@getpara/core-sdk 2.0.0-alpha.53 → 2.0.0-alpha.54

package/dist/esm/shares/enclave.js

@@ -0,0 +1,226 @@
+import {
+  __async
+} from "../chunk-W5CT3TVS.js";
+class EnclaveClient {
+  constructor({
+    userManagementClient,
+    retrieveJwt,
+    persistJwt,
+    retrieveRefreshJwt,
+    persistRefreshJwt
+  }) {
+    this.enclavePublicKey = null;
+    this.frontendKeyPair = null;
+    this.userManagementClient = userManagementClient;
+    this.retrieveJwt = retrieveJwt;
+    this.persistJwt = persistJwt;
+    this.retrieveRefreshJwt = retrieveRefreshJwt;
+    this.persistRefreshJwt = persistRefreshJwt;
+  }
+  refreshJwt() {
+    return __async(this, null, function* () {
+      const frontendKeyPair = yield this.generateFrontendKeyPair();
+      const responsePublicKeyPEM = yield this.exportPublicKeyToPEM(frontendKeyPair.publicKey);
+      const payload = {
+        refreshJwt: this.retrieveRefreshJwt(),
+        responsePublicKey: responsePublicKeyPEM
+      };
+      const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+      const response = yield this.userManagementClient.refreshEnclaveJwt(JSON.stringify(encryptedPayload));
+      const decryptedResponse = yield this.decryptForFrontend(JSON.parse(response.payload));
+      this.persistJwt(decryptedResponse.jwt);
+      this.persistRefreshJwt(decryptedResponse.refreshJwt);
+    });
+  }
+  withJwtRefreshRetry(fn) {
+    return __async(this, null, function* () {
+      try {
+        return yield fn();
+      } catch (error) {
+        yield this.refreshJwt();
+        return yield fn();
+      }
+    });
+  }
+  issueEnclaveJwt() {
+    return __async(this, null, function* () {
+      const frontendKeyPair = yield this.generateFrontendKeyPair();
+      const responsePublicKeyPEM = yield this.exportPublicKeyToPEM(frontendKeyPair.publicKey);
+      const payload = {
+        responsePublicKey: responsePublicKeyPEM
+      };
+      const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+      const response = yield this.userManagementClient.issueEnclaveJwt(JSON.stringify(encryptedPayload));
+      const decryptedResponse = yield this.decryptForFrontend(JSON.parse(response));
+      this.persistJwt(decryptedResponse.jwt);
+    });
+  }
+  /**
+   * Generate a P-256 keypair for the frontend to receive encrypted responses
+   */
+  generateFrontendKeyPair() {
+    return __async(this, null, function* () {
+      if (this.frontendKeyPair) {
+        return this.frontendKeyPair;
+      }
+      this.frontendKeyPair = yield crypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256" }, true, ["deriveBits"]);
+      return this.frontendKeyPair;
+    });
+  }
+  /**
+   * Get the enclave's public key from the user-management service
+   */
+  getEnclavePublicKey() {
+    return __async(this, null, function* () {
+      if (this.enclavePublicKey) {
+        return this.enclavePublicKey;
+      }
+      const response = yield this.userManagementClient.getEnclavePublicKey();
+      this.enclavePublicKey = response.publicKey;
+      return this.enclavePublicKey;
+    });
+  }
+  /**
+   * Import a PEM-formatted public key for use with Web Crypto API
+   */
+  importPublicKeyFromPEM(pemString) {
+    return __async(this, null, function* () {
+      const pemContents = pemString.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(/\s/g, "");
+      const keyData = Uint8Array.from(atob(pemContents), (c) => c.charCodeAt(0));
+      return yield crypto.subtle.importKey("spki", keyData, { name: "ECDH", namedCurve: "P-256" }, false, []);
+    });
+  }
+  /**
+   * Export a public key to PEM format
+   */
+  exportPublicKeyToPEM(publicKey) {
+    return __async(this, null, function* () {
+      const exported = yield crypto.subtle.exportKey("spki", publicKey);
+      const exportedAsBase64 = btoa(String.fromCharCode(...new Uint8Array(exported)));
+      return `-----BEGIN PUBLIC KEY-----
+${exportedAsBase64}
+-----END PUBLIC KEY-----`;
+    });
+  }
+  /**
+   * Encrypt data using P-256 ECIES for the enclave
+   */
+  encryptForEnclave(plaintext) {
+    return __async(this, null, function* () {
+      const enclavePublicKeyPEM = yield this.getEnclavePublicKey();
+      const enclavePublicKey = yield this.importPublicKeyFromPEM(enclavePublicKeyPEM);
+      const ephemeralKeyPair = yield crypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256" }, true, ["deriveBits"]);
+      const sharedSecretBits = yield crypto.subtle.deriveBits(
+        { name: "ECDH", public: enclavePublicKey },
+        ephemeralKeyPair.privateKey,
+        256
+        // 32 bytes = 256 bits
+      );
+      const encryptionKeyBuffer = yield crypto.subtle.digest("SHA-256", sharedSecretBits);
+      const encryptionKey = yield crypto.subtle.importKey("raw", encryptionKeyBuffer, { name: "AES-GCM" }, false, ["encrypt"]);
+      const iv = crypto.getRandomValues(new Uint8Array(12));
+      const encrypted = yield crypto.subtle.encrypt(
+        { name: "AES-GCM", iv },
+        encryptionKey,
+        new TextEncoder().encode(plaintext)
+      );
+      const encryptedArray = new Uint8Array(encrypted);
+      const combined = new Uint8Array(iv.length + encryptedArray.length);
+      combined.set(iv);
+      combined.set(encryptedArray, iv.length);
+      const ephemeralPublicKeyBuffer = yield crypto.subtle.exportKey("spki", ephemeralKeyPair.publicKey);
+      return {
+        encryptedData: btoa(String.fromCharCode(...combined)),
+        keyId: "",
+        // Will be set by the enclave
+        algorithm: "ECIES-P256-AES256-SHA256",
+        ephemeral: btoa(String.fromCharCode(...new Uint8Array(ephemeralPublicKeyBuffer)))
+      };
+    });
+  }
+  /**
+   * Decrypt response encrypted for the frontend
+   */
+  decryptForFrontend(encryptedPayload) {
+    return __async(this, null, function* () {
+      if (!this.frontendKeyPair) {
+        throw new Error("Frontend keypair not available");
+      }
+      const encryptedData = Uint8Array.from(atob(encryptedPayload.encryptedData), (c) => c.charCodeAt(0));
+      const ephemeralPublicKeyData = Uint8Array.from(atob(encryptedPayload.ephemeral), (c) => c.charCodeAt(0));
+      const ephemeralPublicKey = yield crypto.subtle.importKey(
+        "spki",
+        ephemeralPublicKeyData,
+        { name: "ECDH", namedCurve: "P-256" },
+        false,
+        []
+      );
+      const sharedSecretBits = yield crypto.subtle.deriveBits(
+        { name: "ECDH", public: ephemeralPublicKey },
+        this.frontendKeyPair.privateKey,
+        256
+      );
+      const encryptionKeyBuffer = yield crypto.subtle.digest("SHA-256", sharedSecretBits);
+      const encryptionKey = yield crypto.subtle.importKey("raw", encryptionKeyBuffer, { name: "AES-GCM" }, false, ["decrypt"]);
+      const iv = encryptedData.slice(0, 12);
+      const ciphertext = encryptedData.slice(12);
+      const decrypted = yield crypto.subtle.decrypt({ name: "AES-GCM", iv }, encryptionKey, ciphertext);
+      return JSON.parse(new TextDecoder().decode(decrypted));
+    });
+  }
+  /**
+   * Persist key shares to the enclave
+   * @param shares Array of share data to persist
+   */
+  persistShares(shares) {
+    return __async(this, null, function* () {
+      const payload = {
+        shares,
+        jwt: this.retrieveJwt()
+      };
+      const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+      const encryptedPayloadStr = JSON.stringify(encryptedPayload);
+      return yield this.userManagementClient.persistEnclaveShares(encryptedPayloadStr);
+    });
+  }
+  /**
+   * Retrieve key shares from the enclave
+   * @param query Query parameters for finding shares (single query or array of queries)
+   */
+  retrieveShares(query) {
+    return __async(this, null, function* () {
+      yield this.issueEnclaveJwt();
+      const frontendKeyPair = yield this.generateFrontendKeyPair();
+      const responsePublicKeyPEM = yield this.exportPublicKeyToPEM(frontendKeyPair.publicKey);
+      const fullQuery = query.map((q) => ({
+        userId: q.userId
+      }));
+      const payload = {
+        query: fullQuery,
+        responsePublicKey: responsePublicKeyPEM,
+        jwt: this.retrieveJwt()
+      };
+      const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+      const encryptedPayloadStr = JSON.stringify(encryptedPayload);
+      const response = yield this.userManagementClient.retrieveEnclaveShares(encryptedPayloadStr);
+      const encryptedResponse = JSON.parse(response.payload);
+      const decryptedData = yield this.decryptForFrontend(encryptedResponse);
+      return decryptedData.shares;
+    });
+  }
+  retrieveSharesWithRetry(query) {
+    return __async(this, null, function* () {
+      return yield this.withJwtRefreshRetry(() => __async(this, null, function* () {
+        return this.retrieveShares(query);
+      }));
+    });
+  }
+  persistSharesWithRetry(shares) {
+    return __async(this, null, function* () {
+      return yield this.persistShares(shares);
+    });
+  }
+}
+export {
+  EnclaveClient
+};

package/dist/esm/shares/recovery.js

@@ -1,7 +1,7 @@
 import {
   __async,
   __spreadValues
-} from "../chunk-7B52C2XE.js";
+} from "../chunk-W5CT3TVS.js";
 import { EncryptorType, KeyShareType } from "@getpara/user-management-client";
 import { KeyContainer } from "./KeyContainer.js";
 function sendRecoveryForShare(_0) {

package/dist/esm/shares/shareDistribution.js

@@ -1,6 +1,6 @@
 import {
   __async
-} from "../chunk-7B52C2XE.js";
+} from "../chunk-W5CT3TVS.js";
 import { EncryptorType, KeyShareType } from "@getpara/user-management-client";
 import { encryptWithDerivedPublicKey } from "../cryptography/utils.js";
 import { sendRecoveryForShare } from "./recovery.js";
@@ -13,8 +13,23 @@ function distributeNewShare(_0) {
     ignoreRedistributingBackupEncryptedShare = false,
     emailProps = {},
     partnerId,
-    protocolId
+    protocolId,
+    isEnclaveUser,
+    walletScheme
   }) {
+    if (isEnclaveUser) {
+      yield ctx.enclaveClient.persistSharesWithRetry([
+        {
+          userId,
+          walletId,
+          walletScheme,
+          signer: userShare,
+          partnerId,
+          protocolId
+        }
+      ]);
+      return "";
+    }
     const publicKeysRes = yield ctx.client.getSessionPublicKeys(userId);
     const biometricEncryptedShares = publicKeysRes.data.keys.map((key) => {
       if (!key.publicKey) {

package/dist/esm/transmission/transmissionUtils.js

@@ -1,6 +1,6 @@
 import {
   __async
-} from "../chunk-7B52C2XE.js";
+} from "../chunk-W5CT3TVS.js";
 import { Encrypt as ECIESEncrypt, Decrypt as ECIESDecrypt } from "@celo/utils/lib/ecies.js";
 import { Buffer } from "buffer";
 import * as eutil from "@ethereumjs/util";

package/dist/esm/types/auth.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 var AccountLinkError = /* @__PURE__ */ ((AccountLinkError2) => {
   AccountLinkError2["NotAuthenticated"] = "No user is currently authenticated";
   AccountLinkError2["Conflict"] = "Account already linked";

package/dist/esm/types/config.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 var Environment = /* @__PURE__ */ ((Environment2) => {
   Environment2["DEV"] = "DEV";
   Environment2["SANDBOX"] = "SANDBOX";

package/dist/esm/types/coreApi.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 const PARA_CORE_METHODS = [
   "getAuthInfo",
   "signUpOrLogIn",

package/dist/esm/types/events.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 const EVENT_PREFIX = "para";
 var ParaEvent = ((ParaEvent2) => {
   ParaEvent2["LOGIN_EVENT"] = `${EVENT_PREFIX}Login`;
@@ -12,6 +12,8 @@ var ParaEvent = ((ParaEvent2) => {
   ParaEvent2["WALLET_CREATED"] = `${EVENT_PREFIX}WalletCreated`;
   ParaEvent2["PREGEN_WALLET_CLAIMED"] = `${EVENT_PREFIX}PregenWalletClaimed`;
   ParaEvent2["GUEST_WALLETS_CREATED"] = `${EVENT_PREFIX}GuestWalletsCreated`;
+  ParaEvent2["ASSET_TRANSFERRED"] = `${EVENT_PREFIX}AssetTransferred`;
+  ParaEvent2["ONRAMP_TRANSACTION_COMPLETE"] = `${EVENT_PREFIX}OnRampTransactionComplete`;
   return ParaEvent2;
 })(ParaEvent || {});
 export {

package/dist/esm/types/popup.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 var PopupType = /* @__PURE__ */ ((PopupType2) => {
   PopupType2["SIGN_TRANSACTION_REVIEW"] = "SIGN_TRANSACTION_REVIEW";
   PopupType2["SIGN_MESSAGE_REVIEW"] = "SIGN_MESSAGE_REVIEW";

package/dist/esm/types/wallet.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 var PregenIdentifierType = /* @__PURE__ */ ((PregenIdentifierType2) => {
   PregenIdentifierType2["EMAIL"] = "EMAIL";
   PregenIdentifierType2["PHONE"] = "PHONE";

package/dist/esm/utils/autobind.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 function autoBind(instance) {
   let proto = instance;
   while (proto && proto !== Object.prototype) {

package/dist/esm/utils/events.js

@@ -1,6 +1,6 @@
 import {
   __spreadValues
-} from "../chunk-7B52C2XE.js";
+} from "../chunk-W5CT3TVS.js";
 function dispatchEvent(type, data, error) {
   typeof window !== "undefined" && !!window.dispatchEvent && window.dispatchEvent(
     new CustomEvent(type, { detail: __spreadValues({ data }, error && { error: new Error(error) }) })

package/dist/esm/utils/formatting.js

@@ -1,4 +1,6 @@
-import "../chunk-7B52C2XE.js";
+import {
+  __pow
+} from "../chunk-W5CT3TVS.js";
 import { toBech32 } from "@cosmjs/encoding";
 import { sha256 } from "@noble/hashes/sha256";
 import { ripemd160 } from "@noble/hashes/ripemd160";
@@ -63,9 +65,47 @@ function truncateAddress(str, addressType, {
   const margin = targetLength !== void 0 ? (targetLength - minimum) / 2 : 4;
   return `${str.slice(0, minimum + margin)}...${str.slice(-1 * margin)}`;
 }
+function formatCurrency(value, { fallback = "" } = {}) {
+  if (!value) {
+    return fallback;
+  }
+  const formatter = new Intl.NumberFormat("en-US", {
+    style: "currency",
+    currency: value.currency
+  });
+  const zeroFormatter = new Intl.NumberFormat("en-US", {
+    style: "currency",
+    currency: value.currency,
+    maximumFractionDigits: 0
+  });
+  return Math.abs(value.value) < 0.01 ? zeroFormatter.format(0) : formatter.format(value.value);
+}
+const zeroAssetFormatter = new Intl.NumberFormat("en-US", {
+  style: "decimal",
+  maximumFractionDigits: 0,
+  minimumFractionDigits: 0
+});
+function formatAssetQuantity({
+  quantity,
+  symbol = "",
+  decimals,
+  fallback = ""
+}) {
+  if (!quantity) {
+    return fallback;
+  }
+  const formatter = new Intl.NumberFormat("en-US", {
+    style: "decimal",
+    maximumFractionDigits: decimals != null ? decimals : Math.abs(quantity) < 1e-3 ? 6 : 3,
+    minimumFractionDigits: decimals != null ? decimals : 3
+  });
+  return `${Math.abs(quantity) < __pow(10, -1 * (decimals != null ? decimals : 6)) ? zeroAssetFormatter.format(0) : formatter.format(quantity)}${symbol && symbol.length > 0 ? ` ${symbol}` : ""}`;
+}
 export {
   compressPubkey,
   decimalToHex,
+  formatAssetQuantity,
+  formatCurrency,
   getCosmosAddress,
   hexStringToBase64,
   hexToDecimal,

package/dist/esm/utils/json.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 function jsonParse(data, validate) {
   try {
     const res = JSON.parse(data);

package/dist/esm/utils/listeners.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 import * as constants from "../constants.js";
 function storageListener(e) {
   if (!e.url.includes(window.location.origin)) {

package/dist/esm/utils/onRamps.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 function toAssetInfoArray(data) {
   const result = [];
   Object.keys(data).forEach((walletType) => {

package/dist/esm/utils/phone.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 import parsePhoneNumberFromString from "libphonenumber-js";
 function formatPhoneNumber(phone, countryCode, { forDisplay = false } = {}) {
   phone = phone.toString();

package/dist/esm/utils/polling.js

@@ -1,6 +1,6 @@
 import {
   __async
-} from "../chunk-7B52C2XE.js";
+} from "../chunk-W5CT3TVS.js";
 function waitUntilTrue(condition, timeoutMs, intervalMs) {
   return __async(this, null, function* () {
     const start = Date.now();

package/dist/esm/utils/types.js

@@ -1,4 +1,4 @@
-import "../chunk-7B52C2XE.js";
+import "../chunk-W5CT3TVS.js";
 function isServerAuthState(obj) {
   return "stage" in obj;
 }

package/dist/esm/utils/url.js

@@ -1,6 +1,6 @@
 import {
   __async
-} from "../chunk-7B52C2XE.js";
+} from "../chunk-W5CT3TVS.js";
 import { upload } from "../transmission/transmissionUtils.js";
 import { Environment } from "../types/index.js";
 function getPortalDomain(env, isE2E) {

package/dist/esm/utils/wallet.js

@@ -1,7 +1,7 @@
 import {
   __spreadProps,
   __spreadValues
-} from "../chunk-7B52C2XE.js";
+} from "../chunk-W5CT3TVS.js";
 import * as uuid from "uuid";
 import { formatPhoneNumber } from "./phone.js";
 const WalletSchemeTypeMap = {

package/dist/types/ParaCore.d.ts

@@ -1,9 +1,10 @@
-import { AuthMethod, AuthExtras, CurrentWalletIds, EmailTheme, PartnerEntity, TWalletType, PregenIds, BiometricLocationHint, Auth, SupportedWalletTypes, AuthIdentifier, AuthType, ExternalWalletInfo, PrimaryAuthInfo, SessionInfo, PrimaryAuth, PrimaryAuthType, AccountMetadata, LinkedAccounts, VerifyLinkParams, VerifyExternalWalletParams, SupportedAccountLinks, OnRampPurchase, Theme } from '@getpara/user-management-client';
+import { AuthMethod, AuthExtras, CurrentWalletIds, EmailTheme, PartnerEntity, TWalletType, PregenIds, BiometricLocationHint, Auth, SupportedWalletTypes, AuthIdentifier, AuthType, ExternalWalletInfo, PrimaryAuthInfo, SessionInfo, PrimaryAuth, PrimaryAuthType, AccountMetadata, LinkedAccounts, VerifyLinkParams, VerifyExternalWalletParams, SupportedAccountLinks, OnRampPurchase, BalancesConfig, Theme } from '@getpara/user-management-client';
 import type { pki as pkiType } from 'node-forge';
 import { Ctx, Environment, WalletFilters, Wallet, PortalUrlOptions, ConstructorOpts, CoreAuthInfo, PortalUrlType, CoreMethodParams, CoreMethodResponse, NewCredentialUrlParams, LoginUrlParams, CoreInterface, ExternalWalletConnectionType, AccountLinkInProgress, InternalMethodParams, InternalMethodResponse } from './types/index.js';
 import { PlatformUtils } from './PlatformUtils.js';
 export declare abstract class ParaCore implements CoreInterface {
     #private;
+    popupWindow: Window | null;
     static version?: string;
     ctx: Ctx;
     protected isNativePasskey: boolean;
@@ -21,6 +22,9 @@ export declare abstract class ParaCore implements CoreInterface {
     userId?: string;
     accountLinkInProgress: AccountLinkInProgress | undefined;
     private sessionCookie?;
+    isEnclaveUser: boolean;
+    private enclaveJwt?;
+    private enclaveRefreshJwt?;
     private isAwaitingAccountCreation;
     private isAwaitingLogin;
     private isAwaitingFarcaster;
@@ -147,6 +151,10 @@ export declare abstract class ParaCore implements CoreInterface {
     private sessionStorageRemoveItem;
     retrieveSessionCookie: () => string | undefined;
     persistSessionCookie: (cookie: string) => void;
+    retrieveEnclaveJwt: () => string;
+    persistEnclaveJwt: (jwt: string) => void;
+    retrieveEnclaveRefreshJwt: () => string;
+    persistEnclaveRefreshJwt: (jwt: string) => void;
     /**
      * Remove all local storage and prefixed session storage.
      * @param {'local' | 'session' | 'secure' | 'all'} type - Type of storage to clear. Defaults to 'all'.
@@ -202,6 +210,7 @@ export declare abstract class ParaCore implements CoreInterface {
     private wrapMethodsWithErrorTracking;
     private initializeFromStorage;
     private updateAuthInfoFromStorage;
+    private updateEnclaveJwtFromStorage;
     private updateUserIdFromStorage;
     private updateWalletsFromStorage;
     private updateWalletIdsFromStorage;
@@ -701,7 +710,7 @@ export declare abstract class ParaCore implements CoreInterface {
         url?: string;
     }>;
     /**
-     * Returns a Para Portal URL for logging in with a WebAuth passkey, password or PIN.
+     * Returns a Para Portal URL for logging in with a WebAuth passkey, password, PIN or OTP.
      * @param {Object} opts the options object
      * @param {String} opts.auth - the user auth to sign up or log in with, in the form ` { email: string } | { phone: `+${number}` } `
      * @param {boolean} opts.useShortUrls - whether to shorten the generated portal URLs
@@ -719,5 +728,9 @@ export declare abstract class ParaCore implements CoreInterface {
         accountLinkInProgress?: AccountLinkInProgress;
     } & Partial<Pick<VerifyLinkParams, 'verificationCode' | 'telegramAuthResponse'> & VerifyExternalWalletParams>): Promise<LinkedAccounts>;
     protected verifyEmailOrPhoneLink({ verificationCode, }: InternalMethodParams<'verifyEmailOrPhoneLink'>): InternalMethodResponse<'verifyEmailOrPhoneLink'>;
+    protected getProfileBalance({ config, refetch }?: {
+        config?: BalancesConfig;
+        refetch?: boolean;
+    }): Promise<import("@getpara/user-management-client").ProfileBalance>;
     protected sendLoginCode(): Promise<void>;
 }

package/dist/types/constants.d.ts

@@ -14,6 +14,8 @@ export declare const LOCAL_STORAGE_WALLETS = "@CAPSULE/wallets";
 export declare const LOCAL_STORAGE_EXTERNAL_WALLETS = "@CAPSULE/externalWallets";
 export declare const LOCAL_STORAGE_CURRENT_WALLET_IDS = "@CAPSULE/currentWalletIds";
 export declare const LOCAL_STORAGE_SESSION_COOKIE = "@CAPSULE/sessionCookie";
+export declare const LOCAL_STORAGE_ENCLAVE_JWT = "@CAPSULE/enclaveJwt";
+export declare const LOCAL_STORAGE_ENCLAVE_REFRESH_JWT = "@CAPSULE/enclaveRefreshJwt";
 export declare const SESSION_STORAGE_LOGIN_ENCRYPTION_KEY_PAIR = "@CAPSULE/loginEncryptionKeyPair";
 export declare const POLLING_INTERVAL_MS = 2000;
 export declare const SHORT_POLLING_INTERVAL_MS = 1000;

package/dist/types/index.d.ts

@@ -1,10 +1,10 @@
 import { ParaCore } from './ParaCore.js';
-export { type Auth, type AuthInfo, type PrimaryAuthInfo, type VerifiedAuthInfo, type VerifiedAuth, AuthMethod, AuthMethodStatus, type AuthExtras, type CurrentWalletIds, EmailTheme, type PartnerEntity, type WalletEntity, Network, type TNetwork, WalletType, type TWalletType, WalletScheme, type TWalletScheme, OnRampAsset, type TOnRampAsset, OnRampPurchaseType, OnRampProvider, OnRampPurchaseStatus, type OnRampConfig, type OnRampAssets, type OnRampPurchase, type OnRampAssetInfo, type ProviderAssetInfo, OnRampMethod, type Theme, OAuthMethod, type TOAuthMethod, type TLinkedAccountType, type SupportedAccountLinks, type SupportedWalletTypes, type TPregenIdentifierType, type PregenIds, type LinkedAccount, type LinkedAccounts, type TExternalWallet, type ExternalWalletInfo, type PregenAuth, type Setup2faResponse, type TelegramAuthResponse, type VerifyExternalWalletParams, RecoveryStatus, ThemeMode, NON_ED25519, PREGEN_IDENTIFIER_TYPES, WALLET_TYPES, WALLET_SCHEMES, OAUTH_METHODS, LINKED_ACCOUNT_TYPES, EXTERNAL_WALLET_TYPES, EVM_WALLETS, SOLANA_WALLETS, COSMOS_WALLETS, } from '@getpara/user-management-client';
+export { type Auth, type AuthInfo, type PrimaryAuthInfo, type VerifiedAuthInfo, type VerifiedAuth, AuthMethod, AuthMethodStatus, type AuthExtras, type CurrentWalletIds, EmailTheme, type PartnerEntity, type WalletEntity, Network, type TNetwork, WalletType, type TWalletType, WalletScheme, type TWalletScheme, OnRampAsset, type TOnRampAsset, OnRampPurchaseType, OnRampProvider, OnRampPurchaseStatus, type OnRampConfig, type OnRampAssets, type OnRampPurchase, type OnRampAssetInfo, type ProviderAssetInfo, OnRampMethod, type Theme, OAuthMethod, type TOAuthMethod, type TLinkedAccountType, type SupportedAccountLinks, type SupportedWalletTypes, type TPregenIdentifierType, type PregenIds, type LinkedAccount, type LinkedAccounts, type TExternalWallet, type ExternalWalletInfo, type PregenAuth, type Setup2faResponse, type TelegramAuthResponse, type VerifyExternalWalletParams, type AssetMetadata, type AssetMetadataIndexed, type AssetValue, type BalancesConfig, type WalletBalance, type ProfileBalance, type OfframpDepositRequest, RecoveryStatus, ThemeMode, NON_ED25519, PREGEN_IDENTIFIER_TYPES, WALLET_TYPES, WALLET_SCHEMES, OAUTH_METHODS, LINKED_ACCOUNT_TYPES, EXTERNAL_WALLET_TYPES, EVM_WALLETS, SOLANA_WALLETS, COSMOS_WALLETS, } from '@getpara/user-management-client';
 export { PopupType, PregenIdentifierType, type AuthStateSignup, type AuthStateVerify, type AuthStateLogin, type AuthState, type OAuthResponse, type CoreAuthInfo, type SignatureRes, type FullSignatureRes, type SuccessfulSignatureRes, type DeniedSignatureRes, type DeniedSignatureResWithUrl, type Wallet, type GetWalletBalanceParams, type AccountLinkInProgress, AccountLinkError, type InternalInterface, } from './types/index.js';
 export * from './types/coreApi.js';
 export * from './types/events.js';
 export * from './types/config.js';
-export { getPortalDomain, entityToWallet, constructUrl, shortenUrl } from './utils/index.js';
+export { getPortalDomain, dispatchEvent, entityToWallet, constructUrl, shortenUrl } from './utils/index.js';
 export { PREFIX as STORAGE_PREFIX, PARA_PREFIX as PARA_STORAGE_PREFIX } from './constants.js';
 export { distributeNewShare } from './shares/shareDistribution.js';
 export { KeyContainer } from './shares/KeyContainer.js';
@@ -22,5 +22,6 @@ export { isWalletSupported } from './utils/wallet.js';
 export { getNetworkPrefix, getOnRampAssets, getOnRampNetworks, toAssetInfoArray } from './utils/onRamps.js';
 export { getPortalBaseURL } from './utils/url.js';
 export { retrieve as transmissionUtilsRetrieve } from './transmission/transmissionUtils.js';
+export type { ShareData } from './shares/enclave.js';
 export declare const paraVersion: string;
 export default ParaCore;

package/dist/types/shares/enclave.d.ts

@@ -0,0 +1,81 @@
+import UserManagementClient from '@getpara/user-management-client';
+export interface ShareData {
+    userId: string;
+    walletId: string;
+    walletScheme: string;
+    partnerId?: string;
+    protocolId?: string;
+    signer: string;
+    createdAt?: string;
+    updatedAt?: string;
+}
+export interface ShareQuery {
+    userId: string;
+    walletId?: string;
+    partnerId?: string;
+}
+export interface EncryptedPayload {
+    encryptedData: string;
+    keyId: string;
+    algorithm: string;
+    ephemeral: string;
+}
+/**
+ * Enclave client for secure key share operations
+ * Handles encryption/decryption and communication with the enclave service
+ */
+export declare class EnclaveClient {
+    private userManagementClient;
+    private enclavePublicKey;
+    private frontendKeyPair;
+    private retrieveJwt;
+    private persistJwt;
+    private retrieveRefreshJwt;
+    private persistRefreshJwt;
+    constructor({ userManagementClient, retrieveJwt, persistJwt, retrieveRefreshJwt, persistRefreshJwt, }: {
+        userManagementClient: UserManagementClient;
+        retrieveJwt: () => string;
+        persistJwt: (jwt: string) => void;
+        retrieveRefreshJwt: () => string;
+        persistRefreshJwt: (refreshJwt: string) => void;
+    });
+    private refreshJwt;
+    private withJwtRefreshRetry;
+    private issueEnclaveJwt;
+    /**
+     * Generate a P-256 keypair for the frontend to receive encrypted responses
+     */
+    private generateFrontendKeyPair;
+    /**
+     * Get the enclave's public key from the user-management service
+     */
+    private getEnclavePublicKey;
+    /**
+     * Import a PEM-formatted public key for use with Web Crypto API
+     */
+    private importPublicKeyFromPEM;
+    /**
+     * Export a public key to PEM format
+     */
+    private exportPublicKeyToPEM;
+    /**
+     * Encrypt data using P-256 ECIES for the enclave
+     */
+    private encryptForEnclave;
+    /**
+     * Decrypt response encrypted for the frontend
+     */
+    private decryptForFrontend;
+    /**
+     * Persist key shares to the enclave
+     * @param shares Array of share data to persist
+     */
+    private persistShares;
+    /**
+     * Retrieve key shares from the enclave
+     * @param query Query parameters for finding shares (single query or array of queries)
+     */
+    private retrieveShares;
+    retrieveSharesWithRetry(query: ShareQuery[]): Promise<ShareData[]>;
+    persistSharesWithRetry(shares: ShareData[]): Promise<any>;
+}

package/dist/types/shares/shareDistribution.d.ts

@@ -1,6 +1,6 @@
-import { BackupKitEmailProps } from '@getpara/user-management-client';
+import { BackupKitEmailProps, TWalletScheme } from '@getpara/user-management-client';
 import { Ctx } from '../types/index.js';
-export declare function distributeNewShare({ ctx, userId, walletId, userShare, ignoreRedistributingBackupEncryptedShare, emailProps, partnerId, protocolId, }: {
+export declare function distributeNewShare({ ctx, userId, walletId, userShare, ignoreRedistributingBackupEncryptedShare, emailProps, partnerId, protocolId, isEnclaveUser, walletScheme, }: {
     ctx: Ctx;
     userId: string;
     walletId: string;
@@ -9,4 +9,6 @@ export declare function distributeNewShare({ ctx, userId, walletId, userShare, i
     emailProps?: BackupKitEmailProps;
     partnerId?: string;
     protocolId?: string;
+    isEnclaveUser: boolean;
+    walletScheme: TWalletScheme;
 }): Promise<string>;