@dynamic-labs-wallet/browser 1.0.2 → 1.0.3

package/index.esm.js

@@ -230,6 +230,25 @@ class InvalidPasswordError extends Error {
         this.name = 'InvalidPasswordError';
     }
 }
+const KEY_SHARE_DECRYPTION_ERROR = 'Decryption failed.';
+/**
+ * Thrown when a key share cannot be decrypted but no user-supplied password was
+ * involved. Distinct from InvalidPasswordError, which is reserved for cases
+ * where a user-entered password fails to decrypt a password-encrypted wallet.
+ *
+ * Internal-only signal: the user-facing message is deliberately generic so it
+ * does not leak implementation detail (e.g. environmentId fallback,
+ * cross-environment cipher, KDF/version mismatch). The `name` and any attached
+ * `cause` carry the real diagnostic for logs / monitoring.
+ */ class KeyShareDecryptionError extends Error {
+    constructor(options){
+        super(KEY_SHARE_DECRYPTION_ERROR);
+        this.name = 'KeyShareDecryptionError';
+        if ((options == null ? void 0 : options.cause) !== undefined) {
+            this.cause = options.cause;
+        }
+    }
+}
 /**
  * Check if an error is an OperationError from SubtleCrypto.decrypt,
  * which indicates authentication failure (wrong password/derived key)
@@ -515,7 +534,15 @@ const writeCachedReason = (error, reason)=>{
     // Frozen/sealed errors — ignore, just lose the cache on this path.
     }
 };
+const isKeyShareDecryptionError = (error)=>error instanceof KeyShareDecryptionError || error instanceof Error && error.name === 'KeyShareDecryptionError';
 const computeReason = (error)=>{
+    // KeyShareDecryptionError represents a system-side decryption failure where
+    // no user password was involved (e.g. envId-fallback failed on a
+    // non-password-encrypted wallet). Classify ahead of the InvalidPasswordError
+    // check so it doesn't get mislabeled as `wrong_password`.
+    if (isKeyShareDecryptionError(error)) {
+        return 'decryption_failure';
+    }
     if (isPasswordMismatchError(error)) {
         return 'wrong_password';
     }
@@ -1054,6 +1081,7 @@ const logRetryExhausted = (operationName, maxAttempts, errorContext, logContext)
     if ((error == null ? void 0 : error.isRetryable) === false) return true;
     if (isPasswordMismatchError(error)) return true;
     if (error instanceof InvalidPasswordError) return true;
+    if (error instanceof KeyShareDecryptionError) return true;
     const message = error instanceof Error ? error.message : '';
     if (!message) return false;
     return NON_RETRYABLE_CEREMONY_ERROR_MESSAGES.some((msg)=>message.includes(msg));
@@ -2098,6 +2126,50 @@ const createDynamicOnlyDistribution = ({ allShares })=>({
 /** Track which wallets are currently executing inside a sign operation.
    * Used to prevent deadlocks when recovery is called from within a sign op. */ WalletQueueManager.walletsWithActiveSignOp = new Map();
 
+// Pure routing helper: maps a completed reshare ceremony's results into the
+// ShareDistribution that storage/publish should follow. Lives outside the
+// client class so it's straightforward to reason about and unit-test
+// without spinning up DynamicWalletClient.
+const selectReshareDistribution = ({ resolvedDelegation, resolvedCloudProviders, existingReshareResults, newReshareResults })=>{
+    const allClientShares = [
+        ...existingReshareResults,
+        ...newReshareResults
+    ];
+    // Share-set delegation signal: same-parties reshare with zero new client
+    // party. The refreshed rootUser-client output IS the delegated share —
+    // it goes to the webhook out-of-band, NOT to Dynamic backup, and local
+    // cache stays with gen1.
+    if (resolvedDelegation && newReshareResults.length === 0 && existingReshareResults.length === 1) {
+        return {
+            clientShares: [],
+            cloudProviderShares: {},
+            delegatedShare: existingReshareResults[0]
+        };
+    }
+    if (resolvedDelegation && resolvedCloudProviders.length > 0) {
+        return createDelegationWithCloudProviderDistribution({
+            providers: resolvedCloudProviders,
+            existingShares: existingReshareResults,
+            delegatedShare: newReshareResults[0]
+        });
+    }
+    if (resolvedDelegation) {
+        return createDelegationOnlyDistribution({
+            existingShares: existingReshareResults,
+            delegatedShare: newReshareResults[0]
+        });
+    }
+    if (resolvedCloudProviders.length > 0) {
+        return createCloudProviderDistribution({
+            providers: resolvedCloudProviders,
+            allShares: allClientShares
+        });
+    }
+    return createDynamicOnlyDistribution({
+        allShares: allClientShares
+    });
+};
+
 const ALG_LABEL_RSA = 'HYBRID-RSA-AES-256';
 /**
  * Convert base64 to base64url encoding
@@ -3583,7 +3655,7 @@ class DynamicWalletClient {
    *   existingClientKeyShares: ClientKeyShare[]
    * }>} Object containing new and existing client keygen results, IDs and shares
    * @todo Support higher to lower reshare strategies
-   */ async reshareStrategy({ chainName, wallet, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme }) {
+   */ async reshareStrategy({ chainName, wallet, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, delegateToProjectEnvironment }) {
         const bitcoinConfig = this.getBitcoinConfigForChain(chainName, accountAddress);
         const mpcSigner = getMPCSigner({
             chainName,
@@ -3593,7 +3665,8 @@ class DynamicWalletClient {
         // Determine share counts based on threshold signature schemes
         const { newClientShareCount, existingClientShareCount } = getReshareConfig({
             oldThresholdSignatureScheme,
-            newThresholdSignatureScheme
+            newThresholdSignatureScheme,
+            delegateToProjectEnvironment
         });
         // Create new client shares
         const newClientInitKeygenResults = await Promise.all(Array.from({
@@ -3699,16 +3772,20 @@ class DynamicWalletClient {
             throw backupError;
         }
     }
-    // Rotates walletMap.shareSetId when a ceremony_complete event reports a
-    // new rootUser share set. Skipped for `delegated` (rootUser unchanged;
-    // the delegation flow owns the otherShareSets[] write), `server`, and
-    // empty payloads (legacy redcoast that predates the share-set rollout —
-    // server falls back to walletId resolution on the follow-up backup call).
+    // Persists the ceremony_complete payload into the wallet map.
+    // - rootUser → rotate walletMap.shareSetId (if it actually changed).
+    // - delegated → append/replace under otherShareSets[] via recordDelegatedShareSet
+    //   (requires newThresholdSignatureScheme passed in by the reshare caller).
+    //   Reshare delegation flow owns this branch; refresh hits the non-rootUser
+    //   skip path below because newThresholdSignatureScheme isn't threaded.
+    // - server / undefined → no-op with a skip log so DataDog shows the path
+    //   (undefined is legacy redcoast that predates the share-set rollout —
+    //   server falls back to walletId resolution on the follow-up backup call).
     //
     // Each skip reason is logged distinctly so operators can grep DataDog for
     // "legacy server callbacks" vs "delegation skips" vs "no-op same id"
     // separately — three operationally different states.
-    rotateRootUserShareSetIdIfChanged({ accountAddress, wallet, ceremony, shareSetId, shareSetType, extraContext }) {
+    rotateRootUserShareSetIdIfChanged({ accountAddress, wallet, ceremony, shareSetId, shareSetType, newThresholdSignatureScheme, extraContext }) {
         const baseContext = _extends({
             walletId: wallet.walletId,
             ceremony
@@ -3725,10 +3802,20 @@ class DynamicWalletClient {
             });
             return;
         }
+        if (shareSetType === 'delegated' && newThresholdSignatureScheme) {
+            this.recordDelegatedShareSet({
+                accountAddress,
+                wallet,
+                newShareSetId: shareSetId,
+                newThresholdSignatureScheme
+            });
+            return;
+        }
         if (shareSetType !== 'rootUser') {
-            // 'delegated' → delegation flow owns the otherShareSets[] write (#947).
-            // 'server'    → internal server share set, not for SDK rotation.
-            // undefined   → server emitted partial payload (already warned upstream).
+            // 'delegated' (no newThresholdSignatureScheme, e.g. refresh) → SDK doesn't
+            // own the otherShareSets[] write from refresh.
+            // 'server' → internal server share set, not for SDK rotation.
+            // undefined → server emitted partial payload (already warned upstream).
             this.logger.info('[WaasShareSet] rotation skipped: non-rootUser share-set type', {
                 context: _extends({}, baseContext, {
                     shareSetType,
@@ -3755,6 +3842,38 @@ class DynamicWalletClient {
             shareSetId
         });
     }
+    // Records a new `delegated` share set under wallet.otherShareSets[],
+    // replacing an existing delegated entry if one is already there (rather
+    // than appending duplicates on retry). Only reachable from the reshare
+    // delegation flow — refresh doesn't thread newThresholdSignatureScheme
+    // so it falls through to the skip path before reaching here.
+    recordDelegatedShareSet({ accountAddress, wallet, newShareSetId, newThresholdSignatureScheme }) {
+        const walletProps = this.getWalletFromMap(accountAddress);
+        var _walletProps_otherShareSets;
+        const existing = (_walletProps_otherShareSets = walletProps == null ? void 0 : walletProps.otherShareSets) != null ? _walletProps_otherShareSets : [];
+        const newEntry = {
+            shareSetId: newShareSetId,
+            shareSetType: 'delegated',
+            thresholdSignatureScheme: newThresholdSignatureScheme,
+            createdAt: new Date().toISOString()
+        };
+        const delegatedIdx = existing.findIndex((s)=>s.shareSetType === 'delegated');
+        const updated = delegatedIdx >= 0 ? existing.map((s, i)=>i === delegatedIdx ? newEntry : s) : [
+            ...existing,
+            newEntry
+        ];
+        this.logger.info('[WaasShareSet] delegated shareSetId added by reshare ceremony', {
+            context: {
+                walletId: wallet.walletId,
+                rootUserShareSetId: wallet.shareSetId,
+                delegatedShareSetId: newShareSetId,
+                replacedExistingDelegated: delegatedIdx >= 0
+            }
+        });
+        this.updateWalletMap(accountAddress, {
+            otherShareSets: updated
+        });
+    }
     async internalReshare({ chainName, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, password = undefined, signedSessionId, cloudProviders = [], delegateToProjectEnvironment = false, mfaToken, elevatedAccessToken, revokeDelegation = false, hasAttemptedKeyShareRecovery = false, googleDriveAccessToken }) {
         const dynamicRequestId = v4();
         // Password validation - wrapped in try-catch for consistent error handling
@@ -3797,7 +3916,8 @@ class DynamicWalletClient {
         try {
             const { existingClientShareCount } = getReshareConfig({
                 oldThresholdSignatureScheme,
-                newThresholdSignatureScheme
+                newThresholdSignatureScheme,
+                delegateToProjectEnvironment: resolvedDelegation
             });
             const wallet = await this.getWallet({
                 accountAddress,
@@ -3811,11 +3931,14 @@ class DynamicWalletClient {
                 accountAddress,
                 wallet,
                 oldThresholdSignatureScheme,
-                newThresholdSignatureScheme
+                newThresholdSignatureScheme,
+                delegateToProjectEnvironment: resolvedDelegation
             });
-            // Ensure existing client key shares exist before reshare
-            if (existingClientKeyShares.length === 0) {
-                throw new Error(`Client key shares are required for reshare operation but none were found for account address: ${accountAddress}`);
+            // Ensure existing client key shares match what getReshareConfig expected.
+            // For most flows this is >= 1; for 2/2 → 2/2 + delegation it's 0 (the
+            // ceremony has no surviving client-side party from the old quorum).
+            if (existingClientKeyShares.length < existingClientShareCount) {
+                throw new Error(`Expected ${existingClientShareCount} existing client key share(s) for reshare operation but only found ${existingClientKeyShares.length} for account address: ${accountAddress}`);
             }
             const clientKeygenIds = [
                 ...newClientKeygenIds,
@@ -3879,6 +4002,7 @@ class DynamicWalletClient {
                         ceremony: 'reshare',
                         shareSetId,
                         shareSetType,
+                        newThresholdSignatureScheme,
                         extraContext: {
                             oldThresholdSignatureScheme,
                             newThresholdSignatureScheme,
@@ -4002,41 +4126,12 @@ class DynamicWalletClient {
                 }
                 throw reshareError;
             }
-            const allClientShares = [
-                ...existingReshareResults,
-                ...newReshareResults
-            ];
-            let distribution;
-            // Generic distribution logic - works with any cloud providers
-            // Use effective* variables which may have been populated from existing wallet state
-            if (resolvedDelegation && resolvedCloudProviders.length > 0) {
-                // Delegation + Cloud Providers: Client's existing share backs up to both Dynamic and cloud providers.
-                // The new share goes to the webhook for delegation.
-                distribution = createDelegationWithCloudProviderDistribution({
-                    providers: resolvedCloudProviders,
-                    existingShares: existingReshareResults,
-                    delegatedShare: newReshareResults[0]
-                });
-            } else if (resolvedDelegation) {
-                // Delegation only: Client's existing share backs up to Dynamic.
-                // The new share goes to the webhook for delegation. No cloud provider backup.
-                distribution = createDelegationOnlyDistribution({
-                    existingShares: existingReshareResults,
-                    delegatedShare: newReshareResults[0]
-                });
-            } else if (resolvedCloudProviders.length > 0) {
-                // Cloud Providers only: Split shares between Dynamic (N-1) and cloud providers (1).
-                // The last share (new share) goes to cloud providers.
-                distribution = createCloudProviderDistribution({
-                    providers: resolvedCloudProviders,
-                    allShares: allClientShares
-                });
-            } else {
-                // No delegation, no cloud providers: All shares go to Dynamic backend only.
-                distribution = createDynamicOnlyDistribution({
-                    allShares: allClientShares
-                });
-            }
+            const distribution = selectReshareDistribution({
+                resolvedDelegation,
+                resolvedCloudProviders,
+                existingReshareResults,
+                newReshareResults
+            });
             this.updateWalletMap(accountAddress, {
                 thresholdSignatureScheme: newThresholdSignatureScheme
             });
@@ -4095,10 +4190,22 @@ class DynamicWalletClient {
             });
             // Store client key shares to storage (localStorage or secureStorage)
             // only after backup succeeds.
-            await this.setClientKeySharesToStorage({
-                accountAddress,
-                clientKeyShares: distribution.clientShares
-            });
+            //
+            // Share-set delegation (FF=on) skips this entirely — the ceremony
+            // output's refreshed rootUser-client share went to the webhook
+            // (delegatedShare), and the original gen1 rootUser-client share must
+            // stay in local cache so the user can still sign rootUser. See the
+            // mixed-share-sign isolation property tested in
+            // `wallet-service/scripts/twoOfTwoReshareExperiment.ts`. Calling this
+            // with `clientShares: []` would clear the local cache (per the
+            // method's "full replacement" semantics), breaking signing until
+            // recovery refetches from Dynamic.
+            if (distribution.clientShares.length > 0) {
+                await this.setClientKeySharesToStorage({
+                    accountAddress,
+                    clientKeyShares: distribution.clientShares
+                });
+            }
             // Operation summary — correlates against downstream sign failures /
             // pending-rotation reports. `ceremonyCallbackFired: false` here means
             // either the server is legacy (didn't emit ceremony_complete) or the
@@ -4140,7 +4247,7 @@ class DynamicWalletClient {
             throw error;
         }
     }
-    async performDelegationOperation({ accountAddress, password, signedSessionId, mfaToken, newThresholdSignatureScheme, revokeDelegation = false, operationName }) {
+    async performDelegationOperation({ accountAddress, password, signedSessionId, mfaToken, newThresholdSignatureScheme, revokeDelegation = false, useShareSetReshare = false, operationName }) {
         try {
             const delegateToProjectEnvironment = this.featureFlags && this.featureFlags[FEATURE_FLAGS.ENABLE_DELEGATED_KEY_SHARES_FLAG] === true;
             if (!delegateToProjectEnvironment) {
@@ -4157,8 +4264,11 @@ class DynamicWalletClient {
             }
             const walletData = this.getWalletFromMap(accountAddress);
             const currentThresholdSignatureScheme = walletData.thresholdSignatureScheme;
-            // Get active cloud providers to maintain existing backups
-            const activeProviders = getActiveCloudProviders(walletData == null ? void 0 : walletData.clientKeySharesBackupInfo);
+            // Under the share-set reshare flow, rootUser is not mutated — the
+            // delegation creates a separate `delegated` share set. So we don't
+            // re-pin existing cloud providers; preservation is irrelevant when the
+            // primary share set is untouched.
+            const activeProviders = useShareSetReshare ? [] : getActiveCloudProviders(walletData == null ? void 0 : walletData.clientKeySharesBackupInfo);
             await this.reshare({
                 chainName: walletData.chainName,
                 accountAddress,
@@ -4183,19 +4293,82 @@ class DynamicWalletClient {
         }
     }
     async delegateKeyShares({ accountAddress, password = undefined, signedSessionId, mfaToken }) {
+        var _this_featureFlags;
+        const useShareSetReshare = ((_this_featureFlags = this.featureFlags) == null ? void 0 : _this_featureFlags[FEATURE_FLAGS.ENABLE_SHARE_SET_RESHARE]) === true;
+        if (useShareSetReshare) {
+            var _this_getWalletFromMap;
+            // FF on: delegation creates a separate `delegated` share set without
+            // touching rootUser. If the wallet already has one, this is a no-op.
+            const existingDelegated = getDelegatedShareSet((_this_getWalletFromMap = this.getWalletFromMap(accountAddress)) == null ? void 0 : _this_getWalletFromMap.otherShareSets);
+            if (existingDelegated) {
+                var _this_getWalletFromMap1;
+                this.logger.info('[WaasShareSet] delegateKeyShares no-op — wallet already has a delegated share set', {
+                    accountAddress,
+                    delegatedShareSetId: existingDelegated.shareSetId
+                });
+                const backupInfo = (_this_getWalletFromMap1 = this.getWalletFromMap(accountAddress)) == null ? void 0 : _this_getWalletFromMap1.clientKeySharesBackupInfo;
+                return (backupInfo == null ? void 0 : backupInfo.backups[BackupLocation.DELEGATED]) || [];
+            }
+            this.logger.info('[WaasShareSet] delegateKeyShares using share-set reshare path', {
+                accountAddress
+            });
+        }
         await this.performDelegationOperation({
             accountAddress,
             password,
             signedSessionId,
             mfaToken,
-            newThresholdSignatureScheme: ThresholdSignatureScheme.TWO_OF_THREE,
-            operationName: 'delegateKeyShares'
+            // FF on: reshare to 2/2 — the new delegated share set is always 2/2
+            // (server + delegated webhook). getReshareConfig now has a 2/2 → 2/2
+            // + delegation case that returns newClientShareCount=1 (the share
+            // routed to the webhook) so the ceremony generates it correctly.
+            // FF off: legacy 2/2 → 2/3 reshare that mutates rootUser.
+            newThresholdSignatureScheme: useShareSetReshare ? ThresholdSignatureScheme.TWO_OF_TWO : ThresholdSignatureScheme.TWO_OF_THREE,
+            operationName: 'delegateKeyShares',
+            useShareSetReshare
         });
         const backupInfo = this.getWalletFromMap(accountAddress).clientKeySharesBackupInfo;
         const delegatedKeyShares = backupInfo.backups[BackupLocation.DELEGATED] || [];
         return delegatedKeyShares;
     }
     async revokeDelegation({ accountAddress, password = undefined, signedSessionId, mfaToken }) {
+        var _this_featureFlags;
+        const useShareSetReshare = ((_this_featureFlags = this.featureFlags) == null ? void 0 : _this_featureFlags[FEATURE_FLAGS.ENABLE_SHARE_SET_RESHARE]) === true;
+        if (useShareSetReshare) {
+            var _this_getWalletFromMap;
+            const wallet = await this.getWallet({
+                accountAddress,
+                walletOperation: WalletOperation.NO_OPERATION,
+                password,
+                signedSessionId
+            });
+            const delegatedShareSet = getDelegatedShareSet((_this_getWalletFromMap = this.getWalletFromMap(accountAddress)) == null ? void 0 : _this_getWalletFromMap.otherShareSets);
+            if (!delegatedShareSet) {
+                this.logger.info('[WaasShareSet] revokeDelegation called but no delegated share set found', {
+                    accountAddress
+                });
+                return;
+            }
+            this.logger.info('[WaasShareSet] revokeDelegation via share-set REST DELETE (no MPC ceremony)', {
+                accountAddress,
+                delegatedShareSetId: delegatedShareSet.shareSetId,
+                walletId: wallet.walletId
+            });
+            await this.apiClient.revokeDelegation({
+                walletId: wallet.walletId,
+                shareSetId: delegatedShareSet.shareSetId,
+                signedSessionId,
+                dynamicRequestId: v4().replaceAll('-', '')
+            });
+            // Refresh wallet state so otherShareSets / backups reflect the cleared delegation
+            await this.getWallet({
+                accountAddress,
+                walletOperation: WalletOperation.NO_OPERATION,
+                password,
+                signedSessionId
+            });
+            return;
+        }
         await this.performDelegationOperation({
             accountAddress,
             password,
@@ -4742,7 +4915,7 @@ class DynamicWalletClient {
             hasDelegatedShare: !!distribution.delegatedShare
         }));
         try {
-            var _backupData_locationsWithKeyShares, _backupData_locationsWithKeyShares1;
+            var _this_getWalletFromMap, _backupData_locationsWithKeyShares, _backupData_locationsWithKeyShares1;
             // `let` so the retry path can swap in a freshly-signed session via the reverse channel on 400.
             let resolvedSignedSessionId = await this.resolveSignedSessionId(signedSessionId);
             const canRefreshSignedSessionId = this.getSignedSessionIdCallback !== undefined;
@@ -4837,10 +5010,24 @@ class DynamicWalletClient {
                     googleDriveAccessToken
                 }));
             }
+            // When this ceremony minted a separate `delegated` share set (FF=on
+            // path), backup activation must target that share set — not rootUser —
+            // so `/delegatedAccess/delivery` and `/backup/locations` resolve to the
+            // pending delegated row instead of mutating rootUser. The FF=off path
+            // leaves `otherShareSets` empty and falls back to rootUser, matching
+            // legacy in-place delegation behavior.
+            //
+            // Read otherShareSets fresh from the wallet map — `recordDelegatedShareSet`
+            // wrote the new entry during `ceremony_complete`, which fired between
+            // when `walletData` was captured at the top of this method and now.
+            const freshOtherShareSets = (_this_getWalletFromMap = this.getWalletFromMap(accountAddress)) == null ? void 0 : _this_getWalletFromMap.otherShareSets;
+            const delegatedShareSet = distribution.delegatedShare ? getDelegatedShareSet(freshOtherShareSets) : undefined;
+            var _delegatedShareSet_shareSetId;
+            const targetShareSetId = (_delegatedShareSet_shareSetId = delegatedShareSet == null ? void 0 : delegatedShareSet.shareSetId) != null ? _delegatedShareSet_shareSetId : walletData.shareSetId;
             if (distribution.delegatedShare) {
                 uploadPromises.push(retryPromise(()=>this.publishDelegatedShare({
                         walletId: walletData.walletId,
-                        shareSetId: walletData.shareSetId,
+                        shareSetId: targetShareSetId,
                         delegatedShare: distribution.delegatedShare,
                         signedSessionId: resolvedSignedSessionId,
                         dynamicRequestId,
@@ -4870,7 +5057,10 @@ class DynamicWalletClient {
             // won't fix.
             const backupData = await retryPromise(()=>this.apiClient.markKeySharesAsBackedUp({
                     walletId: walletData.walletId,
-                    shareSetId: walletData.shareSetId,
+                    // Same routing rule as publishDelegatedShare above: when this
+                    // ceremony minted a separate `delegated` share set, the atomic
+                    // swap in /backup/locations must activate THAT row, not rootUser.
+                    shareSetId: targetShareSetId,
                     locations,
                     dynamicRequestId,
                     passwordUpdateBatchId
@@ -5268,13 +5458,35 @@ class DynamicWalletClient {
     }
     async decryptKeyShare({ keyShare, password }) {
         const decodedKeyShare = JSON.parse(Buffer.from(keyShare, 'base64').toString());
-        const decryptedKeyShare = await decryptData({
-            data: decodedKeyShare,
-            password: password != null ? password : this.environmentId
-        });
-        this.logPasswordSharePresence(password, 'decrypt');
-        const deserializedKeyShare = JSON.parse(decryptedKeyShare);
-        return deserializedKeyShare;
+        // Track whether a user-supplied password was provided so we can emit a
+        // distinct error class on failure. The default `environmentId` fallback is
+        // applied here (and only here) so the original `password` argument retains
+        // the caller's intent — see `recoverEncryptedBackupByWallet` / `getWallet`,
+        // which no longer apply their own fallback.
+        const usedDefaultPassword = !password;
+        const effectivePassword = password != null ? password : this.environmentId;
+        try {
+            const decryptedKeyShare = await decryptData({
+                data: decodedKeyShare,
+                password: effectivePassword
+            });
+            this.logPasswordSharePresence(password, 'decrypt');
+            const deserializedKeyShare = JSON.parse(decryptedKeyShare);
+            return deserializedKeyShare;
+        } catch (error) {
+            // When no user password was supplied, an InvalidPasswordError is
+            // misleading — the user never entered a password, so the "wrong password"
+            // framing doesn't apply. Re-throw as a distinct system-side error so
+            // dashboards/logs classify it as `decryption_failure` instead of
+            // `wrong_password`, and surface that the cause is most likely an
+            // environment-ID mismatch (e.g. wallet encrypted in another environment).
+            if (usedDefaultPassword && error instanceof InvalidPasswordError) {
+                throw new KeyShareDecryptionError({
+                    cause: error
+                });
+            }
+            throw error;
+        }
     }
     /**
    * Validates that the provided password is consistent with existing encrypted wallets.
@@ -5530,9 +5742,12 @@ class DynamicWalletClient {
                 userId: this.userId
             });
             const dynamicKeyShares = data.keyShares.filter((keyShare)=>keyShare.encryptedAccountCredential !== null && keyShare.backupLocation === BackupLocation.DYNAMIC);
-            const decryptedKeyShares = await Promise.all(dynamicKeyShares.map((keyShare)=>this.decryptKeyShare({
+            const decryptedKeyShares = await Promise.all(dynamicKeyShares.map((keyShare)=>// `decryptKeyShare` owns the `environmentId` fallback; passing
+                // `password` (possibly undefined) lets it distinguish a user-supplied
+                // password failure from an envId-fallback failure.
+                this.decryptKeyShare({
                     keyShare: keyShare.encryptedAccountCredential,
-                    password: password != null ? password : this.environmentId
+                    password
                 })));
             if (storeRecoveredShares) {
                 await this.setClientKeySharesToStorage({
@@ -6233,9 +6448,11 @@ class DynamicWalletClient {
                     return wallet;
                 }
                 // TODO(zfaizal2): throw error if signedSessionId is not provided after service deploy
+                // `decryptKeyShare` owns the environmentId fallback so the original
+                // `password` (possibly undefined) propagates here.
                 const decryptedKeyShares = await this.recoverEncryptedBackupByWallet({
                     accountAddress,
-                    password: password != null ? password : this.environmentId,
+                    password,
                     walletOperation: walletOperation,
                     signedSessionId,
                     shareCount

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@dynamic-labs-wallet/browser",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "license": "Licensed under the Dynamic Labs, Inc. Terms Of Service (https://www.dynamic.xyz/terms-conditions)",
   "type": "module",
   "dependencies": {
-    "@dynamic-labs-wallet/core": "1.0.2",
+    "@dynamic-labs-wallet/core": "1.0.3",
     "@dynamic-labs-wallet/forward-mpc-client": "0.10.0",
-    "@dynamic-labs-wallet/primitives": "1.0.2",
+    "@dynamic-labs-wallet/primitives": "1.0.3",
     "@dynamic-labs/sdk-api-core": "^0.0.984",
     "argon2id": "1.0.1",
     "axios": "1.15.2",

package/src/backup/encryption/core.d.ts

@@ -4,6 +4,22 @@ export declare const INVALID_PASSWORD_ERROR = "Decryption failed: Invalid passwo
 export declare class InvalidPasswordError extends Error {
     constructor();
 }
+export declare const KEY_SHARE_DECRYPTION_ERROR = "Decryption failed.";
+/**
+ * Thrown when a key share cannot be decrypted but no user-supplied password was
+ * involved. Distinct from InvalidPasswordError, which is reserved for cases
+ * where a user-entered password fails to decrypt a password-encrypted wallet.
+ *
+ * Internal-only signal: the user-facing message is deliberately generic so it
+ * does not leak implementation detail (e.g. environmentId fallback,
+ * cross-environment cipher, KDF/version mismatch). The `name` and any attached
+ * `cause` carry the real diagnostic for logs / monitoring.
+ */
+export declare class KeyShareDecryptionError extends Error {
+    constructor(options?: {
+        cause?: unknown;
+    });
+}
 /**
  * Encrypts data using the specified encryption version.
  * Always uses the latest encryption configuration for new encryptions by default.

package/src/backup/encryption/core.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../../../src/backup/encryption/core.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAMpE,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAuB,MAAM,YAAY,CAAC;AAGrF,eAAO,MAAM,sBAAsB,mFAAmF,CAAC;AAEvH,qBAAa,oBAAqB,SAAQ,KAAK;;CAK9C;AAoBD;;;GAGG;AACH,eAAO,MAAM,WAAW,iCAIrB;IACD,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,KAAG,OAAO,CAAC,aAAa,CA2BxB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,WAAW,uBAA8B;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,KAAG,OAAO,CAAC,MAAM,CAyDhH,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,+BAA+B,YAAa,MAAM,KAAG,kBAmBjE,CAAC"}
+{"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../../../src/backup/encryption/core.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAMpE,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAuB,MAAM,YAAY,CAAC;AAGrF,eAAO,MAAM,sBAAsB,mFAAmF,CAAC;AAEvH,qBAAa,oBAAqB,SAAQ,KAAK;;CAK9C;AAED,eAAO,MAAM,0BAA0B,uBAAuB,CAAC;AAE/D;;;;;;;;;GASG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;gBACpC,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;CAO1C;AAoBD;;;GAGG;AACH,eAAO,MAAM,WAAW,iCAIrB;IACD,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,KAAG,OAAO,CAAC,aAAa,CA2BxB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,WAAW,uBAA8B;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,KAAG,OAAO,CAAC,MAAM,CAyDhH,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,+BAA+B,YAAa,MAAM,KAAG,kBAmBjE,CAAC"}

package/src/backup/password/errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/backup/password/errors.ts"],"names":[],"mappings":"AAQA;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,aAAa,GAAG,gBAAgB,GAAG,cAAc,CAAC;AAElF;;;;;;;GAOG;AACH,MAAM,MAAM,yBAAyB,GACjC,gBAAgB,GAChB,oBAAoB,GACpB,oBAAoB,GACpB,oBAAoB,GACpB,gBAAgB,GAChB,oBAAoB,GACpB,SAAS,GACT,SAAS,CAAC;AAEd;;;;;;;;;;GAUG;AACH,eAAO,MAAM,6CAA6C;;;;;;;;;CASK,CAAC;AAEhE,eAAO,MAAM,yCAAyC,WAAY,yBAAyB,KAAG,OACvC,CAAC;AAsFxD;;;;;;;;;GASG;AACH,eAAO,MAAM,2BAA2B,UAAW,OAAO,KAAG,yBAM5D,CAAC"}
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/backup/password/errors.ts"],"names":[],"mappings":"AASA;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,aAAa,GAAG,gBAAgB,GAAG,cAAc,CAAC;AAElF;;;;;;;GAOG;AACH,MAAM,MAAM,yBAAyB,GACjC,gBAAgB,GAChB,oBAAoB,GACpB,oBAAoB,GACpB,oBAAoB,GACpB,gBAAgB,GAChB,oBAAoB,GACpB,SAAS,GACT,SAAS,CAAC;AAEd;;;;;;;;;;GAUG;AACH,eAAO,MAAM,6CAA6C;;;;;;;;;CASK,CAAC;AAEhE,eAAO,MAAM,yCAAyC,WAAY,yBAAyB,KAAG,OACvC,CAAC;AAgGxD;;;;;;;;;GASG;AACH,eAAO,MAAM,2BAA2B,UAAW,OAAO,KAAG,yBAM5D,CAAC"}

package/src/client.d.ts

@@ -319,12 +319,13 @@ export declare class DynamicWalletClient {
      * }>} Object containing new and existing client keygen results, IDs and shares
      * @todo Support higher to lower reshare strategies
      */
-    reshareStrategy({ chainName, wallet, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, }: {
+    reshareStrategy({ chainName, wallet, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, delegateToProjectEnvironment, }: {
         chainName: string;
         wallet: WalletProperties;
         accountAddress: string;
         oldThresholdSignatureScheme: ThresholdSignatureScheme;
         newThresholdSignatureScheme: ThresholdSignatureScheme;
+        delegateToProjectEnvironment?: boolean;
     }): Promise<{
         newClientInitKeygenResults: ClientInitKeygenResult[];
         newClientKeygenIds: string[];
@@ -348,6 +349,7 @@ export declare class DynamicWalletClient {
     private logOnMalformedCeremonyPayload;
     private runBackupWithRotationRollback;
     private rotateRootUserShareSetIdIfChanged;
+    private recordDelegatedShareSet;
     private internalReshare;
     private performDelegationOperation;
     delegateKeyShares({ accountAddress, password, signedSessionId, mfaToken, }: {