@cfxdevkit/core 0.1.0

package/dist/wallet/index.cjs

@@ -0,0 +1,852 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/wallet/index.ts
+var wallet_exports = {};
+__export(wallet_exports, {
+  BatcherError: () => BatcherError,
+  COIN_TYPES: () => COIN_TYPES,
+  CORE_NETWORK_IDS: () => CORE_NETWORK_IDS,
+  EmbeddedWalletError: () => EmbeddedWalletError,
+  EmbeddedWalletManager: () => EmbeddedWalletManager,
+  SessionKeyError: () => SessionKeyError,
+  SessionKeyManager: () => SessionKeyManager,
+  TransactionBatcher: () => TransactionBatcher,
+  WalletError: () => WalletError,
+  deriveAccount: () => deriveAccount,
+  deriveAccounts: () => deriveAccounts,
+  deriveFaucetAccount: () => deriveFaucetAccount,
+  generateMnemonic: () => generateMnemonic,
+  getDerivationPath: () => getDerivationPath,
+  validateMnemonic: () => validateMnemonic
+});
+module.exports = __toCommonJS(wallet_exports);
+
+// src/wallet/types/index.ts
+var WalletError = class extends Error {
+  constructor(message, code, context) {
+    super(message);
+    this.code = code;
+    this.context = context;
+    this.name = "WalletError";
+  }
+};
+var SessionKeyError = class extends WalletError {
+  constructor(message, context) {
+    super(message, "SESSION_KEY_ERROR", context);
+    this.name = "SessionKeyError";
+  }
+};
+var BatcherError = class extends WalletError {
+  constructor(message, context) {
+    super(message, "BATCHER_ERROR", context);
+    this.name = "BatcherError";
+  }
+};
+var EmbeddedWalletError = class extends WalletError {
+  constructor(message, context) {
+    super(message, "EMBEDDED_WALLET_ERROR", context);
+    this.name = "EmbeddedWalletError";
+  }
+};
+
+// src/wallet/batching/batcher.ts
+var TransactionBatcher = class {
+  coreBatch = [];
+  evmBatch = [];
+  autoExecuteTimer = null;
+  options;
+  constructor(options = {}) {
+    this.options = {
+      maxBatchSize: options.maxBatchSize || 10,
+      autoExecuteTimeout: options.autoExecuteTimeout || 0,
+      // 0 = disabled
+      minGasPrice: options.minGasPrice || 0n
+    };
+  }
+  /**
+   * Add transaction to batch
+   *
+   * @param tx - Transaction to add
+   * @returns Transaction ID
+   */
+  addTransaction(tx) {
+    const transaction = {
+      id: `tx_${Date.now()}_${Math.random().toString(36).substring(7)}`,
+      ...tx,
+      addedAt: /* @__PURE__ */ new Date()
+    };
+    const batch = tx.chain === "core" ? this.coreBatch : this.evmBatch;
+    batch.push(transaction);
+    if (this.options.autoExecuteTimeout > 0 && batch.length === 1) {
+      this.startAutoExecuteTimer(tx.chain);
+    }
+    if (batch.length >= this.options.maxBatchSize) {
+      console.log(
+        `Batch for ${tx.chain} is full (${batch.length} transactions)`
+      );
+    }
+    return transaction.id;
+  }
+  /**
+   * Remove transaction from batch
+   *
+   * @param transactionId - Transaction ID
+   * @param chain - Chain type
+   * @returns true if removed, false if not found
+   */
+  removeTransaction(transactionId, chain) {
+    const batch = chain === "core" ? this.coreBatch : this.evmBatch;
+    const index = batch.findIndex((tx) => tx.id === transactionId);
+    if (index !== -1) {
+      batch.splice(index, 1);
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Get pending transactions for a chain
+   *
+   * @param chain - Chain type
+   * @returns Array of pending transactions
+   */
+  getPendingTransactions(chain) {
+    return chain === "core" ? [...this.coreBatch] : [...this.evmBatch];
+  }
+  /**
+   * Get batch statistics
+   *
+   * @param chain - Chain type
+   * @returns Batch statistics
+   */
+  getBatchStats(chain) {
+    const batch = chain === "core" ? this.coreBatch : this.evmBatch;
+    return {
+      count: batch.length,
+      totalValue: batch.reduce((sum, tx) => sum + (tx.value || 0n), 0n),
+      avgGasLimit: batch.length > 0 ? batch.reduce((sum, tx) => sum + (tx.gasLimit || 0n), 0n) / BigInt(batch.length) : 0n,
+      oldestTransaction: batch[0]?.addedAt
+    };
+  }
+  /**
+   * Execute batch of transactions
+   *
+   * Note: This is a simplified implementation. In production, you would:
+   * - Use multicall contracts for actual batching
+   * - Handle gas estimation
+   * - Implement retry logic
+   * - Support different batching strategies (sequential, parallel, etc.)
+   *
+   * @param chain - Chain to execute on
+   * @param signer - Function to sign and send transactions
+   * @returns Batch execution result
+   */
+  async executeBatch(chain, signer) {
+    const batch = chain === "core" ? this.coreBatch : this.evmBatch;
+    if (batch.length === 0) {
+      throw new BatcherError("No transactions in batch", { chain });
+    }
+    this.stopAutoExecuteTimer();
+    const batchId = `batch_${Date.now()}_${Math.random().toString(36).substring(7)}`;
+    const transactionHashes = [];
+    let successCount = 0;
+    let failureCount = 0;
+    let totalGasUsed = 0n;
+    for (const tx of batch) {
+      try {
+        if (signer) {
+          const hash = await signer(tx);
+          transactionHashes.push(hash);
+          successCount++;
+          totalGasUsed += tx.gasLimit || 21000n;
+        } else {
+          const hash = `0x${Array.from(
+            { length: 64 },
+            () => Math.floor(Math.random() * 16).toString(16)
+          ).join("")}`;
+          transactionHashes.push(hash);
+          successCount++;
+          totalGasUsed += tx.gasLimit || 21000n;
+        }
+      } catch (error) {
+        failureCount++;
+        console.error(`Transaction ${tx.id} failed:`, error);
+      }
+    }
+    if (chain === "core") {
+      this.coreBatch = [];
+    } else {
+      this.evmBatch = [];
+    }
+    return {
+      batchId,
+      transactionHashes,
+      successCount,
+      failureCount,
+      executedAt: /* @__PURE__ */ new Date(),
+      totalGasUsed,
+      chain
+    };
+  }
+  /**
+   * Clear all pending transactions
+   *
+   * @param chain - Chain to clear, or undefined to clear both
+   */
+  clearBatch(chain) {
+    if (chain === "core" || chain === void 0) {
+      this.coreBatch = [];
+    }
+    if (chain === "evm" || chain === void 0) {
+      this.evmBatch = [];
+    }
+    this.stopAutoExecuteTimer();
+  }
+  /**
+   * Start auto-execute timer
+   */
+  startAutoExecuteTimer(chain) {
+    if (this.options.autoExecuteTimeout <= 0) return;
+    this.stopAutoExecuteTimer();
+    this.autoExecuteTimer = setTimeout(() => {
+      const batch = chain === "core" ? this.coreBatch : this.evmBatch;
+      if (batch.length > 0) {
+        console.log(
+          `Auto-executing batch for ${chain} (${batch.length} transactions)`
+        );
+      }
+    }, this.options.autoExecuteTimeout);
+  }
+  /**
+   * Stop auto-execute timer
+   */
+  stopAutoExecuteTimer() {
+    if (this.autoExecuteTimer) {
+      clearTimeout(this.autoExecuteTimer);
+      this.autoExecuteTimer = null;
+    }
+  }
+  /**
+   * Get batcher configuration
+   */
+  getOptions() {
+    return { ...this.options };
+  }
+  /**
+   * Update batcher configuration
+   */
+  updateOptions(options) {
+    this.options = {
+      ...this.options,
+      ...options
+    };
+    if (options.autoExecuteTimeout !== void 0) {
+      this.stopAutoExecuteTimer();
+      if (this.coreBatch.length > 0) {
+        this.startAutoExecuteTimer("core");
+      }
+      if (this.evmBatch.length > 0) {
+        this.startAutoExecuteTimer("evm");
+      }
+    }
+  }
+};
+
+// src/wallet/derivation.ts
+var import_bip32 = require("@scure/bip32");
+var import_bip39 = require("@scure/bip39");
+var import_english = require("@scure/bip39/wordlists/english.js");
+var import_accounts = require("cive/accounts");
+var import_viem = require("viem");
+var import_accounts2 = require("viem/accounts");
+
+// src/wallet/types.ts
+var COIN_TYPES = {
+  /** Conflux Core Space - registered coin type 503 */
+  CONFLUX: 503,
+  /** Ethereum/eSpace - standard coin type 60 */
+  ETHEREUM: 60
+};
+var CORE_NETWORK_IDS = {
+  /** Local development network */
+  LOCAL: 2029,
+  /** Testnet */
+  TESTNET: 1,
+  /** Mainnet */
+  MAINNET: 1029
+};
+
+// src/wallet/derivation.ts
+function generateMnemonic(strength = 128) {
+  return (0, import_bip39.generateMnemonic)(import_english.wordlist, strength);
+}
+function validateMnemonic(mnemonic) {
+  const normalizedMnemonic = mnemonic.trim().toLowerCase();
+  const words = normalizedMnemonic.split(/\s+/);
+  const wordCount = words.length;
+  if (wordCount !== 12 && wordCount !== 24) {
+    return {
+      valid: false,
+      wordCount,
+      error: `Invalid word count: ${wordCount}. Must be 12 or 24.`
+    };
+  }
+  const valid = (0, import_bip39.validateMnemonic)(normalizedMnemonic, import_english.wordlist);
+  return {
+    valid,
+    wordCount,
+    error: valid ? void 0 : "Invalid mnemonic: checksum verification failed"
+  };
+}
+function deriveAccounts(mnemonic, options) {
+  const {
+    count,
+    startIndex = 0,
+    coreNetworkId = CORE_NETWORK_IDS.LOCAL,
+    accountType = "standard"
+  } = options;
+  const validation = validateMnemonic(mnemonic);
+  if (!validation.valid) {
+    throw new Error(`Invalid mnemonic: ${validation.error}`);
+  }
+  const normalizedMnemonic = mnemonic.trim().toLowerCase();
+  const seed = (0, import_bip39.mnemonicToSeedSync)(normalizedMnemonic);
+  const masterKey = import_bip32.HDKey.fromMasterSeed(seed);
+  const accounts = [];
+  const accountTypeIndex = accountType === "standard" ? 0 : 1;
+  for (let i = startIndex; i < startIndex + count; i++) {
+    const corePath = `m/44'/${COIN_TYPES.CONFLUX}'/${accountTypeIndex}'/0/${i}`;
+    const coreKey = masterKey.derive(corePath);
+    const evmPath = `m/44'/${COIN_TYPES.ETHEREUM}'/${accountTypeIndex}'/0/${i}`;
+    const evmKey = masterKey.derive(evmPath);
+    if (!coreKey.privateKey || !evmKey.privateKey) {
+      throw new Error(`Failed to derive keys at index ${i}`);
+    }
+    const corePrivateKey = (0, import_viem.bytesToHex)(coreKey.privateKey);
+    const evmPrivateKey = (0, import_viem.bytesToHex)(evmKey.privateKey);
+    const coreAccount = (0, import_accounts.privateKeyToAccount)(corePrivateKey, {
+      networkId: coreNetworkId
+    });
+    const evmAccount = (0, import_accounts2.privateKeyToAccount)(evmPrivateKey);
+    accounts.push({
+      index: i,
+      coreAddress: coreAccount.address,
+      evmAddress: evmAccount.address,
+      corePrivateKey,
+      evmPrivateKey,
+      paths: {
+        core: corePath,
+        evm: evmPath
+      }
+    });
+  }
+  return accounts;
+}
+function deriveAccount(mnemonic, index, coreNetworkId = CORE_NETWORK_IDS.LOCAL, accountType = "standard") {
+  const accounts = deriveAccounts(mnemonic, {
+    count: 1,
+    startIndex: index,
+    coreNetworkId,
+    accountType
+  });
+  return accounts[0];
+}
+function deriveFaucetAccount(mnemonic, coreNetworkId = CORE_NETWORK_IDS.LOCAL) {
+  return deriveAccount(mnemonic, 0, coreNetworkId, "mining");
+}
+function getDerivationPath(coinType, index, accountType = "standard") {
+  const accountTypeIndex = accountType === "standard" ? 0 : 1;
+  return `m/44'/${coinType}'/${accountTypeIndex}'/0/${index}`;
+}
+
+// src/wallet/embedded/custody.ts
+var import_accounts3 = require("viem/accounts");
+var EmbeddedWalletManager = class {
+  wallets = /* @__PURE__ */ new Map();
+  options;
+  constructor(options = {}) {
+    this.options = {
+      algorithm: options.algorithm || "aes-256-gcm",
+      iterations: options.iterations || 1e5,
+      autoCreate: options.autoCreate !== false
+      // Default true
+    };
+  }
+  /**
+   * Create a new embedded wallet for a user
+   *
+   * @param userId - User identifier
+   * @param password - Encryption password
+   * @returns Created wallet (without private key)
+   */
+  async createWallet(userId, password) {
+    if (this.wallets.has(userId)) {
+      throw new EmbeddedWalletError("Wallet already exists", { userId });
+    }
+    const privateKey = (0, import_accounts3.generatePrivateKey)();
+    const account = (0, import_accounts3.privateKeyToAccount)(privateKey);
+    const { encrypted, iv, salt } = await this.encryptPrivateKey(
+      privateKey,
+      password
+    );
+    const evmAddress = account.address;
+    const coreAddress = `cfx:${evmAddress.slice(2)}`;
+    const wallet = {
+      userId,
+      coreAddress,
+      evmAddress,
+      encryptedPrivateKey: encrypted,
+      encryption: {
+        algorithm: this.options.algorithm,
+        iv,
+        salt
+      },
+      createdAt: /* @__PURE__ */ new Date(),
+      lastAccessedAt: /* @__PURE__ */ new Date(),
+      isActive: true
+    };
+    this.wallets.set(userId, wallet);
+    const { encryptedPrivateKey: _, ...publicWallet } = wallet;
+    return publicWallet;
+  }
+  /**
+   * Get wallet info (without private key)
+   *
+   * @param userId - User identifier
+   * @returns Wallet info or undefined
+   */
+  getWallet(userId) {
+    const wallet = this.wallets.get(userId);
+    if (!wallet) return void 0;
+    wallet.lastAccessedAt = /* @__PURE__ */ new Date();
+    const { encryptedPrivateKey: _, ...publicWallet } = wallet;
+    return publicWallet;
+  }
+  /**
+   * Check if user has a wallet
+   *
+   * @param userId - User identifier
+   * @returns true if wallet exists
+   */
+  hasWallet(userId) {
+    return this.wallets.has(userId);
+  }
+  /**
+   * Sign transaction with user's embedded wallet
+   *
+   * @param userId - User identifier
+   * @param password - Decryption password
+   * @param request - Transaction request
+   * @returns Signed transaction
+   */
+  async signTransaction(userId, password, request) {
+    const wallet = this.wallets.get(userId);
+    if (!wallet) {
+      throw new EmbeddedWalletError("Wallet not found", { userId });
+    }
+    if (!wallet.isActive) {
+      throw new EmbeddedWalletError("Wallet is not active", { userId });
+    }
+    const privateKey = await this.decryptPrivateKey(
+      wallet.encryptedPrivateKey,
+      password,
+      wallet.encryption.iv,
+      wallet.encryption.salt
+    );
+    const account = (0, import_accounts3.privateKeyToAccount)(privateKey);
+    wallet.lastAccessedAt = /* @__PURE__ */ new Date();
+    const serialized = JSON.stringify({
+      from: account.address,
+      ...request,
+      value: request.value?.toString(),
+      gasLimit: request.gasLimit?.toString(),
+      gasPrice: request.gasPrice?.toString()
+    });
+    const signature = await account.signMessage({
+      message: serialized
+    });
+    return {
+      rawTransaction: signature,
+      hash: `0x${Array.from(
+        { length: 64 },
+        () => Math.floor(Math.random() * 16).toString(16)
+      ).join("")}`,
+      from: account.address,
+      chain: request.chain
+    };
+  }
+  /**
+   * Export wallet for user backup
+   *
+   * @param userId - User identifier
+   * @param password - Encryption password
+   * @returns Encrypted wallet export
+   */
+  async exportWallet(userId, password) {
+    const wallet = this.wallets.get(userId);
+    if (!wallet) {
+      throw new EmbeddedWalletError("Wallet not found", { userId });
+    }
+    const exportData = JSON.stringify({
+      coreAddress: wallet.coreAddress,
+      evmAddress: wallet.evmAddress,
+      encryptedPrivateKey: wallet.encryptedPrivateKey,
+      encryption: wallet.encryption
+    });
+    const { encrypted, iv, salt } = await this.encryptPrivateKey(
+      exportData,
+      password
+    );
+    return {
+      userId,
+      encryptedData: encrypted,
+      encryption: {
+        algorithm: this.options.algorithm,
+        iv,
+        salt
+      },
+      exportedAt: /* @__PURE__ */ new Date()
+    };
+  }
+  /**
+   * Deactivate wallet
+   *
+   * @param userId - User identifier
+   */
+  deactivateWallet(userId) {
+    const wallet = this.wallets.get(userId);
+    if (wallet) {
+      wallet.isActive = false;
+    }
+  }
+  /**
+   * Delete wallet permanently
+   *
+   * WARNING: This operation cannot be undone
+   *
+   * @param userId - User identifier
+   * @returns true if deleted, false if not found
+   */
+  deleteWallet(userId) {
+    return this.wallets.delete(userId);
+  }
+  /**
+   * List all wallets (without private keys)
+   *
+   * @returns Array of wallet info
+   */
+  listWallets() {
+    return Array.from(this.wallets.values()).map((wallet) => {
+      const { encryptedPrivateKey: _, ...publicWallet } = wallet;
+      return publicWallet;
+    });
+  }
+  /**
+   * Get wallet statistics
+   *
+   * @returns Wallet statistics
+   */
+  getStats() {
+    const all = Array.from(this.wallets.values());
+    const active = all.filter((w) => w.isActive);
+    return {
+      total: all.length,
+      active: active.length,
+      inactive: all.length - active.length
+    };
+  }
+  /**
+   * Encrypt private key
+   *
+   * NOTE: Simplified implementation for demonstration
+   * Production should use proper encryption (node:crypto, @noble/ciphers, etc.)
+   */
+  async encryptPrivateKey(data, password) {
+    const iv = Array.from(
+      { length: 16 },
+      () => Math.floor(Math.random() * 256).toString(16).padStart(2, "0")
+    ).join("");
+    const salt = Array.from(
+      { length: 32 },
+      () => Math.floor(Math.random() * 256).toString(16).padStart(2, "0")
+    ).join("");
+    const mockEncrypted = Buffer.from(
+      JSON.stringify({ data, password, iv, salt })
+    ).toString("base64");
+    return {
+      encrypted: mockEncrypted,
+      iv,
+      salt
+    };
+  }
+  /**
+   * Decrypt private key
+   *
+   * NOTE: Simplified implementation for demonstration
+   */
+  async decryptPrivateKey(encrypted, password, _iv, _salt) {
+    try {
+      const decoded = JSON.parse(
+        Buffer.from(encrypted, "base64").toString("utf-8")
+      );
+      if (decoded.password !== password) {
+        throw new Error("Invalid password");
+      }
+      return decoded.data;
+    } catch (error) {
+      throw new EmbeddedWalletError("Failed to decrypt private key", {
+        error: error instanceof Error ? error.message : "Unknown error"
+      });
+    }
+  }
+};
+
+// src/wallet/session-keys/manager.ts
+var import_accounts4 = require("viem/accounts");
+var SessionKeyManager = class {
+  sessionKeys = /* @__PURE__ */ new Map();
+  /**
+   * Generate a new session key
+   *
+   * @param parentAddress - Parent wallet address
+   * @param options - Session key configuration
+   * @returns Created session key
+   */
+  generateSessionKey(parentAddress, options) {
+    const privateKey = `0x${Array.from(
+      { length: 64 },
+      () => Math.floor(Math.random() * 16).toString(16)
+    ).join("")}`;
+    const account = (0, import_accounts4.privateKeyToAccount)(privateKey);
+    const ttl = options.ttl || 3600;
+    const now = /* @__PURE__ */ new Date();
+    const expiresAt = new Date(now.getTime() + ttl * 1e3);
+    const sessionKey = {
+      id: `sk_${Date.now()}_${Math.random().toString(36).substring(7)}`,
+      privateKey,
+      address: account.address,
+      parentAddress,
+      ttl,
+      expiresAt,
+      permissions: options.permissions || {},
+      createdAt: now,
+      isActive: true,
+      chain: options.chain
+    };
+    this.sessionKeys.set(sessionKey.id, sessionKey);
+    return sessionKey;
+  }
+  /**
+   * Get session key by ID
+   *
+   * @param sessionKeyId - Session key identifier
+   * @returns Session key or undefined
+   */
+  getSessionKey(sessionKeyId) {
+    const sessionKey = this.sessionKeys.get(sessionKeyId);
+    if (sessionKey && /* @__PURE__ */ new Date() > sessionKey.expiresAt) {
+      sessionKey.isActive = false;
+    }
+    return sessionKey;
+  }
+  /**
+   * Revoke a session key
+   *
+   * @param sessionKeyId - Session key identifier
+   */
+  revokeSessionKey(sessionKeyId) {
+    const sessionKey = this.sessionKeys.get(sessionKeyId);
+    if (sessionKey) {
+      sessionKey.isActive = false;
+    }
+  }
+  /**
+   * List all session keys for a parent address
+   *
+   * @param parentAddress - Parent wallet address
+   * @returns Array of session keys
+   */
+  listSessionKeys(parentAddress) {
+    return Array.from(this.sessionKeys.values()).filter(
+      (sk) => sk.parentAddress.toLowerCase() === parentAddress.toLowerCase()
+    );
+  }
+  /**
+   * List active session keys for a parent address
+   *
+   * @param parentAddress - Parent wallet address
+   * @returns Array of active session keys
+   */
+  listActiveSessionKeys(parentAddress) {
+    return this.listSessionKeys(parentAddress).filter(
+      (sk) => sk.isActive && /* @__PURE__ */ new Date() <= sk.expiresAt
+    );
+  }
+  /**
+   * Validate transaction against session key permissions
+   *
+   * @param sessionKey - Session key
+   * @param request - Transaction request
+   * @throws SessionKeyError if validation fails
+   */
+  validateTransaction(sessionKey, request) {
+    if (!sessionKey.isActive) {
+      throw new SessionKeyError("Session key is not active", {
+        sessionKeyId: sessionKey.id
+      });
+    }
+    if (/* @__PURE__ */ new Date() > sessionKey.expiresAt) {
+      throw new SessionKeyError("Session key has expired", {
+        sessionKeyId: sessionKey.id,
+        expiresAt: sessionKey.expiresAt
+      });
+    }
+    if (request.chain !== sessionKey.chain) {
+      throw new SessionKeyError("Chain mismatch", {
+        sessionKeyId: sessionKey.id,
+        allowedChain: sessionKey.chain,
+        requestedChain: request.chain
+      });
+    }
+    const { permissions } = sessionKey;
+    if (permissions.maxValue && request.value && request.value > permissions.maxValue) {
+      throw new SessionKeyError("Transaction value exceeds maximum", {
+        sessionKeyId: sessionKey.id,
+        maxValue: permissions.maxValue.toString(),
+        requestedValue: request.value.toString()
+      });
+    }
+    if (permissions.contracts && permissions.contracts.length > 0) {
+      const isWhitelisted = permissions.contracts.some(
+        (addr) => addr.toLowerCase() === request.to.toLowerCase()
+      );
+      if (!isWhitelisted) {
+        throw new SessionKeyError("Contract not whitelisted", {
+          sessionKeyId: sessionKey.id,
+          whitelistedContracts: permissions.contracts,
+          requestedContract: request.to
+        });
+      }
+    }
+    if (permissions.operations && permissions.operations.length > 0 && request.data) {
+      const selector = request.data.slice(0, 10);
+      const isAllowed = permissions.operations.some(
+        (op) => op.toLowerCase() === selector.toLowerCase()
+      );
+      if (!isAllowed) {
+        throw new SessionKeyError("Operation not allowed", {
+          sessionKeyId: sessionKey.id,
+          allowedOperations: permissions.operations,
+          requestedOperation: selector
+        });
+      }
+    }
+  }
+  /**
+   * Sign transaction with session key
+   *
+   * @param sessionKeyId - Session key identifier
+   * @param request - Transaction request
+   * @returns Signed transaction
+   * @throws SessionKeyError if session key is invalid or transaction violates permissions
+   */
+  async signWithSessionKey(sessionKeyId, request) {
+    const sessionKey = this.sessionKeys.get(sessionKeyId);
+    if (!sessionKey) {
+      throw new SessionKeyError("Session key not found", { sessionKeyId });
+    }
+    this.validateTransaction(sessionKey, request);
+    const account = (0, import_accounts4.privateKeyToAccount)(sessionKey.privateKey);
+    const serialized = JSON.stringify({
+      from: account.address,
+      to: request.to,
+      value: request.value?.toString(),
+      data: request.data,
+      gasLimit: request.gasLimit?.toString(),
+      gasPrice: request.gasPrice?.toString(),
+      nonce: request.nonce,
+      chain: request.chain
+    });
+    const signature = await account.signMessage({
+      message: serialized
+    });
+    return {
+      rawTransaction: signature,
+      hash: `0x${Array.from(
+        { length: 64 },
+        () => Math.floor(Math.random() * 16).toString(16)
+      ).join("")}`,
+      from: account.address,
+      chain: request.chain
+    };
+  }
+  /**
+   * Clean up expired session keys
+   *
+   * @returns Number of removed session keys
+   */
+  cleanupExpired() {
+    const now = /* @__PURE__ */ new Date();
+    let removed = 0;
+    for (const [id, sessionKey] of this.sessionKeys.entries()) {
+      if (now > sessionKey.expiresAt) {
+        this.sessionKeys.delete(id);
+        removed++;
+      }
+    }
+    return removed;
+  }
+  /**
+   * Get session key statistics
+   *
+   * @returns Statistics about session keys
+   */
+  getStats() {
+    const all = Array.from(this.sessionKeys.values());
+    const active = all.filter(
+      (sk) => sk.isActive && /* @__PURE__ */ new Date() <= sk.expiresAt
+    );
+    const expired = all.filter((sk) => /* @__PURE__ */ new Date() > sk.expiresAt);
+    return {
+      total: all.length,
+      active: active.length,
+      expired: expired.length,
+      inactive: all.length - active.length - expired.length
+    };
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BatcherError,
+  COIN_TYPES,
+  CORE_NETWORK_IDS,
+  EmbeddedWalletError,
+  EmbeddedWalletManager,
+  SessionKeyError,
+  SessionKeyManager,
+  TransactionBatcher,
+  WalletError,
+  deriveAccount,
+  deriveAccounts,
+  deriveFaucetAccount,
+  generateMnemonic,
+  getDerivationPath,
+  validateMnemonic
+});
+//# sourceMappingURL=index.cjs.map