import { E as EVMClient } from './EVMClient-Bmy9czkE.mjs'; import { b as SessionConfig, d as SessionManagerConfig, a as SessionKey, A as ActionParams, c as SessionSignature, g as SessionSignedAction, f as SessionEventCallback } from './types-C564CfsE.mjs'; import { PasskeyCredential } from './passkey.mjs'; import { RegisterSessionParams, RevokeSessionParams } from './types.mjs'; import { ethers } from 'ethers'; /** * Veridex Protocol SDK - Session Manager * * Manages ephemeral session keys for fast, native L1-speed transactions * after initial biometric authentication. * * Key Features: * - One-time Passkey auth to create session * - Instant software-backed signing for subsequent transactions * - Query-based validation on Spokes (no VAA wait) * - ~400ms transactions after initial setup * - Secure encrypted storage (AES-GCM) * - Auto-refresh before expiry * - Per-session value limits */ /** * Interface for Hub contract interactions * * This should be implemented by chain clients (e.g., EVMHubClientAdapter). */ interface HubClient { /** * Register a session on the Hub * * @param params Registration parameters with Passkey signature * @returns Promise that resolves when registration completes */ registerSession(params: RegisterSessionParams): Promise; /** * Revoke a session on the Hub * * @param params Revocation parameters with Passkey signature * @returns Promise that resolves when revocation completes */ revokeSession(params: RevokeSessionParams): Promise; /** * Revoke all sessions for an identity on the Hub (emergency wipe). * * @param params WebAuthn-signed revocation covering all sessions. * @returns Number of sessions revoked. */ revokeAllSessions?(params: RevokeSessionParams): Promise; } /** * Manages session key lifecycle and signing operations * * Usage: * ```typescript * const manager = new SessionManager(credential, hubClient, passkeySign, config); * * // Create session (requires biometric) * const session = await manager.createSession(); * * // Sign actions instantly (no biometric) * const signature = await manager.signWithSession(action); * * // Revoke session (requires biometric) * await manager.revokeSession(); * ``` */ declare class SessionManager { private credential; private hubClient; private passkeySign; private currentSession; private storage; private config; private refreshTimer; private eventCallbacks; private debug; /** * @param credential User's Passkey credential (for Hub interaction) * @param hubClient Hub client for on-chain session operations * @param passkeySign Function to sign challenges with Passkey * @param config Session configuration * @param managerConfig SessionManager configuration */ constructor(credential: PasskeyCredential, hubClient: HubClient, passkeySign: (challenge: Uint8Array) => Promise, config: Partial, managerConfig?: SessionManagerConfig); private resolveConfig; /** * Create a new session (requires biometric authentication) * * Steps: * 1. Generate ephemeral secp256k1 key pair * 2. Sign session registration with Passkey * 3. Register session on Hub contract * 4. Store session securely (encrypted) * 5. Start auto-refresh timer (if enabled) * * @returns Created session key * @throws SessionError if registration fails */ createSession(configOverride?: Partial): Promise; /** * Load existing session from storage * * @returns Loaded session or null if no valid session exists */ loadSession(keyHash?: string): Promise; listSessions(): Promise; selectSession(keyHash: string): Promise; /** * Revoke the current session (requires biometric authentication) * * @throws SessionError if no active session or revocation fails */ revokeSession(keyHash?: string): Promise; /** * Revoke **all** sessions for this identity (emergency wipe). * * Requires a WebAuthn biometric prompt. If the Hub client does not * support batch revocation the method falls back to revoking the * local session only and throws so the caller knows the on-chain * wipe did not happen. */ revokeAllSessions(): Promise; /** * Sign an action with the session key (instant, no biometric) * * @param action Action parameters to sign * @returns Session signature * @throws SessionError if no active session, expired, or value exceeds limit */ signWithSession(action: ActionParams, keyHash?: string): Promise; /** * Sign an action and prepare for submission * * @param action Action parameters * @returns Session-signed action ready for submission */ signAction(action: ActionParams, keyHash?: string): Promise; /** * Check if a session is currently active * * @returns True if an active, non-expired session exists */ isActive(): boolean; /** * Get current session information (if active) * * @returns Current session or null */ getSession(): SessionKey | null; /** * Get time remaining until session expiry (in seconds) * * @returns Seconds until expiry, or 0 if no active session */ getTimeRemaining(): number; /** * Schedule automatic session refresh */ private scheduleRefresh; /** * Refresh the current session (creates a new session) * * @returns New session key */ refreshSession(): Promise; /** * Register an event callback */ on(callback: SessionEventCallback): void; /** * Unregister an event callback */ off(callback: SessionEventCallback): void; /** * Emit a session event */ private emit; /** * Log debug message (if debug enabled) */ private log; /** * Cleanup resources */ dispose(): void; } /** * Veridex Protocol SDK - EVM Hub Client Adapter * * Adapts EVMClient to work with SessionManager's HubClient interface. * Provides a clean integration layer between session management and chain clients. */ /** * Adapter that makes EVMClient compatible with SessionManager's HubClient interface * * Usage: * ```typescript * const hubAdapter = new EVMHubClientAdapter(evmClient, signer); * const sessionManager = new SessionManager( * credential, * hubAdapter, * config * ); * ``` */ declare class EVMHubClientAdapter implements HubClient { private evmClient; private signer; constructor(evmClient: EVMClient, signer: ethers.Signer); /** * Register a session on the Hub * * @param params Registration parameters with Passkey signature * @returns Promise that resolves when registration completes */ registerSession(params: RegisterSessionParams): Promise; /** * Revoke a session on the Hub * * @param params Revocation parameters with Passkey signature * @returns Promise that resolves when revocation completes */ revokeSession(params: RevokeSessionParams): Promise; /** * Revoke all sessions for an identity on the Hub. * * Currently delegates to the single-revoke path since the Hub contract * does not yet expose a batch-revoke entry point. Subclasses or future * Hub versions can override this with a true batch call. * * @param params Revocation parameters with Passkey signature * @returns Number of sessions revoked (always 1 for now) */ revokeAllSessions(params: RevokeSessionParams): Promise; /** * Update the signer (e.g., when switching accounts) * * @param signer New Ethereum signer */ updateSigner(signer: ethers.Signer): void; } export { EVMHubClientAdapter as E, type HubClient as H, SessionManager as S };