@dynamic-labs-wallet/core 0.0.0-preview.57 → 0.0.1-paolo-1

package/index.cjs.js

@@ -1,17 +1,74 @@
 'use strict';
 
+var uuid = require('uuid');
 var axios = require('axios');
+var forwardMpcClient = require('@dynamic-labs-wallet/forward-mpc-client');
+var createHttpError = require('http-errors');
 
-const DYNAMIC_AUTH_PROD_BASE_API_URL = 'https://app.dynamicauth.com';
+var ENVIRONMENT_ENUM = /*#__PURE__*/ function(ENVIRONMENT_ENUM) {
+    ENVIRONMENT_ENUM["development"] = "development";
+    ENVIRONMENT_ENUM["preprod"] = "preprod";
+    ENVIRONMENT_ENUM["production"] = "production";
+    return ENVIRONMENT_ENUM;
+}({});
+const DynamicRequestIdHeader = 'x-dyn-request-id';
+const DynamicClientSessionSignature = 'x-dyn-client-session-signature';
+const DynamicMfaTokenHeader = 'x-mfa-auth-token';
+const DynamicForwardMPCHeader = 'x-forward-mpc-client';
+const DynamicTraceIdHeader = 'x-dyn-trace-id';
+const DynamicTraceElapsedTimeHeader = 'x-dyn-trace-elapsed-time';
+/**
+ * Dynamic auth base API URL to redcoast API
+ * NOTE: For coookie auth, we should use the configured baseApiUrl
+ */ const DYNAMIC_AUTH_PROD_BASE_API_URL = 'https://app.dynamicauth.com';
 const DYNAMIC_AUTH_PREPROD_BASE_API_URL = 'https://app.dynamic-preprod.xyz';
-const DYNAMIC_CLIENT_RELAY_PROD_BASE_API_URL = 'https://app-dynamicauth-com-app-6e12fc400995.relay.evervault.app';
-const DYNAMIC_CLIENT_RELAY_PREPROD_BASE_API_URL = 'https://app-dynamic-preprod-xyz-app-32d15525a875.relay.evervault.app';
-const MPC_RELAY_PROD_API_URL = 'relay.dynamicauth.com';
+const DYNAMIC_AUTH_DEV_BASE_API_URL = 'http://localhost:4200';
+const DYNAMIC_AUTH_BASE_API_URL_MAP = {
+    ["production"]: DYNAMIC_AUTH_PROD_BASE_API_URL,
+    ["preprod"]: DYNAMIC_AUTH_PREPROD_BASE_API_URL,
+    ["development"]: DYNAMIC_AUTH_DEV_BASE_API_URL
+};
+/**
+ * Evervault keyshare encryption relay
+ * Note: Not used for cookie auth, we use the configured baseKeyshareRelayApiUrl
+ */ const DYNAMIC_KEYSHARES_RELAY_PROD_BASE_API_URL = 'https://waas-keyshares-relay.dynamicauth.com';
+const DYNAMIC_KEYSHARES_RELAY_PREPROD_BASE_API_URL = 'https://waas-keyshares-relay.dynamic-preprod.xyz';
+const DYNAMIC_KEYSHARES_RELAY_MAP = {
+    ["production"]: DYNAMIC_KEYSHARES_RELAY_PROD_BASE_API_URL,
+    ["preprod"]: DYNAMIC_KEYSHARES_RELAY_PREPROD_BASE_API_URL,
+    ["development"]: DYNAMIC_KEYSHARES_RELAY_PREPROD_BASE_API_URL
+};
+/**
+ * Dymamic MPC relay where the MPC operations are performed (NOT keyshare relay in Evervault)
+ */ const MPC_RELAY_PROD_API_URL = 'relay.dynamicauth.com';
 const MPC_RELAY_PREPROD_API_URL = 'relay.dynamic-preprod.xyz';
+const MPC_RELAY_DEV_API_URL = 'http://localhost:4200';
+const MPC_RELAY_URL_MAP = {
+    ["production"]: MPC_RELAY_PROD_API_URL,
+    ["preprod"]: MPC_RELAY_PREPROD_API_URL,
+    ["development"]: MPC_RELAY_DEV_API_URL
+};
+const RELAY_APP_ID_HEADER = 'X-Evervault-App-Id';
+const PROD_RELAY_APP_ID = 'app_6e12fc400995';
+const PREPROD_RELAY_APP_ID = 'app_32d15525a875';
+const DYNAMIC_CLIENT_RELAY_REDCOAST_APP_ID_MAP = {
+    ["production"]: PROD_RELAY_APP_ID,
+    ["preprod"]: PREPROD_RELAY_APP_ID,
+    ["development"]: undefined
+};
+const RELAY_API_KEY_HEADER = 'X-Evervault-Api-Key';
+// This is the API key for the relay API. Its must be public to use MTLs
+const PROD_RELAY_API_KEY = 'ev:key:1:7kRuVm1sE1J5FjGz2ijufy0IkATzrBKEvde0IMLW1dt3xbFcdTdOKHO0vNnJeAjAD:YmAPOP:Jh7DdD';
+const PREPROD_RELAY_API_KEY = 'ev:key:1:7j2jIPMzlcKlpDz1RTV6Vadsm8sgmj1VHZzJXqW9ie1dgmyzKmccEGI8BBWU0PaXv:XfF7Ri:ivvRp1';
+const DYNAMIC_CLIENT_RELAY_REDCOAST_API_KEY_MAP = {
+    ["production"]: PROD_RELAY_API_KEY,
+    ["preprod"]: PREPROD_RELAY_API_KEY,
+    ["development"]: undefined
+};
 const SOLANA_RPC_URL = 'https://api.devnet.solana.com';
 const chain = {
     EVM: 'EVM',
-    SOL: 'SOL',
+    SVM: 'SVM',
     COSMOS: 'COSMOS',
     BTC: 'BTC',
     FLOW: 'FLOW',
@@ -34,21 +91,49 @@ var BackupLocation = /*#__PURE__*/ function(BackupLocation) {
     BackupLocation["ICLOUD"] = "iCloud";
     BackupLocation["USER"] = "user";
     BackupLocation["EXTERNAL"] = "external";
+    BackupLocation["DELEGATED"] = "delegated";
     return BackupLocation;
 }({});
-// TODO: replace with apiClient proxy and move this to apiClient when ready
-const IFRAME_DOMAIN_PREPROD = 'https://waas.dynamic-preprod.xyz';
-const IFRAME_DOMAIN_PROD = 'https://waas.dynamicauth.com';
-const ChainEnumToVerifiedCredentialName = {
+const IFRAME_DOMAIN_MAP = {
+    development: 'http://localhost:4200',
+    preprod: 'https://app.dynamic-preprod.xyz',
+    production: 'https://app.dynamicauth.com'
+};
+const chainEnumToVerifiedCredentialName = {
     BTC: 'bip122',
     EVM: 'eip155',
     FLOW: 'flow',
-    SOL: 'solana'
+    SVM: 'solana'
 };
-const VerifiedCredentialNameToChainEnum = {
+const verifiedCredentialNameToChainEnum = {
     bip122: 'BTC',
     eip155: 'EVM',
-    solana: 'SOL'
+    solana: 'SVM',
+    sui: 'SUI'
+};
+const DELEGATED_SHARE_COUNT = 1;
+const FEATURE_FLAGS = {
+    ENABLE_DELEGATED_KEY_SHARES_FLAG: 'enable-delegated-key-shares',
+    ENABLE_FORWARD_MPC_CLIENT_FLAG: 'enable-forward-mpc-client'
+};
+const DYNAMIC_FORWARD_MPC_PROD_ENCLAVE_URL = 'wss://forward-mpc-client-prod.app-bf095f298b04.enclave.evervault.com/ws';
+const DYNAMIC_FORWARD_MPC_PREPROD_ENCLAVE_URL = 'wss://forward-mpc-client-preprod.app-560a39ebfe3b.enclave.evervault.com/ws';
+const DYNAMIC_FORWARD_MPC_DEV_ENCLAVE_URL = 'ws://localhost:8008/ws';
+const DYNAMIC_FORWARD_MPC_ENCLAVE_URL_MAP = {
+    ["production"]: DYNAMIC_FORWARD_MPC_PROD_ENCLAVE_URL,
+    ["preprod"]: DYNAMIC_FORWARD_MPC_PREPROD_ENCLAVE_URL,
+    ["development"]: DYNAMIC_FORWARD_MPC_DEV_ENCLAVE_URL
+};
+const DYNAMIC_FORWARD_MPC_ENCLAVE_ATTESTATION_CONFIG_MAP = {
+    ["production"]: {
+        expectedPcr8: '484fd412249304fe7659b2a9a4869504f0e4502d8abb4f88183e65416b4f62354e4eda60e80a5b2e9d730ab0d804f83e',
+        strictCertValidation: true
+    },
+    ["preprod"]: {
+        expectedPcr8: 'acc59ec98dbf7ecb43f9a6b9890866141868c079aa879e05e3675e1a10e187259a64951e72cc531541b02dbdcd780770',
+        strictCertValidation: true
+    },
+    ["development"]: undefined
 };
 
 var SigningAlgorithm = /*#__PURE__*/ function(SigningAlgorithm) {
@@ -94,7 +179,7 @@ const MPC_CHAIN_CONFIG = {
         ],
         signingAlgorithm: "ECDSA"
     },
-    SOL: {
+    SVM: {
         // Uses Ed25519
         derivationPath: [
             44,
@@ -131,6 +216,17 @@ const MPC_CHAIN_CONFIG = {
             0
         ],
         signingAlgorithm: "ED25519"
+    },
+    SUI: {
+        // Uses Ed25519
+        derivationPath: [
+            44,
+            784,
+            0,
+            0,
+            0
+        ],
+        signingAlgorithm: "ED25519"
     }
 };
 var ThresholdSignatureScheme = /*#__PURE__*/ function(ThresholdSignatureScheme) {
@@ -377,26 +473,40 @@ const getDynamicServerThreshold = (thresholdSignatureScheme)=>{
             throw new Error(`Unsupported reshare from ${oldThresholdSignatureScheme} to ${newThresholdSignatureScheme}`);
     }
 };
-
-class BaseClient {
-    constructor({ environmentId, baseApiUrl, authToken, baseClientRelayApiUrl }){
-        const headers = {};
-        headers['Authorization'] = authToken ? `Bearer ${authToken}` : undefined;
-        this.environmentId = environmentId;
-        const isProd = typeof baseApiUrl === 'undefined' || DYNAMIC_AUTH_PROD_BASE_API_URL === baseApiUrl;
-        this.baseApiUrl = isProd ? DYNAMIC_AUTH_PROD_BASE_API_URL : baseApiUrl || DYNAMIC_AUTH_PREPROD_BASE_API_URL;
-        this.apiClient = axios.create({
-            baseURL: this.baseApiUrl,
-            headers
-        });
-        this.clientRelayBaseApiUrl = isProd ? DYNAMIC_CLIENT_RELAY_PROD_BASE_API_URL : baseClientRelayApiUrl || DYNAMIC_CLIENT_RELAY_PREPROD_BASE_API_URL;
-        this.clientRelayApiClient = axios.create({
-            baseURL: this.clientRelayBaseApiUrl,
-            headers
-        });
+const URL_PATTERNS = {
+    [ENVIRONMENT_ENUM.development]: /^http:\/\/localhost:\d+$/,
+    [ENVIRONMENT_ENUM.preprod]: /-preprod/,
+    [ENVIRONMENT_ENUM.production]: /^(?!.*dynamic-preprod)(?!http:\/\/localhost:\d+).*/
+};
+function getEnvironmentFromUrl(url) {
+    if (!url) {
+        return ENVIRONMENT_ENUM.production;
     }
+    if (URL_PATTERNS[ENVIRONMENT_ENUM.development].test(url)) {
+        return ENVIRONMENT_ENUM.development;
+    }
+    if (URL_PATTERNS[ENVIRONMENT_ENUM.preprod].test(url)) {
+        return ENVIRONMENT_ENUM.preprod;
+    }
+    return ENVIRONMENT_ENUM.production;
 }
 
+function _extends() {
+    _extends = Object.assign || function assign(target) {
+        for(var i = 1; i < arguments.length; i++){
+            var source = arguments[i];
+            for(var key in source)if (Object.prototype.hasOwnProperty.call(source, key)) target[key] = source[key];
+        }
+        return target;
+    };
+    return _extends.apply(this, arguments);
+}
+
+var AuthMode = /*#__PURE__*/ function(AuthMode) {
+    AuthMode["HEADER"] = "header";
+    AuthMode["COOKIE"] = "cookie";
+    return AuthMode;
+}({});
 var SuccessEventType = /*#__PURE__*/ function(SuccessEventType) {
     SuccessEventType["KeygenComplete"] = "keygen_complete";
     SuccessEventType["RoomCreated"] = "room_created";
@@ -404,6 +514,9 @@ var SuccessEventType = /*#__PURE__*/ function(SuccessEventType) {
     return SuccessEventType;
 }({});
 
+const getElapsedTime = (startTime)=>{
+    return startTime ? (Date.now() - startTime).toString() : undefined;
+};
 /**
  * Creates a promise that resolves when a specific event is received from an event stream.
  * Adds a timeout to prevent hanging and races the two promises.
@@ -412,16 +525,22 @@ var SuccessEventType = /*#__PURE__*/ function(SuccessEventType) {
  * @param apiClient The axios instance to use for API calls
  * @param options The configuration options
  * @returns A promise that resolves with the event data or rejects on timeout
- */ const createEventStreamPromise = ({ apiClient, endpoint, body, successEventType, timeoutMs = 30000, timeoutMessage, onError, onCeremonyComplete })=>{
+ */ const createEventStreamPromise = ({ apiClient, dynamicRequestId, endpoint, body, successEventType, timeoutMs = 30000, timeoutMessage, onError, onCeremonyComplete, mfaToken, forwardMPCClientEnabled, traceContext })=>{
+    const headers = {
+        Accept: 'text/event-stream',
+        'Cache-Control': 'no-cache',
+        Connection: 'keep-alive',
+        [DynamicRequestIdHeader]: dynamicRequestId,
+        [DynamicMfaTokenHeader]: mfaToken,
+        [DynamicForwardMPCHeader]: forwardMPCClientEnabled,
+        [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+        [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+    };
     // Create a promise that will resolve when the success event is received
     const eventPromise = new Promise((resolve, reject)=>{
         apiClient.post(endpoint, body, {
             responseType: 'stream',
-            headers: {
-                Accept: 'text/event-stream',
-                'Cache-Control': 'no-cache',
-                Connection: 'keep-alive'
-            },
+            headers: _extends({}, headers),
             adapter: 'fetch'
         }).then(createSuccessErrorEventStreamHandler({
             onError,
@@ -474,8 +593,9 @@ var SuccessEventType = /*#__PURE__*/ function(SuccessEventType) {
                         onCeremonyComplete == null ? void 0 : onCeremonyComplete(accountAddress, walletId);
                     }
                     if (event.type === 'error') {
-                        reject(createErrorFromEventData(event.data));
-                        onError == null ? void 0 : onError(createErrorFromEventData(event.data));
+                        const error = createErrorFromEventData(event.data);
+                        reject(error);
+                        onError == null ? void 0 : onError(error);
                     }
                 }
                 processStream();
@@ -535,99 +655,275 @@ var SuccessEventType = /*#__PURE__*/ function(SuccessEventType) {
     return events;
 };
 
+var version = "0.0.1";
+
+class BaseClient {
+    syncAuthToken(authToken) {
+        if (this.authMode === AuthMode.COOKIE) {
+            return;
+        }
+        if (!authToken) {
+            throw new Error('Auth token is required for header authentication');
+        }
+        const authHeader = `Bearer ${authToken}`;
+        this.apiClient.defaults.headers['Authorization'] = authHeader;
+        this.clientRelayApiClient.defaults.headers['Authorization'] = authHeader;
+        this.apiClient.defaults.headers.common['Authorization'] = authHeader;
+        this.clientRelayApiClient.defaults.headers.common['Authorization'] = authHeader;
+        if (this.apiClient.defaults.headers['Authorization'] !== authHeader || this.clientRelayApiClient.defaults.headers['Authorization'] !== authHeader) {
+            throw new Error('Failed to sync auth token, auth header is not set to the expected auth token after sync, there is likely a race condition, contact Dynamic devs to investigate');
+        }
+    }
+    constructor({ environmentId, baseApiUrl, authToken, baseClientKeysharesRelayApiUrl, authMode = AuthMode.HEADER, // Represents the version of the client SDK used by developer
+    sdkVersion, forwardMPCClient }){
+        const headers = {};
+        // Only set Authorization header if using header auth mode and token is provided
+        if (authMode === AuthMode.HEADER && authToken) {
+            headers['Authorization'] = `Bearer ${authToken}`;
+        }
+        headers['x-dyn-wallet-sdk-version'] = version;
+        headers['x-dyn-version'] = sdkVersion;
+        this.environmentId = environmentId;
+        this.authMode = authMode;
+        const environment = getEnvironmentFromUrl(baseApiUrl);
+        this.baseApiUrl = baseApiUrl != null ? baseApiUrl : DYNAMIC_AUTH_BASE_API_URL_MAP[environment];
+        // Configure axios to include credentials for cookie auth
+        const axiosConfig = _extends({
+            baseURL: this.baseApiUrl,
+            headers
+        }, authMode === AuthMode.COOKIE ? {
+            withCredentials: true
+        } : {});
+        this.apiClient = axios.create(axiosConfig);
+        this.clientKeysharesRelayBaseApiUrl = baseClientKeysharesRelayApiUrl != null ? baseClientKeysharesRelayApiUrl : DYNAMIC_KEYSHARES_RELAY_MAP[environment];
+        this.clientRelayApiClient = axios.create({
+            baseURL: this.clientKeysharesRelayBaseApiUrl,
+            headers: _extends({}, headers, {
+                ['x-dyn-environment']: environment,
+                ['x-dyn-client-keyshare-relay-api-url']: baseClientKeysharesRelayApiUrl,
+                [RELAY_API_KEY_HEADER]: DYNAMIC_CLIENT_RELAY_REDCOAST_API_KEY_MAP[environment],
+                [RELAY_APP_ID_HEADER]: DYNAMIC_CLIENT_RELAY_REDCOAST_APP_ID_MAP[environment]
+            })
+        });
+        console.log('--------------------------------');
+        console.log('clientKeysharesRelayBaseApiUrl', this.clientKeysharesRelayBaseApiUrl);
+        console.log('environment', environment);
+        console.log('baseClientKeysharesRelayApiUrl', baseClientKeysharesRelayApiUrl);
+        console.log('--------------------------------');
+        // Use provided ForwardMPCClient or create a new one
+        if (forwardMPCClient) {
+            this.forwardMPCClient = forwardMPCClient;
+        } else {
+            const forwardMPCEnclaveUrl = DYNAMIC_FORWARD_MPC_ENCLAVE_URL_MAP[environment];
+            const attestationConfig = DYNAMIC_FORWARD_MPC_ENCLAVE_ATTESTATION_CONFIG_MAP[environment];
+            this.forwardMPCClient = new forwardMpcClient.ForwardMPCClient(forwardMPCEnclaveUrl != null ? forwardMPCEnclaveUrl : '', {
+                reconnectInterval: 5000,
+                reconnectAttempts: 5,
+                connectionTimeout: 10000,
+                heartbeatInterval: 30000,
+                attestationConfig
+            });
+        }
+    }
+}
+
 class DynamicApiClient extends BaseClient {
     async authenticateApiToken({ environmentId }) {
-        return this.apiClient.post(`/api/v0/environments/${environmentId}/waas/authenticate`);
+        return this.apiClient.post(`/api/v0/environments/${environmentId}/waas/authenticate`, undefined, {
+            headers: {
+                [DynamicRequestIdHeader]: uuid.v4().replace('-', '')
+            }
+        });
     }
-    async createWalletAccount({ chainName, clientKeygenIds, thresholdSignatureScheme, onError, onCeremonyComplete }) {
+    async createWalletAccount({ chainName, clientKeygenIds, dynamicRequestId, thresholdSignatureScheme, skipLock, onError, onCeremonyComplete, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
+            dynamicRequestId,
             endpoint: `/api/v0/sdk/${this.environmentId}/waas/create`,
-            body: {
+            body: _extends({
                 chain: chainName,
                 clientKeygenIds,
                 thresholdSignatureScheme
-            },
+            }, skipLock ? {
+                skipLock
+            } : {}),
             successEventType: SuccessEventType.KeygenComplete,
             timeoutMessage: 'Wallet creation timed out',
             onError,
-            onCeremonyComplete
+            onCeremonyComplete,
+            traceContext
         });
     }
-    async signMessage({ walletId, message, onError }) {
+    async signMessage({ dynamicRequestId, walletId, message, onError, isFormatted, mfaToken, context, forwardMPCClientEnabled, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
+            dynamicRequestId,
             endpoint: `/api/v0/sdk/${this.environmentId}/waas/${walletId}/signMessage`,
             body: {
-                message
+                message,
+                isFormatted,
+                context
             },
             successEventType: SuccessEventType.RoomCreated,
             timeoutMessage: 'Message signing timed out',
-            onError
+            onError,
+            mfaToken,
+            forwardMPCClientEnabled,
+            traceContext
         });
     }
-    async refreshWalletAccountShares({ walletId, onError }) {
+    async refreshWalletAccountShares({ dynamicRequestId, walletId, onError, mfaToken, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
+            dynamicRequestId,
             endpoint: `/api/v0/sdk/${this.environmentId}/waas/${walletId}/refresh`,
             body: undefined,
             successEventType: SuccessEventType.RoomCreated,
             timeoutMessage: 'Refresh timed out',
-            onError
+            onError,
+            mfaToken,
+            traceContext
         });
     }
-    async reshare({ walletId, clientKeygenIds, oldThresholdSignatureScheme, newThresholdSignatureScheme, onError }) {
+    async reshare({ walletId, dynamicRequestId, clientKeygenIds, oldThresholdSignatureScheme, newThresholdSignatureScheme, delegateToProjectEnvironment, revokeDelegation, mfaToken, onError, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
+            dynamicRequestId,
             endpoint: `/api/v0/sdk/${this.environmentId}/waas/${walletId}/reshare`,
             body: {
                 clientKeygenIds,
+                delegateToProjectEnvironment,
+                newThresholdSignatureScheme,
                 oldThresholdSignatureScheme,
-                newThresholdSignatureScheme
+                revokeDelegation
             },
             successEventType: SuccessEventType.RoomCreated,
             timeoutMessage: 'Reshare timed out',
-            onError
+            onError,
+            mfaToken,
+            traceContext
         });
     }
-    async exportKey({ walletId, exportId, onError }) {
+    async exportKey({ mfaToken, dynamicRequestId, walletId, exportId, onError, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
+            dynamicRequestId,
             endpoint: `/api/v0/sdk/${this.environmentId}/waas/${walletId}/privateKey/export`,
             body: {
                 exportId
             },
             successEventType: SuccessEventType.RoomCreated,
             timeoutMessage: 'Key export timed out',
-            onError
+            onError,
+            mfaToken,
+            traceContext
         });
     }
-    async storeEncryptedBackupByWallet({ walletId, encryptedKeyShares, passwordEncrypted }) {
+    async getDelegatedEncryptionKey({ environmentId, traceContext }) {
+        const { data } = await this.apiClient.get(`/api/v0/sdk/${environmentId}/waas/delegatedAccess/encryptionPublicKey`, {
+            headers: {
+                [DynamicRequestIdHeader]: uuid.v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
+        return data;
+    }
+    async publishDelegatedKeyShare({ walletId, encryptedKeyShare, signedSessionId, requiresSignedSessionId = false, dynamicRequestId, traceContext }) {
+        if (requiresSignedSessionId && !signedSessionId) {
+            throw new Error('Signed session ID is required');
+        }
+        const apiClient = this.apiClient;
+        const { data, status } = await apiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/delegatedAccess/delivery`, {
+            encryptedDelegatedShare: encryptedKeyShare
+        }, {
+            headers: {
+                [DynamicRequestIdHeader]: dynamicRequestId,
+                [DynamicClientSessionSignature]: signedSessionId,
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
+        return {
+            data,
+            status
+        };
+    }
+    async storeEncryptedBackupByWallet({ walletId, encryptedKeyShares, passwordEncrypted, signedSessionId, encryptionVersion, requiresSignedSessionId = false, authMode = AuthMode.HEADER, dynamicRequestId, traceContext }) {
+        if (requiresSignedSessionId && !signedSessionId) {
+            throw new Error('Signed session ID is required');
+        }
         const { data } = await this.clientRelayApiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/keyShares/backup`, {
             // TODO: decide on whether to store encryptedAccountCredentials or encryptedKeyShares as backup
             encryptedAccountCredentials: encryptedKeyShares,
-            passwordEncrypted
+            passwordEncrypted,
+            encryptionVersion
+        }, {
+            headers: {
+                [DynamicRequestIdHeader]: dynamicRequestId,
+                [DynamicClientSessionSignature]: signedSessionId,
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            },
+            withCredentials: authMode === AuthMode.COOKIE ? true : undefined
         });
         return data;
     }
+    // TODO: is this still used? if not, remove it
     async markKeySharesAsBackedUpGoogleDrive({ walletId }) {
-        const { data } = await this.clientRelayApiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/keyShares/backup/googleDrive`, {});
+        const { data } = await this.clientRelayApiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/keyShares/backup/googleDrive`, {}, {
+            headers: {
+                [DynamicRequestIdHeader]: uuid.v4().replace('-', '')
+            }
+        });
+        return data;
+    }
+    async markKeySharesAsBackedUp({ walletId, locations, dynamicRequestId, traceContext }) {
+        const { data } = await this.apiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/keyShares/backup/locations`, {
+            locations
+        }, {
+            headers: {
+                [DynamicRequestIdHeader]: dynamicRequestId,
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
         return data;
     }
-    async recoverEncryptedBackupByWallet({ walletId, keyShareIds }) {
+    async recoverEncryptedBackupByWallet({ walletId, keyShareIds, signedSessionId, mfaToken, requiresSignedSessionId = false, authMode = AuthMode.HEADER, traceContext }) {
+        if (requiresSignedSessionId && !signedSessionId) {
+            throw new Error('Signed session ID is required');
+        }
+        // TODO: add signed messsage to body?
         const { data } = await this.clientRelayApiClient.post(`/api/v0/sdk/${this.environmentId}/waas/${walletId}/keyShares/recover`, keyShareIds ? {
             keyShareIds
-        } : undefined);
+        } : undefined, {
+            headers: {
+                [DynamicRequestIdHeader]: uuid.v4().replace('-', ''),
+                [DynamicClientSessionSignature]: signedSessionId,
+                [DynamicMfaTokenHeader]: mfaToken,
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            },
+            withCredentials: authMode === AuthMode.COOKIE ? true : undefined
+        });
         return data;
     }
-    async getAccessToken({ oauthAccountId }) {
-        const { data } = await this.apiClient.get(`/api/v0/sdk/${this.environmentId}/oauthAccounts/${oauthAccountId}/accessToken`);
+    async getAccessToken({ oauthAccountId, traceContext }) {
+        const { data } = await this.apiClient.get(`/api/v0/sdk/${this.environmentId}/oauthAccounts/${oauthAccountId}/accessToken`, {
+            headers: {
+                [DynamicRequestIdHeader]: uuid.v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
         return data.accessToken;
     }
     // TODO: return array instead considering cases where server has multiple parties
-    async importPrivateKey({ chainName, clientKeygenIds, thresholdSignatureScheme, onError, onCeremonyComplete }) {
+    async importPrivateKey({ chainName, dynamicRequestId, clientKeygenIds, thresholdSignatureScheme, onError, onCeremonyComplete, traceContext }) {
         return createEventStreamPromise({
             apiClient: this.apiClient,
+            dynamicRequestId,
             endpoint: `/api/v0/sdk/${this.environmentId}/waas/privateKey/import`,
             body: {
                 chain: chainName,
@@ -637,17 +933,24 @@ class DynamicApiClient extends BaseClient {
             successEventType: SuccessEventType.KeygenComplete,
             timeoutMessage: 'Key import timed out',
             onError,
-            onCeremonyComplete
+            onCeremonyComplete,
+            traceContext
         });
     }
     // TODO: consider removing the retry logics if we switch to server-sent events
-    async getUser() {
+    async getUser(dynamicRequestId, traceContext) {
         let attempts = 0;
         const maxAttempts = 5;
         const retryInterval = 1000; // 1 second interval for each retry
         while(attempts < maxAttempts){
             try {
-                const { data } = await this.apiClient.get(`/api/v0/sdk/${this.environmentId}/users`);
+                const { data } = await this.apiClient.get(`/api/v0/sdk/${this.environmentId}/users`, {
+                    headers: {
+                        [DynamicRequestIdHeader]: dynamicRequestId,
+                        [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                        [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+                    }
+                });
                 return data;
             } catch (error) {
                 attempts++;
@@ -659,13 +962,19 @@ class DynamicApiClient extends BaseClient {
         }
     }
     // TODO: consider removing the retry logics if we switch to server-sent events
-    async refreshUser() {
+    async refreshUser(traceContext) {
         let attempts = 0;
         const maxAttempts = 5;
         const retryInterval = 1000; // 1 second interval for each retry
         while(attempts < maxAttempts){
             try {
-                const { data } = await this.apiClient.post(`/api/v0/sdk/${this.environmentId}/refresh`, undefined);
+                const { data } = await this.apiClient.post(`/api/v0/sdk/${this.environmentId}/refresh`, undefined, {
+                    headers: {
+                        [DynamicRequestIdHeader]: uuid.v4().replace('-', ''),
+                        [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                        [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+                    }
+                });
                 return data;
             } catch (error) {
                 attempts++;
@@ -676,40 +985,237 @@ class DynamicApiClient extends BaseClient {
             }
         }
     }
-    constructor({ environmentId, authToken, baseApiUrl }){
+    async getEnvironmentSettings(traceContext) {
+        const { data } = await this.apiClient.get(`/api/v0/sdk/${this.environmentId}/settings`, {
+            headers: {
+                [DynamicRequestIdHeader]: uuid.v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
+        return data;
+    }
+    async getWaasWalletById({ walletId, traceContext }) {
+        const { data } = await this.apiClient.get(`/api/v0/environments/${this.environmentId}/waas/${walletId}`, {
+            headers: {
+                [DynamicRequestIdHeader]: uuid.v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
+        return data;
+    }
+    /**
+   * Fetch a single WaaS wallet by ID using the /sdk/{environmentId}/waas/{walletId} endpoint.
+   * This endpoint returns user information with verified credentials filtered to only include the specified WaaS wallet.
+   */ async getWaasWalletByAddress({ walletAddress, traceContext }) {
+        const { data } = await this.apiClient.get(`/api/v0/sdk/${this.environmentId}/waas/byWalletAddress/${walletAddress}`, {
+            headers: {
+                [DynamicRequestIdHeader]: uuid.v4().replace('-', ''),
+                [DynamicTraceIdHeader]: traceContext == null ? void 0 : traceContext.traceId,
+                [DynamicTraceElapsedTimeHeader]: getElapsedTime(traceContext == null ? void 0 : traceContext.startTime)
+            }
+        });
+        return data;
+    }
+    async delegatedSignMessage({ walletId, message, isFormatted, dynamicRequestId, onError, context, traceContext }) {
+        return createEventStreamPromise({
+            apiClient: this.apiClient,
+            dynamicRequestId,
+            endpoint: `/api/v0/environments/${this.environmentId}/waas/${walletId}/delegatedAccess/signMessage`,
+            body: {
+                message,
+                isFormatted,
+                context
+            },
+            successEventType: SuccessEventType.RoomCreated,
+            timeoutMessage: 'Delegated sign message timed out',
+            onError,
+            traceContext
+        });
+    }
+    constructor({ environmentId, authToken, baseApiUrl, authMode = AuthMode.HEADER, // Represents the version of the client SDK used by developer
+    sdkVersion, forwardMPCClient, baseClientKeysharesRelayApiUrl }){
         super({
             environmentId,
-            authToken,
-            baseApiUrl
+            authToken: authToken || '',
+            baseApiUrl,
+            authMode,
+            sdkVersion,
+            forwardMPCClient,
+            baseClientKeysharesRelayApiUrl
         });
     }
 }
 
+const SDK_NAMESPACE = {
+    REACT: 'WalletKit',
+    CLIENT: 'ClientSDK'
+};
+/**
+ * Parses a potentially namespaced SDK version string
+ * @param sdkVersion - The SDK version string, optionally namespaced
+ * @returns Parsed SDK version with namespace and version
+ * @example
+ * parseNamespacedVersion("WalletKit/1.0.0") // { namespace: "WalletKit", version: "1.0.0", raw: "WalletKit/1.0.0" }
+ * parseNamespacedVersion("1.0.0") // { namespace: "WalletKit", version: "1.0.0", raw: "1.0.0" }
+ */ function parseNamespacedVersion(sdkVersion) {
+    if (!sdkVersion || sdkVersion === '') {
+        return null;
+    }
+    // Check if the version contains a namespace
+    const colonIndex = sdkVersion.indexOf('/');
+    if (colonIndex !== -1) {
+        const namespace = sdkVersion.substring(0, colonIndex);
+        const version = sdkVersion.substring(colonIndex + 1);
+        // Validate namespace
+        if (!Object.values(SDK_NAMESPACE).includes(namespace)) {
+            return {
+                namespace: SDK_NAMESPACE.REACT,
+                version,
+                raw: sdkVersion
+            };
+        }
+        return {
+            namespace: namespace,
+            version,
+            raw: sdkVersion
+        };
+    }
+    // No namespace found, default to react-sdk for backward compatibility
+    return {
+        namespace: 'WalletKit',
+        version: sdkVersion,
+        raw: sdkVersion
+    };
+}
+/**
+ * Formats a parsed SDK version back to string format
+ * @param parsedVersion - The parsed SDK version object
+ * @returns Formatted SDK version string
+ */ function formatNamespacedVersion(parsedVersion) {
+    return `${parsedVersion.namespace}/${parsedVersion.version}`;
+}
+/**
+ * Gets the version string without namespace
+ * @param sdkVersion - The SDK version string, optionally namespaced
+ * @returns Version string without namespace
+ */ function getVersionWithoutNamespace(sdkVersion) {
+    const parsed = parseNamespacedVersion(sdkVersion);
+    return parsed ? parsed.version : null;
+}
+/**
+ * Gets the namespace from a potentially namespaced SDK version
+ * @param sdkVersion - The SDK version string, optionally namespaced
+ * @returns The namespace or default namespace
+ */ function getVersionNamespace(sdkVersion) {
+    const parsed = parseNamespacedVersion(sdkVersion);
+    return parsed ? parsed.namespace : null;
+}
+
+const serializeMessageForForwardMPC = ({ message, isFormatted = false, chainName })=>{
+    let serializedMessage = message;
+    if (isFormatted && chainName === 'EVM') {
+        if (typeof message === 'string') {
+            // Handle hex string (with or without 0x prefix)
+            const cleanHex = message.startsWith('0x') ? message.slice(2) : message;
+            serializedMessage = cleanHex;
+        } else if (message instanceof Uint8Array) {
+            serializedMessage = Buffer.from(message).toString('hex');
+        } else if (message instanceof MessageHash) {
+            serializedMessage = message.toHex();
+        } else {
+            throw new Error('Unsupported formatted message format');
+        }
+    }
+    return serializedMessage;
+};
+
+const handleAxiosError = (error, message, context, logger)=>{
+    var _error_response, _error_response1, _error_response2;
+    logger.error('[DynamicWaasWalletClient] Axios error: ', {
+        message,
+        error: (_error_response = error.response) == null ? void 0 : _error_response.data,
+        status: (_error_response1 = error.response) == null ? void 0 : _error_response1.status,
+        context
+    });
+    switch((_error_response2 = error.response) == null ? void 0 : _error_response2.status){
+        case 400:
+            throw createHttpError(400, 'Invalid request');
+        case 401:
+            throw createHttpError(401, 'Authorization header or cookie is required');
+        case 403:
+            throw createHttpError(403, 'Forbidden');
+        case 422:
+            throw createHttpError(422, 'Unprocessable content');
+        case 500:
+            throw createHttpError(500, 'Internal server error');
+        default:
+            throw createHttpError(500, 'Internal server error');
+    }
+};
+
+exports.AuthMode = AuthMode;
 exports.BITCOIN_DERIVATION_PATHS = BITCOIN_DERIVATION_PATHS;
 exports.BackupLocation = BackupLocation;
-exports.ChainEnumToVerifiedCredentialName = ChainEnumToVerifiedCredentialName;
 exports.CreateRoomPartiesOptions = CreateRoomPartiesOptions;
+exports.DELEGATED_SHARE_COUNT = DELEGATED_SHARE_COUNT;
+exports.DYNAMIC_AUTH_BASE_API_URL_MAP = DYNAMIC_AUTH_BASE_API_URL_MAP;
+exports.DYNAMIC_AUTH_DEV_BASE_API_URL = DYNAMIC_AUTH_DEV_BASE_API_URL;
 exports.DYNAMIC_AUTH_PREPROD_BASE_API_URL = DYNAMIC_AUTH_PREPROD_BASE_API_URL;
 exports.DYNAMIC_AUTH_PROD_BASE_API_URL = DYNAMIC_AUTH_PROD_BASE_API_URL;
-exports.DYNAMIC_CLIENT_RELAY_PREPROD_BASE_API_URL = DYNAMIC_CLIENT_RELAY_PREPROD_BASE_API_URL;
-exports.DYNAMIC_CLIENT_RELAY_PROD_BASE_API_URL = DYNAMIC_CLIENT_RELAY_PROD_BASE_API_URL;
+exports.DYNAMIC_CLIENT_RELAY_REDCOAST_API_KEY_MAP = DYNAMIC_CLIENT_RELAY_REDCOAST_API_KEY_MAP;
+exports.DYNAMIC_CLIENT_RELAY_REDCOAST_APP_ID_MAP = DYNAMIC_CLIENT_RELAY_REDCOAST_APP_ID_MAP;
+exports.DYNAMIC_FORWARD_MPC_DEV_ENCLAVE_URL = DYNAMIC_FORWARD_MPC_DEV_ENCLAVE_URL;
+exports.DYNAMIC_FORWARD_MPC_ENCLAVE_ATTESTATION_CONFIG_MAP = DYNAMIC_FORWARD_MPC_ENCLAVE_ATTESTATION_CONFIG_MAP;
+exports.DYNAMIC_FORWARD_MPC_ENCLAVE_URL_MAP = DYNAMIC_FORWARD_MPC_ENCLAVE_URL_MAP;
+exports.DYNAMIC_FORWARD_MPC_PREPROD_ENCLAVE_URL = DYNAMIC_FORWARD_MPC_PREPROD_ENCLAVE_URL;
+exports.DYNAMIC_FORWARD_MPC_PROD_ENCLAVE_URL = DYNAMIC_FORWARD_MPC_PROD_ENCLAVE_URL;
+exports.DYNAMIC_KEYSHARES_RELAY_MAP = DYNAMIC_KEYSHARES_RELAY_MAP;
+exports.DYNAMIC_KEYSHARES_RELAY_PREPROD_BASE_API_URL = DYNAMIC_KEYSHARES_RELAY_PREPROD_BASE_API_URL;
+exports.DYNAMIC_KEYSHARES_RELAY_PROD_BASE_API_URL = DYNAMIC_KEYSHARES_RELAY_PROD_BASE_API_URL;
 exports.DynamicApiClient = DynamicApiClient;
-exports.IFRAME_DOMAIN_PREPROD = IFRAME_DOMAIN_PREPROD;
-exports.IFRAME_DOMAIN_PROD = IFRAME_DOMAIN_PROD;
+exports.DynamicClientSessionSignature = DynamicClientSessionSignature;
+exports.DynamicForwardMPCHeader = DynamicForwardMPCHeader;
+exports.DynamicMfaTokenHeader = DynamicMfaTokenHeader;
+exports.DynamicRequestIdHeader = DynamicRequestIdHeader;
+exports.DynamicTraceElapsedTimeHeader = DynamicTraceElapsedTimeHeader;
+exports.DynamicTraceIdHeader = DynamicTraceIdHeader;
+exports.ENVIRONMENT_ENUM = ENVIRONMENT_ENUM;
+exports.FEATURE_FLAGS = FEATURE_FLAGS;
+exports.IFRAME_DOMAIN_MAP = IFRAME_DOMAIN_MAP;
 exports.MPC_CHAIN_CONFIG = MPC_CHAIN_CONFIG;
 exports.MPC_CONFIG = MPC_CONFIG;
+exports.MPC_RELAY_DEV_API_URL = MPC_RELAY_DEV_API_URL;
 exports.MPC_RELAY_PREPROD_API_URL = MPC_RELAY_PREPROD_API_URL;
 exports.MPC_RELAY_PROD_API_URL = MPC_RELAY_PROD_API_URL;
+exports.MPC_RELAY_URL_MAP = MPC_RELAY_URL_MAP;
+exports.PREPROD_RELAY_API_KEY = PREPROD_RELAY_API_KEY;
+exports.PREPROD_RELAY_APP_ID = PREPROD_RELAY_APP_ID;
+exports.PROD_RELAY_API_KEY = PROD_RELAY_API_KEY;
+exports.PROD_RELAY_APP_ID = PROD_RELAY_APP_ID;
+exports.RELAY_API_KEY_HEADER = RELAY_API_KEY_HEADER;
+exports.RELAY_APP_ID_HEADER = RELAY_APP_ID_HEADER;
+exports.SDK_NAMESPACE = SDK_NAMESPACE;
 exports.SOLANA_RPC_URL = SOLANA_RPC_URL;
 exports.SigningAlgorithm = SigningAlgorithm;
 exports.SuccessEventType = SuccessEventType;
 exports.ThresholdSignatureScheme = ThresholdSignatureScheme;
-exports.VerifiedCredentialNameToChainEnum = VerifiedCredentialNameToChainEnum;
+exports.URL_PATTERNS = URL_PATTERNS;
 exports.WalletOperation = WalletOperation;
 exports.chain = chain;
+exports.chainEnumToVerifiedCredentialName = chainEnumToVerifiedCredentialName;
+exports.formatNamespacedVersion = formatNamespacedVersion;
 exports.getClientThreshold = getClientThreshold;
 exports.getDynamicServerThreshold = getDynamicServerThreshold;
+exports.getEnvironmentFromUrl = getEnvironmentFromUrl;
 exports.getMPCChainConfig = getMPCChainConfig;
 exports.getReshareConfig = getReshareConfig;
 exports.getServerWalletReshareConfig = getServerWalletReshareConfig;
 exports.getTSSConfig = getTSSConfig;
+exports.getVersionNamespace = getVersionNamespace;
+exports.getVersionWithoutNamespace = getVersionWithoutNamespace;
+exports.handleAxiosError = handleAxiosError;
+exports.parseNamespacedVersion = parseNamespacedVersion;
+exports.serializeMessageForForwardMPC = serializeMessageForForwardMPC;
+exports.verifiedCredentialNameToChainEnum = verifiedCredentialNameToChainEnum;