@aztec/wallet-sdk 4.1.2 → 4.2.0-aztecnr-rc.2

package/dest/iframe/handlers/iframe_connection_handler.d.ts

@@ -0,0 +1,118 @@
+/**
+ * IframeConnectionHandler — wallet-side of the cross-origin iframe protocol.
+ *
+ * This mirrors {@link BackgroundConnectionHandler} from `@aztec/wallet-sdk/extension/handlers`
+ * but uses `window.postMessage` instead of browser.runtime messaging.
+ *
+ * Message flow (wallet receives):
+ *   parent → DISCOVERY            → show approval UI → send DISCOVERY_RESPONSE
+ *   parent → KEY_EXCHANGE_REQUEST → ECDH             → send KEY_EXCHANGE_RESPONSE
+ *   parent → SECURE_MESSAGE       → decrypt → Wallet → encrypt → SECURE_RESPONSE
+ *   parent → DISCONNECT           → terminate session
+ *
+ * The wallet announces itself by posting WALLET_READY as soon as the handler starts,
+ * so the dApp knows it can send a discovery request.
+ */
+import type { ChainInfo } from '@aztec/aztec.js/account';
+import type { Wallet } from '@aztec/aztec.js/wallet';
+/**
+ * A pending discovery request from a dApp (before user approval).
+ */
+export interface PendingSession {
+    /** Unique request identifier */
+    requestId: string;
+    /** Application identifier */
+    appId: string;
+    /** Origin URL of the requesting page */
+    origin: string;
+    /** Approval status */
+    status: 'pending' | 'approved';
+}
+/**
+ * An active session (after key exchange).
+ */
+export interface ActiveSession {
+    /** Session identifier (same as the discovery requestId) */
+    sessionId: string;
+    /** AES-256-GCM shared key for this session */
+    sharedKey: CryptoKey;
+    /** Verification hash for emoji display */
+    verificationHash: string;
+    /** Origin URL of the connected dApp */
+    origin: string;
+    /** Application identifier */
+    appId: string;
+}
+/**
+ * Configuration for the iframe connection handler.
+ */
+export interface IframeConnectionConfig {
+    /** Unique wallet identifier */
+    walletId: string;
+    /** Display name for the wallet */
+    walletName: string;
+    /** Wallet version string */
+    walletVersion: string;
+    /** Optional wallet icon URL */
+    walletIcon?: string;
+    /** Origins allowed to connect. If empty or undefined, all origins are allowed (dev mode). */
+    allowedOrigins?: string[];
+}
+/**
+ * Event callbacks for the iframe connection handler.
+ */
+export interface IframeConnectionCallbacks {
+    /** Called when a new discovery request arrives — wallet can show approval UI */
+    onPendingDiscovery?: (session: PendingSession) => void;
+    /** Called when a session is established (key exchange complete) */
+    onSessionEstablished?: (session: ActiveSession) => void;
+    /** Called when a session is terminated */
+    onSessionTerminated?: (sessionId: string) => void;
+    /** Called when a key exchange completes — show verificationHash as emojis to the user */
+    onVerificationHash?: (verificationHash: string) => void;
+    /**
+     * Resolves the Wallet instance to use for a given dApp and chain.
+     * Called when an encrypted message arrives and needs to be dispatched.
+     */
+    getWallet: (appId: string, chainInfo: ChainInfo) => Promise<Wallet>;
+}
+/**
+ * Handles the wallet side of the cross-origin iframe protocol.
+ *
+ * Manages the full lifecycle: discovery, ECDH key exchange, encrypted message
+ * dispatch to a {@link Wallet} instance, and session termination.
+ *
+ * @example
+ * ```typescript
+ * const handler = new IframeConnectionHandler(
+ *   { walletId: 'my-wallet', walletName: 'My Wallet', walletVersion: '1.0.0' },
+ *   {
+ *     onPendingDiscovery: (session) => showApprovalUI(session),
+ *     getWallet: (appId, chainInfo) => createWalletForApp(appId, chainInfo),
+ *   },
+ * );
+ * handler.start();
+ * ```
+ */
+export declare class IframeConnectionHandler {
+    private config;
+    private callbacks;
+    private pendingSessions;
+    private activeSessions;
+    private log;
+    constructor(config: IframeConnectionConfig, callbacks: IframeConnectionCallbacks);
+    start(): void;
+    stop(): void;
+    approveDiscovery(requestId: string): void;
+    rejectDiscovery(requestId: string): void;
+    terminateSession(sessionId: string): void;
+    getPendingSessions(): PendingSession[];
+    private handleMessage;
+    private handleMessageAsync;
+    private handleDiscoveryRequest;
+    private handleKeyExchangeRequest;
+    private handleSecureMessage;
+    private postToParent;
+    private postToOrigin;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWZyYW1lX2Nvbm5lY3Rpb25faGFuZGxlci5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2lmcmFtZS9oYW5kbGVycy9pZnJhbWVfY29ubmVjdGlvbl9oYW5kbGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7Ozs7OztHQWNHO0FBQ0gsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFFekQsT0FBTyxLQUFLLEVBQUUsTUFBTSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFnQnJEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLGNBQWM7SUFDN0IsZ0NBQWdDO0lBQ2hDLFNBQVMsRUFBRSxNQUFNLENBQUM7SUFDbEIsNkJBQTZCO0lBQzdCLEtBQUssRUFBRSxNQUFNLENBQUM7SUFDZCx3Q0FBd0M7SUFDeEMsTUFBTSxFQUFFLE1BQU0sQ0FBQztJQUNmLHNCQUFzQjtJQUN0QixNQUFNLEVBQUUsU0FBUyxHQUFHLFVBQVUsQ0FBQztDQUNoQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLGFBQWE7SUFDNUIsMkRBQTJEO0lBQzNELFNBQVMsRUFBRSxNQUFNLENBQUM7SUFDbEIsOENBQThDO0lBQzlDLFNBQVMsRUFBRSxTQUFTLENBQUM7SUFDckIsMENBQTBDO0lBQzFDLGdCQUFnQixFQUFFLE1BQU0sQ0FBQztJQUN6Qix1Q0FBdUM7SUFDdkMsTUFBTSxFQUFFLE1BQU0sQ0FBQztJQUNmLDZCQUE2QjtJQUM3QixLQUFLLEVBQUUsTUFBTSxDQUFDO0NBQ2Y7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyxzQkFBc0I7SUFDckMsK0JBQStCO0lBQy9CLFFBQVEsRUFBRSxNQUFNLENBQUM7SUFDakIsa0NBQWtDO0lBQ2xDLFVBQVUsRUFBRSxNQUFNLENBQUM7SUFDbkIsNEJBQTRCO0lBQzVCLGFBQWEsRUFBRSxNQUFNLENBQUM7SUFDdEIsK0JBQStCO0lBQy9CLFVBQVUsQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUNwQiw2RkFBNkY7SUFDN0YsY0FBYyxDQUFDLEVBQUUsTUFBTSxFQUFFLENBQUM7Q0FDM0I7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyx5QkFBeUI7SUFDeEMsa0ZBQWdGO0lBQ2hGLGtCQUFrQixDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsY0FBYyxLQUFLLElBQUksQ0FBQztJQUN2RCxtRUFBbUU7SUFDbkUsb0JBQW9CLENBQUMsRUFBRSxDQUFDLE9BQU8sRUFBRSxhQUFhLEtBQUssSUFBSSxDQUFDO0lBQ3hELDBDQUEwQztJQUMxQyxtQkFBbUIsQ0FBQyxFQUFFLENBQUMsU0FBUyxFQUFFLE1BQU0sS0FBSyxJQUFJLENBQUM7SUFDbEQsMkZBQXlGO0lBQ3pGLGtCQUFrQixDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsRUFBRSxNQUFNLEtBQUssSUFBSSxDQUFDO0lBQ3hEOzs7T0FHRztJQUNILFNBQVMsRUFBRSxDQUFDLEtBQUssRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLFNBQVMsS0FBSyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7Q0FDckU7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FpQkc7QUFDSCxxQkFBYSx1QkFBdUI7SUFNaEMsT0FBTyxDQUFDLE1BQU07SUFDZCxPQUFPLENBQUMsU0FBUztJQU5uQixPQUFPLENBQUMsZUFBZSxDQUFxQztJQUM1RCxPQUFPLENBQUMsY0FBYyxDQUFvQztJQUMxRCxPQUFPLENBQUMsR0FBRyxDQUF5QztJQUVwRCxZQUNVLE1BQU0sRUFBRSxzQkFBc0IsRUFDOUIsU0FBUyxFQUFFLHlCQUF5QixFQUMxQztJQUVKLEtBQUssSUFBSSxJQUFJLENBSVo7SUFFRCxJQUFJLElBQUksSUFBSSxDQUVYO0lBRUQsZ0JBQWdCLENBQUMsU0FBUyxFQUFFLE1BQU0sR0FBRyxJQUFJLENBa0J4QztJQUVELGVBQWUsQ0FBQyxTQUFTLEVBQUUsTUFBTSxHQUFHLElBQUksQ0FFdkM7SUFFRCxnQkFBZ0IsQ0FBQyxTQUFTLEVBQUUsTUFBTSxHQUFHLElBQUksQ0FVeEM7SUFFRCxrQkFBa0IsSUFBSSxjQUFjLEVBQUUsQ0FFckM7SUFFRCxPQUFPLENBQUMsYUFBYSxDQUVuQjtZQUVZLGtCQUFrQjtJQTRCaEMsT0FBTyxDQUFDLHNCQUFzQjtZQVNoQix3QkFBd0I7WUE2Q3hCLG1CQUFtQjtJQXNEakMsT0FBTyxDQUFDLFlBQVk7SUFNcEIsT0FBTyxDQUFDLFlBQVk7Q0FLckIifQ==

package/dest/iframe/handlers/iframe_connection_handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"iframe_connection_handler.d.ts","sourceRoot":"","sources":["../../../src/iframe/handlers/iframe_connection_handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAEzD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAgBrD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,6BAA6B;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,MAAM,EAAE,SAAS,GAAG,UAAU,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2DAA2D;IAC3D,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,SAAS,EAAE,SAAS,CAAC;IACrB,0CAA0C;IAC1C,gBAAgB,EAAE,MAAM,CAAC;IACzB,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,6BAA6B;IAC7B,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,+BAA+B;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6FAA6F;IAC7F,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,kFAAgF;IAChF,kBAAkB,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;IACvD,mEAAmE;IACnE,oBAAoB,CAAC,EAAE,CAAC,OAAO,EAAE,aAAa,KAAK,IAAI,CAAC;IACxD,0CAA0C;IAC1C,mBAAmB,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,CAAC;IAClD,2FAAyF;IACzF,kBAAkB,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,KAAK,IAAI,CAAC;IACxD;;;OAGG;IACH,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CACrE;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,uBAAuB;IAMhC,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,SAAS;IANnB,OAAO,CAAC,eAAe,CAAqC;IAC5D,OAAO,CAAC,cAAc,CAAoC;IAC1D,OAAO,CAAC,GAAG,CAAyC;IAEpD,YACU,MAAM,EAAE,sBAAsB,EAC9B,SAAS,EAAE,yBAAyB,EAC1C;IAEJ,KAAK,IAAI,IAAI,CAIZ;IAED,IAAI,IAAI,IAAI,CAEX;IAED,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAkBxC;IAED,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAEvC;IAED,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAUxC;IAED,kBAAkB,IAAI,cAAc,EAAE,CAErC;IAED,OAAO,CAAC,aAAa,CAEnB;YAEY,kBAAkB;IA4BhC,OAAO,CAAC,sBAAsB;YAShB,wBAAwB;YA6CxB,mBAAmB;IAsDjC,OAAO,CAAC,YAAY;IAMpB,OAAO,CAAC,YAAY;CAKrB"}

package/dest/iframe/handlers/iframe_connection_handler.js

@@ -0,0 +1,228 @@
+/**
+ * IframeConnectionHandler — wallet-side of the cross-origin iframe protocol.
+ *
+ * This mirrors {@link BackgroundConnectionHandler} from `@aztec/wallet-sdk/extension/handlers`
+ * but uses `window.postMessage` instead of browser.runtime messaging.
+ *
+ * Message flow (wallet receives):
+ *   parent → DISCOVERY            → show approval UI → send DISCOVERY_RESPONSE
+ *   parent → KEY_EXCHANGE_REQUEST → ECDH             → send KEY_EXCHANGE_RESPONSE
+ *   parent → SECURE_MESSAGE       → decrypt → Wallet → encrypt → SECURE_RESPONSE
+ *   parent → DISCONNECT           → terminate session
+ *
+ * The wallet announces itself by posting WALLET_READY as soon as the handler starts,
+ * so the dApp knows it can send a discovery request.
+ */ import { createLogger } from '@aztec/aztec.js/log';
+import { WalletSchema } from '@aztec/aztec.js/wallet';
+import { jsonStringify } from '@aztec/foundation/json-rpc';
+import { parseWithOptionals, schemaHasMethod } from '@aztec/foundation/schemas';
+import { decrypt, deriveSessionKeys, encrypt, exportPublicKey, generateKeyPair, importPublicKey } from '../../crypto.js';
+import { WalletMessageType } from '../../types.js';
+/**
+ * Handles the wallet side of the cross-origin iframe protocol.
+ *
+ * Manages the full lifecycle: discovery, ECDH key exchange, encrypted message
+ * dispatch to a {@link Wallet} instance, and session termination.
+ *
+ * @example
+ * ```typescript
+ * const handler = new IframeConnectionHandler(
+ *   { walletId: 'my-wallet', walletName: 'My Wallet', walletVersion: '1.0.0' },
+ *   {
+ *     onPendingDiscovery: (session) => showApprovalUI(session),
+ *     getWallet: (appId, chainInfo) => createWalletForApp(appId, chainInfo),
+ *   },
+ * );
+ * handler.start();
+ * ```
+ */ export class IframeConnectionHandler {
+    config;
+    callbacks;
+    pendingSessions;
+    activeSessions;
+    log;
+    constructor(config, callbacks){
+        this.config = config;
+        this.callbacks = callbacks;
+        this.pendingSessions = new Map();
+        this.activeSessions = new Map();
+        this.log = createLogger('wallet:iframe-handler');
+        this.handleMessage = (event)=>{
+            void this.handleMessageAsync(event);
+        };
+    }
+    start() {
+        window.addEventListener('message', this.handleMessage);
+        this.postToParent({
+            type: WalletMessageType.WALLET_READY
+        });
+        this.log.info('IframeConnectionHandler started, posted WALLET_READY');
+    }
+    stop() {
+        window.removeEventListener('message', this.handleMessage);
+    }
+    approveDiscovery(requestId) {
+        const pending = this.pendingSessions.get(requestId);
+        if (!pending || pending.status !== 'pending') {
+            return;
+        }
+        pending.status = 'approved';
+        this.postToOrigin(pending.origin, {
+            type: WalletMessageType.DISCOVERY_RESPONSE,
+            requestId,
+            walletInfo: {
+                id: this.config.walletId,
+                name: this.config.walletName,
+                version: this.config.walletVersion,
+                icon: this.config.walletIcon
+            }
+        });
+        this.log.info(`Discovery approved for requestId=${requestId}`);
+    }
+    rejectDiscovery(requestId) {
+        this.pendingSessions.delete(requestId);
+    }
+    terminateSession(sessionId) {
+        const session = this.activeSessions.get(sessionId);
+        if (session) {
+            this.postToOrigin(session.origin, {
+                type: WalletMessageType.SESSION_DISCONNECTED,
+                sessionId
+            });
+            this.activeSessions.delete(sessionId);
+            this.callbacks.onSessionTerminated?.(sessionId);
+        }
+    }
+    getPendingSessions() {
+        return Array.from(this.pendingSessions.values()).filter((s)=>s.status === 'pending');
+    }
+    handleMessage;
+    async handleMessageAsync(event) {
+        if (this.config.allowedOrigins && this.config.allowedOrigins.length > 0) {
+            if (!this.config.allowedOrigins.includes(event.origin)) {
+                return;
+            }
+        }
+        const msg = event.data;
+        if (!msg || typeof msg !== 'object' || !msg.type) {
+            return;
+        }
+        switch(msg.type){
+            case WalletMessageType.DISCOVERY:
+                this.handleDiscoveryRequest(msg, event.origin);
+                break;
+            case WalletMessageType.KEY_EXCHANGE_REQUEST:
+                await this.handleKeyExchangeRequest(msg, event.origin);
+                break;
+            case WalletMessageType.SECURE_MESSAGE:
+                await this.handleSecureMessage(msg);
+                break;
+            case WalletMessageType.DISCONNECT:
+                this.terminateSession(msg.sessionId);
+                break;
+        }
+    }
+    handleDiscoveryRequest(msg, origin) {
+        // eslint-disable-next-line jsdoc/require-jsdoc
+        const { requestId, appId } = msg;
+        const pending = {
+            requestId,
+            appId,
+            origin,
+            status: 'pending'
+        };
+        this.pendingSessions.set(requestId, pending);
+        this.log.info(`Discovery request from appId=${appId} origin=${origin}`);
+        this.callbacks.onPendingDiscovery?.(pending);
+    }
+    async handleKeyExchangeRequest(msg, origin) {
+        const { requestId, publicKey: appPublicKeyRaw } = msg;
+        const pending = this.pendingSessions.get(requestId);
+        if (!pending || pending.status !== 'approved') {
+            this.log.warn(`Key exchange for unknown/unapproved requestId=${requestId}`);
+            return;
+        }
+        try {
+            const keyPair = await generateKeyPair();
+            const walletPublicKey = await exportPublicKey(keyPair.publicKey);
+            const appPublicKey = await importPublicKey(appPublicKeyRaw);
+            const sessionKeys = await deriveSessionKeys(keyPair, appPublicKey, false);
+            const session = {
+                sessionId: requestId,
+                sharedKey: sessionKeys.encryptionKey,
+                verificationHash: sessionKeys.verificationHash,
+                origin: pending.origin,
+                appId: pending.appId
+            };
+            this.activeSessions.set(requestId, session);
+            this.pendingSessions.delete(requestId);
+            this.postToOrigin(origin, {
+                type: WalletMessageType.KEY_EXCHANGE_RESPONSE,
+                requestId,
+                publicKey: walletPublicKey,
+                verificationHash: sessionKeys.verificationHash
+            });
+            this.callbacks.onVerificationHash?.(sessionKeys.verificationHash);
+            this.callbacks.onSessionEstablished?.(session);
+            this.log.info(`Key exchange complete, sessionId=${requestId}`);
+        } catch (err) {
+            this.log.error(`Key exchange failed: ${err}`);
+        }
+    }
+    async handleSecureMessage(msg) {
+        // eslint-disable-next-line jsdoc/require-jsdoc
+        const { sessionId, encrypted } = msg;
+        const session = this.activeSessions.get(sessionId);
+        if (!session) {
+            return;
+        }
+        let walletMessage;
+        try {
+            walletMessage = await decrypt(session.sharedKey, encrypted);
+        } catch  {
+            this.log.warn(`Decryption failed for sessionId=${sessionId}`);
+            return;
+        }
+        const { messageId, type, args, chainInfo, appId } = walletMessage;
+        let result;
+        let error;
+        try {
+            const wallet = await this.callbacks.getWallet(appId, chainInfo);
+            if (!schemaHasMethod(WalletSchema, type)) {
+                throw new Error(`Unknown wallet method: ${type}`);
+            }
+            // Zod's AnyZodTuple rejects optional tuple items typed as `T | undefined`
+            const sanitizedArgs = await parseWithOptionals(args, WalletSchema[type].parameters());
+            result = await wallet[type](...sanitizedArgs);
+        } catch (err) {
+            error = err instanceof Error ? err.message : String(err);
+            this.log.error(`Error handling ${type}: ${error}`);
+        }
+        const response = {
+            messageId,
+            walletId: this.config.walletId,
+            result,
+            error
+        };
+        try {
+            const encryptedResponse = await encrypt(session.sharedKey, jsonStringify(response));
+            this.postToOrigin(session.origin, {
+                type: WalletMessageType.SECURE_RESPONSE,
+                sessionId,
+                encrypted: encryptedResponse
+            });
+        } catch (err) {
+            this.log.error(`Encryption of response failed: ${err}`);
+        }
+    }
+    postToParent(msg) {
+        if (window.parent !== window) {
+            window.parent.postMessage(msg, '*');
+        }
+    }
+    postToOrigin(origin, msg) {
+        if (window.parent !== window) {
+            window.parent.postMessage(msg, origin);
+        }
+    }
+}

package/dest/iframe/handlers/index.d.ts

@@ -0,0 +1,2 @@
+export { IframeConnectionHandler, type IframeConnectionConfig, type IframeConnectionCallbacks, type PendingSession, type ActiveSession, } from './iframe_connection_handler.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9pZnJhbWUvaGFuZGxlcnMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUNMLHVCQUF1QixFQUN2QixLQUFLLHNCQUFzQixFQUMzQixLQUFLLHlCQUF5QixFQUM5QixLQUFLLGNBQWMsRUFDbkIsS0FBSyxhQUFhLEdBQ25CLE1BQU0sZ0NBQWdDLENBQUMifQ==

package/dest/iframe/handlers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/iframe/handlers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,uBAAuB,EACvB,KAAK,sBAAsB,EAC3B,KAAK,yBAAyB,EAC9B,KAAK,cAAc,EACnB,KAAK,aAAa,GACnB,MAAM,gCAAgC,CAAC"}

package/dest/iframe/handlers/index.js

@@ -0,0 +1 @@
+export { IframeConnectionHandler } from './iframe_connection_handler.js';

package/dest/iframe/provider/iframe_discovery.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Web wallet discovery — creates {@link IframeWalletProvider} instances from a list of URLs.
+ *
+ * For each configured URL we probe the wallet by loading a tiny invisible iframe,
+ * waiting for WALLET_READY, then sending a DISCOVERY request. On a successful
+ * DISCOVERY_RESPONSE we emit an IframeWalletProvider to the caller.
+ *
+ * This is intentionally lightweight (no key exchange yet) — key exchange happens
+ * later when the user selects the wallet and calls `provider.establishSecureChannel()`.
+ */
+import type { ChainInfo } from '@aztec/aztec.js/account';
+import type { DiscoverySession } from '../../manager/types.js';
+/**
+ * Probes a list of web wallet URLs and returns a {@link DiscoverySession} compatible
+ * with WalletManager's `getAvailableWallets()` interface.
+ *
+ * Discovered {@link IframeWalletProvider} instances are yielded asynchronously as each
+ * wallet responds to the probe.
+ *
+ * @param walletUrls - URLs of web wallets to probe
+ * @param chainInfo - Network information to pass during discovery
+ * @returns A cancellable discovery session
+ */
+export declare function discoverWebWallets(walletUrls: string[], chainInfo: ChainInfo): DiscoverySession;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWZyYW1lX2Rpc2NvdmVyeS5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2lmcmFtZS9wcm92aWRlci9pZnJhbWVfZGlzY292ZXJ5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7R0FTRztBQUNILE9BQU8sS0FBSyxFQUFFLFNBQVMsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBR3pELE9BQU8sS0FBSyxFQUFFLGdCQUFnQixFQUFrQixNQUFNLHdCQUF3QixDQUFDO0FBTS9FOzs7Ozs7Ozs7O0dBVUc7QUFDSCx3QkFBZ0Isa0JBQWtCLENBQUMsVUFBVSxFQUFFLE1BQU0sRUFBRSxFQUFFLFNBQVMsRUFBRSxTQUFTLEdBQUcsZ0JBQWdCLENBdUYvRiJ9

package/dest/iframe/provider/iframe_discovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"iframe_discovery.d.ts","sourceRoot":"","sources":["../../../src/iframe/provider/iframe_discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAGzD,OAAO,KAAK,EAAE,gBAAgB,EAAkB,MAAM,wBAAwB,CAAC;AAM/E;;;;;;;;;;GAUG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,SAAS,GAAG,gBAAgB,CAuF/F"}

package/dest/iframe/provider/iframe_discovery.js

@@ -0,0 +1,167 @@
+/**
+ * Web wallet discovery — creates {@link IframeWalletProvider} instances from a list of URLs.
+ *
+ * For each configured URL we probe the wallet by loading a tiny invisible iframe,
+ * waiting for WALLET_READY, then sending a DISCOVERY request. On a successful
+ * DISCOVERY_RESPONSE we emit an IframeWalletProvider to the caller.
+ *
+ * This is intentionally lightweight (no key exchange yet) — key exchange happens
+ * later when the user selects the wallet and calls `provider.establishSecureChannel()`.
+ */ import { promiseWithResolvers } from '@aztec/foundation/promise';
+import { WalletMessageType } from '../../types.js';
+import { IframeWalletProvider } from './iframe_provider.js';
+const PROBE_TIMEOUT_MS = 10_000;
+/**
+ * Probes a list of web wallet URLs and returns a {@link DiscoverySession} compatible
+ * with WalletManager's `getAvailableWallets()` interface.
+ *
+ * Discovered {@link IframeWalletProvider} instances are yielded asynchronously as each
+ * wallet responds to the probe.
+ *
+ * @param walletUrls - URLs of web wallets to probe
+ * @param chainInfo - Network information to pass during discovery
+ * @returns A cancellable discovery session
+ */ export function discoverWebWallets(walletUrls, chainInfo) {
+    const { promise: donePromise, resolve: resolveDone } = promiseWithResolvers();
+    /* eslint-enable jsdoc/require-jsdoc */ let state = {
+        status: 'discovering',
+        resolve: null
+    };
+    const pendingProviders = [];
+    // eslint-disable-next-line jsdoc/require-jsdoc
+    function emit(provider) {
+        if (state.status !== 'discovering') {
+            return;
+        }
+        if (state.resolve) {
+            const resolve = state.resolve;
+            state.resolve = null;
+            resolve({
+                value: provider,
+                done: false
+            });
+        } else {
+            pendingProviders.push(provider);
+        }
+    }
+    // eslint-disable-next-line jsdoc/require-jsdoc
+    function markComplete() {
+        if (state.status !== 'discovering') {
+            return;
+        }
+        const pendingResolve = state.resolve;
+        state = {
+            status: 'done'
+        };
+        resolveDone();
+        if (pendingResolve) {
+            pendingResolve({
+                value: undefined,
+                done: true
+            });
+        }
+    }
+    // Probe all URLs in parallel
+    const probes = walletUrls.map((url)=>probeWallet(url, chainInfo, PROBE_TIMEOUT_MS).then((provider)=>{
+            if (provider) {
+                emit(provider);
+            }
+        }, ()=>{
+        // ignore probe errors
+        }));
+    void Promise.all(probes).then(markComplete);
+    const wallets = {
+        // eslint-disable-next-line jsdoc/require-jsdoc
+        [Symbol.asyncIterator] () {
+            return {
+                // eslint-disable-next-line jsdoc/require-jsdoc
+                next () {
+                    if (pendingProviders.length > 0) {
+                        return Promise.resolve({
+                            value: pendingProviders.shift(),
+                            done: false
+                        });
+                    }
+                    if (state.status === 'done') {
+                        return Promise.resolve({
+                            value: undefined,
+                            done: true
+                        });
+                    }
+                    return new Promise((resolve)=>{
+                        if (state.status === 'discovering') {
+                            state.resolve = resolve;
+                        }
+                    });
+                },
+                // eslint-disable-next-line jsdoc/require-jsdoc
+                return () {
+                    markComplete();
+                    return Promise.resolve({
+                        value: undefined,
+                        done: true
+                    });
+                }
+            };
+        }
+    };
+    return {
+        wallets,
+        done: donePromise,
+        cancel: markComplete
+    };
+}
+/**
+ * Probes a single web wallet URL.
+ * Creates a temporary hidden iframe, waits for WALLET_READY, sends DISCOVERY_REQUEST.
+ * Returns an IframeWalletProvider on success, null on timeout/failure.
+ * @internal
+ */ function probeWallet(walletUrl, chainInfo, timeoutMs) {
+    const walletOrigin = new URL(walletUrl).origin;
+    const iframe = document.createElement('iframe');
+    iframe.src = walletUrl;
+    iframe.style.cssText = 'display:none;width:0;height:0;border:none;position:absolute;top:-9999px;';
+    iframe.allow = 'storage-access; cross-origin-isolated';
+    let timer;
+    // Register listener BEFORE appending to DOM to avoid race with WALLET_READY
+    const result = new Promise((resolve)=>{
+        const cleanup = ()=>{
+            if (iframe.parentNode) {
+                iframe.parentNode.removeChild(iframe);
+            }
+            window.removeEventListener('message', handler);
+            clearTimeout(timer);
+        };
+        timer = setTimeout(()=>{
+            cleanup();
+            resolve(null);
+        }, timeoutMs);
+        let step = 'waiting-ready';
+        const requestId = globalThis.crypto.randomUUID();
+        // eslint-disable-next-line jsdoc/require-jsdoc
+        function handler(event) {
+            if (event.origin !== walletOrigin) {
+                return;
+            }
+            const msg = event.data;
+            if (!msg || typeof msg !== 'object') {
+                return;
+            }
+            if (step === 'waiting-ready' && msg.type === WalletMessageType.WALLET_READY) {
+                step = 'waiting-discovery';
+                iframe.contentWindow?.postMessage({
+                    type: WalletMessageType.DISCOVERY,
+                    requestId,
+                    appId: 'discovery-probe'
+                }, walletOrigin);
+            } else if (step === 'waiting-discovery' && msg.type === WalletMessageType.DISCOVERY_RESPONSE && msg.requestId === requestId) {
+                const info = msg.walletInfo;
+                cleanup();
+                resolve(new IframeWalletProvider(info.id, info.name, info.icon, walletUrl, chainInfo));
+            }
+        }
+        window.addEventListener('message', handler);
+    });
+    document.body.appendChild(iframe);
+    return result;
+}

package/dest/iframe/provider/iframe_provider.d.ts

@@ -0,0 +1,65 @@
+/**
+ * IframeWalletProvider — implements {@link WalletProvider} for web wallets loaded in iframes.
+ *
+ * Flow (mirrors ExtensionProvider):
+ *   1. Creates an `<iframe src="walletUrl">` (in app-provided container or floating panel)
+ *   2. Waits for WALLET_READY message from the iframe
+ *   3. Sends DISCOVERY → waits for DISCOVERY_RESPONSE
+ *   4. Sends KEY_EXCHANGE_REQUEST (ECDH public key) → waits for KEY_EXCHANGE_RESPONSE
+ *   5. Derives shared session keys, exposes verificationHash
+ *   6. On confirm(): returns IframeWallet backed by the established session
+ */
+import type { ChainInfo } from '@aztec/aztec.js/account';
+import type { PendingConnection, ProviderDisconnectionCallback, WalletProvider } from '../../manager/types.js';
+/**
+ * Options for {@link IframeWalletProvider.establishSecureChannel}.
+ */
+export interface IframeConnectionOptions {
+    /** Container element to inject the iframe into. If omitted, a floating panel is created. */
+    container?: HTMLElement;
+}
+/**
+ * A {@link WalletProvider} that connects to a web wallet loaded in a cross-origin iframe.
+ *
+ * Discovered via {@link discoverWebWallets} and used through the standard
+ * `WalletProvider.establishSecureChannel()` flow.
+ */
+export declare class IframeWalletProvider implements WalletProvider {
+    /** Unique wallet identifier. */
+    readonly id: string;
+    /** Display name for the wallet. */
+    readonly name: string;
+    /** Optional wallet icon URL. */
+    readonly icon: string | undefined;
+    private readonly walletUrl;
+    private readonly chainInfo;
+    readonly type: "web";
+    private iframe;
+    private _container;
+    private _appOwnsContainer;
+    private _dragCleanup;
+    private wallet;
+    private _disconnected;
+    private disconnectCallbacks;
+    constructor(
+    /** Unique wallet identifier. */
+    id: string, 
+    /** Display name for the wallet. */
+    name: string, 
+    /** Optional wallet icon URL. */
+    icon: string | undefined, walletUrl: string, chainInfo: ChainInfo);
+    /**
+     * Establishes a secure encrypted channel with the iframe wallet.
+     *
+     * @param appId - Application identifier for the requesting dApp
+     * @param options - Optional container element for the iframe
+     * @returns A {@link PendingConnection} with verification hash and confirm/cancel
+     */
+    establishSecureChannel(appId: string, options?: IframeConnectionOptions): Promise<PendingConnection>;
+    disconnect(): Promise<void>;
+    onDisconnect(callback: ProviderDisconnectionCallback): () => void;
+    isDisconnected(): boolean;
+    private createFloatingPanel;
+    private cleanup;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWZyYW1lX3Byb3ZpZGVyLmQudHMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvaWZyYW1lL3Byb3ZpZGVyL2lmcmFtZV9wcm92aWRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7Ozs7OztHQVVHO0FBQ0gsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFVekQsT0FBTyxLQUFLLEVBQUUsaUJBQWlCLEVBQUUsNkJBQTZCLEVBQUUsY0FBYyxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFTL0c7O0dBRUc7QUFDSCxNQUFNLFdBQVcsdUJBQXVCO0lBQ3RDLDRGQUE0RjtJQUM1RixTQUFTLENBQUMsRUFBRSxXQUFXLENBQUM7Q0FDekI7QUFFRDs7Ozs7R0FLRztBQUNILHFCQUFhLG9CQUFxQixZQUFXLGNBQWM7SUFZdkQsZ0NBQWdDO2FBQ2hCLEVBQUUsRUFBRSxNQUFNO0lBQzFCLG1DQUFtQzthQUNuQixJQUFJLEVBQUUsTUFBTTtJQUM1QixnQ0FBZ0M7YUFDaEIsSUFBSSxFQUFFLE1BQU0sR0FBRyxTQUFTO0lBQ3hDLE9BQU8sQ0FBQyxRQUFRLENBQUMsU0FBUztJQUMxQixPQUFPLENBQUMsUUFBUSxDQUFDLFNBQVM7SUFsQjVCLFFBQVEsQ0FBQyxJQUFJLFFBQWtCO0lBRS9CLE9BQU8sQ0FBQyxNQUFNLENBQWtDO0lBQ2hELE9BQU8sQ0FBQyxVQUFVLENBQStCO0lBQ2pELE9BQU8sQ0FBQyxpQkFBaUIsQ0FBUztJQUNsQyxPQUFPLENBQUMsWUFBWSxDQUE2QjtJQUNqRCxPQUFPLENBQUMsTUFBTSxDQUE2QjtJQUMzQyxPQUFPLENBQUMsYUFBYSxDQUFTO0lBQzlCLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBdUM7SUFFbEU7SUFDRSxnQ0FBZ0M7SUFDaEIsRUFBRSxFQUFFLE1BQU07SUFDMUIsbUNBQW1DO0lBQ25CLElBQUksRUFBRSxNQUFNO0lBQzVCLGdDQUFnQztJQUNoQixJQUFJLEVBQUUsTUFBTSxHQUFHLFNBQVMsRUFDdkIsU0FBUyxFQUFFLE1BQU0sRUFDakIsU0FBUyxFQUFFLFNBQVMsRUFDbkM7SUFFSjs7Ozs7O09BTUc7SUFDRyxzQkFBc0IsQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFLE9BQU8sQ0FBQyxFQUFFLHVCQUF1QixHQUFHLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxDQXdGekc7SUFFRCxVQUFVLElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxDQU0xQjtJQUVELFlBQVksQ0FBQyxRQUFRLEVBQUUsNkJBQTZCLEdBQUcsTUFBTSxJQUFJLENBUWhFO0lBRUQsY0FBYyxJQUFJLE9BQU8sQ0FFeEI7SUFJRCxPQUFPLENBQUMsbUJBQW1CO0lBZ0czQixPQUFPLENBQUMsT0FBTztDQWVoQiJ9

package/dest/iframe/provider/iframe_provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"iframe_provider.d.ts","sourceRoot":"","sources":["../../../src/iframe/provider/iframe_provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAUzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,6BAA6B,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAS/G;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,4FAA4F;IAC5F,SAAS,CAAC,EAAE,WAAW,CAAC;CACzB;AAED;;;;;GAKG;AACH,qBAAa,oBAAqB,YAAW,cAAc;IAYvD,gCAAgC;aAChB,EAAE,EAAE,MAAM;IAC1B,mCAAmC;aACnB,IAAI,EAAE,MAAM;IAC5B,gCAAgC;aAChB,IAAI,EAAE,MAAM,GAAG,SAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAlB5B,QAAQ,CAAC,IAAI,QAAkB;IAE/B,OAAO,CAAC,MAAM,CAAkC;IAChD,OAAO,CAAC,UAAU,CAA+B;IACjD,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,YAAY,CAA6B;IACjD,OAAO,CAAC,MAAM,CAA6B;IAC3C,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,mBAAmB,CAAuC;IAElE;IACE,gCAAgC;IAChB,EAAE,EAAE,MAAM;IAC1B,mCAAmC;IACnB,IAAI,EAAE,MAAM;IAC5B,gCAAgC;IAChB,IAAI,EAAE,MAAM,GAAG,SAAS,EACvB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,SAAS,EACnC;IAEJ;;;;;;OAMG;IACG,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAwFzG;IAED,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAM1B;IAED,YAAY,CAAC,QAAQ,EAAE,6BAA6B,GAAG,MAAM,IAAI,CAQhE;IAED,cAAc,IAAI,OAAO,CAExB;IAID,OAAO,CAAC,mBAAmB;IAgG3B,OAAO,CAAC,OAAO;CAehB"}