@bsv/wallet-toolbox 1.2.36 → 1.2.38

package/src/CWIStyleWalletManager.ts

@@ -70,32 +70,67 @@ import { PrivilegedKeyManager } from './sdk/PrivilegedKeyManager'
  */
 export const PBKDF2_NUM_ROUNDS = 7777
 
+/**
+ * Unique Identifier for the default profile (16 zero bytes).
+ */
+export const DEFAULT_PROFILE_ID = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+
+/**
+ * Describes the structure of a user profile within the wallet.
+ */
+export interface Profile {
+  /**
+   * User-defined name for the profile.
+   */
+  name: string
+
+  /**
+   * Unique 16-byte identifier for the profile.
+   */
+  id: number[]
+
+  /**
+   * 32-byte random pad XOR'd with the root primary key to derive the profile's primary key.
+   */
+  primaryPad: number[]
+
+  /**
+   * 32-byte random pad XOR'd with the root privileged key to derive the profile's privileged key.
+   */
+  privilegedPad: number[]
+
+  /**
+   * Timestamp (seconds since epoch) when the profile was created.
+   */
+  createdAt: number
+}
+
 /**
  * Describes the structure of a User Management Protocol (UMP) token.
  */
 export interface UMPToken {
   /**
-   * Primary key encrypted by the XOR of the password and presentation keys.
+   * Root Primary key encrypted by the XOR of the password and presentation keys.
    */
   passwordPresentationPrimary: number[]
 
   /**
-   * Primary key encrypted by the XOR of the password and recovery keys.
+   * Root Primary key encrypted by the XOR of the password and recovery keys.
    */
   passwordRecoveryPrimary: number[]
 
   /**
-   * Primary key encrypted by the XOR of the presentation and recovery keys.
+   * Root Primary key encrypted by the XOR of the presentation and recovery keys.
    */
   presentationRecoveryPrimary: number[]
 
   /**
-   * Privileged key encrypted by the XOR of the password and primary keys.
+   * Root Privileged key encrypted by the XOR of the password and primary keys.
    */
   passwordPrimaryPrivileged: number[]
 
   /**
-   * Privileged key encrypted by the XOR of the presentation and recovery keys.
+   * Root Privileged key encrypted by the XOR of the presentation and recovery keys.
    */
   presentationRecoveryPrivileged: number[]
 
@@ -115,20 +150,26 @@ export interface UMPToken {
   recoveryHash: number[]
 
   /**
-   * A copy of the presentation key encrypted with the privileged key.
+   * A copy of the presentation key encrypted with the root privileged key.
    */
   presentationKeyEncrypted: number[]
 
   /**
-   * A copy of the recovery key encrypted with the privileged key.
+   * A copy of the recovery key encrypted with the root privileged key.
    */
   recoveryKeyEncrypted: number[]
 
   /**
-   * A copy of the password key encrypted with the privileged key.
+   * A copy of the password key encrypted with the root privileged key.
    */
   passwordKeyEncrypted: number[]
 
+  /**
+   * Optional field containing the encrypted profile data.
+   * JSON string -> Encrypted Bytes using root privileged key.
+   */
+  profilesEncrypted?: number[]
+
   /**
    * Describes the token's location on-chain, if it's already been published.
    */
@@ -160,14 +201,14 @@ export interface UMPTokenInteractor {
   /**
    * Creates (and optionally consumes the previous version of) a UMP token on-chain.
    *
-   * @param wallet            The wallet that might be used to create a new token.
+   * @param wallet            The wallet that might be used to create a new token (MUST be operating under the DEFAULT profile).
    * @param adminOriginator   The domain name of the administrative originator.
    * @param token             The new UMP token to create.
    * @param oldTokenToConsume If provided, the old token that must be consumed in the same transaction.
    * @returns                 The newly created outpoint.
    */
   buildAndSend: (
-    wallet: WalletInterface,
+    wallet: WalletInterface, // This wallet MUST be the one built for the default profile
     adminOriginator: OriginatorDomainNameStringUnder250Bytes,
     token: UMPToken,
     oldTokenToConsume?: UMPToken
@@ -251,34 +292,20 @@ export class OverlayUMPTokenInteractor implements UMPTokenInteractor {
    * then broadcast and published under the `tm_users` topic using a SHIP broadcast, ensuring
    * overlay participants see the updated token.
    *
-   * @param wallet            The wallet used to build and sign the transaction.
+   * @param wallet            The wallet used to build and sign the transaction (MUST be operating under the DEFAULT profile).
    * @param adminOriginator   The domain/FQDN of the administrative originator (wallet operator).
    * @param token             The new UMPToken to create on-chain.
    * @param oldTokenToConsume Optionally, an existing token to consume/spend in the same transaction.
    * @returns The outpoint of the newly created UMP token (e.g. "abcd1234...ef.0").
    */
   public async buildAndSend(
-    wallet: WalletInterface,
+    wallet: WalletInterface, // This wallet MUST be the one built for the default profile
     adminOriginator: OriginatorDomainNameStringUnder250Bytes,
     token: UMPToken,
     oldTokenToConsume?: UMPToken
   ): Promise<OutpointString> {
-    // 1) Construct the data fields for the new UMP token in the same
-    //    11-field order used by the UMP protocol's PushDrop definition.
-    const fields: number[][] = new Array(11)
-
-    // See: UMP field ordering
-    //  0 => passwordSalt
-    //  1 => passwordPresentationPrimary
-    //  2 => passwordRecoveryPrimary
-    //  3 => presentationRecoveryPrimary
-    //  4 => passwordPrimaryPrivileged
-    //  5 => presentationRecoveryPrivileged
-    //  6 => presentationHash
-    //  7 => recoveryHash
-    //  8 => presentationKeyEncrypted
-    //  9 => passwordKeyEncrypted
-    // 10 => recoveryKeyEncrypted
+    // 1) Construct the data fields for the new UMP token.
+    const fields: number[][] = []
 
     fields[0] = token.passwordSalt
     fields[1] = token.passwordPresentationPrimary
@@ -292,7 +319,12 @@ export class OverlayUMPTokenInteractor implements UMPTokenInteractor {
     fields[9] = token.passwordKeyEncrypted
     fields[10] = token.recoveryKeyEncrypted
 
-    // 2) Create a PushDrop script referencing these fields, locked with the admin key (for easy revocation).
+    // Optional field (11) for encrypted profiles
+    if (token.profilesEncrypted) {
+      fields[11] = token.profilesEncrypted
+    }
+
+    // 2) Create a PushDrop script referencing these fields, locked with the admin key.
     const script = await new PushDrop(wallet, adminOriginator).lock(
       fields,
       [2, 'admin user management token'], // protocolID
@@ -302,7 +334,7 @@ export class OverlayUMPTokenInteractor implements UMPTokenInteractor {
       /*includeSignature=*/ true
     )
 
-    // 3) Prepare the createAction call. If oldTokenToConsume is provided, we gather the outpoint.
+    // 3) Prepare the createAction call. If oldTokenToConsume is provided, gather the outpoint.
     const inputs: CreateActionInput[] = []
     let inputToken: { beef: number[]; outputIndex: number } | undefined
     if (oldTokenToConsume?.currentOutpoint) {
@@ -333,8 +365,7 @@ export class OverlayUMPTokenInteractor implements UMPTokenInteractor {
       adminOriginator
     )
 
-    // If the transaction is fully processed by the wallet (some wallets might do signAndProcess automatically),
-    // we retrieve the final TXID from the result.
+    // If the transaction is fully processed by the wallet
     if (!createResult.signableTransaction) {
       const finalTxid =
         createResult.txid || (createResult.tx ? Transaction.fromAtomicBEEF(createResult.tx).id('hex') : undefined)
@@ -377,19 +408,25 @@ export class OverlayUMPTokenInteractor implements UMPTokenInteractor {
       }
       // 6) Broadcast to `tm_users`
       const finalAtomicTx = signResult.tx
-      const broadcastTx = Transaction.fromAtomicBEEF(finalAtomicTx!)
+      if (!finalAtomicTx) {
+        throw new Error('Final transaction data missing after signing renewed UMP token.')
+      }
+      const broadcastTx = Transaction.fromAtomicBEEF(finalAtomicTx)
       const result = await this.broadcaster.broadcast(broadcastTx)
       console.log('BROADCAST RESULT', result)
       return `${finalTxid}.0`
     } else {
-      // Fallbaack
+      // Fallback for creating a new token (no input spending)
       const signResult = await wallet.signAction({ reference, spends: {} }, adminOriginator)
       finalTxid = signResult.txid || (signResult.tx ? Transaction.fromAtomicBEEF(signResult.tx).id('hex') : '')
       if (!finalTxid) {
         throw new Error('Failed to finalize new UMP token transaction.')
       }
       const finalAtomicTx = signResult.tx
-      const broadcastTx = Transaction.fromAtomicBEEF(finalAtomicTx!)
+      if (!finalAtomicTx) {
+        throw new Error('Final transaction data missing after signing new UMP token.')
+      }
+      const broadcastTx = Transaction.fromAtomicBEEF(finalAtomicTx)
       const result = await this.broadcaster.broadcast(broadcastTx)
       console.log('BROADCAST RESULT', result)
       return `${finalTxid}.0`
@@ -412,8 +449,6 @@ export class OverlayUMPTokenInteractor implements UMPTokenInteractor {
       return undefined
     }
 
-    // We expect only one relevant UMP token in most queries, so let's parse the first.
-    // If multiple are returned, we can parse the first.
     const { beef, outputIndex } = answer.outputs[0]
     try {
       const tx = Transaction.fromBEEF(beef)
@@ -421,11 +456,15 @@ export class OverlayUMPTokenInteractor implements UMPTokenInteractor {
 
       const decoded = PushDrop.decode(tx.outputs[outputIndex].lockingScript)
 
-      // Expecting 11 fields for UMP
-      if (!decoded.fields || decoded.fields.length < 11) return undefined
+      // Expecting 11 or more fields for UMP
+      if (!decoded.fields || decoded.fields.length < 11) {
+        console.warn(`Unexpected number of fields in UMP token: ${decoded.fields?.length}`)
+        return undefined
+      }
 
       // Build the UMP token from these fields, preserving outpoint
       const t: UMPToken = {
+        // Order matches buildAndSend and serialize/deserialize
         passwordSalt: decoded.fields[0],
         passwordPresentationPrimary: decoded.fields[1],
         passwordRecoveryPrimary: decoded.fields[2],
@@ -437,11 +476,12 @@ export class OverlayUMPTokenInteractor implements UMPTokenInteractor {
         presentationKeyEncrypted: decoded.fields[8],
         passwordKeyEncrypted: decoded.fields[9],
         recoveryKeyEncrypted: decoded.fields[10],
+        profilesEncrypted: decoded.fields[12] ? decoded.fields[11] : undefined, // If there's a signature in field 12, use field 11
         currentOutpoint: outpoint
       }
       return t
     } catch (e) {
-      // If we fail to parse or decode, return undefined
+      console.error('Failed to parse or decode UMP token:', e)
       return undefined
     }
   }
@@ -461,7 +501,7 @@ export class OverlayUMPTokenInteractor implements UMPTokenInteractor {
     if (results.type !== 'output-list') {
       return undefined
     }
-    if (!results.outputs.length) {
+    if (!results.outputs || !results.outputs.length) {
       return undefined
     }
     return results.outputs[0]
@@ -470,18 +510,19 @@ export class OverlayUMPTokenInteractor implements UMPTokenInteractor {
 
 /**
  * Manages a "CWI-style" wallet that uses a UMP token and a
- * multi-key authentication scheme (password, presentation key, and recovery key).
+ * multi-key authentication scheme (password, presentation key, and recovery key),
+ * supporting multiple user profiles under a single account.
  */
 export class CWIStyleWalletManager implements WalletInterface {
   /**
-   * Whether the user is currently authenticated.
+   * Whether the user is currently authenticated (i.e., root keys are available).
    */
   authenticated: boolean
 
   /**
    * The domain name of the administrative originator (wallet operator / vendor, or your own).
    */
-  private adminOriginator: string
+  private adminOriginator: OriginatorDomainNameStringUnder250Bytes
 
   /**
    * The system that locates and publishes UMP tokens on-chain.
@@ -503,26 +544,25 @@ export class CWIStyleWalletManager implements WalletInterface {
   private passwordRetriever: (reason: string, test: (passwordCandidate: string) => boolean) => Promise<string>
 
   /**
-   * An optional function that funds a new Wallet after the new-user flow, before the system proceeds.
-   * Allows integration with faucets, and provides the presentation key for use in claiming faucet funds
-   * that may be bound to it.
+   * Optional function to fund a new Wallet after the new-user flow.
    */
   private newWalletFunder?: (
     presentationKey: number[],
-    wallet: WalletInterface,
+    wallet: WalletInterface, // The default profile wallet
     adminOriginator: OriginatorDomainNameStringUnder250Bytes
   ) => Promise<void>
 
   /**
-   * Builds the underlying wallet once the user has been authenticated.
+   * Builds the underlying wallet for a specific profile.
    */
-  private walletBuilder: (primaryKey: number[], privilegedKeyManager: PrivilegedKeyManager) => Promise<WalletInterface>
+  private walletBuilder: (
+    profilePrimaryKey: number[],
+    profilePrivilegedKeyManager: PrivilegedKeyManager,
+    profileId: number[]
+  ) => Promise<WalletInterface>
 
   /**
-   * The current mode of authentication:
-   *  - 'presentation-key-and-password'
-   *  - 'presentation-key-and-recovery-key'
-   *  - 'recovery-key-and-password'
+   * Current mode of authentication.
    */
   authenticationMode:
     | 'presentation-key-and-password'
@@ -530,66 +570,74 @@ export class CWIStyleWalletManager implements WalletInterface {
     | 'recovery-key-and-password' = 'presentation-key-and-password'
 
   /**
-   * Indicates whether this is a new user or an existing user flow:
-   *  - 'new-user'
-   *  - 'existing-user'
+   * Indicates new user or existing user flow.
    */
   authenticationFlow: 'new-user' | 'existing-user' = 'new-user'
 
   /**
-   * The current UMP token in use (representing the user's keys on-chain).
+   * The current UMP token in use.
    */
   private currentUMPToken?: UMPToken
 
   /**
-   * The presentation key, temporarily retained after being provided until authenticated.
+   * Temporarily retained presentation key.
    */
   private presentationKey?: number[]
 
   /**
-   * The recovery key, temporarily retained after being provided until authenticated.
+   * Temporarily retained recovery key.
    */
   private recoveryKey?: number[]
 
   /**
-   * The user's primary key, which is used to operate the underlying wallet.
-   * It is also stored within state snapshots.
+   * The user's *root* primary key, derived from authentication factors.
+   */
+  private rootPrimaryKey?: number[]
+
+  /**
+   * The currently active profile ID (null or DEFAULT_PROFILE_ID means default profile).
+   */
+  private activeProfileId: number[] = DEFAULT_PROFILE_ID
+
+  /**
+   * List of loaded non-default profiles.
    */
-  private primaryKey?: number[]
+  private profiles: Profile[] = []
 
   /**
-   * The underlying wallet that handles the
-   * actual signing, encryption, and other wallet operations.
+   * The underlying wallet instance for the *active* profile.
    */
   private underlying?: WalletInterface
 
   /**
-   * Privileged key manager associated with the underlying wallet, used for
-   * short-term administrative tasks (e.g. re-wrapping or rotating keys).
+   * Privileged key manager associated with the *root* keys, aware of the active profile.
    */
-  private underlyingPrivilegedKeyManager?: PrivilegedKeyManager
+  private rootPrivilegedKeyManager?: PrivilegedKeyManager
 
   /**
    * Constructs a new CWIStyleWalletManager.
    *
    * @param adminOriginator   The domain name of the administrative originator.
-   * @param walletBuilder     A function that can build an underlying wallet instance
-   *                          from a primary key and a privileged key manager
-   * @param interactor        An instance of UMPTokenInteractor capable of managing UMP tokens.
-   * @param recoveryKeySaver  A function that can persist or display a newly generated recovery key.
-   * @param passwordRetriever A function to request the user's password, given a reason and a test function.
-   * @param newWalletFunder   An optional function called with the presentation key and a new Wallet post-construction to fund it before use.
-   * @param stateSnapshot     If provided, a previously saved snapshot of the wallet's state.
+   * @param walletBuilder     A function that can build an underlying wallet instance for a profile.
+   * @param interactor        An instance of UMPTokenInteractor.
+   * @param recoveryKeySaver  A function to persist a new recovery key.
+   * @param passwordRetriever A function to request the user's password.
+   * @param newWalletFunder   Optional function to fund a new wallet.
+   * @param stateSnapshot     Optional previously saved state snapshot.
    */
   constructor(
     adminOriginator: OriginatorDomainNameStringUnder250Bytes,
-    walletBuilder: (primaryKey: number[], privilegedKeyManager: PrivilegedKeyManager) => Promise<WalletInterface>,
+    walletBuilder: (
+      profilePrimaryKey: number[],
+      profilePrivilegedKeyManager: PrivilegedKeyManager,
+      profileId: number[]
+    ) => Promise<WalletInterface>,
     interactor: UMPTokenInteractor = new OverlayUMPTokenInteractor(),
     recoveryKeySaver: (key: number[]) => Promise<true>,
     passwordRetriever: (reason: string, test: (passwordCandidate: string) => boolean) => Promise<string>,
     newWalletFunder?: (
       presentationKey: number[],
-      wallet: WalletInterface,
+      wallet: WalletInterface, // Default profile wallet
       adminOriginator: OriginatorDomainNameStringUnder250Bytes
     ) => Promise<void>,
     stateSnapshot?: number[]
@@ -603,18 +651,22 @@ export class CWIStyleWalletManager implements WalletInterface {
     this.newWalletFunder = newWalletFunder
 
     // If a saved snapshot is provided, attempt to load it.
+    // Note: loadSnapshot now returns a promise. We don't await it here,
+    // as the constructor must be synchronous. The caller should check
+    // `this.authenticated` after construction if a snapshot was provided.
     if (stateSnapshot) {
-      this.loadSnapshot(stateSnapshot)
+      this.loadSnapshot(stateSnapshot).catch(err => {
+        console.error('Failed to load snapshot during construction:', err)
+        // Clear potentially partially loaded state
+        this.destroy()
+      })
     }
   }
 
+  // --- Authentication Methods ---
+
   /**
-   * Provides the presentation key in an authentication mode that requires it.
-   * If a UMP token is found based on the key's hash, this is an existing-user flow.
-   * Otherwise, it is treated as a new-user flow.
-   *
-   * @param key The user's presentation key (32 bytes).
-   * @throws {Error} if user is already authenticated, or if the current mode does not require a presentation key.
+   * Provides the presentation key.
    */
   async providePresentationKey(key: number[]): Promise<void> {
     if (this.authenticated) {
@@ -640,17 +692,7 @@ export class CWIStyleWalletManager implements WalletInterface {
   }
 
   /**
-   * Provides the password in an authentication mode that requires it.
-   *
-   * - **Existing user**:
-   *   Decrypts the primary key using the provided password (and either the presentation key or recovery key, depending on the mode).
-   *   Then builds the underlying wallet, marking the user as authenticated.
-   *
-   * - **New user**:
-   *   Generates a new UMP token with fresh keys (primary, privileged, recovery). Publishes it on-chain and builds the wallet.
-   *
-   * @param password The user's password as a string.
-   * @throws {Error} If the user is already authenticated, if the mode does not use a password, or if required keys are missing.
+   * Provides the password.
    */
   async providePassword(password: string): Promise<void> {
     if (this.authenticated) {
@@ -660,12 +702,10 @@ export class CWIStyleWalletManager implements WalletInterface {
       throw new Error('Password is not needed in this mode')
     }
 
-    // If we detect an existing user flow:
     if (this.authenticationFlow === 'existing-user') {
+      // Existing user flow
       if (!this.currentUMPToken) {
-        throw new Error(
-          'Provide either a presentation key or a recovery key first, depending on the authentication mode.'
-        )
+        throw new Error('Provide presentation or recovery key first.')
       }
       const derivedPasswordKey = Hash.pbkdf2(
         Utils.toArray(password, 'utf8'),
@@ -675,140 +715,123 @@ export class CWIStyleWalletManager implements WalletInterface {
         'sha512'
       )
 
-      if (this.authenticationMode === 'presentation-key-and-password') {
-        if (!this.presentationKey) {
-          throw new Error('No presentation key found!')
-        }
+      let rootPrimaryKey: number[]
+      let rootPrivilegedKey: number[] | undefined // Only needed for recovery mode
 
-        // Decrypt the primary key with XOR(presentationKey, derivedPasswordKey).
+      if (this.authenticationMode === 'presentation-key-and-password') {
+        if (!this.presentationKey) throw new Error('No presentation key found!')
         const xorKey = this.XOR(this.presentationKey, derivedPasswordKey)
-        const decryptedPrimary = new SymmetricKey(xorKey).decrypt(
-          this.currentUMPToken.passwordPresentationPrimary
-        ) as number[]
-
-        await this.buildUnderlying(decryptedPrimary)
+        rootPrimaryKey = new SymmetricKey(xorKey).decrypt(this.currentUMPToken.passwordPresentationPrimary) as number[]
       } else {
-        // 'recovery-key-and-password' mode
-        if (!this.recoveryKey) {
-          throw new Error('No recovery key found!')
-        }
-
-        // Decrypt the primary key with XOR(recoveryKey, derivedPasswordKey).
+        // 'recovery-key-and-password'
+        if (!this.recoveryKey) throw new Error('No recovery key found!')
         const primaryDecryptionKey = this.XOR(this.recoveryKey, derivedPasswordKey)
-        const decryptedPrimary = new SymmetricKey(primaryDecryptionKey).decrypt(
+        rootPrimaryKey = new SymmetricKey(primaryDecryptionKey).decrypt(
           this.currentUMPToken.passwordRecoveryPrimary
         ) as number[]
-
-        // Decrypt the privileged key for immediate use.
-        const privilegedDecryptionKey = this.XOR(decryptedPrimary, derivedPasswordKey)
-        const decryptedPrivileged = new SymmetricKey(privilegedDecryptionKey).decrypt(
+        const privilegedDecryptionKey = this.XOR(rootPrimaryKey, derivedPasswordKey)
+        rootPrivilegedKey = new SymmetricKey(privilegedDecryptionKey).decrypt(
           this.currentUMPToken.passwordPrimaryPrivileged
         ) as number[]
-
-        await this.buildUnderlying(decryptedPrimary, decryptedPrivileged)
+      }
+      // Build root infrastructure, load profiles, and switch to default profile initially
+      await this.setupRootInfrastructure(rootPrimaryKey, rootPrivilegedKey)
+      await this.switchProfile(this.activeProfileId)
+    } else {
+      // New user flow (only 'presentation-key-and-password')
+      if (this.authenticationMode !== 'presentation-key-and-password') {
+        throw new Error('New-user flow requires presentation key and password mode.')
+      }
+      if (!this.presentationKey) {
+        throw new Error('No presentation key provided for new-user flow.')
       }
 
-      return
-    }
-
-    // Otherwise, handle new user flow (only valid in 'presentation-key-and-password').
-    if (this.authenticationMode !== 'presentation-key-and-password') {
-      throw new Error('New-user flow requires presentation key and password, not recovery key mode.')
-    }
-
-    if (!this.presentationKey) {
-      throw new Error('No presentation key provided for new-user flow.')
-    }
-
-    // Generate new random keys/salt and create a new UMP token.
-    const recoveryKey = Random(32)
-    await this.recoveryKeySaver(recoveryKey)
-
-    const passwordSalt = Random(32)
-    const passwordKey = Hash.pbkdf2(Utils.toArray(password, 'utf8'), passwordSalt, PBKDF2_NUM_ROUNDS, 32, 'sha512')
-
-    const primaryKey = Random(32)
-    const privilegedKey = Random(32)
-
-    // Build XOR-based symmetrical keys:
-    const presentationPassword = new SymmetricKey(this.XOR(this.presentationKey, passwordKey))
-    const presentationRecovery = new SymmetricKey(this.XOR(this.presentationKey, recoveryKey))
-    const recoveryPassword = new SymmetricKey(this.XOR(recoveryKey, passwordKey))
-    const primaryPassword = new SymmetricKey(this.XOR(primaryKey, passwordKey))
+      // Generate new keys/salt
+      const recoveryKey = Random(32)
+      await this.recoveryKeySaver(recoveryKey)
+      const passwordSalt = Random(32)
+      const passwordKey = Hash.pbkdf2(Utils.toArray(password, 'utf8'), passwordSalt, PBKDF2_NUM_ROUNDS, 32, 'sha512')
+      const rootPrimaryKey = Random(32)
+      const rootPrivilegedKey = Random(32)
+
+      // Build XOR keys
+      const presentationPassword = new SymmetricKey(this.XOR(this.presentationKey, passwordKey))
+      const presentationRecovery = new SymmetricKey(this.XOR(this.presentationKey, recoveryKey))
+      const recoveryPassword = new SymmetricKey(this.XOR(recoveryKey, passwordKey))
+      const primaryPassword = new SymmetricKey(this.XOR(rootPrimaryKey, passwordKey))
+
+      // Temp manager for encryption
+      const tempPrivilegedKeyManager = new PrivilegedKeyManager(async () => new PrivateKey(rootPrivilegedKey))
+
+      // Build new UMP token (no profiles initially)
+      const newToken: UMPToken = {
+        passwordSalt,
+        passwordPresentationPrimary: presentationPassword.encrypt(rootPrimaryKey) as number[],
+        passwordRecoveryPrimary: recoveryPassword.encrypt(rootPrimaryKey) as number[],
+        presentationRecoveryPrimary: presentationRecovery.encrypt(rootPrimaryKey) as number[],
+        passwordPrimaryPrivileged: primaryPassword.encrypt(rootPrivilegedKey) as number[],
+        presentationRecoveryPrivileged: presentationRecovery.encrypt(rootPrivilegedKey) as number[],
+        presentationHash: Hash.sha256(this.presentationKey),
+        recoveryHash: Hash.sha256(recoveryKey),
+        presentationKeyEncrypted: (
+          await tempPrivilegedKeyManager.encrypt({
+            plaintext: this.presentationKey,
+            protocolID: [2, 'admin key wrapping'],
+            keyID: '1'
+          })
+        ).ciphertext,
+        passwordKeyEncrypted: (
+          await tempPrivilegedKeyManager.encrypt({
+            plaintext: passwordKey,
+            protocolID: [2, 'admin key wrapping'],
+            keyID: '1'
+          })
+        ).ciphertext,
+        recoveryKeyEncrypted: (
+          await tempPrivilegedKeyManager.encrypt({
+            plaintext: recoveryKey,
+            protocolID: [2, 'admin key wrapping'],
+            keyID: '1'
+          })
+        ).ciphertext,
+        profilesEncrypted: undefined // No profiles yet
+      }
+      this.currentUMPToken = newToken
 
-    // Temporarily create a privileged key manager for encrypting the keys in the token.
-    const tempPrivilegedKeyManager = new PrivilegedKeyManager(async () => new PrivateKey(privilegedKey))
+      // Setup root infrastructure and switch to default profile
+      await this.setupRootInfrastructure(rootPrimaryKey)
+      await this.switchProfile(DEFAULT_PROFILE_ID)
 
-    // Build the new UMP token:
-    const newToken: UMPToken = {
-      passwordSalt,
-      passwordPresentationPrimary: presentationPassword.encrypt(primaryKey) as number[],
-      passwordRecoveryPrimary: recoveryPassword.encrypt(primaryKey) as number[],
-      presentationRecoveryPrimary: presentationRecovery.encrypt(primaryKey) as number[],
-      passwordPrimaryPrivileged: primaryPassword.encrypt(privilegedKey) as number[],
-      presentationRecoveryPrivileged: presentationRecovery.encrypt(privilegedKey) as number[],
-      presentationHash: Hash.sha256(this.presentationKey),
-      recoveryHash: Hash.sha256(recoveryKey),
-      presentationKeyEncrypted: (
-        await tempPrivilegedKeyManager.encrypt({
-          plaintext: this.presentationKey,
-          protocolID: [2, 'admin key wrapping'],
-          keyID: '1'
-        })
-      ).ciphertext,
-      passwordKeyEncrypted: (
-        await tempPrivilegedKeyManager.encrypt({
-          plaintext: passwordKey,
-          protocolID: [2, 'admin key wrapping'],
-          keyID: '1'
-        })
-      ).ciphertext,
-      recoveryKeyEncrypted: (
-        await tempPrivilegedKeyManager.encrypt({
-          plaintext: recoveryKey,
-          protocolID: [2, 'admin key wrapping'],
-          keyID: '1'
-        })
-      ).ciphertext
-    }
-
-    // Now, we can create our new wallet!
-    this.currentUMPToken = newToken
-    await this.buildUnderlying(primaryKey)
+      // Fund the *default* wallet if funder provided
+      if (this.newWalletFunder && this.underlying) {
+        try {
+          await this.newWalletFunder(this.presentationKey, this.underlying, this.adminOriginator)
+        } catch (e) {
+          console.error('Error funding new wallet:', e)
+          // Decide if this should halt the process or just log
+        }
+      }
 
-    // Before we do anything, the new wallet is most likely empty right now.
-    // We want to provide a chance for someone to fund it, if they want.
-    if (this.newWalletFunder) {
-      try {
-        await this.newWalletFunder(this.presentationKey, this.underlying!, this.adminOriginator)
-      } catch (e) {
-        // swallow error
-        // TODO: Implement better error handling
-        console.error(e)
+      // Publish the new UMP token *after* potentially funding
+      // We need the default profile wallet to sign the UMP creation TX
+      if (!this.underlying) {
+        throw new Error('Default profile wallet not built before attempting to publish UMP token.')
       }
+      this.currentUMPToken.currentOutpoint = await this.UMPTokenInteractor.buildAndSend(
+        this.underlying, // Use the default profile wallet
+        this.adminOriginator,
+        newToken
+      )
     }
-
-    // Publish the new UMP token on-chain and store the resulting outpoint.
-    this.currentUMPToken.currentOutpoint = await this.UMPTokenInteractor.buildAndSend(
-      this.underlying!,
-      this.adminOriginator,
-      newToken
-    )
   }
 
   /**
-   * Provides the recovery key in an authentication flow that requires it.
-   *
-   * @param recoveryKey The user's recovery key (32 bytes).
-   * @throws {Error} if user is already authenticated, if the mode does not use a recovery key,
-   *                 or if a required presentation key is missing in "presentation-key-and-recovery-key" mode.
+   * Provides the recovery key.
    */
   async provideRecoveryKey(recoveryKey: number[]): Promise<void> {
     if (this.authenticated) {
       throw new Error('Already authenticated')
     }
-
-    // Cannot use recovery key in a new-user flow
     if (this.authenticationFlow === 'new-user') {
       throw new Error('Do not submit recovery key in new-user flow')
     }
@@ -816,390 +839,605 @@ export class CWIStyleWalletManager implements WalletInterface {
     if (this.authenticationMode === 'presentation-key-and-password') {
       throw new Error('No recovery key required in this mode')
     } else if (this.authenticationMode === 'recovery-key-and-password') {
-      // We will need to wait until the user provides the password as well.
+      // Wait for password
       const hash = Hash.sha256(recoveryKey)
       const token = await this.UMPTokenInteractor.findByRecoveryKeyHash(hash)
-      if (!token) {
-        throw new Error('No user found with this key')
-      }
+      if (!token) throw new Error('No user found with this recovery key')
       this.recoveryKey = recoveryKey
       this.currentUMPToken = token
     } else {
       // 'presentation-key-and-recovery-key'
-      if (!this.presentationKey) {
-        throw new Error('Provide the presentation key first')
-      }
-      if (!this.currentUMPToken) {
-        throw new Error('Current UMP token not found')
-      }
+      if (!this.presentationKey) throw new Error('Provide the presentation key first')
+      if (!this.currentUMPToken) throw new Error('Current UMP token not found')
 
-      // Decrypt the primary key:
       const xorKey = this.XOR(this.presentationKey, recoveryKey)
-      const primaryKey = new SymmetricKey(xorKey).decrypt(this.currentUMPToken.presentationRecoveryPrimary) as number[]
-
-      // Decrypt the privileged key (for account recovery).
-      const privilegedKey = new SymmetricKey(xorKey).decrypt(
+      const rootPrimaryKey = new SymmetricKey(xorKey).decrypt(
+        this.currentUMPToken.presentationRecoveryPrimary
+      ) as number[]
+      const rootPrivilegedKey = new SymmetricKey(xorKey).decrypt(
         this.currentUMPToken.presentationRecoveryPrivileged
       ) as number[]
 
-      await this.buildUnderlying(primaryKey, privilegedKey)
+      // Build root infrastructure, load profiles, switch to default
+      await this.setupRootInfrastructure(rootPrimaryKey, rootPrivilegedKey)
+      await this.switchProfile(this.activeProfileId)
     }
   }
 
+  // --- State Management Methods ---
+
   /**
-   * Saves the current wallet state (including the current UMP token and primary key)
-   * into an encrypted snapshot. This snapshot can be stored locally and later passed
-   * to `loadSnapshot` to restore the wallet state without re-authenticating manually.
-   *
-   * @remarks
-   * Storing the snapshot provides a fully authenticated state.
-   * This **must** be securely stored (e.g. system keychain or encrypted file).
-   * If attackers gain access to this snapshot, they can fully control the wallet.
+   * Saves the current wallet state (root key, UMP token, active profile) into an encrypted snapshot.
+   * Version 2 format: [1 byte version=2] + [32 byte snapshot key] + [16 byte activeProfileId] + [encrypted payload]
+   * Encrypted Payload: [32 byte rootPrimaryKey] + [varint token length + serialized UMP token]
    *
-   * @returns An array of bytes representing the encrypted snapshot.
-   * @throws {Error} if no primary key or token is currently set.
+   * @returns Encrypted snapshot bytes.
    */
   saveSnapshot(): number[] {
-    if (!this.primaryKey || !this.currentUMPToken) {
-      throw new Error('No primary key or current UMP token set')
+    if (!this.rootPrimaryKey || !this.currentUMPToken) {
+      throw new Error('No root primary key or current UMP token set')
     }
 
-    // Generate a random snapshot encryption key:
     const snapshotKey = Random(32)
-
-    // Serialize the relevant data to a preimage buffer:
     const snapshotPreimageWriter = new Utils.Writer()
 
-    // Write the primary key (32 bytes):
-    snapshotPreimageWriter.write(this.primaryKey)
+    // Write root primary key
+    snapshotPreimageWriter.write(this.rootPrimaryKey)
 
-    // Write the serialized UMP token:
+    // Write serialized UMP token (must have outpoint)
+    if (!this.currentUMPToken.currentOutpoint) {
+      throw new Error('UMP token cannot be saved without a current outpoint.')
+    }
     const serializedToken = this.serializeUMPToken(this.currentUMPToken)
+    snapshotPreimageWriter.writeVarIntNum(serializedToken.length)
     snapshotPreimageWriter.write(serializedToken)
 
-    // Encrypt the combined data with the snapshotKey:
+    // Encrypt the payload
     const snapshotPreimage = snapshotPreimageWriter.toArray()
     const snapshotPayload = new SymmetricKey(snapshotKey).encrypt(snapshotPreimage) as number[]
 
-    // Build the final snapshot structure: [snapshotKey (32 bytes) + encryptedPayload]
+    // Build final snapshot (Version 2)
     const snapshotWriter = new Utils.Writer()
+    snapshotWriter.writeUInt8(2) // Version
     snapshotWriter.write(snapshotKey)
-    snapshotWriter.write(snapshotPayload)
+    snapshotWriter.write(this.activeProfileId) // Active profile ID
+    snapshotWriter.write(snapshotPayload) // Encrypted data
 
     return snapshotWriter.toArray()
   }
 
   /**
-   * Loads a previously saved state snapshot (e.g. from `saveSnapshot`).
-   * Upon success, the wallet becomes authenticated without needing to re-enter keys.
+   * Loads a previously saved state snapshot. Restores root key, UMP token, profiles, and active profile.
+   * Handles Version 1 (legacy) and Version 2 formats.
    *
-   * @param snapshot An array of bytes that was previously produced by `saveSnapshot`.
-   * @throws {Error} If the snapshot format is invalid or decryption fails.
+   * @param snapshot Encrypted snapshot bytes.
    */
   async loadSnapshot(snapshot: number[]): Promise<void> {
     try {
       const reader = new Utils.Reader(snapshot)
+      const version = reader.readUInt8()
+
+      let snapshotKey: number[]
+      let encryptedPayload: number[]
+      let activeProfileId = DEFAULT_PROFILE_ID // Default for V1
+
+      if (version === 1) {
+        snapshotKey = reader.read(32)
+        encryptedPayload = reader.read()
+      } else if (version === 2) {
+        snapshotKey = reader.read(32)
+        activeProfileId = reader.read(16) // Read active profile ID
+        encryptedPayload = reader.read()
+      } else {
+        throw new Error(`Unsupported snapshot version: ${version}`)
+      }
 
-      // First 32 bytes is the snapshotKey:
-      const snapshotKey = reader.read(32)
-
-      // The rest is the encrypted payload:
-      const encryptedPayload = reader.read()
-
-      // Decrypt the payload:
+      // Decrypt payload
       const decryptedPayload = new SymmetricKey(snapshotKey).decrypt(encryptedPayload) as number[]
-
       const payloadReader = new Utils.Reader(decryptedPayload)
 
-      // Read the primary key (32 bytes):
-      const primaryKey = payloadReader.read(32)
+      // Read root primary key
+      const rootPrimaryKey = payloadReader.read(32)
 
-      // Read the remainder as the serialized UMP token:
-      const tokenBytes = payloadReader.read()
+      // Read serialized UMP token
+      const tokenLen = payloadReader.readVarIntNum()
+      const tokenBytes = payloadReader.read(tokenLen)
       const token = this.deserializeUMPToken(tokenBytes)
 
-      // Assign and build:
+      // Assign loaded data
       this.currentUMPToken = token
-      await this.buildUnderlying(primaryKey)
+
+      // Setup root infrastructure, load profiles, and switch to the loaded active profile
+      await this.setupRootInfrastructure(rootPrimaryKey) // Will automatically load profiles
+      await this.switchProfile(activeProfileId) // Switch to the profile saved in the snapshot
+
+      this.authenticationFlow = 'existing-user' // Loading implies existing user
     } catch (error) {
+      this.destroy() // Clear state on error
       throw new Error(`Failed to load snapshot: ${(error as Error).message}`)
     }
   }
 
   /**
-   * Destroys the underlying wallet, returning to a default state
+   * Destroys the wallet state, clearing keys, tokens, and profiles.
    */
   destroy(): void {
     this.underlying = undefined
-    this.underlyingPrivilegedKeyManager = undefined
+    this.rootPrivilegedKeyManager = undefined
     this.authenticated = false
-    this.primaryKey = undefined
+    this.rootPrimaryKey = undefined
     this.currentUMPToken = undefined
     this.presentationKey = undefined
     this.recoveryKey = undefined
+    this.profiles = []
+    this.activeProfileId = DEFAULT_PROFILE_ID
     this.authenticationMode = 'presentation-key-and-password'
     this.authenticationFlow = 'new-user'
   }
 
+  // --- Profile Management Methods ---
+
   /**
-   * Changes the user's password, re-wrapping the primary and privileged keys with the new password factor.
-   *
-   * @param newPassword The user's new password as a string.
-   * @throws {Error} If the user is not authenticated, or if underlying token references are missing.
+   * Lists all available profiles, including the default profile.
+   * @returns Array of profile info objects, including an 'active' flag.
    */
-  async changePassword(newPassword: string): Promise<void> {
+  listProfiles(): Array<{ id: number[]; name: string; createdAt: number | null; active: boolean }> {
     if (!this.authenticated) {
       throw new Error('Not authenticated.')
     }
-    if (!this.currentUMPToken) {
-      throw new Error('No UMP token to update.')
+    const profileList = [
+      // Default profile
+      {
+        id: DEFAULT_PROFILE_ID,
+        name: 'default',
+        createdAt: null, // Default profile doesn't have a creation timestamp in the same way
+        active: this.activeProfileId.every(x => x === 0)
+      },
+      // Other profiles
+      ...this.profiles.map(p => ({
+        id: p.id,
+        name: p.name,
+        createdAt: p.createdAt,
+        active: this.activeProfileId.every((x, i) => x === p.id[i])
+      }))
+    ]
+    return profileList
+  }
+
+  /**
+   * Adds a new profile with the given name.
+   * Generates necessary pads and updates the UMP token.
+   * Does not switch to the new profile automatically.
+   *
+   * @param name The desired name for the new profile.
+   * @returns The ID of the newly created profile.
+   */
+  async addProfile(name: string): Promise<number[]> {
+    if (!this.authenticated || !this.rootPrimaryKey || !this.currentUMPToken || !this.rootPrivilegedKeyManager) {
+      throw new Error('Wallet not fully initialized or authenticated.')
+    }
+
+    // Ensure name is unique (including 'default')
+    if (name === 'default' || this.profiles.some(p => p.name.toLowerCase() === name.toLowerCase())) {
+      throw new Error(`Profile name "${name}" is already in use.`)
+    }
+
+    const newProfile: Profile = {
+      name,
+      id: Random(16),
+      primaryPad: Random(32),
+      privilegedPad: Random(32),
+      createdAt: Math.floor(Date.now() / 1000)
+    }
+
+    this.profiles.push(newProfile)
+
+    // Update the UMP token with the new profile list
+    await this.updateAuthFactors(
+      this.currentUMPToken.passwordSalt,
+      // Need to re-derive/decrypt factors needed for re-encryption
+      await this.getFactor('passwordKey'),
+      await this.getFactor('presentationKey'),
+      await this.getFactor('recoveryKey'),
+      this.rootPrimaryKey,
+      await this.getFactor('privilegedKey', true), // Get ROOT privileged key
+      this.profiles // Pass the updated profile list
+    )
+
+    return newProfile.id
+  }
+
+  /**
+   * Deletes a profile by its ID.
+   * Cannot delete the default profile. If the active profile is deleted,
+   * it switches back to the default profile.
+   *
+   * @param profileId The 16-byte ID of the profile to delete.
+   */
+  async deleteProfile(profileId: number[]): Promise<void> {
+    if (!this.authenticated || !this.rootPrimaryKey || !this.currentUMPToken || !this.rootPrivilegedKeyManager) {
+      throw new Error('Wallet not fully initialized or authenticated.')
+    }
+    if (profileId.every(x => x === 0)) {
+      throw new Error('Cannot delete the default profile.')
+    }
+
+    const profileIndex = this.profiles.findIndex(p => p.id.every((x, i) => x === profileId[i]))
+    if (profileIndex === -1) {
+      throw new Error('Profile not found.')
+    }
+
+    // Remove the profile
+    this.profiles.splice(profileIndex, 1)
+
+    // If the deleted profile was active, switch to default
+    if (this.activeProfileId.every((x, i) => x === profileId[i])) {
+      await this.switchProfile(DEFAULT_PROFILE_ID) // This rebuilds the wallet
+    }
+
+    // Update the UMP token
+    await this.updateAuthFactors(
+      this.currentUMPToken.passwordSalt,
+      await this.getFactor('passwordKey'),
+      await this.getFactor('presentationKey'),
+      await this.getFactor('recoveryKey'),
+      this.rootPrimaryKey,
+      await this.getFactor('privilegedKey', true), // Get ROOT privileged key
+      this.profiles // Pass updated list
+    )
+  }
+
+  /**
+   * Switches the active profile. This re-derives keys and rebuilds the underlying wallet.
+   *
+   * @param profileId The 16-byte ID of the profile to switch to (use DEFAULT_PROFILE_ID for default).
+   */
+  async switchProfile(profileId: number[]): Promise<void> {
+    if (!this.authenticated || !this.rootPrimaryKey || !this.rootPrivilegedKeyManager) {
+      throw new Error('Cannot switch profile: Wallet not authenticated or root keys missing.')
+    }
+
+    let profilePrimaryKey: number[]
+    let profilePrivilegedPad: number[] | undefined // Pad for the target profile
+
+    if (profileId.every(x => x === 0)) {
+      // Switching to default profile
+      profilePrimaryKey = this.rootPrimaryKey
+      profilePrivilegedPad = undefined // No pad for default
+      this.activeProfileId = DEFAULT_PROFILE_ID
+    } else {
+      // Switching to a non-default profile
+      const profile = this.profiles.find(p => p.id.every((x, i) => x === profileId[i]))
+      if (!profile) {
+        throw new Error('Profile not found.')
+      }
+      profilePrimaryKey = this.XOR(this.rootPrimaryKey, profile.primaryPad)
+      profilePrivilegedPad = profile.privilegedPad
+      this.activeProfileId = profileId
+    }
+
+    // Create a *profile-specific* PrivilegedKeyManager.
+    // It uses the ROOT manager internally but applies the profile's pad.
+    const profilePrivilegedKeyManager = new PrivilegedKeyManager(async (reason: string) => {
+      // Request the ROOT privileged key using the root manager
+      const rootPrivileged: PrivateKey = await (this.rootPrivilegedKeyManager as any).getPrivilegedKey(reason)
+      const rootPrivilegedBytes = rootPrivileged.toArray()
+
+      // Apply the profile's pad if applicable
+      const profilePrivilegedBytes = profilePrivilegedPad
+        ? this.XOR(rootPrivilegedBytes, profilePrivilegedPad)
+        : rootPrivilegedBytes
+
+      return new PrivateKey(profilePrivilegedBytes)
+    })
+
+    // Build the underlying wallet for the specific profile
+    this.underlying = await this.walletBuilder(
+      profilePrimaryKey,
+      profilePrivilegedKeyManager, // Pass the profile-specific manager
+      this.activeProfileId // Pass the ID of the profile being activated
+    )
+  }
+
+  // --- Key Management Methods ---
+
+  /**
+   * Changes the user's password. Re-wraps keys and updates the UMP token.
+   */
+  async changePassword(newPassword: string): Promise<void> {
+    if (!this.authenticated || !this.currentUMPToken || !this.rootPrimaryKey || !this.rootPrivilegedKeyManager) {
+      throw new Error('Not authenticated or missing required data.')
     }
 
     const passwordSalt = Random(32)
-    const passwordKey = Hash.pbkdf2(Utils.toArray(newPassword, 'utf8'), passwordSalt, PBKDF2_NUM_ROUNDS, 32, 'sha512')
-
-    // Decrypt existing factors via the privileged key manager:
-    const recoveryKey = (
-      await this.underlyingPrivilegedKeyManager!.decrypt({
-        ciphertext: this.currentUMPToken.recoveryKeyEncrypted,
-        protocolID: [2, 'admin key wrapping'],
-        keyID: '1'
-      })
-    ).plaintext
-    const presentationKey = (
-      await this.underlyingPrivilegedKeyManager!.decrypt({
-        ciphertext: this.currentUMPToken.presentationKeyEncrypted,
-        protocolID: [2, 'admin key wrapping'],
-        keyID: '1'
-      })
-    ).plaintext
-    const privilegedKey = new SymmetricKey(this.XOR(presentationKey, recoveryKey)).decrypt(
-      this.currentUMPToken.presentationRecoveryPrivileged
-    ) as number[]
+    const newPasswordKey = Hash.pbkdf2(
+      Utils.toArray(newPassword, 'utf8'),
+      passwordSalt,
+      PBKDF2_NUM_ROUNDS,
+      32,
+      'sha512'
+    )
+
+    // Decrypt existing factors needed for re-encryption, using the *root* privileged key manager
+    const recoveryKey = await this.getFactor('recoveryKey')
+    const presentationKey = await this.getFactor('presentationKey')
+    const rootPrivilegedKey = await this.getFactor('privilegedKey', true) // Get ROOT privileged key
 
     await this.updateAuthFactors(
       passwordSalt,
-      passwordKey,
+      newPasswordKey,
       presentationKey,
       recoveryKey,
-      this.primaryKey!,
-      privilegedKey
+      this.rootPrimaryKey,
+      rootPrivilegedKey, // Pass the explicitly fetched root key
+      this.profiles // Preserve existing profiles
     )
   }
 
   /**
-   * Retrieves the current recovery key.
-   *
-   * @throws {Error} If the user is not authenticated, or if underlying token references are missing.
+   * Retrieves the current recovery key. Requires privileged access.
    */
   async getRecoveryKey(): Promise<number[]> {
-    if (!this.authenticated) {
-      throw new Error('Not authenticated.')
+    if (!this.authenticated || !this.currentUMPToken || !this.rootPrivilegedKeyManager) {
+      throw new Error('Not authenticated or missing required data.')
     }
-    if (!this.currentUMPToken) {
-      throw new Error('No UMP token!')
-    }
-    return (
-      await this.underlyingPrivilegedKeyManager!.decrypt({
-        ciphertext: this.currentUMPToken.recoveryKeyEncrypted,
-        protocolID: [2, 'admin key wrapping'],
-        keyID: '1'
-      })
-    ).plaintext
+    return this.getFactor('recoveryKey')
   }
 
   /**
-   * Changes the user's recovery key, prompting the user to save the new key.
-   *
-   * @throws {Error} If the user is not authenticated, or if underlying token references are missing.
+   * Changes the user's recovery key. Prompts user to save the new key.
    */
   async changeRecoveryKey(): Promise<void> {
-    if (!this.authenticated) {
-      throw new Error('Not authenticated.')
-    }
-    if (!this.currentUMPToken) {
-      throw new Error('No UMP token to update.')
+    if (!this.authenticated || !this.currentUMPToken || !this.rootPrimaryKey || !this.rootPrivilegedKeyManager) {
+      throw new Error('Not authenticated or missing required data.')
     }
 
-    // Decrypt existing password/presentation keys via the privileged key manager:
-    const passwordKey = (
-      await this.underlyingPrivilegedKeyManager!.decrypt({
-        ciphertext: this.currentUMPToken.passwordKeyEncrypted,
-        protocolID: [2, 'admin key wrapping'],
-        keyID: '1'
-      })
-    ).plaintext
-    const presentationKey = (
-      await this.underlyingPrivilegedKeyManager!.decrypt({
-        ciphertext: this.currentUMPToken.presentationKeyEncrypted,
-        protocolID: [2, 'admin key wrapping'],
-        keyID: '1'
-      })
-    ).plaintext
-    const privilegedKey = new SymmetricKey(this.XOR(passwordKey, this.primaryKey!)).decrypt(
-      this.currentUMPToken.passwordPrimaryPrivileged
-    ) as number[]
+    // Decrypt existing factors needed
+    const passwordKey = await this.getFactor('passwordKey')
+    const presentationKey = await this.getFactor('presentationKey')
+    const rootPrivilegedKey = await this.getFactor('privilegedKey', true) // Get ROOT privileged key
 
-    const recoveryKey = Random(32)
-    await this.recoveryKeySaver(recoveryKey)
+    // Generate and save new recovery key
+    const newRecoveryKey = Random(32)
+    await this.recoveryKeySaver(newRecoveryKey)
 
     await this.updateAuthFactors(
       this.currentUMPToken.passwordSalt,
       passwordKey,
       presentationKey,
-      recoveryKey,
-      this.primaryKey!,
-      privilegedKey
+      newRecoveryKey, // Use the new key
+      this.rootPrimaryKey,
+      rootPrivilegedKey,
+      this.profiles // Preserve profiles
     )
   }
 
   /**
    * Changes the user's presentation key.
-   *
-   * @param presentationKey The new presentation key (32 bytes).
-   * @throws {Error} If the user is not authenticated, or if underlying token references are missing.
    */
-  async changePresentationKey(presentationKey: number[]): Promise<void> {
-    if (!this.authenticated) {
-      throw new Error('Not authenticated.')
+  async changePresentationKey(newPresentationKey: number[]): Promise<void> {
+    if (!this.authenticated || !this.currentUMPToken || !this.rootPrimaryKey || !this.rootPrivilegedKeyManager) {
+      throw new Error('Not authenticated or missing required data.')
     }
-    if (!this.currentUMPToken) {
-      throw new Error('No UMP token to update.')
+    if (newPresentationKey.length !== 32) {
+      throw new Error('Presentation key must be 32 bytes.')
     }
 
-    // Decrypt existing password/recovery keys via the privileged key manager:
-    const recoveryKey = (
-      await this.underlyingPrivilegedKeyManager!.decrypt({
-        ciphertext: this.currentUMPToken.recoveryKeyEncrypted,
-        protocolID: [2, 'admin key wrapping'],
-        keyID: '1'
-      })
-    ).plaintext
-    const passwordKey = (
-      await this.underlyingPrivilegedKeyManager!.decrypt({
-        ciphertext: this.currentUMPToken.passwordKeyEncrypted,
-        protocolID: [2, 'admin key wrapping'],
-        keyID: '1'
-      })
-    ).plaintext
-    const privilegedKey = new SymmetricKey(this.XOR(passwordKey, this.primaryKey!)).decrypt(
-      this.currentUMPToken.passwordPrimaryPrivileged
-    ) as number[]
+    // Decrypt existing factors
+    const recoveryKey = await this.getFactor('recoveryKey')
+    const passwordKey = await this.getFactor('passwordKey')
+    const rootPrivilegedKey = await this.getFactor('privilegedKey', true) // Get ROOT privileged key
 
     await this.updateAuthFactors(
       this.currentUMPToken.passwordSalt,
       passwordKey,
-      presentationKey,
+      newPresentationKey, // Use the new key
       recoveryKey,
-      this.primaryKey!,
-      privilegedKey
+      this.rootPrimaryKey,
+      rootPrivilegedKey,
+      this.profiles // Preserve profiles
     )
+    // Update the temporarily stored key if it was set
+    if (this.presentationKey) {
+      this.presentationKey = newPresentationKey
+    }
   }
 
+  // --- Internal Helper Methods ---
+
   /**
-   * Internal helper to recompute a UMP token with updated authentication factors and consume the old token on-chain.
-   *
-   * @param passwordSalt    The PBKDF2 salt for the new password factor.
-   * @param passwordKey     The PBKDF2-derived password key (32 bytes).
-   * @param presentationKey The new or existing presentation key (32 bytes).
-   * @param recoveryKey     The new or existing recovery key (32 bytes).
-   * @param primaryKey      The user's primary key for re-wrapping.
-   * @param privilegedKey   The user's privileged key for re-wrapping.
-   * @throws {Error} If the user is not authenticated or if keys are unavailable.
+   * Performs XOR operation on two byte arrays.
+   */
+  private XOR(n1: number[], n2: number[]): number[] {
+    if (n1.length !== n2.length) {
+      // Provide more context in error
+      throw new Error(`XOR length mismatch: ${n1.length} vs ${n2.length}`)
+    }
+    const r = new Array<number>(n1.length)
+    for (let i = 0; i < n1.length; i++) {
+      r[i] = n1[i] ^ n2[i]
+    }
+    return r
+  }
+
+  /**
+   * Helper to decrypt a specific factor (key) stored encrypted in the UMP token.
+   * Requires the root privileged key manager.
+   * @param factorName Name of the factor to decrypt ('passwordKey', 'presentationKey', 'recoveryKey', 'privilegedKey').
+   * @param getRoot If true and factorName is 'privilegedKey', returns the root privileged key bytes directly.
+   * @returns The decrypted key bytes.
+   */
+  private async getFactor(
+    factorName: 'passwordKey' | 'presentationKey' | 'recoveryKey' | 'privilegedKey',
+    getRoot: boolean = false
+  ): Promise<number[]> {
+    if (!this.authenticated || !this.currentUMPToken || !this.rootPrivilegedKeyManager) {
+      throw new Error(`Cannot get factor "${factorName}": Wallet not ready.`)
+    }
+
+    const protocolID: [0 | 1 | 2, string] = [2, 'admin key wrapping'] // Protocol used for encrypting factors
+    const keyID = '1' // Key ID used
+
+    try {
+      switch (factorName) {
+        case 'passwordKey':
+          return (
+            await this.rootPrivilegedKeyManager.decrypt({
+              ciphertext: this.currentUMPToken.passwordKeyEncrypted,
+              protocolID,
+              keyID
+            })
+          ).plaintext
+        case 'presentationKey':
+          return (
+            await this.rootPrivilegedKeyManager.decrypt({
+              ciphertext: this.currentUMPToken.presentationKeyEncrypted,
+              protocolID,
+              keyID
+            })
+          ).plaintext
+        case 'recoveryKey':
+          return (
+            await this.rootPrivilegedKeyManager.decrypt({
+              ciphertext: this.currentUMPToken.recoveryKeyEncrypted,
+              protocolID,
+              keyID
+            })
+          ).plaintext
+        case 'privilegedKey': {
+          // This needs careful handling based on whether the ROOT or PROFILE key is needed.
+          // This helper is mostly used for UMP updates, which need the ROOT key.
+          // We retrieve the PrivateKey object first.
+          const pk = await (this.rootPrivilegedKeyManager as any).getPrivilegedKey('UMP token update', true) // Force retrieval of root key
+          return pk.toArray() // Return bytes
+        }
+        default:
+          throw new Error(`Unknown factor name: ${factorName}`)
+      }
+    } catch (error) {
+      console.error(`Error decrypting factor ${factorName}:`, error)
+      throw new Error(`Failed to decrypt factor "${factorName}": ${(error as Error).message}`)
+    }
+  }
+
+  /**
+   * Recomputes UMP token fields with updated factors and profiles, then publishes the update.
+   * This operation requires the *root* privileged key and the *default* profile wallet.
    */
   private async updateAuthFactors(
     passwordSalt: number[],
     passwordKey: number[],
     presentationKey: number[],
     recoveryKey: number[],
-    primaryKey: number[],
-    privilegedKey: number[]
+    rootPrimaryKey: number[],
+    rootPrivilegedKey: number[], // Explicitly pass the root key bytes
+    profiles?: Profile[] // Pass current/new profiles list
   ): Promise<void> {
-    if (!this.authenticated || !this.primaryKey || !this.currentUMPToken) {
-      throw new Error('Wallet is not properly authenticated or missing data.')
+    if (!this.authenticated || !this.rootPrimaryKey || !this.currentUMPToken) {
+      throw new Error('Wallet is not properly authenticated or missing data for update.')
+    }
+    // Ensure we have the OLD token to consume
+    const oldTokenToConsume = { ...this.currentUMPToken }
+    if (!oldTokenToConsume.currentOutpoint) {
+      throw new Error('Cannot update UMP token: Old token has no outpoint.')
     }
 
-    // Derive symmetrical encryption keys via XOR:
+    // Derive symmetrical encryption keys using XOR for the *root* keys
     const presentationPassword = new SymmetricKey(this.XOR(presentationKey, passwordKey))
     const presentationRecovery = new SymmetricKey(this.XOR(presentationKey, recoveryKey))
     const recoveryPassword = new SymmetricKey(this.XOR(recoveryKey, passwordKey))
-    const primaryPassword = new SymmetricKey(this.XOR(this.primaryKey, passwordKey))
-
-    // Build a temporary privileged key manager just to encrypt the new fields:
-    const tempPrivilegedKeyManager = new PrivilegedKeyManager(async () => new PrivateKey(privilegedKey))
+    const primaryPassword = new SymmetricKey(this.XOR(rootPrimaryKey, passwordKey)) // Use rootPrimaryKey
+
+    // Build a temporary privileged key manager using the explicit ROOT privileged key
+    const tempRootPrivilegedKeyManager = new PrivilegedKeyManager(async () => new PrivateKey(rootPrivilegedKey))
+
+    // Encrypt profiles if provided
+    let profilesEncrypted: number[] | undefined
+    if (profiles && profiles.length > 0) {
+      const profilesJson = JSON.stringify(profiles)
+      const profilesBytes = Utils.toArray(profilesJson, 'utf8')
+      profilesEncrypted = (
+        await tempRootPrivilegedKeyManager.encrypt({
+          plaintext: profilesBytes,
+          protocolID: [2, 'admin profile wrapping'], // Separate protocol for profiles
+          keyID: '1'
+        })
+      ).ciphertext
+    }
 
-    // Construct the new UMP token:
-    const newToken: UMPToken = {
+    // Construct the new UMP token data
+    const newTokenData: UMPToken = {
       passwordSalt,
-      passwordPresentationPrimary: presentationPassword.encrypt(this.primaryKey) as number[],
-      passwordRecoveryPrimary: recoveryPassword.encrypt(this.primaryKey) as number[],
-      presentationRecoveryPrimary: presentationRecovery.encrypt(this.primaryKey) as number[],
-      passwordPrimaryPrivileged: primaryPassword.encrypt(privilegedKey) as number[],
-      presentationRecoveryPrivileged: presentationRecovery.encrypt(privilegedKey) as number[],
+      passwordPresentationPrimary: presentationPassword.encrypt(rootPrimaryKey) as number[],
+      passwordRecoveryPrimary: recoveryPassword.encrypt(rootPrimaryKey) as number[],
+      presentationRecoveryPrimary: presentationRecovery.encrypt(rootPrimaryKey) as number[],
+      passwordPrimaryPrivileged: primaryPassword.encrypt(rootPrivilegedKey) as number[],
+      presentationRecoveryPrivileged: presentationRecovery.encrypt(rootPrivilegedKey) as number[],
       presentationHash: Hash.sha256(presentationKey),
       recoveryHash: Hash.sha256(recoveryKey),
       presentationKeyEncrypted: (
-        await tempPrivilegedKeyManager.encrypt({
+        await tempRootPrivilegedKeyManager.encrypt({
           plaintext: presentationKey,
           protocolID: [2, 'admin key wrapping'],
           keyID: '1'
         })
       ).ciphertext,
       passwordKeyEncrypted: (
-        await tempPrivilegedKeyManager.encrypt({
+        await tempRootPrivilegedKeyManager.encrypt({
           plaintext: passwordKey,
           protocolID: [2, 'admin key wrapping'],
           keyID: '1'
         })
       ).ciphertext,
       recoveryKeyEncrypted: (
-        await tempPrivilegedKeyManager.encrypt({
+        await tempRootPrivilegedKeyManager.encrypt({
           plaintext: recoveryKey,
           protocolID: [2, 'admin key wrapping'],
           keyID: '1'
         })
-      ).ciphertext
+      ).ciphertext,
+      profilesEncrypted // Add encrypted profiles
+      // currentOutpoint will be set after publishing
     }
 
-    // Publish the new token on-chain and consume the old one:
-    newToken.currentOutpoint = await this.UMPTokenInteractor.buildAndSend(
-      this.underlying!,
-      this.adminOriginator,
-      newToken,
-      this.currentUMPToken
-    )
-    this.currentUMPToken = newToken
-  }
+    // We need the wallet built for the DEFAULT profile to publish the UMP token.
+    // If the current active profile is not default, temporarily switch, publish, then switch back.
+    const currentActiveId = this.activeProfileId
+    let walletToUse: WalletInterface | undefined = this.underlying
 
-  /**
-   * A helper function to XOR two equal-length byte arrays.
-   *
-   * @param n1 The first byte array.
-   * @param n2 The second byte array.
-   * @returns A new byte array which is the element-wise XOR of the two inputs.
-   * @throws {Error} if the two arrays are not the same length.
-   */
-  private XOR(n1: number[], n2: number[]): number[] {
-    if (n1.length !== n2.length) {
-      throw new Error('lengths mismatch')
+    if (currentActiveId.every(x => x === 0)) {
+      console.log('Temporarily switching to default profile to update UMP token...')
+      await this.switchProfile(DEFAULT_PROFILE_ID) // This rebuilds this.underlying
+      walletToUse = this.underlying
     }
-    const r = new Array<number>(n1.length)
-    for (let i = 0; i < n1.length; i++) {
-      r[i] = n1[i] ^ n2[i]
+
+    if (!walletToUse) {
+      throw new Error('Default profile wallet could not be activated for UMP token update.')
+    }
+
+    // Publish the new token on-chain, consuming the old one
+    try {
+      newTokenData.currentOutpoint = await this.UMPTokenInteractor.buildAndSend(
+        walletToUse, // Use the (potentially temporarily activated) default profile wallet
+        this.adminOriginator,
+        newTokenData,
+        oldTokenToConsume // Consume the previous token
+      )
+      // Update the manager's state
+      this.currentUMPToken = newTokenData
+      // Profiles are already updated in this.profiles if they were passed in
+    } finally {
+      // Switch back if we temporarily switched
+      if (!currentActiveId.every(x => x === 0)) {
+        console.log('Switching back to original profile...')
+        await this.switchProfile(currentActiveId)
+      }
     }
-    return r
   }
 
   /**
-   * A helper function to serialize a UMP token to a binary format (version=1).
-   * The serialization layout is:
-   *   - [1 byte version (value=1)]
-   *   - For each array field in the UMP token, [varint length + bytes]
-   *   - Then [varint length + outpoint string in UTF-8]
-   *
-   * @param token The UMP token to serialize.
-   * @returns A byte array representing the serialized token.
-   * @throws {Error} if the token has no currentOutpoint (required for serialization).
+   * Serializes a UMP token to binary format (Version 2 with optional profiles).
+   * Layout: [1 byte version=2] + [11 * (varint len + bytes) for standard fields] + [1 byte profile_flag] + [IF flag=1 THEN varint len + profile bytes] + [varint len + outpoint bytes]
    */
   private serializeUMPToken(token: UMPToken): number[] {
     if (!token.currentOutpoint) {
@@ -1207,29 +1445,35 @@ export class CWIStyleWalletManager implements WalletInterface {
     }
 
     const writer = new Utils.Writer()
-    // Write version byte
-    writer.writeUInt8(1)
+    writer.writeUInt8(2) // Version 2
 
-    // Helper to write array with length prefix
     const writeArray = (arr: number[]) => {
       writer.writeVarIntNum(arr.length)
       writer.write(arr)
     }
 
-    // Write each array-based field in the order they appear on UMPToken
-    writeArray(token.passwordPresentationPrimary)
-    writeArray(token.passwordRecoveryPrimary)
-    writeArray(token.presentationRecoveryPrimary)
-    writeArray(token.passwordPrimaryPrivileged)
-    writeArray(token.presentationRecoveryPrivileged)
-    writeArray(token.presentationHash)
-    writeArray(token.passwordSalt)
-    writeArray(token.recoveryHash)
-    writeArray(token.presentationKeyEncrypted)
-    writeArray(token.recoveryKeyEncrypted)
-    writeArray(token.passwordKeyEncrypted)
-
-    // Finally, write the outpoint string:
+    // Write standard fields in specific order
+    writeArray(token.passwordSalt) // 0
+    writeArray(token.passwordPresentationPrimary) // 1
+    writeArray(token.passwordRecoveryPrimary) // 2
+    writeArray(token.presentationRecoveryPrimary) // 3
+    writeArray(token.passwordPrimaryPrivileged) // 4
+    writeArray(token.presentationRecoveryPrivileged) // 5
+    writeArray(token.presentationHash) // 6
+    writeArray(token.recoveryHash) // 7
+    writeArray(token.presentationKeyEncrypted) // 8
+    writeArray(token.passwordKeyEncrypted) // 9 - Swapped order vs original doc comment
+    writeArray(token.recoveryKeyEncrypted) // 10
+
+    // Write optional profiles field
+    if (token.profilesEncrypted && token.profilesEncrypted.length > 0) {
+      writer.writeUInt8(1) // Flag indicating profiles present
+      writeArray(token.profilesEncrypted)
+    } else {
+      writer.writeUInt8(0) // Flag indicating no profiles
+    }
+
+    // Write outpoint string
     const outpointBytes = Utils.toArray(token.currentOutpoint, 'utf8')
     writer.writeVarIntNum(outpointBytes.length)
     writer.write(outpointBytes)
@@ -1238,57 +1482,61 @@ export class CWIStyleWalletManager implements WalletInterface {
   }
 
   /**
-   * A helper function to deserialize a UMP token from the format described in `serializeUMPToken`.
-   *
-   * @param bin The serialized byte array.
-   * @returns The reconstructed UMP token.
-   * @throws {Error} if the version byte is unexpected or if parsing fails.
+   * Deserializes a UMP token from binary format (Handles Version 1 and 2).
    */
   private deserializeUMPToken(bin: number[]): UMPToken {
     const reader = new Utils.Reader(bin)
-
-    // Check version:
     const version = reader.readUInt8()
-    if (version !== 1) {
-      throw new Error(`Unsupported UMP token version: ${version}`)
+
+    if (version !== 1 && version !== 2) {
+      throw new Error(`Unsupported UMP token serialization version: ${version}`)
     }
 
-    // Helper to read an array with length prefix
     const readArray = (): number[] => {
       const length = reader.readVarIntNum()
       return reader.read(length)
     }
 
-    // Read in the correct order:
-    const passwordPresentationPrimary = readArray()
-    const passwordRecoveryPrimary = readArray()
-    const presentationRecoveryPrimary = readArray()
-    const passwordPrimaryPrivileged = readArray()
-    const presentationRecoveryPrivileged = readArray()
-    const presentationHash = readArray()
-    const passwordSalt = readArray()
-    const recoveryHash = readArray()
-    const presentationKeyEncrypted = readArray()
-    const recoveryKeyEncrypted = readArray()
-    const passwordKeyEncrypted = readArray()
-
-    // Read outpoint string:
+    // Read standard fields (order matches serialization V2)
+    const passwordSalt = readArray() // 0
+    const passwordPresentationPrimary = readArray() // 1
+    const passwordRecoveryPrimary = readArray() // 2
+    const presentationRecoveryPrimary = readArray() // 3
+    const passwordPrimaryPrivileged = readArray() // 4
+    const presentationRecoveryPrivileged = readArray() // 5
+    const presentationHash = readArray() // 6
+    const recoveryHash = readArray() // 7
+    const presentationKeyEncrypted = readArray() // 8
+    const passwordKeyEncrypted = readArray() // 9
+    const recoveryKeyEncrypted = readArray() // 10
+
+    // Read optional profiles (only in V2)
+    let profilesEncrypted: number[] | undefined
+    if (version === 2) {
+      const profilesFlag = reader.readUInt8()
+      if (profilesFlag === 1) {
+        profilesEncrypted = readArray()
+      }
+    }
+
+    // Read outpoint string
     const outpointLen = reader.readVarIntNum()
     const outpointBytes = reader.read(outpointLen)
     const currentOutpoint = Utils.toUTF8(outpointBytes)
 
     const token: UMPToken = {
+      passwordSalt,
       passwordPresentationPrimary,
       passwordRecoveryPrimary,
       presentationRecoveryPrimary,
       passwordPrimaryPrivileged,
       presentationRecoveryPrivileged,
       presentationHash,
-      passwordSalt,
       recoveryHash,
       presentationKeyEncrypted,
+      passwordKeyEncrypted, // Corrected order
       recoveryKeyEncrypted,
-      passwordKeyEncrypted,
+      profilesEncrypted, // May be undefined
       currentOutpoint
     }
 
@@ -1296,28 +1544,37 @@ export class CWIStyleWalletManager implements WalletInterface {
   }
 
   /**
-   * Builds the underlying wallet once the user is authenticated.
+   * Sets up the root key infrastructure after authentication or loading from snapshot.
+   * Initializes the root primary key, root privileged key manager, loads profiles,
+   * and sets the authenticated flag. Does NOT switch profile initially.
    *
-   * @param primaryKey      The user's primary key (32 bytes).
-   * @param privilegedKey   Optionally, a privileged key (for short-term usage in account recovery).
+   * @param rootPrimaryKey      The user's root primary key (32 bytes).
+   * @param ephemeralRootPrivilegedKey Optional root privileged key (e.g., during recovery flows).
    */
-  private async buildUnderlying(primaryKey: number[], privilegedKey?: number[]): Promise<void> {
+  private async setupRootInfrastructure(
+    rootPrimaryKey: number[],
+    ephemeralRootPrivilegedKey?: number[]
+  ): Promise<void> {
     if (!this.currentUMPToken) {
-      throw new Error('A UMP token must exist before building underlying wallet!')
+      throw new Error('A UMP token must exist before setting up root infrastructure!')
     }
+    this.rootPrimaryKey = rootPrimaryKey
 
-    this.primaryKey = primaryKey
+    // Store ephemeral key if provided, for one-time use by the manager
+    let oneTimePrivilegedKey: PrivateKey | undefined = ephemeralRootPrivilegedKey
+      ? new PrivateKey(ephemeralRootPrivilegedKey)
+      : undefined
 
-    // Create a privileged manager that either uses the ephemeral privilegedKey if provided,
-    // or derives it later from the user's password on demand.
-    const privilegedManager = new PrivilegedKeyManager(async (reason: string) => {
-      if (privilegedKey) {
-        // For account recovery: a one-off opportunity to recover.
-        const tempKey = new PrivateKey(privilegedKey)
-        privilegedKey = undefined
+    // Create the ROOT PrivilegedKeyManager
+    this.rootPrivilegedKeyManager = new PrivilegedKeyManager(async (reason: string) => {
+      // 1. Use one-time key if available (for recovery)
+      if (oneTimePrivilegedKey) {
+        const tempKey = oneTimePrivilegedKey
+        oneTimePrivilegedKey = undefined // Consume it
         return tempKey
       }
-      // Otherwise, ask user for their password to decrypt the privileged key.
+
+      // 2. Otherwise, derive from password
       const password = await this.passwordRetriever(reason, (passwordCandidate: string) => {
         try {
           const derivedPasswordKey = Hash.pbkdf2(
@@ -1327,19 +1584,17 @@ export class CWIStyleWalletManager implements WalletInterface {
             32,
             'sha512'
           )
-          // Decrypt the privileged key with XOR(primaryKey, derivedPasswordKey).
-          const privilegedDecryptor = this.XOR(this.primaryKey!, derivedPasswordKey)
+          const privilegedDecryptor = this.XOR(this.rootPrimaryKey!, derivedPasswordKey)
           const decryptedPrivileged = new SymmetricKey(privilegedDecryptor).decrypt(
             this.currentUMPToken!.passwordPrimaryPrivileged
           ) as number[]
-          if (decryptedPrivileged) {
-            return true
-          }
-          return false
+          return !!decryptedPrivileged // Test passes if decryption works
         } catch (e) {
           return false
         }
       })
+
+      // Decrypt the root privileged key using the confirmed password
       const derivedPasswordKey = Hash.pbkdf2(
         Utils.toArray(password, 'utf8'),
         this.currentUMPToken!.passwordSalt,
@@ -1347,39 +1602,67 @@ export class CWIStyleWalletManager implements WalletInterface {
         32,
         'sha512'
       )
-      // Decrypt the privileged key with XOR(primaryKey, derivedPasswordKey).
-      const privilegedDecryptor = this.XOR(this.primaryKey!, derivedPasswordKey)
-      const decryptedPrivileged = new SymmetricKey(privilegedDecryptor).decrypt(
+      const privilegedDecryptor = this.XOR(this.rootPrimaryKey!, derivedPasswordKey)
+      const rootPrivilegedBytes = new SymmetricKey(privilegedDecryptor).decrypt(
         this.currentUMPToken!.passwordPrimaryPrivileged
       ) as number[]
-      return new PrivateKey(decryptedPrivileged)
-    })
 
-    this.underlyingPrivilegedKeyManager = privilegedManager
+      return new PrivateKey(rootPrivilegedBytes) // Return the ROOT key object
+    })
 
-    // Build the underlying wallet with the primary key and privileged manager.
-    this.underlying = await this.walletBuilder(primaryKey, privilegedManager)
+    // Decrypt and load profiles if present in the token
+    this.profiles = [] // Clear existing profiles before loading
+    if (this.currentUMPToken.profilesEncrypted && this.currentUMPToken.profilesEncrypted.length > 0) {
+      try {
+        const decryptedProfileBytes = (
+          await this.rootPrivilegedKeyManager.decrypt({
+            ciphertext: this.currentUMPToken.profilesEncrypted,
+            protocolID: [2, 'admin profile wrapping'], // Use profile protocol ID
+            keyID: '1'
+          })
+        ).plaintext
+        const profilesJson = Utils.toUTF8(decryptedProfileBytes)
+        this.profiles = JSON.parse(profilesJson) as Profile[]
+      } catch (error) {
+        console.error('Failed to decrypt or parse profiles:', error)
+        // Decide if this should be fatal or just log and continue without profiles
+        this.profiles = [] // Ensure profiles are empty on error
+        // Optionally re-throw or handle more gracefully
+        throw new Error(`Failed to load profiles: ${(error as Error).message}`)
+      }
+    }
 
     this.authenticated = true
+    // Note: We don't call switchProfile here anymore.
+    // It's called by the auth methods (providePassword/provideRecoveryKey) or loadSnapshot after this.
   }
 
   /*
    * ---------------------------------------------------------------------------------------
-   * Below are the standard WalletInterface methods that simply proxy through to this.underlying,
-   * ensuring that the user is authenticated and that the admin originator is not misused.
+   * Standard WalletInterface methods proxying to the *active* underlying wallet.
+   * Includes authentication checks and admin originator protection.
    * ---------------------------------------------------------------------------------------
    */
 
-  async getPublicKey(
-    args: GetPublicKeyArgs,
-    originator?: OriginatorDomainNameStringUnder250Bytes
-  ): Promise<GetPublicKeyResult> {
+  private checkAuthAndUnderlying(originator?: string): void {
     if (!this.authenticated) {
       throw new Error('User is not authenticated.')
     }
+    if (!this.underlying) {
+      // This might happen if authentication succeeded but profile switching failed
+      throw new Error('Underlying wallet for the active profile is not initialized.')
+    }
     if (originator === this.adminOriginator) {
       throw new Error('External applications are not allowed to use the admin originator.')
     }
+  }
+
+  // Example proxy method (repeat pattern for all others)
+  async getPublicKey(
+    args: GetPublicKeyArgs,
+    originator?: OriginatorDomainNameStringUnder250Bytes
+  ): Promise<GetPublicKeyResult> {
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.getPublicKey(args, originator)
   }
 
@@ -1387,12 +1670,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: RevealCounterpartyKeyLinkageArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<RevealCounterpartyKeyLinkageResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.revealCounterpartyKeyLinkage(args, originator)
   }
 
@@ -1400,12 +1678,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: RevealSpecificKeyLinkageArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<RevealSpecificKeyLinkageResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.revealSpecificKeyLinkage(args, originator)
   }
 
@@ -1413,12 +1686,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: WalletEncryptArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<WalletEncryptResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.encrypt(args, originator)
   }
 
@@ -1426,12 +1694,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: WalletDecryptArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<WalletDecryptResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.decrypt(args, originator)
   }
 
@@ -1439,12 +1702,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: CreateHmacArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<CreateHmacResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.createHmac(args, originator)
   }
 
@@ -1452,12 +1710,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: VerifyHmacArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<VerifyHmacResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.verifyHmac(args, originator)
   }
 
@@ -1465,12 +1718,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: CreateSignatureArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<CreateSignatureResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.createSignature(args, originator)
   }
 
@@ -1478,12 +1726,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: VerifySignatureArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<VerifySignatureResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.verifySignature(args, originator)
   }
 
@@ -1491,12 +1734,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: CreateActionArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<CreateActionResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.createAction(args, originator)
   }
 
@@ -1504,12 +1742,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: SignActionArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<SignActionResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.signAction(args, originator)
   }
 
@@ -1517,12 +1750,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: AbortActionArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<AbortActionResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.abortAction(args, originator)
   }
 
@@ -1530,12 +1758,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: ListActionsArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<ListActionsResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.listActions(args, originator)
   }
 
@@ -1543,12 +1766,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: InternalizeActionArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<InternalizeActionResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.internalizeAction(args, originator)
   }
 
@@ -1556,12 +1774,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: ListOutputsArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<ListOutputsResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.listOutputs(args, originator)
   }
 
@@ -1569,12 +1782,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: RelinquishOutputArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<RelinquishOutputResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.relinquishOutput(args, originator)
   }
 
@@ -1582,12 +1790,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: AcquireCertificateArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<AcquireCertificateResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.acquireCertificate(args, originator)
   }
 
@@ -1595,12 +1798,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: ListCertificatesArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<ListCertificatesResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.listCertificates(args, originator)
   }
 
@@ -1608,12 +1806,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: ProveCertificateArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<ProveCertificateResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.proveCertificate(args, originator)
   }
 
@@ -1621,12 +1814,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: RelinquishCertificateArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<RelinquishCertificateResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.relinquishCertificate(args, originator)
   }
 
@@ -1634,12 +1822,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: DiscoverByIdentityKeyArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<DiscoverCertificatesResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.discoverByIdentityKey(args, originator)
   }
 
@@ -1647,12 +1830,7 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: DiscoverByAttributesArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<DiscoverCertificatesResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.discoverByAttributes(args, originator)
   }
 
@@ -1673,19 +1851,14 @@ export class CWIStyleWalletManager implements WalletInterface {
     if (originator === this.adminOriginator) {
       throw new Error('External applications are not allowed to use the admin originator.')
     }
-    while (!this.authenticated) {
+    while (!this.authenticated || !this.underlying) {
       await new Promise(resolve => setTimeout(resolve, 100))
     }
     return { authenticated: true }
   }
 
   async getHeight(_: {}, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<GetHeightResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.getHeight({}, originator)
   }
 
@@ -1693,32 +1866,17 @@ export class CWIStyleWalletManager implements WalletInterface {
     args: GetHeaderArgs,
     originator?: OriginatorDomainNameStringUnder250Bytes
   ): Promise<GetHeaderResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.getHeaderForHeight(args, originator)
   }
 
   async getNetwork(_: {}, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<GetNetworkResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.getNetwork({}, originator)
   }
 
   async getVersion(_: {}, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<GetVersionResult> {
-    if (!this.authenticated) {
-      throw new Error('User is not authenticated.')
-    }
-    if (originator === this.adminOriginator) {
-      throw new Error('External applications are not allowed to use the admin originator.')
-    }
+    this.checkAuthAndUnderlying(originator)
     return this.underlying!.getVersion({}, originator)
   }
 }