npm - @entros/pulse-sdk - Versions diffs - 3.2.0 → 3.3.0 - Mend

@entros/pulse-sdk 3.2.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.mjs CHANGED Viewed

@@ -2156,12 +2156,6 @@ var entros_anchor_default = {
     spec: "0.1.0",
     description: "Non-transferable identity token for Entros Protocol"
   },
-  docs: [
-    "Mint account space for Token-2022 with NonTransferable extension.",
-    "Base mint = 82 bytes, account type = 1 byte, extension type (2) + length (2) = 4 bytes,",
-    "NonTransferable data = 0 bytes. Plus multisig padding from Token-2022.",
-    "We use a constant derived from the Token-2022 spec."
-  ],
   instructions: [
     {
       name: "authorize_new_wallet",
@@ -3143,6 +3137,132 @@ var entros_anchor_default = {
         }
       ]
     },
+    {
+      name: "set_encrypted_baseline",
+      docs: [
+        "Write or overwrite the caller's encrypted baseline blob.",
+        "",
+        "The blob is opaque to the program \u2014 AES-256-GCM ciphertext of the",
+        "user's previous SimHash plus salt, produced off-chain in the SDK",
+        "under a key derived from a deterministic `signMessage`. The GCM",
+        "auth tag binds the blob to (wallet, this PDA's address, on-chain",
+        "`current_commitment` at encryption time), so a stale blob produced",
+        "before a `reset_identity_state` fails authentication under the new",
+        "commitment and the SDK falls back to a fresh-capture flow.",
+        "",
+        "The program never decrypts the blob \u2014 it only stores opaque bytes.",
+        "Plaintext biometric data never reaches chain at any point.",
+        "",
+        "Guards:",
+        "* Signer must equal the wallet that seeds the EncryptedBaseline",
+        "PDA (enforced by the seeds constraint on the Accounts struct).",
+        '* The caller\'s IdentityState PDA at `[b"identity", signer]` must',
+        "already exist \u2014 pre-mint attempts are rejected with",
+        "`IdentityStateNotFound`. Anchor's seeds constraint validates the",
+        "PDA address; the `data_len() > 0` check confirms initialization."
+      ],
+      discriminator: [
+        10,
+        73,
+        41,
+        36,
+        2,
+        145,
+        87,
+        111
+      ],
+      accounts: [
+        {
+          name: "authority",
+          writable: true,
+          signer: true
+        },
+        {
+          name: "identity_state",
+          docs: [
+            "UncheckedAccount because we only need to verify the IdentityState",
+            "PDA exists at the expected address \u2014 we don't need to deserialize",
+            "its fields. The seeds constraint validates the PDA address."
+          ],
+          pda: {
+            seeds: [
+              {
+                kind: "const",
+                value: [
+                  105,
+                  100,
+                  101,
+                  110,
+                  116,
+                  105,
+                  116,
+                  121
+                ]
+              },
+              {
+                kind: "account",
+                path: "authority"
+              }
+            ]
+          }
+        },
+        {
+          name: "encrypted_baseline",
+          docs: [
+            "The EncryptedBaseline PDA. Created on first call, overwritten on",
+            "subsequent calls. PDA seeds bind to the signer's wallet, so only",
+            "the wallet owner can write to their own baseline."
+          ],
+          writable: true,
+          pda: {
+            seeds: [
+              {
+                kind: "const",
+                value: [
+                  101,
+                  110,
+                  99,
+                  114,
+                  121,
+                  112,
+                  116,
+                  101,
+                  100,
+                  95,
+                  98,
+                  97,
+                  115,
+                  101,
+                  108,
+                  105,
+                  110,
+                  101
+                ]
+              },
+              {
+                kind: "account",
+                path: "authority"
+              }
+            ]
+          }
+        },
+        {
+          name: "system_program",
+          address: "11111111111111111111111111111111"
+        }
+      ],
+      args: [
+        {
+          name: "blob",
+          type: {
+            array: [
+              "u8",
+              96
+            ]
+          }
+        }
+      ]
+    },
     {
       name: "update_anchor",
       docs: [
@@ -3446,6 +3566,19 @@ var entros_anchor_default = {
     }
   ],
   accounts: [
+    {
+      name: "EncryptedBaseline",
+      discriminator: [
+        235,
+        60,
+        246,
+        174,
+        131,
+        9,
+        248,
+        146
+      ]
+    },
     {
       name: "IdentityState",
       discriminator: [
@@ -3500,6 +3633,19 @@ var entros_anchor_default = {
         59
       ]
     },
+    {
+      name: "EncryptedBaselineSet",
+      discriminator: [
+        198,
+        176,
+        56,
+        167,
+        74,
+        225,
+        138,
+        121
+      ]
+    },
     {
       name: "MigrateIdentityEvent",
       discriminator: [
@@ -3624,6 +3770,11 @@ var entros_anchor_default = {
       code: 6021,
       name: "MalformedReceiptMessage",
       msg: "Receipt message has malformed length or layout"
+    },
+    {
+      code: 6022,
+      name: "IdentityStateNotFound",
+      msg: "set_encrypted_baseline called before mint_anchor \u2014 IdentityState PDA does not exist"
     }
   ],
   types: [
@@ -3706,6 +3857,64 @@ var entros_anchor_default = {
         ]
       }
     },
+    {
+      name: "EncryptedBaseline",
+      docs: [
+        "Wallet-keyed encrypted baseline blob, stored at PDA seeds",
+        '`[b"encrypted_baseline", wallet.key().as_ref()]`. Persists the user\'s',
+        "previous SimHash + salt across cache wipes and device changes so the",
+        "Hamming-distance ZK proof can recover its private witnesses on any",
+        "device with the originating wallet.",
+        "",
+        "The blob is opaque ciphertext to the program \u2014 AES-256-GCM produced",
+        "off-chain in the SDK under a key derived from a deterministic",
+        "`signMessage` on a domain-separated payload. The GCM AAD binds the",
+        "blob to (wallet, this PDA's address, current on-chain commitment),",
+        "so a stale blob (post-`reset_identity_state`) fails authentication",
+        "against the new commitment and the SDK falls back to a fresh-capture",
+        "flow.",
+        "",
+        "The program never decrypts the blob \u2014 it only stores opaque bytes.",
+        "Plaintext biometric data never reaches chain at any point."
+      ],
+      type: {
+        kind: "struct",
+        fields: [
+          {
+            name: "blob",
+            docs: [
+              "96-byte versioned ciphertext envelope.",
+              "Layout: version(1) || algo(1) || reserved(2) || iv(12) || ct+tag(80)."
+            ],
+            type: {
+              array: [
+                "u8",
+                96
+              ]
+            }
+          },
+          {
+            name: "bump",
+            docs: [
+              "PDA bump seed."
+            ],
+            type: "u8"
+          }
+        ]
+      }
+    },
+    {
+      name: "EncryptedBaselineSet",
+      type: {
+        kind: "struct",
+        fields: [
+          {
+            name: "owner",
+            type: "pubkey"
+          }
+        ]
+      }
+    },
     {
       name: "IdentityState",
       type: {
@@ -4435,7 +4644,250 @@ async function buildEd25519ReceiptIx(receipt) {
   });
 }
+// src/identity/baseline.ts
+var BLOB_VERSION = 1;
+var ALGORITHM_AES_256_GCM = 1;
+var ENCRYPTED_BASELINE_BLOB_BYTES = 96;
+var IV_BYTES = 12;
+var HEADER_BYTES = 4;
+var PLAINTEXT_BYTES = 64;
+function fingerprintToBytes(bits) {
+  if (bits.length !== 256) {
+    throw new Error(`expected 256-bit fingerprint, got ${bits.length}`);
+  }
+  const out = new Uint8Array(32);
+  for (let i = 0; i < 256; i++) {
+    if (bits[i] === 1) {
+      out[i >> 3] = (out[i >> 3] ?? 0) | 1 << (i & 7);
+    }
+  }
+  return out;
+}
+function bytesToFingerprint(bytes) {
+  if (bytes.length !== 32) {
+    throw new Error(`expected 32 bytes, got ${bytes.length}`);
+  }
+  const bits = new Array(256);
+  for (let i = 0; i < 256; i++) {
+    bits[i] = (bytes[i >> 3] ?? 0) >> (i & 7) & 1;
+  }
+  return bits;
+}
+function bytes32ToBigint(bytes) {
+  if (bytes.length !== 32) {
+    throw new Error(`expected 32 bytes, got ${bytes.length}`);
+  }
+  let val = BigInt(0);
+  for (let i = 0; i < 32; i++) {
+    val = val << BigInt(8) | BigInt(bytes[i] ?? 0);
+  }
+  return val;
+}
+function buildDomainMessage(walletPubkey) {
+  return [
+    "Entros Protocol \u2014 Identity Baseline Key Derivation",
+    "",
+    "By signing this message, you authorize Entros Protocol to derive",
+    "an encryption key for your on-chain identity baseline. This is",
+    "not a transaction.",
+    "",
+    `Wallet: ${walletPubkey.toBase58()}`,
+    "Version: 1",
+    "Domain: entros.io"
+  ].join("\n");
+}
+async function deriveEncryptedBaselinePda(walletPubkey) {
+  const { PublicKey: PK } = await import("@solana/web3.js");
+  const programId = new PK(PROGRAM_IDS.entrosAnchor);
+  return PK.findProgramAddressSync(
+    [new TextEncoder().encode("encrypted_baseline"), walletPubkey.toBuffer()],
+    programId
+  );
+}
+async function deriveBaselineKey(wallet) {
+  if (typeof wallet.signMessage !== "function") {
+    throw new Error("wallet does not support signMessage");
+  }
+  const message = buildDomainMessage(wallet.publicKey);
+  const signature = await wallet.signMessage(new TextEncoder().encode(message));
+  if (!(signature instanceof Uint8Array) || signature.length !== 64) {
+    throw new Error(
+      `expected 64-byte Ed25519 signature, got ${signature?.length ?? "non-Uint8Array"}`
+    );
+  }
+  const ikm = await crypto.subtle.importKey(
+    "raw",
+    signature,
+    "HKDF",
+    false,
+    ["deriveBits"]
+  );
+  const bits = await crypto.subtle.deriveBits(
+    {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: wallet.publicKey.toBytes(),
+      info: new TextEncoder().encode("entros-protocol/identity-baseline/v1")
+    },
+    ikm,
+    256
+  );
+  return crypto.subtle.importKey(
+    "raw",
+    bits,
+    { name: "AES-GCM" },
+    false,
+    ["encrypt", "decrypt"]
+  );
+}
+var baselineKeyCache = /* @__PURE__ */ new Map();
+async function getOrDeriveBaselineKey(wallet) {
+  const pubkeyBase58 = wallet.publicKey.toBase58();
+  const cached = baselineKeyCache.get(pubkeyBase58);
+  if (cached) return cached;
+  const pending = (async () => {
+    try {
+      return await deriveBaselineKey(wallet);
+    } catch (err) {
+      baselineKeyCache.delete(pubkeyBase58);
+      throw err;
+    }
+  })();
+  baselineKeyCache.set(pubkeyBase58, pending);
+  return pending;
+}
+function clearBaselineKeyCache() {
+  baselineKeyCache.clear();
+}
+function buildAAD(walletPubkey, baselinePda, commitment) {
+  if (commitment.length !== 32) {
+    throw new Error(`commitment must be 32 bytes, got ${commitment.length}`);
+  }
+  const aad = new Uint8Array(98);
+  aad[0] = BLOB_VERSION;
+  aad[1] = ALGORITHM_AES_256_GCM;
+  aad.set(walletPubkey.toBytes(), 2);
+  aad.set(baselinePda.toBytes(), 34);
+  aad.set(commitment, 66);
+  return aad;
+}
+async function encryptBaselineBlob(simhash2, salt, key, walletPubkey, baselinePda, commitment) {
+  if (simhash2.length !== 32) {
+    throw new Error(`simhash must be 32 bytes, got ${simhash2.length}`);
+  }
+  if (salt.length !== 32) {
+    throw new Error(`salt must be 32 bytes, got ${salt.length}`);
+  }
+  const plaintext = new Uint8Array(PLAINTEXT_BYTES);
+  plaintext.set(simhash2, 0);
+  plaintext.set(salt, 32);
+  const iv = crypto.getRandomValues(new Uint8Array(IV_BYTES));
+  const aad = buildAAD(walletPubkey, baselinePda, commitment);
+  const ciphertextWithTag = new Uint8Array(
+    await crypto.subtle.encrypt(
+      {
+        name: "AES-GCM",
+        iv,
+        additionalData: aad
+      },
+      key,
+      plaintext
+    )
+  );
+  const blob = new Uint8Array(ENCRYPTED_BASELINE_BLOB_BYTES);
+  blob[0] = BLOB_VERSION;
+  blob[1] = ALGORITHM_AES_256_GCM;
+  blob.set(iv, HEADER_BYTES);
+  blob.set(ciphertextWithTag, HEADER_BYTES + IV_BYTES);
+  return blob;
+}
+var StaleEncryptedBaselineError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "StaleEncryptedBaselineError";
+  }
+};
+async function decryptBaselineBlob(blob, key, walletPubkey, baselinePda, commitment) {
+  if (commitment.length !== 32) {
+    throw new Error(`commitment must be 32 bytes, got ${commitment.length}`);
+  }
+  if (blob.length !== ENCRYPTED_BASELINE_BLOB_BYTES) {
+    throw new Error(
+      `blob must be ${ENCRYPTED_BASELINE_BLOB_BYTES} bytes, got ${blob.length}`
+    );
+  }
+  if (blob[0] !== BLOB_VERSION) {
+    throw new Error(`unsupported blob version: ${blob[0]}`);
+  }
+  if (blob[1] !== ALGORITHM_AES_256_GCM) {
+    throw new Error(`unsupported algorithm id: ${blob[1]}`);
+  }
+  const iv = blob.slice(HEADER_BYTES, HEADER_BYTES + IV_BYTES);
+  const ciphertextWithTag = blob.slice(
+    HEADER_BYTES + IV_BYTES,
+    ENCRYPTED_BASELINE_BLOB_BYTES
+  );
+  const aad = buildAAD(walletPubkey, baselinePda, commitment);
+  let plaintext;
+  try {
+    plaintext = await crypto.subtle.decrypt(
+      {
+        name: "AES-GCM",
+        iv,
+        additionalData: aad
+      },
+      key,
+      ciphertextWithTag
+    );
+  } catch (err) {
+    if (err instanceof Error && err.name === "OperationError") {
+      throw new StaleEncryptedBaselineError(
+        "encrypted baseline auth-tag verification failed \u2014 blob is stale or AAD does not match"
+      );
+    }
+    throw err;
+  }
+  const bytes = new Uint8Array(plaintext);
+  return {
+    simhash: bytes.slice(0, 32),
+    salt: bytes.slice(32, 64)
+  };
+}
+async function fetchEncryptedBaseline(walletPubkey, connection) {
+  const [baselinePda] = await deriveEncryptedBaselinePda(walletPubkey);
+  const accountInfo = await connection.getAccountInfo(baselinePda);
+  if (!accountInfo) return null;
+  const raw = accountInfo.data instanceof Uint8Array ? accountInfo.data : new Uint8Array(accountInfo.data);
+  if (raw.length < 8 + ENCRYPTED_BASELINE_BLOB_BYTES + 1) {
+    return null;
+  }
+  return raw.slice(8, 8 + ENCRYPTED_BASELINE_BLOB_BYTES);
+}
 // src/submit/wallet.ts
+async function buildSetEncryptedBaselineIx(anchorProgram, walletPubkey, blob) {
+  if (blob.length !== ENCRYPTED_BASELINE_BLOB_BYTES) {
+    throw new Error(
+      `encrypted baseline blob must be ${ENCRYPTED_BASELINE_BLOB_BYTES} bytes, got ${blob.length}`
+    );
+  }
+  const { PublicKey, SystemProgram } = await import("@solana/web3.js");
+  const programId = new PublicKey(PROGRAM_IDS.entrosAnchor);
+  const [identityPda] = PublicKey.findProgramAddressSync(
+    [new TextEncoder().encode("identity"), walletPubkey.toBuffer()],
+    programId
+  );
+  const [encryptedBaselinePda] = PublicKey.findProgramAddressSync(
+    [new TextEncoder().encode("encrypted_baseline"), walletPubkey.toBuffer()],
+    programId
+  );
+  return anchorProgram.methods.setEncryptedBaseline(Array.from(blob)).accounts({
+    authority: walletPubkey,
+    identityState: identityPda,
+    encryptedBaseline: encryptedBaselinePda,
+    systemProgram: SystemProgram.programId
+  }).instruction();
+}
 async function confirmAndCheck(connection, signature) {
   if (!signature) {
     throw new Error("confirmAndCheck called without a transaction signature");
@@ -4622,10 +5074,19 @@ async function submitViaWallet(proof, commitment, options) {
         systemProgram: SystemProgram.programId
       }).instruction();
       const tx = new Transaction();
-      tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: 25e4 }));
+      const computeUnitLimit = options.encryptedBaselineBlob ? 3e5 : 25e4;
+      tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: computeUnitLimit }));
       tx.add(createChallengeIx);
       tx.add(verifyProofIx);
       tx.add(updateAnchorIx);
+      if (options.encryptedBaselineBlob) {
+        const setBaselineIx = await buildSetEncryptedBaselineIx(
+          anchorProgram,
+          provider.wallet.publicKey,
+          options.encryptedBaselineBlob
+        );
+        tx.add(setBaselineIx);
+      }
       tx.feePayer = provider.wallet.publicKey;
       tx.recentBlockhash = (await options.connection.getLatestBlockhash("confirmed")).blockhash;
       txSig = await options.wallet.sendTransaction(tx, options.connection, {
@@ -4701,9 +5162,18 @@ async function submitViaWallet(proof, commitment, options) {
         );
       }
       const tx = new Transaction();
-      tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: 2e5 }));
+      const computeUnitLimit = options.encryptedBaselineBlob ? 25e4 : 2e5;
+      tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: computeUnitLimit }));
       if (ed25519Ix) tx.add(ed25519Ix);
       tx.add(mintAnchorIx);
+      if (options.encryptedBaselineBlob) {
+        const setBaselineIx = await buildSetEncryptedBaselineIx(
+          anchorProgram,
+          provider.wallet.publicKey,
+          options.encryptedBaselineBlob
+        );
+        tx.add(setBaselineIx);
+      }
       tx.feePayer = provider.wallet.publicKey;
       tx.recentBlockhash = (await options.connection.getLatestBlockhash("confirmed")).blockhash;
       txSig = await options.wallet.sendTransaction(tx, options.connection, {
@@ -4758,8 +5228,16 @@ async function submitResetViaWallet(commitment, options) {
       systemProgram: SystemProgram.programId
     }).instruction();
     const tx = new Transaction();
-    tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: 15e4 }));
+    tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: 2e5 }));
     tx.add(resetIx);
+    if (options.encryptedBaselineBlob) {
+      const setBaselineIx = await buildSetEncryptedBaselineIx(
+        anchorProgram,
+        provider.wallet.publicKey,
+        options.encryptedBaselineBlob
+      );
+      tx.add(setBaselineIx);
+    }
     tx.feePayer = provider.wallet.publicKey;
     tx.recentBlockhash = (await options.connection.getLatestBlockhash("confirmed")).blockhash;
     const txSig = await options.wallet.sendTransaction(
@@ -5074,6 +5552,65 @@ async function loadVerificationData() {
     return inMemoryStore;
   }
 }
+async function recoverBaselineFromChain(wallet, connection) {
+  try {
+    const identity = await fetchIdentityState(
+      wallet.publicKey.toBase58(),
+      connection
+    );
+    if (!identity) {
+      return { recovered: false, reason: "no-on-chain-identity" };
+    }
+    const blob = await fetchEncryptedBaseline(wallet.publicKey, connection);
+    if (!blob) {
+      return { recovered: false, reason: "no-encrypted-baseline" };
+    }
+    let key;
+    try {
+      key = await getOrDeriveBaselineKey(wallet);
+    } catch (err) {
+      const detail = err instanceof Error ? err.message : String(err);
+      return {
+        recovered: false,
+        reason: "signing-unavailable",
+        detail
+      };
+    }
+    const [baselinePda] = await deriveEncryptedBaselinePda(wallet.publicKey);
+    let plaintext;
+    try {
+      plaintext = await decryptBaselineBlob(
+        blob,
+        key,
+        wallet.publicKey,
+        baselinePda,
+        identity.currentCommitment
+      );
+    } catch (err) {
+      if (err instanceof StaleEncryptedBaselineError) {
+        return { recovered: false, reason: "stale-baseline" };
+      }
+      const detail = err instanceof Error ? err.message : String(err);
+      return { recovered: false, reason: "unknown-error", detail };
+    }
+    const fingerprint = bytesToFingerprint(plaintext.simhash);
+    const saltBigint = bytes32ToBigint(plaintext.salt);
+    const commitmentBigint = bytes32ToBigint(identity.currentCommitment);
+    await storeVerificationData({
+      fingerprint,
+      salt: saltBigint.toString(),
+      commitment: commitmentBigint.toString(),
+      timestamp: identity.lastVerificationTimestamp > 0 ? identity.lastVerificationTimestamp * 1e3 : Date.now()
+    });
+    sdkLog(
+      "[Entros SDK] Recovered local baseline from on-chain EncryptedBaseline PDA"
+    );
+    return { recovered: true };
+  } catch (err) {
+    const detail = err instanceof Error ? err.message : String(err);
+    return { recovered: false, reason: "unknown-error", detail };
+  }
+}
 // src/pulse.ts
 async function extractFeatures(data) {
@@ -5184,6 +5721,41 @@ async function extractFingerprintAndValidate(sensorData, config, walletAddress,
   }
   return { ok: true, features, f0Contour, accelMagnitude, fingerprint, tbh, signedReceipt };
 }
+function resolveBaselineWallet(wallet) {
+  if (!wallet) return null;
+  const adapter = wallet.adapter ?? wallet;
+  if (!adapter?.publicKey || typeof adapter.signMessage !== "function") {
+    return null;
+  }
+  return {
+    publicKey: adapter.publicKey,
+    signMessage: adapter.signMessage.bind(adapter)
+  };
+}
+async function buildEncryptedBaselineBlobBestEffort(wallet, fingerprint, salt, commitmentBytes) {
+  const baselineWallet = resolveBaselineWallet(wallet);
+  if (!baselineWallet) return void 0;
+  try {
+    const key = await getOrDeriveBaselineKey(baselineWallet);
+    const [baselinePda] = await deriveEncryptedBaselinePda(baselineWallet.publicKey);
+    const simhashBytes = fingerprintToBytes(fingerprint);
+    const saltBytes = bigintToBytes32(salt);
+    return await encryptBaselineBlob(
+      simhashBytes,
+      saltBytes,
+      key,
+      baselineWallet.publicKey,
+      baselinePda,
+      commitmentBytes
+    );
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    sdkWarn(
+      `[Entros SDK] Encrypted-baseline build skipped (cross-device recovery unavailable this session): ${msg}`
+    );
+    return void 0;
+  }
+}
 async function processSensorData(sensorData, config, wallet, connection, onProgress) {
   const audioSamples = sensorData.audio?.samples.length ?? 0;
   const motionSamples = sensorData.motion.length;
@@ -5255,7 +5827,7 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
   }
   const { fingerprint, tbh, features, signedReceipt } = extraction;
   let isFirstVerification;
-  const previousData = await loadVerificationData();
+  let previousData = await loadVerificationData();
   if (wallet && connection) {
     const walletPubkey = wallet.adapter?.publicKey ?? wallet.publicKey;
     if (walletPubkey) {
@@ -5277,6 +5849,21 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
   } else {
     isFirstVerification = !previousData;
   }
+  if (!isFirstVerification && !previousData && wallet && connection) {
+    const baselineWallet = resolveBaselineWallet(wallet);
+    if (baselineWallet) {
+      onProgress?.("Recovering baseline from chain...");
+      const recovery = await recoverBaselineFromChain(baselineWallet, connection);
+      if (recovery.recovered) {
+        previousData = await loadVerificationData();
+        sdkLog("[Entros SDK] On-chain encrypted baseline recovered");
+      } else {
+        sdkLog(
+          `[Entros SDK] On-chain encrypted baseline recovery not available (${recovery.reason ?? "unknown"})`
+        );
+      }
+    }
+  }
   if (!isFirstVerification && !previousData) {
     return {
       success: false,
@@ -5342,6 +5929,12 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
   onProgress?.("Submitting to Solana...");
   let submission;
   if (wallet && connection) {
+    const encryptedBaselineBlob = await buildEncryptedBaselineBlobBestEffort(
+      wallet,
+      tbh.fingerprint,
+      tbh.salt,
+      tbh.commitmentBytes
+    );
     if (isFirstVerification) {
       submission = await submitViaWallet(
         solanaProof ?? { proofBytes: new Uint8Array(0), publicInputs: [] },
@@ -5352,7 +5945,8 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
           isFirstVerification: true,
           relayerUrl: config.relayerUrl,
           relayerApiKey: config.relayerApiKey,
-          signedReceipt
+          signedReceipt,
+          encryptedBaselineBlob
         }
       );
     } else {
@@ -5361,7 +5955,8 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
         connection,
         isFirstVerification: false,
         relayerUrl: config.relayerUrl,
-        relayerApiKey: config.relayerApiKey
+        relayerApiKey: config.relayerApiKey,
+        encryptedBaselineBlob
       });
     }
   } else if (config.relayerUrl) {
@@ -5443,12 +6038,19 @@ async function processResetSensorData(sensorData, config, wallet, connection, on
     };
   }
   const { tbh } = extraction;
+  const encryptedBaselineBlob = await buildEncryptedBaselineBlobBestEffort(
+    wallet,
+    tbh.fingerprint,
+    tbh.salt,
+    tbh.commitmentBytes
+  );
   onProgress?.("Submitting reset to Solana...");
   const submission = await submitResetViaWallet(tbh.commitmentBytes, {
     wallet,
     connection,
     relayerUrl: config.relayerUrl,
-    relayerApiKey: config.relayerApiKey
+    relayerApiKey: config.relayerApiKey,
+    encryptedBaselineBlob
   });
   if (submission.success) {
     try {
@@ -6335,6 +6937,7 @@ export {
   DEFAULT_CAPTURE_MS,
   DEFAULT_MIN_DISTANCE,
   DEFAULT_THRESHOLD,
+  ENCRYPTED_BASELINE_BLOB_BYTES,
   FINGERPRINT_BITS,
   MAX_CAPTURE_MS,
   MIN_AUDIO_SAMPLES,
@@ -6346,11 +6949,19 @@ export {
   PulseSDK,
   PulseSession,
   SPEAKER_FEATURE_COUNT,
+  StaleEncryptedBaselineError,
   TOUCH_FEATURE_COUNT,
   attestAgentOperator,
   bigintToBytes32,
+  bytes32ToBigint,
+  bytesToFingerprint,
+  clearBaselineKeyCache,
   computeCommitment,
+  decryptBaselineBlob,
+  deriveBaselineKey,
+  deriveEncryptedBaselinePda,
   encodeAudioAsBase64,
+  encryptBaselineBlob,
   extractAccelerationMagnitude,
   extractMotionFeatures,
   extractMouseDynamics,
@@ -6358,7 +6969,9 @@ export {
   extractSpeakerFeaturesDetailed,
   extractTouchFeatures,
   fetchChallenge,
+  fetchEncryptedBaseline,
   fetchIdentityState,
+  fingerprintToBytes,
   fuseFeatures,
   fuseRawFeatures,
   generateLissajousPoints,
@@ -6370,11 +6983,13 @@ export {
   generateSolanaProof,
   generateTBH,
   getAgentHumanOperator,
+  getOrDeriveBaselineKey,
   hammingDistance,
   loadVerificationData,
   packBits,
   prepareCircuitInput,
   randomLissajousParams,
+  recoverBaselineFromChain,
   serializeProof,
   simhash,
   storeVerificationData,