Metasig · agonzalezv · Nov 11, 2025 · Nov 11, 2025 · Nov 11, 2025
@@ -0,0 +1,3 @@
+# Global owners
+
+* @Metasig/devs
@@ -0,0 +1,25 @@
+# Summary
+
+- One-line summary of the change and why it matters.
+
+## Context
+
+- Links: issue, ticket, or related PRs.
+
+## Changes
+
+- Short bullet list of the key changes made.
+
+## Checklist
+
+- [ ] Tests added/updated
+- [ ] Docs updated (if needed)
+
+## Risks
+
+- Brief note about possible risks or impact.
+
+## How to test
+
+- Short, reproducible steps to verify the change.
+z
@@ -0,0 +1,19 @@
+name: build
+
+on:
+  workflow_dispatch:
+  pull_request:
+
+jobs:
+  cargo_build:
+    name: cargo build
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - name: apt-get install
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libwebkit2gtk-4.1-dev
+      - run: cargo build
@@ -0,0 +1,27 @@
+name: release
+
+on:
+  workflow_dispatch:
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write # publish a GitHub release
+      issues: write # comment on released issues
+      pull-requests: write # comment on released pull requests
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+
+      - name: semantic-release
+        run: npx semantic-release@24
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,22 @@
+name: Telegram notification
+
+on:
+  pull_request:
+    types: [opened, reopened]
+
+jobs:
+  telegram-bot:
+    name: Telegram Bot
+    runs-on: ubuntu-latest    
+    steps:
+      - name: Telegram Notify
+        uses: appleboy/telegram-action@master
+        with:
+          to: ${{ secrets.TELEGRAM_TO }}
+          token: ${{ secrets.TELEGRAM_TOKEN }}
+          format: markdown
+          disable_web_page_preview: true
+          message: |
+            ${{ github.event.pull_request.draft && '📝 New draft PR' || '🔔 New PR' }} by: *${{ github.event.pull_request.user.login }}*
+            *${{ github.event.pull_request.title }}*
+            🔍 ${{ github.event.pull_request.html_url }}
@@ -1,4 +1,78 @@
-# Tauri Plugin p256-signer
+# Tauri Plugin: p256-signer
 
-Sign messages from Tauri using passkeys to create a viem webauthnp256 account to use as an owner in 4337 wallets.
-Requires configuration in your consuming application via asset links, verifying the package sha256 hash and package name etc.
+Sign messages from a Tauri app using platform passkeys (WebAuthn). This plugin exposes a small JS API
+that serializes WebAuthn requests to be handled by the native layer and returns a parsed
+PublicKeyCredential which can be used to build viem/web3-style accounts (for example a webauthn-p256
+owner for account abstraction / 4337 flows).
+
+This repository contains:
+
+- Rust plugin code for Tauri (the native implementation).
+- JS bindings (lightweight helpers) in `guest-js/` and a distributable bundle in `dist-js/`.
+
+Key notes
+
+- The plugin does not bypass the platform security model: you must configure the consuming Android/iOS
+ application to allow WebAuthn/passkey use. On Android this normally means adding an assetlinks JSON
+ entry hosted at your domain and verifying your package name / signing certificate. On iOS you need
+ properly configured Associated Domains and, where relevant, App Clip/entitlements.
+
+Use this plugin when you want to let a Tauri desktop/mobile app create and use WebAuthn passkeys
+and surface the resulting signatures/public keys to a JS layer (for example to construct viem accounts).
+
+## Quick install
+
+This project publishes JS bindings as the package `@metasig/tauri-plugin-p256-signer-api` (see
+`package.json`). To use the JS helpers in your Tauri app, install the package (npm / pnpm / yarn):
+
+```bash
+# from your app's frontend
+pnpm add @metasig/tauri-plugin-p256-signer-api
+```
+
+The native plugin is a standard Tauri plugin. Include it in your Tauri Rust plugin list and enable
+the plugin during build. See "Build & develop" below for local build instructions.
+
+## Usage (JS example)
+
+The JS bindings expose two high-level helpers: `createCredential` and `getCredential`.
+They serialize WebAuthn options into a JSON-friendly form, invoke the native plugin and return
+a parsed `PublicKeyCredential` object that behaves like the browser API.
+
+Example (browser/guest code):
+
+```ts
+import { createCredential, getCredential } from '@metasig/tauri-plugin-p256-signer-api';
+
+// Create a credential from PublicKeyCredentialCreationOptions
+const created = await createCredential(creationOptions);
+
+// Request an assertion
+const asserted = await getCredential({ publicKey: requestOptions });
+
+// Use asserted.response.signature and asserted.rawId in your app (for example to register a
+// viem webauthn-p256 account or to verify a signature server-side).
+```
+
+For more advanced usage and the exact serialization/parsing behavior, see `guest-js/index.ts` in
+this repository.
+
+## Build & develop
+
+From the repository root you can build both the JS bundle and the Rust plugin.
+
+- Build JS bundle:
+
+```bash
+pnpm build
+```
+
+- Build Rust plugin (requires Rust >= 1.77.2):
+
+```bash
+cargo build --release
+```
+
+## License
+
+This repository is licensed under Apache-2.0 (see `package.json`).
@@ -1,6 +1,6 @@
 {
   "name": "@metasig/tauri-plugin-p256-signer-api",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "author": "0x330a",
   "description": "JS Bindings for the tauri-plugin-p256-signer Tauri plugin",
   "type": "module",
@@ -38,4 +38,4 @@
     "type": "git",
     "url": "git+https://github.com/Metasig/tauri-plugin-keystore.git"
   }
-}
+}