npm - walletpair-sdk - Versions diffs - 1.0.2 → 1.0.5 - Mend

walletpair-sdk 1.0.2 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

package/README.md +13 -0
package/dist/ble/framing.d.ts.map +1 -1
package/dist/ble/framing.js +2 -2
package/dist/ble/framing.js.map +1 -1
package/dist/ble/index.d.ts +2 -2
package/dist/ble/index.d.ts.map +1 -1
package/dist/ble/index.js +2 -2
package/dist/ble/index.js.map +1 -1
package/dist/ble/web-ble-transport.d.ts +1 -1
package/dist/ble/web-ble-transport.d.ts.map +1 -1
package/dist/ble/web-ble-transport.js +23 -12
package/dist/ble/web-ble-transport.js.map +1 -1
package/dist/crypto.d.ts.map +1 -1
package/dist/crypto.js +29 -12
package/dist/crypto.js.map +1 -1
package/dist/dapp-session.d.ts.map +1 -1
package/dist/dapp-session.js +15 -5
package/dist/dapp-session.js.map +1 -1
package/dist/emitter.d.ts +1 -3
package/dist/emitter.d.ts.map +1 -1
package/dist/emitter.js +4 -2
package/dist/emitter.js.map +1 -1
package/dist/evm/eip1193.d.ts +2 -2
package/dist/evm/eip1193.d.ts.map +1 -1
package/dist/evm/eip1193.js +32 -18
package/dist/evm/eip1193.js.map +1 -1
package/dist/evm/index.d.ts +2 -2
package/dist/evm/index.d.ts.map +1 -1
package/dist/evm/index.js.map +1 -1
package/dist/wallet-session.d.ts.map +1 -1
package/dist/wallet-session.js +4 -3
package/dist/wallet-session.js.map +1 -1
package/dist/ws-transport.d.ts +3 -2
package/dist/ws-transport.d.ts.map +1 -1
package/dist/ws-transport.js +13 -4
package/dist/ws-transport.js.map +1 -1
package/package.json +20 -1
package/src/__tests__/adversarial/crypto-attacks.test.ts +240 -233
package/src/__tests__/adversarial/malicious-dapp.test.ts +228 -194
package/src/__tests__/adversarial/malicious-relay.test.ts +292 -220
package/src/__tests__/adversarial/malicious-wallet.test.ts +246 -180
package/src/__tests__/spec-compliance/canonical-json.test.ts +105 -105
package/src/__tests__/spec-compliance/crypto-vectors.test.ts +149 -154
package/src/__tests__/spec-compliance/message-format.test.ts +180 -151
package/src/__tests__/spec-compliance/sequence-numbers.test.ts +142 -149
package/src/__tests__/spec-compliance/state-machine.test.ts +203 -180
package/src/ble/framing.test.ts +122 -114
package/src/ble/framing.ts +48 -51
package/src/ble/index.ts +7 -7
package/src/ble/web-ble-transport.test.ts +93 -84
package/src/ble/web-ble-transport.ts +70 -57
package/src/ble/web-bluetooth.d.ts +19 -19
package/src/canonical-json.test.ts +301 -285
package/src/crypto-directional.test.ts +155 -129
package/src/crypto-hardening.test.ts +292 -283
package/src/crypto.test.ts +364 -346
package/src/crypto.ts +185 -175
package/src/dapp-session.test.ts +522 -385
package/src/dapp-session.ts +17 -11
package/src/emitter.test.ts +122 -122
package/src/emitter.ts +20 -18
package/src/evm/eip1193.test.ts +283 -205
package/src/evm/eip1193.ts +162 -138
package/src/evm/index.ts +5 -5
package/src/evm/wagmi.test.ts +1 -1
package/src/integration.test.ts +329 -201
package/src/security.test.ts +331 -238
package/src/sequence-validation.test.ts +6 -9
package/src/test-helpers.ts +102 -78
package/src/types.test.ts +45 -50
package/src/wallet-session.test.ts +611 -383
package/src/wallet-session.ts +7 -9
package/src/ws-transport.test.ts +141 -139
package/src/ws-transport.ts +52 -41

package/src/dapp-session.ts CHANGED Viewed

@@ -231,6 +231,7 @@ export class DAppSession extends Emitter<DAppSessionEvents> {
     }
     const id = `req-${++this.reqCounter}`
+    const sendKey = this.sendKey
     // Always seal: even parameterless requests must be authenticated via AEAD
     // to prevent method injection by a malicious relay.
@@ -243,7 +244,7 @@ export class DAppSession extends Emitter<DAppSessionEvents> {
           ? (params as Record<string, unknown>)
           : { _params: params ?? {} }),
       }
-      const sealed = sealPayload(this.sendKey!, this.channelId, seq, sealedParams, hdr)
+      const sealed = sealPayload(sendKey, this.channelId, seq, sealedParams, hdr)
       const msg: ProtocolMessage = {
         v: 1,
@@ -260,7 +261,13 @@ export class DAppSession extends Emitter<DAppSessionEvents> {
           reject(new Error(`Request ${method} timed out`))
         }, this.requestTimeout)
-        this.pendingRequests.set(id, { id, method, resolve: resolve as any, reject, timer })
+        this.pendingRequests.set(id, {
+          id,
+          method,
+          resolve: resolve as (v: unknown) => void,
+          reject,
+          timer,
+        })
         this.sendRaw(msg)
       })
     }
@@ -400,6 +407,7 @@ export class DAppSession extends Emitter<DAppSessionEvents> {
         d.dappMeta ??
         (d.dappName ? { name: d.dappName, description: '', url: '', icon: '' } : this.meta)
       this.sessionStartTime = d.sessionStartTime ?? null
+      this.setPhase('connected')
       return true
     } catch {
       return false
@@ -560,9 +568,7 @@ export class DAppSession extends Emitter<DAppSessionEvents> {
           const declared = new Set(joinCapabilities.methods)
           const absent = requiredMethods.filter((m) => !declared.has(m))
           if (absent.length > 0) {
-            console.warn(
-              `[WalletPair] Wallet missing MUST-support methods: ${absent.join(', ')}`,
-            )
+            console.warn(`[WalletPair] Wallet missing MUST-support methods: ${absent.join(', ')}`)
           }
         }
@@ -634,6 +640,7 @@ export class DAppSession extends Emitter<DAppSessionEvents> {
       }
       case 'res': {
+        if (this.phase !== 'connected') break
         const resBody = msg.body as { id?: string; sealed?: string }
         if (this.remotePubKey && msg.from !== b64urlEncode(this.remotePubKey)) break
         if (!resBody.id) break
@@ -700,6 +707,7 @@ export class DAppSession extends Emitter<DAppSessionEvents> {
       }
       case 'evt': {
+        if (this.phase !== 'connected') break
         const evtBody = msg.body as { id?: string; sealed?: string }
         if (this.remotePubKey && msg.from !== b64urlEncode(this.remotePubKey)) break
         // Events MUST be sealed — drop unsealed events to prevent forgery.
@@ -729,12 +737,10 @@ export class DAppSession extends Emitter<DAppSessionEvents> {
           }
           const persisted = this.persistSnapshot()
           if (isPromiseLike(persisted)) {
-            void persisted
-              .then(afterPersist)
-              .catch((e) => {
-                this.recvSeq = prevRecvSeqEvt // rollback on persist failure
-                this.emit('error', this.persistenceError(e))
-              })
+            void persisted.then(afterPersist).catch((e) => {
+              this.recvSeq = prevRecvSeqEvt // rollback on persist failure
+              this.emit('error', this.persistenceError(e))
+            })
           } else {
             afterPersist()
           }

package/src/emitter.test.ts CHANGED Viewed

@@ -1,169 +1,169 @@
-import { describe, it, expect, vi } from 'vitest';
-import { Emitter } from './emitter.js';
+import { describe, expect, it, vi } from 'vitest'
+import { Emitter } from './emitter.js'
 interface TestEvents {
-  [key: string]: unknown;
-  message: string;
-  count: number;
-  complex: { name: string; value: number };
+  [key: string]: unknown
+  message: string
+  count: number
+  complex: { name: string; value: number }
 }
 describe('Emitter', () => {
   it('emits events to registered handlers', () => {
-    const emitter = new Emitter<TestEvents>();
-    const handler = vi.fn();
-    emitter.on('message', handler);
-    emitter.emit('message', 'hello');
-    expect(handler).toHaveBeenCalledWith('hello');
-    expect(handler).toHaveBeenCalledTimes(1);
-  });
+    const emitter = new Emitter<TestEvents>()
+    const handler = vi.fn()
+    emitter.on('message', handler)
+    emitter.emit('message', 'hello')
+    expect(handler).toHaveBeenCalledWith('hello')
+    expect(handler).toHaveBeenCalledTimes(1)
+  })
   it('supports multiple handlers for the same event', () => {
-    const emitter = new Emitter<TestEvents>();
-    const h1 = vi.fn();
-    const h2 = vi.fn();
-    emitter.on('message', h1);
-    emitter.on('message', h2);
-    emitter.emit('message', 'test');
-    expect(h1).toHaveBeenCalledWith('test');
-    expect(h2).toHaveBeenCalledWith('test');
-  });
+    const emitter = new Emitter<TestEvents>()
+    const h1 = vi.fn()
+    const h2 = vi.fn()
+    emitter.on('message', h1)
+    emitter.on('message', h2)
+    emitter.emit('message', 'test')
+    expect(h1).toHaveBeenCalledWith('test')
+    expect(h2).toHaveBeenCalledWith('test')
+  })
   it('supports multiple event types', () => {
-    const emitter = new Emitter<TestEvents>();
-    const msgHandler = vi.fn();
-    const countHandler = vi.fn();
-    emitter.on('message', msgHandler);
-    emitter.on('count', countHandler);
+    const emitter = new Emitter<TestEvents>()
+    const msgHandler = vi.fn()
+    const countHandler = vi.fn()
+    emitter.on('message', msgHandler)
+    emitter.on('count', countHandler)
-    emitter.emit('message', 'hello');
-    emitter.emit('count', 42);
+    emitter.emit('message', 'hello')
+    emitter.emit('count', 42)
-    expect(msgHandler).toHaveBeenCalledWith('hello');
-    expect(countHandler).toHaveBeenCalledWith(42);
-    expect(msgHandler).toHaveBeenCalledTimes(1);
-    expect(countHandler).toHaveBeenCalledTimes(1);
-  });
+    expect(msgHandler).toHaveBeenCalledWith('hello')
+    expect(countHandler).toHaveBeenCalledWith(42)
+    expect(msgHandler).toHaveBeenCalledTimes(1)
+    expect(countHandler).toHaveBeenCalledTimes(1)
+  })
   it('on() returns an unsubscribe function', () => {
-    const emitter = new Emitter<TestEvents>();
-    const handler = vi.fn();
-    const off = emitter.on('message', handler);
+    const emitter = new Emitter<TestEvents>()
+    const handler = vi.fn()
+    const off = emitter.on('message', handler)
-    emitter.emit('message', 'first');
-    expect(handler).toHaveBeenCalledTimes(1);
+    emitter.emit('message', 'first')
+    expect(handler).toHaveBeenCalledTimes(1)
-    off();
-    emitter.emit('message', 'second');
-    expect(handler).toHaveBeenCalledTimes(1); // not called again
-  });
+    off()
+    emitter.emit('message', 'second')
+    expect(handler).toHaveBeenCalledTimes(1) // not called again
+  })
   it('off() removes a specific handler', () => {
-    const emitter = new Emitter<TestEvents>();
-    const h1 = vi.fn();
-    const h2 = vi.fn();
-    emitter.on('message', h1);
-    emitter.on('message', h2);
+    const emitter = new Emitter<TestEvents>()
+    const h1 = vi.fn()
+    const h2 = vi.fn()
+    emitter.on('message', h1)
+    emitter.on('message', h2)
-    emitter.off('message', h1);
-    emitter.emit('message', 'test');
+    emitter.off('message', h1)
+    emitter.emit('message', 'test')
-    expect(h1).not.toHaveBeenCalled();
-    expect(h2).toHaveBeenCalledWith('test');
-  });
+    expect(h1).not.toHaveBeenCalled()
+    expect(h2).toHaveBeenCalledWith('test')
+  })
   it('off() without handler removes all handlers for that event', () => {
-    const emitter = new Emitter<TestEvents>();
-    const h1 = vi.fn();
-    const h2 = vi.fn();
-    emitter.on('message', h1);
-    emitter.on('message', h2);
+    const emitter = new Emitter<TestEvents>()
+    const h1 = vi.fn()
+    const h2 = vi.fn()
+    emitter.on('message', h1)
+    emitter.on('message', h2)
-    emitter.off('message');
-    emitter.emit('message', 'test');
+    emitter.off('message')
+    emitter.emit('message', 'test')
-    expect(h1).not.toHaveBeenCalled();
-    expect(h2).not.toHaveBeenCalled();
-  });
+    expect(h1).not.toHaveBeenCalled()
+    expect(h2).not.toHaveBeenCalled()
+  })
   it('once() fires handler only once', () => {
-    const emitter = new Emitter<TestEvents>();
-    const handler = vi.fn();
-    emitter.once('message', handler);
+    const emitter = new Emitter<TestEvents>()
+    const handler = vi.fn()
+    emitter.once('message', handler)
-    emitter.emit('message', 'first');
-    emitter.emit('message', 'second');
+    emitter.emit('message', 'first')
+    emitter.emit('message', 'second')
-    expect(handler).toHaveBeenCalledTimes(1);
-    expect(handler).toHaveBeenCalledWith('first');
-  });
+    expect(handler).toHaveBeenCalledTimes(1)
+    expect(handler).toHaveBeenCalledWith('first')
+  })
   it('once() returns an unsubscribe function that works before emit', () => {
-    const emitter = new Emitter<TestEvents>();
-    const handler = vi.fn();
-    const off = emitter.once('message', handler);
+    const emitter = new Emitter<TestEvents>()
+    const handler = vi.fn()
+    const off = emitter.once('message', handler)
-    off(); // cancel before any emission
-    emitter.emit('message', 'test');
-    expect(handler).not.toHaveBeenCalled();
-  });
+    off() // cancel before any emission
+    emitter.emit('message', 'test')
+    expect(handler).not.toHaveBeenCalled()
+  })
   it('removeAll() clears all events', () => {
-    const emitter = new Emitter<TestEvents>();
-    const h1 = vi.fn();
-    const h2 = vi.fn();
-    emitter.on('message', h1);
-    emitter.on('count', h2);
+    const emitter = new Emitter<TestEvents>()
+    const h1 = vi.fn()
+    const h2 = vi.fn()
+    emitter.on('message', h1)
+    emitter.on('count', h2)
-    emitter.removeAll();
-    emitter.emit('message', 'test');
-    emitter.emit('count', 1);
+    emitter.removeAll()
+    emitter.emit('message', 'test')
+    emitter.emit('count', 1)
-    expect(h1).not.toHaveBeenCalled();
-    expect(h2).not.toHaveBeenCalled();
-  });
+    expect(h1).not.toHaveBeenCalled()
+    expect(h2).not.toHaveBeenCalled()
+  })
   it('emitting with no handlers does not throw', () => {
-    const emitter = new Emitter<TestEvents>();
-    expect(() => emitter.emit('message', 'test')).not.toThrow();
-  });
+    const emitter = new Emitter<TestEvents>()
+    expect(() => emitter.emit('message', 'test')).not.toThrow()
+  })
   it('handles complex event data', () => {
-    const emitter = new Emitter<TestEvents>();
-    const handler = vi.fn();
-    emitter.on('complex', handler);
+    const emitter = new Emitter<TestEvents>()
+    const handler = vi.fn()
+    emitter.on('complex', handler)
-    const data = { name: 'test', value: 99 };
-    emitter.emit('complex', data);
-    expect(handler).toHaveBeenCalledWith(data);
-  });
+    const data = { name: 'test', value: 99 }
+    emitter.emit('complex', data)
+    expect(handler).toHaveBeenCalledWith(data)
+  })
   it('handler added during emit is not called in the same emit cycle', () => {
-    const emitter = new Emitter<TestEvents>();
-    const late = vi.fn();
+    const emitter = new Emitter<TestEvents>()
+    const late = vi.fn()
     emitter.on('message', () => {
-      emitter.on('message', late);
-    });
-    emitter.emit('message', 'trigger');
+      emitter.on('message', late)
+    })
+    emitter.emit('message', 'trigger')
     // The late handler was added during iteration, behavior depends on Set iteration
     // but it should not cause errors
-  });
+  })
   it('multiple on() calls return independent unsubscribe functions', () => {
-    const emitter = new Emitter<TestEvents>();
-    const handler = vi.fn();
-    const off1 = emitter.on('message', handler);
-    const off2 = emitter.on('count', handler);
-    off1();
-    emitter.emit('message', 'gone');
-    emitter.emit('count', 42);
-    expect(handler).toHaveBeenCalledTimes(1);
-    expect(handler).toHaveBeenCalledWith(42);
-    off2();
-    emitter.emit('count', 99);
-    expect(handler).toHaveBeenCalledTimes(1);
-  });
-});
+    const emitter = new Emitter<TestEvents>()
+    const handler = vi.fn()
+    const off1 = emitter.on('message', handler)
+    const off2 = emitter.on('count', handler)
+    off1()
+    emitter.emit('message', 'gone')
+    emitter.emit('count', 42)
+    expect(handler).toHaveBeenCalledTimes(1)
+    expect(handler).toHaveBeenCalledWith(42)
+    off2()
+    emitter.emit('count', 99)
+    expect(handler).toHaveBeenCalledTimes(1)
+  })
+})

package/src/emitter.ts CHANGED Viewed

@@ -2,44 +2,46 @@
  * Minimal typed event emitter — no external dependencies.
  */
-type Handler<T> = (data: T) => void;
+type Handler<T> = (data: T) => void
-// biome-ignore lint: index signature needed for generic emitter
-export class Emitter<Events extends { [key: string]: unknown }> {
-  private handlers = new Map<keyof Events, Set<Handler<any>>>();
+export class Emitter<Events extends Record<string, unknown>> {
+  // biome-ignore lint/suspicious/noExplicitAny: generic handler storage requires any
+  private handlers = new Map<keyof Events, Set<Handler<any>>>()
   on<K extends keyof Events>(event: K, handler: Handler<Events[K]>): () => void {
-    let set = this.handlers.get(event);
+    let set = this.handlers.get(event)
     if (!set) {
-      set = new Set();
-      this.handlers.set(event, set);
+      set = new Set()
+      this.handlers.set(event, set)
+    }
+    set.add(handler)
+    return () => {
+      set?.delete(handler)
     }
-    set.add(handler);
-    return () => { set!.delete(handler); };
   }
   once<K extends keyof Events>(event: K, handler: Handler<Events[K]>): () => void {
     const off = this.on(event, (data) => {
-      off();
-      handler(data);
-    });
-    return off;
+      off()
+      handler(data)
+    })
+    return off
   }
   emit<K extends keyof Events>(event: K, data: Events[K]): void {
-    const set = this.handlers.get(event);
-    if (set) for (const h of set) h(data);
+    const set = this.handlers.get(event)
+    if (set) for (const h of set) h(data)
   }
   off<K extends keyof Events>(event: K, handler?: Handler<Events[K]>): void {
     if (handler) {
-      this.handlers.get(event)?.delete(handler);
+      this.handlers.get(event)?.delete(handler)
     } else {
-      this.handlers.delete(event);
+      this.handlers.delete(event)
     }
   }
   removeAll(): void {
-    this.handlers.clear();
+    this.handlers.clear()
   }
 }