tenzro-wallet 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/README.md +128 -0
- package/dist/balance/aggregator.d.ts +16 -0
- package/dist/balance/aggregator.d.ts.map +1 -0
- package/dist/balance/aggregator.js +73 -0
- package/dist/balance/aggregator.js.map +1 -0
- package/dist/balance/index.d.ts +3 -0
- package/dist/balance/index.d.ts.map +1 -0
- package/dist/balance/index.js +2 -0
- package/dist/balance/index.js.map +1 -0
- package/dist/consent/index.d.ts +3 -0
- package/dist/consent/index.d.ts.map +1 -0
- package/dist/consent/index.js +2 -0
- package/dist/consent/index.js.map +1 -0
- package/dist/consent/policy.d.ts +27 -0
- package/dist/consent/policy.d.ts.map +1 -0
- package/dist/consent/policy.js +121 -0
- package/dist/consent/policy.js.map +1 -0
- package/dist/crypto/eip1559.d.ts +53 -0
- package/dist/crypto/eip1559.d.ts.map +1 -0
- package/dist/crypto/eip1559.js +79 -0
- package/dist/crypto/eip1559.js.map +1 -0
- package/dist/crypto/keccak256.d.ts +20 -0
- package/dist/crypto/keccak256.d.ts.map +1 -0
- package/dist/crypto/keccak256.js +167 -0
- package/dist/crypto/keccak256.js.map +1 -0
- package/dist/crypto/rlp.d.ts +30 -0
- package/dist/crypto/rlp.d.ts.map +1 -0
- package/dist/crypto/rlp.js +165 -0
- package/dist/crypto/rlp.js.map +1 -0
- package/dist/crypto/sha256.d.ts +14 -0
- package/dist/crypto/sha256.d.ts.map +1 -0
- package/dist/crypto/sha256.js +33 -0
- package/dist/crypto/sha256.js.map +1 -0
- package/dist/crypto/solana.d.ts +86 -0
- package/dist/crypto/solana.d.ts.map +1 -0
- package/dist/crypto/solana.js +218 -0
- package/dist/crypto/solana.js.map +1 -0
- package/dist/custody/frost/backend.d.ts +59 -0
- package/dist/custody/frost/backend.d.ts.map +1 -0
- package/dist/custody/frost/backend.js +83 -0
- package/dist/custody/frost/backend.js.map +1 -0
- package/dist/custody/frost/coordinator.d.ts +148 -0
- package/dist/custody/frost/coordinator.d.ts.map +1 -0
- package/dist/custody/frost/coordinator.js +58 -0
- package/dist/custody/frost/coordinator.js.map +1 -0
- package/dist/custody/frost/ed25519-driver.d.ts +30 -0
- package/dist/custody/frost/ed25519-driver.d.ts.map +1 -0
- package/dist/custody/frost/ed25519-driver.js +76 -0
- package/dist/custody/frost/ed25519-driver.js.map +1 -0
- package/dist/custody/frost/http-adapter.d.ts +77 -0
- package/dist/custody/frost/http-adapter.d.ts.map +1 -0
- package/dist/custody/frost/http-adapter.js +168 -0
- package/dist/custody/frost/http-adapter.js.map +1 -0
- package/dist/custody/frost/hybrid-driver.d.ts +37 -0
- package/dist/custody/frost/hybrid-driver.d.ts.map +1 -0
- package/dist/custody/frost/hybrid-driver.js +60 -0
- package/dist/custody/frost/hybrid-driver.js.map +1 -0
- package/dist/custody/frost/index.d.ts +12 -0
- package/dist/custody/frost/index.d.ts.map +1 -0
- package/dist/custody/frost/index.js +6 -0
- package/dist/custody/frost/index.js.map +1 -0
- package/dist/custody/frost/secp256k1-driver.d.ts +26 -0
- package/dist/custody/frost/secp256k1-driver.d.ts.map +1 -0
- package/dist/custody/frost/secp256k1-driver.js +78 -0
- package/dist/custody/frost/secp256k1-driver.js.map +1 -0
- package/dist/custody/index.d.ts +9 -0
- package/dist/custody/index.d.ts.map +1 -0
- package/dist/custody/index.js +11 -0
- package/dist/custody/index.js.map +1 -0
- package/dist/custody/internal-mpc.d.ts +14 -0
- package/dist/custody/internal-mpc.d.ts.map +1 -0
- package/dist/custody/internal-mpc.js +40 -0
- package/dist/custody/internal-mpc.js.map +1 -0
- package/dist/custody/mldsa/coordinator.d.ts +63 -0
- package/dist/custody/mldsa/coordinator.d.ts.map +1 -0
- package/dist/custody/mldsa/coordinator.js +44 -0
- package/dist/custody/mldsa/coordinator.js.map +1 -0
- package/dist/custody/mldsa/driver.d.ts +23 -0
- package/dist/custody/mldsa/driver.d.ts.map +1 -0
- package/dist/custody/mldsa/driver.js +43 -0
- package/dist/custody/mldsa/driver.js.map +1 -0
- package/dist/custody/mldsa/http-adapter.d.ts +59 -0
- package/dist/custody/mldsa/http-adapter.d.ts.map +1 -0
- package/dist/custody/mldsa/http-adapter.js +103 -0
- package/dist/custody/mldsa/http-adapter.js.map +1 -0
- package/dist/custody/mldsa/index.d.ts +7 -0
- package/dist/custody/mldsa/index.d.ts.map +1 -0
- package/dist/custody/mldsa/index.js +4 -0
- package/dist/custody/mldsa/index.js.map +1 -0
- package/dist/custody/pairing/http-adapter.d.ts +40 -0
- package/dist/custody/pairing/http-adapter.d.ts.map +1 -0
- package/dist/custody/pairing/http-adapter.js +113 -0
- package/dist/custody/pairing/http-adapter.js.map +1 -0
- package/dist/custody/pairing/index.d.ts +10 -0
- package/dist/custody/pairing/index.d.ts.map +1 -0
- package/dist/custody/pairing/index.js +8 -0
- package/dist/custody/pairing/index.js.map +1 -0
- package/dist/custody/pairing/port.d.ts +121 -0
- package/dist/custody/pairing/port.d.ts.map +1 -0
- package/dist/custody/pairing/port.js +40 -0
- package/dist/custody/pairing/port.js.map +1 -0
- package/dist/custody/passkey-share/http-adapter.d.ts +77 -0
- package/dist/custody/passkey-share/http-adapter.d.ts.map +1 -0
- package/dist/custody/passkey-share/http-adapter.js +125 -0
- package/dist/custody/passkey-share/http-adapter.js.map +1 -0
- package/dist/custody/passkey-share/index.d.ts +7 -0
- package/dist/custody/passkey-share/index.d.ts.map +1 -0
- package/dist/custody/passkey-share/index.js +4 -0
- package/dist/custody/passkey-share/index.js.map +1 -0
- package/dist/custody/passkey-share/unwrapper.d.ts +174 -0
- package/dist/custody/passkey-share/unwrapper.d.ts.map +1 -0
- package/dist/custody/passkey-share/unwrapper.js +132 -0
- package/dist/custody/passkey-share/unwrapper.js.map +1 -0
- package/dist/custody/passkey-share/webauthn-adapter.d.ts +112 -0
- package/dist/custody/passkey-share/webauthn-adapter.d.ts.map +1 -0
- package/dist/custody/passkey-share/webauthn-adapter.js +150 -0
- package/dist/custody/passkey-share/webauthn-adapter.js.map +1 -0
- package/dist/custody/surface-key-id.d.ts +15 -0
- package/dist/custody/surface-key-id.d.ts.map +1 -0
- package/dist/custody/surface-key-id.js +25 -0
- package/dist/custody/surface-key-id.js.map +1 -0
- package/dist/dapp/eip6963.d.ts +64 -0
- package/dist/dapp/eip6963.d.ts.map +1 -0
- package/dist/dapp/eip6963.js +55 -0
- package/dist/dapp/eip6963.js.map +1 -0
- package/dist/dapp/index.d.ts +21 -0
- package/dist/dapp/index.d.ts.map +1 -0
- package/dist/dapp/index.js +24 -0
- package/dist/dapp/index.js.map +1 -0
- package/dist/identity/delegate-set.d.ts +57 -0
- package/dist/identity/delegate-set.d.ts.map +1 -0
- package/dist/identity/delegate-set.js +85 -0
- package/dist/identity/delegate-set.js.map +1 -0
- package/dist/identity/did.d.ts +17 -0
- package/dist/identity/did.d.ts.map +1 -0
- package/dist/identity/did.js +60 -0
- package/dist/identity/did.js.map +1 -0
- package/dist/identity/index.d.ts +14 -0
- package/dist/identity/index.d.ts.map +1 -0
- package/dist/identity/index.js +8 -0
- package/dist/identity/index.js.map +1 -0
- package/dist/identity/provision.d.ts +13 -0
- package/dist/identity/provision.d.ts.map +1 -0
- package/dist/identity/provision.js +151 -0
- package/dist/identity/provision.js.map +1 -0
- package/dist/identity/provisioning-http-adapter.d.ts +81 -0
- package/dist/identity/provisioning-http-adapter.d.ts.map +1 -0
- package/dist/identity/provisioning-http-adapter.js +114 -0
- package/dist/identity/provisioning-http-adapter.js.map +1 -0
- package/dist/identity/recovery-http-adapter.d.ts +83 -0
- package/dist/identity/recovery-http-adapter.d.ts.map +1 -0
- package/dist/identity/recovery-http-adapter.js +139 -0
- package/dist/identity/recovery-http-adapter.js.map +1 -0
- package/dist/identity/wallet-new.d.ts +132 -0
- package/dist/identity/wallet-new.d.ts.map +1 -0
- package/dist/identity/wallet-new.js +94 -0
- package/dist/identity/wallet-new.js.map +1 -0
- package/dist/identity/wallet-recover.d.ts +116 -0
- package/dist/identity/wallet-recover.d.ts.map +1 -0
- package/dist/identity/wallet-recover.js +95 -0
- package/dist/identity/wallet-recover.js.map +1 -0
- package/dist/index.d.ts +12 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +11 -0
- package/dist/index.js.map +1 -0
- package/dist/kernel.d.ts +119 -0
- package/dist/kernel.d.ts.map +1 -0
- package/dist/kernel.js +144 -0
- package/dist/kernel.js.map +1 -0
- package/dist/ports/adapters/tenzro-identity-adapter.d.ts +44 -0
- package/dist/ports/adapters/tenzro-identity-adapter.d.ts.map +1 -0
- package/dist/ports/adapters/tenzro-identity-adapter.js +60 -0
- package/dist/ports/adapters/tenzro-identity-adapter.js.map +1 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.d.ts +86 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.d.ts.map +1 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.js +100 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.js.map +1 -0
- package/dist/ports/agent/acp.d.ts +66 -0
- package/dist/ports/agent/acp.d.ts.map +1 -0
- package/dist/ports/agent/acp.js +27 -0
- package/dist/ports/agent/acp.js.map +1 -0
- package/dist/ports/agent/adapters/acp-adapter.d.ts +67 -0
- package/dist/ports/agent/adapters/acp-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/acp-adapter.js +70 -0
- package/dist/ports/agent/adapters/acp-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.d.ts +31 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.js +82 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.d.ts +66 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.js +75 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/ap2-adapter.d.ts +28 -0
- package/dist/ports/agent/adapters/ap2-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/ap2-adapter.js +97 -0
- package/dist/ports/agent/adapters/ap2-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.d.ts +26 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.js +37 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/erc7802-adapter.d.ts +30 -0
- package/dist/ports/agent/adapters/erc7802-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/erc7802-adapter.js +60 -0
- package/dist/ports/agent/adapters/erc7802-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/erc8004-adapter.d.ts +54 -0
- package/dist/ports/agent/adapters/erc8004-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/erc8004-adapter.js +53 -0
- package/dist/ports/agent/adapters/erc8004-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/escrow-adapter.d.ts +33 -0
- package/dist/ports/agent/adapters/escrow-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/escrow-adapter.js +109 -0
- package/dist/ports/agent/adapters/escrow-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.d.ts +31 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.js +103 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.d.ts +68 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.js +131 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/insurance-adapter.d.ts +32 -0
- package/dist/ports/agent/adapters/insurance-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/insurance-adapter.js +103 -0
- package/dist/ports/agent/adapters/insurance-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.d.ts +26 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.js +136 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.d.ts +62 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.js +76 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.d.ts +67 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.js +108 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.d.ts +23 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.js +156 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/session-key-adapter.d.ts +45 -0
- package/dist/ports/agent/adapters/session-key-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/session-key-adapter.js +80 -0
- package/dist/ports/agent/adapters/session-key-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.d.ts +32 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.js +38 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.js.map +1 -0
- package/dist/ports/agent/agent-bond.d.ts +80 -0
- package/dist/ports/agent/agent-bond.d.ts.map +1 -0
- package/dist/ports/agent/agent-bond.js +23 -0
- package/dist/ports/agent/agent-bond.js.map +1 -0
- package/dist/ports/agent/agent-payment.d.ts +72 -0
- package/dist/ports/agent/agent-payment.d.ts.map +1 -0
- package/dist/ports/agent/agent-payment.js +17 -0
- package/dist/ports/agent/agent-payment.js.map +1 -0
- package/dist/ports/agent/ap2.d.ts +104 -0
- package/dist/ports/agent/ap2.d.ts.map +1 -0
- package/dist/ports/agent/ap2.js +22 -0
- package/dist/ports/agent/ap2.js.map +1 -0
- package/dist/ports/agent/auth-approval.d.ts +40 -0
- package/dist/ports/agent/auth-approval.d.ts.map +1 -0
- package/dist/ports/agent/auth-approval.js +23 -0
- package/dist/ports/agent/auth-approval.js.map +1 -0
- package/dist/ports/agent/erc7802.d.ts +94 -0
- package/dist/ports/agent/erc7802.d.ts.map +1 -0
- package/dist/ports/agent/erc7802.js +30 -0
- package/dist/ports/agent/erc7802.js.map +1 -0
- package/dist/ports/agent/erc8004.d.ts +57 -0
- package/dist/ports/agent/erc8004.d.ts.map +1 -0
- package/dist/ports/agent/erc8004.js +20 -0
- package/dist/ports/agent/erc8004.js.map +1 -0
- package/dist/ports/agent/escrow.d.ts +74 -0
- package/dist/ports/agent/escrow.d.ts.map +1 -0
- package/dist/ports/agent/escrow.js +18 -0
- package/dist/ports/agent/escrow.js.map +1 -0
- package/dist/ports/agent/fee-estimator.d.ts +71 -0
- package/dist/ports/agent/fee-estimator.d.ts.map +1 -0
- package/dist/ports/agent/fee-estimator.js +21 -0
- package/dist/ports/agent/fee-estimator.js.map +1 -0
- package/dist/ports/agent/htlc-escrow.d.ts +94 -0
- package/dist/ports/agent/htlc-escrow.d.ts.map +1 -0
- package/dist/ports/agent/htlc-escrow.js +25 -0
- package/dist/ports/agent/htlc-escrow.js.map +1 -0
- package/dist/ports/agent/index.d.ts +58 -0
- package/dist/ports/agent/index.d.ts.map +1 -0
- package/dist/ports/agent/index.js +24 -0
- package/dist/ports/agent/index.js.map +1 -0
- package/dist/ports/agent/insurance.d.ts +65 -0
- package/dist/ports/agent/insurance.d.ts.map +1 -0
- package/dist/ports/agent/insurance.js +18 -0
- package/dist/ports/agent/insurance.js.map +1 -0
- package/dist/ports/agent/lifecycle.d.ts +69 -0
- package/dist/ports/agent/lifecycle.d.ts.map +1 -0
- package/dist/ports/agent/lifecycle.js +17 -0
- package/dist/ports/agent/lifecycle.js.map +1 -0
- package/dist/ports/agent/nanopayment.d.ts +72 -0
- package/dist/ports/agent/nanopayment.d.ts.map +1 -0
- package/dist/ports/agent/nanopayment.js +16 -0
- package/dist/ports/agent/nanopayment.js.map +1 -0
- package/dist/ports/agent/payment-rails.d.ts +140 -0
- package/dist/ports/agent/payment-rails.d.ts.map +1 -0
- package/dist/ports/agent/payment-rails.js +25 -0
- package/dist/ports/agent/payment-rails.js.map +1 -0
- package/dist/ports/agent/principal-chain.d.ts +95 -0
- package/dist/ports/agent/principal-chain.d.ts.map +1 -0
- package/dist/ports/agent/principal-chain.js +16 -0
- package/dist/ports/agent/principal-chain.js.map +1 -0
- package/dist/ports/agent/session-key.d.ts +94 -0
- package/dist/ports/agent/session-key.d.ts.map +1 -0
- package/dist/ports/agent/session-key.js +31 -0
- package/dist/ports/agent/session-key.js.map +1 -0
- package/dist/ports/agent/tee-attestation.d.ts +51 -0
- package/dist/ports/agent/tee-attestation.d.ts.map +1 -0
- package/dist/ports/agent/tee-attestation.js +28 -0
- package/dist/ports/agent/tee-attestation.js.map +1 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.d.ts +47 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.js +144 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.js.map +1 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.d.ts +30 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.js +31 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/ccip-adapter.d.ts +30 -0
- package/dist/ports/bridge/adapters/ccip-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/ccip-adapter.js +31 -0
- package/dist/ports/bridge/adapters/ccip-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/debridge-adapter.d.ts +27 -0
- package/dist/ports/bridge/adapters/debridge-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/debridge-adapter.js +28 -0
- package/dist/ports/bridge/adapters/debridge-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.d.ts +30 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.js +31 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/lifi-adapter.d.ts +48 -0
- package/dist/ports/bridge/adapters/lifi-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/lifi-adapter.js +49 -0
- package/dist/ports/bridge/adapters/lifi-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.d.ts +26 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.js +27 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.js.map +1 -0
- package/dist/ports/bridge/bridge.d.ts +123 -0
- package/dist/ports/bridge/bridge.d.ts.map +1 -0
- package/dist/ports/bridge/bridge.js +20 -0
- package/dist/ports/bridge/bridge.js.map +1 -0
- package/dist/ports/bridge/index.d.ts +13 -0
- package/dist/ports/bridge/index.d.ts.map +1 -0
- package/dist/ports/bridge/index.js +11 -0
- package/dist/ports/bridge/index.js.map +1 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.d.ts +52 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.d.ts.map +1 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.js +232 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.js.map +1 -0
- package/dist/ports/canton/canton-identity.d.ts +60 -0
- package/dist/ports/canton/canton-identity.d.ts.map +1 -0
- package/dist/ports/canton/canton-identity.js +28 -0
- package/dist/ports/canton/canton-identity.js.map +1 -0
- package/dist/ports/canton/canton-validator.d.ts +182 -0
- package/dist/ports/canton/canton-validator.d.ts.map +1 -0
- package/dist/ports/canton/canton-validator.js +39 -0
- package/dist/ports/canton/canton-validator.js.map +1 -0
- package/dist/ports/canton/fingerprint.d.ts +24 -0
- package/dist/ports/canton/fingerprint.d.ts.map +1 -0
- package/dist/ports/canton/fingerprint.js +31 -0
- package/dist/ports/canton/fingerprint.js.map +1 -0
- package/dist/ports/canton/hash.d.ts +37 -0
- package/dist/ports/canton/hash.d.ts.map +1 -0
- package/dist/ports/canton/hash.js +68 -0
- package/dist/ports/canton/hash.js.map +1 -0
- package/dist/ports/canton/http.d.ts +64 -0
- package/dist/ports/canton/http.d.ts.map +1 -0
- package/dist/ports/canton/http.js +177 -0
- package/dist/ports/canton/http.js.map +1 -0
- package/dist/ports/cross-vm.d.ts +79 -0
- package/dist/ports/cross-vm.d.ts.map +1 -0
- package/dist/ports/cross-vm.js +81 -0
- package/dist/ports/cross-vm.js.map +1 -0
- package/dist/ports/index.d.ts +18 -0
- package/dist/ports/index.d.ts.map +1 -0
- package/dist/ports/index.js +11 -0
- package/dist/ports/index.js.map +1 -0
- package/dist/ports/tenzro-identity.d.ts +29 -0
- package/dist/ports/tenzro-identity.d.ts.map +1 -0
- package/dist/ports/tenzro-identity.js +19 -0
- package/dist/ports/tenzro-identity.js.map +1 -0
- package/dist/ports/tenzro-rpc.d.ts +79 -0
- package/dist/ports/tenzro-rpc.d.ts.map +1 -0
- package/dist/ports/tenzro-rpc.js +21 -0
- package/dist/ports/tenzro-rpc.js.map +1 -0
- package/dist/router/index.d.ts +3 -0
- package/dist/router/index.d.ts.map +1 -0
- package/dist/router/index.js +2 -0
- package/dist/router/index.js.map +1 -0
- package/dist/router/route.d.ts +17 -0
- package/dist/router/route.d.ts.map +1 -0
- package/dist/router/route.js +78 -0
- package/dist/router/route.js.map +1 -0
- package/dist/settlement/nanopayment-flow.d.ts +48 -0
- package/dist/settlement/nanopayment-flow.d.ts.map +1 -0
- package/dist/settlement/nanopayment-flow.js +111 -0
- package/dist/settlement/nanopayment-flow.js.map +1 -0
- package/dist/surfaces/canton-external.d.ts +43 -0
- package/dist/surfaces/canton-external.d.ts.map +1 -0
- package/dist/surfaces/canton-external.js +252 -0
- package/dist/surfaces/canton-external.js.map +1 -0
- package/dist/surfaces/canton-internal.d.ts +34 -0
- package/dist/surfaces/canton-internal.d.ts.map +1 -0
- package/dist/surfaces/canton-internal.js +163 -0
- package/dist/surfaces/canton-internal.js.map +1 -0
- package/dist/surfaces/canton-onboarding.d.ts +64 -0
- package/dist/surfaces/canton-onboarding.d.ts.map +1 -0
- package/dist/surfaces/canton-onboarding.js +113 -0
- package/dist/surfaces/canton-onboarding.js.map +1 -0
- package/dist/surfaces/evm-on-tenzro.d.ts +29 -0
- package/dist/surfaces/evm-on-tenzro.d.ts.map +1 -0
- package/dist/surfaces/evm-on-tenzro.js +226 -0
- package/dist/surfaces/evm-on-tenzro.js.map +1 -0
- package/dist/surfaces/index.d.ts +13 -0
- package/dist/surfaces/index.d.ts.map +1 -0
- package/dist/surfaces/index.js +7 -0
- package/dist/surfaces/index.js.map +1 -0
- package/dist/surfaces/svm-on-tenzro.d.ts +24 -0
- package/dist/surfaces/svm-on-tenzro.d.ts.map +1 -0
- package/dist/surfaces/svm-on-tenzro.js +238 -0
- package/dist/surfaces/svm-on-tenzro.js.map +1 -0
- package/dist/surfaces/tenzro-native.d.ts +45 -0
- package/dist/surfaces/tenzro-native.d.ts.map +1 -0
- package/dist/surfaces/tenzro-native.js +299 -0
- package/dist/surfaces/tenzro-native.js.map +1 -0
- package/dist/surfaces/util.d.ts +18 -0
- package/dist/surfaces/util.d.ts.map +1 -0
- package/dist/surfaces/util.js +36 -0
- package/dist/surfaces/util.js.map +1 -0
- package/dist/types/asset.d.ts +43 -0
- package/dist/types/asset.d.ts.map +1 -0
- package/dist/types/asset.js +13 -0
- package/dist/types/asset.js.map +1 -0
- package/dist/types/consent.d.ts +46 -0
- package/dist/types/consent.d.ts.map +1 -0
- package/dist/types/consent.js +18 -0
- package/dist/types/consent.js.map +1 -0
- package/dist/types/identity.d.ts +115 -0
- package/dist/types/identity.d.ts.map +1 -0
- package/dist/types/identity.js +12 -0
- package/dist/types/identity.js.map +1 -0
- package/dist/types/index.d.ts +10 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +3 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/intent.d.ts +132 -0
- package/dist/types/intent.d.ts.map +1 -0
- package/dist/types/intent.js +8 -0
- package/dist/types/intent.js.map +1 -0
- package/dist/types/signing-driver.d.ts +48 -0
- package/dist/types/signing-driver.d.ts.map +1 -0
- package/dist/types/signing-driver.js +9 -0
- package/dist/types/signing-driver.js.map +1 -0
- package/dist/types/surface-module.d.ts +38 -0
- package/dist/types/surface-module.d.ts.map +1 -0
- package/dist/types/surface-module.js +19 -0
- package/dist/types/surface-module.js.map +1 -0
- package/dist/types/surface.d.ts +17 -0
- package/dist/types/surface.d.ts.map +1 -0
- package/dist/types/surface.js +28 -0
- package/dist/types/surface.js.map +1 -0
- package/package.json +84 -0
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PairingHttpAdapter — fetch-based driver against a Tenzro RPC node's
|
|
3
|
+
* `/wallet/pairing/*` endpoints. Browser-clean (fetch + JSON only).
|
|
4
|
+
*
|
|
5
|
+
* The `/wallet/*` endpoints are pre-auth: the QR pairing flow runs before
|
|
6
|
+
* the new device has any session, and the originally-paired device's auth
|
|
7
|
+
* is asserted by the passkey assertion in the body, not by an
|
|
8
|
+
* `Authorization` header. So unlike the Canton HTTP helpers, no token
|
|
9
|
+
* provider is threaded through.
|
|
10
|
+
*
|
|
11
|
+
* Wire shape per DESIGN.md §4.3.6:
|
|
12
|
+
* POST /wallet/pairing/start → { session_id, pairing_url, expires_at }
|
|
13
|
+
* POST /wallet/pairing/claim → { session_id, state }
|
|
14
|
+
* POST /wallet/pairing/poll → { session_id, state, claimed_public_key?, reason? }
|
|
15
|
+
* POST /wallet/pairing/finalize → { session_id, verification_methods, threshold }
|
|
16
|
+
* POST /wallet/pairing/cancel → 204 No Content
|
|
17
|
+
*/
|
|
18
|
+
export class PairingHttpError extends Error {
|
|
19
|
+
status;
|
|
20
|
+
url;
|
|
21
|
+
body;
|
|
22
|
+
constructor(status, url, body) {
|
|
23
|
+
super(`pairing http ${status} on ${url}: ${body.length > 200 ? body.slice(0, 200) + '…' : body}`);
|
|
24
|
+
this.status = status;
|
|
25
|
+
this.url = url;
|
|
26
|
+
this.body = body;
|
|
27
|
+
this.name = 'PairingHttpError';
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
export class PairingHttpAdapter {
|
|
31
|
+
#cfg;
|
|
32
|
+
constructor(cfg) {
|
|
33
|
+
this.#cfg = cfg;
|
|
34
|
+
}
|
|
35
|
+
async start(req) {
|
|
36
|
+
const raw = await this.#post('/wallet/pairing/start', {
|
|
37
|
+
did: req.did,
|
|
38
|
+
...(req.label !== undefined ? { label: req.label } : {}),
|
|
39
|
+
});
|
|
40
|
+
return {
|
|
41
|
+
sessionId: raw.session_id,
|
|
42
|
+
pairingUrl: raw.pairing_url,
|
|
43
|
+
expiresAt: raw.expires_at,
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
async claim(req) {
|
|
47
|
+
const raw = await this.#post('/wallet/pairing/claim', {
|
|
48
|
+
session_id: req.sessionId,
|
|
49
|
+
new_device_public_key: req.newDevicePublicKey,
|
|
50
|
+
assertion: {
|
|
51
|
+
credential_id: req.assertion.credentialId,
|
|
52
|
+
client_data_json: req.assertion.clientDataJson,
|
|
53
|
+
authenticator_data: req.assertion.authenticatorData,
|
|
54
|
+
signature: req.assertion.signature,
|
|
55
|
+
},
|
|
56
|
+
});
|
|
57
|
+
return { sessionId: raw.session_id, state: raw.state };
|
|
58
|
+
}
|
|
59
|
+
async poll(sessionId) {
|
|
60
|
+
const raw = await this.#post('/wallet/pairing/poll', {
|
|
61
|
+
session_id: sessionId,
|
|
62
|
+
});
|
|
63
|
+
return {
|
|
64
|
+
sessionId: raw.session_id,
|
|
65
|
+
state: raw.state,
|
|
66
|
+
...(raw.claimed_public_key !== undefined ? { claimedPublicKey: raw.claimed_public_key } : {}),
|
|
67
|
+
...(raw.reason !== undefined ? { reason: raw.reason } : {}),
|
|
68
|
+
};
|
|
69
|
+
}
|
|
70
|
+
async finalize(req) {
|
|
71
|
+
const raw = await this.#post('/wallet/pairing/finalize', {
|
|
72
|
+
session_id: req.sessionId,
|
|
73
|
+
original_device_assertion: {
|
|
74
|
+
credential_id: req.originalDeviceAssertion.credentialId,
|
|
75
|
+
client_data_json: req.originalDeviceAssertion.clientDataJson,
|
|
76
|
+
authenticator_data: req.originalDeviceAssertion.authenticatorData,
|
|
77
|
+
signature: req.originalDeviceAssertion.signature,
|
|
78
|
+
},
|
|
79
|
+
});
|
|
80
|
+
const methods = raw.verification_methods.map((m) => ({
|
|
81
|
+
id: m.id,
|
|
82
|
+
type: m.type,
|
|
83
|
+
controller: m.controller,
|
|
84
|
+
publicKeyMultibase: m.public_key_multibase,
|
|
85
|
+
}));
|
|
86
|
+
return {
|
|
87
|
+
sessionId: raw.session_id,
|
|
88
|
+
verificationMethods: methods,
|
|
89
|
+
threshold: raw.threshold,
|
|
90
|
+
};
|
|
91
|
+
}
|
|
92
|
+
async cancel(sessionId) {
|
|
93
|
+
await this.#post('/wallet/pairing/cancel', { session_id: sessionId });
|
|
94
|
+
}
|
|
95
|
+
// --- internals ---
|
|
96
|
+
async #post(path, body) {
|
|
97
|
+
const f = this.#cfg.fetch ?? globalThis.fetch;
|
|
98
|
+
const url = this.#cfg.baseUrl.replace(/\/+$/, '') + path;
|
|
99
|
+
const res = await f(url, {
|
|
100
|
+
method: 'POST',
|
|
101
|
+
headers: { 'content-type': 'application/json' },
|
|
102
|
+
body: JSON.stringify(body),
|
|
103
|
+
});
|
|
104
|
+
if (!res.ok) {
|
|
105
|
+
const text = await res.text().catch(() => '');
|
|
106
|
+
throw new PairingHttpError(res.status, url, text);
|
|
107
|
+
}
|
|
108
|
+
if (res.status === 204)
|
|
109
|
+
return undefined;
|
|
110
|
+
return (await res.json());
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
//# sourceMappingURL=http-adapter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-adapter.js","sourceRoot":"","sources":["../../../src/custody/pairing/http-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAsBH,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IAE9B;IACA;IACA;IAHX,YACW,MAAc,EACd,GAAW,EACX,IAAY;QAErB,KAAK,CACH,gBAAgB,MAAM,OAAO,GAAG,KAAK,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAC3F,CAAC;QANO,WAAM,GAAN,MAAM,CAAQ;QACd,QAAG,GAAH,GAAG,CAAQ;QACX,SAAI,GAAJ,IAAI,CAAQ;QAKrB,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AA0BD,MAAM,OAAO,kBAAkB;IACpB,IAAI,CAAoB;IAEjC,YAAY,GAAsB;QAChC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAwB;QAClC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAW,uBAAuB,EAAE;YAC9D,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACzD,CAAC,CAAC;QACH,OAAO;YACL,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,UAAU,EAAE,GAAG,CAAC,WAAW;YAC3B,SAAS,EAAE,GAAG,CAAC,UAAU;SAC1B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAwB;QAClC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAC1B,uBAAuB,EACvB;YACE,UAAU,EAAE,GAAG,CAAC,SAAS;YACzB,qBAAqB,EAAE,GAAG,CAAC,kBAAkB;YAC7C,SAAS,EAAE;gBACT,aAAa,EAAE,GAAG,CAAC,SAAS,CAAC,YAAY;gBACzC,gBAAgB,EAAE,GAAG,CAAC,SAAS,CAAC,cAAc;gBAC9C,kBAAkB,EAAE,GAAG,CAAC,SAAS,CAAC,iBAAiB;gBACnD,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,SAAS;aACnC;SACF,CACF,CAAC;QACF,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,SAAiB;QAC1B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAW,sBAAsB,EAAE;YAC7D,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QACH,OAAO;YACL,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,GAAG,CAAC,GAAG,CAAC,kBAAkB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7F,GAAG,CAAC,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAA2B;QACxC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAc,0BAA0B,EAAE;YACpE,UAAU,EAAE,GAAG,CAAC,SAAS;YACzB,yBAAyB,EAAE;gBACzB,aAAa,EAAE,GAAG,CAAC,uBAAuB,CAAC,YAAY;gBACvD,gBAAgB,EAAE,GAAG,CAAC,uBAAuB,CAAC,cAAc;gBAC5D,kBAAkB,EAAE,GAAG,CAAC,uBAAuB,CAAC,iBAAiB;gBACjE,SAAS,EAAE,GAAG,CAAC,uBAAuB,CAAC,SAAS;aACjD;SACF,CAAC,CAAC;QACH,MAAM,OAAO,GAAyB,GAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzE,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,kBAAkB,EAAE,CAAC,CAAC,oBAAoB;SAC3C,CAAC,CAAC,CAAC;QACJ,OAAO;YACL,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,mBAAmB,EAAE,OAAO;YAC5B,SAAS,EAAE,GAAG,CAAC,SAAS;SACzB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,MAAM,IAAI,CAAC,KAAK,CAAU,wBAAwB,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;IACjF,CAAC;IAED,oBAAoB;IAEpB,KAAK,CAAC,KAAK,CAAO,IAAY,EAAE,IAAa;QAC3C,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC;QACzD,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,GAAG,EAAE;YACvB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9C,MAAM,IAAI,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,SAAiB,CAAC;QACjD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAS,CAAC;IACpC,CAAC;CACF"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* QR pairing flow for upgrading 2-of-2 → 2-of-3 by adding a second user
|
|
3
|
+
* device (DESIGN.md §4.3.6). The `PairingPort` is the kernel-facing
|
|
4
|
+
* surface; the `PairingHttpAdapter` is the real driver against a Tenzro
|
|
5
|
+
* RPC node's `/wallet/pairing/*` endpoints.
|
|
6
|
+
*/
|
|
7
|
+
export type { PasskeyAssertion, PairingPort, PairingState, PairingStartRequest, PairingStartResult, PairingPollResult, PairingClaimRequest, PairingClaimResult, PairingFinalizeRequest, PairingFinalizeResult, VerificationMethod, } from './port.js';
|
|
8
|
+
export { PairingHttpAdapter, PairingHttpError } from './http-adapter.js';
|
|
9
|
+
export type { PairingHttpConfig } from './http-adapter.js';
|
|
10
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/custody/pairing/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,YAAY,EACV,gBAAgB,EAChB,WAAW,EACX,YAAY,EACZ,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,sBAAsB,EACtB,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,WAAW,CAAC;AAEnB,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACzE,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* QR pairing flow for upgrading 2-of-2 → 2-of-3 by adding a second user
|
|
3
|
+
* device (DESIGN.md §4.3.6). The `PairingPort` is the kernel-facing
|
|
4
|
+
* surface; the `PairingHttpAdapter` is the real driver against a Tenzro
|
|
5
|
+
* RPC node's `/wallet/pairing/*` endpoints.
|
|
6
|
+
*/
|
|
7
|
+
export { PairingHttpAdapter, PairingHttpError } from "./http-adapter.js";
|
|
8
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/custody/pairing/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAgBH,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC"}
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PairingPort — wallet-side view of the QR pairing flow that upgrades a
|
|
3
|
+
* 2-of-2 quorum (passkey-bound device share + node-TEE share) to 2-of-3
|
|
4
|
+
* by adding a second user device. Specified in DESIGN.md §4.3.6.
|
|
5
|
+
*
|
|
6
|
+
* Flow (originally-paired device drives steps 1, 4, 5; second device
|
|
7
|
+
* drives step 3):
|
|
8
|
+
*
|
|
9
|
+
* 1. `start({did})` — POST /wallet/pairing/start
|
|
10
|
+
* → returns `{sessionId, pairingUrl, expiresAt}`. The wallet renders
|
|
11
|
+
* `pairingUrl` as a QR code.
|
|
12
|
+
*
|
|
13
|
+
* 2. (User scans the QR on the new device — this happens out-of-band
|
|
14
|
+
* from the originally-paired device's perspective.)
|
|
15
|
+
*
|
|
16
|
+
* 3. (On the new device, the wallet POSTs /wallet/pairing/claim with a
|
|
17
|
+
* passkey assertion — `claim()` below for that side of the protocol.)
|
|
18
|
+
*
|
|
19
|
+
* 4. `poll({sessionId})` — POST /wallet/pairing/poll
|
|
20
|
+
* → repeated until `state === 'claimed' | 'expired' | 'cancelled'`.
|
|
21
|
+
* Returns the claimed device's passkey public key once available.
|
|
22
|
+
*
|
|
23
|
+
* 5. `finalize({sessionId, originalDeviceAssertion})` —
|
|
24
|
+
* POST /wallet/pairing/finalize. After the originally-paired device
|
|
25
|
+
* runs its own passkey ceremony, it submits the assertion here. The
|
|
26
|
+
* node mediates the threshold-redeal (existing key → 3 shares,
|
|
27
|
+
* threshold updated to 2-of-3) and updates the DID Document. Returns
|
|
28
|
+
* the post-redeal `verificationMethod` set so the wallet can update
|
|
29
|
+
* its local DID cache.
|
|
30
|
+
*
|
|
31
|
+
* The port is intentionally opaque about how passkey assertions are
|
|
32
|
+
* obtained — that's a WebAuthn / native-platform call that lives in the
|
|
33
|
+
* host app. The port only carries the assertion bytes through to the
|
|
34
|
+
* node.
|
|
35
|
+
*
|
|
36
|
+
* Browser-clean: the adapter uses only `fetch` + the assertion bytes the
|
|
37
|
+
* caller supplies; no Node-only globals, no Buffer.
|
|
38
|
+
*/
|
|
39
|
+
/** A WebAuthn assertion, transport-encoded so the node can verify it. */
|
|
40
|
+
export interface PasskeyAssertion {
|
|
41
|
+
/** Base64url credential id used to look up the passkey on the node. */
|
|
42
|
+
readonly credentialId: string;
|
|
43
|
+
/** Base64url client-data JSON. */
|
|
44
|
+
readonly clientDataJson: string;
|
|
45
|
+
/** Base64url authenticator data. */
|
|
46
|
+
readonly authenticatorData: string;
|
|
47
|
+
/** Base64url signature over `authenticatorData || sha256(clientDataJson)`. */
|
|
48
|
+
readonly signature: string;
|
|
49
|
+
}
|
|
50
|
+
export interface PairingStartRequest {
|
|
51
|
+
/** TDIP DID of the wallet that's initiating the pairing. */
|
|
52
|
+
readonly did: string;
|
|
53
|
+
/** Optional human-readable label for the pairing (shown in approver UI). */
|
|
54
|
+
readonly label?: string;
|
|
55
|
+
}
|
|
56
|
+
export interface PairingStartResult {
|
|
57
|
+
/** Opaque session id. The wallet uses this for `poll` and `finalize`. */
|
|
58
|
+
readonly sessionId: string;
|
|
59
|
+
/** Full URL that should be rendered as a QR code. The new device opens
|
|
60
|
+
* this URL in any browser to start the claim ceremony. */
|
|
61
|
+
readonly pairingUrl: string;
|
|
62
|
+
/** Unix-ms timestamp when this session expires. */
|
|
63
|
+
readonly expiresAt: number;
|
|
64
|
+
}
|
|
65
|
+
export type PairingState = 'pending' | 'claimed' | 'finalized' | 'expired' | 'cancelled';
|
|
66
|
+
export interface PairingPollResult {
|
|
67
|
+
readonly sessionId: string;
|
|
68
|
+
readonly state: PairingState;
|
|
69
|
+
/** Set once `state === 'claimed'` or later. The originally-paired
|
|
70
|
+
* device should display this to the user before finalising, so they
|
|
71
|
+
* can confirm they're approving the right new device. */
|
|
72
|
+
readonly claimedPublicKey?: string;
|
|
73
|
+
/** Set when `state === 'expired' | 'cancelled'`. */
|
|
74
|
+
readonly reason?: string;
|
|
75
|
+
}
|
|
76
|
+
export interface PairingClaimRequest {
|
|
77
|
+
readonly sessionId: string;
|
|
78
|
+
readonly assertion: PasskeyAssertion;
|
|
79
|
+
/** Public key of the new passkey, transport-encoded. The node will
|
|
80
|
+
* attach this to the DID Document on finalization. */
|
|
81
|
+
readonly newDevicePublicKey: string;
|
|
82
|
+
}
|
|
83
|
+
export interface PairingClaimResult {
|
|
84
|
+
readonly sessionId: string;
|
|
85
|
+
readonly state: PairingState;
|
|
86
|
+
}
|
|
87
|
+
export interface PairingFinalizeRequest {
|
|
88
|
+
readonly sessionId: string;
|
|
89
|
+
/** Passkey assertion from the originally-paired device, proving it
|
|
90
|
+
* actively consented to the redeal (rather than the node redealing
|
|
91
|
+
* silently). */
|
|
92
|
+
readonly originalDeviceAssertion: PasskeyAssertion;
|
|
93
|
+
}
|
|
94
|
+
export interface VerificationMethod {
|
|
95
|
+
readonly id: string;
|
|
96
|
+
readonly type: string;
|
|
97
|
+
readonly controller: string;
|
|
98
|
+
/** Multibase-encoded public key (e.g. `z6Mk...`). */
|
|
99
|
+
readonly publicKeyMultibase: string;
|
|
100
|
+
}
|
|
101
|
+
export interface PairingFinalizeResult {
|
|
102
|
+
readonly sessionId: string;
|
|
103
|
+
/** Updated `verificationMethod` set after the redeal — should now hold
|
|
104
|
+
* three entries (original device, new device, node-TEE). */
|
|
105
|
+
readonly verificationMethods: readonly VerificationMethod[];
|
|
106
|
+
/** New threshold record — expected to be `2-of-3`. */
|
|
107
|
+
readonly threshold: string;
|
|
108
|
+
}
|
|
109
|
+
export interface PairingPort {
|
|
110
|
+
/** Originally-paired device: mint a pairing session and get the QR URL. */
|
|
111
|
+
start(req: PairingStartRequest): Promise<PairingStartResult>;
|
|
112
|
+
/** New device: claim the session with a passkey assertion. */
|
|
113
|
+
claim(req: PairingClaimRequest): Promise<PairingClaimResult>;
|
|
114
|
+
/** Originally-paired device: poll for the new device's claim. */
|
|
115
|
+
poll(sessionId: string): Promise<PairingPollResult>;
|
|
116
|
+
/** Originally-paired device: finalise with own passkey + trigger redeal. */
|
|
117
|
+
finalize(req: PairingFinalizeRequest): Promise<PairingFinalizeResult>;
|
|
118
|
+
/** Originally-paired device: cancel a pending session. Idempotent. */
|
|
119
|
+
cancel(sessionId: string): Promise<void>;
|
|
120
|
+
}
|
|
121
|
+
//# sourceMappingURL=port.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"port.d.ts","sourceRoot":"","sources":["../../../src/custody/pairing/port.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,yEAAyE;AACzE,MAAM,WAAW,gBAAgB;IAC/B,uEAAuE;IACvE,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,kCAAkC;IAClC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,oCAAoC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,8EAA8E;IAC9E,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,mBAAmB;IAClC,4DAA4D;IAC5D,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,4EAA4E;IAC5E,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,yEAAyE;IACzE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B;+DAC2D;IAC3D,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,mDAAmD;IACnD,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,MAAM,YAAY,GACpB,SAAS,GACT,SAAS,GACT,WAAW,GACX,SAAS,GACT,WAAW,CAAC;AAEhB,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAC7B;;8DAE0D;IAC1D,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,oDAAoD;IACpD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAC;IACrC;2DACuD;IACvD,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;CACrC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;CAC9B;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B;;qBAEiB;IACjB,QAAQ,CAAC,uBAAuB,EAAE,gBAAgB,CAAC;CACpD;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,qDAAqD;IACrD,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;CACrC;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B;iEAC6D;IAC7D,QAAQ,CAAC,mBAAmB,EAAE,SAAS,kBAAkB,EAAE,CAAC;IAC5D,sDAAsD;IACtD,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,2EAA2E;IAC3E,KAAK,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAE7D,8DAA8D;IAC9D,KAAK,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAE7D,iEAAiE;IACjE,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAEpD,4EAA4E;IAC5E,QAAQ,CAAC,GAAG,EAAE,sBAAsB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAEtE,sEAAsE;IACtE,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1C"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PairingPort — wallet-side view of the QR pairing flow that upgrades a
|
|
3
|
+
* 2-of-2 quorum (passkey-bound device share + node-TEE share) to 2-of-3
|
|
4
|
+
* by adding a second user device. Specified in DESIGN.md §4.3.6.
|
|
5
|
+
*
|
|
6
|
+
* Flow (originally-paired device drives steps 1, 4, 5; second device
|
|
7
|
+
* drives step 3):
|
|
8
|
+
*
|
|
9
|
+
* 1. `start({did})` — POST /wallet/pairing/start
|
|
10
|
+
* → returns `{sessionId, pairingUrl, expiresAt}`. The wallet renders
|
|
11
|
+
* `pairingUrl` as a QR code.
|
|
12
|
+
*
|
|
13
|
+
* 2. (User scans the QR on the new device — this happens out-of-band
|
|
14
|
+
* from the originally-paired device's perspective.)
|
|
15
|
+
*
|
|
16
|
+
* 3. (On the new device, the wallet POSTs /wallet/pairing/claim with a
|
|
17
|
+
* passkey assertion — `claim()` below for that side of the protocol.)
|
|
18
|
+
*
|
|
19
|
+
* 4. `poll({sessionId})` — POST /wallet/pairing/poll
|
|
20
|
+
* → repeated until `state === 'claimed' | 'expired' | 'cancelled'`.
|
|
21
|
+
* Returns the claimed device's passkey public key once available.
|
|
22
|
+
*
|
|
23
|
+
* 5. `finalize({sessionId, originalDeviceAssertion})` —
|
|
24
|
+
* POST /wallet/pairing/finalize. After the originally-paired device
|
|
25
|
+
* runs its own passkey ceremony, it submits the assertion here. The
|
|
26
|
+
* node mediates the threshold-redeal (existing key → 3 shares,
|
|
27
|
+
* threshold updated to 2-of-3) and updates the DID Document. Returns
|
|
28
|
+
* the post-redeal `verificationMethod` set so the wallet can update
|
|
29
|
+
* its local DID cache.
|
|
30
|
+
*
|
|
31
|
+
* The port is intentionally opaque about how passkey assertions are
|
|
32
|
+
* obtained — that's a WebAuthn / native-platform call that lives in the
|
|
33
|
+
* host app. The port only carries the assertion bytes through to the
|
|
34
|
+
* node.
|
|
35
|
+
*
|
|
36
|
+
* Browser-clean: the adapter uses only `fetch` + the assertion bytes the
|
|
37
|
+
* caller supplies; no Node-only globals, no Buffer.
|
|
38
|
+
*/
|
|
39
|
+
export {};
|
|
40
|
+
//# sourceMappingURL=port.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"port.js","sourceRoot":"","sources":["../../../src/custody/pairing/port.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG"}
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ShareEnvelopeHttpAdapter — fetch-based driver against a Tenzro RPC
|
|
3
|
+
* node's `/wallet/share/*` endpoints. Implements the `ShareEnvelopePort`
|
|
4
|
+
* port; mirrors `FrostHttpAdapter`, `MlDsaHttpAdapter`, and
|
|
5
|
+
* `PairingHttpAdapter` for shape.
|
|
6
|
+
*
|
|
7
|
+
* Wire shape per `unwrapper.ts` header + DESIGN.md §4.3.5:
|
|
8
|
+
*
|
|
9
|
+
* GET /wallet/share/envelope?credential_id=…&surface_key=…&scheme=…
|
|
10
|
+
* reply = { wrapped_share_b64, alg, salt_b64 }
|
|
11
|
+
*
|
|
12
|
+
* POST /wallet/share/escrow/challenge
|
|
13
|
+
* body = { credential_id, surface_key, scheme }
|
|
14
|
+
* reply = { nonce, expires_at }
|
|
15
|
+
*
|
|
16
|
+
* POST /wallet/share/escrow/unwrap
|
|
17
|
+
* body = { credential_id, surface_key, scheme, nonce,
|
|
18
|
+
* assertion: { credential_id, client_data_json,
|
|
19
|
+
* authenticator_data, signature } }
|
|
20
|
+
* reply = { wrapped_share_b64, pepper_b64 }
|
|
21
|
+
*
|
|
22
|
+
* Bytes on the wire are standard base64 (RFC 4648 §4) — same convention
|
|
23
|
+
* the FROST + Canton adapters use. The `_b64` suffix is load-bearing.
|
|
24
|
+
*
|
|
25
|
+
* The `/wallet/share/*` endpoints are pre-auth: the envelope and escrow
|
|
26
|
+
* routes are authenticated by the passkey assertion in the body itself
|
|
27
|
+
* (escrow path) or by the credential id + surface-key tuple (envelope
|
|
28
|
+
* path; the wrapped share is useless without the PRF/largeBlob output).
|
|
29
|
+
* The optional `headers` callback exists for hosts that still want to
|
|
30
|
+
* attach a session token for rate-limiting or tracing.
|
|
31
|
+
*
|
|
32
|
+
* The `assertion` fields ship as base64url strings (matches WebAuthn's
|
|
33
|
+
* native shape from `navigator.credentials.get`), not base64 — the host's
|
|
34
|
+
* WebAuthn glue produces them already-encoded; the adapter passes them
|
|
35
|
+
* through verbatim.
|
|
36
|
+
*
|
|
37
|
+
* Browser-clean: `fetch` only.
|
|
38
|
+
*/
|
|
39
|
+
import type { PasskeyAssertion, ShareEnvelopePort, ShareUnwrapRequest } from './unwrapper.js';
|
|
40
|
+
export interface ShareEnvelopeHttpConfig {
|
|
41
|
+
/** Base URL of the Tenzro RPC node, e.g. `https://rpc.tenzro.network`. */
|
|
42
|
+
readonly baseUrl: string;
|
|
43
|
+
/** Optional `fetch` override for tests. */
|
|
44
|
+
readonly fetch?: typeof fetch;
|
|
45
|
+
/**
|
|
46
|
+
* Per-request headers. Optional — the routes are pre-auth, but a host
|
|
47
|
+
* may still want to attach `X-Trace-Id` or similar.
|
|
48
|
+
*/
|
|
49
|
+
readonly headers?: () => Promise<Record<string, string>> | Record<string, string>;
|
|
50
|
+
}
|
|
51
|
+
export declare class ShareEnvelopeHttpError extends Error {
|
|
52
|
+
readonly status: number;
|
|
53
|
+
readonly url: string;
|
|
54
|
+
readonly body: string;
|
|
55
|
+
constructor(status: number, url: string, body: string);
|
|
56
|
+
}
|
|
57
|
+
export declare class ShareEnvelopeHttpAdapter implements ShareEnvelopePort {
|
|
58
|
+
#private;
|
|
59
|
+
constructor(cfg: ShareEnvelopeHttpConfig);
|
|
60
|
+
fetchEnvelope(req: ShareUnwrapRequest): Promise<{
|
|
61
|
+
wrappedShare: Uint8Array;
|
|
62
|
+
alg: string;
|
|
63
|
+
salt: Uint8Array;
|
|
64
|
+
}>;
|
|
65
|
+
startEscrow(req: ShareUnwrapRequest): Promise<{
|
|
66
|
+
nonce: string;
|
|
67
|
+
expiresAt: number;
|
|
68
|
+
}>;
|
|
69
|
+
finishEscrow(req: ShareUnwrapRequest & {
|
|
70
|
+
readonly assertion: PasskeyAssertion;
|
|
71
|
+
readonly nonce: string;
|
|
72
|
+
}): Promise<{
|
|
73
|
+
wrappedShare: Uint8Array;
|
|
74
|
+
pepper: Uint8Array;
|
|
75
|
+
}>;
|
|
76
|
+
}
|
|
77
|
+
//# sourceMappingURL=http-adapter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-adapter.d.ts","sourceRoot":"","sources":["../../../src/custody/passkey-share/http-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAE9F,MAAM,WAAW,uBAAuB;IACtC,0EAA0E;IAC1E,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,2CAA2C;IAC3C,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IAC9B;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnF;AAED,qBAAa,sBAAuB,SAAQ,KAAK;IAE7C,QAAQ,CAAC,MAAM,EAAE,MAAM;IACvB,QAAQ,CAAC,GAAG,EAAE,MAAM;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM;gBAFZ,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM;CAKxB;AAkBD,qBAAa,wBAAyB,YAAW,iBAAiB;;gBAGpD,GAAG,EAAE,uBAAuB;IAIlC,aAAa,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC;QACpD,YAAY,EAAE,UAAU,CAAC;QACzB,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,UAAU,CAAC;KAClB,CAAC;IAcI,WAAW,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC;QAClD,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IASI,YAAY,CAChB,GAAG,EAAE,kBAAkB,GAAG;QACxB,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAC;QACrC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;KACxB,GACA,OAAO,CAAC;QAAE,YAAY,EAAE,UAAU,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAE,CAAC;CAuC7D"}
|
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ShareEnvelopeHttpAdapter — fetch-based driver against a Tenzro RPC
|
|
3
|
+
* node's `/wallet/share/*` endpoints. Implements the `ShareEnvelopePort`
|
|
4
|
+
* port; mirrors `FrostHttpAdapter`, `MlDsaHttpAdapter`, and
|
|
5
|
+
* `PairingHttpAdapter` for shape.
|
|
6
|
+
*
|
|
7
|
+
* Wire shape per `unwrapper.ts` header + DESIGN.md §4.3.5:
|
|
8
|
+
*
|
|
9
|
+
* GET /wallet/share/envelope?credential_id=…&surface_key=…&scheme=…
|
|
10
|
+
* reply = { wrapped_share_b64, alg, salt_b64 }
|
|
11
|
+
*
|
|
12
|
+
* POST /wallet/share/escrow/challenge
|
|
13
|
+
* body = { credential_id, surface_key, scheme }
|
|
14
|
+
* reply = { nonce, expires_at }
|
|
15
|
+
*
|
|
16
|
+
* POST /wallet/share/escrow/unwrap
|
|
17
|
+
* body = { credential_id, surface_key, scheme, nonce,
|
|
18
|
+
* assertion: { credential_id, client_data_json,
|
|
19
|
+
* authenticator_data, signature } }
|
|
20
|
+
* reply = { wrapped_share_b64, pepper_b64 }
|
|
21
|
+
*
|
|
22
|
+
* Bytes on the wire are standard base64 (RFC 4648 §4) — same convention
|
|
23
|
+
* the FROST + Canton adapters use. The `_b64` suffix is load-bearing.
|
|
24
|
+
*
|
|
25
|
+
* The `/wallet/share/*` endpoints are pre-auth: the envelope and escrow
|
|
26
|
+
* routes are authenticated by the passkey assertion in the body itself
|
|
27
|
+
* (escrow path) or by the credential id + surface-key tuple (envelope
|
|
28
|
+
* path; the wrapped share is useless without the PRF/largeBlob output).
|
|
29
|
+
* The optional `headers` callback exists for hosts that still want to
|
|
30
|
+
* attach a session token for rate-limiting or tracing.
|
|
31
|
+
*
|
|
32
|
+
* The `assertion` fields ship as base64url strings (matches WebAuthn's
|
|
33
|
+
* native shape from `navigator.credentials.get`), not base64 — the host's
|
|
34
|
+
* WebAuthn glue produces them already-encoded; the adapter passes them
|
|
35
|
+
* through verbatim.
|
|
36
|
+
*
|
|
37
|
+
* Browser-clean: `fetch` only.
|
|
38
|
+
*/
|
|
39
|
+
export class ShareEnvelopeHttpError extends Error {
|
|
40
|
+
status;
|
|
41
|
+
url;
|
|
42
|
+
body;
|
|
43
|
+
constructor(status, url, body) {
|
|
44
|
+
super(`share http ${status} on ${url}: ${body.length > 200 ? body.slice(0, 200) + '…' : body}`);
|
|
45
|
+
this.status = status;
|
|
46
|
+
this.url = url;
|
|
47
|
+
this.body = body;
|
|
48
|
+
this.name = 'ShareEnvelopeHttpError';
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
export class ShareEnvelopeHttpAdapter {
|
|
52
|
+
#cfg;
|
|
53
|
+
constructor(cfg) {
|
|
54
|
+
this.#cfg = cfg;
|
|
55
|
+
}
|
|
56
|
+
async fetchEnvelope(req) {
|
|
57
|
+
const qs = new URLSearchParams({
|
|
58
|
+
credential_id: req.credentialId,
|
|
59
|
+
surface_key: req.surfaceKeyId,
|
|
60
|
+
scheme: req.scheme,
|
|
61
|
+
});
|
|
62
|
+
const raw = await this.#request('GET', `envelope?${qs.toString()}`);
|
|
63
|
+
return {
|
|
64
|
+
wrappedShare: base64ToBytes(raw.wrapped_share_b64),
|
|
65
|
+
alg: raw.alg,
|
|
66
|
+
salt: base64ToBytes(raw.salt_b64),
|
|
67
|
+
};
|
|
68
|
+
}
|
|
69
|
+
async startEscrow(req) {
|
|
70
|
+
const raw = await this.#request('POST', 'escrow/challenge', {
|
|
71
|
+
credential_id: req.credentialId,
|
|
72
|
+
surface_key: req.surfaceKeyId,
|
|
73
|
+
scheme: req.scheme,
|
|
74
|
+
});
|
|
75
|
+
return { nonce: raw.nonce, expiresAt: raw.expires_at };
|
|
76
|
+
}
|
|
77
|
+
async finishEscrow(req) {
|
|
78
|
+
const raw = await this.#request('POST', 'escrow/unwrap', {
|
|
79
|
+
credential_id: req.credentialId,
|
|
80
|
+
surface_key: req.surfaceKeyId,
|
|
81
|
+
scheme: req.scheme,
|
|
82
|
+
nonce: req.nonce,
|
|
83
|
+
assertion: {
|
|
84
|
+
credential_id: req.assertion.credentialId,
|
|
85
|
+
client_data_json: req.assertion.clientDataJson,
|
|
86
|
+
authenticator_data: req.assertion.authenticatorData,
|
|
87
|
+
signature: req.assertion.signature,
|
|
88
|
+
},
|
|
89
|
+
});
|
|
90
|
+
return {
|
|
91
|
+
wrappedShare: base64ToBytes(raw.wrapped_share_b64),
|
|
92
|
+
pepper: base64ToBytes(raw.pepper_b64),
|
|
93
|
+
};
|
|
94
|
+
}
|
|
95
|
+
// --- internals ---
|
|
96
|
+
async #request(method, action, body) {
|
|
97
|
+
const f = this.#cfg.fetch ?? globalThis.fetch;
|
|
98
|
+
const url = this.#cfg.baseUrl.replace(/\/+$/, '') + `/wallet/share/${action}`;
|
|
99
|
+
const extraHeaders = this.#cfg.headers ? await this.#cfg.headers() : {};
|
|
100
|
+
const headers = { ...extraHeaders };
|
|
101
|
+
if (method === 'POST')
|
|
102
|
+
headers['content-type'] = 'application/json';
|
|
103
|
+
const res = await f(url, {
|
|
104
|
+
method,
|
|
105
|
+
headers,
|
|
106
|
+
...(method === 'POST' ? { body: JSON.stringify(body ?? {}) } : {}),
|
|
107
|
+
});
|
|
108
|
+
if (!res.ok) {
|
|
109
|
+
const text = await res.text().catch(() => '');
|
|
110
|
+
throw new ShareEnvelopeHttpError(res.status, url, text);
|
|
111
|
+
}
|
|
112
|
+
if (res.status === 204)
|
|
113
|
+
return undefined;
|
|
114
|
+
return (await res.json());
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
// ─── base64 helpers ───────────────────────────────────────────────────────
|
|
118
|
+
function base64ToBytes(b64) {
|
|
119
|
+
const bin = atob(b64);
|
|
120
|
+
const out = new Uint8Array(bin.length);
|
|
121
|
+
for (let i = 0; i < bin.length; i++)
|
|
122
|
+
out[i] = bin.charCodeAt(i);
|
|
123
|
+
return out;
|
|
124
|
+
}
|
|
125
|
+
//# sourceMappingURL=http-adapter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-adapter.js","sourceRoot":"","sources":["../../../src/custody/passkey-share/http-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAgBH,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAEpC;IACA;IACA;IAHX,YACW,MAAc,EACd,GAAW,EACX,IAAY;QAErB,KAAK,CAAC,cAAc,MAAM,OAAO,GAAG,KAAK,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAJvF,WAAM,GAAN,MAAM,CAAQ;QACd,QAAG,GAAH,GAAG,CAAQ;QACX,SAAI,GAAJ,IAAI,CAAQ;QAGrB,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AAkBD,MAAM,OAAO,wBAAwB;IAC1B,IAAI,CAA0B;IAEvC,YAAY,GAA4B;QACtC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAAuB;QAKzC,MAAM,EAAE,GAAG,IAAI,eAAe,CAAC;YAC7B,aAAa,EAAE,GAAG,CAAC,YAAY;YAC/B,WAAW,EAAE,GAAG,CAAC,YAAY;YAC7B,MAAM,EAAE,GAAG,CAAC,MAAM;SACnB,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAc,KAAK,EAAE,YAAY,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACjF,OAAO;YACL,YAAY,EAAE,aAAa,CAAC,GAAG,CAAC,iBAAiB,CAAC;YAClD,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC;SAClC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAuB;QAIvC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAe,MAAM,EAAE,kBAAkB,EAAE;YACxE,aAAa,EAAE,GAAG,CAAC,YAAY;YAC/B,WAAW,EAAE,GAAG,CAAC,YAAY;YAC7B,MAAM,EAAE,GAAG,CAAC,MAAM;SACnB,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,GAGC;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAkB,MAAM,EAAE,eAAe,EAAE;YACxE,aAAa,EAAE,GAAG,CAAC,YAAY;YAC/B,WAAW,EAAE,GAAG,CAAC,YAAY;YAC7B,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,SAAS,EAAE;gBACT,aAAa,EAAE,GAAG,CAAC,SAAS,CAAC,YAAY;gBACzC,gBAAgB,EAAE,GAAG,CAAC,SAAS,CAAC,cAAc;gBAC9C,kBAAkB,EAAE,GAAG,CAAC,SAAS,CAAC,iBAAiB;gBACnD,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,SAAS;aACnC;SACF,CAAC,CAAC;QACH,OAAO;YACL,YAAY,EAAE,aAAa,CAAC,GAAG,CAAC,iBAAiB,CAAC;YAClD,MAAM,EAAE,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC;SACtC,CAAC;IACJ,CAAC;IAED,oBAAoB;IAEpB,KAAK,CAAC,QAAQ,CAAO,MAAsB,EAAE,MAAc,EAAE,IAAc;QACzE,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,iBAAiB,MAAM,EAAE,CAAC;QAC9E,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxE,MAAM,OAAO,GAA2B,EAAE,GAAG,YAAY,EAAE,CAAC;QAC5D,IAAI,MAAM,KAAK,MAAM;YAAE,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;QACpE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,GAAG,EAAE;YACvB,MAAM;YACN,OAAO;YACP,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9C,MAAM,IAAI,sBAAsB,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,SAAiB,CAAC;QACjD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAS,CAAC;IACpC,CAAC;CACF;AAED,6EAA6E;AAE7E,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACtB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export { PasskeyShareUnwrapper } from './unwrapper.js';
|
|
2
|
+
export type { PasskeyShareUnwrapperOptions, ShareUnwrapMode, ShareUnwrapRequest, PasskeyCapabilities, PasskeyAuthenticatorAdapter, PasskeyAssertion, ShareEnvelopePort, FrostBackend, } from './unwrapper.js';
|
|
3
|
+
export { ShareEnvelopeHttpAdapter, ShareEnvelopeHttpError, } from './http-adapter.js';
|
|
4
|
+
export type { ShareEnvelopeHttpConfig } from './http-adapter.js';
|
|
5
|
+
export { WebAuthnAuthenticatorAdapter } from './webauthn-adapter.js';
|
|
6
|
+
export type { CredentialsContainer, PublicKeyCredentialLike, PublicKeyCredentialRequestOptionsLike, WebAuthnAdapterConfig, } from './webauthn-adapter.js';
|
|
7
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/custody/passkey-share/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AACvD,YAAY,EACV,4BAA4B,EAC5B,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACnB,2BAA2B,EAC3B,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,GACb,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,4BAA4B,EAAE,MAAM,uBAAuB,CAAC;AACrE,YAAY,EACV,oBAAoB,EACpB,uBAAuB,EACvB,qCAAqC,EACrC,qBAAqB,GACtB,MAAM,uBAAuB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/custody/passkey-share/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AAWvD,OAAO,EACL,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,4BAA4B,EAAE,MAAM,uBAAuB,CAAC"}
|