@canton-network/wallet-gateway-remote 0.20.0 → 0.22.0

package/dist/ledger/wallet-sync-service.js

@@ -2,14 +2,11 @@
 // SPDX-License-Identifier: Apache-2.0
 import { defaultRetryableOptions, } from '@canton-network/core-ledger-client';
 import { SigningProvider, } from '@canton-network/core-signing-lib';
-export const WALLET_DISABLED_REASON = {
-    NO_SIGNING_PROVIDER_MATCHED: 'no signing provider matched',
-};
+import { WALLET_DISABLED_REASON } from '@canton-network/core-types';
 export class WalletSyncService {
-    constructor(store, ledgerClient, adminLedgerClient, authContext, logger, signingDrivers = {}, partyAllocator) {
+    constructor(store, ledgerClient, authContext, logger, signingDrivers = {}, partyAllocator) {
         this.store = store;
         this.ledgerClient = ledgerClient;
-        this.adminLedgerClient = adminLedgerClient;
         this.authContext = authContext;
         this.logger = logger;
         this.signingDrivers = signingDrivers;
@@ -28,7 +25,7 @@ export class WalletSyncService {
             // (participant parties have namespace === participantId's namespace)
             let participantNamespace;
             try {
-                const { participantId } = await this.adminLedgerClient.getWithRetry('/v2/parties/participant-id', defaultRetryableOptions);
+                const { participantId } = await this.ledgerClient.getWithRetry('/v2/parties/participant-id', defaultRetryableOptions);
                 // Extract the namespace part from participantId
                 // Format is hint::namespace
                 const [, extractedNamespace] = participantId.split('::');
@@ -62,7 +59,7 @@ export class WalletSyncService {
                     const result = await controller.getKeys();
                     // In case of error getKeys resolve Promise but with error object
                     if ('error' in result) {
-                        this.logger.debug({
+                        this.logger.warn({
                             providerId,
                             error: result.error,
                             error_description: result.error_description,
@@ -77,7 +74,7 @@ export class WalletSyncService {
                                 continue;
                             const keyNamespace = this.partyAllocator.createFingerprintFromKey(normalizedKey);
                             if (keyNamespace === namespace) {
-                                this.logger.debug({
+                                this.logger.info({
                                     namespace,
                                     providerId,
                                     keyId: key.id,
@@ -93,7 +90,7 @@ export class WalletSyncService {
                     }
                 }
                 catch (err) {
-                    this.logger.debug({ err, providerId }, 'Error getting keys from signing provider');
+                    this.logger.error({ err, providerId }, 'Error getting keys from signing provider');
                     // Continue to next signing provider
                 }
             }
@@ -113,50 +110,47 @@ export class WalletSyncService {
             };
         }
     }
-    async getPartiesRightsMap() {
+    async getPartiesWithRights() {
         const rights = await this.ledgerClient.getWithRetry('/v2/users/{user-id}/rights', defaultRetryableOptions, {
             path: {
                 'user-id': this.authContext.userId,
             },
         });
-        const partiesWithRights = new Map();
+        const parties = new Set();
         rights.rights?.forEach((right) => {
             let party;
-            let rightType;
             if ('CanActAs' in right.kind) {
                 party = right.kind.CanActAs.value.party;
-                rightType = 'CanActAs';
             }
             else if ('CanExecuteAs' in right.kind) {
                 party = right.kind.CanExecuteAs.value.party;
-                rightType = 'CanExecuteAs';
             }
             else if ('CanReadAs' in right.kind) {
                 party = right.kind.CanReadAs.value.party;
-                rightType = 'CanReadAs';
             }
-            if (party !== undefined &&
-                rightType !== undefined &&
-                !partiesWithRights.has(party))
-                partiesWithRights.set(party, rightType);
+            if (party !== undefined) {
+                parties.add(party);
+            }
         });
-        return partiesWithRights;
+        return Array.from(parties);
     }
     async isWalletSyncNeeded() {
         try {
             const network = await this.store.getCurrentNetwork();
             const existingWallets = await this.store.getWallets();
-            const hasDisabledWallets = existingWallets.some((w) => w.disabled);
-            if (hasDisabledWallets) {
-                return true;
-            }
-            const partiesWithRights = await this.getPartiesRightsMap();
+            const partiesWithRights = await this.getPartiesWithRights();
             // Treat disabled wallets as if they don't exist, so they can be re-synced
             const enabledWallets = existingWallets.filter((w) => !w.disabled);
             // Track by (partyId, networkId) combination to handle multi-hosted parties
             const existingPartyNetworkPairs = new Set(enabledWallets.map((w) => `${w.partyId}:${w.networkId}`));
             // Check if there are parties on ledger that aren't in store for this network
-            return Array.from(partiesWithRights.keys()).some((party) => !existingPartyNetworkPairs.has(`${party}:${network.id}`));
+            const hasNewPartiesOnLedger = partiesWithRights.some((party) => !existingPartyNetworkPairs.has(`${party}:${network.id}`));
+            if (hasNewPartiesOnLedger)
+                return true;
+            // Check if there are allocated wallets in store whose party is not on ledger
+            const hasWalletsWithoutParty = enabledWallets.some((wallet) => wallet.status === 'allocated' &&
+                !partiesWithRights.includes(wallet.partyId));
+            return hasWalletsWithoutParty;
         }
         catch (err) {
             this.logger.error({ err }, 'Error checking if sync is needed');
@@ -164,94 +158,128 @@ export class WalletSyncService {
             throw err;
         }
     }
+    // Participant wallets: disable when party not on ledger (participant node reset, namespace changed).
+    // Other wallets: mark as initialized so user can re-allocate (e.g. after external signing).
+    async handleWalletsWithoutParty(enabledWallets, partiesWithRights) {
+        const walletsWithoutParty = enabledWallets.filter((wallet) => !partiesWithRights.includes(wallet.partyId));
+        const markedForAllocateWallets = [];
+        const disabledExistingWallets = [];
+        for (const wallet of walletsWithoutParty) {
+            if (wallet.status !== 'allocated')
+                continue;
+            try {
+                if (wallet.signingProviderId === SigningProvider.PARTICIPANT) {
+                    this.logger.warn({
+                        partyId: wallet.partyId,
+                        signingProviderId: wallet.signingProviderId,
+                    }, 'Participant wallet party not on ledger, disabling (participant namespace changed)');
+                    await this.store.updateWallet({
+                        partyId: wallet.partyId,
+                        networkId: wallet.networkId,
+                        disabled: true,
+                        reason: WALLET_DISABLED_REASON.PARTICIPANT_NAMESPACE_CHANGED,
+                        ...(wallet.primary && { primary: false }),
+                    });
+                    disabledExistingWallets.push(wallet);
+                }
+                else {
+                    this.logger.info({
+                        partyId: wallet.partyId,
+                        signingProviderId: wallet.signingProviderId,
+                    }, 'Party not found on participant, marking wallet as initialized');
+                    await this.store.updateWallet({
+                        partyId: wallet.partyId,
+                        networkId: wallet.networkId,
+                        status: 'initialized',
+                        ...(wallet.primary && { primary: false }),
+                    });
+                    markedForAllocateWallets.push(wallet);
+                }
+            }
+            catch (err) {
+                this.logger.warn({ err, partyId: wallet.partyId }, 'Failed to update wallet');
+            }
+        }
+        return {
+            markedForAllocateWallets,
+            walletsWithoutParty,
+            disabledExistingWallets,
+        };
+    }
+    // Creates wallets for parties user has rights to
+    async handlePartiesWithoutWallet(newParties, networkId) {
+        return await Promise.all(newParties.map(async (partyId) => {
+            const [hint, namespace] = partyId.split('::');
+            const resolvedSigningProvider = await this.resolveSigningProvider(namespace);
+            const isMatched = resolvedSigningProvider.matched;
+            const walletPublicKey = resolvedSigningProvider.signingProviderId ===
+                SigningProvider.PARTICIPANT
+                ? namespace
+                : 'publicKey' in resolvedSigningProvider
+                    ? resolvedSigningProvider.publicKey
+                    : namespace;
+            const wallet = {
+                primary: false,
+                status: 'allocated',
+                partyId,
+                hint,
+                publicKey: walletPublicKey,
+                namespace,
+                networkId,
+                signingProviderId: resolvedSigningProvider.signingProviderId,
+                disabled: !isMatched,
+                ...(!isMatched && {
+                    reason: WALLET_DISABLED_REASON.NO_SIGNING_PROVIDER_MATCHED,
+                }),
+            };
+            this.logger.info({ ...wallet }, 'Wallet sync result');
+            await this.store.addWallet(wallet);
+            return wallet;
+        }));
+    }
     async syncWallets() {
         this.logger.info('Starting wallet sync...');
         try {
             const network = await this.store.getCurrentNetwork();
             this.logger.info(network, 'Current network');
-            const partiesWithRights = await this.getPartiesRightsMap();
-            // Add new Wallets given the found parties
-            // Only check wallets in the current network
+            const partiesWithRights = await this.getPartiesWithRights();
             const existingWallets = await this.store.getWallets();
             this.logger.info(existingWallets, 'Existing wallets');
-            // Treat disabled wallets as if they don't exist, so they can be re-synced
-            const enabledWallets = existingWallets.filter((w) => !w.disabled);
-            // Track by (partyId, networkId) combination
-            const existingPartyNetworkToSigningProvider = new Map(enabledWallets.map((w) => [
-                `${w.partyId}:${w.networkId}`,
-                w.signingProviderId,
-            ]));
-            // Track disabled wallets by (partyId, networkId) combination
-            const disabledPartyNetworkPairs = new Set(existingWallets
-                .filter((w) => w.disabled)
-                .map((w) => `${w.partyId}:${w.networkId}`));
-            // Resolve signing providers for all new parties
-            // Check if (partyId, networkId) combination already exists
-            const newParties = Array.from(partiesWithRights.keys()).filter((party) => !existingPartyNetworkToSigningProvider.has(`${party}:${network.id}`)
+            // Skips wallets for which we didn't allocate a party
+            const existingAllocatedWallets = existingWallets.filter((w) => w.status === 'allocated');
+            const existingPartiesOnNetwork = new Set(existingAllocatedWallets.map((w) => `${w.partyId}:${w.networkId}`));
+            const newParties = partiesWithRights.filter((party) => !existingPartiesOnNetwork.has(`${party}:${network.id}`)
             // todo: filter on idp id
             );
-            this.logger.info({ newParties }, 'Found new parties to sync with Wallet Gateway');
-            const newParticipantWallets = await Promise.all(newParties.map(async (party) => {
-                const [hint, namespace] = party.split('::');
-                const resolvedSigningProvider = await this.resolveSigningProvider(namespace);
-                // resolvedSigningProvider is never null (participant is default)
-                const isMatched = resolvedSigningProvider.matched;
-                // Namespace is saved as public key in case of participant
-                const walletPublicKey = resolvedSigningProvider.signingProviderId ===
-                    SigningProvider.PARTICIPANT
-                    ? namespace
-                    : 'publicKey' in resolvedSigningProvider
-                        ? resolvedSigningProvider.publicKey
-                        : namespace;
-                const wallet = {
-                    primary: false,
-                    status: 'allocated',
-                    partyId: party,
-                    hint: hint,
-                    publicKey: walletPublicKey,
-                    namespace: namespace,
-                    networkId: network.id,
-                    signingProviderId: resolvedSigningProvider.signingProviderId,
-                    disabled: !isMatched,
-                    ...(!isMatched && {
-                        reason: WALLET_DISABLED_REASON.NO_SIGNING_PROVIDER_MATCHED,
-                    }),
-                };
-                this.logger.info({
-                    ...wallet,
-                }, 'Wallet sync result');
-                return wallet;
-            }));
-            // Remove disabled wallets that are being re-synced before adding them back
-            // Filter by (partyId, networkId) combination
-            await Promise.all(newParticipantWallets
-                .filter((wallet) => disabledPartyNetworkPairs.has(`${wallet.partyId}:${wallet.networkId}`))
-                .map((wallet) => {
-                this.logger.info({
-                    partyId: wallet.partyId,
-                    networkId: wallet.networkId,
-                }, 'Removing disabled wallet for re-sync');
-                return this.store.removeWallet(wallet.partyId);
-            }));
-            await Promise.all(newParticipantWallets.map((wallet) => this.store.addWallet(wallet)));
-            this.logger.info({ newParticipantWallets }, 'Created new wallets');
+            const { markedForAllocateWallets, walletsWithoutParty, disabledExistingWallets, } = await this.handleWalletsWithoutParty(existingAllocatedWallets, partiesWithRights);
             this.logger.info({
-                totalProcessed: newParties.length,
-                added: newParticipantWallets.length,
-                disabled: newParticipantWallets.filter((w) => w.disabled)
-                    .length,
-            }, 'Wallet sync summary');
-            // Set primary wallet if none exists in current network
+                newParties,
+                markedForAllocate: markedForAllocateWallets.map((w) => w.partyId),
+            }, 'Wallets without parties');
+            const newParticipantWallets = await this.handlePartiesWithoutWallet(newParties, network.id);
+            // Set primary wallet if none exists, or if primary is on an initialized wallet
             const networkWallets = await this.store.getWallets();
-            const hasPrimary = networkWallets.some((w) => w.primary);
-            if (!hasPrimary && networkWallets.length > 0) {
-                this.store.setPrimaryWallet(networkWallets[0].partyId);
-                this.logger.info(`Set ${networkWallets[0].partyId} as primary wallet in network ${network.id}`);
+            const primaryWallet = networkWallets.find((w) => w.primary);
+            const allocatedWallets = networkWallets.filter((w) => w.status === 'allocated' && !w.disabled);
+            const needsPrimaryReset = primaryWallet?.status === 'initialized' ||
+                (!primaryWallet && allocatedWallets.length > 0);
+            if (needsPrimaryReset && allocatedWallets.length > 0) {
+                this.store.setPrimaryWallet(allocatedWallets[0].partyId);
+                this.logger.info(`Set ${allocatedWallets[0].partyId} as primary wallet in network ${network.id}`);
             }
-            this.logger.debug({ wallets: newParticipantWallets }, 'Wallet sync completed.');
+            const disabled = [
+                ...newParticipantWallets.filter((wallet) => wallet.disabled),
+                ...disabledExistingWallets,
+            ];
+            this.logger.info({
+                added: newParticipantWallets,
+                updated: walletsWithoutParty,
+                disabled: disabled,
+            }, 'Wallet sync completed.');
             return {
                 added: newParticipantWallets,
-                removed: [],
+                updated: walletsWithoutParty,
+                disabled: disabled,
             };
         }
         catch (err) {

package/dist/ledger/wallet-sync-service.test.js

@@ -25,6 +25,13 @@ class TestableWalletSyncService extends WalletSyncService {
         return super.resolveSigningProvider(namespace);
     }
 }
+const testATP = (user, token) => ({
+    getAccessToken: async () => token,
+    getAuthContext: async () => ({
+        userId: user,
+        accessToken: token,
+    }),
+});
 describe('WalletSyncService - resolveSigningProvider', () => {
     const authContext = {
         userId: 'test-user-id',
@@ -57,10 +64,7 @@ describe('WalletSyncService - resolveSigningProvider', () => {
         // Create real PartyAllocationService
         partyAllocator = new PartyAllocationService({
             synchronizerId: 'test-sync-id',
-            accessTokenProvider: {
-                getUserAccessToken: async () => 'user.jwt',
-                getAdminAccessToken: async () => 'admin.jwt',
-            },
+            accessTokenProvider: testATP('admin', 'admin.jwt'),
             httpLedgerUrl: 'http://test',
             logger: mockLogger,
         });
@@ -69,13 +73,10 @@ describe('WalletSyncService - resolveSigningProvider', () => {
         ledgerClient = new ledgerModule.LedgerClient({
             baseUrl: new URL('http://test'),
             logger: mockLogger,
-            accessTokenProvider: {
-                getUserAccessToken: async () => 'token',
-                getAdminAccessToken: async () => 'token',
-            },
+            accessTokenProvider: testATP('token', 'token'),
         });
         // Create service with real drivers
-        service = new TestableWalletSyncService(store, ledgerClient, ledgerClient, authContext, mockLogger, {
+        service = new TestableWalletSyncService(store, ledgerClient, authContext, mockLogger, {
             [SigningProvider.WALLET_KERNEL]: internalDriver,
             [SigningProvider.PARTICIPANT]: new ParticipantSigningDriver(),
         }, partyAllocator);
@@ -142,7 +143,7 @@ describe('WalletSyncService - resolveSigningProvider', () => {
             partyMode: 'EXTERNAL',
             signingProvider: SigningProvider.FIREBLOCKS,
         };
-        const serviceWithFireblocks = new TestableWalletSyncService(store, ledgerClient, ledgerClient, authContext, mockLogger, {
+        const serviceWithFireblocks = new TestableWalletSyncService(store, ledgerClient, authContext, mockLogger, {
             [SigningProvider.FIREBLOCKS]: mockFireblocksDriver,
         }, partyAllocator);
         mockLedgerGet.mockResolvedValueOnce({
@@ -177,8 +178,8 @@ describe('WalletSyncService - multi-network features', () => {
     let mockLogger;
     let store;
     let mockLedgerClient;
-    let mockAdminLedgerClient;
     let partyAllocator;
+    let service;
     const createNetwork = (id) => ({
         id,
         name: `Network ${id}`,
@@ -193,10 +194,10 @@ describe('WalletSyncService - multi-network features', () => {
             audience: 'aud',
         },
     });
-    const createWallet = (partyId, networkId, disabled = false) => ({
+    const createWallet = (partyId, networkId, disabled = false, status = 'allocated') => ({
         primary: false,
         partyId,
-        status: 'allocated',
+        status,
         hint: partyId.split('::')[0],
         signingProviderId: 'internal',
         publicKey: 'publicKey',
@@ -237,10 +238,7 @@ describe('WalletSyncService - multi-network features', () => {
         }
         partyAllocator = new PartyAllocationService({
             synchronizerId: 'test-sync-id',
-            accessTokenProvider: {
-                getUserAccessToken: async () => 'user.jwt',
-                getAdminAccessToken: async () => 'admin.jwt',
-            },
+            accessTokenProvider: testATP('admin', 'admin.jwt'),
             httpLedgerUrl: 'http://test',
             logger: mockLogger,
         });
@@ -248,20 +246,9 @@ describe('WalletSyncService - multi-network features', () => {
         mockLedgerClient = new ledgerModule.LedgerClient({
             baseUrl: new URL('http://test'),
             logger: mockLogger,
-            accessTokenProvider: {
-                getUserAccessToken: async () => 'token',
-                getAdminAccessToken: async () => 'token',
-            },
-        });
-        mockAdminLedgerClient = new ledgerModule.LedgerClient({
-            baseUrl: new URL('http://test'),
-            logger: mockLogger,
-            isAdmin: true,
-            accessTokenProvider: {
-                getUserAccessToken: async () => 'token',
-                getAdminAccessToken: async () => 'token',
-            },
+            accessTokenProvider: testATP('token', 'token'),
         });
+        service = new WalletSyncService(store, mockLedgerClient, authContext, mockLogger, {}, partyAllocator);
     });
     afterEach(() => {
         jest.restoreAllMocks();
@@ -286,7 +273,6 @@ describe('WalletSyncService - multi-network features', () => {
                 },
             ],
         });
-        const service = new WalletSyncService(store, mockLedgerClient, mockAdminLedgerClient, authContext, mockLogger, {}, partyAllocator);
         const syncNeeded = await service.isWalletSyncNeeded();
         // Should return false because party1 already exists in network1
         expect(syncNeeded).toBe(false);
@@ -308,7 +294,6 @@ describe('WalletSyncService - multi-network features', () => {
                 },
             ],
         });
-        const service = new WalletSyncService(store, mockLedgerClient, mockAdminLedgerClient, authContext, mockLogger, {}, partyAllocator);
         const syncNeeded = await service.isWalletSyncNeeded();
         // Should return true because party1 exists on ledger but not in store for network1
         expect(syncNeeded).toBe(true);
@@ -345,7 +330,6 @@ describe('WalletSyncService - multi-network features', () => {
             .mockResolvedValueOnce({
             participantId: 'participant1::namespace',
         });
-        const service = new WalletSyncService(store, mockLedgerClient, mockAdminLedgerClient, authContext, mockLogger, {}, partyAllocator);
         await service.syncWallets();
         // Should only add wallet for party3 (party1 already exists)
         const wallets = await store.getAllWallets({ networkIds: ['network1'] });
@@ -374,7 +358,6 @@ describe('WalletSyncService - multi-network features', () => {
             .mockResolvedValueOnce({
             participantId: 'participant1::namespace',
         });
-        const service = new WalletSyncService(store, mockLedgerClient, mockAdminLedgerClient, authContext, mockLogger, {}, partyAllocator);
         await service.syncWallets();
         // Should add party1 for network1
         const wallets = await store.getAllWallets({ networkIds: ['network1'] });
@@ -386,7 +369,6 @@ describe('WalletSyncService - multi-network features', () => {
         await store.addNetwork(network1);
         await store.addNetwork(network2);
         await store.addWallet(createWallet('party1::namespace', 'network1'));
-        const service = new WalletSyncService(store, mockLedgerClient, mockAdminLedgerClient, authContext, mockLogger, {}, partyAllocator);
         // Mock ledger client to return rights for party1 (multi-hosted party) for network1 check
         mockLedgerGet.mockResolvedValueOnce({
             rights: [
@@ -432,7 +414,6 @@ describe('WalletSyncService - multi-network features', () => {
         // Add wallet to network1 (simulating it was synced there previously)
         await setSession('network1');
         await store.addWallet(createWallet('party1::namespace', 'network1'));
-        const service = new WalletSyncService(store, mockLedgerClient, mockAdminLedgerClient, authContext, mockLogger, {}, partyAllocator);
         // Sync on network1 (party already exists, should not add)
         await setSession('network1');
         // Only need one mock since resolveSigningProvider won't be called if party already exists
@@ -492,15 +473,182 @@ describe('WalletSyncService - multi-network features', () => {
         expect(party1Wallet?.networkId).toBe('network2');
         expect(party1Wallet?.disabled).toBe(false);
     });
-    // TODO maybe now that we never block sync button don't consider disabled wallet as sync is needed?
-    it('isWalletSyncNeeded should return true when disabled wallets exist', async () => {
-        const network1 = createNetwork('network1');
-        await store.addNetwork(network1);
-        await setSession('network1');
-        await store.addWallet(createWallet('party1::namespace', 'network1', true));
-        const service = new WalletSyncService(store, mockLedgerClient, mockAdminLedgerClient, authContext, mockLogger, {}, partyAllocator);
-        const syncNeeded = await service.isWalletSyncNeeded();
-        // Should return true because there's a disabled wallet
-        expect(syncNeeded).toBe(true);
+    describe('Wallet sync - handling wallet not having a party', () => {
+        // When party is not on ledger (e.g. after participant reset), sync marks wallet
+        // status as 'initialized' so the user can manually re-allocate each one with "Allocate" button
+        it('isWalletSyncNeeded should return true when allocated wallet exists but has no party', async () => {
+            const network1 = createNetwork('network1');
+            await store.addNetwork(network1);
+            await setSession('network1');
+            await store.addWallet(createWallet('party1::namespace', 'network1', undefined, 'allocated'));
+            await store.addWallet(createWallet('party2::namespace', 'network1', undefined, 'allocated'));
+            mockLedgerGet.mockResolvedValueOnce({
+                rights: [
+                    {
+                        kind: {
+                            CanActAs: {
+                                value: {
+                                    party: 'party2::namespace',
+                                },
+                            },
+                        },
+                    },
+                ],
+            });
+            const syncNeeded = await service.isWalletSyncNeeded();
+            expect(syncNeeded).toBe(true);
+        });
+        it('isWalletSyncNeeded should return false when initialized wallet exists and has no party', async () => {
+            const network1 = createNetwork('network1');
+            await store.addNetwork(network1);
+            await setSession('network1');
+            await store.addWallet(createWallet('party1::namespace', 'network1', undefined, 'initialized'));
+            await store.addWallet(createWallet('party2::namespace', 'network1', undefined, 'allocated'));
+            mockLedgerGet.mockResolvedValueOnce({
+                rights: [
+                    {
+                        kind: {
+                            CanActAs: {
+                                value: {
+                                    party: 'party2::namespace',
+                                },
+                            },
+                        },
+                    },
+                ],
+            });
+            const syncNeeded = await service.isWalletSyncNeeded();
+            expect(syncNeeded).toBe(false);
+        });
+        it('syncWallets marks allocated wallet as initialized when party not on ledger', async () => {
+            const network1 = createNetwork('network1');
+            await store.addNetwork(network1);
+            await setSession('network1');
+            await store.addWallet(createWallet('party1::namespace', 'network1'));
+            mockLedgerGet
+                .mockResolvedValueOnce({
+                rights: [
+                    {
+                        kind: {
+                            CanActAs: {
+                                value: { party: 'party2::namespace' },
+                            },
+                        },
+                    },
+                ],
+            })
+                .mockResolvedValueOnce({
+                participantId: 'participant1::namespace',
+            });
+            const updateWalletSpy = jest.spyOn(store, 'updateWallet');
+            await service.syncWallets();
+            expect(updateWalletSpy).toHaveBeenCalledWith(expect.objectContaining({
+                partyId: 'party1::namespace',
+                networkId: 'network1',
+                status: 'initialized',
+            }));
+            const wallets = await store.getWallets();
+            const party1Wallet = wallets.find((w) => w.partyId === 'party1::namespace');
+            expect(party1Wallet?.status).toBe('initialized');
+        });
+        it('syncWallets skips wallet when status is already initialized', async () => {
+            const network1 = createNetwork('network1');
+            await store.addNetwork(network1);
+            await setSession('network1');
+            const initializedWallet = createWallet('party1::namespace', 'network1');
+            initializedWallet.status = 'initialized';
+            await store.addWallet(initializedWallet);
+            mockLedgerGet
+                .mockResolvedValueOnce({
+                rights: [
+                    {
+                        kind: {
+                            CanActAs: {
+                                value: { party: 'party2::namespace' },
+                            },
+                        },
+                    },
+                ],
+            })
+                .mockResolvedValueOnce({
+                participantId: 'participant1::namespace',
+            });
+            const updateWalletSpy = jest.spyOn(store, 'updateWallet');
+            await service.syncWallets();
+            expect(updateWalletSpy).not.toHaveBeenCalled();
+            const wallets = await store.getWallets();
+            const party1Wallet = wallets.find((w) => w.partyId === 'party1::namespace');
+            expect(party1Wallet?.status).toBe('initialized');
+        });
+        it('syncWallets marks multiple wallets as initialized when parties not on ledger', async () => {
+            const network1 = createNetwork('network1');
+            await store.addNetwork(network1);
+            await setSession('network1');
+            await store.addWallet(createWallet('party1::namespace', 'network1'));
+            await store.addWallet(createWallet('party2::namespace', 'network1'));
+            mockLedgerGet
+                .mockResolvedValueOnce({
+                rights: [
+                    {
+                        kind: {
+                            CanActAs: {
+                                value: { party: 'party3::namespace' },
+                            },
+                        },
+                    },
+                ],
+            })
+                .mockResolvedValueOnce({
+                participantId: 'participant1::namespace',
+            });
+            const updateWalletSpy = jest.spyOn(store, 'updateWallet');
+            await service.syncWallets();
+            expect(updateWalletSpy).toHaveBeenCalledTimes(2);
+            expect(updateWalletSpy).toHaveBeenCalledWith(expect.objectContaining({
+                partyId: 'party1::namespace',
+                networkId: 'network1',
+                status: 'initialized',
+            }));
+            expect(updateWalletSpy).toHaveBeenCalledWith(expect.objectContaining({
+                partyId: 'party2::namespace',
+                networkId: 'network1',
+                status: 'initialized',
+            }));
+        });
+        it('syncWallets disables participant wallet when party not on ledger', async () => {
+            const network1 = createNetwork('network1');
+            await store.addNetwork(network1);
+            await setSession('network1');
+            const participantWallet = createWallet('party1::namespace', 'network1');
+            participantWallet.signingProviderId = SigningProvider.PARTICIPANT;
+            await store.addWallet(participantWallet);
+            mockLedgerGet
+                .mockResolvedValueOnce({
+                rights: [
+                    {
+                        kind: {
+                            CanActAs: {
+                                value: { party: 'party2::namespace' },
+                            },
+                        },
+                    },
+                ],
+            })
+                .mockResolvedValueOnce({
+                participantId: 'participant1::namespace',
+            });
+            const updateWalletSpy = jest.spyOn(store, 'updateWallet');
+            await service.syncWallets();
+            expect(updateWalletSpy).toHaveBeenCalledWith(expect.objectContaining({
+                partyId: 'party1::namespace',
+                networkId: 'network1',
+                disabled: true,
+                reason: 'participant namespace changed',
+            }));
+            const wallets = await store.getWallets();
+            const party1Wallet = wallets.find((w) => w.partyId === 'party1::namespace');
+            expect(party1Wallet?.disabled).toBe(true);
+            expect(party1Wallet?.reason).toBe('participant namespace changed');
+        });
     });
 });