@dynamic-labs-wallet/forward-mpc-client 0.9.0 → 0.10.1

package/dist/index.d.cts

@@ -1,8 +1,9 @@
 import EventEmitter$1, { EventEmitter } from 'eventemitter3';
-import { BaseWebSocketMessage, TraceContext, HashAlgorithm, encryptKeyshare, WebSocketError } from '@dynamic-labs-wallet/forward-mpc-shared';
+import { BaseWebSocketMessage, TraceContext, HashAlgorithm, encryptKeyshare } from '@dynamic-labs-wallet/forward-mpc-shared';
 export { BaseWebSocketMessage, ErrorResponse, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, WebSocketError, WebSocketErrorType } from '@dynamic-labs-wallet/forward-mpc-shared';
 import { SigningAlgorithm } from '@dynamic-labs-wallet/primitives';
 export { SigningAlgorithm } from '@dynamic-labs-wallet/primitives';
+export { A as AttestationErrorCode, C as ClientError, a as ClientSessionEstablishFailedError, b as ClientUnsupportedAlgorithmError, E as ErrorCode, F as ForwardMPCError, c as ForwardMPCErrorType, d as ForwardMpcErrorClassification, e as ForwardMpcErrorType, S as SessionAttestationError, f as SessionDisposedError, g as SessionError, h as SessionHandshakeError, i as SessionHandshakeInvalidResponseError, j as SessionMessageParseError, k as SessionRemoteError, l as SessionRequestTimeoutError, m as SessionServerError, T as TransportConnectionError, n as TransportConnectionTimeoutError, o as TransportError, p as TransportNotConnectedError, q as classifyForwardMpcError, r as isAttestationError, s as isForwardMpcError } from './utils-D77Qzra4.cjs';
 
 /**
  * Result of attestation document verification
@@ -278,183 +279,6 @@ declare class ForwardMPCClientV2 extends EventEmitter$1<ClientV2Events> {
 declare class ForwardMPCClientSingleton extends ForwardMPCClientV2 {
 }
 
-declare const ErrorCode: {
-    readonly CONNECTION_FAILED: "CONNECTION_FAILED";
-    readonly CONNECTION_TIMEOUT: "CONNECTION_TIMEOUT";
-    readonly NOT_CONNECTED: "NOT_CONNECTED";
-    readonly HANDSHAKE_FAILED: "HANDSHAKE_FAILED";
-    readonly HANDSHAKE_INVALID_RESPONSE: "HANDSHAKE_INVALID_RESPONSE";
-    readonly ATTESTATION_FAILED: "ATTESTATION_FAILED";
-    readonly ATTESTATION_PCR_MISMATCH: "ATTESTATION_PCR_MISMATCH";
-    readonly ATTESTATION_CHALLENGE_MISMATCH: "ATTESTATION_CHALLENGE_MISMATCH";
-    readonly ATTESTATION_NONCE_MISMATCH: "ATTESTATION_NONCE_MISMATCH";
-    readonly ATTESTATION_NONCE_MISSING: "ATTESTATION_NONCE_MISSING";
-    readonly ATTESTATION_DOCUMENT_MISSING: "ATTESTATION_DOCUMENT_MISSING";
-    readonly REQUEST_TIMEOUT: "REQUEST_TIMEOUT";
-    readonly SESSION_DISPOSED: "SESSION_DISPOSED";
-    readonly SERVER_ERROR: "SERVER_ERROR";
-    readonly MESSAGE_PARSE_FAILED: "MESSAGE_PARSE_FAILED";
-    readonly SESSION_ESTABLISH_FAILED: "SESSION_ESTABLISH_FAILED";
-    readonly UNSUPPORTED_ALGORITHM: "UNSUPPORTED_ALGORITHM";
-};
-type ErrorCode = (typeof ErrorCode)[keyof typeof ErrorCode];
-/**
- * Focused subset of ErrorCode for attestation verification failures.
- * Use with `error.code` to distinguish failure modes on SessionAttestationError.
- */
-declare const AttestationErrorCode: {
-    /** Generic / unrecognised attestation failure */
-    readonly FAILED: "ATTESTATION_FAILED";
-    /** PCR8 hash mismatch — enclave measurement changed */
-    readonly PCR_MISMATCH: "ATTESTATION_PCR_MISMATCH";
-    /** Challenge / ciphertext binding mismatch */
-    readonly CHALLENGE_MISMATCH: "ATTESTATION_CHALLENGE_MISMATCH";
-    /** Nonce value mismatch — possible tampering */
-    readonly NONCE_MISMATCH: "ATTESTATION_NONCE_MISMATCH";
-    /** Nonce field missing from attestation document */
-    readonly NONCE_MISSING: "ATTESTATION_NONCE_MISSING";
-    /** Server did not return an attestation document */
-    readonly DOCUMENT_MISSING: "ATTESTATION_DOCUMENT_MISSING";
-};
-type AttestationErrorCode = (typeof AttestationErrorCode)[keyof typeof AttestationErrorCode];
-declare const ForwardMPCErrorType: {
-    readonly TRANSPORT: "transport";
-    readonly SESSION: "session";
-    readonly CLIENT: "client";
-};
-type ForwardMPCErrorType = (typeof ForwardMPCErrorType)[keyof typeof ForwardMPCErrorType];
-/**
- * Abstract root for all Forward MPC errors.
- * `instanceof ForwardMPCError` is true for every error thrown by this library.
- */
-declare abstract class ForwardMPCError extends Error {
-    readonly code: ErrorCode;
-    readonly type: ForwardMPCErrorType;
-    readonly context?: Record<string, unknown>;
-    constructor(message: string, code: ErrorCode, type: ForwardMPCErrorType, context?: Record<string, unknown>);
-    toJSON(): Record<string, unknown>;
-}
-/** Abstract base for errors originating from the WebSocket / transport layer. */
-declare abstract class TransportError extends ForwardMPCError {
-    constructor(message: string, code: ErrorCode, context?: Record<string, unknown>);
-}
-/** Abstract base for errors originating from the session / crypto / protocol layer. */
-declare abstract class SessionError extends ForwardMPCError {
-    constructor(message: string, code: ErrorCode, context?: Record<string, unknown>);
-}
-/** Abstract base for errors originating from the client / application layer. */
-declare abstract class ClientError extends ForwardMPCError {
-    constructor(message: string, code: ErrorCode, context?: Record<string, unknown>);
-}
-declare class TransportConnectionError extends TransportError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class TransportConnectionTimeoutError extends TransportError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class TransportNotConnectedError extends TransportError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class SessionHandshakeError extends SessionError {
-    constructor(reason: string, context?: Record<string, unknown>);
-}
-declare class SessionHandshakeInvalidResponseError extends SessionError {
-    constructor(context?: Record<string, unknown>);
-}
-/**
- * Attestation verification failure.
- * Use `error.code` to distinguish failure reasons (e.g. ATTESTATION_PCR_MISMATCH)
- * and `error.cause` to inspect the original verifier error.
- */
-declare class SessionAttestationError extends SessionError {
-    readonly cause?: unknown;
-    constructor(message?: string, code?: ErrorCode, context?: Record<string, unknown>, cause?: unknown);
-}
-declare class SessionRequestTimeoutError extends SessionError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class SessionDisposedError extends SessionError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class SessionServerError extends SessionError {
-    constructor(reason: string, context?: Record<string, unknown>);
-}
-declare class SessionMessageParseError extends SessionError {
-    constructor(context?: Record<string, unknown>);
-}
-/**
- * The remote server returned an explicit error response.
- * Carries the full WebSocketError payload so callers can inspect
- * `serverError.type` and `serverError.details`.
- */
-declare class SessionRemoteError extends SessionError {
-    readonly serverError: WebSocketError;
-    constructor(serverError: WebSocketError, context?: Record<string, unknown>);
-}
-declare class ClientUnsupportedAlgorithmError extends ClientError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class ClientSessionEstablishFailedError extends ClientError {
-    constructor(context?: Record<string, unknown>);
-}
-
-/**
- * Error classification result from Forward MPC operations.
- */
-type ForwardMpcErrorType = 'ATTESTATION_FAILURE' | 'FORWARD_MPC_TIMEOUT' | 'FORWARD_MPC_ERROR';
-/**
- * Result of classifying a Forward MPC error.
- */
-interface ForwardMpcErrorClassification {
-    /** The type of error encountered */
-    errorType: ForwardMpcErrorType;
-    /** Error code from ForwardMPCError, if available */
-    errorCode: string | undefined;
-    /** Error message */
-    errorMessage: string;
-    /** Attestation verification errors, if this is an attestation failure */
-    attestationErrors?: unknown[];
-    /** Whether the session was established before the error occurred */
-    sessionEstablished: boolean;
-    /** Whether this error should trigger a fallback to relay-based MPC */
-    shouldFallback: boolean;
-}
-/**
- * Classifies a Forward MPC error and returns structured data for logging.
- * Use this to standardize error handling across keygen, signing, and connect operations.
- *
- * @param error - The error to classify
- * @returns Classification result with error details and recommended action
- *
- * @example
- * ```typescript
- * try {
- *   await forwardMpcClient.sign(...);
- * } catch (error) {
- *   const classification = classifyForwardMpcError(error);
- *   logger.warn(`Forward MPC ${operation} failed`, {
- *     ...classification,
- *     chainName,
- *     environmentId,
- *   });
- *   if (classification.shouldFallback) {
- *     // Fall through to relay-based MPC
- *   } else {
- *     throw error;
- *   }
- * }
- * ```
- */
-declare function classifyForwardMpcError(error: unknown): ForwardMpcErrorClassification;
-/**
- * Type guard to check if an error is a Forward MPC error that should be handled.
- */
-declare function isForwardMpcError(error: unknown): error is ForwardMPCError;
-/**
- * Type guard to check if an error is an attestation failure.
- */
-declare function isAttestationError(error: unknown): error is SessionAttestationError;
-
 /**
  * Nitro Enclave Attestation Document Verifier
  * Uses Evervault's official WASM attestation bindings
@@ -487,4 +311,4 @@ declare class NitroAttestationVerifier implements AttestationVerifier {
     verify(attestationDocBase64: string, expectedChallenge: string, nonce: Uint8Array): Promise<AttestationVerificationResult>;
 }
 
-export { AttestationErrorCode, type AttestationVerificationConfig, type AttestationVerificationResult, type AttestationVerifier, ClientError, type ClientEvents, ClientSessionEstablishFailedError, ClientUnsupportedAlgorithmError, type ClientV2Events, ErrorCode, type ExternalLogger, ForwardMPCClient, type ForwardMPCClientOptions, ForwardMPCClientSingleton, ForwardMPCClientV2, type ForwardMPCClientV2Options, ForwardMPCError, ForwardMPCErrorType, type ForwardMpcErrorClassification, type ForwardMpcErrorType, type KeygenParams, type KeygenResult, NitroAttestationVerifier, type ReceiveKeyParams, type ReceiveKeyResult, SessionAttestationError, SessionDisposedError, SessionError, SessionHandshakeError, SessionHandshakeInvalidResponseError, SessionMessageParseError, SessionRemoteError, SessionRequestTimeoutError, SessionServerError, type SignMessageParams, type SignMessageResult, TransportConnectionError, TransportConnectionTimeoutError, TransportError, TransportNotConnectedError, classifyForwardMpcError, isAttestationError, isForwardMpcError };
+export { type AttestationVerificationConfig, type AttestationVerificationResult, type AttestationVerifier, type ClientEvents, type ClientV2Events, type ExternalLogger, ForwardMPCClient, type ForwardMPCClientOptions, ForwardMPCClientSingleton, ForwardMPCClientV2, type ForwardMPCClientV2Options, type KeygenParams, type KeygenResult, NitroAttestationVerifier, type ReceiveKeyParams, type ReceiveKeyResult, type SignMessageParams, type SignMessageResult };

package/dist/index.d.ts

@@ -1,8 +1,9 @@
 import EventEmitter$1, { EventEmitter } from 'eventemitter3';
-import { BaseWebSocketMessage, TraceContext, HashAlgorithm, encryptKeyshare, WebSocketError } from '@dynamic-labs-wallet/forward-mpc-shared';
+import { BaseWebSocketMessage, TraceContext, HashAlgorithm, encryptKeyshare } from '@dynamic-labs-wallet/forward-mpc-shared';
 export { BaseWebSocketMessage, ErrorResponse, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, WebSocketError, WebSocketErrorType } from '@dynamic-labs-wallet/forward-mpc-shared';
 import { SigningAlgorithm } from '@dynamic-labs-wallet/primitives';
 export { SigningAlgorithm } from '@dynamic-labs-wallet/primitives';
+export { A as AttestationErrorCode, C as ClientError, a as ClientSessionEstablishFailedError, b as ClientUnsupportedAlgorithmError, E as ErrorCode, F as ForwardMPCError, c as ForwardMPCErrorType, d as ForwardMpcErrorClassification, e as ForwardMpcErrorType, S as SessionAttestationError, f as SessionDisposedError, g as SessionError, h as SessionHandshakeError, i as SessionHandshakeInvalidResponseError, j as SessionMessageParseError, k as SessionRemoteError, l as SessionRequestTimeoutError, m as SessionServerError, T as TransportConnectionError, n as TransportConnectionTimeoutError, o as TransportError, p as TransportNotConnectedError, q as classifyForwardMpcError, r as isAttestationError, s as isForwardMpcError } from './utils-D77Qzra4.js';
 
 /**
  * Result of attestation document verification
@@ -278,183 +279,6 @@ declare class ForwardMPCClientV2 extends EventEmitter$1<ClientV2Events> {
 declare class ForwardMPCClientSingleton extends ForwardMPCClientV2 {
 }
 
-declare const ErrorCode: {
-    readonly CONNECTION_FAILED: "CONNECTION_FAILED";
-    readonly CONNECTION_TIMEOUT: "CONNECTION_TIMEOUT";
-    readonly NOT_CONNECTED: "NOT_CONNECTED";
-    readonly HANDSHAKE_FAILED: "HANDSHAKE_FAILED";
-    readonly HANDSHAKE_INVALID_RESPONSE: "HANDSHAKE_INVALID_RESPONSE";
-    readonly ATTESTATION_FAILED: "ATTESTATION_FAILED";
-    readonly ATTESTATION_PCR_MISMATCH: "ATTESTATION_PCR_MISMATCH";
-    readonly ATTESTATION_CHALLENGE_MISMATCH: "ATTESTATION_CHALLENGE_MISMATCH";
-    readonly ATTESTATION_NONCE_MISMATCH: "ATTESTATION_NONCE_MISMATCH";
-    readonly ATTESTATION_NONCE_MISSING: "ATTESTATION_NONCE_MISSING";
-    readonly ATTESTATION_DOCUMENT_MISSING: "ATTESTATION_DOCUMENT_MISSING";
-    readonly REQUEST_TIMEOUT: "REQUEST_TIMEOUT";
-    readonly SESSION_DISPOSED: "SESSION_DISPOSED";
-    readonly SERVER_ERROR: "SERVER_ERROR";
-    readonly MESSAGE_PARSE_FAILED: "MESSAGE_PARSE_FAILED";
-    readonly SESSION_ESTABLISH_FAILED: "SESSION_ESTABLISH_FAILED";
-    readonly UNSUPPORTED_ALGORITHM: "UNSUPPORTED_ALGORITHM";
-};
-type ErrorCode = (typeof ErrorCode)[keyof typeof ErrorCode];
-/**
- * Focused subset of ErrorCode for attestation verification failures.
- * Use with `error.code` to distinguish failure modes on SessionAttestationError.
- */
-declare const AttestationErrorCode: {
-    /** Generic / unrecognised attestation failure */
-    readonly FAILED: "ATTESTATION_FAILED";
-    /** PCR8 hash mismatch — enclave measurement changed */
-    readonly PCR_MISMATCH: "ATTESTATION_PCR_MISMATCH";
-    /** Challenge / ciphertext binding mismatch */
-    readonly CHALLENGE_MISMATCH: "ATTESTATION_CHALLENGE_MISMATCH";
-    /** Nonce value mismatch — possible tampering */
-    readonly NONCE_MISMATCH: "ATTESTATION_NONCE_MISMATCH";
-    /** Nonce field missing from attestation document */
-    readonly NONCE_MISSING: "ATTESTATION_NONCE_MISSING";
-    /** Server did not return an attestation document */
-    readonly DOCUMENT_MISSING: "ATTESTATION_DOCUMENT_MISSING";
-};
-type AttestationErrorCode = (typeof AttestationErrorCode)[keyof typeof AttestationErrorCode];
-declare const ForwardMPCErrorType: {
-    readonly TRANSPORT: "transport";
-    readonly SESSION: "session";
-    readonly CLIENT: "client";
-};
-type ForwardMPCErrorType = (typeof ForwardMPCErrorType)[keyof typeof ForwardMPCErrorType];
-/**
- * Abstract root for all Forward MPC errors.
- * `instanceof ForwardMPCError` is true for every error thrown by this library.
- */
-declare abstract class ForwardMPCError extends Error {
-    readonly code: ErrorCode;
-    readonly type: ForwardMPCErrorType;
-    readonly context?: Record<string, unknown>;
-    constructor(message: string, code: ErrorCode, type: ForwardMPCErrorType, context?: Record<string, unknown>);
-    toJSON(): Record<string, unknown>;
-}
-/** Abstract base for errors originating from the WebSocket / transport layer. */
-declare abstract class TransportError extends ForwardMPCError {
-    constructor(message: string, code: ErrorCode, context?: Record<string, unknown>);
-}
-/** Abstract base for errors originating from the session / crypto / protocol layer. */
-declare abstract class SessionError extends ForwardMPCError {
-    constructor(message: string, code: ErrorCode, context?: Record<string, unknown>);
-}
-/** Abstract base for errors originating from the client / application layer. */
-declare abstract class ClientError extends ForwardMPCError {
-    constructor(message: string, code: ErrorCode, context?: Record<string, unknown>);
-}
-declare class TransportConnectionError extends TransportError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class TransportConnectionTimeoutError extends TransportError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class TransportNotConnectedError extends TransportError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class SessionHandshakeError extends SessionError {
-    constructor(reason: string, context?: Record<string, unknown>);
-}
-declare class SessionHandshakeInvalidResponseError extends SessionError {
-    constructor(context?: Record<string, unknown>);
-}
-/**
- * Attestation verification failure.
- * Use `error.code` to distinguish failure reasons (e.g. ATTESTATION_PCR_MISMATCH)
- * and `error.cause` to inspect the original verifier error.
- */
-declare class SessionAttestationError extends SessionError {
-    readonly cause?: unknown;
-    constructor(message?: string, code?: ErrorCode, context?: Record<string, unknown>, cause?: unknown);
-}
-declare class SessionRequestTimeoutError extends SessionError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class SessionDisposedError extends SessionError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class SessionServerError extends SessionError {
-    constructor(reason: string, context?: Record<string, unknown>);
-}
-declare class SessionMessageParseError extends SessionError {
-    constructor(context?: Record<string, unknown>);
-}
-/**
- * The remote server returned an explicit error response.
- * Carries the full WebSocketError payload so callers can inspect
- * `serverError.type` and `serverError.details`.
- */
-declare class SessionRemoteError extends SessionError {
-    readonly serverError: WebSocketError;
-    constructor(serverError: WebSocketError, context?: Record<string, unknown>);
-}
-declare class ClientUnsupportedAlgorithmError extends ClientError {
-    constructor(context?: Record<string, unknown>);
-}
-declare class ClientSessionEstablishFailedError extends ClientError {
-    constructor(context?: Record<string, unknown>);
-}
-
-/**
- * Error classification result from Forward MPC operations.
- */
-type ForwardMpcErrorType = 'ATTESTATION_FAILURE' | 'FORWARD_MPC_TIMEOUT' | 'FORWARD_MPC_ERROR';
-/**
- * Result of classifying a Forward MPC error.
- */
-interface ForwardMpcErrorClassification {
-    /** The type of error encountered */
-    errorType: ForwardMpcErrorType;
-    /** Error code from ForwardMPCError, if available */
-    errorCode: string | undefined;
-    /** Error message */
-    errorMessage: string;
-    /** Attestation verification errors, if this is an attestation failure */
-    attestationErrors?: unknown[];
-    /** Whether the session was established before the error occurred */
-    sessionEstablished: boolean;
-    /** Whether this error should trigger a fallback to relay-based MPC */
-    shouldFallback: boolean;
-}
-/**
- * Classifies a Forward MPC error and returns structured data for logging.
- * Use this to standardize error handling across keygen, signing, and connect operations.
- *
- * @param error - The error to classify
- * @returns Classification result with error details and recommended action
- *
- * @example
- * ```typescript
- * try {
- *   await forwardMpcClient.sign(...);
- * } catch (error) {
- *   const classification = classifyForwardMpcError(error);
- *   logger.warn(`Forward MPC ${operation} failed`, {
- *     ...classification,
- *     chainName,
- *     environmentId,
- *   });
- *   if (classification.shouldFallback) {
- *     // Fall through to relay-based MPC
- *   } else {
- *     throw error;
- *   }
- * }
- * ```
- */
-declare function classifyForwardMpcError(error: unknown): ForwardMpcErrorClassification;
-/**
- * Type guard to check if an error is a Forward MPC error that should be handled.
- */
-declare function isForwardMpcError(error: unknown): error is ForwardMPCError;
-/**
- * Type guard to check if an error is an attestation failure.
- */
-declare function isAttestationError(error: unknown): error is SessionAttestationError;
-
 /**
  * Nitro Enclave Attestation Document Verifier
  * Uses Evervault's official WASM attestation bindings
@@ -487,4 +311,4 @@ declare class NitroAttestationVerifier implements AttestationVerifier {
     verify(attestationDocBase64: string, expectedChallenge: string, nonce: Uint8Array): Promise<AttestationVerificationResult>;
 }
 
-export { AttestationErrorCode, type AttestationVerificationConfig, type AttestationVerificationResult, type AttestationVerifier, ClientError, type ClientEvents, ClientSessionEstablishFailedError, ClientUnsupportedAlgorithmError, type ClientV2Events, ErrorCode, type ExternalLogger, ForwardMPCClient, type ForwardMPCClientOptions, ForwardMPCClientSingleton, ForwardMPCClientV2, type ForwardMPCClientV2Options, ForwardMPCError, ForwardMPCErrorType, type ForwardMpcErrorClassification, type ForwardMpcErrorType, type KeygenParams, type KeygenResult, NitroAttestationVerifier, type ReceiveKeyParams, type ReceiveKeyResult, SessionAttestationError, SessionDisposedError, SessionError, SessionHandshakeError, SessionHandshakeInvalidResponseError, SessionMessageParseError, SessionRemoteError, SessionRequestTimeoutError, SessionServerError, type SignMessageParams, type SignMessageResult, TransportConnectionError, TransportConnectionTimeoutError, TransportError, TransportNotConnectedError, classifyForwardMpcError, isAttestationError, isForwardMpcError };
+export { type AttestationVerificationConfig, type AttestationVerificationResult, type AttestationVerifier, type ClientEvents, type ClientV2Events, type ExternalLogger, ForwardMPCClient, type ForwardMPCClientOptions, ForwardMPCClientSingleton, ForwardMPCClientV2, type ForwardMPCClientV2Options, type KeygenParams, type KeygenResult, NitroAttestationVerifier, type ReceiveKeyParams, type ReceiveKeyResult, type SignMessageParams, type SignMessageResult };

package/dist/index.js

@@ -16,6 +16,96 @@ var __name = (target, value) => __defProp(target, "name", { value, configurable:
 var ATTESTATION_CONSTANTS = {
   // Maximum age of attestation document in milliseconds
   MAX_ATTESTATION_AGE: 5 * 60 * 1e3};
+
+// src/attestation/attestationDocReader.ts
+var PCRS_LABEL_AND_MAP_HEADER = new Uint8Array([
+  100,
+  112,
+  99,
+  114,
+  115,
+  176
+]);
+var BSTR_48_PREFIX = new Uint8Array([
+  88,
+  48
+]);
+var PCR_VALUE_BYTES = 48;
+var PCR_ENTRIES = 16;
+var TRACKED_PCRS = /* @__PURE__ */ new Set([
+  0,
+  1,
+  2,
+  8
+]);
+function decodeBase64ToBytes(base64) {
+  if (typeof atob !== "undefined") {
+    const binary = atob(base64);
+    const out = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+      out[i] = binary.codePointAt(i) ?? 0;
+    }
+    return out;
+  }
+  return new Uint8Array(Buffer.from(base64, "base64"));
+}
+__name(decodeBase64ToBytes, "decodeBase64ToBytes");
+function bytesToHex(bytes) {
+  let out = "";
+  for (const b of bytes) {
+    out += b.toString(16).padStart(2, "0");
+  }
+  return out;
+}
+__name(bytesToHex, "bytesToHex");
+function findMarker(haystack, needle) {
+  outer: for (let i = 0; i <= haystack.length - needle.length; i++) {
+    for (let j = 0; j < needle.length; j++) {
+      if (haystack[i + j] !== needle[j]) continue outer;
+    }
+    return i;
+  }
+  return -1;
+}
+__name(findMarker, "findMarker");
+function extractPcrsFromAttestationDoc(attestationDocBase64) {
+  const pcrs = {};
+  if (!attestationDocBase64) return pcrs;
+  try {
+    const bytes = decodeBase64ToBytes(attestationDocBase64);
+    const markerIdx = findMarker(bytes, PCRS_LABEL_AND_MAP_HEADER);
+    if (markerIdx < 0) return pcrs;
+    let pos = markerIdx + PCRS_LABEL_AND_MAP_HEADER.length;
+    for (let i = 0; i < PCR_ENTRIES; i++) {
+      if (pos + 1 + BSTR_48_PREFIX.length + PCR_VALUE_BYTES > bytes.length) {
+        break;
+      }
+      const key = bytes[pos++];
+      if (bytes[pos] !== BSTR_48_PREFIX[0] || bytes[pos + 1] !== BSTR_48_PREFIX[1]) {
+        break;
+      }
+      pos += BSTR_48_PREFIX.length;
+      const value = bytes.subarray(pos, pos + PCR_VALUE_BYTES);
+      pos += PCR_VALUE_BYTES;
+      if (TRACKED_PCRS.has(key)) {
+        pcrs[key] = bytesToHex(value);
+      }
+    }
+  } catch {
+  }
+  return pcrs;
+}
+__name(extractPcrsFromAttestationDoc, "extractPcrsFromAttestationDoc");
+function formatPcrMismatchDetail(expectedPcr8, receivedPcrs) {
+  const receivedParts = [];
+  if (receivedPcrs[8] !== void 0) receivedParts.push(`pcr8=${receivedPcrs[8]}`);
+  if (receivedPcrs[0] !== void 0) receivedParts.push(`pcr0=${receivedPcrs[0]}`);
+  if (receivedPcrs[1] !== void 0) receivedParts.push(`pcr1=${receivedPcrs[1]}`);
+  if (receivedPcrs[2] !== void 0) receivedParts.push(`pcr2=${receivedPcrs[2]}`);
+  const received = receivedParts.length > 0 ? receivedParts.join(", ") : "unavailable";
+  return `expected pcr8=${expectedPcr8}; received ${received}`;
+}
+__name(formatPcrMismatchDetail, "formatPcrMismatchDetail");
 var NitroAttestationVerifier = class {
   static {
     __name(this, "NitroAttestationVerifier");
@@ -85,10 +175,12 @@ var NitroAttestationVerifier = class {
         expectedPcrs
       ]);
       if (!isValid) {
+        const receivedPcrs = extractPcrsFromAttestationDoc(attestationDocBase64);
+        const detail = formatPcrMismatchDetail(this.config.expectedPcr8, receivedPcrs);
         return {
           valid: false,
           errors: [
-            "Attestation document PCR verification failed"
+            `Attestation document PCR verification failed (${detail})`
           ],
           timestamp: Date.now()
         };
@@ -591,6 +683,8 @@ var ForwardMPCClient = class extends EventEmitter {
     }
   }
 };
+
+// src/client-v2/errors.ts
 var ErrorCode = {
   // Transport
   CONNECTION_FAILED: "CONNECTION_FAILED",
@@ -797,6 +891,21 @@ var ClientSessionEstablishFailedError = class extends ClientError {
     super("Failed to establish session", ErrorCode.SESSION_ESTABLISH_FAILED, context);
   }
 };
+var FORWARD_MPC_ERROR_NAMES = /* @__PURE__ */ new Set([
+  "TransportConnectionError",
+  "TransportConnectionTimeoutError",
+  "TransportNotConnectedError",
+  "SessionHandshakeError",
+  "SessionHandshakeInvalidResponseError",
+  "SessionAttestationError",
+  "SessionRequestTimeoutError",
+  "SessionDisposedError",
+  "SessionServerError",
+  "SessionMessageParseError",
+  "SessionRemoteError",
+  "ClientUnsupportedAlgorithmError",
+  "ClientSessionEstablishFailedError"
+]);
 
 // src/client-v2/transport.ts
 var ForwardMPCTransport = class extends EventEmitter2 {
@@ -1424,8 +1533,22 @@ var ForwardMPCClientSingleton = class extends ForwardMPCClientV2 {
 };
 
 // src/client-v2/error-classification.ts
+function matchesForwardMpcErrorClass(error, ctor, name) {
+  if (error instanceof ctor) {
+    return true;
+  }
+  return error instanceof Error && error.name === name && typeof error.code === "string";
+}
+__name(matchesForwardMpcErrorClass, "matchesForwardMpcErrorClass");
+function matchesAnyForwardMpcError(error) {
+  if (error instanceof ForwardMPCError) {
+    return true;
+  }
+  return error instanceof Error && FORWARD_MPC_ERROR_NAMES.has(error.name) && typeof error.code === "string";
+}
+__name(matchesAnyForwardMpcError, "matchesAnyForwardMpcError");
 function classifyForwardMpcError(error) {
-  if (error instanceof SessionAttestationError) {
+  if (matchesForwardMpcErrorClass(error, SessionAttestationError, "SessionAttestationError")) {
     return {
       errorType: "ATTESTATION_FAILURE",
       errorCode: error.code,
@@ -1435,22 +1558,22 @@ function classifyForwardMpcError(error) {
       shouldFallback: true
     };
   }
-  if (error instanceof SessionRequestTimeoutError) {
+  if (matchesForwardMpcErrorClass(error, SessionRequestTimeoutError, "SessionRequestTimeoutError")) {
     return {
       errorType: "FORWARD_MPC_TIMEOUT",
       errorCode: error.code,
       errorMessage: error.message,
       sessionEstablished: true,
-      shouldFallback: false
+      shouldFallback: true
     };
   }
-  if (error instanceof ForwardMPCError) {
+  if (matchesAnyForwardMpcError(error)) {
     return {
       errorType: "FORWARD_MPC_ERROR",
       errorCode: error.code,
       errorMessage: error.message,
       sessionEstablished: true,
-      shouldFallback: false
+      shouldFallback: true
     };
   }
   return {
@@ -1458,16 +1581,16 @@ function classifyForwardMpcError(error) {
     errorCode: void 0,
     errorMessage: error instanceof Error ? error.message : String(error),
     sessionEstablished: false,
-    shouldFallback: false
+    shouldFallback: true
   };
 }
 __name(classifyForwardMpcError, "classifyForwardMpcError");
 function isForwardMpcError(error) {
-  return error instanceof ForwardMPCError;
+  return matchesAnyForwardMpcError(error);
 }
 __name(isForwardMpcError, "isForwardMpcError");
 function isAttestationError(error) {
-  return error instanceof SessionAttestationError;
+  return matchesForwardMpcErrorClass(error, SessionAttestationError, "SessionAttestationError");
 }
 __name(isAttestationError, "isAttestationError");