@dynamic-labs-wallet/node 0.0.0-pr384.2 → 0.0.0-pr534.0

package/index.cjs.js

@@ -4,8 +4,9 @@ var core$1 = require('#internal/core');
 var core = require('@dynamic-labs-wallet/core');
 var node = require('#internal/node');
 var uuid = require('uuid');
-var logger$1 = require('@dynamic-labs/logger');
 var crypto = require('crypto');
+var logger$1 = require('@dynamic-labs/logger');
+require('node:crypto');
 
 // Removed duplicate exports - these are already exported from #internal/core
 const getMPCSignatureScheme = ({ signingAlgorithm, baseRelayUrl = core.MPC_RELAY_PROD_API_URL })=>{
@@ -68,7 +69,8 @@ const getExternalServerKeyShareBackupInfo = (params)=>{
         [core.BackupLocation.GOOGLE_DRIVE]: [],
         [core.BackupLocation.ICLOUD]: [],
         [core.BackupLocation.USER]: [],
-        [core.BackupLocation.EXTERNAL]: []
+        [core.BackupLocation.EXTERNAL]: [],
+        [core.BackupLocation.DELEGATED]: []
     };
     if (!(params == null ? void 0 : (_params_walletProperties = params.walletProperties) == null ? void 0 : _params_walletProperties.keyShares)) {
         return {
@@ -80,7 +82,8 @@ const getExternalServerKeyShareBackupInfo = (params)=>{
         if (backups[keyShare.backupLocation]) {
             backups[keyShare.backupLocation].push({
                 location: keyShare.backupLocation,
-                keyShareId: keyShare.id
+                keyShareId: keyShare.id,
+                passwordEncrypted: keyShare.passwordEncrypted
             });
         }
     });
@@ -239,7 +242,7 @@ const getKey = async ({ password, salt, encryptionConfig })=>{
             cipher: bytesToBase64(new Uint8Array(encryptedData)),
             version
         };
-    } catch (error) {
+    } catch (e) {
         throw new Error('Error encrypting data');
     }
 };
@@ -283,6 +286,16 @@ const getKey = async ({ password, salt, encryptionConfig })=>{
 const DEFAULT_LOG_LEVEL = 'INFO';
 
 class DynamicWalletClient {
+    async initializeForwardMPCClient() {
+        try {
+            await this.apiClient.forwardMPCClient.ensureWsConnection();
+        } catch (error) {
+            this.logger.error('Error connecting to ForwardMPC enclave websocket. Environment: ' + this.environmentId, {
+                error,
+                environmentId: this.environmentId
+            });
+        }
+    }
     ensureApiClientAuthenticated() {
         if (!this.isApiClientAuthenticated) {
             throw new Error('Client must be authenticated before making API calls. Call authenticateApiToken first.');
@@ -306,7 +319,7 @@ class DynamicWalletClient {
         });
         this.isApiClientAuthenticated = true;
     }
-    async dynamicServerInitializeKeyGen({ chainName, externalServerKeygenIds, thresholdSignatureScheme, dynamicRequestId, onError, onCeremonyComplete }) {
+    async dynamicServerInitializeKeyGen({ chainName, externalServerKeygenIds, thresholdSignatureScheme, dynamicRequestId, skipLock, onError, onCeremonyComplete }) {
         this.ensureApiClientAuthenticated();
         try {
             const data = await this.apiClient.createWalletAccount({
@@ -314,6 +327,7 @@ class DynamicWalletClient {
                 clientKeygenIds: externalServerKeygenIds,
                 thresholdSignatureScheme,
                 dynamicRequestId,
+                skipLock,
                 onError,
                 onCeremonyComplete
             });
@@ -400,7 +414,7 @@ class DynamicWalletClient {
             throw new Error('Error deriving public key in externalServerKeyGen');
         }
     }
-    async keyGen({ chainName, thresholdSignatureScheme, onError, onCeremonyComplete }) {
+    async keyGen({ chainName, thresholdSignatureScheme, skipLock, onError, onCeremonyComplete }) {
         const dynamicRequestId = uuid.v4();
         try {
             const externalServerInitKeygenResults = await this.externalServerInitializeKeyGen({
@@ -413,6 +427,7 @@ class DynamicWalletClient {
                 externalServerKeygenIds,
                 dynamicRequestId,
                 thresholdSignatureScheme,
+                skipLock,
                 onCeremonyComplete
             });
             const { rawPublicKey, externalServerKeyGenResults } = await this.externalServerKeyGen({
@@ -480,7 +495,7 @@ class DynamicWalletClient {
             externalServerKeyShares: externalServerKeygenResults
         };
     }
-    async dynamicServerSign({ walletId, message, isFormatted }) {
+    async dynamicServerSign({ walletId, message, isFormatted, context, onError }) {
         const dynamicRequestId = uuid.v4();
         this.ensureApiClientAuthenticated();
         // Create the room and sign the message
@@ -491,7 +506,10 @@ class DynamicWalletClient {
             walletId,
             message,
             isFormatted,
-            dynamicRequestId
+            dynamicRequestId,
+            context: context ? JSON.parse(JSON.stringify(context, (_key, value)=>typeof value === 'bigint' ? value.toString() : value)) : undefined,
+            onError,
+            forwardMPCClientEnabled: this.forwardMPCEnabled
         });
         return data;
     }
@@ -509,38 +527,102 @@ class DynamicWalletClient {
             throw error;
         }
     }
-    async sign({ accountAddress, externalServerKeyShares, message, chainName, password = undefined, isFormatted = false }) {
-        await this.verifyPassword({
-            accountAddress,
-            password,
-            walletOperation: core.WalletOperation.SIGN_MESSAGE
-        });
-        const wallet = await this.getWallet({
-            accountAddress,
-            walletOperation: core.WalletOperation.SIGN_MESSAGE,
-            password
-        });
-        externalServerKeyShares = externalServerKeyShares != null ? externalServerKeyShares : wallet.externalServerKeyShares;
-        if (!externalServerKeyShares) {
-            throw new Error('External server key shares are required to sign a message');
+    async forwardMPCClientSign({ chainName, message, roomId, keyShare, derivationPath, formattedMessage, dynamicRequestId, isFormatted }) {
+        try {
+            if (!this.apiClient.forwardMPCClient.connected) {
+                await this.initializeForwardMPCClient();
+            }
+            const messageForForwardMPC = core.serializeMessageForForwardMPC({
+                message,
+                isFormatted,
+                chainName
+            });
+            this.logger.info('Forward MPC enabled, signing message with forward MPC');
+            const environment = core.getEnvironmentFromUrl(this.baseApiUrl);
+            const defaultRelayUrl = core.MPC_RELAY_URL_MAP[environment];
+            const signature = await this.apiClient.forwardMPCClient.signMessage({
+                keyshare: keyShare,
+                message: chainName === 'SVM' ? formattedMessage : messageForForwardMPC,
+                relayDomain: this.baseMPCRelayApiUrl || defaultRelayUrl,
+                signingAlgo: chainName === 'EVM' ? 'ECDSA' : 'ED25519',
+                hashAlgo: chainName === 'EVM' && !isFormatted ? 'keccak256' : undefined,
+                derivationPath: derivationPath,
+                roomUuid: roomId
+            });
+            const signatureBytes = signature.data.signature;
+            if (!(signatureBytes instanceof Uint8Array)) {
+                throw new TypeError(`Invalid signature format: expected Uint8Array, got ${typeof signatureBytes}`);
+            }
+            // Convert to EcdsaSignature
+            if (chainName === 'EVM') {
+                const ecdsaSignature = node.EcdsaSignature.fromBuffer(signatureBytes);
+                return ecdsaSignature;
+            } else {
+                return signatureBytes;
+            }
+        } catch (error) {
+            this.logger.error('Error signing message with forward MPC client', {
+                error,
+                environmentId: this.environmentId,
+                dynamicRequestId
+            });
+            throw error;
+        }
+    }
+    async sign({ accountAddress, externalServerKeyShares, message, chainName, password = undefined, isFormatted = false, context, onError }) {
+        try {
+            await this.verifyPassword({
+                accountAddress,
+                password,
+                walletOperation: core.WalletOperation.SIGN_MESSAGE
+            });
+            const wallet = await this.getWallet({
+                accountAddress,
+                walletOperation: core.WalletOperation.SIGN_MESSAGE,
+                password
+            });
+            externalServerKeyShares = externalServerKeyShares != null ? externalServerKeyShares : wallet.externalServerKeyShares;
+            if (!externalServerKeyShares) {
+                throw new Error('External server key shares are required to sign a message');
+            }
+            // Perform the dynamic server sign
+            const data = await this.dynamicServerSign({
+                walletId: wallet.walletId,
+                message,
+                isFormatted,
+                context,
+                onError
+            });
+            const derivationPath = wallet.derivationPath && wallet.derivationPath != '' ? new Uint32Array(Object.values(JSON.parse(wallet.derivationPath))) : undefined;
+            // Perform the external server sign and return the signature
+            if (this.forwardMPCEnabled) {
+                const formattedMessage = isFormatted ? new node.MessageHash(message) : formatMessage(chainName, message);
+                const signature = await this.forwardMPCClientSign({
+                    chainName,
+                    message,
+                    roomId: data.roomId,
+                    keyShare: externalServerKeyShares[0],
+                    derivationPath,
+                    formattedMessage,
+                    dynamicRequestId: uuid.v4(),
+                    isFormatted
+                });
+                return signature;
+            } else {
+                const signature = await this.externalServerSign({
+                    chainName,
+                    message,
+                    roomId: data.roomId,
+                    keyShare: externalServerKeyShares[0],
+                    derivationPath,
+                    isFormatted
+                });
+                return signature;
+            }
+        } catch (error) {
+            this.logger.error('Error in sign', error);
+            throw error;
         }
-        // Perform the dynamic server sign
-        const data = await this.dynamicServerSign({
-            walletId: wallet.walletId,
-            message,
-            isFormatted
-        });
-        const derivationPath = wallet.derivationPath && wallet.derivationPath != '' ? new Uint32Array(Object.values(JSON.parse(wallet.derivationPath))) : undefined;
-        // Perform the external server sign and return the signature
-        const signature = await this.externalServerSign({
-            chainName,
-            message,
-            roomId: data.roomId,
-            keyShare: externalServerKeyShares[0],
-            derivationPath,
-            isFormatted
-        });
-        return signature;
     }
     async refreshWalletAccountShares({ accountAddress, chainName, password = undefined, externalServerKeyShares, backUpToClientShareService = false }) {
         this.ensureApiClientAuthenticated();
@@ -818,19 +900,21 @@ class DynamicWalletClient {
             if (!this.walletMap[accountAddress] || !this.walletMap[accountAddress].walletId) {
                 throw new Error(`WalletId not found for accountAddress: ${accountAddress}`);
             }
+            const passwordEncryptedFlag = Boolean(password) && password !== this.environmentId;
             const locations = [];
             if (backUpToClientShareService) {
                 const data = await this.apiClient.storeEncryptedBackupByWallet({
                     walletId: this.walletMap[accountAddress].walletId,
                     encryptedKeyShares: encryptedKeyShares,
-                    passwordEncrypted: Boolean(password) && password !== this.environmentId,
+                    passwordEncrypted: passwordEncryptedFlag,
                     encryptionVersion: ENCRYPTION_VERSION_CURRENT,
                     requiresSignedSessionId: false,
                     dynamicRequestId
                 });
                 locations.push({
                     location: core.BackupLocation.DYNAMIC,
-                    externalKeyShareId: data.keyShareIds[0]
+                    externalKeyShareId: data.keyShareIds[0],
+                    passwordEncrypted: passwordEncryptedFlag
                 });
             } else {
                 locations.push({
@@ -849,7 +933,7 @@ class DynamicWalletClient {
                             id: ks.keyShareId,
                             backupLocation: ks.location,
                             externalKeyShareId: ks.externalKeyShareId,
-                            passwordEncrypted: Boolean(password) && password !== this.environmentId
+                            passwordEncrypted: passwordEncryptedFlag
                         })),
                     thresholdSignatureScheme: this.walletMap[accountAddress].thresholdSignatureScheme
                 }
@@ -881,12 +965,25 @@ class DynamicWalletClient {
         });
     }
     async getExternalServerKeyShares({ accountAddress, password }) {
+        var _wallet_externalServerKeySharesBackupInfo_backups, _wallet_externalServerKeySharesBackupInfo;
         const wallet = await this.getWallet({
             accountAddress,
             password,
             walletOperation: core.WalletOperation.REACH_THRESHOLD
         });
-        return wallet.externalServerKeyShares;
+        // Check if the wallet has a dynamic backup and derive password encryption status from the first dynamic share
+        const dynamicBackups = (wallet == null ? void 0 : (_wallet_externalServerKeySharesBackupInfo = wallet.externalServerKeySharesBackupInfo) == null ? void 0 : (_wallet_externalServerKeySharesBackupInfo_backups = _wallet_externalServerKeySharesBackupInfo.backups) == null ? void 0 : _wallet_externalServerKeySharesBackupInfo_backups.dynamic) || [];
+        const passwordEncrypted = dynamicBackups.length > 0 ? Boolean(dynamicBackups[0].passwordEncrypted) : false;
+        if (passwordEncrypted && !password) {
+            throw new Error('Password is required for decryption but not provided. This backup was encrypted with a password.');
+        }
+        // recover the shares
+        const recoveredShares = await this.recoverEncryptedBackupByWallet({
+            accountAddress,
+            password,
+            walletOperation: core.WalletOperation.REACH_THRESHOLD
+        });
+        return recoveredShares;
     }
     async updatePassword({ accountAddress, existingPassword, newPassword, backUpToClientShareService }) {
         await this.getWallet({
@@ -928,10 +1025,14 @@ class DynamicWalletClient {
         if (shareCount !== undefined) {
             requiredShareCount = shareCount;
         }
-        const dynamicShares = backups[core.BackupLocation.DYNAMIC].slice(0, requiredShareCount);
+        const dynamicShares = (backups[core.BackupLocation.DYNAMIC] || []).slice(0, requiredShareCount);
+        const externalShares = (backups[core.BackupLocation.EXTERNAL] || []).slice(0, requiredShareCount);
+        // If we have DYNAMIC shares, use those; otherwise use EXTERNAL shares
+        const sharesToUse = dynamicShares.length > 0 ? dynamicShares : externalShares;
+        const backupLocation = dynamicShares.length > 0 ? core.BackupLocation.DYNAMIC : core.BackupLocation.EXTERNAL;
         return {
             shares: {
-                [core.BackupLocation.DYNAMIC]: dynamicShares.map((ks)=>{
+                [backupLocation]: sharesToUse.map((ks)=>{
                     var _ks_externalKeyShareId, _ref;
                     return (_ref = (_ks_externalKeyShareId = ks.externalKeyShareId) != null ? _ks_externalKeyShareId : ks.keyShareId) != null ? _ref : '';
                 })
@@ -939,9 +1040,42 @@ class DynamicWalletClient {
             requiredShareCount
         };
     }
+    /**
+   * Attempts to recover key shares from backup if they are not provided.
+   * The recovered shares will be stored in the wallet map for use in signing operations.
+   * @param accountAddress - The account address to recover shares for
+   * @param password - The password to decrypt the shares
+   * @param walletOperation - The wallet operation being performed
+   * @param externalServerKeyShares - The provided key shares (if any)
+   * @param errorMessage - The error message to throw if recovery fails
+   * @throws Error if recovery is needed but fails
+   */ async ensureKeySharesRecovered({ accountAddress, password, walletOperation, externalServerKeyShares, errorMessage }) {
+        if (!externalServerKeyShares || externalServerKeyShares.length === 0) {
+            // attempt to recover dynamic keyshares if no key shares are provided
+            // the shares will be used for signing in the node SDK if successful
+            const recoveredShares = await this.recoverEncryptedBackupByWallet({
+                accountAddress,
+                password,
+                walletOperation,
+                storeRecoveredShares: true
+            });
+            // If recovery returned empty and no shares were provided, throw error
+            if (!recoveredShares || recoveredShares.length === 0) {
+                throw new Error(errorMessage);
+            }
+        }
+    }
     async recoverEncryptedBackupByWallet({ accountAddress, password, walletOperation, shareCount = undefined, storeRecoveredShares = true }) {
+        var _wallet_externalServerKeySharesBackupInfo;
         this.ensureApiClientAuthenticated();
-        const wallet = this.walletMap[accountAddress];
+        let wallet = this.walletMap[accountAddress];
+        if (!wallet) {
+            const fetchedWallet = await this.getWalletByAddress(accountAddress);
+            if (!fetchedWallet) {
+                throw new Error(`Wallet not found for address 1: ${accountAddress}`);
+            }
+            wallet = fetchedWallet;
+        }
         this.logger.debug(`recoverEncryptedBackupByWallet wallet: ${walletOperation}`, wallet);
         const { shares } = this.recoverStrategy({
             externalServerKeySharesBackupInfo: wallet.externalServerKeySharesBackupInfo,
@@ -949,13 +1083,30 @@ class DynamicWalletClient {
             walletOperation,
             shareCount
         });
-        const { dynamic: dynamicKeyShareIds } = shares;
-        const data = await this.apiClient.recoverEncryptedBackupByWallet({
-            walletId: wallet.walletId,
-            keyShareIds: dynamicKeyShareIds,
-            requiresSignedSessionId: false
-        });
+        // Get the key share IDs from whichever backup location has shares
+        const dynamicKeyShareIds = shares[core.BackupLocation.DYNAMIC] || [];
+        const externalKeyShareIds = shares[core.BackupLocation.EXTERNAL] || [];
+        // Only attempt recovery if we have DYNAMIC shares (the API doesn't support EXTERNAL shares)
+        let data;
+        if (dynamicKeyShareIds.length > 0) {
+            data = await this.apiClient.recoverEncryptedBackupByWallet({
+                walletId: wallet.walletId,
+                keyShareIds: dynamicKeyShareIds,
+                requiresSignedSessionId: false
+            });
+        } else if (externalKeyShareIds.length > 0) {
+            this.logger.debug('Skipping recovery - only EXTERNAL shares available (backUpToClientShareService: false)');
+            return []; // Return empty array since we can't recover EXTERNAL shares via API
+        } else {
+            this.logger.debug('No shares available for recovery');
+            return []; // Return empty array if no shares are available
+        }
         const dynamicKeyShares = data.keyShares.filter((keyShare)=>keyShare.encryptedAccountCredential !== null && keyShare.backupLocation === core.BackupLocation.DYNAMIC);
+        var _wallet_externalServerKeySharesBackupInfo_passwordEncrypted;
+        const isPasswordEncrypted = (_wallet_externalServerKeySharesBackupInfo_passwordEncrypted = (_wallet_externalServerKeySharesBackupInfo = wallet.externalServerKeySharesBackupInfo) == null ? void 0 : _wallet_externalServerKeySharesBackupInfo.passwordEncrypted) != null ? _wallet_externalServerKeySharesBackupInfo_passwordEncrypted : false;
+        if (isPasswordEncrypted && !password) {
+            throw new Error('Password is required for decryption but not provided. This backup was encrypted with a password.');
+        }
         const decryptedKeyShares = await Promise.all(dynamicKeyShares.map((keyShare)=>this.decryptKeyShare({
                 keyShare: keyShare.encryptedAccountCredential,
                 password: password != null ? password : this.environmentId
@@ -985,6 +1136,7 @@ class DynamicWalletClient {
    * @param walletOperation - The wallet operation that determines required fields
    * @returns boolean indicating if wallet needs to be re-fetched and restored from server
    */ async checkWalletFields({ accountAddress, walletOperation = core.WalletOperation.REACH_THRESHOLD, shareCount }) {
+        var _existingWallet_externalServerKeyShares;
         let keyshareCheck = false;
         let walletCheck = false;
         let thresholdSignatureSchemeCheck = false;
@@ -1004,7 +1156,7 @@ class DynamicWalletClient {
         }
         // check if wallet already exists with sufficient keyshares
         if (existingWallet) {
-            var _existingWallet_externalServerKeyShares;
+            var _existingWallet_externalServerKeyShares1;
             const { shares } = this.recoverStrategy({
                 externalServerKeySharesBackupInfo: existingWallet.externalServerKeySharesBackupInfo || {
                     backups: getExternalServerKeyShareBackupInfo()
@@ -1014,11 +1166,35 @@ class DynamicWalletClient {
                 shareCount
             });
             const { dynamic: requiredDynamicKeyShareIds = [] } = shares;
-            if (requiredDynamicKeyShareIds.length <= (((_existingWallet_externalServerKeyShares = existingWallet.externalServerKeyShares) == null ? void 0 : _existingWallet_externalServerKeyShares.length) || 0)) {
+            const { external: requiredExternalKeyShareIds = [] } = shares;
+            // Check if we have enough shares from any backup location
+            const totalRequiredShares = requiredDynamicKeyShareIds.length + requiredExternalKeyShareIds.length;
+            // Check if we have the required shares either loaded OR available in backup
+            const hasLoadedShares = totalRequiredShares <= (((_existingWallet_externalServerKeyShares1 = existingWallet.externalServerKeyShares) == null ? void 0 : _existingWallet_externalServerKeyShares1.length) || 0);
+            // Check if backup contains the specific required share IDs
+            const hasBackupShares = existingWallet.externalServerKeySharesBackupInfo && (()=>{
+                const backupShares = existingWallet.externalServerKeySharesBackupInfo.backups.dynamic;
+                const allRequiredIds = [
+                    ...requiredDynamicKeyShareIds,
+                    ...requiredExternalKeyShareIds
+                ];
+                return allRequiredIds.every((requiredId)=>backupShares.some((backupShare)=>backupShare.externalKeyShareId === requiredId || backupShare.keyShareId === requiredId));
+            })();
+            if (hasLoadedShares || hasBackupShares) {
                 keyshareCheck = true;
             }
         }
-        return walletCheck && thresholdSignatureSchemeCheck && keyshareCheck && derivationPathCheck;
+        const result = walletCheck && thresholdSignatureSchemeCheck && keyshareCheck && derivationPathCheck;
+        this.logger.debug('Wallet checks:', {
+            walletCheck,
+            thresholdSignatureSchemeCheck,
+            keyshareCheck,
+            derivationPathCheck,
+            existingWallet: !!existingWallet,
+            keySharesLength: existingWallet == null ? void 0 : (_existingWallet_externalServerKeyShares = existingWallet.externalServerKeyShares) == null ? void 0 : _existingWallet_externalServerKeyShares.length,
+            result
+        });
+        return result;
     }
     /**
    * verifyPassword attempts to recover and decrypt a single client key share using the provided password.
@@ -1044,8 +1220,10 @@ class DynamicWalletClient {
             accountAddress
         });
         const { dynamic: dynamicKeyShareIds = [] } = backups;
-        if (!dynamicKeyShareIds || dynamicKeyShareIds.length === 0) {
-            throw new Error('No dynamic key shares found');
+        const { external: externalKeyShareIds = [] } = backups;
+        // Check if we have any shares available (DYNAMIC or EXTERNAL)
+        if (dynamicKeyShareIds.length === 0 && externalKeyShareIds.length === 0) {
+            throw new Error('No key shares found');
         }
         try {
             await this.recoverEncryptedBackupByWallet({
@@ -1090,34 +1268,44 @@ class DynamicWalletClient {
         if (walletOperation === core.WalletOperation.REACH_ALL_PARTIES || walletOperation === core.WalletOperation.REFRESH || walletOperation === core.WalletOperation.RESHARE) {
             return true;
         }
-        const { requiredShareCount } = this.recoverStrategy({
+        const { shares, requiredShareCount } = this.recoverStrategy({
             externalServerKeySharesBackupInfo,
             thresholdSignatureScheme: this.walletMap[accountAddress].thresholdSignatureScheme,
             walletOperation
         });
-        if (externalServerKeyShares.length >= requiredShareCount) {
+        const dynamicKeyShareIds = shares[core.BackupLocation.DYNAMIC] || [];
+        const externalKeyShareIds = shares[core.BackupLocation.EXTERNAL] || [];
+        // Check if we have enough shares from either location
+        const totalAvailableShares = externalServerKeyShares.length + dynamicKeyShareIds.length + externalKeyShareIds.length;
+        if (totalAvailableShares >= requiredShareCount) {
             return false;
         }
         return true;
     }
     async getWalletExternalServerKeyShareBackupInfo({ accountAddress }) {
-        var _this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups_BackupLocation_DYNAMIC, _this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups, _this_walletMap_accountAddress_externalServerKeySharesBackupInfo, _this_walletMap_accountAddress, _user_verifiedCredentials;
+        var _wallet_externalServerKeySharesBackupInfo_backups_BackupLocation_DYNAMIC, _wallet_externalServerKeySharesBackupInfo_backups, _wallet_externalServerKeySharesBackupInfo, _user_verifiedCredentials;
         this.ensureApiClientAuthenticated();
+        let wallet = this.walletMap[accountAddress];
+        if (!wallet) {
+            const fetchedWallet = await this.getWalletByAddress(accountAddress);
+            if (!fetchedWallet) {
+                throw new Error(`Wallet not found for address 2: ${accountAddress}`);
+            }
+            wallet = fetchedWallet;
+        }
         // Return existing backup info if it exists
-        if (((_this_walletMap_accountAddress = this.walletMap[accountAddress]) == null ? void 0 : (_this_walletMap_accountAddress_externalServerKeySharesBackupInfo = _this_walletMap_accountAddress.externalServerKeySharesBackupInfo) == null ? void 0 : (_this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups = _this_walletMap_accountAddress_externalServerKeySharesBackupInfo.backups) == null ? void 0 : (_this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups_BackupLocation_DYNAMIC = _this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups[core.BackupLocation.DYNAMIC]) == null ? void 0 : _this_walletMap_accountAddress_externalServerKeySharesBackupInfo_backups_BackupLocation_DYNAMIC.length) > 0) {
-            return this.walletMap[accountAddress].externalServerKeySharesBackupInfo;
+        if (((_wallet_externalServerKeySharesBackupInfo = wallet.externalServerKeySharesBackupInfo) == null ? void 0 : (_wallet_externalServerKeySharesBackupInfo_backups = _wallet_externalServerKeySharesBackupInfo.backups) == null ? void 0 : (_wallet_externalServerKeySharesBackupInfo_backups_BackupLocation_DYNAMIC = _wallet_externalServerKeySharesBackupInfo_backups[core.BackupLocation.DYNAMIC]) == null ? void 0 : _wallet_externalServerKeySharesBackupInfo_backups_BackupLocation_DYNAMIC.length) > 0) {
+            return wallet.externalServerKeySharesBackupInfo;
         }
         // Get backup info from server
         const user = await this.apiClient.getUser(uuid.v4());
-        const wallet = (_user_verifiedCredentials = user.verifiedCredentials) == null ? void 0 : _user_verifiedCredentials.find((vc)=>vc.address.toLowerCase() === accountAddress.toLowerCase());
+        const walletData = (_user_verifiedCredentials = user.verifiedCredentials) == null ? void 0 : _user_verifiedCredentials.find((vc)=>vc.address.toLowerCase() === accountAddress.toLowerCase());
         return getExternalServerKeyShareBackupInfo({
-            walletProperties: wallet == null ? void 0 : wallet.walletProperties
+            walletProperties: walletData == null ? void 0 : walletData.walletProperties
         });
     }
     async getWallet({ accountAddress, walletOperation = core.WalletOperation.NO_OPERATION, shareCount = undefined, password = undefined }) {
-        const dynamicRequestId = uuid.v4();
         try {
-            var _user_verifiedCredentials;
             this.ensureApiClientAuthenticated();
             const existingWalletCheck = await this.checkWalletFields({
                 accountAddress,
@@ -1128,22 +1316,13 @@ class DynamicWalletClient {
                 this.logger.debug(`Wallet ${accountAddress} already exists`);
                 return this.walletMap[accountAddress];
             }
-            //todo: Question - why don't we just call getWallets here? so then all are preloaded
-            // Fetch and restore wallet from server
-            const user = await this.apiClient.getUser(dynamicRequestId);
-            const wallet = (_user_verifiedCredentials = user.verifiedCredentials) == null ? void 0 : _user_verifiedCredentials.find((vc)=>vc.address.toLowerCase() === accountAddress.toLowerCase());
+            const wallet = await this.getWalletByAddress(accountAddress);
+            if (!wallet) {
+                throw new Error(`Wallet not found for address 3: ${accountAddress}`);
+            }
             this.logger.debug('Restoring wallet', wallet);
-            const walletProperties = wallet.walletProperties;
-            this.walletMap[accountAddress] = _extends({}, this.walletMap[accountAddress], {
-                walletId: wallet.id,
-                chainName: wallet.chainName,
-                accountAddress,
-                thresholdSignatureScheme: walletProperties.thresholdSignatureScheme,
-                derivationPath: walletProperties.derivationPath,
-                externalServerKeySharesBackupInfo: getExternalServerKeyShareBackupInfo({
-                    walletProperties
-                })
-            });
+            // The wallet is already processed, so we can use it directly
+            this.walletMap[accountAddress] = wallet;
             if (walletOperation !== core.WalletOperation.NO_OPERATION && await this.requiresRestoreBackupSharesForOperation({
                 accountAddress,
                 walletOperation
@@ -1171,14 +1350,82 @@ class DynamicWalletClient {
             throw error;
         }
     }
-    async getWallets() {
+    /**
+   * Get a single wallet by address
+   * First tries the efficient getWaasWalletByAddress endpoint, falls back to getUser() if not available
+   */ async getWalletByAddress(accountAddress) {
+        // Return cached wallet if available
+        if (this.walletMap[accountAddress]) {
+            return this.walletMap[accountAddress];
+        }
+        this.ensureApiClientAuthenticated();
+        // Try getting single wallet by address first
+        try {
+            var _walletResponse_wallet;
+            const walletResponse = await this.apiClient.getWaasWalletByAddress({
+                walletAddress: accountAddress
+            });
+            const walletProperties = {
+                walletId: walletResponse.wallet.walletId,
+                chainName: walletResponse.wallet.chainName,
+                accountAddress: walletResponse.wallet.accountAddress,
+                externalServerKeyShares: [],
+                derivationPath: walletResponse.wallet.derivationPath,
+                thresholdSignatureScheme: walletResponse.wallet.thresholdSignatureScheme,
+                externalServerKeySharesBackupInfo: getExternalServerKeyShareBackupInfo({
+                    walletProperties: {
+                        // @ts-expect-error TODO: update response to get key shares
+                        keyShares: ((_walletResponse_wallet = walletResponse.wallet) == null ? void 0 : _walletResponse_wallet.keyShares) || [],
+                        thresholdSignatureScheme: walletResponse.wallet.thresholdSignatureScheme,
+                        derivationPath: walletResponse.wallet.derivationPath
+                    }
+                })
+            };
+            // Cache the wallet
+            this.walletMap[accountAddress] = walletProperties;
+            return walletProperties;
+        } catch (error) {
+            var _error_response;
+            // If the new endpoint doesn't exist (404 or not implemented), fall back to getUser()
+            if ((error == null ? void 0 : (_error_response = error.response) == null ? void 0 : _error_response.status) === 404 || (error == null ? void 0 : error.code) === 'ERR_BAD_REQUEST') {
+                var _user_verifiedCredentials, _wallet_walletProperties, _wallet_walletProperties1;
+                this.logger.debug('getWaasWalletByAddress endpoint not available, falling back to getUser()');
+                // Fallback to getUser() approach
+                const user = await this.apiClient.getUser(uuid.v4());
+                const wallet = (_user_verifiedCredentials = user.verifiedCredentials) == null ? void 0 : _user_verifiedCredentials.find((vc)=>vc.walletName === 'dynamicwaas' && vc.address.toLowerCase() === accountAddress.toLowerCase());
+                if (!wallet) {
+                    return null;
+                }
+                var _wallet_walletProperties_derivationPath;
+                const walletProperties = {
+                    walletId: wallet.id,
+                    chainName: wallet.chain,
+                    accountAddress: wallet.address,
+                    externalServerKeyShares: [],
+                    derivationPath: (_wallet_walletProperties_derivationPath = (_wallet_walletProperties = wallet.walletProperties) == null ? void 0 : _wallet_walletProperties.derivationPath) != null ? _wallet_walletProperties_derivationPath : undefined,
+                    thresholdSignatureScheme: (_wallet_walletProperties1 = wallet.walletProperties) == null ? void 0 : _wallet_walletProperties1.thresholdSignatureScheme,
+                    externalServerKeySharesBackupInfo: getExternalServerKeyShareBackupInfo({
+                        walletProperties: wallet.walletProperties || {}
+                    })
+                };
+                // Cache the wallet
+                this.walletMap[accountAddress] = walletProperties;
+                return walletProperties;
+            }
+            throw error;
+        }
+    }
+    /**
+   * Get all wallets (kept for backward compatibility but now uses lazy loading)
+   * @deprecated Consider using getWalletByAddress for better performance with large wallet counts
+   */ async getWallets() {
         var _user_verifiedCredentials;
         this.ensureApiClientAuthenticated();
         const user = await this.apiClient.getUser(uuid.v4());
         const waasWallets = (_user_verifiedCredentials = user.verifiedCredentials) == null ? void 0 : _user_verifiedCredentials.filter((vc)=>vc.walletName === 'dynamicwaas');
         const wallets = waasWallets.map((vc)=>{
-            var _this_walletMap_vc_address, _this_walletMap_vc_address1, _vc_walletProperties;
-            var _this_walletMap_vc_address_derivationPath;
+            var _this_walletMap_vc_address, _vc_walletProperties, _vc_walletProperties1;
+            var _vc_walletProperties_derivationPath;
             return {
                 walletId: vc.id,
                 chainName: vc.chain,
@@ -1187,39 +1434,225 @@ class DynamicWalletClient {
                     walletProperties: vc.walletProperties || {}
                 }),
                 externalServerKeyShares: ((_this_walletMap_vc_address = this.walletMap[vc.address]) == null ? void 0 : _this_walletMap_vc_address.externalServerKeyShares) || [],
-                derivationPath: (_this_walletMap_vc_address_derivationPath = (_this_walletMap_vc_address1 = this.walletMap[vc.address]) == null ? void 0 : _this_walletMap_vc_address1.derivationPath) != null ? _this_walletMap_vc_address_derivationPath : undefined,
-                thresholdSignatureScheme: (_vc_walletProperties = vc.walletProperties) == null ? void 0 : _vc_walletProperties.thresholdSignatureScheme
+                derivationPath: (_vc_walletProperties_derivationPath = (_vc_walletProperties = vc.walletProperties) == null ? void 0 : _vc_walletProperties.derivationPath) != null ? _vc_walletProperties_derivationPath : undefined,
+                thresholdSignatureScheme: (_vc_walletProperties1 = vc.walletProperties) == null ? void 0 : _vc_walletProperties1.thresholdSignatureScheme
             };
         });
         this.walletMap = wallets.reduce((acc, wallet)=>{
-            var _acc_accountAddress;
-            const accountAddress = wallet.accountAddress;
             acc[wallet.accountAddress] = {
                 walletId: wallet.walletId,
                 chainName: wallet.chainName,
                 accountAddress: wallet.accountAddress,
                 externalServerKeyShares: wallet.externalServerKeyShares || [],
                 externalServerKeySharesBackupInfo: wallet.externalServerKeySharesBackupInfo,
-                derivationPath: ((_acc_accountAddress = acc[accountAddress]) == null ? void 0 : _acc_accountAddress.derivationPath) || undefined,
+                derivationPath: wallet.derivationPath,
                 thresholdSignatureScheme: wallet.thresholdSignatureScheme
             };
             return acc;
         }, {});
         return wallets;
     }
-    constructor({ environmentId, baseApiUrl, baseMPCRelayApiUrl, debug }){
+    constructor({ environmentId, baseApiUrl, baseMPCRelayApiUrl, debug, forwardMPCClient, enableMPCAccelerator = false }){
         this.logger = logger;
         this.walletMap = {} // todo: store in session storage
         ;
         this.isApiClientAuthenticated = false;
+        this.forwardMPCEnabled = false;
         this.environmentId = environmentId;
         this.baseMPCRelayApiUrl = baseMPCRelayApiUrl;
         this.baseApiUrl = baseApiUrl;
         this.debug = Boolean(debug);
         this.logger.setLogLevel(this.debug ? 'DEBUG' : DEFAULT_LOG_LEVEL);
+        this.forwardMPCEnabled = enableMPCAccelerator || Boolean(forwardMPCClient);
+        // Initialize API client with forwardMPCClient
+        this.apiClient = new core.DynamicApiClient({
+            environmentId,
+            baseApiUrl,
+            forwardMPCClient
+        });
+        if (this.forwardMPCEnabled) {
+            this.logger.info('Initializing ForwardMPC enclave websocket in node client. Environment: ' + this.environmentId);
+            this.initializeForwardMPCClient();
+        }
     }
 }
 
+const createCore = ({ environmentId, baseApiUrl, baseMPCRelayApiUrl, debug = false })=>{
+    const coreLogger = logger;
+    coreLogger.setLogLevel(debug ? 'DEBUG' : DEFAULT_LOG_LEVEL);
+    const createApiClient = (options = {})=>{
+        return new core.DynamicApiClient(_extends({
+            environmentId,
+            baseApiUrl
+        }, options));
+    };
+    return {
+        environmentId,
+        createApiClient,
+        logger: coreLogger,
+        baseMPCRelayApiUrl,
+        baseApiUrl,
+        debug
+    };
+};
+
+// Helper function to create API client for delegated operations
+const createDelegatedApiClient = (client, options = {})=>{
+    return client.createApiClient(options);
+};
+// Helper function to create API client with wallet-specific headers
+const createDelegatedApiClientWithWalletKey = (client, walletApiKey)=>{
+    const apiClient = client.createApiClient();
+    // Add the wallet-specific API key header to all requests from this client
+    apiClient.apiClient.defaults.headers['x-dyn-wallet-api-key'] = walletApiKey;
+    return apiClient;
+};
+const createDelegatedWalletClient = ({ environmentId, baseApiUrl, baseMPCRelayApiUrl, apiKey, debug = false })=>{
+    const core = createCore({
+        environmentId,
+        baseApiUrl,
+        baseMPCRelayApiUrl,
+        debug
+    });
+    // Store the API key for use in delegated operations
+    core.apiKey = apiKey;
+    const walletMap = {};
+    const client = {
+        get environmentId () {
+            return core.environmentId;
+        },
+        get debug () {
+            return core.debug;
+        },
+        get apiUrl () {
+            var _core_baseApiUrl;
+            return (_core_baseApiUrl = core.baseApiUrl) != null ? _core_baseApiUrl : 'https://app.dynamicauth.com';
+        },
+        get wallets () {
+            return walletMap;
+        },
+        createApiClient: (options = {})=>{
+            return core.createApiClient(_extends({
+                authToken: apiKey
+            }, options));
+        },
+        logger: core.logger,
+        apiKey,
+        baseMPCRelayApiUrl: core.baseMPCRelayApiUrl
+    };
+    return client;
+};
+
+const dynamicDelegatedSign = async (client, { walletId, message, isFormatted, walletApiKey, onError, context })=>{
+    const dynamicRequestId = uuid.v4();
+    // Convert message to hex if it's a Uint8Array
+    if (typeof message !== 'string') {
+        message = '0x' + Buffer.from(message).toString('hex');
+    }
+    const apiClient = createDelegatedApiClientWithWalletKey(client, walletApiKey);
+    const data = await apiClient.delegatedSignMessage({
+        walletId,
+        message,
+        isFormatted,
+        dynamicRequestId,
+        onError,
+        context: context ? JSON.parse(JSON.stringify(context, (_key, value)=>typeof value === 'bigint' ? value.toString() : value)) : undefined
+    });
+    return data;
+};
+const delegatedSign = async (client, { chainName, message, roomId, keyShare, derivationPath, isFormatted })=>{
+    try {
+        const mpcSigner = getMPCSigner({
+            chainName,
+            baseRelayUrl: client.baseMPCRelayApiUrl
+        });
+        const formattedMessage = isFormatted ? new node.MessageHash(message) : formatMessage(chainName, message);
+        const signature = await mpcSigner.sign(roomId, keyShare, formattedMessage, derivationPath);
+        return signature;
+    } catch (error) {
+        client.logger.error('Error in delegatedSign', error);
+        throw error;
+    }
+};
+const delegatedSignMessage = async (client, { walletId, walletApiKey, keyShare, message, chainName, isFormatted = false, onError, context })=>{
+    // Validate required parameters
+    if (!keyShare) {
+        throw new Error('Delegated key share is required to sign a message');
+    }
+    const wallet = await getWallet(client, {
+        walletId
+    });
+    // Perform the dynamic server sign
+    const data = await dynamicDelegatedSign(client, {
+        walletId,
+        walletApiKey,
+        message,
+        isFormatted,
+        onError,
+        context
+    });
+    const derivationPath = wallet.derivationPath && wallet.derivationPath !== '' ? new Uint32Array(Object.values(JSON.parse(wallet.derivationPath))) : undefined;
+    // Perform the external server sign and return the signature
+    const signature = await delegatedSign(client, {
+        chainName,
+        message,
+        roomId: data.roomId,
+        keyShare,
+        derivationPath,
+        isFormatted
+    });
+    return signature;
+};
+// Helper function to get wallet (to be implemented in wallet module)
+const getWallet = async (client, { walletId })=>{
+    const wallets = client.wallets;
+    // Check if wallet is already cached
+    if (wallets[walletId]) {
+        return wallets[walletId];
+    }
+    // Fetch wallet from API
+    const apiClient = createDelegatedApiClient(client);
+    const { wallet } = await apiClient.getWaasWalletById({
+        walletId
+    });
+    const waasWallet = {
+        walletId,
+        chainName: wallet.chainName,
+        accountAddress: wallet.accountAddress,
+        externalServerKeyShares: [],
+        derivationPath: wallet.derivationPath,
+        thresholdSignatureScheme: wallet.thresholdSignatureScheme,
+        externalServerKeySharesBackupInfo: {
+            passwordEncrypted: false,
+            backups: {
+                dynamic: [],
+                googleDrive: [],
+                iCloud: [],
+                user: [],
+                external: [],
+                delegated: []
+            }
+        }
+    };
+    // Cache the wallet
+    wallets[walletId] = waasWallet;
+    return waasWallet;
+};
+
+const revokeDelegation = async (client, walletId)=>{
+    try {
+        // TODO: Uncomment when API method is implemented
+        // const apiClient = createDelegatedApiClient(client);
+        // await apiClient.revokeDelegation({
+        //   walletId,
+        // });
+        client.logger.info(`Delegation revoked for wallet: ${walletId}`);
+    } catch (error) {
+        client.logger.error('Error revoking delegation', error);
+        throw new Error('Failed to revoke delegation');
+    }
+};
+
 Object.defineProperty(exports, "SOLANA_RPC_URL", {
   enumerable: true,
   get: function () { return core.SOLANA_RPC_URL; }
@@ -1232,9 +1665,15 @@ Object.defineProperty(exports, "WalletOperation", {
   enumerable: true,
   get: function () { return core.WalletOperation; }
 });
+Object.defineProperty(exports, "getMPCChainConfig", {
+  enumerable: true,
+  get: function () { return core.getMPCChainConfig; }
+});
 exports.DynamicWalletClient = DynamicWalletClient;
 exports.base64ToBytes = base64ToBytes;
 exports.bytesToBase64 = bytesToBase64;
+exports.createDelegatedWalletClient = createDelegatedWalletClient;
+exports.delegatedSignMessage = delegatedSignMessage;
 exports.ensureBase64Padding = ensureBase64Padding;
 exports.formatEvmMessage = formatEvmMessage;
 exports.formatMessage = formatMessage;
@@ -1244,6 +1683,7 @@ exports.getMPCSigner = getMPCSigner;
 exports.isHexString = isHexString;
 exports.mergeUniqueKeyShares = mergeUniqueKeyShares;
 exports.retryPromise = retryPromise;
+exports.revokeDelegation = revokeDelegation;
 exports.stringToBytes = stringToBytes;
 Object.keys(core$1).forEach(function (k) {
   if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {