@aztec/wallet-sdk 4.0.0-nightly.20260113 → 4.0.0-nightly.20260115

package/dest/providers/extension/extension_wallet.d.ts

@@ -5,26 +5,28 @@ import type { WalletInfo } from '../../types.js';
  * A wallet implementation that communicates with browser extension wallets
  * using a secure encrypted MessageChannel.
  *
- * This class establishes a private communication channel with a wallet extension
- * using the following security mechanisms:
+ * This class uses a pre-established secure channel from the discovery phase:
  *
- * 1. **MessageChannel**: Creates a private communication channel that is not
- *    visible to other scripts on the page (unlike window.postMessage).
+ * 1. **MessageChannel**: A private communication channel created during discovery,
+ *    not visible to other scripts on the page (unlike window.postMessage).
  *
- * 2. **ECDH Key Exchange**: Uses Elliptic Curve Diffie-Hellman to derive a
- *    shared secret between the dApp and wallet without transmitting private keys.
+ * 2. **ECDH Key Exchange**: The shared secret was derived during discovery using
+ *    Elliptic Curve Diffie-Hellman key exchange.
  *
- * 3. **AES-GCM Encryption**: All messages after channel establishment are
- *    encrypted using AES-256-GCM, providing both confidentiality and authenticity.
+ * 3. **AES-GCM Encryption**: All messages are encrypted using AES-256-GCM,
+ *    providing both confidentiality and authenticity.
  *
  * @example
  * ```typescript
- * // Discovery returns wallet info including the wallet's public key
+ * // Discovery returns wallets with secure channel components
  * const wallets = await ExtensionProvider.discoverExtensions(chainInfo);
- * const walletInfo = wallets[0];
+ * const { info, port, sharedKey } = wallets[0];
  *
- * // Create a secure connection to the wallet
- * const wallet = await ExtensionWallet.create(walletInfo, chainInfo, 'my-dapp');
+ * // User can verify emoji if desired
+ * console.log('Verify:', hashToEmoji(info.verificationHash!));
+ *
+ * // Create wallet using the discovered components
+ * const wallet = await ExtensionWallet.create(info, chainInfo, port, sharedKey, 'my-dapp');
  *
  * // All subsequent calls are encrypted
  * const accounts = await wallet.getAccounts();
@@ -34,47 +36,44 @@ export declare class ExtensionWallet {
     private chainInfo;
     private appId;
     private extensionId;
-    /** Map of pending requests awaiting responses, keyed by message ID */
-    private inFlight;
-    /** The MessagePort for private communication with the extension */
     private port;
-    /** The derived AES-GCM key for encrypting/decrypting messages */
     private sharedKey;
+    /** Map of pending requests awaiting responses, keyed by message ID */
+    private inFlight;
     /**
      * Private constructor - use {@link ExtensionWallet.create} to instantiate.
      * @param chainInfo - The chain information (chainId and version)
      * @param appId - Application identifier for the requesting dApp
      * @param extensionId - The unique identifier of the target wallet extension
+     * @param port - The MessagePort for private communication with the wallet
+     * @param sharedKey - The derived AES-256-GCM shared key for encryption
      */
     private constructor();
     /**
      * Creates an ExtensionWallet instance that proxies wallet calls to a browser extension
      * over a secure encrypted MessageChannel.
      *
-     * The connection process:
-     * 1. Generates an ECDH key pair for this session
-     * 2. Derives a shared AES-256 key using the wallet's public key
-     * 3. Creates a MessageChannel and transfers one port to the extension
-     * 4. Returns a Proxy that encrypts all wallet method calls
-     *
-     * @param walletInfo - The discovered wallet information, including the wallet's ECDH public key
+     * @param walletInfo - The wallet info from ExtensionProvider.discoverExtensions()
      * @param chainInfo - The chain information (chainId and version) for request context
+     * @param port - The MessagePort for private communication with the wallet
+     * @param sharedKey - The derived AES-256-GCM shared key for encryption
      * @param appId - Application identifier used to identify the requesting dApp to the wallet
      * @returns A Promise resolving to a Wallet implementation that encrypts all communication
      *
-     * @throws Error if the secure channel cannot be established
-     *
      * @example
      * ```typescript
+     * const wallets = await ExtensionProvider.discoverExtensions(chainInfo);
+     * const { info, port, sharedKey } = wallets[0];
      * const wallet = await ExtensionWallet.create(
-     *   walletInfo,
+     *   info,
      *   { chainId: Fr(31337), version: Fr(0) },
+     *   port,
+     *   sharedKey,
      *   'my-defi-app'
      * );
      * ```
      */
-    static create(walletInfo: WalletInfo, chainInfo: ChainInfo, appId: string): Promise<Wallet>;
-    private establishSecureChannel;
+    static create(walletInfo: WalletInfo, chainInfo: ChainInfo, port: MessagePort, sharedKey: CryptoKey, appId: string): Wallet;
     private handleEncryptedResponse;
     private postMessage;
     /**
@@ -85,11 +84,12 @@ export declare class ExtensionWallet {
      *
      * @example
      * ```typescript
-     * const wallet = await ExtensionWallet.create(walletInfo, chainInfo, 'my-app');
+     * const { info, port, sharedKey } = wallets[0];
+     * const wallet = await ExtensionWallet.create(info, chainInfo, port, sharedKey, 'my-app');
      * // ... use wallet ...
      * wallet.close(); // Clean up when done
      * ```
      */
     close(): void;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZW5zaW9uX3dhbGxldC5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3Byb3ZpZGVycy9leHRlbnNpb24vZXh0ZW5zaW9uX3dhbGxldC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUN6RCxPQUFPLEVBQUUsS0FBSyxNQUFNLEVBQWdCLE1BQU0sd0JBQXdCLENBQUM7QUFnQm5FLE9BQU8sS0FBSyxFQUFrQixVQUFVLEVBQWlDLE1BQU0sZ0JBQWdCLENBQUM7QUFhaEc7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0E0Qkc7QUFDSCxxQkFBYSxlQUFlO0lBaUJ4QixPQUFPLENBQUMsU0FBUztJQUNqQixPQUFPLENBQUMsS0FBSztJQUNiLE9BQU8sQ0FBQyxXQUFXO0lBbEJyQixzRUFBc0U7SUFDdEUsT0FBTyxDQUFDLFFBQVEsQ0FBb0Q7SUFFcEUsbUVBQW1FO0lBQ25FLE9BQU8sQ0FBQyxJQUFJLENBQTRCO0lBRXhDLGlFQUFpRTtJQUNqRSxPQUFPLENBQUMsU0FBUyxDQUEwQjtJQUUzQzs7Ozs7T0FLRztJQUNILE9BQU8sZUFJSDtJQUVKOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09BeUJHO0lBQ0gsT0FBYSxNQUFNLENBQUMsVUFBVSxFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsU0FBUyxFQUFFLEtBQUssRUFBRSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQXlCaEc7WUFjYSxzQkFBc0I7WUFxQ3RCLHVCQUF1QjtZQThDdkIsV0FBVztJQXdCekI7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0gsS0FBSyxJQUFJLElBQUksQ0FPWjtDQUNGIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZW5zaW9uX3dhbGxldC5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3Byb3ZpZGVycy9leHRlbnNpb24vZXh0ZW5zaW9uX3dhbGxldC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUN6RCxPQUFPLEVBQUUsS0FBSyxNQUFNLEVBQWdCLE1BQU0sd0JBQXdCLENBQUM7QUFPbkUsT0FBTyxLQUFLLEVBQUUsVUFBVSxFQUFpQyxNQUFNLGdCQUFnQixDQUFDO0FBYWhGOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0E4Qkc7QUFDSCxxQkFBYSxlQUFlO0lBYXhCLE9BQU8sQ0FBQyxTQUFTO0lBQ2pCLE9BQU8sQ0FBQyxLQUFLO0lBQ2IsT0FBTyxDQUFDLFdBQVc7SUFDbkIsT0FBTyxDQUFDLElBQUk7SUFDWixPQUFPLENBQUMsU0FBUztJQWhCbkIsc0VBQXNFO0lBQ3RFLE9BQU8sQ0FBQyxRQUFRLENBQW9EO0lBRXBFOzs7Ozs7O09BT0c7SUFDSCxPQUFPLGVBTUg7SUFFSjs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0F1Qkc7SUFDSCxNQUFNLENBQUMsTUFBTSxDQUNYLFVBQVUsRUFBRSxVQUFVLEVBQ3RCLFNBQVMsRUFBRSxTQUFTLEVBQ3BCLElBQUksRUFBRSxXQUFXLEVBQ2pCLFNBQVMsRUFBRSxTQUFTLEVBQ3BCLEtBQUssRUFBRSxNQUFNLEdBQ1osTUFBTSxDQTBCUjtZQVVhLHVCQUF1QjtZQThDdkIsV0FBVztJQXdCekI7Ozs7Ozs7Ozs7Ozs7T0FhRztJQUNILEtBQUssSUFBSSxJQUFJLENBS1o7Q0FDRiJ9

package/dest/providers/extension/extension_wallet.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"extension_wallet.d.ts","sourceRoot":"","sources":["../../../src/providers/extension/extension_wallet.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,KAAK,MAAM,EAAgB,MAAM,wBAAwB,CAAC;AAgBnE,OAAO,KAAK,EAAkB,UAAU,EAAiC,MAAM,gBAAgB,CAAC;AAahG;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,qBAAa,eAAe;IAiBxB,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,WAAW;IAlBrB,sEAAsE;IACtE,OAAO,CAAC,QAAQ,CAAoD;IAEpE,mEAAmE;IACnE,OAAO,CAAC,IAAI,CAA4B;IAExC,iEAAiE;IACjE,OAAO,CAAC,SAAS,CAA0B;IAE3C;;;;;OAKG;IACH,OAAO,eAIH;IAEJ;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACH,OAAa,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAyBhG;YAca,sBAAsB;YAqCtB,uBAAuB;YA8CvB,WAAW;IAwBzB;;;;;;;;;;;;OAYG;IACH,KAAK,IAAI,IAAI,CAOZ;CACF"}
+{"version":3,"file":"extension_wallet.d.ts","sourceRoot":"","sources":["../../../src/providers/extension/extension_wallet.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,KAAK,MAAM,EAAgB,MAAM,wBAAwB,CAAC;AAOnE,OAAO,KAAK,EAAE,UAAU,EAAiC,MAAM,gBAAgB,CAAC;AAahF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,qBAAa,eAAe;IAaxB,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,IAAI;IACZ,OAAO,CAAC,SAAS;IAhBnB,sEAAsE;IACtE,OAAO,CAAC,QAAQ,CAAoD;IAEpE;;;;;;;OAOG;IACH,OAAO,eAMH;IAEJ;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,CAAC,MAAM,CACX,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,SAAS,EACpB,IAAI,EAAE,WAAW,EACjB,SAAS,EAAE,SAAS,EACpB,KAAK,EAAE,MAAM,GACZ,MAAM,CA0BR;YAUa,uBAAuB;YA8CvB,WAAW;IAwBzB;;;;;;;;;;;;;OAaG;IACH,KAAK,IAAI,IAAI,CAKZ;CACF"}

package/dest/providers/extension/extension_wallet.js

@@ -2,31 +2,33 @@ import { WalletSchema } from '@aztec/aztec.js/wallet';
 import { jsonStringify } from '@aztec/foundation/json-rpc';
 import { promiseWithResolvers } from '@aztec/foundation/promise';
 import { schemaHasMethod } from '@aztec/foundation/schemas';
-import { decrypt, deriveSharedKey, encrypt, exportPublicKey, generateKeyPair, importPublicKey } from '../../crypto.js';
+import { decrypt, encrypt } from '../../crypto.js';
 /**
  * A wallet implementation that communicates with browser extension wallets
  * using a secure encrypted MessageChannel.
  *
- * This class establishes a private communication channel with a wallet extension
- * using the following security mechanisms:
+ * This class uses a pre-established secure channel from the discovery phase:
  *
- * 1. **MessageChannel**: Creates a private communication channel that is not
- *    visible to other scripts on the page (unlike window.postMessage).
+ * 1. **MessageChannel**: A private communication channel created during discovery,
+ *    not visible to other scripts on the page (unlike window.postMessage).
  *
- * 2. **ECDH Key Exchange**: Uses Elliptic Curve Diffie-Hellman to derive a
- *    shared secret between the dApp and wallet without transmitting private keys.
+ * 2. **ECDH Key Exchange**: The shared secret was derived during discovery using
+ *    Elliptic Curve Diffie-Hellman key exchange.
  *
- * 3. **AES-GCM Encryption**: All messages after channel establishment are
- *    encrypted using AES-256-GCM, providing both confidentiality and authenticity.
+ * 3. **AES-GCM Encryption**: All messages are encrypted using AES-256-GCM,
+ *    providing both confidentiality and authenticity.
  *
  * @example
  * ```typescript
- * // Discovery returns wallet info including the wallet's public key
+ * // Discovery returns wallets with secure channel components
  * const wallets = await ExtensionProvider.discoverExtensions(chainInfo);
- * const walletInfo = wallets[0];
+ * const { info, port, sharedKey } = wallets[0];
  *
- * // Create a secure connection to the wallet
- * const wallet = await ExtensionWallet.create(walletInfo, chainInfo, 'my-dapp');
+ * // User can verify emoji if desired
+ * console.log('Verify:', hashToEmoji(info.verificationHash!));
+ *
+ * // Create wallet using the discovered components
+ * const wallet = await ExtensionWallet.create(info, chainInfo, port, sharedKey, 'my-dapp');
  *
  * // All subsequent calls are encrypted
  * const accounts = await wallet.getAccounts();
@@ -35,53 +37,54 @@ import { decrypt, deriveSharedKey, encrypt, exportPublicKey, generateKeyPair, im
     chainInfo;
     appId;
     extensionId;
+    port;
+    sharedKey;
     /** Map of pending requests awaiting responses, keyed by message ID */ inFlight;
-    /** The MessagePort for private communication with the extension */ port;
-    /** The derived AES-GCM key for encrypting/decrypting messages */ sharedKey;
     /**
    * Private constructor - use {@link ExtensionWallet.create} to instantiate.
    * @param chainInfo - The chain information (chainId and version)
    * @param appId - Application identifier for the requesting dApp
    * @param extensionId - The unique identifier of the target wallet extension
-   */ constructor(chainInfo, appId, extensionId){
+   * @param port - The MessagePort for private communication with the wallet
+   * @param sharedKey - The derived AES-256-GCM shared key for encryption
+   */ constructor(chainInfo, appId, extensionId, port, sharedKey){
         this.chainInfo = chainInfo;
         this.appId = appId;
         this.extensionId = extensionId;
+        this.port = port;
+        this.sharedKey = sharedKey;
         this.inFlight = new Map();
-        this.port = null;
-        this.sharedKey = null;
     }
     /**
    * Creates an ExtensionWallet instance that proxies wallet calls to a browser extension
    * over a secure encrypted MessageChannel.
    *
-   * The connection process:
-   * 1. Generates an ECDH key pair for this session
-   * 2. Derives a shared AES-256 key using the wallet's public key
-   * 3. Creates a MessageChannel and transfers one port to the extension
-   * 4. Returns a Proxy that encrypts all wallet method calls
-   *
-   * @param walletInfo - The discovered wallet information, including the wallet's ECDH public key
+   * @param walletInfo - The wallet info from ExtensionProvider.discoverExtensions()
    * @param chainInfo - The chain information (chainId and version) for request context
+   * @param port - The MessagePort for private communication with the wallet
+   * @param sharedKey - The derived AES-256-GCM shared key for encryption
    * @param appId - Application identifier used to identify the requesting dApp to the wallet
    * @returns A Promise resolving to a Wallet implementation that encrypts all communication
    *
-   * @throws Error if the secure channel cannot be established
-   *
    * @example
    * ```typescript
+   * const wallets = await ExtensionProvider.discoverExtensions(chainInfo);
+   * const { info, port, sharedKey } = wallets[0];
    * const wallet = await ExtensionWallet.create(
-   *   walletInfo,
+   *   info,
    *   { chainId: Fr(31337), version: Fr(0) },
+   *   port,
+   *   sharedKey,
    *   'my-defi-app'
    * );
    * ```
-   */ static async create(walletInfo, chainInfo, appId) {
-        const wallet = new ExtensionWallet(chainInfo, appId, walletInfo.id);
-        if (!walletInfo.publicKey) {
-            throw new Error('Wallet does not support secure channel establishment (missing public key)');
-        }
-        await wallet.establishSecureChannel(walletInfo.publicKey);
+   */ static create(walletInfo, chainInfo, port, sharedKey, appId) {
+        const wallet = new ExtensionWallet(chainInfo, appId, walletInfo.id, port, sharedKey);
+        // Set up message handler
+        wallet.port.onmessage = (event)=>{
+            void wallet.handleEncryptedResponse(event.data);
+        };
+        wallet.port.start();
         // Create a Proxy that intercepts wallet method calls and forwards them to the extension
         return new Proxy(wallet, {
             get: (target, prop)=>{
@@ -100,41 +103,6 @@ import { decrypt, deriveSharedKey, encrypt, exportPublicKey, generateKeyPair, im
         });
     }
     /**
-   * Establishes a secure MessageChannel with ECDH key exchange.
-   *
-   * This method performs the cryptographic handshake:
-   * 1. Generates a new ECDH P-256 key pair for this session
-   * 2. Imports the wallet's public key and derives a shared secret
-   * 3. Creates a MessageChannel for private communication
-   * 4. Sends a connection request with our public key via window.postMessage
-   *    (this is the only public message - subsequent communication uses the private channel)
-   *
-   * @param walletExportedPublicKey - The wallet's ECDH public key in JWK format
-   */ async establishSecureChannel(walletExportedPublicKey) {
-        const keyPair = await generateKeyPair();
-        const exportedPublicKey = await exportPublicKey(keyPair.publicKey);
-        const walletPublicKey = await importPublicKey(walletExportedPublicKey);
-        this.sharedKey = await deriveSharedKey(keyPair.privateKey, walletPublicKey);
-        const channel = new MessageChannel();
-        this.port = channel.port1;
-        this.port.onmessage = async (event)=>{
-            await this.handleEncryptedResponse(event.data);
-        };
-        this.port.start();
-        // Send connection request with our public key and transfer port2 to content script
-        // This is the only public postMessage - it contains our public key (safe to expose)
-        // and transfers the MessagePort for subsequent private communication
-        const connectRequest = {
-            type: 'aztec-wallet-connect',
-            walletId: this.extensionId,
-            appId: this.appId,
-            publicKey: exportedPublicKey
-        };
-        window.postMessage(jsonStringify(connectRequest), '*', [
-            channel.port2
-        ]);
-    }
-    /**
    * Handles an encrypted response received from the wallet extension.
    *
    * Decrypts the response using the shared AES key and resolves or rejects
@@ -171,7 +139,7 @@ import { decrypt, deriveSharedKey, encrypt, exportPublicKey, generateKeyPair, im
    * Sends an encrypted wallet method call over the secure MessageChannel.
    *
    * The message is encrypted using AES-256-GCM with the shared key derived
-   * during channel establishment. A unique message ID is generated to correlate
+   * during discovery. A unique message ID is generated to correlate
    * the response.
    *
    * @param call - The wallet method call containing method name and arguments
@@ -210,16 +178,15 @@ import { decrypt, deriveSharedKey, encrypt, exportPublicKey, generateKeyPair, im
    *
    * @example
    * ```typescript
-   * const wallet = await ExtensionWallet.create(walletInfo, chainInfo, 'my-app');
+   * const { info, port, sharedKey } = wallets[0];
+   * const wallet = await ExtensionWallet.create(info, chainInfo, port, sharedKey, 'my-app');
    * // ... use wallet ...
    * wallet.close(); // Clean up when done
    * ```
    */ close() {
         if (this.port) {
             this.port.close();
-            this.port = null;
         }
-        this.sharedKey = null;
         this.inFlight.clear();
     }
 }

package/dest/providers/extension/index.d.ts

@@ -1,5 +1,5 @@
 export { ExtensionWallet } from './extension_wallet.js';
-export { ExtensionProvider } from './extension_provider.js';
+export { ExtensionProvider, type DiscoveredWallet } from './extension_provider.js';
 export * from '../../crypto.js';
-export type { WalletInfo, WalletMessage, WalletResponse, DiscoveryRequest, DiscoveryResponse, ConnectRequest, } from '../../types.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9wcm92aWRlcnMvZXh0ZW5zaW9uL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUN4RCxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUM1RCxjQUFjLGlCQUFpQixDQUFDO0FBQ2hDLFlBQVksRUFDVixVQUFVLEVBQ1YsYUFBYSxFQUNiLGNBQWMsRUFDZCxnQkFBZ0IsRUFDaEIsaUJBQWlCLEVBQ2pCLGNBQWMsR0FDZixNQUFNLGdCQUFnQixDQUFDIn0=
+export type { WalletInfo, WalletMessage, WalletResponse, DiscoveryRequest, DiscoveryResponse } from '../../types.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9wcm92aWRlcnMvZXh0ZW5zaW9uL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUN4RCxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsS0FBSyxnQkFBZ0IsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQ25GLGNBQWMsaUJBQWlCLENBQUM7QUFDaEMsWUFBWSxFQUFFLFVBQVUsRUFBRSxhQUFhLEVBQUUsY0FBYyxFQUFFLGdCQUFnQixFQUFFLGlCQUFpQixFQUFFLE1BQU0sZ0JBQWdCLENBQUMifQ==

package/dest/providers/extension/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/providers/extension/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,cAAc,iBAAiB,CAAC;AAChC,YAAY,EACV,UAAU,EACV,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,GACf,MAAM,gBAAgB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/providers/extension/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,KAAK,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AACnF,cAAc,iBAAiB,CAAC;AAChC,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC"}

package/dest/types.d.ts

@@ -14,6 +14,12 @@ export interface WalletInfo {
     version: string;
     /** Wallet's ECDH public key for secure channel establishment */
     publicKey: ExportedPublicKey;
+    /**
+     * Hash of the shared secret for anti-MITM verification.
+     * Both dApp and wallet independently compute this from the ECDH shared secret.
+     * Use {@link hashToEmoji} to convert to a visual representation for user verification.
+     */
+    verificationHash?: string;
 }
 /**
  * Message format for wallet communication (internal, before encryption)
@@ -55,6 +61,8 @@ export interface DiscoveryRequest {
     requestId: string;
     /** Chain information to check if wallet supports this network */
     chainInfo: ChainInfo;
+    /** dApp's ECDH public key for deriving shared secret */
+    publicKey: ExportedPublicKey;
 }
 /**
  * Discovery response from a wallet (public, unencrypted)
@@ -67,17 +75,4 @@ export interface DiscoveryResponse {
     /** Wallet information */
     walletInfo: WalletInfo;
 }
-/**
- * Connection request to establish secure channel
- */
-export interface ConnectRequest {
-    /** Message type for connection */
-    type: 'aztec-wallet-connect';
-    /** Target wallet ID */
-    walletId: string;
-    /** Application ID */
-    appId: string;
-    /** dApp's ECDH public key for deriving shared secret */
-    publicKey: ExportedPublicKey;
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUV6RCxPQUFPLEtBQUssRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUVyRDs7R0FFRztBQUNILE1BQU0sV0FBVyxVQUFVO0lBQ3pCLHVDQUF1QztJQUN2QyxFQUFFLEVBQUUsTUFBTSxDQUFDO0lBQ1gsaUNBQWlDO0lBQ2pDLElBQUksRUFBRSxNQUFNLENBQUM7SUFDYiwrQkFBK0I7SUFDL0IsSUFBSSxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ2QscUJBQXFCO0lBQ3JCLE9BQU8sRUFBRSxNQUFNLENBQUM7SUFDaEIsZ0VBQWdFO0lBQ2hFLFNBQVMsRUFBRSxpQkFBaUIsQ0FBQztDQUM5QjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLGFBQWE7SUFDNUIsK0NBQStDO0lBQy9DLFNBQVMsRUFBRSxNQUFNLENBQUM7SUFDbEIsZ0NBQWdDO0lBQ2hDLElBQUksRUFBRSxNQUFNLENBQUM7SUFDYiwrQkFBK0I7SUFDL0IsSUFBSSxFQUFFLE9BQU8sRUFBRSxDQUFDO0lBQ2hCLHdCQUF3QjtJQUN4QixTQUFTLEVBQUUsU0FBUyxDQUFDO0lBQ3JCLHdDQUF3QztJQUN4QyxLQUFLLEVBQUUsTUFBTSxDQUFDO0lBQ2QsNENBQTRDO0lBQzVDLFFBQVEsRUFBRSxNQUFNLENBQUM7Q0FDbEI7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyxjQUFjO0lBQzdCLHNDQUFzQztJQUN0QyxTQUFTLEVBQUUsTUFBTSxDQUFDO0lBQ2xCLGtDQUFrQztJQUNsQyxNQUFNLENBQUMsRUFBRSxPQUFPLENBQUM7SUFDakIsNkJBQTZCO0lBQzdCLEtBQUssQ0FBQyxFQUFFLE9BQU8sQ0FBQztJQUNoQix1Q0FBdUM7SUFDdkMsUUFBUSxFQUFFLE1BQU0sQ0FBQztDQUNsQjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLGdCQUFnQjtJQUMvQixpQ0FBaUM7SUFDakMsSUFBSSxFQUFFLHdCQUF3QixDQUFDO0lBQy9CLGlCQUFpQjtJQUNqQixTQUFTLEVBQUUsTUFBTSxDQUFDO0lBQ2xCLGlFQUFpRTtJQUNqRSxTQUFTLEVBQUUsU0FBUyxDQUFDO0NBQ3RCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsaUJBQWlCO0lBQ2hDLDBDQUEwQztJQUMxQyxJQUFJLEVBQUUsaUNBQWlDLENBQUM7SUFDeEMsZ0RBQWdEO0lBQ2hELFNBQVMsRUFBRSxNQUFNLENBQUM7SUFDbEIseUJBQXlCO0lBQ3pCLFVBQVUsRUFBRSxVQUFVLENBQUM7Q0FDeEI7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyxjQUFjO0lBQzdCLGtDQUFrQztJQUNsQyxJQUFJLEVBQUUsc0JBQXNCLENBQUM7SUFDN0IsdUJBQXVCO0lBQ3ZCLFFBQVEsRUFBRSxNQUFNLENBQUM7SUFDakIscUJBQXFCO0lBQ3JCLEtBQUssRUFBRSxNQUFNLENBQUM7SUFDZCx3REFBd0Q7SUFDeEQsU0FBUyxFQUFFLGlCQUFpQixDQUFDO0NBQzlCIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUV6RCxPQUFPLEtBQUssRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUVyRDs7R0FFRztBQUNILE1BQU0sV0FBVyxVQUFVO0lBQ3pCLHVDQUF1QztJQUN2QyxFQUFFLEVBQUUsTUFBTSxDQUFDO0lBQ1gsaUNBQWlDO0lBQ2pDLElBQUksRUFBRSxNQUFNLENBQUM7SUFDYiwrQkFBK0I7SUFDL0IsSUFBSSxDQUFDLEVBQUUsTUFBTSxDQUFDO0lBQ2QscUJBQXFCO0lBQ3JCLE9BQU8sRUFBRSxNQUFNLENBQUM7SUFDaEIsZ0VBQWdFO0lBQ2hFLFNBQVMsRUFBRSxpQkFBaUIsQ0FBQztJQUM3Qjs7OztPQUlHO0lBQ0gsZ0JBQWdCLENBQUMsRUFBRSxNQUFNLENBQUM7Q0FDM0I7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyxhQUFhO0lBQzVCLCtDQUErQztJQUMvQyxTQUFTLEVBQUUsTUFBTSxDQUFDO0lBQ2xCLGdDQUFnQztJQUNoQyxJQUFJLEVBQUUsTUFBTSxDQUFDO0lBQ2IsK0JBQStCO0lBQy9CLElBQUksRUFBRSxPQUFPLEVBQUUsQ0FBQztJQUNoQix3QkFBd0I7SUFDeEIsU0FBUyxFQUFFLFNBQVMsQ0FBQztJQUNyQix3Q0FBd0M7SUFDeEMsS0FBSyxFQUFFLE1BQU0sQ0FBQztJQUNkLDRDQUE0QztJQUM1QyxRQUFRLEVBQUUsTUFBTSxDQUFDO0NBQ2xCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsY0FBYztJQUM3QixzQ0FBc0M7SUFDdEMsU0FBUyxFQUFFLE1BQU0sQ0FBQztJQUNsQixrQ0FBa0M7SUFDbEMsTUFBTSxDQUFDLEVBQUUsT0FBTyxDQUFDO0lBQ2pCLDZCQUE2QjtJQUM3QixLQUFLLENBQUMsRUFBRSxPQUFPLENBQUM7SUFDaEIsdUNBQXVDO0lBQ3ZDLFFBQVEsRUFBRSxNQUFNLENBQUM7Q0FDbEI7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyxnQkFBZ0I7SUFDL0IsaUNBQWlDO0lBQ2pDLElBQUksRUFBRSx3QkFBd0IsQ0FBQztJQUMvQixpQkFBaUI7SUFDakIsU0FBUyxFQUFFLE1BQU0sQ0FBQztJQUNsQixpRUFBaUU7SUFDakUsU0FBUyxFQUFFLFNBQVMsQ0FBQztJQUNyQix3REFBd0Q7SUFDeEQsU0FBUyxFQUFFLGlCQUFpQixDQUFDO0NBQzlCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFdBQVcsaUJBQWlCO0lBQ2hDLDBDQUEwQztJQUMxQyxJQUFJLEVBQUUsaUNBQWlDLENBQUM7SUFDeEMsZ0RBQWdEO0lBQ2hELFNBQVMsRUFBRSxNQUFNLENBQUM7SUFDbEIseUJBQXlCO0lBQ3pCLFVBQVUsRUFBRSxVQUFVLENBQUM7Q0FDeEIifQ==

package/dest/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAEzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,uCAAuC;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,iCAAiC;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,gEAAgE;IAChE,SAAS,EAAE,iBAAiB,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,+CAA+C;IAC/C,SAAS,EAAE,MAAM,CAAC;IAClB,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,IAAI,EAAE,OAAO,EAAE,CAAC;IAChB,wBAAwB;IACxB,SAAS,EAAE,SAAS,CAAC;IACrB,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,6BAA6B;IAC7B,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iCAAiC;IACjC,IAAI,EAAE,wBAAwB,CAAC;IAC/B,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,iEAAiE;IACjE,SAAS,EAAE,SAAS,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,0CAA0C;IAC1C,IAAI,EAAE,iCAAiC,CAAC;IACxC,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,UAAU,EAAE,UAAU,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,kCAAkC;IAClC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,SAAS,EAAE,iBAAiB,CAAC;CAC9B"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAEzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,uCAAuC;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,iCAAiC;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,gEAAgE;IAChE,SAAS,EAAE,iBAAiB,CAAC;IAC7B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,+CAA+C;IAC/C,SAAS,EAAE,MAAM,CAAC;IAClB,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,IAAI,EAAE,OAAO,EAAE,CAAC;IAChB,wBAAwB;IACxB,SAAS,EAAE,SAAS,CAAC;IACrB,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,6BAA6B;IAC7B,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iCAAiC;IACjC,IAAI,EAAE,wBAAwB,CAAC;IAC/B,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,iEAAiE;IACjE,SAAS,EAAE,SAAS,CAAC;IACrB,wDAAwD;IACxD,SAAS,EAAE,iBAAiB,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,0CAA0C;IAC1C,IAAI,EAAE,iCAAiC,CAAC;IACxC,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,UAAU,EAAE,UAAU,CAAC;CACxB"}

package/dest/types.js

@@ -1,3 +1,3 @@
 /**
- * Connection request to establish secure channel
+ * Discovery response from a wallet (public, unencrypted)
  */ export { };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aztec/wallet-sdk",
   "homepage": "https://github.com/AztecProtocol/aztec-packages/tree/master/yarn-project/wallet-sdk",
-  "version": "4.0.0-nightly.20260113",
+  "version": "4.0.0-nightly.20260115",
   "type": "module",
   "exports": {
     "./base-wallet": "./dest/base-wallet/index.js",
@@ -64,19 +64,19 @@
     ]
   },
   "dependencies": {
-    "@aztec/aztec.js": "4.0.0-nightly.20260113",
-    "@aztec/constants": "4.0.0-nightly.20260113",
-    "@aztec/entrypoints": "4.0.0-nightly.20260113",
-    "@aztec/foundation": "4.0.0-nightly.20260113",
-    "@aztec/pxe": "4.0.0-nightly.20260113",
-    "@aztec/stdlib": "4.0.0-nightly.20260113"
+    "@aztec/aztec.js": "4.0.0-nightly.20260115",
+    "@aztec/constants": "4.0.0-nightly.20260115",
+    "@aztec/entrypoints": "4.0.0-nightly.20260115",
+    "@aztec/foundation": "4.0.0-nightly.20260115",
+    "@aztec/pxe": "4.0.0-nightly.20260115",
+    "@aztec/stdlib": "4.0.0-nightly.20260115"
   },
   "devDependencies": {
-    "@aztec/noir-contracts.js": "4.0.0-nightly.20260113",
+    "@aztec/noir-contracts.js": "4.0.0-nightly.20260115",
     "@jest/globals": "^30.0.0",
     "@types/jest": "^30.0.0",
     "@types/node": "^22.15.17",
-    "@typescript/native-preview": "7.0.0-dev.20251126.1",
+    "@typescript/native-preview": "7.0.0-dev.20260113.1",
     "jest": "^30.0.0",
     "jest-mock-extended": "^4.0.0",
     "resolve-typescript-plugin": "^2.0.1",

package/src/base-wallet/base_wallet.ts

@@ -34,14 +34,13 @@ import {
 import type { AuthWitness } from '@aztec/stdlib/auth-witness';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import {
-  type ContractClassMetadata,
   type ContractInstanceWithAddress,
-  type ContractMetadata,
   computePartialAddress,
   getContractClassFromArtifact,
 } from '@aztec/stdlib/contract';
 import { SimulationError } from '@aztec/stdlib/errors';
 import { Gas, GasSettings } from '@aztec/stdlib/gas';
+import { siloNullifier } from '@aztec/stdlib/hash';
 import type { AztecNode } from '@aztec/stdlib/interfaces/client';
 import type {
   TxExecutionRequest,
@@ -227,7 +226,7 @@ export abstract class BaseWallet implements Wallet {
     artifact?: ContractArtifact,
     secretKey?: Fr,
   ): Promise<ContractInstanceWithAddress> {
-    const { contractInstance: existingInstance } = await this.pxe.getContractMetadata(instance.address);
+    const existingInstance = await this.pxe.getContractInstance(instance.address);
 
     if (existingInstance) {
       // Instance already registered in the wallet
@@ -244,13 +243,12 @@ export abstract class BaseWallet implements Wallet {
       // Instance not registered yet
       if (!artifact) {
         // Try to get the artifact from the wallet's contract class storage
-        const classMetadata = await this.pxe.getContractClassMetadata(instance.currentContractClassId, true);
-        if (!classMetadata.artifact) {
+        artifact = await this.pxe.getContractArtifact(instance.currentContractClassId);
+        if (!artifact) {
           throw new Error(
             `Cannot register contract at ${instance.address.toString()}: artifact is required but not provided, and wallet does not have the artifact for contract class ${instance.currentContractClassId.toString()}`,
           );
         }
-        artifact = classMetadata.artifact;
       }
       await this.pxe.registerContract({ artifact, instance });
     }
@@ -315,13 +313,6 @@ export abstract class BaseWallet implements Wallet {
     return this.pxe.simulateUtility(call, authwits);
   }
 
-  getContractClassMetadata(id: Fr, includeArtifact: boolean = false): Promise<ContractClassMetadata> {
-    return this.pxe.getContractClassMetadata(id, includeArtifact);
-  }
-  getContractMetadata(address: AztecAddress): Promise<ContractMetadata> {
-    return this.pxe.getContractMetadata(address);
-  }
-
   getTxReceipt(txHash: TxHash): Promise<TxReceipt> {
     return this.aztecNode.getTxReceipt(txHash);
   }
@@ -345,4 +336,37 @@ export abstract class BaseWallet implements Wallet {
 
     return decodedEvents;
   }
+
+  async getContractMetadata(address: AztecAddress) {
+    const instance = await this.pxe.getContractInstance(address);
+    const initNullifier = await siloNullifier(address, address.toField());
+    const publiclyRegisteredContract = await this.aztecNode.getContract(address);
+    const [initNullifierMembershipWitness, publiclyRegisteredContractClass] = await Promise.all([
+      this.aztecNode.getNullifierMembershipWitness('latest', initNullifier),
+      publiclyRegisteredContract
+        ? this.aztecNode.getContractClass(
+            publiclyRegisteredContract.currentContractClassId || instance?.currentContractClassId,
+          )
+        : undefined,
+    ]);
+    const isContractUpdated =
+      publiclyRegisteredContract &&
+      !publiclyRegisteredContract.currentContractClassId.equals(publiclyRegisteredContract.originalContractClassId);
+    return {
+      instance: instance ?? undefined,
+      isContractInitialized: !!initNullifierMembershipWitness,
+      isContractPublished: !!publiclyRegisteredContract,
+      isContractClassPubliclyRegistered: !!publiclyRegisteredContractClass,
+      isContractUpdated: !!isContractUpdated,
+      updatedContractClassId: isContractUpdated ? publiclyRegisteredContract.currentContractClassId : undefined,
+    };
+  }
+
+  async getContractClassMetadata(id: Fr) {
+    const publiclyRegisteredContractClass = await this.aztecNode.getContractClass(id);
+    return {
+      isArtifactRegistered: !!(await this.pxe.getContractArtifact(id)),
+      isContractClassPubliclyRegistered: !!publiclyRegisteredContractClass,
+    };
+  }
 }

package/src/crypto.ts

@@ -192,7 +192,7 @@ export function deriveSharedKey(privateKey: CryptoKey, publicKey: CryptoKey): Pr
       name: 'AES-GCM',
       length: 256,
     },
-    false,
+    true, // extractable - needed for hashing
     ['encrypt', 'decrypt'],
   );
 }
@@ -281,3 +281,95 @@ function base64ToArrayBuffer(base64: string): ArrayBuffer {
   }
   return bytes.buffer;
 }
+
+/**
+ * Emoji alphabet for visual verification of shared secrets.
+ * 32 distinct, easily recognizable emojis for anti-spoofing verification.
+ * @internal
+ */
+const EMOJI_ALPHABET = [
+  '🔵',
+  '🟢',
+  '🔴',
+  '🟡',
+  '🟣',
+  '🟠',
+  '⚫',
+  '⚪',
+  '🌟',
+  '🌙',
+  '☀️',
+  '🌈',
+  '🔥',
+  '💧',
+  '🌸',
+  '🍀',
+  '🦋',
+  '🐬',
+  '🦊',
+  '🐼',
+  '🦁',
+  '🐯',
+  '🐸',
+  '🦉',
+  '🎵',
+  '🎨',
+  '🎯',
+  '🎲',
+  '🔔',
+  '💎',
+  '🔑',
+  '🏆',
+];
+
+/**
+ * Hashes a shared AES key to a hex string for verification.
+ *
+ * This extracts the raw key material and hashes it with SHA-256,
+ * returning the first 16 bytes as a hex string.
+ *
+ * @param sharedKey - The AES-GCM shared key (must be extractable)
+ * @returns A hex string representation of the hash
+ *
+ * @example
+ * ```typescript
+ * const hash = await hashSharedSecret(sharedKey);
+ * const emoji = hashToEmoji(hash);
+ * ```
+ */
+export async function hashSharedSecret(sharedKey: CryptoKey): Promise<string> {
+  const rawKey = await crypto.subtle.exportKey('raw', sharedKey);
+  const hash = await crypto.subtle.digest('SHA-256', rawKey);
+  const bytes = new Uint8Array(hash.slice(0, 16));
+  return Array.from(bytes)
+    .map(b => b.toString(16).padStart(2, '0'))
+    .join('');
+}
+
+/**
+ * Converts a hex hash to an emoji sequence for visual verification.
+ *
+ * This is used for anti-MITM verification - both the dApp and wallet
+ * independently compute the same emoji sequence from the shared secret.
+ * Users can visually compare the sequences to detect interception.
+ *
+ * Similar to SAS (Short Authentication String) in ZRTP/Signal.
+ *
+ * @param hash - Hex string from {@link hashSharedSecret}
+ * @param length - Number of emojis to generate (default: 4)
+ * @returns A string of emojis representing the hash
+ *
+ * @example
+ * ```typescript
+ * const hash = await hashSharedSecret(sharedKey);
+ * const emoji = hashToEmoji(hash); // e.g., "🔵🦋🎯🐼"
+ * // Display to user for verification
+ * ```
+ */
+export function hashToEmoji(hash: string, length: number = 4): string {
+  const bytes: number[] = [];
+  for (let i = 0; i < hash.length && bytes.length < length; i += 2) {
+    bytes.push(parseInt(hash.slice(i, i + 2), 16));
+  }
+  return bytes.map(b => EMOJI_ALPHABET[b % EMOJI_ALPHABET.length]).join('');
+}