@entros/pulse-sdk 3.2.0 → 3.3.1

package/dist/index.js

@@ -33,6 +33,7 @@ __export(index_exports, {
   DEFAULT_CAPTURE_MS: () => DEFAULT_CAPTURE_MS,
   DEFAULT_MIN_DISTANCE: () => DEFAULT_MIN_DISTANCE,
   DEFAULT_THRESHOLD: () => DEFAULT_THRESHOLD,
+  ENCRYPTED_BASELINE_BLOB_BYTES: () => ENCRYPTED_BASELINE_BLOB_BYTES,
   FINGERPRINT_BITS: () => FINGERPRINT_BITS,
   MAX_CAPTURE_MS: () => MAX_CAPTURE_MS,
   MIN_AUDIO_SAMPLES: () => MIN_AUDIO_SAMPLES,
@@ -44,11 +45,19 @@ __export(index_exports, {
   PulseSDK: () => PulseSDK,
   PulseSession: () => PulseSession,
   SPEAKER_FEATURE_COUNT: () => SPEAKER_FEATURE_COUNT,
+  StaleEncryptedBaselineError: () => StaleEncryptedBaselineError,
   TOUCH_FEATURE_COUNT: () => TOUCH_FEATURE_COUNT,
   attestAgentOperator: () => attestAgentOperator,
   bigintToBytes32: () => bigintToBytes32,
+  bytes32ToBigint: () => bytes32ToBigint,
+  bytesToFingerprint: () => bytesToFingerprint,
+  clearBaselineKeyCache: () => clearBaselineKeyCache,
   computeCommitment: () => computeCommitment,
+  decryptBaselineBlob: () => decryptBaselineBlob,
+  deriveBaselineKey: () => deriveBaselineKey,
+  deriveEncryptedBaselinePda: () => deriveEncryptedBaselinePda,
   encodeAudioAsBase64: () => encodeAudioAsBase64,
+  encryptBaselineBlob: () => encryptBaselineBlob,
   extractAccelerationMagnitude: () => extractAccelerationMagnitude,
   extractMotionFeatures: () => extractMotionFeatures,
   extractMouseDynamics: () => extractMouseDynamics,
@@ -56,7 +65,9 @@ __export(index_exports, {
   extractSpeakerFeaturesDetailed: () => extractSpeakerFeaturesDetailed,
   extractTouchFeatures: () => extractTouchFeatures,
   fetchChallenge: () => fetchChallenge,
+  fetchEncryptedBaseline: () => fetchEncryptedBaseline,
   fetchIdentityState: () => fetchIdentityState,
+  fingerprintToBytes: () => fingerprintToBytes,
   fuseFeatures: () => fuseFeatures,
   fuseRawFeatures: () => fuseRawFeatures,
   generateLissajousPoints: () => generateLissajousPoints,
@@ -68,11 +79,13 @@ __export(index_exports, {
   generateSolanaProof: () => generateSolanaProof,
   generateTBH: () => generateTBH,
   getAgentHumanOperator: () => getAgentHumanOperator,
+  getOrDeriveBaselineKey: () => getOrDeriveBaselineKey,
   hammingDistance: () => hammingDistance,
   loadVerificationData: () => loadVerificationData,
   packBits: () => packBits,
   prepareCircuitInput: () => prepareCircuitInput,
   randomLissajousParams: () => randomLissajousParams,
+  recoverBaselineFromChain: () => recoverBaselineFromChain,
   serializeProof: () => serializeProof,
   simhash: () => simhash,
   storeVerificationData: () => storeVerificationData,
@@ -2242,12 +2255,6 @@ var entros_anchor_default = {
     spec: "0.1.0",
     description: "Non-transferable identity token for Entros Protocol"
   },
-  docs: [
-    "Mint account space for Token-2022 with NonTransferable extension.",
-    "Base mint = 82 bytes, account type = 1 byte, extension type (2) + length (2) = 4 bytes,",
-    "NonTransferable data = 0 bytes. Plus multisig padding from Token-2022.",
-    "We use a constant derived from the Token-2022 spec."
-  ],
   instructions: [
     {
       name: "authorize_new_wallet",
@@ -3229,6 +3236,132 @@ var entros_anchor_default = {
         }
       ]
     },
+    {
+      name: "set_encrypted_baseline",
+      docs: [
+        "Write or overwrite the caller's encrypted baseline blob.",
+        "",
+        "The blob is opaque to the program \u2014 AES-256-GCM ciphertext of the",
+        "user's previous SimHash plus salt, produced off-chain in the SDK",
+        "under a key derived from a deterministic `signMessage`. The GCM",
+        "auth tag binds the blob to (wallet, this PDA's address, on-chain",
+        "`current_commitment` at encryption time), so a stale blob produced",
+        "before a `reset_identity_state` fails authentication under the new",
+        "commitment and the SDK falls back to a fresh-capture flow.",
+        "",
+        "The program never decrypts the blob \u2014 it only stores opaque bytes.",
+        "Plaintext biometric data never reaches chain at any point.",
+        "",
+        "Guards:",
+        "* Signer must equal the wallet that seeds the EncryptedBaseline",
+        "PDA (enforced by the seeds constraint on the Accounts struct).",
+        '* The caller\'s IdentityState PDA at `[b"identity", signer]` must',
+        "already exist \u2014 pre-mint attempts are rejected with",
+        "`IdentityStateNotFound`. Anchor's seeds constraint validates the",
+        "PDA address; the `data_len() > 0` check confirms initialization."
+      ],
+      discriminator: [
+        10,
+        73,
+        41,
+        36,
+        2,
+        145,
+        87,
+        111
+      ],
+      accounts: [
+        {
+          name: "authority",
+          writable: true,
+          signer: true
+        },
+        {
+          name: "identity_state",
+          docs: [
+            "UncheckedAccount because we only need to verify the IdentityState",
+            "PDA exists at the expected address \u2014 we don't need to deserialize",
+            "its fields. The seeds constraint validates the PDA address."
+          ],
+          pda: {
+            seeds: [
+              {
+                kind: "const",
+                value: [
+                  105,
+                  100,
+                  101,
+                  110,
+                  116,
+                  105,
+                  116,
+                  121
+                ]
+              },
+              {
+                kind: "account",
+                path: "authority"
+              }
+            ]
+          }
+        },
+        {
+          name: "encrypted_baseline",
+          docs: [
+            "The EncryptedBaseline PDA. Created on first call, overwritten on",
+            "subsequent calls. PDA seeds bind to the signer's wallet, so only",
+            "the wallet owner can write to their own baseline."
+          ],
+          writable: true,
+          pda: {
+            seeds: [
+              {
+                kind: "const",
+                value: [
+                  101,
+                  110,
+                  99,
+                  114,
+                  121,
+                  112,
+                  116,
+                  101,
+                  100,
+                  95,
+                  98,
+                  97,
+                  115,
+                  101,
+                  108,
+                  105,
+                  110,
+                  101
+                ]
+              },
+              {
+                kind: "account",
+                path: "authority"
+              }
+            ]
+          }
+        },
+        {
+          name: "system_program",
+          address: "11111111111111111111111111111111"
+        }
+      ],
+      args: [
+        {
+          name: "blob",
+          type: {
+            array: [
+              "u8",
+              96
+            ]
+          }
+        }
+      ]
+    },
     {
       name: "update_anchor",
       docs: [
@@ -3532,6 +3665,19 @@ var entros_anchor_default = {
     }
   ],
   accounts: [
+    {
+      name: "EncryptedBaseline",
+      discriminator: [
+        235,
+        60,
+        246,
+        174,
+        131,
+        9,
+        248,
+        146
+      ]
+    },
     {
       name: "IdentityState",
       discriminator: [
@@ -3586,6 +3732,19 @@ var entros_anchor_default = {
         59
       ]
     },
+    {
+      name: "EncryptedBaselineSet",
+      discriminator: [
+        198,
+        176,
+        56,
+        167,
+        74,
+        225,
+        138,
+        121
+      ]
+    },
     {
       name: "MigrateIdentityEvent",
       discriminator: [
@@ -3710,6 +3869,11 @@ var entros_anchor_default = {
       code: 6021,
       name: "MalformedReceiptMessage",
       msg: "Receipt message has malformed length or layout"
+    },
+    {
+      code: 6022,
+      name: "IdentityStateNotFound",
+      msg: "set_encrypted_baseline called before mint_anchor \u2014 IdentityState PDA does not exist"
     }
   ],
   types: [
@@ -3792,6 +3956,64 @@ var entros_anchor_default = {
         ]
       }
     },
+    {
+      name: "EncryptedBaseline",
+      docs: [
+        "Wallet-keyed encrypted baseline blob, stored at PDA seeds",
+        '`[b"encrypted_baseline", wallet.key().as_ref()]`. Persists the user\'s',
+        "previous SimHash + salt across cache wipes and device changes so the",
+        "Hamming-distance ZK proof can recover its private witnesses on any",
+        "device with the originating wallet.",
+        "",
+        "The blob is opaque ciphertext to the program \u2014 AES-256-GCM produced",
+        "off-chain in the SDK under a key derived from a deterministic",
+        "`signMessage` on a domain-separated payload. The GCM AAD binds the",
+        "blob to (wallet, this PDA's address, current on-chain commitment),",
+        "so a stale blob (post-`reset_identity_state`) fails authentication",
+        "against the new commitment and the SDK falls back to a fresh-capture",
+        "flow.",
+        "",
+        "The program never decrypts the blob \u2014 it only stores opaque bytes.",
+        "Plaintext biometric data never reaches chain at any point."
+      ],
+      type: {
+        kind: "struct",
+        fields: [
+          {
+            name: "blob",
+            docs: [
+              "96-byte versioned ciphertext envelope.",
+              "Layout: version(1) || algo(1) || reserved(2) || iv(12) || ct+tag(80)."
+            ],
+            type: {
+              array: [
+                "u8",
+                96
+              ]
+            }
+          },
+          {
+            name: "bump",
+            docs: [
+              "PDA bump seed."
+            ],
+            type: "u8"
+          }
+        ]
+      }
+    },
+    {
+      name: "EncryptedBaselineSet",
+      type: {
+        kind: "struct",
+        fields: [
+          {
+            name: "owner",
+            type: "pubkey"
+          }
+        ]
+      }
+    },
     {
       name: "IdentityState",
       type: {
@@ -4521,7 +4743,250 @@ async function buildEd25519ReceiptIx(receipt) {
   });
 }
 
+// src/identity/baseline.ts
+var BLOB_VERSION = 1;
+var ALGORITHM_AES_256_GCM = 1;
+var ENCRYPTED_BASELINE_BLOB_BYTES = 96;
+var IV_BYTES = 12;
+var HEADER_BYTES = 4;
+var PLAINTEXT_BYTES = 64;
+function fingerprintToBytes(bits) {
+  if (bits.length !== 256) {
+    throw new Error(`expected 256-bit fingerprint, got ${bits.length}`);
+  }
+  const out = new Uint8Array(32);
+  for (let i = 0; i < 256; i++) {
+    if (bits[i] === 1) {
+      out[i >> 3] = (out[i >> 3] ?? 0) | 1 << (i & 7);
+    }
+  }
+  return out;
+}
+function bytesToFingerprint(bytes) {
+  if (bytes.length !== 32) {
+    throw new Error(`expected 32 bytes, got ${bytes.length}`);
+  }
+  const bits = new Array(256);
+  for (let i = 0; i < 256; i++) {
+    bits[i] = (bytes[i >> 3] ?? 0) >> (i & 7) & 1;
+  }
+  return bits;
+}
+function bytes32ToBigint(bytes) {
+  if (bytes.length !== 32) {
+    throw new Error(`expected 32 bytes, got ${bytes.length}`);
+  }
+  let val = BigInt(0);
+  for (let i = 0; i < 32; i++) {
+    val = val << BigInt(8) | BigInt(bytes[i] ?? 0);
+  }
+  return val;
+}
+function buildDomainMessage(walletPubkey) {
+  return [
+    "Entros Protocol \u2014 Identity Baseline Key Derivation",
+    "",
+    "By signing this message, you authorize Entros Protocol to derive",
+    "an encryption key for your on-chain identity baseline. This is",
+    "not a transaction.",
+    "",
+    `Wallet: ${walletPubkey.toBase58()}`,
+    "Version: 1",
+    "Domain: entros.io"
+  ].join("\n");
+}
+async function deriveEncryptedBaselinePda(walletPubkey) {
+  const { PublicKey: PK } = await import("@solana/web3.js");
+  const programId = new PK(PROGRAM_IDS.entrosAnchor);
+  return PK.findProgramAddressSync(
+    [new TextEncoder().encode("encrypted_baseline"), walletPubkey.toBuffer()],
+    programId
+  );
+}
+async function deriveBaselineKey(wallet) {
+  if (typeof wallet.signMessage !== "function") {
+    throw new Error("wallet does not support signMessage");
+  }
+  const message = buildDomainMessage(wallet.publicKey);
+  const signature = await wallet.signMessage(new TextEncoder().encode(message));
+  if (!(signature instanceof Uint8Array) || signature.length !== 64) {
+    throw new Error(
+      `expected 64-byte Ed25519 signature, got ${signature?.length ?? "non-Uint8Array"}`
+    );
+  }
+  const ikm = await crypto.subtle.importKey(
+    "raw",
+    signature,
+    "HKDF",
+    false,
+    ["deriveBits"]
+  );
+  const bits = await crypto.subtle.deriveBits(
+    {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: wallet.publicKey.toBytes(),
+      info: new TextEncoder().encode("entros-protocol/identity-baseline/v1")
+    },
+    ikm,
+    256
+  );
+  return crypto.subtle.importKey(
+    "raw",
+    bits,
+    { name: "AES-GCM" },
+    false,
+    ["encrypt", "decrypt"]
+  );
+}
+var baselineKeyCache = /* @__PURE__ */ new Map();
+async function getOrDeriveBaselineKey(wallet) {
+  const pubkeyBase58 = wallet.publicKey.toBase58();
+  const cached = baselineKeyCache.get(pubkeyBase58);
+  if (cached) return cached;
+  const pending = (async () => {
+    try {
+      return await deriveBaselineKey(wallet);
+    } catch (err) {
+      baselineKeyCache.delete(pubkeyBase58);
+      throw err;
+    }
+  })();
+  baselineKeyCache.set(pubkeyBase58, pending);
+  return pending;
+}
+function clearBaselineKeyCache() {
+  baselineKeyCache.clear();
+}
+function buildAAD(walletPubkey, baselinePda, commitment) {
+  if (commitment.length !== 32) {
+    throw new Error(`commitment must be 32 bytes, got ${commitment.length}`);
+  }
+  const aad = new Uint8Array(98);
+  aad[0] = BLOB_VERSION;
+  aad[1] = ALGORITHM_AES_256_GCM;
+  aad.set(walletPubkey.toBytes(), 2);
+  aad.set(baselinePda.toBytes(), 34);
+  aad.set(commitment, 66);
+  return aad;
+}
+async function encryptBaselineBlob(simhash2, salt, key, walletPubkey, baselinePda, commitment) {
+  if (simhash2.length !== 32) {
+    throw new Error(`simhash must be 32 bytes, got ${simhash2.length}`);
+  }
+  if (salt.length !== 32) {
+    throw new Error(`salt must be 32 bytes, got ${salt.length}`);
+  }
+  const plaintext = new Uint8Array(PLAINTEXT_BYTES);
+  plaintext.set(simhash2, 0);
+  plaintext.set(salt, 32);
+  const iv = crypto.getRandomValues(new Uint8Array(IV_BYTES));
+  const aad = buildAAD(walletPubkey, baselinePda, commitment);
+  const ciphertextWithTag = new Uint8Array(
+    await crypto.subtle.encrypt(
+      {
+        name: "AES-GCM",
+        iv,
+        additionalData: aad
+      },
+      key,
+      plaintext
+    )
+  );
+  const blob = new Uint8Array(ENCRYPTED_BASELINE_BLOB_BYTES);
+  blob[0] = BLOB_VERSION;
+  blob[1] = ALGORITHM_AES_256_GCM;
+  blob.set(iv, HEADER_BYTES);
+  blob.set(ciphertextWithTag, HEADER_BYTES + IV_BYTES);
+  return blob;
+}
+var StaleEncryptedBaselineError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "StaleEncryptedBaselineError";
+  }
+};
+async function decryptBaselineBlob(blob, key, walletPubkey, baselinePda, commitment) {
+  if (commitment.length !== 32) {
+    throw new Error(`commitment must be 32 bytes, got ${commitment.length}`);
+  }
+  if (blob.length !== ENCRYPTED_BASELINE_BLOB_BYTES) {
+    throw new Error(
+      `blob must be ${ENCRYPTED_BASELINE_BLOB_BYTES} bytes, got ${blob.length}`
+    );
+  }
+  if (blob[0] !== BLOB_VERSION) {
+    throw new Error(`unsupported blob version: ${blob[0]}`);
+  }
+  if (blob[1] !== ALGORITHM_AES_256_GCM) {
+    throw new Error(`unsupported algorithm id: ${blob[1]}`);
+  }
+  const iv = blob.slice(HEADER_BYTES, HEADER_BYTES + IV_BYTES);
+  const ciphertextWithTag = blob.slice(
+    HEADER_BYTES + IV_BYTES,
+    ENCRYPTED_BASELINE_BLOB_BYTES
+  );
+  const aad = buildAAD(walletPubkey, baselinePda, commitment);
+  let plaintext;
+  try {
+    plaintext = await crypto.subtle.decrypt(
+      {
+        name: "AES-GCM",
+        iv,
+        additionalData: aad
+      },
+      key,
+      ciphertextWithTag
+    );
+  } catch (err) {
+    if (err instanceof Error && err.name === "OperationError") {
+      throw new StaleEncryptedBaselineError(
+        "encrypted baseline auth-tag verification failed \u2014 blob is stale or AAD does not match"
+      );
+    }
+    throw err;
+  }
+  const bytes = new Uint8Array(plaintext);
+  return {
+    simhash: bytes.slice(0, 32),
+    salt: bytes.slice(32, 64)
+  };
+}
+async function fetchEncryptedBaseline(walletPubkey, connection) {
+  const [baselinePda] = await deriveEncryptedBaselinePda(walletPubkey);
+  const accountInfo = await connection.getAccountInfo(baselinePda);
+  if (!accountInfo) return null;
+  const raw = accountInfo.data instanceof Uint8Array ? accountInfo.data : new Uint8Array(accountInfo.data);
+  if (raw.length < 8 + ENCRYPTED_BASELINE_BLOB_BYTES + 1) {
+    return null;
+  }
+  return raw.slice(8, 8 + ENCRYPTED_BASELINE_BLOB_BYTES);
+}
+
 // src/submit/wallet.ts
+async function buildSetEncryptedBaselineIx(anchorProgram, walletPubkey, blob) {
+  if (blob.length !== ENCRYPTED_BASELINE_BLOB_BYTES) {
+    throw new Error(
+      `encrypted baseline blob must be ${ENCRYPTED_BASELINE_BLOB_BYTES} bytes, got ${blob.length}`
+    );
+  }
+  const { PublicKey, SystemProgram } = await import("@solana/web3.js");
+  const programId = new PublicKey(PROGRAM_IDS.entrosAnchor);
+  const [identityPda] = PublicKey.findProgramAddressSync(
+    [new TextEncoder().encode("identity"), walletPubkey.toBuffer()],
+    programId
+  );
+  const [encryptedBaselinePda] = PublicKey.findProgramAddressSync(
+    [new TextEncoder().encode("encrypted_baseline"), walletPubkey.toBuffer()],
+    programId
+  );
+  return anchorProgram.methods.setEncryptedBaseline(Array.from(blob)).accounts({
+    authority: walletPubkey,
+    identityState: identityPda,
+    encryptedBaseline: encryptedBaselinePda,
+    systemProgram: SystemProgram.programId
+  }).instruction();
+}
 async function confirmAndCheck(connection, signature) {
   if (!signature) {
     throw new Error("confirmAndCheck called without a transaction signature");
@@ -4708,10 +5173,19 @@ async function submitViaWallet(proof, commitment, options) {
         systemProgram: SystemProgram.programId
       }).instruction();
       const tx = new Transaction();
-      tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: 25e4 }));
+      const computeUnitLimit = options.encryptedBaselineBlob ? 3e5 : 25e4;
+      tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: computeUnitLimit }));
       tx.add(createChallengeIx);
       tx.add(verifyProofIx);
       tx.add(updateAnchorIx);
+      if (options.encryptedBaselineBlob) {
+        const setBaselineIx = await buildSetEncryptedBaselineIx(
+          anchorProgram,
+          provider.wallet.publicKey,
+          options.encryptedBaselineBlob
+        );
+        tx.add(setBaselineIx);
+      }
       tx.feePayer = provider.wallet.publicKey;
       tx.recentBlockhash = (await options.connection.getLatestBlockhash("confirmed")).blockhash;
       txSig = await options.wallet.sendTransaction(tx, options.connection, {
@@ -4787,9 +5261,18 @@ async function submitViaWallet(proof, commitment, options) {
         );
       }
       const tx = new Transaction();
-      tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: 2e5 }));
+      const computeUnitLimit = options.encryptedBaselineBlob ? 25e4 : 2e5;
+      tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: computeUnitLimit }));
       if (ed25519Ix) tx.add(ed25519Ix);
       tx.add(mintAnchorIx);
+      if (options.encryptedBaselineBlob) {
+        const setBaselineIx = await buildSetEncryptedBaselineIx(
+          anchorProgram,
+          provider.wallet.publicKey,
+          options.encryptedBaselineBlob
+        );
+        tx.add(setBaselineIx);
+      }
       tx.feePayer = provider.wallet.publicKey;
       tx.recentBlockhash = (await options.connection.getLatestBlockhash("confirmed")).blockhash;
       txSig = await options.wallet.sendTransaction(tx, options.connection, {
@@ -4844,8 +5327,16 @@ async function submitResetViaWallet(commitment, options) {
       systemProgram: SystemProgram.programId
     }).instruction();
     const tx = new Transaction();
-    tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: 15e4 }));
+    tx.add(ComputeBudgetProgram.setComputeUnitLimit({ units: 2e5 }));
     tx.add(resetIx);
+    if (options.encryptedBaselineBlob) {
+      const setBaselineIx = await buildSetEncryptedBaselineIx(
+        anchorProgram,
+        provider.wallet.publicKey,
+        options.encryptedBaselineBlob
+      );
+      tx.add(setBaselineIx);
+    }
     tx.feePayer = provider.wallet.publicKey;
     tx.recentBlockhash = (await options.connection.getLatestBlockhash("confirmed")).blockhash;
     const txSig = await options.wallet.sendTransaction(
@@ -5064,19 +5555,19 @@ async function fetchIdentityState(walletPubkey, connection) {
     const accountInfo = await connection.getAccountInfo(identityPda);
     if (!accountInfo) return null;
     const coder = new anchor.BorshAccountsCoder(entros_anchor_default);
-    const decoded = coder.decode("identityState", accountInfo.data);
+    const decoded = coder.decode("IdentityState", accountInfo.data);
     return {
       owner: decoded.owner.toBase58(),
-      creationTimestamp: decoded.creationTimestamp.toNumber(),
-      lastVerificationTimestamp: decoded.lastVerificationTimestamp.toNumber(),
-      verificationCount: decoded.verificationCount,
-      trustScore: decoded.trustScore,
-      currentCommitment: new Uint8Array(decoded.currentCommitment),
+      creationTimestamp: decoded.creation_timestamp.toNumber(),
+      lastVerificationTimestamp: decoded.last_verification_timestamp.toNumber(),
+      verificationCount: decoded.verification_count,
+      trustScore: decoded.trust_score,
+      currentCommitment: new Uint8Array(decoded.current_commitment),
       mint: decoded.mint.toBase58(),
       // Anchor's Borsh coder returns the raw BN for i64 fields; .toNumber()
       // is safe here because Unix timestamps fit in Number.MAX_SAFE_INTEGER
       // until year 275760.
-      lastResetTimestamp: decoded.lastResetTimestamp?.toNumber?.() ?? 0
+      lastResetTimestamp: decoded.last_reset_timestamp?.toNumber?.() ?? 0
     };
   } catch {
     return null;
@@ -5160,6 +5651,65 @@ async function loadVerificationData() {
     return inMemoryStore;
   }
 }
+async function recoverBaselineFromChain(wallet, connection) {
+  try {
+    const identity = await fetchIdentityState(
+      wallet.publicKey.toBase58(),
+      connection
+    );
+    if (!identity) {
+      return { recovered: false, reason: "no-on-chain-identity" };
+    }
+    const blob = await fetchEncryptedBaseline(wallet.publicKey, connection);
+    if (!blob) {
+      return { recovered: false, reason: "no-encrypted-baseline" };
+    }
+    let key;
+    try {
+      key = await getOrDeriveBaselineKey(wallet);
+    } catch (err) {
+      const detail = err instanceof Error ? err.message : String(err);
+      return {
+        recovered: false,
+        reason: "signing-unavailable",
+        detail
+      };
+    }
+    const [baselinePda] = await deriveEncryptedBaselinePda(wallet.publicKey);
+    let plaintext;
+    try {
+      plaintext = await decryptBaselineBlob(
+        blob,
+        key,
+        wallet.publicKey,
+        baselinePda,
+        identity.currentCommitment
+      );
+    } catch (err) {
+      if (err instanceof StaleEncryptedBaselineError) {
+        return { recovered: false, reason: "stale-baseline" };
+      }
+      const detail = err instanceof Error ? err.message : String(err);
+      return { recovered: false, reason: "unknown-error", detail };
+    }
+    const fingerprint = bytesToFingerprint(plaintext.simhash);
+    const saltBigint = bytes32ToBigint(plaintext.salt);
+    const commitmentBigint = bytes32ToBigint(identity.currentCommitment);
+    await storeVerificationData({
+      fingerprint,
+      salt: saltBigint.toString(),
+      commitment: commitmentBigint.toString(),
+      timestamp: identity.lastVerificationTimestamp > 0 ? identity.lastVerificationTimestamp * 1e3 : Date.now()
+    });
+    sdkLog(
+      "[Entros SDK] Recovered local baseline from on-chain EncryptedBaseline PDA"
+    );
+    return { recovered: true };
+  } catch (err) {
+    const detail = err instanceof Error ? err.message : String(err);
+    return { recovered: false, reason: "unknown-error", detail };
+  }
+}
 
 // src/pulse.ts
 async function extractFeatures(data) {
@@ -5270,6 +5820,41 @@ async function extractFingerprintAndValidate(sensorData, config, walletAddress,
   }
   return { ok: true, features, f0Contour, accelMagnitude, fingerprint, tbh, signedReceipt };
 }
+function resolveBaselineWallet(wallet) {
+  if (!wallet) return null;
+  const adapter = wallet.adapter ?? wallet;
+  if (!adapter?.publicKey || typeof adapter.signMessage !== "function") {
+    return null;
+  }
+  return {
+    publicKey: adapter.publicKey,
+    signMessage: adapter.signMessage.bind(adapter)
+  };
+}
+async function buildEncryptedBaselineBlobBestEffort(wallet, fingerprint, salt, commitmentBytes) {
+  const baselineWallet = resolveBaselineWallet(wallet);
+  if (!baselineWallet) return void 0;
+  try {
+    const key = await getOrDeriveBaselineKey(baselineWallet);
+    const [baselinePda] = await deriveEncryptedBaselinePda(baselineWallet.publicKey);
+    const simhashBytes = fingerprintToBytes(fingerprint);
+    const saltBytes = bigintToBytes32(salt);
+    return await encryptBaselineBlob(
+      simhashBytes,
+      saltBytes,
+      key,
+      baselineWallet.publicKey,
+      baselinePda,
+      commitmentBytes
+    );
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    sdkWarn(
+      `[Entros SDK] Encrypted-baseline build skipped (cross-device recovery unavailable this session): ${msg}`
+    );
+    return void 0;
+  }
+}
 async function processSensorData(sensorData, config, wallet, connection, onProgress) {
   const audioSamples = sensorData.audio?.samples.length ?? 0;
   const motionSamples = sensorData.motion.length;
@@ -5341,7 +5926,7 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
   }
   const { fingerprint, tbh, features, signedReceipt } = extraction;
   let isFirstVerification;
-  const previousData = await loadVerificationData();
+  let previousData = await loadVerificationData();
   if (wallet && connection) {
     const walletPubkey = wallet.adapter?.publicKey ?? wallet.publicKey;
     if (walletPubkey) {
@@ -5363,6 +5948,21 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
   } else {
     isFirstVerification = !previousData;
   }
+  if (!isFirstVerification && !previousData && wallet && connection) {
+    const baselineWallet = resolveBaselineWallet(wallet);
+    if (baselineWallet) {
+      onProgress?.("Recovering baseline from chain...");
+      const recovery = await recoverBaselineFromChain(baselineWallet, connection);
+      if (recovery.recovered) {
+        previousData = await loadVerificationData();
+        sdkLog("[Entros SDK] On-chain encrypted baseline recovered");
+      } else {
+        sdkLog(
+          `[Entros SDK] On-chain encrypted baseline recovery not available (${recovery.reason ?? "unknown"})`
+        );
+      }
+    }
+  }
   if (!isFirstVerification && !previousData) {
     return {
       success: false,
@@ -5428,6 +6028,12 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
   onProgress?.("Submitting to Solana...");
   let submission;
   if (wallet && connection) {
+    const encryptedBaselineBlob = await buildEncryptedBaselineBlobBestEffort(
+      wallet,
+      tbh.fingerprint,
+      tbh.salt,
+      tbh.commitmentBytes
+    );
     if (isFirstVerification) {
       submission = await submitViaWallet(
         solanaProof ?? { proofBytes: new Uint8Array(0), publicInputs: [] },
@@ -5438,7 +6044,8 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
           isFirstVerification: true,
           relayerUrl: config.relayerUrl,
           relayerApiKey: config.relayerApiKey,
-          signedReceipt
+          signedReceipt,
+          encryptedBaselineBlob
         }
       );
     } else {
@@ -5447,7 +6054,8 @@ async function processSensorData(sensorData, config, wallet, connection, onProgr
         connection,
         isFirstVerification: false,
         relayerUrl: config.relayerUrl,
-        relayerApiKey: config.relayerApiKey
+        relayerApiKey: config.relayerApiKey,
+        encryptedBaselineBlob
       });
     }
   } else if (config.relayerUrl) {
@@ -5529,12 +6137,19 @@ async function processResetSensorData(sensorData, config, wallet, connection, on
     };
   }
   const { tbh } = extraction;
+  const encryptedBaselineBlob = await buildEncryptedBaselineBlobBestEffort(
+    wallet,
+    tbh.fingerprint,
+    tbh.salt,
+    tbh.commitmentBytes
+  );
   onProgress?.("Submitting reset to Solana...");
   const submission = await submitResetViaWallet(tbh.commitmentBytes, {
     wallet,
     connection,
     relayerUrl: config.relayerUrl,
-    relayerApiKey: config.relayerApiKey
+    relayerApiKey: config.relayerApiKey,
+    encryptedBaselineBlob
   });
   if (submission.success) {
     try {
@@ -6422,6 +7037,7 @@ async function fetchChallenge(executorUrl, walletAddress, apiKey) {
   DEFAULT_CAPTURE_MS,
   DEFAULT_MIN_DISTANCE,
   DEFAULT_THRESHOLD,
+  ENCRYPTED_BASELINE_BLOB_BYTES,
   FINGERPRINT_BITS,
   MAX_CAPTURE_MS,
   MIN_AUDIO_SAMPLES,
@@ -6433,11 +7049,19 @@ async function fetchChallenge(executorUrl, walletAddress, apiKey) {
   PulseSDK,
   PulseSession,
   SPEAKER_FEATURE_COUNT,
+  StaleEncryptedBaselineError,
   TOUCH_FEATURE_COUNT,
   attestAgentOperator,
   bigintToBytes32,
+  bytes32ToBigint,
+  bytesToFingerprint,
+  clearBaselineKeyCache,
   computeCommitment,
+  decryptBaselineBlob,
+  deriveBaselineKey,
+  deriveEncryptedBaselinePda,
   encodeAudioAsBase64,
+  encryptBaselineBlob,
   extractAccelerationMagnitude,
   extractMotionFeatures,
   extractMouseDynamics,
@@ -6445,7 +7069,9 @@ async function fetchChallenge(executorUrl, walletAddress, apiKey) {
   extractSpeakerFeaturesDetailed,
   extractTouchFeatures,
   fetchChallenge,
+  fetchEncryptedBaseline,
   fetchIdentityState,
+  fingerprintToBytes,
   fuseFeatures,
   fuseRawFeatures,
   generateLissajousPoints,
@@ -6457,11 +7083,13 @@ async function fetchChallenge(executorUrl, walletAddress, apiKey) {
   generateSolanaProof,
   generateTBH,
   getAgentHumanOperator,
+  getOrDeriveBaselineKey,
   hammingDistance,
   loadVerificationData,
   packBits,
   prepareCircuitInput,
   randomLissajousParams,
+  recoverBaselineFromChain,
   serializeProof,
   simhash,
   storeVerificationData,