@dynamic-labs-wallet/browser 0.0.319 → 0.0.320

package/src/client.d.ts

@@ -1,770 +0,0 @@
-import { EcdsaSignature, MessageHash, type EcdsaPublicKey } from '#internal/web';
-import { AuthMode, BackupLocation, DynamicApiClient, ThresholdSignatureScheme, WalletOperation, type BackupLocationWithExternalKeyShareId, type BitcoinConfig, type DynamicWalletClientProps, type FeatureFlags, type GetWalletResponse, type ILogger, type InitializeResult, type KeyShareBackupInfo, type SecureStorageAdapter, type TraceContext, type WalletRecoveryState } from '@dynamic-labs-wallet/core';
-import { RoomTypeEnum, type SignMessageContext } from '@dynamic-labs/sdk-api-core';
-import type { ClientInitKeygenResult, ClientKeyShare } from './mpc/types.js';
-import { type SupportedStorage } from './services/localStorage.js';
-import { type Room, type ShareDistribution, type WalletProperties } from './types.js';
-type MessageToSign = string | Uint8Array | MessageHash;
-/**
- * Internal options for DynamicWalletClient constructor.
- * This is NOT part of the public API.
- */
-export interface DynamicWalletClientInternalOptions {
-    secureStorage?: SecureStorageAdapter;
-}
-export declare class DynamicWalletClient {
-    environmentId: string;
-    storageKey: string;
-    debug: boolean;
-    protected userId: string | undefined;
-    protected sessionId: string | undefined;
-    protected initializePromise: Promise<InitializeResult> | null;
-    protected logger: ILogger;
-    protected apiClient: DynamicApiClient;
-    protected walletMap: Record<string, WalletProperties>;
-    protected storage: SupportedStorage;
-    protected memoryStorage: {
-        [key: string]: string;
-    } | null;
-    protected baseMPCRelayApiUrl?: string;
-    protected iframe: HTMLIFrameElement | null;
-    protected forwardMPCEnabled: boolean;
-    readonly instanceId: string;
-    readonly iframeDomain: string;
-    readonly featureFlags: FeatureFlags;
-    protected authMode: AuthMode;
-    protected sdkVersion?: string;
-    protected baseClientKeysharesRelayApiUrl?: string;
-    protected static rooms: Record<number, Room[]>;
-    protected static roomsInitializing: Record<number, boolean>;
-    private static roomsPersistChain;
-    /**
-     * Internal secure storage adapter for mobile TEE-backed storage.
-     * When set, all key share operations use this instead of localStorage.
-     * This is NOT part of the public API.
-     */
-    private readonly secureStorage?;
-    constructor({ environmentId, baseApiUrl, baseMPCRelayApiUrl, storageKey, debug, featureFlags, authMode, authToken, backupServiceAuthToken, sdkVersion, forwardMPCClient, baseClientKeysharesRelayApiUrl, iCloudConfig, logger, }: DynamicWalletClientProps, internalOptions?: DynamicWalletClientInternalOptions);
-    /**
-     * Check if wallet has heavy operations in progress
-     */
-    static isHeavyOpInProgress(accountAddress: string): boolean;
-    /**
-     * Check if wallet has operations in any queue (heavy or sign)
-     */
-    static isWalletBusy(accountAddress: string): boolean;
-    /**
-     * Check if recovery is in progress for a wallet
-     */
-    static isRecoveryInProgress(accountAddress: string): boolean;
-    /**
-     * Reset static state for testing purposes.
-     * This clears all wallet queues and in-flight recovery tracking.
-     * @internal For testing only
-     */
-    static resetStaticState(): void;
-    /**
-     * Get wallet properties from the wallet map using normalized address.
-     * Normalizes the address to lowercase for consistent lookups regardless of input casing.
-     */
-    protected getWalletFromMap(accountAddress: string): WalletProperties | undefined;
-    /**
-     * Get wallet properties from the map, refetching once if not found.
-     * Uses getWallet (with NO_OPERATION) when signedSessionId is available for a
-     * more robust fetch, otherwise falls back to getWallets().
-     */
-    protected requireWalletFromMap(accountAddress: string, signedSessionId?: string): Promise<WalletProperties>;
-    /**
-     * Update wallet properties in the wallet map using normalized address.
-     * Normalizes the address to lowercase for consistent storage regardless of input casing.
-     */
-    protected updateWalletMap(accountAddress: string, updates: Partial<WalletProperties>): void;
-    getAuthMode(): AuthMode;
-    /**
-     * Get environment settings from the API client.
-     * Used to retrieve configuration like iCloud settings.
-     */
-    getEnvironmentSettings(): Promise<any>;
-    /**
-     * Check if the SDK version meets the requirement for signed session ID
-     * Uses namespace-specific version requirements when available
-     * @returns boolean indicating if requireSignedSessionId should be set to true
-     */
-    private requiresSignedSessionId;
-    initLoggerContext(authToken: string): Promise<void>;
-    initialize(traceContext?: TraceContext): Promise<InitializeResult>;
-    /**
-     * Client initialization logic
-     */
-    protected _initialize(traceContext?: TraceContext): Promise<InitializeResult>;
-    serverInitializeKeyGen({ chainName, clientKeygenIds, dynamicRequestId, thresholdSignatureScheme, bitcoinConfig, onError, onCeremonyComplete, }: {
-        chainName: string;
-        clientKeygenIds: string[];
-        dynamicRequestId: string;
-        thresholdSignatureScheme: ThresholdSignatureScheme;
-        bitcoinConfig?: BitcoinConfig;
-        onError?: (error: Error) => void;
-        onCeremonyComplete?: (accountAddress: string, walletId: string) => void;
-    }): Promise<import("@dynamic-labs-wallet/core").KeygenCompleteResponse>;
-    clientInitializeKeyGen({ chainName, thresholdSignatureScheme, bitcoinConfig, }: {
-        chainName: string;
-        thresholdSignatureScheme: ThresholdSignatureScheme;
-        bitcoinConfig?: BitcoinConfig;
-    }): Promise<ClientInitKeygenResult[]>;
-    derivePublicKey({ chainName, keyShare, derivationPath, bitcoinConfig, }: {
-        chainName: string;
-        keyShare: ClientKeyShare;
-        derivationPath: Uint32Array | undefined;
-        bitcoinConfig?: BitcoinConfig;
-    }): Promise<EcdsaPublicKey | Uint8Array | string | undefined>;
-    /**
-     * Drop-in replacement for clientKeygen that routes to forwardMPC keygen or receiveKey as appropriate,
-     * using identical params and matching clientKeygen toggling logic based on the chain.
-     * Returns both the raw public key and the array of new client key shares.
-     *
-     * @param chainName The blockchain chain name (e.g., EVM, SVM).
-     * @param roomId The keygen "room" identifier (usually created by the server).
-     * @param serverKeygenIds The keygen IDs from server parties.
-     * @param clientKeygenInitResults The array of initial keygen values from the MPC library.
-     * @param thresholdSignatureScheme The signature threshold scheme to use for keygen.
-     * @param bitcoinConfig Optional config for bitcoin keygen.
-     * @param dynamicRequestId Used for tracing/logging.
-     * @param traceContext Additional tracing context.
-     * @returns An object containing the derived rawPublicKey and all clientKeygenResults.
-     */
-    forwardMPCClientKeygen({ chainName, roomId, serverKeygenIds, clientKeygenInitResults, thresholdSignatureScheme, bitcoinConfig, dynamicRequestId, traceContext, }: {
-        chainName: string;
-        roomId: string;
-        serverKeygenIds: string[];
-        clientKeygenInitResults: ClientInitKeygenResult[];
-        thresholdSignatureScheme: ThresholdSignatureScheme;
-        bitcoinConfig?: BitcoinConfig;
-        dynamicRequestId?: string;
-        traceContext?: TraceContext;
-    }): Promise<{
-        rawPublicKey: EcdsaPublicKey | Uint8Array | string | undefined;
-        clientKeygenResults: ClientKeyShare[];
-    }>;
-    clientKeyGen({ chainName, roomId, serverKeygenIds, clientKeygenInitResults, thresholdSignatureScheme, bitcoinConfig, dynamicRequestId, traceContext, }: {
-        chainName: string;
-        roomId: string;
-        serverKeygenIds: string[];
-        clientKeygenInitResults: ClientInitKeygenResult[];
-        thresholdSignatureScheme: ThresholdSignatureScheme;
-        bitcoinConfig?: BitcoinConfig;
-        dynamicRequestId?: string;
-        traceContext?: TraceContext;
-    }): Promise<{
-        rawPublicKey: EcdsaPublicKey | Uint8Array | string | undefined;
-        clientKeygenResults: ClientKeyShare[];
-    }>;
-    keyGen({ chainName, thresholdSignatureScheme, bitcoinConfig, onError, onCeremonyComplete, traceContext, password, signedSessionId, }: {
-        chainName: string;
-        thresholdSignatureScheme: ThresholdSignatureScheme;
-        bitcoinConfig?: BitcoinConfig;
-        onError?: (error: Error) => void;
-        onCeremonyComplete?: (accountAddress: string, walletId: string) => void;
-        traceContext?: TraceContext;
-        password?: string;
-        signedSessionId: string;
-    }): Promise<{
-        rawPublicKey: EcdsaPublicKey | Uint8Array | string | undefined;
-        clientKeyShares: ClientKeyShare[];
-    }>;
-    importRawPrivateKey({ chainName, privateKey, thresholdSignatureScheme, bitcoinConfig, onError, onCeremonyComplete, traceContext, legacyWalletId, password, signedSessionId, }: {
-        chainName: string;
-        privateKey: string;
-        thresholdSignatureScheme: ThresholdSignatureScheme;
-        bitcoinConfig?: BitcoinConfig;
-        onError?: (error: Error) => void;
-        onCeremonyComplete?: (accountAddress: string, walletId: string) => void;
-        traceContext?: TraceContext;
-        /** ID of the legacy embedded wallet being upgraded to v3 */
-        legacyWalletId?: string;
-        password?: string;
-        signedSessionId: string;
-    }): Promise<{
-        rawPublicKey: EcdsaPublicKey | Uint8Array | string | undefined;
-        clientKeyShares: ClientKeyShare[];
-    }>;
-    serverSign({ walletId, message, isFormatted, mfaToken, elevatedAccessToken, roomId, context, onError, dynamicRequestId, traceContext, bitcoinConfig, }: {
-        walletId: string;
-        message: string | Uint8Array;
-        dynamicRequestId: string;
-        isFormatted?: boolean;
-        mfaToken?: string;
-        elevatedAccessToken?: string;
-        roomId?: string;
-        context?: SignMessageContext;
-        onError?: (error: Error) => void;
-        traceContext?: TraceContext;
-        bitcoinConfig?: BitcoinConfig;
-    }): Promise<import("@dynamic-labs-wallet/core").OpenRoomResponse>;
-    private prepareMessageForForwardMPC;
-    private convertTweakForBIP340;
-    private processForwardMPCSignature;
-    forwardMPCClientSign({ chainName, message, roomId, keyShare, derivationPath, formattedMessage, dynamicRequestId, isFormatted, traceContext, bitcoinConfig, }: {
-        chainName: string;
-        message: string | Uint8Array;
-        roomId: string;
-        keyShare: ClientKeyShare;
-        derivationPath: Uint32Array | undefined;
-        formattedMessage: MessageToSign;
-        dynamicRequestId: string;
-        isFormatted?: boolean;
-        traceContext?: TraceContext;
-        bitcoinConfig?: BitcoinConfig;
-    }): Promise<Uint8Array | EcdsaSignature>;
-    clientSign({ chainName, message, roomId, keyShare, derivationPath, isFormatted, dynamicRequestId, traceContext, bitcoinConfig, }: {
-        chainName: string;
-        message: string | Uint8Array;
-        roomId: string;
-        dynamicRequestId: string;
-        keyShare: ClientKeyShare;
-        derivationPath: Uint32Array | undefined;
-        isFormatted?: boolean;
-        traceContext?: TraceContext;
-        bitcoinConfig?: BitcoinConfig;
-    }): Promise<Uint8Array | EcdsaSignature>;
-    /**
-     * Recovers key shares from backup when a public key mismatch error is detected.
-     * This is the core recovery logic used by various MPC operations.
-     *
-     * @param error - The error to check
-     * @param recoveryParams - Parameters needed for key share recovery
-     * @returns The recovered key shares if error was a mismatch, throws otherwise
-     */
-    private recoverKeySharesOnMismatch;
-    sign({ accountAddress, message, chainName, password, isFormatted, signedSessionId, mfaToken, elevatedAccessToken, context, onError, traceContext, bitcoinConfig, }: {
-        accountAddress: string;
-        message: string | Uint8Array;
-        chainName: string;
-        password?: string;
-        isFormatted?: boolean;
-        signedSessionId: string;
-        mfaToken?: string;
-        elevatedAccessToken?: string;
-        context?: SignMessageContext;
-        onError?: (error: Error) => void;
-        traceContext?: TraceContext;
-        bitcoinConfig?: BitcoinConfig;
-    }): Promise<Uint8Array | EcdsaSignature>;
-    private internalSign;
-    refreshWalletAccountShares({ accountAddress, chainName, password, signedSessionId, mfaToken, elevatedAccessToken, traceContext, }: {
-        accountAddress: string;
-        chainName: string;
-        password?: string;
-        signedSessionId: string;
-        mfaToken?: string;
-        elevatedAccessToken?: string;
-        traceContext?: TraceContext;
-    }): Promise<void>;
-    /**
-     * Gets the Bitcoin config for MPC operations by looking up addressType
-     * from walletMap, with fallback to deriving it from derivationPath.
-     */
-    private getBitcoinConfigForChain;
-    private internalRefreshWalletAccountShares;
-    getExportId({ chainName, clientKeyShare, bitcoinConfig, }: {
-        chainName: string;
-        clientKeyShare: ClientKeyShare;
-        bitcoinConfig?: BitcoinConfig;
-    }): Promise<string>;
-    /**
-     * Helper function to create client shares required to complete a reshare ceremony.
-     * @param {string} chainName - The chain to create shares for
-     * @param {WalletProperties} wallet - The wallet to reshare
-     * @param {ThresholdSignatureScheme} oldThresholdSignatureScheme - The current threshold signature scheme
-     * @param {ThresholdSignatureScheme} newThresholdSignatureScheme - The target threshold signature scheme
-     * @returns {Promise<{
-     *   newClientInitKeygenResults: ClientInitKeygenResult[],
-     *   newClientKeygenIds: string[],
-     *   existingClientKeygenIds: string[],
-     *   existingClientKeyShares: ClientKeyShare[]
-     * }>} Object containing new and existing client keygen results, IDs and shares
-     * @todo Support higher to lower reshare strategies
-     */
-    reshareStrategy({ chainName, wallet, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, }: {
-        chainName: string;
-        wallet: WalletProperties;
-        accountAddress: string;
-        oldThresholdSignatureScheme: ThresholdSignatureScheme;
-        newThresholdSignatureScheme: ThresholdSignatureScheme;
-    }): Promise<{
-        newClientInitKeygenResults: ClientInitKeygenResult[];
-        newClientKeygenIds: string[];
-        existingClientKeygenIds: string[];
-        existingClientKeyShares: ClientKeyShare[];
-    }>;
-    reshare({ chainName, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, password, signedSessionId, cloudProviders, delegateToProjectEnvironment, mfaToken, elevatedAccessToken, revokeDelegation, }: {
-        chainName: string;
-        accountAddress: string;
-        oldThresholdSignatureScheme: ThresholdSignatureScheme;
-        newThresholdSignatureScheme: ThresholdSignatureScheme;
-        password?: string;
-        signedSessionId: string;
-        cloudProviders?: BackupLocation[];
-        delegateToProjectEnvironment?: boolean;
-        mfaToken?: string;
-        elevatedAccessToken?: string;
-        revokeDelegation?: boolean;
-    }): Promise<void>;
-    private internalReshare;
-    private performDelegationOperation;
-    delegateKeyShares({ accountAddress, password, signedSessionId, mfaToken, }: {
-        accountAddress: string;
-        password?: string;
-        signedSessionId: string;
-        mfaToken?: string;
-    }): Promise<BackupLocationWithExternalKeyShareId[]>;
-    revokeDelegation({ accountAddress, password, signedSessionId, mfaToken, }: {
-        accountAddress: string;
-        password?: string;
-        signedSessionId: string;
-        mfaToken?: string;
-    }): Promise<void>;
-    private createKeygenResult;
-    exportKey({ accountAddress, chainName, bitcoinConfig, password, signedSessionId, mfaToken, elevatedAccessToken, traceContext, }: {
-        accountAddress: string;
-        chainName: string;
-        bitcoinConfig?: BitcoinConfig;
-        password?: string;
-        signedSessionId: string;
-        mfaToken?: string;
-        elevatedAccessToken?: string;
-        traceContext?: TraceContext;
-    }): Promise<{
-        derivedPrivateKey: string | undefined;
-    }>;
-    private getReconstructedKeyShare;
-    private performMPCExport;
-    private derivePrivateKeyFromExport;
-    offlineExportKey({ chainName, keyShares, derivationPath, }: {
-        chainName: string;
-        keyShares: ClientKeyShare[];
-        derivationPath?: string;
-    }): Promise<{
-        derivedPrivateKey: string | undefined;
-        rawPublicKey: EcdsaPublicKey | Uint8Array | string | undefined;
-    }>;
-    encryptKeyShare({ keyShare, password }: {
-        keyShare: ClientKeyShare;
-        password?: string;
-    }): Promise<string>;
-    /**
-     * helper function to store encrypted backup by wallet from iframe local storage
-     */
-    private getClientKeySharesFromLocalStorage;
-    /**
-     * Helper function to get client key shares from storage.
-     * Uses secureStorage when available (mobile), otherwise falls back to localStorage (browser).
-     */
-    getClientKeySharesFromStorage({ accountAddress }: {
-        accountAddress: string;
-    }): Promise<ClientKeyShare[]>;
-    /**
-     * Helper function to initialize a wallet map entry during onCeremonyComplete.
-     * This is called before any backup has happened, so it initializes with empty backup info.
-     * The backup info gets updated later in storeEncryptedBackupByWallet.
-     *
-     * @param accountAddress - The wallet address
-     * @param walletId - The wallet ID from the server
-     * @param chainName - The chain name (e.g., 'EVM', 'SVM', 'BTC')
-     * @param thresholdSignatureScheme - The TSS scheme used
-     * @param derivationPath - Optional derivation path (will be computed from chainConfig if not provided)
-     * @param additionalProps - Any chain-specific additional properties to merge
-     */
-    protected initializeWalletMapEntry({ accountAddress, walletId, chainName, thresholdSignatureScheme, derivationPath, additionalProps, }: {
-        accountAddress: string;
-        walletId: string;
-        chainName: string;
-        thresholdSignatureScheme: ThresholdSignatureScheme;
-        derivationPath?: string;
-        additionalProps?: Record<string, unknown>;
-    }): void;
-    /**
-     * Helper function to store client key shares in storage.
-     * Uses secureStorage when available (mobile), otherwise falls back to localStorage (browser).
-     */
-    private setClientKeySharesToLocalStorage;
-    /**
-     * Helper function to store client key shares in storage.
-     * Uses secureStorage when available (mobile), otherwise falls back to localStorage (browser).
-     */
-    setClientKeySharesToStorage({ accountAddress, clientKeyShares, overwriteOrMerge, }: {
-        accountAddress: string;
-        clientKeyShares: ClientKeyShare[];
-        overwriteOrMerge?: 'overwrite' | 'merge';
-    }): Promise<void>;
-    /**
-     * Ensures that client key shares exist for the given account address.
-     * Throws an error if no shares are found.
-     *
-     * Note: This method only checks for existing shares in storage.
-     * Auto-recovery logic has been removed in favor of the queue pattern.
-     * Callers should handle recovery explicitly if needed.
-     */
-    private ensureClientShare;
-    private backupToDynamicBackend;
-    private updateEncryptedSharesCache;
-    /**
-     * Promotes all pending encrypted-shares cache entries to active.
-     * Called once the server confirms that a password-update batch is fully activated
-     * (i.e. markKeySharesAsBackedUp returns passwordUpdateStatus !== 'pending').
-     * Each wallet wrote its new-password shares to a -pending key during upload;
-     * this method atomically moves them to the active key so the next unlock/validate
-     * call finds the correct ciphertext.
-     */
-    private promoteEncryptedSharesCaches;
-    private backupToCloudProvider;
-    private publishDelegatedShare;
-    private createPreservedDelegatedLocation;
-    backupSharesWithDistribution({ accountAddress, password, signedSessionId, distribution, preserveDelegatedLocation, passwordUpdateBatchId, }: {
-        accountAddress: string;
-        password?: string;
-        signedSessionId: string;
-        distribution: ShareDistribution;
-        preserveDelegatedLocation?: boolean;
-        passwordUpdateBatchId?: string;
-    }): Promise<{
-        message: string;
-        walletId: string;
-        passwordUpdateStatus?: "pending" | "activated";
-        locationsWithKeyShares: {
-            location: BackupLocation;
-            id: string;
-            keygenId: string;
-            externalKeyShareId?: string;
-        }[];
-    }>;
-    /**
-     * Central backup orchestrator that encrypts and stores wallet key shares.
-     *
-     * This method serves as the main backup coordinator, handling the distribution of encrypted
-     * key shares between Dynamic's backend and Google Drive based on the wallet's threshold scheme.
-     * It is used by multiple operations including reshare, refresh, and manual backup requests.
-     *
-     * **Backup Distribution Strategy:**
-     * - **Single share wallets**: All shares stored on Dynamic's backend only
-     * - **Multi-share wallets (2+)**: When backing up to Google Drive, N-1 shares on Dynamic's backend, 1 share on Google Drive
-     * - **Multi-share wallets (2+)**: When not backing up to Google Drive, all shares on Dynamic's backend
-     *
-     * **Process Flow:**
-     * 1. Encrypts all client key shares with the provided password (or environment ID if no password)
-     * 2. For multi-share wallets (2+): conditionally distributes N-1 to backend, 1 to Google Drive
-     * 3. For other configurations: stores all shares on Dynamic's backend
-     * 4. Updates backup metadata and synchronizes wallet state
-     * 5. Persists the updated wallet map to local storage
-     *
-     * **Delegated Key Shares:**
-     * - When delegatedKeyshare is provided, the method will not store the delegated key share but it will mark the delegated share as backed up on Dynamic's backend
-     * - and encrypt the delegated key share to publish it to the webhook
-     *
-     * @param params - The backup operation parameters
-     * @param params.accountAddress - The account address of the wallet to backup
-     * @param params.clientKeyShares - Optional specific key shares to backup (uses localStorage if not provided)
-     * @param params.password - Optional password for encryption (uses environment ID if not provided)
-     * @param params.signedSessionId - Optional signed session ID for authentication
-     * @param params.backupToGoogleDrive - Whether to backup to Google Drive (defaults to false)
-     * @returns Promise with backup metadata including share locations and IDs
-     */
-    storeEncryptedBackupByWallet({ accountAddress, clientKeyShares, password, signedSessionId, cloudProviders, delegatedKeyshare, passwordUpdateBatchId, }: {
-        accountAddress: string;
-        clientKeyShares?: ClientKeyShare[];
-        password?: string;
-        signedSessionId: string;
-        cloudProviders?: BackupLocation[];
-        delegatedKeyshare?: ClientKeyShare;
-        passwordUpdateBatchId?: string;
-    }): Promise<{
-        keyShareIds: string[];
-        keygenIds: string[];
-        message: string;
-        walletId: string;
-        passwordUpdateStatus?: "pending" | "activated";
-        locationsWithKeyShares: {
-            location: BackupLocation;
-            id: string;
-            keygenId: string;
-            externalKeyShareId?: string;
-        }[];
-    }>;
-    updatePassword({ accountAddress, existingPassword, newPassword, signedSessionId, passwordUpdateBatchId, }: {
-        accountAddress: string;
-        existingPassword?: string;
-        newPassword?: string;
-        signedSessionId: string;
-        passwordUpdateBatchId?: string;
-    }): Promise<void>;
-    setPassword({ accountAddress, newPassword, signedSessionId, passwordUpdateBatchId, }: {
-        accountAddress: string;
-        newPassword: string;
-        signedSessionId: string;
-        passwordUpdateBatchId?: string;
-    }): Promise<void>;
-    decryptKeyShare({ keyShare, password }: {
-        keyShare: string;
-        password?: string;
-    }): Promise<ClientKeyShare>;
-    /**
-     * Validates that the provided password is consistent with existing encrypted wallets.
-     * This prevents users from creating multiple wallets with different passwords.
-     *
-     * @param password - User-provided password (optional)
-     * @param signedSessionId - Signed session ID for API calls
-     * @throws Error with ERROR_PASSWORD_MISMATCH if password doesn't match existing wallets
-     */
-    /**
-     * Shared helper: fetches encrypted shares (from storage or API) and validates
-     * the provided password by attempting to decrypt the first credential.
-     * Throws ERROR_PASSWORD_MISMATCH if the password is incorrect.
-     */
-    private validatePasswordAgainstEncryptedShares;
-    private isPasscodeRequired;
-    private assertPasswordRequired;
-    protected validatePasswordConsistencyForNewWallet({ password, signedSessionId, }: {
-        password?: string;
-        signedSessionId: string;
-    }): Promise<void>;
-    /**
-     * Validates that the provided password matches the existing encryption for
-     * a password-encrypted wallet. Must be called before refresh/reshare ceremonies.
-     * Throws if the wallet is password-encrypted but no password (or wrong password) is provided.
-     */
-    protected validatePasswordForExistingWallet({ accountAddress, password, signedSessionId, }: {
-        accountAddress: string;
-        password?: string;
-        signedSessionId: string;
-    }): Promise<void>;
-    /**
-     * Helper function to get Google OAuth Account ID or throw an error if not found.
-     * @param accountAddress - The account address for logging purposes
-     * @returns The Google OAuth Account ID
-     * @throws Error if no Google OAuth account ID is found
-     */
-    private getGoogleOauthAccountIdOrThrow;
-    /**
-     * Helper function to determine keyshare recovery strategy for dynamic shares.
-     * For REFRESH operations, retrieves enough shares to meet the client threshold.
-     * For all other operations, retrieves just 1 share.
-     *
-     * @param clientKeyShareBackupInfo - Information about backed up key shares
-     * @param thresholdSignatureScheme - The signature scheme being used (2-of-2, 2-of-3, etc)
-     * @param walletOperation - The operation being performed (REFRESH, SIGN_MESSAGE, etc)
-     * @param shareCount - The number of shares to recover if specified for reshare operations
-     * @returns @shares: Object mapping backup locations to arrays of share IDs to recover
-     * @returns @requiredShareCount: The number of shares required to recover
-     */
-    recoverStrategy({ clientKeyShareBackupInfo, thresholdSignatureScheme, walletOperation, shareCount, }: {
-        clientKeyShareBackupInfo: KeyShareBackupInfo;
-        thresholdSignatureScheme: ThresholdSignatureScheme;
-        walletOperation: WalletOperation;
-        shareCount?: number;
-    }): {
-        shares: Partial<Record<BackupLocation, string[]>>;
-        requiredShareCount: number;
-    };
-    recoverEncryptedBackupByWallet({ accountAddress, password, walletOperation, signedSessionId, shareCount, storeRecoveredShares, mfaToken, }: {
-        accountAddress: string;
-        password?: string;
-        walletOperation: WalletOperation;
-        signedSessionId: string;
-        shareCount?: number;
-        storeRecoveredShares?: boolean;
-        mfaToken?: string;
-    }): Promise<ClientKeyShare[]>;
-    private internalRecoverEncryptedBackupByWallet;
-    restoreWallets(): Promise<void>;
-    /**
-     * Internal helper method that handles the complete flow for ensuring wallet key shares are backed up to a cloud provider.
-     * - For 2-of-2 wallets: Automatically reshares to 2-of-3 threshold, then distributes shares (1 to backend, 1 to cloud)
-     * - For 2-of-3 wallets: Call storeEncryptedBackupByWallet to backup for backend and cloud
-     */
-    private backupKeySharesToCloudProvider;
-    /**
-     * This method handles the complete flow for ensuring wallet key shares are backed up to Google Drive:
-     * - For 2-of-2 wallets: Automatically reshares to 2-of-3 threshold, then distributes shares (1 to backend, 1 to Google Drive)
-     * - For 2-of-3 wallets: Call storeEncryptedBackupByWallet to backup for backend and Google Drive
-     *
-     * @param params - The backup parameters
-     * @param params.accountAddress - The wallet account address to backup
-     * @param params.password - Optional password for encryption (uses environment ID if not provided)
-     * @param params.signedSessionId - Optional signed session ID for authentication
-     */
-    backupKeySharesToGoogleDrive({ accountAddress, password, signedSessionId, }: {
-        accountAddress: string;
-        password?: string;
-        signedSessionId: string;
-    }): Promise<void>;
-    /**
-     * This method handles the complete flow for ensuring wallet key shares are backed up to iCloud:
-     * - For 2-of-2 wallets: Automatically reshares to 2-of-3 threshold, then distributes shares (1 to backend, 1 to iCloud)
-     * - For 2-of-3 wallets: Call storeEncryptedBackupByWallet to backup for backend and iCloud
-     *
-     * @param params - The backup parameters
-     * @param params.accountAddress - The wallet account address to backup
-     * @param params.password - Optional password for encryption (uses environment ID if not provided)
-     * @param params.signedSessionId - Optional signed session ID for authentication
-     */
-    backupKeySharesToICloud({ accountAddress, password, signedSessionId, }: {
-        accountAddress: string;
-        password?: string;
-        signedSessionId: string;
-    }): Promise<void>;
-    /**
-     * Generic router method that uploads encrypted key shares to the specified cloud provider
-     * @param provider - The cloud backup provider (GOOGLE_DRIVE, ICLOUD, etc.)
-     * @param accountAddress - Wallet account address
-     * @param encryptedKeyShares - Already encrypted key shares to upload
-     * @returns Promise<void>
-     */
-    private uploadToCloudProvider;
-    /**
-     * This method handles only the Google Drive upload mechanics without any reshare logic.
-     * It encrypts the provided key shares, uploads them to Google Drive, and updates the
-     * backup metadata. This method is intended for internal use by storeEncryptedBackupByWallet
-     * and should not be called directly from external code.
-     *
-     * @param params - The upload parameters
-     * @param params.accountAddress - The wallet account address
-     * @param params.password - Optional password for encryption (uses environment ID if not provided)
-     * @param params.encryptedKeyShares - The specific key shares to upload to Google Drive
-     * @returns Promise<string[]> - Array of Google Drive key share IDs that were uploaded
-     */
-    private uploadKeySharesToGoogleDrive;
-    /**
-     * Private method that handles only the iCloud upload mechanics without any reshare logic.
-     * It takes already encrypted key shares and uploads them to iCloud.
-     * @param accountAddress - The wallet account address
-     * @param encryptedKeyShares - Already encrypted key shares to upload
-     * @returns Promise<void>
-     */
-    private uploadKeySharesToICloud;
-    exportClientKeysharesFromGoogleDrive({ accountAddress, password, signedSessionId, }: {
-        accountAddress: string;
-        password?: string;
-        signedSessionId: string;
-    }): Promise<void>;
-    exportClientKeyshares({ accountAddress, password, signedSessionId, }: {
-        accountAddress: string;
-        password?: string;
-        signedSessionId: string;
-    }): Promise<void>;
-    getClientKeyShares({ accountAddress, password, signedSessionId, }: {
-        accountAddress: string;
-        password?: string;
-        signedSessionId: string;
-    }): Promise<ClientKeyShare[]>;
-    /**
-     * Helper function to check if the required wallet fields are present and valid
-     * @param accountAddress - The account address of the wallet to check
-     * @param walletOperation - The wallet operation that determines required fields
-     * @returns boolean indicating if wallet needs to be re-fetched and restored from server
-     */
-    private checkWalletFields;
-    /**
-     * verifyPassword attempts to recover and decrypt a single client key share using the provided password.
-     * If successful, the key share is encrypted with the new password. This method solely performs the recovery
-     * and decryption without storing the restored key shares. If unsuccessful, it throws an error.
-     */
-    verifyPassword({ accountAddress, password, signedSessionId, }: {
-        accountAddress: string;
-        password?: string;
-        signedSessionId: string;
-    }): Promise<void>;
-    isPasswordEncrypted({ accountAddress }: {
-        accountAddress: string;
-    }): Promise<boolean>;
-    /**
-     * check if the operation requires a password
-     */
-    requiresPasswordForOperation({ accountAddress, walletOperation, }: {
-        accountAddress: string;
-        walletOperation?: WalletOperation;
-    }): Promise<boolean>;
-    /**
-     * check if the operation requires restoring backup shares
-     */
-    requiresRestoreBackupSharesForOperation({ accountAddress, walletOperation, }: {
-        accountAddress: string;
-        walletOperation?: WalletOperation;
-    }): Promise<boolean>;
-    getWalletClientKeyShareBackupInfo({ accountAddress }: {
-        accountAddress: string;
-    }): Promise<KeyShareBackupInfo>;
-    getWallet({ accountAddress, walletOperation, shareCount, password, signedSessionId, }: {
-        accountAddress: string;
-        walletOperation?: WalletOperation;
-        shareCount?: number;
-        password?: string;
-        signedSessionId: string;
-    }): Promise<WalletProperties>;
-    /**
-     * Gets the recovery state of a wallet, optionally recovering shares if not available.
-     * This method is useful for detecting if a wallet is password-encrypted
-     * and needs unlocking before use.
-     *
-     * If shares are not available locally and recovery parameters are provided,
-     * this method will call getWallet with RECOVER operation to fetch shares.
-     * The underlying recoverEncryptedBackupByWallet handles deduplication via
-     * inFlightRecovery, so concurrent calls won't start multiple recoveries.
-     *
-     * @param accountAddress - The account address of the wallet
-     * @param signedSessionId - Optional signed session ID for triggering recovery if shares not available
-     * @param password - Optional password for decrypting recovered shares
-     * @returns WalletRecoveryState indicating the wallet's lock state and share availability
-     * @throws Error if recovery fails or no shares available after recovery
-     */
-    getWalletRecoveryState({ accountAddress, signedSessionId, password, }: {
-        accountAddress: string;
-        signedSessionId?: string;
-        password?: string;
-    }): Promise<WalletRecoveryState>;
-    /**
-     * Unlocks a password-encrypted wallet by decrypting cached encrypted shares.
-     * This method should be called after getWalletRecoveryState returns LOCKED state.
-     *
-     * @param accountAddress - The account address of the wallet
-     * @param password - The password to decrypt the shares
-     * @param signedSessionId - The signed session ID for authentication
-     * @returns The unlocked wallet properties
-     */
-    unlockWallet({ accountAddress, password, signedSessionId, }: {
-        accountAddress: string;
-        password: string;
-        signedSessionId: string;
-    }): Promise<WalletProperties>;
-    /**
-     * Decrypts cached encrypted key shares for a wallet and stores them locally.
-     */
-    private decryptAndStoreWalletShares;
-    getAllWallets(): Promise<GetWalletResponse[]>;
-    getWallets(): Promise<any>;
-    /**
-     * sync auth token with api client
-     * @param authToken - auth token to sync
-     */
-    syncAuthToken(authToken: string): void;
-    createRooms({ roomType, thresholdSignatureScheme, roomCount, }: {
-        roomType: RoomTypeEnum;
-        thresholdSignatureScheme: ThresholdSignatureScheme;
-        roomCount?: number;
-    }): Promise<void>;
-    restoreRooms(): Promise<Record<number, Room[]>>;
-    getRooms(roomType?: RoomTypeEnum, thresholdSignatureScheme?: ThresholdSignatureScheme): Promise<Room[] | Record<number, Room[]>>;
-    setRooms(numberOfParties: number, rooms: Room[]): Promise<void>;
-    /**
-     * Chain localStorage writes sequentially so each write serializes the latest
-     * in-memory state at execution time, preventing earlier stale snapshots from
-     * overwriting fresher data when concurrent setRooms calls race.
-     */
-    private persistRooms;
-    getNumberOfParties(roomType: RoomTypeEnum, thresholdSignatureScheme: ThresholdSignatureScheme): number;
-    getRoom(roomType: RoomTypeEnum, thresholdSignatureScheme: ThresholdSignatureScheme): Promise<Room | undefined>;
-    getTraceContext(traceContext?: TraceContext): TraceContext & {
-        now: number;
-        time: number;
-    };
-}
-export {};
-//# sourceMappingURL=client.d.ts.map