@canton-network/wallet-gateway-remote 0.1.0

package/dist/dapp-api/server.js

@@ -0,0 +1,62 @@
+// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+import express from 'express';
+import { dappController } from './controller.js';
+import { pino } from 'pino';
+import { jsonRpcHandler } from '../middleware/jsonRpcHandler.js';
+import { jwtAuth } from '../middleware/jwtAuth.js';
+import { rpcRateLimit } from '../middleware/rateLimit.js';
+import cors from 'cors';
+import { createServer } from 'http';
+import { Server } from 'socket.io';
+const logger = pino({ name: 'main', level: 'debug' });
+export const dapp = (kernelInfo, notificationService, authService, store) => {
+    const app = express();
+    app.use(cors());
+    app.use(express.json());
+    app.use('/rpc', rpcRateLimit, jwtAuth(authService, logger), (req, res, next) => jsonRpcHandler({
+        controller: dappController(kernelInfo, store.withAuthContext(req.authContext), notificationService, logger, req.authContext),
+        logger,
+    })(req, res, next));
+    const server = createServer(app);
+    const io = new Server(server, {
+        cors: {
+            origin: '*',
+            methods: ['GET', 'POST'],
+        },
+    });
+    io.on('connection', (socket) => {
+        logger.info('Socket.io client connected');
+        let notifier = undefined;
+        const onAccountsChanged = (...event) => {
+            io.emit('accountsChanged', ...event);
+        };
+        const onConnected = (...event) => {
+            io.emit('onConnected', ...event);
+        };
+        const onTxChanged = (...event) => {
+            io.emit('txChanged', ...event);
+        };
+        authService
+            .verifyToken(socket.handshake.auth.token)
+            .then((authContext) => {
+            const userId = authContext?.userId;
+            if (!userId) {
+                return;
+            }
+            notifier = notificationService.getNotifier(userId);
+            notifier.on('accountsChanged', onAccountsChanged);
+            notifier.on('onConnected', onConnected);
+            notifier.on('txChanged', onTxChanged);
+        });
+        socket.on('disconnect', () => {
+            logger.info('Socket.io client disconnected');
+            if (notifier) {
+                notifier.removeListener('accountsChanged', onAccountsChanged);
+                notifier.removeListener('onConnected', onConnected);
+                notifier.removeListener('txChanged', onTxChanged);
+            }
+        });
+    });
+    return server;
+};

package/dist/dapp-api/server.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=server.test.d.ts.map

package/dist/dapp-api/server.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.test.d.ts","sourceRoot":"","sources":["../../src/dapp-api/server.test.ts"],"names":[],"mappings":""}

package/dist/dapp-api/server.test.js

@@ -0,0 +1,45 @@
+// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+import { expect, test, jest } from '@jest/globals';
+import request from 'supertest';
+import { dapp } from './server.js';
+import { StoreInternal } from '@canton-network/core-wallet-store-inmemory';
+import { ConfigUtils } from '../config/ConfigUtils.js';
+import { pino } from 'pino';
+import { sink } from 'pino-test';
+const authService = {
+    verifyToken: async () => {
+        return new Promise((resolve) => resolve({ userId: 'user123', accessToken: 'token123' }));
+    },
+};
+const configPath = '../test/config.json';
+const config = ConfigUtils.loadConfigFile(configPath);
+const store = new StoreInternal(config.store, pino(sink()));
+const notificationService = {
+    getNotifier: jest.fn().mockReturnValue({
+        on: jest.fn(),
+        emit: jest.fn(),
+        removeListener: jest.fn(),
+    }),
+};
+test('call connect rpc', async () => {
+    const response = await request(dapp(config.kernel, notificationService, authService, store))
+        .post('/rpc')
+        .send({ jsonrpc: '2.0', id: 0, method: 'connect', params: [] })
+        .set('Accept', 'application/json');
+    expect(response.statusCode).toBe(200);
+    expect(response.body).toEqual({
+        id: 0,
+        jsonrpc: '2.0',
+        result: {
+            kernel: {
+                id: 'remote-da',
+                clientType: 'remote',
+                url: 'http://localhost:3008/rpc',
+                userUrl: 'http://localhost:3002',
+            },
+            isConnected: false,
+            userUrl: 'http://localhost:3002/login/',
+        },
+    });
+});

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,30 @@
+#!/usr/bin/env node
+// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+import { Option, Command } from '@commander-js/extra-typings';
+import { initialize } from './init.js';
+import { createCLI } from '@canton-network/core-wallet-store-sql';
+import { ConfigUtils } from './config/ConfigUtils.js';
+const program = new Command()
+    .name('wallet-gateway-remote')
+    .description('Run a remotely hosted Wallet Gateway')
+    .option('-c, --config <path>', 'set config path', '../test/config.json')
+    .addOption(new Option('-f, --log-format <format>', 'set log format')
+    .choices(['json', 'pretty'])
+    .default('json'))
+    .addOption(new Option('-s, --store-type <type>', 'set store type')
+    .choices(['sqlite', 'postgres'])
+    .default('sqlite'))
+    .action((opts) => {
+    // Initialize the database with the provided config
+    initialize(opts);
+});
+// Parse only the options (without executing commands) to get config path
+program.parseOptions(process.argv);
+const options = program.opts();
+const config = ConfigUtils.loadConfigFile(options.config);
+// Add the `db` command now, before final parse
+const cli = createCLI(config.store);
+program.addCommand(cli.name('db'));
+// Now parse normally for execution/help
+program.parseAsync(process.argv);

package/dist/init.d.ts

@@ -0,0 +1,9 @@
+export declare function initialize(opts: {
+    config: string;
+    logFormat: 'pretty' | 'json';
+}): Promise<{
+    dAppServer: import("http").Server<typeof import("http").IncomingMessage, typeof import("http").ServerResponse>;
+    userServer: import("http").Server<typeof import("http").IncomingMessage, typeof import("http").ServerResponse>;
+    webServer: import("http").Server<typeof import("http").IncomingMessage, typeof import("http").ServerResponse>;
+}>;
+//# sourceMappingURL=init.d.ts.map

package/dist/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":"AAmDA,wBAAsB,UAAU,CAAC,IAAI,EAAE;IACnC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,QAAQ,GAAG,MAAM,CAAA;CAC/B;;;;GA4EA"}

package/dist/init.js

@@ -0,0 +1,77 @@
+// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+import { dapp } from './dapp-api/server.js';
+import { user } from './user-api/server.js';
+import { web } from './web/server.js';
+import { pino } from 'pino';
+import ViteExpress from 'vite-express';
+import { StoreSql, connection } from '@canton-network/core-wallet-store-sql';
+import { ConfigUtils } from './config/ConfigUtils.js';
+import EventEmitter from 'events';
+import { SigningProvider } from '@canton-network/core-signing-lib';
+import { ParticipantSigningDriver } from '@canton-network/core-signing-participant';
+import { InternalSigningDriver } from '@canton-network/core-signing-internal';
+import { jwtAuthService } from './auth/jwt-auth-service.js';
+import path, { dirname } from 'path';
+import { fileURLToPath } from 'url';
+import express from 'express';
+const dAppPort = Number(process.env.DAPP_API_PORT) || 3008;
+const userPort = Number(process.env.USER_API_PORT) || 3001;
+const webPort = Number(process.env.WEB_PORT) || 3002;
+class NotificationService {
+    constructor(logger) {
+        this.logger = logger;
+        this.notifiers = new Map();
+    }
+    getNotifier(notifierId) {
+        const logger = this.logger;
+        let notifier = this.notifiers.get(notifierId);
+        if (!notifier) {
+            notifier = new EventEmitter();
+            // Wrap all events to log with pino
+            const originalEmit = notifier.emit;
+            notifier.emit = function (event, ...args) {
+                logger.debug({ event, args }, `Notifier emitted event: ${event}`);
+                return originalEmit.apply(this, [event, ...args]);
+            };
+            this.notifiers.set(notifierId, notifier);
+        }
+        return notifier;
+    }
+}
+export async function initialize(opts) {
+    const logger = pino({
+        name: 'main',
+        level: 'debug',
+        ...(opts.logFormat === 'pretty'
+            ? {
+                transport: {
+                    target: 'pino-pretty',
+                },
+            }
+            : {}),
+    });
+    const notificationService = new NotificationService(logger);
+    // TODO: make the default config path point to ${PWD}/config.json
+    const defaultConfig = path.join(dirname(fileURLToPath(import.meta.url)), '..', 'test', 'config.json');
+    const configPath = opts.config || defaultConfig;
+    const config = ConfigUtils.loadConfigFile(configPath);
+    const store = new StoreSql(connection(config.store), logger);
+    const authService = jwtAuthService(store, logger);
+    const drivers = {
+        [SigningProvider.PARTICIPANT]: new ParticipantSigningDriver(),
+        [SigningProvider.WALLET_KERNEL]: new InternalSigningDriver(),
+    };
+    const dAppServer = dapp(config.kernel, notificationService, authService, store).listen(dAppPort, () => {
+        logger.info(`dApp Server running at http://localhost:${dAppPort}`);
+    });
+    const userServer = user(config.kernel, notificationService, authService, drivers, store).listen(userPort, () => {
+        logger.info(`User Server running at http://localhost:${userPort}`);
+    });
+    const webServer = process.env.NODE_ENV === 'development'
+        ? ViteExpress.listen(web, webPort, () => logger.info(`Web server running at http://localhost:${webPort}`))
+        : web
+            .use(express.static(path.resolve(dirname(fileURLToPath(import.meta.url)), '../dist/web/frontend')))
+            .listen(webPort, () => logger.info(`Web server running at http://localhost:${webPort}`));
+    return { dAppServer, userServer, webServer };
+}

package/dist/ledger/party-allocation-service.d.ts

@@ -0,0 +1,34 @@
+import { Logger } from 'pino';
+export type AllocatedParty = {
+    partyId: string;
+    hint: string;
+    namespace: string;
+};
+type SigningCbFn = (hash: string) => Promise<string>;
+/**
+ * This service provides an abstraction for Canton party allocation that seamlessly handles both internal and external parties.
+ */
+export declare class PartyAllocationService {
+    private synchronizerId;
+    private logger;
+    private ledgerClient;
+    constructor(synchronizerId: string, adminToken: string, httpLedgerUrl: string, logger: Logger);
+    /**
+     * Allocates an internal participant party for a user.
+     * @param userId The ID of the user.
+     * @param hint A hint for the party ID.
+     */
+    allocateParty(userId: string, hint: string): Promise<AllocatedParty>;
+    /**
+     * Allocates an externally signed party for a user.
+     * @param userId The ID of the user.
+     * @param hint A hint for the party ID.
+     * @param publicKey The public key of the user.
+     * @param signingCallback A callback function that asynchronously signs the onboarding request hash.
+     */
+    allocateParty(userId: string, hint: string, publicKey: string, signingCallback: SigningCbFn): Promise<AllocatedParty>;
+    private allocateInternalParty;
+    private allocateExternalParty;
+}
+export {};
+//# sourceMappingURL=party-allocation-service.d.ts.map

package/dist/ledger/party-allocation-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"party-allocation-service.d.ts","sourceRoot":"","sources":["../../src/ledger/party-allocation-service.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAE7B,MAAM,MAAM,cAAc,GAAG;IACzB,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,KAAK,WAAW,GAAG,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;AAEpD;;GAEG;AACH,qBAAa,sBAAsB;IAI3B,OAAO,CAAC,cAAc;IAGtB,OAAO,CAAC,MAAM;IANlB,OAAO,CAAC,YAAY,CAAc;gBAGtB,cAAc,EAAE,MAAM,EAC9B,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACb,MAAM,EAAE,MAAM;IAS1B;;;;OAIG;IACG,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAE1E;;;;;;OAMG;IACG,aAAa,CACf,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,eAAe,EAAE,WAAW,GAC7B,OAAO,CAAC,cAAc,CAAC;YAoBZ,qBAAqB;YAqBrB,qBAAqB;CAmCtC"}

package/dist/ledger/party-allocation-service.js

@@ -0,0 +1,50 @@
+// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+import { LedgerClient, TopologyWriteService, } from '@canton-network/core-ledger-client';
+/**
+ * This service provides an abstraction for Canton party allocation that seamlessly handles both internal and external parties.
+ */
+export class PartyAllocationService {
+    constructor(synchronizerId, adminToken, httpLedgerUrl, logger) {
+        this.synchronizerId = synchronizerId;
+        this.logger = logger;
+        this.ledgerClient = new LedgerClient(new URL(httpLedgerUrl), adminToken, this.logger);
+    }
+    async allocateParty(userId, hint, publicKey, signingCallback) {
+        if (publicKey !== undefined && signingCallback !== undefined) {
+            return this.allocateExternalParty(userId, hint, publicKey, signingCallback);
+        }
+        else {
+            return this.allocateInternalParty(userId, hint);
+        }
+    }
+    async allocateInternalParty(userId, hint) {
+        const { participantId: namespace } = await this.ledgerClient.get('/v2/parties/participant-id');
+        const res = await this.ledgerClient.post('/v2/parties', {
+            partyIdHint: hint,
+            identityProviderId: '',
+        });
+        if (!res.partyDetails?.party) {
+            throw new Error('Failed to allocate party');
+        }
+        await this.ledgerClient.grantUserRights(userId, res.partyDetails.party);
+        return { hint, namespace, partyId: res.partyDetails.party };
+    }
+    async allocateExternalParty(userId, hint, publicKey, signingCallback) {
+        const namespace = TopologyWriteService.createFingerprintFromKey(publicKey);
+        const transactions = await this.ledgerClient.generateTopology(this.synchronizerId, publicKey, hint);
+        const signature = await signingCallback(transactions.multiHash);
+        const res = await this.ledgerClient.allocateExternalParty(this.synchronizerId, transactions.topologyTransactions.map((transaction) => ({
+            transaction,
+        })), [
+            {
+                format: 'SIGNATURE_FORMAT_CONCAT',
+                signature: signature,
+                signedBy: namespace,
+                signingAlgorithmSpec: 'SIGNING_ALGORITHM_SPEC_ED25519',
+            },
+        ]);
+        await this.ledgerClient.grantUserRights(userId, res.partyId);
+        return { hint, partyId: res.partyId, namespace };
+    }
+}

package/dist/ledger/party-allocation-service.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=party-allocation-service.test.d.ts.map

package/dist/ledger/party-allocation-service.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"party-allocation-service.test.d.ts","sourceRoot":"","sources":["../../src/ledger/party-allocation-service.test.ts"],"names":[],"mappings":""}

package/dist/ledger/party-allocation-service.test.js

@@ -0,0 +1,85 @@
+// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+import { jest } from '@jest/globals';
+import { pino } from 'pino';
+import { sink } from 'pino-test';
+const mockLedgerGet = jest.fn();
+const mockLedgerPost = jest.fn();
+const mockLedgerGrantUserRights = jest.fn();
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const MockTopologyWriteService = jest.fn();
+// Add static method to the mock class
+MockTopologyWriteService.createFingerprintFromKey = jest
+    .fn()
+    .mockReturnValue('mypublickey');
+jest.unstable_mockModule('@canton-network/core-ledger-client', () => ({
+    Signature: jest.fn(),
+    SignatureFormat: jest.fn(),
+    SigningAlgorithmSpec: jest.fn(),
+    MultiTransactionSignatures: jest.fn(),
+    SignedTopologyTransaction: jest.fn(),
+    LedgerClient: jest.fn().mockImplementation(() => {
+        return {
+            get: mockLedgerGet,
+            post: mockLedgerPost,
+            grantUserRights: mockLedgerGrantUserRights,
+            generateTopology: jest.fn().mockResolvedValue({
+                partyId: 'party2::mypublickey',
+                publicKeyFingerprint: 'mypublickey',
+                topologyTransactions: ['tx1'],
+                multiHash: 'combinedHash',
+            }),
+            allocateExternalParty: jest
+                .fn()
+                .mockResolvedValue({ partyId: 'party2::mypublickey' }),
+        };
+    }),
+    TopologyWriteService: MockTopologyWriteService,
+}));
+describe('PartyAllocationService', () => {
+    const network = {
+        name: 'test',
+        chainId: 'chain-id',
+        synchronizerId: 'sync-id',
+        description: 'desc',
+        ledgerApi: {
+            baseUrl: 'http://ledger',
+        },
+        auth: {
+            identityProviderId: 'idp',
+            type: 'implicit',
+            issuer: 'http://idp',
+            configUrl: 'http://idp/.well-known/openid-configuration',
+            audience: 'aud',
+            scope: 'scope',
+            clientId: 'cid',
+            admin: { clientId: 'cid', clientSecret: 'secret' },
+        },
+    };
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    let service;
+    beforeEach(async () => {
+        const mockLogger = pino(sink());
+        const pas = await import('./party-allocation-service.js');
+        service = new pas.PartyAllocationService(network.synchronizerId, 'admin.jwt', network.ledgerApi.baseUrl, mockLogger);
+    });
+    it('allocates an internal party', async () => {
+        mockLedgerGet.mockResolvedValueOnce({ participantId: 'participantid' });
+        mockLedgerPost.mockResolvedValueOnce({
+            partyDetails: { party: 'party1::participantid' },
+        });
+        await expect(service.allocateParty('user1', 'party1')).resolves.toStrictEqual({
+            hint: 'party1',
+            partyId: 'party1::participantid',
+            namespace: 'participantid',
+        });
+    });
+    it('allocates an external party', async () => {
+        const publicKey = 'mypublickey';
+        await expect(service.allocateParty('user1', 'party2', publicKey, async () => 'mysignedhash')).resolves.toStrictEqual({
+            hint: 'party2',
+            partyId: `party2::${publicKey}`,
+            namespace: publicKey,
+        });
+    });
+});

package/dist/ledger/wallet-sync-service.d.ts

@@ -0,0 +1,18 @@
+import { LedgerClient } from '@canton-network/core-ledger-client';
+import { AuthContext } from '@canton-network/core-wallet-auth';
+import { Store, Wallet } from '@canton-network/core-wallet-store';
+import { Logger } from 'pino';
+export type WalletSyncReport = {
+    added: Wallet[];
+    removed: Wallet[];
+};
+export declare class WalletSyncService {
+    private store;
+    private ledgerClient;
+    private authContext;
+    private logger;
+    constructor(store: Store, ledgerClient: LedgerClient, authContext: AuthContext, logger: Logger);
+    run(timeoutMs: number): Promise<void>;
+    syncWallets(): Promise<WalletSyncReport>;
+}
+//# sourceMappingURL=wallet-sync-service.d.ts.map

package/dist/ledger/wallet-sync-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet-sync-service.d.ts","sourceRoot":"","sources":["../../src/ledger/wallet-sync-service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAA;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAA;AAC9D,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAA;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAE7B,MAAM,MAAM,gBAAgB,GAAG;IAC3B,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,OAAO,EAAE,MAAM,EAAE,CAAA;CACpB,CAAA;AACD,qBAAa,iBAAiB;IAEtB,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,YAAY;IACpB,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,MAAM;gBAHN,KAAK,EAAE,KAAK,EACZ,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM;IAGpB,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAUrC,WAAW,IAAI,OAAO,CAAC,gBAAgB,CAAC;CA6FjD"}

package/dist/ledger/wallet-sync-service.js

@@ -0,0 +1,90 @@
+// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+export class WalletSyncService {
+    constructor(store, ledgerClient, authContext, logger) {
+        this.store = store;
+        this.ledgerClient = ledgerClient;
+        this.authContext = authContext;
+        this.logger = logger;
+    }
+    async run(timeoutMs) {
+        this.logger.info(`Starting wallet sync service with ${timeoutMs}ms interval`);
+        while (true) {
+            await this.syncWallets();
+            await new Promise((res) => setTimeout(res, timeoutMs));
+        }
+    }
+    async syncWallets() {
+        this.logger.info('Starting wallet sync...');
+        try {
+            const network = await this.store.getCurrentNetwork();
+            this.logger.info(network, 'Current network');
+            // Get existing parties from participant
+            const rights = await this.ledgerClient.get('/v2/users/{user-id}/rights', {
+                path: {
+                    'user-id': this.authContext.userId,
+                },
+            });
+            const partiesWithRights = new Map();
+            rights.rights?.forEach((right) => {
+                let party;
+                let rightType;
+                if ('CanActAs' in right.kind) {
+                    party = right.kind.CanActAs.value.party;
+                    rightType = 'CanActAs';
+                }
+                else if ('CanExecuteAs' in right.kind) {
+                    party = right.kind.CanExecuteAs.value.party;
+                    rightType = 'CanExecuteAs';
+                }
+                else if ('CanReadAs' in right.kind) {
+                    party = right.kind.CanReadAs.value.party;
+                    rightType = 'CanReadAs';
+                }
+                if (party !== undefined &&
+                    rightType !== undefined &&
+                    !partiesWithRights.has(party))
+                    partiesWithRights.set(party, rightType);
+            });
+            this.logger.info(partiesWithRights, 'Found new parties to sync with Wallet Gateway');
+            // Add new Wallets given the found parties
+            const existingWallets = await this.store.getWallets();
+            this.logger.info(existingWallets, 'Existing wallets');
+            const existingPartyIdToSigningProvider = new Map(existingWallets.map((w) => [w.partyId, w.signingProviderId]));
+            const newParticipantWallets = Array.from(partiesWithRights.keys())
+                ?.filter((party) => !existingPartyIdToSigningProvider.has(party)
+            // todo: filter on idp id
+            )
+                .map((party) => {
+                const [hint, namespace] = party.split('::');
+                return {
+                    primary: false,
+                    partyId: party,
+                    hint: hint,
+                    publicKey: namespace,
+                    namespace: namespace,
+                    chainId: network.chainId,
+                    signingProviderId: 'participant', // todo: determine based on partyDetails.isLocal
+                };
+            }) || [];
+            await Promise.all(newParticipantWallets.map((wallet) => this.store.addWallet(wallet)));
+            this.logger.info(newParticipantWallets, 'Created new wallets');
+            // Set primary wallet if none exists
+            const wallets = await this.store.getWallets();
+            const hasPrimary = wallets.some((w) => w.primary);
+            if (!hasPrimary && wallets.length > 0) {
+                this.store.setPrimaryWallet(wallets[0].partyId);
+                this.logger.info(`Set ${wallets[0].partyId} as primary wallet`);
+            }
+            this.logger.debug(wallets, 'Wallet sync completed.');
+            return {
+                added: newParticipantWallets,
+                removed: [],
+            };
+        }
+        catch (err) {
+            this.logger.error({ err }, 'Wallet sync failed.');
+            throw err;
+        }
+    }
+}

package/dist/middleware/jsonRpcHandler.d.ts

@@ -0,0 +1,9 @@
+import { NextFunction, Request, Response } from 'express';
+import { Logger } from 'pino';
+interface JsonRpcHttpOptions<T> {
+    logger: Logger;
+    controller: T;
+}
+export declare const jsonRpcHandler: <T extends Record<string, (...args: any[]) => any>>({ controller, logger: _logger, }: JsonRpcHttpOptions<T>) => (req: Request, res: Response, next: NextFunction) => void;
+export {};
+//# sourceMappingURL=jsonRpcHandler.d.ts.map

package/dist/middleware/jsonRpcHandler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jsonRpcHandler.d.ts","sourceRoot":"","sources":["../../src/middleware/jsonRpcHandler.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AACzD,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAa7B,UAAU,kBAAkB,CAAC,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,CAAC,CAAA;CAChB;AAyDD,eAAO,MAAM,cAAc,GAEtB,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,CAAC,EAAE,kCAGjD,kBAAkB,CAAC,CAAC,CAAC,MAMZ,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,SA4E1D,CAAA"}

package/dist/middleware/jsonRpcHandler.js

@@ -0,0 +1,102 @@
+// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+import { JsonRpcError, rpcErrors, toHttpErrorCode, } from '@canton-network/core-rpc-errors';
+import { ErrorResponse, JsonRpcRequest, jsonRpcResponse, } from '@canton-network/core-types';
+/**
+ * Handles JSON-RPC errors and maps them to HTTP responses.
+ * @param error The error that occurred.
+ * @param id The JSON-RPC request ID.
+ * @param logger The logger instance.
+ * @param method The name of the JSON-RPC method being called.
+ * @returns A tuple containing the HTTP status code and the JSON-RPC response.
+ */
+const handleRpcError = (error, id, logger, method) => {
+    const genericMessage = method
+        ? `Something went wrong while calling ${method}`
+        : 'Something went wrong';
+    let response = {
+        error: {
+            ...rpcErrors.internal(),
+            message: genericMessage,
+            data: error,
+        },
+    };
+    if (error instanceof JsonRpcError) {
+        response.error = error;
+        const httpCode = toHttpErrorCode(error.code);
+        return [httpCode, jsonRpcResponse(id, response)];
+    }
+    if (error instanceof Error) {
+        response.error.message = error.message;
+    }
+    else if (typeof error === 'string') {
+        response.error.message = error;
+    }
+    else if (ErrorResponse.safeParse(error).success) {
+        response = error;
+    }
+    else if (
+    // Check for a Ledger API error format
+    typeof error === 'object' &&
+        error !== null &&
+        'cause' in error &&
+        'code' in error) {
+        response.error.message = error.cause;
+        response.error.data = error;
+    }
+    const jsonResponse = jsonRpcResponse(id, response);
+    logger.error(jsonResponse, 'RPC response');
+    return [500, jsonResponse];
+};
+export const jsonRpcHandler = 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+({ controller, logger: _logger, }) => {
+    const logger = _logger.child({ component: 'json-rpc-http' });
+    return (req, res, next) => {
+        if (req.method !== 'POST') {
+            next();
+        }
+        const parsed = JsonRpcRequest.safeParse(req.body);
+        if (!parsed.success) {
+            logger.error({
+                request: req.body,
+                error: parsed.error,
+            }, 'RPC request: Invalid request format');
+            const [status, response] = handleRpcError(rpcErrors.invalidRequest({
+                message: 'Invalid JSON-RPC request format',
+            }), null, logger);
+            res.status(status).json(response);
+        }
+        else {
+            const { method, params, id = null } = parsed.data;
+            logger.debug({
+                request: {
+                    id: id,
+                    method: method,
+                    params: params,
+                    authContext: req.authContext,
+                },
+            }, `RPC request: ${method}`);
+            const methodFn = controller[method];
+            if (!methodFn) {
+                const [status, response] = handleRpcError(rpcErrors.methodNotFound({
+                    message: `Method ${method} not found`,
+                }), null, logger, method);
+                res.status(status).json(response);
+            }
+            // TODO: validate params match the expected schema for the method
+            methodFn(params)
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                .then((result) => {
+                const response = jsonRpcResponse(id, { result });
+                logger.debug(response, 'RPC response');
+                res.json(response);
+            })
+                .catch((error) => {
+                const [status, response] = handleRpcError(error, id, logger, method);
+                logger.error(response, 'RPC response');
+                res.status(status).json(response);
+            });
+        }
+    };
+};