@continuumdao/ctm-mpc-defi 0.1.3 → 0.2.0

package/dist/core/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/core/keygen.ts","../../src/core/purpose.ts","../../src/core/envelope.ts","../../src/core/registry.ts","../../src/core/nodeRead.ts"],"names":[],"mappings":";;;AAOO,SAAS,wBAAwB,IAAA,EAAsD;AAC5F,EAAA,MAAM,MAAM,IAAA,EAAM,UAAA;AAClB,EAAA,IAAI,CAAC,GAAA,IAAO,OAAO,GAAA,KAAQ,UAAU,OAAO,IAAA;AAC5C,EAAA,KAAA,MAAW,CAAA,IAAK,MAAA,CAAO,MAAA,CAAO,GAAG,CAAA,EAAG;AAClC,IAAA,IAAI,OAAO,MAAM,QAAA,IAAY,CAAA,CAAE,MAAK,EAAG,OAAO,EAAE,IAAA,EAAK;AAAA,EACvD;AACA,EAAA,OAAO,IAAA;AACT;AAEO,SAAS,iBAAiB,MAAA,EAA8B;AAC7D,EAAA,MAAM,EAAA,GAAA,CAAM,MAAA,CAAO,SAAA,IAAa,EAAA,EAAI,IAAA,EAAK;AACzC,EAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAChE,EAAA,OAAO,EAAA;AACT;AAEO,SAAS,kBAAkB,MAAA,EAAgC;AAChE,EAAA,OAAO,MAAA,CAAO,WAAW,EAAC;AAC5B;;;ACvBO,SAAS,gBAAA,CAAiB,aAAqB,aAAA,EAAgC;AACpF,EAAA,MAAM,CAAA,GAAI,YAAY,IAAA,EAAK;AAC3B,EAAA,MAAM,MAAA,GAAA,CAAU,aAAA,IAAiB,EAAA,EAAI,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,QAAQ,OAAO,CAAA;AACpB,EAAA,OAAO,CAAA,GAAI,GAAG,CAAC;;AAAA,EAAO,MAAM,CAAA,CAAA,GAAK,MAAA;AACnC;;;AC+BO,SAAS,kBAAkB,KAAA,EAAsD;AACtF,EAAA,MAAM,EAAE,MAAA,EAAQ,kBAAA,EAAoB,IAAA,EAAK,GAAI,KAAA;AAC7C,EAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACrB,IAAA,MAAM,IAAI,MAAM,6CAA6C,CAAA;AAAA,EAC/D;AAEA,EAAA,MAAM,EAAA,GAAA,CAAM,MAAA,CAAO,SAAA,IAAa,EAAA,EAAI,IAAA,EAAK;AACzC,EAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAEhE,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,OAAA,IAAW,EAAC;AACnC,EAAA,MAAM,QAAA,GAAW,wBAAwB,MAAM,CAAA;AAC/C,EAAA,MAAM,KAAA,GAAQ,KAAK,CAAC,CAAA;AAEpB,EAAA,MAAM,gBAAgB,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,OAAO,CAAA;AAC/C,EAAA,MAAM,kBAAkB,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,MAAM,CAAA;AAChD,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,IACjC,oBAAoB,CAAA,CAAE,kBAAA;AAAA,IACtB,eAAe,CAAA,CAAE,aAAA;AAAA,IACjB,GAAG,CAAA,CAAE;AAAA,GACP,CAAE,CAAA;AAEF,EAAA,MAAM,gBAAA,GAAmB,IAAA,CACtB,GAAA,CAAI,CAAC,MAAM,CAAA,CAAE,gBAAgB,CAAA,CAC7B,MAAA,CAAO,CAAC,CAAA,KAAoC,CAAA,IAAK,IAAA,IAAQ,OAAO,MAAM,QAAQ,CAAA;AAEjF,EAAA,MAAM,YAAA,GAAwC;AAAA,IAC5C,SAAA;AAAA,IACA,GAAI,KAAA,CAAM,SAAA,IAAa;AAAC,GAC1B;AACA,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,SAAA,CAAU,YAAY,CAAA;AAE7C,EAAA,MAAM,WAAA,GAAuC;AAAA,IAC3C,OAAA;AAAA,IACA,MAAA,EAAQ,EAAA;AAAA,IACR,OAAA,EAAS,cAAc,CAAC,CAAA;AAAA,IACxB,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,kBAAA;AAAA,IACA,kBAAA,EAAoB,KAAA,CAAM,kBAAA,IAAsB,KAAA,CAAM,kBAAA;AAAA,IACtD,SAAA;AAAA,IACA,eAAe,KAAA,CAAM,aAAA;AAAA,IACrB,OAAA,EAAS,gBAAA,CAAiB,KAAA,CAAM,WAAA,EAAa,MAAM,aAAa,CAAA;AAAA,IAChE,GAAG,KAAA,CAAM;AAAA,GACX;AAEA,EAAA,IAAI,IAAA,CAAK,SAAS,CAAA,EAAG;AACnB,IAAA,WAAA,CAAY,aAAA,GAAgB,aAAA;AAC5B,IAAA,WAAA,CAAY,eAAA,GAAkB,eAAA;AAAA,EAChC;AAEA,EAAA,IAAI,gBAAA,CAAiB,SAAS,CAAA,EAAG;AAC/B,IAAA,WAAA,CAAY,gBAAA,GAAmB,gBAAA;AAAA,EACjC;AAEA,EAAA,MAAM,WAAW,KAAA,CAAM,QAAA;AACvB,EAAA,IAAI,QAAA,IAAY,IAAA,IAAQ,QAAA,GAAW,EAAA,EAAI;AACrC,IAAA,WAAA,CAAY,KAAA,GAAQ,SAAS,QAAA,EAAS;AAAA,EACxC;AAEA,EAAA,IAAI,QAAA,cAAsB,QAAA,GAAW,QAAA;AAErC,EAAA,OAAO,EAAE,WAAA,EAAa,aAAA,EAAe,IAAA,CAAK,SAAA,CAAU,WAAW,CAAA,EAAE;AACnE;AAEO,IAAM,uBAAA,GAA+C;AAAA,EAC1D,QAAA,EAAU,KAAA;AAAA,EACV;AACF;;;ACrGA,IAAM,UAA4B,EAAC;AAE5B,SAAS,uBAAuB,GAAA,EAA2B;AAChE,EAAA,MAAM,QAAA,GAAW,QAAQ,SAAA,CAAU,CAAC,MAAM,CAAA,CAAE,EAAA,KAAO,IAAI,EAAE,CAAA;AACzD,EAAA,IAAI,YAAY,CAAA,EAAG;AACjB,IAAA,OAAA,CAAQ,QAAQ,CAAA,GAAI,GAAA;AAAA,EACtB,CAAA,MAAO;AACL,IAAA,OAAA,CAAQ,KAAK,GAAG,CAAA;AAAA,EAClB;AACF;AAEO,SAAS,kBAAA,GAAgD;AAC9D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,kBAAkB,EAAA,EAAwC;AACxE,EAAA,OAAO,QAAQ,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,EAAE,CAAA;AACxC;AAEO,SAAS,0BAA0B,QAAA,EAA6C;AACrF,EAAA,OAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,aAAA,KAAkB,QAAQ,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA;AACrF;;;ACjBO,SAAS,qBAAA,CACd,GAAA,EACA,IAAA,EACA,IAAA,EACmB;AACnB,EAAA,MAAM,MAAA,GAAA,CAAU,IAAA,EAAM,MAAA,IAAU,KAAA,EAAO,WAAA,EAAY;AACnD,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,IAAA,EAAM,OAAO,CAAA;AACzC,EAAA,IAAI,IAAA,CAAK,eAAe,MAAA,KAAW,KAAA,IAAS,KAAK,GAAA,IAAO,IAAA,CAAK,GAAA,CAAI,IAAA,EAAK,EAAG;AACvE,IAAA,OAAA,CAAQ,IAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,GAAA,CAAI,IAAA,EAAM,CAAA,CAAE,CAAA;AAAA,EAC1D;AACA,EAAA,OAAO,MAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,SAAS,CAAA;AACxC","file":"index.cjs","sourcesContent":["import type { KeyGenSubset } from './types.js'\n\nexport type { KeyGenSubset }\n\n/** App-compatible alias used by existing multisign builders. */\nexport type KeyGenSubsetForPermit = KeyGenSubset\n\nexport function firstClientIdFromKeyGen(data: KeyGenSubset | null | undefined): string | null {\n  const map = data?.ClientKeys\n  if (!map || typeof map !== 'object') return null\n  for (const v of Object.values(map)) {\n    if (typeof v === 'string' && v.trim()) return v.trim()\n  }\n  return null\n}\n\nexport function requirePubKeyHex(keyGen: KeyGenSubset): string {\n  const ph = (keyGen.pubkeyhex ?? '').trim()\n  if (!ph) throw new Error('keyGen pubKey (pubkeyhex) is required')\n  return ph\n}\n\nexport function keyListFromKeyGen(keyGen: KeyGenSubset): string[] {\n  return keyGen.keylist ?? []\n}\n","/** Merge user purpose text with an optional batch / protocol suffix. */\nexport function mergePurposeText(purposeText: string, purposeSuffix?: string): string {\n  const t = purposeText.trim()\n  const suffix = (purposeSuffix ?? '').trim()\n  if (!suffix) return t\n  return t ? `${t}\\n\\n${suffix}` : suffix\n}\n","import type { ChainCategory, MultisignBuildResult } from './types.js'\nimport type { KeyGenSubset } from './keygen.js'\nimport { firstClientIdFromKeyGen } from './keygen.js'\nimport { mergePurposeText } from './purpose.js'\n\nexport interface MultisignLeg {\n  msgHash: string\n  msgRaw: string\n  destinationAddress: string\n  signatureText: string\n  audit: Record<string, unknown>\n  feeSnapshot: Record<string, unknown>\n  proposalTxParams?: Record<string, unknown>\n  /** Payable value wei string for first leg only when relevant */\n  valueWei?: bigint\n}\n\nexport interface ChainCategoryBuildInput {\n  keyGen: KeyGenSubset\n  purposeText: string\n  purposeSuffix?: string\n  destinationChainID: string\n  legs: MultisignLeg[]\n  extraJSON?: Record<string, unknown>\n  /** Top-level destination address (first leg destination if omitted) */\n  destinationAddress?: string\n}\n\nexport interface ChainCategoryModule {\n  category: ChainCategory\n  finalizeMultisign(input: ChainCategoryBuildInput): MultisignBuildResult\n}\n\n/**\n * Assemble mpc-auth `bodyForSign` from category-built legs.\n * Supports single-tx and batch (messageHashes / messageRawBatch / proposalTxParams).\n */\nexport function finalizeMultisign(input: ChainCategoryBuildInput): MultisignBuildResult {\n  const { keyGen, destinationChainID, legs } = input\n  if (legs.length === 0) {\n    throw new Error('finalizeMultisign requires at least one leg')\n  }\n\n  const ph = (keyGen.pubkeyhex ?? '').trim()\n  if (!ph) throw new Error('keyGen pubKey (pubkeyhex) is required')\n\n  const keyList = keyGen.keylist ?? []\n  const clientId = firstClientIdFromKeyGen(keyGen)\n  const first = legs[0]!\n\n  const messageHashes = legs.map((l) => l.msgHash)\n  const messageRawBatch = legs.map((l) => l.msgRaw)\n  const batchMeta = legs.map((l) => ({\n    destinationAddress: l.destinationAddress,\n    signatureText: l.signatureText,\n    ...l.audit,\n  }))\n\n  const proposalTxParams = legs\n    .map((l) => l.proposalTxParams)\n    .filter((p): p is Record<string, unknown> => p != null && typeof p === 'object')\n\n  const extraPayload: Record<string, unknown> = {\n    batchMeta,\n    ...(input.extraJSON ?? {}),\n  }\n  const extraJSON = JSON.stringify(extraPayload)\n\n  const bodyForSign: Record<string, unknown> = {\n    keyList,\n    pubKey: ph,\n    msgHash: messageHashes[0],\n    msgRaw: first.msgRaw,\n    destinationChainID,\n    destinationAddress: input.destinationAddress ?? first.destinationAddress,\n    extraJSON,\n    signatureText: first.signatureText,\n    purpose: mergePurposeText(input.purposeText, input.purposeSuffix),\n    ...first.feeSnapshot,\n  }\n\n  if (legs.length > 1) {\n    bodyForSign.messageHashes = messageHashes\n    bodyForSign.messageRawBatch = messageRawBatch\n  }\n\n  if (proposalTxParams.length > 0) {\n    bodyForSign.proposalTxParams = proposalTxParams\n  }\n\n  const valueWei = first.valueWei\n  if (valueWei != null && valueWei > 0n) {\n    bodyForSign.value = valueWei.toString()\n  }\n\n  if (clientId) bodyForSign.clientId = clientId\n\n  return { bodyForSign, messageToSign: JSON.stringify(bodyForSign) }\n}\n\nexport const coreChainCategoryModule: ChainCategoryModule = {\n  category: 'evm',\n  finalizeMultisign,\n}\n","import type { ProtocolModule } from './types.js'\n\nconst modules: ProtocolModule[] = []\n\nexport function registerProtocolModule(mod: ProtocolModule): void {\n  const existing = modules.findIndex((m) => m.id === mod.id)\n  if (existing >= 0) {\n    modules[existing] = mod\n  } else {\n    modules.push(mod)\n  }\n}\n\nexport function getProtocolModules(): readonly ProtocolModule[] {\n  return modules\n}\n\nexport function getProtocolModule(id: string): ProtocolModule | undefined {\n  return modules.find((m) => m.id === id)\n}\n\nexport function getActionsByChainCategory(category: string): ProtocolModule['actions'] {\n  return modules.filter((m) => m.chainCategory === category).flatMap((m) => m.actions)\n}\n","/** GET requests to mpc-auth management node with optional Bearer JWT (Browser HTTPS). */\nexport type NodeReadAuth = {\n  bearerOnGet: boolean\n  jwt: string | null\n}\n\nexport function nodeFetchWithReadAuth(\n  url: string,\n  init: RequestInit | undefined,\n  auth: NodeReadAuth,\n): Promise<Response> {\n  const method = (init?.method ?? 'GET').toUpperCase()\n  const headers = new Headers(init?.headers)\n  if (auth.bearerOnGet && method === 'GET' && auth.jwt && auth.jwt.trim()) {\n    headers.set('Authorization', `Bearer ${auth.jwt.trim()}`)\n  }\n  return fetch(url, { ...init, headers })\n}\n"]}
+{"version":3,"sources":["../../src/core/keygen.ts","../../src/core/purpose.ts","../../src/core/envelope.ts","../../src/core/registry.ts","../../src/core/nodeRead.ts","../../src/core/managementPostSig.ts","../../src/core/managementNonce.ts"],"names":[],"mappings":";;;AAOO,SAAS,wBAAwB,IAAA,EAAsD;AAC5F,EAAA,MAAM,MAAM,IAAA,EAAM,UAAA;AAClB,EAAA,IAAI,CAAC,GAAA,IAAO,OAAO,GAAA,KAAQ,UAAU,OAAO,IAAA;AAC5C,EAAA,KAAA,MAAW,CAAA,IAAK,MAAA,CAAO,MAAA,CAAO,GAAG,CAAA,EAAG;AAClC,IAAA,IAAI,OAAO,MAAM,QAAA,IAAY,CAAA,CAAE,MAAK,EAAG,OAAO,EAAE,IAAA,EAAK;AAAA,EACvD;AACA,EAAA,OAAO,IAAA;AACT;AAEO,SAAS,iBAAiB,MAAA,EAA8B;AAC7D,EAAA,MAAM,EAAA,GAAA,CAAM,MAAA,CAAO,SAAA,IAAa,EAAA,EAAI,IAAA,EAAK;AACzC,EAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAChE,EAAA,OAAO,EAAA;AACT;AAEO,SAAS,kBAAkB,MAAA,EAAgC;AAChE,EAAA,OAAO,MAAA,CAAO,WAAW,EAAC;AAC5B;;;ACvBO,SAAS,gBAAA,CAAiB,aAAqB,aAAA,EAAgC;AACpF,EAAA,MAAM,CAAA,GAAI,YAAY,IAAA,EAAK;AAC3B,EAAA,MAAM,MAAA,GAAA,CAAU,aAAA,IAAiB,EAAA,EAAI,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,QAAQ,OAAO,CAAA;AACpB,EAAA,OAAO,CAAA,GAAI,GAAG,CAAC;;AAAA,EAAO,MAAM,CAAA,CAAA,GAAK,MAAA;AACnC;;;AC+BO,SAAS,kBAAkB,KAAA,EAAsD;AACtF,EAAA,MAAM,EAAE,MAAA,EAAQ,kBAAA,EAAoB,IAAA,EAAK,GAAI,KAAA;AAC7C,EAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACrB,IAAA,MAAM,IAAI,MAAM,6CAA6C,CAAA;AAAA,EAC/D;AAEA,EAAA,MAAM,EAAA,GAAA,CAAM,MAAA,CAAO,SAAA,IAAa,EAAA,EAAI,IAAA,EAAK;AACzC,EAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAEhE,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,OAAA,IAAW,EAAC;AACnC,EAAA,MAAM,QAAA,GAAW,wBAAwB,MAAM,CAAA;AAC/C,EAAA,MAAM,KAAA,GAAQ,KAAK,CAAC,CAAA;AAEpB,EAAA,MAAM,gBAAgB,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,OAAO,CAAA;AAC/C,EAAA,MAAM,kBAAkB,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,MAAM,CAAA;AAChD,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,IACjC,oBAAoB,CAAA,CAAE,kBAAA;AAAA,IACtB,eAAe,CAAA,CAAE,aAAA;AAAA,IACjB,GAAG,CAAA,CAAE;AAAA,GACP,CAAE,CAAA;AAEF,EAAA,MAAM,gBAAA,GAAmB,IAAA,CACtB,GAAA,CAAI,CAAC,MAAM,CAAA,CAAE,gBAAgB,CAAA,CAC7B,MAAA,CAAO,CAAC,CAAA,KAAoC,CAAA,IAAK,IAAA,IAAQ,OAAO,MAAM,QAAQ,CAAA;AAEjF,EAAA,MAAM,YAAA,GAAwC;AAAA,IAC5C,SAAA;AAAA,IACA,GAAI,KAAA,CAAM,SAAA,IAAa;AAAC,GAC1B;AACA,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,SAAA,CAAU,YAAY,CAAA;AAE7C,EAAA,MAAM,WAAA,GAAuC;AAAA,IAC3C,OAAA;AAAA,IACA,MAAA,EAAQ,EAAA;AAAA,IACR,OAAA,EAAS,cAAc,CAAC,CAAA;AAAA,IACxB,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,kBAAA;AAAA,IACA,kBAAA,EAAoB,KAAA,CAAM,kBAAA,IAAsB,KAAA,CAAM,kBAAA;AAAA,IACtD,SAAA;AAAA,IACA,eAAe,KAAA,CAAM,aAAA;AAAA,IACrB,OAAA,EAAS,gBAAA,CAAiB,KAAA,CAAM,WAAA,EAAa,MAAM,aAAa,CAAA;AAAA,IAChE,GAAG,KAAA,CAAM;AAAA,GACX;AAEA,EAAA,IAAI,IAAA,CAAK,SAAS,CAAA,EAAG;AACnB,IAAA,WAAA,CAAY,aAAA,GAAgB,aAAA;AAC5B,IAAA,WAAA,CAAY,eAAA,GAAkB,eAAA;AAAA,EAChC;AAEA,EAAA,IAAI,gBAAA,CAAiB,SAAS,CAAA,EAAG;AAC/B,IAAA,WAAA,CAAY,gBAAA,GAAmB,gBAAA;AAAA,EACjC;AAEA,EAAA,MAAM,WAAW,KAAA,CAAM,QAAA;AACvB,EAAA,IAAI,QAAA,IAAY,IAAA,IAAQ,QAAA,GAAW,EAAA,EAAI;AACrC,IAAA,WAAA,CAAY,KAAA,GAAQ,SAAS,QAAA,EAAS;AAAA,EACxC;AAEA,EAAA,IAAI,QAAA,cAAsB,QAAA,GAAW,QAAA;AAErC,EAAA,OAAO,EAAE,WAAA,EAAa,aAAA,EAAe,IAAA,CAAK,SAAA,CAAU,WAAW,CAAA,EAAE;AACnE;AAEO,IAAM,uBAAA,GAA+C;AAAA,EAC1D,QAAA,EAAU,KAAA;AAAA,EACV;AACF;;;ACrGA,IAAM,UAA4B,EAAC;AAE5B,SAAS,uBAAuB,GAAA,EAA2B;AAChE,EAAA,MAAM,QAAA,GAAW,QAAQ,SAAA,CAAU,CAAC,MAAM,CAAA,CAAE,EAAA,KAAO,IAAI,EAAE,CAAA;AACzD,EAAA,IAAI,YAAY,CAAA,EAAG;AACjB,IAAA,OAAA,CAAQ,QAAQ,CAAA,GAAI,GAAA;AAAA,EACtB,CAAA,MAAO;AACL,IAAA,OAAA,CAAQ,KAAK,GAAG,CAAA;AAAA,EAClB;AACF;AAEO,SAAS,kBAAA,GAAgD;AAC9D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,kBAAkB,EAAA,EAAwC;AACxE,EAAA,OAAO,QAAQ,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,EAAE,CAAA;AACxC;AAEO,SAAS,0BAA0B,QAAA,EAA6C;AACrF,EAAA,OAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,aAAA,KAAkB,QAAQ,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA;AACrF;;;ACjBO,SAAS,qBAAA,CACd,GAAA,EACA,IAAA,EACA,IAAA,EACmB;AACnB,EAAA,MAAM,MAAA,GAAA,CAAU,IAAA,EAAM,MAAA,IAAU,KAAA,EAAO,WAAA,EAAY;AACnD,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,IAAA,EAAM,OAAO,CAAA;AACzC,EAAA,IAAI,IAAA,CAAK,eAAe,MAAA,KAAW,KAAA,IAAS,KAAK,GAAA,IAAO,IAAA,CAAK,GAAA,CAAI,IAAA,EAAK,EAAG;AACvE,IAAA,OAAA,CAAQ,IAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,GAAA,CAAI,IAAA,EAAM,CAAA,CAAE,CAAA;AAAA,EAC1D;AACA,EAAA,OAAO,MAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,SAAS,CAAA;AACxC;;;ACTO,SAAS,2BAA2B,OAAA,EAA4C;AACrF,EAAA,MAAM,KAAK,OAAA,EAAS,IAAA,EAAK,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,IAAM,CAAC,oBAAA,CAAqB,IAAA,CAAK,EAAE,CAAA,EAAG;AACzC,IAAA,MAAM,IAAI,MAAM,qDAAqD,CAAA;AAAA,EACvE;AACA,EAAA,OAAO,GAAG,WAAA,EAAY;AACxB;AAGO,SAAS,mBAAA,CACd,OACA,OAAA,EACqB;AACrB,EAAA,OAAO,EAAE,KAAA,EAAO,SAAA,EAAW,IAAI,OAAA,EAAS,0BAAA,CAA2B,OAAO,CAAA,EAAE;AAC9E;AAGO,SAAS,uBAAA,CACd,KAAA,EACA,OAAA,EACA,MAAA,GAAkC,EAAC,EACV;AACzB,EAAA,OAAO,EAAE,GAAG,mBAAA,CAAoB,OAAO,OAAO,CAAA,EAAG,GAAG,MAAA,EAAO;AAC7D;AAGO,SAAS,4BAA4B,IAAA,EAAuC;AACjF,EAAA,OAAO,KAAK,SAAA,CAAU,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,IAAI,CAAA;AAClD;AAEO,SAAS,uBAAA,CACd,MACA,SAAA,EACyB;AACzB,EAAA,OAAO,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,SAAA,CAAU,MAAK,CAAE,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA,EAAE;AACpE;;;ACzCA,SAAS,YAAY,GAAA,EAAuC;AAC1D,EAAA,MAAM,IAAA,GAAQ,GAAA,CAAI,IAAA,IAAQ,GAAA,CAAI,IAAA;AAC9B,EAAA,IAAI,IAAA,KAAS,CAAA,IAAK,IAAA,KAAS,MAAA,EAAW,OAAO,MAAA;AAC7C,EAAA,OAAO,GAAA,CAAI,QAAQ,GAAA,CAAI,IAAA;AACzB;AAKA,eAAsB,YAAA,CACpB,SACA,QAAA,GAAyB,EAAE,aAAa,KAAA,EAAO,GAAA,EAAK,MAAK,EACd;AAC3C,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA,EAAK,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC7C,EAAA,MAAM,GAAA,GAAM,MAAM,qBAAA,CAAsB,CAAA,EAAG,IAAI,eAAe,EAAE,KAAA,EAAO,UAAA,EAAW,EAAG,QAAQ,CAAA;AAC7F,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,EACvB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAE,OAAA,EAAS,EAAA,EAAI,EAAA,EAAI,KAAA,EAAM;AAAA,EAClC;AACA,EAAA,MAAM,IAAA,GAAO,YAAY,GAAG,CAAA;AAC5B,EAAA,MAAM,EAAA,GACJ,OAAO,IAAA,KAAS,QAAA,GACZ,IAAA,GACA,IAAA,IAAQ,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,IAAY,CAAC,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,GAC7D,MAAA,CAAQ,IAAA,CAAiC,OAAA,IAAY,IAAA,CAAiC,OAAA,IAAW,EAAE,CAAA,GACnG,IAAA,IAAQ,IAAA,GACN,MAAA,CAAO,IAAI,CAAA,GACX,EAAA;AACV,EAAA,MAAM,UAAU,EAAA,CAAG,IAAA,EAAK,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC5C,EAAA,IAAI,CAAC,oBAAA,CAAqB,IAAA,CAAK,OAAO,CAAA,EAAG;AACvC,IAAA,OAAO,EAAE,OAAA,EAAS,EAAA,EAAI,EAAA,EAAI,KAAA,EAAM;AAAA,EAClC;AACA,EAAA,OAAO,EAAE,OAAA,EAAS,OAAA,CAAQ,aAAY,EAAG,EAAA,EAAI,IAAI,EAAA,EAAG;AACtD;AAMA,eAAsB,oBAAA,CACpB,OAAA,EACA,UAAA,EACA,gBAAA,EACA,QAAA,GAAyB,EAAE,WAAA,EAAa,KAAA,EAAO,GAAA,EAAK,IAAA,EAAK,EACF;AACvD,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA,EAAK,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC7C,EAAA,MAAM,IAAA,GAAO,aAAa,uBAAA,GAA0B,qBAAA;AACpD,EAAA,MAAM,GAAA,GACJ,cAAc,gBAAA,IAAoB,mBAAA,CAAoB,KAAK,gBAAA,CAAiB,IAAA,EAAM,CAAA,GAC9E,CAAA,EAAG,IAAI,GAAG,IAAI,CAAA,WAAA,EAAc,kBAAA,CAAmB,gBAAA,CAAiB,IAAA,EAAM,CAAC,CAAA,CAAA,GACvE,CAAA,EAAG,IAAI,CAAA,EAAG,IAAI,CAAA,CAAA;AACpB,EAAA,MAAM,GAAA,GAAM,MAAM,qBAAA,CAAsB,GAAA,EAAK,EAAE,KAAA,EAAO,UAAA,IAAc,QAAQ,CAAA;AAC5E,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,EACvB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAE,KAAA,EAAO,CAAA,EAAG,EAAA,EAAI,KAAA,EAAO,MAAM,EAAA,EAAG;AAAA,EACzC;AACA,EAAA,MAAM,IAAA,GAAQ,GAAA,CAAI,IAAA,IAAQ,GAAA,CAAI,IAAA;AAC9B,EAAA,MAAM,UAAU,WAAA,CAAY,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,GAAA,CAAI,IAAA;AACpD,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,IAAI,OAAO,OAAA,KAAY,QAAA,IAAY,CAAC,MAAA,CAAO,KAAA,CAAM,OAAO,CAAA,EAAG;AACzD,IAAA,KAAA,GAAQ,OAAA;AAAA,EACV,CAAA,MAAA,IAAW,OAAA,IAAW,OAAO,OAAA,KAAY,QAAA,EAAU;AACjD,IAAA,MAAM,CAAA,GAAK,OAAA,CAAoC,KAAA,IAAU,OAAA,CAAoC,KAAA;AAC7F,IAAA,KAAA,GAAQ,OAAO,CAAA,KAAM,QAAA,IAAY,CAAC,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA,GAAI,CAAA,GAAI,MAAA,CAAO,CAAC,CAAA,IAAK,CAAA;AAAA,EACvE;AACA,EAAA,OAAO,EAAE,KAAA,EAAO,EAAA,EAAI,GAAA,CAAI,EAAA,KAAO,IAAA,KAAS,CAAA,IAAK,IAAA,KAAS,MAAA,CAAA,EAAY,IAAA,EAAM,IAAA,IAAQ,EAAA,EAAG;AACrF","file":"index.cjs","sourcesContent":["import type { KeyGenSubset } from './types.js'\n\nexport type { KeyGenSubset }\n\n/** App-compatible alias used by existing multisign builders. */\nexport type KeyGenSubsetForPermit = KeyGenSubset\n\nexport function firstClientIdFromKeyGen(data: KeyGenSubset | null | undefined): string | null {\n  const map = data?.ClientKeys\n  if (!map || typeof map !== 'object') return null\n  for (const v of Object.values(map)) {\n    if (typeof v === 'string' && v.trim()) return v.trim()\n  }\n  return null\n}\n\nexport function requirePubKeyHex(keyGen: KeyGenSubset): string {\n  const ph = (keyGen.pubkeyhex ?? '').trim()\n  if (!ph) throw new Error('keyGen pubKey (pubkeyhex) is required')\n  return ph\n}\n\nexport function keyListFromKeyGen(keyGen: KeyGenSubset): string[] {\n  return keyGen.keylist ?? []\n}\n","/** Merge user purpose text with an optional batch / protocol suffix. */\nexport function mergePurposeText(purposeText: string, purposeSuffix?: string): string {\n  const t = purposeText.trim()\n  const suffix = (purposeSuffix ?? '').trim()\n  if (!suffix) return t\n  return t ? `${t}\\n\\n${suffix}` : suffix\n}\n","import type { ChainCategory, MultisignBuildResult } from './types.js'\nimport type { KeyGenSubset } from './keygen.js'\nimport { firstClientIdFromKeyGen } from './keygen.js'\nimport { mergePurposeText } from './purpose.js'\n\nexport interface MultisignLeg {\n  msgHash: string\n  msgRaw: string\n  destinationAddress: string\n  signatureText: string\n  audit: Record<string, unknown>\n  feeSnapshot: Record<string, unknown>\n  proposalTxParams?: Record<string, unknown>\n  /** Payable value wei string for first leg only when relevant */\n  valueWei?: bigint\n}\n\nexport interface ChainCategoryBuildInput {\n  keyGen: KeyGenSubset\n  purposeText: string\n  purposeSuffix?: string\n  destinationChainID: string\n  legs: MultisignLeg[]\n  extraJSON?: Record<string, unknown>\n  /** Top-level destination address (first leg destination if omitted) */\n  destinationAddress?: string\n}\n\nexport interface ChainCategoryModule {\n  category: ChainCategory\n  finalizeMultisign(input: ChainCategoryBuildInput): MultisignBuildResult\n}\n\n/**\n * Assemble mpc-auth `bodyForSign` from category-built legs.\n * Supports single-tx and batch (messageHashes / messageRawBatch / proposalTxParams).\n */\nexport function finalizeMultisign(input: ChainCategoryBuildInput): MultisignBuildResult {\n  const { keyGen, destinationChainID, legs } = input\n  if (legs.length === 0) {\n    throw new Error('finalizeMultisign requires at least one leg')\n  }\n\n  const ph = (keyGen.pubkeyhex ?? '').trim()\n  if (!ph) throw new Error('keyGen pubKey (pubkeyhex) is required')\n\n  const keyList = keyGen.keylist ?? []\n  const clientId = firstClientIdFromKeyGen(keyGen)\n  const first = legs[0]!\n\n  const messageHashes = legs.map((l) => l.msgHash)\n  const messageRawBatch = legs.map((l) => l.msgRaw)\n  const batchMeta = legs.map((l) => ({\n    destinationAddress: l.destinationAddress,\n    signatureText: l.signatureText,\n    ...l.audit,\n  }))\n\n  const proposalTxParams = legs\n    .map((l) => l.proposalTxParams)\n    .filter((p): p is Record<string, unknown> => p != null && typeof p === 'object')\n\n  const extraPayload: Record<string, unknown> = {\n    batchMeta,\n    ...(input.extraJSON ?? {}),\n  }\n  const extraJSON = JSON.stringify(extraPayload)\n\n  const bodyForSign: Record<string, unknown> = {\n    keyList,\n    pubKey: ph,\n    msgHash: messageHashes[0],\n    msgRaw: first.msgRaw,\n    destinationChainID,\n    destinationAddress: input.destinationAddress ?? first.destinationAddress,\n    extraJSON,\n    signatureText: first.signatureText,\n    purpose: mergePurposeText(input.purposeText, input.purposeSuffix),\n    ...first.feeSnapshot,\n  }\n\n  if (legs.length > 1) {\n    bodyForSign.messageHashes = messageHashes\n    bodyForSign.messageRawBatch = messageRawBatch\n  }\n\n  if (proposalTxParams.length > 0) {\n    bodyForSign.proposalTxParams = proposalTxParams\n  }\n\n  const valueWei = first.valueWei\n  if (valueWei != null && valueWei > 0n) {\n    bodyForSign.value = valueWei.toString()\n  }\n\n  if (clientId) bodyForSign.clientId = clientId\n\n  return { bodyForSign, messageToSign: JSON.stringify(bodyForSign) }\n}\n\nexport const coreChainCategoryModule: ChainCategoryModule = {\n  category: 'evm',\n  finalizeMultisign,\n}\n","import type { ProtocolModule } from './types.js'\n\nconst modules: ProtocolModule[] = []\n\nexport function registerProtocolModule(mod: ProtocolModule): void {\n  const existing = modules.findIndex((m) => m.id === mod.id)\n  if (existing >= 0) {\n    modules[existing] = mod\n  } else {\n    modules.push(mod)\n  }\n}\n\nexport function getProtocolModules(): readonly ProtocolModule[] {\n  return modules\n}\n\nexport function getProtocolModule(id: string): ProtocolModule | undefined {\n  return modules.find((m) => m.id === id)\n}\n\nexport function getActionsByChainCategory(category: string): ProtocolModule['actions'] {\n  return modules.filter((m) => m.chainCategory === category).flatMap((m) => m.actions)\n}\n","/** GET requests to mpc-auth management node with optional Bearer JWT (Browser HTTPS). */\nexport type NodeReadAuth = {\n  bearerOnGet: boolean\n  jwt: string | null\n}\n\nexport function nodeFetchWithReadAuth(\n  url: string,\n  init: RequestInit | undefined,\n  auth: NodeReadAuth,\n): Promise<Response> {\n  const method = (init?.method ?? 'GET').toUpperCase()\n  const headers = new Headers(init?.headers)\n  if (auth.bearerOnGet && method === 'GET' && auth.jwt && auth.jwt.trim()) {\n    headers.set('Authorization', `Bearer ${auth.jwt.trim()}`)\n  }\n  return fetch(url, { ...init, headers })\n}\n","/** mpc-auth NodeMgtKeySig envelope: `{ nonce, clientSig, nodeKey }` (all lowercase). */\n\nexport type ManagementSigFields = {\n  nonce: number\n  clientSig: string\n  nodeKey: string\n}\n\nexport function normalizeManagementNodeKey(nodeKey: string | null | undefined): string {\n  const nk = nodeKey?.trim().replace(/^0x/i, '')\n  if (!nk || !/^[0-9a-fA-F]{128}$/.test(nk)) {\n    throw new Error('nodeKey is required (128 hex from GET /getNodeKey).')\n  }\n  return nk.toLowerCase()\n}\n\n/** Base fields for NodeMgtKeySig-style POST bodies (`clientSig` cleared for signing). */\nexport function managementSigFields(\n  nonce: number,\n  nodeKey: string | null | undefined,\n): ManagementSigFields {\n  return { nonce, clientSig: '', nodeKey: normalizeManagementNodeKey(nodeKey) }\n}\n\n/** Spread management fields first, then endpoint-specific fields (preserves key order when spreading). */\nexport function buildManagementPostBody(\n  nonce: number,\n  nodeKey: string | null | undefined,\n  fields: Record<string, unknown> = {},\n): Record<string, unknown> {\n  return { ...managementSigFields(nonce, nodeKey), ...fields }\n}\n\n/** Exact UTF-8 string to sign: same JSON with `clientSig` cleared. */\nexport function messageToSignManagementBody(body: Record<string, unknown>): string {\n  return JSON.stringify({ ...body, clientSig: '' })\n}\n\nexport function withManagementClientSig(\n  body: Record<string, unknown>,\n  clientSig: string,\n): Record<string, unknown> {\n  return { ...body, clientSig: clientSig.trim().replace(/^0x/i, '') }\n}\n","import { nodeFetchWithReadAuth, type NodeReadAuth } from './nodeRead.js'\n\nfunction mpcAuthData(raw: Record<string, unknown>): unknown {\n  const code = (raw.Code ?? raw.code) as number | undefined\n  if (code !== 0 && code !== undefined) return undefined\n  return raw.Data ?? raw.data\n}\n\n/**\n * GET /getNodeKey — 128-hex MPC node id required on all NodeMgtKeySig POST bodies.\n */\nexport async function fetchNodeKey(\n  nodeUrl: string,\n  readAuth: NodeReadAuth = { bearerOnGet: false, jwt: null },\n): Promise<{ nodeKey: string; ok: boolean }> {\n  const base = nodeUrl.trim().replace(/\\/$/, '')\n  const res = await nodeFetchWithReadAuth(`${base}/getNodeKey`, { cache: 'no-store' }, readAuth)\n  const text = await res.text()\n  let raw: Record<string, unknown>\n  try {\n    raw = JSON.parse(text) as Record<string, unknown>\n  } catch {\n    return { nodeKey: '', ok: false }\n  }\n  const data = mpcAuthData(raw)\n  const nk =\n    typeof data === 'string'\n      ? data\n      : data != null && typeof data === 'object' && !Array.isArray(data)\n        ? String((data as Record<string, unknown>).nodeKey ?? (data as Record<string, unknown>).NodeKey ?? '')\n        : data != null\n          ? String(data)\n          : ''\n  const trimmed = nk.trim().replace(/^0x/i, '')\n  if (!/^[0-9a-fA-F]{128}$/.test(trimmed)) {\n    return { nodeKey: '', ok: false }\n  }\n  return { nodeKey: trimmed.toLowerCase(), ok: res.ok }\n}\n\n/**\n * Fetch management nonce: GET /getPublicMgtKeyNonce (Ed25519) or GET /getNodeMgtKeyNonce (Ethereum NodeMgtKey).\n * For Ed25519 added keys, pass `?publicKey=<64-hex>`.\n */\nexport async function fetchManagementNonce(\n  nodeUrl: string,\n  useEd25519: boolean,\n  ed25519PublicKey?: string,\n  readAuth: NodeReadAuth = { bearerOnGet: false, jwt: null },\n): Promise<{ nonce: number; ok: boolean; code: number }> {\n  const base = nodeUrl.trim().replace(/\\/$/, '')\n  const path = useEd25519 ? '/getPublicMgtKeyNonce' : '/getNodeMgtKeyNonce'\n  const url =\n    useEd25519 && ed25519PublicKey && /^[0-9a-fA-F]{64}$/.test(ed25519PublicKey.trim())\n      ? `${base}${path}?publicKey=${encodeURIComponent(ed25519PublicKey.trim())}`\n      : `${base}${path}`\n  const res = await nodeFetchWithReadAuth(url, { cache: 'no-store' }, readAuth)\n  const text = await res.text()\n  let raw: Record<string, unknown>\n  try {\n    raw = JSON.parse(text) as Record<string, unknown>\n  } catch {\n    return { nonce: 0, ok: false, code: -1 }\n  }\n  const code = (raw.Code ?? raw.code) as number | undefined\n  const payload = mpcAuthData(raw) ?? raw.Data ?? raw.data\n  let nonce = 0\n  if (typeof payload === 'number' && !Number.isNaN(payload)) {\n    nonce = payload\n  } else if (payload && typeof payload === 'object') {\n    const n = (payload as Record<string, unknown>).nonce ?? (payload as Record<string, unknown>).Nonce\n    nonce = typeof n === 'number' && !Number.isNaN(n) ? n : Number(n) || 0\n  }\n  return { nonce, ok: res.ok && (code === 0 || code === undefined), code: code ?? -1 }\n}\n"]}

package/dist/core/index.d.cts

@@ -2,9 +2,42 @@ export { C as ChainCategory, a as ChainSupportContext, E as EvmTokenKind, K as K
 export { K as KeyGenSubsetForPermit, f as firstClientIdFromKeyGen, k as keyListFromKeyGen, r as requirePubKeyHex } from '../keygen-CfNp8yKJ.cjs';
 export { C as ChainCategoryBuildInput, a as ChainCategoryModule, M as MultisignLeg, c as coreChainCategoryModule, f as finalizeMultisign } from '../envelope-DYDPnrHZ.cjs';
 export { g as getActionsByChainCategory, a as getProtocolModule, b as getProtocolModules, r as registerProtocolModule } from '../registry-BwZoE668.cjs';
-export { N as NodeReadAuth, n as nodeFetchWithReadAuth } from '../nodeRead-BnmSaMGO.cjs';
+import { N as NodeReadAuth } from '../nodeRead-BnmSaMGO.cjs';
+export { n as nodeFetchWithReadAuth } from '../nodeRead-BnmSaMGO.cjs';
 
 /** Merge user purpose text with an optional batch / protocol suffix. */
 declare function mergePurposeText(purposeText: string, purposeSuffix?: string): string;
 
-export { mergePurposeText };
+/** mpc-auth NodeMgtKeySig envelope: `{ nonce, clientSig, nodeKey }` (all lowercase). */
+type ManagementSigFields = {
+    nonce: number;
+    clientSig: string;
+    nodeKey: string;
+};
+declare function normalizeManagementNodeKey(nodeKey: string | null | undefined): string;
+/** Base fields for NodeMgtKeySig-style POST bodies (`clientSig` cleared for signing). */
+declare function managementSigFields(nonce: number, nodeKey: string | null | undefined): ManagementSigFields;
+/** Spread management fields first, then endpoint-specific fields (preserves key order when spreading). */
+declare function buildManagementPostBody(nonce: number, nodeKey: string | null | undefined, fields?: Record<string, unknown>): Record<string, unknown>;
+/** Exact UTF-8 string to sign: same JSON with `clientSig` cleared. */
+declare function messageToSignManagementBody(body: Record<string, unknown>): string;
+declare function withManagementClientSig(body: Record<string, unknown>, clientSig: string): Record<string, unknown>;
+
+/**
+ * GET /getNodeKey — 128-hex MPC node id required on all NodeMgtKeySig POST bodies.
+ */
+declare function fetchNodeKey(nodeUrl: string, readAuth?: NodeReadAuth): Promise<{
+    nodeKey: string;
+    ok: boolean;
+}>;
+/**
+ * Fetch management nonce: GET /getPublicMgtKeyNonce (Ed25519) or GET /getNodeMgtKeyNonce (Ethereum NodeMgtKey).
+ * For Ed25519 added keys, pass `?publicKey=<64-hex>`.
+ */
+declare function fetchManagementNonce(nodeUrl: string, useEd25519: boolean, ed25519PublicKey?: string, readAuth?: NodeReadAuth): Promise<{
+    nonce: number;
+    ok: boolean;
+    code: number;
+}>;
+
+export { type ManagementSigFields, NodeReadAuth, buildManagementPostBody, fetchManagementNonce, fetchNodeKey, managementSigFields, mergePurposeText, messageToSignManagementBody, normalizeManagementNodeKey, withManagementClientSig };

package/dist/core/index.d.ts

@@ -2,9 +2,42 @@ export { C as ChainCategory, a as ChainSupportContext, E as EvmTokenKind, K as K
 export { K as KeyGenSubsetForPermit, f as firstClientIdFromKeyGen, k as keyListFromKeyGen, r as requirePubKeyHex } from '../keygen-DsINazx8.js';
 export { C as ChainCategoryBuildInput, a as ChainCategoryModule, M as MultisignLeg, c as coreChainCategoryModule, f as finalizeMultisign } from '../envelope-CcE5Cz_q.js';
 export { g as getActionsByChainCategory, a as getProtocolModule, b as getProtocolModules, r as registerProtocolModule } from '../registry-oMKlO_5z.js';
-export { N as NodeReadAuth, n as nodeFetchWithReadAuth } from '../nodeRead-BnmSaMGO.js';
+import { N as NodeReadAuth } from '../nodeRead-BnmSaMGO.js';
+export { n as nodeFetchWithReadAuth } from '../nodeRead-BnmSaMGO.js';
 
 /** Merge user purpose text with an optional batch / protocol suffix. */
 declare function mergePurposeText(purposeText: string, purposeSuffix?: string): string;
 
-export { mergePurposeText };
+/** mpc-auth NodeMgtKeySig envelope: `{ nonce, clientSig, nodeKey }` (all lowercase). */
+type ManagementSigFields = {
+    nonce: number;
+    clientSig: string;
+    nodeKey: string;
+};
+declare function normalizeManagementNodeKey(nodeKey: string | null | undefined): string;
+/** Base fields for NodeMgtKeySig-style POST bodies (`clientSig` cleared for signing). */
+declare function managementSigFields(nonce: number, nodeKey: string | null | undefined): ManagementSigFields;
+/** Spread management fields first, then endpoint-specific fields (preserves key order when spreading). */
+declare function buildManagementPostBody(nonce: number, nodeKey: string | null | undefined, fields?: Record<string, unknown>): Record<string, unknown>;
+/** Exact UTF-8 string to sign: same JSON with `clientSig` cleared. */
+declare function messageToSignManagementBody(body: Record<string, unknown>): string;
+declare function withManagementClientSig(body: Record<string, unknown>, clientSig: string): Record<string, unknown>;
+
+/**
+ * GET /getNodeKey — 128-hex MPC node id required on all NodeMgtKeySig POST bodies.
+ */
+declare function fetchNodeKey(nodeUrl: string, readAuth?: NodeReadAuth): Promise<{
+    nodeKey: string;
+    ok: boolean;
+}>;
+/**
+ * Fetch management nonce: GET /getPublicMgtKeyNonce (Ed25519) or GET /getNodeMgtKeyNonce (Ethereum NodeMgtKey).
+ * For Ed25519 added keys, pass `?publicKey=<64-hex>`.
+ */
+declare function fetchManagementNonce(nodeUrl: string, useEd25519: boolean, ed25519PublicKey?: string, readAuth?: NodeReadAuth): Promise<{
+    nonce: number;
+    ok: boolean;
+    code: number;
+}>;
+
+export { type ManagementSigFields, NodeReadAuth, buildManagementPostBody, fetchManagementNonce, fetchNodeKey, managementSigFields, mergePurposeText, messageToSignManagementBody, normalizeManagementNodeKey, withManagementClientSig };

package/dist/core/index.js

@@ -111,6 +111,75 @@ function nodeFetchWithReadAuth(url, init, auth) {
   return fetch(url, { ...init, headers });
 }
 
-export { coreChainCategoryModule, finalizeMultisign, firstClientIdFromKeyGen, getActionsByChainCategory, getProtocolModule, getProtocolModules, keyListFromKeyGen, mergePurposeText, nodeFetchWithReadAuth, registerProtocolModule, requirePubKeyHex };
+// src/core/managementPostSig.ts
+function normalizeManagementNodeKey(nodeKey) {
+  const nk = nodeKey?.trim().replace(/^0x/i, "");
+  if (!nk || !/^[0-9a-fA-F]{128}$/.test(nk)) {
+    throw new Error("nodeKey is required (128 hex from GET /getNodeKey).");
+  }
+  return nk.toLowerCase();
+}
+function managementSigFields(nonce, nodeKey) {
+  return { nonce, clientSig: "", nodeKey: normalizeManagementNodeKey(nodeKey) };
+}
+function buildManagementPostBody(nonce, nodeKey, fields = {}) {
+  return { ...managementSigFields(nonce, nodeKey), ...fields };
+}
+function messageToSignManagementBody(body) {
+  return JSON.stringify({ ...body, clientSig: "" });
+}
+function withManagementClientSig(body, clientSig) {
+  return { ...body, clientSig: clientSig.trim().replace(/^0x/i, "") };
+}
+
+// src/core/managementNonce.ts
+function mpcAuthData(raw) {
+  const code = raw.Code ?? raw.code;
+  if (code !== 0 && code !== void 0) return void 0;
+  return raw.Data ?? raw.data;
+}
+async function fetchNodeKey(nodeUrl, readAuth = { bearerOnGet: false, jwt: null }) {
+  const base = nodeUrl.trim().replace(/\/$/, "");
+  const res = await nodeFetchWithReadAuth(`${base}/getNodeKey`, { cache: "no-store" }, readAuth);
+  const text = await res.text();
+  let raw;
+  try {
+    raw = JSON.parse(text);
+  } catch {
+    return { nodeKey: "", ok: false };
+  }
+  const data = mpcAuthData(raw);
+  const nk = typeof data === "string" ? data : data != null && typeof data === "object" && !Array.isArray(data) ? String(data.nodeKey ?? data.NodeKey ?? "") : data != null ? String(data) : "";
+  const trimmed = nk.trim().replace(/^0x/i, "");
+  if (!/^[0-9a-fA-F]{128}$/.test(trimmed)) {
+    return { nodeKey: "", ok: false };
+  }
+  return { nodeKey: trimmed.toLowerCase(), ok: res.ok };
+}
+async function fetchManagementNonce(nodeUrl, useEd25519, ed25519PublicKey, readAuth = { bearerOnGet: false, jwt: null }) {
+  const base = nodeUrl.trim().replace(/\/$/, "");
+  const path = useEd25519 ? "/getPublicMgtKeyNonce" : "/getNodeMgtKeyNonce";
+  const url = useEd25519 && ed25519PublicKey && /^[0-9a-fA-F]{64}$/.test(ed25519PublicKey.trim()) ? `${base}${path}?publicKey=${encodeURIComponent(ed25519PublicKey.trim())}` : `${base}${path}`;
+  const res = await nodeFetchWithReadAuth(url, { cache: "no-store" }, readAuth);
+  const text = await res.text();
+  let raw;
+  try {
+    raw = JSON.parse(text);
+  } catch {
+    return { nonce: 0, ok: false, code: -1 };
+  }
+  const code = raw.Code ?? raw.code;
+  const payload = mpcAuthData(raw) ?? raw.Data ?? raw.data;
+  let nonce = 0;
+  if (typeof payload === "number" && !Number.isNaN(payload)) {
+    nonce = payload;
+  } else if (payload && typeof payload === "object") {
+    const n = payload.nonce ?? payload.Nonce;
+    nonce = typeof n === "number" && !Number.isNaN(n) ? n : Number(n) || 0;
+  }
+  return { nonce, ok: res.ok && (code === 0 || code === void 0), code: code ?? -1 };
+}
+
+export { buildManagementPostBody, coreChainCategoryModule, fetchManagementNonce, fetchNodeKey, finalizeMultisign, firstClientIdFromKeyGen, getActionsByChainCategory, getProtocolModule, getProtocolModules, keyListFromKeyGen, managementSigFields, mergePurposeText, messageToSignManagementBody, nodeFetchWithReadAuth, normalizeManagementNodeKey, registerProtocolModule, requirePubKeyHex, withManagementClientSig };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/core/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/core/keygen.ts","../../src/core/purpose.ts","../../src/core/envelope.ts","../../src/core/registry.ts","../../src/core/nodeRead.ts"],"names":[],"mappings":";AAOO,SAAS,wBAAwB,IAAA,EAAsD;AAC5F,EAAA,MAAM,MAAM,IAAA,EAAM,UAAA;AAClB,EAAA,IAAI,CAAC,GAAA,IAAO,OAAO,GAAA,KAAQ,UAAU,OAAO,IAAA;AAC5C,EAAA,KAAA,MAAW,CAAA,IAAK,MAAA,CAAO,MAAA,CAAO,GAAG,CAAA,EAAG;AAClC,IAAA,IAAI,OAAO,MAAM,QAAA,IAAY,CAAA,CAAE,MAAK,EAAG,OAAO,EAAE,IAAA,EAAK;AAAA,EACvD;AACA,EAAA,OAAO,IAAA;AACT;AAEO,SAAS,iBAAiB,MAAA,EAA8B;AAC7D,EAAA,MAAM,EAAA,GAAA,CAAM,MAAA,CAAO,SAAA,IAAa,EAAA,EAAI,IAAA,EAAK;AACzC,EAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAChE,EAAA,OAAO,EAAA;AACT;AAEO,SAAS,kBAAkB,MAAA,EAAgC;AAChE,EAAA,OAAO,MAAA,CAAO,WAAW,EAAC;AAC5B;;;ACvBO,SAAS,gBAAA,CAAiB,aAAqB,aAAA,EAAgC;AACpF,EAAA,MAAM,CAAA,GAAI,YAAY,IAAA,EAAK;AAC3B,EAAA,MAAM,MAAA,GAAA,CAAU,aAAA,IAAiB,EAAA,EAAI,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,QAAQ,OAAO,CAAA;AACpB,EAAA,OAAO,CAAA,GAAI,GAAG,CAAC;;AAAA,EAAO,MAAM,CAAA,CAAA,GAAK,MAAA;AACnC;;;AC+BO,SAAS,kBAAkB,KAAA,EAAsD;AACtF,EAAA,MAAM,EAAE,MAAA,EAAQ,kBAAA,EAAoB,IAAA,EAAK,GAAI,KAAA;AAC7C,EAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACrB,IAAA,MAAM,IAAI,MAAM,6CAA6C,CAAA;AAAA,EAC/D;AAEA,EAAA,MAAM,EAAA,GAAA,CAAM,MAAA,CAAO,SAAA,IAAa,EAAA,EAAI,IAAA,EAAK;AACzC,EAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAEhE,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,OAAA,IAAW,EAAC;AACnC,EAAA,MAAM,QAAA,GAAW,wBAAwB,MAAM,CAAA;AAC/C,EAAA,MAAM,KAAA,GAAQ,KAAK,CAAC,CAAA;AAEpB,EAAA,MAAM,gBAAgB,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,OAAO,CAAA;AAC/C,EAAA,MAAM,kBAAkB,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,MAAM,CAAA;AAChD,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,IACjC,oBAAoB,CAAA,CAAE,kBAAA;AAAA,IACtB,eAAe,CAAA,CAAE,aAAA;AAAA,IACjB,GAAG,CAAA,CAAE;AAAA,GACP,CAAE,CAAA;AAEF,EAAA,MAAM,gBAAA,GAAmB,IAAA,CACtB,GAAA,CAAI,CAAC,MAAM,CAAA,CAAE,gBAAgB,CAAA,CAC7B,MAAA,CAAO,CAAC,CAAA,KAAoC,CAAA,IAAK,IAAA,IAAQ,OAAO,MAAM,QAAQ,CAAA;AAEjF,EAAA,MAAM,YAAA,GAAwC;AAAA,IAC5C,SAAA;AAAA,IACA,GAAI,KAAA,CAAM,SAAA,IAAa;AAAC,GAC1B;AACA,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,SAAA,CAAU,YAAY,CAAA;AAE7C,EAAA,MAAM,WAAA,GAAuC;AAAA,IAC3C,OAAA;AAAA,IACA,MAAA,EAAQ,EAAA;AAAA,IACR,OAAA,EAAS,cAAc,CAAC,CAAA;AAAA,IACxB,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,kBAAA;AAAA,IACA,kBAAA,EAAoB,KAAA,CAAM,kBAAA,IAAsB,KAAA,CAAM,kBAAA;AAAA,IACtD,SAAA;AAAA,IACA,eAAe,KAAA,CAAM,aAAA;AAAA,IACrB,OAAA,EAAS,gBAAA,CAAiB,KAAA,CAAM,WAAA,EAAa,MAAM,aAAa,CAAA;AAAA,IAChE,GAAG,KAAA,CAAM;AAAA,GACX;AAEA,EAAA,IAAI,IAAA,CAAK,SAAS,CAAA,EAAG;AACnB,IAAA,WAAA,CAAY,aAAA,GAAgB,aAAA;AAC5B,IAAA,WAAA,CAAY,eAAA,GAAkB,eAAA;AAAA,EAChC;AAEA,EAAA,IAAI,gBAAA,CAAiB,SAAS,CAAA,EAAG;AAC/B,IAAA,WAAA,CAAY,gBAAA,GAAmB,gBAAA;AAAA,EACjC;AAEA,EAAA,MAAM,WAAW,KAAA,CAAM,QAAA;AACvB,EAAA,IAAI,QAAA,IAAY,IAAA,IAAQ,QAAA,GAAW,EAAA,EAAI;AACrC,IAAA,WAAA,CAAY,KAAA,GAAQ,SAAS,QAAA,EAAS;AAAA,EACxC;AAEA,EAAA,IAAI,QAAA,cAAsB,QAAA,GAAW,QAAA;AAErC,EAAA,OAAO,EAAE,WAAA,EAAa,aAAA,EAAe,IAAA,CAAK,SAAA,CAAU,WAAW,CAAA,EAAE;AACnE;AAEO,IAAM,uBAAA,GAA+C;AAAA,EAC1D,QAAA,EAAU,KAAA;AAAA,EACV;AACF;;;ACrGA,IAAM,UAA4B,EAAC;AAE5B,SAAS,uBAAuB,GAAA,EAA2B;AAChE,EAAA,MAAM,QAAA,GAAW,QAAQ,SAAA,CAAU,CAAC,MAAM,CAAA,CAAE,EAAA,KAAO,IAAI,EAAE,CAAA;AACzD,EAAA,IAAI,YAAY,CAAA,EAAG;AACjB,IAAA,OAAA,CAAQ,QAAQ,CAAA,GAAI,GAAA;AAAA,EACtB,CAAA,MAAO;AACL,IAAA,OAAA,CAAQ,KAAK,GAAG,CAAA;AAAA,EAClB;AACF;AAEO,SAAS,kBAAA,GAAgD;AAC9D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,kBAAkB,EAAA,EAAwC;AACxE,EAAA,OAAO,QAAQ,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,EAAE,CAAA;AACxC;AAEO,SAAS,0BAA0B,QAAA,EAA6C;AACrF,EAAA,OAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,aAAA,KAAkB,QAAQ,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA;AACrF;;;ACjBO,SAAS,qBAAA,CACd,GAAA,EACA,IAAA,EACA,IAAA,EACmB;AACnB,EAAA,MAAM,MAAA,GAAA,CAAU,IAAA,EAAM,MAAA,IAAU,KAAA,EAAO,WAAA,EAAY;AACnD,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,IAAA,EAAM,OAAO,CAAA;AACzC,EAAA,IAAI,IAAA,CAAK,eAAe,MAAA,KAAW,KAAA,IAAS,KAAK,GAAA,IAAO,IAAA,CAAK,GAAA,CAAI,IAAA,EAAK,EAAG;AACvE,IAAA,OAAA,CAAQ,IAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,GAAA,CAAI,IAAA,EAAM,CAAA,CAAE,CAAA;AAAA,EAC1D;AACA,EAAA,OAAO,MAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,SAAS,CAAA;AACxC","file":"index.js","sourcesContent":["import type { KeyGenSubset } from './types.js'\n\nexport type { KeyGenSubset }\n\n/** App-compatible alias used by existing multisign builders. */\nexport type KeyGenSubsetForPermit = KeyGenSubset\n\nexport function firstClientIdFromKeyGen(data: KeyGenSubset | null | undefined): string | null {\n  const map = data?.ClientKeys\n  if (!map || typeof map !== 'object') return null\n  for (const v of Object.values(map)) {\n    if (typeof v === 'string' && v.trim()) return v.trim()\n  }\n  return null\n}\n\nexport function requirePubKeyHex(keyGen: KeyGenSubset): string {\n  const ph = (keyGen.pubkeyhex ?? '').trim()\n  if (!ph) throw new Error('keyGen pubKey (pubkeyhex) is required')\n  return ph\n}\n\nexport function keyListFromKeyGen(keyGen: KeyGenSubset): string[] {\n  return keyGen.keylist ?? []\n}\n","/** Merge user purpose text with an optional batch / protocol suffix. */\nexport function mergePurposeText(purposeText: string, purposeSuffix?: string): string {\n  const t = purposeText.trim()\n  const suffix = (purposeSuffix ?? '').trim()\n  if (!suffix) return t\n  return t ? `${t}\\n\\n${suffix}` : suffix\n}\n","import type { ChainCategory, MultisignBuildResult } from './types.js'\nimport type { KeyGenSubset } from './keygen.js'\nimport { firstClientIdFromKeyGen } from './keygen.js'\nimport { mergePurposeText } from './purpose.js'\n\nexport interface MultisignLeg {\n  msgHash: string\n  msgRaw: string\n  destinationAddress: string\n  signatureText: string\n  audit: Record<string, unknown>\n  feeSnapshot: Record<string, unknown>\n  proposalTxParams?: Record<string, unknown>\n  /** Payable value wei string for first leg only when relevant */\n  valueWei?: bigint\n}\n\nexport interface ChainCategoryBuildInput {\n  keyGen: KeyGenSubset\n  purposeText: string\n  purposeSuffix?: string\n  destinationChainID: string\n  legs: MultisignLeg[]\n  extraJSON?: Record<string, unknown>\n  /** Top-level destination address (first leg destination if omitted) */\n  destinationAddress?: string\n}\n\nexport interface ChainCategoryModule {\n  category: ChainCategory\n  finalizeMultisign(input: ChainCategoryBuildInput): MultisignBuildResult\n}\n\n/**\n * Assemble mpc-auth `bodyForSign` from category-built legs.\n * Supports single-tx and batch (messageHashes / messageRawBatch / proposalTxParams).\n */\nexport function finalizeMultisign(input: ChainCategoryBuildInput): MultisignBuildResult {\n  const { keyGen, destinationChainID, legs } = input\n  if (legs.length === 0) {\n    throw new Error('finalizeMultisign requires at least one leg')\n  }\n\n  const ph = (keyGen.pubkeyhex ?? '').trim()\n  if (!ph) throw new Error('keyGen pubKey (pubkeyhex) is required')\n\n  const keyList = keyGen.keylist ?? []\n  const clientId = firstClientIdFromKeyGen(keyGen)\n  const first = legs[0]!\n\n  const messageHashes = legs.map((l) => l.msgHash)\n  const messageRawBatch = legs.map((l) => l.msgRaw)\n  const batchMeta = legs.map((l) => ({\n    destinationAddress: l.destinationAddress,\n    signatureText: l.signatureText,\n    ...l.audit,\n  }))\n\n  const proposalTxParams = legs\n    .map((l) => l.proposalTxParams)\n    .filter((p): p is Record<string, unknown> => p != null && typeof p === 'object')\n\n  const extraPayload: Record<string, unknown> = {\n    batchMeta,\n    ...(input.extraJSON ?? {}),\n  }\n  const extraJSON = JSON.stringify(extraPayload)\n\n  const bodyForSign: Record<string, unknown> = {\n    keyList,\n    pubKey: ph,\n    msgHash: messageHashes[0],\n    msgRaw: first.msgRaw,\n    destinationChainID,\n    destinationAddress: input.destinationAddress ?? first.destinationAddress,\n    extraJSON,\n    signatureText: first.signatureText,\n    purpose: mergePurposeText(input.purposeText, input.purposeSuffix),\n    ...first.feeSnapshot,\n  }\n\n  if (legs.length > 1) {\n    bodyForSign.messageHashes = messageHashes\n    bodyForSign.messageRawBatch = messageRawBatch\n  }\n\n  if (proposalTxParams.length > 0) {\n    bodyForSign.proposalTxParams = proposalTxParams\n  }\n\n  const valueWei = first.valueWei\n  if (valueWei != null && valueWei > 0n) {\n    bodyForSign.value = valueWei.toString()\n  }\n\n  if (clientId) bodyForSign.clientId = clientId\n\n  return { bodyForSign, messageToSign: JSON.stringify(bodyForSign) }\n}\n\nexport const coreChainCategoryModule: ChainCategoryModule = {\n  category: 'evm',\n  finalizeMultisign,\n}\n","import type { ProtocolModule } from './types.js'\n\nconst modules: ProtocolModule[] = []\n\nexport function registerProtocolModule(mod: ProtocolModule): void {\n  const existing = modules.findIndex((m) => m.id === mod.id)\n  if (existing >= 0) {\n    modules[existing] = mod\n  } else {\n    modules.push(mod)\n  }\n}\n\nexport function getProtocolModules(): readonly ProtocolModule[] {\n  return modules\n}\n\nexport function getProtocolModule(id: string): ProtocolModule | undefined {\n  return modules.find((m) => m.id === id)\n}\n\nexport function getActionsByChainCategory(category: string): ProtocolModule['actions'] {\n  return modules.filter((m) => m.chainCategory === category).flatMap((m) => m.actions)\n}\n","/** GET requests to mpc-auth management node with optional Bearer JWT (Browser HTTPS). */\nexport type NodeReadAuth = {\n  bearerOnGet: boolean\n  jwt: string | null\n}\n\nexport function nodeFetchWithReadAuth(\n  url: string,\n  init: RequestInit | undefined,\n  auth: NodeReadAuth,\n): Promise<Response> {\n  const method = (init?.method ?? 'GET').toUpperCase()\n  const headers = new Headers(init?.headers)\n  if (auth.bearerOnGet && method === 'GET' && auth.jwt && auth.jwt.trim()) {\n    headers.set('Authorization', `Bearer ${auth.jwt.trim()}`)\n  }\n  return fetch(url, { ...init, headers })\n}\n"]}
+{"version":3,"sources":["../../src/core/keygen.ts","../../src/core/purpose.ts","../../src/core/envelope.ts","../../src/core/registry.ts","../../src/core/nodeRead.ts","../../src/core/managementPostSig.ts","../../src/core/managementNonce.ts"],"names":[],"mappings":";AAOO,SAAS,wBAAwB,IAAA,EAAsD;AAC5F,EAAA,MAAM,MAAM,IAAA,EAAM,UAAA;AAClB,EAAA,IAAI,CAAC,GAAA,IAAO,OAAO,GAAA,KAAQ,UAAU,OAAO,IAAA;AAC5C,EAAA,KAAA,MAAW,CAAA,IAAK,MAAA,CAAO,MAAA,CAAO,GAAG,CAAA,EAAG;AAClC,IAAA,IAAI,OAAO,MAAM,QAAA,IAAY,CAAA,CAAE,MAAK,EAAG,OAAO,EAAE,IAAA,EAAK;AAAA,EACvD;AACA,EAAA,OAAO,IAAA;AACT;AAEO,SAAS,iBAAiB,MAAA,EAA8B;AAC7D,EAAA,MAAM,EAAA,GAAA,CAAM,MAAA,CAAO,SAAA,IAAa,EAAA,EAAI,IAAA,EAAK;AACzC,EAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAChE,EAAA,OAAO,EAAA;AACT;AAEO,SAAS,kBAAkB,MAAA,EAAgC;AAChE,EAAA,OAAO,MAAA,CAAO,WAAW,EAAC;AAC5B;;;ACvBO,SAAS,gBAAA,CAAiB,aAAqB,aAAA,EAAgC;AACpF,EAAA,MAAM,CAAA,GAAI,YAAY,IAAA,EAAK;AAC3B,EAAA,MAAM,MAAA,GAAA,CAAU,aAAA,IAAiB,EAAA,EAAI,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,QAAQ,OAAO,CAAA;AACpB,EAAA,OAAO,CAAA,GAAI,GAAG,CAAC;;AAAA,EAAO,MAAM,CAAA,CAAA,GAAK,MAAA;AACnC;;;AC+BO,SAAS,kBAAkB,KAAA,EAAsD;AACtF,EAAA,MAAM,EAAE,MAAA,EAAQ,kBAAA,EAAoB,IAAA,EAAK,GAAI,KAAA;AAC7C,EAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACrB,IAAA,MAAM,IAAI,MAAM,6CAA6C,CAAA;AAAA,EAC/D;AAEA,EAAA,MAAM,EAAA,GAAA,CAAM,MAAA,CAAO,SAAA,IAAa,EAAA,EAAI,IAAA,EAAK;AACzC,EAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAEhE,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,OAAA,IAAW,EAAC;AACnC,EAAA,MAAM,QAAA,GAAW,wBAAwB,MAAM,CAAA;AAC/C,EAAA,MAAM,KAAA,GAAQ,KAAK,CAAC,CAAA;AAEpB,EAAA,MAAM,gBAAgB,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,OAAO,CAAA;AAC/C,EAAA,MAAM,kBAAkB,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,MAAM,CAAA;AAChD,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,IACjC,oBAAoB,CAAA,CAAE,kBAAA;AAAA,IACtB,eAAe,CAAA,CAAE,aAAA;AAAA,IACjB,GAAG,CAAA,CAAE;AAAA,GACP,CAAE,CAAA;AAEF,EAAA,MAAM,gBAAA,GAAmB,IAAA,CACtB,GAAA,CAAI,CAAC,MAAM,CAAA,CAAE,gBAAgB,CAAA,CAC7B,MAAA,CAAO,CAAC,CAAA,KAAoC,CAAA,IAAK,IAAA,IAAQ,OAAO,MAAM,QAAQ,CAAA;AAEjF,EAAA,MAAM,YAAA,GAAwC;AAAA,IAC5C,SAAA;AAAA,IACA,GAAI,KAAA,CAAM,SAAA,IAAa;AAAC,GAC1B;AACA,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,SAAA,CAAU,YAAY,CAAA;AAE7C,EAAA,MAAM,WAAA,GAAuC;AAAA,IAC3C,OAAA;AAAA,IACA,MAAA,EAAQ,EAAA;AAAA,IACR,OAAA,EAAS,cAAc,CAAC,CAAA;AAAA,IACxB,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,kBAAA;AAAA,IACA,kBAAA,EAAoB,KAAA,CAAM,kBAAA,IAAsB,KAAA,CAAM,kBAAA;AAAA,IACtD,SAAA;AAAA,IACA,eAAe,KAAA,CAAM,aAAA;AAAA,IACrB,OAAA,EAAS,gBAAA,CAAiB,KAAA,CAAM,WAAA,EAAa,MAAM,aAAa,CAAA;AAAA,IAChE,GAAG,KAAA,CAAM;AAAA,GACX;AAEA,EAAA,IAAI,IAAA,CAAK,SAAS,CAAA,EAAG;AACnB,IAAA,WAAA,CAAY,aAAA,GAAgB,aAAA;AAC5B,IAAA,WAAA,CAAY,eAAA,GAAkB,eAAA;AAAA,EAChC;AAEA,EAAA,IAAI,gBAAA,CAAiB,SAAS,CAAA,EAAG;AAC/B,IAAA,WAAA,CAAY,gBAAA,GAAmB,gBAAA;AAAA,EACjC;AAEA,EAAA,MAAM,WAAW,KAAA,CAAM,QAAA;AACvB,EAAA,IAAI,QAAA,IAAY,IAAA,IAAQ,QAAA,GAAW,EAAA,EAAI;AACrC,IAAA,WAAA,CAAY,KAAA,GAAQ,SAAS,QAAA,EAAS;AAAA,EACxC;AAEA,EAAA,IAAI,QAAA,cAAsB,QAAA,GAAW,QAAA;AAErC,EAAA,OAAO,EAAE,WAAA,EAAa,aAAA,EAAe,IAAA,CAAK,SAAA,CAAU,WAAW,CAAA,EAAE;AACnE;AAEO,IAAM,uBAAA,GAA+C;AAAA,EAC1D,QAAA,EAAU,KAAA;AAAA,EACV;AACF;;;ACrGA,IAAM,UAA4B,EAAC;AAE5B,SAAS,uBAAuB,GAAA,EAA2B;AAChE,EAAA,MAAM,QAAA,GAAW,QAAQ,SAAA,CAAU,CAAC,MAAM,CAAA,CAAE,EAAA,KAAO,IAAI,EAAE,CAAA;AACzD,EAAA,IAAI,YAAY,CAAA,EAAG;AACjB,IAAA,OAAA,CAAQ,QAAQ,CAAA,GAAI,GAAA;AAAA,EACtB,CAAA,MAAO;AACL,IAAA,OAAA,CAAQ,KAAK,GAAG,CAAA;AAAA,EAClB;AACF;AAEO,SAAS,kBAAA,GAAgD;AAC9D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,kBAAkB,EAAA,EAAwC;AACxE,EAAA,OAAO,QAAQ,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,EAAE,CAAA;AACxC;AAEO,SAAS,0BAA0B,QAAA,EAA6C;AACrF,EAAA,OAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,aAAA,KAAkB,QAAQ,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA;AACrF;;;ACjBO,SAAS,qBAAA,CACd,GAAA,EACA,IAAA,EACA,IAAA,EACmB;AACnB,EAAA,MAAM,MAAA,GAAA,CAAU,IAAA,EAAM,MAAA,IAAU,KAAA,EAAO,WAAA,EAAY;AACnD,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,IAAA,EAAM,OAAO,CAAA;AACzC,EAAA,IAAI,IAAA,CAAK,eAAe,MAAA,KAAW,KAAA,IAAS,KAAK,GAAA,IAAO,IAAA,CAAK,GAAA,CAAI,IAAA,EAAK,EAAG;AACvE,IAAA,OAAA,CAAQ,IAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,GAAA,CAAI,IAAA,EAAM,CAAA,CAAE,CAAA;AAAA,EAC1D;AACA,EAAA,OAAO,MAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,SAAS,CAAA;AACxC;;;ACTO,SAAS,2BAA2B,OAAA,EAA4C;AACrF,EAAA,MAAM,KAAK,OAAA,EAAS,IAAA,EAAK,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,IAAM,CAAC,oBAAA,CAAqB,IAAA,CAAK,EAAE,CAAA,EAAG;AACzC,IAAA,MAAM,IAAI,MAAM,qDAAqD,CAAA;AAAA,EACvE;AACA,EAAA,OAAO,GAAG,WAAA,EAAY;AACxB;AAGO,SAAS,mBAAA,CACd,OACA,OAAA,EACqB;AACrB,EAAA,OAAO,EAAE,KAAA,EAAO,SAAA,EAAW,IAAI,OAAA,EAAS,0BAAA,CAA2B,OAAO,CAAA,EAAE;AAC9E;AAGO,SAAS,uBAAA,CACd,KAAA,EACA,OAAA,EACA,MAAA,GAAkC,EAAC,EACV;AACzB,EAAA,OAAO,EAAE,GAAG,mBAAA,CAAoB,OAAO,OAAO,CAAA,EAAG,GAAG,MAAA,EAAO;AAC7D;AAGO,SAAS,4BAA4B,IAAA,EAAuC;AACjF,EAAA,OAAO,KAAK,SAAA,CAAU,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,IAAI,CAAA;AAClD;AAEO,SAAS,uBAAA,CACd,MACA,SAAA,EACyB;AACzB,EAAA,OAAO,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,SAAA,CAAU,MAAK,CAAE,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA,EAAE;AACpE;;;ACzCA,SAAS,YAAY,GAAA,EAAuC;AAC1D,EAAA,MAAM,IAAA,GAAQ,GAAA,CAAI,IAAA,IAAQ,GAAA,CAAI,IAAA;AAC9B,EAAA,IAAI,IAAA,KAAS,CAAA,IAAK,IAAA,KAAS,MAAA,EAAW,OAAO,MAAA;AAC7C,EAAA,OAAO,GAAA,CAAI,QAAQ,GAAA,CAAI,IAAA;AACzB;AAKA,eAAsB,YAAA,CACpB,SACA,QAAA,GAAyB,EAAE,aAAa,KAAA,EAAO,GAAA,EAAK,MAAK,EACd;AAC3C,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA,EAAK,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC7C,EAAA,MAAM,GAAA,GAAM,MAAM,qBAAA,CAAsB,CAAA,EAAG,IAAI,eAAe,EAAE,KAAA,EAAO,UAAA,EAAW,EAAG,QAAQ,CAAA;AAC7F,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,EACvB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAE,OAAA,EAAS,EAAA,EAAI,EAAA,EAAI,KAAA,EAAM;AAAA,EAClC;AACA,EAAA,MAAM,IAAA,GAAO,YAAY,GAAG,CAAA;AAC5B,EAAA,MAAM,EAAA,GACJ,OAAO,IAAA,KAAS,QAAA,GACZ,IAAA,GACA,IAAA,IAAQ,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,IAAY,CAAC,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,GAC7D,MAAA,CAAQ,IAAA,CAAiC,OAAA,IAAY,IAAA,CAAiC,OAAA,IAAW,EAAE,CAAA,GACnG,IAAA,IAAQ,IAAA,GACN,MAAA,CAAO,IAAI,CAAA,GACX,EAAA;AACV,EAAA,MAAM,UAAU,EAAA,CAAG,IAAA,EAAK,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC5C,EAAA,IAAI,CAAC,oBAAA,CAAqB,IAAA,CAAK,OAAO,CAAA,EAAG;AACvC,IAAA,OAAO,EAAE,OAAA,EAAS,EAAA,EAAI,EAAA,EAAI,KAAA,EAAM;AAAA,EAClC;AACA,EAAA,OAAO,EAAE,OAAA,EAAS,OAAA,CAAQ,aAAY,EAAG,EAAA,EAAI,IAAI,EAAA,EAAG;AACtD;AAMA,eAAsB,oBAAA,CACpB,OAAA,EACA,UAAA,EACA,gBAAA,EACA,QAAA,GAAyB,EAAE,WAAA,EAAa,KAAA,EAAO,GAAA,EAAK,IAAA,EAAK,EACF;AACvD,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA,EAAK,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC7C,EAAA,MAAM,IAAA,GAAO,aAAa,uBAAA,GAA0B,qBAAA;AACpD,EAAA,MAAM,GAAA,GACJ,cAAc,gBAAA,IAAoB,mBAAA,CAAoB,KAAK,gBAAA,CAAiB,IAAA,EAAM,CAAA,GAC9E,CAAA,EAAG,IAAI,GAAG,IAAI,CAAA,WAAA,EAAc,kBAAA,CAAmB,gBAAA,CAAiB,IAAA,EAAM,CAAC,CAAA,CAAA,GACvE,CAAA,EAAG,IAAI,CAAA,EAAG,IAAI,CAAA,CAAA;AACpB,EAAA,MAAM,GAAA,GAAM,MAAM,qBAAA,CAAsB,GAAA,EAAK,EAAE,KAAA,EAAO,UAAA,IAAc,QAAQ,CAAA;AAC5E,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,EACvB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAE,KAAA,EAAO,CAAA,EAAG,EAAA,EAAI,KAAA,EAAO,MAAM,EAAA,EAAG;AAAA,EACzC;AACA,EAAA,MAAM,IAAA,GAAQ,GAAA,CAAI,IAAA,IAAQ,GAAA,CAAI,IAAA;AAC9B,EAAA,MAAM,UAAU,WAAA,CAAY,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,GAAA,CAAI,IAAA;AACpD,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,IAAI,OAAO,OAAA,KAAY,QAAA,IAAY,CAAC,MAAA,CAAO,KAAA,CAAM,OAAO,CAAA,EAAG;AACzD,IAAA,KAAA,GAAQ,OAAA;AAAA,EACV,CAAA,MAAA,IAAW,OAAA,IAAW,OAAO,OAAA,KAAY,QAAA,EAAU;AACjD,IAAA,MAAM,CAAA,GAAK,OAAA,CAAoC,KAAA,IAAU,OAAA,CAAoC,KAAA;AAC7F,IAAA,KAAA,GAAQ,OAAO,CAAA,KAAM,QAAA,IAAY,CAAC,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA,GAAI,CAAA,GAAI,MAAA,CAAO,CAAC,CAAA,IAAK,CAAA;AAAA,EACvE;AACA,EAAA,OAAO,EAAE,KAAA,EAAO,EAAA,EAAI,GAAA,CAAI,EAAA,KAAO,IAAA,KAAS,CAAA,IAAK,IAAA,KAAS,MAAA,CAAA,EAAY,IAAA,EAAM,IAAA,IAAQ,EAAA,EAAG;AACrF","file":"index.js","sourcesContent":["import type { KeyGenSubset } from './types.js'\n\nexport type { KeyGenSubset }\n\n/** App-compatible alias used by existing multisign builders. */\nexport type KeyGenSubsetForPermit = KeyGenSubset\n\nexport function firstClientIdFromKeyGen(data: KeyGenSubset | null | undefined): string | null {\n  const map = data?.ClientKeys\n  if (!map || typeof map !== 'object') return null\n  for (const v of Object.values(map)) {\n    if (typeof v === 'string' && v.trim()) return v.trim()\n  }\n  return null\n}\n\nexport function requirePubKeyHex(keyGen: KeyGenSubset): string {\n  const ph = (keyGen.pubkeyhex ?? '').trim()\n  if (!ph) throw new Error('keyGen pubKey (pubkeyhex) is required')\n  return ph\n}\n\nexport function keyListFromKeyGen(keyGen: KeyGenSubset): string[] {\n  return keyGen.keylist ?? []\n}\n","/** Merge user purpose text with an optional batch / protocol suffix. */\nexport function mergePurposeText(purposeText: string, purposeSuffix?: string): string {\n  const t = purposeText.trim()\n  const suffix = (purposeSuffix ?? '').trim()\n  if (!suffix) return t\n  return t ? `${t}\\n\\n${suffix}` : suffix\n}\n","import type { ChainCategory, MultisignBuildResult } from './types.js'\nimport type { KeyGenSubset } from './keygen.js'\nimport { firstClientIdFromKeyGen } from './keygen.js'\nimport { mergePurposeText } from './purpose.js'\n\nexport interface MultisignLeg {\n  msgHash: string\n  msgRaw: string\n  destinationAddress: string\n  signatureText: string\n  audit: Record<string, unknown>\n  feeSnapshot: Record<string, unknown>\n  proposalTxParams?: Record<string, unknown>\n  /** Payable value wei string for first leg only when relevant */\n  valueWei?: bigint\n}\n\nexport interface ChainCategoryBuildInput {\n  keyGen: KeyGenSubset\n  purposeText: string\n  purposeSuffix?: string\n  destinationChainID: string\n  legs: MultisignLeg[]\n  extraJSON?: Record<string, unknown>\n  /** Top-level destination address (first leg destination if omitted) */\n  destinationAddress?: string\n}\n\nexport interface ChainCategoryModule {\n  category: ChainCategory\n  finalizeMultisign(input: ChainCategoryBuildInput): MultisignBuildResult\n}\n\n/**\n * Assemble mpc-auth `bodyForSign` from category-built legs.\n * Supports single-tx and batch (messageHashes / messageRawBatch / proposalTxParams).\n */\nexport function finalizeMultisign(input: ChainCategoryBuildInput): MultisignBuildResult {\n  const { keyGen, destinationChainID, legs } = input\n  if (legs.length === 0) {\n    throw new Error('finalizeMultisign requires at least one leg')\n  }\n\n  const ph = (keyGen.pubkeyhex ?? '').trim()\n  if (!ph) throw new Error('keyGen pubKey (pubkeyhex) is required')\n\n  const keyList = keyGen.keylist ?? []\n  const clientId = firstClientIdFromKeyGen(keyGen)\n  const first = legs[0]!\n\n  const messageHashes = legs.map((l) => l.msgHash)\n  const messageRawBatch = legs.map((l) => l.msgRaw)\n  const batchMeta = legs.map((l) => ({\n    destinationAddress: l.destinationAddress,\n    signatureText: l.signatureText,\n    ...l.audit,\n  }))\n\n  const proposalTxParams = legs\n    .map((l) => l.proposalTxParams)\n    .filter((p): p is Record<string, unknown> => p != null && typeof p === 'object')\n\n  const extraPayload: Record<string, unknown> = {\n    batchMeta,\n    ...(input.extraJSON ?? {}),\n  }\n  const extraJSON = JSON.stringify(extraPayload)\n\n  const bodyForSign: Record<string, unknown> = {\n    keyList,\n    pubKey: ph,\n    msgHash: messageHashes[0],\n    msgRaw: first.msgRaw,\n    destinationChainID,\n    destinationAddress: input.destinationAddress ?? first.destinationAddress,\n    extraJSON,\n    signatureText: first.signatureText,\n    purpose: mergePurposeText(input.purposeText, input.purposeSuffix),\n    ...first.feeSnapshot,\n  }\n\n  if (legs.length > 1) {\n    bodyForSign.messageHashes = messageHashes\n    bodyForSign.messageRawBatch = messageRawBatch\n  }\n\n  if (proposalTxParams.length > 0) {\n    bodyForSign.proposalTxParams = proposalTxParams\n  }\n\n  const valueWei = first.valueWei\n  if (valueWei != null && valueWei > 0n) {\n    bodyForSign.value = valueWei.toString()\n  }\n\n  if (clientId) bodyForSign.clientId = clientId\n\n  return { bodyForSign, messageToSign: JSON.stringify(bodyForSign) }\n}\n\nexport const coreChainCategoryModule: ChainCategoryModule = {\n  category: 'evm',\n  finalizeMultisign,\n}\n","import type { ProtocolModule } from './types.js'\n\nconst modules: ProtocolModule[] = []\n\nexport function registerProtocolModule(mod: ProtocolModule): void {\n  const existing = modules.findIndex((m) => m.id === mod.id)\n  if (existing >= 0) {\n    modules[existing] = mod\n  } else {\n    modules.push(mod)\n  }\n}\n\nexport function getProtocolModules(): readonly ProtocolModule[] {\n  return modules\n}\n\nexport function getProtocolModule(id: string): ProtocolModule | undefined {\n  return modules.find((m) => m.id === id)\n}\n\nexport function getActionsByChainCategory(category: string): ProtocolModule['actions'] {\n  return modules.filter((m) => m.chainCategory === category).flatMap((m) => m.actions)\n}\n","/** GET requests to mpc-auth management node with optional Bearer JWT (Browser HTTPS). */\nexport type NodeReadAuth = {\n  bearerOnGet: boolean\n  jwt: string | null\n}\n\nexport function nodeFetchWithReadAuth(\n  url: string,\n  init: RequestInit | undefined,\n  auth: NodeReadAuth,\n): Promise<Response> {\n  const method = (init?.method ?? 'GET').toUpperCase()\n  const headers = new Headers(init?.headers)\n  if (auth.bearerOnGet && method === 'GET' && auth.jwt && auth.jwt.trim()) {\n    headers.set('Authorization', `Bearer ${auth.jwt.trim()}`)\n  }\n  return fetch(url, { ...init, headers })\n}\n","/** mpc-auth NodeMgtKeySig envelope: `{ nonce, clientSig, nodeKey }` (all lowercase). */\n\nexport type ManagementSigFields = {\n  nonce: number\n  clientSig: string\n  nodeKey: string\n}\n\nexport function normalizeManagementNodeKey(nodeKey: string | null | undefined): string {\n  const nk = nodeKey?.trim().replace(/^0x/i, '')\n  if (!nk || !/^[0-9a-fA-F]{128}$/.test(nk)) {\n    throw new Error('nodeKey is required (128 hex from GET /getNodeKey).')\n  }\n  return nk.toLowerCase()\n}\n\n/** Base fields for NodeMgtKeySig-style POST bodies (`clientSig` cleared for signing). */\nexport function managementSigFields(\n  nonce: number,\n  nodeKey: string | null | undefined,\n): ManagementSigFields {\n  return { nonce, clientSig: '', nodeKey: normalizeManagementNodeKey(nodeKey) }\n}\n\n/** Spread management fields first, then endpoint-specific fields (preserves key order when spreading). */\nexport function buildManagementPostBody(\n  nonce: number,\n  nodeKey: string | null | undefined,\n  fields: Record<string, unknown> = {},\n): Record<string, unknown> {\n  return { ...managementSigFields(nonce, nodeKey), ...fields }\n}\n\n/** Exact UTF-8 string to sign: same JSON with `clientSig` cleared. */\nexport function messageToSignManagementBody(body: Record<string, unknown>): string {\n  return JSON.stringify({ ...body, clientSig: '' })\n}\n\nexport function withManagementClientSig(\n  body: Record<string, unknown>,\n  clientSig: string,\n): Record<string, unknown> {\n  return { ...body, clientSig: clientSig.trim().replace(/^0x/i, '') }\n}\n","import { nodeFetchWithReadAuth, type NodeReadAuth } from './nodeRead.js'\n\nfunction mpcAuthData(raw: Record<string, unknown>): unknown {\n  const code = (raw.Code ?? raw.code) as number | undefined\n  if (code !== 0 && code !== undefined) return undefined\n  return raw.Data ?? raw.data\n}\n\n/**\n * GET /getNodeKey — 128-hex MPC node id required on all NodeMgtKeySig POST bodies.\n */\nexport async function fetchNodeKey(\n  nodeUrl: string,\n  readAuth: NodeReadAuth = { bearerOnGet: false, jwt: null },\n): Promise<{ nodeKey: string; ok: boolean }> {\n  const base = nodeUrl.trim().replace(/\\/$/, '')\n  const res = await nodeFetchWithReadAuth(`${base}/getNodeKey`, { cache: 'no-store' }, readAuth)\n  const text = await res.text()\n  let raw: Record<string, unknown>\n  try {\n    raw = JSON.parse(text) as Record<string, unknown>\n  } catch {\n    return { nodeKey: '', ok: false }\n  }\n  const data = mpcAuthData(raw)\n  const nk =\n    typeof data === 'string'\n      ? data\n      : data != null && typeof data === 'object' && !Array.isArray(data)\n        ? String((data as Record<string, unknown>).nodeKey ?? (data as Record<string, unknown>).NodeKey ?? '')\n        : data != null\n          ? String(data)\n          : ''\n  const trimmed = nk.trim().replace(/^0x/i, '')\n  if (!/^[0-9a-fA-F]{128}$/.test(trimmed)) {\n    return { nodeKey: '', ok: false }\n  }\n  return { nodeKey: trimmed.toLowerCase(), ok: res.ok }\n}\n\n/**\n * Fetch management nonce: GET /getPublicMgtKeyNonce (Ed25519) or GET /getNodeMgtKeyNonce (Ethereum NodeMgtKey).\n * For Ed25519 added keys, pass `?publicKey=<64-hex>`.\n */\nexport async function fetchManagementNonce(\n  nodeUrl: string,\n  useEd25519: boolean,\n  ed25519PublicKey?: string,\n  readAuth: NodeReadAuth = { bearerOnGet: false, jwt: null },\n): Promise<{ nonce: number; ok: boolean; code: number }> {\n  const base = nodeUrl.trim().replace(/\\/$/, '')\n  const path = useEd25519 ? '/getPublicMgtKeyNonce' : '/getNodeMgtKeyNonce'\n  const url =\n    useEd25519 && ed25519PublicKey && /^[0-9a-fA-F]{64}$/.test(ed25519PublicKey.trim())\n      ? `${base}${path}?publicKey=${encodeURIComponent(ed25519PublicKey.trim())}`\n      : `${base}${path}`\n  const res = await nodeFetchWithReadAuth(url, { cache: 'no-store' }, readAuth)\n  const text = await res.text()\n  let raw: Record<string, unknown>\n  try {\n    raw = JSON.parse(text) as Record<string, unknown>\n  } catch {\n    return { nonce: 0, ok: false, code: -1 }\n  }\n  const code = (raw.Code ?? raw.code) as number | undefined\n  const payload = mpcAuthData(raw) ?? raw.Data ?? raw.data\n  let nonce = 0\n  if (typeof payload === 'number' && !Number.isNaN(payload)) {\n    nonce = payload\n  } else if (payload && typeof payload === 'object') {\n    const n = (payload as Record<string, unknown>).nonce ?? (payload as Record<string, unknown>).Nonce\n    nonce = typeof n === 'number' && !Number.isNaN(n) ? n : Number(n) || 0\n  }\n  return { nonce, ok: res.ok && (code === 0 || code === undefined), code: code ?? -1 }\n}\n"]}