@dynamic-labs-wallet/forward-mpc-client 0.2.0 → 0.4.0

package/dist/index.js

@@ -1,10 +1,13 @@
-import { EventEmitter } from 'eventemitter3';
+import EventEmitter2, { EventEmitter } from 'eventemitter3';
 import * as ws from 'ws';
-import { messageRegistry, generateMlKem768Keypair, HandshakeV1RequestMessage, decapsulateMlKem768, encryptKeyshare, SignMessageV1RequestMessage } from '@dynamic-labs-wallet/forward-mpc-shared';
+import { messageRegistry, generateMlKem768Keypair, HandshakeV1RequestMessage, decapsulateMlKem768, encryptKeyshare, SignMessageV1RequestMessage, encryptKeygenInit, KeygenV1RequestMessage, decryptKeygenResult, ReceiveKeyV1RequestMessage, fromDynamicSigningAlgorithm } from '@dynamic-labs-wallet/forward-mpc-shared';
 import init, { PCRs, validateAttestationDocPcrs, getUserData, getNonce } from '@evervault/wasm-attestation-bindings';
 import { sha256 } from '@noble/hashes/sha2.js';
 import { randomBytes, hexToBytes } from '@noble/hashes/utils.js';
 import { either } from 'fp-ts';
+import { SigningAlgorithm } from '@dynamic-labs-wallet/core';
+export { SigningAlgorithm } from '@dynamic-labs-wallet/core';
+import { WebSocket } from 'isows';
 
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
@@ -18,7 +21,7 @@ var NitroAttestationVerifier = class {
     __name(this, "NitroAttestationVerifier");
   }
   config;
-  wasmInitialized = false;
+  wasmInitPromise = null;
   constructor(config) {
     this.config = {
       strictCertValidation: true,
@@ -27,17 +30,16 @@ var NitroAttestationVerifier = class {
     };
   }
   /**
-  * Initialize WASM module if not already initialized
+  * Initialises the WASM module exactly once. Concurrent callers share the
+  * same in-flight promise, preventing duplicate initialisation.
+  * On failure the promise is cleared so the next call may retry.
   */
-  async ensureWasmInitialized() {
-    if (!this.wasmInitialized) {
-      try {
-        await init();
-        this.wasmInitialized = true;
-      } catch (error) {
-        throw new Error(`Failed to initialize WASM module: ${error instanceof Error ? error.message : "Unknown error"}`);
-      }
-    }
+  ensureWasmInitialized() {
+    this.wasmInitPromise ??= init().then(() => void 0).catch((error) => {
+      this.wasmInitPromise = null;
+      throw new Error(`Failed to initialize WASM module: ${error instanceof Error ? error.message : "Unknown error"}`);
+    });
+    return this.wasmInitPromise;
   }
   /**
   * Verify an attestation document using Evervault WASM bindings
@@ -45,9 +47,9 @@ var NitroAttestationVerifier = class {
   *
   * @param attestationDocBase64 - Base64-encoded attestation document
   * @param expectedChallenge - Expected challenge (ciphertext hash)
-  * @param expectedNonce - Expected nonce (REQUIRED for security)
+  * @param nonce - Expected nonce (REQUIRED for security)
   */
-  async verify(attestationDocBase64, expectedChallenge, expectedNonce) {
+  async verify(attestationDocBase64, expectedChallenge, nonce) {
     try {
       await this.ensureWasmInitialized();
       const expectedPcrs = PCRs.empty();
@@ -64,37 +66,44 @@ var NitroAttestationVerifier = class {
           timestamp: Date.now()
         };
       }
-      if (expectedChallenge) {
-        try {
-          const userData = getUserData(attestationDocBase64);
-          if (!userData) {
-            return {
-              valid: false,
-              errors: [
-                "No user data found in attestation document"
-              ],
-              timestamp: Date.now()
-            };
-          }
-          const userDataString = new TextDecoder("utf-8").decode(userData);
-          if (!userDataString.includes(expectedChallenge)) {
-            return {
-              valid: false,
-              errors: [
-                "Ciphertext hash verification failed - challenge not found in attestation user data"
-              ],
-              timestamp: Date.now()
-            };
-          }
-        } catch (error) {
+      if (!expectedChallenge) {
+        return {
+          valid: false,
+          errors: [
+            "No challenge provided \u2014 ciphertext binding cannot be verified"
+          ],
+          timestamp: Date.now()
+        };
+      }
+      try {
+        const userData = getUserData(attestationDocBase64);
+        if (!userData) {
+          return {
+            valid: false,
+            errors: [
+              "No user data found in attestation document"
+            ],
+            timestamp: Date.now()
+          };
+        }
+        const userDataString = new TextDecoder("utf-8").decode(userData);
+        if (userDataString !== expectedChallenge) {
           return {
             valid: false,
             errors: [
-              `Failed to extract or verify ciphertext hash: ${error instanceof Error ? error.message : String(error)}`
+              "Ciphertext hash verification failed - challenge mismatch in attestation user data"
             ],
             timestamp: Date.now()
           };
         }
+      } catch (error) {
+        return {
+          valid: false,
+          errors: [
+            `Failed to extract or verify ciphertext hash: ${error instanceof Error ? error.message : String(error)}`
+          ],
+          timestamp: Date.now()
+        };
       }
       try {
         const extractedNonceRaw = getNonce(attestationDocBase64);
@@ -117,8 +126,7 @@ var NitroAttestationVerifier = class {
               extractedNonce[i] = binaryString.charCodeAt(i);
             }
           } else {
-            const decodedBuffer = Buffer.from(nonceString, "base64");
-            extractedNonce = new Uint8Array(decodedBuffer);
+            extractedNonce = new Uint8Array(Buffer.from(nonceString, "base64"));
           }
         } catch (decodeError) {
           return {
@@ -129,25 +137,27 @@ var NitroAttestationVerifier = class {
             timestamp: Date.now()
           };
         }
-        if (extractedNonce.length !== expectedNonce.length) {
+        if (extractedNonce.length !== nonce.length) {
           return {
             valid: false,
             errors: [
-              `Nonce length mismatch: expected ${expectedNonce.length} bytes, got ${extractedNonce.length} bytes`
+              `Nonce length mismatch: expected ${nonce.length} bytes, got ${extractedNonce.length} bytes`
             ],
             timestamp: Date.now()
           };
         }
-        for (let i = 0; i < expectedNonce.length; i++) {
-          if (extractedNonce[i] !== expectedNonce[i]) {
-            return {
-              valid: false,
-              errors: [
-                "Nonce verification failed - nonce mismatch"
-              ],
-              timestamp: Date.now()
-            };
-          }
+        let diff = 0;
+        for (let i = 0; i < nonce.length; i++) {
+          diff |= extractedNonce[i] ^ nonce[i];
+        }
+        if (diff !== 0) {
+          return {
+            valid: false,
+            errors: [
+              "Nonce verification failed - nonce mismatch"
+            ],
+            timestamp: Date.now()
+          };
         }
       } catch (error) {
         return {
@@ -464,6 +474,57 @@ var ForwardMPCClient = class extends EventEmitter {
     });
     return this.sendRequest(request);
   }
+  /**
+  * Perform MPC keygen for ECDSA and BIP340 algorithms
+  * For ED25519, use sampleKey() or receiveKey() methods instead
+  */
+  async keygen(params) {
+    if (params.signingAlgo === SigningAlgorithm.ED25519) {
+      throw new Error("ED25519 keygen not supported via keygen() method. Use sampleKey() or receiveKey() instead.");
+    }
+    const { sharedSecret, connectionId } = await this.ensureWsConnection();
+    const encryptedKeygenInit = encryptKeygenInit(params.keygenInit, sharedSecret, connectionId);
+    const request = new KeygenV1RequestMessage({
+      relayDomain: params.relayDomain,
+      signingAlgo: params.signingAlgo,
+      roomUuid: params.roomUuid,
+      numParties: params.numParties,
+      threshold: params.threshold,
+      keygenInit: encryptedKeygenInit,
+      keygenIds: params.keygenIds,
+      traceContext: params.traceContext,
+      userId: params.userId,
+      environmentId: params.environmentId
+    });
+    const response = await this.sendRequest(request);
+    const responseData = response.getData();
+    const keygenResult = decryptKeygenResult(responseData.keygenResult, sharedSecret, connectionId);
+    return keygenResult;
+  }
+  /**
+  * Receive an ED25519 key (one party receives the key generated by another)
+  * Uses ExportableEd25519 - the receiving party gets the key sampled by another party
+  */
+  async receiveKey(params) {
+    const { sharedSecret, connectionId } = await this.ensureWsConnection();
+    const encryptedKeygenInit = encryptKeygenInit(params.keygenInit, sharedSecret, connectionId);
+    const request = new ReceiveKeyV1RequestMessage({
+      relayDomain: params.relayDomain,
+      signingAlgo: "ed25519",
+      roomUuid: params.roomUuid,
+      numParties: params.numParties,
+      threshold: params.threshold,
+      keygenInit: encryptedKeygenInit,
+      keygenIds: params.keygenIds,
+      traceContext: params.traceContext,
+      userId: params.userId,
+      environmentId: params.environmentId
+    });
+    const response = await this.sendRequest(request);
+    const responseData = response.getData();
+    const keygenResult = decryptKeygenResult(responseData.keygenResult, sharedSecret, connectionId);
+    return keygenResult;
+  }
   get connected() {
     return this.isConnected;
   }
@@ -503,6 +564,828 @@ var ForwardMPCClient = class extends EventEmitter {
   }
 };
 
-export { ForwardMPCClient };
+// src/client-v2/errors.ts
+var ErrorCode = {
+  // Transport
+  CONNECTION_FAILED: "CONNECTION_FAILED",
+  CONNECTION_TIMEOUT: "CONNECTION_TIMEOUT",
+  NOT_CONNECTED: "NOT_CONNECTED",
+  // Session
+  HANDSHAKE_FAILED: "HANDSHAKE_FAILED",
+  HANDSHAKE_INVALID_RESPONSE: "HANDSHAKE_INVALID_RESPONSE",
+  ATTESTATION_FAILED: "ATTESTATION_FAILED",
+  ATTESTATION_NONCE_MISSING: "ATTESTATION_NONCE_MISSING",
+  REQUEST_TIMEOUT: "REQUEST_TIMEOUT",
+  SESSION_DISPOSED: "SESSION_DISPOSED",
+  SERVER_ERROR: "SERVER_ERROR",
+  MESSAGE_PARSE_FAILED: "MESSAGE_PARSE_FAILED",
+  // Client
+  SESSION_ESTABLISH_FAILED: "SESSION_ESTABLISH_FAILED",
+  UNSUPPORTED_ALGORITHM: "UNSUPPORTED_ALGORITHM"
+};
+var ForwardMPCErrorType = {
+  TRANSPORT: "transport",
+  SESSION: "session",
+  CLIENT: "client"
+};
+var ForwardMPCError = class extends Error {
+  static {
+    __name(this, "ForwardMPCError");
+  }
+  code;
+  type;
+  context;
+  constructor(message, code, type, context) {
+    super(message);
+    this.name = this.constructor.name;
+    this.code = code;
+    this.type = type;
+    this.context = context;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+  toJSON() {
+    return {
+      name: this.name,
+      message: this.message,
+      code: this.code,
+      type: this.type,
+      stack: this.stack,
+      context: this.context
+    };
+  }
+};
+var TransportError = class extends ForwardMPCError {
+  static {
+    __name(this, "TransportError");
+  }
+  constructor(message, code, context) {
+    super(message, code, ForwardMPCErrorType.TRANSPORT, context);
+  }
+};
+var SessionError = class extends ForwardMPCError {
+  static {
+    __name(this, "SessionError");
+  }
+  constructor(message, code, context) {
+    super(message, code, ForwardMPCErrorType.SESSION, context);
+  }
+};
+var ClientError = class extends ForwardMPCError {
+  static {
+    __name(this, "ClientError");
+  }
+  constructor(message, code, context) {
+    super(message, code, ForwardMPCErrorType.CLIENT, context);
+  }
+};
+var TransportConnectionError = class extends TransportError {
+  static {
+    __name(this, "TransportConnectionError");
+  }
+  constructor(context) {
+    super("WebSocket connection failed", ErrorCode.CONNECTION_FAILED, context);
+  }
+};
+var TransportConnectionTimeoutError = class extends TransportError {
+  static {
+    __name(this, "TransportConnectionTimeoutError");
+  }
+  constructor(context) {
+    super("WebSocket connection timed out", ErrorCode.CONNECTION_TIMEOUT, context);
+  }
+};
+var TransportNotConnectedError = class extends TransportError {
+  static {
+    __name(this, "TransportNotConnectedError");
+  }
+  constructor(context) {
+    super("WebSocket is not connected", ErrorCode.NOT_CONNECTED, context);
+  }
+};
+var SessionHandshakeError = class extends SessionError {
+  static {
+    __name(this, "SessionHandshakeError");
+  }
+  constructor(reason, context) {
+    super(`ML-KEM-768 handshake failed: ${reason}`, ErrorCode.HANDSHAKE_FAILED, {
+      reason,
+      ...context
+    });
+  }
+};
+var SessionHandshakeInvalidResponseError = class extends SessionError {
+  static {
+    __name(this, "SessionHandshakeInvalidResponseError");
+  }
+  constructor(context) {
+    super("Handshake response was invalid or incomplete", ErrorCode.HANDSHAKE_INVALID_RESPONSE, context);
+  }
+};
+var SessionAttestationError = class extends SessionError {
+  static {
+    __name(this, "SessionAttestationError");
+  }
+  constructor(context) {
+    super("Attestation verification failed", ErrorCode.ATTESTATION_FAILED, context);
+  }
+};
+var SessionAttestationNonceMissingError = class extends SessionError {
+  static {
+    __name(this, "SessionAttestationNonceMissingError");
+  }
+  constructor(context) {
+    super("Nonce missing from attestation document", ErrorCode.ATTESTATION_NONCE_MISSING, context);
+  }
+};
+var SessionRequestTimeoutError = class extends SessionError {
+  static {
+    __name(this, "SessionRequestTimeoutError");
+  }
+  constructor(context) {
+    super("Request timed out waiting for server response", ErrorCode.REQUEST_TIMEOUT, context);
+  }
+};
+var SessionDisposedError = class extends SessionError {
+  static {
+    __name(this, "SessionDisposedError");
+  }
+  constructor(context) {
+    super("Session has been disposed", ErrorCode.SESSION_DISPOSED, context);
+  }
+};
+var SessionServerError = class extends SessionError {
+  static {
+    __name(this, "SessionServerError");
+  }
+  constructor(reason, context) {
+    super(`Server returned an error response: ${reason}`, ErrorCode.SERVER_ERROR, {
+      reason,
+      ...context
+    });
+  }
+};
+var SessionMessageParseError = class extends SessionError {
+  static {
+    __name(this, "SessionMessageParseError");
+  }
+  constructor(context) {
+    super("Failed to parse server message", ErrorCode.MESSAGE_PARSE_FAILED, context);
+  }
+};
+var SessionRemoteError = class extends SessionError {
+  static {
+    __name(this, "SessionRemoteError");
+  }
+  serverError;
+  constructor(serverError, context) {
+    super(serverError.message, ErrorCode.SERVER_ERROR, context), this.serverError = serverError;
+  }
+};
+var ClientUnsupportedAlgorithmError = class extends ClientError {
+  static {
+    __name(this, "ClientUnsupportedAlgorithmError");
+  }
+  constructor(context) {
+    super("Signing algorithm is not supported", ErrorCode.UNSUPPORTED_ALGORITHM, context);
+  }
+};
+var ClientSessionEstablishFailedError = class extends ClientError {
+  static {
+    __name(this, "ClientSessionEstablishFailedError");
+  }
+  constructor(context) {
+    super("Failed to establish session", ErrorCode.SESSION_ESTABLISH_FAILED, context);
+  }
+};
+
+// src/client-v2/transport.ts
+var ForwardMPCTransport = class extends EventEmitter2 {
+  static {
+    __name(this, "ForwardMPCTransport");
+  }
+  url;
+  ws = null;
+  _isConnected = false;
+  _destroyed = false;
+  _hadSuccessfulConnection = false;
+  _midSessionReconnectCount = 0;
+  _connectPromise = null;
+  options;
+  logger;
+  constructor(url, options = {}) {
+    super(), this.url = url;
+    this.logger = options.logger;
+    this.options = {
+      reconnectAttempts: options.reconnectAttempts ?? 1,
+      reconnectInterval: options.reconnectInterval ?? 1e3,
+      connectionTimeout: options.connectionTimeout ?? 1e4
+    };
+  }
+  get connected() {
+    return this._isConnected;
+  }
+  /**
+  * Opens the WebSocket connection. Concurrent callers coalesce on a single
+  * in-flight promise. `reconnectAttempts` controls how many silent retries
+  * are attempted before the promise rejects (default: 1 retry = 2 total tries).
+  */
+  async connect() {
+    this._destroyed = false;
+    if (this._isConnected) return;
+    if (this._connectPromise) return this._connectPromise;
+    this._connectPromise = this._connectWithRetry().finally(() => {
+      this._connectPromise = null;
+    });
+    return this._connectPromise;
+  }
+  disconnect() {
+    this._destroyed = true;
+    if (this.ws) {
+      this.ws.close();
+      this.ws = null;
+    }
+    this._isConnected = false;
+    this.emit("disconnected");
+  }
+  send(data) {
+    if (!this._isConnected || !this.ws) {
+      throw new TransportNotConnectedError();
+    }
+    this.ws.send(data);
+  }
+  /**
+  * Attempts the initial connection, then silently retries up to
+  * `reconnectAttempts` times before surfacing an error.
+  */
+  async _connectWithRetry() {
+    let lastError;
+    for (let attempt = 0; attempt <= this.options.reconnectAttempts; attempt++) {
+      try {
+        await this._connectOnce();
+        return;
+      } catch (error) {
+        lastError = error;
+      }
+    }
+    throw lastError;
+  }
+  _connectOnce() {
+    return new Promise((resolve, reject) => {
+      const timeoutHandle = setTimeout(() => {
+        this.ws?.close();
+        reject(new TransportConnectionTimeoutError({
+          url: this.url
+        }));
+      }, this.options.connectionTimeout);
+      this.ws = new WebSocket(this.url);
+      this.ws.onopen = () => {
+        clearTimeout(timeoutHandle);
+        this._isConnected = true;
+        this._hadSuccessfulConnection = true;
+        this._midSessionReconnectCount = 0;
+        this.logger?.info("WebSocket connected", {
+          url: this.url
+        });
+        this.emit("connected");
+        resolve();
+      };
+      this.ws.onerror = () => {
+        clearTimeout(timeoutHandle);
+        const err = new TransportConnectionError({
+          url: this.url
+        });
+        this.emit("error", err);
+        reject(err);
+      };
+      this.ws.onmessage = (event) => {
+        this.logger?.debug("WebSocket message received", {
+          data: event.data
+        });
+        this.emit("message", event.data);
+      };
+      this.ws.onclose = () => {
+        this._isConnected = false;
+        if (!this._destroyed) {
+          this.emit("disconnected");
+        }
+        this.maybeReconnect();
+      };
+    });
+  }
+  /**
+  * Attempts mid-session reconnects after a drop, up to `reconnectAttempts`
+  * times. Only fires when a successful connection was previously established.
+  */
+  maybeReconnect() {
+    if (this._destroyed) return;
+    if (!this._hadSuccessfulConnection) return;
+    if (this._midSessionReconnectCount >= this.options.reconnectAttempts) return;
+    this._midSessionReconnectCount++;
+    this.logger?.warn("WebSocket disconnected \u2014 attempting reconnect", {
+      url: this.url,
+      attempt: this._midSessionReconnectCount,
+      maxAttempts: this.options.reconnectAttempts
+    });
+    setTimeout(() => {
+      this._connectOnce().catch((error) => {
+        const err = error instanceof Error ? error : new Error(String(error));
+        this.logger?.error("Reconnect failed", {
+          attempt: this._midSessionReconnectCount
+        }, err);
+        this.emit("error", err);
+      });
+    }, this.options.reconnectInterval);
+  }
+};
+function isWebSocketError(v) {
+  return typeof v === "object" && v !== null && typeof v["message"] === "string" && typeof v["type"] === "string";
+}
+__name(isWebSocketError, "isWebSocketError");
+var Session = class _Session {
+  static {
+    __name(this, "Session");
+  }
+  transport;
+  _connectionId;
+  _sharedSecret;
+  requestTimeout;
+  logger;
+  _disposed = false;
+  _abort = new AbortController();
+  /**
+  * Session is only constructed with fully-validated crypto material.
+  * All handshake and attestation work is done in the static handshake() factory
+  * before this constructor is called.
+  */
+  constructor(transport, _connectionId, _sharedSecret, requestTimeout, logger) {
+    this.transport = transport;
+    this._connectionId = _connectionId;
+    this._sharedSecret = _sharedSecret;
+    this.requestTimeout = requestTimeout;
+    this.logger = logger;
+  }
+  get connectionId() {
+    return this._connectionId;
+  }
+  get sharedSecret() {
+    if (this._disposed) {
+      throw new SessionDisposedError();
+    }
+    return this._sharedSecret;
+  }
+  /**
+  * Performs the ML-KEM-768 handshake over an established transport connection
+  * and returns a fully authenticated Session. All crypto material is derived
+  * before the Session object is created — the constructor never receives
+  * partially-initialised state.
+  *
+  * Attestation is verified (when configured) before the Session is returned.
+  */
+  static async handshake(transport, traceContext, options = {}, logger) {
+    const requestTimeout = options.requestTimeout ?? 3e4;
+    const { encapsulationKey, decapsulationKey } = generateMlKem768Keypair();
+    const nonceBytes = randomBytes(32);
+    const request = new HandshakeV1RequestMessage({
+      challenge: encapsulationKey,
+      nonce: nonceBytes,
+      traceContext
+    });
+    let data;
+    try {
+      data = await _Session.doRequest(transport, request, requestTimeout);
+    } catch (error) {
+      decapsulationKey.fill(0);
+      nonceBytes.fill(0);
+      const message = error instanceof Error ? error.message : String(error);
+      throw new SessionHandshakeError(message);
+    }
+    if (!data.encapsulatedSharedSecret || !data.connectionId) {
+      decapsulationKey.fill(0);
+      nonceBytes.fill(0);
+      throw new SessionHandshakeInvalidResponseError();
+    }
+    const connectionId = data.connectionId;
+    const cipherText = hexToBytes(data.encapsulatedSharedSecret);
+    const sharedSecret = decapsulateMlKem768(decapsulationKey, cipherText);
+    decapsulationKey.fill(0);
+    if (options.attestationVerifier && !options.bypassAttestation) {
+      if (!data.attestationDoc) {
+        sharedSecret.fill(0);
+        nonceBytes.fill(0);
+        throw new SessionAttestationError({
+          reason: "Server did not return an attestation document"
+        });
+      }
+      try {
+        await _Session.verifyAttestation(data.attestationDoc, cipherText, nonceBytes, options.attestationVerifier);
+      } catch (error) {
+        sharedSecret.fill(0);
+        nonceBytes.fill(0);
+        throw error;
+      }
+    }
+    nonceBytes.fill(0);
+    logger?.debug("Handshake completed", {
+      connectionId
+    });
+    return new _Session(transport, connectionId, sharedSecret, requestTimeout, logger);
+  }
+  sendRequest(message) {
+    if (this._disposed) {
+      return Promise.reject(new SessionDisposedError());
+    }
+    return _Session.doRequest(this.transport, message, this.requestTimeout, this._abort.signal);
+  }
+  dispose() {
+    if (this._disposed) return;
+    this._disposed = true;
+    this._abort.abort();
+    this._sharedSecret.fill(0);
+    this.logger?.debug("Session disposed", {
+      connectionId: this._connectionId
+    });
+  }
+  /**
+  * Sends a single request and resolves with the decoded response data.
+  * Used by both handshake() and sendRequest(). The optional AbortSignal
+  * allows dispose() to cancel all in-flight requests immediately.
+  */
+  static doRequest(transport, message, timeout, signal) {
+    const requestId = _Session.generateRequestId();
+    return new Promise((resolve, reject) => {
+      if (signal?.aborted) {
+        reject(new SessionDisposedError());
+        return;
+      }
+      const cleanup = /* @__PURE__ */ __name(() => {
+        clearTimeout(timeoutHandle);
+        transport.off("message", handler);
+        signal?.removeEventListener("abort", onAbort);
+      }, "cleanup");
+      const onAbort = /* @__PURE__ */ __name(() => {
+        cleanup();
+        reject(new SessionDisposedError());
+      }, "onAbort");
+      signal?.addEventListener("abort", onAbort, {
+        once: true
+      });
+      const timeoutHandle = setTimeout(() => {
+        cleanup();
+        reject(new SessionRequestTimeoutError({
+          requestId
+        }));
+      }, timeout);
+      const handler = /* @__PURE__ */ __name((rawData) => {
+        let parsed;
+        try {
+          parsed = JSON.parse(rawData);
+        } catch {
+          return;
+        }
+        if (parsed["requestId"] !== requestId) return;
+        cleanup();
+        const { requestId: _rid, ...body } = parsed;
+        let msg = null;
+        try {
+          const result = messageRegistry.decode(body);
+          if (either.isRight(result)) msg = result.right;
+        } catch {
+        }
+        if (msg === null) {
+          reject(new SessionMessageParseError({
+            requestId
+          }));
+          return;
+        }
+        if (msg.type === "error") {
+          reject(isWebSocketError(msg.error) ? new SessionRemoteError(msg.error) : new SessionMessageParseError({
+            requestId
+          }));
+        } else {
+          resolve(msg.getData());
+        }
+      }, "handler");
+      transport.on("message", handler);
+      try {
+        transport.send(_Session.serializeWithRequestId(message, requestId));
+      } catch (error) {
+        cleanup();
+        reject(error instanceof Error ? error : new Error(String(error)));
+      }
+    });
+  }
+  /**
+  * Serialises a message with the given requestId injected without mutating
+  * the original message object. Handles both encodeable (registry) messages
+  * and plain objects.
+  */
+  static serializeWithRequestId(message, requestId) {
+    const msg = message;
+    if (typeof msg["encode"] === "function") {
+      const encoded = msg["encode"]();
+      encoded["requestId"] = requestId;
+      return JSON.stringify(encoded);
+    }
+    return JSON.stringify({
+      ...msg,
+      requestId
+    });
+  }
+  static generateRequestId() {
+    const rand = randomBytes(8);
+    return `req_${Array.from(rand).map((b) => b.toString(16).padStart(2, "0")).join("")}`;
+  }
+  static async verifyAttestation(attestationDocBase64, cipherText, nonce, verifier) {
+    const challengeHash = sha256(cipherText);
+    const expectedChallenge = Array.from(challengeHash).map((b) => b.toString(16).padStart(2, "0")).join("");
+    const result = await verifier.verify(attestationDocBase64, expectedChallenge, nonce);
+    if (!result.valid) {
+      throw new SessionAttestationError({
+        errors: result.errors
+      });
+    }
+  }
+};
+
+// src/client-v2/logger.ts
+var Logger = class {
+  static {
+    __name(this, "Logger");
+  }
+  externalLogger;
+  MESSAGE_PREFIX = "[ForwardMPCClientV2]";
+  constructor(externalLogger) {
+    this.externalLogger = externalLogger;
+  }
+  debug(message, messageContext, error) {
+    this.externalLogger?.debug(`${this.MESSAGE_PREFIX} ${message}`, messageContext, error);
+  }
+  info(message, messageContext, error) {
+    this.externalLogger?.info(`${this.MESSAGE_PREFIX} ${message}`, messageContext, error);
+  }
+  warn(message, messageContext, error) {
+    this.externalLogger?.warn(`${this.MESSAGE_PREFIX} ${message}`, messageContext, error);
+  }
+  error(message, messageContext, error) {
+    this.externalLogger?.error(`${this.MESSAGE_PREFIX} ${message}`, messageContext, error);
+  }
+};
+
+// src/client-v2/client-v2.ts
+var ForwardMPCClientV2 = class extends EventEmitter2 {
+  static {
+    __name(this, "ForwardMPCClientV2");
+  }
+  url;
+  options;
+  transport;
+  sessionOptions;
+  logger;
+  session = null;
+  _connectPromise = null;
+  _handshaking = false;
+  _disconnectedIntentionally = false;
+  constructor(url, options = {}) {
+    super();
+    this.url = url;
+    this.options = options;
+    if (options.dangerouslyBypassAttestation) {
+      console.warn("[ForwardMPCClientV2] dangerouslyBypassAttestation is enabled \u2014 attestation verification is disabled. Do not use in production.");
+    } else if (!options.attestationVerifier && !options.attestationConfig) {
+      console.warn("[ForwardMPCClientV2] No attestation verifier configured \u2014 connections will not be attested. This is insecure in production.");
+    }
+    this.logger = new Logger(this.options.logger);
+    const transportOptions = {
+      reconnectAttempts: this.options.reconnectAttempts,
+      reconnectInterval: this.options.reconnectInterval,
+      connectionTimeout: this.options.connectionTimeout,
+      logger: this.logger
+    };
+    this.transport = new ForwardMPCTransport(url, transportOptions);
+    const attestationVerifier = options.attestationVerifier ?? (options.attestationConfig ? new NitroAttestationVerifier(options.attestationConfig) : void 0);
+    this.sessionOptions = {
+      attestationVerifier,
+      bypassAttestation: options.dangerouslyBypassAttestation,
+      requestTimeout: options.requestTimeout
+    };
+    this.transport.on("connected", () => this.onTransportConnected());
+    this.transport.on("disconnected", () => this.onTransportDisconnected());
+    this.transport.on("error", (error) => this.emit("error", error));
+  }
+  get connected() {
+    return this.transport.connected && this.session !== null;
+  }
+  /**
+  * Opens the WebSocket connection and performs the ML-KEM-768 handshake.
+  * Resolves once the session is fully established (and attested, if configured).
+  * Concurrent calls coalesce on a single in-flight promise.
+  */
+  async connect(traceContext) {
+    if (this.session) return;
+    if (this._connectPromise) return this._connectPromise;
+    this._connectPromise = this._doConnect(traceContext).finally(() => {
+      this._connectPromise = null;
+    });
+    return this._connectPromise;
+  }
+  /**
+  * Disposes the current session (zeroing crypto material) and closes the transport.
+  */
+  disconnect() {
+    this._disconnectedIntentionally = true;
+    this.session?.dispose();
+    this.session = null;
+    this.transport.disconnect();
+  }
+  async signMessage(params) {
+    const session = await this.ensureSession();
+    let messageToSign;
+    if (typeof params.message === "string") {
+      const hex = params.message.startsWith("0x") ? params.message.slice(2) : params.message;
+      messageToSign = hexToBytes(hex);
+    } else {
+      messageToSign = params.message;
+    }
+    const encryptedKeyshare = encryptKeyshare(params.keyshare, session.sharedSecret, session.connectionId, fromDynamicSigningAlgorithm(params.signingAlgo));
+    const request = new SignMessageV1RequestMessage({
+      relayDomain: params.relayDomain,
+      signingAlgo: params.signingAlgo,
+      hashAlgo: params.hashAlgo,
+      derivationPath: params.derivationPath,
+      tweak: params.tweak,
+      keyshare: encryptedKeyshare,
+      message: messageToSign,
+      roomUuid: params.roomUuid,
+      traceContext: params.traceContext,
+      userId: params.userId,
+      environmentId: params.environmentId
+    });
+    const { signature } = await session.sendRequest(request);
+    if (!signature) {
+      throw new SessionServerError("No signature in response");
+    }
+    return {
+      signature
+    };
+  }
+  /**
+  * MPC key generation for ECDSA and BIP340.
+  * ED25519 is not supported here — use receiveKey() instead.
+  */
+  async keygen(params) {
+    if (params.signingAlgo === SigningAlgorithm.ED25519) {
+      throw new ClientUnsupportedAlgorithmError();
+    }
+    const session = await this.ensureSession();
+    const encryptedKeygenInit = encryptKeygenInit(params.keygenInit, session.sharedSecret, session.connectionId);
+    const request = new KeygenV1RequestMessage({
+      relayDomain: params.relayDomain,
+      signingAlgo: params.signingAlgo,
+      roomUuid: params.roomUuid,
+      numParties: params.numParties,
+      threshold: params.threshold,
+      keygenInit: encryptedKeygenInit,
+      keygenIds: params.keygenIds,
+      traceContext: params.traceContext,
+      userId: params.userId,
+      environmentId: params.environmentId
+    });
+    const { keygenResult } = await session.sendRequest(request);
+    if (!keygenResult) {
+      throw new SessionServerError("No keygen result in response");
+    }
+    return decryptKeygenResult(keygenResult, session.sharedSecret, session.connectionId);
+  }
+  /**
+  * Receives an ED25519 key generated by another party (ExportableEd25519).
+  */
+  async receiveKey(params) {
+    const session = await this.ensureSession();
+    const encryptedKeygenInit = encryptKeygenInit(params.keygenInit, session.sharedSecret, session.connectionId);
+    const request = new ReceiveKeyV1RequestMessage({
+      relayDomain: params.relayDomain,
+      signingAlgo: "ed25519",
+      roomUuid: params.roomUuid,
+      numParties: params.numParties,
+      threshold: params.threshold,
+      keygenInit: encryptedKeygenInit,
+      keygenIds: params.keygenIds,
+      traceContext: params.traceContext,
+      userId: params.userId,
+      environmentId: params.environmentId
+    });
+    const { keygenResult } = await session.sendRequest(request);
+    if (!keygenResult) {
+      throw new SessionServerError("No keygen result in response");
+    }
+    return decryptKeygenResult(keygenResult, session.sharedSecret, session.connectionId);
+  }
+  /**
+  * Ensures an active session exists, auto-connecting if needed.
+  */
+  async ensureSession() {
+    if (this.session) return this.session;
+    await this.connect();
+    if (!this.session) {
+      throw new ClientSessionEstablishFailedError();
+    }
+    return this.session;
+  }
+  async _runHandshake(traceContext) {
+    this.session = await Session.handshake(this.transport, traceContext, this.sessionOptions, this.logger);
+    this.emit("connected");
+  }
+  async _doConnect(traceContext) {
+    this._handshaking = true;
+    try {
+      await this.transport.connect();
+      await this._runHandshake(traceContext);
+    } finally {
+      this._handshaking = false;
+    }
+  }
+  /**
+  * Called when the transport connects (both initial and after auto-reconnect).
+  * The `_handshaking` flag is set synchronously at the top of `_doConnect`
+  * before any await, so it reliably indicates when we already own the handshake.
+  *
+  * For transport-initiated reconnects, `_connectPromise` is set so that
+  * concurrent `connect()` or `ensureSession()` callers coalesce on the
+  * in-flight handshake rather than initiating a second one.
+  */
+  onTransportConnected() {
+    if (this._handshaking) return;
+    this._handshaking = true;
+    const doHandshake = /* @__PURE__ */ __name(async () => {
+      try {
+        await this._runHandshake();
+      } catch (error) {
+        this.emit("error", error instanceof Error ? error : new Error(String(error)));
+      } finally {
+        this._handshaking = false;
+        this._connectPromise = null;
+      }
+    }, "doHandshake");
+    this._connectPromise = doHandshake();
+  }
+  onTransportDisconnected() {
+    const intentional = this._disconnectedIntentionally;
+    this._disconnectedIntentionally = false;
+    this.session?.dispose();
+    this.session = null;
+    if (!intentional) {
+      this.logger.warn("Unexpected WebSocket disconnect");
+    }
+    this.emit("disconnected");
+  }
+};
+
+// src/client-v2/utils.ts
+function deepEqual(obj1, obj2) {
+  if (obj1 === obj2) return true;
+  if (typeof obj1 !== "object" || obj1 === null || typeof obj2 !== "object" || obj2 === null) {
+    return false;
+  }
+  const keys1 = Object.keys(obj1);
+  const keys2 = Object.keys(obj2);
+  if (keys1.length !== keys2.length) return false;
+  for (const key of keys1) {
+    if (!keys2.includes(key) || !deepEqual(obj1[key], obj2[key])) {
+      return false;
+    }
+  }
+  return true;
+}
+__name(deepEqual, "deepEqual");
+
+// src/client-v2/singleton.ts
+var ForwardMPCClientSingleton = class _ForwardMPCClientSingleton extends ForwardMPCClientV2 {
+  static {
+    __name(this, "ForwardMPCClientSingleton");
+  }
+  static _instance = null;
+  constructor(url, options) {
+    const existing = _ForwardMPCClientSingleton._instance;
+    if (existing !== null) {
+      if (existing.url !== url) {
+        throw new Error(`ForwardMPCClientSingleton already exists for "${existing.url}". Call disconnect() first to create a new instance.`);
+      }
+      if (!deepEqual(options, existing.options)) {
+        throw new Error(`ForwardMPCClientSingleton already exists for the same URL but with different options.Call disconnect() first to create a new instance.`);
+      }
+      return existing;
+    }
+    super(url, options);
+    _ForwardMPCClientSingleton._instance = this;
+  }
+  disconnect() {
+    super.disconnect();
+    if (_ForwardMPCClientSingleton._instance === this) {
+      _ForwardMPCClientSingleton._instance = null;
+    }
+  }
+};
+
+export { ClientError, ClientSessionEstablishFailedError, ClientUnsupportedAlgorithmError, ErrorCode, ForwardMPCClient, ForwardMPCClientSingleton, ForwardMPCClientV2, ForwardMPCError, ForwardMPCErrorType, NitroAttestationVerifier, SessionAttestationError, SessionAttestationNonceMissingError, SessionDisposedError, SessionError, SessionHandshakeError, SessionHandshakeInvalidResponseError, SessionMessageParseError, SessionRemoteError, SessionRequestTimeoutError, SessionServerError, TransportConnectionError, TransportConnectionTimeoutError, TransportError, TransportNotConnectedError };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map