@caypo/canton-sdk 0.1.0

package/dist/index.js

@@ -0,0 +1,986 @@
+import {
+  addAmounts,
+  compareAmounts,
+  isValidAmount,
+  subtractAmounts,
+  toCantonAmount
+} from "./chunk-GSDB5FKZ.js";
+
+// src/index.ts
+import { MPP_CANTON_VERSION } from "@caypo/mpp-canton";
+
+// src/canton/errors.ts
+var CantonApiError = class extends Error {
+  code;
+  ledgerCause;
+  grpcCodeValue;
+  errorCategory;
+  context;
+  constructor(ledgerError) {
+    super(`Canton API error [${ledgerError.code}]: ${ledgerError.cause}`);
+    this.name = "CantonApiError";
+    this.code = ledgerError.code;
+    this.ledgerCause = ledgerError.cause;
+    this.grpcCodeValue = ledgerError.grpcCodeValue;
+    this.errorCategory = ledgerError.errorCategory;
+    this.context = ledgerError.context;
+  }
+};
+var CantonTimeoutError = class extends Error {
+  timeoutMs;
+  path;
+  constructor(path, timeoutMs) {
+    super(`Canton request to ${path} timed out after ${timeoutMs}ms`);
+    this.name = "CantonTimeoutError";
+    this.timeoutMs = timeoutMs;
+    this.path = path;
+  }
+};
+var CantonAuthError = class extends Error {
+  statusCode;
+  constructor(statusCode, message) {
+    super(message ?? `Canton authentication failed (HTTP ${statusCode})`);
+    this.name = "CantonAuthError";
+    this.statusCode = statusCode;
+  }
+};
+
+// src/canton/client.ts
+var DEFAULT_TIMEOUT = 3e4;
+var CantonClient = class {
+  ledgerUrl;
+  token;
+  userId;
+  timeout;
+  constructor(config) {
+    this.ledgerUrl = config.ledgerUrl.replace(/\/+$/, "");
+    this.token = config.token;
+    this.userId = config.userId;
+    this.timeout = config.timeout ?? DEFAULT_TIMEOUT;
+  }
+  // ---------------------------------------------------------------------------
+  // Command Submission
+  // ---------------------------------------------------------------------------
+  async submitAndWait(params) {
+    return this.request("POST", "/v2/commands/submit-and-wait", {
+      commands: params.commands,
+      userId: this.userId,
+      commandId: params.commandId,
+      actAs: params.actAs,
+      readAs: params.readAs
+    });
+  }
+  async submitAndWaitForTransaction(params) {
+    return this.request(
+      "POST",
+      "/v2/commands/submit-and-wait-for-transaction",
+      {
+        commands: params.commands,
+        userId: this.userId,
+        commandId: params.commandId,
+        actAs: params.actAs,
+        readAs: params.readAs
+      }
+    );
+  }
+  // ---------------------------------------------------------------------------
+  // Active Contract Queries
+  // ---------------------------------------------------------------------------
+  async queryActiveContracts(params) {
+    const body = {
+      eventFormat: {
+        filtersByParty: params.filtersByParty,
+        filtersForAnyParty: params.filtersForAnyParty,
+        verbose: true
+      },
+      activeAtOffset: params.activeAtOffset
+    };
+    const response = await this.request("POST", "/v2/state/active-contracts", body);
+    if (!response.contractEntry) {
+      return [];
+    }
+    return response.contractEntry.filter((entry) => entry.createdEvent != null).map((entry) => {
+      const evt = entry.createdEvent;
+      return {
+        contractId: evt.contractId,
+        templateId: evt.templateId,
+        createArgument: evt.createArgument,
+        createdAt: "",
+        signatories: evt.signatories,
+        observers: evt.observers
+      };
+    });
+  }
+  // ---------------------------------------------------------------------------
+  // Transaction Lookup
+  // ---------------------------------------------------------------------------
+  async getTransactionById(updateId) {
+    try {
+      return await this.request(
+        "GET",
+        `/v2/updates/transaction-by-id/${encodeURIComponent(updateId)}`
+      );
+    } catch (err) {
+      if (err instanceof CantonApiError && err.code === "NOT_FOUND") {
+        return null;
+      }
+      throw err;
+    }
+  }
+  // ---------------------------------------------------------------------------
+  // Ledger State
+  // ---------------------------------------------------------------------------
+  async getLedgerEnd() {
+    const response = await this.request("GET", "/v2/state/ledger-end");
+    return response.offset;
+  }
+  // ---------------------------------------------------------------------------
+  // Party Management
+  // ---------------------------------------------------------------------------
+  async allocateParty(hint) {
+    const response = await this.request("POST", "/v2/parties", {
+      partyIdHint: hint,
+      identityProviderId: ""
+    });
+    return response.partyDetails;
+  }
+  async listParties() {
+    const response = await this.request("GET", "/v2/parties");
+    return response.partyDetails;
+  }
+  // ---------------------------------------------------------------------------
+  // Health Check
+  // ---------------------------------------------------------------------------
+  async isHealthy() {
+    try {
+      const response = await fetch(`${this.ledgerUrl}/livez`, {
+        method: "GET",
+        headers: { Authorization: `Bearer ${this.token}` },
+        signal: AbortSignal.timeout(this.timeout)
+      });
+      return response.ok;
+    } catch {
+      return false;
+    }
+  }
+  // ---------------------------------------------------------------------------
+  // Internal
+  // ---------------------------------------------------------------------------
+  async request(method, path, body) {
+    const url = `${this.ledgerUrl}${path}`;
+    const headers = {
+      Authorization: `Bearer ${this.token}`
+    };
+    if (body !== void 0) {
+      headers["Content-Type"] = "application/json";
+    }
+    let response;
+    try {
+      response = await fetch(url, {
+        method,
+        headers,
+        body: body !== void 0 ? JSON.stringify(body) : void 0,
+        signal: AbortSignal.timeout(this.timeout)
+      });
+    } catch (err) {
+      if (err instanceof DOMException && err.name === "TimeoutError") {
+        throw new CantonTimeoutError(path, this.timeout);
+      }
+      if (err instanceof DOMException && err.name === "AbortError") {
+        throw new CantonTimeoutError(path, this.timeout);
+      }
+      throw err;
+    }
+    if (response.status === 401 || response.status === 403) {
+      const text2 = await response.text().catch(() => "");
+      throw new CantonAuthError(response.status, text2 || void 0);
+    }
+    if (!response.ok) {
+      const errorBody = await response.json().catch(() => null);
+      if (errorBody && typeof errorBody === "object" && "code" in errorBody) {
+        throw new CantonApiError(errorBody);
+      }
+      throw new Error(`Canton API error: HTTP ${response.status} on ${method} ${path}`);
+    }
+    const text = await response.text();
+    if (!text) {
+      return {};
+    }
+    return JSON.parse(text);
+  }
+};
+
+// src/canton/holdings.ts
+var InsufficientBalanceError = class extends Error {
+  available;
+  required;
+  constructor(available, required) {
+    super(`Insufficient balance: have ${available}, need ${required}`);
+    this.name = "InsufficientBalanceError";
+    this.available = available;
+    this.required = required;
+  }
+};
+function selectHoldings(holdings, requiredAmount) {
+  if (holdings.length === 0) {
+    throw new InsufficientBalanceError("0", requiredAmount);
+  }
+  const sorted = [...holdings].sort((a, b) => compareAmounts(b.amount, a.amount));
+  let bestSingle = null;
+  for (const h of sorted) {
+    if (compareAmounts(h.amount, requiredAmount) >= 0) {
+      bestSingle = h;
+    }
+  }
+  if (bestSingle) {
+    return {
+      type: "single",
+      contractIds: [bestSingle.contractId]
+    };
+  }
+  let accumulated = "0";
+  const selected = [];
+  for (const h of sorted) {
+    selected.push(h.contractId);
+    accumulated = addAmounts(accumulated, h.amount);
+    if (compareAmounts(accumulated, requiredAmount) >= 0) {
+      return {
+        type: "merge-then-transfer",
+        contractIds: selected
+      };
+    }
+  }
+  throw new InsufficientBalanceError(accumulated, requiredAmount);
+}
+
+// src/canton/usdcx.ts
+var USDCX_HOLDING_TEMPLATE_ID = "Splice.Api.Token.HoldingV1:Holding";
+var TRANSFER_FACTORY_TEMPLATE_ID = "Splice.Api.Token.TransferFactoryV1:TransferFactory";
+var USDCX_INSTRUMENT_ID = "USDCx";
+var USDCxService = class {
+  constructor(client, partyId) {
+    this.client = client;
+    this.partyId = partyId;
+  }
+  /**
+   * Query all USDCx Holding contracts for this party.
+   */
+  async getHoldings() {
+    const offset = await this.client.getLedgerEnd();
+    const contracts = await this.client.queryActiveContracts({
+      filtersByParty: {
+        [this.partyId]: {
+          cumulative: [
+            {
+              identifierFilter: {
+                TemplateFilter: {
+                  value: { templateId: USDCX_HOLDING_TEMPLATE_ID }
+                }
+              }
+            }
+          ]
+        }
+      },
+      activeAtOffset: offset
+    });
+    return contracts.map((c) => ({
+      contractId: c.contractId,
+      owner: c.createArgument.owner ?? this.partyId,
+      amount: c.createArgument.amount,
+      templateId: c.templateId
+    }));
+  }
+  /**
+   * Calculate total USDCx balance by summing all holding amounts.
+   * Returns a string with up to 10 decimal places.
+   */
+  async getBalance() {
+    const holdings = await this.getHoldings();
+    if (holdings.length === 0) {
+      return "0";
+    }
+    let total = "0";
+    for (const h of holdings) {
+      total = addAmounts(total, h.amount);
+    }
+    return total;
+  }
+  /**
+   * Transfer USDCx using TransferFactory_Transfer (1-step).
+   * Requires the recipient to have an active TransferPreapproval.
+   */
+  async transfer(params) {
+    const commandId = params.commandId ?? crypto.randomUUID();
+    const amount = toCantonAmount(params.amount);
+    const holdings = await this.getHoldings();
+    const selection = selectHoldings(holdings, params.amount);
+    const result = await this.client.submitAndWait({
+      commands: [
+        {
+          ExerciseCommand: {
+            templateId: TRANSFER_FACTORY_TEMPLATE_ID,
+            contractId: selection.contractIds[0],
+            choice: "TransferFactory_Transfer",
+            choiceArgument: {
+              sender: this.partyId,
+              receiver: params.recipient,
+              amount,
+              instrumentId: USDCX_INSTRUMENT_ID,
+              inputHoldingCids: selection.contractIds,
+              meta: {}
+            }
+          }
+        }
+      ],
+      commandId,
+      actAs: [this.partyId],
+      readAs: [this.partyId]
+    });
+    return {
+      updateId: result.updateId,
+      completionOffset: result.completionOffset,
+      commandId
+    };
+  }
+  /**
+   * Merge multiple holdings into fewer UTXOs.
+   * Returns the commandId of the merge transaction.
+   */
+  async mergeHoldings(holdingCids) {
+    if (holdingCids.length < 2) {
+      throw new Error("Need at least 2 holdings to merge");
+    }
+    const commandId = crypto.randomUUID();
+    await this.client.submitAndWait({
+      commands: [
+        {
+          ExerciseCommand: {
+            templateId: USDCX_HOLDING_TEMPLATE_ID,
+            contractId: holdingCids[0],
+            choice: "Merge",
+            choiceArgument: {
+              holdingCids: holdingCids.slice(1)
+            }
+          }
+        }
+      ],
+      commandId,
+      actAs: [this.partyId]
+    });
+    return commandId;
+  }
+};
+
+// src/wallet/keystore.ts
+import { createCipheriv, createDecipheriv, pbkdf2Sync, randomBytes } from "crypto";
+import { mkdir, readFile, writeFile } from "fs/promises";
+import { dirname, join } from "path";
+import { homedir } from "os";
+var PBKDF2_ITERATIONS = 1e5;
+var PBKDF2_KEYLEN = 32;
+var PBKDF2_DIGEST = "sha256";
+var SALT_LEN = 32;
+var IV_LEN = 16;
+var ALGORITHM = "aes-256-gcm";
+var DEFAULT_WALLET_PATH = join(homedir(), ".caypo", "wallet.key");
+function deriveKey(pin, salt) {
+  return pbkdf2Sync(pin, salt, PBKDF2_ITERATIONS, PBKDF2_KEYLEN, PBKDF2_DIGEST);
+}
+function encrypt(data, pin) {
+  const salt = randomBytes(SALT_LEN);
+  const key = deriveKey(pin, salt);
+  const iv = randomBytes(IV_LEN);
+  const cipher = createCipheriv(ALGORITHM, key, iv);
+  const encrypted = Buffer.concat([cipher.update(data, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return {
+    iv: iv.toString("base64"),
+    salt: salt.toString("base64"),
+    encrypted: encrypted.toString("base64"),
+    tag: tag.toString("base64")
+  };
+}
+function decrypt(file, pin) {
+  const salt = Buffer.from(file.salt, "base64");
+  const iv = Buffer.from(file.iv, "base64");
+  const encrypted = Buffer.from(file.encrypted, "base64");
+  const tag = Buffer.from(file.tag, "base64");
+  const key = deriveKey(pin, salt);
+  const decipher = createDecipheriv(ALGORITHM, key, iv);
+  decipher.setAuthTag(tag);
+  try {
+    const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+    return decrypted.toString("utf8");
+  } catch {
+    throw new Error("Invalid PIN or corrupted wallet file");
+  }
+}
+var Keystore = class _Keystore {
+  data;
+  filePath;
+  constructor(data, filePath) {
+    this.data = data;
+    this.filePath = filePath;
+  }
+  /** Party ID of this wallet. */
+  get address() {
+    return this.data.partyId;
+  }
+  /**
+   * Create a new encrypted wallet.
+   * Generates a random 32-byte private key and saves encrypted to disk.
+   */
+  static async create(pin, params, path) {
+    const filePath = path ?? DEFAULT_WALLET_PATH;
+    const walletData = {
+      partyId: params.partyId,
+      jwt: params.jwt,
+      userId: params.userId,
+      privateKey: randomBytes(32).toString("hex")
+    };
+    const encryptedFile = encrypt(JSON.stringify(walletData), pin);
+    await mkdir(dirname(filePath), { recursive: true });
+    await writeFile(filePath, JSON.stringify(encryptedFile), "utf8");
+    return new _Keystore(walletData, filePath);
+  }
+  /**
+   * Load and decrypt an existing wallet.
+   * Throws if the PIN is wrong or the file is corrupted.
+   */
+  static async load(pin, path) {
+    const filePath = path ?? DEFAULT_WALLET_PATH;
+    const raw = await readFile(filePath, "utf8");
+    const encryptedFile = JSON.parse(raw);
+    const decrypted = decrypt(encryptedFile, pin);
+    const walletData = JSON.parse(decrypted);
+    return new _Keystore(walletData, filePath);
+  }
+  /** Get credentials for Canton Ledger API access. */
+  getCredentials() {
+    return {
+      partyId: this.data.partyId,
+      jwt: this.data.jwt,
+      userId: this.data.userId
+    };
+  }
+  /** Change the encryption PIN. Re-encrypts wallet data with new PIN. */
+  async changePin(oldPin, newPin) {
+    const raw = await readFile(this.filePath, "utf8");
+    const encryptedFile = JSON.parse(raw);
+    decrypt(encryptedFile, oldPin);
+    const newEncrypted = encrypt(JSON.stringify(this.data), newPin);
+    await writeFile(this.filePath, JSON.stringify(newEncrypted), "utf8");
+  }
+  /** Export the raw private key. Dangerous — only call with explicit user consent. */
+  exportKey(pin) {
+    void pin;
+    return this.data.privateKey;
+  }
+};
+
+// src/wallet/config.ts
+import { mkdir as mkdir2, readFile as readFile2, writeFile as writeFile2 } from "fs/promises";
+import { dirname as dirname2, join as join2 } from "path";
+import { homedir as homedir2 } from "os";
+var DEFAULT_CONFIG_PATH = join2(homedir2(), ".caypo", "config.json");
+var DEFAULT_CONFIG = {
+  version: 2,
+  network: "testnet",
+  ledgerUrl: "http://localhost:7575",
+  partyId: "",
+  userId: "ledger-api-user",
+  keystorePath: join2(homedir2(), ".caypo", "wallet.key"),
+  traffic: {
+    autoPurchase: true,
+    minBalance: 1e3,
+    purchaseAmountCC: "5.0"
+  },
+  safeguards: {
+    txLimit: "100",
+    dailyLimit: "1000"
+  },
+  mpp: {
+    gatewayUrl: "https://mpp.cayvox.io",
+    maxAutoPayPrice: "1.00"
+  }
+};
+async function loadConfig(path) {
+  const filePath = path ?? DEFAULT_CONFIG_PATH;
+  try {
+    const raw = await readFile2(filePath, "utf8");
+    const parsed = JSON.parse(raw);
+    return { ...DEFAULT_CONFIG, ...parsed };
+  } catch (err) {
+    if (err.code === "ENOENT") {
+      return { ...DEFAULT_CONFIG };
+    }
+    throw err;
+  }
+}
+async function saveConfig(config, path) {
+  const filePath = path ?? DEFAULT_CONFIG_PATH;
+  await mkdir2(dirname2(filePath), { recursive: true });
+  await writeFile2(filePath, JSON.stringify(config, null, 2), "utf8");
+}
+
+// src/safeguards/manager.ts
+import { mkdir as mkdir3, readFile as readFile3, writeFile as writeFile3 } from "fs/promises";
+import { dirname as dirname3, join as join3 } from "path";
+import { homedir as homedir3 } from "os";
+var DEFAULT_SAFEGUARDS_PATH = join3(homedir3(), ".caypo", "safeguards.json");
+var DEFAULT_SAFEGUARD_CONFIG = {
+  txLimit: "100",
+  dailyLimit: "1000",
+  locked: false,
+  lockedPinHash: "",
+  dailySpent: "0",
+  lastResetDate: today()
+};
+function today() {
+  return (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+}
+function hashPin(pin) {
+  let hash = 0;
+  for (let i = 0; i < pin.length; i++) {
+    const ch = pin.charCodeAt(i);
+    hash = (hash << 5) - hash + ch | 0;
+  }
+  return String(hash);
+}
+var SafeguardManager = class _SafeguardManager {
+  config;
+  filePath;
+  constructor(config, filePath) {
+    this.config = config ? { ...config } : { ...DEFAULT_SAFEGUARD_CONFIG };
+    this.filePath = filePath ?? DEFAULT_SAFEGUARDS_PATH;
+  }
+  /**
+   * Load safeguards from disk. Returns a new SafeguardManager.
+   * If file doesn't exist, uses defaults.
+   */
+  static async load(path) {
+    const filePath = path ?? DEFAULT_SAFEGUARDS_PATH;
+    try {
+      const raw = await readFile3(filePath, "utf8");
+      const parsed = JSON.parse(raw);
+      const config = { ...DEFAULT_SAFEGUARD_CONFIG, ...parsed };
+      return new _SafeguardManager(config, filePath);
+    } catch (err) {
+      if (err.code === "ENOENT") {
+        return new _SafeguardManager(void 0, filePath);
+      }
+      throw err;
+    }
+  }
+  /** Get current safeguard settings. */
+  settings() {
+    return { ...this.config };
+  }
+  /** Set per-transaction limit. */
+  setTxLimit(amount) {
+    this.config.txLimit = amount;
+    void this.save();
+  }
+  /** Set daily spending limit. */
+  setDailyLimit(amount) {
+    this.config.dailyLimit = amount;
+    void this.save();
+  }
+  /** Lock the wallet. All transactions will be rejected until unlocked. */
+  lock(pin) {
+    this.config.locked = true;
+    if (pin) {
+      this.config.lockedPinHash = hashPin(pin);
+    }
+    void this.save();
+  }
+  /** Unlock the wallet. Requires PIN if one was set during lock. */
+  unlock(pin) {
+    if (this.config.lockedPinHash && hashPin(pin) !== this.config.lockedPinHash) {
+      throw new Error("Invalid PIN");
+    }
+    this.config.locked = false;
+    this.config.lockedPinHash = "";
+    void this.save();
+  }
+  /**
+   * Check if a transaction for the given amount is allowed.
+   * Auto-resets daily counter if the date has changed.
+   */
+  check(amount) {
+    this.autoResetDaily();
+    const dailyRemaining = subtractAmounts(this.config.dailyLimit, this.config.dailySpent);
+    if (this.config.locked) {
+      return { allowed: false, reason: "Wallet is locked", dailyRemaining };
+    }
+    if (compareAmounts(amount, this.config.txLimit) > 0) {
+      return {
+        allowed: false,
+        reason: `Amount ${amount} exceeds per-transaction limit of ${this.config.txLimit}`,
+        dailyRemaining
+      };
+    }
+    const projectedDaily = addAmounts(this.config.dailySpent, amount);
+    if (compareAmounts(projectedDaily, this.config.dailyLimit) > 0) {
+      return {
+        allowed: false,
+        reason: `Amount ${amount} would exceed daily limit of ${this.config.dailyLimit} (spent: ${this.config.dailySpent})`,
+        dailyRemaining
+      };
+    }
+    return { allowed: true, dailyRemaining };
+  }
+  /** Record a completed spend. Call after successful transaction. */
+  recordSpend(amount) {
+    this.autoResetDaily();
+    this.config.dailySpent = addAmounts(this.config.dailySpent, amount);
+    void this.save();
+  }
+  /** Manually reset the daily counter. */
+  resetDaily() {
+    this.config.dailySpent = "0";
+    this.config.lastResetDate = today();
+    void this.save();
+  }
+  autoResetDaily() {
+    const currentDate = today();
+    if (this.config.lastResetDate !== currentDate) {
+      this.config.dailySpent = "0";
+      this.config.lastResetDate = currentDate;
+    }
+  }
+  async save() {
+    try {
+      await mkdir3(dirname3(this.filePath), { recursive: true });
+      await writeFile3(this.filePath, JSON.stringify(this.config, null, 2), "utf8");
+    } catch {
+    }
+  }
+};
+
+// src/accounts/checking.ts
+var CheckingAccount = class {
+  constructor(usdcx, safeguards, client, partyId) {
+    this.usdcx = usdcx;
+    this.safeguards = safeguards;
+    this.client = client;
+    this.partyId = partyId;
+  }
+  /** Get USDCx balance: total available and number of UTXO holdings. */
+  async balance() {
+    const holdings = await this.usdcx.getHoldings();
+    let available = "0";
+    const { addAmounts: addAmounts2 } = await import("./amount-L2SDLRZT.js");
+    for (const h of holdings) {
+      available = addAmounts2(available, h.amount);
+    }
+    return { available, holdingCount: holdings.length };
+  }
+  /**
+   * Send USDCx to a recipient.
+   * Checks safeguards before executing the transfer.
+   */
+  async send(recipient, amount, opts) {
+    const check = this.safeguards.check(amount);
+    if (!check.allowed) {
+      throw new Error(`Safeguard rejected: ${check.reason}`);
+    }
+    const result = await this.usdcx.transfer({
+      recipient,
+      amount,
+      commandId: opts?.commandId
+    });
+    this.safeguards.recordSpend(amount);
+    return result;
+  }
+  /** Party ID for receiving payments. */
+  address() {
+    return this.partyId;
+  }
+  /**
+   * Query transaction history via /v2/updates/flats.
+   * Returns recent flat transactions involving this party.
+   */
+  async history(opts) {
+    const limit = opts?.limit ?? 20;
+    const offset = await this.client.getLedgerEnd();
+    const contracts = await this.client.queryActiveContracts({
+      filtersByParty: {
+        [this.partyId]: {
+          cumulative: [
+            {
+              identifierFilter: {
+                WildcardFilter: { value: { includeCreatedEventBlob: false } }
+              }
+            }
+          ]
+        }
+      },
+      activeAtOffset: offset
+    });
+    return contracts.slice(0, limit).map((c) => ({
+      updateId: "",
+      commandId: "",
+      effectiveAt: c.createdAt,
+      offset: 0,
+      type: "unknown",
+      amount: typeof c.createArgument.amount === "string" ? c.createArgument.amount : void 0
+    }));
+  }
+};
+
+// src/mpp/pay-client.ts
+function parseWwwAuthenticate(header) {
+  if (!header.startsWith("Payment")) {
+    return null;
+  }
+  const params = {};
+  const re = /(\w+)="([^"]*)"/g;
+  let match;
+  while ((match = re.exec(header)) !== null) {
+    params[match[1]] = match[2];
+  }
+  if (params.method !== "canton" || !params.amount || !params.recipient || !params.network) {
+    return null;
+  }
+  return {
+    amount: params.amount,
+    currency: params.currency ?? "USDCx",
+    recipient: params.recipient,
+    network: params.network,
+    description: params.description
+  };
+}
+var MppPayClient = class {
+  constructor(usdcx, safeguards, partyId, network) {
+    this.usdcx = usdcx;
+    this.safeguards = safeguards;
+    this.partyId = partyId;
+    this.network = network;
+  }
+  /**
+   * Pay for an API call via MPP 402 flow.
+   * If the response is not 402, returns it as-is with paid=false.
+   */
+  async pay(url, opts) {
+    const requestInit = {
+      method: opts?.method ?? "GET",
+      headers: opts?.headers,
+      body: opts?.body
+    };
+    const firstResponse = await fetch(url, requestInit);
+    if (firstResponse.status !== 402) {
+      return { response: firstResponse, paid: false };
+    }
+    const authHeader = firstResponse.headers.get("WWW-Authenticate") ?? "";
+    const challenge = parseWwwAuthenticate(authHeader);
+    if (!challenge) {
+      throw new Error("402 received but no valid Canton payment challenge in WWW-Authenticate");
+    }
+    if (challenge.network !== this.network) {
+      throw new Error(
+        `Network mismatch: challenge requires ${challenge.network}, agent on ${this.network}`
+      );
+    }
+    if (opts?.maxPrice && compareAmounts(challenge.amount, opts.maxPrice) > 0) {
+      throw new Error(
+        `Price ${challenge.amount} exceeds maxPrice ${opts.maxPrice}`
+      );
+    }
+    const check = this.safeguards.check(challenge.amount);
+    if (!check.allowed) {
+      throw new Error(`Safeguard rejected: ${check.reason}`);
+    }
+    const transferResult = await this.usdcx.transfer({
+      recipient: challenge.recipient,
+      amount: challenge.amount
+    });
+    this.safeguards.recordSpend(challenge.amount);
+    const credential = Buffer.from(
+      JSON.stringify({
+        updateId: transferResult.updateId,
+        completionOffset: transferResult.completionOffset,
+        sender: this.partyId,
+        commandId: transferResult.commandId
+      })
+    ).toString("base64");
+    const retryResponse = await fetch(url, {
+      ...requestInit,
+      headers: {
+        ...opts?.headers,
+        Authorization: `Payment ${credential}`
+      }
+    });
+    return {
+      response: retryResponse,
+      paid: true,
+      receipt: {
+        updateId: transferResult.updateId,
+        completionOffset: transferResult.completionOffset,
+        commandId: transferResult.commandId,
+        amount: challenge.amount
+      }
+    };
+  }
+};
+
+// src/traffic/manager.ts
+var TrafficManager = class {
+  constructor(client, partyId) {
+    this.client = client;
+    this.partyId = partyId;
+  }
+  autoPurchaseConfig = {
+    enabled: false,
+    minBalance: 1e3,
+    purchaseAmount: "5.0"
+  };
+  /**
+   * Check validator's traffic balance.
+   *
+   * TODO: Implement using actual validator admin API.
+   * The traffic balance is a validator-level concept, not per-party.
+   * For now, returns a stub indicating sufficient traffic.
+   */
+  async trafficBalance() {
+    const healthy = await this.client.isHealthy();
+    if (!healthy) {
+      return { totalPurchased: 0, consumed: 0, remaining: 0 };
+    }
+    return {
+      totalPurchased: 1e7,
+      consumed: 0,
+      remaining: 1e7
+    };
+  }
+  /**
+   * Purchase additional traffic by burning Canton Coin (CC).
+   *
+   * TODO: Implement using actual CC burn mechanism.
+   */
+  async purchaseTraffic(ccAmount) {
+    void ccAmount;
+    throw new Error("Traffic purchase not yet implemented \u2014 requires validator admin API");
+  }
+  /**
+   * Check if there's sufficient traffic for a standard operation.
+   * Returns true if remaining traffic > minimum threshold.
+   */
+  async hasSufficientTraffic() {
+    const balance = await this.trafficBalance();
+    return balance.remaining > this.autoPurchaseConfig.minBalance;
+  }
+  /** Configure auto-purchase settings. */
+  setAutoPurchase(config) {
+    this.autoPurchaseConfig = { ...config };
+  }
+  /** Get current auto-purchase configuration. */
+  getAutoPurchaseConfig() {
+    return { ...this.autoPurchaseConfig };
+  }
+};
+
+// src/agent.ts
+var CantonAgent = class _CantonAgent {
+  checking;
+  safeguards;
+  traffic;
+  mpp;
+  wallet;
+  client;
+  usdcx;
+  constructor(client, usdcx, checking, safeguards, traffic, mpp, wallet) {
+    this.client = client;
+    this.usdcx = usdcx;
+    this.checking = checking;
+    this.safeguards = safeguards;
+    this.traffic = traffic;
+    this.mpp = mpp;
+    this.wallet = wallet;
+  }
+  /**
+   * Create a new CantonAgent from config.
+   *
+   * Loads configuration from ~/.caypo/config.json (or overrides),
+   * initializes all sub-services, and wires them together.
+   */
+  static async create(config) {
+    const fileConfig = await loadConfig(config?.configPath);
+    const merged = {
+      ...fileConfig,
+      ...config?.ledgerUrl && { ledgerUrl: config.ledgerUrl },
+      ...config?.partyId && { partyId: config.partyId },
+      ...config?.userId && { userId: config.userId },
+      ...config?.network && { network: config.network }
+    };
+    const token = config?.token ?? "";
+    const client = new CantonClient({
+      ledgerUrl: merged.ledgerUrl,
+      token,
+      userId: merged.userId
+    });
+    const usdcx = new USDCxService(client, merged.partyId);
+    const safeguards = await SafeguardManager.load(config?.safeguardsPath);
+    const traffic = new TrafficManager(client, merged.partyId);
+    const checking = new CheckingAccount(usdcx, safeguards, client, merged.partyId);
+    const mpp = new MppPayClient(usdcx, safeguards, merged.partyId, merged.network);
+    const wallet = {
+      address: merged.partyId,
+      partyId: merged.partyId,
+      network: merged.network
+    };
+    return new _CantonAgent(client, usdcx, checking, safeguards, traffic, mpp, wallet);
+  }
+  /**
+   * Create a CantonAgent from explicit parameters (no file I/O).
+   * Useful for testing and programmatic setup.
+   */
+  static fromParams(params) {
+    const safeguards = params.safeguards ?? new SafeguardManager();
+    const usdcx = new USDCxService(params.client, params.partyId);
+    const traffic = new TrafficManager(params.client, params.partyId);
+    const checking = new CheckingAccount(usdcx, safeguards, params.client, params.partyId);
+    const mpp = new MppPayClient(usdcx, safeguards, params.partyId, params.network);
+    const wallet = {
+      address: params.partyId,
+      partyId: params.partyId,
+      network: params.network
+    };
+    return new _CantonAgent(params.client, usdcx, checking, safeguards, traffic, mpp, wallet);
+  }
+};
+
+// src/index.ts
+var CANTON_SDK_VERSION = "0.1.0";
+var DEFAULT_LEDGER_PORT = 7575;
+export {
+  CANTON_SDK_VERSION,
+  CantonAgent,
+  CantonApiError,
+  CantonAuthError,
+  CantonClient,
+  CantonTimeoutError,
+  CheckingAccount,
+  DEFAULT_CONFIG,
+  DEFAULT_LEDGER_PORT,
+  InsufficientBalanceError,
+  Keystore,
+  MPP_CANTON_VERSION,
+  MppPayClient,
+  SafeguardManager,
+  TRANSFER_FACTORY_TEMPLATE_ID,
+  TrafficManager,
+  USDCX_HOLDING_TEMPLATE_ID,
+  USDCX_INSTRUMENT_ID,
+  USDCxService,
+  addAmounts,
+  compareAmounts,
+  isValidAmount,
+  loadConfig,
+  parseWwwAuthenticate,
+  saveConfig,
+  selectHoldings,
+  subtractAmounts,
+  toCantonAmount
+};
+//# sourceMappingURL=index.js.map