@canton-network/wallet-gateway-remote 0.11.3 → 0.13.0

package/dist/auth/jwt-auth-service.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';
 /**

package/dist/auth/jwt-unsafe-auth-service.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { decodeJwt } from 'jose';
 /**

package/dist/config/Config.d.ts

@@ -1,28 +1,30 @@
 import { z } from 'zod';
 export declare const kernelInfoSchema: z.ZodObject<{
     id: z.ZodString;
+    publicUrl: z.ZodOptional<z.ZodString>;
     clientType: z.ZodUnion<readonly [z.ZodLiteral<"browser">, z.ZodLiteral<"desktop">, z.ZodLiteral<"mobile">, z.ZodLiteral<"remote">]>;
 }, z.core.$strip>;
 export declare const serverConfigSchema: z.ZodObject<{
-    host: z.ZodDefault<z.ZodString>;
     port: z.ZodDefault<z.ZodNumber>;
-    tls: z.ZodDefault<z.ZodBoolean>;
     dappPath: z.ZodDefault<z.ZodString>;
     userPath: z.ZodDefault<z.ZodString>;
     allowedOrigins: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>>;
+    host: z.ZodOptional<z.ZodString>;
+    tls: z.ZodOptional<z.ZodBoolean>;
 }, z.core.$strip>;
 export declare const configSchema: z.ZodObject<{
     kernel: z.ZodObject<{
         id: z.ZodString;
+        publicUrl: z.ZodOptional<z.ZodString>;
         clientType: z.ZodUnion<readonly [z.ZodLiteral<"browser">, z.ZodLiteral<"desktop">, z.ZodLiteral<"mobile">, z.ZodLiteral<"remote">]>;
     }, z.core.$strip>;
     server: z.ZodPipe<z.ZodTransform<{}, unknown>, z.ZodObject<{
-        host: z.ZodDefault<z.ZodString>;
         port: z.ZodDefault<z.ZodNumber>;
-        tls: z.ZodDefault<z.ZodBoolean>;
         dappPath: z.ZodDefault<z.ZodString>;
         userPath: z.ZodDefault<z.ZodString>;
         allowedOrigins: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>>;
+        host: z.ZodOptional<z.ZodString>;
+        tls: z.ZodOptional<z.ZodBoolean>;
     }, z.core.$strip>>;
     store: z.ZodObject<{
         connection: z.ZodDiscriminatedUnion<[z.ZodObject<{

package/dist/config/Config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Config.d.ts","sourceRoot":"","sources":["../../src/config/Config.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,eAAO,MAAM,gBAAgB;;;iBAQ3B,CAAA;AAEF,eAAO,MAAM,kBAAkB;;;;;;;iBAO7B,CAAA;AAEF,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAKvB,CAAA;AAEF,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AACzD,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAA;AAC7D,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAA"}
+{"version":3,"file":"Config.d.ts","sourceRoot":"","sources":["../../src/config/Config.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,eAAO,MAAM,gBAAgB;;;;iBAY3B,CAAA;AAEF,eAAO,MAAM,kBAAkB;;;;;;;iBA+B7B,CAAA;AAEF,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAKvB,CAAA;AAEF,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AACzD,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAA;AAC7D,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAA"}

package/dist/config/Config.js

@@ -1,10 +1,13 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { storeConfigSchema } from '@canton-network/core-wallet-store';
 import { storeConfigSchema as signingStoreConfigSchema } from '@canton-network/core-signing-store-sql';
 import { z } from 'zod';
 export const kernelInfoSchema = z.object({
     id: z.string(),
+    publicUrl: z.string().optional().meta({
+        description: 'The public base URL of the gateway, if available (e.g. https://wallet.example.com). This determines what browsers will try to use to connect, and is useful when using reverse proxies. If omitted, this will be derived from the server configuration.',
+    }),
     clientType: z.union([
         z.literal('browser'),
         z.literal('desktop'),
@@ -13,12 +16,31 @@ export const kernelInfoSchema = z.object({
     ]),
 });
 export const serverConfigSchema = z.object({
-    host: z.string().default('localhost'),
-    port: z.number().default(3030),
-    tls: z.boolean().default(false),
-    dappPath: z.string().default('/api/v0/dapp'),
-    userPath: z.string().default('/api/v0/user'),
-    allowedOrigins: z.union([z.literal('*'), z.array(z.string())]).default('*'),
+    port: z.number().default(3030).meta({
+        description: 'The port on which the NodeJS service will listen. Defaults to 3030.',
+    }),
+    dappPath: z.string().default('/api/v0/dapp').meta({
+        description: 'The path serving the dapp API. Defaults /api/v0/dapp',
+    }),
+    userPath: z.string().default('/api/v0/user').meta({
+        description: 'The path serving the user API. Defaults /api/v0/user',
+    }),
+    allowedOrigins: z
+        .union([z.literal('*'), z.array(z.string())])
+        .default('*')
+        .meta({
+        description: 'Allowed CORS origins, typically corresponding to which external dApps are allowed to connect. Use "*" to allow all origins, or set an array of origin strings.',
+    }),
+    // @deprecated, the NodeJS server always binds to the localhost interface
+    host: z.string().optional().meta({
+        deprecated: true,
+        description: 'The host interface the server binds to. Deprecated as the service always binds to the local machine network interface. Will be removed in a future release.',
+    }),
+    // @deprecated since this field does not actually control TLS termination
+    tls: z.boolean().optional().meta({
+        deprecated: true,
+        description: 'Deprecated, this option no longer has any effect. Will be removed in a future release.',
+    }),
 });
 export const configSchema = z.object({
     kernel: kernelInfoSchema,

package/dist/config/Config.test.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { expect, test } from '@jest/globals';
 import { ConfigUtils } from './ConfigUtils.js';

package/dist/config/ConfigUtils.d.ts

@@ -1,9 +1,13 @@
-import { Config, ServerConfig } from './Config.js';
+import { Config } from './Config.js';
 export declare class ConfigUtils {
     static loadConfigFile(filePath: string): Config;
 }
-export declare const deriveKernelUrls: (serverConfig: ServerConfig) => {
-    dappUrl: string;
-    userUrl: string;
-};
+interface Urls {
+    serviceUrl: string;
+    publicUrl: string;
+    dappApiUrl: string;
+    userApiUrl: string;
+}
+export declare const deriveUrls: (config: Config, port?: number) => Urls;
+export {};
 //# sourceMappingURL=ConfigUtils.d.ts.map

package/dist/config/ConfigUtils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ConfigUtils.d.ts","sourceRoot":"","sources":["../../src/config/ConfigUtils.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAgB,YAAY,EAAE,MAAM,aAAa,CAAA;AAEhE,qBAAa,WAAW;IACpB,MAAM,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAoDlD;AAgDD,eAAO,MAAM,gBAAgB,GACzB,cAAc,YAAY,KAC3B;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAUpC,CAAA"}
+{"version":3,"file":"ConfigUtils.d.ts","sourceRoot":"","sources":["../../src/config/ConfigUtils.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAgB,MAAM,aAAa,CAAA;AAElD,qBAAa,WAAW;IACpB,MAAM,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAoDlD;AAgDD,UAAU,IAAI;IACV,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;CACrB;AAOD,eAAO,MAAM,UAAU,GAAI,QAAQ,MAAM,EAAE,OAAO,MAAM,KAAG,IAa1D,CAAA"}

package/dist/config/ConfigUtils.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { readFileSync, existsSync } from 'fs';
 import { configSchema } from './Config.js';
@@ -70,12 +70,14 @@ function validateNetworkAuthMethods(config) {
         }
     }
 }
-export const deriveKernelUrls = (serverConfig) => {
-    const protocol = serverConfig.tls ? 'https' : 'http';
-    // Convert 0.0.0.0 to localhost for URL generation since browsers can't use 0.0.0.0
-    const urlHost = serverConfig.host === '0.0.0.0' ? 'localhost' : serverConfig.host;
-    const dappUrl = `${protocol}://${urlHost}:${serverConfig.port}${serverConfig.dappPath}`;
-    // userUrl is the base URL for the web frontend (no path)
-    const userUrl = `${protocol}://${urlHost}:${serverConfig.port}`;
-    return { dappUrl, userUrl };
+// Strips duplicate slashes from a URL, except for the protocol part (e.g., "http://")
+function stripDuplicateSlashes(path) {
+    return path.replace(/(https?:\/\/)|(\/)+/g, '$1$2');
+}
+export const deriveUrls = (config, port) => {
+    const serviceUrl = `http://localhost:${port || config.server.port}`;
+    const publicUrl = config.kernel.publicUrl || serviceUrl;
+    const dappApiUrl = stripDuplicateSlashes(`${publicUrl}/${config.server.dappPath}`);
+    const userApiUrl = stripDuplicateSlashes(`${publicUrl}/${config.server.userPath}`);
+    return { dappApiUrl, userApiUrl, publicUrl, serviceUrl };
 };

package/dist/dapp-api/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/dapp-api/controller.ts"],"names":[],"mappings":"AAIA,OAAO,EAAmB,WAAW,EAAE,MAAM,kCAAkC,CAAA;AAS/E,OAAO,EAAE,KAAK,EAAe,MAAM,mCAAmC,CAAA;AAQtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAA;AAC5E,OAAO,EAAE,UAAU,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACpE,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAG7B,eAAO,MAAM,cAAc,GACvB,YAAY,gBAAgB,EAC5B,SAAS,MAAM,EACf,SAAS,MAAM,EACf,OAAO,KAAK,EACZ,qBAAqB,mBAAmB,EACxC,SAAS,MAAM,EACf,QAAQ,MAAM,GAAG,IAAI,EACrB,UAAU,WAAW;;;;;;;;;;;;;CAuOxB,CAAA"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/dapp-api/controller.ts"],"names":[],"mappings":"AAGA,OAAO,EAAmB,WAAW,EAAE,MAAM,kCAAkC,CAAA;AAS/E,OAAO,EAAE,KAAK,EAAe,MAAM,mCAAmC,CAAA;AAQtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAA;AAC5E,OAAO,EAAE,UAAU,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACpE,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAG7B,eAAO,MAAM,cAAc,GACvB,YAAY,gBAAgB,EAC5B,SAAS,MAAM,EACf,SAAS,MAAM,EACf,OAAO,KAAK,EACZ,qBAAqB,mBAAmB,EACxC,SAAS,MAAM,EACf,QAAQ,MAAM,GAAG,IAAI,EACrB,UAAU,WAAW;;;;;;;;;;;;;CAuOxB,CAAA"}

package/dist/dapp-api/controller.js

@@ -1,6 +1,5 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
-// Disabled unused vars rule to allow for future implementations
 import { assertConnected } from '@canton-network/core-wallet-auth';
 import buildController from './rpc-gen/index.js';
 import { LedgerClient, } from '@canton-network/core-ledger-client';

package/dist/dapp-api/rpc-gen/index.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 function buildController(methods) {
     return {

package/dist/dapp-api/rpc-gen/typings.js

@@ -1,3 +1,3 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 export {};

package/dist/dapp-api/server.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import cors from 'cors';
 import { dappController } from './controller.js';

package/dist/dapp-api/server.test.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { expect, test } from '@jest/globals';
 import cors from 'cors';
@@ -6,7 +6,7 @@ import request from 'supertest';
 import express from 'express';
 import { dapp } from './server.js';
 import { StoreInternal } from '@canton-network/core-wallet-store-inmemory';
-import { ConfigUtils, deriveKernelUrls } from '../config/ConfigUtils.js';
+import { ConfigUtils, deriveUrls } from '../config/ConfigUtils.js';
 import { NotificationService } from '../notification/NotificationService.js';
 import { pino } from 'pino';
 import { sink } from 'pino-test';
@@ -25,8 +25,8 @@ test('call connect rpc', async () => {
     app.use(cors());
     app.use(express.json());
     const server = createServer(app);
-    const { dappUrl, userUrl } = deriveKernelUrls(config.server);
-    const response = await request(dapp('/api/v0/dapp', app, pino(sink()), server, config.kernel, dappUrl, userUrl, config.server, notificationService, authService, store))
+    const { dappApiUrl, publicUrl } = deriveUrls(config);
+    const response = await request(dapp('/api/v0/dapp', app, pino(sink()), server, config.kernel, dappApiUrl, publicUrl, config.server, notificationService, authService, store))
         .post('/api/v0/dapp')
         .send({ jsonrpc: '2.0', id: 0, method: 'connect', params: [] })
         .set('Accept', 'application/json');

package/dist/example-config.d.ts

@@ -4,9 +4,7 @@ declare const _default: {
         clientType: "remote";
     };
     server: {
-        host: string;
         port: number;
-        tls: false;
         dappPath: string;
         userPath: string;
         allowedOrigins: "*";

package/dist/example-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"example-config.d.ts","sourceRoot":"","sources":["../src/example-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,wBA0FkB"}
+{"version":3,"file":"example-config.d.ts","sourceRoot":"","sources":["../src/example-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,wBAwFkB"}

package/dist/example-config.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 export default {
     kernel: {
@@ -6,9 +6,7 @@ export default {
         clientType: 'remote',
     },
     server: {
-        host: 'localhost',
         port: 3030,
-        tls: false,
         dappPath: '/api/v0/dapp',
         userPath: '/api/v0/user',
         allowedOrigins: '*',

package/dist/index.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { Option, Command } from '@commander-js/extra-typings';
 import { initialize } from './init.js';

package/dist/init.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAoB7B,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAmFvC,wBAAsB,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,iBAkJhE"}
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAqB7B,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAmFvC,wBAAsB,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,iBA8HhE"}

package/dist/init.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { dapp } from './dapp-api/server.js';
 import { user } from './user-api/server.js';
@@ -10,11 +10,12 @@ import { SigningProvider } from '@canton-network/core-signing-lib';
 import { ParticipantSigningDriver } from '@canton-network/core-signing-participant';
 import { InternalSigningDriver } from '@canton-network/core-signing-internal';
 import FireblocksSigningProvider from '@canton-network/core-signing-fireblocks';
+import BlockdaemonSigningProvider from '@canton-network/core-signing-blockdaemon';
 import { jwtAuthService } from './auth/jwt-auth-service.js';
 import express from 'express';
 import { jwtAuth } from './middleware/jwtAuth.js';
 import { rpcRateLimit } from './middleware/rateLimit.js';
-import { deriveKernelUrls } from './config/ConfigUtils.js';
+import { deriveUrls } from './config/ConfigUtils.js';
 import { existsSync, readFileSync } from 'fs';
 import path from 'path';
 import { GATEWAY_VERSION } from './version.js';
@@ -73,19 +74,11 @@ export async function initialize(opts, logger) {
     const config = ConfigUtils.loadConfigFile(opts.config);
     // Use CLI port override or config port
     const port = opts.port ? Number(opts.port) : config.server.port;
-    const host = config.server.host;
-    const protocol = config.server.tls ? 'https' : 'http';
+    const { serviceUrl, publicUrl, dappApiUrl, userApiUrl } = deriveUrls(config, port);
     const app = express();
-    // Don't pass 'localhost' or '0.0.0.0' to listen() - let express default to 0.0.0.0
-    // This ensures Docker compatibility while keeping localhost as the default for URLs
-    const useDefaultListenHost = ['0.0.0.0', 'localhost', '127.0.0.1'].includes(host);
-    const server = useDefaultListenHost
-        ? app.listen(port, () => {
-            logger.info(`Remote Wallet Gateway starting on ${protocol}://${host}:${port} (bound to 0.0.0.0:${port})`);
-        })
-        : app.listen(port, host, () => {
-            logger.info(`Remote Wallet Gateway starting on ${protocol}://${host}:${port}`);
-        });
+    const server = app.listen(port, () => {
+        logger.info(`Remote Wallet Gateway starting on ${serviceUrl})`);
+    });
     app.use('/healthz', rpcRateLimit, (_req, res) => res.status(200).send('OK'));
     app.use('/readyz', rpcRateLimit, (_req, res) => {
         if (isReady) {
@@ -115,6 +108,9 @@ export async function initialize(opts, logger) {
     }
     const keyInfo = { apiKey, apiSecret };
     const userApiKeys = new Map([['user', keyInfo]]);
+    const blockdaemonApiUrl = process.env.BLOCKDAEMON_API_URL ||
+        'http://localhost:5080/api/cwp/canton';
+    const blockdaemonApiKey = process.env.BLOCKDAEMON_API_KEY || '';
     const drivers = {
         [SigningProvider.PARTICIPANT]: new ParticipantSigningDriver(),
         [SigningProvider.WALLET_KERNEL]: new InternalSigningDriver(signingStore),
@@ -122,6 +118,10 @@ export async function initialize(opts, logger) {
             defaultKeyInfo: keyInfo,
             userApiKeys,
         }),
+        [SigningProvider.BLOCKDAEMON]: new BlockdaemonSigningProvider({
+            baseUrl: blockdaemonApiUrl,
+            apiKey: blockdaemonApiKey,
+        }),
     };
     const allowedPaths = {
         [config.server.dappPath]: ['*'],
@@ -130,29 +130,16 @@ export async function initialize(opts, logger) {
     app.use('/api/*splat', express.json());
     app.use('/api/*splat', rpcRateLimit);
     app.use('/api/*splat', jwtAuth(authService, logger.child({ component: 'JwtHandler' })), sessionHandler(store, allowedPaths, logger.child({ component: 'SessionHandler' })));
-    // Override config port with CLI parameter port if provided, then derive URLs
-    const serverConfigWithOverride = {
-        ...config.server,
-        port, // Use the actual port we're listening on
-    };
-    const { dappUrl, userUrl } = deriveKernelUrls(serverConfigWithOverride);
-    logger.info({
-        host: serverConfigWithOverride.host,
-        port: serverConfigWithOverride.port,
-        tls: serverConfigWithOverride.tls,
-        dappPath: serverConfigWithOverride.dappPath,
-        userPath: serverConfigWithOverride.userPath,
-        allowedOrigins: serverConfigWithOverride.allowedOrigins,
-        dappUrl,
-        userUrl,
-    }, 'Server configuration');
+    logger.info({ ...config.server, port }, 'Server configuration');
     const kernelInfo = config.kernel;
     // register dapp API handlers
-    dapp(config.server.dappPath, app, logger, server, kernelInfo, dappUrl, userUrl, config.server, notificationService, authService, store);
+    dapp(config.server.dappPath, app, logger, server, kernelInfo, dappApiUrl, publicUrl, config.server, notificationService, authService, store);
     // register user API handlers
-    user(config.server.userPath, app, logger, kernelInfo, userUrl, notificationService, drivers, store);
+    user(config.server.userPath, app, logger, kernelInfo, publicUrl, notificationService, drivers, store);
     // register web handler
-    web(app, server, config.server.userPath);
+    web(app, server, userApiUrl);
     isReady = true;
     logger.info(`Wallet Gateway (version: ${GATEWAY_VERSION}) initialization complete`);
+    logger.info(`Wallet Gateway UI available on ${publicUrl}`);
+    logger.info(`dApp API available on ${dappApiUrl}`);
 }

package/dist/ledger/party-allocation-service.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { LedgerClient, } from '@canton-network/core-ledger-client';
 import { createHash } from 'node:crypto';

package/dist/ledger/party-allocation-service.test.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { jest } from '@jest/globals';
 import { pino } from 'pino';

package/dist/ledger/wallet-sync-service.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { defaultRetryableOptions, } from '@canton-network/core-ledger-client';
 import { SigningProvider, } from '@canton-network/core-signing-lib';

package/dist/ledger/wallet-sync-service.test.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { jest, describe, it, expect, beforeEach, afterEach, } from '@jest/globals';
 import { pino } from 'pino';

package/dist/middleware/jsonRpcHandler.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { JsonRpcError, rpcErrors, toHttpErrorCode, } from '@canton-network/core-rpc-errors';
 import { ErrorResponse, JsonRpcRequest, jsonRpcResponse, } from '@canton-network/core-types';

package/dist/middleware/jwtAuth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwtAuth.d.ts","sourceRoot":"","sources":["../../src/middleware/jwtAuth.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAA;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAE7B,wBAAgB,OAAO,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,IAC9C,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBAehE"}
+{"version":3,"file":"jwtAuth.d.ts","sourceRoot":"","sources":["../../src/middleware/jwtAuth.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAA;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAE7B,wBAAgB,OAAO,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,IAC9C,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBAehE"}

package/dist/middleware/jwtAuth.js

@@ -1,6 +1,5 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
-// middleware/jwtAuth.ts
 export function jwtAuth(authService, logger) {
     return async (req, res, next) => {
         const authHeader = req.headers.authorization;

package/dist/middleware/rateLimit.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import rateLimit from 'express-rate-limit';
 export const rpcRateLimit = rateLimit({

package/dist/middleware/sessionHandler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sessionHandler.d.ts","sourceRoot":"","sources":["../../src/middleware/sessionHandler.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,kCAAkC,CAAA;AAC5D,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAC7B,OAAO,EAAE,KAAK,EAAE,MAAM,mCAAmC,CAAA;AAEzD;;;;;;GAMG;AACH,wBAAgB,cAAc,CAC1B,KAAK,EAAE,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,EAC/B,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EACtC,MAAM,EAAE,MAAM,IAEA,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBA6BhE"}
+{"version":3,"file":"sessionHandler.d.ts","sourceRoot":"","sources":["../../src/middleware/sessionHandler.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,kCAAkC,CAAA;AAC5D,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAC7B,OAAO,EAAE,KAAK,EAAE,MAAM,mCAAmC,CAAA;AAEzD;;;;;;GAMG;AACH,wBAAgB,cAAc,CAC1B,KAAK,EAAE,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,EAC/B,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EACtC,MAAM,EAAE,MAAM,IAEA,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBA6BhE"}

package/dist/middleware/sessionHandler.js

@@ -1,6 +1,5 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
-// middleware/jwtAuth.ts
 /**
  * Middleware to handle session validation based on user sessions.
  * @param store needs to be AuthAware

package/dist/notification/NotificationService.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NotificationService.d.ts","sourceRoot":"","sources":["../../src/notification/NotificationService.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAE7B,KAAK,aAAa,GAAG,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,CAAA;AACjD,MAAM,WAAW,QAAQ;IACrB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,IAAI,CAAA;IAEhD,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAEhD,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,aAAa,GAAG,IAAI,CAAA;CACvE;AAED,UAAU,oBAAoB;IAC1B,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,CAAA;CAC5C;AAED,qBAAa,mBAAoB,YAAW,oBAAoB;IAGhD,OAAO,CAAC,MAAM;IAF1B,OAAO,CAAC,SAAS,CAAmC;gBAEhC,MAAM,EAAE,MAAM;IAElC,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ;CAoB5C"}
+{"version":3,"file":"NotificationService.d.ts","sourceRoot":"","sources":["../../src/notification/NotificationService.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAE7B,KAAK,aAAa,GAAG,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,CAAA;AACjD,MAAM,WAAW,QAAQ;IACrB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,IAAI,CAAA;IAEhD,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAEhD,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,aAAa,GAAG,IAAI,CAAA;CACvE;AAED,UAAU,oBAAoB;IAC1B,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,CAAA;CAC5C;AAED,qBAAa,mBAAoB,YAAW,oBAAoB;IAGhD,OAAO,CAAC,MAAM;IAF1B,OAAO,CAAC,SAAS,CAAmC;gBAEhC,MAAM,EAAE,MAAM;IAElC,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ;CAoB5C"}

package/dist/notification/NotificationService.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 // TODO: make events type-of dApp methods (perhaps just )
 // Support event-driven notifications. We represent a notifier with a generic interface to support node and browser implementations.

package/dist/user-api/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/user-api/controller.ts"],"names":[],"mappings":"AAyBA,OAAO,EACH,KAAK,EAIR,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAC7B,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAA;AAC5E,OAAO,EAGH,WAAW,EAId,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAA;AAChD,OAAO,EACH,sBAAsB,EACtB,eAAe,EAClB,MAAM,kCAAkC,CAAA;AAczC,KAAK,uBAAuB,GAAG,OAAO,CAClC,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAClD,CAAA;AAED,eAAO,MAAM,cAAc,GACvB,YAAY,UAAU,EACtB,SAAS,MAAM,EACf,OAAO,KAAK,EACZ,qBAAqB,mBAAmB,EACxC,aAAa,WAAW,GAAG,SAAS,EACpC,SAAS,uBAAuB,EAChC,SAAS,MAAM;;;;;;;;;;;;;;;;;;;CAktBlB,CAAA"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/user-api/controller.ts"],"names":[],"mappings":"AAyBA,OAAO,EACH,KAAK,EAIR,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAC7B,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAA;AAC5E,OAAO,EAGH,WAAW,EAId,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAA;AAChD,OAAO,EACH,sBAAsB,EACtB,eAAe,EAClB,MAAM,kCAAkC,CAAA;AAczC,KAAK,uBAAuB,GAAG,OAAO,CAClC,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAClD,CAAA;AAED,eAAO,MAAM,cAAc,GACvB,YAAY,UAAU,EACtB,SAAS,MAAM,EACf,OAAO,KAAK,EACZ,qBAAqB,mBAAmB,EACxC,aAAa,WAAW,GAAG,SAAS,EACpC,SAAS,uBAAuB,EAChC,SAAS,MAAM;;;;;;;;;;;;;;;;;;;CAu3BlB,CAAA"}