npm - @dynamic-labs-wallet/browser - Versions diffs - 0.0.0-beta.317 → 0.0.0-beta.318 - Mend

@dynamic-labs-wallet/browser 0.0.0-beta.317 → 0.0.0-beta.318

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/index.cjs.js +205 -122
package/index.esm.js +206 -123
package/package.json +4 -4
package/src/client.d.ts +27 -5
package/src/client.d.ts.map +1 -1
package/src/services/encryption.d.ts +6 -6
package/src/services/encryption.d.ts.map +1 -1

package/index.cjs.js CHANGED Viewed

@@ -652,6 +652,84 @@ const createBackupData = ({ encryptedKeyShares, accountAddress, thresholdSignatu
     }
 };
+const ALG_LABEL_RSA = 'HYBRID-RSA-AES-256';
+/**
+ * Convert base64 to base64url encoding
+ */ const toBase64Url = (buffer)=>{
+    const base64 = Buffer.from(buffer).toString('base64');
+    return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+};
+/**
+ * Convert ArrayBuffer to base64url
+ */ const arrayBufferToBase64Url = (buffer)=>{
+    return toBase64Url(buffer);
+};
+/**
+ * Import RSA public key from PEM format
+ */ const importRSAPublicKey = async (publicKeyPem)=>{
+    // Remove PEM headers and decode base64
+    const pemHeader = '-----BEGIN PUBLIC KEY-----';
+    const pemFooter = '-----END PUBLIC KEY-----';
+    const pemContents = publicKeyPem.replace(pemHeader, '').replace(pemFooter, '').replace(/\s/g, '');
+    const binaryDer = Buffer.from(pemContents, 'base64').toString('binary');
+    const keyData = new Uint8Array(binaryDer.length);
+    for(let i = 0; i < binaryDer.length; i++){
+        keyData[i] = binaryDer.charCodeAt(i);
+    }
+    return await crypto.subtle.importKey('spki', keyData, {
+        name: 'RSA-OAEP',
+        hash: 'SHA-256'
+    }, false, [
+        'encrypt'
+    ]);
+};
+// encodedEnvelopeBytes intentionally omitted; alg/ct/ek/iv/tag/kid is sufficient
+/**
+ * Encrypts data using HYBRID-RSA-AES-256 encryption scheme with Web Crypto API.
+ * 1. Generate random AES-256 key
+ * 2. Encrypt AES key with RSA public key
+ * 3. Encrypt data with AES-256-GCM
+ */ const encryptDelegatedKeyShare = async (data, publicKeyPem, keyId)=>{
+    try {
+        // Step 1: Generate a random AES-256 key and 16-byte IV
+        const aesKey = await crypto.subtle.generateKey({
+            name: 'AES-GCM',
+            length: 256
+        }, true, [
+            'encrypt'
+        ]);
+        const iv = crypto.getRandomValues(new Uint8Array(16)); // 128-bit IV for GCM
+        // Step 2: Encrypt the data with AES-256-GCM
+        const plaintext = new TextEncoder().encode(data);
+        const encryptedData = await crypto.subtle.encrypt({
+            name: 'AES-GCM',
+            iv: iv
+        }, aesKey, plaintext);
+        // Extract the auth tag from the encrypted data (last 16 bytes)
+        const encryptedDataArray = new Uint8Array(encryptedData);
+        const authTag = encryptedDataArray.slice(-16);
+        const ciphertext = encryptedDataArray.slice(0, -16);
+        // Step 3: Encrypt the AES key with RSA public key
+        const rsaPublicKey = await importRSAPublicKey(publicKeyPem);
+        // Export the AES key to encrypt it
+        const aesKeyData = await crypto.subtle.exportKey('raw', aesKey);
+        const encryptedAesKey = await crypto.subtle.encrypt({
+            name: 'RSA-OAEP'
+        }, rsaPublicKey, aesKeyData);
+        return _extends({
+            alg: ALG_LABEL_RSA,
+            iv: arrayBufferToBase64Url(iv.buffer),
+            ct: arrayBufferToBase64Url(ciphertext.buffer),
+            tag: arrayBufferToBase64Url(authTag.buffer),
+            ek: arrayBufferToBase64Url(encryptedAesKey)
+        }, keyId ? {
+            kid: keyId
+        } : {});
+    } catch (error) {
+        throw new Error(`Encryption failed: ${error instanceof Error ? error.message : String(error)}`);
+    }
+};
 const localStorageWriteTest = {
     tested: false,
     writable: false
@@ -721,95 +799,21 @@ const localStorageWriteTest = {
         }
     });
-/** Algorithm label for the new hybrid encryption standard */ const ALG_LABEL_RSA = 'HYBRID-RSA-AES-256';
-/**
- * Convert base64 to base64url encoding
- */ const toBase64Url = (buffer)=>{
-    const base64 = Buffer.from(buffer).toString('base64');
-    return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-};
-/**
- * Convert ArrayBuffer to base64url
- */ const arrayBufferToBase64Url = (buffer)=>{
-    return toBase64Url(buffer);
-};
-/**
- * Import RSA public key from PEM format
- */ const importRSAPublicKey = async (publicKeyPem)=>{
-    // Remove PEM headers and decode base64
-    const pemHeader = '-----BEGIN PUBLIC KEY-----';
-    const pemFooter = '-----END PUBLIC KEY-----';
-    const pemContents = publicKeyPem.replace(pemHeader, '').replace(pemFooter, '').replace(/\s/g, '');
-    const binaryDer = Buffer.from(pemContents, 'base64').toString('binary');
-    const keyData = new Uint8Array(binaryDer.length);
-    for(let i = 0; i < binaryDer.length; i++){
-        keyData[i] = binaryDer.charCodeAt(i);
-    }
-    return await crypto.subtle.importKey('spki', keyData, {
-        name: 'RSA-OAEP',
-        hash: 'SHA-256'
-    }, false, [
-        'encrypt'
-    ]);
-};
-/**
- * Creates the encoded envelope bytes from the encrypted data components
- */ const createEncodedEnvelopeBytes = (iv, ciphertext, authTag, encryptedAesKey)=>{
-    const envelopeData = {
-        algorithm: ALG_LABEL_RSA,
-        iv: arrayBufferToBase64Url(iv.buffer),
-        encryptedData: arrayBufferToBase64Url(ciphertext.buffer),
-        authTag: arrayBufferToBase64Url(authTag.buffer),
-        encryptedKey: arrayBufferToBase64Url(encryptedAesKey)
-    };
-    return Buffer.from(new TextEncoder().encode(JSON.stringify(envelopeData))).toString('base64');
-};
-/**
- * Encrypts data using HYBRID-RSA-AES-256 encryption scheme with Web Crypto API.
- * 1. Generate random AES-256 key
- * 2. Encrypt AES key with RSA public key
- * 3. Encrypt data with AES-256-GCM
- */ const encryptDelegatedKeyShare = async (data, publicKeyPem)=>{
-    try {
-        // Step 1: Generate a random AES-256 key and 16-byte IV
-        const aesKey = await crypto.subtle.generateKey({
-            name: 'AES-GCM',
-            length: 256
-        }, true, [
-            'encrypt'
-        ]);
-        const iv = crypto.getRandomValues(new Uint8Array(16)); // 128-bit IV for GCM
-        // Step 2: Encrypt the data with AES-256-GCM
-        const plaintext = new TextEncoder().encode(data);
-        const encryptedData = await crypto.subtle.encrypt({
-            name: 'AES-GCM',
-            iv: iv
-        }, aesKey, plaintext);
-        // Extract the auth tag from the encrypted data (last 16 bytes)
-        const encryptedDataArray = new Uint8Array(encryptedData);
-        const authTag = encryptedDataArray.slice(-16);
-        const ciphertext = encryptedDataArray.slice(0, -16);
-        // Step 3: Encrypt the AES key with RSA public key
-        const rsaPublicKey = await importRSAPublicKey(publicKeyPem);
-        // Export the AES key to encrypt it
-        const aesKeyData = await crypto.subtle.exportKey('raw', aesKey);
-        const encryptedAesKey = await crypto.subtle.encrypt({
-            name: 'RSA-OAEP'
-        }, rsaPublicKey, aesKeyData);
-        return {
-            algorithm: ALG_LABEL_RSA,
-            iv: arrayBufferToBase64Url(iv.buffer),
-            encryptedData: arrayBufferToBase64Url(ciphertext.buffer),
-            authTag: arrayBufferToBase64Url(authTag.buffer),
-            encryptedKey: arrayBufferToBase64Url(encryptedAesKey),
-            encodedEnvelopeBytes: createEncodedEnvelopeBytes(iv, ciphertext, authTag, encryptedAesKey)
-        };
-    } catch (error) {
-        throw new Error(`Encryption failed: ${error instanceof Error ? error.message : String(error)}`);
-    }
-};
 class DynamicWalletClient {
+    async initializeForwardMPCClient() {
+        try {
+            await this.apiClient.forwardMPCClient.connect();
+            logger.info('Connected to ForwardMPC enclave websocket. Instance: ' + this.instanceId);
+            try {
+                await this.apiClient.forwardMPCClient.handshake();
+                logger.info('Handshaked with ForwardMPC enclave websocket. Instance: ' + this.instanceId);
+            } catch (error) {
+                logger.error('Error handshaking with ForwardMPC enclave websocket. Instance: ' + this.instanceId, error);
+            }
+        } catch (error) {
+            logger.error('Error connecting to ForwardMPC enclave websocket. Instance: ' + this.instanceId, error);
+        }
+    }
     getAuthMode() {
         return this.authMode;
     }
@@ -1138,6 +1142,32 @@ class DynamicWalletClient {
         });
         return data;
     }
+    async forwardMPCClientSign({ chainName, message, roomId, keyShare, derivationPath, formattedMessage }) {
+        if (!this.apiClient.forwardMPCClient.connected) {
+            await this.initializeForwardMPCClient();
+        }
+        logger.info('Forward MPC enabled, signing message with forward MPC');
+        const signature = await this.apiClient.forwardMPCClient.signMessage({
+            keyshare: keyShare,
+            message: chainName === 'EVM' || chainName === 'SUI' ? message : formattedMessage,
+            relayDomain: this.baseMPCRelayApiUrl || '',
+            signingAlgo: chainName === 'EVM' ? 'ECDSA' : 'ED25519',
+            hashAlgo: chainName === 'EVM' ? 'keccak256' : undefined,
+            derivationPath: derivationPath,
+            roomUuid: roomId
+        });
+        const signatureBytes = signature.data.signature;
+        if (!(signatureBytes instanceof Uint8Array)) {
+            throw new TypeError(`Invalid signature format: expected Uint8Array, got ${typeof signatureBytes}`);
+        }
+        // Convert to EcdsaSignature
+        if (chainName === 'EVM') {
+            const ecdsaSignature = web.EcdsaSignature.fromBuffer(signatureBytes);
+            return ecdsaSignature;
+        } else {
+            return signatureBytes;
+        }
+    }
     async clientSign({ chainName, message, roomId, keyShare, derivationPath, isFormatted, dynamicRequestId }) {
         try {
             const mpcSigner = getMPCSigner({
@@ -1152,6 +1182,16 @@ class DynamicWalletClient {
                 derivationPath,
                 isFormatted
             });
+            if (this.forwardMPCEnabled) {
+                return this.forwardMPCClientSign({
+                    chainName,
+                    message,
+                    roomId,
+                    keyShare,
+                    derivationPath,
+                    formattedMessage
+                });
+            }
             const signature = await mpcSigner.sign(roomId, keyShare, formattedMessage, derivationPath);
             return signature;
         } catch (error) {
@@ -1342,10 +1382,9 @@ class DynamicWalletClient {
             existingClientKeyShares
         };
     }
-    async reshare({ chainName, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, password = undefined, signedSessionId, backupToGoogleDrive = false, delegateToProjectEnvironment = false, mfaToken }) {
+    async reshare({ chainName, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, password = undefined, signedSessionId, backupToGoogleDrive = false, delegateToProjectEnvironment = false, mfaToken, revokeDelegation = false }) {
         const dynamicRequestId = uuid.v4();
         try {
-            var _publicKey_key, _publicKey_key1;
             await this.verifyPassword({
                 accountAddress,
                 password,
@@ -1382,7 +1421,8 @@ class DynamicWalletClient {
                 newThresholdSignatureScheme,
                 dynamicRequestId,
                 delegateToProjectEnvironment,
-                mfaToken
+                mfaToken,
+                revokeDelegation
             });
             const { roomId, serverKeygenIds, newServerKeygenIds = [] } = data;
             // Get the MPC config for the threshold signature scheme
@@ -1404,7 +1444,7 @@ class DynamicWalletClient {
                 Promise.all(existingResharePromises),
                 Promise.all(newResharePromises)
             ]);
-            const clientKeyshares = delegateToProjectEnvironment ? [
+            const clientKeysharesToLocalStorage = delegateToProjectEnvironment ? [
                 ...existingReshareResults
             ] : [
                 ...existingReshareResults,
@@ -1413,33 +1453,20 @@ class DynamicWalletClient {
             this.walletMap[accountAddress] = _extends({}, this.walletMap[accountAddress], {
                 thresholdSignatureScheme: newThresholdSignatureScheme
             });
+            // store client key shares to localStorage
             await this.setClientKeySharesToLocalStorage({
                 accountAddress,
-                clientKeyShares: clientKeyshares,
+                clientKeyShares: clientKeysharesToLocalStorage,
                 overwriteOrMerge: 'overwrite'
             });
+            // if delegateToProjectEnvironment is true, we need to update location for the delegated share
+            const delegatedKeyshare = delegateToProjectEnvironment ? newReshareResults[0] : undefined;
             await this.storeEncryptedBackupByWallet({
                 accountAddress,
                 password,
                 signedSessionId,
                 backupToGoogleDrive,
-                delegatedLocations: newReshareResults.map(()=>({
-                        location: core.BackupLocation.DELEGATED
-                    }))
-            });
-            const publicKey = await this.apiClient.getDelegatedEncryptionKey({
-                environmentId: this.environmentId
-            });
-            if (!(publicKey == null ? void 0 : (_publicKey_key = publicKey.key) == null ? void 0 : _publicKey_key.publicKeyPemB64)) {
-                throw new Error('Public key not found');
-            }
-            const encryptedDelegatedKeyShareEnvelope = await encryptDelegatedKeyShare(JSON.stringify(clientKeyshares[0]), publicKey == null ? void 0 : (_publicKey_key1 = publicKey.key) == null ? void 0 : _publicKey_key1.publicKeyPemB64);
-            await this.apiClient.publishDelegatedKeyShare({
-                walletId: this.walletMap[accountAddress].walletId,
-                encryptedKeyShare: encryptedDelegatedKeyShareEnvelope,
-                signedSessionId,
-                requiresSignedSessionId: this.requiresSignedSessionId(),
-                dynamicRequestId
+                delegatedKeyshare
             });
         } catch (error) {
             logError({
@@ -1466,7 +1493,7 @@ class DynamicWalletClient {
             throw error;
         }
     }
-    async delegateKeyShares({ accountAddress, password = undefined, signedSessionId, mfaToken }) {
+    async performDelegationOperation({ accountAddress, password, signedSessionId, mfaToken, newThresholdSignatureScheme, revokeDelegation = false, operationName }) {
         try {
             const delegateToProjectEnvironment = this.featureFlags && this.featureFlags[core.FEATURE_FLAGS.ENABLE_DELEGATED_KEY_SHARES_FLAG] === true;
             if (!delegateToProjectEnvironment) {
@@ -1486,19 +1513,17 @@ class DynamicWalletClient {
                 chainName: this.walletMap[accountAddress].chainName,
                 accountAddress,
                 oldThresholdSignatureScheme: currentThresholdSignatureScheme,
-                newThresholdSignatureScheme: core.ThresholdSignatureScheme.TWO_OF_THREE,
+                newThresholdSignatureScheme,
                 password,
                 signedSessionId,
                 backupToGoogleDrive: false,
                 delegateToProjectEnvironment: true,
-                mfaToken
+                mfaToken,
+                revokeDelegation
             });
-            const backupInfo = this.walletMap[accountAddress].clientKeySharesBackupInfo;
-            const delegatedKeyShares = backupInfo.backups[core.BackupLocation.DELEGATED] || [];
-            return delegatedKeyShares;
         } catch (error) {
             logError({
-                message: 'Error in delegateKeyShares',
+                message: `Error in ${operationName}`,
                 error: error,
                 context: {
                     accountAddress
@@ -1507,6 +1532,30 @@ class DynamicWalletClient {
             throw error;
         }
     }
+    async delegateKeyShares({ accountAddress, password = undefined, signedSessionId, mfaToken }) {
+        await this.performDelegationOperation({
+            accountAddress,
+            password,
+            signedSessionId,
+            mfaToken,
+            newThresholdSignatureScheme: core.ThresholdSignatureScheme.TWO_OF_THREE,
+            operationName: 'delegateKeyShares'
+        });
+        const backupInfo = this.walletMap[accountAddress].clientKeySharesBackupInfo;
+        const delegatedKeyShares = backupInfo.backups[core.BackupLocation.DELEGATED] || [];
+        return delegatedKeyShares;
+    }
+    async revokeDelegation({ accountAddress, password = undefined, signedSessionId, mfaToken }) {
+        await this.performDelegationOperation({
+            accountAddress,
+            password,
+            signedSessionId,
+            mfaToken,
+            newThresholdSignatureScheme: core.ThresholdSignatureScheme.TWO_OF_TWO,
+            revokeDelegation: true,
+            operationName: 'revokeDelegation'
+        });
+    }
     async exportKey({ accountAddress, chainName, password = undefined, signedSessionId, mfaToken }) {
         const dynamicRequestId = uuid.v4();
         try {
@@ -1690,6 +1739,10 @@ class DynamicWalletClient {
    * 4. Updates backup metadata and synchronizes wallet state
    * 5. Persists the updated wallet map to local storage
    *
+   * **Delegated Key Shares:**
+   * - When delegatedKeyshare is provided, the method will not store the delegated key share but it will mark the delegated share as backed up on Dynamic's backend
+   * - and encrypt the delegated key share to publish it to the webhook
+   *
    * @param params - The backup operation parameters
    * @param params.accountAddress - The account address of the wallet to backup
    * @param params.clientKeyShares - Optional specific key shares to backup (uses localStorage if not provided)
@@ -1697,7 +1750,7 @@ class DynamicWalletClient {
    * @param params.signedSessionId - Optional signed session ID for authentication
    * @param params.backupToGoogleDrive - Whether to backup to Google Drive (defaults to false)
    * @returns Promise with backup metadata including share locations and IDs
-   */ async storeEncryptedBackupByWallet({ accountAddress, clientKeyShares = undefined, password = undefined, signedSessionId, backupToGoogleDrive = false, delegatedLocations = [] }) {
+   */ async storeEncryptedBackupByWallet({ accountAddress, clientKeyShares = undefined, password = undefined, signedSessionId, backupToGoogleDrive = false, delegatedKeyshare = undefined }) {
         const dynamicRequestId = uuid.v4();
         try {
             var _this_walletMap_accountAddress, _this_walletMap_accountAddress_clientKeySharesBackupInfo_backups_BackupLocation_GOOGLE_DRIVE, _this_walletMap_accountAddress_clientKeySharesBackupInfo_backups, _this_walletMap_accountAddress_clientKeySharesBackupInfo, _this_walletMap_accountAddress1;
@@ -1765,8 +1818,31 @@ class DynamicWalletClient {
                     location: core.BackupLocation.GOOGLE_DRIVE
                 });
             }
-            if ((delegatedLocations == null ? void 0 : delegatedLocations.length) > 0) {
-                locations.push(...delegatedLocations);
+            // if delegatedKeyshare is provided, we encrypt the delegated key share and publish it to the webhook
+            // after publish confirmed, we mark the delegated share as backed up on Dynamic's backend
+            if (delegatedKeyshare) {
+                var _publicKey_key, _publicKey_key1, _publicKey_key2;
+                const publicKey = await this.apiClient.getDelegatedEncryptionKey({
+                    environmentId: this.environmentId
+                });
+                if (!(publicKey == null ? void 0 : (_publicKey_key = publicKey.key) == null ? void 0 : _publicKey_key.publicKeyPemB64)) {
+                    throw new Error('Public key not found');
+                }
+                var _publicKey_key_keyId;
+                const encryptedDelegatedKeyShareEnvelope = await encryptDelegatedKeyShare(JSON.stringify(delegatedKeyshare), publicKey == null ? void 0 : (_publicKey_key1 = publicKey.key) == null ? void 0 : _publicKey_key1.publicKeyPemB64, (_publicKey_key_keyId = publicKey == null ? void 0 : (_publicKey_key2 = publicKey.key) == null ? void 0 : _publicKey_key2.keyId) != null ? _publicKey_key_keyId : publicKey == null ? void 0 : publicKey.keyId);
+                const { status } = await this.apiClient.publishDelegatedKeyShare({
+                    walletId: this.walletMap[accountAddress].walletId,
+                    encryptedKeyShare: encryptedDelegatedKeyShareEnvelope,
+                    signedSessionId,
+                    requiresSignedSessionId: this.requiresSignedSessionId(),
+                    dynamicRequestId
+                });
+                if (status !== 200) {
+                    throw new Error('Failed to publish delegated key share');
+                }
+                locations.push({
+                    location: core.BackupLocation.DELEGATED
+                });
             }
             const backupData = await this.apiClient.markKeySharesAsBackedUp({
                 walletId: this.walletMap[accountAddress].walletId,
@@ -2466,7 +2542,7 @@ class DynamicWalletClient {
         this.apiClient.syncAuthToken(authToken);
     }
     constructor({ environmentId, baseApiUrl, baseMPCRelayApiUrl, storageKey, debug, featureFlags, authMode = core.AuthMode.HEADER, authToken = undefined, // Represents the version of the client SDK used by developer
-    sdkVersion }){
+    sdkVersion, forwardMPCClient }){
         this.userId = undefined;
         this.sessionId = undefined;
         this.initializePromise = null;
@@ -2475,6 +2551,7 @@ class DynamicWalletClient {
         ;
         this.memoryStorage = null;
         this.iframe = null;
+        this.forwardMPCEnabled = false;
         this.featureFlags = {};
         this.environmentId = environmentId;
         this.storageKey = `${STORAGE_KEY}-${storageKey != null ? storageKey : environmentId}`;
@@ -2486,7 +2563,8 @@ class DynamicWalletClient {
             authToken,
             baseApiUrl,
             authMode,
-            sdkVersion
+            sdkVersion,
+            forwardMPCClient
         });
         this.debug = Boolean(debug);
         this.logger.setLogLevel(this.debug ? logger$1.LogLevel.DEBUG : DEFAULT_LOG_LEVEL);
@@ -2506,6 +2584,11 @@ class DynamicWalletClient {
         if (authMode === core.AuthMode.HEADER && authToken) {
             this.initLoggerContext(authToken);
         }
+        this.forwardMPCEnabled = this.featureFlags && this.featureFlags[core.FEATURE_FLAGS.ENABLE_FORWARD_MPC_CLIENT_FLAG] === true;
+        // if forwardMPCEnabled is true and forwardMPCClient is not provided, initialize the forwardMPCClient
+        if (this.forwardMPCEnabled && !forwardMPCClient) {
+            this.initializeForwardMPCClient();
+        }
     }
 }

package/index.esm.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { SigningAlgorithm, MPC_RELAY_PROD_API_URL, getMPCChainConfig, AuthMode, BackupLocation, parseNamespacedVersion, getClientThreshold, MPC_CONFIG, getTSSConfig, WalletOperation, getReshareConfig, FEATURE_FLAGS, ThresholdSignatureScheme, verifiedCredentialNameToChainEnum, DynamicApiClient, getEnvironmentFromUrl, IFRAME_DOMAIN_MAP } from '@dynamic-labs-wallet/core';
 export * from '@dynamic-labs-wallet/core';
-import { BIP340, ExportableEd25519, Ecdsa, MessageHash, EcdsaKeygenResult, ExportableEd25519KeygenResult, BIP340KeygenResult } from '#internal/web';
+import { BIP340, ExportableEd25519, Ecdsa, MessageHash, EcdsaSignature, EcdsaKeygenResult, ExportableEd25519KeygenResult, BIP340KeygenResult } from '#internal/web';
 export { BIP340, BIP340InitKeygenResult, BIP340KeygenResult, Ecdsa, EcdsaInitKeygenResult, EcdsaKeygenResult, EcdsaPublicKey, EcdsaSignature, Ed25519, Ed25519InitKeygenResult, Ed25519KeygenResult, MessageHash } from '#internal/web';
 import { gte } from 'semver';
 import { v4 } from 'uuid';
@@ -653,6 +653,84 @@ const createBackupData = ({ encryptedKeyShares, accountAddress, thresholdSignatu
     }
 };
+const ALG_LABEL_RSA = 'HYBRID-RSA-AES-256';
+/**
+ * Convert base64 to base64url encoding
+ */ const toBase64Url = (buffer)=>{
+    const base64 = Buffer.from(buffer).toString('base64');
+    return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+};
+/**
+ * Convert ArrayBuffer to base64url
+ */ const arrayBufferToBase64Url = (buffer)=>{
+    return toBase64Url(buffer);
+};
+/**
+ * Import RSA public key from PEM format
+ */ const importRSAPublicKey = async (publicKeyPem)=>{
+    // Remove PEM headers and decode base64
+    const pemHeader = '-----BEGIN PUBLIC KEY-----';
+    const pemFooter = '-----END PUBLIC KEY-----';
+    const pemContents = publicKeyPem.replace(pemHeader, '').replace(pemFooter, '').replace(/\s/g, '');
+    const binaryDer = Buffer.from(pemContents, 'base64').toString('binary');
+    const keyData = new Uint8Array(binaryDer.length);
+    for(let i = 0; i < binaryDer.length; i++){
+        keyData[i] = binaryDer.charCodeAt(i);
+    }
+    return await crypto.subtle.importKey('spki', keyData, {
+        name: 'RSA-OAEP',
+        hash: 'SHA-256'
+    }, false, [
+        'encrypt'
+    ]);
+};
+// encodedEnvelopeBytes intentionally omitted; alg/ct/ek/iv/tag/kid is sufficient
+/**
+ * Encrypts data using HYBRID-RSA-AES-256 encryption scheme with Web Crypto API.
+ * 1. Generate random AES-256 key
+ * 2. Encrypt AES key with RSA public key
+ * 3. Encrypt data with AES-256-GCM
+ */ const encryptDelegatedKeyShare = async (data, publicKeyPem, keyId)=>{
+    try {
+        // Step 1: Generate a random AES-256 key and 16-byte IV
+        const aesKey = await crypto.subtle.generateKey({
+            name: 'AES-GCM',
+            length: 256
+        }, true, [
+            'encrypt'
+        ]);
+        const iv = crypto.getRandomValues(new Uint8Array(16)); // 128-bit IV for GCM
+        // Step 2: Encrypt the data with AES-256-GCM
+        const plaintext = new TextEncoder().encode(data);
+        const encryptedData = await crypto.subtle.encrypt({
+            name: 'AES-GCM',
+            iv: iv
+        }, aesKey, plaintext);
+        // Extract the auth tag from the encrypted data (last 16 bytes)
+        const encryptedDataArray = new Uint8Array(encryptedData);
+        const authTag = encryptedDataArray.slice(-16);
+        const ciphertext = encryptedDataArray.slice(0, -16);
+        // Step 3: Encrypt the AES key with RSA public key
+        const rsaPublicKey = await importRSAPublicKey(publicKeyPem);
+        // Export the AES key to encrypt it
+        const aesKeyData = await crypto.subtle.exportKey('raw', aesKey);
+        const encryptedAesKey = await crypto.subtle.encrypt({
+            name: 'RSA-OAEP'
+        }, rsaPublicKey, aesKeyData);
+        return _extends({
+            alg: ALG_LABEL_RSA,
+            iv: arrayBufferToBase64Url(iv.buffer),
+            ct: arrayBufferToBase64Url(ciphertext.buffer),
+            tag: arrayBufferToBase64Url(authTag.buffer),
+            ek: arrayBufferToBase64Url(encryptedAesKey)
+        }, keyId ? {
+            kid: keyId
+        } : {});
+    } catch (error) {
+        throw new Error(`Encryption failed: ${error instanceof Error ? error.message : String(error)}`);
+    }
+};
 const localStorageWriteTest = {
     tested: false,
     writable: false
@@ -722,95 +800,21 @@ const localStorageWriteTest = {
         }
     });
-/** Algorithm label for the new hybrid encryption standard */ const ALG_LABEL_RSA = 'HYBRID-RSA-AES-256';
-/**
- * Convert base64 to base64url encoding
- */ const toBase64Url = (buffer)=>{
-    const base64 = Buffer.from(buffer).toString('base64');
-    return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-};
-/**
- * Convert ArrayBuffer to base64url
- */ const arrayBufferToBase64Url = (buffer)=>{
-    return toBase64Url(buffer);
-};
-/**
- * Import RSA public key from PEM format
- */ const importRSAPublicKey = async (publicKeyPem)=>{
-    // Remove PEM headers and decode base64
-    const pemHeader = '-----BEGIN PUBLIC KEY-----';
-    const pemFooter = '-----END PUBLIC KEY-----';
-    const pemContents = publicKeyPem.replace(pemHeader, '').replace(pemFooter, '').replace(/\s/g, '');
-    const binaryDer = Buffer.from(pemContents, 'base64').toString('binary');
-    const keyData = new Uint8Array(binaryDer.length);
-    for(let i = 0; i < binaryDer.length; i++){
-        keyData[i] = binaryDer.charCodeAt(i);
-    }
-    return await crypto.subtle.importKey('spki', keyData, {
-        name: 'RSA-OAEP',
-        hash: 'SHA-256'
-    }, false, [
-        'encrypt'
-    ]);
-};
-/**
- * Creates the encoded envelope bytes from the encrypted data components
- */ const createEncodedEnvelopeBytes = (iv, ciphertext, authTag, encryptedAesKey)=>{
-    const envelopeData = {
-        algorithm: ALG_LABEL_RSA,
-        iv: arrayBufferToBase64Url(iv.buffer),
-        encryptedData: arrayBufferToBase64Url(ciphertext.buffer),
-        authTag: arrayBufferToBase64Url(authTag.buffer),
-        encryptedKey: arrayBufferToBase64Url(encryptedAesKey)
-    };
-    return Buffer.from(new TextEncoder().encode(JSON.stringify(envelopeData))).toString('base64');
-};
-/**
- * Encrypts data using HYBRID-RSA-AES-256 encryption scheme with Web Crypto API.
- * 1. Generate random AES-256 key
- * 2. Encrypt AES key with RSA public key
- * 3. Encrypt data with AES-256-GCM
- */ const encryptDelegatedKeyShare = async (data, publicKeyPem)=>{
-    try {
-        // Step 1: Generate a random AES-256 key and 16-byte IV
-        const aesKey = await crypto.subtle.generateKey({
-            name: 'AES-GCM',
-            length: 256
-        }, true, [
-            'encrypt'
-        ]);
-        const iv = crypto.getRandomValues(new Uint8Array(16)); // 128-bit IV for GCM
-        // Step 2: Encrypt the data with AES-256-GCM
-        const plaintext = new TextEncoder().encode(data);
-        const encryptedData = await crypto.subtle.encrypt({
-            name: 'AES-GCM',
-            iv: iv
-        }, aesKey, plaintext);
-        // Extract the auth tag from the encrypted data (last 16 bytes)
-        const encryptedDataArray = new Uint8Array(encryptedData);
-        const authTag = encryptedDataArray.slice(-16);
-        const ciphertext = encryptedDataArray.slice(0, -16);
-        // Step 3: Encrypt the AES key with RSA public key
-        const rsaPublicKey = await importRSAPublicKey(publicKeyPem);
-        // Export the AES key to encrypt it
-        const aesKeyData = await crypto.subtle.exportKey('raw', aesKey);
-        const encryptedAesKey = await crypto.subtle.encrypt({
-            name: 'RSA-OAEP'
-        }, rsaPublicKey, aesKeyData);
-        return {
-            algorithm: ALG_LABEL_RSA,
-            iv: arrayBufferToBase64Url(iv.buffer),
-            encryptedData: arrayBufferToBase64Url(ciphertext.buffer),
-            authTag: arrayBufferToBase64Url(authTag.buffer),
-            encryptedKey: arrayBufferToBase64Url(encryptedAesKey),
-            encodedEnvelopeBytes: createEncodedEnvelopeBytes(iv, ciphertext, authTag, encryptedAesKey)
-        };
-    } catch (error) {
-        throw new Error(`Encryption failed: ${error instanceof Error ? error.message : String(error)}`);
-    }
-};
 class DynamicWalletClient {
+    async initializeForwardMPCClient() {
+        try {
+            await this.apiClient.forwardMPCClient.connect();
+            logger.info('Connected to ForwardMPC enclave websocket. Instance: ' + this.instanceId);
+            try {
+                await this.apiClient.forwardMPCClient.handshake();
+                logger.info('Handshaked with ForwardMPC enclave websocket. Instance: ' + this.instanceId);
+            } catch (error) {
+                logger.error('Error handshaking with ForwardMPC enclave websocket. Instance: ' + this.instanceId, error);
+            }
+        } catch (error) {
+            logger.error('Error connecting to ForwardMPC enclave websocket. Instance: ' + this.instanceId, error);
+        }
+    }
     getAuthMode() {
         return this.authMode;
     }
@@ -1139,6 +1143,32 @@ class DynamicWalletClient {
         });
         return data;
     }
+    async forwardMPCClientSign({ chainName, message, roomId, keyShare, derivationPath, formattedMessage }) {
+        if (!this.apiClient.forwardMPCClient.connected) {
+            await this.initializeForwardMPCClient();
+        }
+        logger.info('Forward MPC enabled, signing message with forward MPC');
+        const signature = await this.apiClient.forwardMPCClient.signMessage({
+            keyshare: keyShare,
+            message: chainName === 'EVM' || chainName === 'SUI' ? message : formattedMessage,
+            relayDomain: this.baseMPCRelayApiUrl || '',
+            signingAlgo: chainName === 'EVM' ? 'ECDSA' : 'ED25519',
+            hashAlgo: chainName === 'EVM' ? 'keccak256' : undefined,
+            derivationPath: derivationPath,
+            roomUuid: roomId
+        });
+        const signatureBytes = signature.data.signature;
+        if (!(signatureBytes instanceof Uint8Array)) {
+            throw new TypeError(`Invalid signature format: expected Uint8Array, got ${typeof signatureBytes}`);
+        }
+        // Convert to EcdsaSignature
+        if (chainName === 'EVM') {
+            const ecdsaSignature = EcdsaSignature.fromBuffer(signatureBytes);
+            return ecdsaSignature;
+        } else {
+            return signatureBytes;
+        }
+    }
     async clientSign({ chainName, message, roomId, keyShare, derivationPath, isFormatted, dynamicRequestId }) {
         try {
             const mpcSigner = getMPCSigner({
@@ -1153,6 +1183,16 @@ class DynamicWalletClient {
                 derivationPath,
                 isFormatted
             });
+            if (this.forwardMPCEnabled) {
+                return this.forwardMPCClientSign({
+                    chainName,
+                    message,
+                    roomId,
+                    keyShare,
+                    derivationPath,
+                    formattedMessage
+                });
+            }
             const signature = await mpcSigner.sign(roomId, keyShare, formattedMessage, derivationPath);
             return signature;
         } catch (error) {
@@ -1343,10 +1383,9 @@ class DynamicWalletClient {
             existingClientKeyShares
         };
     }
-    async reshare({ chainName, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, password = undefined, signedSessionId, backupToGoogleDrive = false, delegateToProjectEnvironment = false, mfaToken }) {
+    async reshare({ chainName, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, password = undefined, signedSessionId, backupToGoogleDrive = false, delegateToProjectEnvironment = false, mfaToken, revokeDelegation = false }) {
         const dynamicRequestId = v4();
         try {
-            var _publicKey_key, _publicKey_key1;
             await this.verifyPassword({
                 accountAddress,
                 password,
@@ -1383,7 +1422,8 @@ class DynamicWalletClient {
                 newThresholdSignatureScheme,
                 dynamicRequestId,
                 delegateToProjectEnvironment,
-                mfaToken
+                mfaToken,
+                revokeDelegation
             });
             const { roomId, serverKeygenIds, newServerKeygenIds = [] } = data;
             // Get the MPC config for the threshold signature scheme
@@ -1405,7 +1445,7 @@ class DynamicWalletClient {
                 Promise.all(existingResharePromises),
                 Promise.all(newResharePromises)
             ]);
-            const clientKeyshares = delegateToProjectEnvironment ? [
+            const clientKeysharesToLocalStorage = delegateToProjectEnvironment ? [
                 ...existingReshareResults
             ] : [
                 ...existingReshareResults,
@@ -1414,33 +1454,20 @@ class DynamicWalletClient {
             this.walletMap[accountAddress] = _extends({}, this.walletMap[accountAddress], {
                 thresholdSignatureScheme: newThresholdSignatureScheme
             });
+            // store client key shares to localStorage
             await this.setClientKeySharesToLocalStorage({
                 accountAddress,
-                clientKeyShares: clientKeyshares,
+                clientKeyShares: clientKeysharesToLocalStorage,
                 overwriteOrMerge: 'overwrite'
             });
+            // if delegateToProjectEnvironment is true, we need to update location for the delegated share
+            const delegatedKeyshare = delegateToProjectEnvironment ? newReshareResults[0] : undefined;
             await this.storeEncryptedBackupByWallet({
                 accountAddress,
                 password,
                 signedSessionId,
                 backupToGoogleDrive,
-                delegatedLocations: newReshareResults.map(()=>({
-                        location: BackupLocation.DELEGATED
-                    }))
-            });
-            const publicKey = await this.apiClient.getDelegatedEncryptionKey({
-                environmentId: this.environmentId
-            });
-            if (!(publicKey == null ? void 0 : (_publicKey_key = publicKey.key) == null ? void 0 : _publicKey_key.publicKeyPemB64)) {
-                throw new Error('Public key not found');
-            }
-            const encryptedDelegatedKeyShareEnvelope = await encryptDelegatedKeyShare(JSON.stringify(clientKeyshares[0]), publicKey == null ? void 0 : (_publicKey_key1 = publicKey.key) == null ? void 0 : _publicKey_key1.publicKeyPemB64);
-            await this.apiClient.publishDelegatedKeyShare({
-                walletId: this.walletMap[accountAddress].walletId,
-                encryptedKeyShare: encryptedDelegatedKeyShareEnvelope,
-                signedSessionId,
-                requiresSignedSessionId: this.requiresSignedSessionId(),
-                dynamicRequestId
+                delegatedKeyshare
             });
         } catch (error) {
             logError({
@@ -1467,7 +1494,7 @@ class DynamicWalletClient {
             throw error;
         }
     }
-    async delegateKeyShares({ accountAddress, password = undefined, signedSessionId, mfaToken }) {
+    async performDelegationOperation({ accountAddress, password, signedSessionId, mfaToken, newThresholdSignatureScheme, revokeDelegation = false, operationName }) {
         try {
             const delegateToProjectEnvironment = this.featureFlags && this.featureFlags[FEATURE_FLAGS.ENABLE_DELEGATED_KEY_SHARES_FLAG] === true;
             if (!delegateToProjectEnvironment) {
@@ -1487,19 +1514,17 @@ class DynamicWalletClient {
                 chainName: this.walletMap[accountAddress].chainName,
                 accountAddress,
                 oldThresholdSignatureScheme: currentThresholdSignatureScheme,
-                newThresholdSignatureScheme: ThresholdSignatureScheme.TWO_OF_THREE,
+                newThresholdSignatureScheme,
                 password,
                 signedSessionId,
                 backupToGoogleDrive: false,
                 delegateToProjectEnvironment: true,
-                mfaToken
+                mfaToken,
+                revokeDelegation
             });
-            const backupInfo = this.walletMap[accountAddress].clientKeySharesBackupInfo;
-            const delegatedKeyShares = backupInfo.backups[BackupLocation.DELEGATED] || [];
-            return delegatedKeyShares;
         } catch (error) {
             logError({
-                message: 'Error in delegateKeyShares',
+                message: `Error in ${operationName}`,
                 error: error,
                 context: {
                     accountAddress
@@ -1508,6 +1533,30 @@ class DynamicWalletClient {
             throw error;
         }
     }
+    async delegateKeyShares({ accountAddress, password = undefined, signedSessionId, mfaToken }) {
+        await this.performDelegationOperation({
+            accountAddress,
+            password,
+            signedSessionId,
+            mfaToken,
+            newThresholdSignatureScheme: ThresholdSignatureScheme.TWO_OF_THREE,
+            operationName: 'delegateKeyShares'
+        });
+        const backupInfo = this.walletMap[accountAddress].clientKeySharesBackupInfo;
+        const delegatedKeyShares = backupInfo.backups[BackupLocation.DELEGATED] || [];
+        return delegatedKeyShares;
+    }
+    async revokeDelegation({ accountAddress, password = undefined, signedSessionId, mfaToken }) {
+        await this.performDelegationOperation({
+            accountAddress,
+            password,
+            signedSessionId,
+            mfaToken,
+            newThresholdSignatureScheme: ThresholdSignatureScheme.TWO_OF_TWO,
+            revokeDelegation: true,
+            operationName: 'revokeDelegation'
+        });
+    }
     async exportKey({ accountAddress, chainName, password = undefined, signedSessionId, mfaToken }) {
         const dynamicRequestId = v4();
         try {
@@ -1691,6 +1740,10 @@ class DynamicWalletClient {
    * 4. Updates backup metadata and synchronizes wallet state
    * 5. Persists the updated wallet map to local storage
    *
+   * **Delegated Key Shares:**
+   * - When delegatedKeyshare is provided, the method will not store the delegated key share but it will mark the delegated share as backed up on Dynamic's backend
+   * - and encrypt the delegated key share to publish it to the webhook
+   *
    * @param params - The backup operation parameters
    * @param params.accountAddress - The account address of the wallet to backup
    * @param params.clientKeyShares - Optional specific key shares to backup (uses localStorage if not provided)
@@ -1698,7 +1751,7 @@ class DynamicWalletClient {
    * @param params.signedSessionId - Optional signed session ID for authentication
    * @param params.backupToGoogleDrive - Whether to backup to Google Drive (defaults to false)
    * @returns Promise with backup metadata including share locations and IDs
-   */ async storeEncryptedBackupByWallet({ accountAddress, clientKeyShares = undefined, password = undefined, signedSessionId, backupToGoogleDrive = false, delegatedLocations = [] }) {
+   */ async storeEncryptedBackupByWallet({ accountAddress, clientKeyShares = undefined, password = undefined, signedSessionId, backupToGoogleDrive = false, delegatedKeyshare = undefined }) {
         const dynamicRequestId = v4();
         try {
             var _this_walletMap_accountAddress, _this_walletMap_accountAddress_clientKeySharesBackupInfo_backups_BackupLocation_GOOGLE_DRIVE, _this_walletMap_accountAddress_clientKeySharesBackupInfo_backups, _this_walletMap_accountAddress_clientKeySharesBackupInfo, _this_walletMap_accountAddress1;
@@ -1766,8 +1819,31 @@ class DynamicWalletClient {
                     location: BackupLocation.GOOGLE_DRIVE
                 });
             }
-            if ((delegatedLocations == null ? void 0 : delegatedLocations.length) > 0) {
-                locations.push(...delegatedLocations);
+            // if delegatedKeyshare is provided, we encrypt the delegated key share and publish it to the webhook
+            // after publish confirmed, we mark the delegated share as backed up on Dynamic's backend
+            if (delegatedKeyshare) {
+                var _publicKey_key, _publicKey_key1, _publicKey_key2;
+                const publicKey = await this.apiClient.getDelegatedEncryptionKey({
+                    environmentId: this.environmentId
+                });
+                if (!(publicKey == null ? void 0 : (_publicKey_key = publicKey.key) == null ? void 0 : _publicKey_key.publicKeyPemB64)) {
+                    throw new Error('Public key not found');
+                }
+                var _publicKey_key_keyId;
+                const encryptedDelegatedKeyShareEnvelope = await encryptDelegatedKeyShare(JSON.stringify(delegatedKeyshare), publicKey == null ? void 0 : (_publicKey_key1 = publicKey.key) == null ? void 0 : _publicKey_key1.publicKeyPemB64, (_publicKey_key_keyId = publicKey == null ? void 0 : (_publicKey_key2 = publicKey.key) == null ? void 0 : _publicKey_key2.keyId) != null ? _publicKey_key_keyId : publicKey == null ? void 0 : publicKey.keyId);
+                const { status } = await this.apiClient.publishDelegatedKeyShare({
+                    walletId: this.walletMap[accountAddress].walletId,
+                    encryptedKeyShare: encryptedDelegatedKeyShareEnvelope,
+                    signedSessionId,
+                    requiresSignedSessionId: this.requiresSignedSessionId(),
+                    dynamicRequestId
+                });
+                if (status !== 200) {
+                    throw new Error('Failed to publish delegated key share');
+                }
+                locations.push({
+                    location: BackupLocation.DELEGATED
+                });
             }
             const backupData = await this.apiClient.markKeySharesAsBackedUp({
                 walletId: this.walletMap[accountAddress].walletId,
@@ -2467,7 +2543,7 @@ class DynamicWalletClient {
         this.apiClient.syncAuthToken(authToken);
     }
     constructor({ environmentId, baseApiUrl, baseMPCRelayApiUrl, storageKey, debug, featureFlags, authMode = AuthMode.HEADER, authToken = undefined, // Represents the version of the client SDK used by developer
-    sdkVersion }){
+    sdkVersion, forwardMPCClient }){
         this.userId = undefined;
         this.sessionId = undefined;
         this.initializePromise = null;
@@ -2476,6 +2552,7 @@ class DynamicWalletClient {
         ;
         this.memoryStorage = null;
         this.iframe = null;
+        this.forwardMPCEnabled = false;
         this.featureFlags = {};
         this.environmentId = environmentId;
         this.storageKey = `${STORAGE_KEY}-${storageKey != null ? storageKey : environmentId}`;
@@ -2487,7 +2564,8 @@ class DynamicWalletClient {
             authToken,
             baseApiUrl,
             authMode,
-            sdkVersion
+            sdkVersion,
+            forwardMPCClient
         });
         this.debug = Boolean(debug);
         this.logger.setLogLevel(this.debug ? LogLevel.DEBUG : DEFAULT_LOG_LEVEL);
@@ -2507,6 +2585,11 @@ class DynamicWalletClient {
         if (authMode === AuthMode.HEADER && authToken) {
             this.initLoggerContext(authToken);
         }
+        this.forwardMPCEnabled = this.featureFlags && this.featureFlags[FEATURE_FLAGS.ENABLE_FORWARD_MPC_CLIENT_FLAG] === true;
+        // if forwardMPCEnabled is true and forwardMPCClient is not provided, initialize the forwardMPCClient
+        if (this.forwardMPCEnabled && !forwardMPCClient) {
+            this.initializeForwardMPCClient();
+        }
     }
 }

package/package.json CHANGED Viewed

@@ -1,14 +1,14 @@
 {
   "name": "@dynamic-labs-wallet/browser",
-  "version": "0.0.0-beta.317",
+  "version": "0.0.0-beta.318",
   "license": "Licensed under the Dynamic Labs, Inc. Terms Of Service (https://www.dynamic.xyz/terms-conditions)",
   "type": "module",
   "dependencies": {
-    "@dynamic-labs-wallet/core": "0.0.0-beta.317",
+    "@dynamic-labs-wallet/core": "0.0.0-beta.318",
     "@dynamic-labs/logger": "^4.25.3",
-    "@dynamic-labs/sdk-api-core": "^0.0.764",
+    "@dynamic-labs/sdk-api-core": "^0.0.801",
     "argon2id": "1.0.1",
-    "axios": "1.9.0",
+    "axios": "1.12.2",
     "http-errors": "2.0.0",
     "semver": "^7.6.3",
     "uuid": "11.1.0",

package/src/client.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
+import { BIP340KeygenResult, EcdsaKeygenResult, type EcdsaPublicKey, EcdsaSignature, ExportableEd25519KeygenResult, MessageHash } from '#internal/web';
 import { AuthMode, BackupLocation, type BackupLocationWithExternalKeyShareId, DynamicApiClient, type DynamicWalletClientProps, type FeatureFlags, type InitializeResult, type KeyShareBackupInfo, ThresholdSignatureScheme, WalletOperation } from '@dynamic-labs-wallet/core';
-import { BIP340KeygenResult, EcdsaKeygenResult, type EcdsaPublicKey, type EcdsaSignature, ExportableEd25519KeygenResult } from '#internal/web';
 import type { SignMessageContext } from '@dynamic-labs/sdk-api-core';
 import type { ClientInitKeygenResult, ClientKeyShare } from './mpc/types.js';
 import { type SupportedStorage } from './services/localStorage.js';
@@ -20,12 +20,14 @@ export declare class DynamicWalletClient {
     } | null;
     protected baseMPCRelayApiUrl?: string;
     protected iframe: HTMLIFrameElement | null;
+    protected forwardMPCEnabled: boolean;
     readonly instanceId: string;
     readonly iframeDomain: string;
     readonly featureFlags: FeatureFlags;
     protected authMode: AuthMode;
     protected sdkVersion?: string;
-    constructor({ environmentId, baseApiUrl, baseMPCRelayApiUrl, storageKey, debug, featureFlags, authMode, authToken, sdkVersion, }: DynamicWalletClientProps);
+    constructor({ environmentId, baseApiUrl, baseMPCRelayApiUrl, storageKey, debug, featureFlags, authMode, authToken, sdkVersion, forwardMPCClient, }: DynamicWalletClientProps);
+    private initializeForwardMPCClient;
     getAuthMode(): AuthMode;
     /**
      * Check if the SDK version meets the requirement for signed session ID
@@ -94,6 +96,14 @@ export declare class DynamicWalletClient {
         context?: SignMessageContext;
         onError?: (error: Error) => void;
     }): Promise<import("@dynamic-labs-wallet/core").OpenRoomResponse>;
+    forwardMPCClientSign({ chainName, message, roomId, keyShare, derivationPath, formattedMessage, }: {
+        chainName: string;
+        message: string | Uint8Array;
+        roomId: string;
+        keyShare: ClientKeyShare;
+        derivationPath: Uint32Array | undefined;
+        formattedMessage: string | Uint8Array | MessageHash;
+    }): Promise<Uint8Array | EcdsaSignature>;
     clientSign({ chainName, message, roomId, keyShare, derivationPath, isFormatted, dynamicRequestId, }: {
         chainName: string;
         message: string | Uint8Array;
@@ -151,7 +161,7 @@ export declare class DynamicWalletClient {
         existingClientKeygenIds: string[];
         existingClientKeyShares: ClientKeyShare[];
     }>;
-    reshare({ chainName, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, password, signedSessionId, backupToGoogleDrive, delegateToProjectEnvironment, mfaToken, }: {
+    reshare({ chainName, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, password, signedSessionId, backupToGoogleDrive, delegateToProjectEnvironment, mfaToken, revokeDelegation, }: {
         chainName: string;
         accountAddress: string;
         oldThresholdSignatureScheme: ThresholdSignatureScheme;
@@ -161,13 +171,21 @@ export declare class DynamicWalletClient {
         backupToGoogleDrive?: boolean;
         delegateToProjectEnvironment?: boolean;
         mfaToken?: string;
+        revokeDelegation?: boolean;
     }): Promise<void>;
+    private performDelegationOperation;
     delegateKeyShares({ accountAddress, password, signedSessionId, mfaToken, }: {
         accountAddress: string;
         password?: string;
         signedSessionId: string;
         mfaToken?: string;
     }): Promise<BackupLocationWithExternalKeyShareId[]>;
+    revokeDelegation({ accountAddress, password, signedSessionId, mfaToken, }: {
+        accountAddress: string;
+        password?: string;
+        signedSessionId: string;
+        mfaToken?: string;
+    }): Promise<void>;
     exportKey({ accountAddress, chainName, password, signedSessionId, mfaToken, }: {
         accountAddress: string;
         chainName: string;
@@ -222,6 +240,10 @@ export declare class DynamicWalletClient {
      * 4. Updates backup metadata and synchronizes wallet state
      * 5. Persists the updated wallet map to local storage
      *
+     * **Delegated Key Shares:**
+     * - When delegatedKeyshare is provided, the method will not store the delegated key share but it will mark the delegated share as backed up on Dynamic's backend
+     * - and encrypt the delegated key share to publish it to the webhook
+     *
      * @param params - The backup operation parameters
      * @param params.accountAddress - The account address of the wallet to backup
      * @param params.clientKeyShares - Optional specific key shares to backup (uses localStorage if not provided)
@@ -230,13 +252,13 @@ export declare class DynamicWalletClient {
      * @param params.backupToGoogleDrive - Whether to backup to Google Drive (defaults to false)
      * @returns Promise with backup metadata including share locations and IDs
      */
-    storeEncryptedBackupByWallet({ accountAddress, clientKeyShares, password, signedSessionId, backupToGoogleDrive, delegatedLocations, }: {
+    storeEncryptedBackupByWallet({ accountAddress, clientKeyShares, password, signedSessionId, backupToGoogleDrive, delegatedKeyshare, }: {
         accountAddress: string;
         clientKeyShares?: ClientKeyShare[];
         password?: string;
         signedSessionId: string;
         backupToGoogleDrive?: boolean;
-        delegatedLocations?: any[];
+        delegatedKeyshare?: any;
     }): Promise<any>;
     storeEncryptedBackupByWalletWithRetry({ accountAddress, clientKeyShares, password, signedSessionId, }: {
         accountAddress: string;

package/src/client.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../packages/src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,QAAQ,EAER,cAAc,EACd,KAAK,oCAAoC,EACzC,gBAAgB,EAChB,KAAK,wBAAwB,EAE7B,KAAK,YAAY,EAOjB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EAGvB,wBAAwB,EAExB,eAAe,EAChB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,kBAAkB,EAElB,iBAAiB,EACjB,KAAK,cAAc,EACnB,KAAK,cAAc,EAEnB,6BAA6B,EAE9B,MAAM,eAAe,CAAC;AAMvB,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAYrE,OAAO,KAAK,EAAE,sBAAsB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC7E,OAAO,EAGL,KAAK,gBAAgB,EAEtB,MAAM,4BAA4B,CAAC;AAEpC,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAYnD,qBAAa,mBAAmB;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,OAAO,CAAC;IAEtB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAa;IACjD,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAa;IAEpD,SAAS,CAAC,iBAAiB,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAQ;IACrE,SAAS,CAAC,MAAM,wCAAU;IAC1B,SAAS,CAAC,SAAS,EAAE,gBAAgB,CAAC;IACtC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAM;IAC3D,SAAS,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACpC,SAAS,CAAC,aAAa,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,GAAG,IAAI,CAAQ;IACjE,SAAS,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IACtC,SAAS,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAAQ;IAClD,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAM;IACzC,SAAS,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC7B,SAAS,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;gBAElB,EACV,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,UAAU,EACV,KAAK,EACL,YAAY,EACZ,QAA0B,EAC1B,SAAqB,EAErB,UAAU,GACX,EAAE,wBAAwB;IAsCpB,WAAW,IAAI,QAAQ;IAI9B;;;;OAIG;IACH,OAAO,CAAC,uBAAuB;IA+BzB,iBAAiB,CAAC,SAAS,EAAE,MAAM;IAuDnC,UAAU,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAgB7C;;OAEG;cACa,WAAW,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAWlD,sBAAsB,CAAC,EAC3B,SAAS,EACT,eAAe,EACf,gBAAgB,EAChB,wBAAwB,EACxB,OAAO,EACP,kBAAkB,GACnB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,gBAAgB,EAAE,MAAM,CAAC;QACzB,wBAAwB,EAAE,wBAAwB,CAAC;QACnD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;QACjC,kBAAkB,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;KACzE;IAoBK,sBAAsB,CAAC,EAC3B,SAAS,EACT,wBAAwB,GACzB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,wBAAwB,EAAE,wBAAwB,CAAC;KACpD,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAkB/B,eAAe,CAAC,EACpB,SAAS,EACT,QAAQ,EACR,cAAc,GACf,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,cAAc,CAAC;QACzB,cAAc,EAAE,WAAW,GAAG,SAAS,CAAC;KACzC,GAAG,OAAO,CAAC,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;IAcvD,YAAY,CAAC,EACjB,SAAS,EACT,MAAM,EACN,eAAe,EACf,uBAAuB,EACvB,wBAAwB,GACzB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,uBAAuB,EAAE,sBAAsB,EAAE,CAAC;QAClD,wBAAwB,EAAE,wBAAwB,CAAC;KACpD,GAAG,OAAO,CAAC;QACV,YAAY,EAAE,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;QAC/D,mBAAmB,EAAE,cAAc,EAAE,CAAC;KACvC,CAAC;IA4DI,MAAM,CAAC,EACX,SAAS,EACT,wBAAwB,EACxB,OAAO,EACP,kBAAkB,GACnB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,wBAAwB,EAAE,wBAAwB,CAAC;QACnD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;QACjC,kBAAkB,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;KACzE,GAAG,OAAO,CAAC;QACV,YAAY,EAAE,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;QAC/D,eAAe,EAAE,cAAc,EAAE,CAAC;KACnC,CAAC;IA2EI,mBAAmB,CAAC,EACxB,SAAS,EACT,UAAU,EACV,wBAAwB,EACxB,OAAO,EACP,kBAAkB,GACnB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;QACnB,wBAAwB,EAAE,wBAAwB,CAAC;QACnD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;QACjC,kBAAkB,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;KACzE,GAAG,OAAO,CAAC;QACV,YAAY,EAAE,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;QAC/D,eAAe,EAAE,cAAc,EAAE,CAAC;KACnC,CAAC;IAuHI,UAAU,CAAC,EACf,QAAQ,EACR,OAAO,EACP,WAAW,EACX,QAAQ,EACR,OAAO,EACP,OAAO,EACP,gBAAgB,GACjB,EAAE;QACD,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,GAAG,UAAU,CAAC;QAC7B,gBAAgB,EAAE,MAAM,CAAC;QACzB,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,kBAAkB,CAAC;QAC7B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;KAClC;IAyBK,UAAU,CAAC,EACf,SAAS,EACT,OAAO,EACP,MAAM,EACN,QAAQ,EACR,cAAc,EACd,WAAW,EACX,gBAAgB,GACjB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,GAAG,UAAU,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;QACf,gBAAgB,EAAE,MAAM,CAAC;QACzB,QAAQ,EAAE,cAAc,CAAC;QACzB,cAAc,EAAE,WAAW,GAAG,SAAS,CAAC;QACxC,WAAW,CAAC,EAAE,OAAO,CAAC;KACvB,GAAG,OAAO,CAAC,UAAU,GAAG,cAAc,CAAC;IA4ClC,IAAI,CAAC,EACT,cAAc,EACd,OAAO,EACP,SAAS,EACT,QAAoB,EACpB,WAAmB,EACnB,eAAe,EACf,QAAQ,EACR,OAAO,EACP,OAAO,GACR,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,OAAO,EAAE,MAAM,GAAG,UAAU,CAAC;QAC7B,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,kBAAkB,CAAC;QAC7B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;KAClC,GAAG,OAAO,CAAC,UAAU,GAAG,cAAc,CAAC;IA+ElC,0BAA0B,CAAC,EAC/B,cAAc,EACd,SAAS,EACT,QAAoB,EACpB,eAAe,EACf,QAAQ,GACT,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAiEK,WAAW,CAAC,EAChB,SAAS,EACT,cAAc,GACf,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,cAAc,EACV,iBAAiB,GACjB,6BAA6B,GAC7B,kBAAkB,CAAC;KACxB;IASD;;;;;;;;;;;;;OAaG;IACG,eAAe,CAAC,EACpB,SAAS,EACT,MAAM,EACN,cAAc,EACd,2BAA2B,EAC3B,2BAA2B,GAC5B,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,gBAAgB,CAAC;QACzB,cAAc,EAAE,MAAM,CAAC;QACvB,2BAA2B,EAAE,wBAAwB,CAAC;QACtD,2BAA2B,EAAE,wBAAwB,CAAC;KACvD,GAAG,OAAO,CAAC;QACV,0BAA0B,EAAE,sBAAsB,EAAE,CAAC;QACrD,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,uBAAuB,EAAE,MAAM,EAAE,CAAC;QAClC,uBAAuB,EAAE,cAAc,EAAE,CAAC;KAC3C,CAAC;IA6CI,OAAO,CAAC,EACZ,SAAS,EACT,cAAc,EACd,2BAA2B,EAC3B,2BAA2B,EAC3B,QAAoB,EACpB,eAAe,EACf,mBAA2B,EAC3B,4BAAoC,EACpC,QAAQ,GACT,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,cAAc,EAAE,MAAM,CAAC;QACvB,2BAA2B,EAAE,wBAAwB,CAAC;QACtD,2BAA2B,EAAE,wBAAwB,CAAC;QACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,4BAA4B,CAAC,EAAE,OAAO,CAAC;QACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAwKK,iBAAiB,CAAC,EACtB,cAAc,EACd,QAAoB,EACpB,eAAe,EACf,QAAQ,GACT,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAuDK,SAAS,CAAC,EACd,cAAc,EACd,SAAS,EACT,QAAoB,EACpB,eAAe,EACf,QAAQ,GACT,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;;;IAgGK,gBAAgB,CAAC,EACrB,SAAS,EACT,SAAS,EACT,cAAc,GACf,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,cAAc,EAAE,CAAC;QAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC;QACV,iBAAiB,EAAE,MAAM,GAAG,SAAS,CAAC;QACtC,YAAY,EAAE,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;KAChE,CAAC;IA2EI,eAAe,CAAC,EACpB,QAAQ,EACR,QAAQ,GACT,EAAE;QACD,QAAQ,EAAE,cAAc,CAAC;QACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAaD;;OAEG;IACG,kCAAkC,CAAC,EACvC,cAAc,GACf,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;KACxB,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAiC7B;;OAEG;IACG,gCAAgC,CAAC,EACrC,cAAc,EACd,eAAe,EACf,gBAA0B,GAC3B,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,EAAE,cAAc,EAAE,CAAC;QAClC,gBAAgB,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC;KAC1C,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBjB;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACG,4BAA4B,CAAC,EACjC,cAAc,EACd,eAA2B,EAC3B,QAAoB,EACpB,eAAe,EACf,mBAA2B,EAC3B,kBAAuB,GACxB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,CAAC,EAAE,cAAc,EAAE,CAAC;QACnC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,kBAAkB,CAAC,EAAE,GAAG,EAAE,CAAC;KAC5B;IA4IK,qCAAqC,CAAC,EAC1C,cAAc,EACd,eAAe,EACf,QAAQ,EACR,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,CAAC,EAAE,cAAc,EAAE,CAAC;QACnC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB;IAkBK,cAAc,CAAC,EACnB,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,EAAE,MAAM,CAAC;KACzB;IAeK,eAAe,CAAC,EACpB,QAAQ,EACR,QAAQ,GACT,EAAE;QACD,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,cAAc,CAAC;IAa3B;;;;;OAKG;YACW,8BAA8B;IAmC5C;;;;;;;;;;;OAWG;IACH,eAAe,CAAC,EACd,wBAAwB,EACxB,wBAAwB,EACxB,eAAe,EACf,UAAsB,GACvB,EAAE;QACD,wBAAwB,EAAE,kBAAkB,CAAC;QAC7C,wBAAwB,EAAE,wBAAwB,CAAC;QACnD,eAAe,EAAE,eAAe,CAAC;QACjC,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GAAG;QACF,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAClD,kBAAkB,EAAE,MAAM,CAAC;KAC5B;IA+BK,8BAA8B,CAAC,EACnC,cAAc,EACd,QAAQ,EACR,eAAe,EACf,eAAe,EACf,UAAsB,EACtB,oBAA2B,EAC3B,QAAQ,GACT,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,eAAe,CAAC;QACjC,eAAe,EAAE,MAAM,CAAC;QACxB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAsEK,cAAc;IAQpB;;;;;;;;;;OAUG;IACG,4BAA4B,CAAC,EACjC,cAAc,EACd,QAAQ,EACR,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAsDrB;;;;;;;;;;;OAWG;YACW,4BAA4B;IAoDpC,4BAA4B,CAAC,EACjC,cAAc,EACd,QAAQ,EACR,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAkGvB,qBAAqB,CAAC,EAC1B,cAAc,EACd,QAAQ,EACR,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB;IA6BK,kBAAkB,CAAC,EACvB,cAAc,EACd,QAAQ,EACR,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB;IAYD;;;;;OAKG;YACW,iBAAiB;IA8D/B;;;;OAIG;IACG,cAAc,CAAC,EACnB,cAAc,EACd,QAAoB,EACpB,eAA8C,EAC9C,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,CAAC,EAAE,eAAe,CAAC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB;IAsDK,mBAAmB,CAAC,EACxB,cAAc,GACf,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;KACxB,GAAG,OAAO,CAAC,OAAO,CAAC;IAMpB;;OAEG;IACG,4BAA4B,CAAC,EACjC,cAAc,EACd,eAAiD,GAClD,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,CAAC,EAAE,eAAe,CAAC;KACnC,GAAG,OAAO,CAAC,OAAO,CAAC;IAYpB;;OAEG;IACG,uCAAuC,CAAC,EAC5C,cAAc,EACd,eAAiD,GAClD,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,CAAC,EAAE,eAAe,CAAC;KACnC,GAAG,OAAO,CAAC,OAAO,CAAC;IAgCd,iCAAiC,CAAC,EACtC,cAAc,GACf,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;KACxB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAiCzB,SAAS,CAAC,EACd,cAAc,EACd,eAA8C,EAC9C,UAAsB,EACtB,QAAoB,EACpB,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,CAAC,EAAE,eAAe,CAAC;QAClC,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB;IAmGK,UAAU;IAgDhB;;;OAGG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM;CAOhC"}
1	+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../packages/src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,kBAAkB,EAElB,iBAAiB,EACjB,KAAK,cAAc,EACnB,cAAc,EAEd,6BAA6B,EAC7B,WAAW,EACZ,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,QAAQ,EAER,cAAc,EACd,KAAK,oCAAoC,EACzC,gBAAgB,EAChB,KAAK,wBAAwB,EAE7B,KAAK,YAAY,EAOjB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EAGvB,wBAAwB,EAExB,eAAe,EAChB,MAAM,2BAA2B,CAAC;AAMnC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAYrE,OAAO,KAAK,EAAE,sBAAsB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAE7E,OAAO,EAGL,KAAK,gBAAgB,EAEtB,MAAM,4BAA4B,CAAC;AAEpC,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAWnD,qBAAa,mBAAmB;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,OAAO,CAAC;IAEtB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAa;IACjD,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAa;IAEpD,SAAS,CAAC,iBAAiB,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAQ;IACrE,SAAS,CAAC,MAAM,wCAAU;IAC1B,SAAS,CAAC,SAAS,EAAE,gBAAgB,CAAC;IACtC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAM;IAC3D,SAAS,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACpC,SAAS,CAAC,aAAa,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,GAAG,IAAI,CAAQ;IACjE,SAAS,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IACtC,SAAS,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAAQ;IAClD,SAAS,CAAC,iBAAiB,UAAS;IACpC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAM;IACzC,SAAS,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC7B,SAAS,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;gBAElB,EACV,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,UAAU,EACV,KAAK,EACL,YAAY,EACZ,QAA0B,EAC1B,SAAqB,EAErB,UAAU,EACV,gBAAgB,GACjB,EAAE,wBAAwB;YAgDb,0BAA0B;IA8BjC,WAAW,IAAI,QAAQ;IAI9B;;;;OAIG;IACH,OAAO,CAAC,uBAAuB;IA+BzB,iBAAiB,CAAC,SAAS,EAAE,MAAM;IAuDnC,UAAU,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAgB7C;;OAEG;cACa,WAAW,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAWlD,sBAAsB,CAAC,EAC3B,SAAS,EACT,eAAe,EACf,gBAAgB,EAChB,wBAAwB,EACxB,OAAO,EACP,kBAAkB,GACnB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,gBAAgB,EAAE,MAAM,CAAC;QACzB,wBAAwB,EAAE,wBAAwB,CAAC;QACnD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;QACjC,kBAAkB,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;KACzE;IAoBK,sBAAsB,CAAC,EAC3B,SAAS,EACT,wBAAwB,GACzB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,wBAAwB,EAAE,wBAAwB,CAAC;KACpD,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAkB/B,eAAe,CAAC,EACpB,SAAS,EACT,QAAQ,EACR,cAAc,GACf,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,cAAc,CAAC;QACzB,cAAc,EAAE,WAAW,GAAG,SAAS,CAAC;KACzC,GAAG,OAAO,CAAC,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;IAcvD,YAAY,CAAC,EACjB,SAAS,EACT,MAAM,EACN,eAAe,EACf,uBAAuB,EACvB,wBAAwB,GACzB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,uBAAuB,EAAE,sBAAsB,EAAE,CAAC;QAClD,wBAAwB,EAAE,wBAAwB,CAAC;KACpD,GAAG,OAAO,CAAC;QACV,YAAY,EAAE,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;QAC/D,mBAAmB,EAAE,cAAc,EAAE,CAAC;KACvC,CAAC;IA4DI,MAAM,CAAC,EACX,SAAS,EACT,wBAAwB,EACxB,OAAO,EACP,kBAAkB,GACnB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,wBAAwB,EAAE,wBAAwB,CAAC;QACnD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;QACjC,kBAAkB,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;KACzE,GAAG,OAAO,CAAC;QACV,YAAY,EAAE,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;QAC/D,eAAe,EAAE,cAAc,EAAE,CAAC;KACnC,CAAC;IA2EI,mBAAmB,CAAC,EACxB,SAAS,EACT,UAAU,EACV,wBAAwB,EACxB,OAAO,EACP,kBAAkB,GACnB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;QACnB,wBAAwB,EAAE,wBAAwB,CAAC;QACnD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;QACjC,kBAAkB,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;KACzE,GAAG,OAAO,CAAC;QACV,YAAY,EAAE,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;QAC/D,eAAe,EAAE,cAAc,EAAE,CAAC;KACnC,CAAC;IAuHI,UAAU,CAAC,EACf,QAAQ,EACR,OAAO,EACP,WAAW,EACX,QAAQ,EACR,OAAO,EACP,OAAO,EACP,gBAAgB,GACjB,EAAE;QACD,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,GAAG,UAAU,CAAC;QAC7B,gBAAgB,EAAE,MAAM,CAAC;QACzB,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,kBAAkB,CAAC;QAC7B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;KAClC;IAyBK,oBAAoB,CAAC,EACzB,SAAS,EACT,OAAO,EACP,MAAM,EACN,QAAQ,EACR,cAAc,EACd,gBAAgB,GACjB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,GAAG,UAAU,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,cAAc,CAAC;QACzB,cAAc,EAAE,WAAW,GAAG,SAAS,CAAC;QACxC,gBAAgB,EAAE,MAAM,GAAG,UAAU,GAAG,WAAW,CAAC;KACrD,GAAG,OAAO,CAAC,UAAU,GAAG,cAAc,CAAC;IAkClC,UAAU,CAAC,EACf,SAAS,EACT,OAAO,EACP,MAAM,EACN,QAAQ,EACR,cAAc,EACd,WAAW,EACX,gBAAgB,GACjB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,GAAG,UAAU,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;QACf,gBAAgB,EAAE,MAAM,CAAC;QACzB,QAAQ,EAAE,cAAc,CAAC;QACzB,cAAc,EAAE,WAAW,GAAG,SAAS,CAAC;QACxC,WAAW,CAAC,EAAE,OAAO,CAAC;KACvB,GAAG,OAAO,CAAC,UAAU,GAAG,cAAc,CAAC;IAuDlC,IAAI,CAAC,EACT,cAAc,EACd,OAAO,EACP,SAAS,EACT,QAAoB,EACpB,WAAmB,EACnB,eAAe,EACf,QAAQ,EACR,OAAO,EACP,OAAO,GACR,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,OAAO,EAAE,MAAM,GAAG,UAAU,CAAC;QAC7B,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,kBAAkB,CAAC;QAC7B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;KAClC,GAAG,OAAO,CAAC,UAAU,GAAG,cAAc,CAAC;IA+ElC,0BAA0B,CAAC,EAC/B,cAAc,EACd,SAAS,EACT,QAAoB,EACpB,eAAe,EACf,QAAQ,GACT,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAiEK,WAAW,CAAC,EAChB,SAAS,EACT,cAAc,GACf,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,cAAc,EACV,iBAAiB,GACjB,6BAA6B,GAC7B,kBAAkB,CAAC;KACxB;IASD;;;;;;;;;;;;;OAaG;IACG,eAAe,CAAC,EACpB,SAAS,EACT,MAAM,EACN,cAAc,EACd,2BAA2B,EAC3B,2BAA2B,GAC5B,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,gBAAgB,CAAC;QACzB,cAAc,EAAE,MAAM,CAAC;QACvB,2BAA2B,EAAE,wBAAwB,CAAC;QACtD,2BAA2B,EAAE,wBAAwB,CAAC;KACvD,GAAG,OAAO,CAAC;QACV,0BAA0B,EAAE,sBAAsB,EAAE,CAAC;QACrD,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,uBAAuB,EAAE,MAAM,EAAE,CAAC;QAClC,uBAAuB,EAAE,cAAc,EAAE,CAAC;KAC3C,CAAC;IA6CI,OAAO,CAAC,EACZ,SAAS,EACT,cAAc,EACd,2BAA2B,EAC3B,2BAA2B,EAC3B,QAAoB,EACpB,eAAe,EACf,mBAA2B,EAC3B,4BAAoC,EACpC,QAAQ,EACR,gBAAwB,GACzB,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,cAAc,EAAE,MAAM,CAAC;QACvB,2BAA2B,EAAE,wBAAwB,CAAC;QACtD,2BAA2B,EAAE,wBAAwB,CAAC;QACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,4BAA4B,CAAC,EAAE,OAAO,CAAC;QACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,gBAAgB,CAAC,EAAE,OAAO,CAAC;KAC5B;YAuJa,0BAA0B;IAkElC,iBAAiB,CAAC,EACtB,cAAc,EACd,QAAoB,EACpB,eAAe,EACf,QAAQ,GACT,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAgBK,gBAAgB,CAAC,EACrB,cAAc,EACd,QAAoB,EACpB,eAAe,EACf,QAAQ,GACT,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAYK,SAAS,CAAC,EACd,cAAc,EACd,SAAS,EACT,QAAoB,EACpB,eAAe,EACf,QAAQ,GACT,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;;;IAgGK,gBAAgB,CAAC,EACrB,SAAS,EACT,SAAS,EACT,cAAc,GACf,EAAE;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,cAAc,EAAE,CAAC;QAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC;QACV,iBAAiB,EAAE,MAAM,GAAG,SAAS,CAAC;QACtC,YAAY,EAAE,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;KAChE,CAAC;IA2EI,eAAe,CAAC,EACpB,QAAQ,EACR,QAAQ,GACT,EAAE;QACD,QAAQ,EAAE,cAAc,CAAC;QACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAaD;;OAEG;IACG,kCAAkC,CAAC,EACvC,cAAc,GACf,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;KACxB,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAiC7B;;OAEG;IACG,gCAAgC,CAAC,EACrC,cAAc,EACd,eAAe,EACf,gBAA0B,GAC3B,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,EAAE,cAAc,EAAE,CAAC;QAClC,gBAAgB,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC;KAC1C,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBjB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACG,4BAA4B,CAAC,EACjC,cAAc,EACd,eAA2B,EAC3B,QAAoB,EACpB,eAAe,EACf,mBAA2B,EAC3B,iBAA6B,GAC9B,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,CAAC,EAAE,cAAc,EAAE,CAAC;QACnC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,iBAAiB,CAAC,EAAE,GAAG,CAAC;KACzB;IA2KK,qCAAqC,CAAC,EAC1C,cAAc,EACd,eAAe,EACf,QAAQ,EACR,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,CAAC,EAAE,cAAc,EAAE,CAAC;QACnC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB;IAkBK,cAAc,CAAC,EACnB,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,EAAE,MAAM,CAAC;KACzB;IAeK,eAAe,CAAC,EACpB,QAAQ,EACR,QAAQ,GACT,EAAE;QACD,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,cAAc,CAAC;IAa3B;;;;;OAKG;YACW,8BAA8B;IAmC5C;;;;;;;;;;;OAWG;IACH,eAAe,CAAC,EACd,wBAAwB,EACxB,wBAAwB,EACxB,eAAe,EACf,UAAsB,GACvB,EAAE;QACD,wBAAwB,EAAE,kBAAkB,CAAC;QAC7C,wBAAwB,EAAE,wBAAwB,CAAC;QACnD,eAAe,EAAE,eAAe,CAAC;QACjC,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GAAG;QACF,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAClD,kBAAkB,EAAE,MAAM,CAAC;KAC5B;IA+BK,8BAA8B,CAAC,EACnC,cAAc,EACd,QAAQ,EACR,eAAe,EACf,eAAe,EACf,UAAsB,EACtB,oBAA2B,EAC3B,QAAQ,GACT,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,eAAe,CAAC;QACjC,eAAe,EAAE,MAAM,CAAC;QACxB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAsEK,cAAc;IAQpB;;;;;;;;;;OAUG;IACG,4BAA4B,CAAC,EACjC,cAAc,EACd,QAAQ,EACR,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAsDrB;;;;;;;;;;;OAWG;YACW,4BAA4B;IAoDpC,4BAA4B,CAAC,EACjC,cAAc,EACd,QAAQ,EACR,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAkGvB,qBAAqB,CAAC,EAC1B,cAAc,EACd,QAAQ,EACR,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB;IA6BK,kBAAkB,CAAC,EACvB,cAAc,EACd,QAAQ,EACR,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB;IAYD;;;;;OAKG;YACW,iBAAiB;IA8D/B;;;;OAIG;IACG,cAAc,CAAC,EACnB,cAAc,EACd,QAAoB,EACpB,eAA8C,EAC9C,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,CAAC,EAAE,eAAe,CAAC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB;IAsDK,mBAAmB,CAAC,EACxB,cAAc,GACf,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;KACxB,GAAG,OAAO,CAAC,OAAO,CAAC;IAMpB;;OAEG;IACG,4BAA4B,CAAC,EACjC,cAAc,EACd,eAAiD,GAClD,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,CAAC,EAAE,eAAe,CAAC;KACnC,GAAG,OAAO,CAAC,OAAO,CAAC;IAYpB;;OAEG;IACG,uCAAuC,CAAC,EAC5C,cAAc,EACd,eAAiD,GAClD,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,CAAC,EAAE,eAAe,CAAC;KACnC,GAAG,OAAO,CAAC,OAAO,CAAC;IAgCd,iCAAiC,CAAC,EACtC,cAAc,GACf,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;KACxB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAiCzB,SAAS,CAAC,EACd,cAAc,EACd,eAA8C,EAC9C,UAAsB,EACtB,QAAoB,EACpB,eAAe,GAChB,EAAE;QACD,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,CAAC,EAAE,eAAe,CAAC;QAClC,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB;IAmGK,UAAU;IAgDhB;;;OAGG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM;CAOhC"}

package/src/services/encryption.d.ts CHANGED Viewed

@@ -2,12 +2,12 @@
 export declare const ALG_LABEL_RSA = "HYBRID-RSA-AES-256";
 /** Envelope returned for encrypted delegated key share */
 export type EncryptedDelegatedKeyShareEnvelope = {
-    algorithm: typeof ALG_LABEL_RSA;
+    alg: typeof ALG_LABEL_RSA;
     iv: string;
-    encryptedData: string;
-    authTag: string;
-    encryptedKey: string;
-    encodedEnvelopeBytes: string;
+    ct: string;
+    tag: string;
+    ek: string;
+    kid?: string;
 };
 /**
  * Encrypts data using HYBRID-RSA-AES-256 encryption scheme with Web Crypto API.
@@ -15,5 +15,5 @@ export type EncryptedDelegatedKeyShareEnvelope = {
  * 2. Encrypt AES key with RSA public key
  * 3. Encrypt data with AES-256-GCM
  */
-export declare const encryptDelegatedKeyShare: (data: string, publicKeyPem: string) => Promise<EncryptedDelegatedKeyShareEnvelope>;
+export declare const encryptDelegatedKeyShare: (data: string, publicKeyPem: string, keyId?: string) => Promise<EncryptedDelegatedKeyShareEnvelope>;
 //# sourceMappingURL=encryption.d.ts.map

package/src/services/encryption.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/services/encryption.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,eAAO,MAAM,aAAa,uBAAuB,CAAC;AAElD,0DAA0D;AAC1D,MAAM,MAAM,kCAAkC,GAAG;IAC/C,~~SAAS~~,EAAE,OAAO,aAAa,CAAC;~~IAChC~~,EAAE,EAAE,MAAM,CAAC;IACX,~~aAAa~~,EAAE,MAAM,CAAC;~~IACtB~~,~~OAAO~~,EAAE,MAAM,CAAC;~~IAChB~~,~~YAAY~~,EAAE,MAAM,CAAC;~~IACrB~~,~~oBAAoB~~,EAAE,MAAM,CAAC;~~CAC9B~~,CAAC;~~AAqEF~~;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,SAC7B,MAAM,gBACE,MAAM,~~KACnB~~,OAAO,CAAC,kCAAkC,~~CA+D5C~~,CAAC"}
1	+ {"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/services/encryption.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,eAAO,MAAM,aAAa,uBAAuB,CAAC;AAElD,0DAA0D;AAC1D,MAAM,MAAM,kCAAkC,GAAG;IAC/C,GAAG,EAAE,OAAO,aAAa,CAAC;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAiDF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,SAC7B,MAAM,gBACE,MAAM,UACZ,MAAM,KACb,OAAO,CAAC,kCAAkC,CA0D5C,CAAC"}