From 44c7cf7ce09b35e758372b2e034d43d9462586ec Mon Sep 17 00:00:00 2001
From: Lokesh Chandra <lokeshchandra956@bitgo.com>
Date: Tue, 11 Nov 2025 17:14:01 +0530
Subject: [PATCH] feat(express): migrated generate tssshare to type route

Ticket: WP-5442
---
 modules/express/src/clientRoutes.ts           |  27 +-
 modules/express/src/typedRoutes/api/index.ts  |   4 +
 .../typedRoutes/api/v2/generateShareTSS.ts    | 599 +++++++++++
 .../test/unit/clientRoutes/externalSign.ts    | 205 +++-
 .../test/unit/typedRoutes/generateShareTSS.ts | 995 ++++++++++++++++++
 5 files changed, 1804 insertions(+), 26 deletions(-)
 create mode 100644 modules/express/src/typedRoutes/api/v2/generateShareTSS.ts
 create mode 100644 modules/express/test/unit/typedRoutes/generateShareTSS.ts

diff --git a/modules/express/src/clientRoutes.ts b/modules/express/src/clientRoutes.ts
index 81efff6bed..593f0e141d 100755
--- a/modules/express/src/clientRoutes.ts
+++ b/modules/express/src/clientRoutes.ts
@@ -413,7 +413,9 @@ function decryptPrivKey(bg: BitGo, encryptedPrivKey: string, walletPw: string):
   }
 }
 
-export async function handleV2GenerateShareTSS(req: express.Request): Promise<any> {
+export async function handleV2GenerateShareTSS(
+  req: ExpressApiRouteRequest<'express.v2.tssshare.generate', 'post'>
+): Promise<any> {
   const walletId = req.body.txRequest ? req.body.txRequest.walletId : req.body.tssParams.txRequest.walletId;
   if (!walletId) {
     throw new Error('Missing required field: walletId');
@@ -429,13 +431,13 @@ export async function handleV2GenerateShareTSS(req: express.Request): Promise<an
   const encryptedPrivKey = await getEncryptedPrivKey(signerFileSystemPath, walletId);
   const bitgo = req.bitgo;
   const privKey = decryptPrivKey(bitgo, encryptedPrivKey, walletPw);
-  const coin = bitgo.coin(req.params.coin);
+  const coin = bitgo.coin(req.decoded.coin);
   req.body.prv = privKey;
   req.body.walletPassphrase = walletPw;
   try {
     if (coin.getMPCAlgorithm() === MPCType.EDDSA) {
       const eddsaUtils = new EddsaUtils(bitgo, coin);
-      switch (req.params.sharetype) {
+      switch (req.decoded.sharetype) {
         case ShareType.Commitment:
           return await eddsaUtils.createCommitmentShareFromTxRequest(req.body);
         case ShareType.R:
@@ -444,7 +446,7 @@ export async function handleV2GenerateShareTSS(req: express.Request): Promise<an
           return await eddsaUtils.createGShareFromTxRequest(req.body);
         default:
           throw new Error(
-            `Share type ${req.params.sharetype} not supported, only commitment, G and R share generation is supported.`
+            `Share type ${req.decoded.sharetype} not supported, only commitment, G and R share generation is supported.`
           );
       }
     } else if (coin.getMPCAlgorithm() === MPCType.ECDSA) {
@@ -452,11 +454,11 @@ export async function handleV2GenerateShareTSS(req: express.Request): Promise<an
         ShareType.MPCv2Round1.toString(),
         ShareType.MPCv2Round2.toString(),
         ShareType.MPCv2Round3.toString(),
-      ].includes(req.params.sharetype);
+      ].includes(req.decoded.sharetype);
 
       if (isMPCv2) {
         const ecdsaMPCv2Utils = new EcdsaMPCv2Utils(bitgo, coin);
-        switch (req.params.sharetype) {
+        switch (req.decoded.sharetype) {
           case ShareType.MPCv2Round1:
             return await ecdsaMPCv2Utils.createOfflineRound1Share(req.body);
           case ShareType.MPCv2Round2:
@@ -465,12 +467,12 @@ export async function handleV2GenerateShareTSS(req: express.Request): Promise<an
             return await ecdsaMPCv2Utils.createOfflineRound3Share(req.body);
           default:
             throw new Error(
-              `Share type ${req.params.sharetype} not supported for MPCv2, only MPCv2Round1, MPCv2Round2 and MPCv2Round3 is supported.`
+              `Share type ${req.decoded.sharetype} not supported for MPCv2, only MPCv2Round1, MPCv2Round2 and MPCv2Round3 is supported.`
             );
         }
       } else {
         const ecdsaUtils = new EcdsaUtils(bitgo, coin);
-        switch (req.params.sharetype) {
+        switch (req.decoded.sharetype) {
           case ShareType.PaillierModulus:
             return ecdsaUtils.getOfflineSignerPaillierModulus(req.body);
           case ShareType.K:
@@ -481,7 +483,7 @@ export async function handleV2GenerateShareTSS(req: express.Request): Promise<an
             return await ecdsaUtils.createOfflineSShare(req.body);
           default:
             throw new Error(
-              `Share type ${req.params.sharetype} not supported, only PaillierModulus, K, MUDelta, and S share generation is supported.`
+              `Share type ${req.decoded.sharetype} not supported, only PaillierModulus, K, MUDelta, and S share generation is supported.`
             );
         }
       }
@@ -1736,12 +1738,7 @@ export function setupSigningRoutes(app: express.Application, config: Config): vo
   app.use(router);
 
   router.post('express.v2.coin.sign', [prepareBitGo(config), typedPromiseWrapper(handleV2Sign)]);
-  app.post(
-    '/api/v2/:coin/tssshare/:sharetype',
-    parseBody,
-    prepareBitGo(config),
-    promiseWrapper(handleV2GenerateShareTSS)
-  );
+  router.post('express.v2.tssshare.generate', [prepareBitGo(config), typedPromiseWrapper(handleV2GenerateShareTSS)]);
   router.post('express.v2.ofc.extSignPayload', [
     prepareBitGo(config),
     typedPromiseWrapper(handleV2OFCSignPayloadInExtSigningMode),
diff --git a/modules/express/src/typedRoutes/api/index.ts b/modules/express/src/typedRoutes/api/index.ts
index f834a375c2..96f79e6670 100644
--- a/modules/express/src/typedRoutes/api/index.ts
+++ b/modules/express/src/typedRoutes/api/index.ts
@@ -39,6 +39,7 @@ import { PostConsolidateUnspents } from './v2/consolidateunspents';
 import { PostPrebuildAndSignTransaction } from './v2/prebuildAndSignTransaction';
 import { PostCoinSign } from './v2/coinSign';
 import { PostSendCoins } from './v2/sendCoins';
+import { PostGenerateShareTSS } from './v2/generateShareTSS';
 import { PostOfcExtSignPayload } from './v2/ofcExtSignPayload';
 
 // Too large types can cause the following error
@@ -228,6 +229,9 @@ export const ExpressExternalSigningApiSpec = apiSpec({
   'express.v2.coin.sign': {
     post: PostCoinSign,
   },
+  'express.v2.tssshare.generate': {
+    post: PostGenerateShareTSS,
+  },
   'express.v2.ofc.extSignPayload': {
     post: PostOfcExtSignPayload,
   },
diff --git a/modules/express/src/typedRoutes/api/v2/generateShareTSS.ts b/modules/express/src/typedRoutes/api/v2/generateShareTSS.ts
new file mode 100644
index 0000000000..8580cc3c93
--- /dev/null
+++ b/modules/express/src/typedRoutes/api/v2/generateShareTSS.ts
@@ -0,0 +1,599 @@
+import * as t from 'io-ts';
+import { Json } from 'io-ts-types';
+import { httpRoute, httpRequest, optional } from '@api-ts/io-ts-http';
+import { BitgoExpressError } from '../../schemas/error';
+
+/**
+ * Request parameters for TSS share generation (external signer mode)
+ */
+export const GenerateShareTSSParams = {
+  /** The coin type (e.g., 'tbtc', 'gteth', etc.) */
+  coin: t.string,
+  /**
+   * The type of share to generate. Valid values depend on the MPC algorithm:
+   * - EDDSA: 'commitment', 'R', 'G'
+   * - ECDSA: 'PaillierModulus', 'K', 'MuDelta', 'S'
+   * - ECDSA MPCv2: 'MPCv2Round1', 'MPCv2Round2', 'MPCv2Round3'
+   */
+  sharetype: t.string,
+} as const;
+
+/**
+ * Serialized Ntilde structure (ECDSA challenge parameters)
+ * Based on: modules/sdk-lib-mpc/src/tss/ecdsa/types.ts:29-36
+ */
+const SerializedNtilde = t.type({
+  /** Ntilde value (hex string) */
+  ntilde: t.string,
+  /** H1 value (hex string) */
+  h1: t.string,
+  /** H2 value (hex string) */
+  h2: t.string,
+});
+
+/**
+ * Serialized Paillier Challenge structure
+ * Based on: modules/sdk-lib-mpc/src/tss/ecdsa/types.ts:120-129
+ */
+const SerializedPaillierChallenge = t.type({
+  /** Paillier challenge array */
+  p: t.array(t.string),
+});
+
+/**
+ * Serialized ECDSA Challenges (Ntilde + Paillier)
+ * Based on: modules/sdk-lib-mpc/src/tss/ecdsa/types.ts:54
+ */
+const SerializedEcdsaChallenges = t.intersection([SerializedNtilde, SerializedPaillierChallenge]);
+
+/**
+ * TxRequest Challenge Response (includes n field)
+ * Based on: modules/sdk-core/src/bitgo/tss/types.ts:11-13
+ */
+const TxRequestChallengeResponse = t.intersection([
+  SerializedEcdsaChallenges,
+  t.type({
+    /** N value for challenge */
+    n: t.string,
+  }),
+]);
+
+/**
+ * Range Proof Share structure for ECDSA
+ */
+const RangeProofShare = t.type({
+  z: t.string,
+  u: t.string,
+  w: t.string,
+  s: t.string,
+  s1: t.string,
+  s2: t.string,
+});
+
+/**
+ * Range Proof With Check Share structure for ECDSA
+ */
+const RangeProofWithCheckShare = t.type({
+  z: t.string,
+  zPrm: t.string,
+  t: t.string,
+  v: t.string,
+  w: t.string,
+  s: t.string,
+  s1: t.string,
+  s2: t.string,
+  t1: t.string,
+  t2: t.string,
+  u: t.string,
+  x: t.string,
+});
+
+/**
+ * A Share from BitGo (for ECDSA MuDelta share generation)
+ * Based on: modules/sdk-core/src/account-lib/mpc/tss/ecdsa/types.ts:151-163
+ */
+const AShare = t.intersection([
+  t.type({
+    /** Participant index */
+    i: t.number,
+    /** N value */
+    n: t.string,
+    /** K value */
+    k: t.string,
+    /** Alpha value */
+    alpha: t.string,
+    /** Mu value */
+    mu: t.string,
+    /** Ntilde value */
+    ntilde: t.string,
+    /** H1 value */
+    h1: t.string,
+    /** H2 value */
+    h2: t.string,
+  }),
+  t.partial({
+    /** Range proof (optional) */
+    proof: RangeProofShare,
+    /** Gamma proof (optional) */
+    gammaProof: RangeProofWithCheckShare,
+    /** W proof (optional) */
+    wProof: RangeProofWithCheckShare,
+  }),
+]);
+
+/**
+ * D Share from BitGo (for ECDSA S share generation)
+ * Based on: modules/sdk-core/src/account-lib/mpc/tss/ecdsa/types.ts:252-255
+ */
+const DShare = t.type({
+  /** Participant index */
+  i: t.number,
+  /** Delta value */
+  delta: t.string,
+  /** Gamma value */
+  Gamma: t.string,
+});
+
+/**
+ * RShare structure for EDDSA (individual R share)
+ * Based on: modules/sdk-core/src/account-lib/mpc/tss/eddsa/types.ts:57-65
+ */
+const RShareStructure = t.type({
+  /** Participant index i */
+  i: t.number,
+  /** Participant index j */
+  j: t.number,
+  /** U value (hex string) */
+  u: t.string,
+  /** V value (hex string) */
+  v: t.string,
+  /** r value (hex string) */
+  r: t.string,
+  /** R value (hex string) */
+  R: t.string,
+  /** Commitment value (hex string) */
+  commitment: t.string,
+});
+
+/**
+ * Request body for generating TSS shares in external signer mode
+ *
+ * This route is used when BitGo Express is configured with external signing.
+ * The handler extracts walletId from either txRequest or tssParams.txRequest,
+ * then retrieves and decrypts the private key from the filesystem.
+ *
+ * **Configuration Requirements:**
+ * - `signerFileSystemPath`: Path to JSON file containing encrypted private keys
+ * - Environment variable: `WALLET_{walletId}_PASSPHRASE` for each wallet
+ *
+ * **Request Body Structure:**
+ * The body can have either:
+ * - `txRequest` directly (TxRequest object)
+ * - `tssParams` containing `txRequest` (for more structured approach)
+ *
+ * Additional fields may be required depending on the share type and MPC algorithm.
+ *
+ * Reference: modules/express/src/clientRoutes.ts:416-495 (handleV2GenerateShareTSS)
+ */
+export const GenerateShareTSSBody = {
+  /** Transaction request object with unsigned transaction data and walletId (either this or tssParams required) */
+  txRequest: optional(Json),
+
+  /** TSS parameters containing transaction request and optional tracing/verification data */
+  tssParams: optional(
+    t.partial({
+      /** Transaction request as string ID or TransactionRequest object */
+      txRequest: t.union([t.string, Json]),
+      /** Request tracer ID for tracking and logging (hex string format) */
+      reqId: t.string,
+      /** API version for the TSS operation */
+      apiVersion: t.string,
+      /** Transaction parameters for verifying prebuild matches intent (includes recipients, fees, memo, etc. - varies by coin) */
+      txParams: Json,
+    })
+  ),
+
+  // ============ EDDSA R Share Generation Fields ============
+  /** Encrypted user-to-BitGo R share for EDDSA signing protocol */
+  encryptedUserToBitgoRShare: optional(
+    t.partial({
+      /** Source participant identifier */
+      from: t.string,
+      /** Destination participant identifier */
+      to: t.string,
+      /** Encrypted share data */
+      share: t.string,
+      /** Share type identifier */
+      type: t.string,
+    })
+  ),
+
+  // ============ EDDSA G Share Generation Fields ============
+  /** BitGo's R share sent to user for EDDSA G share generation */
+  bitgoToUserRShare: optional(
+    t.partial({
+      /** Source participant identifier */
+      from: t.string,
+      /** Destination participant identifier */
+      to: t.string,
+      /** Share data */
+      share: t.string,
+    })
+  ),
+  /** User's R share sent to BitGo containing cryptographic commitments for EDDSA G share generation */
+  userToBitgoRShare: optional(
+    t.partial({
+      /** Participant index in the signing protocol */
+      i: t.number,
+      /** Mapping of participant indices to their R share structures (commitment, u, v, r, R values) */
+      rShares: t.record(t.string, RShareStructure),
+    })
+  ),
+  /** BitGo's commitment share sent to user for EDDSA G share generation */
+  bitgoToUserCommitment: optional(
+    t.partial({
+      /** Source participant identifier */
+      from: t.string,
+      /** Destination participant identifier */
+      to: t.string,
+      /** Commitment share data */
+      share: t.string,
+      /** Share type identifier */
+      type: t.string,
+    })
+  ),
+  /** BitGo's GPG public key for encrypted communication during EDDSA commitment generation */
+  bitgoGpgPubKey: optional(t.string),
+
+  // ============ ECDSA K Share Generation Fields ============
+  /** Cryptographic challenges from enterprise and BitGo for ECDSA K share zero-knowledge proofs */
+  challenges: optional(
+    t.type({
+      /** Enterprise's serialized ECDSA challenges (ntilde, h1, h2) */
+      enterpriseChallenge: SerializedEcdsaChallenges,
+      /** BitGo's challenge response with additional n field for verification */
+      bitgoChallenge: TxRequestChallengeResponse,
+    })
+  ),
+  /** Type of signing request - 'tx' for transaction or 'message' for arbitrary message */
+  requestType: optional(t.string),
+
+  // ============ ECDSA MuDelta Share Generation Fields ============
+  /** A share from BitGo containing range proof and commitment data for ECDSA MuDelta generation */
+  aShareFromBitgo: optional(AShare),
+  /** BitGo's challenge response for MuDelta share verification with ntilde, h1, h2, and n fields */
+  bitgoChallenge: optional(TxRequestChallengeResponse),
+  /** Encrypted W share from previous round for ECDSA MuDelta computation */
+  encryptedWShare: optional(t.string),
+
+  // ============ ECDSA S Share Generation Fields ============
+  /** D share from BitGo containing final signature components for ECDSA S share generation */
+  dShareFromBitgo: optional(DShare),
+  /** Encrypted O share from MuDelta round for final ECDSA signature generation */
+  encryptedOShare: optional(t.string),
+
+  // ============ ECDSA MPCv2 Round2 Fields ============
+  /** BitGo's GPG public key for secure communication in MPCv2 Round2 */
+  bitgoPublicGpgKey: optional(t.string),
+  /** User's encrypted GPG private key from Round1 for decryption in Round2 and Round3 */
+  encryptedUserGpgPrvKey: optional(t.string),
+  /** Encrypted session state from MPCv2 Round1 for continuing to Round2 */
+  encryptedRound1Session: optional(t.string),
+
+  // ============ ECDSA MPCv2 Round3 Fields ============
+  /** Encrypted session state from MPCv2 Round2 for final signature generation in Round3 */
+  encryptedRound2Session: optional(t.string),
+
+  // ============ Message Signing Fields ============
+  /** Raw message string to be signed (used for arbitrary message signing) */
+  messageRaw: optional(t.string),
+  /** Hex-encoded message string ready for signing */
+  messageEncoded: optional(t.string),
+  /** Binary buffer to sign transmitted as {type: 'Buffer', data: number[]} for message signing operations */
+  bufferToSign: optional(
+    t.type({
+      /** Literal type identifier for Buffer serialization */
+      type: t.literal('Buffer'),
+      /** Array of byte values representing the buffer contents */
+      data: t.array(t.number),
+    })
+  ),
+
+  // ============ Auto-populated fields (added by handler) ============
+  // These fields are automatically added by the handler and should NOT be sent by the client:
+  // - prv: string (decrypted private key from filesystem)
+  // - walletPassphrase: string (from environment variable)
+} as const;
+
+/** Signature share record with participant routing and optional proofs */
+const SignatureShareRecord = t.type({
+  /** Source participant identifier */
+  from: t.string,
+  /** Destination participant identifier */
+  to: t.string,
+  /** Encrypted share data */
+  share: t.string,
+  /** VSS (Verifiable Secret Sharing) proof */
+  vssProof: optional(t.string),
+  /** Private share proof for verification */
+  privateShareProof: optional(t.string),
+  /** Public share component */
+  publicShare: optional(t.string),
+});
+
+/** Commitment share record for EDDSA signing protocol */
+const CommitmentShareRecord = t.type({
+  /** Source participant identifier */
+  from: t.string,
+  /** Destination participant identifier */
+  to: t.string,
+  /** Commitment or decommitment share data */
+  share: t.string,
+  /** Share type - 'commitment' or 'decommitment' */
+  type: t.string,
+});
+
+/** Encrypted signer share record with participant routing */
+const EncryptedSignerShareRecord = t.type({
+  /** Source participant identifier */
+  from: t.string,
+  /** Destination participant identifier */
+  to: t.string,
+  /** Encrypted share data */
+  share: t.string,
+  /** Share type identifier */
+  type: t.string,
+});
+
+/** EDDSA signing share containing R share commitments indexed by participant */
+const SignShare = t.type({
+  /** Participant index in signing protocol */
+  i: t.number,
+  /** Mapping of participant IDs to R share structures with cryptographic commitments */
+  rShares: t.record(t.string, RShareStructure),
+});
+
+/** EDDSA G share containing signature components (participant index, public values, and R point) */
+const GShare = t.type({
+  /** Participant index */
+  i: t.number,
+  /** Public key y coordinate */
+  y: t.string,
+  /** Gamma value for signature */
+  gamma: t.string,
+  /** R point for signature */
+  R: t.string,
+});
+
+/** ECDSA K share with Paillier encryption parameters and challenge responses */
+const KShare = t.type({
+  /** Paillier modulus */
+  n: t.string,
+  /** Encrypted k value */
+  k: t.string,
+  /** Alpha challenge response */
+  alpha: t.string,
+  /** Mu challenge response */
+  mu: t.string,
+  /** Encrypted w value */
+  w: t.string,
+});
+
+/** ECDSA W share containing intermediate signing values and challenge responses */
+const WShare = t.type({
+  /** Participant index */
+  i: t.number,
+  /** Lambda value */
+  l: t.string,
+  /** Mu value */
+  m: t.string,
+  /** Paillier modulus */
+  n: t.string,
+  /** Public key y coordinate */
+  y: t.string,
+  /** Encrypted k value */
+  k: t.string,
+  /** Encrypted w value */
+  w: t.string,
+  /** Gamma value */
+  gamma: t.string,
+});
+
+/** ECDSA MuDelta share with u and v components for multiplicative-to-additive share conversion */
+const MuDShare = t.type({
+  /** Participant index */
+  i: t.number,
+  /** U component */
+  u: t.string,
+  /** V component */
+  v: t.string,
+});
+
+/** ECDSA O share (Omicron) containing signature intermediate values */
+const OShare = t.type({
+  /** Participant index */
+  i: t.number,
+  /** Gamma value (lowercase) */
+  gamma: t.string,
+  /** Delta value */
+  delta: t.string,
+  /** Gamma point (uppercase) */
+  Gamma: t.string,
+  /** Encrypted k value */
+  k: t.string,
+  /** Encrypted w value */
+  w: t.string,
+  /** Omicron value */
+  omicron: t.string,
+});
+
+/** ECDSA S share containing final signature components (R point, s value, public key) */
+const SShare = t.type({
+  /** Participant index */
+  i: t.number,
+  /** R point of signature */
+  R: t.string,
+  /** S component of signature */
+  s: t.string,
+  /** Public key y coordinate */
+  y: t.string,
+});
+
+/** EDDSA Commitment share generation response with user commitment and encrypted shares */
+export const EddsaCommitmentShareResponse = t.type({
+  /** User's commitment share sent to BitGo */
+  userToBitgoCommitment: CommitmentShareRecord,
+  /** Encrypted user's signer share for storage */
+  encryptedSignerShare: EncryptedSignerShareRecord,
+  /** Encrypted R share for next round */
+  encryptedUserToBitgoRShare: EncryptedSignerShareRecord,
+});
+
+/** EDDSA R share generation response containing R shares for signature */
+export const EddsaRShareResponse = t.type({
+  /** R share containing participant index and share commitments */
+  rShare: SignShare,
+});
+
+/** EDDSA G share generation response with final signature share components */
+export const EddsaGShareResponse = GShare;
+
+/** ECDSA Paillier modulus response for encryption setup */
+export const EcdsaPaillierModulusResponse = t.type({
+  /** User's Paillier modulus for homomorphic encryption */
+  userPaillierModulus: t.string,
+});
+
+/** ECDSA K share generation response (Step 1) with encryption keys and challenge responses */
+export const EcdsaKShareResponse = t.type({
+  /** PGP-formatted private share proof for verification */
+  privateShareProof: t.string,
+  /** Verifiable Secret Sharing proof */
+  vssProof: optional(t.string),
+  /** User's GPG public key for secure communication */
+  userPublicGpgKey: t.string,
+  /** Public component of the K share */
+  publicShare: t.string,
+  /** Encrypted offset share for signer */
+  encryptedSignerOffsetShare: t.string,
+  /** K share with Paillier encryption parameters */
+  kShare: KShare,
+  /** W share as encrypted string or object with intermediate values */
+  wShare: t.union([t.string, WShare]),
+});
+
+/** ECDSA MuDelta share generation response (Step 2) with multiplicative-to-additive conversion */
+export const EcdsaMuDeltaShareResponse = t.type({
+  /** MuDelta share with u and v components */
+  muDShare: MuDShare,
+  /** O share (Omicron) as encrypted string or object with signature intermediates */
+  oShare: t.union([t.string, OShare]),
+});
+
+/** ECDSA S share generation response (Step 3) with final signature components */
+export const EcdsaSShareResponse = SShare;
+
+/** ECDSA MPCv2 Round 1 response with initial signature share and encrypted session state */
+export const EcdsaMPCv2Round1Response = t.type({
+  /** First round signature share for MPCv2 protocol */
+  signatureShareRound1: SignatureShareRecord,
+  /** User's GPG public key for Round 2 communication */
+  userGpgPubKey: t.string,
+  /** Encrypted session state to continue to Round 2 */
+  encryptedRound1Session: t.string,
+  /** Encrypted user GPG private key for Round 2 and 3 */
+  encryptedUserGpgPrvKey: t.string,
+});
+
+/** ECDSA MPCv2 Round 2 response with second signature share and session state */
+export const EcdsaMPCv2Round2Response = t.type({
+  /** Second round signature share for MPCv2 protocol */
+  signatureShareRound2: SignatureShareRecord,
+  /** Encrypted session state to continue to Round 3 */
+  encryptedRound2Session: t.string,
+});
+
+/** ECDSA MPCv2 Round 3 response with final signature share */
+export const EcdsaMPCv2Round3Response = t.type({
+  /** Signature share for round 3 (final signature) */
+  signatureShareRound3: SignatureShareRecord,
+});
+
+/** Union of all TSS share responses - EDDSA (Commitment/R/G), ECDSA (PaillierModulus/K/MuDelta/S), or MPCv2 (Round1/2/3) */
+export const GenerateShareTSSResponse = {
+  /** Successfully generated TSS share (type depends on MPC algorithm and sharetype parameter) */
+  200: t.union([
+    EddsaCommitmentShareResponse, // EDDSA Commitment
+    EddsaRShareResponse, // EDDSA R
+    EddsaGShareResponse, // EDDSA G
+    EcdsaPaillierModulusResponse, // ECDSA PaillierModulus
+    EcdsaKShareResponse, // ECDSA K
+    EcdsaMuDeltaShareResponse, // ECDSA MuDelta
+    EcdsaSShareResponse, // ECDSA S
+    EcdsaMPCv2Round1Response, // ECDSA MPCv2 Round 1
+    EcdsaMPCv2Round2Response, // ECDSA MPCv2 Round 2
+    EcdsaMPCv2Round3Response, // ECDSA MPCv2 Round 3
+  ]),
+  /** Invalid request parameters, missing configuration, or share generation validation failure */
+  400: BitgoExpressError,
+  /** Internal server error during cryptographic operations or filesystem access */
+  500: BitgoExpressError,
+};
+
+/**
+ * Generate TSS share for multi-party signing (external signer mode)
+ *
+ * This endpoint is used when BitGo Express is configured with external signing
+ * (signerFileSystemPath config is set) for TSS (Threshold Signature Scheme) wallets.
+ *
+ * **Process Flow:**
+ * 1. Extracts walletId from either txRequest or tssParams.txRequest
+ * 2. Retrieves wallet passphrase from environment variable WALLET_{walletId}_PASSPHRASE
+ * 3. Reads encrypted private key from filesystem (signerFileSystemPath)
+ * 4. Decrypts the private key using the wallet passphrase
+ * 5. Generates the appropriate TSS share based on:
+ *    - Coin's MPC algorithm (EDDSA or ECDSA)
+ *    - Share type parameter (commitment, R, G, K, MuDelta, S, etc.)
+ *
+ * **Configuration Requirements:**
+ * - `signerFileSystemPath`: Path to JSON file containing encrypted private keys
+ * - Environment variable: `WALLET_{walletId}_PASSPHRASE` for each wallet
+ *
+ * **Supported Share Types:**
+ *
+ * *EDDSA (EdDSA algorithm - e.g., Solana, Sui):*
+ * - `commitment`: Generate commitment share (first step)
+ * - `R`: Generate R share (second step)
+ * - `G`: Generate G share (final step)
+ *
+ * *ECDSA (ECDSA algorithm - e.g., Bitcoin, Ethereum):*
+ * - `PaillierModulus`: Retrieve Paillier modulus from user's key
+ * - `K`: Generate K share (step 1)
+ * - `MuDelta`: Generate MuDelta share (step 2)
+ * - `S`: Generate S share (step 3, final signature)
+ *
+ * *ECDSA MPCv2 (Enhanced ECDSA with DKLS):*
+ * - `MPCv2Round1`: Generate round 1 signature share
+ * - `MPCv2Round2`: Generate round 2 signature share
+ * - `MPCv2Round3`: Generate round 3 signature share (final)
+ *
+ * **Error Cases:**
+ * - Missing walletId in request
+ * - Missing signerFileSystemPath configuration
+ * - Missing wallet passphrase in environment
+ * - Invalid or corrupted encrypted private key
+ * - Unsupported MPC algorithm or share type
+ * - Cryptographic operation failures
+ *
+ * @tag express
+ * @operationId express.v2.tssshare.generate
+ */
+export const PostGenerateShareTSS = httpRoute({
+  path: '/api/v2/{coin}/tssshare/{sharetype}',
+  method: 'POST',
+  request: httpRequest({
+    params: GenerateShareTSSParams,
+    body: GenerateShareTSSBody,
+  }),
+  response: GenerateShareTSSResponse,
+});
diff --git a/modules/express/test/unit/clientRoutes/externalSign.ts b/modules/express/test/unit/clientRoutes/externalSign.ts
index 5c343c7097..9cbc2b18c2 100644
--- a/modules/express/test/unit/clientRoutes/externalSign.ts
+++ b/modules/express/test/unit/clientRoutes/externalSign.ts
@@ -37,7 +37,6 @@ import {
 import * as assert from 'assert';
 import nock from 'nock';
 import * as fs from 'fs';
-import * as express from 'express';
 
 import 'should-http';
 import 'should-sinon';
@@ -46,6 +45,7 @@ import '../../lib/asserts';
 import { handleV2GenerateShareTSS, handleV2Sign } from '../../../src/clientRoutes';
 import { fetchKeys } from '../../../src/fetchEncryptedPrivKeys';
 import { mockChallengeA, mockChallengeB } from './mocks/ecdsaNtilde';
+import { ExpressApiRouteRequest } from '../../../src/typedRoutes/api';
 import { Coin, BitGo, SignedTransaction } from 'bitgo';
 import { keyShareOneEcdsa, keyShareTwoEcdsa, keyShareThreeEcdsa } from './mocks/keyShares';
 import { bitgoGpgKey } from './mocks/gpgKeys';
@@ -188,6 +188,22 @@ describe('External signer', () => {
           ],
         },
       },
+      decoded: {
+        coin: 'tbsc',
+        sharetype: 'PaillierModulus',
+        txRequest: {
+          apiVersion: 'full',
+          walletId: walletID,
+          transactions: [
+            {
+              unsignedTx: {
+                derivationPath,
+                signableHex: tMessage,
+              },
+            },
+          ],
+        },
+      },
       params: {
         coin: 'tbsc',
         sharetype: 'PaillierModulus',
@@ -195,7 +211,7 @@ describe('External signer', () => {
       config: {
         signerFileSystemPath: 'signerFileSystemPath',
       },
-    } as unknown as express.Request;
+    } as unknown as ExpressApiRouteRequest<'express.v2.tssshare.generate', 'post'>;
     const paillierResult = await handleV2GenerateShareTSS(reqPaillierModulus);
     paillierResult.should.have.property('userPaillierModulus');
     const userPaillierModulus = paillierResult.userPaillierModulus;
@@ -237,6 +253,40 @@ describe('External signer', () => {
         },
         requestType: 0,
       },
+      decoded: {
+        coin: 'tbsc',
+        sharetype: 'K',
+        tssParams: {
+          txRequest: {
+            apiVersion: 'full',
+            walletId: walletID,
+            transactions: [
+              {
+                unsignedTx: {
+                  derivationPath,
+                  signableHex: tMessage,
+                },
+              },
+            ],
+          },
+        },
+        challenges: {
+          enterpriseChallenge: {
+            ntilde: userChallenge.ntilde,
+            h1: userChallenge.h1,
+            h2: userChallenge.h2,
+            p: EcdsaTypes.serializePaillierChallenge({ p: userToBitgoPaillierChallenge }).p,
+          },
+          bitgoChallenge: {
+            ntilde: bitgoChallenge.ntilde,
+            h1: bitgoChallenge.h1,
+            h2: bitgoChallenge.h2,
+            p: EcdsaTypes.serializePaillierChallenge({ p: bitgoToUserPaillierChallenge }).p,
+            n: bitgo.pShare.n,
+          },
+        },
+        requestType: 0,
+      },
       params: {
         coin: 'tbsc',
         sharetype: 'K',
@@ -244,7 +294,7 @@ describe('External signer', () => {
       config: {
         signerFileSystemPath: 'signerFileSystemPath',
       },
-    } as unknown as express.Request;
+    } as unknown as ExpressApiRouteRequest<'express.v2.tssshare.generate', 'post'>;
     const kResult = await handleV2GenerateShareTSS(reqK);
     kResult.should.have.property('kShare');
     kResult.should.have.property('wShare');
@@ -282,6 +332,31 @@ describe('External signer', () => {
         },
         encryptedWShare: kResult.wShare,
       },
+      decoded: {
+        coin: 'tbsc',
+        sharetype: 'MuDelta',
+        txRequest: {
+          apiVersion: 'full',
+          walletId: walletID,
+          transactions: [
+            {
+              unsignedTx: {
+                derivationPath,
+                signableHex: tMessage,
+              },
+            },
+          ],
+        },
+        aShareFromBitgo: aShareFromBitgo.aShare,
+        bitgoChallenge: {
+          ntilde: bitgoChallenge.ntilde,
+          h1: bitgoChallenge.h1,
+          h2: bitgoChallenge.h2,
+          p: EcdsaTypes.serializePaillierChallenge({ p: bitgoToUserPaillierChallenge }).p,
+          n: bitgo.pShare.n,
+        },
+        encryptedWShare: kResult.wShare,
+      },
       params: {
         coin: 'tbsc',
         sharetype: 'MuDelta',
@@ -289,7 +364,7 @@ describe('External signer', () => {
       config: {
         signerFileSystemPath: 'signerFileSystemPath',
       },
-    } as unknown as express.Request;
+    } as unknown as ExpressApiRouteRequest<'express.v2.tssshare.generate', 'post'>;
     const muDeltaResult = await handleV2GenerateShareTSS(reqMuDelta);
     muDeltaResult.should.have.property('muDShare');
     muDeltaResult.should.have.property('oShare');
@@ -325,6 +400,27 @@ describe('External signer', () => {
         requestType: 0,
         encryptedOShare: muDeltaResult.oShare,
       },
+      decoded: {
+        coin: 'tbsc',
+        sharetype: 'S',
+        tssParams: {
+          txRequest: {
+            apiVersion: 'full',
+            walletId: walletID,
+            transactions: [
+              {
+                unsignedTx: {
+                  derivationPath,
+                  signableHex: tMessage,
+                },
+              },
+            ],
+          },
+        },
+        dShareFromBitgo: bitgoDShare.dShare,
+        requestType: 0,
+        encryptedOShare: muDeltaResult.oShare,
+      },
       params: {
         coin: 'tbsc',
         sharetype: 'S',
@@ -332,7 +428,7 @@ describe('External signer', () => {
       config: {
         signerFileSystemPath: 'signerFileSystemPath',
       },
-    } as unknown as express.Request;
+    } as unknown as ExpressApiRouteRequest<'express.v2.tssshare.generate', 'post'>;
     const sResult = await handleV2GenerateShareTSS(reqS);
     sResult.should.have.property('R');
     sResult.should.have.property('s');
@@ -389,6 +485,23 @@ describe('External signer', () => {
           ],
         },
       },
+      decoded: {
+        coin: 'tsol',
+        sharetype: 'commitment',
+        bitgoGpgPubKey: bitgoGpgKey.public,
+        txRequest: {
+          apiVersion: 'full',
+          walletId: walletID,
+          transactions: [
+            {
+              unsignedTx: {
+                derivationPath,
+                signableHex: tMessage,
+              },
+            },
+          ],
+        },
+      },
       params: {
         coin: 'tsol',
         sharetype: 'commitment',
@@ -396,7 +509,7 @@ describe('External signer', () => {
       config: {
         signerFileSystemPath: 'signerFileSystemPath',
       },
-    } as unknown as express.Request;
+    } as unknown as ExpressApiRouteRequest<'express.v2.tssshare.generate', 'post'>;
     const cResult = await handleV2GenerateShareTSS(reqCommitment);
     cResult.should.have.property('userToBitgoCommitment');
     cResult.should.have.property('encryptedSignerShare');
@@ -419,6 +532,23 @@ describe('External signer', () => {
         },
         encryptedUserToBitgoRShare,
       },
+      decoded: {
+        coin: 'tsol',
+        sharetype: 'R',
+        txRequest: {
+          apiVersion: 'full',
+          walletId: walletID,
+          transactions: [
+            {
+              unsignedTx: {
+                derivationPath,
+                signableHex: tMessage,
+              },
+            },
+          ],
+        },
+        encryptedUserToBitgoRShare,
+      },
       params: {
         coin: 'tsol',
         sharetype: 'R',
@@ -426,7 +556,7 @@ describe('External signer', () => {
       config: {
         signerFileSystemPath: 'signerFileSystemPath',
       },
-    } as unknown as express.Request;
+    } as unknown as ExpressApiRouteRequest<'express.v2.tssshare.generate', 'post'>;
     const rResult = await handleV2GenerateShareTSS(reqR);
     rResult.should.have.property('rShare');
 
@@ -470,6 +600,25 @@ describe('External signer', () => {
         bitgoToUserRShare: signatureShareRec,
         bitgoToUserCommitment: bitgoToUserCommitmentShare,
       },
+      decoded: {
+        coin: 'tsol',
+        sharetype: 'G',
+        txRequest: {
+          apiVersion: 'full',
+          walletId: walletID,
+          transactions: [
+            {
+              unsignedTx: {
+                derivationPath,
+                signableHex: tMessage,
+              },
+            },
+          ],
+        },
+        userToBitgoRShare: rResult.rShare,
+        bitgoToUserRShare: signatureShareRec,
+        bitgoToUserCommitment: bitgoToUserCommitmentShare,
+      },
       params: {
         coin: 'tsol',
         sharetype: 'G',
@@ -477,7 +626,7 @@ describe('External signer', () => {
       config: {
         signerFileSystemPath: 'signerFileSystemPath',
       },
-    } as unknown as express.Request;
+    } as unknown as ExpressApiRouteRequest<'express.v2.tssshare.generate', 'post'>;
     const userGShare = await handleV2GenerateShareTSS(reqG);
     userGShare.should.have.property('i');
     userGShare.should.have.property('y');
@@ -541,6 +690,24 @@ describe('External signer', () => {
           ],
         },
       },
+      decoded: {
+        coin: 'hteth',
+        sharetype: 'MPCv2Round1',
+        txRequest: {
+          txRequestId: '123456',
+          apiVersion: 'full',
+          walletId: walletID,
+          transactions: [
+            {
+              unsignedTx: {
+                derivationPath,
+                signableHex: tMessage,
+              },
+              signatureShares: [],
+            },
+          ],
+        },
+      },
       params: {
         coin: 'hteth',
         sharetype: 'MPCv2Round1',
@@ -548,7 +715,7 @@ describe('External signer', () => {
       config: {
         signerFileSystemPath: 'signerFileSystemPath',
       },
-    } as unknown as express.Request;
+    } as unknown as ExpressApiRouteRequest<'express.v2.tssshare.generate', 'post'>;
     const round1Result = await handleV2GenerateShareTSS(reqMPCv2Round1);
     round1Result.should.have.property('signatureShareRound1');
     round1Result.should.have.property('userGpgPubKey');
@@ -581,6 +748,14 @@ describe('External signer', () => {
         encryptedUserGpgPrvKey: round1Result.encryptedUserGpgPrvKey,
         bitgoPublicGpgKey: bitgoGpgKey.public,
       },
+      decoded: {
+        coin: 'hteth',
+        sharetype: 'MPCv2Round2',
+        txRequest: txRequestRound1,
+        encryptedRound1Session: round1Result.encryptedRound1Session,
+        encryptedUserGpgPrvKey: round1Result.encryptedUserGpgPrvKey,
+        bitgoPublicGpgKey: bitgoGpgKey.public,
+      },
       params: {
         coin: 'hteth',
         sharetype: 'MPCv2Round2',
@@ -588,7 +763,7 @@ describe('External signer', () => {
       config: {
         signerFileSystemPath: 'signerFileSystemPath',
       },
-    } as unknown as express.Request;
+    } as unknown as ExpressApiRouteRequest<'express.v2.tssshare.generate', 'post'>;
     const round2Result = await handleV2GenerateShareTSS(reqMPCv2Round2);
     round2Result.should.have.property('signatureShareRound2');
     round2Result.should.have.property('encryptedRound2Session');
@@ -615,6 +790,14 @@ describe('External signer', () => {
         encryptedUserGpgPrvKey: round1Result.encryptedUserGpgPrvKey,
         bitgoPublicGpgKey: bitgoGpgKey.public,
       },
+      decoded: {
+        coin: 'hteth',
+        sharetype: 'MPCv2Round3',
+        txRequest: txRequestRound2,
+        encryptedRound2Session: round2Result.encryptedRound2Session,
+        encryptedUserGpgPrvKey: round1Result.encryptedUserGpgPrvKey,
+        bitgoPublicGpgKey: bitgoGpgKey.public,
+      },
       params: {
         coin: 'hteth',
         sharetype: 'MPCv2Round3',
@@ -622,7 +805,7 @@ describe('External signer', () => {
       config: {
         signerFileSystemPath: 'signerFileSystemPath',
       },
-    } as unknown as express.Request;
+    } as unknown as ExpressApiRouteRequest<'express.v2.tssshare.generate', 'post'>;
     const round3Result = await handleV2GenerateShareTSS(reqMPCv2Round3);
     round3Result.should.have.property('signatureShareRound3');
 
diff --git a/modules/express/test/unit/typedRoutes/generateShareTSS.ts b/modules/express/test/unit/typedRoutes/generateShareTSS.ts
new file mode 100644
index 0000000000..ff0c869ea4
--- /dev/null
+++ b/modules/express/test/unit/typedRoutes/generateShareTSS.ts
@@ -0,0 +1,995 @@
+import * as assert from 'assert';
+import * as t from 'io-ts';
+import {
+  GenerateShareTSSParams,
+  GenerateShareTSSBody,
+  EddsaCommitmentShareResponse,
+  EddsaRShareResponse,
+  EddsaGShareResponse,
+  EcdsaPaillierModulusResponse,
+  EcdsaKShareResponse,
+  EcdsaMuDeltaShareResponse,
+  EcdsaSShareResponse,
+  EcdsaMPCv2Round1Response,
+  EcdsaMPCv2Round2Response,
+  EcdsaMPCv2Round3Response,
+} from '../../../src/typedRoutes/api/v2/generateShareTSS';
+import { assertDecode } from './common';
+import 'should';
+import 'should-http';
+import 'should-sinon';
+import * as sinon from 'sinon';
+import { BitGo } from 'bitgo';
+import { EddsaUtils, EcdsaUtils } from '@bitgo/sdk-core';
+import { promises as fs } from 'fs';
+import * as fsSync from 'fs';
+import { setupAgent } from '../../lib/testutil';
+
+describe('GenerateShareTSS codec tests (External Signer Mode)', function () {
+  describe('generateShareTSS', function () {
+    const coin = 'tsol'; // Solana testnet (EDDSA)
+    const ecdsaCoin = 'tbtc'; // Bitcoin testnet (ECDSA)
+    const walletId = '5a1341e7c8421dc90710673b3166bbd5';
+    const encryptedPrivKey =
+      'xprv9s21ZrQH143K3D8TXfvAJgHVfTEeQNW5Ys9wZtnUZkqPzFzSjbEJrWC1vZ4GnXCvR7rQL2UFX3RSuYeU9MrERm1XBvACow7c36vnz5iYyj2:encrypted';
+    const decryptedPrivKey =
+      'xprv9s21ZrQH143K3D8TXfvAJgHVfTEeQNW5Ys9wZtnUZkqPzFzSjbEJrWC1vZ4GnXCvR7rQL2UFX3RSuYeU9MrERm1XBvACow7c36vnz5iYyj2';
+    const walletPassphrase = 'test_wallet_passphrase';
+    const path = require('path');
+    const signerFilePath = path.join(__dirname, '../../../encryptedPrivKeys.json');
+
+    let fsReadFileStub: sinon.SinonStub;
+    let agent: ReturnType<typeof setupAgent>;
+    let originalFileContent: string;
+
+    // Mock encrypted private keys JSON content
+    const mockSignerFileContent = JSON.stringify({
+      [walletId]: encryptedPrivKey,
+    });
+
+    // Setup the express app with signer mode before all tests
+    before(function () {
+      // Save the original content of encryptedPrivKeys.json
+      try {
+        originalFileContent = fsSync.readFileSync(signerFilePath, 'utf8');
+      } catch (e) {
+        originalFileContent = '{}';
+      }
+
+      // Temporarily write mock data to the existing file
+      fsSync.writeFileSync(signerFilePath, mockSignerFileContent);
+
+      // Create agent with signerMode enabled for external signing
+      agent = setupAgent({
+        signerMode: true,
+        signerFileSystemPath: signerFilePath,
+      });
+    });
+
+    // Restore the original file content after all tests
+    after(function () {
+      // Restore original content
+      fsSync.writeFileSync(signerFilePath, originalFileContent);
+    });
+
+    beforeEach(function () {
+      // Setup environment variable for wallet passphrase
+      process.env[`WALLET_${walletId}_PASSPHRASE`] = walletPassphrase;
+    });
+
+    afterEach(function () {
+      // Restore ALL sinon stubs to prevent conflicts between tests
+      sinon.restore();
+      // Clean up environment variables
+      delete process.env[`WALLET_${walletId}_PASSPHRASE`];
+    });
+
+    describe('Request Parameter Codec Validation', function () {
+      it('should validate params with coin and sharetype', function () {
+        const validParams = {
+          coin: 'tbtc',
+          sharetype: 'commitment',
+        };
+        const decoded = assertDecode(t.type(GenerateShareTSSParams), validParams);
+        assert.strictEqual(decoded.coin, 'tbtc');
+        assert.strictEqual(decoded.sharetype, 'commitment');
+      });
+
+      it('should fail validation when coin is missing', function () {
+        const invalidParams = {
+          sharetype: 'commitment',
+        };
+        assert.throws(() => {
+          assertDecode(t.type(GenerateShareTSSParams), invalidParams);
+        });
+      });
+
+      it('should fail validation when sharetype is missing', function () {
+        const invalidParams = {
+          coin: 'tbtc',
+        };
+        assert.throws(() => {
+          assertDecode(t.type(GenerateShareTSSParams), invalidParams);
+        });
+      });
+    });
+
+    describe('Request Body Codec Validation', function () {
+      it('should validate body with txRequest', function () {
+        const validBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: walletId,
+            version: 1,
+            state: 'initialized',
+            date: '2023-01-01T00:00:00.000Z',
+            userId: 'user123',
+            intent: {},
+            policiesChecked: true,
+            unsignedTxs: [],
+            latest: true,
+          },
+        };
+        const decoded = assertDecode(t.partial(GenerateShareTSSBody), validBody);
+        assert.ok(decoded.txRequest);
+      });
+
+      it('should validate body with tssParams', function () {
+        const validBody = {
+          tssParams: {
+            txRequest: 'tx-request-id-string',
+            reqId: 'abc123-0001',
+            apiVersion: 'lite',
+            txParams: {
+              recipients: [{ address: '0x123', amount: 1000 }],
+            },
+          },
+        };
+        const decoded = assertDecode(t.partial(GenerateShareTSSBody), validBody);
+        assert.ok(decoded.tssParams);
+        assert.ok(decoded.tssParams.txRequest);
+      });
+
+      it('should validate body with EDDSA fields', function () {
+        const validBody = {
+          txRequest: {
+            walletId: walletId,
+            unsignedTxs: [],
+            latest: true,
+          },
+          bitgoGpgPubKey: 'bitgo-gpg-public-key',
+        };
+        const decoded = assertDecode(t.partial(GenerateShareTSSBody), validBody);
+        assert.ok(decoded.bitgoGpgPubKey);
+      });
+
+      it('should validate body with ECDSA K share fields', function () {
+        const validBody = {
+          tssParams: {
+            txRequest: { walletId: walletId, unsignedTxs: [], latest: true },
+          },
+          challenges: {
+            enterpriseChallenge: {
+              ntilde: 'ntilde-value',
+              h1: 'h1-value',
+              h2: 'h2-value',
+              p: ['p-value-1', 'p-value-2'],
+            },
+            bitgoChallenge: {
+              ntilde: 'bitgo-ntilde',
+              h1: 'bitgo-h1',
+              h2: 'bitgo-h2',
+              p: ['p-value-1', 'p-value-2'],
+              n: 'n-value',
+            },
+          },
+          requestType: 'tx',
+        };
+        const decoded = assertDecode(t.partial(GenerateShareTSSBody), validBody);
+        assert.ok(decoded.challenges);
+        assert.strictEqual(decoded.requestType, 'tx');
+      });
+    });
+
+    describe('Response Codec Validation', function () {
+      it('should validate EDDSA Commitment share response', function () {
+        const validResponse = {
+          userToBitgoCommitment: {
+            from: 'user',
+            to: 'bitgo',
+            share: 'commitment-data',
+            type: 'commitment',
+          },
+          encryptedSignerShare: {
+            from: 'user',
+            to: 'bitgo',
+            share: 'signer-share',
+            type: 'encryptedSignerShare',
+          },
+          encryptedUserToBitgoRShare: {
+            from: 'user',
+            to: 'bitgo',
+            share: 'r-share',
+            type: 'encryptedRShare',
+          },
+        };
+        const decoded = assertDecode(EddsaCommitmentShareResponse, validResponse);
+        assert.strictEqual(decoded.userToBitgoCommitment.from, 'user');
+        assert.strictEqual(decoded.encryptedSignerShare.type, 'encryptedSignerShare');
+      });
+
+      it('should validate EDDSA R share response', function () {
+        const validResponse = {
+          rShare: {
+            i: 1,
+            rShares: {
+              2: {
+                i: 1,
+                j: 2,
+                u: 'u-value',
+                v: 'v-value',
+                r: 'r-value',
+                R: 'R-value',
+                commitment: 'commitment-value',
+              },
+            },
+          },
+        };
+        const decoded = assertDecode(EddsaRShareResponse, validResponse);
+        assert.strictEqual(decoded.rShare.i, 1);
+        assert.ok(decoded.rShare.rShares);
+      });
+
+      it('should validate EDDSA G share response', function () {
+        const validResponse = {
+          i: 1,
+          y: 'y-coordinate-value',
+          gamma: 'gamma-value',
+          R: 'R-point-value',
+        };
+        const decoded = assertDecode(EddsaGShareResponse, validResponse);
+        assert.strictEqual(decoded.i, 1);
+        assert.strictEqual(decoded.y, 'y-coordinate-value');
+        assert.strictEqual(decoded.gamma, 'gamma-value');
+        assert.strictEqual(decoded.R, 'R-point-value');
+      });
+
+      it('should validate ECDSA Paillier Modulus response', function () {
+        const validResponse = {
+          userPaillierModulus: '0x123456789abcdef...',
+        };
+        const decoded = assertDecode(EcdsaPaillierModulusResponse, validResponse);
+        assert.strictEqual(decoded.userPaillierModulus, validResponse.userPaillierModulus);
+      });
+
+      it('should validate ECDSA K share response', function () {
+        const validResponse = {
+          privateShareProof: 'proof-data',
+          userPublicGpgKey: 'gpg-key',
+          publicShare: 'public-share',
+          encryptedSignerOffsetShare: 'offset-share',
+          kShare: {
+            n: 'paillier-n',
+            k: 'k-value',
+            alpha: 'alpha',
+            mu: 'mu',
+            w: 'w-value',
+          },
+          wShare: 'encrypted-w-share-string',
+        };
+        const decoded = assertDecode(EcdsaKShareResponse, validResponse);
+        assert.strictEqual(decoded.kShare.n, 'paillier-n');
+        assert.strictEqual(typeof decoded.wShare, 'string');
+      });
+
+      it('should validate ECDSA MuDelta share response', function () {
+        const validResponse = {
+          muDShare: {
+            i: 1,
+            u: 'u-value',
+            v: 'v-value',
+          },
+          oShare: {
+            i: 1,
+            gamma: 'gamma-value',
+            delta: 'delta-value',
+            Gamma: 'Gamma-value',
+            k: 'k-value',
+            w: 'w-value',
+            omicron: 'omicron-value',
+          },
+        };
+        const decoded = assertDecode(EcdsaMuDeltaShareResponse, validResponse);
+        assert.strictEqual(decoded.muDShare.i, 1);
+        assert.strictEqual(decoded.muDShare.u, 'u-value');
+        assert.strictEqual(decoded.muDShare.v, 'v-value');
+      });
+
+      it('should validate ECDSA S share response', function () {
+        const validResponse = {
+          i: 1,
+          y: 'y-value',
+          R: 'R-value',
+          s: 's-signature-value',
+        };
+        const decoded = assertDecode(EcdsaSShareResponse, validResponse);
+        assert.strictEqual(decoded.i, 1);
+        assert.strictEqual(decoded.y, 'y-value');
+        assert.strictEqual(decoded.R, 'R-value');
+        assert.strictEqual(decoded.s, 's-signature-value');
+      });
+
+      it('should validate MPCv2 Round1 response', function () {
+        const validResponse = {
+          signatureShareRound1: {
+            from: 'user',
+            to: 'bitgo',
+            share: 'round1-share',
+          },
+          userGpgPubKey: 'user-gpg-key',
+          encryptedRound1Session: 'session1',
+          encryptedUserGpgPrvKey: 'gpg-prv',
+        };
+        const decoded = assertDecode(EcdsaMPCv2Round1Response, validResponse);
+        assert.strictEqual(decoded.signatureShareRound1.from, 'user');
+        assert.strictEqual(decoded.userGpgPubKey, 'user-gpg-key');
+      });
+
+      it('should validate MPCv2 Round2 response', function () {
+        const validResponse = {
+          signatureShareRound2: {
+            from: 'user',
+            to: 'bitgo',
+            share: 'round2-share',
+          },
+          encryptedRound2Session: 'session2',
+        };
+        const decoded = assertDecode(EcdsaMPCv2Round2Response, validResponse);
+        assert.strictEqual(decoded.signatureShareRound2.from, 'user');
+        assert.strictEqual(decoded.signatureShareRound2.to, 'bitgo');
+        assert.strictEqual(decoded.encryptedRound2Session, 'session2');
+      });
+
+      it('should validate MPCv2 Round3 response', function () {
+        const validResponse = {
+          signatureShareRound3: {
+            from: 'user',
+            to: 'bitgo',
+            share: 'round3-share',
+          },
+        };
+        const decoded = assertDecode(EcdsaMPCv2Round3Response, validResponse);
+        assert.strictEqual(decoded.signatureShareRound3.from, 'user');
+        assert.strictEqual(decoded.signatureShareRound3.to, 'bitgo');
+        assert.strictEqual(decoded.signatureShareRound3.share, 'round3-share');
+      });
+    });
+
+    describe('EDDSA Share Generation', function () {
+      it('should successfully generate EDDSA Commitment share via API', async function () {
+        const requestBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: walletId,
+            walletType: 'hot',
+            version: 1,
+            state: 'pendingUserSignature',
+            date: '2023-01-01T00:00:00.000Z',
+            userId: 'user123',
+            intent: {},
+            policiesChecked: true,
+            unsignedTxs: [
+              {
+                serializedTxHex: '0100000001...',
+                signableHex: '0100000001...',
+                derivationPath: "m/0'",
+              },
+            ],
+            latest: true,
+          },
+          bitgoGpgPubKey: '-----BEGIN PGP PUBLIC KEY BLOCK-----\n...\n-----END PGP PUBLIC KEY BLOCK-----',
+        };
+
+        const mockCommitmentShareResponse = {
+          userToBitgoCommitment: {
+            from: 'user',
+            to: 'bitgo',
+            share: 'commitment-data',
+            type: 'commitment',
+          },
+          encryptedSignerShare: {
+            from: 'user',
+            to: 'bitgo',
+            share: 'encrypted-signer-data',
+            type: 'encryptedSignerShare',
+          },
+          encryptedUserToBitgoRShare: {
+            from: 'user',
+            to: 'bitgo',
+            share: 'encrypted-r-share-data',
+            type: 'encryptedRShare',
+          },
+        };
+
+        // Mock filesystem
+        fsReadFileStub = sinon.stub(fs, 'readFile').resolves(JSON.stringify({ [walletId]: encryptedPrivKey }));
+
+        // Mock coin and Eddsa utils
+        const mockEddsaUtils = {
+          createCommitmentShareFromTxRequest: sinon.stub().resolves(mockCommitmentShareResponse),
+        };
+
+        const mockCoin = {
+          getMPCAlgorithm: sinon.stub().returns('eddsa'),
+        };
+
+        sinon.stub(BitGo.prototype, 'coin').returns(mockCoin as any);
+        sinon.stub(BitGo.prototype, 'decrypt').returns(decryptedPrivKey);
+        sinon
+          .stub(EddsaUtils.prototype, 'createCommitmentShareFromTxRequest')
+          .callsFake(mockEddsaUtils.createCommitmentShareFromTxRequest);
+
+        // Call API via supertest
+        const result = await agent
+          .post(`/api/v2/${coin}/tssshare/commitment`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify response
+        assert.strictEqual(result.status, 200);
+        result.body.should.have.property('userToBitgoCommitment');
+        result.body.should.have.property('encryptedSignerShare');
+        result.body.should.have.property('encryptedUserToBitgoRShare');
+
+        // Validate response against type definition
+        const decodedResponse = assertDecode(EddsaCommitmentShareResponse, result.body);
+        assert.strictEqual(decodedResponse.userToBitgoCommitment.from, 'user');
+        assert.strictEqual(decodedResponse.encryptedSignerShare.type, 'encryptedSignerShare');
+
+        // Verify filesystem was accessed
+        assert.strictEqual(fsReadFileStub.calledOnce, true);
+
+        // Verify createCommitmentShareFromTxRequest was called with correct params
+        assert.strictEqual(mockEddsaUtils.createCommitmentShareFromTxRequest.calledOnce, true);
+        const callArgs = mockEddsaUtils.createCommitmentShareFromTxRequest.firstCall.args[0];
+        assert.strictEqual(callArgs.prv, decryptedPrivKey);
+        assert.strictEqual(callArgs.walletPassphrase, walletPassphrase);
+      });
+
+      it('should successfully generate EDDSA R share via API', async function () {
+        const requestBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: walletId,
+            unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+            latest: true,
+          },
+          encryptedUserToBitgoRShare: {
+            from: 'user',
+            to: 'bitgo',
+            share: 'encrypted-r-share',
+            type: 'encryptedRShare',
+          },
+        };
+
+        const mockRShareResponse = {
+          rShare: {
+            i: 1,
+            rShares: {
+              2: {
+                i: 1,
+                j: 2,
+                u: 'u-value',
+                v: 'v-value',
+                r: 'r-value',
+                R: 'R-value',
+                commitment: 'commitment-value',
+              },
+            },
+          },
+        };
+
+        // Mock filesystem and Eddsa utils
+        fsReadFileStub = sinon.stub(fs, 'readFile').resolves(JSON.stringify({ [walletId]: encryptedPrivKey }));
+
+        const mockEddsaUtils = {
+          createRShareFromTxRequest: sinon.stub().resolves(mockRShareResponse),
+        };
+
+        const mockCoin = {
+          getMPCAlgorithm: sinon.stub().returns('eddsa'),
+        };
+
+        sinon.stub(BitGo.prototype, 'coin').returns(mockCoin as any);
+        sinon.stub(BitGo.prototype, 'decrypt').returns(decryptedPrivKey);
+        sinon
+          .stub(EddsaUtils.prototype, 'createRShareFromTxRequest')
+          .callsFake(mockEddsaUtils.createRShareFromTxRequest);
+
+        // Call API via supertest
+        const result = await agent
+          .post(`/api/v2/${coin}/tssshare/R`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify response
+        assert.strictEqual(result.status, 200);
+        result.body.should.have.property('rShare');
+
+        // Validate response type
+        const decodedResponse = assertDecode(EddsaRShareResponse, result.body);
+        assert.strictEqual(decodedResponse.rShare.i, 1);
+        assert.ok(decodedResponse.rShare.rShares);
+      });
+
+      it('should successfully generate EDDSA G share via API', async function () {
+        const requestBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: walletId,
+            unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+            latest: true,
+          },
+          bitgoToUserRShare: {
+            from: 'bitgo',
+            to: 'user',
+            share: 'bitgo-r-share',
+          },
+          userToBitgoRShare: {
+            i: 1,
+            rShares: {
+              2: {
+                i: 1,
+                j: 2,
+                u: 'u-value',
+                v: 'v-value',
+                r: 'r-value',
+                R: 'R-value',
+                commitment: 'commitment-value',
+              },
+            },
+          },
+          bitgoToUserCommitment: {
+            from: 'bitgo',
+            to: 'user',
+            share: 'bitgo-commitment',
+            type: 'commitment',
+          },
+        };
+
+        const mockGShareResponse = {
+          i: 1,
+          y: 'y-coordinate',
+          gamma: 'gamma-value',
+          R: 'R-point',
+        };
+
+        // Mock filesystem and Eddsa utils
+        fsReadFileStub = sinon.stub(fs, 'readFile').resolves(JSON.stringify({ [walletId]: encryptedPrivKey }));
+
+        const mockEddsaUtils = {
+          createGShareFromTxRequest: sinon.stub().resolves(mockGShareResponse),
+        };
+
+        const mockCoin = {
+          getMPCAlgorithm: sinon.stub().returns('eddsa'),
+        };
+
+        sinon.stub(BitGo.prototype, 'coin').returns(mockCoin as any);
+        sinon.stub(BitGo.prototype, 'decrypt').returns(decryptedPrivKey);
+        sinon
+          .stub(EddsaUtils.prototype, 'createGShareFromTxRequest')
+          .callsFake(mockEddsaUtils.createGShareFromTxRequest);
+
+        // Call API via supertest
+        const result = await agent
+          .post(`/api/v2/${coin}/tssshare/G`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify response
+        assert.strictEqual(result.status, 200);
+        result.body.should.have.property('i');
+        result.body.should.have.property('y');
+        result.body.should.have.property('gamma');
+        result.body.should.have.property('R');
+
+        // Validate response type
+        const decodedResponse = assertDecode(EddsaGShareResponse, result.body);
+        assert.strictEqual(decodedResponse.i, 1);
+        assert.strictEqual(decodedResponse.y, 'y-coordinate');
+      });
+    });
+
+    describe('ECDSA Share Generation', function () {
+      it('should successfully get ECDSA Paillier Modulus via API', async function () {
+        const requestBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: walletId,
+            unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+            latest: true,
+          },
+        };
+
+        const mockPaillierResponse = {
+          userPaillierModulus: '0x1234567890abcdef...',
+        };
+
+        // Mock filesystem and Ecdsa utils
+        fsReadFileStub = sinon.stub(fs, 'readFile').resolves(JSON.stringify({ [walletId]: encryptedPrivKey }));
+
+        const mockEcdsaUtils = {
+          getOfflineSignerPaillierModulus: sinon.stub().returns(mockPaillierResponse),
+        };
+
+        const mockCoin = {
+          getMPCAlgorithm: sinon.stub().returns('ecdsa'),
+        };
+
+        sinon.stub(BitGo.prototype, 'coin').returns(mockCoin as any);
+        sinon.stub(BitGo.prototype, 'decrypt').returns(decryptedPrivKey);
+        sinon
+          .stub(EcdsaUtils.prototype, 'getOfflineSignerPaillierModulus')
+          .callsFake(mockEcdsaUtils.getOfflineSignerPaillierModulus);
+
+        // Call API via supertest
+        const result = await agent
+          .post(`/api/v2/${ecdsaCoin}/tssshare/PaillierModulus`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify response
+        assert.strictEqual(result.status, 200);
+        result.body.should.have.property('userPaillierModulus');
+
+        // Validate response type
+        const decodedResponse = assertDecode(EcdsaPaillierModulusResponse, result.body);
+        assert.strictEqual(decodedResponse.userPaillierModulus, mockPaillierResponse.userPaillierModulus);
+      });
+
+      it('should successfully generate ECDSA K share via API', async function () {
+        const requestBody = {
+          tssParams: {
+            txRequest: {
+              txRequestId: 'txreq123',
+              walletId: walletId,
+              unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+              latest: true,
+            },
+            reqId: 'abc123-0001',
+          },
+          challenges: {
+            enterpriseChallenge: {
+              ntilde: 'ntilde-value',
+              h1: 'h1-value',
+              h2: 'h2-value',
+              p: ['p-proof-1', 'p-proof-2'],
+            },
+            bitgoChallenge: {
+              ntilde: 'bitgo-ntilde',
+              h1: 'bitgo-h1',
+              h2: 'bitgo-h2',
+              p: ['p-proof-1', 'p-proof-2'],
+              n: 'n-value',
+            },
+          },
+          requestType: 'tx',
+        };
+
+        const mockKShareResponse = {
+          privateShareProof: 'private-proof-pgp-data',
+          vssProof: 'vss-proof-data',
+          userPublicGpgKey: 'user-gpg-public-key',
+          publicShare: 'public-share-data',
+          encryptedSignerOffsetShare: 'encrypted-offset-share',
+          kShare: {
+            n: 'paillier-n',
+            k: 'encrypted-k',
+            alpha: 'alpha-response',
+            mu: 'mu-response',
+            w: 'encrypted-w',
+          },
+          wShare: 'encrypted-w-share-string',
+        };
+
+        // Mock filesystem and Ecdsa utils
+        fsReadFileStub = sinon.stub(fs, 'readFile').resolves(JSON.stringify({ [walletId]: encryptedPrivKey }));
+
+        const mockEcdsaUtils = {
+          createOfflineKShare: sinon.stub().resolves(mockKShareResponse),
+        };
+
+        const mockCoin = {
+          getMPCAlgorithm: sinon.stub().returns('ecdsa'),
+        };
+
+        sinon.stub(BitGo.prototype, 'coin').returns(mockCoin as any);
+        sinon.stub(BitGo.prototype, 'decrypt').returns(decryptedPrivKey);
+        sinon.stub(EcdsaUtils.prototype, 'createOfflineKShare').callsFake(mockEcdsaUtils.createOfflineKShare);
+
+        // Call API via supertest
+        const result = await agent
+          .post(`/api/v2/${ecdsaCoin}/tssshare/K`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify response
+        assert.strictEqual(result.status, 200);
+        result.body.should.have.property('kShare');
+        result.body.should.have.property('wShare');
+
+        // Validate response type
+        const decodedResponse = assertDecode(EcdsaKShareResponse, result.body);
+        assert.strictEqual(decodedResponse.privateShareProof, mockKShareResponse.privateShareProof);
+        assert.strictEqual(decodedResponse.kShare.n, mockKShareResponse.kShare.n);
+      });
+    });
+
+    describe('Error Handling', function () {
+      it('should fail when walletId is missing from txRequest', async function () {
+        const requestBody = {
+          txRequest: {
+            // Missing walletId
+            txRequestId: 'txreq123',
+            unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+            latest: true,
+          },
+        };
+
+        // Make the request
+        const result = await agent
+          .post(`/api/v2/${coin}/tssshare/commitment`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify error response - runtime error returns 500
+        assert.strictEqual(result.status, 500);
+        assert.ok(result.body);
+      });
+
+      it('should fail when neither txRequest nor tssParams is provided', async function () {
+        const requestBody = {
+          // Missing both txRequest and tssParams
+          bitgoGpgPubKey: 'some-key',
+        };
+
+        // Make the request
+        const result = await agent
+          .post(`/api/v2/${coin}/tssshare/commitment`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify error response
+        assert.strictEqual(result.status, 500);
+        assert.ok(result.body);
+      });
+
+      it('should fail when wallet passphrase environment variable is missing', async function () {
+        // Remove the wallet passphrase from environment
+        delete process.env[`WALLET_${walletId}_PASSPHRASE`];
+
+        const requestBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: walletId,
+            unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+            latest: true,
+          },
+          bitgoGpgPubKey: 'bitgo-gpg-key',
+        };
+
+        // Make the request
+        const result = await agent
+          .post(`/api/v2/${coin}/tssshare/commitment`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify error response - runtime errors return 500
+        assert.strictEqual(result.status, 500);
+        assert.ok(result.body);
+      });
+
+      it('should fail when encrypted private key file cannot be read', async function () {
+        const requestBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: walletId,
+            unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+            latest: true,
+          },
+        };
+
+        // Mock filesystem read to fail
+        fsReadFileStub = sinon.stub(fs, 'readFile').rejects(new Error('ENOENT: File not found'));
+
+        // Make the request
+        const result = await agent
+          .post(`/api/v2/${coin}/tssshare/R`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify error response - runtime errors return 500
+        assert.strictEqual(result.status, 500);
+        assert.ok(result.body);
+      });
+
+      it('should fail when walletId is not found in encrypted private keys file', async function () {
+        const differentWalletId = 'different-wallet-id-123';
+
+        const requestBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: differentWalletId,
+            unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+            latest: true,
+          },
+        };
+
+        // Setup environment for different wallet
+        process.env[`WALLET_${differentWalletId}_PASSPHRASE`] = 'test-pass';
+
+        // Mock filesystem with different wallet IDs
+        fsReadFileStub = sinon.stub(fs, 'readFile').resolves(
+          JSON.stringify({
+            [walletId]: encryptedPrivKey, // Different wallet ID
+          })
+        );
+
+        // Make the request
+        const result = await agent
+          .post(`/api/v2/${coin}/tssshare/commitment`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify error response - runtime errors return 500
+        assert.strictEqual(result.status, 500);
+        assert.ok(result.body);
+
+        // Cleanup
+        delete process.env[`WALLET_${differentWalletId}_PASSPHRASE`];
+      });
+
+      it('should fail when private key decryption fails', async function () {
+        const requestBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: walletId,
+            unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+            latest: true,
+          },
+        };
+
+        // Mock filesystem read
+        fsReadFileStub = sinon.stub(fs, 'readFile').resolves(
+          JSON.stringify({
+            [walletId]: encryptedPrivKey,
+          })
+        );
+
+        // Mock decrypt to throw error
+        sinon.stub(BitGo.prototype, 'decrypt').throws(new Error('Invalid passphrase'));
+
+        // Make the request
+        const result = await agent
+          .post(`/api/v2/${coin}/tssshare/G`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify error response - runtime errors return 500
+        assert.strictEqual(result.status, 500);
+        assert.ok(result.body);
+      });
+
+      it('should fail when unsupported MPC algorithm is encountered', async function () {
+        const requestBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: walletId,
+            unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+            latest: true,
+          },
+        };
+
+        // Mock filesystem
+        fsReadFileStub = sinon.stub(fs, 'readFile').resolves(JSON.stringify({ [walletId]: encryptedPrivKey }));
+
+        // Mock coin with unsupported MPC algorithm
+        const mockCoin = {
+          getMPCAlgorithm: sinon.stub().returns('unknown-algorithm'),
+        };
+
+        sinon.stub(BitGo.prototype, 'coin').returns(mockCoin as any);
+        sinon.stub(BitGo.prototype, 'decrypt').returns(decryptedPrivKey);
+
+        // Make the request
+        const result = await agent
+          .post(`/api/v2/${coin}/tssshare/commitment`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify error response - unsupported algorithm returns 500
+        assert.strictEqual(result.status, 500);
+        assert.ok(result.body);
+      });
+
+      it('should fail when unsupported share type for EDDSA', async function () {
+        const requestBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: walletId,
+            unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+            latest: true,
+          },
+        };
+
+        // Mock filesystem
+        fsReadFileStub = sinon.stub(fs, 'readFile').resolves(JSON.stringify({ [walletId]: encryptedPrivKey }));
+
+        // Mock coin with EDDSA
+        const mockCoin = {
+          getMPCAlgorithm: sinon.stub().returns('eddsa'),
+        };
+
+        sinon.stub(BitGo.prototype, 'coin').returns(mockCoin as any);
+        sinon.stub(BitGo.prototype, 'decrypt').returns(decryptedPrivKey);
+
+        // Make the request with invalid share type for EDDSA (K is ECDSA only)
+        const result = await agent
+          .post(`/api/v2/${coin}/tssshare/K`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify error response - unsupported share type returns 500
+        assert.strictEqual(result.status, 500);
+        assert.ok(result.body);
+      });
+
+      it('should fail when unsupported share type for ECDSA', async function () {
+        const requestBody = {
+          txRequest: {
+            txRequestId: 'txreq123',
+            walletId: walletId,
+            unsignedTxs: [{ serializedTxHex: '0100000001...', signableHex: '0100000001...', derivationPath: "m/0'" }],
+            latest: true,
+          },
+        };
+
+        // Mock filesystem
+        fsReadFileStub = sinon.stub(fs, 'readFile').resolves(JSON.stringify({ [walletId]: encryptedPrivKey }));
+
+        // Mock coin with ECDSA
+        const mockCoin = {
+          getMPCAlgorithm: sinon.stub().returns('ecdsa'),
+        };
+
+        sinon.stub(BitGo.prototype, 'coin').returns(mockCoin as any);
+        sinon.stub(BitGo.prototype, 'decrypt').returns(decryptedPrivKey);
+
+        // Make the request with invalid share type
+        const result = await agent
+          .post(`/api/v2/${ecdsaCoin}/tssshare/invalidShareType`)
+          .set('Authorization', 'Bearer test_access_token_12345')
+          .set('Content-Type', 'application/json')
+          .send(requestBody);
+
+        // Verify error response - unsupported share type returns 500
+        assert.strictEqual(result.status, 500);
+        assert.ok(result.body);
+      });
+    });
+  });
+});