dfns · ncornwell · Jan 31, 2026
diff --git a/core/signing-dfns/README.md b/core/signing-dfns/README.md
@@ -0,0 +1,121 @@
+# @canton-network/core-signing-dfns
+
+This package provides a signing driver for integrating the Wallet Gateway with [Dfns](https://www.dfns.co/). It implements the `SigningDriverInterface` defined in `@canton-network/core-signing-lib`, allowing the Wallet Gateway to manage keys and sign transactions using Dfns's infrastructure.
+
+## Installation
+
+This package is part of the Splice Wallet Kernel monorepo and is typically installed as a workspace dependency.
+
+```bash
+yarn add @canton-network/core-signing-dfns
+```
+
+## Usage
+
+The `DfnsSigningDriver` is designed to be used within the Wallet Gateway's signing architecture. It requires a configuration object containing Dfns organization details and credentials.
+
+### Initialization
+
+```typescript
+import DfnsSigningDriver, {
+    DfnsConfig,
+    DfnsCredentials,
+} from '@canton-network/core-signing-dfns'
+
+const defaultCredentials: DfnsCredentials = {
+    credId: 'your-credential-id',
+    privateKey: 'your-private-key',
+    authToken: 'your-auth-token',
+}
+
+const config: DfnsConfig = {
+    orgId: 'your-dfns-org-id',
+    baseUrl: 'https://api.dfns.io', // Dfns API URL
+    defaultCredentials,
+    userCredentials: new Map(), // Optional per-user credentials
+}
+
+const driver = new DfnsSigningDriver(config)
+```
+
+### Features
+
+The driver supports the following operations:
+
+- **Key Management**:
+    - `createKey`: Creates a new Canton wallet in Dfns.
+    - `getKeys`: Retrieves a list of Canton wallets available in Dfns.
+- **Signing**:
+    - `signTransaction`: Signs a Canton transaction using a specified wallet.
+- **Transaction Monitoring**:
+    - `getTransaction`: Retrieves the status and details of a specific transaction.
+    - `getTransactions`: Retrieves a list of transactions based on transaction IDs or public keys.
+- **Configuration**:
+    - `getConfiguration`: Returns the current configuration (masking sensitive secrets).
+    - `setConfiguration`: Updates the driver's configuration at runtime.
+
+### Integration
+
+This driver is intended to be registered with the `SigningController` in the Wallet Gateway, which manages multiple signing providers.
+
+```typescript
+// Example integration (conceptual)
+import { SigningController } from '@canton-network/core-signing-internal' // or similar
+
+const signingController = new SigningController()
+signingController.registerDriver(driver)
+```
+
+## Configuration
+
+The driver accepts a `DfnsConfig` object:
+
+| Property             | Type                           | Required | Description                                                       |
+| :------------------- | :----------------------------- | :------- | :---------------------------------------------------------------- |
+| `orgId`              | `string`                       | Yes      | Your Dfns organization ID.                                        |
+| `baseUrl`            | `string`                       | Yes      | The base URL for the Dfns API (e.g., `https://api.dfns.io`).      |
+| `defaultCredentials` | `DfnsCredentials`              | No       | Default credentials used when no user-specific credentials exist. |
+| `userCredentials`    | `Map<string, DfnsCredentials>` | Yes      | Map of user IDs to their Dfns credentials.                        |
+| `userWallets`        | `Map<string, string>`          | No       | Map of user IDs to wallet IDs for transaction lookups.            |
+
+### DfnsCredentials
+
+Each credential object contains:
+
+| Property     | Type     | Description                                |
+| :----------- | :------- | :----------------------------------------- |
+| `credId`     | `string` | The Dfns credential ID.                    |
+| `privateKey` | `string` | The private key for signing API requests.  |
+| `authToken`  | `string` | The authentication token for the Dfns API. |
+
+### Wallet Gateway Configuration
+
+When running the Wallet Gateway (Remote), the Dfns signing driver is configured using the following environment variables:
+
+- `DFNS_ORG_ID`: Your Dfns organization ID.
+- `DFNS_BASE_URL`: The base URL for the Dfns API. Defaults to `https://api.dfns.io` if not set.
+- `DFNS_CRED_ID`: The default credential ID for Dfns API authentication.
+- `DFNS_PRIVATE_KEY`: The private key for signing Dfns API requests.
+- `DFNS_AUTH_TOKEN`: The authentication token for the Dfns API.
+
+Example usage:
+
+```bash
+DFNS_ORG_ID="your-org-id" \
+DFNS_BASE_URL="https://api.dfns.io" \
+DFNS_CRED_ID="your-cred-id" \
+DFNS_PRIVATE_KEY="your-private-key" \
+DFNS_AUTH_TOKEN="your-auth-token" \
+yarn start
+```
+
+## Canton Network Support
+
+The Dfns signing driver filters for Canton and CantonTestnet wallets only. Wallets must be:
+
+- Created in Dfns with network type `Canton` or `CantonTestnet`
+- In `Active` status with a valid address
+
+## License
+
+Apache-2.0
diff --git a/core/signing-dfns/jest.config.ts b/core/signing-dfns/jest.config.ts
@@ -0,0 +1,13 @@
+// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import type { Config } from 'jest'
+
+export default {
+    rootDir: 'src',
+    extensionsToTreatAsEsm: ['.ts'],
+    resolver: 'ts-jest-resolver',
+    transform: {
+        '^.+\\.(t|j)sx?$': '@swc/jest',
+    },
+} satisfies Config
diff --git a/core/signing-dfns/package.json b/core/signing-dfns/package.json
@@ -0,0 +1,58 @@
+{
+    "name": "@canton-network/core-signing-dfns",
+    "version": "0.1.0",
+    "type": "module",
+    "description": "Dfns signing driver for Canton Network Wallet Gateway",
+    "license": "Apache-2.0",
+    "packageManager": "yarn@4.9.4",
+    "main": "dist/index.cjs",
+    "module": "dist/index.js",
+    "types": "dist/index.d.ts",
+    "exports": {
+        ".": {
+            "types": "./dist/index.d.ts",
+            "import": "./dist/index.js",
+            "require": "./dist/index.cjs",
+            "default": "./dist/index.js"
+        }
+    },
+    "scripts": {
+        "build": "tsup && tsc -p tsconfig.types.json",
+        "dev": "tsup --watch --onSuccess \"tsc -p tsconfig.types.json\"",
+        "clean": "tsc -b --clean; rm -rf dist",
+        "flatpack": "yarn pack --out \"$FLATPACK_OUTDIR\"",
+        "test": "jest"
+    },
+    "dependencies": {
+        "@canton-network/core-signing-lib": "workspace:^",
+        "@canton-network/core-wallet-auth": "workspace:^",
+        "@dfns/sdk": "^0.8.9",
+        "@dfns/sdk-keysigner": "^0.8.9",
+        "lodash": "^4.17.21",
+        "pino": "^10.2.1",
+        "zod": "^4.3.5"
+    },
+    "devDependencies": {
+        "@jest/globals": "^30.2.0",
+        "@swc/core": "^1.15.10",
+        "@swc/jest": "^0.2.39",
+        "@types/jest": "^30.0.0",
+        "@types/lodash": "^4.17.16",
+        "@types/node": "^25.0.10",
+        "jest": "^30.2.0",
+        "ts-jest-resolver": "^2.0.1",
+        "tsup": "^8.5.1",
+        "typescript": "^5.9.3"
+    },
+    "files": [
+        "dist/**"
+    ],
+    "publishConfig": {
+        "access": "public"
+    },
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/hyperledger-labs/splice-wallet-kernel.git",
+        "directory": "core/signing-dfns"
+    }
+}