@cogcoin/client 0.5.14 → 1.0.0

package/dist/wallet/state/provider.js

@@ -1,16 +1,11 @@
 import { createHash, randomUUID } from "node:crypto";
-import { execFile, spawn } from "node:child_process";
-import { access, constants, mkdir, readFile, rm } from "node:fs/promises";
-import { dirname, join } from "node:path";
+import { execFile } from "node:child_process";
+import { join } from "node:path";
 import { promisify } from "node:util";
 import { resolveWalletRuntimePathsForTesting } from "../runtime.js";
-import { writeFileAtomic } from "../fs/atomic.js";
+import { createLegacyKeychainServiceName, deleteClientProtectedSecret, ensureClientPasswordConfigured as ensureClientPasswordConfiguredWithLocalFile, inspectClientPasswordReadiness, loadClientProtectedSecret, lockClientPasswordSession, readClientPasswordSessionStatus, storeClientProtectedSecret, changeClientPassword as changeClientPasswordWithLocalFile, unlockClientPasswordSession as unlockClientPasswordSessionWithLocalFile, } from "./client-password.js";
 const execFileAsync = promisify(execFile);
-const KEYCHAIN_SERVICE_NAME = "org.cogcoin.wallet";
-const LINUX_SECRET_TOOL_ATTRIBUTE_APPLICATION = "application";
-const LINUX_SECRET_TOOL_ATTRIBUTE_KIND = "secret-kind";
-const LINUX_SECRET_TOOL_ATTRIBUTE_KEY_ID = "key-id";
-const LINUX_SECRET_TOOL_SECRET_KIND = "wallet-secret";
+const KEYCHAIN_SERVICE_NAME = createLegacyKeychainServiceName();
 export function createWalletSecretReference(walletRootId) {
     return {
         kind: "wallet-state-key",
@@ -29,86 +24,17 @@ function bytesToBase64(secret) {
 function base64ToBytes(secret) {
     return new Uint8Array(Buffer.from(secret, "base64"));
 }
-function createLinuxSecretToolAttributes(keyId) {
-    return [
-        LINUX_SECRET_TOOL_ATTRIBUTE_APPLICATION,
-        KEYCHAIN_SERVICE_NAME,
-        LINUX_SECRET_TOOL_ATTRIBUTE_KIND,
-        LINUX_SECRET_TOOL_SECRET_KIND,
-        LINUX_SECRET_TOOL_ATTRIBUTE_KEY_ID,
-        keyId,
-    ];
-}
-function createLinuxSecretToolError(message, cause) {
-    return cause === undefined ? new Error(message) : new Error(message, { cause });
-}
-function isWalletSecretProviderMessage(error, message) {
-    return error instanceof Error && error.message === message;
-}
-function sanitizeSecretKeyId(keyId) {
-    return keyId.replace(/[^a-zA-Z0-9._-]+/g, "-");
-}
 function resolveSecretDirectoryPath(options) {
     return join(options.stateRoot ?? resolveWalletRuntimePathsForTesting().stateRoot, "secrets");
 }
-function isLinuxSecretServiceUnavailableMessage(stderr) {
-    const normalized = stderr.trim().toLowerCase();
-    if (normalized.length === 0) {
-        return false;
+function resolveRuntimeRootPath(options) {
+    if (options.runtimeRoot != null) {
+        return options.runtimeRoot;
     }
-    return normalized.includes("secret service")
-        || normalized.includes("org.freedesktop.secrets")
-        || normalized.includes("dbus")
-        || normalized.includes("d-bus")
-        || normalized.includes("cannot autolaunch")
-        || normalized.includes("no such secret collection")
-        || normalized.includes("collection is locked")
-        || normalized.includes("prompt dismissed")
-        || normalized.includes("not available");
-}
-function isLinuxSecretToolMissingSecretMessage(stderr) {
-    const normalized = stderr.trim().toLowerCase();
-    if (normalized.length === 0) {
-        return true;
+    if (options.stateRoot != null) {
+        return join(options.stateRoot, ".client-runtime");
     }
-    return normalized.includes("no matching")
-        || normalized.includes("not found")
-        || normalized.includes("does not exist")
-        || normalized.includes("no such item")
-        || normalized.includes("no secret");
-}
-async function runLinuxSecretTool(args, options = {}) {
-    return await new Promise((resolve, reject) => {
-        const child = spawn("secret-tool", [...args], {
-            stdio: ["pipe", "pipe", "pipe"],
-        });
-        let stdout = "";
-        let stderr = "";
-        child.once("error", reject);
-        child.stdout.setEncoding("utf8");
-        child.stderr.setEncoding("utf8");
-        child.stdout.on("data", (chunk) => {
-            stdout += chunk;
-        });
-        child.stderr.on("data", (chunk) => {
-            stderr += chunk;
-        });
-        child.once("close", (exitCode, signal) => {
-            resolve({
-                stdout,
-                stderr,
-                exitCode,
-                signal,
-            });
-        });
-        child.stdin.on("error", (error) => {
-            if ("code" in error && error.code === "EPIPE") {
-                return;
-            }
-            reject(error);
-        });
-        child.stdin.end(options.stdin ?? undefined, "utf8");
-    });
+    return options.runtimeRoot ?? resolveWalletRuntimePathsForTesting().runtimeRoot;
 }
 export class MemoryWalletSecretProvider {
     kind = "memory-test";
@@ -126,6 +52,39 @@ export class MemoryWalletSecretProvider {
     async deleteSecret(keyId) {
         this.#values.delete(keyId);
     }
+    withPrompter(_prompter) {
+        return this;
+    }
+    async inspectClientPasswordReadiness() {
+        return "ready";
+    }
+    async ensureClientPasswordConfigured(_prompter) {
+        return "already-configured";
+    }
+    async unlockClientPasswordSession(_prompter) {
+        return {
+            unlocked: true,
+            unlockUntilUnixMs: null,
+        };
+    }
+    async changeClientPassword(_prompter) {
+        return {
+            unlocked: true,
+            unlockUntilUnixMs: null,
+        };
+    }
+    async lockClientPasswordSession() {
+        return {
+            unlocked: false,
+            unlockUntilUnixMs: null,
+        };
+    }
+    async readClientPasswordSessionStatus() {
+        return {
+            unlocked: true,
+            unlockUntilUnixMs: null,
+        };
+    }
 }
 class MacOsKeychainWalletSecretProvider {
     kind = "macos-keychain";
@@ -167,234 +126,167 @@ class MacOsKeychainWalletSecretProvider {
         ]).catch(() => undefined);
     }
 }
-class LinuxSecretToolWalletSecretProvider {
-    kind = "linux-secret-service";
-    #runner;
-    constructor(runner = runLinuxSecretTool) {
-        this.#runner = runner;
-    }
-    async #invoke(options) {
-        try {
-            const result = await this.#runner(options.args, {
-                stdin: options.stdin,
-            });
-            if (result.exitCode === 0) {
-                return result;
-            }
-            if (isLinuxSecretServiceUnavailableMessage(result.stderr)) {
-                throw createLinuxSecretToolError("wallet_secret_provider_linux_secret_service_unavailable");
-            }
-            if ((options.operation === "load" || options.ignoreMissing)
-                && isLinuxSecretToolMissingSecretMessage(result.stderr)) {
-                throw createLinuxSecretToolError(`wallet_secret_missing_${options.keyId}`);
-            }
-            throw createLinuxSecretToolError("wallet_secret_provider_linux_runtime_error");
-        }
-        catch (error) {
-            if (error instanceof Error
-                && (error.message === "wallet_secret_provider_linux_secret_tool_missing"
-                    || error.message === "wallet_secret_provider_linux_secret_service_unavailable"
-                    || error.message === "wallet_secret_provider_linux_runtime_error"
-                    || error.message === `wallet_secret_missing_${options.keyId}`)) {
-                throw error;
-            }
-            if (error instanceof Error && "code" in error && error.code === "ENOENT") {
-                throw createLinuxSecretToolError("wallet_secret_provider_linux_secret_tool_missing", error);
-            }
-            throw createLinuxSecretToolError("wallet_secret_provider_linux_runtime_error", error);
-        }
+class LocalFileWalletSecretProvider {
+    kind;
+    #stateRoot;
+    #directoryPath;
+    #platform;
+    #runtimeRoot;
+    #runtimeErrorCode;
+    #legacyMacKeychainReader;
+    #prompter;
+    constructor(options) {
+        this.kind = options.kind;
+        this.#stateRoot = options.stateRoot;
+        this.#directoryPath = options.directoryPath;
+        this.#platform = options.platform;
+        this.#runtimeRoot = options.runtimeRoot;
+        this.#runtimeErrorCode = options.runtimeErrorCode;
+        this.#legacyMacKeychainReader = options.legacyMacKeychainReader ?? null;
+        this.#prompter = options.prompter ?? null;
     }
     async loadSecret(keyId) {
-        const result = await this.#invoke({
-            args: ["lookup", ...createLinuxSecretToolAttributes(keyId)],
+        return await loadClientProtectedSecret({
+            platform: this.#platform,
+            stateRoot: this.#stateRoot,
+            runtimeRoot: this.#runtimeRoot,
+            directoryPath: this.#directoryPath,
+            runtimeErrorCode: this.#runtimeErrorCode,
+            legacyMacKeychainReader: this.#legacyMacKeychainReader,
             keyId,
-            operation: "load",
+            prompt: this.#prompter ?? undefined,
         });
-        return base64ToBytes(result.stdout.trim());
     }
     async storeSecret(keyId, secret) {
-        await this.#invoke({
-            args: [
-                "store",
-                "--label",
-                `Cogcoin wallet secret (${keyId})`,
-                ...createLinuxSecretToolAttributes(keyId),
-            ],
+        await storeClientProtectedSecret({
+            platform: this.#platform,
+            stateRoot: this.#stateRoot,
+            runtimeRoot: this.#runtimeRoot,
+            directoryPath: this.#directoryPath,
+            runtimeErrorCode: this.#runtimeErrorCode,
+            legacyMacKeychainReader: this.#legacyMacKeychainReader,
             keyId,
-            operation: "store",
-            stdin: bytesToBase64(secret),
+            secret,
+            prompt: this.#prompter ?? undefined,
         });
     }
     async deleteSecret(keyId) {
-        try {
-            await this.#invoke({
-                args: ["clear", ...createLinuxSecretToolAttributes(keyId)],
-                keyId,
-                operation: "delete",
-                ignoreMissing: true,
-            });
-        }
-        catch (error) {
-            if (error instanceof Error && error.message === `wallet_secret_missing_${keyId}`) {
-                return;
-            }
-            throw error;
-        }
-    }
-}
-class LinuxLocalFileWalletSecretProvider {
-    kind = "linux-local-file";
-    #directoryPath;
-    constructor(directoryPath) {
-        this.#directoryPath = directoryPath;
-    }
-    #resolveSecretPath(keyId) {
-        return join(this.#directoryPath, `${sanitizeSecretKeyId(keyId)}.secret`);
-    }
-    async hasSecret(keyId) {
-        try {
-            await access(this.#resolveSecretPath(keyId), constants.F_OK);
-            return true;
-        }
-        catch {
-            return false;
-        }
-    }
-    async loadSecret(keyId) {
-        try {
-            const encoded = await readFile(this.#resolveSecretPath(keyId), "utf8");
-            return base64ToBytes(encoded.trim());
-        }
-        catch (error) {
-            if (error instanceof Error && "code" in error && error.code === "ENOENT") {
-                throw new Error(`wallet_secret_missing_${keyId}`);
-            }
-            throw createLinuxSecretToolError("wallet_secret_provider_linux_runtime_error", error);
-        }
-    }
-    async storeSecret(keyId, secret) {
-        try {
-            await mkdir(this.#directoryPath, { recursive: true, mode: 0o700 });
-            await writeFileAtomic(this.#resolveSecretPath(keyId), `${bytesToBase64(secret)}\n`, { mode: 0o600 });
-        }
-        catch (error) {
-            throw createLinuxSecretToolError("wallet_secret_provider_linux_runtime_error", error);
-        }
-    }
-    async deleteSecret(keyId) {
-        await rm(this.#resolveSecretPath(keyId), { force: true }).catch(() => undefined);
-    }
-}
-class LinuxFallbackWalletSecretProvider {
-    kind = "linux-secret-service-fallback";
-    #secretService;
-    #fileProvider;
-    constructor(options) {
-        this.#secretService = options.secretService;
-        this.#fileProvider = options.fileProvider;
-    }
-    async #loadFromFileOrRethrow(keyId, error) {
-        try {
-            return await this.#fileProvider.loadSecret(keyId);
-        }
-        catch (fileError) {
-            if (isWalletSecretProviderMessage(fileError, `wallet_secret_missing_${keyId}`)
-                && (error.message === "wallet_secret_provider_linux_secret_tool_missing"
-                    || error.message === "wallet_secret_provider_linux_secret_service_unavailable")) {
-                throw error;
-            }
-            throw fileError;
-        }
-    }
-    async loadSecret(keyId) {
-        try {
-            return await this.#secretService.loadSecret(keyId);
-        }
-        catch (error) {
-            if (!(error instanceof Error)) {
-                throw error;
-            }
-            if (error.message === "wallet_secret_provider_linux_secret_tool_missing"
-                || error.message === "wallet_secret_provider_linux_secret_service_unavailable"
-                || error.message === `wallet_secret_missing_${keyId}`) {
-                return await this.#loadFromFileOrRethrow(keyId, error);
-            }
-            if (error.message === "wallet_secret_provider_linux_runtime_error"
-                && await this.#fileProvider.hasSecret(keyId)) {
-                return await this.#fileProvider.loadSecret(keyId);
-            }
-            throw error;
-        }
-    }
-    async storeSecret(keyId, secret) {
-        try {
-            await this.#secretService.storeSecret(keyId, secret);
-        }
-        catch (error) {
-            if (isWalletSecretProviderMessage(error, "wallet_secret_provider_linux_secret_tool_missing")
-                || isWalletSecretProviderMessage(error, "wallet_secret_provider_linux_secret_service_unavailable")) {
-                await this.#fileProvider.storeSecret(keyId, secret);
-                return;
-            }
-            throw error;
-        }
+        await deleteClientProtectedSecret({
+            platform: this.#platform,
+            stateRoot: this.#stateRoot,
+            runtimeRoot: this.#runtimeRoot,
+            directoryPath: this.#directoryPath,
+            runtimeErrorCode: this.#runtimeErrorCode,
+            keyId,
+        });
     }
-    async deleteSecret(keyId) {
-        await Promise.allSettled([
-            this.#secretService.deleteSecret(keyId),
-            this.#fileProvider.deleteSecret(keyId),
-        ]);
+    withPrompter(prompter) {
+        return new LocalFileWalletSecretProvider({
+            stateRoot: this.#stateRoot,
+            directoryPath: this.#directoryPath,
+            kind: this.kind,
+            platform: this.#platform,
+            runtimeRoot: this.#runtimeRoot,
+            runtimeErrorCode: this.#runtimeErrorCode,
+            legacyMacKeychainReader: this.#legacyMacKeychainReader,
+            prompter,
+        });
     }
-}
-class WindowsDpapiWalletSecretProvider {
-    kind = "windows-dpapi";
-    #directoryPath;
-    constructor(directoryPath) {
-        this.#directoryPath = directoryPath;
+    async inspectClientPasswordReadiness() {
+        return await inspectClientPasswordReadiness({
+            platform: this.#platform,
+            stateRoot: this.#stateRoot,
+            runtimeRoot: this.#runtimeRoot,
+            directoryPath: this.#directoryPath,
+            runtimeErrorCode: this.#runtimeErrorCode,
+            legacyMacKeychainReader: this.#legacyMacKeychainReader,
+        });
     }
-    #resolveSecretPath(keyId) {
-        const fileId = keyId.replace(/[^a-zA-Z0-9._-]+/g, "-");
-        return join(this.#directoryPath, `${fileId}.dpapi`);
+    async ensureClientPasswordConfigured(prompter) {
+        const result = await ensureClientPasswordConfiguredWithLocalFile({
+            platform: this.#platform,
+            stateRoot: this.#stateRoot,
+            runtimeRoot: this.#runtimeRoot,
+            directoryPath: this.#directoryPath,
+            runtimeErrorCode: this.#runtimeErrorCode,
+            legacyMacKeychainReader: this.#legacyMacKeychainReader,
+            prompt: prompter,
+        });
+        return result.action;
+    }
+    async unlockClientPasswordSession(prompter) {
+        return await unlockClientPasswordSessionWithLocalFile({
+            platform: this.#platform,
+            stateRoot: this.#stateRoot,
+            runtimeRoot: this.#runtimeRoot,
+            directoryPath: this.#directoryPath,
+            runtimeErrorCode: this.#runtimeErrorCode,
+            legacyMacKeychainReader: this.#legacyMacKeychainReader,
+            prompt: prompter,
+        });
     }
-    async loadSecret(keyId) {
-        const secretPath = this.#resolveSecretPath(keyId);
-        const encoded = await readFile(secretPath, "utf8");
-        const { stdout } = await execFileAsync("powershell.exe", [
-            "-NoProfile",
-            "-NonInteractive",
-            "-Command",
-            "$data=[Convert]::FromBase64String($args[0]);$value=[System.Security.Cryptography.ProtectedData]::Unprotect($data,$null,[System.Security.Cryptography.DataProtectionScope]::CurrentUser);[Console]::Out.Write([Convert]::ToBase64String($value));",
-            encoded.trim(),
-        ]);
-        return base64ToBytes(stdout.trim());
+    async changeClientPassword(prompter) {
+        return await changeClientPasswordWithLocalFile({
+            platform: this.#platform,
+            stateRoot: this.#stateRoot,
+            runtimeRoot: this.#runtimeRoot,
+            directoryPath: this.#directoryPath,
+            runtimeErrorCode: this.#runtimeErrorCode,
+            legacyMacKeychainReader: this.#legacyMacKeychainReader,
+            prompt: prompter,
+        });
     }
-    async storeSecret(keyId, secret) {
-        const secretPath = this.#resolveSecretPath(keyId);
-        await mkdir(dirname(secretPath), { recursive: true });
-        const { stdout } = await execFileAsync("powershell.exe", [
-            "-NoProfile",
-            "-NonInteractive",
-            "-Command",
-            "$data=[Convert]::FromBase64String($args[0]);$value=[System.Security.Cryptography.ProtectedData]::Protect($data,$null,[System.Security.Cryptography.DataProtectionScope]::CurrentUser);[Console]::Out.Write([Convert]::ToBase64String($value));",
-            bytesToBase64(secret),
-        ]);
-        await writeFileAtomic(secretPath, `${stdout.trim()}\n`, { mode: 0o600 });
+    async lockClientPasswordSession() {
+        return await lockClientPasswordSession({
+            platform: this.#platform,
+            stateRoot: this.#stateRoot,
+            runtimeRoot: this.#runtimeRoot,
+            directoryPath: this.#directoryPath,
+            runtimeErrorCode: this.#runtimeErrorCode,
+            legacyMacKeychainReader: this.#legacyMacKeychainReader,
+        });
     }
-    async deleteSecret(keyId) {
-        await rm(this.#resolveSecretPath(keyId), { force: true }).catch(() => undefined);
+    async readClientPasswordSessionStatus() {
+        return await readClientPasswordSessionStatus({
+            platform: this.#platform,
+            stateRoot: this.#stateRoot,
+            runtimeRoot: this.#runtimeRoot,
+            directoryPath: this.#directoryPath,
+            runtimeErrorCode: this.#runtimeErrorCode,
+            legacyMacKeychainReader: this.#legacyMacKeychainReader,
+        });
     }
 }
 function createWalletSecretProviderForPlatform(platform, options = {}) {
-    if (platform === "darwin") {
-        return new MacOsKeychainWalletSecretProvider();
-    }
     if (platform === "win32") {
-        return new WindowsDpapiWalletSecretProvider(resolveSecretDirectoryPath(options));
+        return new LocalFileWalletSecretProvider({
+            stateRoot: options.stateRoot ?? resolveWalletRuntimePathsForTesting().stateRoot,
+            directoryPath: resolveSecretDirectoryPath(options),
+            kind: "windows-local-file",
+            platform,
+            runtimeRoot: resolveRuntimeRootPath(options),
+            runtimeErrorCode: "wallet_secret_provider_windows_runtime_error",
+        });
     }
     if (platform === "linux") {
-        return new LinuxFallbackWalletSecretProvider({
-            secretService: new LinuxSecretToolWalletSecretProvider(options.linuxSecretToolRunner),
-            fileProvider: new LinuxLocalFileWalletSecretProvider(resolveSecretDirectoryPath(options)),
+        return new LocalFileWalletSecretProvider({
+            stateRoot: options.stateRoot ?? resolveWalletRuntimePathsForTesting().stateRoot,
+            directoryPath: resolveSecretDirectoryPath(options),
+            kind: "linux-local-file",
+            platform,
+            runtimeRoot: resolveRuntimeRootPath(options),
+            runtimeErrorCode: "wallet_secret_provider_linux_runtime_error",
+        });
+    }
+    if (platform === "darwin") {
+        return new LocalFileWalletSecretProvider({
+            stateRoot: options.stateRoot ?? resolveWalletRuntimePathsForTesting().stateRoot,
+            directoryPath: resolveSecretDirectoryPath(options),
+            kind: "macos-local-file",
+            platform,
+            runtimeRoot: resolveRuntimeRootPath(options),
+            runtimeErrorCode: "wallet_secret_provider_macos_runtime_error",
+            legacyMacKeychainReader: new MacOsKeychainWalletSecretProvider(),
         });
     }
     throw new Error(`wallet_secret_provider_unsupported_${platform}`);
@@ -424,11 +316,77 @@ export function createLazyDefaultWalletSecretProvider() {
         async deleteSecret(keyId) {
             await getResolved().deleteSecret(keyId);
         },
+        withPrompter(prompter) {
+            return getResolved().withPrompter?.(prompter) ?? getResolved();
+        },
+        async inspectClientPasswordReadiness() {
+            return await getResolved().inspectClientPasswordReadiness?.() ?? "ready";
+        },
+        async ensureClientPasswordConfigured(prompter) {
+            return await getResolved().ensureClientPasswordConfigured?.(prompter) ?? "already-configured";
+        },
+        async unlockClientPasswordSession(prompter) {
+            return await getResolved().unlockClientPasswordSession?.(prompter) ?? {
+                unlocked: true,
+                unlockUntilUnixMs: null,
+            };
+        },
+        async changeClientPassword(prompter) {
+            return await getResolved().changeClientPassword?.(prompter) ?? {
+                unlocked: true,
+                unlockUntilUnixMs: null,
+            };
+        },
+        async lockClientPasswordSession() {
+            return await getResolved().lockClientPasswordSession?.() ?? {
+                unlocked: false,
+                unlockUntilUnixMs: null,
+            };
+        },
+        async readClientPasswordSessionStatus() {
+            return await getResolved().readClientPasswordSessionStatus?.() ?? {
+                unlocked: true,
+                unlockUntilUnixMs: null,
+            };
+        },
     };
 }
 export function createMemoryWalletSecretProviderForTesting() {
     return new MemoryWalletSecretProvider();
 }
+export function withInteractiveWalletSecretProvider(provider, prompter) {
+    return provider.withPrompter?.(prompter) ?? provider;
+}
+export async function ensureClientPasswordConfigured(provider, prompter) {
+    return await provider.ensureClientPasswordConfigured?.(prompter) ?? "already-configured";
+}
+export async function inspectClientPasswordSetupReadiness(provider) {
+    return await provider.inspectClientPasswordReadiness?.() ?? "ready";
+}
+export async function unlockClientPassword(provider, prompter) {
+    return await provider.unlockClientPasswordSession?.(prompter) ?? {
+        unlocked: true,
+        unlockUntilUnixMs: null,
+    };
+}
+export async function changeClientPassword(provider, prompter) {
+    return await provider.changeClientPassword?.(prompter) ?? {
+        unlocked: true,
+        unlockUntilUnixMs: null,
+    };
+}
+export async function lockClientPassword(provider) {
+    return await provider.lockClientPasswordSession?.() ?? {
+        unlocked: false,
+        unlockUntilUnixMs: null,
+    };
+}
+export async function readClientPasswordStatus(provider) {
+    return await provider.readClientPasswordSessionStatus?.() ?? {
+        unlocked: true,
+        unlockUntilUnixMs: null,
+    };
+}
 export function createWalletRootId() {
     return `wallet-${randomUUID().replaceAll("-", "")}`;
 }

package/dist/wallet/state/storage.d.ts

@@ -12,11 +12,11 @@ export interface RawWalletStateEnvelope {
     source: "primary" | "backup";
     envelope: EncryptedEnvelopeV1;
 }
-export type WalletStateSaveAccess = Uint8Array | string | {
+export type WalletStateSaveAccess = {
     provider: WalletSecretProvider;
     secretReference: WalletSecretReference;
 };
-export type WalletStateLoadAccess = Uint8Array | string | {
+export type WalletStateLoadAccess = {
     provider: WalletSecretProvider;
 };
 export declare function loadRawWalletStateEnvelope(paths: WalletStateStoragePaths): Promise<RawWalletStateEnvelope | null>;