@aztec/wallet-sdk 5.0.0-private.20260319 → 5.0.0-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. package/README.md +125 -0
  2. package/dest/base-wallet/base_wallet.d.ts +65 -40
  3. package/dest/base-wallet/base_wallet.d.ts.map +1 -1
  4. package/dest/base-wallet/base_wallet.js +196 -80
  5. package/dest/base-wallet/get_gas_limits.d.ts +36 -0
  6. package/dest/base-wallet/get_gas_limits.d.ts.map +1 -0
  7. package/dest/base-wallet/get_gas_limits.js +55 -0
  8. package/dest/base-wallet/index.d.ts +3 -2
  9. package/dest/base-wallet/index.d.ts.map +1 -1
  10. package/dest/base-wallet/index.js +1 -0
  11. package/dest/base-wallet/utils.d.ts +7 -4
  12. package/dest/base-wallet/utils.d.ts.map +1 -1
  13. package/dest/base-wallet/utils.js +11 -5
  14. package/dest/crypto.d.ts +39 -1
  15. package/dest/crypto.d.ts.map +1 -1
  16. package/dest/crypto.js +88 -0
  17. package/dest/extension/handlers/background_connection_handler.d.ts +12 -2
  18. package/dest/extension/handlers/background_connection_handler.d.ts.map +1 -1
  19. package/dest/extension/handlers/background_connection_handler.js +44 -8
  20. package/dest/extension/handlers/content_script_connection_handler.d.ts +2 -1
  21. package/dest/extension/handlers/content_script_connection_handler.d.ts.map +1 -1
  22. package/dest/extension/handlers/content_script_connection_handler.js +19 -0
  23. package/dest/extension/handlers/internal_message_types.d.ts +3 -1
  24. package/dest/extension/handlers/internal_message_types.d.ts.map +1 -1
  25. package/dest/extension/handlers/internal_message_types.js +3 -1
  26. package/dest/extension/provider/extension_wallet.d.ts +26 -6
  27. package/dest/extension/provider/extension_wallet.d.ts.map +1 -1
  28. package/dest/extension/provider/extension_wallet.js +80 -9
  29. package/dest/extension/provider/index.d.ts +2 -2
  30. package/dest/extension/provider/index.d.ts.map +1 -1
  31. package/dest/iframe/handlers/iframe_connection_handler.d.ts +122 -0
  32. package/dest/iframe/handlers/iframe_connection_handler.d.ts.map +1 -0
  33. package/dest/iframe/handlers/iframe_connection_handler.js +239 -0
  34. package/dest/iframe/handlers/index.d.ts +2 -0
  35. package/dest/iframe/handlers/index.d.ts.map +1 -0
  36. package/dest/iframe/handlers/index.js +1 -0
  37. package/dest/iframe/provider/iframe_discovery.d.ts +25 -0
  38. package/dest/iframe/provider/iframe_discovery.d.ts.map +1 -0
  39. package/dest/iframe/provider/iframe_discovery.js +167 -0
  40. package/dest/iframe/provider/iframe_provider.d.ts +65 -0
  41. package/dest/iframe/provider/iframe_provider.d.ts.map +1 -0
  42. package/dest/iframe/provider/iframe_provider.js +257 -0
  43. package/dest/iframe/provider/iframe_wallet.d.ts +85 -0
  44. package/dest/iframe/provider/iframe_wallet.d.ts.map +1 -0
  45. package/dest/iframe/provider/iframe_wallet.js +269 -0
  46. package/dest/iframe/provider/index.d.ts +4 -0
  47. package/dest/iframe/provider/index.d.ts.map +1 -0
  48. package/dest/iframe/provider/index.js +3 -0
  49. package/dest/manager/types.d.ts +3 -2
  50. package/dest/manager/types.d.ts.map +1 -1
  51. package/dest/manager/wallet_manager.d.ts +1 -1
  52. package/dest/manager/wallet_manager.d.ts.map +1 -1
  53. package/dest/manager/wallet_manager.js +46 -16
  54. package/dest/types.d.ts +64 -2
  55. package/dest/types.d.ts.map +1 -1
  56. package/dest/types.js +29 -0
  57. package/package.json +12 -8
  58. package/src/base-wallet/base_wallet.ts +257 -125
  59. package/src/base-wallet/get_gas_limits.ts +88 -0
  60. package/src/base-wallet/index.ts +7 -1
  61. package/src/base-wallet/utils.ts +15 -5
  62. package/src/crypto.ts +104 -0
  63. package/src/extension/handlers/background_connection_handler.ts +42 -9
  64. package/src/extension/handlers/content_script_connection_handler.ts +18 -0
  65. package/src/extension/handlers/internal_message_types.ts +2 -0
  66. package/src/extension/provider/extension_wallet.ts +94 -13
  67. package/src/extension/provider/index.ts +1 -1
  68. package/src/iframe/handlers/iframe_connection_handler.ts +341 -0
  69. package/src/iframe/handlers/index.ts +7 -0
  70. package/src/iframe/provider/iframe_discovery.ts +185 -0
  71. package/src/iframe/provider/iframe_provider.ts +331 -0
  72. package/src/iframe/provider/iframe_wallet.ts +323 -0
  73. package/src/iframe/provider/index.ts +3 -0
  74. package/src/manager/types.ts +2 -1
  75. package/src/manager/wallet_manager.ts +48 -14
  76. package/src/types.ts +72 -0
@@ -1,9 +1,9 @@
1
1
  import { WalletSchema } from '@aztec/aztec.js/wallet';
2
2
  import { jsonStringify } from '@aztec/foundation/json-rpc';
3
3
  import { promiseWithResolvers } from '@aztec/foundation/promise';
4
- import { schemaHasMethod } from '@aztec/foundation/schemas';
4
+ import { getSchemaReturnType, schemaHasMethod } from '@aztec/foundation/schemas';
5
5
  import { decrypt, encrypt } from '../../crypto.js';
6
- import { WalletMessageType } from '../../types.js';
6
+ import { DEFAULT_HEARTBEAT_DEAD_AFTER_MS, DEFAULT_HEARTBEAT_INTERVAL_MS, NOOP_LOGGER, WalletMessageType } from '../../types.js';
7
7
  /**
8
8
  * A wallet implementation that communicates with browser extension wallets
9
9
  * using an encrypted MessageChannel.
@@ -43,6 +43,11 @@ import { WalletMessageType } from '../../types.js';
43
43
  /** Map of pending requests awaiting responses, keyed by message ID */ inFlight;
44
44
  disconnected;
45
45
  disconnectCallbacks;
46
+ heartbeatTimer;
47
+ lastInboundAt;
48
+ log;
49
+ heartbeatIntervalMs;
50
+ heartbeatDeadAfterMs;
46
51
  /**
47
52
  * Private constructor - use {@link ExtensionWallet.create} to instantiate.
48
53
  * @param chainInfo - The chain information (chainId and version)
@@ -50,7 +55,9 @@ import { WalletMessageType } from '../../types.js';
50
55
  * @param extensionId - The unique identifier of the target wallet extension
51
56
  * @param port - The MessagePort for private communication with the wallet
52
57
  * @param sharedKey - The derived AES-256-GCM shared key for encryption
53
- */ constructor(chainInfo, appId, extensionId, port, sharedKey){
58
+ * @param logger - Optional logger; defaults to a no-op logger
59
+ * @param heartbeatOptions - Optional heartbeat tuning (mostly useful for tests)
60
+ */ constructor(chainInfo, appId, extensionId, port, sharedKey, logger, heartbeatOptions){
54
61
  this.chainInfo = chainInfo;
55
62
  this.appId = appId;
56
63
  this.extensionId = extensionId;
@@ -59,6 +66,11 @@ import { WalletMessageType } from '../../types.js';
59
66
  this.inFlight = new Map();
60
67
  this.disconnected = false;
61
68
  this.disconnectCallbacks = [];
69
+ this.heartbeatTimer = null;
70
+ this.lastInboundAt = 0;
71
+ this.log = logger ?? NOOP_LOGGER;
72
+ this.heartbeatIntervalMs = heartbeatOptions?.intervalMs ?? DEFAULT_HEARTBEAT_INTERVAL_MS;
73
+ this.heartbeatDeadAfterMs = heartbeatOptions?.deadAfterMs ?? DEFAULT_HEARTBEAT_DEAD_AFTER_MS;
62
74
  }
63
75
  /**
64
76
  * Creates a Wallet that communicates with a browser extension
@@ -69,6 +81,8 @@ import { WalletMessageType } from '../../types.js';
69
81
  * @param sharedKey - The derived AES-256-GCM shared key for encryption
70
82
  * @param chainInfo - The chain information (chainId and version) for request context
71
83
  * @param appId - Application identifier used to identify the requesting dApp to the wallet
84
+ * @param logger - Optional logger; defaults to a no-op logger to keep extension/page bundles small
85
+ * @param heartbeatOptions - Optional override for heartbeat tuning (mostly useful for tests)
72
86
  * @returns A Wallet interface where all method calls are encrypted
73
87
  *
74
88
  * @example
@@ -85,12 +99,13 @@ import { WalletMessageType } from '../../types.js';
85
99
  *
86
100
  * const accounts = await wallet.getAccounts();
87
101
  * ```
88
- */ static create(extensionId, port, sharedKey, chainInfo, appId) {
89
- const wallet = new ExtensionWallet(chainInfo, appId, extensionId, port, sharedKey);
102
+ */ static create(extensionId, port, sharedKey, chainInfo, appId, logger, heartbeatOptions) {
103
+ const wallet = new ExtensionWallet(chainInfo, appId, extensionId, port, sharedKey, logger, heartbeatOptions);
90
104
  // Set up message handler for encrypted responses and unencrypted control messages
91
105
  wallet.port.onmessage = (event)=>{
92
106
  const data = event.data;
93
- // Check for unencrypted disconnect notification
107
+ // Any inbound traffic counts as proof of liveness.
108
+ wallet.lastInboundAt = Date.now();
94
109
  if (data && typeof data === 'object' && 'type' in data && data.type === WalletMessageType.DISCONNECT) {
95
110
  wallet.handleDisconnect();
96
111
  return;
@@ -109,7 +124,7 @@ import { WalletMessageType } from '../../types.js';
109
124
  type: prop.toString(),
110
125
  args
111
126
  });
112
- return WalletSchema[prop.toString()].returnType().parseAsync(result);
127
+ return getSchemaReturnType(WalletSchema[prop.toString()]).parseAsync(result);
113
128
  };
114
129
  } else {
115
130
  return target[prop];
@@ -152,8 +167,12 @@ import { WalletMessageType } from '../../types.js';
152
167
  resolve(result);
153
168
  }
154
169
  this.inFlight.delete(messageId);
155
- // eslint-disable-next-line no-empty
156
- } catch {}
170
+ this.maybeStopHeartbeat();
171
+ } catch (err) {
172
+ this.log.warn('Failed to decrypt wallet response', {
173
+ err
174
+ });
175
+ }
157
176
  }
158
177
  /**
159
178
  * Sends an encrypted wallet method call over the secure MessageChannel.
@@ -190,9 +209,57 @@ import { WalletMessageType } from '../../types.js';
190
209
  resolve,
191
210
  reject
192
211
  });
212
+ this.startHeartbeat();
193
213
  return promise;
194
214
  }
195
215
  /**
216
+ * Start the heartbeat probe loop while at least one request is in flight.
217
+ * Idempotent — calling while already running is a no-op.
218
+ *
219
+ * Heartbeat is opt-in via wire protocol: PINGs are unencrypted control messages
220
+ * (like DISCONNECT). Older wallets that do not understand PING simply drop it,
221
+ * which is safe — we only declare disconnect when **no** inbound traffic of any
222
+ * kind (PONG, encrypted response, DISCONNECT) arrives within the dead window.
223
+ * A wallet that is processing a slow request will reset the timer when it
224
+ * eventually responds, so this never causes false disconnects on legacy peers.
225
+ */ startHeartbeat() {
226
+ if (this.heartbeatTimer !== null || this.disconnected) {
227
+ return;
228
+ }
229
+ this.lastInboundAt = Date.now();
230
+ this.heartbeatTimer = setInterval(()=>this.heartbeatTick(), this.heartbeatIntervalMs);
231
+ }
232
+ maybeStopHeartbeat() {
233
+ if (this.inFlight.size === 0 && this.heartbeatTimer !== null) {
234
+ clearInterval(this.heartbeatTimer);
235
+ this.heartbeatTimer = null;
236
+ }
237
+ }
238
+ heartbeatTick() {
239
+ if (this.disconnected || this.inFlight.size === 0) {
240
+ this.maybeStopHeartbeat();
241
+ return;
242
+ }
243
+ const idleMs = Date.now() - this.lastInboundAt;
244
+ if (idleMs >= this.heartbeatDeadAfterMs) {
245
+ this.log.warn('Wallet channel unresponsive — declaring disconnect', {
246
+ idleMs,
247
+ inFlight: this.inFlight.size
248
+ });
249
+ this.handleDisconnect();
250
+ return;
251
+ }
252
+ try {
253
+ this.port.postMessage({
254
+ type: WalletMessageType.PING
255
+ });
256
+ } catch (err) {
257
+ this.log.warn('Failed to send heartbeat PING', {
258
+ err
259
+ });
260
+ }
261
+ }
262
+ /**
196
263
  * Handles wallet disconnection.
197
264
  * Rejects all pending requests and notifies registered callbacks.
198
265
  * @internal
@@ -201,6 +268,10 @@ import { WalletMessageType } from '../../types.js';
201
268
  return;
202
269
  }
203
270
  this.disconnected = true;
271
+ if (this.heartbeatTimer !== null) {
272
+ clearInterval(this.heartbeatTimer);
273
+ this.heartbeatTimer = null;
274
+ }
204
275
  if (this.port) {
205
276
  this.port.onmessage = null;
206
277
  this.port.close();
@@ -1,3 +1,3 @@
1
- export { ExtensionWallet, type DisconnectCallback } from './extension_wallet.js';
1
+ export { ExtensionWallet } from './extension_wallet.js';
2
2
  export { ExtensionProvider, type DiscoveredWallet, type ConnectedWallet, type DiscoveryOptions, } from './extension_provider.js';
3
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9leHRlbnNpb24vcHJvdmlkZXIvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGVBQWUsRUFBRSxLQUFLLGtCQUFrQixFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDakYsT0FBTyxFQUNMLGlCQUFpQixFQUNqQixLQUFLLGdCQUFnQixFQUNyQixLQUFLLGVBQWUsRUFDcEIsS0FBSyxnQkFBZ0IsR0FDdEIsTUFBTSx5QkFBeUIsQ0FBQyJ9
3
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9leHRlbnNpb24vcHJvdmlkZXIvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBQ3hELE9BQU8sRUFDTCxpQkFBaUIsRUFDakIsS0FBSyxnQkFBZ0IsRUFDckIsS0FBSyxlQUFlLEVBQ3BCLEtBQUssZ0JBQWdCLEdBQ3RCLE1BQU0seUJBQXlCLENBQUMifQ==
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/extension/provider/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,KAAK,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AACjF,OAAO,EACL,iBAAiB,EACjB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,gBAAgB,GACtB,MAAM,yBAAyB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/extension/provider/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,iBAAiB,EACjB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,gBAAgB,GACtB,MAAM,yBAAyB,CAAC"}
@@ -0,0 +1,122 @@
1
+ /**
2
+ * IframeConnectionHandler — wallet-side of the cross-origin iframe protocol.
3
+ *
4
+ * This mirrors {@link BackgroundConnectionHandler} from `@aztec/wallet-sdk/extension/handlers`
5
+ * but uses `window.postMessage` instead of browser.runtime messaging.
6
+ *
7
+ * Message flow (wallet receives):
8
+ * parent → DISCOVERY → show approval UI → send DISCOVERY_RESPONSE
9
+ * parent → KEY_EXCHANGE_REQUEST → ECDH → send KEY_EXCHANGE_RESPONSE
10
+ * parent → SECURE_MESSAGE → decrypt → Wallet → encrypt → SECURE_RESPONSE
11
+ * parent → DISCONNECT → terminate session
12
+ *
13
+ * The wallet announces itself by posting WALLET_READY as soon as the handler starts,
14
+ * so the dApp knows it can send a discovery request.
15
+ */
16
+ import type { ChainInfo } from '@aztec/aztec.js/account';
17
+ import type { Wallet } from '@aztec/aztec.js/wallet';
18
+ import { type WalletSdkLogger } from '../../types.js';
19
+ /**
20
+ * A pending discovery request from a dApp (before user approval).
21
+ */
22
+ export interface PendingSession {
23
+ /** Unique request identifier */
24
+ requestId: string;
25
+ /** Application identifier */
26
+ appId: string;
27
+ /** Origin URL of the requesting page */
28
+ origin: string;
29
+ /** Approval status */
30
+ status: 'pending' | 'approved';
31
+ }
32
+ /**
33
+ * An active session (after key exchange).
34
+ */
35
+ export interface ActiveSession {
36
+ /** Session identifier (same as the discovery requestId) */
37
+ sessionId: string;
38
+ /** AES-256-GCM shared key for this session */
39
+ sharedKey: CryptoKey;
40
+ /** Verification hash for emoji display */
41
+ verificationHash: string;
42
+ /** Origin URL of the connected dApp */
43
+ origin: string;
44
+ /** Application identifier */
45
+ appId: string;
46
+ }
47
+ /**
48
+ * Configuration for the iframe connection handler.
49
+ */
50
+ export interface IframeConnectionConfig {
51
+ /** Unique wallet identifier */
52
+ walletId: string;
53
+ /** Display name for the wallet */
54
+ walletName: string;
55
+ /** Wallet version string */
56
+ walletVersion: string;
57
+ /** Optional wallet icon URL */
58
+ walletIcon?: string;
59
+ /** Origins allowed to connect. If empty or undefined, all origins are allowed (dev mode). */
60
+ allowedOrigins?: string[];
61
+ /** Logger used for diagnostics. */
62
+ logger: WalletSdkLogger;
63
+ }
64
+ /**
65
+ * Event callbacks for the iframe connection handler.
66
+ */
67
+ export interface IframeConnectionCallbacks {
68
+ /** Called when a new discovery request arrives — wallet can show approval UI */
69
+ onPendingDiscovery?: (session: PendingSession) => void;
70
+ /** Called when a session is established (key exchange complete) */
71
+ onSessionEstablished?: (session: ActiveSession) => void;
72
+ /** Called when a session is terminated */
73
+ onSessionTerminated?: (sessionId: string) => void;
74
+ /** Called when a key exchange completes — show verificationHash as emojis to the user */
75
+ onVerificationHash?: (verificationHash: string) => void;
76
+ /**
77
+ * Resolves the Wallet instance to use for a given dApp and chain.
78
+ * Called when an encrypted message arrives and needs to be dispatched.
79
+ */
80
+ getWallet: (appId: string, chainInfo: ChainInfo) => Promise<Wallet>;
81
+ }
82
+ /**
83
+ * Handles the wallet side of the cross-origin iframe protocol.
84
+ *
85
+ * Manages the full lifecycle: discovery, ECDH key exchange, encrypted message
86
+ * dispatch to a {@link Wallet} instance, and session termination.
87
+ *
88
+ * @example
89
+ * ```typescript
90
+ * const handler = new IframeConnectionHandler(
91
+ * { walletId: 'my-wallet', walletName: 'My Wallet', walletVersion: '1.0.0', logger: console },
92
+ * {
93
+ * onPendingDiscovery: (session) => showApprovalUI(session),
94
+ * getWallet: (appId, chainInfo) => createWalletForApp(appId, chainInfo),
95
+ * },
96
+ * );
97
+ * handler.start();
98
+ * ```
99
+ */
100
+ export declare class IframeConnectionHandler {
101
+ private config;
102
+ private callbacks;
103
+ private pendingSessions;
104
+ private activeSessions;
105
+ private log;
106
+ constructor(config: IframeConnectionConfig, callbacks: IframeConnectionCallbacks);
107
+ start(): void;
108
+ stop(): void;
109
+ approveDiscovery(requestId: string): void;
110
+ rejectDiscovery(requestId: string): void;
111
+ terminateSession(sessionId: string): void;
112
+ getPendingSessions(): PendingSession[];
113
+ private handleMessage;
114
+ private handleMessageAsync;
115
+ private handlePing;
116
+ private handleDiscoveryRequest;
117
+ private handleKeyExchangeRequest;
118
+ private handleSecureMessage;
119
+ private postToParent;
120
+ private postToOrigin;
121
+ }
122
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWZyYW1lX2Nvbm5lY3Rpb25faGFuZGxlci5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2lmcmFtZS9oYW5kbGVycy9pZnJhbWVfY29ubmVjdGlvbl9oYW5kbGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7Ozs7OztHQWNHO0FBQ0gsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDekQsT0FBTyxLQUFLLEVBQUUsTUFBTSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFjckQsT0FBTyxFQUE4RCxLQUFLLGVBQWUsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBRWxIOztHQUVHO0FBQ0gsTUFBTSxXQUFXLGNBQWM7SUFDN0IsZ0NBQWdDO0lBQ2hDLFNBQVMsRUFBRSxNQUFNLENBQUM7SUFDbEIsNkJBQTZCO0lBQzdCLEtBQUssRUFBRSxNQUFNLENBQUM7SUFDZCx3Q0FBd0M7SUFDeEMsTUFBTSxFQUFFLE1BQU0sQ0FBQztJQUNmLHNCQUFzQjtJQUN0QixNQUFNLEVBQUUsU0FBUyxHQUFHLFVBQVUsQ0FBQztDQUNoQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxXQUFXLGFBQWE7SUFDNUIsMkRBQTJEO0lBQzNELFNBQVMsRUFBRSxNQUFNLENBQUM7SUFDbEIsOENBQThDO0lBQzlDLFNBQVMsRUFBRSxTQUFTLENBQUM7SUFDckIsMENBQTBDO0lBQzFDLGdCQUFnQixFQUFFLE1BQU0sQ0FBQztJQUN6Qix1Q0FBdUM7SUFDdkMsTUFBTSxFQUFFLE1BQU0sQ0FBQztJQUNmLDZCQUE2QjtJQUM3QixLQUFLLEVBQUUsTUFBTSxDQUFDO0NBQ2Y7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyxzQkFBc0I7SUFDckMsK0JBQStCO0lBQy9CLFFBQVEsRUFBRSxNQUFNLENBQUM7SUFDakIsa0NBQWtDO0lBQ2xDLFVBQVUsRUFBRSxNQUFNLENBQUM7SUFDbkIsNEJBQTRCO0lBQzVCLGFBQWEsRUFBRSxNQUFNLENBQUM7SUFDdEIsK0JBQStCO0lBQy9CLFVBQVUsQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUNwQiw2RkFBNkY7SUFDN0YsY0FBYyxDQUFDLEVBQUUsTUFBTSxFQUFFLENBQUM7SUFDMUIsbUNBQW1DO0lBQ25DLE1BQU0sRUFBRSxlQUFlLENBQUM7Q0FDekI7QUFFRDs7R0FFRztBQUNILE1BQU0sV0FBVyx5QkFBeUI7SUFDeEMsa0ZBQWdGO0lBQ2hGLGtCQUFrQixDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsY0FBYyxLQUFLLElBQUksQ0FBQztJQUN2RCxtRUFBbUU7SUFDbkUsb0JBQW9CLENBQUMsRUFBRSxDQUFDLE9BQU8sRUFBRSxhQUFhLEtBQUssSUFBSSxDQUFDO0lBQ3hELDBDQUEwQztJQUMxQyxtQkFBbUIsQ0FBQyxFQUFFLENBQUMsU0FBUyxFQUFFLE1BQU0sS0FBSyxJQUFJLENBQUM7SUFDbEQsMkZBQXlGO0lBQ3pGLGtCQUFrQixDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsRUFBRSxNQUFNLEtBQUssSUFBSSxDQUFDO0lBQ3hEOzs7T0FHRztJQUNILFNBQVMsRUFBRSxDQUFDLEtBQUssRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLFNBQVMsS0FBSyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7Q0FDckU7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FpQkc7QUFDSCxxQkFBYSx1QkFBdUI7SUFNaEMsT0FBTyxDQUFDLE1BQU07SUFDZCxPQUFPLENBQUMsU0FBUztJQU5uQixPQUFPLENBQUMsZUFBZSxDQUFxQztJQUM1RCxPQUFPLENBQUMsY0FBYyxDQUFvQztJQUMxRCxPQUFPLENBQUMsR0FBRyxDQUFrQjtJQUU3QixZQUNVLE1BQU0sRUFBRSxzQkFBc0IsRUFDOUIsU0FBUyxFQUFFLHlCQUF5QixFQUc3QztJQUVELEtBQUssSUFBSSxJQUFJLENBSVo7SUFFRCxJQUFJLElBQUksSUFBSSxDQUVYO0lBRUQsZ0JBQWdCLENBQUMsU0FBUyxFQUFFLE1BQU0sR0FBRyxJQUFJLENBa0J4QztJQUVELGVBQWUsQ0FBQyxTQUFTLEVBQUUsTUFBTSxHQUFHLElBQUksQ0FFdkM7SUFFRCxnQkFBZ0IsQ0FBQyxTQUFTLEVBQUUsTUFBTSxHQUFHLElBQUksQ0FVeEM7SUFFRCxrQkFBa0IsSUFBSSxjQUFjLEVBQUUsQ0FFckM7SUFFRCxPQUFPLENBQUMsYUFBYSxDQUVuQjtZQUVZLGtCQUFrQjtJQStCaEMsT0FBTyxDQUFDLFVBQVU7SUFRbEIsT0FBTyxDQUFDLHNCQUFzQjtZQVNoQix3QkFBd0I7WUE2Q3hCLG1CQUFtQjtJQXFEakMsT0FBTyxDQUFDLFlBQVk7SUFNcEIsT0FBTyxDQUFDLFlBQVk7Q0FLckIifQ==
@@ -0,0 +1 @@
1
+ {"version":3,"file":"iframe_connection_handler.d.ts","sourceRoot":"","sources":["../../../src/iframe/handlers/iframe_connection_handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAcrD,OAAO,EAA8D,KAAK,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAElH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,6BAA6B;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,MAAM,EAAE,SAAS,GAAG,UAAU,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2DAA2D;IAC3D,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,SAAS,EAAE,SAAS,CAAC;IACrB,0CAA0C;IAC1C,gBAAgB,EAAE,MAAM,CAAC;IACzB,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,6BAA6B;IAC7B,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,+BAA+B;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6FAA6F;IAC7F,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,mCAAmC;IACnC,MAAM,EAAE,eAAe,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,kFAAgF;IAChF,kBAAkB,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;IACvD,mEAAmE;IACnE,oBAAoB,CAAC,EAAE,CAAC,OAAO,EAAE,aAAa,KAAK,IAAI,CAAC;IACxD,0CAA0C;IAC1C,mBAAmB,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,CAAC;IAClD,2FAAyF;IACzF,kBAAkB,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,KAAK,IAAI,CAAC;IACxD;;;OAGG;IACH,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CACrE;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,uBAAuB;IAMhC,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,SAAS;IANnB,OAAO,CAAC,eAAe,CAAqC;IAC5D,OAAO,CAAC,cAAc,CAAoC;IAC1D,OAAO,CAAC,GAAG,CAAkB;IAE7B,YACU,MAAM,EAAE,sBAAsB,EAC9B,SAAS,EAAE,yBAAyB,EAG7C;IAED,KAAK,IAAI,IAAI,CAIZ;IAED,IAAI,IAAI,IAAI,CAEX;IAED,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAkBxC;IAED,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAEvC;IAED,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAUxC;IAED,kBAAkB,IAAI,cAAc,EAAE,CAErC;IAED,OAAO,CAAC,aAAa,CAEnB;YAEY,kBAAkB;IA+BhC,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,sBAAsB;YAShB,wBAAwB;YA6CxB,mBAAmB;IAqDjC,OAAO,CAAC,YAAY;IAMpB,OAAO,CAAC,YAAY;CAKrB"}
@@ -0,0 +1,239 @@
1
+ /**
2
+ * IframeConnectionHandler — wallet-side of the cross-origin iframe protocol.
3
+ *
4
+ * This mirrors {@link BackgroundConnectionHandler} from `@aztec/wallet-sdk/extension/handlers`
5
+ * but uses `window.postMessage` instead of browser.runtime messaging.
6
+ *
7
+ * Message flow (wallet receives):
8
+ * parent → DISCOVERY → show approval UI → send DISCOVERY_RESPONSE
9
+ * parent → KEY_EXCHANGE_REQUEST → ECDH → send KEY_EXCHANGE_RESPONSE
10
+ * parent → SECURE_MESSAGE → decrypt → Wallet → encrypt → SECURE_RESPONSE
11
+ * parent → DISCONNECT → terminate session
12
+ *
13
+ * The wallet announces itself by posting WALLET_READY as soon as the handler starts,
14
+ * so the dApp knows it can send a discovery request.
15
+ */ import { WalletSchema } from '@aztec/aztec.js/wallet';
16
+ import { jsonStringify } from '@aztec/foundation/json-rpc';
17
+ import { getSchemaParameters, parseWithOptionals, schemaHasMethod } from '@aztec/foundation/schemas';
18
+ import { decrypt, deriveSessionKeys, encrypt, exportPublicKey, generateKeyPair, importPublicKey } from '../../crypto.js';
19
+ import { WalletMessageType } from '../../types.js';
20
+ /**
21
+ * Handles the wallet side of the cross-origin iframe protocol.
22
+ *
23
+ * Manages the full lifecycle: discovery, ECDH key exchange, encrypted message
24
+ * dispatch to a {@link Wallet} instance, and session termination.
25
+ *
26
+ * @example
27
+ * ```typescript
28
+ * const handler = new IframeConnectionHandler(
29
+ * { walletId: 'my-wallet', walletName: 'My Wallet', walletVersion: '1.0.0', logger: console },
30
+ * {
31
+ * onPendingDiscovery: (session) => showApprovalUI(session),
32
+ * getWallet: (appId, chainInfo) => createWalletForApp(appId, chainInfo),
33
+ * },
34
+ * );
35
+ * handler.start();
36
+ * ```
37
+ */ export class IframeConnectionHandler {
38
+ config;
39
+ callbacks;
40
+ pendingSessions;
41
+ activeSessions;
42
+ log;
43
+ constructor(config, callbacks){
44
+ this.config = config;
45
+ this.callbacks = callbacks;
46
+ this.pendingSessions = new Map();
47
+ this.activeSessions = new Map();
48
+ this.handleMessage = (event)=>{
49
+ void this.handleMessageAsync(event);
50
+ };
51
+ this.log = config.logger;
52
+ }
53
+ start() {
54
+ window.addEventListener('message', this.handleMessage);
55
+ this.postToParent({
56
+ type: WalletMessageType.WALLET_READY
57
+ });
58
+ this.log.info('IframeConnectionHandler started, posted WALLET_READY');
59
+ }
60
+ stop() {
61
+ window.removeEventListener('message', this.handleMessage);
62
+ }
63
+ approveDiscovery(requestId) {
64
+ const pending = this.pendingSessions.get(requestId);
65
+ if (!pending || pending.status !== 'pending') {
66
+ return;
67
+ }
68
+ pending.status = 'approved';
69
+ this.postToOrigin(pending.origin, {
70
+ type: WalletMessageType.DISCOVERY_RESPONSE,
71
+ requestId,
72
+ walletInfo: {
73
+ id: this.config.walletId,
74
+ name: this.config.walletName,
75
+ version: this.config.walletVersion,
76
+ icon: this.config.walletIcon
77
+ }
78
+ });
79
+ this.log.info(`Discovery approved for requestId=${requestId}`);
80
+ }
81
+ rejectDiscovery(requestId) {
82
+ this.pendingSessions.delete(requestId);
83
+ }
84
+ terminateSession(sessionId) {
85
+ const session = this.activeSessions.get(sessionId);
86
+ if (session) {
87
+ this.postToOrigin(session.origin, {
88
+ type: WalletMessageType.SESSION_DISCONNECTED,
89
+ sessionId
90
+ });
91
+ this.activeSessions.delete(sessionId);
92
+ this.callbacks.onSessionTerminated?.(sessionId);
93
+ }
94
+ }
95
+ getPendingSessions() {
96
+ return Array.from(this.pendingSessions.values()).filter((s)=>s.status === 'pending');
97
+ }
98
+ handleMessage;
99
+ async handleMessageAsync(event) {
100
+ if (this.config.allowedOrigins && this.config.allowedOrigins.length > 0) {
101
+ if (!this.config.allowedOrigins.includes(event.origin)) {
102
+ return;
103
+ }
104
+ }
105
+ const msg = event.data;
106
+ if (!msg || typeof msg !== 'object' || !msg.type) {
107
+ return;
108
+ }
109
+ switch(msg.type){
110
+ case WalletMessageType.DISCOVERY:
111
+ this.handleDiscoveryRequest(msg, event.origin);
112
+ break;
113
+ case WalletMessageType.KEY_EXCHANGE_REQUEST:
114
+ await this.handleKeyExchangeRequest(msg, event.origin);
115
+ break;
116
+ case WalletMessageType.SECURE_MESSAGE:
117
+ await this.handleSecureMessage(msg);
118
+ break;
119
+ case WalletMessageType.DISCONNECT:
120
+ this.terminateSession(msg.sessionId);
121
+ break;
122
+ case WalletMessageType.PING:
123
+ this.handlePing(msg.sessionId);
124
+ break;
125
+ }
126
+ }
127
+ handlePing(sessionId) {
128
+ const session = this.activeSessions.get(sessionId);
129
+ if (!session) {
130
+ return;
131
+ }
132
+ this.postToOrigin(session.origin, {
133
+ type: WalletMessageType.PONG,
134
+ sessionId
135
+ });
136
+ }
137
+ handleDiscoveryRequest(msg, origin) {
138
+ // eslint-disable-next-line jsdoc/require-jsdoc
139
+ const { requestId, appId } = msg;
140
+ const pending = {
141
+ requestId,
142
+ appId,
143
+ origin,
144
+ status: 'pending'
145
+ };
146
+ this.pendingSessions.set(requestId, pending);
147
+ this.log.info(`Discovery request from appId=${appId} origin=${origin}`);
148
+ this.callbacks.onPendingDiscovery?.(pending);
149
+ }
150
+ async handleKeyExchangeRequest(msg, origin) {
151
+ const { requestId, publicKey: appPublicKeyRaw } = msg;
152
+ const pending = this.pendingSessions.get(requestId);
153
+ if (!pending || pending.status !== 'approved') {
154
+ this.log.warn(`Key exchange for unknown/unapproved requestId=${requestId}`);
155
+ return;
156
+ }
157
+ try {
158
+ const keyPair = await generateKeyPair();
159
+ const walletPublicKey = await exportPublicKey(keyPair.publicKey);
160
+ const appPublicKey = await importPublicKey(appPublicKeyRaw);
161
+ const sessionKeys = await deriveSessionKeys(keyPair, appPublicKey, false);
162
+ const session = {
163
+ sessionId: requestId,
164
+ sharedKey: sessionKeys.encryptionKey,
165
+ verificationHash: sessionKeys.verificationHash,
166
+ origin: pending.origin,
167
+ appId: pending.appId
168
+ };
169
+ this.activeSessions.set(requestId, session);
170
+ this.pendingSessions.delete(requestId);
171
+ this.postToOrigin(origin, {
172
+ type: WalletMessageType.KEY_EXCHANGE_RESPONSE,
173
+ requestId,
174
+ publicKey: walletPublicKey,
175
+ verificationHash: sessionKeys.verificationHash
176
+ });
177
+ this.callbacks.onVerificationHash?.(sessionKeys.verificationHash);
178
+ this.callbacks.onSessionEstablished?.(session);
179
+ this.log.info(`Key exchange complete, sessionId=${requestId}`);
180
+ } catch (err) {
181
+ this.log.error(`Key exchange failed: ${err}`);
182
+ }
183
+ }
184
+ async handleSecureMessage(msg) {
185
+ // eslint-disable-next-line jsdoc/require-jsdoc
186
+ const { sessionId, encrypted } = msg;
187
+ const session = this.activeSessions.get(sessionId);
188
+ if (!session) {
189
+ return;
190
+ }
191
+ let walletMessage;
192
+ try {
193
+ walletMessage = await decrypt(session.sharedKey, encrypted);
194
+ } catch {
195
+ this.log.warn(`Decryption failed for sessionId=${sessionId}`);
196
+ return;
197
+ }
198
+ const { messageId, type, args, chainInfo, appId } = walletMessage;
199
+ let result;
200
+ let error;
201
+ try {
202
+ const wallet = await this.callbacks.getWallet(appId, chainInfo);
203
+ if (!schemaHasMethod(WalletSchema, type)) {
204
+ throw new Error(`Unknown wallet method: ${type}`);
205
+ }
206
+ const sanitizedArgs = await parseWithOptionals(args, getSchemaParameters(WalletSchema[type]));
207
+ result = await wallet[type](...sanitizedArgs);
208
+ } catch (err) {
209
+ error = err instanceof Error ? err.message : String(err);
210
+ this.log.error(`Error handling ${type}: ${error}`);
211
+ }
212
+ const response = {
213
+ messageId,
214
+ walletId: this.config.walletId,
215
+ result,
216
+ error
217
+ };
218
+ try {
219
+ const encryptedResponse = await encrypt(session.sharedKey, jsonStringify(response));
220
+ this.postToOrigin(session.origin, {
221
+ type: WalletMessageType.SECURE_RESPONSE,
222
+ sessionId,
223
+ encrypted: encryptedResponse
224
+ });
225
+ } catch (err) {
226
+ this.log.error(`Encryption of response failed: ${err}`);
227
+ }
228
+ }
229
+ postToParent(msg) {
230
+ if (window.parent !== window) {
231
+ window.parent.postMessage(msg, '*');
232
+ }
233
+ }
234
+ postToOrigin(origin, msg) {
235
+ if (window.parent !== window) {
236
+ window.parent.postMessage(msg, origin);
237
+ }
238
+ }
239
+ }
@@ -0,0 +1,2 @@
1
+ export { IframeConnectionHandler, type IframeConnectionConfig, type IframeConnectionCallbacks, type PendingSession, type ActiveSession, } from './iframe_connection_handler.js';
2
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9pZnJhbWUvaGFuZGxlcnMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUNMLHVCQUF1QixFQUN2QixLQUFLLHNCQUFzQixFQUMzQixLQUFLLHlCQUF5QixFQUM5QixLQUFLLGNBQWMsRUFDbkIsS0FBSyxhQUFhLEdBQ25CLE1BQU0sZ0NBQWdDLENBQUMifQ==
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/iframe/handlers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,uBAAuB,EACvB,KAAK,sBAAsB,EAC3B,KAAK,yBAAyB,EAC9B,KAAK,cAAc,EACnB,KAAK,aAAa,GACnB,MAAM,gCAAgC,CAAC"}
@@ -0,0 +1 @@
1
+ export { IframeConnectionHandler } from './iframe_connection_handler.js';
@@ -0,0 +1,25 @@
1
+ /**
2
+ * Web wallet discovery — creates {@link IframeWalletProvider} instances from a list of URLs.
3
+ *
4
+ * For each configured URL we probe the wallet by loading a tiny invisible iframe,
5
+ * waiting for WALLET_READY, then sending a DISCOVERY request. On a successful
6
+ * DISCOVERY_RESPONSE we emit an IframeWalletProvider to the caller.
7
+ *
8
+ * This is intentionally lightweight (no key exchange yet) — key exchange happens
9
+ * later when the user selects the wallet and calls `provider.establishSecureChannel()`.
10
+ */
11
+ import type { ChainInfo } from '@aztec/aztec.js/account';
12
+ import type { DiscoverySession } from '../../manager/types.js';
13
+ /**
14
+ * Probes a list of web wallet URLs and returns a {@link DiscoverySession} compatible
15
+ * with WalletManager's `getAvailableWallets()` interface.
16
+ *
17
+ * Discovered {@link IframeWalletProvider} instances are yielded asynchronously as each
18
+ * wallet responds to the probe.
19
+ *
20
+ * @param walletUrls - URLs of web wallets to probe
21
+ * @param chainInfo - Network information to pass during discovery
22
+ * @returns A cancellable discovery session
23
+ */
24
+ export declare function discoverWebWallets(walletUrls: string[], chainInfo: ChainInfo): DiscoverySession;
25
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWZyYW1lX2Rpc2NvdmVyeS5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2lmcmFtZS9wcm92aWRlci9pZnJhbWVfZGlzY292ZXJ5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7R0FTRztBQUNILE9BQU8sS0FBSyxFQUFFLFNBQVMsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBR3pELE9BQU8sS0FBSyxFQUFFLGdCQUFnQixFQUFrQixNQUFNLHdCQUF3QixDQUFDO0FBTS9FOzs7Ozs7Ozs7O0dBVUc7QUFDSCx3QkFBZ0Isa0JBQWtCLENBQUMsVUFBVSxFQUFFLE1BQU0sRUFBRSxFQUFFLFNBQVMsRUFBRSxTQUFTLEdBQUcsZ0JBQWdCLENBdUYvRiJ9
@@ -0,0 +1 @@
1
+ {"version":3,"file":"iframe_discovery.d.ts","sourceRoot":"","sources":["../../../src/iframe/provider/iframe_discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAGzD,OAAO,KAAK,EAAE,gBAAgB,EAAkB,MAAM,wBAAwB,CAAC;AAM/E;;;;;;;;;;GAUG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,SAAS,GAAG,gBAAgB,CAuF/F"}