LazorKit LogoLazorKit
SDK (web3.js v1)

Types

Signer helpers, PDA derivation, account decoders, and error utilities.

Every public type and helper exported from @lazorkit/sdk-legacy.

Signer helpers

Three signer constructors are shared across every client.* method that takes a signer:

import { ed25519, session } from '@lazorkit/sdk-legacy';

ed25519(publicKey: PublicKey): Ed25519Signer
session(sessionPda: PublicKey, sessionKey: PublicKey): SessionSigner

For Secp256r1 (passkey), pass the secp256r1 params object directly — the two-phase prepare/finalize flow handles the signing round-trip:

interface Secp256r1Params {
  /** 32-byte SHA256 of the WebAuthn credential ID. */
  credentialIdHash: Uint8Array;
  /** 33-byte compressed pubkey. Auto-fetched from the on-chain Authority if omitted. */
  publicKeyBytes?: Uint8Array;
  /** Pre-derived Authority PDA. Auto-derived from credentialIdHash if omitted. */
  authorityPda?: PublicKey;
  /** Override slot (auto-fetched from the connection if omitted). */
  slotOverride?: bigint;
}

Only credentialIdHash is strictly required

Since v1.8 (upstream commit 830229e), publicKeyBytes and authorityPda are optional. Pass only credentialIdHash and the client reads the pubkey off-chain and derives the PDA for you. Keeps client state minimal — you only persist the credential ID (or its hash) per user.

CreateWalletParams

interface CreateWalletParams {
  payer: PublicKey;
  userSeed: Buffer;                                        // 32 bytes, unique per wallet
  owner: Ed25519OwnerParams | Secp256r1OwnerParams;
}

interface Ed25519OwnerParams {
  type: 'ed25519';
  pubkey: PublicKey;
}

interface Secp256r1OwnerParams {
  type: 'secp256r1';
  credentialIdHash: Buffer;
  compressedPubkey: Buffer;
  rpId: string;
}

WebAuthnResponse

Returned from the browser authenticator; passed into finalize* methods:

interface WebAuthnResponse {
  signature: Buffer;           // DER-encoded Secp256r1 signature
  authenticatorData: Buffer;   // WebAuthn authenticator data
  clientDataJSON: Buffer;      // Raw clientDataJSON bytes
}

SessionAction

Union of all on-chain action types. See Session Keys concept for semantics.

type SessionAction =
  | { type: 'SolLimit'; remaining: bigint; expiresAt?: bigint }
  | { type: 'SolRecurringLimit'; limit: bigint; window: bigint; expiresAt?: bigint }
  | { type: 'SolMaxPerTx'; max: bigint; expiresAt?: bigint }
  | { type: 'TokenLimit'; mint: PublicKey; remaining: bigint; expiresAt?: bigint }
  | { type: 'TokenRecurringLimit'; mint: PublicKey; limit: bigint; window: bigint; expiresAt?: bigint }
  | { type: 'TokenMaxPerTx'; mint: PublicKey; max: bigint; expiresAt?: bigint }
  | { type: 'ProgramWhitelist'; programId: PublicKey; expiresAt?: bigint }
  | { type: 'ProgramBlacklist'; programId: PublicKey; expiresAt?: bigint };

Actions builders

Prefer the builder helpers — they match the object shape exactly and are easier to read:

import { Actions } from '@lazorkit/sdk-legacy';

Actions.solLimit(lamports, expiresAt?)
Actions.solRecurringLimit({ limit, window, expiresAt? })
Actions.solMaxPerTx(lamports, expiresAt?)
Actions.tokenLimit({ mint, remaining, expiresAt? })
Actions.tokenRecurringLimit({ mint, limit, window, expiresAt? })
Actions.tokenMaxPerTx({ mint, max, expiresAt? })
Actions.programWhitelist(programId, expiresAt?)
Actions.programBlacklist(programId, expiresAt?)

WalletLookupResult

Returned by findWalletsByAuthority:

interface WalletLookupResult {
  walletPda: PublicKey;
  authorityPda: PublicKey;
  vaultPda: PublicKey;                       // ← the address funds live at
  role: 0 | 1 | 2;                           // 0=Owner, 1=Admin, 2=Spender
  authorityType: 0 | 1;                      // 0=Ed25519, 1=Secp256r1
}

PDA derivation

import {
  deriveWalletPda,
  deriveVaultPda,
  deriveAuthorityPda,
  deriveSessionPda,
  deriveDeferredExecPda,
} from '@lazorkit/sdk-legacy';

const [walletPda]      = deriveWalletPda(userSeed);
const [vaultPda]       = deriveVaultPda(walletPda);
const [authorityPda]   = deriveAuthorityPda(walletPda, credentialIdHash);
const [sessionPda]     = deriveSessionPda(walletPda, sessionKey);
const [deferredExecPda] = deriveDeferredExecPda(walletPda, authorityPda, counter);

Every helper returns [PublicKey, bump].

Account decoders

Read on-chain state without manual byte juggling:

import {
  decodeWalletAccount,
  decodeAuthorityAccount,
  decodeSessionAccount,
  decodeDeferredExecAccount,
} from '@lazorkit/sdk-legacy';

const info = await connection.getAccountInfo(walletPda);
const wallet = decodeWalletAccount(info!.data);

const authority = decodeAuthorityAccount(authorityInfo.data);
console.log(authority.role, authority.counter);

Role & auth constants

export const ROLE_OWNER   = 0;
export const ROLE_ADMIN   = 1;
export const ROLE_SPENDER = 2;

export const AUTH_TYPE_ED25519   = 0;
export const AUTH_TYPE_SECP256R1 = 1;

Error utilities

import { parseError, extractErrorCode, errorFromCode } from '@lazorkit/sdk-legacy';

// From a thrown SendTransactionError:
const parsed = parseError(err);              // { code, name, message }
const code   = extractErrorCode(err);        // 3024
const name   = errorFromCode(3024);          // 'ActionSolLimitExceeded'

Error ranges:

RangeCategory
3001–3019AuthError — authentication and permission failures
3020–3029ActionError — session action violations
4001–4007ProtocolError — protocol fee system errors

Full error map in Troubleshooting › Program errors.

Session Keys

Create, use, and revoke session keys with the low-level web3.js v1 SDK.

Overview

LazorKit SDK for @solana/web3.js v2 — coming soon.

On this page

Signer helpersCreateWalletParamsWebAuthnResponseSessionActionActions buildersWalletLookupResultPDA derivationAccount decodersRole & auth constantsError utilities