@aztec/wallet-sdk 0.0.1-commit.9593d84 → 0.0.1-commit.96bb3f7

package/dest/crypto.d.ts

@@ -0,0 +1,146 @@
+/**
+ * Exported public key in JWK format for transmission over untrusted channels.
+ *
+ * Contains only the public components of an ECDH P-256 key, safe to share.
+ */
+export interface ExportedPublicKey {
+    /** Key type - always "EC" for elliptic curve */
+    kty: string;
+    /** Curve name - always "P-256" */
+    crv: string;
+    /** X coordinate (base64url encoded) */
+    x: string;
+    /** Y coordinate (base64url encoded) */
+    y: string;
+}
+/**
+ * Encrypted message payload containing ciphertext and initialization vector.
+ *
+ * Both fields are base64-encoded for safe transmission as JSON.
+ */
+export interface EncryptedPayload {
+    /** Initialization vector (base64 encoded, 12 bytes) */
+    iv: string;
+    /** Ciphertext (base64 encoded) */
+    ciphertext: string;
+}
+/**
+ * ECDH key pair for secure communication.
+ *
+ * The private key should never be exported or transmitted.
+ * The public key can be exported via {@link exportPublicKey} for exchange.
+ */
+export interface SecureKeyPair {
+    /** Public key - safe to share */
+    publicKey: CryptoKey;
+    /** Private key - keep secret, used for key derivation */
+    privateKey: CryptoKey;
+}
+/**
+ * Generates an ECDH P-256 key pair for key exchange.
+ *
+ * The generated key pair can be used to derive a shared secret with another
+ * party's public key using {@link deriveSharedKey}.
+ *
+ * @returns A new ECDH key pair
+ *
+ * @example
+ * ```typescript
+ * const keyPair = await generateKeyPair();
+ * const publicKey = await exportPublicKey(keyPair.publicKey);
+ * // Send publicKey to the other party
+ * ```
+ */
+export declare function generateKeyPair(): Promise<SecureKeyPair>;
+/**
+ * Exports a public key to JWK format for transmission.
+ *
+ * The exported key contains only public components and is safe to transmit
+ * over untrusted channels.
+ *
+ * @param publicKey - The CryptoKey public key to export
+ * @returns The public key in JWK format
+ *
+ * @example
+ * ```typescript
+ * const keyPair = await generateKeyPair();
+ * const exported = await exportPublicKey(keyPair.publicKey);
+ * // exported can be JSON serialized and sent to another party
+ * ```
+ */
+export declare function exportPublicKey(publicKey: CryptoKey): Promise<ExportedPublicKey>;
+/**
+ * Imports a public key from JWK format.
+ *
+ * Used to import the other party's public key for deriving a shared secret.
+ *
+ * @param exported - The public key in JWK format
+ * @returns A CryptoKey that can be used with {@link deriveSharedKey}
+ *
+ * @example
+ * ```typescript
+ * // Receive exported public key from other party
+ * const theirPublicKey = await importPublicKey(receivedPublicKey);
+ * const sharedKey = await deriveSharedKey(myPrivateKey, theirPublicKey);
+ * ```
+ */
+export declare function importPublicKey(exported: ExportedPublicKey): Promise<CryptoKey>;
+/**
+ * Derives a shared AES-256-GCM key from ECDH key exchange.
+ *
+ * Both parties will derive the same shared key when using their own private key
+ * and the other party's public key. This is the core of ECDH key agreement.
+ *
+ * @param privateKey - Your ECDH private key
+ * @param publicKey - The other party's ECDH public key
+ * @returns An AES-256-GCM key for encryption/decryption
+ *
+ * @example
+ * ```typescript
+ * // Both parties derive the same key
+ * const sharedKeyA = await deriveSharedKey(privateKeyA, publicKeyB);
+ * const sharedKeyB = await deriveSharedKey(privateKeyB, publicKeyA);
+ * // sharedKeyA and sharedKeyB are equivalent
+ * ```
+ */
+export declare function deriveSharedKey(privateKey: CryptoKey, publicKey: CryptoKey): Promise<CryptoKey>;
+/**
+ * Encrypts data using AES-256-GCM.
+ *
+ * The data is JSON serialized before encryption. A random 12-byte IV is
+ * generated for each encryption operation.
+ *
+ * AES-GCM provides both confidentiality and authenticity - any tampering
+ * with the ciphertext will cause decryption to fail.
+ *
+ * @param key - The AES-GCM key (from {@link deriveSharedKey})
+ * @param data - The data to encrypt (will be JSON serialized)
+ * @returns The encrypted payload with IV and ciphertext
+ *
+ * @example
+ * ```typescript
+ * const encrypted = await encrypt(sharedKey, { action: 'transfer', amount: 100 });
+ * // encrypted.iv and encrypted.ciphertext are base64 strings
+ * ```
+ */
+export declare function encrypt(key: CryptoKey, data: unknown): Promise<EncryptedPayload>;
+/**
+ * Decrypts data using AES-256-GCM.
+ *
+ * The decrypted data is JSON parsed before returning.
+ *
+ * @typeParam T - The expected type of the decrypted data
+ * @param key - The AES-GCM key (from {@link deriveSharedKey})
+ * @param payload - The encrypted payload from {@link encrypt}
+ * @returns The decrypted and parsed data
+ *
+ * @throws Error if decryption fails (wrong key or tampered ciphertext)
+ *
+ * @example
+ * ```typescript
+ * const decrypted = await decrypt<{ action: string; amount: number }>(sharedKey, encrypted);
+ * console.log(decrypted.action); // 'transfer'
+ * ```
+ */
+export declare function decrypt<T = unknown>(key: CryptoKey, payload: EncryptedPayload): Promise<T>;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3J5cHRvLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvY3J5cHRvLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQW1DQTs7OztHQUlHO0FBQ0gsTUFBTSxXQUFXLGlCQUFpQjtJQUNoQyxnREFBZ0Q7SUFDaEQsR0FBRyxFQUFFLE1BQU0sQ0FBQztJQUNaLGtDQUFrQztJQUNsQyxHQUFHLEVBQUUsTUFBTSxDQUFDO0lBQ1osdUNBQXVDO0lBQ3ZDLENBQUMsRUFBRSxNQUFNLENBQUM7SUFDVix1Q0FBdUM7SUFDdkMsQ0FBQyxFQUFFLE1BQU0sQ0FBQztDQUNYO0FBRUQ7Ozs7R0FJRztBQUNILE1BQU0sV0FBVyxnQkFBZ0I7SUFDL0IsdURBQXVEO0lBQ3ZELEVBQUUsRUFBRSxNQUFNLENBQUM7SUFDWCxrQ0FBa0M7SUFDbEMsVUFBVSxFQUFFLE1BQU0sQ0FBQztDQUNwQjtBQUVEOzs7OztHQUtHO0FBQ0gsTUFBTSxXQUFXLGFBQWE7SUFDNUIsaUNBQWlDO0lBQ2pDLFNBQVMsRUFBRSxTQUFTLENBQUM7SUFDckIseURBQXlEO0lBQ3pELFVBQVUsRUFBRSxTQUFTLENBQUM7Q0FDdkI7QUFFRDs7Ozs7Ozs7Ozs7Ozs7R0FjRztBQUNILHdCQUFzQixlQUFlLElBQUksT0FBTyxDQUFDLGFBQWEsQ0FBQyxDQWE5RDtBQUVEOzs7Ozs7Ozs7Ozs7Ozs7R0FlRztBQUNILHdCQUFzQixlQUFlLENBQUMsU0FBUyxFQUFFLFNBQVMsR0FBRyxPQUFPLENBQUMsaUJBQWlCLENBQUMsQ0FRdEY7QUFFRDs7Ozs7Ozs7Ozs7Ozs7R0FjRztBQUNILHdCQUFnQixlQUFlLENBQUMsUUFBUSxFQUFFLGlCQUFpQixHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FnQi9FO0FBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBaUJHO0FBQ0gsd0JBQWdCLGVBQWUsQ0FBQyxVQUFVLEVBQUUsU0FBUyxFQUFFLFNBQVMsRUFBRSxTQUFTLEdBQUcsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQWMvRjtBQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FrQkc7QUFDSCx3QkFBc0IsT0FBTyxDQUFDLEdBQUcsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLE9BQU8sR0FBRyxPQUFPLENBQUMsZ0JBQWdCLENBQUMsQ0FVdEY7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FpQkc7QUFDSCx3QkFBc0IsT0FBTyxDQUFDLENBQUMsR0FBRyxPQUFPLEVBQUUsR0FBRyxFQUFFLFNBQVMsRUFBRSxPQUFPLEVBQUUsZ0JBQWdCLEdBQUcsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQVFoRyJ9

package/dest/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAmCA;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,gDAAgD;IAChD,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,uCAAuC;IACvC,CAAC,EAAE,MAAM,CAAC;IACV,uCAAuC;IACvC,CAAC,EAAE,MAAM,CAAC;CACX;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,uDAAuD;IACvD,EAAE,EAAE,MAAM,CAAC;IACX,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B,iCAAiC;IACjC,SAAS,EAAE,SAAS,CAAC;IACrB,yDAAyD;IACzD,UAAU,EAAE,SAAS,CAAC;CACvB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,aAAa,CAAC,CAa9D;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,eAAe,CAAC,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAQtF;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,iBAAiB,GAAG,OAAO,CAAC,SAAS,CAAC,CAgB/E;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAc/F;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAUtF;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,OAAO,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,CAAC,CAAC,CAQhG"}

package/dest/crypto.js

@@ -0,0 +1,216 @@
+/**
+ * Cryptographic utilities for secure wallet communication.
+ *
+ * This module provides ECDH key exchange and AES-GCM encryption primitives
+ * for establishing secure communication channels between dApps and wallet extensions.
+ *
+ * The crypto flow:
+ * 1. Both parties generate ECDH key pairs using {@link generateKeyPair}
+ * 2. Public keys are exchanged (exported via {@link exportPublicKey}, imported via {@link importPublicKey})
+ * 3. Both parties derive the same shared secret using {@link deriveSharedKey}
+ * 4. Messages are encrypted/decrypted using {@link encrypt} and {@link decrypt}
+ *
+ * @example
+ * ```typescript
+ * // Party A
+ * const keyPairA = await generateKeyPair();
+ * const publicKeyA = await exportPublicKey(keyPairA.publicKey);
+ *
+ * // Party B
+ * const keyPairB = await generateKeyPair();
+ * const publicKeyB = await exportPublicKey(keyPairB.publicKey);
+ *
+ * // Exchange public keys, then derive shared secret
+ * const importedB = await importPublicKey(publicKeyB);
+ * const sharedKeyA = await deriveSharedKey(keyPairA.privateKey, importedB);
+ *
+ * // Encrypt and decrypt
+ * const encrypted = await encrypt(sharedKeyA, { message: 'hello' });
+ * const decrypted = await decrypt(sharedKeyB, encrypted);
+ * ```
+ *
+ * @packageDocumentation
+ */ import { jsonStringify } from '@aztec/foundation/json-rpc';
+/**
+ * Generates an ECDH P-256 key pair for key exchange.
+ *
+ * The generated key pair can be used to derive a shared secret with another
+ * party's public key using {@link deriveSharedKey}.
+ *
+ * @returns A new ECDH key pair
+ *
+ * @example
+ * ```typescript
+ * const keyPair = await generateKeyPair();
+ * const publicKey = await exportPublicKey(keyPair.publicKey);
+ * // Send publicKey to the other party
+ * ```
+ */ export async function generateKeyPair() {
+    const keyPair = await crypto.subtle.generateKey({
+        name: 'ECDH',
+        namedCurve: 'P-256'
+    }, true, [
+        'deriveKey'
+    ]);
+    return {
+        publicKey: keyPair.publicKey,
+        privateKey: keyPair.privateKey
+    };
+}
+/**
+ * Exports a public key to JWK format for transmission.
+ *
+ * The exported key contains only public components and is safe to transmit
+ * over untrusted channels.
+ *
+ * @param publicKey - The CryptoKey public key to export
+ * @returns The public key in JWK format
+ *
+ * @example
+ * ```typescript
+ * const keyPair = await generateKeyPair();
+ * const exported = await exportPublicKey(keyPair.publicKey);
+ * // exported can be JSON serialized and sent to another party
+ * ```
+ */ export async function exportPublicKey(publicKey) {
+    const jwk = await crypto.subtle.exportKey('jwk', publicKey);
+    return {
+        kty: jwk.kty,
+        crv: jwk.crv,
+        x: jwk.x,
+        y: jwk.y
+    };
+}
+/**
+ * Imports a public key from JWK format.
+ *
+ * Used to import the other party's public key for deriving a shared secret.
+ *
+ * @param exported - The public key in JWK format
+ * @returns A CryptoKey that can be used with {@link deriveSharedKey}
+ *
+ * @example
+ * ```typescript
+ * // Receive exported public key from other party
+ * const theirPublicKey = await importPublicKey(receivedPublicKey);
+ * const sharedKey = await deriveSharedKey(myPrivateKey, theirPublicKey);
+ * ```
+ */ export function importPublicKey(exported) {
+    return crypto.subtle.importKey('jwk', {
+        kty: exported.kty,
+        crv: exported.crv,
+        x: exported.x,
+        y: exported.y
+    }, {
+        name: 'ECDH',
+        namedCurve: 'P-256'
+    }, false, []);
+}
+/**
+ * Derives a shared AES-256-GCM key from ECDH key exchange.
+ *
+ * Both parties will derive the same shared key when using their own private key
+ * and the other party's public key. This is the core of ECDH key agreement.
+ *
+ * @param privateKey - Your ECDH private key
+ * @param publicKey - The other party's ECDH public key
+ * @returns An AES-256-GCM key for encryption/decryption
+ *
+ * @example
+ * ```typescript
+ * // Both parties derive the same key
+ * const sharedKeyA = await deriveSharedKey(privateKeyA, publicKeyB);
+ * const sharedKeyB = await deriveSharedKey(privateKeyB, publicKeyA);
+ * // sharedKeyA and sharedKeyB are equivalent
+ * ```
+ */ export function deriveSharedKey(privateKey, publicKey) {
+    return crypto.subtle.deriveKey({
+        name: 'ECDH',
+        public: publicKey
+    }, privateKey, {
+        name: 'AES-GCM',
+        length: 256
+    }, false, [
+        'encrypt',
+        'decrypt'
+    ]);
+}
+/**
+ * Encrypts data using AES-256-GCM.
+ *
+ * The data is JSON serialized before encryption. A random 12-byte IV is
+ * generated for each encryption operation.
+ *
+ * AES-GCM provides both confidentiality and authenticity - any tampering
+ * with the ciphertext will cause decryption to fail.
+ *
+ * @param key - The AES-GCM key (from {@link deriveSharedKey})
+ * @param data - The data to encrypt (will be JSON serialized)
+ * @returns The encrypted payload with IV and ciphertext
+ *
+ * @example
+ * ```typescript
+ * const encrypted = await encrypt(sharedKey, { action: 'transfer', amount: 100 });
+ * // encrypted.iv and encrypted.ciphertext are base64 strings
+ * ```
+ */ export async function encrypt(key, data) {
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encoded = new TextEncoder().encode(jsonStringify(data));
+    const ciphertext = await crypto.subtle.encrypt({
+        name: 'AES-GCM',
+        iv
+    }, key, encoded);
+    return {
+        iv: arrayBufferToBase64(iv),
+        ciphertext: arrayBufferToBase64(ciphertext)
+    };
+}
+/**
+ * Decrypts data using AES-256-GCM.
+ *
+ * The decrypted data is JSON parsed before returning.
+ *
+ * @typeParam T - The expected type of the decrypted data
+ * @param key - The AES-GCM key (from {@link deriveSharedKey})
+ * @param payload - The encrypted payload from {@link encrypt}
+ * @returns The decrypted and parsed data
+ *
+ * @throws Error if decryption fails (wrong key or tampered ciphertext)
+ *
+ * @example
+ * ```typescript
+ * const decrypted = await decrypt<{ action: string; amount: number }>(sharedKey, encrypted);
+ * console.log(decrypted.action); // 'transfer'
+ * ```
+ */ export async function decrypt(key, payload) {
+    const iv = base64ToArrayBuffer(payload.iv);
+    const ciphertext = base64ToArrayBuffer(payload.ciphertext);
+    const decrypted = await crypto.subtle.decrypt({
+        name: 'AES-GCM',
+        iv
+    }, key, ciphertext);
+    const decoded = new TextDecoder().decode(decrypted);
+    return JSON.parse(decoded);
+}
+/**
+ * Converts ArrayBuffer to base64 string.
+ * @internal
+ */ function arrayBufferToBase64(buffer) {
+    const bytes = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
+    let binary = '';
+    for(let i = 0; i < bytes.byteLength; i++){
+        binary += String.fromCharCode(bytes[i]);
+    }
+    return btoa(binary);
+}
+/**
+ * Converts base64 string to ArrayBuffer.
+ * @internal
+ */ function base64ToArrayBuffer(base64) {
+    const binary = atob(base64);
+    const bytes = new Uint8Array(binary.length);
+    for(let i = 0; i < binary.length; i++){
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes.buffer;
+}

package/dest/manager/index.d.ts

@@ -1,8 +1,8 @@
 export { WalletManager } from './wallet_manager.js';
 export type { WalletManagerConfig, ExtensionWalletConfig, WebWalletConfig, WalletProviderType, WalletProvider, DiscoverWalletsOptions, } from './types.js';
-export type { WalletInfo, WalletMessage, WalletResponse, DiscoveryRequest, DiscoveryResponse, } from '../providers/types.js';
+export type { WalletInfo, WalletMessage, WalletResponse, DiscoveryRequest, DiscoveryResponse } from '../types.js';
 export { ChainInfoSchema } from '@aztec/aztec.js/account';
 export type { ChainInfo } from '@aztec/aztec.js/account';
 export { WalletSchema } from '@aztec/aztec.js/wallet';
 export { jsonStringify } from '@aztec/foundation/json-rpc';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tYW5hZ2VyL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUNwRCxZQUFZLEVBQ1YsbUJBQW1CLEVBQ25CLHFCQUFxQixFQUNyQixlQUFlLEVBQ2Ysa0JBQWtCLEVBQ2xCLGNBQWMsRUFDZCxzQkFBc0IsR0FDdkIsTUFBTSxZQUFZLENBQUM7QUFHcEIsWUFBWSxFQUNWLFVBQVUsRUFDVixhQUFhLEVBQ2IsY0FBYyxFQUNkLGdCQUFnQixFQUNoQixpQkFBaUIsR0FDbEIsTUFBTSx1QkFBdUIsQ0FBQztBQUcvQixPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDMUQsWUFBWSxFQUFFLFNBQVMsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQ3pELE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQztBQUN0RCxPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sNEJBQTRCLENBQUMifQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tYW5hZ2VyL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUNwRCxZQUFZLEVBQ1YsbUJBQW1CLEVBQ25CLHFCQUFxQixFQUNyQixlQUFlLEVBQ2Ysa0JBQWtCLEVBQ2xCLGNBQWMsRUFDZCxzQkFBc0IsR0FDdkIsTUFBTSxZQUFZLENBQUM7QUFHcEIsWUFBWSxFQUFFLFVBQVUsRUFBRSxhQUFhLEVBQUUsY0FBYyxFQUFFLGdCQUFnQixFQUFFLGlCQUFpQixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBR2xILE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUMxRCxZQUFZLEVBQUUsU0FBUyxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDekQsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBQ3RELE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQyJ9

package/dest/manager/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/manager/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EACV,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,sBAAsB,GACvB,MAAM,YAAY,CAAC;AAGpB,YAAY,EACV,UAAU,EACV,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,YAAY,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/manager/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EACV,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,sBAAsB,GACvB,MAAM,YAAY,CAAC;AAGpB,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGlH,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,YAAY,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC"}

package/dest/manager/wallet_manager.js

@@ -51,7 +51,7 @@ import { ExtensionProvider, ExtensionWallet } from '../providers/extension/index
                     metadata: {
                         version: ext.version
                     },
-                    connect: (appId)=>Promise.resolve(ExtensionWallet.create(chainInfo, appId, ext.id))
+                    connect: (appId)=>ExtensionWallet.create(ext, chainInfo, appId)
                 });
             }
         }

package/dest/providers/extension/extension_provider.d.ts

@@ -1,5 +1,5 @@
 import type { ChainInfo } from '@aztec/aztec.js/account';
-import type { WalletInfo } from '../types.js';
+import type { WalletInfo } from '../../types.js';
 /**
  * Provider for discovering and managing Aztec wallet extensions
  */
@@ -14,4 +14,4 @@ export declare class ExtensionProvider {
      */
     static discoverExtensions(chainInfo: ChainInfo, timeout?: number): Promise<WalletInfo[]>;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZW5zaW9uX3Byb3ZpZGVyLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcHJvdmlkZXJzL2V4dGVuc2lvbi9leHRlbnNpb25fcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFJekQsT0FBTyxLQUFLLEVBQXVDLFVBQVUsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUVuRjs7R0FFRztBQUNILHFCQUFhLGlCQUFpQjtJQUM1QixPQUFPLENBQUMsTUFBTSxDQUFDLG9CQUFvQixDQUFzQztJQUN6RSxPQUFPLENBQUMsTUFBTSxDQUFDLG1CQUFtQixDQUFTO0lBRTNDOzs7OztPQUtHO0lBQ0gsT0FBYSxrQkFBa0IsQ0FBQyxTQUFTLEVBQUUsU0FBUyxFQUFFLE9BQU8sR0FBRSxNQUFhLEdBQUcsT0FBTyxDQUFDLFVBQVUsRUFBRSxDQUFDLENBbURuRztDQUNGIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZW5zaW9uX3Byb3ZpZGVyLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcHJvdmlkZXJzL2V4dGVuc2lvbi9leHRlbnNpb25fcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFJekQsT0FBTyxLQUFLLEVBQXVDLFVBQVUsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRXRGOztHQUVHO0FBQ0gscUJBQWEsaUJBQWlCO0lBQzVCLE9BQU8sQ0FBQyxNQUFNLENBQUMsb0JBQW9CLENBQXNDO0lBQ3pFLE9BQU8sQ0FBQyxNQUFNLENBQUMsbUJBQW1CLENBQVM7SUFFM0M7Ozs7O09BS0c7SUFDSCxPQUFhLGtCQUFrQixDQUFDLFNBQVMsRUFBRSxTQUFTLEVBQUUsT0FBTyxHQUFFLE1BQWEsR0FBRyxPQUFPLENBQUMsVUFBVSxFQUFFLENBQUMsQ0FtRG5HO0NBQ0YifQ==

package/dest/providers/extension/extension_provider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"extension_provider.d.ts","sourceRoot":"","sources":["../../../src/providers/extension/extension_provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAIzD,OAAO,KAAK,EAAuC,UAAU,EAAE,MAAM,aAAa,CAAC;AAEnF;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAsC;IACzE,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAS;IAE3C;;;;;OAKG;IACH,OAAa,kBAAkB,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,GAAE,MAAa,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAmDnG;CACF"}
+{"version":3,"file":"extension_provider.d.ts","sourceRoot":"","sources":["../../../src/providers/extension/extension_provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAIzD,OAAO,KAAK,EAAuC,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEtF;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAsC;IACzE,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAS;IAE3C;;;;;OAKG;IACH,OAAa,kBAAkB,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,GAAE,MAAa,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAmDnG;CACF"}

package/dest/providers/extension/extension_wallet.d.ts

@@ -1,23 +1,95 @@
 import type { ChainInfo } from '@aztec/aztec.js/account';
 import { type Wallet } from '@aztec/aztec.js/wallet';
+import type { WalletInfo } from '../../types.js';
 /**
  * A wallet implementation that communicates with browser extension wallets
- * Supports multiple extensions by targeting specific extension IDs
+ * using a secure encrypted MessageChannel.
+ *
+ * This class establishes a private communication channel with a wallet extension
+ * using the following security mechanisms:
+ *
+ * 1. **MessageChannel**: Creates a private communication channel that is not
+ *    visible to other scripts on the page (unlike window.postMessage).
+ *
+ * 2. **ECDH Key Exchange**: Uses Elliptic Curve Diffie-Hellman to derive a
+ *    shared secret between the dApp and wallet without transmitting private keys.
+ *
+ * 3. **AES-GCM Encryption**: All messages after channel establishment are
+ *    encrypted using AES-256-GCM, providing both confidentiality and authenticity.
+ *
+ * @example
+ * ```typescript
+ * // Discovery returns wallet info including the wallet's public key
+ * const wallets = await ExtensionProvider.discoverExtensions(chainInfo);
+ * const walletInfo = wallets[0];
+ *
+ * // Create a secure connection to the wallet
+ * const wallet = await ExtensionWallet.create(walletInfo, chainInfo, 'my-dapp');
+ *
+ * // All subsequent calls are encrypted
+ * const accounts = await wallet.getAccounts();
+ * ```
  */
 export declare class ExtensionWallet {
     private chainInfo;
     private appId;
     private extensionId;
+    /** Map of pending requests awaiting responses, keyed by message ID */
     private inFlight;
+    /** The MessagePort for private communication with the extension */
+    private port;
+    /** The derived AES-GCM key for encrypting/decrypting messages */
+    private sharedKey;
+    /**
+     * Private constructor - use {@link ExtensionWallet.create} to instantiate.
+     * @param chainInfo - The chain information (chainId and version)
+     * @param appId - Application identifier for the requesting dApp
+     * @param extensionId - The unique identifier of the target wallet extension
+     */
     private constructor();
     /**
      * Creates an ExtensionWallet instance that proxies wallet calls to a browser extension
-     * @param chainInfo - The chain information (chainId and version)
-     * @param appId - Application identifier for the requesting dapp
-     * @param extensionId - Specific extension ID to communicate with
-     * @returns A Proxy object that implements the Wallet interface
+     * over a secure encrypted MessageChannel.
+     *
+     * The connection process:
+     * 1. Generates an ECDH key pair for this session
+     * 2. Derives a shared AES-256 key using the wallet's public key
+     * 3. Creates a MessageChannel and transfers one port to the extension
+     * 4. Returns a Proxy that encrypts all wallet method calls
+     *
+     * @param walletInfo - The discovered wallet information, including the wallet's ECDH public key
+     * @param chainInfo - The chain information (chainId and version) for request context
+     * @param appId - Application identifier used to identify the requesting dApp to the wallet
+     * @returns A Promise resolving to a Wallet implementation that encrypts all communication
+     *
+     * @throws Error if the secure channel cannot be established
+     *
+     * @example
+     * ```typescript
+     * const wallet = await ExtensionWallet.create(
+     *   walletInfo,
+     *   { chainId: Fr(31337), version: Fr(0) },
+     *   'my-defi-app'
+     * );
+     * ```
      */
-    static create(chainInfo: ChainInfo, appId: string, extensionId: string): Wallet;
+    static create(walletInfo: WalletInfo, chainInfo: ChainInfo, appId: string): Promise<Wallet>;
+    private establishSecureChannel;
+    private handleEncryptedResponse;
     private postMessage;
+    /**
+     * Closes the secure channel and cleans up resources.
+     *
+     * After calling this method, the wallet instance can no longer be used.
+     * Any pending requests will not receive responses.
+     *
+     * @example
+     * ```typescript
+     * const wallet = await ExtensionWallet.create(walletInfo, chainInfo, 'my-app');
+     * // ... use wallet ...
+     * wallet.close(); // Clean up when done
+     * ```
+     */
+    close(): void;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZW5zaW9uX3dhbGxldC5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3Byb3ZpZGVycy9leHRlbnNpb24vZXh0ZW5zaW9uX3dhbGxldC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUN6RCxPQUFPLEVBQUUsS0FBSyxNQUFNLEVBQWdCLE1BQU0sd0JBQXdCLENBQUM7QUFzQm5FOzs7R0FHRztBQUNILHFCQUFhLGVBQWU7SUFJeEIsT0FBTyxDQUFDLFNBQVM7SUFDakIsT0FBTyxDQUFDLEtBQUs7SUFDYixPQUFPLENBQUMsV0FBVztJQUxyQixPQUFPLENBQUMsUUFBUSxDQUFvRDtJQUVwRSxPQUFPLGVBSUg7SUFFSjs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRSxTQUFTLEVBQUUsS0FBSyxFQUFFLE1BQU0sRUFBRSxXQUFXLEVBQUUsTUFBTSxHQUFHLE1BQU0sQ0E2RDlFO0lBRUQsT0FBTyxDQUFDLFdBQVc7Q0FpQnBCIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZW5zaW9uX3dhbGxldC5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3Byb3ZpZGVycy9leHRlbnNpb24vZXh0ZW5zaW9uX3dhbGxldC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUN6RCxPQUFPLEVBQUUsS0FBSyxNQUFNLEVBQWdCLE1BQU0sd0JBQXdCLENBQUM7QUFnQm5FLE9BQU8sS0FBSyxFQUFrQixVQUFVLEVBQWlDLE1BQU0sZ0JBQWdCLENBQUM7QUFhaEc7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0E0Qkc7QUFDSCxxQkFBYSxlQUFlO0lBaUJ4QixPQUFPLENBQUMsU0FBUztJQUNqQixPQUFPLENBQUMsS0FBSztJQUNiLE9BQU8sQ0FBQyxXQUFXO0lBbEJyQixzRUFBc0U7SUFDdEUsT0FBTyxDQUFDLFFBQVEsQ0FBb0Q7SUFFcEUsbUVBQW1FO0lBQ25FLE9BQU8sQ0FBQyxJQUFJLENBQTRCO0lBRXhDLGlFQUFpRTtJQUNqRSxPQUFPLENBQUMsU0FBUyxDQUEwQjtJQUUzQzs7Ozs7T0FLRztJQUNILE9BQU8sZUFJSDtJQUVKOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09BeUJHO0lBQ0gsT0FBYSxNQUFNLENBQUMsVUFBVSxFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsU0FBUyxFQUFFLEtBQUssRUFBRSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQXlCaEc7WUFjYSxzQkFBc0I7WUFxQ3RCLHVCQUF1QjtZQThDdkIsV0FBVztJQXdCekI7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0gsS0FBSyxJQUFJLElBQUksQ0FPWjtDQUNGIn0=

package/dest/providers/extension/extension_wallet.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"extension_wallet.d.ts","sourceRoot":"","sources":["../../../src/providers/extension/extension_wallet.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,KAAK,MAAM,EAAgB,MAAM,wBAAwB,CAAC;AAsBnE;;;GAGG;AACH,qBAAa,eAAe;IAIxB,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,WAAW;IALrB,OAAO,CAAC,QAAQ,CAAoD;IAEpE,OAAO,eAIH;IAEJ;;;;;;OAMG;IACH,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,CA6D9E;IAED,OAAO,CAAC,WAAW;CAiBpB"}
+{"version":3,"file":"extension_wallet.d.ts","sourceRoot":"","sources":["../../../src/providers/extension/extension_wallet.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,KAAK,MAAM,EAAgB,MAAM,wBAAwB,CAAC;AAgBnE,OAAO,KAAK,EAAkB,UAAU,EAAiC,MAAM,gBAAgB,CAAC;AAahG;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,qBAAa,eAAe;IAiBxB,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,WAAW;IAlBrB,sEAAsE;IACtE,OAAO,CAAC,QAAQ,CAAoD;IAEpE,mEAAmE;IACnE,OAAO,CAAC,IAAI,CAA4B;IAExC,iEAAiE;IACjE,OAAO,CAAC,SAAS,CAA0B;IAE3C;;;;;OAKG;IACH,OAAO,eAIH;IAEJ;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACH,OAAa,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAyBhG;YAca,sBAAsB;YAqCtB,uBAAuB;YA8CvB,WAAW;IAwBzB;;;;;;;;;;;;OAYG;IACH,KAAK,IAAI,IAAI,CAOZ;CACF"}