@canton-network/core-wallet-store-sql 0.1.0

package/README.md

@@ -0,0 +1 @@
+# wallet-store

package/dist/cli.d.ts

@@ -0,0 +1,4 @@
+import { Command } from 'commander';
+import type { StoreConfig } from '@canton-network/core-wallet-store';
+export declare function createCLI(config: StoreConfig): Command;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAGnC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAKpE,wBAAgB,SAAS,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAuEtD"}

package/dist/cli.js

@@ -0,0 +1,64 @@
+import { Command } from 'commander';
+import { connection, StoreSql } from './store-sql.js';
+import { migrator } from './migrator.js';
+import { pino } from 'pino';
+const logger = pino({ name: 'main', level: 'debug' });
+export function createCLI(config) {
+    console.log('Wallet Store Sql CLI');
+    const program = new Command();
+    program
+        .command('up')
+        .description('Run all pending migrations')
+        .action(async () => {
+        const db = connection(config);
+        const umzug = migrator(db);
+        await umzug.up();
+        await db.destroy();
+    });
+    program
+        .command('down')
+        .description('Rollback last migration')
+        .action(async () => {
+        const db = connection(config);
+        const umzug = migrator(db);
+        await umzug.down();
+        await db.destroy();
+    });
+    program
+        .command('status')
+        .description('Show executed and pending migrations')
+        .action(async () => {
+        const db = connection(config);
+        const umzug = migrator(db);
+        const executed = await umzug.executed();
+        const pending = await umzug.pending();
+        console.log('Executed migrations:', executed);
+        console.log('Pending migrations:', pending);
+        await db.destroy();
+    });
+    program
+        .command('reset')
+        .description('Rollback all migrations and reapply them')
+        .action(async () => {
+        const db = connection(config);
+        const umzug = migrator(db);
+        const executed = await umzug.executed();
+        // Rollback all executed migrations in reverse order
+        for (const migration of executed.reverse()) {
+            await umzug.down({ to: migration.name });
+        }
+        // Reapply all migrations
+        await umzug.up();
+        await db.destroy();
+    });
+    program
+        .command('bootstrap')
+        .description('Bootstrap DB from config')
+        .action(async () => {
+        const db = connection(config);
+        const store = new StoreSql(db, logger);
+        await Promise.all(config.networks.map((network) => store.addNetwork(network)));
+        await db.destroy();
+    });
+    return program;
+}

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export * from './store-sql.js';
+export * from './migrator.js';
+export * from './cli.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAA;AAC9B,cAAc,eAAe,CAAA;AAC7B,cAAc,UAAU,CAAA"}

package/dist/index.js

@@ -0,0 +1,3 @@
+export * from './store-sql.js';
+export * from './migrator.js';
+export * from './cli.js';

package/dist/migrator.d.ts

@@ -0,0 +1,5 @@
+import { Umzug } from 'umzug';
+import { Kysely } from 'kysely';
+import { DB } from './schema';
+export declare const migrator: (db: Kysely<DB>) => Umzug<Kysely<DB>>;
+//# sourceMappingURL=migrator.d.ts.map

package/dist/migrator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migrator.d.ts","sourceRoot":"","sources":["../src/migrator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAA+B,MAAM,OAAO,CAAA;AAC1D,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,EAAE,EAAE,EAAE,MAAM,UAAU,CAAA;AAwC7B,eAAO,MAAM,QAAQ,GAAI,IAAI,MAAM,CAAC,EAAE,CAAC,sBA0BtC,CAAA"}

package/dist/migrator.js

@@ -0,0 +1,64 @@
+import { Umzug } from 'umzug';
+class KyselyStorage {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    async ensureTable() {
+        await this.db.schema
+            .createTable('migrations')
+            .ifNotExists()
+            .addColumn('name', 'text', (col) => col.primaryKey())
+            .addColumn('executedAt', 'text', (col) => col.notNull())
+            .execute();
+    }
+    async executed() {
+        await this.ensureTable();
+        const rows = await this.db
+            .selectFrom('migrations')
+            .select('name')
+            .execute();
+        return rows.map((r) => r.name);
+    }
+    async logMigration({ name }) {
+        await this.ensureTable();
+        await this.db
+            .insertInto('migrations')
+            .values({ name, executedAt: new Date().toISOString() })
+            .execute();
+    }
+    async unlogMigration({ name }) {
+        await this.ensureTable();
+        await this.db
+            .deleteFrom('migrations')
+            .where('name', '=', name)
+            .execute();
+    }
+}
+export const migrator = (db) => {
+    const ext = import.meta.url.endsWith('.ts') ? 'ts' : 'js';
+    const glob = new URL(`./migrations/*.${ext}`, import.meta.url).pathname;
+    return new Umzug({
+        migrations: {
+            glob: glob,
+            resolve: ({ name, path, context }) => {
+                // Dynamic import for ESM
+                return {
+                    name,
+                    up: async () => {
+                        console.log(path);
+                        const { up } = await import(path);
+                        return up(context);
+                    },
+                    down: async () => {
+                        const { down } = await import(path);
+                        return down(context);
+                    },
+                };
+            },
+        },
+        context: db,
+        storage: new KyselyStorage(db),
+        logger: console,
+    });
+};

package/dist/schema.d.ts

@@ -0,0 +1,69 @@
+import { UserId } from '@canton-network/core-wallet-auth';
+import { Wallet, Transaction, Session, Auth, Network } from '@canton-network/core-wallet-store';
+interface MigrationTable {
+    name: string;
+    executedAt: string;
+}
+interface IdpTable {
+    identityProviderId: string;
+    type: string;
+    issuer: string;
+    configUrl: string;
+    audience: string;
+    tokenUrl: string;
+    grantType: string;
+    scope: string;
+    clientId: string;
+    clientSecret: string;
+    adminClientId: string;
+    adminClientSecret: string;
+}
+interface NetworkTable {
+    name: string;
+    chainId: string;
+    synchronizerId: string;
+    description: string;
+    ledgerApiBaseUrl: string;
+    ledgerApiAdminGrpcUrl: string;
+    userId: UserId | undefined;
+    identityProviderId: string;
+}
+interface WalletTable {
+    primary: number;
+    partyId: string;
+    hint: string;
+    publicKey: string;
+    namespace: string;
+    chainId: string;
+    signingProviderId: string;
+    userId: UserId;
+}
+interface TransactionTable {
+    status: string;
+    commandId: string;
+    preparedTransaction: string;
+    preparedTransactionHash: string;
+    payload: string | undefined;
+    userId: UserId;
+}
+interface SessionTable extends Session {
+    userId: UserId;
+}
+export interface DB {
+    migrations: MigrationTable;
+    idps: IdpTable;
+    networks: NetworkTable;
+    wallets: WalletTable;
+    transactions: TransactionTable;
+    sessions: SessionTable;
+}
+export declare const toAuth: (table: IdpTable) => Auth;
+export declare const fromAuth: (auth: Auth) => IdpTable;
+export declare const toNetwork: (table: NetworkTable, authTable?: IdpTable) => Network;
+export declare const fromNetwork: (network: Network, userId?: UserId) => NetworkTable;
+export declare const fromWallet: (wallet: Wallet, userId: UserId) => WalletTable;
+export declare const toWallet: (table: WalletTable) => Wallet;
+export declare const fromTransaction: (transaction: Transaction, userId: UserId) => TransactionTable;
+export declare const toTransaction: (table: TransactionTable) => Transaction;
+export {};
+//# sourceMappingURL=schema.d.ts.map

package/dist/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kCAAkC,CAAA;AACzD,OAAO,EACH,MAAM,EACN,WAAW,EACX,OAAO,EACP,IAAI,EACJ,OAAO,EACV,MAAM,mCAAmC,CAAA;AAE1C,UAAU,cAAc;IACpB,IAAI,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,MAAM,CAAA;CACrB;AAED,UAAU,QAAQ;IACd,kBAAkB,EAAE,MAAM,CAAA;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,aAAa,EAAE,MAAM,CAAA;IACrB,iBAAiB,EAAE,MAAM,CAAA;CAC5B;AAED,UAAU,YAAY;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,cAAc,EAAE,MAAM,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;IACnB,gBAAgB,EAAE,MAAM,CAAA;IACxB,qBAAqB,EAAE,MAAM,CAAA;IAC7B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,kBAAkB,EAAE,MAAM,CAAA;CAC7B;AAED,UAAU,WAAW;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,iBAAiB,EAAE,MAAM,CAAA;IACzB,MAAM,EAAE,MAAM,CAAA;CACjB;AAED,UAAU,gBAAgB;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;IACjB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,MAAM,EAAE,MAAM,CAAA;CACjB;AAED,UAAU,YAAa,SAAQ,OAAO;IAClC,MAAM,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,EAAE;IACf,UAAU,EAAE,cAAc,CAAA;IAC1B,IAAI,EAAE,QAAQ,CAAA;IACd,QAAQ,EAAE,YAAY,CAAA;IACtB,OAAO,EAAE,WAAW,CAAA;IACpB,YAAY,EAAE,gBAAgB,CAAA;IAC9B,QAAQ,EAAE,YAAY,CAAA;CACzB;AAED,eAAO,MAAM,MAAM,GAAI,OAAO,QAAQ,KAAG,IAkDxC,CAAA;AAED,eAAO,MAAM,QAAQ,GAAI,MAAM,IAAI,KAAG,QAkDrC,CAAA;AAED,eAAO,MAAM,SAAS,GAClB,OAAO,YAAY,EACnB,YAAY,QAAQ,KACrB,OAeF,CAAA;AAED,eAAO,MAAM,WAAW,GACpB,SAAS,OAAO,EAChB,SAAS,MAAM,KAChB,YAWF,CAAA;AAED,eAAO,MAAM,UAAU,GAAI,QAAQ,MAAM,EAAE,QAAQ,MAAM,KAAG,WAM3D,CAAA;AAED,eAAO,MAAM,QAAQ,GAAI,OAAO,WAAW,KAAG,MAK7C,CAAA;AAED,eAAO,MAAM,eAAe,GACxB,aAAa,WAAW,EACxB,QAAQ,MAAM,KACf,gBAQF,CAAA;AAED,eAAO,MAAM,aAAa,GAAI,OAAO,gBAAgB,KAAG,WAMvD,CAAA"}

package/dist/schema.js

@@ -0,0 +1,159 @@
+export const toAuth = (table) => {
+    switch (table.type) {
+        case 'password':
+            return {
+                identityProviderId: table.identityProviderId,
+                type: table.type,
+                issuer: table.issuer,
+                configUrl: table.configUrl,
+                audience: table.audience,
+                tokenUrl: table.tokenUrl || '',
+                grantType: table.grantType || '',
+                scope: table.scope,
+                clientId: table.clientId,
+                admin: {
+                    clientId: table.adminClientId,
+                    clientSecret: table.adminClientSecret,
+                },
+            };
+        case 'implicit':
+            return {
+                identityProviderId: table.identityProviderId,
+                type: table.type,
+                issuer: table.issuer,
+                configUrl: table.configUrl,
+                audience: table.audience,
+                scope: table.scope,
+                clientId: table.clientId,
+                admin: {
+                    clientId: table.adminClientId,
+                    clientSecret: table.adminClientSecret,
+                },
+            };
+        case 'client_credentials':
+            return {
+                identityProviderId: table.identityProviderId,
+                type: table.type,
+                issuer: table.issuer,
+                configUrl: table.configUrl,
+                audience: table.audience,
+                scope: table.scope,
+                clientId: table.clientId,
+                clientSecret: table.clientSecret,
+                admin: {
+                    clientId: table.adminClientId,
+                    clientSecret: table.adminClientSecret,
+                },
+            };
+        default:
+            throw new Error(`Unknown auth type: ${table.type}`);
+    }
+};
+export const fromAuth = (auth) => {
+    switch (auth.type) {
+        case 'password':
+            return {
+                identityProviderId: auth.identityProviderId,
+                type: auth.type,
+                issuer: auth.issuer,
+                configUrl: auth.configUrl,
+                audience: auth.audience,
+                tokenUrl: auth.tokenUrl,
+                grantType: auth.grantType,
+                scope: auth.scope,
+                clientId: auth.clientId,
+                clientSecret: '',
+                adminClientId: auth.admin?.clientId || '',
+                adminClientSecret: auth.admin?.clientSecret || '',
+            };
+        case 'implicit':
+            return {
+                identityProviderId: auth.identityProviderId,
+                type: auth.type,
+                issuer: auth.issuer,
+                configUrl: auth.configUrl,
+                audience: auth.audience,
+                tokenUrl: '',
+                grantType: '',
+                scope: auth.scope,
+                clientId: auth.clientId,
+                clientSecret: '',
+                adminClientId: auth.admin?.clientId || '',
+                adminClientSecret: auth.admin?.clientSecret || '',
+            };
+        case 'client_credentials':
+            return {
+                identityProviderId: auth.identityProviderId,
+                type: auth.type,
+                issuer: auth.issuer,
+                configUrl: auth.configUrl,
+                audience: auth.audience,
+                tokenUrl: '',
+                grantType: '',
+                scope: auth.scope,
+                clientId: auth.clientId,
+                clientSecret: auth.clientSecret,
+                adminClientId: auth.admin?.clientId || '',
+                adminClientSecret: auth.admin?.clientSecret || '',
+            };
+        default:
+            throw new Error(`Unknown auth type`);
+    }
+};
+export const toNetwork = (table, authTable) => {
+    if (!authTable) {
+        throw new Error(`Missing auth table for network: ${table.name}`);
+    }
+    return {
+        name: table.name,
+        chainId: table.chainId,
+        synchronizerId: table.synchronizerId,
+        description: table.description,
+        ledgerApi: {
+            baseUrl: table.ledgerApiBaseUrl,
+            adminGrpcUrl: table.ledgerApiAdminGrpcUrl,
+        },
+        auth: toAuth(authTable),
+    };
+};
+export const fromNetwork = (network, userId) => {
+    return {
+        name: network.name,
+        chainId: network.chainId,
+        synchronizerId: network.synchronizerId,
+        description: network.description,
+        ledgerApiBaseUrl: network.ledgerApi.baseUrl,
+        ledgerApiAdminGrpcUrl: network.ledgerApi.adminGrpcUrl,
+        userId: userId,
+        identityProviderId: network.auth.identityProviderId,
+    };
+};
+export const fromWallet = (wallet, userId) => {
+    return {
+        ...wallet,
+        primary: wallet.primary ? 1 : 0,
+        userId: userId,
+    };
+};
+export const toWallet = (table) => {
+    return {
+        ...table,
+        primary: table.primary === 1,
+    };
+};
+export const fromTransaction = (transaction, userId) => {
+    return {
+        ...transaction,
+        payload: transaction.payload
+            ? JSON.stringify(transaction.payload)
+            : undefined,
+        userId: userId,
+    };
+};
+export const toTransaction = (table) => {
+    return {
+        ...table,
+        status: table.status,
+        payload: table.payload ? JSON.parse(table.payload) : undefined,
+    };
+};

package/dist/store-sql.d.ts

@@ -0,0 +1,30 @@
+import { Logger } from 'pino';
+import { AuthContext, AuthAware } from '@canton-network/core-wallet-auth';
+import { Store as BaseStore, Wallet, PartyId, Session, WalletFilter, Transaction, Network, StoreConfig } from '@canton-network/core-wallet-store';
+import { Kysely } from 'kysely';
+import { DB } from './schema.js';
+export declare class StoreSql implements BaseStore, AuthAware<StoreSql> {
+    private db;
+    private logger;
+    authContext: AuthContext | undefined;
+    constructor(db: Kysely<DB>, logger: Logger, authContext?: AuthContext);
+    withAuthContext(context?: AuthContext): StoreSql;
+    private assertConnected;
+    getWallets(filter?: WalletFilter): Promise<Array<Wallet>>;
+    getPrimaryWallet(): Promise<Wallet | undefined>;
+    setPrimaryWallet(partyId: PartyId): Promise<void>;
+    addWallet(wallet: Wallet): Promise<void>;
+    getSession(): Promise<Session | undefined>;
+    setSession(session: Session): Promise<void>;
+    removeSession(): Promise<void>;
+    getNetwork(chainId: string): Promise<Network>;
+    getCurrentNetwork(): Promise<Network>;
+    listNetworks(): Promise<Array<Network>>;
+    updateNetwork(network: Network): Promise<void>;
+    addNetwork(network: Network): Promise<void>;
+    removeNetwork(chainId: string): Promise<void>;
+    setTransaction(transaction: Transaction): Promise<void>;
+    getTransaction(commandId: string): Promise<Transaction | undefined>;
+}
+export declare const connection: (config: StoreConfig) => Kysely<DB>;
+//# sourceMappingURL=store-sql.d.ts.map

package/dist/store-sql.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store-sql.d.ts","sourceRoot":"","sources":["../src/store-sql.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAC7B,OAAO,EACH,WAAW,EAEX,SAAS,EACZ,MAAM,kCAAkC,CAAA;AACzC,OAAO,EACH,KAAK,IAAI,SAAS,EAClB,MAAM,EACN,OAAO,EACP,OAAO,EACP,YAAY,EACZ,WAAW,EACX,OAAO,EACP,WAAW,EACd,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAmB,MAAM,EAAiB,MAAM,QAAQ,CAAA;AAE/D,OAAO,EACH,EAAE,EAQL,MAAM,aAAa,CAAA;AAEpB,qBAAa,QAAS,YAAW,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC;IAIvD,OAAO,CAAC,EAAE;IACV,OAAO,CAAC,MAAM;IAJlB,WAAW,EAAE,WAAW,GAAG,SAAS,CAAA;gBAGxB,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,EACd,MAAM,EAAE,MAAM,EACtB,WAAW,CAAC,EAAE,WAAW;IAQ7B,eAAe,CAAC,OAAO,CAAC,EAAE,WAAW,GAAG,QAAQ;IAIhD,OAAO,CAAC,eAAe;IASjB,UAAU,CAAC,MAAM,GAAE,YAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IA2B7D,gBAAgB,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAK/C,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAwBjD,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAqCxC,UAAU,IAAI,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC;IAQ1C,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAc3C,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAS9B,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW7C,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC;IAkBrC,YAAY,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAuBvC,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAqB9C,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAuB3C,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA4B7C,cAAc,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBvD,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;CAc5E;AAED,eAAO,MAAM,UAAU,GAAI,QAAQ,WAAW,eAqB7C,CAAA"}

package/dist/store-sql.js

@@ -0,0 +1,287 @@
+import { CamelCasePlugin, Kysely, SqliteDialect } from 'kysely';
+import Database from 'better-sqlite3';
+import { fromAuth, fromNetwork, fromTransaction, fromWallet, toNetwork, toTransaction, toWallet, } from './schema.js';
+export class StoreSql {
+    db;
+    logger;
+    authContext;
+    constructor(db, logger, authContext) {
+        this.db = db;
+        this.logger = logger;
+        this.logger = logger.child({ component: 'StoreInternal' });
+        this.authContext = authContext;
+        // this.syncWallets()
+    }
+    withAuthContext(context) {
+        return new StoreSql(this.db, this.logger, context);
+    }
+    assertConnected() {
+        if (!this.authContext) {
+            throw new Error('User is not connected');
+        }
+        return this.authContext.userId;
+    }
+    // Wallet methods
+    async getWallets(filter = {}) {
+        const userId = this.assertConnected();
+        const { chainIds, signingProviderIds } = filter;
+        const chainIdSet = chainIds ? new Set(chainIds) : null;
+        const signingProviderIdSet = signingProviderIds
+            ? new Set(signingProviderIds)
+            : null;
+        const wallets = await this.db
+            .selectFrom('wallets')
+            .selectAll()
+            .where('userId', '=', userId)
+            .execute();
+        return wallets
+            .filter((wallet) => {
+            const matchedChainIds = chainIdSet
+                ? chainIdSet.has(wallet.chainId)
+                : true;
+            const matchedStorageProviderIdS = signingProviderIdSet
+                ? signingProviderIdSet.has(wallet.signingProviderId)
+                : true;
+            return matchedChainIds && matchedStorageProviderIdS;
+        })
+            .map((table) => toWallet(table));
+    }
+    async getPrimaryWallet() {
+        const wallets = await this.getWallets();
+        return wallets.find((w) => w.primary === true);
+    }
+    async setPrimaryWallet(partyId) {
+        const wallets = await this.getWallets();
+        if (!wallets.some((w) => w.partyId === partyId)) {
+            throw new Error(`Wallet with partyId "${partyId}" not found`);
+        }
+        const primary = wallets.find((w) => w.primary === true);
+        await this.db.transaction().execute(async (trx) => {
+            if (primary) {
+                await trx
+                    .updateTable('wallets')
+                    .set({ primary: 0 })
+                    .where('partyId', '=', primary.partyId)
+                    .execute();
+            }
+            await trx
+                .updateTable('wallets')
+                .set({ primary: 1 })
+                .where('partyId', '=', partyId)
+                .execute();
+        });
+    }
+    async addWallet(wallet) {
+        const userId = this.assertConnected();
+        const wallets = await this.getWallets();
+        if (wallets.some((w) => w.partyId === wallet.partyId)) {
+            throw new Error(`Wallet with partyId "${wallet.partyId}" already exists`);
+        }
+        if (wallets.length === 0) {
+            // If this is the first wallet, set it as primary automatically
+            wallet.primary = true;
+        }
+        await this.db.transaction().execute(async (trx) => {
+            if (wallet.primary) {
+                // If the new wallet is primary, set all others to non-primary
+                await trx
+                    .updateTable('wallets')
+                    .set({ primary: 0 })
+                    .where((eb) => eb.and([
+                    eb('primary', '=', 1),
+                    eb('userId', '=', userId),
+                ]))
+                    .execute();
+            }
+            await trx
+                .insertInto('wallets')
+                .values(fromWallet(wallet, userId))
+                .execute();
+        });
+    }
+    // Session methods
+    async getSession() {
+        const sessions = await this.db
+            .selectFrom('sessions')
+            .selectAll()
+            .executeTakeFirst();
+        return sessions;
+    }
+    async setSession(session) {
+        const userId = this.assertConnected();
+        await this.db.transaction().execute(async (trx) => {
+            await trx
+                .deleteFrom('sessions')
+                .where('userId', '=', userId)
+                .execute();
+            await trx
+                .insertInto('sessions')
+                .values({ ...session, userId })
+                .execute();
+        });
+    }
+    async removeSession() {
+        const userId = this.assertConnected();
+        await this.db
+            .deleteFrom('sessions')
+            .where('userId', '=', userId)
+            .execute();
+    }
+    // Network methods
+    async getNetwork(chainId) {
+        this.assertConnected();
+        const networks = await this.listNetworks();
+        if (!networks)
+            throw new Error('No networks available');
+        const network = networks.find((n) => n.chainId === chainId);
+        if (!network)
+            throw new Error(`Network "${chainId}" not found`);
+        return network;
+    }
+    async getCurrentNetwork() {
+        const session = await this.getSession();
+        if (!session) {
+            throw new Error('No session found');
+        }
+        const chainId = session.network;
+        if (!chainId) {
+            throw new Error('No current network set in session');
+        }
+        const networks = await this.listNetworks();
+        const network = networks.find((n) => n.chainId === chainId);
+        if (!network) {
+            throw new Error(`Network "${chainId}" not found`);
+        }
+        return network;
+    }
+    async listNetworks() {
+        let query = this.db.selectFrom('networks').selectAll();
+        if (this.authContext) {
+            const userId = this.assertConnected();
+            query = query.where((eb) => eb.or([
+                eb('userId', 'is', null), // Global networks
+                eb('userId', '=', userId), // User-specific networks
+            ]));
+        }
+        else {
+            query = query.where('userId', 'is', null); // Only global networks
+        }
+        const networks = await query.execute();
+        const idps = await this.db.selectFrom('idps').selectAll().execute();
+        const idpMap = new Map(idps.map((idp) => [idp.identityProviderId, idp]));
+        return networks.map((table) => toNetwork(table, idpMap.get(table.identityProviderId)));
+    }
+    async updateNetwork(network) {
+        const userId = this.assertConnected();
+        // todo: check and compare userid of existing network
+        await this.db.transaction().execute(async (trx) => {
+            await trx
+                .updateTable('networks')
+                .set(fromNetwork(network, userId))
+                .where('chainId', '=', network.chainId)
+                .execute();
+            await trx
+                .updateTable('idps')
+                .set(fromAuth(network.auth))
+                .where('identityProviderId', '=', network.auth.identityProviderId)
+                .execute();
+        });
+    }
+    async addNetwork(network) {
+        const userId = this.authContext?.userId;
+        await this.db.transaction().execute(async (trx) => {
+            const networkAlreadyExists = await trx
+                .selectFrom('networks')
+                .selectAll()
+                .where('chainId', '=', network.chainId)
+                .executeTakeFirst();
+            if (networkAlreadyExists) {
+                throw new Error(`Network ${network.chainId} already exists`);
+            }
+            else {
+                await trx
+                    .insertInto('idps')
+                    .values(fromAuth(network.auth))
+                    .execute();
+                await trx
+                    .insertInto('networks')
+                    .values(fromNetwork(network, userId))
+                    .execute();
+            }
+        });
+    }
+    async removeNetwork(chainId) {
+        const userId = this.assertConnected();
+        await this.db.transaction().execute(async (trx) => {
+            const network = await trx
+                .selectFrom('networks')
+                .selectAll()
+                .where('chainId', '=', chainId)
+                .executeTakeFirst();
+            if (!network) {
+                throw new Error(`Network ${chainId} does not exists`);
+            }
+            if (network.userId !== userId) {
+                throw new Error(`Network ${chainId} is not owned by user ${userId}`);
+            }
+            await trx
+                .deleteFrom('networks')
+                .where('chainId', '=', chainId)
+                .execute();
+            await trx
+                .deleteFrom('idps')
+                .where('identityProviderId', '=', network.identityProviderId)
+                .execute();
+        });
+    }
+    // Transaction methods
+    async setTransaction(transaction) {
+        const userId = this.assertConnected();
+        const existing = await this.getTransaction(transaction.commandId);
+        if (existing) {
+            await this.db
+                .updateTable('transactions')
+                .set(fromTransaction(transaction, userId))
+                .where('commandId', '=', transaction.commandId)
+                .execute();
+        }
+        else {
+            await this.db
+                .insertInto('transactions')
+                .values(fromTransaction(transaction, userId))
+                .execute();
+        }
+    }
+    async getTransaction(commandId) {
+        const userId = this.assertConnected();
+        const transaction = await this.db
+            .selectFrom('transactions')
+            .selectAll()
+            .where((eb) => eb.and([
+            eb('commandId', '=', commandId),
+            eb('userId', '=', userId),
+        ]))
+            .executeTakeFirst();
+        return transaction ? toTransaction(transaction) : undefined;
+    }
+}
+export const connection = (config) => {
+    switch (config.connection.type) {
+        case 'sqlite':
+            return new Kysely({
+                dialect: new SqliteDialect({
+                    database: new Database(config.connection.database),
+                }),
+                plugins: [new CamelCasePlugin()],
+            });
+        case 'memory':
+            return new Kysely({
+                dialect: new SqliteDialect({
+                    database: new Database(':memory:'),
+                }),
+                plugins: [new CamelCasePlugin()],
+            });
+        default:
+            throw new Error(`Unsupported database type: ${config.connection.type}`);
+    }
+};

package/dist/store-sql.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=store-sql.test.d.ts.map

package/dist/store-sql.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store-sql.test.d.ts","sourceRoot":"","sources":["../src/store-sql.test.ts"],"names":[],"mappings":""}

package/dist/store-sql.test.js

@@ -0,0 +1,206 @@
+import { describe, expect, test } from '@jest/globals';
+import { pino } from 'pino';
+import { sink } from 'pino-test';
+import { migrator } from './migrator';
+import { connection, StoreSql } from './store-sql';
+const authContextMock = {
+    userId: 'test-user-id',
+    accessToken: 'test-access-token',
+};
+const storeConfig = {
+    connection: {
+        type: 'memory',
+    },
+    networks: [],
+};
+const implementations = [['StoreSql', StoreSql]];
+const ledgerApi = {
+    baseUrl: 'http://api',
+    adminGrpcUrl: 'http://grpc',
+};
+const auth = {
+    identityProviderId: 'idp1',
+    type: 'password',
+    issuer: 'http://auth',
+    configUrl: 'http://auth/.well-known/openid-configuration',
+    tokenUrl: 'http://auth',
+    grantType: 'password',
+    clientId: 'cid',
+    scope: 'scope',
+    audience: 'aud',
+};
+const network = {
+    name: 'testnet',
+    chainId: 'network1',
+    synchronizerId: 'sync1::fingerprint',
+    description: 'Test Network',
+    ledgerApi,
+    auth,
+};
+implementations.forEach(([name, StoreImpl]) => {
+    describe(name, () => {
+        let db;
+        beforeEach(async () => {
+            db = connection(storeConfig);
+            const umzug = migrator(db);
+            await umzug.up();
+        });
+        afterEach(async () => {
+            await db.destroy();
+        });
+        test('should add and retrieve wallets', async () => {
+            const wallet = {
+                primary: false,
+                partyId: 'party1',
+                hint: 'hint',
+                signingProviderId: 'internal',
+                publicKey: 'publicKey',
+                namespace: 'namespace',
+                chainId: 'network1',
+            };
+            const store = new StoreImpl(db, pino(sink()), authContextMock);
+            await store.addNetwork(network);
+            await store.addWallet(wallet);
+            const wallets = await store.getWallets();
+            expect(wallets).toHaveLength(1);
+        });
+        test('should filter wallets', async () => {
+            const auth2 = {
+                identityProviderId: 'idp2',
+                type: 'password',
+                issuer: 'http://auth',
+                configUrl: 'http://auth/.well-known/openid-configuration',
+                tokenUrl: 'http://auth',
+                grantType: 'password',
+                clientId: 'cid',
+                scope: 'scope',
+                audience: 'aud',
+            };
+            const network2 = {
+                name: 'testnet',
+                chainId: 'network2',
+                synchronizerId: 'sync1::fingerprint',
+                description: 'Test Network',
+                ledgerApi,
+                auth: auth2,
+            };
+            const wallet1 = {
+                primary: false,
+                partyId: 'party1',
+                hint: 'hint1',
+                signingProviderId: 'internal',
+                publicKey: 'publicKey',
+                namespace: 'namespace',
+                chainId: 'network1',
+            };
+            const wallet2 = {
+                primary: false,
+                partyId: 'party2',
+                hint: 'hint2',
+                signingProviderId: 'internal',
+                publicKey: 'publicKey',
+                namespace: 'namespace',
+                chainId: 'network1',
+            };
+            const wallet3 = {
+                primary: false,
+                partyId: 'party3',
+                hint: 'hint3',
+                signingProviderId: 'internal',
+                publicKey: 'publicKey',
+                namespace: 'namespace',
+                chainId: 'network2',
+            };
+            const store = new StoreImpl(db, pino(sink()), authContextMock);
+            await store.addNetwork(network);
+            await store.addNetwork(network2);
+            await store.addWallet(wallet1);
+            await store.addWallet(wallet2);
+            await store.addWallet(wallet3);
+            const getAllWallets = await store.getWallets();
+            const getWalletsByChainId = await store.getWallets({
+                chainIds: ['network1'],
+            });
+            const getWalletsBySigningProviderId = await store.getWallets({
+                signingProviderIds: ['internal'],
+            });
+            const getWalletsByChainIdAndSigningProviderId = await store.getWallets({
+                chainIds: ['network1'],
+                signingProviderIds: ['internal'],
+            });
+            expect(getAllWallets).toHaveLength(3);
+            expect(getWalletsByChainId).toHaveLength(2);
+            expect(getWalletsBySigningProviderId).toHaveLength(3);
+            expect(getWalletsByChainIdAndSigningProviderId).toHaveLength(2);
+        });
+        test('should set and get primary wallet', async () => {
+            const wallet1 = {
+                primary: false,
+                partyId: 'party1',
+                hint: 'hint1',
+                signingProviderId: 'internal',
+                publicKey: 'publicKey',
+                namespace: 'namespace',
+                chainId: 'network1',
+            };
+            const wallet2 = {
+                primary: false,
+                partyId: 'party2',
+                hint: 'hint2',
+                signingProviderId: 'internal',
+                publicKey: 'publicKey',
+                namespace: 'namespace',
+                chainId: 'network1',
+            };
+            const store = new StoreImpl(db, pino(sink()), authContextMock);
+            await store.addNetwork(network);
+            await store.addWallet(wallet1);
+            await store.addWallet(wallet2);
+            await store.setPrimaryWallet('party2');
+            const primary = await store.getPrimaryWallet();
+            expect(primary?.partyId).toBe('party2');
+            expect(primary?.primary).toBe(true);
+        });
+        test('should set and get session', async () => {
+            const store = new StoreImpl(db, pino(sink()), authContextMock);
+            await store.addNetwork(network);
+            const session = {
+                network: 'network1',
+                accessToken: 'token',
+            };
+            await store.setSession(session);
+            const result = await store.getSession();
+            expect(result).toEqual({
+                ...session,
+                userId: authContextMock.userId,
+            });
+            await store.removeSession();
+            const removed = await store.getSession();
+            expect(removed).toBeUndefined();
+        });
+        test('should add, list, get, update, and remove networks', async () => {
+            const store = new StoreImpl(db, pino(sink()), authContextMock);
+            await store.addNetwork(network);
+            const listed = await store.listNetworks();
+            expect(listed).toHaveLength(1);
+            expect(listed[0].description).toBe('Test Network');
+            await store.updateNetwork({
+                ...network,
+                description: 'Updated Network',
+            });
+            const fetched = await store.getNetwork('network1');
+            expect(fetched.description).toBe('Updated Network');
+            await store.removeNetwork('network1');
+            const afterRemove = await store.listNetworks();
+            expect(afterRemove).toHaveLength(0);
+        });
+        test('should throw when getting a non-existent network', async () => {
+            const store = new StoreImpl(db, pino(sink()), authContextMock);
+            await expect(store.getNetwork('doesnotexist')).rejects.toThrow();
+        });
+        test('should throw when getting current network if none set', async () => {
+            const store = new StoreImpl(db, pino(sink()), authContextMock);
+            await expect(store.getCurrentNetwork()).rejects.toThrow();
+        });
+    });
+});

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "@canton-network/core-wallet-store-sql",
+  "version": "0.1.0",
+  "type": "module",
+  "repository": "https://github.com/hyperledger-labs/splice-wallet-kernel",
+  "description": "SQL implementation of the Store API",
+  "license": "Apache-2.0",
+  "author": "Marc Juchli <marc.juchli@digitalasset.com>",
+  "packageManager": "yarn@4.9.2",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "scripts": {
+    "build": "tsc -b",
+    "dev": "tsc -b --watch",
+    "clean": "tsc -b --clean; rm -rf dist",
+    "test": "yarn node --experimental-vm-modules $(yarn bin jest)"
+  },
+  "dependencies": {
+    "@canton-network/core-ledger-client": "^0.1.0",
+    "@canton-network/core-wallet-auth": "^0.1.0",
+    "@canton-network/core-wallet-store": "^0.1.0",
+    "better-sqlite3": "^12.2.0",
+    "commander": "^14.0.0",
+    "kysely": "^0.28.5",
+    "pino": "^9.7.0",
+    "umzug": "^3.8.2",
+    "zod": "^3.25.64"
+  },
+  "devDependencies": {
+    "@jest/globals": "^29.0.0",
+    "@swc/core": "^1.11.31",
+    "@swc/jest": "^0.2.38",
+    "@types/better-sqlite3": "^7.6.13",
+    "@types/jest": "^30.0.0",
+    "jest": "^30.0.0",
+    "pino-test": "^1.1.0",
+    "ts-jest": "^29.4.0",
+    "ts-jest-resolver": "^2.0.1",
+    "tsx": "^4.20.4",
+    "typescript": "^5.8.3"
+  },
+  "files": [
+    "dist/*"
+  ],
+  "publishConfig": {
+    "access": "public"
+  }
+}