@aztec/wallet-sdk 0.0.1-commit.d1f2d6c → 0.0.1-commit.d431d1c

package/dest/crypto.js

@@ -4,69 +4,38 @@
  * This module provides ECDH key exchange and AES-GCM encryption primitives
  * for establishing secure communication channels between dApps and wallet extensions.
  *
- * ## Security Model
- *
- * The crypto flow uses HKDF for key derivation with domain separation:
- *
+ * The crypto flow:
  * 1. Both parties generate ECDH key pairs using {@link generateKeyPair}
  * 2. Public keys are exchanged (exported via {@link exportPublicKey}, imported via {@link importPublicKey})
- * 3. Both parties derive keys using {@link deriveSessionKeys}:
- *    - ECDH produces raw shared secret
- *    - HKDF expands the secret into 512 bits using concatenated public keys as salt
- *    - The 512 bits are split: first 256 bits for AES-GCM, second 256 bits for HMAC
- * 4. Fingerprint is computed as HMAC(HMAC_KEY, "aztec-wallet-verification-verificationHash")
- * 5. Messages are encrypted/decrypted using {@link encrypt} and {@link decrypt}
- *
- * This design ensures:
- * - The encryption key is never exposed (verificationHash uses separate HMAC key)
- * - Public keys are bound to the derived keys via HKDF salt
- * - Single HKDF derivation with domain-separated output splitting
- *
- * ## Curve Choice
- *
- * We use P-256 (secp256r1) because it's the only ECDH curve with broad Web Crypto API
- * support across all browsers. X25519 would be preferable for its simplicity and
- * resistance to implementation errors, but it lacks universal browser support.
+ * 3. Both parties derive the same shared secret using {@link deriveSharedKey}
+ * 4. Messages are encrypted/decrypted using {@link encrypt} and {@link decrypt}
  *
  * @example
  * ```typescript
- * // Party A (dApp)
+ * // Party A
  * const keyPairA = await generateKeyPair();
  * const publicKeyA = await exportPublicKey(keyPairA.publicKey);
  *
- * // Party B (wallet)
+ * // Party B
  * const keyPairB = await generateKeyPair();
  * const publicKeyB = await exportPublicKey(keyPairB.publicKey);
  *
- * // Exchange public keys, then derive session keys
- * // App side: isApp = true
+ * // Exchange public keys, then derive shared secret
  * const importedB = await importPublicKey(publicKeyB);
- * const sessionA = await deriveSessionKeys(keyPairA, importedB, true);
- *
- * // Wallet side: isApp = false
- * const importedA = await importPublicKey(publicKeyA);
- * const sessionB = await deriveSessionKeys(keyPairB, importedA, false);
- *
- * // Both parties compute the same verificationHash for verification
- * const verificationHashA = sessionA.verificationHash;
- * const emojiA = hashToEmoji(verificationHashA);
+ * const sharedKeyA = await deriveSharedKey(keyPairA.privateKey, importedB);
  *
  * // Encrypt and decrypt
- * const encrypted = await encrypt(sessionA.encryptionKey, JSON.stringify({ message: 'hello' }));
- * const decrypted = await decrypt(sessionB.encryptionKey, encrypted);
+ * const encrypted = await encrypt(sharedKeyA, { message: 'hello' });
+ * const decrypted = await decrypt(sharedKeyB, encrypted);
  * ```
  *
  * @packageDocumentation
- */ import { EMOJI_ALPHABET, EMOJI_ALPHABET_SIZE } from './emoji_alphabet.js';
-/** P-256 coordinate size in bytes */ const P256_COORDINATE_SIZE = 32;
-// HKDF info string for key derivation
-const HKDF_INFO = new TextEncoder().encode('Aztec Wallet DAPP Key derivation');
-const FINGERPRINT_DATA = new TextEncoder().encode('aztec-wallet-verification-verificationHash');
+ */ import { jsonStringify } from '@aztec/foundation/json-rpc';
 /**
  * Generates an ECDH P-256 key pair for key exchange.
  *
- * The generated key pair can be used to derive session keys with another
- * party's public key using {@link deriveSessionKeys}.
+ * The generated key pair can be used to derive a shared secret with another
+ * party's public key using {@link deriveSharedKey}.
  *
  * @returns A new ECDH key pair
  *
@@ -81,7 +50,7 @@ const FINGERPRINT_DATA = new TextEncoder().encode('aztec-wallet-verification-ver
         name: 'ECDH',
         namedCurve: 'P-256'
     }, true, [
-        'deriveBits'
+        'deriveKey'
     ]);
     return {
         publicKey: keyPair.publicKey,
@@ -115,16 +84,16 @@ const FINGERPRINT_DATA = new TextEncoder().encode('aztec-wallet-verification-ver
 /**
  * Imports a public key from JWK format.
  *
- * Used to import the other party's public key for deriving session keys.
+ * Used to import the other party's public key for deriving a shared secret.
  *
  * @param exported - The public key in JWK format
- * @returns A CryptoKey that can be used with {@link deriveSessionKeys}
+ * @returns A CryptoKey that can be used with {@link deriveSharedKey}
  *
  * @example
  * ```typescript
- * // App side: receive wallet's public key and derive session
- * const walletPublicKey = await importPublicKey(receivedWalletKey);
- * const session = await deriveSessionKeys(appKeyPair, walletPublicKey, true);
+ * // Receive exported public key from other party
+ * const theirPublicKey = await importPublicKey(receivedPublicKey);
+ * const sharedKey = await deriveSharedKey(myPrivateKey, theirPublicKey);
  * ```
  */ export function importPublicKey(exported) {
     return crypto.subtle.importKey('jwk', {
@@ -135,150 +104,58 @@ const FINGERPRINT_DATA = new TextEncoder().encode('aztec-wallet-verification-ver
     }, {
         name: 'ECDH',
         namedCurve: 'P-256'
-    }, true, []);
-}
-/**
- * Decodes a base64url-encoded coordinate to fixed-size bytes.
- *
- * For P-256, coordinates are always 32 bytes. This function ensures
- * consistent serialization regardless of leading zeros.
- *
- * @param base64url - Base64url-encoded coordinate
- * @param size - Expected size in bytes (32 for P-256)
- * @returns Fixed-size Uint8Array, left-padded with zeros if needed
- */ function decodeCoordinateFixedSize(base64url, size) {
-    const decoded = base64UrlToBytes(base64url);
-    if (decoded.length === size) {
-        return decoded;
-    }
-    if (decoded.length > size) {
-        throw new Error(`Invalid P-256 coordinate: expected ${size} bytes, got ${decoded.length}`);
-    }
-    // Left-pad with zeros
-    const padded = new Uint8Array(size);
-    padded.set(decoded, size - decoded.length);
-    return padded;
-}
-/**
- * Creates HKDF salt from public keys with fixed ordering by party role.
- *
- * The app's public key always comes first, followed by the wallet's public key.
- * This ensures both parties produce the same salt.
- *
- * @param appKey - The app's public key in exported format
- * @param walletKey - The wallet's public key in exported format
- * @returns Concatenated bytes: app_x || app_y || wallet_x || wallet_y (128 bytes for P-256)
- */ function createSaltFromPublicKeys(appKey, walletKey) {
-    // Fixed ordering: app first, then wallet
-    // Each coordinate is fixed at 32 bytes for P-256
-    const appX = decodeCoordinateFixedSize(appKey.x, P256_COORDINATE_SIZE);
-    const appY = decodeCoordinateFixedSize(appKey.y, P256_COORDINATE_SIZE);
-    const walletX = decodeCoordinateFixedSize(walletKey.x, P256_COORDINATE_SIZE);
-    const walletY = decodeCoordinateFixedSize(walletKey.y, P256_COORDINATE_SIZE);
-    // Total: 4 * 32 = 128 bytes
-    const salt = new Uint8Array(4 * P256_COORDINATE_SIZE);
-    salt.set(appX, 0);
-    salt.set(appY, P256_COORDINATE_SIZE);
-    salt.set(walletX, 2 * P256_COORDINATE_SIZE);
-    salt.set(walletY, 3 * P256_COORDINATE_SIZE);
-    return salt.buffer;
+    }, false, []);
 }
 /**
- * Derives session keys from ECDH key exchange using HKDF.
- *
- * This is the main key derivation function that produces:
- * 1. An AES-256-GCM encryption key (first 256 bits)
- * 2. An HMAC key for verificationHash computation (second 256 bits)
- * 3. A verificationHash computed as HMAC(hmacKey, "aztec-wallet-verification-verificationHash")
+ * Derives a shared AES-256-GCM key from ECDH key exchange.
  *
- * The keys are derived using a single HKDF call that produces 512 bits,
- * then split into the two keys.
+ * Both parties will derive the same shared key when using their own private key
+ * and the other party's public key. This is the core of ECDH key agreement.
  *
- * @param ownKeyPair - The caller's ECDH key pair (private for ECDH, public for salt)
- * @param peerPublicKey - The peer's ECDH public key (for ECDH and salt)
- * @param isApp - true if caller is the app, false if caller is the wallet
- * @returns Session keys containing encryption key and verificationHash
+ * @param privateKey - Your ECDH private key
+ * @param publicKey - The other party's ECDH public key
+ * @returns An AES-256-GCM key for encryption/decryption
  *
  * @example
  * ```typescript
- * // App side
- * const sessionA = await deriveSessionKeys(appKeyPair, walletPublicKey, true);
- * // Wallet side
- * const sessionB = await deriveSessionKeys(walletKeyPair, appPublicKey, false);
- * // sessionA.verificationHash === sessionB.verificationHash
+ * // Both parties derive the same key
+ * const sharedKeyA = await deriveSharedKey(privateKeyA, publicKeyB);
+ * const sharedKeyB = await deriveSharedKey(privateKeyB, publicKeyA);
+ * // sharedKeyA and sharedKeyB are equivalent
  * ```
- */ export async function deriveSessionKeys(ownKeyPair, peerPublicKey, isApp) {
-    // Step 1: ECDH to get raw shared secret
-    const sharedSecretBits = await crypto.subtle.deriveBits({
+ */ export function deriveSharedKey(privateKey, publicKey) {
+    return crypto.subtle.deriveKey({
         name: 'ECDH',
-        public: peerPublicKey
-    }, ownKeyPair.privateKey, 256);
-    // Step 2: Import shared secret as HKDF key material
-    const hkdfKey = await crypto.subtle.importKey('raw', sharedSecretBits, {
-        name: 'HKDF'
-    }, false, [
-        'deriveBits'
-    ]);
-    // Step 3: Export public keys and create salt (app first, wallet second)
-    const ownExportedKey = await exportPublicKey(ownKeyPair.publicKey);
-    const peerExportedKey = await exportPublicKey(peerPublicKey);
-    const appPublicKey = isApp ? ownExportedKey : peerExportedKey;
-    const walletPublicKey = isApp ? peerExportedKey : ownExportedKey;
-    const salt = createSaltFromPublicKeys(appPublicKey, walletPublicKey);
-    // Step 4: Derive 512 bits in a single HKDF call
-    const derivedBits = await crypto.subtle.deriveBits({
-        name: 'HKDF',
-        hash: 'SHA-256',
-        salt,
-        info: HKDF_INFO
-    }, hkdfKey, 512);
-    // Step 5: Split into GCM key (first 256 bits) and HMAC key (second 256 bits)
-    const gcmKeyBits = derivedBits.slice(0, 32);
-    const hmacKeyBits = derivedBits.slice(32, 64);
-    // Step 6: Import GCM key
-    const encryptionKey = await crypto.subtle.importKey('raw', gcmKeyBits, {
+        public: publicKey
+    }, privateKey, {
         name: 'AES-GCM',
         length: 256
-    }, false, [
+    }, true, [
         'encrypt',
         'decrypt'
     ]);
-    // Step 7: Import HMAC key
-    const hmacKey = await crypto.subtle.importKey('raw', hmacKeyBits, {
-        name: 'HMAC',
-        hash: 'SHA-256'
-    }, false, [
-        'sign'
-    ]);
-    // Step 8: Compute verificationHash as HMAC of fixed string
-    const verificationHashBytes = await crypto.subtle.sign('HMAC', hmacKey, FINGERPRINT_DATA);
-    // Convert to hex string
-    const verificationHash = arrayBufferToHex(verificationHashBytes);
-    return {
-        encryptionKey,
-        verificationHash
-    };
 }
 /**
  * Encrypts data using AES-256-GCM.
  *
- * A random 12-byte IV is generated for each encryption operation.
+ * The data is JSON serialized before encryption. A random 12-byte IV is
+ * generated for each encryption operation.
  *
  * AES-GCM provides both confidentiality and authenticity - any tampering
  * with the ciphertext will cause decryption to fail.
  *
- * @param key - The AES-GCM key (from {@link deriveSessionKeys})
- * @param data - The string data to encrypt (caller is responsible for serialization)
+ * @param key - The AES-GCM key (from {@link deriveSharedKey})
+ * @param data - The data to encrypt (will be JSON serialized)
  * @returns The encrypted payload with IV and ciphertext
  *
  * @example
  * ```typescript
- * const encrypted = await encrypt(session.encryptionKey, JSON.stringify({ action: 'transfer', amount: 100 }));
+ * const encrypted = await encrypt(sharedKey, { action: 'transfer', amount: 100 });
  * // encrypted.iv and encrypted.ciphertext are base64 strings
  * ```
  */ export async function encrypt(key, data) {
     const iv = crypto.getRandomValues(new Uint8Array(12));
-    const encoded = new TextEncoder().encode(data);
+    const encoded = new TextEncoder().encode(jsonStringify(data));
     const ciphertext = await crypto.subtle.encrypt({
         name: 'AES-GCM',
         iv
@@ -294,7 +171,7 @@ const FINGERPRINT_DATA = new TextEncoder().encode('aztec-wallet-verification-ver
  * The decrypted data is JSON parsed before returning.
  *
  * @typeParam T - The expected type of the decrypted data
- * @param key - The AES-GCM key (from {@link deriveSessionKeys})
+ * @param key - The AES-GCM key (from {@link deriveSharedKey})
  * @param payload - The encrypted payload from {@link encrypt}
  * @returns The decrypted and parsed data
  *
@@ -302,7 +179,7 @@ const FINGERPRINT_DATA = new TextEncoder().encode('aztec-wallet-verification-ver
  *
  * @example
  * ```typescript
- * const decrypted = await decrypt<{ action: string; amount: number }>(session.encryptionKey, encrypted);
+ * const decrypted = await decrypt<{ action: string; amount: number }>(sharedKey, encrypted);
  * console.log(decrypted.action); // 'transfer'
  * ```
  */ export async function decrypt(key, payload) {
@@ -338,57 +215,86 @@ const FINGERPRINT_DATA = new TextEncoder().encode('aztec-wallet-verification-ver
     return bytes.buffer;
 }
 /**
- * Converts base64url string to Uint8Array.
+ * Emoji alphabet for visual verification of shared secrets.
+ * 32 distinct, easily recognizable emojis for anti-spoofing verification.
  * @internal
- */ function base64UrlToBytes(base64url) {
-    // Convert base64url to base64
-    const base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');
-    // Add padding if needed
-    const padded = base64 + '='.repeat((4 - base64.length % 4) % 4);
-    const binary = atob(padded);
-    const bytes = new Uint8Array(binary.length);
-    for(let i = 0; i < binary.length; i++){
-        bytes[i] = binary.charCodeAt(i);
-    }
-    return bytes;
-}
+ */ const EMOJI_ALPHABET = [
+    '🔵',
+    '🟢',
+    '🔴',
+    '🟡',
+    '🟣',
+    '🟠',
+    '⚫',
+    '⚪',
+    '🌟',
+    '🌙',
+    '☀️',
+    '🌈',
+    '🔥',
+    '💧',
+    '🌸',
+    '🍀',
+    '🦋',
+    '🐬',
+    '🦊',
+    '🐼',
+    '🦁',
+    '🐯',
+    '🐸',
+    '🦉',
+    '🎵',
+    '🎨',
+    '🎯',
+    '🎲',
+    '🔔',
+    '💎',
+    '🔑',
+    '🏆'
+];
 /**
- * Converts ArrayBuffer to hex string.
- * @internal
- */ function arrayBufferToHex(buffer) {
-    const bytes = new Uint8Array(buffer);
+ * Hashes a shared AES key to a hex string for verification.
+ *
+ * This extracts the raw key material and hashes it with SHA-256,
+ * returning the first 16 bytes as a hex string.
+ *
+ * @param sharedKey - The AES-GCM shared key (must be extractable)
+ * @returns A hex string representation of the hash
+ *
+ * @example
+ * ```typescript
+ * const hash = await hashSharedSecret(sharedKey);
+ * const emoji = hashToEmoji(hash);
+ * ```
+ */ export async function hashSharedSecret(sharedKey) {
+    const rawKey = await crypto.subtle.exportKey('raw', sharedKey);
+    const hash = await crypto.subtle.digest('SHA-256', rawKey);
+    const bytes = new Uint8Array(hash.slice(0, 16));
     return Array.from(bytes).map((b)=>b.toString(16).padStart(2, '0')).join('');
 }
-/**
- * Default grid size for emoji verification display.
- * 3x3 grid = 9 emojis = 72 bits of security.
- */ export const DEFAULT_EMOJI_GRID_SIZE = 9;
 /**
  * Converts a hex hash to an emoji sequence for visual verification.
  *
- * This is used for verification - both the dApp and wallet
- * independently compute the same emoji sequence from the derived keys.
+ * This is used for anti-MITM verification - both the dApp and wallet
+ * independently compute the same emoji sequence from the shared secret.
  * Users can visually compare the sequences to detect interception.
  *
- * With a 256-emoji alphabet and 9 emojis (3x3 grid), this provides
- * 72 bits of security (9 * 8 = 72 bits), making brute-force attacks
- * computationally infeasible.
+ * Similar to SAS (Short Authentication String) in ZRTP/Signal.
  *
- * @param hash - Hex string from verification hash (64 chars = 32 bytes)
- * @param count - Number of emojis to generate (default: 9 for 3x3 grid)
+ * @param hash - Hex string from {@link hashSharedSecret}
+ * @param length - Number of emojis to generate (default: 4)
  * @returns A string of emojis representing the hash
  *
  * @example
  * ```typescript
- * const session = await deriveSessionKeys(...);
- * const emoji = hashToEmoji(session.verificationHash); // e.g., "🔵🦋🎯🐼🌟🎲🦊🐸💎"
- * // Display as 3x3 grid to user for verification
+ * const hash = await hashSharedSecret(sharedKey);
+ * const emoji = hashToEmoji(hash); // e.g., "🔵🦋🎯🐼"
+ * // Display to user for verification
  * ```
- */ export function hashToEmoji(hash, count = DEFAULT_EMOJI_GRID_SIZE) {
-    const emojis = [];
-    for(let i = 0; i < hash.length && emojis.length < count; i += 2){
-        const byteValue = parseInt(hash.slice(i, i + 2), 16);
-        emojis.push(EMOJI_ALPHABET[byteValue % EMOJI_ALPHABET_SIZE]);
+ */ export function hashToEmoji(hash, length = 4) {
+    const bytes = [];
+    for(let i = 0; i < hash.length && bytes.length < length; i += 2){
+        bytes.push(parseInt(hash.slice(i, i + 2), 16));
     }
-    return emojis.join('');
+    return bytes.map((b)=>EMOJI_ALPHABET[b % EMOJI_ALPHABET.length]).join('');
 }

package/dest/manager/index.d.ts

@@ -1,3 +1,9 @@
 export { WalletManager } from './wallet_manager.js';
-export type { WalletManagerConfig, ExtensionWalletConfig, WebWalletConfig, WalletProviderType, WalletProvider, PendingConnection, ProviderDisconnectionCallback, DiscoverWalletsOptions, DiscoverySession, } from './types.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tYW5hZ2VyL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUNwRCxZQUFZLEVBQ1YsbUJBQW1CLEVBQ25CLHFCQUFxQixFQUNyQixlQUFlLEVBQ2Ysa0JBQWtCLEVBQ2xCLGNBQWMsRUFDZCxpQkFBaUIsRUFDakIsNkJBQTZCLEVBQzdCLHNCQUFzQixFQUN0QixnQkFBZ0IsR0FDakIsTUFBTSxZQUFZLENBQUMifQ==
+export type { WalletManagerConfig, ExtensionWalletConfig, WebWalletConfig, WalletProviderType, WalletProvider, ProviderDisconnectionCallback, DiscoverWalletsOptions, } from './types.js';
+export { WalletMessageType } from '../types.js';
+export type { WalletInfo, WalletMessage, WalletResponse, DiscoveryRequest, DiscoveryResponse } from '../types.js';
+export { ChainInfoSchema } from '@aztec/aztec.js/account';
+export type { ChainInfo } from '@aztec/aztec.js/account';
+export { WalletSchema } from '@aztec/aztec.js/wallet';
+export { jsonStringify } from '@aztec/foundation/json-rpc';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tYW5hZ2VyL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUNwRCxZQUFZLEVBQ1YsbUJBQW1CLEVBQ25CLHFCQUFxQixFQUNyQixlQUFlLEVBQ2Ysa0JBQWtCLEVBQ2xCLGNBQWMsRUFDZCw2QkFBNkIsRUFDN0Isc0JBQXNCLEdBQ3ZCLE1BQU0sWUFBWSxDQUFDO0FBR3BCLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNoRCxZQUFZLEVBQUUsVUFBVSxFQUFFLGFBQWEsRUFBRSxjQUFjLEVBQUUsZ0JBQWdCLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFHbEgsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQzFELFlBQVksRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUN6RCxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDdEQsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLDRCQUE0QixDQUFDIn0=

package/dest/manager/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/manager/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EACV,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,6BAA6B,EAC7B,sBAAsB,EACtB,gBAAgB,GACjB,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/manager/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EACV,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,6BAA6B,EAC7B,sBAAsB,GACvB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGlH,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,YAAY,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC"}

package/dest/manager/index.js

@@ -1 +1,7 @@
 export { WalletManager } from './wallet_manager.js';
+// Re-export types and enums from providers for convenience
+export { WalletMessageType } from '../types.js';
+// Re-export commonly needed utilities for wallet integration
+export { ChainInfoSchema } from '@aztec/aztec.js/account';
+export { WalletSchema } from '@aztec/aztec.js/wallet';
+export { jsonStringify } from '@aztec/foundation/json-rpc';

package/dest/manager/types.d.ts

@@ -1,33 +1,5 @@
 import type { ChainInfo } from '@aztec/aztec.js/account';
 import type { Wallet } from '@aztec/aztec.js/wallet';
-/**
- * A pending connection that requires user verification before finalizing.
- *
- * After key exchange, both dApp and wallet compute a verification hash independently.
- * The dApp should display this hash (typically as emojis) and let the user confirm
- * it matches what's shown in their wallet before calling `confirm()`.
- *
- * This protects the dApp from connecting to a malicious wallet that might be
- * intercepting the connection (MITM attack).
- */
-export interface PendingConnection {
-    /**
-     * The verification hash computed from the shared secret.
-     * Use `hashToEmoji()` to convert to a visual representation for user verification.
-     * The user should confirm this matches what their wallet displays.
-     */
-    verificationHash: string;
-    /**
-     * Confirms the connection after user verifies the emojis match.
-     * @returns The connected wallet instance
-     */
-    confirm(): Promise<Wallet>;
-    /**
-     * Cancels the pending connection.
-     * Call this if the user indicates the emojis don't match.
-     */
-    cancel(): void;
-}
 /**
  * Configuration for extension wallets
  */
@@ -58,7 +30,7 @@ export interface WalletManagerConfig {
 /**
  * Type of wallet provider
  */
-export type WalletProviderType = 'extension' | 'web';
+export type WalletProviderType = 'extension' | 'web' | 'embedded';
 /**
  * Callback type for wallet disconnect events at the provider level.
  */
@@ -79,32 +51,13 @@ export interface WalletProvider {
     /** Additional metadata */
     metadata?: Record<string, unknown>;
     /**
-     * Establishes a secure channel with this wallet provider.
-     *
-     * This performs the ECDH key exchange and returns a pending connection with the
-     * verification hash. The channel is encrypted but NOT yet verified - the dApp
-     * should display the hash (as emojis) to the user and let them confirm it
-     * matches their wallet before calling `confirm()`.
-     *
+     * Connect to this wallet provider with an application ID
      * @param appId - Application identifier for the requesting dapp
-     * @returns A pending connection with verification hash and confirm/cancel methods
-     *
-     * @example
-     * ```typescript
-     * const pending = await provider.establishSecureChannel('my-app');
-     *
-     * // Show emojis to user for verification
-     * const emojis = hashToEmoji(pending.verificationHash);
-     * showDialog(`Verify these match your wallet: ${emojis}`);
-     *
-     * // User confirms emojis match
-     * const wallet = await pending.confirm();
-     * ```
      */
-    establishSecureChannel(appId: string): Promise<PendingConnection>;
+    connect(appId: string): Promise<Wallet>;
     /**
      * Disconnects the current wallet and cleans up resources.
-     * After calling this, the wallet returned from confirm() should no longer be used.
+     * After calling this, the wallet returned from connect() should no longer be used.
      * @returns A promise that resolves when disconnection is complete
      */
     disconnect?(): Promise<void>;
@@ -126,42 +79,7 @@ export interface WalletProvider {
 export interface DiscoverWalletsOptions {
     /** Chain information to filter by */
     chainInfo: ChainInfo;
-    /** Application ID making the request */
-    appId: string;
-    /** Discovery timeout in milliseconds. Default: 60000 (60s) */
+    /** Discovery timeout in milliseconds */
     timeout?: number;
-    /**
-     * Callback invoked when a wallet provider is discovered.
-     * Use this to show wallets to users as they approve them, rather than
-     * waiting for the full timeout.
-     */
-    onWalletDiscovered?: (provider: WalletProvider) => void;
-}
-/**
- * A cancellable discovery session.
- *
- * Returned by `WalletManager.getAvailableWallets()` to allow consumers to
- * cancel discovery when no longer needed (e.g., network changes, user navigates away).
- *
- * @example
- * ```typescript
- * const discovery = WalletManager.configure({...}).getAvailableWallets({...});
- *
- * // Iterate over discovered wallets
- * for await (const wallet of discovery.wallets) {
- *   console.log(`Found: ${wallet.name}`);
- * }
- *
- * // Cancel discovery when no longer needed
- * discovery.cancel();
- * ```
- */
-export interface DiscoverySession {
-    /** Async iterator that yields wallet providers as they're discovered */
-    wallets: AsyncIterable<WalletProvider>;
-    /** Promise that resolves when discovery completes or is cancelled */
-    done: Promise<void>;
-    /** Cancel discovery immediately and clean up resources */
-    cancel: () => void;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tYW5hZ2VyL3R5cGVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxFQUFFLFNBQVMsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQ3pELE9BQU8sS0FBSyxFQUFFLE1BQU0sRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBRXJEOzs7Ozs7Ozs7R0FTRztBQUNILE1BQU0sV0FBVyxpQkFBaUI7SUFDaEM7Ozs7T0FJRztJQUNILGdCQUFnQixFQUFFLE1BQU0sQ0FBQztJQUV6Qjs7O09BR0c7SUFDSCxPQUFPLElBQUksT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRTNCOzs7T0FHRztJQUNILE1BQU0sSUFBSSxJQUFJLENBQUM7Q0FDaEI7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyxxQkFBcUI7SUFDcEMsNENBQTRDO0lBQzVDLE9BQU8sRUFBRSxPQUFPLENBQUM7SUFDakIseURBQXlEO0lBQ3pELFNBQVMsQ0FBQyxFQUFFLE1BQU0sRUFBRSxDQUFDO0lBQ3JCLHlEQUF5RDtJQUN6RCxTQUFTLENBQUMsRUFBRSxNQUFNLEVBQUUsQ0FBQztDQUN0QjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLGVBQWU7SUFDOUIsa0NBQWtDO0lBQ2xDLElBQUksRUFBRSxNQUFNLEVBQUUsQ0FBQztDQUNoQjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLG1CQUFtQjtJQUNsQyxxQ0FBcUM7SUFDckMsVUFBVSxDQUFDLEVBQUUscUJBQXFCLENBQUM7SUFDbkMsK0JBQStCO0lBQy9CLFVBQVUsQ0FBQyxFQUFFLGVBQWUsQ0FBQztDQUM5QjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxNQUFNLGtCQUFrQixHQUFHLFdBQVcsR0FBRyxLQUFLLENBQUM7QUFFckQ7O0dBRUc7QUFDSCxNQUFNLE1BQU0sNkJBQTZCLEdBQUcsTUFBTSxJQUFJLENBQUM7QUFFdkQ7OztHQUdHO0FBQ0gsTUFBTSxXQUFXLGNBQWM7SUFDN0IseUNBQXlDO0lBQ3pDLEVBQUUsRUFBRSxNQUFNLENBQUM7SUFDWCw4QkFBOEI7SUFDOUIsSUFBSSxFQUFFLGtCQUFrQixDQUFDO0lBQ3pCLG1CQUFtQjtJQUNuQixJQUFJLEVBQUUsTUFBTSxDQUFDO0lBQ2IsZUFBZTtJQUNmLElBQUksQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUNkLDBCQUEwQjtJQUMxQixRQUFRLENBQUMsRUFBRSxNQUFNLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQ25DOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09Bc0JHO0lBQ0gsc0JBQXNCLENBQUMsS0FBSyxFQUFFLE1BQU0sR0FBRyxPQUFPLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUNsRTs7OztPQUlHO0lBQ0gsVUFBVSxDQUFDLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzdCOzs7O09BSUc7SUFDSCxZQUFZLENBQUMsQ0FBQyxRQUFRLEVBQUUsNkJBQTZCLEdBQUcsTUFBTSxJQUFJLENBQUM7SUFDbkU7OztPQUdHO0lBQ0gsY0FBYyxDQUFDLElBQUksT0FBTyxDQUFDO0NBQzVCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsc0JBQXNCO0lBQ3JDLHFDQUFxQztJQUNyQyxTQUFTLEVBQUUsU0FBUyxDQUFDO0lBQ3JCLHdDQUF3QztJQUN4QyxLQUFLLEVBQUUsTUFBTSxDQUFDO0lBQ2QsOERBQThEO0lBQzlELE9BQU8sQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUNqQjs7OztPQUlHO0lBQ0gsa0JBQWtCLENBQUMsRUFBRSxDQUFDLFFBQVEsRUFBRSxjQUFjLEtBQUssSUFBSSxDQUFDO0NBQ3pEO0FBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQWtCRztBQUNILE1BQU0sV0FBVyxnQkFBZ0I7SUFDL0Isd0VBQXdFO0lBQ3hFLE9BQU8sRUFBRSxhQUFhLENBQUMsY0FBYyxDQUFDLENBQUM7SUFDdkMscUVBQXFFO0lBQ3JFLElBQUksRUFBRSxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDcEIsMERBQTBEO0lBQzFELE1BQU0sRUFBRSxNQUFNLElBQUksQ0FBQztDQUNwQiJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tYW5hZ2VyL3R5cGVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxFQUFFLFNBQVMsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQ3pELE9BQU8sS0FBSyxFQUFFLE1BQU0sRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBRXJEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLHFCQUFxQjtJQUNwQyw0Q0FBNEM7SUFDNUMsT0FBTyxFQUFFLE9BQU8sQ0FBQztJQUNqQix5REFBeUQ7SUFDekQsU0FBUyxDQUFDLEVBQUUsTUFBTSxFQUFFLENBQUM7SUFDckIseURBQXlEO0lBQ3pELFNBQVMsQ0FBQyxFQUFFLE1BQU0sRUFBRSxDQUFDO0NBQ3RCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsZUFBZTtJQUM5QixrQ0FBa0M7SUFDbEMsSUFBSSxFQUFFLE1BQU0sRUFBRSxDQUFDO0NBQ2hCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsbUJBQW1CO0lBQ2xDLHFDQUFxQztJQUNyQyxVQUFVLENBQUMsRUFBRSxxQkFBcUIsQ0FBQztJQUNuQywrQkFBK0I7SUFDL0IsVUFBVSxDQUFDLEVBQUUsZUFBZSxDQUFDO0NBQzlCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLE1BQU0sa0JBQWtCLEdBQUcsV0FBVyxHQUFHLEtBQUssR0FBRyxVQUFVLENBQUM7QUFFbEU7O0dBRUc7QUFDSCxNQUFNLE1BQU0sNkJBQTZCLEdBQUcsTUFBTSxJQUFJLENBQUM7QUFFdkQ7OztHQUdHO0FBQ0gsTUFBTSxXQUFXLGNBQWM7SUFDN0IseUNBQXlDO0lBQ3pDLEVBQUUsRUFBRSxNQUFNLENBQUM7SUFDWCw4QkFBOEI7SUFDOUIsSUFBSSxFQUFFLGtCQUFrQixDQUFDO0lBQ3pCLG1CQUFtQjtJQUNuQixJQUFJLEVBQUUsTUFBTSxDQUFDO0lBQ2IsZUFBZTtJQUNmLElBQUksQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUNkLDBCQUEwQjtJQUMxQixRQUFRLENBQUMsRUFBRSxNQUFNLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQ25DOzs7T0FHRztJQUNILE9BQU8sQ0FBQyxLQUFLLEVBQUUsTUFBTSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUN4Qzs7OztPQUlHO0lBQ0gsVUFBVSxDQUFDLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzdCOzs7O09BSUc7SUFDSCxZQUFZLENBQUMsQ0FBQyxRQUFRLEVBQUUsNkJBQTZCLEdBQUcsTUFBTSxJQUFJLENBQUM7SUFDbkU7OztPQUdHO0lBQ0gsY0FBYyxDQUFDLElBQUksT0FBTyxDQUFDO0NBQzVCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsc0JBQXNCO0lBQ3JDLHFDQUFxQztJQUNyQyxTQUFTLEVBQUUsU0FBUyxDQUFDO0lBQ3JCLHdDQUF3QztJQUN4QyxPQUFPLENBQUMsRUFBRSxNQUFNLENBQUM7Q0FDbEIifQ==

package/dest/manager/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/manager/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAErD;;;;;;;;;GASG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,gBAAgB,EAAE,MAAM,CAAC;IAEzB;;;OAGG;IACH,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAE3B;;;OAGG;IACH,MAAM,IAAI,IAAI,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,4CAA4C;IAC5C,OAAO,EAAE,OAAO,CAAC;IACjB,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,kCAAkC;IAClC,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,qCAAqC;IACrC,UAAU,CAAC,EAAE,qBAAqB,CAAC;IACnC,+BAA+B;IAC/B,UAAU,CAAC,EAAE,eAAe,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,WAAW,GAAG,KAAK,CAAC;AAErD;;GAEG;AACH,MAAM,MAAM,6BAA6B,GAAG,MAAM,IAAI,CAAC;AAEvD;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,yCAAyC;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,8BAA8B;IAC9B,IAAI,EAAE,kBAAkB,CAAC;IACzB,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAClE;;;;OAIG;IACH,UAAU,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B;;;;OAIG;IACH,YAAY,CAAC,CAAC,QAAQ,EAAE,6BAA6B,GAAG,MAAM,IAAI,CAAC;IACnE;;;OAGG;IACH,cAAc,CAAC,IAAI,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,qCAAqC;IACrC,SAAS,EAAE,SAAS,CAAC;IACrB,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,8DAA8D;IAC9D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,CAAC,QAAQ,EAAE,cAAc,KAAK,IAAI,CAAC;CACzD;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,gBAAgB;IAC/B,wEAAwE;IACxE,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IACvC,qEAAqE;IACrE,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IACpB,0DAA0D;IAC1D,MAAM,EAAE,MAAM,IAAI,CAAC;CACpB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/manager/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAErD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,4CAA4C;IAC5C,OAAO,EAAE,OAAO,CAAC;IACjB,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,kCAAkC;IAClC,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,qCAAqC;IACrC,UAAU,CAAC,EAAE,qBAAqB,CAAC;IACnC,+BAA+B;IAC/B,UAAU,CAAC,EAAE,eAAe,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,WAAW,GAAG,KAAK,GAAG,UAAU,CAAC;AAElE;;GAEG;AACH,MAAM,MAAM,6BAA6B,GAAG,MAAM,IAAI,CAAC;AAEvD;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,yCAAyC;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,8BAA8B;IAC9B,IAAI,EAAE,kBAAkB,CAAC;IACzB,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC;;;OAGG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACxC;;;;OAIG;IACH,UAAU,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B;;;;OAIG;IACH,YAAY,CAAC,CAAC,QAAQ,EAAE,6BAA6B,GAAG,MAAM,IAAI,CAAC;IACnE;;;OAGG;IACH,cAAc,CAAC,IAAI,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,qCAAqC;IACrC,SAAS,EAAE,SAAS,CAAC;IACrB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB"}

package/dest/manager/types.js

@@ -1,19 +1,3 @@
 /**
- * A cancellable discovery session.
- *
- * Returned by `WalletManager.getAvailableWallets()` to allow consumers to
- * cancel discovery when no longer needed (e.g., network changes, user navigates away).
- *
- * @example
- * ```typescript
- * const discovery = WalletManager.configure({...}).getAvailableWallets({...});
- *
- * // Iterate over discovered wallets
- * for await (const wallet of discovery.wallets) {
- *   console.log(`Found: ${wallet.name}`);
- * }
- *
- * // Cancel discovery when no longer needed
- * discovery.cancel();
- * ```
+ * Options for discovering wallets
  */ export { };