import { PasskeyManager, PasskeyCredential } from '../../passkey.mjs'; /** * Veridex Protocol SDK — Stellar chain types * * Local mirror of the subset of the Stellar-Wallets-Kit `ModuleInterface` * contract we implement. We mirror it (rather than importing from * `@creit.tech/stellar-wallets-kit`) so `@veridex/sdk` does not gain a hard * peer dependency on the kit. Consumers who already depend on the kit can * cast our module to the upstream type — the shapes are structurally * identical. * * Upstream reference: `@creit.tech/stellar-wallets-kit` → * src/types/mod.ts → `ModuleInterface` */ declare enum StellarNetworks { PUBLIC = "Public Global Stellar Network ; September 2015", TESTNET = "Test SDF Network ; September 2015", FUTURENET = "Test SDF Future Network ; October 2022", SANDBOX = "Local Sandbox Stellar Network ; September 2022", STANDALONE = "Standalone Network ; February 2017" } declare enum StellarModuleType { HW_WALLET = "HW_WALLET", HOT_WALLET = "HOT_WALLET", BRIDGE_WALLET = "BRIDGE_WALLET", AIR_GAPED_WALLET = "AIR_GAPED_WALLET" } interface StellarKitError { code: number; message: string; ext?: string; } /** * Stellar-Wallets-Kit `ModuleInterface` mirror. * Only the methods we implement are documented; signature-compatible with * the upstream contract. */ interface StellarWalletModuleInterface { moduleType: StellarModuleType; productId: string; productName: string; productUrl: string; productIcon: string; isAvailable(): Promise; isPlatformWrapper?(): Promise; getAddress(params?: { path?: string; skipRequestAccess?: boolean; }): Promise<{ address: string; }>; signTransaction(xdr: string, opts?: { networkPassphrase?: string; address?: string; path?: string; }): Promise<{ signedTxXdr: string; signerAddress?: string; }>; signAuthEntry(authEntry: string, opts?: { networkPassphrase?: string; address?: string; path?: string; }): Promise<{ signedAuthEntry: string; signerAddress?: string; }>; signMessage(message: string, opts?: { networkPassphrase?: string; address?: string; path?: string; }): Promise<{ signedMessage: string; signerAddress?: string; }>; } /** * Veridex-specific configuration for the Stellar passkey signer. */ interface VeridexStellarConfig { /** Stellar network passphrase. Defaults to TESTNET. */ network?: StellarNetworks; /** * Soroban RPC URL (used to resolve the smart-account address or submit * transactions when `signAndSubmitTransaction` is invoked). */ rpcUrl?: string; /** * Optional pre-deployed smart-account contract id (C-address). If * provided, `getAddress()` returns this directly. Otherwise the address * is derived deterministically from the passkey `keyHash`. */ smartAccountContractId?: string; /** * Override the deterministic smart-account factory contract. Used for * address derivation when `smartAccountContractId` is not set. */ smartAccountFactory?: string; } /** * A signed WebAuthn assertion ready to be embedded in a Soroban auth entry. * * The shape matches what a Soroban smart-account's `__check_auth` entrypoint * needs to verify a secp256r1 passkey signature: * - `keyHash` identifies which registered passkey signed * - `authenticatorData` + `clientDataJSON` are the WebAuthn assertion * - `r`, `s` are the secp256r1 signature components */ interface PasskeyAuthAssertion { keyHash: string; authenticatorData: string; clientDataJSON: string; challengeIndex: number; typeIndex: number; signatureR: string; signatureS: string; } /** * Veridex Protocol SDK — Stellar Passkey Signer * * Bridges Veridex's WebAuthn `PasskeyManager` to the SEP-43 signing surface * expected by Soroban smart accounts (and the Stellar-Wallets-Kit * `ModuleInterface`). * * Design: * - The signer treats every SEP-43 signing call (transaction / auth entry * / message) as a request to produce a WebAuthn assertion over the * SHA-256 of a canonical preimage. * - For a transaction we hash `network_id || tagged_tx_envelope` per the * XDR-hash spec; for an auth entry we hash the * `HashIdPreimageSorobanAuthorization`; for a message we hash the bytes * directly. * - The returned `signedTxXdr` / `signedAuthEntry` strings are * base64-encoded JSON containers carrying the assertion. The downstream * Soroban smart-account contract (`__check_auth`) is responsible for * parsing the container, verifying secp256r1, and authorizing. * * This separation lets `@veridex/sdk` ship without a hard dependency on * `@stellar/stellar-sdk`. Consumers who want full XDR-aware signing can * subclass and override `hashTransactionXdr` / `hashAuthEntry`. */ interface StellarPasskeySignerOptions { passkey: PasskeyManager; credential?: PasskeyCredential; config?: VeridexStellarConfig; } declare class StellarPasskeySigner { private readonly passkey; private credential?; private readonly network; private readonly smartAccountContractId?; constructor(opts: StellarPasskeySignerOptions); /** * Returns the Soroban smart-account address (C-address-derivable hex) * associated with the active passkey. If a fixed contract id was * configured we return it verbatim; otherwise we derive deterministically. */ getAddress(skipRequestAccess?: boolean): Promise<{ address: string; }>; /** * Produce a SEP-43 `signedTxXdr` for the given transaction envelope XDR. * * Because we do not bundle `@stellar/stellar-sdk` we hash the XDR's * binary form prefixed with the network passphrase. Consumers that need * canonical Stellar transaction hashes should preprocess `xdr` to the * spec-compliant preimage before calling, or override this method. */ signTransaction(xdr: string, opts?: { networkPassphrase?: string; address?: string; }): Promise<{ signedTxXdr: string; signerAddress: string; }>; /** * Sign a Soroban `HashIdPreimageSorobanAuthorization` XDR. The auth * entry payload is hashed and wrapped identically to a transaction. */ signAuthEntry(authEntry: string, opts?: { networkPassphrase?: string; address?: string; }): Promise<{ signedAuthEntry: string; signerAddress: string; }>; /** * Sign an arbitrary message per SEP-43 `signMessage`. */ signMessage(message: string, opts?: { networkPassphrase?: string; address?: string; }): Promise<{ signedMessage: string; signerAddress: string; }>; protected hashTransactionXdr(xdr: string, networkPassphrase: string): Uint8Array; protected hashAuthEntry(authEntry: string, networkPassphrase: string): Uint8Array; private signChallenge; private ensureCredential; private encodeAssertionContainer; private decodeBase64; } /** * Veridex Protocol SDK — Stellar-Wallets-Kit ModuleInterface implementation * * Drop-in module for `@creit.tech/stellar-wallets-kit` that exposes * Veridex's passkey-backed Soroban smart account as a wallet option. * * Usage (downstream app): * ```ts * import { StellarWalletsKit, allowAllModules } from '@creit.tech/stellar-wallets-kit'; * import { PasskeyManager } from '@veridex/sdk/passkey'; * import { VeridexStellarWalletModule } from '@veridex/sdk/chains/stellar'; * * const passkey = new PasskeyManager({ rpName: 'My Dapp' }); * const veridexModule = new VeridexStellarWalletModule({ passkey }); * * const kit = new StellarWalletsKit({ * network: WalletNetwork.TESTNET, * selectedWalletId: VERIDEX_PASSKEY_ID, * modules: [...allowAllModules(), veridexModule], * }); * ``` */ declare const VERIDEX_PASSKEY_ID = "veridex-passkey"; interface VeridexStellarWalletModuleOptions { passkey: PasskeyManager; credential?: PasskeyCredential; config?: VeridexStellarConfig; productName?: string; productUrl?: string; productIcon?: string; } declare class VeridexStellarWalletModule implements StellarWalletModuleInterface { readonly moduleType: StellarModuleType; readonly productId: string; readonly productName: string; readonly productUrl: string; readonly productIcon: string; private readonly signer; constructor(opts: VeridexStellarWalletModuleOptions); isAvailable(): Promise; isPlatformWrapper(): Promise; getAddress(params?: { path?: string; skipRequestAccess?: boolean; }): Promise<{ address: string; }>; signTransaction(xdr: string, opts?: { networkPassphrase?: string; address?: string; path?: string; }): Promise<{ signedTxXdr: string; signerAddress?: string; }>; signAuthEntry(authEntry: string, opts?: { networkPassphrase?: string; address?: string; path?: string; }): Promise<{ signedAuthEntry: string; signerAddress?: string; }>; signMessage(message: string, opts?: { networkPassphrase?: string; address?: string; path?: string; }): Promise<{ signedMessage: string; signerAddress?: string; }>; } /** * Veridex Protocol SDK — Soroban smart-account address derivation * * The Veridex Stellar adapter binds a WebAuthn passkey to a Soroban smart * account whose `__check_auth` entry verifies secp256r1 signatures against * the passkey's `keyHash`. * * For the credibility-artifact stage we expose deterministic address * derivation only — actual deployment is handled by a separate Soroban * factory contract (see `contracts/stellar/` once added). This keeps the * SDK chain-agnostic and avoids pulling in the heavy `@stellar/stellar-sdk` * runtime. */ /** * Deterministically derive a Soroban contract id (C-address) from a passkey * `keyHash`. This mirrors the SEP-0011 Stellar contract-id derivation * scheme: contract_id = sha256(networkPassphrase || keyHash || salt). * * NOTE: This returns a stable 32-byte identifier encoded as hex. To produce * a canonical `C...` strkey representation the consumer must encode it with * `StrKey.encodeContract` from `@stellar/stellar-sdk`. We deliberately keep * the encoding out of `@veridex/sdk` to avoid a hard dependency. * * @param keyHash - The Veridex passkey keyHash (hex, with or without 0x). * @param networkPassphrase - Stellar network passphrase (e.g. testnet). * @param salt - Optional 32-byte salt (hex). Defaults to all-zeros. * @returns The 32-byte contract id encoded as a 0x-prefixed hex string. */ declare function deriveSmartAccountId(keyHash: string, networkPassphrase: string, salt?: string): string; export { type PasskeyAuthAssertion, type StellarKitError, StellarModuleType, StellarNetworks, StellarPasskeySigner, type StellarPasskeySignerOptions, type StellarWalletModuleInterface, VERIDEX_PASSKEY_ID, type VeridexStellarConfig, VeridexStellarWalletModule, type VeridexStellarWalletModuleOptions, deriveSmartAccountId };