@aztec/wallet-sdk 0.0.1-commit.d1f2d6c → 0.0.1-commit.d431d1c

package/dest/manager/wallet_manager.d.ts

@@ -1,34 +1,6 @@
-import type { DiscoverWalletsOptions, DiscoverySession, WalletManagerConfig } from './types.js';
+import type { DiscoverWalletsOptions, WalletManagerConfig, WalletProvider } from './types.js';
 /**
- * Manager for wallet discovery, configuration, and connection.
- *
- * This is the main entry point for dApps to discover and connect to wallets.
- *
- * @example Basic usage with async iterator
- * ```typescript
- * const discovery = WalletManager.configure({ extensions: { enabled: true } })
- *   .getAvailableWallets({ chainInfo, appId: 'my-app' });
- *
- * // Iterate over discovered wallets
- * for await (const provider of discovery.wallets) {
- *   console.log(`Found wallet: ${provider.name}`);
- * }
- *
- * // Or cancel early when done
- * discovery.cancel();
- * ```
- *
- * @example With callback for discovered wallets
- * ```typescript
- * const discovery = manager.getAvailableWallets({
- *   chainInfo,
- *   appId: 'my-app',
- *   onWalletDiscovered: (provider) => console.log(`Found: ${provider.name}`),
- * });
- *
- * // Wait for discovery to complete or cancel it
- * await discovery.done;
- * ```
+ * Manager for wallet discovery, configuration, and connection
  */
 export declare class WalletManager {
     private config;
@@ -40,26 +12,11 @@ export declare class WalletManager {
     static configure(config: WalletManagerConfig): WalletManager;
     /**
      * Discovers all available wallets for a given chain and version.
-     *
-     * Returns a `DiscoverySession` with:
-     * - `wallets`: AsyncIterable to iterate over discovered wallets
-     * - `done`: Promise that resolves when discovery completes or is cancelled
-     * - `cancel()`: Function to stop discovery immediately
-     *
-     * If `onWalletDiscovered` callback is provided, wallets are also streamed via callback.
-     *
-     * @param options - Discovery options including chain info, appId, and timeout
-     * @returns A cancellable discovery session
+     * Only returns wallets that support the requested chain and version.
+     * @param options - Discovery options including chain info and timeout
+     * @returns Array of wallet providers with baked-in chain info
      */
-    getAvailableWallets(options: DiscoverWalletsOptions): DiscoverySession;
-    /**
-     * Creates a WalletProvider from a discovered wallet.
-     * Returns null if the wallet is not allowed by config.
-     * @param discoveredWallet - The discovered wallet from extension discovery.
-     * @param chainInfo - Network information.
-     * @param extensionConfig - Extension wallet configuration.
-     */
-    private createProviderFromDiscoveredWallet;
+    getAvailableWallets(options: DiscoverWalletsOptions): Promise<WalletProvider[]>;
     /**
      * Checks if an extension is allowed based on allow/block lists
      * @param extensionId - The extension ID to check
@@ -67,4 +24,4 @@ export declare class WalletManager {
      */
     private isExtensionAllowed;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2FsbGV0X21hbmFnZXIuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tYW5hZ2VyL3dhbGxldF9tYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUtBLE9BQU8sS0FBSyxFQUNWLHNCQUFzQixFQUN0QixnQkFBZ0IsRUFJaEIsbUJBQW1CLEVBRXBCLE1BQU0sWUFBWSxDQUFDO0FBRXBCOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0E4Qkc7QUFDSCxxQkFBYSxhQUFhO0lBQ3hCLE9BQU8sQ0FBQyxNQUFNLENBR1o7SUFFRixPQUFPLGVBQWlCO0lBRXhCOzs7T0FHRztJQUNILE1BQU0sQ0FBQyxTQUFTLENBQUMsTUFBTSxFQUFFLG1CQUFtQixHQUFHLGFBQWEsQ0FPM0Q7SUFFRDs7Ozs7Ozs7Ozs7O09BWUc7SUFDSCxtQkFBbUIsQ0FBQyxPQUFPLEVBQUUsc0JBQXNCLEdBQUcsZ0JBQWdCLENBNkVyRTtJQUVEOzs7Ozs7T0FNRztJQUNILE9BQU8sQ0FBQyxrQ0FBa0M7SUE0RTFDOzs7O09BSUc7SUFDSCxPQUFPLENBQUMsa0JBQWtCO0NBVzNCIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2FsbGV0X21hbmFnZXIuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tYW5hZ2VyL3dhbGxldF9tYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sS0FBSyxFQUNWLHNCQUFzQixFQUd0QixtQkFBbUIsRUFDbkIsY0FBYyxFQUNmLE1BQU0sWUFBWSxDQUFDO0FBRXBCOztHQUVHO0FBQ0gscUJBQWEsYUFBYTtJQUN4QixPQUFPLENBQUMsTUFBTSxDQUdaO0lBRUYsT0FBTyxlQUFpQjtJQUV4Qjs7O09BR0c7SUFDSCxNQUFNLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxtQkFBbUIsR0FBRyxhQUFhLENBTzNEO0lBRUQ7Ozs7O09BS0c7SUFDRyxtQkFBbUIsQ0FBQyxPQUFPLEVBQUUsc0JBQXNCLEdBQUcsT0FBTyxDQUFDLGNBQWMsRUFBRSxDQUFDLENBdURwRjtJQUVEOzs7O09BSUc7SUFDSCxPQUFPLENBQUMsa0JBQWtCO0NBVzNCIn0=

package/dest/manager/wallet_manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"wallet_manager.d.ts","sourceRoot":"","sources":["../../src/manager/wallet_manager.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,sBAAsB,EACtB,gBAAgB,EAIhB,mBAAmB,EAEpB,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAGZ;IAEF,OAAO,eAAiB;IAExB;;;OAGG;IACH,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CAO3D;IAED;;;;;;;;;;;;OAYG;IACH,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,GAAG,gBAAgB,CA6ErE;IAED;;;;;;OAMG;IACH,OAAO,CAAC,kCAAkC;IA4E1C;;;;OAIG;IACH,OAAO,CAAC,kBAAkB;CAW3B"}
+{"version":3,"file":"wallet_manager.d.ts","sourceRoot":"","sources":["../../src/manager/wallet_manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,sBAAsB,EAGtB,mBAAmB,EACnB,cAAc,EACf,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAGZ;IAEF,OAAO,eAAiB;IAExB;;;OAGG;IACH,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CAO3D;IAED;;;;;OAKG;IACG,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CAuDpF;IAED;;;;OAIG;IACH,OAAO,CAAC,kBAAkB;CAW3B"}

package/dest/manager/wallet_manager.js

@@ -1,36 +1,6 @@
-import { promiseWithResolvers } from '@aztec/foundation/promise';
-import { ExtensionProvider, ExtensionWallet } from '../extension/provider/index.js';
-import { WalletMessageType } from '../types.js';
+import { ExtensionProvider, ExtensionWallet } from '../providers/extension/index.js';
 /**
- * Manager for wallet discovery, configuration, and connection.
- *
- * This is the main entry point for dApps to discover and connect to wallets.
- *
- * @example Basic usage with async iterator
- * ```typescript
- * const discovery = WalletManager.configure({ extensions: { enabled: true } })
- *   .getAvailableWallets({ chainInfo, appId: 'my-app' });
- *
- * // Iterate over discovered wallets
- * for await (const provider of discovery.wallets) {
- *   console.log(`Found wallet: ${provider.name}`);
- * }
- *
- * // Or cancel early when done
- * discovery.cancel();
- * ```
- *
- * @example With callback for discovered wallets
- * ```typescript
- * const discovery = manager.getAvailableWallets({
- *   chainInfo,
- *   appId: 'my-app',
- *   onWalletDiscovered: (provider) => console.log(`Found: ${provider.name}`),
- * });
- *
- * // Wait for discovery to complete or cancel it
- * await discovery.done;
- * ```
+ * Manager for wallet discovery, configuration, and connection
  */ export class WalletManager {
     config = {
         extensions: {
@@ -58,157 +28,57 @@ import { WalletMessageType } from '../types.js';
     }
     /**
    * Discovers all available wallets for a given chain and version.
-   *
-   * Returns a `DiscoverySession` with:
-   * - `wallets`: AsyncIterable to iterate over discovered wallets
-   * - `done`: Promise that resolves when discovery completes or is cancelled
-   * - `cancel()`: Function to stop discovery immediately
-   *
-   * If `onWalletDiscovered` callback is provided, wallets are also streamed via callback.
-   *
-   * @param options - Discovery options including chain info, appId, and timeout
-   * @returns A cancellable discovery session
-   */ getAvailableWallets(options) {
-        const { chainInfo, appId } = options;
-        const abortController = new AbortController();
-        const pendingProviders = [];
-        let pendingResolve = null;
-        let completed = false;
-        const { promise: donePromise, resolve: resolveDone } = promiseWithResolvers();
-        const markComplete = ()=>{
-            completed = true;
-            resolveDone();
-            if (pendingResolve) {
-                const resolve = pendingResolve;
-                pendingResolve = null;
-                resolve({
-                    value: undefined,
-                    done: true
-                });
-            }
-        };
+   * Only returns wallets that support the requested chain and version.
+   * @param options - Discovery options including chain info and timeout
+   * @returns Array of wallet providers with baked-in chain info
+   */ async getAvailableWallets(options) {
+        const providers = [];
+        const { chainInfo } = options;
         if (this.config.extensions?.enabled) {
+            const discoveredWallets = await ExtensionProvider.discoverExtensions(chainInfo, options.timeout);
             const extensionConfig = this.config.extensions;
-            void ExtensionProvider.discoverWallets(chainInfo, {
-                appId,
-                timeout: options.timeout,
-                signal: abortController.signal,
-                onWalletDiscovered: (discoveredWallet)=>{
-                    const provider = this.createProviderFromDiscoveredWallet(discoveredWallet, chainInfo, extensionConfig);
-                    if (!provider) {
-                        return;
-                    }
-                    // Call user's callback if provided
-                    options.onWalletDiscovered?.(provider);
-                    // Also queue for async iterator
-                    if (pendingResolve) {
-                        const resolve = pendingResolve;
-                        pendingResolve = null;
-                        resolve({
-                            value: provider,
-                            done: false
-                        });
-                    } else {
-                        pendingProviders.push(provider);
-                    }
+            for (const { info, port, sharedKey } of discoveredWallets){
+                if (!this.isExtensionAllowed(info.id, extensionConfig)) {
+                    continue;
                 }
-            }).then(markComplete);
-        } else {
-            markComplete();
-        }
-        const wallets = {
-            // eslint-disable-next-line jsdoc/require-jsdoc
-            [Symbol.asyncIterator] () {
-                return {
-                    // eslint-disable-next-line jsdoc/require-jsdoc
-                    next () {
-                        if (pendingProviders.length > 0) {
-                            return Promise.resolve({
-                                value: pendingProviders.shift(),
-                                done: false
-                            });
+                let extensionWallet = null;
+                const provider = {
+                    id: info.id,
+                    type: 'extension',
+                    name: info.name,
+                    icon: info.icon,
+                    metadata: {
+                        version: info.version,
+                        verificationHash: info.verificationHash
+                    },
+                    connect: (appId)=>{
+                        extensionWallet = ExtensionWallet.create(info, chainInfo, port, sharedKey, appId);
+                        return Promise.resolve(extensionWallet.getWallet());
+                    },
+                    disconnect: async ()=>{
+                        if (extensionWallet) {
+                            await extensionWallet.disconnect();
+                            extensionWallet = null;
                         }
-                        if (completed) {
-                            return Promise.resolve({
-                                value: undefined,
-                                done: true
-                            });
+                    },
+                    onDisconnect: (callback)=>{
+                        if (extensionWallet) {
+                            return extensionWallet.onDisconnect(callback);
                         }
-                        return new Promise((resolve)=>{
-                            pendingResolve = resolve;
-                        });
-                    }
-                };
-            }
-        };
-        return {
-            wallets,
-            done: donePromise,
-            cancel: ()=>abortController.abort()
-        };
-    }
-    /**
-   * Creates a WalletProvider from a discovered wallet.
-   * Returns null if the wallet is not allowed by config.
-   * @param discoveredWallet - The discovered wallet from extension discovery.
-   * @param chainInfo - Network information.
-   * @param extensionConfig - Extension wallet configuration.
-   */ createProviderFromDiscoveredWallet(discoveredWallet, chainInfo, extensionConfig) {
-        const { info } = discoveredWallet;
-        if (!this.isExtensionAllowed(info.id, extensionConfig)) {
-            return null;
-        }
-        let extensionWallet = null;
-        const provider = {
-            id: info.id,
-            type: 'extension',
-            name: info.name,
-            icon: info.icon,
-            metadata: {
-                version: info.version
-            },
-            establishSecureChannel: async (connectAppId)=>{
-                const connection = await discoveredWallet.establishSecureChannel();
-                provider.metadata = {
-                    ...provider.metadata,
-                    verificationHash: connection.info.verificationHash
-                };
-                return {
-                    verificationHash: connection.info.verificationHash,
-                    confirm: ()=>{
-                        return Promise.resolve(ExtensionWallet.create(connection.info.id, connection.port, connection.sharedKey, chainInfo, connectAppId));
+                        return ()=>{};
                     },
-                    cancel: ()=>{
-                        // Send disconnect to terminate the session on the extension side
-                        // but keep the port open so we can retry key exchange
-                        connection.port.postMessage({
-                            type: WalletMessageType.DISCONNECT,
-                            requestId: discoveredWallet.requestId
-                        });
-                    // Don't close the port - allow retry with fresh key exchange
+                    isDisconnected: ()=>{
+                        if (extensionWallet) {
+                            return extensionWallet.isDisconnected();
+                        }
+                        return true;
                     }
                 };
-            },
-            disconnect: async ()=>{
-                if (extensionWallet) {
-                    await extensionWallet.disconnect();
-                    extensionWallet = null;
-                }
-            },
-            onDisconnect: (callback)=>{
-                if (extensionWallet) {
-                    return extensionWallet.onDisconnect(callback);
-                }
-                return ()=>{};
-            },
-            isDisconnected: ()=>{
-                if (extensionWallet) {
-                    return extensionWallet.isDisconnected();
-                }
-                return true;
+                providers.push(provider);
             }
-        };
-        return provider;
+        }
+        // TODO: Add web wallet discovery when implemented
+        return providers;
     }
     /**
    * Checks if an extension is allowed based on allow/block lists

package/dest/providers/extension/extension_provider.d.ts

@@ -0,0 +1,63 @@
+import type { ChainInfo } from '@aztec/aztec.js/account';
+import { type WalletInfo } from '../../types.js';
+/**
+ * A discovered wallet with its secure channel components.
+ * Returned by {@link ExtensionProvider.discoverExtensions}.
+ */
+export interface DiscoveredWallet {
+    /** Basic wallet information (id, name, icon, version, publicKey, verificationHash) */
+    info: WalletInfo;
+    /** The MessagePort for private communication with the wallet */
+    port: MessagePort;
+    /** The derived AES-256-GCM shared key for encryption */
+    sharedKey: CryptoKey;
+}
+/**
+ * Provider for discovering Aztec wallet extensions.
+ *
+ * This class handles the discovery phase of wallet communication:
+ * 1. Broadcasts a discovery request with the dApp's public key
+ * 2. Receives responses from installed wallets with their public keys
+ * 3. Derives shared secrets and computes verification hashes
+ * 4. Returns discovered wallets with their secure channel components
+ *
+ * @example
+ * ```typescript
+ * const wallets = await ExtensionProvider.discoverExtensions(chainInfo);
+ * // Display wallets to user with optional emoji verification
+ * for (const wallet of wallets) {
+ *   const emoji = hashToEmoji(wallet.info.verificationHash!);
+ *   console.log(`${wallet.info.name}: ${emoji}`);
+ * }
+ * // User selects a wallet after verifying
+ * const wallet = await ExtensionWallet.create(wallets[0], chainInfo, 'my-app');
+ * ```
+ */
+export declare class ExtensionProvider {
+    private static discoveryInProgress;
+    /**
+     * Discovers all installed Aztec wallet extensions and establishes secure channel components.
+     *
+     * This method:
+     * 1. Generates an ECDH key pair for this discovery session
+     * 2. Broadcasts a discovery request with the dApp's public key
+     * 3. Receives responses from wallets with their public keys and MessagePorts
+     * 4. Derives shared secrets and computes verification hashes
+     *
+     * @param chainInfo - Chain information to check if extensions support this network
+     * @param timeout - How long to wait for extensions to respond (ms)
+     * @returns Array of discovered wallets with their secure channel components
+     *
+     * @example
+     * ```typescript
+     * const wallets = await ExtensionProvider.discoverExtensions({
+     *   chainId: Fr(31337),
+     *   version: Fr(0)
+     * });
+     * // Access wallet info and secure channel
+     * const { info, port, sharedKey } = wallets[0];
+     * ```
+     */
+    static discoverExtensions(chainInfo: ChainInfo, timeout?: number): Promise<DiscoveredWallet[]>;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZW5zaW9uX3Byb3ZpZGVyLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcHJvdmlkZXJzL2V4dGVuc2lvbi9leHRlbnNpb25fcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFLekQsT0FBTyxFQUFpRCxLQUFLLFVBQVUsRUFBcUIsTUFBTSxnQkFBZ0IsQ0FBQztBQUVuSDs7O0dBR0c7QUFDSCxNQUFNLFdBQVcsZ0JBQWdCO0lBQy9CLHNGQUFzRjtJQUN0RixJQUFJLEVBQUUsVUFBVSxDQUFDO0lBQ2pCLGdFQUFnRTtJQUNoRSxJQUFJLEVBQUUsV0FBVyxDQUFDO0lBQ2xCLHdEQUF3RDtJQUN4RCxTQUFTLEVBQUUsU0FBUyxDQUFDO0NBQ3RCO0FBV0Q7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBb0JHO0FBQ0gscUJBQWEsaUJBQWlCO0lBQzVCLE9BQU8sQ0FBQyxNQUFNLENBQUMsbUJBQW1CLENBQVM7SUFFM0M7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FzQkc7SUFDSCxPQUFhLGtCQUFrQixDQUFDLFNBQVMsRUFBRSxTQUFTLEVBQUUsT0FBTyxHQUFFLE1BQWEsR0FBRyxPQUFPLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQyxDQXlGekc7Q0FDRiJ9

package/dest/providers/extension/extension_provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"extension_provider.d.ts","sourceRoot":"","sources":["../../../src/providers/extension/extension_provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAKzD,OAAO,EAAiD,KAAK,UAAU,EAAqB,MAAM,gBAAgB,CAAC;AAEnH;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,sFAAsF;IACtF,IAAI,EAAE,UAAU,CAAC;IACjB,gEAAgE;IAChE,IAAI,EAAE,WAAW,CAAC;IAClB,wDAAwD;IACxD,SAAS,EAAE,SAAS,CAAC;CACtB;AAWD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAS;IAE3C;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,OAAa,kBAAkB,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,GAAE,MAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAyFzG;CACF"}

package/dest/providers/extension/extension_provider.js

@@ -0,0 +1,124 @@
+import { jsonStringify } from '@aztec/foundation/json-rpc';
+import { promiseWithResolvers } from '@aztec/foundation/promise';
+import { deriveSharedKey, exportPublicKey, generateKeyPair, hashSharedSecret, importPublicKey } from '../../crypto.js';
+import { WalletMessageType } from '../../types.js';
+/**
+ * Provider for discovering Aztec wallet extensions.
+ *
+ * This class handles the discovery phase of wallet communication:
+ * 1. Broadcasts a discovery request with the dApp's public key
+ * 2. Receives responses from installed wallets with their public keys
+ * 3. Derives shared secrets and computes verification hashes
+ * 4. Returns discovered wallets with their secure channel components
+ *
+ * @example
+ * ```typescript
+ * const wallets = await ExtensionProvider.discoverExtensions(chainInfo);
+ * // Display wallets to user with optional emoji verification
+ * for (const wallet of wallets) {
+ *   const emoji = hashToEmoji(wallet.info.verificationHash!);
+ *   console.log(`${wallet.info.name}: ${emoji}`);
+ * }
+ * // User selects a wallet after verifying
+ * const wallet = await ExtensionWallet.create(wallets[0], chainInfo, 'my-app');
+ * ```
+ */ export class ExtensionProvider {
+    static discoveryInProgress = false;
+    /**
+   * Discovers all installed Aztec wallet extensions and establishes secure channel components.
+   *
+   * This method:
+   * 1. Generates an ECDH key pair for this discovery session
+   * 2. Broadcasts a discovery request with the dApp's public key
+   * 3. Receives responses from wallets with their public keys and MessagePorts
+   * 4. Derives shared secrets and computes verification hashes
+   *
+   * @param chainInfo - Chain information to check if extensions support this network
+   * @param timeout - How long to wait for extensions to respond (ms)
+   * @returns Array of discovered wallets with their secure channel components
+   *
+   * @example
+   * ```typescript
+   * const wallets = await ExtensionProvider.discoverExtensions({
+   *   chainId: Fr(31337),
+   *   version: Fr(0)
+   * });
+   * // Access wallet info and secure channel
+   * const { info, port, sharedKey } = wallets[0];
+   * ```
+   */ static async discoverExtensions(chainInfo, timeout = 1000) {
+        // If discovery is already in progress, wait and return empty
+        // (caller should retry or handle appropriately)
+        if (this.discoveryInProgress) {
+            await new Promise((resolve)=>setTimeout(resolve, timeout));
+            return [];
+        }
+        this.discoveryInProgress = true;
+        // Generate key pair for this discovery session
+        const keyPair = await generateKeyPair();
+        const exportedPublicKey = await exportPublicKey(keyPair.publicKey);
+        const { promise, resolve } = promiseWithResolvers();
+        const requestId = globalThis.crypto.randomUUID();
+        const responses = [];
+        // Set up listener for discovery responses
+        const handleMessage = (event)=>{
+            if (event.source !== window) {
+                return;
+            }
+            let data;
+            try {
+                data = JSON.parse(event.data);
+            } catch  {
+                return;
+            }
+            if (data.type === WalletMessageType.DISCOVERY_RESPONSE && data.requestId === requestId) {
+                // Get the MessagePort from the event
+                const port = event.ports?.[0];
+                if (!port) {
+                    return;
+                }
+                // Derive shared key from wallet's public key
+                const walletPublicKey = data.walletInfo.publicKey;
+                if (!walletPublicKey) {
+                    return;
+                }
+                void (async ()=>{
+                    try {
+                        const importedWalletKey = await importPublicKey(walletPublicKey);
+                        const sharedKey = await deriveSharedKey(keyPair.privateKey, importedWalletKey);
+                        // Compute verification hash
+                        const verificationHash = await hashSharedSecret(sharedKey);
+                        // Create wallet info with verification hash
+                        const walletInfo = {
+                            ...data.walletInfo,
+                            verificationHash
+                        };
+                        responses.push({
+                            info: walletInfo,
+                            port,
+                            sharedKey
+                        });
+                    } catch  {
+                    // Failed to derive key, skip this wallet
+                    }
+                })();
+            }
+        };
+        window.addEventListener('message', handleMessage);
+        // Send discovery message with our public key
+        const discoveryMessage = {
+            type: WalletMessageType.DISCOVERY,
+            requestId,
+            chainInfo,
+            publicKey: exportedPublicKey
+        };
+        window.postMessage(jsonStringify(discoveryMessage), '*');
+        // Wait for responses
+        setTimeout(()=>{
+            window.removeEventListener('message', handleMessage);
+            this.discoveryInProgress = false;
+            resolve(responses);
+        }, timeout);
+        return promise;
+    }
+}

package/dest/providers/extension/extension_wallet.d.ts

@@ -0,0 +1,155 @@
+import type { ChainInfo } from '@aztec/aztec.js/account';
+import { type Wallet } from '@aztec/aztec.js/wallet';
+import { type WalletInfo } from '../../types.js';
+/**
+ * Callback type for wallet disconnect events.
+ */
+export type DisconnectCallback = () => void;
+/**
+ * A wallet implementation that communicates with browser extension wallets
+ * using a secure encrypted MessageChannel.
+ *
+ * This class uses a pre-established secure channel from the discovery phase:
+ *
+ * 1. **MessageChannel**: A private communication channel created during discovery,
+ *    not visible to other scripts on the page (unlike window.postMessage).
+ *
+ * 2. **ECDH Key Exchange**: The shared secret was derived during discovery using
+ *    Elliptic Curve Diffie-Hellman key exchange.
+ *
+ * 3. **AES-GCM Encryption**: All messages are encrypted using AES-256-GCM,
+ *    providing both confidentiality and authenticity.
+ *
+ * @example
+ * ```typescript
+ * // Discovery returns wallets with secure channel components
+ * const wallets = await ExtensionProvider.discoverExtensions(chainInfo);
+ * const { info, port, sharedKey } = wallets[0];
+ *
+ * // User can verify emoji if desired
+ * console.log('Verify:', hashToEmoji(info.verificationHash!));
+ *
+ * // Create wallet using the discovered components
+ * const wallet = await ExtensionWallet.create(info, chainInfo, port, sharedKey, 'my-dapp');
+ *
+ * // All subsequent calls are encrypted
+ * const accounts = await wallet.getAccounts();
+ * ```
+ */
+export declare class ExtensionWallet {
+    private chainInfo;
+    private appId;
+    private extensionId;
+    private port;
+    private sharedKey;
+    /** Map of pending requests awaiting responses, keyed by message ID */
+    private inFlight;
+    private disconnected;
+    private disconnectCallbacks;
+    /**
+     * Private constructor - use {@link ExtensionWallet.create} to instantiate.
+     * @param chainInfo - The chain information (chainId and version)
+     * @param appId - Application identifier for the requesting dApp
+     * @param extensionId - The unique identifier of the target wallet extension
+     * @param port - The MessagePort for private communication with the wallet
+     * @param sharedKey - The derived AES-256-GCM shared key for encryption
+     */
+    private constructor();
+    /** Cached Wallet proxy instance */
+    private walletProxy;
+    /**
+     * Creates an ExtensionWallet instance that communicates with a browser extension
+     * over a secure encrypted MessageChannel.
+     *
+     * @param walletInfo - The wallet info from ExtensionProvider.discoverExtensions()
+     * @param chainInfo - The chain information (chainId and version) for request context
+     * @param port - The MessagePort for private communication with the wallet
+     * @param sharedKey - The derived AES-256-GCM shared key for encryption
+     * @param appId - Application identifier used to identify the requesting dApp to the wallet
+     * @returns The ExtensionWallet instance. Use {@link getWallet} to get the Wallet interface.
+     *
+     * @example
+     * ```typescript
+     * const wallets = await ExtensionProvider.discoverExtensions(chainInfo);
+     * const { info, port, sharedKey } = wallets[0];
+     * const extensionWallet = ExtensionWallet.create(
+     *   info,
+     *   { chainId: Fr(31337), version: Fr(0) },
+     *   port,
+     *   sharedKey,
+     *   'my-defi-app'
+     * );
+     *
+     * // Register disconnect handler
+     * extensionWallet.onDisconnect(() => console.log('Disconnected!'));
+     *
+     * // Get the Wallet interface for dApp usage
+     * const wallet = extensionWallet.getWallet();
+     * const accounts = await wallet.getAccounts();
+     * ```
+     */
+    static create(walletInfo: WalletInfo, chainInfo: ChainInfo, port: MessagePort, sharedKey: CryptoKey, appId: string): ExtensionWallet;
+    /**
+     * Returns a Wallet interface that proxies all method calls through the secure channel.
+     *
+     * The returned Wallet can be used directly by dApps - all method calls are automatically
+     * encrypted and sent to the wallet extension.
+     *
+     * @returns A Wallet implementation that encrypts all communication
+     *
+     * @example
+     * ```typescript
+     * const extensionWallet = ExtensionWallet.create(info, chainInfo, port, sharedKey, 'my-app');
+     * const wallet = extensionWallet.getWallet();
+     * const accounts = await wallet.getAccounts();
+     * ```
+     */
+    getWallet(): Wallet;
+    private handleEncryptedResponse;
+    private postMessage;
+    /**
+     * Handles wallet disconnection.
+     * Rejects all pending requests and notifies registered callbacks.
+     * @internal
+     */
+    private handleDisconnect;
+    /**
+     * Registers a callback to be invoked when the wallet disconnects.
+     *
+     * @param callback - Function to call when wallet disconnects
+     * @returns A function to unregister the callback
+     *
+     * @example
+     * ```typescript
+     * const wallet = await ExtensionWallet.create(...);
+     * const unsubscribe = wallet.onDisconnect(() => {
+     *   console.log('Wallet disconnected! Please reconnect.');
+     *   // Clean up UI, prompt user to reconnect, etc.
+     * });
+     * // Later: unsubscribe(); to stop receiving notifications
+     * ```
+     */
+    onDisconnect(callback: DisconnectCallback): () => void;
+    /**
+     * Returns whether the wallet has been disconnected.
+     *
+     * @returns true if the wallet is no longer connected
+     */
+    isDisconnected(): boolean;
+    /**
+     * Disconnects from the wallet and cleans up resources.
+     *
+     * This method notifies the wallet extension that the session is ending,
+     * allowing it to clean up its state. After calling this method, the wallet
+     * instance can no longer be used and any pending requests will be rejected.
+     *
+     * @example
+     * ```typescript
+     * const wallet = await provider.connect('my-app');
+     * // ... use wallet ...
+     * await wallet.disconnect(); // Clean disconnect when done
+     * ```
+     */
+    disconnect(): Promise<void>;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZW5zaW9uX3dhbGxldC5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3Byb3ZpZGVycy9leHRlbnNpb24vZXh0ZW5zaW9uX3dhbGxldC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUN6RCxPQUFPLEVBQUUsS0FBSyxNQUFNLEVBQWdCLE1BQU0sd0JBQXdCLENBQUM7QUFPbkUsT0FBTyxFQUFFLEtBQUssVUFBVSxFQUE4RCxNQUFNLGdCQUFnQixDQUFDO0FBYTdHOztHQUVHO0FBQ0gsTUFBTSxNQUFNLGtCQUFrQixHQUFHLE1BQU0sSUFBSSxDQUFDO0FBRTVDOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0E4Qkc7QUFDSCxxQkFBYSxlQUFlO0lBZXhCLE9BQU8sQ0FBQyxTQUFTO0lBQ2pCLE9BQU8sQ0FBQyxLQUFLO0lBQ2IsT0FBTyxDQUFDLFdBQVc7SUFDbkIsT0FBTyxDQUFDLElBQUk7SUFDWixPQUFPLENBQUMsU0FBUztJQWxCbkIsc0VBQXNFO0lBQ3RFLE9BQU8sQ0FBQyxRQUFRLENBQW9EO0lBQ3BFLE9BQU8sQ0FBQyxZQUFZLENBQVM7SUFDN0IsT0FBTyxDQUFDLG1CQUFtQixDQUE0QjtJQUV2RDs7Ozs7OztPQU9HO0lBQ0gsT0FBTyxlQU1IO0lBRUosbUNBQW1DO0lBQ25DLE9BQU8sQ0FBQyxXQUFXLENBQXVCO0lBRTFDOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0E4Qkc7SUFDSCxNQUFNLENBQUMsTUFBTSxDQUNYLFVBQVUsRUFBRSxVQUFVLEVBQ3RCLFNBQVMsRUFBRSxTQUFTLEVBQ3BCLElBQUksRUFBRSxXQUFXLEVBQ2pCLFNBQVMsRUFBRSxTQUFTLEVBQ3BCLEtBQUssRUFBRSxNQUFNLEdBQ1osZUFBZSxDQVdqQjtJQUVEOzs7Ozs7Ozs7Ozs7OztPQWNHO0lBQ0gsU0FBUyxJQUFJLE1BQU0sQ0F1QmxCO1lBVWEsdUJBQXVCO1lBMER2QixXQUFXO0lBMkJ6Qjs7OztPQUlHO0lBQ0gsT0FBTyxDQUFDLGdCQUFnQjtJQStCeEI7Ozs7Ozs7Ozs7Ozs7OztPQWVHO0lBQ0gsWUFBWSxDQUFDLFFBQVEsRUFBRSxrQkFBa0IsR0FBRyxNQUFNLElBQUksQ0FRckQ7SUFFRDs7OztPQUlHO0lBQ0gsY0FBYyxJQUFJLE9BQU8sQ0FFeEI7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0csVUFBVSxJQUFJLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0EyQmhDO0NBQ0YifQ==