@dynamic-labs-wallet/node 0.0.0-beta-191.1

package/index.cjs.js

@@ -0,0 +1,1176 @@
+'use strict';
+
+var core = require('@dynamic-labs-wallet/core');
+var node = require('./internal/node');
+var logger$1 = require('@dynamic-labs/logger');
+var crypto = require('crypto');
+
+const getMPCSignatureScheme = ({ signingAlgorithm, baseRelayUrl = core.MPC_RELAY_PROD_API_URL })=>{
+    switch(signingAlgorithm){
+        case core.SigningAlgorithm.ECDSA:
+            return new node.Ecdsa(baseRelayUrl);
+        case core.SigningAlgorithm.ED25519:
+            return new node.Ed25519(baseRelayUrl);
+        case core.SigningAlgorithm.BIP340:
+            return new node.BIP340(baseRelayUrl);
+        default:
+            throw new Error(`Unsupported signing algorithm: ${signingAlgorithm}`);
+    }
+};
+const getMPCSigner = ({ chainName, baseRelayUrl })=>{
+    const chainConfig = core.getMPCChainConfig(chainName);
+    const signatureScheme = getMPCSignatureScheme({
+        signingAlgorithm: chainConfig.signingAlgorithm,
+        baseRelayUrl
+    });
+    return signatureScheme;
+};
+
+function _extends() {
+    _extends = Object.assign || function assign(target) {
+        for(var i = 1; i < arguments.length; i++){
+            var source = arguments[i];
+            for(var key in source)if (Object.prototype.hasOwnProperty.call(source, key)) target[key] = source[key];
+        }
+        return target;
+    };
+    return _extends.apply(this, arguments);
+}
+
+const logger = new logger$1.Logger('DynamicWaasWalletClient');
+
+const bytesToBase64 = (arr)=>{
+    return btoa(Array.from(arr, (b)=>String.fromCharCode(b)).join(''));
+};
+const stringToBytes = (str)=>{
+    return new TextEncoder().encode(str);
+};
+const base64ToBytes = (base64)=>{
+    return new Uint8Array(Buffer.from(base64, 'base64'));
+};
+// Helper function to ensure proper base64 padding
+const ensureBase64Padding = (str)=>{
+    return str.padEnd(Math.ceil(str.length / 4) * 4, '=');
+};
+const isHexString = (str)=>{
+    // Remove 0x prefix if present
+    const hex = str.startsWith('0x') ? str.slice(2) : str;
+    // Check if string contains only hex characters
+    return /^[0-9A-Fa-f]+$/.test(hex);
+};
+const getExternalServerKeyShareBackupInfo = (params)=>{
+    var _params_walletProperties, _params_walletProperties_keyShares_;
+    const backups = {
+        [core.BackupLocation.DYNAMIC]: [],
+        [core.BackupLocation.GOOGLE_DRIVE]: [],
+        [core.BackupLocation.ICLOUD]: [],
+        [core.BackupLocation.USER]: [],
+        [core.BackupLocation.EXTERNAL]: []
+    };
+    if (!(params == null ? void 0 : (_params_walletProperties = params.walletProperties) == null ? void 0 : _params_walletProperties.keyShares)) {
+        return {
+            backups,
+            passwordEncrypted: false
+        };
+    }
+    params.walletProperties.keyShares.forEach((keyShare)=>{
+        if (backups[keyShare.backupLocation]) {
+            backups[keyShare.backupLocation].push(keyShare.id);
+        }
+    });
+    const passwordEncrypted = Boolean((_params_walletProperties_keyShares_ = params.walletProperties.keyShares[0]) == null ? void 0 : _params_walletProperties_keyShares_.passwordEncrypted);
+    return {
+        backups,
+        passwordEncrypted
+    };
+};
+/**
+ * Helper function to merge keyshares and remove duplicates based on pubkey and secretShare
+ * @param existingKeyShares - Array of existing keyshares
+ * @param newKeyShares - Array of new keyshares to merge
+ * @returns Array of merged unique keyshares
+ */ const mergeUniqueKeyShares = (existingKeyShares, newKeyShares)=>{
+    const uniqueKeyShares = newKeyShares.filter((newShare)=>!existingKeyShares.some((existingShare)=>{
+            if (!(newShare == null ? void 0 : newShare.pubkey) || !(existingShare == null ? void 0 : existingShare.pubkey)) return false;
+            return newShare.pubkey.toString() === existingShare.pubkey.toString() && newShare.secretShare === existingShare.secretShare;
+        }));
+    return [
+        ...existingKeyShares,
+        ...uniqueKeyShares
+    ];
+};
+/**
+ * Generic helper function to retry a promise-based operations
+ *
+ * @param operation - The async operation to retry
+ * @param config - Configuration options for retry behavior
+ * @returns Promise with the operation result
+ * @throws Last error encountered after all retries are exhausted
+ */ async function retryPromise(operation, { maxAttempts = 5, retryInterval = 500, operationName = 'operation', logContext = {} } = {}) {
+    let attempts = 0;
+    while(attempts < maxAttempts){
+        try {
+            return await operation();
+        } catch (error) {
+            attempts++;
+            if (attempts === maxAttempts) {
+                logger.error(`Failed to execute ${operationName} after ${maxAttempts} attempts`, _extends({}, logContext, {
+                    error
+                }));
+                throw error;
+            }
+            await new Promise((resolve)=>setTimeout(resolve, retryInterval));
+        }
+    }
+    // TypeScript needs this even though it's unreachable
+    throw new Error('Unreachable code');
+}
+
+const PBKDF2_ALGORITHM = 'PBKDF2';
+const PBKDF2_ITERATIONS = 100000;
+const PBKDF2_HASH_ALGORITHM = 'SHA-256';
+const AES_GCM_ALGORITHM = 'AES-GCM';
+const AES_GCM_LENGTH = 256;
+const getKey = async ({ password, salt })=>{
+    const passwordBytes = stringToBytes(password);
+    const initialKey = await crypto.subtle.importKey('raw', passwordBytes, {
+        name: 'PBKDF2'
+    }, false, [
+        'deriveKey'
+    ]);
+    return crypto.subtle.deriveKey({
+        name: PBKDF2_ALGORITHM,
+        salt,
+        iterations: PBKDF2_ITERATIONS,
+        hash: PBKDF2_HASH_ALGORITHM
+    }, initialKey, {
+        name: AES_GCM_ALGORITHM,
+        length: AES_GCM_LENGTH
+    }, false, [
+        'encrypt',
+        'decrypt'
+    ]);
+};
+const encryptData = async ({ data, password })=>{
+    try {
+        // Generate a random salt and IV
+        const salt = crypto.getRandomValues(new Uint8Array(16));
+        const iv = crypto.getRandomValues(new Uint8Array(12)); // AES-GCM requires 12 bytes
+        const key = await getKey({
+            password,
+            salt
+        });
+        // Convert the input string to bytes
+        const dataBytes = new TextEncoder().encode(data);
+        // Encrypt the data
+        const encryptedData = await crypto.subtle.encrypt({
+            name: AES_GCM_ALGORITHM,
+            iv
+        }, key, dataBytes);
+        // Convert to base64 strings, ensure proper padding
+        return {
+            salt: bytesToBase64(salt),
+            iv: bytesToBase64(iv),
+            cipher: bytesToBase64(new Uint8Array(encryptedData))
+        };
+    } catch (error) {
+        throw new Error('Error encrypting data');
+    }
+};
+const decryptData = async ({ data, password })=>{
+    try {
+        const { salt, iv, cipher } = data;
+        // Ensure proper base64 padding for all values
+        const paddedSalt = ensureBase64Padding(salt);
+        const paddedIv = ensureBase64Padding(iv);
+        const paddedCipher = ensureBase64Padding(cipher);
+        const saltBytes = base64ToBytes(paddedSalt);
+        const ivBytes = base64ToBytes(paddedIv);
+        const cipherBytes = base64ToBytes(paddedCipher);
+        const key = await getKey({
+            password,
+            salt: saltBytes
+        });
+        const decryptedData = await crypto.subtle.decrypt({
+            name: AES_GCM_ALGORITHM,
+            iv: ivBytes
+        }, key, cipherBytes);
+        return new TextDecoder().decode(decryptedData);
+    } catch (error) {
+        throw new Error('Decryption failed');
+    }
+};
+
+const DEFAULT_LOG_LEVEL = 'INFO';
+
+class DynamicWalletClient {
+    ensureApiClientAuthenticated() {
+        if (!this.isApiClientAuthenticated) {
+            throw new Error('Client must be authenticated before making API calls. Call authenticateApiToken first.');
+        }
+    }
+    async authenticateApiToken(authToken) {
+        const tmpClient = new core.DynamicApiClient({
+            environmentId: this.environmentId,
+            authToken,
+            baseApiUrl: this.baseApiUrl
+        });
+        const response = await tmpClient.authenticateApiToken({
+            environmentId: this.environmentId
+        });
+        const jwtTokenAuth = response.data.encodedJwts.minifiedJwt;
+        this.baseJWTAuthToken = jwtTokenAuth;
+        this.apiClient = new core.DynamicApiClient({
+            environmentId: this.environmentId,
+            authToken: jwtTokenAuth,
+            baseApiUrl: this.baseApiUrl
+        });
+        this.isApiClientAuthenticated = true;
+    }
+    async dynamicServerInitializeKeyGen({ chainName, externalServerKeygenIds, thresholdSignatureScheme, onError, onCeremonyComplete }) {
+        this.ensureApiClientAuthenticated();
+        try {
+            const data = await this.apiClient.createWalletAccount({
+                chainName,
+                clientKeygenIds: externalServerKeygenIds,
+                thresholdSignatureScheme,
+                onError,
+                onCeremonyComplete
+            });
+            return data;
+        } catch (error) {
+            this.logger.error('Error in dynamicServerInitializeKeyGen', error);
+            throw new Error('Error creating wallet account in dynamicServerInitializeKeyGen');
+        }
+    }
+    async externalServerInitializeKeyGen({ chainName, thresholdSignatureScheme }) {
+        try {
+            // Get the mpc signer
+            const mpcSigner = getMPCSigner({
+                chainName,
+                baseRelayUrl: this.baseMPCRelayApiUrl
+            });
+            const clientThreshold = core.getClientThreshold(thresholdSignatureScheme);
+            const keygenInitResults = await Promise.all(Array(clientThreshold).fill(null).map(()=>mpcSigner.initKeygen()));
+            return keygenInitResults;
+        } catch (error) {
+            this.logger.error('Error in externalServerInitializeKeyGen', error);
+            throw new Error('Error initializing keygen in externalServerInitializeKeyGen');
+        }
+    }
+    async derivePublicKey({ chainName, keyShare, derivationPath }) {
+        try {
+            const mpcSigner = getMPCSigner({
+                chainName,
+                baseRelayUrl: this.baseMPCRelayApiUrl
+            });
+            let publicKey;
+            if (mpcSigner instanceof node.Ecdsa) {
+                publicKey = await mpcSigner.derivePubkey(keyShare, derivationPath);
+            } else if (mpcSigner instanceof node.Ed25519) {
+                publicKey = await mpcSigner.derivePubkey(keyShare, derivationPath);
+            }
+            return publicKey;
+        } catch (error) {
+            this.logger.error('Error in derivePublicKey', error);
+            throw new Error('Error deriving public key in derivePublicKey');
+        }
+    }
+    async externalServerKeyGen({ chainName, roomId, dynamicServerKeygenIds, externalServerInitKeygenResults, thresholdSignatureScheme }) {
+        try {
+            // Get the chain config and the mpc signer
+            const mpcSigner = getMPCSigner({
+                chainName,
+                baseRelayUrl: this.baseMPCRelayApiUrl
+            });
+            // Get the MPC config for the threshold signature scheme
+            const mpcConfig = core.MPC_CONFIG[thresholdSignatureScheme];
+            // For each client keygen init result, create an array of other parties' keygenIds
+            const serverKeygenResults = await Promise.all(externalServerInitKeygenResults.map((currentInit)=>{
+                // Get all other client keygenIds (excluding current one)
+                const otherExternalServerKeygenIds = externalServerInitKeygenResults.filter((init)=>init.keygenId !== currentInit.keygenId).map((init)=>init.keygenId);
+                // Combine server keygenIds with other client keygenIds
+                const allOtherKeygenIds = [
+                    ...dynamicServerKeygenIds,
+                    ...otherExternalServerKeygenIds
+                ];
+                return mpcSigner.keygen(roomId, mpcConfig.numberOfParties, mpcConfig.threshold, currentInit, allOtherKeygenIds);
+            }));
+            // only need one client keygen result to derive the public key
+            const [serverKeygenResult] = serverKeygenResults;
+            const chainConfig = core.getMPCChainConfig(chainName);
+            const derivationPath = new Uint32Array(chainConfig.derivationPath);
+            const rawPublicKey = await this.derivePublicKey({
+                chainName,
+                keyShare: serverKeygenResult,
+                derivationPath
+            });
+            return {
+                rawPublicKey,
+                externalServerKeyGenResults: serverKeygenResults
+            };
+        } catch (error) {
+            this.logger.error('Error in externalServerKeyGen', error);
+            throw new Error('Error deriving public key in externalServerKeyGen');
+        }
+    }
+    async keyGen({ chainName, thresholdSignatureScheme, onError, onCeremonyComplete }) {
+        try {
+            const externalServerInitKeygenResults = await this.externalServerInitializeKeyGen({
+                chainName,
+                thresholdSignatureScheme
+            });
+            const externalServerKeygenIds = externalServerInitKeygenResults.map((result)=>result.keygenId);
+            const { roomId, serverKeygenIds: dynamicServerKeygenIds } = await this.dynamicServerInitializeKeyGen({
+                chainName,
+                externalServerKeygenIds,
+                thresholdSignatureScheme,
+                onCeremonyComplete
+            });
+            const { rawPublicKey, externalServerKeyGenResults } = await this.externalServerKeyGen({
+                chainName,
+                roomId,
+                dynamicServerKeygenIds,
+                externalServerInitKeygenResults,
+                thresholdSignatureScheme
+            });
+            return {
+                rawPublicKey,
+                externalServerKeyShares: externalServerKeyGenResults
+            };
+        } catch (error) {
+            this.logger.error('Error in keyGen', error);
+            throw new Error('Error creating wallet account in keyGen');
+        }
+    }
+    async importRawPrivateKey({ chainName, privateKey, thresholdSignatureScheme, onError, onCeremonyComplete }) {
+        this.ensureApiClientAuthenticated();
+        const mpcSigner = getMPCSigner({
+            chainName,
+            baseRelayUrl: this.baseMPCRelayApiUrl
+        });
+        const externalServerKeygenInitResults = await this.externalServerInitializeKeyGen({
+            chainName,
+            thresholdSignatureScheme
+        });
+        const externalServerKeygenIds = externalServerKeygenInitResults.map((result)=>result.keygenId);
+        const { roomId, serverKeygenIds: dynamicServerKeygenIds } = await this.apiClient.importPrivateKey({
+            chainName,
+            clientKeygenIds: externalServerKeygenIds,
+            thresholdSignatureScheme,
+            onError,
+            onCeremonyComplete
+        });
+        const { threshold } = core.getTSSConfig(thresholdSignatureScheme);
+        const externalServerKeygenResults = await Promise.all(externalServerKeygenInitResults.map(async (currentInit, index)=>{
+            const otherExternalServerKeygenIds = externalServerKeygenInitResults.filter((init)=>init.keygenId !== currentInit.keygenId).map((init)=>init.keygenId);
+            if (index === 0) {
+                const otherKeyGenIds = [
+                    ...dynamicServerKeygenIds,
+                    ...otherExternalServerKeygenIds
+                ];
+                const importerKeygenResult = await mpcSigner.importPrivateKeyImporter(roomId, threshold, privateKey, currentInit, otherKeyGenIds);
+                return importerKeygenResult;
+            } else {
+                const recipientKeygenResult = await mpcSigner.importPrivateKeyRecipient(roomId, threshold, currentInit, [
+                    ...dynamicServerKeygenIds,
+                    ...otherExternalServerKeygenIds
+                ]);
+                return recipientKeygenResult;
+            }
+        }));
+        const [externalServerKeygenResult] = externalServerKeygenResults;
+        const rawPublicKey = await this.derivePublicKey({
+            chainName,
+            keyShare: externalServerKeygenResult,
+            derivationPath: undefined
+        });
+        return {
+            rawPublicKey,
+            externalServerKeyShares: externalServerKeygenResults
+        };
+    }
+    async dynamicServerSign({ walletId, message }) {
+        this.ensureApiClientAuthenticated();
+        // Create the room and sign the message
+        if (typeof message !== 'string') {
+            message = '0x' + Buffer.from(message).toString('hex');
+        }
+        const data = await this.apiClient.signMessage({
+            walletId,
+            message
+        });
+        return data;
+    }
+    async externalServerSign({ chainName, message, roomId, keyShare, derivationPath }) {
+        try {
+            const mpcSigner = getMPCSigner({
+                chainName,
+                baseRelayUrl: this.baseMPCRelayApiUrl
+            });
+            let formattedMessage;
+            //note: Ecdsa can also be used by bitcoin, but only keccak256 is used by ethereum
+            if (mpcSigner instanceof node.Ecdsa) {
+                formattedMessage = node.MessageHash.keccak256(message);
+            } else if (mpcSigner instanceof node.Ed25519) {
+                if (typeof message === 'string') {
+                    if (!isHexString(message)) {
+                        formattedMessage = Buffer.from(message).toString('hex');
+                    } else {
+                        formattedMessage = Buffer.from(message, 'hex');
+                    }
+                } else {
+                    formattedMessage = message;
+                }
+            } else if (mpcSigner instanceof node.BIP340 && typeof message === 'string') {
+                formattedMessage = new TextEncoder().encode(message);
+            } else {
+                throw new Error('Unsupported signer type');
+            }
+            const signature = await mpcSigner.sign(roomId, keyShare, formattedMessage, derivationPath);
+            return signature;
+        } catch (error) {
+            this.logger.error('Error in externalServerSign', error);
+            throw error;
+        }
+    }
+    //todo: need to modify with imported flag
+    async sign({ accountAddress, message, chainName, password = undefined, signedSessionId }) {
+        await this.verifyPassword({
+            accountAddress,
+            password,
+            walletOperation: core.WalletOperation.SIGN_MESSAGE,
+            signedSessionId
+        });
+        const wallet = await this.getWallet({
+            accountAddress,
+            walletOperation: core.WalletOperation.SIGN_MESSAGE,
+            password,
+            signedSessionId
+        });
+        // Perform the dynamic server sign
+        const data = await this.dynamicServerSign({
+            walletId: wallet.walletId,
+            message
+        });
+        const derivationPath = wallet.derivationPath && wallet.derivationPath != '' ? new Uint32Array(Object.values(JSON.parse(wallet.derivationPath))) : undefined;
+        // Perform the external server sign and return the signature
+        const signature = await this.externalServerSign({
+            chainName,
+            message,
+            roomId: data.roomId,
+            keyShare: wallet.externalServerKeyShares[0],
+            derivationPath
+        });
+        return signature;
+    }
+    async refreshWalletAccountShares({ accountAddress, chainName, password = undefined, signedSessionId }) {
+        this.ensureApiClientAuthenticated();
+        await this.verifyPassword({
+            accountAddress,
+            password,
+            walletOperation: core.WalletOperation.REFRESH,
+            signedSessionId
+        });
+        const wallet = await this.getWallet({
+            accountAddress,
+            walletOperation: core.WalletOperation.REFRESH,
+            password,
+            signedSessionId
+        });
+        const mpcSigner = getMPCSigner({
+            chainName,
+            baseRelayUrl: this.baseMPCRelayApiUrl
+        });
+        // Create the room and refresh the shares
+        const data = await this.apiClient.refreshWalletAccountShares({
+            walletId: wallet.walletId
+        });
+        const roomId = data.roomId;
+        const refreshResults = await Promise.all(wallet.externalServerKeyShares.map((serverKeyShare)=>mpcSigner.refresh(roomId, serverKeyShare)));
+        this.walletMap[accountAddress] = _extends({}, this.walletMap[accountAddress], {
+            externalServerKeyShares: refreshResults,
+            externalServerKeySharesBackupInfo: getExternalServerKeyShareBackupInfo()
+        });
+        await this.storeEncryptedBackupByWallet({
+            accountAddress,
+            password: password != null ? password : this.environmentId,
+            signedSessionId
+        });
+        return refreshResults;
+    }
+    async getExportId({ chainName, serverKeyShare }) {
+        const mpcSigner = getMPCSigner({
+            chainName,
+            baseRelayUrl: this.baseMPCRelayApiUrl
+        });
+        const exportId = await mpcSigner.exportID(serverKeyShare);
+        return exportId;
+    }
+    /**
+   * Helper function to create client shares required to complete a reshare ceremony.
+   * @param {string} chainName - The chain to create shares for
+   * @param {WalletProperties} wallet - The wallet to reshare
+   * @param {ThresholdSignatureScheme} oldThresholdSignatureScheme - The current threshold signature scheme
+   * @param {ThresholdSignatureScheme} newThresholdSignatureScheme - The target threshold signature scheme
+   * @returns {Promise<{
+   *   newClientInitKeygenResults: ClientInitKeygenResult[],
+   *   newClientKeygenIds: string[],
+   *   existingClientKeygenIds: string[],
+   *   existingClientKeyShares: ClientKeyShare[]
+   * }>} Object containing new and existing client keygen results, IDs and shares
+   * @todo Support higher to lower reshare strategies
+   */ async reshareStrategy({ chainName, wallet, oldThresholdSignatureScheme, newThresholdSignatureScheme }) {
+        const mpcSigner = getMPCSigner({
+            chainName,
+            baseRelayUrl: this.baseMPCRelayApiUrl
+        });
+        // Determine share counts based on threshold signature schemes
+        const { newExternalServerShareCount, existingExternalServerShareCount } = core.getServerWalletReshareConfig({
+            oldThresholdSignatureScheme,
+            newThresholdSignatureScheme
+        });
+        // Create new client shares
+        const newExternalServerInitKeygenResults = await Promise.all(Array.from({
+            length: newExternalServerShareCount
+        }, ()=>mpcSigner.initKeygen()));
+        const newExternalServerKeygenIds = newExternalServerInitKeygenResults.map((result)=>result.keygenId);
+        // Get existing client shares
+        const existingExternalServerKeyShares = wallet.externalServerKeyShares.slice(0, existingExternalServerShareCount);
+        const existingExternalServerKeygenIds = await Promise.all(existingExternalServerKeyShares.map(async (keyShare)=>await this.getExportId({
+                chainName,
+                serverKeyShare: keyShare
+            })));
+        return {
+            newExternalServerInitKeygenResults,
+            newExternalServerKeygenIds,
+            existingExternalServerKeygenIds,
+            existingExternalServerKeyShares
+        };
+    }
+    async reshare({ chainName, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, password = undefined, signedSessionId }) {
+        this.ensureApiClientAuthenticated();
+        await this.verifyPassword({
+            accountAddress,
+            password,
+            walletOperation: core.WalletOperation.RESHARE,
+            signedSessionId
+        });
+        const { existingExternalServerShareCount } = core.getServerWalletReshareConfig({
+            oldThresholdSignatureScheme,
+            newThresholdSignatureScheme
+        });
+        const wallet = await this.getWallet({
+            accountAddress,
+            walletOperation: core.WalletOperation.RESHARE,
+            shareCount: existingExternalServerShareCount,
+            password,
+            signedSessionId
+        });
+        const { newExternalServerInitKeygenResults, newExternalServerKeygenIds, existingExternalServerKeygenIds, existingExternalServerKeyShares } = await this.reshareStrategy({
+            chainName,
+            wallet,
+            oldThresholdSignatureScheme,
+            newThresholdSignatureScheme
+        });
+        const externalServerKeygenIds = [
+            ...newExternalServerKeygenIds,
+            ...existingExternalServerKeygenIds
+        ];
+        // Server to create the room and complete the server reshare logics
+        const data = await this.apiClient.reshare({
+            walletId: wallet.walletId,
+            clientKeygenIds: externalServerKeygenIds,
+            oldThresholdSignatureScheme,
+            newThresholdSignatureScheme
+        });
+        const { roomId, serverKeygenIds: dynamicServerKeygenIds, newServerKeygenIds: newDynamicServerKeygenIds = [] } = data;
+        // Get the MPC config for the threshold signature scheme
+        const oldMpcConfig = core.MPC_CONFIG[oldThresholdSignatureScheme];
+        const newMpcConfig = core.MPC_CONFIG[newThresholdSignatureScheme];
+        const allPartyKeygenIds = [
+            ...externalServerKeygenIds,
+            ...dynamicServerKeygenIds,
+            ...newDynamicServerKeygenIds
+        ];
+        const mpcSigner = getMPCSigner({
+            chainName,
+            baseRelayUrl: this.baseMPCRelayApiUrl
+        });
+        const reshareResults = await Promise.all([
+            ...newExternalServerInitKeygenResults.map((keygenResult)=>mpcSigner.reshareNewParty(roomId, oldMpcConfig.threshold, newMpcConfig.threshold, keygenResult, allPartyKeygenIds)),
+            ...existingExternalServerKeyShares.map((keyShare)=>mpcSigner.reshareRemainingParty(roomId, newMpcConfig.threshold, keyShare, allPartyKeygenIds))
+        ]);
+        this.walletMap[accountAddress] = _extends({}, this.walletMap[accountAddress], {
+            externalServerKeyShares: reshareResults,
+            externalServerKeySharesBackupInfo: getExternalServerKeyShareBackupInfo()
+        });
+        await this.storeEncryptedBackupByWallet({
+            accountAddress,
+            password,
+            signedSessionId
+        });
+        return reshareResults;
+    }
+    async exportKey({ accountAddress, chainName, password = undefined, signedSessionId }) {
+        this.ensureApiClientAuthenticated();
+        await this.verifyPassword({
+            accountAddress,
+            password,
+            walletOperation: core.WalletOperation.EXPORT_PRIVATE_KEY,
+            signedSessionId
+        });
+        const wallet = await this.getWallet({
+            accountAddress,
+            password,
+            walletOperation: core.WalletOperation.EXPORT_PRIVATE_KEY,
+            signedSessionId
+        });
+        const mpcSigner = getMPCSigner({
+            chainName,
+            baseRelayUrl: this.baseMPCRelayApiUrl
+        });
+        const exportId = await this.getExportId({
+            chainName,
+            serverKeyShare: wallet.externalServerKeyShares[0]
+        });
+        const data = await this.apiClient.exportKey({
+            walletId: wallet.walletId,
+            exportId
+        });
+        const keyExportRaw = await mpcSigner.exportFullPrivateKey(data.roomId, wallet.externalServerKeyShares[0], exportId);
+        if (!keyExportRaw) {
+            throw new Error('Error exporting private key');
+        }
+        const derivationPath = wallet.derivationPath && wallet.derivationPath != '' ? new Uint32Array(Object.values(JSON.parse(wallet.derivationPath))) : undefined;
+        let derivedPrivateKey;
+        if (mpcSigner instanceof node.Ecdsa) {
+            derivedPrivateKey = await mpcSigner.derivePrivateKeyFromXpriv(keyExportRaw, derivationPath);
+        } else if (mpcSigner instanceof node.Ed25519) {
+            derivedPrivateKey = keyExportRaw;
+        } else if (mpcSigner instanceof node.BIP340) {
+            derivedPrivateKey = await mpcSigner.derivePrivateKeyFromXpriv(keyExportRaw, derivationPath);
+        }
+        return {
+            derivedPrivateKey
+        };
+    }
+    async offlineExportKey({ chainName, keyShares, derivationPath }) {
+        try {
+            if (!keyShares || keyShares.length < 2) {
+                throw new Error(`Must provide at least min threshold of key shares`);
+            }
+            const mpcSigner = getMPCSigner({
+                chainName,
+                baseRelayUrl: this.baseMPCRelayApiUrl
+            });
+            const walletKeyShares = keyShares.map((keyShare)=>{
+                return mpcSigner instanceof node.Ecdsa ? new node.EcdsaKeygenResult(keyShare.pubkey, keyShare.secretShare) : mpcSigner instanceof node.Ed25519 ? new node.Ed25519KeygenResult(keyShare.pubkey, keyShare.secretShare) : new node.BIP340KeygenResult(keyShare.pubkey, keyShare.secretShare);
+            });
+            const keyExportRaw = await mpcSigner.offlineExportFullPrivateKey(walletKeyShares);
+            if (!keyExportRaw) {
+                throw new Error('Error exporting private key: Export returned null');
+            }
+            const chainConfig = core.getMPCChainConfig(chainName);
+            const walletDerivationPath = !derivationPath ? undefined : new Uint32Array(chainConfig.derivationPath);
+            let derivedPrivateKey;
+            if (mpcSigner instanceof node.Ecdsa) {
+                derivedPrivateKey = await mpcSigner.derivePrivateKeyFromXpriv(keyExportRaw, walletDerivationPath);
+            } else if (mpcSigner instanceof node.Ed25519) {
+                derivedPrivateKey = keyExportRaw;
+            } else if (mpcSigner instanceof node.BIP340) {
+                derivedPrivateKey = await mpcSigner.derivePrivateKeyFromXpriv(keyExportRaw, walletDerivationPath);
+            }
+            return {
+                derivedPrivateKey
+            };
+        } catch (error) {
+            this.logger.error('Error in offlineExportKey:', error);
+            throw error;
+        }
+    }
+    async encryptKeyShare({ keyShare, password }) {
+        const serializedKeyShare = JSON.stringify(keyShare);
+        const encryptedKeyShare = await encryptData({
+            data: serializedKeyShare,
+            password: password != null ? password : this.environmentId
+        });
+        // stringify the encrypted key share, convert to base64, and store it
+        const serializedEncryptedKeyShare = Buffer.from(JSON.stringify(encryptedKeyShare)).toString('base64');
+        return serializedEncryptedKeyShare;
+    }
+    async ensureCeremonyCompletionBeforeBackup({ accountAddress }) {
+        let retries = 0;
+        const maxRetries = 3;
+        while((!this.walletMap[accountAddress] || !this.walletMap[accountAddress].walletId) && retries < maxRetries){
+            await new Promise((resolve)=>setTimeout(resolve, 1000)); // Wait 1 second
+            retries++;
+        }
+        if (!this.walletMap[accountAddress] || !this.walletMap[accountAddress].walletId) {
+            throw new Error('Ceremony completion timeout');
+        }
+    }
+    async storeEncryptedBackupByWallet({ accountAddress, externalServerKeyShares = undefined, password = undefined, signedSessionId }) {
+        this.ensureApiClientAuthenticated();
+        //add retry logic for ceremony completion to prevent race condition
+        await this.ensureCeremonyCompletionBeforeBackup({
+            accountAddress
+        });
+        try {
+            const keySharesToBackup = externalServerKeyShares != null ? externalServerKeyShares : await this.getExternalServerKeyShares({
+                accountAddress,
+                signedSessionId
+            });
+            if (!keySharesToBackup || keySharesToBackup.length === 0) {
+                throw new Error(`Key shares not found for accountAddress: ${accountAddress}`);
+            }
+            const encryptedKeyShares = await Promise.all(keySharesToBackup.map((keyShare)=>this.encryptKeyShare({
+                    keyShare,
+                    password
+                })));
+            if (!this.walletMap[accountAddress] || !this.walletMap[accountAddress].walletId) {
+                throw new Error(`WalletId not found for accountAddress: ${accountAddress}`);
+            }
+            // TODO(zfaizal2): throw error if signedSessionId is not provided after service deploy
+            const data = await this.apiClient.storeEncryptedBackupByWallet({
+                walletId: this.walletMap[accountAddress].walletId,
+                encryptedKeyShares,
+                passwordEncrypted: Boolean(password) && password !== this.environmentId,
+                signedSessionId
+            });
+            this.walletMap[accountAddress] = _extends({}, this.walletMap[accountAddress], {
+                externalServerKeySharesBackupInfo: getExternalServerKeyShareBackupInfo({
+                    walletProperties: {
+                        derivationPath: this.walletMap[accountAddress].derivationPath,
+                        keyShares: data.keyShares,
+                        thresholdSignatureScheme: this.walletMap[accountAddress].thresholdSignatureScheme
+                    }
+                })
+            });
+            return data;
+        } catch (error) {
+            this.logger.error('Error in storeEncryptedBackupByWallet:', error);
+            throw error;
+        }
+    }
+    async storeEncryptedBackupByWalletWithRetry({ accountAddress, externalServerKeyShares, password, signedSessionId }) {
+        await retryPromise(()=>this.storeEncryptedBackupByWallet({
+                accountAddress,
+                externalServerKeyShares,
+                password,
+                signedSessionId
+            }), {
+            operationName: 'store encrypted backup',
+            logContext: {
+                walletAddress: accountAddress,
+                keyShares: externalServerKeyShares == null ? void 0 : externalServerKeyShares.map((keyShare)=>this.encryptKeyShare({
+                        keyShare,
+                        password
+                    }))
+            }
+        });
+    }
+    async getExternalServerKeyShares({ accountAddress, password, signedSessionId }) {
+        const wallet = await this.getWallet({
+            accountAddress,
+            password,
+            walletOperation: core.WalletOperation.REACH_THRESHOLD,
+            signedSessionId
+        });
+        return wallet.externalServerKeyShares;
+    }
+    async updatePassword({ accountAddress, existingPassword, newPassword, signedSessionId }) {
+        await this.getWallet({
+            accountAddress,
+            password: existingPassword,
+            walletOperation: core.WalletOperation.REACH_ALL_PARTIES,
+            signedSessionId
+        });
+        await this.storeEncryptedBackupByWallet({
+            accountAddress,
+            password: newPassword,
+            signedSessionId
+        });
+    }
+    async decryptKeyShare({ keyShare, password }) {
+        const decodedKeyShare = JSON.parse(Buffer.from(keyShare, 'base64').toString());
+        const decryptedKeyShare = await decryptData({
+            data: decodedKeyShare,
+            password: password != null ? password : this.environmentId
+        });
+        const deserializedKeyShare = JSON.parse(decryptedKeyShare);
+        return deserializedKeyShare;
+    }
+    /**
+   * Helper function to determine keyshare recovery strategy for dynamic shares.
+   * For REFRESH operations, retrieves enough shares to meet the client threshold.
+   * For all other operations, retrieves just 1 share.
+   *
+   * @param clientKeyShareBackupInfo - Information about backed up key shares
+   * @param thresholdSignatureScheme - The signature scheme being used (2-of-2, 2-of-3, etc)
+   * @param walletOperation - The operation being performed (REFRESH, SIGN_MESSAGE, etc)
+   * @param shareCount - The number of shares to recover if specified for reshare operations
+   * @returns @shares: Object mapping backup locations to arrays of share IDs to recover
+   * @returns @requiredShareCount: The number of shares required to recover
+   */ recoverStrategy({ externalServerKeySharesBackupInfo, thresholdSignatureScheme, walletOperation, shareCount = undefined }) {
+        const { backups } = externalServerKeySharesBackupInfo;
+        const { clientThreshold } = core.MPC_CONFIG[thresholdSignatureScheme];
+        let requiredShareCount = walletOperation === core.WalletOperation.REFRESH || walletOperation === core.WalletOperation.REACH_ALL_PARTIES || walletOperation === core.WalletOperation.RESHARE ? clientThreshold : 1;
+        // Override requiredShareCount if shareCount is provided
+        if (shareCount !== undefined) {
+            requiredShareCount = shareCount;
+        }
+        const dynamicShares = backups[core.BackupLocation.DYNAMIC].slice(0, requiredShareCount);
+        return {
+            shares: {
+                [core.BackupLocation.DYNAMIC]: dynamicShares
+            },
+            requiredShareCount
+        };
+    }
+    async recoverEncryptedBackupByWallet({ accountAddress, password, walletOperation, signedSessionId, shareCount = undefined, storeRecoveredShares = true }) {
+        this.ensureApiClientAuthenticated();
+        const wallet = this.walletMap[accountAddress];
+        this.logger.debug(`recoverEncryptedBackupByWallet wallet: ${walletOperation}`, wallet);
+        const { shares } = this.recoverStrategy({
+            externalServerKeySharesBackupInfo: wallet.externalServerKeySharesBackupInfo,
+            thresholdSignatureScheme: wallet.thresholdSignatureScheme,
+            walletOperation,
+            shareCount
+        });
+        const { dynamic: dynamicKeyShareIds } = shares;
+        const data = await this.apiClient.recoverEncryptedBackupByWallet({
+            walletId: wallet.walletId,
+            keyShareIds: dynamicKeyShareIds,
+            signedSessionId
+        });
+        const dynamicKeyShares = data.keyShares.filter((keyShare)=>keyShare.encryptedAccountCredential !== null && keyShare.backupLocation === core.BackupLocation.DYNAMIC);
+        const decryptedKeyShares = await Promise.all(dynamicKeyShares.map((keyShare)=>this.decryptKeyShare({
+                keyShare: keyShare.encryptedAccountCredential,
+                password: password != null ? password : this.environmentId
+            })));
+        if (storeRecoveredShares) {
+            this.walletMap[accountAddress] = _extends({}, this.walletMap[accountAddress], {
+                externalServerKeyShares: mergeUniqueKeyShares(this.walletMap[accountAddress].externalServerKeyShares || [], decryptedKeyShares)
+            });
+        }
+        return decryptedKeyShares;
+    }
+    async exportExternalServerKeyShares({ accountAddress, password, signedSessionId }) {
+        await this.verifyPassword({
+            accountAddress,
+            password,
+            walletOperation: core.WalletOperation.REACH_ALL_PARTIES,
+            signedSessionId
+        });
+        const externalServerKeyShares = await this.getExternalServerKeyShares({
+            accountAddress,
+            password,
+            signedSessionId
+        });
+        return externalServerKeyShares;
+    }
+    /**
+   * Helper function to check if the required wallet fields are present and valid
+   * @param accountAddress - The account address of the wallet to check
+   * @param walletOperation - The wallet operation that determines required fields
+   * @returns boolean indicating if wallet needs to be re-fetched and restored from server
+   */ async checkWalletFields({ accountAddress, walletOperation = core.WalletOperation.REACH_THRESHOLD, shareCount }) {
+        let keyshareCheck = false;
+        let walletCheck = false;
+        let thresholdSignatureSchemeCheck = false;
+        let derivationPathCheck = false;
+        // check if wallet exists
+        const existingWallet = this.walletMap[accountAddress];
+        if (existingWallet) {
+            walletCheck = true;
+        }
+        // check if threshold signature scheme exists
+        if (existingWallet == null ? void 0 : existingWallet.thresholdSignatureScheme) {
+            thresholdSignatureSchemeCheck = true;
+        }
+        // check if derivation path exists
+        if ((existingWallet == null ? void 0 : existingWallet.derivationPath) || (existingWallet == null ? void 0 : existingWallet.derivationPath) === '') {
+            derivationPathCheck = true;
+        }
+        // check if wallet already exists with sufficient keyshares
+        if (existingWallet) {
+            var _existingWallet_externalServerKeyShares;
+            const { shares } = this.recoverStrategy({
+                externalServerKeySharesBackupInfo: existingWallet.externalServerKeySharesBackupInfo || {
+                    backups: getExternalServerKeyShareBackupInfo()
+                },
+                thresholdSignatureScheme: existingWallet.thresholdSignatureScheme,
+                walletOperation,
+                shareCount
+            });
+            const { dynamic: requiredDynamicKeyShareIds = [] } = shares;
+            if (requiredDynamicKeyShareIds.length <= (((_existingWallet_externalServerKeyShares = existingWallet.externalServerKeyShares) == null ? void 0 : _existingWallet_externalServerKeyShares.length) || 0)) {
+                keyshareCheck = true;
+            }
+        }
+        return walletCheck && thresholdSignatureSchemeCheck && keyshareCheck && derivationPathCheck;
+    }
+    /**
+   * verifyPassword attempts to recover and decrypt a single client key share using the provided password.
+   * If successful, the key share is encrypted with the new password. This method solely performs the recovery
+   * and decryption without storing the restored key shares. If unsuccessful, it throws an error.
+   */ async verifyPassword({ accountAddress, password = undefined, walletOperation = core.WalletOperation.NO_OPERATION, signedSessionId }) {
+        await this.getWallet({
+            accountAddress,
+            password,
+            walletOperation,
+            signedSessionId
+        });
+        if (await this.requiresPasswordForOperation({
+            accountAddress,
+            walletOperation
+        }) && !password) {
+            throw new Error('Password is required for operation but not provided');
+        }
+        // silent return if no password is provided and operation does not require a password
+        if (!password) {
+            return;
+        }
+        const { backups } = await this.getWalletExternalServerKeyShareBackupInfo({
+            accountAddress
+        });
+        const { dynamic: dynamicKeyShareIds = [] } = backups;
+        if (!dynamicKeyShareIds || dynamicKeyShareIds.length === 0) {
+            throw new Error('No dynamic key shares found');
+        }
+        try {
+            // TODO(zfaizal2): throw error if signedSessionId is not provided after service deploy
+            await this.recoverEncryptedBackupByWallet({
+                accountAddress,
+                password,
+                walletOperation,
+                signedSessionId,
+                shareCount: 1,
+                storeRecoveredShares: false
+            });
+        } catch (error) {
+            this.logger.error('Error in verifying password', error);
+            throw new Error('Incorrect password');
+        }
+    }
+    async isPasswordEncrypted({ accountAddress }) {
+        const externalServerKeySharesBackupInfo = await this.getWalletExternalServerKeyShareBackupInfo({
+            accountAddress
+        });
+        return externalServerKeySharesBackupInfo == null ? void 0 : externalServerKeySharesBackupInfo.passwordEncrypted;
+    }
+    /**
+   * check if the operation requires a password
+   */ async requiresPasswordForOperation({ accountAddress, walletOperation = core.WalletOperation.REACH_THRESHOLD }) {
+        const isEncrypted = await this.isPasswordEncrypted({
+            accountAddress
+        });
+        if (!isEncrypted) {
+            return false;
+        }
+        return this.requiresRestoreBackupSharesForOperation({
+            accountAddress,
+            walletOperation
+        });
+    }
+    /**
+   * check if the operation requires restoring backup shares
+   */ async requiresRestoreBackupSharesForOperation({ accountAddress, walletOperation = core.WalletOperation.REACH_THRESHOLD }) {
+        const externalServerKeySharesBackupInfo = await this.getWalletExternalServerKeyShareBackupInfo({
+            accountAddress
+        });
+        const externalServerKeyShares = this.walletMap[accountAddress].externalServerKeyShares || [];
+        if (walletOperation === core.WalletOperation.REACH_ALL_PARTIES || walletOperation === core.WalletOperation.REFRESH || walletOperation === core.WalletOperation.RESHARE) {
+            return true;
+        }
+        const { requiredShareCount } = this.recoverStrategy({
+            externalServerKeySharesBackupInfo,
+            thresholdSignatureScheme: this.walletMap[accountAddress].thresholdSignatureScheme,
+            walletOperation
+        });
+        if (externalServerKeyShares.length >= requiredShareCount) {
+            return false;
+        }
+        return true;
+    }
+    async getWalletExternalServerKeyShareBackupInfo({ accountAddress }) {
+        var _this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups_BackupLocation_DYNAMIC, _this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups, _this_walletMap_accountAddress_externalServerKeySharesBackupInfo, _this_walletMap_accountAddress, _user_verifiedCredentials;
+        this.ensureApiClientAuthenticated();
+        // Return existing backup info if it exists
+        if (((_this_walletMap_accountAddress = this.walletMap[accountAddress]) == null ? void 0 : (_this_walletMap_accountAddress_externalServerKeySharesBackupInfo = _this_walletMap_accountAddress.externalServerKeySharesBackupInfo) == null ? void 0 : (_this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups = _this_walletMap_accountAddress_externalServerKeySharesBackupInfo.backups) == null ? void 0 : (_this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups_BackupLocation_DYNAMIC = _this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups[core.BackupLocation.DYNAMIC]) == null ? void 0 : _this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups_BackupLocation_DYNAMIC.length) > 0) {
+            return this.walletMap[accountAddress].externalServerKeySharesBackupInfo;
+        }
+        // Get backup info from server
+        const user = await this.apiClient.getUser();
+        const wallet = (_user_verifiedCredentials = user.verifiedCredentials) == null ? void 0 : _user_verifiedCredentials.find((vc)=>vc.address.toLowerCase() === accountAddress.toLowerCase());
+        return getExternalServerKeyShareBackupInfo({
+            walletProperties: wallet == null ? void 0 : wallet.walletProperties
+        });
+    }
+    async getWallet({ accountAddress, walletOperation = core.WalletOperation.NO_OPERATION, signedSessionId, shareCount = undefined, password = undefined }) {
+        var _user_verifiedCredentials;
+        this.ensureApiClientAuthenticated();
+        const existingWalletCheck = await this.checkWalletFields({
+            accountAddress,
+            walletOperation,
+            shareCount
+        });
+        if (existingWalletCheck) {
+            this.logger.debug(`Wallet ${accountAddress} already exists`);
+            return this.walletMap[accountAddress];
+        }
+        //todo: Question - why don't we just call getWallets here? so then all are preloaded
+        // Fetch and restore wallet from server
+        const user = await this.apiClient.getUser();
+        const wallet = (_user_verifiedCredentials = user.verifiedCredentials) == null ? void 0 : _user_verifiedCredentials.find((vc)=>vc.address.toLowerCase() === accountAddress.toLowerCase());
+        this.logger.debug('Restoring wallet', wallet);
+        const walletProperties = wallet.walletProperties;
+        this.walletMap[accountAddress] = _extends({}, this.walletMap[accountAddress], {
+            walletId: wallet.id,
+            chainName: wallet.chainName,
+            accountAddress,
+            thresholdSignatureScheme: walletProperties.thresholdSignatureScheme,
+            derivationPath: walletProperties.derivationPath,
+            externalServerKeySharesBackupInfo: getExternalServerKeyShareBackupInfo({
+                walletProperties
+            })
+        });
+        if (walletOperation !== core.WalletOperation.NO_OPERATION && await this.requiresRestoreBackupSharesForOperation({
+            accountAddress,
+            walletOperation
+        })) {
+            // TODO(zfaizal2): throw error if signedSessionId is not provided after service deploy
+            const decryptedKeyShares = await this.recoverEncryptedBackupByWallet({
+                accountAddress,
+                password: password != null ? password : this.environmentId,
+                walletOperation: walletOperation,
+                signedSessionId,
+                shareCount
+            });
+            this.logger.debug('Recovered backup', decryptedKeyShares);
+        }
+        const walletCount = Object.keys(this.walletMap).length;
+        if (walletCount === 0) {
+            throw new Error('No wallets found');
+        }
+        // Return the only wallet if there's just one
+        if (walletCount === 1) {
+            return Object.values(this.walletMap)[0];
+        }
+        return this.walletMap[accountAddress];
+    }
+    async getWallets() {
+        var _user_verifiedCredentials;
+        this.ensureApiClientAuthenticated();
+        const user = await this.apiClient.getUser();
+        const waasWallets = (_user_verifiedCredentials = user.verifiedCredentials) == null ? void 0 : _user_verifiedCredentials.filter((vc)=>vc.walletName === 'dynamicwaas');
+        const wallets = waasWallets.map((vc)=>{
+            var _this_walletMap_vc_address, _this_walletMap_vc_address1, _vc_walletProperties;
+            var _this_walletMap_vc_address_derivationPath;
+            return {
+                walletId: vc.id,
+                chainName: vc.chain,
+                accountAddress: vc.address,
+                serverKeySharesBackupInfo: getExternalServerKeyShareBackupInfo({
+                    walletProperties: vc.walletProperties || {}
+                }),
+                externalServerKeyShares: ((_this_walletMap_vc_address = this.walletMap[vc.address]) == null ? void 0 : _this_walletMap_vc_address.externalServerKeyShares) || [],
+                derivationPath: (_this_walletMap_vc_address_derivationPath = (_this_walletMap_vc_address1 = this.walletMap[vc.address]) == null ? void 0 : _this_walletMap_vc_address1.derivationPath) != null ? _this_walletMap_vc_address_derivationPath : undefined,
+                thresholdSignatureScheme: (_vc_walletProperties = vc.walletProperties) == null ? void 0 : _vc_walletProperties.thresholdSignatureScheme
+            };
+        });
+        this.walletMap = wallets.reduce((acc, wallet)=>{
+            var _acc_accountAddress;
+            const accountAddress = wallet.accountAddress;
+            acc[wallet.accountAddress] = {
+                walletId: wallet.walletId,
+                chainName: wallet.chainName,
+                accountAddress: wallet.accountAddress,
+                externalServerKeyShares: wallet.externalServerKeyShares || [],
+                externalServerKeySharesBackupInfo: wallet.externalServerKeySharesBackupInfo,
+                derivationPath: ((_acc_accountAddress = acc[accountAddress]) == null ? void 0 : _acc_accountAddress.derivationPath) || undefined,
+                thresholdSignatureScheme: wallet.thresholdSignatureScheme
+            };
+            return acc;
+        }, {});
+        return wallets;
+    }
+    constructor({ environmentId, baseApiUrl, baseMPCRelayApiUrl, debug }){
+        this.logger = logger;
+        this.walletMap = {} // todo: store in session storage
+        ;
+        this.isApiClientAuthenticated = false;
+        this.environmentId = environmentId;
+        this.baseMPCRelayApiUrl = baseMPCRelayApiUrl;
+        this.baseApiUrl = baseApiUrl;
+        this.debug = Boolean(debug);
+        this.logger.setLogLevel(this.debug ? 'DEBUG' : DEFAULT_LOG_LEVEL);
+    }
+}
+
+Object.defineProperty(exports, "BIP340", {
+  enumerable: true,
+  get: function () { return node.BIP340; }
+});
+Object.defineProperty(exports, "BIP340InitKeygenResult", {
+  enumerable: true,
+  get: function () { return node.BIP340InitKeygenResult; }
+});
+Object.defineProperty(exports, "BIP340KeygenResult", {
+  enumerable: true,
+  get: function () { return node.BIP340KeygenResult; }
+});
+Object.defineProperty(exports, "Ecdsa", {
+  enumerable: true,
+  get: function () { return node.Ecdsa; }
+});
+Object.defineProperty(exports, "EcdsaInitKeygenResult", {
+  enumerable: true,
+  get: function () { return node.EcdsaInitKeygenResult; }
+});
+Object.defineProperty(exports, "EcdsaKeygenResult", {
+  enumerable: true,
+  get: function () { return node.EcdsaKeygenResult; }
+});
+Object.defineProperty(exports, "EcdsaPublicKey", {
+  enumerable: true,
+  get: function () { return node.EcdsaPublicKey; }
+});
+Object.defineProperty(exports, "EcdsaSignature", {
+  enumerable: true,
+  get: function () { return node.EcdsaSignature; }
+});
+Object.defineProperty(exports, "Ed25519", {
+  enumerable: true,
+  get: function () { return node.Ed25519; }
+});
+Object.defineProperty(exports, "Ed25519InitKeygenResult", {
+  enumerable: true,
+  get: function () { return node.Ed25519InitKeygenResult; }
+});
+Object.defineProperty(exports, "Ed25519KeygenResult", {
+  enumerable: true,
+  get: function () { return node.Ed25519KeygenResult; }
+});
+Object.defineProperty(exports, "MessageHash", {
+  enumerable: true,
+  get: function () { return node.MessageHash; }
+});
+exports.DynamicWalletClient = DynamicWalletClient;
+exports.base64ToBytes = base64ToBytes;
+exports.bytesToBase64 = bytesToBase64;
+exports.ensureBase64Padding = ensureBase64Padding;
+exports.getExternalServerKeyShareBackupInfo = getExternalServerKeyShareBackupInfo;
+exports.getMPCSignatureScheme = getMPCSignatureScheme;
+exports.getMPCSigner = getMPCSigner;
+exports.isHexString = isHexString;
+exports.mergeUniqueKeyShares = mergeUniqueKeyShares;
+exports.retryPromise = retryPromise;
+exports.stringToBytes = stringToBytes;
+Object.keys(core).forEach(function (k) {
+  if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+    enumerable: true,
+    get: function () { return core[k]; }
+  });
+});