feat(sdk-core): implement EdDSA MPCv2 external signer orchestrator

Implement signEddsaMPCv2TssUsingExternalSigner in EddsaMPCv2Utils,
replacing the stub in baseTSSUtils. Also wire up the wallet.ts
dispatch block and private signTransactionTssExternalSignerEdDSAMPCv2
method so the calling code and implementation land together.

- EddsaMPCv2Utils.signEddsaMPCv2TssUsingExternalSigner: full 3-round
  orchestration using caller-supplied generator functions, pickBitgo-
  PubGpgKeyForSigning with isEddsaMpcv2=true, and armored BitGo GPG
  key passed to round 2/3 generators. Asserts signatureShares after
  round 2, mirrors ECDSA counterpart.
- wallet.ts: adds dispatch block for customEddsaMPCv2Signing* params
  before existing ECDSA MPCv2 block; adds private
  signTransactionTssExternalSignerEdDSAMPCv2 method.
- Unit tests: 5 cases covering happy path, string txRequestId
  resolution, missing round-2 signatureShares assert, message-signing
  rejection, and armored key delivery to generators.

Ticket: WCI-374

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Session-Id: 68742945-d54f-4fb6-a866-47a802ad253e
Task-Id: bb6a6972-cbe9-43f2-a9c3-74eefc045a44

Author: Marzooqa

modules/sdk-core/src/bitgo/utils/tss/eddsa/eddsaMPCv2.ts

@@ -26,7 +26,18 @@ import {
 } from '../../../tss/eddsa/eddsaMPCv2';
 import { generateGPGKeyPair } from '../../opengpgUtils';
 import { MPCv2PartiesEnum } from '../ecdsa/typesMPCv2';
-import { RequestType, SignatureShareType, TSSParamsForMessageWithPrv, TSSParamsWithPrv, TxRequest } from '../baseTypes';
+import {
+  CustomEddsaMPCv2SigningRound1GeneratingFunction,
+  CustomEddsaMPCv2SigningRound2GeneratingFunction,
+  CustomEddsaMPCv2SigningRound3GeneratingFunction,
+  RequestType,
+  SignatureShareType,
+  TSSParams,
+  TSSParamsForMessage,
+  TSSParamsForMessageWithPrv,
+  TSSParamsWithPrv,
+  TxRequest,
+} from '../baseTypes';
 import { BaseEddsaUtils } from './base';
 import { EddsaMPCv2KeyGenSendFn, KeyGenSenderForEnterprise } from './eddsaMPCv2KeyGenSender';
 
@@ -515,4 +526,104 @@ export class EddsaMPCv2Utils extends BaseEddsaUtils {
   }
 
   // #endregion
+
+  // #region external signer
+  /** @inheritdoc */
+  async signEddsaMPCv2TssUsingExternalSigner(
+    params: TSSParams | TSSParamsForMessage,
+    externalSignerEddsaMPCv2SigningRound1Generator: CustomEddsaMPCv2SigningRound1GeneratingFunction,
+    externalSignerEddsaMPCv2SigningRound2Generator: CustomEddsaMPCv2SigningRound2GeneratingFunction,
+    externalSignerEddsaMPCv2SigningRound3Generator: CustomEddsaMPCv2SigningRound3GeneratingFunction,
+    requestType: RequestType = RequestType.tx
+  ): Promise<TxRequest> {
+    const { txRequest, reqId } = params;
+
+    // TODO(WP-2176): Add support for message signing
+    assert(
+      requestType === RequestType.tx,
+      'Only transaction signing is supported for external signer, got: ' + requestType
+    );
+
+    let txRequestResolved: TxRequest;
+    if (typeof txRequest === 'string') {
+      txRequestResolved = await getTxRequest(this.bitgo, this.wallet.id(), txRequest, reqId);
+    } else {
+      txRequestResolved = txRequest;
+    }
+
+    const bitgoPublicGpgKey = await this.pickBitgoPubGpgKeyForSigning(
+      true,
+      reqId,
+      txRequestResolved.enterpriseId,
+      true
+    );
+
+    if (!bitgoPublicGpgKey) {
+      throw new Error('Missing BitGo GPG key for MPCv2');
+    }
+
+    // round 1
+    const { signatureShareRound1, userGpgPubKey, encryptedRound1Session, encryptedUserGpgPrvKey } =
+      await externalSignerEddsaMPCv2SigningRound1Generator({ txRequest: txRequestResolved });
+    const round1TxRequest = await sendSignatureShareV2(
+      this.bitgo,
+      txRequestResolved.walletId,
+      txRequestResolved.txRequestId,
+      [signatureShareRound1],
+      requestType,
+      this.baseCoin.getMPCAlgorithm(),
+      userGpgPubKey,
+      undefined,
+      this.wallet.multisigTypeVersion(),
+      reqId
+    );
+
+    // round 2
+    const { signatureShareRound2, encryptedRound2Session } =
+      await externalSignerEddsaMPCv2SigningRound2Generator({
+        txRequest: round1TxRequest,
+        encryptedRound1Session,
+        encryptedUserGpgPrvKey,
+        bitgoPublicGpgKey: bitgoPublicGpgKey.armor(),
+      });
+    const round2TxRequest = await sendSignatureShareV2(
+      this.bitgo,
+      txRequestResolved.walletId,
+      txRequestResolved.txRequestId,
+      [signatureShareRound2],
+      requestType,
+      this.baseCoin.getMPCAlgorithm(),
+      userGpgPubKey,
+      undefined,
+      this.wallet.multisigTypeVersion(),
+      reqId
+    );
+    assert(
+      round2TxRequest.transactions && round2TxRequest.transactions[0].signatureShares,
+      'Missing signature shares in round 2 txRequest'
+    );
+
+    // round 3
+    const { signatureShareRound3 } = await externalSignerEddsaMPCv2SigningRound3Generator({
+      txRequest: round2TxRequest,
+      encryptedRound2Session,
+      encryptedUserGpgPrvKey,
+      bitgoPublicGpgKey: bitgoPublicGpgKey.armor(),
+    });
+    await sendSignatureShareV2(
+      this.bitgo,
+      txRequestResolved.walletId,
+      txRequestResolved.txRequestId,
+      [signatureShareRound3],
+      requestType,
+      this.baseCoin.getMPCAlgorithm(),
+      userGpgPubKey,
+      undefined,
+      this.wallet.multisigTypeVersion(),
+      reqId
+    );
+
+    return sendTxRequest(this.bitgo, txRequestResolved.walletId, txRequestResolved.txRequestId, requestType, reqId);
+  }
+  // #endregion
 }

modules/sdk-core/src/bitgo/wallet/wallet.ts

@@ -2165,6 +2165,15 @@ export class Wallet implements IWallet {
       return this.signTransactionTssExternalSignerECDSA(this.baseCoin, params);
     }
 
+    if (
+      _.isFunction(params.customEddsaMPCv2SigningRound1GenerationFunction) &&
+      _.isFunction(params.customEddsaMPCv2SigningRound2GenerationFunction) &&
+      _.isFunction(params.customEddsaMPCv2SigningRound3GenerationFunction)
+    ) {
+      // invoke external signer TSS for EdDSA MPCv2 workflow
+      return this.signTransactionTssExternalSignerEdDSAMPCv2(this.baseCoin, params);
+    }
+
     if (
       _.isFunction(params.customMPCv2SigningRound1GenerationFunction) &&
       _.isFunction(params.customMPCv2SigningRound2GenerationFunction) &&
@@ -4335,6 +4344,59 @@ export class Wallet implements IWallet {
     }
   }
 
+  /**
+   * Signs a transaction from a TSS EdDSA MPCv2 wallet using external signer.
+   *
+   * @param params signing options
+   */
+  private async signTransactionTssExternalSignerEdDSAMPCv2(
+    coin: IBaseCoin,
+    params: WalletSignTransactionOptions = {}
+  ): Promise<TxRequest> {
+    let txRequestId = '';
+    if (params.txRequestId) {
+      txRequestId = params.txRequestId;
+    } else if (params.txPrebuild && params.txPrebuild.txRequestId) {
+      txRequestId = params.txPrebuild.txRequestId;
+    } else {
+      throw new Error('TxRequestId required to sign TSS transactions with External Signer.');
+    }
+
+    if (!params.customEddsaMPCv2SigningRound1GenerationFunction) {
+      throw new Error(
+        'Generator function for EdDSA MPCv2 Round 1 share required to sign transactions with External Signer.'
+      );
+    }
+
+    if (!params.customEddsaMPCv2SigningRound2GenerationFunction) {
+      throw new Error(
+        'Generator function for EdDSA MPCv2 Round 2 share required to sign transactions with External Signer.'
+      );
+    }
+
+    if (!params.customEddsaMPCv2SigningRound3GenerationFunction) {
+      throw new Error(
+        'Generator function for EdDSA MPCv2 Round 3 share required to sign transactions with External Signer.'
+      );
+    }
+
+    try {
+      assert(this.tssUtils, 'tssUtils must be defined');
+      const signedTxRequest = await this.tssUtils.signEddsaMPCv2TssUsingExternalSigner(
+        {
+          txRequest: txRequestId,
+          reqId: params.reqId || new RequestTracer(),
+        },
+        params.customEddsaMPCv2SigningRound1GenerationFunction,
+        params.customEddsaMPCv2SigningRound2GenerationFunction,
+        params.customEddsaMPCv2SigningRound3GenerationFunction
+      );
+      return signedTxRequest;
+    } catch (e) {
+      throw new Error('failed to sign transaction ' + e);
+    }
+  }
+
   /**
    * Signs a transaction from a TSS ECDSA wallet using external signer.
    *