@cloakedagent/sdk 0.1.0

package/dist/token.js

@@ -0,0 +1,896 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CloakToken = void 0;
+const web3_js_1 = require("@solana/web3.js");
+const anchor_1 = require("@coral-xyz/anchor");
+const bs58_1 = __importDefault(require("bs58"));
+const constants_1 = require("./constants");
+const idl_json_1 = __importDefault(require("./idl.json"));
+const zk_1 = require("./zk");
+const relayer_1 = require("./relayer");
+// Seconds in a day for daily limit calculations
+const SECONDS_PER_DAY = 86400;
+/**
+ * CloakToken - Represents a Cloak payment token
+ *
+ * A Cloak token is a Solana keypair where:
+ * - The private key is the "token code" (what users save)
+ * - The derived PDA holds the SOL balance
+ * - Signing with the keypair authorizes redemptions
+ *
+ * Two modes of operation:
+ * - Agent mode (via constructor): Has token code, can spend
+ * - Owner mode (via forOwner): No token code, can manage (freeze/unfreeze/update/close)
+ */
+class CloakToken {
+    /**
+     * Create a CloakToken from a token code (agent mode - can spend)
+     * @param tokenCode - Base58 encoded secret key
+     * @param rpcUrl - Solana RPC endpoint URL
+     */
+    constructor(tokenCode, rpcUrl) {
+        // Private mode fields
+        this._ownerCommitment = null;
+        this._agentSecret = null;
+        this._nonce = null;
+        // Cached PDAs (set by forPrivateOwner to avoid getter issues)
+        this._tokenStatePda = null;
+        this._vaultPda = null;
+        // Decode the base58 token code to get the secret key
+        const secretKey = bs58_1.default.decode(tokenCode);
+        // Create keypair from secret key
+        this.keypair = web3_js_1.Keypair.fromSecretKey(secretKey);
+        this.delegatePubkey = this.keypair.publicKey;
+        // Create connection to Solana
+        this.connection = new web3_js_1.Connection(rpcUrl, "confirmed");
+        // Derive the legacy PDA (seeds = ["token", delegate]) - kept for backward compatibility
+        const [pda, bump] = web3_js_1.PublicKey.findProgramAddressSync([Buffer.from("token"), this.delegatePubkey.toBuffer()], constants_1.CLOAK_PROGRAM_ID);
+        this._pda = pda;
+        this._bump = bump;
+    }
+    /**
+     * Create a CloakToken for owner management (freeze, unfreeze, update, close, withdraw, deposit)
+     * Does NOT have delegate keypair - cannot spend.
+     * Use this when you have the delegate's public key but not the token code.
+     *
+     * @param delegatePubkey - Public key of the delegate (from URL or on-chain data)
+     * @param rpcUrl - Solana RPC endpoint URL
+     */
+    static forOwner(delegatePubkey, rpcUrl) {
+        const pubkey = typeof delegatePubkey === "string"
+            ? new web3_js_1.PublicKey(delegatePubkey)
+            : delegatePubkey;
+        // Create instance without going through constructor
+        const instance = Object.create(CloakToken.prototype);
+        instance.keypair = null;
+        instance.delegatePubkey = pubkey;
+        instance.connection = new web3_js_1.Connection(rpcUrl, "confirmed");
+        instance._ownerCommitment = null;
+        instance._agentSecret = null;
+        instance._nonce = null;
+        const [pda, bump] = web3_js_1.PublicKey.findProgramAddressSync([Buffer.from("token"), pubkey.toBuffer()], constants_1.CLOAK_PROGRAM_ID);
+        instance._pda = pda;
+        instance._bump = bump;
+        return instance;
+    }
+    /**
+     * Create a CloakToken for private owner management (ZK proof-based)
+     * Uses the master secret and nonce to derive the agent secret and find the token.
+     *
+     * @param masterSecret - Master secret derived from wallet signature
+     * @param nonce - Agent index (0, 1, 2, ...)
+     * @param rpcUrl - Solana RPC endpoint URL
+     * @returns CloakToken instance for private management
+     */
+    static async forPrivateOwner(masterSecret, nonce, rpcUrl) {
+        const { agentSecret, commitment } = await (0, zk_1.deriveAgentSecrets)(masterSecret, nonce);
+        const connection = new web3_js_1.Connection(rpcUrl, "confirmed");
+        // Find token by commitment
+        const found = await (0, zk_1.findTokenByCommitment)(commitment, connection);
+        if (!found) {
+            throw new Error(`No private agent found for nonce ${nonce}`);
+        }
+        // Create instance for private management
+        const instance = Object.create(CloakToken.prototype);
+        instance.keypair = null;
+        instance.delegatePubkey = found.delegate;
+        instance.connection = connection;
+        instance._ownerCommitment = (0, zk_1.commitmentToBytes)(commitment);
+        instance._agentSecret = agentSecret;
+        instance._nonce = nonce;
+        // Legacy PDA (seeds = ["token", delegate]) - kept for backward compatibility
+        const [pda, bump] = web3_js_1.PublicKey.findProgramAddressSync([Buffer.from("token"), found.delegate.toBuffer()], constants_1.CLOAK_PROGRAM_ID);
+        instance._pda = pda;
+        instance._bump = bump;
+        // Cache tokenStatePda and vaultPda for private mode operations
+        const [tokenStatePda] = web3_js_1.PublicKey.findProgramAddressSync([Buffer.from("token_state"), found.delegate.toBuffer()], constants_1.CLOAK_PROGRAM_ID);
+        instance._tokenStatePda = tokenStatePda;
+        const [vaultPda] = web3_js_1.PublicKey.findProgramAddressSync([Buffer.from("vault"), tokenStatePda.toBuffer()], constants_1.CLOAK_PROGRAM_ID);
+        instance._vaultPda = vaultPda;
+        return instance;
+    }
+    /**
+     * Check if this token is in private mode
+     */
+    get isPrivateMode() {
+        return this._ownerCommitment !== null && this._agentSecret !== null;
+    }
+    /**
+     * Get the owner commitment (private mode only)
+     */
+    get ownerCommitment() {
+        return this._ownerCommitment;
+    }
+    /**
+     * The token's public key (used to derive PDA)
+     */
+    get publicKey() {
+        return this.delegatePubkey;
+    }
+    /**
+     * The PDA that holds this token's SOL balance
+     */
+    get pda() {
+        return this._pda;
+    }
+    /**
+     * The bump seed used for PDA derivation
+     */
+    get bump() {
+        return this._bump;
+    }
+    /**
+     * Get the TokenState PDA address for this delegate
+     */
+    get tokenStatePda() {
+        // Use cached value if available (set by forPrivateOwner)
+        if (this._tokenStatePda) {
+            return this._tokenStatePda;
+        }
+        const [pda] = web3_js_1.PublicKey.findProgramAddressSync([Buffer.from("token_state"), this.delegatePubkey.toBuffer()], constants_1.CLOAK_PROGRAM_ID);
+        return pda;
+    }
+    /**
+     * Get the Vault PDA address for this token
+     */
+    get vaultPda() {
+        // Use cached value if available (set by forPrivateOwner)
+        if (this._vaultPda) {
+            return this._vaultPda;
+        }
+        const tokenStatePda = this.tokenStatePda;
+        const [vault] = web3_js_1.PublicKey.findProgramAddressSync([Buffer.from("vault"), tokenStatePda.toBuffer()], constants_1.CLOAK_PROGRAM_ID);
+        return vault;
+    }
+    /**
+     * Get the current SOL balance of this token
+     * @returns Balance in SOL
+     */
+    async getBalance() {
+        const lamports = await this.connection.getBalance(this.vaultPda);
+        return lamports / web3_js_1.LAMPORTS_PER_SOL;
+    }
+    /**
+     * Get the current balance in lamports
+     * @returns Balance in lamports
+     */
+    async getBalanceLamports() {
+        return await this.connection.getBalance(this.vaultPda);
+    }
+    /**
+     * Generate a new random Cloak token
+     * @param rpcUrl - Solana RPC endpoint URL
+     * @returns New token instance and its token code
+     */
+    static generate(rpcUrl) {
+        const keypair = web3_js_1.Keypair.generate();
+        const tokenCode = bs58_1.default.encode(keypair.secretKey);
+        const token = new CloakToken(tokenCode, rpcUrl);
+        return { token, tokenCode };
+    }
+    /**
+     * Derive the PDA for any public key (without needing full token)
+     * @param publicKey - Token's public key
+     * @returns The PDA address
+     */
+    static derivePda(publicKey) {
+        const [pda] = web3_js_1.PublicKey.findProgramAddressSync([Buffer.from("token"), publicKey.toBuffer()], constants_1.CLOAK_PROGRAM_ID);
+        return pda;
+    }
+    /**
+     * Derive PDA with bump
+     * @param publicKey - Token's public key
+     * @returns The PDA address and bump
+     */
+    static derivePdaWithBump(publicKey) {
+        return web3_js_1.PublicKey.findProgramAddressSync([Buffer.from("token"), publicKey.toBuffer()], constants_1.CLOAK_PROGRAM_ID);
+    }
+    /**
+     * Derive TokenState PDA for a delegate
+     */
+    static deriveTokenStatePda(delegate) {
+        const [pda] = web3_js_1.PublicKey.findProgramAddressSync([Buffer.from("token_state"), delegate.toBuffer()], constants_1.CLOAK_PROGRAM_ID);
+        return pda;
+    }
+    /**
+     * Derive Vault PDA from TokenState PDA
+     */
+    static deriveVaultPda(tokenStatePda) {
+        const [vault] = web3_js_1.PublicKey.findProgramAddressSync([Buffer.from("vault"), tokenStatePda.toBuffer()], constants_1.CLOAK_PROGRAM_ID);
+        return vault;
+    }
+    /**
+     * Create a new Cloak token with constraints on-chain
+     * @param connection - Solana connection
+     * @param owner - Owner wallet (Signer - can be wallet adapter or wrapped Keypair)
+     * @param options - Token creation options
+     * @returns New CloakToken instance and token code
+     */
+    static async create(connection, owner, options) {
+        const rpcUrl = connection.rpcEndpoint;
+        // Generate new delegate keypair
+        const delegate = web3_js_1.Keypair.generate();
+        const tokenCode = bs58_1.default.encode(delegate.secretKey);
+        // Create program instance - Signer matches Wallet interface
+        const provider = new anchor_1.AnchorProvider(connection, owner, { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, provider);
+        // Convert expiration to unix timestamp (0 = never)
+        const expiresAt = options.expiresAt
+            ? Math.floor(options.expiresAt.getTime() / 1000)
+            : 0;
+        // Derive PDAs
+        const tokenStatePda = CloakToken.deriveTokenStatePda(delegate.publicKey);
+        const vaultPda = CloakToken.deriveVaultPda(tokenStatePda);
+        // Call create_token instruction
+        const signature = await program.methods
+            .createToken(new anchor_1.BN(options.maxPerTx ?? 0), new anchor_1.BN(options.dailyLimit ?? 0), new anchor_1.BN(options.totalLimit ?? 0), new anchor_1.BN(expiresAt))
+            .accounts({
+            tokenState: tokenStatePda,
+            vault: vaultPda,
+            owner: owner.publicKey,
+            delegate: delegate.publicKey,
+            payer: owner.publicKey,
+            systemProgram: web3_js_1.SystemProgram.programId,
+        })
+            .rpc();
+        // If initial deposit requested, deposit funds
+        if (options.initialDeposit && options.initialDeposit > 0) {
+            await program.methods
+                .deposit(new anchor_1.BN(options.initialDeposit))
+                .accounts({
+                tokenState: tokenStatePda,
+                vault: vaultPda,
+                depositor: owner.publicKey,
+                systemProgram: web3_js_1.SystemProgram.programId,
+            })
+                .rpc();
+        }
+        const token = new CloakToken(tokenCode, rpcUrl);
+        return { token, tokenCode, signature };
+    }
+    /**
+     * Fetch full token state from on-chain
+     * @returns TokenState with all constraints and spending info
+     */
+    async getState() {
+        // Create a dummy wallet for read-only operations
+        const dummyWallet = this.keypair
+            ? new anchor_1.Wallet(this.keypair)
+            : { publicKey: this.delegatePubkey, signTransaction: async (tx) => tx, signAllTransactions: async (txs) => txs };
+        const provider = new anchor_1.AnchorProvider(this.connection, dummyWallet, { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, provider);
+        const tokenStatePda = this.tokenStatePda;
+        const vaultPda = this.vaultPda;
+        // Fetch token state account
+        const state = await program.account.tokenState.fetch(tokenStatePda);
+        // Fetch vault balance
+        const balance = await this.connection.getBalance(vaultPda);
+        // Get current time for status check
+        const now = Math.floor(Date.now() / 1000);
+        const currentDay = Math.floor(now / SECONDS_PER_DAY);
+        const lastDay = state.lastDay.toNumber();
+        // Calculate daily remaining (reset if new day)
+        const dailySpent = currentDay > lastDay ? 0 : state.dailySpent.toNumber();
+        const dailyLimit = state.dailyLimit.toNumber();
+        const dailyRemaining = dailyLimit === 0 ? Number.MAX_SAFE_INTEGER : Math.max(0, dailyLimit - dailySpent);
+        // Calculate total remaining
+        const totalSpent = state.totalSpent.toNumber();
+        const totalLimit = state.totalLimit.toNumber();
+        const totalRemaining = totalLimit === 0 ? Number.MAX_SAFE_INTEGER : Math.max(0, totalLimit - totalSpent);
+        // Determine status
+        const expiresAtTs = state.expiresAt.toNumber();
+        const isExpired = expiresAtTs !== 0 && now > expiresAtTs;
+        const isFrozen = state.frozen;
+        let status;
+        if (isFrozen) {
+            status = "frozen";
+        }
+        else if (isExpired) {
+            status = "expired";
+        }
+        else {
+            status = "active";
+        }
+        // Handle Option<Pubkey> for owner - null if private mode
+        const owner = state.owner ? state.owner : null;
+        const ownerCommitment = new Uint8Array(state.ownerCommitment);
+        const isPrivate = owner === null;
+        return {
+            address: tokenStatePda,
+            owner,
+            ownerCommitment,
+            delegate: state.delegate,
+            balance,
+            constraints: {
+                maxPerTx: state.maxPerTx.toNumber(),
+                dailyLimit,
+                totalLimit,
+                expiresAt: expiresAtTs === 0 ? null : new Date(expiresAtTs * 1000),
+                frozen: isFrozen,
+            },
+            spending: {
+                totalSpent,
+                dailySpent,
+                dailyRemaining,
+                totalRemaining,
+            },
+            status,
+            createdAt: new Date(state.createdAt.toNumber() * 1000),
+            isPrivate,
+        };
+    }
+    /**
+     * Spend from vault to destination (delegate signs)
+     * Requires agent mode (token code) - throws if in owner mode.
+     *
+     * Two fee payment modes:
+     *
+     * 1. **With feePayer (standard mode)**: User's wallet pays tx fee directly
+     *    - No relayer involved
+     *    - Normal tx fee (~5k lamports) paid by user wallet
+     *    - Vault only pays the amount to destination
+     *
+     * 2. **Without feePayer (agent/MCP mode)**: Relayer pays, vault reimburses
+     *    - Relayer fronts the tx fee
+     *    - Vault reimburses relayer 10k lamports
+     *    - Delegate doesn't need any SOL
+     *
+     * @param options - Spend options (destination, amount, optional feePayer)
+     * @returns Spend result with signature and remaining balances
+     */
+    async spend(options) {
+        if (!this.keypair) {
+            throw new Error("Cannot spend in owner mode - requires token code");
+        }
+        const tokenStatePda = this.tokenStatePda;
+        const vaultPda = this.vaultPda;
+        // If feePayer provided, user pays directly (no relayer)
+        if (options.feePayer) {
+            return this.spendWithFeePayer(options, tokenStatePda, vaultPda);
+        }
+        // No feePayer - use relayer
+        return this.spendViaRelayer(options, tokenStatePda, vaultPda);
+    }
+    /**
+     * Spend with user-provided fee payer (no relayer)
+     */
+    async spendWithFeePayer(options, tokenStatePda, vaultPda) {
+        const feePayer = options.feePayer;
+        const provider = new anchor_1.AnchorProvider(this.connection, feePayer, { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, provider);
+        // Build the spend instruction
+        const spendIx = await program.methods
+            .spend(new anchor_1.BN(options.amount))
+            .accounts({
+            tokenState: tokenStatePda,
+            vault: vaultPda,
+            delegate: this.keypair.publicKey,
+            feePayer: feePayer.publicKey,
+            destination: options.destination,
+            systemProgram: web3_js_1.SystemProgram.programId,
+        })
+            .instruction();
+        // Build transaction with user's wallet as fee payer
+        const tx = new web3_js_1.Transaction();
+        tx.add(spendIx);
+        tx.feePayer = feePayer.publicKey;
+        tx.recentBlockhash = (await this.connection.getLatestBlockhash()).blockhash;
+        // Delegate signs
+        tx.partialSign(this.keypair);
+        // Fee payer signs and sends via provider
+        const signature = await provider.sendAndConfirm(tx, [this.keypair]);
+        // Fetch updated state for remaining balances
+        const state = await this.getState();
+        return {
+            signature,
+            remainingBalance: state.balance,
+            dailyRemaining: state.spending.dailyRemaining,
+        };
+    }
+    /**
+     * Spend via relayer (relayer pays, vault reimburses)
+     */
+    async spendViaRelayer(options, tokenStatePda, vaultPda) {
+        const apiUrl = process.env.CLOAK_BACKEND_URL || undefined;
+        // Get relayer public key to use as fee payer
+        const feePayerPubkey = await (0, relayer_1.getRelayerPublicKey)(apiUrl);
+        // Create a dummy provider just for building the instruction
+        const dummyProvider = new anchor_1.AnchorProvider(this.connection, new anchor_1.Wallet(this.keypair), { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, dummyProvider);
+        // Build the spend instruction
+        const spendIx = await program.methods
+            .spend(new anchor_1.BN(options.amount))
+            .accounts({
+            tokenState: tokenStatePda,
+            vault: vaultPda,
+            delegate: this.keypair.publicKey,
+            feePayer: feePayerPubkey,
+            destination: options.destination,
+            systemProgram: web3_js_1.SystemProgram.programId,
+        })
+            .instruction();
+        // Build transaction with relayer as fee payer
+        const tx = new web3_js_1.Transaction();
+        tx.add(spendIx);
+        tx.feePayer = feePayerPubkey;
+        tx.recentBlockhash = (await this.connection.getLatestBlockhash()).blockhash;
+        // Delegate signs the transaction
+        tx.partialSign(this.keypair);
+        // Serialize and send to relayer for co-signing
+        const serializedTx = tx.serialize({ requireAllSignatures: false });
+        const txBase64 = serializedTx.toString("base64");
+        const signature = await (0, relayer_1.cosignSpendViaRelayer)(txBase64, apiUrl);
+        // Fetch updated state for remaining balances
+        const state = await this.getState();
+        return {
+            signature,
+            remainingBalance: state.balance,
+            dailyRemaining: state.spending.dailyRemaining,
+        };
+    }
+    /**
+     * Deposit SOL to vault (anyone can call)
+     * @param depositor - Signer of the depositor (wallet adapter or wrapped Keypair)
+     * @param amount - Amount in lamports
+     * @returns Transaction signature
+     */
+    async deposit(depositor, amount) {
+        const provider = new anchor_1.AnchorProvider(this.connection, depositor, { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, provider);
+        const tokenStatePda = this.tokenStatePda;
+        const vaultPda = this.vaultPda;
+        const signature = await program.methods
+            .deposit(new anchor_1.BN(amount))
+            .accounts({
+            tokenState: tokenStatePda,
+            vault: vaultPda,
+            depositor: depositor.publicKey,
+            systemProgram: web3_js_1.SystemProgram.programId,
+        })
+            .rpc();
+        return signature;
+    }
+    /**
+     * Freeze token (owner only) - emergency stop
+     * @param owner - Owner signer (wallet adapter or wrapped Keypair)
+     * @returns Transaction signature
+     */
+    async freeze(owner) {
+        const provider = new anchor_1.AnchorProvider(this.connection, owner, { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, provider);
+        const tokenStatePda = this.tokenStatePda;
+        const signature = await program.methods
+            .freeze()
+            .accounts({
+            tokenState: tokenStatePda,
+            owner: owner.publicKey,
+        })
+            .rpc();
+        return signature;
+    }
+    /**
+     * Unfreeze token (owner only)
+     * @param owner - Owner signer (wallet adapter or wrapped Keypair)
+     * @returns Transaction signature
+     */
+    async unfreeze(owner) {
+        const provider = new anchor_1.AnchorProvider(this.connection, owner, { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, provider);
+        const tokenStatePda = this.tokenStatePda;
+        const signature = await program.methods
+            .unfreeze()
+            .accounts({
+            tokenState: tokenStatePda,
+            owner: owner.publicKey,
+        })
+            .rpc();
+        return signature;
+    }
+    /**
+     * Update token constraints (owner only)
+     * @param owner - Owner signer (wallet adapter or wrapped Keypair)
+     * @param options - New constraint values (null = no change)
+     * @returns Transaction signature
+     */
+    async updateConstraints(owner, options) {
+        const provider = new anchor_1.AnchorProvider(this.connection, owner, { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, provider);
+        const tokenStatePda = this.tokenStatePda;
+        // Convert options to BN with null for unchanged values
+        const maxPerTx = options.maxPerTx !== undefined ? new anchor_1.BN(options.maxPerTx) : null;
+        const dailyLimit = options.dailyLimit !== undefined ? new anchor_1.BN(options.dailyLimit) : null;
+        const totalLimit = options.totalLimit !== undefined ? new anchor_1.BN(options.totalLimit) : null;
+        const expiresAt = options.expiresAt !== undefined
+            ? new anchor_1.BN(options.expiresAt ? Math.floor(options.expiresAt.getTime() / 1000) : 0)
+            : null;
+        const signature = await program.methods
+            .updateConstraints(maxPerTx, dailyLimit, totalLimit, expiresAt)
+            .accounts({
+            tokenState: tokenStatePda,
+            owner: owner.publicKey,
+        })
+            .rpc();
+        return signature;
+    }
+    /**
+     * Close token and reclaim all funds to owner (owner only)
+     * @param owner - Owner signer (wallet adapter or wrapped Keypair)
+     * @returns Transaction signature
+     */
+    async close(owner) {
+        const provider = new anchor_1.AnchorProvider(this.connection, owner, { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, provider);
+        const tokenStatePda = this.tokenStatePda;
+        const vaultPda = this.vaultPda;
+        const signature = await program.methods
+            .closeToken()
+            .accounts({
+            tokenState: tokenStatePda,
+            vault: vaultPda,
+            owner: owner.publicKey,
+            systemProgram: web3_js_1.SystemProgram.programId,
+        })
+            .rpc();
+        return signature;
+    }
+    /**
+     * Withdraw from vault to any destination (owner only, no constraints)
+     * Works even if token is frozen or expired - owner has full control
+     * Preserves privacy by allowing withdrawal to any wallet
+     * @param owner - Owner signer (wallet adapter or wrapped Keypair)
+     * @param amount - Amount in lamports to withdraw
+     * @param destination - Destination wallet (any PublicKey)
+     * @returns Transaction signature
+     */
+    async withdraw(owner, amount, destination) {
+        const provider = new anchor_1.AnchorProvider(this.connection, owner, { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, provider);
+        const tokenStatePda = this.tokenStatePda;
+        const vaultPda = this.vaultPda;
+        const signature = await program.methods
+            .withdraw(new anchor_1.BN(amount))
+            .accounts({
+            tokenState: tokenStatePda,
+            vault: vaultPda,
+            owner: owner.publicKey,
+            destination: destination,
+            systemProgram: web3_js_1.SystemProgram.programId,
+        })
+            .rpc();
+        return signature;
+    }
+    // ============================================
+    // Private Mode Methods (ZK Proof-Based)
+    // ============================================
+    /**
+     * Create a new Cloak token in private mode (no wallet linked on-chain)
+     *
+     * @param connection - Solana connection
+     * @param payer - Payer for transaction fees (can be any signer)
+     * @param masterSecret - Master secret derived from wallet signature
+     * @param nonce - Agent index (0, 1, 2, ...)
+     * @param options - Token creation options
+     * @returns New CloakToken instance (with private mode) and token code
+     */
+    static async createPrivate(connection, payer, masterSecret, nonce, options) {
+        const rpcUrl = connection.rpcEndpoint;
+        // Derive commitment from master secret and nonce
+        const { agentSecret, commitment } = await (0, zk_1.deriveAgentSecrets)(masterSecret, nonce);
+        const commitmentBytes = (0, zk_1.commitmentToBytes)(commitment);
+        // Generate new delegate keypair
+        const delegate = web3_js_1.Keypair.generate();
+        const tokenCode = bs58_1.default.encode(delegate.secretKey);
+        // Create program instance
+        const provider = new anchor_1.AnchorProvider(connection, payer, { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, provider);
+        // Convert expiration to unix timestamp (0 = never)
+        const expiresAt = options.expiresAt
+            ? Math.floor(options.expiresAt.getTime() / 1000)
+            : 0;
+        // Derive PDAs
+        const tokenStatePda = CloakToken.deriveTokenStatePda(delegate.publicKey);
+        const vaultPda = CloakToken.deriveVaultPda(tokenStatePda);
+        // Call create_token_private instruction
+        const signature = await program.methods
+            .createTokenPrivate(Array.from(commitmentBytes), new anchor_1.BN(options.maxPerTx ?? 0), new anchor_1.BN(options.dailyLimit ?? 0), new anchor_1.BN(options.totalLimit ?? 0), new anchor_1.BN(expiresAt))
+            .accounts({
+            tokenState: tokenStatePda,
+            vault: vaultPda,
+            delegate: delegate.publicKey,
+            payer: payer.publicKey,
+            systemProgram: web3_js_1.SystemProgram.programId,
+        })
+            .rpc();
+        // If initial deposit requested, deposit funds
+        if (options.initialDeposit && options.initialDeposit > 0) {
+            await program.methods
+                .deposit(new anchor_1.BN(options.initialDeposit))
+                .accounts({
+                tokenState: tokenStatePda,
+                vault: vaultPda,
+                depositor: payer.publicKey,
+                systemProgram: web3_js_1.SystemProgram.programId,
+            })
+                .rpc();
+        }
+        // Create token instance with private mode
+        const token = new CloakToken(tokenCode, rpcUrl);
+        token._ownerCommitment = commitmentBytes;
+        token._agentSecret = agentSecret;
+        token._nonce = nonce;
+        return { token, tokenCode, signature };
+    }
+    /**
+     * Create a new Cloak token via relayer (truly private - user wallet never signs on-chain)
+     *
+     * This is the most private mode of operation:
+     * 1. User signs message to derive master secret (client-side only)
+     * 2. User sends total (fee + funding) to relayer via Privacy Cash
+     * 3. Relayer keeps 0.01 SOL fee, forwards rest to vault
+     * 4. Relayer creates the agent on-chain (generates delegate)
+     * 5. TokenCode encrypted for user (only user can decrypt)
+     * 6. User's wallet NEVER appears in any on-chain transaction
+     *
+     * @param masterSecret - Master secret derived from wallet signature
+     * @param nonce - Agent index (0, 1, 2, ...)
+     * @param options - Token creation options
+     * @param depositSignature - Privacy Cash tx signature to relayer
+     * @param depositAmount - Total lamports sent (fee + vault funding)
+     * @param rpcUrl - Solana RPC endpoint URL
+     * @param apiUrl - Optional backend API URL
+     * @returns New CloakToken instance (with private mode) and token code
+     */
+    static async createPrivateViaRelayer(masterSecret, nonce, options, depositSignature, depositAmount, rpcUrl, apiUrl) {
+        // Call relayer API
+        const result = await (0, relayer_1.createPrivateAgentViaRelayer)(masterSecret, nonce, {
+            maxPerTx: options.maxPerTx,
+            dailyLimit: options.dailyLimit,
+            totalLimit: options.totalLimit,
+            expiresAt: options.expiresAt,
+        }, depositSignature, depositAmount, apiUrl);
+        // Derive agent secret for private mode operations
+        const { agentSecret, commitment } = await (0, zk_1.deriveAgentSecrets)(masterSecret, nonce);
+        const commitmentBytes = (0, zk_1.commitmentToBytes)(commitment);
+        // Create token instance with private mode
+        const token = new CloakToken(result.tokenCode, rpcUrl);
+        token._ownerCommitment = commitmentBytes;
+        token._agentSecret = agentSecret;
+        token._nonce = nonce;
+        return {
+            token,
+            tokenCode: result.tokenCode,
+            signature: result.signature,
+            vaultPda: result.vaultPda,
+        };
+    }
+    /**
+     * Create a new Cloak token using your own relayer keypair (no backend needed, no fees)
+     *
+     * This is for technical users who want to:
+     * - Use their own funded keypair as a relayer
+     * - Pay their own rent (no 0.01 SOL fee to our relayer)
+     * - Have full control over the creation process
+     * - Fund vault separately via Privacy Cash for anonymity
+     *
+     * Flow:
+     * 1. User signs message to derive master secret (client-side only)
+     * 2. User provides a funded Keypair to pay rent
+     * 3. Creates agent directly on-chain (relayerKeypair signs and pays)
+     * 4. User's main wallet NEVER appears in any on-chain transaction
+     * 5. Fund vault separately via Privacy Cash for complete anonymity
+     *
+     * @param masterSecret - Master secret derived from wallet signature
+     * @param nonce - Agent index (0, 1, 2, ...)
+     * @param options - Token creation options
+     * @param relayerKeypair - User's own funded keypair (pays rent ~0.00138 SOL)
+     * @param rpcUrl - Solana RPC endpoint URL
+     * @returns New CloakToken instance (with private mode) and token code
+     */
+    static async createPrivateWithRelayer(masterSecret, nonce, options, relayerKeypair, rpcUrl) {
+        const connection = new web3_js_1.Connection(rpcUrl, "confirmed");
+        // Derive commitment from master secret and nonce
+        const { agentSecret, commitment } = await (0, zk_1.deriveAgentSecrets)(masterSecret, nonce);
+        const commitmentBytes = (0, zk_1.commitmentToBytes)(commitment);
+        // Generate new delegate keypair
+        const delegate = web3_js_1.Keypair.generate();
+        const tokenCode = bs58_1.default.encode(delegate.secretKey);
+        // Create program instance with relayer as payer
+        const provider = new anchor_1.AnchorProvider(connection, new anchor_1.Wallet(relayerKeypair), { commitment: "confirmed" });
+        const program = new anchor_1.Program(idl_json_1.default, provider);
+        // Convert expiration to unix timestamp (0 = never)
+        const expiresAt = options.expiresAt
+            ? Math.floor(options.expiresAt.getTime() / 1000)
+            : 0;
+        // Derive PDAs
+        const tokenStatePda = CloakToken.deriveTokenStatePda(delegate.publicKey);
+        const vaultPda = CloakToken.deriveVaultPda(tokenStatePda);
+        // Call create_token_private instruction
+        const signature = await program.methods
+            .createTokenPrivate(Array.from(commitmentBytes), new anchor_1.BN(options.maxPerTx ?? 0), new anchor_1.BN(options.dailyLimit ?? 0), new anchor_1.BN(options.totalLimit ?? 0), new anchor_1.BN(expiresAt))
+            .accounts({
+            tokenState: tokenStatePda,
+            vault: vaultPda,
+            delegate: delegate.publicKey,
+            payer: relayerKeypair.publicKey,
+            systemProgram: web3_js_1.SystemProgram.programId,
+        })
+            .rpc();
+        // Create token instance with private mode
+        const token = new CloakToken(tokenCode, rpcUrl);
+        token._ownerCommitment = commitmentBytes;
+        token._agentSecret = agentSecret;
+        token._nonce = nonce;
+        return {
+            token,
+            tokenCode,
+            signature,
+            vaultPda,
+        };
+    }
+    /**
+     * Helper to get a dummy wallet for read-only operations
+     */
+    getDummyWallet() {
+        if (this.keypair) {
+            return new anchor_1.Wallet(this.keypair);
+        }
+        return {
+            publicKey: this.delegatePubkey,
+            signTransaction: async (tx) => tx,
+            signAllTransactions: async (txs) => txs,
+        };
+    }
+    /**
+     * Freeze token using ZK proof (private mode only)
+     * Uses relayer to submit transaction - vault pays for fees
+     * @param apiUrl - Optional API URL for relayer
+     * @returns Transaction signature
+     */
+    async freezePrivate(apiUrl) {
+        if (!this._agentSecret || !this._ownerCommitment) {
+            throw new Error("Not in private mode - use freeze() with owner signer instead");
+        }
+        if (!(0, zk_1.isProverReady)()) {
+            throw new Error("ZK prover not initialized. Call initProver() first.");
+        }
+        const commitment = (0, zk_1.bytesToCommitment)(this._ownerCommitment);
+        const proof = await (0, zk_1.generateOwnershipProof)(this._agentSecret, commitment);
+        const proofArgs = (0, zk_1.proofToInstructionArgs)(proof);
+        const signature = await (0, relayer_1.freezePrivateViaRelayer)({
+            tokenStatePda: this.tokenStatePda.toBase58(),
+            proofBytes: Array.from(proofArgs.proofBytes),
+            witnessBytes: Array.from(proofArgs.witnessBytes),
+        }, apiUrl);
+        return signature;
+    }
+    /**
+     * Unfreeze token using ZK proof (private mode only)
+     * Uses relayer to submit transaction - vault pays for fees
+     * @param apiUrl - Optional API URL for relayer
+     * @returns Transaction signature
+     */
+    async unfreezePrivate(apiUrl) {
+        if (!this._agentSecret || !this._ownerCommitment) {
+            throw new Error("Not in private mode - use unfreeze() with owner signer instead");
+        }
+        if (!(0, zk_1.isProverReady)()) {
+            throw new Error("ZK prover not initialized. Call initProver() first.");
+        }
+        const commitment = (0, zk_1.bytesToCommitment)(this._ownerCommitment);
+        const proof = await (0, zk_1.generateOwnershipProof)(this._agentSecret, commitment);
+        const proofArgs = (0, zk_1.proofToInstructionArgs)(proof);
+        const signature = await (0, relayer_1.unfreezePrivateViaRelayer)({
+            tokenStatePda: this.tokenStatePda.toBase58(),
+            proofBytes: Array.from(proofArgs.proofBytes),
+            witnessBytes: Array.from(proofArgs.witnessBytes),
+        }, apiUrl);
+        return signature;
+    }
+    /**
+     * Update constraints using ZK proof (private mode only)
+     * Uses relayer to submit transaction - vault pays for fees
+     * @param options - New constraint values (undefined = no change)
+     * @param apiUrl - Optional API URL for relayer
+     * @returns Transaction signature
+     */
+    async updateConstraintsPrivate(options, apiUrl) {
+        if (!this._agentSecret || !this._ownerCommitment) {
+            throw new Error("Not in private mode - use updateConstraints() with owner signer instead");
+        }
+        if (!(0, zk_1.isProverReady)()) {
+            throw new Error("ZK prover not initialized. Call initProver() first.");
+        }
+        const commitment = (0, zk_1.bytesToCommitment)(this._ownerCommitment);
+        const proof = await (0, zk_1.generateOwnershipProof)(this._agentSecret, commitment);
+        const proofArgs = (0, zk_1.proofToInstructionArgs)(proof);
+        const signature = await (0, relayer_1.updateConstraintsPrivateViaRelayer)({
+            tokenStatePda: this.tokenStatePda.toBase58(),
+            proofBytes: Array.from(proofArgs.proofBytes),
+            witnessBytes: Array.from(proofArgs.witnessBytes),
+            maxPerTx: options.maxPerTx !== undefined ? options.maxPerTx : null,
+            dailyLimit: options.dailyLimit !== undefined ? options.dailyLimit : null,
+            totalLimit: options.totalLimit !== undefined ? options.totalLimit : null,
+            expiresAt: options.expiresAt !== undefined
+                ? (options.expiresAt ? Math.floor(options.expiresAt.getTime() / 1000) : 0)
+                : null,
+        }, apiUrl);
+        return signature;
+    }
+    /**
+     * Close token and reclaim funds using ZK proof (private mode only)
+     * Uses relayer to submit transaction - vault pays for fees
+     * @param destination - Destination for remaining funds
+     * @param apiUrl - Optional API URL for relayer
+     * @returns Transaction signature
+     */
+    async closePrivate(destination, apiUrl) {
+        if (!this._agentSecret || !this._ownerCommitment) {
+            throw new Error("Not in private mode - use close() with owner signer instead");
+        }
+        if (!(0, zk_1.isProverReady)()) {
+            throw new Error("ZK prover not initialized. Call initProver() first.");
+        }
+        const commitment = (0, zk_1.bytesToCommitment)(this._ownerCommitment);
+        const proof = await (0, zk_1.generateOwnershipProof)(this._agentSecret, commitment);
+        const proofArgs = (0, zk_1.proofToInstructionArgs)(proof);
+        const signature = await (0, relayer_1.closePrivateViaRelayer)({
+            tokenStatePda: this.tokenStatePda.toBase58(),
+            proofBytes: Array.from(proofArgs.proofBytes),
+            witnessBytes: Array.from(proofArgs.witnessBytes),
+            destination: destination.toBase58(),
+        }, apiUrl);
+        return signature;
+    }
+    /**
+     * Withdraw using ZK proof (private mode only)
+     * Uses relayer to submit transaction - vault pays for fees
+     * @param amount - Amount in lamports to withdraw
+     * @param destination - Destination for funds
+     * @param apiUrl - Optional API URL for relayer
+     * @returns Transaction signature
+     */
+    async withdrawPrivate(amount, destination, apiUrl) {
+        if (!this._agentSecret || !this._ownerCommitment) {
+            throw new Error("Not in private mode - use withdraw() with owner signer instead");
+        }
+        if (!(0, zk_1.isProverReady)()) {
+            throw new Error("ZK prover not initialized. Call initProver() first.");
+        }
+        const commitment = (0, zk_1.bytesToCommitment)(this._ownerCommitment);
+        const proof = await (0, zk_1.generateOwnershipProof)(this._agentSecret, commitment);
+        const proofArgs = (0, zk_1.proofToInstructionArgs)(proof);
+        const signature = await (0, relayer_1.withdrawPrivateViaRelayer)({
+            tokenStatePda: this.tokenStatePda.toBase58(),
+            proofBytes: Array.from(proofArgs.proofBytes),
+            witnessBytes: Array.from(proofArgs.witnessBytes),
+            amount,
+            destination: destination.toBase58(),
+        }, apiUrl);
+        return signature;
+    }
+}
+exports.CloakToken = CloakToken;
+//# sourceMappingURL=token.js.map