diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 49d5f2d5..2bcdb32e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -86,6 +86,51 @@ jobs: - name: Run tests run: npm test + web: + runs-on: ubuntu-latest + defaults: + run: + working-directory: bindings/web + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + with: + node-version: "22" + + - name: Install Rust toolchain + run: | + rustup show active-toolchain || rustup install + rustup target add wasm32-unknown-unknown + + - name: Install wasm-pack + uses: taiki-e/install-action@94a7388bec5d4c8dd93e3ebf09e0ff448f3f6f4d # v2.68.35 + with: + tool: wasm-pack + + - name: Cache cargo registry and build + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + with: + path: | + ~/.cargo/registry + ~/.cargo/git + bindings/web/target + key: ${{ runner.os }}-web-cargo-${{ hashFiles('bindings/web/Cargo.lock') }} + restore-keys: ${{ runner.os }}-web-cargo- + + - name: Verify Cargo.lock is up to date + run: cargo metadata --locked --format-version 1 > /dev/null + + - name: Check Rust bindings + run: cargo check --features fast-kdf + + - name: Build WASM package + run: wasm-pack build --dev --target bundler --out-dir pkg --features fast-kdf + + - name: Run JS tests + run: npm test + node-cross-compile: runs-on: ubuntu-latest defaults: diff --git a/.gitignore b/.gitignore index 2d010ab2..a751a8de 100644 --- a/.gitignore +++ b/.gitignore @@ -21,6 +21,9 @@ bindings/node/index.d.ts bindings/node/npm/*/*.node bindings/node/artifacts/ +# Web bindings +bindings/web/pkg/ + # Website website/docs/md/ website-docs/md/ diff --git a/README.md b/README.md index 9321762e..e6ff1b0b 100644 --- a/README.md +++ b/README.md @@ -27,12 +27,15 @@ Or install only what you need: npm install @open-wallet-standard/core # Node.js SDK npm install -g @open-wallet-standard/core # Node.js SDK + CLI (provides `ows` command) npm install @open-wallet-standard/adapters # Framework adapters (viem, Solana, WDK) +npm install @open-wallet-standard/web # Browser WASM SDK pip install open-wallet-standard # Python cd ows && cargo build --workspace --release # From source ``` The language bindings are **fully self-contained** — they embed the Rust core via native FFI. Installing globally with `-g` also provides the `ows` CLI. The [`@open-wallet-standard/adapters`](https://www.npmjs.com/package/@open-wallet-standard/adapters) package plugs an OWS wallet into viem, `@solana/web3.js`, and the Tether WDK. +For websites, [`@open-wallet-standard/web`](bindings/web) provides a WASM SDK with browser storage adapters for OWS wallet, API-key, and policy artifacts. + ## Quick Start ```bash @@ -153,6 +156,7 @@ Reference implementation documentation: - [Quickstart](docs/quickstart.md) - [CLI Reference](docs/sdk-cli.md) - [Node.js SDK](docs/sdk-node.md) +- [Browser WASM SDK](docs/sdk-web.md) - [Python SDK](docs/sdk-python.md) - [Policy Engine Implementation Guide](docs/03-policy-engine.md) diff --git a/bindings/web/Cargo.lock b/bindings/web/Cargo.lock new file mode 100644 index 00000000..6e53c22f --- /dev/null +++ b/bindings/web/Cargo.lock @@ -0,0 +1,2412 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + +[[package]] +name = "aes" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "aes-gcm" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + +[[package]] +name = "allocator-api2" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" + +[[package]] +name = "android_system_properties" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +dependencies = [ + "libc", +] + +[[package]] +name = "anyhow" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" + +[[package]] +name = "arrayvec" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50" + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base64" +version = "0.21.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "base64ct" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" + +[[package]] +name = "bech32" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d86b93f97252c47b41663388e6d155714a9d0c398b99f1005cbc5f978b29f445" + +[[package]] +name = "bech32" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32637268377fc7b10a8c6d51de3e7fba1ce5dd371a96e342b34e6078db558e7f" + +[[package]] +name = "bigdecimal" +version = "0.4.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d6867f1565b3aad85681f1015055b087fcfd840d6aeee6eee7f2da317603695" +dependencies = [ + "autocfg", + "libm", + "num-bigint", + "num-integer", + "num-traits", + "serde", + "serde_json", +] + +[[package]] +name = "bitflags" +version = "2.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3" + +[[package]] +name = "bitvec" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bc2832c24239b0141d5674bb9174f9d68a8b5b3f2753311927c172ca46f7e9c" +dependencies = [ + "funty", + "radium", + "tap", + "wyz", +] + +[[package]] +name = "blake2" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" +dependencies = [ + "digest", +] + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "bs58" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf88ba1141d185c399bee5288d850d63b8369520c1eafc32a0430b5b6c287bf4" +dependencies = [ + "sha2", + "tinyvec", +] + +[[package]] +name = "bumpalo" +version = "3.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "cc" +version = "1.2.60" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43c5703da9466b66a946814e1adf53ea2c90f10063b86290cc9eb67ce3478a20" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "chrono" +version = "0.4.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0" +dependencies = [ + "iana-time-zone", + "js-sys", + "num-traits", + "serde", + "wasm-bindgen", + "windows-link", +] + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", +] + +[[package]] +name = "coins-bip32" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66c43ff7fd9ff522219058808a259e61423335767b1071d5b346de60d9219657" +dependencies = [ + "bs58", + "coins-core", + "digest", + "hmac", + "k256", + "serde", + "sha2", + "thiserror 1.0.69", +] + +[[package]] +name = "coins-bip39" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c4587c0b4064da887ed39a6522f577267d57e58bdd583178cd877d721b56a2e" +dependencies = [ + "bitvec", + "coins-bip32", + "hmac", + "once_cell", + "pbkdf2", + "rand 0.8.6", + "sha2", + "thiserror 1.0.69", +] + +[[package]] +name = "coins-core" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b3aeeec621f4daec552e9d28befd58020a78cfc364827d06a753e8bc13c6c4b" +dependencies = [ + "base64 0.21.7", + "bech32 0.9.1", + "bs58", + "const-hex", + "digest", + "generic-array", + "ripemd", + "serde", + "sha2", + "sha3", + "thiserror 1.0.69", +] + +[[package]] +name = "const-hex" +version = "1.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "531185e432bb31db1ecda541e9e7ab21468d4d844ad7505e0546a49b4945d49b" +dependencies = [ + "cfg-if", + "cpufeatures", + "proptest", + "serde_core", +] + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "critical-section" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "790eea4361631c5e7d22598ecd5723ff611904e3344ce8720784c93e3d83d40b" + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core 0.6.4", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a" +dependencies = [ + "generic-array", + "rand_core 0.6.4", + "typenum", +] + +[[package]] +name = "ctr" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" +dependencies = [ + "cipher", +] + +[[package]] +name = "curve25519-dalek" +version = "4.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest", + "fiat-crypto", + "rustc_version", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "darling" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25ae13da2f202d56bd7f91c25fba009e7717a1e4a1cc98a76d844b65ae912e9d" +dependencies = [ + "darling_core", + "darling_macro", +] + +[[package]] +name = "darling_core" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9865a50f7c335f53564bb694ef660825eb8610e0a53d3e11bf1b0d3df31e03b0" +dependencies = [ + "ident_case", + "proc-macro2", + "quote", + "strsim", + "syn 2.0.117", +] + +[[package]] +name = "darling_macro" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3984ec7bd6cfa798e62b4a642426a5be0e68f9401cfc2a01e3fa9ea2fcdb8d" +dependencies = [ + "darling_core", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid", + "zeroize", +] + +[[package]] +name = "deranged" +version = "0.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c" +dependencies = [ + "powerfmt", + "serde_core", +] + +[[package]] +name = "derive-new" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2cdc8d50f426189eef89dac62fabfa0abb27d5cc008f25bf4156a0203325becc" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "displaydoc" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "dyn-clone" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555" + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + +[[package]] +name = "ed25519" +version = "2.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" +dependencies = [ + "pkcs8", + "signature", +] + +[[package]] +name = "ed25519-dalek" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9" +dependencies = [ + "curve25519-dalek", + "ed25519", + "serde", + "sha2", + "subtle", + "zeroize", +] + +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest", + "ff", + "generic-array", + "group", + "pkcs8", + "rand_core 0.6.4", + "sec1", + "subtle", + "zeroize", +] + +[[package]] +name = "embassy-futures" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc2d050bdc5c21e0862a89256ed8029ae6c290a93aecefc73084b3002cdebb01" + +[[package]] +name = "embassy-sync" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d2c8cdff05a7a51ba0087489ea44b0b1d97a296ca6b1d6d1a33ea7423d34049" +dependencies = [ + "cfg-if", + "critical-section", + "embedded-io-async", + "futures-sink", + "futures-util", + "heapless", +] + +[[package]] +name = "embedded-io" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edd0f118536f44f5ccd48bcb8b111bdc3de888b58c74639dfb034a357d0f206d" + +[[package]] +name = "embedded-io-async" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3ff09972d4073aa8c299395be75161d582e7629cd663171d62af73c8d50dba3f" +dependencies = [ + "embedded-io", +] + +[[package]] +name = "equivalent" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" + +[[package]] +name = "errno" +version = "0.3.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" +dependencies = [ + "libc", + "windows-sys", +] + +[[package]] +name = "ff" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +dependencies = [ + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "fiat-crypto" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "fnv" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" + +[[package]] +name = "foldhash" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" + +[[package]] +name = "form_urlencoded" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf" +dependencies = [ + "percent-encoding", +] + +[[package]] +name = "funty" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" + +[[package]] +name = "futures-core" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d" + +[[package]] +name = "futures-sink" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893" + +[[package]] +name = "futures-task" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" + +[[package]] +name = "futures-util" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6" +dependencies = [ + "futures-core", + "futures-task", + "pin-project-lite", +] + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", + "zeroize", +] + +[[package]] +name = "getrandom" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +dependencies = [ + "cfg-if", + "js-sys", + "libc", + "wasi", + "wasm-bindgen", +] + +[[package]] +name = "getrandom" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" +dependencies = [ + "cfg-if", + "libc", + "r-efi 5.3.0", + "wasip2", +] + +[[package]] +name = "getrandom" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" +dependencies = [ + "cfg-if", + "libc", + "r-efi 6.0.0", + "wasip2", + "wasip3", +] + +[[package]] +name = "ghash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" +dependencies = [ + "opaque-debug", + "polyval", +] + +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "hash32" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47d60b12902ba28e2730cd37e95b8c9223af2808df9e902d4df49588d1470606" +dependencies = [ + "byteorder", +] + +[[package]] +name = "hashbrown" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" + +[[package]] +name = "hashbrown" +version = "0.15.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" +dependencies = [ + "allocator-api2", + "equivalent", + "foldhash", + "serde", +] + +[[package]] +name = "hashbrown" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4f467dd6dccf739c208452f8014c75c18bb8301b050ad1cfb27153803edb0f51" + +[[package]] +name = "heapless" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bfb9eb618601c89945a70e254898da93b13be0388091d42117462b265bb3fad" +dependencies = [ + "hash32", + "stable_deref_trait", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] +name = "iana-time-zone" +version = "0.1.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e31bc9ad994ba00e440a8aa5c9ef0ec67d5cb5e5cb0cc7f8b744a35b389cc470" +dependencies = [ + "android_system_properties", + "core-foundation-sys", + "iana-time-zone-haiku", + "js-sys", + "log", + "wasm-bindgen", + "windows-core", +] + +[[package]] +name = "iana-time-zone-haiku" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" +dependencies = [ + "cc", +] + +[[package]] +name = "icu_collections" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2984d1cd16c883d7935b9e07e44071dca8d917fd52ecc02c04d5fa0b5a3f191c" +dependencies = [ + "displaydoc", + "potential_utf", + "utf8_iter", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_locale_core" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92219b62b3e2b4d88ac5119f8904c10f8f61bf7e95b640d25ba3075e6cac2c29" +dependencies = [ + "displaydoc", + "litemap", + "tinystr", + "writeable", + "zerovec", +] + +[[package]] +name = "icu_normalizer" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c56e5ee99d6e3d33bd91c5d85458b6005a22140021cc324cea84dd0e72cff3b4" +dependencies = [ + "icu_collections", + "icu_normalizer_data", + "icu_properties", + "icu_provider", + "smallvec", + "zerovec", +] + +[[package]] +name = "icu_normalizer_data" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da3be0ae77ea334f4da67c12f149704f19f81d1adf7c51cf482943e84a2bad38" + +[[package]] +name = "icu_properties" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bee3b67d0ea5c2cca5003417989af8996f8604e34fb9ddf96208a033901e70de" +dependencies = [ + "icu_collections", + "icu_locale_core", + "icu_properties_data", + "icu_provider", + "zerotrie", + "zerovec", +] + +[[package]] +name = "icu_properties_data" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e2bbb201e0c04f7b4b3e14382af113e17ba4f63e2c9d2ee626b720cbce54a14" + +[[package]] +name = "icu_provider" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "139c4cf31c8b5f33d7e199446eff9c1e02decfc2f0eec2c8d71f65befa45b421" +dependencies = [ + "displaydoc", + "icu_locale_core", + "writeable", + "yoke", + "zerofrom", + "zerotrie", + "zerovec", +] + +[[package]] +name = "id-arena" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" + +[[package]] +name = "ident_case" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" + +[[package]] +name = "idna" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de" +dependencies = [ + "idna_adapter", + "smallvec", + "utf8_iter", +] + +[[package]] +name = "idna_adapter" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3acae9609540aa318d1bc588455225fb2085b9ed0c4f6bd0d9d5bcd86f1a0344" +dependencies = [ + "icu_normalizer", + "icu_properties", +] + +[[package]] +name = "indexmap" +version = "1.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" +dependencies = [ + "autocfg", + "hashbrown 0.12.3", + "serde", +] + +[[package]] +name = "indexmap" +version = "2.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9" +dependencies = [ + "equivalent", + "hashbrown 0.17.0", + "serde", + "serde_core", +] + +[[package]] +name = "inout" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" +dependencies = [ + "generic-array", +] + +[[package]] +name = "itoa" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682" + +[[package]] +name = "js-sys" +version = "0.3.95" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2964e92d1d9dc3364cae4d718d93f227e3abb088e747d92e0395bfdedf1c12ca" +dependencies = [ + "once_cell", + "wasm-bindgen", +] + +[[package]] +name = "k256" +version = "0.13.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b" +dependencies = [ + "cfg-if", + "ecdsa", + "elliptic-curve", + "once_cell", + "sha2", + "signature", +] + +[[package]] +name = "keccak" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653" +dependencies = [ + "cpufeatures", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" + +[[package]] +name = "leb128fmt" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" + +[[package]] +name = "libc" +version = "0.2.185" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52ff2c0fe9bc6cb6b14a0592c2ff4fa9ceb83eea9db979b0487cd054946a2b8f" + +[[package]] +name = "libm" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" + +[[package]] +name = "litemap" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92daf443525c4cce67b150400bc2316076100ce0b3686209eb8cf3c31612e6f0" + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "num-bigint" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" +dependencies = [ + "num-integer", + "num-traits", +] + +[[package]] +name = "num-conv" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6673768db2d862beb9b39a78fdcb1a69439615d5794a1be50caa9bc92c81967" + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + +[[package]] +name = "ows-core" +version = "1.3.2" +dependencies = [ + "chrono", + "serde", + "serde_json", + "thiserror 2.0.18", + "uuid", +] + +[[package]] +name = "ows-signer" +version = "1.3.2" +dependencies = [ + "aes-gcm", + "base64 0.22.1", + "bech32 0.11.1", + "blake2", + "bs58", + "coins-bip32", + "coins-bip39", + "digest", + "ed25519-dalek", + "hex", + "hkdf", + "hmac", + "k256", + "libc", + "ows-core", + "rand 0.8.6", + "ripemd", + "scrypt", + "serde", + "serde_json", + "sha2", + "sha3", + "signal-hook", + "thiserror 2.0.18", + "xrpl-rust", + "zeroize", +] + +[[package]] +name = "ows-web" +version = "1.3.2" +dependencies = [ + "chrono", + "getrandom 0.2.17", + "hex", + "ows-core", + "ows-signer", + "serde", + "serde_json", + "sha2", + "uuid", + "wasm-bindgen", + "zeroize", +] + +[[package]] +name = "password-hash" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166" +dependencies = [ + "base64ct", + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "pbkdf2" +version = "0.12.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" +dependencies = [ + "digest", + "hmac", +] + +[[package]] +name = "percent-encoding" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" + +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "polyval" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "potential_utf" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0103b1cef7ec0cf76490e969665504990193874ea05c85ff9bab8b911d0a0564" +dependencies = [ + "zerovec", +] + +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "prettyplease" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" +dependencies = [ + "proc-macro2", + "syn 2.0.117", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "proptest" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b45fcc2344c680f5025fe57779faef368840d0bd1f42f216291f0dc4ace4744" +dependencies = [ + "bitflags", + "num-traits", + "rand 0.9.4", + "rand_chacha 0.9.0", + "rand_xorshift", + "regex-syntax", + "unarray", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + +[[package]] +name = "r-efi" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" + +[[package]] +name = "radium" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09" + +[[package]] +name = "rand" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a" +dependencies = [ + "libc", + "rand_chacha 0.3.1", + "rand_core 0.6.4", +] + +[[package]] +name = "rand" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea" +dependencies = [ + "rand_chacha 0.9.0", + "rand_core 0.9.5", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core 0.6.4", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core 0.9.5", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.17", +] + +[[package]] +name = "rand_core" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" +dependencies = [ + "getrandom 0.3.4", +] + +[[package]] +name = "rand_hc" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b363d4f6370f88d62bf586c80405657bde0f0e1b8945d47d2ad59b906cb4f54" +dependencies = [ + "rand_core 0.6.4", +] + +[[package]] +name = "rand_xorshift" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "513962919efc330f829edb2535844d1b912b0fbe2ca165d613e4e8788bb05a5a" +dependencies = [ + "rand_core 0.9.5", +] + +[[package]] +name = "ref-cast" +version = "1.0.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f354300ae66f76f1c85c5f84693f0ce81d747e2c3f21a45fef496d89c960bf7d" +dependencies = [ + "ref-cast-impl", +] + +[[package]] +name = "ref-cast-impl" +version = "1.0.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7186006dcb21920990093f30e3dea63b7d6e977bf1256be20c3563a5db070da" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "regex" +version = "1.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276" +dependencies = [ + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" +dependencies = [ + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + +[[package]] +name = "ripemd" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd124222d17ad93a644ed9d011a40f4fb64aa54275c08cc216524a9ea82fb09f" +dependencies = [ + "digest", +] + +[[package]] +name = "rust_decimal" +version = "1.41.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2ce901f9a19d251159075a4c37af514c3b8ef99c22e02dd8c19161cf397ee94a" +dependencies = [ + "arrayvec", + "num-traits", + "serde", + "wasm-bindgen", +] + +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "salsa20" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97a22f5af31f73a954c10289c93e8a50cc23d971e80ee446f1f6f7137a088213" +dependencies = [ + "cipher", +] + +[[package]] +name = "schemars" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd191f9397d57d581cddd31014772520aa448f65ef991055d7f61582c65165f" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + +[[package]] +name = "schemars" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2b42f36aa1cd011945615b92222f6bf73c599a102a300334cd7f8dbeec726cc" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + +[[package]] +name = "scrypt" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f" +dependencies = [ + "password-hash", + "pbkdf2", + "salsa20", + "sha2", +] + +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + +[[package]] +name = "secp256k1" +version = "0.30.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b50c5943d326858130af85e049f2661ba3c78b26589b8ab98e65e80ae44a1252" +dependencies = [ + "secp256k1-sys", +] + +[[package]] +name = "secp256k1-sys" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4387882333d3aa8cb20530a17c69a3752e97837832f34f6dccc760e715001d9" +dependencies = [ + "cc", +] + +[[package]] +name = "semver" +version = "1.0.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd" + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "serde_json" +version = "1.0.149" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +dependencies = [ + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + +[[package]] +name = "serde_repr" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "175ee3e80ae9982737ca543e96133087cbd9a485eecc3bc4de9c1a37b47ea59c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "serde_with" +version = "3.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd5414fad8e6907dbdd5bc441a50ae8d6e26151a03b1de04d89a5576de61d01f" +dependencies = [ + "base64 0.22.1", + "chrono", + "hex", + "indexmap 1.9.3", + "indexmap 2.14.0", + "schemars 0.9.0", + "schemars 1.2.1", + "serde_core", + "serde_json", + "serde_with_macros", + "time", +] + +[[package]] +name = "serde_with_macros" +version = "3.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3db8978e608f1fe7357e211969fd9abdcae80bac1ba7a3369bb7eb6b404eb65" +dependencies = [ + "darling", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "sha3" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77fd7028345d415a4034cf8777cd4f8ab1851274233b45f84e3d955502d93874" +dependencies = [ + "digest", + "keccak", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signal-hook" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2a0c28ca5908dbdbcd52e6fdaa00358ab88637f8ab33e1f188dd510eb44b53d" +dependencies = [ + "libc", + "signal-hook-registry", +] + +[[package]] +name = "signal-hook-registry" +version = "1.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +dependencies = [ + "errno", + "libc", +] + +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core 0.6.4", +] + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "stable_deref_trait" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" + +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + +[[package]] +name = "strum" +version = "0.26.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fec0f0aef304996cf250b31b5a10dee7980c85da9d759361292b8bca5a18f06" + +[[package]] +name = "strum_macros" +version = "0.26.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c6bee85a5a24955dc440386795aa378cd9cf82acd5f764469152d2270e581be" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "rustversion", + "syn 2.0.117", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "1.0.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "synstructure" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "tap" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" + +[[package]] +name = "thiserror" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" +dependencies = [ + "thiserror-impl 1.0.69", +] + +[[package]] +name = "thiserror" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" +dependencies = [ + "thiserror-impl 2.0.18", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "thiserror-impl-no-std" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "58e6318948b519ba6dc2b442a6d0b904ebfb8d411a3ad3e07843615a72249758" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "thiserror-no-std" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a3ad459d94dd517257cc96add8a43190ee620011bb6e6cdc82dafd97dfafafea" +dependencies = [ + "thiserror-impl-no-std", +] + +[[package]] +name = "time" +version = "0.3.47" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c" +dependencies = [ + "deranged", + "itoa", + "num-conv", + "powerfmt", + "serde_core", + "time-core", + "time-macros", +] + +[[package]] +name = "time-core" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca" + +[[package]] +name = "time-macros" +version = "0.2.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215" +dependencies = [ + "num-conv", + "time-core", +] + +[[package]] +name = "tinystr" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8323304221c2a851516f22236c5722a72eaa19749016521d6dff0824447d96d" +dependencies = [ + "displaydoc", + "zerovec", +] + +[[package]] +name = "tinyvec" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e61e67053d25a4e82c844e8424039d9745781b3fc4f32b8d55ed50f5f667ef3" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + +[[package]] +name = "typenum" +version = "1.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de" + +[[package]] +name = "unarray" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94" + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "unicode-xid" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" + +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common", + "subtle", +] + +[[package]] +name = "url" +version = "2.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", +] + +[[package]] +name = "utf8_iter" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" + +[[package]] +name = "uuid" +version = "1.23.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd74a9687298c6858e9b88ec8935ec45d22e8fd5e6394fa1bd4e99a87789c76" +dependencies = [ + "getrandom 0.4.2", + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasip2" +version = "1.0.3+wasi-0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6" +dependencies = [ + "wit-bindgen 0.57.1", +] + +[[package]] +name = "wasip3" +version = "0.4.0+wasi-0.3.0-rc-2026-01-06" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" +dependencies = [ + "wit-bindgen 0.51.0", +] + +[[package]] +name = "wasm-bindgen" +version = "0.2.118" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bf938a0bacb0469e83c1e148908bd7d5a6010354cf4fb73279b7447422e3a89" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "serde", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.118" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eeff24f84126c0ec2db7a449f0c2ec963c6a49efe0698c4242929da037ca28ed" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.118" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d08065faf983b2b80a79fd87d8254c409281cf7de75fc4b773019824196c904" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn 2.0.117", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.118" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5fd04d9e306f1907bd13c6361b5c6bfc7b3b3c095ed3f8a9246390f8dbdee129" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "wasm-encoder" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" +dependencies = [ + "leb128fmt", + "wasmparser", +] + +[[package]] +name = "wasm-metadata" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" +dependencies = [ + "anyhow", + "indexmap 2.14.0", + "wasm-encoder", + "wasmparser", +] + +[[package]] +name = "wasmparser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" +dependencies = [ + "bitflags", + "hashbrown 0.15.5", + "indexmap 2.14.0", + "semver", +] + +[[package]] +name = "windows-core" +version = "0.62.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb" +dependencies = [ + "windows-implement", + "windows-interface", + "windows-link", + "windows-result", + "windows-strings", +] + +[[package]] +name = "windows-implement" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "windows-interface" +version = "0.59.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-result" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-strings" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + +[[package]] +name = "wit-bindgen" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" +dependencies = [ + "wit-bindgen-rust-macro", +] + +[[package]] +name = "wit-bindgen" +version = "0.57.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e" + +[[package]] +name = "wit-bindgen-core" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" +dependencies = [ + "anyhow", + "heck", + "wit-parser", +] + +[[package]] +name = "wit-bindgen-rust" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" +dependencies = [ + "anyhow", + "heck", + "indexmap 2.14.0", + "prettyplease", + "syn 2.0.117", + "wasm-metadata", + "wit-bindgen-core", + "wit-component", +] + +[[package]] +name = "wit-bindgen-rust-macro" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" +dependencies = [ + "anyhow", + "prettyplease", + "proc-macro2", + "quote", + "syn 2.0.117", + "wit-bindgen-core", + "wit-bindgen-rust", +] + +[[package]] +name = "wit-component" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" +dependencies = [ + "anyhow", + "bitflags", + "indexmap 2.14.0", + "log", + "serde", + "serde_derive", + "serde_json", + "wasm-encoder", + "wasm-metadata", + "wasmparser", + "wit-parser", +] + +[[package]] +name = "wit-parser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" +dependencies = [ + "anyhow", + "id-arena", + "indexmap 2.14.0", + "log", + "semver", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser", +] + +[[package]] +name = "writeable" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ffae5123b2d3fc086436f8834ae3ab053a283cfac8fe0a0b8eaae044768a4c4" + +[[package]] +name = "wyz" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed" +dependencies = [ + "tap", +] + +[[package]] +name = "xrpl-rust" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "84f1baf87fce6470794dd95d125864dc08b1aeef4c7dc3931cad039deae7b544" +dependencies = [ + "bigdecimal", + "bs58", + "chrono", + "crypto-bigint", + "derive-new", + "ed25519-dalek", + "embassy-futures", + "embassy-sync", + "fnv", + "hashbrown 0.15.5", + "hex", + "indexmap 2.14.0", + "lazy_static", + "rand 0.8.6", + "rand_hc", + "regex", + "ripemd", + "rust_decimal", + "secp256k1", + "serde", + "serde_json", + "serde_repr", + "serde_with", + "sha2", + "strum", + "strum_macros", + "thiserror-no-std", + "url", + "xrpl-rust-macros", + "zeroize", +] + +[[package]] +name = "xrpl-rust-macros" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9c5a56d688dd492c201011c19933a9d0e64452d3763bc88624dde91fff37164" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "yoke" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "abe8c5fda708d9ca3df187cae8bfb9ceda00dd96231bed36e445a1a48e66f9ca" +dependencies = [ + "stable_deref_trait", + "yoke-derive", + "zerofrom", +] + +[[package]] +name = "yoke-derive" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de844c262c8848816172cef550288e7dc6c7b7814b4ee56b3e1553f275f1858e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", + "synstructure", +] + +[[package]] +name = "zerocopy" +version = "0.8.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eed437bf9d6692032087e337407a86f04cd8d6a16a37199ed57949d415bd68e9" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70e3cd084b1788766f53af483dd21f93881ff30d7320490ec3ef7526d203bad4" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "zerofrom" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69faa1f2a1ea75661980b013019ed6687ed0e83d069bc1114e2cc74c6c04c4df" +dependencies = [ + "zerofrom-derive", +] + +[[package]] +name = "zerofrom-derive" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11532158c46691caf0f2593ea8358fed6bbf68a0315e80aae9bd41fbade684a1" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", + "synstructure", +] + +[[package]] +name = "zeroize" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "zerotrie" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f9152d31db0792fa83f70fb2f83148effb5c1f5b8c7686c3459e361d9bc20bf" +dependencies = [ + "displaydoc", + "yoke", + "zerofrom", +] + +[[package]] +name = "zerovec" +version = "0.11.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90f911cbc359ab6af17377d242225f4d75119aec87ea711a880987b18cd7b239" +dependencies = [ + "yoke", + "zerofrom", + "zerovec-derive", +] + +[[package]] +name = "zerovec-derive" +version = "0.11.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "625dc425cab0dca6dc3c3319506e6593dcb08a9f387ea3b284dbd52a92c40555" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" diff --git a/bindings/web/Cargo.toml b/bindings/web/Cargo.toml new file mode 100644 index 00000000..db27be81 --- /dev/null +++ b/bindings/web/Cargo.toml @@ -0,0 +1,27 @@ +[package] +name = "ows-web" +version = "1.3.2" +edition = "2021" +license = "MIT" +description = "Browser WASM bindings for the Open Wallet Standard" +repository = "https://github.com/open-wallet-standard/core" + +[lib] +crate-type = ["cdylib", "rlib"] + +[features] +default = [] +fast-kdf = ["ows-signer/fast-kdf"] + +[dependencies] +chrono = "0.4" +getrandom = { version = "0.2", features = ["js"] } +hex = "0.4" +ows-core = { path = "../../ows/crates/ows-core", version = "=1.3.2" } +ows-signer = { path = "../../ows/crates/ows-signer", version = "=1.3.2" } +serde = { version = "1", features = ["derive"] } +serde_json = "1" +sha2 = "0.10" +uuid = { version = "1", features = ["js"] } +wasm-bindgen = "0.2" +zeroize = "1" diff --git a/bindings/web/README.md b/bindings/web/README.md new file mode 100644 index 00000000..6cd97935 --- /dev/null +++ b/bindings/web/README.md @@ -0,0 +1,53 @@ +# @open-wallet-standard/web + +Browser WASM bindings for OWS storage, wallet lifecycle, local signing, and declarative policy checks. + +## Install + +```bash +npm install @open-wallet-standard/web +``` + +## Usage + +```javascript +import { createOwsWeb, IndexedDbOwsStore } from "@open-wallet-standard/web"; + +const ows = await createOwsWeb({ + store: new IndexedDbOwsStore(), +}); + +const wallet = await ows.createWallet("agent-treasury"); +const sig = await ows.signMessage(wallet.id, "evm", "hello"); + +console.log(sig.signature); +``` + +## Storage + +The browser package keeps the same wallet, API-key, and policy JSON artifact formats as the native SDK. Storage is provided by an async store interface: + +```typescript +interface OwsWebStore { + ensureCollection(kind: "keys" | "policies" | "wallets"): Promise; + list(kind: "keys" | "policies" | "wallets"): Promise; + read(kind: "keys" | "policies" | "wallets", id: string): Promise; + remove(kind: "keys" | "policies" | "wallets", id: string): Promise; + write(kind: "keys" | "policies" | "wallets", id: string, json: string): Promise; +} +``` + +Adapters are included for IndexedDB, LightningFS-style filesystems, and memory-backed tests. + +## Browser Profile + +This package targets `Storage + Signing + Policy (declarative)`. + +Host-only features are intentionally unavailable in the browser build: + +- `signAndSend` +- CLI vault migration +- executable policies +- filesystem permission checks +- local audit log appenders +- OS process and memory hardening diff --git a/bindings/web/__test__/store.spec.mjs b/bindings/web/__test__/store.spec.mjs new file mode 100644 index 00000000..7f743c34 --- /dev/null +++ b/bindings/web/__test__/store.spec.mjs @@ -0,0 +1,79 @@ +import assert from "node:assert/strict"; +import test from "node:test"; + +import { LightningFsOwsStore } from "../src/stores/lightning-fs.js"; +import { MemoryOwsStore } from "../src/stores/memory.js"; + +class FakeFs { + constructor() { + this.dirs = new Set(["/"]); + this.files = new Map(); + } + + async mkdir(path) { + if (this.dirs.has(path)) { + const error = new Error("already exists"); + error.code = "EEXIST"; + throw error; + } + this.dirs.add(path); + } + + async readdir(path) { + if (!this.dirs.has(path)) { + const error = new Error("not found"); + error.code = "ENOENT"; + throw error; + } + const prefix = `${path}/`; + return [...this.files.keys()] + .filter((file) => file.startsWith(prefix)) + .map((file) => file.slice(prefix.length)) + .sort(); + } + + async readFile(path) { + if (!this.files.has(path)) { + const error = new Error("not found"); + error.code = "ENOENT"; + throw error; + } + return this.files.get(path); + } + + async unlink(path) { + this.files.delete(path); + } + + async writeFile(path, contents) { + this.files.set(path, contents); + } +} + +test("MemoryOwsStore stores collections independently", async () => { + const store = new MemoryOwsStore(); + + await store.write("wallets", "b", "{\"id\":\"b\"}"); + await store.write("wallets", "a", "{\"id\":\"a\"}"); + await store.write("keys", "a", "{\"id\":\"key\"}"); + + assert.deepEqual(await store.list("wallets"), ["a", "b"]); + assert.equal(await store.read("wallets", "a"), "{\"id\":\"a\"}"); + assert.equal(await store.read("keys", "a"), "{\"id\":\"key\"}"); + + await store.remove("wallets", "a"); + assert.deepEqual(await store.list("wallets"), ["b"]); +}); + +test("LightningFsOwsStore maps artifacts to JSON files", async () => { + const fs = new FakeFs(); + const store = new LightningFsOwsStore(fs, { root: "/vault" }); + + await store.write("policies", "base-only", "{\"id\":\"base-only\"}"); + + assert.deepEqual(await store.list("policies"), ["base-only"]); + assert.equal(await store.read("policies", "base-only"), "{\"id\":\"base-only\"}"); + + await store.remove("policies", "base-only"); + assert.equal(await store.read("policies", "base-only"), null); +}); diff --git a/bindings/web/index.d.ts b/bindings/web/index.d.ts new file mode 100644 index 00000000..e9ad3116 --- /dev/null +++ b/bindings/web/index.d.ts @@ -0,0 +1,158 @@ +export type OwsCollection = "keys" | "policies" | "wallets"; + +export interface OwsWebStore { + ensureCollection(kind: OwsCollection): Promise; + list(kind: OwsCollection): Promise; + read(kind: OwsCollection, id: string): Promise; + remove(kind: OwsCollection, id: string): Promise; + write(kind: OwsCollection, id: string, json: string): Promise; +} + +export interface AccountInfo { + address: string; + chainId: string; + derivationPath: string; +} + +export interface WalletInfo { + accounts: AccountInfo[]; + createdAt: string; + id: string; + name: string; +} + +export interface SignResult { + recoveryId?: number; + signature: string; +} + +export interface ApiKeyResult { + id: string; + name: string; + token: string; +} + +export interface PublicApiKey { + createdAt: string; + expiresAt?: string; + id: string; + name: string; + policyIds: string[]; + tokenHash: string; + walletIds: string[]; +} + +export interface CreateOwsWebOptions { + store?: OwsWebStore; +} + +export class OwsWebError extends Error { + code: string; + constructor(code: string, message: string); + static from(error: unknown): OwsWebError; +} + +export class OwsWeb { + constructor(store: OwsWebStore); + createApiKey( + name: string, + walletIds: string[], + policyIds: string[], + passphrase?: string, + expiresAt?: string, + ): Promise; + createPolicy(policy: object | string): Promise; + createWallet(name: string, passphrase?: string, words?: number): Promise; + deletePolicy(id: string): Promise; + deleteWallet(nameOrId: string): Promise; + deriveAddress(mnemonic: string, chain: string, index?: number): string; + exportWallet(nameOrId: string, passphrase?: string): Promise; + generateMnemonic(words?: number): string; + getPolicy(id: string): Promise; + getWallet(nameOrId: string): Promise; + importWalletMnemonic( + name: string, + mnemonic: string, + passphrase?: string, + index?: number, + ): Promise; + importWalletPrivateKey( + name: string, + privateKeyHex: string, + passphrase?: string, + chain?: string, + secp256k1Key?: string, + ed25519Key?: string, + ): Promise; + listApiKeys(): Promise; + listPolicies(): Promise; + listWallets(): Promise; + renameWallet(nameOrId: string, newName: string): Promise; + revokeApiKey(id: string): Promise; + signAndSend(): Promise; + signAuthorization( + wallet: string, + chain: string, + address: string, + nonce: string, + passphrase?: string, + index?: number, + ): Promise; + signHash( + wallet: string, + chain: string, + hashHex: string, + passphrase?: string, + index?: number, + ): Promise; + signMessage( + wallet: string, + chain: string, + message: string, + passphrase?: string, + encoding?: "hex" | "utf8", + index?: number, + ): Promise; + signTransaction( + wallet: string, + chain: string, + txHex: string, + passphrase?: string, + index?: number, + ): Promise; + signTypedData( + wallet: string, + chain: string, + typedDataJson: object | string, + passphrase?: string, + index?: number, + ): Promise; +} + +export class IndexedDbOwsStore implements OwsWebStore { + constructor(options?: { name?: string; version?: number }); + ensureCollection(kind: OwsCollection): Promise; + list(kind: OwsCollection): Promise; + read(kind: OwsCollection, id: string): Promise; + remove(kind: OwsCollection, id: string): Promise; + write(kind: OwsCollection, id: string, json: string): Promise; +} + +export class LightningFsOwsStore implements OwsWebStore { + constructor(fs: unknown, options?: { root?: string }); + ensureCollection(kind: OwsCollection): Promise; + list(kind: OwsCollection): Promise; + read(kind: OwsCollection, id: string): Promise; + remove(kind: OwsCollection, id: string): Promise; + write(kind: OwsCollection, id: string, json: string): Promise; +} + +export class MemoryOwsStore implements OwsWebStore { + ensureCollection(kind: OwsCollection): Promise; + list(kind: OwsCollection): Promise; + read(kind: OwsCollection, id: string): Promise; + remove(kind: OwsCollection, id: string): Promise; + write(kind: OwsCollection, id: string, json: string): Promise; +} + +export function createOwsWeb(options?: CreateOwsWebOptions): Promise; diff --git a/bindings/web/package.json b/bindings/web/package.json new file mode 100644 index 00000000..f26a0402 --- /dev/null +++ b/bindings/web/package.json @@ -0,0 +1,39 @@ +{ + "name": "@open-wallet-standard/web", + "version": "1.3.2", + "description": "Browser WASM bindings for the Open Wallet Standard", + "type": "module", + "main": "src/index.js", + "types": "index.d.ts", + "exports": { + ".": { + "types": "./index.d.ts", + "import": "./src/index.js" + }, + "./stores/indexeddb": { + "types": "./index.d.ts", + "import": "./src/stores/indexeddb.js" + }, + "./stores/lightning-fs": { + "types": "./index.d.ts", + "import": "./src/stores/lightning-fs.js" + }, + "./stores/memory": { + "types": "./index.d.ts", + "import": "./src/stores/memory.js" + } + }, + "files": [ + "README.md", + "index.d.ts", + "pkg", + "src" + ], + "scripts": { + "build": "wasm-pack build --target bundler --out-dir pkg", + "build:dev": "wasm-pack build --dev --target bundler --out-dir pkg --features fast-kdf", + "check": "cargo check --features fast-kdf", + "test": "node --test __test__/*.spec.mjs" + }, + "license": "MIT" +} diff --git a/bindings/web/src/index.js b/bindings/web/src/index.js new file mode 100644 index 00000000..7ec64e69 --- /dev/null +++ b/bindings/web/src/index.js @@ -0,0 +1,390 @@ +import * as wasm from "../pkg/ows_web.js"; +import { IndexedDbOwsStore } from "./stores/indexeddb.js"; + +const COLLECTIONS = ["keys", "policies", "wallets"]; +const HEX = "0123456789abcdef"; + +export { IndexedDbOwsStore } from "./stores/indexeddb.js"; +export { LightningFsOwsStore } from "./stores/lightning-fs.js"; +export { MemoryOwsStore } from "./stores/memory.js"; + +export class OwsWebError extends Error { + constructor(code, message) { + super(message); + this.code = code; + this.name = "OwsWebError"; + } + + static from(error) { + const raw = typeof error === "string" ? error : error?.message ?? String(error); + try { + const parsed = JSON.parse(raw); + if (parsed?.code && parsed?.message) { + return new OwsWebError(parsed.code, parsed.message); + } + } catch { + // Fall through to the generic wrapper below. + } + return new OwsWebError("UNKNOWN", raw); + } +} + +function ensureCrypto() { + if (!globalThis.crypto?.getRandomValues) { + throw new OwsWebError("UNSUPPORTED_BROWSER_FEATURE", "crypto.getRandomValues is required"); + } + return globalThis.crypto; +} + +function nowIso() { + return new Date().toISOString(); +} + +function randomBytes(length) { + const bytes = new Uint8Array(length); + ensureCrypto().getRandomValues(bytes); + return bytes; +} + +function randomHex(length) { + let out = ""; + for (const byte of randomBytes(length)) { + out += HEX[byte >> 4] + HEX[byte & 15]; + } + return out; +} + +function randomToken() { + return `ows_key_${randomHex(32)}`; +} + +function randomUuid() { + const crypto = ensureCrypto(); + if (crypto.randomUUID) { + return crypto.randomUUID(); + } + + const bytes = randomBytes(16); + bytes[6] = (bytes[6] & 0x0f) | 0x40; + bytes[8] = (bytes[8] & 0x3f) | 0x80; + const hex = [...bytes].map((byte) => HEX[byte >> 4] + HEX[byte & 15]); + return `${hex.slice(0, 4).join("")}-${hex.slice(4, 6).join("")}-${hex + .slice(6, 8) + .join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10, 16).join("")}`; +} + +function stringify(value) { + return JSON.stringify(value); +} + +function unsupported(name) { + throw new OwsWebError("UNSUPPORTED_BROWSER_FEATURE", `${name} is not supported in browser`); +} + +function wasmJson(call) { + try { + return JSON.parse(call()); + } catch (error) { + throw OwsWebError.from(error); + } +} + +function wasmString(call) { + try { + return call(); + } catch (error) { + throw OwsWebError.from(error); + } +} + +export async function createOwsWeb({ store } = {}) { + const resolvedStore = store ?? new IndexedDbOwsStore(); + for (const kind of COLLECTIONS) { + await resolvedStore.ensureCollection(kind); + } + return new OwsWeb(resolvedStore); +} + +export class OwsWeb { + constructor(store) { + this.store = store; + } + + async #collection(kind) { + await this.store.ensureCollection(kind); + const ids = await this.store.list(kind); + const values = []; + for (const id of ids.sort()) { + const json = await this.store.read(kind, id); + if (json) { + values.push(JSON.parse(json)); + } + } + return stringify(values); + } + + async #keys() { + return this.#collection("keys"); + } + + async #policies() { + return this.#collection("policies"); + } + + async #wallets() { + return this.#collection("wallets"); + } + + async #write(kind, artifact) { + await this.store.write(kind, artifact.id, stringify(artifact)); + } + + deriveAddress(mnemonic, chain, index = 0) { + return wasmString(() => wasm.deriveAddress(mnemonic, chain, index)); + } + + generateMnemonic(words = 12) { + return wasmString(() => wasm.generateMnemonic(words)); + } + + async createApiKey(name, walletIds, policyIds, passphrase, expiresAt) { + const policies = await this.#policies(); + const wallets = await this.#wallets(); + const result = wasmJson(() => + wasm.createApiKey( + name, + stringify(walletIds), + stringify(policyIds), + passphrase ?? "", + expiresAt ?? "", + randomToken(), + randomUuid(), + nowIso(), + wallets, + policies, + ), + ); + await this.#write("keys", result.key); + return { + id: result.id, + name: result.name, + token: result.token, + }; + } + + async createPolicy(policy) { + const policyJson = typeof policy === "string" ? policy : stringify(policy); + const created = wasmJson(() => wasm.createPolicy(policyJson)); + await this.#write("policies", created); + return created; + } + + async createWallet(name, passphrase, words = 12) { + const wallets = await this.#wallets(); + const result = wasmJson(() => + wasm.createWallet(name, passphrase ?? "", words, wallets, randomUuid(), nowIso()), + ); + await this.#write("wallets", result.wallet); + return result.info; + } + + async deletePolicy(id) { + const policies = await this.#policies(); + const result = wasmJson(() => wasm.deletePolicy(id, policies)); + await this.store.remove("policies", result.id); + } + + async deleteWallet(nameOrId) { + const wallets = await this.#wallets(); + const result = wasmJson(() => wasm.deleteWallet(nameOrId, wallets)); + await this.store.remove("wallets", result.id); + } + + async exportWallet(nameOrId, passphrase) { + const wallets = await this.#wallets(); + return wasmString(() => wasm.exportWallet(nameOrId, passphrase ?? "", wallets)); + } + + async getPolicy(id) { + const policies = await this.#policies(); + return wasmJson(() => wasm.getPolicy(id, policies)); + } + + async getWallet(nameOrId) { + const wallets = await this.#wallets(); + return wasmJson(() => wasm.getWallet(nameOrId, wallets)); + } + + async importWalletMnemonic(name, mnemonic, passphrase, index = 0) { + const wallets = await this.#wallets(); + const result = wasmJson(() => + wasm.importWalletMnemonic( + name, + mnemonic, + passphrase ?? "", + index, + wallets, + randomUuid(), + nowIso(), + ), + ); + await this.#write("wallets", result.wallet); + return result.info; + } + + async importWalletPrivateKey( + name, + privateKeyHex, + passphrase, + chain, + secp256k1Key, + ed25519Key, + ) { + const wallets = await this.#wallets(); + const result = wasmJson(() => + wasm.importWalletPrivateKey( + name, + privateKeyHex, + passphrase ?? "", + chain ?? "", + secp256k1Key ?? "", + ed25519Key ?? "", + wallets, + randomUuid(), + nowIso(), + ), + ); + await this.#write("wallets", result.wallet); + return result.info; + } + + async listApiKeys() { + const keys = await this.#keys(); + return wasmJson(() => wasm.listApiKeys(keys)); + } + + async listPolicies() { + const policies = await this.#policies(); + return wasmJson(() => wasm.listPolicies(policies)); + } + + async listWallets() { + const wallets = await this.#wallets(); + return wasmJson(() => wasm.listWallets(wallets)); + } + + async renameWallet(nameOrId, newName) { + const wallets = await this.#wallets(); + const result = wasmJson(() => wasm.renameWallet(nameOrId, newName, wallets)); + await this.#write("wallets", result.wallet); + return result.info; + } + + async revokeApiKey(id) { + const keys = await this.#keys(); + const result = wasmJson(() => wasm.revokeApiKey(id, keys)); + await this.store.remove("keys", result.id); + } + + async signAndSend() { + unsupported("signAndSend"); + } + + async signAuthorization(wallet, chain, address, nonce, passphrase, index = 0) { + const keys = await this.#keys(); + const policies = await this.#policies(); + const wallets = await this.#wallets(); + return wasmJson(() => + wasm.signAuthorization( + wallet, + chain, + address, + nonce, + passphrase ?? "", + index, + nowIso(), + wallets, + keys, + policies, + ), + ); + } + + async signHash(wallet, chain, hashHex, passphrase, index = 0) { + const keys = await this.#keys(); + const policies = await this.#policies(); + const wallets = await this.#wallets(); + return wasmJson(() => + wasm.signHash( + wallet, + chain, + hashHex, + passphrase ?? "", + index, + nowIso(), + wallets, + keys, + policies, + ), + ); + } + + async signMessage(wallet, chain, message, passphrase, encoding = "utf8", index = 0) { + const keys = await this.#keys(); + const policies = await this.#policies(); + const wallets = await this.#wallets(); + return wasmJson(() => + wasm.signMessage( + wallet, + chain, + message, + passphrase ?? "", + encoding, + index, + nowIso(), + wallets, + keys, + policies, + ), + ); + } + + async signTransaction(wallet, chain, txHex, passphrase, index = 0) { + const keys = await this.#keys(); + const policies = await this.#policies(); + const wallets = await this.#wallets(); + return wasmJson(() => + wasm.signTransaction( + wallet, + chain, + txHex, + passphrase ?? "", + index, + nowIso(), + wallets, + keys, + policies, + ), + ); + } + + async signTypedData(wallet, chain, typedDataJson, passphrase, index = 0) { + const payload = typeof typedDataJson === "string" ? typedDataJson : stringify(typedDataJson); + const keys = await this.#keys(); + const policies = await this.#policies(); + const wallets = await this.#wallets(); + return wasmJson(() => + wasm.signTypedData( + wallet, + chain, + payload, + passphrase ?? "", + index, + nowIso(), + wallets, + keys, + policies, + ), + ); + } +} diff --git a/bindings/web/src/lib.rs b/bindings/web/src/lib.rs new file mode 100644 index 00000000..6eeda87f --- /dev/null +++ b/bindings/web/src/lib.rs @@ -0,0 +1,1478 @@ +#![allow(clippy::too_many_arguments)] + +use chrono::DateTime; +use ows_core::{ + default_chain_for_type, parse_chain as parse_ows_chain, ApiKeyFile, Chain, ChainType, + EncryptedWallet, KeyType, Policy, PolicyResult, PolicyRule, WalletAccount, ALL_CHAIN_TYPES, +}; +use ows_signer::{ + decrypt, eip712, encrypt, encrypt_with_hkdf, signer_for_chain, CryptoEnvelope, CryptoError, + Curve, HdDeriver, Mnemonic, MnemonicStrength, SecretBytes, SignerError, +}; +use serde::de::DeserializeOwned; +use serde::{Deserialize, Serialize}; +use sha2::{Digest, Sha256}; +use std::collections::HashMap; +use wasm_bindgen::prelude::*; +use zeroize::Zeroize; + +const TOKEN_PREFIX: &str = "ows_key_"; + +type WebResult = Result; + +#[derive(Debug)] +struct WebError { + code: &'static str, + message: String, +} + +#[derive(Serialize)] +struct ErrorPayload<'a> { + code: &'a str, + message: &'a str, +} + +impl WebError { + fn new(code: &'static str, message: impl Into) -> Self { + Self { + code, + message: message.into(), + } + } +} + +impl std::fmt::Display for WebError { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + write!(f, "{}: {}", self.code, self.message) + } +} + +impl From for WebError { + fn from(value: serde_json::Error) -> Self { + WebError::new("INVALID_INPUT", format!("JSON error: {value}")) + } +} + +impl From for WebError { + fn from(value: ows_signer::hd::HdError) -> Self { + WebError::new("INVALID_INPUT", value.to_string()) + } +} + +impl From for WebError { + fn from(value: ows_signer::mnemonic::MnemonicError) -> Self { + WebError::new("INVALID_INPUT", value.to_string()) + } +} + +impl From for WebError { + fn from(value: SignerError) -> Self { + WebError::new("INVALID_INPUT", value.to_string()) + } +} + +fn crypto_error(value: CryptoError) -> WebError { + match value { + CryptoError::DecryptionFailed(_) => { + WebError::new("INVALID_PASSPHRASE", "invalid passphrase") + } + _ => WebError::new("INVALID_INPUT", value.to_string()), + } +} + +fn invalid_input(message: impl Into) -> WebError { + WebError::new("INVALID_INPUT", message) +} + +fn to_js_error(error: WebError) -> JsValue { + let payload = ErrorPayload { + code: error.code, + message: &error.message, + }; + JsValue::from_str(&serde_json::to_string(&payload).unwrap_or_else(|_| error.to_string())) +} + +fn json_result(result: WebResult) -> Result { + result + .and_then(|value| serde_json::to_string(&value).map_err(WebError::from)) + .map_err(to_js_error) +} + +fn string_result(result: WebResult) -> Result { + result.map_err(to_js_error) +} + +fn parse_json(input: &str, label: &str) -> WebResult { + serde_json::from_str(input).map_err(|e| invalid_input(format!("failed to parse {label}: {e}"))) +} + +fn parse_wallets(input: &str) -> WebResult> { + parse_json(input, "wallets") +} + +fn parse_keys(input: &str) -> WebResult> { + parse_json(input, "API keys") +} + +fn parse_policies(input: &str) -> WebResult> { + parse_json(input, "policies") +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct AccountInfo { + pub chain_id: String, + pub address: String, + pub derivation_path: String, +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct WalletInfo { + pub accounts: Vec, + pub created_at: String, + pub id: String, + pub name: String, +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct SignResult { + pub recovery_id: Option, + pub signature: String, +} + +#[derive(Debug, Clone, Serialize)] +#[serde(rename_all = "camelCase")] +struct WalletWriteResult { + info: WalletInfo, + wallet: EncryptedWallet, +} + +#[derive(Debug, Clone, Serialize)] +#[serde(rename_all = "camelCase")] +struct DeleteResult { + id: String, +} + +#[derive(Debug, Clone, Serialize)] +#[serde(rename_all = "camelCase")] +struct ApiKeyResult { + id: String, + key: ApiKeyFile, + name: String, + token: String, +} + +#[derive(Debug, Clone, Serialize)] +#[serde(rename_all = "camelCase")] +struct PublicApiKey { + created_at: String, + expires_at: Option, + id: String, + name: String, + policy_ids: Vec, + token_hash: String, + wallet_ids: Vec, +} + +fn wallet_to_info(wallet: &EncryptedWallet) -> WalletInfo { + WalletInfo { + accounts: wallet + .accounts + .iter() + .map(|account| AccountInfo { + chain_id: account.chain_id.clone(), + address: account.address.clone(), + derivation_path: account.derivation_path.clone(), + }) + .collect(), + created_at: wallet.created_at.clone(), + id: wallet.id.clone(), + name: wallet.name.clone(), + } +} + +fn public_api_key(key: &ApiKeyFile) -> PublicApiKey { + PublicApiKey { + created_at: key.created_at.clone(), + expires_at: key.expires_at.clone(), + id: key.id.clone(), + name: key.name.clone(), + policy_ids: key.policy_ids.clone(), + token_hash: key.token_hash.clone(), + wallet_ids: key.wallet_ids.clone(), + } +} + +fn encrypted_wallet( + id: String, + name: String, + accounts: Vec, + crypto: serde_json::Value, + key_type: KeyType, + created_at: String, +) -> EncryptedWallet { + EncryptedWallet { + ows_version: 2, + id, + name, + created_at, + chain_type: None, + accounts, + crypto, + key_type, + metadata: serde_json::Value::Null, + } +} + +fn parse_chain(input: &str) -> WebResult { + parse_ows_chain(input).map_err(|message| WebError::new("CAIP_PARSE_ERROR", message)) +} + +fn find_wallet_index(wallets: &[EncryptedWallet], name_or_id: &str) -> WebResult { + if let Some(index) = wallets.iter().position(|wallet| wallet.id == name_or_id) { + return Ok(index); + } + + let matches: Vec = wallets + .iter() + .enumerate() + .filter_map(|(index, wallet)| (wallet.name == name_or_id).then_some(index)) + .collect(); + + match matches.len() { + 0 => Err(WebError::new( + "WALLET_NOT_FOUND", + format!("wallet not found: '{name_or_id}'"), + )), + 1 => Ok(matches[0]), + count => Err(invalid_input(format!( + "ambiguous wallet name '{name_or_id}' matches {count} wallets; use the wallet ID instead" + ))), + } +} + +fn find_wallet<'a>( + wallets: &'a [EncryptedWallet], + name_or_id: &str, +) -> WebResult<&'a EncryptedWallet> { + let index = find_wallet_index(wallets, name_or_id)?; + Ok(&wallets[index]) +} + +fn ensure_wallet_name_available(wallets: &[EncryptedWallet], name: &str) -> WebResult<()> { + if wallets.iter().any(|wallet| wallet.name == name) { + return Err(WebError::new( + "WALLET_NAME_EXISTS", + format!("wallet name already exists: '{name}'"), + )); + } + Ok(()) +} + +fn derive_all_accounts(mnemonic: &Mnemonic, index: u32) -> WebResult> { + let mut accounts = Vec::with_capacity(ALL_CHAIN_TYPES.len()); + for chain_type in ALL_CHAIN_TYPES { + let chain = default_chain_for_type(chain_type); + let signer = signer_for_chain(chain_type); + let path = signer.default_derivation_path(index); + let key = HdDeriver::derive_from_mnemonic(mnemonic, "", &path, signer.curve())?; + let address = signer.derive_address(key.expose())?; + accounts.push(WalletAccount { + account_id: format!("{}:{}", chain.chain_id, address), + address, + chain_id: chain.chain_id.to_string(), + derivation_path: path, + }); + } + Ok(accounts) +} + +struct KeyPair { + ed25519: Vec, + secp256k1: Vec, +} + +impl Drop for KeyPair { + fn drop(&mut self) { + self.ed25519.zeroize(); + self.secp256k1.zeroize(); + } +} + +impl KeyPair { + fn key_for_curve(&self, curve: Curve) -> &[u8] { + match curve { + Curve::Ed25519 => &self.ed25519, + Curve::Secp256k1 => &self.secp256k1, + } + } + + fn to_json_bytes(&self) -> Vec { + serde_json::json!({ + "ed25519": hex::encode(&self.ed25519), + "secp256k1": hex::encode(&self.secp256k1), + }) + .to_string() + .into_bytes() + } + + fn from_json_bytes(bytes: &[u8]) -> WebResult { + let value: serde_json::Value = serde_json::from_slice(bytes)?; + let ed25519 = value["ed25519"] + .as_str() + .ok_or_else(|| invalid_input("missing ed25519 key"))?; + let secp256k1 = value["secp256k1"] + .as_str() + .ok_or_else(|| invalid_input("missing secp256k1 key"))?; + Ok(KeyPair { + ed25519: decode_hex_key(ed25519)?, + secp256k1: decode_hex_key(secp256k1)?, + }) + } +} + +fn derive_all_accounts_from_keys(keys: &KeyPair) -> WebResult> { + let mut accounts = Vec::with_capacity(ALL_CHAIN_TYPES.len()); + for chain_type in ALL_CHAIN_TYPES { + let signer = signer_for_chain(chain_type); + let key = keys.key_for_curve(signer.curve()); + let address = signer.derive_address(key)?; + let chain = default_chain_for_type(chain_type); + accounts.push(WalletAccount { + account_id: format!("{}:{}", chain.chain_id, address), + address, + chain_id: chain.chain_id.to_string(), + derivation_path: String::new(), + }); + } + Ok(accounts) +} + +fn decode_hex_key(input: &str) -> WebResult> { + let trimmed = input.strip_prefix("0x").unwrap_or(input); + hex::decode(trimmed).map_err(|e| invalid_input(format!("invalid hex private key: {e}"))) +} + +fn secret_to_signing_key( + secret: &SecretBytes, + key_type: &KeyType, + chain_type: ChainType, + index: u32, +) -> WebResult { + match key_type { + KeyType::Mnemonic => { + let phrase = std::str::from_utf8(secret.expose()) + .map_err(|_| invalid_input("wallet contains invalid UTF-8 mnemonic"))?; + let mnemonic = Mnemonic::from_phrase(phrase)?; + let signer = signer_for_chain(chain_type); + let path = signer.default_derivation_path(index); + Ok(HdDeriver::derive_from_mnemonic( + &mnemonic, + "", + &path, + signer.curve(), + )?) + } + KeyType::PrivateKey => { + let keys = KeyPair::from_json_bytes(secret.expose())?; + let signer = signer_for_chain(chain_type); + Ok(SecretBytes::from_slice(keys.key_for_curve(signer.curve()))) + } + } +} + +fn decrypt_signing_key( + wallet: &EncryptedWallet, + chain_type: ChainType, + passphrase: &str, + index: u32, +) -> WebResult { + let envelope: CryptoEnvelope = serde_json::from_value(wallet.crypto.clone())?; + let secret = decrypt(&envelope, passphrase).map_err(crypto_error)?; + secret_to_signing_key(&secret, &wallet.key_type, chain_type, index) +} + +fn hash_token(token: &str) -> String { + hex::encode(Sha256::digest(token.as_bytes())) +} + +fn find_api_key_by_token<'a>(keys: &'a [ApiKeyFile], token: &str) -> WebResult<&'a ApiKeyFile> { + let token_hash = hash_token(token); + keys.iter() + .find(|key| key.token_hash == token_hash) + .ok_or(WebError::new("API_KEY_NOT_FOUND", "API key not found")) +} + +fn find_policy<'a>(policies: &'a [Policy], id: &str) -> WebResult<&'a Policy> { + policies + .iter() + .find(|policy| policy.id == id) + .ok_or_else(|| invalid_input(format!("policy not found: {id}"))) +} + +fn reject_executable_policy(policy: &Policy) -> WebResult<()> { + if policy.executable.is_some() { + return Err(WebError::new( + "UNSUPPORTED_BROWSER_FEATURE", + "executable policies are not supported in browser", + )); + } + Ok(()) +} + +fn parse_timestamp(input: &str, label: &str) -> WebResult> { + DateTime::parse_from_rfc3339(input) + .map_err(|e| invalid_input(format!("invalid {label} timestamp '{input}': {e}"))) +} + +fn check_expiry(key: &ApiKeyFile, now_iso: &str) -> WebResult<()> { + if let Some(expires_at) = &key.expires_at { + let now = parse_timestamp(now_iso, "current")?; + let expires = parse_timestamp(expires_at, "expires_at")?; + if now > expires { + return Err(WebError::new( + "API_KEY_EXPIRED", + format!("API key expired: {}", key.id), + )); + } + } + Ok(()) +} + +fn date_from_timestamp(now_iso: &str) -> String { + now_iso.split('T').next().unwrap_or(now_iso).to_string() +} + +fn parse_domain_chain_id(value: &serde_json::Value) -> Option { + value + .as_str() + .and_then(|s| s.parse::().ok()) + .or_else(|| value.as_u64()) +} + +fn evaluate_policies(policies: &[Policy], context: &ows_core::PolicyContext) -> PolicyResult { + for policy in policies { + if let Err(error) = reject_executable_policy(policy) { + return PolicyResult::denied(&policy.id, error.message); + } + + for rule in &policy.rules { + let result = match rule { + PolicyRule::AllowedChains { chain_ids } => { + if chain_ids + .iter() + .any(|chain_id| chain_id == &context.chain_id) + { + PolicyResult::allowed() + } else { + PolicyResult::denied( + &policy.id, + format!("chain {} not in allowlist", context.chain_id), + ) + } + } + PolicyRule::AllowedTypedDataContracts { contracts } => match &context.typed_data { + None => PolicyResult::allowed(), + Some(typed_data) => match &typed_data.verifying_contract { + None => PolicyResult::denied( + &policy.id, + "typed data has no verifyingContract but policy requires one", + ), + Some(contract) => { + let contract_lower = contract.to_lowercase(); + if contracts + .iter() + .any(|candidate| candidate.to_lowercase() == contract_lower) + { + PolicyResult::allowed() + } else { + PolicyResult::denied( + &policy.id, + format!("verifyingContract {contract} not in allowed list"), + ) + } + } + }, + }, + PolicyRule::ExpiresAt { timestamp } => { + match ( + parse_timestamp(&context.timestamp, "current"), + parse_timestamp(timestamp, "policy expiry"), + ) { + (Ok(now), Ok(expires)) if now > expires => PolicyResult::denied( + &policy.id, + format!("policy expired at {timestamp}"), + ), + (Ok(_), Ok(_)) => PolicyResult::allowed(), + _ => PolicyResult::denied( + &policy.id, + format!( + "invalid timestamp in expiry check: ctx={}, rule={}", + context.timestamp, timestamp + ), + ), + } + } + }; + + if !result.allow { + return result; + } + } + } + + PolicyResult::allowed() +} + +fn load_policies_for_key(key: &ApiKeyFile, policies: &[Policy]) -> WebResult> { + key.policy_ids + .iter() + .map(|id| find_policy(policies, id).cloned()) + .collect() +} + +fn policy_denied(result: PolicyResult) -> WebError { + WebError::new( + "POLICY_DENIED", + result.reason.unwrap_or_else(|| "denied".to_string()), + ) +} + +fn enforce_policy_and_decrypt_key( + token: &str, + wallet_name_or_id: &str, + chain: &Chain, + policy_raw_hex: String, + index: u32, + now_iso: &str, + wallets: &[EncryptedWallet], + keys: &[ApiKeyFile], + policies: &[Policy], +) -> WebResult { + let key_file = find_api_key_by_token(keys, token)?; + check_expiry(key_file, now_iso)?; + + let wallet = find_wallet(wallets, wallet_name_or_id)?; + if !key_file.wallet_ids.contains(&wallet.id) { + return Err(invalid_input(format!( + "API key '{}' does not have access to wallet '{}'", + key_file.name, wallet.id + ))); + } + + let attached_policies = load_policies_for_key(key_file, policies)?; + let context = ows_core::PolicyContext { + api_key_id: key_file.id.clone(), + chain_id: chain.chain_id.to_string(), + spending: ows_core::policy::SpendingContext { + daily_total: "0".to_string(), + date: date_from_timestamp(now_iso), + }, + timestamp: now_iso.to_string(), + transaction: ows_core::policy::TransactionContext { + data: None, + raw_hex: policy_raw_hex, + to: None, + value: None, + }, + typed_data: None, + wallet_id: wallet.id.clone(), + }; + + let result = evaluate_policies(&attached_policies, &context); + if !result.allow { + return Err(policy_denied(result)); + } + + decrypt_key_from_api_key(key_file, wallet, token, chain.chain_type, index) +} + +fn decrypt_key_from_api_key( + key: &ApiKeyFile, + wallet: &EncryptedWallet, + token: &str, + chain_type: ChainType, + index: u32, +) -> WebResult { + let envelope_value = key.wallet_secrets.get(&wallet.id).ok_or_else(|| { + invalid_input(format!( + "API key has no encrypted secret for wallet {}", + wallet.id + )) + })?; + let envelope: CryptoEnvelope = serde_json::from_value(envelope_value.clone())?; + let secret = decrypt(&envelope, token).map_err(crypto_error)?; + secret_to_signing_key(&secret, &wallet.key_type, chain_type, index) +} + +fn create_wallet_impl( + name: &str, + passphrase: &str, + words: u32, + wallets_json: &str, + wallet_id: &str, + created_at: &str, +) -> WebResult { + let wallets = parse_wallets(wallets_json)?; + ensure_wallet_name_available(&wallets, name)?; + + let strength = match words { + 12 => MnemonicStrength::Words12, + 24 => MnemonicStrength::Words24, + _ => return Err(invalid_input("words must be 12 or 24")), + }; + let mnemonic = Mnemonic::generate(strength)?; + let accounts = derive_all_accounts(&mnemonic, 0)?; + let phrase = mnemonic.phrase(); + let envelope = encrypt(phrase.expose(), passphrase).map_err(crypto_error)?; + let wallet = encrypted_wallet( + wallet_id.to_string(), + name.to_string(), + accounts, + serde_json::to_value(&envelope)?, + KeyType::Mnemonic, + created_at.to_string(), + ); + + Ok(WalletWriteResult { + info: wallet_to_info(&wallet), + wallet, + }) +} + +fn import_wallet_mnemonic_impl( + name: &str, + mnemonic_phrase: &str, + passphrase: &str, + index: u32, + wallets_json: &str, + wallet_id: &str, + created_at: &str, +) -> WebResult { + let wallets = parse_wallets(wallets_json)?; + ensure_wallet_name_available(&wallets, name)?; + + let mnemonic = Mnemonic::from_phrase(mnemonic_phrase)?; + let accounts = derive_all_accounts(&mnemonic, index)?; + let phrase = mnemonic.phrase(); + let envelope = encrypt(phrase.expose(), passphrase).map_err(crypto_error)?; + let wallet = encrypted_wallet( + wallet_id.to_string(), + name.to_string(), + accounts, + serde_json::to_value(&envelope)?, + KeyType::Mnemonic, + created_at.to_string(), + ); + + Ok(WalletWriteResult { + info: wallet_to_info(&wallet), + wallet, + }) +} + +#[allow(clippy::too_many_arguments)] +fn import_wallet_private_key_impl( + name: &str, + private_key_hex: &str, + passphrase: &str, + chain: &str, + secp256k1_key_hex: &str, + ed25519_key_hex: &str, + wallets_json: &str, + wallet_id: &str, + created_at: &str, +) -> WebResult { + let wallets = parse_wallets(wallets_json)?; + ensure_wallet_name_available(&wallets, name)?; + + let secp256k1_key = (!secp256k1_key_hex.is_empty()).then_some(secp256k1_key_hex); + let ed25519_key = (!ed25519_key_hex.is_empty()).then_some(ed25519_key_hex); + + let keys = match (secp256k1_key, ed25519_key) { + (Some(secp256k1_key), Some(ed25519_key)) => KeyPair { + ed25519: decode_hex_key(ed25519_key)?, + secp256k1: decode_hex_key(secp256k1_key)?, + }, + _ => { + let key_bytes = decode_hex_key(private_key_hex)?; + let source_curve = if chain.is_empty() { + Curve::Secp256k1 + } else { + let parsed = parse_chain(chain)?; + signer_for_chain(parsed.chain_type).curve() + }; + + let mut other_key = vec![0u8; 32]; + getrandom::getrandom(&mut other_key) + .map_err(|e| invalid_input(format!("failed to generate random key: {e}")))?; + + match source_curve { + Curve::Ed25519 => KeyPair { + ed25519: key_bytes, + secp256k1: secp256k1_key + .map(decode_hex_key) + .transpose()? + .unwrap_or(other_key), + }, + Curve::Secp256k1 => KeyPair { + ed25519: ed25519_key + .map(decode_hex_key) + .transpose()? + .unwrap_or(other_key), + secp256k1: key_bytes, + }, + } + } + }; + + let accounts = derive_all_accounts_from_keys(&keys)?; + let envelope = encrypt(&keys.to_json_bytes(), passphrase).map_err(crypto_error)?; + let wallet = encrypted_wallet( + wallet_id.to_string(), + name.to_string(), + accounts, + serde_json::to_value(&envelope)?, + KeyType::PrivateKey, + created_at.to_string(), + ); + + Ok(WalletWriteResult { + info: wallet_to_info(&wallet), + wallet, + }) +} + +fn sign_transaction_impl( + wallet_name_or_id: &str, + chain: &str, + tx_hex: &str, + credential: &str, + index: u32, + now_iso: &str, + wallets_json: &str, + keys_json: &str, + policies_json: &str, +) -> WebResult { + let wallets = parse_wallets(wallets_json)?; + let chain = parse_chain(chain)?; + let tx_hex_clean = tx_hex.strip_prefix("0x").unwrap_or(tx_hex); + let tx_bytes = hex::decode(tx_hex_clean) + .map_err(|e| invalid_input(format!("invalid hex transaction: {e}")))?; + + let key = if credential.starts_with(TOKEN_PREFIX) { + let keys = parse_keys(keys_json)?; + let policies = parse_policies(policies_json)?; + enforce_policy_and_decrypt_key( + credential, + wallet_name_or_id, + &chain, + hex::encode(&tx_bytes), + index, + now_iso, + &wallets, + &keys, + &policies, + )? + } else { + let wallet = find_wallet(&wallets, wallet_name_or_id)?; + decrypt_signing_key(wallet, chain.chain_type, credential, index)? + }; + + let signer = signer_for_chain(chain.chain_type); + let signable = signer.extract_signable_bytes(&tx_bytes)?; + let output = signer.sign_transaction(key.expose(), signable)?; + + Ok(SignResult { + recovery_id: output.recovery_id, + signature: hex::encode(output.signature), + }) +} + +fn sign_hash_impl( + wallet_name_or_id: &str, + chain: &str, + hash_hex: &str, + credential: &str, + index: u32, + now_iso: &str, + wallets_json: &str, + keys_json: &str, + policies_json: &str, +) -> WebResult { + let wallets = parse_wallets(wallets_json)?; + let chain = parse_chain(chain)?; + let signer = signer_for_chain(chain.chain_type); + if signer.curve() != Curve::Secp256k1 { + return Err(invalid_input( + "raw hash signing is only supported for secp256k1-backed chains", + )); + } + + let hash_hex_clean = hash_hex.strip_prefix("0x").unwrap_or(hash_hex); + let hash = + hex::decode(hash_hex_clean).map_err(|e| invalid_input(format!("invalid hex hash: {e}")))?; + if hash.len() != 32 { + return Err(invalid_input(format!( + "raw hash signing requires exactly 32 bytes, got {}", + hash.len() + ))); + } + + let key = if credential.starts_with(TOKEN_PREFIX) { + let keys = parse_keys(keys_json)?; + let policies = parse_policies(policies_json)?; + enforce_policy_and_decrypt_key( + credential, + wallet_name_or_id, + &chain, + hex::encode(&hash), + index, + now_iso, + &wallets, + &keys, + &policies, + )? + } else { + let wallet = find_wallet(&wallets, wallet_name_or_id)?; + decrypt_signing_key(wallet, chain.chain_type, credential, index)? + }; + + let output = signer.sign(key.expose(), &hash)?; + Ok(SignResult { + recovery_id: output.recovery_id, + signature: hex::encode(output.signature), + }) +} + +fn sign_authorization_impl( + wallet_name_or_id: &str, + chain: &str, + address: &str, + nonce: &str, + credential: &str, + index: u32, + now_iso: &str, + wallets_json: &str, + keys_json: &str, + policies_json: &str, +) -> WebResult { + let chain_info = parse_chain(chain)?; + if chain_info.chain_type != ChainType::Evm { + return Err(invalid_input( + "EIP-7702 authorization signing is only supported for EVM chains", + )); + } + + let evm_signer = ows_signer::chains::EvmSigner; + let chain_id = chain_info.evm_chain_reference().map_err(invalid_input)?; + let payload = evm_signer.authorization_payload(chain_id, address, nonce)?; + let hash = evm_signer.authorization_hash(chain_id, address, nonce)?; + sign_hash_with_policy_bytes_impl( + wallet_name_or_id, + &chain_info, + &payload, + &hash, + credential, + index, + now_iso, + wallets_json, + keys_json, + policies_json, + ) +} + +#[allow(clippy::too_many_arguments)] +fn sign_hash_with_policy_bytes_impl( + wallet_name_or_id: &str, + chain: &Chain, + policy_bytes: &[u8], + hash: &[u8], + credential: &str, + index: u32, + now_iso: &str, + wallets_json: &str, + keys_json: &str, + policies_json: &str, +) -> WebResult { + let wallets = parse_wallets(wallets_json)?; + let signer = signer_for_chain(chain.chain_type); + + let key = if credential.starts_with(TOKEN_PREFIX) { + let keys = parse_keys(keys_json)?; + let policies = parse_policies(policies_json)?; + enforce_policy_and_decrypt_key( + credential, + wallet_name_or_id, + chain, + hex::encode(policy_bytes), + index, + now_iso, + &wallets, + &keys, + &policies, + )? + } else { + let wallet = find_wallet(&wallets, wallet_name_or_id)?; + decrypt_signing_key(wallet, chain.chain_type, credential, index)? + }; + + let output = signer.sign(key.expose(), hash)?; + Ok(SignResult { + recovery_id: output.recovery_id, + signature: hex::encode(output.signature), + }) +} + +fn sign_message_impl( + wallet_name_or_id: &str, + chain: &str, + message: &str, + credential: &str, + encoding: &str, + index: u32, + now_iso: &str, + wallets_json: &str, + keys_json: &str, + policies_json: &str, +) -> WebResult { + let wallets = parse_wallets(wallets_json)?; + let chain = parse_chain(chain)?; + let msg_bytes = match encoding { + "hex" => { + hex::decode(message).map_err(|e| invalid_input(format!("invalid hex message: {e}")))? + } + "utf8" => message.as_bytes().to_vec(), + _ => { + return Err(invalid_input(format!( + "unsupported encoding: {encoding} (use 'utf8' or 'hex')" + ))) + } + }; + + let key = if credential.starts_with(TOKEN_PREFIX) { + let keys = parse_keys(keys_json)?; + let policies = parse_policies(policies_json)?; + enforce_policy_and_decrypt_key( + credential, + wallet_name_or_id, + &chain, + hex::encode(&msg_bytes), + index, + now_iso, + &wallets, + &keys, + &policies, + )? + } else { + let wallet = find_wallet(&wallets, wallet_name_or_id)?; + decrypt_signing_key(wallet, chain.chain_type, credential, index)? + }; + + let signer = signer_for_chain(chain.chain_type); + let output = signer.sign_message(key.expose(), &msg_bytes)?; + Ok(SignResult { + recovery_id: output.recovery_id, + signature: hex::encode(output.signature), + }) +} + +fn sign_typed_data_impl( + wallet_name_or_id: &str, + chain: &str, + typed_data_json: &str, + credential: &str, + index: u32, + now_iso: &str, + wallets_json: &str, + keys_json: &str, + policies_json: &str, +) -> WebResult { + let wallets = parse_wallets(wallets_json)?; + let chain = parse_chain(chain)?; + if chain.chain_type != ChainType::Evm { + return Err(invalid_input( + "EIP-712 typed data signing is only supported for EVM chains", + )); + } + + let parsed = eip712::parse_typed_data(typed_data_json)?; + if let Some(domain_chain_id) = parsed.domain.get("chainId").and_then(parse_domain_chain_id) { + let expected_chain_id = chain.evm_chain_id_u64().map_err(invalid_input)?; + if expected_chain_id != domain_chain_id { + return Err(invalid_input(format!( + "EIP-712 domain chainId ({domain_chain_id}) does not match requested chain ({})", + chain.chain_id + ))); + } + } + + let key = if credential.starts_with(TOKEN_PREFIX) { + let keys = parse_keys(keys_json)?; + let policies = parse_policies(policies_json)?; + let key_file = find_api_key_by_token(&keys, credential)?; + check_expiry(key_file, now_iso)?; + let wallet = find_wallet(&wallets, wallet_name_or_id)?; + if !key_file.wallet_ids.contains(&wallet.id) { + return Err(invalid_input(format!( + "API key '{}' does not have access to wallet '{}'", + key_file.name, wallet.id + ))); + } + + let typed_data = ows_core::policy::TypedDataContext { + domain_chain_id: parsed.domain.get("chainId").and_then(parse_domain_chain_id), + domain_name: parsed + .domain + .get("name") + .and_then(|value| value.as_str()) + .map(String::from), + domain_version: parsed + .domain + .get("version") + .and_then(|value| value.as_str()) + .map(String::from), + primary_type: parsed.primary_type.clone(), + raw_json: typed_data_json.to_string(), + verifying_contract: parsed + .domain + .get("verifyingContract") + .and_then(|value| value.as_str()) + .map(String::from), + }; + + let attached_policies = load_policies_for_key(key_file, &policies)?; + let context = ows_core::PolicyContext { + api_key_id: key_file.id.clone(), + chain_id: chain.chain_id.to_string(), + spending: ows_core::policy::SpendingContext { + daily_total: "0".to_string(), + date: date_from_timestamp(now_iso), + }, + timestamp: now_iso.to_string(), + transaction: ows_core::policy::TransactionContext { + data: None, + raw_hex: String::new(), + to: None, + value: None, + }, + typed_data: Some(typed_data), + wallet_id: wallet.id.clone(), + }; + + let result = evaluate_policies(&attached_policies, &context); + if !result.allow { + return Err(policy_denied(result)); + } + + decrypt_key_from_api_key(key_file, wallet, credential, chain.chain_type, index)? + } else { + let wallet = find_wallet(&wallets, wallet_name_or_id)?; + decrypt_signing_key(wallet, chain.chain_type, credential, index)? + }; + + let evm_signer = ows_signer::chains::EvmSigner; + let output = evm_signer.sign_typed_data(key.expose(), typed_data_json)?; + Ok(SignResult { + recovery_id: output.recovery_id, + signature: hex::encode(output.signature), + }) +} + +#[wasm_bindgen(js_name = createApiKey)] +pub fn create_api_key( + name: &str, + wallet_ids_json: &str, + policy_ids_json: &str, + passphrase: &str, + expires_at: &str, + token: &str, + key_id: &str, + created_at: &str, + wallets_json: &str, + policies_json: &str, +) -> Result { + json_result((|| { + let wallet_refs: Vec = parse_json(wallet_ids_json, "wallet IDs")?; + let policy_ids: Vec = parse_json(policy_ids_json, "policy IDs")?; + let wallets = parse_wallets(wallets_json)?; + let policies = parse_policies(policies_json)?; + let mut resolved_wallet_ids = Vec::with_capacity(wallet_refs.len()); + let mut wallet_secrets = HashMap::new(); + + for wallet_ref in wallet_refs { + let wallet = find_wallet(&wallets, &wallet_ref)?; + let envelope: CryptoEnvelope = serde_json::from_value(wallet.crypto.clone())?; + let secret = decrypt(&envelope, passphrase).map_err(crypto_error)?; + let hkdf_envelope = encrypt_with_hkdf(secret.expose(), token).map_err(crypto_error)?; + wallet_secrets.insert(wallet.id.clone(), serde_json::to_value(&hkdf_envelope)?); + resolved_wallet_ids.push(wallet.id.clone()); + } + + for policy_id in &policy_ids { + let policy = find_policy(&policies, policy_id)?; + reject_executable_policy(policy)?; + } + + let key = ApiKeyFile { + created_at: created_at.to_string(), + expires_at: (!expires_at.is_empty()).then(|| expires_at.to_string()), + id: key_id.to_string(), + name: name.to_string(), + policy_ids, + token_hash: hash_token(token), + wallet_ids: resolved_wallet_ids, + wallet_secrets, + }; + + Ok(ApiKeyResult { + id: key.id.clone(), + key, + name: name.to_string(), + token: token.to_string(), + }) + })()) +} + +#[wasm_bindgen(js_name = createPolicy)] +pub fn create_policy(policy_json: &str) -> Result { + json_result((|| { + let policy: Policy = parse_json(policy_json, "policy")?; + reject_executable_policy(&policy)?; + Ok(policy) + })()) +} + +#[wasm_bindgen(js_name = createWallet)] +pub fn create_wallet( + name: &str, + passphrase: &str, + words: u32, + wallets_json: &str, + wallet_id: &str, + created_at: &str, +) -> Result { + json_result(create_wallet_impl( + name, + passphrase, + words, + wallets_json, + wallet_id, + created_at, + )) +} + +#[wasm_bindgen(js_name = deletePolicy)] +pub fn delete_policy(id: &str, policies_json: &str) -> Result { + json_result((|| { + let policies = parse_policies(policies_json)?; + find_policy(&policies, id)?; + Ok(DeleteResult { id: id.to_string() }) + })()) +} + +#[wasm_bindgen(js_name = deleteWallet)] +pub fn delete_wallet(name_or_id: &str, wallets_json: &str) -> Result { + json_result((|| { + let wallets = parse_wallets(wallets_json)?; + let wallet = find_wallet(&wallets, name_or_id)?; + Ok(DeleteResult { + id: wallet.id.clone(), + }) + })()) +} + +#[wasm_bindgen(js_name = deriveAddress)] +pub fn derive_address(mnemonic_phrase: &str, chain: &str, index: u32) -> Result { + string_result((|| { + let chain = parse_chain(chain)?; + let mnemonic = Mnemonic::from_phrase(mnemonic_phrase)?; + let signer = signer_for_chain(chain.chain_type); + let path = signer.default_derivation_path(index); + let key = HdDeriver::derive_from_mnemonic(&mnemonic, "", &path, signer.curve())?; + Ok(signer.derive_address(key.expose())?) + })()) +} + +#[wasm_bindgen(js_name = exportWallet)] +pub fn export_wallet( + name_or_id: &str, + passphrase: &str, + wallets_json: &str, +) -> Result { + string_result((|| { + let wallets = parse_wallets(wallets_json)?; + let wallet = find_wallet(&wallets, name_or_id)?; + let envelope: CryptoEnvelope = serde_json::from_value(wallet.crypto.clone())?; + let secret = decrypt(&envelope, passphrase).map_err(crypto_error)?; + String::from_utf8(secret.expose().to_vec()) + .map_err(|_| invalid_input("wallet contains invalid secret data")) + })()) +} + +#[wasm_bindgen(js_name = generateMnemonic)] +pub fn generate_mnemonic(words: u32) -> Result { + string_result((|| { + let strength = match words { + 12 => MnemonicStrength::Words12, + 24 => MnemonicStrength::Words24, + _ => return Err(invalid_input("words must be 12 or 24")), + }; + let mnemonic = Mnemonic::generate(strength)?; + String::from_utf8(mnemonic.phrase().expose().to_vec()) + .map_err(|e| invalid_input(format!("invalid UTF-8 in mnemonic: {e}"))) + })()) +} + +#[wasm_bindgen(js_name = getPolicy)] +pub fn get_policy(id: &str, policies_json: &str) -> Result { + json_result((|| { + let policies = parse_policies(policies_json)?; + let policy = find_policy(&policies, id)?; + Ok(policy.clone()) + })()) +} + +#[wasm_bindgen(js_name = getWallet)] +pub fn get_wallet(name_or_id: &str, wallets_json: &str) -> Result { + json_result((|| { + let wallets = parse_wallets(wallets_json)?; + let wallet = find_wallet(&wallets, name_or_id)?; + Ok(wallet_to_info(wallet)) + })()) +} + +#[wasm_bindgen(js_name = importWalletMnemonic)] +pub fn import_wallet_mnemonic( + name: &str, + mnemonic_phrase: &str, + passphrase: &str, + index: u32, + wallets_json: &str, + wallet_id: &str, + created_at: &str, +) -> Result { + json_result(import_wallet_mnemonic_impl( + name, + mnemonic_phrase, + passphrase, + index, + wallets_json, + wallet_id, + created_at, + )) +} + +#[wasm_bindgen(js_name = importWalletPrivateKey)] +pub fn import_wallet_private_key( + name: &str, + private_key_hex: &str, + passphrase: &str, + chain: &str, + secp256k1_key_hex: &str, + ed25519_key_hex: &str, + wallets_json: &str, + wallet_id: &str, + created_at: &str, +) -> Result { + json_result(import_wallet_private_key_impl( + name, + private_key_hex, + passphrase, + chain, + secp256k1_key_hex, + ed25519_key_hex, + wallets_json, + wallet_id, + created_at, + )) +} + +#[wasm_bindgen(js_name = listApiKeys)] +pub fn list_api_keys(keys_json: &str) -> Result { + json_result((|| { + let mut keys = parse_keys(keys_json)?; + keys.sort_by(|a, b| b.created_at.cmp(&a.created_at)); + Ok(keys.iter().map(public_api_key).collect::>()) + })()) +} + +#[wasm_bindgen(js_name = listPolicies)] +pub fn list_policies(policies_json: &str) -> Result { + json_result((|| { + let mut policies = parse_policies(policies_json)?; + policies.sort_by(|a, b| a.name.cmp(&b.name)); + Ok(policies) + })()) +} + +#[wasm_bindgen(js_name = listWallets)] +pub fn list_wallets(wallets_json: &str) -> Result { + json_result((|| { + let mut wallets = parse_wallets(wallets_json)?; + wallets.sort_by(|a, b| b.created_at.cmp(&a.created_at)); + Ok(wallets.iter().map(wallet_to_info).collect::>()) + })()) +} + +#[wasm_bindgen(js_name = renameWallet)] +pub fn rename_wallet( + name_or_id: &str, + new_name: &str, + wallets_json: &str, +) -> Result { + json_result((|| { + let mut wallets = parse_wallets(wallets_json)?; + let index = find_wallet_index(&wallets, name_or_id)?; + if wallets[index].name != new_name { + ensure_wallet_name_available(&wallets, new_name)?; + wallets[index].name = new_name.to_string(); + } + Ok(WalletWriteResult { + info: wallet_to_info(&wallets[index]), + wallet: wallets[index].clone(), + }) + })()) +} + +#[wasm_bindgen(js_name = revokeApiKey)] +pub fn revoke_api_key(id: &str, keys_json: &str) -> Result { + json_result((|| { + let keys = parse_keys(keys_json)?; + if !keys.iter().any(|key| key.id == id) { + return Err(WebError::new("API_KEY_NOT_FOUND", "API key not found")); + } + Ok(DeleteResult { id: id.to_string() }) + })()) +} + +#[wasm_bindgen(js_name = signAuthorization)] +pub fn sign_authorization( + wallet_name_or_id: &str, + chain: &str, + address: &str, + nonce: &str, + credential: &str, + index: u32, + now_iso: &str, + wallets_json: &str, + keys_json: &str, + policies_json: &str, +) -> Result { + json_result(sign_authorization_impl( + wallet_name_or_id, + chain, + address, + nonce, + credential, + index, + now_iso, + wallets_json, + keys_json, + policies_json, + )) +} + +#[wasm_bindgen(js_name = signHash)] +pub fn sign_hash( + wallet_name_or_id: &str, + chain: &str, + hash_hex: &str, + credential: &str, + index: u32, + now_iso: &str, + wallets_json: &str, + keys_json: &str, + policies_json: &str, +) -> Result { + json_result(sign_hash_impl( + wallet_name_or_id, + chain, + hash_hex, + credential, + index, + now_iso, + wallets_json, + keys_json, + policies_json, + )) +} + +#[wasm_bindgen(js_name = signMessage)] +pub fn sign_message( + wallet_name_or_id: &str, + chain: &str, + message: &str, + credential: &str, + encoding: &str, + index: u32, + now_iso: &str, + wallets_json: &str, + keys_json: &str, + policies_json: &str, +) -> Result { + json_result(sign_message_impl( + wallet_name_or_id, + chain, + message, + credential, + encoding, + index, + now_iso, + wallets_json, + keys_json, + policies_json, + )) +} + +#[wasm_bindgen(js_name = signTransaction)] +pub fn sign_transaction( + wallet_name_or_id: &str, + chain: &str, + tx_hex: &str, + credential: &str, + index: u32, + now_iso: &str, + wallets_json: &str, + keys_json: &str, + policies_json: &str, +) -> Result { + json_result(sign_transaction_impl( + wallet_name_or_id, + chain, + tx_hex, + credential, + index, + now_iso, + wallets_json, + keys_json, + policies_json, + )) +} + +#[wasm_bindgen(js_name = signTypedData)] +pub fn sign_typed_data( + wallet_name_or_id: &str, + chain: &str, + typed_data_json: &str, + credential: &str, + index: u32, + now_iso: &str, + wallets_json: &str, + keys_json: &str, + policies_json: &str, +) -> Result { + json_result(sign_typed_data_impl( + wallet_name_or_id, + chain, + typed_data_json, + credential, + index, + now_iso, + wallets_json, + keys_json, + policies_json, + )) +} diff --git a/bindings/web/src/stores/indexeddb.js b/bindings/web/src/stores/indexeddb.js new file mode 100644 index 00000000..859358df --- /dev/null +++ b/bindings/web/src/stores/indexeddb.js @@ -0,0 +1,110 @@ +const COLLECTIONS = new Set(["keys", "policies", "wallets"]); +const STORE = "artifacts"; + +function assertCollection(kind) { + if (!COLLECTIONS.has(kind)) { + throw new Error(`unknown OWS collection: ${kind}`); + } +} + +function keyFor(kind, id) { + return `${kind}:${id}`; +} + +function requestToPromise(request) { + return new Promise((resolve, reject) => { + request.onerror = () => reject(request.error); + request.onsuccess = () => resolve(request.result); + }); +} + +export class IndexedDbOwsStore { + constructor({ name = "ows-web-vault", version = 1 } = {}) { + this.name = name; + this.version = version; + this.dbPromise = null; + } + + async #db() { + if (this.dbPromise) { + return this.dbPromise; + } + if (!globalThis.indexedDB) { + throw new Error("IndexedDB is not available in this environment"); + } + + this.dbPromise = new Promise((resolve, reject) => { + const request = globalThis.indexedDB.open(this.name, this.version); + request.onerror = () => reject(request.error); + request.onupgradeneeded = () => { + const db = request.result; + if (!db.objectStoreNames.contains(STORE)) { + const store = db.createObjectStore(STORE, { keyPath: "key" }); + store.createIndex("kind", "kind", { unique: false }); + } + }; + request.onsuccess = () => resolve(request.result); + }); + + return this.dbPromise; + } + + async #objectStore(mode) { + const db = await this.#db(); + return db.transaction(STORE, mode).objectStore(STORE); + } + + async ensureCollection(kind) { + assertCollection(kind); + await this.#db(); + } + + async list(kind) { + await this.ensureCollection(kind); + const store = await this.#objectStore("readonly"); + const index = store.index("kind"); + const ids = []; + + await new Promise((resolve, reject) => { + const request = index.openCursor(globalThis.IDBKeyRange.only(kind)); + request.onerror = () => reject(request.error); + request.onsuccess = () => { + const cursor = request.result; + if (!cursor) { + resolve(); + return; + } + ids.push(cursor.value.id); + cursor.continue(); + }; + }); + + return ids.sort(); + } + + async read(kind, id) { + await this.ensureCollection(kind); + const store = await this.#objectStore("readonly"); + const record = await requestToPromise(store.get(keyFor(kind, id))); + return record?.json ?? null; + } + + async remove(kind, id) { + await this.ensureCollection(kind); + const store = await this.#objectStore("readwrite"); + await requestToPromise(store.delete(keyFor(kind, id))); + } + + async write(kind, id, json) { + await this.ensureCollection(kind); + const store = await this.#objectStore("readwrite"); + await requestToPromise( + store.put({ + id, + json, + key: keyFor(kind, id), + kind, + }), + ); + } +} diff --git a/bindings/web/src/stores/lightning-fs.js b/bindings/web/src/stores/lightning-fs.js new file mode 100644 index 00000000..6a5ed150 --- /dev/null +++ b/bindings/web/src/stores/lightning-fs.js @@ -0,0 +1,101 @@ +const COLLECTIONS = new Set(["keys", "policies", "wallets"]); + +function assertCollection(kind) { + if (!COLLECTIONS.has(kind)) { + throw new Error(`unknown OWS collection: ${kind}`); + } +} + +function fileName(id) { + return `${id}.json`; +} + +function isMissing(error) { + return error?.code === "ENOENT" || error?.message?.includes("ENOENT"); +} + +function trimSlashes(path) { + return path.replace(/^\/+|\/+$/g, ""); +} + +export class LightningFsOwsStore { + constructor(fs, { root = "/ows" } = {}) { + if (!fs) { + throw new Error("LightningFsOwsStore requires a filesystem instance"); + } + this.fs = fs.promises ?? fs; + this.root = `/${trimSlashes(root)}`; + } + + async #mkdirp(path) { + const parts = trimSlashes(path).split("/"); + let current = ""; + for (const part of parts) { + current = `${current}/${part}`; + try { + await this.fs.mkdir(current); + } catch (error) { + if (!isMissing(error) && error?.code !== "EEXIST") { + throw error; + } + } + } + } + + #dir(kind) { + return `${this.root}/${kind}`; + } + + #path(kind, id) { + return `${this.#dir(kind)}/${fileName(id)}`; + } + + async ensureCollection(kind) { + assertCollection(kind); + await this.#mkdirp(this.#dir(kind)); + } + + async list(kind) { + await this.ensureCollection(kind); + try { + const entries = await this.fs.readdir(this.#dir(kind)); + return entries + .filter((entry) => entry.endsWith(".json")) + .map((entry) => entry.slice(0, -".json".length)) + .sort(); + } catch (error) { + if (isMissing(error)) { + return []; + } + throw error; + } + } + + async read(kind, id) { + await this.ensureCollection(kind); + try { + return await this.fs.readFile(this.#path(kind, id), "utf8"); + } catch (error) { + if (isMissing(error)) { + return null; + } + throw error; + } + } + + async remove(kind, id) { + await this.ensureCollection(kind); + try { + await this.fs.unlink(this.#path(kind, id)); + } catch (error) { + if (!isMissing(error)) { + throw error; + } + } + } + + async write(kind, id, json) { + await this.ensureCollection(kind); + await this.fs.writeFile(this.#path(kind, id), json, "utf8"); + } +} diff --git a/bindings/web/src/stores/memory.js b/bindings/web/src/stores/memory.js new file mode 100644 index 00000000..25ca9b77 --- /dev/null +++ b/bindings/web/src/stores/memory.js @@ -0,0 +1,38 @@ +const COLLECTIONS = new Set(["keys", "policies", "wallets"]); + +function assertCollection(kind) { + if (!COLLECTIONS.has(kind)) { + throw new Error(`unknown OWS collection: ${kind}`); + } +} + +export class MemoryOwsStore { + #collections = new Map(); + + async ensureCollection(kind) { + assertCollection(kind); + if (!this.#collections.has(kind)) { + this.#collections.set(kind, new Map()); + } + } + + async list(kind) { + await this.ensureCollection(kind); + return [...this.#collections.get(kind).keys()].sort(); + } + + async read(kind, id) { + await this.ensureCollection(kind); + return this.#collections.get(kind).get(id) ?? null; + } + + async remove(kind, id) { + await this.ensureCollection(kind); + this.#collections.get(kind).delete(id); + } + + async write(kind, id, json) { + await this.ensureCollection(kind); + this.#collections.get(kind).set(id, json); + } +} diff --git a/docs/sdk-web.md b/docs/sdk-web.md new file mode 100644 index 00000000..e8b5795f --- /dev/null +++ b/docs/sdk-web.md @@ -0,0 +1,67 @@ +# Browser WASM SDK + +> Browser package for local OWS wallet storage, signing, and declarative policy enforcement. + +This document is non-normative reference implementation documentation. Package names and function signatures here do not define the OWS standard. + +## Install + +```bash +npm install @open-wallet-standard/web +``` + +## Quick Start + +```javascript +import { createOwsWeb, IndexedDbOwsStore } from "@open-wallet-standard/web"; + +const ows = await createOwsWeb({ + store: new IndexedDbOwsStore(), +}); + +const wallet = await ows.createWallet("agent-treasury"); +const sig = await ows.signMessage(wallet.id, "evm", "hello"); + +console.log(sig.signature); +``` + +## Storage + +The browser SDK stores the same wallet, API-key, and policy JSON artifacts as the native SDK. Instead of taking a `vaultPath`, it takes an async store: + +```typescript +interface OwsWebStore { + ensureCollection(kind: "keys" | "policies" | "wallets"): Promise; + list(kind: "keys" | "policies" | "wallets"): Promise; + read(kind: "keys" | "policies" | "wallets", id: string): Promise; + remove(kind: "keys" | "policies" | "wallets", id: string): Promise; + write(kind: "keys" | "policies" | "wallets", id: string, json: string): Promise; +} +``` + +Included adapters: + +- `IndexedDbOwsStore` +- `LightningFsOwsStore` +- `MemoryOwsStore` + +## Browser Profile + +The browser SDK targets `Storage + Signing + Policy (declarative)`. + +Supported operations: + +- API key creation, listing, and revocation +- Mnemonic generation and address derivation +- Policy creation, listing, lookup, and deletion for declarative policies +- Wallet creation, import, export, lookup, listing, rename, and deletion +- `signAuthorization`, `signHash`, `signMessage`, `signTransaction`, and `signTypedData` + +Unavailable host-only operations: + +- CLI vault migration +- `signAndSend` +- executable policies +- filesystem permission checks +- local audit log appenders +- OS process and memory hardening diff --git a/ows/README.md b/ows/README.md index cfa82041..17fe9b83 100644 --- a/ows/README.md +++ b/ows/README.md @@ -52,6 +52,7 @@ The bindings are **standalone** — they embed the Rust core via native FFI. No | Node.js | [`@open-wallet-standard/core`](https://www.npmjs.com/package/@open-wallet-standard/core) | `npm install @open-wallet-standard/core` | | Node.js adapters (viem, Solana, WDK) | [`@open-wallet-standard/adapters`](https://www.npmjs.com/package/@open-wallet-standard/adapters) | `npm install @open-wallet-standard/adapters` | | Python | [`open-wallet-standard`](https://pypi.org/project/open-wallet-standard/) | `pip install open-wallet-standard` | +| Browser | [`@open-wallet-standard/web`](https://www.npmjs.com/package/@open-wallet-standard/web) | `npm install @open-wallet-standard/web` | ```javascript import { createWallet, signMessage } from "@open-wallet-standard/core"; diff --git a/ows/crates/ows-cli/README.md b/ows/crates/ows-cli/README.md index cfa82041..17fe9b83 100644 --- a/ows/crates/ows-cli/README.md +++ b/ows/crates/ows-cli/README.md @@ -52,6 +52,7 @@ The bindings are **standalone** — they embed the Rust core via native FFI. No | Node.js | [`@open-wallet-standard/core`](https://www.npmjs.com/package/@open-wallet-standard/core) | `npm install @open-wallet-standard/core` | | Node.js adapters (viem, Solana, WDK) | [`@open-wallet-standard/adapters`](https://www.npmjs.com/package/@open-wallet-standard/adapters) | `npm install @open-wallet-standard/adapters` | | Python | [`open-wallet-standard`](https://pypi.org/project/open-wallet-standard/) | `pip install open-wallet-standard` | +| Browser | [`@open-wallet-standard/web`](https://www.npmjs.com/package/@open-wallet-standard/web) | `npm install @open-wallet-standard/web` | ```javascript import { createWallet, signMessage } from "@open-wallet-standard/core"; diff --git a/ows/crates/ows-core/README.md b/ows/crates/ows-core/README.md index cfa82041..17fe9b83 100644 --- a/ows/crates/ows-core/README.md +++ b/ows/crates/ows-core/README.md @@ -52,6 +52,7 @@ The bindings are **standalone** — they embed the Rust core via native FFI. No | Node.js | [`@open-wallet-standard/core`](https://www.npmjs.com/package/@open-wallet-standard/core) | `npm install @open-wallet-standard/core` | | Node.js adapters (viem, Solana, WDK) | [`@open-wallet-standard/adapters`](https://www.npmjs.com/package/@open-wallet-standard/adapters) | `npm install @open-wallet-standard/adapters` | | Python | [`open-wallet-standard`](https://pypi.org/project/open-wallet-standard/) | `pip install open-wallet-standard` | +| Browser | [`@open-wallet-standard/web`](https://www.npmjs.com/package/@open-wallet-standard/web) | `npm install @open-wallet-standard/web` | ```javascript import { createWallet, signMessage } from "@open-wallet-standard/core"; diff --git a/ows/crates/ows-lib/README.md b/ows/crates/ows-lib/README.md index cfa82041..17fe9b83 100644 --- a/ows/crates/ows-lib/README.md +++ b/ows/crates/ows-lib/README.md @@ -52,6 +52,7 @@ The bindings are **standalone** — they embed the Rust core via native FFI. No | Node.js | [`@open-wallet-standard/core`](https://www.npmjs.com/package/@open-wallet-standard/core) | `npm install @open-wallet-standard/core` | | Node.js adapters (viem, Solana, WDK) | [`@open-wallet-standard/adapters`](https://www.npmjs.com/package/@open-wallet-standard/adapters) | `npm install @open-wallet-standard/adapters` | | Python | [`open-wallet-standard`](https://pypi.org/project/open-wallet-standard/) | `pip install open-wallet-standard` | +| Browser | [`@open-wallet-standard/web`](https://www.npmjs.com/package/@open-wallet-standard/web) | `npm install @open-wallet-standard/web` | ```javascript import { createWallet, signMessage } from "@open-wallet-standard/core"; diff --git a/ows/crates/ows-signer/Cargo.toml b/ows/crates/ows-signer/Cargo.toml index 82187d93..c786f423 100644 --- a/ows/crates/ows-signer/Cargo.toml +++ b/ows/crates/ows-signer/Cargo.toml @@ -13,7 +13,6 @@ fast-kdf = [] [dependencies] ows-core = { path = "../ows-core", version = "=1.3.2" } -xrpl-rust = { version = "1.1.0", default-features = false, features = ["core"] } k256 = { version = "0.13", features = ["ecdsa", "arithmetic"] } ed25519-dalek = { version = "2", features = ["hazmat"] } coins-bip32 = "0.11" @@ -36,6 +35,9 @@ aes-gcm = "0.10" scrypt = "0.11" blake2 = "0.10" digest = "0.10" + +[target.'cfg(not(target_arch = "wasm32"))'.dependencies] +xrpl-rust = { version = "1.1.0", default-features = false, features = ["core"] } libc = "0.2" signal-hook = "0.4" diff --git a/ows/crates/ows-signer/README.md b/ows/crates/ows-signer/README.md index cfa82041..17fe9b83 100644 --- a/ows/crates/ows-signer/README.md +++ b/ows/crates/ows-signer/README.md @@ -52,6 +52,7 @@ The bindings are **standalone** — they embed the Rust core via native FFI. No | Node.js | [`@open-wallet-standard/core`](https://www.npmjs.com/package/@open-wallet-standard/core) | `npm install @open-wallet-standard/core` | | Node.js adapters (viem, Solana, WDK) | [`@open-wallet-standard/adapters`](https://www.npmjs.com/package/@open-wallet-standard/adapters) | `npm install @open-wallet-standard/adapters` | | Python | [`open-wallet-standard`](https://pypi.org/project/open-wallet-standard/) | `pip install open-wallet-standard` | +| Browser | [`@open-wallet-standard/web`](https://www.npmjs.com/package/@open-wallet-standard/web) | `npm install @open-wallet-standard/web` | ```javascript import { createWallet, signMessage } from "@open-wallet-standard/core"; diff --git a/ows/crates/ows-signer/src/chains/xrpl.rs b/ows/crates/ows-signer/src/chains/xrpl.rs index bf10cf6e..20ed9d76 100644 --- a/ows/crates/ows-signer/src/chains/xrpl.rs +++ b/ows/crates/ows-signer/src/chains/xrpl.rs @@ -4,7 +4,13 @@ use k256::ecdsa::signature::hazmat::PrehashSigner; use k256::ecdsa::SigningKey; use k256::PublicKey; use ows_core::ChainType; +#[cfg(target_arch = "wasm32")] +use ripemd::Ripemd160; +#[cfg(target_arch = "wasm32")] +use sha2::{Digest, Sha256}; +#[cfg(not(target_arch = "wasm32"))] use xrpl::core::binarycodec::{decode as xrpl_decode, encode as xrpl_encode}; +#[cfg(not(target_arch = "wasm32"))] use xrpl::core::keypairs::{ derive_classic_address, CryptoImplementation, Secp256k1 as XrplSecp256k1, }; @@ -40,15 +46,24 @@ impl ChainSigner for XrplSigner { /// Algorithm: compressed pubkey → SHA256 → RIPEMD160 → base58check /// with version byte `0x00` using the XRP Ledger dictionary. /// - /// Delegates to `xrpl::core::keypairs::derive_classic_address`. + /// Delegates to `xrpl::core::keypairs::derive_classic_address` on native + /// targets and uses the equivalent local implementation on wasm. fn derive_address(&self, private_key: &[u8]) -> Result { let signing_key = SigningKey::from_slice(private_key) .map_err(|e| SignerError::InvalidPrivateKey(e.to_string()))?; let pubkey_bytes = PublicKey::from(signing_key.verifying_key()).to_sec1_bytes(); - derive_classic_address(&hex::encode_upper(&pubkey_bytes)) - .map_err(|e| SignerError::InvalidPrivateKey(e.to_string())) + #[cfg(not(target_arch = "wasm32"))] + { + derive_classic_address(&hex::encode_upper(&pubkey_bytes)) + .map_err(|e| SignerError::InvalidPrivateKey(e.to_string())) + } + + #[cfg(target_arch = "wasm32")] + { + classic_address(&pubkey_bytes) + } } /// Sign a pre-hashed 32-byte message with secp256k1 (DER output). @@ -93,28 +108,37 @@ impl ChainSigner for XrplSigner { )); } - // Validate private key before signing. - SigningKey::from_slice(private_key) - .map_err(|e| SignerError::InvalidPrivateKey(e.to_string()))?; - // STX\0 (0x53545800) is the XRPL single-signing hash prefix. It is prepended // to the serialized fields before SHA512-half, matching the XRPL signing spec. let mut prefixed = Vec::with_capacity(4 + tx_bytes.len()); prefixed.extend_from_slice(&[0x53, 0x54, 0x58, 0x00]); prefixed.extend_from_slice(tx_bytes); - // xrpl-rust's Secp256k1::sign hashes with SHA512-half internally. - // The key format expected is "00"-prefixed uppercase hex (secp256k1 convention). - let privkey_hex = format!("00{}", hex::encode_upper(private_key)); - let sig_bytes = XrplSecp256k1 - .sign(&prefixed, &privkey_hex) - .map_err(|e| SignerError::SigningFailed(e.to_string()))?; + #[cfg(not(target_arch = "wasm32"))] + { + // Validate private key before signing. + SigningKey::from_slice(private_key) + .map_err(|e| SignerError::InvalidPrivateKey(e.to_string()))?; + + // xrpl-rust's Secp256k1::sign hashes with SHA512-half internally. + // The key format expected is "00"-prefixed uppercase hex (secp256k1 convention). + let privkey_hex = format!("00{}", hex::encode_upper(private_key)); + let sig_bytes = XrplSecp256k1 + .sign(&prefixed, &privkey_hex) + .map_err(|e| SignerError::SigningFailed(e.to_string()))?; + + Ok(SignOutput { + signature: sig_bytes, + recovery_id: None, + public_key: None, + }) + } - Ok(SignOutput { - signature: sig_bytes, - recovery_id: None, - public_key: None, - }) + #[cfg(target_arch = "wasm32")] + { + let digest = sha512_half(&prefixed); + self.sign(private_key, &digest) + } } /// Encode a fully-signed XRPL transaction ready for broadcast. @@ -132,19 +156,33 @@ impl ChainSigner for XrplSigner { tx_bytes: &[u8], signature: &SignOutput, ) -> Result, SignerError> { - // Convert binary bytes to hex string for xrpl_decode. - let tx_hex = hex::encode_upper(tx_bytes); - let mut json_tx = xrpl_decode(&tx_hex) - .map_err(|e| SignerError::InvalidTransaction(format!("xrpl decode failed: {}", e)))?; + #[cfg(target_arch = "wasm32")] + { + let _ = (tx_bytes, signature); + return Err(SignerError::InvalidTransaction( + "XRPL transaction encoding is not supported in wasm".into(), + )); + } + + #[cfg(not(target_arch = "wasm32"))] + { + // Convert binary bytes to hex string for xrpl_decode. + let tx_hex = hex::encode_upper(tx_bytes); + let mut json_tx = xrpl_decode(&tx_hex).map_err(|e| { + SignerError::InvalidTransaction(format!("xrpl decode failed: {}", e)) + })?; - json_tx["TxnSignature"] = - serde_json::Value::String(hex::encode_upper(&signature.signature)); + json_tx["TxnSignature"] = + serde_json::Value::String(hex::encode_upper(&signature.signature)); - let hex_encoded = xrpl_encode(&json_tx) - .map_err(|e| SignerError::InvalidTransaction(format!("xrpl encode failed: {}", e)))?; + let hex_encoded = xrpl_encode(&json_tx).map_err(|e| { + SignerError::InvalidTransaction(format!("xrpl encode failed: {}", e)) + })?; - hex::decode(&hex_encoded) - .map_err(|e| SignerError::InvalidTransaction(format!("invalid hex from encode: {}", e))) + hex::decode(&hex_encoded).map_err(|e| { + SignerError::InvalidTransaction(format!("invalid hex from encode: {}", e)) + }) + } } /// Off-chain message signing is not yet supported for XRPL. @@ -164,6 +202,27 @@ impl ChainSigner for XrplSigner { } } +#[cfg(target_arch = "wasm32")] +fn classic_address(compressed_public_key: &[u8]) -> Result { + let sha = Sha256::digest(compressed_public_key); + let account_id = Ripemd160::digest(sha); + let mut payload = Vec::with_capacity(1 + account_id.len()); + payload.push(0x00); + payload.extend_from_slice(&account_id); + Ok(bs58::encode(payload) + .with_alphabet(bs58::Alphabet::RIPPLE) + .with_check() + .into_string()) +} + +#[cfg(target_arch = "wasm32")] +fn sha512_half(data: &[u8]) -> [u8; 32] { + use sha2::Sha512; + + let hash = Sha512::digest(data); + hash[..32].try_into().expect("sha512 output is 64 bytes") +} + #[cfg(test)] mod tests { use super::*; diff --git a/readme/templates/ows.md b/readme/templates/ows.md index 5fbe64c4..0bc33831 100644 --- a/readme/templates/ows.md +++ b/readme/templates/ows.md @@ -31,6 +31,7 @@ The bindings are **standalone** — they embed the Rust core via native FFI. No | Node.js | [`@open-wallet-standard/core`](https://www.npmjs.com/package/@open-wallet-standard/core) | `npm install @open-wallet-standard/core` | | Node.js adapters (viem, Solana, WDK) | [`@open-wallet-standard/adapters`](https://www.npmjs.com/package/@open-wallet-standard/adapters) | `npm install @open-wallet-standard/adapters` | | Python | [`open-wallet-standard`](https://pypi.org/project/open-wallet-standard/) | `pip install open-wallet-standard` | +| Browser | [`@open-wallet-standard/web`](https://www.npmjs.com/package/@open-wallet-standard/web) | `npm install @open-wallet-standard/web` | ```javascript import { createWallet, signMessage } from "@open-wallet-standard/core"; @@ -67,4 +68,4 @@ console.log(sig.signature); ## License -See repository root for license information. \ No newline at end of file +See repository root for license information.