w3pk 0.7.1 → 0.7.3

package/README.md

@@ -19,8 +19,8 @@ import { createWeb3Passkey } from 'w3pk'
 const w3pk = createWeb3Passkey()
 
 // Register (auto-generates wallet and stores it securely)
-const { mnemonic } = await w3pk.register({ username: 'alice' })
-console.log('⚠️  Save this recovery phrase:', mnemonic)
+const { address, username } = await w3pk.register({ username: 'alice' })
+console.log('✅ Registered:', username, 'with address:', address)
 
 // Login (for subsequent sessions)
 await w3pk.login()
@@ -46,6 +46,7 @@ const rpcUrl = endpoints[0]
 - 🌱 HD wallet generation (BIP39/BIP44)
 - 🔢 Multi-address derivation
 - 🥷 ERC-5564 stealth addresses (privacy-preserving transactions with view tags)
+- 🧮 ZK primitives (zero-knowledge proof generation and verification)
 - 🔗 Chainlist support (2390+ networks, auto-filtered RPC endpoints)
 - ⚡ EIP-7702 network detection (329+ supported networks)
 - 🛡️ Three-layer backup & recovery system
@@ -53,23 +54,14 @@ const rpcUrl = endpoints[0]
   - Encrypted backups (ZIP/QR with password protection)
   - Social recovery (Shamir Secret Sharing)
 
-**Optional: Zero-Knowledge Proofs**
-
-Requires additional dependencies (~70MB):
-```bash
-npm install snarkjs circomlibjs
-```
-
-See [ZK Integration Guide](./docs/ZK_INTEGRATION_GUIDE.md) to get started.
-
 ## API
 
 ### Authentication Flow
 
 ```typescript
-// Register (auto-stores wallet)
-const { mnemonic } = await w3pk.register({ username: 'alice' })
-// Returns: { mnemonic } - SAVE THIS!
+// Register (generates and stores wallet securely)
+const { address, username } = await w3pk.register({ username: 'alice' })
+// Returns: { address, username } 
 
 // Subsequent sessions: just login
 await w3pk.login()
@@ -82,12 +74,15 @@ w3pk.isAuthenticated
 w3pk.user
 ```
 
-**Advanced: Pre-generate wallet (optional)**
+**Important: Backup your wallet!**
 ```typescript
-// If you want to see the wallet before registering:
-const { mnemonic } = await w3pk.generateWallet()
-const { mnemonic } = await w3pk.register({ username: 'alice' })
-// register() will use the pre-generated wallet
+// After registration, users can create a backup
+const mnemonic = await w3pk.exportMnemonic({ requireAuth: true })
+console.log('⚠️  Save this recovery phrase:', mnemonic)
+
+// Or create encrypted backups:
+const zipBackup = await w3pk.createZipBackup('strong-password')
+const qrBackup = await w3pk.createQRBackup('optional-password')
 ```
 
 ### Wallet Operations
@@ -225,12 +220,21 @@ const myPayments = await w3pk.stealth?.scanAnnouncements(announcements)
 ### Backup & Recovery
 
 ```typescript
+import { isStrongPassword } from 'w3pk'
+
+// Validate password strength before creating backups
+const password = 'MyS3cur3!Password@2042'
+if (!isStrongPassword(password)) {
+  throw new Error('Password does not meet security requirements')
+}
+// Requirements: 12+ chars, uppercase, lowercase, number, special char, not common
+
 // Get backup status
 const status = await w3pk.getBackupStatus()
 console.log('Security Score:', status.securityScore.score) // 0-100
 
 // Create encrypted ZIP backup
-const blob = await w3pk.createZipBackup('MyS3cur3!Password@2042')
+const blob = await w3pk.createZipBackup(password)
 // Save blob to file system
 
 // Create QR backup

package/dist/index.d.mts

@@ -320,9 +320,10 @@ declare class Web3Passkey {
     private zkModule?;
     constructor(config?: Web3PasskeyConfig);
     /**
-     * Lazy-load ZK module to avoid bundling large dependencies
+     * Lazy-load ZK module only when accessed
+     * This prevents bundlers from including circomlibjs unless ZK features are used
      */
-    private initializeZKModule;
+    private loadZKModule;
     /**
      * Get mnemonic from active session or trigger authentication
      * This is used internally by methods that need the mnemonic
@@ -334,12 +335,13 @@ declare class Web3Passkey {
      * Register a new user with WebAuthn
      * Automatically generates a wallet if none exists
      * Creates a passkey and associates it with the Ethereum address (account #0)
-     * Returns the mnemonic phrase - IMPORTANT: User must save this!
+     * Returns the derived address #0 and username
      */
     register(options: {
         username: string;
     }): Promise<{
-        mnemonic: string;
+        address: string;
+        username: string;
     }>;
     /**
      * Login with WebAuthn (usernameless)
@@ -550,10 +552,6 @@ declare class Web3Passkey {
      * @param hours - Session duration in hours
      */
     setSessionDuration(hours: number): void;
-    /**
-     * SDK version
-     */
-    get version(): string;
 }
 
 /**
@@ -1104,6 +1102,30 @@ declare function getAllTopics(): string[];
  */
 declare function searchExplainers(query: string): EducationalModule[];
 
+/**
+ * Input validation utilities
+ */
+declare function validateEthereumAddress(address: string): boolean;
+declare function validateUsername(username: string): boolean;
+declare function validateMnemonic(mnemonic: string): boolean;
+declare function assertEthereumAddress(address: string): void;
+declare function assertUsername(username: string): void;
+declare function assertMnemonic(mnemonic: string): void;
+/**
+ * Validates password strength based on security best practices
+ * @param password - The password to validate
+ * @returns true if password meets strength requirements, false otherwise
+ *
+ * Requirements:
+ * - At least 12 characters long
+ * - Contains at least one uppercase letter
+ * - Contains at least one lowercase letter
+ * - Contains at least one number
+ * - Contains at least one special character
+ * - Not a common password
+ */
+declare function isStrongPassword(password: string): boolean;
+
 /**
  * Web3 Passkey SDK
  * Passwordless authentication with encrypted wallets
@@ -1111,4 +1133,4 @@ declare function searchExplainers(query: string): EducationalModule[];
 
 declare function createWeb3Passkey(config?: Web3PasskeyConfig): Web3Passkey;
 
-export { ApiError, AuthenticationError, BackupManager, type BackupStatus, BackupStorage, CryptoError, type DeviceInfo, DeviceManager, type EncryptedBackupInfo, type Guardian, type GuardianInvite, PlatformDetector, type QRBackupOptions, type RecoveryProgress, type RecoveryScenario, type RecoveryShare, RecoverySimulator, RegistrationError, type SecurityScore, type SimulationResult, type SocialRecoveryConfig, SocialRecoveryManager, type StealthAddressConfig, StealthAddressModule, type StealthAddressResult, type StealthKeys, StorageError, type SyncCapabilities, type SyncStatus, type SyncVault, type UserInfo, VaultSync, WalletError, type WalletInfo, Web3Passkey, type Web3PasskeyConfig, Web3PasskeyError, type ZipBackupOptions, canControlStealthAddress, checkStealthAddress, computeStealthPrivateKey, createWalletFromMnemonic, createWeb3Passkey, createWeb3Passkey as default, deriveStealthKeys, deriveWalletFromMnemonic, generateBIP39Wallet, generateStealthAddress, getAllTopics, getExplainer, searchExplainers };
+export { ApiError, AuthenticationError, BackupManager, type BackupStatus, BackupStorage, CryptoError, type DeviceInfo, DeviceManager, type EncryptedBackupInfo, type Guardian, type GuardianInvite, PlatformDetector, type QRBackupOptions, type RecoveryProgress, type RecoveryScenario, type RecoveryShare, RecoverySimulator, RegistrationError, type SecurityScore, type SimulationResult, type SocialRecoveryConfig, SocialRecoveryManager, type StealthAddressConfig, StealthAddressModule, type StealthAddressResult, type StealthKeys, StorageError, type SyncCapabilities, type SyncStatus, type SyncVault, type UserInfo, VaultSync, WalletError, type WalletInfo, Web3Passkey, type Web3PasskeyConfig, Web3PasskeyError, type ZipBackupOptions, assertEthereumAddress, assertMnemonic, assertUsername, canControlStealthAddress, checkStealthAddress, computeStealthPrivateKey, createWalletFromMnemonic, createWeb3Passkey, createWeb3Passkey as default, deriveStealthKeys, deriveWalletFromMnemonic, generateBIP39Wallet, generateStealthAddress, getAllTopics, getExplainer, isStrongPassword, searchExplainers, validateEthereumAddress, validateMnemonic, validateUsername };

package/dist/index.d.ts

@@ -320,9 +320,10 @@ declare class Web3Passkey {
     private zkModule?;
     constructor(config?: Web3PasskeyConfig);
     /**
-     * Lazy-load ZK module to avoid bundling large dependencies
+     * Lazy-load ZK module only when accessed
+     * This prevents bundlers from including circomlibjs unless ZK features are used
      */
-    private initializeZKModule;
+    private loadZKModule;
     /**
      * Get mnemonic from active session or trigger authentication
      * This is used internally by methods that need the mnemonic
@@ -334,12 +335,13 @@ declare class Web3Passkey {
      * Register a new user with WebAuthn
      * Automatically generates a wallet if none exists
      * Creates a passkey and associates it with the Ethereum address (account #0)
-     * Returns the mnemonic phrase - IMPORTANT: User must save this!
+     * Returns the derived address #0 and username
      */
     register(options: {
         username: string;
     }): Promise<{
-        mnemonic: string;
+        address: string;
+        username: string;
     }>;
     /**
      * Login with WebAuthn (usernameless)
@@ -550,10 +552,6 @@ declare class Web3Passkey {
      * @param hours - Session duration in hours
      */
     setSessionDuration(hours: number): void;
-    /**
-     * SDK version
-     */
-    get version(): string;
 }
 
 /**
@@ -1104,6 +1102,30 @@ declare function getAllTopics(): string[];
  */
 declare function searchExplainers(query: string): EducationalModule[];
 
+/**
+ * Input validation utilities
+ */
+declare function validateEthereumAddress(address: string): boolean;
+declare function validateUsername(username: string): boolean;
+declare function validateMnemonic(mnemonic: string): boolean;
+declare function assertEthereumAddress(address: string): void;
+declare function assertUsername(username: string): void;
+declare function assertMnemonic(mnemonic: string): void;
+/**
+ * Validates password strength based on security best practices
+ * @param password - The password to validate
+ * @returns true if password meets strength requirements, false otherwise
+ *
+ * Requirements:
+ * - At least 12 characters long
+ * - Contains at least one uppercase letter
+ * - Contains at least one lowercase letter
+ * - Contains at least one number
+ * - Contains at least one special character
+ * - Not a common password
+ */
+declare function isStrongPassword(password: string): boolean;
+
 /**
  * Web3 Passkey SDK
  * Passwordless authentication with encrypted wallets
@@ -1111,4 +1133,4 @@ declare function searchExplainers(query: string): EducationalModule[];
 
 declare function createWeb3Passkey(config?: Web3PasskeyConfig): Web3Passkey;
 
-export { ApiError, AuthenticationError, BackupManager, type BackupStatus, BackupStorage, CryptoError, type DeviceInfo, DeviceManager, type EncryptedBackupInfo, type Guardian, type GuardianInvite, PlatformDetector, type QRBackupOptions, type RecoveryProgress, type RecoveryScenario, type RecoveryShare, RecoverySimulator, RegistrationError, type SecurityScore, type SimulationResult, type SocialRecoveryConfig, SocialRecoveryManager, type StealthAddressConfig, StealthAddressModule, type StealthAddressResult, type StealthKeys, StorageError, type SyncCapabilities, type SyncStatus, type SyncVault, type UserInfo, VaultSync, WalletError, type WalletInfo, Web3Passkey, type Web3PasskeyConfig, Web3PasskeyError, type ZipBackupOptions, canControlStealthAddress, checkStealthAddress, computeStealthPrivateKey, createWalletFromMnemonic, createWeb3Passkey, createWeb3Passkey as default, deriveStealthKeys, deriveWalletFromMnemonic, generateBIP39Wallet, generateStealthAddress, getAllTopics, getExplainer, searchExplainers };
+export { ApiError, AuthenticationError, BackupManager, type BackupStatus, BackupStorage, CryptoError, type DeviceInfo, DeviceManager, type EncryptedBackupInfo, type Guardian, type GuardianInvite, PlatformDetector, type QRBackupOptions, type RecoveryProgress, type RecoveryScenario, type RecoveryShare, RecoverySimulator, RegistrationError, type SecurityScore, type SimulationResult, type SocialRecoveryConfig, SocialRecoveryManager, type StealthAddressConfig, StealthAddressModule, type StealthAddressResult, type StealthKeys, StorageError, type SyncCapabilities, type SyncStatus, type SyncVault, type UserInfo, VaultSync, WalletError, type WalletInfo, Web3Passkey, type Web3PasskeyConfig, Web3PasskeyError, type ZipBackupOptions, assertEthereumAddress, assertMnemonic, assertUsername, canControlStealthAddress, checkStealthAddress, computeStealthPrivateKey, createWalletFromMnemonic, createWeb3Passkey, createWeb3Passkey as default, deriveStealthKeys, deriveWalletFromMnemonic, generateBIP39Wallet, generateStealthAddress, getAllTopics, getExplainer, isStrongPassword, searchExplainers, validateEthereumAddress, validateMnemonic, validateUsername };