chipi-stack 2.2.0__tar.gz → 2.3.0__tar.gz

{chipi_stack-2.2.0/chipi_stack.egg-info → chipi_stack-2.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: chipi-stack
-Version: 2.2.0
+Version: 2.3.0
 Summary: Python SDK for Starknet Gasless Transactions via Chipi
 Author-email: Carlos Castillo <carlos@chipipay.com>, Roberto Yamanaka <roberto@chipipay.com>
 License-Expression: MIT

{chipi_stack-2.2.0 → chipi_stack-2.3.0}/chipi_sdk/__init__.py

@@ -5,7 +5,7 @@ A Python SDK for interacting with Chipi's gasless transaction infrastructure on
 Supports wallet creation, transaction execution, session keys, and more.
 """
 
-__version__ = "2.1.0"
+__version__ = "2.3.0"
 
 # Main SDK class
 from .sdk import ChipiSDK

{chipi_stack-2.2.0 → chipi_stack-2.3.0}/chipi_sdk/models/wallet.py

@@ -3,15 +3,16 @@
 from datetime import datetime
 from enum import Enum
 from typing import Optional
-from pydantic import BaseModel, Field, ConfigDict
+
+from pydantic import BaseModel, ConfigDict, Field
 
 from .core import Chain, ChainToken
 
 
 def to_camel(string: str) -> str:
     """Convert snake_case to camelCase."""
-    components = string.split('_')
-    return components[0] + ''.join(x.title() for x in components[1:])
+    components = string.split("_")
+    return components[0] + "".join(x.title() for x in components[1:])
 
 
 class WalletType(str, Enum):
@@ -26,6 +27,7 @@ class WalletType(str, Enum):
       JWT_ES256_APPLE_SUB, BLS12_381). Requires CHIPI_SHHH_ENABLED on
       the backend.
     """
+
     CHIPI = "CHIPI"
     READY = "READY"
     SHHH = "SHHH"
@@ -42,6 +44,7 @@ class ShhhSignerKind(str, Enum):
     browser/RN context. Wallet creation with wallet_type=SHHH and no
     signer_kind raises in Python (per plan D10).
     """
+
     STARK = "STARK"
     ED25519 = "ED25519"
     SECP256K1 = "SECP256K1"
@@ -56,9 +59,9 @@ class ShhhSignerKind(str, Enum):
 
 class WalletData(BaseModel):
     """Core wallet data structure."""
-    
+
     model_config = ConfigDict(populate_by_name=True, alias_generator=to_camel)
-    
+
     public_key: str = Field(..., description="Wallet public address")
     encrypted_private_key: str = Field(..., description="AES encrypted private key")
     wallet_type: Optional[WalletType] = Field(None, description="Type of wallet")
@@ -67,7 +70,7 @@ class WalletData(BaseModel):
 
 class DeploymentData(BaseModel):
     """Contract deployment data."""
-    
+
     class_hash: str
     salt: str
     unique: str
@@ -96,14 +99,22 @@ class CreateWalletParams(BaseModel):
             "Required when wallet_type=SHHH is set EXPLICITLY. When SHHH "
             "is reached via the default-flip (caller omitted wallet_type), "
             "the SDK falls back to STARK to match the TS SDK and the live "
-            "on-chain smokes. Wallet CREATION from Python currently "
-            "supports STARK only — non-STARK kinds (ED25519, "
-            "EIP191_SECP256K1, etc.) raise NotImplementedError at create "
-            "time and will be enabled by a follow-up PR that adds the "
-            "external-rooted (MetaMask, Phantom, Apple) wallet-adapter "
-            "deploy paths. The chipi_sdk.shhh envelope BUILDERS for those "
-            "kinds remain usable today for signing OEs on existing SHHH "
-            "wallets (see chipi_sdk.shhh.signers)."
+            "on-chain smokes. Supported deploy kinds: STARK + ED25519 "
+            "(Chipi-held key), WEBAUTHN_P256 + EIP191_SECP256K1 "
+            "(external-rooted — supply owner_pubkey_felts). "
+            "JWT_ES256_APPLE_SUB and the remaining kinds raise "
+            "NotImplementedError at create time."
+        ),
+    )
+    owner_pubkey_felts: Optional[list[str]] = Field(
+        None,
+        description=(
+            "External-rooted SHHH only. The owner's public key as Cairo "
+            "felts (hex strings) when Chipi does NOT hold the signing key: "
+            "WEBAUTHN_P256 / EIP191_SECP256K1 → [x_low, x_high, y_low, "
+            "y_high] (4 felts); external ED25519 (Phantom) → [low, high] "
+            "(2 felts). Omit for STARK and Chipi-held ED25519 (the SDK "
+            "generates the key)."
         ),
     )
 
@@ -140,7 +151,7 @@ CreateWalletResponse = GetWalletResponse
 
 class GetWalletParams(BaseModel):
     """Parameters for retrieving a wallet."""
-    
+
     external_user_id: str = Field(..., description="External user identifier")
 
 
@@ -157,9 +168,9 @@ class GetTokenBalanceParams(BaseModel):
 
 class GetTokenBalanceResponse(BaseModel):
     """Response from token balance query."""
-    
+
     model_config = ConfigDict(populate_by_name=True, alias_generator=to_camel)
-    
+
     chain: Chain
     chain_token: ChainToken
     chain_token_address: str
@@ -169,16 +180,16 @@ class GetTokenBalanceResponse(BaseModel):
 
 class PrepareWalletCreationResponse(BaseModel):
     """Response from wallet creation preparation."""
-    
+
     model_config = ConfigDict(populate_by_name=True, alias_generator=to_camel)
-    
+
     typed_data: dict
     account_class_hash: str
 
 
 class CreateCustodialWalletParams(BaseModel):
     """Parameters for creating a custodial wallet."""
-    
+
     chain: Chain
     org_id: str
 
@@ -198,7 +209,9 @@ class PrepareWalletUpgradeParams(BaseModel):
     """Parameters for preparing a wallet upgrade."""
 
     wallet_address: str = Field(..., description="Wallet address to upgrade")
-    target_class_hash: Optional[str] = Field(None, description="Target class hash (defaults to latest CHIPI)")
+    target_class_hash: Optional[str] = Field(
+        None, description="Target class hash (defaults to latest CHIPI)"
+    )
 
 
 class PrepareWalletUpgradeResponse(BaseModel):

{chipi_stack-2.2.0 → chipi_stack-2.3.0}/chipi_sdk/shhh/__init__.py

@@ -1,50 +1,37 @@
 """SHHH V8.4 ShhhAccount integration surface for `chipi-stack` (Python).
 
-Cycle 1 server-side kinds: STARK, ED25519, EIP191_SECP256K1.
-WebAuthn (P-256) is excluded by design — Python has no `navigator.credentials`
-context, and the V8.4 verifier dispatches WebAuthn assertions against
-browser-collected `authenticatorData` + `clientDataJSON`, both of which
-only make sense from a passkey flow. Use `@chipi-stack/chipi-react` (or
-`chipi-expo`) for the WebAuthn signer.
+Server-side kinds: STARK, ED25519, EIP191_SECP256K1, WEBAUTHN_P256.
+WebAuthn support is **from-assertion only**: Python can't run
+`navigator.credentials` to *create* a passkey assertion (use
+`@chipi-stack/chipi-react` / `chipi-expo` for that), but it CAN build the
+V2_SNIP12 envelope from an assertion (`authenticatorData` +
+`clientDataJSON` + DER signature) that a browser produced and POSTed to
+your server — the same pattern as `build_eip191_envelope_from_signature`
+for MetaMask. The from-private-key WebAuthn helper is browser/test-only
+and is not ported.
 
 This module mirrors `@chipi-stack/backend/src/shhh` byte-for-byte where
 possible. Parity is validated against `tests/fixtures/cycle1.json` (the
 same JSON we PR'd to shhh-wallet-cairo as drift-detection fixtures).
 """
 
-from .snip12_hash import (
-    CALL_TYPE_HASH_REV1,
-    ISIGNER_CANONICAL_LABEL,
-    ISIGNER_ID,
-    ISRC9_V2_ID,
-    OE_DOMAIN_NAME,
-    OE_DOMAIN_REVISION,
-    OE_DOMAIN_VERSION,
-    OUTSIDE_EXECUTION_TYPE_HASH_REV1,
-    SIG_VERSION_V1_HEX_ASCII,
-    SIG_VERSION_V2_SNIP12,
-    SIG_VERSION_V2_THRESHOLD,
-    STARKNET_DOMAIN_TYPE_HASH_REV1,
-    STARKNET_MESSAGE_PREFIX,
-    Call,
-    OutsideExecution,
-    compute_isigner_id,
-    compute_snip12_hash,
-    hash_call,
-    hash_calls,
-    hash_outside_execution_struct,
-    hash_starknet_domain,
-    snip12_hash_to_hex_ascii_bytes,
-    starknet_keccak,
-)
-
 from .compute_wallet_address import (
     ComputeAddressInput,
     compute_address_salt,
     compute_shhh_address,
     owner_commitment,
 )
-
+from .migrate import (
+    BOOTSTRAP_DOMAIN_SEPARATOR,
+    BootstrapMessageParams,
+    BuildBootstrapSignedCallParams,
+    BuildMigrationCallsParams,
+    build_bootstrap_signed_call,
+    build_migration_calls,
+    compute_bootstrap_message,
+    label_to_felt,
+    sign_bootstrap_message,
+)
 from .oe import (
     ANY_CALLER_FELT,
     MAX_OE_VALIDITY_WINDOW_SECONDS,
@@ -54,23 +41,55 @@ from .oe import (
     wrap_v2_snip12_envelope,
     wrap_v2_threshold_envelope,
 )
-
+from .recovery import (
+    DEFAULT_OP_EXPIRY_SECONDS,
+    OP_ADD_OWNER,
+    OP_REMOVE_OWNER,
+    OP_ROTATE_OWNER,
+    OP_SET_THRESHOLD,
+    ROLE_GUARDIAN,
+    ROLE_OWNER,
+    TIMELOCK_SECONDS,
+    VIEW_SELECTORS,
+    NewOwnerInput,
+    OwnerRole,
+    build_cancel_pending_op_call,
+    build_cancel_recovery_call,
+    build_execute_add_owner_call,
+    build_execute_remove_owner_call,
+    build_execute_rotate_owner_call,
+    build_execute_set_threshold_call,
+    build_finalize_recovery_call,
+    build_initiate_recovery_call,
+    build_propose_add_owner_call,
+    build_propose_remove_owner_call,
+    build_propose_rotate_owner_call,
+    build_propose_set_threshold_call,
+    is_ready_to_execute,
+    seconds_until_executable,
+)
 from .signers import (
     APPLE_ISSUER,
-    AppleTokenResponse,
     ED25519_KIND_TAG,
     EIP191_KIND_TAG,
     JWT_APPLE_SUB_KIND_TAG,
     JWT_APPLE_SUB_KIND_TAG_FELT,
-    JwtAppleSubPubkey,
     STARK_KIND_TAG,
+    WEBAUTHN_KIND_TAG,
+    AppleTokenResponse,
     Eip191Pubkey,
+    JwtAppleSubPubkey,
+    WebAuthnPubkey,
+    base64url_encode,
     build_ed25519_envelope,
+    build_ed25519_envelope_from_signature,
     build_eip191_envelope_from_private_key,
     build_eip191_envelope_from_signature,
     build_jwt_apple_sub_envelope_from_test_key,
     build_jwt_apple_sub_envelope_from_token_response,
     build_stark_envelope,
+    build_webauthn_envelope_from_assertion,
+    byte_array_to_felts,
     ed25519_owner_id,
     ed25519_pubkey_felts,
     ed25519_signed_bytes,
@@ -82,11 +101,38 @@ from .signers import (
     locate_sub_claim,
     message_hash_to_nonce_b64url,
     parse_apple_id_token,
+    parse_der_ecdsa_signature,
     parse_eip191_signature,
     stark_owner_id,
     stark_pubkey_felts,
+    webauthn_owner_id,
+    webauthn_pubkey_felts,
+)
+from .snip12_hash import (
+    CALL_TYPE_HASH_REV1,
+    ISIGNER_CANONICAL_LABEL,
+    ISIGNER_ID,
+    ISRC9_V2_ID,
+    OE_DOMAIN_NAME,
+    OE_DOMAIN_REVISION,
+    OE_DOMAIN_VERSION,
+    OUTSIDE_EXECUTION_TYPE_HASH_REV1,
+    SIG_VERSION_V1_HEX_ASCII,
+    SIG_VERSION_V2_SNIP12,
+    SIG_VERSION_V2_THRESHOLD,
+    STARKNET_DOMAIN_TYPE_HASH_REV1,
+    STARKNET_MESSAGE_PREFIX,
+    Call,
+    OutsideExecution,
+    compute_isigner_id,
+    compute_snip12_hash,
+    hash_call,
+    hash_calls,
+    hash_outside_execution_struct,
+    hash_starknet_domain,
+    snip12_hash_to_hex_ascii_bytes,
+    starknet_keccak,
 )
-
 from .threshold import (
     MIN_THRESHOLD_OWNERS,
     assert_valid_v2_snip12_envelope,
@@ -95,46 +141,6 @@ from .threshold import (
     parse_threshold_envelope,
 )
 
-from .recovery import (
-    DEFAULT_OP_EXPIRY_SECONDS,
-    NewOwnerInput,
-    OP_ADD_OWNER,
-    OP_REMOVE_OWNER,
-    OP_ROTATE_OWNER,
-    OP_SET_THRESHOLD,
-    OwnerRole,
-    ROLE_GUARDIAN,
-    ROLE_OWNER,
-    TIMELOCK_SECONDS,
-    VIEW_SELECTORS,
-    build_cancel_pending_op_call,
-    build_cancel_recovery_call,
-    build_execute_add_owner_call,
-    build_execute_remove_owner_call,
-    build_execute_rotate_owner_call,
-    build_execute_set_threshold_call,
-    build_finalize_recovery_call,
-    build_initiate_recovery_call,
-    build_propose_add_owner_call,
-    build_propose_remove_owner_call,
-    build_propose_rotate_owner_call,
-    build_propose_set_threshold_call,
-    is_ready_to_execute,
-    seconds_until_executable,
-)
-
-from .migrate import (
-    BOOTSTRAP_DOMAIN_SEPARATOR,
-    BootstrapMessageParams,
-    BuildBootstrapSignedCallParams,
-    BuildMigrationCallsParams,
-    build_bootstrap_signed_call,
-    build_migration_calls,
-    compute_bootstrap_message,
-    label_to_felt,
-    sign_bootstrap_message,
-)
-
 __all__ = [
     # snip12_hash
     "CALL_TYPE_HASH_REV1",
@@ -187,9 +193,19 @@ __all__ = [
     "parse_eip191_signature",
     "ED25519_KIND_TAG",
     "build_ed25519_envelope",
+    "build_ed25519_envelope_from_signature",
     "ed25519_owner_id",
     "ed25519_pubkey_felts",
     "ed25519_signed_bytes",
+    # webauthn signer (from-assertion)
+    "WEBAUTHN_KIND_TAG",
+    "WebAuthnPubkey",
+    "base64url_encode",
+    "build_webauthn_envelope_from_assertion",
+    "byte_array_to_felts",
+    "parse_der_ecdsa_signature",
+    "webauthn_owner_id",
+    "webauthn_pubkey_felts",
     # jwt_apple_sub signer
     "APPLE_ISSUER",
     "AppleTokenResponse",

{chipi_stack-2.2.0 → chipi_stack-2.3.0}/chipi_sdk/shhh/signers/__init__.py

@@ -1,14 +1,19 @@
 """SHHH V8.4 signers (Python).
 
-Cycle 1 server-side kinds: STARK, Ed25519, EIP-191 secp256k1.
-Wave B kind: JWT_ES256_APPLE_SUB (Apple Sign In).
+Server-side kinds: STARK, Ed25519, EIP-191 secp256k1, WebAuthn P-256
+(from-assertion only), JWT_ES256_APPLE_SUB (Apple Sign In).
 
-WebAuthn is excluded -- Python has no browser passkey context.
+WebAuthn note: Python can't run ``navigator.credentials`` to *create*
+assertions, but it CAN build an envelope from one a browser produced and
+POSTed — the same server-side pattern as
+``build_eip191_envelope_from_signature``. Only the from-assertion builder
+is ported (no from-private-key helper).
 """
 
 from .ed25519 import (
     ED25519_KIND_TAG,
     build_ed25519_envelope,
+    build_ed25519_envelope_from_signature,
     ed25519_owner_id,
     ed25519_pubkey_felts,
     ed25519_signed_bytes,
@@ -24,9 +29,9 @@ from .eip191 import (
 )
 from .jwt_apple_sub import (
     APPLE_ISSUER,
-    AppleTokenResponse,
     JWT_APPLE_SUB_KIND_TAG,
     JWT_APPLE_SUB_KIND_TAG_FELT,
+    AppleTokenResponse,
     JwtAppleSubPubkey,
     build_jwt_apple_sub_envelope_from_test_key,
     build_jwt_apple_sub_envelope_from_token_response,
@@ -43,6 +48,16 @@ from .stark import (
     stark_owner_id,
     stark_pubkey_felts,
 )
+from .webauthn import (
+    WEBAUTHN_KIND_TAG,
+    WebAuthnPubkey,
+    base64url_encode,
+    build_webauthn_envelope_from_assertion,
+    byte_array_to_felts,
+    parse_der_ecdsa_signature,
+    webauthn_owner_id,
+    webauthn_pubkey_felts,
+)
 
 __all__ = [
     "STARK_KIND_TAG",
@@ -58,9 +73,18 @@ __all__ = [
     "parse_eip191_signature",
     "ED25519_KIND_TAG",
     "build_ed25519_envelope",
+    "build_ed25519_envelope_from_signature",
     "ed25519_owner_id",
     "ed25519_pubkey_felts",
     "ed25519_signed_bytes",
+    "WEBAUTHN_KIND_TAG",
+    "WebAuthnPubkey",
+    "base64url_encode",
+    "build_webauthn_envelope_from_assertion",
+    "byte_array_to_felts",
+    "parse_der_ecdsa_signature",
+    "webauthn_owner_id",
+    "webauthn_pubkey_felts",
     "APPLE_ISSUER",
     "AppleTokenResponse",
     "JWT_APPLE_SUB_KIND_TAG",

{chipi_stack-2.2.0 → chipi_stack-2.3.0}/chipi_sdk/shhh/signers/ed25519.py

@@ -25,10 +25,8 @@ Implementation choices vs the TS side:
     and amortized across the process lifetime.
 """
 
-from typing import Union
-
-from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
 from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
 from garaga.starknet.tests_and_calldata_generators.signatures import (
     EdDSA25519Signature,
 )
@@ -114,9 +112,7 @@ def build_ed25519_envelope(
             "owner_commitment or pubkey here."
         )
     if len(private_key) != 32:
-        raise ValueError(
-            f"Ed25519 private key must be exactly 32 bytes; got {len(private_key)}."
-        )
+        raise ValueError(f"Ed25519 private key must be exactly 32 bytes; got {len(private_key)}.")
 
     pk = Ed25519PrivateKey.from_private_bytes(private_key)
     public_key = pk.public_key().public_bytes(
@@ -128,21 +124,89 @@ def build_ed25519_envelope(
     signature = pk.sign(signed_bytes)
 
     # RFC 8032: signature = R (32B) || s (32B), both little-endian.
-    R = signature[:32]
-    s_bytes = signature[32:64]
+    return _assemble_ed25519_envelope(
+        ry_twisted=int.from_bytes(signature[:32], "little"),
+        s_int=int.from_bytes(signature[32:64], "little"),
+        py_twisted=int.from_bytes(public_key, "little"),
+        signed_bytes=signed_bytes,
+        owner_index=owner_index,
+    )
+
+
+def build_ed25519_envelope_from_signature(
+    *,
+    signature: bytes,
+    public_key: bytes,
+    message_hash: int,
+    owner_index: int = 0,
+) -> list[int]:
+    """Build a V2_SNIP12 Ed25519 envelope from an externally-produced
+    signature — the Phantom / Solana flow.
+
+    Phantom (and every external Ed25519 wallet) never exposes the private
+    key: the user signs via ``window.solana.signMessage(...)``, which
+    returns a 64-byte signature (R‖s). This is the from-signature
+    counterpart of :func:`build_ed25519_envelope`, mirroring
+    :func:`build_eip191_envelope_from_signature` for MetaMask and the TS
+    ``buildEd25519EnvelopeFromSignature``.
+
+    The wallet MUST sign the exact bytes returned by
+    :func:`ed25519_signed_bytes` (the 64-byte hex-ASCII encoding of the
+    SNIP-12 OE hash) — NOT the raw 32-byte ``message_hash``. The Cairo
+    verifier reconstructs those same bytes, so a mismatch fails on chain.
+
+    Inputs:
+      signature     — 64-byte Ed25519 signature R(32)‖s(32) from the
+                      wallet's ``signMessage``.
+      public_key    — 32-byte Ed25519 public key (as Phantom returns it).
+      message_hash  — SNIP-12 hash of the OE (see oe.compute_oe_hash).
+      owner_index   — u32 INDEX into the wallet's owner_set. Default 0.
+    """
+    if not (0 <= owner_index < (1 << 32)):
+        raise ValueError(
+            f"build_ed25519_envelope_from_signature: owner_index {owner_index} "
+            "is out of u32 range [0, 2^32). owner_id is the u32 INDEX into the "
+            "wallet's owner_set (0 for primary); do NOT pass an owner_commitment "
+            "or pubkey here."
+        )
+    if len(signature) != 64:
+        raise ValueError(f"Ed25519 signature must be exactly 64 bytes (R‖s); got {len(signature)}.")
+    if len(public_key) != 32:
+        raise ValueError(f"Ed25519 public key must be exactly 32 bytes; got {len(public_key)}.")
+
+    signed_bytes = ed25519_signed_bytes(message_hash)
+    # RFC 8032: signature = R (32B) || s (32B), both little-endian.
+    return _assemble_ed25519_envelope(
+        ry_twisted=int.from_bytes(signature[:32], "little"),
+        s_int=int.from_bytes(signature[32:64], "little"),
+        py_twisted=int.from_bytes(public_key, "little"),
+        signed_bytes=signed_bytes,
+        owner_index=owner_index,
+    )
 
-    Ry_twisted = int.from_bytes(R, "little")
-    s_int = int.from_bytes(s_bytes, "little")
-    Py_twisted = int.from_bytes(public_key, "little")
 
-    # Garaga's eddsa_calldata_builder produces:
-    #   [ Ry_low, Ry_high, s_low, s_high,
-    #     msg_len, msg_byte_0, ..., msg_byte_{msg_len-1},
-    #     *msm_hint, *sqrt_Rx_hint, *sqrt_Px_hint ]
+def _assemble_ed25519_envelope(
+    *,
+    ry_twisted: int,
+    s_int: int,
+    py_twisted: int,
+    signed_bytes: bytes,
+    owner_index: int,
+) -> list[int]:
+    """Shared core for both Ed25519 builders: run Garaga's hint builder
+    over the signature halves + pubkey + signed message, then wrap in the
+    V2_SNIP12 envelope. The locally-signed and from-signature paths differ
+    ONLY in where (R, s, pubkey) come from.
+
+    Garaga's eddsa_calldata_builder produces:
+      [ Ry_low, Ry_high, s_low, s_high,
+        msg_len, msg_byte_0, ..., msg_byte_{msg_len-1},
+        *msm_hint, *sqrt_Rx_hint, *sqrt_Px_hint ]
+    """
     eddsa_sig = EdDSA25519Signature(
-        Ry_twisted=Ry_twisted,
+        Ry_twisted=ry_twisted,
         s=s_int,
-        Py_twisted=Py_twisted,
+        Py_twisted=py_twisted,
         msg=signed_bytes,
     )
     payload = eddsa_sig.serialize_with_hints(