@aztec/wallet-sdk 4.0.0-nightly.20260107 → 4.0.0-nightly.20260110

package/dest/types.d.ts

@@ -0,0 +1,83 @@
+import type { ChainInfo } from '@aztec/aztec.js/account';
+import type { ExportedPublicKey } from './crypto.js';
+/**
+ * Information about an installed Aztec wallet
+ */
+export interface WalletInfo {
+    /** Unique identifier for the wallet */
+    id: string;
+    /** Display name of the wallet */
+    name: string;
+    /** URL to the wallet's icon */
+    icon?: string;
+    /** Wallet version */
+    version: string;
+    /** Wallet's ECDH public key for secure channel establishment */
+    publicKey: ExportedPublicKey;
+}
+/**
+ * Message format for wallet communication (internal, before encryption)
+ */
+export interface WalletMessage {
+    /** Unique message ID for tracking responses */
+    messageId: string;
+    /** The wallet method to call */
+    type: string;
+    /** Arguments for the method */
+    args: unknown[];
+    /** Chain information */
+    chainInfo: ChainInfo;
+    /** Application ID making the request */
+    appId: string;
+    /** Wallet ID to target a specific wallet */
+    walletId: string;
+}
+/**
+ * Response message from wallet
+ */
+export interface WalletResponse {
+    /** Message ID matching the request */
+    messageId: string;
+    /** Result data (if successful) */
+    result?: unknown;
+    /** Error data (if failed) */
+    error?: unknown;
+    /** Wallet ID that sent the response */
+    walletId: string;
+}
+/**
+ * Discovery message for finding installed wallets (public, unencrypted)
+ */
+export interface DiscoveryRequest {
+    /** Message type for discovery */
+    type: 'aztec-wallet-discovery';
+    /** Request ID */
+    requestId: string;
+    /** Chain information to check if wallet supports this network */
+    chainInfo: ChainInfo;
+}
+/**
+ * Discovery response from a wallet (public, unencrypted)
+ */
+export interface DiscoveryResponse {
+    /** Message type for discovery response */
+    type: 'aztec-wallet-discovery-response';
+    /** Request ID matching the discovery request */
+    requestId: string;
+    /** Wallet information */
+    walletInfo: WalletInfo;
+}
+/**
+ * Connection request to establish secure channel
+ */
+export interface ConnectRequest {
+    /** Message type for connection */
+    type: 'aztec-wallet-connect';
+    /** Target wallet ID */
+    walletId: string;
+    /** Application ID */
+    appId: string;
+    /** dApp's ECDH public key for deriving shared secret */
+    publicKey: ExportedPublicKey;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUV6RCxPQUFPLEtBQUssRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUVyRDs7R0FFRztBQUNILE1BQU0sV0FBVyxVQUFVO0lBQ3pCLHVDQUF1QztJQUN2QyxFQUFFLEVBQUUsTUFBTSxDQUFDO0lBQ1gsaUNBQWlDO0lBQ2pDLElBQUksRUFBRSxNQUFNLENBQUM7SUFDYiwrQkFBK0I7SUFDL0IsSUFBSSxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ2QscUJBQXFCO0lBQ3JCLE9BQU8sRUFBRSxNQUFNLENBQUM7SUFDaEIsZ0VBQWdFO0lBQ2hFLFNBQVMsRUFBRSxpQkFBaUIsQ0FBQztDQUM5QjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLGFBQWE7SUFDNUIsK0NBQStDO0lBQy9DLFNBQVMsRUFBRSxNQUFNLENBQUM7SUFDbEIsZ0NBQWdDO0lBQ2hDLElBQUksRUFBRSxNQUFNLENBQUM7SUFDYiwrQkFBK0I7SUFDL0IsSUFBSSxFQUFFLE9BQU8sRUFBRSxDQUFDO0lBQ2hCLHdCQUF3QjtJQUN4QixTQUFTLEVBQUUsU0FBUyxDQUFDO0lBQ3JCLHdDQUF3QztJQUN4QyxLQUFLLEVBQUUsTUFBTSxDQUFDO0lBQ2QsNENBQTRDO0lBQzVDLFFBQVEsRUFBRSxNQUFNLENBQUM7Q0FDbEI7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyxjQUFjO0lBQzdCLHNDQUFzQztJQUN0QyxTQUFTLEVBQUUsTUFBTSxDQUFDO0lBQ2xCLGtDQUFrQztJQUNsQyxNQUFNLENBQUMsRUFBRSxPQUFPLENBQUM7SUFDakIsNkJBQTZCO0lBQzdCLEtBQUssQ0FBQyxFQUFFLE9BQU8sQ0FBQztJQUNoQix1Q0FBdUM7SUFDdkMsUUFBUSxFQUFFLE1BQU0sQ0FBQztDQUNsQjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLGdCQUFnQjtJQUMvQixpQ0FBaUM7SUFDakMsSUFBSSxFQUFFLHdCQUF3QixDQUFDO0lBQy9CLGlCQUFpQjtJQUNqQixTQUFTLEVBQUUsTUFBTSxDQUFDO0lBQ2xCLGlFQUFpRTtJQUNqRSxTQUFTLEVBQUUsU0FBUyxDQUFDO0NBQ3RCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsaUJBQWlCO0lBQ2hDLDBDQUEwQztJQUMxQyxJQUFJLEVBQUUsaUNBQWlDLENBQUM7SUFDeEMsZ0RBQWdEO0lBQ2hELFNBQVMsRUFBRSxNQUFNLENBQUM7SUFDbEIseUJBQXlCO0lBQ3pCLFVBQVUsRUFBRSxVQUFVLENBQUM7Q0FDeEI7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyxjQUFjO0lBQzdCLGtDQUFrQztJQUNsQyxJQUFJLEVBQUUsc0JBQXNCLENBQUM7SUFDN0IsdUJBQXVCO0lBQ3ZCLFFBQVEsRUFBRSxNQUFNLENBQUM7SUFDakIscUJBQXFCO0lBQ3JCLEtBQUssRUFBRSxNQUFNLENBQUM7SUFDZCx3REFBd0Q7SUFDeEQsU0FBUyxFQUFFLGlCQUFpQixDQUFDO0NBQzlCIn0=

package/dest/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAEzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,uCAAuC;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,iCAAiC;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,gEAAgE;IAChE,SAAS,EAAE,iBAAiB,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,+CAA+C;IAC/C,SAAS,EAAE,MAAM,CAAC;IAClB,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,IAAI,EAAE,OAAO,EAAE,CAAC;IAChB,wBAAwB;IACxB,SAAS,EAAE,SAAS,CAAC;IACrB,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,6BAA6B;IAC7B,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iCAAiC;IACjC,IAAI,EAAE,wBAAwB,CAAC;IAC/B,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,iEAAiE;IACjE,SAAS,EAAE,SAAS,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,0CAA0C;IAC1C,IAAI,EAAE,iCAAiC,CAAC;IACxC,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,UAAU,EAAE,UAAU,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,kCAAkC;IAClC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,SAAS,EAAE,iBAAiB,CAAC;CAC9B"}

package/dest/types.js

@@ -0,0 +1,3 @@
+/**
+ * Connection request to establish secure channel
+ */ export { };

package/package.json

@@ -1,11 +1,13 @@
 {
   "name": "@aztec/wallet-sdk",
   "homepage": "https://github.com/AztecProtocol/aztec-packages/tree/master/yarn-project/wallet-sdk",
-  "version": "4.0.0-nightly.20260107",
+  "version": "4.0.0-nightly.20260110",
   "type": "module",
   "exports": {
     "./base-wallet": "./dest/base-wallet/index.js",
     "./providers/extension": "./dest/providers/extension/index.js",
+    "./crypto": "./dest/crypto.js",
+    "./types": "./dest/types.js",
     "./manager": "./dest/manager/index.js"
   },
   "typedocOptions": {
@@ -62,15 +64,15 @@
     ]
   },
   "dependencies": {
-    "@aztec/aztec.js": "4.0.0-nightly.20260107",
-    "@aztec/constants": "4.0.0-nightly.20260107",
-    "@aztec/entrypoints": "4.0.0-nightly.20260107",
-    "@aztec/foundation": "4.0.0-nightly.20260107",
-    "@aztec/pxe": "4.0.0-nightly.20260107",
-    "@aztec/stdlib": "4.0.0-nightly.20260107"
+    "@aztec/aztec.js": "4.0.0-nightly.20260110",
+    "@aztec/constants": "4.0.0-nightly.20260110",
+    "@aztec/entrypoints": "4.0.0-nightly.20260110",
+    "@aztec/foundation": "4.0.0-nightly.20260110",
+    "@aztec/pxe": "4.0.0-nightly.20260110",
+    "@aztec/stdlib": "4.0.0-nightly.20260110"
   },
   "devDependencies": {
-    "@aztec/noir-contracts.js": "4.0.0-nightly.20260107",
+    "@aztec/noir-contracts.js": "4.0.0-nightly.20260110",
     "@jest/globals": "^30.0.0",
     "@types/jest": "^30.0.0",
     "@types/node": "^22.15.17",

package/src/base-wallet/base_wallet.ts

@@ -76,7 +76,7 @@ export type FeeOptions = {
 export abstract class BaseWallet implements Wallet {
   protected log = createLogger('wallet-sdk:base_wallet');
 
-  protected baseFeePadding = 0.5;
+  protected minFeePadding = 0.5;
   protected cancellableTransactions = false;
 
   // Protected because we want to force wallets to instantiate their own PXE.
@@ -165,7 +165,7 @@ export abstract class BaseWallet implements Wallet {
     gasSettings?: Partial<FieldsOf<GasSettings>>,
   ): Promise<FeeOptions> {
     const maxFeesPerGas =
-      gasSettings?.maxFeesPerGas ?? (await this.aztecNode.getCurrentBaseFees()).mul(1 + this.baseFeePadding);
+      gasSettings?.maxFeesPerGas ?? (await this.aztecNode.getCurrentMinFees()).mul(1 + this.minFeePadding);
     let accountFeePaymentMethodOptions;
     // The transaction does not include a fee payment method, so we set the flag
     // for the account to use its fee juice balance

package/src/crypto.ts

@@ -0,0 +1,283 @@
+/**
+ * Cryptographic utilities for secure wallet communication.
+ *
+ * This module provides ECDH key exchange and AES-GCM encryption primitives
+ * for establishing secure communication channels between dApps and wallet extensions.
+ *
+ * The crypto flow:
+ * 1. Both parties generate ECDH key pairs using {@link generateKeyPair}
+ * 2. Public keys are exchanged (exported via {@link exportPublicKey}, imported via {@link importPublicKey})
+ * 3. Both parties derive the same shared secret using {@link deriveSharedKey}
+ * 4. Messages are encrypted/decrypted using {@link encrypt} and {@link decrypt}
+ *
+ * @example
+ * ```typescript
+ * // Party A
+ * const keyPairA = await generateKeyPair();
+ * const publicKeyA = await exportPublicKey(keyPairA.publicKey);
+ *
+ * // Party B
+ * const keyPairB = await generateKeyPair();
+ * const publicKeyB = await exportPublicKey(keyPairB.publicKey);
+ *
+ * // Exchange public keys, then derive shared secret
+ * const importedB = await importPublicKey(publicKeyB);
+ * const sharedKeyA = await deriveSharedKey(keyPairA.privateKey, importedB);
+ *
+ * // Encrypt and decrypt
+ * const encrypted = await encrypt(sharedKeyA, { message: 'hello' });
+ * const decrypted = await decrypt(sharedKeyB, encrypted);
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { jsonStringify } from '@aztec/foundation/json-rpc';
+
+/**
+ * Exported public key in JWK format for transmission over untrusted channels.
+ *
+ * Contains only the public components of an ECDH P-256 key, safe to share.
+ */
+export interface ExportedPublicKey {
+  /** Key type - always "EC" for elliptic curve */
+  kty: string;
+  /** Curve name - always "P-256" */
+  crv: string;
+  /** X coordinate (base64url encoded) */
+  x: string;
+  /** Y coordinate (base64url encoded) */
+  y: string;
+}
+
+/**
+ * Encrypted message payload containing ciphertext and initialization vector.
+ *
+ * Both fields are base64-encoded for safe transmission as JSON.
+ */
+export interface EncryptedPayload {
+  /** Initialization vector (base64 encoded, 12 bytes) */
+  iv: string;
+  /** Ciphertext (base64 encoded) */
+  ciphertext: string;
+}
+
+/**
+ * ECDH key pair for secure communication.
+ *
+ * The private key should never be exported or transmitted.
+ * The public key can be exported via {@link exportPublicKey} for exchange.
+ */
+export interface SecureKeyPair {
+  /** Public key - safe to share */
+  publicKey: CryptoKey;
+  /** Private key - keep secret, used for key derivation */
+  privateKey: CryptoKey;
+}
+
+/**
+ * Generates an ECDH P-256 key pair for key exchange.
+ *
+ * The generated key pair can be used to derive a shared secret with another
+ * party's public key using {@link deriveSharedKey}.
+ *
+ * @returns A new ECDH key pair
+ *
+ * @example
+ * ```typescript
+ * const keyPair = await generateKeyPair();
+ * const publicKey = await exportPublicKey(keyPair.publicKey);
+ * // Send publicKey to the other party
+ * ```
+ */
+export async function generateKeyPair(): Promise<SecureKeyPair> {
+  const keyPair = await crypto.subtle.generateKey(
+    {
+      name: 'ECDH',
+      namedCurve: 'P-256',
+    },
+    true, // extractable (needed to export public key)
+    ['deriveKey'],
+  );
+  return {
+    publicKey: keyPair.publicKey,
+    privateKey: keyPair.privateKey,
+  };
+}
+
+/**
+ * Exports a public key to JWK format for transmission.
+ *
+ * The exported key contains only public components and is safe to transmit
+ * over untrusted channels.
+ *
+ * @param publicKey - The CryptoKey public key to export
+ * @returns The public key in JWK format
+ *
+ * @example
+ * ```typescript
+ * const keyPair = await generateKeyPair();
+ * const exported = await exportPublicKey(keyPair.publicKey);
+ * // exported can be JSON serialized and sent to another party
+ * ```
+ */
+export async function exportPublicKey(publicKey: CryptoKey): Promise<ExportedPublicKey> {
+  const jwk = await crypto.subtle.exportKey('jwk', publicKey);
+  return {
+    kty: jwk.kty!,
+    crv: jwk.crv!,
+    x: jwk.x!,
+    y: jwk.y!,
+  };
+}
+
+/**
+ * Imports a public key from JWK format.
+ *
+ * Used to import the other party's public key for deriving a shared secret.
+ *
+ * @param exported - The public key in JWK format
+ * @returns A CryptoKey that can be used with {@link deriveSharedKey}
+ *
+ * @example
+ * ```typescript
+ * // Receive exported public key from other party
+ * const theirPublicKey = await importPublicKey(receivedPublicKey);
+ * const sharedKey = await deriveSharedKey(myPrivateKey, theirPublicKey);
+ * ```
+ */
+export function importPublicKey(exported: ExportedPublicKey): Promise<CryptoKey> {
+  return crypto.subtle.importKey(
+    'jwk',
+    {
+      kty: exported.kty,
+      crv: exported.crv,
+      x: exported.x,
+      y: exported.y,
+    },
+    {
+      name: 'ECDH',
+      namedCurve: 'P-256',
+    },
+    false,
+    [],
+  );
+}
+
+/**
+ * Derives a shared AES-256-GCM key from ECDH key exchange.
+ *
+ * Both parties will derive the same shared key when using their own private key
+ * and the other party's public key. This is the core of ECDH key agreement.
+ *
+ * @param privateKey - Your ECDH private key
+ * @param publicKey - The other party's ECDH public key
+ * @returns An AES-256-GCM key for encryption/decryption
+ *
+ * @example
+ * ```typescript
+ * // Both parties derive the same key
+ * const sharedKeyA = await deriveSharedKey(privateKeyA, publicKeyB);
+ * const sharedKeyB = await deriveSharedKey(privateKeyB, publicKeyA);
+ * // sharedKeyA and sharedKeyB are equivalent
+ * ```
+ */
+export function deriveSharedKey(privateKey: CryptoKey, publicKey: CryptoKey): Promise<CryptoKey> {
+  return crypto.subtle.deriveKey(
+    {
+      name: 'ECDH',
+      public: publicKey,
+    },
+    privateKey,
+    {
+      name: 'AES-GCM',
+      length: 256,
+    },
+    false,
+    ['encrypt', 'decrypt'],
+  );
+}
+
+/**
+ * Encrypts data using AES-256-GCM.
+ *
+ * The data is JSON serialized before encryption. A random 12-byte IV is
+ * generated for each encryption operation.
+ *
+ * AES-GCM provides both confidentiality and authenticity - any tampering
+ * with the ciphertext will cause decryption to fail.
+ *
+ * @param key - The AES-GCM key (from {@link deriveSharedKey})
+ * @param data - The data to encrypt (will be JSON serialized)
+ * @returns The encrypted payload with IV and ciphertext
+ *
+ * @example
+ * ```typescript
+ * const encrypted = await encrypt(sharedKey, { action: 'transfer', amount: 100 });
+ * // encrypted.iv and encrypted.ciphertext are base64 strings
+ * ```
+ */
+export async function encrypt(key: CryptoKey, data: unknown): Promise<EncryptedPayload> {
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+  const encoded = new TextEncoder().encode(jsonStringify(data));
+
+  const ciphertext = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, encoded);
+
+  return {
+    iv: arrayBufferToBase64(iv),
+    ciphertext: arrayBufferToBase64(ciphertext),
+  };
+}
+
+/**
+ * Decrypts data using AES-256-GCM.
+ *
+ * The decrypted data is JSON parsed before returning.
+ *
+ * @typeParam T - The expected type of the decrypted data
+ * @param key - The AES-GCM key (from {@link deriveSharedKey})
+ * @param payload - The encrypted payload from {@link encrypt}
+ * @returns The decrypted and parsed data
+ *
+ * @throws Error if decryption fails (wrong key or tampered ciphertext)
+ *
+ * @example
+ * ```typescript
+ * const decrypted = await decrypt<{ action: string; amount: number }>(sharedKey, encrypted);
+ * console.log(decrypted.action); // 'transfer'
+ * ```
+ */
+export async function decrypt<T = unknown>(key: CryptoKey, payload: EncryptedPayload): Promise<T> {
+  const iv = base64ToArrayBuffer(payload.iv);
+  const ciphertext = base64ToArrayBuffer(payload.ciphertext);
+
+  const decrypted = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, key, ciphertext);
+
+  const decoded = new TextDecoder().decode(decrypted);
+  return JSON.parse(decoded) as T;
+}
+
+/**
+ * Converts ArrayBuffer to base64 string.
+ * @internal
+ */
+function arrayBufferToBase64(buffer: ArrayBuffer | Uint8Array): string {
+  const bytes = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
+  let binary = '';
+  for (let i = 0; i < bytes.byteLength; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary);
+}
+
+/**
+ * Converts base64 string to ArrayBuffer.
+ * @internal
+ */
+function base64ToArrayBuffer(base64: string): ArrayBuffer {
+  const binary = atob(base64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes.buffer;
+}

package/src/manager/index.ts

@@ -9,13 +9,7 @@ export type {
 } from './types.js';
 
 // Re-export types from providers for convenience
-export type {
-  WalletInfo,
-  WalletMessage,
-  WalletResponse,
-  DiscoveryRequest,
-  DiscoveryResponse,
-} from '../providers/types.js';
+export type { WalletInfo, WalletMessage, WalletResponse, DiscoveryRequest, DiscoveryResponse } from '../types.js';
 
 // Re-export commonly needed utilities for wallet integration
 export { ChainInfoSchema } from '@aztec/aztec.js/account';

package/src/manager/wallet_manager.ts

@@ -54,7 +54,7 @@ export class WalletManager {
           metadata: {
             version: ext.version,
           },
-          connect: (appId: string) => Promise.resolve(ExtensionWallet.create(chainInfo, appId, ext.id)),
+          connect: (appId: string) => ExtensionWallet.create(ext, chainInfo, appId),
         });
       }
     }

package/src/providers/extension/extension_provider.ts

@@ -2,7 +2,7 @@ import type { ChainInfo } from '@aztec/aztec.js/account';
 import { jsonStringify } from '@aztec/foundation/json-rpc';
 import { promiseWithResolvers } from '@aztec/foundation/promise';
 
-import type { DiscoveryRequest, DiscoveryResponse, WalletInfo } from '../types.js';
+import type { DiscoveryRequest, DiscoveryResponse, WalletInfo } from '../../types.js';
 
 /**
  * Provider for discovering and managing Aztec wallet extensions