a single adapter by `adapterId`. */
+        get: (id) => this.#bridgeAdapters.get(id),
+    };
+    /**
+     * Agent-payment ports — AP2 (mandate verification + session lifecycle),
+     * ERC-8004 (agent registry calldata), agent-payment (spending policy +
+     * payForService), nanopayment (per-token streaming channels). Each
+     * accessor throws if the port wasn't configured at construction time.
+     */
+    agent = {
+        ap2: () => this.#requireAgent('ap2'),
+        erc8004: () => this.#requireAgent('erc8004'),
+        agentPayment: () => this.#requireAgent('agentPayment'),
+        nanopayment: () => this.#requireAgent('nanopayment'),
+        authApproval: () => this.#requireAgent('authApproval'),
+        teeAttestation: () => this.#requireAgent('teeAttestation'),
+        sessionKey: () => this.#requireAgent('sessionKey'),
+        escrow: () => this.#requireAgent('escrow'),
+        paymentRails: () => this.#requireAgent('paymentRails'),
+        acp: () => this.#requireAgent('acp'),
+        htlcEscrow: () => this.#requireAgent('htlcEscrow'),
+        erc7802: () => this.#requireAgent('erc7802'),
+    };
+    #requireAgent(key) {
+        const port = this.#agentPorts[key];
+        if (!port) {
+            throw new Error(`agent port "${key}" not configured — pass it via WalletKernelOptions.agentPorts`);
+        }
+        return port;
+    }
+    /** Resolve a surface key for a DID — the `keyResolver` surface modules call. */
+    resolveKey(did, surface) {
+        if (did !== this.identity.did)
+            return undefined;
+        return this.identity.keys.get(surface);
+    }
+    /** Aggregate balances across all registered providers. */
+    async balances() {
+        return aggregateBalances(this.#balanceProviders);
+    }
+    /**
+     * What memo / destination-tag shape does this intent need? Used by UIs to
+     * render the right input field with the right validation. Surfaces that
+     * never accept memos return `MEMO_SPEC_NONE`; surfaces that conditionally
+     * require them (e.g. Canton transfers to certain exchange parties) return
+     * a per-intent spec.
+     */
+    memoSpec(intent) {
+        const sel = selectRoute(intent);
+        const surface = this.#surfaceFor(sel.fromSurface);
+        return surface.memoSpec?.(intent) ?? MEMO_SPEC_NONE;
+    }
+    /** First step: produce a Preview the user can confirm. */
+    async prepare(intent) {
+        const sel = selectRoute(intent);
+        const surface = this.#surfaceFor(sel.fromSurface);
+        if (sel.route.kind === 'cross-vm-pointer') {
+            if (!surface.preparePointer) {
+                throw new Error(`surface ${surface.name} cannot source cross-VM pointer ops`);
+            }
+            if (intent.kind !== 'send') {
+                throw new Error(`pointer ops only support send intents`);
+            }
+            return surface.preparePointer(intent, {
+                fromSurface: sel.route.fromSurface,
+                toSurface: sel.route.toSurface,
+                owner: intent.from,
+                amount: intent.amount,
+            });
+        }
+        return surface.prepare(intent);
+    }
+    /** Second step: enforce policy, then sign. */
+    async sign(prepared, consent) {
+        const ctx = {
+            ...(this.#delegationScope ? { delegationScope: this.#delegationScope } : {}),
+            ...(this.#sessionPolicy ? { sessionPolicy: this.#sessionPolicy } : {}),
+            spentSoFarToday: this.#spentToday,
+        };
+        enforcePolicy(prepared.intent, consent, ctx);
+        const surface = this.#surfaceFor(prepared.route.kind === 'native'
+            ? prepared.route.surface
+            : prepared.route.fromSurface);
+        const signed = await surface.sign(prepared, consent);
+        if (prepared.intent.kind === 'send') {
+            this.#spentToday += prepared.intent.amount;
+        }
+        return signed;
+    }
+    /** Third step: submit. */
+    async submit(signed) {
+        const surfaceName = signed.prepared.route.kind === 'native'
+            ? signed.prepared.route.surface
+            : signed.prepared.route.fromSurface;
+        const surface = this.#surfaceFor(surfaceName);
+        return surface.submit(signed);
+    }
+    /** Fourth step: watch finality. */
+    watch(handle) {
+        return this.#surfaceFor(handle.surface).watch(handle);
+    }
+    // --- internals ---
+    #surfaceFor(name) {
+        const s = this.#surfaces.get(name);
+        if (!s)
+            throw new Error(`no surface registered for: ${name}`);
+        return s;
+    }
+}
+//# sourceMappingURL=kernel.js.map

package/dist/kernel.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"kernel.js","sourceRoot":"","sources":["../src/kernel.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAwB,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EAAsB,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAgBvE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAIhD,OAAO,EAEL,cAAc,GAMf,MAAM,mBAAmB,CAAC;AAuD3B,MAAM,OAAO,YAAY;IACd,QAAQ,CAAe;IACvB,SAAS,CAA0C;IACnD,iBAAiB,CAA6B;IAC9C,gBAAgB,CAA6B;IAC7C,cAAc,CAA6B;IAC3C,WAAW,CAAmB;IAC9B,eAAe,CAAgD;IACxE,WAAW,GAAG,EAAE,CAAC;IAEjB,YAAY,IAAyB;QACnC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC;QACrD,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,eAAe,CAAC;QAC7C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC;QACzC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;QACzC,IAAI,CAAC,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3F,CAAC;IAED;;;;OAIG;IACM,MAAM,GAAG;QAChB,sDAAsD;QACtD,QAAQ,EAAE,GAA+B,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC;QACrF,+CAA+C;QAC/C,GAAG,EAAE,CAAC,EAAmB,EAA+B,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;KAC/E,CAAC;IAEX;;;;;OAKG;IACM,KAAK,GAAG;QACf,GAAG,EAAE,GAAY,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;QAC7C,OAAO,EAAE,GAAgB,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC;QACzD,YAAY,EAAE,GAAqB,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;QACxE,WAAW,EAAE,GAAoB,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC;QACrE,YAAY,EAAE,GAAqB,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;QACxE,cAAc,EAAE,GAAuB,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;QAC9E,UAAU,EAAE,GAAmB,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;QAClE,MAAM,EAAE,GAAe,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC;QACtD,YAAY,EAAE,GAAqB,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;QACxE,GAAG,EAAE,GAAY,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;QAC7C,UAAU,EAAE,GAAmB,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;QAClE,OAAO,EAAE,GAAgB,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC;KACjD,CAAC;IAEX,aAAa,CAAmC,GAAM;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CACb,eAAe,GAAG,+DAA+D,CAClF,CAAC;QACJ,CAAC;QACD,OAAO,IAAwC,CAAC;IAClD,CAAC;IAED,gFAAgF;IAChF,UAAU,CAAC,GAAY,EAAE,OAAoB;QAC3C,IAAI,GAAG,KAAK,IAAI,CAAC,QAAQ,CAAC,GAAG;YAAE,OAAO,SAAS,CAAC;QAChD,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,QAAQ;QACZ,OAAO,iBAAiB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACnD,CAAC;IAED;;;;;;OAMG;IACH,QAAQ,CAAC,MAAc;QACrB,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,OAAO,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,IAAI,cAAc,CAAC;IACtD,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,OAAO,CAAC,MAAc;QAC1B,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAC1C,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CAAC,WAAW,OAAO,CAAC,IAAI,qCAAqC,CAAC,CAAC;YAChF,CAAC;YACD,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC3D,CAAC;YACD,OAAO,OAAO,CAAC,cAAc,CAAC,MAAM,EAAE;gBACpC,WAAW,EAAE,GAAG,CAAC,KAAK,CAAC,WAAW;gBAClC,SAAS,EAAE,GAAG,CAAC,KAAK,CAAC,SAAS;gBAC9B,KAAK,EAAE,MAAM,CAAC,IAAI;gBAClB,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED,8CAA8C;IAC9C,KAAK,CAAC,IAAI,CAAC,QAAoB,EAAE,OAAgB;QAC/C,MAAM,GAAG,GAAkB;YACzB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5E,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,eAAe,EAAE,IAAI,CAAC,WAAW;SAClC,CAAC;QACF,aAAa,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAC9B,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,QAAQ;YAC9B,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO;YACxB,CAAC,CAAE,QAAQ,CAAC,KAAsC,CAAC,WAAW,CACjE,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACrD,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACpC,IAAI,CAAC,WAAW,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QAC7C,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0BAA0B;IAC1B,KAAK,CAAC,MAAM,CAAC,MAAgB;QAC3B,MAAM,WAAW,GACf,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,QAAQ;YACrC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO;YAC/B,CAAC,CAAE,MAAM,CAAC,QAAQ,CAAC,KAAsC,CAAC,WAAW,CAAC;QAC1E,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC9C,OAAO,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IAED,mCAAmC;IACnC,KAAK,CAAC,MAAgB;QACpB,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACxD,CAAC;IAED,oBAAoB;IAEpB,WAAW,CAAC,IAAiB;QAC3B,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,CAAC;IACX,CAAC;CACF"}