@dexterai/vault 0.1.0

package/dist/instructions/index.d.cts

@@ -0,0 +1,290 @@
+import { PublicKey, TransactionInstruction } from '@solana/web3.js';
+
+/**
+ * initialize_vault — bootstrap a fresh vault PDA bound to a passkey.
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:142-160.
+ */
+
+interface InitializeVaultParams {
+    vaultPda: PublicKey;
+    payer: PublicKey;
+    dexterAuthority: PublicKey;
+    passkeyPubkey: Uint8Array;
+    /** v2: cooling-off is u32 seconds (negative was meaningless; u32 caps at ~136y). */
+    coolingOffSeconds: number;
+    /**
+     * v2: opaque 32-byte identity claim, operator-defined. Renamed from
+     * supabaseUserId. dexter-api writes the 16-byte Supabase UUID into the
+     * first 16 bytes and zero-pads the rest. The PDA seed uses only the
+     * leading 16 bytes (`identity_claim[..16]`) which preserves the
+     * derivation across the rename.
+     */
+    identityClaim: Uint8Array;
+}
+declare function buildInitializeVaultInstruction(p: InitializeVaultParams): TransactionInstruction;
+
+/**
+ * set_swig — bind a Swig state PDA into the vault (passkey-signed).
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:173-189.
+ */
+
+interface SetSwigParams {
+    vaultPda: PublicKey;
+    swigAddress: PublicKey;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+declare function buildSetSwigInstruction(p: SetSwigParams): TransactionInstruction;
+
+/**
+ * register_session_key — authorize a session ed25519 key under a vault.
+ *
+ * Verbatim port of dexter-x402-sdk/src/tab/instructions.ts:168-194.
+ *
+ * Accounts (in declaration order — Anchor is strict):
+ *   0. [writable]            vault                — the Vault PDA being mutated
+ *   1. [readonly]            instructions_sysvar  — address-constrained
+ *
+ * Args (Borsh-serialized after the 8-byte discriminator):
+ *   session_pubkey: [u8; 32]
+ *   max_amount: u64
+ *   expires_at: i64
+ *   allowed_counterparty: Pubkey (32 bytes)
+ *   nonce: u32
+ *   client_data_json: Vec<u8>
+ *   authenticator_data: Vec<u8>
+ */
+
+interface BuildRegisterSessionKeyArgs {
+    vaultPda: PublicKey;
+    sessionPubkey: Uint8Array;
+    maxAmount: bigint;
+    expiresAt: bigint;
+    allowedCounterparty: PublicKey;
+    nonce: number;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+declare function buildRegisterSessionKeyInstruction(args: BuildRegisterSessionKeyArgs): TransactionInstruction;
+
+/**
+ * revoke_session_key — invalidate the vault's current active session.
+ *
+ * Verbatim port of dexter-x402-sdk/src/tab/instructions.ts:215-232.
+ *
+ * Accounts: same as register (vault, instructions_sysvar).
+ *
+ * Args (Borsh after the 8-byte discriminator):
+ *   client_data_json: Vec<u8>
+ *   authenticator_data: Vec<u8>
+ *
+ * IMPORTANT: there is NO session_pubkey arg. The on-chain handler reads
+ * the session pubkey from vault.active_session directly. The session
+ * pubkey IS part of the 128-byte signed message (the program rebuilds it
+ * from on-chain state), but it is NOT a tx arg.
+ */
+
+interface BuildRevokeSessionKeyArgs {
+    vaultPda: PublicKey;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+declare function buildRevokeSessionKeyInstruction(args: BuildRevokeSessionKeyArgs): TransactionInstruction;
+
+/**
+ * settle_voucher — legacy counter-only ix; dexter_authority increments or
+ * decrements the vault's pending_voucher_count.
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:202-214.
+ */
+
+interface SettleVoucherParams {
+    vaultPda: PublicKey;
+    dexterAuthority: PublicKey;
+    amount: bigint;
+    increment: boolean;
+}
+declare function buildSettleVoucherInstruction(p: SettleVoucherParams): TransactionInstruction;
+
+/**
+ * settle_tab_voucher — Tab streaming settlement; the vault verifies the
+ * session-key signature (via an Ed25519 precompile sibling) and then drives
+ * the Swig transfer via its role-3 ProgramExec authority.
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:458-481.
+ *
+ * Account ordering MUST match the on-chain Anchor struct:
+ *   [0] swig                  — required by Swig's ProgramExec validator
+ *   [1] swig_wallet_address   — canonical PDA under the Swig program
+ *   [2] vault                 — the vault PDA being mutated
+ *   [3] dexter_authority      — signer; must equal vault.dexter_authority
+ *   [4] instructions_sysvar   — for the Ed25519 precompile sibling lookup
+ */
+
+interface SettleTabVoucherParams {
+    vaultPda: PublicKey;
+    swigAddress: PublicKey;
+    dexterAuthority: PublicKey;
+    channelId: Uint8Array;
+    cumulativeAmount: bigint;
+    sequenceNumber: number;
+}
+declare function buildSettleTabVoucherInstruction(p: SettleTabVoucherParams): TransactionInstruction;
+
+/**
+ * Withdrawal-path vault instructions.
+ *   - request_withdrawal — passkey signs; mutates pending_withdrawal
+ *   - finalize_withdrawal — passkey signs; Swig role 1 drives the SPL transfer
+ *   - force_release — buyer's passkey clears a stuck count after the grace window
+ *
+ * All three are passkey-signed and require a secp256r1 precompile sibling.
+ * finalize_withdrawal and force_release additionally interact with Swig's
+ * ProgramExec validator (role 1 marker = finalize_withdrawal discriminator).
+ */
+
+/**
+ * Derive the canonical Swig wallet-address PDA: seeds = ["swig-wallet-address", swig_state].
+ * The vault program enforces this derivation; we recompute client-side
+ * so we can pass it as account[1] of finalize_withdrawal / settle_tab_voucher.
+ */
+declare function deriveSwigWalletAddress(swigAddress: PublicKey): PublicKey;
+interface RequestWithdrawalParams {
+    vaultPda: PublicKey;
+    amount: bigint;
+    destination: PublicKey;
+    signedAt: bigint;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+declare function buildRequestWithdrawalInstruction(p: RequestWithdrawalParams): TransactionInstruction;
+interface FinalizeWithdrawalParams {
+    vaultPda: PublicKey;
+    swigAddress: PublicKey;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+/**
+ * Account ordering MUST match the on-chain Anchor struct:
+ *   [0] swig                — required by Swig's ProgramExec validator + bound via Anchor `address`
+ *   [1] swig_wallet_address — canonical PDA under the Swig program
+ *   [2] vault               — the vault PDA being mutated
+ *   [3] instructions_sysvar — for the secp256r1 precompile sibling lookup
+ */
+declare function buildFinalizeWithdrawalInstruction(p: FinalizeWithdrawalParams): TransactionInstruction;
+interface ForceReleaseParams {
+    vaultPda: PublicKey;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+/**
+ * BUYER-controlled: the buyer's passkey clears a stuck count after the grace
+ * period. Op message is "force_release" || swig_address.
+ */
+declare function buildForceReleaseInstruction(p: ForceReleaseParams): TransactionInstruction;
+
+/**
+ * rotate_passkey + rotate_dexter_authority — rotate the two long-lived
+ * authorities bound to the vault.
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:340-383.
+ */
+
+interface RotatePasskeyParams {
+    vaultPda: PublicKey;
+    newPasskeyPubkey: Uint8Array;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+/** Op message the current passkey must sign: "rotate_passkey" || new_pubkey. */
+declare function buildRotatePasskeyInstruction(p: RotatePasskeyParams): TransactionInstruction;
+interface RotateDexterAuthorityParams {
+    vaultPda: PublicKey;
+    currentDexterAuthority: PublicKey;
+    newDexterAuthority: PublicKey;
+}
+declare function buildRotateDexterAuthorityInstruction(p: RotateDexterAuthorityParams): TransactionInstruction;
+
+/**
+ * prove_passkey — read-only proof-of-control; the Solana analogue of EIP-1271.
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:406-422.
+ *
+ * Proves the passkey controlling `vaultPda` authorized `challenge`, mutating
+ * NOTHING. The on-chain handler reconstructs the op message as
+ * "siwx_login" || challenge and verifies it via the SIMD-0075 secp256r1
+ * precompile sibling (which MUST precede this instruction). A verifier treats a
+ * passing `simulateTransaction([secp256r1_verify, prove_passkey], {sigVerify:false})`
+ * (err === null) as proof of control. The `vault` account is read-only and
+ * non-signer — no Dexter key, no fee, no state change.
+ */
+
+interface ProvePasskeyParams {
+    vaultPda: PublicKey;
+    challenge: Uint8Array;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+declare function buildProvePasskeyInstruction(p: ProvePasskeyParams): TransactionInstruction;
+
+/**
+ * Canonical 4-role Swig provisioning bundle.
+ *
+ * THE ONLY place in the codebase that knows about Swig roles 0/1/2/3. Every
+ * enrollment path — dexter-api production, dexter-vault tests, future
+ * consumers — calls this. The drift bug that ate 4 hours on 2026-06-02 is
+ * structurally impossible because the role list lives in exactly one file.
+ *
+ * Role assignment (locked):
+ *   role 0 — Ed25519(fee-payer), manageAuthority only (bootstrap; can't spend)
+ *   role 1 — ProgramExec(vault, marker=finalize_withdrawal), all (withdraw path)
+ *   role 2 — Ed25519Session(master, TTL'd + token-limited), all (streaming spend)
+ *   role 3 — ProgramExec(vault, marker=settle_tab_voucher), all (Tab settle path)
+ *
+ * The HMAC key the Swig-id derivation needs is a CALLER-PROVIDED 32-byte
+ * seed. Production passes its session-master secret; tests pass a stable
+ * random seed they generated themselves. The package never touches process.env.
+ */
+
+declare const SWIG_PROGRAM_EXEC_PREFIX: Uint8Array<ArrayBuffer>;
+declare const SWIG_PROGRAM_EXEC_PREFIX_SETTLE_TAB: Uint8Array<ArrayBuffer>;
+declare const SWIG_PROGRAM_EXEC_MARKERS: readonly Uint8Array[];
+interface BuildSwigCreationBundleParams {
+    feePayer: string;
+    dexterMasterPubkey: string;
+    identitySeed: Uint8Array;
+    /** 32-byte HMAC key for Swig-id derivation. Caller-provided (no env access). */
+    hmacKey: Uint8Array;
+    sessionTtlSeconds?: bigint;
+    spendLimitAtomic?: bigint;
+}
+interface SwigCreationBundleOutput {
+    swigAddress: string;
+    swigIdBase58: string;
+    instructions: any[];
+}
+declare function buildSwigCreationBundle(params: BuildSwigCreationBundleParams): Promise<SwigCreationBundleOutput>;
+declare function expectedSwigAddressFor(identitySeed: Uint8Array, hmacKey: Uint8Array): Promise<string>;
+interface SwigOwnershipCheck {
+    ok: boolean;
+    reason?: string;
+}
+declare function verifySwigIsOurs(params: {
+    swigAddress: string;
+    identitySeed: Uint8Array;
+    hmacKey: Uint8Array;
+    dexterMasterPubkey: string;
+    rpcEndpoint: string;
+}): Promise<SwigOwnershipCheck>;
+/**
+ * deriveVaultPda — supabaseUserId is the 16-byte UUID; the vault PDA seeds are
+ * ["vault", supabaseUserId]. Kept here because it's the canonical Swig-pair PDA
+ * derivation. Mirror of dexter-api/src/vault/instructions.ts.
+ */
+declare function deriveVaultPda(supabaseUserId: Uint8Array): {
+    pda: PublicKey;
+    bump: number;
+};
+
+export { type BuildRegisterSessionKeyArgs, type BuildRevokeSessionKeyArgs, type BuildSwigCreationBundleParams, type FinalizeWithdrawalParams, type ForceReleaseParams, type InitializeVaultParams, type ProvePasskeyParams, type RequestWithdrawalParams, type RotateDexterAuthorityParams, type RotatePasskeyParams, SWIG_PROGRAM_EXEC_MARKERS, SWIG_PROGRAM_EXEC_PREFIX, SWIG_PROGRAM_EXEC_PREFIX_SETTLE_TAB, type SetSwigParams, type SettleTabVoucherParams, type SettleVoucherParams, type SwigCreationBundleOutput, type SwigOwnershipCheck, buildFinalizeWithdrawalInstruction, buildForceReleaseInstruction, buildInitializeVaultInstruction, buildProvePasskeyInstruction, buildRegisterSessionKeyInstruction, buildRequestWithdrawalInstruction, buildRevokeSessionKeyInstruction, buildRotateDexterAuthorityInstruction, buildRotatePasskeyInstruction, buildSetSwigInstruction, buildSettleTabVoucherInstruction, buildSettleVoucherInstruction, buildSwigCreationBundle, deriveSwigWalletAddress, deriveVaultPda, expectedSwigAddressFor, verifySwigIsOurs };

package/dist/instructions/index.d.ts

@@ -0,0 +1,290 @@
+import { PublicKey, TransactionInstruction } from '@solana/web3.js';
+
+/**
+ * initialize_vault — bootstrap a fresh vault PDA bound to a passkey.
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:142-160.
+ */
+
+interface InitializeVaultParams {
+    vaultPda: PublicKey;
+    payer: PublicKey;
+    dexterAuthority: PublicKey;
+    passkeyPubkey: Uint8Array;
+    /** v2: cooling-off is u32 seconds (negative was meaningless; u32 caps at ~136y). */
+    coolingOffSeconds: number;
+    /**
+     * v2: opaque 32-byte identity claim, operator-defined. Renamed from
+     * supabaseUserId. dexter-api writes the 16-byte Supabase UUID into the
+     * first 16 bytes and zero-pads the rest. The PDA seed uses only the
+     * leading 16 bytes (`identity_claim[..16]`) which preserves the
+     * derivation across the rename.
+     */
+    identityClaim: Uint8Array;
+}
+declare function buildInitializeVaultInstruction(p: InitializeVaultParams): TransactionInstruction;
+
+/**
+ * set_swig — bind a Swig state PDA into the vault (passkey-signed).
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:173-189.
+ */
+
+interface SetSwigParams {
+    vaultPda: PublicKey;
+    swigAddress: PublicKey;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+declare function buildSetSwigInstruction(p: SetSwigParams): TransactionInstruction;
+
+/**
+ * register_session_key — authorize a session ed25519 key under a vault.
+ *
+ * Verbatim port of dexter-x402-sdk/src/tab/instructions.ts:168-194.
+ *
+ * Accounts (in declaration order — Anchor is strict):
+ *   0. [writable]            vault                — the Vault PDA being mutated
+ *   1. [readonly]            instructions_sysvar  — address-constrained
+ *
+ * Args (Borsh-serialized after the 8-byte discriminator):
+ *   session_pubkey: [u8; 32]
+ *   max_amount: u64
+ *   expires_at: i64
+ *   allowed_counterparty: Pubkey (32 bytes)
+ *   nonce: u32
+ *   client_data_json: Vec<u8>
+ *   authenticator_data: Vec<u8>
+ */
+
+interface BuildRegisterSessionKeyArgs {
+    vaultPda: PublicKey;
+    sessionPubkey: Uint8Array;
+    maxAmount: bigint;
+    expiresAt: bigint;
+    allowedCounterparty: PublicKey;
+    nonce: number;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+declare function buildRegisterSessionKeyInstruction(args: BuildRegisterSessionKeyArgs): TransactionInstruction;
+
+/**
+ * revoke_session_key — invalidate the vault's current active session.
+ *
+ * Verbatim port of dexter-x402-sdk/src/tab/instructions.ts:215-232.
+ *
+ * Accounts: same as register (vault, instructions_sysvar).
+ *
+ * Args (Borsh after the 8-byte discriminator):
+ *   client_data_json: Vec<u8>
+ *   authenticator_data: Vec<u8>
+ *
+ * IMPORTANT: there is NO session_pubkey arg. The on-chain handler reads
+ * the session pubkey from vault.active_session directly. The session
+ * pubkey IS part of the 128-byte signed message (the program rebuilds it
+ * from on-chain state), but it is NOT a tx arg.
+ */
+
+interface BuildRevokeSessionKeyArgs {
+    vaultPda: PublicKey;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+declare function buildRevokeSessionKeyInstruction(args: BuildRevokeSessionKeyArgs): TransactionInstruction;
+
+/**
+ * settle_voucher — legacy counter-only ix; dexter_authority increments or
+ * decrements the vault's pending_voucher_count.
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:202-214.
+ */
+
+interface SettleVoucherParams {
+    vaultPda: PublicKey;
+    dexterAuthority: PublicKey;
+    amount: bigint;
+    increment: boolean;
+}
+declare function buildSettleVoucherInstruction(p: SettleVoucherParams): TransactionInstruction;
+
+/**
+ * settle_tab_voucher — Tab streaming settlement; the vault verifies the
+ * session-key signature (via an Ed25519 precompile sibling) and then drives
+ * the Swig transfer via its role-3 ProgramExec authority.
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:458-481.
+ *
+ * Account ordering MUST match the on-chain Anchor struct:
+ *   [0] swig                  — required by Swig's ProgramExec validator
+ *   [1] swig_wallet_address   — canonical PDA under the Swig program
+ *   [2] vault                 — the vault PDA being mutated
+ *   [3] dexter_authority      — signer; must equal vault.dexter_authority
+ *   [4] instructions_sysvar   — for the Ed25519 precompile sibling lookup
+ */
+
+interface SettleTabVoucherParams {
+    vaultPda: PublicKey;
+    swigAddress: PublicKey;
+    dexterAuthority: PublicKey;
+    channelId: Uint8Array;
+    cumulativeAmount: bigint;
+    sequenceNumber: number;
+}
+declare function buildSettleTabVoucherInstruction(p: SettleTabVoucherParams): TransactionInstruction;
+
+/**
+ * Withdrawal-path vault instructions.
+ *   - request_withdrawal — passkey signs; mutates pending_withdrawal
+ *   - finalize_withdrawal — passkey signs; Swig role 1 drives the SPL transfer
+ *   - force_release — buyer's passkey clears a stuck count after the grace window
+ *
+ * All three are passkey-signed and require a secp256r1 precompile sibling.
+ * finalize_withdrawal and force_release additionally interact with Swig's
+ * ProgramExec validator (role 1 marker = finalize_withdrawal discriminator).
+ */
+
+/**
+ * Derive the canonical Swig wallet-address PDA: seeds = ["swig-wallet-address", swig_state].
+ * The vault program enforces this derivation; we recompute client-side
+ * so we can pass it as account[1] of finalize_withdrawal / settle_tab_voucher.
+ */
+declare function deriveSwigWalletAddress(swigAddress: PublicKey): PublicKey;
+interface RequestWithdrawalParams {
+    vaultPda: PublicKey;
+    amount: bigint;
+    destination: PublicKey;
+    signedAt: bigint;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+declare function buildRequestWithdrawalInstruction(p: RequestWithdrawalParams): TransactionInstruction;
+interface FinalizeWithdrawalParams {
+    vaultPda: PublicKey;
+    swigAddress: PublicKey;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+/**
+ * Account ordering MUST match the on-chain Anchor struct:
+ *   [0] swig                — required by Swig's ProgramExec validator + bound via Anchor `address`
+ *   [1] swig_wallet_address — canonical PDA under the Swig program
+ *   [2] vault               — the vault PDA being mutated
+ *   [3] instructions_sysvar — for the secp256r1 precompile sibling lookup
+ */
+declare function buildFinalizeWithdrawalInstruction(p: FinalizeWithdrawalParams): TransactionInstruction;
+interface ForceReleaseParams {
+    vaultPda: PublicKey;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+/**
+ * BUYER-controlled: the buyer's passkey clears a stuck count after the grace
+ * period. Op message is "force_release" || swig_address.
+ */
+declare function buildForceReleaseInstruction(p: ForceReleaseParams): TransactionInstruction;
+
+/**
+ * rotate_passkey + rotate_dexter_authority — rotate the two long-lived
+ * authorities bound to the vault.
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:340-383.
+ */
+
+interface RotatePasskeyParams {
+    vaultPda: PublicKey;
+    newPasskeyPubkey: Uint8Array;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+/** Op message the current passkey must sign: "rotate_passkey" || new_pubkey. */
+declare function buildRotatePasskeyInstruction(p: RotatePasskeyParams): TransactionInstruction;
+interface RotateDexterAuthorityParams {
+    vaultPda: PublicKey;
+    currentDexterAuthority: PublicKey;
+    newDexterAuthority: PublicKey;
+}
+declare function buildRotateDexterAuthorityInstruction(p: RotateDexterAuthorityParams): TransactionInstruction;
+
+/**
+ * prove_passkey — read-only proof-of-control; the Solana analogue of EIP-1271.
+ *
+ * Verbatim port of dexter-api/src/vault/instructions.ts:406-422.
+ *
+ * Proves the passkey controlling `vaultPda` authorized `challenge`, mutating
+ * NOTHING. The on-chain handler reconstructs the op message as
+ * "siwx_login" || challenge and verifies it via the SIMD-0075 secp256r1
+ * precompile sibling (which MUST precede this instruction). A verifier treats a
+ * passing `simulateTransaction([secp256r1_verify, prove_passkey], {sigVerify:false})`
+ * (err === null) as proof of control. The `vault` account is read-only and
+ * non-signer — no Dexter key, no fee, no state change.
+ */
+
+interface ProvePasskeyParams {
+    vaultPda: PublicKey;
+    challenge: Uint8Array;
+    clientDataJSON: Uint8Array;
+    authenticatorData: Uint8Array;
+}
+declare function buildProvePasskeyInstruction(p: ProvePasskeyParams): TransactionInstruction;
+
+/**
+ * Canonical 4-role Swig provisioning bundle.
+ *
+ * THE ONLY place in the codebase that knows about Swig roles 0/1/2/3. Every
+ * enrollment path — dexter-api production, dexter-vault tests, future
+ * consumers — calls this. The drift bug that ate 4 hours on 2026-06-02 is
+ * structurally impossible because the role list lives in exactly one file.
+ *
+ * Role assignment (locked):
+ *   role 0 — Ed25519(fee-payer), manageAuthority only (bootstrap; can't spend)
+ *   role 1 — ProgramExec(vault, marker=finalize_withdrawal), all (withdraw path)
+ *   role 2 — Ed25519Session(master, TTL'd + token-limited), all (streaming spend)
+ *   role 3 — ProgramExec(vault, marker=settle_tab_voucher), all (Tab settle path)
+ *
+ * The HMAC key the Swig-id derivation needs is a CALLER-PROVIDED 32-byte
+ * seed. Production passes its session-master secret; tests pass a stable
+ * random seed they generated themselves. The package never touches process.env.
+ */
+
+declare const SWIG_PROGRAM_EXEC_PREFIX: Uint8Array<ArrayBuffer>;
+declare const SWIG_PROGRAM_EXEC_PREFIX_SETTLE_TAB: Uint8Array<ArrayBuffer>;
+declare const SWIG_PROGRAM_EXEC_MARKERS: readonly Uint8Array[];
+interface BuildSwigCreationBundleParams {
+    feePayer: string;
+    dexterMasterPubkey: string;
+    identitySeed: Uint8Array;
+    /** 32-byte HMAC key for Swig-id derivation. Caller-provided (no env access). */
+    hmacKey: Uint8Array;
+    sessionTtlSeconds?: bigint;
+    spendLimitAtomic?: bigint;
+}
+interface SwigCreationBundleOutput {
+    swigAddress: string;
+    swigIdBase58: string;
+    instructions: any[];
+}
+declare function buildSwigCreationBundle(params: BuildSwigCreationBundleParams): Promise<SwigCreationBundleOutput>;
+declare function expectedSwigAddressFor(identitySeed: Uint8Array, hmacKey: Uint8Array): Promise<string>;
+interface SwigOwnershipCheck {
+    ok: boolean;
+    reason?: string;
+}
+declare function verifySwigIsOurs(params: {
+    swigAddress: string;
+    identitySeed: Uint8Array;
+    hmacKey: Uint8Array;
+    dexterMasterPubkey: string;
+    rpcEndpoint: string;
+}): Promise<SwigOwnershipCheck>;
+/**
+ * deriveVaultPda — supabaseUserId is the 16-byte UUID; the vault PDA seeds are
+ * ["vault", supabaseUserId]. Kept here because it's the canonical Swig-pair PDA
+ * derivation. Mirror of dexter-api/src/vault/instructions.ts.
+ */
+declare function deriveVaultPda(supabaseUserId: Uint8Array): {
+    pda: PublicKey;
+    bump: number;
+};
+
+export { type BuildRegisterSessionKeyArgs, type BuildRevokeSessionKeyArgs, type BuildSwigCreationBundleParams, type FinalizeWithdrawalParams, type ForceReleaseParams, type InitializeVaultParams, type ProvePasskeyParams, type RequestWithdrawalParams, type RotateDexterAuthorityParams, type RotatePasskeyParams, SWIG_PROGRAM_EXEC_MARKERS, SWIG_PROGRAM_EXEC_PREFIX, SWIG_PROGRAM_EXEC_PREFIX_SETTLE_TAB, type SetSwigParams, type SettleTabVoucherParams, type SettleVoucherParams, type SwigCreationBundleOutput, type SwigOwnershipCheck, buildFinalizeWithdrawalInstruction, buildForceReleaseInstruction, buildInitializeVaultInstruction, buildProvePasskeyInstruction, buildRegisterSessionKeyInstruction, buildRequestWithdrawalInstruction, buildRevokeSessionKeyInstruction, buildRotateDexterAuthorityInstruction, buildRotatePasskeyInstruction, buildSetSwigInstruction, buildSettleTabVoucherInstruction, buildSettleVoucherInstruction, buildSwigCreationBundle, deriveSwigWalletAddress, deriveVaultPda, expectedSwigAddressFor, verifySwigIsOurs };