tenzro-wallet 0.1.0

package/dist/custody/passkey-share/unwrapper.d.ts

@@ -0,0 +1,174 @@
+/**
+ * PasskeyShareUnwrapper — turns a passkey assertion into a usable
+ * `FrostDeviceShareHolder` that the FROST drivers consume.
+ *
+ * Two strategies, selected at runtime by capability:
+ *
+ *   - PRF mode (preferred). Uses the WebAuthn PRF extension
+ *     (CTAP2.1 hmac-secret). The authenticator returns
+ *     `prfResults.first`, a 32-byte symmetric key that we use to
+ *     decrypt a server-stored share envelope. No additional Tenzro
+ *     round trip beyond fetching the wrapped envelope.
+ *
+ *   - largeBlob mode (preferred when prf unavailable but largeBlob is).
+ *     Reads the wrapped share directly from the passkey credential's
+ *     `largeBlob` storage; no Tenzro round trip at all (the envelope
+ *     ships with the passkey).
+ *
+ *   - Escrow mode (fallback for authenticators without PRF/largeBlob —
+ *     e.g. Apple's iOS 17- platform passkeys). The server holds the
+ *     share encrypted under a key derived from the assertion + a
+ *     Tenzro-issued pepper. Per assertion = per pepper, so each
+ *     unwrap is single-use and rate-limited by the node.
+ *
+ * Tenzro endpoints (Tenzro implements; wallet kernel only consumes):
+ *
+ *   PRF / largeBlob path:
+ *     1. `GET  /wallet/share/envelope?credentialId=...&surfaceKey=...`
+ *        Response: `{wrappedShare, alg, salt}`. `wrappedShare` is the
+ *        ciphertext over the FROST share `s_i`; the device unwraps it
+ *        with the PRF result (or the largeBlob blob).
+ *
+ *   Escrow path:
+ *     1. `POST /wallet/share/escrow/challenge`
+ *        Body: `{credentialId, surfaceKey}`.
+ *        Response: `{nonce, expiresAt}`.
+ *
+ *     2. `POST /wallet/share/escrow/unwrap`
+ *        Body: `{credentialId, surfaceKey, assertion, nonce}`.
+ *        The node verifies the assertion against the registered
+ *        passkey, then derives the per-assertion pepper and returns
+ *        `{wrappedShare, pepper}`. The device combines them to
+ *        recover `s_i`.
+ *
+ *   Both paths are single-use per round (the node binds the response
+ *   to the FROST `sessionId` once known).
+ *
+ * The unwrapper *itself* is browser-clean (`fetch` + WebCrypto). The
+ * authenticator interactions live above this layer in the host app's
+ * WebAuthn glue.
+ */
+import type { FrostDeviceShareHolder, FrostScheme } from '../frost/coordinator.js';
+export type ShareUnwrapMode = 'prf' | 'large-blob' | 'escrow';
+/**
+ * Capability bag advertised by the host's WebAuthn glue. The host
+ * decides at navigator level whether the authenticator supports PRF
+ * (CTAP2.1) and largeBlob (CTAP2.1+ extension). The unwrapper consumes
+ * these flags and falls back through the priority chain.
+ */
+export interface PasskeyCapabilities {
+    readonly prf: boolean;
+    readonly largeBlob: boolean;
+    /** Always true — escrow is the universal fallback. */
+    readonly escrow: true;
+}
+export interface ShareUnwrapRequest {
+    readonly credentialId: string;
+    readonly surfaceKeyId: string;
+    readonly scheme: FrostScheme;
+}
+/**
+ * Adapter the unwrapper calls into. Production implementation is the
+ * host's WebAuthn layer; tests inject a fake. None of the methods are
+ * required by every mode — the unwrapper checks capabilities first.
+ */
+export interface PasskeyAuthenticatorAdapter {
+    /** PRF mode: navigate the assertion ceremony with `prf` extension. */
+    prfAssertion?(req: ShareUnwrapRequest): Promise<{
+        readonly prfOutput: Uint8Array;
+        readonly assertion: PasskeyAssertion;
+    }>;
+    /** largeBlob mode: read the wrapped share blob from the credential. */
+    readLargeBlob?(req: ShareUnwrapRequest): Promise<{
+        readonly blob: Uint8Array;
+        readonly assertion: PasskeyAssertion;
+    }>;
+    /** Escrow mode: do an assertion ceremony with no extension. */
+    basicAssertion(req: ShareUnwrapRequest & {
+        readonly nonce: string;
+    }): Promise<PasskeyAssertion>;
+}
+/** Same wire shape as `pairing/port.ts` — duplicated here to avoid coupling. */
+export interface PasskeyAssertion {
+    readonly credentialId: string;
+    readonly clientDataJson: string;
+    readonly authenticatorData: string;
+    readonly signature: string;
+}
+/**
+ * Server transport. Implements the four `/wallet/share/*` endpoints
+ * documented in this file's header. Tenzro provides; kernel consumes.
+ */
+export interface ShareEnvelopePort {
+    /** GET /wallet/share/envelope */
+    fetchEnvelope(req: ShareUnwrapRequest): Promise<{
+        readonly wrappedShare: Uint8Array;
+        /** AEAD identifier — `aes-256-gcm` baseline for M5. */
+        readonly alg: string;
+        /** Salt used by the wrapping HKDF. */
+        readonly salt: Uint8Array;
+    }>;
+    /** POST /wallet/share/escrow/challenge */
+    startEscrow(req: ShareUnwrapRequest): Promise<{
+        readonly nonce: string;
+        readonly expiresAt: number;
+    }>;
+    /** POST /wallet/share/escrow/unwrap */
+    finishEscrow(req: ShareUnwrapRequest & {
+        readonly assertion: PasskeyAssertion;
+        readonly nonce: string;
+    }): Promise<{
+        readonly wrappedShare: Uint8Array;
+        readonly pepper: Uint8Array;
+    }>;
+}
+/**
+ * Builds a `FrostDeviceShareHolder` from a passkey assertion. The
+ * actual FROST commit/respond computation runs inside the device's
+ * FROST library, fed with the unwrapped share `s_i`.
+ *
+ * Production needs a real FROST library binding (zk-crypto WASM,
+ * frost-core, etc.) injected as `runFrost`. This module only
+ * orchestrates the unwrap → bind → dispose sequence, so the FROST
+ * library can be swapped without touching the kernel.
+ */
+export interface FrostBackend {
+    commit(args: {
+        share: Uint8Array;
+        scheme: FrostScheme;
+    }): Promise<Uint8Array>;
+    respond(args: {
+        readonly share: Uint8Array;
+        readonly scheme: FrostScheme;
+        readonly preimage: Uint8Array;
+        readonly groupCommitment: Uint8Array;
+        readonly signerSet: readonly string[];
+        readonly lambda: Uint8Array;
+    }): Promise<Uint8Array>;
+}
+export interface PasskeyShareUnwrapperOptions {
+    readonly capabilities: PasskeyCapabilities;
+    readonly authenticator: PasskeyAuthenticatorAdapter;
+    readonly envelope: ShareEnvelopePort;
+    readonly frost: FrostBackend;
+    /**
+     * Selects the symmetric-decrypt routine. WebCrypto is the default;
+     * tests inject a stub. Returns the raw share bytes.
+     */
+    readonly aeadDecrypt: (args: {
+        readonly key: Uint8Array;
+        readonly ciphertext: Uint8Array;
+        readonly alg: string;
+        readonly salt: Uint8Array;
+    }) => Promise<Uint8Array>;
+}
+export declare class PasskeyShareUnwrapper {
+    private readonly opts;
+    constructor(opts: PasskeyShareUnwrapperOptions);
+    /** Capability-driven mode selection. PRF > largeBlob > escrow. */
+    pickMode(): ShareUnwrapMode;
+    unwrap(req: ShareUnwrapRequest): Promise<FrostDeviceShareHolder>;
+    private unwrapShare;
+    private bindHolder;
+}
+//# sourceMappingURL=unwrapper.d.ts.map

package/dist/custody/passkey-share/unwrapper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"unwrapper.d.ts","sourceRoot":"","sources":["../../../src/custody/passkey-share/unwrapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEnF,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,YAAY,GAAG,QAAQ,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,sDAAsD;IACtD,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;CAC9B;AAED;;;;GAIG;AACH,MAAM,WAAW,2BAA2B;IAC1C,sEAAsE;IACtE,YAAY,CAAC,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC;QAC9C,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;QAC/B,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAC;KACtC,CAAC,CAAC;IACH,uEAAuE;IACvE,aAAa,CAAC,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC;QAC/C,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;QAC1B,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAC;KACtC,CAAC,CAAC;IACH,+DAA+D;IAC/D,cAAc,CAAC,GAAG,EAAE,kBAAkB,GAAG;QAAE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;CACjG;AAED,gFAAgF;AAChF,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,iCAAiC;IACjC,aAAa,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC;QAC9C,QAAQ,CAAC,YAAY,EAAE,UAAU,CAAC;QAClC,uDAAuD;QACvD,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,sCAAsC;QACtC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;KAC3B,CAAC,CAAC;IAEH,0CAA0C;IAC1C,WAAW,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC;QAC5C,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;KAC5B,CAAC,CAAC;IAEH,uCAAuC;IACvC,YAAY,CACV,GAAG,EAAE,kBAAkB,GAAG;QACxB,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAC;QACrC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;KACxB,GACA,OAAO,CAAC;QACT,QAAQ,CAAC,YAAY,EAAE,UAAU,CAAC;QAClC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;KAC7B,CAAC,CAAC;CACJ;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,UAAU,CAAC;QAAC,MAAM,EAAE,WAAW,CAAA;KAAE,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAC9E,OAAO,CAAC,IAAI,EAAE;QACZ,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;QAC3B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;QAC7B,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC;QAC9B,QAAQ,CAAC,eAAe,EAAE,UAAU,CAAC;QACrC,QAAQ,CAAC,SAAS,EAAE,SAAS,MAAM,EAAE,CAAC;QACtC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;KAC7B,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;CACzB;AAED,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,YAAY,EAAE,mBAAmB,CAAC;IAC3C,QAAQ,CAAC,aAAa,EAAE,2BAA2B,CAAC;IACpD,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAC7B;;;OAGG;IACH,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE;QAC3B,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC;QACzB,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;QAChC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;KAC3B,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;CAC3B;AAED,qBAAa,qBAAqB;IACpB,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,4BAA4B;IAE/D,kEAAkE;IAClE,QAAQ,IAAI,eAAe;IAUrB,MAAM,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,sBAAsB,CAAC;YAMxD,WAAW;IAuCzB,OAAO,CAAC,UAAU;CAqBnB"}

package/dist/custody/passkey-share/unwrapper.js

@@ -0,0 +1,132 @@
+/**
+ * PasskeyShareUnwrapper — turns a passkey assertion into a usable
+ * `FrostDeviceShareHolder` that the FROST drivers consume.
+ *
+ * Two strategies, selected at runtime by capability:
+ *
+ *   - PRF mode (preferred). Uses the WebAuthn PRF extension
+ *     (CTAP2.1 hmac-secret). The authenticator returns
+ *     `prfResults.first`, a 32-byte symmetric key that we use to
+ *     decrypt a server-stored share envelope. No additional Tenzro
+ *     round trip beyond fetching the wrapped envelope.
+ *
+ *   - largeBlob mode (preferred when prf unavailable but largeBlob is).
+ *     Reads the wrapped share directly from the passkey credential's
+ *     `largeBlob` storage; no Tenzro round trip at all (the envelope
+ *     ships with the passkey).
+ *
+ *   - Escrow mode (fallback for authenticators without PRF/largeBlob —
+ *     e.g. Apple's iOS 17- platform passkeys). The server holds the
+ *     share encrypted under a key derived from the assertion + a
+ *     Tenzro-issued pepper. Per assertion = per pepper, so each
+ *     unwrap is single-use and rate-limited by the node.
+ *
+ * Tenzro endpoints (Tenzro implements; wallet kernel only consumes):
+ *
+ *   PRF / largeBlob path:
+ *     1. `GET  /wallet/share/envelope?credentialId=...&surfaceKey=...`
+ *        Response: `{wrappedShare, alg, salt}`. `wrappedShare` is the
+ *        ciphertext over the FROST share `s_i`; the device unwraps it
+ *        with the PRF result (or the largeBlob blob).
+ *
+ *   Escrow path:
+ *     1. `POST /wallet/share/escrow/challenge`
+ *        Body: `{credentialId, surfaceKey}`.
+ *        Response: `{nonce, expiresAt}`.
+ *
+ *     2. `POST /wallet/share/escrow/unwrap`
+ *        Body: `{credentialId, surfaceKey, assertion, nonce}`.
+ *        The node verifies the assertion against the registered
+ *        passkey, then derives the per-assertion pepper and returns
+ *        `{wrappedShare, pepper}`. The device combines them to
+ *        recover `s_i`.
+ *
+ *   Both paths are single-use per round (the node binds the response
+ *   to the FROST `sessionId` once known).
+ *
+ * The unwrapper *itself* is browser-clean (`fetch` + WebCrypto). The
+ * authenticator interactions live above this layer in the host app's
+ * WebAuthn glue.
+ */
+export class PasskeyShareUnwrapper {
+    opts;
+    constructor(opts) {
+        this.opts = opts;
+    }
+    /** Capability-driven mode selection. PRF > largeBlob > escrow. */
+    pickMode() {
+        if (this.opts.capabilities.prf && this.opts.authenticator.prfAssertion) {
+            return 'prf';
+        }
+        if (this.opts.capabilities.largeBlob && this.opts.authenticator.readLargeBlob) {
+            return 'large-blob';
+        }
+        return 'escrow';
+    }
+    async unwrap(req) {
+        const mode = this.pickMode();
+        const share = await this.unwrapShare(mode, req);
+        return this.bindHolder(share, req.scheme);
+    }
+    async unwrapShare(mode, req) {
+        if (mode === 'prf') {
+            const { prfOutput } = await this.opts.authenticator.prfAssertion(req);
+            const env = await this.opts.envelope.fetchEnvelope(req);
+            return this.opts.aeadDecrypt({
+                key: prfOutput,
+                ciphertext: env.wrappedShare,
+                alg: env.alg,
+                salt: env.salt,
+            });
+        }
+        if (mode === 'large-blob') {
+            const { blob } = await this.opts.authenticator.readLargeBlob(req);
+            // The largeBlob carries the share already decrypted at provision
+            // time (the credential acts as the trust boundary). The blob is
+            // the share bytes; pass through.
+            return blob;
+        }
+        // escrow
+        const challenge = await this.opts.envelope.startEscrow(req);
+        const assertion = await this.opts.authenticator.basicAssertion({
+            ...req,
+            nonce: challenge.nonce,
+        });
+        const { wrappedShare, pepper } = await this.opts.envelope.finishEscrow({
+            ...req,
+            assertion,
+            nonce: challenge.nonce,
+        });
+        return this.opts.aeadDecrypt({
+            key: pepper,
+            ciphertext: wrappedShare,
+            alg: 'aes-256-gcm',
+            salt: new Uint8Array(0),
+        });
+    }
+    bindHolder(share, scheme) {
+        const { frost } = this.opts;
+        let disposed = false;
+        const wipe = () => {
+            if (disposed)
+                return;
+            share.fill(0);
+            disposed = true;
+        };
+        return {
+            scheme,
+            async commit() {
+                if (disposed)
+                    throw new Error('share holder already disposed');
+                return frost.commit({ share, scheme });
+            },
+            async respond(args) {
+                if (disposed)
+                    throw new Error('share holder already disposed');
+                return frost.respond({ share, scheme, ...args });
+            },
+            dispose: wipe,
+        };
+    }
+}
+//# sourceMappingURL=unwrapper.js.map

package/dist/custody/passkey-share/unwrapper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"unwrapper.js","sourceRoot":"","sources":["../../../src/custody/passkey-share/unwrapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AA4HH,MAAM,OAAO,qBAAqB;IACH;IAA7B,YAA6B,IAAkC;QAAlC,SAAI,GAAJ,IAAI,CAA8B;IAAG,CAAC;IAEnE,kEAAkE;IAClE,QAAQ;QACN,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YACvE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,CAAC;YAC9E,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAuB;QAClC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,IAAqB,EAAE,GAAuB;QACtE,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACnB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,YAAa,CAAC,GAAG,CAAC,CAAC;YACvE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;gBAC3B,GAAG,EAAE,SAAS;gBACd,UAAU,EAAE,GAAG,CAAC,YAAY;gBAC5B,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,IAAI,EAAE,GAAG,CAAC,IAAI;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;YAC1B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,aAAc,CAAC,GAAG,CAAC,CAAC;YACnE,iEAAiE;YACjE,gEAAgE;YAChE,iCAAiC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,SAAS;QACT,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAC5D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;YAC7D,GAAG,GAAG;YACN,KAAK,EAAE,SAAS,CAAC,KAAK;SACvB,CAAC,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;YACrE,GAAG,GAAG;YACN,SAAS;YACT,KAAK,EAAE,SAAS,CAAC,KAAK;SACvB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;YAC3B,GAAG,EAAE,MAAM;YACX,UAAU,EAAE,YAAY;YACxB,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC;SACxB,CAAC,CAAC;IACL,CAAC;IAEO,UAAU,CAAC,KAAiB,EAAE,MAAmB;QACvD,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC;QAC5B,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,MAAM,IAAI,GAAG,GAAG,EAAE;YAChB,IAAI,QAAQ;gBAAE,OAAO;YACrB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC,CAAC;QACF,OAAO;YACL,MAAM;YACN,KAAK,CAAC,MAAM;gBACV,IAAI,QAAQ;oBAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBAC/D,OAAO,KAAK,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YACzC,CAAC;YACD,KAAK,CAAC,OAAO,CAAC,IAAI;gBAChB,IAAI,QAAQ;oBAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBAC/D,OAAO,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;YACnD,CAAC;YACD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;CACF"}

package/dist/custody/passkey-share/webauthn-adapter.d.ts

@@ -0,0 +1,112 @@
+/**
+ * WebAuthnAuthenticatorAdapter — browser implementation of the
+ * `PasskeyAuthenticatorAdapter` port. Wraps `navigator.credentials.get`
+ * for the three modes the unwrapper consumes:
+ *
+ *   1. PRF (preferred). CTAP2.1 hmac-secret exposed through the WebAuthn
+ *      `prf` extension. Authenticator returns a 32-byte symmetric key
+ *      via `clientExtensionResults.prf.results.first` that the
+ *      unwrapper uses to AEAD-decrypt the wrapped FROST share.
+ *
+ *      `prf.eval.first` is set to a stable per-surface salt so the
+ *      authenticator-derived key is bound to a specific surface key.
+ *      Per WebAuthn L3 §10.1.4, the salt is hashed inside the
+ *      authenticator with a domain-separation prefix, so we don't
+ *      pre-hash here.
+ *
+ *   2. largeBlob. Read-mode call with `largeBlob: { read: true }`.
+ *      Returns the wrapped share blob. We don't write to largeBlob
+ *      here — that happens at provisioning time.
+ *
+ *   3. Basic assertion (escrow fallback). No extensions. The challenge
+ *      is the Tenzro-issued nonce so the assertion is replay-bound.
+ *
+ * All three paths surface the assertion in the same shape the
+ * `PasskeyAssertion` port expects (base64url strings — that's what the
+ * native browser API hands us already; we just rewrap the buffers).
+ *
+ * Browser-only. Importing this file in a Node environment is a host
+ * configuration mistake — the kernel itself never imports it. Keep all
+ * `navigator` access behind methods so the module file itself is safe
+ * to import for tree-shaking.
+ */
+import type { PasskeyAssertion, PasskeyAuthenticatorAdapter, ShareUnwrapRequest } from './unwrapper.js';
+export interface WebAuthnAdapterConfig {
+    /** Relying-party id (`rp.id`) — usually the wallet's apex domain. */
+    readonly rpId: string;
+    /**
+     * Resolves the salt fed to the PRF extension for a given surface key.
+     * Default: SHA-256 of `surfaceKeyId` UTF-8 bytes. Hosts wanting a
+     * versioned/rotation-safe scheme can override.
+     */
+    readonly prfSalt?: (req: ShareUnwrapRequest) => Promise<Uint8Array> | Uint8Array;
+    /**
+     * Override `navigator.credentials` for tests. In production, leave
+     * unset — the adapter reads `globalThis.navigator.credentials`.
+     */
+    readonly credentials?: CredentialsContainer;
+}
+/**
+ * Subset of `CredentialsContainer` we exercise. Mirrors the lib.dom
+ * shape so passing the real `navigator.credentials` works directly.
+ */
+export interface CredentialsContainer {
+    get(options: PublicKeyCredentialRequestOptionsLike): Promise<PublicKeyCredentialLike | null>;
+}
+/** Subset of `CredentialRequestOptions` we set. */
+export interface PublicKeyCredentialRequestOptionsLike {
+    publicKey: {
+        challenge: ArrayBuffer | Uint8Array;
+        rpId: string;
+        allowCredentials?: ReadonlyArray<{
+            id: ArrayBuffer | Uint8Array;
+            type: 'public-key';
+        }>;
+        userVerification?: 'required' | 'preferred' | 'discouraged';
+        extensions?: {
+            prf?: {
+                eval: {
+                    first: ArrayBuffer | Uint8Array;
+                };
+            };
+            largeBlob?: {
+                read?: boolean;
+            };
+        };
+    };
+}
+/** Subset of `PublicKeyCredential` + `AuthenticatorAssertionResponse` shape. */
+export interface PublicKeyCredentialLike {
+    rawId: ArrayBuffer;
+    response: {
+        clientDataJSON: ArrayBuffer;
+        authenticatorData: ArrayBuffer;
+        signature: ArrayBuffer;
+    };
+    getClientExtensionResults?(): {
+        prf?: {
+            results?: {
+                first?: ArrayBuffer;
+            };
+        };
+        largeBlob?: {
+            blob?: ArrayBuffer;
+        };
+    };
+}
+export declare class WebAuthnAuthenticatorAdapter implements PasskeyAuthenticatorAdapter {
+    #private;
+    constructor(cfg: WebAuthnAdapterConfig);
+    prfAssertion(req: ShareUnwrapRequest): Promise<{
+        prfOutput: Uint8Array;
+        assertion: PasskeyAssertion;
+    }>;
+    readLargeBlob(req: ShareUnwrapRequest): Promise<{
+        blob: Uint8Array;
+        assertion: PasskeyAssertion;
+    }>;
+    basicAssertion(req: ShareUnwrapRequest & {
+        readonly nonce: string;
+    }): Promise<PasskeyAssertion>;
+}
+//# sourceMappingURL=webauthn-adapter.d.ts.map

package/dist/custody/passkey-share/webauthn-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webauthn-adapter.d.ts","sourceRoot":"","sources":["../../../src/custody/passkey-share/webauthn-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,2BAA2B,EAC3B,kBAAkB,EACnB,MAAM,gBAAgB,CAAC;AAExB,MAAM,WAAW,qBAAqB;IACpC,qEAAqE;IACrE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,kBAAkB,KAAK,OAAO,CAAC,UAAU,CAAC,GAAG,UAAU,CAAC;IACjF;;;OAGG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,oBAAoB,CAAC;CAC7C;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,GAAG,CAAC,OAAO,EAAE,qCAAqC,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAAC;CAC9F;AAED,mDAAmD;AACnD,MAAM,WAAW,qCAAqC;IACpD,SAAS,EAAE;QACT,SAAS,EAAE,WAAW,GAAG,UAAU,CAAC;QACpC,IAAI,EAAE,MAAM,CAAC;QACb,gBAAgB,CAAC,EAAE,aAAa,CAAC;YAC/B,EAAE,EAAE,WAAW,GAAG,UAAU,CAAC;YAC7B,IAAI,EAAE,YAAY,CAAC;SACpB,CAAC,CAAC;QACH,gBAAgB,CAAC,EAAE,UAAU,GAAG,WAAW,GAAG,aAAa,CAAC;QAC5D,UAAU,CAAC,EAAE;YACX,GAAG,CAAC,EAAE;gBAAE,IAAI,EAAE;oBAAE,KAAK,EAAE,WAAW,GAAG,UAAU,CAAA;iBAAE,CAAA;aAAE,CAAC;YACpD,SAAS,CAAC,EAAE;gBAAE,IAAI,CAAC,EAAE,OAAO,CAAA;aAAE,CAAC;SAChC,CAAC;KACH,CAAC;CACH;AAED,gFAAgF;AAChF,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,WAAW,CAAC;IACnB,QAAQ,EAAE;QACR,cAAc,EAAE,WAAW,CAAC;QAC5B,iBAAiB,EAAE,WAAW,CAAC;QAC/B,SAAS,EAAE,WAAW,CAAC;KACxB,CAAC;IACF,yBAAyB,CAAC,IAAI;QAC5B,GAAG,CAAC,EAAE;YAAE,OAAO,CAAC,EAAE;gBAAE,KAAK,CAAC,EAAE,WAAW,CAAA;aAAE,CAAA;SAAE,CAAC;QAC5C,SAAS,CAAC,EAAE;YAAE,IAAI,CAAC,EAAE,WAAW,CAAA;SAAE,CAAC;KACpC,CAAC;CACH;AAED,qBAAa,4BAA6B,YAAW,2BAA2B;;gBAGlE,GAAG,EAAE,qBAAqB;IAIhC,YAAY,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC;QACnD,SAAS,EAAE,UAAU,CAAC;QACtB,SAAS,EAAE,gBAAgB,CAAC;KAC7B,CAAC;IA6BI,aAAa,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC;QACpD,IAAI,EAAE,UAAU,CAAC;QACjB,SAAS,EAAE,gBAAgB,CAAC;KAC7B,CAAC;IAkBI,cAAc,CAClB,GAAG,EAAE,kBAAkB,GAAG;QAAE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GACnD,OAAO,CAAC,gBAAgB,CAAC;CAsC7B"}

package/dist/custody/passkey-share/webauthn-adapter.js

@@ -0,0 +1,150 @@
+/**
+ * WebAuthnAuthenticatorAdapter — browser implementation of the
+ * `PasskeyAuthenticatorAdapter` port. Wraps `navigator.credentials.get`
+ * for the three modes the unwrapper consumes:
+ *
+ *   1. PRF (preferred). CTAP2.1 hmac-secret exposed through the WebAuthn
+ *      `prf` extension. Authenticator returns a 32-byte symmetric key
+ *      via `clientExtensionResults.prf.results.first` that the
+ *      unwrapper uses to AEAD-decrypt the wrapped FROST share.
+ *
+ *      `prf.eval.first` is set to a stable per-surface salt so the
+ *      authenticator-derived key is bound to a specific surface key.
+ *      Per WebAuthn L3 §10.1.4, the salt is hashed inside the
+ *      authenticator with a domain-separation prefix, so we don't
+ *      pre-hash here.
+ *
+ *   2. largeBlob. Read-mode call with `largeBlob: { read: true }`.
+ *      Returns the wrapped share blob. We don't write to largeBlob
+ *      here — that happens at provisioning time.
+ *
+ *   3. Basic assertion (escrow fallback). No extensions. The challenge
+ *      is the Tenzro-issued nonce so the assertion is replay-bound.
+ *
+ * All three paths surface the assertion in the same shape the
+ * `PasskeyAssertion` port expects (base64url strings — that's what the
+ * native browser API hands us already; we just rewrap the buffers).
+ *
+ * Browser-only. Importing this file in a Node environment is a host
+ * configuration mistake — the kernel itself never imports it. Keep all
+ * `navigator` access behind methods so the module file itself is safe
+ * to import for tree-shaking.
+ */
+export class WebAuthnAuthenticatorAdapter {
+    #cfg;
+    constructor(cfg) {
+        this.#cfg = cfg;
+    }
+    async prfAssertion(req) {
+        const salt = await this.#prfSalt(req);
+        // PRF binds to an authenticator-derived hmac key, so the WebAuthn
+        // challenge itself is independent of the salt. Use 32 random bytes
+        // to keep the assertion fresh; the unwrapper wraps the round in a
+        // server-issued envelope fetch so replay is bounded there.
+        const challenge = randomBytes(32);
+        const cred = await this.#get({
+            publicKey: {
+                challenge,
+                rpId: this.#cfg.rpId,
+                allowCredentials: [{ id: base64UrlDecode(req.credentialId), type: 'public-key' }],
+                userVerification: 'required',
+                extensions: { prf: { eval: { first: salt } } },
+            },
+        });
+        const ext = cred.getClientExtensionResults?.();
+        const first = ext?.prf?.results?.first;
+        if (!first) {
+            throw new Error('WebAuthn PRF unavailable on this credential — caller must fall back to escrow');
+        }
+        return {
+            prfOutput: new Uint8Array(first),
+            assertion: toAssertion(cred),
+        };
+    }
+    async readLargeBlob(req) {
+        const cred = await this.#get({
+            publicKey: {
+                challenge: randomBytes(32),
+                rpId: this.#cfg.rpId,
+                allowCredentials: [{ id: base64UrlDecode(req.credentialId), type: 'public-key' }],
+                userVerification: 'required',
+                extensions: { largeBlob: { read: true } },
+            },
+        });
+        const ext = cred.getClientExtensionResults?.();
+        const blob = ext?.largeBlob?.blob;
+        if (!blob) {
+            throw new Error('WebAuthn largeBlob read returned empty — caller must fall back to escrow');
+        }
+        return { blob: new Uint8Array(blob), assertion: toAssertion(cred) };
+    }
+    async basicAssertion(req) {
+        // Escrow path: server-issued nonce becomes the WebAuthn challenge,
+        // so the resulting signature is replay-bound to that nonce.
+        const cred = await this.#get({
+            publicKey: {
+                challenge: base64UrlDecode(req.nonce),
+                rpId: this.#cfg.rpId,
+                allowCredentials: [{ id: base64UrlDecode(req.credentialId), type: 'public-key' }],
+                userVerification: 'required',
+            },
+        });
+        return toAssertion(cred);
+    }
+    // --- internals ---
+    async #get(options) {
+        const creds = this.#cfg.credentials ??
+            globalThis.navigator
+                ?.credentials;
+        if (!creds) {
+            throw new Error('navigator.credentials unavailable — WebAuthnAuthenticatorAdapter requires a browser context');
+        }
+        const cred = await creds.get(options);
+        if (!cred)
+            throw new Error('WebAuthn assertion cancelled or returned null');
+        return cred;
+    }
+    async #prfSalt(req) {
+        if (this.#cfg.prfSalt) {
+            const out = await this.#cfg.prfSalt(req);
+            return out;
+        }
+        return defaultPrfSalt(req.surfaceKeyId);
+    }
+}
+// ─── helpers ──────────────────────────────────────────────────────────────
+function toAssertion(cred) {
+    return {
+        credentialId: base64UrlEncode(new Uint8Array(cred.rawId)),
+        clientDataJson: base64UrlEncode(new Uint8Array(cred.response.clientDataJSON)),
+        authenticatorData: base64UrlEncode(new Uint8Array(cred.response.authenticatorData)),
+        signature: base64UrlEncode(new Uint8Array(cred.response.signature)),
+    };
+}
+async function defaultPrfSalt(surfaceKeyId) {
+    const enc = new TextEncoder().encode(surfaceKeyId);
+    const digest = await crypto.subtle.digest('SHA-256', enc);
+    return new Uint8Array(digest);
+}
+function randomBytes(n) {
+    const out = new Uint8Array(n);
+    crypto.getRandomValues(out);
+    return out;
+}
+// base64url (RFC 4648 §5) — what WebAuthn naturally hands back.
+function base64UrlEncode(bytes) {
+    let s = '';
+    for (let i = 0; i < bytes.length; i++)
+        s += String.fromCharCode(bytes[i]);
+    return btoa(s).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+function base64UrlDecode(b64u) {
+    const pad = b64u.length % 4 === 0 ? '' : '='.repeat(4 - (b64u.length % 4));
+    const b64 = b64u.replace(/-/g, '+').replace(/_/g, '/') + pad;
+    const bin = atob(b64);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+//# sourceMappingURL=webauthn-adapter.js.map

package/dist/custody/passkey-share/webauthn-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webauthn-adapter.js","sourceRoot":"","sources":["../../../src/custody/passkey-share/webauthn-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AA+DH,MAAM,OAAO,4BAA4B;IAC9B,IAAI,CAAwB;IAErC,YAAY,GAA0B;QACpC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,GAAuB;QAIxC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACtC,kEAAkE;QAClE,mEAAmE;QACnE,kEAAkE;QAClE,2DAA2D;QAC3D,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC;YAC3B,SAAS,EAAE;gBACT,SAAS;gBACT,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;gBACpB,gBAAgB,EAAE,CAAC,EAAE,EAAE,EAAE,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;gBACjF,gBAAgB,EAAE,UAAU;gBAC5B,UAAU,EAAE,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE;aAC/C;SACF,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;QAC/C,MAAM,KAAK,GAAG,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC;QACvC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAC;QACJ,CAAC;QACD,OAAO;YACL,SAAS,EAAE,IAAI,UAAU,CAAC,KAAK,CAAC;YAChC,SAAS,EAAE,WAAW,CAAC,IAAI,CAAC;SAC7B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAAuB;QAIzC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC;YAC3B,SAAS,EAAE;gBACT,SAAS,EAAE,WAAW,CAAC,EAAE,CAAC;gBAC1B,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;gBACpB,gBAAgB,EAAE,CAAC,EAAE,EAAE,EAAE,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;gBACjF,gBAAgB,EAAE,UAAU;gBAC5B,UAAU,EAAE,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;aAC1C;SACF,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;QAC/C,MAAM,IAAI,GAAG,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC;QAClC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;QAC9F,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,GAAoD;QAEpD,mEAAmE;QACnE,4DAA4D;QAC5D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC;YAC3B,SAAS,EAAE;gBACT,SAAS,EAAE,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC;gBACrC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;gBACpB,gBAAgB,EAAE,CAAC,EAAE,EAAE,EAAE,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;gBACjF,gBAAgB,EAAE,UAAU;aAC7B;SACF,CAAC,CAAC;QACH,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED,oBAAoB;IAEpB,KAAK,CAAC,IAAI,CAAC,OAA8C;QACvD,MAAM,KAAK,GACT,IAAI,CAAC,IAAI,CAAC,WAAW;YACpB,UAAgF,CAAC,SAAS;gBACzF,EAAE,WAAW,CAAC;QAClB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAuB;QACpC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACzC,OAAO,GAAG,CAAC;QACb,CAAC;QACD,OAAO,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC1C,CAAC;CACF;AAED,6EAA6E;AAE7E,SAAS,WAAW,CAAC,IAA6B;IAChD,OAAO;QACL,YAAY,EAAE,eAAe,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzD,cAAc,EAAE,eAAe,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC7E,iBAAiB,EAAE,eAAe,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QACnF,SAAS,EAAE,eAAe,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;KACpE,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,YAAoB;IAChD,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAC1D,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IAC5B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,gEAAgE;AAChE,SAAS,eAAe,CAAC,KAAiB;IACxC,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;IAC3E,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,SAAS,eAAe,CAAC,IAAY;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;IAC3E,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC;IAC7D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACtB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/custody/surface-key-id.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Canonical wire identifier for a `SurfaceKey`. Used as the
+ * `surfaceKey` field on Tenzro custody endpoint payloads
+ * (`/wallet/frost/*`, `/wallet/mldsa/*`, etc.) so the node can find
+ * the correct share-set without the wallet shipping public-key bytes
+ * inline on every request.
+ *
+ * Convention:
+ *   - tenzro-native / svm-on-tenzro: `{surface}:{address}`
+ *   - evm-on-tenzro:                 `{surface}:{address}` (lower-case hex)
+ *   - canton-{internal,external}:    `{surface}:{partyId}`
+ */
+import type { SurfaceKey } from '../types/identity.js';
+export declare function surfaceKeyId(key: SurfaceKey): string;
+//# sourceMappingURL=surface-key-id.d.ts.map

package/dist/custody/surface-key-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"surface-key-id.d.ts","sourceRoot":"","sources":["../../src/custody/surface-key-id.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAEvD,wBAAgB,YAAY,CAAC,GAAG,EAAE,UAAU,GAAG,MAAM,CAWpD"}

package/dist/custody/surface-key-id.js

@@ -0,0 +1,25 @@
+/**
+ * Canonical wire identifier for a `SurfaceKey`. Used as the
+ * `surfaceKey` field on Tenzro custody endpoint payloads
+ * (`/wallet/frost/*`, `/wallet/mldsa/*`, etc.) so the node can find
+ * the correct share-set without the wallet shipping public-key bytes
+ * inline on every request.
+ *
+ * Convention:
+ *   - tenzro-native / svm-on-tenzro: `{surface}:{address}`
+ *   - evm-on-tenzro:                 `{surface}:{address}` (lower-case hex)
+ *   - canton-{internal,external}:    `{surface}:{partyId}`
+ */
+export function surfaceKeyId(key) {
+    switch (key.surface) {
+        case 'tenzro-native':
+        case 'svm-on-tenzro':
+            return `${key.surface}:${key.address}`;
+        case 'evm-on-tenzro':
+            return `${key.surface}:${key.address.toLowerCase()}`;
+        case 'canton-internal':
+        case 'canton-external':
+            return `${key.surface}:${key.partyId}`;
+    }
+}
+//# sourceMappingURL=surface-key-id.js.map

package/dist/custody/surface-key-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"surface-key-id.js","sourceRoot":"","sources":["../../src/custody/surface-key-id.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,MAAM,UAAU,YAAY,CAAC,GAAe;IAC1C,QAAQ,GAAG,CAAC,OAAO,EAAE,CAAC;QACpB,KAAK,eAAe,CAAC;QACrB,KAAK,eAAe;YAClB,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QACzC,KAAK,eAAe;YAClB,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;QACvD,KAAK,iBAAiB,CAAC;QACvB,KAAK,iBAAiB;YACpB,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;IAC3C,CAAC;AACH,CAAC"}