@dynamic-labs-wallet/browser 0.0.156 → 0.0.157

package/index.esm.js

@@ -2,13 +2,14 @@ import { SigningAlgorithm, MPC_RELAY_PROD_API_URL, getMPCChainConfig, AuthMode,
 export * from '@dynamic-labs-wallet/core';
 import { BIP340, ExportableEd25519, Ecdsa, MessageHash, EcdsaKeygenResult, ExportableEd25519KeygenResult, BIP340KeygenResult } from './internal/web';
 export { BIP340, BIP340InitKeygenResult, BIP340KeygenResult, Ecdsa, EcdsaInitKeygenResult, EcdsaKeygenResult, EcdsaPublicKey, EcdsaSignature, Ed25519, Ed25519InitKeygenResult, Ed25519KeygenResult, MessageHash } from './internal/web';
-import { v4 } from 'uuid';
 import { gte } from 'semver';
-import { LogLevel, Logger } from '@dynamic-labs/logger';
+import { v4 } from 'uuid';
+import { Logger, LogLevel } from '@dynamic-labs/logger';
 export { Logger } from '@dynamic-labs/logger';
-import { ProviderEnum } from '@dynamic-labs/sdk-api-core';
+import loadArgon2idWasm from 'argon2id';
 import { AxiosError } from 'axios';
 import createHttpError from 'http-errors';
+import { ProviderEnum } from '@dynamic-labs/sdk-api-core';
 
 function _extends() {
     _extends = Object.assign || function assign(target) {
@@ -42,65 +43,118 @@ const getMPCSigner = ({ chainName, baseRelayUrl })=>{
     return signatureScheme;
 };
 
-const DEFAULT_LOG_LEVEL = LogLevel.DEBUG; //todo: change back to info when done debugging
-const STORAGE_KEY = 'dynamic-waas-wallet-client';
-const CLIENT_KEYSHARE_EXPORT_FILENAME_PREFIX = 'dynamicWalletKeyShareBackup';
-const SIGNED_SESSION_ID_MIN_VERSION = '4.25.4';
-// Namespace-specific version requirements
-const SIGNED_SESSION_ID_MIN_VERSION_BY_NAMESPACE = {
-    WalletKit: '4.25.4',
-    ClientSDK: '0.1.0-alpha.0'
-};
+/**
+ * Encryption version identifiers
+ */ var EncryptionVersion = /*#__PURE__*/ function(EncryptionVersion) {
+    EncryptionVersion["V1_LEGACY"] = "v1";
+    EncryptionVersion["V2_PBKDF2"] = "v2";
+    EncryptionVersion["V3_ARGON2"] = "v3";
+    return EncryptionVersion;
+}({});
+/**
+ * Current default version for new encryptions
+ */ const ENCRYPTION_VERSION_CURRENT = "v3";
+/**
+ * Algorithm constants
+ */ const PBKDF2_ALGORITHM = 'PBKDF2';
+const HASH_ALGORITHM = 'SHA-256'; // Generic hash algorithm constant
+const ARGON2_ALGORITHM = 'Argon2id';
+const AES_GCM_ALGORITHM = 'AES-GCM';
+const AES_GCM_LENGTH = 256;
+/**
+ * Argon2 configuration constants, values were chosen based on RFC (https://www.rfc-editor.org/rfc/rfc9106.html#name-parameter-choice)
+ * taking into account that this runs in the client, possibly in smartphones with limited resources
+ */ const ARGON2_MEMORY_SIZE = 65536; // 64 MB in KiB
+const ARGON2_ITERATIONS = 3;
+const ARGON2_PARALLELISM = 2;
+const ARGON2_HASH_LENGTH = 32;
+/**
+ * PBKDF2 configuration constants
+ */ const PBKDF2_ITERATIONS_V1 = 100000;
+const PBKDF2_ITERATIONS_V2 = 1000000;
 
-const handleAxiosError = (error, message, context)=>{
-    var _error_response, _error_response1;
-    logger.debug("[DynamicWaasWalletClient] Axios error: " + message, {
-        error: (_error_response = error.response) == null ? void 0 : _error_response.status,
-        message: error.message,
-        context
+/**
+ * Derives a key using Argon2id algorithm
+ * @param params - Key derivation parameters
+ * @param encryptionConfig - Encryption configuration
+ * @returns Promise<CryptoKey>
+ */ const deriveArgon2Key = async ({ password, salt }, encryptionConfig)=>{
+    const argon2id = await loadArgon2idWasm();
+    const argon2Config = encryptionConfig;
+    const passwordBytes = new TextEncoder().encode(password);
+    const hash = argon2id({
+        password: passwordBytes,
+        salt: salt,
+        parallelism: argon2Config.parallelism || ARGON2_PARALLELISM,
+        passes: argon2Config.iterations,
+        memorySize: argon2Config.memorySize || ARGON2_MEMORY_SIZE,
+        tagLength: argon2Config.hashLength || ARGON2_HASH_LENGTH
     });
-    switch((_error_response1 = error.response) == null ? void 0 : _error_response1.status){
-        case 400:
-            throw createHttpError(400, 'Invalid request');
-        case 401:
-            throw createHttpError(401, 'Authorization header or cookie is required');
-        case 403:
-            throw createHttpError(403, 'Forbidden');
-        case 422:
-            throw createHttpError(422, 'Unprocessable content');
-        case 500:
-            throw createHttpError(500, 'Internal server error');
-        default:
-            throw createHttpError(500, 'Internal server error');
-    }
+    return crypto.subtle.importKey('raw', new Uint8Array(hash), {
+        name: encryptionConfig.algorithm,
+        length: encryptionConfig.algorithmLength
+    }, false, [
+        'encrypt',
+        'decrypt'
+    ]);
 };
 
-const logger = new Logger('DynamicWaasWalletClient', LogLevel.DEBUG);
-const setLoggerContext = ({ environmentId, authMode = AuthMode.HEADER, sessionId = undefined, userId = undefined })=>{
-    try {
-        Logger.setEnvironmentId(environmentId);
-        Logger.globalMetaData.set('sid', sessionId);
-        Logger.globalMetaData.set('user_id', userId);
-        Logger.globalMetaData.set('auth_mode', authMode);
-    } catch (error) {
-        logError({
-            message: '[DynamicWaasWalletClient] Error setting logger context',
-            error: error,
-            context: {}
-        });
+/**
+ * Encryption configuration for each version
+ */ const ENCRYPTION_VERSIONS = {
+    [EncryptionVersion.V1_LEGACY]: {
+        version: EncryptionVersion.V1_LEGACY,
+        algorithm: AES_GCM_ALGORITHM,
+        keyDerivation: PBKDF2_ALGORITHM,
+        iterations: PBKDF2_ITERATIONS_V1,
+        hashAlgorithm: HASH_ALGORITHM,
+        algorithmLength: AES_GCM_LENGTH
+    },
+    [EncryptionVersion.V2_PBKDF2]: {
+        version: EncryptionVersion.V2_PBKDF2,
+        algorithm: AES_GCM_ALGORITHM,
+        keyDerivation: PBKDF2_ALGORITHM,
+        iterations: PBKDF2_ITERATIONS_V2,
+        hashAlgorithm: HASH_ALGORITHM,
+        algorithmLength: AES_GCM_LENGTH
+    },
+    [EncryptionVersion.V3_ARGON2]: {
+        version: EncryptionVersion.V3_ARGON2,
+        algorithm: AES_GCM_ALGORITHM,
+        keyDerivation: ARGON2_ALGORITHM,
+        iterations: ARGON2_ITERATIONS,
+        hashAlgorithm: ARGON2_ALGORITHM,
+        algorithmLength: AES_GCM_LENGTH,
+        memorySize: ARGON2_MEMORY_SIZE,
+        parallelism: ARGON2_PARALLELISM,
+        hashLength: ARGON2_HASH_LENGTH
     }
 };
-const logError = ({ message, error, context })=>{
-    if (error instanceof AxiosError) {
-        handleAxiosError(error, message, context);
+/**
+ * Helper function to get encryption configuration by version string
+ * @param version - The version string (e.g., 'v1', 'v2', 'v3')
+ * @returns The encryption configuration for the specified version
+ */ const getEncryptionConfig = (version)=>{
+    // If no version specified, use legacy for backward compatibility
+    if (!version) {
+        return ENCRYPTION_VERSIONS[EncryptionVersion.V1_LEGACY];
+    }
+    const config = ENCRYPTION_VERSIONS[version];
+    if (!config) {
+        throw new Error(`Unsupported encryption version: ${version}`);
     }
-    logger.error(message, {
-        error: error instanceof Error ? error.message : 'Unknown error',
-        context
-    });
+    return config;
+};
+/**
+ * Check if a configuration uses Argon2
+ */ const isArgon2Config = (config)=>{
+    return config.keyDerivation === ARGON2_ALGORITHM;
 };
 
-const bytesToBase64 = (arr)=>{
+/**
+ * Utility functions for encryption operations
+ * These functions are separated to avoid circular dependencies
+ */ const bytesToBase64 = (arr)=>{
     return btoa(Array.from(arr, (b)=>String.fromCharCode(b)).join(''));
 };
 const stringToBytes = (str)=>{
@@ -113,168 +167,13 @@ const base64ToBytes = (base64)=>{
 const ensureBase64Padding = (str)=>{
     return str.padEnd(Math.ceil(str.length / 4) * 4, '=');
 };
-const isBrowser = ()=>typeof window !== 'undefined';
-const getClientKeyShareExportFileName = ({ thresholdSignatureScheme, accountAddress })=>{
-    return `${CLIENT_KEYSHARE_EXPORT_FILENAME_PREFIX}-${thresholdSignatureScheme}-${accountAddress}.json`;
-};
-const getClientKeyShareBackupInfo = (params)=>{
-    var _params_walletProperties, _params_walletProperties_keyShares_;
-    const backups = {
-        [BackupLocation.DYNAMIC]: [],
-        [BackupLocation.GOOGLE_DRIVE]: [],
-        [BackupLocation.ICLOUD]: [],
-        [BackupLocation.USER]: [],
-        [BackupLocation.EXTERNAL]: []
-    };
-    if (!(params == null ? void 0 : (_params_walletProperties = params.walletProperties) == null ? void 0 : _params_walletProperties.keyShares)) {
-        return {
-            backups,
-            passwordEncrypted: false
-        };
-    }
-    params.walletProperties.keyShares.forEach((keyShare)=>{
-        if (backups[keyShare.backupLocation]) {
-            backups[keyShare.backupLocation].push({
-                location: keyShare.backupLocation,
-                keyShareId: keyShare.id,
-                externalKeyShareId: keyShare == null ? void 0 : keyShare.externalKeyShareId
-            });
-        }
-    });
-    const passwordEncrypted = Boolean((_params_walletProperties_keyShares_ = params.walletProperties.keyShares[0]) == null ? void 0 : _params_walletProperties_keyShares_.passwordEncrypted);
-    return {
-        backups,
-        passwordEncrypted
-    };
-};
-/**
- * Helper function to merge keyshares and remove duplicates based on pubkey and secretShare
- * @param existingKeyShares - Array of existing keyshares
- * @param newKeyShares - Array of new keyshares to merge
- * @returns Array of merged unique keyshares
- */ const mergeUniqueKeyShares = (existingKeyShares, newKeyShares)=>{
-    const uniqueKeyShares = newKeyShares.filter((newShare)=>!existingKeyShares.some((existingShare)=>{
-            if (!(newShare == null ? void 0 : newShare.pubkey) || !(existingShare == null ? void 0 : existingShare.pubkey)) return false;
-            return newShare.pubkey.toString() === existingShare.pubkey.toString() && newShare.secretShare === existingShare.secretShare;
-        }));
-    return [
-        ...existingKeyShares,
-        ...uniqueKeyShares
-    ];
-};
-const timeoutPromise = ({ timeInMs, activity = 'Ceremony' })=>{
-    return new Promise((_, reject)=>setTimeout(()=>reject(new Error(`${activity} did not complete in ${timeInMs}ms`)), timeInMs));
-};
-/**
- * Generic helper function to retry a promise-based operations
- *
- * @param operation - The async operation to retry
- * @param config - Configuration options for retry behavior
- * @returns Promise with the operation result
- * @throws Last error encountered after all retries are exhausted
- */ async function retryPromise(operation, { maxAttempts = 5, retryInterval = 500, operationName = 'operation', logContext = {} } = {}) {
-    let attempts = 0;
-    while(attempts < maxAttempts){
-        try {
-            return await operation();
-        } catch (error) {
-            attempts++;
-            if (attempts === maxAttempts) {
-                logger.error(`Failed to execute ${operationName} after ${maxAttempts} attempts`, _extends({}, logContext, {
-                    error: error instanceof Error ? error.message : 'Unknown error'
-                }));
-                throw error;
-            }
-            // Calculate exponential backoff delay
-            const exponentialDelay = retryInterval * 2 ** (attempts - 1);
-            await new Promise((resolve)=>setTimeout(resolve, exponentialDelay));
-        }
-    }
-    // TypeScript needs this even though it's unreachable
-    throw new Error('Unreachable code');
-}
-const formatEvmMessage = (message)=>{
-    if (typeof message === 'string' && message.startsWith('0x')) {
-        const serializedTxBytes = Uint8Array.from(Buffer.from(message.slice(2), 'hex'));
-        return MessageHash.keccak256(serializedTxBytes);
-    }
-    return MessageHash.keccak256(message);
-};
-const isHexString = (str)=>{
-    // Remove 0x prefix if present
-    const hex = str.startsWith('0x') ? str.slice(2) : str;
-    // Check if string contains only hex characters
-    return /^[0-9A-Fa-f]+$/.test(hex);
-};
-const formatSolanaMessage = (message)=>{
-    if (typeof message === 'string') {
-        if (!isHexString(message)) {
-            return Buffer.from(message).toString('hex');
-        } else {
-            return new Uint8Array(Buffer.from(message, 'hex'));
-        }
-    } else {
-        return message;
-    }
-};
-const formatMessage = (chainName, message)=>{
-    switch(chainName){
-        case 'EVM':
-            return formatEvmMessage(message);
-        case 'SVM':
-            return formatSolanaMessage(message);
-        case 'SUI':
-            return message;
-        default:
-            throw new Error('Unsupported chain name');
-    }
-};
-const getGoogleOAuthAccountId = (verifiedCredentials)=>{
-    const googleVerifiedCredential = verifiedCredentials == null ? void 0 : verifiedCredentials.find((credential)=>credential.oauthProvider === ProviderEnum.Google);
-    return googleVerifiedCredential == null ? void 0 : googleVerifiedCredential.id;
-};
-const createBackupData = ({ encryptedKeyShares, accountAddress, thresholdSignatureScheme, hasPassword = true })=>{
-    return {
-        keyShares: encryptedKeyShares,
-        metadata: {
-            createdAt: new Date().toISOString(),
-            accountAddress,
-            thresholdSignatureScheme,
-            hasPassword,
-            encryption: getEncryptionMetadataForVersion(ENCRYPTION_VERSION_CURRENT),
-            encryptionVersion: ENCRYPTION_VERSION_CURRENT,
-            shareCount: encryptedKeyShares.length
-        }
-    };
-};
 
-const ENCRYPTION_VERSION_LEGACY = 'v1';
-const ENCRYPTION_VERSION_CURRENT = 'v2';
-const PBKDF2_ALGORITHM = 'PBKDF2';
-const PBKDF2_HASH_ALGORITHM = 'SHA-256';
-const AES_GCM_ALGORITHM = 'AES-GCM';
-const AES_GCM_LENGTH = 256;
-const ENCRYPTION_VERSIONS = {
-    [ENCRYPTION_VERSION_LEGACY]: {
-        version: ENCRYPTION_VERSION_LEGACY,
-        algorithm: AES_GCM_ALGORITHM,
-        keyDerivation: PBKDF2_ALGORITHM,
-        iterations: 100000,
-        hashAlgorithm: PBKDF2_HASH_ALGORITHM,
-        algorithmLength: AES_GCM_LENGTH
-    },
-    [ENCRYPTION_VERSION_CURRENT]: {
-        version: ENCRYPTION_VERSION_CURRENT,
-        algorithm: AES_GCM_ALGORITHM,
-        keyDerivation: PBKDF2_ALGORITHM,
-        iterations: 1000000,
-        hashAlgorithm: PBKDF2_HASH_ALGORITHM,
-        algorithmLength: AES_GCM_LENGTH
-    }
-};
-ENCRYPTION_VERSIONS[ENCRYPTION_VERSION_CURRENT].iterations;
-ENCRYPTION_VERSIONS[ENCRYPTION_VERSION_LEGACY].iterations;
-const getKey = async ({ password, salt, encryptionConfig })=>{
+/**
+ * Derives a key using PBKDF2 algorithm
+ * @param params - Key derivation parameters
+ * @param encryptionConfig - Encryption configuration
+ * @returns Promise<CryptoKey>
+ */ const derivePBKDF2Key = async ({ password, salt }, encryptionConfig)=>{
     const passwordBytes = stringToBytes(password);
     const initialKey = await crypto.subtle.importKey('raw', passwordBytes, {
         name: 'PBKDF2'
@@ -294,23 +193,30 @@ const getKey = async ({ password, salt, encryptionConfig })=>{
         'decrypt'
     ]);
 };
+
+/**
+ * Get the appropriate key derivation function based on the encryption config
+ */ const getKey = async (params, encryptionConfig)=>{
+    // Use Argon2 for v3, PBKDF2 for v1 and v2
+    if (encryptionConfig.keyDerivation === ARGON2_ALGORITHM) {
+        return deriveArgon2Key(params, encryptionConfig);
+    } else {
+        return derivePBKDF2Key(params, encryptionConfig);
+    }
+};
 /**
  * Encrypts data using the specified encryption version.
  * Always uses the latest encryption configuration for new encryptions by default.
  */ const encryptData = async ({ data, password, version = ENCRYPTION_VERSION_CURRENT })=>{
-    const encryptionConfig = ENCRYPTION_VERSIONS[version];
-    if (!encryptionConfig) {
-        throw new Error(`Unsupported encryption version: ${version}`);
-    }
+    const encryptionConfig = getEncryptionConfig(version);
     try {
         // Generate a random salt and IV
         const salt = crypto.getRandomValues(new Uint8Array(16));
         const iv = crypto.getRandomValues(new Uint8Array(12)); // AES-GCM requires 12 bytes
         const key = await getKey({
             password,
-            salt,
-            encryptionConfig
-        });
+            salt
+        }, encryptionConfig);
         // Convert the input string to bytes
         const dataBytes = new TextEncoder().encode(data);
         // Encrypt the data
@@ -342,20 +248,13 @@ const getKey = async ({ password, salt, encryptionConfig })=>{
     const saltBytes = base64ToBytes(paddedSalt);
     const ivBytes = base64ToBytes(paddedIv);
     const cipherBytes = base64ToBytes(paddedCipher);
-    let encryptionConfig;
-    // Use version-based configuration if available, otherwise fallback to legacy
-    if (version && ENCRYPTION_VERSIONS[version]) {
-        encryptionConfig = ENCRYPTION_VERSIONS[version];
-    } else {
-        // Fallback to legacy version for backward compatibility
-        encryptionConfig = ENCRYPTION_VERSIONS[ENCRYPTION_VERSION_LEGACY];
-    }
+    // Determine which encryption configuration to use
+    const encryptionConfig = getEncryptionConfig(version);
     try {
         const key = await getKey({
             password,
-            salt: saltBytes,
-            encryptionConfig
-        });
+            salt: saltBytes
+        }, encryptionConfig);
         const decryptedData = await crypto.subtle.decrypt({
             name: AES_GCM_ALGORITHM,
             iv: ivBytes
@@ -369,17 +268,21 @@ const getKey = async ({ password, salt, encryptionConfig })=>{
  * Gets encryption metadata for a specific version.
  * Used when we need to include metadata in legacy systems or APIs that require it.
  */ const getEncryptionMetadataForVersion = (version)=>{
-    const encryptionConfig = ENCRYPTION_VERSIONS[version];
-    if (!encryptionConfig) {
-        throw new Error(`Unsupported encryption version: ${version}`);
-    }
-    return {
+    const encryptionConfig = getEncryptionConfig(version);
+    const metadata = {
         algorithm: encryptionConfig.algorithm,
         keyDerivation: encryptionConfig.keyDerivation,
         iterations: encryptionConfig.iterations,
         hashAlgorithm: encryptionConfig.hashAlgorithm,
         algorithmLength: encryptionConfig.algorithmLength
     };
+    // Add Argon2-specific metadata if applicable
+    if (isArgon2Config(encryptionConfig)) {
+        metadata.memorySize = encryptionConfig.memorySize;
+        metadata.parallelism = encryptionConfig.parallelism;
+        metadata.hashLength = encryptionConfig.hashLength;
+    }
+    return metadata;
 };
 
 const GOOGLE_DRIVE_UPLOAD_API = 'https://www.googleapis.com';
@@ -478,6 +381,199 @@ const downloadFileFromGoogleDrive = async ({ accessToken, fileName })=>{
     }
 };
 
+const handleAxiosError = (error, message, context)=>{
+    var _error_response, _error_response1;
+    logger.debug("[DynamicWaasWalletClient] Axios error: " + message, {
+        error: (_error_response = error.response) == null ? void 0 : _error_response.status,
+        message: error.message,
+        context
+    });
+    switch((_error_response1 = error.response) == null ? void 0 : _error_response1.status){
+        case 400:
+            throw createHttpError(400, 'Invalid request');
+        case 401:
+            throw createHttpError(401, 'Authorization header or cookie is required');
+        case 403:
+            throw createHttpError(403, 'Forbidden');
+        case 422:
+            throw createHttpError(422, 'Unprocessable content');
+        case 500:
+            throw createHttpError(500, 'Internal server error');
+        default:
+            throw createHttpError(500, 'Internal server error');
+    }
+};
+
+const logger = new Logger('DynamicWaasWalletClient', LogLevel.DEBUG);
+const setLoggerContext = ({ environmentId, authMode = AuthMode.HEADER, sessionId = undefined, userId = undefined })=>{
+    try {
+        Logger.setEnvironmentId(environmentId);
+        Logger.globalMetaData.set('sid', sessionId);
+        Logger.globalMetaData.set('user_id', userId);
+        Logger.globalMetaData.set('auth_mode', authMode);
+    } catch (error) {
+        logError({
+            message: '[DynamicWaasWalletClient] Error setting logger context',
+            error: error,
+            context: {}
+        });
+    }
+};
+const logError = ({ message, error, context })=>{
+    if (error instanceof AxiosError) {
+        handleAxiosError(error, message, context);
+    }
+    logger.error(message, {
+        error: error instanceof Error ? error.message : 'Unknown error',
+        context
+    });
+};
+
+const DEFAULT_LOG_LEVEL = LogLevel.DEBUG; //todo: change back to info when done debugging
+const STORAGE_KEY = 'dynamic-waas-wallet-client';
+const CLIENT_KEYSHARE_EXPORT_FILENAME_PREFIX = 'dynamicWalletKeyShareBackup';
+const SIGNED_SESSION_ID_MIN_VERSION = '4.25.4';
+// Namespace-specific version requirements
+const SIGNED_SESSION_ID_MIN_VERSION_BY_NAMESPACE = {
+    WalletKit: '4.25.4',
+    ClientSDK: '0.1.0-alpha.0'
+};
+
+const isBrowser = ()=>typeof window !== 'undefined';
+const getClientKeyShareExportFileName = ({ thresholdSignatureScheme, accountAddress })=>{
+    return `${CLIENT_KEYSHARE_EXPORT_FILENAME_PREFIX}-${thresholdSignatureScheme}-${accountAddress}.json`;
+};
+const getClientKeyShareBackupInfo = (params)=>{
+    var _params_walletProperties, _params_walletProperties_keyShares_;
+    const backups = {
+        [BackupLocation.DYNAMIC]: [],
+        [BackupLocation.GOOGLE_DRIVE]: [],
+        [BackupLocation.ICLOUD]: [],
+        [BackupLocation.USER]: [],
+        [BackupLocation.EXTERNAL]: []
+    };
+    if (!(params == null ? void 0 : (_params_walletProperties = params.walletProperties) == null ? void 0 : _params_walletProperties.keyShares)) {
+        return {
+            backups,
+            passwordEncrypted: false
+        };
+    }
+    params.walletProperties.keyShares.forEach((keyShare)=>{
+        if (backups[keyShare.backupLocation]) {
+            backups[keyShare.backupLocation].push({
+                location: keyShare.backupLocation,
+                keyShareId: keyShare.id,
+                externalKeyShareId: keyShare == null ? void 0 : keyShare.externalKeyShareId
+            });
+        }
+    });
+    const passwordEncrypted = Boolean((_params_walletProperties_keyShares_ = params.walletProperties.keyShares[0]) == null ? void 0 : _params_walletProperties_keyShares_.passwordEncrypted);
+    return {
+        backups,
+        passwordEncrypted
+    };
+};
+/**
+ * Helper function to merge keyshares and remove duplicates based on pubkey and secretShare
+ * @param existingKeyShares - Array of existing keyshares
+ * @param newKeyShares - Array of new keyshares to merge
+ * @returns Array of merged unique keyshares
+ */ const mergeUniqueKeyShares = (existingKeyShares, newKeyShares)=>{
+    const uniqueKeyShares = newKeyShares.filter((newShare)=>!existingKeyShares.some((existingShare)=>{
+            if (!(newShare == null ? void 0 : newShare.pubkey) || !(existingShare == null ? void 0 : existingShare.pubkey)) return false;
+            return newShare.pubkey.toString() === existingShare.pubkey.toString() && newShare.secretShare === existingShare.secretShare;
+        }));
+    return [
+        ...existingKeyShares,
+        ...uniqueKeyShares
+    ];
+};
+const timeoutPromise = ({ timeInMs, activity = 'Ceremony' })=>{
+    return new Promise((_, reject)=>setTimeout(()=>reject(new Error(`${activity} did not complete in ${timeInMs}ms`)), timeInMs));
+};
+/**
+ * Generic helper function to retry a promise-based operations
+ *
+ * @param operation - The async operation to retry
+ * @param config - Configuration options for retry behavior
+ * @returns Promise with the operation result
+ * @throws Last error encountered after all retries are exhausted
+ */ async function retryPromise(operation, { maxAttempts = 5, retryInterval = 500, operationName = 'operation', logContext = {} } = {}) {
+    let attempts = 0;
+    while(attempts < maxAttempts){
+        try {
+            return await operation();
+        } catch (error) {
+            attempts++;
+            if (attempts === maxAttempts) {
+                logger.error(`Failed to execute ${operationName} after ${maxAttempts} attempts`, _extends({}, logContext, {
+                    error: error instanceof Error ? error.message : 'Unknown error'
+                }));
+                throw error;
+            }
+            // Calculate exponential backoff delay
+            const exponentialDelay = retryInterval * 2 ** (attempts - 1);
+            await new Promise((resolve)=>setTimeout(resolve, exponentialDelay));
+        }
+    }
+    // TypeScript needs this even though it's unreachable
+    throw new Error('Unreachable code');
+}
+const formatEvmMessage = (message)=>{
+    if (typeof message === 'string' && message.startsWith('0x')) {
+        const serializedTxBytes = Uint8Array.from(Buffer.from(message.slice(2), 'hex'));
+        return MessageHash.keccak256(serializedTxBytes);
+    }
+    return MessageHash.keccak256(message);
+};
+const isHexString = (str)=>{
+    // Remove 0x prefix if present
+    const hex = str.startsWith('0x') ? str.slice(2) : str;
+    // Check if string contains only hex characters
+    return /^[0-9A-Fa-f]+$/.test(hex);
+};
+const formatSolanaMessage = (message)=>{
+    if (typeof message === 'string') {
+        if (!isHexString(message)) {
+            return Buffer.from(message).toString('hex');
+        } else {
+            return new Uint8Array(Buffer.from(message, 'hex'));
+        }
+    } else {
+        return message;
+    }
+};
+const formatMessage = (chainName, message)=>{
+    switch(chainName){
+        case 'EVM':
+            return formatEvmMessage(message);
+        case 'SVM':
+            return formatSolanaMessage(message);
+        case 'SUI':
+            return message;
+        default:
+            throw new Error('Unsupported chain name');
+    }
+};
+const getGoogleOAuthAccountId = (verifiedCredentials)=>{
+    const googleVerifiedCredential = verifiedCredentials == null ? void 0 : verifiedCredentials.find((credential)=>credential.oauthProvider === ProviderEnum.Google);
+    return googleVerifiedCredential == null ? void 0 : googleVerifiedCredential.id;
+};
+const createBackupData = ({ encryptedKeyShares, accountAddress, thresholdSignatureScheme, hasPassword = true })=>{
+    return {
+        keyShares: encryptedKeyShares,
+        metadata: {
+            createdAt: new Date().toISOString(),
+            accountAddress,
+            thresholdSignatureScheme,
+            hasPassword,
+            encryption: getEncryptionMetadataForVersion(ENCRYPTION_VERSION_CURRENT),
+            encryptionVersion: ENCRYPTION_VERSION_CURRENT,
+            shareCount: encryptedKeyShares.length
+        }
+    };
+};
+
 /**
  * Uploads a backup to Google Drive App
  * @param accessToken - The access token for the Google Drive API
@@ -2394,4 +2490,4 @@ const ERROR_VERIFY_TRANSACTION_SIGNATURE = '[DynamicWaasWalletClient]: Error ver
 const ERROR_EXPORT_PRIVATE_KEY = '[DynamicWaasWalletClient]: Error exporting private key';
 const ERROR_IMPORT_PRIVATE_KEY = '[DynamicWaasWalletClient]: Error importing private key';
 
-export { DynamicWalletClient, ERROR_ACCOUNT_ADDRESS_REQUIRED, ERROR_CREATE_WALLET_ACCOUNT, ERROR_EXPORT_PRIVATE_KEY, ERROR_IMPORT_PRIVATE_KEY, ERROR_KEYGEN_FAILED, ERROR_SIGN_MESSAGE, ERROR_SIGN_TYPED_DATA, ERROR_VERIFY_MESSAGE_SIGNATURE, ERROR_VERIFY_TRANSACTION_SIGNATURE, base64ToBytes, bytesToBase64, createBackupData, ensureBase64Padding, formatEvmMessage, formatMessage, getClientKeyShareBackupInfo, getClientKeyShareExportFileName, getGoogleOAuthAccountId, getMPCSignatureScheme, getMPCSigner, isBrowser, isHexString, mergeUniqueKeyShares, retryPromise, stringToBytes, timeoutPromise };
+export { DynamicWalletClient, ERROR_ACCOUNT_ADDRESS_REQUIRED, ERROR_CREATE_WALLET_ACCOUNT, ERROR_EXPORT_PRIVATE_KEY, ERROR_IMPORT_PRIVATE_KEY, ERROR_KEYGEN_FAILED, ERROR_SIGN_MESSAGE, ERROR_SIGN_TYPED_DATA, ERROR_VERIFY_MESSAGE_SIGNATURE, ERROR_VERIFY_TRANSACTION_SIGNATURE, createBackupData, formatEvmMessage, formatMessage, getClientKeyShareBackupInfo, getClientKeyShareExportFileName, getGoogleOAuthAccountId, getMPCSignatureScheme, getMPCSigner, isBrowser, isHexString, mergeUniqueKeyShares, retryPromise, timeoutPromise };

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "@dynamic-labs-wallet/browser",
-  "version": "0.0.156",
+  "version": "0.0.157",
   "license": "Licensed under the Dynamic Labs, Inc. Terms Of Service (https://www.dynamic.xyz/terms-conditions)",
   "type": "commonjs",
   "dependencies": {
-    "@dynamic-labs-wallet/core": "0.0.156",
+    "@dynamic-labs-wallet/core": "0.0.157",
     "@dynamic-labs/logger": "^4.25.3",
     "@dynamic-labs/sdk-api-core": "^0.0.764",
+    "argon2id": "1.0.1",
     "axios": "1.9.0",
     "http-errors": "2.0.0",
     "semver": "^7.6.3",
@@ -38,6 +39,9 @@
     }
   },
   "devDependencies": {
+    "@rollup/plugin-commonjs": "^28.0.6",
+    "@rollup/plugin-node-resolve": "^16.0.1",
+    "@rollup/plugin-wasm": "^6.2.2",
     "@types/http-errors": "^2.0.0",
     "@types/semver": "^7.5.8"
   }