@dynamic-labs-wallet/core 0.0.0-pr384.2 → 0.0.0-pr526.0

package/index.esm.js

@@ -1,9 +1,8 @@
 import { v4 } from 'uuid';
 import axios from 'axios';
+import { ForwardMPCClient } from '@dynamic-labs-wallet/forward-mpc-client';
+import createHttpError from 'http-errors';
 
-const DYNAMIC_AUTH_PROD_BASE_API_URL = 'https://app.dynamicauth.com';
-const DYNAMIC_AUTH_PREPROD_BASE_API_URL = 'https://app.dynamic-preprod.xyz';
-const DYNAMIC_AUTH_DEV_BASE_API_URL = 'http://localhost:4200';
 var ENVIRONMENT_ENUM = /*#__PURE__*/ function(ENVIRONMENT_ENUM) {
     ENVIRONMENT_ENUM["development"] = "development";
     ENVIRONMENT_ENUM["preprod"] = "preprod";
@@ -13,30 +12,40 @@ var ENVIRONMENT_ENUM = /*#__PURE__*/ function(ENVIRONMENT_ENUM) {
 const DynamicRequestIdHeader = 'x-dyn-request-id';
 const DynamicClientSessionSignature = 'x-dyn-client-session-signature';
 const DynamicMfaTokenHeader = 'x-mfa-auth-token';
-const DYNAMIC_CLIENT_RELAY_PROD_BASE_API_URL = 'https://waas-keyshares-relay.dynamicauth.com';
-const DYNAMIC_CLIENT_RELAY_PREPROD_BASE_API_URL = 'https://waas-keyshares-dynamic-preprod-xyz-app-32d15525a875.relay.evervault.app';
-const DYNAMIC_CLIENT_RELAY_DEV_BASE_API_URL = 'https://waas-keyshares-dynamic-preprod-xyz-app-32d15525a875.relay.evervault.app';
-const DYNAMIC_CLIENT_RELAY_PROD_REDCOAST_API_URL = 'https://app-dynamicauth-com-app-6e12fc400995.relay.evervault.app';
-const DYNAMIC_CLIENT_RELAY_PREPROD_REDCOAST_API_URL = 'https://app-dynamic-preprod-xyz-app-32d15525a875.relay.evervault.app';
-const DYNAMIC_CLIENT_RELAY_DEV_REDCOAST_API_URL = 'http://localhost:4200';
+const DynamicForwardMPCHeader = 'x-forward-mpc-client';
+const DynamicTraceIdHeader = 'x-dyn-trace-id';
+const DynamicTraceElapsedTimeHeader = 'x-dyn-trace-elapsed-time';
+/**
+ * Dynamic auth base API URL to redcoast API
+ * NOTE: For coookie auth, we should use the configured baseApiUrl
+ */ const DYNAMIC_AUTH_PROD_BASE_API_URL = 'https://app.dynamicauth.com';
+const DYNAMIC_AUTH_PREPROD_BASE_API_URL = 'https://app.dynamic-preprod.xyz';
+const DYNAMIC_AUTH_DEV_BASE_API_URL = 'http://localhost:4200';
 const DYNAMIC_AUTH_BASE_API_URL_MAP = {
     ["production"]: DYNAMIC_AUTH_PROD_BASE_API_URL,
     ["preprod"]: DYNAMIC_AUTH_PREPROD_BASE_API_URL,
     ["development"]: DYNAMIC_AUTH_DEV_BASE_API_URL
 };
-const DYNAMIC_CLIENT_USER_SHARE_RELAY_MAP = {
-    ["production"]: DYNAMIC_CLIENT_RELAY_PROD_BASE_API_URL,
-    ["preprod"]: DYNAMIC_CLIENT_RELAY_PREPROD_BASE_API_URL,
-    ["development"]: DYNAMIC_CLIENT_RELAY_PREPROD_BASE_API_URL
-};
-const DYNAMIC_CLIENT_RELAY_REDCOAST_MAP = {
-    ["production"]: DYNAMIC_CLIENT_RELAY_PROD_REDCOAST_API_URL,
-    ["preprod"]: DYNAMIC_CLIENT_RELAY_PREPROD_REDCOAST_API_URL,
-    ["development"]: DYNAMIC_CLIENT_RELAY_DEV_REDCOAST_API_URL
+/**
+ * Evervault keyshare encryption relay
+ * Note: Not used for cookie auth, we use the configured baseKeyshareRelayApiUrl
+ */ const DYNAMIC_KEYSHARES_RELAY_PROD_BASE_API_URL = 'https://waas-keyshares-relay.dynamicauth.com';
+const DYNAMIC_KEYSHARES_RELAY_PREPROD_BASE_API_URL = 'https://waas-keyshares-relay.dynamic-preprod.xyz';
+const DYNAMIC_KEYSHARES_RELAY_MAP = {
+    ["production"]: DYNAMIC_KEYSHARES_RELAY_PROD_BASE_API_URL,
+    ["preprod"]: DYNAMIC_KEYSHARES_RELAY_PREPROD_BASE_API_URL,
+    ["development"]: DYNAMIC_KEYSHARES_RELAY_PREPROD_BASE_API_URL
 };
-const MPC_RELAY_PROD_API_URL = 'relay.dynamicauth.com';
+/**
+ * Dymamic MPC relay where the MPC operations are performed (NOT keyshare relay in Evervault)
+ */ const MPC_RELAY_PROD_API_URL = 'relay.dynamicauth.com';
 const MPC_RELAY_PREPROD_API_URL = 'relay.dynamic-preprod.xyz';
 const MPC_RELAY_DEV_API_URL = 'http://localhost:4200';
+const MPC_RELAY_URL_MAP = {
+    ["production"]: MPC_RELAY_PROD_API_URL,
+    ["preprod"]: MPC_RELAY_PREPROD_API_URL,
+    ["development"]: MPC_RELAY_DEV_API_URL
+};
 const RELAY_APP_ID_HEADER = 'X-Evervault-App-Id';
 const PROD_RELAY_APP_ID = 'app_6e12fc400995';
 const PREPROD_RELAY_APP_ID = 'app_32d15525a875';
@@ -80,6 +89,7 @@ var BackupLocation = /*#__PURE__*/ function(BackupLocation) {
     BackupLocation["ICLOUD"] = "iCloud";
     BackupLocation["USER"] = "user";
     BackupLocation["EXTERNAL"] = "external";
+    BackupLocation["DELEGATED"] = "delegated";
     return BackupLocation;
 }({});
 const IFRAME_DOMAIN_MAP = {
@@ -101,7 +111,27 @@ const verifiedCredentialNameToChainEnum = {
 };
 const DELEGATED_SHARE_COUNT = 1;
 const FEATURE_FLAGS = {
-    ENABLE_DELEGATED_KEY_SHARES_FLAG: 'enable-delegated-key-shares'
+    ENABLE_DELEGATED_KEY_SHARES_FLAG: 'enable-delegated-key-shares',
+    ENABLE_FORWARD_MPC_CLIENT_FLAG: 'enable-forward-mpc-client'
+};
+const DYNAMIC_FORWARD_MPC_PROD_ENCLAVE_URL = 'wss://forward-mpc-client-prod.app-bf095f298b04.enclave.evervault.com/ws';
+const DYNAMIC_FORWARD_MPC_PREPROD_ENCLAVE_URL = 'wss://forward-mpc-client-preprod.app-560a39ebfe3b.enclave.evervault.com/ws';
+const DYNAMIC_FORWARD_MPC_DEV_ENCLAVE_URL = 'ws://localhost:8008/ws';
+const DYNAMIC_FORWARD_MPC_ENCLAVE_URL_MAP = {
+    ["production"]: DYNAMIC_FORWARD_MPC_PROD_ENCLAVE_URL,
+    ["preprod"]: DYNAMIC_FORWARD_MPC_PREPROD_ENCLAVE_URL,
+    ["development"]: DYNAMIC_FORWARD_MPC_DEV_ENCLAVE_URL
+};
+const DYNAMIC_FORWARD_MPC_ENCLAVE_ATTESTATION_CONFIG_MAP = {
+    ["production"]: {
+        expectedPcr8: '484fd412249304fe7659b2a9a4869504f0e4502d8abb4f88183e65416b4f62354e4eda60e80a5b2e9d730ab0d804f83e',
+        strictCertValidation: true
+    },
+    ["preprod"]: {
+        expectedPcr8: 'acc59ec98dbf7ecb43f9a6b9890866141868c079aa879e05e3675e1a10e187259a64951e72cc531541b02dbdcd780770',
+        strictCertValidation: true
+    },
+    ["development"]: undefined
 };
 
 var SigningAlgorithm = /*#__PURE__*/ function(SigningAlgorithm) {
@@ -443,7 +473,7 @@ const getDynamicServerThreshold = (thresholdSignatureScheme)=>{
 };
 const URL_PATTERNS = {
     [ENVIRONMENT_ENUM.development]: /^http:\/\/localhost:\d+$/,
-    [ENVIRONMENT_ENUM.preprod]: /dynamic-preprod/,
+    [ENVIRONMENT_ENUM.preprod]: /-preprod/,
     [ENVIRONMENT_ENUM.production]: /^(?!.*dynamic-preprod)(?!http:\/\/localhost:\d+).*/
 };
 function getEnvironmentFromUrl(url) {
@@ -482,6 +512,9 @@ var SuccessEventType = /*#__PURE__*/ function(SuccessEventType) {
     return SuccessEventType;
 }({});
 
+const getElapsedTime = (startTime)=>{
+    return startTime ? (Date.now() - startTime).toString() : undefined;
+};
 /**
  * Creates a promise that resolves when a specific event is received from an event stream.
  * Adds a timeout to prevent hanging and races the two promises.
@@ -490,13 +523,16 @@ var SuccessEventType = /*#__PURE__*/ function(SuccessEventType) {
  * @param apiClient The axios instance to use for API calls
  * @param options The configuration options
  * @returns A promise that resolves with the event data or rejects on timeout
- */ const createEventStreamPromise = ({ apiClient, dynamicRequestId, endpoint, body, successEventType, timeoutMs = 30000, timeoutMessage, onError, onCeremonyComplete, mfaToken })=>{
+ */ const createEventStreamPromise = ({ apiClient, dynamicRequestId, endpoint, body, successEventType, timeoutMs = 30000, timeoutMessage, onError, onCeremonyComplete, mfaToken, forwardMPCClientEnabled, traceContext })=>{
     const headers = {
         Accept: 'text/event-stream',
         'Cache-Control': 'no-cache',
         Connection: 'keep-alive',
         [DynamicRequestIdHeader]: dynamicRequestId,
-        [DynamicMfaTokenHeader]: mfaToken
+        [DynamicMfaTokenHeader]: mfaToken,
+        [DynamicForwardMPCHeader]: forwardMPCClientEnabled,
+        [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+        [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
     };
     // Create a promise that will resolve when the success event is received
     const eventPromise = new Promise((resolve, reject)=>{
@@ -636,8 +672,8 @@ class BaseClient {
             throw new Error('Failed to sync auth token, auth header is not set to the expected auth token after sync, there is likely a race condition, contact Dynamic devs to investigate');
         }
     }
-    constructor({ environmentId, baseApiUrl, authToken, baseClientRelayApiUrl, authMode = AuthMode.HEADER, // Represents the version of the client SDK used by developer
-    sdkVersion }){
+    constructor({ environmentId, baseApiUrl, authToken, baseClientKeysharesRelayApiUrl, authMode = AuthMode.HEADER, // Represents the version of the client SDK used by developer
+    sdkVersion, forwardMPCClient }){
         const headers = {};
         // Only set Authorization header if using header auth mode and token is provided
         if (authMode === AuthMode.HEADER && authToken) {
@@ -657,14 +693,28 @@ class BaseClient {
             withCredentials: true
         } : {});
         this.apiClient = axios.create(axiosConfig);
-        this.clientRelayBaseApiUrl = baseClientRelayApiUrl != null ? baseClientRelayApiUrl : DYNAMIC_CLIENT_USER_SHARE_RELAY_MAP[environment];
+        this.clientKeysharesRelayBaseApiUrl = baseClientKeysharesRelayApiUrl != null ? baseClientKeysharesRelayApiUrl : DYNAMIC_KEYSHARES_RELAY_MAP[environment];
         this.clientRelayApiClient = axios.create({
-            baseURL: this.clientRelayBaseApiUrl,
+            baseURL: this.clientKeysharesRelayBaseApiUrl,
             headers: _extends({}, headers, {
                 [RELAY_API_KEY_HEADER]: DYNAMIC_CLIENT_RELAY_REDCOAST_API_KEY_MAP[environment],
                 [RELAY_APP_ID_HEADER]: DYNAMIC_CLIENT_RELAY_REDCOAST_APP_ID_MAP[environment]
             })
         });
+        // Use provided ForwardMPCClient or create a new one
+        if (forwardMPCClient) {
+            this.forwardMPCClient = forwardMPCClient;
+        } else {
+            const forwardMPCEnclaveUrl = DYNAMIC_FORWARD_MPC_ENCLAVE_URL_MAP[environment];
+            const attestationConfig = DYNAMIC_FORWARD_MPC_ENCLAVE_ATTESTATION_CONFIG_MAP[environment];
+            this.forwardMPCClient = new ForwardMPCClient(forwardMPCEnclaveUrl != null ? forwardMPCEnclaveUrl : '', {
+                reconnectInterval: 5000,
+                reconnectAttempts: 5,
+                connectionTimeout: 10000,
+                heartbeatInterval: 30000,
+                attestationConfig
+            });
+        }
     }
 }
 
@@ -676,23 +726,26 @@ class DynamicApiClient extends BaseClient {
             }
         });
     }
-    async createWalletAccount({ chainName, clientKeygenIds, dynamicRequestId, thresholdSignatureScheme, onError, onCeremonyComplete }) {
+    async createWalletAccount({ chainName, clientKeygenIds, dynamicRequestId, thresholdSignatureScheme, skipLock, onError, onCeremonyComplete, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
             dynamicRequestId,
             endpoint: `/api/v0/sdk/${this.environmentId}/waas/create`,
-            body: {
+            body: _extends({
                 chain: chainName,
                 clientKeygenIds,
                 thresholdSignatureScheme
-            },
+            }, skipLock ? {
+                skipLock
+            } : {}),
             successEventType: SuccessEventType.KeygenComplete,
             timeoutMessage: 'Wallet creation timed out',
             onError,
-            onCeremonyComplete
+            onCeremonyComplete,
+            traceContext
         });
     }
-    async signMessage({ dynamicRequestId, walletId, message, onError, isFormatted, mfaToken, context }) {
+    async signMessage({ dynamicRequestId, walletId, message, onError, isFormatted, mfaToken, roomId, context, forwardMPCClientEnabled, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
             dynamicRequestId,
@@ -700,15 +753,18 @@ class DynamicApiClient extends BaseClient {
             body: {
                 message,
                 isFormatted,
-                context
+                context,
+                roomId
             },
             successEventType: SuccessEventType.RoomCreated,
             timeoutMessage: 'Message signing timed out',
             onError,
-            mfaToken
+            mfaToken,
+            forwardMPCClientEnabled,
+            traceContext
         });
     }
-    async refreshWalletAccountShares({ dynamicRequestId, walletId, onError, mfaToken }) {
+    async refreshWalletAccountShares({ dynamicRequestId, walletId, onError, mfaToken, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
             dynamicRequestId,
@@ -717,27 +773,30 @@ class DynamicApiClient extends BaseClient {
             successEventType: SuccessEventType.RoomCreated,
             timeoutMessage: 'Refresh timed out',
             onError,
-            mfaToken
+            mfaToken,
+            traceContext
         });
     }
-    async reshare({ walletId, dynamicRequestId, clientKeygenIds, oldThresholdSignatureScheme, newThresholdSignatureScheme, delegateToProjectEnvironment, mfaToken, onError }) {
+    async reshare({ walletId, dynamicRequestId, clientKeygenIds, oldThresholdSignatureScheme, newThresholdSignatureScheme, delegateToProjectEnvironment, revokeDelegation, mfaToken, onError, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
             dynamicRequestId,
             endpoint: `/api/v0/sdk/${this.environmentId}/waas/${walletId}/reshare`,
             body: {
                 clientKeygenIds,
-                oldThresholdSignatureScheme,
+                delegateToProjectEnvironment,
                 newThresholdSignatureScheme,
-                delegateToProjectEnvironment
+                oldThresholdSignatureScheme,
+                revokeDelegation
             },
             successEventType: SuccessEventType.RoomCreated,
             timeoutMessage: 'Reshare timed out',
             onError,
-            mfaToken
+            mfaToken,
+            traceContext
         });
     }
-    async exportKey({ mfaToken, dynamicRequestId, walletId, exportId, onError }) {
+    async exportKey({ mfaToken, dynamicRequestId, walletId, exportId, onError, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
             dynamicRequestId,
@@ -748,18 +807,45 @@ class DynamicApiClient extends BaseClient {
             successEventType: SuccessEventType.RoomCreated,
             timeoutMessage: 'Key export timed out',
             onError,
-            mfaToken
+            mfaToken,
+            traceContext
         });
     }
-    async storeEncryptedBackupByWallet({ walletId, encryptedKeyShares, passwordEncrypted, signedSessionId, encryptionVersion, requiresSignedSessionId = false, authMode = AuthMode.HEADER, dynamicRequestId }) {
+    async getDelegatedEncryptionKey({ environmentId, traceContext }) {
+        const { data } = await this.apiClient.get(`/api/v0/sdk/${environmentId}/waas/delegatedAccess/encryptionPublicKey`, {
+            headers: {
+                [DynamicRequestIdHeader]: v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
+        return data;
+    }
+    async publishDelegatedKeyShare({ walletId, encryptedKeyShare, signedSessionId, requiresSignedSessionId = false, dynamicRequestId, traceContext }) {
+        if (requiresSignedSessionId && !signedSessionId) {
+            throw new Error('Signed session ID is required');
+        }
+        const apiClient = this.apiClient;
+        const { data, status } = await apiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/delegatedAccess/delivery`, {
+            encryptedDelegatedShare: encryptedKeyShare
+        }, {
+            headers: {
+                [DynamicRequestIdHeader]: dynamicRequestId,
+                [DynamicClientSessionSignature]: signedSessionId,
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
+        return {
+            data,
+            status
+        };
+    }
+    async storeEncryptedBackupByWallet({ walletId, encryptedKeyShares, passwordEncrypted, signedSessionId, encryptionVersion, requiresSignedSessionId = false, authMode = AuthMode.HEADER, dynamicRequestId, traceContext }) {
         if (requiresSignedSessionId && !signedSessionId) {
             throw new Error('Signed session ID is required');
         }
-        // When using cookie-based authentication, use the main apiClient instead of clientRelayApiClient.
-        // This ensures requests are sent to the same domain, allowing cookies to be included and maintaining session continuity.
-        // For header-based auth, clientRelayApiClient is used as usual.
-        const apiClient = authMode === AuthMode.COOKIE ? this.apiClient : this.clientRelayApiClient;
-        const { data } = await apiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/keyShares/backup`, {
+        const { data } = await this.clientRelayApiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/keyShares/backup`, {
             // TODO: decide on whether to store encryptedAccountCredentials or encryptedKeyShares as backup
             encryptedAccountCredentials: encryptedKeyShares,
             passwordEncrypted,
@@ -767,11 +853,15 @@ class DynamicApiClient extends BaseClient {
         }, {
             headers: {
                 [DynamicRequestIdHeader]: dynamicRequestId,
-                [DynamicClientSessionSignature]: signedSessionId
-            }
+                [DynamicClientSessionSignature]: signedSessionId,
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            },
+            withCredentials: authMode === AuthMode.COOKIE ? true : undefined
         });
         return data;
     }
+    // TODO: is this still used? if not, remove it
     async markKeySharesAsBackedUpGoogleDrive({ walletId }) {
         const { data } = await this.clientRelayApiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/keyShares/backup/googleDrive`, {}, {
             headers: {
@@ -780,46 +870,49 @@ class DynamicApiClient extends BaseClient {
         });
         return data;
     }
-    async markKeySharesAsBackedUp({ walletId, locations, dynamicRequestId }) {
+    async markKeySharesAsBackedUp({ walletId, locations, dynamicRequestId, traceContext }) {
         const { data } = await this.apiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/keyShares/backup/locations`, {
             locations
         }, {
             headers: {
-                [DynamicRequestIdHeader]: dynamicRequestId
+                [DynamicRequestIdHeader]: dynamicRequestId,
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
             }
         });
         return data;
     }
-    async recoverEncryptedBackupByWallet({ walletId, keyShareIds, signedSessionId, mfaToken, requiresSignedSessionId = false, authMode = AuthMode.HEADER }) {
+    async recoverEncryptedBackupByWallet({ walletId, keyShareIds, signedSessionId, mfaToken, requiresSignedSessionId = false, authMode = AuthMode.HEADER, traceContext }) {
         if (requiresSignedSessionId && !signedSessionId) {
             throw new Error('Signed session ID is required');
         }
-        // When using cookie-based authentication, use the main apiClient instead of clientRelayApiClient.
-        // This ensures requests are sent to the same domain, allowing cookies to be included and maintaining session continuity.
-        // For header-based auth, clientRelayApiClient is used as usual.
-        const apiClient = authMode === AuthMode.COOKIE ? this.apiClient : this.clientRelayApiClient;
         // TODO: add signed messsage to body?
-        const { data } = await apiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/keyShares/recover`, keyShareIds ? {
+        const { data } = await this.clientRelayApiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/keyShares/recover`, keyShareIds ? {
             keyShareIds
         } : undefined, {
             headers: {
                 [DynamicRequestIdHeader]: v4().replace('-', ''),
                 [DynamicClientSessionSignature]: signedSessionId,
-                [DynamicMfaTokenHeader]: mfaToken
-            }
+                [DynamicMfaTokenHeader]: mfaToken,
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            },
+            withCredentials: authMode === AuthMode.COOKIE ? true : undefined
         });
         return data;
     }
-    async getAccessToken({ oauthAccountId }) {
+    async getAccessToken({ oauthAccountId, traceContext }) {
         const { data } = await this.apiClient.get(`/api/v0/sdk/${this.environmentId}/oauthAccounts/${oauthAccountId}/accessToken`, {
             headers: {
-                [DynamicRequestIdHeader]: v4().replace('-', '')
+                [DynamicRequestIdHeader]: v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
             }
         });
         return data.accessToken;
     }
     // TODO: return array instead considering cases where server has multiple parties
-    async importPrivateKey({ chainName, dynamicRequestId, clientKeygenIds, thresholdSignatureScheme, onError, onCeremonyComplete }) {
+    async importPrivateKey({ chainName, dynamicRequestId, clientKeygenIds, thresholdSignatureScheme, onError, onCeremonyComplete, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
             dynamicRequestId,
@@ -832,11 +925,12 @@ class DynamicApiClient extends BaseClient {
             successEventType: SuccessEventType.KeygenComplete,
             timeoutMessage: 'Key import timed out',
             onError,
-            onCeremonyComplete
+            onCeremonyComplete,
+            traceContext
         });
     }
     // TODO: consider removing the retry logics if we switch to server-sent events
-    async getUser(dynamicRequestId) {
+    async getUser(dynamicRequestId, traceContext) {
         let attempts = 0;
         const maxAttempts = 5;
         const retryInterval = 1000; // 1 second interval for each retry
@@ -844,7 +938,9 @@ class DynamicApiClient extends BaseClient {
             try {
                 const { data } = await this.apiClient.get(`/api/v0/sdk/${this.environmentId}/users`, {
                     headers: {
-                        [DynamicRequestIdHeader]: dynamicRequestId
+                        [DynamicRequestIdHeader]: dynamicRequestId,
+                        [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                        [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
                     }
                 });
                 return data;
@@ -858,7 +954,7 @@ class DynamicApiClient extends BaseClient {
         }
     }
     // TODO: consider removing the retry logics if we switch to server-sent events
-    async refreshUser() {
+    async refreshUser(traceContext) {
         let attempts = 0;
         const maxAttempts = 5;
         const retryInterval = 1000; // 1 second interval for each retry
@@ -866,7 +962,9 @@ class DynamicApiClient extends BaseClient {
             try {
                 const { data } = await this.apiClient.post(`/api/v0/sdk/${this.environmentId}/refresh`, undefined, {
                     headers: {
-                        [DynamicRequestIdHeader]: v4().replace('-', '')
+                        [DynamicRequestIdHeader]: v4().replace('-', ''),
+                        [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                        [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
                     }
                 });
                 return data;
@@ -879,22 +977,92 @@ class DynamicApiClient extends BaseClient {
             }
         }
     }
-    async getEnvironmentSettings() {
+    async getEnvironmentSettings(traceContext) {
         const { data } = await this.apiClient.get(`/api/v0/sdk/${this.environmentId}/settings`, {
             headers: {
-                [DynamicRequestIdHeader]: v4().replace('-', '')
+                [DynamicRequestIdHeader]: v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
+        return data;
+    }
+    async getWaasWalletById({ walletId, traceContext }) {
+        const { data } = await this.apiClient.get(`/api/v0/environments/${this.environmentId}/waas/${walletId}`, {
+            headers: {
+                [DynamicRequestIdHeader]: v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
+        return data;
+    }
+    /**
+   * Fetch a single WaaS wallet by ID using the /sdk/{environmentId}/waas/{walletId} endpoint.
+   * This endpoint returns user information with verified credentials filtered to only include the specified WaaS wallet.
+   */ async getWaasWalletByAddress({ walletAddress, traceContext }) {
+        const { data } = await this.apiClient.get(`/api/v0/sdk/${this.environmentId}/waas/byWalletAddress/${walletAddress}`, {
+            headers: {
+                [DynamicRequestIdHeader]: v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
+        return data;
+    }
+    async delegatedSignMessage({ walletId, message, isFormatted, dynamicRequestId, onError, context, traceContext }) {
+        return createEventStreamPromise({
+            apiClient: this.apiClient,
+            dynamicRequestId,
+            endpoint: `/api/v0/environments/${this.environmentId}/waas/${walletId}/delegatedAccess/signMessage`,
+            body: {
+                message,
+                isFormatted,
+                context
+            },
+            successEventType: SuccessEventType.RoomCreated,
+            timeoutMessage: 'Delegated sign message timed out',
+            onError,
+            traceContext
+        });
+    }
+    async createRooms({ walletId, roomType, roomCount = 5, traceContext }) {
+        const { data } = await this.apiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/createRooms`, {
+            roomCount,
+            roomType
+        }, {
+            headers: {
+                [DynamicRequestIdHeader]: v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
+        return data;
+    }
+    async createRoomsWithoutWalletId({ roomType, thresholdSignatureScheme, roomCount = 5, traceContext }) {
+        const { data } = await this.apiClient.post(`/api/v0/sdk/${this.environmentId}/waas/createRooms`, {
+            roomCount,
+            roomType,
+            thresholdSignatureScheme
+        }, {
+            headers: {
+                [DynamicRequestIdHeader]: v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
             }
         });
         return data;
     }
     constructor({ environmentId, authToken, baseApiUrl, authMode = AuthMode.HEADER, // Represents the version of the client SDK used by developer
-    sdkVersion }){
+    sdkVersion, forwardMPCClient, baseClientKeysharesRelayApiUrl }){
         super({
             environmentId,
             authToken: authToken || '',
             baseApiUrl,
             authMode,
-            sdkVersion
+            sdkVersion,
+            forwardMPCClient,
+            baseClientKeysharesRelayApiUrl
         });
     }
 }
@@ -964,4 +1132,46 @@ const SDK_NAMESPACE = {
     return parsed ? parsed.namespace : null;
 }
 
-export { AuthMode, BITCOIN_DERIVATION_PATHS, BackupLocation, CreateRoomPartiesOptions, DELEGATED_SHARE_COUNT, DYNAMIC_AUTH_BASE_API_URL_MAP, DYNAMIC_AUTH_DEV_BASE_API_URL, DYNAMIC_AUTH_PREPROD_BASE_API_URL, DYNAMIC_AUTH_PROD_BASE_API_URL, DYNAMIC_CLIENT_RELAY_DEV_BASE_API_URL, DYNAMIC_CLIENT_RELAY_DEV_REDCOAST_API_URL, DYNAMIC_CLIENT_RELAY_PREPROD_BASE_API_URL, DYNAMIC_CLIENT_RELAY_PREPROD_REDCOAST_API_URL, DYNAMIC_CLIENT_RELAY_PROD_BASE_API_URL, DYNAMIC_CLIENT_RELAY_PROD_REDCOAST_API_URL, DYNAMIC_CLIENT_RELAY_REDCOAST_API_KEY_MAP, DYNAMIC_CLIENT_RELAY_REDCOAST_APP_ID_MAP, DYNAMIC_CLIENT_RELAY_REDCOAST_MAP, DYNAMIC_CLIENT_USER_SHARE_RELAY_MAP, DynamicApiClient, DynamicClientSessionSignature, DynamicMfaTokenHeader, DynamicRequestIdHeader, ENVIRONMENT_ENUM, FEATURE_FLAGS, IFRAME_DOMAIN_MAP, MPC_CHAIN_CONFIG, MPC_CONFIG, MPC_RELAY_DEV_API_URL, MPC_RELAY_PREPROD_API_URL, MPC_RELAY_PROD_API_URL, PREPROD_RELAY_API_KEY, PREPROD_RELAY_APP_ID, PROD_RELAY_API_KEY, PROD_RELAY_APP_ID, RELAY_API_KEY_HEADER, RELAY_APP_ID_HEADER, SDK_NAMESPACE, SOLANA_RPC_URL, SigningAlgorithm, SuccessEventType, ThresholdSignatureScheme, URL_PATTERNS, WalletOperation, chain, chainEnumToVerifiedCredentialName, formatNamespacedVersion, getClientThreshold, getDynamicServerThreshold, getEnvironmentFromUrl, getMPCChainConfig, getReshareConfig, getServerWalletReshareConfig, getTSSConfig, getVersionNamespace, getVersionWithoutNamespace, parseNamespacedVersion, verifiedCredentialNameToChainEnum };
+const serializeMessageForForwardMPC = ({ message, isFormatted = false, chainName })=>{
+    let serializedMessage = message;
+    if (isFormatted && chainName === 'EVM') {
+        if (typeof message === 'string') {
+            // Handle hex string (with or without 0x prefix)
+            const cleanHex = message.startsWith('0x') ? message.slice(2) : message;
+            serializedMessage = cleanHex;
+        } else if (message instanceof Uint8Array) {
+            serializedMessage = Buffer.from(message).toString('hex');
+        } else if (message instanceof MessageHash) {
+            serializedMessage = message.toHex();
+        } else {
+            throw new Error('Unsupported formatted message format');
+        }
+    }
+    return serializedMessage;
+};
+
+const handleAxiosError = (error, message, context, logger)=>{
+    var _error_response, _error_response1, _error_response2;
+    logger.error('[DynamicWaasWalletClient] Axios error: ', {
+        message,
+        error: (_error_response = error.response) == null ? void 0 : _error_response.data,
+        status: (_error_response1 = error.response) == null ? void 0 : _error_response1.status,
+        context
+    });
+    switch((_error_response2 = error.response) == null ? void 0 : _error_response2.status){
+        case 400:
+            throw createHttpError(400, 'Invalid request');
+        case 401:
+            throw createHttpError(401, 'Authorization header or cookie is required');
+        case 403:
+            throw createHttpError(403, 'Forbidden');
+        case 422:
+            throw createHttpError(422, 'Unprocessable content');
+        case 500:
+            throw createHttpError(500, 'Internal server error');
+        default:
+            throw createHttpError(500, 'Internal server error');
+    }
+};
+
+export { AuthMode, BITCOIN_DERIVATION_PATHS, BackupLocation, CreateRoomPartiesOptions, DELEGATED_SHARE_COUNT, DYNAMIC_AUTH_BASE_API_URL_MAP, DYNAMIC_AUTH_DEV_BASE_API_URL, DYNAMIC_AUTH_PREPROD_BASE_API_URL, DYNAMIC_AUTH_PROD_BASE_API_URL, DYNAMIC_CLIENT_RELAY_REDCOAST_API_KEY_MAP, DYNAMIC_CLIENT_RELAY_REDCOAST_APP_ID_MAP, DYNAMIC_FORWARD_MPC_DEV_ENCLAVE_URL, DYNAMIC_FORWARD_MPC_ENCLAVE_ATTESTATION_CONFIG_MAP, DYNAMIC_FORWARD_MPC_ENCLAVE_URL_MAP, DYNAMIC_FORWARD_MPC_PREPROD_ENCLAVE_URL, DYNAMIC_FORWARD_MPC_PROD_ENCLAVE_URL, DYNAMIC_KEYSHARES_RELAY_MAP, DYNAMIC_KEYSHARES_RELAY_PREPROD_BASE_API_URL, DYNAMIC_KEYSHARES_RELAY_PROD_BASE_API_URL, DynamicApiClient, DynamicClientSessionSignature, DynamicForwardMPCHeader, DynamicMfaTokenHeader, DynamicRequestIdHeader, DynamicTraceElapsedTimeHeader, DynamicTraceIdHeader, ENVIRONMENT_ENUM, FEATURE_FLAGS, IFRAME_DOMAIN_MAP, MPC_CHAIN_CONFIG, MPC_CONFIG, MPC_RELAY_DEV_API_URL, MPC_RELAY_PREPROD_API_URL, MPC_RELAY_PROD_API_URL, MPC_RELAY_URL_MAP, PREPROD_RELAY_API_KEY, PREPROD_RELAY_APP_ID, PROD_RELAY_API_KEY, PROD_RELAY_APP_ID, RELAY_API_KEY_HEADER, RELAY_APP_ID_HEADER, SDK_NAMESPACE, SOLANA_RPC_URL, SigningAlgorithm, SuccessEventType, ThresholdSignatureScheme, URL_PATTERNS, WalletOperation, chain, chainEnumToVerifiedCredentialName, formatNamespacedVersion, getClientThreshold, getDynamicServerThreshold, getEnvironmentFromUrl, getMPCChainConfig, getReshareConfig, getServerWalletReshareConfig, getTSSConfig, getVersionNamespace, getVersionWithoutNamespace, handleAxiosError, parseNamespacedVersion, serializeMessageForForwardMPC, verifiedCredentialNameToChainEnum };

package/package.json

@@ -1,12 +1,15 @@
 {
   "name": "@dynamic-labs-wallet/core",
-  "version": "0.0.0-pr384.2",
+  "version": "0.0.0-pr526.0",
   "license": "MIT",
   "type": "module",
   "dependencies": {
-    "axios": "1.9.0",
-    "uuid": "11.1.0",
-    "@dynamic-labs/sdk-api-core": "^0.0.764"
+    "@dynamic-labs-wallet/forward-mpc-client": "0.1.3",
+    "@dynamic-labs/logger": "^4.25.3",
+    "@dynamic-labs/sdk-api-core": "^0.0.828",
+    "axios": "1.13.2",
+    "http-errors": "2.0.0",
+    "uuid": "11.1.0"
   },
   "files": [
     "*",
@@ -31,5 +34,8 @@
       "require": "./index.cjs.js",
       "default": "./index.esm.js"
     }
+  },
+  "devDependencies": {
+    "@types/http-errors": "^2.0.0"
   }
 }