tenzro-wallet 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/README.md +128 -0
- package/dist/balance/aggregator.d.ts +16 -0
- package/dist/balance/aggregator.d.ts.map +1 -0
- package/dist/balance/aggregator.js +73 -0
- package/dist/balance/aggregator.js.map +1 -0
- package/dist/balance/index.d.ts +3 -0
- package/dist/balance/index.d.ts.map +1 -0
- package/dist/balance/index.js +2 -0
- package/dist/balance/index.js.map +1 -0
- package/dist/consent/index.d.ts +3 -0
- package/dist/consent/index.d.ts.map +1 -0
- package/dist/consent/index.js +2 -0
- package/dist/consent/index.js.map +1 -0
- package/dist/consent/policy.d.ts +27 -0
- package/dist/consent/policy.d.ts.map +1 -0
- package/dist/consent/policy.js +121 -0
- package/dist/consent/policy.js.map +1 -0
- package/dist/crypto/eip1559.d.ts +53 -0
- package/dist/crypto/eip1559.d.ts.map +1 -0
- package/dist/crypto/eip1559.js +79 -0
- package/dist/crypto/eip1559.js.map +1 -0
- package/dist/crypto/keccak256.d.ts +20 -0
- package/dist/crypto/keccak256.d.ts.map +1 -0
- package/dist/crypto/keccak256.js +167 -0
- package/dist/crypto/keccak256.js.map +1 -0
- package/dist/crypto/rlp.d.ts +30 -0
- package/dist/crypto/rlp.d.ts.map +1 -0
- package/dist/crypto/rlp.js +165 -0
- package/dist/crypto/rlp.js.map +1 -0
- package/dist/crypto/sha256.d.ts +14 -0
- package/dist/crypto/sha256.d.ts.map +1 -0
- package/dist/crypto/sha256.js +33 -0
- package/dist/crypto/sha256.js.map +1 -0
- package/dist/crypto/solana.d.ts +86 -0
- package/dist/crypto/solana.d.ts.map +1 -0
- package/dist/crypto/solana.js +218 -0
- package/dist/crypto/solana.js.map +1 -0
- package/dist/custody/frost/backend.d.ts +59 -0
- package/dist/custody/frost/backend.d.ts.map +1 -0
- package/dist/custody/frost/backend.js +83 -0
- package/dist/custody/frost/backend.js.map +1 -0
- package/dist/custody/frost/coordinator.d.ts +148 -0
- package/dist/custody/frost/coordinator.d.ts.map +1 -0
- package/dist/custody/frost/coordinator.js +58 -0
- package/dist/custody/frost/coordinator.js.map +1 -0
- package/dist/custody/frost/ed25519-driver.d.ts +30 -0
- package/dist/custody/frost/ed25519-driver.d.ts.map +1 -0
- package/dist/custody/frost/ed25519-driver.js +76 -0
- package/dist/custody/frost/ed25519-driver.js.map +1 -0
- package/dist/custody/frost/http-adapter.d.ts +77 -0
- package/dist/custody/frost/http-adapter.d.ts.map +1 -0
- package/dist/custody/frost/http-adapter.js +168 -0
- package/dist/custody/frost/http-adapter.js.map +1 -0
- package/dist/custody/frost/hybrid-driver.d.ts +37 -0
- package/dist/custody/frost/hybrid-driver.d.ts.map +1 -0
- package/dist/custody/frost/hybrid-driver.js +60 -0
- package/dist/custody/frost/hybrid-driver.js.map +1 -0
- package/dist/custody/frost/index.d.ts +12 -0
- package/dist/custody/frost/index.d.ts.map +1 -0
- package/dist/custody/frost/index.js +6 -0
- package/dist/custody/frost/index.js.map +1 -0
- package/dist/custody/frost/secp256k1-driver.d.ts +26 -0
- package/dist/custody/frost/secp256k1-driver.d.ts.map +1 -0
- package/dist/custody/frost/secp256k1-driver.js +78 -0
- package/dist/custody/frost/secp256k1-driver.js.map +1 -0
- package/dist/custody/index.d.ts +9 -0
- package/dist/custody/index.d.ts.map +1 -0
- package/dist/custody/index.js +11 -0
- package/dist/custody/index.js.map +1 -0
- package/dist/custody/internal-mpc.d.ts +14 -0
- package/dist/custody/internal-mpc.d.ts.map +1 -0
- package/dist/custody/internal-mpc.js +40 -0
- package/dist/custody/internal-mpc.js.map +1 -0
- package/dist/custody/mldsa/coordinator.d.ts +63 -0
- package/dist/custody/mldsa/coordinator.d.ts.map +1 -0
- package/dist/custody/mldsa/coordinator.js +44 -0
- package/dist/custody/mldsa/coordinator.js.map +1 -0
- package/dist/custody/mldsa/driver.d.ts +23 -0
- package/dist/custody/mldsa/driver.d.ts.map +1 -0
- package/dist/custody/mldsa/driver.js +43 -0
- package/dist/custody/mldsa/driver.js.map +1 -0
- package/dist/custody/mldsa/http-adapter.d.ts +59 -0
- package/dist/custody/mldsa/http-adapter.d.ts.map +1 -0
- package/dist/custody/mldsa/http-adapter.js +103 -0
- package/dist/custody/mldsa/http-adapter.js.map +1 -0
- package/dist/custody/mldsa/index.d.ts +7 -0
- package/dist/custody/mldsa/index.d.ts.map +1 -0
- package/dist/custody/mldsa/index.js +4 -0
- package/dist/custody/mldsa/index.js.map +1 -0
- package/dist/custody/pairing/http-adapter.d.ts +40 -0
- package/dist/custody/pairing/http-adapter.d.ts.map +1 -0
- package/dist/custody/pairing/http-adapter.js +113 -0
- package/dist/custody/pairing/http-adapter.js.map +1 -0
- package/dist/custody/pairing/index.d.ts +10 -0
- package/dist/custody/pairing/index.d.ts.map +1 -0
- package/dist/custody/pairing/index.js +8 -0
- package/dist/custody/pairing/index.js.map +1 -0
- package/dist/custody/pairing/port.d.ts +121 -0
- package/dist/custody/pairing/port.d.ts.map +1 -0
- package/dist/custody/pairing/port.js +40 -0
- package/dist/custody/pairing/port.js.map +1 -0
- package/dist/custody/passkey-share/http-adapter.d.ts +77 -0
- package/dist/custody/passkey-share/http-adapter.d.ts.map +1 -0
- package/dist/custody/passkey-share/http-adapter.js +125 -0
- package/dist/custody/passkey-share/http-adapter.js.map +1 -0
- package/dist/custody/passkey-share/index.d.ts +7 -0
- package/dist/custody/passkey-share/index.d.ts.map +1 -0
- package/dist/custody/passkey-share/index.js +4 -0
- package/dist/custody/passkey-share/index.js.map +1 -0
- package/dist/custody/passkey-share/unwrapper.d.ts +174 -0
- package/dist/custody/passkey-share/unwrapper.d.ts.map +1 -0
- package/dist/custody/passkey-share/unwrapper.js +132 -0
- package/dist/custody/passkey-share/unwrapper.js.map +1 -0
- package/dist/custody/passkey-share/webauthn-adapter.d.ts +112 -0
- package/dist/custody/passkey-share/webauthn-adapter.d.ts.map +1 -0
- package/dist/custody/passkey-share/webauthn-adapter.js +150 -0
- package/dist/custody/passkey-share/webauthn-adapter.js.map +1 -0
- package/dist/custody/surface-key-id.d.ts +15 -0
- package/dist/custody/surface-key-id.d.ts.map +1 -0
- package/dist/custody/surface-key-id.js +25 -0
- package/dist/custody/surface-key-id.js.map +1 -0
- package/dist/dapp/eip6963.d.ts +64 -0
- package/dist/dapp/eip6963.d.ts.map +1 -0
- package/dist/dapp/eip6963.js +55 -0
- package/dist/dapp/eip6963.js.map +1 -0
- package/dist/dapp/index.d.ts +21 -0
- package/dist/dapp/index.d.ts.map +1 -0
- package/dist/dapp/index.js +24 -0
- package/dist/dapp/index.js.map +1 -0
- package/dist/identity/delegate-set.d.ts +57 -0
- package/dist/identity/delegate-set.d.ts.map +1 -0
- package/dist/identity/delegate-set.js +85 -0
- package/dist/identity/delegate-set.js.map +1 -0
- package/dist/identity/did.d.ts +17 -0
- package/dist/identity/did.d.ts.map +1 -0
- package/dist/identity/did.js +60 -0
- package/dist/identity/did.js.map +1 -0
- package/dist/identity/index.d.ts +14 -0
- package/dist/identity/index.d.ts.map +1 -0
- package/dist/identity/index.js +8 -0
- package/dist/identity/index.js.map +1 -0
- package/dist/identity/provision.d.ts +13 -0
- package/dist/identity/provision.d.ts.map +1 -0
- package/dist/identity/provision.js +151 -0
- package/dist/identity/provision.js.map +1 -0
- package/dist/identity/provisioning-http-adapter.d.ts +81 -0
- package/dist/identity/provisioning-http-adapter.d.ts.map +1 -0
- package/dist/identity/provisioning-http-adapter.js +114 -0
- package/dist/identity/provisioning-http-adapter.js.map +1 -0
- package/dist/identity/recovery-http-adapter.d.ts +83 -0
- package/dist/identity/recovery-http-adapter.d.ts.map +1 -0
- package/dist/identity/recovery-http-adapter.js +139 -0
- package/dist/identity/recovery-http-adapter.js.map +1 -0
- package/dist/identity/wallet-new.d.ts +132 -0
- package/dist/identity/wallet-new.d.ts.map +1 -0
- package/dist/identity/wallet-new.js +94 -0
- package/dist/identity/wallet-new.js.map +1 -0
- package/dist/identity/wallet-recover.d.ts +116 -0
- package/dist/identity/wallet-recover.d.ts.map +1 -0
- package/dist/identity/wallet-recover.js +95 -0
- package/dist/identity/wallet-recover.js.map +1 -0
- package/dist/index.d.ts +12 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +11 -0
- package/dist/index.js.map +1 -0
- package/dist/kernel.d.ts +119 -0
- package/dist/kernel.d.ts.map +1 -0
- package/dist/kernel.js +144 -0
- package/dist/kernel.js.map +1 -0
- package/dist/ports/adapters/tenzro-identity-adapter.d.ts +44 -0
- package/dist/ports/adapters/tenzro-identity-adapter.d.ts.map +1 -0
- package/dist/ports/adapters/tenzro-identity-adapter.js +60 -0
- package/dist/ports/adapters/tenzro-identity-adapter.js.map +1 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.d.ts +86 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.d.ts.map +1 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.js +100 -0
- package/dist/ports/adapters/tenzro-sdk-adapter.js.map +1 -0
- package/dist/ports/agent/acp.d.ts +66 -0
- package/dist/ports/agent/acp.d.ts.map +1 -0
- package/dist/ports/agent/acp.js +27 -0
- package/dist/ports/agent/acp.js.map +1 -0
- package/dist/ports/agent/adapters/acp-adapter.d.ts +67 -0
- package/dist/ports/agent/adapters/acp-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/acp-adapter.js +70 -0
- package/dist/ports/agent/adapters/acp-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.d.ts +31 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.js +82 -0
- package/dist/ports/agent/adapters/agent-bond-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.d.ts +66 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.js +75 -0
- package/dist/ports/agent/adapters/agent-payment-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/ap2-adapter.d.ts +28 -0
- package/dist/ports/agent/adapters/ap2-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/ap2-adapter.js +97 -0
- package/dist/ports/agent/adapters/ap2-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.d.ts +26 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.js +37 -0
- package/dist/ports/agent/adapters/auth-approval-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/erc7802-adapter.d.ts +30 -0
- package/dist/ports/agent/adapters/erc7802-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/erc7802-adapter.js +60 -0
- package/dist/ports/agent/adapters/erc7802-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/erc8004-adapter.d.ts +54 -0
- package/dist/ports/agent/adapters/erc8004-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/erc8004-adapter.js +53 -0
- package/dist/ports/agent/adapters/erc8004-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/escrow-adapter.d.ts +33 -0
- package/dist/ports/agent/adapters/escrow-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/escrow-adapter.js +109 -0
- package/dist/ports/agent/adapters/escrow-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.d.ts +31 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.js +103 -0
- package/dist/ports/agent/adapters/fee-estimator-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.d.ts +68 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.js +131 -0
- package/dist/ports/agent/adapters/htlc-escrow-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/insurance-adapter.d.ts +32 -0
- package/dist/ports/agent/adapters/insurance-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/insurance-adapter.js +103 -0
- package/dist/ports/agent/adapters/insurance-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.d.ts +26 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.js +136 -0
- package/dist/ports/agent/adapters/lifecycle-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.d.ts +62 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.js +76 -0
- package/dist/ports/agent/adapters/nanopayment-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.d.ts +67 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.js +108 -0
- package/dist/ports/agent/adapters/payment-rails-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.d.ts +23 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.js +156 -0
- package/dist/ports/agent/adapters/principal-chain-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/session-key-adapter.d.ts +45 -0
- package/dist/ports/agent/adapters/session-key-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/session-key-adapter.js +80 -0
- package/dist/ports/agent/adapters/session-key-adapter.js.map +1 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.d.ts +32 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.d.ts.map +1 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.js +38 -0
- package/dist/ports/agent/adapters/tee-attestation-adapter.js.map +1 -0
- package/dist/ports/agent/agent-bond.d.ts +80 -0
- package/dist/ports/agent/agent-bond.d.ts.map +1 -0
- package/dist/ports/agent/agent-bond.js +23 -0
- package/dist/ports/agent/agent-bond.js.map +1 -0
- package/dist/ports/agent/agent-payment.d.ts +72 -0
- package/dist/ports/agent/agent-payment.d.ts.map +1 -0
- package/dist/ports/agent/agent-payment.js +17 -0
- package/dist/ports/agent/agent-payment.js.map +1 -0
- package/dist/ports/agent/ap2.d.ts +104 -0
- package/dist/ports/agent/ap2.d.ts.map +1 -0
- package/dist/ports/agent/ap2.js +22 -0
- package/dist/ports/agent/ap2.js.map +1 -0
- package/dist/ports/agent/auth-approval.d.ts +40 -0
- package/dist/ports/agent/auth-approval.d.ts.map +1 -0
- package/dist/ports/agent/auth-approval.js +23 -0
- package/dist/ports/agent/auth-approval.js.map +1 -0
- package/dist/ports/agent/erc7802.d.ts +94 -0
- package/dist/ports/agent/erc7802.d.ts.map +1 -0
- package/dist/ports/agent/erc7802.js +30 -0
- package/dist/ports/agent/erc7802.js.map +1 -0
- package/dist/ports/agent/erc8004.d.ts +57 -0
- package/dist/ports/agent/erc8004.d.ts.map +1 -0
- package/dist/ports/agent/erc8004.js +20 -0
- package/dist/ports/agent/erc8004.js.map +1 -0
- package/dist/ports/agent/escrow.d.ts +74 -0
- package/dist/ports/agent/escrow.d.ts.map +1 -0
- package/dist/ports/agent/escrow.js +18 -0
- package/dist/ports/agent/escrow.js.map +1 -0
- package/dist/ports/agent/fee-estimator.d.ts +71 -0
- package/dist/ports/agent/fee-estimator.d.ts.map +1 -0
- package/dist/ports/agent/fee-estimator.js +21 -0
- package/dist/ports/agent/fee-estimator.js.map +1 -0
- package/dist/ports/agent/htlc-escrow.d.ts +94 -0
- package/dist/ports/agent/htlc-escrow.d.ts.map +1 -0
- package/dist/ports/agent/htlc-escrow.js +25 -0
- package/dist/ports/agent/htlc-escrow.js.map +1 -0
- package/dist/ports/agent/index.d.ts +58 -0
- package/dist/ports/agent/index.d.ts.map +1 -0
- package/dist/ports/agent/index.js +24 -0
- package/dist/ports/agent/index.js.map +1 -0
- package/dist/ports/agent/insurance.d.ts +65 -0
- package/dist/ports/agent/insurance.d.ts.map +1 -0
- package/dist/ports/agent/insurance.js +18 -0
- package/dist/ports/agent/insurance.js.map +1 -0
- package/dist/ports/agent/lifecycle.d.ts +69 -0
- package/dist/ports/agent/lifecycle.d.ts.map +1 -0
- package/dist/ports/agent/lifecycle.js +17 -0
- package/dist/ports/agent/lifecycle.js.map +1 -0
- package/dist/ports/agent/nanopayment.d.ts +72 -0
- package/dist/ports/agent/nanopayment.d.ts.map +1 -0
- package/dist/ports/agent/nanopayment.js +16 -0
- package/dist/ports/agent/nanopayment.js.map +1 -0
- package/dist/ports/agent/payment-rails.d.ts +140 -0
- package/dist/ports/agent/payment-rails.d.ts.map +1 -0
- package/dist/ports/agent/payment-rails.js +25 -0
- package/dist/ports/agent/payment-rails.js.map +1 -0
- package/dist/ports/agent/principal-chain.d.ts +95 -0
- package/dist/ports/agent/principal-chain.d.ts.map +1 -0
- package/dist/ports/agent/principal-chain.js +16 -0
- package/dist/ports/agent/principal-chain.js.map +1 -0
- package/dist/ports/agent/session-key.d.ts +94 -0
- package/dist/ports/agent/session-key.d.ts.map +1 -0
- package/dist/ports/agent/session-key.js +31 -0
- package/dist/ports/agent/session-key.js.map +1 -0
- package/dist/ports/agent/tee-attestation.d.ts +51 -0
- package/dist/ports/agent/tee-attestation.d.ts.map +1 -0
- package/dist/ports/agent/tee-attestation.js +28 -0
- package/dist/ports/agent/tee-attestation.js.map +1 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.d.ts +47 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.js +144 -0
- package/dist/ports/bridge/adapters/bridge-adapter-base.js.map +1 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.d.ts +30 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.js +31 -0
- package/dist/ports/bridge/adapters/canton-bridge-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/ccip-adapter.d.ts +30 -0
- package/dist/ports/bridge/adapters/ccip-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/ccip-adapter.js +31 -0
- package/dist/ports/bridge/adapters/ccip-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/debridge-adapter.d.ts +27 -0
- package/dist/ports/bridge/adapters/debridge-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/debridge-adapter.js +28 -0
- package/dist/ports/bridge/adapters/debridge-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.d.ts +30 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.js +31 -0
- package/dist/ports/bridge/adapters/layerzero-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/lifi-adapter.d.ts +48 -0
- package/dist/ports/bridge/adapters/lifi-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/lifi-adapter.js +49 -0
- package/dist/ports/bridge/adapters/lifi-adapter.js.map +1 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.d.ts +26 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.d.ts.map +1 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.js +27 -0
- package/dist/ports/bridge/adapters/wormhole-adapter.js.map +1 -0
- package/dist/ports/bridge/bridge.d.ts +123 -0
- package/dist/ports/bridge/bridge.d.ts.map +1 -0
- package/dist/ports/bridge/bridge.js +20 -0
- package/dist/ports/bridge/bridge.js.map +1 -0
- package/dist/ports/bridge/index.d.ts +13 -0
- package/dist/ports/bridge/index.d.ts.map +1 -0
- package/dist/ports/bridge/index.js +11 -0
- package/dist/ports/bridge/index.js.map +1 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.d.ts +52 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.d.ts.map +1 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.js +232 -0
- package/dist/ports/canton/adapters/ledger-api-adapter.js.map +1 -0
- package/dist/ports/canton/canton-identity.d.ts +60 -0
- package/dist/ports/canton/canton-identity.d.ts.map +1 -0
- package/dist/ports/canton/canton-identity.js +28 -0
- package/dist/ports/canton/canton-identity.js.map +1 -0
- package/dist/ports/canton/canton-validator.d.ts +182 -0
- package/dist/ports/canton/canton-validator.d.ts.map +1 -0
- package/dist/ports/canton/canton-validator.js +39 -0
- package/dist/ports/canton/canton-validator.js.map +1 -0
- package/dist/ports/canton/fingerprint.d.ts +24 -0
- package/dist/ports/canton/fingerprint.d.ts.map +1 -0
- package/dist/ports/canton/fingerprint.js +31 -0
- package/dist/ports/canton/fingerprint.js.map +1 -0
- package/dist/ports/canton/hash.d.ts +37 -0
- package/dist/ports/canton/hash.d.ts.map +1 -0
- package/dist/ports/canton/hash.js +68 -0
- package/dist/ports/canton/hash.js.map +1 -0
- package/dist/ports/canton/http.d.ts +64 -0
- package/dist/ports/canton/http.d.ts.map +1 -0
- package/dist/ports/canton/http.js +177 -0
- package/dist/ports/canton/http.js.map +1 -0
- package/dist/ports/cross-vm.d.ts +79 -0
- package/dist/ports/cross-vm.d.ts.map +1 -0
- package/dist/ports/cross-vm.js +81 -0
- package/dist/ports/cross-vm.js.map +1 -0
- package/dist/ports/index.d.ts +18 -0
- package/dist/ports/index.d.ts.map +1 -0
- package/dist/ports/index.js +11 -0
- package/dist/ports/index.js.map +1 -0
- package/dist/ports/tenzro-identity.d.ts +29 -0
- package/dist/ports/tenzro-identity.d.ts.map +1 -0
- package/dist/ports/tenzro-identity.js +19 -0
- package/dist/ports/tenzro-identity.js.map +1 -0
- package/dist/ports/tenzro-rpc.d.ts +79 -0
- package/dist/ports/tenzro-rpc.d.ts.map +1 -0
- package/dist/ports/tenzro-rpc.js +21 -0
- package/dist/ports/tenzro-rpc.js.map +1 -0
- package/dist/router/index.d.ts +3 -0
- package/dist/router/index.d.ts.map +1 -0
- package/dist/router/index.js +2 -0
- package/dist/router/index.js.map +1 -0
- package/dist/router/route.d.ts +17 -0
- package/dist/router/route.d.ts.map +1 -0
- package/dist/router/route.js +78 -0
- package/dist/router/route.js.map +1 -0
- package/dist/settlement/nanopayment-flow.d.ts +48 -0
- package/dist/settlement/nanopayment-flow.d.ts.map +1 -0
- package/dist/settlement/nanopayment-flow.js +111 -0
- package/dist/settlement/nanopayment-flow.js.map +1 -0
- package/dist/surfaces/canton-external.d.ts +43 -0
- package/dist/surfaces/canton-external.d.ts.map +1 -0
- package/dist/surfaces/canton-external.js +252 -0
- package/dist/surfaces/canton-external.js.map +1 -0
- package/dist/surfaces/canton-internal.d.ts +34 -0
- package/dist/surfaces/canton-internal.d.ts.map +1 -0
- package/dist/surfaces/canton-internal.js +163 -0
- package/dist/surfaces/canton-internal.js.map +1 -0
- package/dist/surfaces/canton-onboarding.d.ts +64 -0
- package/dist/surfaces/canton-onboarding.d.ts.map +1 -0
- package/dist/surfaces/canton-onboarding.js +113 -0
- package/dist/surfaces/canton-onboarding.js.map +1 -0
- package/dist/surfaces/evm-on-tenzro.d.ts +29 -0
- package/dist/surfaces/evm-on-tenzro.d.ts.map +1 -0
- package/dist/surfaces/evm-on-tenzro.js +226 -0
- package/dist/surfaces/evm-on-tenzro.js.map +1 -0
- package/dist/surfaces/index.d.ts +13 -0
- package/dist/surfaces/index.d.ts.map +1 -0
- package/dist/surfaces/index.js +7 -0
- package/dist/surfaces/index.js.map +1 -0
- package/dist/surfaces/svm-on-tenzro.d.ts +24 -0
- package/dist/surfaces/svm-on-tenzro.d.ts.map +1 -0
- package/dist/surfaces/svm-on-tenzro.js +238 -0
- package/dist/surfaces/svm-on-tenzro.js.map +1 -0
- package/dist/surfaces/tenzro-native.d.ts +45 -0
- package/dist/surfaces/tenzro-native.d.ts.map +1 -0
- package/dist/surfaces/tenzro-native.js +299 -0
- package/dist/surfaces/tenzro-native.js.map +1 -0
- package/dist/surfaces/util.d.ts +18 -0
- package/dist/surfaces/util.d.ts.map +1 -0
- package/dist/surfaces/util.js +36 -0
- package/dist/surfaces/util.js.map +1 -0
- package/dist/types/asset.d.ts +43 -0
- package/dist/types/asset.d.ts.map +1 -0
- package/dist/types/asset.js +13 -0
- package/dist/types/asset.js.map +1 -0
- package/dist/types/consent.d.ts +46 -0
- package/dist/types/consent.d.ts.map +1 -0
- package/dist/types/consent.js +18 -0
- package/dist/types/consent.js.map +1 -0
- package/dist/types/identity.d.ts +115 -0
- package/dist/types/identity.d.ts.map +1 -0
- package/dist/types/identity.js +12 -0
- package/dist/types/identity.js.map +1 -0
- package/dist/types/index.d.ts +10 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +3 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/intent.d.ts +132 -0
- package/dist/types/intent.d.ts.map +1 -0
- package/dist/types/intent.js +8 -0
- package/dist/types/intent.js.map +1 -0
- package/dist/types/signing-driver.d.ts +48 -0
- package/dist/types/signing-driver.d.ts.map +1 -0
- package/dist/types/signing-driver.js +9 -0
- package/dist/types/signing-driver.js.map +1 -0
- package/dist/types/surface-module.d.ts +38 -0
- package/dist/types/surface-module.d.ts.map +1 -0
- package/dist/types/surface-module.js +19 -0
- package/dist/types/surface-module.js.map +1 -0
- package/dist/types/surface.d.ts +17 -0
- package/dist/types/surface.d.ts.map +1 -0
- package/dist/types/surface.js +28 -0
- package/dist/types/surface.js.map +1 -0
- package/package.json +84 -0
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ProvisioningHttpAdapter — fetch-based driver against a Tenzro RPC node's
|
|
3
|
+
* `/wallet/new/*` endpoints. Implements `ProvisioningPort`; mirrors
|
|
4
|
+
* `PairingHttpAdapter` and `ShareEnvelopeHttpAdapter` for shape.
|
|
5
|
+
*
|
|
6
|
+
* Wire shape per DESIGN.md §4.3.2:
|
|
7
|
+
*
|
|
8
|
+
* POST /wallet/new/start
|
|
9
|
+
* body = { kind }
|
|
10
|
+
* reply = { session_id, challenge_b64, user_handle_b64,
|
|
11
|
+
* user_display_name }
|
|
12
|
+
*
|
|
13
|
+
* POST /wallet/new/finalize
|
|
14
|
+
* body = { session_id,
|
|
15
|
+
* enrolment: { credential_id, attestation_object,
|
|
16
|
+
* client_data_json } }
|
|
17
|
+
* reply = { identity, threshold: { k, n },
|
|
18
|
+
* wrapped_share: { credential_id, wrapped_share_b64,
|
|
19
|
+
* alg, salt_b64 } }
|
|
20
|
+
*
|
|
21
|
+
* POST /wallet/new/confirm → 204
|
|
22
|
+
* POST /wallet/new/cancel → 204 (idempotent)
|
|
23
|
+
*
|
|
24
|
+
* Bytes on the wire are standard base64 (RFC 4648 §4) — same convention
|
|
25
|
+
* the FROST + Canton + ShareEnvelope adapters use. The `_b64` suffix is
|
|
26
|
+
* load-bearing.
|
|
27
|
+
*
|
|
28
|
+
* The `/wallet/new/*` endpoints are pre-auth: provisioning runs before
|
|
29
|
+
* the user has any session, and the new device's consent is asserted by
|
|
30
|
+
* the WebAuthn attestation embedded in `finalize`. So no `Authorization`
|
|
31
|
+
* header is threaded through. The optional `headers` callback exists for
|
|
32
|
+
* hosts that still want to attach `X-Trace-Id` or rate-limit tokens.
|
|
33
|
+
*
|
|
34
|
+
* Browser-clean: `fetch` only.
|
|
35
|
+
*/
|
|
36
|
+
import type { TdipIdentity, TdipKind } from '../types/identity.js';
|
|
37
|
+
import type { PasskeyEnrolment, ProvisioningPort, WalletThresholdRecord, WrappedDeviceShare } from './wallet-new.js';
|
|
38
|
+
export interface ProvisioningHttpConfig {
|
|
39
|
+
/** Base URL of the Tenzro RPC node, e.g. `https://rpc.tenzro.network`. */
|
|
40
|
+
readonly baseUrl: string;
|
|
41
|
+
/** Optional `fetch` override for tests. */
|
|
42
|
+
readonly fetch?: typeof fetch;
|
|
43
|
+
/**
|
|
44
|
+
* Per-request headers. Optional — the routes are pre-auth, but a host
|
|
45
|
+
* may still want to attach `X-Trace-Id` or similar.
|
|
46
|
+
*/
|
|
47
|
+
readonly headers?: () => Promise<Record<string, string>> | Record<string, string>;
|
|
48
|
+
}
|
|
49
|
+
export declare class ProvisioningHttpError extends Error {
|
|
50
|
+
readonly status: number;
|
|
51
|
+
readonly url: string;
|
|
52
|
+
readonly body: string;
|
|
53
|
+
constructor(status: number, url: string, body: string);
|
|
54
|
+
}
|
|
55
|
+
export declare class ProvisioningHttpAdapter implements ProvisioningPort {
|
|
56
|
+
#private;
|
|
57
|
+
constructor(cfg: ProvisioningHttpConfig);
|
|
58
|
+
start(req: {
|
|
59
|
+
readonly kind: TdipKind;
|
|
60
|
+
}): Promise<{
|
|
61
|
+
readonly sessionId: string;
|
|
62
|
+
readonly challenge: Uint8Array;
|
|
63
|
+
readonly userHandle: Uint8Array;
|
|
64
|
+
readonly userDisplayName: string;
|
|
65
|
+
}>;
|
|
66
|
+
finalize(req: {
|
|
67
|
+
readonly sessionId: string;
|
|
68
|
+
readonly enrolment: PasskeyEnrolment;
|
|
69
|
+
}): Promise<{
|
|
70
|
+
readonly identity: TdipIdentity;
|
|
71
|
+
readonly threshold: WalletThresholdRecord;
|
|
72
|
+
readonly wrappedShare: WrappedDeviceShare;
|
|
73
|
+
}>;
|
|
74
|
+
confirm(req: {
|
|
75
|
+
readonly sessionId: string;
|
|
76
|
+
}): Promise<void>;
|
|
77
|
+
cancel(req: {
|
|
78
|
+
readonly sessionId: string;
|
|
79
|
+
}): Promise<void>;
|
|
80
|
+
}
|
|
81
|
+
//# sourceMappingURL=provisioning-http-adapter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provisioning-http-adapter.d.ts","sourceRoot":"","sources":["../../src/identity/provisioning-http-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AACnE,OAAO,KAAK,EACV,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,kBAAkB,EACnB,MAAM,iBAAiB,CAAC;AAEzB,MAAM,WAAW,sBAAsB;IACrC,0EAA0E;IAC1E,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,2CAA2C;IAC3C,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IAC9B;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnF;AAED,qBAAa,qBAAsB,SAAQ,KAAK;IAE5C,QAAQ,CAAC,MAAM,EAAE,MAAM;IACvB,QAAQ,CAAC,GAAG,EAAE,MAAM;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM;gBAFZ,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM;CASxB;AAsBD,qBAAa,uBAAwB,YAAW,gBAAgB;;gBAGlD,GAAG,EAAE,sBAAsB;IAIjC,KAAK,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;QACrD,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;QAC/B,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;QAChC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;KAClC,CAAC;IAUI,QAAQ,CAAC,GAAG,EAAE;QAClB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAC;KACtC,GAAG,OAAO,CAAC;QACV,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;QAChC,QAAQ,CAAC,SAAS,EAAE,qBAAqB,CAAC;QAC1C,QAAQ,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC3C,CAAC;IAqBI,OAAO,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3D,MAAM,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAsBjE"}
|
|
@@ -0,0 +1,114 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ProvisioningHttpAdapter — fetch-based driver against a Tenzro RPC node's
|
|
3
|
+
* `/wallet/new/*` endpoints. Implements `ProvisioningPort`; mirrors
|
|
4
|
+
* `PairingHttpAdapter` and `ShareEnvelopeHttpAdapter` for shape.
|
|
5
|
+
*
|
|
6
|
+
* Wire shape per DESIGN.md §4.3.2:
|
|
7
|
+
*
|
|
8
|
+
* POST /wallet/new/start
|
|
9
|
+
* body = { kind }
|
|
10
|
+
* reply = { session_id, challenge_b64, user_handle_b64,
|
|
11
|
+
* user_display_name }
|
|
12
|
+
*
|
|
13
|
+
* POST /wallet/new/finalize
|
|
14
|
+
* body = { session_id,
|
|
15
|
+
* enrolment: { credential_id, attestation_object,
|
|
16
|
+
* client_data_json } }
|
|
17
|
+
* reply = { identity, threshold: { k, n },
|
|
18
|
+
* wrapped_share: { credential_id, wrapped_share_b64,
|
|
19
|
+
* alg, salt_b64 } }
|
|
20
|
+
*
|
|
21
|
+
* POST /wallet/new/confirm → 204
|
|
22
|
+
* POST /wallet/new/cancel → 204 (idempotent)
|
|
23
|
+
*
|
|
24
|
+
* Bytes on the wire are standard base64 (RFC 4648 §4) — same convention
|
|
25
|
+
* the FROST + Canton + ShareEnvelope adapters use. The `_b64` suffix is
|
|
26
|
+
* load-bearing.
|
|
27
|
+
*
|
|
28
|
+
* The `/wallet/new/*` endpoints are pre-auth: provisioning runs before
|
|
29
|
+
* the user has any session, and the new device's consent is asserted by
|
|
30
|
+
* the WebAuthn attestation embedded in `finalize`. So no `Authorization`
|
|
31
|
+
* header is threaded through. The optional `headers` callback exists for
|
|
32
|
+
* hosts that still want to attach `X-Trace-Id` or rate-limit tokens.
|
|
33
|
+
*
|
|
34
|
+
* Browser-clean: `fetch` only.
|
|
35
|
+
*/
|
|
36
|
+
export class ProvisioningHttpError extends Error {
|
|
37
|
+
status;
|
|
38
|
+
url;
|
|
39
|
+
body;
|
|
40
|
+
constructor(status, url, body) {
|
|
41
|
+
super(`provisioning http ${status} on ${url}: ${body.length > 200 ? body.slice(0, 200) + '…' : body}`);
|
|
42
|
+
this.status = status;
|
|
43
|
+
this.url = url;
|
|
44
|
+
this.body = body;
|
|
45
|
+
this.name = 'ProvisioningHttpError';
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
export class ProvisioningHttpAdapter {
|
|
49
|
+
#cfg;
|
|
50
|
+
constructor(cfg) {
|
|
51
|
+
this.#cfg = cfg;
|
|
52
|
+
}
|
|
53
|
+
async start(req) {
|
|
54
|
+
const raw = await this.#post('/wallet/new/start', { kind: req.kind });
|
|
55
|
+
return {
|
|
56
|
+
sessionId: raw.session_id,
|
|
57
|
+
challenge: b64ToBytes(raw.challenge_b64),
|
|
58
|
+
userHandle: b64ToBytes(raw.user_handle_b64),
|
|
59
|
+
userDisplayName: raw.user_display_name,
|
|
60
|
+
};
|
|
61
|
+
}
|
|
62
|
+
async finalize(req) {
|
|
63
|
+
const raw = await this.#post('/wallet/new/finalize', {
|
|
64
|
+
session_id: req.sessionId,
|
|
65
|
+
enrolment: {
|
|
66
|
+
credential_id: req.enrolment.credentialId,
|
|
67
|
+
attestation_object: req.enrolment.attestationObject,
|
|
68
|
+
client_data_json: req.enrolment.clientDataJson,
|
|
69
|
+
},
|
|
70
|
+
});
|
|
71
|
+
return {
|
|
72
|
+
identity: raw.identity,
|
|
73
|
+
threshold: raw.threshold,
|
|
74
|
+
wrappedShare: {
|
|
75
|
+
credentialId: raw.wrapped_share.credential_id,
|
|
76
|
+
wrappedShare: b64ToBytes(raw.wrapped_share.wrapped_share_b64),
|
|
77
|
+
alg: raw.wrapped_share.alg,
|
|
78
|
+
salt: b64ToBytes(raw.wrapped_share.salt_b64),
|
|
79
|
+
},
|
|
80
|
+
};
|
|
81
|
+
}
|
|
82
|
+
async confirm(req) {
|
|
83
|
+
await this.#post('/wallet/new/confirm', { session_id: req.sessionId });
|
|
84
|
+
}
|
|
85
|
+
async cancel(req) {
|
|
86
|
+
await this.#post('/wallet/new/cancel', { session_id: req.sessionId });
|
|
87
|
+
}
|
|
88
|
+
// --- internals ---
|
|
89
|
+
async #post(path, body) {
|
|
90
|
+
const f = this.#cfg.fetch ?? globalThis.fetch;
|
|
91
|
+
const url = this.#cfg.baseUrl.replace(/\/+$/, '') + path;
|
|
92
|
+
const extra = (await this.#cfg.headers?.()) ?? {};
|
|
93
|
+
const res = await f(url, {
|
|
94
|
+
method: 'POST',
|
|
95
|
+
headers: { 'content-type': 'application/json', ...extra },
|
|
96
|
+
body: JSON.stringify(body),
|
|
97
|
+
});
|
|
98
|
+
if (!res.ok) {
|
|
99
|
+
const text = await res.text().catch(() => '');
|
|
100
|
+
throw new ProvisioningHttpError(res.status, url, text);
|
|
101
|
+
}
|
|
102
|
+
if (res.status === 204)
|
|
103
|
+
return undefined;
|
|
104
|
+
return (await res.json());
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
function b64ToBytes(b64) {
|
|
108
|
+
const bin = atob(b64);
|
|
109
|
+
const out = new Uint8Array(bin.length);
|
|
110
|
+
for (let i = 0; i < bin.length; i++)
|
|
111
|
+
out[i] = bin.charCodeAt(i);
|
|
112
|
+
return out;
|
|
113
|
+
}
|
|
114
|
+
//# sourceMappingURL=provisioning-http-adapter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provisioning-http-adapter.js","sourceRoot":"","sources":["../../src/identity/provisioning-http-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAsBH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAEnC;IACA;IACA;IAHX,YACW,MAAc,EACd,GAAW,EACX,IAAY;QAErB,KAAK,CACH,qBAAqB,MAAM,OAAO,GAAG,KACnC,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IACjD,EAAE,CACH,CAAC;QARO,WAAM,GAAN,MAAM,CAAQ;QACd,QAAG,GAAH,GAAG,CAAQ;QACX,SAAI,GAAJ,IAAI,CAAQ;QAOrB,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAsBD,MAAM,OAAO,uBAAuB;IACzB,IAAI,CAAyB;IAEtC,YAAY,GAA2B;QACrC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAgC;QAM1C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAW,mBAAmB,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QAChF,OAAO;YACL,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,SAAS,EAAE,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC;YACxC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC;YAC3C,eAAe,EAAE,GAAG,CAAC,iBAAiB;SACvC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAGd;QAKC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAc,sBAAsB,EAAE;YAChE,UAAU,EAAE,GAAG,CAAC,SAAS;YACzB,SAAS,EAAE;gBACT,aAAa,EAAE,GAAG,CAAC,SAAS,CAAC,YAAY;gBACzC,kBAAkB,EAAE,GAAG,CAAC,SAAS,CAAC,iBAAiB;gBACnD,gBAAgB,EAAE,GAAG,CAAC,SAAS,CAAC,cAAc;aAC/C;SACF,CAAC,CAAC;QACH,OAAO;YACL,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,YAAY,EAAE;gBACZ,YAAY,EAAE,GAAG,CAAC,aAAa,CAAC,aAAa;gBAC7C,YAAY,EAAE,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,iBAAiB,CAAC;gBAC7D,GAAG,EAAE,GAAG,CAAC,aAAa,CAAC,GAAG;gBAC1B,IAAI,EAAE,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC;aAC7C;SACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAmC;QAC/C,MAAM,IAAI,CAAC,KAAK,CAAU,qBAAqB,EAAE,EAAE,UAAU,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAmC;QAC9C,MAAM,IAAI,CAAC,KAAK,CAAU,oBAAoB,EAAE,EAAE,UAAU,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;IACjF,CAAC;IAED,oBAAoB;IAEpB,KAAK,CAAC,KAAK,CAAO,IAAY,EAAE,IAAa;QAC3C,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC;QACzD,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QAClD,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,GAAG,EAAE;YACvB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,KAAK,EAAE;YACzD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9C,MAAM,IAAI,qBAAqB,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,SAAiB,CAAC;QACjD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAS,CAAC;IACpC,CAAC;CACF;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACtB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* RecoveryHttpAdapter — fetch-based driver against a Tenzro RPC node's
|
|
3
|
+
* `/wallet/recover/*` endpoints. Implements `RecoveryPort`; mirrors
|
|
4
|
+
* `ProvisioningHttpAdapter` for shape.
|
|
5
|
+
*
|
|
6
|
+
* Wire shape per DESIGN.md §4.3.5:
|
|
7
|
+
*
|
|
8
|
+
* POST /wallet/recover/start
|
|
9
|
+
* body = { did, proof, force_rotate? }
|
|
10
|
+
* proof discriminator: { kind: 'email-otp', otp }
|
|
11
|
+
* | { kind: 'social',
|
|
12
|
+
* delegate_signatures: [{
|
|
13
|
+
* delegate_did, signature_b64
|
|
14
|
+
* }] }
|
|
15
|
+
* | { kind: 'tenzro-id-kyc', proof_token }
|
|
16
|
+
* reply = { session_id, challenge_b64, user_handle_b64,
|
|
17
|
+
* user_display_name }
|
|
18
|
+
*
|
|
19
|
+
* POST /wallet/recover/finalize
|
|
20
|
+
* body = { session_id,
|
|
21
|
+
* enrolment: { credential_id, attestation_object,
|
|
22
|
+
* client_data_json } }
|
|
23
|
+
* reply = { identity, threshold: { k, n },
|
|
24
|
+
* wrapped_share: { credential_id, wrapped_share_b64,
|
|
25
|
+
* alg, salt_b64 } }
|
|
26
|
+
*
|
|
27
|
+
* POST /wallet/recover/confirm → 204
|
|
28
|
+
* POST /wallet/recover/cancel → 204 (idempotent)
|
|
29
|
+
*
|
|
30
|
+
* Pre-auth: the recovery proof in `start` and the WebAuthn attestation
|
|
31
|
+
* in `finalize` are what the node verifies. No `Authorization` header.
|
|
32
|
+
*
|
|
33
|
+
* Browser-clean: `fetch` only.
|
|
34
|
+
*/
|
|
35
|
+
import type { TdipDid, TdipIdentity } from '../types/identity.js';
|
|
36
|
+
import type { PasskeyEnrolment, WalletThresholdRecord, WrappedDeviceShare } from './wallet-new.js';
|
|
37
|
+
import type { RecoveryPort, RecoveryProof } from './wallet-recover.js';
|
|
38
|
+
export interface RecoveryHttpConfig {
|
|
39
|
+
/** Base URL of the Tenzro RPC node, e.g. `https://rpc.tenzro.network`. */
|
|
40
|
+
readonly baseUrl: string;
|
|
41
|
+
/** Optional `fetch` override for tests. */
|
|
42
|
+
readonly fetch?: typeof fetch;
|
|
43
|
+
/**
|
|
44
|
+
* Per-request headers. Optional — pre-auth routes; included for
|
|
45
|
+
* `X-Trace-Id` or rate-limit tokens.
|
|
46
|
+
*/
|
|
47
|
+
readonly headers?: () => Promise<Record<string, string>> | Record<string, string>;
|
|
48
|
+
}
|
|
49
|
+
export declare class RecoveryHttpError extends Error {
|
|
50
|
+
readonly status: number;
|
|
51
|
+
readonly url: string;
|
|
52
|
+
readonly body: string;
|
|
53
|
+
constructor(status: number, url: string, body: string);
|
|
54
|
+
}
|
|
55
|
+
export declare class RecoveryHttpAdapter implements RecoveryPort {
|
|
56
|
+
#private;
|
|
57
|
+
constructor(cfg: RecoveryHttpConfig);
|
|
58
|
+
start(req: {
|
|
59
|
+
readonly did: TdipDid;
|
|
60
|
+
readonly proof: RecoveryProof;
|
|
61
|
+
readonly forceRotate?: boolean;
|
|
62
|
+
}): Promise<{
|
|
63
|
+
readonly sessionId: string;
|
|
64
|
+
readonly challenge: Uint8Array;
|
|
65
|
+
readonly userHandle: Uint8Array;
|
|
66
|
+
readonly userDisplayName: string;
|
|
67
|
+
}>;
|
|
68
|
+
finalize(req: {
|
|
69
|
+
readonly sessionId: string;
|
|
70
|
+
readonly enrolment: PasskeyEnrolment;
|
|
71
|
+
}): Promise<{
|
|
72
|
+
readonly identity: TdipIdentity;
|
|
73
|
+
readonly threshold: WalletThresholdRecord;
|
|
74
|
+
readonly wrappedShare: WrappedDeviceShare;
|
|
75
|
+
}>;
|
|
76
|
+
confirm(req: {
|
|
77
|
+
readonly sessionId: string;
|
|
78
|
+
}): Promise<void>;
|
|
79
|
+
cancel(req: {
|
|
80
|
+
readonly sessionId: string;
|
|
81
|
+
}): Promise<void>;
|
|
82
|
+
}
|
|
83
|
+
//# sourceMappingURL=recovery-http-adapter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"recovery-http-adapter.d.ts","sourceRoot":"","sources":["../../src/identity/recovery-http-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACnG,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEvE,MAAM,WAAW,kBAAkB;IACjC,0EAA0E;IAC1E,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,2CAA2C;IAC3C,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IAC9B;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnF;AAED,qBAAa,iBAAkB,SAAQ,KAAK;IAExC,QAAQ,CAAC,MAAM,EAAE,MAAM;IACvB,QAAQ,CAAC,GAAG,EAAE,MAAM;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM;gBAFZ,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM;CAOxB;AAsBD,qBAAa,mBAAoB,YAAW,YAAY;;gBAG1C,GAAG,EAAE,kBAAkB;IAI7B,KAAK,CAAC,GAAG,EAAE;QACf,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;QACtB,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC;QAC9B,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;KAChC,GAAG,OAAO,CAAC;QACV,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;QAC/B,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;QAChC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;KAClC,CAAC;IAcI,QAAQ,CAAC,GAAG,EAAE;QAClB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAC;KACtC,GAAG,OAAO,CAAC;QACV,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;QAChC,QAAQ,CAAC,SAAS,EAAE,qBAAqB,CAAC;QAC1C,QAAQ,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC3C,CAAC;IAqBI,OAAO,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3D,MAAM,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAsBjE"}
|
|
@@ -0,0 +1,139 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* RecoveryHttpAdapter — fetch-based driver against a Tenzro RPC node's
|
|
3
|
+
* `/wallet/recover/*` endpoints. Implements `RecoveryPort`; mirrors
|
|
4
|
+
* `ProvisioningHttpAdapter` for shape.
|
|
5
|
+
*
|
|
6
|
+
* Wire shape per DESIGN.md §4.3.5:
|
|
7
|
+
*
|
|
8
|
+
* POST /wallet/recover/start
|
|
9
|
+
* body = { did, proof, force_rotate? }
|
|
10
|
+
* proof discriminator: { kind: 'email-otp', otp }
|
|
11
|
+
* | { kind: 'social',
|
|
12
|
+
* delegate_signatures: [{
|
|
13
|
+
* delegate_did, signature_b64
|
|
14
|
+
* }] }
|
|
15
|
+
* | { kind: 'tenzro-id-kyc', proof_token }
|
|
16
|
+
* reply = { session_id, challenge_b64, user_handle_b64,
|
|
17
|
+
* user_display_name }
|
|
18
|
+
*
|
|
19
|
+
* POST /wallet/recover/finalize
|
|
20
|
+
* body = { session_id,
|
|
21
|
+
* enrolment: { credential_id, attestation_object,
|
|
22
|
+
* client_data_json } }
|
|
23
|
+
* reply = { identity, threshold: { k, n },
|
|
24
|
+
* wrapped_share: { credential_id, wrapped_share_b64,
|
|
25
|
+
* alg, salt_b64 } }
|
|
26
|
+
*
|
|
27
|
+
* POST /wallet/recover/confirm → 204
|
|
28
|
+
* POST /wallet/recover/cancel → 204 (idempotent)
|
|
29
|
+
*
|
|
30
|
+
* Pre-auth: the recovery proof in `start` and the WebAuthn attestation
|
|
31
|
+
* in `finalize` are what the node verifies. No `Authorization` header.
|
|
32
|
+
*
|
|
33
|
+
* Browser-clean: `fetch` only.
|
|
34
|
+
*/
|
|
35
|
+
export class RecoveryHttpError extends Error {
|
|
36
|
+
status;
|
|
37
|
+
url;
|
|
38
|
+
body;
|
|
39
|
+
constructor(status, url, body) {
|
|
40
|
+
super(`recovery http ${status} on ${url}: ${body.length > 200 ? body.slice(0, 200) + '…' : body}`);
|
|
41
|
+
this.status = status;
|
|
42
|
+
this.url = url;
|
|
43
|
+
this.body = body;
|
|
44
|
+
this.name = 'RecoveryHttpError';
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
export class RecoveryHttpAdapter {
|
|
48
|
+
#cfg;
|
|
49
|
+
constructor(cfg) {
|
|
50
|
+
this.#cfg = cfg;
|
|
51
|
+
}
|
|
52
|
+
async start(req) {
|
|
53
|
+
const raw = await this.#post('/wallet/recover/start', {
|
|
54
|
+
did: req.did,
|
|
55
|
+
proof: encodeProof(req.proof),
|
|
56
|
+
...(req.forceRotate !== undefined ? { force_rotate: req.forceRotate } : {}),
|
|
57
|
+
});
|
|
58
|
+
return {
|
|
59
|
+
sessionId: raw.session_id,
|
|
60
|
+
challenge: b64ToBytes(raw.challenge_b64),
|
|
61
|
+
userHandle: b64ToBytes(raw.user_handle_b64),
|
|
62
|
+
userDisplayName: raw.user_display_name,
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
async finalize(req) {
|
|
66
|
+
const raw = await this.#post('/wallet/recover/finalize', {
|
|
67
|
+
session_id: req.sessionId,
|
|
68
|
+
enrolment: {
|
|
69
|
+
credential_id: req.enrolment.credentialId,
|
|
70
|
+
attestation_object: req.enrolment.attestationObject,
|
|
71
|
+
client_data_json: req.enrolment.clientDataJson,
|
|
72
|
+
},
|
|
73
|
+
});
|
|
74
|
+
return {
|
|
75
|
+
identity: raw.identity,
|
|
76
|
+
threshold: raw.threshold,
|
|
77
|
+
wrappedShare: {
|
|
78
|
+
credentialId: raw.wrapped_share.credential_id,
|
|
79
|
+
wrappedShare: b64ToBytes(raw.wrapped_share.wrapped_share_b64),
|
|
80
|
+
alg: raw.wrapped_share.alg,
|
|
81
|
+
salt: b64ToBytes(raw.wrapped_share.salt_b64),
|
|
82
|
+
},
|
|
83
|
+
};
|
|
84
|
+
}
|
|
85
|
+
async confirm(req) {
|
|
86
|
+
await this.#post('/wallet/recover/confirm', { session_id: req.sessionId });
|
|
87
|
+
}
|
|
88
|
+
async cancel(req) {
|
|
89
|
+
await this.#post('/wallet/recover/cancel', { session_id: req.sessionId });
|
|
90
|
+
}
|
|
91
|
+
// --- internals ---
|
|
92
|
+
async #post(path, body) {
|
|
93
|
+
const f = this.#cfg.fetch ?? globalThis.fetch;
|
|
94
|
+
const url = this.#cfg.baseUrl.replace(/\/+$/, '') + path;
|
|
95
|
+
const extra = (await this.#cfg.headers?.()) ?? {};
|
|
96
|
+
const res = await f(url, {
|
|
97
|
+
method: 'POST',
|
|
98
|
+
headers: { 'content-type': 'application/json', ...extra },
|
|
99
|
+
body: JSON.stringify(body),
|
|
100
|
+
});
|
|
101
|
+
if (!res.ok) {
|
|
102
|
+
const text = await res.text().catch(() => '');
|
|
103
|
+
throw new RecoveryHttpError(res.status, url, text);
|
|
104
|
+
}
|
|
105
|
+
if (res.status === 204)
|
|
106
|
+
return undefined;
|
|
107
|
+
return (await res.json());
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
function encodeProof(proof) {
|
|
111
|
+
switch (proof.kind) {
|
|
112
|
+
case 'email-otp':
|
|
113
|
+
return { kind: 'email-otp', otp: proof.otp };
|
|
114
|
+
case 'social':
|
|
115
|
+
return {
|
|
116
|
+
kind: 'social',
|
|
117
|
+
delegate_signatures: proof.delegateSignatures.map((d) => ({
|
|
118
|
+
delegate_did: d.delegateDid,
|
|
119
|
+
signature_b64: bytesToB64(d.signature),
|
|
120
|
+
})),
|
|
121
|
+
};
|
|
122
|
+
case 'tenzro-id-kyc':
|
|
123
|
+
return { kind: 'tenzro-id-kyc', proof_token: proof.proofToken };
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
function b64ToBytes(b64) {
|
|
127
|
+
const bin = atob(b64);
|
|
128
|
+
const out = new Uint8Array(bin.length);
|
|
129
|
+
for (let i = 0; i < bin.length; i++)
|
|
130
|
+
out[i] = bin.charCodeAt(i);
|
|
131
|
+
return out;
|
|
132
|
+
}
|
|
133
|
+
function bytesToB64(bytes) {
|
|
134
|
+
let bin = '';
|
|
135
|
+
for (let i = 0; i < bytes.length; i++)
|
|
136
|
+
bin += String.fromCharCode(bytes[i]);
|
|
137
|
+
return btoa(bin);
|
|
138
|
+
}
|
|
139
|
+
//# sourceMappingURL=recovery-http-adapter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"recovery-http-adapter.js","sourceRoot":"","sources":["../../src/identity/recovery-http-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAkBH,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAE/B;IACA;IACA;IAHX,YACW,MAAc,EACd,GAAW,EACX,IAAY;QAErB,KAAK,CACH,iBAAiB,MAAM,OAAO,GAAG,KAAK,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAC5F,CAAC;QANO,WAAM,GAAN,MAAM,CAAQ;QACd,QAAG,GAAH,GAAG,CAAQ;QACX,SAAI,GAAJ,IAAI,CAAQ;QAKrB,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAsBD,MAAM,OAAO,mBAAmB;IACrB,IAAI,CAAqB;IAElC,YAAY,GAAuB;QACjC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAIX;QAMC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAW,uBAAuB,EAAE;YAC9D,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,KAAK,EAAE,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC;YAC7B,GAAG,CAAC,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5E,CAAC,CAAC;QACH,OAAO;YACL,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,SAAS,EAAE,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC;YACxC,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC;YAC3C,eAAe,EAAE,GAAG,CAAC,iBAAiB;SACvC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAGd;QAKC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAc,0BAA0B,EAAE;YACpE,UAAU,EAAE,GAAG,CAAC,SAAS;YACzB,SAAS,EAAE;gBACT,aAAa,EAAE,GAAG,CAAC,SAAS,CAAC,YAAY;gBACzC,kBAAkB,EAAE,GAAG,CAAC,SAAS,CAAC,iBAAiB;gBACnD,gBAAgB,EAAE,GAAG,CAAC,SAAS,CAAC,cAAc;aAC/C;SACF,CAAC,CAAC;QACH,OAAO;YACL,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,YAAY,EAAE;gBACZ,YAAY,EAAE,GAAG,CAAC,aAAa,CAAC,aAAa;gBAC7C,YAAY,EAAE,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,iBAAiB,CAAC;gBAC7D,GAAG,EAAE,GAAG,CAAC,aAAa,CAAC,GAAG;gBAC1B,IAAI,EAAE,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC;aAC7C;SACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAmC;QAC/C,MAAM,IAAI,CAAC,KAAK,CAAU,yBAAyB,EAAE,EAAE,UAAU,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAmC;QAC9C,MAAM,IAAI,CAAC,KAAK,CAAU,wBAAwB,EAAE,EAAE,UAAU,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,oBAAoB;IAEpB,KAAK,CAAC,KAAK,CAAO,IAAY,EAAE,IAAa;QAC3C,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC;QACzD,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QAClD,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,GAAG,EAAE;YACvB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,KAAK,EAAE;YACzD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9C,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,SAAiB,CAAC;QACjD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAS,CAAC;IACpC,CAAC;CACF;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,WAAW;YACd,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC;QAC/C,KAAK,QAAQ;YACX,OAAO;gBACL,IAAI,EAAE,QAAQ;gBACd,mBAAmB,EAAE,KAAK,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACxD,YAAY,EAAE,CAAC,CAAC,WAAW;oBAC3B,aAAa,EAAE,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvC,CAAC,CAAC;aACJ,CAAC;QACJ,KAAK,eAAe;YAClB,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC;IACpE,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACtB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,KAAiB;IACnC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;IAC7E,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC"}
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `walletNew()` — passkey-quorum provisioning flow per DESIGN.md §4.3.2.
|
|
3
|
+
*
|
|
4
|
+
* Replaces M1's deterministic `provisionIdentity()` (which mocks shares
|
|
5
|
+
* locally) with the M5 network-governed ceremony. The kernel orchestrates;
|
|
6
|
+
* Tenzro's `/wallet/new/*` endpoints + the host's WebAuthn glue do the
|
|
7
|
+
* heavy lifting.
|
|
8
|
+
*
|
|
9
|
+
* Steps mapped to DESIGN.md §4.3.2:
|
|
10
|
+
*
|
|
11
|
+
* 1. Host opens an onboarding page; the kernel is invoked from that page.
|
|
12
|
+
* 2. Host runs `navigator.credentials.create` via `PasskeyEnroller`,
|
|
13
|
+
* yielding a fresh passkey credential bound to the Tenzro relying-party.
|
|
14
|
+
* 3. Kernel calls `ProvisioningPort.start({credentialId, attestation, kind})`.
|
|
15
|
+
* The node-TEE runs DKG, returns the new DID + per-surface public keys
|
|
16
|
+
* + the wrapped device share + AEAD metadata.
|
|
17
|
+
* 4. Kernel hands the wrapped share to `ShareStore.put(...)` so the host
|
|
18
|
+
* can persist it under the platform's secure storage (IndexedDB, OS
|
|
19
|
+
* keychain, largeBlob, …). The unwrap key never enters JS memory.
|
|
20
|
+
* 5. Kernel calls `ProvisioningPort.confirm({did, sessionId})` so the
|
|
21
|
+
* node-TEE finalises the topology record (DID Document, threshold,
|
|
22
|
+
* verificationMethods).
|
|
23
|
+
* 6. Kernel returns the resulting `TdipIdentity` and the credential id
|
|
24
|
+
* bound to the device share, so subsequent signing flows can pass
|
|
25
|
+
* it into `PasskeyShareUnwrapper`.
|
|
26
|
+
*
|
|
27
|
+
* Errors abort cleanly: if `confirm` fails, the kernel calls
|
|
28
|
+
* `ProvisioningPort.cancel(sessionId)` so the node drops the half-built
|
|
29
|
+
* record and the wrapped share, and re-throws the original error. The
|
|
30
|
+
* host is responsible for surfacing the failure to the user.
|
|
31
|
+
*
|
|
32
|
+
* Browser-clean: no Node-specific globals.
|
|
33
|
+
*/
|
|
34
|
+
import type { TdipIdentity, TdipKind } from '../types/identity.js';
|
|
35
|
+
export type WalletThresholdRecord = {
|
|
36
|
+
readonly k: number;
|
|
37
|
+
readonly n: number;
|
|
38
|
+
};
|
|
39
|
+
/**
|
|
40
|
+
* Wrapped device-share envelope handed back by the node at provisioning.
|
|
41
|
+
* Bytes are decoded already (the HTTP layer does base64 ↔ Uint8Array).
|
|
42
|
+
*
|
|
43
|
+
* `alg`/`salt` are surfaced so the same share envelope can later flow
|
|
44
|
+
* through `ShareEnvelopePort.fetchEnvelope()` on subsequent unwraps —
|
|
45
|
+
* the node treats provisioning as a "first envelope" and re-uses the
|
|
46
|
+
* same wrapping at sign time.
|
|
47
|
+
*/
|
|
48
|
+
export interface WrappedDeviceShare {
|
|
49
|
+
readonly credentialId: string;
|
|
50
|
+
readonly wrappedShare: Uint8Array;
|
|
51
|
+
readonly alg: string;
|
|
52
|
+
readonly salt: Uint8Array;
|
|
53
|
+
}
|
|
54
|
+
export interface PasskeyEnrolment {
|
|
55
|
+
readonly credentialId: string;
|
|
56
|
+
/** WebAuthn attestation object, base64url. Forwarded verbatim to node. */
|
|
57
|
+
readonly attestationObject: string;
|
|
58
|
+
/** WebAuthn clientDataJSON, base64url. */
|
|
59
|
+
readonly clientDataJson: string;
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* Browser passkey *create* (not *get*). Wraps `navigator.credentials.create`
|
|
63
|
+
* with the wallet's relying-party id and a node-issued challenge.
|
|
64
|
+
*/
|
|
65
|
+
export interface PasskeyEnroller {
|
|
66
|
+
enroll(opts: {
|
|
67
|
+
readonly challenge: Uint8Array;
|
|
68
|
+
readonly userId: Uint8Array;
|
|
69
|
+
readonly userDisplayName: string;
|
|
70
|
+
}): Promise<PasskeyEnrolment>;
|
|
71
|
+
}
|
|
72
|
+
/**
|
|
73
|
+
* Server transport for `/wallet/new/*`. Tenzro implements; kernel consumes.
|
|
74
|
+
*
|
|
75
|
+
* POST /wallet/new/start → { session_id, challenge_b64,
|
|
76
|
+
* user_handle_b64 }
|
|
77
|
+
* POST /wallet/new/finalize → { did, identity, threshold,
|
|
78
|
+
* wrapped_share } // see WrappedDeviceShare
|
|
79
|
+
* POST /wallet/new/confirm → 204 // identity persisted
|
|
80
|
+
* POST /wallet/new/cancel → 204 // idempotent abort
|
|
81
|
+
*/
|
|
82
|
+
export interface ProvisioningPort {
|
|
83
|
+
start(req: {
|
|
84
|
+
readonly kind: TdipKind;
|
|
85
|
+
}): Promise<{
|
|
86
|
+
readonly sessionId: string;
|
|
87
|
+
readonly challenge: Uint8Array;
|
|
88
|
+
readonly userHandle: Uint8Array;
|
|
89
|
+
readonly userDisplayName: string;
|
|
90
|
+
}>;
|
|
91
|
+
finalize(req: {
|
|
92
|
+
readonly sessionId: string;
|
|
93
|
+
readonly enrolment: PasskeyEnrolment;
|
|
94
|
+
}): Promise<{
|
|
95
|
+
readonly identity: TdipIdentity;
|
|
96
|
+
readonly threshold: WalletThresholdRecord;
|
|
97
|
+
readonly wrappedShare: WrappedDeviceShare;
|
|
98
|
+
}>;
|
|
99
|
+
confirm(req: {
|
|
100
|
+
readonly sessionId: string;
|
|
101
|
+
}): Promise<void>;
|
|
102
|
+
cancel(req: {
|
|
103
|
+
readonly sessionId: string;
|
|
104
|
+
}): Promise<void>;
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Where the host persists the wrapped device share. The kernel never
|
|
108
|
+
* reads from this directly at sign time — that's `ShareEnvelopePort`'s
|
|
109
|
+
* job — but the host needs a hook to put the freshly-wrapped share into
|
|
110
|
+
* its persistence layer at provision time, in case the node doesn't
|
|
111
|
+
* also keep an envelope copy (deployment configurable).
|
|
112
|
+
*/
|
|
113
|
+
export interface DeviceShareStore {
|
|
114
|
+
put(req: {
|
|
115
|
+
readonly did: string;
|
|
116
|
+
readonly share: WrappedDeviceShare;
|
|
117
|
+
}): Promise<void>;
|
|
118
|
+
}
|
|
119
|
+
export interface WalletNewOptions {
|
|
120
|
+
readonly kind?: TdipKind;
|
|
121
|
+
readonly enroller: PasskeyEnroller;
|
|
122
|
+
readonly provisioning: ProvisioningPort;
|
|
123
|
+
/** Optional: persist locally too, in addition to whatever the node keeps. */
|
|
124
|
+
readonly shareStore?: DeviceShareStore;
|
|
125
|
+
}
|
|
126
|
+
export interface WalletNewResult {
|
|
127
|
+
readonly identity: TdipIdentity;
|
|
128
|
+
readonly threshold: WalletThresholdRecord;
|
|
129
|
+
readonly credentialId: string;
|
|
130
|
+
}
|
|
131
|
+
export declare function walletNew(opts: WalletNewOptions): Promise<WalletNewResult>;
|
|
132
|
+
//# sourceMappingURL=wallet-new.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"wallet-new.d.ts","sourceRoot":"","sources":["../../src/identity/wallet-new.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAEnE,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,YAAY,EAAE,UAAU,CAAC;IAClC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;CAC3B;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,0EAA0E;IAC1E,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,0CAA0C;IAC1C,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;CACjC;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,IAAI,EAAE;QACX,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;QAC/B,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;QAC5B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;KAClC,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;CAC/B;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;QAC/C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;QAC/B,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;QAChC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;KAClC,CAAC,CAAC;IAEH,QAAQ,CAAC,GAAG,EAAE;QACZ,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAC;KACtC,GAAG,OAAO,CAAC;QACV,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;QAChC,QAAQ,CAAC,SAAS,EAAE,qBAAqB,CAAC;QAC1C,QAAQ,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC3C,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5D,MAAM,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5D;AAED;;;;;;GAMG;AACH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,CAAC,GAAG,EAAE;QACP,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,KAAK,EAAE,kBAAkB,CAAC;KACpC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;IACnC,QAAQ,CAAC,YAAY,EAAE,gBAAgB,CAAC;IACxC,6EAA6E;IAC7E,QAAQ,CAAC,UAAU,CAAC,EAAE,gBAAgB,CAAC;CACxC;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,qBAAqB,CAAC;IAC1C,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;CAC/B;AAED,wBAAsB,SAAS,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAoDhF"}
|