walletpair-sdk 1.0.0

package/dist/ble/web-ble-transport.js

@@ -0,0 +1,93 @@
+/**
+ * Web Bluetooth Central transport for dApp side.
+ *
+ * The dApp acts as BLE Central and connects to the wallet's GATT Peripheral.
+ * Safe to import anywhere — checks Web Bluetooth availability at runtime.
+ */
+import { BLE_SERVICE_UUID, BLE_WRITE_CHAR_UUID, BLE_NOTIFY_CHAR_UUID, frameMessage, Defragmenter, } from './framing.js';
+export function isWebBleSupported() {
+    return typeof navigator !== 'undefined' && !!navigator.bluetooth;
+}
+export class WebBleCentralTransport {
+    state = 'disconnected';
+    device = null;
+    writeChar = null;
+    notifyChar = null;
+    defrag = new Defragmenter();
+    mtuPayload = 509;
+    messageHandler = null;
+    closeHandler = null;
+    openHandler = null;
+    onMessage(handler) { this.messageHandler = handler; }
+    onClose(handler) { this.closeHandler = handler; }
+    onOpen(handler) { this.openHandler = handler; }
+    async connect() {
+        if (!isWebBleSupported()) {
+            throw new Error('Web Bluetooth is not supported in this environment');
+        }
+        this.state = 'connecting';
+        const device = await navigator.bluetooth.requestDevice({
+            filters: [
+                { namePrefix: 'WalletPair' },
+                { services: [BLE_SERVICE_UUID] },
+            ],
+            optionalServices: [BLE_SERVICE_UUID],
+        });
+        this.device = device;
+        device.addEventListener('gattserverdisconnected', this.onDisconnect);
+        const server = await device.gatt.connect();
+        const service = await server.getPrimaryService(BLE_SERVICE_UUID);
+        this.writeChar = await service.getCharacteristic(BLE_WRITE_CHAR_UUID);
+        this.notifyChar = await service.getCharacteristic(BLE_NOTIFY_CHAR_UUID);
+        await this.notifyChar.startNotifications();
+        this.notifyChar.addEventListener('characteristicvaluechanged', this.onNotification);
+        this.state = 'connected';
+        this.openHandler?.();
+    }
+    send(msg) {
+        if (!this.writeChar || this.state !== 'connected')
+            return;
+        const frames = frameMessage(JSON.stringify(msg), this.mtuPayload);
+        // Send frames sequentially
+        let chain = Promise.resolve();
+        for (const frame of frames) {
+            chain = chain.then(() => this.writeChar.writeValueWithoutResponse(frame));
+        }
+    }
+    disconnect() {
+        if (this.device?.gatt?.connected) {
+            this.device.gatt.disconnect();
+        }
+        this.cleanup();
+    }
+    onNotification = (event) => {
+        const target = event.target;
+        const dv = target.value;
+        const data = new Uint8Array(dv.buffer, dv.byteOffset, dv.byteLength);
+        const json = this.defrag.push(data);
+        if (json && this.messageHandler) {
+            try {
+                this.messageHandler(JSON.parse(json));
+            }
+            catch { /* bad json */ }
+        }
+    };
+    onDisconnect = () => {
+        this.cleanup();
+        this.closeHandler?.();
+    };
+    cleanup() {
+        if (this.notifyChar) {
+            this.notifyChar.removeEventListener('characteristicvaluechanged', this.onNotification);
+        }
+        if (this.device) {
+            this.device.removeEventListener('gattserverdisconnected', this.onDisconnect);
+        }
+        this.device = null;
+        this.writeChar = null;
+        this.notifyChar = null;
+        this.defrag.reset();
+        this.state = 'disconnected';
+    }
+}
+//# sourceMappingURL=web-ble-transport.js.map

package/dist/ble/web-ble-transport.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"web-ble-transport.js","sourceRoot":"","sources":["../../src/ble/web-ble-transport.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,oBAAoB,EACpB,YAAY,EACZ,YAAY,GACb,MAAM,cAAc,CAAC;AAEtB,MAAM,UAAU,iBAAiB;IAC/B,OAAO,OAAO,SAAS,KAAK,WAAW,IAAI,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC;AACnE,CAAC;AAED,MAAM,OAAO,sBAAsB;IACjC,KAAK,GAAmB,cAAc,CAAC;IAE/B,MAAM,GAA2B,IAAI,CAAC;IACtC,SAAS,GAA6C,IAAI,CAAC;IAC3D,UAAU,GAA6C,IAAI,CAAC;IAC5D,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;IAC5B,UAAU,GAAG,GAAG,CAAC;IAEjB,cAAc,GAA4C,IAAI,CAAC;IAC/D,YAAY,GAAwB,IAAI,CAAC;IACzC,WAAW,GAAwB,IAAI,CAAC;IAEhD,SAAS,CAAC,OAAuC,IAAU,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC;IAC3F,OAAO,CAAC,OAAmB,IAAU,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC;IACnE,MAAM,CAAC,OAAmB,IAAU,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,CAAC,CAAC;IAEjE,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;QAE1B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,SAAU,CAAC,aAAa,CAAC;YACtD,OAAO,EAAE;gBACP,EAAE,UAAU,EAAE,YAAY,EAAE;gBAC5B,EAAE,QAAQ,EAAE,CAAC,gBAAgB,CAAC,EAAE;aACjC;YACD,gBAAgB,EAAE,CAAC,gBAAgB,CAAC;SACrC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,MAAM,CAAC,gBAAgB,CAAC,wBAAwB,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAErE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAK,CAAC,OAAO,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;QAEjE,IAAI,CAAC,SAAS,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;QACtE,IAAI,CAAC,UAAU,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,oBAAoB,CAAC,CAAC;QAExE,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,CAAC;QAC3C,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,4BAA4B,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QAEpF,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC;QACzB,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;IACvB,CAAC;IAED,IAAI,CAAC,GAAoB;QACvB,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,KAAK,WAAW;YAAE,OAAO;QAC1D,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAClE,2BAA2B;QAC3B,IAAI,KAAK,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;QAC9B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,SAAU,CAAC,yBAAyB,CAAC,KAA+B,CAAC,CAAC,CAAC;QACvG,CAAC;IACH,CAAC;IAED,UAAU;QACR,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChC,CAAC;QACD,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAEO,cAAc,GAAG,CAAC,KAAY,EAAQ,EAAE;QAC9C,MAAM,MAAM,GAAG,KAAK,CAAC,MAA2C,CAAC;QACjE,MAAM,EAAE,GAAG,MAAM,CAAC,KAAM,CAAC;QACzB,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC;QACrE,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,IAAI,IAAI,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAChC,IAAI,CAAC;gBAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;QACzE,CAAC;IACH,CAAC,CAAC;IAEM,YAAY,GAAG,GAAS,EAAE;QAChC,IAAI,CAAC,OAAO,EAAE,CAAC;QACf,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;IACxB,CAAC,CAAC;IAEM,OAAO;QACb,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,4BAA4B,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QACzF,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,wBAAwB,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACtB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACpB,IAAI,CAAC,KAAK,GAAG,cAAc,CAAC;IAC9B,CAAC;CACF"}

package/dist/crypto.d.ts

@@ -0,0 +1,102 @@
+/**
+ * WalletPair Protocol v1 — crypto & protocol helpers.
+ *
+ * Pure JS (noble libraries v2), no native modules required.
+ */
+import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
+import type { PairingParams } from './types.js';
+export { bytesToHex, hexToBytes };
+export declare function b64urlEncode(bytes: Uint8Array): string;
+export declare function b64urlDecode(str: string): Uint8Array;
+export interface X25519KeyPair {
+    privateKey: Uint8Array;
+    publicKey: Uint8Array;
+    publicKeyB64: string;
+}
+export declare function generateX25519KeyPair(): X25519KeyPair;
+export declare function getPublicKey(privateKey: Uint8Array): Uint8Array;
+export declare function computeSharedSecret(myPrivateKey: Uint8Array, remotePubKey: Uint8Array): Uint8Array;
+export declare function deriveSessionKey(sharedSecret: Uint8Array, channelIdHex: string): Uint8Array;
+export interface SessionCryptoContext {
+    dappPubKeyB64: string;
+    walletPubKeyB64: string;
+    capabilities?: unknown;
+    walletMeta?: unknown;
+    dappName?: string | undefined;
+}
+export interface DirectionalSessionKeys {
+    rootKey: Uint8Array;
+    dappToWalletKey: Uint8Array;
+    walletToDappKey: Uint8Array;
+    transcriptHash: Uint8Array;
+}
+export declare function canonicalJson(value: unknown): string;
+export declare function computeHandshakeTranscriptHash(channelIdHex: string, context: SessionCryptoContext): Uint8Array;
+export declare function deriveDirectionalSessionKeys(rootKey: Uint8Array, channelIdHex: string, context: SessionCryptoContext): DirectionalSessionKeys;
+export declare function computeSessionFingerprint(channelIdHex: string, dappPubKeyB64: string): string;
+export declare function deriveJoinEncryptionKey(rootKey: Uint8Array, channelIdHex: string): Uint8Array;
+/**
+ * Encrypt capabilities + meta for private handshake (§7.5).
+ * Returns base64url(nonce || ciphertext || tag).
+ */
+export declare function sealJoin(joinEncryptionKey: Uint8Array, channelIdHex: string, capabilities: unknown, meta?: unknown): string;
+/**
+ * Decrypt sealed_join from a private handshake join message (§7.5).
+ * Returns { capabilities, meta }.
+ */
+export declare function unsealJoin(joinEncryptionKey: Uint8Array, channelIdHex: string, sealedJoin: string): {
+    capabilities: unknown;
+    meta?: unknown;
+};
+/**
+ * AAD header for authenticated encryption.
+ * Uses length-prefixed binary encoding per protocol §7.4.
+ */
+export type AadHeader = {
+    type: 'req';
+    from: string;
+    id: string;
+} | {
+    type: 'res';
+    from: string;
+    id: string;
+} | {
+    type: 'evt';
+    from: string;
+    id: string;
+};
+export declare function sealPayload(encryptionKey: Uint8Array, channelIdHex: string, seq: number, data: unknown, header?: AadHeader): string;
+export declare function unsealPayload(encryptionKey: Uint8Array, channelIdHex: string, sealed: string, header?: AadHeader): {
+    seq: number;
+    data: unknown;
+    plaintext: Uint8Array;
+    plaintextJson: string;
+};
+export declare function sha256Hex(bytes: Uint8Array): string;
+/** Constant-time string comparison to prevent timing side-channels (§9.1). */
+export declare function constantTimeEqual(a: string, b: string): boolean;
+/**
+ * Sign a serialized session snapshot with HMAC-SHA256.
+ * Returns `<hex-mac>.<json-payload>`.
+ */
+export declare function signSnapshot(sendKey: Uint8Array, json: string): string;
+/**
+ * Verify and extract a signed snapshot.
+ * Returns the JSON payload on success, or `null` if the HMAC is invalid.
+ */
+export declare function verifySnapshot(sendKey: Uint8Array, signed: string): string | null;
+export declare function generateChannelId(): string;
+export declare function buildPairingUri(params: {
+    channelId: string;
+    pubkeyB64: string;
+    relayUrl?: string | undefined;
+    name: string;
+    url: string;
+    icon: string;
+    /** Methods the dApp intends to call (§9.1). */
+    methods?: string[] | undefined;
+    /** CAIP-2 chains the dApp intends to use (§9.1). */
+    chains?: string[] | undefined;
+}): string;
+export declare function parsePairingUri(uri: string): PairingParams;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AASH,OAAO,EACL,UAAU,EACV,UAAU,EAGX,MAAM,qBAAqB,CAAC;AAE7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAMhD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AAMlC,wBAAgB,YAAY,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAOtD;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAOpD;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,UAAU,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,wBAAgB,qBAAqB,IAAI,aAAa,CAIrD;AAED,wBAAgB,YAAY,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,CAE/D;AAMD,wBAAgB,mBAAmB,CACjC,YAAY,EAAE,UAAU,EACxB,YAAY,EAAE,UAAU,GACvB,UAAU,CAaZ;AAED,wBAAgB,gBAAgB,CAC9B,YAAY,EAAE,UAAU,EACxB,YAAY,EAAE,MAAM,GACnB,UAAU,CAEZ;AAED,MAAM,WAAW,oBAAoB;IACnC,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC/B;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,UAAU,CAAC;IACpB,eAAe,EAAE,UAAU,CAAC;IAC5B,eAAe,EAAE,UAAU,CAAC;IAC5B,cAAc,EAAE,UAAU,CAAC;CAC5B;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAEpD;AAED,wBAAgB,8BAA8B,CAC5C,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,oBAAoB,GAC5B,UAAU,CAUZ;AAED,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,UAAU,EACnB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,oBAAoB,GAC5B,sBAAsB,CAQxB;AAMD,wBAAgB,yBAAyB,CACvC,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,MAAM,GACpB,MAAM,CAQR;AAMD,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,UAAU,EACnB,YAAY,EAAE,MAAM,GACnB,UAAU,CAEZ;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CACtB,iBAAiB,EAAE,UAAU,EAC7B,YAAY,EAAE,MAAM,EACpB,YAAY,EAAE,OAAO,EACrB,IAAI,CAAC,EAAE,OAAO,GACb,MAAM,CAOR;AAED;;;GAGG;AACH,wBAAgB,UAAU,CACxB,iBAAiB,EAAE,UAAU,EAC7B,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,GACjB;IAAE,YAAY,EAAE,OAAO,CAAC;IAAC,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,CAU3C;AAMD;;;GAGG;AACH,MAAM,MAAM,SAAS,GACjB;IAAE,IAAI,EAAE,KAAK,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,GACzC;IAAE,IAAI,EAAE,KAAK,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,GACzC;IAAE,IAAI,EAAE,KAAK,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,CAAC;AA6B9C,wBAAgB,WAAW,CACzB,aAAa,EAAE,UAAU,EACzB,YAAY,EAAE,MAAM,EACpB,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,OAAO,EACb,MAAM,CAAC,EAAE,SAAS,GACjB,MAAM,CAQR;AAED,wBAAgB,aAAa,CAC3B,aAAa,EAAE,UAAU,EACzB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,SAAS,GACjB;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,UAAU,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,CAU9E;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAEnD;AAED,8EAA8E;AAC9E,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAO/D;AAgBD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAItE;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAQjF;AAMD,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAMD,wBAAgB,eAAe,CAAC,MAAM,EAAE;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAC/B,oDAAoD;IACpD,MAAM,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;CAC/B,GAAG,MAAM,CAST;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,CAgC1D"}

package/dist/crypto.js

@@ -0,0 +1,279 @@
+/**
+ * WalletPair Protocol v1 — crypto & protocol helpers.
+ *
+ * Pure JS (noble libraries v2), no native modules required.
+ */
+import _canonicalize from 'canonicalize';
+const canonicalize = _canonicalize.default ?? _canonicalize.default;
+import { x25519 } from '@noble/curves/ed25519';
+import { hkdf } from '@noble/hashes/hkdf';
+import { sha256 } from '@noble/hashes/sha256';
+import { hmac } from '@noble/hashes/hmac';
+import { chacha20poly1305 } from '@noble/ciphers/chacha';
+import { bytesToHex, hexToBytes, utf8ToBytes, concatBytes, } from '@noble/hashes/utils';
+// ---------------------------------------------------------------------------
+// Re-exports
+// ---------------------------------------------------------------------------
+export { bytesToHex, hexToBytes };
+// ---------------------------------------------------------------------------
+// Base64url (no padding)
+// ---------------------------------------------------------------------------
+export function b64urlEncode(bytes) {
+    let binary = '';
+    for (const b of bytes)
+        binary += String.fromCharCode(b);
+    return btoa(binary)
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=/g, '');
+}
+export function b64urlDecode(str) {
+    const b64 = str.replace(/-/g, '+').replace(/_/g, '/');
+    const padded = b64 + '='.repeat((4 - (b64.length % 4)) % 4);
+    const binary = atob(padded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++)
+        bytes[i] = binary.charCodeAt(i);
+    return bytes;
+}
+export function generateX25519KeyPair() {
+    const privateKey = x25519.utils.randomPrivateKey();
+    const publicKey = x25519.getPublicKey(privateKey);
+    return { privateKey, publicKey, publicKeyB64: b64urlEncode(publicKey) };
+}
+export function getPublicKey(privateKey) {
+    return x25519.getPublicKey(privateKey);
+}
+// ---------------------------------------------------------------------------
+// Root and directional key derivation (protocol Section 7.2)
+// ---------------------------------------------------------------------------
+export function computeSharedSecret(myPrivateKey, remotePubKey) {
+    if (remotePubKey.length !== 32) {
+        throw new Error('Remote public key must be exactly 32 bytes');
+    }
+    const shared = x25519.getSharedSecret(myPrivateKey, remotePubKey);
+    // RFC 7748 §6: low-order points produce all-zero output — reject to
+    // prevent invalid key derivation.
+    let acc = 0;
+    for (let i = 0; i < shared.length; i++)
+        acc |= shared[i];
+    if (acc === 0) {
+        throw new Error('X25519 produced all-zero shared secret (low-order public key)');
+    }
+    return shared;
+}
+export function deriveSessionKey(sharedSecret, channelIdHex) {
+    return hkdf(sha256, sharedSecret, hexToBytes(channelIdHex), 'walletpair-v1 root', 32);
+}
+export function canonicalJson(value) {
+    return canonicalize(value) ?? 'null';
+}
+export function computeHandshakeTranscriptHash(channelIdHex, context) {
+    return sha256(concatBytes(utf8ToBytes('walletpair-v1-transcript'), hexToBytes(channelIdHex), lp(context.dappPubKeyB64), lp(context.walletPubKeyB64), lp(canonicalJson(context.capabilities ?? null)), lp(canonicalJson(context.walletMeta ?? null)), lp(context.dappName ?? '')));
+}
+export function deriveDirectionalSessionKeys(rootKey, channelIdHex, context) {
+    const transcriptHash = computeHandshakeTranscriptHash(channelIdHex, context);
+    return {
+        rootKey,
+        transcriptHash,
+        dappToWalletKey: hkdf(sha256, rootKey, transcriptHash, 'walletpair-v1 dapp-to-wallet', 32),
+        walletToDappKey: hkdf(sha256, rootKey, transcriptHash, 'walletpair-v1 wallet-to-dapp', 32),
+    };
+}
+// ---------------------------------------------------------------------------
+// Session fingerprint (protocol Section 7.3)
+// ---------------------------------------------------------------------------
+export function computeSessionFingerprint(channelIdHex, dappPubKeyB64) {
+    const hash = sha256(concatBytes(utf8ToBytes('walletpair-v1-session-fingerprint'), hexToBytes(channelIdHex), b64urlDecode(dappPubKeyB64)));
+    const view = new DataView(hash.buffer, hash.byteOffset, 4);
+    return (view.getUint32(0) % 10000).toString().padStart(4, '0');
+}
+// ---------------------------------------------------------------------------
+// Join encryption key (protocol Section 7.5 — private handshake)
+// ---------------------------------------------------------------------------
+export function deriveJoinEncryptionKey(rootKey, channelIdHex) {
+    return hkdf(sha256, rootKey, hexToBytes(channelIdHex), 'walletpair-v1 join-encryption', 32);
+}
+/**
+ * Encrypt capabilities + meta for private handshake (§7.5).
+ * Returns base64url(nonce || ciphertext || tag).
+ */
+export function sealJoin(joinEncryptionKey, channelIdHex, capabilities, meta) {
+    const plainObj = { capabilities, meta: meta ?? null };
+    const plaintext = utf8ToBytes(canonicalJson(plainObj));
+    const nonce = crypto.getRandomValues(new Uint8Array(12));
+    const aad = concatBytes(hexToBytes(channelIdHex), new Uint8Array([0x04]));
+    const ciphertext = chacha20poly1305(joinEncryptionKey, nonce, aad).encrypt(plaintext);
+    return b64urlEncode(concatBytes(nonce, ciphertext));
+}
+/**
+ * Decrypt sealed_join from a private handshake join message (§7.5).
+ * Returns { capabilities, meta }.
+ */
+export function unsealJoin(joinEncryptionKey, channelIdHex, sealedJoin) {
+    const envelope = b64urlDecode(sealedJoin);
+    if (envelope.length < 12 + 16) {
+        throw new Error('Invalid sealed_join envelope');
+    }
+    const nonce = envelope.slice(0, 12);
+    const ciphertext = envelope.slice(12);
+    const aad = concatBytes(hexToBytes(channelIdHex), new Uint8Array([0x04]));
+    const plaintext = chacha20poly1305(joinEncryptionKey, nonce, aad).decrypt(ciphertext);
+    return JSON.parse(new TextDecoder().decode(plaintext));
+}
+/** Length-prefix a UTF-8 string: uint16_be(byte_length) || utf8_bytes */
+function lp(s) {
+    const bytes = utf8ToBytes(s);
+    if (bytes.length > 0xffff) {
+        throw new Error('AAD field exceeds 65535 bytes');
+    }
+    const len = new Uint8Array(2);
+    new DataView(len.buffer).setUint16(0, bytes.length);
+    return concatBytes(len, bytes);
+}
+/**
+ * Build AEAD AAD = channel_id_bytes || type_byte || lp(fields...)
+ */
+function buildAad(channelIdHex, header) {
+    const chBytes = hexToBytes(channelIdHex);
+    if (!header)
+        return chBytes;
+    switch (header.type) {
+        case 'req':
+            return concatBytes(chBytes, new Uint8Array([0x01]), lp(header.from), lp(header.id));
+        case 'res':
+            return concatBytes(chBytes, new Uint8Array([0x02]), lp(header.from), lp(header.id));
+        case 'evt':
+            return concatBytes(chBytes, new Uint8Array([0x03]), lp(header.from), lp(header.id));
+    }
+}
+export function sealPayload(encryptionKey, channelIdHex, seq, data, header) {
+    const seqBytes = new Uint8Array(4);
+    new DataView(seqBytes.buffer).setUint32(0, seq);
+    const nonce = hmac(sha256, encryptionKey, seqBytes).slice(0, 12);
+    const plaintext = utf8ToBytes(canonicalJson(data));
+    const aad = buildAad(channelIdHex, header);
+    const ciphertext = chacha20poly1305(encryptionKey, nonce, aad).encrypt(plaintext);
+    return b64urlEncode(concatBytes(seqBytes, ciphertext));
+}
+export function unsealPayload(encryptionKey, channelIdHex, sealed, header) {
+    const bytes = b64urlDecode(sealed);
+    const seqBytes = bytes.slice(0, 4);
+    const ciphertext = bytes.slice(4);
+    const nonce = hmac(sha256, encryptionKey, seqBytes).slice(0, 12);
+    const aad = buildAad(channelIdHex, header);
+    const plaintext = chacha20poly1305(encryptionKey, nonce, aad).decrypt(ciphertext);
+    const seq = new DataView(seqBytes.buffer, seqBytes.byteOffset, 4).getUint32(0);
+    const plaintextJson = new TextDecoder().decode(plaintext);
+    return { seq, data: JSON.parse(plaintextJson), plaintext, plaintextJson };
+}
+export function sha256Hex(bytes) {
+    return bytesToHex(sha256(bytes));
+}
+/** Constant-time string comparison to prevent timing side-channels (§9.1). */
+export function constantTimeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+        result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return result === 0;
+}
+// ---------------------------------------------------------------------------
+// Snapshot integrity (HMAC for serialized session state)
+// ---------------------------------------------------------------------------
+const SNAPSHOT_HMAC_INFO = utf8ToBytes('walletpair-v1-snapshot-hmac');
+/**
+ * Derive a dedicated HMAC key from the send key so we don't reuse
+ * traffic keys for a different purpose.
+ */
+function deriveSnapshotHmacKey(sendKey) {
+    return hmac(sha256, sendKey, SNAPSHOT_HMAC_INFO);
+}
+/**
+ * Sign a serialized session snapshot with HMAC-SHA256.
+ * Returns `<hex-mac>.<json-payload>`.
+ */
+export function signSnapshot(sendKey, json) {
+    const macKey = deriveSnapshotHmacKey(sendKey);
+    const mac = hmac(sha256, macKey, utf8ToBytes(json));
+    return bytesToHex(mac) + '.' + json;
+}
+/**
+ * Verify and extract a signed snapshot.
+ * Returns the JSON payload on success, or `null` if the HMAC is invalid.
+ */
+export function verifySnapshot(sendKey, signed) {
+    const dot = signed.indexOf('.');
+    if (dot !== 64)
+        return null; // HMAC-SHA256 hex = 64 chars
+    const macHex = signed.slice(0, 64);
+    const json = signed.slice(65);
+    const macKey = deriveSnapshotHmacKey(sendKey);
+    const expected = bytesToHex(hmac(sha256, macKey, utf8ToBytes(json)));
+    return constantTimeEqual(macHex, expected) ? json : null;
+}
+// ---------------------------------------------------------------------------
+// Channel ID generation
+// ---------------------------------------------------------------------------
+export function generateChannelId() {
+    return bytesToHex(crypto.getRandomValues(new Uint8Array(32)));
+}
+// ---------------------------------------------------------------------------
+// Pairing URI
+// ---------------------------------------------------------------------------
+export function buildPairingUri(params) {
+    let uri = `walletpair:?ch=${params.channelId}&pubkey=${params.pubkeyB64}`;
+    if (params.relayUrl)
+        uri += `&relay=${encodeURIComponent(params.relayUrl)}`;
+    uri += `&name=${encodeURIComponent(params.name)}`;
+    uri += `&url=${encodeURIComponent(params.url)}`;
+    uri += `&icon=${encodeURIComponent(params.icon)}`;
+    if (params.methods?.length)
+        uri += `&methods=${params.methods.join(',')}`;
+    if (params.chains?.length)
+        uri += `&chains=${params.chains.join(',')}`;
+    return uri;
+}
+export function parsePairingUri(uri) {
+    const qs = uri.replace(/^walletpair:\?/, '');
+    const params = new URLSearchParams(qs);
+    const ch = params.get('ch');
+    const pubkey = params.get('pubkey');
+    if (!ch || !pubkey)
+        throw new Error('Invalid pairing URI: missing ch or pubkey');
+    // §8.1: ch must be 64 hex characters (32 bytes)
+    if (!/^[0-9a-f]{64}$/.test(ch))
+        throw new Error('Invalid pairing URI: ch must be 64 lowercase hex chars');
+    // §8.1: pubkey must decode to 32 bytes
+    const pubkeyBytes = b64urlDecode(pubkey);
+    if (pubkeyBytes.length !== 32)
+        throw new Error('Invalid pairing URI: pubkey must be 32 bytes');
+    // §8.1: name, url, icon are required
+    const name = params.get('name');
+    const url = params.get('url');
+    const icon = params.get('icon');
+    if (!name)
+        throw new Error('Invalid pairing URI: missing required param "name"');
+    if (!url)
+        throw new Error('Invalid pairing URI: missing required param "url"');
+    if (!icon)
+        throw new Error('Invalid pairing URI: missing required param "icon"');
+    // §8.1: icon MUST be https:
+    if (!icon.startsWith('https:'))
+        throw new Error('Invalid pairing URI: icon must use https:');
+    const methodsStr = params.get('methods');
+    const chainsStr = params.get('chains');
+    return {
+        ch,
+        pubkey,
+        relay: params.get('relay') || undefined,
+        name,
+        url,
+        icon,
+        methods: methodsStr ? methodsStr.split(',').filter(Boolean) : undefined,
+        chains: chainsStr ? chainsStr.split(',').filter(Boolean) : undefined,
+    };
+}
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,aAAa,MAAM,cAAc,CAAC;AACzC,MAAM,YAAY,GAAI,aAA2D,CAAC,OAAO,IAAI,aAAa,CAAC,OAAO,CAAC;AACnH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EACL,UAAU,EACV,UAAU,EACV,WAAW,EACX,WAAW,GACZ,MAAM,qBAAqB,CAAC;AAI7B,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AAElC,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E,MAAM,UAAU,YAAY,CAAC,KAAiB;IAC5C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACxD,OAAO,IAAI,CAAC,MAAM,CAAC;SAChB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AACvB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACxE,OAAO,KAAK,CAAC;AACf,CAAC;AAYD,MAAM,UAAU,qBAAqB;IACnC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IACnD,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IAClD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;AAC1E,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,UAAsB;IACjD,OAAO,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;AACzC,CAAC;AAED,8EAA8E;AAC9E,6DAA6D;AAC7D,8EAA8E;AAE9E,MAAM,UAAU,mBAAmB,CACjC,YAAwB,EACxB,YAAwB;IAExB,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAClE,oEAAoE;IACpE,kCAAkC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,CAAC,CAAE,CAAC;IAC1D,IAAI,GAAG,KAAK,CAAC,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;IACnF,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,YAAwB,EACxB,YAAoB;IAEpB,OAAO,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,UAAU,CAAC,YAAY,CAAC,EAAE,oBAAoB,EAAE,EAAE,CAAC,CAAC;AACxF,CAAC;AAiBD,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,8BAA8B,CAC5C,YAAoB,EACpB,OAA6B;IAE7B,OAAO,MAAM,CAAC,WAAW,CACvB,WAAW,CAAC,0BAA0B,CAAC,EACvC,UAAU,CAAC,YAAY,CAAC,EACxB,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC,EACzB,EAAE,CAAC,OAAO,CAAC,eAAe,CAAC,EAC3B,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,EAC/C,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,EAC7C,EAAE,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,CAC3B,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,OAAmB,EACnB,YAAoB,EACpB,OAA6B;IAE7B,MAAM,cAAc,GAAG,8BAA8B,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAC7E,OAAO;QACL,OAAO;QACP,cAAc;QACd,eAAe,EAAE,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,8BAA8B,EAAE,EAAE,CAAC;QAC1F,eAAe,EAAE,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,8BAA8B,EAAE,EAAE,CAAC;KAC3F,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,6CAA6C;AAC7C,8EAA8E;AAE9E,MAAM,UAAU,yBAAyB,CACvC,YAAoB,EACpB,aAAqB;IAErB,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAC7B,WAAW,CAAC,mCAAmC,CAAC,EAChD,UAAU,CAAC,YAAY,CAAC,EACxB,YAAY,CAAC,aAAa,CAAC,CAC5B,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACjE,CAAC;AAED,8EAA8E;AAC9E,iEAAiE;AACjE,8EAA8E;AAE9E,MAAM,UAAU,uBAAuB,CACrC,OAAmB,EACnB,YAAoB;IAEpB,OAAO,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,YAAY,CAAC,EAAE,+BAA+B,EAAE,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,QAAQ,CACtB,iBAA6B,EAC7B,YAAoB,EACpB,YAAqB,EACrB,IAAc;IAEd,MAAM,QAAQ,GAA4B,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC;IAC/E,MAAM,SAAS,GAAG,WAAW,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,MAAM,GAAG,GAAG,WAAW,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,gBAAgB,CAAC,iBAAiB,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACtF,OAAO,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;AACtD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CACxB,iBAA6B,EAC7B,YAAoB,EACpB,UAAkB;IAElB,MAAM,QAAQ,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IAC1C,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACpC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,WAAW,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1E,MAAM,SAAS,GAAG,gBAAgB,CAAC,iBAAiB,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACtF,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;AACzD,CAAC;AAeD,yEAAyE;AACzE,SAAS,EAAE,CAAC,CAAS;IACnB,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,YAAoB,EAAE,MAAkB;IACxD,MAAM,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM;QAAE,OAAO,OAAO,CAAC;IAC5B,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,KAAK;YACR,OAAO,WAAW,CAAC,OAAO,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QACtF,KAAK,KAAK;YACR,OAAO,WAAW,CAAC,OAAO,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QACtF,KAAK,KAAK;YACR,OAAO,WAAW,CAAC,OAAO,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IACxF,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,aAAyB,EACzB,YAAoB,EACpB,GAAW,EACX,IAAa,EACb,MAAkB;IAElB,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,WAAW,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAG,gBAAgB,CAAC,aAAa,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClF,OAAO,YAAY,CAAC,WAAW,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,aAAa,CAC3B,aAAyB,EACzB,YAAoB,EACpB,MAAc,EACd,MAAkB;IAElB,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnC,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,SAAS,GAAG,gBAAgB,CAAC,aAAa,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAClF,MAAM,GAAG,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC/E,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC1D,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAiB;IACzC,OAAO,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,8EAA8E;AAC9E,MAAM,UAAU,iBAAiB,CAAC,CAAS,EAAE,CAAS;IACpD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,MAAM,KAAK,CAAC,CAAC;AACtB,CAAC;AAED,8EAA8E;AAC9E,yDAAyD;AACzD,8EAA8E;AAE9E,MAAM,kBAAkB,GAAG,WAAW,CAAC,6BAA6B,CAAC,CAAC;AAEtE;;;GAGG;AACH,SAAS,qBAAqB,CAAC,OAAmB;IAChD,OAAO,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,kBAAkB,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,OAAmB,EAAE,IAAY;IAC5D,MAAM,MAAM,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;IACpD,OAAO,UAAU,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,OAAmB,EAAE,MAAc;IAChE,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,GAAG,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC,CAAC,6BAA6B;IAC1D,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACrE,OAAO,iBAAiB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAC3D,CAAC;AAED,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E,MAAM,UAAU,iBAAiB;IAC/B,OAAO,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E,MAAM,UAAU,eAAe,CAAC,MAW/B;IACC,IAAI,GAAG,GAAG,kBAAkB,MAAM,CAAC,SAAS,WAAW,MAAM,CAAC,SAAS,EAAE,CAAC;IAC1E,IAAI,MAAM,CAAC,QAAQ;QAAE,GAAG,IAAI,UAAU,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC5E,GAAG,IAAI,SAAS,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;IAClD,GAAG,IAAI,QAAQ,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;IAChD,GAAG,IAAI,SAAS,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;IAClD,IAAI,MAAM,CAAC,OAAO,EAAE,MAAM;QAAE,GAAG,IAAI,YAAY,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IAC1E,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM;QAAE,GAAG,IAAI,WAAW,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IACvE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACpC,IAAI,CAAC,EAAE,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IACjF,gDAAgD;IAChD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC1G,uCAAuC;IACvC,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACzC,IAAI,WAAW,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAC/F,qCAAqC;IACrC,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACjF,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IAC/E,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACjF,4BAA4B;IAC5B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC7F,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACvC,OAAO;QACL,EAAE;QACF,MAAM;QACN,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS;QACvC,IAAI;QACJ,GAAG;QACH,IAAI;QACJ,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;QACvE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;KACrE,CAAC;AACJ,CAAC"}

package/dist/dapp-session.d.ts

@@ -0,0 +1,106 @@
+/**
+ * DApp-side WalletPair session.
+ *
+ * Manages the full lifecycle: create channel → QR → wallet joins → accept →
+ * encrypted request/response + events.
+ */
+import { Emitter } from './emitter.js';
+import type { Capabilities, DAppPhase, DAppSessionEvents, DAppSessionOptions, WalletMeta } from './types.js';
+export declare class DAppSession extends Emitter<DAppSessionEvents> {
+    phase: DAppPhase;
+    /** Channel ID (hex). Available after createPairing(). */
+    channelId: string;
+    /** Pairing URI. Available after createPairing(). */
+    pairingUri: string;
+    /** 4-digit session fingerprint. Available after createPairing(). */
+    sessionFingerprint: string;
+    /** Remote wallet capabilities. Available after wallet joins. */
+    walletCapabilities: Capabilities | undefined;
+    /** Remote wallet metadata. Available after wallet joins. */
+    walletMeta: WalletMeta | undefined;
+    private approvedCapabilities;
+    private approvedWalletMeta;
+    private approvedWalletPubKeyB64;
+    private approvedScopeRecorded;
+    private transport;
+    private meta;
+    private declaredMethods;
+    private declaredChains;
+    private requestTimeout;
+    private autoAccept;
+    /** Session lifetime in ms (§16 rule 16). */
+    private sessionTtl;
+    private sessionTtlTimer;
+    private sessionStartTime;
+    private privKey;
+    private pubKeyB64;
+    private remotePubKey;
+    private sessionKey;
+    private sendKey;
+    private recvKey;
+    private sendSeq;
+    private recvSeq;
+    private paired;
+    private intentionalClose;
+    private reqCounter;
+    private pendingRequests;
+    private persistence;
+    private pendingAcceptTimer;
+    private reconnectTimer;
+    private reconnectAttempt;
+    constructor(options: DAppSessionOptions);
+    /**
+     * Create a new pairing channel and return the pairing URI for QR display.
+     *
+     * @param options.deferTransport - If true, don't connect the transport yet.
+     *   Call `connectTransport()` later (e.g. after user scans QR in BLE mode).
+     */
+    createPairing(options?: {
+        deferTransport?: boolean | undefined;
+    }): Promise<string>;
+    /**
+     * Connect the transport and send the `create` message.
+     * Call this after `createPairing({ deferTransport: true })` when the user
+     * is ready (e.g. after showing QR and before BLE scan).
+     */
+    connectTransport(): Promise<void>;
+    /** Accept the wallet after sealed_join verification. */
+    acceptWallet(): void;
+    /** Reject the wallet. */
+    rejectWallet(): void;
+    /** Send an encrypted request to the wallet. Returns the decrypted response. */
+    request<T = unknown>(method: string, params?: unknown): Promise<T>;
+    /** Send ping. */
+    ping(): void;
+    /** Gracefully close the session. */
+    close(reason?: string): void;
+    /** Destroy the session and release all resources. */
+    destroy(): void;
+    serialize(): string;
+    restoreFromPersistence(): Promise<boolean>;
+    restore(signed: string): boolean;
+    /** Reconnect after restoring state. */
+    reconnect(): Promise<void>;
+    private handleMessage;
+    private doAccept;
+    private sessionContext;
+    private isSameApprovedWallet;
+    private nextSendSeq;
+    private persistSnapshot;
+    private persistSnapshotAsync;
+    private clearPersistence;
+    private persistenceError;
+    /** Append ?ch= to transport URL for CF Worker relay routing. Rust relay ignores it. */
+    private setTransportChannelHint;
+    private sendRaw;
+    private handleTransportClose;
+    private startReconnect;
+    private scheduleReconnect;
+    private doReconnectAttempt;
+    private stopReconnect;
+    private clearPendingAcceptTimer;
+    private startSessionTtl;
+    private clearSessionTtl;
+    private setPhase;
+}
+//# sourceMappingURL=dapp-session.d.ts.map

package/dist/dapp-session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dapp-session.d.ts","sourceRoot":"","sources":["../src/dapp-session.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAuBH,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,KAAK,EACV,YAAY,EAEZ,SAAS,EACT,iBAAiB,EACjB,kBAAkB,EAKlB,UAAU,EACX,MAAM,YAAY,CAAA;AAoBnB,qBAAa,WAAY,SAAQ,OAAO,CAAC,iBAAiB,CAAC;IACzD,KAAK,EAAE,SAAS,CAAS;IAEzB,yDAAyD;IACzD,SAAS,SAAK;IACd,oDAAoD;IACpD,UAAU,SAAK;IACf,oEAAoE;IACpE,kBAAkB,SAAK;IACvB,gEAAgE;IAChE,kBAAkB,EAAE,YAAY,GAAG,SAAS,CAAY;IACxD,4DAA4D;IAC5D,UAAU,EAAE,UAAU,GAAG,SAAS,CAAY;IAC9C,OAAO,CAAC,oBAAoB,CAAsC;IAClE,OAAO,CAAC,kBAAkB,CAAoC;IAC9D,OAAO,CAAC,uBAAuB,CAAgC;IAC/D,OAAO,CAAC,qBAAqB,CAAQ;IAErC,OAAO,CAAC,SAAS,CAAW;IAC5B,OAAO,CAAC,IAAI,CAAU;IACtB,OAAO,CAAC,eAAe,CAAsB;IAC7C,OAAO,CAAC,cAAc,CAAsB;IAC5C,OAAO,CAAC,cAAc,CAAQ;IAC9B,OAAO,CAAC,UAAU,CAAS;IAC3B,4CAA4C;IAC5C,OAAO,CAAC,UAAU,CAAQ;IAC1B,OAAO,CAAC,eAAe,CAA6C;IACpE,OAAO,CAAC,gBAAgB,CAAsB;IAE9C,OAAO,CAAC,OAAO,CAAa;IAC5B,OAAO,CAAC,SAAS,CAAK;IACtB,OAAO,CAAC,YAAY,CAA0B;IAC9C,OAAO,CAAC,UAAU,CAA0B;IAC5C,OAAO,CAAC,OAAO,CAA0B;IACzC,OAAO,CAAC,OAAO,CAA0B;IACzC,OAAO,CAAC,OAAO,CAAI;IACnB,OAAO,CAAC,OAAO,CAAK;IACpB,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,gBAAgB,CAAQ;IAChC,OAAO,CAAC,UAAU,CAAI;IACtB,OAAO,CAAC,eAAe,CAAoC;IAC3D,OAAO,CAAC,WAAW,CAAgC;IAEnD,OAAO,CAAC,kBAAkB,CAA6C;IACvE,OAAO,CAAC,cAAc,CAA6C;IACnE,OAAO,CAAC,gBAAgB,CAAI;gBAEhB,OAAO,EAAE,kBAAkB;IAmBvC;;;;;OAKG;IACG,aAAa,CAAC,OAAO,CAAC,EAAE;QAAE,cAAc,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAiDxF;;;;OAIG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IAcvC,wDAAwD;IACxD,YAAY,IAAI,IAAI;IAMpB,yBAAyB;IACzB,YAAY,IAAI,IAAI;IAapB,+EAA+E;IAC/E,OAAO,CAAC,CAAC,GAAG,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC;IAqDlE,iBAAiB;IACjB,IAAI,IAAI,IAAI;IAYZ,oCAAoC;IACpC,KAAK,CAAC,MAAM,GAAE,MAAiB,GAAG,IAAI;IAyBtC,qDAAqD;IACrD,OAAO,IAAI,IAAI;IAiBf,SAAS,IAAI,MAAM;IAuBb,sBAAsB,IAAI,OAAO,CAAC,OAAO,CAAC;IAMhD,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IA+ChC,uCAAuC;IACjC,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;IAYhC,OAAO,CAAC,aAAa;IA8WrB,OAAO,CAAC,QAAQ;IAyBhB,OAAO,CAAC,cAAc;IActB,OAAO,CAAC,oBAAoB;IAc5B,OAAO,CAAC,WAAW;IAoBnB,OAAO,CAAC,eAAe;IAKvB,OAAO,CAAC,oBAAoB;IAO5B,OAAO,CAAC,gBAAgB;IAWxB,OAAO,CAAC,gBAAgB;IAYxB,uFAAuF;IACvF,OAAO,CAAC,uBAAuB;IAW/B,OAAO,CAAC,OAAO;IAUf,OAAO,CAAC,oBAAoB;IAS5B,OAAO,CAAC,cAAc;IAMtB,OAAO,CAAC,iBAAiB;YAUX,kBAAkB;IAkBhC,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,uBAAuB;IAW/B,OAAO,CAAC,eAAe;IAavB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,QAAQ;CAKjB"}